last executing test programs: 6.519202078s ago: executing program 0 (id=1035): close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) (async) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x8, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/cx2341x/parameters/debug\x00', 0x181842, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) (async) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x10000000001013, 0x2, 0x8000) r1 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x400003e, 0x3, 0x0, 0x4, 0x291d) (async) r2 = prctl$auto(0x400003e, 0x3, 0x0, 0x4, 0x291d) mmap$auto(0x0, 0x1000, 0xd, 0x8eb3, r0, 0x1000000000008000) sendfile$auto(r2, 0x3, 0x0, 0x4) (async) sendfile$auto(r2, 0x3, 0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) setuid$auto(0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) socket(0x2, 0x1, 0x0) (async) r3 = socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x7}, 0x5, 0x7) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) (async) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 5.842346254s ago: executing program 0 (id=1037): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x5, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80082, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) write$auto_ppp_device_fops_ppp_generic(r0, &(0x7f0000000200)="c021", 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x8, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000fcdbdf25110000001c001e8018002213000046800400f7800a00108000006e79a1002a4f"], 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r4, 0x0, 0x800003, 0x270) 5.467235041s ago: executing program 3 (id=1040): socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0x7, 0x0, 0x10001) statx$auto(0xffffffffffffffff, 0x0, 0x2001003, 0x4005, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x100000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder0\x00', 0x189160, 0x0) ioctl$auto_BINDER_VERSION(r0, 0xc0046209, 0x0) r1 = gettid() readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) tkill$auto(r1, 0x7) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) unshare$auto(0x40000080) process_vm_readv$auto(r1, &(0x7f0000000140)={&(0x7f0000000080)="0fc9926bf62dfe571057e466bf7ade715ff1354bf6ca9b1501f56384ec92ee5f97e0fff795cfd13f643f2808b82f708f625c5d66af57b89eee38b0eb32b994a2b62cea7cf0af550456803d312bc98f722621fcfd89eeee030acd64846ca095f1ecf5376a9dda954dad3ba63a7e07e9a727186e1bce490c7ee5c052ce9badc7354ec36f36b1469f7bbe971ca7bd7bd2ef9f61e5a7860268b6d763333a70656787baf902", 0xe46}, 0x3, &(0x7f00000001c0)={&(0x7f0000000180)="774805f2b697"}, 0x6, 0x3e1) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 4.767926543s ago: executing program 3 (id=1044): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) r1 = open(0x0, 0xa22c0, 0x155) prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x8000, 0xe) setreuid$auto(0x15, 0x5) access$auto(0x0, 0x5) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) setsockopt$auto_SO_MAX_PACING_RATE(r1, 0x7, 0x2f, &(0x7f0000000240)='#\x00', 0x7fff) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000001400)='ns/mnt\x00') ioctl$NS_GET_PARENT(r4, 0x8008b705, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) setfsuid$auto(0x0) r5 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000fedbdf2505000000350019002db6656852469d07c924509e63dd0a0b4813d4946d144fcc611a824d011748602f4eea625e38aace9c89df7d6f8e018037000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x24000000) setsockopt$auto_SO_TIMESTAMPING_NEW(r3, 0x8, 0x41, &(0x7f0000000040)='}+\x00', 0xffffffff) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022c0000150014002f70726f632f696e74657272757074730000000008ef01006e626400080004eb02000000080004000100000005000f00ff00000005000b7ffa00000008001e0000001000"/86], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001f00), r6) sendmsg$auto_NBD_CMD_STATUS(r6, &(0x7f00000023c0)={0x0, 0x0, &(0x7f0000002380)={&(0x7f0000002000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="000429bd7000fcdbdf250bb5ab6bb8ba4b3405000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x4008050) getsockopt$auto(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) madvise$auto(0x0, 0x240007, 0x19) 3.695664754s ago: executing program 3 (id=1047): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm0c/sub2/info\x00', 0x80, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)=""/87, 0x57) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x402202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x0) capset$auto(0x0, 0x0) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, 0x0, 0x6f3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_udc.1/udc/dummy_udc.1/uevent\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000040)=""/195, 0xc3) sendmsg$auto_ILA_CMD_ADD(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000080)={0x1c, r4, 0x201, 0x70bd28, 0x25dfdbff, {}, [@ILA_ATTR_IFINDEX={0x8, 0x4, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x38) sendmsg$auto_ILA_CMD_ADD(r2, 0x0, 0x4) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000b40)=""/4096, 0x1000) close_range$auto(0x0, 0x5, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC0\x00', 0x8100, 0x0) socket(0x23, 0x80805, 0x0) epoll_create$auto(0x107fb9) 3.455354925s ago: executing program 1 (id=1048): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = openat$auto_udf_dir_operations_udfdecl(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0xb0000, 0x0) recvmmsg$auto(r0, 0x0, 0xfffffff9, 0x1, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder0\x00', 0x189160, 0x0) close_range$auto(r2, r2, 0x0) gettid() ptrace$auto(0x10, r1, 0x4, 0x7ff) ptrace$auto_PTRACE_GETEVENTMSG(0x4201, r1, 0xf72, 0xfffffffffffffffe) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x9, 0x5, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x2}, 0x1fe, 0x81) io_uring_register$auto_IORING_REGISTER_PROBE(r3, 0x8, &(0x7f0000000000), 0x10001) bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000180)=@link_create={@map_fd, @target_ifindex, 0x800, 0x101, @netkit={@relative_id=0x8001, 0x7d}}, 0x11) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x1, 0x5, 0x8000000000000001, 0x8001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 3.364185182s ago: executing program 2 (id=1049): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8001) (async, rerun: 64) connect$auto(0xffffffffffffffff, 0x0, 0x55) (rerun: 64) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) (async) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async, rerun: 32) io_uring_register$auto(0xffffffffffffffff, 0xf3, &(0x7f0000000340)="88c571b6c6d2693a1505dec8fa968740bdcbbbcc7c77f44aae7db67d4ca13ef2a1b0fbdef690aa5034886badfb4ff0239819d420dfcc698e5e9296eebf9c3a6ffafe66865234df1ff73aef63a5c7b7df00e6", 0x9) (rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd0"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20540, 0x0) (async) move_pages$auto(0x0, 0x4f4f, 0x0, 0x0, 0x0, 0xfffffffe) (async) r1 = socket(0x2, 0x1, 0x0) ioctl$auto(r0, 0x5420, r1) (async) ioctl$auto(0x3, 0x5403, 0x38) (async) close_range$auto(0x2, 0xa, 0x0) (async) r2 = socket(0xa, 0x2, 0x88) (async) connect$auto(0x3, 0x0, 0x55) (async) sendmmsg$auto(0x3, 0x0, 0x3, 0x6) setsockopt$auto_SO_TIMESTAMPING_NEW(r2, 0x7ff, 0x41, 0x0, 0x9) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r3, 0x0, 0x20) (async) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto_TIOCSWINSZ2(r5, 0x5414, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x40, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) keyctl$auto(0x8, 0xfffffffffffffffd, 0xffffffffffffffff, 0x5092, 0x2) 3.259339203s ago: executing program 0 (id=1050): r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000001c0), 0x80040, 0x0) r1 = openat$auto_ubifs_dir_operations_ubifs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x10000, 0x0) ioctl$auto_FS_IOC_ADD_ENCRYPTION_KEY2(r1, 0xc0506617, &(0x7f0000000100)={{0x1, 0x0, @descriptor="972d630422e33a92"}, 0x23d, 0xb, '\x00', "d4ea5b294640e7dbc06e80ac1852aedfc2ebd7a59de4b7a04aea92839ee3047065d816a0b89e427213c4dde4182d8ebd33e6b2d0e404ebad"}) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, &(0x7f0000000300)) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ceph/parameters/disable_send_metrics\x00', 0xc0202, 0x0) write$auto(r2, &(0x7f0000000000)='P^\x00', 0x8) 3.120872125s ago: executing program 0 (id=1051): r0 = socket(0x10, 0x2, 0x0) getsockname$auto(r0, &(0x7f0000000000)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x11008}, &(0x7f00000000c0)) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000180), 0xffffffffffffffff) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5r6}, 0x6) unshare$auto(0x8) read$auto_tomoyo_operations_securityfs_if(r8, &(0x7f0000002200)=""/108, 0x6c) ioctl$auto_TUNGETSNDBUF(r0, 0x800454d3, &(0x7f0000002280)=0x42) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000002300), r6) sendmsg$auto_NL80211_CMD_NEW_KEY(r0, &(0x7f0000003580)={&(0x7f00000022c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000003540)={&(0x7f0000002340)={0x11ec, r9, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x86}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_CSA_IES={0x11a5, 0xb9, 0x0, 0x1, [@generic="faebf1eae8c44183cf12d8a65783f0192b1b04fb08239af79782afb4c88046af1d5b0579c9bded9f852a38d23b881c2e430009ba059138b4906e48e0eeda20b97577f8d8a6accaba4995c0378ff8acce2a8d1852da31ade553a7ee72f01d2153f3d00ec6bd0c892068c974367d4541262dbf61da42f5625c47081729bbe60d95a63c56e2d3adde71c6f90f6aacda284b5a6dd0874e", @nested={0xe4, 0xd7, 0x0, 0x1, [@generic="aceabf60e79af41954acaa6298f48ca7f9769dad27d2bdfe151e014dbad8709457b6a70b690a07a1ca7fff42e38eda8dfd5dad9f84487a94c8fd88cdb070c65f750c479da0bb52d970a3e0824517", @typed={0x64, 0x13b, 0x0, 0x0, @binary="6432b759dca28a2ed1762440e96cc071a5bbb3a1c8ea7202073285ae3059b084b87fe70ce0f935ff19aa5f62add04735bee7abcf22cd625b83ac8509318b330b69a3667147632b03fb010bf0840ed9d0587958f2216df235bf659fc979637eea"}, @generic="2f22c300120c2ac833096be50d99bca67908d49db4034b451f309407c7460893db2c499542587351f76a99c09ec9"]}, @typed={0x8, 0xbb, 0x0, 0x0, @ipv4=@multicast2}, @generic="fa71af1d153f7a8851c77bc7be8596ada8ee8e4ecf8d4e532d5476fe87e85f82", @generic="d6d300bb8d3ed74cca5c6cff5c5afc80e20cbc76f328ff2763dc99816a9d88f85f8184030dc5d4bb42a47e1e67dd35711a870fc1c373193167efec5099cf3c9725d0251b0f3aca6ad74643f0681d1bf18218e9219b4197bd44141b06ad4b1017256a1a5173ab041df0289a9ac0b8d128c6be4cdb7b27a06e9f5acd49afa7cba21c0851b08326f827f14e49db09c545cfa79f70295365536449dd0a3134b98e787770d0e76f04142616ae8452ca195a82c2c0f34979b888411313866366a85ac7edd687ce3c5ed807d0000d2413e1d9038b38612b18230e3896a2c9caf9e10e764b6c5009c8c94cad2d66219680064d189e90065d9bdc44978a8d7c911fcd11b803844cd28f7a5b14d7d8caddc1df2fae02008fe7c822e414a3ac2f1addce21f6904db8979e3f836df7eb2bc94bfce9d5256944df09201381a6010465b95cf7891ec4eaa8b5501b13a7049c142257cd51b6261ddff480cf22217f52adfb6fbee571825bcdaf76cf941bf2b3a04e28dfd915ad37cac23a0a792937c53a56129242cba64191f277994785a7933883d0c266437199b114b5dd510393d978ac7fe986b91460e2ce0e19f42d334f0c39663e3da9d12155a0eeec20070fe3836b7479bc309208280761645763e075e1e6122e63f878099237dfc44a4e342c102014edc9879a123284927b01590495fe895e80d8efafea3bf3d3dcff295b9543598018594267c30fc881e9dd5430068466bc82150348a37d679641a11c6ab3f7275622872153f7f98089c1ae37c1db57dfbe5955b7a168b4b8be5496b45cbe4cc3bcab07ea64e4cc31d09bdb402c97b20ea8eb4558ab133dd50ac6199b90631ffbc842a424b6e2aa1dcbcc997e8d7eaf07f7f0a1f22df84ff5af9d3371b4741e3dd7213e5a9ab1459097f54d1da7562c178b83accadb6704050ca8003771f72d07c067e736688ca9ecdf20b59847844195c8706b9fa235fb2465cb5e084839fd584a7e64a7c4239500a40cdc49a1aaa43c3d9d3f7b7d6d844fa7cf03b2302a2588b2b54a6b4a298cb93007b599970f35d565e49569f8c36598d7f6c5de6335c9b718d7f849c097593f07f9f2aeaeae5f5db403db1a36b03dc850c2fdf0da946d2cc0846feb8a17e0db409e12a1298fc7d8015aaec0837f101d8ec15850008bd438ed34a5c207ab317d046c81fdd5f23e5210d44997f1c17fa876682568bcbeb6802060eec9a57ea2b7301e9df2656e25ff2a7644a5b39dabcd02e06f45aea75c7d28ee80eeaac4978f781c941e9c7ebf1a27ac46a89e7abb66a4199c4e220d10890e15a271b4831d5420205005d3851984d5111d0e53488029bb024135eaf47fb053ade1eefb6fe572f4fae751bce8872537239412df8ee5cf0b1e36140edc00b6ce8068e5bc0e60fbe9ef54aa4569aef64a18f9bb05fc3d4297810a497210bcb4bfec9da9c9db9274b2cb24f82e706f30f65580c96a1637482c28000292311ad4d671336d225eb79e2da826dd66bc7b7f5b237de8f51c4ebfa08aed46cd3aafdcc6cbe148d2b503a298901b5ce5fe1533b9c62354ac429e04590496dd92194cbe6b6a17b05b008a019254bd566f402473023563376d22e639f9d13b08a55c967c21b298979cad1e348fb017312105871ad67ea522575f7d55e30fd0f0dce9417bc52e96ab8c6bab8c017f59c9e6d41bb874546e4d84f159281b3abbe169f381e2c77a36d4f1fe664cf55581cfb399fc77a0f4a00fe74a65940f276c9cc5da265e46767e2ec3251f7dc5593cdd6b3bf48c3a7b4a444dc1146da4ea26c6a273716e5d324f6248aee91d634c1a52ceb3a584252b8b40dfc500f84010d46d322cc8b9af5afc44ed0017dc540971a2ad366e577116ecb0dba7ae5f6e305a56078c442e35a58fc81181d67ec656248556031015c05b35da0c384eda995d6f7f92aeb62e0ab10fe3eb0682a6fe4cb3448bf27700c146844d6098c9dac38f4498ebdc6de4f87121ed4e4dfe26d70c7365976d3597d6cf721b17adcaadf5e70117bdf63e744e7b40adce88dc82c2650ca6e31a3b52500fc5886d0c1421f527e816879d543b18631e14cc27a98a47b82c20508ff2ac590b1fea729ccb692c659b2f761017256621e34bd47edaddb1a446091a85f54d0b8d1f1da87f8bc49762a85eeb7bc402a2dcedfec86b16358ef5f0fa4bbcf847807b41a2aac9d7a51fa48204474e64f832071987b0c437f4f327629155b95100dd436ddcd3d2cf22fb8a1e807eaded3dd8dafba9bf3ca3984fc3dba0c0b6828f462e6194c44fc46d00d1a0969512b7cf015d05ffb59eac00a6bd569def01dfac838b7b7afa234eafceff4e4576a5c74e71f5b4a7ac1836f683e96dab54675cc908755a160a9d0d9fb1c45341a04749fb63b81845d11a4f633d1144e616d229f73b72d0edf06d8c368659429fc02fd9a6bc67c02089f70da775b37e5757ab1156717c9a8b36b260a35c83c1d27de60b145ef1a3bc9790d05a1a4496bc35fe2aeea40b443aaa51d4beed829522f25c01bb7ca238ab89530b8c44f02b8e3306333957102a72f02193326f49d75aeecd9ebfc1b65032a11116cdfaa074369e43c505edd21701d11559471c5fc3286c7c1898765c713001f350957b376889bc733a27b9221e496bd3aa478275897d133124dfc29690aa42ad6c27ba1a246e4a3a97ddfa8d9ee4c4b697ec117b2a88c9b8bb8e0780d0687a1100a3b840a1fb7be4fd38645ea58f4e5b77a527dd4074379995916f983d6b98e11cd4f5d549a944b05c09579892247d1ff5e8c1ac90d695cd0034a94a55bcf373138b83399dce92372f9bec41b521b952d1d137ba4b6a34c49009c89269e9d935d837afcfe8593fb27ee1e4d10cba69613ec6421b5c53b374727869e5b912c286d49723fa28783c2dae51cb422aa5b79d7500b42c06b22c88424c9d7524f79a99abdbeb9c6a27e9e079f7cae0a1c3cf6c7a433295d0eb46b6692b26d01deb7facf30aeb6268dead61ca232595791ab08cb8e7f7239653058175dc04a621e7b48209383d7370d53a0b78a45b03383b741a538bcc3c1f6bbcae33cae514144ea8fcaa8a14730c80421bb899d2745ca43b4a33fb2ed6c120a96821d513600865ccf1f3c668027e012bb928dcc0d12c02ba5c4e1da6966bdebcfc805d675c9748c32a1f9ba5174a80d7747984c025c44fdf4222e28ad27f14735986a190a0e86139ef4855bba466a0d1908e997f22a87486e6d58afc021188a088aee19afc16ddd4b8c57bd886017226dd6caeea3ad2a97f4fbd5af06699e9a716d46bb98b63b39cc545ebb333845d5e3ddeb3c838005ba9fa3d075eac6fe70ef4f5d7e96e9d38549fc79587c95206e970a40d376a0bc83d546ae18d80845a3aae1c46c55e41026dbb19fcd823b2ca5a39bacded2f19110848b4798214cd5ea2d8ca3a5bac36da4c8ae74d2b4072beaf82b3219cfc15e6640243c7e9d79c79fc5bb32ff543a55d988cdfaf3397607d93e490dbf832a974397639763cf18092324f99eb72507b6faf26840837ca05b61954da7bea05405cfe5a163017d0a0133893038104918e3f60e0e5da232bcefaf87092ea00363037bcb1947033fc199d3a6722fd31bc8d4055a3bbcb5f45ac5539fc92057a2c2094fdc9a08628685c9740271215f840f6c61d92da40948d342c21d6b1c1ac6eac1c056e967ca5ff9db822ef47a7463221da918232ecd74605af998cd6d9a9f528069a92660ab0e31d057a5be90ef3f17dcd4f11eb8ddbb5f8c188e900e789f003f9a0e3bccd29dfd6df529d8558421226b3abb4239f15ec3cb63f1cd0951afc700647c7cd19e3fc2bb87418addaf1bae89592570d2f2952b649dac77ed9c56f5d55ea5074d7d3caeb65fe09c1958219195df642af77e9adc7ba9eabf4f5efab8bf08903b250455735c1644c1ebf90fe53e959a9e42aa42450e22ff02cd5f66135c98994db14b1e44c78631a46a54a099bfd28b078fd72b1fd44576243e2ce5dbf489da4c06161cb246852ba59f9611275e3be1c65469d72e8340cbaabd23abd90d6083f75641213a2a785a778416295d0e60c4ec451210ba06e49b188c6c9efa7a8c1660c2fefe8cfa537476e71d5bfd3fdbf5f0e3e91b25644e3e60ad348c59afd1d0c6cdbf3749f9fd85d54b973eca3a0bee6ce7000ad3d341c31514e90426ed0aee8bc814b85d34aab34f3b903b735c4a60e5d54e3360214291826e545fd8325eafc389aafaeadf0f8f70d44370672cb11034c4cfa8695459eb9d6aec49b2b22a6abbb318bb60c6a9369e54fa22685d87a7050de91b715e444186dbbbca5e5b7eb9d71ce02409d4d3de32022199bbecd5668440fab1161e05cf4f53ed8f47dd5746226b5eff3442f94f04eb6324acc6f6f21adf82b66813dbd2c3644fea26f743ed44c7c163e8621c80f3bb064c9fcf1b6ee1a9890e00e9a181892797893cc8d98a1bff74d3aa9dad66baeba835730fd4b7c316c759b3e09a1c94de99df654d0c760e536a7ed49966bf5fc02143e8bb88ff74d016928a0c076891e00272008a90f5563746f9e66602464d89780b21dff53e1d593c851346dd6820d9daf2cbecf570c190d37003c7d70122619d6c3cbd237d58a1350a77035daf8df96343bff13afcdd1752bd065e7e3241118c1eb4fd6d6c94ad11dc86c4b8663ff004c122ccca0488a34dabd708afdf2f35f76a43b770ff9cc9a20b8897814bcbce59177f1a81dca4018da967760e91d897758f151741723d90f62b6aee2db88e63d62be3a55722172f24f6128e68adbecc643528bc81d23fff1a16620b511f5e53111999285869202cc7cdd5872b55ebddd821490f53d109e31a94a7f013d1a4d7d1742a0cda10cdd9337990491c3fbc2aefb13da12ed2da683a89022565016c737c0a51594f7045c60150bcf2667efcb8095f70614f8d4a68480100daf11ac2aa287285ade665f10c47c98f76cb445f3e35c832a7d2f654baac08e451f637ae66fdf71c0e8dea3b17e88ef4748932eb15383d8dcbef97e3dd223690582183472a25b2fbbfebf924b9656f11218807a1d02b881d7d2dbfd9c6d6addd299a223d7395cf9ca257448937b49cea9826f2101f4ec034302ac6a163a9e6fdc1519c0cc4d138313f820d35565c56e20414cc1d88863e896b4c6c2ff04aa65466cfff796a86c280a77658ef101313eb35e983217ffcdcf67e9eecba2aedddebdb566ab9d95d100e9045764c58d25ed7a13f18bd080c7e4b10fef4e0409f9b9d7c1bdf93fc1516a8718e73aaabdc12eb1eb658cc72c00bc96cb82129ced4124a6e83ef968431461849fb5b7cbf4bf2aeae31abf66aefab725a65a98cc855fbaa19835012e91d9b054f2dd159bf2980a24b014607dfaae6a2950e02ba41ba629afbed1b12ed9738b81ec135cf2ad708ac929e6f1cbf354782f0edf942614e88a5ee99a8d17cd2f77512edef50ad46ea65a42acc93daefc27cb01fbff5ce323b903837a4fb83630ec16f3cf7de0420b0457bf3a2bd88e38635aeac16ba4722d32baa7a54bc1249a90b536fc50f6d9c11aef435ef2570d4ca7a01971322912babbb6c81a5517a977be7885b32ee37c44553ea7d3ef23f5872275012831732843d3d0569bd8c9333e013a23306141536b22a0619ca9c08313dc33a43be62b4b24e2e3c3e04bbdd8c593421d5d85de19ca9a965c46fcd6eb58a456c2af53e9743f3e2b27fd683c7ef09a85c7b2382b031f634b6594f8b02aa4b3c3411f84994482ba6074c7dc973ea0c3ff21543c8cb927765017ad9d32c4d07aa0"]}, @NL80211_ATTR_MESH_ID={0xc, 0x18, "39dad61093531baf"}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_RADAR_BACKGROUND={0x4}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, 0x2}, @NL80211_ATTR_FILS_ERP_USERNAME={0x7, 0xf9, "1c1fbc"}]}, 0x11ec}, 0x1, 0x0, 0x0, 0x40000}, 0x90) r10 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000003600), r0) sendmsg$auto_KSMBD_EVENT_HEARTBEAT_REQUEST(r7, &(0x7f00000036c0)={&(0x7f00000035c0)={0x10, 0x0, 0x0, 0x9820208}, 0xc, &(0x7f0000003680)={&(0x7f0000003640)={0x14, r10, 0x400, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008080}, 0x20008004) 927.614564ms ago: executing program 3 (id=1060): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x100000, 0x3, 0x67) r0 = socket$nl_generic(0x10, 0x3, 0x10) migrate_pages$auto(0xffffffffffffffff, 0x5dd7, &(0x7f0000000380), &(0x7f00000003c0)=0x3) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x80000e9) socket(0x1d, 0x2, 0x6) sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x80) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r2 = socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x18, 0x0, 0x9) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0xffff1fa1, 0x0, 0x92) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mprotect$auto(0xc000, 0x8, 0x8) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) 684.950112ms ago: executing program 1 (id=1061): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x1000, 0x8000000000000000, 0xdf, 0x1000000009b79, 0x2, 0x10004) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kpageflags\x00', 0x2, 0x0) socket(0xa, 0x2, 0x3a) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8, 0xffffffff) r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) socketpair$auto(0x7ff, 0x58, 0x0, 0x0) ioctl$auto(r1, 0x4008af03, r1) close_range$auto(r1, r0, 0x914) close_range$auto(0x2, 0xffffffffffffffff, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88300, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) r3 = socket(0xa, 0x1, 0x0) connect$auto(r3, &(0x7f0000000000)=@rc={0x1f, @none, 0x6}, 0x7) socket(0x2, 0x1, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) pipe2$auto(0x0, 0x80) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) 488.500175ms ago: executing program 2 (id=1062): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/rose8/address\x00', 0x752502, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd0\x00', 0xc0c00, 0x0) (async) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) r2 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/buffer_percent\x00', 0xbc102, 0x0) close_range$auto(r1, r2, 0x800000b) (async) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000002640)='/dev/mtd0\x00', 0x8000, 0x0) ioctl$auto_OTPSELECT(r3, 0x80044d0d, &(0x7f00000000c0)=0x10009) (async) socket(0x2, 0x1, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_clone3(&(0x7f0000000640)={0x108000, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) (async) ioctl$auto_UI_DEV_CREATE(r4, 0x5501, 0x0) writev$auto(r4, &(0x7f0000000340)={&(0x7f00000002c0), 0xda7e}, 0x9) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x15, 0x5, 0x0) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) (async) unshare$auto(0x40000080) (async) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) 423.18256ms ago: executing program 0 (id=1063): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x102, 0x0, 0xfffffffffffffffd) r1 = socket(0x1d, 0x2, 0x6) socket(0x22, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8}, @NFSD_A_SERVER_SCOPE={0x5, 0x4, '\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10001bbd7000fddbdf250a00000a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0) sendfile$auto(r2, r2, 0x0, 0x200) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) epoll_create$auto(0x2) sendmsg$auto_NBD_CMD_DISCONNECT(r1, 0x0, 0x0) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(0x3, 0x0, 0x55) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/reboot/type\x00', 0x180102, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) 395.267528ms ago: executing program 1 (id=1064): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="08002dbd7000fbdbdf251f00000006005101010000000400ff0008005d009d000000"], 0x28}, 0x1, 0x0, 0x0, 0x40000d0}, 0x487dcc079df0ca0d) (async) close_range$auto(0x2, 0x8, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100cda4429629bd7100f9db5f2502"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) (async) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x8, 0x4008) 622.073µs ago: executing program 3 (id=1065): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) r2 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r3 = openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) read$auto_trace_fops_debugfs(r3, &(0x7f0000000380)=""/227, 0xe3) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6ccca89d040387b5910e086701c134b4d66154b954d14e512b754e9678a703cb888c95beabc1d92b2bbf3d694faa2bed82aba3b7980e91001bd23bac96c51c2c7df2f078faaf90e4e840483b273abebeb505df7cc8a3c676638d9b49b6cdd467c081ff296bb1ff9ae4bbe61f08e92db469a4c0049f6223f00206e3ef559acf9672e6283d0a4d877b1171371c45293846c7baaf3a3f9693115217e7f8893a2deb63385f21c5a7cad385081ae5a8a083de", @ANYRES64=r2], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x87) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) brk$auto(0xffffffffffffff66) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syslog$auto(0x2, &(0x7f0000000140)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e{\xf0\x97\x12\xf6h\x00\xce\t\x00\bI3\'\xc5tw\xd7\x11\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11\x05\x00/\xfd\x9b\xe4\x99G\xeaS\x9a\xadu\x8d|\x1ec\x03\xe0MJE(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) 0s ago: executing program 1 (id=1066): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) mmap$auto(0x0, 0x7, 0x7, 0xeb1, r0, 0x8000) write$auto(0xca, 0x0, 0x1ff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/neigh/bond_slave_1/proxy_qlen\x00', 0x40001, 0x0) mmap$auto(0x9, 0x20007, 0xffffffffffff7fff, 0xeb1, 0xfffffffffffffffd, 0x40000007ffe) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8094}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) fsconfig$auto_HIDEPID_OFF(r0, 0x7, &(0x7f0000000240)='/sys/devices/virtual/net/nr12/address\x00', &(0x7f0000000600)="d06dcecd5a218264ba9e7ba66a3bc2fb9adf72dd77bb162f6c2df60e4417e2a9d33deb35d03f15a78958adc02a2a57bda02db8f9e74d7304acd298c39ff45ddb43c23b0322bfa53ccc281bfef4517c36fbb0ea95e07c5b122cb51da23f102ff10c1bfa0a85e99cf5128a56928b909c040d9184563f8cb7e069f0f889b0b1b626410ec7e84f027e3999c66704000000000000006675091fbb9ca75528d7068d06ace3d5aff1660477d7a45b1606e2dc00896ad11a8c5ccb3bc1d88e135f65c1ced874f7576777049e58a0aaacfba5db480ba4e04639482a347ab75f2de6ec1826b5e0be80dfa150451f01e138dabd98bfdcf9c14fe3a4964a782041d5996521b9abe0d26f7900d5ca9967f3ab1b8713dddc4e989749a4be459fb5649c2c6af8f79dea68df2bec4926f079dc6e5809fcf27f21099391acc9e9c06b676a95220ff1f0639dac9885675607a71be0423845ff7f00000000000029104b975107d5812aa3f9aa315aab65d673afd5811703e6c09a425b92b0072c488de33f62ed67557499676ee2bf07c06c5429b98362f65b02f114dd4b81d56389671cd3b89100e8bea447ea1a923c804be28c1178cf0c1e337f0318da1694ecdc3c7c9aa7c2802a2802769146bfd0ec202e0b0f55a8364b2febd1a425efef587cd3379845c769033055e6954d8f38adf328e1e57f4f0212f599009c8384b043bbc82a699cc28c72b1f41e395b59b8b694dfbc3b8da8ece5507bdc71d12aa2256aed5edbaeb9a2c35af6fa9058f5d66afc0204e48bff22b8bd4118103ef240f184e33c2dc0e0228ad742b824758c9efa86cf17c598bb26c2d74106a4434e7511275a160b8ad9e11fe0da24a57071c1e53213a832a5da309a980457ea612aeab81edba80b88e198f408e4fd0be3b1f72107fcd69a3b29b7db72ef1170790c497795c624325e25b1b91a18aaf0617db89909b442ea7d9f20a3fd474759238bf2bc0285ea0729b869a00deda1eb7e68cd199eb45305a1e961c820ce67a710014c9b0af39151850e084ab4de495665626f49d33f9bef41caab9e0cd8f7b18f385ff3651b17eb599fff8399919bc80cd6171bc8a4b12bba75d2a2aab07fa5191869f9eb202dafedf4e7d871796984990b4b26d65d119d0c9fd08f4310c6844e00000000000000", 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0x5}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x274441, 0xc4) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) socket(0x2c, 0x801, 0x100) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x20b42, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x21f}, 0x800000007) ioperm$auto(0x7, 0x6, 0x2) capset$auto(&(0x7f0000000040)={0x80}, &(0x7f00000001c0)={0x769, 0xc, 0x1}) mmap$auto(0x0, 0x8, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(r0, 0x8, 0x4) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0xbb230000) madvise$auto(0x0, 0x7fffffffffffffff, 0x8) kernel console output (not intermixed with test programs): 0000000000000001 R09: ffffed1017086645 [ 139.221852][ C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000 [ 139.229824][ C0] R13: ffffffff8e297780 R14: ffffffff90a9a150 R15: 0000000000000000 [ 139.237803][ C0] ? ct_kernel_exit+0x139/0x190 [ 139.242687][ C0] default_idle+0x13/0x20 [ 139.247049][ C0] default_idle_call+0x6d/0xb0 [ 139.251826][ C0] do_idle+0x391/0x510 [ 139.255909][ C0] ? __pfx_do_idle+0x10/0x10 [ 139.260505][ C0] ? find_held_lock+0x2b/0x80 [ 139.265199][ C0] cpu_startup_entry+0x4f/0x60 [ 139.269994][ C0] rest_init+0x16b/0x2b0 [ 139.274246][ C0] ? acpi_subsystem_init+0x133/0x180 [ 139.279541][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 139.285107][ C0] start_kernel+0x3ee/0x4d0 [ 139.289636][ C0] x86_64_start_reservations+0x18/0x30 [ 139.295124][ C0] x86_64_start_kernel+0x130/0x190 [ 139.300249][ C0] common_startup_64+0x13e/0x148 [ 139.305207][ C0] [ 139.523512][ T5848] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 140.265479][ T6661] syz.1.150 (6661) used greatest stack depth: 19784 bytes left [ 141.731845][ T6720] [ 141.783502][ T6719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.161'. [ 142.403749][ T5848] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 142.668583][ T6748] netlink: 342 bytes leftover after parsing attributes in process `syz.0.166'. [ 142.738590][ T6749] netlink: 342 bytes leftover after parsing attributes in process `syz.0.166'. [ 142.799170][ T6749] netlink: 342 bytes leftover after parsing attributes in process `syz.0.166'. [ 143.033199][ T6757] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 143.504804][ T6769] random: crng reseeded on system resumption [ 143.910957][ T6773] program syz.2.171 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 145.335965][ T6804] netlink: 342 bytes leftover after parsing attributes in process `syz.1.177'. [ 145.346198][ T6804] netlink: 342 bytes leftover after parsing attributes in process `syz.1.177'. [ 145.356241][ T6804] netlink: 342 bytes leftover after parsing attributes in process `syz.1.177'. [ 145.366239][ T6804] netlink: 342 bytes leftover after parsing attributes in process `syz.1.177'. [ 145.410842][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 145.425737][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 145.435036][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 145.457597][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 145.470653][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 145.479835][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 145.490717][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 145.497146][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 145.522281][ T6803] rnbd_client L202: map_device: Unknown parameter or missing value '(' [ 146.198987][ T6834] netlink: 354 bytes leftover after parsing attributes in process `syz.3.185'. [ 146.507302][ T6836] Invalid ELF header magic: != ELF [ 147.571285][ T6859] FAULT_INJECTION: forcing a failure. [ 147.571285][ T6859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.584544][ T6859] CPU: 1 UID: 0 PID: 6859 Comm: syz.1.190 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 147.584578][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.584591][ T6859] Call Trace: [ 147.584601][ T6859] [ 147.584611][ T6859] dump_stack_lvl+0x16c/0x1f0 [ 147.584651][ T6859] should_fail_ex+0x512/0x640 [ 147.584690][ T6859] _copy_from_user+0x2e/0xd0 [ 147.584727][ T6859] copy_msghdr_from_user+0x98/0x160 [ 147.584763][ T6859] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 147.584810][ T6859] ? kfree+0x24f/0x4d0 [ 147.584839][ T6859] ? __pfx__kstrtoull+0x10/0x10 [ 147.584874][ T6859] ___sys_sendmsg+0xfe/0x1d0 [ 147.584910][ T6859] ? __pfx____sys_sendmsg+0x10/0x10 [ 147.584979][ T6859] ? __pfx___might_resched+0x10/0x10 [ 147.585013][ T6859] __sys_sendmmsg+0x200/0x420 [ 147.585051][ T6859] ? __pfx___sys_sendmmsg+0x10/0x10 [ 147.585098][ T6859] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 147.585152][ T6859] ? fput+0x70/0xf0 [ 147.585172][ T6859] ? ksys_write+0x1ac/0x250 [ 147.585200][ T6859] ? __pfx_ksys_write+0x10/0x10 [ 147.585237][ T6859] __x64_sys_sendmmsg+0x9c/0x100 [ 147.585271][ T6859] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.585303][ T6859] do_syscall_64+0xcd/0x490 [ 147.585340][ T6859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.585364][ T6859] RIP: 0033:0x7f5bdb18e929 [ 147.585385][ T6859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.585406][ T6859] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 147.585429][ T6859] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 147.585445][ T6859] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 147.585459][ T6859] RBP: 00007f5bdc05a090 R08: 0000000000000000 R09: 0000000000000000 [ 147.585474][ T6859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.585488][ T6859] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 147.585521][ T6859] [ 147.787766][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.380063][ T6864] syz.0.192 uses obsolete (PF_INET,SOCK_PACKET) [ 149.807565][ T6900] netlink: 354 bytes leftover after parsing attributes in process `syz.1.202'. [ 150.196716][ T6906] bond0: option all_slaves_active: invalid value () [ 151.439077][ T6930] FAULT_INJECTION: forcing a failure. [ 151.439077][ T6930] name failslab, interval 1, probability 0, space 0, times 0 [ 151.506050][ T6930] CPU: 0 UID: 0 PID: 6930 Comm: syz.2.209 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 151.506088][ T6930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.506104][ T6930] Call Trace: [ 151.506111][ T6930] [ 151.506121][ T6930] dump_stack_lvl+0x16c/0x1f0 [ 151.506164][ T6930] should_fail_ex+0x512/0x640 [ 151.506199][ T6930] ? fs_reclaim_acquire+0xae/0x150 [ 151.506230][ T6930] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 151.506265][ T6930] should_failslab+0xc2/0x120 [ 151.506289][ T6930] __kmalloc_noprof+0xd2/0x510 [ 151.506335][ T6930] tomoyo_realpath_from_path+0xc2/0x6e0 [ 151.506379][ T6930] tomoyo_check_open_permission+0x2ab/0x3c0 [ 151.506412][ T6930] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 151.506479][ T6930] ? find_held_lock+0x2b/0x80 [ 151.506517][ T6930] tomoyo_file_open+0x6b/0x90 [ 151.506556][ T6930] security_file_open+0x84/0x1e0 [ 151.506588][ T6930] do_dentry_open+0x596/0x1c10 [ 151.506632][ T6930] vfs_open+0x82/0x3f0 [ 151.506664][ T6930] path_openat+0x1de4/0x2cb0 [ 151.506721][ T6930] ? __pfx_path_openat+0x10/0x10 [ 151.506757][ T6930] ? __lock_acquire+0xb8a/0x1c90 [ 151.506793][ T6930] do_filp_open+0x20b/0x470 [ 151.506826][ T6930] ? __pfx_do_filp_open+0x10/0x10 [ 151.506878][ T6930] ? alloc_fd+0x471/0x7d0 [ 151.506918][ T6930] do_sys_openat2+0x11b/0x1d0 [ 151.506942][ T6930] ? __pfx_do_sys_openat2+0x10/0x10 [ 151.506979][ T6930] __x64_sys_openat+0x174/0x210 [ 151.507012][ T6930] ? __pfx___x64_sys_openat+0x10/0x10 [ 151.507055][ T6930] do_syscall_64+0xcd/0x490 [ 151.507094][ T6930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.507120][ T6930] RIP: 0033:0x7f34d078e929 [ 151.507139][ T6930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.507160][ T6930] RSP: 002b:00007f34d1680038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 151.507184][ T6930] RAX: ffffffffffffffda RBX: 00007f34d09b5fa0 RCX: 00007f34d078e929 [ 151.507199][ T6930] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 151.507214][ T6930] RBP: 00007f34d0810b39 R08: 0000000000000000 R09: 0000000000000000 [ 151.507229][ T6930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 151.507243][ T6930] R13: 0000000000000000 R14: 00007f34d09b5fa0 R15: 00007ffeab31ad88 [ 151.507275][ T6930] [ 151.507286][ T6930] ERROR: Out of memory at tomoyo_realpath_from_path. [ 152.396327][ T6958] FAULT_INJECTION: forcing a failure. [ 152.396327][ T6958] name failslab, interval 1, probability 0, space 0, times 0 [ 152.435125][ T6958] CPU: 0 UID: 0 PID: 6958 Comm: syz.2.214 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 152.435166][ T6958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.435179][ T6958] Call Trace: [ 152.435187][ T6958] [ 152.435197][ T6958] dump_stack_lvl+0x16c/0x1f0 [ 152.435238][ T6958] should_fail_ex+0x512/0x640 [ 152.435271][ T6958] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 152.435307][ T6958] should_failslab+0xc2/0x120 [ 152.435326][ T6958] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 152.435357][ T6958] ? __proc_create+0xc3/0x8c0 [ 152.435389][ T6958] ? __proc_create+0x2ce/0x8c0 [ 152.435425][ T6958] __proc_create+0x2ce/0x8c0 [ 152.435455][ T6958] ? __pfx___proc_create+0x10/0x10 [ 152.435486][ T6958] ? _raw_spin_unlock+0x28/0x50 [ 152.435522][ T6958] proc_create_reg+0x7d/0x180 [ 152.435544][ T6958] proc_create_net_data+0x8e/0x1b0 [ 152.435565][ T6958] ? __pfx_proc_create_net_data+0x10/0x10 [ 152.435593][ T6958] ? mptcp_net_init+0x4d0/0x620 [ 152.435620][ T6958] ? udp_pernet_init+0x6d3/0x910 [ 152.435660][ T6958] ? __pfx_udplite4_proc_init_net+0x10/0x10 [ 152.435693][ T6958] udplite4_proc_init_net+0x57/0x80 [ 152.435722][ T6958] ops_init+0x1e2/0x5f0 [ 152.435762][ T6958] setup_net+0x1ff/0x510 [ 152.435796][ T6958] ? lockdep_init_map_type+0x5c/0x280 [ 152.435836][ T6958] ? __pfx_setup_net+0x10/0x10 [ 152.435878][ T6958] ? debug_mutex_init+0x37/0x70 [ 152.435908][ T6958] copy_net_ns+0x2a6/0x5f0 [ 152.435935][ T6958] create_new_namespaces+0x3ea/0xa90 [ 152.435969][ T6958] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 152.435999][ T6958] ksys_unshare+0x45b/0xa40 [ 152.436030][ T6958] ? __pfx_ksys_unshare+0x10/0x10 [ 152.436071][ T6958] ? xfd_validate_state+0x61/0x180 [ 152.436121][ T6958] __x64_sys_unshare+0x31/0x40 [ 152.436156][ T6958] do_syscall_64+0xcd/0x490 [ 152.436192][ T6958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.436217][ T6958] RIP: 0033:0x7f34d078e929 [ 152.436236][ T6958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.436258][ T6958] RSP: 002b:00007f34d161d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 152.436282][ T6958] RAX: ffffffffffffffda RBX: 00007f34d09b6240 RCX: 00007f34d078e929 [ 152.436298][ T6958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 152.436312][ T6958] RBP: 00007f34d0810b39 R08: 0000000000000000 R09: 0000000000000000 [ 152.436325][ T6958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.436338][ T6958] R13: 0000000000000000 R14: 00007f34d09b6240 R15: 00007ffeab31ad88 [ 152.436368][ T6958] [ 152.916658][ T6964] netlink: 342 bytes leftover after parsing attributes in process `syz.0.217'. [ 152.971126][ T6964] netlink: 342 bytes leftover after parsing attributes in process `syz.0.217'. [ 152.998433][ T5855] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 154.839591][ T7012] vivid-003: ================= START STATUS ================= [ 154.863715][ T7012] vivid-003: Radio HW Seek Mode: Bounded [ 154.870568][ T7012] vivid-003: Radio Programmable HW Seek: false [ 154.901564][ T7012] vivid-003: RDS Rx I/O Mode: Block I/O [ 154.923776][ T7007] netlink: 28 bytes leftover after parsing attributes in process `syz.3.226'. [ 154.935900][ T7012] vivid-003: Generate RBDS Instead of RDS: false [ 154.963161][ T7012] vivid-003: RDS Reception: true [ 154.998022][ T7012] vivid-003: RDS Program Type: 0 inactive [ 155.003989][ T7012] vivid-003: RDS PS Name: inactive [ 155.010124][ T7012] vivid-003: RDS Radio Text: inactive [ 155.017014][ T7012] vivid-003: RDS Traffic Announcement: false inactive [ 155.024220][ T7012] vivid-003: RDS Traffic Program: false inactive [ 155.030974][ T7012] vivid-003: RDS Music: false inactive [ 155.036862][ T7012] vivid-003: ================== END STATUS ================== [ 155.258644][ T7025] netlink: 342 bytes leftover after parsing attributes in process `syz.3.229'. [ 155.523529][ T7028] netlink: 342 bytes leftover after parsing attributes in process `syz.3.229'. [ 156.418281][ T7047] FAULT_INJECTION: forcing a failure. [ 156.418281][ T7047] name fail_futex, interval 1, probability 0, space 0, times 1 [ 156.475642][ T7047] CPU: 1 UID: 0 PID: 7047 Comm: syz.0.235 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 156.475678][ T7047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.475692][ T7047] Call Trace: [ 156.475701][ T7047] [ 156.475710][ T7047] dump_stack_lvl+0x16c/0x1f0 [ 156.475750][ T7047] should_fail_ex+0x512/0x640 [ 156.475790][ T7047] get_futex_key+0x1d0/0x1540 [ 156.475823][ T7047] ? __pfx_get_futex_key+0x10/0x10 [ 156.475864][ T7047] futex_wake+0xe7/0x4e0 [ 156.475894][ T7047] ? __might_fault+0x13b/0x190 [ 156.475930][ T7047] ? __pfx_futex_wake+0x10/0x10 [ 156.475972][ T7047] ? poll_select_finish+0x377/0x6b0 [ 156.476008][ T7047] do_futex+0x1e3/0x350 [ 156.476038][ T7047] ? __pfx_do_futex+0x10/0x10 [ 156.476077][ T7047] __x64_sys_futex+0x1e0/0x4c0 [ 156.476111][ T7047] ? __pfx___x64_sys_futex+0x10/0x10 [ 156.476148][ T7047] ? xfd_validate_state+0x61/0x180 [ 156.476178][ T7047] ? __pfx_do_writev+0x10/0x10 [ 156.476220][ T7047] do_syscall_64+0xcd/0x490 [ 156.476257][ T7047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.476282][ T7047] RIP: 0033:0x7fe1aef8e929 [ 156.476301][ T7047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.476322][ T7047] RSP: 002b:00007fe1afd1c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 156.476345][ T7047] RAX: ffffffffffffffda RBX: 00007fe1af1b5fa8 RCX: 00007fe1aef8e929 [ 156.476361][ T7047] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe1af1b5fac [ 156.476376][ T7047] RBP: 00007fe1af1b5fa0 R08: 00007fe1afd1d000 R09: 0000000000000000 [ 156.476391][ T7047] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fe1af1b5fac [ 156.476405][ T7047] R13: 0000000000000000 R14: 00007ffc4ae06360 R15: 00007ffc4ae06448 [ 156.476438][ T7047] [ 156.892532][ T7062] binder: 7040:7062 ioctl c018620c 0 returned -1 [ 157.684858][ T7082] ubi0: attaching mtd0 [ 157.714525][ T7082] ubi0: scanning is finished [ 157.843057][ T7082] ubi0: empty MTD device detected [ 157.852332][ T7082] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 158.098222][ T7082] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 158.421664][ T7089] netlink: 342 bytes leftover after parsing attributes in process `syz.0.241'. [ 158.433111][ T7089] netlink: 342 bytes leftover after parsing attributes in process `syz.0.241'. [ 161.591824][ T7177] FAULT_INJECTION: forcing a failure. [ 161.591824][ T7177] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 161.662098][ T7182] netlink: get zone limit has 8 unknown bytes [ 161.668634][ T7177] CPU: 0 UID: 0 PID: 7177 Comm: syz.2.260 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 161.668655][ T7177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.668663][ T7177] Call Trace: [ 161.668669][ T7177] [ 161.668675][ T7177] dump_stack_lvl+0x16c/0x1f0 [ 161.668707][ T7177] should_fail_ex+0x512/0x640 [ 161.668731][ T7177] should_fail_alloc_page+0xe7/0x130 [ 161.668747][ T7177] prepare_alloc_pages+0x3c2/0x610 [ 161.668764][ T7177] ? rcu_is_watching+0x12/0xc0 [ 161.668782][ T7177] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 161.668810][ T7177] ? __lock_acquire+0x622/0x1c90 [ 161.668830][ T7177] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 161.668850][ T7177] ? __lock_acquire+0x622/0x1c90 [ 161.668875][ T7177] ? __lock_acquire+0x622/0x1c90 [ 161.668895][ T7177] ? __lock_acquire+0x622/0x1c90 [ 161.668919][ T7177] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 161.668996][ T7177] ? policy_nodemask+0xea/0x4e0 [ 161.669015][ T7177] alloc_pages_mpol+0x1fb/0x550 [ 161.669031][ T7177] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 161.669051][ T7177] folio_alloc_mpol_noprof+0x36/0x2f0 [ 161.669069][ T7177] vma_alloc_folio_noprof+0xed/0x1e0 [ 161.669085][ T7177] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 161.669100][ T7177] ? find_held_lock+0x2b/0x80 [ 161.669115][ T7177] ? __handle_mm_fault+0x1092/0x5490 [ 161.669136][ T7177] __handle_mm_fault+0x2f21/0x5490 [ 161.669159][ T7177] ? __pfx___handle_mm_fault+0x10/0x10 [ 161.669177][ T7177] ? __pte_offset_map_lock+0x174/0x310 [ 161.669191][ T7177] ? find_held_lock+0x2b/0x80 [ 161.669204][ T7177] ? find_held_lock+0x2b/0x80 [ 161.669223][ T7177] ? follow_page_pte+0x3af/0x14c0 [ 161.669243][ T7177] handle_mm_fault+0x589/0xd10 [ 161.669265][ T7177] __get_user_pages+0x589/0x3b80 [ 161.669286][ T7177] ? __pfx_mt_find+0x10/0x10 [ 161.669299][ T7177] ? __pfx___get_user_pages+0x10/0x10 [ 161.669322][ T7177] populate_vma_page_range+0x278/0x3a0 [ 161.669340][ T7177] ? __pfx_populate_vma_page_range+0x10/0x10 [ 161.669404][ T7177] ? __pfx_find_vma_intersection+0x10/0x10 [ 161.669421][ T7177] ? do_mmap+0x69c/0x1210 [ 161.669439][ T7177] __mm_populate+0x1d8/0x380 [ 161.669457][ T7177] ? __pfx___mm_populate+0x10/0x10 [ 161.669476][ T7177] ? up_write+0x1b2/0x520 [ 161.669498][ T7177] vm_mmap_pgoff+0x362/0x450 [ 161.669515][ T7177] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 161.669527][ T7177] ? __pfx_do_sys_openat2+0x10/0x10 [ 161.669548][ T7177] ? __x64_sys_futex+0x1e0/0x4c0 [ 161.669564][ T7177] ? __x64_sys_futex+0x1e9/0x4c0 [ 161.669583][ T7177] ksys_mmap_pgoff+0x7d/0x5c0 [ 161.669597][ T7177] ? xfd_validate_state+0x61/0x180 [ 161.669621][ T7177] __x64_sys_mmap+0x125/0x190 [ 161.669643][ T7177] do_syscall_64+0xcd/0x490 [ 161.669666][ T7177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.669680][ T7177] RIP: 0033:0x7f34d078e929 [ 161.669693][ T7177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.669707][ T7177] RSP: 002b:00007f34d1680038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 161.669721][ T7177] RAX: ffffffffffffffda RBX: 00007f34d09b5fa0 RCX: 00007f34d078e929 [ 161.669731][ T7177] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 161.669740][ T7177] RBP: 00007f34d0810b39 R08: ffffffffffffffff R09: 0000000000000000 [ 161.669748][ T7177] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 161.669757][ T7177] R13: 0000000000000000 R14: 00007f34d09b5fa0 R15: 00007ffeab31ad88 [ 161.669776][ T7177] [ 162.326807][ T5855] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 163.326753][ T7212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.269'. [ 163.326843][ T7212] FAULT_INJECTION: forcing a failure. [ 163.326843][ T7212] name failslab, interval 1, probability 0, space 0, times 0 [ 163.326873][ T7212] CPU: 0 UID: 0 PID: 7212 Comm: syz.3.269 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 163.326903][ T7212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.326917][ T7212] Call Trace: [ 163.326924][ T7212] [ 163.326934][ T7212] dump_stack_lvl+0x16c/0x1f0 [ 163.326973][ T7212] should_fail_ex+0x512/0x640 [ 163.327002][ T7212] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 163.327063][ T7212] should_failslab+0xc2/0x120 [ 163.327088][ T7212] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 163.327126][ T7212] ? kvasprintf_const+0x66/0x1a0 [ 163.327156][ T7212] kvasprintf+0xbc/0x160 [ 163.327178][ T7212] ? __pfx_kvasprintf+0x10/0x10 [ 163.327205][ T7212] ? rcu_read_unlock+0x17/0x60 [ 163.327227][ T7212] ? lockdep_unlock+0x64/0xe0 [ 163.327259][ T7212] kvasprintf_const+0x66/0x1a0 [ 163.327284][ T7212] kobject_set_name_vargs+0x5a/0x140 [ 163.327310][ T7212] dev_set_name+0xc7/0x100 [ 163.327338][ T7212] ? __pfx_dev_set_name+0x10/0x10 [ 163.327364][ T7212] ? rcu_is_watching+0x12/0xc0 [ 163.327392][ T7212] ? rcu_is_watching+0x12/0xc0 [ 163.327417][ T7212] ? trace_kmalloc+0x2b/0xd0 [ 163.327446][ T7212] ? __kmalloc_noprof.cold+0x5c/0x61 [ 163.327478][ T7212] ? irq_work_queue+0xce/0x100 [ 163.327517][ T7212] ? wiphy_new_nm+0x797/0x2160 [ 163.327544][ T7212] wiphy_new_nm+0x811/0x2160 [ 163.327569][ T7212] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 163.327597][ T7212] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 163.327623][ T7212] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 163.327647][ T7212] ? __local_bh_enable_ip+0xa4/0x120 [ 163.327680][ T7212] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 163.327731][ T7212] ? __pfx__printk+0x10/0x10 [ 163.327770][ T7212] ? __pfx____ratelimit+0x10/0x10 [ 163.327804][ T7212] ? rcu_is_watching+0x12/0xc0 [ 163.327830][ T7212] ? do_trace_netlink_extack+0x164/0x1e0 [ 163.327865][ T7212] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 163.327912][ T7212] hwsim_new_radio_nl+0xb51/0x12c0 [ 163.327958][ T7212] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 163.328006][ T7212] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 163.328036][ T7212] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 163.328074][ T7212] genl_family_rcv_msg_doit+0x206/0x2f0 [ 163.328106][ T7212] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 163.328135][ T7212] ? trace_cap_capable+0x18d/0x200 [ 163.328169][ T7212] ? bpf_lsm_capable+0x9/0x10 [ 163.328197][ T7212] ? security_capable+0x7e/0x260 [ 163.328222][ T7212] ? ns_capable+0xd7/0x110 [ 163.328251][ T7212] genl_rcv_msg+0x55c/0x800 [ 163.328284][ T7212] ? __pfx_genl_rcv_msg+0x10/0x10 [ 163.328314][ T7212] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 163.328362][ T7212] netlink_rcv_skb+0x155/0x420 [ 163.328387][ T7212] ? __pfx_genl_rcv_msg+0x10/0x10 [ 163.328418][ T7212] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 163.328467][ T7212] ? netlink_deliver_tap+0x1ae/0xd30 [ 163.328511][ T7212] genl_rcv+0x28/0x40 [ 163.328535][ T7212] netlink_unicast+0x58d/0x850 [ 163.328566][ T7212] ? __pfx_netlink_unicast+0x10/0x10 [ 163.328602][ T7212] netlink_sendmsg+0x8d1/0xdd0 [ 163.328634][ T7212] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.328674][ T7212] ____sys_sendmsg+0xa95/0xc70 [ 163.328702][ T7212] ? copy_msghdr_from_user+0x10a/0x160 [ 163.328737][ T7212] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.328772][ T7212] ? try_to_wake_up+0xa2f/0x1680 [ 163.328804][ T7212] ___sys_sendmsg+0x134/0x1d0 [ 163.328841][ T7212] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.328872][ T7212] ? __lock_acquire+0x622/0x1c90 [ 163.328952][ T7212] __sys_sendmsg+0x16d/0x220 [ 163.328986][ T7212] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.329032][ T7212] ? __x64_sys_futex+0x1e0/0x4c0 [ 163.329086][ T7212] do_syscall_64+0xcd/0x490 [ 163.329123][ T7212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.329147][ T7212] RIP: 0033:0x7f4116b8e929 [ 163.329167][ T7212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.329189][ T7212] RSP: 002b:00007f4117ae3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.329212][ T7212] RAX: ffffffffffffffda RBX: 00007f4116db5fa0 RCX: 00007f4116b8e929 [ 163.329228][ T7212] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000004 [ 163.329243][ T7212] RBP: 00007f4116c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 163.329257][ T7212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.329271][ T7212] R13: 0000000000000000 R14: 00007f4116db5fa0 R15: 00007ffe603b2318 [ 163.329306][ T7212] [ 164.343681][ T7226] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 164.415418][ T7228] ubi0: attaching mtd0 [ 164.518990][ T7228] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 164.717037][ T7231] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 164.760479][ T5855] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 164.760505][ T5855] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 164.775659][ T5855] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 164.775696][ T5855] Bluetooth: hci2: adv larger than maximum supported [ 164.782795][ T5855] Bluetooth: hci2: adv larger than maximum supported [ 164.789562][ T5855] Bluetooth: hci2: Malformed LE Event: 0x0d [ 165.542535][ T7245] FAULT_INJECTION: forcing a failure. [ 165.542535][ T7245] name failslab, interval 1, probability 0, space 0, times 0 [ 165.567634][ T7245] CPU: 0 UID: 0 PID: 7245 Comm: syz.2.275 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 165.567671][ T7245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.567681][ T7245] Call Trace: [ 165.567687][ T7245] [ 165.567693][ T7245] dump_stack_lvl+0x16c/0x1f0 [ 165.567732][ T7245] should_fail_ex+0x512/0x640 [ 165.567769][ T7245] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 165.567808][ T7245] should_failslab+0xc2/0x120 [ 165.567834][ T7245] __kmalloc_cache_noprof+0x6a/0x3e0 [ 165.567868][ T7245] ? drm_atomic_state_alloc+0xb8/0x120 [ 165.567904][ T7245] drm_atomic_state_alloc+0xb8/0x120 [ 165.567934][ T7245] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 165.567964][ T7245] ? __pfx___might_resched+0x10/0x10 [ 165.567995][ T7245] ? rcu_is_watching+0x12/0xc0 [ 165.568031][ T7245] ? trace_contention_end+0xdd/0x130 [ 165.568069][ T7245] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 165.568141][ T7245] drm_client_modeset_commit_locked+0x14d/0x580 [ 165.568178][ T7245] drm_client_modeset_commit+0x4f/0x80 [ 165.568208][ T7245] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 165.568251][ T7245] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 165.568287][ T7245] drm_fbdev_client_restore+0x2c/0x40 [ 165.568320][ T7245] drm_client_dev_restore+0x1f3/0x2a0 [ 165.568355][ T7245] drm_release+0x2c4/0x360 [ 165.568384][ T7245] ? __pfx_drm_release+0x10/0x10 [ 165.568408][ T7245] __fput+0x3ff/0xb70 [ 165.568444][ T7245] task_work_run+0x150/0x240 [ 165.568485][ T7245] ? __pfx_task_work_run+0x10/0x10 [ 165.568525][ T7245] ? __pfx___do_sys_close_range+0x10/0x10 [ 165.568571][ T7245] exit_to_user_mode_loop+0xeb/0x110 [ 165.568613][ T7245] do_syscall_64+0x3f6/0x490 [ 165.568654][ T7245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.568681][ T7245] RIP: 0033:0x7f34d078e929 [ 165.568702][ T7245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.568725][ T7245] RSP: 002b:00007f34d1680038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 165.568751][ T7245] RAX: 0000000000000000 RBX: 00007f34d09b5fa0 RCX: 00007f34d078e929 [ 165.568768][ T7245] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 165.568782][ T7245] RBP: 00007f34d0810b39 R08: 0000000000000000 R09: 0000000000000000 [ 165.568798][ T7245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.568813][ T7245] R13: 0000000000000000 R14: 00007f34d09b5fa0 R15: 00007ffeab31ad88 [ 165.568846][ T7245] [ 166.089439][ T7254] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 166.232390][ T7257] ubi0: attaching mtd0 [ 166.239800][ T7257] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 166.261745][ T7258] netlink: 354 bytes leftover after parsing attributes in process `syz.2.281'. [ 166.504555][ T7271] FAULT_INJECTION: forcing a failure. [ 166.504555][ T7271] name failslab, interval 1, probability 0, space 0, times 0 [ 166.504593][ T7271] CPU: 0 UID: 0 PID: 7271 Comm: syz.1.285 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 166.504624][ T7271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.504639][ T7271] Call Trace: [ 166.504647][ T7271] [ 166.504657][ T7271] dump_stack_lvl+0x16c/0x1f0 [ 166.504698][ T7271] should_fail_ex+0x512/0x640 [ 166.504734][ T7271] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 166.504776][ T7271] should_failslab+0xc2/0x120 [ 166.504801][ T7271] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 166.504838][ T7271] ? security_file_alloc+0x34/0x2b0 [ 166.504875][ T7271] security_file_alloc+0x34/0x2b0 [ 166.504908][ T7271] init_file+0x93/0x4c0 [ 166.504934][ T7271] alloc_empty_file+0x73/0x1e0 [ 166.504962][ T7271] alloc_file_pseudo+0x13a/0x230 [ 166.504992][ T7271] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 166.505016][ T7271] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 166.505061][ T7271] create_pipe_files+0x364/0x930 [ 166.505112][ T7271] do_pipe2+0xaf/0x1c0 [ 166.505152][ T7271] ? __pfx_do_pipe2+0x10/0x10 [ 166.505184][ T7271] ? xfd_validate_state+0x61/0x180 [ 166.505226][ T7271] __x64_sys_pipe+0x33/0x50 [ 166.505248][ T7271] do_syscall_64+0xcd/0x490 [ 166.505287][ T7271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.505314][ T7271] RIP: 0033:0x7f5bdb18e929 [ 166.505334][ T7271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.505356][ T7271] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 166.505399][ T7271] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 166.505417][ T7271] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000780 [ 166.505433][ T7271] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 166.505448][ T7271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.505463][ T7271] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 166.505499][ T7271] [ 168.897735][ T7306] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.903960][ T7306] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.905252][ T7301] can0: slcan on pty233. [ 169.025268][ T7306] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 169.096400][ T7306] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 169.102847][ T7306] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 169.116434][ T7306] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 169.142489][ T7306] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 169.184913][ T7306] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 169.231262][ T7306] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 169.249664][ T7306] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 169.277199][ T7306] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 169.283383][ T7306] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.296635][ T7306] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.305865][ T7300] can0 (unregistered): slcan off pty233. [ 169.387013][ T7306] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.620485][ T5855] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 170.723138][ T7356] netlink: 354 bytes leftover after parsing attributes in process `syz.1.300'. [ 170.965558][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.042274][ T7365] netlink: 354 bytes leftover after parsing attributes in process `syz.1.301'. [ 171.135250][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.215267][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.286080][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.560933][ T7374] __vm_enough_memory: pid: 7374, comm: syz.0.302, bytes: 4398046511104 not enough memory for the allocation [ 171.702920][ T7384] netlink: 354 bytes leftover after parsing attributes in process `syz.2.305'. [ 172.662631][ T7402] zswap: compressor not available [ 173.046867][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.207883][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.285421][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.373163][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.549655][ T7424] binder: 7415:7424 ioctl c018620c 0 returned -1 [ 174.743828][ T7450] svc: failed to register nfsdv3 RPC service (errno 111). [ 174.770068][ T7450] svc: failed to register nfsaclv3 RPC service (errno 111). [ 175.126706][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 175.285379][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 175.365318][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 175.445376][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.054495][ T7471] dyndbg: expected <4096 bytes into control [ 176.243139][ T7480] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 177.091994][ T7493] RDS: rds_bind could not find a transport for 7bc:c94c:4e37:70c4::, load rds_tcp or rds_rdma? [ 177.342889][ T7499] netlink: 28 bytes leftover after parsing attributes in process `syz.2.327'. [ 177.365944][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 177.525421][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.723136][ T30] audit: type=1800 audit(6047606431.414:11): pid=7508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.328" name="dbroot" dev="configfs" ino=14949 res=0 errno=0 [ 178.437913][ T7516] FAULT_INJECTION: forcing a failure. [ 178.437913][ T7516] name failslab, interval 1, probability 0, space 0, times 0 [ 178.450872][ T7516] CPU: 1 UID: 0 PID: 7516 Comm: syz.0.330 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 178.450894][ T7516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.450903][ T7516] Call Trace: [ 178.450910][ T7516] [ 178.450916][ T7516] dump_stack_lvl+0x16c/0x1f0 [ 178.450943][ T7516] should_fail_ex+0x512/0x640 [ 178.450964][ T7516] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 178.450988][ T7516] should_failslab+0xc2/0x120 [ 178.451002][ T7516] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 178.451023][ T7516] ? __pmd_alloc+0xbf/0x930 [ 178.451041][ T7516] __pmd_alloc+0xbf/0x930 [ 178.451055][ T7516] ? __pud_alloc+0x526/0x750 [ 178.451071][ T7516] __handle_mm_fault+0xaac/0x5490 [ 178.451095][ T7516] ? __pfx___handle_mm_fault+0x10/0x10 [ 178.451129][ T7516] handle_mm_fault+0x589/0xd10 [ 178.451151][ T7516] __get_user_pages+0x589/0x3b80 [ 178.451174][ T7516] ? __pfx___get_user_pages+0x10/0x10 [ 178.451197][ T7516] get_user_pages_remote+0x258/0xb20 [ 178.451217][ T7516] ? __pfx_get_user_pages_remote+0x10/0x10 [ 178.451232][ T7516] ? __pfx_vma_link+0x10/0x10 [ 178.451259][ T7516] get_arg_page+0xf4/0x310 [ 178.451277][ T7516] ? __pfx_get_arg_page+0x10/0x10 [ 178.451294][ T7516] ? up_write+0x1b2/0x520 [ 178.451318][ T7516] copy_string_kernel+0x180/0x510 [ 178.451341][ T7516] do_execveat_common.isra.0+0x2ed/0x610 [ 178.451363][ T7516] __x64_sys_execve+0x8e/0xb0 [ 178.451383][ T7516] do_syscall_64+0xcd/0x490 [ 178.451405][ T7516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.451419][ T7516] RIP: 0033:0x7fe1aef8e929 [ 178.451430][ T7516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.451443][ T7516] RSP: 002b:00007fe1afd1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 178.451457][ T7516] RAX: ffffffffffffffda RBX: 00007fe1af1b5fa0 RCX: 00007fe1aef8e929 [ 178.451465][ T7516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 178.451473][ T7516] RBP: 00007fe1af010b39 R08: 0000000000000000 R09: 0000000000000000 [ 178.451482][ T7516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.451490][ T7516] R13: 0000000000000000 R14: 00007fe1af1b5fa0 R15: 00007ffc4ae06448 [ 178.451508][ T7516] [ 179.194911][ T7523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'. [ 181.142295][ T7549] FAULT_INJECTION: forcing a failure. [ 181.142295][ T7549] name failslab, interval 1, probability 0, space 0, times 0 [ 181.162868][ T7549] CPU: 0 UID: 0 PID: 7549 Comm: syz.0.337 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 181.162907][ T7549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 181.162923][ T7549] Call Trace: [ 181.162932][ T7549] [ 181.162947][ T7549] dump_stack_lvl+0x16c/0x1f0 [ 181.162991][ T7549] should_fail_ex+0x512/0x640 [ 181.163024][ T7549] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 181.163064][ T7549] should_failslab+0xc2/0x120 [ 181.163088][ T7549] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 181.163128][ T7549] ? __d_alloc+0x31/0xaa0 [ 181.163171][ T7549] __d_alloc+0x31/0xaa0 [ 181.163211][ T7549] ? do_raw_spin_lock+0x12c/0x2b0 [ 181.163250][ T7549] d_alloc+0x4a/0x1e0 [ 181.163290][ T7549] d_alloc_name+0x83/0xb0 [ 181.163342][ T7549] ? __pfx_d_alloc_name+0x10/0x10 [ 181.163390][ T7549] simple_fill_super+0x2eb/0x720 [ 181.163431][ T7549] ? __pfx_nfsd_fill_super+0x10/0x10 [ 181.163461][ T7549] nfsd_fill_super+0x90/0x530 [ 181.163487][ T7549] ? __pfx_set_anon_super_fc+0x10/0x10 [ 181.163520][ T7549] ? __pfx_nfsd_fill_super+0x10/0x10 [ 181.163548][ T7549] get_tree_keyed+0x10b/0x1d0 [ 181.163583][ T7549] vfs_get_tree+0x8b/0x340 [ 181.163613][ T7549] path_mount+0x1414/0x2020 [ 181.163653][ T7549] ? kmem_cache_free+0x2d1/0x4d0 [ 181.163689][ T7549] ? __pfx_path_mount+0x10/0x10 [ 181.163732][ T7549] ? putname+0x154/0x1a0 [ 181.163761][ T7549] __x64_sys_mount+0x28d/0x310 [ 181.163800][ T7549] ? __pfx___x64_sys_mount+0x10/0x10 [ 181.163850][ T7549] do_syscall_64+0xcd/0x490 [ 181.163888][ T7549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.163913][ T7549] RIP: 0033:0x7fe1aef8e929 [ 181.163935][ T7549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.163958][ T7549] RSP: 002b:00007fe1afd1c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 181.163982][ T7549] RAX: ffffffffffffffda RBX: 00007fe1af1b5fa0 RCX: 00007fe1aef8e929 [ 181.164000][ T7549] RDX: 0000200000000200 RSI: 00002000000000c0 RDI: 0000000000000000 [ 181.164015][ T7549] RBP: 00007fe1af010b39 R08: 0000000000000000 R09: 0000000000000000 [ 181.164031][ T7549] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000000 [ 181.164046][ T7549] R13: 0000000000000000 R14: 00007fe1af1b5fa0 R15: 00007ffc4ae06448 [ 181.164079][ T7549] [ 182.134169][ T7583] netlink: zone id is out of range [ 182.160054][ T7583] netlink: zone id is out of range [ 182.176360][ T7583] netlink: zone id is out of range [ 182.191347][ T7583] netlink: zone id is out of range [ 182.217092][ T7583] netlink: zone id is out of range [ 182.218324][ T7585] kAFS: Invalid Command on /proc/fs/afs/cells file [ 182.245411][ T7583] netlink: zone id is out of range [ 182.250914][ T7583] netlink: zone id is out of range [ 182.273856][ T7585] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 182.278071][ T7583] netlink: zone id is out of range [ 182.312467][ T7583] netlink: zone id is out of range [ 182.320655][ T7583] netlink: zone id is out of range [ 182.327450][ T7589] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 182.453659][ T7598] random: crng reseeded on system resumption [ 182.689592][ T7605] Unrecognized hibernate image header format! [ 182.759259][ T7605] PM: hibernation: Image mismatch: architecture specific data [ 183.481815][ T7620] FAULT_INJECTION: forcing a failure. [ 183.481815][ T7620] name failslab, interval 1, probability 0, space 0, times 0 [ 183.495094][ T7620] CPU: 1 UID: 0 PID: 7620 Comm: syz.1.351 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 183.495134][ T7620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.495150][ T7620] Call Trace: [ 183.495158][ T7620] [ 183.495167][ T7620] dump_stack_lvl+0x16c/0x1f0 [ 183.495209][ T7620] should_fail_ex+0x512/0x640 [ 183.495241][ T7620] ? __kmalloc_noprof+0xbf/0x510 [ 183.495278][ T7620] ? lsm_blob_alloc+0x68/0x90 [ 183.495312][ T7620] should_failslab+0xc2/0x120 [ 183.495337][ T7620] __kmalloc_noprof+0xd2/0x510 [ 183.495381][ T7620] lsm_blob_alloc+0x68/0x90 [ 183.495429][ T7620] security_sk_alloc+0x30/0x270 [ 183.495460][ T7620] sk_prot_alloc+0x1c7/0x2a0 [ 183.495491][ T7620] sk_alloc+0x36/0xc20 [ 183.495527][ T7620] tap_open+0x2f0/0x1170 [ 183.495559][ T7620] ? __pfx_tap_open+0x10/0x10 [ 183.495585][ T7620] chrdev_open+0x231/0x6a0 [ 183.495623][ T7620] ? __pfx_apparmor_file_open+0x10/0x10 [ 183.495656][ T7620] ? __pfx_chrdev_open+0x10/0x10 [ 183.495697][ T7620] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 183.495738][ T7620] do_dentry_open+0x744/0x1c10 [ 183.495775][ T7620] ? __pfx_chrdev_open+0x10/0x10 [ 183.495822][ T7620] vfs_open+0x82/0x3f0 [ 183.495853][ T7620] path_openat+0x1de4/0x2cb0 [ 183.495902][ T7620] ? __pfx_path_openat+0x10/0x10 [ 183.495940][ T7620] ? __lock_acquire+0xb8a/0x1c90 [ 183.495979][ T7620] do_filp_open+0x20b/0x470 [ 183.496015][ T7620] ? __pfx_do_filp_open+0x10/0x10 [ 183.496079][ T7620] ? alloc_fd+0x471/0x7d0 [ 183.496120][ T7620] do_sys_openat2+0x11b/0x1d0 [ 183.496143][ T7620] ? __pfx_do_sys_openat2+0x10/0x10 [ 183.496183][ T7620] __x64_sys_openat+0x174/0x210 [ 183.496211][ T7620] ? __pfx___x64_sys_openat+0x10/0x10 [ 183.496254][ T7620] do_syscall_64+0xcd/0x490 [ 183.496293][ T7620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.496318][ T7620] RIP: 0033:0x7f5bdb18e929 [ 183.496338][ T7620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.496360][ T7620] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 183.496382][ T7620] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 183.496405][ T7620] RDX: 0000000000000c00 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 183.496422][ T7620] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 183.496436][ T7620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.496451][ T7620] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 183.496484][ T7620] [ 183.832443][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.353'. [ 184.011131][ T7630] netlink: 342 bytes leftover after parsing attributes in process `syz.2.352'. [ 184.412545][ T7636] __vm_enough_memory: pid: 7636, comm: syz.1.354, bytes: 4398046511104 not enough memory for the allocation [ 184.932751][ T7643] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 184.958070][ T7654] mkiss: ax0: crc mode is auto. [ 185.138765][ T7662] ======================================================= [ 185.138765][ T7662] WARNING: The mand mount option has been deprecated and [ 185.138765][ T7662] and is ignored by this kernel. Remove the mand [ 185.138765][ T7662] option from the mount to silence this warning. [ 185.138765][ T7662] ======================================================= [ 185.173645][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.218456][ T7678] svc: failed to register nfsdv3 RPC service (errno 111). [ 186.246574][ T7678] svc: failed to register nfsaclv3 RPC service (errno 111). [ 186.340554][ T7684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.363'. [ 186.354655][ T7683] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 188.474913][ T7733] can: request_module (can-proto-4) failed. [ 189.174057][ T7751] binder: 7750:7751 unknown command 4294967282 [ 189.181245][ T7751] binder: 7750:7751 ioctl c0306201 2000000000c0 returned -22 [ 189.244127][ T7748] can: request_module (can-proto-0) failed. [ 190.531514][ T7777] netlink: 342 bytes leftover after parsing attributes in process `syz.1.380'. [ 190.694882][ T7781] ubi0: attaching mtd0 [ 190.702030][ T7781] ubi0: scanning is finished [ 190.708831][ T7781] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 190.814621][ T7781] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 191.031444][ T7789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 191.095256][ T7789] net_ratelimit: 162 callbacks suppressed [ 191.095275][ T7789] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 191.379377][ T7789] zswap: compressor 000 not available [ 191.615492][ T7803] random: crng reseeded on system resumption [ 192.185930][ T7810] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 192.313094][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.388'. [ 192.445977][ T7820] netlink: 342 bytes leftover after parsing attributes in process `syz.0.390'. [ 192.637409][ T7823] FAULT_INJECTION: forcing a failure. [ 192.637409][ T7823] name failslab, interval 1, probability 0, space 0, times 0 [ 192.698119][ T7823] CPU: 1 UID: 0 PID: 7823 Comm: syz.0.391 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 192.698151][ T7823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.698159][ T7823] Call Trace: [ 192.698165][ T7823] [ 192.698171][ T7823] dump_stack_lvl+0x16c/0x1f0 [ 192.698198][ T7823] should_fail_ex+0x512/0x640 [ 192.698219][ T7823] ? fs_reclaim_acquire+0xae/0x150 [ 192.698248][ T7823] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 192.698269][ T7823] should_failslab+0xc2/0x120 [ 192.698283][ T7823] __kmalloc_noprof+0xd2/0x510 [ 192.698309][ T7823] tomoyo_realpath_from_path+0xc2/0x6e0 [ 192.698336][ T7823] tomoyo_check_open_permission+0x2ab/0x3c0 [ 192.698354][ T7823] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 192.698370][ T7823] ? mntput_no_expire+0x15e/0xbb0 [ 192.698405][ T7823] ? do_raw_spin_lock+0x12c/0x2b0 [ 192.698432][ T7823] tomoyo_file_open+0x6b/0x90 [ 192.698454][ T7823] security_file_open+0x84/0x1e0 [ 192.698472][ T7823] do_dentry_open+0x596/0x1c10 [ 192.698498][ T7823] vfs_open+0x82/0x3f0 [ 192.698515][ T7823] path_openat+0x1de4/0x2cb0 [ 192.698541][ T7823] ? __pfx_path_openat+0x10/0x10 [ 192.698561][ T7823] ? __lock_acquire+0xb8a/0x1c90 [ 192.698582][ T7823] do_filp_open+0x20b/0x470 [ 192.698601][ T7823] ? __pfx_do_filp_open+0x10/0x10 [ 192.698635][ T7823] ? alloc_fd+0x471/0x7d0 [ 192.698658][ T7823] do_sys_openat2+0x11b/0x1d0 [ 192.698673][ T7823] ? __pfx_do_sys_openat2+0x10/0x10 [ 192.698695][ T7823] __x64_sys_openat+0x174/0x210 [ 192.698711][ T7823] ? __pfx___x64_sys_openat+0x10/0x10 [ 192.698734][ T7823] do_syscall_64+0xcd/0x490 [ 192.698756][ T7823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.698770][ T7823] RIP: 0033:0x7fe1aef8e929 [ 192.698782][ T7823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.698795][ T7823] RSP: 002b:00007fe1afd1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 192.698809][ T7823] RAX: ffffffffffffffda RBX: 00007fe1af1b5fa0 RCX: 00007fe1aef8e929 [ 192.698818][ T7823] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 192.698827][ T7823] RBP: 00007fe1af010b39 R08: 0000000000000000 R09: 0000000000000000 [ 192.698835][ T7823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.698843][ T7823] R13: 0000000000000000 R14: 00007fe1af1b5fa0 R15: 00007ffc4ae06448 [ 192.698863][ T7823] [ 192.698891][ T7823] ERROR: Out of memory at tomoyo_realpath_from_path. [ 193.301099][ T7834] __vm_enough_memory: pid: 7834, comm: syz.1.393, bytes: 4398046511104 not enough memory for the allocation [ 194.329257][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.338838][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.356040][ T7860] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 194.739905][ T7849] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 194.764577][ T7849] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 194.875769][ T7849] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 194.918613][ T7849] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 194.973931][ T7849] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 195.217445][ T7871] netlink: 342 bytes leftover after parsing attributes in process `syz.1.400'. [ 195.376111][ T5848] Bluetooth: hci3: unexpected event 0x1d length: 10 > 5 [ 195.446392][ T7882] netlink: 354 bytes leftover after parsing attributes in process `syz.1.404'. [ 195.609701][ T7886] netlink: 266 bytes leftover after parsing attributes in process `syz.3.406'. [ 195.745252][ T30] audit: type=1800 audit(6047606453.408:12): pid=7892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.407" name="dbroot" dev="configfs" ino=15991 res=0 errno=0 [ 196.007570][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 196.135127][ T7897] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 196.701409][ T7922] netlink: 342 bytes leftover after parsing attributes in process `syz.2.412'. [ 196.805302][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 196.888788][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 196.965732][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 197.702775][ T7956] netlink: 266 bytes leftover after parsing attributes in process `syz.1.417'. [ 197.830134][ T7959] Invalid ELF header magic: != ELF [ 197.902210][ T7924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 197.909010][ T7924] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.919723][ T7924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.933880][ T7924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 198.284858][ T7977] netlink: 342 bytes leftover after parsing attributes in process `syz.0.421'. [ 199.206647][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 199.910866][ T8006] blkio.reset_stats is deprecated [ 199.926489][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 199.926499][ T5855] Bluetooth: hci1: command 0x0c1a tx timeout [ 200.005885][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 201.727034][ T8037] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 202.242182][ T8047] ecryptfs_miscdev_write: Invalid packet size [6] [ 203.233418][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.442'. [ 204.280821][ T8083] sp0: Synchronizing with TNC [ 206.377763][ T8128] netlink: 342 bytes leftover after parsing attributes in process `syz.3.454'. [ 208.123846][ T8145] sysfs_service_op_store: Client not running :-5: [ 208.148046][ T8149] sysfs_service_op_store: Client not running :-5: [ 208.178922][ T8150] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 208.517057][ T8145] sysfs_service_op_show: Client not running :-5: [ 208.631162][ T8151] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 208.711666][ T8142] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 208.720219][ T8142] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 208.876685][ T8142] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 208.882769][ T8142] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.907431][ T8155] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 209.643124][ T8176] random: crng reseeded on system resumption [ 209.809887][ T8170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.887873][ T8170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.328653][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 210.745415][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 210.898294][ T5855] Bluetooth: hci3: command 0x0c1a tx timeout [ 210.898300][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 212.931182][ T8252] netlink: 28 bytes leftover after parsing attributes in process `syz.3.483'. [ 213.011711][ T8252] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.029615][ T8252] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.178932][ T8252] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.250151][ T8252] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.302286][ T8259] vivid-003: ================= START STATUS ================= [ 213.322747][ T8259] vivid-003: Radio HW Seek Mode: Bounded [ 213.344427][ T8259] vivid-003: Radio Programmable HW Seek: false [ 213.354402][ T8259] vivid-003: RDS Rx I/O Mode: Block I/O [ 213.388461][ T8259] vivid-003: Generate RBDS Instead of RDS: false [ 213.423184][ T8259] vivid-003: RDS Reception: true [ 213.440572][ T8259] vivid-003: RDS Program Type: 0 inactive [ 213.448048][ T8259] vivid-003: RDS PS Name: inactive [ 213.473138][ T8259] vivid-003: RDS Radio Text: inactive [ 213.493392][ T8259] vivid-003: RDS Traffic Announcement: false inactive [ 213.511578][ T8259] vivid-003: RDS Traffic Program: false inactive [ 213.518877][ T8259] vivid-003: RDS Music: false inactive [ 213.538485][ T8259] vivid-003: ================== END STATUS ================== [ 214.293294][ T8255] hub 8-0:1.0: USB hub found [ 214.356204][ T8255] hub 8-0:1.0: 1 port detected [ 215.147688][ T8243] ima: policy update failed [ 215.281547][ T30] audit: type=1802 audit(6047606472.948:13): pid=8243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.482" res=0 errno=0 [ 215.819691][ T8328] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 217.383550][ T8315] kexec: Could not allocate control_code_buffer [ 217.602788][ T8353] device-mapper: ioctl: only supply one of name or uuid, cmd(14) [ 217.749486][ T8364] netlink: 'syz.2.497': attribute type 11 has an invalid length. [ 217.809482][ T8364] netlink: 'syz.2.497': attribute type 11 has an invalid length. [ 217.829752][ T8364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.497'. [ 217.850658][ T8364] netlink: 67 bytes leftover after parsing attributes in process `syz.2.497'. [ 217.875962][ T8364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.497'. [ 217.965906][ T8364] netlink: 200 bytes leftover after parsing attributes in process `syz.2.497'. [ 219.274073][ T8392] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 220.168960][ T8396] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 220.924421][ T8420] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 221.432741][ T8436] netlink: 32 bytes leftover after parsing attributes in process `syz.2.511'. [ 221.882831][ T8415] program syz.0.506 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.927987][ T8415] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 222.272674][ T8444] random: crng reseeded on system resumption [ 222.506487][ T8448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 222.572630][ T8448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.805356][ T8452] can: request_module (can-proto-0) failed. [ 224.725961][ T8500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.523'. [ 224.780220][ T8472] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 225.182927][ T30] audit: type=1400 audit(6047606482.858:14): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=8499 comm="syz.3.522" [ 225.264829][ T8514] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 226.165701][ T8521] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 226.260852][ T8521] netlink: 28 bytes leftover after parsing attributes in process `syz.0.527'. [ 226.746379][ T8518] FAULT_INJECTION: forcing a failure. [ 226.746379][ T8518] name fail_futex, interval 1, probability 0, space 0, times 0 [ 226.776732][ T8518] CPU: 0 UID: 0 PID: 8518 Comm: syz.1.526 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 226.776767][ T8518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.776781][ T8518] Call Trace: [ 226.776789][ T8518] [ 226.776798][ T8518] dump_stack_lvl+0x16c/0x1f0 [ 226.776837][ T8518] should_fail_ex+0x512/0x640 [ 226.776876][ T8518] get_futex_key+0x1d0/0x1540 [ 226.776909][ T8518] ? __pfx_get_futex_key+0x10/0x10 [ 226.776938][ T8518] ? __mutex_trylock_common+0xe9/0x250 [ 226.776979][ T8518] futex_wake+0xe7/0x4e0 [ 226.777013][ T8518] ? __pfx_futex_wake+0x10/0x10 [ 226.777043][ T8518] ? __lock_acquire+0xb8a/0x1c90 [ 226.777088][ T8518] do_futex+0x1e3/0x350 [ 226.777116][ T8518] ? __pfx_do_futex+0x10/0x10 [ 226.777141][ T8518] ? __might_fault+0xe3/0x190 [ 226.777184][ T8518] mm_release+0x24e/0x300 [ 226.777213][ T8518] do_exit+0x68b/0x2bd0 [ 226.777253][ T8518] ? __pfx_do_exit+0x10/0x10 [ 226.777283][ T8518] ? do_raw_spin_lock+0x12c/0x2b0 [ 226.777318][ T8518] ? find_held_lock+0x2b/0x80 [ 226.777348][ T8518] do_group_exit+0xd3/0x2a0 [ 226.777382][ T8518] get_signal+0x2673/0x26d0 [ 226.777421][ T8518] ? __pfx_get_signal+0x10/0x10 [ 226.777448][ T8518] ? do_futex+0x122/0x350 [ 226.777476][ T8518] ? __pfx_do_futex+0x10/0x10 [ 226.777508][ T8518] arch_do_signal_or_restart+0x8f/0x790 [ 226.777538][ T8518] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 226.777587][ T8518] exit_to_user_mode_loop+0x84/0x110 [ 226.777625][ T8518] do_syscall_64+0x3f6/0x490 [ 226.777662][ T8518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.777686][ T8518] RIP: 0033:0x7f5bdb18e929 [ 226.777706][ T8518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.777734][ T8518] RSP: 002b:00007f5bdc0390e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 226.777757][ T8518] RAX: fffffffffffffe00 RBX: 00007f5bdb3b6088 RCX: 00007f5bdb18e929 [ 226.777772][ T8518] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5bdb3b6088 [ 226.777786][ T8518] RBP: 00007f5bdb3b6080 R08: 0000000000000000 R09: 0000000000000000 [ 226.777800][ T8518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bdb3b608c [ 226.777812][ T8518] R13: 0000000000000000 R14: 00007ffc7c443e00 R15: 00007ffc7c443ee8 [ 226.777843][ T8518] [ 227.013297][ C0] vkms_vblank_simulate: vblank timer overrun [ 227.898554][ T8551] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 227.987370][ T8553] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 229.016386][ T8563] .SR: entered promiscuous mode [ 229.058986][ T8563] Invalid ELF header magic: != ELF [ 229.836556][ T8563] could not allocate digest TFM handle [ 229.842393][ T8568] could not allocate digest TFM handle [ 229.921798][ T8585] netlink: 342 bytes leftover after parsing attributes in process `syz.3.541'. [ 230.020848][ T8585] netlink: 342 bytes leftover after parsing attributes in process `syz.3.541'. [ 231.048579][ T8606] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 231.425457][ T8620] FAULT_INJECTION: forcing a failure. [ 231.425457][ T8620] name failslab, interval 1, probability 0, space 0, times 0 [ 231.465502][ T8620] CPU: 1 UID: 0 PID: 8620 Comm: syz.3.547 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 231.465542][ T8620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.465558][ T8620] Call Trace: [ 231.465567][ T8620] [ 231.465577][ T8620] dump_stack_lvl+0x16c/0x1f0 [ 231.465622][ T8620] should_fail_ex+0x512/0x640 [ 231.465659][ T8620] ? fs_reclaim_acquire+0xae/0x150 [ 231.465692][ T8620] should_failslab+0xc2/0x120 [ 231.465717][ T8620] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 231.465756][ T8620] ? security_inode_alloc+0x3b/0x2b0 [ 231.465790][ T8620] security_inode_alloc+0x3b/0x2b0 [ 231.465820][ T8620] inode_init_always_gfp+0xce4/0x1030 [ 231.465861][ T8620] alloc_inode+0x86/0x240 [ 231.465888][ T8620] path_from_stashed+0x2be/0xb00 [ 231.465930][ T8620] ? __pfx_path_from_stashed+0x10/0x10 [ 231.465965][ T8620] ? pidns_get+0x115/0x320 [ 231.466000][ T8620] ns_get_path+0x5f/0x80 [ 231.466033][ T8620] proc_ns_get_link+0x121/0x260 [ 231.466067][ T8620] ? __pfx_proc_ns_get_link+0x10/0x10 [ 231.466105][ T8620] ? atime_needs_update+0x8b/0x710 [ 231.466134][ T8620] ? __pfx_proc_ns_get_link+0x10/0x10 [ 231.466168][ T8620] step_into+0x1a2c/0x2270 [ 231.466208][ T8620] ? __pfx_step_into+0x10/0x10 [ 231.466238][ T8620] ? find_held_lock+0x2b/0x80 [ 231.466276][ T8620] path_openat+0x6db/0x2cb0 [ 231.466324][ T8620] ? __pfx_path_openat+0x10/0x10 [ 231.466361][ T8620] ? __lock_acquire+0xb8a/0x1c90 [ 231.466397][ T8620] do_filp_open+0x20b/0x470 [ 231.466436][ T8620] ? __pfx_do_filp_open+0x10/0x10 [ 231.466506][ T8620] ? alloc_fd+0x471/0x7d0 [ 231.466552][ T8620] do_sys_openat2+0x11b/0x1d0 [ 231.466581][ T8620] ? __pfx_do_sys_openat2+0x10/0x10 [ 231.466624][ T8620] __x64_sys_openat+0x174/0x210 [ 231.466654][ T8620] ? __pfx___x64_sys_openat+0x10/0x10 [ 231.466699][ T8620] do_syscall_64+0xcd/0x490 [ 231.466739][ T8620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.466765][ T8620] RIP: 0033:0x7f4116b8d290 [ 231.466787][ T8620] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 231.466811][ T8620] RSP: 002b:00007f4117ac1f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 231.466835][ T8620] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4116b8d290 [ 231.466852][ T8620] RDX: 0000000000000002 RSI: 00007f4117ac1fa0 RDI: 00000000ffffff9c [ 231.466868][ T8620] RBP: 00007f4117ac1fa0 R08: 0000000000000000 R09: 0000000000000000 [ 231.466884][ T8620] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 231.466900][ T8620] R13: 0000000000000000 R14: 00007f4116db6080 R15: 00007ffe603b2318 [ 231.466935][ T8620] [ 231.912168][ T8621] FAULT_INJECTION: forcing a failure. [ 231.912168][ T8621] name failslab, interval 1, probability 0, space 0, times 0 [ 231.982017][ T8621] CPU: 1 UID: 0 PID: 8621 Comm: syz.1.548 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 231.982054][ T8621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.982068][ T8621] Call Trace: [ 231.982076][ T8621] [ 231.982085][ T8621] dump_stack_lvl+0x16c/0x1f0 [ 231.982129][ T8621] should_fail_ex+0x512/0x640 [ 231.982164][ T8621] ? __kmalloc_noprof+0xbf/0x510 [ 231.982214][ T8621] ? __register_sysctl_table+0xb3/0x1900 [ 231.982254][ T8621] should_failslab+0xc2/0x120 [ 231.982278][ T8621] __kmalloc_noprof+0xd2/0x510 [ 231.982322][ T8621] __register_sysctl_table+0xb3/0x1900 [ 231.982361][ T8621] ? is_module_address+0x5f/0xf0 [ 231.982403][ T8621] ? __pfx___register_sysctl_table+0x10/0x10 [ 231.982441][ T8621] ? is_module_address+0x69/0xf0 [ 231.982475][ T8621] ? register_net_sysctl_sz+0x228/0x3e0 [ 231.982507][ T8621] ? __asan_memcpy+0x3c/0x60 [ 231.982544][ T8621] nf_log_net_init+0x109/0x450 [ 231.982571][ T8621] ? __pfx_nf_log_net_init+0x10/0x10 [ 231.982599][ T8621] ops_init+0x1e2/0x5f0 [ 231.982640][ T8621] setup_net+0x1ff/0x510 [ 231.982676][ T8621] ? lockdep_init_map_type+0x5c/0x280 [ 231.982712][ T8621] ? __pfx_setup_net+0x10/0x10 [ 231.982750][ T8621] ? debug_mutex_init+0x37/0x70 [ 231.982780][ T8621] copy_net_ns+0x2a6/0x5f0 [ 231.982810][ T8621] create_new_namespaces+0x3ea/0xa90 [ 231.982848][ T8621] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 231.982881][ T8621] ksys_unshare+0x45b/0xa40 [ 231.982916][ T8621] ? __pfx_ksys_unshare+0x10/0x10 [ 231.982951][ T8621] ? xfd_validate_state+0x61/0x180 [ 231.982995][ T8621] __x64_sys_unshare+0x31/0x40 [ 231.983026][ T8621] do_syscall_64+0xcd/0x490 [ 231.983058][ T8621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.983082][ T8621] RIP: 0033:0x7f5bdb18e929 [ 231.983102][ T8621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.983126][ T8621] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 231.983149][ T8621] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 231.983165][ T8621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 231.983187][ T8621] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 231.983202][ T8621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.983216][ T8621] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 231.983251][ T8621] [ 233.235714][ T8648] ubi0: attaching mtd0 [ 233.248906][ T8648] ubi0: scanning is finished [ 233.253607][ T8648] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 234.253466][ T8648] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 235.069076][ T8674] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 235.318568][ T8680] batman_adv: Routing algorithm '' is not supported [ 235.420436][ T8674] batman_adv: Routing algorithm '' is not supported [ 235.508062][ T8680] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 235.942533][ T8687] netlink: 28 bytes leftover after parsing attributes in process `syz.2.560'. [ 237.068966][ T8694] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 237.089831][ T8694] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 237.160174][ T8694] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 237.253103][ T8694] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 237.307010][ T8694] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 237.405697][ T8703] ALSA: mixer_oss: invalid OSS volume '' [ 237.881800][ T8727] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 238.565990][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 239.135238][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 239.205390][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 239.285206][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 239.366230][ T8766] [U]  [ 239.369332][ T8766] [U] [ 239.372062][ T8766] [U] [ 239.374797][ T8766] [U] [ 239.465021][ T8767] [U] [ 241.365623][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 241.875450][ T8823] netlink: 342 bytes leftover after parsing attributes in process `syz.0.581'. [ 243.754051][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.839610][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.850473][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.861706][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.872250][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.882388][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.891523][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.904882][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.924242][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 243.940681][ T8878] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 244.307437][ T8891] ubi0: attaching mtd0 [ 244.360278][ T8891] ubi0: scanning is finished [ 244.388885][ T8891] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 245.063670][ T8891] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 245.179465][ T8893] ubi0: attaching mtd0 [ 245.246771][ T8893] ubi0: scanning is finished [ 245.284782][ T8893] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 245.556691][ T8893] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 245.582546][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.602'. [ 247.084020][ T8960] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 249.027290][ T8997] netlink: 342 bytes leftover after parsing attributes in process `syz.0.615'. [ 249.037838][ T8998] netlink: 342 bytes leftover after parsing attributes in process `syz.0.615'. [ 249.641440][ T9007] netlink: 29 bytes leftover after parsing attributes in process `syz.3.616'. [ 249.653013][ T9006] netlink: 29 bytes leftover after parsing attributes in process `syz.3.616'. [ 249.674499][ T9004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79008 [ 249.687261][ T9004] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 249.696705][ T9004] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 249.709416][ T9004] page_type: f5(slab) [ 249.713636][ T9004] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000ca7400 0000000000000003 [ 249.742731][ T9004] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 249.816049][ T9004] head: 00fff00000000040 ffff88801b841dc0 ffffea0000ca7400 0000000000000003 [ 249.840875][ T9004] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 249.871992][ T9004] head: 00fff00000000003 ffffea0001e40201 00000000ffffffff 00000000ffffffff [ 249.945091][ T9004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 249.953933][ T9004] page dumped because: unmovable page [ 250.006716][ T9004] page_owner tracks the page as allocated [ 250.033961][ T9004] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8494, tgid 8470 (syz.1.519), ts 224517733122, free_ts 224509476364 [ 250.095224][ T9004] post_alloc_hook+0x1c0/0x230 [ 250.100296][ T9004] get_page_from_freelist+0x1321/0x3890 [ 250.107614][ T9004] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 250.114564][ T9004] alloc_pages_mpol+0x1fb/0x550 [ 250.120101][ T9004] new_slab+0x23b/0x330 [ 250.124458][ T9004] ___slab_alloc+0xd9c/0x1940 [ 250.130933][ T9004] __slab_alloc.constprop.0+0x56/0xb0 [ 250.142214][ T9004] __kvmalloc_node_noprof+0x3b1/0x620 [ 250.150242][ T9004] io_alloc_cache_init+0x33/0x170 [ 250.155803][ T9004] io_rsrc_cache_init+0x26/0x50 [ 250.161247][ T9004] io_uring_setup+0x68b/0x2080 [ 250.169920][ T9004] __x64_sys_io_uring_setup+0xc2/0x170 [ 250.178296][ T9004] do_syscall_64+0xcd/0x490 [ 250.183065][ T9004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.198264][ T9004] page last free pid 8496 tgid 8496 stack trace: [ 250.204937][ T9004] __free_frozen_pages+0x7fe/0x1180 [ 250.210512][ T9004] __put_partials+0x16d/0x1c0 [ 250.215504][ T9004] qlist_free_all+0x4d/0x120 [ 250.220167][ T9004] kasan_quarantine_reduce+0x195/0x1e0 [ 250.225891][ T9004] __kasan_slab_alloc+0x69/0x90 [ 250.230835][ T9004] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 250.237044][ T9004] security_file_alloc+0x34/0x2b0 [ 250.242123][ T9004] init_file+0x93/0x4c0 [ 250.247129][ T9004] alloc_empty_file+0x73/0x1e0 [ 250.251947][ T9004] path_openat+0xda/0x2cb0 [ 250.256485][ T9004] do_filp_open+0x20b/0x470 [ 250.261173][ T9004] do_sys_openat2+0x11b/0x1d0 [ 250.265968][ T9004] __x64_sys_openat+0x174/0x210 [ 250.270850][ T9004] do_syscall_64+0xcd/0x490 [ 250.279556][ T9004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.302822][ T9023] bridge0: port 3(team0) entered blocking state [ 250.331399][ T9023] bridge0: port 3(team0) entered disabled state [ 250.341690][ T9023] team0: entered allmulticast mode [ 250.359519][ T9023] team_slave_0: entered allmulticast mode [ 250.374992][ T9023] team_slave_1: entered allmulticast mode [ 250.387195][ T9023] team0: entered promiscuous mode [ 250.394911][ T9023] team_slave_0: entered promiscuous mode [ 250.402282][ T9023] team_slave_1: entered promiscuous mode [ 250.410883][ T9023] bridge0: port 3(team0) entered blocking state [ 250.417581][ T9023] bridge0: port 3(team0) entered forwarding state [ 251.499745][ T9051] FAULT_INJECTION: forcing a failure. [ 251.499745][ T9051] name failslab, interval 1, probability 0, space 0, times 0 [ 251.534629][ T9051] CPU: 1 UID: 0 PID: 9051 Comm: syz.3.627 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 251.534661][ T9051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.534681][ T9051] Call Trace: [ 251.534687][ T9051] [ 251.534693][ T9051] dump_stack_lvl+0x16c/0x1f0 [ 251.534720][ T9051] should_fail_ex+0x512/0x640 [ 251.534743][ T9051] should_failslab+0xc2/0x120 [ 251.534758][ T9051] __kmalloc_cache_noprof+0x6a/0x3e0 [ 251.534778][ T9051] ? sdev_prefix_printk+0xe8/0x230 [ 251.534801][ T9051] sdev_prefix_printk+0xe8/0x230 [ 251.534822][ T9051] ? __pfx_sdev_prefix_printk+0x10/0x10 [ 251.534844][ T9051] ? __pfx_scsi_execute_cmd+0x10/0x10 [ 251.534860][ T9051] ? kasan_save_stack+0x33/0x60 [ 251.534880][ T9051] ? kasan_save_track+0x14/0x30 [ 251.534898][ T9051] ? kasan_save_free_info+0x3b/0x60 [ 251.534917][ T9051] sd_pr_out_command.isra.0+0x37f/0x3d0 [ 251.534936][ T9051] ? __pfx_sd_pr_out_command.isra.0+0x10/0x10 [ 251.534952][ T9051] ? __lock_acquire+0xb8a/0x1c90 [ 251.534981][ T9051] ? find_held_lock+0x2b/0x80 [ 251.534994][ T9051] ? __might_fault+0xe3/0x190 [ 251.535014][ T9051] ? __might_fault+0x13b/0x190 [ 251.535036][ T9051] ? block_pr_type_to_scsi+0x62/0x80 [ 251.535060][ T9051] blkdev_pr_preempt+0x2ac/0x310 [ 251.535077][ T9051] ? __pfx_blkdev_pr_preempt+0x10/0x10 [ 251.535110][ T9051] blkdev_common_ioctl+0x8d1/0x2480 [ 251.535138][ T9051] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 251.535166][ T9051] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.535200][ T9051] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 251.535226][ T9051] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 251.535254][ T9051] ? find_held_lock+0x2b/0x80 [ 251.535272][ T9051] blkdev_ioctl+0x1cb/0x6d0 [ 251.535287][ T9051] ? __pfx_blkdev_ioctl+0x10/0x10 [ 251.535306][ T9051] ? __pfx_blkdev_ioctl+0x10/0x10 [ 251.535322][ T9051] __x64_sys_ioctl+0x18b/0x210 [ 251.535345][ T9051] do_syscall_64+0xcd/0x490 [ 251.535369][ T9051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.535384][ T9051] RIP: 0033:0x7f4116b8e929 [ 251.535396][ T9051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.535411][ T9051] RSP: 002b:00007f4117ae3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.535425][ T9051] RAX: ffffffffffffffda RBX: 00007f4116db5fa0 RCX: 00007f4116b8e929 [ 251.535435][ T9051] RDX: 0000000000000008 RSI: 00000000401870cb RDI: 0000000000000008 [ 251.535444][ T9051] RBP: 00007f4116c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 251.535453][ T9051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.535462][ T9051] R13: 0000000000000000 R14: 00007f4116db5fa0 R15: 00007ffe603b2318 [ 251.535481][ T9051] [ 251.801900][ C1] vkms_vblank_simulate: vblank timer overrun [ 251.816243][ T9055] netlink: 28 bytes leftover after parsing attributes in process `syz.0.628'. [ 251.884043][ T9051] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 251.892378][ T9051] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 252.076280][ T9037] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 252.082439][ T9037] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 252.101792][ T9037] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 252.127004][ T9037] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 252.133086][ T9037] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 253.127316][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 254.165419][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 254.172349][ T5855] Bluetooth: hci2: command 0x0c1a tx timeout [ 254.179418][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 254.198220][ T9096] netlink: 338 bytes leftover after parsing attributes in process `syz.2.636'. [ 254.230762][ T9096] netlink: 338 bytes leftover after parsing attributes in process `syz.2.636'. [ 254.296837][ T9098] netlink: 290 bytes leftover after parsing attributes in process `syz.2.636'. [ 254.349747][ T9098] veth0_macvtap: left promiscuous mode [ 254.406536][ T9100] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 254.537154][ T9102] FAULT_INJECTION: forcing a failure. [ 254.537154][ T9102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.584676][ T9102] CPU: 1 UID: 0 PID: 9102 Comm: syz.0.637 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 254.584711][ T9102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.584724][ T9102] Call Trace: [ 254.584732][ T9102] [ 254.584740][ T9102] dump_stack_lvl+0x16c/0x1f0 [ 254.584781][ T9102] should_fail_ex+0x512/0x640 [ 254.584827][ T9102] _copy_from_user+0x2e/0xd0 [ 254.584864][ T9102] get_timespec64+0x8b/0x1b0 [ 254.584895][ T9102] ? __pfx_get_timespec64+0x10/0x10 [ 254.584924][ T9102] ? find_held_lock+0x2b/0x80 [ 254.584959][ T9102] __x64_sys_futex+0x288/0x4c0 [ 254.584993][ T9102] ? __pfx___x64_sys_futex+0x10/0x10 [ 254.585022][ T9102] ? xfd_validate_state+0x61/0x180 [ 254.585071][ T9102] do_syscall_64+0xcd/0x490 [ 254.585112][ T9102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.585134][ T9102] RIP: 0033:0x7fe1aef8e929 [ 254.585152][ T9102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.585173][ T9102] RSP: 002b:00007ffc4ae065a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 254.585195][ T9102] RAX: ffffffffffffffda RBX: 000000000003e226 RCX: 00007fe1aef8e929 [ 254.585209][ T9102] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe1af1b5fac [ 254.585223][ T9102] RBP: 0000000000000032 R08: 00007fe1afd1d000 R09: 000000144ae0689f [ 254.585238][ T9102] R10: 00007ffc4ae066a0 R11: 0000000000000246 R12: 00007fe1af1b5fac [ 254.585251][ T9102] R13: 00007ffc4ae066a0 R14: 000000000003e258 R15: 00007ffc4ae066c0 [ 254.585282][ T9102] [ 254.742499][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.474508][ T9119] netlink: 28 bytes leftover after parsing attributes in process `syz.2.641'. [ 255.585545][ T9119] team0: Port device team_slave_1 removed [ 255.644610][ T9124] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 255.771189][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.780650][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.245381][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 256.813475][ T9154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.650'. [ 258.006310][ T9189] vivid-007: ================= START STATUS ================= [ 258.053028][ T9189] vivid-007: Generate PTS: true [ 258.063793][ T9189] vivid-007: Generate SCR: true [ 258.071198][ T9189] tpg source WxH: 320x240 (Y'CbCr) [ 258.076741][ T9189] tpg field: 1 [ 258.080202][ T9189] tpg crop: (0,0)/320x240 [ 258.086473][ T9189] tpg compose: (0,0)/320x240 [ 258.091441][ T9189] tpg colorspace: 8 [ 258.095836][ T9189] tpg transfer function: 0/0 [ 258.100540][ T9189] tpg Y'CbCr encoding: 0/0 [ 258.105081][ T9189] tpg quantization: 0/0 [ 258.109885][ T9189] tpg RGB range: 0/2 [ 258.113896][ T9189] vivid-007: ================== END STATUS ================== [ 258.682122][ T9214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.660'. [ 258.692895][ T9214] netlink: 354 bytes leftover after parsing attributes in process `syz.2.660'. [ 258.787124][ T9194] can: request_module (can-proto-3) failed. [ 258.928429][ T9216] netlink: 24 bytes leftover after parsing attributes in process `syz.2.661'. [ 259.203552][ T9226] netlink: 342 bytes leftover after parsing attributes in process `syz.3.663'. [ 259.214217][ T9226] netlink: 342 bytes leftover after parsing attributes in process `syz.3.663'. [ 259.327778][ T9229] netlink: 338 bytes leftover after parsing attributes in process `syz.0.664'. [ 259.340393][ T9229] netlink: 338 bytes leftover after parsing attributes in process `syz.0.664'. [ 259.388142][ T9229] netlink: 290 bytes leftover after parsing attributes in process `syz.0.664'. [ 259.411726][ T9229] veth0_macvtap: left promiscuous mode [ 259.426503][ T9232] netlink: 204 bytes leftover after parsing attributes in process `syz.0.664'. [ 260.618310][ T9272] netlink: 342 bytes leftover after parsing attributes in process `syz.1.673'. [ 260.628495][ T9272] netlink: 342 bytes leftover after parsing attributes in process `syz.1.673'. [ 260.743886][ T9281] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 260.805191][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 260.845423][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 260.938206][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 260.975970][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 260.999771][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.046978][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.060008][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.091123][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.133345][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.150509][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.331011][ T9275] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.420596][ T30] audit: type=1326 audit(6047606519.108:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9298 comm="syz.2.679" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f34d078e929 code=0x0 [ 261.648946][ T9305] ptrace attach of "./syz-executor exec"[9307] was attempted by "./syz-executor exec"[9305] [ 261.662237][ T9305] ptrace attach of "./syz-executor exec"[9307] was attempted by "./syz-executor exec"[9305] [ 261.739350][ T9309] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.772082][ T9304] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 261.875050][ T9316] netlink: 342 bytes leftover after parsing attributes in process `syz.0.684'. [ 261.886407][ T9316] netlink: 342 bytes leftover after parsing attributes in process `syz.0.684'. [ 262.062960][ T9317] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 262.198491][ T9323] netlink: 338 bytes leftover after parsing attributes in process `syz.1.686'. [ 262.211576][ T9323] veth0_macvtap: left promiscuous mode [ 262.556432][ T9326] zswap: compressor not available [ 263.119992][ T9355] FAULT_INJECTION: forcing a failure. [ 263.119992][ T9355] name failslab, interval 1, probability 0, space 0, times 0 [ 263.274995][ T9355] CPU: 0 UID: 0 PID: 9355 Comm: syz.3.692 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 263.275034][ T9355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.275050][ T9355] Call Trace: [ 263.275059][ T9355] [ 263.275070][ T9355] dump_stack_lvl+0x16c/0x1f0 [ 263.275117][ T9355] should_fail_ex+0x512/0x640 [ 263.275151][ T9355] ? __kmalloc_noprof+0xbf/0x510 [ 263.275189][ T9355] ? fib_default_rule_add+0x4f/0x420 [ 263.275225][ T9355] should_failslab+0xc2/0x120 [ 263.275250][ T9355] __kmalloc_noprof+0xd2/0x510 [ 263.275294][ T9355] fib_default_rule_add+0x4f/0x420 [ 263.275336][ T9355] fib4_rules_init+0x52/0x1c0 [ 263.275372][ T9355] fib_net_init+0x1dc/0x3f0 [ 263.275397][ T9355] ? __pfx___register_sysctl_table+0x10/0x10 [ 263.275438][ T9355] ? __pfx_fib_net_init+0x10/0x10 [ 263.275464][ T9355] ? lockdep_init_map_type+0x5c/0x280 [ 263.275500][ T9355] ? do_init_timer+0xc9/0x110 [ 263.275533][ T9355] ? devinet_init_net+0x5c2/0x910 [ 263.275566][ T9355] ? __pfx_fib_net_init+0x10/0x10 [ 263.275591][ T9355] ops_init+0x1e2/0x5f0 [ 263.275632][ T9355] setup_net+0x1ff/0x510 [ 263.275669][ T9355] ? lockdep_init_map_type+0x5c/0x280 [ 263.275704][ T9355] ? __pfx_setup_net+0x10/0x10 [ 263.275744][ T9355] ? debug_mutex_init+0x37/0x70 [ 263.275774][ T9355] copy_net_ns+0x2a6/0x5f0 [ 263.275804][ T9355] create_new_namespaces+0x3ea/0xa90 [ 263.275841][ T9355] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 263.275886][ T9355] ksys_unshare+0x45b/0xa40 [ 263.275922][ T9355] ? __pfx_ksys_unshare+0x10/0x10 [ 263.275959][ T9355] ? xfd_validate_state+0x61/0x180 [ 263.276003][ T9355] __x64_sys_unshare+0x31/0x40 [ 263.276037][ T9355] do_syscall_64+0xcd/0x490 [ 263.276076][ T9355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.276101][ T9355] RIP: 0033:0x7f4116b8e929 [ 263.276122][ T9355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.276146][ T9355] RSP: 002b:00007f4117aa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 263.276170][ T9355] RAX: ffffffffffffffda RBX: 00007f4116db6160 RCX: 00007f4116b8e929 [ 263.276187][ T9355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 263.276203][ T9355] RBP: 00007f4116c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 263.276219][ T9355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.276234][ T9355] R13: 0000000000000000 R14: 00007f4116db6160 R15: 00007ffe603b2318 [ 263.276268][ T9355] [ 263.618793][ T9358] futex_wake_op: syz.3.692 tries to shift op by -9; fix this program [ 263.720152][ T9360] FAULT_INJECTION: forcing a failure. [ 263.720152][ T9360] name failslab, interval 1, probability 0, space 0, times 0 [ 263.733421][ T9360] CPU: 0 UID: 0 PID: 9360 Comm: syz.1.694 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 263.733459][ T9360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.733475][ T9360] Call Trace: [ 263.733484][ T9360] [ 263.733495][ T9360] dump_stack_lvl+0x16c/0x1f0 [ 263.733538][ T9360] should_fail_ex+0x512/0x640 [ 263.733574][ T9360] ? __kmalloc_noprof+0xbf/0x510 [ 263.733616][ T9360] ? constrain_params_by_rules+0x175/0xca0 [ 263.733644][ T9360] should_failslab+0xc2/0x120 [ 263.733669][ T9360] __kmalloc_noprof+0xd2/0x510 [ 263.733714][ T9360] constrain_params_by_rules+0x175/0xca0 [ 263.733744][ T9360] ? do_raw_spin_lock+0x12c/0x2b0 [ 263.733785][ T9360] ? find_held_lock+0x2b/0x80 [ 263.733814][ T9360] ? mark_held_locks+0x49/0x80 [ 263.733846][ T9360] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 263.733882][ T9360] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.733926][ T9360] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.733971][ T9360] ? snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 263.734000][ T9360] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 263.734025][ T9360] ? snd_pcm_oss_write+0x4c3/0xa10 [ 263.734051][ T9360] ? vfs_write+0x29d/0x1150 [ 263.734083][ T9360] ? ksys_write+0x12a/0x250 [ 263.734116][ T9360] ? do_syscall_64+0xcd/0x490 [ 263.734150][ T9360] ? snd_interval_refine+0x2fa/0x580 [ 263.734189][ T9360] snd_pcm_hw_refine+0x7de/0xad0 [ 263.734224][ T9360] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 263.734278][ T9360] snd_pcm_hw_param_first+0x334/0x6f0 [ 263.734313][ T9360] snd_pcm_hw_param_near.constprop.0+0x702/0x8e0 [ 263.734347][ T9360] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 263.734379][ T9360] ? snd_pcm_oss_change_params_locked+0x958/0x3a30 [ 263.734415][ T9360] snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 263.734460][ T9360] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 263.734489][ T9360] ? __pfx___futex_wait+0x10/0x10 [ 263.734524][ T9360] ? snd_pcm_oss_write+0x4a2/0xa10 [ 263.734557][ T9360] ? __pfx_futex_wake_mark+0x10/0x10 [ 263.734599][ T9360] ? plist_check_head+0xa3/0x150 [ 263.734627][ T9360] ? find_held_lock+0x2b/0x80 [ 263.734659][ T9360] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 263.734689][ T9360] snd_pcm_oss_write+0x4c3/0xa10 [ 263.734719][ T9360] ? bpf_lsm_file_permission+0x9/0x10 [ 263.734739][ T9360] ? security_file_permission+0x71/0x210 [ 263.734775][ T9360] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 263.734801][ T9360] vfs_write+0x29d/0x1150 [ 263.734844][ T9360] ? __pfx_vfs_write+0x10/0x10 [ 263.734882][ T9360] ? find_held_lock+0x2b/0x80 [ 263.734911][ T9360] ? __fget_files+0x204/0x3c0 [ 263.734953][ T9360] ? __fget_files+0x20e/0x3c0 [ 263.734999][ T9360] ksys_write+0x12a/0x250 [ 263.735030][ T9360] ? __pfx_ksys_write+0x10/0x10 [ 263.735066][ T9360] do_syscall_64+0xcd/0x490 [ 263.735103][ T9360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.735130][ T9360] RIP: 0033:0x7f5bdb18e929 [ 263.735150][ T9360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.735173][ T9360] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 263.735195][ T9360] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 263.735211][ T9360] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000007 [ 263.735224][ T9360] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 263.735237][ T9360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.735251][ T9360] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 263.735281][ T9360] [ 265.188159][ T9382] vivid-003: ================= START STATUS ================= [ 265.206490][ T9382] vivid-003: Radio HW Seek Mode: Bounded [ 265.212224][ T9382] vivid-003: Radio Programmable HW Seek: false [ 265.353409][ T9392] can: request_module (can-proto-0) failed. [ 265.405352][ T9382] vivid-003: RDS Rx I/O Mode: Block I/O [ 265.423008][ T9382] vivid-003: Generate RBDS Instead of RDS: false [ 265.451605][ T9382] vivid-003: RDS Reception: true [ 265.458004][ T9382] vivid-003: RDS Program Type: 0 inactive [ 265.463837][ T9382] vivid-003: RDS PS Name: inactive [ 265.469277][ T9382] vivid-003: RDS Radio Text: inactive [ 265.474818][ T9382] vivid-003: RDS Traffic Announcement: false inactive [ 265.481974][ T9382] vivid-003: RDS Traffic Program: false inactive [ 265.488804][ T9382] vivid-003: RDS Music: false inactive [ 265.494388][ T9382] vivid-003: ================== END STATUS ================== [ 265.952814][ T9405] FAULT_INJECTION: forcing a failure. [ 265.952814][ T9405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.969348][ T9405] CPU: 0 UID: 0 PID: 9405 Comm: syz.0.702 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 265.969371][ T9405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.969380][ T9405] Call Trace: [ 265.969385][ T9405] [ 265.969392][ T9405] dump_stack_lvl+0x16c/0x1f0 [ 265.969419][ T9405] should_fail_ex+0x512/0x640 [ 265.969442][ T9405] _copy_from_user+0x2e/0xd0 [ 265.969463][ T9405] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 265.969488][ T9405] snd_rawmidi_write+0x26e/0xc10 [ 265.969509][ T9405] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 265.969526][ T9405] ? __pfx_default_wake_function+0x10/0x10 [ 265.969544][ T9405] ? bpf_lsm_file_permission+0x9/0x10 [ 265.969559][ T9405] ? security_file_permission+0x71/0x210 [ 265.969578][ T9405] ? rw_verify_area+0xcf/0x680 [ 265.969596][ T9405] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 265.969611][ T9405] vfs_write+0x29d/0x1150 [ 265.969635][ T9405] ? __pfx_vfs_write+0x10/0x10 [ 265.969652][ T9405] ? find_held_lock+0x2b/0x80 [ 265.969667][ T9405] ? __fget_files+0x204/0x3c0 [ 265.969688][ T9405] ? __fget_files+0x20e/0x3c0 [ 265.969711][ T9405] ksys_write+0x1f8/0x250 [ 265.969730][ T9405] ? __pfx_ksys_write+0x10/0x10 [ 265.969754][ T9405] do_syscall_64+0xcd/0x490 [ 265.969776][ T9405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.969791][ T9405] RIP: 0033:0x7fe1aef8e929 [ 265.969803][ T9405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.969817][ T9405] RSP: 002b:00007fe1afd1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 265.969831][ T9405] RAX: ffffffffffffffda RBX: 00007fe1af1b5fa0 RCX: 00007fe1aef8e929 [ 265.969840][ T9405] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000006 [ 265.969849][ T9405] RBP: 00007fe1af010b39 R08: 0000000000000000 R09: 0000000000000000 [ 265.969857][ T9405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.969865][ T9405] R13: 0000000000000000 R14: 00007fe1af1b5fa0 R15: 00007ffc4ae06448 [ 265.969891][ T9405] [ 268.272919][ T9437] __nla_validate_parse: 7 callbacks suppressed [ 268.272941][ T9437] netlink: 338 bytes leftover after parsing attributes in process `syz.1.709'. [ 268.330608][ T9437] netlink: 338 bytes leftover after parsing attributes in process `syz.1.709'. [ 268.366920][ T9437] netlink: 290 bytes leftover after parsing attributes in process `syz.1.709'. [ 268.393274][ T9437] netlink: 290 bytes leftover after parsing attributes in process `syz.1.709'. [ 269.309353][ T9470] netlink: 342 bytes leftover after parsing attributes in process `syz.3.716'. [ 269.320831][ T9470] netlink: 342 bytes leftover after parsing attributes in process `syz.3.716'. [ 270.298539][ T9481] Invalid ELF header magic: != ELF [ 270.859291][ T9481] could not allocate digest TFM handle " [ 271.878736][ T9513] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 272.402189][ T9509] ima: policy update failed [ 272.407160][ T30] audit: type=1802 audit(6047606530.098:16): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.726" res=0 errno=0 [ 272.671986][ T9553] netlink: 'syz.0.733': attribute type 1 has an invalid length. [ 272.708182][ T9552] netlink: 'syz.0.733': attribute type 1 has an invalid length. [ 273.073659][ T9559] netlink: 146 bytes leftover after parsing attributes in process `syz.3.734'. [ 273.195949][ T9559] vhci_hcd: invalid port number 16 [ 273.201086][ T9559] vhci_hcd: invalid port number 16 [ 273.472729][ T9569] netlink: 342 bytes leftover after parsing attributes in process `syz.0.736'. [ 273.500248][ T9569] netlink: 342 bytes leftover after parsing attributes in process `syz.0.736'. [ 274.054850][ T9583] FAULT_INJECTION: forcing a failure. [ 274.054850][ T9583] name failslab, interval 1, probability 0, space 0, times 0 [ 274.143164][ T9593] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input22 [ 274.212942][ T9583] CPU: 0 UID: 0 PID: 9583 Comm: syz.1.741 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 274.212966][ T9583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 274.212975][ T9583] Call Trace: [ 274.212981][ T9583] [ 274.212987][ T9583] dump_stack_lvl+0x16c/0x1f0 [ 274.213016][ T9583] should_fail_ex+0x512/0x640 [ 274.213037][ T9583] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 274.213061][ T9583] should_failslab+0xc2/0x120 [ 274.213076][ T9583] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 274.213105][ T9583] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 274.213144][ T9583] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 274.213182][ T9583] idr_get_free+0x528/0xa30 [ 274.213221][ T9583] idr_alloc_u32+0x190/0x2f0 [ 274.213256][ T9583] ? __pfx_idr_alloc_u32+0x10/0x10 [ 274.213288][ T9583] ? __pfx___mutex_lock+0x10/0x10 [ 274.213333][ T9583] idr_alloc+0xc0/0x130 [ 274.213367][ T9583] ? __pfx_idr_alloc+0x10/0x10 [ 274.213401][ T9583] ? __radix_tree_lookup+0x21f/0x2c0 [ 274.213438][ T9583] ppp_dev_configure+0x905/0xc80 [ 274.213480][ T9583] ppp_ioctl+0x17e0/0x2660 [ 274.213515][ T9583] ? find_held_lock+0x2b/0x80 [ 274.213544][ T9583] ? __pfx_ppp_ioctl+0x10/0x10 [ 274.213584][ T9583] ? __fget_files+0x20e/0x3c0 [ 274.213625][ T9583] ? __pfx_ppp_ioctl+0x10/0x10 [ 274.213655][ T9583] __x64_sys_ioctl+0x18b/0x210 [ 274.213690][ T9583] do_syscall_64+0xcd/0x490 [ 274.213731][ T9583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.213766][ T9583] RIP: 0033:0x7f5bdb18e929 [ 274.213788][ T9583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.213815][ T9583] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.213840][ T9583] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 274.213858][ T9583] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000004 [ 274.213874][ T9583] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 274.213891][ T9583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 274.213907][ T9583] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 274.213944][ T9583] [ 275.170308][ T9605] mkiss: ax0: crc mode is auto. [ 275.297232][ T9599] vivid-003: ================= START STATUS ================= [ 275.307576][ T9599] vivid-003: Radio HW Seek Mode: Bounded [ 275.313850][ T9599] vivid-003: Radio Programmable HW Seek: false [ 275.356170][ T9599] vivid-003: RDS Rx I/O Mode: Block I/O [ 275.361817][ T9599] vivid-003: Generate RBDS Instead of RDS: false [ 275.397178][ T9599] vivid-003: RDS Reception: true [ 275.402355][ T9599] vivid-003: RDS Program Type: 0 inactive [ 275.409048][ T9599] vivid-003: RDS PS Name: inactive [ 275.414575][ T9599] vivid-003: RDS Radio Text: inactive [ 275.420665][ T9599] vivid-003: RDS Traffic Announcement: false inactive [ 275.440224][ T9599] vivid-003: RDS Traffic Program: false inactive [ 275.511003][ T9599] vivid-003: RDS Music: false inactive [ 275.535256][ T9599] vivid-003: ================== END STATUS ================== [ 276.185526][ T9617] netlink: 342 bytes leftover after parsing attributes in process `syz.2.748'. [ 276.590953][ T44] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:3: bg 1: bad block bitmap checksum [ 276.695389][ T44] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:3: bg 2: bad block bitmap checksum [ 276.739281][ T44] EXT4-fs error (device sda1): ext4_discard_preallocations:5601: comm kworker/u8:3: Error -74 reading block bitmap for 2 [ 276.802594][ T44] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 3546 with max blocks 38 with error 74 [ 276.832458][ T44] EXT4-fs (sda1): This should not happen!! Data will be lost [ 276.832458][ T44] [ 278.517991][ T9680] cougar: G6 mapped to space [ 280.510433][ T9729] netlink: 338 bytes leftover after parsing attributes in process `syz.3.773'. [ 280.546123][ T9731] netlink: 338 bytes leftover after parsing attributes in process `syz.3.773'. [ 280.591305][ T9729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.773'. [ 281.269241][ T9744] usb usb28: usbfs: process 9744 (syz.1.776) did not claim interface 0 before use [ 281.662488][ T9759] netlink: 342 bytes leftover after parsing attributes in process `syz.2.782'. [ 282.870509][ T9791] netlink: 'syz.3.787': attribute type 5 has an invalid length. [ 282.878402][ T9791] netlink: 'syz.3.787': attribute type 1 has an invalid length. [ 282.886212][ T9791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.787'. [ 282.917393][ T9791] netlink: 'syz.3.787': attribute type 5 has an invalid length. [ 282.947867][ T9791] netlink: 'syz.3.787': attribute type 1 has an invalid length. [ 282.958305][ T9791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.787'. [ 283.172309][ T9795] netlink: 28 bytes leftover after parsing attributes in process `syz.3.788'. [ 283.192121][ T9795] team0: entered promiscuous mode [ 283.199802][ T9795] team_slave_0: entered promiscuous mode [ 283.209637][ T9795] team_slave_1: entered promiscuous mode [ 283.222673][ T9795] team0: entered allmulticast mode [ 283.229362][ T9795] team_slave_0: entered allmulticast mode [ 283.237749][ T9795] team_slave_1: entered allmulticast mode [ 283.662832][ T9805] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 283.672623][ T9804] : Can't lookup blockdev [ 284.575674][ T9818] block nbd7: not configured, cannot reconfigure [ 284.603053][ T9820] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 284.674244][ T9826] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 284.756310][ T30] audit: type=1800 audit(6047606542.438:17): pid=9828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.794" name="dbroot" dev="configfs" ino=24520 res=0 errno=0 [ 285.394110][ T9839] netlink: 338 bytes leftover after parsing attributes in process `syz.0.796'. [ 285.479054][ T9820] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 285.479315][ T9820] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 285.479513][ T9820] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 285.479693][ T9820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.479756][ T9820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.841210][ T9849] net_ratelimit: 56 callbacks suppressed [ 285.841231][ T9849] openvswitch: netlink: IP tunnel dst address not specified [ 285.938623][ T9853] netlink: 342 bytes leftover after parsing attributes in process `syz.2.800'. [ 286.554436][ T9881] netlink: 342 bytes leftover after parsing attributes in process `syz.1.805'. [ 286.825592][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout [ 287.525352][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout [ 287.527419][ T5855] Bluetooth: hci1: command 0x0c1a tx timeout [ 287.537629][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 287.598145][ T9901] netlink: 338 bytes leftover after parsing attributes in process `syz.1.810'. [ 287.662722][ T9907] netlink: 338 bytes leftover after parsing attributes in process `syz.1.810'. [ 287.804574][ T9910] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 289.608225][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 290.215004][ T5848] Bluetooth: hci3: unexpected event 0x3d length: 726 > 14 [ 291.351391][ T9999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.827'. [ 291.420480][T10008] netlink: 13 bytes leftover after parsing attributes in process `syz.0.827'. [ 292.386457][T10021] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 293.941604][T10049] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 295.063749][T10066] sp0: Synchronizing with TNC [ 295.405631][T10074] FAULT_INJECTION: forcing a failure. [ 295.405631][T10074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.431120][T10074] CPU: 0 UID: 0 PID: 10074 Comm: syz.1.843 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 295.431161][T10074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.431178][T10074] Call Trace: [ 295.431186][T10074] [ 295.431197][T10074] dump_stack_lvl+0x16c/0x1f0 [ 295.431240][T10074] should_fail_ex+0x512/0x640 [ 295.431279][T10074] _copy_from_user+0x2e/0xd0 [ 295.431318][T10074] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 295.431362][T10074] snd_rawmidi_write+0x26e/0xc10 [ 295.431402][T10074] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 295.431432][T10074] ? __pfx_default_wake_function+0x10/0x10 [ 295.431462][T10074] ? bpf_lsm_file_permission+0x9/0x10 [ 295.431488][T10074] ? security_file_permission+0x71/0x210 [ 295.431522][T10074] ? rw_verify_area+0xcf/0x680 [ 295.431554][T10074] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 295.431582][T10074] vfs_write+0x29d/0x1150 [ 295.431622][T10074] ? __pfx_vfs_write+0x10/0x10 [ 295.431653][T10074] ? find_held_lock+0x2b/0x80 [ 295.431679][T10074] ? __fget_files+0x204/0x3c0 [ 295.431716][T10074] ? __fget_files+0x20e/0x3c0 [ 295.431758][T10074] ksys_write+0x1f8/0x250 [ 295.431791][T10074] ? __pfx_ksys_write+0x10/0x10 [ 295.431842][T10074] do_syscall_64+0xcd/0x490 [ 295.431883][T10074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.431908][T10074] RIP: 0033:0x7f5bdb18e929 [ 295.431928][T10074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.431951][T10074] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 295.431976][T10074] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 295.431993][T10074] RDX: 000000000000a3d9 RSI: 0000200000000400 RDI: 0000000000000008 [ 295.432009][T10074] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 295.432025][T10074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.432040][T10074] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 295.432077][T10074] [ 295.821449][T10077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.844'. [ 295.868487][T10077] FAULT_INJECTION: forcing a failure. [ 295.868487][T10077] name failslab, interval 1, probability 0, space 0, times 0 [ 295.890508][T10077] CPU: 1 UID: 0 PID: 10077 Comm: syz.1.844 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 295.890532][T10077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.890540][T10077] Call Trace: [ 295.890546][T10077] [ 295.890552][T10077] dump_stack_lvl+0x16c/0x1f0 [ 295.890580][T10077] should_fail_ex+0x512/0x640 [ 295.890601][T10077] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 295.890625][T10077] should_failslab+0xc2/0x120 [ 295.890639][T10077] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 295.890661][T10077] ? __d_alloc+0x31/0xaa0 [ 295.890684][T10077] __d_alloc+0x31/0xaa0 [ 295.890707][T10077] d_alloc_pseudo+0x1c/0xc0 [ 295.890722][T10077] alloc_file_pseudo+0xcf/0x230 [ 295.890738][T10077] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 295.890754][T10077] ? security_inode_init_security_anon+0x79/0x240 [ 295.890775][T10077] secretmem_file_create.constprop.0+0x89/0x270 [ 295.890791][T10077] __x64_sys_memfd_secret+0xc5/0x1a0 [ 295.890805][T10077] do_syscall_64+0xcd/0x490 [ 295.890836][T10077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.890851][T10077] RIP: 0033:0x7f5bdb18e929 [ 295.890864][T10077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.890878][T10077] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 295.890893][T10077] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 295.890902][T10077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.890911][T10077] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 295.890919][T10077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.890928][T10077] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 295.890946][T10077] [ 296.538402][ T30] audit: type=1326 audit(6047606554.228:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10095 comm="syz.0.849" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe1aef8e929 code=0x0 [ 297.106715][T10106] FAULT_INJECTION: forcing a failure. [ 297.106715][T10106] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.119834][T10106] CPU: 0 UID: 5 PID: 10106 Comm: syz.1.850 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 297.119865][T10106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.119879][T10106] Call Trace: [ 297.119888][T10106] [ 297.119898][T10106] dump_stack_lvl+0x16c/0x1f0 [ 297.119931][T10106] should_fail_ex+0x512/0x640 [ 297.119963][T10106] _copy_from_user+0x2e/0xd0 [ 297.119992][T10106] kstrtouint_from_user+0xd6/0x1d0 [ 297.120015][T10106] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 297.120037][T10106] ? __lock_acquire+0xb8a/0x1c90 [ 297.120066][T10106] ? iovec_from_user+0xbb/0x140 [ 297.120089][T10106] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 297.120111][T10106] proc_fail_nth_write+0x83/0x250 [ 297.120133][T10106] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 297.120163][T10106] vfs_writev+0x5dc/0xde0 [ 297.120187][T10106] ? __pfx___mutex_trylock_common+0x10/0x10 [ 297.120220][T10106] ? __pfx_vfs_writev+0x10/0x10 [ 297.120244][T10106] ? __mutex_lock+0x1ca/0xb90 [ 297.120277][T10106] ? __pfx___mutex_lock+0x10/0x10 [ 297.120313][T10106] ? __fget_files+0x20e/0x3c0 [ 297.120346][T10106] ? do_writev+0x132/0x340 [ 297.120368][T10106] do_writev+0x132/0x340 [ 297.120391][T10106] ? __pfx_do_writev+0x10/0x10 [ 297.120430][T10106] do_syscall_64+0xcd/0x490 [ 297.120459][T10106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.120479][T10106] RIP: 0033:0x7f5bdb18e929 [ 297.120495][T10106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.120513][T10106] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 297.120530][T10106] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 297.120543][T10106] RDX: 0000000000000003 RSI: 0000200000000200 RDI: 0000000000000004 [ 297.120555][T10106] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 297.120566][T10106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.120577][T10106] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 297.120603][T10106] [ 297.572315][T10106] FAULT_INJECTION: forcing a failure. [ 297.572315][T10106] name failslab, interval 1, probability 0, space 0, times 0 [ 297.585564][T10106] CPU: 1 UID: 5 PID: 10106 Comm: syz.1.850 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 297.585591][T10106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.585605][T10106] Call Trace: [ 297.585614][T10106] [ 297.585623][T10106] dump_stack_lvl+0x16c/0x1f0 [ 297.585663][T10106] should_fail_ex+0x512/0x640 [ 297.585695][T10106] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 297.585735][T10106] should_failslab+0xc2/0x120 [ 297.585759][T10106] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 297.585792][T10106] ? __pfx_map_id_range_down+0x10/0x10 [ 297.585826][T10106] ? __x64_sys_futex+0x1e0/0x4c0 [ 297.585855][T10106] ? __x64_sys_futex+0x1e9/0x4c0 [ 297.585880][T10106] ? prepare_creds+0x2c/0x7d0 [ 297.585919][T10106] prepare_creds+0x2c/0x7d0 [ 297.585956][T10106] __sys_setreuid+0x101/0xaf0 [ 297.585983][T10106] ? rcu_is_watching+0x12/0xc0 [ 297.586013][T10106] do_syscall_64+0xcd/0x490 [ 297.586050][T10106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.586076][T10106] RIP: 0033:0x7f5bdb18e929 [ 297.586096][T10106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.586127][T10106] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071 [ 297.586150][T10106] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 297.586167][T10106] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 297.586182][T10106] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 297.586197][T10106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.586211][T10106] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 297.586245][T10106] [ 298.578884][T10115] bond0: option all_slaves_active: invalid value () [ 298.928831][ T30] audit: type=1800 audit(6047606556.618:19): pid=10122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.853" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 300.612642][T10141] can: request_module (can-proto-0) failed. [ 301.135326][T10156] netlink: 342 bytes leftover after parsing attributes in process `syz.2.863'. [ 301.416728][T10162] netlink: 16 bytes leftover after parsing attributes in process `syz.3.865'. [ 303.728496][T10207] Unable to find swap-space signature [ 303.903322][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 303.955640][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 303.990304][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.065845][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.141782][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.157622][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.174012][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.202305][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.216055][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.226351][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.240126][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.250497][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.260813][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.271032][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.285291][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.295874][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.306523][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.319431][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.329623][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.339993][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.364886][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.376632][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.388775][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.399556][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.410101][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.421373][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.432534][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.442760][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.453120][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.463391][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.473490][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.483672][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.493845][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.504249][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.515416][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.526397][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.568184][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.580676][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.606671][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.671857][T10214] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 304.964507][T10224] can: request_module (can-proto-0) failed. [ 306.356754][T10270] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 306.870180][T10276] ubi0: attaching mtd0 [ 306.875641][T10276] ubi0: scanning is finished [ 306.890480][T10276] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 307.104887][T10276] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 307.848592][T10301] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 308.243734][T10302] ima: policy update failed [ 308.265630][ T30] audit: type=1802 audit(6047606565.958:20): pid=10302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.893" res=0 errno=0 [ 308.620386][T10330] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 308.678718][T10329] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 309.212964][T10323] ima: policy update failed [ 309.227894][ T30] audit: type=1802 audit(6047606566.908:21): pid=10323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.897" res=0 errno=0 [ 310.494710][T10386] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input24 [ 312.058286][T10408] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 312.130250][T10411] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 312.797571][T10434] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 313.957006][T10468] netlink: 342 bytes leftover after parsing attributes in process `syz.3.923'. [ 314.190632][T10468] netlink: 218 bytes leftover after parsing attributes in process `syz.3.923'. [ 316.203186][T10508] Invalid ELF header magic: != ELF [ 316.733216][T10519] blktrace: Concurrent blktraces are not allowed on loop2 [ 317.223986][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.230627][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.271268][T10526] ALSA: mixer_oss: invalid OSS volume '' [ 317.572413][T10541] netlink: 330 bytes leftover after parsing attributes in process `syz.0.941'. [ 317.800468][T10550] netlink: 342 bytes leftover after parsing attributes in process `syz.0.943'. [ 320.743736][T10594] netlink: 28 bytes leftover after parsing attributes in process `syz.3.949'. [ 321.022113][T10606] ptrace attach of "./syz-executor exec"[5857] was attempted by "./syz-executor exec"[10606] [ 323.839857][T10652] ptrace attach of "./syz-executor exec"[10656] was attempted by "./syz-executor exec"[10652] [ 323.878207][T10653] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 324.167113][T10672] netlink: 'syz.2.963': attribute type 10 has an invalid length. [ 324.254245][T10658] delete_channel: no stack [ 324.694423][T10660] random: crng reseeded on system resumption [ 324.724092][T10660] FAULT_INJECTION: forcing a failure. [ 324.724092][T10660] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 324.785652][T10660] CPU: 0 UID: 0 PID: 10660 Comm: syz.1.960 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 324.785693][T10660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 324.785709][T10660] Call Trace: [ 324.785717][T10660] [ 324.785727][T10660] dump_stack_lvl+0x16c/0x1f0 [ 324.785776][T10660] should_fail_ex+0x512/0x640 [ 324.785829][T10660] should_fail_alloc_page+0xe7/0x130 [ 324.785859][T10660] prepare_alloc_pages+0x3c2/0x610 [ 324.785891][T10660] ? rcu_is_watching+0x12/0xc0 [ 324.785922][T10660] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 324.785974][T10660] ? stack_trace_save+0x8e/0xc0 [ 324.786004][T10660] ? __pfx_stack_trace_save+0x10/0x10 [ 324.786032][T10660] ? stack_depot_save_flags+0x28/0xa40 [ 324.786072][T10660] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 324.786115][T10660] ? kasan_save_stack+0x42/0x60 [ 324.786151][T10660] ? kasan_save_stack+0x33/0x60 [ 324.786191][T10660] ? do_dentry_open+0x744/0x1c10 [ 324.786226][T10660] ? vfs_open+0x82/0x3f0 [ 324.786250][T10660] ? path_openat+0x1de4/0x2cb0 [ 324.786284][T10660] ? do_filp_open+0x20b/0x470 [ 324.786317][T10660] ? do_sys_openat2+0x11b/0x1d0 [ 324.786343][T10660] ? __x64_sys_openat+0x174/0x210 [ 324.786370][T10660] ? do_syscall_64+0xcd/0x490 [ 324.786403][T10660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.786432][T10660] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 324.786468][T10660] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 324.786508][T10660] ? policy_nodemask+0xea/0x4e0 [ 324.786537][T10660] alloc_pages_mpol+0x1fb/0x550 [ 324.786562][T10660] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 324.786600][T10660] alloc_pages_noprof+0x131/0x390 [ 324.786627][T10660] get_zeroed_page_noprof+0x18/0xb0 [ 324.786656][T10660] get_image_page+0x18/0x190 [ 324.786684][T10660] alloc_rtree_node+0x3c/0xb0 [ 324.786713][T10660] memory_bm_create+0x519/0x810 [ 324.786756][T10660] create_basic_memory_bitmaps+0xbd/0x320 [ 324.786793][T10660] snapshot_open+0x235/0x2b0 [ 324.786832][T10660] ? __pfx_snapshot_open+0x10/0x10 [ 324.786865][T10660] misc_open+0x35d/0x420 [ 324.786898][T10660] ? __pfx_misc_open+0x10/0x10 [ 324.786929][T10660] chrdev_open+0x231/0x6a0 [ 324.786967][T10660] ? __pfx_apparmor_file_open+0x10/0x10 [ 324.787000][T10660] ? __pfx_chrdev_open+0x10/0x10 [ 324.787042][T10660] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 324.787083][T10660] do_dentry_open+0x744/0x1c10 [ 324.787121][T10660] ? __pfx_chrdev_open+0x10/0x10 [ 324.787168][T10660] vfs_open+0x82/0x3f0 [ 324.787200][T10660] path_openat+0x1de4/0x2cb0 [ 324.787249][T10660] ? __pfx_path_openat+0x10/0x10 [ 324.787288][T10660] ? __lock_acquire+0xb8a/0x1c90 [ 324.787326][T10660] do_filp_open+0x20b/0x470 [ 324.787363][T10660] ? __pfx_do_filp_open+0x10/0x10 [ 324.787427][T10660] ? alloc_fd+0x471/0x7d0 [ 324.787488][T10660] do_sys_openat2+0x11b/0x1d0 [ 324.787517][T10660] ? __pfx_do_sys_openat2+0x10/0x10 [ 324.787558][T10660] __x64_sys_openat+0x174/0x210 [ 324.787597][T10660] ? __pfx___x64_sys_openat+0x10/0x10 [ 324.787643][T10660] do_syscall_64+0xcd/0x490 [ 324.787685][T10660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.787712][T10660] RIP: 0033:0x7f5bdb18e929 [ 324.787735][T10660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.787761][T10660] RSP: 002b:00007f5bdc05a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 324.787785][T10660] RAX: ffffffffffffffda RBX: 00007f5bdb3b5fa0 RCX: 00007f5bdb18e929 [ 324.787809][T10660] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 324.787826][T10660] RBP: 00007f5bdb210b39 R08: 0000000000000000 R09: 0000000000000000 [ 324.787842][T10660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.787858][T10660] R13: 0000000000000000 R14: 00007f5bdb3b5fa0 R15: 00007ffc7c443ee8 [ 324.787896][T10660] [ 325.251273][T10690] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 325.689269][T10704] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 326.057119][T10709] sd 0:0:1:0: PR command failed: 1026 [ 326.093464][T10709] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 326.130475][T10709] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 326.175647][T10709] binder: 10702:10709 unknown command 7 [ 326.179947][T10706] zswap: compressor not available [ 326.181500][T10709] binder: 10702:10709 ioctl c0306201 0 returned -22 [ 326.741084][T10738] ubi0: attaching mtd0 [ 326.746429][T10738] ubi0: scanning is finished [ 326.751590][T10738] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 326.977043][T10738] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 328.391368][T10763] netlink: 342 bytes leftover after parsing attributes in process `syz.1.983'. [ 328.419755][T10763] netlink: 342 bytes leftover after parsing attributes in process `syz.1.983'. [ 332.647625][T10829] netlink: 342 bytes leftover after parsing attributes in process `syz.0.995'. [ 333.426388][T10841] netlink: 222 bytes leftover after parsing attributes in process `syz.3.998'. [ 334.347919][T10852] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1001'. [ 335.833822][T10873] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 336.343789][T10882] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1008'. [ 336.388693][T10882] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1008'. [ 341.309454][T10994] random: crng reseeded on system resumption [ 342.887645][T11013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1029'. [ 344.004965][T11040] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 344.153485][T11044] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1033'. [ 344.790460][T11056] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 345.634401][ T30] audit: type=1804 audit(6047606603.318:22): pid=11068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1039" name="/newroot/249/file0" dev="tmpfs" ino=1329 res=1 errno=0 [ 346.419200][T11098] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 346.616012][T11099] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 347.709548][T11113] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1048'. [ 347.804998][T11118] ceph: Failed to parse sending metrics switch value 'P^' [ 347.827310][T11120] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1049'. [ 348.089293][T11127] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1051'. [ 348.746587][T11138] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 349.300819][T11143] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 350.178897][T11138] kexec: Could not allocate control_code_buffer [ 350.806973][T11174] ima: policy update failed [ 350.837377][ T30] audit: type=1802 audit(6047606608.518:23): pid=11174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1064" res=0 errno=0 [ 351.315474][T11184] [ 351.317877][T11184] ====================================================== [ 351.324896][T11184] WARNING: possible circular locking dependency detected [ 351.331933][T11184] 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 Not tainted [ 351.339061][T11184] ------------------------------------------------------ [ 351.346095][T11184] syz.0.1063/11184 is trying to acquire lock: [ 351.352178][T11184] ffff888027011970 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 351.362034][T11184] [ 351.362034][T11184] but task is already holding lock: [ 351.369402][T11184] ffff888027011438 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 351.380656][T11184] [ 351.380656][T11184] which lock already depends on the new lock. [ 351.380656][T11184] [ 351.391057][T11184] [ 351.391057][T11184] the existing dependency chain (in reverse order) is: [ 351.400067][T11184] [ 351.400067][T11184] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}: [ 351.408685][T11184] blk_alloc_queue+0x619/0x760 [ 351.413988][T11184] blk_mq_alloc_queue+0x175/0x290 [ 351.419559][T11184] __blk_mq_alloc_disk+0x29/0x120 [ 351.425116][T11184] nbd_dev_add+0x4a0/0xbc0 [ 351.430077][T11184] nbd_init+0x181/0x320 [ 351.434770][T11184] do_one_initcall+0x120/0x6e0 [ 351.440060][T11184] kernel_init_freeable+0x5c2/0x900 [ 351.445790][T11184] kernel_init+0x1c/0x2b0 [ 351.450644][T11184] ret_from_fork+0x5d7/0x6f0 [ 351.455794][T11184] ret_from_fork_asm+0x1a/0x30 [ 351.461084][T11184] [ 351.461084][T11184] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 351.468302][T11184] fs_reclaim_acquire+0x102/0x150 [ 351.473939][T11184] prepare_alloc_pages+0x162/0x610 [ 351.479594][T11184] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 351.486131][T11184] __alloc_pages_noprof+0xb/0x1b0 [ 351.491700][T11184] pcpu_populate_chunk+0x110/0xb00 [ 351.497344][T11184] pcpu_alloc_noprof+0x86a/0x1470 [ 351.502896][T11184] xt_percpu_counter_alloc+0x13e/0x1b0 [ 351.508885][T11184] find_check_entry.constprop.0+0xbf/0xa20 [ 351.515218][T11184] translate_table+0xd0b/0x17b0 [ 351.520593][T11184] ip6t_register_table+0x102/0x430 [ 351.526242][T11184] ip6table_security_table_init+0x40/0x60 [ 351.532496][T11184] xt_find_table_lock+0x2e1/0x520 [ 351.538057][T11184] xt_request_find_table_lock+0x28/0xf0 [ 351.544125][T11184] get_info+0x190/0x620 [ 351.548803][T11184] do_ip6t_get_ctl+0x169/0xa50 [ 351.554087][T11184] nf_getsockopt+0x7c/0xe0 [ 351.559020][T11184] ipv6_getsockopt+0x1f7/0x280 [ 351.564307][T11184] tcp_getsockopt+0x9e/0x100 [ 351.569424][T11184] do_sock_getsockopt+0x3fc/0x800 [ 351.574966][T11184] __sys_getsockopt+0x123/0x1b0 [ 351.580340][T11184] __x64_sys_getsockopt+0xbd/0x160 [ 351.585984][T11184] do_syscall_64+0xcd/0x490 [ 351.591031][T11184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.597452][T11184] [ 351.597452][T11184] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 351.605189][T11184] __mutex_lock+0x199/0xb90 [ 351.610220][T11184] pcpu_alloc_noprof+0xb4c/0x1470 [ 351.615769][T11184] sbitmap_init_node+0x2fd/0x770 [ 351.621230][T11184] sbitmap_queue_init_node+0x41/0x560 [ 351.627123][T11184] blk_mq_init_tags+0x12d/0x2b0 [ 351.632502][T11184] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 351.638572][T11184] blk_mq_init_sched+0x30c/0x610 [ 351.644029][T11184] elevator_switch+0x1e1/0x7f0 [ 351.649316][T11184] elevator_change+0x2ac/0x400 [ 351.654598][T11184] elevator_set_default+0x292/0x320 [ 351.660318][T11184] blk_register_queue+0x393/0x4f0 [ 351.665871][T11184] __add_disk+0x74a/0xf00 [ 351.670735][T11184] add_disk_fwnode+0x13f/0x5d0 [ 351.676035][T11184] nbd_dev_add+0x791/0xbc0 [ 351.680994][T11184] nbd_init+0x181/0x320 [ 351.685679][T11184] do_one_initcall+0x120/0x6e0 [ 351.690964][T11184] kernel_init_freeable+0x5c2/0x900 [ 351.696697][T11184] kernel_init+0x1c/0x2b0 [ 351.701555][T11184] ret_from_fork+0x5d7/0x6f0 [ 351.706678][T11184] ret_from_fork_asm+0x1a/0x30 [ 351.711969][T11184] [ 351.711969][T11184] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 351.719794][T11184] __lock_acquire+0x126f/0x1c90 [ 351.725172][T11184] lock_acquire+0x179/0x350 [ 351.730210][T11184] __mutex_lock+0x199/0xb90 [ 351.735240][T11184] queue_requests_store+0x1c7/0x310 [ 351.740952][T11184] queue_attr_store+0x279/0x320 [ 351.746335][T11184] sysfs_kf_write+0xef/0x150 [ 351.751446][T11184] kernfs_fop_write_iter+0x351/0x510 [ 351.757245][T11184] iter_file_splice_write+0x91c/0x1150 [ 351.763225][T11184] direct_splice_actor+0x18f/0x6c0 [ 351.768858][T11184] splice_direct_to_actor+0x345/0xa30 [ 351.774749][T11184] do_splice_direct+0x174/0x240 [ 351.780122][T11184] do_sendfile+0xb06/0xe50 [ 351.785059][T11184] __x64_sys_sendfile64+0x1d8/0x220 [ 351.790776][T11184] do_syscall_64+0xcd/0x490 [ 351.795806][T11184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.802218][T11184] [ 351.802218][T11184] other info that might help us debug this: [ 351.802218][T11184] [ 351.812434][T11184] Chain exists of: [ 351.812434][T11184] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59 [ 351.812434][T11184] [ 351.826188][T11184] Possible unsafe locking scenario: [ 351.826188][T11184] [ 351.833632][T11184] CPU0 CPU1 [ 351.838989][T11184] ---- ---- [ 351.844343][T11184] lock(&q->q_usage_counter(io)#59); [ 351.849721][T11184] lock(fs_reclaim); [ 351.856216][T11184] lock(&q->q_usage_counter(io)#59); [ 351.864109][T11184] lock(&q->elevator_lock); [ 351.868694][T11184] [ 351.868694][T11184] *** DEADLOCK *** [ 351.868694][T11184] [ 351.876823][T11184] 5 locks held by syz.0.1063/11184: [ 351.882011][T11184] #0: ffff88807d936428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30 [ 351.892037][T11184] #1: ffff88805f3c1088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 351.901787][T11184] #2: ffff88802629d5a8 (kn->active#206){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 351.911922][T11184] #3: ffff888027011438 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 351.923600][T11184] #4: ffff888027011470 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 351.935539][T11184] [ 351.935539][T11184] stack backtrace: [ 351.941420][T11184] CPU: 0 UID: 0 PID: 11184 Comm: syz.0.1063 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 351.941445][T11184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 351.941457][T11184] Call Trace: [ 351.941464][T11184] [ 351.941471][T11184] dump_stack_lvl+0x116/0x1f0 [ 351.941500][T11184] print_circular_bug+0x275/0x350 [ 351.941526][T11184] check_noncircular+0x14c/0x170 [ 351.941553][T11184] __lock_acquire+0x126f/0x1c90 [ 351.941578][T11184] ? __lock_acquire+0xb8a/0x1c90 [ 351.941603][T11184] lock_acquire+0x179/0x350 [ 351.941626][T11184] ? queue_requests_store+0x1c7/0x310 [ 351.941645][T11184] ? __pfx___might_resched+0x10/0x10 [ 351.941666][T11184] ? do_raw_spin_lock+0x12c/0x2b0 [ 351.941694][T11184] __mutex_lock+0x199/0xb90 [ 351.941720][T11184] ? queue_requests_store+0x1c7/0x310 [ 351.941737][T11184] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 351.941762][T11184] ? queue_requests_store+0x1c7/0x310 [ 351.941778][T11184] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.941803][T11184] ? __pfx___mutex_lock+0x10/0x10 [ 351.941831][T11184] ? __pfx_autoremove_wake_function+0x10/0x10 [ 351.941857][T11184] ? queue_requests_store+0x1c7/0x310 [ 351.941873][T11184] queue_requests_store+0x1c7/0x310 [ 351.941890][T11184] ? __pfx_queue_requests_store+0x10/0x10 [ 351.941909][T11184] ? __mutex_trylock_common+0xe9/0x250 [ 351.941934][T11184] ? __pfx_queue_requests_store+0x10/0x10 [ 351.941951][T11184] queue_attr_store+0x279/0x320 [ 351.941978][T11184] ? __pfx_queue_attr_store+0x10/0x10 [ 351.942008][T11184] ? __lock_acquire+0x622/0x1c90 [ 351.942037][T11184] ? find_held_lock+0x2b/0x80 [ 351.942056][T11184] ? sysfs_file_kobj+0xe4/0x290 [ 351.942078][T11184] ? __pfx_queue_attr_store+0x10/0x10 [ 351.942104][T11184] sysfs_kf_write+0xef/0x150 [ 351.942125][T11184] kernfs_fop_write_iter+0x351/0x510 [ 351.942144][T11184] ? __pfx_sysfs_kf_write+0x10/0x10 [ 351.942167][T11184] iter_file_splice_write+0x91c/0x1150 [ 351.942198][T11184] ? __pfx_iter_file_splice_write+0x10/0x10 [ 351.942224][T11184] ? __pfx_copy_splice_read+0x10/0x10 [ 351.942252][T11184] ? __pfx_iter_file_splice_write+0x10/0x10 [ 351.942277][T11184] direct_splice_actor+0x18f/0x6c0 [ 351.942301][T11184] splice_direct_to_actor+0x345/0xa30 [ 351.942325][T11184] ? __pfx_direct_splice_actor+0x10/0x10 [ 351.942350][T11184] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 351.942375][T11184] do_splice_direct+0x174/0x240 [ 351.942398][T11184] ? __pfx_do_splice_direct+0x10/0x10 [ 351.942420][T11184] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 351.942444][T11184] ? rw_verify_area+0xcf/0x680 [ 351.942468][T11184] do_sendfile+0xb06/0xe50 [ 351.942493][T11184] ? __pfx_do_sendfile+0x10/0x10 [ 351.942515][T11184] ? handle_mm_fault+0x2ab/0xd10 [ 351.942540][T11184] ? __x64_sys_futex+0x1e0/0x4c0 [ 351.942562][T11184] ? __x64_sys_futex+0x1e9/0x4c0 [ 351.942585][T11184] __x64_sys_sendfile64+0x1d8/0x220 [ 351.942603][T11184] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 351.942624][T11184] do_syscall_64+0xcd/0x490 [ 351.942651][T11184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.942670][T11184] RIP: 0033:0x7fe1aef8e929 [ 351.942685][T11184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.942703][T11184] RSP: 002b:00007fe1acdd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 351.942721][T11184] RAX: ffffffffffffffda RBX: 00007fe1af1b6160 RCX: 00007fe1aef8e929 [ 351.942734][T11184] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 351.942745][T11184] RBP: 00007fe1af010b39 R08: 0000000000000000 R09: 0000000000000000 [ 351.942757][T11184] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000 [ 351.942769][T11184] R13: 0000000000000000 R14: 00007fe1af1b6160 R15: 00007ffc4ae06448 [ 351.942787][T11184] [ 352.873703][T11172] base_sock_release(ffff88805f521200) sk=ffff888068a4d000