last executing test programs: 15.735675947s ago: executing program 1 (id=1061): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x40103d0b, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r2 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0xfffffffffffffff7) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r0, 0x0, &(0x7f0000000180)={@siginfo_0_0={0x8, 0x2, 0x10, @_kill={r2, 0xee01}}}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4048061) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r4, 0x0, 0x400018) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sda\x00', 0x48001, 0x0) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x109e00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) 14.394624903s ago: executing program 1 (id=1063): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) keyctl$auto(0x10, 0x0, 0x9, 0x5, 0x80000003) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x401, 0x66) 13.798752143s ago: executing program 1 (id=1065): mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) getsockopt$auto(0x3, 0x11, 0xe, 0x0, 0x0) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0) 13.458949114s ago: executing program 1 (id=1068): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) poll$auto(0x0, 0x0, 0x3) ioperm$auto(0x7, 0x71, 0x863) r0 = socket$nl_generic(0x10, 0x3, 0x10) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) fadvise64$auto(r1, 0x8, 0x400000000000006, 0x4) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x400, 0x0) pread64$auto(r2, 0x0, 0x3, 0x5ef6) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r0) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={0x0}, 0x1, 0xf0ffff, 0x0, 0x4005}, 0x28044004) r3 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) madvise$auto(0x0, 0x2000040080000004, 0xe) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) write$auto_proc_mem_operations_base(r4, 0x0, 0x0) listmount$auto(0x0, 0x0, 0xf4240, 0x1) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0) write$auto(r5, 0x0, 0x2b6) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(r3, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) utimensat$auto(0xffffffffffffffff, 0x0, 0x0, 0xfffffff3) socketpair$auto(0x2, 0x9, 0x226e, &(0x7f00000000c0)=0xffffffff) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_cpumask\x00', 0x8402, 0x0) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) landlock_add_rule$auto(r3, 0x3, 0x0, 0x2) write$auto(0x3, 0x0, 0xfffffdef) 11.263253795s ago: executing program 0 (id=1072): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x40103d0b, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r2 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0xfffffffffffffff7) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r0, 0x0, &(0x7f0000000180)={@siginfo_0_0={0x8, 0x2, 0x10, @_kill={r2, 0xee01}}}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4048061) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r4, 0x0, 0x400018) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sda\x00', 0x48001, 0x0) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x109e00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) 9.075363892s ago: executing program 0 (id=1073): mmap$auto(0x0, 0x2020009, 0xffc0000000, 0xeb2, 0xfffffffffffffffb, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r0 = wait4$auto(0x0, &(0x7f0000000000)=0x8, 0x400, &(0x7f0000000040)={{0x6, 0x1}, {0x0, 0x8000000000000001}, 0x800, 0x3, 0x9f0, 0xff, 0x3, 0x10000, 0x0, 0x20c, 0x5, 0x8, 0x0, 0xfffffffffffffffc, 0x1}) prctl$auto(0x1, 0x8, r0, 0x10001, 0xe) madvise$auto(0x0, 0x2003ed, 0x19) madvise$auto(0x5, 0x7, 0x5) 8.540726131s ago: executing program 0 (id=1075): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_3={0x100, 0xa8b, 0x18c, 0x6a, 0x0, 0x3405, 0x3, 0x3, 0xfffffff5, "63ace816ef77cf00", 0x0, 0x549, 0x4, 0x4, 0x0, 0x1009, 0x4, 0xffffffffffffffff, 0xf, 0x2000005, @attach_btf_obj_fd=0x3, 0x166, 0x1, 0x4000004000006, 0x8, 0x48200006, 0xa7be, 0xffffffffffffffff}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x100000, 0x0) read$auto(0x3, 0x0, 0x0) socket(0x2, 0x2, 0x0) capset$auto(0x0, 0x0) r2 = socket(0x2, 0x1, 0x106) setsockopt$auto(r2, 0x1, 0x21, 0x0, 0x9) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x4, 0x5, 0x7fc, 0x400007fb, &(0x7f00000002c0)}) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r4, 0x27fff) setsockopt$auto_SO_INCOMING_CPU(r4, 0x8, 0x31, &(0x7f0000000380)='/dev/bus/usb/037/001\x00', 0xffffffff) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000100), r0) futex$auto(0x0, 0xbcd, 0x3f2, 0x0, 0x0, 0x0) execve$auto(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=&(0x7f0000000240)='\x00', &(0x7f0000000300)=&(0x7f00000002c0)='IPVS\x00') openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000340)='/dev/bus/usb/037/001\x00', 0x10540, 0x0) sendmsg$auto_IPVS_CMD_GET_DEST(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000326bd7000ffdbdf25080000000800060005f0ffff00"/38], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) 7.567350443s ago: executing program 2 (id=1077): close_range$auto(0x2, 0x8, 0x0) r0 = prctl$auto_PR_SET_MM_ENV_START(0x9, 0xa, 0x0, 0xb, 0x7) r1 = openat$auto_fops_u8_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/nfcsim/nfc0/dropframe\x00', 0x210080, 0x0) ioctl$auto(r0, 0x4, r1) socket(0x2d, 0x2, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x41, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff001, 0x2) prctl$auto_PR_SME_SET_VL(0x3f, 0x80000000, 0x0, 0x4b0d, 0x6) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) 7.292452769s ago: executing program 2 (id=1079): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000300)={0xc09a200, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x242902, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) ioctl$auto_BLKRRPART(r0, 0x125f, 0x27) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x193400, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) socket(0xa, 0x801, 0x106) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)=ANY=[@ANYBLOB="ae7560275c4b697c63540cbaca6abaa5821c3aa10e67b5768af275ecde6564e6b4b329a781c99d73cdbe7af495b2d4b09f5e1e1cf53dd9d7e5", @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf250400000006000b002c290000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000060}, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) socket(0xa, 0x5, 0x84) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 7.171001049s ago: executing program 0 (id=1080): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/ip6tnl0/bootp_relay\x00', 0x5014c0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x8800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x80, 0x0) read$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(r3, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.938296718s ago: executing program 2 (id=1081): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) clock_gettime$auto(0x2, &(0x7f0000000000)={0x7, 0x7}) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x40000000000c, 0x3fffffffff) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram3\x00', 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000340)=ANY=[@ANYBLOB="6714bf7f", @ANYBLOB="7d3f2dbd7000fddbdf250b0000009a186fa3009c378575480d377bec17864aaab310d1f023c2a5cb12fdffb0bd4163942b191301bf33e2937efbe29aa7361d3097d3896ad0467eb3002aeda72c84aae892abafeee433c70514752c7ca49580b5075e72ada90a09f94f42dd8d6a8cb4cf2524e80d75c0a00a60c9e8b4f645ea8f87531f22811b6d7e41ef3c3432b3891fce3f71c25ad7bb1e6cc04afe5d75f8789199b6"], 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0xa, 0x1, 0x84) preadv$auto(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x8010000}, 0x5, 0xfb, 0x8000000001) setsockopt$auto(r5, 0x29, 0x40, 0x0, 0x10000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xffffffffffffffc3, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8805}, 0x2400c804) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r6 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r6, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mlock2$auto(0x1, 0x8001, 0x0) 5.851029087s ago: executing program 1 (id=1082): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.events\x00', 0x60640, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x3) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x200448c0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x10b040, 0x0) bpf$auto(0xfffff011, &(0x7f0000000000)=@test={r1, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) socket(0x2, 0x2, 0x88) setsockopt$auto(0x4, 0x88, 0xa, &(0x7f0000000040)='0\xa5\x00\x00\x00\xec\x00\x00\x1f\xdb\xf2\x1f\xe6\xf0\xf0\xdf;\x98\'R\x06\xceD{s#\xd7t$I\xedh?\xe6S\xd5\xd8\x83\x9a2HUB\x19\x8e\r\xa9\xd5\x92\x82', 0x80000b) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0}, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) socket(0x5, 0x800, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r3, &(0x7f0000003bc0)={0x0, 0x0, &(0x7f0000003b80)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050026bd7000fddbdf25050000000d0011002f6465762f666231000000000f8a90270a46720c8641cb4dd9ed8f0d183a7e286bd767810458d2807bb493f484d29b129592e32edf3c4c5cda5eb330fd5a7d8c196294dc480741c787ff710cbce221f61d31428bd5d96b00427e7a2633921601d8b171ffe803252430905d40190b33746136f7971bd3b169381ef810c9c76b0f69581e5a05afbc4f49bac6bcbfb2d22b95c5634ebef61db5b963c4f7f05090c73ae76d30d41461732cce78419b0f919dd4ae8fdb2c93877fc554e97262726598ac81cc6d6028914e55cbb4d38b0b1f8035da88bdceea67737525789b4892a58dc0b3fd28eb6e6cba03774309b2a5747c4bb683f611d0dfd9eac9da1bf2bb4f34586e8944870090834783fa9b0f0000000000002dc11afac9e2bcc7106fbb085b4b3291fff32ac7fa238103d01b068ee297f4d84f94fa810a1e92b10303855fab0d8dc13fe9a715323b7d1a218a6e826f4ca9f7caff795426df0a3c45f1c9f92a97efb2368a54a35f6c5edc2f45a3ef4e351442231012de2e8790191dc1"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x200000, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) shmctl$auto_SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000180)={{0x17000000, 0xee01, 0x0, 0x7, 0x12000, 0x9, 0x5}, 0xb, 0xfffffffffffffffd, 0x3f, 0xc, @inferred, @raw=0x7d9, 0x200, 0x0, &(0x7f0000000100)="0fd0a48af0ed02391cf6fcd4785d2921bcd7097eeefed8f8691400fb335d1f4599f9c609618aed2e60703b3f86a159d6b1002a9993a8442bd1ff57d5c208098f9f6ee5247b7ddd4f18971955a758", &(0x7f00000004c0)="a34eb4a0705a20bda8e0ce259e84b73c4a5550243e5b618e87ce093cbedb7e656fa5f6b0b358a7536e48d3cd6127e84ecfe1bf644f6a3c26ddd9f016bb0c716fadfb019bcde882261fc0edbd19c3c73160ba56efb468b79fda19b84ca0610687272fdecf628cbf796a9de45009229cdede0ad43a05d8ac82e0f6cf46f505c89eafe9db398ff515a4a29dd11c0781182d719f2ac27aa9322ab71ee7955ad794ef8963094f475586e9aec22c3cc622f41117799ab97d"}) unshare$auto(0x40000080) madvise$auto(0x0, 0x200004, 0x15) set_mempolicy_home_node$auto(0x0, 0x10001, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.932762471s ago: executing program 2 (id=1084): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x29, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) prctl$auto(0x29, 0x17000000, 0x0, 0x0, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) ppoll$auto(&(0x7f0000000040)={r1, 0x5, 0xf}, 0x4, 0x0, 0x0, 0x8) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x381001, 0x0) socket(0xa, 0x1, 0x100) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0xbb, 0x400008, 0x5000df, 0x7fff, 0xffffffffffffffff, 0x1000000000080) mmap$auto(0x0, 0x5c, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) madvise$auto(0x7, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) ioctl$auto(r5, 0xc0205649, r4) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x1011c0, 0x0) 4.64225613s ago: executing program 3 (id=1085): close_range$auto(0x2, 0x8, 0x0) socket(0x2d, 0x2, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x41, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) (fail_nth: 5) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff001, 0x2) prctl$auto_PR_SME_SET_VL(0x3f, 0x80000000, 0x0, 0x4b0d, 0x6) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) 4.472583581s ago: executing program 0 (id=1086): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) clock_gettime$auto(0x2, &(0x7f0000000000)={0x7, 0x7}) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) read$auto_nvram_misc_fops_nvram(0xffffffffffffffff, 0x0, 0x0) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x40000000000c, 0x3fffffffff) 4.344016614s ago: executing program 3 (id=1087): r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000480)=0xfffffffffffffffe) write$auto(0xffffffffffffffff, &(0x7f0000000440)='.-\x00', 0x4) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/spi/drivers_autoprobe\x00', 0xca481, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='\x14\xf4\xb6\xc6\x97\xdb\x18B\f\xef\x1dQZ\xa66\xe7\x06\\\xe0)+\x86\xa7\x9bv\xe1\x18\xf1\x83\b\x11\x19\xdd\x1c', 0x100000000000008) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x20000009, 0x9, 0x0, 0x4, 0xffffffffffffffff, 0xb4, 0x500000000009, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7fffd, 0x0, 0xffff, 0x10, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) r1 = open(&(0x7f0000000140)='./file0\x00', 0x1ab4c2, 0x4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000040)=0xce) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x20040001) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/pcm0p/info\x00', 0x1b04, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f00000000c0)=""/10, 0xa) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="91a79c"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = socket(0x15, 0x1, 0xfffffffe) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0) socket(0x10, 0x2, 0x0) r4 = socketpair$auto(0x1, 0x1, 0x4, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x12d280, 0x0) clone$auto(0x7fff, 0x200, 0x0, 0x0, 0xf) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000380)=@raw_tracepoint={0xf8, r4, 0x0, 0x2}, 0x6) r6 = socket(0xa, 0x2, 0x8) getsockopt$auto(r6, 0x29, 0xd1, 0x0, 0x0) mmap$auto(0xe, 0x810004, 0xffb, 0x8000000008011, r5, 0x4) madvise$auto(0x0, 0x54, 0x9) syz_clone3(&(0x7f0000000300)={0x12a004080, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1}, 0x58) 3.801545465s ago: executing program 2 (id=1088): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x80000, 0x0) socket(0x8, 0x6, 0x1) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x4) 3.749858723s ago: executing program 0 (id=1089): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x40103d0b, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r2 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0xfffffffffffffff7) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r0, 0x0, &(0x7f0000000180)={@siginfo_0_0={0x8, 0x2, 0x10, @_kill={r2, 0xee01}}}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4048061) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) (fail_nth: 3) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r4, 0x0, 0x400018) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sda\x00', 0x48001, 0x0) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x109e00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) 3.697960095s ago: executing program 3 (id=1090): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) (async) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) socket(0x1e, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r3, 0x0, 0x800) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) (async) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/net\x00') mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) prctl$auto(0x3f, 0x7ff, 0x0, 0x5, 0x5) tgkill$auto(0x0, 0x1, 0x1) (async) tgkill$auto(0x0, 0x1, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x100000000021, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) (async) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) ioctl$auto_XFS_IOC_ATTRLIST_BY_HANDLE(r2, 0x4058587a, &(0x7f00000005c0)={{r6, &(0x7f0000000340)="c3a9cd5630e1fc2d9751b13203ddd0a17a9a62450c5c8b0025bb05d66cc7765e09090d0954e35ae11ac07eb74bc0fdabfbcb82bb3a67880fc1e56c158d4733572828c0c72ffb1c0f278ea572372e20487d3d14e977a4e225ec2b8af71a6986dcc4a455f90a9efb0ecd32ff7df1ae8b6c49eb690dbbd33c72154e4ef4f5296c07fc31fca379f696bd2d62f99b69a186b78570ce80b1b6abdf2c6ec1a6f31dc35145fdbf98463888e3729896d59549a76dc13c570eca3d2e439a0f97f0c52b0a8aba7684b9c372efcee0f5117ebac0f16b75deed7afc808682b574d88e49a5797ae8b47cb412", 0x7, &(0x7f0000000440)="23827bed4ce2ad1ea527a604006148157167eb67dd289db047ed41cf4616f5f3fc304a1b555f43b767151d91676ee543b1f3038ba3c25b4956ba5b753d074818356dbf5c473f25d3be0b574f6ce45cca48a1f0f6db633c099bbc31d9e7be188f1b1ddebcb15aa752ddec54070b79660812b25343ea3f4ca3502dcde33eea767bdc375f8f5530d802b12a990b0f3b8595e1415d27713693faf7b98da44405810a8e193bf45645965c1be53826c46f6afe03d781bce36c61195c92e20bfc7730944566327f556a7f06580acc1a0faf6a7c05b5540669f8e9d707d066fd198715d9286dfc313d2261aca5fdb43ed8016c", 0x79, &(0x7f0000000240)="f268a4270012fff66b868fbd8d5633eec3b8148a5eb3a8d970256648f8f4aa3965ec0343713e8065a944d0f72b5e68a3e4959dee24c2b78130806363dcbf56b39b3cb52812a92e96ef5637b7241a4af18925ad4f1ab3383662ffa3e7a11560569cd68aec080e954f51eec7a83fe620398a6f471f35e15c0b53ebc6cdc47f5a28fe83bfe8829e5d2a980bf082f4bd84a192b0acb9ce09f9f04ce8a4aebd985f3de15695", &(0x7f0000000180)=0x80}, {[0x7, 0xfffffffb, 0x401, 0x8]}, 0x2, 0x3, &(0x7f0000000540)="15dc3632f8ca3a21814b91017508f7280127afaeed0f43f9c07810f605dae741aee76eb441c14f5561f693db0cd81268d609cf52da042d6f1e04259b94716b3afb08d11825de65a03624a41e4f062c81c09c"}) write$auto(r4, &(0x7f0000000140)='0[.[\x00', 0xff) socket(0x10, 0x2, 0x14) (async) r7 = socket(0x10, 0x2, 0x14) sendmsg$auto_NLBL_MGMT_C_REMOVE(r7, 0x0, 0x2400800c) sysfs$auto(0x2, 0x101000000000007, 0x0) keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803) (async) keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803) bpf$auto(0x2, &(0x7f0000000640)=@bpf_attr_11={0xde8, 0xd994, 0x6, 0x755, 0x2, 0x4, 0xfae7, r5}, 0xa3) 3.469250772s ago: executing program 2 (id=1091): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x1000000000000004, 0x9, 0x91, 0xffffffffffffffff, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket(0xa, 0x1, 0x100) r1 = fanotify_init$auto(0x5, 0x2000000000002) r2 = open(&(0x7f0000000000)='.\x00', 0xc00, 0x409) fanotify_mark$auto(r1, 0x9, 0x9, r2, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) prctl$auto(0x801, 0x1, 0x0, 0x3, 0xfffffffffffffffb) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) io_uring_setup$auto(0x9, &(0x7f0000000100)={0x694f, 0x4, 0x2, 0x80, 0xbf, 0x1, r0, [0x81, 0x1, 0x1], {0xffffffff, 0xb627, 0x1, 0x8, 0x0, 0x1, 0x1, 0xfffffff7, 0xa}, {0x8, 0x9f33, 0xb27, 0x3, 0x9, 0x9, 0xabd, 0x3, 0x9}}) socket(0x22, 0x2, 0x2) setsockopt$auto(0x7, 0x114, 0x3, 0xffffffffffffffff, 0xa0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0xe8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) 1.655519266s ago: executing program 3 (id=1092): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe4643, 0x0) mmap$auto(0x0, 0x9, 0xe3, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x1ff) read$auto_rng_chrdev_ops_core(0xffffffffffffffff, 0x0, 0x0) r2 = waitid$auto(0x42, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x7d2, 0xd5ae, @_sigfault={&(0x7f00000000c0)="4ba6a403b94fd1f75aa81163a7af0e349a8b2abe5e6c7fbf7c5082a67f38520dbdc7692997aa45e63b6b16e806371967f4d563fcf251b4a49080e02c5463c66752df", @_addr_lsb=0x8}}}, 0x2, &(0x7f0000000d00)={{0x0, 0xffffffffffffffff}, {0x4e, 0x7}, 0x7f, 0x9, 0x6, 0x3fffffff80000000, 0x7fc, 0x7, 0x4, 0x3, 0x9, 0x3, 0x10001, 0x9578, 0x9, 0x9}) bpf$auto(0x12, &(0x7f0000000040)=@link_detach={0xffffffffffffffff}, 0x26) r4 = geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, &(0x7f0000001180)={{0x8, 0xffffffffffffffff, 0x0, 0x6, 0xdf7, 0x7, 0x9f71}, 0x80000000, 0x800, 0xfffffffffffffff8, 0x1, @raw=0x6, @inferred=0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000140)="995d45922db8a829198ebce22bd5f42e563b53a249de9c8b5d392d88426369a73c6fe6f66de06f9f4964cd20af595ff4f1e8bf7f8642d6", &(0x7f0000000180)="0fcf475dd313ee031e4b16142db4468a960cfcb2afe55e2451131c45395f5365acd8e54088ecd6e411aaeb30fab62b9e0c6a45fe9f944cba65c493c3b52ec9daae97d2e921fd8f7445db95dec3e911ce93a43b678725144023381a8143badba1eb1022d4b330bf5a1659daf939956f065eb300d4dacbcdb51596010e193f5ea206bb5755bea5c49e46cf654a3a132610d117f6415c2f6f75f4c072f9229b13afef58a25ad93a463c1859589b2bf46c9be2c9d5d3445c035d726fef567ca899cc6168c87cb7f29481657f6a18834dbf874b83ac3e976c11fbf70045c7ba3089e88f129db9bbab00d32d16e388aa53acc8650295c376d303ccdbd3608b56f1cb4e19366f300871f3ec222e72f30ff7959df8af036cd74e325319805e1334996e69e649567a3604a1adbe0ee3d9100fd12792c4f3e3fe955896bc42bbd49569da07aeaf77b6d5185970cdffc9e7835ed54e3c85044aa1292f1709b0d2279928dd48758eb59a886628279267cece1c918af23283c51672c503b06df96f2d5ca96a274e408a56f0d4b2ab9411f4beb91b33b7ff9a93aa409adccf45bf3519d1c7ae925909558b292e7f80bb6898e5a0c97a2f950182a8675e61f2a53e81b99348428158d19b18e62d2cbe1f02c6ea04095f84879dca5784505b017e301483eeabc73c73b0c6156263051e739d7966109f002b1b9775e353894af9dee82faa6ebfaacf2cc53aa22468847f6ce38b209f83d966d6c47eae089909cc43bfe2e9c3d722a0d0a5aadfd10fe78f99acae16bc5eb2fc25c8752b6f645bdc016057c1759c6c0b551a07574ca5d1c77db3af9c4434b23ed4ce5fd115ca09422f4d860cbe290ce41d83e3d85d902c4e6220c4ffdbe0b3745571406580e68b793bafac082d6ff636cb17c44e0349a9145a58296ae388487791933f29ea3c8f176f28d5a9ec83f6e14fd284b4a8cf0e22aadb9ef802e39641369471ddb03d6ea2b8d5e9db9f7b6b6640b8d636d927b8774b7f37ba4f034fa13558a576e3b4e242552111e02a63ac6640dff388fd48eea2d1e47a4e9715bb99536af22345d2d8fadee5969c01244eef83bef14e1d9ac5635337835b9fdb5a8d9801997eff27c6f7ee5b3907c839503bce9e4035a09d1b6e4baed86536825e6e247ce4414ce30adf90df7368474546420fc38230d6703789f3e4e802152264d20eebde7d2a5072ad9bdd3f068e0f82cc7544fe684309b62b71a241960353c7059321efba278fe446cfc133f9984a4a99bdabec766a219449881e88bd18fe9689fbbefbc2e35bdf6556162dbed3be8ff6270949144244ad5c17380f5807c2d13266531c26ded7e718d37d033820e02b0bd0ec2ef944d965000987a4056d296e9eea06ce49fbdcd72670bbac9464b92a9de1c0af964a965f765349dfcbfb5d1bac01d38a3322d918346206fd4c1545a714a2a9f51b51c452936277cb36667c54e4f1066759ac7e8c6aa1d5f117a4e25db35e331980ab2be6e5fab5463e1128bdd7d898f5c486fc9e999f5f32c611febed21fea9246a452017e7c0a458408477062da84a6d5b9216a1671238f56c1bff19097488e02e6afd0df9026fede8967755890f3f207014cd5faeb538c046e25f497ab3e00c1ca0e1f7ef37ed7f0584b46706232d75cdbc6fe95aae0dffe59840aeca402154768b5235d1906b272f386fd63c486da5fde4b87dda99d44cd8114a6efb5492b79b60b264a38987cde18d354817d1152afdfd053a0b0b690d17463603ab6ae54d292a5f0317f9a25901cad31bc3120e99ad2d9adce9e28f3cc4ef13e6a7e8688320331fcc31000ffff30ab87dea81387a659c0660a694b536ab2d1e2949cc73c408065f6d8ead88f401af383920c04a9fd348d6d3b070c9571a1bd8ffeb6cb21f30d759f707d1aadc9dccc98123c110ed7197c4ce06312a647a95737f321ccd3c46f7f84bd4df57e2e321c4d899231c68d2aada6bf3bc92ec717d9a244f7d12993a41dba21a8c3b9c387cd9418148f7f4da4d4eeb05d67e71e359e8e5633e463aecc124ff17992e2f520be5618d882804098db62be3a580c4081765272a7c3ee1d699577f880ea34482149193a10a50452099b52f50b6c911528626d122c6987bcd17319dbbe3873a8d00bed5bf8b171382d710b4747ac59f94eaba458c67b352bde8036c507ae81fa8e2023a5bd9aac6609eb49cf4013381fdf5bb758cbd70dcb7fbfc170920d51c094216fcc9a6b10381c578b6694976df4fa45916552bb9af3939304c185e7d791cebc6a90d240ff44cc25a901767b67c30f84e13bbc322d609b6b10ae572e490cc4fe3c28fa88258043fcea26923e0c23108fcfabbdabb172b81092a07482083fefd5b17bdded95af9042b65a80db8acac1469fb303a6d6239fa5526abaa3ecef66a60168dbdaba1dcf3629c01408e9a4b4114fee61668567ef68baf2e5393696a7f7cfe3669acbf06a3f8f634b0cefa26d15e0c5781166cf6129194574e25ce9616fd2cf4504c66382cf08c4bb9e36cd2ddbf8925e0ef9daed51cf244dfa1e4c7f4c0f69dea0db1477655edf634b7b020f350fd9efe914637230358268bdf250f334dd34691d86ec9bd25f712622dfc524f45b267bef3da3dd0d890a01b92889a22b02c2853c566dcd4161a3ea78b326820d26e8175a720375c9e8ba01757a976f9762894e43d8862002767afaab99fcdea793d9ef36c8a6e539d5d5ff227f27169421dcb066a9e5ff264c9aac0af3a9fd7ed36846fee0a3242fb334742ea466965958dcc5127defa0eb86b67d61eb95479d9a2234ae9f299d54f477b593371bc0019be11f27f3b0149528f6bc13004e704a3bc6b48f2e6f0d2560382604cf766f022ef554f75e0aa350d977ac5b019288efc606b3a8b29276d2c182569e93568b83f3d015df4e91b54f0f097c5a3aa0c2d1beb72ccdbe45a9ee5edeca97939c4c296f1f7ff43c1dffc42640eef9d31ab361460a9ef1da5760b5ad1ea99acbb0d1125054d7ec276b15e854d1b75ab376354684c83ebb6835ee030669516b734246a6b3e482c4c17ceebf9929ce3a955af326ef2e615c0f5746e27308884b6b2d1d4e742e44006fe5fd719f696c6c17796ca8f974984a5a3c7804e8d181849cc265670fa6a84643adc9ce3129afdbf2b3eb7894150ef272195bb19adee5c76daf9483c594ab592fe226877a87b5c1b648aa90ad588cd09aacc1a7369c78c453ef2322c519b34a3fbeb2c47fe113b1cf91bd0fb5329b2b1bfdb0f6bb931a994a67388958a1e16dc682c99f92d68b40424868da7254369a473efa7042f443b3f1e29792b42452f7bd28843851a9eaba3901b22ceee830e6c39e47180a9a224be3348a85308b0e64545d27697969bde067f88bc9a4af62d0c715bce40da2ccd6a732c245af636919cfdf9a4ce36ab5cd6e82785580a3ce962733ad234101e6c08b898ed05b584ce848ab29a553992b671190227974ef1d82a34df2877ca12394f6b9a56f6b7eb1eeb8287edaa8d24a35aa1ecf8c4f26001b49b976b288339f2a72614a4d02e358e779931cd12b94897fc34c57275cb5ca74ff151bfb5c7aa934e9cddccc6d5dbf36b59ad30d41e3a76b6e506ef78a0c1894ed63ee65f9f410b71866eb16eb7a44191abce936ad38f4052e9204d2ac8c50809764d7be16486ac35c034a03bb927c2a4b5cd42366ff084302612cd35869b48067cb4de57078aeba31a904e02243e08ff067ee208fb7f524dd6c24508ce434c0f7ca2fe9ebd0085137f27c7f99b98eb1627c65ccee8afc06766a0481fddc30275e78cef92aae01486abaabe875ff970ab427f8d36330fbbadb3eead5dafa492640a860d7c4fd33f618e2a272cd4bdc45eeb836475933fcd60b2cff2937a93a1923a62b8543f93dbd77f0c58370d2eac298387810db566d358565883a7c633f683ebf758fdab3e0f5ade19acb55a1b53a59fd86bb65c9e6c1ae5675d54105a81a722e9ebbdfc367432dd4b87e9d32525b41b6321f8ea9cf036b03de802bfa6db733756d8314930062b5c215ca6657e67f62beeb5245cc0a210b0794f85c486216d60c040abfdec35b332683f2ec0cb3f33f198fccc7842a7d4beeb8b912bd6efc8da15eaab4aa50408c15f57cf16d52fb43c16ac2c077114a9a9fcdeed4d0"}) fstat$auto(r3, &(0x7f0000001200)={0x1, 0x8000000000000001, 0xfffffffffffffb52, 0x3ff, r4, r5, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x6, 0x8000000000000000, 0x5, 0x7f, 0x100000001}) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x2, &(0x7f0000000380)={@siginfo_0_0={0x4, 0xfffffffa, 0x0, @_kill={r2, r4}}}, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) 1.624882229s ago: executing program 1 (id=1093): mmap$auto(0x0, 0x6f02, 0x2, 0xeb8, 0xffffffffffffffff, 0x8000) madvise$auto(0x200002, 0x3, 0x13) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x13, 0x202000a, 0x8000000000000003, 0x4000000019, r0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008011, 0xffffffffffffffff, 0x8003) close_range$auto(r1, 0x8, 0x0) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x800000000000006, 0x9, 0xdf, 0x9b72, r0, 0xc68) (async) mmap$auto(0x800000000000006, 0x9, 0xdf, 0x9b72, r0, 0xc68) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) (async) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) setgroups$auto(0x10001, &(0x7f0000000080)=0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getpid() (async) getpid() openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) (async) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, &(0x7f0000000040)='nbd\x00', 0x4) setresuid$auto(0x0, 0x7, 0x8080) (async) setresuid$auto(0x0, 0x7, 0x8080) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) (async) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) ioprio_get$auto(0x3, 0x2) 317.72982ms ago: executing program 3 (id=1094): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2d, 0x2, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x41, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 3 (id=1095): close_range$auto(0x2, 0x8, 0x0) socket(0x2d, 0x2, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x41, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) (fail_nth: 6) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff001, 0x2) prctl$auto_PR_SME_SET_VL(0x3f, 0x80000000, 0x0, 0x4b0d, 0x6) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) kernel console output (not intermixed with test programs): 9] ? folios_put_refs+0x5ce/0x740 [ 356.474193][ T6109] ? __pfx_folios_put_refs+0x10/0x10 [ 356.474241][ T6109] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 356.474285][ T6109] ? policy_nodemask+0xea/0x4e0 [ 356.474340][ T6109] alloc_pages_mpol+0x1fb/0x550 [ 356.474377][ T6109] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 356.474418][ T6109] folio_alloc_mpol_noprof+0x36/0x2f0 [ 356.474455][ T6109] shmem_alloc_folio+0x135/0x160 [ 356.474493][ T6109] shmem_alloc_and_add_folio+0x499/0xc20 [ 356.474544][ T6109] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 356.474589][ T6109] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 356.474638][ T6109] shmem_get_folio_gfp+0x67f/0x1600 [ 356.474686][ T6109] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 356.474730][ T6109] ? __lock_acquire+0x622/0x1c90 [ 356.474771][ T6109] shmem_fault+0x1fe/0xa30 [ 356.474816][ T6109] ? __pfx_shmem_fault+0x10/0x10 [ 356.474870][ T6109] ? __lock_acquire+0xb8a/0x1c90 [ 356.474915][ T6109] __do_fault+0x10a/0x490 [ 356.474958][ T6109] ? __pfx_filemap_map_pages+0x10/0x10 [ 356.475002][ T6109] __handle_mm_fault+0x374c/0x5490 [ 356.475055][ T6109] ? __pfx___handle_mm_fault+0x10/0x10 [ 356.475095][ T6109] ? __pte_offset_map_lock+0x174/0x310 [ 356.475126][ T6109] ? find_held_lock+0x2b/0x80 [ 356.475149][ T6109] ? find_held_lock+0x2b/0x80 [ 356.475190][ T6109] ? follow_page_pte+0x3af/0x14c0 [ 356.475234][ T6109] handle_mm_fault+0x589/0xd10 [ 356.475283][ T6109] __get_user_pages+0x589/0x3b80 [ 356.475337][ T6109] ? __pfx___get_user_pages+0x10/0x10 [ 356.475376][ T6109] ? __pfx_down_read_killable+0x10/0x10 [ 356.475405][ T6109] ? __lock_acquire+0xb8a/0x1c90 [ 356.475446][ T6109] faultin_page_range+0x249/0x980 [ 356.475488][ T6109] madvise_do_behavior+0x268/0x3f0 [ 356.475520][ T6109] ? __pfx_madvise_do_behavior+0x10/0x10 [ 356.475570][ T6109] do_madvise+0x161/0x230 [ 356.475597][ T6109] ? __pfx_do_madvise+0x10/0x10 [ 356.475640][ T6109] ? xfd_validate_state+0x61/0x180 [ 356.475673][ T6109] ? __pfx_do_writev+0x10/0x10 [ 356.475715][ T6109] __x64_sys_madvise+0xa9/0x110 [ 356.475744][ T6109] ? lockdep_hardirqs_on+0x7c/0x110 [ 356.475787][ T6109] do_syscall_64+0xcd/0x490 [ 356.475817][ T6109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.475846][ T6109] RIP: 0033:0x7f19d758e929 [ 356.475870][ T6109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.475897][ T6109] RSP: 002b:00007f19d53f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 356.475925][ T6109] RAX: ffffffffffffffda RBX: 00007f19d77b5fa0 RCX: 00007f19d758e929 [ 356.475943][ T6109] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 356.475960][ T6109] RBP: 00007f19d7610b39 R08: 0000000000000000 R09: 0000000000000000 [ 356.475977][ T6109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.475993][ T6109] R13: 0000000000000000 R14: 00007f19d77b5fa0 R15: 00007ffc7c23d1b8 [ 356.476032][ T6109] [ 356.934065][ T6107] netlink: 28 bytes leftover after parsing attributes in process `syz.1.28'. [ 356.958062][ T6107] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.175266][ T6107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.349847][ T6111] netlink: 338 bytes leftover after parsing attributes in process `syz.0.29'. [ 357.490984][ T6117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 358.052969][ T6130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.34'. [ 361.361579][ T6157] program syz.1.37 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 361.848331][ T6175] Invalid ELF header magic: != ELF [ 363.676581][ T6180] mkiss: ax0: crc mode is auto. [ 364.696424][ T6205] FAULT_INJECTION: forcing a failure. [ 364.696424][ T6205] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 364.804390][ T6205] CPU: 1 UID: 0 PID: 6205 Comm: syz.2.45 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 364.804417][ T6205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 364.804427][ T6205] Call Trace: [ 364.804434][ T6205] [ 364.804441][ T6205] dump_stack_lvl+0x16c/0x1f0 [ 364.804471][ T6205] should_fail_ex+0x512/0x640 [ 364.804509][ T6205] should_fail_alloc_page+0xe7/0x130 [ 364.804529][ T6205] prepare_alloc_pages+0x3c2/0x610 [ 364.804553][ T6205] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 364.804583][ T6205] ? mas_next_slot+0x12d3/0x21b0 [ 364.804601][ T6205] ? __up_read+0x1f8/0x750 [ 364.804629][ T6205] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 364.804656][ T6205] ? mas_find+0x2f6/0x530 [ 364.804672][ T6205] ? validate_mm+0x40a/0x570 [ 364.804697][ T6205] ? __pfx_validate_mm+0x10/0x10 [ 364.804722][ T6205] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 364.804748][ T6205] ? policy_nodemask+0xea/0x4e0 [ 364.804776][ T6205] alloc_pages_mpol+0x1fb/0x550 [ 364.804792][ T6205] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 364.804813][ T6205] alloc_pages_noprof+0x131/0x390 [ 364.804830][ T6205] __pud_alloc+0x3b/0x750 [ 364.804850][ T6205] alloc_new_pud+0x267/0x320 [ 364.804874][ T6205] move_page_tables+0x6b6/0x4070 [ 364.804902][ T6205] ? __pfx_copy_vma+0x10/0x10 [ 364.804924][ T6205] ? lockdep_hardirqs_on+0x7c/0x110 [ 364.804952][ T6205] ? __pfx_move_page_tables+0x10/0x10 [ 364.804974][ T6205] ? register_lock_class+0x41/0x4c0 [ 364.804994][ T6205] ? __schedule+0x1181/0x5de0 [ 364.805025][ T6205] ? __lock_acquire+0x622/0x1c90 [ 364.805049][ T6205] copy_vma_and_data+0x216/0x750 [ 364.805075][ T6205] ? __pfx_copy_vma_and_data+0x10/0x10 [ 364.805104][ T6205] ? __vma_enter_locked+0x163/0x3f0 [ 364.805128][ T6205] ? find_held_lock+0x2b/0x80 [ 364.805144][ T6205] ? move_vma+0x536/0x1740 [ 364.805172][ T6205] move_vma+0x548/0x1740 [ 364.805198][ T6205] ? __pfx_move_vma+0x10/0x10 [ 364.805220][ T6205] ? mm_get_unmapped_area+0x95/0xe0 [ 364.805239][ T6205] ? shmem_get_unmapped_area+0x170/0xa00 [ 364.805261][ T6205] ? cap_mmap_addr+0x4b/0x120 [ 364.805277][ T6205] ? bpf_lsm_mmap_addr+0x9/0x10 [ 364.805293][ T6205] ? security_mmap_addr+0x6c/0x1e0 [ 364.805313][ T6205] ? __get_unmapped_area+0x267/0x440 [ 364.805333][ T6205] ? vrm_set_new_addr+0x208/0x290 [ 364.805358][ T6205] __do_sys_mremap+0xe07/0x1590 [ 364.805384][ T6205] ? __pfx___do_sys_mremap+0x10/0x10 [ 364.805414][ T6205] ? __fget_files+0x204/0x3c0 [ 364.805440][ T6205] ? __x64_sys_futex+0x1e0/0x4c0 [ 364.805473][ T6205] do_syscall_64+0xcd/0x490 [ 364.805499][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.805516][ T6205] RIP: 0033:0x7f19d758e929 [ 364.805531][ T6205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.805548][ T6205] RSP: 002b:00007f19d4f91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 364.805565][ T6205] RAX: ffffffffffffffda RBX: 00007f19d77b6240 RCX: 00007f19d758e929 [ 364.805575][ T6205] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000 [ 364.805585][ T6205] RBP: 00007f19d7610b39 R08: 00007effffffb000 R09: 0000000000000000 [ 364.805595][ T6205] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 364.805604][ T6205] R13: 0000000000000000 R14: 00007f19d77b6240 R15: 00007ffc7c23d1b8 [ 364.805625][ T6205] [ 365.385102][ T6203] random: crng reseeded on system resumption syzkaller syzkaller login: [ 367.771331][ T6229] netlink: 28 bytes leftover after parsing attributes in process `syz.1.50'. [ 368.166887][ T6236] hub 8-0:1.0: USB hub found [ 368.190955][ T6236] hub 8-0:1.0: 1 port detected [ 368.458014][ T6236] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 369.069187][ T6254] mmap: syz.1.57 (6254) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 371.177299][ T6276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.61'. [ 371.235182][ T6276] team0: Port device team_slave_0 removed [ 373.196735][ T6301] netlink: 28 bytes leftover after parsing attributes in process `syz.1.67'. [ 373.253430][ T6301] bond0: (slave bond_slave_0): Releasing backup interface [ 376.194988][ T6333] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.576935][ T6336] netlink: Conntrack attr has 16 unknown bytes [ 378.263600][ T6363] netlink: 290 bytes leftover after parsing attributes in process `syz.1.78'. [ 378.496300][ T6363] veth1_macvtap: left promiscuous mode [ 381.004778][ T6406] netlink: Conntrack attr has 16 unknown bytes [ 381.816893][ T6417] FAULT_INJECTION: forcing a failure. [ 381.816893][ T6417] name failslab, interval 1, probability 0, space 0, times 1 [ 381.974129][ T6417] CPU: 0 UID: 0 PID: 6417 Comm: syz.1.92 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 381.974170][ T6417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 381.974186][ T6417] Call Trace: [ 381.974196][ T6417] [ 381.974207][ T6417] dump_stack_lvl+0x16c/0x1f0 [ 381.974257][ T6417] should_fail_ex+0x512/0x640 [ 381.974297][ T6417] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 381.974346][ T6417] should_failslab+0xc2/0x120 [ 381.974376][ T6417] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 381.974424][ T6417] ? kvasprintf_const+0x66/0x1a0 [ 381.974458][ T6417] kvasprintf+0xbc/0x160 [ 381.974482][ T6417] ? __pfx_kvasprintf+0x10/0x10 [ 381.974509][ T6417] ? rcu_read_unlock+0x17/0x60 [ 381.974536][ T6417] ? kernel_text_address+0x8d/0x100 [ 381.974589][ T6417] kvasprintf_const+0x66/0x1a0 [ 381.974619][ T6417] kobject_set_name_vargs+0x5a/0x140 [ 381.974650][ T6417] dev_set_name+0xc7/0x100 [ 381.974684][ T6417] ? __pfx_dev_set_name+0x10/0x10 [ 381.974718][ T6417] ? rcu_is_watching+0x12/0xc0 [ 381.974745][ T6417] ? trace_kmalloc+0x2b/0xd0 [ 381.974771][ T6417] ? __kmalloc_noprof.cold+0x5c/0x61 [ 381.974825][ T6417] wiphy_new_nm+0x811/0x2160 [ 381.974858][ T6417] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 381.974893][ T6417] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 381.974926][ T6417] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 381.974957][ T6417] ? __local_bh_enable_ip+0xa4/0x120 [ 381.974995][ T6417] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 381.975053][ T6417] ? __asan_memset+0x23/0x50 [ 381.975101][ T6417] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 381.975162][ T6417] hwsim_new_radio_nl+0xb51/0x12c0 [ 381.975208][ T6417] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 381.975267][ T6417] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 381.975307][ T6417] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 381.975352][ T6417] genl_family_rcv_msg_doit+0x206/0x2f0 [ 381.975394][ T6417] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 381.975432][ T6417] ? trace_cap_capable+0x18d/0x200 [ 381.975471][ T6417] ? bpf_lsm_capable+0x9/0x10 [ 381.975506][ T6417] ? security_capable+0x7e/0x260 [ 381.975535][ T6417] ? ns_capable+0xd7/0x110 [ 381.975567][ T6417] genl_rcv_msg+0x55c/0x800 [ 381.975609][ T6417] ? __pfx_genl_rcv_msg+0x10/0x10 [ 381.975647][ T6417] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 381.975706][ T6417] netlink_rcv_skb+0x155/0x420 [ 381.975738][ T6417] ? __pfx_genl_rcv_msg+0x10/0x10 [ 381.975777][ T6417] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 381.975827][ T6417] ? netlink_deliver_tap+0x1ae/0xd30 [ 381.975864][ T6417] genl_rcv+0x28/0x40 [ 381.975897][ T6417] netlink_unicast+0x53a/0x7f0 [ 381.975935][ T6417] ? __pfx_netlink_unicast+0x10/0x10 [ 381.975980][ T6417] netlink_sendmsg+0x8d1/0xdd0 [ 381.976020][ T6417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 381.976061][ T6417] ____sys_sendmsg+0xa95/0xc70 [ 381.976103][ T6417] ? copy_msghdr_from_user+0x10a/0x160 [ 381.976148][ T6417] ? __pfx_____sys_sendmsg+0x10/0x10 [ 381.976193][ T6417] ? __pfx_futex_wake_mark+0x10/0x10 [ 381.976242][ T6417] ___sys_sendmsg+0x134/0x1d0 [ 381.976290][ T6417] ? __pfx____sys_sendmsg+0x10/0x10 [ 381.976325][ T6417] ? __lock_acquire+0x622/0x1c90 [ 381.976412][ T6417] __sys_sendmsg+0x16d/0x220 [ 381.976458][ T6417] ? __pfx___sys_sendmsg+0x10/0x10 [ 381.976499][ T6417] ? __x64_sys_futex+0x1e0/0x4c0 [ 381.976557][ T6417] do_syscall_64+0xcd/0x490 [ 381.976587][ T6417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.976616][ T6417] RIP: 0033:0x7fbe29f8e929 [ 381.976639][ T6417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.976665][ T6417] RSP: 002b:00007fbe2ad82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 381.976693][ T6417] RAX: ffffffffffffffda RBX: 00007fbe2a1b5fa0 RCX: 00007fbe29f8e929 [ 381.976711][ T6417] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000005 [ 381.976729][ T6417] RBP: 00007fbe2a010b39 R08: 0000000000000000 R09: 0000000000000000 [ 381.976746][ T6417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.976761][ T6417] R13: 0000000000000000 R14: 00007fbe2a1b5fa0 R15: 00007ffd23a63ef8 [ 381.976801][ T6417] [ 383.372441][ T6434] netlink: 290 bytes leftover after parsing attributes in process `syz.0.93'. [ 383.562590][ T6434] veth1_macvtap: left promiscuous mode [ 384.151141][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.157804][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.480176][ T6457] netlink: 'syz.1.98': attribute type 1 has an invalid length. [ 386.830821][ T6495] FAULT_INJECTION: forcing a failure. [ 386.830821][ T6495] name failslab, interval 1, probability 0, space 0, times 0 [ 386.866328][ T6495] CPU: 0 UID: 0 PID: 6495 Comm: syz.2.106 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 386.866376][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 386.866393][ T6495] Call Trace: [ 386.866404][ T6495] [ 386.866416][ T6495] dump_stack_lvl+0x16c/0x1f0 [ 386.866469][ T6495] should_fail_ex+0x512/0x640 [ 386.866511][ T6495] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 386.866564][ T6495] should_failslab+0xc2/0x120 [ 386.866594][ T6495] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 386.866644][ T6495] ? kvasprintf_const+0x66/0x1a0 [ 386.866680][ T6495] kvasprintf+0xbc/0x160 [ 386.866709][ T6495] ? __pfx_kvasprintf+0x10/0x10 [ 386.866741][ T6495] ? rcu_read_unlock+0x17/0x60 [ 386.866769][ T6495] ? kernel_text_address+0x8d/0x100 [ 386.866823][ T6495] kvasprintf_const+0x66/0x1a0 [ 386.866854][ T6495] kobject_set_name_vargs+0x5a/0x140 [ 386.866888][ T6495] dev_set_name+0xc7/0x100 [ 386.866924][ T6495] ? __pfx_dev_set_name+0x10/0x10 [ 386.866962][ T6495] ? rcu_is_watching+0x12/0xc0 [ 386.866992][ T6495] ? trace_kmalloc+0x2b/0xd0 [ 386.867018][ T6495] ? __kmalloc_noprof.cold+0x5c/0x61 [ 386.867072][ T6495] wiphy_new_nm+0x811/0x2160 [ 386.867108][ T6495] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 386.867144][ T6495] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 386.867178][ T6495] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 386.867211][ T6495] ? __local_bh_enable_ip+0xa4/0x120 [ 386.867250][ T6495] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 386.867329][ T6495] ? __asan_memset+0x23/0x50 [ 386.867372][ T6495] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 386.867431][ T6495] hwsim_new_radio_nl+0xb51/0x12c0 [ 386.867481][ T6495] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 386.867541][ T6495] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 386.867585][ T6495] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 386.867637][ T6495] genl_family_rcv_msg_doit+0x206/0x2f0 [ 386.867681][ T6495] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 386.867720][ T6495] ? trace_cap_capable+0x18d/0x200 [ 386.867760][ T6495] ? bpf_lsm_capable+0x9/0x10 [ 386.867795][ T6495] ? security_capable+0x7e/0x260 [ 386.867826][ T6495] ? ns_capable+0xd7/0x110 [ 386.867859][ T6495] genl_rcv_msg+0x55c/0x800 [ 386.867904][ T6495] ? __pfx_genl_rcv_msg+0x10/0x10 [ 386.867943][ T6495] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 386.868003][ T6495] netlink_rcv_skb+0x155/0x420 [ 386.868035][ T6495] ? __pfx_genl_rcv_msg+0x10/0x10 [ 386.868076][ T6495] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 386.868128][ T6495] ? netlink_deliver_tap+0x1ae/0xd30 [ 386.868166][ T6495] genl_rcv+0x28/0x40 [ 386.868200][ T6495] netlink_unicast+0x53a/0x7f0 [ 386.868239][ T6495] ? __pfx_netlink_unicast+0x10/0x10 [ 386.868295][ T6495] netlink_sendmsg+0x8d1/0xdd0 [ 386.868338][ T6495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.868388][ T6495] ____sys_sendmsg+0xa95/0xc70 [ 386.868427][ T6495] ? copy_msghdr_from_user+0x10a/0x160 [ 386.868473][ T6495] ? __pfx_____sys_sendmsg+0x10/0x10 [ 386.868520][ T6495] ? __pfx_futex_wake_mark+0x10/0x10 [ 386.868571][ T6495] ___sys_sendmsg+0x134/0x1d0 [ 386.868622][ T6495] ? __pfx____sys_sendmsg+0x10/0x10 [ 386.868664][ T6495] ? __lock_acquire+0x622/0x1c90 [ 386.868757][ T6495] __sys_sendmsg+0x16d/0x220 [ 386.868805][ T6495] ? __pfx___sys_sendmsg+0x10/0x10 [ 386.868851][ T6495] ? __x64_sys_futex+0x1e0/0x4c0 [ 386.868914][ T6495] do_syscall_64+0xcd/0x490 [ 386.868946][ T6495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.868976][ T6495] RIP: 0033:0x7f19d758e929 [ 386.869002][ T6495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.869028][ T6495] RSP: 002b:00007f19d53f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 386.869056][ T6495] RAX: ffffffffffffffda RBX: 00007f19d77b5fa0 RCX: 00007f19d758e929 [ 386.869076][ T6495] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000005 [ 386.869094][ T6495] RBP: 00007f19d7610b39 R08: 0000000000000000 R09: 0000000000000000 [ 386.869112][ T6495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.869129][ T6495] R13: 0000000000000000 R14: 00007f19d77b5fa0 R15: 00007ffc7c23d1b8 [ 386.869169][ T6495] [ 388.149964][ T6522] ima: policy update failed [ 388.165011][ T30] audit: type=1802 audit(6045522977.320:2): pid=6522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.110" res=0 errno=0 [ 388.185701][ T6522] netlink: 25 bytes leftover after parsing attributes in process `syz.1.110'. [ 389.031719][ T30] audit: type=1800 audit(6045522978.180:3): pid=6547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.116" name="dbroot" dev="configfs" ino=9084 res=0 errno=0 [ 390.560183][ T6574] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 390.974873][ T6581] FAULT_INJECTION: forcing a failure. [ 390.974873][ T6581] name failslab, interval 1, probability 0, space 0, times 0 [ 391.035893][ T6581] CPU: 1 UID: 0 PID: 6581 Comm: syz.1.124 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 391.035943][ T6581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 391.035960][ T6581] Call Trace: [ 391.035995][ T6581] [ 391.036007][ T6581] dump_stack_lvl+0x16c/0x1f0 [ 391.036061][ T6581] should_fail_ex+0x512/0x640 [ 391.036103][ T6581] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 391.036145][ T6581] should_failslab+0xc2/0x120 [ 391.036173][ T6581] __kmalloc_cache_noprof+0x6a/0x3e0 [ 391.036209][ T6581] ? trace_kmalloc+0x2b/0xd0 [ 391.036232][ T6581] ? call_usermodehelper_setup+0xaf/0x360 [ 391.036278][ T6581] ? __pfx_free_modprobe_argv+0x10/0x10 [ 391.036322][ T6581] call_usermodehelper_setup+0xaf/0x360 [ 391.036377][ T6581] __request_module+0x3bd/0x690 [ 391.036419][ T6581] ? __pfx___request_module+0x10/0x10 [ 391.036456][ T6581] ? trace_kmem_cache_alloc+0x28/0xc0 [ 391.036488][ T6581] ? security_inode_alloc+0x3b/0x2b0 [ 391.036528][ T6581] ? inode_init_always_gfp+0xd05/0x1030 [ 391.036583][ T6581] __sock_create+0x5c3/0x8d0 [ 391.036625][ T6581] __sys_socket+0x14d/0x260 [ 391.036657][ T6581] ? fput+0x70/0xf0 [ 391.036684][ T6581] ? __pfx___sys_socket+0x10/0x10 [ 391.036718][ T6581] ? xfd_validate_state+0x61/0x180 [ 391.036749][ T6581] ? __pfx_ksys_write+0x10/0x10 [ 391.036796][ T6581] __x64_sys_socket+0x72/0xb0 [ 391.036830][ T6581] ? lockdep_hardirqs_on+0x7c/0x110 [ 391.036874][ T6581] do_syscall_64+0xcd/0x490 [ 391.036902][ T6581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.036930][ T6581] RIP: 0033:0x7fbe29f8e929 [ 391.036954][ T6581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.036996][ T6581] RSP: 002b:00007fbe2ad82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 391.037026][ T6581] RAX: ffffffffffffffda RBX: 00007fbe2a1b5fa0 RCX: 00007fbe29f8e929 [ 391.037045][ T6581] RDX: 0010000000000002 RSI: 0000000000000002 RDI: 000000000000000c [ 391.037063][ T6581] RBP: 00007fbe2a010b39 R08: 0000000000000000 R09: 0000000000000000 [ 391.037080][ T6581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 391.037096][ T6581] R13: 0000000000000000 R14: 00007fbe2a1b5fa0 R15: 00007ffd23a63ef8 [ 391.037138][ T6581] [ 391.520438][ T6582] netlink: 'syz.3.123': attribute type 1 has an invalid length. [ 391.625875][ T6585] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 391.997753][ T6582] vivid-007: ================= START STATUS ================= [ 392.020489][ T6582] vivid-007: Generate PTS: true [ 392.054715][ T6582] vivid-007: Generate SCR: true [ 392.127938][ T6582] tpg source WxH: 320x240 (Y'CbCr) [ 392.157210][ T6582] tpg field: 1 [ 392.202401][ T6582] tpg crop: (0,0)/320x240 [ 392.207088][ T6582] tpg compose: (0,0)/320x240 [ 392.224122][ T6582] tpg colorspace: 8 [ 392.241128][ T6582] tpg transfer function: 0/0 [ 392.245823][ T6582] tpg Y'CbCr encoding: 0/0 [ 392.272656][ T6582] tpg quantization: 0/0 [ 392.276971][ T6582] tpg RGB range: 0/2 [ 392.291468][ T6582] vivid-007: ================== END STATUS ================== [ 393.181620][ T6631] netlink: 'syz.0.133': attribute type 1 has an invalid length. [ 393.228043][ T6626] warning: `syz.2.132' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 393.515124][ T30] audit: type=1800 audit(4294967301.010:4): pid=6639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.134" name="lu_gp_id" dev="configfs" ino=10385 res=0 errno=0 [ 394.912002][ T6667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.141'. [ 395.846747][ T6707] netlink: 8 bytes leftover after parsing attributes in process `syz.3.147'. [ 396.829846][ T6725] binder: 6722:6725 ioctl c018620c 0 returned -1 [ 398.322073][ T6752] rnbd_client L202: map_device: Unknown parameter or missing value '(' [ 398.352518][ T6752] ptrace attach of "./syz-executor exec"[6753] was attempted by "./syz-executor exec"[6752] [ 399.188166][ T6771] capability: warning: `syz.1.160' uses 32-bit capabilities (legacy support in use) [ 401.383596][ T6802] ======================================================= [ 401.383596][ T6802] WARNING: The mand mount option has been deprecated and [ 401.383596][ T6802] and is ignored by this kernel. Remove the mand [ 401.383596][ T6802] option from the mount to silence this warning. [ 401.383596][ T6802] ======================================================= [ 401.513648][ T6802] zswap: compressor È®9Q›¾z%;0*l H`Bkãjë™wj§Ó³<85Åè'.Y[«`ÿÛ2ÑY$¼`ÔYvÚgÖ´óqÊ"b%…zËN[O EiF¸iü»(ShÀ„3Kxá>ÔRS=óþkHÑÉŸƒÆÿ{è?BýÌò½ÑbŠëÞ4)>øªÚ not available [ 402.329288][ T6808] netlink: 4 bytes leftover after parsing attributes in process `syz.3.168'. [ 402.579191][ T6816] netlink: 342 bytes leftover after parsing attributes in process `syz.2.170'. [ 402.968063][ T6830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.173'. [ 402.999368][ T6830] netlink: 354 bytes leftover after parsing attributes in process `syz.2.173'. [ 405.202747][ T6869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.182'. [ 405.809371][ T6889] program syz.2.187 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 406.821312][ T6911] can: request_module (can-proto-4) failed. [ 408.623001][ T6952] netlink: 48 bytes leftover after parsing attributes in process `syz.0.203'. [ 408.756628][ T5874] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 408.860322][ T6951] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 409.655632][ T6963] netlink: 28 bytes leftover after parsing attributes in process `syz.0.205'. [ 411.352279][ T6992] netlink: 28 bytes leftover after parsing attributes in process `syz.3.211'. [ 411.483401][ T6992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.529672][ T6992] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.545668][ T6992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.636666][ T6992] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 412.238356][ T7012] netlink: 'syz.3.216': attribute type 1 has an invalid length. [ 412.659111][ T7025] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 412.756386][ T7025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.219'. [ 414.925139][ T7066] netlink: 28 bytes leftover after parsing attributes in process `syz.2.229'. [ 415.013460][ T7073] hub 8-0:1.0: USB hub found [ 415.059716][ T7073] hub 8-0:1.0: 1 port detected [ 416.512990][ T7099] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 416.564147][ T7103] syz.3.234 (7103) used greatest stack depth: 19800 bytes left [ 417.197197][ T7173] FAULT_INJECTION: forcing a failure. [ 417.197197][ T7173] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 417.212778][ T7173] CPU: 1 UID: 0 PID: 7173 Comm: syz.2.243 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 417.212819][ T7173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 417.212835][ T7173] Call Trace: [ 417.212844][ T7173] [ 417.212854][ T7173] dump_stack_lvl+0x16c/0x1f0 [ 417.212901][ T7173] should_fail_ex+0x512/0x640 [ 417.212956][ T7173] _copy_to_user+0x32/0xd0 [ 417.213001][ T7173] simple_read_from_buffer+0xcb/0x170 [ 417.213041][ T7173] buffer_percent_read+0xf7/0x150 [ 417.213071][ T7173] ? __pfx_buffer_percent_read+0x10/0x10 [ 417.213113][ T7173] ? rw_verify_area+0xcf/0x680 [ 417.213151][ T7173] ? __pfx_buffer_percent_read+0x10/0x10 [ 417.213179][ T7173] vfs_readv+0x5c1/0x8b0 [ 417.213222][ T7173] ? __pfx_vfs_readv+0x10/0x10 [ 417.213256][ T7173] ? __mutex_lock+0x1ca/0xb90 [ 417.213290][ T7173] ? __pfx___mutex_lock+0x10/0x10 [ 417.213345][ T7173] ? __fget_files+0x20e/0x3c0 [ 417.213378][ T7173] ? __fget_files+0x150/0x3c0 [ 417.213422][ T7173] ? do_readv+0x132/0x340 [ 417.213452][ T7173] do_readv+0x132/0x340 [ 417.213485][ T7173] ? __pfx_do_readv+0x10/0x10 [ 417.213531][ T7173] do_syscall_64+0xcd/0x490 [ 417.213558][ T7173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.213586][ T7173] RIP: 0033:0x7f19d758e929 [ 417.213608][ T7173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.213633][ T7173] RSP: 002b:00007f19d53f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 417.213661][ T7173] RAX: ffffffffffffffda RBX: 00007f19d77b5fa0 RCX: 00007f19d758e929 [ 417.213678][ T7173] RDX: 0000000000000005 RSI: 0000200000000040 RDI: 0000000000000003 [ 417.213693][ T7173] RBP: 00007f19d53f6090 R08: 0000000000000000 R09: 0000000000000000 [ 417.213709][ T7173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.213731][ T7173] R13: 0000000000000000 R14: 00007f19d77b5fa0 R15: 00007ffc7c23d1b8 [ 417.213768][ T7173] [ 419.430325][ T7218] syz.1.254 uses obsolete (PF_INET,SOCK_PACKET) [ 419.756060][ T5874] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 419.924829][ T7217] netlink: 28 bytes leftover after parsing attributes in process `syz.2.253'. [ 420.786881][ T7233] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 422.018508][ T7246] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 422.232006][ T7269] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 422.263026][ T7269] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 422.482415][ T7257] zswap: compressor not available [ 422.681912][ T7264] zswap: compressor not available [ 422.986852][ T7287] netlink: 342 bytes leftover after parsing attributes in process `syz.3.265'. [ 423.023910][ T7290] FAULT_INJECTION: forcing a failure. [ 423.023910][ T7290] name failslab, interval 1, probability 0, space 0, times 0 [ 423.079615][ T7290] CPU: 1 UID: 0 PID: 7290 Comm: syz.1.266 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 423.079655][ T7290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 423.079669][ T7290] Call Trace: [ 423.079678][ T7290] [ 423.079687][ T7290] dump_stack_lvl+0x16c/0x1f0 [ 423.079732][ T7290] should_fail_ex+0x512/0x640 [ 423.079766][ T7290] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 423.079807][ T7290] should_failslab+0xc2/0x120 [ 423.079831][ T7290] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 423.079867][ T7290] ? __pmd_alloc+0xbf/0x930 [ 423.079901][ T7290] __pmd_alloc+0xbf/0x930 [ 423.079925][ T7290] ? find_held_lock+0x2b/0x80 [ 423.079954][ T7290] __handle_mm_fault+0xaac/0x5490 [ 423.079998][ T7290] ? __pfx___handle_mm_fault+0x10/0x10 [ 423.080027][ T7290] ? __pfx_mt_find+0x10/0x10 [ 423.080078][ T7290] ? find_vma+0xbf/0x140 [ 423.080103][ T7290] ? __pfx_find_vma+0x10/0x10 [ 423.080133][ T7290] handle_mm_fault+0x589/0xd10 [ 423.080166][ T7290] ? __pkru_allows_pkey+0x41/0xb0 [ 423.080202][ T7290] do_user_addr_fault+0x7a6/0x1370 [ 423.080239][ T7290] ? rcu_is_watching+0x12/0xc0 [ 423.080270][ T7290] exc_page_fault+0x5c/0xb0 [ 423.080307][ T7290] asm_exc_page_fault+0x26/0x30 [ 423.080330][ T7290] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 423.080361][ T7290] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f [ 423.080384][ T7290] RSP: 0018:ffffc900033c7b40 EFLAGS: 00050202 [ 423.080406][ T7290] RAX: 0000000000000035 RBX: 0000000000000002 RCX: 0000000000000002 [ 423.080422][ T7290] RDX: fffff52000678f7c RSI: ffffc900033c7bd8 RDI: 0000000000000000 [ 423.080438][ T7290] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff52000678f7b [ 423.080453][ T7290] R10: ffffc900033c7bd9 R11: 0000000000000001 R12: ffffc900033c7bd8 [ 423.080469][ T7290] R13: 0000000000000002 R14: 00007ffffffff000 R15: 0000000000000000 [ 423.080508][ T7290] _copy_to_user+0xbb/0xd0 [ 423.080550][ T7290] simple_read_from_buffer+0xcb/0x170 [ 423.080595][ T7290] buffer_percent_read+0xf7/0x150 [ 423.080622][ T7290] ? __pfx_buffer_percent_read+0x10/0x10 [ 423.080663][ T7290] ? rw_verify_area+0xcf/0x680 [ 423.080697][ T7290] ? __pfx_buffer_percent_read+0x10/0x10 [ 423.080722][ T7290] vfs_readv+0x5c1/0x8b0 [ 423.080764][ T7290] ? __pfx_vfs_readv+0x10/0x10 [ 423.080794][ T7290] ? __mutex_lock+0x1ca/0xb90 [ 423.080828][ T7290] ? __pfx___mutex_lock+0x10/0x10 [ 423.080881][ T7290] ? __fget_files+0x20e/0x3c0 [ 423.080912][ T7290] ? __fget_files+0x150/0x3c0 [ 423.080956][ T7290] ? do_readv+0x132/0x340 [ 423.080982][ T7290] do_readv+0x132/0x340 [ 423.081014][ T7290] ? __pfx_do_readv+0x10/0x10 [ 423.081059][ T7290] do_syscall_64+0xcd/0x490 [ 423.081086][ T7290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.081111][ T7290] RIP: 0033:0x7fbe29f8e929 [ 423.081131][ T7290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.081153][ T7290] RSP: 002b:00007fbe2ad82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 423.081178][ T7290] RAX: ffffffffffffffda RBX: 00007fbe2a1b5fa0 RCX: 00007fbe29f8e929 [ 423.081194][ T7290] RDX: 0000000000000005 RSI: 0000200000000040 RDI: 0000000000000003 [ 423.081209][ T7290] RBP: 00007fbe2ad82090 R08: 0000000000000000 R09: 0000000000000000 [ 423.081224][ T7290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.081239][ T7290] R13: 0000000000000000 R14: 00007fbe2a1b5fa0 R15: 00007ffd23a63ef8 [ 423.081276][ T7290] [ 423.106170][ T7278] netlink: 28 bytes leftover after parsing attributes in process `syz.2.264'. [ 424.581575][ T30] audit: type=1800 audit(4294967332.070:5): pid=7305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.270" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 425.424721][ T7334] netlink: 4 bytes leftover after parsing attributes in process `syz.1.275'. [ 426.785745][ T7365] random: crng reseeded on system resumption [ 427.033725][ T7370] FAULT_INJECTION: forcing a failure. [ 427.033725][ T7370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.047468][ T7370] CPU: 0 UID: 0 PID: 7370 Comm: syz.3.284 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 427.047510][ T7370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 427.047528][ T7370] Call Trace: [ 427.047538][ T7370] [ 427.047549][ T7370] dump_stack_lvl+0x16c/0x1f0 [ 427.047613][ T7370] should_fail_ex+0x512/0x640 [ 427.047663][ T7370] _copy_from_user+0x2e/0xd0 [ 427.047713][ T7370] dma_heap_ioctl+0x16f/0x610 [ 427.047755][ T7370] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 427.047788][ T7370] ? find_held_lock+0x2b/0x80 [ 427.047840][ T7370] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 427.047879][ T7370] __x64_sys_ioctl+0x18b/0x210 [ 427.047919][ T7370] do_syscall_64+0xcd/0x490 [ 427.047950][ T7370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.047981][ T7370] RIP: 0033:0x7f552f98e929 [ 427.048006][ T7370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.048033][ T7370] RSP: 002b:00007f553089b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 427.048062][ T7370] RAX: ffffffffffffffda RBX: 00007f552fbb5fa0 RCX: 00007f552f98e929 [ 427.048081][ T7370] RDX: 0000200000000080 RSI: ffffffffffdffe00 RDI: 0000000000000007 [ 427.048098][ T7370] RBP: 00007f552fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 427.048115][ T7370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.048132][ T7370] R13: 0000000000000000 R14: 00007f552fbb5fa0 R15: 00007ffea2f3c5c8 [ 427.048174][ T7370] [ 429.039175][ T7392] FAULT_INJECTION: forcing a failure. [ 429.039175][ T7392] name failslab, interval 1, probability 0, space 0, times 0 [ 429.069178][ T7392] CPU: 1 UID: 0 PID: 7392 Comm: syz.3.290 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 429.069224][ T7392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 429.069239][ T7392] Call Trace: [ 429.069248][ T7392] [ 429.069258][ T7392] dump_stack_lvl+0x16c/0x1f0 [ 429.069321][ T7392] should_fail_ex+0x512/0x640 [ 429.069358][ T7392] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 429.069403][ T7392] should_failslab+0xc2/0x120 [ 429.069430][ T7392] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 429.069466][ T7392] ? do_raw_spin_lock+0x12c/0x2b0 [ 429.069503][ T7392] ? ptlock_alloc+0x1f/0x70 [ 429.069552][ T7392] ptlock_alloc+0x1f/0x70 [ 429.069585][ T7392] pte_alloc_one+0x82/0x3a0 [ 429.069627][ T7392] __do_fault+0x320/0x490 [ 429.069670][ T7392] ? __pfx_filemap_map_pages+0x10/0x10 [ 429.069710][ T7392] __handle_mm_fault+0x374c/0x5490 [ 429.069758][ T7392] ? __pfx___handle_mm_fault+0x10/0x10 [ 429.069790][ T7392] ? __pfx_mt_find+0x10/0x10 [ 429.069841][ T7392] ? find_vma+0xbf/0x140 [ 429.069867][ T7392] ? __pfx_find_vma+0x10/0x10 [ 429.069900][ T7392] handle_mm_fault+0x589/0xd10 [ 429.069938][ T7392] ? __pkru_allows_pkey+0x41/0xb0 [ 429.069977][ T7392] do_user_addr_fault+0x7a6/0x1370 [ 429.070016][ T7392] ? rcu_is_watching+0x12/0xc0 [ 429.070048][ T7392] exc_page_fault+0x5c/0xb0 [ 429.070086][ T7392] asm_exc_page_fault+0x26/0x30 [ 429.070111][ T7392] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 429.070147][ T7392] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f [ 429.070172][ T7392] RSP: 0018:ffffc900031a7b40 EFLAGS: 00050202 [ 429.070195][ T7392] RAX: 0000000000000035 RBX: 0000000000000002 RCX: 0000000000000002 [ 429.070211][ T7392] RDX: fffff52000634f7c RSI: ffffc900031a7bd8 RDI: 0000000000000000 [ 429.070227][ T7392] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff52000634f7b [ 429.070243][ T7392] R10: ffffc900031a7bd9 R11: 0000000000000001 R12: ffffc900031a7bd8 [ 429.070259][ T7392] R13: 0000000000000002 R14: 00007ffffffff000 R15: 0000000000000000 [ 429.070297][ T7392] _copy_to_user+0xbb/0xd0 [ 429.070344][ T7392] simple_read_from_buffer+0xcb/0x170 [ 429.070383][ T7392] buffer_percent_read+0xf7/0x150 [ 429.070414][ T7392] ? __pfx_buffer_percent_read+0x10/0x10 [ 429.070456][ T7392] ? rw_verify_area+0xcf/0x680 [ 429.070494][ T7392] ? __pfx_buffer_percent_read+0x10/0x10 [ 429.070521][ T7392] vfs_readv+0x5c1/0x8b0 [ 429.070593][ T7392] ? __pfx_vfs_readv+0x10/0x10 [ 429.070625][ T7392] ? __mutex_lock+0x1ca/0xb90 [ 429.070658][ T7392] ? __pfx___mutex_lock+0x10/0x10 [ 429.070712][ T7392] ? __fget_files+0x20e/0x3c0 [ 429.070747][ T7392] ? __fget_files+0x150/0x3c0 [ 429.070792][ T7392] ? do_readv+0x132/0x340 [ 429.070823][ T7392] do_readv+0x132/0x340 [ 429.070858][ T7392] ? __pfx_do_readv+0x10/0x10 [ 429.070907][ T7392] do_syscall_64+0xcd/0x490 [ 429.070936][ T7392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.070963][ T7392] RIP: 0033:0x7f552f98e929 [ 429.070986][ T7392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.071011][ T7392] RSP: 002b:00007f553089b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 429.071036][ T7392] RAX: ffffffffffffffda RBX: 00007f552fbb5fa0 RCX: 00007f552f98e929 [ 429.071054][ T7392] RDX: 0000000000000005 RSI: 0000200000000040 RDI: 0000000000000003 [ 429.071071][ T7392] RBP: 00007f553089b090 R08: 0000000000000000 R09: 0000000000000000 [ 429.071087][ T7392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 429.071103][ T7392] R13: 0000000000000000 R14: 00007f552fbb5fa0 R15: 00007ffea2f3c5c8 [ 429.071143][ T7392] [ 430.081190][ T7394] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 431.282247][ T7421] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  [ 574.206880][ T9967] Line length is too long: Should be less than 4094 [ 576.296388][T10001] netlink: 28 bytes leftover after parsing attributes in process `syz.0.823'. [ 577.080045][T10004] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 579.585391][T10055] netlink: 28 bytes leftover after parsing attributes in process `syz.3.834'. [ 579.762175][T10055] ipvlan1: entered allmulticast mode [ 579.864138][T10055] veth0_vlan: entered allmulticast mode [ 580.508536][T10063] zswap: compressor not available [ 581.611760][T10074] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 581.745649][T10074] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 581.862779][T10074] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 581.869004][T10074] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 581.986296][T10074] CPU0 is offline. [ 582.206495][T10103] FAULT_INJECTION: forcing a failure. [ 582.206495][T10103] name failslab, interval 1, probability 0, space 0, times 0 [ 582.375277][T10103] CPU: 1 UID: 0 PID: 10103 Comm: syz.2.845 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 582.375312][T10103] Tainted: [U]=USER [ 582.375317][T10103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 582.375330][T10103] Call Trace: [ 582.375336][T10103] [ 582.375343][T10103] dump_stack_lvl+0x16c/0x1f0 [ 582.375377][T10103] should_fail_ex+0x512/0x640 [ 582.375403][T10103] ? fs_reclaim_acquire+0xae/0x150 [ 582.375425][T10103] should_failslab+0xc2/0x120 [ 582.375442][T10103] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 582.375467][T10103] ? security_inode_alloc+0x3b/0x2b0 [ 582.375490][T10103] security_inode_alloc+0x3b/0x2b0 [ 582.375510][T10103] inode_init_always_gfp+0xce4/0x1030 [ 582.375537][T10103] alloc_inode+0x86/0x240 [ 582.375555][T10103] new_inode+0x22/0x1c0 [ 582.375574][T10103] proc_pid_make_inode+0x22/0x160 [ 582.375597][T10103] proc_pident_instantiate+0x85/0x320 [ 582.375622][T10103] proc_pident_lookup+0x21d/0x290 [ 582.375650][T10103] __lookup_slow+0x24e/0x460 [ 582.375670][T10103] ? __pfx___lookup_slow+0x10/0x10 [ 582.375708][T10103] ? lookup_fast+0x156/0x610 [ 582.375731][T10103] walk_component+0x353/0x5b0 [ 582.375754][T10103] link_path_walk+0x627/0xe20 [ 582.375783][T10103] path_openat+0x1b0/0x2cb0 [ 582.375803][T10103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.375836][T10103] ? __pfx_path_openat+0x10/0x10 [ 582.375860][T10103] ? __lock_acquire+0xb8a/0x1c90 [ 582.375964][T10103] do_filp_open+0x20b/0x470 [ 582.375999][T10103] ? __pfx_do_filp_open+0x10/0x10 [ 582.376032][T10103] ? __pfx_kfree_link+0x10/0x10 [ 582.376064][T10103] ? alloc_fd+0x471/0x7d0 [ 582.376099][T10103] do_sys_openat2+0x11b/0x1d0 [ 582.376118][T10103] ? __pfx_do_sys_openat2+0x10/0x10 [ 582.376145][T10103] __x64_sys_openat+0x174/0x210 [ 582.376164][T10103] ? __pfx___x64_sys_openat+0x10/0x10 [ 582.376192][T10103] do_syscall_64+0xcd/0x490 [ 582.376210][T10103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.376228][T10103] RIP: 0033:0x7f19d758d290 [ 582.376247][T10103] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 582.376264][T10103] RSP: 002b:00007f19d53f5f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 582.376282][T10103] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f19d758d290 [ 582.376293][T10103] RDX: 0000000000000002 RSI: 00007f19d53f5fa0 RDI: 00000000ffffff9c [ 582.376304][T10103] RBP: 00007f19d53f5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 582.376313][T10103] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 582.376323][T10103] R13: 0000000000000000 R14: 00007f19d77b5fa0 R15: 00007ffc7c23d1b8 [ 582.376347][T10103] [ 583.459549][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 583.873278][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 583.957109][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 583.965841][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 584.484615][T10127] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 585.249380][T10131] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 585.942136][T10133] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 588.082047][ T5878] Bluetooth: hci2: Malformed Event: 0x02 [ 588.951646][T10174] zswap: compressor 000 not available [ 589.150075][T10187] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 589.831237][T10195] FAULT_INJECTION: forcing a failure. [ 589.831237][T10195] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 589.902114][T10195] CPU: 1 UID: 0 PID: 10195 Comm: syz.1.865 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 589.902146][T10195] Tainted: [U]=USER [ 589.902152][T10195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 589.902161][T10195] Call Trace: [ 589.902167][T10195] [ 589.902174][T10195] dump_stack_lvl+0x16c/0x1f0 [ 589.902207][T10195] should_fail_ex+0x512/0x640 [ 589.902234][T10195] should_fail_alloc_page+0xe7/0x130 [ 589.902253][T10195] prepare_alloc_pages+0x3c2/0x610 [ 589.902276][T10195] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 589.902307][T10195] ? kasan_save_stack+0x42/0x60 [ 589.902330][T10195] ? kasan_save_stack+0x33/0x60 [ 589.902351][T10195] ? kasan_save_track+0x14/0x30 [ 589.902373][T10195] ? __kasan_slab_alloc+0x89/0x90 [ 589.902396][T10195] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 589.902419][T10195] ? security_inode_alloc+0x3b/0x2b0 [ 589.902437][T10195] ? inode_init_always_gfp+0xce4/0x1030 [ 589.902459][T10195] ? alloc_inode+0x86/0x240 [ 589.902474][T10195] ? sock_alloc+0x40/0x280 [ 589.902489][T10195] ? __sock_create+0xc1/0x8d0 [ 589.902507][T10195] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 589.902531][T10195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.902567][T10195] ? sk_prot_alloc+0x1a8/0x2a0 [ 589.902584][T10195] __alloc_pages_noprof+0xb/0x1b0 [ 589.902607][T10195] ___kmalloc_large_node+0x84/0x1e0 [ 589.902625][T10195] ? __lock_acquire+0x622/0x1c90 [ 589.902649][T10195] ? sk_prot_alloc+0x1a8/0x2a0 [ 589.902666][T10195] __kmalloc_large_node_noprof+0x1c/0x70 [ 589.902687][T10195] __kmalloc_noprof.cold+0xc/0x61 [ 589.902715][T10195] sk_prot_alloc+0x1a8/0x2a0 [ 589.902735][T10195] sk_alloc+0x36/0xc20 [ 589.902759][T10195] can_create+0x1e5/0x600 [ 589.902779][T10195] __sock_create+0x338/0x8d0 [ 589.902803][T10195] __sys_socket+0x14d/0x260 [ 589.902823][T10195] ? __pfx___sys_socket+0x10/0x10 [ 589.902844][T10195] ? xfd_validate_state+0x61/0x180 [ 589.902864][T10195] ? __pfx_ksys_write+0x10/0x10 [ 589.902891][T10195] __x64_sys_socket+0x72/0xb0 [ 589.902910][T10195] ? lockdep_hardirqs_on+0x7c/0x110 [ 589.902934][T10195] do_syscall_64+0xcd/0x490 [ 589.902951][T10195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.902968][T10195] RIP: 0033:0x7fbe29f8e929 [ 589.902983][T10195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 589.903009][T10195] RSP: 002b:00007fbe2ad5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 589.903028][T10195] RAX: ffffffffffffffda RBX: 00007fbe2a1b6080 RCX: 00007fbe29f8e929 [ 589.903039][T10195] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 589.903049][T10195] RBP: 00007fbe2a010b39 R08: 0000000000000000 R09: 0000000000000000 [ 589.903059][T10195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.903069][T10195] R13: 0000000000000000 R14: 00007fbe2a1b6080 R15: 00007ffd23a63ef8 [ 589.903091][T10195] [ 590.653198][T10193] FAULT_INJECTION: forcing a failure. [ 590.653198][T10193] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 590.762168][T10193] CPU: 1 UID: 0 PID: 10193 Comm: syz.1.865 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 590.762201][T10193] Tainted: [U]=USER [ 590.762207][T10193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 590.762219][T10193] Call Trace: [ 590.762224][T10193] [ 590.762231][T10193] dump_stack_lvl+0x16c/0x1f0 [ 590.762262][T10193] should_fail_ex+0x512/0x640 [ 590.762291][T10193] _copy_to_iter+0x29f/0x16f0 [ 590.762319][T10193] ? __pfx___skb_try_recv_datagram+0x10/0x10 [ 590.762347][T10193] ? __pfx__copy_to_iter+0x10/0x10 [ 590.762375][T10193] ? __skb_recv_datagram+0x1b2/0x220 [ 590.762399][T10193] ? __pfx___skb_recv_datagram+0x10/0x10 [ 590.762424][T10193] simple_copy_to_iter+0x46/0x90 [ 590.762446][T10193] __skb_datagram_iter+0x129/0x900 [ 590.762467][T10193] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 590.762490][T10193] ? skb_recv_datagram+0x88/0xc0 [ 590.762515][T10193] skb_copy_datagram_iter+0x40/0x50 [ 590.762538][T10193] netlink_recvmsg+0x27e/0xa90 [ 590.762558][T10193] ? __pfx_netlink_recvmsg+0x10/0x10 [ 590.762576][T10193] ? __fget_files+0x204/0x3c0 [ 590.762606][T10193] sock_recvmsg+0x1f6/0x250 [ 590.762626][T10193] __sys_recvfrom+0x203/0x310 [ 590.762651][T10193] ? __pfx___sys_recvfrom+0x10/0x10 [ 590.762681][T10193] ? find_held_lock+0x2b/0x80 [ 590.762708][T10193] ? xfd_validate_state+0x61/0x180 [ 590.762743][T10193] __x64_sys_recvfrom+0xe0/0x1c0 [ 590.762767][T10193] ? do_syscall_64+0x91/0x490 [ 590.762781][T10193] ? lockdep_hardirqs_on+0x7c/0x110 [ 590.762806][T10193] do_syscall_64+0xcd/0x490 [ 590.762822][T10193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.762840][T10193] RIP: 0033:0x7fbe29f906f4 [ 590.762854][T10193] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 590.762871][T10193] RSP: 002b:00007fbe2ad80f30 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 590.762889][T10193] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00007fbe29f906f4 [ 590.762900][T10193] RDX: 0000000000001000 RSI: 00007fbe2ad81010 RDI: 0000000000000005 [ 590.762910][T10193] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 590.762919][T10193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000180 [ 590.762929][T10193] R13: 00007fbe2ad80fc0 R14: 000000000000000d R15: 0000000000000000 [ 590.762949][T10193] [ 592.185260][T10174] random: crng reseeded on system resumption [ 592.681106][T10205] netlink: zone id is out of range [ 592.686321][T10205] netlink: zone id is out of range [ 592.772772][T10205] netlink: zone id is out of range [ 592.778020][T10205] netlink: zone id is out of range [ 592.866456][T10205] netlink: zone id is out of range [ 592.898339][T10205] netlink: zone id is out of range [ 592.916299][T10208] netlink: 'syz.1.868': attribute type 11 has an invalid length. [ 593.161659][T10205] netlink: zone id is out of range [ 593.167054][T10205] netlink: zone id is out of range [ 593.274487][T10205] netlink: zone id is out of range [ 593.360085][T10205] netlink: zone id is out of range [ 595.055078][T10240] FAULT_INJECTION: forcing a failure. [ 595.055078][T10240] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 595.172480][T10240] CPU: 1 UID: 0 PID: 10240 Comm: syz.1.877 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 595.172512][T10240] Tainted: [U]=USER [ 595.172518][T10240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 595.172528][T10240] Call Trace: [ 595.172534][T10240] [ 595.172541][T10240] dump_stack_lvl+0x16c/0x1f0 [ 595.172572][T10240] should_fail_ex+0x512/0x640 [ 595.172601][T10240] should_fail_alloc_page+0xe7/0x130 [ 595.172620][T10240] prepare_alloc_pages+0x3c2/0x610 [ 595.172644][T10240] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 595.172671][T10240] ? stack_trace_save+0x8e/0xc0 [ 595.172690][T10240] ? __pfx_stack_trace_save+0x10/0x10 [ 595.172707][T10240] ? stack_depot_save_flags+0x28/0xa40 [ 595.172732][T10240] ? __kernel_text_address+0xd/0x40 [ 595.172761][T10240] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 595.172784][T10240] ? kasan_save_stack+0x42/0x60 [ 595.172807][T10240] ? kasan_save_track+0x14/0x30 [ 595.172830][T10240] ? snd_pcm_attach_substream+0x441/0xd60 [ 595.172852][T10240] ? snd_pcm_open_substream+0x8d/0x17f0 [ 595.172872][T10240] ? snd_pcm_oss_open+0x735/0x1400 [ 595.172888][T10240] ? soundcore_open+0x409/0x580 [ 595.172911][T10240] ? chrdev_open+0x231/0x6a0 [ 595.172933][T10240] ? do_dentry_open+0x744/0x1c10 [ 595.172965][T10240] ? vfs_open+0x82/0x3f0 [ 595.172983][T10240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.173011][T10240] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 595.173038][T10240] ? policy_nodemask+0xea/0x4e0 [ 595.173067][T10240] alloc_pages_mpol+0x1fb/0x550 [ 595.173085][T10240] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 595.173108][T10240] alloc_pages_noprof+0x131/0x390 [ 595.173126][T10240] alloc_pages_exact_noprof+0x37/0xe0 [ 595.173148][T10240] snd_pcm_attach_substream+0x468/0xd60 [ 595.173177][T10240] snd_pcm_open_substream+0x8d/0x17f0 [ 595.173200][T10240] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 595.173230][T10240] snd_pcm_oss_open+0x735/0x1400 [ 595.173257][T10240] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 595.173276][T10240] ? __lock_acquire+0xb8a/0x1c90 [ 595.173298][T10240] ? __pfx_default_wake_function+0x10/0x10 [ 595.173317][T10240] ? __lock_acquire+0xb8a/0x1c90 [ 595.173343][T10240] ? do_raw_spin_lock+0x12c/0x2b0 [ 595.173370][T10240] ? soundcore_open+0x35a/0x580 [ 595.173396][T10240] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 595.173415][T10240] soundcore_open+0x409/0x580 [ 595.173443][T10240] ? __pfx_soundcore_open+0x10/0x10 [ 595.173468][T10240] chrdev_open+0x231/0x6a0 [ 595.173492][T10240] ? __pfx_apparmor_file_open+0x10/0x10 [ 595.173515][T10240] ? __pfx_chrdev_open+0x10/0x10 [ 595.173541][T10240] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 595.173568][T10240] do_dentry_open+0x744/0x1c10 [ 595.173593][T10240] ? __pfx_chrdev_open+0x10/0x10 [ 595.173622][T10240] vfs_open+0x82/0x3f0 [ 595.173642][T10240] path_openat+0x1de4/0x2cb0 [ 595.173674][T10240] ? __pfx_path_openat+0x10/0x10 [ 595.173699][T10240] ? __lock_acquire+0xb8a/0x1c90 [ 595.173722][T10240] do_filp_open+0x20b/0x470 [ 595.173746][T10240] ? __pfx_do_filp_open+0x10/0x10 [ 595.173786][T10240] ? alloc_fd+0x471/0x7d0 [ 595.173815][T10240] do_sys_openat2+0x11b/0x1d0 [ 595.173833][T10240] ? __pfx_do_sys_openat2+0x10/0x10 [ 595.173852][T10240] ? __sys_sendmsg+0x18c/0x220 [ 595.173884][T10240] __x64_sys_openat+0x174/0x210 [ 595.173903][T10240] ? __pfx___x64_sys_openat+0x10/0x10 [ 595.173931][T10240] do_syscall_64+0xcd/0x490 [ 595.173955][T10240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.173971][T10240] RIP: 0033:0x7fbe29f8e929 [ 595.173986][T10240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.174003][T10240] RSP: 002b:00007fbe2ad82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 595.174021][T10240] RAX: ffffffffffffffda RBX: 00007fbe2a1b5fa0 RCX: 00007fbe29f8e929 [ 595.174032][T10240] RDX: 0000000000020b42 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 595.174043][T10240] RBP: 00007fbe2a010b39 R08: 0000000000000000 R09: 0000000000000000 [ 595.174052][T10240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.174063][T10240] R13: 0000000000000000 R14: 00007fbe2a1b5fa0 R15: 00007ffd23a63ef8 [ 595.174086][T10240] [ 595.753784][T10230] program syz.0.873 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 597.060051][T10245] could not allocate digest TFM handle binfmt_misc [ 597.662296][T10259] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078000000 pfn:0x78000 [ 597.808291][T10259] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 597.873781][T10259] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 597.960025][T10259] page_type: f5(slab) [ 597.964181][T10259] raw: 00fff00000000240 ffff88801b842140 ffffea0001de1410 ffff88801b840a08 [ 598.073992][T10259] raw: ffff888078000000 0000000000040003 00000000f5000000 0000000000000000 [ 598.140691][T10259] head: 00fff00000000240 ffff88801b842140 ffffea0001de1410 ffff88801b840a08 [ 598.209843][T10259] head: ffff888078000000 0000000000040003 00000000f5000000 0000000000000000 [ 598.218838][T10259] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 598.349192][T10259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 598.434846][T10259] page dumped because: unmovable page [ 598.480006][T10259] page_owner tracks the page as allocated [ 598.529581][T10259] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5883, tgid 5883 (udevd), ts 465456942159, free_ts 465330606723 [ 598.711335][T10259] post_alloc_hook+0x1c0/0x230 [ 598.716191][T10259] get_page_from_freelist+0x1321/0x3890 [ 598.786270][T10259] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 598.826740][T10259] alloc_pages_mpol+0x1fb/0x550 [ 598.870543][T10259] new_slab+0x23b/0x330 [ 598.902248][T10259] ___slab_alloc+0xd9c/0x1940 [ 598.933175][T10259] __slab_alloc.constprop.0+0x56/0xb0 [ 598.965882][T10259] __kmalloc_noprof+0x2f2/0x510 [ 599.004479][T10259] tomoyo_realpath_from_path+0xc2/0x6e0 [ 599.029246][T10259] tomoyo_path_perm+0x274/0x460 [ 599.071625][T10259] security_inode_getattr+0x116/0x290 [ 599.077093][T10259] vfs_fstat+0x4b/0xe0 [ 599.114814][T10259] __do_sys_newfstat+0x87/0x100 [ 599.141821][T10259] do_syscall_64+0xcd/0x490 [ 599.174858][T10259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.211537][T10259] page last free pid 8094 tgid 8094 stack trace: [ 599.241770][T10259] __free_frozen_pages+0x7fe/0x1180 [ 599.267661][T10259] __put_partials+0x16d/0x1c0 [ 599.283347][T10259] qlist_free_all+0x4d/0x120 [ 599.309622][T10259] kasan_quarantine_reduce+0x195/0x1e0 [ 599.330070][T10259] __kasan_slab_alloc+0x69/0x90 [ 599.360619][T10259] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 599.377094][T10259] getname_flags.part.0+0x4c/0x550 [ 599.393294][T10259] getname_flags+0x93/0xf0 [ 599.423045][T10259] __x64_sys_symlinkat+0x79/0xc0 [ 599.438131][T10259] do_syscall_64+0xcd/0x490 [ 599.460710][T10259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.441996][T10311] netlink: 10596 bytes leftover after parsing attributes in process `syz.2.891'. [ 601.609063][T10311] net_ratelimit: 22 callbacks suppressed [ 601.609082][T10311] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 604.036801][T10349] random: crng reseeded on system resumption [ 605.281370][T10366] netlink: 334 bytes leftover after parsing attributes in process `syz.0.899'. [ 606.641037][T10391] netlink: 28 bytes leftover after parsing attributes in process `syz.3.902'. [ 606.778482][T10395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.903'. [ 607.194004][T10395] ipvlan0: entered allmulticast mode [ 608.190279][T10411] MTRR 1 not used [ 614.809293][T10489] can: request_module (can-proto-0) failed. [ 616.643861][T10507] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 616.643861][T10507] program syz.1.925 not setting count and/or reply_len properly [ 619.598572][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.935'. [ 619.722855][T10563] bcache: register_bcache() error : failed to open device [ 622.141793][T10585] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 623.640334][T10618] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 624.821906][T10621] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 625.793557][T10639] can: request_module (can-proto-0) failed. [ 627.542614][T10674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.960'. [ 629.912748][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.919160][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.879995][ T30] audit: type=1800 audit(4294967411.349:15): pid=10705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.967" name="members" dev="configfs" ino=69830 res=0 errno=0 [ 630.900743][ C1] vkms_vblank_simulate: vblank timer overrun [ 632.503087][T10732] ima: policy update failed [ 632.538202][ T30] audit: type=1802 audit(4294967413.019:16): pid=10732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.974" res=0 errno=0 [ 633.065074][T10739] FAULT_INJECTION: forcing a failure. [ 633.065074][T10739] name failslab, interval 1, probability 0, space 0, times 0 [ 633.151612][T10739] CPU: 1 UID: 0 PID: 10739 Comm: syz.0.975 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 633.151645][T10739] Tainted: [U]=USER [ 633.151651][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 633.151661][T10739] Call Trace: [ 633.151668][T10739] [ 633.151675][T10739] dump_stack_lvl+0x16c/0x1f0 [ 633.151707][T10739] should_fail_ex+0x512/0x640 [ 633.151731][T10739] ? __kmalloc_noprof+0xbf/0x510 [ 633.151757][T10739] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 633.151781][T10739] should_failslab+0xc2/0x120 [ 633.151798][T10739] __kmalloc_noprof+0xd2/0x510 [ 633.151822][T10739] ? mark_held_locks+0x49/0x80 [ 633.151843][T10739] ? _raw_spin_unlock_irq+0x23/0x50 [ 633.151868][T10739] usb_hcd_submit_urb+0x5cf/0x1c60 [ 633.151898][T10739] usb_submit_urb+0x87c/0x1790 [ 633.151917][T10739] ? lockdep_init_map_type+0x33/0x280 [ 633.151939][T10739] ? __init_swait_queue_head+0xca/0x150 [ 633.151967][T10739] usb_start_wait_urb+0x104/0x4b0 [ 633.151987][T10739] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 633.152011][T10739] ? __asan_memset+0x23/0x50 [ 633.152036][T10739] usb_control_msg+0x326/0x4a0 [ 633.152055][T10739] ? __pfx_usb_control_msg+0x10/0x10 [ 633.152078][T10739] hub_ext_port_status+0x14e/0x670 [ 633.152114][T10739] hub_activate+0x6e5/0x1be0 [ 633.152138][T10739] ? __pfx_hub_activate+0x10/0x10 [ 633.152154][T10739] ? find_held_lock+0x2b/0x80 [ 633.152171][T10739] ? usbdev_ioctl+0x11b0/0x4070 [ 633.152186][T10739] ? usbfs_notify_resume+0x25/0xf0 [ 633.152207][T10739] hub_resume+0xa8/0x3f0 [ 633.152224][T10739] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 633.152251][T10739] ? __pfx_hub_resume+0x10/0x10 [ 633.152276][T10739] ? __pfx_hcd_bus_resume+0x10/0x10 [ 633.152306][T10739] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 633.152333][T10739] usb_resume_both+0x273/0x800 [ 633.152357][T10739] ? __pfx_usb_resume_both+0x10/0x10 [ 633.152381][T10739] ? __pfx_usb_runtime_resume+0x10/0x10 [ 633.152407][T10739] ? __pfx_usb_runtime_resume+0x10/0x10 [ 633.152433][T10739] __rpm_callback+0xc5/0x610 [ 633.152459][T10739] ? __pfx_usb_runtime_resume+0x10/0x10 [ 633.152485][T10739] rpm_callback+0x1b7/0x200 [ 633.152509][T10739] ? __pfx_usb_runtime_resume+0x10/0x10 [ 633.152533][T10739] rpm_resume+0xd0a/0x1310 [ 633.152563][T10739] ? __pfx_rpm_resume+0x10/0x10 [ 633.152585][T10739] ? do_raw_spin_lock+0x12c/0x2b0 [ 633.152610][T10739] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 633.152643][T10739] __pm_runtime_resume+0xb6/0x170 [ 633.152670][T10739] usb_autoresume_device+0x23/0xe0 [ 633.152696][T10739] usbdev_open+0x228/0x8b0 [ 633.152722][T10739] ? kobject_get_unless_zero+0x156/0x1e0 [ 633.152739][T10739] ? __pfx_usbdev_open+0x10/0x10 [ 633.152764][T10739] ? chrdev_open+0x10b/0x6a0 [ 633.152793][T10739] ? __pfx_usbdev_open+0x10/0x10 [ 633.152817][T10739] chrdev_open+0x231/0x6a0 [ 633.152841][T10739] ? __pfx_apparmor_file_open+0x10/0x10 [ 633.152862][T10739] ? __pfx_chrdev_open+0x10/0x10 [ 633.152889][T10739] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 633.152915][T10739] do_dentry_open+0x744/0x1c10 [ 633.152939][T10739] ? __pfx_chrdev_open+0x10/0x10 [ 633.152968][T10739] vfs_open+0x82/0x3f0 [ 633.152988][T10739] path_openat+0x1de4/0x2cb0 [ 633.153019][T10739] ? __pfx_path_openat+0x10/0x10 [ 633.153044][T10739] ? __lock_acquire+0xb8a/0x1c90 [ 633.153068][T10739] do_filp_open+0x20b/0x470 [ 633.153092][T10739] ? __pfx_do_filp_open+0x10/0x10 [ 633.153130][T10739] ? alloc_fd+0x471/0x7d0 [ 633.153159][T10739] do_sys_openat2+0x11b/0x1d0 [ 633.153176][T10739] ? __pfx_do_sys_openat2+0x10/0x10 [ 633.153203][T10739] __x64_sys_openat+0x174/0x210 [ 633.153221][T10739] ? __pfx___x64_sys_openat+0x10/0x10 [ 633.153249][T10739] do_syscall_64+0xcd/0x490 [ 633.153275][T10739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.153292][T10739] RIP: 0033:0x7fcf4cb8e929 [ 633.153307][T10739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.153324][T10739] RSP: 002b:00007fcf4d92e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 633.153342][T10739] RAX: ffffffffffffffda RBX: 00007fcf4cdb5fa0 RCX: 00007fcf4cb8e929 [ 633.153353][T10739] RDX: 000000000000a901 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 633.153363][T10739] RBP: 00007fcf4cc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 633.153373][T10739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 633.153383][T10739] R13: 0000000000000000 R14: 00007fcf4cdb5fa0 R15: 00007ffdefafba88 [ 633.153405][T10739] [ 633.612540][T10739] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 634.983734][T10768] FAULT_INJECTION: forcing a failure. [ 634.983734][T10768] name failslab, interval 1, probability 0, space 0, times 0 [ 635.028572][T10768] CPU: 1 UID: 0 PID: 10768 Comm: syz.0.982 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 635.028605][T10768] Tainted: [U]=USER [ 635.028611][T10768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 635.028621][T10768] Call Trace: [ 635.028628][T10768] [ 635.028635][T10768] dump_stack_lvl+0x16c/0x1f0 [ 635.028665][T10768] should_fail_ex+0x512/0x640 [ 635.028689][T10768] ? __kmalloc_noprof+0xbf/0x510 [ 635.028715][T10768] ? lsm_blob_alloc+0x68/0x90 [ 635.028738][T10768] should_failslab+0xc2/0x120 [ 635.028754][T10768] __kmalloc_noprof+0xd2/0x510 [ 635.028783][T10768] lsm_blob_alloc+0x68/0x90 [ 635.028808][T10768] security_prepare_creds+0x30/0x270 [ 635.028832][T10768] prepare_creds+0x56f/0x7d0 [ 635.028856][T10768] cap_task_prctl+0x46a/0xa80 [ 635.028874][T10768] security_task_prctl+0xbf/0x160 [ 635.028902][T10768] __do_sys_prctl+0xaa/0x24c0 [ 635.028928][T10768] ? __pfx___do_sys_prctl+0x10/0x10 [ 635.028958][T10768] do_syscall_64+0xcd/0x490 [ 635.028975][T10768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.028992][T10768] RIP: 0033:0x7fcf4cb8e929 [ 635.029007][T10768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.029023][T10768] RSP: 002b:00007fcf4d92e038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 635.029039][T10768] RAX: ffffffffffffffda RBX: 00007fcf4cdb5fa0 RCX: 00007fcf4cb8e929 [ 635.029050][T10768] RDX: 0000000100000000 RSI: 0000000000000005 RDI: 000001000000001c [ 635.029060][T10768] RBP: 00007fcf4cc10b39 R08: 0000003fffffffff R09: 0000000000000000 [ 635.029070][T10768] R10: 000040000000000c R11: 0000000000000246 R12: 0000000000000000 [ 635.029079][T10768] R13: 0000000000000000 R14: 00007fcf4cdb5fa0 R15: 00007ffdefafba88 [ 635.029100][T10768] [ 636.705789][T10776] ubi0: attaching mtd0 [ 636.934355][T10776] ubi0: scanning is finished [ 636.964413][T10776] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 637.692917][T10776] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 643.363590][ T5878] Bluetooth: hci2: Malformed Event: 0x02 [ 644.138095][ T30] audit: type=1800 audit(4294967424.609:17): pid=10895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1003" name="lu_gp_id" dev="configfs" ino=73777 res=0 errno=0 [ 648.036035][T10935] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1012'. [ 649.810406][T10966] random: crng reseeded on system resumption [ 651.895968][T10998] zram: Removed device: zram0 [ 651.977238][T10997] FAULT_INJECTION: forcing a failure. [ 651.977238][T10997] name failslab, interval 1, probability 0, space 0, times 0 [ 652.065384][T10997] CPU: 1 UID: 0 PID: 10997 Comm: syz.3.1031 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 652.065420][T10997] Tainted: [U]=USER [ 652.065426][T10997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 652.065436][T10997] Call Trace: [ 652.065442][T10997] [ 652.065449][T10997] dump_stack_lvl+0x16c/0x1f0 [ 652.065481][T10997] should_fail_ex+0x512/0x640 [ 652.065507][T10997] ? __kmalloc_noprof+0xbf/0x510 [ 652.065534][T10997] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 652.065558][T10997] should_failslab+0xc2/0x120 [ 652.065576][T10997] __kmalloc_noprof+0xd2/0x510 [ 652.065600][T10997] ? mark_held_locks+0x49/0x80 [ 652.065623][T10997] ? _raw_spin_unlock_irq+0x23/0x50 [ 652.065649][T10997] usb_hcd_submit_urb+0x5cf/0x1c60 [ 652.065680][T10997] usb_submit_urb+0x87c/0x1790 [ 652.065699][T10997] ? lockdep_init_map_type+0x33/0x280 [ 652.065721][T10997] ? __init_swait_queue_head+0xca/0x150 [ 652.065755][T10997] usb_start_wait_urb+0x104/0x4b0 [ 652.065774][T10997] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 652.065799][T10997] ? __asan_memset+0x23/0x50 [ 652.065824][T10997] usb_control_msg+0x326/0x4a0 [ 652.065842][T10997] ? __pfx_usb_control_msg+0x10/0x10 [ 652.065866][T10997] hub_ext_port_status+0x14e/0x670 [ 652.065901][T10997] hub_activate+0x6e5/0x1be0 [ 652.065927][T10997] ? __pfx_hub_activate+0x10/0x10 [ 652.065943][T10997] ? find_held_lock+0x2b/0x80 [ 652.065961][T10997] ? usbdev_ioctl+0x11b0/0x4070 [ 652.065977][T10997] ? usbfs_notify_resume+0x25/0xf0 [ 652.065998][T10997] hub_resume+0xa8/0x3f0 [ 652.066016][T10997] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 652.066044][T10997] ? __pfx_hub_resume+0x10/0x10 [ 652.066071][T10997] ? __pfx_hcd_bus_resume+0x10/0x10 [ 652.066101][T10997] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 652.066128][T10997] usb_resume_both+0x273/0x800 [ 652.066152][T10997] ? __pfx_usb_resume_both+0x10/0x10 [ 652.066177][T10997] ? __pfx_usb_runtime_resume+0x10/0x10 [ 652.066204][T10997] ? __pfx_usb_runtime_resume+0x10/0x10 [ 652.066230][T10997] __rpm_callback+0xc5/0x610 [ 652.066260][T10997] ? __pfx_usb_runtime_resume+0x10/0x10 [ 652.066286][T10997] rpm_callback+0x1b7/0x200 [ 652.066310][T10997] ? __pfx_usb_runtime_resume+0x10/0x10 [ 652.066334][T10997] rpm_resume+0xd0a/0x1310 [ 652.066364][T10997] ? __pfx_rpm_resume+0x10/0x10 [ 652.066386][T10997] ? do_raw_spin_lock+0x12c/0x2b0 [ 652.066412][T10997] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 652.066446][T10997] __pm_runtime_resume+0xb6/0x170 [ 652.066473][T10997] usb_autoresume_device+0x23/0xe0 [ 652.066499][T10997] usbdev_open+0x228/0x8b0 [ 652.066524][T10997] ? kobject_get_unless_zero+0x156/0x1e0 [ 652.066541][T10997] ? __pfx_usbdev_open+0x10/0x10 [ 652.066566][T10997] ? chrdev_open+0x10b/0x6a0 [ 652.066594][T10997] ? __pfx_usbdev_open+0x10/0x10 [ 652.066618][T10997] chrdev_open+0x231/0x6a0 [ 652.066642][T10997] ? __pfx_apparmor_file_open+0x10/0x10 [ 652.066663][T10997] ? __pfx_chrdev_open+0x10/0x10 [ 652.066690][T10997] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 652.066717][T10997] do_dentry_open+0x744/0x1c10 [ 652.066741][T10997] ? __pfx_chrdev_open+0x10/0x10 [ 652.066770][T10997] vfs_open+0x82/0x3f0 [ 652.066791][T10997] path_openat+0x1de4/0x2cb0 [ 652.066822][T10997] ? __pfx_path_openat+0x10/0x10 [ 652.066847][T10997] ? __lock_acquire+0xb8a/0x1c90 [ 652.066870][T10997] do_filp_open+0x20b/0x470 [ 652.066894][T10997] ? __pfx_do_filp_open+0x10/0x10 [ 652.066934][T10997] ? alloc_fd+0x471/0x7d0 [ 652.066962][T10997] do_sys_openat2+0x11b/0x1d0 [ 652.066980][T10997] ? __pfx_do_sys_openat2+0x10/0x10 [ 652.067007][T10997] __x64_sys_openat+0x174/0x210 [ 652.067026][T10997] ? __pfx___x64_sys_openat+0x10/0x10 [ 652.067061][T10997] do_syscall_64+0xcd/0x490 [ 652.067078][T10997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.067095][T10997] RIP: 0033:0x7f552f98e929 [ 652.067112][T10997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.067129][T10997] RSP: 002b:00007f553089b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 652.067148][T10997] RAX: ffffffffffffffda RBX: 00007f552fbb5fa0 RCX: 00007f552f98e929 [ 652.067160][T10997] RDX: 000000000000a901 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 652.067171][T10997] RBP: 00007f552fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 652.067182][T10997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 652.067191][T10997] R13: 0000000000000000 R14: 00007f552fbb5fa0 R15: 00007ffea2f3c5c8 [ 652.067213][T10997] [ 652.756603][T10997] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 652.819162][T10980] Restarting kernel threads ... [ 652.825279][T10980] Done restarting kernel threads. [ 652.872420][T11006] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1032'. [ 653.152802][T11006] netlink: zone id is out of range [ 653.157989][T11006] netlink: zone id is out of range [ 653.177975][T11006] netlink: zone id is out of range [ 653.188762][T11006] netlink: zone id is out of range [ 653.199143][T11006] netlink: zone id is out of range [ 653.204626][T11006] netlink: zone id is out of range [ 653.211876][T11006] netlink: zone id is out of range [ 653.221180][T11006] netlink: zone id is out of range [ 653.227055][T11006] netlink: zone id is out of range [ 653.232510][T11006] netlink: zone id is out of range [ 654.268296][T11023] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 654.771251][T11034] FAULT_INJECTION: forcing a failure. [ 654.771251][T11034] name failslab, interval 1, probability 0, space 0, times 0 [ 654.866600][T11034] CPU: 1 UID: 0 PID: 11034 Comm: syz.0.1039 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 654.866633][T11034] Tainted: [U]=USER [ 654.866639][T11034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.866649][T11034] Call Trace: [ 654.866656][T11034] [ 654.866663][T11034] dump_stack_lvl+0x16c/0x1f0 [ 654.866696][T11034] should_fail_ex+0x512/0x640 [ 654.866720][T11034] ? fs_reclaim_acquire+0xae/0x150 [ 654.866743][T11034] should_failslab+0xc2/0x120 [ 654.866763][T11034] __kmalloc_cache_noprof+0x6a/0x3e0 [ 654.866785][T11034] ? hub_ext_port_status+0x5e/0x670 [ 654.866810][T11034] ? usb_control_msg+0xbc/0x4a0 [ 654.866832][T11034] usb_control_msg+0xbc/0x4a0 [ 654.866852][T11034] ? __pfx_usb_control_msg+0x10/0x10 [ 654.866877][T11034] hub_ext_port_status+0x14e/0x670 [ 654.866912][T11034] hub_activate+0x6e5/0x1be0 [ 654.866936][T11034] ? __pfx_hub_activate+0x10/0x10 [ 654.866952][T11034] ? find_held_lock+0x2b/0x80 [ 654.866970][T11034] ? usbdev_ioctl+0x11b0/0x4070 [ 654.866986][T11034] ? usbfs_notify_resume+0x25/0xf0 [ 654.867007][T11034] hub_resume+0xa8/0x3f0 [ 654.867025][T11034] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 654.867054][T11034] ? __pfx_hub_resume+0x10/0x10 [ 654.867072][T11034] ? __pfx_hcd_bus_resume+0x10/0x10 [ 654.867102][T11034] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 654.867129][T11034] usb_resume_both+0x273/0x800 [ 654.867153][T11034] ? __pfx_usb_resume_both+0x10/0x10 [ 654.867177][T11034] ? __pfx_usb_runtime_resume+0x10/0x10 [ 654.867203][T11034] ? __pfx_usb_runtime_resume+0x10/0x10 [ 654.867228][T11034] __rpm_callback+0xc5/0x610 [ 654.867255][T11034] ? __pfx_usb_runtime_resume+0x10/0x10 [ 654.867281][T11034] rpm_callback+0x1b7/0x200 [ 654.867313][T11034] ? __pfx_usb_runtime_resume+0x10/0x10 [ 654.867339][T11034] rpm_resume+0xd0a/0x1310 [ 654.867370][T11034] ? __pfx_rpm_resume+0x10/0x10 [ 654.867393][T11034] ? do_raw_spin_lock+0x12c/0x2b0 [ 654.867419][T11034] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 654.867452][T11034] __pm_runtime_resume+0xb6/0x170 [ 654.867479][T11034] usb_autoresume_device+0x23/0xe0 [ 654.867505][T11034] usbdev_open+0x228/0x8b0 [ 654.867531][T11034] ? kobject_get_unless_zero+0x156/0x1e0 [ 654.867548][T11034] ? __pfx_usbdev_open+0x10/0x10 [ 654.867573][T11034] ? chrdev_open+0x10b/0x6a0 [ 654.867601][T11034] ? __pfx_usbdev_open+0x10/0x10 [ 654.867630][T11034] chrdev_open+0x231/0x6a0 [ 654.867654][T11034] ? __pfx_apparmor_file_open+0x10/0x10 [ 654.867676][T11034] ? __pfx_chrdev_open+0x10/0x10 [ 654.867704][T11034] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 654.867730][T11034] do_dentry_open+0x744/0x1c10 [ 654.867756][T11034] ? __pfx_chrdev_open+0x10/0x10 [ 654.867787][T11034] vfs_open+0x82/0x3f0 [ 654.867809][T11034] path_openat+0x1de4/0x2cb0 [ 654.867842][T11034] ? __pfx_path_openat+0x10/0x10 [ 654.867867][T11034] ? __lock_acquire+0xb8a/0x1c90 [ 654.867891][T11034] do_filp_open+0x20b/0x470 [ 654.867915][T11034] ? __pfx_do_filp_open+0x10/0x10 [ 654.867955][T11034] ? alloc_fd+0x471/0x7d0 [ 654.867984][T11034] do_sys_openat2+0x11b/0x1d0 [ 654.868002][T11034] ? __pfx_do_sys_openat2+0x10/0x10 [ 654.868019][T11034] ? rcu_is_watching+0x12/0xc0 [ 654.868047][T11034] __x64_sys_openat+0x174/0x210 [ 654.868068][T11034] ? __pfx___x64_sys_openat+0x10/0x10 [ 654.868096][T11034] do_syscall_64+0xcd/0x490 [ 654.868114][T11034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.868132][T11034] RIP: 0033:0x7fcf4cb8e929 [ 654.868148][T11034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.868164][T11034] RSP: 002b:00007fcf4d92e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 654.868182][T11034] RAX: ffffffffffffffda RBX: 00007fcf4cdb5fa0 RCX: 00007fcf4cb8e929 [ 654.868193][T11034] RDX: 000000000000a901 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 654.868204][T11034] RBP: 00007fcf4cc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 654.868213][T11034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.868223][T11034] R13: 0000000000000000 R14: 00007fcf4cdb5fa0 R15: 00007ffdefafba88 [ 654.868245][T11034] [ 655.290595][T11034] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 656.390716][T11050] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 656.480286][T11053] __vm_enough_memory: pid: 11053, comm: syz.2.1042, bytes: 4398046511104 not enough memory for the allocation [ 656.720559][T11053] __vm_enough_memory: pid: 11053, comm: syz.2.1042, bytes: 4398046511104 not enough memory for the allocation [ 656.841145][T11053] __vm_enough_memory: pid: 11053, comm: syz.2.1042, bytes: 4398046511104 not enough memory for the allocation [ 656.941496][T11053] __vm_enough_memory: pid: 11053, comm: syz.2.1042, bytes: 4398046511104 not enough memory for the allocation [ 657.041795][T11053] __vm_enough_memory: pid: 11053, comm: syz.2.1042, bytes: 4398046511104 not enough memory for the allocation [ 657.555746][T11069] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 659.063216][T11104] zswap: compressor not available [ 660.193214][ T5883] udevd[5883]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 663.013436][T11166] kAFS: No cell specified [ 663.018128][T11166] kAFS: No cell specified [ 663.134799][T11166] kAFS: No cell specified [ 663.191483][T11166] kAFS: No cell specified [ 663.196209][T11166] kAFS: No cell specified [ 663.449606][T11178] vivid-007: ================= START STATUS ================= [ 663.553120][T11166] kAFS: No cell specified [ 663.557815][T11166] kAFS: No cell specified [ 663.644596][T11178] vivid-007: Generate PTS: true [ 663.745651][T11178] vivid-007: Generate SCR: true [ 663.790822][T11166] kAFS: No cell specified [ 663.795463][T11166] kAFS: No cell specified [ 663.869011][T11178] tpg source WxH: 320x240 (Y'CbCr) [ 663.909917][T11172] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 663.960720][T11172] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 664.003090][T11178] tpg field: 1 [ 664.008848][T11172] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 664.051517][T11166] kAFS: No cell specified [ 664.056508][T11172] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 664.095445][T11172] CPU0 is offline. [ 664.124470][T11178] tpg crop: (0,0)/320x240 [ 664.128874][T11178] tpg compose: (0,0)/320x240 [ 664.182326][T11178] tpg colorspace: 8 [ 664.202889][T11178] tpg transfer function: 0/0 [ 664.242952][T11178] tpg Y'CbCr encoding: 0/0 [ 664.283621][T11178] tpg quantization: 0/0 [ 664.314220][T11178] tpg RGB range: 0/2 [ 664.318264][T11178] vivid-007: ================== END STATUS ================== [ 665.980200][ T5878] Bluetooth: hci3: command 0x0c1a tx timeout [ 665.986378][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 665.993190][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 666.139753][T11203] Bluetooth: hci2: command 0x0c1a tx timeout [ 668.912635][T11232] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 669.504187][T11242] FAULT_INJECTION: forcing a failure. [ 669.504187][T11242] name failslab, interval 1, probability 0, space 0, times 0 [ 669.558579][T11242] CPU: 1 UID: 0 PID: 11242 Comm: syz.2.1081 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 669.558612][T11242] Tainted: [U]=USER [ 669.558618][T11242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 669.558629][T11242] Call Trace: [ 669.558636][T11242] [ 669.558642][T11242] dump_stack_lvl+0x16c/0x1f0 [ 669.558673][T11242] should_fail_ex+0x512/0x640 [ 669.558696][T11242] ? fs_reclaim_acquire+0xae/0x150 [ 669.558718][T11242] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 669.558742][T11242] should_failslab+0xc2/0x120 [ 669.558759][T11242] __kmalloc_noprof+0xd2/0x510 [ 669.558788][T11242] tomoyo_realpath_from_path+0xc2/0x6e0 [ 669.558817][T11242] tomoyo_check_open_permission+0x2ab/0x3c0 [ 669.558862][T11242] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 669.558906][T11242] ? do_raw_spin_lock+0x12c/0x2b0 [ 669.558945][T11242] tomoyo_file_open+0x6b/0x90 [ 669.558972][T11242] security_file_open+0x84/0x1e0 [ 669.558995][T11242] do_dentry_open+0x596/0x1c10 [ 669.559027][T11242] vfs_open+0x82/0x3f0 [ 669.559048][T11242] path_openat+0x1de4/0x2cb0 [ 669.559080][T11242] ? __pfx_path_openat+0x10/0x10 [ 669.559104][T11242] ? __lock_acquire+0xb8a/0x1c90 [ 669.559128][T11242] do_filp_open+0x20b/0x470 [ 669.559152][T11242] ? __pfx_do_filp_open+0x10/0x10 [ 669.559191][T11242] ? alloc_fd+0x471/0x7d0 [ 669.559219][T11242] do_sys_openat2+0x11b/0x1d0 [ 669.559236][T11242] ? __pfx_do_sys_openat2+0x10/0x10 [ 669.559263][T11242] __x64_sys_openat+0x174/0x210 [ 669.559282][T11242] ? __pfx___x64_sys_openat+0x10/0x10 [ 669.559309][T11242] do_syscall_64+0xcd/0x490 [ 669.559326][T11242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.559343][T11242] RIP: 0033:0x7f19d758e929 [ 669.559357][T11242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.559379][T11242] RSP: 002b:00007f19d53f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 669.559397][T11242] RAX: ffffffffffffffda RBX: 00007f19d77b5fa0 RCX: 00007f19d758e929 [ 669.559408][T11242] RDX: 0000000000000000 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 669.559418][T11242] RBP: 00007f19d7610b39 R08: 0000000000000000 R09: 0000000000000000 [ 669.559427][T11242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 669.559437][T11242] R13: 0000000000000000 R14: 00007f19d77b5fa0 R15: 00007ffc7c23d1b8 [ 669.559459][T11242] [ 671.173232][T11242] ERROR: Out of memory at tomoyo_realpath_from_path. [ 673.252393][T11293] FAULT_INJECTION: forcing a failure. [ 673.252393][T11293] name failslab, interval 1, probability 0, space 0, times 0 [ 673.345124][T11293] CPU: 1 UID: 0 PID: 11293 Comm: syz.2.1091 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 673.345156][T11293] Tainted: [U]=USER [ 673.345162][T11293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 673.345171][T11293] Call Trace: [ 673.345177][T11293] [ 673.345184][T11293] dump_stack_lvl+0x16c/0x1f0 [ 673.345219][T11293] should_fail_ex+0x512/0x640 [ 673.345244][T11293] ? __kmalloc_noprof+0xbf/0x510 [ 673.345270][T11293] ? xfrm_hash_alloc+0xd1/0x100 [ 673.345292][T11293] should_failslab+0xc2/0x120 [ 673.345309][T11293] __kmalloc_noprof+0xd2/0x510 [ 673.345333][T11293] ? __pfx_xfrm_nat_keepalive_net_fini+0x1/0x10 [ 673.345355][T11293] xfrm_hash_alloc+0xd1/0x100 [ 673.345378][T11293] xfrm_state_init+0x11e/0x630 [ 673.345405][T11293] ? __pfx_xfrm_net_init+0x10/0x10 [ 673.345429][T11293] xfrm_net_init+0x210/0xcc0 [ 673.345457][T11293] ? __pfx_xfrm_net_init+0x10/0x10 [ 673.345481][T11293] ops_init+0x1e2/0x5f0 [ 673.345500][T11293] setup_net+0x1ff/0x510 [ 673.345515][T11293] ? lockdep_init_map_type+0x5c/0x280 [ 673.345538][T11293] ? __pfx_setup_net+0x10/0x10 [ 673.345556][T11293] ? debug_mutex_init+0x37/0x70 [ 673.345574][T11293] copy_net_ns+0x2a6/0x5f0 [ 673.345595][T11293] create_new_namespaces+0x3ea/0xa90 [ 673.345618][T11293] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 673.345638][T11293] ksys_unshare+0x45b/0xa40 [ 673.345661][T11293] ? __pfx_ksys_unshare+0x10/0x10 [ 673.345683][T11293] ? xfd_validate_state+0x61/0x180 [ 673.345711][T11293] __x64_sys_unshare+0x31/0x40 [ 673.345731][T11293] do_syscall_64+0xcd/0x490 [ 673.345748][T11293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.345764][T11293] RIP: 0033:0x7f19d758e929 [ 673.345778][T11293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.345795][T11293] RSP: 002b:00007f19d53d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 673.345814][T11293] RAX: ffffffffffffffda RBX: 00007f19d77b6080 RCX: 00007f19d758e929 [ 673.345825][T11293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 673.345834][T11293] RBP: 00007f19d7610b39 R08: 0000000000000000 R09: 0000000000000000 [ 673.345844][T11293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.345854][T11293] R13: 0000000000000000 R14: 00007f19d77b6080 R15: 00007ffc7c23d1b8 [ 673.345875][T11293] [ 673.592471][T11294] FAULT_INJECTION: forcing a failure. [ 673.592471][T11294] name failslab, interval 1, probability 0, space 0, times 0 [ 673.605992][T11294] CPU: 1 UID: 0 PID: 11294 Comm: syz.0.1089 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 673.606023][T11294] Tainted: [U]=USER [ 673.606028][T11294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 673.606038][T11294] Call Trace: [ 673.606044][T11294] [ 673.606051][T11294] dump_stack_lvl+0x16c/0x1f0 [ 673.606083][T11294] should_fail_ex+0x512/0x640 [ 673.606108][T11294] ? __kmalloc_noprof+0xbf/0x510 [ 673.606134][T11294] ? copy_splice_read+0x1a8/0xba0 [ 673.606154][T11294] should_failslab+0xc2/0x120 [ 673.606170][T11294] __kmalloc_noprof+0xd2/0x510 [ 673.606199][T11294] copy_splice_read+0x1a8/0xba0 [ 673.606225][T11294] ? __pfx_copy_splice_read+0x10/0x10 [ 673.606248][T11294] ? look_up_lock_class+0x59/0x150 [ 673.606277][T11294] ? lockdep_init_map_type+0x5c/0x280 [ 673.606302][T11294] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 673.606328][T11294] ? __pfx_copy_splice_read+0x10/0x10 [ 673.606348][T11294] do_splice_read+0x282/0x370 [ 673.606371][T11294] splice_direct_to_actor+0x2a1/0xa30 [ 673.606394][T11294] ? __pfx_direct_splice_actor+0x10/0x10 [ 673.606420][T11294] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 673.606441][T11294] ? get_pid_task+0xfc/0x250 [ 673.606469][T11294] do_splice_direct+0x174/0x240 [ 673.606491][T11294] ? __pfx_do_splice_direct+0x10/0x10 [ 673.606512][T11294] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 673.606537][T11294] ? rw_verify_area+0xcf/0x680 [ 673.606560][T11294] do_sendfile+0xb06/0xe50 [ 673.606673][T11294] ? __pfx_do_sendfile+0x10/0x10 [ 673.606697][T11294] ? __fget_files+0x20e/0x3c0 [ 673.606726][T11294] __x64_sys_sendfile64+0x1d8/0x220 [ 673.606742][T11294] ? ksys_write+0x1ac/0x250 [ 673.606765][T11294] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 673.606788][T11294] do_syscall_64+0xcd/0x490 [ 673.606806][T11294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.606824][T11294] RIP: 0033:0x7fcf4cb8e929 [ 673.606840][T11294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.606865][T11294] RSP: 002b:00007fcf4a9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 673.606882][T11294] RAX: ffffffffffffffda RBX: 00007fcf4cdb6080 RCX: 00007fcf4cb8e929 [ 673.606893][T11294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000009 [ 673.606903][T11294] RBP: 00007fcf4a9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 673.606913][T11294] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 673.606922][T11294] R13: 0000000000000000 R14: 00007fcf4cdb6080 R15: 00007ffdefafba88 [ 673.606943][T11294] [ 674.369957][T11291] could not allocate digest TFM handle [ 674.396572][T11292] could not allocate digest TFM handle [ 674.819196][T11305] FAULT_INJECTION: forcing a failure. [ 674.819196][T11305] name failslab, interval 1, probability 0, space 0, times 0 [ 674.859787][T11305] CPU: 1 UID: 0 PID: 11305 Comm: syz.3.1092 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 674.859827][T11305] Tainted: [U]=USER [ 674.859833][T11305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 674.859843][T11305] Call Trace: [ 674.859849][T11305] [ 674.859856][T11305] dump_stack_lvl+0x16c/0x1f0 [ 674.859887][T11305] should_fail_ex+0x512/0x640 [ 674.859911][T11305] ? __kmalloc_noprof+0xbf/0x510 [ 674.859937][T11305] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 674.859961][T11305] should_failslab+0xc2/0x120 [ 674.859978][T11305] __kmalloc_noprof+0xd2/0x510 [ 674.860002][T11305] ? mark_held_locks+0x49/0x80 [ 674.860023][T11305] ? _raw_spin_unlock_irq+0x23/0x50 [ 674.860052][T11305] usb_hcd_submit_urb+0x5cf/0x1c60 [ 674.860082][T11305] usb_submit_urb+0x87c/0x1790 [ 674.860100][T11305] ? lockdep_init_map_type+0x33/0x280 [ 674.860123][T11305] ? __init_swait_queue_head+0xca/0x150 [ 674.860151][T11305] usb_start_wait_urb+0x104/0x4b0 [ 674.860170][T11305] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 674.860195][T11305] ? __asan_memset+0x23/0x50 [ 674.860220][T11305] usb_control_msg+0x326/0x4a0 [ 674.860238][T11305] ? __pfx_usb_control_msg+0x10/0x10 [ 674.860262][T11305] hub_ext_port_status+0x14e/0x670 [ 674.860296][T11305] hub_activate+0x6e5/0x1be0 [ 674.860320][T11305] ? __pfx_hub_activate+0x10/0x10 [ 674.860335][T11305] ? find_held_lock+0x2b/0x80 [ 674.860351][T11305] ? usbdev_ioctl+0x11b0/0x4070 [ 674.860367][T11305] ? usbfs_notify_resume+0x25/0xf0 [ 674.860388][T11305] hub_resume+0xa8/0x3f0 [ 674.860405][T11305] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 674.860433][T11305] ? __pfx_hub_resume+0x10/0x10 [ 674.860451][T11305] ? __pfx_hcd_bus_resume+0x10/0x10 [ 674.860480][T11305] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 674.860508][T11305] usb_resume_both+0x273/0x800 [ 674.860532][T11305] ? __pfx_usb_resume_both+0x10/0x10 [ 674.860556][T11305] ? __pfx_usb_runtime_resume+0x10/0x10 [ 674.860582][T11305] ? __pfx_usb_runtime_resume+0x10/0x10 [ 674.860607][T11305] __rpm_callback+0xc5/0x610 [ 674.860634][T11305] ? __pfx_usb_runtime_resume+0x10/0x10 [ 674.860659][T11305] rpm_callback+0x1b7/0x200 [ 674.860682][T11305] ? __pfx_usb_runtime_resume+0x10/0x10 [ 674.860707][T11305] rpm_resume+0xd0a/0x1310 [ 674.860736][T11305] ? __pfx_rpm_resume+0x10/0x10 [ 674.860758][T11305] ? do_raw_spin_lock+0x12c/0x2b0 [ 674.860782][T11305] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 674.860830][T11305] __pm_runtime_resume+0xb6/0x170 [ 674.860857][T11305] usb_autoresume_device+0x23/0xe0 [ 674.860883][T11305] usbdev_open+0x228/0x8b0 [ 674.860910][T11305] ? kobject_get_unless_zero+0x156/0x1e0 [ 674.860927][T11305] ? __pfx_usbdev_open+0x10/0x10 [ 674.860953][T11305] ? chrdev_open+0x10b/0x6a0 [ 674.860982][T11305] ? __pfx_usbdev_open+0x10/0x10 [ 674.861006][T11305] chrdev_open+0x231/0x6a0 [ 674.861030][T11305] ? __pfx_apparmor_file_open+0x10/0x10 [ 674.861053][T11305] ? __pfx_chrdev_open+0x10/0x10 [ 674.861080][T11305] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 674.861107][T11305] do_dentry_open+0x744/0x1c10 [ 674.861131][T11305] ? __pfx_chrdev_open+0x10/0x10 [ 674.861160][T11305] vfs_open+0x82/0x3f0 [ 674.861180][T11305] path_openat+0x1de4/0x2cb0 [ 674.861212][T11305] ? __pfx_path_openat+0x10/0x10 [ 674.861236][T11305] ? __lock_acquire+0xb8a/0x1c90 [ 674.861260][T11305] do_filp_open+0x20b/0x470 [ 674.861283][T11305] ? __pfx_do_filp_open+0x10/0x10 [ 674.861324][T11305] ? alloc_fd+0x471/0x7d0 [ 674.861353][T11305] do_sys_openat2+0x11b/0x1d0 [ 674.861371][T11305] ? __pfx_do_sys_openat2+0x10/0x10 [ 674.861399][T11305] __x64_sys_openat+0x174/0x210 [ 674.861418][T11305] ? __pfx___x64_sys_openat+0x10/0x10 [ 674.861446][T11305] do_syscall_64+0xcd/0x490 [ 674.861463][T11305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.861480][T11305] RIP: 0033:0x7f552f98e929 [ 674.861496][T11305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.861512][T11305] RSP: 002b:00007f553089b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 674.861529][T11305] RAX: ffffffffffffffda RBX: 00007f552fbb5fa0 RCX: 00007f552f98e929 [ 674.861540][T11305] RDX: 000000000000a901 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 674.861550][T11305] RBP: 00007f552fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 674.861560][T11305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.861569][T11305] R13: 0000000000000000 R14: 00007f552fbb5fa0 R15: 00007ffea2f3c5c8 [ 674.861591][T11305] [ 675.342745][T11305] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 676.171157][T11314] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 676.470365][T11318] ================================================================== [ 676.478488][T11318] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 676.486238][T11318] Read of size 8 at addr ffff8881462dd218 by task syz.3.1095/11318 [ 676.494142][T11318] [ 676.496483][T11318] CPU: 1 UID: 0 PID: 11318 Comm: syz.3.1095 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 676.496510][T11318] Tainted: [U]=USER [ 676.496517][T11318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 676.496528][T11318] Call Trace: [ 676.496536][T11318] [ 676.496543][T11318] dump_stack_lvl+0x116/0x1f0 [ 676.496573][T11318] print_report+0xcd/0x680 [ 676.496600][T11318] ? __virt_addr_valid+0x81/0x610 [ 676.496618][T11318] ? __phys_addr+0xe8/0x180 [ 676.496634][T11318] ? dvb_device_open+0x36a/0x3b0 [ 676.496660][T11318] kasan_report+0xe0/0x110 [ 676.496675][T11318] ? dvb_device_open+0x36a/0x3b0 [ 676.496701][T11318] ? __pfx_dvb_device_open+0x10/0x10 [ 676.496727][T11318] dvb_device_open+0x36a/0x3b0 [ 676.496752][T11318] ? __pfx_dvb_device_open+0x10/0x10 [ 676.496777][T11318] chrdev_open+0x231/0x6a0 [ 676.496810][T11318] ? __pfx_apparmor_file_open+0x10/0x10 [ 676.496832][T11318] ? __pfx_chrdev_open+0x10/0x10 [ 676.496857][T11318] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 676.496881][T11318] do_dentry_open+0x744/0x1c10 [ 676.496906][T11318] ? __pfx_chrdev_open+0x10/0x10 [ 676.496933][T11318] vfs_open+0x82/0x3f0 [ 676.496951][T11318] path_openat+0x1de4/0x2cb0 [ 676.496977][T11318] ? __pfx_path_openat+0x10/0x10 [ 676.497001][T11318] ? __lock_acquire+0xb8a/0x1c90 [ 676.497023][T11318] do_filp_open+0x20b/0x470 [ 676.497047][T11318] ? __pfx_do_filp_open+0x10/0x10 [ 676.497076][T11318] ? alloc_fd+0x471/0x7d0 [ 676.497100][T11318] do_sys_openat2+0x11b/0x1d0 [ 676.497118][T11318] ? __pfx_do_sys_openat2+0x10/0x10 [ 676.497135][T11318] ? __pfx_do_sys_openat2+0x10/0x10 [ 676.497154][T11318] ? __pfx___might_resched+0x10/0x10 [ 676.497173][T11318] __x64_sys_openat+0x174/0x210 [ 676.497192][T11318] ? __pfx___x64_sys_openat+0x10/0x10 [ 676.497214][T11318] do_syscall_64+0xcd/0x490 [ 676.497230][T11318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.497248][T11318] RIP: 0033:0x7f552f98e929 [ 676.497263][T11318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.497280][T11318] RSP: 002b:00007f553089b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 676.497297][T11318] RAX: ffffffffffffffda RBX: 00007f552fbb5fa0 RCX: 00007f552f98e929 [ 676.497308][T11318] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 676.497319][T11318] RBP: 00007f552fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 676.497329][T11318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.497339][T11318] R13: 0000000000000000 R14: 00007f552fbb5fa0 R15: 00007ffea2f3c5c8 [ 676.497354][T11318] [ 676.497360][T11318] [ 676.766661][T11318] Allocated by task 1: [ 676.770818][T11318] kasan_save_stack+0x33/0x60 [ 676.775628][T11318] kasan_save_track+0x14/0x30 [ 676.780607][T11318] __kasan_kmalloc+0xaa/0xb0 [ 676.785407][T11318] dvb_register_device+0x1e4/0x2370 [ 676.790643][T11318] dvb_register_frontend+0x5a6/0x880 [ 676.796162][T11318] vidtv_bridge_probe+0x459/0xa90 [ 676.801350][T11318] platform_probe+0x102/0x1f0 [ 676.806048][T11318] really_probe+0x23e/0xa90 [ 676.810647][T11318] __driver_probe_device+0x1de/0x440 [ 676.816034][T11318] driver_probe_device+0x4c/0x1b0 [ 676.821094][T11318] __driver_attach+0x283/0x580 [ 676.825915][T11318] bus_for_each_dev+0x13e/0x1d0 [ 676.830789][T11318] bus_add_driver+0x2e9/0x690 [ 676.835502][T11318] driver_register+0x15c/0x4b0 [ 676.840296][T11318] vidtv_bridge_init+0x45/0x80 [ 676.845185][T11318] do_one_initcall+0x120/0x6e0 [ 676.849996][T11318] kernel_init_freeable+0x5c2/0x900 [ 676.855321][T11318] kernel_init+0x1c/0x2b0 [ 676.859756][T11318] ret_from_fork+0x5d7/0x6f0 [ 676.864455][T11318] ret_from_fork_asm+0x1a/0x30 [ 676.869223][T11318] [ 676.871557][T11318] Freed by task 11314: [ 676.875636][T11318] kasan_save_stack+0x33/0x60 [ 676.880318][T11318] kasan_save_track+0x14/0x30 [ 676.885103][T11318] kasan_save_free_info+0x3b/0x60 [ 676.890137][T11318] __kasan_slab_free+0x51/0x70 [ 676.894916][T11318] kfree+0x2b4/0x4d0 [ 676.899003][T11318] dvb_device_put.part.0+0x60/0x90 [ 676.904134][T11318] dvb_device_open+0x2a4/0x3b0 [ 676.908998][T11318] chrdev_open+0x231/0x6a0 [ 676.913444][T11318] do_dentry_open+0x744/0x1c10 [ 676.918272][T11318] vfs_open+0x82/0x3f0 [ 676.922384][T11318] path_openat+0x1de4/0x2cb0 [ 676.927291][T11318] do_filp_open+0x20b/0x470 [ 676.931833][T11318] do_sys_openat2+0x11b/0x1d0 [ 676.936550][T11318] __x64_sys_openat+0x174/0x210 [ 676.941459][T11318] do_syscall_64+0xcd/0x490 [ 676.946147][T11318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.952164][T11318] [ 676.954489][T11318] The buggy address belongs to the object at ffff8881462dd200 [ 676.954489][T11318] which belongs to the cache kmalloc-256 of size 256 [ 676.968714][T11318] The buggy address is located 24 bytes inside of [ 676.968714][T11318] freed 256-byte region [ffff8881462dd200, ffff8881462dd300) [ 676.982644][T11318] [ 676.984997][T11318] The buggy address belongs to the physical page: [ 676.991426][T11318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1462dc [ 677.000473][T11318] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 677.009167][T11318] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 677.016816][T11318] page_type: f5(slab) [ 677.020846][T11318] raw: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 677.029498][T11318] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 677.038216][T11318] head: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 677.046910][T11318] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 677.055586][T11318] head: 057ff00000000001 ffffea000518b701 00000000ffffffff 00000000ffffffff [ 677.064257][T11318] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 677.072946][T11318] page dumped because: kasan: bad access detected [ 677.079376][T11318] page_owner tracks the page as allocated [ 677.085211][T11318] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 23218676727, free_ts 0 [ 677.105390][T11318] post_alloc_hook+0x1c0/0x230 [ 677.110167][T11318] get_page_from_freelist+0x1321/0x3890 [ 677.115796][T11318] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 677.121714][T11318] alloc_pages_mpol+0x1fb/0x550 [ 677.126591][T11318] new_slab+0x23b/0x330 [ 677.130770][T11318] ___slab_alloc+0xd9c/0x1940 [ 677.135517][T11318] __slab_alloc.constprop.0+0x56/0xb0 [ 677.140993][T11318] __kmalloc_cache_noprof+0xfb/0x3e0 [ 677.146322][T11318] bus_add_driver+0x92/0x690 [ 677.151208][T11318] driver_register+0x15c/0x4b0 [ 677.156348][T11318] usb_register_driver+0x216/0x4d0 [ 677.161475][T11318] do_one_initcall+0x120/0x6e0 [ 677.166237][T11318] kernel_init_freeable+0x5c2/0x900 [ 677.171474][T11318] kernel_init+0x1c/0x2b0 [ 677.175843][T11318] ret_from_fork+0x5d7/0x6f0 [ 677.180452][T11318] ret_from_fork_asm+0x1a/0x30 [ 677.185235][T11318] page_owner free stack trace missing [ 677.190620][T11318] [ 677.192941][T11318] Memory state around the buggy address: [ 677.198587][T11318] ffff8881462dd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 677.206661][T11318] ffff8881462dd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 677.214917][T11318] >ffff8881462dd200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 677.223188][T11318] ^ [ 677.228335][T11318] ffff8881462dd280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 677.236440][T11318] ffff8881462dd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 677.244534][T11318] ================================================================== [ 679.364220][T11318] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 679.371873][T11318] CPU: 1 UID: 0 PID: 11318 Comm: syz.3.1095 Tainted: G U 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full) [ 679.385907][T11318] Tainted: [U]=USER [ 679.389711][T11318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 679.399987][T11318] Call Trace: [ 679.403270][T11318] [ 679.406457][T11318] dump_stack_lvl+0x3d/0x1f0 [ 679.411098][T11318] panic+0x71c/0x800 [ 679.415117][T11318] ? __pfx_panic+0x10/0x10 [ 679.419563][T11318] ? mark_held_locks+0x49/0x80 [ 679.424357][T11318] ? preempt_schedule_thunk+0x16/0x30 [ 679.429779][T11318] ? dvb_device_open+0x36a/0x3b0 [ 679.434759][T11318] ? preempt_schedule_common+0x44/0xc0 [ 679.440251][T11318] ? check_panic_on_warn+0x1f/0xb0 [ 679.445563][T11318] ? dvb_device_open+0x36a/0x3b0 [ 679.450634][T11318] check_panic_on_warn+0xab/0xb0 [ 679.455606][T11318] end_report+0x107/0x170 [ 679.459994][T11318] kasan_report+0xee/0x110 [ 679.464454][T11318] ? dvb_device_open+0x36a/0x3b0 [ 679.469426][T11318] ? __pfx_dvb_device_open+0x10/0x10 [ 679.474768][T11318] dvb_device_open+0x36a/0x3b0 [ 679.479845][T11318] ? __pfx_dvb_device_open+0x10/0x10 [ 679.485151][T11318] chrdev_open+0x231/0x6a0 [ 679.489631][T11318] ? __pfx_apparmor_file_open+0x10/0x10 [ 679.495397][T11318] ? __pfx_chrdev_open+0x10/0x10 [ 679.500524][T11318] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 679.507335][T11318] do_dentry_open+0x744/0x1c10 [ 679.512313][T11318] ? __pfx_chrdev_open+0x10/0x10 [ 679.517301][T11318] vfs_open+0x82/0x3f0 [ 679.521489][T11318] path_openat+0x1de4/0x2cb0 [ 679.526131][T11318] ? __pfx_path_openat+0x10/0x10 [ 679.531103][T11318] ? __lock_acquire+0xb8a/0x1c90 [ 679.536081][T11318] do_filp_open+0x20b/0x470 [ 679.540876][T11318] ? __pfx_do_filp_open+0x10/0x10 [ 679.546025][T11318] ? alloc_fd+0x471/0x7d0 [ 679.550369][T11318] do_sys_openat2+0x11b/0x1d0 [ 679.555090][T11318] ? __pfx_do_sys_openat2+0x10/0x10 [ 679.560314][T11318] ? __pfx_do_sys_openat2+0x10/0x10 [ 679.565913][T11318] ? __pfx___might_resched+0x10/0x10 [ 679.571345][T11318] __x64_sys_openat+0x174/0x210 [ 679.576350][T11318] ? __pfx___x64_sys_openat+0x10/0x10 [ 679.582294][T11318] do_syscall_64+0xcd/0x490 [ 679.587311][T11318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.594137][T11318] RIP: 0033:0x7f552f98e929 [ 679.599229][T11318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 679.619780][T11318] RSP: 002b:00007f553089b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 679.628250][T11318] RAX: ffffffffffffffda RBX: 00007f552fbb5fa0 RCX: 00007f552f98e929 [ 679.636337][T11318] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 679.644422][T11318] RBP: 00007f552fa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 679.652697][T11318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 679.660849][T11318] R13: 0000000000000000 R14: 00007f552fbb5fa0 R15: 00007ffea2f3c5c8 [ 679.668948][T11318] [ 679.672037][T11318] Kernel Offset: disabled [ 679.676400][T11318] Rebooting in 86400 seconds..