last executing test programs: 13.122806947s ago: executing program 2 (id=736): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x63a2) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/v4l-subdev3\x00', 0x16ba00, 0x0) ioctl$auto(r0, 0x800004, r0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x40c041, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/irq/4/type\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0x9) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) set_mempolicy$auto(0x26, &(0x7f0000000000)=0x3, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) setfsgid$auto(0xee01) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) read$auto_proc_pid_maps_operations_internal(r2, &(0x7f00000010c0)=""/4096, 0x1000) setsockopt$auto_SO_MARK(0xffffffffffffffff, 0x80000d, 0x24, &(0x7f0000000180)=']}&##/\'.\x00', 0x6) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0) read$auto(0x3, 0x0, 0x80) r3 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/pp_hold\x00', 0xc0b02, 0x0) write$auto(r3, 0x0, 0xc70) 7.538218666s ago: executing program 2 (id=753): prctl$auto(0x3e, 0x40, 0x0, 0x1, 0x2) mmap$auto(0x0, 0xe983, 0x7f, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x0, 0x0, 0x0, 0x440a48d3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sched_get_priority_min$auto(0x40) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x981082, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x1, 0x0) r0 = socket(0x11, 0x80003, 0x300) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x10f, 0x12, 0x0, 0x8) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_clone3(&(0x7f0000000100)={0x2100000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0x200000000) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/fail-nth\x00', 0x20e081, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x2) mount$auto(0x0, &(0x7f0000000540)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0x3, &(0x7f00000003c0)="3dd1fa31") read$auto(r2, 0x0, 0x3ff) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/fail-nth\x00', 0x2a44, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x8000fff2) 6.952219251s ago: executing program 1 (id=755): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) msgctl$auto_MSG_INFO(0x10, 0xc, 0x0) ioctl$auto_IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, 0x0) 6.488165095s ago: executing program 1 (id=757): r0 = bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) umount2$auto(&(0x7f0000000500)='/proc/thread-self/ns/cgroup\x00', 0x8) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/mm/transparent_hugepage/use_zero_page\x00', 0x28442, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/36, 0x24) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000000c0), r1) r4 = clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) prctl$auto(0x3e, 0x1, r4, 0x1, 0x0) capget$auto(&(0x7f0000000140)={0x80000001, r4}, &(0x7f0000000100)={0x10ff, 0x2}) ioctl$auto_XFS_IOC_ALLOCSP64(r0, 0x40305824, &(0x7f00000001c0)={0x7, 0xa, 0x343d, 0x1, 0x2}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x401, 0x8000) r5 = openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, 0x0, 0x2202, 0x0) write$auto(r5, 0x0, 0x1) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/event2\x00', 0x100, 0x0) r6 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) pread64$auto(r6, 0x0, 0x20000000001, 0xfffffffffffff) ioctl$auto_EVIOCGREP(r2, 0x80084503, &(0x7f0000000180)=[0x1, 0xd1]) capset$auto(&(0x7f0000000000)={0x6}, &(0x7f0000000040)={0x101, 0x4, 0xbc09}) r7 = socket(0x23, 0x5, 0x0) listen$auto(r7, 0x5ed) connect$auto(r7, 0x0, 0x55) gettid() mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r9, 0x0, 0x20) writev$auto(r8, &(0x7f0000000200)={0x0, 0x3}, 0x3) ioctl$auto_CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0) keyctl$auto(0x16, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) 4.882613227s ago: executing program 3 (id=759): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8001, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'batadv0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="110b27bd7000fbdbdf250900000008000300", @ANYRES32=r3, @ANYBLOB="05000600", @ANYRES32=0x0, @ANYBLOB="cfdaeaf1a1a47f139cc51d20af858614905fd50b8bb8925636e005b3193b7956fcf399453ab78191f3b4b3a3a3591ce30c14b7721201b30476631e55330ad0b5c677d077482a6e2473ec1ef5488b7d9840f342068481dea7ac91e48ef5bae31fb3d9b03c814ba5c5c2926ff9161c97c4d89024b60545bb023d2dd8710a63160929185305c00a34095eee4207461ed6dfd672e3af"], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) socket(0xa, 0x1, 0x0) (async) r4 = socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) (async) socket(0x2, 0x1, 0x84) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) (async) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) r5 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r5, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x0) (async) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyec\x00', 0x400, 0x0) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x2, 0x0, 0x8) (async) setsockopt$auto(0x3, 0x1, 0x2, 0x0, 0x8) listen$auto(0x3, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r7 = getegid() setregid$auto(r7, r7) fsconfig$auto_FSCONFIG_SET_PATH(r4, 0x3, &(0x7f00000000c0)='/dev/zero\x00', &(0x7f0000000100)="e21e36f27b65ad9d9c3680927fbc36159ac58ce37a3a4518b2e590eec8ef7778b994caa2d0ee0a8b37e219e155432be9dc4a9b20e67cc74b9da5f3bcb2c9795182ae0275f48a9dee2632aaa1b687a9effa0d62ea67d7ebb894", r7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r8 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r8, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) close_range$auto(r8, 0x8, 0x0) (async) close_range$auto(r8, 0x8, 0x0) bpf$auto(0x3, 0x0, 0x5) (async) bpf$auto(0x3, 0x0, 0x5) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) timer_settime$auto(0x0, 0x8, &(0x7f0000000040)={{0x0, 0xd3}, {0x1000}}, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) 4.369750268s ago: executing program 3 (id=760): fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) getpid() unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r0, &(0x7f0000000680)={&(0x7f0000000300)="64074c974bc700bf3e0ea3cb2a0e6fb39becec71e3a4d0a56fd330f661933ddee8f7e24e910a635beff3ee8ee14b1c06ea42210c954dbb2646ec4926a181e72e60e162246177fab5b4ca997754a8c9cddab6d3c54cbfb66c3783772d50cc1e5778975d5b19cb2cf6de8f594e2311768d1b3d94adef00"/136, 0x40200}, 0x3) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x44098) socket(0x18, 0x3, 0x100) r1 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x0, 0x4000000df, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7e, 0x0, 0x7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) setsockopt$auto(r1, 0x10000000084, 0x23, 0x0, 0x8) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(0xffffffffffffffff, 0x0, 0x4000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mbind$auto(0x2000, 0x800000100000004, 0x100000000, 0x0, 0x1003, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) open(&(0x7f0000000080)='./cgroup\x00', 0x101000, 0x0) r3 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r3, 0x65, 0x2, 0x0, 0xaf7) 3.912354246s ago: executing program 1 (id=761): fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) getpid() unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r0, &(0x7f0000000680)={&(0x7f0000000300)="64074c974bc700bf3e0ea3cb2a0e6fb39becec71e3a4d0a56fd330f661933ddee8f7e24e910a635beff3ee8ee14b1c06ea42210c954dbb2646ec4926a181e72e60e162246177fab5b4ca997754a8c9cddab6d3c54cbfb66c3783772d50cc1e5778975d5b19cb2cf6de8f594e2311768d1b3d94adef00"/136, 0x40200}, 0x3) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x44098) socket(0x18, 0x3, 0x100) r1 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x0, 0x4000000df, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7e, 0x0, 0x7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) setsockopt$auto(r1, 0x10000000084, 0x23, 0x0, 0x8) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(0xffffffffffffffff, 0x0, 0x4000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mbind$auto(0x2000, 0x800000100000004, 0x100000000, 0x0, 0x1003, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) open(&(0x7f0000000080)='./cgroup\x00', 0x101000, 0x0) r3 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r3, 0x65, 0x2, 0x0, 0xaf7) 3.58178755s ago: executing program 0 (id=762): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram12\x00', 0x14f602, 0x0) mmap$auto(0x6, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000dc0)='/dev/sequencer\x00', 0xafefa9ff3f069677, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x243, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000005c0), 0x2000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder0\x00', 0x635181, 0x0) dup$auto(r1) r2 = socket(0x2, 0x1, 0xfffffff3) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_FS_IOC_GETFSSYSFSPATH(r3, 0x80811501, 0x4) r4 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto_ftrace_subsystem_filter_fops_trace_events(r4, &(0x7f0000000240)="8f0447fef2afea7e35a0274f508a73119aff3bc0528f45fd27fea1bb4baa95f757cf9e57a14e04353736f4a23ce2a531c678ed7d6d28d43aaea2a69abe3e93453380adf35653f5875227ce319330afe5e4cc7601a8eccbb3729f9869ca35edaf6343e41fe91304ef53273ed0943b28e00e9c2f919d54fe990911e4c265c3d23eb66229", 0x83) r5 = openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000080), 0x280, 0x0) pipe$auto(&(0x7f00000000c0)=r5) r6 = prctl$auto(0x3e, 0xffffffffffffffff, 0x0, 0x2000000001, 0x4) pread64$auto(r2, &(0x7f0000000400)='\'()$\x00\xeb\x03\xa3\x14\xb3!\x02\x89\xc1\x86\xc0LEzI\xed\x80\xcdJ\x1d\x98\xe0\x86\x9b\xa8\xa0\x17h\xca%ZA\xad\x8dA0\xee-\x90\xbd\x80-L\x1bE\x13\x89(9\x1e\xa1\x88\xb5b\xcf%L\xf4\x97T\xe1\x91\xc4-Vr\xa4$\xcf\xeb\x8b\xb6-\xb4|\x7fs\xefR\x90Y\xf9\xe7\x9c\xfaR\xb2\xc7\xea\xe1~\xbbf\xc7\f\xc0D\xa1W\'w\xae\xb5\xd5h\x87\xf0\xcc\x83\x02\x89\xdb\xcc\x9f\xf8-\xb0\xa3\x18\xfeFx<\x06\x9f\xdb\xec\x92\x1d\xce\xb3\x99\xb0\xbd\b\x9d\x8f\tV$B\x10~k\xa8\xd7\xc1\xe42\xc0\x18q\xfc|\xd7\x11\x0fu;\x14px\x00\x10\xab\xbc\xdc\xdd\xc2+\xe2w\xb3\x9a\xb3\x94E\xe0', 0x2, 0x84) read$auto_fops_x64_ro_(r6, &(0x7f0000000100)=""/44, 0x2c) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x4, 0x7, 0x95f4da0a, 0xffffffffffffffff, 0xffffffffffffffff, 0x9, 0x80000001, 0x7, 0x6d3f, 0x9d8, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000140)='/de\x00\x00audio1\x00\xf3b\x8eZ\xba\x18\xb2\xcd3\xc0\x9e\x89\x80<}1J\x99\xbavE5\xa7\xd81\xd2\xfd \xc1:\xf5-\v\xc3\xee;h\xb7\aqi\t.\xe7\xed1\xabE\xd0\xfc\v\x02\xad\xc3\x7f\xa8\x10\xa3\x1f\xdb\xf1k\xc3\xbf\x94\x05\xd2U%\x81\x06\xad\xe6\xc0\xad\x87\xd9\x04\aQ\xa4\x99\x82\xf1\xac\xc5\xc3\x1f\xb9\x8cZ\x1f]\x00', 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xb, 0x5, 0x958b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x40008000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x10000]}, 0x0) 3.453873036s ago: executing program 2 (id=763): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/module/kvm/parameters/pi_inject_timer\x00', 0x10b142, 0x0) write$auto(r0, &(0x7f0000000340)='/sys/module/kvm/parameters/pi_inject_timer\x00', 0x3) getdents64$auto(r0, &(0x7f0000000000)={0xfffffffffffffe00, 0x100000000, 0x7, 0x7e, "a8553942254a87d48cba9b24d6e3a5a58a1006b8381ab0b2db9b384a7fd6761246c103d8dc2132df3ad778748fcc9486ebbf9d9a3c"}, 0xd) 3.238759959s ago: executing program 3 (id=764): ioperm$auto(0x800, 0x5, 0xd) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_uring_setup$auto(0x1, 0x0) ioperm$auto(0x2, 0x80000000, 0x3) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 2.934075185s ago: executing program 2 (id=765): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x12d981, 0x0) adjtimex$auto(0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) (async, rerun: 64) mmap$auto(0x8, 0x400008, 0xdf, 0x9b72, 0x2, 0xfffffffffffffffb) (async, rerun: 64) io_uring_setup$auto(0x6, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0xc0, 0xb, 0x0, 0x4, 0xfffffffffffffffc, 0x82, 0x6, 0x2, 0x9, 0xffff, 0x4000000000000002, 0xd, 0x10000000005, 0xfffffffffffffffe, 0x7, 0x1000000006]}, 0x0, 0x0) syslog$auto(0x2, &(0x7f0000000400)='-\xa3:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (rerun: 32) r0 = clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x12) (async, rerun: 64) madvise$auto(0x6, 0x4, 0xfffffff7) (async, rerun: 64) r1 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u50x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'nicvf0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'veth0_macvtap\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'veth0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_WOL_GET(r3, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="58010000", @ANYRES16=r6, @ANYBLOB="00082cbd7000fcdbdf25090000001800018014000200626f6e645f736c6176655f30000000002000018008000100", @ANYRES32=r5, @ANYBLOB="140002006d61637365633000000000000000000018000180140002007665746831000000000000000000000018000180140002006970766c616e310000000000000000006c00018014000200697036677265300000000000000000001400020076657468315f766972745f7769666900140002006272696467655f736c6176655f3000001400020076657468305f746f5f6873720000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000300060000007000018008000100", @ANYRES32=r7, @ANYBLOB="080003000500000014000200766c616e3100002307000000000000006fce4dc9ef62b5c70800010093905b156e530ed0e5824e95dd5ddaa412168dbe40d514797074f1a8f6a9e386b209", @ANYRES32=r8, @ANYBLOB="0800030000010000140002006d6163766c616e3000000000000000000800030010000000140002006272696467655f736c6176655f300000"], 0x158}, 0x1, 0x0, 0x0, 0x24040000}, 0x4084090) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) mmap$auto(0x2b5, 0xe983, 0xdf, 0xebf, r2, 0x7) ioctl$auto_BLKPG(r4, 0x1269, 0x0) socketpair$auto(0x1, 0x2, 0x2, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.286753304s ago: executing program 2 (id=769): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ati_remote2/parameters/channel_mask\x00', 0x1e1842, 0x0) write$auto(r1, &(0x7f0000000180)='7\x00\x00\xec\x007\xfe(\xbd\xb0\x86\xe0K\xcf\xcf\x8d\xf2S6\x9e\x81\xcdc\xd7\x19-7\xc2\x89\x9d\x8cR`\xab6F\xd6O\x8b[\"\x80\xd0\xd2!\xc5\xdf\x8c&\xbd\x12\xb0\xa9v\vK\xfe+\xfb4\x02l\t5:a\xbf\xaf\xe3VX\x8d/l\f\xef\x1c\xc9\x13\xf6\x86\xb9N\xeeq\'\xb8\xb0\xa4\xd8\x94\xb8\xbc\b1\xc5\xb7\xca\x8e\x94\x0e\xc9\x99C\x97\xc2]\x80,\xaa\xf5\x17\xacnQ>\aH\xf6\xd6`/f\xcf\x8d\xaa\x00\xd5\x91\x9f\x96\xc6\xa4\'N\xebE\x8b', 0x400000000003) bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x1d30, 0x6, 0xffffffffffffffff, @relative_fd=r0, 0x7}, 0xa3) sendto$auto(r0, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$auto_SOUND_MIXER_WRITE_RECSRC2(r3, 0xc0044dff, 0x0) setsockopt$auto_SO_BSDCOMPAT(0xffffffffffffffff, 0x5, 0xe, &(0x7f0000000000)='+D^-$([:&\'\x00', 0x7fffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x100000000000037, 0x0) r4 = socket(0xa, 0x801, 0x100) setsockopt$auto(r4, 0x6, 0x8, 0x0, 0xfb3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) sendto$auto(0x4, 0x0, 0x3f000000, 0x10000, &(0x7f0000000140)=@in={0x23, 0x4e33}, 0x80) write$auto_safesetid_uid_file_fops_securityfs(r2, &(0x7f0000000100)="9573215f0a2d97390dbd631d1e1a5f511851dffa06d5be871fe7501adf2e3997", 0x20) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r5, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x3c, r6, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_FLAGS={0x8, 0x4, 0x1}, @HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "a060212f83d9"}, @HWSIM_ATTR_COOKIE={0x2e}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) r7 = open_tree$auto(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x3) mmap$auto(0x3, 0x20006, 0x7, 0x3b, r7, 0x2000000a) 2.244697635s ago: executing program 0 (id=770): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001200)='/sys/kernel/security/tomoyo/audit\x00', 0xa0141, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_available_congestion_control\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xb59) r2 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) getsockopt$auto(r2, 0x29, 0x18, 0x0, 0x0) mmap$auto(0x80000000, 0x61, 0x3, 0xfa31, r2, 0x5) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) mremap$auto(0x0, 0x2, 0x9, 0x3, 0x7fffffffb000) r3 = prctl$auto_PR_SCHED_CORE_CREATE(0x0, 0x1, 0x0, 0x3ff, 0xffffffffffffffff) ioctl$auto_XFS_IOC_ERROR_INJECTION(r3, 0x40085874, &(0x7f00000010c0)={r0, 0x6}) read$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420008, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x1e, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_ADVISE(r4, 0x2, &(0x7f0000000040)=',%!/-%,\x00', &(0x7f0000000080), 0x3) socketpair$auto(0x2, 0xb408, 0x12, 0x0) close_range$auto(0x2, 0x8000, 0x0) r5 = socket(0x2, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0x3, r5) timerfd_create$auto(0x73, 0xd) 2.044079768s ago: executing program 3 (id=771): r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x66) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x568) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/adsp1\x00', 0x141142, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, 0x0, 0x480) execve$auto(0x0, 0x0, 0x0) sendmsg$auto_IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24008850}, 0x0) symlink$auto(0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) madvise$auto(0x0, 0x200007, 0x8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000100)={{@raw=0x9, 0x85, 0x20e, 0x9, "669cbbd9e97551b991bea188e0f1a57ce2a1facac1f00b2f4ab8635524133f9e22c7717f6050f2d2252ca5f2"}, 0x0, @integer64=@value=[0x9, 0x7, 0xc2c3, 0x3, 0x8, 0x7, 0x4, 0x7, 0x80, 0x6, 0xfffffffffffffffd, 0x8000000000000001, 0x0, 0x9, 0x6, 0x1, 0x8, 0x5, 0x7ffffffffffffffc, 0x58a2, 0x5, 0xad, 0x7, 0x1000ffffe, 0x2, 0x85d7a604f, 0xc01, 0x7fffffff, 0x8, 0xff, 0x8, 0x9, 0x4, 0xfffffffffffffffd, 0x10000000000007, 0x0, 0x3, 0x9, 0x6, 0x8000000000000000, 0xfff, 0x4, 0x4, 0x4, 0x8001, 0x3, 0x3, 0x2, 0x7fffffff, 0x81, 0x2, 0x4, 0x5, 0x7, 0xfffffffffffffffd, 0x7fff, 0xd468, 0x9, 0x612, 0xffff, 0xf60d, 0x5, 0x6, 0x1], "282f77b07e718ed4d99a34617774e3a82f982e0f05e516c299a28a585e87e0d908e2c8e50de5016f1de5d432da2cc20e951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c85"}) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) getsockopt$auto(r0, 0x84, 0x72, 0x0, &(0x7f0000000000)=0x7ffe) 1.621814293s ago: executing program 1 (id=772): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r1) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') ioctl$auto(r0, 0x80045440, 0x1) epoll_create$auto(0x0) r2 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0xc2540, 0x0) ioctl$auto_BTRFS_IOC_SEND(r2, 0x40489426, &(0x7f0000000080)={@raw=0x2, 0xe1858b0, &(0x7f0000000040)=0xb44000, 0x8, 0xd, 0x6, "c237df408b59c30a06a48896c67ecd15e384d01404a0b15fe4773c34"}) 1.096126018s ago: executing program 0 (id=773): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000300), 0x60081, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000002c0), 0x101080, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS64(r1, 0x80605414, 0x0) lseek$auto(0x3, 0x2, 0x4) setuid$auto(0xe) bpf$auto(0x5, &(0x7f0000001100)=@link_update={0xffffffffffffffff, @new_prog_fd, 0x800}, 0x7) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) ioctl$auto_PPPIOCATTACH(r0, 0x4004743d, &(0x7f0000000340)=0x4) 1.008404011s ago: executing program 1 (id=774): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/module/kvm/parameters/pi_inject_timer\x00', 0x10b142, 0x0) openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/debug/clk/clk_summary\x00', 0x80082, 0x0) pread64$auto(r0, 0x0, 0x201, 0x569) r1 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x143282, 0x0) pread64$auto(r1, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f0000000000)='/sys/module/kvm/parameters/pi_inject_timer\x00\x81R\xa7\x01\x0e', 0x3) madvise$auto(0x6, 0x9, 0xfffffff8) 833.495338ms ago: executing program 0 (id=775): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000100)={0x1ff, 0xfff, 0x1000}) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r0, 0x1, &(0x7f0000000000)="14040000000000032a") 532.330122ms ago: executing program 1 (id=776): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xffff) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x1a, 0x5, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram7/queue/iostats\x00', 0x48542, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) ioctl$auto_BLKRRPART(r1, 0x125f, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/net/ip6_tables_matches\x00', 0x10b402, 0x0) pread64$auto(r3, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) getpeername$auto(r0, &(0x7f0000000080)=@hci={0x1f, 0xffffffffffffffff}, &(0x7f00000000c0)=0x4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000300)='/dev/v4l-subdev0\x00', 0x200000, 0x0) madvise$auto(0x0, 0xf663, 0x15) ioprio_set$auto(0x3, 0x0, 0x4b34) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) r4 = socket(0x1d, 0x2, 0x6) getsockopt$auto(r4, 0x6a, 0x9, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204, 0x0) listmount$auto(&(0x7f0000000100)={0xba, @inferred=r1, 0xffffffffffffffff, 0xfffffffffffffff7}, 0x0, 0xf4240, 0x1) capget$auto(0x0, 0xfffffffffffffffe) 250.929904ms ago: executing program 0 (id=777): lseek$auto(0xffffffffffffffff, 0x8001, 0x4) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000000c0), 0xa480, 0x0) readv$auto(0x3, &(0x7f0000000280)={0x0, 0xf7}, 0x87) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x2, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ppoll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x4000084) socket(0xa, 0x5, 0x4) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) setreuid$auto(0x4, 0x8) mlockall$auto(0x8000000000000001) unshare$auto(0x40000080) socket(0x848000000015, 0x805, 0x0) 0s ago: executing program 2 (id=778): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop1/queue/scheduler\x00', 0xa001, 0x0) socket(0x22, 0x2, 0x24) (async) r0 = socket(0x22, 0x2, 0x24) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(0xffffffffffffffff, 0x806c4120, &(0x7f0000000100)={0x0, 0x6, 0x95d7, 0x7f, 0x3, 0x1, 0x9, 0x2, 0x0, 0x7, 0xb, 0x8, 0x100, 0x2, 0x3, 0x3ff, 0x400, 0x80000000, "0c1056e3480805f935e214e44f620fa9eba8238cacc3d9e6fc45cf541e509fc2457ae4ae"}) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) (async) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(r1, 0x8, 0x0) (async) close_range$auto(r1, 0x8, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r3, 0xc0285629, r3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x6041, 0x0) socket(0x6, 0x2, 0x6) (async) socket(0x6, 0x2, 0x6) semctl$auto_SETVAL(0x4, 0xfffffff7, 0x10, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(r0, 0x3, 0x1, 0x0, 0x0) (async) getsockopt$auto(r0, 0x3, 0x1, 0x0, 0x0) socket(0x1e, 0x1, 0x0) (async) r4 = socket(0x1e, 0x1, 0x0) bind$auto(r4, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x0, 0x2}}, 0x66) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            [ 264.315241][ T8320] FAULT_INJECTION: forcing a failure. [ 264.315241][ T8320] name fail_futex, interval 1, probability 0, space 0, times 0 [ 264.354977][ T8320] CPU: 0 UID: 0 PID: 8320 Comm: syz.3.458 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 264.355025][ T8320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 264.355046][ T8320] Call Trace: [ 264.355057][ T8320] [ 264.355069][ T8320] dump_stack_lvl+0x16c/0x1f0 [ 264.355128][ T8320] should_fail_ex+0x512/0x640 [ 264.355167][ T8320] get_futex_key+0x1d0/0x1560 [ 264.355211][ T8320] ? __pfx_get_futex_key+0x10/0x10 [ 264.355254][ T8320] ? __pfx___schedule+0x10/0x10 [ 264.355298][ T8320] ? do_raw_spin_unlock+0x172/0x230 [ 264.355369][ T8320] futex_wait_setup+0x9d/0x550 [ 264.355433][ T8320] __futex_wait+0x194/0x2f0 [ 264.355485][ T8320] ? __pfx___futex_wait+0x10/0x10 [ 264.355541][ T8320] ? __pfx_futex_wake_mark+0x10/0x10 [ 264.355598][ T8320] ? futex_private_hash_put+0x176/0x300 [ 264.355642][ T8320] ? futex_private_hash_put+0x18a/0x300 [ 264.355684][ T8320] futex_wait+0xe8/0x380 [ 264.355734][ T8320] ? __pfx_futex_wait+0x10/0x10 [ 264.355795][ T8320] ? keyctl_get_persistent+0x5ec/0x8c0 [ 264.355846][ T8320] do_futex+0x229/0x350 [ 264.355889][ T8320] ? __pfx_do_futex+0x10/0x10 [ 264.355934][ T8320] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 264.355987][ T8320] __x64_sys_futex+0x1e0/0x4c0 [ 264.356036][ T8320] ? __pfx___x64_sys_futex+0x10/0x10 [ 264.356077][ T8320] ? xfd_validate_state+0x61/0x180 [ 264.356143][ T8320] do_syscall_64+0xcd/0x490 [ 264.356197][ T8320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.356231][ T8320] RIP: 0033:0x7f47b358eb69 [ 264.356262][ T8320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.356294][ T8320] RSP: 002b:00007f47b437f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 264.356332][ T8320] RAX: ffffffffffffffda RBX: 00007f47b37b6168 RCX: 00007f47b358eb69 [ 264.356354][ T8320] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f47b37b6168 [ 264.356374][ T8320] RBP: 00007f47b37b6160 R08: 0000000000000000 R09: 0000000000000000 [ 264.356414][ T8320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47b37b616c [ 264.356435][ T8320] R13: 0000000000000000 R14: 00007fff06b892f0 R15: 00007fff06b893d8 [ 264.356478][ T8320] syzkaller syzkaller login: [ 266.247454][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.253930][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 267.810568][ T8363] netlink: 28 bytes leftover after parsing attributes in process `syz.2.468'. [ 267.856612][ T8363] bridge_slave_1: left allmulticast mode [ 267.862337][ T8363] bridge_slave_1: left promiscuous mode [ 267.914770][ T8363] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.068694][ T8363] bridge_slave_0: left allmulticast mode [ 268.157345][ T8363] bridge_slave_0: left promiscuous mode [ 268.217224][ T8363] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.971866][ T8356] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 270.981502][ T31] audit: type=1800 audit(1754298490.243:11): pid=8356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.466" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 270.992799][ T8356] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 271.025741][ T8356] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 271.839745][ T8379] FAULT_INJECTION: forcing a failure. [ 271.839745][ T8379] name failslab, interval 1, probability 0, space 0, times 0 [ 271.882771][ T8379] CPU: 1 UID: 0 PID: 8379 Comm: syz.2.470 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 271.882820][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 271.882841][ T8379] Call Trace: [ 271.882852][ T8379] [ 271.882865][ T8379] dump_stack_lvl+0x16c/0x1f0 [ 271.882923][ T8379] should_fail_ex+0x512/0x640 [ 271.882957][ T8379] ? __kmalloc_noprof+0xbf/0x510 [ 271.882999][ T8379] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 271.883040][ T8379] should_failslab+0xc2/0x120 [ 271.883084][ T8379] __kmalloc_noprof+0xd2/0x510 [ 271.883120][ T8379] ? __pfx___mutex_trylock_common+0x10/0x10 [ 271.883179][ T8379] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 271.883228][ T8379] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 271.883267][ T8379] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 271.883304][ T8379] ? genl_get_cmd+0x194/0x580 [ 271.883350][ T8379] ? __radix_tree_lookup+0x21f/0x2c0 [ 271.883415][ T8379] genl_rcv_msg+0x55c/0x800 [ 271.883457][ T8379] ? __pfx_genl_rcv_msg+0x10/0x10 [ 271.883493][ T8379] ? __pfx_ctrl_getfamily+0x10/0x10 [ 271.883547][ T8379] netlink_rcv_skb+0x158/0x420 [ 271.883601][ T8379] ? __pfx_genl_rcv_msg+0x10/0x10 [ 271.883640][ T8379] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 271.883713][ T8379] ? netlink_deliver_tap+0x1ae/0xd30 [ 271.883771][ T8379] genl_rcv+0x28/0x40 [ 271.883801][ T8379] netlink_unicast+0x5a7/0x870 [ 271.883861][ T8379] ? __pfx_netlink_unicast+0x10/0x10 [ 271.883914][ T8379] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 271.883979][ T8379] netlink_sendmsg+0x8d1/0xdd0 [ 271.884041][ T8379] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.884112][ T8379] __sys_sendto+0x4a3/0x520 [ 271.884160][ T8379] ? __pfx___sys_sendto+0x10/0x10 [ 271.884255][ T8379] ? find_held_lock+0x2b/0x80 [ 271.884322][ T8379] __x64_sys_sendto+0xe0/0x1c0 [ 271.884376][ T8379] ? do_syscall_64+0x91/0x490 [ 271.884428][ T8379] ? lockdep_hardirqs_on+0x7c/0x110 [ 271.884478][ T8379] do_syscall_64+0xcd/0x490 [ 271.884534][ T8379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.884567][ T8379] RIP: 0033:0x7faae61909fc [ 271.884594][ T8379] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 271.884626][ T8379] RSP: 002b:00007faae7077ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 271.884659][ T8379] RAX: ffffffffffffffda RBX: 00007faae7077fc0 RCX: 00007faae61909fc [ 271.884681][ T8379] RDX: 0000000000000020 RSI: 00007faae7078010 RDI: 0000000000000005 [ 271.884702][ T8379] RBP: 0000000000000000 R08: 00007faae7077f14 R09: 000000000000000c [ 271.884724][ T8379] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 271.884743][ T8379] R13: 00007faae7077f68 R14: 00007faae7078010 R15: 0000000000000000 [ 271.884788][ T8379] [ 272.223137][ T8384] netlink: 342 bytes leftover after parsing attributes in process `syz.1.472'. [ 272.346595][ T8384] netlink: 342 bytes leftover after parsing attributes in process `syz.1.472'. [ 272.578453][ T8386] FAULT_INJECTION: forcing a failure. [ 272.578453][ T8386] name failslab, interval 1, probability 0, space 0, times 0 [ 272.637682][ T8386] CPU: 0 UID: 0 PID: 8386 Comm: syz.3.471 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 272.637731][ T8386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 272.637751][ T8386] Call Trace: [ 272.637763][ T8386] [ 272.637775][ T8386] dump_stack_lvl+0x16c/0x1f0 [ 272.637836][ T8386] should_fail_ex+0x512/0x640 [ 272.637869][ T8386] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 272.637908][ T8386] should_failslab+0xc2/0x120 [ 272.637953][ T8386] __kmalloc_cache_noprof+0x6a/0x3e0 [ 272.637988][ T8386] ? assoc_array_insert+0x2fa/0x3970 [ 272.638031][ T8386] ? kasan_save_track+0x14/0x30 [ 272.638074][ T8386] assoc_array_insert+0x2fa/0x3970 [ 272.638116][ T8386] ? rcu_is_watching+0x12/0xc0 [ 272.638148][ T8386] ? trace_contention_end+0xdd/0x130 [ 272.638196][ T8386] ? __mutex_lock+0x1c4/0x10b0 [ 272.638260][ T8386] ? __pfx_assoc_array_insert+0x10/0x10 [ 272.638301][ T8386] ? __pfx___might_resched+0x10/0x10 [ 272.638343][ T8386] ? down_write+0x14d/0x200 [ 272.638374][ T8386] ? __pfx_down_write+0x10/0x10 [ 272.638412][ T8386] __key_link_begin+0xf5/0x260 [ 272.638460][ T8386] key_link+0x103/0x310 [ 272.638506][ T8386] ? __pfx_key_link+0x10/0x10 [ 272.638555][ T8386] ? bpf_lsm_key_permission+0x9/0x10 [ 272.638613][ T8386] ? key_task_permission+0x2e5/0x400 [ 272.638651][ T8386] keyctl_get_persistent+0x5c3/0x8c0 [ 272.638700][ T8386] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 272.638750][ T8386] ? __x64_sys_futex+0x1e0/0x4c0 [ 272.638790][ T8386] ? __x64_sys_futex+0x1e9/0x4c0 [ 272.638842][ T8386] ? xfd_validate_state+0x61/0x180 [ 272.638900][ T8386] __do_sys_keyctl+0x1a9/0x590 [ 272.638957][ T8386] do_syscall_64+0xcd/0x490 [ 272.639010][ T8386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.639044][ T8386] RIP: 0033:0x7f47b358eb69 [ 272.639070][ T8386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.639103][ T8386] RSP: 002b:00007f47b437f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 272.639135][ T8386] RAX: ffffffffffffffda RBX: 00007f47b37b6160 RCX: 00007f47b358eb69 [ 272.639155][ T8386] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 272.639175][ T8386] RBP: 00007f47b3611df1 R08: 0000000000000001 R09: 0000000000000000 [ 272.639201][ T8386] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 272.639220][ T8386] R13: 0000000000000000 R14: 00007f47b37b6160 R15: 00007fff06b893d8 [ 272.639263][ T8386] [ 273.933424][ T8393] bond0: option all_slaves_active: invalid value () [ 275.592349][ T8410] FAULT_INJECTION: forcing a failure. [ 275.592349][ T8410] name failslab, interval 1, probability 0, space 0, times 0 [ 275.620292][ T8410] CPU: 1 UID: 0 PID: 8410 Comm: syz.1.477 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 275.620349][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 275.620370][ T8410] Call Trace: [ 275.620381][ T8410] [ 275.620393][ T8410] dump_stack_lvl+0x16c/0x1f0 [ 275.620458][ T8410] should_fail_ex+0x512/0x640 [ 275.620490][ T8410] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 275.620535][ T8410] should_failslab+0xc2/0x120 [ 275.620581][ T8410] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 275.620622][ T8410] ? __kernfs_new_node+0xd2/0x8e0 [ 275.620672][ T8410] __kernfs_new_node+0xd2/0x8e0 [ 275.620721][ T8410] ? __pfx___kernfs_new_node+0x10/0x10 [ 275.620774][ T8410] ? find_held_lock+0x2b/0x80 [ 275.620808][ T8410] ? kernfs_root+0xee/0x2a0 [ 275.620860][ T8410] kernfs_new_node+0x13c/0x1e0 [ 275.620917][ T8410] __kernfs_create_file+0x53/0x350 [ 275.620956][ T8410] sysfs_add_file_mode_ns+0x207/0x3c0 [ 275.621007][ T8410] internal_create_group+0x578/0xf30 [ 275.621060][ T8410] ? __pfx_internal_create_group+0x10/0x10 [ 275.621113][ T8410] ? kernfs_create_link+0x1bd/0x240 [ 275.621154][ T8410] internal_create_groups+0x9d/0x150 [ 275.621202][ T8410] device_add+0xf30/0x1aa0 [ 275.621247][ T8410] ? __pfx_device_add+0x10/0x10 [ 275.621287][ T8410] ? lockdep_init_map_type+0x5c/0x280 [ 275.621345][ T8410] ? __init_waitqueue_head+0xca/0x150 [ 275.621409][ T8410] netdev_register_kobject+0x1a9/0x3d0 [ 275.621454][ T8410] register_netdevice+0x13dc/0x2270 [ 275.621497][ T8410] ? __pfx_register_netdevice+0x10/0x10 [ 275.621541][ T8410] ? __pfx_loopback_net_init+0x10/0x10 [ 275.621588][ T8410] register_netdev+0x34/0x50 [ 275.621619][ T8410] loopback_net_init+0x7a/0x170 [ 275.621667][ T8410] ? __pfx_loopback_net_init+0x10/0x10 [ 275.621711][ T8410] ops_init+0x1df/0x5f0 [ 275.621746][ T8410] setup_net+0x10f/0x380 [ 275.621772][ T8410] ? lockdep_init_map_type+0x5c/0x280 [ 275.621820][ T8410] ? __pfx_setup_net+0x10/0x10 [ 275.621852][ T8410] ? debug_mutex_init+0x37/0x70 [ 275.621889][ T8410] copy_net_ns+0x2a6/0x5f0 [ 275.621930][ T8410] create_new_namespaces+0x3ea/0xa90 [ 275.621977][ T8410] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 275.622021][ T8410] ksys_unshare+0x45b/0xa40 [ 275.622068][ T8410] ? __pfx_ksys_unshare+0x10/0x10 [ 275.622116][ T8410] ? xfd_validate_state+0x61/0x180 [ 275.622180][ T8410] __x64_sys_unshare+0x31/0x40 [ 275.622227][ T8410] do_syscall_64+0xcd/0x490 [ 275.622283][ T8410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.622317][ T8410] RIP: 0033:0x7f7c7f38eb69 [ 275.622354][ T8410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.622388][ T8410] RSP: 002b:00007f7c802d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 275.622421][ T8410] RAX: ffffffffffffffda RBX: 00007f7c7f5b5fa0 RCX: 00007f7c7f38eb69 [ 275.622443][ T8410] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 275.622463][ T8410] RBP: 00007f7c7f411df1 R08: 0000000000000000 R09: 0000000000000000 [ 275.622483][ T8410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.622502][ T8410] R13: 0000000000000000 R14: 00007f7c7f5b5fa0 R15: 00007ffdb7bb6588 [ 275.622546][ T8410] [ 275.942351][ C1] hrtimer: interrupt took 319783265 ns [ 277.822567][ T8406] delete_channel: no stack [ 278.403701][ T8250] syz.0.447 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 278.548069][ T8250] CPU: 1 UID: 0 PID: 8250 Comm: syz.0.447 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 278.548110][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 278.548128][ T8250] Call Trace: [ 278.548136][ T8250] [ 278.548146][ T8250] dump_stack_lvl+0x16c/0x1f0 [ 278.548195][ T8250] dump_header+0x101/0x930 [ 278.548233][ T8250] oom_kill_process+0x272/0xa40 [ 278.548271][ T8250] out_of_memory+0x350/0x1700 [ 278.548314][ T8250] ? __pfx_out_of_memory+0x10/0x10 [ 278.548358][ T8250] mem_cgroup_out_of_memory+0x118/0x130 [ 278.548401][ T8250] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 278.548452][ T8250] ? do_raw_spin_unlock+0x172/0x230 [ 278.548501][ T8250] try_charge_memcg+0x72b/0xd50 [ 278.548542][ T8250] ? __pfx_try_charge_memcg+0x10/0x10 [ 278.548576][ T8250] ? __print_lock_name+0x41/0xe0 [ 278.548604][ T8250] ? rcu_read_unlock+0x17/0x60 [ 278.548650][ T8250] charge_memcg+0x8a/0x230 [ 278.548684][ T8250] __mem_cgroup_charge+0x2b/0x1e0 [ 278.548724][ T8250] shmem_alloc_and_add_folio+0x514/0xc20 [ 278.548766][ T8250] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 278.548802][ T8250] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 278.548841][ T8250] shmem_get_folio_gfp+0x67f/0x1600 [ 278.548881][ T8250] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 278.548924][ T8250] shmem_write_begin+0x160/0x300 [ 278.548959][ T8250] ? __pfx_shmem_write_begin+0x10/0x10 [ 278.548998][ T8250] ? timestamp_truncate+0x21e/0x2d0 [ 278.549032][ T8250] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 278.549085][ T8250] generic_perform_write+0x3c2/0x900 [ 278.549126][ T8250] ? __pfx_generic_perform_write+0x10/0x10 [ 278.549159][ T8250] ? inode_needs_update_time.part.0+0x191/0x270 [ 278.549203][ T8250] shmem_file_write_iter+0x10e/0x140 [ 278.549243][ T8250] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 278.549279][ T8250] __kernel_write_iter+0x317/0xa90 [ 278.549314][ T8250] ? __pfx___kernel_write_iter+0x10/0x10 [ 278.549345][ T8250] ? __up_read+0x1f8/0x750 [ 278.549391][ T8250] ? dump_user_range+0x756/0xb70 [ 278.549425][ T8250] dump_user_range+0x413/0xb70 [ 278.549460][ T8250] ? __pfx_dump_user_range+0x10/0x10 [ 278.549488][ T8250] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 278.549540][ T8250] ? __pfx_writenote+0x10/0x10 [ 278.549578][ T8250] elf_core_dump+0x2929/0x3b60 [ 278.549628][ T8250] ? __pfx_elf_core_dump+0x10/0x10 [ 278.549666][ T8250] ? __pfx_event_filter_pid_sched_wakeup_probe_post+0x10/0x10 [ 278.549708][ T8250] ? find_held_lock+0x2b/0x80 [ 278.549734][ T8250] ? 0xffffffffff600000 [ 278.549760][ T8250] ? rcu_is_watching+0x12/0xc0 [ 278.549787][ T8250] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 278.549825][ T8250] ? lockdep_hardirqs_on+0x7c/0x110 [ 278.549920][ T8250] ? vfs_coredump+0x2ba2/0x56d0 [ 278.549943][ T8250] vfs_coredump+0x2ba2/0x56d0 [ 278.549990][ T8250] ? __pfx_vfs_coredump+0x10/0x10 [ 278.550019][ T8250] ? __lock_acquire+0x62e/0x1ce0 [ 278.550062][ T8250] ? __lock_acquire+0x62e/0x1ce0 [ 278.550101][ T8250] ? lock_acquire+0x179/0x350 [ 278.550154][ T8250] ? is_bpf_text_address+0x8a/0x1a0 [ 278.550189][ T8250] ? bpf_ksym_find+0x124/0x1c0 [ 278.550227][ T8250] ? __kernel_text_address+0xd/0x40 [ 278.550255][ T8250] ? unwind_get_return_address+0x59/0xa0 [ 278.550287][ T8250] ? arch_stack_walk+0xa6/0x100 [ 278.550334][ T8250] ? stack_trace_save+0x8e/0xc0 [ 278.550368][ T8250] ? __pfx_stack_trace_save+0x10/0x10 [ 278.550403][ T8250] ? stack_depot_save_flags+0x28/0xa40 [ 278.550435][ T8250] ? __lock_acquire+0xb97/0x1ce0 [ 278.550550][ T8250] ? proc_coredump_connector+0x2d1/0x4f0 [ 278.550595][ T8250] ? __pfx_proc_coredump_connector+0x10/0x10 [ 278.550651][ T8250] ? rcu_is_watching+0x12/0xc0 [ 278.550689][ T8250] get_signal+0x22e3/0x26d0 [ 278.550743][ T8250] ? __pfx_get_signal+0x10/0x10 [ 278.550782][ T8250] ? rcu_is_watching+0x12/0xc0 [ 278.550814][ T8250] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 278.550868][ T8250] arch_do_signal_or_restart+0x8f/0x790 [ 278.550913][ T8250] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 278.550993][ T8250] irqentry_exit_to_user_mode+0x12a/0x270 [ 278.551043][ T8250] asm_exc_page_fault+0x26/0x30 [ 278.551074][ T8250] RIP: 0033:0x0 [ 278.551096][ T8250] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 278.551110][ T8250] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 278.551135][ T8250] RAX: 0000000000000000 RBX: 00007f188cbb6080 RCX: 00007f188c98eb69 [ 278.551156][ T8250] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 278.551175][ T8250] RBP: 00007f188ca11df1 R08: 0000000000000002 R09: 0000000000000000 [ 278.551194][ T8250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.551212][ T8250] R13: 0000000000000001 R14: 00007f188cbb6080 R15: 00007ffc4738b408 [ 278.551254][ T8250] [ 278.551273][ T8250] memory: usage 307200kB, limit 307200kB, failcnt 25841 [ 279.412244][ T8250] memory+swap: usage 432024kB, limit 9007199254740988kB, failcnt 0 [ 279.498168][ T8435] FAULT_INJECTION: forcing a failure. [ 279.498168][ T8435] name fail_futex, interval 1, probability 0, space 0, times 0 [ 279.521935][ T8250] kmem: usage 3320kB, limit 9007199254740988kB, failcnt 0 [ 279.529718][ T8250] Memory cgroup stats for /syz0: [ 279.531961][ T8250] cache 310923264 [ 279.543418][ T8250] rss 172032 [ 279.546681][ T8250] rss_huge 0 [ 279.550568][ T8250] shmem 310923264 [ 279.550657][ T8435] CPU: 1 UID: 0 PID: 8435 Comm: syz.3.483 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 279.550709][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 279.550733][ T8435] Call Trace: [ 279.550745][ T8435] [ 279.550760][ T8435] dump_stack_lvl+0x16c/0x1f0 [ 279.550825][ T8435] should_fail_ex+0x512/0x640 [ 279.550868][ T8435] get_futex_key+0x1d0/0x1560 [ 279.550918][ T8435] ? __pfx_get_futex_key+0x10/0x10 [ 279.550966][ T8435] ? __pfx___schedule+0x10/0x10 [ 279.551017][ T8435] ? do_raw_spin_unlock+0x172/0x230 [ 279.551082][ T8435] futex_wait_setup+0x9d/0x550 [ 279.551153][ T8435] __futex_wait+0x194/0x2f0 [ 279.551210][ T8435] ? __pfx___futex_wait+0x10/0x10 [ 279.551274][ T8435] ? __pfx_futex_wake_mark+0x10/0x10 [ 279.551337][ T8435] ? futex_private_hash_put+0x176/0x300 [ 279.551386][ T8435] ? futex_private_hash_put+0x18a/0x300 [ 279.551435][ T8435] futex_wait+0xe8/0x380 [ 279.551491][ T8435] ? __pfx_futex_wait+0x10/0x10 [ 279.551558][ T8435] ? keyctl_get_persistent+0x5ec/0x8c0 [ 279.551629][ T8435] do_futex+0x229/0x350 [ 279.551677][ T8435] ? __pfx_do_futex+0x10/0x10 [ 279.551726][ T8435] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 279.551779][ T8435] __x64_sys_futex+0x1e0/0x4c0 [ 279.551833][ T8435] ? __pfx___x64_sys_futex+0x10/0x10 [ 279.551882][ T8435] ? xfd_validate_state+0x61/0x180 [ 279.551952][ T8435] do_syscall_64+0xcd/0x490 [ 279.552014][ T8435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.552052][ T8435] RIP: 0033:0x7f47b358eb69 [ 279.552083][ T8435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.552122][ T8435] RSP: 002b:00007f47b43c10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 279.552158][ T8435] RAX: ffffffffffffffda RBX: 00007f47b37b5fa8 RCX: 00007f47b358eb69 [ 279.552184][ T8435] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f47b37b5fa8 [ 279.552208][ T8435] RBP: 00007f47b37b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 279.552230][ T8435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47b37b5fac [ 279.552254][ T8435] R13: 0000000000000000 R14: 00007fff06b892f0 R15: 00007fff06b893d8 [ 279.552300][ T8435] [ 279.820669][ T8250] mapped_file 22994944 [ 279.859724][ T8250] dirty 0 [ 279.882518][ T8250] writeback 0 [ 279.958003][ T8250] workingset_refault_anon 1169 [ 279.965324][ T8250] workingset_refault_file 257 [ 279.970025][ T8250] swap 127819776 [ 279.987312][ T8250] swapcached 77824 [ 279.991768][ T8250] pgpgin 315391 [ 280.009672][ T8250] pgpgout 239452 [ 280.042687][ T8250] pgfault 139114 [ 280.049923][ T8250] pgmajfault 313 [ 280.084470][ T8250] inactive_anon 310337536 [ 280.088859][ T8250] active_anon 757760 [ 280.105343][ T8250] inactive_file 0 [ 280.109045][ T8250] active_file 0 [ 280.112511][ T8250] unevictable 0 [ 280.152839][ T8250] hierarchical_memory_limit 314572800 [ 280.168472][ T8250] hierarchical_memsw_limit 9223372036854771712 [ 280.182669][ T8250] total_cache 310923264 [ 280.186879][ T8250] total_rss 172032 [ 280.207937][ T8250] total_rss_huge 0 [ 280.298685][ T8250] total_shmem 310923264 [ 280.316308][ T8250] total_mapped_file 22994944 [ 280.332677][ T8250] total_dirty 0 [ 280.336201][ T8250] total_writeback 0 [ 280.340039][ T8250] total_workingset_refault_anon 1169 [ 280.402835][ T8250] total_workingset_refault_file 257 [ 280.408157][ T8250] total_swap 127819776 [ 280.412264][ T8250] total_swapcached 77824 [ 280.452688][ T8250] total_pgpgin 315391 [ 280.461473][ T8250] total_pgpgout 239452 [ 280.495924][ T8250] total_pgfault 139114 [ 280.500066][ T8250] total_pgmajfault 313 [ 280.532726][ T8250] total_inactive_anon 310337536 [ 280.537646][ T8250] total_active_anon 757760 [ 280.542069][ T8250] total_inactive_file 0 [ 280.577427][ T8250] total_active_file 0 [ 280.581480][ T8250] total_unevictable 0 [ 280.586455][ T8250] anon_cost 12419 [ 280.590135][ T8250] file_cost 375 [ 280.597583][ T8250] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.443,pid=8224,uid=0 [ 280.651967][ T8250] Memory cgroup out of memory: Killed process 8224 (syz.0.443) total-vm:104140kB, anon-rss:996kB, file-rss:53888kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000 [ 282.873172][ T8472] vhci_hcd: pdev 268435455 [ 282.889827][ T33] oom_reaper: reaped process 8224 (syz.0.443), now anon-rss:72kB, file-rss:12420kB, shmem-rss:0kB [ 282.997025][ T8261] syz.0.447 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 283.731261][ T8478] input: jJΗΈ-Άš9γ%vψ“ϋJ86Φ‘ as /devices/virtual/input/input8 [ 283.938464][ T8261] CPU: 1 UID: 0 PID: 8261 Comm: syz.0.447 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 283.938511][ T8261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 283.938530][ T8261] Call Trace: [ 283.938541][ T8261] [ 283.938553][ T8261] dump_stack_lvl+0x16c/0x1f0 [ 283.938609][ T8261] dump_header+0x101/0x930 [ 283.938655][ T8261] oom_kill_process+0x272/0xa40 [ 283.938700][ T8261] out_of_memory+0x350/0x1700 [ 283.938750][ T8261] ? __pfx_out_of_memory+0x10/0x10 [ 283.938803][ T8261] mem_cgroup_out_of_memory+0x118/0x130 [ 283.938854][ T8261] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 283.938916][ T8261] ? do_raw_spin_unlock+0x172/0x230 [ 283.938975][ T8261] try_charge_memcg+0x72b/0xd50 [ 283.939023][ T8261] ? __pfx_try_charge_memcg+0x10/0x10 [ 283.939062][ T8261] ? __print_lock_name+0x41/0xe0 [ 283.939096][ T8261] ? rcu_read_unlock+0x17/0x60 [ 283.939150][ T8261] charge_memcg+0x8a/0x230 [ 283.939190][ T8261] __mem_cgroup_charge+0x2b/0x1e0 [ 283.939236][ T8261] shmem_alloc_and_add_folio+0x514/0xc20 [ 283.939285][ T8261] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 283.939327][ T8261] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 283.939375][ T8261] shmem_get_folio_gfp+0x67f/0x1600 [ 283.939431][ T8261] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 283.939483][ T8261] shmem_write_begin+0x160/0x300 [ 283.939526][ T8261] ? __pfx_shmem_write_begin+0x10/0x10 [ 283.939562][ T8261] ? timestamp_truncate+0x21e/0x2d0 [ 283.939601][ T8261] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 283.939662][ T8261] generic_perform_write+0x3c2/0x900 [ 283.939712][ T8261] ? __pfx_generic_perform_write+0x10/0x10 [ 283.939751][ T8261] ? inode_needs_update_time.part.0+0x191/0x270 [ 283.939805][ T8261] shmem_file_write_iter+0x10e/0x140 [ 283.939853][ T8261] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 283.939896][ T8261] __kernel_write_iter+0x317/0xa90 [ 283.939939][ T8261] ? __pfx___kernel_write_iter+0x10/0x10 [ 283.939977][ T8261] ? __up_read+0x1f8/0x750 [ 283.940028][ T8261] ? dump_user_range+0x756/0xb70 [ 283.940059][ T8261] ? dump_user_range+0x756/0xb70 [ 283.940097][ T8261] dump_user_range+0x413/0xb70 [ 283.940140][ T8261] ? __pfx_dump_user_range+0x10/0x10 [ 283.940176][ T8261] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 283.940238][ T8261] ? __pfx_writenote+0x10/0x10 [ 283.940284][ T8261] elf_core_dump+0x2929/0x3b60 [ 283.940343][ T8261] ? __pfx_elf_core_dump+0x10/0x10 [ 283.940388][ T8261] ? __pfx_event_filter_pid_sched_wakeup_probe_post+0x10/0x10 [ 283.940454][ T8261] ? find_held_lock+0x2b/0x80 [ 283.940484][ T8261] ? 0xffffffffff600000 [ 283.940512][ T8261] ? rcu_is_watching+0x12/0xc0 [ 283.940543][ T8261] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 283.940589][ T8261] ? lockdep_hardirqs_on+0x7c/0x110 [ 283.940700][ T8261] ? vfs_coredump+0x2ba2/0x56d0 [ 283.940729][ T8261] vfs_coredump+0x2ba2/0x56d0 [ 283.940776][ T8261] ? __pfx_vfs_coredump+0x10/0x10 [ 283.940809][ T8261] ? __lock_acquire+0x62e/0x1ce0 [ 283.940862][ T8261] ? __lock_acquire+0x62e/0x1ce0 [ 283.940909][ T8261] ? lock_acquire+0x179/0x350 [ 283.940974][ T8261] ? __lock_acquire+0x62e/0x1ce0 [ 283.941035][ T8261] ? lock_acquire+0x179/0x350 [ 283.941079][ T8261] ? find_held_lock+0x2b/0x80 [ 283.941112][ T8261] ? stack_depot_save_flags+0x3e0/0xa40 [ 283.941146][ T8261] ? __pfx___cant_migrate+0x10/0x10 [ 283.941184][ T8261] ? do_raw_spin_unlock+0x172/0x230 [ 283.941234][ T8261] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 283.941281][ T8261] ? stack_depot_save_flags+0x3e0/0xa40 [ 283.941407][ T8261] ? proc_coredump_connector+0x2d1/0x4f0 [ 283.941454][ T8261] ? __pfx_proc_coredump_connector+0x10/0x10 [ 283.941509][ T8261] ? rcu_is_watching+0x12/0xc0 [ 283.941549][ T8261] get_signal+0x22e3/0x26d0 [ 283.941604][ T8261] ? __pfx_get_signal+0x10/0x10 [ 283.941655][ T8261] arch_do_signal_or_restart+0x8f/0x790 [ 283.941700][ T8261] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 283.941754][ T8261] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 283.941804][ T8261] ? do_error_trap+0x214/0x240 [ 283.941856][ T8261] irqentry_exit_to_user_mode+0x12a/0x270 [ 283.941908][ T8261] asm_exc_invalid_op+0x1a/0x20 [ 283.941940][ T8261] RIP: 0033:0x0 [ 283.941961][ T8261] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 283.941976][ T8261] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 283.942001][ T8261] RAX: 0000000000000000 RBX: 00007f188cbb6080 RCX: 00007f188c98eb69 [ 283.942021][ T8261] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 283.942039][ T8261] RBP: 00007f188ca11df1 R08: 0000000000000002 R09: 0000000000000000 [ 283.942057][ T8261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 283.942075][ T8261] R13: 0000000000000001 R14: 00007f188cbb6080 R15: 00007ffc4738b408 [ 283.942117][ T8261] [ 284.744556][ T8482] FAULT_INJECTION: forcing a failure. [ 284.744556][ T8482] name failslab, interval 1, probability 0, space 0, times 0 [ 284.802988][ T8482] CPU: 0 UID: 0 PID: 8482 Comm: syz.1.491 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 284.803036][ T8482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 284.803051][ T8482] Call Trace: [ 284.803058][ T8482] [ 284.803067][ T8482] dump_stack_lvl+0x16c/0x1f0 [ 284.803110][ T8482] should_fail_ex+0x512/0x640 [ 284.803142][ T8482] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 284.803174][ T8482] should_failslab+0xc2/0x120 [ 284.803207][ T8482] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 284.803235][ T8482] ? ptlock_alloc+0x1f/0x70 [ 284.803264][ T8482] ptlock_alloc+0x1f/0x70 [ 284.803286][ T8482] pte_alloc_one+0x82/0x3a0 [ 284.803312][ T8482] do_pte_missing+0x1afc/0x3ba0 [ 284.803336][ T8482] ? do_raw_spin_unlock+0x172/0x230 [ 284.803376][ T8482] ? __pmd_alloc+0x3fb/0x930 [ 284.803413][ T8482] __handle_mm_fault+0x152a/0x2a50 [ 284.803441][ T8482] ? mt_find+0x3ef/0xa30 [ 284.803465][ T8482] ? __pfx___handle_mm_fault+0x10/0x10 [ 284.803487][ T8482] ? __pfx_mt_find+0x10/0x10 [ 284.803525][ T8482] ? find_vma+0xbf/0x140 [ 284.803555][ T8482] ? __pfx_find_vma+0x10/0x10 [ 284.803589][ T8482] handle_mm_fault+0x589/0xd10 [ 284.803614][ T8482] ? __pkru_allows_pkey+0x51/0xb0 [ 284.803652][ T8482] do_user_addr_fault+0x7a6/0x1370 [ 284.803693][ T8482] ? rcu_is_watching+0x12/0xc0 [ 284.803719][ T8482] exc_page_fault+0x5c/0xb0 [ 284.803754][ T8482] asm_exc_page_fault+0x26/0x30 [ 284.803777][ T8482] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 284.803809][ T8482] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 22 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 284.803833][ T8482] RSP: 0018:ffffc900033a7dd0 EFLAGS: 00050216 [ 284.803853][ T8482] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000020 [ 284.803867][ T8482] RDX: fffff52000674fce RSI: 0000000000000000 RDI: ffffc900033a7e50 [ 284.803882][ T8482] RBP: 0000000000000020 R08: 0000000000000001 R09: fffff52000674fcd [ 284.803897][ T8482] R10: ffffc900033a7e6f R11: 0000000000000000 R12: 0000000000000000 [ 284.803912][ T8482] R13: ffffc900033a7e50 R14: 0000000000000026 R15: ffffc900033a7e50 [ 284.803942][ T8482] _copy_from_user+0x98/0xd0 [ 284.803972][ T8482] do_fcntl+0xba2/0x15a0 [ 284.804007][ T8482] ? __pfx_do_fcntl+0x10/0x10 [ 284.804048][ T8482] ? tomoyo_file_fcntl+0x6c/0xc0 [ 284.804088][ T8482] __x64_sys_fcntl+0x163/0x200 [ 284.804133][ T8482] do_syscall_64+0xcd/0x490 [ 284.804173][ T8482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.804197][ T8482] RIP: 0033:0x7f7c7f38eb69 [ 284.804214][ T8482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.804237][ T8482] RSP: 002b:00007f7c802d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 284.804258][ T8482] RAX: ffffffffffffffda RBX: 00007f7c7f5b5fa0 RCX: 00007f7c7f38eb69 [ 284.804274][ T8482] RDX: 0000000000000000 RSI: 0000000000000026 RDI: 0000000000000007 [ 284.804287][ T8482] RBP: 00007f7c7f411df1 R08: 0000000000000000 R09: 0000000000000000 [ 284.804301][ T8482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.804315][ T8482] R13: 0000000000000000 R14: 00007f7c7f5b5fa0 R15: 00007ffdb7bb6588 [ 284.804344][ T8482] [ 284.938402][ T8261] memory: usage 307200kB, limit 307200kB, failcnt 27182 [ 285.255816][ T8261] memory+swap: usage 432032kB, limit 9007199254740988kB, failcnt 0 [ 285.264946][ T8261] kmem: usage 3096kB, limit 9007199254740988kB, failcnt 0 [ 285.273610][ T8261] Memory cgroup stats for /syz0: [ 285.273818][ T8261] cache 311136256 [ 285.698427][ T8261] rss 188416 [ 285.747994][ T8261] rss_huge 0 [ 285.802305][ T8261] shmem 311046144 [ 285.820716][ T8261] mapped_file 23003136 [ 285.881235][ T8261] dirty 0 [ 285.965336][ T8261] writeback 0 [ 286.022776][ T8261] workingset_refault_anon 1169 [ 286.049664][ T8261] workingset_refault_file 279 [ 286.209609][ T8261] swap 127832064 [ 286.345858][ T8261] swapcached 73728 [ 286.349658][ T8261] pgpgin 315778 [ 286.869541][ T8261] pgpgout 239784 [ 286.876441][ T8261] pgfault 139120 [ 286.880244][ T8261] pgmajfault 314 [ 286.883934][ T8261] inactive_anon 199581696 [ 286.888285][ T8261] active_anon 110936064 [ 286.898811][ T8261] inactive_file 0 [ 286.902513][ T8261] active_file 0 [ 286.906572][ T8261] unevictable 0 [ 286.910162][ T8261] hierarchical_memory_limit 314572800 [ 286.915975][ T8261] hierarchical_memsw_limit 9223372036854771712 [ 286.922349][ T8261] total_cache 311136256 [ 286.927082][ T8261] total_rss 188416 [ 286.930860][ T8261] total_rss_huge 0 [ 286.935253][ T8261] total_shmem 311046144 [ 286.939533][ T8261] total_mapped_file 23003136 [ 286.996352][ T8261] total_dirty 0 [ 287.090884][ T8261] total_writeback 0 [ 287.222735][ T8261] total_workingset_refault_anon 1169 [ 287.306092][ T8261] total_workingset_refault_file 279 [ 287.311342][ T8261] total_swap 127832064 [ 287.322736][ T8497] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 287.339776][ T8497] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 287.387086][ T8261] total_swapcached 73728 [ 287.391405][ T8261] total_pgpgin 315778 [ 287.511132][ T8261] total_pgpgout 239784 [ 287.566496][ T8261] total_pgfault 139120 [ 287.596882][ T8497] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 287.616308][ T8497] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 287.654420][ T8261] total_pgmajfault 314 [ 287.690716][ T8261] total_inactive_anon 199581696 [ 287.729796][ T8261] total_active_anon 110936064 [ 287.739071][ T8261] total_inactive_file 0 [ 287.750442][ T8261] total_active_file 0 [ 287.755894][ T8261] total_unevictable 0 [ 287.760433][ T8261] anon_cost 12046 [ 287.764724][ T8261] file_cost 666 [ 287.768604][ T8261] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.447,pid=8267,uid=0 [ 287.769394][ T8497] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 287.786230][ T8261] Memory cgroup out of memory: Killed process 8267 (syz.0.447) total-vm:131548kB, anon-rss:1084kB, file-rss:21668kB, shmem-rss:21884kB, UID:0 pgtables:172kB oom_score_adj:1000 [ 287.842935][ T8497] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 288.267236][ T8523] program syz.1.499 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 288.510474][ T8497] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 288.966819][ T8497] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 288.982850][ T8497] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 289.344257][ T5875] Bluetooth: hci0: command 0x0406 tx timeout [ 289.429650][ T8264] syz.0.447 (8264) used greatest stack depth: 20888 bytes left [ 289.662906][ T5875] Bluetooth: hci3: command 0x0406 tx timeout [ 289.822953][ T5875] Bluetooth: hci2: command 0x0406 tx timeout [ 290.337605][ T8559] program syz.1.509 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 290.371327][ T8252] syz.0.447 (8252) used greatest stack depth: 20408 bytes left [ 290.711738][ T8267] syz.0.447 (8267) used greatest stack depth: 18696 bytes left [ 291.043870][ T5875] Bluetooth: hci1: command 0x0406 tx timeout [ 291.423944][ T5875] Bluetooth: hci0: command 0x0406 tx timeout [ 291.749679][ T5875] Bluetooth: hci3: command 0x0406 tx timeout [ 291.905152][ T5875] Bluetooth: hci2: command 0x0406 tx timeout [ 291.945569][ T8254] syz.0.447 (8254) used greatest stack depth: 18248 bytes left [ 292.392309][ T8584] netlink: 28 bytes leftover after parsing attributes in process `syz.0.504'. [ 293.118938][ T5875] Bluetooth: hci1: command 0x0406 tx timeout [ 293.983332][ T5875] Bluetooth: hci2: command 0x0406 tx timeout [ 294.420686][ T8624] FAULT_INJECTION: forcing a failure. [ 294.420686][ T8624] name failslab, interval 1, probability 0, space 0, times 0 [ 294.482333][ T8624] CPU: 1 UID: 0 PID: 8624 Comm: syz.0.519 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 294.482378][ T8624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 294.482398][ T8624] Call Trace: [ 294.482409][ T8624] [ 294.482421][ T8624] dump_stack_lvl+0x16c/0x1f0 [ 294.482477][ T8624] should_fail_ex+0x512/0x640 [ 294.482509][ T8624] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 294.482546][ T8624] should_failslab+0xc2/0x120 [ 294.482594][ T8624] __kmalloc_cache_noprof+0x6a/0x3e0 [ 294.482627][ T8624] ? assoc_array_insert+0x2fa/0x3970 [ 294.482668][ T8624] ? kasan_save_track+0x14/0x30 [ 294.482710][ T8624] assoc_array_insert+0x2fa/0x3970 [ 294.482754][ T8624] ? rcu_is_watching+0x12/0xc0 [ 294.482790][ T8624] ? trace_contention_end+0xdd/0x130 [ 294.482838][ T8624] ? __mutex_lock+0x1c4/0x10b0 [ 294.482902][ T8624] ? __pfx_assoc_array_insert+0x10/0x10 [ 294.482943][ T8624] ? __pfx___might_resched+0x10/0x10 [ 294.482986][ T8624] ? down_write+0x14d/0x200 [ 294.483018][ T8624] ? __pfx_down_write+0x10/0x10 [ 294.483056][ T8624] __key_link_begin+0xf5/0x260 [ 294.483104][ T8624] key_link+0x103/0x310 [ 294.483161][ T8624] ? __pfx_key_link+0x10/0x10 [ 294.483204][ T8624] ? bpf_lsm_key_permission+0x9/0x10 [ 294.483261][ T8624] ? key_task_permission+0x2e5/0x400 [ 294.483299][ T8624] keyctl_get_persistent+0x5c3/0x8c0 [ 294.483344][ T8624] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 294.483392][ T8624] ? __x64_sys_futex+0x1e0/0x4c0 [ 294.483433][ T8624] ? __x64_sys_futex+0x1e9/0x4c0 [ 294.483484][ T8624] ? xfd_validate_state+0x61/0x180 [ 294.483543][ T8624] __do_sys_keyctl+0x1a9/0x590 [ 294.483598][ T8624] do_syscall_64+0xcd/0x490 [ 294.483655][ T8624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.483689][ T8624] RIP: 0033:0x7f188c98eb69 [ 294.483717][ T8624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.483750][ T8624] RSP: 002b:00007f188d82c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 294.483783][ T8624] RAX: ffffffffffffffda RBX: 00007f188cbb6160 RCX: 00007f188c98eb69 [ 294.483805][ T8624] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 294.483826][ T8624] RBP: 00007f188ca11df1 R08: 0000000000000001 R09: 0000000000000000 [ 294.483846][ T8624] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 294.483867][ T8624] R13: 0000000000000000 R14: 00007f188cbb6160 R15: 00007ffc4738b408 [ 294.483909][ T8624] [ 297.923365][ T8686] netlink: 28 bytes leftover after parsing attributes in process `syz.2.535'. [ 300.084112][ T8715] ALSA: mixer_oss: invalid OSS volume '0' [ 300.133682][ T8715] ALSA: mixer_oss: invalid OSS volume '' [ 301.429379][ T8736] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 301.446813][ T8736] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 301.454521][ T8736] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 301.454572][ T8743] program syz.1.546 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 301.460693][ T8736] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 302.359723][ T8760] ima: policy update failed [ 302.389591][ T31] audit: type=1802 audit(1754298521.663:12): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.547" res=0 errno=0 [ 302.782754][ T5185] Bluetooth: hci0: command 0x0406 tx timeout [ 303.503069][ T5185] Bluetooth: hci1: command 0x0406 tx timeout [ 303.509290][ T5185] Bluetooth: hci2: command 0x0406 tx timeout [ 303.515671][ T5875] Bluetooth: hci3: command 0x0406 tx timeout [ 304.323177][ T8782] FAULT_INJECTION: forcing a failure. [ 304.323177][ T8782] name failslab, interval 1, probability 0, space 0, times 0 [ 304.552777][ T8782] CPU: 1 UID: 0 PID: 8782 Comm: syz.2.551 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 304.552825][ T8782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.552845][ T8782] Call Trace: [ 304.552857][ T8782] [ 304.552870][ T8782] dump_stack_lvl+0x16c/0x1f0 [ 304.552927][ T8782] should_fail_ex+0x512/0x640 [ 304.552956][ T8782] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 304.552994][ T8782] should_failslab+0xc2/0x120 [ 304.553044][ T8782] __kmalloc_cache_noprof+0x6a/0x3e0 [ 304.553081][ T8782] ? assoc_array_insert+0x2fa/0x3970 [ 304.553122][ T8782] ? kasan_save_track+0x14/0x30 [ 304.553163][ T8782] assoc_array_insert+0x2fa/0x3970 [ 304.553205][ T8782] ? rcu_is_watching+0x12/0xc0 [ 304.553239][ T8782] ? trace_contention_end+0xdd/0x130 [ 304.553288][ T8782] ? __mutex_lock+0x1c4/0x10b0 [ 304.553354][ T8782] ? __pfx_assoc_array_insert+0x10/0x10 [ 304.553393][ T8782] ? __pfx___might_resched+0x10/0x10 [ 304.553438][ T8782] ? down_write+0x14d/0x200 [ 304.553479][ T8782] ? __pfx_down_write+0x10/0x10 [ 304.553518][ T8782] __key_link_begin+0xf5/0x260 [ 304.553568][ T8782] key_link+0x103/0x310 [ 304.553613][ T8782] ? __pfx_key_link+0x10/0x10 [ 304.553656][ T8782] ? bpf_lsm_key_permission+0x9/0x10 [ 304.553713][ T8782] ? key_task_permission+0x2e5/0x400 [ 304.553749][ T8782] keyctl_get_persistent+0x5c3/0x8c0 [ 304.553793][ T8782] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 304.553841][ T8782] ? __x64_sys_futex+0x1e0/0x4c0 [ 304.553882][ T8782] ? __x64_sys_futex+0x1e9/0x4c0 [ 304.553932][ T8782] ? xfd_validate_state+0x61/0x180 [ 304.553992][ T8782] __do_sys_keyctl+0x1a9/0x590 [ 304.554049][ T8782] do_syscall_64+0xcd/0x490 [ 304.554102][ T8782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.554136][ T8782] RIP: 0033:0x7faae618eb69 [ 304.554163][ T8782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.554196][ T8782] RSP: 002b:00007faae7037038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 304.554227][ T8782] RAX: ffffffffffffffda RBX: 00007faae63b6160 RCX: 00007faae618eb69 [ 304.554246][ T8782] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 304.554268][ T8782] RBP: 00007faae6211df1 R08: 0000000000000001 R09: 0000000000000000 [ 304.554289][ T8782] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 304.554310][ T8782] R13: 0000000000000000 R14: 00007faae63b6160 R15: 00007fff7fb955c8 [ 304.554354][ T8782] [ 308.176188][ T8807] FAULT_INJECTION: forcing a failure. [ 308.176188][ T8807] name failslab, interval 1, probability 0, space 0, times 0 [ 308.240781][ T8807] CPU: 0 UID: 0 PID: 8807 Comm: syz.0.557 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 308.240830][ T8807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 308.240851][ T8807] Call Trace: [ 308.240862][ T8807] [ 308.240876][ T8807] dump_stack_lvl+0x16c/0x1f0 [ 308.240934][ T8807] should_fail_ex+0x512/0x640 [ 308.240968][ T8807] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 308.241015][ T8807] should_failslab+0xc2/0x120 [ 308.241070][ T8807] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 308.241111][ T8807] ? sock_alloc_inode+0x25/0x1c0 [ 308.241151][ T8807] ? __pfx_sock_alloc_inode+0x10/0x10 [ 308.241183][ T8807] sock_alloc_inode+0x25/0x1c0 [ 308.241250][ T8807] alloc_inode+0x61/0x240 [ 308.241300][ T8807] sock_alloc+0x40/0x280 [ 308.241334][ T8807] __sock_create+0xc1/0x8d0 [ 308.241380][ T8807] __sys_socketpair+0x25c/0x5a0 [ 308.241426][ T8807] ? __pfx___sys_socketpair+0x10/0x10 [ 308.241466][ T8807] ? fput+0x9b/0xd0 [ 308.241515][ T8807] ? xfd_validate_state+0x61/0x180 [ 308.241564][ T8807] ? __pfx_ksys_write+0x10/0x10 [ 308.241610][ T8807] __x64_sys_socketpair+0x96/0x100 [ 308.241652][ T8807] ? lockdep_hardirqs_on+0x7c/0x110 [ 308.241702][ T8807] do_syscall_64+0xcd/0x490 [ 308.241759][ T8807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.241801][ T8807] RIP: 0033:0x7f188c98eb69 [ 308.241829][ T8807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.241864][ T8807] RSP: 002b:00007f188d86e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 308.241896][ T8807] RAX: ffffffffffffffda RBX: 00007f188cbb5fa0 RCX: 00007f188c98eb69 [ 308.241918][ T8807] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 308.241939][ T8807] RBP: 00007f188ca11df1 R08: 0000000000000000 R09: 0000000000000000 [ 308.241960][ T8807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 308.241980][ T8807] R13: 0000000000000000 R14: 00007f188cbb5fa0 R15: 00007ffc4738b408 [ 308.242022][ T8807] [ 308.242039][ T8807] socket: no more sockets [ 308.766968][ T8820] ksmbd: Unknown IPC event: 14, ignore. [ 310.088246][ T8839] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.565'. [ 310.722749][ T8853] program syz.0.567 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 310.996132][ T31] audit: type=1800 audit(1754298530.273:13): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.569" name="members" dev="configfs" ino=25749 res=0 errno=0 [ 315.028203][ T8929] program syz.2.578 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 316.399094][ T8964] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 317.361097][ T8983] netlink: 'syz.0.590': attribute type 1 has an invalid length. [ 318.172847][ T8992] zswap: compressor not available [ 318.179493][ T9001] Setting dangerous option i915.mitigations - tainting kernel [ 319.299298][ T9020] WARNING! power/level is deprecated; use power/control instead [ 319.938621][ T5185] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 319.938667][ T5185] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 319.955803][ T5185] Bluetooth: hci0: Dropping invalid advertising data [ 319.962552][ T5185] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 320.215522][ T9039] program syz.0.604 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 320.580619][ T5185] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 320.580668][ T5185] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 320.596320][ T5185] Bluetooth: hci0: Dropping invalid advertising data [ 320.603624][ T5185] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 320.603672][ T5185] Bluetooth: hci0: unknown advertising packet type: 0x20 [ 323.351444][ T9091] FAULT_INJECTION: forcing a failure. [ 323.351444][ T9091] name failslab, interval 1, probability 0, space 0, times 0 [ 323.392183][ T9091] CPU: 0 UID: 0 PID: 9091 Comm: syz.2.616 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 323.392236][ T9091] Tainted: [U]=USER [ 323.392246][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 323.392266][ T9091] Call Trace: [ 323.392278][ T9091] [ 323.392291][ T9091] dump_stack_lvl+0x16c/0x1f0 [ 323.392352][ T9091] should_fail_ex+0x512/0x640 [ 323.392384][ T9091] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 323.392429][ T9091] should_failslab+0xc2/0x120 [ 323.392474][ T9091] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 323.392516][ T9091] ? security_file_alloc+0x34/0x2b0 [ 323.392561][ T9091] security_file_alloc+0x34/0x2b0 [ 323.392612][ T9091] init_file+0x93/0x4c0 [ 323.392658][ T9091] alloc_empty_file+0x73/0x1e0 [ 323.392707][ T9091] path_openat+0xda/0x2cb0 [ 323.392742][ T9091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.392792][ T9091] ? __pfx_path_openat+0x10/0x10 [ 323.392844][ T9091] do_filp_open+0x20b/0x470 [ 323.392884][ T9091] ? __pfx_do_filp_open+0x10/0x10 [ 323.392955][ T9091] ? alloc_fd+0x471/0x7d0 [ 323.393002][ T9091] do_sys_openat2+0x11b/0x1d0 [ 323.393053][ T9091] ? __pfx_do_sys_openat2+0x10/0x10 [ 323.393120][ T9091] __x64_sys_openat+0x174/0x210 [ 323.393181][ T9091] ? __pfx___x64_sys_openat+0x10/0x10 [ 323.393250][ T9091] do_syscall_64+0xcd/0x490 [ 323.393306][ T9091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.393340][ T9091] RIP: 0033:0x7faae618eb69 [ 323.393365][ T9091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.393399][ T9091] RSP: 002b:00007faae7079038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 323.393431][ T9091] RAX: ffffffffffffffda RBX: 00007faae63b5fa0 RCX: 00007faae618eb69 [ 323.393453][ T9091] RDX: 0000000000000080 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 323.393474][ T9091] RBP: 00007faae6211df1 R08: 0000000000000000 R09: 0000000000000000 [ 323.393494][ T9091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.393513][ T9091] R13: 0000000000000000 R14: 00007faae63b5fa0 R15: 00007fff7fb955c8 [ 323.393552][ T9091] [ 323.633837][ T9095] FAULT_INJECTION: forcing a failure. [ 323.633837][ T9095] name failslab, interval 1, probability 0, space 0, times 0 [ 323.647223][ T9095] CPU: 0 UID: 0 PID: 9095 Comm: syz.3.614 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 323.647269][ T9095] Tainted: [U]=USER [ 323.647277][ T9095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 323.647293][ T9095] Call Trace: [ 323.647301][ T9095] [ 323.647310][ T9095] dump_stack_lvl+0x16c/0x1f0 [ 323.647351][ T9095] should_fail_ex+0x512/0x640 [ 323.647375][ T9095] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 323.647403][ T9095] should_failslab+0xc2/0x120 [ 323.647435][ T9095] __kmalloc_cache_noprof+0x6a/0x3e0 [ 323.647459][ T9095] ? __mutex_trylock_common+0xe9/0x250 [ 323.647503][ T9095] ? assoc_array_insert+0x10c/0x3970 [ 323.647541][ T9095] ? __pfx___mutex_trylock_common+0x10/0x10 [ 323.647577][ T9095] assoc_array_insert+0x10c/0x3970 [ 323.647606][ T9095] ? rcu_is_watching+0x12/0xc0 [ 323.647630][ T9095] ? trace_contention_end+0xdd/0x130 [ 323.647662][ T9095] ? __mutex_lock+0x1c4/0x10b0 [ 323.647724][ T9095] ? __pfx_assoc_array_insert+0x10/0x10 [ 323.647753][ T9095] ? __pfx___might_resched+0x10/0x10 [ 323.647783][ T9095] ? down_write+0x14d/0x200 [ 323.647805][ T9095] ? __pfx_down_write+0x10/0x10 [ 323.647831][ T9095] __key_link_begin+0xf5/0x260 [ 323.647866][ T9095] key_link+0x103/0x310 [ 323.647899][ T9095] ? __pfx_key_link+0x10/0x10 [ 323.647928][ T9095] ? bpf_lsm_key_permission+0x9/0x10 [ 323.647969][ T9095] ? key_task_permission+0x2e5/0x400 [ 323.647995][ T9095] keyctl_get_persistent+0x5c3/0x8c0 [ 323.648026][ T9095] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 323.648060][ T9095] ? __x64_sys_futex+0x1e0/0x4c0 [ 323.648089][ T9095] ? __x64_sys_futex+0x1e9/0x4c0 [ 323.648125][ T9095] ? xfd_validate_state+0x61/0x180 [ 323.648167][ T9095] __do_sys_keyctl+0x1a9/0x590 [ 323.648207][ T9095] do_syscall_64+0xcd/0x490 [ 323.648260][ T9095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.648295][ T9095] RIP: 0033:0x7f47b358eb69 [ 323.648321][ T9095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.648354][ T9095] RSP: 002b:00007f47b435e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 323.648376][ T9095] RAX: ffffffffffffffda RBX: 00007f47b37b6240 RCX: 00007f47b358eb69 [ 323.648391][ T9095] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 323.648406][ T9095] RBP: 00007f47b3611df1 R08: 0000000000000001 R09: 0000000000000000 [ 323.648421][ T9095] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 323.648435][ T9095] R13: 0000000000000000 R14: 00007f47b37b6240 R15: 00007fff06b893d8 [ 323.648465][ T9095] [ 327.668724][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.675193][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.075961][ T9159] FAULT_INJECTION: forcing a failure. [ 328.075961][ T9159] name failslab, interval 1, probability 0, space 0, times 0 [ 328.205319][ T9159] CPU: 1 UID: 0 PID: 9159 Comm: syz.2.633 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 328.205373][ T9159] Tainted: [U]=USER [ 328.205383][ T9159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 328.205402][ T9159] Call Trace: [ 328.205413][ T9159] [ 328.205425][ T9159] dump_stack_lvl+0x16c/0x1f0 [ 328.205480][ T9159] should_fail_ex+0x512/0x640 [ 328.205512][ T9159] ? fs_reclaim_acquire+0xae/0x150 [ 328.205562][ T9159] ? tomoyo_encode2+0x100/0x3e0 [ 328.205600][ T9159] should_failslab+0xc2/0x120 [ 328.205644][ T9159] __kmalloc_noprof+0xd2/0x510 [ 328.205681][ T9159] ? d_absolute_path+0x136/0x1a0 [ 328.205735][ T9159] tomoyo_encode2+0x100/0x3e0 [ 328.205779][ T9159] tomoyo_encode+0x29/0x50 [ 328.205817][ T9159] tomoyo_realpath_from_path+0x18f/0x6e0 [ 328.205867][ T9159] tomoyo_path_number_perm+0x245/0x580 [ 328.205898][ T9159] ? tomoyo_path_number_perm+0x237/0x580 [ 328.205934][ T9159] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 328.205968][ T9159] ? find_held_lock+0x2b/0x80 [ 328.206046][ T9159] ? find_held_lock+0x2b/0x80 [ 328.206076][ T9159] ? hook_file_ioctl_common+0x145/0x410 [ 328.206137][ T9159] ? __fget_files+0x20e/0x3c0 [ 328.206178][ T9159] security_file_ioctl+0x9b/0x240 [ 328.206213][ T9159] __x64_sys_ioctl+0xb7/0x210 [ 328.206266][ T9159] do_syscall_64+0xcd/0x490 [ 328.206320][ T9159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.206358][ T9159] RIP: 0033:0x7faae618eb69 [ 328.206382][ T9159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.206414][ T9159] RSP: 002b:00007faae7058038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 328.206443][ T9159] RAX: ffffffffffffffda RBX: 00007faae63b6080 RCX: 00007faae618eb69 [ 328.206463][ T9159] RDX: 0000000000000000 RSI: 0000000000005000 RDI: 0000000000000003 [ 328.206482][ T9159] RBP: 00007faae7058090 R08: 0000000000000000 R09: 0000000000000000 [ 328.206501][ T9159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.206519][ T9159] R13: 0000000000000001 R14: 00007faae63b6080 R15: 00007fff7fb955c8 [ 328.206559][ T9159] [ 328.692866][ T9159] ERROR: Out of memory at tomoyo_realpath_from_path. [ 329.363399][ T9158] FAULT_INJECTION: forcing a failure. [ 329.363399][ T9158] name failslab, interval 1, probability 0, space 0, times 0 [ 329.460327][ T9158] CPU: 0 UID: 0 PID: 9158 Comm: syz.3.632 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 329.460380][ T9158] Tainted: [U]=USER [ 329.460391][ T9158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 329.460409][ T9158] Call Trace: [ 329.460419][ T9158] [ 329.460432][ T9158] dump_stack_lvl+0x16c/0x1f0 [ 329.460488][ T9158] should_fail_ex+0x512/0x640 [ 329.460521][ T9158] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 329.460560][ T9158] should_failslab+0xc2/0x120 [ 329.460606][ T9158] __kmalloc_cache_noprof+0x6a/0x3e0 [ 329.460639][ T9158] ? __mutex_trylock_common+0xe9/0x250 [ 329.460685][ T9158] ? assoc_array_insert+0x10c/0x3970 [ 329.460745][ T9158] ? __pfx___mutex_trylock_common+0x10/0x10 [ 329.460798][ T9158] assoc_array_insert+0x10c/0x3970 [ 329.460841][ T9158] ? rcu_is_watching+0x12/0xc0 [ 329.460875][ T9158] ? trace_contention_end+0xdd/0x130 [ 329.460923][ T9158] ? __mutex_lock+0x1c4/0x10b0 [ 329.460987][ T9158] ? __pfx_assoc_array_insert+0x10/0x10 [ 329.461027][ T9158] ? __pfx___might_resched+0x10/0x10 [ 329.461071][ T9158] ? down_write+0x14d/0x200 [ 329.461101][ T9158] ? __pfx_down_write+0x10/0x10 [ 329.461139][ T9158] __key_link_begin+0xf5/0x260 [ 329.461187][ T9158] key_link+0x103/0x310 [ 329.461234][ T9158] ? __pfx_key_link+0x10/0x10 [ 329.461274][ T9158] ? bpf_lsm_key_permission+0x9/0x10 [ 329.461332][ T9158] ? key_task_permission+0x2e5/0x400 [ 329.461373][ T9158] keyctl_get_persistent+0x5c3/0x8c0 [ 329.461416][ T9158] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 329.461466][ T9158] ? __x64_sys_futex+0x1e0/0x4c0 [ 329.461507][ T9158] ? __x64_sys_futex+0x1e9/0x4c0 [ 329.461559][ T9158] ? xfd_validate_state+0x61/0x180 [ 329.461619][ T9158] __do_sys_keyctl+0x1a9/0x590 [ 329.461676][ T9158] do_syscall_64+0xcd/0x490 [ 329.461741][ T9158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.461776][ T9158] RIP: 0033:0x7f47b358eb69 [ 329.461803][ T9158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.461836][ T9158] RSP: 002b:00007f47b437f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 329.461868][ T9158] RAX: ffffffffffffffda RBX: 00007f47b37b6160 RCX: 00007f47b358eb69 [ 329.461891][ T9158] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 329.461913][ T9158] RBP: 00007f47b3611df1 R08: 0000000000000001 R09: 0000000000000000 [ 329.461933][ T9158] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 329.461954][ T9158] R13: 0000000000000000 R14: 00007f47b37b6160 R15: 00007fff06b893d8 [ 329.461997][ T9158] [ 329.719293][ C0] vkms_vblank_simulate: vblank timer overrun [ 329.840281][ T31] audit: type=1326 audit(1754298549.103:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9188 comm="syz.1.639" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c7f38eb69 code=0x0 [ 330.428483][ T9201] sock: sock_timestamping_bind_phc: sock not bind to device [ 331.647429][ T9215] FAULT_INJECTION: forcing a failure. [ 331.647429][ T9215] name failslab, interval 1, probability 0, space 0, times 0 [ 331.683720][ T9215] CPU: 1 UID: 0 PID: 9215 Comm: syz.2.644 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 331.683781][ T9215] Tainted: [U]=USER [ 331.683791][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 331.683809][ T9215] Call Trace: [ 331.683820][ T9215] [ 331.683832][ T9215] dump_stack_lvl+0x16c/0x1f0 [ 331.683887][ T9215] should_fail_ex+0x512/0x640 [ 331.683925][ T9215] should_failslab+0xc2/0x120 [ 331.683967][ T9215] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 331.684006][ T9215] ? skb_clone+0x190/0x3f0 [ 331.684061][ T9215] skb_clone+0x190/0x3f0 [ 331.684113][ T9215] netlink_deliver_tap+0xabd/0xd30 [ 331.684173][ T9215] netlink_dump+0x881/0xd30 [ 331.684227][ T9215] ? __pfx_netlink_dump+0x10/0x10 [ 331.684293][ T9215] ? __asan_memset+0x23/0x50 [ 331.684325][ T9215] ? genl_start+0x67f/0x980 [ 331.684365][ T9215] __netlink_dump_start+0x6d6/0x990 [ 331.684420][ T9215] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 331.684460][ T9215] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 331.684509][ T9215] ? __pfx_genl_get_cmd+0x10/0x10 [ 331.684537][ T9215] ? __pfx_genl_start+0x10/0x10 [ 331.684564][ T9215] ? __pfx_genl_dumpit+0x10/0x10 [ 331.684595][ T9215] ? __pfx_genl_done+0x10/0x10 [ 331.684634][ T9215] ? __radix_tree_lookup+0x21f/0x2c0 [ 331.684686][ T9215] genl_rcv_msg+0x46e/0x800 [ 331.684728][ T9215] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.684770][ T9215] ? __pfx_tipc_nl_node_dump_monitor+0x10/0x10 [ 331.684836][ T9215] netlink_rcv_skb+0x158/0x420 [ 331.684888][ T9215] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.684925][ T9215] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 331.684994][ T9215] ? netlink_deliver_tap+0x1ae/0xd30 [ 331.685051][ T9215] genl_rcv+0x28/0x40 [ 331.685081][ T9215] netlink_unicast+0x5a7/0x870 [ 331.685137][ T9215] ? __pfx_netlink_unicast+0x10/0x10 [ 331.685190][ T9215] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 331.685239][ T9215] ? __lock_acquire+0xb97/0x1ce0 [ 331.685294][ T9215] netlink_sendmsg+0x8d1/0xdd0 [ 331.685355][ T9215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.685423][ T9215] ____sys_sendmsg+0xa95/0xc70 [ 331.685462][ T9215] ? copy_msghdr_from_user+0x10a/0x160 [ 331.685510][ T9215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 331.685568][ T9215] ___sys_sendmsg+0x134/0x1d0 [ 331.685621][ T9215] ? __pfx____sys_sendmsg+0x10/0x10 [ 331.685710][ T9215] ? __mutex_unlock_slowpath+0xc0/0x800 [ 331.685780][ T9215] __sys_sendmsg+0x16d/0x220 [ 331.685831][ T9215] ? __pfx___sys_sendmsg+0x10/0x10 [ 331.685908][ T9215] do_syscall_64+0xcd/0x490 [ 331.685964][ T9215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.685997][ T9215] RIP: 0033:0x7faae618eb69 [ 331.686022][ T9215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.686054][ T9215] RSP: 002b:00007faae7079038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 331.686084][ T9215] RAX: ffffffffffffffda RBX: 00007faae63b5fa0 RCX: 00007faae618eb69 [ 331.686105][ T9215] RDX: 0000000000008080 RSI: 00002000000083c0 RDI: 0000000000000003 [ 331.686125][ T9215] RBP: 00007faae7079090 R08: 0000000000000000 R09: 0000000000000000 [ 331.686145][ T9215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.686163][ T9215] R13: 0000000000000000 R14: 00007faae63b5fa0 R15: 00007fff7fb955c8 [ 331.686206][ T9215] [ 332.517786][ T9223] FAULT_INJECTION: forcing a failure. [ 332.517786][ T9223] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.569967][ T9223] CPU: 0 UID: 0 PID: 9223 Comm: syz.0.646 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 332.570014][ T9223] Tainted: [U]=USER [ 332.570023][ T9223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 332.570039][ T9223] Call Trace: [ 332.570047][ T9223] [ 332.570057][ T9223] dump_stack_lvl+0x16c/0x1f0 [ 332.570104][ T9223] should_fail_ex+0x512/0x640 [ 332.570135][ T9223] _copy_to_user+0x32/0xd0 [ 332.570170][ T9223] simple_read_from_buffer+0xcb/0x170 [ 332.570217][ T9223] proc_fail_nth_read+0x197/0x240 [ 332.570247][ T9223] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 332.570278][ T9223] ? rw_verify_area+0xcf/0x6c0 [ 332.570303][ T9223] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 332.570331][ T9223] vfs_read+0x1e4/0xc60 [ 332.570371][ T9223] ? __pfx___mutex_lock+0x10/0x10 [ 332.570431][ T9223] ? __pfx_vfs_read+0x10/0x10 [ 332.570475][ T9223] ? __fget_files+0x20e/0x3c0 [ 332.570520][ T9223] ksys_read+0x12a/0x250 [ 332.570553][ T9223] ? __pfx_ksys_read+0x10/0x10 [ 332.570600][ T9223] do_syscall_64+0xcd/0x490 [ 332.570651][ T9223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.570682][ T9223] RIP: 0033:0x7f188c98d57c [ 332.570707][ T9223] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 332.570736][ T9223] RSP: 002b:00007f188d84d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 332.570766][ T9223] RAX: ffffffffffffffda RBX: 00007f188cbb6080 RCX: 00007f188c98d57c [ 332.570786][ T9223] RDX: 000000000000000f RSI: 00007f188d84d0a0 RDI: 0000000000000004 [ 332.570805][ T9223] RBP: 00007f188d84d090 R08: 0000000000000000 R09: 0000000000000000 [ 332.570824][ T9223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 332.570843][ T9223] R13: 0000000000000001 R14: 00007f188cbb6080 R15: 00007ffc4738b408 [ 332.570883][ T9223] [ 332.759656][ C0] vkms_vblank_simulate: vblank timer overrun [ 333.215122][ T9234] FAULT_INJECTION: forcing a failure. [ 333.215122][ T9234] name failslab, interval 1, probability 0, space 0, times 0 [ 333.247696][ T9234] CPU: 1 UID: 0 PID: 9234 Comm: syz.0.649 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 333.247755][ T9234] Tainted: [U]=USER [ 333.247767][ T9234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 333.247787][ T9234] Call Trace: [ 333.247797][ T9234] [ 333.247809][ T9234] dump_stack_lvl+0x16c/0x1f0 [ 333.247874][ T9234] should_fail_ex+0x512/0x640 [ 333.247906][ T9234] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 333.247952][ T9234] should_failslab+0xc2/0x120 [ 333.247996][ T9234] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 333.248036][ T9234] ? __kernfs_new_node+0xd2/0x8e0 [ 333.248084][ T9234] __kernfs_new_node+0xd2/0x8e0 [ 333.248132][ T9234] ? __pfx___kernfs_new_node+0x10/0x10 [ 333.248186][ T9234] ? find_held_lock+0x2b/0x80 [ 333.248220][ T9234] ? kernfs_root+0xee/0x2a0 [ 333.248270][ T9234] kernfs_new_node+0x13c/0x1e0 [ 333.248332][ T9234] __kernfs_create_file+0x53/0x350 [ 333.248371][ T9234] sysfs_add_file_mode_ns+0x207/0x3c0 [ 333.248422][ T9234] internal_create_group+0x578/0xf30 [ 333.248477][ T9234] ? __pfx_internal_create_group+0x10/0x10 [ 333.248523][ T9234] ? sysfs_create_dir_ns+0x14c/0x2b0 [ 333.248564][ T9234] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 333.248603][ T9234] ? find_held_lock+0x2b/0x80 [ 333.248641][ T9234] internal_create_groups+0x9d/0x150 [ 333.248691][ T9234] kobject_add_internal+0x311/0x9b0 [ 333.248733][ T9234] kobject_init_and_add+0x11b/0x190 [ 333.248769][ T9234] ? __pfx_kobject_init_and_add+0x10/0x10 [ 333.248830][ T9234] rpc_sysfs_client_setup+0x190/0x320 [ 333.248876][ T9234] ? __pfx_rpc_sysfs_client_setup+0x10/0x10 [ 333.248931][ T9234] ? rpc_net_ns+0xe8/0x2a0 [ 333.248993][ T9234] rpc_new_client+0x948/0x1320 [ 333.249038][ T9234] rpc_create_xprt+0xd9/0x440 [ 333.249078][ T9234] rpc_create+0x469/0x7f0 [ 333.249115][ T9234] ? bpf_ksym_find+0x124/0x1c0 [ 333.249145][ T9234] ? __pfx_rpc_create+0x10/0x10 [ 333.249196][ T9234] ? arch_stack_walk+0xa6/0x100 [ 333.249268][ T9234] ? save_trace+0x4e/0x380 [ 333.249307][ T9234] ? add_lock_to_list+0x9d/0x130 [ 333.249349][ T9234] rpcb_create_af_local+0x11b/0x310 [ 333.249401][ T9234] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 333.249467][ T9234] ? find_held_lock+0x2b/0x80 [ 333.249499][ T9234] ? rpcb_create_local+0x1da/0x270 [ 333.249560][ T9234] rpcb_create_local+0x1ee/0x270 [ 333.249615][ T9234] svc_bind+0x1e8/0x260 [ 333.249673][ T9234] nfsd_create_serv+0x2d2/0x480 [ 333.249726][ T9234] ? __pfx_nfsd_create_serv+0x10/0x10 [ 333.249779][ T9234] ? __nla_validate_parse+0x600/0x2880 [ 333.249830][ T9234] nfsd_nl_listener_set_doit+0xdd/0x1b10 [ 333.249886][ T9234] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 333.249924][ T9234] ? __nla_parse+0x40/0x60 [ 333.249971][ T9234] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 333.250010][ T9234] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 333.250057][ T9234] genl_family_rcv_msg_doit+0x209/0x2f0 [ 333.250097][ T9234] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 333.250131][ T9234] ? rcu_is_watching+0x12/0xc0 [ 333.250178][ T9234] ? bpf_lsm_capable+0x9/0x10 [ 333.250208][ T9234] ? security_capable+0x7e/0x260 [ 333.250267][ T9234] genl_rcv_msg+0x55c/0x800 [ 333.250317][ T9234] ? __pfx_genl_rcv_msg+0x10/0x10 [ 333.250355][ T9234] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 333.250410][ T9234] netlink_rcv_skb+0x158/0x420 [ 333.250464][ T9234] ? __pfx_genl_rcv_msg+0x10/0x10 [ 333.250502][ T9234] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 333.250576][ T9234] ? netlink_deliver_tap+0x1ae/0xd30 [ 333.250632][ T9234] genl_rcv+0x28/0x40 [ 333.250661][ T9234] netlink_unicast+0x5a7/0x870 [ 333.250731][ T9234] ? __pfx_netlink_unicast+0x10/0x10 [ 333.250783][ T9234] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 333.250831][ T9234] ? __lock_acquire+0xb97/0x1ce0 [ 333.250884][ T9234] netlink_sendmsg+0x8d1/0xdd0 [ 333.250943][ T9234] ? __pfx_netlink_sendmsg+0x10/0x10 [ 333.251010][ T9234] ____sys_sendmsg+0xa95/0xc70 [ 333.251049][ T9234] ? copy_msghdr_from_user+0x10a/0x160 [ 333.251098][ T9234] ? __pfx_____sys_sendmsg+0x10/0x10 [ 333.251174][ T9234] ___sys_sendmsg+0x134/0x1d0 [ 333.251228][ T9234] ? __pfx____sys_sendmsg+0x10/0x10 [ 333.251355][ T9234] __sys_sendmsg+0x16d/0x220 [ 333.251406][ T9234] ? __pfx___sys_sendmsg+0x10/0x10 [ 333.251454][ T9234] ? __x64_sys_futex+0x1e0/0x4c0 [ 333.251523][ T9234] do_syscall_64+0xcd/0x490 [ 333.251577][ T9234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.251610][ T9234] RIP: 0033:0x7f188c98eb69 [ 333.251656][ T9234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.251689][ T9234] RSP: 002b:00007f188d86e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 333.251722][ T9234] RAX: ffffffffffffffda RBX: 00007f188cbb5fa0 RCX: 00007f188c98eb69 [ 333.251744][ T9234] RDX: 0000000000000000 RSI: 0000200000003700 RDI: 0000000000000006 [ 333.251765][ T9234] RBP: 00007f188ca11df1 R08: 0000000000000000 R09: 0000000000000000 [ 333.251786][ T9234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.251807][ T9234] R13: 0000000000000000 R14: 00007f188cbb5fa0 R15: 00007ffc4738b408 [ 333.251851][ T9234] [ 333.783075][ T9234] kobject: kobject_add_internal failed for clnt-0 (error: -12 parent: rpc-clients) [ 334.976438][ T9244] kexec: Could not allocate control_code_buffer [ 335.201850][ T9263] FAULT_INJECTION: forcing a failure. [ 335.201850][ T9263] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.217405][ T9263] CPU: 0 UID: 0 PID: 9263 Comm: syz.0.656 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 335.217455][ T9263] Tainted: [U]=USER [ 335.217466][ T9263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 335.217484][ T9263] Call Trace: [ 335.217494][ T9263] [ 335.217505][ T9263] dump_stack_lvl+0x16c/0x1f0 [ 335.217561][ T9263] should_fail_ex+0x512/0x640 [ 335.217597][ T9263] _copy_to_user+0x32/0xd0 [ 335.217638][ T9263] simple_read_from_buffer+0xcb/0x170 [ 335.217693][ T9263] proc_fail_nth_read+0x197/0x240 [ 335.217728][ T9263] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 335.217765][ T9263] ? rw_verify_area+0xcf/0x6c0 [ 335.217795][ T9263] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 335.217829][ T9263] vfs_read+0x1e4/0xc60 [ 335.217871][ T9263] ? __pfx___mutex_lock+0x10/0x10 [ 335.217921][ T9263] ? __pfx_vfs_read+0x10/0x10 [ 335.217990][ T9263] ? __fget_files+0x20e/0x3c0 [ 335.218037][ T9263] ksys_read+0x12a/0x250 [ 335.218071][ T9263] ? __pfx_ksys_read+0x10/0x10 [ 335.218125][ T9263] do_syscall_64+0xcd/0x490 [ 335.218178][ T9263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.218211][ T9263] RIP: 0033:0x7f188c98d57c [ 335.218237][ T9263] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 335.218268][ T9263] RSP: 002b:00007f188d86e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 335.218297][ T9263] RAX: ffffffffffffffda RBX: 00007f188cbb5fa0 RCX: 00007f188c98d57c [ 335.218318][ T9263] RDX: 000000000000000f RSI: 00007f188d86e0a0 RDI: 0000000000000004 [ 335.218338][ T9263] RBP: 00007f188d86e090 R08: 0000000000000000 R09: 0000000000000000 [ 335.218356][ T9263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 335.218376][ T9263] R13: 0000000000000000 R14: 00007f188cbb5fa0 R15: 00007ffc4738b408 [ 335.218417][ T9263] [ 335.646229][ T9260] FAULT_INJECTION: forcing a failure. [ 335.646229][ T9260] name failslab, interval 1, probability 0, space 0, times 0 [ 335.666754][ T9270] netlink: 16 bytes leftover after parsing attributes in process `syz.0.657'. [ 335.702219][ T9260] CPU: 1 UID: 0 PID: 9260 Comm: syz.2.653 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 335.702277][ T9260] Tainted: [U]=USER [ 335.702288][ T9260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 335.702307][ T9260] Call Trace: [ 335.702319][ T9260] [ 335.702329][ T9260] dump_stack_lvl+0x16c/0x1f0 [ 335.702380][ T9260] should_fail_ex+0x512/0x640 [ 335.702411][ T9260] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 335.702444][ T9260] should_failslab+0xc2/0x120 [ 335.702481][ T9260] __kmalloc_cache_noprof+0x6a/0x3e0 [ 335.702511][ T9260] ? assoc_array_insert+0x2fa/0x3970 [ 335.702548][ T9260] ? kasan_save_track+0x14/0x30 [ 335.702584][ T9260] assoc_array_insert+0x2fa/0x3970 [ 335.702624][ T9260] ? rcu_is_watching+0x12/0xc0 [ 335.702652][ T9260] ? trace_contention_end+0xdd/0x130 [ 335.702691][ T9260] ? __mutex_lock+0x1c4/0x10b0 [ 335.702744][ T9260] ? __pfx_assoc_array_insert+0x10/0x10 [ 335.702778][ T9260] ? __pfx___might_resched+0x10/0x10 [ 335.702815][ T9260] ? down_write+0x14d/0x200 [ 335.702839][ T9260] ? __pfx_down_write+0x10/0x10 [ 335.702870][ T9260] __key_link_begin+0xf5/0x260 [ 335.702910][ T9260] key_link+0x103/0x310 [ 335.702948][ T9260] ? __pfx_key_link+0x10/0x10 [ 335.702982][ T9260] ? bpf_lsm_key_permission+0x9/0x10 [ 335.703029][ T9260] ? key_task_permission+0x2e5/0x400 [ 335.703070][ T9260] keyctl_get_persistent+0x5c3/0x8c0 [ 335.703111][ T9260] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 335.703152][ T9260] ? __x64_sys_futex+0x1e0/0x4c0 [ 335.703186][ T9260] ? __x64_sys_futex+0x1e9/0x4c0 [ 335.703229][ T9260] ? xfd_validate_state+0x61/0x180 [ 335.703277][ T9260] __do_sys_keyctl+0x1a9/0x590 [ 335.703327][ T9260] do_syscall_64+0xcd/0x490 [ 335.703372][ T9260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.703401][ T9260] RIP: 0033:0x7faae618eb69 [ 335.703423][ T9260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.703450][ T9260] RSP: 002b:00007faae7037038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 335.703477][ T9260] RAX: ffffffffffffffda RBX: 00007faae63b6160 RCX: 00007faae618eb69 [ 335.703496][ T9260] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 335.703513][ T9260] RBP: 00007faae6211df1 R08: 0000000000000001 R09: 0000000000000000 [ 335.703530][ T9260] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 335.703547][ T9260] R13: 0000000000000000 R14: 00007faae63b6160 R15: 00007fff7fb955c8 [ 335.703583][ T9260] [ 337.520169][ T10] smpboot: CPU 1 is now offline [ 338.092987][ T9291] snd_aloop snd_aloop.0: control 1:262152:7:ͺΈθ:0 is already present [ 338.802483][ T9289] FAULT_INJECTION: forcing a failure. [ 338.802483][ T9289] name failslab, interval 1, probability 0, space 0, times 0 [ 338.974646][ T9289] CPU: 0 UID: 0 PID: 9289 Comm: syz.3.662 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 338.974686][ T9289] Tainted: [U]=USER [ 338.974694][ T9289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 338.974708][ T9289] Call Trace: [ 338.974716][ T9289] [ 338.974725][ T9289] dump_stack_lvl+0x16c/0x1f0 [ 338.974768][ T9289] should_fail_ex+0x512/0x640 [ 338.974792][ T9289] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 338.974826][ T9289] should_failslab+0xc2/0x120 [ 338.974857][ T9289] __kmalloc_cache_noprof+0x6a/0x3e0 [ 338.974882][ T9289] ? assoc_array_insert+0x2fa/0x3970 [ 338.974913][ T9289] ? kasan_save_track+0x14/0x30 [ 338.974943][ T9289] assoc_array_insert+0x2fa/0x3970 [ 338.974974][ T9289] ? rcu_is_watching+0x12/0xc0 [ 338.974998][ T9289] ? trace_contention_end+0xdd/0x130 [ 338.975032][ T9289] ? __mutex_lock+0x1c4/0x10b0 [ 338.975077][ T9289] ? __pfx_assoc_array_insert+0x10/0x10 [ 338.975106][ T9289] ? __pfx___might_resched+0x10/0x10 [ 338.975136][ T9289] ? down_write+0x14d/0x200 [ 338.975157][ T9289] ? __pfx_down_write+0x10/0x10 [ 338.975184][ T9289] __key_link_begin+0xf5/0x260 [ 338.975218][ T9289] key_link+0x103/0x310 [ 338.975251][ T9289] ? __pfx_key_link+0x10/0x10 [ 338.975281][ T9289] ? bpf_lsm_key_permission+0x9/0x10 [ 338.975321][ T9289] ? key_task_permission+0x2e5/0x400 [ 338.975347][ T9289] keyctl_get_persistent+0x5c3/0x8c0 [ 338.975379][ T9289] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 338.975413][ T9289] ? __x64_sys_futex+0x1e0/0x4c0 [ 338.975442][ T9289] ? __x64_sys_futex+0x1e9/0x4c0 [ 338.975477][ T9289] ? xfd_validate_state+0x61/0x180 [ 338.975519][ T9289] __do_sys_keyctl+0x1a9/0x590 [ 338.975559][ T9289] do_syscall_64+0xcd/0x490 [ 338.975599][ T9289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.975623][ T9289] RIP: 0033:0x7f47b358eb69 [ 338.975641][ T9289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.975670][ T9289] RSP: 002b:00007f47b43c1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 338.975693][ T9289] RAX: ffffffffffffffda RBX: 00007f47b37b5fa0 RCX: 00007f47b358eb69 [ 338.975708][ T9289] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 338.975723][ T9289] RBP: 00007f47b3611df1 R08: 0000000000000001 R09: 0000000000000000 [ 338.975737][ T9289] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 338.975752][ T9289] R13: 0000000000000000 R14: 00007f47b37b5fa0 R15: 00007fff06b893d8 [ 338.975781][ T9289] [ 341.529438][ T9310] FAULT_INJECTION: forcing a failure. [ 341.529438][ T9310] name failslab, interval 1, probability 0, space 0, times 0 [ 341.579469][ T9310] CPU: 0 UID: 0 PID: 9310 Comm: syz.0.666 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 341.579520][ T9310] Tainted: [U]=USER [ 341.579528][ T9310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 341.579542][ T9310] Call Trace: [ 341.579550][ T9310] [ 341.579559][ T9310] dump_stack_lvl+0x16c/0x1f0 [ 341.579601][ T9310] should_fail_ex+0x512/0x640 [ 341.579625][ T9310] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 341.579653][ T9310] should_failslab+0xc2/0x120 [ 341.579685][ T9310] __kmalloc_cache_noprof+0x6a/0x3e0 [ 341.579711][ T9310] ? assoc_array_insert+0x2fa/0x3970 [ 341.579741][ T9310] ? kasan_save_track+0x14/0x30 [ 341.579772][ T9310] assoc_array_insert+0x2fa/0x3970 [ 341.579802][ T9310] ? rcu_is_watching+0x12/0xc0 [ 341.579826][ T9310] ? trace_contention_end+0xdd/0x130 [ 341.579860][ T9310] ? __mutex_lock+0x1c4/0x10b0 [ 341.579906][ T9310] ? __pfx_assoc_array_insert+0x10/0x10 [ 341.579934][ T9310] ? __pfx___might_resched+0x10/0x10 [ 341.579965][ T9310] ? down_write+0x14d/0x200 [ 341.579986][ T9310] ? __pfx_down_write+0x10/0x10 [ 341.580012][ T9310] __key_link_begin+0xf5/0x260 [ 341.580046][ T9310] key_link+0x103/0x310 [ 341.580079][ T9310] ? __pfx_key_link+0x10/0x10 [ 341.580109][ T9310] ? bpf_lsm_key_permission+0x9/0x10 [ 341.580149][ T9310] ? key_task_permission+0x2e5/0x400 [ 341.580175][ T9310] keyctl_get_persistent+0x5c3/0x8c0 [ 341.580206][ T9310] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 341.580241][ T9310] ? __x64_sys_futex+0x1e0/0x4c0 [ 341.580270][ T9310] ? __x64_sys_futex+0x1e9/0x4c0 [ 341.580306][ T9310] ? xfd_validate_state+0x61/0x180 [ 341.580347][ T9310] __do_sys_keyctl+0x1a9/0x590 [ 341.580388][ T9310] do_syscall_64+0xcd/0x490 [ 341.580428][ T9310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.580452][ T9310] RIP: 0033:0x7f188c98eb69 [ 341.580482][ T9310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.580506][ T9310] RSP: 002b:00007f188d82c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 341.580528][ T9310] RAX: ffffffffffffffda RBX: 00007f188cbb6160 RCX: 00007f188c98eb69 [ 341.580544][ T9310] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 341.580560][ T9310] RBP: 00007f188ca11df1 R08: 0000000000000001 R09: 0000000000000000 [ 341.580575][ T9310] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 341.580590][ T9310] R13: 0000000000000000 R14: 00007f188cbb6160 R15: 00007ffc4738b408 [ 341.580620][ T9310] [ 342.542392][ T9321] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 345.713822][ T9354] FAULT_INJECTION: forcing a failure. [ 345.713822][ T9354] name failslab, interval 1, probability 0, space 0, times 0 [ 345.784451][ T9354] CPU: 0 UID: 0 PID: 9354 Comm: syz.1.677 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 345.784493][ T9354] Tainted: [U]=USER [ 345.784500][ T9354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 345.784514][ T9354] Call Trace: [ 345.784521][ T9354] [ 345.784529][ T9354] dump_stack_lvl+0x16c/0x1f0 [ 345.784570][ T9354] should_fail_ex+0x512/0x640 [ 345.784593][ T9354] ? __kmalloc_noprof+0xbf/0x510 [ 345.784621][ T9354] ? kernfs_fop_write_iter+0x237/0x510 [ 345.784641][ T9354] should_failslab+0xc2/0x120 [ 345.784671][ T9354] __kmalloc_noprof+0xd2/0x510 [ 345.784703][ T9354] kernfs_fop_write_iter+0x237/0x510 [ 345.784729][ T9354] vfs_write+0x6c7/0x1150 [ 345.784755][ T9354] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 345.784795][ T9354] ? __pfx___mutex_lock+0x10/0x10 [ 345.784831][ T9354] ? __pfx_vfs_write+0x10/0x10 [ 345.784875][ T9354] ksys_write+0x12a/0x250 [ 345.784900][ T9354] ? __pfx_ksys_write+0x10/0x10 [ 345.784934][ T9354] do_syscall_64+0xcd/0x490 [ 345.784971][ T9354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.784994][ T9354] RIP: 0033:0x7f7c7f38eb69 [ 345.785012][ T9354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.785034][ T9354] RSP: 002b:00007f7c802d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 345.785055][ T9354] RAX: ffffffffffffffda RBX: 00007f7c7f5b5fa0 RCX: 00007f7c7f38eb69 [ 345.785071][ T9354] RDX: 0000000000000003 RSI: 0000200000000340 RDI: 0000000000000003 [ 345.785085][ T9354] RBP: 00007f7c802d4090 R08: 0000000000000000 R09: 0000000000000000 [ 345.785105][ T9354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.785119][ T9354] R13: 0000000000000000 R14: 00007f7c7f5b5fa0 R15: 00007ffdb7bb6588 [ 345.785148][ T9354] [ 346.373919][ T9373] netlink: 186 bytes leftover after parsing attributes in process `syz.1.681'. [ 348.753456][ T9425] netlink: 326 bytes leftover after parsing attributes in process `syz.1.692'. [ 348.798890][ T9392] FAULT_INJECTION: forcing a failure. [ 348.798890][ T9392] name failslab, interval 1, probability 0, space 0, times 0 [ 348.925035][ T9392] CPU: 0 UID: 0 PID: 9392 Comm: syz.2.685 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 348.925076][ T9392] Tainted: [U]=USER [ 348.925083][ T9392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 348.925098][ T9392] Call Trace: [ 348.925105][ T9392] [ 348.925115][ T9392] dump_stack_lvl+0x16c/0x1f0 [ 348.925157][ T9392] should_fail_ex+0x512/0x640 [ 348.925180][ T9392] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 348.925208][ T9392] should_failslab+0xc2/0x120 [ 348.925240][ T9392] __kmalloc_cache_noprof+0x6a/0x3e0 [ 348.925264][ T9392] ? assoc_array_insert+0x2fa/0x3970 [ 348.925294][ T9392] ? kasan_save_track+0x14/0x30 [ 348.925324][ T9392] assoc_array_insert+0x2fa/0x3970 [ 348.925354][ T9392] ? rcu_is_watching+0x12/0xc0 [ 348.925378][ T9392] ? trace_contention_end+0xdd/0x130 [ 348.925416][ T9392] ? __mutex_lock+0x1c4/0x10b0 [ 348.925461][ T9392] ? __pfx_assoc_array_insert+0x10/0x10 [ 348.925490][ T9392] ? __pfx___might_resched+0x10/0x10 [ 348.925520][ T9392] ? down_write+0x14d/0x200 [ 348.925541][ T9392] ? __pfx_down_write+0x10/0x10 [ 348.925567][ T9392] __key_link_begin+0xf5/0x260 [ 348.925601][ T9392] key_link+0x103/0x310 [ 348.925634][ T9392] ? __pfx_key_link+0x10/0x10 [ 348.925664][ T9392] ? bpf_lsm_key_permission+0x9/0x10 [ 348.925705][ T9392] ? key_task_permission+0x2e5/0x400 [ 348.925730][ T9392] keyctl_get_persistent+0x5c3/0x8c0 [ 348.925768][ T9392] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 348.925803][ T9392] ? __x64_sys_futex+0x1e0/0x4c0 [ 348.925833][ T9392] ? __x64_sys_futex+0x1e9/0x4c0 [ 348.925869][ T9392] ? xfd_validate_state+0x61/0x180 [ 348.925912][ T9392] __do_sys_keyctl+0x1a9/0x590 [ 348.925952][ T9392] do_syscall_64+0xcd/0x490 [ 348.925992][ T9392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.926016][ T9392] RIP: 0033:0x7faae618eb69 [ 348.926035][ T9392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.926058][ T9392] RSP: 002b:00007faae7079038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 348.926080][ T9392] RAX: ffffffffffffffda RBX: 00007faae63b5fa0 RCX: 00007faae618eb69 [ 348.926096][ T9392] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 348.926111][ T9392] RBP: 00007faae6211df1 R08: 0000000000000001 R09: 0000000000000000 [ 348.926125][ T9392] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 348.926139][ T9392] R13: 0000000000000000 R14: 00007faae63b5fa0 R15: 00007fff7fb955c8 [ 348.926169][ T9392] [ 350.097255][ T9437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.694'. [ 352.011069][ T9470] program syz.3.701 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 352.239186][ T9480] netlink: 28 bytes leftover after parsing attributes in process `syz.1.705'. [ 352.471958][ T9486] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.706'. [ 352.735707][ T9490] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 353.622008][ T9505] ubi0: attaching mtd0 [ 353.654971][ T9505] ubi0: scanning is finished [ 353.659706][ T9505] ubi0: empty MTD device detected [ 354.034593][ T9505] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 354.087577][ T9505] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 354.140189][ T9505] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 354.190916][ T9505] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 354.261057][ T9505] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 354.308114][ T9505] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 354.391584][ T9505] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3768247594 [ 354.502748][ T9505] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 354.587069][ T9514] ubi0: background thread "ubi_bgt0d" started, PID 9514 [ 354.896004][ T9527] random: crng reseeded on system resumption [ 355.174515][ T9526] program syz.3.714 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 356.061763][ T9545] netlink: 5972 bytes leftover after parsing attributes in process `syz.3.717'. [ 356.117199][ T9546] FAULT_INJECTION: forcing a failure. [ 356.117199][ T9546] name failslab, interval 1, probability 0, space 0, times 0 [ 356.200419][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 356.207287][ T9550] deleting an unspecified loop device is not supported. [ 356.214462][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 356.226912][ T9546] CPU: 0 UID: 0 PID: 9546 Comm: syz.0.718 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 356.226950][ T9546] Tainted: [U]=USER [ 356.226957][ T9546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 356.226971][ T9546] Call Trace: [ 356.226978][ T9546] [ 356.226986][ T9546] dump_stack_lvl+0x16c/0x1f0 [ 356.227026][ T9546] should_fail_ex+0x512/0x640 [ 356.227048][ T9546] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 356.227076][ T9546] should_failslab+0xc2/0x120 [ 356.227106][ T9546] __kmalloc_cache_noprof+0x6a/0x3e0 [ 356.227136][ T9546] ? mark_held_locks+0x49/0x80 [ 356.227165][ T9546] ? ovs_ct_limit_cmd_set+0x30a/0xa90 [ 356.227196][ T9546] ovs_ct_limit_cmd_set+0x30a/0xa90 [ 356.227228][ T9546] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 356.227256][ T9546] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 356.227284][ T9546] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 356.227318][ T9546] genl_family_rcv_msg_doit+0x209/0x2f0 [ 356.227345][ T9546] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 356.227371][ T9546] ? trace_cap_capable+0x18d/0x200 [ 356.227413][ T9546] ? bpf_lsm_capable+0x9/0x10 [ 356.227434][ T9546] ? security_capable+0x7e/0x260 [ 356.227470][ T9546] ? ns_capable+0xd7/0x110 [ 356.227497][ T9546] genl_rcv_msg+0x55c/0x800 [ 356.227524][ T9546] ? __pfx_genl_rcv_msg+0x10/0x10 [ 356.227550][ T9546] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 356.227588][ T9546] netlink_rcv_skb+0x158/0x420 [ 356.227625][ T9546] ? __pfx_genl_rcv_msg+0x10/0x10 [ 356.227651][ T9546] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 356.227704][ T9546] ? netlink_deliver_tap+0x1ae/0xd30 [ 356.227744][ T9546] genl_rcv+0x28/0x40 [ 356.227765][ T9546] netlink_unicast+0x5a7/0x870 [ 356.227806][ T9546] ? __pfx_netlink_unicast+0x10/0x10 [ 356.227841][ T9546] ? __asan_memset+0x23/0x50 [ 356.227871][ T9546] ? __build_skb_around+0x278/0x3b0 [ 356.227901][ T9546] ? is_vmalloc_addr+0x86/0xa0 [ 356.227930][ T9546] netlink_sendmsg+0x8d1/0xdd0 [ 356.227970][ T9546] ? __pfx_netlink_sendmsg+0x10/0x10 [ 356.228017][ T9546] ____sys_sendmsg+0xa95/0xc70 [ 356.228044][ T9546] ? copy_msghdr_from_user+0x10a/0x160 [ 356.228078][ T9546] ? __pfx_____sys_sendmsg+0x10/0x10 [ 356.228117][ T9546] ___sys_sendmsg+0x134/0x1d0 [ 356.228160][ T9546] ? __pfx____sys_sendmsg+0x10/0x10 [ 356.228232][ T9546] __sys_sendmsg+0x16d/0x220 [ 356.228267][ T9546] ? __pfx___sys_sendmsg+0x10/0x10 [ 356.228302][ T9546] ? __x64_sys_futex+0x1e0/0x4c0 [ 356.228350][ T9546] do_syscall_64+0xcd/0x490 [ 356.228389][ T9546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.228413][ T9546] RIP: 0033:0x7f188c98eb69 [ 356.228430][ T9546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.228452][ T9546] RSP: 002b:00007f188d86e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 356.228473][ T9546] RAX: ffffffffffffffda RBX: 00007f188cbb5fa0 RCX: 00007f188c98eb69 [ 356.228489][ T9546] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000004 [ 356.228503][ T9546] RBP: 00007f188ca11df1 R08: 0000000000000000 R09: 0000000000000000 [ 356.228516][ T9546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.228530][ T9546] R13: 0000000000000000 R14: 00007f188cbb5fa0 R15: 00007ffc4738b408 [ 356.228559][ T9546] [ 356.557661][ C0] vkms_vblank_simulate: vblank timer overrun [ 357.728898][ T9564] FAULT_INJECTION: forcing a failure. [ 357.728898][ T9564] name failslab, interval 1, probability 0, space 0, times 0 [ 357.864048][ T9564] CPU: 0 UID: 0 PID: 9564 Comm: syz.3.721 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 357.864161][ T9564] Tainted: [U]=USER [ 357.864173][ T9564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 357.864189][ T9564] Call Trace: [ 357.864198][ T9564] [ 357.864207][ T9564] dump_stack_lvl+0x16c/0x1f0 [ 357.864251][ T9564] should_fail_ex+0x512/0x640 [ 357.864275][ T9564] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 357.864307][ T9564] should_failslab+0xc2/0x120 [ 357.864339][ T9564] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 357.864368][ T9564] ? prepare_creds+0x2c/0x7d0 [ 357.864408][ T9564] prepare_creds+0x2c/0x7d0 [ 357.864445][ T9564] join_session_keyring+0x17/0x340 [ 357.864471][ T9564] lookup_user_key+0xe3f/0x1300 [ 357.864497][ T9564] ? __pfx_lookup_user_key+0x10/0x10 [ 357.864519][ T9564] ? aa_get_newest_label+0x375/0x680 [ 357.864557][ T9564] ? find_held_lock+0x2b/0x80 [ 357.864579][ T9564] ? __pfx_aa_get_newest_label+0x10/0x10 [ 357.864615][ T9564] ? setid_policy_lookup+0x10c/0x350 [ 357.864650][ T9564] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 357.864681][ T9564] ? bpf_lsm_capable+0x9/0x10 [ 357.864703][ T9564] ? security_capable+0x7e/0x260 [ 357.864748][ T9564] keyctl_get_persistent+0x1a5/0x8c0 [ 357.864781][ T9564] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 357.864816][ T9564] ? __x64_sys_futex+0x1e0/0x4c0 [ 357.864845][ T9564] ? __x64_sys_futex+0x1e9/0x4c0 [ 357.864877][ T9564] ? __fget_files+0x20e/0x3c0 [ 357.864925][ T9564] ? xfd_validate_state+0x61/0x180 [ 357.864968][ T9564] __do_sys_keyctl+0x1a9/0x590 [ 357.865009][ T9564] do_syscall_64+0xcd/0x490 [ 357.865050][ T9564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.865077][ T9564] RIP: 0033:0x7f47b358eb69 [ 357.865096][ T9564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.865120][ T9564] RSP: 002b:00007f47b437f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 357.865144][ T9564] RAX: ffffffffffffffda RBX: 00007f47b37b6160 RCX: 00007f47b358eb69 [ 357.865160][ T9564] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 357.865175][ T9564] RBP: 00007f47b3611df1 R08: 0000000000000001 R09: 0000000000000000 [ 357.865189][ T9564] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 357.865203][ T9564] R13: 0000000000000000 R14: 00007f47b37b6160 R15: 00007fff06b893d8 [ 357.865232][ T9564] [ 358.113196][ C0] vkms_vblank_simulate: vblank timer overrun [ 359.227973][ T5185] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 360.324532][ T31] audit: type=1800 audit(1754298579.603:15): pid=9586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.726" name="discovery_nqn" dev="configfs" ino=29608 res=0 errno=0 [ 360.519272][ T9588] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 360.578528][ T9588] netlink: 19 bytes leftover after parsing attributes in process `syz.0.727'. [ 363.217222][ T9625] FAULT_INJECTION: forcing a failure. [ 363.217222][ T9625] name failslab, interval 1, probability 0, space 0, times 0 [ 363.352255][ T9625] CPU: 0 UID: 0 PID: 9625 Comm: syz.3.737 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 363.352297][ T9625] Tainted: [U]=USER [ 363.352304][ T9625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 363.352320][ T9625] Call Trace: [ 363.352327][ T9625] [ 363.352336][ T9625] dump_stack_lvl+0x16c/0x1f0 [ 363.352378][ T9625] should_fail_ex+0x512/0x640 [ 363.352406][ T9625] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 363.352434][ T9625] should_failslab+0xc2/0x120 [ 363.352465][ T9625] __kmalloc_cache_noprof+0x6a/0x3e0 [ 363.352490][ T9625] ? assoc_array_insert+0x2fa/0x3970 [ 363.352520][ T9625] ? kasan_save_track+0x14/0x30 [ 363.352550][ T9625] assoc_array_insert+0x2fa/0x3970 [ 363.352584][ T9625] ? rcu_is_watching+0x12/0xc0 [ 363.352608][ T9625] ? trace_contention_end+0xdd/0x130 [ 363.352642][ T9625] ? __mutex_lock+0x1c4/0x10b0 [ 363.352688][ T9625] ? __pfx_assoc_array_insert+0x10/0x10 [ 363.352717][ T9625] ? __pfx___might_resched+0x10/0x10 [ 363.352747][ T9625] ? down_write+0x14d/0x200 [ 363.352768][ T9625] ? __pfx_down_write+0x10/0x10 [ 363.352794][ T9625] __key_link_begin+0xf5/0x260 [ 363.352828][ T9625] key_link+0x103/0x310 [ 363.352865][ T9625] ? __pfx_key_link+0x10/0x10 [ 363.352895][ T9625] ? bpf_lsm_key_permission+0x9/0x10 [ 363.352936][ T9625] ? key_task_permission+0x2e5/0x400 [ 363.352962][ T9625] keyctl_get_persistent+0x5c3/0x8c0 [ 363.352994][ T9625] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 363.353029][ T9625] ? __x64_sys_futex+0x1e0/0x4c0 [ 363.353058][ T9625] ? __x64_sys_futex+0x1e9/0x4c0 [ 363.353094][ T9625] ? xfd_validate_state+0x61/0x180 [ 363.353136][ T9625] __do_sys_keyctl+0x1a9/0x590 [ 363.353175][ T9625] do_syscall_64+0xcd/0x490 [ 363.353215][ T9625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.353240][ T9625] RIP: 0033:0x7f47b358eb69 [ 363.353258][ T9625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.353281][ T9625] RSP: 002b:00007f47b43c1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 363.353303][ T9625] RAX: ffffffffffffffda RBX: 00007f47b37b5fa0 RCX: 00007f47b358eb69 [ 363.353318][ T9625] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 363.353334][ T9625] RBP: 00007f47b3611df1 R08: 0000000000000001 R09: 0000000000000000 [ 363.353348][ T9625] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 363.353362][ T9625] R13: 0000000000000000 R14: 00007f47b37b5fa0 R15: 00007fff06b893d8 [ 363.353398][ T9625] [ 364.451170][ T9647] program syz.0.741 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 364.727288][ T9650] random: crng reseeded on system resumption [ 365.958289][ T9659] FAULT_INJECTION: forcing a failure. [ 365.958289][ T9659] name failslab, interval 1, probability 0, space 0, times 0 [ 366.044825][ T9659] CPU: 0 UID: 0 PID: 9659 Comm: syz.1.743 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 366.044869][ T9659] Tainted: [U]=USER [ 366.044877][ T9659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 366.044891][ T9659] Call Trace: [ 366.044899][ T9659] [ 366.044908][ T9659] dump_stack_lvl+0x16c/0x1f0 [ 366.044951][ T9659] should_fail_ex+0x512/0x640 [ 366.044975][ T9659] ? __kmalloc_noprof+0xbf/0x510 [ 366.045006][ T9659] ? lsm_blob_alloc+0x68/0x90 [ 366.045038][ T9659] should_failslab+0xc2/0x120 [ 366.045079][ T9659] __kmalloc_noprof+0xd2/0x510 [ 366.045112][ T9659] lsm_blob_alloc+0x68/0x90 [ 366.045146][ T9659] security_sk_alloc+0x30/0x270 [ 366.045187][ T9659] sk_prot_alloc+0x1c7/0x2a0 [ 366.045220][ T9659] sk_alloc+0x36/0xc20 [ 366.045258][ T9659] __netlink_create+0x5e/0x2c0 [ 366.045292][ T9659] __netlink_kernel_create+0xed/0x750 [ 366.045332][ T9659] ? __pfx___netlink_kernel_create+0x10/0x10 [ 366.045369][ T9659] ? find_held_lock+0x2b/0x80 [ 366.045393][ T9659] ? audit_net_init+0x190/0x440 [ 366.045426][ T9659] audit_net_init+0x1ae/0x440 [ 366.045459][ T9659] ? __pfx_audit_net_init+0x10/0x10 [ 366.045489][ T9659] ? __pfx_audit_receive+0x10/0x10 [ 366.045520][ T9659] ? __pfx_audit_multicast_bind+0x10/0x10 [ 366.045552][ T9659] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 366.045591][ T9659] ? __kmalloc_noprof+0x242/0x510 [ 366.045624][ T9659] ? __pfx_audit_net_init+0x10/0x10 [ 366.045651][ T9659] ops_init+0x1df/0x5f0 [ 366.045679][ T9659] setup_net+0x10f/0x380 [ 366.045697][ T9659] ? lockdep_init_map_type+0x5c/0x280 [ 366.045731][ T9659] ? __pfx_setup_net+0x10/0x10 [ 366.045753][ T9659] ? debug_mutex_init+0x37/0x70 [ 366.045779][ T9659] copy_net_ns+0x2a6/0x5f0 [ 366.045810][ T9659] create_new_namespaces+0x3ea/0xa90 [ 366.045849][ T9659] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 366.045883][ T9659] ksys_unshare+0x45b/0xa40 [ 366.045924][ T9659] ? __pfx_ksys_unshare+0x10/0x10 [ 366.045958][ T9659] ? xfd_validate_state+0x61/0x180 [ 366.046004][ T9659] __x64_sys_unshare+0x31/0x40 [ 366.046036][ T9659] do_syscall_64+0xcd/0x490 [ 366.046084][ T9659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.046109][ T9659] RIP: 0033:0x7f7c7f38eb69 [ 366.046127][ T9659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.046151][ T9659] RSP: 002b:00007f7c802d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 366.046172][ T9659] RAX: ffffffffffffffda RBX: 00007f7c7f5b5fa0 RCX: 00007f7c7f38eb69 [ 366.046188][ T9659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 366.046203][ T9659] RBP: 00007f7c7f411df1 R08: 0000000000000000 R09: 0000000000000000 [ 366.046217][ T9659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.046231][ T9659] R13: 0000000000000000 R14: 00007f7c7f5b5fa0 R15: 00007ffdb7bb6588 [ 366.046260][ T9659] [ 366.380533][ T9659] audit: cannot initialize netlink socket in namespace [ 369.555554][ T9711] FAULT_INJECTION: forcing a failure. [ 369.555554][ T9711] name failslab, interval 1, probability 0, space 0, times 0 [ 369.743836][ T9711] CPU: 0 UID: 0 PID: 9711 Comm: syz.1.757 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 369.743878][ T9711] Tainted: [U]=USER [ 369.743886][ T9711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 369.743900][ T9711] Call Trace: [ 369.743907][ T9711] [ 369.743916][ T9711] dump_stack_lvl+0x16c/0x1f0 [ 369.743959][ T9711] should_fail_ex+0x512/0x640 [ 369.743982][ T9711] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 369.744011][ T9711] should_failslab+0xc2/0x120 [ 369.744043][ T9711] __kmalloc_cache_noprof+0x6a/0x3e0 [ 369.744068][ T9711] ? assoc_array_insert+0x2fa/0x3970 [ 369.744099][ T9711] ? kasan_save_track+0x14/0x30 [ 369.744129][ T9711] assoc_array_insert+0x2fa/0x3970 [ 369.744160][ T9711] ? rcu_is_watching+0x12/0xc0 [ 369.744185][ T9711] ? trace_contention_end+0xdd/0x130 [ 369.744219][ T9711] ? __mutex_lock+0x1c4/0x10b0 [ 369.744266][ T9711] ? __pfx_assoc_array_insert+0x10/0x10 [ 369.744295][ T9711] ? __pfx___might_resched+0x10/0x10 [ 369.744326][ T9711] ? down_write+0x14d/0x200 [ 369.744348][ T9711] ? __pfx_down_write+0x10/0x10 [ 369.744374][ T9711] __key_link_begin+0xf5/0x260 [ 369.744409][ T9711] key_link+0x103/0x310 [ 369.744443][ T9711] ? __pfx_key_link+0x10/0x10 [ 369.744473][ T9711] ? bpf_lsm_key_permission+0x9/0x10 [ 369.744514][ T9711] ? key_task_permission+0x2e5/0x400 [ 369.744540][ T9711] keyctl_get_persistent+0x5c3/0x8c0 [ 369.744572][ T9711] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 369.744607][ T9711] ? __x64_sys_futex+0x1e0/0x4c0 [ 369.744637][ T9711] ? __x64_sys_futex+0x1e9/0x4c0 [ 369.744673][ T9711] ? xfd_validate_state+0x61/0x180 [ 369.744716][ T9711] __do_sys_keyctl+0x1a9/0x590 [ 369.744769][ T9711] do_syscall_64+0xcd/0x490 [ 369.744810][ T9711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.744835][ T9711] RIP: 0033:0x7f7c7f38eb69 [ 369.744853][ T9711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.744881][ T9711] RSP: 002b:00007f7c80292038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 369.744903][ T9711] RAX: ffffffffffffffda RBX: 00007f7c7f5b6160 RCX: 00007f7c7f38eb69 [ 369.744919][ T9711] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 369.744934][ T9711] RBP: 00007f7c7f411df1 R08: 0000000000000001 R09: 0000000000000000 [ 369.744948][ T9711] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 369.744963][ T9711] R13: 0000000000000000 R14: 00007f7c7f5b6160 R15: 00007ffdb7bb6588 [ 369.744992][ T9711] [ 370.002721][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.370732][ T9720] random: crng reseeded on system resumption [ 372.667821][ T9750] ptrace attach of "./syz-executor exec"[5863] was attempted by "./syz-executor exec"[9750] [ 373.423093][ T9767] syz.0.770 (9767): attempted to duplicate a private mapping with mremap. This is not supported. [ 374.808514][ T9784] program syz.0.775 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 375.111430][ T9762] netlink: 20 bytes leftover after parsing attributes in process `syz.2.769'. [ 376.125878][ T9798] [ 376.128253][ T9798] ====================================================== [ 376.135325][ T9798] WARNING: possible circular locking dependency detected [ 376.142346][ T9798] 6.16.0-syzkaller-11322-g352af6a011d5 #0 Tainted: G U [ 376.150668][ T9798] ------------------------------------------------------ [ 376.157854][ T9798] syz.2.778/9798 is trying to acquire lock: [ 376.163751][ T9798] ffff8880264bad28 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 [ 376.173173][ T9798] [ 376.173173][ T9798] but task is already holding lock: [ 376.180531][ T9798] ffff8880264ba7e8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 376.191784][ T9798] [ 376.191784][ T9798] which lock already depends on the new lock. [ 376.191784][ T9798] [ 376.202281][ T9798] [ 376.202281][ T9798] the existing dependency chain (in reverse order) is: [ 376.211318][ T9798] [ 376.211318][ T9798] -> #3 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 376.219983][ T9798] blk_alloc_queue+0x619/0x760 [ 376.225305][ T9798] blk_mq_alloc_queue+0x172/0x280 [ 376.231153][ T9798] __blk_mq_alloc_disk+0x29/0x120 [ 376.236714][ T9798] loop_add+0x490/0xb70 [ 376.241441][ T9798] loop_init+0x164/0x270 [ 376.246219][ T9798] do_one_initcall+0x120/0x6e0 [ 376.251521][ T9798] kernel_init_freeable+0x5c2/0x900 [ 376.257275][ T9798] kernel_init+0x1c/0x2b0 [ 376.262150][ T9798] ret_from_fork+0x5d4/0x6f0 [ 376.267309][ T9798] ret_from_fork_asm+0x1a/0x30 [ 376.272622][ T9798] [ 376.272622][ T9798] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 376.279852][ T9798] fs_reclaim_acquire+0x102/0x150 [ 376.285424][ T9798] prepare_alloc_pages+0x162/0x610 [ 376.291076][ T9798] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 376.297511][ T9798] __alloc_pages_noprof+0xb/0x1b0 [ 376.303066][ T9798] pcpu_populate_chunk+0x110/0xb00 [ 376.308706][ T9798] pcpu_alloc_noprof+0x86a/0x1470 [ 376.314258][ T9798] bpf_map_alloc_percpu+0x9a/0x4b0 [ 376.319900][ T9798] htab_map_alloc+0x10ca/0x1570 [ 376.325291][ T9798] map_create+0x58f/0x1f80 [ 376.330243][ T9798] __sys_bpf+0x44d2/0x4de0 [ 376.335199][ T9798] __x64_sys_bpf+0x78/0xc0 [ 376.340155][ T9798] do_syscall_64+0xcd/0x490 [ 376.345296][ T9798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.352241][ T9798] [ 376.352241][ T9798] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 376.359979][ T9798] __mutex_lock+0x193/0x10b0 [ 376.365109][ T9798] pcpu_alloc_noprof+0xb4c/0x1470 [ 376.370668][ T9798] sbitmap_init_node+0x2fd/0x770 [ 376.376143][ T9798] sbitmap_queue_init_node+0x41/0x560 [ 376.382090][ T9798] blk_mq_init_tags+0x12d/0x2b0 [ 376.387471][ T9798] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 376.393569][ T9798] blk_mq_init_sched+0x30c/0x610 [ 376.399136][ T9798] elevator_switch+0x1e1/0x7f0 [ 376.404447][ T9798] elevator_change+0x2ac/0x400 [ 376.409773][ T9798] elevator_set_default+0x2c4/0x360 [ 376.415521][ T9798] blk_register_queue+0x393/0x4f0 [ 376.421084][ T9798] __add_disk+0x74a/0xf00 [ 376.425951][ T9798] add_disk_fwnode+0x13f/0x5d0 [ 376.431237][ T9798] nbd_dev_add+0x783/0xbb0 [ 376.436183][ T9798] nbd_init+0x181/0x320 [ 376.440872][ T9798] do_one_initcall+0x120/0x6e0 [ 376.446177][ T9798] kernel_init_freeable+0x5c2/0x900 [ 376.451927][ T9798] kernel_init+0x1c/0x2b0 [ 376.456808][ T9798] ret_from_fork+0x5d4/0x6f0 [ 376.462117][ T9798] ret_from_fork_asm+0x1a/0x30 [ 376.467418][ T9798] [ 376.467418][ T9798] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 376.475261][ T9798] __lock_acquire+0x12a6/0x1ce0 [ 376.480754][ T9798] lock_acquire+0x179/0x350 [ 376.485828][ T9798] __mutex_lock+0x193/0x10b0 [ 376.490981][ T9798] elevator_change+0x103/0x400 [ 376.496407][ T9798] elv_iosched_store+0x2eb/0x3a0 [ 376.502022][ T9798] queue_attr_store+0x26b/0x310 [ 376.507434][ T9798] sysfs_kf_write+0xef/0x150 [ 376.512574][ T9798] kernfs_fop_write_iter+0x351/0x510 [ 376.518392][ T9798] vfs_write+0x6c7/0x1150 [ 376.523256][ T9798] ksys_write+0x12a/0x250 [ 376.528123][ T9798] do_syscall_64+0xcd/0x490 [ 376.533254][ T9798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.539679][ T9798] [ 376.539679][ T9798] other info that might help us debug this: [ 376.539679][ T9798] [ 376.549910][ T9798] Chain exists of: [ 376.549910][ T9798] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 376.549910][ T9798] [ 376.563674][ T9798] Possible unsafe locking scenario: [ 376.563674][ T9798] [ 376.571122][ T9798] CPU0 CPU1 [ 376.576497][ T9798] ---- ---- [ 376.581858][ T9798] lock(&q->q_usage_counter(io)#18); [ 376.587262][ T9798] lock(fs_reclaim); [ 376.593781][ T9798] lock(&q->q_usage_counter(io)#18); [ 376.601789][ T9798] lock(&q->elevator_lock); [ 376.606489][ T9798] [ 376.606489][ T9798] *** DEADLOCK *** [ 376.606489][ T9798] [ 376.614627][ T9798] 7 locks held by syz.2.778/9798: [ 376.619655][ T9798] #0: ffff8880784949b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 376.628729][ T9798] #1: ffff888030ee2428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 376.637719][ T9798] #2: ffff88805e739488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 376.647496][ T9798] #3: ffff888142be4a58 (kn->active#175){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 376.657613][ T9798] #4: ffff8880264c6368 (&set->update_nr_hwq_lock){.+.+}-{4:4}, at: elv_iosched_store+0x337/0x3a0 [ 376.668256][ T9798] #5: ffff8880264ba7e8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 376.679953][ T9798] #6: ffff8880264ba820 (&q->q_usage_counter(queue)#21){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 376.692064][ T9798] [ 376.692064][ T9798] stack backtrace: [ 376.698135][ T9798] CPU: 0 UID: 0 PID: 9798 Comm: syz.2.778 Tainted: G U 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(full) [ 376.698170][ T9798] Tainted: [U]=USER [ 376.698177][ T9798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 376.698191][ T9798] Call Trace: [ 376.698200][ T9798] [ 376.698210][ T9798] dump_stack_lvl+0x116/0x1f0 [ 376.698247][ T9798] print_circular_bug+0x275/0x350 [ 376.698276][ T9798] check_noncircular+0x14c/0x170 [ 376.698307][ T9798] __lock_acquire+0x12a6/0x1ce0 [ 376.698341][ T9798] lock_acquire+0x179/0x350 [ 376.698368][ T9798] ? elevator_change+0x103/0x400 [ 376.698397][ T9798] ? __pfx___might_resched+0x10/0x10 [ 376.698421][ T9798] ? elevator_change+0x103/0x400 [ 376.698446][ T9798] __mutex_lock+0x193/0x10b0 [ 376.698480][ T9798] ? elevator_change+0x103/0x400 [ 376.698506][ T9798] ? enable_work+0x245/0x340 [ 376.698527][ T9798] ? __pfx_xa_find_after+0x10/0x10 [ 376.698550][ T9798] ? __pfx___mutex_lock+0x10/0x10 [ 376.698587][ T9798] ? blk_mq_cancel_work_sync+0xd8/0x110 [ 376.698608][ T9798] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 376.698648][ T9798] ? elevator_change+0x103/0x400 [ 376.698674][ T9798] elevator_change+0x103/0x400 [ 376.698702][ T9798] elv_iosched_store+0x2eb/0x3a0 [ 376.698731][ T9798] ? __pfx_elv_iosched_store+0x10/0x10 [ 376.698764][ T9798] ? __mutex_trylock_common+0xe9/0x250 [ 376.698795][ T9798] ? __pfx_elv_iosched_store+0x10/0x10 [ 376.698824][ T9798] queue_attr_store+0x26b/0x310 [ 376.698847][ T9798] ? __pfx_queue_attr_store+0x10/0x10 [ 376.698876][ T9798] ? find_held_lock+0x2b/0x80 [ 376.698896][ T9798] ? sysfs_file_kobj+0xe4/0x290 [ 376.698921][ T9798] ? __pfx_queue_attr_store+0x10/0x10 [ 376.698943][ T9798] sysfs_kf_write+0xef/0x150 [ 376.698966][ T9798] kernfs_fop_write_iter+0x351/0x510 [ 376.698986][ T9798] ? __pfx_sysfs_kf_write+0x10/0x10 [ 376.699010][ T9798] vfs_write+0x6c7/0x1150 [ 376.699036][ T9798] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 376.699080][ T9798] ? __pfx___mutex_lock+0x10/0x10 [ 376.699115][ T9798] ? __pfx_vfs_write+0x10/0x10 [ 376.699148][ T9798] ksys_write+0x12a/0x250 [ 376.699172][ T9798] ? __pfx_ksys_write+0x10/0x10 [ 376.699200][ T9798] do_syscall_64+0xcd/0x490 [ 376.699235][ T9798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.699258][ T9798] RIP: 0033:0x7faae618eb69 [ 376.699276][ T9798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.699297][ T9798] RSP: 002b:00007faae7079038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 376.699318][ T9798] RAX: ffffffffffffffda RBX: 00007faae63b5fa0 RCX: 00007faae618eb69 [ 376.699333][ T9798] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 376.699346][ T9798] RBP: 00007faae6211df1 R08: 0000000000000000 R09: 0000000000000000 [ 376.699359][ T9798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.699372][ T9798] R13: 0000000000000000 R14: 00007faae63b5fa0 R15: 00007fff7fb955c8 [ 376.699393][ T9798] [ 378.129712][ T9796] delete_channel: no stack [ 378.135804][ T9796] delete_channel: no stack