last executing test programs: 9.676645713s ago: executing program 1 (id=1801): mmap$auto(0x0, 0x2020009, 0x6, 0xebd, 0xfffffffffffffffa, 0x40) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci7/hci7:201\x00', 0x0, 0x0) write$auto_drm_edid_fops_drm_debugfs(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010026bd"], 0x14}, 0x1, 0x0, 0x0, 0x64000811}, 0x40000c0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x600, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r3, 0x80045017, 0x0) mmap$auto(0x0, 0xdb33, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x22040, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) pidfd_open$auto(0xffffffffffffffff, 0x401) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_DEL_RXSA(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000001c40)=ANY=[@ANYBLOB="93788a14", @ANYRES16, @ANYBLOB="01002abd7000fcdbdf2508000000040002800400038008000100", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x20004010) 6.049693794s ago: executing program 0 (id=1815): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyea\x00', 0x10002, 0x0) getsockopt$auto(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000100)=0x14) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, &(0x7f0000001040), 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = socket(0x6, 0xc8522f8024d47597, 0x238) setsockopt$auto(r2, 0x29, 0x40, &(0x7f0000000400)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,&\xd5z\xe6\x93\xb9\aE\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x8001) socket(0x10, 0x2, 0xf) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) r3 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_LOOP_CTL_ADD(r3, 0x4c80, 0xfffffffffffffffd) 5.185115027s ago: executing program 0 (id=1817): shutdown$auto(0x200000003, 0x2) 5.008942331s ago: executing program 3 (id=1818): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_GET(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x20008080) 4.799829432s ago: executing program 3 (id=1820): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, r0, 0x0) bpf$auto(0xd, 0x0, 0x6f5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0xa, 0x801, 0x84) setsockopt$auto(r1, 0x10000000084, 0x22, 0x0, 0x30) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x9, 0x2000000080000000, 0x3) mmap$auto(0x8, 0x2020009, 0x7, 0xffff, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_FRAME(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="f41500005a0857a81173f394e18f087a7fc67070bdf506c60a2b2e9cf5634efb3f831719dcf35481c22c8d6679e6a8e3d0e0da45cea8ccad260e9cb6fcfeba06a90cbd50e6863e30de7b7a8b09448717dee6ac76f0c9e7f56b99ff32d93def728ba6eb50c926c2f6755ea8f178c85a820da40eebd64c1196cd20db1c9355ddd47d4476b03e35f32f8d2ecd80ed95e54073f30709d352d3edb1be3f5bbf9cf961a36fac67dd74e669451232bd8078409c6dc7c667ce9a426b8bca0fb7a41fd56c86a051aac18adcd819a3c7093d76", @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf25020000000a000100560b557986750000"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x101000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 4.74951663s ago: executing program 1 (id=1821): socket(0x2, 0x80802, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0xe59fd, 0x12) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000300), r0) socket(0xa, 0x1, 0x84) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/neigh/dummy0/delay_first_probe_time\x00', 0x42202, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio1\x00', 0x101001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) shmctl$auto_SHM_UNLOCK(0x8001, 0xc, &(0x7f0000000480)={{0x7ff, 0x0, 0xffffffffffffffff, 0x9, 0x5, 0x0, 0x80}, 0x6, 0x100, 0x7, 0xdf22, @inferred, @inferred, 0x1, 0x0, 0x0, &(0x7f0000000400)="20c6acb1e8ecb46be7351ee0b81a53ea6b83347f3c9c6dc9c424f1cb5205df6a9828abe5f843cc35d5ef478773514c9ea4c4533ac0c69c14f723c05884cc4c9c1205893d51883961dac4d09206f9fb0a48100653d67c22c23ddbe82fe4919d2c108a8ff2af0e9bcbe48d3fb118f5a5049c19d86857412859f2320ffacd"}) fchown$auto(r1, 0xffffffffffffffff, r2) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r5) read$auto(r5, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r4, @ANYRES32=0x0, @ANYBLOB="08000300060000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.705198034s ago: executing program 0 (id=1822): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime$auto(0x0, 0xb746, &(0x7f0000000000)={{0x4d4, 0x2}, {0xfe, 0x4}}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f) (fail_nth: 13) 3.73463098s ago: executing program 0 (id=1825): syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) unshare$auto(0x40000080) sync_file_range$auto(r0, 0x97, 0x6, 0x6) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/oom_adj\x00', 0x6cc402, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ustat$auto(0x801, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x1fffffffffffffe, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x802}) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x15, 0x5, 0x0) ustat$auto(0x801, 0x0) adjtimex$auto(&(0x7f0000000140)={0x2, 0x0, 0x3, 0x92, 0x4, 0x6, 0x4, 0x0, 0x0, 0x0, 0x4, {0x188ce96b, 0x1}, 0x9, 0x1, 0x6, 0x5, 0x0, 0x5, 0x1, 0x1, 0x9, 0x0, 0xf4d1}) socket(0x11, 0xa, 0x300) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r2, 0x0, 0x9) read$auto(0x3, 0x0, 0x1f40) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/block/loop6/queue/max_segments\x00', 0x80800, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) ioctl$auto(0xffffffffffffffff, 0x8924, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) 3.103294215s ago: executing program 1 (id=1827): socket(0x2, 0x80802, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0xe59fd, 0x12) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000300), r0) socket(0xa, 0x1, 0x84) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/neigh/dummy0/delay_first_probe_time\x00', 0x42202, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio1\x00', 0x101001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) shmctl$auto_SHM_UNLOCK(0x8001, 0xc, &(0x7f0000000480)={{0x7ff, 0x0, 0xffffffffffffffff, 0x9, 0x5, 0x0, 0x80}, 0x6, 0x100, 0x7, 0xdf22, @inferred, @inferred, 0x1, 0x0, &(0x7f0000000280)="c6d5a90d92a09e67972cc2aa5679", &(0x7f0000000400)="20c6acb1e8ecb46be7351ee0b81a53ea6b83347f3c9c6dc9c424f1cb5205df6a9828abe5f843cc35d5ef478773514c9ea4c4533ac0c69c14f723c05884cc4c9c1205893d51883961dac4d09206f9fb0a48100653d67c22c23ddbe82fe4919d2c108a8ff2af0e9bcbe48d3fb118f5a5049c19d86857412859f2320ffacd"}) fchown$auto(r1, 0xffffffffffffffff, r2) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r5) read$auto(r5, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYRES32=r4, @ANYRES32=0x0, @ANYBLOB="08000300060000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.859444076s ago: executing program 3 (id=1829): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000003c0)) mmap$auto(0x0, 0x4000005, 0xfffffffffffffe01, 0x8051, 0x3, 0x10000000008000) (fail_nth: 27) 2.366679274s ago: executing program 3 (id=1830): socket(0x2, 0x80802, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0xe59fd, 0x12) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000300), r0) socket(0xa, 0x1, 0x84) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/neigh/dummy0/delay_first_probe_time\x00', 0x42202, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio1\x00', 0x101001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) shmctl$auto_SHM_UNLOCK(0x8001, 0xc, &(0x7f0000000480)={{0x7ff, 0x0, 0xffffffffffffffff, 0x9, 0x5, 0x0, 0x80}, 0x6, 0x100, 0x7, 0xdf22, @inferred, @inferred, 0x1, 0x0, &(0x7f0000000280)="c6d5a90d92a0", &(0x7f0000000400)="20c6acb1e8ecb46be7351ee0b81a53ea6b83347f3c9c6dc9c424f1cb5205df6a9828abe5f843cc35d5ef478773514c9ea4c4533ac0c69c14f723c05884cc4c9c1205893d51883961dac4d09206f9fb0a48100653d67c22c23ddbe82fe4919d2c108a8ff2af0e9bcbe48d3fb118f5a5049c19d86857412859f2320ffacd"}) fchown$auto(r1, 0xffffffffffffffff, r2) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r5) read$auto(r5, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r4, @ANYRES32=0x0, @ANYBLOB="08000300060000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.296280356s ago: executing program 0 (id=1831): socket(0x2, 0x80802, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0xe59fd, 0x12) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000300), r0) socket(0xa, 0x1, 0x84) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/neigh/dummy0/delay_first_probe_time\x00', 0x42202, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio1\x00', 0x101001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) shmctl$auto_SHM_UNLOCK(0x8001, 0xc, &(0x7f0000000480)={{0x7ff, 0x0, 0xffffffffffffffff, 0x9, 0x5, 0x0, 0x80}, 0x6, 0x100, 0x7, 0xdf22, @inferred, @inferred, 0x1, 0x0, &(0x7f0000000280), &(0x7f0000000400)="20c6acb1e8ecb46be7351ee0b81a53ea6b83347f3c9c6dc9c424f1cb5205df6a9828abe5f843cc35d5ef478773514c9ea4c4533ac0c69c14f723c05884cc4c9c1205893d51883961dac4d09206f9fb0a48100653d67c22c23ddbe82fe4919d2c108a8ff2af0e9bcbe48d3fb118f5a5049c19d86857412859f2320ffacd"}) fchown$auto(r1, 0xffffffffffffffff, r2) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r5) read$auto(r5, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r4, @ANYRES32=0x0, @ANYBLOB="08000300060000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.170565391s ago: executing program 2 (id=1832): openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setrlimit$auto(0x9, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80802, 0x0) socket(0x10, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x80100, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 1.704226792s ago: executing program 2 (id=1833): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime$auto(0x0, 0xb746, &(0x7f0000000000)={{0x4d4, 0x2}, {0xfe, 0x4}}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x120, &(0x7f0000000000)=@generic={0xa, "000000000000fe8000"}, 0x1f) 1.666595684s ago: executing program 3 (id=1834): sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB="c0000000", @ANYRES16, @ANYBLOB="010025bd7000fcdbdf250400000004001000a700160046dda4069dfd5d5ecbefc69c7f3d9d2333c5fbcb6749c88d6bc42f58180f9823ce3c688efd0e15954696536dbc91f301a2bac1cff5944109088b5258a3c3f313fa338ac1a0700a1fea39e52b498d43a6ddc0d705"], 0xc0}, 0x1, 0x0, 0x0, 0x20000904}, 0x48000) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x24c802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) mmap$auto(0x0, 0x7fff, 0x3, 0xeb0, 0xfffffffffffffffa, 0x208000) unshare$auto(0x40000080) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x200000000002d57, 0xeb1, r0, 0x8000) mknod$auto(&(0x7f0000000080)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x1081, 0x8) socket(0x18, 0x1, 0x5) io_uring_setup$auto(0x1, 0x0) uname$auto(0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) write$auto(r3, 0x0, 0x3) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/ieee80211/phy10/netdev:wlan0/stations/08:02:11:00:00:01/aid\x00', 0x802, 0x0) prctl$auto_PR_SME_SET_VL(0x3f, 0x9, 0x0, 0x5, 0x8b00) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="5efffedc8cf332b7d9c11091947bea5bb7244aa6d01bfbfe", @ANYRES16=0x0, @ANYRES8], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) clock_gettime$auto(0x7ffffffd, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000ac0)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x6c000, 0x63) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000340)=""/152, 0xffffffffffffffb4) timer_create$auto(0xfffffffc, 0x0, 0x0) 1.633044756s ago: executing program 1 (id=1835): mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) (async) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) (async) keyctl$auto(0xa, 0x0, 0x2, 0x5, 0x8) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x7f) mmap$auto(0x0, 0x2020009, 0x8003, 0xeb1, 0xfffffffffffffffa, 0x8000000000008000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000180)='/dev/media17\x00', 0x48000, 0x0) (async) r0 = epoll_create$auto(0x3a) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) link$auto(&(0x7f0000000940)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2DW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xea\xa5\xff \xec\xe8\xca\xbf\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\v\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4N\xbb\xc2\xf8\x9c\xd0+t\x87r\x02\x05\xdb\xe4\xde\xed\x02\x00\x00\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00M\x83\xdb\xaf\xc4\xf23l\xae\xc5\x1d\xc4\xb0\x06\xd06\x1dX\x03\xe3\x9e\xd3\xd96\xcf\xd9\xa3\xcb\xd6B\xc3\x0f#\xd2\x1a\xf9L\xf5\x87My\xce\x19*\xde\x8d+#\x13\x15\xd3Y\x98\xe1\xc3@\x0e\x9c\xc2\xf8\b\xaf\x89\xe5\x00\x89-pWD\xb5&\xc9\x8e\x8d,\xb7}1\x84U\x18y\xa90\xf5\x80\x981U\x17\x14]\xc56j\xe7\x0e\xecBr\xa9]\"\xd36^m\x12\xb6\xbc\x80\xa4h{\xde\xcf\xf7d\x87rl\x11\xf7\x15\xcb~\xb9\x01\x0e\xd7O_\x91\xe1\xead\xee\xed]/p\xd6\xff\x17\xe4\aV\"I\xca\x90\xc7i\'\xa3R\x81\xf1}4\xbeU\x00\xa4\x1d\xea!Z\xd4|\xbe\x987\n!\x9b?\xb9l_\xd8$av\xfe%\xa2\xda\x82\x14\xc311;\xa4ob\x87\xdbY\xe2\x00', &(0x7f0000000b40)='./file0\x00') rename$auto(&(0x7f0000000680)=':,\x00', &(0x7f0000000480)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2DW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xea\xa5\xff \xec\xe8\xca\xbf\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\v\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4N\xbb\xc2\xf8\x9c\xd0+t\x87r\x02\x05\xdb\xe4\xde\xed\x02\x00\x00\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00M\x83\xdb\xaf\xc4\xf23l\xae\xc5\x1d\xc4\xb0\x06\xd06\x1dX\x03\xe3\x9e\xd3\xd96\xcf\xd9\xa3\xcb\xd6B\xc3\x0f#\xd2\x1a\xf9L\xf5\x87My\xce\x19*\xde\x8d+#\x13\x15\xd3Y\x98\xe1\xc3@\x0e\x9c\xc2\xf8\b\xaf\x89\xe5\x00\x89-pWD\xb5&\xc9\x8e\x8d,\xb7}1\x84U\x18y\xa90\xf5\x80\x981U\x17\x14]\xc56j\xe7\x0e\xecBr\xa9]\"\xd36^m\x12\xb6\xbc\x80\xa4h{\xde\xcf\xf7d\x87rl\x11\xf7\x15\xcb~\xb9\x01\x0e\xd7O_\x91\xe1\xead\xee\xed]/p\xd6\xff\x17\xe4\aV\"I\xca\x90\xc7i\'\xa3R\x81\xf1}4\xbeU\x00\xa4\x1d\xea!Z\xd4|\xbe\x987\n!\x9b?\xb9l_\xd8$av\xfe%\xa2\xda\x82\x14\xc311;\xa4ob\x87\xdbY\xe2\x00') (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) socket(0x8, 0x5, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0xa, 0x4, 0x0) (async) socket(0xa, 0x801, 0x84) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) keyctl$auto(0xa, 0xfffffffffffffffd, 0x2, 0x628, 0xfffffffffffffffd) (async, rerun: 32) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/controlC0\x00', 0x2ca42, 0x0) (rerun: 32) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000080)={0x3, 0x26, 0x1c2, @inferred, 0x0, "9d4f8e1d3633c2e5a5ff69c61ed5c9546c1eadce39439cb9f7fe26fe87659c9dd52e80eb5a7b5bdce630726f940b393b8d24"}) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) (async) mincore$auto(0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) socket(0x8, 0x2, 0x101) 1.068169891s ago: executing program 2 (id=1836): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto_PR_MCE_KILL_GET(0x22, 0x100, 0x5, 0x2, 0x40) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sg0\x00', 0x10b002, 0x0) write$auto(0x3, 0x0, 0xfdf3) 767.853599ms ago: executing program 2 (id=1837): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x401, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xffe3) 590.72305ms ago: executing program 1 (id=1838): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_GET(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008080) 561.015725ms ago: executing program 2 (id=1839): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1e, 0x1, 0x0) getsockname$auto(r0, &(0x7f0000000000), &(0x7f0000000040)=0x3) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/ns/cgroup\x00', 0x4000, 0x0) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) ioperm$auto(0x800, 0x8, 0xb056) rt_sigpending$auto(&(0x7f0000000340)={0x10000000000000}, 0x8) r2 = prctl$auto_PR_SCHED_CORE_SHARE_TO(0x10001, 0x2, 0x0, 0x0, 0x10) write$auto_nsim_pp_hold_fops_netdev(r2, &(0x7f0000000280)="62cb0bdd8678430de1f65f1e2672014bd84daee9ce641b20e47119728ecb4107aea25f37", 0x24) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_HS_LIMITATION(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x14, r5, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000) sendmsg$auto_SMC_NETLINK_GET_SYS_INFO(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, r5, 0x8, 0x70bd2d, 0x25dfdbfc, {}, "d406a2f344369ed76fb8bc839cd4577eff3e26848436b785ae0a4de2de51bc2a6bb4c109cdbaada867"}, 0x40}, 0x1, 0x0, 0x0, 0x809}, 0xd0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) getpid() setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 362.373345ms ago: executing program 1 (id=1840): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, r0, 0x0) bpf$auto(0xd, 0x0, 0x6f5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0xa, 0x801, 0x84) setsockopt$auto(r1, 0x10000000084, 0x22, 0x0, 0x30) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x9, 0x2000000080000000, 0x3) mmap$auto(0x8, 0x2020009, 0x7, 0xffff, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_FRAME(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="f41500005a0857a81173f394e18f087a7fc67070bdf506c60a2b2e9cf5634efb3f831719dcf35481c22c8d6679e6a8e3d0e0da45cea8ccad260e9cb6fcfeba06a90cbd50e6863e30de7b7a8b09448717dee6ac76f0c9e7f56b99ff32d93def728ba6eb50c926c2f6755ea8f178c85a820da40eebd64c1196cd20db1c9355ddd47d4476b03e35f32f8d2ecd80ed95e54073f30709d352d3edb1be3f5bbf9cf961a36fac67dd74e669451232bd8078409c6dc7c667ce9a426b8bca0fb7a41fd56c86a051aac18adcd819a3c7093d76", @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf25020000000a000100560b557986750000"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x101000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r4 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmmsg$auto(r4, 0x0, 0x7, 0x4008) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 163.13597ms ago: executing program 0 (id=1841): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyea\x00', 0x10002, 0x0) getsockopt$auto(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f0000000100)=0x14) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, &(0x7f0000001040), 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = socket(0x6, 0xc8522f8024d47597, 0x238) setsockopt$auto(r2, 0x29, 0x40, &(0x7f0000000400)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,&\xd5z\xe6\x93\xb9\aE\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x8001) socket(0x10, 0x2, 0xf) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 87.375103ms ago: executing program 2 (id=1842): openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setrlimit$auto(0x9, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80802, 0x0) socket(0x10, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x80100, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 0s ago: executing program 3 (id=1843): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r0 = semctl$auto(0x80, 0x6, 0x800006, 0x10) fcntl$auto(0x3, 0x400, r0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0) sigaltstack$auto(&(0x7f0000000100)={&(0x7f0000000080)="70d081b8fc5925fd5cd27fbcc9099e8fe09605a1ca788d80e5160c59f3778bc66b72064fc1e10ceace9cec4570cbe1191ceade6c5a3c5d40de5402dec2acd78665f9e6a8822a8478036b750da829d89abc65717a65a4c76dc52cd32ce6d358be85da", 0x7, 0x7}, &(0x7f0000000240)={&(0x7f0000000140)="e8b8698507dd886378021e3c46e0115ca43121647dc433e72a15936ec36255693b4838eac4ec21ed81dc55695d20ea2aea43e4b660215b085e8b6f8bcdc6bb1e6ee1babc5d5819c82d960815ecbe4f77c8f91e99d31a5a6535ed33779962853d143bd605e25d613b933fa8591967cf9c460e68aa393cb0f7df89fd18f61be9ab1f5f728dd6db0e6c5fcdba0ee58b962b14915ede53c6b47f8a8a3e172ce18d49d63bb66b5b2e530b2fc0e14165499952ab84b1479a857df666ed6f033c36164bdb9f7b498f8eeb6bbb2f6261775f90ea251dc42cae959c96c9ba37bcc741915019e9c820c1c181b856d7d2f6dbd1906ad537b09e34388927ba9e", 0x10, 0x5}) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x127c84, 0x20) fcntl$auto(0x3, 0x401, 0x3) kernel console output (not intermixed with test programs): sctp_connect_new_asoc+0x1d7/0x790 [ 516.371925][T12136] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 516.371985][T12136] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 516.372036][T12136] sctp_sendmsg+0x15f9/0x1ee0 [ 516.372098][T12136] ? __pfx_sctp_sendmsg+0x10/0x10 [ 516.372164][T12136] ? __might_fault+0xe3/0x190 [ 516.372208][T12136] ? __pfx_aa_sk_perm+0x10/0x10 [ 516.372249][T12136] ? __pfx_sctp_sendmsg+0x10/0x10 [ 516.372298][T12136] inet_sendmsg+0x119/0x140 [ 516.372337][T12136] __sys_sendto+0x431/0x510 [ 516.372386][T12136] ? __pfx___sys_sendto+0x10/0x10 [ 516.372467][T12136] ? ksys_write+0x1b9/0x240 [ 516.372495][T12136] ? __pfx_ksys_write+0x10/0x10 [ 516.372521][T12136] ? rcu_is_watching+0x12/0xc0 [ 516.372554][T12136] __x64_sys_sendto+0xe0/0x1c0 [ 516.372598][T12136] ? do_syscall_64+0x91/0x230 [ 516.372635][T12136] ? lockdep_hardirqs_on+0x7c/0x110 [ 516.372670][T12136] do_syscall_64+0xcd/0x230 [ 516.372709][T12136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.372738][T12136] RIP: 0033:0x7f1d4518e969 [ 516.372760][T12136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.372804][T12136] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 516.372833][T12136] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 516.372852][T12136] RDX: 0000000000000401 RSI: 0000000000000000 RDI: 0000000000000003 [ 516.372870][T12136] RBP: 00007f1d46060090 R08: 0000200000000000 R09: 000000000000001f [ 516.372889][T12136] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000001 [ 516.372908][T12136] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 516.372949][T12136] [ 516.952566][T12146] FAULT_INJECTION: forcing a failure. [ 516.952566][T12146] name failslab, interval 1, probability 0, space 0, times 0 [ 516.965530][T12146] CPU: 1 UID: 0 PID: 12146 Comm: syz.2.1437 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 516.965561][T12146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 516.965575][T12146] Call Trace: [ 516.965582][T12146] [ 516.965590][T12146] dump_stack_lvl+0x16c/0x1f0 [ 516.965622][T12146] should_fail_ex+0x512/0x640 [ 516.965653][T12146] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 516.965682][T12146] should_failslab+0xc2/0x120 [ 516.965709][T12146] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 516.965733][T12146] ? __alloc_skb+0x2b2/0x380 [ 516.965774][T12146] __alloc_skb+0x2b2/0x380 [ 516.965807][T12146] ? __pfx___alloc_skb+0x10/0x10 [ 516.965841][T12146] ? process_measurement+0x4a6/0x23e0 [ 516.965873][T12146] ? down_write+0x14d/0x200 [ 516.965910][T12146] tipc_buf_acquire+0x26/0xe0 [ 516.965945][T12146] tipc_msg_build+0x112/0x1150 [ 516.965972][T12146] ? __pfx_tipc_msg_build+0x10/0x10 [ 516.966000][T12146] ? register_lock_class+0x41/0x4c0 [ 516.966036][T12146] __tipc_sendstream+0x6f9/0x1170 [ 516.966081][T12146] ? __pfx___tipc_sendstream+0x10/0x10 [ 516.966115][T12146] ? do_raw_spin_lock+0x12c/0x2b0 [ 516.966153][T12146] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 516.966187][T12146] ? __pfx_woken_wake_function+0x10/0x10 [ 516.966228][T12146] ? __local_bh_enable_ip+0xa4/0x120 [ 516.966258][T12146] tipc_sendstream+0x4f/0x70 [ 516.966293][T12146] ____sys_sendmsg+0xa95/0xc70 [ 516.966322][T12146] ? copy_msghdr_from_user+0x10a/0x160 [ 516.966359][T12146] ? __pfx_____sys_sendmsg+0x10/0x10 [ 516.966392][T12146] ? __pfx__kstrtoull+0x10/0x10 [ 516.966422][T12146] ___sys_sendmsg+0x134/0x1d0 [ 516.966445][T12146] ? __pfx____sys_sendmsg+0x10/0x10 [ 516.966496][T12146] ? find_held_lock+0x2b/0x80 [ 516.966535][T12146] __sys_sendmmsg+0x200/0x420 [ 516.966560][T12146] ? __pfx___sys_sendmmsg+0x10/0x10 [ 516.966592][T12146] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 516.966633][T12146] ? fput+0x70/0xf0 [ 516.966659][T12146] ? ksys_write+0x1b9/0x240 [ 516.966679][T12146] ? __pfx_ksys_write+0x10/0x10 [ 516.966698][T12146] ? rcu_is_watching+0x12/0xc0 [ 516.966724][T12146] __x64_sys_sendmmsg+0x9c/0x100 [ 516.966744][T12146] ? lockdep_hardirqs_on+0x7c/0x110 [ 516.966771][T12146] do_syscall_64+0xcd/0x230 [ 516.966800][T12146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.966823][T12146] RIP: 0033:0x7fa30658e969 [ 516.966842][T12146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.966865][T12146] RSP: 002b:00007fa3073e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 516.966886][T12146] RAX: ffffffffffffffda RBX: 00007fa3067b6080 RCX: 00007fa30658e969 [ 516.966901][T12146] RDX: 00000000000029a4 RSI: 0000000000000000 RDI: 0000000000000004 [ 516.966915][T12146] RBP: 00007fa3073e5090 R08: 0000000000000000 R09: 0000000000000000 [ 516.966929][T12146] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000001 [ 516.966942][T12146] R13: 0000000000000000 R14: 00007fa3067b6080 R15: 00007ffd356df4f8 [ 516.966971][T12146] [ 517.957493][T12155] Invalid ELF header magic: != ELF [ 520.726697][T12176] netlink: 'syz.2.1447': attribute type 10 has an invalid length. [ 520.786441][T12176] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1447'. [ 521.661552][T12180] netlink: 'syz.1.1448': attribute type 10 has an invalid length. [ 521.682531][T12180] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1448'. [ 522.017579][T12183] netlink: 'syz.2.1451': attribute type 10 has an invalid length. [ 522.025636][T12183] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1451'. [ 522.835190][T12189] FAULT_INJECTION: forcing a failure. [ 522.835190][T12189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.901336][T12189] CPU: 0 UID: 0 PID: 12189 Comm: syz.0.1450 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 522.901371][T12189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 522.901385][T12189] Call Trace: [ 522.901392][T12189] [ 522.901401][T12189] dump_stack_lvl+0x16c/0x1f0 [ 522.901433][T12189] should_fail_ex+0x512/0x640 [ 522.901468][T12189] core_sys_select+0x4b2/0xbe0 [ 522.901517][T12189] ? __pfx_core_sys_select+0x10/0x10 [ 522.901559][T12189] ? proc_fail_nth_write+0x9f/0x250 [ 522.901614][T12189] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 522.901650][T12189] kern_select+0x15d/0x1e0 [ 522.901683][T12189] ? __pfx_kern_select+0x10/0x10 [ 522.901721][T12189] ? __pfx_ksys_write+0x10/0x10 [ 522.901740][T12189] ? rcu_is_watching+0x12/0xc0 [ 522.901764][T12189] __x64_sys_select+0xbd/0x160 [ 522.901796][T12189] ? do_syscall_64+0x91/0x230 [ 522.901823][T12189] ? lockdep_hardirqs_on+0x7c/0x110 [ 522.901848][T12189] do_syscall_64+0xcd/0x230 [ 522.901878][T12189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.901900][T12189] RIP: 0033:0x7f1d4518e969 [ 522.901917][T12189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.901940][T12189] RSP: 002b:00007f1d4601e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 522.901961][T12189] RAX: ffffffffffffffda RBX: 00007f1d453b6160 RCX: 00007f1d4518e969 [ 522.901976][T12189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 522.901989][T12189] RBP: 00007f1d4601e090 R08: 0000000000000000 R09: 0000000000000000 [ 522.902002][T12189] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 522.902016][T12189] R13: 0000000000000000 R14: 00007f1d453b6160 R15: 00007ffc99ab9818 [ 522.902048][T12189] [ 524.634670][T12227] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1461'. [ 525.132951][T12238] FAULT_INJECTION: forcing a failure. [ 525.132951][T12238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 525.142048][T12233] Invalid ELF header magic: != ELF [ 525.166357][T12238] CPU: 1 UID: 0 PID: 12238 Comm: syz.1.1464 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 525.166403][T12238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 525.166421][T12238] Call Trace: [ 525.166431][T12238] [ 525.166443][T12238] dump_stack_lvl+0x16c/0x1f0 [ 525.166486][T12238] should_fail_ex+0x512/0x640 [ 525.166535][T12238] _copy_from_user+0x2e/0xd0 [ 525.166585][T12238] sg_write+0x76d/0xe10 [ 525.166632][T12238] ? __pfx_sg_write+0x10/0x10 [ 525.166714][T12238] ? apparmor_file_permission+0x251/0x400 [ 525.166752][T12238] ? bpf_lsm_file_permission+0x9/0x10 [ 525.166799][T12238] ? security_file_permission+0x71/0x210 [ 525.166842][T12238] ? rw_verify_area+0xcf/0x680 [ 525.166893][T12238] vfs_write+0x25c/0x1180 [ 525.166920][T12238] ? __pfx_sg_write+0x10/0x10 [ 525.166967][T12238] ? __pfx_vfs_write+0x10/0x10 [ 525.166993][T12238] ? find_held_lock+0x2b/0x80 [ 525.167034][T12238] ? __fget_files+0x204/0x3c0 [ 525.167086][T12238] ? __fget_files+0x20e/0x3c0 [ 525.167146][T12238] ksys_write+0x12a/0x240 [ 525.167175][T12238] ? __pfx_ksys_write+0x10/0x10 [ 525.167203][T12238] ? rcu_is_watching+0x12/0xc0 [ 525.167249][T12238] do_syscall_64+0xcd/0x230 [ 525.167292][T12238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.167324][T12238] RIP: 0033:0x7f0bcad8e969 [ 525.167349][T12238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.167379][T12238] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 525.167409][T12238] RAX: ffffffffffffffda RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 525.167430][T12238] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 525.167450][T12238] RBP: 00007f0bc8bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 525.167469][T12238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 525.167488][T12238] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 525.167529][T12238] [ 526.308062][T12252] ubi0: attaching mtd0 [ 526.330882][T12252] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 526.364545][T12260] FAULT_INJECTION: forcing a failure. [ 526.364545][T12260] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 526.399645][T12260] CPU: 0 UID: 0 PID: 12260 Comm: syz.0.1469 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 526.399688][T12260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 526.399706][T12260] Call Trace: [ 526.399716][T12260] [ 526.399726][T12260] dump_stack_lvl+0x16c/0x1f0 [ 526.399769][T12260] should_fail_ex+0x512/0x640 [ 526.399817][T12260] _copy_from_user+0x2e/0xd0 [ 526.399865][T12260] copy_msghdr_from_user+0x98/0x160 [ 526.399917][T12260] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 526.399995][T12260] ___sys_sendmsg+0xfe/0x1d0 [ 526.400026][T12260] ? __pfx____sys_sendmsg+0x10/0x10 [ 526.400124][T12260] __sys_sendmsg+0x16d/0x220 [ 526.400153][T12260] ? __pfx___sys_sendmsg+0x10/0x10 [ 526.400191][T12260] ? rcu_is_watching+0x12/0xc0 [ 526.400234][T12260] do_syscall_64+0xcd/0x230 [ 526.400275][T12260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.400304][T12260] RIP: 0033:0x7f1d4518e969 [ 526.400328][T12260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.400357][T12260] RSP: 002b:00007f1d4603f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 526.400385][T12260] RAX: ffffffffffffffda RBX: 00007f1d453b6080 RCX: 00007f1d4518e969 [ 526.400405][T12260] RDX: 0000000000000080 RSI: 0000200000001780 RDI: 0000000000000005 [ 526.400424][T12260] RBP: 00007f1d4603f090 R08: 0000000000000000 R09: 0000000000000000 [ 526.400442][T12260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 526.400461][T12260] R13: 0000000000000000 R14: 00007f1d453b6080 R15: 00007ffc99ab9818 [ 526.400519][T12260] [ 528.106468][T12290] FAULT_INJECTION: forcing a failure. [ 528.106468][T12290] name failslab, interval 1, probability 0, space 0, times 0 [ 528.130505][T12290] CPU: 1 UID: 0 PID: 12290 Comm: syz.1.1476 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 528.130538][T12290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 528.130551][T12290] Call Trace: [ 528.130557][T12290] [ 528.130566][T12290] dump_stack_lvl+0x16c/0x1f0 [ 528.130595][T12290] should_fail_ex+0x512/0x640 [ 528.130625][T12290] ? __kvmalloc_node_noprof+0x122/0x600 [ 528.130650][T12290] should_failslab+0xc2/0x120 [ 528.130679][T12290] __kvmalloc_node_noprof+0x135/0x600 [ 528.130703][T12290] ? io_alloc_cache_init+0x33/0x170 [ 528.130727][T12290] ? io_alloc_cache_init+0x33/0x170 [ 528.130745][T12290] io_alloc_cache_init+0x33/0x170 [ 528.130766][T12290] io_uring_setup+0x5ff/0x1ff0 [ 528.130795][T12290] ? __pfx_io_uring_setup+0x10/0x10 [ 528.130820][T12290] ? do_futex+0x122/0x350 [ 528.130843][T12290] ? __pfx_do_futex+0x10/0x10 [ 528.130864][T12290] ? fd_install+0x225/0x750 [ 528.130909][T12290] ? rcu_is_watching+0x12/0xc0 [ 528.130941][T12290] __x64_sys_io_uring_setup+0xc2/0x170 [ 528.130969][T12290] do_syscall_64+0xcd/0x230 [ 528.130999][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.131020][T12290] RIP: 0033:0x7f0bcad8e969 [ 528.131037][T12290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.131059][T12290] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 528.131079][T12290] RAX: ffffffffffffffda RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 528.131094][T12290] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000001 [ 528.131107][T12290] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 528.131120][T12290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 528.131133][T12290] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 528.131159][T12290] [ 530.600774][T12335] FAULT_INJECTION: forcing a failure. [ 530.600774][T12335] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 530.648312][T12335] CPU: 1 UID: 0 PID: 12335 Comm: syz.0.1484 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 530.648356][T12335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 530.648375][T12335] Call Trace: [ 530.648385][T12335] [ 530.648398][T12335] dump_stack_lvl+0x16c/0x1f0 [ 530.648441][T12335] should_fail_ex+0x512/0x640 [ 530.648492][T12335] should_fail_alloc_page+0xe7/0x130 [ 530.648532][T12335] prepare_alloc_pages+0x3c2/0x610 [ 530.648579][T12335] ? stack_trace_save+0x8e/0xc0 [ 530.648614][T12335] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 530.648666][T12335] ? kasan_save_stack+0x42/0x60 [ 530.648697][T12335] ? kasan_save_stack+0x33/0x60 [ 530.648727][T12335] ? kasan_save_track+0x14/0x30 [ 530.648757][T12335] ? __kasan_slab_alloc+0x89/0x90 [ 530.648789][T12335] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 530.648821][T12335] ? security_inode_alloc+0x3b/0x2b0 [ 530.648852][T12335] ? inode_init_always_gfp+0xce4/0x1030 [ 530.648899][T12335] ? alloc_inode+0x86/0x240 [ 530.648933][T12335] ? sock_alloc+0x40/0x280 [ 530.648962][T12335] ? __sock_create+0xc1/0x8d0 [ 530.648997][T12335] ? __sys_socket+0x14d/0x260 [ 530.649032][T12335] ? __x64_sys_socket+0x72/0xb0 [ 530.649073][T12335] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 530.649149][T12335] ? sk_prot_alloc+0x1a8/0x2a0 [ 530.649183][T12335] __alloc_pages_noprof+0xb/0x1b0 [ 530.649217][T12335] ___kmalloc_large_node+0x82/0x1e0 [ 530.649268][T12335] __kmalloc_large_node_noprof+0x1c/0x70 [ 530.649320][T12335] __kmalloc_noprof.cold+0xc/0x61 [ 530.649371][T12335] sk_prot_alloc+0x1a8/0x2a0 [ 530.649412][T12335] sk_alloc+0x36/0xc20 [ 530.649458][T12335] can_create+0x1e5/0x600 [ 530.649515][T12335] __sock_create+0x335/0x8d0 [ 530.649561][T12335] __sys_socket+0x14d/0x260 [ 530.649602][T12335] ? __pfx___sys_socket+0x10/0x10 [ 530.649640][T12335] ? rcu_is_watching+0x12/0xc0 [ 530.649684][T12335] __x64_sys_socket+0x72/0xb0 [ 530.649725][T12335] ? lockdep_hardirqs_on+0x7c/0x110 [ 530.649762][T12335] do_syscall_64+0xcd/0x230 [ 530.649803][T12335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.649832][T12335] RIP: 0033:0x7f1d4518e969 [ 530.649859][T12335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 530.649890][T12335] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 530.649920][T12335] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 530.649942][T12335] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 530.649962][T12335] RBP: 00007f1d45210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 530.649982][T12335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 530.650001][T12335] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 530.650041][T12335] [ 535.297459][T12390] Invalid ELF header magic: != ELF [ 537.034123][T12411] kexec: Could not allocate control_code_buffer [ 538.020885][T12449] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 538.103958][T12449] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 538.203450][T12449] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 538.209973][T12449] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 539.660304][T12470] netlink: 'syz.0.1509': attribute type 10 has an invalid length. [ 539.669028][T12470] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1509'. [ 540.095211][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 540.160242][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 540.249822][ T55] Bluetooth: hci0: command 0x0406 tx timeout [ 540.255961][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 540.266498][T12475] FAULT_INJECTION: forcing a failure. [ 540.266498][T12475] name failslab, interval 1, probability 0, space 0, times 0 [ 540.299492][T12475] CPU: 0 UID: 0 PID: 12475 Comm: syz.0.1510 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 540.299534][T12475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 540.299551][T12475] Call Trace: [ 540.299561][T12475] [ 540.299572][T12475] dump_stack_lvl+0x16c/0x1f0 [ 540.299613][T12475] should_fail_ex+0x512/0x640 [ 540.299668][T12475] should_failslab+0xc2/0x120 [ 540.299704][T12475] __kmalloc_cache_noprof+0x6a/0x3e0 [ 540.299744][T12475] ? __sctp_v6_cmp_addr+0x206/0x530 [ 540.299777][T12475] ? sctp_add_bind_addr+0xae/0x3f0 [ 540.299806][T12475] sctp_add_bind_addr+0xae/0x3f0 [ 540.299836][T12475] sctp_copy_local_addr_list+0x39d/0x5a0 [ 540.299873][T12475] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 540.299912][T12475] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 540.299952][T12475] ? sctp_bind_addr_copy+0xe0/0x530 [ 540.299978][T12475] sctp_bind_addr_copy+0xe0/0x530 [ 540.300013][T12475] sctp_connect_new_asoc+0x1d7/0x790 [ 540.300055][T12475] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 540.300104][T12475] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 540.300146][T12475] sctp_sendmsg+0x15f9/0x1ee0 [ 540.300192][T12475] ? __pfx_sctp_sendmsg+0x10/0x10 [ 540.300244][T12475] ? __might_fault+0xe3/0x190 [ 540.300274][T12475] ? __pfx_aa_sk_perm+0x10/0x10 [ 540.300309][T12475] ? __pfx_sctp_sendmsg+0x10/0x10 [ 540.300351][T12475] inet_sendmsg+0x119/0x140 [ 540.300384][T12475] __sys_sendto+0x431/0x510 [ 540.300425][T12475] ? __pfx___sys_sendto+0x10/0x10 [ 540.300489][T12475] ? ksys_write+0x1b9/0x240 [ 540.300511][T12475] ? __pfx_ksys_write+0x10/0x10 [ 540.300537][T12475] ? rcu_is_watching+0x12/0xc0 [ 540.300562][T12475] __x64_sys_sendto+0xe0/0x1c0 [ 540.300598][T12475] ? do_syscall_64+0x91/0x230 [ 540.300632][T12475] ? lockdep_hardirqs_on+0x7c/0x110 [ 540.300669][T12475] do_syscall_64+0xcd/0x230 [ 540.300705][T12475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.300733][T12475] RIP: 0033:0x7f1d4518e969 [ 540.300755][T12475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 540.300781][T12475] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 540.300807][T12475] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 540.300824][T12475] RDX: 0000000000000401 RSI: 0000000000000000 RDI: 0000000000000003 [ 540.300838][T12475] RBP: 00007f1d46060090 R08: 0000200000000000 R09: 000000000000001f [ 540.300854][T12475] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000001 [ 540.300870][T12475] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 540.300906][T12475] [ 540.657315][T12483] Invalid ELF header magic: != ELF [ 540.827417][T12489] netlink: 'syz.1.1512': attribute type 10 has an invalid length. [ 540.857370][T12489] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1512'. [ 541.152743][T12491] netlink: 'syz.0.1515': attribute type 10 has an invalid length. [ 541.161064][T12491] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1515'. [ 542.773480][T12532] Invalid ELF header magic: != ELF [ 543.382387][T12540] blktrace: Concurrent blktraces are not allowed on loop5 [ 543.449452][T12540] FAULT_INJECTION: forcing a failure. [ 543.449452][T12540] name failslab, interval 1, probability 0, space 0, times 0 [ 543.485211][T12540] CPU: 1 UID: 0 PID: 12540 Comm: syz.2.1526 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 543.485267][T12540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 543.485288][T12540] Call Trace: [ 543.485299][T12540] [ 543.485312][T12540] dump_stack_lvl+0x16c/0x1f0 [ 543.485360][T12540] should_fail_ex+0x512/0x640 [ 543.485404][T12540] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 543.485446][T12540] should_failslab+0xc2/0x120 [ 543.485485][T12540] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 543.485519][T12540] ? __proc_create+0xc3/0x8c0 [ 543.485553][T12540] ? __proc_create+0x2ce/0x8c0 [ 543.485593][T12540] __proc_create+0x2ce/0x8c0 [ 543.485629][T12540] ? __pfx___proc_create+0x10/0x10 [ 543.485662][T12540] ? _raw_write_unlock+0x28/0x50 [ 543.485697][T12540] ? proc_register+0x314/0x5f0 [ 543.485745][T12540] _proc_mkdir+0xb9/0x200 [ 543.485783][T12540] ? __pfx__proc_mkdir+0x10/0x10 [ 543.485828][T12540] ? __pfx_netfilter_net_init+0x10/0x10 [ 543.485877][T12540] netfilter_net_init+0x37b/0x4b0 [ 543.485922][T12540] ? sysctl_net_init+0x27/0x30 [ 543.485963][T12540] ops_init+0x1df/0x5f0 [ 543.486002][T12540] setup_net+0x21e/0x850 [ 543.486041][T12540] ? __pfx_setup_net+0x10/0x10 [ 543.486072][T12540] ? lockdep_init_map_type+0x5c/0x280 [ 543.486117][T12540] ? __pfx_down_read_killable+0x10/0x10 [ 543.486169][T12540] ? debug_mutex_init+0x37/0x70 [ 543.486224][T12540] copy_net_ns+0x2a6/0x5f0 [ 543.486274][T12540] create_new_namespaces+0x3ea/0xad0 [ 543.486329][T12540] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 543.486370][T12540] ksys_unshare+0x45b/0xa40 [ 543.486415][T12540] ? __pfx_ksys_unshare+0x10/0x10 [ 543.486457][T12540] ? xfd_validate_state+0x5d/0x180 [ 543.486516][T12540] ? rcu_is_watching+0x12/0xc0 [ 543.486557][T12540] __x64_sys_unshare+0x31/0x40 [ 543.486600][T12540] do_syscall_64+0xcd/0x230 [ 543.486645][T12540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.486678][T12540] RIP: 0033:0x7fa30658e969 [ 543.486704][T12540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.486738][T12540] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 543.486769][T12540] RAX: ffffffffffffffda RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 543.486791][T12540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 543.486811][T12540] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 543.486832][T12540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 543.486852][T12540] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 543.486895][T12540] [ 543.486909][T12540] cannot create netfilter proc entry [ 543.637069][T12537] netlink: 'syz.3.1525': attribute type 10 has an invalid length. [ 543.965332][T12537] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1525'. [ 544.592388][T12560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1529'. [ 544.755644][T12559] netlink: 'syz.2.1530': attribute type 10 has an invalid length. [ 544.786864][T12559] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1530'. [ 545.745191][T12593] Invalid ELF header magic: != ELF [ 547.149062][T12619] FAULT_INJECTION: forcing a failure. [ 547.149062][T12619] name failslab, interval 1, probability 0, space 0, times 0 [ 547.220682][T12614] netlink: 'syz.0.1547': attribute type 10 has an invalid length. [ 547.228642][T12614] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1547'. [ 547.247972][T12619] CPU: 1 UID: 0 PID: 12619 Comm: syz.1.1548 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 547.248019][T12619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 547.248038][T12619] Call Trace: [ 547.248048][T12619] [ 547.248060][T12619] dump_stack_lvl+0x16c/0x1f0 [ 547.248102][T12619] should_fail_ex+0x512/0x640 [ 547.248143][T12619] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 547.248184][T12619] should_failslab+0xc2/0x120 [ 547.248223][T12619] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 547.248259][T12619] ? __alloc_skb+0x2b2/0x380 [ 547.248314][T12619] __alloc_skb+0x2b2/0x380 [ 547.248363][T12619] ? __pfx___alloc_skb+0x10/0x10 [ 547.248415][T12619] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 547.248447][T12619] ? __lock_acquire+0xaa4/0x1ba0 [ 547.248494][T12619] netlink_alloc_large_skb+0x69/0x130 [ 547.248529][T12619] netlink_sendmsg+0x6a1/0xdd0 [ 547.248570][T12619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 547.248625][T12619] ____sys_sendmsg+0xa95/0xc70 [ 547.248665][T12619] ? copy_msghdr_from_user+0x10a/0x160 [ 547.248716][T12619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 547.248775][T12619] ___sys_sendmsg+0x134/0x1d0 [ 547.248807][T12619] ? __pfx____sys_sendmsg+0x10/0x10 [ 547.248907][T12619] __sys_sendmsg+0x16d/0x220 [ 547.248937][T12619] ? __pfx___sys_sendmsg+0x10/0x10 [ 547.248980][T12619] ? rcu_is_watching+0x12/0xc0 [ 547.249024][T12619] do_syscall_64+0xcd/0x230 [ 547.249066][T12619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.249098][T12619] RIP: 0033:0x7f0bcad8e969 [ 547.249122][T12619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.249153][T12619] RSP: 002b:00007f0bc8bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 547.249183][T12619] RAX: ffffffffffffffda RBX: 00007f0bcafb6080 RCX: 00007f0bcad8e969 [ 547.249204][T12619] RDX: 0000000000000080 RSI: 0000200000001780 RDI: 0000000000000005 [ 547.249224][T12619] RBP: 00007f0bc8bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 547.249244][T12619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 547.249263][T12619] R13: 0000000000000000 R14: 00007f0bcafb6080 R15: 00007ffeba924ad8 [ 547.249304][T12619] [ 547.357903][T12621] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1549'. [ 548.990631][T12646] netlink: 'syz.2.1554': attribute type 10 has an invalid length. [ 549.025699][T12646] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1554'. [ 549.350825][T12659] Invalid ELF header magic: != ELF [ 550.649252][T12682] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1563'. [ 550.728714][T12684] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1563'. [ 551.208753][T12690] netlink: 'syz.2.1566': attribute type 1 has an invalid length. [ 552.492358][T12716] Invalid ELF header magic: != ELF [ 552.899429][T12721] Invalid ELF header magic: != ELF [ 554.338426][T12750] FAULT_INJECTION: forcing a failure. [ 554.338426][T12750] name failslab, interval 1, probability 0, space 0, times 0 [ 554.372601][T12750] CPU: 1 UID: 0 PID: 12750 Comm: syz.0.1581 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 554.372647][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 554.372666][T12750] Call Trace: [ 554.372675][T12750] [ 554.372686][T12750] dump_stack_lvl+0x16c/0x1f0 [ 554.372728][T12750] should_fail_ex+0x512/0x640 [ 554.372767][T12750] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 554.372818][T12750] should_failslab+0xc2/0x120 [ 554.372851][T12750] __kmalloc_cache_noprof+0x6a/0x3e0 [ 554.372897][T12750] ? percpu_ref_init+0xec/0x410 [ 554.372940][T12750] ? __pfx_io_ring_ctx_ref_free+0x10/0x10 [ 554.372984][T12750] percpu_ref_init+0xec/0x410 [ 554.373021][T12750] io_uring_setup+0x453/0x1ff0 [ 554.373059][T12750] ? __pfx_io_uring_setup+0x10/0x10 [ 554.373092][T12750] ? do_futex+0x122/0x350 [ 554.373123][T12750] ? __pfx_do_futex+0x10/0x10 [ 554.373153][T12750] ? fd_install+0x225/0x750 [ 554.373215][T12750] ? rcu_is_watching+0x12/0xc0 [ 554.373248][T12750] __x64_sys_io_uring_setup+0xc2/0x170 [ 554.373285][T12750] do_syscall_64+0xcd/0x230 [ 554.373322][T12750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.373351][T12750] RIP: 0033:0x7f1d4518e969 [ 554.373386][T12750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.373412][T12750] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 554.373437][T12750] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 554.373454][T12750] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000001 [ 554.373470][T12750] RBP: 00007f1d45210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 554.373486][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.373501][T12750] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 554.373533][T12750] [ 556.578737][T12799] Invalid ELF header magic: != ELF [ 558.072343][T12824] Line length is too long: Should be less than 4094 [ 559.644045][T12856] netlink: 'syz.2.1603': attribute type 10 has an invalid length. [ 559.655547][T12856] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1603'. [ 561.561254][T12881] Invalid ELF header magic: != ELF [ 561.760793][T12877] HfR: entered promiscuous mode [ 562.600781][T12912] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1618'. [ 562.858401][T12917] FAULT_INJECTION: forcing a failure. [ 562.858401][T12917] name failslab, interval 1, probability 0, space 0, times 0 [ 562.902027][T12917] CPU: 1 UID: 0 PID: 12917 Comm: syz.3.1620 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 562.902068][T12917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 562.902084][T12917] Call Trace: [ 562.902092][T12917] [ 562.902103][T12917] dump_stack_lvl+0x16c/0x1f0 [ 562.902140][T12917] should_fail_ex+0x512/0x640 [ 562.902175][T12917] ? __kmalloc_noprof+0xbf/0x510 [ 562.902208][T12917] ? snd_pcm_plugin_build+0x434/0x650 [ 562.902250][T12917] should_failslab+0xc2/0x120 [ 562.902282][T12917] __kmalloc_noprof+0xd2/0x510 [ 562.902318][T12917] snd_pcm_plugin_build+0x434/0x650 [ 562.902359][T12917] snd_pcm_plugin_build_io+0x207/0x5f0 [ 562.902400][T12917] ? __pfx_snd_pcm_plugin_build_io+0x10/0x10 [ 562.902440][T12917] ? _raw_spin_unlock_irq+0x23/0x50 [ 562.902478][T12917] snd_pcm_oss_change_params_locked+0x2f61/0x3b40 [ 562.902530][T12917] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 562.902568][T12917] ? mas_preallocate+0x5b4/0xcd0 [ 562.902628][T12917] snd_pcm_oss_mmap+0x578/0x700 [ 562.902664][T12917] __mmap_region+0x1485/0x27c0 [ 562.902698][T12917] ? __pfx___mmap_region+0x10/0x10 [ 562.902724][T12917] ? bpf_ksym_find+0x124/0x1c0 [ 562.902774][T12917] ? __kernel_text_address+0xd/0x40 [ 562.902815][T12917] ? unwind_get_return_address+0x59/0xa0 [ 562.902899][T12917] ? trace_cap_capable+0x18d/0x200 [ 562.902953][T12917] ? cap_capable+0xb3/0x250 [ 562.902984][T12917] mmap_region+0x32b/0x3f0 [ 562.903021][T12917] do_mmap+0xd8e/0x11b0 [ 562.903066][T12917] ? __pfx_do_mmap+0x10/0x10 [ 562.903105][T12917] ? __pfx_down_write_killable+0x10/0x10 [ 562.903149][T12917] vm_mmap_pgoff+0x281/0x450 [ 562.903196][T12917] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 562.903241][T12917] ? __fget_files+0x20e/0x3c0 [ 562.903288][T12917] ksys_mmap_pgoff+0x32c/0x5c0 [ 562.903325][T12917] ? __pfx_ksys_write+0x10/0x10 [ 562.903348][T12917] ? rcu_is_watching+0x12/0xc0 [ 562.903376][T12917] __x64_sys_mmap+0x125/0x190 [ 562.903405][T12917] do_syscall_64+0xcd/0x230 [ 562.903443][T12917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.903471][T12917] RIP: 0033:0x7f7c4a78e969 [ 562.903492][T12917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.903518][T12917] RSP: 002b:00007f7c4b523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 562.903544][T12917] RAX: ffffffffffffffda RBX: 00007f7c4a9b5fa0 RCX: 00007f7c4a78e969 [ 562.903561][T12917] RDX: fffffffffffffe01 RSI: 0000000004000005 RDI: 0000000000000000 [ 562.903578][T12917] RBP: 00007f7c4b523090 R08: 0000000000000003 R09: 0010000000008000 [ 562.903594][T12917] R10: 0000000000008051 R11: 0000000000000246 R12: 0000000000000002 [ 562.903610][T12917] R13: 0000000000000000 R14: 00007f7c4a9b5fa0 R15: 00007ffe535fdba8 [ 562.903645][T12917] [ 563.912754][T12935] blktrace: Concurrent blktraces are not allowed on loop5 [ 563.945273][T12935] FAULT_INJECTION: forcing a failure. [ 563.945273][T12935] name failslab, interval 1, probability 0, space 0, times 0 [ 563.945352][T12935] CPU: 1 UID: 0 PID: 12935 Comm: syz.3.1623 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 563.945394][T12935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 563.945414][T12935] Call Trace: [ 563.945424][T12935] [ 563.945437][T12935] dump_stack_lvl+0x16c/0x1f0 [ 563.945482][T12935] should_fail_ex+0x512/0x640 [ 563.945527][T12935] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 563.945568][T12935] should_failslab+0xc2/0x120 [ 563.945608][T12935] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 563.945647][T12935] ? __proc_create+0xc3/0x8c0 [ 563.945681][T12935] ? __proc_create+0x2ce/0x8c0 [ 563.945722][T12935] __proc_create+0x2ce/0x8c0 [ 563.945759][T12935] ? __pfx___proc_create+0x10/0x10 [ 563.945791][T12935] ? _raw_write_unlock+0x28/0x50 [ 563.945826][T12935] ? proc_register+0x314/0x5f0 [ 563.945875][T12935] _proc_mkdir+0xb9/0x200 [ 563.945910][T12935] ? __pfx__proc_mkdir+0x10/0x10 [ 563.945954][T12935] ? __pfx_netfilter_net_init+0x10/0x10 [ 563.946002][T12935] netfilter_net_init+0x37b/0x4b0 [ 563.946046][T12935] ? sysctl_net_init+0x27/0x30 [ 563.946088][T12935] ops_init+0x1df/0x5f0 [ 563.946126][T12935] setup_net+0x21e/0x850 [ 563.946171][T12935] ? __pfx_setup_net+0x10/0x10 [ 563.946202][T12935] ? lockdep_init_map_type+0x5c/0x280 [ 563.946246][T12935] ? __pfx_down_read_killable+0x10/0x10 [ 563.946298][T12935] ? debug_mutex_init+0x37/0x70 [ 563.946350][T12935] copy_net_ns+0x2a6/0x5f0 [ 563.946390][T12935] create_new_namespaces+0x3ea/0xad0 [ 563.946435][T12935] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 563.946475][T12935] ksys_unshare+0x45b/0xa40 [ 563.946519][T12935] ? __pfx_ksys_unshare+0x10/0x10 [ 563.946560][T12935] ? xfd_validate_state+0x5d/0x180 [ 563.946616][T12935] ? rcu_is_watching+0x12/0xc0 [ 563.946654][T12935] __x64_sys_unshare+0x31/0x40 [ 563.946698][T12935] do_syscall_64+0xcd/0x230 [ 563.946741][T12935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.946773][T12935] RIP: 0033:0x7f7c4a78e969 [ 563.946799][T12935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.946830][T12935] RSP: 002b:00007f7c4b523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 563.946862][T12935] RAX: ffffffffffffffda RBX: 00007f7c4a9b5fa0 RCX: 00007f7c4a78e969 [ 563.946884][T12935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 563.946916][T12935] RBP: 00007f7c4a810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 563.946936][T12935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 563.946954][T12935] R13: 0000000000000000 R14: 00007f7c4a9b5fa0 R15: 00007ffe535fdba8 [ 563.946994][T12935] [ 563.976329][T12935] cannot create netfilter proc entry [ 565.151461][T12948] Invalid ELF header magic: != ELF [ 567.143996][T12966] netlink: 'syz.0.1632': attribute type 10 has an invalid length. [ 567.187192][T12966] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1632'. [ 567.467931][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.474566][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.892654][T12988] blk-mq: reduced tag depth (128 -> 64) [ 568.212616][T12999] Invalid ELF header magic: != ELF [ 568.704924][T13009] Invalid ELF header magic: != ELF [ 569.356909][T13017] CIFS mount error: No usable UNC path provided in device string! [ 569.356909][T13017] [ 569.378885][T13017] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 570.056036][T13028] FAULT_INJECTION: forcing a failure. [ 570.056036][T13028] name failslab, interval 1, probability 0, space 0, times 0 [ 570.080013][T13028] CPU: 0 UID: 0 PID: 13028 Comm: syz.2.1647 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 570.080062][T13028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 570.080082][T13028] Call Trace: [ 570.080093][T13028] [ 570.080105][T13028] dump_stack_lvl+0x16c/0x1f0 [ 570.080149][T13028] should_fail_ex+0x512/0x640 [ 570.080192][T13028] ? __kmalloc_noprof+0xbf/0x510 [ 570.080230][T13028] ? constrain_params_by_rules+0x175/0xca0 [ 570.080271][T13028] should_failslab+0xc2/0x120 [ 570.080309][T13028] __kmalloc_noprof+0xd2/0x510 [ 570.080338][T13028] ? kasan_quarantine_put+0x10a/0x240 [ 570.080368][T13028] ? constrain_params_by_rules+0xa09/0xca0 [ 570.080416][T13028] constrain_params_by_rules+0x175/0xca0 [ 570.080474][T13028] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 570.080530][T13028] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 570.080579][T13028] ? __lock_acquire+0xaa4/0x1ba0 [ 570.080671][T13028] snd_pcm_hw_refine+0x7de/0xad0 [ 570.080715][T13028] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 570.080760][T13028] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 570.080805][T13028] ? snd_pcm_hw_param_value+0x266/0x5b0 [ 570.080845][T13028] snd_pcm_hw_param_first+0x334/0x6f0 [ 570.080882][T13028] ? trace_hw_mask_param+0x18b/0x200 [ 570.080918][T13028] snd_pcm_hw_params+0x5ad/0x1b40 [ 570.080967][T13028] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 570.081009][T13028] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 570.081051][T13028] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 570.081089][T13028] ? __asan_memset+0x23/0x50 [ 570.081158][T13028] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 570.081207][T13028] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 570.081270][T13028] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 570.081315][T13028] ? __pfx___mutex_lock+0x10/0x10 [ 570.081383][T13028] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 570.081425][T13028] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 570.081464][T13028] snd_pcm_oss_sync+0x1de/0x840 [ 570.081515][T13028] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 570.081556][T13028] snd_pcm_oss_release+0x28b/0x310 [ 570.081600][T13028] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 570.081640][T13028] __fput+0x3ff/0xb70 [ 570.081687][T13028] task_work_run+0x14d/0x240 [ 570.081737][T13028] ? __pfx_task_work_run+0x10/0x10 [ 570.081785][T13028] ? __pfx___do_sys_close_range+0x10/0x10 [ 570.081813][T13028] ? rcu_is_watching+0x12/0xc0 [ 570.081849][T13028] syscall_exit_to_user_mode+0x27b/0x2a0 [ 570.081891][T13028] do_syscall_64+0xda/0x230 [ 570.081933][T13028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.081963][T13028] RIP: 0033:0x7fa30658e969 [ 570.081987][T13028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 570.082018][T13028] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 570.082049][T13028] RAX: 0000000000000000 RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 570.082068][T13028] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 570.082086][T13028] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 570.082105][T13028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 570.082123][T13028] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 570.082163][T13028] [ 571.078499][T13043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1650'. [ 571.585441][ T30] audit: type=1800 audit(6040609143.897:29): pid=13056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1652" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 571.652113][T13056] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 571.706786][T13059] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1653'. [ 573.171252][T13078] netlink: 'syz.2.1658': attribute type 10 has an invalid length. [ 573.179474][T13078] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1658'. [ 573.219037][T13076] netlink: 'syz.1.1657': attribute type 10 has an invalid length. [ 573.240888][T13076] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1657'. [ 573.377643][T13089] FAULT_INJECTION: forcing a failure. [ 573.377643][T13089] name failslab, interval 1, probability 0, space 0, times 0 [ 573.391188][T13089] CPU: 1 UID: 0 PID: 13089 Comm: syz.3.1661 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 573.391231][T13089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 573.391250][T13089] Call Trace: [ 573.391260][T13089] [ 573.391272][T13089] dump_stack_lvl+0x16c/0x1f0 [ 573.391315][T13089] should_fail_ex+0x512/0x640 [ 573.391359][T13089] ? __kvmalloc_node_noprof+0x122/0x600 [ 573.391395][T13089] should_failslab+0xc2/0x120 [ 573.391433][T13089] __kvmalloc_node_noprof+0x135/0x600 [ 573.391467][T13089] ? io_alloc_cache_init+0x33/0x170 [ 573.391503][T13089] ? io_alloc_cache_init+0x33/0x170 [ 573.391530][T13089] io_alloc_cache_init+0x33/0x170 [ 573.391561][T13089] io_uring_setup+0x5ff/0x1ff0 [ 573.391603][T13089] ? __pfx_io_uring_setup+0x10/0x10 [ 573.391640][T13089] ? do_futex+0x122/0x350 [ 573.391680][T13089] ? __pfx_do_futex+0x10/0x10 [ 573.391711][T13089] ? fd_install+0x225/0x750 [ 573.391779][T13089] ? rcu_is_watching+0x12/0xc0 [ 573.391815][T13089] __x64_sys_io_uring_setup+0xc2/0x170 [ 573.391861][T13089] do_syscall_64+0xcd/0x230 [ 573.391904][T13089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.391935][T13089] RIP: 0033:0x7f7c4a78e969 [ 573.391960][T13089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.391991][T13089] RSP: 002b:00007f7c4b523038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 573.392021][T13089] RAX: ffffffffffffffda RBX: 00007f7c4a9b5fa0 RCX: 00007f7c4a78e969 [ 573.392043][T13089] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000001 [ 573.392062][T13089] RBP: 00007f7c4a810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 573.392082][T13089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.392100][T13089] R13: 0000000000000000 R14: 00007f7c4a9b5fa0 R15: 00007ffe535fdba8 [ 573.392140][T13089] [ 573.912652][T13095] ovs_ÿþ: entered promiscuous mode [ 575.330992][T13113] FAULT_INJECTION: forcing a failure. [ 575.330992][T13113] name failslab, interval 1, probability 0, space 0, times 0 [ 575.346341][T13117] FAULT_INJECTION: forcing a failure. [ 575.346341][T13117] name failslab, interval 1, probability 0, space 0, times 0 [ 575.360696][T13117] CPU: 1 UID: 0 PID: 13117 Comm: syz.2.1671 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 575.360740][T13117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 575.360758][T13117] Call Trace: [ 575.360768][T13117] [ 575.360779][T13117] dump_stack_lvl+0x16c/0x1f0 [ 575.360821][T13117] should_fail_ex+0x512/0x640 [ 575.360861][T13117] ? fs_reclaim_acquire+0xae/0x150 [ 575.360918][T13117] should_failslab+0xc2/0x120 [ 575.360955][T13117] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 575.360990][T13117] ? security_inode_alloc+0x3b/0x2b0 [ 575.361026][T13117] security_inode_alloc+0x3b/0x2b0 [ 575.361056][T13117] inode_init_always_gfp+0xce4/0x1030 [ 575.361107][T13117] alloc_inode+0x86/0x240 [ 575.361141][T13117] sock_alloc+0x40/0x280 [ 575.361174][T13117] __sock_create+0xc1/0x8d0 [ 575.361218][T13117] __sys_socket+0x14d/0x260 [ 575.361257][T13117] ? __pfx___sys_socket+0x10/0x10 [ 575.361298][T13117] ? rcu_is_watching+0x12/0xc0 [ 575.361334][T13117] __x64_sys_socket+0x72/0xb0 [ 575.361371][T13117] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.361405][T13117] do_syscall_64+0xcd/0x230 [ 575.361444][T13117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.361474][T13117] RIP: 0033:0x7fa30658e969 [ 575.361497][T13117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.361526][T13117] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 575.361555][T13117] RAX: ffffffffffffffda RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 575.361575][T13117] RDX: 000000000000000c RSI: 0000000000000003 RDI: 0000000000000002 [ 575.361592][T13117] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 575.361610][T13117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.361629][T13117] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 575.361665][T13117] [ 575.361704][T13117] socket: no more sockets [ 575.518176][T13113] CPU: 0 UID: 0 PID: 13113 Comm: syz.0.1670 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 575.518227][T13113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 575.518249][T13113] Call Trace: [ 575.518260][T13113] [ 575.518272][T13113] dump_stack_lvl+0x16c/0x1f0 [ 575.518320][T13113] should_fail_ex+0x512/0x640 [ 575.518369][T13113] ? __kmalloc_noprof+0xbf/0x510 [ 575.518410][T13113] ? __register_sysctl_table+0xea2/0x1900 [ 575.518446][T13113] should_failslab+0xc2/0x120 [ 575.518488][T13113] __kmalloc_noprof+0xd2/0x510 [ 575.518521][T13113] ? __register_sysctl_table+0xe8e/0x1900 [ 575.518568][T13113] __register_sysctl_table+0xea2/0x1900 [ 575.518635][T13113] ? __pfx___register_sysctl_table+0x10/0x10 [ 575.518673][T13113] ? is_module_address+0x69/0xf0 [ 575.518717][T13113] ? register_net_sysctl_sz+0x228/0x3e0 [ 575.518766][T13113] ? __asan_memcpy+0x3c/0x60 [ 575.518823][T13113] ? __pfx_mpls_net_init+0x10/0x10 [ 575.518871][T13113] mpls_net_init+0x180/0x230 [ 575.518912][T13113] ops_init+0x1df/0x5f0 [ 575.518954][T13113] setup_net+0x21e/0x850 [ 575.518994][T13113] ? __pfx_setup_net+0x10/0x10 [ 575.519028][T13113] ? lockdep_init_map_type+0x5c/0x280 [ 575.519076][T13113] ? __pfx_down_read_killable+0x10/0x10 [ 575.519147][T13113] ? debug_mutex_init+0x37/0x70 [ 575.519209][T13113] copy_net_ns+0x2a6/0x5f0 [ 575.519252][T13113] create_new_namespaces+0x3ea/0xad0 [ 575.519299][T13113] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 575.519341][T13113] ksys_unshare+0x45b/0xa40 [ 575.519387][T13113] ? __pfx_ksys_unshare+0x10/0x10 [ 575.519430][T13113] ? xfd_validate_state+0x5d/0x180 [ 575.519486][T13113] ? rcu_is_watching+0x12/0xc0 [ 575.519527][T13113] __x64_sys_unshare+0x31/0x40 [ 575.519572][T13113] do_syscall_64+0xcd/0x230 [ 575.519617][T13113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.519650][T13113] RIP: 0033:0x7f1d4518e969 [ 575.519677][T13113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.519710][T13113] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 575.519742][T13113] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 575.519764][T13113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 575.519785][T13113] RBP: 00007f1d45210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 575.519806][T13113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.519827][T13113] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 575.519874][T13113] [ 575.547065][T13113] sysctl could not get directory: [ 575.625470][T13107] netlink: 'syz.1.1669': attribute type 10 has an invalid length. [ 575.628396][T13113] /net/mpls -12 [ 575.845613][T13107] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1669'. [ 576.272927][ T5831] smpboot: CPU 1 is now offline [ 578.066936][T13161] Invalid ELF header magic: != ELF [ 578.386759][T13165] Invalid ELF header magic: != ELF [ 579.333969][T13174] FAULT_INJECTION: forcing a failure. [ 579.333969][T13174] name fail_futex, interval 1, probability 0, space 0, times 0 [ 579.387024][T13174] CPU: 0 UID: 0 PID: 13174 Comm: syz.0.1682 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 579.387059][T13174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 579.387072][T13174] Call Trace: [ 579.387080][T13174] [ 579.387088][T13174] dump_stack_lvl+0x16c/0x1f0 [ 579.387120][T13174] should_fail_ex+0x512/0x640 [ 579.387155][T13174] get_futex_key+0x1c2/0x1000 [ 579.387181][T13174] ? __pfx_get_futex_key+0x10/0x10 [ 579.387220][T13174] futex_wake+0xe7/0x4e0 [ 579.387245][T13174] ? rcu_is_watching+0x12/0xc0 [ 579.387269][T13174] ? __pfx_futex_wake+0x10/0x10 [ 579.387309][T13174] do_futex+0x1e3/0x350 [ 579.387333][T13174] ? __pfx_do_futex+0x10/0x10 [ 579.387355][T13174] ? __might_fault+0xe3/0x190 [ 579.387388][T13174] mm_release+0x24e/0x300 [ 579.387413][T13174] do_exit+0x898/0x2c30 [ 579.387450][T13174] ? __pfx_do_exit+0x10/0x10 [ 579.387479][T13174] ? do_raw_spin_lock+0x12c/0x2b0 [ 579.387512][T13174] ? find_held_lock+0x2b/0x80 [ 579.387538][T13174] do_group_exit+0xd3/0x2a0 [ 579.387571][T13174] get_signal+0x2673/0x26d0 [ 579.387607][T13174] ? __pfx_get_signal+0x10/0x10 [ 579.387631][T13174] ? find_held_lock+0x2b/0x80 [ 579.387658][T13174] arch_do_signal_or_restart+0x8f/0x7a0 [ 579.387691][T13174] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 579.387730][T13174] ? ksys_read+0x1b9/0x240 [ 579.387750][T13174] ? __pfx_ksys_read+0x10/0x10 [ 579.387776][T13174] syscall_exit_to_user_mode+0x150/0x2a0 [ 579.387805][T13174] do_syscall_64+0xda/0x230 [ 579.387836][T13174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.387858][T13174] RIP: 0033:0x7f1d4518e969 [ 579.387875][T13174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.387898][T13174] RSP: 002b:00007f1d45fdc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 579.387919][T13174] RAX: fffffffffffffe00 RBX: 00007f1d453b6320 RCX: 00007f1d4518e969 [ 579.387934][T13174] RDX: 0000000000000007 RSI: 00002000000000c0 RDI: 0000000000000003 [ 579.387948][T13174] RBP: 00007f1d45fdc090 R08: 0000000000000000 R09: 0000000000000000 [ 579.387962][T13174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 579.387976][T13174] R13: 0000000000000001 R14: 00007f1d453b6320 R15: 00007ffc99ab9818 [ 579.388004][T13174] [ 581.234124][T13189] could not allocate digest TFM handle binfmt_misc [ 581.275920][T13200] netlink: 'syz.1.1688': attribute type 10 has an invalid length. [ 581.373740][T13200] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1688'. [ 581.524485][T13204] zram: Added device: zram1 [ 581.657050][T13187] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 581.695404][T13187] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 581.722551][T13187] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 581.756020][T13187] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 583.323554][T13231] FAULT_INJECTION: forcing a failure. [ 583.323554][T13231] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 583.376588][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 583.413431][T13231] CPU: 0 UID: 0 PID: 13231 Comm: syz.1.1694 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 583.413466][T13231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 583.413481][T13231] Call Trace: [ 583.413489][T13231] [ 583.413498][T13231] dump_stack_lvl+0x16c/0x1f0 [ 583.413532][T13231] should_fail_ex+0x512/0x640 [ 583.413570][T13231] should_fail_alloc_page+0xe7/0x130 [ 583.413601][T13231] prepare_alloc_pages+0x3c2/0x610 [ 583.413637][T13231] ? rcu_is_watching+0x12/0xc0 [ 583.413661][T13231] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 583.413690][T13231] ? unwind_get_return_address+0x59/0xa0 [ 583.413717][T13231] ? arch_stack_walk+0xa6/0x100 [ 583.413759][T13231] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 583.413788][T13231] ? __pfx_stack_trace_save+0x10/0x10 [ 583.413812][T13231] ? stack_depot_save_flags+0x28/0xa50 [ 583.413854][T13231] ? kasan_save_stack+0x42/0x60 [ 583.413880][T13231] ? __lock_acquire+0xaa4/0x1ba0 [ 583.413908][T13231] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 583.413941][T13231] ? policy_nodemask+0xea/0x4e0 [ 583.413971][T13231] alloc_pages_mpol+0x1fb/0x550 [ 583.414000][T13231] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 583.414026][T13231] ? __page_table_check_ptes_set+0x1ae/0x420 [ 583.414054][T13231] ? find_held_lock+0x2b/0x80 [ 583.414080][T13231] alloc_pages_noprof+0x131/0x390 [ 583.414109][T13231] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 583.414131][T13231] get_free_pages_noprof+0xc/0x40 [ 583.414160][T13231] kasan_populate_vmalloc_pte+0x2d/0x160 [ 583.414184][T13231] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 583.414207][T13231] __apply_to_page_range+0x617/0xd60 [ 583.414245][T13231] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 583.414273][T13231] ? __pfx___apply_to_page_range+0x10/0x10 [ 583.414310][T13231] ? alloc_vmap_area+0x872/0x2970 [ 583.414347][T13231] alloc_vmap_area+0x919/0x2970 [ 583.414392][T13231] ? __pfx_alloc_vmap_area+0x10/0x10 [ 583.414433][T13231] __get_vm_area_node+0x1a7/0x300 [ 583.414479][T13231] __vmalloc_node_range_noprof+0x277/0x1540 [ 583.414517][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 583.414552][T13231] ? __mutex_trylock_common+0xe9/0x250 [ 583.414591][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 583.414629][T13231] ? do_alloc_pages+0xd7/0x280 [ 583.414661][T13231] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 583.414700][T13231] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 583.414743][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 583.414779][T13231] vmalloc_noprof+0x6b/0x90 [ 583.414815][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 583.414848][T13231] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 583.414884][T13231] __snd_dma_alloc_pages+0x50/0x90 [ 583.414919][T13231] snd_dma_alloc_dir_pages+0x151/0x240 [ 583.414958][T13231] do_alloc_pages+0x115/0x280 [ 583.414994][T13231] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 583.415033][T13231] snd_pcm_hw_params+0x15e1/0x1b40 [ 583.415072][T13231] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 583.415107][T13231] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 583.415142][T13231] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 583.415173][T13231] ? __asan_memset+0x23/0x50 [ 583.415212][T13231] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 583.415247][T13231] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 583.415293][T13231] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 583.415326][T13231] ? __pfx___mutex_lock+0x10/0x10 [ 583.415374][T13231] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 583.415405][T13231] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 583.415434][T13231] snd_pcm_oss_sync+0x1de/0x840 [ 583.415467][T13231] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 583.415497][T13231] snd_pcm_oss_release+0x28b/0x310 [ 583.415529][T13231] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 583.415557][T13231] __fput+0x3ff/0xb70 [ 583.415591][T13231] task_work_run+0x14d/0x240 [ 583.415629][T13231] ? __pfx_task_work_run+0x10/0x10 [ 583.415665][T13231] ? __pfx___do_sys_close_range+0x10/0x10 [ 583.415686][T13231] ? rcu_is_watching+0x12/0xc0 [ 583.415712][T13231] syscall_exit_to_user_mode+0x27b/0x2a0 [ 583.415748][T13231] do_syscall_64+0xda/0x230 [ 583.415779][T13231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.415804][T13231] RIP: 0033:0x7f0bcad8e969 [ 583.415822][T13231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.415846][T13231] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 583.415869][T13231] RAX: 0000000000000000 RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 583.415885][T13231] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 583.415899][T13231] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 583.415913][T13231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 583.415928][T13231] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 583.415958][T13231] [ 583.988318][T13234] FAULT_INJECTION: forcing a failure. [ 583.988318][T13234] name failslab, interval 1, probability 0, space 0, times 0 [ 584.001052][T13234] CPU: 0 UID: 0 PID: 13234 Comm: syz.0.1695 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 584.001084][T13234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 584.001099][T13234] Call Trace: [ 584.001107][T13234] [ 584.001115][T13234] dump_stack_lvl+0x16c/0x1f0 [ 584.001148][T13234] should_fail_ex+0x512/0x640 [ 584.001181][T13234] ? __kmalloc_noprof+0xbf/0x510 [ 584.001209][T13234] ? constrain_params_by_rules+0x175/0xca0 [ 584.001240][T13234] should_failslab+0xc2/0x120 [ 584.001268][T13234] __kmalloc_noprof+0xd2/0x510 [ 584.001292][T13234] ? kasan_quarantine_put+0x10a/0x240 [ 584.001315][T13234] ? constrain_params_by_rules+0xa09/0xca0 [ 584.001351][T13234] constrain_params_by_rules+0x175/0xca0 [ 584.001395][T13234] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 584.001433][T13234] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 584.001463][T13234] ? __lock_acquire+0xaa4/0x1ba0 [ 584.001510][T13234] snd_pcm_hw_refine+0x7de/0xad0 [ 584.001546][T13234] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 584.001583][T13234] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 584.001619][T13234] ? snd_pcm_hw_param_value+0x266/0x5b0 [ 584.001657][T13234] snd_pcm_hw_param_first+0x334/0x6f0 [ 584.001687][T13234] ? trace_hw_mask_param+0x18b/0x200 [ 584.001715][T13234] snd_pcm_hw_params+0x5ad/0x1b40 [ 584.001754][T13234] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 584.001788][T13234] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 584.001824][T13234] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 584.001855][T13234] ? __asan_memset+0x23/0x50 [ 584.001893][T13234] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 584.001929][T13234] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 584.001974][T13234] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 584.002011][T13234] ? __pfx___mutex_lock+0x10/0x10 [ 584.002059][T13234] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 584.002090][T13234] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 584.002119][T13234] snd_pcm_oss_sync+0x1de/0x840 [ 584.002152][T13234] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 584.002181][T13234] snd_pcm_oss_release+0x28b/0x310 [ 584.002212][T13234] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 584.002245][T13234] __fput+0x3ff/0xb70 [ 584.002278][T13234] task_work_run+0x14d/0x240 [ 584.002314][T13234] ? __pfx_task_work_run+0x10/0x10 [ 584.002349][T13234] ? __pfx___do_sys_close_range+0x10/0x10 [ 584.002370][T13234] ? rcu_is_watching+0x12/0xc0 [ 584.002396][T13234] syscall_exit_to_user_mode+0x27b/0x2a0 [ 584.002426][T13234] do_syscall_64+0xda/0x230 [ 584.002456][T13234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.002481][T13234] RIP: 0033:0x7f1d4518e969 [ 584.002499][T13234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.002521][T13234] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 584.002543][T13234] RAX: 0000000000000000 RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 584.002558][T13234] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 584.002571][T13234] RBP: 00007f1d45210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 584.002585][T13234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.002599][T13234] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 584.002628][T13234] [ 584.752461][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 584.758674][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 584.764699][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 585.468187][T13231] syz.1.1694: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 585.547797][T13231] CPU: 0 UID: 0 PID: 13231 Comm: syz.1.1694 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 585.547840][T13231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 585.547854][T13231] Call Trace: [ 585.547861][T13231] [ 585.547869][T13231] dump_stack_lvl+0x16c/0x1f0 [ 585.547901][T13231] warn_alloc+0x248/0x3a0 [ 585.547927][T13231] ? __pfx_warn_alloc+0x10/0x10 [ 585.547954][T13231] ? kfree+0x2b6/0x4d0 [ 585.547993][T13231] ? __get_vm_area_node+0x1e5/0x300 [ 585.548033][T13231] __vmalloc_node_range_noprof+0xd31/0x1540 [ 585.548069][T13231] ? __mutex_trylock_common+0xe9/0x250 [ 585.548106][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 585.548142][T13231] ? do_alloc_pages+0xd7/0x280 [ 585.548172][T13231] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 585.548209][T13231] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 585.548242][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 585.548275][T13231] vmalloc_noprof+0x6b/0x90 [ 585.548309][T13231] ? __snd_dma_alloc_pages+0x50/0x90 [ 585.548340][T13231] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 585.548373][T13231] __snd_dma_alloc_pages+0x50/0x90 [ 585.548407][T13231] snd_dma_alloc_dir_pages+0x151/0x240 [ 585.548443][T13231] do_alloc_pages+0x115/0x280 [ 585.548477][T13231] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 585.548522][T13231] snd_pcm_hw_params+0x15e1/0x1b40 [ 585.548559][T13231] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 585.548591][T13231] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 585.548625][T13231] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 585.548655][T13231] ? __asan_memset+0x23/0x50 [ 585.548693][T13231] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 585.548726][T13231] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 585.548771][T13231] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 585.548806][T13231] ? __pfx___mutex_lock+0x10/0x10 [ 585.548852][T13231] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 585.548882][T13231] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 585.548910][T13231] snd_pcm_oss_sync+0x1de/0x840 [ 585.548941][T13231] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 585.548980][T13231] snd_pcm_oss_release+0x28b/0x310 [ 585.549008][T13231] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 585.549034][T13231] __fput+0x3ff/0xb70 [ 585.549064][T13231] task_work_run+0x14d/0x240 [ 585.549097][T13231] ? __pfx_task_work_run+0x10/0x10 [ 585.549128][T13231] ? __pfx___do_sys_close_range+0x10/0x10 [ 585.549148][T13231] ? rcu_is_watching+0x12/0xc0 [ 585.549172][T13231] syscall_exit_to_user_mode+0x27b/0x2a0 [ 585.549199][T13231] do_syscall_64+0xda/0x230 [ 585.549227][T13231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.549248][T13231] RIP: 0033:0x7f0bcad8e969 [ 585.549264][T13231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.549285][T13231] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 585.549305][T13231] RAX: 0000000000000000 RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 585.549319][T13231] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 585.549331][T13231] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 585.549343][T13231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.549355][T13231] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 585.549382][T13231] [ 585.949546][T13231] Mem-Info: [ 585.952774][T13231] active_anon:14521 inactive_anon:1 isolated_anon:0 [ 585.952774][T13231] active_file:21801 inactive_file:39324 isolated_file:0 [ 585.952774][T13231] unevictable:768 dirty:1876 writeback:0 [ 585.952774][T13231] slab_reclaimable:11308 slab_unreclaimable:99985 [ 585.952774][T13231] mapped:26291 shmem:1441 pagetables:855 [ 585.952774][T13231] sec_pagetables:0 bounce:0 [ 585.952774][T13231] kernel_misc_reclaimable:0 [ 585.952774][T13231] free:1319617 free_pcp:1301 free_cma:0 [ 585.998374][T13231] Node 0 active_anon:58084kB inactive_anon:4kB active_file:87204kB inactive_file:157224kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105164kB dirty:7504kB writeback:0kB shmem:1156kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10768kB pagetables:3420kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 586.032347][T13231] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 586.064806][T13231] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 586.092942][T13231] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 586.098723][T13231] Node 0 DMA32 free:1348324kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:58040kB inactive_anon:4kB active_file:87204kB inactive_file:155380kB unevictable:1536kB writepending:7504kB present:3129332kB managed:2544212kB mlocked:0kB bounce:0kB free_pcp:4956kB local_pcp:4956kB free_cma:0kB [ 586.129294][T13231] lowmem_reserve[]: 0 0 1 1 1 [ 586.134052][T13231] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1844kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 586.162605][T13231] lowmem_reserve[]: 0 0 0 0 0 [ 586.167365][T13231] Node 1 Normal free:3914772kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 586.197477][T13231] lowmem_reserve[]: 0 0 0 0 0 [ 586.202258][T13231] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 586.215118][T13231] Node 0 DMA32: 1289*4kB (UME) 1406*8kB (UME) 1083*16kB (UME) 873*32kB (UME) 466*64kB (UME) 211*128kB (UME) 120*256kB (UM) 54*512kB (UM) 44*1024kB (UM) 20*2048kB (UME) 265*4096kB (UME) = 1348324kB [ 586.234782][T13231] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 586.247431][T13231] Node 1 Normal: 152*4kB (UM) 71*8kB (UME) 39*16kB (UME) 179*32kB (UME) 78*64kB (UME) 28*128kB (UME) 17*256kB (UME) 12*512kB (UME) 5*1024kB (UME) 2*2048kB (UM) 947*4096kB (M) = 3914728kB [ 586.267385][T13231] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 586.278062][T13231] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 586.287433][T13231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 586.297077][T13231] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 586.306427][T13231] 62566 total pagecache pages [ 586.311554][T13231] 0 pages in swap cache [ 586.315719][T13231] Free swap = 124996kB [ 586.319897][T13231] Total swap = 124996kB [ 586.361073][T13231] 2097051 pages RAM [ 586.365011][T13231] 0 pages HighMem/MovableOnly [ 586.407017][T13231] 428892 pages reserved [ 586.417146][T13231] 0 pages cma reserved [ 586.918085][T13267] Invalid ELF header magic: != ELF [ 587.077019][T13274] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1706'. [ 587.143512][T13274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 587.199755][T13274] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 587.250848][T13274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 587.287370][T13274] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 591.338542][T13330] netlink: 'syz.3.1716': attribute type 10 has an invalid length. [ 591.384479][T13330] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1716'. [ 595.714759][T13368] netlink: 'syz.3.1725': attribute type 10 has an invalid length. [ 595.821759][T13368] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1725'. [ 595.867667][T13382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1728'. [ 596.174315][T13387] blktrace: Concurrent blktraces are not allowed on loop5 [ 596.244687][T13387] FAULT_INJECTION: forcing a failure. [ 596.244687][T13387] name failslab, interval 1, probability 0, space 0, times 0 [ 596.345541][T13387] CPU: 0 UID: 0 PID: 13387 Comm: syz.1.1730 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 596.345575][T13387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 596.345590][T13387] Call Trace: [ 596.345597][T13387] [ 596.345605][T13387] dump_stack_lvl+0x16c/0x1f0 [ 596.345638][T13387] should_fail_ex+0x512/0x640 [ 596.345670][T13387] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 596.345702][T13387] should_failslab+0xc2/0x120 [ 596.345729][T13387] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 596.345756][T13387] ? __pfx__proc_mkdir+0x10/0x10 [ 596.345781][T13387] ? nf_lwtunnel_net_init+0x38/0xf0 [ 596.345804][T13387] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 596.345827][T13387] kmemdup_noprof+0x29/0x60 [ 596.345855][T13387] nf_lwtunnel_net_init+0x38/0xf0 [ 596.345877][T13387] ops_init+0x1df/0x5f0 [ 596.345903][T13387] setup_net+0x21e/0x850 [ 596.345928][T13387] ? __pfx_setup_net+0x10/0x10 [ 596.345949][T13387] ? lockdep_init_map_type+0x5c/0x280 [ 596.345979][T13387] ? __pfx_down_read_killable+0x10/0x10 [ 596.346014][T13387] ? debug_mutex_init+0x37/0x70 [ 596.346052][T13387] copy_net_ns+0x2a6/0x5f0 [ 596.346081][T13387] create_new_namespaces+0x3ea/0xad0 [ 596.346112][T13387] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 596.346139][T13387] ksys_unshare+0x45b/0xa40 [ 596.346170][T13387] ? __pfx_ksys_unshare+0x10/0x10 [ 596.346198][T13387] ? xfd_validate_state+0x5d/0x180 [ 596.346235][T13387] ? rcu_is_watching+0x12/0xc0 [ 596.346262][T13387] __x64_sys_unshare+0x31/0x40 [ 596.346292][T13387] do_syscall_64+0xcd/0x230 [ 596.346321][T13387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.346345][T13387] RIP: 0033:0x7f0bcad8e969 [ 596.346367][T13387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.346391][T13387] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 596.346413][T13387] RAX: ffffffffffffffda RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 596.346428][T13387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 596.346442][T13387] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 596.346456][T13387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.346470][T13387] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 596.346498][T13387] [ 597.052372][T13397] ovs_ÿþ: entered promiscuous mode [ 597.277698][T13395] netlink: 'syz.3.1734': attribute type 10 has an invalid length. [ 597.381868][T13395] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1734'. [ 597.431500][T13406] Invalid ELF header magic: != ELF [ 598.967253][T13420] Invalid ELF header magic: != ELF [ 600.451720][T13454] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1743'. [ 600.540066][T13457] Invalid ELF header magic: != ELF [ 600.592414][T13454] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 600.697472][T13468] FAULT_INJECTION: forcing a failure. [ 600.697472][T13468] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 600.751448][T13454] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 600.771706][T13468] CPU: 0 UID: 0 PID: 13468 Comm: syz.2.1750 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 600.771737][T13468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 600.771750][T13468] Call Trace: [ 600.771757][T13468] [ 600.771765][T13468] dump_stack_lvl+0x16c/0x1f0 [ 600.771794][T13468] should_fail_ex+0x512/0x640 [ 600.771826][T13468] _copy_to_user+0x32/0xd0 [ 600.771859][T13468] simple_read_from_buffer+0xcb/0x170 [ 600.771899][T13468] proc_fail_nth_read+0x197/0x270 [ 600.771928][T13468] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 600.771958][T13468] ? rw_verify_area+0xcf/0x680 [ 600.771987][T13468] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 600.772016][T13468] vfs_read+0x1de/0xc70 [ 600.772038][T13468] ? __pfx___mutex_lock+0x10/0x10 [ 600.772063][T13468] ? __pfx_vfs_read+0x10/0x10 [ 600.772088][T13468] ? __fget_files+0x20e/0x3c0 [ 600.772127][T13468] ksys_read+0x12a/0x240 [ 600.772144][T13468] ? __pfx_ksys_read+0x10/0x10 [ 600.772161][T13468] ? evdev_ioctl+0x139/0x1a0 [ 600.772194][T13468] do_syscall_64+0xcd/0x230 [ 600.772221][T13468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.772242][T13468] RIP: 0033:0x7fa30658d37c [ 600.772258][T13468] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 600.772297][T13468] RSP: 002b:00007fa307406030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 600.772318][T13468] RAX: ffffffffffffffda RBX: 00007fa3067b5fa0 RCX: 00007fa30658d37c [ 600.772332][T13468] RDX: 000000000000000f RSI: 00007fa3074060a0 RDI: 0000000000000004 [ 600.772346][T13468] RBP: 00007fa307406090 R08: 0000000000000000 R09: 0000000000000000 [ 600.772359][T13468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 600.772371][T13468] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 600.772399][T13468] [ 601.204914][T13473] Invalid ELF header magic: != ELF [ 604.347568][T13513] netlink: 'syz.1.1761': attribute type 10 has an invalid length. [ 604.450331][T13513] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1761'. [ 604.548128][T13519] netlink: 'syz.2.1762': attribute type 10 has an invalid length. [ 604.653962][T13519] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1762'. [ 604.666979][T13522] vivid-007: ================= START STATUS ================= [ 604.702554][T13522] vivid-007: Generate PTS: true [ 604.785561][T13522] vivid-007: Generate SCR: true [ 604.830134][T13522] tpg source WxH: 640x360 (Y'CbCr) [ 604.848162][T13523] Invalid ELF header magic: != ELF [ 604.886068][T13522] tpg field: 1 [ 604.922023][T13522] tpg crop: (0,0)/640x360 [ 604.962302][T13522] tpg compose: (0,0)/640x360 [ 604.992400][T13522] tpg colorspace: 8 [ 605.027533][T13522] tpg transfer function: 0/0 [ 605.060885][T13522] tpg Y'CbCr encoding: 0/0 [ 605.080583][T13522] tpg quantization: 0/0 [ 605.105779][T13522] tpg RGB range: 0/2 [ 605.120389][T13522] vivid-007: ================== END STATUS ================== [ 606.648625][T13548] Invalid ELF header magic: != ELF [ 606.697684][ T30] audit: type=1800 audit(6040609179.200:30): pid=13550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1772" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 606.746213][T13552] FAULT_INJECTION: forcing a failure. [ 606.746213][T13552] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 606.799085][T13550] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 606.819233][T13552] CPU: 0 UID: 0 PID: 13552 Comm: syz.2.1773 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 606.819276][T13552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 606.819289][T13552] Call Trace: [ 606.819297][T13552] [ 606.819306][T13552] dump_stack_lvl+0x16c/0x1f0 [ 606.819339][T13552] should_fail_ex+0x512/0x640 [ 606.819375][T13552] should_fail_alloc_page+0xe7/0x130 [ 606.819405][T13552] prepare_alloc_pages+0x3c2/0x610 [ 606.819445][T13552] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 606.819473][T13552] ? unwind_get_return_address+0x59/0xa0 [ 606.819499][T13552] ? arch_stack_walk+0xa6/0x100 [ 606.819533][T13552] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 606.819561][T13552] ? __pfx_stack_trace_save+0x10/0x10 [ 606.819583][T13552] ? stack_depot_save_flags+0x28/0xa50 [ 606.819621][T13552] ? kasan_save_stack+0x42/0x60 [ 606.819642][T13552] ? kasan_save_stack+0x33/0x60 [ 606.819663][T13552] ? kasan_save_track+0x14/0x30 [ 606.819683][T13552] ? __kasan_slab_alloc+0x89/0x90 [ 606.819706][T13552] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 606.819730][T13552] ? alloc_vmap_area+0x613/0x2970 [ 606.819770][T13552] ? __get_vm_area_node+0x1a7/0x300 [ 606.819799][T13552] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 606.819831][T13552] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 606.819860][T13552] ? policy_nodemask+0xea/0x4e0 [ 606.819887][T13552] alloc_pages_mpol+0x1fb/0x550 [ 606.819912][T13552] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 606.819945][T13552] alloc_pages_noprof+0x131/0x390 [ 606.819970][T13552] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 606.819989][T13552] get_free_pages_noprof+0xc/0x40 [ 606.820015][T13552] kasan_populate_vmalloc_pte+0x2d/0x160 [ 606.820036][T13552] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 606.820057][T13552] __apply_to_page_range+0x617/0xd60 [ 606.820091][T13552] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 606.820115][T13552] ? __pfx___apply_to_page_range+0x10/0x10 [ 606.820148][T13552] ? alloc_vmap_area+0x872/0x2970 [ 606.820181][T13552] alloc_vmap_area+0x919/0x2970 [ 606.820221][T13552] ? __pfx_alloc_vmap_area+0x10/0x10 [ 606.820262][T13552] __get_vm_area_node+0x1a7/0x300 [ 606.820299][T13552] __vmalloc_node_range_noprof+0x277/0x1540 [ 606.820333][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 606.820365][T13552] ? __mutex_trylock_common+0xe9/0x250 [ 606.820400][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 606.820434][T13552] ? do_alloc_pages+0xd7/0x280 [ 606.820462][T13552] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 606.820497][T13552] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 606.820528][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 606.820560][T13552] vmalloc_noprof+0x6b/0x90 [ 606.820591][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 606.820620][T13552] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 606.820652][T13552] __snd_dma_alloc_pages+0x50/0x90 [ 606.820684][T13552] snd_dma_alloc_dir_pages+0x151/0x240 [ 606.820718][T13552] do_alloc_pages+0x115/0x280 [ 606.820749][T13552] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 606.820784][T13552] snd_pcm_hw_params+0x15e1/0x1b40 [ 606.820819][T13552] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 606.820850][T13552] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 606.820881][T13552] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 606.820910][T13552] ? __asan_memset+0x23/0x50 [ 606.820944][T13552] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 606.820975][T13552] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 606.821016][T13552] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 606.821045][T13552] ? __pfx___mutex_lock+0x10/0x10 [ 606.821088][T13552] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 606.821115][T13552] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 606.821141][T13552] snd_pcm_oss_sync+0x1de/0x840 [ 606.821171][T13552] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 606.821198][T13552] snd_pcm_oss_release+0x28b/0x310 [ 606.821226][T13552] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 606.821257][T13552] __fput+0x3ff/0xb70 [ 606.821288][T13552] task_work_run+0x14d/0x240 [ 606.821321][T13552] ? __pfx_task_work_run+0x10/0x10 [ 606.821353][T13552] ? __pfx___do_sys_close_range+0x10/0x10 [ 606.821373][T13552] ? rcu_is_watching+0x12/0xc0 [ 606.821396][T13552] syscall_exit_to_user_mode+0x27b/0x2a0 [ 606.821423][T13552] do_syscall_64+0xda/0x230 [ 606.821451][T13552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.821472][T13552] RIP: 0033:0x7fa30658e969 [ 606.821490][T13552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.821512][T13552] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 606.821532][T13552] RAX: 0000000000000000 RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 606.821546][T13552] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 606.821559][T13552] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 606.821572][T13552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.821585][T13552] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 606.821613][T13552] [ 606.821663][T13552] syz.2.1773: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null) [ 607.629909][T13557] FAULT_INJECTION: forcing a failure. [ 607.629909][T13557] name failslab, interval 1, probability 0, space 0, times 0 [ 607.709059][T13557] CPU: 0 UID: 0 PID: 13557 Comm: syz.3.1774 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 607.709092][T13557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 607.709106][T13557] Call Trace: [ 607.709118][T13557] [ 607.709126][T13557] dump_stack_lvl+0x16c/0x1f0 [ 607.709159][T13557] should_fail_ex+0x512/0x640 [ 607.709188][T13557] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 607.709216][T13557] should_failslab+0xc2/0x120 [ 607.709242][T13557] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 607.709266][T13557] ? __kernfs_new_node+0xd2/0x8a0 [ 607.709305][T13557] __kernfs_new_node+0xd2/0x8a0 [ 607.709341][T13557] ? __pfx___kernfs_new_node+0x10/0x10 [ 607.709381][T13557] ? find_held_lock+0x2b/0x80 [ 607.709402][T13557] ? kernfs_root+0xee/0x2a0 [ 607.709441][T13557] kernfs_new_node+0x13c/0x1e0 [ 607.709468][T13557] __kernfs_create_file+0x53/0x350 [ 607.709499][T13557] sysfs_add_file_mode_ns+0x207/0x3c0 [ 607.709538][T13557] internal_create_group+0x578/0xf30 [ 607.709580][T13557] ? __pfx_internal_create_group+0x10/0x10 [ 607.709619][T13557] ? kernfs_create_link+0x1bd/0x240 [ 607.709651][T13557] internal_create_groups+0x9d/0x150 [ 607.709674][T13557] device_add+0x731/0x1a70 [ 607.709703][T13557] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 607.709727][T13557] ? __pfx_device_add+0x10/0x10 [ 607.709756][T13557] ? sprintf+0xcc/0x100 [ 607.709779][T13557] ? __pfx_sprintf+0x10/0x10 [ 607.709806][T13557] add_disk_fwnode+0x468/0x13a0 [ 607.709843][T13557] loop_add+0x909/0xb70 [ 607.709870][T13557] ? do_vfs_ioctl+0x512/0x1990 [ 607.709898][T13557] ? __pfx_loop_add+0x10/0x10 [ 607.709924][T13557] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 607.709970][T13557] ? find_held_lock+0x2b/0x80 [ 607.709993][T13557] loop_control_ioctl+0x13c/0x630 [ 607.710023][T13557] ? __pfx_loop_control_ioctl+0x10/0x10 [ 607.710056][T13557] ? __pfx_loop_control_ioctl+0x10/0x10 [ 607.710089][T13557] __x64_sys_ioctl+0x190/0x200 [ 607.710128][T13557] do_syscall_64+0xcd/0x230 [ 607.710156][T13557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.710177][T13557] RIP: 0033:0x7f7c4a78e969 [ 607.710194][T13557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.710214][T13557] RSP: 002b:00007f7c4b523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 607.710234][T13557] RAX: ffffffffffffffda RBX: 00007f7c4a9b5fa0 RCX: 00007f7c4a78e969 [ 607.710248][T13557] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 607.710261][T13557] RBP: 00007f7c4a810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 607.710274][T13557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 607.710286][T13557] R13: 0000000000000000 R14: 00007f7c4a9b5fa0 R15: 00007ffe535fdba8 [ 607.710313][T13557] [ 609.287785][T13552] ,cpuset=/,mems_allowed=0-1 [ 609.325003][T13552] CPU: 0 UID: 0 PID: 13552 Comm: syz.2.1773 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 609.325057][T13552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 609.325071][T13552] Call Trace: [ 609.325079][T13552] [ 609.325088][T13552] dump_stack_lvl+0x16c/0x1f0 [ 609.325121][T13552] warn_alloc+0x248/0x3a0 [ 609.325149][T13552] ? __pfx_warn_alloc+0x10/0x10 [ 609.325176][T13552] ? kfree+0x2b6/0x4d0 [ 609.325217][T13552] ? __get_vm_area_node+0x1e5/0x300 [ 609.325259][T13552] __vmalloc_node_range_noprof+0xd31/0x1540 [ 609.325295][T13552] ? __mutex_trylock_common+0xe9/0x250 [ 609.325335][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 609.325373][T13552] ? do_alloc_pages+0xd7/0x280 [ 609.325405][T13552] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 609.325443][T13552] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 609.325478][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 609.325513][T13552] vmalloc_noprof+0x6b/0x90 [ 609.325548][T13552] ? __snd_dma_alloc_pages+0x50/0x90 [ 609.325580][T13552] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 609.325616][T13552] __snd_dma_alloc_pages+0x50/0x90 [ 609.325651][T13552] snd_dma_alloc_dir_pages+0x151/0x240 [ 609.325689][T13552] do_alloc_pages+0x115/0x280 [ 609.325724][T13552] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 609.325763][T13552] snd_pcm_hw_params+0x15e1/0x1b40 [ 609.325803][T13552] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 609.325838][T13552] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 609.325873][T13552] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 609.325904][T13552] ? __asan_memset+0x23/0x50 [ 609.325950][T13552] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 609.325986][T13552] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 609.326031][T13552] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 609.326064][T13552] ? __pfx___mutex_lock+0x10/0x10 [ 609.326112][T13552] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 609.326143][T13552] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 609.326172][T13552] snd_pcm_oss_sync+0x1de/0x840 [ 609.326205][T13552] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 609.326235][T13552] snd_pcm_oss_release+0x28b/0x310 [ 609.326266][T13552] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 609.326308][T13552] __fput+0x3ff/0xb70 [ 609.326341][T13552] task_work_run+0x14d/0x240 [ 609.326377][T13552] ? __pfx_task_work_run+0x10/0x10 [ 609.326411][T13552] ? __pfx___do_sys_close_range+0x10/0x10 [ 609.326432][T13552] ? rcu_is_watching+0x12/0xc0 [ 609.326457][T13552] syscall_exit_to_user_mode+0x27b/0x2a0 [ 609.326486][T13552] do_syscall_64+0xda/0x230 [ 609.326515][T13552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.326537][T13552] RIP: 0033:0x7fa30658e969 [ 609.326555][T13552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.326577][T13552] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 609.326598][T13552] RAX: 0000000000000000 RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 609.326612][T13552] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 609.326625][T13552] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 609.326638][T13552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 609.326651][T13552] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 609.326679][T13552] [ 609.326687][T13552] Mem-Info: [ 609.982206][ T30] audit: type=1800 audit(6040609182.447:31): pid=13589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1783" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 610.043653][T13589] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 610.601431][T13552] active_anon:15790 inactive_anon:1 isolated_anon:559 [ 610.601431][T13552] active_file:20683 inactive_file:40996 isolated_file:0 [ 610.601431][T13552] unevictable:768 dirty:2477 writeback:0 [ 610.601431][T13552] slab_reclaimable:11349 slab_unreclaimable:100553 [ 610.601431][T13552] mapped:29360 shmem:2735 pagetables:824 [ 610.601431][T13552] sec_pagetables:0 bounce:0 [ 610.601431][T13552] kernel_misc_reclaimable:0 [ 610.601431][T13552] free:1316767 free_pcp:204 free_cma:0 [ 610.815832][T13552] Node 0 active_anon:60820kB inactive_anon:4kB active_file:82732kB inactive_file:163912kB unevictable:1536kB isolated(anon):2236kB isolated(file):0kB mapped:123628kB dirty:9960kB writeback:0kB shmem:7476kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10768kB pagetables:3348kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 611.016426][T13552] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 611.162870][T13552] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 611.274438][T13610] FAULT_INJECTION: forcing a failure. [ 611.274438][T13610] name failslab, interval 1, probability 0, space 0, times 0 [ 611.299157][T13552] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 611.315617][T13552] Node 0 DMA32 free:1335692kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:66844kB inactive_anon:4kB active_file:82732kB inactive_file:162068kB unevictable:1536kB writepending:10004kB present:3129332kB managed:2544212kB mlocked:0kB bounce:0kB free_pcp:1892kB local_pcp:1892kB free_cma:0kB [ 611.356073][T13610] CPU: 0 UID: 0 PID: 13610 Comm: syz.1.1787 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 611.356107][T13610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 611.356121][T13610] Call Trace: [ 611.356128][T13610] [ 611.356136][T13610] dump_stack_lvl+0x16c/0x1f0 [ 611.356169][T13610] should_fail_ex+0x512/0x640 [ 611.356199][T13610] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 611.356228][T13610] should_failslab+0xc2/0x120 [ 611.356255][T13610] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 611.356280][T13610] ? blk_alloc_queue+0x31/0x760 [ 611.356311][T13610] blk_alloc_queue+0x31/0x760 [ 611.356339][T13610] blk_mq_alloc_queue+0x179/0x290 [ 611.356370][T13610] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 611.356400][T13610] ? blk_mq_alloc_map_and_rqs+0xb1b/0xf10 [ 611.356443][T13610] ? debug_mutex_init+0x37/0x70 [ 611.356481][T13610] ? blk_mq_alloc_tag_set+0xce4/0x1250 [ 611.356517][T13610] __blk_mq_alloc_disk+0x29/0x120 [ 611.356550][T13610] loop_add+0x496/0xb70 [ 611.356584][T13610] ? do_vfs_ioctl+0x512/0x1990 [ 611.356614][T13610] ? __pfx_loop_add+0x10/0x10 [ 611.356641][T13610] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 611.356688][T13610] ? find_held_lock+0x2b/0x80 [ 611.356712][T13610] loop_control_ioctl+0x13c/0x630 [ 611.356750][T13610] ? __pfx_loop_control_ioctl+0x10/0x10 [ 611.356785][T13610] ? __pfx_loop_control_ioctl+0x10/0x10 [ 611.356817][T13610] __x64_sys_ioctl+0x190/0x200 [ 611.356849][T13610] do_syscall_64+0xcd/0x230 [ 611.356880][T13610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.356903][T13610] RIP: 0033:0x7f0bcad8e969 [ 611.356920][T13610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 611.356942][T13610] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 611.356963][T13610] RAX: ffffffffffffffda RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 611.356978][T13610] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 611.356991][T13610] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 611.357005][T13610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.357018][T13610] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 611.357045][T13610] [ 611.862916][T13552] lowmem_reserve[]: 0 0 1 1 1 [ 611.938968][T13552] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1844kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 612.021692][T13552] lowmem_reserve[]: 0 0 0 0 0 [ 612.043365][T13552] Node 1 Normal free:3914968kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:40kB local_pcp:40kB free_cma:0kB [ 612.119475][T13552] lowmem_reserve[]: 0 0 0 0 0 [ 612.160015][T13552] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 612.204333][T13552] Node 0 DMA32: 150*4kB (UM) 495*8kB (M) 956*16kB (UME) 810*32kB (UME) 508*64kB (UME) 215*128kB (UME) 122*256kB (UME) 54*512kB (UM) 47*1024kB (UM) 18*2048kB (ME) 263*4096kB (ME) = 1326928kB [ 612.275395][T13552] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 612.319064][T13552] Node 1 Normal: 212*4kB (UM) 71*8kB (UME) 39*16kB (UME) 179*32kB (UME) 78*64kB (UME) 28*128kB (UME) 17*256kB (UME) 12*512kB (UME) 5*1024kB (UME) 2*2048kB (UM) 947*4096kB (M) = 3914968kB [ 612.395391][T13552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 612.425576][T13552] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 612.491329][T13552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 612.526209][T13552] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 612.563242][T13552] 62165 total pagecache pages [ 612.583069][T13552] 0 pages in swap cache [ 612.596602][T13552] Free swap = 124996kB [ 612.614167][T13552] Total swap = 124996kB [ 612.625365][T13552] 2097051 pages RAM [ 612.638361][T13616] FAULT_INJECTION: forcing a failure. [ 612.638361][T13616] name failslab, interval 1, probability 0, space 0, times 0 [ 612.654306][T13552] 0 pages HighMem/MovableOnly [ 612.672820][T13552] 428892 pages reserved [ 612.685801][T13552] 0 pages cma reserved [ 612.693744][T13616] CPU: 0 UID: 0 PID: 13616 Comm: syz.0.1790 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 612.693775][T13616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 612.693788][T13616] Call Trace: [ 612.693795][T13616] [ 612.693803][T13616] dump_stack_lvl+0x16c/0x1f0 [ 612.693835][T13616] should_fail_ex+0x512/0x640 [ 612.693866][T13616] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 612.693894][T13616] should_failslab+0xc2/0x120 [ 612.693921][T13616] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 612.693946][T13616] ? __kernfs_new_node+0xd2/0x8a0 [ 612.693985][T13616] __kernfs_new_node+0xd2/0x8a0 [ 612.694022][T13616] ? __pfx___kernfs_new_node+0x10/0x10 [ 612.694064][T13616] ? find_held_lock+0x2b/0x80 [ 612.694086][T13616] ? kernfs_root+0xee/0x2a0 [ 612.694125][T13616] kernfs_new_node+0x13c/0x1e0 [ 612.694166][T13616] kernfs_create_dir_ns+0x4c/0x1a0 [ 612.694191][T13616] sysfs_create_dir_ns+0x13a/0x2b0 [ 612.694242][T13616] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 612.694274][T13616] ? find_held_lock+0x2b/0x80 [ 612.694298][T13616] ? class_dir_child_ns_type+0xd/0x60 [ 612.694329][T13616] kobject_add_internal+0x2c4/0x9b0 [ 612.694370][T13616] kobject_add+0x16e/0x240 [ 612.694399][T13616] ? __pfx_kobject_add+0x10/0x10 [ 612.694431][T13616] ? get_device_parent+0x1c5/0x4e0 [ 612.694457][T13616] ? kobject_put+0xab/0x5a0 [ 612.694493][T13616] device_add+0x288/0x1a70 [ 612.694522][T13616] ? __pfx_dev_set_name+0x10/0x10 [ 612.694551][T13616] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 612.694576][T13616] ? __pfx_device_add+0x10/0x10 [ 612.694615][T13616] ? sprintf+0xcc/0x100 [ 612.694639][T13616] ? __pfx_sprintf+0x10/0x10 [ 612.694667][T13616] add_disk_fwnode+0x468/0x13a0 [ 612.694705][T13616] loop_add+0x909/0xb70 [ 612.694827][T13616] ? do_vfs_ioctl+0x512/0x1990 [ 612.694861][T13616] ? __pfx_loop_add+0x10/0x10 [ 612.694889][T13616] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 612.694941][T13616] ? find_held_lock+0x2b/0x80 [ 612.694966][T13616] loop_control_ioctl+0x13c/0x630 [ 612.694998][T13616] ? __pfx_loop_control_ioctl+0x10/0x10 [ 612.695034][T13616] ? __pfx_loop_control_ioctl+0x10/0x10 [ 612.695066][T13616] __x64_sys_ioctl+0x190/0x200 [ 612.695100][T13616] do_syscall_64+0xcd/0x230 [ 612.695131][T13616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.695155][T13616] RIP: 0033:0x7f1d4518e969 [ 612.695174][T13616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.695197][T13616] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.695219][T13616] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 612.695241][T13616] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 612.695256][T13616] RBP: 00007f1d45210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 612.695271][T13616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.695285][T13616] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 612.695313][T13616] [ 612.701578][T13616] kobject: kobject_add_internal failed for loop35 (error: -12 parent: block) [ 614.336623][T13637] netlink: 'syz.2.1795': attribute type 10 has an invalid length. [ 614.419634][T13637] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1795'. [ 615.733320][T13663] FAULT_INJECTION: forcing a failure. [ 615.733320][T13663] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 615.806191][T13663] CPU: 0 UID: 0 PID: 13663 Comm: syz.1.1801 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 615.806228][T13663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 615.806249][T13663] Call Trace: [ 615.806257][T13663] [ 615.806265][T13663] dump_stack_lvl+0x16c/0x1f0 [ 615.806298][T13663] should_fail_ex+0x512/0x640 [ 615.806342][T13663] should_fail_alloc_page+0xe7/0x130 [ 615.806374][T13663] prepare_alloc_pages+0x3c2/0x610 [ 615.806414][T13663] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 615.806443][T13663] ? unwind_get_return_address+0x59/0xa0 [ 615.806470][T13663] ? arch_stack_walk+0xa6/0x100 [ 615.806505][T13663] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 615.806535][T13663] ? __pfx_stack_trace_save+0x10/0x10 [ 615.806558][T13663] ? stack_depot_save_flags+0x28/0xa50 [ 615.806598][T13663] ? kasan_save_stack+0x42/0x60 [ 615.806623][T13663] ? kasan_save_stack+0x33/0x60 [ 615.806644][T13663] ? kasan_save_track+0x14/0x30 [ 615.806666][T13663] ? __kasan_slab_alloc+0x89/0x90 [ 615.806689][T13663] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 615.806713][T13663] ? alloc_vmap_area+0x613/0x2970 [ 615.806744][T13663] ? __get_vm_area_node+0x1a7/0x300 [ 615.806775][T13663] ? __vmalloc_node_range_noprof+0x277/0x1540 [ 615.806810][T13663] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 615.806843][T13663] ? policy_nodemask+0xea/0x4e0 [ 615.806873][T13663] alloc_pages_mpol+0x1fb/0x550 [ 615.806902][T13663] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 615.806939][T13663] alloc_pages_noprof+0x131/0x390 [ 615.806967][T13663] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 615.806989][T13663] get_free_pages_noprof+0xc/0x40 [ 615.807018][T13663] kasan_populate_vmalloc_pte+0x2d/0x160 [ 615.807042][T13663] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 615.807065][T13663] __apply_to_page_range+0x617/0xd60 [ 615.807103][T13663] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 615.807131][T13663] ? __pfx___apply_to_page_range+0x10/0x10 [ 615.807167][T13663] ? alloc_vmap_area+0x872/0x2970 [ 615.807204][T13663] alloc_vmap_area+0x919/0x2970 [ 615.807253][T13663] ? __pfx_alloc_vmap_area+0x10/0x10 [ 615.807293][T13663] __get_vm_area_node+0x1a7/0x300 [ 615.807334][T13663] __vmalloc_node_range_noprof+0x277/0x1540 [ 615.807372][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 615.807406][T13663] ? __mutex_trylock_common+0xe9/0x250 [ 615.807446][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 615.807484][T13663] ? do_alloc_pages+0xd7/0x280 [ 615.807516][T13663] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 615.807555][T13663] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 615.807590][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 615.807626][T13663] vmalloc_noprof+0x6b/0x90 [ 615.807661][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 615.807694][T13663] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 615.807729][T13663] __snd_dma_alloc_pages+0x50/0x90 [ 615.807765][T13663] snd_dma_alloc_dir_pages+0x151/0x240 [ 615.807803][T13663] do_alloc_pages+0x115/0x280 [ 615.807839][T13663] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 615.807879][T13663] snd_pcm_hw_params+0x15e1/0x1b40 [ 615.807919][T13663] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 615.807953][T13663] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 615.807989][T13663] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 615.808020][T13663] ? __asan_memset+0x23/0x50 [ 615.808059][T13663] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 615.808094][T13663] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 615.808140][T13663] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 615.808173][T13663] ? __pfx___mutex_lock+0x10/0x10 [ 615.808221][T13663] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 615.808259][T13663] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 615.808288][T13663] snd_pcm_oss_sync+0x1de/0x840 [ 615.808321][T13663] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 615.808352][T13663] snd_pcm_oss_release+0x28b/0x310 [ 615.808385][T13663] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 615.808413][T13663] __fput+0x3ff/0xb70 [ 615.808447][T13663] task_work_run+0x14d/0x240 [ 615.808483][T13663] ? __pfx_task_work_run+0x10/0x10 [ 615.808518][T13663] ? __pfx___do_sys_close_range+0x10/0x10 [ 615.808539][T13663] ? rcu_is_watching+0x12/0xc0 [ 615.808566][T13663] syscall_exit_to_user_mode+0x27b/0x2a0 [ 615.808596][T13663] do_syscall_64+0xda/0x230 [ 615.808626][T13663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.808650][T13663] RIP: 0033:0x7f0bcad8e969 [ 615.808668][T13663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.808691][T13663] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 615.808713][T13663] RAX: 0000000000000000 RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 615.808727][T13663] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 615.808741][T13663] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 615.808755][T13663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 615.808769][T13663] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 615.808798][T13663] [ 616.590620][T13667] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 617.050767][T13663] syz.1.1801: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 617.495825][T13663] CPU: 0 UID: 0 PID: 13663 Comm: syz.1.1801 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 617.495874][T13663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 617.495895][T13663] Call Trace: [ 617.495905][T13663] [ 617.495918][T13663] dump_stack_lvl+0x16c/0x1f0 [ 617.495962][T13663] warn_alloc+0x248/0x3a0 [ 617.496001][T13663] ? __pfx_warn_alloc+0x10/0x10 [ 617.496039][T13663] ? kfree+0x2b6/0x4d0 [ 617.496095][T13663] ? __get_vm_area_node+0x1e5/0x300 [ 617.496151][T13663] __vmalloc_node_range_noprof+0xd31/0x1540 [ 617.496202][T13663] ? __mutex_trylock_common+0xe9/0x250 [ 617.496258][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 617.496316][T13663] ? do_alloc_pages+0xd7/0x280 [ 617.496362][T13663] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 617.496418][T13663] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 617.496466][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 617.496514][T13663] vmalloc_noprof+0x6b/0x90 [ 617.496562][T13663] ? __snd_dma_alloc_pages+0x50/0x90 [ 617.496612][T13663] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 617.496670][T13663] __snd_dma_alloc_pages+0x50/0x90 [ 617.496715][T13663] snd_dma_alloc_dir_pages+0x151/0x240 [ 617.496764][T13663] do_alloc_pages+0x115/0x280 [ 617.496811][T13663] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 617.496862][T13663] snd_pcm_hw_params+0x15e1/0x1b40 [ 617.496913][T13663] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 617.496957][T13663] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 617.497003][T13663] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 617.497043][T13663] ? __asan_memset+0x23/0x50 [ 617.497091][T13663] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 617.497137][T13663] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 617.497194][T13663] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 617.497235][T13663] ? __pfx___mutex_lock+0x10/0x10 [ 617.497298][T13663] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 617.497343][T13663] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 617.497380][T13663] snd_pcm_oss_sync+0x1de/0x840 [ 617.497423][T13663] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 617.497462][T13663] snd_pcm_oss_release+0x28b/0x310 [ 617.497502][T13663] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 617.497539][T13663] __fput+0x3ff/0xb70 [ 617.497583][T13663] task_work_run+0x14d/0x240 [ 617.497630][T13663] ? __pfx_task_work_run+0x10/0x10 [ 617.497675][T13663] ? __pfx___do_sys_close_range+0x10/0x10 [ 617.497702][T13663] ? rcu_is_watching+0x12/0xc0 [ 617.497737][T13663] syscall_exit_to_user_mode+0x27b/0x2a0 [ 617.497774][T13663] do_syscall_64+0xda/0x230 [ 617.497813][T13663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.497844][T13663] RIP: 0033:0x7f0bcad8e969 [ 617.497867][T13663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.497897][T13663] RSP: 002b:00007f0bc8bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 617.497924][T13663] RAX: 0000000000000000 RBX: 00007f0bcafb5fa0 RCX: 00007f0bcad8e969 [ 617.497943][T13663] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 617.497961][T13663] RBP: 00007f0bcae10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 617.497979][T13663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 617.497996][T13663] R13: 0000000000000000 R14: 00007f0bcafb5fa0 R15: 00007ffeba924ad8 [ 617.498035][T13663] [ 618.287705][T13663] Mem-Info: [ 618.290916][T13663] active_anon:16446 inactive_anon:1 isolated_anon:0 [ 618.290916][T13663] active_file:20651 inactive_file:39503 isolated_file:0 [ 618.290916][T13663] unevictable:768 dirty:829 writeback:0 [ 618.290916][T13663] slab_reclaimable:11663 slab_unreclaimable:100456 [ 618.290916][T13663] mapped:30593 shmem:3617 pagetables:878 [ 618.290916][T13663] sec_pagetables:0 bounce:0 [ 618.290916][T13663] kernel_misc_reclaimable:0 [ 618.290916][T13663] free:1317051 free_pcp:1796 free_cma:0 [ 618.363867][T13663] Node 0 active_anon:65884kB inactive_anon:4kB active_file:82604kB inactive_file:157940kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122472kB dirty:3316kB writeback:0kB shmem:9960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10912kB pagetables:3512kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 618.451929][T13663] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 618.563488][T13663] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 618.643407][T13695] Invalid ELF header magic: != ELF [ 618.663744][T13663] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 618.740093][T13663] Node 0 DMA32 free:1340848kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:67540kB inactive_anon:4kB active_file:82604kB inactive_file:156096kB unevictable:1536kB writepending:3316kB present:3129332kB managed:2544212kB mlocked:0kB bounce:0kB free_pcp:4892kB local_pcp:4860kB free_cma:0kB [ 618.857090][T13663] lowmem_reserve[]: 0 0 1 1 1 [ 618.885151][T13663] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1844kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 618.956315][T13663] lowmem_reserve[]: 0 0 0 0 0 [ 618.962948][T13663] Node 1 Normal free:3915016kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 619.077621][T13710] FAULT_INJECTION: forcing a failure. [ 619.077621][T13710] name failslab, interval 1, probability 0, space 0, times 0 [ 619.094154][T13710] CPU: 0 UID: 0 PID: 13710 Comm: syz.2.1814 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 619.094202][T13710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 619.094223][T13710] Call Trace: [ 619.094234][T13710] [ 619.094246][T13710] dump_stack_lvl+0x16c/0x1f0 [ 619.094293][T13710] should_fail_ex+0x512/0x640 [ 619.094339][T13710] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 619.094380][T13710] should_failslab+0xc2/0x120 [ 619.094418][T13710] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 619.094455][T13710] ? __kernfs_new_node+0xd2/0x8a0 [ 619.094513][T13710] __kernfs_new_node+0xd2/0x8a0 [ 619.094567][T13710] ? __pfx___kernfs_new_node+0x10/0x10 [ 619.094628][T13710] ? find_held_lock+0x2b/0x80 [ 619.094660][T13710] ? kernfs_root+0xee/0x2a0 [ 619.094717][T13710] kernfs_new_node+0x13c/0x1e0 [ 619.094759][T13710] __kernfs_create_file+0x53/0x350 [ 619.094806][T13710] sysfs_add_file_mode_ns+0x207/0x3c0 [ 619.094863][T13710] internal_create_group+0x578/0xf30 [ 619.094925][T13710] ? __pfx_internal_create_group+0x10/0x10 [ 619.094984][T13710] ? kernfs_create_link+0x1bd/0x240 [ 619.095046][T13710] internal_create_groups+0x9d/0x150 [ 619.095084][T13710] device_add+0x731/0x1a70 [ 619.095127][T13710] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 619.095165][T13710] ? __pfx_device_add+0x10/0x10 [ 619.095209][T13710] ? sprintf+0xcc/0x100 [ 619.095243][T13710] ? __pfx_sprintf+0x10/0x10 [ 619.095286][T13710] add_disk_fwnode+0x468/0x13a0 [ 619.095339][T13710] loop_add+0x909/0xb70 [ 619.095378][T13710] ? do_vfs_ioctl+0x512/0x1990 [ 619.095422][T13710] ? __pfx_loop_add+0x10/0x10 [ 619.095460][T13710] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 619.095529][T13710] ? find_held_lock+0x2b/0x80 [ 619.095562][T13710] loop_control_ioctl+0x13c/0x630 [ 619.095606][T13710] ? __pfx_loop_control_ioctl+0x10/0x10 [ 619.095653][T13710] ? __pfx_loop_control_ioctl+0x10/0x10 [ 619.095697][T13710] __x64_sys_ioctl+0x190/0x200 [ 619.095743][T13710] do_syscall_64+0xcd/0x230 [ 619.095784][T13710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.095816][T13710] RIP: 0033:0x7fa30658e969 [ 619.095840][T13710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 619.095872][T13710] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.095902][T13710] RAX: ffffffffffffffda RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 619.095925][T13710] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 619.095945][T13710] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 619.095965][T13710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 619.095983][T13710] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 619.096041][T13710] [ 619.209587][T13663] lowmem_reserve[]: [ 619.286130][T13716] FAULT_INJECTION: forcing a failure. [ 619.286130][T13716] name failslab, interval 1, probability 0, space 0, times 0 [ 619.405103][T13716] CPU: 0 UID: 0 PID: 13716 Comm: syz.0.1815 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 619.405149][T13716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 619.405168][T13716] Call Trace: [ 619.405178][T13716] [ 619.405190][T13716] dump_stack_lvl+0x16c/0x1f0 [ 619.405234][T13716] should_fail_ex+0x512/0x640 [ 619.405278][T13716] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 619.405335][T13716] should_failslab+0xc2/0x120 [ 619.405374][T13716] __kmalloc_cache_noprof+0x6a/0x3e0 [ 619.405426][T13716] ? device_add+0xccc/0x1a70 [ 619.405474][T13716] device_add+0xccc/0x1a70 [ 619.405512][T13716] ? dev_set_name+0xc7/0x100 [ 619.405556][T13716] ? __pfx_dev_set_name+0x10/0x10 [ 619.405598][T13716] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 619.405633][T13716] ? __pfx_device_add+0x10/0x10 [ 619.405676][T13716] ? sprintf+0xcc/0x100 [ 619.405710][T13716] ? __pfx_sprintf+0x10/0x10 [ 619.405752][T13716] add_disk_fwnode+0x468/0x13a0 [ 619.405805][T13716] loop_add+0x909/0xb70 [ 619.405845][T13716] ? do_vfs_ioctl+0x512/0x1990 [ 619.405888][T13716] ? __pfx_loop_add+0x10/0x10 [ 619.405923][T13716] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 619.406001][T13716] ? find_held_lock+0x2b/0x80 [ 619.406037][T13716] loop_control_ioctl+0x13c/0x630 [ 619.406081][T13716] ? __pfx_loop_control_ioctl+0x10/0x10 [ 619.406134][T13716] ? __pfx_loop_control_ioctl+0x10/0x10 [ 619.406176][T13716] __x64_sys_ioctl+0x190/0x200 [ 619.406220][T13716] do_syscall_64+0xcd/0x230 [ 619.406263][T13716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.406297][T13716] RIP: 0033:0x7f1d4518e969 [ 619.406322][T13716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 619.406353][T13716] RSP: 002b:00007f1d46060038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.406384][T13716] RAX: ffffffffffffffda RBX: 00007f1d453b5fa0 RCX: 00007f1d4518e969 [ 619.406405][T13716] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 619.406425][T13716] RBP: 00007f1d45210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 619.406444][T13716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 619.406463][T13716] R13: 0000000000000000 R14: 00007f1d453b5fa0 R15: 00007ffc99ab9818 [ 619.406521][T13716] [ 619.407157][T13663] 0 0 0 0 0 [ 619.669275][T13663] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 619.682825][T13663] Node 0 DMA32: 891*4kB (UE) 434*8kB (UE) 656*16kB (UME) 894*32kB (UME) 479*64kB (UME) 214*128kB (UME) 123*256kB (UM) 56*512kB (UME) 48*1024kB (UME) 20*2048kB (UM) 265*4096kB (UME) = 1339900kB [ 619.706393][T13663] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 619.729001][T13663] Node 1 Normal: 217*4kB (UM) 71*8kB (UME) 39*16kB (UME) 180*32kB (UME) 78*64kB (UME) 28*128kB (UME) 17*256kB (UME) 12*512kB (UME) 5*1024kB (UME) 2*2048kB (UM) 947*4096kB (M) = 3915020kB [ 619.819439][T13663] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 619.865660][T13663] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 619.925861][T13663] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 619.973438][T13663] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 619.987939][T13663] 66145 total pagecache pages [ 620.027365][T13663] 0 pages in swap cache [ 620.035424][T13663] Free swap = 124996kB [ 620.054703][T13663] Total swap = 124996kB [ 620.065057][T13663] 2097051 pages RAM [ 620.094518][T13663] 0 pages HighMem/MovableOnly [ 620.104679][T13663] 428892 pages reserved [ 620.109462][T13663] 0 pages cma reserved [ 620.423233][T13729] Invalid ELF header magic: != ELF [ 620.598608][T13739] FAULT_INJECTION: forcing a failure. [ 620.598608][T13739] name failslab, interval 1, probability 0, space 0, times 0 [ 620.689963][T13739] CPU: 1 UID: 0 PID: 13739 Comm: syz.0.1822 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 620.690017][T13739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 620.690036][T13739] Call Trace: [ 620.690046][T13739] [ 620.690057][T13739] dump_stack_lvl+0x16c/0x1f0 [ 620.690099][T13739] should_fail_ex+0x512/0x640 [ 620.690146][T13739] should_failslab+0xc2/0x120 [ 620.690184][T13739] __kmalloc_cache_noprof+0x6a/0x3e0 [ 620.690236][T13739] ? __sctp_v6_cmp_addr+0x206/0x530 [ 620.690277][T13739] ? sctp_add_bind_addr+0xae/0x3f0 [ 620.690316][T13739] sctp_add_bind_addr+0xae/0x3f0 [ 620.690350][T13739] sctp_copy_local_addr_list+0x39d/0x5a0 [ 620.690398][T13739] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 620.690447][T13739] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 620.690499][T13739] ? sctp_bind_addr_copy+0xe0/0x530 [ 620.690534][T13739] sctp_bind_addr_copy+0xe0/0x530 [ 620.690580][T13739] sctp_connect_new_asoc+0x1d7/0x790 [ 620.690633][T13739] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 620.690691][T13739] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 620.690744][T13739] sctp_sendmsg+0x15f9/0x1ee0 [ 620.690817][T13739] ? __pfx_sctp_sendmsg+0x10/0x10 [ 620.690881][T13739] ? __might_fault+0xe3/0x190 [ 620.690915][T13739] ? __pfx_aa_sk_perm+0x10/0x10 [ 620.690953][T13739] ? __pfx_sctp_sendmsg+0x10/0x10 [ 620.691000][T13739] inet_sendmsg+0x119/0x140 [ 620.691045][T13739] __sys_sendto+0x431/0x510 [ 620.691089][T13739] ? __pfx___sys_sendto+0x10/0x10 [ 620.691166][T13739] ? ksys_write+0x1b9/0x240 [ 620.691193][T13739] ? __pfx_ksys_write+0x10/0x10 [ 620.691217][T13739] ? rcu_is_watching+0x12/0xc0 [ 620.691247][T13739] __x64_sys_sendto+0xe0/0x1c0 [ 620.691286][T13739] ? do_syscall_64+0x91/0x230 [ 620.691318][T13739] ? lockdep_hardirqs_on+0x7c/0x110 [ 620.691352][T13739] do_syscall_64+0xcd/0x230 [ 620.691390][T13739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.691419][T13739] RIP: 0033:0x7f1d4518e969 [ 620.691441][T13739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.691469][T13739] RSP: 002b:00007f1d4603f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 620.691497][T13739] RAX: ffffffffffffffda RBX: 00007f1d453b6080 RCX: 00007f1d4518e969 [ 620.691516][T13739] RDX: 0000000000000401 RSI: 0000000000000000 RDI: 0000000000000003 [ 620.691532][T13739] RBP: 00007f1d4603f090 R08: 0000200000000000 R09: 000000000000001f [ 620.691550][T13739] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000002 [ 620.691568][T13739] R13: 0000000000000000 R14: 00007f1d453b6080 R15: 00007ffc99ab9818 [ 620.691606][T13739] [ 621.354156][T13737] netlink: 'syz.1.1821': attribute type 10 has an invalid length. [ 621.368682][T13737] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1821'. [ 622.258854][T13763] FAULT_INJECTION: forcing a failure. [ 622.258854][T13763] name failslab, interval 1, probability 0, space 0, times 0 [ 622.271708][T13763] CPU: 1 UID: 0 PID: 13763 Comm: syz.3.1829 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 622.271750][T13763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 622.271768][T13763] Call Trace: [ 622.271778][T13763] [ 622.271789][T13763] dump_stack_lvl+0x16c/0x1f0 [ 622.271832][T13763] should_fail_ex+0x512/0x640 [ 622.271874][T13763] ? __kvmalloc_node_noprof+0x122/0x600 [ 622.271911][T13763] should_failslab+0xc2/0x120 [ 622.271950][T13763] __kvmalloc_node_noprof+0x135/0x600 [ 622.271983][T13763] ? kfree+0x2b6/0x4d0 [ 622.272027][T13763] ? snd_pcm_oss_change_params_locked+0x1d18/0x3b40 [ 622.272079][T13763] ? snd_pcm_oss_change_params_locked+0x1d18/0x3b40 [ 622.272119][T13763] snd_pcm_oss_change_params_locked+0x1d18/0x3b40 [ 622.272182][T13763] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 622.272228][T13763] ? mas_preallocate+0x5b4/0xcd0 [ 622.272298][T13763] snd_pcm_oss_mmap+0x578/0x700 [ 622.272342][T13763] __mmap_region+0x1485/0x27c0 [ 622.272384][T13763] ? __pfx___mmap_region+0x10/0x10 [ 622.272416][T13763] ? bpf_ksym_find+0x124/0x1c0 [ 622.272475][T13763] ? __kernel_text_address+0xd/0x40 [ 622.272524][T13763] ? unwind_get_return_address+0x59/0xa0 [ 622.272629][T13763] ? trace_cap_capable+0x18d/0x200 [ 622.272687][T13763] ? cap_capable+0xb3/0x250 [ 622.272723][T13763] mmap_region+0x32b/0x3f0 [ 622.272768][T13763] do_mmap+0xd8e/0x11b0 [ 622.272823][T13763] ? __pfx_do_mmap+0x10/0x10 [ 622.272870][T13763] ? __pfx_down_write_killable+0x10/0x10 [ 622.272922][T13763] vm_mmap_pgoff+0x281/0x450 [ 622.272979][T13763] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 622.273030][T13763] ? __fget_files+0x20e/0x3c0 [ 622.273087][T13763] ksys_mmap_pgoff+0x32c/0x5c0 [ 622.273132][T13763] ? __pfx_ksys_write+0x10/0x10 [ 622.273160][T13763] ? rcu_is_watching+0x12/0xc0 [ 622.273193][T13763] __x64_sys_mmap+0x125/0x190 [ 622.273229][T13763] do_syscall_64+0xcd/0x230 [ 622.273270][T13763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.273303][T13763] RIP: 0033:0x7f7c4a78e969 [ 622.273328][T13763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.273358][T13763] RSP: 002b:00007f7c4b523038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 622.273388][T13763] RAX: ffffffffffffffda RBX: 00007f7c4a9b5fa0 RCX: 00007f7c4a78e969 [ 622.273409][T13763] RDX: fffffffffffffe01 RSI: 0000000004000005 RDI: 0000000000000000 [ 622.273441][T13763] RBP: 00007f7c4b523090 R08: 0000000000000003 R09: 0010000000008000 [ 622.273461][T13763] R10: 0000000000008051 R11: 0000000000000246 R12: 0000000000000002 [ 622.273480][T13763] R13: 0000000000000000 R14: 00007f7c4a9b5fa0 R15: 00007ffe535fdba8 [ 622.273521][T13763] [ 622.851493][T13764] netlink: 'syz.1.1827': attribute type 10 has an invalid length. [ 622.931386][T13764] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1827'. [ 623.000035][T13766] netlink: 'syz.3.1830': attribute type 10 has an invalid length. [ 623.007956][T13766] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1830'. [ 623.124602][ T30] audit: type=1800 audit(6040609195.715:32): pid=13774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1832" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 623.653909][T13771] netlink: 'syz.0.1831': attribute type 10 has an invalid length. [ 623.684150][T13771] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1831'. [ 624.825443][T13806] Invalid ELF header magic: != ELF [ 625.238437][T13811] ================================================================== [ 625.246573][T13811] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 625.254362][T13811] Read of size 8 at addr ffff88802ad5ac18 by task syz.2.1842/13811 [ 625.262286][T13811] [ 625.264626][T13811] CPU: 1 UID: 0 PID: 13811 Comm: syz.2.1842 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 625.264659][T13811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 625.264675][T13811] Call Trace: [ 625.264683][T13811] [ 625.264693][T13811] dump_stack_lvl+0x116/0x1f0 [ 625.264730][T13811] print_report+0xc3/0x670 [ 625.264759][T13811] ? __virt_addr_valid+0x5e/0x590 [ 625.264790][T13811] ? __phys_addr+0xc6/0x150 [ 625.264822][T13811] ? dvb_device_open+0x36a/0x3b0 [ 625.264855][T13811] kasan_report+0xe0/0x110 [ 625.264884][T13811] ? dvb_device_open+0x36a/0x3b0 [ 625.264918][T13811] ? __pfx_dvb_device_open+0x10/0x10 [ 625.264949][T13811] dvb_device_open+0x36a/0x3b0 [ 625.264981][T13811] ? __pfx_dvb_device_open+0x10/0x10 [ 625.265013][T13811] chrdev_open+0x231/0x6a0 [ 625.265041][T13811] ? __pfx_apparmor_file_open+0x10/0x10 [ 625.265077][T13811] ? __pfx_chrdev_open+0x10/0x10 [ 625.265107][T13811] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 625.265156][T13811] do_dentry_open+0x741/0x1c10 [ 625.265185][T13811] ? __pfx_chrdev_open+0x10/0x10 [ 625.265218][T13811] vfs_open+0x82/0x3f0 [ 625.265282][T13811] path_openat+0x1e5e/0x2d40 [ 625.265318][T13811] ? __pfx_path_openat+0x10/0x10 [ 625.265351][T13811] do_filp_open+0x20b/0x470 [ 625.265379][T13811] ? __pfx_do_filp_open+0x10/0x10 [ 625.265422][T13811] ? alloc_fd+0x471/0x7d0 [ 625.265473][T13811] do_sys_openat2+0x11b/0x1d0 [ 625.265512][T13811] ? __pfx_do_sys_openat2+0x10/0x10 [ 625.265552][T13811] ? __pfx_do_sys_openat2+0x10/0x10 [ 625.265590][T13811] ? __pfx___might_resched+0x10/0x10 [ 625.265630][T13811] __x64_sys_openat+0x174/0x210 [ 625.265672][T13811] ? __pfx___x64_sys_openat+0x10/0x10 [ 625.265715][T13811] ? rcu_is_watching+0x12/0xc0 [ 625.265749][T13811] do_syscall_64+0xcd/0x230 [ 625.265789][T13811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.265821][T13811] RIP: 0033:0x7fa30658e969 [ 625.265845][T13811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.265877][T13811] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 625.265908][T13811] RAX: ffffffffffffffda RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 625.265928][T13811] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 625.265949][T13811] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 625.265968][T13811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.265985][T13811] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 625.266015][T13811] [ 625.266026][T13811] [ 625.524480][T13811] Allocated by task 1: [ 625.528550][T13811] kasan_save_stack+0x33/0x60 [ 625.533243][T13811] kasan_save_track+0x14/0x30 [ 625.537947][T13811] __kasan_kmalloc+0xaa/0xb0 [ 625.542571][T13811] dvb_register_device+0x1e4/0x2370 [ 625.547804][T13811] dvb_register_frontend+0x5a6/0x880 [ 625.553295][T13811] vidtv_bridge_probe+0x459/0xa90 [ 625.558355][T13811] platform_probe+0xff/0x1f0 [ 625.563003][T13811] really_probe+0x23e/0xa90 [ 625.567537][T13811] __driver_probe_device+0x1de/0x440 [ 625.572848][T13811] driver_probe_device+0x4c/0x1b0 [ 625.577980][T13811] __driver_attach+0x283/0x580 [ 625.582764][T13811] bus_for_each_dev+0x13b/0x1d0 [ 625.587644][T13811] bus_add_driver+0x2e9/0x690 [ 625.592368][T13811] driver_register+0x15c/0x4b0 [ 625.597156][T13811] vidtv_bridge_init+0x45/0x80 [ 625.601956][T13811] do_one_initcall+0x120/0x6e0 [ 625.606749][T13811] kernel_init_freeable+0x5c2/0x900 [ 625.611962][T13811] kernel_init+0x1c/0x2b0 [ 625.616321][T13811] ret_from_fork+0x45/0x80 [ 625.620763][T13811] ret_from_fork_asm+0x1a/0x30 [ 625.625559][T13811] [ 625.627893][T13811] Freed by task 13774: [ 625.631967][T13811] kasan_save_stack+0x33/0x60 [ 625.636664][T13811] kasan_save_track+0x14/0x30 [ 625.641358][T13811] kasan_save_free_info+0x3b/0x60 [ 625.646410][T13811] __kasan_slab_free+0x51/0x70 [ 625.651193][T13811] kfree+0x2b6/0x4d0 [ 625.655114][T13811] dvb_device_put.part.0+0x60/0x90 [ 625.660248][T13811] dvb_device_open+0x2a4/0x3b0 [ 625.665036][T13811] chrdev_open+0x231/0x6a0 [ 625.669471][T13811] do_dentry_open+0x741/0x1c10 [ 625.674254][T13811] vfs_open+0x82/0x3f0 [ 625.678347][T13811] path_openat+0x1e5e/0x2d40 [ 625.682954][T13811] do_filp_open+0x20b/0x470 [ 625.687485][T13811] do_sys_openat2+0x11b/0x1d0 [ 625.692199][T13811] __x64_sys_openat+0x174/0x210 [ 625.697088][T13811] do_syscall_64+0xcd/0x230 [ 625.701621][T13811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.707533][T13811] [ 625.709862][T13811] The buggy address belongs to the object at ffff88802ad5ac00 [ 625.709862][T13811] which belongs to the cache kmalloc-256 of size 256 [ 625.723929][T13811] The buggy address is located 24 bytes inside of [ 625.723929][T13811] freed 256-byte region [ffff88802ad5ac00, ffff88802ad5ad00) [ 625.737666][T13811] [ 625.740004][T13811] The buggy address belongs to the physical page: [ 625.746429][T13811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ad5a [ 625.755217][T13811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 625.763730][T13811] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 625.771284][T13811] page_type: f5(slab) [ 625.775285][T13811] raw: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 625.783907][T13811] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 625.792514][T13811] head: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 625.801208][T13811] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 625.809893][T13811] head: 00fff00000000001 ffffea0000ab5681 00000000ffffffff 00000000ffffffff [ 625.818578][T13811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 625.827257][T13811] page dumped because: kasan: bad access detected [ 625.833670][T13811] page_owner tracks the page as allocated [ 625.839384][T13811] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25029092139, free_ts 0 [ 625.859129][T13811] post_alloc_hook+0x181/0x1b0 [ 625.863911][T13811] get_page_from_freelist+0x135c/0x3920 [ 625.869471][T13811] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 625.875412][T13811] alloc_pages_mpol+0x1fb/0x550 [ 625.880290][T13811] new_slab+0x244/0x340 [ 625.884485][T13811] ___slab_alloc+0xd9c/0x1940 [ 625.889204][T13811] __slab_alloc.constprop.0+0x56/0xb0 [ 625.894608][T13811] __kmalloc_cache_noprof+0xfb/0x3e0 [ 625.899932][T13811] bus_add_driver+0x92/0x690 [ 625.904557][T13811] driver_register+0x15c/0x4b0 [ 625.909352][T13811] usb_register_driver+0x216/0x4d0 [ 625.914482][T13811] do_one_initcall+0x120/0x6e0 [ 625.919268][T13811] kernel_init_freeable+0x5c2/0x900 [ 625.924480][T13811] kernel_init+0x1c/0x2b0 [ 625.928834][T13811] ret_from_fork+0x45/0x80 [ 625.933278][T13811] ret_from_fork_asm+0x1a/0x30 [ 625.938066][T13811] page_owner free stack trace missing [ 625.943436][T13811] [ 625.945768][T13811] Memory state around the buggy address: [ 625.951411][T13811] ffff88802ad5ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 625.959482][T13811] ffff88802ad5ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 625.967557][T13811] >ffff88802ad5ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 625.975641][T13811] ^ [ 625.980503][T13811] ffff88802ad5ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 625.988587][T13811] ffff88802ad5ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 625.996662][T13811] ================================================================== [ 626.035136][T13811] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 626.042427][T13811] CPU: 1 UID: 0 PID: 13811 Comm: syz.2.1842 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 626.054548][T13811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 626.064635][T13811] Call Trace: [ 626.067928][T13811] [ 626.070873][T13811] dump_stack_lvl+0x3d/0x1f0 [ 626.075504][T13811] panic+0x71c/0x800 [ 626.079436][T13811] ? __pfx_panic+0x10/0x10 [ 626.083898][T13811] ? mark_held_locks+0x49/0x80 [ 626.088721][T13811] ? preempt_schedule_thunk+0x16/0x30 [ 626.094133][T13811] ? dvb_device_open+0x36a/0x3b0 [ 626.099102][T13811] ? preempt_schedule_common+0x44/0xc0 [ 626.104588][T13811] ? dvb_device_open+0x36a/0x3b0 [ 626.109552][T13811] check_panic_on_warn+0xab/0xb0 [ 626.114523][T13811] end_report+0x107/0x170 [ 626.118892][T13811] kasan_report+0xee/0x110 [ 626.123358][T13811] ? dvb_device_open+0x36a/0x3b0 [ 626.128355][T13811] ? __pfx_dvb_device_open+0x10/0x10 [ 626.133682][T13811] dvb_device_open+0x36a/0x3b0 [ 626.138475][T13811] ? __pfx_dvb_device_open+0x10/0x10 [ 626.143788][T13811] chrdev_open+0x231/0x6a0 [ 626.148221][T13811] ? __pfx_apparmor_file_open+0x10/0x10 [ 626.153791][T13811] ? __pfx_chrdev_open+0x10/0x10 [ 626.158746][T13811] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 626.165538][T13811] do_dentry_open+0x741/0x1c10 [ 626.170319][T13811] ? __pfx_chrdev_open+0x10/0x10 [ 626.175269][T13811] vfs_open+0x82/0x3f0 [ 626.179359][T13811] path_openat+0x1e5e/0x2d40 [ 626.183972][T13811] ? __pfx_path_openat+0x10/0x10 [ 626.188924][T13811] do_filp_open+0x20b/0x470 [ 626.193464][T13811] ? __pfx_do_filp_open+0x10/0x10 [ 626.198530][T13811] ? alloc_fd+0x471/0x7d0 [ 626.202907][T13811] do_sys_openat2+0x11b/0x1d0 [ 626.207607][T13811] ? __pfx_do_sys_openat2+0x10/0x10 [ 626.212827][T13811] ? __pfx_do_sys_openat2+0x10/0x10 [ 626.218053][T13811] ? __pfx___might_resched+0x10/0x10 [ 626.223360][T13811] __x64_sys_openat+0x174/0x210 [ 626.228246][T13811] ? __pfx___x64_sys_openat+0x10/0x10 [ 626.233645][T13811] ? rcu_is_watching+0x12/0xc0 [ 626.238426][T13811] do_syscall_64+0xcd/0x230 [ 626.242954][T13811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.248863][T13811] RIP: 0033:0x7fa30658e969 [ 626.253291][T13811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.272926][T13811] RSP: 002b:00007fa307406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 626.281375][T13811] RAX: ffffffffffffffda RBX: 00007fa3067b5fa0 RCX: 00007fa30658e969 [ 626.289453][T13811] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 626.297443][T13811] RBP: 00007fa306610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 626.305426][T13811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 626.313422][T13811] R13: 0000000000000000 R14: 00007fa3067b5fa0 R15: 00007ffd356df4f8 [ 626.321417][T13811] [ 626.324746][T13811] Kernel Offset: disabled [ 626.329074][T13811] Rebooting in 86400 seconds..