last executing test programs: 3m47.532963683s ago: executing program 3 (id=657): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x3f3) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) removexattrat$auto(0xffffffffffffffff, 0x0, 0x8001, 0x0) 3m46.942810053s ago: executing program 3 (id=666): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) setfsuid$auto(0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x80045500, 0x38) r0 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r0, 0x3b8a, 0x38) 3m46.742022619s ago: executing program 3 (id=668): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8402, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r1 = getpid() r2 = gettid() rt_tgsigqueueinfo$auto(r1, r2, 0x1f, &(0x7f0000000400)={@siginfo_0_0={0xfffffffc, 0x4, 0x8, @_sigsys={&(0x7f0000000480), 0x80000009, 0x8a}}}) ppoll$auto(&(0x7f0000000040)={r0, 0x690, 0xffa1}, 0x5, 0x0, &(0x7f00000000c0)={0x4}, 0x8) ioctl$auto_SOUND_OLD_MIXER_INFO2(r3, 0x80304d65, 0x0) close_range$auto(0x2, 0x8, 0x0) 3m46.067302119s ago: executing program 3 (id=677): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 3m45.747060175s ago: executing program 3 (id=682): close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) r0 = socket$nl_generic(0x11, 0x3, 0x10) socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x16, r2, 0x4, r0}, 0x10) bpf$auto(0x1, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x2000000000005c, 0x4, 0x9, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0xea, 0xffffffffffffffff, 0x7, 0x5, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_btf_obj_fd=r1, 0x17e, 0x4, 0x1, 0x5, 0x3}, 0x5) 3m45.304015966s ago: executing program 3 (id=683): r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) get_robust_list$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r0, 0x0, 0xcf, 0x0, 0x0) 3m44.772514021s ago: executing program 32 (id=683): r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) get_robust_list$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r0, 0x0, 0xcf, 0x0, 0x0) 1m57.58463118s ago: executing program 2 (id=1539): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xe, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, 0x0) 1m57.40017817s ago: executing program 2 (id=1542): mmap$auto(0x0, 0xe983, 0x7, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_XFS_IOC_GETBMAP(0xffffffffffffffff, 0xc0205826, 0x0) sendto$auto(0x3, 0x0, 0xfffffffffffffdef, 0x101, 0x0, 0x1c) ioctl$auto(0x3, 0x8905, 0x38) 1m57.251257908s ago: executing program 2 (id=1544): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0xffffffffffffffff, 0x10008000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) socket(0x10, 0x2, 0x4) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r0, r0, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi3\x00', 0x2aa01, 0x0) ioctl$auto(r1, 0xc0585611, r1) 1m57.189881601s ago: executing program 2 (id=1545): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) read$auto(0x4, 0x0, 0x5c8) write$auto(0x3, 0x0, 0xffd8) 1m56.179325171s ago: executing program 2 (id=1555): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 1m55.822194601s ago: executing program 2 (id=1558): close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2cb8}, 0x1, 0x0, 0x0, 0x40}, 0x2404c084) socket(0x2, 0x80002, 0x73) socket(0xa, 0x2, 0x3a) recvmmsg$auto(0x3, 0x0, 0x4, 0x2, 0x0) io_uring_setup$auto(0x52, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 1m40.664815423s ago: executing program 33 (id=1558): close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2cb8}, 0x1, 0x0, 0x0, 0x40}, 0x2404c084) socket(0x2, 0x80002, 0x73) socket(0xa, 0x2, 0x3a) recvmmsg$auto(0x3, 0x0, 0x4, 0x2, 0x0) io_uring_setup$auto(0x52, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 5.379353474s ago: executing program 5 (id=2205): close_range$auto(0x2, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x7) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, r0, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x800, 0x0) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x4b3b, r2) 5.155228823s ago: executing program 0 (id=2208): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) syz_open_procfs$namespace(0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) 5.104512999s ago: executing program 5 (id=2209): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x161500, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc048aeca, 0x0) 4.942635628s ago: executing program 4 (id=2210): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x0) mlockall$auto(0x7) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) 4.655835255s ago: executing program 1 (id=2211): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/boot_params/data\x00', 0x2c40, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto(r1, 0xc008ae67, r2) 4.609719098s ago: executing program 5 (id=2212): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/nfsd.fh/channel\x00', 0x8f3b7a51b80ebd01, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) chmod$auto(&(0x7f0000000140)='./file0\x00', 0x3ff) 3.87402526s ago: executing program 0 (id=2213): r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x3e, 0x0, 0x1ff) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setns$auto(0x0, 0xb) cachestat$auto(0x1, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x5) 3.735230298s ago: executing program 4 (id=2214): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, 0x0, 0xb4d3) write$auto(r0, 0x0, 0x7ff) write$auto(0x3, 0x0, 0xffd8) 3.706249428s ago: executing program 1 (id=2215): socket(0xa, 0x5, 0x0) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) capset$auto(0x0, 0x0) r1 = open(0x0, 0x22240, 0x154) socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) bpf$auto(0x0, &(0x7f00000000c0)=@link_update={0xa, @new_map_fd=r0, 0x100, @old_prog_fd=r0}, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@bpf_attr_1={r2, 0xbb8, @value, 0x100000003}, 0xcd) 3.14158446s ago: executing program 0 (id=2216): r0 = openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy6/hwflags\x00', 0x101280, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(r1, 0x8, 0x0) open(0x0, 0x1676c1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwritev$auto(r2, 0x0, 0x3, 0x1, 0x3ff) 3.141210454s ago: executing program 1 (id=2217): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) 2.966058926s ago: executing program 4 (id=2218): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x6, 0x4, 0xfffffff7) mlockall$auto(0x800000000000005) r0 = mq_open$auto(0x0, 0x62, 0xfffc, 0x0) mq_timedsend$auto(r0, 0x0, 0x80, 0x9, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x80, 0x0) madvise$auto(0x0, 0x200007, 0x19) 2.779425108s ago: executing program 5 (id=2219): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:03.0/subsystem_device\x00', 0x0, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) read$auto(0x3, 0x0, 0xf34) 1.601361159s ago: executing program 1 (id=2220): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x50b880, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, 0x0, 0x481, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) waitid$auto_P_ALL(0x0, 0x468e, &(0x7f00000001c0)={@siginfo_0_0={0x7, 0x4, 0x309, @_rt={0x0, 0x0, @sival_ptr=&(0x7f00000000c0)="361da6425979f321f15c64a6f5fa0b6cba1f0e4285504a768d83e5b21be75dd346782ab711f42ffe91741f05e24e30be16bbe7ac358ec9c81c091f1f8538451b6f89c6fbc4edbf8b0a309e31b55bc7f04f5f7a39aaee1b9943cd809e753b48adfca1b8999cf49a034b6a1835aaff1eaa34c364213b7df217625611245492fc0e3344619c7f8c79e20c0c2ca448aac0028414eb84dac36cf99955c1a0157637d946cdd5f278e8899416017fc51b9bdd234f221af70a2a0fe07932883053f77b6ed448fee764"}}}, 0x3, &(0x7f0000000340)={{0x8, 0x5}, {0x7, 0xffe}, 0x7, 0x1af, 0xfffffffffffffffa, 0x2, 0xfffffffffffff5a2, 0x5, 0x402, 0x2, 0xe6, 0x8, 0x4e6033bf, 0x6, 0x101, 0x8}) 1.095052955s ago: executing program 1 (id=2221): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x81a0ae8c, 0x0) 1.074032221s ago: executing program 4 (id=2222): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r2, 0x5453, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, 0x0) 1.043642146s ago: executing program 5 (id=2223): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 1.009041916s ago: executing program 0 (id=2224): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000001c0)={0x0, 0x7}, 0x3) socket(0x1e, 0x1, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x48002, 0x0) openat$auto_clk_dump_fops_(0xffffffffffffff9c, 0x0, 0x80, 0x0) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000480), 0xffffffffffffffff) openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) 407.011893ms ago: executing program 0 (id=2225): socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) futimesat$auto(0x2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) ioctl$auto(0x3, 0x4040ae77, 0x38) close_range$auto(0x2, 0x8, 0x0) 406.869871ms ago: executing program 4 (id=2226): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IFINDEX={0x8, 0x2, r1}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF1_AGE={0x8, 0x3, 0x6}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 352.364664ms ago: executing program 5 (id=2227): mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_create$auto(0x8ca0d1a) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x2, 0x0, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x2120, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 123.176827ms ago: executing program 1 (id=2228): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r1 = getpid() pipe2$auto(&(0x7f00000000c0), 0x0) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) ioctl$auto(r0, 0x40246f4c, 0x38) 95.305337ms ago: executing program 4 (id=2229): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x3, 0x9, 0xf, 0x5, 0x0, 0xee01, 0x0, 0x10, 0x7, 0x7, 0x23, 0x5319, 0x71, 0x6, 0xfffffffffffffff8, 0x40, 0x9}) timerfd_create$auto(0x9, 0x0) r0 = socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, 0x0, 0x81, 0x9}, 0xfffffffb}, 0x4, 0x8, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=2230): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(0x0, 0x0, 0x41) getdents64$auto(r0, 0x0, 0x400) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) kernel console output (not intermixed with test programs): 0101 [ 248.265374][ T9600] RAX: ffffffffffffffda RBX: 00007f7a86fb5fa0 RCX: 00007f7a86d8ebe9 [ 248.265392][ T9600] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 248.265409][ T9600] RBP: 00007f7a86e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 248.265426][ T9600] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 248.265442][ T9600] R13: 00007f7a86fb6038 R14: 00007f7a86fb5fa0 R15: 00007ffc06cc16b8 [ 248.265480][ T9600] [ 248.368149][ T9596] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 248.368228][ T9596] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 248.369300][ T9596] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 248.371538][ T9596] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 248.378002][ T9596] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 248.378027][ T9596] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 248.378039][ T9596] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3791364550 [ 248.378052][ T9596] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 248.379634][ T9601] ubi0: background thread "ubi_bgt0d" started, PID 9601 [ 248.383099][ T9599] ubi0: detaching mtd0 [ 248.410566][ T9599] ubi0: mtd0 is detached [ 250.212369][ T9642] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1184'. [ 250.228611][ T9642] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1184'. [ 250.240356][ T9642] netlink: 134 bytes leftover after parsing attributes in process `syz.4.1184'. [ 253.338751][ T9696] [U] - [ 253.341603][ T9696] [U] Då [ 253.346716][ T9695] [U] [ 253.689013][ T9707] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 253.898655][ T5863] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 254.316569][ T9725] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1216'. [ 254.625854][ T9738] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1220'. [ 254.639750][ T9738] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1220'. [ 254.900743][ T9744] FAULT_INJECTION: forcing a failure. [ 254.900743][ T9744] name failslab, interval 1, probability 0, space 0, times 0 [ 254.915909][ T9744] CPU: 1 UID: 0 PID: 9744 Comm: syz.2.1223 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 254.915950][ T9744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 254.915964][ T9744] Call Trace: [ 254.915972][ T9744] [ 254.915982][ T9744] dump_stack_lvl+0x16c/0x1f0 [ 254.916020][ T9744] should_fail_ex+0x512/0x640 [ 254.916055][ T9744] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 254.916085][ T9744] should_failslab+0xc2/0x120 [ 254.916118][ T9744] __kmalloc_cache_noprof+0x6a/0x3e0 [ 254.916142][ T9744] ? get_mm_exe_file+0x8a/0x1a0 [ 254.916171][ T9744] ? landlock_init_hierarchy_log+0xa7/0x810 [ 254.916214][ T9744] landlock_init_hierarchy_log+0xa7/0x810 [ 254.916255][ T9744] landlock_merge_ruleset+0x6e1/0x870 [ 254.916285][ T9744] ? prepare_creds+0x583/0x7d0 [ 254.916322][ T9744] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 254.916355][ T9744] do_syscall_64+0xcd/0x490 [ 254.916388][ T9744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.916413][ T9744] RIP: 0033:0x7fd90af8ebe9 [ 254.916434][ T9744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.916459][ T9744] RSP: 002b:00007fd90bdd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 254.916485][ T9744] RAX: ffffffffffffffda RBX: 00007fd90b1b5fa0 RCX: 00007fd90af8ebe9 [ 254.916503][ T9744] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005 [ 254.916518][ T9744] RBP: 00007fd90b011e19 R08: 0000000000000000 R09: 0000000000000000 [ 254.916533][ T9744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.916548][ T9744] R13: 00007fd90b1b6038 R14: 00007fd90b1b5fa0 R15: 00007ffd62bf8cf8 [ 254.916583][ T9744] [ 255.338898][ T9757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1237'. [ 255.353079][ T9757] netlink: 13 bytes leftover after parsing attributes in process `syz.2.1237'. [ 255.452283][ T9761] FAULT_INJECTION: forcing a failure. [ 255.452283][ T9761] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 255.455237][ T9761] CPU: 0 UID: 0 PID: 9761 Comm: syz.1.1236 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 255.455276][ T9761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.455292][ T9761] Call Trace: [ 255.455302][ T9761] [ 255.455312][ T9761] dump_stack_lvl+0x16c/0x1f0 [ 255.455350][ T9761] should_fail_ex+0x512/0x640 [ 255.455390][ T9761] should_fail_alloc_page+0xe7/0x130 [ 255.455427][ T9761] prepare_alloc_pages+0x3c2/0x610 [ 255.455463][ T9761] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 255.455498][ T9761] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 255.455533][ T9761] ? arch_stack_walk+0xa6/0x100 [ 255.455585][ T9761] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 255.455615][ T9761] ? stack_trace_save+0x8e/0xc0 [ 255.455664][ T9761] ? fb_var_to_videomode+0x4c9/0x690 [ 255.455699][ T9761] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 255.455736][ T9761] ? policy_nodemask+0xea/0x4e0 [ 255.455771][ T9761] alloc_pages_mpol+0x1fb/0x550 [ 255.455805][ T9761] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 255.455838][ T9761] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.455876][ T9761] ? vc_allocate+0x489/0x880 [ 255.455904][ T9761] ___kmalloc_large_node+0xed/0x160 [ 255.455940][ T9761] ? con_is_visible+0x65/0x150 [ 255.455971][ T9761] ? vc_allocate+0x489/0x880 [ 255.456005][ T9761] __kmalloc_large_node_noprof+0x1c/0x70 [ 255.456059][ T9761] __kmalloc_noprof.cold+0xc/0x61 [ 255.456106][ T9761] vc_allocate+0x489/0x880 [ 255.456139][ T9761] ? __pfx_vc_allocate+0x10/0x10 [ 255.456181][ T9761] con_install+0xa1/0x600 [ 255.456215][ T9761] ? __pfx_con_install+0x10/0x10 [ 255.456253][ T9761] ? __pfx_con_install+0x10/0x10 [ 255.456284][ T9761] tty_init_dev.part.0+0x9c/0x500 [ 255.456322][ T9761] tty_open+0xa50/0xf90 [ 255.456363][ T9761] ? __pfx_tty_open+0x10/0x10 [ 255.456396][ T9761] ? chrdev_open+0x10b/0x6a0 [ 255.456432][ T9761] ? __pfx_tty_open+0x10/0x10 [ 255.456462][ T9761] chrdev_open+0x231/0x6a0 [ 255.456489][ T9761] ? __pfx_apparmor_file_open+0x10/0x10 [ 255.456517][ T9761] ? __pfx_chrdev_open+0x10/0x10 [ 255.456550][ T9761] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 255.456583][ T9761] do_dentry_open+0x97f/0x1530 [ 255.456614][ T9761] ? __pfx_chrdev_open+0x10/0x10 [ 255.456654][ T9761] vfs_open+0x82/0x3f0 [ 255.456695][ T9761] path_openat+0x1de4/0x2cb0 [ 255.456737][ T9761] ? __pfx_path_openat+0x10/0x10 [ 255.456777][ T9761] do_filp_open+0x20b/0x470 [ 255.456808][ T9761] ? __pfx_do_filp_open+0x10/0x10 [ 255.456867][ T9761] ? alloc_fd+0x471/0x7d0 [ 255.456906][ T9761] do_sys_openat2+0x11b/0x1d0 [ 255.456942][ T9761] ? __pfx_do_sys_openat2+0x10/0x10 [ 255.457000][ T9761] __x64_sys_openat+0x174/0x210 [ 255.457041][ T9761] ? __pfx___x64_sys_openat+0x10/0x10 [ 255.457096][ T9761] do_syscall_64+0xcd/0x490 [ 255.457131][ T9761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.457157][ T9761] RIP: 0033:0x7f54b578ebe9 [ 255.457179][ T9761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.457204][ T9761] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 255.457229][ T9761] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 255.457247][ T9761] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 255.457264][ T9761] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 255.457280][ T9761] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 255.457296][ T9761] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 255.457332][ T9761] [ 255.873938][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.873986][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.293658][ T9788] netlink: 130 bytes leftover after parsing attributes in process `syz.2.1241'. [ 257.425862][ T9790] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1242'. [ 258.978606][ T9833] FAULT_INJECTION: forcing a failure. [ 258.978606][ T9833] name fail_futex, interval 1, probability 0, space 0, times 0 [ 259.009162][ T9833] CPU: 0 UID: 0 PID: 9833 Comm: syz.1.1259 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 259.009203][ T9833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 259.009218][ T9833] Call Trace: [ 259.009227][ T9833] [ 259.009237][ T9833] dump_stack_lvl+0x16c/0x1f0 [ 259.009273][ T9833] should_fail_ex+0x512/0x640 [ 259.009314][ T9833] get_futex_key+0x1d0/0x1560 [ 259.009346][ T9833] ? __pfx_stack_trace_save+0x10/0x10 [ 259.009375][ T9833] ? __pfx_get_futex_key+0x10/0x10 [ 259.009404][ T9833] ? check_path.constprop.0+0x24/0x50 [ 259.009437][ T9833] ? save_trace+0x4e/0x380 [ 259.009467][ T9833] futex_wake+0xea/0x530 [ 259.009505][ T9833] ? __pfx_futex_wake+0x10/0x10 [ 259.009548][ T9833] ? refcount_dec_not_one+0x138/0x1d0 [ 259.009593][ T9833] do_futex+0x1e3/0x350 [ 259.009624][ T9833] ? __pfx_do_futex+0x10/0x10 [ 259.009653][ T9833] ? refcount_dec_and_lock+0x32/0xc0 [ 259.009689][ T9833] ? key_user_put+0x2c/0x70 [ 259.009733][ T9833] __x64_sys_futex+0x1e0/0x4c0 [ 259.009767][ T9833] ? __pfx___x64_sys_futex+0x10/0x10 [ 259.009797][ T9833] ? xfd_validate_state+0x61/0x180 [ 259.009829][ T9833] ? __pfx_ksys_write+0x10/0x10 [ 259.009868][ T9833] do_syscall_64+0xcd/0x490 [ 259.009897][ T9833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.009920][ T9833] RIP: 0033:0x7f54b578ebe9 [ 259.009941][ T9833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.009966][ T9833] RSP: 002b:00007f54b656d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 259.009991][ T9833] RAX: ffffffffffffffda RBX: 00007f54b59b5fa8 RCX: 00007f54b578ebe9 [ 259.010008][ T9833] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f54b59b5fac [ 259.010025][ T9833] RBP: 00007f54b59b5fa0 R08: 00007f54b656e000 R09: 0000000000000000 [ 259.010041][ T9833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.010056][ T9833] R13: 00007f54b59b6038 R14: 00007ffd99de1ad0 R15: 00007ffd99de1bb8 [ 259.010093][ T9833] [ 259.011769][ T9831] [U] - [ 259.215759][ T9831] [U] Då [ 259.308173][ T9830] [U] [ 260.073023][ T9853] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1267'. [ 260.105481][ T9853] unsupported nla_type 65535 [ 260.200095][ T9857] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1268'. [ 260.354830][ T9865] FAULT_INJECTION: forcing a failure. [ 260.354830][ T9865] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 260.354871][ T9865] CPU: 1 UID: 0 PID: 9865 Comm: syz.0.1271 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 260.354905][ T9865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 260.354921][ T9865] Call Trace: [ 260.354929][ T9865] [ 260.354940][ T9865] dump_stack_lvl+0x16c/0x1f0 [ 260.354978][ T9865] should_fail_ex+0x512/0x640 [ 260.355018][ T9865] should_fail_alloc_page+0xe7/0x130 [ 260.355054][ T9865] prepare_alloc_pages+0x3c2/0x610 [ 260.355089][ T9865] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 260.355124][ T9865] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 260.355158][ T9865] ? arch_stack_walk+0xa6/0x100 [ 260.355200][ T9865] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 260.355228][ T9865] ? stack_trace_save+0x8e/0xc0 [ 260.355276][ T9865] ? fb_var_to_videomode+0x4c9/0x690 [ 260.355310][ T9865] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 260.355349][ T9865] ? policy_nodemask+0xea/0x4e0 [ 260.355385][ T9865] alloc_pages_mpol+0x1fb/0x550 [ 260.355417][ T9865] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 260.355450][ T9865] ? lockdep_hardirqs_on+0x7c/0x110 [ 260.355487][ T9865] ? vc_allocate+0x489/0x880 [ 260.355516][ T9865] ___kmalloc_large_node+0xed/0x160 [ 260.355552][ T9865] ? con_is_visible+0x65/0x150 [ 260.355579][ T9865] ? vc_allocate+0x489/0x880 [ 260.355606][ T9865] __kmalloc_large_node_noprof+0x1c/0x70 [ 260.355647][ T9865] __kmalloc_noprof.cold+0xc/0x61 [ 260.355700][ T9865] vc_allocate+0x489/0x880 [ 260.355731][ T9865] ? __pfx_vc_allocate+0x10/0x10 [ 260.355774][ T9865] con_install+0xa1/0x600 [ 260.355808][ T9865] ? __pfx_con_install+0x10/0x10 [ 260.355846][ T9865] ? __pfx_con_install+0x10/0x10 [ 260.355879][ T9865] tty_init_dev.part.0+0x9c/0x500 [ 260.355913][ T9865] tty_open+0xa50/0xf90 [ 260.355952][ T9865] ? __pfx_tty_open+0x10/0x10 [ 260.355984][ T9865] ? chrdev_open+0x10b/0x6a0 [ 260.356021][ T9865] ? __pfx_tty_open+0x10/0x10 [ 260.356054][ T9865] chrdev_open+0x231/0x6a0 [ 260.356084][ T9865] ? __pfx_apparmor_file_open+0x10/0x10 [ 260.356112][ T9865] ? __pfx_chrdev_open+0x10/0x10 [ 260.356145][ T9865] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 260.356181][ T9865] do_dentry_open+0x97f/0x1530 [ 260.356226][ T9865] ? __pfx_chrdev_open+0x10/0x10 [ 260.356265][ T9865] vfs_open+0x82/0x3f0 [ 260.356310][ T9865] path_openat+0x1de4/0x2cb0 [ 260.356351][ T9865] ? __pfx_path_openat+0x10/0x10 [ 260.356384][ T9865] do_filp_open+0x20b/0x470 [ 260.356408][ T9865] ? __pfx_do_filp_open+0x10/0x10 [ 260.356453][ T9865] ? alloc_fd+0x471/0x7d0 [ 260.356482][ T9865] do_sys_openat2+0x11b/0x1d0 [ 260.356510][ T9865] ? __pfx_do_sys_openat2+0x10/0x10 [ 260.356550][ T9865] __x64_sys_openat+0x174/0x210 [ 260.356579][ T9865] ? __pfx___x64_sys_openat+0x10/0x10 [ 260.356621][ T9865] do_syscall_64+0xcd/0x490 [ 260.356648][ T9865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.356676][ T9865] RIP: 0033:0x7fb1ddd8ebe9 [ 260.356693][ T9865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.356714][ T9865] RSP: 002b:00007fb1deb76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 260.356734][ T9865] RAX: ffffffffffffffda RBX: 00007fb1ddfb5fa0 RCX: 00007fb1ddd8ebe9 [ 260.356747][ T9865] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 260.356760][ T9865] RBP: 00007fb1dde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 260.356778][ T9865] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 260.356790][ T9865] R13: 00007fb1ddfb6038 R14: 00007fb1ddfb5fa0 R15: 00007fff4b9dd3e8 [ 260.356818][ T9865] [ 261.514804][ T9880] zswap: compressor not available [ 261.561708][ T5863] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               [ 347.835682][T11572] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1882'. [ 347.851559][T11572] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1882'. [ 347.871942][T11572] netlink: 134 bytes leftover after parsing attributes in process `syz.0.1882'. [ 347.985098][T11577] mkiss: ax0: crc mode is auto. [ 350.016771][T11623] netlink: 54 bytes leftover after parsing attributes in process `syz.5.1901'. [ 350.090904][T11621] ima: policy update failed [ 350.099922][ T30] audit: type=1802 audit(1755169323.153:10): pid=11621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1901" res=0 errno=0 [ 350.246734][T11631] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1904'. [ 350.277831][T11631] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1904'. [ 350.390333][T11637] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1908'. [ 350.827577][T11637] hsr_slave_0 (unregistering): left promiscuous mode [ 353.014941][T11706] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1932'. [ 353.027468][T11706] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1932'. [ 353.103077][T11706] netlink: 134 bytes leftover after parsing attributes in process `syz.4.1932'. [ 353.933451][T11724] FAULT_INJECTION: forcing a failure. [ 353.933451][T11724] name failslab, interval 1, probability 0, space 0, times 0 [ 353.997685][T11724] CPU: 0 UID: 0 PID: 11724 Comm: syz.1.1939 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 353.997733][T11724] Tainted: [U]=USER [ 353.997742][T11724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 353.997757][T11724] Call Trace: [ 353.997766][T11724] [ 353.997776][T11724] dump_stack_lvl+0x16c/0x1f0 [ 353.997820][T11724] should_fail_ex+0x512/0x640 [ 353.997857][T11724] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 353.997892][T11724] should_failslab+0xc2/0x120 [ 353.997927][T11724] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 353.997958][T11724] ? __kernfs_new_node+0xd2/0x8e0 [ 353.997995][T11724] __kernfs_new_node+0xd2/0x8e0 [ 353.998031][T11724] ? __pfx___kernfs_new_node+0x10/0x10 [ 353.998073][T11724] ? find_held_lock+0x2b/0x80 [ 353.998100][T11724] ? kernfs_root+0xee/0x2a0 [ 353.998139][T11724] kernfs_new_node+0x13c/0x1e0 [ 353.998181][T11724] __kernfs_create_file+0x53/0x350 [ 353.998213][T11724] sysfs_add_file_mode_ns+0x207/0x3c0 [ 353.998253][T11724] internal_create_group+0x578/0xf30 [ 353.998295][T11724] ? __pfx_internal_create_group+0x10/0x10 [ 353.998335][T11724] ? kernfs_create_link+0x1bd/0x240 [ 353.998367][T11724] internal_create_groups+0x9d/0x150 [ 353.998404][T11724] device_add+0x6d1/0x1aa0 [ 353.998446][T11724] ? __pfx_device_add+0x10/0x10 [ 353.998483][T11724] ? lockdep_init_map_type+0x5c/0x280 [ 353.998518][T11724] ? __init_waitqueue_head+0xca/0x150 [ 353.998564][T11724] netdev_register_kobject+0x1a9/0x3d0 [ 353.998605][T11724] register_netdevice+0x13dc/0x2270 [ 353.998648][T11724] ? __pfx_register_netdevice+0x10/0x10 [ 353.998694][T11724] __ip_tunnel_create+0x540/0x6e0 [ 353.998732][T11724] ? __pfx___ip_tunnel_create+0x10/0x10 [ 353.998778][T11724] ip_tunnel_init_net+0x22f/0x7d0 [ 353.998824][T11724] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 353.998869][T11724] ? trace_kmalloc+0x2b/0xd0 [ 353.998903][T11724] ? __kmalloc_noprof+0x242/0x510 [ 353.998931][T11724] ? lockdep_init_map_type+0x5c/0x280 [ 353.998969][T11724] ? __pfx_erspan_init_net+0x10/0x10 [ 353.999000][T11724] ops_init+0x1e2/0x5f0 [ 353.999037][T11724] setup_net+0x10f/0x380 [ 353.999067][T11724] ? lockdep_init_map_type+0x5c/0x280 [ 353.999101][T11724] ? __pfx_setup_net+0x10/0x10 [ 353.999136][T11724] ? debug_mutex_init+0x37/0x70 [ 353.999166][T11724] copy_net_ns+0x2a6/0x5f0 [ 353.999204][T11724] create_new_namespaces+0x3ea/0xa90 [ 353.999242][T11724] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 353.999275][T11724] ksys_unshare+0x45b/0xa40 [ 353.999310][T11724] ? __pfx_ksys_unshare+0x10/0x10 [ 353.999344][T11724] ? xfd_validate_state+0x61/0x180 [ 353.999391][T11724] __x64_sys_unshare+0x31/0x40 [ 353.999425][T11724] do_syscall_64+0xcd/0x490 [ 353.999460][T11724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.999487][T11724] RIP: 0033:0x7f54b578ebe9 [ 353.999508][T11724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.999534][T11724] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 353.999560][T11724] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 353.999577][T11724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 353.999592][T11724] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 353.999608][T11724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.999623][T11724] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 353.999659][T11724] [ 355.212744][T11748] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1945'. [ 355.320867][T11748] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1945'. [ 355.669522][T11759] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1950'. [ 355.878535][T11759] hsr_slave_0 (unregistering): left promiscuous mode [ 356.808465][T11779] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 357.378704][T11782] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 358.385719][T11809] : entered allmulticast mode [ 358.463159][T11811] : left allmulticast mode [ 358.963666][T11821] netlink: 13 bytes leftover after parsing attributes in process `syz.4.1968'. [ 360.176073][T11841] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1972'. [ 360.688348][T11858] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1977'. [ 362.974331][T11890] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1987'. [ 364.963371][T11915] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 365.266278][T11917] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 367.093923][T11961] netlink: 186 bytes leftover after parsing attributes in process `syz.4.2009'. [ 367.596657][T11974] FAULT_INJECTION: forcing a failure. [ 367.596657][T11974] name failslab, interval 1, probability 0, space 0, times 0 [ 367.624026][T11974] CPU: 1 UID: 0 PID: 11974 Comm: syz.1.2015 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 367.624074][T11974] Tainted: [U]=USER [ 367.624083][T11974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 367.624099][T11974] Call Trace: [ 367.624110][T11974] [ 367.624121][T11974] dump_stack_lvl+0x16c/0x1f0 [ 367.624159][T11974] should_fail_ex+0x512/0x640 [ 367.624191][T11974] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 367.624227][T11974] should_failslab+0xc2/0x120 [ 367.624261][T11974] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 367.624292][T11974] ? can_rx_register+0x582/0x6f0 [ 367.624335][T11974] can_rx_register+0x582/0x6f0 [ 367.624361][T11974] ? __pfx_raw_rcv+0x10/0x10 [ 367.624395][T11974] ? __pfx_can_rx_register+0x10/0x10 [ 367.624438][T11974] raw_enable_filters+0xe0/0x210 [ 367.624477][T11974] raw_enable_allfilters+0x8b/0x2b0 [ 367.624511][T11974] raw_bind+0x48a/0xe50 [ 367.624539][T11974] ? apparmor_socket_bind+0x105/0x200 [ 367.624572][T11974] __sys_bind+0x1a7/0x260 [ 367.624599][T11974] ? __pfx___sys_bind+0x10/0x10 [ 367.624639][T11974] ? xfd_validate_state+0x61/0x180 [ 367.624674][T11974] ? __sys_setsockopt+0x140/0x1a0 [ 367.624712][T11974] __x64_sys_bind+0x72/0xb0 [ 367.624736][T11974] ? lockdep_hardirqs_on+0x7c/0x110 [ 367.624766][T11974] do_syscall_64+0xcd/0x490 [ 367.624800][T11974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.624826][T11974] RIP: 0033:0x7f54b578ebe9 [ 367.624846][T11974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.624880][T11974] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 367.624906][T11974] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 367.624924][T11974] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 367.624940][T11974] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 367.624957][T11974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.624972][T11974] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 367.625006][T11974] [ 370.893277][T12021] FAULT_INJECTION: forcing a failure. [ 370.893277][T12021] name failslab, interval 1, probability 0, space 0, times 0 [ 370.925018][T12021] CPU: 0 UID: 0 PID: 12021 Comm: syz.0.2029 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 370.925066][T12021] Tainted: [U]=USER [ 370.925076][T12021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 370.925092][T12021] Call Trace: [ 370.925101][T12021] [ 370.925112][T12021] dump_stack_lvl+0x16c/0x1f0 [ 370.925150][T12021] should_fail_ex+0x512/0x640 [ 370.925183][T12021] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 370.925220][T12021] should_failslab+0xc2/0x120 [ 370.925253][T12021] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 370.925285][T12021] ? acpi_ut_create_thread_state+0x63/0x170 [ 370.925318][T12021] acpi_ut_create_thread_state+0x63/0x170 [ 370.925347][T12021] acpi_ps_parse_aml+0x79/0xcb0 [ 370.925384][T12021] acpi_ps_execute_method+0x55a/0xb30 [ 370.925420][T12021] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 370.925461][T12021] acpi_ns_evaluate+0x76c/0xca0 [ 370.925497][T12021] ? kasan_save_track+0x14/0x30 [ 370.925530][T12021] acpi_evaluate_object+0x1fa/0xa90 [ 370.925561][T12021] ? do_syscall_64+0xcd/0x490 [ 370.925600][T12021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.925629][T12021] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 370.925660][T12021] ? __mutex_trylock_common+0xe9/0x250 [ 370.925701][T12021] acpi_evaluate_integer+0xdd/0x200 [ 370.925728][T12021] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 370.925770][T12021] ? __pfx_status_show+0x10/0x10 [ 370.925798][T12021] status_show+0xa0/0x120 [ 370.925828][T12021] ? __pfx_status_show+0x10/0x10 [ 370.925864][T12021] dev_attr_show+0x53/0xe0 [ 370.925902][T12021] ? __pfx_dev_attr_show+0x10/0x10 [ 370.925932][T12021] sysfs_kf_seq_show+0x216/0x3e0 [ 370.925968][T12021] seq_read_iter+0x506/0x12c0 [ 370.925997][T12021] ? __mutex_trylock_common+0xe9/0x250 [ 370.926042][T12021] kernfs_fop_read_iter+0x40f/0x5a0 [ 370.926067][T12021] ? rw_verify_area+0xcf/0x6c0 [ 370.926096][T12021] vfs_read+0x8bf/0xcf0 [ 370.926128][T12021] ? __pfx___mutex_lock+0x10/0x10 [ 370.926158][T12021] ? __pfx_vfs_read+0x10/0x10 [ 370.926209][T12021] ksys_read+0x12a/0x250 [ 370.926236][T12021] ? __pfx_ksys_read+0x10/0x10 [ 370.926275][T12021] do_syscall_64+0xcd/0x490 [ 370.926307][T12021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.926331][T12021] RIP: 0033:0x7fb1ddd8ebe9 [ 370.926352][T12021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.926376][T12021] RSP: 002b:00007fb1deb76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 370.926406][T12021] RAX: ffffffffffffffda RBX: 00007fb1ddfb5fa0 RCX: 00007fb1ddd8ebe9 [ 370.926424][T12021] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 370.926439][T12021] RBP: 00007fb1dde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 370.926455][T12021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.926470][T12021] R13: 00007fb1ddfb6038 R14: 00007fb1ddfb5fa0 R15: 00007fff4b9dd3e8 [ 370.926508][T12021] [ 370.926678][T12021] ACPI Error: ffff8880339f7000 walk still has a scope list (20250404/dswstate-694) [ 372.947989][T12057] mkiss: ax0: crc mode is auto. [ 373.192730][T12062] lo: entered allmulticast mode [ 373.276546][T12063] lo: left allmulticast mode [ 373.383495][T12063] blktrace: Concurrent blktraces are not allowed on loop2 [ 373.759463][T12066] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2042'. [ 373.922302][ T5863] Bluetooth: hci0: command 0x0c1a tx timeout [ 373.928452][T12032] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 374.519265][T12032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 374.525985][T12032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 374.542636][T12032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 374.561542][T12032] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 374.839562][T12072] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2044'. [ 375.340018][T12085] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2048'. [ 375.503466][T12093] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2051'. [ 375.565893][T12093] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2051'. [ 375.591449][T12093] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2051'. [ 375.632434][T12093] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2051'. [ 375.637511][T12095] netlink: 'syz.5.2051': attribute type 3 has an invalid length. [ 375.720496][T12095] netlink: 290 bytes leftover after parsing attributes in process `syz.5.2051'. [ 376.002132][ T5863] Bluetooth: hci2: command 0x0c1a tx timeout [ 376.318228][T12107] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 376.539724][T12111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2057'. [ 376.563114][ T5863] Bluetooth: hci3: command 0x0c1a tx timeout [ 376.569270][ T5863] Bluetooth: hci1: command 0x0c1a tx timeout [ 377.234459][T12118] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2059'. [ 377.500433][T12125] FAULT_INJECTION: forcing a failure. [ 377.500433][T12125] name failslab, interval 1, probability 0, space 0, times 0 [ 377.528541][T12125] CPU: 0 UID: 0 PID: 12125 Comm: syz.4.2062 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 377.528587][T12125] Tainted: [U]=USER [ 377.528595][T12125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 377.528610][T12125] Call Trace: [ 377.528619][T12125] [ 377.528628][T12125] dump_stack_lvl+0x16c/0x1f0 [ 377.528665][T12125] should_fail_ex+0x512/0x640 [ 377.528698][T12125] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 377.528732][T12125] should_failslab+0xc2/0x120 [ 377.528766][T12125] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 377.528796][T12125] ? __alloc_skb+0x2b2/0x380 [ 377.528831][T12125] __alloc_skb+0x2b2/0x380 [ 377.528860][T12125] ? __pfx___alloc_skb+0x10/0x10 [ 377.528915][T12125] tipc_buf_acquire+0x26/0xe0 [ 377.528941][T12125] tipc_msg_build+0x112/0x1150 [ 377.528975][T12125] ? __pfx_tipc_msg_build+0x10/0x10 [ 377.529006][T12125] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 377.529048][T12125] __tipc_sendmsg+0xa30/0x19a0 [ 377.529096][T12125] ? __pfx___tipc_sendmsg+0x10/0x10 [ 377.529131][T12125] ? __lock_acquire+0xb97/0x1ce0 [ 377.529173][T12125] ? __pfx_woken_wake_function+0x10/0x10 [ 377.529231][T12125] ? __local_bh_enable_ip+0xa4/0x120 [ 377.529264][T12125] tipc_sendmsg+0x4f/0x70 [ 377.529300][T12125] sock_write_iter+0x4ff/0x5b0 [ 377.529338][T12125] ? __pfx_sock_write_iter+0x10/0x10 [ 377.529389][T12125] ? __futex_wait+0x24c/0x2f0 [ 377.529424][T12125] ? copy_iovec_from_user+0x131/0x170 [ 377.529465][T12125] do_iter_readv_writev+0x662/0x9e0 [ 377.529496][T12125] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 377.529530][T12125] ? bpf_lsm_file_permission+0x9/0x10 [ 377.529563][T12125] ? security_file_permission+0x71/0x210 [ 377.529597][T12125] ? rw_verify_area+0xcf/0x6c0 [ 377.529626][T12125] vfs_writev+0x35f/0xde0 [ 377.529656][T12125] ? __lock_acquire+0x62e/0x1ce0 [ 377.529690][T12125] ? __pfx_vfs_writev+0x10/0x10 [ 377.529744][T12125] ? __fget_files+0x20e/0x3c0 [ 377.529781][T12125] ? do_writev+0x28c/0x340 [ 377.529804][T12125] do_writev+0x28c/0x340 [ 377.529831][T12125] ? __pfx_do_writev+0x10/0x10 [ 377.529869][T12125] do_syscall_64+0xcd/0x490 [ 377.529911][T12125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.529937][T12125] RIP: 0033:0x7f7a86d8ebe9 [ 377.529958][T12125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.529982][T12125] RSP: 002b:00007f7a87b93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 377.530007][T12125] RAX: ffffffffffffffda RBX: 00007f7a86fb5fa0 RCX: 00007f7a86d8ebe9 [ 377.530025][T12125] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 377.530040][T12125] RBP: 00007f7a86e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 377.530056][T12125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 377.530072][T12125] R13: 00007f7a86fb6038 R14: 00007f7a86fb5fa0 R15: 00007ffc06cc16b8 [ 377.530108][T12125] [ 377.825830][T12127] netlink: 'syz.1.2063': attribute type 3 has an invalid length. [ 378.518765][ T5187] Bluetooth: hci3: Malformed LE Event: 0x1d [ 378.643455][ T5187] Bluetooth: hci3: command 0x0c1a tx timeout [ 378.818299][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.824747][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.913049][T12150] __nla_validate_parse: 10 callbacks suppressed [ 378.913071][T12150] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2071'. [ 378.938746][T12150] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2071'. [ 378.962703][T12150] netlink: 294 bytes leftover after parsing attributes in process `syz.4.2071'. [ 379.259482][T12156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2073'. [ 380.927215][T12180] mkiss: ax0: crc mode is auto. [ 382.290156][T12204] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2087'. [ 382.502095][T12206] FAULT_INJECTION: forcing a failure. [ 382.502095][T12206] name failslab, interval 1, probability 0, space 0, times 0 [ 382.535490][T12206] CPU: 0 UID: 0 PID: 12206 Comm: syz.1.2088 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 382.535538][T12206] Tainted: [U]=USER [ 382.535547][T12206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 382.535563][T12206] Call Trace: [ 382.535572][T12206] [ 382.535583][T12206] dump_stack_lvl+0x16c/0x1f0 [ 382.535621][T12206] should_fail_ex+0x512/0x640 [ 382.535655][T12206] ? fs_reclaim_acquire+0xae/0x150 [ 382.535695][T12206] should_failslab+0xc2/0x120 [ 382.535726][T12206] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 382.535756][T12206] ? security_inode_alloc+0x3b/0x2b0 [ 382.535789][T12206] security_inode_alloc+0x3b/0x2b0 [ 382.535815][T12206] inode_init_always_gfp+0xce4/0x1030 [ 382.535849][T12206] alloc_inode+0x86/0x240 [ 382.535884][T12206] sock_alloc+0x40/0x280 [ 382.535918][T12206] do_accept+0xf7/0x530 [ 382.535945][T12206] ? 0xffffffff81000000 [ 382.535963][T12206] ? do_raw_spin_lock+0x12c/0x2b0 [ 382.535999][T12206] ? __pfx_do_accept+0x10/0x10 [ 382.536047][T12206] ? 0xffffffff81000000 [ 382.536064][T12206] __sys_accept4+0x100/0x1c0 [ 382.536090][T12206] ? __pfx___sys_accept4+0x10/0x10 [ 382.536117][T12206] ? __pfx_do_writev+0x10/0x10 [ 382.536150][T12206] __x64_sys_accept+0x74/0xb0 [ 382.536175][T12206] ? lockdep_hardirqs_on+0x7c/0x110 [ 382.536205][T12206] do_syscall_64+0xcd/0x490 [ 382.536239][T12206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.536265][T12206] RIP: 0033:0x7f54b578ebe9 [ 382.536284][T12206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.536307][T12206] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 382.536332][T12206] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 382.536350][T12206] RDX: ffffffff81000000 RSI: ffffffffffffffff RDI: 0000000000000003 [ 382.536368][T12206] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 382.536384][T12206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.536399][T12206] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 382.536426][T12206] ? 0xffffffff81000000 [ 382.536462][T12206] [ 383.171951][T12212] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2090: iget: checksum invalid [ 383.223158][T12212] faux_driver regulatory: loading /lib/firmware/updates/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 383.264076][T12212] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2090: iget: checksum invalid [ 383.306087][T12212] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 383.328683][T12212] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2090: iget: checksum invalid [ 383.358930][T12212] faux_driver regulatory: loading /lib/firmware/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 383.422456][T12212] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.2090: iget: checksum invalid [ 383.434307][T12212] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 383.445622][T12212] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 383.463973][T12212] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 383.684617][T12223] serio: Serial port pty6 [ 384.246750][ T5187] Bluetooth: hci0: command 0x0c1a tx timeout [ 384.250803][T12198] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 384.749812][T12198] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 384.771420][T12198] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 384.779895][T12198] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 384.998330][ T30] audit: type=1800 audit(1755169358.046:11): pid=12237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2101" name="lu_gp_id" dev="configfs" ino=53893 res=0 errno=0 [ 385.415764][T12237] ALUA LU Group already has a valid ID, ignoring request [ 386.045584][T12253] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2106'. [ 386.080725][T12253] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2106'. [ 386.301935][T12266] netlink: 'syz.5.2109': attribute type 16 has an invalid length. [ 386.317329][T12266] netlink: 50 bytes leftover after parsing attributes in process `syz.5.2109'. [ 386.331368][ T5187] Bluetooth: hci2: command 0x0c1a tx timeout [ 386.572666][T12274] random: crng reseeded on system resumption [ 386.814197][ T5187] Bluetooth: hci3: command 0x0c1a tx timeout [ 386.825592][ T5187] Bluetooth: hci1: command 0x0c1a tx timeout [ 388.121250][T12308] FAULT_INJECTION: forcing a failure. [ 388.121250][T12308] name failslab, interval 1, probability 0, space 0, times 0 [ 388.167965][T12308] CPU: 1 UID: 0 PID: 12308 Comm: syz.1.2126 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 388.168013][T12308] Tainted: [U]=USER [ 388.168022][T12308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 388.168035][T12308] Call Trace: [ 388.168045][T12308] [ 388.168056][T12308] dump_stack_lvl+0x16c/0x1f0 [ 388.168094][T12308] should_fail_ex+0x512/0x640 [ 388.168129][T12308] ? __kmalloc_noprof+0xbf/0x510 [ 388.168160][T12308] ? memcg_list_lru_alloc+0x4e9/0x740 [ 388.168185][T12308] should_failslab+0xc2/0x120 [ 388.168215][T12308] __kmalloc_noprof+0xd2/0x510 [ 388.168239][T12308] ? __lock_acquire+0x62e/0x1ce0 [ 388.168284][T12308] memcg_list_lru_alloc+0x4e9/0x740 [ 388.168333][T12308] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 388.168377][T12308] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 388.168410][T12308] __memcg_slab_post_alloc_hook+0x133/0x960 [ 388.168453][T12308] ? kasan_save_track+0x14/0x30 [ 388.168486][T12308] kmem_cache_alloc_lru_noprof+0x30f/0x3b0 [ 388.168515][T12308] ? ktime_get_coarse_real_ts64_mg+0x240/0x300 [ 388.168551][T12308] ? __d_alloc+0x32/0xae0 [ 388.168586][T12308] __d_alloc+0x32/0xae0 [ 388.168618][T12308] d_alloc_pseudo+0x1c/0xc0 [ 388.168653][T12308] alloc_file_pseudo+0xcf/0x230 [ 388.168691][T12308] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 388.168738][T12308] ioctx_alloc+0x5ab/0x2120 [ 388.168779][T12308] ? find_held_lock+0x2b/0x80 [ 388.168801][T12308] ? __pfx_ioctx_alloc+0x10/0x10 [ 388.168823][T12308] ? __might_fault+0x13b/0x190 [ 388.168858][T12308] __x64_sys_io_setup+0xc9/0x210 [ 388.168889][T12308] do_syscall_64+0xcd/0x490 [ 388.168924][T12308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.168950][T12308] RIP: 0033:0x7f54b578ebe9 [ 388.168972][T12308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.168997][T12308] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 388.169021][T12308] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 388.169038][T12308] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 388.169055][T12308] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 388.169072][T12308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.169088][T12308] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 388.169123][T12308] [ 389.064477][T12325] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 389.500760][T12328] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 390.529902][T12336] sp0: Synchronizing with TNC [ 391.227609][T12353] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 391.317701][T12354] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 391.505748][T12355] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 392.102066][T12365] netlink: 18 bytes leftover after parsing attributes in process `syz.5.2147'. [ 392.124555][ T30] audit: type=1800 audit(1755169365.162:12): pid=12364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2146" name="lu_gp_id" dev="configfs" ino=54378 res=0 errno=0 [ 392.416740][T12364] ALUA LU Group already has a valid ID, ignoring request [ 393.470398][T12393] random: crng reseeded on system resumption [ 393.696693][T12398] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 394.128117][ T30] audit: type=1800 audit(1755169367.161:13): pid=12407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2162" name="lu_gp_id" dev="configfs" ino=54515 res=0 errno=0 [ 394.192836][T12405] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 394.808929][T12407] ALUA LU Group already has a valid ID, ignoring request [ 395.853832][T12433] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2172'. [ 396.996806][T12453] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2179'. [ 397.027897][T12450] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2179'. [ 397.564351][T12459] sp0: Synchronizing with TNC [ 397.604307][T12447] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2178: iget: checksum invalid [ 397.752033][T12447] faux_driver regulatory: loading /lib/firmware/updates/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 397.942538][T12447] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2178: iget: checksum invalid [ 398.023391][T12447] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 398.183793][T12447] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2178: iget: checksum invalid [ 398.238303][T12447] faux_driver regulatory: loading /lib/firmware/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 398.277848][T12447] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2178: iget: checksum invalid [ 398.385300][T12447] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 398.518438][T12447] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 398.573385][T12447] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 400.768172][T12498] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.2192: iget: checksum invalid [ 400.782382][T12498] faux_driver regulatory: loading /lib/firmware/updates/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 400.802983][T12498] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.2192: iget: checksum invalid [ 400.840629][T12498] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 400.877303][T12498] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.2192: iget: checksum invalid [ 400.918073][T12498] faux_driver regulatory: loading /lib/firmware/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 400.959936][T12498] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.2192: iget: checksum invalid [ 401.018159][T12498] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 401.044694][T12498] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 401.065418][T12498] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 401.697365][T12509] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 402.557027][T12532] netlink: 146 bytes leftover after parsing attributes in process `syz.4.2203'. [ 403.361005][T12550] FAULT_INJECTION: forcing a failure. [ 403.361005][T12550] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 403.463095][T12550] CPU: 0 UID: 0 PID: 12550 Comm: syz.4.2210 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 403.463144][T12550] Tainted: [U]=USER [ 403.463153][T12550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 403.463168][T12550] Call Trace: [ 403.463177][T12550] [ 403.463187][T12550] dump_stack_lvl+0x16c/0x1f0 [ 403.463223][T12550] should_fail_ex+0x512/0x640 [ 403.463262][T12550] should_fail_alloc_page+0xe7/0x130 [ 403.463298][T12550] prepare_alloc_pages+0x3c2/0x610 [ 403.463334][T12550] ? rcu_is_watching+0x12/0xc0 [ 403.463363][T12550] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 403.463395][T12550] ? kmem_cache_alloc_lru_noprof+0x223/0x3b0 [ 403.463426][T12550] ? find_held_lock+0x2b/0x80 [ 403.463450][T12550] ? xas_alloc+0x34f/0x460 [ 403.463491][T12550] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 403.463531][T12550] ? __lock_acquire+0x62e/0x1ce0 [ 403.463581][T12550] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 403.463619][T12550] ? policy_nodemask+0xea/0x4e0 [ 403.463654][T12550] alloc_pages_mpol+0x1fb/0x550 [ 403.463688][T12550] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 403.463721][T12550] ? find_held_lock+0x2b/0x80 [ 403.463750][T12550] alloc_pages_noprof+0x131/0x390 [ 403.463781][T12550] ? brd_submit_bio+0x92c/0x1180 [ 403.463817][T12550] brd_submit_bio+0x942/0x1180 [ 403.463869][T12550] __submit_bio+0x304/0x690 [ 403.463898][T12550] ? __pfx___submit_bio+0x10/0x10 [ 403.463946][T12550] ? submit_bio_noacct_nocheck+0x852/0xd30 [ 403.463981][T12550] submit_bio_noacct_nocheck+0x852/0xd30 [ 403.464015][T12550] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 403.464049][T12550] ? __pfx___might_resched+0x10/0x10 [ 403.464084][T12550] submit_bio_noacct+0xb49/0x1eb0 [ 403.464120][T12550] blkdev_direct_IO+0x163f/0x1fe0 [ 403.464166][T12550] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 403.464201][T12550] ? filemap_check_errors+0xa9/0x160 [ 403.464248][T12550] blkdev_write_iter+0x703/0xe00 [ 403.464286][T12550] vfs_write+0x7d0/0x11d0 [ 403.464316][T12550] ? __pfx_blkdev_write_iter+0x10/0x10 [ 403.464350][T12550] ? __pfx_vfs_write+0x10/0x10 [ 403.464376][T12550] ? find_held_lock+0x2b/0x80 [ 403.464423][T12550] ksys_write+0x12a/0x250 [ 403.464451][T12550] ? __pfx_ksys_write+0x10/0x10 [ 403.464489][T12550] do_syscall_64+0xcd/0x490 [ 403.464523][T12550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.464549][T12550] RIP: 0033:0x7f7a86d8ebe9 [ 403.464570][T12550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.464595][T12550] RSP: 002b:00007f7a87b93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 403.464621][T12550] RAX: ffffffffffffffda RBX: 00007f7a86fb5fa0 RCX: 00007f7a86d8ebe9 [ 403.464639][T12550] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 403.464656][T12550] RBP: 00007f7a86e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 403.464673][T12550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.464688][T12550] R13: 00007f7a86fb6038 R14: 00007f7a86fb5fa0 R15: 00007ffc06cc16b8 [ 403.464722][T12550] [ 407.130852][T12594] FAULT_INJECTION: forcing a failure. [ 407.130852][T12594] name failslab, interval 1, probability 0, space 0, times 0 [ 407.152975][T12594] CPU: 1 UID: 0 PID: 12594 Comm: syz.0.2224 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 407.153022][T12594] Tainted: [U]=USER [ 407.153031][T12594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 407.153047][T12594] Call Trace: [ 407.153057][T12594] [ 407.153067][T12594] dump_stack_lvl+0x16c/0x1f0 [ 407.153106][T12594] should_fail_ex+0x512/0x640 [ 407.153142][T12594] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 407.153179][T12594] should_failslab+0xc2/0x120 [ 407.153214][T12594] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 407.153247][T12594] ? alloc_unbound_pwq+0x3ff/0xe10 [ 407.153281][T12594] alloc_unbound_pwq+0x3ff/0xe10 [ 407.153320][T12594] apply_wqattrs_prepare+0x3af/0xbd0 [ 407.153363][T12594] apply_workqueue_attrs_locked+0x64/0xe0 [ 407.153394][T12594] __alloc_workqueue+0xf41/0x1810 [ 407.153433][T12594] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 407.153472][T12594] alloc_workqueue_noprof+0xd2/0x200 [ 407.153506][T12594] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 407.153550][T12594] ? __pfx___debug_object_init+0x10/0x10 [ 407.153590][T12594] nci_register_device+0x511/0xb80 [ 407.153623][T12594] ? __pfx_nci_register_device+0x10/0x10 [ 407.153656][T12594] ? lockdep_init_map_type+0x5c/0x280 [ 407.153698][T12594] virtual_ncidev_open+0x141/0x220 [ 407.153726][T12594] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 407.153753][T12594] misc_open+0x35a/0x420 [ 407.153782][T12594] ? __pfx_misc_open+0x10/0x10 [ 407.153809][T12594] chrdev_open+0x231/0x6a0 [ 407.153841][T12594] ? __pfx_apparmor_file_open+0x10/0x10 [ 407.153869][T12594] ? __pfx_chrdev_open+0x10/0x10 [ 407.153903][T12594] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 407.153939][T12594] do_dentry_open+0x97f/0x1530 [ 407.153983][T12594] ? __pfx_chrdev_open+0x10/0x10 [ 407.154020][T12594] vfs_open+0x82/0x3f0 [ 407.154061][T12594] path_openat+0x1de4/0x2cb0 [ 407.154103][T12594] ? __pfx_path_openat+0x10/0x10 [ 407.154140][T12594] do_filp_open+0x20b/0x470 [ 407.154170][T12594] ? __pfx_do_filp_open+0x10/0x10 [ 407.154222][T12594] ? alloc_fd+0x471/0x7d0 [ 407.154258][T12594] do_sys_openat2+0x11b/0x1d0 [ 407.154291][T12594] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.154339][T12594] __x64_sys_openat+0x174/0x210 [ 407.154372][T12594] ? __pfx___x64_sys_openat+0x10/0x10 [ 407.154423][T12594] do_syscall_64+0xcd/0x490 [ 407.154459][T12594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.154486][T12594] RIP: 0033:0x7fb1ddd8ebe9 [ 407.154507][T12594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.154534][T12594] RSP: 002b:00007fb1deb76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 407.154559][T12594] RAX: ffffffffffffffda RBX: 00007fb1ddfb5fa0 RCX: 00007fb1ddd8ebe9 [ 407.154578][T12594] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 407.154595][T12594] RBP: 00007fb1dde11e19 R08: 0000000000000000 R09: 0000000000000000 [ 407.154612][T12594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.154628][T12594] R13: 00007fb1ddfb6038 R14: 00007fb1ddfb5fa0 R15: 00007fff4b9dd3e8 [ 407.154665][T12594] [ 407.709242][T12603] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2226'. [ 407.749350][T12603] : renamed from bond_slave_1 (while UP) [ 407.816638][T12605] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.2227: iget: checksum invalid [ 407.860120][T12605] faux_driver regulatory: loading /lib/firmware/updates/6.17.0-rc1-syzkaller-00038-g0cc53520e68b/regulatory.db failed with error -74 [ 407.909324][T12605] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.2227: iget: checksum invalid [ 407.947464][T12608] ================================================================== [ 407.955576][T12608] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 407.963346][T12608] Read of size 8 at addr ffff888146b6a218 by task syz.1.2228/12608 [ 407.971258][T12608] [ 407.973603][T12608] CPU: 1 UID: 0 PID: 12608 Comm: syz.1.2228 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 407.973725][T12608] Tainted: [U]=USER [ 407.973742][T12608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 407.973765][T12608] Call Trace: [ 407.973775][T12608] [ 407.973786][T12608] dump_stack_lvl+0x116/0x1f0 [ 407.973821][T12608] print_report+0xcd/0x630 [ 407.973853][T12608] ? __virt_addr_valid+0x81/0x610 [ 407.973891][T12608] ? __phys_addr+0xe8/0x180 [ 407.973922][T12608] ? dvb_device_open+0x36a/0x3b0 [ 407.973951][T12608] kasan_report+0xe0/0x110 [ 407.973983][T12608] ? dvb_device_open+0x36a/0x3b0 [ 407.974016][T12608] ? __pfx_dvb_device_open+0x10/0x10 [ 407.974051][T12608] dvb_device_open+0x36a/0x3b0 [ 407.974082][T12608] ? __pfx_dvb_device_open+0x10/0x10 [ 407.974110][T12608] chrdev_open+0x231/0x6a0 [ 407.974137][T12608] ? __pfx_apparmor_file_open+0x10/0x10 [ 407.974163][T12608] ? __pfx_chrdev_open+0x10/0x10 [ 407.974193][T12608] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 407.974231][T12608] do_dentry_open+0x97f/0x1530 [ 407.974278][T12608] ? __pfx_chrdev_open+0x10/0x10 [ 407.974315][T12608] vfs_open+0x82/0x3f0 [ 407.974349][T12608] path_openat+0x1de4/0x2cb0 [ 407.974377][T12608] ? __pfx_path_openat+0x10/0x10 [ 407.974407][T12608] do_filp_open+0x20b/0x470 [ 407.974433][T12608] ? __pfx_do_filp_open+0x10/0x10 [ 407.974472][T12608] ? alloc_fd+0x471/0x7d0 [ 407.974500][T12608] do_sys_openat2+0x11b/0x1d0 [ 407.974533][T12608] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.974574][T12608] __x64_sys_openat+0x174/0x210 [ 407.974610][T12608] ? __pfx___x64_sys_openat+0x10/0x10 [ 407.974648][T12608] do_syscall_64+0xcd/0x490 [ 407.974682][T12608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.974709][T12608] RIP: 0033:0x7f54b578ebe9 [ 407.974728][T12608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.974753][T12608] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 407.974778][T12608] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 407.974793][T12608] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 407.974809][T12608] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 407.974825][T12608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.974839][T12608] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 407.974863][T12608] [ 407.974871][T12608] [ 408.223227][T12608] Allocated by task 1: [ 408.227370][T12608] kasan_save_stack+0x33/0x60 [ 408.232064][T12608] kasan_save_track+0x14/0x30 [ 408.236750][T12608] __kasan_kmalloc+0xaa/0xb0 [ 408.241345][T12608] dvb_register_device+0x1e4/0x2370 [ 408.246553][T12608] dvb_register_frontend+0x5a6/0x880 [ 408.252018][T12608] vidtv_bridge_probe+0x459/0xa90 [ 408.257151][T12608] platform_probe+0x106/0x1d0 [ 408.261830][T12608] really_probe+0x23e/0xa90 [ 408.266507][T12608] __driver_probe_device+0x1de/0x440 [ 408.271817][T12608] driver_probe_device+0x4c/0x1b0 [ 408.276848][T12608] __driver_attach+0x283/0x580 [ 408.281798][T12608] bus_for_each_dev+0x13e/0x1d0 [ 408.286658][T12608] bus_add_driver+0x2e9/0x690 [ 408.291342][T12608] driver_register+0x15c/0x4b0 [ 408.296386][T12608] vidtv_bridge_init+0x45/0x80 [ 408.304422][T12608] do_one_initcall+0x120/0x6e0 [ 408.309699][T12608] kernel_init_freeable+0x5c2/0x910 [ 408.315007][T12608] kernel_init+0x1c/0x2b0 [ 408.319354][T12608] ret_from_fork+0x5d4/0x6f0 [ 408.324059][T12608] ret_from_fork_asm+0x1a/0x30 [ 408.329158][T12608] [ 408.332307][T12608] Freed by task 12509: [ 408.336722][T12608] kasan_save_stack+0x33/0x60 [ 408.341601][T12608] kasan_save_track+0x14/0x30 [ 408.346848][T12608] kasan_save_free_info+0x3b/0x60 [ 408.352099][T12608] __kasan_slab_free+0x60/0x70 [ 408.357063][T12608] kfree+0x2b4/0x4d0 [ 408.361068][T12608] dvb_device_put.part.0+0x60/0x90 [ 408.366207][T12608] dvb_device_open+0x2a4/0x3b0 [ 408.371194][T12608] chrdev_open+0x231/0x6a0 [ 408.375978][T12608] do_dentry_open+0x97f/0x1530 [ 408.380983][T12608] vfs_open+0x82/0x3f0 [ 408.385183][T12608] path_openat+0x1de4/0x2cb0 [ 408.389805][T12608] do_filp_open+0x20b/0x470 [ 408.394405][T12608] do_sys_openat2+0x11b/0x1d0 [ 408.399183][T12608] __x64_sys_openat+0x174/0x210 [ 408.404164][T12608] do_syscall_64+0xcd/0x490 [ 408.408724][T12608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.414728][T12608] [ 408.417585][T12608] The buggy address belongs to the object at ffff888146b6a200 [ 408.417585][T12608] which belongs to the cache kmalloc-256 of size 256 [ 408.432695][T12608] The buggy address is located 24 bytes inside of [ 408.432695][T12608] freed 256-byte region [ffff888146b6a200, ffff888146b6a300) [ 408.446428][T12608] [ 408.448852][T12608] The buggy address belongs to the physical page: [ 408.455579][T12608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146b6a [ 408.464520][T12608] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 408.473112][T12608] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 408.480838][T12608] page_type: f5(slab) [ 408.484847][T12608] raw: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 408.493532][T12608] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 408.502581][T12608] head: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 408.511271][T12608] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 408.519954][T12608] head: 057ff00000000001 ffffea00051ada81 00000000ffffffff 00000000ffffffff [ 408.528934][T12608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 408.537608][T12608] page dumped because: kasan: bad access detected [ 408.544034][T12608] page_owner tracks the page as allocated [ 408.549835][T12608] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19918488607, free_ts 0 [ 408.569748][T12608] post_alloc_hook+0x1c0/0x230 [ 408.574535][T12608] get_page_from_freelist+0x132b/0x38e0 [ 408.580257][T12608] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 408.586151][T12608] alloc_pages_mpol+0x1fb/0x550 [ 408.591008][T12608] new_slab+0x247/0x330 [ 408.595172][T12608] ___slab_alloc+0xcf2/0x1740 [ 408.600043][T12608] __slab_alloc.constprop.0+0x56/0xb0 [ 408.605411][T12608] __kmalloc_cache_noprof+0xfb/0x3e0 [ 408.610690][T12608] bus_add_driver+0x92/0x690 [ 408.615290][T12608] driver_register+0x15c/0x4b0 [ 408.620074][T12608] i2c_register_driver+0xd9/0x1c0 [ 408.625112][T12608] do_one_initcall+0x120/0x6e0 [ 408.629892][T12608] kernel_init_freeable+0x5c2/0x910 [ 408.635098][T12608] kernel_init+0x1c/0x2b0 [ 408.639429][T12608] ret_from_fork+0x5d4/0x6f0 [ 408.644110][T12608] ret_from_fork_asm+0x1a/0x30 [ 408.648885][T12608] page_owner free stack trace missing [ 408.654245][T12608] [ 408.656560][T12608] Memory state around the buggy address: [ 408.662179][T12608] ffff888146b6a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 408.670241][T12608] ffff888146b6a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 408.678293][T12608] >ffff888146b6a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 408.686435][T12608] ^ [ 408.691276][T12608] ffff888146b6a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 408.699568][T12608] ffff888146b6a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 408.707622][T12608] ================================================================== [ 408.720047][T12605] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 408.748771][T12605] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.2227: iget: checksum invalid [ 408.763773][T12608] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 408.771125][T12608] CPU: 1 UID: 0 PID: 12608 Comm: syz.1.2228 Tainted: G U 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) [ 408.784781][T12608] Tainted: [U]=USER [ 408.788594][T12608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 408.798663][T12608] Call Trace: [ 408.801981][T12608] [ 408.804924][T12608] dump_stack_lvl+0x3d/0x1f0 [ 408.809661][T12608] vpanic+0x6e8/0x7a0 [ 408.813767][T12608] ? __pfx_vpanic+0x10/0x10 [ 408.818296][T12608] ? __pfx_vprintk_emit+0x10/0x10 [ 408.823436][T12608] ? dvb_device_open+0x36a/0x3b0 [ 408.828409][T12608] panic+0xca/0xd0 [ 408.832220][T12608] ? __pfx_panic+0x10/0x10 [ 408.836757][T12608] ? dvb_device_open+0x36a/0x3b0 [ 408.841784][T12608] ? preempt_schedule_common+0x44/0xc0 [ 408.847248][T12608] ? preempt_schedule_thunk+0x16/0x30 [ 408.852630][T12608] check_panic_on_warn+0xab/0xb0 [ 408.857584][T12608] end_report+0x107/0x170 [ 408.861922][T12608] kasan_report+0xee/0x110 [ 408.866335][T12608] ? dvb_device_open+0x36a/0x3b0 [ 408.871304][T12608] ? __pfx_dvb_device_open+0x10/0x10 [ 408.876713][T12608] dvb_device_open+0x36a/0x3b0 [ 408.881492][T12608] ? __pfx_dvb_device_open+0x10/0x10 [ 408.886799][T12608] chrdev_open+0x231/0x6a0 [ 408.891214][T12608] ? __pfx_apparmor_file_open+0x10/0x10 [ 408.896845][T12608] ? __pfx_chrdev_open+0x10/0x10 [ 408.901799][T12608] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 408.908131][T12608] do_dentry_open+0x97f/0x1530 [ 408.912898][T12608] ? __pfx_chrdev_open+0x10/0x10 [ 408.917839][T12608] vfs_open+0x82/0x3f0 [ 408.921920][T12608] path_openat+0x1de4/0x2cb0 [ 408.926516][T12608] ? __pfx_path_openat+0x10/0x10 [ 408.931543][T12608] do_filp_open+0x20b/0x470 [ 408.936064][T12608] ? __pfx_do_filp_open+0x10/0x10 [ 408.941098][T12608] ? alloc_fd+0x471/0x7d0 [ 408.945513][T12608] do_sys_openat2+0x11b/0x1d0 [ 408.950196][T12608] ? __pfx_do_sys_openat2+0x10/0x10 [ 408.955434][T12608] __x64_sys_openat+0x174/0x210 [ 408.960382][T12608] ? __pfx___x64_sys_openat+0x10/0x10 [ 408.965763][T12608] do_syscall_64+0xcd/0x490 [ 408.970276][T12608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.976167][T12608] RIP: 0033:0x7f54b578ebe9 [ 408.980575][T12608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.000186][T12608] RSP: 002b:00007f54b656d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 409.008684][T12608] RAX: ffffffffffffffda RBX: 00007f54b59b5fa0 RCX: 00007f54b578ebe9 [ 409.016651][T12608] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 409.024793][T12608] RBP: 00007f54b5811e19 R08: 0000000000000000 R09: 0000000000000000 [ 409.032762][T12608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.041346][T12608] R13: 00007f54b59b6038 R14: 00007f54b59b5fa0 R15: 00007ffd99de1bb8 [ 409.049353][T12608] [ 409.052687][T12608] Kernel Offset: disabled [ 409.057009][T12608] Rebooting in 86400 seconds..