last executing test programs: 4.455992014s ago: executing program 2 (id=3282): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_BLKTRACESETUP32(r0, 0xc0401273, &(0x7f0000000440)={"e863192c8ee2c138c20ae365128c2bc22cf83f1a7155aed629c4952dc7dff02a", 0x80, 0x7, 0x5, 0x8, 0x7, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r1) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd27, 0x25dfdc02, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x11, 0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x80014) 4.057259073s ago: executing program 0 (id=3286): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = epoll_create$auto(0x3e) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) 4.057131759s ago: executing program 2 (id=3287): r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) setsockopt$auto(r0, 0x6, 0x1e, 0x0, 0xa1) 3.636261153s ago: executing program 0 (id=3290): sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRES16, @ANYBLOB="010527bd7000fbdbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="180002"], 0x34}, 0x1, 0x0, 0x0, 0x4028811}, 0x4080) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x8108}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3.635704696s ago: executing program 2 (id=3291): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x24, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003ec, 0x14) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) 3.317705307s ago: executing program 0 (id=3293): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu0/hotplug/fail\x00', 0x808882, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none\x00', 0x183042, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 3.191181332s ago: executing program 2 (id=3294): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0xa, 0x5, 0x84) bpf$auto(0xfffffffd, 0x0, 0xa3) write$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffffff, &(0x7f0000000000)="706f3a82d9e5cc7c2ceda8d50bfc94be9fe6c22ffaf8493a38", 0x19) sendto$auto(r0, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) 3.005657094s ago: executing program 0 (id=3296): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r1, 0x1, 0x4070bd27, 0x25dfdbf9, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20044000) 2.764630636s ago: executing program 2 (id=3301): mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x84) socketpair$auto(0x7, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(r0, 0x84, 0x15, 0x0, 0x1) 2.357221467s ago: executing program 0 (id=3303): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) read$auto(0x3, 0x0, 0x7) 1.492413675s ago: executing program 2 (id=3307): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 1.067786371s ago: executing program 1 (id=3316): socket(0xa, 0x3, 0x73) socket(0x29, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) getsockopt$auto(0x6, 0x10f, 0x4, 0xfffffffffffffffe, 0x0) 989.189209ms ago: executing program 1 (id=3317): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x8) pipe$auto(0x0) madvise$auto(0x0, 0x2003f0, 0x15) 941.036156ms ago: executing program 1 (id=3318): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x40000, 0x0) ioctl$auto_EVIOCREVOKE(r0, 0x40044591, 0x0) ioctl$auto(0x3, 0x40081271, 0x38) 884.642421ms ago: executing program 1 (id=3319): openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x10bb41, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 845.212344ms ago: executing program 0 (id=3320): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop1/queue/scheduler\x00', 0xa001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r0, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) 840.828512ms ago: executing program 3 (id=3321): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket(0x15, 0x5, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) write$auto(0x6, 0x0, 0x100000001) 815.604742ms ago: executing program 1 (id=3322): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r1) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)={0x2e20, r2, 0x1, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2e07}]}, 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 411.23332ms ago: executing program 1 (id=3324): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000001e00), 0x8000, 0x0) r0 = epoll_create$auto(0x8) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) 410.640385ms ago: executing program 3 (id=3325): select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x3, 0xd, 0x250, 0x100000000, 0x2c2, 0x800002017d, 0x4, 0x40, 0xd, 0xd59, 0xfb, 0xff, 0x21, 0x100000005]}, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 89.239504ms ago: executing program 3 (id=3326): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xffffffff, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x80000000000002, 0x7, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, [0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x1fe, 0x2) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 89.106954ms ago: executing program 3 (id=3327): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x7, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 51.18521ms ago: executing program 3 (id=3328): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x1, 0x1862, 0x0, 0xfffffffffffffffd) 0s ago: executing program 3 (id=3329): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000040)={0x15, 0x0, 0x1, @raw=0x2}}) kernel console output (not intermixed with test programs): 85-6P_U \x5c$'ˠoC]FG\x0cu֥*qJd~\x09sDb'X&Xb(g}\x0d\x0c|f?@]\x0d~<+Id\x22D)[v>:XdB2ɕbRl\x09@Y\x5c:|P2f&\x0b\x09*8pPBj%&/F`Rޔ)<kyv/PfO^]^*BI?2lg$V##> v4}8{2G7THS\x1byƥ/I1EXc\x0apvAoPйVבz̞4ڿ+)ì}+\x0dKCBKnwPJKck\x0c8?1ؘ54v=*㠮E\x0b˿5--;|\x0a¬O-a T_YԂLkp\x5cm<(@&yՒRGLRw9&,^p1__f+HoAZ~ 0S{g2tqױFIZq{8|\x0bKFPA4/Ȍ-<b`AtگͷVDoZ~ʾN\x0boXl9_v}BjPiCm [ 103.553456][ T6602] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.458387][ T6655] FAULT_INJECTION: forcing a failure. [ 105.458387][ T6655] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 105.505525][ T6655] CPU: 0 UID: 0 PID: 6655 Comm: syz.2.302 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 105.505563][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.505579][ T6655] Call Trace: [ 105.505587][ T6655] [ 105.505596][ T6655] dump_stack_lvl+0x16c/0x1f0 [ 105.505640][ T6655] should_fail_ex+0x512/0x640 [ 105.505671][ T6655] should_fail_alloc_page+0xe7/0x130 [ 105.505707][ T6655] prepare_alloc_pages+0x3c2/0x610 [ 105.505742][ T6655] ? arch_stack_walk+0xa6/0x100 [ 105.505773][ T6655] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 105.505821][ T6655] ? stack_trace_save+0x8e/0xc0 [ 105.505849][ T6655] ? __pfx_stack_trace_save+0x10/0x10 [ 105.505877][ T6655] ? stack_depot_save_flags+0x28/0xa40 [ 105.505910][ T6655] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 105.505944][ T6655] ? kasan_save_stack+0x42/0x60 [ 105.505971][ T6655] ? kasan_save_stack+0x33/0x60 [ 105.505997][ T6655] ? kasan_save_track+0x14/0x30 [ 105.506022][ T6655] ? __kasan_slab_alloc+0x89/0x90 [ 105.506049][ T6655] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 105.506077][ T6655] ? security_inode_alloc+0x3b/0x2b0 [ 105.506113][ T6655] ? inode_init_always_gfp+0xce4/0x1030 [ 105.506144][ T6655] ? do_syscall_64+0xcd/0x490 [ 105.506179][ T6655] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.506214][ T6655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 105.506252][ T6655] ? policy_nodemask+0xea/0x4e0 [ 105.506287][ T6655] alloc_pages_mpol+0x1fb/0x550 [ 105.506320][ T6655] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 105.506362][ T6655] ? sk_prot_alloc+0x1a8/0x2a0 [ 105.506387][ T6655] ___kmalloc_large_node+0xed/0x160 [ 105.506426][ T6655] ? sk_prot_alloc+0x1a8/0x2a0 [ 105.506450][ T6655] __kmalloc_large_node_noprof+0x1c/0x70 [ 105.506490][ T6655] __kmalloc_noprof.cold+0xc/0x61 [ 105.506533][ T6655] sk_prot_alloc+0x1a8/0x2a0 [ 105.506562][ T6655] sk_alloc+0x36/0xc20 [ 105.506598][ T6655] can_create+0x1e5/0x600 [ 105.506636][ T6655] __sock_create+0x338/0x8d0 [ 105.506672][ T6655] __sys_socket+0x14d/0x260 [ 105.506702][ T6655] ? __pfx___sys_socket+0x10/0x10 [ 105.506731][ T6655] ? xfd_validate_state+0x61/0x180 [ 105.506764][ T6655] ? __pfx_ksys_write+0x10/0x10 [ 105.506807][ T6655] __x64_sys_socket+0x72/0xb0 [ 105.506836][ T6655] ? lockdep_hardirqs_on+0x7c/0x110 [ 105.506872][ T6655] do_syscall_64+0xcd/0x490 [ 105.506912][ T6655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.506936][ T6655] RIP: 0033:0x7fe4bb78eb69 [ 105.506957][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.506980][ T6655] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 105.507005][ T6655] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 105.507023][ T6655] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 105.507038][ T6655] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 105.507054][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.507069][ T6655] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 105.507105][ T6655] [ 105.574110][ T6660] random: crng reseeded on system resumption [ 106.151461][ T6667] zswap: compressor not available [ 106.751416][ T6699] FAULT_INJECTION: forcing a failure. [ 106.751416][ T6699] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 106.795498][ T6699] CPU: 1 UID: 0 PID: 6699 Comm: syz.2.321 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 106.795536][ T6699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 106.795551][ T6699] Call Trace: [ 106.795559][ T6699] [ 106.795569][ T6699] dump_stack_lvl+0x16c/0x1f0 [ 106.795612][ T6699] should_fail_ex+0x512/0x640 [ 106.795642][ T6699] _copy_from_user+0x2e/0xd0 [ 106.795670][ T6699] get_timespec64+0x8b/0x1b0 [ 106.795700][ T6699] ? __pfx_get_timespec64+0x10/0x10 [ 106.795740][ T6699] __x64_sys_utimensat+0x17a/0x290 [ 106.795770][ T6699] ? __do_sys_openat2+0x1c8/0x2d0 [ 106.795805][ T6699] ? __pfx___x64_sys_utimensat+0x10/0x10 [ 106.795851][ T6699] do_syscall_64+0xcd/0x490 [ 106.795890][ T6699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.795916][ T6699] RIP: 0033:0x7fe4bb78eb69 [ 106.795936][ T6699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.795960][ T6699] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000118 [ 106.795983][ T6699] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 106.796000][ T6699] RDX: 0000200000001400 RSI: 0000000000000000 RDI: ffffffffffffffff [ 106.796016][ T6699] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 106.796031][ T6699] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 106.796045][ T6699] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 106.796079][ T6699] [ 108.125013][ T6741] erspan0: entered allmulticast mode [ 110.904242][ T6822] zswap: compressor not available [ 112.121360][ T6876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.399'. [ 114.962927][ T6975] random: crng reseeded on system resumption [ 115.539153][ T6999] FAULT_INJECTION: forcing a failure. [ 115.539153][ T6999] name failslab, interval 1, probability 0, space 0, times 0 [ 115.554127][ T6999] CPU: 1 UID: 0 PID: 6999 Comm: syz.3.452 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 115.554165][ T6999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 115.554182][ T6999] Call Trace: [ 115.554190][ T6999] [ 115.554200][ T6999] dump_stack_lvl+0x16c/0x1f0 [ 115.554245][ T6999] should_fail_ex+0x512/0x640 [ 115.554270][ T6999] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 115.554306][ T6999] should_failslab+0xc2/0x120 [ 115.554338][ T6999] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 115.554369][ T6999] ? __alloc_skb+0x2b2/0x380 [ 115.554408][ T6999] __alloc_skb+0x2b2/0x380 [ 115.554443][ T6999] ? __pfx___alloc_skb+0x10/0x10 [ 115.554483][ T6999] ? if_nlmsg_size+0x475/0xaf0 [ 115.554525][ T6999] rtmsg_ifinfo_build_skb+0x81/0x280 [ 115.554560][ T6999] rtmsg_ifinfo+0x9f/0x1a0 [ 115.554593][ T6999] netif_state_change+0x17f/0x3b0 [ 115.554622][ T6999] ? __pfx_netif_state_change+0x10/0x10 [ 115.554655][ T6999] ? tun_get+0x191/0x370 [ 115.554690][ T6999] netdev_state_change+0xaa/0x240 [ 115.554718][ T6999] __tun_chr_ioctl+0x2443/0x48b0 [ 115.554747][ T6999] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 115.554798][ T6999] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 115.554833][ T6999] ? hook_file_ioctl_common+0x145/0x410 [ 115.554884][ T6999] ? __fget_files+0x20e/0x3c0 [ 115.554918][ T6999] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 115.554951][ T6999] __x64_sys_ioctl+0x18b/0x210 [ 115.554992][ T6999] do_syscall_64+0xcd/0x490 [ 115.555031][ T6999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.555057][ T6999] RIP: 0033:0x7f401b18eb69 [ 115.555077][ T6999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.555101][ T6999] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.555125][ T6999] RAX: ffffffffffffffda RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 115.555142][ T6999] RDX: 0000000000005c8d RSI: 00000000400454cc RDI: 00000000000000c8 [ 115.555158][ T6999] RBP: 00007f401b211df1 R08: 0000000000000000 R09: 0000000000000000 [ 115.555174][ T6999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.555189][ T6999] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 115.555224][ T6999] [ 115.777612][ C1] vkms_vblank_simulate: vblank timer overrun [ 116.662111][ T7033] FAULT_INJECTION: forcing a failure. [ 116.662111][ T7033] name failslab, interval 1, probability 0, space 0, times 0 [ 116.689135][ T7033] CPU: 1 UID: 0 PID: 7033 Comm: syz.1.468 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 116.689171][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 116.689185][ T7033] Call Trace: [ 116.689193][ T7033] [ 116.689203][ T7033] dump_stack_lvl+0x16c/0x1f0 [ 116.689246][ T7033] should_fail_ex+0x512/0x640 [ 116.689271][ T7033] ? __kmalloc_noprof+0xbf/0x510 [ 116.689304][ T7033] ? sk_prot_alloc+0x1a8/0x2a0 [ 116.689329][ T7033] should_failslab+0xc2/0x120 [ 116.689363][ T7033] __kmalloc_noprof+0xd2/0x510 [ 116.689398][ T7033] sk_prot_alloc+0x1a8/0x2a0 [ 116.689436][ T7033] sk_alloc+0x36/0xc20 [ 116.689473][ T7033] alg_create+0x9e/0x150 [ 116.689511][ T7033] __sock_create+0x338/0x8d0 [ 116.689546][ T7033] __sys_socket+0x14d/0x260 [ 116.689575][ T7033] ? __pfx___sys_socket+0x10/0x10 [ 116.689601][ T7033] ? __pfx___x64_sys_clock_gettime+0x10/0x10 [ 116.689645][ T7033] __x64_sys_socket+0x72/0xb0 [ 116.689672][ T7033] ? lockdep_hardirqs_on+0x7c/0x110 [ 116.689706][ T7033] do_syscall_64+0xcd/0x490 [ 116.689743][ T7033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.689769][ T7033] RIP: 0033:0x7fcedaf8eb69 [ 116.689790][ T7033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.689813][ T7033] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 116.689837][ T7033] RAX: ffffffffffffffda RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 116.689854][ T7033] RDX: 0000000000000000 RSI: 0000000000080805 RDI: 0000000000000026 [ 116.689870][ T7033] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 0000000000000000 [ 116.689886][ T7033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.689901][ T7033] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 116.689935][ T7033] [ 116.879525][ C1] vkms_vblank_simulate: vblank timer overrun [ 117.051103][ T7038] FAULT_INJECTION: forcing a failure. [ 117.051103][ T7038] name failslab, interval 1, probability 0, space 0, times 0 [ 117.109491][ T7038] CPU: 0 UID: 0 PID: 7038 Comm: syz.1.470 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 117.109528][ T7038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 117.109542][ T7038] Call Trace: [ 117.109549][ T7038] [ 117.109558][ T7038] dump_stack_lvl+0x16c/0x1f0 [ 117.109601][ T7038] should_fail_ex+0x512/0x640 [ 117.109637][ T7038] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 117.109672][ T7038] should_failslab+0xc2/0x120 [ 117.109704][ T7038] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 117.109732][ T7038] ? __d_alloc+0x32/0xae0 [ 117.109765][ T7038] __d_alloc+0x32/0xae0 [ 117.109796][ T7038] d_alloc_parallel+0x111/0x1480 [ 117.109833][ T7038] ? __lock_acquire+0x62e/0x1ce0 [ 117.109877][ T7038] ? __pfx_d_alloc_parallel+0x10/0x10 [ 117.109916][ T7038] ? lockdep_init_map_type+0x5c/0x280 [ 117.109951][ T7038] ? lockdep_init_map_type+0x5c/0x280 [ 117.109990][ T7038] __lookup_slow+0x193/0x460 [ 117.110028][ T7038] ? __pfx___lookup_slow+0x10/0x10 [ 117.110069][ T7038] ? perf_trace_kcompactd_wake_template+0x340/0x4d0 [ 117.110114][ T7038] ? perf_trace_kcompactd_wake_template+0x340/0x4d0 [ 117.110147][ T7038] ? d_lookup+0xe7/0x190 [ 117.110190][ T7038] lookup_noperm+0xe1/0x110 [ 117.110224][ T7038] simple_start_creating+0xd1/0x1b0 [ 117.110254][ T7038] start_creating.part.0+0x82/0x190 [ 117.110293][ T7038] __debugfs_create_file+0xa7/0x6b0 [ 117.110322][ T7038] debugfs_create_file_full+0x41/0x60 [ 117.110352][ T7038] ref_tracker_dir_debugfs+0x19d/0x290 [ 117.110378][ T7038] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 117.110440][ T7038] ? lockdep_init_map_type+0x5c/0x280 [ 117.110479][ T7038] preinit_net+0x296/0x8f0 [ 117.110517][ T7038] copy_net_ns+0x1da/0x5f0 [ 117.110547][ T7038] create_new_namespaces+0x3ea/0xa90 [ 117.110582][ T7038] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 117.110625][ T7038] ksys_unshare+0x45b/0xa40 [ 117.110659][ T7038] ? __pfx_ksys_unshare+0x10/0x10 [ 117.110694][ T7038] ? xfd_validate_state+0x61/0x180 [ 117.110739][ T7038] __x64_sys_unshare+0x31/0x40 [ 117.110772][ T7038] do_syscall_64+0xcd/0x490 [ 117.110811][ T7038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.110837][ T7038] RIP: 0033:0x7fcedaf8eb69 [ 117.110858][ T7038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.110881][ T7038] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 117.110906][ T7038] RAX: ffffffffffffffda RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 117.110923][ T7038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 117.110937][ T7038] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 0000000000000000 [ 117.110951][ T7038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.110965][ T7038] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 117.110999][ T7038] [ 118.814275][ T7085] FAULT_INJECTION: forcing a failure. [ 118.814275][ T7085] name failslab, interval 1, probability 0, space 0, times 0 [ 118.840430][ T7085] CPU: 1 UID: 0 PID: 7085 Comm: syz.0.485 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 118.840465][ T7085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.840480][ T7085] Call Trace: [ 118.840489][ T7085] [ 118.840499][ T7085] dump_stack_lvl+0x16c/0x1f0 [ 118.840547][ T7085] should_fail_ex+0x512/0x640 [ 118.840569][ T7085] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 118.840603][ T7085] should_failslab+0xc2/0x120 [ 118.840635][ T7085] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 118.840664][ T7085] ? copy_net_ns+0xe8/0x5f0 [ 118.840696][ T7085] copy_net_ns+0xe8/0x5f0 [ 118.840719][ T7085] ? copy_cgroup_ns+0x71/0x700 [ 118.840749][ T7085] create_new_namespaces+0x3ea/0xa90 [ 118.840787][ T7085] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 118.840819][ T7085] ksys_unshare+0x45b/0xa40 [ 118.840852][ T7085] ? __pfx_ksys_unshare+0x10/0x10 [ 118.840884][ T7085] ? xfd_validate_state+0x61/0x180 [ 118.840926][ T7085] __x64_sys_unshare+0x31/0x40 [ 118.840957][ T7085] do_syscall_64+0xcd/0x490 [ 118.840995][ T7085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.841019][ T7085] RIP: 0033:0x7f4d5978eb69 [ 118.841040][ T7085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.841064][ T7085] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 118.841087][ T7085] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 118.841103][ T7085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 118.841118][ T7085] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 118.841151][ T7085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.841166][ T7085] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 118.841200][ T7085] [ 119.027431][ C1] vkms_vblank_simulate: vblank timer overrun [ 121.464009][ T7157] netlink: 342 bytes leftover after parsing attributes in process `syz.3.510'. [ 121.630379][ T7159] netlink: 350 bytes leftover after parsing attributes in process `syz.0.511'. [ 122.202548][ T7182] netlink: 338 bytes leftover after parsing attributes in process `syz.1.532'. [ 123.614045][ T7223] netlink: 338 bytes leftover after parsing attributes in process `syz.2.537'. [ 123.764912][ T7228] random: crng reseeded on system resumption [ 123.805288][ T7228] Restarting kernel threads ... [ 123.821097][ T7228] Done restarting kernel threads. [ 123.838642][ T7232] block nbd9: NBD_DISCONNECT [ 124.855688][ T7263] netlink: 338 bytes leftover after parsing attributes in process `syz.3.553'. [ 125.018911][ T7270] block nbd9: NBD_DISCONNECT [ 125.698550][ T7293] tc_dump_action: action bad kind [ 127.045065][ T7333] tc_dump_action: action bad kind [ 127.270650][ T7341] random: crng reseeded on system resumption [ 127.273336][ T7342] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 127.307085][ T7341] Restarting kernel threads ... [ 127.320423][ T7341] Done restarting kernel threads. [ 127.862697][ T7359] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 128.280133][ T7374] tc_dump_action: action bad kind [ 128.750727][ T7386] netlink: 186 bytes leftover after parsing attributes in process `syz.1.606'. [ 128.779749][ T7391] random: crng reseeded on system resumption [ 128.844065][ T7391] Restarting kernel threads ... [ 128.859834][ T7391] Done restarting kernel threads. [ 129.096574][ T7400] relay: one or more items not logged [item size (56) > sub-buffer size (4)] [ 129.564751][ T7415] netlink: 186 bytes leftover after parsing attributes in process `syz.3.618'. [ 130.708473][ T7452] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 131.571195][ T7481] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 132.169118][ T7497] netlink: 206 bytes leftover after parsing attributes in process `syz.2.651'. [ 132.534246][ T7510] netlink: 186 bytes leftover after parsing attributes in process `syz.2.656'. [ 132.839518][ T7519] relay: one or more items not logged [item size (56) > sub-buffer size (4)] [ 132.851302][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.858739][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.036059][ T7526] netlink: 206 bytes leftover after parsing attributes in process `syz.0.662'. [ 134.835772][ T7570] tc_dump_action: action bad kind [ 136.133376][ T7611] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 136.499100][ T7629] netlink: 342 bytes leftover after parsing attributes in process `syz.0.706'. [ 139.351314][ T7732] zswap: compressor not available [ 140.841102][ T7791] aoe: could not set interface list: too many interfaces [ 141.366394][ T7812] vivid-007: ================= START STATUS ================= [ 141.392783][ T7812] vivid-007: Generate PTS: true [ 141.420646][ T7812] vivid-007: Generate SCR: true [ 141.463273][ T7812] tpg source WxH: 320x240 (Y'CbCr) [ 141.489014][ T7812] tpg field: 1 [ 141.509284][ T7812] tpg crop: (0,0)/320x240 [ 141.519354][ T7812] tpg compose: (0,0)/320x240 [ 141.535029][ T7812] tpg colorspace: 8 [ 141.545923][ T7812] tpg transfer function: 0/0 [ 141.551872][ T7812] tpg Y'CbCr encoding: 0/0 [ 141.585439][ T7812] tpg quantization: 0/0 [ 141.590811][ T7812] tpg RGB range: 0/2 [ 141.594757][ T7812] vivid-007: ================== END STATUS ================== [ 144.331025][ T7928] vivid-007: ================= START STATUS ================= [ 144.347679][ T7928] vivid-007: Generate PTS: true [ 144.362069][ T7928] vivid-007: Generate SCR: true [ 144.387922][ T7928] tpg source WxH: 320x240 (Y'CbCr) [ 144.412806][ T7928] tpg field: 1 [ 144.445414][ T7928] tpg crop: (0,0)/320x240 [ 144.464809][ T7928] tpg compose: (0,0)/320x240 [ 144.480899][ T7928] tpg colorspace: 8 [ 144.484884][ T7928] tpg transfer function: 0/0 [ 144.501200][ T7928] tpg Y'CbCr encoding: 0/0 [ 144.507300][ T7928] tpg quantization: 0/0 [ 144.511832][ T7928] tpg RGB range: 0/2 [ 144.545410][ T7928] vivid-007: ================== END STATUS ================== [ 145.865030][ T7972] zswap: compressor not available [ 147.068957][ T8013] zswap: compressor not available [ 148.345735][ T8048] zswap: compressor not available [ 149.508630][ T8078] zswap: compressor not available [ 153.083929][ T8179] sctp: [Deprecated]: syz.2.932 (pid 8179) Use of int in maxseg socket option. [ 153.083929][ T8179] Use struct sctp_assoc_value instead [ 155.017872][ T8223] __vm_enough_memory: pid: 8223, comm: syz.1.951, bytes: 4398046511104 not enough memory for the allocation [ 155.101778][ T8227] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 155.765966][ T8237] could not allocate digest TFM handle [ 156.465262][ T8263] sctp: [Deprecated]: syz.3.967 (pid 8263) Use of int in maxseg socket option. [ 156.465262][ T8263] Use struct sctp_assoc_value instead [ 159.696324][ T8331] __vm_enough_memory: pid: 8331, comm: syz.2.993, bytes: 4398046511104 not enough memory for the allocation [ 159.815270][ T8331] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 159.933624][ T8338] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 161.099905][ T8363] FAULT_INJECTION: forcing a failure. [ 161.099905][ T8363] name failslab, interval 1, probability 0, space 0, times 0 [ 161.145451][ T8363] CPU: 0 UID: 0 PID: 8363 Comm: syz.0.1006 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 161.145515][ T8363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.145530][ T8363] Call Trace: [ 161.145539][ T8363] [ 161.145549][ T8363] dump_stack_lvl+0x16c/0x1f0 [ 161.145608][ T8363] should_fail_ex+0x512/0x640 [ 161.145633][ T8363] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 161.145668][ T8363] should_failslab+0xc2/0x120 [ 161.145701][ T8363] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 161.145731][ T8363] ? __pmd_alloc+0xbf/0x930 [ 161.145771][ T8363] __pmd_alloc+0xbf/0x930 [ 161.145803][ T8363] ? find_held_lock+0x2b/0x80 [ 161.145843][ T8363] __handle_mm_fault+0xa06/0x2a50 [ 161.145881][ T8363] ? __pfx___handle_mm_fault+0x10/0x10 [ 161.145941][ T8363] handle_mm_fault+0x589/0xd10 [ 161.145976][ T8363] __get_user_pages+0x551/0x34a0 [ 161.146029][ T8363] ? __pfx___get_user_pages+0x10/0x10 [ 161.146074][ T8363] populate_vma_page_range+0x267/0x3f0 [ 161.146113][ T8363] ? __pfx_populate_vma_page_range+0x10/0x10 [ 161.146149][ T8363] ? __pfx_find_vma_intersection+0x10/0x10 [ 161.146185][ T8363] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 161.146220][ T8363] __mm_populate+0x1d8/0x380 [ 161.146259][ T8363] ? __pfx___mm_populate+0x10/0x10 [ 161.146298][ T8363] ? up_write+0x1b2/0x520 [ 161.146336][ T8363] do_mlock+0x448/0x810 [ 161.146368][ T8363] ? __pfx_do_mlock+0x10/0x10 [ 161.146395][ T8363] ? __x64_sys_futex+0x1e0/0x4c0 [ 161.146424][ T8363] ? __x64_sys_futex+0x1e9/0x4c0 [ 161.146451][ T8363] ? fput+0x9b/0xd0 [ 161.146482][ T8363] ? xfd_validate_state+0x61/0x180 [ 161.146513][ T8363] ? __pfx_ksys_write+0x10/0x10 [ 161.146545][ T8363] __x64_sys_mlock2+0xbd/0x100 [ 161.146573][ T8363] do_syscall_64+0xcd/0x490 [ 161.146613][ T8363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.146639][ T8363] RIP: 0033:0x7f4d5978eb69 [ 161.146668][ T8363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.146692][ T8363] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000145 [ 161.146716][ T8363] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 161.146729][ T8363] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 161.146744][ T8363] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 161.146759][ T8363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.146773][ T8363] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 161.146807][ T8363] [ 161.406395][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.512988][ T8419] __vm_enough_memory: pid: 8419, comm: syz.0.1028, bytes: 4398046511104 not enough memory for the allocation [ 166.343353][ T8452] netlink: 'syz.3.1041': attribute type 1 has an invalid length. [ 167.236411][ T8475] __vm_enough_memory: pid: 8475, comm: syz.3.1053, bytes: 4398046511104 not enough memory for the allocation [ 167.792243][ T8488] FAULT_INJECTION: forcing a failure. [ 167.792243][ T8488] name failslab, interval 1, probability 0, space 0, times 0 [ 167.827182][ T8488] CPU: 0 UID: 0 PID: 8488 Comm: syz.3.1058 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 167.827221][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.827239][ T8488] Call Trace: [ 167.827248][ T8488] [ 167.827258][ T8488] dump_stack_lvl+0x16c/0x1f0 [ 167.827301][ T8488] should_fail_ex+0x512/0x640 [ 167.827327][ T8488] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 167.827357][ T8488] should_failslab+0xc2/0x120 [ 167.827390][ T8488] __kmalloc_cache_noprof+0x6a/0x3e0 [ 167.827417][ T8488] ? snd_seq_port_connect+0x61/0x580 [ 167.827446][ T8488] snd_seq_port_connect+0x61/0x580 [ 167.827468][ T8488] ? _raw_read_unlock+0x28/0x50 [ 167.827499][ T8488] ? check_subscription_permission.isra.0+0xf5/0x240 [ 167.827531][ T8488] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 167.827563][ T8488] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 167.827609][ T8488] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 167.827642][ T8488] snd_seq_oss_midi_open+0x442/0x660 [ 167.827677][ T8488] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 167.827720][ T8488] ? rcu_is_watching+0x12/0xc0 [ 167.827745][ T8488] ? trace_contention_end+0xdd/0x130 [ 167.827786][ T8488] snd_seq_oss_synth_reset+0x437/0x880 [ 167.827822][ T8488] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 167.827857][ T8488] ? __pfx___fsnotify_parent+0x10/0x10 [ 167.827894][ T8488] snd_seq_oss_reset+0x73/0x290 [ 167.827923][ T8488] ? __pfx_odev_release+0x10/0x10 [ 167.827946][ T8488] snd_seq_oss_release+0x7c/0x180 [ 167.827974][ T8488] odev_release+0x4c/0x70 [ 167.827997][ T8488] __fput+0x3ff/0xb70 [ 167.828040][ T8488] task_work_run+0x14d/0x240 [ 167.828079][ T8488] ? __pfx_task_work_run+0x10/0x10 [ 167.828116][ T8488] ? __pfx___do_sys_close_range+0x10/0x10 [ 167.828162][ T8488] exit_to_user_mode_loop+0xeb/0x110 [ 167.828202][ T8488] do_syscall_64+0x3f6/0x490 [ 167.828243][ T8488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.828269][ T8488] RIP: 0033:0x7f401b18eb69 [ 167.828290][ T8488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.828313][ T8488] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 167.828338][ T8488] RAX: 0000000000000000 RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 167.828355][ T8488] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 167.828370][ T8488] RBP: 00007f401b211df1 R08: 0000000000000000 R09: 0000000000000000 [ 167.828385][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.828399][ T8488] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 167.828435][ T8488] [ 168.094699][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.231833][ T8515] FAULT_INJECTION: forcing a failure. [ 169.231833][ T8515] name failslab, interval 1, probability 0, space 0, times 0 [ 169.267518][ T8515] CPU: 0 UID: 0 PID: 8515 Comm: syz.1.1072 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 169.267557][ T8515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.267572][ T8515] Call Trace: [ 169.267581][ T8515] [ 169.267591][ T8515] dump_stack_lvl+0x16c/0x1f0 [ 169.267636][ T8515] should_fail_ex+0x512/0x640 [ 169.267661][ T8515] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 169.267693][ T8515] should_failslab+0xc2/0x120 [ 169.267728][ T8515] __kmalloc_cache_noprof+0x6a/0x3e0 [ 169.267755][ T8515] ? snd_seq_port_connect+0x61/0x580 [ 169.267787][ T8515] snd_seq_port_connect+0x61/0x580 [ 169.267812][ T8515] ? _raw_read_unlock+0x28/0x50 [ 169.267846][ T8515] ? check_subscription_permission.isra.0+0xf5/0x240 [ 169.267879][ T8515] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 169.267913][ T8515] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 169.267957][ T8515] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 169.267989][ T8515] snd_seq_oss_midi_open+0x442/0x660 [ 169.268024][ T8515] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 169.268068][ T8515] ? rcu_is_watching+0x12/0xc0 [ 169.268094][ T8515] ? trace_contention_end+0xdd/0x130 [ 169.268135][ T8515] snd_seq_oss_synth_reset+0x437/0x880 [ 169.268171][ T8515] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 169.268214][ T8515] ? __pfx___fsnotify_parent+0x10/0x10 [ 169.268252][ T8515] snd_seq_oss_reset+0x73/0x290 [ 169.268283][ T8515] ? __pfx_odev_release+0x10/0x10 [ 169.268308][ T8515] snd_seq_oss_release+0x7c/0x180 [ 169.268338][ T8515] odev_release+0x4c/0x70 [ 169.268362][ T8515] __fput+0x3ff/0xb70 [ 169.268405][ T8515] task_work_run+0x14d/0x240 [ 169.268444][ T8515] ? __pfx_task_work_run+0x10/0x10 [ 169.268486][ T8515] ? __pfx___do_sys_close_range+0x10/0x10 [ 169.268525][ T8515] exit_to_user_mode_loop+0xeb/0x110 [ 169.268564][ T8515] do_syscall_64+0x3f6/0x490 [ 169.268604][ T8515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.268630][ T8515] RIP: 0033:0x7fcedaf8eb69 [ 169.268651][ T8515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.268675][ T8515] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 169.268699][ T8515] RAX: 0000000000000000 RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 169.268716][ T8515] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 169.268731][ T8515] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 0000000000000000 [ 169.268746][ T8515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.268761][ T8515] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 169.268798][ T8515] [ 169.535421][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.508960][ T8521] kexec: Could not allocate control_code_buffer [ 175.645103][ T8651] hugetlbfs: syz.1.1128 (8651): Using mlock ulimits for SHM_HUGETLB is obsolete [ 177.586195][ T8700] input: f as /devices/virtual/input/input8 [ 177.840252][ T8707] FAULT_INJECTION: forcing a failure. [ 177.840252][ T8707] name failslab, interval 1, probability 0, space 0, times 0 [ 177.865858][ T8707] CPU: 0 UID: 0 PID: 8707 Comm: syz.2.1149 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 177.865898][ T8707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 177.865912][ T8707] Call Trace: [ 177.865921][ T8707] [ 177.865931][ T8707] dump_stack_lvl+0x16c/0x1f0 [ 177.865972][ T8707] should_fail_ex+0x512/0x640 [ 177.865997][ T8707] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 177.866031][ T8707] should_failslab+0xc2/0x120 [ 177.866063][ T8707] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 177.866094][ T8707] ? __d_alloc+0x32/0xae0 [ 177.866128][ T8707] __d_alloc+0x32/0xae0 [ 177.866161][ T8707] d_alloc+0x4a/0x1e0 [ 177.866193][ T8707] lookup_one_qstr_excl+0x175/0x250 [ 177.866229][ T8707] ? mnt_want_write+0x161/0x450 [ 177.866254][ T8707] filename_create+0x1e7/0x4a0 [ 177.866280][ T8707] ? __pfx_filename_create+0x10/0x10 [ 177.866320][ T8707] ? __might_fault+0xe3/0x190 [ 177.866349][ T8707] ? __might_fault+0xe3/0x190 [ 177.866371][ T8707] ? __might_fault+0x13b/0x190 [ 177.866403][ T8707] do_mknodat+0x18a/0x5d0 [ 177.866435][ T8707] ? __pfx_do_mknodat+0x10/0x10 [ 177.866461][ T8707] ? getname_flags.part.0+0x1c5/0x550 [ 177.866505][ T8707] __x64_sys_mknod+0x87/0xb0 [ 177.866535][ T8707] do_syscall_64+0xcd/0x490 [ 177.866575][ T8707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.866603][ T8707] RIP: 0033:0x7fe4bb78eb69 [ 177.866624][ T8707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.866648][ T8707] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 177.866672][ T8707] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 177.866689][ T8707] RDX: 0000000000000103 RSI: 00000000000020e9 RDI: 00002000000003c0 [ 177.866704][ T8707] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 177.866720][ T8707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.866732][ T8707] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 177.866765][ T8707] [ 180.245409][ T30] audit: type=1804 audit(1843104535.890:3): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1173" name="/newroot/246/file0" dev="tmpfs" ino=1263 res=1 errno=0 [ 180.325440][ T30] audit: type=1800 audit(1843104535.920:4): pid=8762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1173" name="file0" dev="tmpfs" ino=1263 res=0 errno=0 [ 181.125065][ T8790] FAULT_INJECTION: forcing a failure. [ 181.125065][ T8790] name failslab, interval 1, probability 0, space 0, times 0 [ 181.175835][ T8790] CPU: 1 UID: 0 PID: 8790 Comm: syz.2.1186 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 181.175874][ T8790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 181.175890][ T8790] Call Trace: [ 181.175898][ T8790] [ 181.175908][ T8790] dump_stack_lvl+0x16c/0x1f0 [ 181.175953][ T8790] should_fail_ex+0x512/0x640 [ 181.175977][ T8790] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 181.176012][ T8790] should_failslab+0xc2/0x120 [ 181.176046][ T8790] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 181.176077][ T8790] ? security_file_alloc+0x34/0x2b0 [ 181.176112][ T8790] security_file_alloc+0x34/0x2b0 [ 181.176140][ T8790] init_file+0x93/0x4c0 [ 181.176174][ T8790] alloc_empty_file_noaccount+0x3d/0xd0 [ 181.176210][ T8790] alloc_file_pseudo_noaccount+0x13a/0x230 [ 181.176249][ T8790] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 181.176297][ T8790] bdev_file_open_by_dev+0x143/0x210 [ 181.176336][ T8790] disk_scan_partitions+0x1ed/0x320 [ 181.176378][ T8790] blkdev_common_ioctl+0x5bd/0x2470 [ 181.176409][ T8790] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 181.176441][ T8790] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 181.176480][ T8790] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 181.176518][ T8790] ? do_vfs_ioctl+0x128/0x14f0 [ 181.176555][ T8790] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 181.176602][ T8790] ? find_held_lock+0x2b/0x80 [ 181.176633][ T8790] blkdev_ioctl+0x1cb/0x6d0 [ 181.176667][ T8790] ? __pfx_blkdev_ioctl+0x10/0x10 [ 181.176705][ T8790] ? __pfx_blkdev_ioctl+0x10/0x10 [ 181.176747][ T8790] __x64_sys_ioctl+0x18b/0x210 [ 181.176789][ T8790] do_syscall_64+0xcd/0x490 [ 181.176830][ T8790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.176857][ T8790] RIP: 0033:0x7fe4bb78eb69 [ 181.176877][ T8790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.176900][ T8790] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.176923][ T8790] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 181.176940][ T8790] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000003 [ 181.176955][ T8790] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 181.176970][ T8790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.176984][ T8790] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 181.177018][ T8790] [ 181.901500][ T8804] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 182.276350][ T5870] Bluetooth: hci3: unexpected event 0x04 length: 64 > 10 [ 182.276588][ T5870] Bluetooth: hci3: connection err: -111 [ 183.754807][ T8861] FAULT_INJECTION: forcing a failure. [ 183.754807][ T8861] name failslab, interval 1, probability 0, space 0, times 0 [ 183.789344][ T8861] CPU: 1 UID: 0 PID: 8861 Comm: syz.2.1216 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 183.789383][ T8861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.789399][ T8861] Call Trace: [ 183.789408][ T8861] [ 183.789417][ T8861] dump_stack_lvl+0x16c/0x1f0 [ 183.789472][ T8861] should_fail_ex+0x512/0x640 [ 183.789498][ T8861] ? __kmalloc_noprof+0xbf/0x510 [ 183.789531][ T8861] ? sk_prot_alloc+0x1a8/0x2a0 [ 183.789556][ T8861] should_failslab+0xc2/0x120 [ 183.789589][ T8861] __kmalloc_noprof+0xd2/0x510 [ 183.789617][ T8861] ? trace_cap_capable+0x18d/0x200 [ 183.789660][ T8861] sk_prot_alloc+0x1a8/0x2a0 [ 183.789690][ T8861] sk_alloc+0x36/0xc20 [ 183.789726][ T8861] xsk_create+0x11b/0x770 [ 183.789759][ T8861] __sock_create+0x338/0x8d0 [ 183.789795][ T8861] __sys_socket+0x14d/0x260 [ 183.789825][ T8861] ? __pfx___sys_socket+0x10/0x10 [ 183.789854][ T8861] ? xfd_validate_state+0x61/0x180 [ 183.789887][ T8861] ? __task_pid_nr_ns+0x17c/0x500 [ 183.789929][ T8861] __x64_sys_socket+0x72/0xb0 [ 183.789956][ T8861] ? lockdep_hardirqs_on+0x7c/0x110 [ 183.789991][ T8861] do_syscall_64+0xcd/0x490 [ 183.790029][ T8861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.790055][ T8861] RIP: 0033:0x7fe4bb78eb69 [ 183.790076][ T8861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.790099][ T8861] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 183.790123][ T8861] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 183.790141][ T8861] RDX: 0000000000000000 RSI: 0000000000080003 RDI: 000000000000002c [ 183.790157][ T8861] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 183.790173][ T8861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.790188][ T8861] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 183.790224][ T8861] [ 185.018115][ T8893] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 185.171029][ T8897] bridge0: port 3(hsr0) entered blocking state [ 185.184143][ T8897] bridge0: port 3(hsr0) entered disabled state [ 185.190640][ T8897] hsr0: entered allmulticast mode [ 185.198796][ T8897] hsr_slave_0: entered allmulticast mode [ 185.204469][ T8897] hsr_slave_1: entered allmulticast mode [ 185.212265][ T8897] hsr0: entered promiscuous mode [ 185.221879][ T8897] bridge0: port 3(hsr0) entered blocking state [ 185.228356][ T8897] bridge0: port 3(hsr0) entered forwarding state [ 185.976548][ T8923] dlm: non-version read from control device 8 [ 188.024796][ T8985] zswap: compressor not available [ 188.399376][ T8997] zswap: compressor not available [ 188.432076][ T9004] bridge0: port 3(hsr0) entered blocking state [ 188.443145][ T9004] bridge0: port 3(hsr0) entered disabled state [ 188.475712][ T9004] hsr0: entered allmulticast mode [ 188.503182][ T9004] hsr_slave_0: entered allmulticast mode [ 188.515628][ T9004] hsr_slave_1: entered allmulticast mode [ 188.533465][ T9004] hsr0: entered promiscuous mode [ 188.549433][ T9004] bridge0: port 3(hsr0) entered blocking state [ 188.555796][ T9004] bridge0: port 3(hsr0) entered forwarding state [ 188.788707][ T9013] vhci_hcd: invalid port number 23 [ 188.924530][ T9018] ovs_: entered promiscuous mode [ 189.175704][ T9025] vivid-009: ================= START STATUS ================= [ 189.244250][ T9025] vivid-009: Enable Output Cropping: true grabbed [ 189.274194][ T9025] vivid-009: Enable Output Composing: true grabbed [ 189.325409][ T9025] vivid-009: Enable Output Scaler: true grabbed [ 189.331746][ T9025] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 189.415514][ T9025] vivid-009: Transmit Mode: HDMI grabbed [ 189.488475][ T9025] vivid-009: Hotplug Present: 0x00000000 [ 189.511719][ T9025] vivid-009: RxSense Present: 0x00000000 [ 189.541685][ T9025] vivid-009: EDID Present: 0x00000000 [ 189.571445][ T9025] vivid-009: ================== END STATUS ================== [ 189.708181][ T9042] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1297'. [ 191.471709][ T9094] ovs_: entered promiscuous mode [ 192.007791][ T9114] device-mapper: ioctl: device name cannot be "control", ".", or ".." [ 192.503890][ T9129] ovs_: entered promiscuous mode [ 194.183527][ T9184] ovs_: entered promiscuous mode [ 194.287476][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.293823][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.674457][ T9195] device-mapper: ioctl: device name cannot be "control", ".", or ".." [ 194.845505][ T9204] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1363'. [ 195.567566][ T9221] netlink: 'syz.3.1374': attribute type 1 has an invalid length. [ 195.837699][ T9232] Invalid ELF header magic: != ELF [ 197.112086][ T9273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1404'. [ 197.299231][ T5870] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 197.299268][ T5870] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 197.314337][ T5870] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 197.314406][ T5870] Bluetooth: hci1: adv larger than maximum supported [ 197.322902][ T5870] Bluetooth: hci1: adv larger than maximum supported [ 197.329696][ T5870] Bluetooth: hci1: Malformed LE Event: 0x0d [ 198.672090][ T9323] Invalid ELF header magic: != ELF [ 198.716238][ T9328] netlink: 'syz.2.1420': attribute type 1 has an invalid length. [ 200.413699][ T9386] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1443'. [ 200.723737][ T9397] device-mapper: ioctl: Invalid ioctl structure: name , dev b00010007 [ 200.808389][ T9402] __vm_enough_memory: pid: 9402, comm: syz.3.1450, bytes: 4398046511104 not enough memory for the allocation [ 200.871966][ T9393] zswap: compressor not available [ 201.477415][ T9349] Bluetooth: hci0: command 0x0406 tx timeout [ 201.483602][ T9349] Bluetooth: hci1: command 0x0406 tx timeout [ 201.490213][ T9349] Bluetooth: hci3: command 0x0406 tx timeout [ 201.497064][ T5860] Bluetooth: hci2: command 0x0406 tx timeout [ 202.018018][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 202.018052][ T51] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 202.032887][ T51] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 202.032932][ T51] Bluetooth: hci2: adv larger than maximum supported [ 202.040573][ T51] Bluetooth: hci2: adv larger than maximum supported [ 202.047350][ T51] Bluetooth: hci2: Malformed LE Event: 0x0d [ 202.459101][ T9456] Scaler: ================= START STATUS ================= [ 202.473027][ T9456] Scaler: ================== END STATUS ================== [ 202.901601][ T51] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 202.901636][ T51] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 202.917004][ T51] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 202.917049][ T51] Bluetooth: hci0: adv larger than maximum supported [ 202.924291][ T51] Bluetooth: hci0: adv larger than maximum supported [ 202.931763][ T51] Bluetooth: hci0: Malformed LE Event: 0x0d [ 203.724458][ T9488] vivid-003: ================= START STATUS ================= [ 203.751726][ T9488] vivid-003: Radio HW Seek Mode: Bounded [ 203.764868][ T9488] vivid-003: Radio Programmable HW Seek: false [ 203.774762][ T9488] vivid-003: RDS Rx I/O Mode: Block I/O [ 203.799878][ T9488] vivid-003: Generate RBDS Instead of RDS: false [ 203.815523][ T9488] vivid-003: RDS Reception: true [ 203.823373][ T9488] vivid-003: RDS Program Type: 0 inactive [ 203.841583][ T9488] vivid-003: RDS PS Name: inactive [ 203.849765][ T9488] vivid-003: RDS Radio Text: inactive [ 203.868829][ T9488] vivid-003: RDS Traffic Announcement: false inactive [ 203.877255][ T9488] vivid-003: RDS Traffic Program: false inactive [ 203.888945][ T9488] vivid-003: RDS Music: false inactive [ 203.894464][ T9488] vivid-003: ================== END STATUS ================== [ 203.957185][ T9497] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1495'. [ 205.898930][ T51] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 205.898967][ T51] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 205.915397][ T51] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 205.915427][ T51] Bluetooth: hci3: adv larger than maximum supported [ 205.922483][ T51] Bluetooth: hci3: adv larger than maximum supported [ 205.931799][ T51] Bluetooth: hci3: Malformed LE Event: 0x0d [ 206.335669][ T9571] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1516'. [ 206.749010][ T9581] zswap: compressor 000 not available [ 208.876048][ T9658] FAULT_INJECTION: forcing a failure. [ 208.876048][ T9658] name failslab, interval 1, probability 0, space 0, times 0 [ 208.925497][ T9658] CPU: 1 UID: 0 PID: 9658 Comm: syz.3.1550 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 208.925536][ T9658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 208.925551][ T9658] Call Trace: [ 208.925560][ T9658] [ 208.925570][ T9658] dump_stack_lvl+0x16c/0x1f0 [ 208.925612][ T9658] should_fail_ex+0x512/0x640 [ 208.925637][ T9658] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 208.925668][ T9658] should_failslab+0xc2/0x120 [ 208.925702][ T9658] __kmalloc_cache_noprof+0x6a/0x3e0 [ 208.925730][ T9658] ? copy_ipcs+0x19f/0x610 [ 208.925761][ T9658] copy_ipcs+0x19f/0x610 [ 208.925782][ T9658] ? copy_utsname+0xab/0x470 [ 208.925818][ T9658] create_new_namespaces+0x20a/0xa90 [ 208.925846][ T9658] ? security_capable+0x7e/0x260 [ 208.925889][ T9658] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 208.925920][ T9658] ksys_unshare+0x45b/0xa40 [ 208.925953][ T9658] ? __pfx_ksys_unshare+0x10/0x10 [ 208.925987][ T9658] ? xfd_validate_state+0x61/0x180 [ 208.926032][ T9658] __x64_sys_unshare+0x31/0x40 [ 208.926064][ T9658] do_syscall_64+0xcd/0x490 [ 208.926102][ T9658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.926129][ T9658] RIP: 0033:0x7f401b18eb69 [ 208.926158][ T9658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.926182][ T9658] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 208.926207][ T9658] RAX: ffffffffffffffda RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 208.926225][ T9658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 208.926240][ T9658] RBP: 00007f401b211df1 R08: 0000000000000000 R09: 0000000000000000 [ 208.926256][ T9658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.926271][ T9658] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 208.926308][ T9658] [ 209.970691][ T9686] zswap: compressor 000 not available [ 210.847070][ T9708] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1568'. [ 211.325163][ T9722] sock: sock_timestamping_bind_phc: sock not bind to device [ 211.936238][ T9750] FAULT_INJECTION: forcing a failure. [ 211.936238][ T9750] name failslab, interval 1, probability 0, space 0, times 0 [ 211.969256][ T9750] CPU: 0 UID: 0 PID: 9750 Comm: syz.0.1584 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 211.969293][ T9750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 211.969308][ T9750] Call Trace: [ 211.969316][ T9750] [ 211.969325][ T9750] dump_stack_lvl+0x16c/0x1f0 [ 211.969368][ T9750] should_fail_ex+0x512/0x640 [ 211.969393][ T9750] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 211.969422][ T9750] should_failslab+0xc2/0x120 [ 211.969453][ T9750] __kmalloc_cache_noprof+0x6a/0x3e0 [ 211.969480][ T9750] ? copy_ipcs+0x19f/0x610 [ 211.969510][ T9750] copy_ipcs+0x19f/0x610 [ 211.969531][ T9750] ? copy_utsname+0xab/0x470 [ 211.969565][ T9750] create_new_namespaces+0x20a/0xa90 [ 211.969593][ T9750] ? security_capable+0x7e/0x260 [ 211.969630][ T9750] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 211.969659][ T9750] ksys_unshare+0x45b/0xa40 [ 211.969692][ T9750] ? __pfx_ksys_unshare+0x10/0x10 [ 211.969727][ T9750] ? xfd_validate_state+0x61/0x180 [ 211.969770][ T9750] __x64_sys_unshare+0x31/0x40 [ 211.969802][ T9750] do_syscall_64+0xcd/0x490 [ 211.969851][ T9750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.969875][ T9750] RIP: 0033:0x7f4d5978eb69 [ 211.969896][ T9750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.969919][ T9750] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 211.969944][ T9750] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 211.969961][ T9750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 211.969977][ T9750] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 211.969991][ T9750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 211.970005][ T9750] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 211.970040][ T9750] [ 212.196565][ T9754] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1587'. [ 212.260680][ T9756] FAULT_INJECTION: forcing a failure. [ 212.260680][ T9756] name failslab, interval 1, probability 0, space 0, times 0 [ 212.307517][ T9756] CPU: 1 UID: 0 PID: 9756 Comm: syz.2.1589 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 212.307561][ T9756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.307576][ T9756] Call Trace: [ 212.307584][ T9756] [ 212.307594][ T9756] dump_stack_lvl+0x16c/0x1f0 [ 212.307637][ T9756] should_fail_ex+0x512/0x640 [ 212.307661][ T9756] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 212.307696][ T9756] should_failslab+0xc2/0x120 [ 212.307729][ T9756] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 212.307759][ T9756] ? alloc_inode+0xc3/0x240 [ 212.307795][ T9756] alloc_inode+0xc3/0x240 [ 212.307827][ T9756] path_from_stashed+0x25b/0x750 [ 212.307853][ T9756] ? alloc_fd+0x471/0x7d0 [ 212.307882][ T9756] pidfs_alloc_file+0xf8/0x290 [ 212.307906][ T9756] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 212.307933][ T9756] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.307969][ T9756] pidfd_prepare+0x129/0x200 [ 212.308001][ T9756] __x64_sys_pidfd_open+0x105/0x1a0 [ 212.308034][ T9756] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 212.308070][ T9756] ? rcu_is_watching+0x12/0xc0 [ 212.308096][ T9756] do_syscall_64+0xcd/0x490 [ 212.308132][ T9756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.308157][ T9756] RIP: 0033:0x7fe4bb78eb69 [ 212.308177][ T9756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.308199][ T9756] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 212.308223][ T9756] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 212.308240][ T9756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 212.308254][ T9756] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 212.308269][ T9756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 212.308284][ T9756] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 212.308317][ T9756] [ 213.466904][ T9794] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1603'. [ 214.021326][ T9770] kexec: Could not allocate control_code_buffer [ 214.044227][ T9809] sctp: [Deprecated]: syz.1.1609 (pid 9809) Use of int in max_burst socket option deprecated. [ 214.044227][ T9809] Use struct sctp_assoc_value instead [ 214.888405][ T9838] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1620'. [ 215.249767][ T9850] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1627'. [ 215.361248][ T9854] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1630'. [ 215.938399][ T9880] capability: warning: `syz.1.1642' uses 32-bit capabilities (legacy support in use) [ 216.108816][ T9887] process 'syz.3.1645' launched ':,' with NULL argv: empty string added [ 216.405603][ T9899] nvme_fabrics: missing parameter 'transport=%s' [ 216.423704][ T9899] nvme_fabrics: missing parameter 'nqn=%s' [ 216.461385][ T9907] Zero length message leads to an empty skb [ 216.764723][ T9923] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 217.477571][ T9951] syz.2.1673 uses obsolete (PF_INET,SOCK_PACKET) [ 217.859220][ T9967] sctp: [Deprecated]: syz.3.1680 (pid 9967) Use of int in max_burst socket option deprecated. [ 217.859220][ T9967] Use struct sctp_assoc_value instead [ 218.865712][T10005] sctp: [Deprecated]: syz.2.1693 (pid 10005) Use of int in max_burst socket option deprecated. [ 218.865712][T10005] Use struct sctp_assoc_value instead [ 219.486239][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 219.952168][T10057] nbd: socks must be embedded in a SOCK_ITEM attr [ 219.961213][T10057] block nbd0: shutting down sockets [ 220.388961][T10072] nvme_fabrics: missing parameter 'transport=%s' [ 220.397848][T10072] nvme_fabrics: missing parameter 'nqn=%s' syzkaller syzkaller login: [ 220.671085][T10091] Zero length message leads to an empty skb [ 221.394942][T10116] process 'syz.3.1739' launched './file0' with NULL argv: empty string added [ 221.655610][T10127] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 222.155048][T10151] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 222.376717][T10164] nbd: socks must be embedded in a SOCK_ITEM attr [ 222.397591][T10164] block nbd0: shutting down sockets [ 224.117445][T10244] FAULT_INJECTION: forcing a failure. [ 224.117445][T10244] name failslab, interval 1, probability 0, space 0, times 0 [ 224.150470][T10244] CPU: 1 UID: 0 PID: 10244 Comm: syz.2.1794 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 224.150509][T10244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 224.150524][T10244] Call Trace: [ 224.150533][T10244] [ 224.150543][T10244] dump_stack_lvl+0x16c/0x1f0 [ 224.150588][T10244] should_fail_ex+0x512/0x640 [ 224.150615][T10244] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 224.150647][T10244] should_failslab+0xc2/0x120 [ 224.150679][T10244] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 224.150707][T10244] ? new_userfaultfd+0x79/0x3d0 [ 224.150748][T10244] new_userfaultfd+0x79/0x3d0 [ 224.150784][T10244] __x64_sys_userfaultfd+0x4b/0xb0 [ 224.150807][T10244] do_syscall_64+0xcd/0x490 [ 224.150844][T10244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.150867][T10244] RIP: 0033:0x7fe4bb78eb69 [ 224.150887][T10244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.150911][T10244] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 224.150934][T10244] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 224.150951][T10244] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 224.150964][T10244] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 224.150979][T10244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.150993][T10244] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 224.151027][T10244] [ 225.040097][T10276] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1807'. [ 225.237585][T10287] warning: `syz.2.1811' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 225.673357][T10306] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1820'. [ 228.435449][T10419] capability: warning: `syz.2.1870' uses 32-bit capabilities (legacy support in use) [ 228.644655][T10429] ======================================================= [ 228.644655][T10429] WARNING: The mand mount option has been deprecated and [ 228.644655][T10429] and is ignored by this kernel. Remove the mand [ 228.644655][T10429] option from the mount to silence this warning. [ 228.644655][T10429] ======================================================= [ 228.877228][T10435] netlink: 130 bytes leftover after parsing attributes in process `syz.1.1876'. [ 229.219453][T10451] FAULT_INJECTION: forcing a failure. [ 229.219453][T10451] name failslab, interval 1, probability 0, space 0, times 0 [ 229.267844][T10451] CPU: 0 UID: 0 PID: 10451 Comm: syz.3.1885 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 229.267879][T10451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 229.267893][T10451] Call Trace: [ 229.267901][T10451] [ 229.267911][T10451] dump_stack_lvl+0x16c/0x1f0 [ 229.267953][T10451] should_fail_ex+0x512/0x640 [ 229.267977][T10451] ? __kmalloc_node_noprof+0xc5/0x500 [ 229.268010][T10451] should_failslab+0xc2/0x120 [ 229.268039][T10451] __kmalloc_node_noprof+0xd8/0x500 [ 229.268064][T10451] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 229.268092][T10451] ? alloc_slab_obj_exts+0x41/0xa0 [ 229.268118][T10451] alloc_slab_obj_exts+0x41/0xa0 [ 229.268142][T10451] new_slab+0x27d/0x330 [ 229.268168][T10451] ___slab_alloc+0xcf2/0x1740 [ 229.268192][T10451] ? alloc_inode+0xc3/0x240 [ 229.268239][T10451] ? alloc_inode+0xc3/0x240 [ 229.268269][T10451] ? __slab_alloc.constprop.0+0x56/0xb0 [ 229.268292][T10451] __slab_alloc.constprop.0+0x56/0xb0 [ 229.268322][T10451] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 229.268354][T10451] ? alloc_inode+0xc3/0x240 [ 229.268391][T10451] alloc_inode+0xc3/0x240 [ 229.268424][T10451] path_from_stashed+0x25b/0x750 [ 229.268462][T10451] open_namespace+0x8d/0x190 [ 229.268488][T10451] ? __pfx_open_namespace+0x10/0x10 [ 229.268518][T10451] ? bpf_lsm_capable+0x9/0x10 [ 229.268547][T10451] open_related_ns+0x41/0x70 [ 229.268573][T10451] __tun_chr_ioctl+0x1fd1/0x48b0 [ 229.268602][T10451] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 229.268644][T10451] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 229.268679][T10451] ? hook_file_ioctl_common+0x145/0x410 [ 229.268727][T10451] ? __fget_files+0x20e/0x3c0 [ 229.268759][T10451] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 229.268790][T10451] __x64_sys_ioctl+0x18b/0x210 [ 229.268838][T10451] do_syscall_64+0xcd/0x490 [ 229.268879][T10451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.268905][T10451] RIP: 0033:0x7f401b18eb69 [ 229.268926][T10451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.268950][T10451] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.268974][T10451] RAX: ffffffffffffffda RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 229.268991][T10451] RDX: 0000000000005c8d RSI: 00000000000054e3 RDI: 00000000000000c8 [ 229.269006][T10451] RBP: 00007f401b211df1 R08: 0000000000000000 R09: 0000000000000000 [ 229.269022][T10451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.269038][T10451] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 229.269073][T10451] [ 231.229310][T10529] netlink: 19 bytes leftover after parsing attributes in process `syz.3.1920'. [ 231.333296][T10536] random: crng reseeded on system resumption [ 232.872407][T10613] FAULT_INJECTION: forcing a failure. [ 232.872407][T10613] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 232.905476][T10613] CPU: 1 UID: 0 PID: 10613 Comm: syz.3.1959 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 232.905515][T10613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 232.905530][T10613] Call Trace: [ 232.905539][T10613] [ 232.905549][T10613] dump_stack_lvl+0x16c/0x1f0 [ 232.905593][T10613] should_fail_ex+0x512/0x640 [ 232.905625][T10613] should_fail_alloc_page+0xe7/0x130 [ 232.905661][T10613] prepare_alloc_pages+0x3c2/0x610 [ 232.905705][T10613] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 232.905735][T10613] ? finish_task_switch.isra.0+0x21c/0xc10 [ 232.905765][T10613] ? rcu_is_watching+0x12/0xc0 [ 232.905790][T10613] ? finish_task_switch.isra.0+0x221/0xc10 [ 232.905815][T10613] ? lockdep_hardirqs_on+0x7c/0x110 [ 232.905850][T10613] ? finish_task_switch.isra.0+0x221/0xc10 [ 232.905877][T10613] ? rcu_is_watching+0x12/0xc0 [ 232.905902][T10613] ? trace_sched_exit_tp+0xd1/0x120 [ 232.905938][T10613] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 232.905983][T10613] ? __lock_acquire+0x62e/0x1ce0 [ 232.906020][T10613] ? __pfx___schedule+0x10/0x10 [ 232.906049][T10613] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 232.906087][T10613] ? policy_nodemask+0xea/0x4e0 [ 232.906122][T10613] alloc_pages_mpol+0x1fb/0x550 [ 232.906155][T10613] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 232.906187][T10613] ? __lock_acquire+0x62e/0x1ce0 [ 232.906222][T10613] folio_alloc_mpol_noprof+0x36/0x2f0 [ 232.906261][T10613] vma_alloc_folio_noprof+0xed/0x1e0 [ 232.906296][T10613] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 232.906344][T10613] do_pte_missing+0x2230/0x3ba0 [ 232.906372][T10613] ? find_held_lock+0x2b/0x80 [ 232.906410][T10613] __handle_mm_fault+0x152a/0x2a50 [ 232.906447][T10613] ? __pfx___handle_mm_fault+0x10/0x10 [ 232.906479][T10613] ? lock_vma_under_rcu+0x47d/0x970 [ 232.906507][T10613] ? lock_vma_under_rcu+0x47d/0x970 [ 232.906561][T10613] handle_mm_fault+0x589/0xd10 [ 232.906589][T10613] ? __pkru_allows_pkey+0x51/0xb0 [ 232.906629][T10613] do_user_addr_fault+0x60c/0x1370 [ 232.906669][T10613] ? rcu_is_watching+0x12/0xc0 [ 232.906699][T10613] exc_page_fault+0x5c/0xb0 [ 232.906733][T10613] asm_exc_page_fault+0x26/0x30 [ 232.906757][T10613] RIP: 0033:0x7f401b05a55b [ 232.906777][T10613] Code: 00 00 00 48 8d 3d 65 3a 19 00 48 89 c1 31 c0 e8 8b 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 99 3a 19 00 48 89 34 24 48 8b 14 24 48 8b [ 232.906801][T10613] RSP: 002b:00007f4018ff4fb0 EFLAGS: 00010202 [ 232.906823][T10613] RAX: 0000000000000000 RBX: 00007f401b3b5fa0 RCX: 0000000000000000 [ 232.906839][T10613] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00002000000012c0 [ 232.906857][T10613] RBP: 00007f401b211df1 R08: 0000000000000000 R09: 0000000000000000 [ 232.906872][T10613] R10: 00002000000012c0 R11: 0000000000000000 R12: 0000000000000000 [ 232.906887][T10613] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 232.906922][T10613] [ 232.907213][T10613] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 234.167977][T10660] zswap: compressor not available [ 234.286443][T10673] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 234.357324][T10677] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1987'. [ 234.571765][T10685] 0x000000000001-0x000000020000 : "" [ 234.621558][T10685] ftl_cs: FTL header corrupt! [ 235.054921][T10707] Format for adding new port is "id [perm_addr]" (uint MAC). [ 236.263647][T10753] FAULT_INJECTION: forcing a failure. [ 236.263647][T10753] name failslab, interval 1, probability 0, space 0, times 0 [ 236.320671][T10753] CPU: 0 UID: 0 PID: 10753 Comm: syz.2.2019 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 236.320708][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 236.320723][T10753] Call Trace: [ 236.320732][T10753] [ 236.320742][T10753] dump_stack_lvl+0x16c/0x1f0 [ 236.320783][T10753] should_fail_ex+0x512/0x640 [ 236.320808][T10753] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 236.320840][T10753] should_failslab+0xc2/0x120 [ 236.320873][T10753] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 236.320903][T10753] ? ptlock_alloc+0x1f/0x70 [ 236.320930][T10753] ptlock_alloc+0x1f/0x70 [ 236.320953][T10753] pte_alloc_one+0x82/0x3a0 [ 236.320979][T10753] do_pte_missing+0x1afc/0x3ba0 [ 236.321007][T10753] ? do_raw_spin_unlock+0x172/0x230 [ 236.321048][T10753] ? __pmd_alloc+0x3fb/0x930 [ 236.321085][T10753] __handle_mm_fault+0x152a/0x2a50 [ 236.321107][T10753] ? mt_find+0x3ef/0xa30 [ 236.321127][T10753] ? __pfx___handle_mm_fault+0x10/0x10 [ 236.321148][T10753] ? __pfx_mt_find+0x10/0x10 [ 236.321193][T10753] ? find_vma+0xbf/0x140 [ 236.321223][T10753] ? __pfx_find_vma+0x10/0x10 [ 236.321258][T10753] handle_mm_fault+0x589/0xd10 [ 236.321286][T10753] ? __pkru_allows_pkey+0x51/0xb0 [ 236.321322][T10753] do_user_addr_fault+0x7a6/0x1370 [ 236.321461][T10753] ? rcu_is_watching+0x12/0xc0 [ 236.321492][T10753] exc_page_fault+0x5c/0xb0 [ 236.321530][T10753] asm_exc_page_fault+0x26/0x30 [ 236.321554][T10753] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 236.321586][T10753] Code: c4 10 e9 84 22 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 22 04 00 66 66 [ 236.321609][T10753] RSP: 0018:ffffc900039b7d70 EFLAGS: 00050202 [ 236.321638][T10753] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 236.321653][T10753] RDX: fffff52000736fbc RSI: 0000000000000000 RDI: ffffc900039b7de0 [ 236.321670][T10753] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000736fbc [ 236.321684][T10753] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 236.321696][T10753] R13: ffffc900039b7de0 R14: 0000000000000000 R15: 0000000000000000 [ 236.321756][T10753] _copy_from_user+0x98/0xd0 [ 236.321794][T10753] do_sock_getsockopt+0x3ca/0x440 [ 236.321833][T10753] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 236.321858][T10753] ? __fget_files+0x204/0x3c0 [ 236.321935][T10753] __sys_getsockopt+0x123/0x1b0 [ 236.321996][T10753] __x64_sys_getsockopt+0xbd/0x160 [ 236.322031][T10753] ? do_syscall_64+0x91/0x490 [ 236.322068][T10753] ? lockdep_hardirqs_on+0x7c/0x110 [ 236.322099][T10753] do_syscall_64+0xcd/0x490 [ 236.322144][T10753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.322173][T10753] RIP: 0033:0x7fe4bb78eb69 [ 236.322193][T10753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.322218][T10753] RSP: 002b:00007fe4bc624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 236.322239][T10753] RAX: ffffffffffffffda RBX: 00007fe4bb9b5fa0 RCX: 00007fe4bb78eb69 [ 236.322255][T10753] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003 [ 236.322269][T10753] RBP: 00007fe4bb811df1 R08: 0000000000000000 R09: 0000000000000000 [ 236.322284][T10753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 236.322299][T10753] R13: 0000000000000000 R14: 00007fe4bb9b5fa0 R15: 00007ffc1598cca8 [ 236.322334][T10753] [ 237.384739][T10792] syz.0.2034 uses obsolete (PF_INET,SOCK_PACKET) [ 237.994026][T10825] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2049'. [ 239.915619][T10898] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2081'. [ 241.599819][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.771330][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.885642][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.011770][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.288320][ T36] bridge_slave_1: left allmulticast mode [ 242.294214][ T36] bridge_slave_1: left promiscuous mode [ 242.317778][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.358408][ T36] bridge_slave_0: left allmulticast mode [ 242.364136][ T36] bridge_slave_0: left promiscuous mode [ 242.385563][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.646284][ T5181] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 242.657512][ T5181] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 242.665613][ T5181] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 242.698620][ T5181] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 242.707927][ T5181] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 242.897994][ T36] erspan0 (unregistering): left allmulticast mode [ 243.219512][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.238132][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.252159][ T36] bond0 (unregistering): Released all slaves [ 243.662466][ T36] hsr_slave_0: left promiscuous mode [ 243.685712][ T36] hsr_slave_1: left promiscuous mode [ 243.696222][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 243.713897][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.737683][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 243.748606][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.762072][T10967] zswap: compressor not available [ 243.802454][ T36] veth1_macvtap: left promiscuous mode [ 243.809660][ T36] veth0_macvtap: left promiscuous mode [ 243.815836][ T36] veth1_vlan: left promiscuous mode [ 243.822510][ T36] veth0_vlan: left promiscuous mode [ 244.250244][T10992] sctp: [Deprecated]: syz.1.2111 (pid 10992) Use of int in maxseg socket option. [ 244.250244][T10992] Use struct sctp_assoc_value instead [ 244.769713][ T51] Bluetooth: hci2: command tx timeout [ 244.943921][ T36] team0 (unregistering): Port device team_slave_1 removed [ 245.044870][ T36] team0 (unregistering): Port device team_slave_0 removed [ 245.748387][T11034] syz.0.2127 (11034) used greatest stack depth: 21320 bytes left [ 246.233473][T10946] chnl_net:caif_netlink_parms(): no params data found [ 246.671626][T10946] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.689201][T10946] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.705246][T10946] bridge_slave_0: entered allmulticast mode [ 246.726849][T10946] bridge_slave_0: entered promiscuous mode [ 246.748034][T10946] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.773608][T10946] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.789571][T10946] bridge_slave_1: entered allmulticast mode [ 246.807408][T10946] bridge_slave_1: entered promiscuous mode [ 246.836066][ T51] Bluetooth: hci2: command tx timeout [ 246.929629][T10946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.966959][T10946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.091059][T10946] team0: Port device team_slave_0 added [ 247.118629][T10946] team0: Port device team_slave_1 added [ 247.271827][T10946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.284832][T10946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.349563][T10946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.384572][T10946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.404679][T10946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.456740][T10946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.558120][T10946] hsr_slave_0: entered promiscuous mode [ 247.564964][T10946] hsr_slave_1: entered promiscuous mode [ 247.573442][T10946] debugfs: 'hsr0' already exists in 'hsr' [ 247.580194][T10946] Cannot create hsr debugfs directory [ 248.342515][T10946] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 248.353561][T10946] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 248.366959][T10946] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 248.387716][T10946] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 248.481262][T10946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.509702][T10946] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.524155][ T1625] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.531529][ T1625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.554210][ T3971] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.561432][ T3971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.863769][T10946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.915483][ T51] Bluetooth: hci2: command tx timeout [ 248.948109][T10946] veth0_vlan: entered promiscuous mode [ 248.965126][T10946] veth1_vlan: entered promiscuous mode [ 249.009114][T10946] veth0_macvtap: entered promiscuous mode [ 249.021186][T10946] veth1_macvtap: entered promiscuous mode [ 249.046963][T10946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.066245][T10946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.083052][ T196] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.092778][ T196] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.108624][ T196] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.145215][ T196] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.234438][ T196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.261648][ T196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.301819][ T3971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.314327][ T3971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.359189][T10946] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 251.025852][ T51] Bluetooth: hci2: command tx timeout [ 251.933565][T11236] netlink: 'syz.3.2169': attribute type 1 has an invalid length. [ 252.359815][T11256] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2176'. [ 252.536699][T11264] random: crng reseeded on system resumption [ 253.113669][T11291] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2188'. [ 253.782759][T11320] mmap: syz.0.2196 (11320) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 253.912383][T11325] netlink: 19 bytes leftover after parsing attributes in process `syz.1.2198'. [ 254.017752][T11329] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2200'. [ 254.118723][T11336] XFS: Clearing xfsstats [ 254.241942][T11340] overlayfs: missing 'lowerdir' [ 254.298415][T11342] vivid-003: ================= START STATUS ================= [ 254.307950][T11342] vivid-003: Radio HW Seek Mode: Bounded [ 254.313642][T11342] vivid-003: Radio Programmable HW Seek: false [ 254.345833][T11342] vivid-003: RDS Rx I/O Mode: Block I/O [ 254.351587][T11342] vivid-003: Generate RBDS Instead of RDS: false [ 254.373143][T11342] vivid-003: RDS Reception: true [ 254.383256][T11342] vivid-003: RDS Program Type: 0 inactive [ 254.393696][T11342] vivid-003: RDS PS Name: inactive [ 254.410483][T11342] vivid-003: RDS Radio Text: inactive [ 254.425374][T11342] vivid-003: RDS Traffic Announcement: false inactive [ 254.435369][T11342] vivid-003: RDS Traffic Program: false inactive [ 254.441771][T11342] vivid-003: RDS Music: false inactive [ 254.475008][T11342] vivid-003: ================== END STATUS ================== [ 254.946146][T11360] syz.2.2216 (11360) used greatest stack depth: 19752 bytes left [ 255.506346][T11390] nbd: socks must be embedded in a SOCK_ITEM attr [ 255.520488][T11390] block nbd1: shutting down sockets [ 255.720639][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.727155][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.747702][T11406] Device name cannot be null; rc = [-22] [ 256.980660][T11453] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2250'. [ 257.313953][T11470] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2259'. [ 257.532460][T11477] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2268'. [ 259.501367][T11561] netlink: 346 bytes leftover after parsing attributes in process `syz.0.2298'. [ 260.906791][T11614] FAULT_INJECTION: forcing a failure. [ 260.906791][T11614] name failslab, interval 1, probability 0, space 0, times 0 [ 260.938421][T11614] CPU: 0 UID: 0 PID: 11614 Comm: syz.1.2320 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 260.938461][T11614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 260.938490][T11614] Call Trace: [ 260.938500][T11614] [ 260.938511][T11614] dump_stack_lvl+0x16c/0x1f0 [ 260.938564][T11614] should_fail_ex+0x512/0x640 [ 260.938590][T11614] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 260.938620][T11614] should_failslab+0xc2/0x120 [ 260.938654][T11614] __kmalloc_cache_noprof+0x6a/0x3e0 [ 260.938675][T11614] ? __pfx___x64_sys_futex+0x10/0x10 [ 260.938706][T11614] ? do_epoll_create+0x62/0x480 [ 260.938734][T11614] do_epoll_create+0x62/0x480 [ 260.938759][T11614] __x64_sys_epoll_create+0x45/0x70 [ 260.938785][T11614] do_syscall_64+0xcd/0x490 [ 260.938823][T11614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.938847][T11614] RIP: 0033:0x7fcedaf8eb69 [ 260.938868][T11614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.938891][T11614] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 260.938916][T11614] RAX: ffffffffffffffda RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 260.938933][T11614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 260.938947][T11614] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 0000000000000000 [ 260.938959][T11614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.938972][T11614] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 260.939004][T11614] [ 262.273866][T11669] Device name cannot be null; rc = [-22] [ 262.612685][T11687] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2342'. [ 264.551785][T11767] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 264.617098][T11770] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2373'. [ 265.520552][T11800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2389'. [ 265.549067][T11804] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 268.338400][T11905] base or size exceeds the MTRR width [ 269.391539][T11942] [U] [ 269.394516][T11942] [U] [ 269.397209][T11942] [U] [ 269.399900][T11942] [U] [ 269.404329][T11942] [U] [ 269.407059][T11942] [U] [ 269.409762][T11942] [U] [ 269.412462][T11942] [U] [ 269.440392][T11941] [U] [ 270.254586][T11983] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2470'. [ 271.213549][T12019] FAULT_INJECTION: forcing a failure. [ 271.213549][T12019] name failslab, interval 1, probability 0, space 0, times 0 [ 271.264145][T12019] CPU: 0 UID: 0 PID: 12019 Comm: syz.1.2487 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 271.264185][T12019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 271.264200][T12019] Call Trace: [ 271.264209][T12019] [ 271.264219][T12019] dump_stack_lvl+0x16c/0x1f0 [ 271.264267][T12019] should_fail_ex+0x512/0x640 [ 271.264293][T12019] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 271.264323][T12019] should_failslab+0xc2/0x120 [ 271.264357][T12019] __kmalloc_cache_noprof+0x6a/0x3e0 [ 271.264384][T12019] ? refill_pi_state_cache+0x89/0x250 [ 271.264424][T12019] refill_pi_state_cache+0x89/0x250 [ 271.264458][T12019] futex_lock_pi+0x175/0x7c0 [ 271.264495][T12019] ? futex_unqueue+0x13d/0x2c0 [ 271.264523][T12019] ? __pfx_futex_lock_pi+0x10/0x10 [ 271.264555][T12019] ? __futex_wait+0x24c/0x2f0 [ 271.264594][T12019] ? lockdep_hardirqs_on+0x7c/0x110 [ 271.264651][T12019] ? futex_private_hash_put+0x18a/0x300 [ 271.264687][T12019] ? __pfx_futex_wake_mark+0x10/0x10 [ 271.264739][T12019] ? __pfx_child_wait_callback+0x10/0x10 [ 271.264792][T12019] do_futex+0x11a/0x350 [ 271.264824][T12019] ? __pfx_do_futex+0x10/0x10 [ 271.264857][T12019] ? __pfx___do_sys_wait4+0x10/0x10 [ 271.264895][T12019] __x64_sys_futex+0x1e0/0x4c0 [ 271.264929][T12019] ? __pfx___x64_sys_futex+0x10/0x10 [ 271.264958][T12019] ? xfd_validate_state+0x61/0x180 [ 271.264991][T12019] ? __pfx___do_sys_prctl+0x10/0x10 [ 271.265038][T12019] do_syscall_64+0xcd/0x490 [ 271.265077][T12019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.265103][T12019] RIP: 0033:0x7fcedaf8eb69 [ 271.265124][T12019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.265147][T12019] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 271.265171][T12019] RAX: ffffffffffffffda RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 271.265188][T12019] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 271.265203][T12019] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 000000008000fff2 [ 271.265225][T12019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.265239][T12019] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 271.265268][T12019] [ 272.029604][ T30] audit: type=1804 audit(4294967364.450:5): pid=12044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2498" name=2F6E6577726F6F742F3636312F22050820 dev="tmpfs" ino=3370 res=1 errno=0 [ 272.099551][ T30] audit: type=1800 audit(4294967364.450:6): pid=12044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2498" name=22050820 dev="tmpfs" ino=3370 res=0 errno=0 [ 273.265073][T12103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2526'. [ 273.277649][T12103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2526'. [ 274.608779][T12166] FAULT_INJECTION: forcing a failure. [ 274.608779][T12166] name failslab, interval 1, probability 0, space 0, times 0 [ 274.608818][T12166] CPU: 0 UID: 0 PID: 12166 Comm: syz.3.2552 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 274.608850][T12166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 274.608864][T12166] Call Trace: [ 274.608872][T12166] [ 274.608882][T12166] dump_stack_lvl+0x16c/0x1f0 [ 274.608923][T12166] should_fail_ex+0x512/0x640 [ 274.608948][T12166] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 274.608978][T12166] should_failslab+0xc2/0x120 [ 274.609010][T12166] __kmalloc_cache_noprof+0x6a/0x3e0 [ 274.609036][T12166] ? resv_map_alloc+0x46/0x400 [ 274.609073][T12166] resv_map_alloc+0x46/0x400 [ 274.609107][T12166] hugetlbfs_get_inode+0x33f/0x730 [ 274.609147][T12166] hugetlb_file_setup+0x15b/0x620 [ 274.609177][T12166] ksys_mmap_pgoff+0x189/0x5c0 [ 274.609218][T12166] __x64_sys_mmap+0x125/0x190 [ 274.609259][T12166] do_syscall_64+0xcd/0x490 [ 274.609298][T12166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.609323][T12166] RIP: 0033:0x7f401b18eb69 [ 274.609342][T12166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.609365][T12166] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 274.609388][T12166] RAX: ffffffffffffffda RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 274.609405][T12166] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 274.609420][T12166] RBP: 00007f401b211df1 R08: 0000000000000401 R09: 0000300000000000 [ 274.609436][T12166] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 274.609451][T12166] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 274.609485][T12166] [ 276.124905][T12234] FAULT_INJECTION: forcing a failure. [ 276.124905][T12234] name failslab, interval 1, probability 0, space 0, times 0 [ 276.165323][T12234] CPU: 0 UID: 0 PID: 12234 Comm: syz.1.2583 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 276.165360][T12234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 276.165374][T12234] Call Trace: [ 276.165382][T12234] [ 276.165392][T12234] dump_stack_lvl+0x16c/0x1f0 [ 276.165436][T12234] should_fail_ex+0x512/0x640 [ 276.165461][T12234] ? fs_reclaim_acquire+0xae/0x150 [ 276.165500][T12234] should_failslab+0xc2/0x120 [ 276.165532][T12234] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 276.165562][T12234] ? __lock_acquire+0xb97/0x1ce0 [ 276.165591][T12234] ? ext4_init_io_end+0x24/0x170 [ 276.165621][T12234] ext4_init_io_end+0x24/0x170 [ 276.165645][T12234] ext4_do_writepages+0x9e7/0x3cf0 [ 276.165683][T12234] ? lock_acquire+0x179/0x350 [ 276.165734][T12234] ? __pfx_ext4_do_writepages+0x10/0x10 [ 276.165787][T12234] ? ext4_writepages+0x37a/0x7d0 [ 276.165817][T12234] ext4_writepages+0x37a/0x7d0 [ 276.165849][T12234] ? __pfx_ext4_writepages+0x10/0x10 [ 276.165896][T12234] ? do_writepages+0x4b7/0x600 [ 276.165922][T12234] ? __pfx_ext4_writepages+0x10/0x10 [ 276.165966][T12234] do_writepages+0x27a/0x600 [ 276.165994][T12234] ? __pfx_do_writepages+0x10/0x10 [ 276.166017][T12234] ? do_raw_spin_unlock+0x172/0x230 [ 276.166052][T12234] ? _raw_spin_unlock+0x28/0x50 [ 276.166087][T12234] filemap_fdatawrite_wbc+0x104/0x160 [ 276.166114][T12234] __filemap_fdatawrite_range+0xb9/0x100 [ 276.166146][T12234] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 276.166232][T12234] file_write_and_wait_range+0xca/0x140 [ 276.166266][T12234] ext4_sync_file+0x310/0xf10 [ 276.166297][T12234] ? __pfx___up_read+0x10/0x10 [ 276.166333][T12234] ? __pfx_ext4_sync_file+0x10/0x10 [ 276.166360][T12234] vfs_fsync_range+0x139/0x220 [ 276.166393][T12234] __do_sys_msync+0x3cb/0x5c0 [ 276.166430][T12234] do_syscall_64+0xcd/0x490 [ 276.166469][T12234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.166495][T12234] RIP: 0033:0x7fcedaf8eb69 [ 276.166515][T12234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.166538][T12234] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 276.166562][T12234] RAX: ffffffffffffffda RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 276.166578][T12234] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 276.166595][T12234] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 0000000000000000 [ 276.166609][T12234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.166624][T12234] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 276.166659][T12234] [ 277.853641][T12277] binder: BINDER_SET_CONTEXT_MGR already set [ 277.861840][T12277] binder: 12276:12277 ioctl 4018620d 9 returned -16 [ 278.148944][T12294] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2607'. [ 278.219389][T12294] caif0: entered promiscuous mode [ 279.601105][T12324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 279.622060][T12324] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 279.633950][T12324] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 279.651566][T12324] page_type: f5(slab) [ 279.657399][T12324] raw: 00fff00000000040 ffff88801b842280 dead000000000122 0000000000000000 [ 279.669837][T12324] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 279.691570][T12324] head: 00fff00000000040 ffff88801b842280 dead000000000122 0000000000000000 [ 279.701692][T12324] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 279.713633][T12324] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 279.727932][T12324] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 279.741589][T12324] page dumped because: unmovable page [ 279.747153][T12324] page_owner tracks the page as allocated [ 279.754199][T12324] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5868, tgid 5868 (syz-executor), ts 77879607770, free_ts 67948121763 [ 279.777251][T12324] post_alloc_hook+0x1c0/0x230 [ 279.782165][T12324] get_page_from_freelist+0x132b/0x38e0 [ 279.790700][T12324] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 279.799549][T12324] alloc_pages_mpol+0x1fb/0x550 [ 279.804552][T12324] new_slab+0x247/0x330 [ 279.808941][T12324] ___slab_alloc+0xcf2/0x1740 [ 279.813711][T12324] __slab_alloc.constprop.0+0x56/0xb0 [ 279.819320][T12324] __kmalloc_noprof+0x2f2/0x510 [ 279.824265][T12324] batadv_hash_new+0x74/0x2e0 [ 279.829120][T12324] batadv_tt_init+0x278/0x350 [ 279.833933][T12324] batadv_mesh_init+0x4e3/0x9a0 [ 279.838925][T12324] batadv_meshif_init_late+0xbd4/0xf30 [ 279.844520][T12324] register_netdevice+0x653/0x2270 [ 279.849834][T12324] batadv_meshif_newlink+0x8f/0xc0 [ 279.855084][T12324] rtnl_newlink+0xc42/0x2000 [ 279.859821][T12324] rtnetlink_rcv_msg+0x95b/0xe90 [ 279.864843][T12324] page last free pid 5775 tgid 5775 stack trace: [ 279.871359][T12324] __free_frozen_pages+0x7d5/0x10f0 [ 279.876846][T12324] __put_partials+0x165/0x1c0 [ 279.881663][T12324] qlist_free_all+0x4d/0x120 [ 279.886774][T12324] kasan_quarantine_reduce+0x195/0x1e0 [ 279.892373][T12324] __kasan_slab_alloc+0x69/0x90 [ 279.899324][T12324] __kmalloc_noprof+0x1d4/0x510 [ 279.905570][T12324] tomoyo_realpath_from_path+0xc2/0x6e0 [ 279.911237][T12324] tomoyo_path_perm+0x274/0x460 [ 279.916270][T12324] security_inode_getattr+0x116/0x290 [ 279.921738][T12324] vfs_fstat+0x4b/0xe0 [ 279.925974][T12324] __do_sys_newfstat+0x87/0x100 [ 279.930963][T12324] do_syscall_64+0xcd/0x490 [ 279.935584][T12324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.197660][T12335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2622'. [ 281.359908][T12386] netlink: 206 bytes leftover after parsing attributes in process `syz.1.2648'. [ 282.235048][T12426] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2663'. [ 282.868855][T12453] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2676'. [ 283.875943][T12492] FAULT_INJECTION: forcing a failure. [ 283.875943][T12492] name fail_futex, interval 1, probability 0, space 0, times 1 [ 283.923244][T12492] CPU: 1 UID: 0 PID: 12492 Comm: syz.2.2691 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 283.923282][T12492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 283.923296][T12492] Call Trace: [ 283.923305][T12492] [ 283.923315][T12492] dump_stack_lvl+0x16c/0x1f0 [ 283.923359][T12492] should_fail_ex+0x512/0x640 [ 283.923389][T12492] get_futex_key+0x1d0/0x1560 [ 283.923423][T12492] ? __pfx_get_futex_key+0x10/0x10 [ 283.923472][T12492] futex_wake+0xea/0x530 [ 283.923509][T12492] ? __pfx_futex_wake+0x10/0x10 [ 283.923548][T12492] ? lockdep_init_map_type+0x5c/0x280 [ 283.923588][T12492] do_futex+0x1e3/0x350 [ 283.923618][T12492] ? __pfx_do_futex+0x10/0x10 [ 283.923656][T12492] __x64_sys_futex+0x1e0/0x4c0 [ 283.923688][T12492] ? fd_install+0x225/0x750 [ 283.923712][T12492] ? __pfx___x64_sys_futex+0x10/0x10 [ 283.923754][T12492] do_syscall_64+0xcd/0x490 [ 283.923790][T12492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.923816][T12492] RIP: 0033:0x7f2c7fd8eb69 [ 283.923836][T12492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.923858][T12492] RSP: 002b:00007f2c80c080e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 283.923882][T12492] RAX: ffffffffffffffda RBX: 00007f2c7ffb5fa8 RCX: 00007f2c7fd8eb69 [ 283.923899][T12492] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2c7ffb5fac [ 283.923915][T12492] RBP: 00007f2c7ffb5fa0 R08: 00007f2c80c09000 R09: 0000000000000000 [ 283.923930][T12492] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f2c7ffb5fac [ 283.923945][T12492] R13: 0000000000000000 R14: 00007fff701977f0 R15: 00007fff701978d8 [ 283.923977][T12492] [ 284.108673][T12498] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2695'. [ 285.244909][T12546] FAULT_INJECTION: forcing a failure. [ 285.244909][T12546] name failslab, interval 1, probability 0, space 0, times 0 [ 285.293258][T12546] CPU: 0 UID: 0 PID: 12546 Comm: syz.2.2715 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 285.293304][T12546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 285.293320][T12546] Call Trace: [ 285.293328][T12546] [ 285.293338][T12546] dump_stack_lvl+0x16c/0x1f0 [ 285.293383][T12546] should_fail_ex+0x512/0x640 [ 285.293413][T12546] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 285.293443][T12546] should_failslab+0xc2/0x120 [ 285.293478][T12546] __kmalloc_cache_noprof+0x6a/0x3e0 [ 285.293505][T12546] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 285.293537][T12546] ? kasan_save_track+0x14/0x30 [ 285.293568][T12546] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 285.293608][T12546] ? __mutex_lock+0x1c4/0x10b0 [ 285.293650][T12546] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 285.293684][T12546] ? __pfx___mutex_lock+0x10/0x10 [ 285.293729][T12546] ? __fsnotify_parent+0x24b/0xc40 [ 285.293769][T12546] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 285.293800][T12546] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 285.293828][T12546] snd_pcm_oss_sync+0x1de/0x840 [ 285.293862][T12546] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 285.293891][T12546] snd_pcm_oss_release+0x28b/0x310 [ 285.293922][T12546] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 285.293950][T12546] __fput+0x3ff/0xb70 [ 285.293992][T12546] task_work_run+0x14d/0x240 [ 285.294030][T12546] ? __pfx_task_work_run+0x10/0x10 [ 285.294068][T12546] ? __pfx___do_sys_close_range+0x10/0x10 [ 285.294106][T12546] exit_to_user_mode_loop+0xeb/0x110 [ 285.294143][T12546] do_syscall_64+0x3f6/0x490 [ 285.294182][T12546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.294208][T12546] RIP: 0033:0x7f2c7fd8eb69 [ 285.294228][T12546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.294252][T12546] RSP: 002b:00007f2c80c08038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 285.294283][T12546] RAX: 0000000000000000 RBX: 00007f2c7ffb5fa0 RCX: 00007f2c7fd8eb69 [ 285.294299][T12546] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 285.294315][T12546] RBP: 00007f2c7fe11df1 R08: 0000000000000000 R09: 0000000000000000 [ 285.294330][T12546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.294346][T12546] R13: 0000000000000000 R14: 00007f2c7ffb5fa0 R15: 00007fff701978d8 [ 285.294381][T12546] [ 285.751751][T12561] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2723'. [ 286.887562][T12618] random: crng reseeded on system resumption [ 287.246915][T12638] FAULT_INJECTION: forcing a failure. [ 287.246915][T12638] name fail_futex, interval 1, probability 0, space 0, times 0 [ 287.326673][T12638] CPU: 0 UID: 0 PID: 12638 Comm: syz.3.2755 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 287.326711][T12638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 287.326726][T12638] Call Trace: [ 287.326735][T12638] [ 287.326744][T12638] dump_stack_lvl+0x16c/0x1f0 [ 287.326788][T12638] should_fail_ex+0x512/0x640 [ 287.326829][T12638] get_futex_key+0x1d0/0x1560 [ 287.326865][T12638] ? __pfx_get_futex_key+0x10/0x10 [ 287.326908][T12638] futex_wake+0xea/0x530 [ 287.326948][T12638] ? __pfx_futex_wake+0x10/0x10 [ 287.326989][T12638] ? lockdep_init_map_type+0x5c/0x280 [ 287.327030][T12638] do_futex+0x1e3/0x350 [ 287.327060][T12638] ? __pfx_do_futex+0x10/0x10 [ 287.327100][T12638] __x64_sys_futex+0x1e0/0x4c0 [ 287.327133][T12638] ? fd_install+0x225/0x750 [ 287.327158][T12638] ? __pfx___x64_sys_futex+0x10/0x10 [ 287.327189][T12638] ? xfd_validate_state+0x61/0x180 [ 287.327252][T12638] do_syscall_64+0xcd/0x490 [ 287.327292][T12638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.327317][T12638] RIP: 0033:0x7f401b18eb69 [ 287.327337][T12638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.327360][T12638] RSP: 002b:00007f4018ff60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 287.327384][T12638] RAX: ffffffffffffffda RBX: 00007f401b3b5fa8 RCX: 00007f401b18eb69 [ 287.327403][T12638] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f401b3b5fac [ 287.327419][T12638] RBP: 00007f401b3b5fa0 R08: 00007f401befa000 R09: 0000000000000000 [ 287.327436][T12638] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f401b3b5fac [ 287.327452][T12638] R13: 0000000000000000 R14: 00007ffdf18a2470 R15: 00007ffdf18a2558 [ 287.327486][T12638] [ 287.786728][T12645] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2759'. [ 287.800932][T12647] FAULT_INJECTION: forcing a failure. [ 287.800932][T12647] name failslab, interval 1, probability 0, space 0, times 0 [ 287.813868][T12647] CPU: 1 UID: 0 PID: 12647 Comm: syz.0.2760 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 287.813907][T12647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 287.813924][T12647] Call Trace: [ 287.813933][T12647] [ 287.813943][T12647] dump_stack_lvl+0x16c/0x1f0 [ 287.813988][T12647] should_fail_ex+0x512/0x640 [ 287.814014][T12647] ? fs_reclaim_acquire+0xae/0x150 [ 287.814056][T12647] should_failslab+0xc2/0x120 [ 287.814089][T12647] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 287.814120][T12647] ? __lock_acquire+0xb97/0x1ce0 [ 287.814150][T12647] ? ext4_init_io_end+0x24/0x170 [ 287.814181][T12647] ext4_init_io_end+0x24/0x170 [ 287.814206][T12647] ext4_do_writepages+0x9e7/0x3cf0 [ 287.814244][T12647] ? lock_acquire+0x179/0x350 [ 287.814296][T12647] ? __pfx_ext4_do_writepages+0x10/0x10 [ 287.814349][T12647] ? ext4_writepages+0x37a/0x7d0 [ 287.814379][T12647] ext4_writepages+0x37a/0x7d0 [ 287.814412][T12647] ? __pfx_ext4_writepages+0x10/0x10 [ 287.814459][T12647] ? do_writepages+0x4b7/0x600 [ 287.814486][T12647] ? __pfx_ext4_writepages+0x10/0x10 [ 287.814521][T12647] do_writepages+0x27a/0x600 [ 287.814550][T12647] ? __pfx_do_writepages+0x10/0x10 [ 287.814572][T12647] ? do_raw_spin_unlock+0x172/0x230 [ 287.814610][T12647] ? _raw_spin_unlock+0x28/0x50 [ 287.814645][T12647] filemap_fdatawrite_wbc+0x104/0x160 [ 287.814673][T12647] __filemap_fdatawrite_range+0xb9/0x100 [ 287.814704][T12647] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 287.814801][T12647] file_write_and_wait_range+0xca/0x140 [ 287.814837][T12647] ext4_sync_file+0x310/0xf10 [ 287.814867][T12647] ? __pfx___up_read+0x10/0x10 [ 287.814902][T12647] ? __pfx_ext4_sync_file+0x10/0x10 [ 287.814930][T12647] vfs_fsync_range+0x139/0x220 [ 287.814959][T12647] __do_sys_msync+0x3cb/0x5c0 [ 287.814993][T12647] do_syscall_64+0xcd/0x490 [ 287.815029][T12647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.815055][T12647] RIP: 0033:0x7f4d5978eb69 [ 287.815077][T12647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.815101][T12647] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 287.815126][T12647] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 287.815144][T12647] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 287.815161][T12647] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 287.815177][T12647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.815193][T12647] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 287.815230][T12647] [ 289.308762][T12691] FAULT_INJECTION: forcing a failure. [ 289.308762][T12691] name failslab, interval 1, probability 0, space 0, times 0 [ 289.316934][T12689] FAULT_INJECTION: forcing a failure. [ 289.316934][T12689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.349137][T12691] CPU: 1 UID: 0 PID: 12691 Comm: syz.1.2780 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 289.349176][T12691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 289.349192][T12691] Call Trace: [ 289.349201][T12691] [ 289.349211][T12691] dump_stack_lvl+0x16c/0x1f0 [ 289.349253][T12691] should_fail_ex+0x512/0x640 [ 289.349278][T12691] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 289.349313][T12691] should_failslab+0xc2/0x120 [ 289.349345][T12691] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 289.349373][T12691] ? __pfx_map_id_range_down+0x10/0x10 [ 289.349405][T12691] ? __x64_sys_futex+0x1e0/0x4c0 [ 289.349434][T12691] ? __x64_sys_futex+0x1e9/0x4c0 [ 289.349462][T12691] ? prepare_creds+0x2c/0x7d0 [ 289.349501][T12691] prepare_creds+0x2c/0x7d0 [ 289.349537][T12691] __sys_setreuid+0x101/0xaf0 [ 289.349564][T12691] ? rcu_is_watching+0x12/0xc0 [ 289.349593][T12691] do_syscall_64+0xcd/0x490 [ 289.349638][T12691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.349664][T12691] RIP: 0033:0x7fcedaf8eb69 [ 289.349685][T12691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.349710][T12691] RSP: 002b:00007fcedbe36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071 [ 289.349735][T12691] RAX: ffffffffffffffda RBX: 00007fcedb1b5fa0 RCX: 00007fcedaf8eb69 [ 289.349752][T12691] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 289.349767][T12691] RBP: 00007fcedb011df1 R08: 0000000000000000 R09: 0000000000000000 [ 289.349782][T12691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 289.349797][T12691] R13: 0000000000000000 R14: 00007fcedb1b5fa0 R15: 00007ffdfc7c0838 [ 289.349829][T12691] [ 289.359651][T12689] CPU: 0 UID: 0 PID: 12689 Comm: syz.3.2778 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 289.359688][T12689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 289.359704][T12689] Call Trace: [ 289.359713][T12689] [ 289.359722][T12689] dump_stack_lvl+0x16c/0x1f0 [ 289.359764][T12689] should_fail_ex+0x512/0x640 [ 289.359794][T12689] _copy_from_user+0x2e/0xd0 [ 289.359824][T12689] copy_mount_options+0x76/0x190 [ 289.359860][T12689] __x64_sys_mount+0x1ac/0x310 [ 289.359900][T12689] ? __pfx___x64_sys_mount+0x10/0x10 [ 289.359943][T12689] do_syscall_64+0xcd/0x490 [ 289.359984][T12689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.360011][T12689] RIP: 0033:0x7f401b18eb69 [ 289.360032][T12689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.360058][T12689] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 289.360082][T12689] RAX: ffffffffffffffda RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 289.360099][T12689] RDX: 0000200000000380 RSI: 0000000000000000 RDI: 00002000000002c0 [ 289.360115][T12689] RBP: 00007f401b211df1 R08: 00002000000003c0 R09: 0000000000000000 [ 289.360131][T12689] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 289.360146][T12689] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 289.360178][T12689] [ 290.256131][T12715] netlink: 'syz.1.2790': attribute type 1 has an invalid length. [ 290.462390][T12717] zswap: compressor not available [ 292.018354][ T43] smpboot: CPU 0 is now offline [ 292.453552][T12783] FAULT_INJECTION: forcing a failure. [ 292.453552][T12783] name failslab, interval 1, probability 0, space 0, times 0 [ 292.498836][T12783] CPU: 1 UID: 0 PID: 12783 Comm: syz.3.2816 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 292.498860][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.498869][T12783] Call Trace: [ 292.498874][T12783] [ 292.498880][T12783] dump_stack_lvl+0x16c/0x1f0 [ 292.498907][T12783] should_fail_ex+0x512/0x640 [ 292.498922][T12783] ? __kmalloc_noprof+0xbf/0x510 [ 292.498940][T12783] ? constrain_params_by_rules+0x175/0xca0 [ 292.498957][T12783] should_failslab+0xc2/0x120 [ 292.498976][T12783] __kmalloc_noprof+0xd2/0x510 [ 292.498991][T12783] ? unwind_get_return_address+0x59/0xa0 [ 292.499010][T12783] constrain_params_by_rules+0x175/0xca0 [ 292.499030][T12783] ? stack_trace_save+0x8e/0xc0 [ 292.499046][T12783] ? stack_depot_save_flags+0x28/0xa40 [ 292.499061][T12783] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 292.499081][T12783] ? __kasan_kmalloc+0xaa/0xb0 [ 292.499095][T12783] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 292.499111][T12783] ? snd_pcm_oss_make_ready+0xe6/0x1b0 [ 292.499126][T12783] ? snd_pcm_oss_sync+0x1de/0x840 [ 292.499147][T12783] ? rcu_is_watching+0x12/0xc0 [ 292.499161][T12783] ? snd_interval_refine+0x2fa/0x580 [ 292.499183][T12783] snd_pcm_hw_refine+0x7de/0xad0 [ 292.499203][T12783] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 292.499225][T12783] ? __asan_memset+0x23/0x50 [ 292.499238][T12783] ? _snd_pcm_hw_param_min+0x259/0x630 [ 292.499256][T12783] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 292.499281][T12783] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 292.499299][T12783] ? __pfx___mutex_lock+0x10/0x10 [ 292.499332][T12783] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 292.499349][T12783] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 292.499372][T12783] snd_pcm_oss_sync+0x1de/0x840 [ 292.499391][T12783] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 292.499408][T12783] snd_pcm_oss_release+0x28b/0x310 [ 292.499425][T12783] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 292.499441][T12783] __fput+0x3ff/0xb70 [ 292.499465][T12783] task_work_run+0x14d/0x240 [ 292.499488][T12783] ? __pfx_task_work_run+0x10/0x10 [ 292.499508][T12783] ? __pfx___do_sys_close_range+0x10/0x10 [ 292.499529][T12783] exit_to_user_mode_loop+0xeb/0x110 [ 292.499550][T12783] do_syscall_64+0x3f6/0x490 [ 292.499572][T12783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.499587][T12783] RIP: 0033:0x7f401b18eb69 [ 292.499599][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.499613][T12783] RSP: 002b:00007f4018ff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 292.499628][T12783] RAX: 0000000000000000 RBX: 00007f401b3b5fa0 RCX: 00007f401b18eb69 [ 292.499636][T12783] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 292.499644][T12783] RBP: 00007f401b211df1 R08: 0000000000000000 R09: 0000000000000000 [ 292.499652][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 292.499661][T12783] R13: 0000000000000000 R14: 00007f401b3b5fa0 R15: 00007ffdf18a2558 [ 292.499679][T12783] [ 293.350573][T12790] GUP no longer grows the stack in syz.0.2819 (12790): 14000-41000 (4000) [ 293.389021][T12790] CPU: 1 UID: 0 PID: 12790 Comm: syz.0.2819 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 293.389045][T12790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 293.389054][T12790] Call Trace: [ 293.389059][T12790] [ 293.389066][T12790] dump_stack_lvl+0x16c/0x1f0 [ 293.389093][T12790] gup_vma_lookup+0x1d2/0x220 [ 293.389114][T12790] __get_user_pages+0x243/0x34a0 [ 293.389142][T12790] ? register_lock_class+0x41/0x4c0 [ 293.389161][T12790] ? __pfx___get_user_pages+0x10/0x10 [ 293.389180][T12790] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.389199][T12790] __gup_longterm_locked+0xa92/0x17e0 [ 293.389221][T12790] ? __lock_acquire+0xb97/0x1ce0 [ 293.389242][T12790] ? __pfx___gup_longterm_locked+0x10/0x10 [ 293.389278][T12790] pin_user_pages_remote+0xed/0x140 [ 293.389301][T12790] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 293.389321][T12790] ? mm_access+0x22d/0x2e0 [ 293.389346][T12790] process_vm_rw_core.constprop.0+0x41b/0x970 [ 293.389368][T12790] ? __lock_acquire+0x62e/0x1ce0 [ 293.389389][T12790] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 293.389409][T12790] ? iovec_from_user+0xbb/0x140 [ 293.389434][T12790] ? iovec_from_user+0xbb/0x140 [ 293.389452][T12790] process_vm_rw+0x216/0x2c0 [ 293.389470][T12790] ? __pfx_process_vm_rw+0x10/0x10 [ 293.389486][T12790] ? __pfx_futex_wake+0x10/0x10 [ 293.389510][T12790] ? up_write+0x1b2/0x520 [ 293.389546][T12790] ? xfd_validate_state+0x61/0x180 [ 293.389565][T12790] ? __task_pid_nr_ns+0x17c/0x500 [ 293.389586][T12790] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 293.389604][T12790] ? do_syscall_64+0x91/0x490 [ 293.389624][T12790] ? lockdep_hardirqs_on+0x7c/0x110 [ 293.389644][T12790] do_syscall_64+0xcd/0x490 [ 293.389666][T12790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.389679][T12790] RIP: 0033:0x7f4d5978eb69 [ 293.389692][T12790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.389705][T12790] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 293.389719][T12790] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 293.389728][T12790] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000066a [ 293.389737][T12790] RBP: 00007f4d59811df1 R08: 0000000000000003 R09: 0000000000000000 [ 293.389745][T12790] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 293.389754][T12790] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 293.389772][T12790] [ 294.292027][T12789] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2818'. [ 295.855669][T12842] FAULT_INJECTION: forcing a failure. [ 295.855669][T12842] name failslab, interval 1, probability 0, space 0, times 0 [ 295.923619][T12842] CPU: 1 UID: 0 PID: 12842 Comm: syz.0.2843 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 295.923642][T12842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 295.923652][T12842] Call Trace: [ 295.923657][T12842] [ 295.923663][T12842] dump_stack_lvl+0x16c/0x1f0 [ 295.923690][T12842] should_fail_ex+0x512/0x640 [ 295.923704][T12842] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 295.923724][T12842] should_failslab+0xc2/0x120 [ 295.923743][T12842] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 295.923759][T12842] ? __pfx_map_id_range_down+0x10/0x10 [ 295.923779][T12842] ? prepare_creds+0x2c/0x7d0 [ 295.923801][T12842] prepare_creds+0x2c/0x7d0 [ 295.923821][T12842] __sys_setfsgid+0xe3/0x380 [ 295.923836][T12842] ? rcu_is_watching+0x12/0xc0 [ 295.923852][T12842] do_syscall_64+0xcd/0x490 [ 295.923874][T12842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.923888][T12842] RIP: 0033:0x7f4d5978eb69 [ 295.923900][T12842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.923914][T12842] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 295.923937][T12842] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 295.923947][T12842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.923955][T12842] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 295.923964][T12842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.923972][T12842] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 295.923991][T12842] [ 296.087166][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.080358][T12877] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2858'. [ 298.056141][T12903] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2868'. [ 301.923457][T13034] netlink: 222 bytes leftover after parsing attributes in process `syz.2.2913'. [ 302.804015][T13058] netlink: 'syz.0.2923': attribute type 2 has an invalid length. [ 303.070624][T13068] bridge0: port 4(gretap0) entered blocking state [ 303.123794][T13068] bridge0: port 4(gretap0) entered disabled state [ 303.169242][T13068] gretap0: entered allmulticast mode [ 303.226424][T13068] gretap0: entered promiscuous mode [ 303.277275][T13068] bridge0: port 4(gretap0) entered blocking state [ 303.283802][T13068] bridge0: port 4(gretap0) entered forwarding state [ 304.147271][T13095] netlink: 'syz.0.2933': attribute type 9 has an invalid length. [ 304.155026][T13095] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2933'. [ 305.363111][T13142] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary [ 306.860297][T13174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2967'. [ 307.224046][T13189] raw_sendmsg: syz.3.2973 forgot to set AF_INET. Fix it! [ 308.004325][T13209] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2984'. [ 308.879079][T13239] XFS: Clearing xfsstats [ 310.122507][ T30] audit: type=1800 audit(4294967402.540:7): pid=13286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3019" name="dbroot" dev="configfs" ino=35912 res=0 errno=0 [ 310.170690][T13286] db_root: cannot open: 3145728 [ 310.424652][ T24] Process accounting resumed [ 310.853830][T13321] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3031'. [ 311.059306][T13329] FAULT_INJECTION: forcing a failure. [ 311.059306][T13329] name failslab, interval 1, probability 0, space 0, times 0 [ 311.108577][T13329] CPU: 1 UID: 0 PID: 13329 Comm: syz.2.3036 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 311.108600][T13329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 311.108609][T13329] Call Trace: [ 311.108614][T13329] [ 311.108620][T13329] dump_stack_lvl+0x16c/0x1f0 [ 311.108647][T13329] should_fail_ex+0x512/0x640 [ 311.108662][T13329] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 311.108679][T13329] should_failslab+0xc2/0x120 [ 311.108697][T13329] __kmalloc_cache_noprof+0x6a/0x3e0 [ 311.108710][T13329] ? find_held_lock+0x2b/0x80 [ 311.108725][T13329] ? yama_ptracer_add+0x48/0x590 [ 311.108743][T13329] yama_ptracer_add+0x48/0x590 [ 311.108758][T13329] yama_task_prctl+0xf4/0x1d0 [ 311.108774][T13329] security_task_prctl+0xc2/0x160 [ 311.108797][T13329] __do_sys_prctl+0xaa/0x20e0 [ 311.108821][T13329] ? __pfx___do_sys_prctl+0x10/0x10 [ 311.108847][T13329] do_syscall_64+0xcd/0x490 [ 311.108869][T13329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.108883][T13329] RIP: 0033:0x7f2c7fd8eb69 [ 311.108895][T13329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.108908][T13329] RSP: 002b:00007f2c80c08038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 311.108922][T13329] RAX: ffffffffffffffda RBX: 00007f2c7ffb5fa0 RCX: 00007f2c7fd8eb69 [ 311.108931][T13329] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000059616d61 [ 311.108939][T13329] RBP: 00007f2c7fe11df1 R08: 0000000000000000 R09: 0000000000000000 [ 311.108948][T13329] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 311.108955][T13329] R13: 0000000000000000 R14: 00007f2c7ffb5fa0 R15: 00007fff701978d8 [ 311.108973][T13329] [ 311.853951][ T30] audit: type=1800 audit(4294967404.270:8): pid=13363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3051" name="dynamic_events" dev="tracefs" ino=31 res=0 errno=0 [ 313.945738][T13467] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 314.390108][T13480] FAULT_INJECTION: forcing a failure. [ 314.390108][T13480] name failslab, interval 1, probability 0, space 0, times 0 [ 314.423241][T13480] CPU: 1 UID: 0 PID: 13480 Comm: syz.0.3101 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 314.423264][T13480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 314.423273][T13480] Call Trace: [ 314.423278][T13480] [ 314.423285][T13480] dump_stack_lvl+0x16c/0x1f0 [ 314.423311][T13480] should_fail_ex+0x512/0x640 [ 314.423326][T13480] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 314.423346][T13480] should_failslab+0xc2/0x120 [ 314.423364][T13480] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 314.423381][T13480] ? lockdep_init_map_type+0x5c/0x280 [ 314.423400][T13480] ? posix_lock_inode+0x342/0x2280 [ 314.423422][T13480] ? __init_waitqueue_head+0xca/0x150 [ 314.423445][T13480] posix_lock_inode+0x342/0x2280 [ 314.423467][T13480] ? __pfx_aa_file_perm+0x10/0x10 [ 314.423492][T13480] ? __pfx_posix_lock_inode+0x10/0x10 [ 314.423519][T13480] vfs_lock_file+0xfb/0x150 [ 314.423541][T13480] fcntl_setlk+0x3ff/0xe20 [ 314.423557][T13480] ? __pfx_fcntl_setlk+0x10/0x10 [ 314.423572][T13480] ? __might_fault+0xe3/0x190 [ 314.423587][T13480] ? __might_fault+0xe3/0x190 [ 314.423600][T13480] ? __might_fault+0x13b/0x190 [ 314.423622][T13480] do_fcntl+0xbce/0x15a0 [ 314.423642][T13480] ? __pfx_do_fcntl+0x10/0x10 [ 314.423664][T13480] ? tomoyo_file_fcntl+0x6c/0xc0 [ 314.423686][T13480] __x64_sys_fcntl+0x163/0x200 [ 314.423707][T13480] do_syscall_64+0xcd/0x490 [ 314.423729][T13480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.423744][T13480] RIP: 0033:0x7f4d5978eb69 [ 314.423755][T13480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.423769][T13480] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 314.423783][T13480] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 314.423793][T13480] RDX: 0000000000000002 RSI: 0000000000000026 RDI: 0000000000000003 [ 314.423801][T13480] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 314.423809][T13480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.423817][T13480] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 314.423835][T13480] [ 315.033761][T13504] netlink: 294 bytes leftover after parsing attributes in process `syz.1.3114'. [ 315.642375][T13532] __vm_enough_memory: pid: 13532, comm: syz.1.3127, bytes: 4398046511104 not enough memory for the allocation [ 316.351300][ T5902] Process accounting resumed [ 317.158138][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.164460][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.631691][T13607] zero sized request [ 319.919013][T13678] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3193'. [ 323.036176][T13802] block nbd9: NBD_DISCONNECT [ 327.490018][T13938] FAULT_INJECTION: forcing a failure. [ 327.490018][T13938] name fail_futex, interval 1, probability 0, space 0, times 0 [ 327.507065][T13938] CPU: 1 UID: 0 PID: 13938 Comm: syz.1.3302 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 327.507087][T13938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 327.507096][T13938] Call Trace: [ 327.507101][T13938] [ 327.507106][T13938] dump_stack_lvl+0x16c/0x1f0 [ 327.507137][T13938] should_fail_ex+0x512/0x640 [ 327.507154][T13938] get_futex_key+0x1d0/0x1560 [ 327.507173][T13938] ? __pfx_get_futex_key+0x10/0x10 [ 327.507189][T13938] ? __mutex_trylock_common+0xe9/0x250 [ 327.507212][T13938] futex_wake+0xea/0x530 [ 327.507233][T13938] ? __pfx_futex_wake+0x10/0x10 [ 327.507260][T13938] do_futex+0x1e3/0x350 [ 327.507277][T13938] ? __pfx_do_futex+0x10/0x10 [ 327.507292][T13938] ? __might_fault+0xe3/0x190 [ 327.507312][T13938] mm_release+0x24e/0x300 [ 327.507329][T13938] do_exit+0x68e/0x2bf0 [ 327.507351][T13938] ? __pfx_do_exit+0x10/0x10 [ 327.507369][T13938] ? do_raw_spin_lock+0x12c/0x2b0 [ 327.507388][T13938] ? find_held_lock+0x2b/0x80 [ 327.507404][T13938] do_group_exit+0xd3/0x2a0 [ 327.507423][T13938] get_signal+0x2673/0x26d0 [ 327.507446][T13938] ? __pfx_get_signal+0x10/0x10 [ 327.507461][T13938] ? do_futex+0x122/0x350 [ 327.507477][T13938] ? __pfx_do_futex+0x10/0x10 [ 327.507495][T13938] arch_do_signal_or_restart+0x8f/0x790 [ 327.507514][T13938] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 327.507537][T13938] ? syscall_user_dispatch+0x78/0x140 [ 327.507561][T13938] exit_to_user_mode_loop+0x84/0x110 [ 327.507581][T13938] do_syscall_64+0x3f6/0x490 [ 327.507603][T13938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.507617][T13938] RIP: 0033:0x7fcedaf8eb69 [ 327.507628][T13938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.507641][T13938] RSP: 002b:00007fcedbe360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 327.507655][T13938] RAX: fffffffffffffe00 RBX: 00007fcedb1b5fa8 RCX: 00007fcedaf8eb69 [ 327.507665][T13938] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcedb1b5fa8 [ 327.507673][T13938] RBP: 00007fcedb1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 327.507682][T13938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcedb1b5fac [ 327.507690][T13938] R13: 0000000000000000 R14: 00007ffdfc7c0750 R15: 00007ffdfc7c0838 [ 327.507708][T13938] [ 327.883080][T13943] __vm_enough_memory: pid: 13943, comm: syz.0.3303, bytes: 4398046511104 not enough memory for the allocation [ 328.201539][T13954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 329.443547][T13990] netlink: set zone limit has 8 unknown bytes [ 329.466691][T13990] FAULT_INJECTION: forcing a failure. [ 329.466691][T13990] name fail_futex, interval 1, probability 0, space 0, times 0 [ 329.492905][T13990] CPU: 1 UID: 0 PID: 13990 Comm: syz.1.3322 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 329.492928][T13990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 329.492937][T13990] Call Trace: [ 329.492942][T13990] [ 329.492947][T13990] dump_stack_lvl+0x16c/0x1f0 [ 329.492973][T13990] should_fail_ex+0x512/0x640 [ 329.492990][T13990] get_futex_key+0xff0/0x1560 [ 329.493009][T13990] ? __pfx_get_futex_key+0x10/0x10 [ 329.493025][T13990] ? __mutex_trylock_common+0xe9/0x250 [ 329.493049][T13990] futex_wake+0xea/0x530 [ 329.493069][T13990] ? __pfx_futex_wake+0x10/0x10 [ 329.493096][T13990] do_futex+0x1e3/0x350 [ 329.493113][T13990] ? __pfx_do_futex+0x10/0x10 [ 329.493128][T13990] ? __might_fault+0xe3/0x190 [ 329.493148][T13990] mm_release+0x24e/0x300 [ 329.493164][T13990] do_exit+0x68e/0x2bf0 [ 329.493186][T13990] ? __pfx_do_exit+0x10/0x10 [ 329.493204][T13990] ? do_raw_spin_lock+0x12c/0x2b0 [ 329.493223][T13990] ? find_held_lock+0x2b/0x80 [ 329.493239][T13990] do_group_exit+0xd3/0x2a0 [ 329.493258][T13990] get_signal+0x2673/0x26d0 [ 329.493281][T13990] ? __pfx_get_signal+0x10/0x10 [ 329.493296][T13990] ? do_futex+0x122/0x350 [ 329.493312][T13990] ? __pfx_do_futex+0x10/0x10 [ 329.493330][T13990] arch_do_signal_or_restart+0x8f/0x790 [ 329.493349][T13990] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 329.493372][T13990] ? xfd_validate_state+0x61/0x180 [ 329.493396][T13990] exit_to_user_mode_loop+0x84/0x110 [ 329.493416][T13990] do_syscall_64+0x3f6/0x490 [ 329.493438][T13990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.493452][T13990] RIP: 0033:0x7fcedaf8eb69 [ 329.493464][T13990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.493483][T13990] RSP: 002b:00007fcedbe360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 329.493498][T13990] RAX: fffffffffffffe00 RBX: 00007fcedb1b5fa8 RCX: 00007fcedaf8eb69 [ 329.493507][T13990] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcedb1b5fa8 [ 329.493516][T13990] RBP: 00007fcedb1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 329.493524][T13990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcedb1b5fac [ 329.493532][T13990] R13: 0000000000000000 R14: 00007ffdfc7c0750 R15: 00007ffdfc7c0838 [ 329.493550][T13990] [ 330.073296][T14002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3326'. [ 330.272029][T13995] [ 330.274409][T13995] ====================================================== [ 330.281408][T13995] WARNING: possible circular locking dependency detected [ 330.288673][T13995] 6.16.0-syzkaller-11241-g186f3edfdd41 #0 Not tainted [ 330.295439][T13995] ------------------------------------------------------ [ 330.302436][T13995] syz.0.3320/13995 is trying to acquire lock: [ 330.308491][T13995] ffff888142fbad28 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 [ 330.317874][T13995] [ 330.317874][T13995] but task is already holding lock: [ 330.325232][T13995] ffff888142fba7e8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 330.336467][T13995] [ 330.336467][T13995] which lock already depends on the new lock. [ 330.336467][T13995] [ 330.346861][T13995] [ 330.346861][T13995] the existing dependency chain (in reverse order) is: [ 330.355851][T13995] [ 330.355851][T13995] -> #3 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 330.364445][T13995] blk_alloc_queue+0x619/0x760 [ 330.369724][T13995] blk_mq_alloc_queue+0x172/0x280 [ 330.375274][T13995] __blk_mq_alloc_disk+0x29/0x120 [ 330.380801][T13995] loop_add+0x490/0xb70 [ 330.385461][T13995] loop_init+0x164/0x270 [ 330.390205][T13995] do_one_initcall+0x120/0x6e0 [ 330.395477][T13995] kernel_init_freeable+0x5c2/0x900 [ 330.401190][T13995] kernel_init+0x1c/0x2b0 [ 330.406051][T13995] ret_from_fork+0x5d4/0x6f0 [ 330.411153][T13995] ret_from_fork_asm+0x1a/0x30 [ 330.416432][T13995] [ 330.416432][T13995] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 330.423642][T13995] fs_reclaim_acquire+0x102/0x150 [ 330.429194][T13995] prepare_alloc_pages+0x162/0x610 [ 330.434817][T13995] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 330.441230][T13995] __alloc_pages_noprof+0xb/0x1b0 [ 330.446756][T13995] pcpu_populate_chunk+0x110/0xb00 [ 330.452369][T13995] pcpu_alloc_noprof+0x86a/0x1470 [ 330.457896][T13995] bpf_map_alloc_percpu+0x9a/0x4b0 [ 330.463509][T13995] array_map_alloc+0x55c/0x760 [ 330.468778][T13995] map_create+0x58f/0x1f80 [ 330.473701][T13995] __sys_bpf+0x44d2/0x4de0 [ 330.478807][T13995] __x64_sys_bpf+0x78/0xc0 [ 330.483745][T13995] do_syscall_64+0xcd/0x490 [ 330.488769][T13995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.495166][T13995] [ 330.495166][T13995] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 330.502891][T13995] __mutex_lock+0x193/0x10b0 [ 330.507994][T13995] pcpu_alloc_noprof+0xb4c/0x1470 [ 330.513590][T13995] sbitmap_init_node+0x2fd/0x770 [ 330.519136][T13995] sbitmap_queue_init_node+0x41/0x560 [ 330.525009][T13995] blk_mq_init_tags+0x12d/0x2b0 [ 330.530363][T13995] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 330.536412][T13995] blk_mq_init_sched+0x30c/0x610 [ 330.541862][T13995] elevator_switch+0x1e1/0x7f0 [ 330.547125][T13995] elevator_change+0x2ac/0x400 [ 330.552387][T13995] elevator_set_default+0x2c4/0x360 [ 330.558092][T13995] blk_register_queue+0x393/0x4f0 [ 330.563618][T13995] __add_disk+0x74a/0xf00 [ 330.568443][T13995] add_disk_fwnode+0x13f/0x5d0 [ 330.573704][T13995] nbd_dev_add+0x783/0xbb0 [ 330.578638][T13995] nbd_init+0x181/0x320 [ 330.583310][T13995] do_one_initcall+0x120/0x6e0 [ 330.588583][T13995] kernel_init_freeable+0x5c2/0x900 [ 330.594285][T13995] kernel_init+0x1c/0x2b0 [ 330.599288][T13995] ret_from_fork+0x5d4/0x6f0 [ 330.604384][T13995] ret_from_fork_asm+0x1a/0x30 [ 330.609650][T13995] [ 330.609650][T13995] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 330.617443][T13995] __lock_acquire+0x12a6/0x1ce0 [ 330.622807][T13995] lock_acquire+0x179/0x350 [ 330.627827][T13995] __mutex_lock+0x193/0x10b0 [ 330.632938][T13995] elevator_change+0x103/0x400 [ 330.638209][T13995] elv_iosched_store+0x2eb/0x3a0 [ 330.643648][T13995] queue_attr_store+0x26b/0x310 [ 330.648997][T13995] sysfs_kf_write+0xef/0x150 [ 330.654086][T13995] kernfs_fop_write_iter+0x351/0x510 [ 330.659869][T13995] vfs_write+0x6c7/0x1150 [ 330.664699][T13995] ksys_write+0x12a/0x250 [ 330.669528][T13995] do_syscall_64+0xcd/0x490 [ 330.674625][T13995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.681016][T13995] [ 330.681016][T13995] other info that might help us debug this: [ 330.681016][T13995] [ 330.691217][T13995] Chain exists of: [ 330.691217][T13995] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 330.691217][T13995] [ 330.704925][T13995] Possible unsafe locking scenario: [ 330.704925][T13995] [ 330.712350][T13995] CPU0 CPU1 [ 330.717690][T13995] ---- ---- [ 330.723028][T13995] lock(&q->q_usage_counter(io)#18); [ 330.728407][T13995] lock(fs_reclaim); [ 330.734883][T13995] lock(&q->q_usage_counter(io)#18); [ 330.742758][T13995] lock(&q->elevator_lock); [ 330.747327][T13995] [ 330.747327][T13995] *** DEADLOCK *** [ 330.747327][T13995] [ 330.755447][T13995] 7 locks held by syz.0.3320/13995: [ 330.760619][T13995] #0: ffff88803534fb38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 330.769647][T13995] #1: ffff88807cfa2428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 330.778590][T13995] #2: ffff88805bbc9888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 330.788308][T13995] #3: ffff888024f57c38 (kn->active#165){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 330.798383][T13995] #4: ffff888142fc5368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: elv_iosched_store+0x337/0x3a0 [ 330.809064][T13995] #5: ffff888142fba7e8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 330.820703][T13995] #6: ffff888142fba820 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 330.832600][T13995] [ 330.832600][T13995] stack backtrace: [ 330.838468][T13995] CPU: 1 UID: 0 PID: 13995 Comm: syz.0.3320 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 330.838486][T13995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 330.838495][T13995] Call Trace: [ 330.838501][T13995] [ 330.838508][T13995] dump_stack_lvl+0x116/0x1f0 [ 330.838535][T13995] print_circular_bug+0x275/0x350 [ 330.838552][T13995] check_noncircular+0x14c/0x170 [ 330.838570][T13995] __lock_acquire+0x12a6/0x1ce0 [ 330.838590][T13995] lock_acquire+0x179/0x350 [ 330.838606][T13995] ? elevator_change+0x103/0x400 [ 330.838622][T13995] ? __pfx___might_resched+0x10/0x10 [ 330.838637][T13995] ? elevator_change+0x103/0x400 [ 330.838652][T13995] __mutex_lock+0x193/0x10b0 [ 330.838672][T13995] ? elevator_change+0x103/0x400 [ 330.838686][T13995] ? enable_work+0x245/0x340 [ 330.838698][T13995] ? __pfx_xa_find_after+0x10/0x10 [ 330.838713][T13995] ? __pfx___mutex_lock+0x10/0x10 [ 330.838734][T13995] ? blk_mq_cancel_work_sync+0xd8/0x110 [ 330.838746][T13995] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 330.838768][T13995] ? elevator_change+0x103/0x400 [ 330.838783][T13995] elevator_change+0x103/0x400 [ 330.838799][T13995] elv_iosched_store+0x2eb/0x3a0 [ 330.838816][T13995] ? __pfx_elv_iosched_store+0x10/0x10 [ 330.838834][T13995] ? __mutex_trylock_common+0xe9/0x250 [ 330.838853][T13995] ? __pfx_elv_iosched_store+0x10/0x10 [ 330.838869][T13995] queue_attr_store+0x26b/0x310 [ 330.838883][T13995] ? __pfx_queue_attr_store+0x10/0x10 [ 330.838900][T13995] ? find_held_lock+0x2b/0x80 [ 330.838912][T13995] ? sysfs_file_kobj+0xe4/0x290 [ 330.838927][T13995] ? __pfx_queue_attr_store+0x10/0x10 [ 330.838940][T13995] sysfs_kf_write+0xef/0x150 [ 330.838954][T13995] kernfs_fop_write_iter+0x351/0x510 [ 330.838966][T13995] ? __pfx_sysfs_kf_write+0x10/0x10 [ 330.838980][T13995] vfs_write+0x6c7/0x1150 [ 330.838995][T13995] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 330.839016][T13995] ? __pfx___mutex_lock+0x10/0x10 [ 330.839035][T13995] ? __pfx_vfs_write+0x10/0x10 [ 330.839054][T13995] ksys_write+0x12a/0x250 [ 330.839068][T13995] ? __pfx_ksys_write+0x10/0x10 [ 330.839084][T13995] do_syscall_64+0xcd/0x490 [ 330.839105][T13995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.839119][T13995] RIP: 0033:0x7f4d5978eb69 [ 330.839131][T13995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.839144][T13995] RSP: 002b:00007f4d5a5d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 330.839157][T13995] RAX: ffffffffffffffda RBX: 00007f4d599b5fa0 RCX: 00007f4d5978eb69 [ 330.839166][T13995] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 330.839174][T13995] RBP: 00007f4d59811df1 R08: 0000000000000000 R09: 0000000000000000 [ 330.839182][T13995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.839191][T13995] R13: 0000000000000000 R14: 00007f4d599b5fa0 R15: 00007fff7201fd78 [ 330.839203][T13995] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 331.779895][T10192] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.849633][T10192] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.891256][T10192] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.947314][T10192] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.044828][T10192] hsr0: left allmulticast mode [ 332.050289][T10192] hsr_slave_0: left allmulticast mode [ 332.076071][T10192] hsr_slave_1: left allmulticast mode [ 332.081461][T10192] hsr0: left promiscuous mode [ 332.105607][T10192] bridge0: port 3(hsr0) entered disabled state [ 332.117693][T10192] bridge_slave_1: left allmulticast mode [ 332.123333][T10192] bridge_slave_1: left promiscuous mode [ 332.148205][T10192] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.172542][T10192] bridge_slave_0: left allmulticast mode [ 332.198872][T10192] bridge_slave_0: left promiscuous mode [ 332.217031][T10192] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.359201][T10192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.386269][T10192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.408255][T10192] bond0 (unregistering): Released all slaves [ 332.466788][T10192] ovs_: left promiscuous mode [ 332.485915][T10192] ovs_: left promiscuous mode [ 332.490907][T13995] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.0.3320: bg 1: bad block bitmap checksum [ 332.525950][T13995] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6657: Filesystem failed CRC [ 332.560455][T10192] ovs_: left promiscuous mode [ 332.703254][T10192] hsr_slave_0: left promiscuous mode [ 332.717458][T10192] hsr_slave_1: left promiscuous mode [ 332.736635][T10192] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 332.748106][T10192] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 332.777524][T10192] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 332.784903][T10192] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 332.807455][T10192] veth1_macvtap: left promiscuous mode [ 332.812933][T10192] veth0_macvtap: left promiscuous mode [ 332.838194][T10192] veth1_vlan: left promiscuous mode [ 332.856190][T10192] veth0_vlan: left promiscuous mode [ 333.036997][T10192] team0 (unregistering): Port device team_slave_1 removed [ 333.059514][T10192] team0 (unregistering): Port device team_slave_0 removed [ 333.288081][T10192] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.331779][T10192] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.378887][T10192] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.429190][T10192] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.527411][T10192] bridge_slave_1: left allmulticast mode [ 333.533095][T10192] bridge_slave_1: left promiscuous mode [ 333.553207][T10192] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.562608][T10192] bridge_slave_0: left allmulticast mode [ 333.568532][T10192] bridge_slave_0: left promiscuous mode [ 333.574147][T10192] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.638715][T10192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 333.649062][T10192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 333.662298][T10192] bond0 (unregistering): Released all slaves [ 333.790494][T10192] hsr_slave_0: left promiscuous mode [ 333.807048][T10192] hsr_slave_1: left promiscuous mode [ 333.814273][T10192] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.835244][T10192] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 333.855932][T10192] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 333.863307][T10192] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 333.895444][T10192] veth1_macvtap: left promiscuous mode [ 333.900935][T10192] veth0_macvtap: left promiscuous mode [ 333.920827][T10192] veth1_vlan: left promiscuous mode [ 333.936306][T10192] veth0_vlan: left promiscuous mode [ 334.102557][T10192] team0 (unregistering): Port device team_slave_1 removed [ 334.122693][T10192] team0 (unregistering): Port device team_slave_0 removed