last executing test programs: 2m29.86320709s ago: executing program 0 (id=139): ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, 0x0, 0x4040800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) read$auto_tap_fops_tap(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r2, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) r3 = memfd_secret$auto(0x0) fcntl$auto_F_UNLCK(r3, 0x8, 0x2) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000280), 0xffffffffffffffff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x0, 0x0) execveat$auto(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=&(0x7f0000000140)='(,)):{\x00', 0x0, 0xd) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) process_madvise$auto_MADV_WIPEONFORK(r1, &(0x7f0000000040)={&(0x7f00000002c0)="d23d5d37551853fe845d4bd93646bca40256631d6579618112a37b8a67d764ba2fbdd4682cc1cd4e1ced826b3e2d2fec9b30eaa95171aad09d161f7a4a95023d40107e62b0fe8035101eacb7e6a7fef4a8875f5e1775d37e10fa284196444bf0e501dd6b91a99302ff77ba739a6e2c5098560c6f5013cbf757f8b7ec4a89ccfab07bf06face8db84695688cbde1ff8ed82909627daa0b69847b1883e27a68c78f04e94f010227a51eafa42395c2803821f18413d9b5d3d48a485fee266b19fbdfd7fe639", 0x905}, 0x401, 0x12, 0x80000000) getpgrp(0xffffffffffffffff) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r3, 0x0, 0x20000000) fcntl$auto_F_SETLK(r2, 0x6, 0x0) 2m28.955514323s ago: executing program 0 (id=143): mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) ioctl$auto(r0, 0x2271, 0x38) mmap$auto(0x0, 0x2020009, 0x80000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r1, 0x0, 0x3, 0x20000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) rseq$auto(&(0x7f0000000000)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x7ffe, 0x0, 0x6) mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000) nanosleep$auto(0x0, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x40, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) preadv$auto(0x3, 0x0, 0x3, 0x10000000000006, 0x800000000000010) close_range$auto(0x2, 0xa, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x20, r3, 0xb3eaee9e9ed11725, 0x70bd29, 0x25c7dbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x1000}, 0x64810) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x1f40) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000040)={0x0, 0x7}, 0x9) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x9, 0x5, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x8, 0x0, 0x4, @inferred, @integer64={0x8f1, 0x3, 0x5}, "a4699d30a05edbe0d28473c399a7dc1d7de94b4123f970bedd3460c667373fcc66b584d81592f6ab606c276807000000000000006e76803400"}) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x582, 0x0) 2m24.939508679s ago: executing program 0 (id=154): rt_sigqueueinfo$auto(0x0, 0x4, &(0x7f0000000200)={@siginfo_0_0={0x3, 0x1, 0x5}}) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/v4l-subdev2\x00', 0x2000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x84) fanotify_mark$auto(0x0, 0x31, 0x9, r1, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) setfsgid$auto(0xee01) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/uevent\x00', 0x581b82, 0x0) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000001980)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b67, 0x1) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) read$auto(r3, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 2m23.790963073s ago: executing program 0 (id=159): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) readv$auto(0xffffffffffffffff, 0x0, 0x6) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c00, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xc18, 0x8000) r2 = socket(0x1e, 0x800, 0x9) getsockopt$auto(r2, 0x0, 0x43, 0x0, &(0x7f00000000c0)=0x1e) execveat$auto(r0, 0x0, 0x0, 0x0, 0x7cc9) sendfile$auto(0x1, 0x3, 0x0, 0xc01) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x8, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0xfffffffc, 0x0, 0x0) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0xe64e}, {0x9, 0x3}}, 0x0) r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000540), 0x80800, 0x0) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x600, 0x0) ioctl$auto_RTC_PARAM_SET(r4, 0x40187014, &(0x7f0000000080)={0x1, @uvalue=0x6}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/amidi2\x00', 0x82040, 0x0) lseek$auto(r3, 0x0, 0x2) select$auto(0x4, 0x0, &(0x7f0000000400)={[0x400000000000002, 0x40000000e9e, 0x80000000007, 0x9, 0x0, 0x100000001, 0xa, 0xf, 0x0, 0x5, 0x4, 0x88000000d5c, 0x10006, 0x100000fe, 0x10001, 0x180080001]}, 0x0, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r5, 0x0, 0xe8) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0342, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r5, 0x28000) 2m20.889364902s ago: executing program 0 (id=164): mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x3ff, 0x0) (async) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.events.local\x00', 0x103042, 0x0) (async) write$auto(0x3, 0x0, 0x5c8) mmap$auto(0x0, 0x8004008, 0x2000000329, 0x2000000010011, r0, 0x8000) ioctl$auto_XFS_IOC_FREESP(r0, 0x4030580b, &(0x7f0000000000)={0x4, 0x0, 0x4, 0x2, 0xf, 0x0}) kcmp$auto_KCMP_FILE(r1, 0xffffffffffffffff, 0x0, r0, r0) mmap$auto(0x0, 0xff, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r2 = socket(0x2, 0x1, 0x0) setsockopt$auto(r2, 0x6, 0x24, 0x0, 0x40) syz_clone(0x40011, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket(0x2, 0x3, 0x2) (async) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) close_range$auto(0x2, 0xa, 0x0) (async) syz_clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2m20.52783629s ago: executing program 0 (id=165): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208000, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0xc0802, 0x0) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100253d7000fddbdf2501000000080007800400018026f7f3c121de3f12f52c0c00"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x8880) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) brk$auto(0x7fffffffafff) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fstat$auto(r4, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) 2m5.442810813s ago: executing program 32 (id=165): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208000, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0xc0802, 0x0) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100253d7000fddbdf2501000000080007800400018026f7f3c121de3f12f52c0c00"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x8880) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) brk$auto(0x7fffffffafff) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fstat$auto(r4, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) 13.761316175s ago: executing program 4 (id=481): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, &(0x7f00000000c0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x54) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x28, 0x5, 0x81) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) ioctl$auto(r2, 0x5646, r2) read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000280)=""/40, 0x28) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) copy_file_range$auto(r1, 0x0, r1, 0x0, 0x2, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xfff, 0x1, 0x948b, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) socket(0x1d, 0x2, 0x3) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x110c230000, 0x8031ca, 0x9) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x8, 0x10, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x6, 0x2, 0x1a7b870a, 0x76c5, 0x9, 0xfffffffd}}) close_range$auto(0x2, 0x8, 0x0) 11.002202733s ago: executing program 4 (id=488): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x18b002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100800, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x4020ae46, 0x38) (fail_nth: 8) 9.299200238s ago: executing program 4 (id=490): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="011d3da4420008bd7100f9db5f250200000000000010", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x20044011}, 0x80) (async) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) ustat$auto(0x801, 0x0) (async) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) (async) close_range$auto(0x2, 0x8000, 0x0) (async) ioctl$auto_FIBMAP(r2, 0x1, 0x2) (async) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r3) (async) read$auto(r3, &(0x7f0000000100)='nl80211\x00', 0xbe62) (async) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x14, 0x0, 0x10, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x20048014) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="10"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) (async) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/oom_adj\x00', 0x400000, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 8.812952162s ago: executing program 3 (id=493): unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x1, 0x100) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x6) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fff) unshare$auto(0xa4) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) socket(0xa, 0x3, 0x3a) write$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x40) close_range$auto(0x2, 0x8, 0x0) syslog$auto(0x3, &(0x7f0000000700)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI\x00\x00\x00\x00w\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2\xa0\x86\xdcs\x05?\xcay \xfdB9\xd0\x02>\x1d\x87\x83\x99\x83\x1eI\xdb\xcc\a\x88\xd7\rf\x9e\x1f\xc4\xa6Z\xb9\xa8\xa5\xfb\x02\xb0\x81\x8b\xa2h\xa4\x97\xafZ\x91]\xf3\xf4\xdb\x8b\x95\x8db\xd0\xcfx\xbe\x10c\x05\x1cD\xca\xa0#\xee\xf1\x1e\xd8\xcb\xbc\'\xe5|\a\xe3`\x11\xf3_\xf7\x8f\xdeg\xe0\xff\xff\xff\xff\x00\x00\x00\x00\xbb@$\xd2xxG\t\xb5h\x9eL\xfdF5\x84\x83.{\xb2\x19\x87\xd5ZZ(P\xc8\x94\x10\xe1X\x04p\x84\xb0\x93\xb5\x8f\xbc\x80\nr\x90]8\xabC\xf0\xb3J?\xf0\xaao\xb2\xbe\x91\r8\xa9B\x1d\x16\x84\xf3f\xda\x85\x7fN\xd2K\xbf(\xb97\x87\x93\xa0\xe3\xbb\x8e\xa7}\b\xb7\xb5\ak\x94g\xc7mSD\'\xfc\xdd\xab\xf7\x14\xd7p\xd7\x1cv!~\x1bN\xb6}\x1eG\x00\xbd\x00S+\x18\x80\xcbV\xdb\x9e\xb6\x803\xb6|]k\x18\rz\xf7\x8fl\x87&\xfa\xd8\x90h\xa9', 0x101) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040)="11ce06d2b8", 0x40000100000001}, 0x6, 0x0) prctl$auto(0x1000000003b, 0x0, r1, 0x4, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyy7\x00', 0x2, 0x0) 8.759337865s ago: executing program 4 (id=494): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/est_nice\x00', 0x40001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x80000001, 0x580e, 0x112f4a03, 0x8000000008011, 0x3, 0x800004) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0xc3, 0x0) setsockopt$auto(r0, 0x1, 0x10, &(0x7f0000000280)='\x00\x15\x8d\xca`\xbcgY\xd2w\xf6\xaedN\x00\x00\x00\x00\x04\x00\x00\x00*\xaaL\'\xab>q\x9e\xdd`\x84_\r\xc2\x17\xb1\xaf\xd2\f\xfd[Iy\xbb*$\xec\xca\x8b\xde\xdcV@\x04+\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xc3\xa2\x1a\xf1\xdf\x12\b?Q\xec*\b`\'\xfe\xcb\xe9\xc0\xf4\x119\xf6f\v\xf7\x13\xe6\xd8\xa2\xd3\xfd\xa7', 0xba) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r1, 0x4, r1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x4007, 0xb}) shmctl$auto_SHM_LOCK(0x1, 0xb, &(0x7f00000003c0)={{0x4, 0x0, 0xee01, 0x18, 0x9, 0x21, 0x6}, 0xe, 0xc4, 0x1, 0x4, @inferred, @raw=0x4c000, 0x3, 0x0, 0x0, 0x0}) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ttyd0/power/runtime_suspended_time\x00', 0x42100, 0x0) read$auto(r2, 0x0, 0x20) write$auto(0x3, 0x0, 0xfdef) openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x2, 0x0) 5.56733921s ago: executing program 1 (id=498): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1c\x00', 0x40002, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(r1, 0x40084149, &(0x7f0000000040)) getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) getpeername$auto(0x3, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) write$auto(r0, 0x0, 0xfffffdec) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) clock_getres$auto(0x3, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xc008aec1, 0x0) fcntl$auto(0x3, 0x4, 0xa553) shutdown$auto(0x200000003, 0x2) 5.398665836s ago: executing program 3 (id=499): r0 = socket(0x2b, 0x1, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x20002, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0xfffeffff, 0x0, 0x4, 0x9, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x80c}) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000680)='/dev/audio1\x00\x8a\xe5x\x9b\xa9|\x9e~-PY^\x8c\xf3\xf5\x00\xc0\'v\xafxZ\xc6B\xb1\x86cR\xbb6\xa0s\x17\x05W^y\x0e\x99\xf6\xc32\vM\xfb\xa2;\x94\x14\xc5\xccc\x99\xa0\x1b\xacB\xf4\xfcfF\x98\x9829B/\xde\xbb\xec\xd4\xee&\a*`\xc7\x8a\xc0|_\xe8\x9f\xd1g|\x00X\x92\xfcQ\x1c\xbb\x8e\xb6Vs\x8a\xa5\x85\a\xb3\xc1\x03\xbfV#\x00\x86\xf1\x94\xe60V\xfd,\n\xd7P', 0xa3d8) mmap$auto(0x0, 0x10000, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptye6\x00', 0x200000, 0x0) getrandom$auto(0x0, 0x9, 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/sound/ctl-led/speaker/mode\x00', 0x182, 0x0) pread64$auto(r5, &(0x7f0000000080)='*{\x00', 0x488, 0x7) r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010025bd7000fddbdf2503000000040007800c00020005000000000000000800010007", @ANYRESOCT, @ANYRESOCT=r1], 0x2c}, 0x1, 0x0, 0x0, 0x15}, 0x8880) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) write$auto(0xffffffffffffffff, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)=""/153, 0x99) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:01/status\x00', 0x80840, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000000)=""/46, 0x2e) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) syz_clone(0x20004400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x11e, 0x1, 0x0, 0x9) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'veth1\x00'}) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="18000022", @ANYRES16=0x0, @ANYRES32=r3, @ANYRES16=r6, @ANYBLOB="0400240008000e00070000000000000800d500020000003c00018008000100", @ANYRES64=0x0, @ANYBLOB="08000300020000001400020076657468315f766c616e000000000000140002007465616d3000"/48], 0x98}, 0x1, 0x0, 0x0, 0x4800}, 0x4000080) ioctl$auto(0x4000000000000c8, 0x400454cf, 0x3) 5.238364197s ago: executing program 4 (id=500): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, 0x0, 0x8001) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) adjtimex$auto(&(0x7f0000000000)={0x7, 0x0, 0xcbe9, 0xfffb, 0x1000000000000006, 0x88000000, 0xd37f, 0x0, 0xffff, 0x2, 0x3, {0x10, 0x6}, 0xfffffffffffffffc, 0x7f, 0x2, 0x4, 0x0, 0x3, 0x1, 0x1, 0x9, 0x7, 0x5}) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x5608, 0x7) keyctl$auto(0x3, 0xfffffffffffffffd, 0x0, 0xee01, 0xa00002) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) msgsnd$auto(0xfffffffc, 0x0, 0x1, 0x963) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r1, r1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0xc8, 0x0, 0x40f6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x8, 0x1, 0x948b, 0x3, 0x15f4da0d, 0x3, 0x3, 0x262, 0x8000001c, 0x7, 0x6d3e, 0xc, 0x2, 0x5]}, 0x0) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x8014) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) unshare$auto(0x40000080) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d63882a712, 0x0) 5.209516505s ago: executing program 2 (id=501): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4048000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x8002, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video18\x00', 0x802, 0x0) 4.621971566s ago: executing program 2 (id=502): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005480), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x10000040eb2, 0x402, 0x300000000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) write$auto(0x3, 0x0, 0xfdef) 4.26410653s ago: executing program 1 (id=503): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async, rerun: 64) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) (async, rerun: 64) r1 = prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) brk$auto(0x7fffffffafff) (async) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) (async) mmap$auto(0xa, 0x202000a, 0x8000, 0xeb1, r1, 0x100008000) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 32) r3 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) (rerun: 32) read$auto_stat_fops_per_vm_kvm_main(r3, 0x0, 0x0) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) (async) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) fstat$auto(r4, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) (async, rerun: 32) semctl$auto_SETALL(0x2, 0x6, 0x11, 0xb1c) (rerun: 32) r6 = socket(0x15, 0x5, 0x0) r7 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/state\x00', 0x2, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r7, &(0x7f0000000240)=""/155, 0x9b) getsockopt$auto(r6, 0x114, 0x271f, 0xfffffffffffffffc, 0x0) (async) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) 4.125318165s ago: executing program 2 (id=504): openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim2/ports/0/pp_hold\x00', 0x2, 0x0) epoll_pwait$auto(r0, 0xfffffffffffffffd, 0x37e, 0x7, 0x0, 0x8) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0xecc6, 0x0, 0x7352, 0x2d, 0x200000000045f, 0x6, 0x7, 0x3, 0x2, 0x9, 0x36e, 0x6, 0x2, 0x3000, 0x9, 0x8, 0x10003, 0x8, 0x1, 0x0, 0x5, 0x1ffb, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffff00, 0x0, 0x0, 0x0, 0x3ba0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0xffffffffffffffff]}, 0x9, 0x11) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x42003, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) memfd_create$auto(0x0, 0x7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/virtual/block/nbd12/queue/max_hw_sectors_kb\x00', 0x40, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mq_timedreceive$auto(0xffffffffffffffff, 0x0, 0x5, 0x0, 0xffffffffffffffff) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000500)=""/4104, 0x1008) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) r4 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0xa013, &(0x7f0000000100)={&(0x7f0000000140), 0x49}, 0x4, 0x0, 0x5, 0x1}, 0x1}, 0x5, 0x100) 3.539376438s ago: executing program 1 (id=505): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x401, 0xfffffffffffffffd, 0xd4, 0x4, 0x28c, 0x0, 0x3, 0x368e, 0x9, {0xfffffffe, 0x10000}, 0x5, 0x6, 0xfffffffffff7fffd, 0x1007ffd, 0x0, 0xfe, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) write$auto(r2, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) getdents$auto(r3, 0x0, 0x4) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_MON_IOCG_STATS(r0, 0x80089203, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@batch={0x9, 0x5, 0x9, 0x8, 0x9, 0xffffffffffffffff, 0x2, 0xfffffffffffffc00}, 0x60) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0xa, 0x1, 0x0) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0) prctl$auto_PR_GET_TSC(0x19, 0xa, 0x0, 0x0, 0xd) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, 0x6) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x201, 0x0, 0x804a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x22, 0x2, 0x3) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 2.666636238s ago: executing program 3 (id=506): set_mempolicy$auto(0x3, 0x0, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000006300)=ANY=[@ANYBLOB="91520000", @ANYRES16=0x0, @ANYBLOB="00042dbd7000fbdbdf2516000000311607801301e1800c0041000100000000000000337c85289308002700", @ANYBLOB="06317f04b12df7f5f7dfea5d6aca1addddb676f3845fede099f955090a0a65ff7a0e44267122aa930a29edcbdb59926047e1a94ca3d5d85bac2f6e52bef47a40893cd4a39854a5478e6e17e2165a390bf209227234f0a6ba6940263394505c6ebe0b684d565d2d4a8fc7841ec1f0727e033927ff8fec4aa0aa2b507a0e4f2d75104f72dec496e28b9dbb917a40bf8f500241abc43351f1040622a01477af1dcad8b579668dd1edc24ee559f35e9d1882053285eeabd4", @ANYBLOB="ec003180e6007c008b633f5d46f7704a175225762a8f3ea7ee67e189d2024e24c7", @ANYRES8, @ANYBLOB="04005d80000091daddf55cb6321a8fda697f14a07153006b84923e32f764370c379f768f524d7657b49d5f29c0bc720531302c21591d8899c1a976be71ab5bed31a074a65f93db1f7b21ca4ac9d2d9dcd88912b9761d5362548e8deb269b598e97eee491de197c7d8537c8d7c5ed1db4a2a0c3d1b841426f6b5e4593115234d5c5446c285164e7fb0aab4bd826d0f30500c13badc2d66338dcffa17fc5320ebb9441e46b3ad0055d9278ad1bf11c99fb4f2e99fddb7e5d399cc9ffbce464bc874957799341e44038ab290e2d16d4485a837b3ebf54c82f610b07a012ad3e9ebd7922cea0a20a892ba8c0942b5b36ca850bc489527d94734a87c367c3577f0d283fd0a4207bd47b56c869d81420fbab5de76c2e91a882496f03d106b3928dbb63298a93ad82d81275909bd22f9e12c157f82191b45dcab2cf55b70d87f282ae00fcc26eba27ef4bca008560b53f35e960280aada7bf1d13442142509157aa6109c529b6e82e85be84fb651681f4a91b44b3afafcf942bb7675223b9ad3a772d84a95c303f63bb112d7951076d2d723ad6a752d4e0992124930cdf38a11b1b3de4a09252717ed4be0baf8a2a86493b1e8be9884437233e5a37ef127c3561667240adddf3ba89f018f9774f6117461927842e133036cefc2b8bed9aacb740036c8ee7637e8687d28537fb6adf2801e315d52b17191b2a42e2dd2bf13d48d1bfcade09e1bec8acf121767cfd2f8060fa0fdfc535ccf9697832e94dd2f32d328ccf1e5c5d041a61f59a3a8f02a9fa5f003b1737caef9d8929e943a5a3c92f541dd9ab61aca90c41db2b8632ca33ebb361a1465a0dd675a5d388bf63428f08c5e363d6f63d5b109e51f8f1397ef982abe784cb88daca273b2ef043163a980ee62cb653e3293f021d0a826c05b24c7a69ac7d5eb5d57e8a5dec54d2d7ef10791989606c761bf9337374419fb5d6290273f5f8166db24cc98ed237129a3c755121a3cab579ce192251a0bbe06eb7e941227e1b15e070afacfccc5f8357bce2736a7aefecc99a3c819ab6f735373973d28833096d502311405dea0a61369ceaa45b0f9eaa16108354ec2f9f7556d90c2f656abb1a0da2de9a47092abd407bba13e51d8258363ec90ddda9b1de125b0009027ae652999b1c59e39056a54230155739febeb439056a92a81354920439cf24661fa3e56feafe26a1b526b24a998d8a6bc08ae017fe2e5149202a51283c56af0471404b4325cf0393e7c1fbc240318b0f664bad551c884c004da380dee8693620a783af7475de9dcdd0d9d82412393efc18ad7a212490a57aa9b7545737a550ae03e9887624c3b95186b963e2056781acd5febe3f249a7a4e4d563278b1bd6afb3de77e65299eae4d09070d03276523b84f03c57111b013670dfad9d55f2a10e6a551963f9d7ad5a3be4a041470da8feec617a9ffa3948f141bf6b9ec612333df799b88325b48a79247668f87d20e6e96d7aa68f8015d688b5f02a20ca293002d0da1b06c6774980a08359f78bf12400d6f09ceb51722a42c68c851102158163a4fd3eacc532195d48af07f834282a0e331feacc62eb3ab17c22ba2b0791aee857a9f4f16e3f797ca7c0977241b69883bd38f9da8484030f92d2250fe6c3b918c4a7d827845b91175ea914924a718be54fa53e55b1e811f78f8570ba257fdeca09d5f0787f79a357902681b96e6406b3312dae0c6d135610b4977f2e2db88136931a087980a4bd5a93e906c6d10bfa497b290cba8a52bbbb8d0750dc050a1cfd035aeb99aef9b0dffbcdfd1c9e6d8449a4611c8b239d1ed4ae55effdb3e734e84e6dc855b4b6c23614b2e91f662b344d7aa2f14574c7e99474d27d547711331ecb1ed8bd8a7ae5935ebe35a5fef15fe7b1cfa6a4aa9e80f4f023e6dd9ec929b7316dc5af2c7587f8f37cafeeefac5b326d8f9eafb50a70dc4740047589071e70b9f4b0c4fa5c9fab542806c1e6a8cff0b"], 0x52a0}, 0x1, 0x0, 0x0, 0x40000}, 0x2400c040) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x70bd27, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x80}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8}]}, 0x3c}}, 0x4000000) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa19219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc0d621178012495837d6a220eeaaf498ccc01", 0xfe04) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) r3 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000540), r1) sendmsg$auto_NFC_CMD_LLC_SDREQ(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0x94, r3, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x5}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x4}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x32}, @NFC_ATTR_IM_PROTOCOLS={0x8}, @NFC_ATTR_VENDOR_DATA={0x55, 0x1f, "1b256ef144de35fa93beaef6bd3cca65a355d543b67311c889430f0fe167ddbadeb17023013c7a0d814497e560a1f37164bcb201b5b004af9df6eab43e26991583d8175f9c6e73d6fa89c3b9d89c1260e0"}, @NFC_ATTR_LLC_PARAM_MIUX={0x6}]}, 0x94}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000) 2.349346049s ago: executing program 2 (id=507): msgrcv$auto(0x4, &(0x7f0000000040)={0x4, 0x7}, 0x9, 0x8000000000000002, 0x200) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r0, 0x540a, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f0000000040)=0x4000010) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000040)) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0xd5) msgsnd$auto(0x1, &(0x7f0000000080)={0x7, 0x8}, 0x0, 0x8e7) r2 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) setsockopt$auto_SO_DEVMEM_DONTNEED(r2, 0x5, 0x50, &(0x7f00000000c0)='}}\x00', 0xa6d) 2.114157708s ago: executing program 1 (id=508): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(r0, 0xaf02, 0x0) userfaultfd$auto(0x3) close_range$auto(0x2, 0x8, 0x0) 2.11235611s ago: executing program 2 (id=509): ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, 0x0, 0x4040800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) read$auto_tap_fops_tap(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r2, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) r3 = memfd_secret$auto(0x0) fcntl$auto_F_UNLCK(r3, 0x8, 0x2) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000280), 0xffffffffffffffff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x0, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setfsuid$auto(0x0) r5 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000004000), 0x101143, 0x0) ioctl$auto_RNDADDENTROPY2(r5, 0x40085203, 0x0) execveat$auto(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=&(0x7f0000000140)='(,)):{\x00', &(0x7f0000000240)=&(0x7f00000001c0)=')\x97&\xaf]@\x00', 0xd) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) process_madvise$auto_MADV_WIPEONFORK(r1, &(0x7f0000000040)={&(0x7f00000002c0)="d23d5d37551853fe845d4bd93646bca40256631d6579618112a37b8a67d764ba2fbdd4682cc1cd4e1ced826b3e2d2fec9b30eaa95171aad09d161f7a4a95023d40107e62b0fe8035101eacb7e6a7fef4a8875f5e1775d37e10fa284196444bf0e501dd6b91a99302ff77ba739a6e2c5098560c6f5013cbf757f8b7ec4a89ccfab07bf06face8db84695688cbde1ff8ed82909627daa0b69847b1883e27a68c78f04e94f010227a51eafa42395c2803821f18413d9b5d3d48a485fee266b19fbdfd7fe639", 0x905}, 0x401, 0x12, 0x80000000) getpgrp(0xffffffffffffffff) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r3, 0x0, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_SET_CONFIG(r6, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x1c, r7, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040804) fcntl$auto_F_SETLK(r2, 0x6, 0x0) 1.920550222s ago: executing program 1 (id=510): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x38, r1, 0x82652360e804c8d3, 0x9, 0x25dfdbfe, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_STATS={0x14, 0x3, {0x9}}, @OVS_METER_ATTR_BANDS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0xfffffff8}]}, 0x38}}, 0x8080) socket(0x15, 0x5, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) getsockopt$auto(0xffffffffffffffff, 0x10d, 0x10, 0x0, &(0x7f0000000000)=0xb) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000024c0)='/dev/cec9\x00', 0x2000, 0x0) ioctl$auto_CEC_G_MODE(r2, 0x80046108, &(0x7f0000002500)=0xff) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rt_cache\x00', 0xa182, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f0000000240)=""/4096, 0x1000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x9, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) connect$auto(0x3, 0x0, 0x54) sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x3, 0x2c) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r4, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r4, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x1, 0xf1, 0xb0, @raw=0x68e8}}) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r5, 0x0, 0xfffffdef) 1.455336194s ago: executing program 2 (id=511): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x7}, 0x8) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x8000f, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0xba6, 0x0) close_range$auto(0x2, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x4000000000, 0x2091d1, 0x8001, 0x0, 0xf82, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x35, 0x1, 0x4, 0x0, 0x0) r2 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x101f82, 0x0) mmap$auto(0xfffffffffffffffc, 0x2000b, 0x3, 0x10010, 0xffffffffffffffff, 0x9) write$auto(r0, &(0x7f0000000080)='-/%\'\xef#\x00', 0x8000000000000001) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x10000006}, 0x400) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r3, 0x560c, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) pwrite64$auto(r4, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) socket$nl_generic(0x10, 0x3, 0x10) 1.421349225s ago: executing program 3 (id=512): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005480), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x10000040eb2, 0x402, 0x300000000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) socket(0x2, 0x80002, 0x73) write$auto(0x3, 0x0, 0xfdef) 1.37361606s ago: executing program 4 (id=513): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000100), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/dev\x00', 0x6a8800, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r1, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa[X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V/uc\xb5Q\x1eY\xe0\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaaSGH\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) read$auto(r3, &(0x7f0000000040)='\x00', 0x3) mmap$auto(0x0, 0x400008, 0x7d3, 0x9b72, 0xffffffffffffffff, 0x5cd) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rxrpc/peers\x00', 0x101000, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) madvise$auto(0x0, 0x200007, 0x8) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon9\x00', 0x80000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x630001, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/pagemap\x00', 0xee90ce37eb497475, 0x0) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4b, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) 662.456652ms ago: executing program 3 (id=514): setreuid$auto(0x9, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) pwrite64$auto(r1, 0x0, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="090329bd7000fddbdf2517"], 0x14}, 0x1, 0x0, 0x0, 0x24008800}, 0x20044840) io_setup$auto(0x6, &(0x7f0000000000)=0x36) clone$auto(0xfffffffe22000, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x800fffffffc) 39.134153ms ago: executing program 1 (id=515): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) (async) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) open(0x0, 0x103840, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) (async) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async) io_uring_setup$auto(0x6, 0x0) (async) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) (async) r1 = socket(0x1d, 0x2, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), r1) (async) mbind$auto(0x80001ffd, 0x100000004, 0xfffffffd, 0x0, 0xb2, 0x200005) r2 = syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8) (async) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) msgctl$auto_IPC_STAT(0xd, 0x2, &(0x7f0000000500)={{0x6, 0xee00, 0x0, 0x0, 0x9}, &(0x7f0000000240)=0x3, &(0x7f0000000380)=0x9d, 0x0, 0x5, 0x1, 0x8, 0xfffffffffffffff7, 0x2, 0xa, 0x8001, @raw=0x1, @inferred=r2}) sendmsg$auto_IPVS_CMD_NEW_DEST(r0, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000003c0)={&(0x7f0000001780)=ANY=[@ANYBLOB="fc110000", @ANYRES16=0x0, @ANYBLOB="100028bd7000fbdbdf2505000000e81102803ff95abaeaf44b3802521ac92202bf088655908691a9d2d1fce158767109d87df2747443e99464fc6a6bd7380bc254314743feb317df143bd86890a79feac782d1a1709d5283d8404c007f33abb6a2e826ac3e0b16dcf9cd1d6a451079814e7076d910d90450ab3f88bcaed322075f8f2fb4671fe622f72936c336dc955583a5b340be6193533973e27d6df339b50f1af10d975a6a33f3d3256cc7b93656e9afea0bcbbf56d238a75d2db0f10fdc7c0814a11a686a6d7e2b3850735a7df7c76521b0620400de80f8100b8004003c80361db9acf46da98a975a66fcde284375593fc9e0fd10d4687c5765b209076a4eaed4300543d7a5dcf1a3811e13619125f7e58172cca5599c42c12748b68eab01b5f6a693ed645384079e08b226d9099df73f6a4209a4bf3ffc490444b8437d5b8a64c98fd8acf2c850aeac1d79e50f04682cf9ad95052da2987c78db41d6f167b46fa770508865e4bfc1f51f0cc4f9bf54518a10e6515af660e910fe34646f140ad73da423f1b61605148552004064c9f54a85f99d57bf9c490d4e021cf145dbe3cb3edde2ce0cf98ab769e2242688e52bac3dc7ff7e4130ff339c52e65d4b4c64f312dc74573d8c3b4906739b5b1e44a4791d6ed1d2739a0e706dac5e2c85a7f54e90b197f10c8942fd9be60c2b049a4617c8d892af3cfc904afabbad9bc3d6edb768edc4f395fb9d51bb2d54385da049ba655fd2b6cc78cd16a2865ab88b426aa2bfff9505a4daa4c00c869e496b4b3fca4b0a6fc7d9ea50a59732d57e1791f1b0c3d99fc63b3c35ed452abfc0e1ffa6206869e4327032c1ab699712c41e115782f51cb0550db3f82902098413a8ed480de5187a280657583405dfb471c1632b2b8a95d23b83a1395e9d28de489f487c9a7edd8eea7387b875b2d7d5d881b1c9757e31af4040e549871865de16bf624529dcb75e303e83d39a906e33d06510a1da8060ce5e0d71e566538374de86820f9acfa732f7fcf1ccfaaa9ac7d4cf01c2116c5723e1ed64a7a5cbd8e05200ab14bc07c70780a0f7950ebdf1b845d261c7f608d7b50fb7519dabb365282cc6fb266012e5e48c58b7ab0001dc301060f2ff98895e9415f3d24378dbe13f39572e3d97f71b5b1c5ba79fbb4d2c2b3933a269f977407818527144b7a2755a19f470d0ba91c1ea732fb8939aa04e32290f8fd3d625ab41890e62d643ca7df9a3ea15f7d8f4c2c109f14f742071b99730155de4eea0d37dcdad0ef661e62bb9bd0eb8a3956e933a917a7feb3ea2556b5ba42aad462a578a81b3c43665922cbce4ddeaddc2221336dce3d861c1625a3ccf7d73d2ec9a2c40c415fe45c8b99d332c90b9622cea66b128556d5bf56587e7e4f291594d3ef299e80e0106514caadb2b9dc54b470a0aaee37e3671f5a7e8c9262de476529aea96137a2aaefff1e118412afd0e05be0855f73fb6843afe99c273782aee383d863c22189400b2739c374e55046b1d065b3007af0143b0253a0ec4e14d7dce488e0d68a69da43aa259572fd379b931d209efb515e3bb3e7250101eefe12839a855b4806fcd0a4fc8f4878fca58493936f7620d01dc7878ca243584e655b8b7d88ac765e3950f80a60f02037b55282ff9109b56b7feb48e93bba9d04eff69676f0d5a75ceaf6c306961164c5b4a4b15af0e89fab4746fa0fda5f0dbf6346cd3dfd2684490db0164cbe76ee4bcc580b8041455471c6d324aa86d0ef490bbe5ecc1bda235ca8eccf81e44d0872d6f2cd82acddd0c70c776b82922835cdd663ac978b94beec8c7be8a5a86fe8889730d5209f81bd5974dc43e6e24b27e51cbd78e658c676368251dd7bd737749f687c4bee0707e3914e48fab4d3a7007501816d7742a3d1e6b57a70e88058d0e6ff50985954f0fae5f3cac622c5b9e29919b70c2098718a706b28f6fa49a7cd71916423a1e8de10d381acd0b2bf805e882caf1d398ca0d55e044545359095d8db223ecafd333a7230d83515cadd14935a6e54e9f707128eec8fcb55603eed59e401fb9fa2859818a2d624a0c7f9c8b25dc2e2170c1f098985c8ab83a1df648dbf0ed0d6196a0dc599304fb731d62178341a1b4218c82e2025512cf1875612a1cad33515380fc4f1db4b5cd6e4e8aa074b2dab6572fb44f90d1a72c09e4e6066146ba295dddaf962ec72a8920e496567bfc5b5fa87e49bc30d3dc157edba2514238b3f7c2f517b5bcd0c31a835ea4576adb4fd403b179598d3a1a36db5628660ecc9c6020e2230dbc54dd4d4ff6522cbbf3e647a46f2b6389d90e3b9d43459cc8279fa02eca5e7e585e8aec8d08660ef401084f80c05baffaa238cd41a863475bedede7f82fc9d1bd5723f5798e68ce3fda2ff2353ee09b4dc1b2bef3b604011daf5f1620a960273ed2843b27a6140cc47f69586250dddaf05737b21300072b567e2568576823fe9a74d403825e537a2e30a9a5e5eb5e06bfefa385a1831f6692d969d0ad3128d8990009a063d41f31791c169ac060db711ecc21e636d064d7fbbffdf06665b9af0405404729aed5c1fc96b38e093045f3270ac98f5408537b13417d1464bcd390d99e0526bdecea96e1fe1da0b980974c7f4a9dbc39c72e2c84da0728ffd08f86c954b1d35ffdda8543750766d9da2d11d6831268a8d5f4dab52e0038519c8a00fad69e4daac2f6c3ee94ff2e06bb31c1e77d7c62aa0080b0047cc6c72ff03f94c4df31e41b7c186b977303c55c226ce73d14fe327d7f1b763e35e4b587854d8ffb8a6d14ea4e542e92b820221fa8c2072df061f3dfc223eb26dbc2a377ef32eb120b2542de0b06efad206ff900227579dedfc9285d8cbce02d521d5878199281144340003373cc550d782809411f5a16a195b560a451a9bd7299d611c31ae2659e80172e65d25c89b32ae06eb156fe510c8ebd7b641ff7b1b1eaa41524aa0d9f872c063cacb71fd7bcb4f59ea0e69ed6e5eb6d1d9b1f170644144f7021b5cfb40135170b0bc368a3de5f915f58b4201f577080bbb845043bccfe9f654388715cd9010d334d3f2b70d7118da8b79a59bbd4d7ec1c284c1338fba18cc2231d70ee92ab98ffc14f58eb8b5450ca78a849cccede150c3a44e2263734d324a77f30283c1b624d28cfabd669247c8924b3e8d66809c50b5830eb1d5632594eec7e271b66b8ddeffc46d118ed2e2a4264d29f2c8d4ad866ea425361dd9b076728c9f333d001d442b7c55bfbbb5d44539758b5e043c70133b63774e9046c8e49b2a14698e825d0dd07b85e6e3cdbf23861a1f4d2bcd6332a2f6dfeb208d99337d6d55498c6e09240d9b79926e25a8f8a0182b1cd8f2ab1a8bfcc1eb2b02684a2d0c8bf38d7ef8cd0f2ba5090235baf0fd1fc27ed81221c4edc6f9a6362db4ff7c41163242598b8a9698d0601d2808ca895897c9866a390613ba0ba3eb15425f2658b2b3259d9fdaa0912e3f43618424542bb69f0393068d1c7ef7bddc6937c4f9b072e132080b1750a15c9259b3e9aadfed59106ac4f830a231daa60046a5dcd25afb4e3ad065670cd4ef3d9b256615f0a1e400e98e21b87f07cf6d694b4f55a32a366630bbe2ff3e203adebd5e160638a94b13148cf3351c2d33c9a30a012ccd8e4e7b06ab0dcec820b6607a1248eaef175a874884a18af9f2aa48449ff7f6928948c06dde2191136355dacd277d293594c4f33778f09efcd9598c779ffb308a39404c510cf2ae41b8c212b2ad82fc5c22adf60cd8d4f30229b78c22afa6d732ab461c66e9950812138f94d8e4249014ec3636fb3e3131cc9613eb8ec7695b052a22903c46cdf3c185b7776f2a7f3c6d90461101ec7f799c920192709858963fb126f6b25503b73943093593c57f2d404bb278683a03b69ba0f5096243ba3dd356f316a08ba82d0494f8e8272921314687f6a88ba99237fbce087ee7a3e18847c7a0cd3b931e2dcd64968822be57e6e027c6f354221cb6a38c52ae41fa90508e3babded4caa1d5c216da9a6bfad293680c1bb50ba30bb341c6d29bd3afa737b2d19900f2d663a14f5714292b37441e33cc7c11951b648035389963a47dadffa5d4d7f1f344bd2c1b429915424bd534a605975478c1103e11c90752697b821e26709c3c8869e6a56e98009b59d1c32cf141e861d9ca1c47fef1fea0126217a20d7a35b2a504523ecd4638721137c009733036fb82d76149f09360d279d774ac38f983c3800aa98e95419b13d83b9955b5f2300f08e419f18e32e93f5358c4eb7e667df4c1e3b4aa5f7c1102217b0e33966b108970d981bbe70038d40d69785799f93b2c462b8442c929fd5be07bd845b3fe66a45032102aacb52262e15a7351975318f8fb5f396d57f01ebc623b95603dd74c16a3cd0b4417acbceae101d7b4fe635a5685611a089830f46db139b5a7d9a6d2729f248ed2b91ec47d647a9ce7487a22accd780aa2b0700746c1ba83e698f0e7fc8ef689d9494f0c4c2f4368a2b2f4809dff768fd86ed8398164b266713580f7d4c139e4e0a818e0553b41c855a63a02464ffb5b3fab54ccbbd79f8b4d46d26d6d3b95a34f1816d2a0121c684a42b37c97f88585b302b2b613700cd3d0cee6ef90ac550dbba85ccdcdb37f02cbf0fc0e96e8adfc3c051dc7c21377f8e9c7b49d7922f31581406367afc99ad6136dc8fb5cd04edd5331ae87a80e7ca5e5e7d01a4d18b5a520d4dacc7df449120806daf5190963f9597da5fac6386087c39d59db71330f05d51e4d0980f01c7978c730edfc924bfa0fd90084d40412431e4cf50be5f027a905c690bfec1192c20d6f8a640e15ad424c474fa6e72bbc517d1f0f6d86ceea2eae2f131e5931520b021244cfbcb720cc5be023d97836f1e6d0aecea98c310b39d19f41640d211bfa2942ce81fabb24db3447bc321b8c7f600c12224b9761b48b907844c86139759f31222ed460a1f8c1be81a13c14ebe7411e5fda07e56918c3a78c0a051f9f022b0a415b1367fa930a6c53b8f8179f76abf40de96de85104e5fb2df3cdea243b2a0653fd67327d7531d2d778e578d79994494394c48e244188dde6a271017f8318eedf6ba39a47c2343a627feea4a99daed7fa36da0dfd2365778c66e54e2f0d5c063a0b4e9d54e7b955512f5f3afbfe401fe3e7ca5ed613f7e11011e4924d8c69ed1778214201846a723fc3fc9067e9e875fbd63ec44035d7ff0179a28841af0df8d0280868e6084786ae4dcf8094d6b248d95e5b7389b274d3f8ad1eca7a0eb6d533f9153efd5b13c21283bf2546e6c3d3c02541111f3a0784430c39a6861956a87644cf191f6c674c008f8b8a1bbd5c38221a1b53573bd21afd9ded5b684499f402d068076bf8e1227fc58b79d20583508b493fd491df73b285340e236967dc522e103fbde3bc34814ffabf9589bf8860d8c15aa2d810c449f9aa18f7854fd3d70cb03ccd03ba048b909cc5f10e5363e7c5befc5fff457ddc87303d9213ac59afd408cdc2abf96f6a85542908c617e713bac77471906a78f9c8c8cf28c5c201add8df349a9da367398f97b9f30ef36241bd21c53a07a6a54f4d0c31f0e979e1ef50e0ff4838398f5594fc3feaf8d9729b42aba93b67fbed55d3a7decf9d1e4f7989b74aedbf73c24de48d8122dccd2cf3ca3fdf1566a650ea62c27fc0c808e4235e342366ce51864ed3e9f36562e79665b7d3db9df34e1a966f2ed8ccdc26bf6e7cf1d6d2742387b24ed706244d4f1548c2bc6ca912a5ca8073e3d2bc95cc3ec62f1d33eaf97d13bb6ec74f8aa2c963fe7479a791727f4cacc6085bf91b18e0aa8fad220c9ba9df55fb25cf04eed65e23a114a595d5d751809595bc64f3395da542e926f6e309b1d1857f57dd08bfa0678931e12ec781e49d6e533e5d33e02e4b112209f1f6d24d4062ae41a6b25a1b55429d6d58ec26815debf0a9397627d231ad60cc1cfc3be117cf2ba0db8e8851ec163afefc6b9db11bbc8a4a5ee844dfaca691490e2311413e8522d2dabded2e236144062101b754e26fc91fdeaf36aa347beb81e0a9d11890ae5f62d7baa08ee0099d08739ca65087b87672451470d0769db04cb1a64ad4b8d43eaf7da39e7f8040049000400ff8008001000", @ANYRES32=0x0, @ANYBLOB="04001d8008000100", @ANYRES32=r3, @ANYBLOB="a7f29be1ed1860518602a8c052e6eae6475ce048b7d74acd0200393fa1cce766ec19d2d67b0c23eb749477dc528ddb55aa94cb8f6226db735ea122b0e552e557aa8d386482f4a624427b8e92cd416f3e0fd56e0a43e88608be201176cb98084ad44a9d22ccb053048647147b7a716e4d0ea8f52711790a3c0000bade7afd9c674284fb157c612c52cca686699ae22b6f0951a89ac8e2d09bbc5ec7db848fb0df2b824dd946feecaca55b6dcd523632246944325d8224e21d57866ef813dabded4a398a61acfe530de5e37a87fce4749bfee33b2c465db338dbc29aa16793d4638b7dc2949a6a52dcf2fa4f78473ea1b01a72328e5bf30400fb80da4509f61358a4fd29ab8038518cab6652f365b90ee32710efa982829247592b83740e9c36c1ad25eec8316c9dae6483c0f84e54abf5bcd6b32001b8ba4b7c0de40bef5016b6ac37dd53ec076fa815b51319a611eab85f6c76a579afdc13feee08472663f73419c26f571603fb4d7fcd6f95e1fe18423c03a4d0ed101ab7c67a18ed6daf00c563c33df88eda0abedeef233b70cc97d9a085acb0bd6a4978e02cece192868a7edd754ddbad118c96a26cc1a8bb4a1190f1bea0d10cd0dc3c0514c81312d6eeab50fa4a8f6438e829f8a7ebd5b2181588f506c2f8f9efac6f0ad4e1ea95db0d363d5bf8"], 0x11fc}, 0x1, 0x0, 0x0, 0x804}, 0x80) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x6, 0xfffffffa, 0x6) (async) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) 0s ago: executing program 3 (id=516): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000440)='/dev/bus/usb/029/001\x00', 0x2, 0x0) waitid$auto(0x5, r0, &(0x7f0000000180)={@siginfo_0_0={0x8, 0x3, 0x1, @_sigfault={&(0x7f0000000080)="374e1ebb7682b3070124021f60ba3918e29e300bfa1c92ecad9953d4fca775626ef591e1faf56d603ad493094ce67b621cc003db4ff39242e3515096b45d62d4caeed377e84c76f4b284461415ba60daf2e69caa117c8dcaab1a3a5b87a6e6e2f85154a0cca7cad2f755a22f9f08950fe1bd3ddfd2aad1ad003183ca88b8148eb3a7c46f0965f5d0b8b03efd30d02458feea56d0f3bbd654eba1e7bec408a25290ce5f858f4765bac47503d9aca6cbf5c0252eb3928824d5a01c63214f75450a7dc360e88480cb33058f107c6bced45b04b198402896e5a8a717272d69b8a6c988da1e85f61075b26ce36aedda373da6d45f22d989318ab0", @_addr_lsb=0x6}}}, 0x0, &(0x7f0000000200)={{0xe1, 0x3}, {0x6, 0x258e}, 0x3, 0x2, 0x8001, 0x3, 0xf9, 0x6, 0x6, 0xff, 0x439, 0x4, 0x23, 0xa403, 0xc, 0x3}) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd6\x00', 0xf42, 0x0) ioctl$auto_TUNSETVNETBE2(r0, 0x400454de, &(0x7f00000002c0)=0xffffffff) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) ioctl$auto_USBDEVFS_ALLOC_STREAMS(r1, 0x8008551c, 0x0) r2 = pidfd_open$auto(0x1, 0x0) waitid$auto_P_PIDFD(0x3, r2, 0x0, 0xc, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd4/queue/wbt_lat_usec\x00', 0x2202, 0x0) write$auto_proc_pid_attr_operations_base(r3, &(0x7f0000000ec0)='9', 0x1) splice$auto(r1, &(0x7f0000000000)=0x9ff, r2, &(0x7f0000000040)=0x4, 0x0, 0x0) kernel console output (not intermixed with test programs): 4] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.129830][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.162091][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.203149][ T5837] team0: Port device team_slave_1 added [ 107.272651][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.281169][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.310126][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.328966][ T5835] hsr_slave_0: entered promiscuous mode [ 107.338283][ T5835] hsr_slave_1: entered promiscuous mode [ 107.376864][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.385683][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.413460][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.483328][ T5834] hsr_slave_0: entered promiscuous mode [ 107.490602][ T5834] hsr_slave_1: entered promiscuous mode [ 107.497851][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.506794][ T5834] Cannot create hsr debugfs directory [ 107.538043][ T5836] hsr_slave_0: entered promiscuous mode [ 107.545321][ T5836] hsr_slave_1: entered promiscuous mode [ 107.554731][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.563311][ T5836] Cannot create hsr debugfs directory [ 107.679431][ T5837] hsr_slave_0: entered promiscuous mode [ 107.686694][ T5837] hsr_slave_1: entered promiscuous mode [ 107.694333][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.703115][ T5837] Cannot create hsr debugfs directory [ 108.217916][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.235632][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.256926][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 108.273827][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.368616][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.387754][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.443008][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.458257][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.546706][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.563555][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.575876][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.593062][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.713477][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 108.736998][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 108.775316][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.793369][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.862434][ T5841] Bluetooth: hci2: command tx timeout [ 108.903152][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.942076][ T5841] Bluetooth: hci3: command tx timeout [ 108.948536][ T5848] Bluetooth: hci0: command tx timeout [ 108.948615][ T5844] Bluetooth: hci1: command tx timeout [ 108.995585][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.033703][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.047962][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.086529][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.116130][ T3527] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.124156][ T3527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.175026][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.202873][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.241930][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.252342][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.267500][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.276075][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.367409][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.402957][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.411402][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.440025][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.518031][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.525698][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.567472][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.618463][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.627674][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.664765][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.673423][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.814726][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.898058][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.175016][ T5836] veth0_vlan: entered promiscuous mode [ 110.239645][ T5836] veth1_vlan: entered promiscuous mode [ 110.357928][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.380522][ T5836] veth0_macvtap: entered promiscuous mode [ 110.414420][ T5836] veth1_macvtap: entered promiscuous mode [ 110.477106][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.516779][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.579675][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.595461][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.605348][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.615688][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.699493][ T5835] veth0_vlan: entered promiscuous mode [ 110.750045][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.764753][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.776415][ T5835] veth1_vlan: entered promiscuous mode [ 110.885321][ T3527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.908354][ T3527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.924715][ T5835] veth0_macvtap: entered promiscuous mode [ 110.942346][ T5844] Bluetooth: hci2: command tx timeout [ 110.982040][ T5835] veth1_macvtap: entered promiscuous mode [ 111.022552][ T5841] Bluetooth: hci3: command tx timeout [ 111.023190][ T5848] Bluetooth: hci0: command tx timeout [ 111.030810][ T5844] Bluetooth: hci1: command tx timeout [ 111.053530][ T1320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.054699][ T5834] veth0_vlan: entered promiscuous mode [ 111.069667][ T5837] veth0_vlan: entered promiscuous mode [ 111.077266][ T1320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.112433][ T5837] veth1_vlan: entered promiscuous mode [ 111.145025][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.176202][ T5834] veth1_vlan: entered promiscuous mode [ 111.204479][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.236201][ T5835] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.239562][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 111.249536][ T5835] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.274507][ T5835] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.285725][ T5835] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.343820][ T5837] veth0_macvtap: entered promiscuous mode [ 111.383014][ T5837] veth1_macvtap: entered promiscuous mode [ 111.417353][ T5834] veth0_macvtap: entered promiscuous mode [ 111.494159][ T5834] veth1_macvtap: entered promiscuous mode [ 111.530128][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.587915][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.644754][ T3527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.653455][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.653513][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.653560][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.653606][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.721805][ T3527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.789145][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.874744][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.882513][ T5928] binder: 5927:5928 unknown command 3 [ 111.891447][ T3527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.900929][ T5928] binder: 5927:5928 ioctl c0306201 2000000000c0 returned -22 [ 111.902377][ T3527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.963338][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.987958][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.997701][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.009334][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.140352][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.170957][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.271461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.379416][ T1320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.440492][ T5934] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 112.474705][ T1320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.486745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.658057][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.721661][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.921429][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.930224][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.022978][ T5844] Bluetooth: hci2: command tx timeout [ 113.101942][ T5844] Bluetooth: hci1: command tx timeout [ 113.108057][ T5844] Bluetooth: hci3: command tx timeout [ 113.114973][ T5848] Bluetooth: hci0: command tx timeout [ 113.385123][ T5935] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 114.211419][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.335315][ T5935] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3'. [ 114.532005][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.543096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.881796][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.945811][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 114.961894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.981570][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.041512][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.563198][ T5959] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 117.387427][ T5980] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.895551][ T5980] FAULT_INJECTION: forcing a failure. [ 117.895551][ T5980] name failslab, interval 1, probability 0, space 0, times 0 [ 117.933411][ T5980] CPU: 0 UID: 0 PID: 5980 Comm: syz.1.12 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 117.933466][ T5980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.933492][ T5980] Call Trace: [ 117.933504][ T5980] [ 117.933522][ T5980] dump_stack_lvl+0x16c/0x1f0 [ 117.933592][ T5980] should_fail_ex+0x512/0x640 [ 117.933647][ T5980] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 117.933708][ T5980] should_failslab+0xc2/0x120 [ 117.933744][ T5980] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 117.933799][ T5980] ? __proc_create+0xc3/0x8c0 [ 117.933867][ T5980] ? __proc_create+0x2ce/0x8c0 [ 117.933934][ T5980] __proc_create+0x2ce/0x8c0 [ 117.933997][ T5980] ? __pfx___proc_create+0x10/0x10 [ 117.934054][ T5980] ? proc_register+0x30f/0x5f0 [ 117.934122][ T5980] ? _raw_write_unlock+0x28/0x50 [ 117.934188][ T5980] proc_create_reg+0x7d/0x180 [ 117.934228][ T5980] proc_create_net_data+0x8e/0x1b0 [ 117.934291][ T5980] ? __pfx_proc_create_net_data+0x10/0x10 [ 117.934370][ T5980] sctp_proc_init+0xfb/0x270 [ 117.934408][ T5980] ? __pfx_sctp_defaults_init+0x10/0x10 [ 117.934443][ T5980] sctp_defaults_init+0x74a/0xd80 [ 117.934483][ T5980] ? __pfx_sctp_defaults_init+0x10/0x10 [ 117.934523][ T5980] ops_init+0x1e2/0x5f0 [ 117.934566][ T5980] setup_net+0x1ff/0x510 [ 117.934602][ T5980] ? lockdep_init_map_type+0x5c/0x280 [ 117.934654][ T5980] ? __pfx_setup_net+0x10/0x10 [ 117.934695][ T5980] ? debug_mutex_init+0x37/0x70 [ 117.934737][ T5980] copy_net_ns+0x2a6/0x5f0 [ 117.934785][ T5980] create_new_namespaces+0x3ea/0xa90 [ 117.934853][ T5980] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 117.934901][ T5980] ksys_unshare+0x45b/0xa40 [ 117.934953][ T5980] ? __pfx_ksys_unshare+0x10/0x10 [ 117.935005][ T5980] ? xfd_validate_state+0x61/0x180 [ 117.935070][ T5980] __x64_sys_unshare+0x31/0x40 [ 117.935121][ T5980] do_syscall_64+0xcd/0x490 [ 117.935159][ T5980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.935198][ T5980] RIP: 0033:0x7fa7c3f8e929 [ 117.935241][ T5980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.935277][ T5980] RSP: 002b:00007fa7c4d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 117.935319][ T5980] RAX: ffffffffffffffda RBX: 00007fa7c41b5fa0 RCX: 00007fa7c3f8e929 [ 117.935344][ T5980] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 117.935366][ T5980] RBP: 00007fa7c4010b39 R08: 0000000000000000 R09: 0000000000000000 [ 117.935388][ T5980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.935410][ T5980] R13: 0000000000000000 R14: 00007fa7c41b5fa0 R15: 00007ffce73f0728 [ 117.935460][ T5980] [ 119.718024][ T6007] program syz.1.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 119.736241][ T6007] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 121.321184][ T30] audit: type=1804 audit(6044923007.886:2): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.22" name="/newroot/5/file0" dev="tmpfs" ino=45 res=1 errno=0 [ 123.935206][ T6052] i2c i2c-0: new_device: Missing parameters [ 126.039554][ T6081] program syz.2.34 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 126.096918][ T6081] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 127.427998][ T6089] Invalid ELF header magic: != ELF [ 127.693297][ T6094] FAULT_INJECTION: forcing a failure. [ 127.693297][ T6094] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 127.765740][ T6094] CPU: 0 UID: 0 PID: 6094 Comm: syz.2.36 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 127.765793][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.765813][ T6094] Call Trace: [ 127.765825][ T6094] [ 127.765838][ T6094] dump_stack_lvl+0x16c/0x1f0 [ 127.765902][ T6094] should_fail_ex+0x512/0x640 [ 127.765961][ T6094] should_fail_alloc_page+0xe7/0x130 [ 127.765998][ T6094] prepare_alloc_pages+0x3c2/0x610 [ 127.766075][ T6094] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 127.766146][ T6094] ? rcu_is_watching+0x12/0xc0 [ 127.766183][ T6094] ? trace_kmem_cache_alloc+0x28/0xc0 [ 127.766217][ T6094] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 127.766270][ T6094] ? mas_alloc_nodes+0x18b/0x8b0 [ 127.766323][ T6094] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 127.766378][ T6094] ? mas_alloc_nodes+0x4b0/0x8b0 [ 127.766425][ T6094] ? mas_destroy+0x5de/0xa20 [ 127.766472][ T6094] ? mas_store_prealloc+0x7f1/0x1680 [ 127.766511][ T6094] ? __pfx_perf_event_mmap+0x10/0x10 [ 127.766551][ T6094] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 127.766608][ T6094] ? policy_nodemask+0xea/0x4e0 [ 127.766670][ T6094] alloc_pages_mpol+0x1fb/0x550 [ 127.766705][ T6094] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 127.766752][ T6094] alloc_pages_noprof+0x131/0x390 [ 127.766788][ T6094] __pmd_alloc+0x3b/0x930 [ 127.766831][ T6094] __handle_mm_fault+0xaac/0x5490 [ 127.766890][ T6094] ? __pfx___handle_mm_fault+0x10/0x10 [ 127.766975][ T6094] handle_mm_fault+0x589/0xd10 [ 127.767030][ T6094] __get_user_pages+0x589/0x3b80 [ 127.767082][ T6094] ? __pfx_mt_find+0x10/0x10 [ 127.767117][ T6094] ? __pfx___get_user_pages+0x10/0x10 [ 127.767186][ T6094] populate_vma_page_range+0x278/0x3a0 [ 127.767231][ T6094] ? __pfx_populate_vma_page_range+0x10/0x10 [ 127.767272][ T6094] ? __pfx_find_vma_intersection+0x10/0x10 [ 127.767313][ T6094] ? do_mmap+0x69c/0x1210 [ 127.767356][ T6094] __mm_populate+0x1d8/0x380 [ 127.767400][ T6094] ? __pfx___mm_populate+0x10/0x10 [ 127.767446][ T6094] ? up_write+0x1b2/0x520 [ 127.767501][ T6094] vm_mmap_pgoff+0x362/0x450 [ 127.767541][ T6094] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 127.767586][ T6094] ? __x64_sys_futex+0x1e0/0x4c0 [ 127.767627][ T6094] ? __x64_sys_futex+0x1e9/0x4c0 [ 127.767677][ T6094] ksys_mmap_pgoff+0x7d/0x5c0 [ 127.767712][ T6094] ? xfd_validate_state+0x61/0x180 [ 127.767764][ T6094] __x64_sys_mmap+0x125/0x190 [ 127.767819][ T6094] do_syscall_64+0xcd/0x490 [ 127.767855][ T6094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.767891][ T6094] RIP: 0033:0x7f161e38e929 [ 127.767919][ T6094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.767953][ T6094] RSP: 002b:00007f161f255038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 127.767985][ T6094] RAX: ffffffffffffffda RBX: 00007f161e5b5fa0 RCX: 00007f161e38e929 [ 127.768008][ T6094] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 127.768029][ T6094] RBP: 00007f161e410b39 R08: 0000000000000002 R09: 0000000000008000 [ 127.768049][ T6094] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 127.768069][ T6094] R13: 0000000000000000 R14: 00007f161e5b5fa0 R15: 00007ffcf22d08d8 [ 127.768114][ T6094] [ 128.242391][ T6092] FAULT_INJECTION: forcing a failure. [ 128.242391][ T6092] name fail_futex, interval 1, probability 0, space 0, times 1 [ 128.257730][ T6092] CPU: 0 UID: 0 PID: 6092 Comm: syz.0.37 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 128.257776][ T6092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.257797][ T6092] Call Trace: [ 128.257807][ T6092] [ 128.257821][ T6092] dump_stack_lvl+0x16c/0x1f0 [ 128.257883][ T6092] should_fail_ex+0x512/0x640 [ 128.257939][ T6092] get_futex_key+0x1d0/0x1540 [ 128.257986][ T6092] ? __pfx_get_futex_key+0x10/0x10 [ 128.258028][ T6092] ? pick_eevdf+0x3be/0x5b0 [ 128.258066][ T6092] ? update_curr_se+0x8b/0x270 [ 128.258114][ T6092] futex_wait_setup+0x9d/0x550 [ 128.258177][ T6092] __futex_wait+0x194/0x2f0 [ 128.258228][ T6092] ? __pfx___futex_wait+0x10/0x10 [ 128.258274][ T6092] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 128.258325][ T6092] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.258392][ T6092] ? __pfx_futex_wake_mark+0x10/0x10 [ 128.258467][ T6092] futex_wait+0xe8/0x380 [ 128.258517][ T6092] ? __pfx_futex_wait+0x10/0x10 [ 128.258592][ T6092] do_futex+0x229/0x350 [ 128.258632][ T6092] ? __pfx_do_futex+0x10/0x10 [ 128.258670][ T6092] ? fput+0x70/0xf0 [ 128.258701][ T6092] ? __sys_sendmsg+0x18c/0x220 [ 128.258760][ T6092] __x64_sys_futex+0x1e0/0x4c0 [ 128.258809][ T6092] ? __pfx___x64_sys_futex+0x10/0x10 [ 128.258868][ T6092] do_syscall_64+0xcd/0x490 [ 128.258903][ T6092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.258937][ T6092] RIP: 0033:0x7f846938e929 [ 128.258966][ T6092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.258997][ T6092] RSP: 002b:00007f846a2310e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.259027][ T6092] RAX: ffffffffffffffda RBX: 00007f84695b5fa8 RCX: 00007f846938e929 [ 128.259048][ T6092] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f84695b5fa8 [ 128.259067][ T6092] RBP: 00007f84695b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 128.259087][ T6092] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f84695b5fac [ 128.259106][ T6092] R13: 0000000000000000 R14: 00007fffb5b57990 R15: 00007fffb5b57a78 [ 128.259147][ T6092] [ 128.260885][ T6092] FAULT_INJECTION: forcing a failure. [ 128.260885][ T6092] name failslab, interval 1, probability 0, space 0, times 0 [ 128.505958][ T6092] CPU: 0 UID: 0 PID: 6092 Comm: syz.0.37 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 128.506035][ T6092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.506056][ T6092] Call Trace: [ 128.506067][ T6092] [ 128.506087][ T6092] dump_stack_lvl+0x16c/0x1f0 [ 128.506150][ T6092] should_fail_ex+0x512/0x640 [ 128.506201][ T6092] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 128.506251][ T6092] should_failslab+0xc2/0x120 [ 128.506284][ T6092] __kmalloc_cache_noprof+0x6a/0x3e0 [ 128.506348][ T6092] ? v4l2_fh_open+0x4c/0xc0 [ 128.506407][ T6092] v4l2_fh_open+0x4c/0xc0 [ 128.506459][ T6092] v4l2_open+0x225/0x490 [ 128.506505][ T6092] ? __pfx_v4l2_open+0x10/0x10 [ 128.506551][ T6092] chrdev_open+0x234/0x6a0 [ 128.506601][ T6092] ? __pfx_apparmor_file_open+0x10/0x10 [ 128.506646][ T6092] ? __pfx_chrdev_open+0x10/0x10 [ 128.506703][ T6092] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 128.506757][ T6092] do_dentry_open+0x741/0x1c10 [ 128.506808][ T6092] ? __pfx_chrdev_open+0x10/0x10 [ 128.506869][ T6092] vfs_open+0x82/0x3f0 [ 128.506910][ T6092] path_openat+0x1de4/0x2cb0 [ 128.506973][ T6092] ? __pfx_path_openat+0x10/0x10 [ 128.507025][ T6092] ? __lock_acquire+0xb8a/0x1c90 [ 128.507084][ T6092] do_filp_open+0x20b/0x470 [ 128.507135][ T6092] ? __pfx_do_filp_open+0x10/0x10 [ 128.507216][ T6092] ? alloc_fd+0x471/0x7d0 [ 128.507271][ T6092] do_sys_openat2+0x11b/0x1d0 [ 128.507308][ T6092] ? __pfx_do_sys_openat2+0x10/0x10 [ 128.507362][ T6092] __x64_sys_openat+0x174/0x210 [ 128.507401][ T6092] ? __pfx___x64_sys_openat+0x10/0x10 [ 128.507455][ T6092] do_syscall_64+0xcd/0x490 [ 128.507489][ T6092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.507523][ T6092] RIP: 0033:0x7f846938e929 [ 128.507550][ T6092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.507582][ T6092] RSP: 002b:00007f846a231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.507614][ T6092] RAX: ffffffffffffffda RBX: 00007f84695b5fa0 RCX: 00007f846938e929 [ 128.507635][ T6092] RDX: 0000000000000802 RSI: 0000200000000480 RDI: ffffffffffffff9c [ 128.507657][ T6092] RBP: 00007f8469410b39 R08: 0000000000000000 R09: 0000000000000000 [ 128.507677][ T6092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.507696][ T6092] R13: 0000000000000000 R14: 00007f84695b5fa0 R15: 00007fffb5b57a78 [ 128.507738][ T6092] [ 129.585287][ T6110] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 130.671851][ T6111] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 131.321610][ T6116] GUP no longer grows the stack in syz.1.42 (6116): 14000-401000 (4000) [ 131.428458][ T6116] CPU: 0 UID: 0 PID: 6116 Comm: syz.1.42 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 131.428504][ T6116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.428524][ T6116] Call Trace: [ 131.428535][ T6116] [ 131.428547][ T6116] dump_stack_lvl+0x16c/0x1f0 [ 131.428608][ T6116] gup_vma_lookup+0x1d2/0x220 [ 131.428646][ T6116] __get_user_pages+0x271/0x3b80 [ 131.428699][ T6116] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 131.428754][ T6116] ? kasan_save_stack+0x42/0x60 [ 131.428804][ T6116] ? __pfx___get_user_pages+0x10/0x10 [ 131.428840][ T6116] ? register_lock_class+0x41/0x4c0 [ 131.428882][ T6116] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 131.428936][ T6116] ? do_syscall_64+0xcd/0x490 [ 131.428978][ T6116] __gup_longterm_locked+0x20d/0x1850 [ 131.429021][ T6116] ? __lock_acquire+0xb8a/0x1c90 [ 131.429073][ T6116] ? __pfx___gup_longterm_locked+0x10/0x10 [ 131.429149][ T6116] pin_user_pages_remote+0xed/0x140 [ 131.429193][ T6116] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 131.429233][ T6116] ? mm_access+0x22d/0x2e0 [ 131.429288][ T6116] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 131.429365][ T6116] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 131.429431][ T6116] ? iovec_from_user+0xbb/0x140 [ 131.429483][ T6116] ? iovec_from_user+0xbb/0x140 [ 131.429518][ T6116] process_vm_rw+0x216/0x2c0 [ 131.429575][ T6116] ? __pfx_process_vm_rw+0x10/0x10 [ 131.429686][ T6116] ? xfd_validate_state+0x61/0x180 [ 131.429727][ T6116] ? __task_pid_nr_ns+0x17c/0x500 [ 131.429776][ T6116] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 131.429831][ T6116] ? do_syscall_64+0x91/0x490 [ 131.429861][ T6116] ? lockdep_hardirqs_on+0x7c/0x110 [ 131.430027][ T6116] do_syscall_64+0xcd/0x490 [ 131.430063][ T6116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.430097][ T6116] RIP: 0033:0x7fa7c3f8e929 [ 131.430132][ T6116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.430164][ T6116] RSP: 002b:00007fa7c4d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 131.430196][ T6116] RAX: ffffffffffffffda RBX: 00007fa7c41b5fa0 RCX: 00007fa7c3f8e929 [ 131.430218][ T6116] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000002d [ 131.430238][ T6116] RBP: 00007fa7c4010b39 R08: 0000000000000003 R09: 0000000000000000 [ 131.430257][ T6116] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 131.430277][ T6116] R13: 0000000000000000 R14: 00007fa7c41b5fa0 R15: 00007ffce73f0728 [ 131.430320][ T6116] [ 132.715530][ T6131] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 133.433410][ T6148] vivid-007: ================= START STATUS ================= [ 133.547626][ T6148] vivid-007: Generate PTS: true [ 133.582948][ T6148] vivid-007: Generate SCR: true [ 133.628414][ T6148] tpg source WxH: 320x240 (Y'CbCr) [ 133.652985][ T6144] mmap: syz.1.47 (6144) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 133.667009][ T6137] netlink: 504 bytes leftover after parsing attributes in process `syz.3.45'. [ 133.713934][ T6148] tpg field: 1 [ 133.740107][ T6148] tpg crop: (0,0)/320x240 [ 133.802186][ T6148] tpg compose: (0,0)/320x240 [ 133.807758][ T6148] tpg colorspace: 8 [ 133.945040][ T6148] tpg transfer function: 0/0 [ 133.991319][ T6148] tpg Y'CbCr encoding: 0/0 [ 134.098071][ T6148] tpg quantization: 0/0 [ 134.147910][ T6148] tpg RGB range: 0/2 [ 134.158045][ T6148] vivid-007: ================== END STATUS ================== [ 134.688876][ T5844] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 134.964451][ T30] audit: type=1800 audit(6044923029.565:3): pid=6158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.50" name="dbroot" dev="configfs" ino=9794 res=0 errno=0 [ 137.853920][ T6167] Invalid ELF header magic: != ELF [ 138.472941][ T6177] Zero length message leads to an empty skb [ 138.586829][ T6175] can: request_module (can-proto-0) failed. [ 139.199466][ T6186] syz.2.57 uses obsolete (PF_INET,SOCK_PACKET) [ 139.811798][ T6201] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 139.861731][ T6201] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 140.551862][ T6195] netlink: 266 bytes leftover after parsing attributes in process `syz.2.58'. [ 140.560860][ T6195] IPv6: NLM_F_CREATE should be specified when creating new route [ 140.929598][ T6214] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 141.611345][ T6222] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 142.731690][ T6237] futex_wake_op: syz.2.66 tries to shift op by -9; fix this program [ 143.378692][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.387733][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 145.934260][ T6277] FAULT_INJECTION: forcing a failure. [ 145.934260][ T6277] name (null), interval 1, probability 0, space 0, times 1 [ 145.955567][ T6277] CPU: 0 UID: 0 PID: 6277 Comm: syz.0.75 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 145.955604][ T6277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 145.955619][ T6277] Call Trace: [ 145.955627][ T6277] [ 145.955638][ T6277] dump_stack_lvl+0x16c/0x1f0 [ 145.955683][ T6277] should_fail_ex+0x512/0x640 [ 145.955725][ T6277] null_queue_rq+0x24d/0xfd0 [ 145.955769][ T6277] null_queue_rqs+0xe9/0x2f0 [ 145.955805][ T6277] ? __pfx_null_queue_rqs+0x10/0x10 [ 145.955846][ T6277] ? __pfx_autoremove_wake_function+0x10/0x10 [ 145.955881][ T6277] __blk_mq_flush_list+0x97/0xc0 [ 145.955922][ T6277] blk_mq_dispatch_queue_requests+0x184/0x7b0 [ 145.955960][ T6277] blk_mq_flush_plug_list+0x1f2/0x600 [ 145.955996][ T6277] ? update_io_ticks+0x137/0x2a0 [ 145.956025][ T6277] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 145.956057][ T6277] ? __pfx_update_io_ticks+0x10/0x10 [ 145.956105][ T6277] blk_add_rq_to_plug+0x1ca/0x540 [ 145.956142][ T6277] blk_mq_submit_bio+0x18d5/0x26a0 [ 145.956181][ T6277] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 145.956224][ T6277] ? __lock_acquire+0xb8a/0x1c90 [ 145.956262][ T6277] __submit_bio+0x3cf/0x690 [ 145.956293][ T6277] ? __pfx___submit_bio+0x10/0x10 [ 145.956333][ T6277] ? ktime_get+0x200/0x310 [ 145.956364][ T6277] ? lockdep_hardirqs_on+0x7c/0x110 [ 145.956407][ T6277] ? submit_bio_noacct_nocheck+0x660/0xd30 [ 145.956438][ T6277] submit_bio_noacct_nocheck+0x660/0xd30 [ 145.956473][ T6277] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 145.956510][ T6277] ? __pfx___might_resched+0x10/0x10 [ 145.956542][ T6277] submit_bio_noacct+0x50d/0x1eb0 [ 145.956580][ T6277] mpage_readahead+0x41c/0x590 [ 145.956609][ T6277] ? __pfx_mpage_readahead+0x10/0x10 [ 145.956653][ T6277] ? __pfx_blkdev_get_block+0x10/0x10 [ 145.956688][ T6277] ? folio_batch_move_lru+0x2c3/0x3b0 [ 145.956728][ T6277] ? __pfx_lru_add+0x10/0x10 [ 145.956767][ T6277] ? __pfx_blkdev_readahead+0x10/0x10 [ 145.956801][ T6277] read_pages+0x1c1/0xc70 [ 145.956844][ T6277] ? __pfx_read_pages+0x10/0x10 [ 145.956893][ T6277] page_cache_ra_order+0x69a/0xd00 [ 145.956942][ T6277] filemap_fault+0x1a43/0x26c0 [ 145.956973][ T6277] ? __pfx_filemap_fault+0x10/0x10 [ 145.957011][ T6277] __do_fault+0x10d/0x490 [ 145.957051][ T6277] __handle_mm_fault+0x3c2a/0x5490 [ 145.957097][ T6277] ? __pfx___handle_mm_fault+0x10/0x10 [ 145.957128][ T6277] ? __pfx_mt_find+0x10/0x10 [ 145.957170][ T6277] ? find_vma+0xbf/0x140 [ 145.957193][ T6277] ? __pfx_find_vma+0x10/0x10 [ 145.957220][ T6277] handle_mm_fault+0x589/0xd10 [ 145.957254][ T6277] ? __pkru_allows_pkey+0x31/0xb0 [ 145.957289][ T6277] do_user_addr_fault+0x7a6/0x1370 [ 145.957325][ T6277] ? rcu_is_watching+0x12/0xc0 [ 145.957353][ T6277] exc_page_fault+0x5c/0xb0 [ 145.957391][ T6277] asm_exc_page_fault+0x26/0x30 [ 145.957423][ T6277] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 145.957456][ T6277] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 145.957479][ T6277] RSP: 0018:ffffc90003e3fdd0 EFLAGS: 00050216 [ 145.957499][ T6277] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000020 [ 145.957514][ T6277] RDX: fffff520007c7fce RSI: 0000000000000000 RDI: ffffc90003e3fe50 [ 145.957529][ T6277] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff520007c7fcd [ 145.957544][ T6277] R10: ffffc90003e3fe6f R11: 0000000000000001 R12: 0000000000000000 [ 145.957558][ T6277] R13: ffffc90003e3fe50 R14: 0000000000000006 R15: ffffc90003e3fe50 [ 145.957590][ T6277] _copy_from_user+0x98/0xd0 [ 145.957630][ T6277] do_fcntl+0xba2/0x15a0 [ 145.957655][ T6277] ? __pfx_do_fcntl+0x10/0x10 [ 145.957687][ T6277] ? tomoyo_file_fcntl+0x6c/0xc0 [ 145.957731][ T6277] __x64_sys_fcntl+0x163/0x200 [ 145.957759][ T6277] do_syscall_64+0xcd/0x490 [ 145.957783][ T6277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.957808][ T6277] RIP: 0033:0x7f846938e929 [ 145.957828][ T6277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.957853][ T6277] RSP: 002b:00007f846a231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 145.957887][ T6277] RAX: ffffffffffffffda RBX: 00007f84695b5fa0 RCX: 00007f846938e929 [ 145.957903][ T6277] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 145.957920][ T6277] RBP: 00007f8469410b39 R08: 0000000000000000 R09: 0000000000000000 [ 145.957935][ T6277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.957949][ T6277] R13: 0000000000000000 R14: 00007f84695b5fa0 R15: 00007fffb5b57a78 [ 145.957982][ T6277] [ 150.732739][ T30] audit: type=1806 audit(6044923045.335:4): xattr="." res=0 [ 151.023574][ T5985] null_blk: rq ffff888027331980 timed out [ 151.029850][ T5985] timeout error, dev nullb0, sector 255 op 0x0:(READ) flags 0x84700 phys_seg 2 prio class 0 [ 151.682476][ T6331] FAULT_INJECTION: forcing a failure. [ 151.682476][ T6331] name failslab, interval 1, probability 0, space 0, times 0 [ 151.733056][ T6331] CPU: 0 UID: 0 PID: 6331 Comm: syz.3.90 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 151.733104][ T6331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.733124][ T6331] Call Trace: [ 151.733135][ T6331] [ 151.733149][ T6331] dump_stack_lvl+0x16c/0x1f0 [ 151.733207][ T6331] should_fail_ex+0x512/0x640 [ 151.733256][ T6331] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 151.733310][ T6331] should_failslab+0xc2/0x120 [ 151.733341][ T6331] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 151.733401][ T6331] ? ptlock_alloc+0x1f/0x70 [ 151.733440][ T6331] ptlock_alloc+0x1f/0x70 [ 151.733471][ T6331] pte_alloc_one+0x82/0x3a0 [ 151.733509][ T6331] __pte_alloc+0x6d/0x3c0 [ 151.733531][ T6331] ? __pfx___pte_alloc+0x10/0x10 [ 151.733554][ T6331] ? _raw_spin_unlock+0x28/0x50 [ 151.733586][ T6331] ? __pmd_alloc+0x3fb/0x930 [ 151.733615][ T6331] __handle_mm_fault+0x4358/0x5490 [ 151.733657][ T6331] ? __pfx___handle_mm_fault+0x10/0x10 [ 151.733714][ T6331] handle_mm_fault+0x589/0xd10 [ 151.733751][ T6331] __get_user_pages+0x589/0x3b80 [ 151.733787][ T6331] ? __pfx_mt_find+0x10/0x10 [ 151.733811][ T6331] ? __pfx___get_user_pages+0x10/0x10 [ 151.733849][ T6331] populate_vma_page_range+0x278/0x3a0 [ 151.733880][ T6331] ? __pfx_populate_vma_page_range+0x10/0x10 [ 151.733908][ T6331] ? __pfx_find_vma_intersection+0x10/0x10 [ 151.733936][ T6331] ? do_mmap+0x69c/0x1210 [ 151.733965][ T6331] __mm_populate+0x1d8/0x380 [ 151.733994][ T6331] ? __pfx___mm_populate+0x10/0x10 [ 151.734029][ T6331] ? up_write+0x1b2/0x520 [ 151.734067][ T6331] vm_mmap_pgoff+0x362/0x450 [ 151.734094][ T6331] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 151.734125][ T6331] ? __x64_sys_futex+0x1e0/0x4c0 [ 151.734153][ T6331] ? __x64_sys_futex+0x1e9/0x4c0 [ 151.734186][ T6331] ksys_mmap_pgoff+0x7d/0x5c0 [ 151.734210][ T6331] ? xfd_validate_state+0x61/0x180 [ 151.734239][ T6331] ? __pfx_ksys_write+0x10/0x10 [ 151.734276][ T6331] __x64_sys_mmap+0x125/0x190 [ 151.734313][ T6331] do_syscall_64+0xcd/0x490 [ 151.734336][ T6331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.734361][ T6331] RIP: 0033:0x7fb77ed8e929 [ 151.734381][ T6331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.734409][ T6331] RSP: 002b:00007fb77cbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 151.734432][ T6331] RAX: ffffffffffffffda RBX: 00007fb77efb5fa0 RCX: 00007fb77ed8e929 [ 151.734448][ T6331] RDX: 00000000000000e3 RSI: 0000000000400008 RDI: 0000000000000000 [ 151.734462][ T6331] RBP: 00007fb77ee10b39 R08: 0000000000000002 R09: 0000000000008000 [ 151.734476][ T6331] R10: 000000000000bb72 R11: 0000000000000246 R12: 0000000000000000 [ 151.734491][ T6331] R13: 0000000000000000 R14: 00007fb77efb5fa0 R15: 00007ffdf255c568 [ 151.734521][ T6331] [ 153.470216][ T6345] ubi0: attaching mtd0 [ 153.747541][ T6345] ubi0: scanning is finished [ 153.834762][ T6345] ubi0: empty MTD device detected [ 154.410644][ T6345] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 154.435238][ T6345] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 154.597534][ T6345] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 154.701164][ T6345] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 154.716599][ T6345] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 154.801199][ T6345] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 154.810827][ T6345] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2644016114 [ 154.823342][ T6345] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 154.846182][ T6355] ubi0: background thread "ubi_bgt0d" started, PID 6355 [ 155.873953][ T6361] FAULT_INJECTION: forcing a failure. [ 155.873953][ T6361] name (null), interval 1, probability 0, space 0, times 1 [ 155.889126][ T6361] CPU: 0 UID: 0 PID: 6361 Comm: syz.3.96 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 155.889177][ T6361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.889200][ T6361] Call Trace: [ 155.889211][ T6361] [ 155.889225][ T6361] dump_stack_lvl+0x16c/0x1f0 [ 155.889303][ T6361] should_fail_ex+0x512/0x640 [ 155.889367][ T6361] null_queue_rq+0x2ed/0xfd0 [ 155.889435][ T6361] null_queue_rqs+0xe9/0x2f0 [ 155.889492][ T6361] ? __pfx_null_queue_rqs+0x10/0x10 [ 155.889554][ T6361] ? __pfx_autoremove_wake_function+0x10/0x10 [ 155.889608][ T6361] __blk_mq_flush_list+0x97/0xc0 [ 155.889670][ T6361] blk_mq_dispatch_queue_requests+0x184/0x7b0 [ 155.889728][ T6361] blk_mq_flush_plug_list+0x1f2/0x600 [ 155.889785][ T6361] ? update_io_ticks+0x137/0x2a0 [ 155.889831][ T6361] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 155.889882][ T6361] ? __pfx_update_io_ticks+0x10/0x10 [ 155.889942][ T6361] blk_add_rq_to_plug+0x1ca/0x540 [ 155.889997][ T6361] blk_mq_submit_bio+0x18d5/0x26a0 [ 155.890057][ T6361] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 155.890123][ T6361] ? __lock_acquire+0xb8a/0x1c90 [ 155.890182][ T6361] __submit_bio+0x3cf/0x690 [ 155.890230][ T6361] ? __pfx___submit_bio+0x10/0x10 [ 155.890302][ T6361] ? ktime_get+0x200/0x310 [ 155.890344][ T6361] ? lockdep_hardirqs_on+0x7c/0x110 [ 155.890412][ T6361] ? submit_bio_noacct_nocheck+0x660/0xd30 [ 155.890459][ T6361] submit_bio_noacct_nocheck+0x660/0xd30 [ 155.890513][ T6361] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 155.890569][ T6361] ? __pfx___might_resched+0x10/0x10 [ 155.890610][ T6361] ? guard_bio_eod+0x104/0x8b0 [ 155.890653][ T6361] submit_bio_noacct+0x50d/0x1eb0 [ 155.890713][ T6361] mpage_readahead+0x41c/0x590 [ 155.890759][ T6361] ? __pfx_mpage_readahead+0x10/0x10 [ 155.890828][ T6361] ? __pfx_blkdev_get_block+0x10/0x10 [ 155.890884][ T6361] ? folio_batch_move_lru+0x2c3/0x3b0 [ 155.890943][ T6361] ? __pfx_lru_add+0x10/0x10 [ 155.891004][ T6361] ? __pfx_blkdev_readahead+0x10/0x10 [ 155.891061][ T6361] read_pages+0x1c1/0xc70 [ 155.891122][ T6361] ? __pfx_read_pages+0x10/0x10 [ 155.891200][ T6361] page_cache_ra_order+0x69a/0xd00 [ 155.891277][ T6361] filemap_fault+0x1a43/0x26c0 [ 155.891333][ T6361] ? __pfx_filemap_fault+0x10/0x10 [ 155.891394][ T6361] __do_fault+0x10d/0x490 [ 155.891455][ T6361] __handle_mm_fault+0x3c2a/0x5490 [ 155.891516][ T6361] ? __pfx___handle_mm_fault+0x10/0x10 [ 155.891560][ T6361] ? __pfx_mt_find+0x10/0x10 [ 155.891622][ T6361] ? find_vma+0xbf/0x140 [ 155.891657][ T6361] ? __pfx_find_vma+0x10/0x10 [ 155.891699][ T6361] handle_mm_fault+0x589/0xd10 [ 155.891749][ T6361] ? __pkru_allows_pkey+0x31/0xb0 [ 155.891802][ T6361] do_user_addr_fault+0x7a6/0x1370 [ 155.891858][ T6361] ? rcu_is_watching+0x12/0xc0 [ 155.891900][ T6361] exc_page_fault+0x5c/0xb0 [ 155.891959][ T6361] asm_exc_page_fault+0x26/0x30 [ 155.891995][ T6361] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 155.892042][ T6361] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 155.892080][ T6361] RSP: 0018:ffffc90003517dd0 EFLAGS: 00050216 [ 155.892110][ T6361] RAX: 0000000000000001 RBX: 0000000000000700 RCX: 0000000000000020 [ 155.892132][ T6361] RDX: fffff520006a2fce RSI: 0000000000000700 RDI: ffffc90003517e50 [ 155.892156][ T6361] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff520006a2fcd [ 155.892179][ T6361] R10: ffffc90003517e6f R11: 0000000000000001 R12: 0000000000000000 [ 155.892201][ T6361] R13: ffffc90003517e50 R14: 0000000000000006 R15: ffffc90003517e50 [ 155.892252][ T6361] _copy_from_user+0x98/0xd0 [ 155.892319][ T6361] do_fcntl+0xba2/0x15a0 [ 155.892354][ T6361] ? __pfx_do_fcntl+0x10/0x10 [ 155.892397][ T6361] ? tomoyo_file_fcntl+0x6c/0xc0 [ 155.892462][ T6361] __x64_sys_fcntl+0x163/0x200 [ 155.892506][ T6361] do_syscall_64+0xcd/0x490 [ 155.892542][ T6361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.892578][ T6361] RIP: 0033:0x7fb77ed8e929 [ 155.892607][ T6361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.892642][ T6361] RSP: 002b:00007fb77cbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 155.892675][ T6361] RAX: ffffffffffffffda RBX: 00007fb77efb5fa0 RCX: 00007fb77ed8e929 [ 155.892698][ T6361] RDX: 0000000000000700 RSI: 0000000000000006 RDI: 0000000000000005 [ 155.892719][ T6361] RBP: 00007fb77ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 155.892741][ T6361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.892762][ T6361] R13: 0000000000000000 R14: 00007fb77efb5fa0 R15: 00007ffdf255c568 [ 155.892811][ T6361] [ 158.428632][ T5844] Bluetooth: hci1: unexpected subevent 0x01 length: 122 > 18 [ 160.789471][ T6400] FAULT_INJECTION: forcing a failure. [ 160.789471][ T6400] name failslab, interval 1, probability 0, space 0, times 0 [ 160.840294][ T6400] CPU: 0 UID: 0 PID: 6400 Comm: syz.3.101 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 160.840344][ T6400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.840365][ T6400] Call Trace: [ 160.840376][ T6400] [ 160.840390][ T6400] dump_stack_lvl+0x16c/0x1f0 [ 160.840453][ T6400] should_fail_ex+0x512/0x640 [ 160.840505][ T6400] ? fs_reclaim_acquire+0xae/0x150 [ 160.840550][ T6400] ? tomoyo_encode2+0x100/0x3e0 [ 160.840597][ T6400] should_failslab+0xc2/0x120 [ 160.840630][ T6400] __kmalloc_noprof+0xd2/0x510 [ 160.840692][ T6400] tomoyo_encode2+0x100/0x3e0 [ 160.840747][ T6400] tomoyo_encode+0x29/0x50 [ 160.840805][ T6400] tomoyo_realpath_from_path+0x18f/0x6e0 [ 160.840871][ T6400] tomoyo_check_open_permission+0x2ab/0x3c0 [ 160.840916][ T6400] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 160.840958][ T6400] ? proc_sys_lookup+0x2ee/0x410 [ 160.841058][ T6400] ? find_held_lock+0x2b/0x80 [ 160.841103][ T6400] tomoyo_file_open+0x6b/0x90 [ 160.841160][ T6400] security_file_open+0x84/0x1e0 [ 160.841208][ T6400] do_dentry_open+0x596/0x1c10 [ 160.841271][ T6400] vfs_open+0x82/0x3f0 [ 160.841316][ T6400] path_openat+0x1de4/0x2cb0 [ 160.841382][ T6400] ? __pfx_path_openat+0x10/0x10 [ 160.841430][ T6400] ? __lock_acquire+0xb8a/0x1c90 [ 160.841473][ T6400] do_filp_open+0x20b/0x470 [ 160.841518][ T6400] ? __pfx_do_filp_open+0x10/0x10 [ 160.841587][ T6400] ? alloc_fd+0x471/0x7d0 [ 160.841636][ T6400] do_sys_openat2+0x11b/0x1d0 [ 160.841669][ T6400] ? __pfx_do_sys_openat2+0x10/0x10 [ 160.841716][ T6400] __x64_sys_openat+0x174/0x210 [ 160.841750][ T6400] ? __pfx___x64_sys_openat+0x10/0x10 [ 160.841894][ T6400] do_syscall_64+0xcd/0x490 [ 160.841931][ T6400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.841962][ T6400] RIP: 0033:0x7fb77ed8e929 [ 160.841986][ T6400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.842018][ T6400] RSP: 002b:00007fb77cbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 160.842046][ T6400] RAX: ffffffffffffffda RBX: 00007fb77efb5fa0 RCX: 00007fb77ed8e929 [ 160.842066][ T6400] RDX: 0000000000088542 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 160.842084][ T6400] RBP: 00007fb77ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 160.842162][ T6400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.842182][ T6400] R13: 0000000000000000 R14: 00007fb77efb5fa0 R15: 00007ffdf255c568 [ 160.842222][ T6400] [ 161.101095][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.161211][ T6400] ERROR: Out of memory at tomoyo_realpath_from_path. [ 161.416984][ T3019] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 161.811435][ T5844] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 162.732606][ T6423] [U]  [ 163.675709][ T6436] FAULT_INJECTION: forcing a failure. [ 163.675709][ T6436] name failslab, interval 1, probability 0, space 0, times 0 [ 163.691301][ T6436] CPU: 1 UID: 0 PID: 6436 Comm: syz.0.112 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 163.691346][ T6436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.691365][ T6436] Call Trace: [ 163.691375][ T6436] [ 163.691387][ T6436] dump_stack_lvl+0x16c/0x1f0 [ 163.691444][ T6436] should_fail_ex+0x512/0x640 [ 163.691490][ T6436] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 163.691544][ T6436] should_failslab+0xc2/0x120 [ 163.691584][ T6436] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 163.691634][ T6436] ? ptlock_alloc+0x1f/0x70 [ 163.691682][ T6436] ptlock_alloc+0x1f/0x70 [ 163.691723][ T6436] pte_alloc_one+0x82/0x3a0 [ 163.691775][ T6436] __pte_alloc+0x6d/0x3c0 [ 163.691806][ T6436] ? __pfx___pte_alloc+0x10/0x10 [ 163.691837][ T6436] ? _raw_spin_unlock+0x28/0x50 [ 163.691880][ T6436] ? __pmd_alloc+0x3fb/0x930 [ 163.691920][ T6436] __handle_mm_fault+0x4358/0x5490 [ 163.691976][ T6436] ? __pfx___handle_mm_fault+0x10/0x10 [ 163.692016][ T6436] ? __pfx_mt_find+0x10/0x10 [ 163.692073][ T6436] ? find_vma+0xbf/0x140 [ 163.692105][ T6436] ? __pfx_find_vma+0x10/0x10 [ 163.692142][ T6436] handle_mm_fault+0x589/0xd10 [ 163.692187][ T6436] ? __pkru_allows_pkey+0x31/0xb0 [ 163.692233][ T6436] do_user_addr_fault+0x7a6/0x1370 [ 163.692281][ T6436] ? rcu_is_watching+0x12/0xc0 [ 163.692319][ T6436] exc_page_fault+0x5c/0xb0 [ 163.692369][ T6436] asm_exc_page_fault+0x26/0x30 [ 163.692400][ T6436] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 163.692449][ T6436] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 [ 163.692478][ T6436] RSP: 0018:ffffc90003b37d60 EFLAGS: 00050202 [ 163.692504][ T6436] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 163.692526][ T6436] RDX: fffff52000766fbc RSI: 0000000000000000 RDI: ffffc90003b37de0 [ 163.692546][ T6436] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000766fbc [ 163.692571][ T6436] R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000 [ 163.692589][ T6436] R13: ffffc90003b37de0 R14: 0000000000000000 R15: 0000000000000114 [ 163.692633][ T6436] _copy_from_user+0x98/0xd0 [ 163.692686][ T6436] do_sock_getsockopt+0x5f4/0x800 [ 163.692730][ T6436] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 163.692766][ T6436] ? __fget_files+0x204/0x3c0 [ 163.692811][ T6436] ? 0xffffffffff600000 [ 163.692854][ T6436] __sys_getsockopt+0x123/0x1b0 [ 163.692906][ T6436] ? 0xffffffffff600000 [ 163.692937][ T6436] __x64_sys_getsockopt+0xbd/0x160 [ 163.692985][ T6436] ? do_syscall_64+0x91/0x490 [ 163.693012][ T6436] ? lockdep_hardirqs_on+0x7c/0x110 [ 163.693060][ T6436] do_syscall_64+0xcd/0x490 [ 163.693093][ T6436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.693125][ T6436] RIP: 0033:0x7f846938e929 [ 163.693149][ T6436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.693178][ T6436] RSP: 002b:00007f846a231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 163.693207][ T6436] RAX: ffffffffffffffda RBX: 00007f84695b5fa0 RCX: 00007f846938e929 [ 163.693227][ T6436] RDX: 0000000000002717 RSI: 0000000000000114 RDI: 0000000000000003 [ 163.693246][ T6436] RBP: 00007f846a231090 R08: 0000000000000000 R09: 0000000000000000 [ 163.693264][ T6436] R10: ffffffffff600000 R11: 0000000000000246 R12: 0000000000000001 [ 163.693284][ T6436] R13: 0000000000000000 R14: 00007f84695b5fa0 R15: 00007fffb5b57a78 [ 163.693311][ T6436] ? 0xffffffffff600000 [ 163.693347][ T6436] [ 165.856219][ T6452] FAULT_INJECTION: forcing a failure. [ 165.856219][ T6452] name failslab, interval 1, probability 0, space 0, times 0 [ 165.902405][ T6452] CPU: 1 UID: 0 PID: 6452 Comm: syz.0.117 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 165.902465][ T6452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.902485][ T6452] Call Trace: [ 165.902496][ T6452] [ 165.902509][ T6452] dump_stack_lvl+0x16c/0x1f0 [ 165.902570][ T6452] should_fail_ex+0x512/0x640 [ 165.902620][ T6452] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 165.902671][ T6452] should_failslab+0xc2/0x120 [ 165.902703][ T6452] __kmalloc_cache_noprof+0x6a/0x3e0 [ 165.902751][ T6452] ? kernfs_fop_open+0xa3a/0xda0 [ 165.902793][ T6452] kernfs_fop_open+0xa3a/0xda0 [ 165.902831][ T6452] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 165.902885][ T6452] do_dentry_open+0x741/0x1c10 [ 165.902937][ T6452] ? __pfx_kernfs_fop_open+0x10/0x10 [ 165.902983][ T6452] vfs_open+0x82/0x3f0 [ 165.903025][ T6452] path_openat+0x1de4/0x2cb0 [ 165.903089][ T6452] ? __pfx_path_openat+0x10/0x10 [ 165.903141][ T6452] ? __lock_acquire+0xb8a/0x1c90 [ 165.903207][ T6452] do_filp_open+0x20b/0x470 [ 165.903255][ T6452] ? __pfx_do_filp_open+0x10/0x10 [ 165.903357][ T6452] ? alloc_fd+0x471/0x7d0 [ 165.903414][ T6452] do_sys_openat2+0x11b/0x1d0 [ 165.903460][ T6452] ? __pfx_do_sys_openat2+0x10/0x10 [ 165.903517][ T6452] __x64_sys_openat+0x174/0x210 [ 165.903554][ T6452] ? __pfx___x64_sys_openat+0x10/0x10 [ 165.903608][ T6452] do_syscall_64+0xcd/0x490 [ 165.903641][ T6452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.903674][ T6452] RIP: 0033:0x7f846938e929 [ 165.903700][ T6452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.903732][ T6452] RSP: 002b:00007f846a231038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 165.903762][ T6452] RAX: ffffffffffffffda RBX: 00007f84695b5fa0 RCX: 00007f846938e929 [ 165.903784][ T6452] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 165.903804][ T6452] RBP: 00007f8469410b39 R08: 0000000000000000 R09: 0000000000000000 [ 165.903824][ T6452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.903843][ T6452] R13: 0000000000000000 R14: 00007f84695b5fa0 R15: 00007fffb5b57a78 [ 165.903886][ T6452] [ 166.886964][ T6467] FAULT_INJECTION: forcing a failure. [ 166.886964][ T6467] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 166.954087][ T6467] CPU: 0 UID: 0 PID: 6467 Comm: syz.0.123 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 166.954136][ T6467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.954157][ T6467] Call Trace: [ 166.954169][ T6467] [ 166.954182][ T6467] dump_stack_lvl+0x16c/0x1f0 [ 166.954244][ T6467] should_fail_ex+0x512/0x640 [ 166.954305][ T6467] _copy_to_user+0x32/0xd0 [ 166.954365][ T6467] simple_read_from_buffer+0xcb/0x170 [ 166.954415][ T6467] proc_fail_nth_read+0x197/0x270 [ 166.954459][ T6467] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 166.954506][ T6467] ? rw_verify_area+0xcf/0x680 [ 166.954557][ T6467] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 166.954600][ T6467] vfs_read+0x1e1/0xc60 [ 166.954658][ T6467] ? __pfx___mutex_lock+0x10/0x10 [ 166.954691][ T6467] ? __pfx_vfs_read+0x10/0x10 [ 166.954755][ T6467] ? __fget_files+0x20e/0x3c0 [ 166.954819][ T6467] ksys_read+0x12a/0x250 [ 166.954869][ T6467] ? __pfx_ksys_read+0x10/0x10 [ 166.954917][ T6467] ? 0xffffffffff600000 [ 166.954960][ T6467] do_syscall_64+0xcd/0x490 [ 166.954996][ T6467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.955033][ T6467] RIP: 0033:0x7f846938d33c [ 166.955059][ T6467] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 166.955092][ T6467] RSP: 002b:00007f846a231030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 166.955131][ T6467] RAX: ffffffffffffffda RBX: 00007f84695b5fa0 RCX: 00007f846938d33c [ 166.955154][ T6467] RDX: 000000000000000f RSI: 00007f846a2310a0 RDI: 0000000000000004 [ 166.955175][ T6467] RBP: 00007f846a231090 R08: 0000000000000000 R09: 0000000000000000 [ 166.955196][ T6467] R10: ffffffffff600000 R11: 0000000000000246 R12: 0000000000000001 [ 166.955218][ T6467] R13: 0000000000000000 R14: 00007f84695b5fa0 R15: 00007fffb5b57a78 [ 166.955248][ T6467] ? 0xffffffffff600000 [ 166.955288][ T6467] [ 167.160552][ C0] vkms_vblank_simulate: vblank timer overrun [ 168.376474][ T6492] capability: warning: `syz.3.128' uses 32-bit capabilities (legacy support in use) [ 168.774985][ T6501] FAULT_INJECTION: forcing a failure. [ 168.774985][ T6501] name failslab, interval 1, probability 0, space 0, times 0 [ 168.793568][ T6501] CPU: 0 UID: 0 PID: 6501 Comm: syz.0.131 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 168.793602][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.793615][ T6501] Call Trace: [ 168.793622][ T6501] [ 168.793631][ T6501] dump_stack_lvl+0x16c/0x1f0 [ 168.793673][ T6501] should_fail_ex+0x512/0x640 [ 168.793710][ T6501] should_failslab+0xc2/0x120 [ 168.793732][ T6501] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 168.793767][ T6501] ? skb_clone+0x190/0x3f0 [ 168.793791][ T6501] skb_clone+0x190/0x3f0 [ 168.793813][ T6501] netlink_deliver_tap+0xabd/0xd30 [ 168.793844][ T6501] netlink_unicast+0x5df/0x7f0 [ 168.793873][ T6501] ? __pfx_netlink_unicast+0x10/0x10 [ 168.793907][ T6501] netlink_sendmsg+0x8d1/0xdd0 [ 168.793937][ T6501] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.793974][ T6501] ____sys_sendmsg+0xa98/0xc70 [ 168.794002][ T6501] ? copy_msghdr_from_user+0x10a/0x160 [ 168.794038][ T6501] ? __pfx_____sys_sendmsg+0x10/0x10 [ 168.794072][ T6501] ? __pfx_futex_wake_mark+0x10/0x10 [ 168.794109][ T6501] ___sys_sendmsg+0x134/0x1d0 [ 168.794147][ T6501] ? __pfx____sys_sendmsg+0x10/0x10 [ 168.794180][ T6501] ? __lock_acquire+0x622/0x1c90 [ 168.794246][ T6501] __sys_sendmsg+0x16d/0x220 [ 168.794283][ T6501] ? __pfx___sys_sendmsg+0x10/0x10 [ 168.794318][ T6501] ? __x64_sys_futex+0x1e0/0x4c0 [ 168.794352][ T6501] ? syscall_user_dispatch+0x78/0x140 [ 168.794396][ T6501] do_syscall_64+0xcd/0x490 [ 168.794419][ T6501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.794442][ T6501] RIP: 0033:0x7f846938e929 [ 168.794466][ T6501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.794488][ T6501] RSP: 002b:00007f846a231038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.794509][ T6501] RAX: ffffffffffffffda RBX: 00007f84695b5fa0 RCX: 00007f846938e929 [ 168.794524][ T6501] RDX: 00000000000480b0 RSI: 0000200000000240 RDI: 0000000000000008 [ 168.794538][ T6501] RBP: 00007f8469410b39 R08: 0000000000000000 R09: 0000000000000000 [ 168.794552][ T6501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.794566][ T6501] R13: 0000000000000000 R14: 00007f84695b5fa0 R15: 00007fffb5b57a78 [ 168.794595][ T6501] [ 169.026580][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.808491][ T6519] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                syzkaller syzkaller login: [ 182.844726][ T5844] Bluetooth: hci2: unexpected subevent 0x01 length: 122 > 18 [ 182.846529][ T5844] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 187.362277][ T5844] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 187.914799][ T6713] netlink: 28 bytes leftover after parsing attributes in process `syz.1.180'. [ 190.501698][ T5844] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 190.502995][ T5844] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 191.467749][ T30] audit: type=1800 audit(6044923086.055:5): pid=6740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.189" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 195.775037][ T5841] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 195.781231][ T5841] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 198.323441][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 198.332804][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 198.361142][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 198.370145][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 198.379519][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 198.896937][ T6807] FAULT_INJECTION: forcing a failure. [ 198.896937][ T6807] name failslab, interval 1, probability 0, space 0, times 0 [ 199.022090][ T6807] CPU: 0 UID: 0 PID: 6807 Comm: syz.3.206 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 199.022138][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.022157][ T6807] Call Trace: [ 199.022168][ T6807] [ 199.022181][ T6807] dump_stack_lvl+0x16c/0x1f0 [ 199.022241][ T6807] should_fail_ex+0x512/0x640 [ 199.022290][ T6807] ? __kmalloc_noprof+0xbf/0x510 [ 199.022350][ T6807] ? __vb2_queue_alloc+0x23e/0x1280 [ 199.022383][ T6807] should_failslab+0xc2/0x120 [ 199.022415][ T6807] __kmalloc_noprof+0xd2/0x510 [ 199.022467][ T6807] ? bitmap_find_next_zero_area_off+0xb4/0xd0 [ 199.022514][ T6807] __vb2_queue_alloc+0x23e/0x1280 [ 199.022551][ T6807] ? __kmalloc_noprof+0x242/0x510 [ 199.022618][ T6807] vb2_core_reqbufs+0xa90/0xfe0 [ 199.022664][ T6807] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 199.022727][ T6807] __vb2_init_fileio+0x3f1/0x1100 [ 199.022764][ T6807] ? __mutex_lock+0x1ca/0xb90 [ 199.022796][ T6807] ? __pfx___futex_wait+0x10/0x10 [ 199.022845][ T6807] ? vb2_fop_write+0xe6/0x3f0 [ 199.022873][ T6807] ? lockdep_hardirqs_on+0x7c/0x110 [ 199.022928][ T6807] __vb2_perform_fileio+0x9c2/0x1660 [ 199.022979][ T6807] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 199.023032][ T6807] vb2_fop_write+0x207/0x3f0 [ 199.023072][ T6807] v4l2_write+0x226/0x360 [ 199.023126][ T6807] ? __pfx_v4l2_write+0x10/0x10 [ 199.023171][ T6807] vfs_write+0x2a0/0x1150 [ 199.023230][ T6807] ? __pfx_vfs_write+0x10/0x10 [ 199.023275][ T6807] ? find_held_lock+0x2b/0x80 [ 199.023309][ T6807] ? __fget_files+0x204/0x3c0 [ 199.023369][ T6807] ? __fget_files+0x20e/0x3c0 [ 199.023428][ T6807] ksys_write+0x12a/0x250 [ 199.023476][ T6807] ? __pfx_ksys_write+0x10/0x10 [ 199.023538][ T6807] do_syscall_64+0xcd/0x490 [ 199.023572][ T6807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.023607][ T6807] RIP: 0033:0x7fb77ed8e929 [ 199.023646][ T6807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.023678][ T6807] RSP: 002b:00007fb77cbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.023709][ T6807] RAX: ffffffffffffffda RBX: 00007fb77efb5fa0 RCX: 00007fb77ed8e929 [ 199.023731][ T6807] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000009 [ 199.023752][ T6807] RBP: 00007fb77ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 199.023772][ T6807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.023792][ T6807] R13: 0000000000000000 R14: 00007fb77efb5fa0 R15: 00007ffdf255c568 [ 199.023836][ T6807] [ 200.216893][ T6821] process 'syz.3.209' launched './file0' with NULL argv: empty string added [ 200.461436][ T5841] Bluetooth: hci4: command tx timeout [ 200.582395][ T6820] Process accounting resumed [ 201.855657][ T6809] chnl_net:caif_netlink_parms(): no params data found [ 202.431502][ T5841] Bluetooth: hci2: unexpected subevent 0x01 length: 122 > 18 [ 202.439060][ T5841] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 202.542884][ T5844] Bluetooth: hci4: command tx timeout [ 202.773347][ T6809] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.787317][ T6809] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.824733][ T6809] bridge_slave_0: entered allmulticast mode [ 202.845430][ T6809] bridge_slave_0: entered promiscuous mode [ 202.939841][ T6809] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.972166][ T6809] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.979518][ T6809] bridge_slave_1: entered allmulticast mode [ 203.047171][ T6809] bridge_slave_1: entered promiscuous mode [ 203.268548][ T6809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.355556][ T6809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.695862][ T6809] team0: Port device team_slave_0 added [ 203.743404][ T6809] team0: Port device team_slave_1 added [ 204.083243][ T6809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.090288][ T6809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.171126][ T6809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.184801][ T6809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.201252][ T6809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.261083][ T6809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.617323][ T6809] hsr_slave_0: entered promiscuous mode [ 204.624697][ T5844] Bluetooth: hci4: command tx timeout [ 204.656460][ T6809] hsr_slave_1: entered promiscuous mode [ 204.696922][ T6809] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 204.721095][ T6809] Cannot create hsr debugfs directory [ 204.788152][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.794647][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 205.635054][ T6883] nbd: couldn't find a device at index 925970439 [ 206.701105][ T5844] Bluetooth: hci4: command tx timeout [ 207.652200][ T6809] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 207.683744][ T6809] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 207.790158][ T6809] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 207.994725][ T6809] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 208.448999][ T6809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.477164][ T6809] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.532610][ T5844] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 208.540756][ T5844] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 208.570661][ T6910] FAULT_INJECTION: forcing a failure. [ 208.570661][ T6910] name failslab, interval 1, probability 0, space 0, times 0 [ 208.631766][ T6910] CPU: 1 UID: 0 PID: 6910 Comm: syz.2.225 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 208.631815][ T6910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.631835][ T6910] Call Trace: [ 208.631846][ T6910] [ 208.631864][ T6910] dump_stack_lvl+0x16c/0x1f0 [ 208.631925][ T6910] should_fail_ex+0x512/0x640 [ 208.631974][ T6910] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 208.632025][ T6910] should_failslab+0xc2/0x120 [ 208.632058][ T6910] __kmalloc_cache_noprof+0x6a/0x3e0 [ 208.632106][ T6910] ? xprt_alloc+0x51d/0x850 [ 208.632149][ T6910] xprt_alloc+0x51d/0x850 [ 208.632193][ T6910] xs_setup_xprt+0xaf/0x430 [ 208.632243][ T6910] xs_setup_local+0x47/0x820 [ 208.632298][ T6910] xprt_create_transport+0x16c/0x730 [ 208.632338][ T6910] ? __kasan_check_byte+0x13/0x50 [ 208.632397][ T6910] rpc_create+0x38e/0x7f0 [ 208.632449][ T6910] ? lock_release+0x201/0x2f0 [ 208.632497][ T6910] ? __pfx_rpc_create+0x10/0x10 [ 208.632556][ T6910] ? unwind_get_return_address+0x59/0xa0 [ 208.632622][ T6910] ? arch_stack_walk+0xa6/0x100 [ 208.632685][ T6910] ? save_trace+0x4e/0x380 [ 208.632713][ T6910] ? add_lock_to_list+0x9d/0x130 [ 208.632746][ T6910] rpcb_create_af_local+0x11b/0x310 [ 208.632773][ T6910] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 208.632813][ T6910] ? find_held_lock+0x2b/0x80 [ 208.632836][ T6910] ? rpcb_create_local+0x1da/0x270 [ 208.632868][ T6910] rpcb_create_local+0x1ee/0x270 [ 208.632896][ T6910] svc_bind+0x1e8/0x260 [ 208.632927][ T6910] nfsd_create_serv+0x2d2/0x480 [ 208.632950][ T6910] ? __pfx_nfsd_create_serv+0x10/0x10 [ 208.632981][ T6910] nfsd_nl_listener_set_doit+0xe5/0x1a40 [ 208.633020][ T6910] ? rcu_is_watching+0x12/0xc0 [ 208.633044][ T6910] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 208.633075][ T6910] ? __nla_parse+0x40/0x60 [ 208.633103][ T6910] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 208.633138][ T6910] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 208.633177][ T6910] genl_family_rcv_msg_doit+0x206/0x2f0 [ 208.633215][ T6910] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 208.633246][ T6910] ? rcu_is_watching+0x12/0xc0 [ 208.633279][ T6910] ? bpf_lsm_capable+0x9/0x10 [ 208.633307][ T6910] ? security_capable+0x7e/0x260 [ 208.633336][ T6910] genl_rcv_msg+0x55c/0x800 [ 208.633371][ T6910] ? __pfx_genl_rcv_msg+0x10/0x10 [ 208.633403][ T6910] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 208.633444][ T6910] netlink_rcv_skb+0x155/0x420 [ 208.633470][ T6910] ? __pfx_genl_rcv_msg+0x10/0x10 [ 208.633503][ T6910] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 208.633545][ T6910] ? netlink_deliver_tap+0x1ae/0xd30 [ 208.633575][ T6910] genl_rcv+0x28/0x40 [ 208.633606][ T6910] netlink_unicast+0x53d/0x7f0 [ 208.633636][ T6910] ? __pfx_netlink_unicast+0x10/0x10 [ 208.633671][ T6910] netlink_sendmsg+0x8d1/0xdd0 [ 208.633703][ T6910] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.633742][ T6910] ____sys_sendmsg+0xa98/0xc70 [ 208.633772][ T6910] ? copy_msghdr_from_user+0x10a/0x160 [ 208.633810][ T6910] ? __pfx_____sys_sendmsg+0x10/0x10 [ 208.633836][ T6910] ? preempt_schedule_thunk+0x16/0x30 [ 208.633875][ T6910] ? try_to_wake_up+0xa2f/0x1680 [ 208.633903][ T6910] ___sys_sendmsg+0x134/0x1d0 [ 208.633943][ T6910] ? __pfx____sys_sendmsg+0x10/0x10 [ 208.633982][ T6910] ? __lock_acquire+0x622/0x1c90 [ 208.634050][ T6910] __sys_sendmsg+0x16d/0x220 [ 208.634089][ T6910] ? __pfx___sys_sendmsg+0x10/0x10 [ 208.634129][ T6910] ? __x64_sys_futex+0x1e0/0x4c0 [ 208.634181][ T6910] do_syscall_64+0xcd/0x490 [ 208.634206][ T6910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.634229][ T6910] RIP: 0033:0x7f161e38e929 [ 208.634249][ T6910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.634277][ T6910] RSP: 002b:00007f161f255038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.634299][ T6910] RAX: ffffffffffffffda RBX: 00007f161e5b5fa0 RCX: 00007f161e38e929 [ 208.634315][ T6910] RDX: 0000000020000000 RSI: 0000200000005380 RDI: 0000000000000007 [ 208.634329][ T6910] RBP: 00007f161e410b39 R08: 0000000000000000 R09: 0000000000000000 [ 208.634343][ T6910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.634357][ T6910] R13: 0000000000000000 R14: 00007f161e5b5fa0 R15: 00007ffcf22d08d8 [ 208.634387][ T6910] [ 209.566259][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.574217][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.730815][ T3527] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.738070][ T3527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.496065][ T6924] can: request_module (can-proto-0) failed. [ 211.272628][ T6809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.059292][ T6809] veth0_vlan: entered promiscuous mode [ 214.106362][ T6809] veth1_vlan: entered promiscuous mode [ 214.479194][ T6809] veth0_macvtap: entered promiscuous mode [ 214.613773][ T6809] veth1_macvtap: entered promiscuous mode [ 214.757355][ T6809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.808322][ T6809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.881499][ T6809] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.903309][ T6809] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.933561][ T6969] hub 8-0:1.0: USB hub found [ 214.933680][ T6809] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.951318][ T6969] hub 8-0:1.0: 1 port detected [ 214.968011][ T6809] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.221129][ T6967] WARNING! power/level is deprecated; use power/control instead [ 215.675150][ T1320] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.731023][ T1320] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.891318][ T3502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.931220][ T3502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.534066][ T34] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 224.860166][ T7072] netlink: 8 bytes leftover after parsing attributes in process `syz.4.258'. [ 224.928004][ T7077] netlink: 4 bytes leftover after parsing attributes in process `syz.3.259'. [ 227.182589][ T5850] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 227.351154][ T5850] Bluetooth: hci2: command 0x0406 tx timeout [ 227.357355][ T5157] Bluetooth: hci3: command 0x0406 tx timeout [ 227.357367][ T5849] Bluetooth: hci0: command 0x0406 tx timeout [ 230.565662][ T7129] netlink: 4 bytes leftover after parsing attributes in process `syz.2.272'. [ 230.908295][ T7136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.273'. [ 231.422814][ T7139] Process accounting paused [ 233.082448][ T30] audit: type=1800 audit(6044923127.685:6): pid=7179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.284" name="dbroot" dev="configfs" ino=35659 res=0 errno=0 [ 233.105944][ T7179] db_root: not a directory: /dev/audio1 [ 233.278160][ T7177] FAULT_INJECTION: forcing a failure. [ 233.278160][ T7177] name failslab, interval 1, probability 0, space 0, times 0 [ 233.333278][ T7177] CPU: 0 UID: 0 PID: 7177 Comm: syz.1.283 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 233.333326][ T7177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.333345][ T7177] Call Trace: [ 233.333356][ T7177] [ 233.333368][ T7177] dump_stack_lvl+0x16c/0x1f0 [ 233.333428][ T7177] should_fail_ex+0x512/0x640 [ 233.333476][ T7177] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 233.333532][ T7177] should_failslab+0xc2/0x120 [ 233.333564][ T7177] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 233.333615][ T7177] ? idr_get_next_ul+0x196/0x2e0 [ 233.333661][ T7177] ? __alloc_skb+0x2b2/0x380 [ 233.333718][ T7177] __alloc_skb+0x2b2/0x380 [ 233.333768][ T7177] ? __pfx___alloc_skb+0x10/0x10 [ 233.333833][ T7177] ? idr_get_next+0xec/0x150 [ 233.333882][ T7177] ? __pfx_idr_get_next+0x10/0x10 [ 233.333938][ T7177] ctrl_build_family_msg+0x36/0xa0 [ 233.333989][ T7177] ctrl_getfamily+0x354/0x540 [ 233.334035][ T7177] ? __pfx_ctrl_getfamily+0x10/0x10 [ 233.334089][ T7177] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 233.334137][ T7177] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 233.334193][ T7177] genl_family_rcv_msg_doit+0x206/0x2f0 [ 233.334244][ T7177] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 233.334287][ T7177] ? __pfx___mutex_lock+0x10/0x10 [ 233.334315][ T7177] ? genl_get_cmd+0x194/0x580 [ 233.334368][ T7177] ? do_syscall_64+0xcd/0x490 [ 233.334398][ T7177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.334432][ T7177] ? __radix_tree_lookup+0x21f/0x2c0 [ 233.334490][ T7177] genl_rcv_msg+0x55c/0x800 [ 233.334541][ T7177] ? __pfx_genl_rcv_msg+0x10/0x10 [ 233.334587][ T7177] ? __pfx_ctrl_getfamily+0x10/0x10 [ 233.334640][ T7177] ? __lock_acquire+0x622/0x1c90 [ 233.334691][ T7177] netlink_rcv_skb+0x155/0x420 [ 233.334730][ T7177] ? __pfx_genl_rcv_msg+0x10/0x10 [ 233.334777][ T7177] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 233.334842][ T7177] ? netlink_deliver_tap+0x1ae/0xd30 [ 233.334878][ T7177] ? is_vmalloc_addr+0x86/0xa0 [ 233.334933][ T7177] genl_rcv+0x28/0x40 [ 233.334972][ T7177] netlink_unicast+0x53d/0x7f0 [ 233.335016][ T7177] ? __pfx_netlink_unicast+0x10/0x10 [ 233.335067][ T7177] netlink_sendmsg+0x8d1/0xdd0 [ 233.335113][ T7177] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.335170][ T7177] __sys_sendto+0x4a0/0x520 [ 233.335221][ T7177] ? __pfx___sys_sendto+0x10/0x10 [ 233.335286][ T7177] ? find_held_lock+0x2b/0x80 [ 233.335350][ T7177] __x64_sys_sendto+0xe0/0x1c0 [ 233.335400][ T7177] ? do_syscall_64+0x91/0x490 [ 233.335427][ T7177] ? lockdep_hardirqs_on+0x7c/0x110 [ 233.335478][ T7177] do_syscall_64+0xcd/0x490 [ 233.335512][ T7177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.335545][ T7177] RIP: 0033:0x7fa7c3f907bc [ 233.335573][ T7177] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 233.335607][ T7177] RSP: 002b:00007fa7c4d94ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 233.335639][ T7177] RAX: ffffffffffffffda RBX: 00007fa7c4d94fc0 RCX: 00007fa7c3f907bc [ 233.335661][ T7177] RDX: 0000000000000020 RSI: 00007fa7c4d95010 RDI: 0000000000000004 [ 233.335681][ T7177] RBP: 0000000000000000 R08: 00007fa7c4d94f14 R09: 000000000000000c [ 233.335701][ T7177] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 233.335720][ T7177] R13: 00007fa7c4d94f68 R14: 00007fa7c4d95010 R15: 0000000000000000 [ 233.335766][ T7177] [ 233.674190][ C0] vkms_vblank_simulate: vblank timer overrun [ 235.476140][ T7043] delete_channel: no stack [ 238.665203][ T7219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.294'. [ 239.887985][ T7238] netlink: 28 bytes leftover after parsing attributes in process `syz.4.301'. [ 240.732422][ T7256] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 242.221343][ T7273] syz.2.308 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 242.894350][ T7279] random: crng reseeded on system resumption [ 244.723559][ T5848] Bluetooth: hci0: unexpected subevent 0x01 length: 122 > 18 [ 244.731124][ T5848] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 244.941060][ T30] audit: type=1800 audit(6044923139.535:7): pid=7315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.319" name="dmabuf" dev="dmabuf" ino=3 res=0 errno=0 [ 245.331055][ T7317] : Can't lookup blockdev [ 248.991624][ T5848] Bluetooth: hci4: unexpected subevent 0x19 length: 252 > 28 [ 248.999932][ T5848] Bluetooth: hci4: Unable to find connection with handle 0xc3d2 [ 249.090334][ T7392] netlink: 28 bytes leftover after parsing attributes in process `syz.4.329'. [ 251.000390][ T7414] block nbd7: not configured, cannot reconfigure [ 251.671982][ T34] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.170862][ T34] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.433452][ T34] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.705621][ T34] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.327755][ T34] bridge_slave_1: left allmulticast mode [ 253.344361][ T34] bridge_slave_1: left promiscuous mode [ 253.365434][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.476661][ T34] bridge_slave_0: left allmulticast mode [ 253.511989][ T34] bridge_slave_0: left promiscuous mode [ 253.532137][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.041743][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.086188][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 256.109231][ T34] bond0 (unregistering): Released all slaves [ 257.891601][ T34] hsr_slave_0: left promiscuous mode [ 257.923950][ T34] hsr_slave_1: left promiscuous mode [ 257.952551][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 257.960128][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.003875][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.029258][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.121327][ T34] veth1_macvtap: left promiscuous mode [ 258.151304][ T34] veth0_macvtap: left promiscuous mode [ 258.157334][ T34] veth1_vlan: left promiscuous mode [ 258.178423][ T34] veth0_vlan: left promiscuous mode [ 259.530782][ T34] team0 (unregistering): Port device team_slave_1 removed [ 259.598923][ T34] team0 (unregistering): Port device team_slave_0 removed [ 261.259605][ T7507] netlink: 12 bytes leftover after parsing attributes in process `syz.1.349'. [ 262.094969][ T7521] Invalid ELF header magic: != ELF [ 262.307018][ T7518] Process accounting resumed [ 263.804802][ T7567] netlink: 'syz.1.360': attribute type 2 has an invalid length. [ 264.641163][ T7577] Unable to find swap-space signature [ 266.226770][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.233719][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 271.794638][ T7703] FAULT_INJECTION: forcing a failure. [ 271.794638][ T7703] name failslab, interval 1, probability 0, space 0, times 0 [ 271.821712][ T7703] CPU: 1 UID: 0 PID: 7703 Comm: syz.1.386 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 271.821760][ T7703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.821784][ T7703] Call Trace: [ 271.821795][ T7703] [ 271.821811][ T7703] dump_stack_lvl+0x16c/0x1f0 [ 271.821870][ T7703] should_fail_ex+0x512/0x640 [ 271.821917][ T7703] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 271.821965][ T7703] should_failslab+0xc2/0x120 [ 271.821998][ T7703] __kmalloc_cache_noprof+0x6a/0x3e0 [ 271.822045][ T7703] ? v4l2_fh_open+0x4c/0xc0 [ 271.822114][ T7703] v4l2_fh_open+0x4c/0xc0 [ 271.822168][ T7703] v4l2_open+0x225/0x490 [ 271.822214][ T7703] ? __pfx_v4l2_open+0x10/0x10 [ 271.822259][ T7703] chrdev_open+0x234/0x6a0 [ 271.822307][ T7703] ? __pfx_apparmor_file_open+0x10/0x10 [ 271.822350][ T7703] ? __pfx_chrdev_open+0x10/0x10 [ 271.822402][ T7703] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 271.822455][ T7703] do_dentry_open+0x741/0x1c10 [ 271.822505][ T7703] ? __pfx_chrdev_open+0x10/0x10 [ 271.822562][ T7703] vfs_open+0x82/0x3f0 [ 271.822600][ T7703] path_openat+0x1de4/0x2cb0 [ 271.822662][ T7703] ? __pfx_path_openat+0x10/0x10 [ 271.822712][ T7703] ? __lock_acquire+0xb8a/0x1c90 [ 271.822759][ T7703] do_filp_open+0x20b/0x470 [ 271.822809][ T7703] ? __pfx_do_filp_open+0x10/0x10 [ 271.822887][ T7703] ? alloc_fd+0x471/0x7d0 [ 271.822942][ T7703] do_sys_openat2+0x11b/0x1d0 [ 271.822979][ T7703] ? __pfx_do_sys_openat2+0x10/0x10 [ 271.823034][ T7703] __x64_sys_openat+0x174/0x210 [ 271.823082][ T7703] ? __pfx___x64_sys_openat+0x10/0x10 [ 271.823138][ T7703] do_syscall_64+0xcd/0x490 [ 271.823172][ T7703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.823206][ T7703] RIP: 0033:0x7fa7c3f8e929 [ 271.823234][ T7703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.823268][ T7703] RSP: 002b:00007fa7c4d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 271.823299][ T7703] RAX: ffffffffffffffda RBX: 00007fa7c41b5fa0 RCX: 00007fa7c3f8e929 [ 271.823320][ T7703] RDX: 0000000000000802 RSI: 0000200000000480 RDI: ffffffffffffff9c [ 271.823341][ T7703] RBP: 00007fa7c4010b39 R08: 0000000000000000 R09: 0000000000000000 [ 271.823360][ T7703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.823378][ T7703] R13: 0000000000000000 R14: 00007fa7c41b5fa0 R15: 00007ffce73f0728 [ 271.823420][ T7703] [ 272.920092][ T7706] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 272.957958][ T7706] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 273.004983][ T7706] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 273.066170][ T7706] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 273.102421][ T7706] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 273.138445][ T7706] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 273.186961][ T7706] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 273.258605][ T7706] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 273.363804][ T7706] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 273.398061][ T7706] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 273.429722][ T7706] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 273.457925][ T7706] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 274.791515][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 275.111075][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 275.192786][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 275.421182][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 275.930223][ T7740] syz.1.394 (7740) used greatest stack depth: 19800 bytes left [ 276.859637][ T7772] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 276.873605][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 277.181251][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 277.287530][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 277.501055][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout syzkaller syzkaller login: [ 278.838059][ T5848] Bluetooth: hci4: unexpected event 0x03 length: 725 > 11 [ 278.941036][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 279.261180][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 279.352102][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 279.580993][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 286.344192][ T7905] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 286.394452][ T7905] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 286.452920][ T7905] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 286.524930][ T7905] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 287.905513][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 288.336552][ T7968] netlink: 338 bytes leftover after parsing attributes in process `syz.2.431'. [ 288.383811][ T7968] netlink: 338 bytes leftover after parsing attributes in process `syz.2.431'. [ 288.393137][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 288.461438][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 288.467679][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 288.879000][ T5848] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 290.482415][ T8019] sd 0:0:1:0: PR command failed: 1026 [ 290.584477][ T8019] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 290.823986][ T8019] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 293.071160][ T3083] Process accounting paused [ 294.075131][ T8068] netlink: 'syz.4.448': attribute type 1 has an invalid length. [ 294.149280][ T8068] netlink: zone id is out of range [ 294.190847][ T8068] netlink: zone id is out of range [ 294.196134][ T8068] netlink: zone id is out of range [ 294.244391][ T8068] netlink: zone id is out of range [ 294.273649][ T8068] netlink: zone id is out of range [ 294.338025][ T8068] netlink: zone id is out of range [ 294.464610][ T8068] netlink: zone id is out of range [ 294.501380][ T8068] netlink: zone id is out of range [ 294.517781][ T8068] netlink: zone id is out of range [ 294.572172][ T8068] netlink: zone id is out of range [ 295.898750][ T5848] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 296.912576][ T8102] bcache: register_bcache() error : failed to open device [ 297.936353][ T8108] netlink: 198 bytes leftover after parsing attributes in process `syz.1.454'. [ 298.940688][ T5844] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 298.940736][ T5844] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 298.956738][ T5844] Bluetooth: hci0: adv larger than maximum supported [ 298.956762][ T5844] Bluetooth: hci0: adv larger than maximum supported [ 298.963779][ T5844] Bluetooth: hci0: adv larger than maximum supported [ 298.970762][ T5844] Bluetooth: hci0: Unknown advertising packet type: 0x20 [ 298.977458][ T5844] Bluetooth: hci0: adv larger than maximum supported [ 299.677304][ T8131] i2c i2c-0: delete_device: Extra parameters [ 299.857730][ T8131] vivid-007: ================= START STATUS ================= [ 299.908052][ T8131] vivid-007: Generate PTS: true [ 299.918008][ T8131] vivid-007: Generate SCR: true [ 299.928205][ T8131] tpg source WxH: 320x240 (Y'CbCr) [ 299.943923][ T8131] tpg field: 1 [ 300.016591][ T8131] tpg crop: (0,0)/320x240 [ 300.105986][ T8131] tpg compose: (0,0)/320x240 [ 300.280588][ T8131] tpg colorspace: 8 [ 300.302189][ T8131] tpg transfer function: 0/0 [ 300.337888][ T8131] tpg Y'CbCr encoding: 0/0 [ 300.377882][ T8131] tpg quantization: 0/0 [ 300.447642][ T8131] tpg RGB range: 0/2 [ 300.536359][ T8131] vivid-007: ================== END STATUS ================== [ 303.379915][ T8195] FAULT_INJECTION: forcing a failure. [ 303.379915][ T8195] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 303.401545][ T8195] CPU: 0 UID: 0 PID: 8195 Comm: syz.1.467 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 303.401589][ T8195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 303.401608][ T8195] Call Trace: [ 303.401618][ T8195] [ 303.401629][ T8195] dump_stack_lvl+0x16c/0x1f0 [ 303.401686][ T8195] should_fail_ex+0x512/0x640 [ 303.401740][ T8195] should_fail_alloc_page+0xe7/0x130 [ 303.401774][ T8195] prepare_alloc_pages+0x3c2/0x610 [ 303.401827][ T8195] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 303.401878][ T8195] ? kasan_save_stack+0x42/0x60 [ 303.401924][ T8195] ? kasan_save_stack+0x33/0x60 [ 303.401968][ T8195] ? kasan_save_track+0x14/0x30 [ 303.402013][ T8195] ? __kasan_slab_alloc+0x89/0x90 [ 303.402059][ T8195] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 303.402105][ T8195] ? __pmd_alloc+0xbf/0x930 [ 303.402137][ T8195] ? __handle_mm_fault+0xaac/0x5490 [ 303.402177][ T8195] ? handle_mm_fault+0x589/0xd10 [ 303.402216][ T8195] ? do_user_addr_fault+0x7a6/0x1370 [ 303.402257][ T8195] ? exc_page_fault+0x5c/0xb0 [ 303.402301][ T8195] ? asm_exc_page_fault+0x26/0x30 [ 303.402331][ T8195] ? rep_movs_alternative+0x30/0x90 [ 303.402368][ T8195] ? _copy_from_user+0x98/0xd0 [ 303.402416][ T8195] ? kvm_vm_ioctl+0x13eb/0x3da0 [ 303.402463][ T8195] ? __x64_sys_ioctl+0x18e/0x210 [ 303.402503][ T8195] ? do_syscall_64+0xcd/0x490 [ 303.402530][ T8195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.402566][ T8195] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 303.402639][ T8195] ? __lock_acquire+0xb8a/0x1c90 [ 303.402684][ T8195] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.402736][ T8195] ? policy_nodemask+0xea/0x4e0 [ 303.402792][ T8195] alloc_pages_mpol+0x1fb/0x550 [ 303.402833][ T8195] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 303.402867][ T8195] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 303.402911][ T8195] alloc_pages_noprof+0x131/0x390 [ 303.402943][ T8195] pte_alloc_one+0x1c/0x3a0 [ 303.402994][ T8195] __handle_mm_fault+0x3a68/0x5490 [ 303.403048][ T8195] ? __pfx___handle_mm_fault+0x10/0x10 [ 303.403088][ T8195] ? __pfx_mt_find+0x10/0x10 [ 303.403145][ T8195] ? find_vma+0xbf/0x140 [ 303.403176][ T8195] ? __pfx_find_vma+0x10/0x10 [ 303.403211][ T8195] handle_mm_fault+0x589/0xd10 [ 303.403257][ T8195] ? __pkru_allows_pkey+0x31/0xb0 [ 303.403302][ T8195] do_user_addr_fault+0x7a6/0x1370 [ 303.403351][ T8195] ? rcu_is_watching+0x12/0xc0 [ 303.403388][ T8195] exc_page_fault+0x5c/0xb0 [ 303.403438][ T8195] asm_exc_page_fault+0x26/0x30 [ 303.403468][ T8195] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 303.403510][ T8195] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 303.403540][ T8195] RSP: 0018:ffffc900040ef9e0 EFLAGS: 00050216 [ 303.403566][ T8195] RAX: 0000000000000001 RBX: 0000000000000038 RCX: 0000000000000020 [ 303.403585][ T8195] RDX: fffff5200081dfab RSI: 0000000000000038 RDI: ffffc900040efd38 [ 303.403605][ T8195] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff5200081dfaa [ 303.403625][ T8195] R10: ffffc900040efd57 R11: 0000000000000001 R12: 0000000000000000 [ 303.403644][ T8195] R13: ffffc900040efd38 R14: 0000000000000000 R15: 0000000000000003 [ 303.403686][ T8195] _copy_from_user+0x98/0xd0 [ 303.403739][ T8195] kvm_vm_ioctl+0x13eb/0x3da0 [ 303.403809][ T8195] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 303.403890][ T8195] ? kasan_quarantine_put+0x10a/0x240 [ 303.403937][ T8195] ? lockdep_hardirqs_on+0x7c/0x110 [ 303.403992][ T8195] ? find_held_lock+0x2b/0x80 [ 303.404025][ T8195] ? tomoyo_path_number_perm+0x295/0x580 [ 303.404073][ T8195] ? tomoyo_path_number_perm+0x18d/0x580 [ 303.404115][ T8195] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 303.404154][ T8195] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.404206][ T8195] ? do_vfs_ioctl+0x523/0x1a60 [ 303.404243][ T8195] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 303.404311][ T8195] ? find_held_lock+0x2b/0x80 [ 303.404341][ T8195] ? hook_file_ioctl_common+0x145/0x410 [ 303.404385][ T8195] ? __fget_files+0x20e/0x3c0 [ 303.404436][ T8195] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 303.404488][ T8195] __x64_sys_ioctl+0x18e/0x210 [ 303.404529][ T8195] do_syscall_64+0xcd/0x490 [ 303.404562][ T8195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.404594][ T8195] RIP: 0033:0x7fa7c3f8e929 [ 303.404620][ T8195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.404650][ T8195] RSP: 002b:00007fa7c4d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.404679][ T8195] RAX: ffffffffffffffda RBX: 00007fa7c41b5fa0 RCX: 00007fa7c3f8e929 [ 303.404699][ T8195] RDX: 0000000000000038 RSI: 000000004020ae46 RDI: 0000000000000003 [ 303.404719][ T8195] RBP: 00007fa7c4d96090 R08: 0000000000000000 R09: 0000000000000000 [ 303.404737][ T8195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.404756][ T8195] R13: 0000000000000000 R14: 00007fa7c41b5fa0 R15: 00007ffce73f0728 [ 303.404798][ T8195] [ 305.296912][ T8211] bridge0: port 3(hsr0) entered blocking state [ 305.345193][ T8211] bridge0: port 3(hsr0) entered disabled state [ 305.428667][ T8211] hsr0: entered allmulticast mode [ 305.456733][ T8211] hsr_slave_0: entered allmulticast mode [ 305.476681][ T8211] hsr_slave_1: entered allmulticast mode [ 305.508582][ T8211] hsr0: entered promiscuous mode [ 305.553407][ T8211] bridge0: port 3(hsr0) entered blocking state [ 305.560213][ T8211] bridge0: port 3(hsr0) entered forwarding state [ 305.909019][ T8222] FAULT_INJECTION: forcing a failure. [ 305.909019][ T8222] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 306.016348][ T8222] CPU: 0 UID: 0 PID: 8222 Comm: syz.3.473 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 306.016405][ T8222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.016424][ T8222] Call Trace: [ 306.016434][ T8222] [ 306.016448][ T8222] dump_stack_lvl+0x16c/0x1f0 [ 306.016509][ T8222] should_fail_ex+0x512/0x640 [ 306.016565][ T8222] should_fail_alloc_page+0xe7/0x130 [ 306.016601][ T8222] prepare_alloc_pages+0x3c2/0x610 [ 306.016642][ T8222] ? rcu_is_watching+0x12/0xc0 [ 306.016687][ T8222] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 306.016747][ T8222] ? css_rstat_updated+0x9d/0xd30 [ 306.016793][ T8222] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 306.016842][ T8222] ? __lock_acquire+0x622/0x1c90 [ 306.016902][ T8222] ? __lock_acquire+0x622/0x1c90 [ 306.016949][ T8222] ? __lock_acquire+0x622/0x1c90 [ 306.016992][ T8222] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 306.017046][ T8222] ? policy_nodemask+0xea/0x4e0 [ 306.017105][ T8222] alloc_pages_mpol+0x1fb/0x550 [ 306.017138][ T8222] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 306.017180][ T8222] folio_alloc_mpol_noprof+0x36/0x2f0 [ 306.017221][ T8222] vma_alloc_folio_noprof+0xed/0x1e0 [ 306.017259][ T8222] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 306.017294][ T8222] ? find_held_lock+0x2b/0x80 [ 306.017327][ T8222] ? __handle_mm_fault+0x1092/0x5490 [ 306.017376][ T8222] __handle_mm_fault+0x2f21/0x5490 [ 306.017442][ T8222] ? __pfx___handle_mm_fault+0x10/0x10 [ 306.017489][ T8222] ? __pte_offset_map_lock+0x174/0x310 [ 306.017524][ T8222] ? find_held_lock+0x2b/0x80 [ 306.017554][ T8222] ? find_held_lock+0x2b/0x80 [ 306.017599][ T8222] ? follow_page_pte+0x3af/0x14c0 [ 306.017644][ T8222] handle_mm_fault+0x589/0xd10 [ 306.017699][ T8222] __get_user_pages+0x589/0x3b80 [ 306.017750][ T8222] ? __pfx_mt_find+0x10/0x10 [ 306.017785][ T8222] ? __pfx___get_user_pages+0x10/0x10 [ 306.017837][ T8222] populate_vma_page_range+0x278/0x3a0 [ 306.017880][ T8222] ? __pfx_populate_vma_page_range+0x10/0x10 [ 306.017920][ T8222] ? __pfx_find_vma_intersection+0x10/0x10 [ 306.017961][ T8222] ? do_mmap+0x69c/0x1210 [ 306.018003][ T8222] __mm_populate+0x1d8/0x380 [ 306.018045][ T8222] ? __pfx___mm_populate+0x10/0x10 [ 306.018089][ T8222] ? up_write+0x1b2/0x520 [ 306.018143][ T8222] vm_mmap_pgoff+0x362/0x450 [ 306.018181][ T8222] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 306.018226][ T8222] ? __x64_sys_futex+0x1e0/0x4c0 [ 306.018266][ T8222] ? __x64_sys_futex+0x1e9/0x4c0 [ 306.018312][ T8222] ksys_mmap_pgoff+0x7d/0x5c0 [ 306.018346][ T8222] ? xfd_validate_state+0x61/0x180 [ 306.018398][ T8222] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 306.018456][ T8222] __x64_sys_mmap+0x125/0x190 [ 306.018507][ T8222] do_syscall_64+0xcd/0x490 [ 306.018541][ T8222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.018575][ T8222] RIP: 0033:0x7fb77ed8e929 [ 306.018603][ T8222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.018633][ T8222] RSP: 002b:00007fb77cbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 306.018662][ T8222] RAX: ffffffffffffffda RBX: 00007fb77efb5fa0 RCX: 00007fb77ed8e929 [ 306.018683][ T8222] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 306.018702][ T8222] RBP: 00007fb77ee10b39 R08: 0000000000000007 R09: 0000000000028000 [ 306.018721][ T8222] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 306.018740][ T8222] R13: 0000000000000000 R14: 00007fb77efb5fa0 R15: 00007ffdf255c568 [ 306.018784][ T8222] [ 307.029084][ T8244] FAULT_INJECTION: forcing a failure. [ 307.029084][ T8244] name failslab, interval 1, probability 0, space 0, times 0 [ 307.095413][ T8244] CPU: 0 UID: 0 PID: 8244 Comm: syz.2.478 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 307.095457][ T8244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.095476][ T8244] Call Trace: [ 307.095485][ T8244] [ 307.095497][ T8244] dump_stack_lvl+0x16c/0x1f0 [ 307.095551][ T8244] should_fail_ex+0x512/0x640 [ 307.095611][ T8244] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 307.095662][ T8244] should_failslab+0xc2/0x120 [ 307.095692][ T8244] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 307.095740][ T8244] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 307.095774][ T8244] ? ptlock_alloc+0x1f/0x70 [ 307.095819][ T8244] ptlock_alloc+0x1f/0x70 [ 307.095858][ T8244] pte_alloc_one+0x82/0x3a0 [ 307.095907][ T8244] __handle_mm_fault+0x3a68/0x5490 [ 307.095960][ T8244] ? __pfx___handle_mm_fault+0x10/0x10 [ 307.095999][ T8244] ? __pfx_mt_find+0x10/0x10 [ 307.096054][ T8244] ? find_vma+0xbf/0x140 [ 307.096086][ T8244] ? __pfx_find_vma+0x10/0x10 [ 307.096121][ T8244] handle_mm_fault+0x589/0xd10 [ 307.096166][ T8244] ? __pkru_allows_pkey+0x31/0xb0 [ 307.096211][ T8244] do_user_addr_fault+0x7a6/0x1370 [ 307.096260][ T8244] ? rcu_is_watching+0x12/0xc0 [ 307.096298][ T8244] exc_page_fault+0x5c/0xb0 [ 307.096347][ T8244] asm_exc_page_fault+0x26/0x30 [ 307.096379][ T8244] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 307.096420][ T8244] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 307.096451][ T8244] RSP: 0018:ffffc90003edf9e0 EFLAGS: 00050216 [ 307.096476][ T8244] RAX: 0000000000000001 RBX: 0000000000000038 RCX: 0000000000000020 [ 307.096495][ T8244] RDX: fffff520007dbfab RSI: 0000000000000038 RDI: ffffc90003edfd38 [ 307.096514][ T8244] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff520007dbfaa [ 307.096532][ T8244] R10: ffffc90003edfd57 R11: 0000000000000001 R12: 0000000000000000 [ 307.096551][ T8244] R13: ffffc90003edfd38 R14: 0000000000000000 R15: 0000000000000003 [ 307.096600][ T8244] _copy_from_user+0x98/0xd0 [ 307.096654][ T8244] kvm_vm_ioctl+0x13eb/0x3da0 [ 307.096723][ T8244] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 307.096797][ T8244] ? kasan_quarantine_put+0x10a/0x240 [ 307.096843][ T8244] ? lockdep_hardirqs_on+0x7c/0x110 [ 307.096898][ T8244] ? find_held_lock+0x2b/0x80 [ 307.096930][ T8244] ? tomoyo_path_number_perm+0x295/0x580 [ 307.096977][ T8244] ? tomoyo_path_number_perm+0x18d/0x580 [ 307.097037][ T8244] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.097076][ T8244] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 307.097129][ T8244] ? do_vfs_ioctl+0x523/0x1a60 [ 307.097167][ T8244] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 307.097236][ T8244] ? find_held_lock+0x2b/0x80 [ 307.097265][ T8244] ? hook_file_ioctl_common+0x145/0x410 [ 307.097311][ T8244] ? __fget_files+0x20e/0x3c0 [ 307.097362][ T8244] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 307.097415][ T8244] __x64_sys_ioctl+0x18e/0x210 [ 307.097456][ T8244] do_syscall_64+0xcd/0x490 [ 307.097489][ T8244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.097520][ T8244] RIP: 0033:0x7f161e38e929 [ 307.097545][ T8244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.097574][ T8244] RSP: 002b:00007f161f255038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.097610][ T8244] RAX: ffffffffffffffda RBX: 00007f161e5b5fa0 RCX: 00007f161e38e929 [ 307.097630][ T8244] RDX: 0000000000000038 RSI: 000000004020ae46 RDI: 0000000000000003 [ 307.097649][ T8244] RBP: 00007f161f255090 R08: 0000000000000000 R09: 0000000000000000 [ 307.097668][ T8244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.097687][ T8244] R13: 0000000000000000 R14: 00007f161e5b5fa0 R15: 00007ffcf22d08d8 [ 307.097728][ T8244] [ 308.858574][ T8261] vivid-007: ================= START STATUS ================= [ 308.904672][ T8261] vivid-007: Generate PTS: true [ 308.966625][ T8261] vivid-007: Generate SCR: true [ 308.996519][ T8261] tpg source WxH: 320x240 (Y'CbCr) [ 309.001704][ T8261] tpg field: 1 [ 309.018412][ T8261] tpg crop: (0,0)/320x240 [ 309.024738][ T8261] tpg compose: (0,0)/320x240 [ 309.077918][ T8261] tpg colorspace: 8 [ 309.081959][ T8261] tpg transfer function: 0/0 [ 309.144630][ T8261] tpg Y'CbCr encoding: 0/0 [ 309.200356][ T8261] tpg quantization: 0/0 [ 309.204622][ T8261] tpg RGB range: 0/2 [ 309.351977][ T8261] vivid-007: ================== END STATUS ================== [ 309.580543][ T30] audit: type=1800 audit(6044926873.182:8): pid=8278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.482" name="lu_gp_id" dev="configfs" ino=55513 res=0 errno=0 [ 309.601406][ T8276] kstrtoul() returned -22 for lu_gp_id [ 309.635072][ T8278] kstrtoul() returned -22 for lu_gp_id [ 309.838890][ T8272] can: request_module (can-proto-3) failed. [ 310.736648][ T8250] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 311.509910][ T8320] FAULT_INJECTION: forcing a failure. [ 311.509910][ T8320] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 311.593762][ T8320] CPU: 0 UID: 0 PID: 8320 Comm: syz.4.488 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 311.593795][ T8320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.593808][ T8320] Call Trace: [ 311.593815][ T8320] [ 311.593824][ T8320] dump_stack_lvl+0x16c/0x1f0 [ 311.593866][ T8320] should_fail_ex+0x512/0x640 [ 311.593904][ T8320] should_fail_alloc_page+0xe7/0x130 [ 311.593928][ T8320] prepare_alloc_pages+0x3c2/0x610 [ 311.593961][ T8320] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 311.594013][ T8320] ? __lock_acquire+0x622/0x1c90 [ 311.594051][ T8320] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 311.594102][ T8320] ? find_held_lock+0x2b/0x80 [ 311.594125][ T8320] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 311.594163][ T8320] ? policy_nodemask+0xea/0x4e0 [ 311.594203][ T8320] alloc_pages_mpol+0x1fb/0x550 [ 311.594226][ T8320] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 311.594256][ T8320] folio_alloc_mpol_noprof+0x36/0x2f0 [ 311.594284][ T8320] shmem_alloc_folio+0x135/0x160 [ 311.594313][ T8320] shmem_alloc_and_add_folio+0x499/0xc20 [ 311.594353][ T8320] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 311.594390][ T8320] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 311.594429][ T8320] shmem_get_folio_gfp+0x67f/0x1600 [ 311.594469][ T8320] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 311.594505][ T8320] ? filemap_map_pages+0xf6f/0x1680 [ 311.594544][ T8320] shmem_fault+0x1fe/0xa30 [ 311.594575][ T8320] ? __lock_acquire+0x622/0x1c90 [ 311.594605][ T8320] ? __pfx_shmem_fault+0x10/0x10 [ 311.594640][ T8320] ? rcu_is_watching+0x12/0xc0 [ 311.594663][ T8320] ? __pfx_filemap_map_pages+0x10/0x10 [ 311.594706][ T8320] __do_fault+0x10d/0x490 [ 311.594743][ T8320] __handle_mm_fault+0x3c2a/0x5490 [ 311.594780][ T8320] ? __pfx___handle_mm_fault+0x10/0x10 [ 311.594808][ T8320] ? __pfx_mt_find+0x10/0x10 [ 311.594846][ T8320] ? find_vma+0xbf/0x140 [ 311.594868][ T8320] ? __pfx_find_vma+0x10/0x10 [ 311.594893][ T8320] handle_mm_fault+0x589/0xd10 [ 311.594923][ T8320] ? __pkru_allows_pkey+0x31/0xb0 [ 311.594955][ T8320] do_user_addr_fault+0x7a6/0x1370 [ 311.594995][ T8320] ? rcu_is_watching+0x12/0xc0 [ 311.595021][ T8320] exc_page_fault+0x5c/0xb0 [ 311.595056][ T8320] asm_exc_page_fault+0x26/0x30 [ 311.595078][ T8320] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 311.595108][ T8320] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 311.595130][ T8320] RSP: 0018:ffffc900032279e0 EFLAGS: 00050216 [ 311.595148][ T8320] RAX: 0000000000000001 RBX: 0000000000000038 RCX: 0000000000000020 [ 311.595162][ T8320] RDX: fffff52000644fab RSI: 0000000000000038 RDI: ffffc90003227d38 [ 311.595176][ T8320] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff52000644faa [ 311.595190][ T8320] R10: ffffc90003227d57 R11: 0000000000000001 R12: 0000000000000000 [ 311.595204][ T8320] R13: ffffc90003227d38 R14: 0000000000000000 R15: 0000000000000003 [ 311.595233][ T8320] _copy_from_user+0x98/0xd0 [ 311.595272][ T8320] kvm_vm_ioctl+0x13eb/0x3da0 [ 311.595320][ T8320] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 311.595371][ T8320] ? kasan_quarantine_put+0x10a/0x240 [ 311.595404][ T8320] ? lockdep_hardirqs_on+0x7c/0x110 [ 311.595442][ T8320] ? find_held_lock+0x2b/0x80 [ 311.595465][ T8320] ? tomoyo_path_number_perm+0x295/0x580 [ 311.595498][ T8320] ? tomoyo_path_number_perm+0x18d/0x580 [ 311.595528][ T8320] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 311.595555][ T8320] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 311.595592][ T8320] ? do_vfs_ioctl+0x523/0x1a60 [ 311.595619][ T8320] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 311.595665][ T8320] ? find_held_lock+0x2b/0x80 [ 311.595687][ T8320] ? hook_file_ioctl_common+0x145/0x410 [ 311.595718][ T8320] ? __fget_files+0x20e/0x3c0 [ 311.595754][ T8320] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 311.595790][ T8320] __x64_sys_ioctl+0x18e/0x210 [ 311.595820][ T8320] do_syscall_64+0xcd/0x490 [ 311.595842][ T8320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.595865][ T8320] RIP: 0033:0x7fa46c98e929 [ 311.595882][ T8320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.595903][ T8320] RSP: 002b:00007fa46d792038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.595923][ T8320] RAX: ffffffffffffffda RBX: 00007fa46cbb6080 RCX: 00007fa46c98e929 [ 311.595938][ T8320] RDX: 0000000000000038 RSI: 000000004020ae46 RDI: 0000000000000003 [ 311.595952][ T8320] RBP: 00007fa46d792090 R08: 0000000000000000 R09: 0000000000000000 [ 311.595965][ T8320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.595988][ T8320] R13: 0000000000000001 R14: 00007fa46cbb6080 R15: 00007ffe2e834bf8 [ 311.596017][ T8320] [ 312.458448][ T8309] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 315.108543][ T8352] program syz.4.494 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 315.567449][ T8391] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 315.614481][ T8391] FAULT_INJECTION: forcing a failure. [ 315.614481][ T8391] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 315.670578][ T8391] CPU: 1 UID: 0 PID: 8391 Comm: syz.1.497 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 315.670628][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.670649][ T8391] Call Trace: [ 315.670660][ T8391] [ 315.670673][ T8391] dump_stack_lvl+0x16c/0x1f0 [ 315.670747][ T8391] should_fail_ex+0x512/0x640 [ 315.670804][ T8391] should_fail_alloc_page+0xe7/0x130 [ 315.670841][ T8391] prepare_alloc_pages+0x3c2/0x610 [ 315.670883][ T8391] ? rcu_is_watching+0x12/0xc0 [ 315.670920][ T8391] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 315.670974][ T8391] ? kasan_save_stack+0x42/0x60 [ 315.671036][ T8391] ? __lock_acquire+0x622/0x1c90 [ 315.671084][ T8391] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 315.671135][ T8391] ? __lock_acquire+0x622/0x1c90 [ 315.671194][ T8391] ? __lock_acquire+0x622/0x1c90 [ 315.671240][ T8391] ? __lock_acquire+0x622/0x1c90 [ 315.671284][ T8391] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.671338][ T8391] ? policy_nodemask+0xea/0x4e0 [ 315.671395][ T8391] alloc_pages_mpol+0x1fb/0x550 [ 315.671434][ T8391] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 315.671477][ T8391] folio_alloc_mpol_noprof+0x36/0x2f0 [ 315.671519][ T8391] vma_alloc_folio_noprof+0xed/0x1e0 [ 315.671558][ T8391] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 315.671594][ T8391] ? find_held_lock+0x2b/0x80 [ 315.671625][ T8391] ? __handle_mm_fault+0x1092/0x5490 [ 315.671677][ T8391] __handle_mm_fault+0x2f21/0x5490 [ 315.671734][ T8391] ? __pfx___handle_mm_fault+0x10/0x10 [ 315.671791][ T8391] ? __pte_offset_map_lock+0x174/0x310 [ 315.671827][ T8391] ? find_held_lock+0x2b/0x80 [ 315.671858][ T8391] ? find_held_lock+0x2b/0x80 [ 315.671903][ T8391] ? follow_page_pte+0x3af/0x14c0 [ 315.671952][ T8391] handle_mm_fault+0x589/0xd10 [ 315.672008][ T8391] __get_user_pages+0x589/0x3b80 [ 315.672059][ T8391] ? __pfx_mt_find+0x10/0x10 [ 315.672095][ T8391] ? __pfx___get_user_pages+0x10/0x10 [ 315.672151][ T8391] populate_vma_page_range+0x278/0x3a0 [ 315.672196][ T8391] ? __pfx_populate_vma_page_range+0x10/0x10 [ 315.672237][ T8391] ? __pfx_find_vma_intersection+0x10/0x10 [ 315.672279][ T8391] ? do_mmap+0x69c/0x1210 [ 315.672321][ T8391] __mm_populate+0x1d8/0x380 [ 315.672364][ T8391] ? __pfx___mm_populate+0x10/0x10 [ 315.672408][ T8391] ? up_write+0x1b2/0x520 [ 315.672463][ T8391] vm_mmap_pgoff+0x362/0x450 [ 315.672503][ T8391] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 315.672548][ T8391] ? __x64_sys_futex+0x1e0/0x4c0 [ 315.672587][ T8391] ? __x64_sys_futex+0x1e9/0x4c0 [ 315.672635][ T8391] ksys_mmap_pgoff+0x7d/0x5c0 [ 315.672696][ T8391] ? xfd_validate_state+0x61/0x180 [ 315.672754][ T8391] __x64_sys_mmap+0x125/0x190 [ 315.672806][ T8391] do_syscall_64+0xcd/0x490 [ 315.672842][ T8391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.672876][ T8391] RIP: 0033:0x7fa7c3f8e929 [ 315.672904][ T8391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.672938][ T8391] RSP: 002b:00007fa7c4d75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 315.672970][ T8391] RAX: ffffffffffffffda RBX: 00007fa7c41b6080 RCX: 00007fa7c3f8e929 [ 315.672993][ T8391] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 315.673013][ T8391] RBP: 00007fa7c4010b39 R08: 0000000000000002 R09: 0000000000008000 [ 315.673032][ T8391] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 315.673052][ T8391] R13: 0000000000000000 R14: 00007fa7c41b6080 R15: 00007ffce73f0728 [ 315.673094][ T8391] [ 317.188445][ T8405] nbd: couldn't find a device at index 925970439 [ 318.351363][ T8425] netlink: 20 bytes leftover after parsing attributes in process `syz.2.504'. [ 318.807538][ T8425] hsr_slave_0 (unregistering): left promiscuous mode [ 319.454398][ T8425] net_ratelimit: 95 callbacks suppressed [ 319.454419][ T8425] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 320.278679][ T8450] FAULT_INJECTION: forcing a failure. [ 320.278679][ T8450] name failslab, interval 1, probability 0, space 0, times 0 [ 320.303794][ T8450] CPU: 0 UID: 8 PID: 8450 Comm: syz.2.509 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 320.303844][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.303864][ T8450] Call Trace: [ 320.303875][ T8450] [ 320.303888][ T8450] dump_stack_lvl+0x16c/0x1f0 [ 320.303947][ T8450] should_fail_ex+0x512/0x640 [ 320.303996][ T8450] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 320.304052][ T8450] should_failslab+0xc2/0x120 [ 320.304084][ T8450] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 320.304136][ T8450] ? security_file_alloc+0x34/0x2b0 [ 320.304189][ T8450] security_file_alloc+0x34/0x2b0 [ 320.304235][ T8450] init_file+0x93/0x4c0 [ 320.304269][ T8450] alloc_empty_file+0x73/0x1e0 [ 320.304306][ T8450] alloc_file_pseudo+0x13a/0x230 [ 320.304346][ T8450] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 320.304391][ T8450] ? alloc_fd+0x471/0x7d0 [ 320.304443][ T8450] sock_alloc_file+0x50/0x210 [ 320.304479][ T8450] __sys_socket+0x1c0/0x260 [ 320.304522][ T8450] ? __pfx___sys_socket+0x10/0x10 [ 320.304565][ T8450] ? xfd_validate_state+0x61/0x180 [ 320.304619][ T8450] __x64_sys_socket+0x72/0xb0 [ 320.304659][ T8450] ? lockdep_hardirqs_on+0x7c/0x110 [ 320.304711][ T8450] do_syscall_64+0xcd/0x490 [ 320.304744][ T8450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.304778][ T8450] RIP: 0033:0x7f161e38e929 [ 320.304805][ T8450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.304838][ T8450] RSP: 002b:00007f161f255038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 320.304870][ T8450] RAX: ffffffffffffffda RBX: 00007f161e5b5fa0 RCX: 00007f161e38e929 [ 320.304893][ T8450] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 320.304913][ T8450] RBP: 00007f161e410b39 R08: 0000000000000000 R09: 0000000000000000 [ 320.304932][ T8450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.304951][ T8450] R13: 0000000000000000 R14: 00007f161e5b5fa0 R15: 00007ffcf22d08d8 [ 320.304994][ T8450] [ 321.214485][ T8465] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 322.573285][ T8480] [ 322.575666][ T8480] ====================================================== [ 322.582693][ T8480] WARNING: possible circular locking dependency detected [ 322.589722][ T8480] 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 Not tainted [ 322.596842][ T8480] ------------------------------------------------------ [ 322.603873][ T8480] syz.3.516/8480 is trying to acquire lock: [ 322.609944][ T8480] ffffffff8e72ea68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 322.619560][ T8480] [ 322.619560][ T8480] but task is already holding lock: [ 322.626935][ T8480] ffff88814278ec40 (&q->q_usage_counter(io)#53){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 322.638212][ T8480] [ 322.638212][ T8480] which lock already depends on the new lock. [ 322.638212][ T8480] [ 322.648629][ T8480] [ 322.648629][ T8480] the existing dependency chain (in reverse order) is: [ 322.657678][ T8480] [ 322.657678][ T8480] -> #2 (&q->q_usage_counter(io)#53){++++}-{0:0}: [ 322.666322][ T8480] blk_alloc_queue+0x619/0x760 [ 322.671635][ T8480] blk_mq_alloc_queue+0x175/0x290 [ 322.677215][ T8480] __blk_mq_alloc_disk+0x29/0x120 [ 322.682798][ T8480] nbd_dev_add+0x4a0/0xbc0 [ 322.687849][ T8480] nbd_init+0x181/0x320 [ 322.692568][ T8480] do_one_initcall+0x120/0x6e0 [ 322.697883][ T8480] kernel_init_freeable+0x5c2/0x900 [ 322.703629][ T8480] kernel_init+0x1c/0x2b0 [ 322.708502][ T8480] ret_from_fork+0x5d4/0x6f0 [ 322.713641][ T8480] ret_from_fork_asm+0x1a/0x30 [ 322.718945][ T8480] [ 322.718945][ T8480] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 322.726183][ T8480] fs_reclaim_acquire+0x102/0x150 [ 322.731755][ T8480] prepare_alloc_pages+0x162/0x610 [ 322.737414][ T8480] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 322.743863][ T8480] __alloc_pages_noprof+0xb/0x1b0 [ 322.749525][ T8480] pcpu_populate_chunk+0x110/0xb00 [ 322.755187][ T8480] pcpu_alloc_noprof+0x86a/0x1470 [ 322.760787][ T8480] xt_percpu_counter_alloc+0x13e/0x1b0 [ 322.766842][ T8480] find_check_entry.constprop.0+0xbc/0x9b0 [ 322.773221][ T8480] translate_table+0xc98/0x1720 [ 322.778662][ T8480] ipt_register_table+0x102/0x430 [ 322.784251][ T8480] iptable_mangle_table_init+0x40/0x60 [ 322.790274][ T8480] xt_find_table_lock+0x2e1/0x520 [ 322.795864][ T8480] xt_request_find_table_lock+0x28/0xf0 [ 322.801970][ T8480] get_info+0x190/0x610 [ 322.806686][ T8480] do_ipt_get_ctl+0x169/0xa10 [ 322.811923][ T8480] nf_getsockopt+0x7c/0xe0 [ 322.816889][ T8480] ip_getsockopt+0x18c/0x1e0 [ 322.822042][ T8480] tcp_getsockopt+0x9e/0x100 [ 322.827212][ T8480] do_sock_getsockopt+0x3ff/0x800 [ 322.832789][ T8480] __sys_getsockopt+0x123/0x1b0 [ 322.838201][ T8480] __x64_sys_getsockopt+0xbd/0x160 [ 322.843871][ T8480] do_syscall_64+0xcd/0x490 [ 322.848919][ T8480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.855358][ T8480] [ 322.855358][ T8480] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 322.863124][ T8480] __lock_acquire+0x126f/0x1c90 [ 322.868524][ T8480] lock_acquire+0x179/0x350 [ 322.873577][ T8480] __mutex_lock+0x199/0xb90 [ 322.878618][ T8480] pcpu_alloc_noprof+0xb4c/0x1470 [ 322.884206][ T8480] blk_stat_alloc_callback+0xc8/0x280 [ 322.890159][ T8480] wbt_init+0xac/0x540 [ 322.894812][ T8480] queue_wb_lat_store+0x354/0x3d0 [ 322.900406][ T8480] queue_attr_store+0x276/0x320 [ 322.905833][ T8480] sysfs_kf_write+0xf2/0x150 [ 322.910977][ T8480] kernfs_fop_write_iter+0x354/0x510 [ 322.916808][ T8480] vfs_write+0x6c4/0x1150 [ 322.921687][ T8480] ksys_write+0x12a/0x250 [ 322.926567][ T8480] do_syscall_64+0xcd/0x490 [ 322.931611][ T8480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.938041][ T8480] [ 322.938041][ T8480] other info that might help us debug this: [ 322.938041][ T8480] [ 322.948282][ T8480] Chain exists of: [ 322.948282][ T8480] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#53 [ 322.948282][ T8480] [ 322.961972][ T8480] Possible unsafe locking scenario: [ 322.961972][ T8480] [ 322.969432][ T8480] CPU0 CPU1 [ 322.974829][ T8480] ---- ---- [ 322.980267][ T8480] lock(&q->q_usage_counter(io)#53); [ 322.985709][ T8480] lock(fs_reclaim); [ 322.992243][ T8480] lock(&q->q_usage_counter(io)#53); [ 323.000189][ T8480] lock(pcpu_alloc_mutex); [ 323.004720][ T8480] [ 323.004720][ T8480] *** DEADLOCK *** [ 323.004720][ T8480] [ 323.012896][ T8480] 6 locks held by syz.3.516/8480: [ 323.017939][ T8480] #0: ffff888035b2e7f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 323.027063][ T8480] #1: ffff888036a80428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 323.036190][ T8480] #2: ffff8880543a8888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 323.045990][ T8480] #3: ffff888141705c38 (kn->active#145){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 323.056142][ T8480] #4: ffff88814278ec40 (&q->q_usage_counter(io)#53){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 323.067871][ T8480] #5: ffff88814278ec78 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 323.079767][ T8480] [ 323.079767][ T8480] stack backtrace: [ 323.085666][ T8480] CPU: 1 UID: 0 PID: 8480 Comm: syz.3.516 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 323.085698][ T8480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.085712][ T8480] Call Trace: [ 323.085720][ T8480] [ 323.085728][ T8480] dump_stack_lvl+0x116/0x1f0 [ 323.085769][ T8480] print_circular_bug+0x275/0x350 [ 323.085801][ T8480] check_noncircular+0x14c/0x170 [ 323.085834][ T8480] __lock_acquire+0x126f/0x1c90 [ 323.085870][ T8480] lock_acquire+0x179/0x350 [ 323.085900][ T8480] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 323.085935][ T8480] ? __pfx___might_resched+0x10/0x10 [ 323.085958][ T8480] ? ksys_write+0x12a/0x250 [ 323.085990][ T8480] ? do_syscall_64+0xcd/0x490 [ 323.086010][ T8480] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.086036][ T8480] __mutex_lock+0x199/0xb90 [ 323.086056][ T8480] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 323.086089][ T8480] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 323.086122][ T8480] ? __pfx___mutex_lock+0x10/0x10 [ 323.086155][ T8480] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 323.086187][ T8480] pcpu_alloc_noprof+0xb4c/0x1470 [ 323.086225][ T8480] ? __pfx_wbt_data_dir+0x10/0x10 [ 323.086260][ T8480] ? __pfx_wb_timer_fn+0x10/0x10 [ 323.086281][ T8480] blk_stat_alloc_callback+0xc8/0x280 [ 323.086304][ T8480] ? kasan_save_track+0x14/0x30 [ 323.086340][ T8480] wbt_init+0xac/0x540 [ 323.086363][ T8480] queue_wb_lat_store+0x354/0x3d0 [ 323.086400][ T8480] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 323.086438][ T8480] ? __mutex_trylock_common+0xe9/0x250 [ 323.086470][ T8480] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 323.086506][ T8480] queue_attr_store+0x276/0x320 [ 323.086543][ T8480] ? __pfx_queue_attr_store+0x10/0x10 [ 323.086577][ T8480] ? __lock_acquire+0x622/0x1c90 [ 323.086614][ T8480] ? find_held_lock+0x2b/0x80 [ 323.086636][ T8480] ? sysfs_file_kobj+0xe4/0x290 [ 323.086665][ T8480] ? __pfx_queue_attr_store+0x10/0x10 [ 323.086701][ T8480] sysfs_kf_write+0xf2/0x150 [ 323.086729][ T8480] kernfs_fop_write_iter+0x354/0x510 [ 323.086753][ T8480] ? __pfx_sysfs_kf_write+0x10/0x10 [ 323.086782][ T8480] vfs_write+0x6c4/0x1150 [ 323.086814][ T8480] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 323.086839][ T8480] ? __pfx___mutex_lock+0x10/0x10 [ 323.086860][ T8480] ? __pfx_vfs_write+0x10/0x10 [ 323.086901][ T8480] ksys_write+0x12a/0x250 [ 323.086933][ T8480] ? __pfx_ksys_write+0x10/0x10 [ 323.086971][ T8480] do_syscall_64+0xcd/0x490 [ 323.086992][ T8480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.087015][ T8480] RIP: 0033:0x7fb77ed8e929 [ 323.087034][ T8480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.087057][ T8480] RSP: 002b:00007fb77cbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 323.087079][ T8480] RAX: ffffffffffffffda RBX: 00007fb77efb5fa0 RCX: 00007fb77ed8e929 [ 323.087095][ T8480] RDX: 0000000000000001 RSI: 0000200000000ec0 RDI: 0000000000000004 [ 323.087110][ T8480] RBP: 00007fb77ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 323.087124][ T8480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.087138][ T8480] R13: 0000000000000000 R14: 00007fb77efb5fa0 R15: 00007ffdf255c568 [ 323.087165][ T8480] [ 323.487959][ T8466] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 327.665032][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.672698][ T1301] ieee802154 phy1 wpan1: encryption failed: -22