last executing test programs: 7.340560459s ago: executing program 0 (id=1092): openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0) ioctl$auto_UI_SET_EVBIT(r0, 0x40045564, &(0x7f0000000440)=0x1) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x2, 0x0, 0xc) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r1, r1, 0x0, 0x200) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) 4.42541056s ago: executing program 0 (id=1103): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x1e, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x10, 0x2, 0xc) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, r1, 0x0) fanotify_mark$auto(r0, 0x90, 0x3, 0xffffffffffffffff, 0x0) 4.082508872s ago: executing program 0 (id=1105): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdf2, 0x3a) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) ioprio_set$auto(0x5, 0x0, 0x3e4) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), 0xffffffffffffffff) 3.55136519s ago: executing program 1 (id=1108): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) getpgrp(0xffffffffffffffff) mmap$auto(0x0, 0x101, 0x4100000000df, 0xeb1, 0x200000401, 0x2008000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) 3.117355084s ago: executing program 1 (id=1112): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x0) 2.709345598s ago: executing program 2 (id=1116): socket(0x1, 0x5, 0x0) getsockopt$auto(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x42000, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0) ioctl$auto_SG_GET_REQUEST_TABLE(r1, 0x2286, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/device_info\x00', 0x8002, 0x0) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 2.681603518s ago: executing program 0 (id=1117): close_range$auto(0x2, 0xfffffffffffff000, 0x2) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) flock$auto(r0, 0x1) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x4081, 0x40) flock$auto(r1, 0x2) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) write$auto_mousedev_fops_mousedev(r2, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) read$auto(0x3, 0x0, 0xf3c) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) 2.489703189s ago: executing program 2 (id=1118): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/arch_status\x00', 0x8203, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x2a401, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8910, 0x0) 2.248563355s ago: executing program 3 (id=1119): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0) read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.850726131s ago: executing program 3 (id=1120): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4068aea3, 0x0) 1.804024746s ago: executing program 2 (id=1121): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'bond_slave_0\x00'}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204282, 0x0) setsockopt$auto_SO_DEVMEM_DONTNEED(r0, 0xdb, 0x50, 0x0, 0x9) clock_nanosleep$auto(0x400000, 0x1, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) 1.660696133s ago: executing program 0 (id=1122): sched_setaffinity$auto(0x1, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) unshare$auto(0x40000080) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fff) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) listen$auto(0x3, 0x81) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) shutdown$auto(0x200000003, 0x2) 1.420863583s ago: executing program 3 (id=1123): mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) io_uring_setup$auto(0x86, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4004ae86, 0x0) 1.40639636s ago: executing program 2 (id=1124): mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x101401, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 1.231163805s ago: executing program 2 (id=1125): bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x7, 0xffffffffffffffff, @relative_fd, 0x100000000}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21022cbc7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 1.044203271s ago: executing program 2 (id=1126): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(r0, 0x8, 0x0) open(0x0, 0x1676c1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) sendmsg$auto_SMC_NETLINK_ADD_UEID(0xffffffffffffffff, 0x0, 0x8092) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwritev$auto(r1, 0x0, 0x3, 0x1, 0x3ff) 1.016091807s ago: executing program 3 (id=1127): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) socket(0xa, 0x1, 0x0) ioctl$auto(0x3, 0x894b, 0x38) semget$auto(0x0, 0x13c, 0x1ff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdc01, {}, [@SMC_PNETID_ETHNAME={0xc, 0x2, '+o*#\x90\x80\x8b\x00'}, @SMC_PNETID_NAME={0xb, 0x1, 'netdev\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x40d0) semtimedop$auto(0x0, &(0x7f00000000c0)={0xa, 0x81, 0x70}, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) semctl$auto(0x0, 0x9, 0x0, 0x2) 996.382255ms ago: executing program 1 (id=1128): r0 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x20009, 0xda, 0xeb1, 0x405, 0x0) sysfs$auto(0x2, 0x100000000000037, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0xe, 0x0, 0x4) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0x9, 0x837, 0x8}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 749.505041ms ago: executing program 1 (id=1129): mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x1, 0x0, 0x0) 706.907063ms ago: executing program 3 (id=1130): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0x2, 0x5, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xff80}, 0x7, 0x0, 0x2, 0xb}, 0x40000fff}, 0x5, 0x7fffffff) 604.749905ms ago: executing program 0 (id=1131): ioctl$auto(0xffffffffffffffff, 0xffffff41, 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48a423, 0x0) write$auto(0x3, 0x0, 0xfdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, r0, 0x9) pivot_root$auto(0x0, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)={0x1c, r2, 0xb81, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_BEACON_TAIL={0x5, 0xf, "9a"}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) 556.259455ms ago: executing program 1 (id=1132): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) get_robust_list$auto(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x5, r2, @relative_fd=r3, 0x100000000}, 0xf) bpf$auto(0x4, &(0x7f00000002c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 456.256797ms ago: executing program 3 (id=1133): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) mq_open$auto(0x0, 0x83, 0x2b, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b80ebd01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)="205c2020027e0dc0023af10e9bfa1babfa203753ca9a2037", 0x18) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_clk_dump_fops_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/clk/clk_dump\x00', 0x430100, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) unshare$auto(0x40000080) 0s ago: executing program 1 (id=1134): rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) ioperm$auto(0x3, 0xe, 0x2000000000000149) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000380), 0x101100, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000088}, 0x20000000) kcmp$auto(0x1, 0x100000001, 0x5, 0x8f0, 0x24000) unshare$auto(0x40000080) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x936355e497c8b7e3, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       [ 294.274882][ T9021] mkiss: ax0: crc mode is auto. [ 294.514562][ T9054] netlink: 342 bytes leftover after parsing attributes in process `syz.3.961'. [ 294.583264][ T9054] netlink: 274 bytes leftover after parsing attributes in process `syz.3.961'. [ 295.066148][ T9066] blktrace: Concurrent blktraces are not allowed on loop2 syzkaller syzkaller login: [ 296.912686][ T9083] random: crng reseeded on system resumption [ 296.978519][ T9083] FAULT_INJECTION: forcing a failure. [ 296.978519][ T9083] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 297.000059][ T9083] CPU: 0 UID: 0 PID: 9083 Comm: syz.1.968 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 297.000111][ T9083] Tainted: [U]=USER [ 297.000121][ T9083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.000139][ T9083] Call Trace: [ 297.000149][ T9083] [ 297.000161][ T9083] dump_stack_lvl+0x16c/0x1f0 [ 297.000198][ T9083] should_fail_ex+0x512/0x640 [ 297.000236][ T9083] should_fail_alloc_page+0xe7/0x130 [ 297.000274][ T9083] prepare_alloc_pages+0x3c2/0x610 [ 297.000317][ T9083] ? rcu_is_watching+0x12/0xc0 [ 297.000354][ T9083] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 297.000400][ T9083] ? stack_trace_save+0x8e/0xc0 [ 297.000434][ T9083] ? __pfx_stack_trace_save+0x10/0x10 [ 297.000467][ T9083] ? stack_depot_save_flags+0x28/0xa40 [ 297.000502][ T9083] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 297.000540][ T9083] ? kasan_save_stack+0x42/0x60 [ 297.000567][ T9083] ? kasan_save_stack+0x33/0x60 [ 297.000601][ T9083] ? do_dentry_open+0x744/0x1c10 [ 297.000639][ T9083] ? vfs_open+0x82/0x3f0 [ 297.000672][ T9083] ? path_openat+0x1de4/0x2cb0 [ 297.000697][ T9083] ? do_filp_open+0x20b/0x470 [ 297.000722][ T9083] ? do_sys_openat2+0x11b/0x1d0 [ 297.000758][ T9083] ? __x64_sys_openat+0x174/0x210 [ 297.000797][ T9083] ? do_syscall_64+0xcd/0x490 [ 297.000825][ T9083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.000859][ T9083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 297.000901][ T9083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 297.000950][ T9083] ? policy_nodemask+0xea/0x4e0 [ 297.000989][ T9083] alloc_pages_mpol+0x1fb/0x550 [ 297.001035][ T9083] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 297.001093][ T9083] alloc_pages_noprof+0x131/0x390 [ 297.001130][ T9083] get_zeroed_page_noprof+0x18/0xb0 [ 297.001170][ T9083] get_image_page+0x18/0x190 [ 297.001203][ T9083] alloc_rtree_node+0x3c/0xb0 [ 297.001232][ T9083] memory_bm_create+0x519/0x810 [ 297.001279][ T9083] create_basic_memory_bitmaps+0xbd/0x320 [ 297.001320][ T9083] snapshot_open+0x235/0x2b0 [ 297.001356][ T9083] ? __pfx_snapshot_open+0x10/0x10 [ 297.001394][ T9083] misc_open+0x35a/0x420 [ 297.001438][ T9083] ? __pfx_misc_open+0x10/0x10 [ 297.001480][ T9083] chrdev_open+0x231/0x6a0 [ 297.001512][ T9083] ? __pfx_apparmor_file_open+0x10/0x10 [ 297.001557][ T9083] ? __pfx_chrdev_open+0x10/0x10 [ 297.001594][ T9083] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 297.001656][ T9083] do_dentry_open+0x744/0x1c10 [ 297.001688][ T9083] ? __pfx_chrdev_open+0x10/0x10 [ 297.001730][ T9083] vfs_open+0x82/0x3f0 [ 297.001781][ T9083] path_openat+0x1de4/0x2cb0 [ 297.001826][ T9083] ? __pfx_path_openat+0x10/0x10 [ 297.001858][ T9083] ? __lock_acquire+0xb8a/0x1c90 [ 297.001905][ T9083] do_filp_open+0x20b/0x470 [ 297.001933][ T9083] ? __pfx_do_filp_open+0x10/0x10 [ 297.001994][ T9083] ? alloc_fd+0x471/0x7d0 [ 297.002051][ T9083] do_sys_openat2+0x11b/0x1d0 [ 297.002089][ T9083] ? __pfx_do_sys_openat2+0x10/0x10 [ 297.002145][ T9083] __x64_sys_openat+0x174/0x210 [ 297.002186][ T9083] ? __pfx___x64_sys_openat+0x10/0x10 [ 297.002257][ T9083] do_syscall_64+0xcd/0x490 [ 297.002293][ T9083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.002322][ T9083] RIP: 0033:0x7fd86b18e9a9 [ 297.002348][ T9083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.002377][ T9083] RSP: 002b:00007fd86c091038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 297.002409][ T9083] RAX: ffffffffffffffda RBX: 00007fd86b3b5fa0 RCX: 00007fd86b18e9a9 [ 297.002428][ T9083] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 297.002447][ T9083] RBP: 00007fd86b210d69 R08: 0000000000000000 R09: 0000000000000000 [ 297.002465][ T9083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.002483][ T9083] R13: 0000000000000000 R14: 00007fd86b3b5fa0 R15: 00007ffc121c2628 [ 297.002524][ T9083] [ 299.228364][ T9120] netlink: 342 bytes leftover after parsing attributes in process `syz.3.979'. [ 299.270368][ T9120] netlink: 274 bytes leftover after parsing attributes in process `syz.3.979'. [ 300.310580][ T9143] netlink: 338 bytes leftover after parsing attributes in process `syz.0.985'. [ 300.828304][ T9151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'. [ 300.839138][ T9151] netlink: 25 bytes leftover after parsing attributes in process `syz.0.987'. [ 304.298450][ T9211] FAULT_INJECTION: forcing a failure. [ 304.298450][ T9211] name failslab, interval 1, probability 0, space 0, times 0 [ 304.344534][ T9211] CPU: 0 UID: 0 PID: 9211 Comm: syz.1.1006 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 304.344585][ T9211] Tainted: [U]=USER [ 304.344591][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.344601][ T9211] Call Trace: [ 304.344607][ T9211] [ 304.344615][ T9211] dump_stack_lvl+0x16c/0x1f0 [ 304.344637][ T9211] should_fail_ex+0x512/0x640 [ 304.344654][ T9211] ? __kmalloc_noprof+0xbf/0x510 [ 304.344673][ T9211] ? drm_atomic_state_init+0x17b/0x320 [ 304.344694][ T9211] should_failslab+0xc2/0x120 [ 304.344717][ T9211] __kmalloc_noprof+0xd2/0x510 [ 304.344739][ T9211] drm_atomic_state_init+0x17b/0x320 [ 304.344761][ T9211] ? __kasan_kmalloc+0xaa/0xb0 [ 304.344778][ T9211] drm_atomic_state_alloc+0xd3/0x120 [ 304.344805][ T9211] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 304.344828][ T9211] ? __pfx___might_resched+0x10/0x10 [ 304.344848][ T9211] ? rcu_is_watching+0x12/0xc0 [ 304.344865][ T9211] ? trace_contention_end+0xdd/0x130 [ 304.344889][ T9211] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 304.344935][ T9211] drm_client_modeset_commit_locked+0x14d/0x580 [ 304.344961][ T9211] drm_client_modeset_commit+0x4f/0x80 [ 304.344984][ T9211] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 304.345006][ T9211] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 304.345034][ T9211] drm_fbdev_client_restore+0x2c/0x40 [ 304.345060][ T9211] drm_client_dev_restore+0x1f6/0x2a0 [ 304.345085][ T9211] drm_release+0x2c4/0x360 [ 304.345107][ T9211] ? __pfx_drm_release+0x10/0x10 [ 304.345126][ T9211] __fput+0x402/0xb70 [ 304.345151][ T9211] task_work_run+0x150/0x240 [ 304.345178][ T9211] ? __pfx_task_work_run+0x10/0x10 [ 304.345204][ T9211] ? __pfx___do_sys_close_range+0x10/0x10 [ 304.345226][ T9211] exit_to_user_mode_loop+0xeb/0x110 [ 304.345253][ T9211] do_syscall_64+0x3f6/0x490 [ 304.345272][ T9211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.345289][ T9211] RIP: 0033:0x7fd86b18e9a9 [ 304.345304][ T9211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.345320][ T9211] RSP: 002b:00007fd86c091038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 304.345337][ T9211] RAX: 0000000000000000 RBX: 00007fd86b3b5fa0 RCX: 00007fd86b18e9a9 [ 304.345347][ T9211] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 304.345357][ T9211] RBP: 00007fd86b210d69 R08: 0000000000000000 R09: 0000000000000000 [ 304.345367][ T9211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.345376][ T9211] R13: 0000000000000000 R14: 00007fd86b3b5fa0 R15: 00007ffc121c2628 [ 304.345398][ T9211] [ 304.912521][ T9216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1008'. [ 304.959056][ T9216] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1008'. [ 306.312834][ T9243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 306.466957][ T9248] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1023'. [ 306.759628][ T9257] netlink: 'syz.1.1025': attribute type 27 has an invalid length. [ 306.792274][ T9257] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1025'. [ 311.125984][ T9328] FAULT_INJECTION: forcing a failure. [ 311.125984][ T9328] name failslab, interval 1, probability 0, space 0, times 0 [ 311.217984][ T9328] CPU: 1 UID: 0 PID: 9328 Comm: syz.3.1046 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 311.218034][ T9328] Tainted: [U]=USER [ 311.218045][ T9328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.218062][ T9328] Call Trace: [ 311.218070][ T9328] [ 311.218082][ T9328] dump_stack_lvl+0x16c/0x1f0 [ 311.218118][ T9328] should_fail_ex+0x512/0x640 [ 311.218146][ T9328] ? __kmalloc_noprof+0xbf/0x510 [ 311.218178][ T9328] ? drm_atomic_state_init+0x17b/0x320 [ 311.218218][ T9328] should_failslab+0xc2/0x120 [ 311.218250][ T9328] __kmalloc_noprof+0xd2/0x510 [ 311.218288][ T9328] drm_atomic_state_init+0x17b/0x320 [ 311.218326][ T9328] ? __kasan_kmalloc+0xaa/0xb0 [ 311.218356][ T9328] drm_atomic_state_alloc+0xd3/0x120 [ 311.218395][ T9328] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 311.218435][ T9328] ? __pfx___might_resched+0x10/0x10 [ 311.218468][ T9328] ? rcu_is_watching+0x12/0xc0 [ 311.218495][ T9328] ? trace_contention_end+0xdd/0x130 [ 311.218535][ T9328] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 311.218620][ T9328] drm_client_modeset_commit_locked+0x14d/0x580 [ 311.218665][ T9328] drm_client_modeset_commit+0x4f/0x80 [ 311.218703][ T9328] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 311.218750][ T9328] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 311.218797][ T9328] drm_fbdev_client_restore+0x2c/0x40 [ 311.218836][ T9328] drm_client_dev_restore+0x1f6/0x2a0 [ 311.218879][ T9328] drm_release+0x2c4/0x360 [ 311.218915][ T9328] ? __pfx_drm_release+0x10/0x10 [ 311.218949][ T9328] __fput+0x402/0xb70 [ 311.219002][ T9328] task_work_run+0x150/0x240 [ 311.219045][ T9328] ? __pfx_task_work_run+0x10/0x10 [ 311.219089][ T9328] ? __pfx___do_sys_close_range+0x10/0x10 [ 311.219132][ T9328] exit_to_user_mode_loop+0xeb/0x110 [ 311.219181][ T9328] do_syscall_64+0x3f6/0x490 [ 311.219219][ T9328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.219249][ T9328] RIP: 0033:0x7fd80d38e9a9 [ 311.219274][ T9328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.219302][ T9328] RSP: 002b:00007fd80b1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 311.219332][ T9328] RAX: 0000000000000000 RBX: 00007fd80d5b5fa0 RCX: 00007fd80d38e9a9 [ 311.219352][ T9328] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 311.219369][ T9328] RBP: 00007fd80d410d69 R08: 0000000000000000 R09: 0000000000000000 [ 311.219387][ T9328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.219405][ T9328] R13: 0000000000000000 R14: 00007fd80d5b5fa0 R15: 00007ffe4aca6d28 [ 311.219448][ T9328] [ 312.946712][ T9359] netlink: zone id is out of range [ 312.961678][ T9359] netlink: zone id is out of range [ 312.968499][ T9359] netlink: zone id is out of range [ 312.977864][ T9359] netlink: zone id is out of range [ 312.985503][ T9359] netlink: zone id is out of range [ 313.007056][ T9359] netlink: zone id is out of range [ 313.021808][ T9359] netlink: zone id is out of range [ 313.035991][ T9359] netlink: zone id is out of range [ 313.041419][ T9359] netlink: zone id is out of range [ 313.049521][ T9359] netlink: zone id is out of range [ 313.252147][ T9370] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1069'. [ 313.570400][ T9380] netlink: 62 bytes leftover after parsing attributes in process `syz.2.1063'. [ 316.516845][ T9415] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 318.003810][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880316f7c00: rx timeout, send abort [ 318.012366][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880316f7800: rx timeout, send abort [ 318.020931][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880316f7c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 318.035415][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880316f7800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 318.654372][ T9445] ubi0: attaching mtd0 [ 318.665825][ T9445] ubi0: scanning is finished [ 318.670594][ T9445] ubi0: empty MTD device detected [ 318.884124][ T9448] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 319.215171][ T9445] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 319.224304][ T9445] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 319.338958][ T9445] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 319.435940][ T9445] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 319.474175][ T9445] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 319.485663][ T9445] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 319.493713][ T9445] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3143181894 [ 319.545376][ T9445] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 319.596899][ T9457] ubi0: background thread "ubi_bgt0d" started, PID 9457 [ 319.609578][ T9449] ubi0: detaching mtd0 [ 319.639733][ T9460] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1090'. [ 319.663653][ T9449] ubi0: mtd0 is detached [ 320.884673][ T9480] FAULT_INJECTION: forcing a failure. [ 320.884673][ T9480] name failslab, interval 1, probability 0, space 0, times 0 [ 320.944498][ T9480] CPU: 0 UID: 0 PID: 9480 Comm: syz.3.1095 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 320.944547][ T9480] Tainted: [U]=USER [ 320.944558][ T9480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.944574][ T9480] Call Trace: [ 320.944583][ T9480] [ 320.944594][ T9480] dump_stack_lvl+0x16c/0x1f0 [ 320.944631][ T9480] should_fail_ex+0x512/0x640 [ 320.944663][ T9480] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 320.944714][ T9480] should_failslab+0xc2/0x120 [ 320.944751][ T9480] __kmalloc_cache_noprof+0x6a/0x3e0 [ 320.944798][ T9480] ? lockdep_init_map_type+0x5c/0x280 [ 320.944839][ T9480] ? rfkill_fop_open+0x1b6/0x750 [ 320.944886][ T9480] ? __pfx_rfkill_fop_open+0x10/0x10 [ 320.944924][ T9480] rfkill_fop_open+0x1b6/0x750 [ 320.944971][ T9480] ? __pfx_rfkill_fop_open+0x10/0x10 [ 320.945015][ T9480] misc_open+0x35a/0x420 [ 320.945060][ T9480] ? __pfx_misc_open+0x10/0x10 [ 320.945100][ T9480] chrdev_open+0x231/0x6a0 [ 320.945129][ T9480] ? __pfx_apparmor_file_open+0x10/0x10 [ 320.945173][ T9480] ? __pfx_chrdev_open+0x10/0x10 [ 320.945208][ T9480] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 320.945255][ T9480] do_dentry_open+0x744/0x1c10 [ 320.945278][ T9480] ? __pfx_chrdev_open+0x10/0x10 [ 320.945309][ T9480] vfs_open+0x82/0x3f0 [ 320.945350][ T9480] path_openat+0x1de4/0x2cb0 [ 320.945383][ T9480] ? __pfx_path_openat+0x10/0x10 [ 320.945408][ T9480] ? __lock_acquire+0xb8a/0x1c90 [ 320.945443][ T9480] do_filp_open+0x20b/0x470 [ 320.945466][ T9480] ? __pfx_do_filp_open+0x10/0x10 [ 320.945514][ T9480] ? alloc_fd+0x471/0x7d0 [ 320.945560][ T9480] do_sys_openat2+0x11b/0x1d0 [ 320.945589][ T9480] ? __pfx_do_sys_openat2+0x10/0x10 [ 320.945632][ T9480] __x64_sys_openat+0x174/0x210 [ 320.945662][ T9480] ? __pfx___x64_sys_openat+0x10/0x10 [ 320.945705][ T9480] do_syscall_64+0xcd/0x490 [ 320.945732][ T9480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.945755][ T9480] RIP: 0033:0x7fd80d38e9a9 [ 320.945774][ T9480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.945796][ T9480] RSP: 002b:00007fd80b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 320.945819][ T9480] RAX: ffffffffffffffda RBX: 00007fd80d5b5fa0 RCX: 00007fd80d38e9a9 [ 320.945833][ T9480] RDX: 0000000000183440 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 320.945847][ T9480] RBP: 00007fd80d410d69 R08: 0000000000000000 R09: 0000000000000000 [ 320.945860][ T9480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.945873][ T9480] R13: 0000000000000000 R14: 00007fd80d5b5fa0 R15: 00007ffe4aca6d28 [ 320.945903][ T9480] [ 321.675960][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.676069][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.165685][ T9494] FAULT_INJECTION: forcing a failure. [ 322.165685][ T9494] name failslab, interval 1, probability 0, space 0, times 0 [ 322.179544][ T9494] CPU: 1 UID: 0 PID: 9494 Comm: syz.3.1098 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 322.179589][ T9494] Tainted: [U]=USER [ 322.179599][ T9494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.179617][ T9494] Call Trace: [ 322.179626][ T9494] [ 322.179636][ T9494] dump_stack_lvl+0x16c/0x1f0 [ 322.179670][ T9494] should_fail_ex+0x512/0x640 [ 322.179697][ T9494] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 322.179745][ T9494] should_failslab+0xc2/0x120 [ 322.179778][ T9494] __kmalloc_cache_noprof+0x6a/0x3e0 [ 322.179824][ T9494] ? snd_seq_prioq_new+0x3f/0x110 [ 322.179873][ T9494] snd_seq_prioq_new+0x3f/0x110 [ 322.179913][ T9494] snd_seq_queue_alloc+0x12b/0x550 [ 322.179960][ T9494] snd_seq_ioctl_create_queue+0xa9/0x380 [ 322.180003][ T9494] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 322.180047][ T9494] alloc_seq_queue+0xda/0x180 [ 322.180083][ T9494] ? __pfx_alloc_seq_queue+0x10/0x10 [ 322.180150][ T9494] ? mark_held_locks+0x49/0x80 [ 322.180193][ T9494] ? _raw_spin_unlock_irq+0x23/0x50 [ 322.180246][ T9494] snd_seq_oss_open+0x38c/0xa20 [ 322.180291][ T9494] odev_open+0x6f/0x90 [ 322.180322][ T9494] ? __pfx_odev_open+0x10/0x10 [ 322.180353][ T9494] soundcore_open+0x409/0x580 [ 322.180390][ T9494] ? __pfx_soundcore_open+0x10/0x10 [ 322.180419][ T9494] chrdev_open+0x231/0x6a0 [ 322.180446][ T9494] ? __pfx_apparmor_file_open+0x10/0x10 [ 322.180489][ T9494] ? __pfx_chrdev_open+0x10/0x10 [ 322.180533][ T9494] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 322.180587][ T9494] do_dentry_open+0x744/0x1c10 [ 322.180619][ T9494] ? __pfx_chrdev_open+0x10/0x10 [ 322.180657][ T9494] vfs_open+0x82/0x3f0 [ 322.180698][ T9494] path_openat+0x1de4/0x2cb0 [ 322.180741][ T9494] ? __pfx_path_openat+0x10/0x10 [ 322.180774][ T9494] ? __lock_acquire+0xb8a/0x1c90 [ 322.180818][ T9494] do_filp_open+0x20b/0x470 [ 322.180847][ T9494] ? __pfx_do_filp_open+0x10/0x10 [ 322.180899][ T9494] ? alloc_fd+0x471/0x7d0 [ 322.180954][ T9494] do_sys_openat2+0x11b/0x1d0 [ 322.180989][ T9494] ? __pfx_do_sys_openat2+0x10/0x10 [ 322.181024][ T9494] ? __fget_files+0x204/0x3c0 [ 322.181084][ T9494] __x64_sys_openat+0x174/0x210 [ 322.181124][ T9494] ? __pfx___x64_sys_openat+0x10/0x10 [ 322.181184][ T9494] do_syscall_64+0xcd/0x490 [ 322.181219][ T9494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.181249][ T9494] RIP: 0033:0x7fd80d38e9a9 [ 322.181272][ T9494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.181301][ T9494] RSP: 002b:00007fd80b1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 322.181330][ T9494] RAX: ffffffffffffffda RBX: 00007fd80d5b6080 RCX: 00007fd80d38e9a9 [ 322.181349][ T9494] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 322.181367][ T9494] RBP: 00007fd80d410d69 R08: 0000000000000000 R09: 0000000000000000 [ 322.181384][ T9494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.181401][ T9494] R13: 0000000000000000 R14: 00007fd80d5b6080 R15: 00007ffe4aca6d28 [ 322.181442][ T9494] [ 322.484648][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.892919][ T9497] FAULT_INJECTION: forcing a failure. [ 322.892919][ T9497] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 322.907723][ T9497] CPU: 1 UID: 0 PID: 9497 Comm: syz.3.1099 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 322.907773][ T9497] Tainted: [U]=USER [ 322.907784][ T9497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.907802][ T9497] Call Trace: [ 322.907812][ T9497] [ 322.907823][ T9497] dump_stack_lvl+0x16c/0x1f0 [ 322.907860][ T9497] should_fail_ex+0x512/0x640 [ 322.907897][ T9497] should_fail_alloc_page+0xe7/0x130 [ 322.907937][ T9497] prepare_alloc_pages+0x3c2/0x610 [ 322.907988][ T9497] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 322.908023][ T9497] ? __lock_acquire+0x622/0x1c90 [ 322.908071][ T9497] ? __lock_acquire+0xb8a/0x1c90 [ 322.908119][ T9497] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 322.908157][ T9497] ? __mutex_trylock_common+0xe9/0x250 [ 322.908207][ T9497] ? __pfx___might_resched+0x10/0x10 [ 322.908242][ T9497] ? rcu_is_watching+0x12/0xc0 [ 322.908274][ T9497] ? trace_contention_end+0xdd/0x130 [ 322.908314][ T9497] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 322.908362][ T9497] ? policy_nodemask+0xea/0x4e0 [ 322.908401][ T9497] alloc_pages_mpol+0x1fb/0x550 [ 322.908438][ T9497] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 322.908487][ T9497] alloc_pages_noprof+0x131/0x390 [ 322.908531][ T9497] get_free_pages_noprof+0x10/0xb0 [ 322.908567][ T9497] ? configfs_write_iter+0x75/0x4e0 [ 322.908597][ T9497] configfs_write_iter+0x365/0x4e0 [ 322.908638][ T9497] vfs_write+0x6c4/0x1150 [ 322.908668][ T9497] ? __pfx_configfs_write_iter+0x10/0x10 [ 322.908704][ T9497] ? __pfx___mutex_lock+0x10/0x10 [ 322.908735][ T9497] ? __pfx_vfs_write+0x10/0x10 [ 322.908793][ T9497] ksys_write+0x12a/0x250 [ 322.908823][ T9497] ? __pfx_ksys_write+0x10/0x10 [ 322.908865][ T9497] do_syscall_64+0xcd/0x490 [ 322.908897][ T9497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.908927][ T9497] RIP: 0033:0x7fd80d38e9a9 [ 322.908952][ T9497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.908981][ T9497] RSP: 002b:00007fd80b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 322.909008][ T9497] RAX: ffffffffffffffda RBX: 00007fd80d5b5fa0 RCX: 00007fd80d38e9a9 [ 322.909026][ T9497] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 322.909043][ T9497] RBP: 00007fd80d410d69 R08: 0000000000000000 R09: 0000000000000000 [ 322.909059][ T9497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.909074][ T9497] R13: 0000000000000000 R14: 00007fd80d5b5fa0 R15: 00007ffe4aca6d28 [ 322.909111][ T9497] [ 323.161670][ C1] vkms_vblank_simulate: vblank timer overrun [ 323.670589][ T9508] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 323.768681][ T9511] FAULT_INJECTION: forcing a failure. [ 323.768681][ T9511] name failslab, interval 1, probability 0, space 0, times 0 [ 323.849135][ T9511] CPU: 1 UID: 0 PID: 9511 Comm: syz.1.1101 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 323.849188][ T9511] Tainted: [U]=USER [ 323.849199][ T9511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.849217][ T9511] Call Trace: [ 323.849227][ T9511] [ 323.849239][ T9511] dump_stack_lvl+0x16c/0x1f0 [ 323.849278][ T9511] should_fail_ex+0x512/0x640 [ 323.849308][ T9511] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 323.849345][ T9511] should_failslab+0xc2/0x120 [ 323.849381][ T9511] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 323.849414][ T9511] ? acpi_ut_create_thread_state+0x63/0x170 [ 323.849471][ T9511] acpi_ut_create_thread_state+0x63/0x170 [ 323.849521][ T9511] acpi_ps_parse_aml+0x79/0xcb0 [ 323.849561][ T9511] acpi_ps_execute_method+0x55a/0xb30 [ 323.849609][ T9511] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 323.849655][ T9511] acpi_ns_evaluate+0x76c/0xca0 [ 323.849696][ T9511] ? kasan_save_track+0x14/0x30 [ 323.849730][ T9511] acpi_evaluate_object+0x1fa/0xa90 [ 323.849784][ T9511] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.849815][ T9511] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 323.849865][ T9511] ? __mutex_trylock_common+0xe9/0x250 [ 323.849914][ T9511] acpi_evaluate_integer+0xdd/0x200 [ 323.849960][ T9511] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 323.850025][ T9511] ? __pfx_status_show+0x10/0x10 [ 323.850055][ T9511] status_show+0xa0/0x120 [ 323.850086][ T9511] ? __pfx_status_show+0x10/0x10 [ 323.850129][ T9511] dev_attr_show+0x53/0xe0 [ 323.850169][ T9511] ? __pfx_dev_attr_show+0x10/0x10 [ 323.850203][ T9511] sysfs_kf_seq_show+0x216/0x3e0 [ 323.850257][ T9511] seq_read_iter+0x506/0x12c0 [ 323.850322][ T9511] kernfs_fop_read_iter+0x40f/0x5a0 [ 323.850357][ T9511] ? rw_verify_area+0xcf/0x680 [ 323.850407][ T9511] vfs_read+0x8bc/0xc60 [ 323.850441][ T9511] ? __pfx___mutex_lock+0x10/0x10 [ 323.850473][ T9511] ? __pfx_vfs_read+0x10/0x10 [ 323.850532][ T9511] ksys_read+0x12a/0x250 [ 323.850560][ T9511] ? __pfx_ksys_read+0x10/0x10 [ 323.850609][ T9511] do_syscall_64+0xcd/0x490 [ 323.850645][ T9511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.850675][ T9511] RIP: 0033:0x7fd86b18e9a9 [ 323.850701][ T9511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.850731][ T9511] RSP: 002b:00007fd86c04f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 323.850760][ T9511] RAX: ffffffffffffffda RBX: 00007fd86b3b6160 RCX: 00007fd86b18e9a9 [ 323.850779][ T9511] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 323.850798][ T9511] RBP: 00007fd86b210d69 R08: 0000000000000000 R09: 0000000000000000 [ 323.850817][ T9511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.850835][ T9511] R13: 0000000000000000 R14: 00007fd86b3b6160 R15: 00007ffc121c2628 [ 323.850878][ T9511] [ 324.131269][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.154445][ T9511] ACPI Error: ffff88807f31d000 walk still has a scope list (20250404/dswstate-694) [ 325.351938][ T9545] scsi_dev_info_list_add_str: bad dev info string '-' '' '' [ 325.730503][ T9551] sp0: Synchronizing with TNC [ 325.746938][ T9550] [U] è [ 325.878748][ T9555] netlink: 18 bytes leftover after parsing attributes in process `syz.3.1119'. [ 327.657058][ T9595] FAULT_INJECTION: forcing a failure. [ 327.657058][ T9595] name failslab, interval 1, probability 0, space 0, times 0 [ 327.705641][ T9595] CPU: 1 UID: 0 PID: 9595 Comm: syz.3.1133 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 327.705691][ T9595] Tainted: [U]=USER [ 327.705700][ T9595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.705717][ T9595] Call Trace: [ 327.705727][ T9595] [ 327.705738][ T9595] dump_stack_lvl+0x16c/0x1f0 [ 327.705773][ T9595] should_fail_ex+0x512/0x640 [ 327.705805][ T9595] ? __kmalloc_noprof+0xbf/0x510 [ 327.705838][ T9595] ? xfrm_hash_alloc+0xd1/0x100 [ 327.705880][ T9595] should_failslab+0xc2/0x120 [ 327.705915][ T9595] __kmalloc_noprof+0xd2/0x510 [ 327.705944][ T9595] ? xfrm_state_init+0x377/0x630 [ 327.705985][ T9595] ? xfrm_state_init+0x311/0x630 [ 327.706034][ T9595] xfrm_hash_alloc+0xd1/0x100 [ 327.706078][ T9595] xfrm_net_init+0x35f/0xcc0 [ 327.706114][ T9595] ? __pfx_xfrm_net_init+0x10/0x10 [ 327.706140][ T9595] ops_init+0x1df/0x5f0 [ 327.706178][ T9595] setup_net+0x1ff/0x510 [ 327.706210][ T9595] ? lockdep_init_map_type+0x5c/0x280 [ 327.706250][ T9595] ? __pfx_setup_net+0x10/0x10 [ 327.706294][ T9595] ? debug_mutex_init+0x37/0x70 [ 327.706329][ T9595] copy_net_ns+0x2a6/0x5f0 [ 327.706369][ T9595] create_new_namespaces+0x3ea/0xa90 [ 327.706415][ T9595] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 327.706452][ T9595] ksys_unshare+0x45b/0xa40 [ 327.706494][ T9595] ? __pfx_ksys_unshare+0x10/0x10 [ 327.706535][ T9595] ? xfd_validate_state+0x61/0x180 [ 327.706584][ T9595] __x64_sys_unshare+0x31/0x40 [ 327.706621][ T9595] do_syscall_64+0xcd/0x490 [ 327.706652][ T9595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.706678][ T9595] RIP: 0033:0x7fd80d38e9a9 [ 327.706700][ T9595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.706727][ T9595] RSP: 002b:00007fd80b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 327.706756][ T9595] RAX: ffffffffffffffda RBX: 00007fd80d5b5fa0 RCX: 00007fd80d38e9a9 [ 327.706776][ T9595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 327.706794][ T9595] RBP: 00007fd80d410d69 R08: 0000000000000000 R09: 0000000000000000 [ 327.706813][ T9595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.706831][ T9595] R13: 0000000000000000 R14: 00007fd80d5b5fa0 R15: 00007ffe4aca6d28 [ 327.706875][ T9595] [ 327.988866][ T9598] ================================================================== [ 327.997013][ T9598] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 328.004981][ T9598] Read of size 8 at addr ffff88802ae4d218 by task syz.1.1134/9598 [ 328.012834][ T9598] [ 328.015211][ T9598] CPU: 1 UID: 0 PID: 9598 Comm: syz.1.1134 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 328.015261][ T9598] Tainted: [U]=USER [ 328.015273][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.015292][ T9598] Call Trace: [ 328.015302][ T9598] [ 328.015315][ T9598] dump_stack_lvl+0x116/0x1f0 [ 328.015351][ T9598] print_report+0xcd/0x610 [ 328.015385][ T9598] ? __virt_addr_valid+0x81/0x610 [ 328.015415][ T9598] ? __phys_addr+0xe8/0x180 [ 328.015458][ T9598] ? dvb_device_open+0x36a/0x3b0 [ 328.015488][ T9598] kasan_report+0xe0/0x110 [ 328.015519][ T9598] ? dvb_device_open+0x36a/0x3b0 [ 328.015552][ T9598] ? __pfx_dvb_device_open+0x10/0x10 [ 328.015580][ T9598] dvb_device_open+0x36a/0x3b0 [ 328.015608][ T9598] ? __pfx_dvb_device_open+0x10/0x10 [ 328.015637][ T9598] chrdev_open+0x231/0x6a0 [ 328.015663][ T9598] ? __pfx_apparmor_file_open+0x10/0x10 [ 328.015702][ T9598] ? __pfx_chrdev_open+0x10/0x10 [ 328.015730][ T9598] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 328.015777][ T9598] do_dentry_open+0x744/0x1c10 [ 328.015805][ T9598] ? __pfx_chrdev_open+0x10/0x10 [ 328.015836][ T9598] vfs_open+0x82/0x3f0 [ 328.015870][ T9598] path_openat+0x1de4/0x2cb0 [ 328.015900][ T9598] ? __pfx_path_openat+0x10/0x10 [ 328.015927][ T9598] ? __lock_acquire+0xb8a/0x1c90 [ 328.015964][ T9598] do_filp_open+0x20b/0x470 [ 328.015989][ T9598] ? __pfx_do_filp_open+0x10/0x10 [ 328.016025][ T9598] ? alloc_fd+0x471/0x7d0 [ 328.016066][ T9598] do_sys_openat2+0x11b/0x1d0 [ 328.016098][ T9598] ? __pfx_do_sys_openat2+0x10/0x10 [ 328.016132][ T9598] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 328.016168][ T9598] __x64_sys_openat+0x174/0x210 [ 328.016200][ T9598] ? __pfx___x64_sys_openat+0x10/0x10 [ 328.016241][ T9598] do_syscall_64+0xcd/0x490 [ 328.016269][ T9598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.016296][ T9598] RIP: 0033:0x7fd86b18e9a9 [ 328.016318][ T9598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.016344][ T9598] RSP: 002b:00007fd86c091038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 328.016371][ T9598] RAX: ffffffffffffffda RBX: 00007fd86b3b5fa0 RCX: 00007fd86b18e9a9 [ 328.016391][ T9598] RDX: 0000000000101100 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 328.016410][ T9598] RBP: 00007fd86b210d69 R08: 0000000000000000 R09: 0000000000000000 [ 328.016436][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.016452][ T9598] R13: 0000000000000000 R14: 00007fd86b3b5fa0 R15: 00007ffc121c2628 [ 328.016479][ T9598] [ 328.016489][ T9598] [ 328.275621][ T9598] Allocated by task 9309: [ 328.279963][ T9598] kasan_save_stack+0x33/0x60 [ 328.284685][ T9598] kasan_save_track+0x14/0x30 [ 328.289385][ T9598] __kasan_kmalloc+0xaa/0xb0 [ 328.293996][ T9598] bpf_init_net+0x56/0x270 [ 328.298544][ T9598] ops_init+0x1df/0x5f0 [ 328.302807][ T9598] setup_net+0x1ff/0x510 [ 328.307245][ T9598] copy_net_ns+0x2a6/0x5f0 [ 328.311685][ T9598] create_new_namespaces+0x3ea/0xa90 [ 328.316992][ T9598] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 328.322642][ T9598] ksys_unshare+0x45b/0xa40 [ 328.327180][ T9598] __x64_sys_unshare+0x31/0x40 [ 328.331966][ T9598] do_syscall_64+0xcd/0x490 [ 328.336488][ T9598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.342405][ T9598] [ 328.344842][ T9598] Freed by task 5035: [ 328.348844][ T9598] kasan_save_stack+0x33/0x60 [ 328.353541][ T9598] kasan_save_track+0x14/0x30 [ 328.358236][ T9598] kasan_save_free_info+0x3b/0x60 [ 328.363297][ T9598] __kasan_slab_free+0x51/0x70 [ 328.368098][ T9598] kfree+0x2b4/0x4d0 [ 328.372107][ T9598] bpf_exit_net+0xaf/0x130 [ 328.376726][ T9598] ops_undo_list+0x363/0xab0 [ 328.381333][ T9598] cleanup_net+0x408/0x890 [ 328.385770][ T9598] process_one_work+0x9cf/0x1b70 [ 328.390739][ T9598] worker_thread+0x6c8/0xf10 [ 328.395363][ T9598] kthread+0x3c2/0x780 [ 328.399461][ T9598] ret_from_fork+0x5d7/0x6f0 [ 328.404076][ T9598] ret_from_fork_asm+0x1a/0x30 [ 328.408859][ T9598] [ 328.411194][ T9598] The buggy address belongs to the object at ffff88802ae4d200 [ 328.411194][ T9598] which belongs to the cache kmalloc-256 of size 256 [ 328.425275][ T9598] The buggy address is located 24 bytes inside of [ 328.425275][ T9598] freed 256-byte region [ffff88802ae4d200, ffff88802ae4d300) [ 328.439004][ T9598] [ 328.441345][ T9598] The buggy address belongs to the physical page: [ 328.447784][ T9598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802ae4d200 pfn:0x2ae4c [ 328.457864][ T9598] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 328.466374][ T9598] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 328.474895][ T9598] page_type: f5(slab) [ 328.478890][ T9598] raw: 00fff00000000240 ffff88801b841b40 ffffea0000c87890 ffffea0000a0df10 [ 328.487492][ T9598] raw: ffff88802ae4d200 000000000010000f 00000000f5000000 0000000000000000 [ 328.496180][ T9598] head: 00fff00000000240 ffff88801b841b40 ffffea0000c87890 ffffea0000a0df10 [ 328.504869][ T9598] head: ffff88802ae4d200 000000000010000f 00000000f5000000 0000000000000000 [ 328.513557][ T9598] head: 00fff00000000001 ffffea0000ab9301 00000000ffffffff 00000000ffffffff [ 328.522680][ T9598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 328.531358][ T9598] page dumped because: kasan: bad access detected [ 328.537776][ T9598] page_owner tracks the page as allocated [ 328.543502][ T9598] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22469284956, free_ts 0 [ 328.563322][ T9598] post_alloc_hook+0x1c0/0x230 [ 328.568217][ T9598] get_page_from_freelist+0x1321/0x3890 [ 328.573924][ T9598] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 328.579848][ T9598] alloc_pages_mpol+0x1fb/0x550 [ 328.584726][ T9598] new_slab+0x23b/0x330 [ 328.588911][ T9598] ___slab_alloc+0xd9c/0x1940 [ 328.593705][ T9598] __slab_alloc.constprop.0+0x56/0xb0 [ 328.599105][ T9598] __kmalloc_cache_noprof+0xfb/0x3e0 [ 328.604415][ T9598] bus_add_driver+0x92/0x690 [ 328.609019][ T9598] driver_register+0x15c/0x4b0 [ 328.613888][ T9598] usb_register_driver+0x216/0x4d0 [ 328.619029][ T9598] do_one_initcall+0x120/0x6e0 [ 328.623809][ T9598] kernel_init_freeable+0x5c2/0x900 [ 328.629038][ T9598] kernel_init+0x1c/0x2b0 [ 328.633566][ T9598] ret_from_fork+0x5d7/0x6f0 [ 328.638179][ T9598] ret_from_fork_asm+0x1a/0x30 [ 328.642957][ T9598] page_owner free stack trace missing [ 328.648336][ T9598] [ 328.650670][ T9598] Memory state around the buggy address: [ 328.656308][ T9598] ffff88802ae4d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.664384][ T9598] ffff88802ae4d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.672470][ T9598] >ffff88802ae4d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.680597][ T9598] ^ [ 328.685486][ T9598] ffff88802ae4d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 328.693577][ T9598] ffff88802ae4d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.701822][ T9598] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 328.809116][ T9598] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 328.816443][ T9598] CPU: 1 UID: 0 PID: 9598 Comm: syz.1.1134 Tainted: G U 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 328.828474][ T9598] Tainted: [U]=USER [ 328.832297][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.842370][ T9598] Call Trace: [ 328.845665][ T9598] [ 328.848698][ T9598] dump_stack_lvl+0x3d/0x1f0 [ 328.853402][ T9598] panic+0x71c/0x800 [ 328.857428][ T9598] ? __pfx_panic+0x10/0x10 [ 328.861904][ T9598] ? mark_held_locks+0x49/0x80 [ 328.866697][ T9598] ? preempt_schedule_thunk+0x16/0x30 [ 328.872093][ T9598] ? dvb_device_open+0x36a/0x3b0 [ 328.877054][ T9598] ? preempt_schedule_common+0x44/0xc0 [ 328.882549][ T9598] ? dvb_device_open+0x36a/0x3b0 [ 328.887508][ T9598] check_panic_on_warn+0xab/0xb0 [ 328.892496][ T9598] end_report+0x107/0x170 [ 328.896866][ T9598] kasan_report+0xee/0x110 [ 328.901332][ T9598] ? dvb_device_open+0x36a/0x3b0 [ 328.906311][ T9598] ? __pfx_dvb_device_open+0x10/0x10 [ 328.911617][ T9598] dvb_device_open+0x36a/0x3b0 [ 328.916425][ T9598] ? __pfx_dvb_device_open+0x10/0x10 [ 328.921739][ T9598] chrdev_open+0x231/0x6a0 [ 328.926175][ T9598] ? __pfx_apparmor_file_open+0x10/0x10 [ 328.931757][ T9598] ? __pfx_chrdev_open+0x10/0x10 [ 328.936718][ T9598] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 328.943522][ T9598] do_dentry_open+0x744/0x1c10 [ 328.948319][ T9598] ? __pfx_chrdev_open+0x10/0x10 [ 328.953277][ T9598] vfs_open+0x82/0x3f0 [ 328.957475][ T9598] path_openat+0x1de4/0x2cb0 [ 328.962087][ T9598] ? __pfx_path_openat+0x10/0x10 [ 328.967130][ T9598] ? __lock_acquire+0xb8a/0x1c90 [ 328.972102][ T9598] do_filp_open+0x20b/0x470 [ 328.976629][ T9598] ? __pfx_do_filp_open+0x10/0x10 [ 328.981693][ T9598] ? alloc_fd+0x471/0x7d0 [ 328.986058][ T9598] do_sys_openat2+0x11b/0x1d0 [ 328.990765][ T9598] ? __pfx_do_sys_openat2+0x10/0x10 [ 328.995990][ T9598] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 329.002089][ T9598] __x64_sys_openat+0x174/0x210 [ 329.007058][ T9598] ? __pfx___x64_sys_openat+0x10/0x10 [ 329.012493][ T9598] do_syscall_64+0xcd/0x490 [ 329.017030][ T9598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.022946][ T9598] RIP: 0033:0x7fd86b18e9a9 [ 329.027381][ T9598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.047015][ T9598] RSP: 002b:00007fd86c091038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 329.055538][ T9598] RAX: ffffffffffffffda RBX: 00007fd86b3b5fa0 RCX: 00007fd86b18e9a9 [ 329.063548][ T9598] RDX: 0000000000101100 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 329.071624][ T9598] RBP: 00007fd86b210d69 R08: 0000000000000000 R09: 0000000000000000 [ 329.079607][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.087594][ T9598] R13: 0000000000000000 R14: 00007fd86b3b5fa0 R15: 00007ffc121c2628 [ 329.095590][ T9598] [ 329.098876][ T9598] Kernel Offset: disabled [ 329.103316][ T9598] Rebooting in 86400 seconds..