last executing test programs: 7.937066083s ago: executing program 1 (id=991): unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x92000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000040)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendmsg$auto_NFSD_CMD_LISTENER_GET(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r1, 0x20, 0x70bd29, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x64004090}, 0x24000005) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) read$auto(r2, 0x0, 0x4000000081) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r3 = syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0x100000000, 0x8, 0x0, 0x1c) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r4, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 7.50830054s ago: executing program 2 (id=992): pidfd_getfd$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x4) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xca481, 0x0) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) r0 = open(&(0x7f0000000140)='./file0\x00', 0x200000, 0x1c4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/zram0/mm_stat\x00', 0x8900, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x2, 0xa, &(0x7f0000000100)='+%-(-\'^\x00', 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r1, 0x0, 0x7) socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r2 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r2, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}}) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f002", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac413855"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.206661075s ago: executing program 2 (id=994): read$auto_force_wakeup_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000080)=""/216, 0xd8) r0 = prctl$auto(0x59616d61, 0x7, 0x1, 0x8, 0xfffffffffffffffb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) msgctl$auto_IPC_STAT(0x25, 0x2, &(0x7f0000000180)={{0x7, 0xee00, 0x0, 0x7ffffffd, 0x7fff, 0x5}, &(0x7f0000000000)=0x6, 0x0, 0x3, 0xff, 0x506, 0x2, 0x10001, 0x3b5d, 0x7ff, 0x2, @raw=0x8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) writev$auto(r1, &(0x7f0000000080)={0x0, 0x1000}, 0x3) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0)) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x2001, 0x0) ioctl$auto_BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) read$auto(r2, 0x0, 0x1000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setrlimit$auto(0x1000000007, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x3}, 0x6f4) ioctl$auto(0x4000000000000c8, 0x400454d8, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) 6.30450858s ago: executing program 0 (id=997): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r0, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000028c0)='/dev/tty18\x00', 0x80000, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000002900)="1c36") ioctl$auto(r0, 0x8924, r0) socket$nl_generic(0x10, 0x3, 0x10) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) pread64$auto(r2, 0x0, 0x6, 0x7) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x600002, 0x0) pwrite64$auto(r3, &(0x7f0000000280)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r4, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="01002abd7000fedbdf251b000000"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40) readahead$auto(r3, 0x4, 0x4) sysfs$auto(0x3, 0x401, 0x0) mmap$auto(0x0, 0x2020009, 0x20000000000003, 0xeb1, 0xfffffffffffffffa, 0x7ffc) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x62008811}, 0x800) r6 = socket(0x10, 0x5, 0xfffffffd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYRES32=r6, @ANYBLOB="060006000500dfff2800"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 6.161964202s ago: executing program 1 (id=998): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) r0 = prctl$auto(0x34, 0x1, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) mmap$auto(0x80000, 0x2020009, 0x3, 0x78, r0, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100026bd7000fedbbc25030000000800040008000000060007000000000000000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a000100aaaaaaaaaabb00000a000500aaaaaaaaaa370000080004001000000008000300faffffff08000400b7000000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fsopen$auto(&(0x7f0000000280)='^^\'b:\x00', 0x80) 5.68202312s ago: executing program 1 (id=1000): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) ppoll$auto(&(0x7f0000000200)={r0, 0x6, 0x6}, 0x8, 0x0, 0x0, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e695f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/freezer.state\x00', 0x10b342, 0x0) ioctl$auto(0x3, 0x1, 0x90000800000402) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ad00, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) futex_wake$auto(0x0, 0x0, 0x3, 0x0) bind$auto(0x3, 0x0, 0x6a) write$auto(0x3, 0x0, 0xffd8) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x8101, 0x0, 0xd0, 0x5, 0x6, 0x0, 0x1, 0x3692, 0x0, {0xffffffff, 0x10000}, 0x7ffffffffffffffe, 0x40000000000006, 0x9, 0x1007ffe, 0x0, 0x80000004, 0x4bbd, 0xffffffffbfff628f, 0xa747, 0xdeaa, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xa3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/bluetooth/hci7/hci7:200/power/control\x00', 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x40, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x28, 0x1, 0x1) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/mounts\x00', 0x40800, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x7, 0x948b, 0x6, 0x15f4da07, 0xfffffffffffffffe, 0x3, 0x62, 0x8000001f, 0x7, 0x8, 0x9, 0x800000000, 0x2000000008]}, 0x0) r4 = socketpair$auto(0x2, 0xe, 0x7, &(0x7f0000000040)=0x6) getsockopt$auto_SO_RCVBUF(r0, 0x6, 0x8, &(0x7f0000000080)='/dev/video43\x00', &(0x7f00000000c0)=0x1) close_range$auto(r4, r4, 0xf7fffffe) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x101, 0x0) 5.625668071s ago: executing program 2 (id=1001): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1c8340, 0x0) ioctl$auto(r0, 0xc0045401, 0xffffffffffffffff) (async) ioctl$auto_SNDCTL_SEQ_THRESHOLD(r0, 0x4004510d, &(0x7f0000000000)="d1218b0e140e9e037b3fd22848a5795bbc8c4d9879606ebafb22c9e066694d11d4bc4fc1bbdc7be6bb0d7e5c7f9469f5989f778a9659d1149e1a") (async) get_mempolicy$auto(&(0x7f0000000040)=0x28, &(0x7f0000000080)=0xfffffffffffff2c9, 0x6, 0x4, 0x8) (async) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) sysfs$auto(0x2, 0x44, 0x0) (async) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) 4.928767756s ago: executing program 2 (id=1002): pidfd_getfd$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x4) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xca481, 0x0) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) r0 = open(&(0x7f0000000140)='./file0\x00', 0x200000, 0x1c4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/zram0/mm_stat\x00', 0x8900, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x2, 0xa, &(0x7f0000000100)='+%-(-\'^\x00', 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r1, 0x0, 0x7) socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r2 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r2, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}}) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f002", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac413855"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.400400129s ago: executing program 1 (id=1003): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/tcp_dctcp/parameters/dctcp_shift_g\x00', 0x183041, 0x0) write$auto(r0, &(0x7f0000000300)='0t\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb', 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r3 = prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) process_madvise$auto_MADV_UNMERGEABLE(r3, &(0x7f0000000240)={&(0x7f0000000200)="2ceb30623047e8504a714fd462db43c5439ef2c0185efbf8629efb10b0519af5ae2c7b4f53", 0x400}, 0x7, 0xd, 0xd666) ioprio_set$auto(0x1, 0x0, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) r5 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x800, 0x0) r6 = getpid() sendmsg$auto_NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)={0x10c4, r4, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_STA_WME={0x34, 0x81, 0x0, 0x1, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3b}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x1}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x1}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x9}]}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x5}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_CQM={0x1050, 0x5e, 0x0, 0x1, [@nested={0x100c, 0x91, 0x0, 0x1, [@generic="748e9954903306812b166d9ac02988628c1b99f0836f834e1e7f72a4e9a9f15bb452fe7e557cfb6d2bbcf7d2631be870196071c2af6f2d828dcd52f48212fd4ebc1da50a15341fe427850c7beec7eccb6c1cbeed34713c61157d71bd1d716185fcdf1f379bd5f2e914205d3ac77006e4a79be8d546c4de17925532b688eee3311a6a5319e657aee7711310edf69a6432a2375ae0f6555b78d103cc897b30f325ec3c81ee9c84e50e7fd39372c27866459514d3f583ec9048f579dface6cd0c575b4a86c0265269f0d16bc62f10970b6014b57fc1270212afc0070f768487bc078fbcba82e76bd5c0e37387f8c13f130b673e1069d5cb261c07e3705dfc56785ea7d4ff1effe2538ba29dc5702751a4ab695bde1466f6f1a6a36e1cc572ad429ea1cce2ff56818e7f224a593aed302a5ff61cf443949a20ad56bbfae18be32eeb9ccaef23c42fbfe55ed4b39a0fe290543d1beb08819b6d2a10aa75c0c65a69e081892ecca3c3eb7f7c5e33457eb3e73783fcfb6508e4fa13b7755b75dce49c434a93498a38466480fee7fd27386b06d8a44094720512527e660cf291c5057e09cfcdb3b77aa8a3bdce8b805b454837231ae9209936818a04590f2f27d1334c06974a78930f9bfbe348189dc436e31f99e7657b525dae49c2abdfb160499f75f9a427254b4b575fa2ae05c71de118f9b5723cf318bbd082a990f455ebe66d771f750d8d0aaf5c2b0ce7b42c1c9e5e56cb966257656d4e0da39104f479128950bbfcd494ba3af9880f1305fb076321acdc17d15319917258e4ccd7260258f9056bac885195ed11a8ca5b0c22b2e9e3674a0b3f431ae0eb197e9f23b8ae54dba605e2d76f7c3c871c99417e4536ea4ebcf6fc1b79b23b271109feee021cef6f0e9b8a817a50e1045226d0ae48be91c555b5a4bc56f8f966c9f24d50dc803a35b9c2f54a4baaa625f779037287e059b1d1eb268ebbe729b709b83b3f499ecca6ce34023a20bc6e286b9e24b749f697d717f3a17f1fbf57edb28d387ace25b219143a043b7f61aa0b96bbd6bbcda7fbadd21830ff071ba0a7cf31a67b8f434ed43ee5f1f42a8f9da0df017c246717634cb30c34480210f73fa52085c76013eaaab6b2161d237db8d63ede0f573305101de964717b95bcbd4da84817237c808e20283c98d2543a8467333c5754cfe7416c046ca9bcf12760132dafaecb6a1f0961410f1f0b5d43fd3477bc1c6593e000f9871060c1ecd6722d2ec0085d44b8e32ced5ec2df1bd033c9a634535728f04d19cf04b87fc50eeb01b1a8e2cb90d4a1c0b0f27f94df1b28b94c27c601eaec63ca8af7dde152cd451450082479334d3ac2925275545b5fab143685176e85c751b3dd5130fe9f29a1693b23147f2d26db341b6287eb0a5806bc6db07536a10791b8f1b97a98ad8473fc89fcc7c94d93ad79b6a2e5e4b782c344659ebc27d6d48c85f858ce128e601127a53811ab4c384aaf524a57acdb11abf323ed39238b96f60a439d179170812c0299eabdc1b87da586168e8c96c6e1131df0574ddf415d9888d59b788cea0f0b0710c431ac3fb554b88c797936c7a0838b201563dae7087e602dd8727671cb910ad808c111dea66950b483e5f57b27cffa3c41c50464a7d99008052f16f8ad428cae720b7a5981e952847b8c0a14b32093cb0cb5047e79b7090bbc31c3afc0064237eb4b7fb03fc70ad06ccf4c5d8e5462ae918669af1d9cf7b98e6eee069786bc1e3473198b7437604f68d3aa4f812df3900cd25c3ebeeb30e9bf1edde404becfafbb0051b7db3d4b7be703c64354aa6b758d6f4fa9a7447e65dd31a1cbe039cdfca0de06c5a27a5bb9fb93efcffd887dc6c9f05aa2e40f62a2f4c9776c33ff5d805b6707493eb00b4447d997f21a8cc2bd70a68b69b32b779e478e93b16789e34e96d2dc228f32d76dc78fa31b87b0ea088de998c3a20107c5c0c17c47bfe028aca5dcc4eed2b2341243f596f429a2d0e8e760f416eec353b525fe7ab13974784354654184f3c801cca1d784507d1476c905c6db619bedeebf2e387e3174c64d4379d71f2487dbf9182ac78f06acf57dfe5450df5fb0384e1a312dbc22cfbc8222b6efca2292498a557c6d89bf3a602cf1728c9c0ad88d066507e899b93a82df9c73d86231df7e9b226854fef90cbd0af775bdeb3e1ba6c74258c856938869fa739906a29ce46ad7d1da318c0076f57052130e63cd175658ade9f933187166c4a0db491d807d182bc429e0d3cf72ef6d0ef692090edaf7a1c5bfe0861b661616bf853af41e162de219842b451575abee820bbda9b1ae142a2f3cda1d042daf5523193935d00e5154521d6d9c8ef3b20316e5c8685be5dcf6d22ad46617202b3bbaa6a81972bc75dae241bcc55cc55664cf9033a69f1d7b9d9d452dc2945c84253afab20591b6547a673865ff1eb500e762a754bf27a2e808d28aa0385a98b6cd86bf652f85c901edd1ff26a9e3f2caf9c4e8ba5472fb22518f8592653602c70f9ffdece61df42b1282f112fc4cd9cd4eeb517856dce9e98957542c03beff4ef5f642f56d2a0525763412a525e5e8eb188cf903b5bf39dc23653fc93823873313a5c62d9ad80578a5c0809448b44664f7d1723888db6cae01eae307c4d78e429e290e4849e54c257289c98524dbc6d18ca42ed4e39b639593bf4a25f7264f43a88f6011834b2b0ace25c32ba91a8daa761f1374db19e070f4491b94d9d08e51335f7eec11a60bf0203eabc1c780a4e3e9ac613111cd9d33132270d56e2de5a8a4faa26d5536d1f4e9652ce8494a44478db2239376a893be193a29b5acbeffdeac8c3f6c4391d9d6fa4cc8209561fc689eb5e6b47c1d481db613d07ad7e2576a0d4d29293f483afdeff2660ae3e24a78901565d94d810be3ea40ba6f4371132711c7c3709cdeb7e201b31fe332afb37d4d494721551e635440a862cec8f5a16b0ecf7cc4254809c3329fd2c9887284b3248531633873660bddada81a4d823625016baad569675907d06a3fe200d095993914e6f986648b1368cb511f19ac45c14525abd171c8053a666df0d6266d1bc096bb9dc4de9ba283b7b71ff6441a81524a516930f559310b351e29ef644cbffc5f29f187fbec9dadb6df1e32dd2e96baa26ee6555028fb7f4c974eb5ebe4d9d42bafb84c1e044afc24253f49ed76f99a6ba7eb596484fae81037a7c643a07102f49155a8c7286dcfa925202e38b58d3823445dff26389323fff8cf96d79c38bb3a9e80d0c85dc4d89a3420289e3f666fb38bc76b6a04d5854a23a5ba8ef871fa89b91c83973fc6c0b58c54573dca6581030daf76a61f1f502540ce0bb1babf9b2ff68ad037216a5b52b83238ff8a3a9352217217812d9e788dcebfa5672750841152e300b15250e35f249642a0001f8a8f7c0a54248b8a02477b70770401985d4e3e296091aba429a0a63629faada02f655de9389ce3134744384c68ab8a7f7924bd89f10c610732f61826edc6f38e5e256d713b6c471210367f65420da400235fd142caf0b4bd8e3e97bd45dc3a2782638bc03c974a0e1922e751e9647a2170b97e1bc77244f5ee312ccb8196d2f1a462727e674fd2198e0d54e7e8aedc9976e584766fccc36ba64570cd3dc3bd45ddb6dd0cd6069a51ad3ec61d6972e387f421d71f3e13fdc2efc073d852788dd71e87c92560147116c10c7eadeab939330336eac12c94ef3cd664f6bba6ee0925cde95920ca18721f5a4eb9c2151b4a02cba9b8fac0988d1089b8483e02177a4e624cd5c380df693552967e08c9f1547e6cd4d69e5f7388dfcbaaaa49396ca66ca62cca034fa99a6ed7c9736fbe9b7f61c4b596c021ab03eff0f4ed529aebe2b080e4ce93f2596569d89d35fa27be5c8cc8730c67f8a0f85b7bdb879e7eef536545490aa2b492f6ef23fb2e6ee3b2f7fabd3e01509fd73acdc5d041de9504e5cd6bc123af1120a3502a0d5a1b30cd56ce50cd53f97a53ed7fcf6e2c87c41745963ce4cbd9c797c742b83d9326b8219d91708c6f292bda519776d37e100ae06c7df29b0d3083c30de5d32668391cf3ea90cbafdc72ec888241bfe72cace59f4672564894eae86427123cce338c924327c45f6c692ae927dc4ab98e6ee2605582b9b657712365c46e125bac5e02cdfb8875d81b69585bbfa629eadfebd5459456d5827a844c457e93d9050b79b5fbf42c419c9cb79b3a7014f6c18ffbab6e49d613b4e627ae414e497b7dbeb493b9c13c67c2d3c8ce4445aa49c8fd33779b27dde61b447e618c832afaa3f64cfea37f87b0b384726b345f371f8fca325768915227601a2739ed83ea8112fd1da98a20845ef1294a14bb7328d646423348e2235cb5f4be3f8f66c166fdb64ed36f95681768f50d2796ca7b5556814ffbd802f3481ff5fc4dabc175e86ab95e2468748501dc3671b6d4a3c8b8fc17fff2e9d0eee48ef23e2e43c1bea2104f14ce155bc139bc57dabf03b7acd0cd58ac9c70504f88057b3c79403083798a8980acd75443dc76db8d76af3763875ed3cf84b17b5bd2a7fca140c96cccd56735688cd58f7fc75a0b6c3cb0e134bb693dfbc71fa40419fa2af6bc81b4ac906e447b5210c7b94ca1bc6ce1e747ce5fd234c5fdb6aa340f9eb3979648aeae7afce04705fd69efa64abbf2e2ddd41463f5a54d3f856b49ec2ddd7d87c214cecd0fe80239f1f3e8f217dcf7da49e5f073da76ff50b7946cd10543bfbc3d6d21dc01737b3d5a063eaf24290025372f5e1de1d93eed515fe8cd5db1ffb0db28c06a7951b0bdde8bfaee065df74ced82fb43ae3bfb3cba6c5a526d9d5920c8f54618e209711b22b726bd355b4637a897ae3e717f7c9b922da15875a123b4869b7fef890bebd25492eee1f992ea66a41a821aef5d0791b7b7c1c1cf11e9befa7345495a843b09a1a465ec9e56d9142d52ef0e954e62157175d5f21ea39f5724150847f73870885a63ccc979669420a5a891f749fdb25db365497202f82d9046acb5e1ba7f93c7cab232aae8ba1deff20854d765dbcb1d4b91c0c528c5403f275c67ed69011e033a7a978b88ca9419c13328c48f9ee3aea83acafba6fd04a51c982e6bf0992a920a78d1d393d80b8e0182176aa5ffa7f3d982e425cb69a761b2bb5959c1d7253c91d1e69881e1246be43a60e0f9438308266fdd214e2085313a706c7c55ac58a5c6dbf0b94396e86edc3b1d1d5e253db9fd4513dbb1f39ad59e6afdacf4c052eb30fb440a4e82c8b97e02f1d570d806c4d448db0dd7f6df96271a03ecd44d826f063db99df740c8bd61c22b41605a7625d99089f3dfdc851cd5ebf4005da91c777033af9149f962a30ed1e5d59fa3d4e1d8a9ecd144b6dfd45129211b80caa98ab1f741c04e8f6fddc8a93313b5890345432685daa68afae75cbedebc0cce68a1accb591ad19401f0205c17d12a65c93ea83f9491b67f8716cd6dc397090af1f47561866cb813deebecebf701a0b696e13c3f886f872a6f543caffc144aec04a55cc8282fe0be4c8436c61e4ffe0e17aba8dabe1476ff69e67fb3086fc8fc7d74fc0e62f4fe45fbce162ae447f355fc103a32acf6fc035325dbfd181f91da6298c03bf53804b119d104fc87de8532aea44a18c9a2bb4e33a3e23f6d6a262096e54fce36e16bce42cd18225eb228cf893ddc608f263b516090b2a8da0d4bd27599dcff4dbe4e25142db4842a667fda44afa4128b24326cade93f8dc06ee18b762974c68be5632f1c84efd3441079885c614273b810d1374d69500df38e98f092a5ea", @typed={0x8, 0x104, 0x0, 0x0, @fd=r5}]}, @typed={0x8, 0x1, 0x0, 0x0, @fd=r0}, @typed={0x8, 0xea, 0x0, 0x0, @pid=r6}, @nested={0x2d, 0x144, 0x0, 0x1, [@typed={0x8, 0x4d, 0x0, 0x0, @fd=r2}, @generic="125225406647df0b182a19a878970eacaa25afc60a08f202ea18664496", @nested={0x4, 0x110}]}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x2}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x6}]}, 0x10c4}, 0x1, 0x0, 0x0, 0x1}, 0x20008010) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000001c0), r1) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) clone$auto(0x2, 0xfffffffffffffffb, 0x0, 0x0, 0x8000000000000000) ptrace$auto_PTRACE_GET_THREAD_AREA(0x19, r6, 0x7ff, 0x9) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_DETACH(r2, 0x7aa, 0x0) 4.217942747s ago: executing program 2 (id=1004): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181842, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = ioctl$auto_NS_GET_PID_FROM_PIDNS(0xffffffffffffffff, 0x8004b706, &(0x7f0000000000)=0x7) close_range$auto(r0, r0, 0x3ff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xad41, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = socket(0xa, 0x1, 0x6) listen$auto(0x3, 0x85) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'veth1_virt_wifi\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) r8 = socket(0xa, 0x3, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r7, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r8, 0xd}, 0x92) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002ca153c40d0c27291b8ad11223a6edbd7000fbdbdf250200000008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4004004}, 0x800) read$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f0000001100)=""/4078, 0xfee) read$auto(0x4, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r9 = gettid() rt_sigqueueinfo$auto(r9, 0x1, 0x0) prctl$auto(0x1000000003b, 0x1, r9, 0x5, 0x7) uname$auto(0x0) sendmsg$auto_NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10301}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000002cc1d240b1af6a7749558efbde73a2e7c4b7b15808f34753101fdcf0331202804852480e066fb96a88becacd935e67732805ab2a861a41632938b881235ddbff64b97d251ff292e4ee43aec6abaa374b611ed9e97aff669aff0d79a1f15616bdafb7cd5c5d7ce32337c5f3357e1eb957", @ANYRES16=0x0, @ANYBLOB="000125bd7000ffdbdf2551000000040034010800350045090000"], 0x20}}, 0x40) ioctl$auto_SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x0) semctl$auto(0x204, 0xfffffffe, 0x3, 0x4) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) 4.168492073s ago: executing program 0 (id=1005): mmap$auto(0x0, 0x4020009, 0xdf, 0x10, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) r1 = socket(0xa, 0x1, 0x100) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x12, 0xd, 0x3ff, 0x400000000000948f, 0x23, 0x4, 0x3, 0x3, 0x62, 0x80000000, 0x3, 0x1, 0x9, 0x1, 0xea0e]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x401, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x4, 0x5, 0x9, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) r5 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000002f80), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)={0x1c, r5, 0x5, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) madvise$auto(0x0, 0x8, 0x16) ioctl$auto_BLKTRACESETUP32(r4, 0xc0401273, &(0x7f0000000340)={"b1a100b967be2e54e34c9d44929be213f9ecda96b6a1d2f6d86c74861092fb8c", 0x8001, 0xffffffff, 0x40, 0x2, 0x1, 0xffffffffffffffff}) sendmsg$auto_NL80211_CMD_LEAVE_IBSS(r1, &(0x7f0000000580)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="b0010000", @ANYRESDEC, @ANYRESOCT=0x0, @ANYRES32=r6, @ANYBLOB="a3a692c937d6889c54cbc2458ed7e1a3338238f90d4f461280f9092a7d7033be65ed7e142b7521f04b23444100005399222471aeaa74f504cb38cb66ad204de6df6e97b9c613f52492da3e5c39a2742f2a23b3612af0124a1250163dcdcf0c614071dea33757628487ff97897f59e6f3001539643f0fbd5f5a68d22c2af3408938b2bf5a7f51d0e18e033e56425e132b071e3ad5c6fb2ee2f4b55fae10f899c223f209f84033e629ecac7ed665e2fb1b0fe0e76e7c9cfb8563276c04e83c72bbc8030ea75b9480d151790ed95f51a71cfb1ab2cf4001c564f3cd0b72cfd7a6dff7ff3d5438a6315e7e2e43563e67e645371d98adb1d178cc6f5d3aa919a918c7f710ed5b17ae629dfac533311e16f1577ceedec32954b5364ce4435987c4c3e92c2f5b69c4504e126f8cfa5e40ea3d0405e9da214888d8daeb1b39ff2b368627f5c71d648261add93350ac2ea6bfe37123744e1400430000000000000000000000ffffffffffff0000f27f55c0c52d5ab0215839f06d0b98852e9f0000"], 0x1b0}, 0x1, 0x0, 0x0, 0x4008015}, 0xd0) madvise$auto(0x0, 0x200007, 0x19) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$auto(r8, &(0x7f0000000100)='\x01\x00\xa8a\xe0a\x1cJ4\x00\xaaN\xc8\xf9\x12\xeb\x00\xab`{U\x04\x12\xb0\x96\x82\x1f\x16\x11_\x97\x0e\x06\xa7Y}`@\x1b\x00\x00\x00\x00\x00\x00\x00\x00\xd22z\x14z\xbf\xf94\x92mP\x87[\xa4p\x93\xd4\xe3\xe8Vhpy\xf6\xce\xbb\x8c\xb2\xc9>\xd9Y\x8d\xbe\x90\xbcu*\xc8\xdc\x0e]\x01\xd1\x9e\x0f\x05_\xfc\xb8\xeb\xd9\xb7\xa4\a\xae\xa5I\f7\x17\x91L}m\xea\r+\xecy\xe1\xe0D\x824\xfc[+\x0f\xe0\x11\xe8\x83\xc4\"\xcc&z\x8c@pC\xb2\xf6k\x14~iA?\x90Pnj\x82\xea\xf0\xfa\xe8\xe1\x81Q6\x11\xe4T\xd5\xf0\xb1\xc65tr\x8b\x83^\xa17uXf\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x20000003, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mknod$auto(&(0x7f00000003c0)='./file0\x00', 0x9, 0x9) 2.985711822s ago: executing program 0 (id=1009): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r0, 0xae03, 0xd4) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kcmp$auto(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000d40)='/sys/devices/pci0000:00/0000:00:00.0/driver_override\x00', 0x4a401, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000d80)="b6c3", 0x2) setsockopt$auto(r2, 0x10c, 0x80b, 0x0, 0x4) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r2) prctl$auto_PR_SET_MM_ENV_END(0x4, 0xb, 0xffffffffffffffff, 0x2, 0xd354) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) mmap$auto(0x0, 0x40000000000000, 0x15e, 0x37, r0, 0x2e) ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0x60) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x0, 0x0, 0x0, 0x80000000) 2.791585381s ago: executing program 0 (id=1010): r0 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(0x0, 0x7ffd, 0x12) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x40000080) io_uring_setup$auto(0x4c2, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) ioctl$auto_PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) pwrite64$auto(r2, 0x0, 0x1, 0x27) mmap$auto(0x0, 0x20009, 0x4000000000d7, 0xeb1, 0x6, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/pvrusb2/parameters/vbi_nr\x00', 0x200, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) 2.638206098s ago: executing program 3 (id=1011): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x0, 0x0, 0x0, 0x80000000) 2.418563063s ago: executing program 3 (id=1012): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(r0, 0x805c6103, &(0x7f00000001c0)={"8911bd3a", 0xec, 0x0, 0x6, 0x4, 0x6, "feaf587cdf4d2f534a1c88d3e40a00", "e6cf6512", "f34cae3a", "91b30200", ["3ae887a128f1d8c79420d880", "b11feafce4d296d8c985d069", "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x80703, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x3, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bdi/1:3/max_ratio\x00', 0xa041, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/conf/default/ioam6_id_wide\x00', 0x40100, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0x3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) 1.335959879s ago: executing program 1 (id=1013): mmap$auto(0x3, 0x2000d, 0x4000000000db, 0xeb1, 0x401, 0x8400) socket(0x23, 0x1, 0x10) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x800, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/vxcan1/forwarding\x00', 0x82002, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/virt_wifi0/ra_defrtr_metric\x00', 0x0, 0x0) sendfile$auto(r2, r3, 0x0, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x747, 0x5, 0x8fd6, 0x948b, 0x3, 0xe, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC0\x00', 0x80, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x23, 0x6, 0x2009, 0x0, 0x0) ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000080)={0x67, 0x1, 0x7fff, 0x5, 0x80000000007, 0x1, 0x80000001, 0xff, 0x5, 0x7f, 0xfbfffffe, 0x5, 0x7fb, 0x4, 0x9}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000700)={{@raw=0x9, 0x7f, 0x2, 0x5, "26cb83211ffd7f6567850e138dd717bfeb7ab5c55e35d9811b26db6e6f8c5d7d57cdda7ca056a2a31e5dfe27"}, 0x0, @integer=@value=[0x4, 0x80, 0x1, 0x7a3, 0x3, 0xe0, 0xc1, 0x5, 0xd, 0x7f, 0x1, 0x922, 0x15, 0x8, 0x9, 0x25, 0xa, 0xe01, 0xb3b, 0x1, 0x5, 0xd85c, 0x8000000000000000, 0x5, 0xfffffffffffffbff, 0x3, 0xadd0, 0x7, 0x6c275d6c, 0x6, 0x5, 0x3, 0x3, 0x9, 0x7, 0x0, 0x6, 0x0, 0x5, 0x4, 0x4, 0x1000, 0x100000001, 0x0, 0xffff, 0x5, 0x2, 0xc, 0x2, 0x8, 0x7fffffffffffffff, 0x8, 0x6, 0x1000000000000, 0x2, 0x1, 0x0, 0x8, 0x3f, 0x4, 0x8, 0x7, 0x6, 0x9, 0x9, 0xc6b, 0x10001, 0x5, 0x8, 0x8000, 0x1, 0x0, 0x0, 0x5, 0x9cf8, 0xfffffffffffffffa, 0x1, 0x4, 0x3, 0xc6c4, 0x6, 0x3ff, 0xc, 0xa0fa, 0x1, 0x5, 0x0, 0xffffffffffffffff, 0xd, 0x6, 0xfffffffffffffffc, 0x2, 0x8404, 0x3, 0x7, 0xffffffffffffffff, 0x3, 0x100, 0x7, 0x8, 0x439, 0x0, 0x4, 0x0, 0x8, 0xb4, 0x7ff, 0x1ff, 0x5, 0x9, 0x0, 0x0, 0x6, 0x4, 0x9, 0x1, 0x6, 0x800, 0x4, 0x6, 0x100, 0x2, 0x8, 0x100000001, 0x80, 0x0, 0x5, 0x7], "1cd4f43065c34bdcb5fa6160f24c5f3eb5328361438ff4cd82ad2e9771421debdad4d39a52fc70b9012aff448a8b4a75e7c5126dc116dd8f5751e93614151d5a4f55a63e9ba1ad1e6542796d2a1cd644b0d756001b66abab0c0fd3b4287befd247e5410bef4c186120b5bed4ab64ffeb4b7c5a69166021a8814332515a657e93"}) mmap$auto(0xc, 0x120008, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) utimes$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)={0xe, 0x5}) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x348402, 0x0) process_mrelease$auto(0xffffffffffffffff, 0x0) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/options/event-fork\x00', 0x141702, 0x0) 786.16647ms ago: executing program 3 (id=1014): openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r0, 0x0, 0x80000000006) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000003540)='/proc/thread-self/setgroups\x00', 0x2, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r2, 0x2203, r2) writev$auto(r1, &(0x7f0000003600)={0x0, 0x2}, 0x8) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xb0000, 0x0) utimensat$auto(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000001cc0)={0x1f, 0x40000000}, 0x1000) 558.344358ms ago: executing program 3 (id=1015): mmap$auto(0x0, 0x3, 0xfffffffffffffff8, 0x200000eb1, 0xfffffffffffffffa, 0x1000000000000006) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video59\x00', 0xc8100, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0x18, 0x5, 0x6) r0 = socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x104, 0x3, 0x6, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x3ff]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xc, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x4, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/seq/queues\x00', 0x28000, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_ECCGETSTATS(r2, 0x80104d12, &(0x7f0000000200)={0xff, 0xfffffff8, 0xad, 0x8}) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/f2fs/features/project_quota\x00', 0x546c1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000180)=""/38, 0x26) munmap$auto(0x8b, 0x8592) mkdir$auto(0x0, 0x9) socket(0x25, 0x805, 0x3) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) mmap$auto(0x3, 0x6, 0xdf, 0x9b72, r0, 0x8000) io_uring_setup$auto(0x2, 0x0) 497.772432ms ago: executing program 0 (id=1016): openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)={0x0, 0x0, 0x13}, 0x18) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x60800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vivid.0/media8/power/autosuspend_delay_ms\x00', 0x20040, 0x0) ioctl$auto(r0, 0x901064ac, 0x5) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 79.659828ms ago: executing program 0 (id=1017): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0) sendfile$auto(r0, r0, 0x0, 0x1fc) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000280), 0x8001, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) (async) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x0, 0xe3, 0x100000007f}]}) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff) (async) prctl$auto(0x8, 0x47cf, 0xffffffffffffffff, 0x7fff, 0xfffffffffffffffd) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000002e80)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4048c40}, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x3}, 0x7, 0x0, 0x8, 0xb2) (async) socket(0x11, 0x3, 0x9) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) (async) r5 = socket(0x2c, 0x2, 0x4) (async) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='%!\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fbdbdf250300000009000200cacd2dff11000000040012"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0xb06af94f6e038a6) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) (async) pidfd_open$auto(0x1, 0x0) socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x3f, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001200c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 0s ago: executing program 2 (id=1018): mmap$auto(0x2, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x444000, 0xd0, 0x1c}, 0x18) open_tree_attr$auto(r0, &(0x7f0000000180)='./file0\x00', 0x7, &(0x7f00000001c0)={0x200, 0xfffffffffffffff9, 0x7fff, @raw}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/exception_policy\x00', 0xc0201, 0x0) write$auto_tomoyo_operations_securityfs_if(r1, 0x0, 0x0) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x39442, 0x0) syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x23, 0x5, 0x8106) io_uring_setup$auto(0x23ffffe, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/cec/cec30/status\x00', 0x0, 0x0) sysfs$auto(0x2, 0x0, 0x0) r2 = gettid() openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x8c100, 0x0) r3 = gettid() ptrace$auto_PTRACE_SYSCALL(0x18, r2, 0x2, 0x4f5) kill$auto(r3, 0x11) ppoll$auto(0x0, 0xb, 0x0, &(0x7f00000002c0)={0x5}, 0x8) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x1) prctl$auto(0x805, 0x100000000004, 0x4, 0x3, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a3042, 0x0) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0xa, 0x100073) kernel console output (not intermixed with test programs): mes 0 [ 206.593752][ T7949] CPU: 1 UID: 0 PID: 7949 Comm: syz.1.367 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 206.593794][ T7949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.593811][ T7949] Call Trace: [ 206.593821][ T7949] [ 206.593832][ T7949] dump_stack_lvl+0x16c/0x1f0 [ 206.593883][ T7949] should_fail_ex+0x512/0x640 [ 206.593929][ T7949] ? __kmalloc_noprof+0xbf/0x510 [ 206.593977][ T7949] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 206.594018][ T7949] should_failslab+0xc2/0x120 [ 206.594047][ T7949] __kmalloc_noprof+0xd2/0x510 [ 206.594090][ T7949] ? __pfx___mutex_trylock_common+0x10/0x10 [ 206.594154][ T7949] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 206.594200][ T7949] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 206.594257][ T7949] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 206.594293][ T7949] ? __pfx___mutex_lock+0x10/0x10 [ 206.594336][ T7949] ? genl_get_cmd+0x194/0x580 [ 206.594383][ T7949] ? __radix_tree_lookup+0x21f/0x2c0 [ 206.594431][ T7949] genl_rcv_msg+0x55c/0x800 [ 206.594471][ T7949] ? __pfx_genl_rcv_msg+0x10/0x10 [ 206.594509][ T7949] ? __pfx_ctrl_getfamily+0x10/0x10 [ 206.594560][ T7949] netlink_rcv_skb+0x158/0x420 [ 206.594591][ T7949] ? __pfx_genl_rcv_msg+0x10/0x10 [ 206.594630][ T7949] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 206.594683][ T7949] ? netlink_deliver_tap+0x1ae/0xd30 [ 206.594739][ T7949] genl_rcv+0x28/0x40 [ 206.594769][ T7949] netlink_unicast+0x53a/0x7f0 [ 206.594806][ T7949] ? __pfx_netlink_unicast+0x10/0x10 [ 206.594850][ T7949] netlink_sendmsg+0x8d1/0xdd0 [ 206.594888][ T7949] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.594937][ T7949] __sys_sendto+0x4a3/0x520 [ 206.594979][ T7949] ? __pfx___sys_sendto+0x10/0x10 [ 206.595032][ T7949] ? find_held_lock+0x2b/0x80 [ 206.595092][ T7949] __x64_sys_sendto+0xe0/0x1c0 [ 206.595132][ T7949] ? do_syscall_64+0x91/0x490 [ 206.595176][ T7949] ? lockdep_hardirqs_on+0x7c/0x110 [ 206.595219][ T7949] do_syscall_64+0xcd/0x490 [ 206.595267][ T7949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.595297][ T7949] RIP: 0033:0x7f5c3c9907bc [ 206.595321][ T7949] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 206.595351][ T7949] RSP: 002b:00007f5c3d843ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 206.595377][ T7949] RAX: ffffffffffffffda RBX: 00007f5c3d843fc0 RCX: 00007f5c3c9907bc [ 206.595396][ T7949] RDX: 000000000000001c RSI: 00007f5c3d844010 RDI: 0000000000000006 [ 206.595412][ T7949] RBP: 0000000000000000 R08: 00007f5c3d843f14 R09: 000000000000000c [ 206.595429][ T7949] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006 [ 206.595446][ T7949] R13: 00007f5c3d843f68 R14: 00007f5c3d844010 R15: 0000000000000000 [ 206.595483][ T7949] [ 208.611253][ T7976] FAULT_INJECTION: forcing a failure. [ 208.611253][ T7976] name failslab, interval 1, probability 0, space 0, times 0 [ 208.637275][ T7976] CPU: 1 UID: 0 PID: 7976 Comm: syz.2.372 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 208.637322][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.637341][ T7976] Call Trace: [ 208.637352][ T7976] [ 208.637364][ T7976] dump_stack_lvl+0x16c/0x1f0 [ 208.637418][ T7976] should_fail_ex+0x512/0x640 [ 208.637466][ T7976] ? fs_reclaim_acquire+0xae/0x150 [ 208.637509][ T7976] ? tomoyo_encode2+0x100/0x3e0 [ 208.637551][ T7976] should_failslab+0xc2/0x120 [ 208.637583][ T7976] __kmalloc_noprof+0xd2/0x510 [ 208.637632][ T7976] ? d_absolute_path+0x136/0x1a0 [ 208.637673][ T7976] tomoyo_encode2+0x100/0x3e0 [ 208.637722][ T7976] tomoyo_encode+0x29/0x50 [ 208.637763][ T7976] tomoyo_realpath_from_path+0x18f/0x6e0 [ 208.637831][ T7976] tomoyo_path_number_perm+0x245/0x580 [ 208.637868][ T7976] ? tomoyo_path_number_perm+0x237/0x580 [ 208.637911][ T7976] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 208.637953][ T7976] ? find_held_lock+0x2b/0x80 [ 208.638024][ T7976] ? find_held_lock+0x2b/0x80 [ 208.638057][ T7976] ? hook_file_ioctl_common+0x145/0x410 [ 208.638103][ T7976] ? __fget_files+0x20e/0x3c0 [ 208.638155][ T7976] security_file_ioctl+0x9b/0x240 [ 208.638199][ T7976] __x64_sys_ioctl+0xb7/0x210 [ 208.638242][ T7976] do_syscall_64+0xcd/0x490 [ 208.638295][ T7976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.638328][ T7976] RIP: 0033:0x7f4397b8e929 [ 208.638354][ T7976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.638384][ T7976] RSP: 002b:00007f4398a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.638414][ T7976] RAX: ffffffffffffffda RBX: 00007f4397db5fa0 RCX: 00007f4397b8e929 [ 208.638435][ T7976] RDX: 0000000000000000 RSI: 00000000000007a4 RDI: 0000000000000004 [ 208.638453][ T7976] RBP: 00007f4398a81090 R08: 0000000000000000 R09: 0000000000000000 [ 208.638472][ T7976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.638490][ T7976] R13: 0000000000000000 R14: 00007f4397db5fa0 R15: 00007ffd28675ab8 [ 208.638531][ T7976] [ 208.638558][ T7976] ERROR: Out of memory at tomoyo_realpath_from_path. [ 209.282125][ T7994] netlink: 350 bytes leftover after parsing attributes in process `syz.0.375'. [ 211.123322][ T8033] vivid-003: ================= START STATUS ================= [ 211.131305][ T8033] vivid-003: Radio HW Seek Mode: Bounded [ 211.137041][ T8033] vivid-003: Radio Programmable HW Seek: false [ 211.173411][ T8033] vivid-003: RDS Rx I/O Mode: Block I/O [ 211.189077][ T8033] vivid-003: Generate RBDS Instead of RDS: false [ 211.197547][ T8033] vivid-003: RDS Reception: true [ 211.228971][ T8033] vivid-003: RDS Program Type: 0 inactive [ 211.234832][ T8033] vivid-003: RDS PS Name: inactive [ 211.262284][ T8033] vivid-003: RDS Radio Text: inactive [ 211.267876][ T8033] vivid-003: RDS Traffic Announcement: false inactive [ 211.287371][ T8033] vivid-003: RDS Traffic Program: false inactive [ 211.306853][ T8033] vivid-003: RDS Music: false inactive [ 211.370976][ T8033] vivid-003: ================== END STATUS ================== [ 211.436258][ T8038] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 211.642982][ T8036] FAULT_INJECTION: forcing a failure. [ 211.642982][ T8036] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.728777][ T8036] CPU: 0 UID: 0 PID: 8036 Comm: syz.3.385 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 211.728818][ T8036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.728835][ T8036] Call Trace: [ 211.728844][ T8036] [ 211.728854][ T8036] dump_stack_lvl+0x16c/0x1f0 [ 211.728903][ T8036] should_fail_ex+0x512/0x640 [ 211.728967][ T8036] _copy_to_user+0x32/0xd0 [ 211.729018][ T8036] simple_read_from_buffer+0xcb/0x170 [ 211.729063][ T8036] proc_fail_nth_read+0x197/0x270 [ 211.729101][ T8036] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.729141][ T8036] ? rw_verify_area+0xcf/0x680 [ 211.729181][ T8036] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.729218][ T8036] vfs_read+0x1e1/0xc60 [ 211.729268][ T8036] ? __pfx___mutex_lock+0x10/0x10 [ 211.729327][ T8036] ? __pfx_vfs_read+0x10/0x10 [ 211.729379][ T8036] ? __fget_files+0x20e/0x3c0 [ 211.729431][ T8036] ksys_read+0x12a/0x250 [ 211.729471][ T8036] ? __pfx_ksys_read+0x10/0x10 [ 211.729514][ T8036] ? fput+0x70/0xf0 [ 211.729554][ T8036] do_syscall_64+0xcd/0x490 [ 211.729601][ T8036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.729630][ T8036] RIP: 0033:0x7f7cb898d33c [ 211.729652][ T8036] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 211.729680][ T8036] RSP: 002b:00007f7cb9803030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 211.729706][ T8036] RAX: ffffffffffffffda RBX: 00007f7cb8bb5fa0 RCX: 00007f7cb898d33c [ 211.729724][ T8036] RDX: 000000000000000f RSI: 00007f7cb98030a0 RDI: 0000000000000005 [ 211.729741][ T8036] RBP: 00007f7cb9803090 R08: 0000000000000000 R09: 0000000000000000 [ 211.729757][ T8036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.729773][ T8036] R13: 0000000000000000 R14: 00007f7cb8bb5fa0 R15: 00007fffc3df9838 [ 211.729826][ T8036] [ 212.077440][ T8039] Invalid ELF header magic: != ELF [ 212.270112][ T8046] could not allocate digest TFM handle [ 212.320105][ T8038] could not allocate digest TFM handle [ 212.654336][ T8065] netlink: 350 bytes leftover after parsing attributes in process `syz.1.389'. [ 214.181282][ T8090] FAULT_INJECTION: forcing a failure. [ 214.181282][ T8090] name failslab, interval 1, probability 0, space 0, times 0 [ 214.194342][ T8090] CPU: 0 UID: 0 PID: 8090 Comm: syz.3.393 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 214.194387][ T8090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.194407][ T8090] Call Trace: [ 214.194419][ T8090] [ 214.194428][ T8090] dump_stack_lvl+0x16c/0x1f0 [ 214.194467][ T8090] should_fail_ex+0x512/0x640 [ 214.194502][ T8090] ? __kmalloc_noprof+0xbf/0x510 [ 214.194540][ T8090] ? lsm_blob_alloc+0x68/0x90 [ 214.194576][ T8090] should_failslab+0xc2/0x120 [ 214.194598][ T8090] __kmalloc_noprof+0xd2/0x510 [ 214.194640][ T8090] lsm_blob_alloc+0x68/0x90 [ 214.194677][ T8090] security_sk_alloc+0x30/0x270 [ 214.194704][ T8090] sk_prot_alloc+0x1c7/0x2a0 [ 214.194731][ T8090] sk_alloc+0x36/0xc20 [ 214.194764][ T8090] __netlink_create+0x5e/0x2c0 [ 214.194801][ T8090] __netlink_kernel_create+0xed/0x750 [ 214.194825][ T8090] ? __lock_acquire+0x622/0x1c90 [ 214.194859][ T8090] ? __pfx___netlink_kernel_create+0x10/0x10 [ 214.194892][ T8090] rtnetlink_net_init+0xb9/0x140 [ 214.194925][ T8090] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 214.194958][ T8090] ? lockdep_init_map_type+0x5c/0x280 [ 214.194991][ T8090] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 214.195021][ T8090] ? __pfx_rtnetlink_bind+0x10/0x10 [ 214.195052][ T8090] ? lockdep_init_map_type+0x5c/0x280 [ 214.195087][ T8090] ? debug_mutex_init+0x37/0x70 [ 214.195114][ T8090] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 214.195153][ T8090] ops_init+0x1df/0x5f0 [ 214.195194][ T8090] setup_net+0x1ff/0x510 [ 214.195230][ T8090] ? lockdep_init_map_type+0x5c/0x280 [ 214.195265][ T8090] ? __pfx_setup_net+0x10/0x10 [ 214.195304][ T8090] ? debug_mutex_init+0x37/0x70 [ 214.195331][ T8090] copy_net_ns+0x2a6/0x5f0 [ 214.195358][ T8090] create_new_namespaces+0x3ea/0xa90 [ 214.195393][ T8090] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 214.195425][ T8090] ksys_unshare+0x45b/0xa40 [ 214.195458][ T8090] ? __pfx_ksys_unshare+0x10/0x10 [ 214.195492][ T8090] ? xfd_validate_state+0x61/0x180 [ 214.195539][ T8090] __x64_sys_unshare+0x31/0x40 [ 214.195572][ T8090] do_syscall_64+0xcd/0x490 [ 214.195612][ T8090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.195636][ T8090] RIP: 0033:0x7f7cb898e929 [ 214.195655][ T8090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.195677][ T8090] RSP: 002b:00007f7cb9803038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 214.195699][ T8090] RAX: ffffffffffffffda RBX: 00007f7cb8bb5fa0 RCX: 00007f7cb898e929 [ 214.195714][ T8090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 214.195728][ T8090] RBP: 00007f7cb8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 214.195742][ T8090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.195755][ T8090] R13: 0000000000000000 R14: 00007f7cb8bb5fa0 R15: 00007fffc3df9838 [ 214.195785][ T8090] [ 214.479226][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.522014][ T8133] netlink: 350 bytes leftover after parsing attributes in process `syz.0.399'. [ 219.577704][ T8211] netlink: 350 bytes leftover after parsing attributes in process `syz.0.410'. [ 219.824873][ T8217] netlink: 504 bytes leftover after parsing attributes in process `syz.1.412'. [ 219.872387][ T8217] netlink: 350 bytes leftover after parsing attributes in process `syz.1.412'. [ 221.857717][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 221.857864][ T5857] Bluetooth: hci0: command 0x0406 tx timeout [ 221.864564][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 222.386894][ T8247] FAULT_INJECTION: forcing a failure. [ 222.386894][ T8247] name failslab, interval 1, probability 0, space 0, times 0 [ 222.416461][ T8247] CPU: 1 UID: 0 PID: 8247 Comm: syz.2.419 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 222.416508][ T8247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.416528][ T8247] Call Trace: [ 222.416539][ T8247] [ 222.416551][ T8247] dump_stack_lvl+0x16c/0x1f0 [ 222.416617][ T8247] should_fail_ex+0x512/0x640 [ 222.416666][ T8247] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 222.416723][ T8247] should_failslab+0xc2/0x120 [ 222.416756][ T8247] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 222.416808][ T8247] ? vm_area_dup+0x27/0x8d0 [ 222.416860][ T8247] vm_area_dup+0x27/0x8d0 [ 222.416907][ T8247] __split_vma+0x18e/0x1070 [ 222.416961][ T8247] ? __pfx___split_vma+0x10/0x10 [ 222.417032][ T8247] vms_gather_munmap_vmas+0x392/0x1310 [ 222.417089][ T8247] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 222.417143][ T8247] ? mas_walk+0x6a6/0x910 [ 222.417200][ T8247] __mmap_region+0x3c7/0x25e0 [ 222.417253][ T8247] ? __pfx___mmap_region+0x10/0x10 [ 222.417304][ T8247] ? rcu_is_watching+0x12/0xc0 [ 222.417349][ T8247] ? rcu_is_watching+0x12/0xc0 [ 222.417383][ T8247] ? trace_sched_exit_tp+0xde/0x130 [ 222.417431][ T8247] ? __schedule+0x1181/0x5de0 [ 222.417471][ T8247] ? __pfx_tcp_release_cb+0x10/0x10 [ 222.417528][ T8247] ? __lock_acquire+0xb71/0x1c90 [ 222.417589][ T8247] ? __lock_acquire+0x622/0x1c90 [ 222.417640][ T8247] ? __pfx___schedule+0x10/0x10 [ 222.417734][ T8247] ? trace_cap_capable+0x18d/0x200 [ 222.417783][ T8247] mmap_region+0x1ab/0x3f0 [ 222.417839][ T8247] ? __get_unmapped_area+0x267/0x440 [ 222.417882][ T8247] do_mmap+0xa3e/0x1210 [ 222.417927][ T8247] ? __pfx_do_mmap+0x10/0x10 [ 222.417965][ T8247] ? __pfx_down_write_killable+0x10/0x10 [ 222.418007][ T8247] vm_mmap_pgoff+0x281/0x450 [ 222.418050][ T8247] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 222.418095][ T8247] ? __x64_sys_futex+0x1e0/0x4c0 [ 222.418134][ T8247] ? __x64_sys_futex+0x1e9/0x4c0 [ 222.418181][ T8247] ksys_mmap_pgoff+0x7d/0x5c0 [ 222.418216][ T8247] ? xfd_validate_state+0x61/0x180 [ 222.418261][ T8247] ? __sys_setsockopt+0x140/0x1a0 [ 222.418313][ T8247] __x64_sys_mmap+0x125/0x190 [ 222.418366][ T8247] do_syscall_64+0xcd/0x490 [ 222.418420][ T8247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.418453][ T8247] RIP: 0033:0x7f4397b8e929 [ 222.418481][ T8247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.418512][ T8247] RSP: 002b:00007f4398a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 222.418544][ T8247] RAX: ffffffffffffffda RBX: 00007f4397db5fa0 RCX: 00007f4397b8e929 [ 222.418565][ T8247] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 222.418592][ T8247] RBP: 00007f4397c10b39 R08: 0000000000000002 R09: 0000000000008000 [ 222.418613][ T8247] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 222.418633][ T8247] R13: 0000000000000000 R14: 00007f4397db5fa0 R15: 00007ffd28675ab8 [ 222.418677][ T8247] [ 222.456899][ T8250] netlink: 504 bytes leftover after parsing attributes in process `syz.1.420'. [ 222.658517][ T8252] FAULT_INJECTION: forcing a failure. [ 222.658517][ T8252] name failslab, interval 1, probability 0, space 0, times 0 [ 222.838761][ T8250] netlink: 350 bytes leftover after parsing attributes in process `syz.1.420'. [ 222.852333][ T8252] CPU: 0 UID: 0 PID: 8252 Comm: syz.0.418 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 222.852379][ T8252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.852398][ T8252] Call Trace: [ 222.852408][ T8252] [ 222.852420][ T8252] dump_stack_lvl+0x16c/0x1f0 [ 222.852476][ T8252] should_fail_ex+0x512/0x640 [ 222.852524][ T8252] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 222.852578][ T8252] should_failslab+0xc2/0x120 [ 222.852610][ T8252] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 222.852661][ T8252] ? mas_alloc_nodes+0x18b/0x8b0 [ 222.852711][ T8252] mas_alloc_nodes+0x18b/0x8b0 [ 222.852771][ T8252] mas_node_count_gfp+0x105/0x130 [ 222.852819][ T8252] mas_preallocate+0x7e0/0xde0 [ 222.852849][ T8252] ? __memcg_slab_post_alloc_hook+0x402/0x960 [ 222.852893][ T8252] ? __pfx_mas_preallocate+0x10/0x10 [ 222.852939][ T8252] ? anon_vma_name+0x75/0x100 [ 222.852982][ T8252] __split_vma+0x34a/0x1070 [ 222.853040][ T8252] ? __pfx___split_vma+0x10/0x10 [ 222.853108][ T8252] vms_gather_munmap_vmas+0x392/0x1310 [ 222.853165][ T8252] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 222.853218][ T8252] ? mas_walk+0x6a6/0x910 [ 222.853274][ T8252] __mmap_region+0x3c7/0x25e0 [ 222.853329][ T8252] ? __pfx___mmap_region+0x10/0x10 [ 222.853379][ T8252] ? find_held_lock+0x2b/0x80 [ 222.853420][ T8252] ? finish_task_switch.isra.0+0x221/0xc10 [ 222.853456][ T8252] ? lockdep_hardirqs_on+0x7c/0x110 [ 222.853503][ T8252] ? finish_task_switch.isra.0+0x221/0xc10 [ 222.853541][ T8252] ? rcu_is_watching+0x12/0xc0 [ 222.853587][ T8252] ? trace_sched_exit_tp+0xde/0x130 [ 222.853643][ T8252] ? __schedule+0x1181/0x5de0 [ 222.853684][ T8252] ? kvm_sched_clock_read+0x11/0x20 [ 222.853725][ T8252] ? sched_clock+0x38/0x60 [ 222.853776][ T8252] ? lock_acquire+0x179/0x350 [ 222.853823][ T8252] ? find_held_lock+0x2b/0x80 [ 222.853910][ T8252] ? trace_cap_capable+0x18d/0x200 [ 222.853957][ T8252] mmap_region+0x1ab/0x3f0 [ 222.854007][ T8252] ? __get_unmapped_area+0x267/0x440 [ 222.854048][ T8252] do_mmap+0xa3e/0x1210 [ 222.854095][ T8252] ? __pfx_do_mmap+0x10/0x10 [ 222.854132][ T8252] ? __pfx_down_write_killable+0x10/0x10 [ 222.854172][ T8252] vm_mmap_pgoff+0x281/0x450 [ 222.854213][ T8252] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 222.854243][ T8252] ? __fget_files+0x204/0x3c0 [ 222.854296][ T8252] ? __x64_sys_futex+0x1e0/0x4c0 [ 222.854333][ T8252] ? __x64_sys_futex+0x1e9/0x4c0 [ 222.854378][ T8252] ksys_mmap_pgoff+0x7d/0x5c0 [ 222.854411][ T8252] ? xfd_validate_state+0x61/0x180 [ 222.854453][ T8252] ? __sys_setsockopt+0x140/0x1a0 [ 222.854502][ T8252] __x64_sys_mmap+0x125/0x190 [ 222.854552][ T8252] do_syscall_64+0xcd/0x490 [ 222.854605][ T8252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.854637][ T8252] RIP: 0033:0x7effd6f8e929 [ 222.854663][ T8252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.854693][ T8252] RSP: 002b:00007effd7d0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 222.854723][ T8252] RAX: ffffffffffffffda RBX: 00007effd71b6080 RCX: 00007effd6f8e929 [ 222.854744][ T8252] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 222.854769][ T8252] RBP: 00007effd7010b39 R08: 0000000000000002 R09: 0000000000008000 [ 222.854789][ T8252] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 222.854808][ T8252] R13: 0000000000000000 R14: 00007effd71b6080 R15: 00007ffed01b9af8 [ 222.854850][ T8252] [ 224.048937][ T8263] Invalid ELF header magic: != ELF [ 224.159849][ T8269] vivid-003: ================= START STATUS ================= [ 224.172301][ T8269] vivid-003: Radio HW Seek Mode: Bounded [ 224.178191][ T8269] vivid-003: Radio Programmable HW Seek: false [ 224.185608][ T8269] vivid-003: RDS Rx I/O Mode: Block I/O [ 224.213445][ T8269] vivid-003: Generate RBDS Instead of RDS: false [ 224.219922][ T8269] vivid-003: RDS Reception: true [ 224.244363][ T8269] vivid-003: RDS Program Type: 0 inactive [ 224.254956][ T8269] vivid-003: RDS PS Name: inactive [ 224.271242][ T8269] vivid-003: RDS Radio Text: inactive [ 224.287265][ T8269] vivid-003: RDS Traffic Announcement: false inactive [ 224.331115][ T8269] vivid-003: RDS Traffic Program: false inactive [ 224.411354][ T8269] vivid-003: RDS Music: false inactive [ 224.435078][ T8269] vivid-003: ================== END STATUS ================== [ 225.258394][ T8299] vivid-003: ================= START STATUS ================= [ 225.300395][ T8299] vivid-003: Radio HW Seek Mode: Bounded [ 225.330492][ T8299] vivid-003: Radio Programmable HW Seek: false [ 225.369618][ T8299] vivid-003: RDS Rx I/O Mode: Block I/O [ 225.407172][ T8299] vivid-003: Generate RBDS Instead of RDS: false [ 225.440109][ T8299] vivid-003: RDS Reception: true [ 225.482015][ T8299] vivid-003: RDS Program Type: 0 inactive [ 225.487857][ T8299] vivid-003: RDS PS Name: inactive [ 225.506976][ T8299] vivid-003: RDS Radio Text: inactive [ 225.536562][ T8299] vivid-003: RDS Traffic Announcement: false inactive [ 225.586488][ T8299] vivid-003: RDS Traffic Program: false inactive [ 225.651874][ T8299] vivid-003: RDS Music: false inactive [ 225.657466][ T8299] vivid-003: ================== END STATUS ================== [ 225.817746][ T8286] Invalid ELF header magic: != ELF [ 227.697443][ T8340] Invalid ELF header magic: != ELF [ 228.567655][ T8369] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 228.572082][ T8370] netlink: 504 bytes leftover after parsing attributes in process `syz.0.439'. [ 228.611687][ T8370] netlink: 350 bytes leftover after parsing attributes in process `syz.0.439'. [ 229.695123][ T8373] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 230.427823][ T8395] netlink: 504 bytes leftover after parsing attributes in process `syz.0.445'. [ 230.438963][ T8395] netlink: 350 bytes leftover after parsing attributes in process `syz.0.445'. [ 231.063967][ T8407] nvme_fcloop: unknown parameter or missing value '^/]' [ 232.232734][ T8413] netlink: 12 bytes leftover after parsing attributes in process `syz.3.448'. [ 235.916136][ T8468] openvswitch: netlink: nsh attr 68 is out of range max 3 [ 236.436844][ T8480] FAULT_INJECTION: forcing a failure. [ 236.436844][ T8480] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 236.436906][ T8480] CPU: 0 UID: 0 PID: 8480 Comm: syz.3.465 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 236.436946][ T8480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.436964][ T8480] Call Trace: [ 236.436974][ T8480] [ 236.436985][ T8480] dump_stack_lvl+0x16c/0x1f0 [ 236.437038][ T8480] should_fail_ex+0x512/0x640 [ 236.437097][ T8480] should_fail_alloc_page+0xe7/0x130 [ 236.437130][ T8480] prepare_alloc_pages+0x3c2/0x610 [ 236.437167][ T8480] ? rcu_is_watching+0x12/0xc0 [ 236.437204][ T8480] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 236.437272][ T8480] ? rcu_is_watching+0x12/0xc0 [ 236.437305][ T8480] ? trace_mm_page_alloc+0x11f/0x1a0 [ 236.437341][ T8480] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 236.437392][ T8480] ? __pfx_stack_trace_save+0x10/0x10 [ 236.437433][ T8480] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 236.437522][ T8480] ? alloc_vmap_area+0xdc8/0x29c0 [ 236.437558][ T8480] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 236.437603][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.437644][ T8480] ? do_syscall_64+0xcd/0x490 [ 236.437693][ T8480] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.437746][ T8480] alloc_pages_bulk_noprof+0x71c/0x1410 [ 236.437799][ T8480] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 236.437854][ T8480] ? policy_nodemask+0xea/0x4e0 [ 236.437898][ T8480] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 236.437954][ T8480] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 236.438006][ T8480] kasan_populate_vmalloc+0xf1/0x1f0 [ 236.438066][ T8480] alloc_vmap_area+0x959/0x29c0 [ 236.438121][ T8480] ? __pfx_alloc_vmap_area+0x10/0x10 [ 236.438172][ T8480] __get_vm_area_node+0x1ca/0x330 [ 236.438221][ T8480] __vmalloc_node_range_noprof+0x271/0x14b0 [ 236.438267][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.438320][ T8480] ? __lock_acquire+0xb8a/0x1c90 [ 236.438367][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.438420][ T8480] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 236.438468][ T8480] ? __alloc_pages_noprof+0xb/0x1b0 [ 236.438518][ T8480] ? ___kmalloc_large_node+0x84/0x1e0 [ 236.438556][ T8480] ? find_held_lock+0x2b/0x80 [ 236.438599][ T8480] __kvmalloc_node_noprof+0x30a/0x620 [ 236.438660][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.438703][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.438752][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.438792][ T8480] __do_sys_listmount+0x1c2/0xec0 [ 236.438841][ T8480] ? __x64_sys_futex+0x1e0/0x4c0 [ 236.438880][ T8480] ? __x64_sys_futex+0x1e9/0x4c0 [ 236.438933][ T8480] ? __pfx___do_sys_listmount+0x10/0x10 [ 236.438996][ T8480] do_syscall_64+0xcd/0x490 [ 236.439050][ T8480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.439084][ T8480] RIP: 0033:0x7f7cb898e929 [ 236.439111][ T8480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.439142][ T8480] RSP: 002b:00007f7cb97e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 236.439172][ T8480] RAX: ffffffffffffffda RBX: 00007f7cb8bb6080 RCX: 00007f7cb898e929 [ 236.439193][ T8480] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 236.439212][ T8480] RBP: 00007f7cb8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 236.439231][ T8480] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 236.439249][ T8480] R13: 0000000000000000 R14: 00007f7cb8bb6080 R15: 00007fffc3df9838 [ 236.439290][ T8480] [ 236.579172][ T8480] syz.3.465: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 236.579291][ T8480] CPU: 1 UID: 0 PID: 8480 Comm: syz.3.465 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 236.579334][ T8480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.579353][ T8480] Call Trace: [ 236.579363][ T8480] [ 236.579375][ T8480] dump_stack_lvl+0x16c/0x1f0 [ 236.579429][ T8480] warn_alloc+0x248/0x3a0 [ 236.579494][ T8480] ? __pfx_warn_alloc+0x10/0x10 [ 236.579545][ T8480] ? kfree+0x2b4/0x4d0 [ 236.579594][ T8480] ? __get_vm_area_node+0x208/0x330 [ 236.579640][ T8480] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 236.579696][ T8480] ? __lock_acquire+0xb8a/0x1c90 [ 236.579741][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.579800][ T8480] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 236.579845][ T8480] ? __alloc_pages_noprof+0xb/0x1b0 [ 236.579894][ T8480] ? ___kmalloc_large_node+0x84/0x1e0 [ 236.579931][ T8480] ? find_held_lock+0x2b/0x80 [ 236.579973][ T8480] __kvmalloc_node_noprof+0x30a/0x620 [ 236.580021][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.580064][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.580112][ T8480] ? __do_sys_listmount+0x1c2/0xec0 [ 236.580151][ T8480] __do_sys_listmount+0x1c2/0xec0 [ 236.580200][ T8480] ? __x64_sys_futex+0x1e0/0x4c0 [ 236.580239][ T8480] ? __x64_sys_futex+0x1e9/0x4c0 [ 236.580281][ T8480] ? __pfx___do_sys_listmount+0x10/0x10 [ 236.580342][ T8480] do_syscall_64+0xcd/0x490 [ 236.580395][ T8480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.580429][ T8480] RIP: 0033:0x7f7cb898e929 [ 236.580455][ T8480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.580487][ T8480] RSP: 002b:00007f7cb97e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 236.580516][ T8480] RAX: ffffffffffffffda RBX: 00007f7cb8bb6080 RCX: 00007f7cb898e929 [ 236.580538][ T8480] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 236.580559][ T8480] RBP: 00007f7cb8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 236.580581][ T8480] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 236.580603][ T8480] R13: 0000000000000000 R14: 00007f7cb8bb6080 R15: 00007fffc3df9838 [ 236.580650][ T8480] [ 236.613001][ T8480] Mem-Info: [ 236.613019][ T8480] active_anon:20637 inactive_anon:0 isolated_anon:0 [ 236.613019][ T8480] active_file:16471 inactive_file:40059 isolated_file:0 [ 236.613019][ T8480] unevictable:798 dirty:678 writeback:0 [ 236.613019][ T8480] slab_reclaimable:10495 slab_unreclaimable:96682 [ 236.613019][ T8480] mapped:29741 shmem:11213 pagetables:1195 [ 236.613019][ T8480] sec_pagetables:0 bounce:0 [ 236.613019][ T8480] kernel_misc_reclaimable:0 [ 236.613019][ T8480] free:1303729 free_pcp:17027 free_cma:0 [ 236.613097][ T8480] Node 0 active_anon:82548kB inactive_anon:0kB active_file:65884kB inactive_file:160032kB unevictable:1656kB isolated(anon):0kB isolated(file):0kB mapped:118964kB dirty:2708kB writeback:0kB shmem:42496kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12420kB pagetables:4616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 236.613176][ T8480] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 236.613251][ T8480] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 236.613359][ T8480] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 236.613423][ T8480] Node 0 DMA32 free:1309332kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:82504kB inactive_anon:0kB active_file:65884kB inactive_file:158704kB unevictable:1656kB writepending:2708kB present:3129332kB managed:2540352kB mlocked:120kB bounce:0kB free_pcp:44644kB local_pcp:21544kB free_cma:0kB [ 236.613518][ T8480] lowmem_reserve[]: 0 0 1 1 1 [ 236.613577][ T8480] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 236.613665][ T8480] lowmem_reserve[]: 0 0 0 0 0 [ 236.613721][ T8480] Node 1 Normal free:3890216kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:23456kB local_pcp:10048kB free_cma:0kB [ 236.613822][ T8480] lowmem_reserve[]: 0 0 0 0 0 [ 236.613882][ T8480] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 236.614079][ T8480] Node 0 DMA32: 1*4kB (M) 0*8kB 27*16kB (UE) 520*32kB (UME) 547*64kB (UM) 191*128kB (UME) 119*256kB (UM) 48*512kB (UME) 18*1024kB (UM) 10*2048kB (UM) 278*4096kB (UM) = 1309172kB [ 236.614333][ T8480] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 237.492352][ T8480] Node 1 Normal: 250*4kB (UME) 36*8kB (UME) 44*16kB (UME) 87*32kB (UME) 38*64kB (UME) 14*128kB (UME) 5*256kB (UME) 2*512kB (M) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3890216kB [ 237.492630][ T8480] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 237.492654][ T8480] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=2 hugepages_size=2048kB [ 237.492676][ T8480] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 237.492699][ T8480] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 237.492722][ T8480] 68739 total pagecache pages [ 237.492733][ T8480] 0 pages in swap cache [ 237.492744][ T8480] Free swap = 124984kB [ 237.492755][ T8480] Total swap = 124996kB [ 237.492767][ T8480] 2097051 pages RAM [ 237.492776][ T8480] 0 pages HighMem/MovableOnly [ 237.492786][ T8480] 429985 pages reserved [ 237.492797][ T8480] 0 pages cma reserved [ 238.392482][ T8499] FAULT_INJECTION: forcing a failure. [ 238.392482][ T8499] name failslab, interval 1, probability 0, space 0, times 0 [ 238.392526][ T8499] CPU: 0 UID: 0 PID: 8499 Comm: syz.1.468 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 238.392563][ T8499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.392588][ T8499] Call Trace: [ 238.392597][ T8499] [ 238.392609][ T8499] dump_stack_lvl+0x16c/0x1f0 [ 238.392657][ T8499] should_fail_ex+0x512/0x640 [ 238.392699][ T8499] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 238.392748][ T8499] should_failslab+0xc2/0x120 [ 238.392777][ T8499] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 238.392821][ T8499] ? vma_merge_new_range+0x37f/0xa00 [ 238.392862][ T8499] ? vm_area_alloc+0x1f/0x160 [ 238.392906][ T8499] vm_area_alloc+0x1f/0x160 [ 238.392964][ T8499] __mmap_region+0xf0a/0x25e0 [ 238.393016][ T8499] ? __pfx___mmap_region+0x10/0x10 [ 238.393079][ T8499] ? mark_held_locks+0x49/0x80 [ 238.393119][ T8499] ? finish_task_switch.isra.0+0x221/0xc10 [ 238.393154][ T8499] ? lockdep_hardirqs_on+0x7c/0x110 [ 238.393200][ T8499] ? finish_task_switch.isra.0+0x221/0xc10 [ 238.393236][ T8499] ? rcu_is_watching+0x12/0xc0 [ 238.393348][ T8499] mmap_region+0x1ab/0x3f0 [ 238.393396][ T8499] ? __get_unmapped_area+0x267/0x440 [ 238.393447][ T8499] do_mmap+0xa3e/0x1210 [ 238.393491][ T8499] ? __pfx_do_mmap+0x10/0x10 [ 238.393527][ T8499] ? __pfx_down_write_killable+0x10/0x10 [ 238.393567][ T8499] vm_mmap_pgoff+0x281/0x450 [ 238.393607][ T8499] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 238.393648][ T8499] ? __x64_sys_futex+0x1e0/0x4c0 [ 238.393687][ T8499] ? __x64_sys_futex+0x1e9/0x4c0 [ 238.393731][ T8499] ksys_mmap_pgoff+0x7d/0x5c0 [ 238.393764][ T8499] ? xfd_validate_state+0x61/0x180 [ 238.393804][ T8499] ? __sys_setsockopt+0x140/0x1a0 [ 238.393872][ T8499] __x64_sys_mmap+0x125/0x190 [ 238.393924][ T8499] do_syscall_64+0xcd/0x490 [ 238.393974][ T8499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.394006][ T8499] RIP: 0033:0x7f5c3c98e929 [ 238.394030][ T8499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.394061][ T8499] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 238.394089][ T8499] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 238.394109][ T8499] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 238.394128][ T8499] RBP: 00007f5c3ca10b39 R08: 0000000000000002 R09: 0000000000008000 [ 238.394149][ T8499] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 238.394169][ T8499] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 238.394212][ T8499] [ 239.360185][ T8510] vivid-003: ================= START STATUS ================= [ 239.360212][ T8510] vivid-003: Radio HW Seek Mode: Bounded [ 239.360251][ T8510] vivid-003: Radio Programmable HW Seek: false [ 239.360285][ T8510] vivid-003: RDS Rx I/O Mode: Block I/O [ 239.360320][ T8510] vivid-003: Generate RBDS Instead of RDS: false [ 239.360354][ T8510] vivid-003: RDS Reception: true [ 239.360386][ T8510] vivid-003: RDS Program Type: 0 inactive [ 239.360429][ T8510] vivid-003: RDS PS Name: inactive [ 239.360468][ T8510] vivid-003: RDS Radio Text: inactive [ 239.360508][ T8510] vivid-003: RDS Traffic Announcement: false inactive [ 239.360549][ T8510] vivid-003: RDS Traffic Program: false inactive [ 239.360590][ T8510] vivid-003: RDS Music: false inactive [ 239.360643][ T8510] vivid-003: ================== END STATUS ================== [ 239.571584][ T8520] random: crng reseeded on system resumption [ 240.526917][ T8540] vivid-007: ================= START STATUS ================= [ 240.540017][ T8540] vivid-007: Generate PTS: true [ 240.580104][ T8540] vivid-007: Generate SCR: true [ 240.592322][ T8540] tpg source WxH: 320x240 (Y'CbCr) [ 240.631642][ T8540] tpg field: 1 [ 240.662373][ T8545] FAULT_INJECTION: forcing a failure. [ 240.662373][ T8545] name failslab, interval 1, probability 0, space 0, times 0 [ 240.687568][ T8540] tpg crop: (0,0)/320x240 [ 240.695892][ T8540] tpg compose: (0,0)/320x240 [ 240.696936][ T8545] CPU: 0 UID: 0 PID: 8545 Comm: syz.1.481 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 240.696988][ T8545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.697015][ T8545] Call Trace: [ 240.697027][ T8545] [ 240.697046][ T8545] dump_stack_lvl+0x16c/0x1f0 [ 240.697108][ T8545] should_fail_ex+0x512/0x640 [ 240.697162][ T8545] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 240.697222][ T8545] should_failslab+0xc2/0x120 [ 240.697258][ T8545] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 240.697322][ T8545] ? mas_alloc_nodes+0x18b/0x8b0 [ 240.697380][ T8545] mas_alloc_nodes+0x18b/0x8b0 [ 240.697447][ T8545] mas_node_count_gfp+0x105/0x130 [ 240.697522][ T8545] mas_preallocate+0x7e0/0xde0 [ 240.697560][ T8545] ? __memcg_slab_post_alloc_hook+0x402/0x960 [ 240.697609][ T8545] ? __pfx_mas_preallocate+0x10/0x10 [ 240.697663][ T8545] ? anon_vma_name+0x75/0x100 [ 240.697711][ T8545] __split_vma+0x34a/0x1070 [ 240.697773][ T8545] ? __pfx___split_vma+0x10/0x10 [ 240.697853][ T8545] vms_gather_munmap_vmas+0x392/0x1310 [ 240.697919][ T8545] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 240.697981][ T8545] ? mas_walk+0x6a6/0x910 [ 240.698049][ T8545] __mmap_region+0x3c7/0x25e0 [ 240.698113][ T8545] ? __pfx___mmap_region+0x10/0x10 [ 240.698171][ T8545] ? rcu_is_watching+0x12/0xc0 [ 240.698220][ T8545] ? rcu_is_watching+0x12/0xc0 [ 240.698260][ T8545] ? trace_sched_exit_tp+0xde/0x130 [ 240.698315][ T8545] ? __schedule+0x1181/0x5de0 [ 240.698370][ T8545] ? __lock_acquire+0xb71/0x1c90 [ 240.698433][ T8545] ? __lock_acquire+0x622/0x1c90 [ 240.698489][ T8545] ? __pfx___schedule+0x10/0x10 [ 240.698594][ T8545] ? trace_cap_capable+0x18d/0x200 [ 240.698647][ T8545] mmap_region+0x1ab/0x3f0 [ 240.698714][ T8545] ? __get_unmapped_area+0x267/0x440 [ 240.698762][ T8545] do_mmap+0xa3e/0x1210 [ 240.698813][ T8545] ? __pfx_do_mmap+0x10/0x10 [ 240.698858][ T8545] ? __pfx_down_write_killable+0x10/0x10 [ 240.698905][ T8545] vm_mmap_pgoff+0x281/0x450 [ 240.698951][ T8545] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 240.698986][ T8545] ? __fget_files+0x204/0x3c0 [ 240.699046][ T8545] ? __x64_sys_futex+0x1e0/0x4c0 [ 240.699091][ T8545] ? __x64_sys_futex+0x1e9/0x4c0 [ 240.699142][ T8545] ksys_mmap_pgoff+0x7d/0x5c0 [ 240.699181][ T8545] ? xfd_validate_state+0x61/0x180 [ 240.699230][ T8545] ? __sys_setsockopt+0x140/0x1a0 [ 240.699294][ T8545] __x64_sys_mmap+0x125/0x190 [ 240.699354][ T8545] do_syscall_64+0xcd/0x490 [ 240.699413][ T8545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.699449][ T8545] RIP: 0033:0x7f5c3c98e929 [ 240.699480][ T8545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.699515][ T8545] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 240.699568][ T8545] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 240.699593][ T8545] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 240.699617][ T8545] RBP: 00007f5c3ca10b39 R08: 0000000000000002 R09: 0000000000008000 [ 240.699641][ T8545] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 240.699669][ T8545] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 240.699716][ T8545] [ 241.021809][ T8540] tpg colorspace: 8 [ 241.082117][ T8540] tpg transfer function: 0/0 [ 241.086787][ T8540] tpg Y'CbCr encoding: 0/0 [ 241.135871][ T8540] tpg quantization: 0/0 [ 241.204792][ T8540] tpg RGB range: 0/2 [ 241.235964][ T8540] vivid-007: ================== END STATUS ================== [ 241.980559][ T8557] random: crng reseeded on system resumption [ 242.400494][ T51] Bluetooth: hci2: Malformed LE Event: 0x1d [ 242.628693][ T8562] random: crng reseeded on system resumption [ 242.774404][ T8566] HfR: entered promiscuous mode [ 242.833991][ T8573] vivid-003: ================= START STATUS ================= [ 243.008057][ T8573] vivid-003: Radio HW Seek Mode: Bounded [ 243.099577][ T8573] vivid-003: Radio Programmable HW Seek: false [ 243.159715][ T8573] vivid-003: RDS Rx I/O Mode: Block I/O [ 243.165382][ T8573] vivid-003: Generate RBDS Instead of RDS: false [ 243.342979][ T8573] vivid-003: RDS Reception: true [ 243.362747][ T8573] vivid-003: RDS Program Type: 0 inactive [ 243.408079][ T8573] vivid-003: RDS PS Name: inactive [ 243.476704][ T8573] vivid-003: RDS Radio Text: inactive [ 243.538442][ T8573] vivid-003: RDS Traffic Announcement: false inactive [ 243.569603][ T8573] vivid-003: RDS Traffic Program: false inactive [ 243.625764][ T8573] vivid-003: RDS Music: false inactive [ 243.709463][ T8573] vivid-003: ================== END STATUS ================== [ 245.465754][ T8597] ksmbd: Unknown IPC event: 14, ignore. [ 245.490304][ T8597] syz.3.494(8597): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 247.381609][ T8619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.499'. [ 248.400764][ T8623] vivid-003: ================= START STATUS ================= [ 248.416005][ T8623] vivid-003: Radio HW Seek Mode: Bounded [ 248.428192][ T8623] vivid-003: Radio Programmable HW Seek: false [ 248.486987][ T8623] vivid-003: RDS Rx I/O Mode: Block I/O [ 248.500300][ T8623] vivid-003: Generate RBDS Instead of RDS: false [ 248.530800][ T8623] vivid-003: RDS Reception: true [ 248.602137][ T8623] vivid-003: RDS Program Type: 0 inactive [ 248.673167][ T8623] vivid-003: RDS PS Name: inactive [ 248.728464][ T8623] vivid-003: RDS Radio Text: inactive [ 248.792929][ T8623] vivid-003: RDS Traffic Announcement: false inactive [ 248.883372][ T8623] vivid-003: RDS Traffic Program: false inactive [ 248.978168][ T8623] vivid-003: RDS Music: false inactive [ 249.072795][ T8623] vivid-003: ================== END STATUS ================== [ 250.241677][ T8647] cougar: G6 mapped to space [ 250.696529][ T8193] bridge_slave_1: left allmulticast mode [ 250.696606][ T8193] bridge_slave_1: left promiscuous mode [ 250.697775][ T8193] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.740786][ T8193] bridge_slave_0: left allmulticast mode [ 250.740821][ T8193] bridge_slave_0: left promiscuous mode [ 250.741073][ T8193] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.251006][ T8193] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.262036][ T8669] random: crng reseeded on system resumption [ 252.277492][ T8193] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.332744][ T8193] bond0 (unregistering): Released all slaves [ 253.476014][ T8688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.515'. [ 254.068998][ T8193] hsr_slave_0: left promiscuous mode [ 254.130316][ T8193] hsr_slave_1: left promiscuous mode [ 254.136934][ T8193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.190199][ T8193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.236400][ T8193] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.264247][ T8193] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.344424][ T8193] veth1_macvtap: left promiscuous mode [ 254.375223][ T8193] veth0_macvtap: left promiscuous mode [ 254.400106][ T8193] veth1_vlan: left promiscuous mode [ 254.409636][ T8193] veth0_vlan: left promiscuous mode [ 254.552777][ T8705] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 254.922698][ T8715] netlink: 4 bytes leftover after parsing attributes in process `syz.1.522'. [ 254.967925][ T8715] input: f as /devices/virtual/input/input13 [ 255.583038][ T8193] team0 (unregistering): Port device team_slave_1 removed [ 255.706296][ T8193] team0 (unregistering): Port device team_slave_0 removed [ 258.564278][ T8747] Invalid ELF header magic: != ELF [ 259.201807][ T8770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.533'. [ 259.241059][ T8770] input: f as /devices/virtual/input/input14 [ 260.385740][ T8796] zswap: compressor 000 not available [ 260.735017][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.741635][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.649796][ T8837] random: crng reseeded on system resumption [ 264.190653][ T8883] netlink: 20 bytes leftover after parsing attributes in process `syz.2.549'. [ 264.474167][ T8883] hsr_slave_0 (unregistering): left promiscuous mode [ 264.919041][ T8876] kexec: Could not allocate control_code_buffer [ 265.468648][ T8894] FAULT_INJECTION: forcing a failure. [ 265.468648][ T8894] name failslab, interval 1, probability 0, space 0, times 0 [ 265.570104][ T8894] CPU: 1 UID: 0 PID: 8894 Comm: syz.0.551 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 265.570152][ T8894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.570173][ T8894] Call Trace: [ 265.570185][ T8894] [ 265.570197][ T8894] dump_stack_lvl+0x16c/0x1f0 [ 265.570254][ T8894] should_fail_ex+0x512/0x640 [ 265.570302][ T8894] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 265.570359][ T8894] should_failslab+0xc2/0x120 [ 265.570390][ T8894] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 265.570443][ T8894] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 265.570495][ T8894] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 265.570555][ T8894] idr_get_free+0x528/0xa30 [ 265.570618][ T8894] idr_alloc_u32+0x190/0x2f0 [ 265.570667][ T8894] ? __pfx_idr_alloc_u32+0x10/0x10 [ 265.570720][ T8894] ? __pfx___mutex_lock+0x10/0x10 [ 265.570777][ T8894] idr_alloc+0xc0/0x130 [ 265.570821][ T8894] ? __pfx_idr_alloc+0x10/0x10 [ 265.570865][ T8894] ? lockdep_init_map_type+0x5c/0x280 [ 265.570923][ T8894] drm_mode_create_lease_ioctl+0x1262/0x1fb0 [ 265.570973][ T8894] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 265.571013][ T8894] ? kasan_quarantine_put+0x10a/0x240 [ 265.571079][ T8894] ? drm_is_current_master+0x2c/0x40 [ 265.571124][ T8894] ? do_raw_spin_unlock+0x172/0x230 [ 265.571160][ T8894] drm_ioctl_kernel+0x1f1/0x3e0 [ 265.571212][ T8894] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 265.571248][ T8894] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 265.571313][ T8894] drm_ioctl+0x5c9/0xc30 [ 265.571371][ T8894] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 265.571408][ T8894] ? __pfx_drm_ioctl+0x10/0x10 [ 265.571460][ T8894] ? find_held_lock+0x2b/0x80 [ 265.571517][ T8894] ? __pfx_drm_ioctl+0x10/0x10 [ 265.571600][ T8894] __x64_sys_ioctl+0x18e/0x210 [ 265.571647][ T8894] do_syscall_64+0xcd/0x490 [ 265.571702][ T8894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.571737][ T8894] RIP: 0033:0x7effd6f8e929 [ 265.571764][ T8894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.571799][ T8894] RSP: 002b:00007effd4df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 265.571831][ T8894] RAX: ffffffffffffffda RBX: 00007effd71b6160 RCX: 00007effd6f8e929 [ 265.571853][ T8894] RDX: 00000000000001e2 RSI: 00000000000064c6 RDI: 000000000000000a [ 265.571873][ T8894] RBP: 00007effd7010b39 R08: 0000000000000000 R09: 0000000000000000 [ 265.571893][ T8894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.571913][ T8894] R13: 0000000000000000 R14: 00007effd71b6160 R15: 00007ffed01b9af8 [ 265.571955][ T8894] [ 266.931357][ T8910] could not allocate digest TFM handle [ 269.307672][ T8935] kexec: Could not allocate control_code_buffer [ 269.404366][ T8943] Invalid ELF header magic: != ELF [ 271.181477][ T8974] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163ec69 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 271.197221][ T8974] Call Trace: [ 271.200642][ T8974] [ 271.203643][ T8974] ? __pfx_mce_cpu_restart+0x10/0x10 [ 271.209102][ T8974] mce_cpu_restart+0x98/0xb0 [ 271.213801][ T8974] smp_call_function_many_cond+0xef9/0x1510 [ 271.219767][ T8974] ? __pfx_mce_cpu_restart+0x10/0x10 [ 271.225161][ T8974] ? lockdep_hardirqs_on+0x7c/0x110 [ 271.230446][ T8974] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 271.236339][ T8974] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 271.242759][ T8974] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 271.248833][ T8974] ? __pfx_mce_cpu_restart+0x10/0x10 [ 271.254226][ T8974] on_each_cpu_cond_mask+0x40/0x90 [ 271.259514][ T8974] set_bank+0x240/0x3a0 [ 271.263767][ T8974] ? __pfx_set_bank+0x10/0x10 [ 271.268526][ T8974] ? find_held_lock+0x2b/0x80 [ 271.273287][ T8974] ? __pfx_set_bank+0x10/0x10 [ 271.278049][ T8974] dev_attr_store+0x58/0x80 [ 271.282623][ T8974] ? __pfx_dev_attr_store+0x10/0x10 [ 271.287876][ T8974] sysfs_kf_write+0xef/0x150 [ 271.292520][ T8974] kernfs_fop_write_iter+0x354/0x510 [ 271.297932][ T8974] ? __pfx_sysfs_kf_write+0x10/0x10 [ 271.303171][ T8974] vfs_write+0x6c4/0x1150 [ 271.307536][ T8974] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 271.313393][ T8974] ? __pfx___mutex_lock+0x10/0x10 [ 271.318502][ T8974] ? __pfx_vfs_write+0x10/0x10 [ 271.323362][ T8974] ksys_write+0x12a/0x250 [ 271.327729][ T8974] ? __pfx_ksys_write+0x10/0x10 [ 271.332633][ T8974] do_syscall_64+0xcd/0x490 [ 271.337175][ T8974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.343086][ T8974] RIP: 0033:0x7f5c3c98e929 [ 271.347526][ T8974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.367168][ T8974] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 271.375628][ T8974] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 271.383623][ T8974] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 271.391629][ T8974] RBP: 00007f5c3ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 271.399652][ T8974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.407672][ T8974] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 271.415694][ T8974] [ 271.418856][ C0] vkms_vblank_simulate: vblank timer overrun [ 274.047194][ T9018] Invalid ELF header magic: != ELF [ 275.351577][ T9046] capability: warning: `syz.1.576' uses 32-bit capabilities (legacy support in use) [ 275.650910][ T9054] vivid-003: ================= START STATUS ================= [ 275.658647][ T9054] vivid-003: Radio HW Seek Mode: Bounded [ 275.685567][ T9054] vivid-003: Radio Programmable HW Seek: false [ 275.708794][ T9054] vivid-003: RDS Rx I/O Mode: Block I/O [ 275.767291][ T9054] vivid-003: Generate RBDS Instead of RDS: false [ 275.802189][ T9054] vivid-003: RDS Reception: true [ 275.807248][ T9054] vivid-003: RDS Program Type: 0 inactive [ 275.856399][ T9054] vivid-003: RDS PS Name: inactive [ 275.879793][ T9054] vivid-003: RDS Radio Text: inactive [ 275.890009][ T9054] vivid-003: RDS Traffic Announcement: false inactive [ 275.911481][ T9054] vivid-003: RDS Traffic Program: false inactive [ 275.935902][ T51] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 276.040177][ T9054] vivid-003: RDS Music: false inactive [ 276.068566][ T9054] vivid-003: ================== END STATUS ================== [ 276.352793][ T9072] netlink: 28 bytes leftover after parsing attributes in process `syz.2.581'. [ 276.384531][ T9072] ipvlan0: entered allmulticast mode [ 276.420880][ T9072] veth0_vlan: entered allmulticast mode [ 277.184693][ T30] audit: type=1806 audit(26583.001:4): xattr="." res=0 [ 277.816635][ T9104] random: crng reseeded on system resumption [ 278.338305][ T9123] netlink: 504 bytes leftover after parsing attributes in process `syz.1.590'. [ 278.367420][ T9123] netlink: 350 bytes leftover after parsing attributes in process `syz.1.590'. [ 279.189290][ T9125] random: crng reseeded on system resumption [ 279.673814][ T9143] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 279.692096][ T9143] input: f as /devices/virtual/input/input15 [ 279.979400][ T9148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.596'. [ 280.014121][ T9148] input: f as /devices/virtual/input/input16 [ 280.457710][ T30] audit: type=1804 audit(26586.281:5): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.597" name="/newroot/169/file0" dev="tmpfs" ino=898 res=1 errno=0 [ 280.502678][ T30] audit: type=1800 audit(26586.281:6): pid=9156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.597" name="file0" dev="tmpfs" ino=898 res=0 errno=0 [ 280.925974][ T9136] Invalid ELF header magic: != ELF [ 281.974232][ T9187] random: crng reseeded on system resumption [ 283.313371][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 283.566239][ T9188] Invalid ELF header magic: != ELF [ 283.905100][ T9224] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 283.957723][ T9223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.608'. [ 284.651228][ T9239] can: request_module (can-proto-0) failed. [ 286.655323][ T5167] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 286.655600][ T5167] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 286.671645][ T5167] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 286.671731][ T5167] Bluetooth: hci3: adv larger than maximum supported [ 286.679180][ T5167] Bluetooth: hci3: adv larger than maximum supported [ 286.686675][ T5167] Bluetooth: hci3: Malformed LE Event: 0x0d [ 287.519185][ T9280] Invalid ELF header magic: != ELF [ 289.272692][ T9330] netlink: 4 bytes leftover after parsing attributes in process `syz.3.628'. [ 289.817334][ T9343] netlink: 504 bytes leftover after parsing attributes in process `syz.2.632'. [ 289.858239][ T9343] netlink: 350 bytes leftover after parsing attributes in process `syz.2.632'. [ 290.464349][ T9359] random: crng reseeded on system resumption [ 294.461875][ T9408] random: crng reseeded on system resumption [ 294.639836][ T9409] Invalid ELF header magic: != ELF [ 299.154857][ T9471] FAULT_INJECTION: forcing a failure. [ 299.154857][ T9471] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 299.213139][ T9471] CPU: 0 UID: 0 PID: 9471 Comm: syz.0.656 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 299.213181][ T9471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.213196][ T9471] Call Trace: [ 299.213203][ T9471] [ 299.213211][ T9471] dump_stack_lvl+0x16c/0x1f0 [ 299.213251][ T9471] should_fail_ex+0x512/0x640 [ 299.213289][ T9471] should_fail_alloc_page+0xe7/0x130 [ 299.213314][ T9471] prepare_alloc_pages+0x3c2/0x610 [ 299.213341][ T9471] ? rcu_is_watching+0x12/0xc0 [ 299.213369][ T9471] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 299.213428][ T9471] ? rcu_is_watching+0x12/0xc0 [ 299.213454][ T9471] ? trace_mm_page_alloc+0x11f/0x1a0 [ 299.213481][ T9471] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 299.213520][ T9471] ? __pfx_stack_trace_save+0x10/0x10 [ 299.213549][ T9471] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 299.213596][ T9471] ? alloc_vmap_area+0x645/0x29c0 [ 299.213620][ T9471] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 299.213651][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.213681][ T9471] ? do_syscall_64+0xcd/0x490 [ 299.213715][ T9471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.213752][ T9471] alloc_pages_bulk_noprof+0x71c/0x1410 [ 299.213788][ T9471] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 299.213827][ T9471] ? policy_nodemask+0xea/0x4e0 [ 299.213853][ T9471] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 299.213891][ T9471] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 299.213927][ T9471] kasan_populate_vmalloc+0xf1/0x1f0 [ 299.213967][ T9471] alloc_vmap_area+0x959/0x29c0 [ 299.214005][ T9471] ? __pfx_alloc_vmap_area+0x10/0x10 [ 299.214039][ T9471] __get_vm_area_node+0x1ca/0x330 [ 299.214085][ T9471] __vmalloc_node_range_noprof+0x271/0x14b0 [ 299.214115][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.214150][ T9471] ? __lock_acquire+0xb8a/0x1c90 [ 299.214189][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.214225][ T9471] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 299.214257][ T9471] ? __alloc_pages_noprof+0xb/0x1b0 [ 299.214291][ T9471] ? ___kmalloc_large_node+0x84/0x1e0 [ 299.214317][ T9471] ? find_held_lock+0x2b/0x80 [ 299.214346][ T9471] __kvmalloc_node_noprof+0x30a/0x620 [ 299.214380][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.214410][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.214443][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.214471][ T9471] __do_sys_listmount+0x1c2/0xec0 [ 299.214505][ T9471] ? __x64_sys_futex+0x1e0/0x4c0 [ 299.214533][ T9471] ? __x64_sys_futex+0x1e9/0x4c0 [ 299.214561][ T9471] ? __pfx___do_sys_listmount+0x10/0x10 [ 299.214604][ T9471] do_syscall_64+0xcd/0x490 [ 299.214641][ T9471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.214664][ T9471] RIP: 0033:0x7effd6f8e929 [ 299.214682][ T9471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.214705][ T9471] RSP: 002b:00007effd7d30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 299.214727][ T9471] RAX: ffffffffffffffda RBX: 00007effd71b5fa0 RCX: 00007effd6f8e929 [ 299.214742][ T9471] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 299.214756][ T9471] RBP: 00007effd7010b39 R08: 0000000000000000 R09: 0000000000000000 [ 299.214770][ T9471] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 299.214784][ T9471] R13: 0000000000000000 R14: 00007effd71b5fa0 R15: 00007ffed01b9af8 [ 299.214812][ T9471] [ 299.215766][ T9471] syz.0.656: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 299.613204][ T9473] sysfs_service_op_store: Client not running :-5: [ 299.639940][ T9471] ,cpuset=/,mems_allowed=0-1 [ 299.644660][ T9471] CPU: 1 UID: 0 PID: 9471 Comm: syz.0.656 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 299.644702][ T9471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.644722][ T9471] Call Trace: [ 299.644734][ T9471] [ 299.644747][ T9471] dump_stack_lvl+0x16c/0x1f0 [ 299.644802][ T9471] warn_alloc+0x248/0x3a0 [ 299.644856][ T9471] ? __pfx_warn_alloc+0x10/0x10 [ 299.644909][ T9471] ? kfree+0x2b4/0x4d0 [ 299.644962][ T9471] ? __get_vm_area_node+0x208/0x330 [ 299.645012][ T9471] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 299.645068][ T9471] ? __lock_acquire+0xb8a/0x1c90 [ 299.645115][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.645170][ T9471] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 299.645218][ T9471] ? __alloc_pages_noprof+0xb/0x1b0 [ 299.645268][ T9471] ? ___kmalloc_large_node+0x84/0x1e0 [ 299.645305][ T9471] ? find_held_lock+0x2b/0x80 [ 299.645349][ T9471] __kvmalloc_node_noprof+0x30a/0x620 [ 299.645405][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.645450][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.645501][ T9471] ? __do_sys_listmount+0x1c2/0xec0 [ 299.645541][ T9471] __do_sys_listmount+0x1c2/0xec0 [ 299.645597][ T9471] ? __x64_sys_futex+0x1e0/0x4c0 [ 299.645638][ T9471] ? __x64_sys_futex+0x1e9/0x4c0 [ 299.645681][ T9471] ? __pfx___do_sys_listmount+0x10/0x10 [ 299.645745][ T9471] do_syscall_64+0xcd/0x490 [ 299.645800][ T9471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.645834][ T9471] RIP: 0033:0x7effd6f8e929 [ 299.645861][ T9471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.645894][ T9471] RSP: 002b:00007effd7d30038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 299.645924][ T9471] RAX: ffffffffffffffda RBX: 00007effd71b5fa0 RCX: 00007effd6f8e929 [ 299.645946][ T9471] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 299.645968][ T9471] RBP: 00007effd7010b39 R08: 0000000000000000 R09: 0000000000000000 [ 299.645989][ T9471] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 299.646009][ T9471] R13: 0000000000000000 R14: 00007effd71b5fa0 R15: 00007ffed01b9af8 [ 299.646053][ T9471] [ 299.885034][ T9471] Mem-Info: [ 299.888244][ T9471] active_anon:45136 inactive_anon:0 isolated_anon:0 [ 299.888244][ T9471] active_file:13897 inactive_file:42771 isolated_file:0 [ 299.888244][ T9471] unevictable:768 dirty:534 writeback:0 [ 299.888244][ T9471] slab_reclaimable:10366 slab_unreclaimable:95513 [ 299.888244][ T9471] mapped:41177 shmem:32486 pagetables:1238 [ 299.888244][ T9471] sec_pagetables:0 bounce:0 [ 299.888244][ T9471] kernel_misc_reclaimable:0 [ 299.888244][ T9471] free:1279833 free_pcp:18666 free_cma:0 [ 299.968185][ T9471] Node 0 active_anon:183944kB inactive_anon:0kB active_file:55588kB inactive_file:170880kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:169008kB dirty:2132kB writeback:0kB shmem:130188kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12208kB pagetables:4788kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 300.029368][ T9471] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 300.119863][ T9471] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 300.226061][ T9471] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 300.299837][ T9471] Node 0 DMA32 free:1204308kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:187220kB inactive_anon:0kB active_file:58724kB inactive_file:169552kB unevictable:1536kB writepending:2200kB present:3129332kB managed:2540352kB mlocked:0kB bounce:0kB free_pcp:49560kB local_pcp:15620kB free_cma:0kB [ 300.491506][ T9471] lowmem_reserve[]: 0 0 1 1 1 [ 300.496289][ T9471] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:8kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 300.548794][ T9483] random: crng reseeded on system resumption [ 300.580813][ T9471] lowmem_reserve[]: 0 0 0 0 0 [ 300.585648][ T9471] Node 1 Normal free:3883640kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:29932kB local_pcp:14584kB free_cma:0kB [ 300.775282][ T9484] sysfs_service_op_show: Client not running :-5: [ 300.779903][ T9471] lowmem_reserve[]: 0 0 0 0 0 [ 300.788139][ T9471] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 300.879791][ T9471] Node 0 DMA32: 705*4kB (U) 512*8kB (UM) 283*16kB (UME) 487*32kB (U) 76*64kB (UME) 67*128kB (UME) 27*256kB (UME) 23*512kB (UME) 14*1024kB (UM) 6*2048kB (UME) 273*4096kB (UM) = 1203988kB [ 300.977985][ T9471] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 301.037459][ T9471] Node 1 Normal: 53*4kB (UE) 10*8kB (UME) 11*16kB (UE) 55*32kB (UE) 33*64kB (UE) 7*128kB (UE) 3*256kB (UE) 0*512kB 1*1024kB (E) 1*2048kB (E) 946*4096kB (M) = 3883892kB [ 301.178042][ T9471] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 301.223425][ T9471] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 301.260561][ T9471] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 301.270682][ T9471] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 301.280433][ T9471] 87520 total pagecache pages [ 301.280450][ T9471] 0 pages in swap cache [ 301.280462][ T9471] Free swap = 124992kB [ 301.280474][ T9471] Total swap = 124996kB [ 301.280544][ T9471] 2097051 pages RAM [ 301.280552][ T9471] 0 pages HighMem/MovableOnly [ 301.280561][ T9471] 429985 pages reserved [ 301.280569][ T9471] 0 pages cma reserved [ 302.264374][ T9508] FAULT_INJECTION: forcing a failure. [ 302.264374][ T9508] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.282562][ T9490] Invalid ELF header magic: != ELF [ 302.345219][ T9508] CPU: 1 UID: 0 PID: 9508 Comm: syz.0.662 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 302.345265][ T9508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.345285][ T9508] Call Trace: [ 302.345295][ T9508] [ 302.345307][ T9508] dump_stack_lvl+0x16c/0x1f0 [ 302.345359][ T9508] should_fail_ex+0x512/0x640 [ 302.345413][ T9508] _copy_from_user+0x2e/0xd0 [ 302.345466][ T9508] copy_msghdr_from_user+0x98/0x160 [ 302.345515][ T9508] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 302.345572][ T9508] ? __pfx__kstrtoull+0x10/0x10 [ 302.345620][ T9508] ___sys_sendmsg+0xfe/0x1d0 [ 302.345670][ T9508] ? __pfx____sys_sendmsg+0x10/0x10 [ 302.345741][ T9508] ? find_held_lock+0x2b/0x80 [ 302.345803][ T9508] __sys_sendmmsg+0x200/0x420 [ 302.345858][ T9508] ? __pfx___sys_sendmmsg+0x10/0x10 [ 302.345923][ T9508] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 302.346001][ T9508] ? fput+0x70/0xf0 [ 302.346033][ T9508] ? ksys_write+0x1ac/0x250 [ 302.346080][ T9508] ? __pfx_ksys_write+0x10/0x10 [ 302.346135][ T9508] __x64_sys_sendmmsg+0x9c/0x100 [ 302.346183][ T9508] ? lockdep_hardirqs_on+0x7c/0x110 [ 302.346231][ T9508] do_syscall_64+0xcd/0x490 [ 302.346288][ T9508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.346321][ T9508] RIP: 0033:0x7effd6f8e929 [ 302.346347][ T9508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.346379][ T9508] RSP: 002b:00007effd7d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 302.346408][ T9508] RAX: ffffffffffffffda RBX: 00007effd71b5fa0 RCX: 00007effd6f8e929 [ 302.346429][ T9508] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 302.346448][ T9508] RBP: 00007effd7d30090 R08: 0000000000000000 R09: 0000000000000000 [ 302.346468][ T9508] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 302.346487][ T9508] R13: 0000000000000000 R14: 00007effd71b5fa0 R15: 00007ffed01b9af8 [ 302.346529][ T9508] [ 302.841709][ T9511] FAULT_INJECTION: forcing a failure. [ 302.841709][ T9511] name failslab, interval 1, probability 0, space 0, times 0 [ 302.859772][ T9511] CPU: 0 UID: 0 PID: 9511 Comm: syz.2.663 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 302.859817][ T9511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.859835][ T9511] Call Trace: [ 302.859844][ T9511] [ 302.859855][ T9511] dump_stack_lvl+0x16c/0x1f0 [ 302.859908][ T9511] should_fail_ex+0x512/0x640 [ 302.859985][ T9511] should_failslab+0xc2/0x120 [ 302.860018][ T9511] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 302.860072][ T9511] ? __alloc_skb+0x2b2/0x380 [ 302.860124][ T9511] __alloc_skb+0x2b2/0x380 [ 302.860171][ T9511] ? __pfx___alloc_skb+0x10/0x10 [ 302.860233][ T9511] ? aoecmd_cfg+0x2f4/0x7d0 [ 302.860273][ T9511] new_skb+0x21/0x230 [ 302.860302][ T9511] aoecmd_cfg+0x21c/0x7d0 [ 302.860338][ T9511] ? __pfx_aoecmd_cfg+0x10/0x10 [ 302.860386][ T9511] ? apparmor_file_permission+0x251/0x400 [ 302.860432][ T9511] ? __pfx_aoechr_write+0x10/0x10 [ 302.860484][ T9511] ? aoechr_write+0x120/0x160 [ 302.860534][ T9511] aoechr_write+0x120/0x160 [ 302.860587][ T9511] vfs_writev+0x5df/0xde0 [ 302.860644][ T9511] ? __pfx_vfs_writev+0x10/0x10 [ 302.860691][ T9511] ? kmem_cache_free+0x2d1/0x4d0 [ 302.860762][ T9511] ? __fget_files+0x20e/0x3c0 [ 302.860820][ T9511] ? do_writev+0x132/0x340 [ 302.860862][ T9511] do_writev+0x132/0x340 [ 302.860906][ T9511] ? __pfx_do_writev+0x10/0x10 [ 302.860964][ T9511] do_syscall_64+0xcd/0x490 [ 302.861018][ T9511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.861051][ T9511] RIP: 0033:0x7f4397b8e929 [ 302.861078][ T9511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.861111][ T9511] RSP: 002b:00007f4398a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 302.861142][ T9511] RAX: ffffffffffffffda RBX: 00007f4397db5fa0 RCX: 00007f4397b8e929 [ 302.861164][ T9511] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 000000000000000c [ 302.861184][ T9511] RBP: 00007f4397c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 302.861211][ T9511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.861231][ T9511] R13: 0000000000000000 R14: 00007f4397db5fa0 R15: 00007ffd28675ab8 [ 302.861274][ T9511] [ 302.861296][ T9511] aoe: skb alloc failure [ 303.207012][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 303.216867][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 305.440602][ T9561] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 309.196046][ T9603] random: crng reseeded on system resumption [ 309.538945][ T9602] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 309.565660][ T9602] CIFS mount error: No usable UNC path provided in device string! [ 309.565660][ T9602] [ 309.576956][ T9602] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 310.035635][ T9614] netlink: 504 bytes leftover after parsing attributes in process `syz.0.681'. [ 310.057935][ T9614] netlink: 350 bytes leftover after parsing attributes in process `syz.0.681'. [ 310.326444][ T9621] random: crng reseeded on system resumption [ 311.821202][ T9643] random: crng reseeded on system resumption [ 313.817443][ T9662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.692'. [ 314.000274][ T9670] zram0: detected capacity change from 0 to 8 [ 314.076736][ T9672] random: crng reseeded on system resumption [ 314.126943][ T9675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.695'. [ 314.147468][ T9675] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.174738][ T9675] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.252686][ T9675] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.293031][ T9675] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.202386][ T9694] netlink: 504 bytes leftover after parsing attributes in process `syz.0.700'. [ 315.213569][ T9694] netlink: 350 bytes leftover after parsing attributes in process `syz.0.700'. [ 316.923545][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.706'. [ 317.531263][ T9736] FAULT_INJECTION: forcing a failure. [ 317.531263][ T9736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.586671][ T9736] CPU: 1 UID: 0 PID: 9736 Comm: syz.1.709 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 317.586717][ T9736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.586738][ T9736] Call Trace: [ 317.586747][ T9736] [ 317.586755][ T9736] dump_stack_lvl+0x16c/0x1f0 [ 317.586794][ T9736] should_fail_ex+0x512/0x640 [ 317.586832][ T9736] _copy_from_iter+0x463/0x16f0 [ 317.586872][ T9736] ? rcu_is_watching+0x12/0xc0 [ 317.586896][ T9736] ? __pfx__copy_from_iter+0x10/0x10 [ 317.586931][ T9736] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 317.586972][ T9736] ? __asan_memset+0x23/0x50 [ 317.587002][ T9736] ? __build_skb_around+0x278/0x3b0 [ 317.587032][ T9736] ? is_vmalloc_addr+0x86/0xa0 [ 317.587070][ T9736] netlink_sendmsg+0x829/0xdd0 [ 317.587100][ T9736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.587134][ T9736] ____sys_sendmsg+0xa98/0xc70 [ 317.587163][ T9736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.587199][ T9736] ? __pfx__kstrtoull+0x10/0x10 [ 317.587231][ T9736] ___sys_sendmsg+0x134/0x1d0 [ 317.587269][ T9736] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.587317][ T9736] ? find_held_lock+0x2b/0x80 [ 317.587358][ T9736] __sys_sendmmsg+0x200/0x420 [ 317.587397][ T9736] ? __pfx___sys_sendmmsg+0x10/0x10 [ 317.587440][ T9736] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 317.587491][ T9736] ? fput+0x70/0xf0 [ 317.587512][ T9736] ? ksys_write+0x1ac/0x250 [ 317.587545][ T9736] ? __pfx_ksys_write+0x10/0x10 [ 317.587583][ T9736] __x64_sys_sendmmsg+0x9c/0x100 [ 317.587617][ T9736] ? lockdep_hardirqs_on+0x7c/0x110 [ 317.587650][ T9736] do_syscall_64+0xcd/0x490 [ 317.587687][ T9736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.587710][ T9736] RIP: 0033:0x7f5c3c98e929 [ 317.587729][ T9736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.587752][ T9736] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 317.587774][ T9736] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 317.587789][ T9736] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 317.587803][ T9736] RBP: 00007f5c3d866090 R08: 0000000000000000 R09: 0000000000000000 [ 317.587817][ T9736] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 317.587832][ T9736] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 317.587860][ T9736] [ 317.828642][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.860378][ T9738] random: crng reseeded on system resumption [ 318.103351][ T9741] netlink: 504 bytes leftover after parsing attributes in process `syz.1.710'. [ 318.136674][ T9741] netlink: 350 bytes leftover after parsing attributes in process `syz.1.710'. [ 318.505595][ T9747] blktrace: Concurrent blktraces are not allowed on loop2 [ 319.066582][ T9756] netlink: 4 bytes leftover after parsing attributes in process `syz.0.715'. [ 319.744382][ T9776] netlink: 504 bytes leftover after parsing attributes in process `syz.1.719'. [ 319.777925][ T9776] netlink: 350 bytes leftover after parsing attributes in process `syz.1.719'. [ 320.253740][ T9780] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input19 [ 321.151405][ T9792] vivid-003: ================= START STATUS ================= [ 321.171998][ T9792] vivid-003: Radio HW Seek Mode: Bounded [ 321.177954][ T9792] vivid-003: Radio Programmable HW Seek: false [ 321.190722][ T9794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.725'. [ 321.199745][ T9792] vivid-003: RDS Rx I/O Mode: Block I/O [ 321.199798][ T9792] vivid-003: Generate RBDS Instead of RDS: false [ 321.199833][ T9792] vivid-003: RDS Reception: true [ 321.199887][ T9792] vivid-003: RDS Program Type: 0 inactive [ 321.199951][ T9792] vivid-003: RDS PS Name: [ 321.236205][ T9770] kexec: Could not allocate control_code_buffer [ 321.267543][ T9792] inactive [ 321.273539][ T9792] vivid-003: RDS Radio Text: inactive [ 321.306242][ T9792] vivid-003: RDS Traffic Announcement: false inactive [ 321.344406][ T9792] vivid-003: RDS Traffic Program: false inactive [ 321.374112][ T9792] vivid-003: RDS Music: false inactive [ 321.411540][ T9792] vivid-003: ================== END STATUS ================== [ 322.180129][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.187217][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.252027][ T9816] netlink: 334 bytes leftover after parsing attributes in process `syz.0.730'. [ 322.352080][ T9815] netlink: 334 bytes leftover after parsing attributes in process `syz.0.730'. [ 323.217051][ T5167] Bluetooth: hci0: unexpected event 0x1d length: 10 > 5 [ 323.861907][ T9843] netlink: 338 bytes leftover after parsing attributes in process `syz.2.736'. [ 323.881007][ T9843] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.889973][ T9843] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.407774][ T9843] netlink: 4 bytes leftover after parsing attributes in process `syz.2.736'. [ 324.884393][ T9853] vivid-003: ================= START STATUS ================= [ 324.892260][ T9853] vivid-003: Radio HW Seek Mode: Bounded [ 324.898146][ T9853] vivid-003: Radio Programmable HW Seek: false [ 324.907620][ T9853] vivid-003: RDS Rx I/O Mode: Block I/O [ 324.913821][ T9853] vivid-003: Generate RBDS Instead of RDS: false [ 324.922429][ T9853] vivid-003: RDS Reception: true [ 324.929989][ T9853] vivid-003: RDS Program Type: 0 inactive [ 324.978113][ T9853] vivid-003: RDS PS Name: inactive [ 324.983846][ T9853] vivid-003: RDS Radio Text: inactive [ 324.989803][ T9853] vivid-003: RDS Traffic Announcement: false inactive [ 324.996801][ T9853] vivid-003: RDS Traffic Program: false inactive [ 325.003416][ T9853] vivid-003: RDS Music: false inactive [ 325.009570][ T9853] vivid-003: ================== END STATUS ================== [ 327.133497][ T9892] random: crng reseeded on system resumption [ 328.139035][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.752'. [ 328.414084][ T9909] team0: Port device team_slave_0 removed [ 329.624816][ T9936] random: crng reseeded on system resumption [ 330.251237][ T9918] kexec: Could not allocate control_code_buffer [ 330.676467][ T9954] serio: Serial port pty238 [ 330.854634][ T9949] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 330.918660][ T9949] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 331.031111][ T9949] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 331.052216][ T9949] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 331.071410][ T9961] Process accounting resumed [ 331.482506][ T9949] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 331.602442][ T9949] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 331.763809][ T9949] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 331.811952][ T9977] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 331.834501][ T9949] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 331.964828][ T9949] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 332.732964][ T5167] Bluetooth: hci1: command 0x0406 tx timeout [ 333.049818][ T5167] Bluetooth: hci3: command 0x0406 tx timeout [ 333.125365][T10001] FAULT_INJECTION: forcing a failure. [ 333.125365][T10001] name failslab, interval 1, probability 0, space 0, times 0 [ 333.140043][T10001] CPU: 1 UID: 0 PID: 10001 Comm: syz.1.771 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 333.140097][T10001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 333.140134][T10001] Call Trace: [ 333.140144][T10001] [ 333.140157][T10001] dump_stack_lvl+0x16c/0x1f0 [ 333.140215][T10001] should_fail_ex+0x512/0x640 [ 333.140264][T10001] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 333.140319][T10001] should_failslab+0xc2/0x120 [ 333.140352][T10001] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 333.140404][T10001] ? getname_flags.part.0+0x4c/0x550 [ 333.140449][T10001] getname_flags.part.0+0x4c/0x550 [ 333.140494][T10001] getname_flags+0x93/0xf0 [ 333.140540][T10001] do_sys_openat2+0xb8/0x1d0 [ 333.140578][T10001] ? __pfx_do_sys_openat2+0x10/0x10 [ 333.140632][T10001] __x64_sys_openat+0x174/0x210 [ 333.140673][T10001] ? __pfx___x64_sys_openat+0x10/0x10 [ 333.140731][T10001] do_syscall_64+0xcd/0x490 [ 333.140786][T10001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.140821][T10001] RIP: 0033:0x7f5c3c98e929 [ 333.140848][T10001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.140883][T10001] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 333.140915][T10001] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 333.140937][T10001] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 333.140958][T10001] RBP: 00007f5c3ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 333.140978][T10001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.140998][T10001] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 333.141041][T10001] [ 333.530301][ T5167] Bluetooth: hci0: command 0x0406 tx timeout [ 333.561782][ T9995] kexec: Could not allocate control_code_buffer [ 333.782473][ T5167] Bluetooth: hci2: command 0x0406 tx timeout [ 333.853007][T10010] tipc: Started in network mode [ 333.919733][T10010] tipc: Node identity ee00, cluster identity 4711 [ 333.939751][T10010] tipc: Node number set to 60928 [ 334.476770][T10020] nbd: socks must be embedded in a SOCK_ITEM attr [ 334.507377][T10030] random: crng reseeded on system resumption [ 334.556911][T10020] block nbd0: shutting down sockets [ 334.811520][ T5167] Bluetooth: hci1: command 0x0406 tx timeout [ 335.100225][ T5167] Bluetooth: hci1: SCO packet too small [ 335.129930][ T5167] Bluetooth: hci3: command 0x0406 tx timeout [ 335.610308][ T5167] Bluetooth: hci0: command 0x0406 tx timeout [ 335.646045][T10044] FAULT_INJECTION: forcing a failure. [ 335.646045][T10044] name failslab, interval 1, probability 0, space 0, times 0 [ 335.659149][T10044] CPU: 1 UID: 0 PID: 10044 Comm: syz.3.780 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 335.659190][T10044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.659209][T10044] Call Trace: [ 335.659218][T10044] [ 335.659230][T10044] dump_stack_lvl+0x16c/0x1f0 [ 335.659282][T10044] should_fail_ex+0x512/0x640 [ 335.659334][T10044] should_failslab+0xc2/0x120 [ 335.659365][T10044] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 335.659414][T10044] ? skb_clone+0x190/0x3f0 [ 335.659478][T10044] skb_clone+0x190/0x3f0 [ 335.659543][T10044] netlink_deliver_tap+0xabd/0xd30 [ 335.659605][T10044] netlink_unicast+0x5df/0x7f0 [ 335.659687][T10044] ? __pfx_netlink_unicast+0x10/0x10 [ 335.659731][T10044] netlink_sendmsg+0x8d1/0xdd0 [ 335.659771][T10044] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.659821][T10044] ____sys_sendmsg+0xa98/0xc70 [ 335.659858][T10044] ? copy_msghdr_from_user+0x10a/0x160 [ 335.659908][T10044] ? __pfx_____sys_sendmsg+0x10/0x10 [ 335.659950][T10044] ? kfree+0x24f/0x4d0 [ 335.659988][T10044] ? __pfx__kstrtoull+0x10/0x10 [ 335.660036][T10044] ___sys_sendmsg+0x134/0x1d0 [ 335.660088][T10044] ? __pfx____sys_sendmsg+0x10/0x10 [ 335.660178][T10044] ? __pfx___might_resched+0x10/0x10 [ 335.660225][T10044] __sys_sendmmsg+0x200/0x420 [ 335.660281][T10044] ? __pfx___sys_sendmmsg+0x10/0x10 [ 335.660346][T10044] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 335.660416][T10044] ? fput+0x70/0xf0 [ 335.660448][T10044] ? ksys_write+0x1ac/0x250 [ 335.660494][T10044] ? __pfx_ksys_write+0x10/0x10 [ 335.660550][T10044] __x64_sys_sendmmsg+0x9c/0x100 [ 335.660599][T10044] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.660650][T10044] do_syscall_64+0xcd/0x490 [ 335.660703][T10044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.660737][T10044] RIP: 0033:0x7f7cb898e929 [ 335.660762][T10044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.660794][T10044] RSP: 002b:00007f7cb9803038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 335.660825][T10044] RAX: ffffffffffffffda RBX: 00007f7cb8bb5fa0 RCX: 00007f7cb898e929 [ 335.660846][T10044] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 335.660865][T10044] RBP: 00007f7cb9803090 R08: 0000000000000000 R09: 0000000000000000 [ 335.660886][T10044] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 335.660904][T10044] R13: 0000000000000000 R14: 00007f7cb8bb5fa0 R15: 00007fffc3df9838 [ 335.660946][T10044] [ 335.918883][ T5167] Bluetooth: hci2: command 0x0406 tx timeout [ 336.300641][ T9923] Process accounting resumed [ 336.953220][T10057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.784'. [ 337.469910][T10068] random: crng reseeded on system resumption [ 337.644256][T10066] Invalid ELF header magic: != ELF [ 337.942826][ T5167] Bluetooth: hci2: command 0x0406 tx timeout [ 337.989786][T10051] kexec: Could not allocate control_code_buffer [ 338.122211][T10076] netlink: 16 bytes leftover after parsing attributes in process `syz.0.788'. [ 339.119815][T10084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.790'. [ 339.668577][T10084] HfR: entered promiscuous mode [ 341.009452][T10137] random: crng reseeded on system resumption [ 342.309341][T10144] Invalid ELF header magic: != ELF [ 342.931747][T10139] kexec: Could not allocate control_code_buffer [ 343.359861][T10178] vivid-003: ================= START STATUS ================= [ 343.388804][T10178] vivid-003: Radio HW Seek Mode: Bounded [ 343.402412][T10178] vivid-003: Radio Programmable HW Seek: false [ 343.429587][T10178] vivid-003: RDS Rx I/O Mode: Block I/O [ 343.435336][T10178] vivid-003: Generate RBDS Instead of RDS: false [ 343.468607][T10178] vivid-003: RDS Reception: true [ 343.499747][T10178] vivid-003: RDS Program Type: 0 inactive [ 343.505610][T10178] vivid-003: RDS PS Name: inactive [ 343.562172][T10178] vivid-003: RDS Radio Text: inactive [ 343.579817][T10178] vivid-003: RDS Traffic Announcement: false inactive [ 343.603106][T10187] random: crng reseeded on system resumption [ 343.633831][T10178] vivid-003: RDS Traffic Program: false inactive [ 343.790784][T10178] vivid-003: RDS Music: false inactive [ 343.796834][T10178] vivid-003: ================== END STATUS ================== [ 347.327613][T10249] random: crng reseeded on system resumption [ 347.459147][T10252] FAULT_INJECTION: forcing a failure. [ 347.459147][T10252] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 347.574620][T10252] CPU: 1 UID: 0 PID: 10252 Comm: syz.0.818 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 347.574662][T10252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 347.574676][T10252] Call Trace: [ 347.574683][T10252] [ 347.574692][T10252] dump_stack_lvl+0x16c/0x1f0 [ 347.574731][T10252] should_fail_ex+0x512/0x640 [ 347.574769][T10252] _copy_from_user+0x2e/0xd0 [ 347.574805][T10252] get_timespec64+0x8b/0x1b0 [ 347.574834][T10252] ? __pfx_get_timespec64+0x10/0x10 [ 347.574867][T10252] ? __fget_files+0x20e/0x3c0 [ 347.574903][T10252] __x64_sys_utimensat+0x17a/0x290 [ 347.574941][T10252] ? __pfx___x64_sys_utimensat+0x10/0x10 [ 347.574976][T10252] ? ksys_write+0x1ac/0x250 [ 347.575018][T10252] do_syscall_64+0xcd/0x490 [ 347.575054][T10252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.575078][T10252] RIP: 0033:0x7effd6f8e929 [ 347.575108][T10252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.575131][T10252] RSP: 002b:00007effd7d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000118 [ 347.575152][T10252] RAX: ffffffffffffffda RBX: 00007effd71b5fa0 RCX: 00007effd6f8e929 [ 347.575168][T10252] RDX: 0000200000001cc0 RSI: 0000200000001c80 RDI: 0000000000000003 [ 347.575182][T10252] RBP: 00007effd7d30090 R08: 0000000000000000 R09: 0000000000000000 [ 347.575196][T10252] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 347.575211][T10252] R13: 0000000000000000 R14: 00007effd71b5fa0 R15: 00007ffed01b9af8 [ 347.575239][T10252] [ 349.709313][T10289] random: crng reseeded on system resumption [ 350.499110][T10298] vivid-003: ================= START STATUS ================= [ 350.529848][T10298] vivid-003: Radio HW Seek Mode: Bounded [ 350.548256][T10298] vivid-003: Radio Programmable HW Seek: false [ 350.571025][T10298] vivid-003: RDS Rx I/O Mode: Block I/O [ 350.576712][T10298] vivid-003: Generate RBDS Instead of RDS: false [ 350.621536][T10298] vivid-003: RDS Reception: true [ 350.626984][T10298] vivid-003: RDS Program Type: 0 inactive [ 350.726498][T10298] vivid-003: RDS PS Name: inactive [ 350.731936][T10298] vivid-003: RDS Radio Text: inactive [ 350.737686][T10298] vivid-003: RDS Traffic Announcement: false inactive [ 350.747950][T10298] vivid-003: RDS Traffic Program: false inactive [ 350.756062][T10298] vivid-003: RDS Music: false inactive [ 350.761943][T10298] vivid-003: ================== END STATUS ================== [ 351.681199][T10310] input: f as /devices/virtual/input/input20 [ 352.321399][T10324] random: crng reseeded on system resumption [ 352.574971][T10319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.834'. [ 354.898671][T10358] input: f as /devices/virtual/input/input21 [ 355.213543][T10366] netlink: 504 bytes leftover after parsing attributes in process `syz.1.844'. [ 355.224846][T10366] netlink: 350 bytes leftover after parsing attributes in process `syz.1.844'. [ 356.637932][T10381] netlink: 342 bytes leftover after parsing attributes in process `syz.3.847'. [ 356.878074][T10378] random: crng reseeded on system resumption [ 357.290187][ T30] audit: type=1800 audit(4294993959.109:7): pid=10387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.848" name="dbroot" dev="configfs" ino=23003 res=0 errno=0 [ 357.595624][T10397] sysfs_service_op_show: Client not running :-5: [ 358.271687][T10411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.853'. [ 358.645225][T10424] FAULT_INJECTION: forcing a failure. [ 358.645225][T10424] name failslab, interval 1, probability 0, space 0, times 0 [ 358.658418][T10424] CPU: 0 UID: 0 PID: 10424 Comm: syz.1.855 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 358.658463][T10424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 358.658481][T10424] Call Trace: [ 358.658492][T10424] [ 358.658504][T10424] dump_stack_lvl+0x116/0x1f0 [ 358.658557][T10424] should_fail_ex+0x512/0x640 [ 358.658607][T10424] should_failslab+0xc2/0x120 [ 358.658637][T10424] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 358.658684][T10424] ? __send_signal_locked+0x159/0x12c0 [ 358.658741][T10424] __send_signal_locked+0x159/0x12c0 [ 358.658799][T10424] do_send_specific+0x1e8/0x370 [ 358.658838][T10424] ? __pfx_do_send_specific+0x10/0x10 [ 358.658879][T10424] ? __task_pid_nr_ns+0x186/0x500 [ 358.658926][T10424] __x64_sys_tkill+0xf2/0x160 [ 358.658978][T10424] ? __pfx___x64_sys_tkill+0x10/0x10 [ 358.659039][T10424] ? rcu_is_watching+0x12/0xc0 [ 358.659075][T10424] do_syscall_64+0xcd/0x490 [ 358.659123][T10424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.659154][T10424] RIP: 0033:0x7f5c3c98e929 [ 358.659180][T10424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.659215][T10424] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8 [ 358.659245][T10424] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 358.659267][T10424] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000264 [ 358.659287][T10424] RBP: 00007f5c3ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 358.659307][T10424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.659327][T10424] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 358.659371][T10424] [ 359.563526][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.856'. [ 359.603125][T10426] openvswitch: HfR: Dropping previously announced user features [ 359.671919][T10431] FAULT_INJECTION: forcing a failure. [ 359.671919][T10431] name fail_futex, interval 1, probability 0, space 0, times 0 [ 359.711406][T10431] CPU: 0 UID: 0 PID: 10431 Comm: syz.3.857 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 359.711441][T10431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 359.711455][T10431] Call Trace: [ 359.711463][T10431] [ 359.711472][T10431] dump_stack_lvl+0x16c/0x1f0 [ 359.711510][T10431] should_fail_ex+0x512/0x640 [ 359.711549][T10431] get_futex_key+0x1d0/0x1540 [ 359.711580][T10431] ? __pfx_get_futex_key+0x10/0x10 [ 359.711617][T10431] futex_wake+0xe7/0x4e0 [ 359.711652][T10431] ? __pfx_futex_wake+0x10/0x10 [ 359.711689][T10431] ? errseq_sample+0x53/0x70 [ 359.711725][T10431] ? file_init_path+0x4fe/0x760 [ 359.711753][T10431] do_futex+0x1e3/0x350 [ 359.711781][T10431] ? __pfx_do_futex+0x10/0x10 [ 359.711829][T10431] ? fd_install+0x225/0x750 [ 359.711866][T10431] __x64_sys_futex+0x1e0/0x4c0 [ 359.711897][T10431] ? __sys_socket+0xac/0x260 [ 359.711925][T10431] ? __pfx___x64_sys_futex+0x10/0x10 [ 359.711958][T10431] ? xfd_validate_state+0x61/0x180 [ 359.711989][T10431] ? __pfx_do_writev+0x10/0x10 [ 359.712029][T10431] do_syscall_64+0xcd/0x490 [ 359.712067][T10431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.712092][T10431] RIP: 0033:0x7f7cb898e929 [ 359.712111][T10431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.712134][T10431] RSP: 002b:00007f7cb98030e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 359.712156][T10431] RAX: ffffffffffffffda RBX: 00007f7cb8bb5fa8 RCX: 00007f7cb898e929 [ 359.712172][T10431] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7cb8bb5fac [ 359.712197][T10431] RBP: 00007f7cb8bb5fa0 R08: 00007f7cb9804000 R09: 0000000000000000 [ 359.712212][T10431] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f7cb8bb5fac [ 359.712227][T10431] R13: 0000000000000000 R14: 00007fffc3df9750 R15: 00007fffc3df9838 [ 359.712259][T10431] [ 360.138422][T10436] random: crng reseeded on system resumption [ 360.153919][ T30] audit: type=1326 audit(4294993961.949:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10430 comm="syz.3.857" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7cb898e929 code=0x0 [ 363.514980][T10475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'. [ 363.991584][T10475] HfR: entered promiscuous mode [ 364.019487][T10492] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 364.337528][ T30] audit: type=1400 audit(4294993966.159:9): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=10495 comm="syz.3.871" [ 364.711320][T10496] netlink: 28 bytes leftover after parsing attributes in process `syz.3.871'. [ 365.443591][T10526] FAULT_INJECTION: forcing a failure. [ 365.443591][T10526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.457180][T10526] CPU: 0 UID: 0 PID: 10526 Comm: syz.0.877 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 365.457219][T10526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 365.457237][T10526] Call Trace: [ 365.457246][T10526] [ 365.457257][T10526] dump_stack_lvl+0x16c/0x1f0 [ 365.457305][T10526] should_fail_ex+0x512/0x640 [ 365.457353][T10526] _copy_to_user+0x32/0xd0 [ 365.457402][T10526] simple_read_from_buffer+0xcb/0x170 [ 365.457460][T10526] proc_fail_nth_read+0x197/0x270 [ 365.457501][T10526] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.457567][T10526] ? rw_verify_area+0xcf/0x680 [ 365.457616][T10526] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 365.457655][T10526] vfs_read+0x1e1/0xc60 [ 365.457704][T10526] ? __pfx_io_uring_sync_msg_ring+0x10/0x10 [ 365.457741][T10526] ? __might_fault+0xe3/0x190 [ 365.457790][T10526] ? __pfx_vfs_read+0x10/0x10 [ 365.457849][T10526] ? io_uring_register_blind+0xbf/0x1a0 [ 365.457896][T10526] ? __pfx_io_uring_register_blind+0x10/0x10 [ 365.457952][T10526] ksys_read+0x12a/0x250 [ 365.457996][T10526] ? __pfx_ksys_read+0x10/0x10 [ 365.458055][T10526] do_syscall_64+0xcd/0x490 [ 365.458108][T10526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.458140][T10526] RIP: 0033:0x7effd6f8d33c [ 365.458165][T10526] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 365.458197][T10526] RSP: 002b:00007effd7d30030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 365.458227][T10526] RAX: ffffffffffffffda RBX: 00007effd71b5fa0 RCX: 00007effd6f8d33c [ 365.458249][T10526] RDX: 000000000000000f RSI: 00007effd7d300a0 RDI: 0000000000000001 [ 365.458268][T10526] RBP: 00007effd7d30090 R08: 0000000000000000 R09: 0000000000000000 [ 365.458287][T10526] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 365.458306][T10526] R13: 0000000000000000 R14: 00007effd71b5fa0 R15: 00007ffed01b9af8 [ 365.458347][T10526] [ 366.343499][T10537] vivid-003: ================= START STATUS ================= [ 366.431826][T10537] vivid-003: Radio HW Seek Mode: Bounded [ 366.463235][T10539] netlink: 12 bytes leftover after parsing attributes in process `syz.2.881'. [ 366.479539][T10537] vivid-003: Radio Programmable HW Seek: false [ 366.538275][T10537] vivid-003: RDS Rx I/O Mode: Block I/O [ 366.539839][T10539] netlink: 28 bytes leftover after parsing attributes in process `syz.2.881'. [ 366.571758][T10537] vivid-003: Generate RBDS Instead of RDS: false [ 366.578216][T10537] vivid-003: RDS Reception: true [ 366.611249][T10539] geneve1: entered promiscuous mode [ 366.612478][T10537] vivid-003: RDS Program Type: 0 inactive [ 366.617485][T10539] geneve1: entered allmulticast mode [ 366.656457][T10537] vivid-003: RDS PS Name: inactive [ 366.672037][T10537] vivid-003: RDS Radio Text: inactive [ 366.677623][T10537] vivid-003: RDS Traffic Announcement: false inactive [ 366.685310][T10537] vivid-003: RDS Traffic Program: false inactive [ 366.694050][T10547] netlink: 28 bytes leftover after parsing attributes in process `syz.2.881'. [ 366.710350][T10543] Process accounting paused [ 366.719237][T10537] vivid-003: RDS Music: false inactive [ 366.725370][T10537] vivid-003: ================== END STATUS ================== [ 367.702064][T10551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.882'. [ 367.730585][T10551] openvswitch: HfR: Dropping previously announced user features syzkaller syzkaller login: [ 368.319793][T10556] FAULT_INJECTION: forcing a failure. [ 368.319793][T10556] name failslab, interval 1, probability 0, space 0, times 0 [ 368.353227][T10556] CPU: 1 UID: 0 PID: 10556 Comm: syz.3.883 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 368.353276][T10556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 368.353296][T10556] Call Trace: [ 368.353306][T10556] [ 368.353318][T10556] dump_stack_lvl+0x16c/0x1f0 [ 368.353374][T10556] should_fail_ex+0x512/0x640 [ 368.353421][T10556] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 368.353478][T10556] should_failslab+0xc2/0x120 [ 368.353510][T10556] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 368.353560][T10556] ? __pfx___might_resched+0x10/0x10 [ 368.353605][T10556] ? __anon_vma_prepare+0xae/0x5e0 [ 368.353659][T10556] __anon_vma_prepare+0xae/0x5e0 [ 368.353704][T10556] ? __pfx___pte_alloc+0x10/0x10 [ 368.353743][T10556] __vmf_anon_prepare+0x11c/0x240 [ 368.353783][T10556] __handle_mm_fault+0x27f6/0x5490 [ 368.353840][T10556] ? __pfx___handle_mm_fault+0x10/0x10 [ 368.353920][T10556] handle_mm_fault+0x589/0xd10 [ 368.353974][T10556] __get_user_pages+0x589/0x3b80 [ 368.354023][T10556] ? __pfx_mt_find+0x10/0x10 [ 368.354054][T10556] ? __pfx___get_user_pages+0x10/0x10 [ 368.354107][T10556] populate_vma_page_range+0x278/0x3a0 [ 368.354152][T10556] ? __pfx_populate_vma_page_range+0x10/0x10 [ 368.354192][T10556] ? __pfx_find_vma_intersection+0x10/0x10 [ 368.354242][T10556] __mm_populate+0x1d8/0x380 [ 368.354288][T10556] ? __pfx___mm_populate+0x10/0x10 [ 368.354333][T10556] ? up_write+0x209/0x520 [ 368.354388][T10556] vm_mmap_pgoff+0x362/0x450 [ 368.354427][T10556] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 368.354470][T10556] ? __x64_sys_futex+0x1e0/0x4c0 [ 368.354510][T10556] ? __x64_sys_futex+0x1e9/0x4c0 [ 368.354557][T10556] ksys_mmap_pgoff+0x7d/0x5c0 [ 368.354598][T10556] ? xfd_validate_state+0x61/0x180 [ 368.354642][T10556] ? __pfx___do_sys_close_range+0x10/0x10 [ 368.354696][T10556] __x64_sys_mmap+0x125/0x190 [ 368.354749][T10556] do_syscall_64+0xcd/0x490 [ 368.354804][T10556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.354836][T10556] RIP: 0033:0x7f7cb898e929 [ 368.354863][T10556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.354895][T10556] RSP: 002b:00007f7cb97e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 368.354926][T10556] RAX: ffffffffffffffda RBX: 00007f7cb8bb6080 RCX: 00007f7cb898e929 [ 368.354948][T10556] RDX: ffffffffffeffffe RSI: 0000000000400005 RDI: 0000000000000000 [ 368.354969][T10556] RBP: 00007f7cb8a10b39 R08: 0000000000000c76 R09: 0000000000008000 [ 368.354990][T10556] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 368.355009][T10556] R13: 0000000000000000 R14: 00007f7cb8bb6080 R15: 00007fffc3df9838 [ 368.355052][T10556] [ 369.908429][T10584] FAULT_INJECTION: forcing a failure. [ 369.908429][T10584] name failslab, interval 1, probability 0, space 0, times 0 [ 369.922007][T10584] CPU: 0 UID: 0 PID: 10584 Comm: syz.2.891 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 369.922056][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 369.922077][T10584] Call Trace: [ 369.922087][T10584] [ 369.922100][T10584] dump_stack_lvl+0x16c/0x1f0 [ 369.922157][T10584] should_fail_ex+0x512/0x640 [ 369.922214][T10584] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 369.922266][T10584] ? __pfx_debugfs_atomic_t_get+0x10/0x10 [ 369.922315][T10584] should_failslab+0xc2/0x120 [ 369.922348][T10584] __kmalloc_cache_noprof+0x6a/0x3e0 [ 369.922391][T10584] ? __debugfs_file_get+0x1fe/0x840 [ 369.922423][T10584] ? simple_attr_open+0x57/0x1c0 [ 369.922471][T10584] ? __pfx_debugfs_atomic_t_set+0x10/0x10 [ 369.922517][T10584] ? __pfx_debugfs_atomic_t_get+0x10/0x10 [ 369.922565][T10584] simple_attr_open+0x57/0x1c0 [ 369.922608][T10584] ? __pfx_fops_atomic_t_open+0x10/0x10 [ 369.922665][T10584] open_proxy_open+0x272/0x3e0 [ 369.922707][T10584] do_dentry_open+0x741/0x1c10 [ 369.922758][T10584] ? __pfx_open_proxy_open+0x10/0x10 [ 369.922804][T10584] vfs_open+0x82/0x3f0 [ 369.922846][T10584] path_openat+0x1de4/0x2cb0 [ 369.922910][T10584] ? __pfx_path_openat+0x10/0x10 [ 369.922964][T10584] ? __lock_acquire+0xb8a/0x1c90 [ 369.923017][T10584] do_filp_open+0x20b/0x470 [ 369.923067][T10584] ? __pfx_do_filp_open+0x10/0x10 [ 369.923148][T10584] ? alloc_fd+0x471/0x7d0 [ 369.923213][T10584] do_sys_openat2+0x11b/0x1d0 [ 369.923252][T10584] ? __pfx_do_sys_openat2+0x10/0x10 [ 369.923308][T10584] __x64_sys_openat+0x174/0x210 [ 369.923348][T10584] ? __pfx___x64_sys_openat+0x10/0x10 [ 369.923407][T10584] do_syscall_64+0xcd/0x490 [ 369.923463][T10584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.923496][T10584] RIP: 0033:0x7f4397b8e929 [ 369.923523][T10584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.923556][T10584] RSP: 002b:00007f4398a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 369.923589][T10584] RAX: ffffffffffffffda RBX: 00007f4397db5fa0 RCX: 00007f4397b8e929 [ 369.923611][T10584] RDX: 0000000000000002 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 369.923632][T10584] RBP: 00007f4397c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 369.923651][T10584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 369.923671][T10584] R13: 0000000000000000 R14: 00007f4397db5fa0 R15: 00007ffd28675ab8 [ 369.923714][T10584] [ 370.341404][ T5167] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11 [ 370.690001][T10595] snd_aloop snd_aloop.0: control 1:6:-2147483647:_heR:6 is already present [ 372.046454][T10614] FAULT_INJECTION: forcing a failure. [ 372.046454][T10614] name failslab, interval 1, probability 0, space 0, times 0 [ 372.060401][T10614] CPU: 0 UID: 0 PID: 10614 Comm: syz.3.899 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 372.060446][T10614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 372.060467][T10614] Call Trace: [ 372.060478][T10614] [ 372.060491][T10614] dump_stack_lvl+0x16c/0x1f0 [ 372.060546][T10614] should_fail_ex+0x512/0x640 [ 372.060595][T10614] ? fs_reclaim_acquire+0xae/0x150 [ 372.060638][T10614] should_failslab+0xc2/0x120 [ 372.060670][T10614] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 372.060721][T10614] ? security_inode_alloc+0x3b/0x2b0 [ 372.060765][T10614] security_inode_alloc+0x3b/0x2b0 [ 372.060802][T10614] inode_init_always_gfp+0xce4/0x1030 [ 372.060857][T10614] alloc_inode+0x86/0x240 [ 372.060891][T10614] new_inode+0x22/0x1c0 [ 372.060929][T10614] shmem_get_inode+0x19a/0xfb0 [ 372.060977][T10614] shmem_symlink+0xf8/0x9f0 [ 372.061031][T10614] ? __pfx_shmem_symlink+0x10/0x10 [ 372.061088][T10614] ? bpf_lsm_inode_permission+0x9/0x10 [ 372.061120][T10614] ? security_inode_permission+0xbf/0x260 [ 372.061161][T10614] ? inode_permission+0x156/0x630 [ 372.061203][T10614] vfs_symlink+0x403/0x680 [ 372.061249][T10614] do_symlinkat+0x261/0x310 [ 372.061304][T10614] ? __pfx_do_symlinkat+0x10/0x10 [ 372.061355][T10614] ? getname_flags.part.0+0x1c5/0x550 [ 372.061403][T10614] __x64_sys_symlink+0x75/0x90 [ 372.061456][T10614] do_syscall_64+0xcd/0x490 [ 372.061518][T10614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.061551][T10614] RIP: 0033:0x7f7cb898e929 [ 372.061577][T10614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.061609][T10614] RSP: 002b:00007f7cb9803038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 372.061638][T10614] RAX: ffffffffffffffda RBX: 00007f7cb8bb5fa0 RCX: 00007f7cb898e929 [ 372.061660][T10614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 372.061680][T10614] RBP: 00007f7cb8a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 372.061699][T10614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.061718][T10614] R13: 0000000000000000 R14: 00007f7cb8bb5fa0 R15: 00007fffc3df9838 [ 372.061761][T10614] [ 372.528096][T10622] netlink: 350 bytes leftover after parsing attributes in process `syz.2.901'. [ 373.046150][T10633] XFS: Clearing xfsstats [ 374.121228][T10650] Invalid ELF header magic: != ELF [ 374.415249][T10635] FAULT_INJECTION: forcing a failure. [ 374.415249][T10635] name failslab, interval 1, probability 0, space 0, times 0 [ 374.428325][T10635] CPU: 0 UID: 0 PID: 10635 Comm: syz.2.904 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 374.428369][T10635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 374.428388][T10635] Call Trace: [ 374.428400][T10635] [ 374.428412][T10635] dump_stack_lvl+0x16c/0x1f0 [ 374.428466][T10635] should_fail_ex+0x512/0x640 [ 374.428514][T10635] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 374.428568][T10635] should_failslab+0xc2/0x120 [ 374.428600][T10635] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 374.428648][T10635] ? __pfx_acct_collect+0x10/0x10 [ 374.428695][T10635] ? taskstats_exit+0x654/0xbe0 [ 374.428759][T10635] taskstats_exit+0x654/0xbe0 [ 374.428808][T10635] ? __pfx_taskstats_exit+0x10/0x10 [ 374.428867][T10635] do_exit+0x5d9/0x2bd0 [ 374.428928][T10635] ? __pfx_do_exit+0x10/0x10 [ 374.428972][T10635] ? do_raw_spin_lock+0x12c/0x2b0 [ 374.429021][T10635] ? find_held_lock+0x2b/0x80 [ 374.429060][T10635] do_group_exit+0xd3/0x2a0 [ 374.429108][T10635] get_signal+0x2673/0x26d0 [ 374.429158][T10635] ? __pfx_get_signal+0x10/0x10 [ 374.429196][T10635] ? do_futex+0x122/0x350 [ 374.429235][T10635] ? __pfx_do_futex+0x10/0x10 [ 374.429278][T10635] arch_do_signal_or_restart+0x8f/0x790 [ 374.429319][T10635] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 374.429367][T10635] ? __do_sys_rt_sigreturn+0x16b/0x230 [ 374.429405][T10635] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 374.429453][T10635] exit_to_user_mode_loop+0x84/0x110 [ 374.429508][T10635] do_syscall_64+0x3f6/0x490 [ 374.429560][T10635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.429598][T10635] RIP: 0033:0x7f4397b8e929 [ 374.429622][T10635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.429653][T10635] RSP: 002b:00007f4398a3f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 374.429683][T10635] RAX: fffffffffffffe00 RBX: 00007f4397db6168 RCX: 00007f4397b8e929 [ 374.429703][T10635] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4397db6168 [ 374.429722][T10635] RBP: 00007f4397db6160 R08: 0000000000000000 R09: 0000000000000000 [ 374.429740][T10635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4397db616c [ 374.429760][T10635] R13: 0000000000000000 R14: 00007ffd286759d0 R15: 00007ffd28675ab8 [ 374.429799][T10635] [ 375.783786][T10666] Unable to find swap-space signature [ 379.851017][T10719] vivid-003: ================= START STATUS ================= [ 379.879736][T10719] vivid-003: Radio HW Seek Mode: Bounded [ 379.885476][T10719] vivid-003: Radio Programmable HW Seek: false [ 379.911388][T10719] vivid-003: RDS Rx I/O Mode: Block I/O [ 379.954924][T10719] vivid-003: Generate RBDS Instead of RDS: false [ 379.982185][T10719] vivid-003: RDS Reception: true [ 379.987213][T10719] vivid-003: RDS Program Type: 0 inactive [ 380.004728][ T30] audit: type=1800 audit(4294993981.829:10): pid=10713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.921" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 380.076428][T10719] vivid-003: RDS PS Name: inactive [ 380.106841][T10719] vivid-003: RDS Radio Text: inactive [ 380.144718][T10719] vivid-003: RDS Traffic Announcement: false inactive [ 380.199758][T10719] vivid-003: RDS Traffic Program: false inactive [ 380.206429][T10719] vivid-003: RDS Music: false inactive [ 380.229908][T10719] vivid-003: ================== END STATUS ================== [ 380.734101][T10734] random: crng reseeded on system resumption [ 380.841097][T10729] Invalid ELF header magic: != ELF [ 383.620895][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.628649][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.642923][T10803] vivid-003: ================= START STATUS ================= [ 384.672159][T10803] vivid-003: Radio HW Seek Mode: Bounded [ 384.677929][T10803] vivid-003: Radio Programmable HW Seek: false [ 384.709887][T10803] vivid-003: RDS Rx I/O Mode: Block I/O [ 384.715552][T10803] vivid-003: Generate RBDS Instead of RDS: false [ 384.751282][T10803] vivid-003: RDS Reception: true [ 384.770073][T10803] vivid-003: RDS Program Type: 0 inactive [ 384.788254][T10792] kexec: Could not allocate control_code_buffer [ 384.795280][T10803] vivid-003: RDS PS Name: inactive [ 384.833319][T10803] vivid-003: RDS Radio Text: inactive [ 384.838921][T10803] vivid-003: RDS Traffic Announcement: false inactive [ 384.876520][T10803] vivid-003: RDS Traffic Program: false inactive [ 384.904885][T10803] vivid-003: RDS Music: false inactive [ 384.970087][T10803] vivid-003: ================== END STATUS ================== [ 385.528378][T10808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.935'. [ 385.539053][T10808] openvswitch: HfR: Dropping previously announced user features [ 388.706993][T10863] serio: Serial port ttyS0 [ 388.741426][T10858] FAULT_INJECTION: forcing a failure. [ 388.741426][T10858] name failslab, interval 1, probability 0, space 0, times 0 [ 388.813256][T10858] CPU: 0 UID: 0 PID: 10858 Comm: syz.1.945 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 388.813302][T10858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 388.813320][T10858] Call Trace: [ 388.813330][T10858] [ 388.813343][T10858] dump_stack_lvl+0x16c/0x1f0 [ 388.813396][T10858] should_fail_ex+0x512/0x640 [ 388.813442][T10858] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 388.813496][T10858] should_failslab+0xc2/0x120 [ 388.813526][T10858] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 388.813577][T10858] ? vm_area_dup+0x27/0x8d0 [ 388.813628][T10858] vm_area_dup+0x27/0x8d0 [ 388.813676][T10858] copy_vma+0x4fa/0xaa0 [ 388.813732][T10858] ? __pfx_copy_vma+0x10/0x10 [ 388.813792][T10858] ? register_lock_class+0x41/0x4c0 [ 388.813869][T10858] copy_vma_and_data+0x1cf/0x750 [ 388.813933][T10858] ? __pfx_copy_vma_and_data+0x10/0x10 [ 388.813990][T10858] ? __vma_enter_locked+0x163/0x3f0 [ 388.814038][T10858] ? find_held_lock+0x2b/0x80 [ 388.814070][T10858] ? move_vma+0x536/0x1740 [ 388.814112][T10858] ? __vm_enough_memory+0x184/0x3f0 [ 388.814155][T10858] move_vma+0x548/0x1740 [ 388.814209][T10858] ? __pfx_move_vma+0x10/0x10 [ 388.814263][T10858] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 388.814298][T10858] ? cap_mmap_addr+0x4b/0x120 [ 388.814324][T10858] ? bpf_lsm_mmap_addr+0x9/0x10 [ 388.814354][T10858] ? security_mmap_addr+0x6c/0x1e0 [ 388.814391][T10858] ? __get_unmapped_area+0x267/0x440 [ 388.814427][T10858] ? vrm_set_new_addr+0x208/0x290 [ 388.814472][T10858] __do_sys_mremap+0xe07/0x1590 [ 388.814519][T10858] ? __pfx___do_sys_mremap+0x10/0x10 [ 388.814564][T10858] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 388.814612][T10858] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 388.814673][T10858] ? __fget_files+0x20e/0x3c0 [ 388.814735][T10858] do_syscall_64+0xcd/0x490 [ 388.814779][T10858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.814810][T10858] RIP: 0033:0x7f5c3c98e929 [ 388.814834][T10858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.814864][T10858] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 388.814889][T10858] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 388.814914][T10858] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 00000000fffff000 [ 388.814929][T10858] RBP: 00007f5c3d866090 R08: 00000001001ff000 R09: 0000000000000000 [ 388.814945][T10858] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 388.814961][T10858] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 388.814995][T10858] [ 390.038449][T10861] kexec: Could not allocate control_code_buffer [ 390.816524][T10891] netlink: 8 bytes leftover after parsing attributes in process `syz.0.950'. [ 391.502459][T10889] Invalid ELF header magic: != ELF [ 392.475889][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 392.482367][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 392.508875][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 392.515641][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 392.533792][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 392.541517][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 392.552531][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 392.558882][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 394.188322][T10943] kexec: Could not allocate control_code_buffer [ 394.323498][T10965] can: request_module (can-proto-0) failed. [ 396.685223][T11002] binder: 10999:11002 ioctl 541b 38 returned -22 [ 396.764366][T11005] FAULT_INJECTION: forcing a failure. [ 396.764366][T11005] name failslab, interval 1, probability 0, space 0, times 0 [ 396.789817][T11005] CPU: 1 UID: 0 PID: 11005 Comm: syz.1.969 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 396.789860][T11005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 396.789878][T11005] Call Trace: [ 396.789888][T11005] [ 396.789900][T11005] dump_stack_lvl+0x16c/0x1f0 [ 396.789952][T11005] should_fail_ex+0x512/0x640 [ 396.789997][T11005] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 396.790050][T11005] should_failslab+0xc2/0x120 [ 396.790080][T11005] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 396.790126][T11005] ? mas_alloc_nodes+0x18b/0x8b0 [ 396.790174][T11005] mas_alloc_nodes+0x18b/0x8b0 [ 396.790224][T11005] mas_node_count_gfp+0x105/0x130 [ 396.790269][T11005] mas_preallocate+0x7e0/0xde0 [ 396.790308][T11005] ? __pfx_mas_preallocate+0x10/0x10 [ 396.790355][T11005] ? __pfx___might_resched+0x10/0x10 [ 396.790396][T11005] vma_link+0x135/0x6a0 [ 396.790449][T11005] ? anon_vma_clone+0x3fe/0x5c0 [ 396.790497][T11005] ? __pfx_vma_link+0x10/0x10 [ 396.790553][T11005] ? anon_vma_clone+0x405/0x5c0 [ 396.790608][T11005] copy_vma+0x6c2/0xaa0 [ 396.790662][T11005] ? __pfx_copy_vma+0x10/0x10 [ 396.790720][T11005] ? register_lock_class+0x41/0x4c0 [ 396.790764][T11005] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 396.790833][T11005] copy_vma_and_data+0x1cf/0x750 [ 396.790886][T11005] ? __pfx_copy_vma_and_data+0x10/0x10 [ 396.790944][T11005] ? __vma_enter_locked+0x163/0x3f0 [ 396.790992][T11005] ? find_held_lock+0x2b/0x80 [ 396.791026][T11005] ? move_vma+0x536/0x1740 [ 396.791069][T11005] ? __vm_enough_memory+0x184/0x3f0 [ 396.791110][T11005] move_vma+0x548/0x1740 [ 396.791164][T11005] ? __pfx_move_vma+0x10/0x10 [ 396.791218][T11005] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 396.791256][T11005] ? cap_mmap_addr+0x4b/0x120 [ 396.791285][T11005] ? bpf_lsm_mmap_addr+0x9/0x10 [ 396.791318][T11005] ? security_mmap_addr+0x6c/0x1e0 [ 396.791358][T11005] ? __get_unmapped_area+0x267/0x440 [ 396.791398][T11005] ? vrm_set_new_addr+0x208/0x290 [ 396.791455][T11005] __do_sys_mremap+0xe07/0x1590 [ 396.791507][T11005] ? __pfx___do_sys_mremap+0x10/0x10 [ 396.791557][T11005] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 396.791611][T11005] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 396.791665][T11005] ? __fget_files+0x20e/0x3c0 [ 396.791741][T11005] do_syscall_64+0xcd/0x490 [ 396.791792][T11005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.791824][T11005] RIP: 0033:0x7f5c3c98e929 [ 396.791849][T11005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 396.791880][T11005] RSP: 002b:00007f5c3d866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 396.791909][T11005] RAX: ffffffffffffffda RBX: 00007f5c3cbb5fa0 RCX: 00007f5c3c98e929 [ 396.791939][T11005] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 00000000fffff000 [ 396.791956][T11005] RBP: 00007f5c3d866090 R08: 00000001001ff000 R09: 0000000000000000 [ 396.791974][T11005] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 396.791990][T11005] R13: 0000000000000000 R14: 00007f5c3cbb5fa0 R15: 00007fff69ee8208 [ 396.792029][T11005] [ 397.888045][T10986] Process accounting resumed [ 399.155222][T11021] Invalid ELF header magic: != ELF [ 399.742088][T11037] random: crng reseeded on system resumption [ 400.579565][T11046] netlink: 6 bytes leftover after parsing attributes in process `syz.3.977'. [ 401.603869][T11062] FAULT_INJECTION: forcing a failure. [ 401.603869][T11062] name failslab, interval 1, probability 0, space 0, times 0 [ 401.618863][T11062] CPU: 1 UID: 0 PID: 11062 Comm: syz.2.980 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 401.618902][T11062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 401.618939][T11062] Call Trace: [ 401.618949][T11062] [ 401.618961][T11062] dump_stack_lvl+0x16c/0x1f0 [ 401.619014][T11062] should_fail_ex+0x512/0x640 [ 401.619059][T11062] ? kmem_cache_alloc_bulk_noprof+0x6d/0xbc0 [ 401.619124][T11062] should_failslab+0xc2/0x120 [ 401.619153][T11062] kmem_cache_alloc_bulk_noprof+0x85/0xbc0 [ 401.619223][T11062] ? trace_kmem_cache_alloc+0x28/0xc0 [ 401.619263][T11062] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 401.619322][T11062] ? mas_alloc_nodes+0x18b/0x8b0 [ 401.619365][T11062] ? mas_alloc_nodes+0x2f1/0x8b0 [ 401.619402][T11062] mas_alloc_nodes+0x2f1/0x8b0 [ 401.619449][T11062] mas_node_count_gfp+0x105/0x130 [ 401.619492][T11062] mas_preallocate+0x7e0/0xde0 [ 401.619528][T11062] ? __pfx_mas_preallocate+0x10/0x10 [ 401.619573][T11062] ? __pfx___might_resched+0x10/0x10 [ 401.619614][T11062] vma_link+0x135/0x6a0 [ 401.619658][T11062] ? anon_vma_clone+0x3fe/0x5c0 [ 401.619701][T11062] ? __pfx_vma_link+0x10/0x10 [ 401.619753][T11062] ? anon_vma_clone+0x405/0x5c0 [ 401.619804][T11062] copy_vma+0x6c2/0xaa0 [ 401.619853][T11062] ? __pfx_copy_vma+0x10/0x10 [ 401.619908][T11062] ? register_lock_class+0x41/0x4c0 [ 401.619950][T11062] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 401.620013][T11062] copy_vma_and_data+0x1cf/0x750 [ 401.620062][T11062] ? __pfx_copy_vma_and_data+0x10/0x10 [ 401.620116][T11062] ? __vma_enter_locked+0x163/0x3f0 [ 401.620160][T11062] ? find_held_lock+0x2b/0x80 [ 401.620192][T11062] ? move_vma+0x536/0x1740 [ 401.620233][T11062] ? __vm_enough_memory+0x184/0x3f0 [ 401.620284][T11062] move_vma+0x548/0x1740 [ 401.620334][T11062] ? __pfx_move_vma+0x10/0x10 [ 401.620384][T11062] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 401.620420][T11062] ? cap_mmap_addr+0x4b/0x120 [ 401.620447][T11062] ? bpf_lsm_mmap_addr+0x9/0x10 [ 401.620479][T11062] ? security_mmap_addr+0x6c/0x1e0 [ 401.620517][T11062] ? __get_unmapped_area+0x267/0x440 [ 401.620555][T11062] ? vrm_set_new_addr+0x208/0x290 [ 401.620603][T11062] __do_sys_mremap+0xe07/0x1590 [ 401.620652][T11062] ? __pfx___do_sys_mremap+0x10/0x10 [ 401.620698][T11062] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 401.620750][T11062] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 401.620801][T11062] ? __fget_files+0x20e/0x3c0 [ 401.620871][T11062] do_syscall_64+0xcd/0x490 [ 401.620919][T11062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.620948][T11062] RIP: 0033:0x7f4397b8e929 [ 401.620971][T11062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.621000][T11062] RSP: 002b:00007f4398a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 401.621028][T11062] RAX: ffffffffffffffda RBX: 00007f4397db5fa0 RCX: 00007f4397b8e929 [ 401.621046][T11062] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 00000000fffff000 [ 401.621064][T11062] RBP: 00007f4398a81090 R08: 00000001001ff000 R09: 0000000000000000 [ 401.621081][T11062] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 401.621098][T11062] R13: 0000000000000000 R14: 00007f4397db5fa0 R15: 00007ffd28675ab8 [ 401.621136][T11062] [ 404.308745][T11073] Invalid ELF header magic: != ELF [ 404.719345][T11105] bridge0: port 3(dummy0) entered blocking state [ 404.728464][T11105] bridge0: port 3(dummy0) entered disabled state [ 404.749889][T11105] dummy0: entered allmulticast mode [ 404.822192][T11105] dummy0: entered promiscuous mode [ 404.827961][T11105] bridge0: port 3(dummy0) entered blocking state [ 404.834577][T11105] bridge0: port 3(dummy0) entered forwarding state [ 405.100651][T11117] vivid-003: ================= START STATUS ================= [ 405.224255][T11117] vivid-003: Radio HW Seek Mode: Bounded [ 405.259711][T11117] vivid-003: Radio Programmable HW Seek: false [ 405.308551][T11117] vivid-003: RDS Rx I/O Mode: Block I/O [ 405.323840][T11117] vivid-003: Generate RBDS Instead of RDS: false [ 405.348188][T11117] vivid-003: RDS Reception: true [ 405.371842][T11117] vivid-003: RDS Program Type: 0 inactive [ 405.377672][T11117] vivid-003: RDS PS Name: inactive [ 405.403686][T11117] vivid-003: RDS Radio Text: inactive [ 405.409242][T11117] vivid-003: RDS Traffic Announcement: false inactive [ 405.417943][T11117] vivid-003: RDS Traffic Program: false inactive [ 405.426258][T11117] vivid-003: RDS Music: false inactive [ 405.479768][T11117] vivid-003: ================== END STATUS ================== [ 406.074039][T11108] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 406.906125][T11138] netlink: 350 bytes leftover after parsing attributes in process `syz.2.992'. [ 407.512566][T11148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'. [ 407.557040][T11140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.993'. [ 407.591095][T11140] openvswitch: HfR: Dropping previously announced user features [ 407.599867][T11148] input: f as /devices/virtual/input/input24 [ 408.245412][T11161] netlink: 330 bytes leftover after parsing attributes in process `syz.1.998'. [ 408.869546][T11175] random: crng reseeded on system resumption [ 409.868272][T11159] Invalid ELF header magic: != ELF [ 409.941329][T11187] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1002'. [ 410.240648][T11196] random: crng reseeded on system resumption [ 412.479395][T11236] random: crng reseeded on system resumption [ 414.356317][T11269] [ 414.358720][T11269] ====================================================== [ 414.365753][T11269] WARNING: possible circular locking dependency detected [ 414.372793][T11269] 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 Not tainted [ 414.379914][T11269] ------------------------------------------------------ [ 414.386943][T11269] syz.0.1017/11269 is trying to acquire lock: [ 414.393098][T11269] ffff8880264b1970 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 414.402985][T11269] [ 414.402985][T11269] but task is already holding lock: [ 414.410366][T11269] ffff8880264b1438 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 414.421644][T11269] [ 414.421644][T11269] which lock already depends on the new lock. [ 414.421644][T11269] [ 414.432062][T11269] [ 414.432062][T11269] the existing dependency chain (in reverse order) is: [ 414.441088][T11269] [ 414.441088][T11269] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}: [ 414.449732][T11269] blk_alloc_queue+0x619/0x760 [ 414.455071][T11269] blk_mq_alloc_queue+0x175/0x290 [ 414.460653][T11269] __blk_mq_alloc_disk+0x29/0x120 [ 414.466324][T11269] nbd_dev_add+0x4a0/0xbc0 [ 414.471303][T11269] nbd_init+0x181/0x320 [ 414.476029][T11269] do_one_initcall+0x120/0x6e0 [ 414.481341][T11269] kernel_init_freeable+0x5c2/0x900 [ 414.487099][T11269] kernel_init+0x1c/0x2b0 [ 414.491967][T11269] ret_from_fork+0x5d7/0x6f0 [ 414.497117][T11269] ret_from_fork_asm+0x1a/0x30 [ 414.502434][T11269] [ 414.502434][T11269] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 414.509677][T11269] fs_reclaim_acquire+0x102/0x150 [ 414.515238][T11269] prepare_alloc_pages+0x162/0x610 [ 414.520891][T11269] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 414.527357][T11269] __alloc_pages_noprof+0xb/0x1b0 [ 414.532937][T11269] pcpu_populate_chunk+0x110/0xb00 [ 414.538600][T11269] pcpu_alloc_noprof+0x86a/0x1470 [ 414.544189][T11269] xt_percpu_counter_alloc+0x13e/0x1b0 [ 414.550225][T11269] find_check_entry.constprop.0+0xbf/0xa20 [ 414.556586][T11269] translate_table+0xd0b/0x17b0 [ 414.561986][T11269] ip6t_register_table+0x102/0x430 [ 414.567674][T11269] ip6table_mangle_table_init+0x40/0x60 [ 414.573781][T11269] xt_find_table_lock+0x2e4/0x520 [ 414.579365][T11269] xt_request_find_table_lock+0x28/0xf0 [ 414.585468][T11269] get_info+0x190/0x620 [ 414.590166][T11269] do_ip6t_get_ctl+0x169/0xa50 [ 414.595467][T11269] nf_getsockopt+0x79/0xe0 [ 414.600418][T11269] ipv6_getsockopt+0x1f7/0x280 [ 414.605721][T11269] tcp_getsockopt+0xa1/0x100 [ 414.610867][T11269] do_sock_getsockopt+0x3ff/0x800 [ 414.616434][T11269] __sys_getsockopt+0x123/0x1b0 [ 414.621839][T11269] __x64_sys_getsockopt+0xbd/0x160 [ 414.627522][T11269] do_syscall_64+0xcd/0x490 [ 414.632590][T11269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.639031][T11269] [ 414.639031][T11269] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 414.646795][T11269] __mutex_lock+0x199/0xb90 [ 414.651860][T11269] pcpu_alloc_noprof+0xb4c/0x1470 [ 414.657452][T11269] sbitmap_init_node+0x2fd/0x770 [ 414.662944][T11269] sbitmap_queue_init_node+0x41/0x560 [ 414.668866][T11269] blk_mq_init_tags+0x12d/0x2b0 [ 414.674276][T11269] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 414.680385][T11269] blk_mq_init_sched+0x30c/0x610 [ 414.685870][T11269] elevator_switch+0x1e1/0x7f0 [ 414.691173][T11269] elevator_change+0x2ac/0x400 [ 414.696482][T11269] elevator_set_default+0x292/0x320 [ 414.702238][T11269] blk_register_queue+0x393/0x4f0 [ 414.707821][T11269] __add_disk+0x74a/0xf00 [ 414.712704][T11269] add_disk_fwnode+0x13f/0x5d0 [ 414.718024][T11269] nbd_dev_add+0x791/0xbc0 [ 414.723001][T11269] nbd_init+0x181/0x320 [ 414.727711][T11269] do_one_initcall+0x120/0x6e0 [ 414.733022][T11269] kernel_init_freeable+0x5c2/0x900 [ 414.738874][T11269] kernel_init+0x1c/0x2b0 [ 414.743756][T11269] ret_from_fork+0x5d7/0x6f0 [ 414.748902][T11269] ret_from_fork_asm+0x1a/0x30 [ 414.754239][T11269] [ 414.754239][T11269] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 414.762115][T11269] __lock_acquire+0x126f/0x1c90 [ 414.767526][T11269] lock_acquire+0x179/0x350 [ 414.772605][T11269] __mutex_lock+0x199/0xb90 [ 414.777776][T11269] queue_requests_store+0x1c7/0x310 [ 414.783538][T11269] queue_attr_store+0x276/0x320 [ 414.788969][T11269] sysfs_kf_write+0xef/0x150 [ 414.794106][T11269] kernfs_fop_write_iter+0x354/0x510 [ 414.799931][T11269] iter_file_splice_write+0x91f/0x1150 [ 414.805942][T11269] direct_splice_actor+0x192/0x6c0 [ 414.811612][T11269] splice_direct_to_actor+0x342/0xa30 [ 414.817538][T11269] do_splice_direct+0x174/0x240 [ 414.822956][T11269] do_sendfile+0xb06/0xe50 [ 414.827934][T11269] __x64_sys_sendfile64+0x1d8/0x220 [ 414.833689][T11269] do_syscall_64+0xcd/0x490 [ 414.838766][T11269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.845209][T11269] [ 414.845209][T11269] other info that might help us debug this: [ 414.845209][T11269] [ 414.855461][T11269] Chain exists of: [ 414.855461][T11269] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59 [ 414.855461][T11269] [ 414.869260][T11269] Possible unsafe locking scenario: [ 414.869260][T11269] [ 414.876727][T11269] CPU0 CPU1 [ 414.882107][T11269] ---- ---- [ 414.887485][T11269] lock(&q->q_usage_counter(io)#59); [ 414.892921][T11269] lock(fs_reclaim); [ 414.899449][T11269] lock(&q->q_usage_counter(io)#59); [ 414.907377][T11269] lock(&q->elevator_lock); [ 414.912002][T11269] [ 414.912002][T11269] *** DEADLOCK *** [ 414.912002][T11269] [ 414.920162][T11269] 5 locks held by syz.0.1017/11269: [ 414.925370][T11269] #0: ffff888031274428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 [ 414.935433][T11269] #1: ffff888059898488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 414.945219][T11269] #2: ffff8880267714b8 (kn->active#173){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 414.955372][T11269] #3: ffff8880264b1438 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 414.967092][T11269] #4: ffff8880264b1470 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 414.979088][T11269] [ 414.979088][T11269] stack backtrace: [ 414.984988][T11269] CPU: 1 UID: 0 PID: 11269 Comm: syz.0.1017 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 414.985022][T11269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.985037][T11269] Call Trace: [ 414.985045][T11269] [ 414.985072][T11269] dump_stack_lvl+0x116/0x1f0 [ 414.985114][T11269] print_circular_bug+0x275/0x350 [ 414.985151][T11269] check_noncircular+0x14c/0x170 [ 414.985190][T11269] __lock_acquire+0x126f/0x1c90 [ 414.985228][T11269] ? __lock_acquire+0xb8a/0x1c90 [ 414.985266][T11269] lock_acquire+0x179/0x350 [ 414.985301][T11269] ? queue_requests_store+0x1c7/0x310 [ 414.985346][T11269] ? __pfx___might_resched+0x10/0x10 [ 414.985376][T11269] ? do_raw_spin_lock+0x12c/0x2b0 [ 414.985419][T11269] __mutex_lock+0x199/0xb90 [ 414.985457][T11269] ? queue_requests_store+0x1c7/0x310 [ 414.985501][T11269] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 414.985565][T11269] ? queue_requests_store+0x1c7/0x310 [ 414.985607][T11269] ? lockdep_hardirqs_on+0x7c/0x110 [ 414.985646][T11269] ? __pfx___mutex_lock+0x10/0x10 [ 414.985691][T11269] ? __pfx_autoremove_wake_function+0x10/0x10 [ 414.985731][T11269] ? queue_requests_store+0x1c7/0x310 [ 414.985774][T11269] queue_requests_store+0x1c7/0x310 [ 414.985819][T11269] ? __pfx_queue_requests_store+0x10/0x10 [ 414.985866][T11269] ? __mutex_trylock_common+0xe9/0x250 [ 414.985906][T11269] ? __pfx_queue_requests_store+0x10/0x10 [ 414.985950][T11269] queue_attr_store+0x276/0x320 [ 414.985993][T11269] ? __pfx_queue_attr_store+0x10/0x10 [ 414.986033][T11269] ? __lock_acquire+0x622/0x1c90 [ 414.986076][T11269] ? tb_cfg_print_error+0x4a3/0x770 [ 414.986127][T11269] ? find_held_lock+0x2b/0x80 [ 414.986154][T11269] ? sysfs_file_kobj+0xe4/0x290 [ 414.986188][T11269] ? __pfx_queue_attr_store+0x10/0x10 [ 414.986229][T11269] sysfs_kf_write+0xef/0x150 [ 414.986262][T11269] kernfs_fop_write_iter+0x354/0x510 [ 414.986290][T11269] ? __pfx_sysfs_kf_write+0x10/0x10 [ 414.986324][T11269] iter_file_splice_write+0x91f/0x1150 [ 414.986371][T11269] ? __pfx_iter_file_splice_write+0x10/0x10 [ 414.986412][T11269] ? __pfx_copy_splice_read+0x10/0x10 [ 414.986454][T11269] ? __pfx_iter_file_splice_write+0x10/0x10 [ 414.986492][T11269] direct_splice_actor+0x192/0x6c0 [ 414.986530][T11269] splice_direct_to_actor+0x342/0xa30 [ 414.986566][T11269] ? __pfx_direct_splice_actor+0x10/0x10 [ 414.986605][T11269] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 414.986646][T11269] do_splice_direct+0x174/0x240 [ 414.986680][T11269] ? __pfx_do_splice_direct+0x10/0x10 [ 414.986715][T11269] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 414.986752][T11269] ? rw_verify_area+0xcf/0x680 [ 414.986788][T11269] do_sendfile+0xb06/0xe50 [ 414.986827][T11269] ? __pfx_do_sendfile+0x10/0x10 [ 414.986862][T11269] ? handle_mm_fault+0x2ab/0xd10 [ 414.986899][T11269] ? __x64_sys_futex+0x1e0/0x4c0 [ 414.986932][T11269] ? __x64_sys_futex+0x1e9/0x4c0 [ 414.986967][T11269] __x64_sys_sendfile64+0x1d8/0x220 [ 414.986994][T11269] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 414.987025][T11269] do_syscall_64+0xcd/0x490 [ 414.987074][T11269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.987102][T11269] RIP: 0033:0x7effd6f8e929 [ 414.987123][T11269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.987152][T11269] RSP: 002b:00007effd7d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 414.987178][T11269] RAX: ffffffffffffffda RBX: 00007effd71b5fa0 RCX: 00007effd6f8e929 [ 414.987196][T11269] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 414.987212][T11269] RBP: 00007effd7010b39 R08: 0000000000000000 R09: 0000000000000000 [ 414.987229][T11269] R10: 00000000000001fc R11: 0000000000000246 R12: 0000000000000000 [ 414.987246][T11269] R13: 0000000000000000 R14: 00007effd71b5fa0 R15: 00007ffed01b9af8 [ 414.987271][T11269] [ 415.922938][T11260] caif:caif_disconnect_client(): nothing to disconnect