last executing test programs: 1m18.313308231s ago: executing program 3 (id=4861): mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x891d, 0x24) 1m16.784865795s ago: executing program 3 (id=4863): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00F\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a000000080001008000000008000200", @ANYRES32=r1], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20004080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='X'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m16.650554789s ago: executing program 3 (id=4864): close_range$auto(0x0, 0xfffffffffffff001, 0x2) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer2\x00', 0x40000, 0x0) socket(0x2, 0x1, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000040), 0x101800, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) ftruncate$auto(0x3, 0x400180200000) 1m16.530976908s ago: executing program 3 (id=4865): close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(r0, 0x0, 0x820e, 0x9, 0x0, 0x80000005) 1m16.398756816s ago: executing program 3 (id=4867): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x6, 0x16, 0x0, 0x40) tkill$auto(0x1, 0x7) 1m15.423822283s ago: executing program 3 (id=4873): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84}, 0x1fe, 0xd) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @multicast}, @HSR_A_IF1_SEQ={0x6, 0x6, 0xd}]}, 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m14.72595914s ago: executing program 32 (id=4873): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84}, 0x1fe, 0xd) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @multicast}, @HSR_A_IF1_SEQ={0x6, 0x6, 0xd}]}, 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 11.17268167s ago: executing program 4 (id=5172): r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) socket(0xa, 0x2, 0x3a) ioprio_set$auto(0x3, 0x0, 0x4b34) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x8001, 0x2) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000) close_range$auto(0x2, 0x8000, 0x0) 6.844044102s ago: executing program 4 (id=5199): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000003c0)={0x0, 0xffffffffffffff9d, &(0x7f00000019c0)={0x0}, 0x1, 0x0, 0x0, 0x4044}, 0x0) 6.52486146s ago: executing program 2 (id=5200): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x21}}, 0x40) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.1067446s ago: executing program 4 (id=5204): mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110b27f27200fbdbdf250c00000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.879999632s ago: executing program 2 (id=5206): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_GET_CONTEXT_ID(r0, 0x7b3, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0x9, 0x9b72, r1, 0x8000) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, 0x0) 4.854840951s ago: executing program 1 (id=5210): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x300, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyr3/dev\x00', 0x40200, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) fstat$auto(0x2, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x40085500, 0x0) 4.660652891s ago: executing program 4 (id=5211): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) unshare$auto(0x40000080) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4010ae42, 0x38) 4.615146345s ago: executing program 1 (id=5212): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x9, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) 3.52150788s ago: executing program 4 (id=5214): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x80000, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x2a, 0x0, 0x0) read$auto_proc_pagemap_operations_internal(0xffffffffffffffff, &(0x7f0000001540)=""/209, 0xd1) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) 2.696961689s ago: executing program 1 (id=5221): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/dbroot\x00', 0x109103, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.549318936s ago: executing program 2 (id=5223): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) select$auto(0xffffffff, &(0x7f0000000040)={[0x54, 0x10, 0x800000c8be, 0x8, 0x273a, 0x0, 0xb, 0x5, 0x5, 0x330, 0x7, 0x200cf, 0x45, 0xc, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.16867871s ago: executing program 4 (id=5224): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x41}}, 0x6a) listen$auto(0x3, 0x81) read$auto(r0, 0x0, 0x7) close_range$auto(0x2, r0, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6a) 1.890953215s ago: executing program 1 (id=5225): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x7, 0x6, 0x2) io_uring_setup$auto(0x6, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x80000000) close_range$auto(0x2, 0x8000, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) 1.552663381s ago: executing program 2 (id=5226): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) pidfd_getfd$auto(0x3, 0x1, 0x100000000) 1.543205607s ago: executing program 0 (id=5227): mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) chdir$auto(&(0x7f0000000280)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(0x0, 0x0, 0x41) creat$auto(0x0, 0x0) 1.307025341s ago: executing program 0 (id=5228): open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) setreuid$auto(0x0, 0x7) fcntl$auto(0x3, 0x400, 0x1) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x6a640, 0x20) close_range$auto(0x2, 0xa, 0x0) 1.19962722s ago: executing program 1 (id=5229): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0x7, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) 1.035286817s ago: executing program 0 (id=5230): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop3\x00', 0x22000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyr3/dev\x00', 0x40200, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) fstat$auto(0x2, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(r0, 0x401870c8, 0xffffffffffffffff) 934.697959ms ago: executing program 2 (id=5231): mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r0 = socket(0x1d, 0x3, 0x1) io_uring_setup$auto(0x40000002c55, 0x0) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x800) bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a) 816.817395ms ago: executing program 0 (id=5232): setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x0) mmap$auto(0x0, 0x1, 0x37eb, 0x40eb2, 0x4, 0x300000000000) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0xffffffffffffffff, 0x0, 0x2940) 530.090897ms ago: executing program 0 (id=5233): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) futex$auto(0x0, 0x8d, 0x0, 0x0, 0x0, 0x100) 342.078985ms ago: executing program 1 (id=5234): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) shmctl$auto_IPC_INFO(0x8, 0x3, 0x0) 132.658504ms ago: executing program 2 (id=5235): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socketpair$auto(0x0, 0xc, 0x8000000000000000, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) 0s ago: executing program 0 (id=5236): openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x8a200, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20a04, 0x0) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000031c0)='/dev/ttyua\x00', 0x109000, 0x0) read$auto(r1, 0x0, 0x42) read$auto(r1, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x4800, 0x0) close_range$auto(r1, r0, 0x7) kernel console output (not intermixed with test programs): mm_fault+0x152a/0x2a50 [ 692.271199][T16848] ? mt_find+0x3ef/0xa30 [ 692.271224][T16848] ? __pfx___handle_mm_fault+0x10/0x10 [ 692.271247][T16848] ? __pfx_mt_find+0x10/0x10 [ 692.271294][T16848] ? find_vma+0xbf/0x140 [ 692.271326][T16848] ? __pfx_find_vma+0x10/0x10 [ 692.271362][T16848] handle_mm_fault+0x589/0xd10 [ 692.271389][T16848] ? trace_raw_output_exceptions+0x121/0x150 [ 692.271429][T16848] do_user_addr_fault+0x7a6/0x1370 [ 692.271472][T16848] ? rcu_is_watching+0x12/0xc0 [ 692.271500][T16848] exc_page_fault+0x5c/0xb0 [ 692.271537][T16848] asm_exc_page_fault+0x26/0x30 [ 692.271560][T16848] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 692.271592][T16848] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 692.271616][T16848] RSP: 0018:ffffc9000cb57cf8 EFLAGS: 00050246 [ 692.271637][T16848] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 692.271651][T16848] RDX: ffffed100ee66c71 RSI: 0000000000000000 RDI: ffff888077336380 [ 692.271667][T16848] RBP: 0000000000000008 R08: 0000000000000001 R09: ffffed100ee66c70 [ 692.271682][T16848] R10: ffff888077336387 R11: 0000000000000000 R12: 0000000000000000 [ 692.271696][T16848] R13: ffff888077336380 R14: 0000000000000000 R15: 0000000000000008 [ 692.271727][T16848] _copy_from_user+0x98/0xd0 [ 692.271758][T16848] sctp_setsockopt+0x2045/0xb870 [ 692.271790][T16848] ? __pfx_sctp_setsockopt+0x10/0x10 [ 692.271816][T16848] ? __pfx_aa_sk_perm+0x10/0x10 [ 692.271842][T16848] ? __fget_files+0x204/0x3c0 [ 692.271870][T16848] ? sock_common_setsockopt+0x2e/0xf0 [ 692.271897][T16848] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 692.271927][T16848] do_sock_setsockopt+0xf3/0x1d0 [ 692.271957][T16848] __sys_setsockopt+0x120/0x1a0 [ 692.271998][T16848] __x64_sys_setsockopt+0xbd/0x160 [ 692.272033][T16848] ? do_syscall_64+0x91/0x490 [ 692.272054][T16848] ? lockdep_hardirqs_on+0x7c/0x110 [ 692.272090][T16848] do_syscall_64+0xcd/0x490 [ 692.272114][T16848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.272138][T16848] RIP: 0033:0x7f50f4d8eb69 [ 692.272156][T16848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 692.272179][T16848] RSP: 002b:00007f50f5c55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 692.272201][T16848] RAX: ffffffffffffffda RBX: 00007f50f4fb5fa0 RCX: 00007f50f4d8eb69 [ 692.272217][T16848] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 692.272232][T16848] RBP: 00007f50f4e11df1 R08: 0000000000000008 R09: 0000000000000000 [ 692.272247][T16848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 692.272262][T16848] R13: 0000000000000000 R14: 00007f50f4fb5fa0 R15: 00007ffdbf77c3d8 [ 692.272303][T16848] [ 693.432245][T16859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4443'. [ 693.559643][T16865] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4443'. [ 694.017059][T16870] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4448'. [ 695.117395][T16899] FAULT_INJECTION: forcing a failure. [ 695.117395][T16899] name failslab, interval 1, probability 0, space 0, times 0 [ 695.140206][T16899] CPU: 1 UID: 0 PID: 16899 Comm: syz.0.4461 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 695.140252][T16899] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 695.140262][T16899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 695.140277][T16899] Call Trace: [ 695.140285][T16899] [ 695.140294][T16899] dump_stack_lvl+0x16c/0x1f0 [ 695.140337][T16899] should_fail_ex+0x512/0x640 [ 695.140362][T16899] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 695.140391][T16899] should_failslab+0xc2/0x120 [ 695.140424][T16899] __kmalloc_cache_noprof+0x6a/0x3e0 [ 695.140449][T16899] ? lockdep_init_map_type+0x5c/0x280 [ 695.140483][T16899] ? snd_seq_prioq_new+0x3f/0x110 [ 695.140523][T16899] snd_seq_prioq_new+0x3f/0x110 [ 695.140557][T16899] snd_seq_queue_alloc+0x153/0x5a0 [ 695.140594][T16899] snd_seq_ioctl_create_queue+0xa9/0x380 [ 695.140641][T16899] snd_seq_kernel_client_ctl+0x10a/0x1c0 [ 695.140671][T16899] alloc_seq_queue+0xda/0x180 [ 695.140697][T16899] ? __pfx_alloc_seq_queue+0x10/0x10 [ 695.140740][T16899] ? mark_held_locks+0x49/0x80 [ 695.140772][T16899] ? _raw_spin_unlock_irq+0x23/0x50 [ 695.140809][T16899] snd_seq_oss_open+0x38c/0xa20 [ 695.140841][T16899] odev_open+0x6f/0x90 [ 695.140862][T16899] ? __pfx_odev_open+0x10/0x10 [ 695.140889][T16899] soundcore_open+0x409/0x580 [ 695.140915][T16899] ? __pfx_soundcore_open+0x10/0x10 [ 695.140937][T16899] chrdev_open+0x231/0x6a0 [ 695.140968][T16899] ? __pfx_apparmor_file_open+0x10/0x10 [ 695.141003][T16899] ? __pfx_chrdev_open+0x10/0x10 [ 695.141037][T16899] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 695.141071][T16899] do_dentry_open+0x97f/0x1530 [ 695.141102][T16899] ? __pfx_chrdev_open+0x10/0x10 [ 695.141140][T16899] vfs_open+0x82/0x3f0 [ 695.141181][T16899] path_openat+0x1de4/0x2cb0 [ 695.141219][T16899] ? __pfx_path_openat+0x10/0x10 [ 695.141256][T16899] do_filp_open+0x20b/0x470 [ 695.141286][T16899] ? __pfx_do_filp_open+0x10/0x10 [ 695.141337][T16899] ? alloc_fd+0x471/0x7d0 [ 695.141370][T16899] do_sys_openat2+0x11b/0x1d0 [ 695.141408][T16899] ? __pfx_do_sys_openat2+0x10/0x10 [ 695.141458][T16899] __x64_sys_openat+0x174/0x210 [ 695.141498][T16899] ? __pfx___x64_sys_openat+0x10/0x10 [ 695.141549][T16899] do_syscall_64+0xcd/0x490 [ 695.141573][T16899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.141598][T16899] RIP: 0033:0x7f4773d8eb69 [ 695.141617][T16899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.141641][T16899] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 695.141665][T16899] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 695.141681][T16899] RDX: 0000000000143900 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 695.141697][T16899] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 695.141712][T16899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 695.141727][T16899] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 695.141758][T16899] [ 696.364695][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.371495][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 697.016131][T16905] Process accounting paused [ 697.550268][T16937] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4475'. [ 698.172098][T16949] netlink: 'syz.3.4480': attribute type 19 has an invalid length. [ 698.222542][T16949] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4480'. [ 698.793344][T16958] netlink: 'syz.2.4483': attribute type 1 has an invalid length. [ 698.847237][T16958] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4483'. [ 699.555305][T16977] FAULT_INJECTION: forcing a failure. [ 699.555305][T16977] name failslab, interval 1, probability 0, space 0, times 0 [ 699.611913][T16977] CPU: 1 UID: 0 PID: 16977 Comm: syz.1.4492 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 699.611959][T16977] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 699.611969][T16977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 699.611983][T16977] Call Trace: [ 699.611991][T16977] [ 699.612000][T16977] dump_stack_lvl+0x16c/0x1f0 [ 699.612043][T16977] should_fail_ex+0x512/0x640 [ 699.612067][T16977] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 699.612104][T16977] should_failslab+0xc2/0x120 [ 699.612137][T16977] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 699.612170][T16977] ? __split_page_owner+0x23b/0x3b0 [ 699.612197][T16977] ? snd_pcm_hw_rule_add+0x414/0x5a0 [ 699.612226][T16977] krealloc_noprof+0x1ff/0x3a0 [ 699.612259][T16977] snd_pcm_hw_rule_add+0x414/0x5a0 [ 699.612283][T16977] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 699.612318][T16977] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 699.612344][T16977] ? lockdep_init_map_type+0x5c/0x280 [ 699.612379][T16977] ? debug_mutex_init+0x37/0x70 [ 699.612403][T16977] ? snd_pcm_attach_substream+0x89d/0xd60 [ 699.612446][T16977] snd_pcm_open_substream+0x534/0x17f0 [ 699.612483][T16977] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 699.612516][T16977] ? lockdep_init_map_type+0x5c/0x280 [ 699.612553][T16977] ? lockdep_init_map_type+0x5c/0x280 [ 699.612591][T16977] snd_pcm_oss_open+0x735/0x1400 [ 699.612640][T16977] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 699.612670][T16977] ? __lock_acquire+0xb97/0x1ce0 [ 699.612703][T16977] ? __pfx_default_wake_function+0x10/0x10 [ 699.612730][T16977] ? __lock_acquire+0xb97/0x1ce0 [ 699.612770][T16977] ? do_raw_spin_lock+0x12c/0x2b0 [ 699.612811][T16977] ? soundcore_open+0x35a/0x580 [ 699.612835][T16977] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 699.612865][T16977] soundcore_open+0x409/0x580 [ 699.612890][T16977] ? __pfx_soundcore_open+0x10/0x10 [ 699.612912][T16977] chrdev_open+0x231/0x6a0 [ 699.612948][T16977] ? __pfx_apparmor_file_open+0x10/0x10 [ 699.612977][T16977] ? __pfx_chrdev_open+0x10/0x10 [ 699.613011][T16977] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 699.613045][T16977] do_dentry_open+0x97f/0x1530 [ 699.613075][T16977] ? __pfx_chrdev_open+0x10/0x10 [ 699.613113][T16977] vfs_open+0x82/0x3f0 [ 699.613153][T16977] path_openat+0x1de4/0x2cb0 [ 699.613192][T16977] ? __pfx_path_openat+0x10/0x10 [ 699.613229][T16977] do_filp_open+0x20b/0x470 [ 699.613259][T16977] ? __pfx_do_filp_open+0x10/0x10 [ 699.613310][T16977] ? alloc_fd+0x471/0x7d0 [ 699.613344][T16977] do_sys_openat2+0x11b/0x1d0 [ 699.613382][T16977] ? __pfx_do_sys_openat2+0x10/0x10 [ 699.613423][T16977] ? __pfx___might_resched+0x10/0x10 [ 699.613455][T16977] __x64_sys_openat+0x174/0x210 [ 699.613494][T16977] ? __pfx___x64_sys_openat+0x10/0x10 [ 699.613546][T16977] do_syscall_64+0xcd/0x490 [ 699.613571][T16977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.613596][T16977] RIP: 0033:0x7fcf0198eb69 [ 699.613615][T16977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.613646][T16977] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 699.613670][T16977] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 699.613686][T16977] RDX: 0000000000000102 RSI: 0000200000004000 RDI: ffffffffffffff9c [ 699.613701][T16977] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 699.613716][T16977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.613731][T16977] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 699.613762][T16977] [ 701.588816][T16994] misc userio: The device must be registered before sending interrupts [ 702.566362][T17025] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 702.628938][T17021] FAULT_INJECTION: forcing a failure. [ 702.628938][T17021] name fail_futex, interval 1, probability 0, space 0, times 0 [ 702.954941][T17031] tipc: Trying to set illegal importance in message [ 702.972614][T17021] CPU: 1 UID: 0 PID: 17021 Comm: syz.2.4507 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 702.972659][T17021] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 702.972669][T17021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 702.972683][T17021] Call Trace: [ 702.972691][T17021] [ 702.972699][T17021] dump_stack_lvl+0x16c/0x1f0 [ 702.972743][T17021] should_fail_ex+0x512/0x640 [ 702.972772][T17021] get_futex_key+0x1d0/0x1560 [ 702.972806][T17021] ? __pfx_get_futex_key+0x10/0x10 [ 702.972834][T17021] ? futex_private_hash_put+0x176/0x300 [ 702.972874][T17021] futex_wake+0xea/0x530 [ 702.972907][T17021] ? futex_wait+0x120/0x380 [ 702.972948][T17021] ? __pfx_futex_wait+0x10/0x10 [ 702.972986][T17021] ? __pfx_futex_wake+0x10/0x10 [ 702.973025][T17021] ? __lock_acquire+0x62e/0x1ce0 [ 702.973066][T17021] do_futex+0x1e3/0x350 [ 702.973097][T17021] ? __pfx_do_futex+0x10/0x10 [ 702.973130][T17021] ? __pfx_sched_core_share_pid+0x10/0x10 [ 702.973161][T17021] __x64_sys_futex+0x1e0/0x4c0 [ 702.973197][T17021] ? __pfx___x64_sys_futex+0x10/0x10 [ 702.973230][T17021] ? __pfx___do_sys_prctl+0x10/0x10 [ 702.973288][T17021] do_syscall_64+0xcd/0x490 [ 702.973312][T17021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.973337][T17021] RIP: 0033:0x7f016398eb69 [ 702.973356][T17021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 702.973381][T17021] RSP: 002b:00007f01648380e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 702.973404][T17021] RAX: ffffffffffffffda RBX: 00007f0163bb5fa8 RCX: 00007f016398eb69 [ 702.973420][T17021] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0163bb5fac [ 702.973436][T17021] RBP: 00007f0163bb5fa0 R08: 00007f0164839000 R09: 0000000000000000 [ 702.973452][T17021] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f0163bb5fac [ 702.973468][T17021] R13: 0000000000000000 R14: 00007ffe1f14c100 R15: 00007ffe1f14c1e8 [ 702.973498][T17021] [ 703.236036][T17030] netlink: 322 bytes leftover after parsing attributes in process `syz.3.4515'. [ 703.630414][T17040] FAULT_INJECTION: forcing a failure. [ 703.630414][T17040] name failslab, interval 1, probability 0, space 0, times 0 [ 703.653993][T17040] CPU: 1 UID: 0 PID: 17040 Comm: syz.0.4522 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 703.654039][T17040] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 703.654049][T17040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 703.654063][T17040] Call Trace: [ 703.654071][T17040] [ 703.654080][T17040] dump_stack_lvl+0x16c/0x1f0 [ 703.654122][T17040] should_fail_ex+0x512/0x640 [ 703.654147][T17040] ? __kmalloc_noprof+0xbf/0x510 [ 703.654178][T17040] ? get_modalias+0xbb/0x380 [ 703.654205][T17040] should_failslab+0xc2/0x120 [ 703.654239][T17040] __kmalloc_noprof+0xd2/0x510 [ 703.654277][T17040] ? get_modalias+0x20f/0x380 [ 703.654311][T17040] get_modalias+0xbb/0x380 [ 703.654344][T17040] ? __pfx_sys_dmi_modalias_show+0x10/0x10 [ 703.654374][T17040] sys_dmi_modalias_show+0x1f/0xb0 [ 703.654405][T17040] dev_attr_show+0x53/0xe0 [ 703.654434][T17040] ? __pfx_dev_attr_show+0x10/0x10 [ 703.654460][T17040] sysfs_kf_seq_show+0x216/0x3e0 [ 703.654494][T17040] seq_read_iter+0x506/0x12c0 [ 703.654518][T17040] ? __mutex_trylock_common+0xe9/0x250 [ 703.654562][T17040] kernfs_fop_read_iter+0x40f/0x5a0 [ 703.654603][T17040] ? rw_verify_area+0xcf/0x6c0 [ 703.654630][T17040] vfs_read+0x8bc/0xc60 [ 703.654661][T17040] ? __pfx___mutex_lock+0x10/0x10 [ 703.654683][T17040] ? __pfx_vfs_read+0x10/0x10 [ 703.654735][T17040] ksys_read+0x12a/0x250 [ 703.654762][T17040] ? __pfx_ksys_read+0x10/0x10 [ 703.654799][T17040] do_syscall_64+0xcd/0x490 [ 703.654822][T17040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.654847][T17040] RIP: 0033:0x7f4773d8eb69 [ 703.654865][T17040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.654890][T17040] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 703.654913][T17040] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 703.654929][T17040] RDX: 0000000000001016 RSI: 0000200000000000 RDI: 0000000000000003 [ 703.654944][T17040] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 703.654959][T17040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.654974][T17040] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 703.655005][T17040] [ 705.980651][T17063] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4534'. [ 706.003195][T17063] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4534'. [ 706.140325][T17065] mkiss: ax0: crc mode is auto. [ 706.455566][T17071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4536'. [ 706.961688][T17081] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4541'. [ 707.072487][T17083] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4542'. [ 708.949838][T17116] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4554'. [ 710.744678][T17143] zram0: detected capacity change from 0 to 8 [ 715.207797][T17229] FAULT_INJECTION: forcing a failure. [ 715.207797][T17229] name failslab, interval 1, probability 0, space 0, times 0 [ 715.327803][T17229] CPU: 1 UID: 0 PID: 17229 Comm: syz.3.4593 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 715.327848][T17229] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 715.327859][T17229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 715.327874][T17229] Call Trace: [ 715.327882][T17229] [ 715.327891][T17229] dump_stack_lvl+0x16c/0x1f0 [ 715.327935][T17229] should_fail_ex+0x512/0x640 [ 715.327960][T17229] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 715.327994][T17229] should_failslab+0xc2/0x120 [ 715.328027][T17229] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 715.328055][T17229] ? __asan_memcpy+0x3c/0x60 [ 715.328079][T17229] ? __kernfs_new_node+0xd2/0x8e0 [ 715.328115][T17229] __kernfs_new_node+0xd2/0x8e0 [ 715.328150][T17229] ? __pfx___kernfs_new_node+0x10/0x10 [ 715.328190][T17229] ? find_held_lock+0x2b/0x80 [ 715.328215][T17229] ? kernfs_root+0xee/0x2a0 [ 715.328252][T17229] kernfs_new_node+0x13c/0x1e0 [ 715.328293][T17229] kernfs_create_link+0xcc/0x240 [ 715.328321][T17229] sysfs_do_create_link_sd+0x90/0x140 [ 715.328355][T17229] sysfs_create_link+0x61/0xc0 [ 715.328385][T17229] __add_disk+0x61e/0xf00 [ 715.328412][T17229] ? find_held_lock+0x2b/0x80 [ 715.328439][T17229] add_disk_fwnode+0x3f8/0x5d0 [ 715.328473][T17229] zram_add+0x4bf/0x6f0 [ 715.328507][T17229] ? __pfx_zram_add+0x10/0x10 [ 715.328561][T17229] ? find_held_lock+0x2b/0x80 [ 715.328590][T17229] ? __pfx_hot_add_show+0x10/0x10 [ 715.328623][T17229] ? __pfx_class_attr_show+0x10/0x10 [ 715.328651][T17229] hot_add_show+0x21/0x80 [ 715.328685][T17229] class_attr_show+0x6f/0xa0 [ 715.328714][T17229] sysfs_kf_seq_show+0x216/0x3e0 [ 715.328747][T17229] seq_read_iter+0x506/0x12c0 [ 715.328772][T17229] ? __mutex_trylock_common+0xe9/0x250 [ 715.328816][T17229] kernfs_fop_read_iter+0x40f/0x5a0 [ 715.328856][T17229] ? rw_verify_area+0xcf/0x6c0 [ 715.328883][T17229] vfs_read+0x8bc/0xc60 [ 715.328914][T17229] ? __pfx___mutex_lock+0x10/0x10 [ 715.328937][T17229] ? __pfx_vfs_read+0x10/0x10 [ 715.328984][T17229] ksys_read+0x12a/0x250 [ 715.329012][T17229] ? __pfx_ksys_read+0x10/0x10 [ 715.329048][T17229] do_syscall_64+0xcd/0x490 [ 715.329073][T17229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.329097][T17229] RIP: 0033:0x7f50f4d8eb69 [ 715.329116][T17229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.329140][T17229] RSP: 002b:00007f50f5c55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 715.329163][T17229] RAX: ffffffffffffffda RBX: 00007f50f4fb5fa0 RCX: 00007f50f4d8eb69 [ 715.329179][T17229] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 715.329193][T17229] RBP: 00007f50f4e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 715.329209][T17229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.329225][T17229] R13: 0000000000000000 R14: 00007f50f4fb5fa0 R15: 00007ffdbf77c3d8 [ 715.329257][T17229] [ 716.827032][T17253] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4603'. [ 716.926075][T17255] netlink: 'syz.0.4604': attribute type 29 has an invalid length. [ 716.938646][T17255] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4604'. [ 716.979166][T17251] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4602'. [ 717.038169][T17257] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4605'. [ 717.317528][T17261] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 717.602791][T17264] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4610'. [ 717.710149][T17265] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4608'. [ 718.339076][T17281] FAULT_INJECTION: forcing a failure. [ 718.339076][T17281] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 718.390545][T17281] CPU: 1 UID: 0 PID: 17281 Comm: syz.0.4615 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 718.390593][T17281] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 718.390604][T17281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 718.390619][T17281] Call Trace: [ 718.390627][T17281] [ 718.390636][T17281] dump_stack_lvl+0x16c/0x1f0 [ 718.390679][T17281] should_fail_ex+0x512/0x640 [ 718.390708][T17281] should_fail_alloc_page+0xe7/0x130 [ 718.390744][T17281] prepare_alloc_pages+0x3c2/0x610 [ 718.390792][T17281] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 718.390828][T17281] ? find_held_lock+0x2b/0x80 [ 718.390853][T17281] ? is_bpf_text_address+0x8a/0x1a0 [ 718.390884][T17281] ? bpf_ksym_find+0x124/0x1c0 [ 718.390908][T17281] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 718.390937][T17281] ? is_bpf_text_address+0x94/0x1a0 [ 718.390970][T17281] ? __kernel_text_address+0xd/0x40 [ 718.390992][T17281] ? unwind_get_return_address+0x59/0xa0 [ 718.391030][T17281] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 718.391070][T17281] ? policy_nodemask+0xea/0x4e0 [ 718.391104][T17281] alloc_pages_mpol+0x1fb/0x550 [ 718.391141][T17281] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 718.391172][T17281] ? kasan_save_stack+0x33/0x60 [ 718.391209][T17281] ? __kasan_kmalloc+0xaa/0xb0 [ 718.391234][T17281] ? __get_vm_area_node+0x101/0x330 [ 718.391278][T17281] alloc_pages_noprof+0x131/0x390 [ 718.391312][T17281] get_free_pages_noprof+0x10/0xb0 [ 718.391347][T17281] kasan_populate_vmalloc+0x89/0x1f0 [ 718.391380][T17281] alloc_vmap_area+0x959/0x29c0 [ 718.391428][T17281] ? __pfx_alloc_vmap_area+0x10/0x10 [ 718.391472][T17281] __get_vm_area_node+0x1ca/0x330 [ 718.391523][T17281] __vmalloc_node_range_noprof+0x271/0x14b0 [ 718.391566][T17281] ? kernel_clone+0xfc/0x930 [ 718.391596][T17281] ? local_lock_release+0x99/0x140 [ 718.391638][T17281] ? kernel_clone+0xfc/0x930 [ 718.391671][T17281] ? rcu_read_unlock+0x17/0x60 [ 718.391708][T17281] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 718.391760][T17281] ? kernel_clone+0xfc/0x930 [ 718.391790][T17281] __vmalloc_node_noprof+0xad/0xf0 [ 718.391830][T17281] ? kernel_clone+0xfc/0x930 [ 718.391864][T17281] copy_process+0x2c70/0x7690 [ 718.391896][T17281] ? __pfx___futex_wait+0x10/0x10 [ 718.391932][T17281] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 718.391967][T17281] ? lockdep_hardirqs_on+0x7c/0x110 [ 718.392013][T17281] ? __pfx_copy_process+0x10/0x10 [ 718.392042][T17281] ? futex_private_hash_put+0x176/0x300 [ 718.392073][T17281] ? futex_private_hash_put+0x18a/0x300 [ 718.392106][T17281] kernel_clone+0xfc/0x930 [ 718.392138][T17281] ? __pfx_kernel_clone+0x10/0x10 [ 718.392190][T17281] __do_sys_clone+0xce/0x120 [ 718.392222][T17281] ? __pfx___do_sys_clone+0x10/0x10 [ 718.392267][T17281] ? xfd_validate_state+0x61/0x180 [ 718.392303][T17281] ? __pfx_ksys_write+0x10/0x10 [ 718.392340][T17281] do_syscall_64+0xcd/0x490 [ 718.392364][T17281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.392390][T17281] RIP: 0033:0x7f4773d8eb69 [ 718.392409][T17281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.392433][T17281] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 718.392457][T17281] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 718.392473][T17281] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020003b46 [ 718.392489][T17281] RBP: 00007f4773e11df1 R08: 0000000010000002 R09: 0000000000000000 [ 718.392508][T17281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 718.392522][T17281] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 718.392551][T17281] [ 719.280411][T17281] syz.0.4615: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 719.315346][T17281] CPU: 1 UID: 0 PID: 17281 Comm: syz.0.4615 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 719.315390][T17281] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 719.315400][T17281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 719.315415][T17281] Call Trace: [ 719.315424][T17281] [ 719.315433][T17281] dump_stack_lvl+0x16c/0x1f0 [ 719.315478][T17281] warn_alloc+0x248/0x3a0 [ 719.315514][T17281] ? __pfx_warn_alloc+0x10/0x10 [ 719.315545][T17281] ? kfree+0x2b4/0x4d0 [ 719.315578][T17281] ? __get_vm_area_node+0x208/0x330 [ 719.315626][T17281] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 719.315667][T17281] ? local_lock_release+0x99/0x140 [ 719.315708][T17281] ? kernel_clone+0xfc/0x930 [ 719.315740][T17281] ? rcu_read_unlock+0x17/0x60 [ 719.315776][T17281] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 719.315828][T17281] ? kernel_clone+0xfc/0x930 [ 719.315858][T17281] __vmalloc_node_noprof+0xad/0xf0 [ 719.315899][T17281] ? kernel_clone+0xfc/0x930 [ 719.315933][T17281] copy_process+0x2c70/0x7690 [ 719.315965][T17281] ? __pfx___futex_wait+0x10/0x10 [ 719.316001][T17281] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 719.316036][T17281] ? lockdep_hardirqs_on+0x7c/0x110 [ 719.316082][T17281] ? __pfx_copy_process+0x10/0x10 [ 719.316119][T17281] ? futex_private_hash_put+0x176/0x300 [ 719.316152][T17281] ? futex_private_hash_put+0x18a/0x300 [ 719.316187][T17281] kernel_clone+0xfc/0x930 [ 719.316221][T17281] ? __pfx_kernel_clone+0x10/0x10 [ 719.316269][T17281] __do_sys_clone+0xce/0x120 [ 719.316301][T17281] ? __pfx___do_sys_clone+0x10/0x10 [ 719.316346][T17281] ? xfd_validate_state+0x61/0x180 [ 719.316386][T17281] ? __pfx_ksys_write+0x10/0x10 [ 719.316422][T17281] do_syscall_64+0xcd/0x490 [ 719.316446][T17281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.316471][T17281] RIP: 0033:0x7f4773d8eb69 [ 719.316491][T17281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.316515][T17281] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 719.316538][T17281] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 719.316553][T17281] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020003b46 [ 719.316568][T17281] RBP: 00007f4773e11df1 R08: 0000000010000002 R09: 0000000000000000 [ 719.316583][T17281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.316598][T17281] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 719.316632][T17281] [ 719.316706][T17281] Mem-Info: [ 719.715221][T17281] active_anon:4540 inactive_anon:48087 isolated_anon:0 [ 719.715221][T17281] active_file:22136 inactive_file:41190 isolated_file:0 [ 719.715221][T17281] unevictable:768 dirty:380 writeback:0 [ 719.715221][T17281] slab_reclaimable:11625 slab_unreclaimable:98605 [ 719.715221][T17281] mapped:31567 shmem:42599 pagetables:1301 [ 719.715221][T17281] sec_pagetables:0 bounce:0 [ 719.715221][T17281] kernel_misc_reclaimable:0 [ 719.715221][T17281] free:736136 free_pcp:9053 free_cma:0 [ 719.780726][T17281] Node 0 active_anon:18108kB inactive_anon:172028kB active_file:88540kB inactive_file:164628kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126788kB dirty:1520kB writeback:0kB shmem:152556kB shmem_thp:4096kB shmem_pmdmapped:4096kB anon_thp:16384kB kernel_stack:11856kB pagetables:5024kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 719.841918][T17281] Node 1 active_anon:0kB inactive_anon:4108kB active_file:4kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB kernel_stack:48kB pagetables:180kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 719.894176][T17281] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 719.955197][T17281] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 719.961878][T17281] Node 0 DMA32 free:1174012kB boost:0kB min:34324kB low:42904kB high:51484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15960kB inactive_anon:171144kB active_file:87300kB inactive_file:164556kB unevictable:1536kB writepending:1520kB present:3129332kB managed:2539724kB mlocked:0kB bounce:0kB free_pcp:42424kB local_pcp:42424kB free_cma:0kB [ 720.008839][T17281] lowmem_reserve[]: 0 0 1 1 1 [ 720.013618][T17281] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:1240kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 720.064465][T17281] lowmem_reserve[]: 0 0 0 0 0 [ 720.074567][T17281] Node 1 Normal free:1798292kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:4108kB active_file:4kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15620kB local_pcp:15620kB free_cma:0kB [ 720.122102][T17281] lowmem_reserve[]: 0 0 0 0 0 [ 720.126874][T17281] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 720.148717][T17281] Node 0 DMA32: 2327*4kB (UM) 1338*8kB (UM) 873*16kB (UM) 666*32kB (UM) 248*64kB (UME) 54*128kB (UME) 34*256kB (UME) 139*512kB (UM) 96*1024kB (UM) 6*2048kB (UM) 221*4096kB (UM) = 1173756kB [ 720.178538][T17281] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 720.198962][T17281] Node 1 Normal: 1*4kB (E) 4*8kB (UE) 7*16kB (E) 4*32kB (E) 8*64kB (UE) 37*128kB (UE) 19*256kB (UME) 6*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 434*4096kB (M) = 1798292kB [ 720.230220][T17281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 720.240919][T17281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 720.260935][T17281] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=1048576kB [ 720.286537][T17281] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 720.303323][T17281] 101467 total pagecache pages [ 720.308243][T17281] 30 pages in swap cache [ 720.314543][T17281] Free swap = 124036kB [ 720.320799][T17281] Total swap = 124996kB [ 720.338261][T17281] 2097051 pages RAM [ 720.344453][T17281] 0 pages HighMem/MovableOnly [ 720.349523][T17281] 430158 pages reserved [ 720.353695][T17281] 0 pages cma reserved [ 720.776819][T17294] netlink: 'syz.1.4620': attribute type 14 has an invalid length. [ 720.807437][T17294] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4620'. [ 722.660910][T17328] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4633'. [ 726.731871][T17382] netlink: 346 bytes leftover after parsing attributes in process `syz.0.4658'. [ 726.946229][T17388] netlink: 306 bytes leftover after parsing attributes in process `syz.0.4660'. [ 727.114104][T17390] Process accounting resumed [ 727.283975][T17399] FAULT_INJECTION: forcing a failure. [ 727.283975][T17399] name failslab, interval 1, probability 0, space 0, times 0 [ 727.352164][T17399] CPU: 1 UID: 0 PID: 17399 Comm: syz.0.4664 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 727.352209][T17399] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 727.352220][T17399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 727.352234][T17399] Call Trace: [ 727.352242][T17399] [ 727.352252][T17399] dump_stack_lvl+0x16c/0x1f0 [ 727.352295][T17399] should_fail_ex+0x512/0x640 [ 727.352327][T17399] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 727.352364][T17399] should_failslab+0xc2/0x120 [ 727.352397][T17399] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 727.352431][T17399] ? trace_kmem_cache_alloc+0x28/0xc0 [ 727.352467][T17399] ? key_alloc+0x43e/0x1330 [ 727.352500][T17399] kmemdup_noprof+0x29/0x60 [ 727.352530][T17399] key_alloc+0x43e/0x1330 [ 727.352567][T17399] ? __pfx_key_alloc+0x10/0x10 [ 727.352603][T17399] keyring_alloc+0x44/0xc0 [ 727.352637][T17399] install_session_keyring_to_cred+0x190/0x230 [ 727.352667][T17399] join_session_keyring+0x1b8/0x340 [ 727.352693][T17399] lookup_user_key+0x576/0x1300 [ 727.352722][T17399] ? __pfx_lookup_user_key+0x10/0x10 [ 727.352749][T17399] ? __pfx_do_futex+0x10/0x10 [ 727.352784][T17399] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 727.352816][T17399] ? __fget_files+0x20e/0x3c0 [ 727.352848][T17399] keyctl_keyring_move+0xb4/0x150 [ 727.352888][T17399] __do_sys_keyctl+0x171/0x590 [ 727.352912][T17399] do_syscall_64+0xcd/0x490 [ 727.352937][T17399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.352961][T17399] RIP: 0033:0x7f4773d8eb69 [ 727.352980][T17399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 727.353004][T17399] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 727.353027][T17399] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 727.353044][T17399] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e [ 727.353060][T17399] RBP: 00007f4773e11df1 R08: 0000000000000001 R09: 0000000000000000 [ 727.353075][T17399] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 727.353090][T17399] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 727.353120][T17399] [ 728.332885][T17404] ubi0: attaching mtd0 [ 728.426265][T17404] ubi0: scanning is finished [ 728.540345][T17404] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 728.894806][T17410] FAULT_INJECTION: forcing a failure. [ 728.894806][T17410] name failslab, interval 1, probability 0, space 0, times 0 [ 728.934105][T17404] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 729.151351][T17410] CPU: 1 UID: 0 PID: 17410 Comm: syz.2.4666 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 729.151397][T17410] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 729.151407][T17410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 729.151422][T17410] Call Trace: [ 729.151430][T17410] [ 729.151439][T17410] dump_stack_lvl+0x16c/0x1f0 [ 729.151482][T17410] should_fail_ex+0x512/0x640 [ 729.151506][T17410] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 729.151535][T17410] should_failslab+0xc2/0x120 [ 729.151567][T17410] __kmalloc_cache_noprof+0x6a/0x3e0 [ 729.151593][T17410] ? snd_timer_user_open+0x6b/0x180 [ 729.151625][T17410] ? __pfx_snd_timer_user_open+0x10/0x10 [ 729.151655][T17410] snd_timer_user_open+0x6b/0x180 [ 729.151685][T17410] snd_open+0x22a/0x4c0 [ 729.151709][T17410] ? __pfx_snd_open+0x10/0x10 [ 729.151732][T17410] chrdev_open+0x231/0x6a0 [ 729.151763][T17410] ? __pfx_apparmor_file_open+0x10/0x10 [ 729.151792][T17410] ? __pfx_chrdev_open+0x10/0x10 [ 729.151825][T17410] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 729.151859][T17410] do_dentry_open+0x97f/0x1530 [ 729.151889][T17410] ? __pfx_chrdev_open+0x10/0x10 [ 729.151927][T17410] vfs_open+0x82/0x3f0 [ 729.151967][T17410] path_openat+0x1de4/0x2cb0 [ 729.152005][T17410] ? __pfx_path_openat+0x10/0x10 [ 729.152042][T17410] do_filp_open+0x20b/0x470 [ 729.152071][T17410] ? __pfx_do_filp_open+0x10/0x10 [ 729.152121][T17410] ? alloc_fd+0x471/0x7d0 [ 729.152155][T17410] do_sys_openat2+0x11b/0x1d0 [ 729.152193][T17410] ? __pfx_do_sys_openat2+0x10/0x10 [ 729.152251][T17410] __x64_sys_openat+0x174/0x210 [ 729.152290][T17410] ? __pfx___x64_sys_openat+0x10/0x10 [ 729.152341][T17410] do_syscall_64+0xcd/0x490 [ 729.152379][T17410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.152405][T17410] RIP: 0033:0x7f016398eb69 [ 729.152425][T17410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.152449][T17410] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 729.152472][T17410] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 729.152489][T17410] RDX: 0000000000101440 RSI: 0000200000001cc0 RDI: ffffffffffffff9c [ 729.152505][T17410] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 729.152520][T17410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 729.152535][T17410] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 729.152565][T17410] [ 729.851984][T17416] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4669'. [ 730.446134][T17422] FAULT_INJECTION: forcing a failure. [ 730.446134][T17422] name failslab, interval 1, probability 0, space 0, times 0 [ 730.733715][T17422] CPU: 1 UID: 0 PID: 17422 Comm: syz.2.4671 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 730.733760][T17422] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 730.733770][T17422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 730.733795][T17422] Call Trace: [ 730.733803][T17422] [ 730.733812][T17422] dump_stack_lvl+0x16c/0x1f0 [ 730.733857][T17422] should_fail_ex+0x512/0x640 [ 730.733881][T17422] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 730.733919][T17422] should_failslab+0xc2/0x120 [ 730.733952][T17422] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 730.733987][T17422] ? devinet_init_net+0xc3/0x910 [ 730.734017][T17422] kmemdup_noprof+0x29/0x60 [ 730.734048][T17422] devinet_init_net+0xc3/0x910 [ 730.734075][T17422] ? __pfx_devinet_init_net+0x10/0x10 [ 730.734102][T17422] ops_init+0x1e2/0x5f0 [ 730.734128][T17422] setup_net+0x10f/0x380 [ 730.734147][T17422] ? lockdep_init_map_type+0x5c/0x280 [ 730.734182][T17422] ? __pfx_setup_net+0x10/0x10 [ 730.734206][T17422] ? debug_mutex_init+0x37/0x70 [ 730.734234][T17422] copy_net_ns+0x2a6/0x5f0 [ 730.734262][T17422] create_new_namespaces+0x3ea/0xa90 [ 730.734297][T17422] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 730.734329][T17422] ksys_unshare+0x45b/0xa40 [ 730.734365][T17422] ? __pfx_ksys_unshare+0x10/0x10 [ 730.734400][T17422] ? xfd_validate_state+0x61/0x180 [ 730.734447][T17422] __x64_sys_unshare+0x31/0x40 [ 730.734486][T17422] do_syscall_64+0xcd/0x490 [ 730.734510][T17422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.734535][T17422] RIP: 0033:0x7f016398eb69 [ 730.734554][T17422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 730.734579][T17422] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 730.734601][T17422] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 730.734618][T17422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 730.734632][T17422] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 730.734647][T17422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 730.734662][T17422] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 730.734692][T17422] [ 732.019867][T17437] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 732.455806][T17446] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4682'. [ 733.050300][T17463] kvm: kvm [17462]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0xffffffffffffffff [ 734.047901][T17485] FAULT_INJECTION: forcing a failure. [ 734.047901][T17485] name failslab, interval 1, probability 0, space 0, times 0 [ 734.094143][T17485] CPU: 1 UID: 0 PID: 17485 Comm: syz.0.4696 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 734.094188][T17485] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 734.094198][T17485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 734.094213][T17485] Call Trace: [ 734.094221][T17485] [ 734.094230][T17485] dump_stack_lvl+0x16c/0x1f0 [ 734.094272][T17485] should_fail_ex+0x512/0x640 [ 734.094297][T17485] ? __kmalloc_noprof+0xbf/0x510 [ 734.094328][T17485] ? nfc_llcp_build_tlv+0xfd/0x230 [ 734.094367][T17485] should_failslab+0xc2/0x120 [ 734.094400][T17485] __kmalloc_noprof+0xd2/0x510 [ 734.094435][T17485] nfc_llcp_build_tlv+0xfd/0x230 [ 734.094490][T17485] nfc_llcp_build_gb.isra.0+0x15e/0x400 [ 734.094528][T17485] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 734.094573][T17485] ? nfc_genl_dep_link_up+0x100/0x250 [ 734.094601][T17485] ? lockdep_init_map_type+0x5c/0x280 [ 734.094642][T17485] nfc_llcp_register_device+0x600/0xa60 [ 734.094683][T17485] nfc_register_device+0x6d/0x3c0 [ 734.094725][T17485] nci_register_device+0x7f1/0xb80 [ 734.094763][T17485] ? __pfx_nci_register_device+0x10/0x10 [ 734.094802][T17485] ? lockdep_init_map_type+0x5c/0x280 [ 734.094842][T17485] virtual_ncidev_open+0x141/0x220 [ 734.094877][T17485] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 734.094912][T17485] misc_open+0x35a/0x420 [ 734.094946][T17485] ? __pfx_misc_open+0x10/0x10 [ 734.094979][T17485] chrdev_open+0x231/0x6a0 [ 734.095010][T17485] ? __pfx_apparmor_file_open+0x10/0x10 [ 734.095038][T17485] ? __pfx_chrdev_open+0x10/0x10 [ 734.095072][T17485] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 734.095106][T17485] do_dentry_open+0x97f/0x1530 [ 734.095136][T17485] ? __pfx_chrdev_open+0x10/0x10 [ 734.095174][T17485] vfs_open+0x82/0x3f0 [ 734.095214][T17485] path_openat+0x1de4/0x2cb0 [ 734.095253][T17485] ? __pfx_path_openat+0x10/0x10 [ 734.095290][T17485] do_filp_open+0x20b/0x470 [ 734.095319][T17485] ? __pfx_do_filp_open+0x10/0x10 [ 734.095370][T17485] ? alloc_fd+0x471/0x7d0 [ 734.095404][T17485] do_sys_openat2+0x11b/0x1d0 [ 734.095442][T17485] ? __pfx_do_sys_openat2+0x10/0x10 [ 734.095498][T17485] __x64_sys_openat+0x174/0x210 [ 734.095538][T17485] ? __pfx___x64_sys_openat+0x10/0x10 [ 734.095589][T17485] do_syscall_64+0xcd/0x490 [ 734.095615][T17485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.095639][T17485] RIP: 0033:0x7f4773d8eb69 [ 734.095659][T17485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 734.095684][T17485] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 734.095707][T17485] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 734.095723][T17485] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 734.095739][T17485] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 734.095754][T17485] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000000 [ 734.095769][T17485] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 734.095800][T17485] [ 735.097718][T17491] FAULT_INJECTION: forcing a failure. [ 735.097718][T17491] name failslab, interval 1, probability 0, space 0, times 0 [ 735.228654][T17491] CPU: 1 UID: 0 PID: 17491 Comm: syz.1.4697 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 735.228706][T17491] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 735.228717][T17491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 735.228732][T17491] Call Trace: [ 735.228739][T17491] [ 735.228749][T17491] dump_stack_lvl+0x16c/0x1f0 [ 735.228792][T17491] should_fail_ex+0x512/0x640 [ 735.228817][T17491] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 735.228851][T17491] should_failslab+0xc2/0x120 [ 735.228884][T17491] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 735.228915][T17491] ? alloc_inode+0x61/0x240 [ 735.228954][T17491] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 735.228994][T17491] alloc_inode+0x61/0x240 [ 735.229030][T17491] new_inode+0x22/0x1c0 [ 735.229067][T17491] __debugfs_create_file+0x11c/0x6b0 [ 735.229101][T17491] debugfs_create_file_full+0x41/0x60 [ 735.229130][T17491] ref_tracker_dir_debugfs+0x19d/0x290 [ 735.229158][T17491] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 735.229213][T17491] ? lockdep_init_map_type+0x5c/0x280 [ 735.229253][T17491] preinit_net+0x47f/0x8f0 [ 735.229293][T17491] copy_net_ns+0x1da/0x5f0 [ 735.229322][T17491] create_new_namespaces+0x3ea/0xa90 [ 735.229358][T17491] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 735.229389][T17491] ksys_unshare+0x45b/0xa40 [ 735.229424][T17491] ? __pfx_ksys_unshare+0x10/0x10 [ 735.229459][T17491] ? xfd_validate_state+0x61/0x180 [ 735.229505][T17491] __x64_sys_unshare+0x31/0x40 [ 735.229539][T17491] do_syscall_64+0xcd/0x490 [ 735.229563][T17491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.229587][T17491] RIP: 0033:0x7fcf0198eb69 [ 735.229606][T17491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.229630][T17491] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 735.229654][T17491] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 735.229681][T17491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 735.229695][T17491] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 735.229710][T17491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 735.229725][T17491] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 735.229755][T17491] [ 735.229765][T17491] debugfs: out of free dentries, can not create file 'net_notrefcnt@ffff8880259d4a68' [ 735.951872][T17493] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4698'. [ 736.599558][T17504] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4704'. [ 737.405458][T17523] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4710'. [ 737.517916][T15177] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 739.175864][T17552] netlink: 'syz.1.4721': attribute type 33 has an invalid length. [ 739.185058][T17554] netlink: 'syz.0.4725': attribute type 19 has an invalid length. [ 739.203229][T17554] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4725'. [ 739.288640][T17552] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4721'. [ 739.423856][T17560] netlink: 'syz.0.4727': attribute type 28 has an invalid length. [ 739.443915][T17560] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4727'. [ 740.034682][T17572] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4731'. [ 742.670385][T17631] FAULT_INJECTION: forcing a failure. [ 742.670385][T17631] name failslab, interval 1, probability 0, space 0, times 0 [ 742.962307][T17631] CPU: 1 UID: 0 PID: 17631 Comm: syz.3.4756 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 742.962353][T17631] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 742.962363][T17631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 742.962377][T17631] Call Trace: [ 742.962385][T17631] [ 742.962394][T17631] dump_stack_lvl+0x16c/0x1f0 [ 742.962437][T17631] should_fail_ex+0x512/0x640 [ 742.962467][T17631] ? vmci_handle_arr_create+0x67/0x140 [ 742.962505][T17631] should_failslab+0xc2/0x120 [ 742.962538][T17631] __kmalloc_noprof+0xd2/0x510 [ 742.962566][T17631] ? lockdep_init_map_type+0x5c/0x280 [ 742.962602][T17631] ? lockdep_init_map_type+0x5c/0x280 [ 742.962638][T17631] vmci_handle_arr_create+0x67/0x140 [ 742.962678][T17631] vmci_ctx_create+0x22a/0x740 [ 742.962712][T17631] vmci_host_unlocked_ioctl+0x1ad8/0x2040 [ 742.962755][T17631] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 742.962798][T17631] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 742.962837][T17631] ? do_vfs_ioctl+0x128/0x14f0 [ 742.962877][T17631] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 742.962925][T17631] ? find_held_lock+0x2b/0x80 [ 742.962947][T17631] ? hook_file_ioctl_common+0x145/0x410 [ 742.962977][T17631] ? __fget_files+0x20e/0x3c0 [ 742.963019][T17631] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 742.963062][T17631] __x64_sys_ioctl+0x18e/0x210 [ 742.963104][T17631] do_syscall_64+0xcd/0x490 [ 742.963131][T17631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.963156][T17631] RIP: 0033:0x7f50f4d8eb69 [ 742.963174][T17631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 742.963199][T17631] RSP: 002b:00007f50f5c55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 742.963222][T17631] RAX: ffffffffffffffda RBX: 00007f50f4fb5fa0 RCX: 00007f50f4d8eb69 [ 742.963238][T17631] RDX: 0000000000000006 RSI: 00000000000007a0 RDI: 0000000000000005 [ 742.963253][T17631] RBP: 00007f50f4e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 742.963268][T17631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 742.963282][T17631] R13: 0000000000000000 R14: 00007f50f4fb5fa0 R15: 00007ffdbf77c3d8 [ 742.963312][T17631] [ 745.947571][ T31] audit: type=1800 audit(4294967411.620:21): pid=17681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4777" name="dbroot" dev="configfs" ino=58755 res=0 errno=0 [ 746.497731][T17692] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4781'. [ 746.597434][T17696] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4784'. [ 746.961174][T17702] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4788'. [ 749.759579][T17760] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4809'. [ 749.785283][T17760] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4809'. [ 752.945817][T17809] netlink: 74 bytes leftover after parsing attributes in process `syz.3.4830'. [ 756.108328][T17867] FAULT_INJECTION: forcing a failure. [ 756.108328][T17867] name fail_futex, interval 1, probability 0, space 0, times 0 [ 756.122362][T17867] CPU: 1 UID: 0 PID: 17867 Comm: syz.1.4854 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 756.122405][T17867] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 756.122415][T17867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 756.122430][T17867] Call Trace: [ 756.122438][T17867] [ 756.122447][T17867] dump_stack_lvl+0x16c/0x1f0 [ 756.122490][T17867] should_fail_ex+0x512/0x640 [ 756.122519][T17867] should_fail_futex+0x4c/0x60 [ 756.122548][T17867] futex_lock_pi_atomic+0x101/0xd50 [ 756.122612][T17867] futex_lock_pi+0x23f/0x7c0 [ 756.122653][T17867] ? __pfx_futex_lock_pi+0x10/0x10 [ 756.122688][T17867] ? __futex_wait+0x24c/0x2f0 [ 756.122728][T17867] ? lockdep_hardirqs_on+0x7c/0x110 [ 756.122785][T17867] ? futex_private_hash_put+0x18a/0x300 [ 756.122821][T17867] ? __pfx_futex_wake_mark+0x10/0x10 [ 756.122867][T17867] ? ksys_write+0x190/0x250 [ 756.122901][T17867] do_futex+0x11a/0x350 [ 756.122933][T17867] ? __pfx_do_futex+0x10/0x10 [ 756.122973][T17867] __x64_sys_futex+0x1e0/0x4c0 [ 756.123006][T17867] ? fput+0x9b/0xd0 [ 756.123039][T17867] ? __pfx___x64_sys_futex+0x10/0x10 [ 756.123071][T17867] ? xfd_validate_state+0x61/0x180 [ 756.123107][T17867] ? __pfx_ksys_write+0x10/0x10 [ 756.123144][T17867] do_syscall_64+0xcd/0x490 [ 756.123168][T17867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.123192][T17867] RIP: 0033:0x7fcf0198eb69 [ 756.123212][T17867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.123236][T17867] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 756.123259][T17867] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 756.123275][T17867] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 756.123289][T17867] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 000000008000fff2 [ 756.123304][T17867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.123318][T17867] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 756.123349][T17867] [ 756.345861][T17869] FAULT_INJECTION: forcing a failure. [ 756.345861][T17869] name failslab, interval 1, probability 0, space 0, times 0 [ 756.359226][T17869] CPU: 1 UID: 0 PID: 17869 Comm: syz.3.4855 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 756.359271][T17869] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 756.359281][T17869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 756.359297][T17869] Call Trace: [ 756.359304][T17869] [ 756.359313][T17869] dump_stack_lvl+0x16c/0x1f0 [ 756.359356][T17869] should_fail_ex+0x512/0x640 [ 756.359380][T17869] ? __kvmalloc_node_noprof+0x124/0x620 [ 756.359412][T17869] should_failslab+0xc2/0x120 [ 756.359444][T17869] __kvmalloc_node_noprof+0x137/0x620 [ 756.359471][T17869] ? lockdep_init_map_type+0x5c/0x280 [ 756.359546][T17869] ? open_substream+0x30c/0x990 [ 756.359585][T17869] ? open_substream+0x30c/0x990 [ 756.359616][T17869] ? open_substream+0x19a/0x990 [ 756.359647][T17869] open_substream+0x30c/0x990 [ 756.359678][T17869] ? lockdep_hardirqs_on+0x7c/0x110 [ 756.359719][T17869] rawmidi_open_priv+0x513/0x6e0 [ 756.359760][T17869] snd_rawmidi_open+0x4cc/0xbf0 [ 756.359800][T17869] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 756.359837][T17869] ? __pfx_default_wake_function+0x10/0x10 [ 756.359864][T17869] ? kobject_get_unless_zero+0x156/0x1e0 [ 756.359892][T17869] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 756.359925][T17869] snd_open+0x22a/0x4c0 [ 756.359949][T17869] ? __pfx_snd_open+0x10/0x10 [ 756.359973][T17869] chrdev_open+0x231/0x6a0 [ 756.360003][T17869] ? __pfx_apparmor_file_open+0x10/0x10 [ 756.360032][T17869] ? __pfx_chrdev_open+0x10/0x10 [ 756.360065][T17869] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 756.360099][T17869] do_dentry_open+0x97f/0x1530 [ 756.360129][T17869] ? __pfx_chrdev_open+0x10/0x10 [ 756.360167][T17869] vfs_open+0x82/0x3f0 [ 756.360207][T17869] path_openat+0x1de4/0x2cb0 [ 756.360246][T17869] ? __pfx_path_openat+0x10/0x10 [ 756.360283][T17869] do_filp_open+0x20b/0x470 [ 756.360312][T17869] ? __pfx_do_filp_open+0x10/0x10 [ 756.360363][T17869] ? alloc_fd+0x471/0x7d0 [ 756.360397][T17869] do_sys_openat2+0x11b/0x1d0 [ 756.360436][T17869] ? __pfx_do_sys_openat2+0x10/0x10 [ 756.360499][T17869] __x64_sys_openat+0x174/0x210 [ 756.360539][T17869] ? __pfx___x64_sys_openat+0x10/0x10 [ 756.360592][T17869] do_syscall_64+0xcd/0x490 [ 756.360617][T17869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.360642][T17869] RIP: 0033:0x7f50f4d8eb69 [ 756.360662][T17869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.360687][T17869] RSP: 002b:00007f50f5c55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 756.360711][T17869] RAX: ffffffffffffffda RBX: 00007f50f4fb5fa0 RCX: 00007f50f4d8eb69 [ 756.360729][T17869] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 756.360746][T17869] RBP: 00007f50f4e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 756.360762][T17869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.360778][T17869] R13: 0000000000000000 R14: 00007f50f4fb5fa0 R15: 00007ffdbf77c3d8 [ 756.360809][T17869] [ 756.778558][T17871] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4858'. [ 757.611687][T17884] FAULT_INJECTION: forcing a failure. [ 757.611687][T17884] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 757.643318][T17884] CPU: 1 UID: 0 PID: 17884 Comm: syz.1.4862 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 757.643388][T17884] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 757.643399][T17884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 757.643416][T17884] Call Trace: [ 757.643425][T17884] [ 757.643437][T17884] dump_stack_lvl+0x16c/0x1f0 [ 757.643485][T17884] should_fail_ex+0x512/0x640 [ 757.643677][T17884] should_fail_alloc_page+0xe7/0x130 [ 757.643731][T17884] prepare_alloc_pages+0x3c2/0x610 [ 757.643771][T17884] ? rcu_is_watching+0x12/0xc0 [ 757.643800][T17884] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 757.643841][T17884] ? stack_trace_save+0x8e/0xc0 [ 757.643869][T17884] ? __pfx_stack_trace_save+0x10/0x10 [ 757.643900][T17884] ? stack_depot_save_flags+0x29/0x9c0 [ 757.643929][T17884] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 757.643964][T17884] ? kasan_save_stack+0x42/0x60 [ 757.643991][T17884] ? kasan_save_stack+0x33/0x60 [ 757.644019][T17884] ? kasan_save_track+0x14/0x30 [ 757.644046][T17884] ? __kasan_kmalloc+0xaa/0xb0 [ 757.644072][T17884] ? mon_bin_open+0x1a8/0x4a0 [ 757.644112][T17884] ? do_sys_openat2+0x11b/0x1d0 [ 757.644150][T17884] ? __x64_sys_openat+0x174/0x210 [ 757.644188][T17884] ? do_syscall_64+0xcd/0x490 [ 757.644210][T17884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.644242][T17884] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 757.644286][T17884] ? policy_nodemask+0xea/0x4e0 [ 757.644323][T17884] alloc_pages_mpol+0x1fb/0x550 [ 757.644357][T17884] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 757.644399][T17884] alloc_pages_noprof+0x131/0x390 [ 757.644468][T17884] get_zeroed_page_noprof+0x18/0xb0 [ 757.644505][T17884] mon_alloc_buff+0xce/0x1b0 [ 757.644541][T17884] ? kasan_save_track+0x14/0x30 [ 757.644572][T17884] mon_bin_open+0x207/0x4a0 [ 757.644609][T17884] ? __pfx_mon_bin_open+0x10/0x10 [ 757.644646][T17884] chrdev_open+0x231/0x6a0 [ 757.644680][T17884] ? __pfx_apparmor_file_open+0x10/0x10 [ 757.644709][T17884] ? __pfx_chrdev_open+0x10/0x10 [ 757.644743][T17884] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 757.644787][T17884] do_dentry_open+0x97f/0x1530 [ 757.644818][T17884] ? __pfx_chrdev_open+0x10/0x10 [ 757.644857][T17884] vfs_open+0x82/0x3f0 [ 757.644898][T17884] path_openat+0x1de4/0x2cb0 [ 757.644938][T17884] ? __pfx_path_openat+0x10/0x10 [ 757.644977][T17884] do_filp_open+0x20b/0x470 [ 757.645007][T17884] ? __pfx_do_filp_open+0x10/0x10 [ 757.645058][T17884] ? alloc_fd+0x471/0x7d0 [ 757.645093][T17884] do_sys_openat2+0x11b/0x1d0 [ 757.645131][T17884] ? __pfx_do_sys_openat2+0x10/0x10 [ 757.645182][T17884] __x64_sys_openat+0x174/0x210 [ 757.645222][T17884] ? __pfx___x64_sys_openat+0x10/0x10 [ 757.645274][T17884] do_syscall_64+0xcd/0x490 [ 757.645299][T17884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.645330][T17884] RIP: 0033:0x7fcf0198eb69 [ 757.645354][T17884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.645380][T17884] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 757.645405][T17884] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 757.645431][T17884] RDX: 0000000000000640 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 757.645447][T17884] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 757.645463][T17884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 757.645478][T17884] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 757.645510][T17884] [ 758.558927][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 758.568979][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 758.666600][T15177] Bluetooth: hci3: unexpected event 0x05 length: 440 > 4 [ 758.698160][T17891] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4863'. [ 758.738118][T17891] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4863'. [ 759.118031][T17878] Process accounting paused [ 759.302078][T17900] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4869'. [ 760.346736][ T2981] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 760.720056][ T2981] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 761.315537][ T2981] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 761.650468][T17934] netlink: 'syz.0.4882': attribute type 25 has an invalid length. [ 761.884900][ T2981] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.555606][T17941] zswap: compressor 000 not available [ 762.601992][ T5186] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 762.615895][ T5186] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 762.625142][ T5186] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 762.634768][ T5186] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 762.645608][ T5186] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 763.442351][T17965] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4892'. [ 763.483466][ T2981] bridge_slave_1: left allmulticast mode [ 763.522292][ T2981] bridge_slave_1: left promiscuous mode [ 763.572820][ T2981] bridge0: port 2(bridge_slave_1) entered disabled state syzkaller syzkaller login: [ 763.711538][ T2981] bridge_slave_0: left allmulticast mode [ 763.751836][ T2981] bridge_slave_0: left promiscuous mode [ 763.776403][ T2981] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.847819][T15177] Bluetooth: hci1: command tx timeout [ 765.707619][ T2981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 765.751682][ T2981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 765.785393][ T2981] bond0 (unregistering): Released all slaves [ 766.062893][T17986] FAULT_INJECTION: forcing a failure. [ 766.062893][T17986] name fail_futex, interval 1, probability 0, space 0, times 0 [ 766.079069][T17986] CPU: 1 UID: 0 PID: 17986 Comm: syz.0.4896 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 766.079115][T17986] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 766.079126][T17986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 766.079141][T17986] Call Trace: [ 766.079151][T17986] [ 766.079161][T17986] dump_stack_lvl+0x16c/0x1f0 [ 766.079204][T17986] should_fail_ex+0x512/0x640 [ 766.079235][T17986] get_futex_key+0x1d0/0x1560 [ 766.079270][T17986] ? __pfx_get_futex_key+0x10/0x10 [ 766.079310][T17986] futex_wake+0xea/0x530 [ 766.079348][T17986] ? rcu_is_watching+0x12/0xc0 [ 766.079375][T17986] ? __pfx_futex_wake+0x10/0x10 [ 766.079415][T17986] ? kmem_cache_free+0x2d1/0x4d0 [ 766.079442][T17986] ? fd_install+0x225/0x750 [ 766.079467][T17986] ? putname+0x154/0x1a0 [ 766.079506][T17986] do_futex+0x1e3/0x350 [ 766.079538][T17986] ? __pfx_do_futex+0x10/0x10 [ 766.079578][T17986] __x64_sys_futex+0x1e0/0x4c0 [ 766.079612][T17986] ? __x64_sys_openat+0x174/0x210 [ 766.079652][T17986] ? __pfx___x64_sys_futex+0x10/0x10 [ 766.079704][T17986] do_syscall_64+0xcd/0x490 [ 766.079729][T17986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.079755][T17986] RIP: 0033:0x7f4773d8eb69 [ 766.079774][T17986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 766.079804][T17986] RSP: 002b:00007f4774b9d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 766.079828][T17986] RAX: ffffffffffffffda RBX: 00007f4773fb5fa8 RCX: 00007f4773d8eb69 [ 766.079845][T17986] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4773fb5fac [ 766.079861][T17986] RBP: 00007f4773fb5fa0 R08: 00007f4774b9e000 R09: 0000000000000000 [ 766.079876][T17986] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f4773fb5fac [ 766.079892][T17986] R13: 0000000000000000 R14: 00007fffe1ee0550 R15: 00007fffe1ee0638 [ 766.079937][T17986] [ 766.931128][T15177] Bluetooth: hci1: command tx timeout [ 767.404235][ T2981] hsr_slave_0: left promiscuous mode [ 767.436110][ T2981] hsr_slave_1: left promiscuous mode [ 767.460884][ T2981] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 767.489609][ T2981] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 767.531997][ T2981] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 767.562778][ T2981] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 767.666512][ T2981] veth1_macvtap: left promiscuous mode [ 767.702806][ T2981] veth1_vlan: left promiscuous mode [ 767.728660][ T2981] veth0_vlan: left promiscuous mode [ 768.797429][T18008] Falling back ldisc for ptm0. [ 768.998915][T15177] Bluetooth: hci1: command tx timeout [ 769.303408][T18026] Loading of unsigned module is rejected [ 769.653070][T18031] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4908'. [ 769.693210][T18031] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4908'. [ 770.357438][ T2981] team0 (unregistering): Port device team_slave_1 removed [ 770.471289][ T2981] team0 (unregistering): Port device team_slave_0 removed [ 771.078687][T15177] Bluetooth: hci1: command tx timeout [ 771.934207][T18055] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4919'. [ 771.952282][T18036] FAULT_INJECTION: forcing a failure. [ 771.952282][T18036] name failslab, interval 1, probability 0, space 0, times 0 [ 771.979033][T18036] CPU: 1 UID: 0 PID: 18036 Comm: syz.0.4910 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 771.979079][T18036] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 771.979090][T18036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 771.979108][T18036] Call Trace: [ 771.979118][T18036] [ 771.979128][T18036] dump_stack_lvl+0x16c/0x1f0 [ 771.979180][T18036] should_fail_ex+0x512/0x640 [ 771.979205][T18036] ? __kmalloc_noprof+0xbf/0x510 [ 771.979237][T18036] ? __register_sysctl_table+0xb3/0x1900 [ 771.979274][T18036] should_failslab+0xc2/0x120 [ 771.979307][T18036] __kmalloc_noprof+0xd2/0x510 [ 771.979344][T18036] __register_sysctl_table+0xb3/0x1900 [ 771.979382][T18036] ? is_module_address+0x5f/0xf0 [ 771.979424][T18036] ? __pfx___register_sysctl_table+0x10/0x10 [ 771.979461][T18036] ? is_module_address+0x69/0xf0 [ 771.979496][T18036] ? register_net_sysctl_sz+0x228/0x3e0 [ 771.979523][T18036] ? __asan_memcpy+0x3c/0x60 [ 771.979551][T18036] sysctl_route_net_init+0x15e/0x2c0 [ 771.979580][T18036] ? __pfx_sysctl_route_net_init+0x10/0x10 [ 771.979607][T18036] ops_init+0x1e2/0x5f0 [ 771.979634][T18036] setup_net+0x10f/0x380 [ 771.979655][T18036] ? lockdep_init_map_type+0x5c/0x280 [ 771.979691][T18036] ? __pfx_setup_net+0x10/0x10 [ 771.979715][T18036] ? debug_mutex_init+0x37/0x70 [ 771.979742][T18036] copy_net_ns+0x2a6/0x5f0 [ 771.979772][T18036] create_new_namespaces+0x3ea/0xa90 [ 771.979808][T18036] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 771.979840][T18036] ksys_unshare+0x45b/0xa40 [ 771.979876][T18036] ? __pfx_ksys_unshare+0x10/0x10 [ 771.979912][T18036] ? xfd_validate_state+0x61/0x180 [ 771.979958][T18036] __x64_sys_unshare+0x31/0x40 [ 771.979992][T18036] do_syscall_64+0xcd/0x490 [ 771.980017][T18036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.980042][T18036] RIP: 0033:0x7f4773d8eb69 [ 771.980062][T18036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.980086][T18036] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 771.980110][T18036] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 771.980127][T18036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 771.980145][T18036] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 771.980162][T18036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.980184][T18036] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 771.980215][T18036] [ 772.241655][ C1] vkms_vblank_simulate: vblank timer overrun [ 773.491681][T17949] chnl_net:caif_netlink_parms(): no params data found [ 774.149390][T18096] netlink: 'syz.0.4933': attribute type 4 has an invalid length. [ 774.282579][T15177] Bluetooth: hci0: SCO packet too small [ 774.515433][T17949] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.583326][T17949] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.646597][T17949] bridge_slave_0: entered allmulticast mode [ 774.709445][T17949] bridge_slave_0: entered promiscuous mode [ 774.765520][T17949] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.827849][T17949] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.866524][T18099] zswap: compressor not available [ 774.938578][T17949] bridge_slave_1: entered allmulticast mode [ 774.997753][T18113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 775.042984][T17949] bridge_slave_1: entered promiscuous mode [ 775.297588][T18121] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4940'. [ 775.766964][T17949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 776.009297][T17949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 776.284653][T18137] netlink: 17 bytes leftover after parsing attributes in process `syz.0.4947'. [ 776.326224][T17949] team0: Port device team_slave_0 added [ 776.469530][T17949] team0: Port device team_slave_1 added [ 776.788886][T17949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 776.873596][T17949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.041293][T17949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 777.084467][T17949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 777.102043][T17949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 777.187850][T17949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 777.698094][T17949] hsr_slave_0: entered promiscuous mode [ 777.716765][T17949] hsr_slave_1: entered promiscuous mode [ 778.139353][T18167] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4956'. [ 778.331486][T18169] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4957'. [ 778.868639][T18183] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 779.126071][ T31] audit: type=1800 audit(4294967444.800:22): pid=18189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4962" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 779.319294][T17949] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 779.397740][T17949] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 779.464160][T17949] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 779.576590][T18195] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4964'. [ 779.628947][T17949] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 779.886097][T18200] mkiss: ax0: crc mode is auto. [ 780.613067][T17949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.737665][T17949] 8021q: adding VLAN 0 to HW filter on device team0 [ 780.816718][ T2981] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.823924][ T2981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.929007][ T2981] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.936231][ T2981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 782.523220][T17949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 782.675799][T18259] netlink: 'syz.0.4983': attribute type 4 has an invalid length. [ 782.984027][T18268] FAULT_INJECTION: forcing a failure. [ 782.984027][T18268] name failslab, interval 1, probability 0, space 0, times 0 [ 783.000531][T18257] FAULT_INJECTION: forcing a failure. [ 783.000531][T18257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 783.029679][T18268] CPU: 1 UID: 0 PID: 18268 Comm: syz.0.4985 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 783.029727][T18268] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 783.029737][T18268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 783.029753][T18268] Call Trace: [ 783.029761][T18268] [ 783.029770][T18268] dump_stack_lvl+0x16c/0x1f0 [ 783.029815][T18268] should_fail_ex+0x512/0x640 [ 783.029840][T18268] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 783.029870][T18268] should_failslab+0xc2/0x120 [ 783.029905][T18268] __kmalloc_cache_noprof+0x6a/0x3e0 [ 783.029932][T18268] ? syslog_print_all+0xeb/0x400 [ 783.029972][T18268] syslog_print_all+0xeb/0x400 [ 783.030011][T18268] ? __pfx_syslog_print_all+0x10/0x10 [ 783.030063][T18268] ? do_futex+0x122/0x350 [ 783.030109][T18268] do_syslog+0x32c/0x6c0 [ 783.030149][T18268] ? __pfx_do_syslog+0x10/0x10 [ 783.030201][T18268] ? xfd_validate_state+0x61/0x180 [ 783.030248][T18268] __x64_sys_syslog+0x74/0xb0 [ 783.030288][T18268] ? lockdep_hardirqs_on+0x7c/0x110 [ 783.030327][T18268] do_syscall_64+0xcd/0x490 [ 783.030352][T18268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.030379][T18268] RIP: 0033:0x7f4773d8eb69 [ 783.030398][T18268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.030424][T18268] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000067 [ 783.030447][T18268] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 783.030464][T18268] RDX: 0000000000000001 RSI: 0000200000000380 RDI: 0000000000000003 [ 783.030479][T18268] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 783.030494][T18268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 783.030509][T18268] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 783.030539][T18268] [ 783.522632][T18257] CPU: 1 UID: 0 PID: 18257 Comm: syz.1.4981 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 783.522678][T18257] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 783.522689][T18257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 783.522704][T18257] Call Trace: [ 783.522713][T18257] [ 783.522722][T18257] dump_stack_lvl+0x16c/0x1f0 [ 783.522765][T18257] should_fail_ex+0x512/0x640 [ 783.522795][T18257] _copy_from_user+0x2e/0xd0 [ 783.522826][T18257] snd_ctl_ioctl+0x4ed/0xf80 [ 783.522868][T18257] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 783.522919][T18257] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 783.522961][T18257] __x64_sys_ioctl+0x18e/0x210 [ 783.523004][T18257] do_syscall_64+0xcd/0x490 [ 783.523028][T18257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.523054][T18257] RIP: 0033:0x7fcf0198eb69 [ 783.523073][T18257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.523097][T18257] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 783.523131][T18257] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 783.523148][T18257] RDX: 0000000000000000 RSI: 00000000c0405519 RDI: 0000000000000003 [ 783.523164][T18257] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 783.523179][T18257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 783.523194][T18257] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 783.523224][T18257] [ 785.283131][T17949] veth0_vlan: entered promiscuous mode [ 785.433063][T17949] veth1_vlan: entered promiscuous mode [ 785.661522][T17949] veth0_macvtap: entered promiscuous mode [ 785.716574][T17949] veth1_macvtap: entered promiscuous mode [ 785.736511][T18309] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4996'. [ 785.893580][T17949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 785.979276][T17949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 786.074598][T16044] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.129788][T16044] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.189989][T16044] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.242858][T16044] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 787.079254][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 787.179613][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.378147][T18336] FAULT_INJECTION: forcing a failure. [ 787.378147][T18336] name failslab, interval 1, probability 0, space 0, times 0 [ 787.415233][T18336] CPU: 1 UID: 0 PID: 18336 Comm: syz.0.5001 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 787.415279][T18336] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 787.415290][T18336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 787.415306][T18336] Call Trace: [ 787.415314][T18336] [ 787.415324][T18336] dump_stack_lvl+0x16c/0x1f0 [ 787.415368][T18336] should_fail_ex+0x512/0x640 [ 787.415394][T18336] ? __kmalloc_noprof+0xbf/0x510 [ 787.415425][T18336] ? vb2_core_allocated_buffers_storage+0x184/0x220 [ 787.415455][T18336] should_failslab+0xc2/0x120 [ 787.415489][T18336] __kmalloc_noprof+0xd2/0x510 [ 787.415526][T18336] vb2_core_allocated_buffers_storage+0x184/0x220 [ 787.415558][T18336] vb2_core_reqbufs+0x398/0xfe0 [ 787.415594][T18336] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 787.415640][T18336] __vb2_init_fileio+0x3f1/0x1100 [ 787.415670][T18336] ? aa_file_perm+0x495/0xf70 [ 787.415702][T18336] ? __pfx___futex_wait+0x10/0x10 [ 787.415746][T18336] __vb2_perform_fileio+0x9c2/0x1660 [ 787.415785][T18336] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 787.415825][T18336] vb2_fop_write+0x207/0x3f0 [ 787.415858][T18336] v4l2_write+0x229/0x360 [ 787.415895][T18336] ? __pfx_v4l2_write+0x10/0x10 [ 787.415930][T18336] vfs_write+0x29d/0x1150 [ 787.415966][T18336] ? __pfx_vfs_write+0x10/0x10 [ 787.415993][T18336] ? find_held_lock+0x2b/0x80 [ 787.416026][T18336] ? __fget_files+0x204/0x3c0 [ 787.416058][T18336] ? __fget_files+0x20e/0x3c0 [ 787.416093][T18336] ksys_write+0x12a/0x250 [ 787.416121][T18336] ? __pfx_ksys_write+0x10/0x10 [ 787.416160][T18336] do_syscall_64+0xcd/0x490 [ 787.416188][T18336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.416213][T18336] RIP: 0033:0x7f4773d8eb69 [ 787.416234][T18336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 787.416259][T18336] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 787.416282][T18336] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 787.416299][T18336] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005 [ 787.416315][T18336] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 787.416330][T18336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 787.416345][T18336] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 787.416377][T18336] [ 787.933705][T16044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 788.013439][T16044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 789.207137][T18362] Process accounting resumed [ 789.292399][T18367] FAULT_INJECTION: forcing a failure. [ 789.292399][T18367] name failslab, interval 1, probability 0, space 0, times 0 [ 789.470171][T18367] CPU: 1 UID: 0 PID: 18367 Comm: syz.1.5009 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 789.470215][T18367] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 789.470227][T18367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 789.470243][T18367] Call Trace: [ 789.470251][T18367] [ 789.470261][T18367] dump_stack_lvl+0x16c/0x1f0 [ 789.470305][T18367] should_fail_ex+0x512/0x640 [ 789.470331][T18367] ? __kmalloc_noprof+0xbf/0x510 [ 789.470363][T18367] ? copy_splice_read+0x1a8/0xba0 [ 789.470387][T18367] should_failslab+0xc2/0x120 [ 789.470420][T18367] __kmalloc_noprof+0xd2/0x510 [ 789.470456][T18367] copy_splice_read+0x1a8/0xba0 [ 789.470480][T18367] ? __pfx___might_resched+0x10/0x10 [ 789.470510][T18367] ? trace_contention_end+0xdd/0x130 [ 789.470545][T18367] ? __pfx_copy_splice_read+0x10/0x10 [ 789.470568][T18367] ? __mutex_lock+0x1c4/0x10b0 [ 789.470600][T18367] ? futex_private_hash_put+0x176/0x300 [ 789.470645][T18367] sock_splice_read+0xe9/0x110 [ 789.470671][T18367] ? __pfx_sock_splice_read+0x10/0x10 [ 789.470695][T18367] do_splice_read+0x285/0x370 [ 789.470722][T18367] splice_file_to_pipe+0x109/0x120 [ 789.470753][T18367] do_sendfile+0x400/0xe50 [ 789.470787][T18367] ? __pfx_do_sendfile+0x10/0x10 [ 789.470820][T18367] ? __x64_sys_futex+0x1e0/0x4c0 [ 789.470851][T18367] ? __x64_sys_futex+0x1e9/0x4c0 [ 789.470886][T18367] __x64_sys_sendfile64+0x1d8/0x220 [ 789.470923][T18367] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 789.470967][T18367] do_syscall_64+0xcd/0x490 [ 789.470992][T18367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.471018][T18367] RIP: 0033:0x7fcf0198eb69 [ 789.471036][T18367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 789.471061][T18367] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 789.471084][T18367] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 789.471101][T18367] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000002 [ 789.471116][T18367] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 789.471132][T18367] R10: 000000000000c3e0 R11: 0000000000000246 R12: 0000000000000000 [ 789.471147][T18367] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 789.471178][T18367] [ 789.878007][T18377] netlink: 122 bytes leftover after parsing attributes in process `syz.1.5013'. [ 792.370196][T18405] netlink: 74 bytes leftover after parsing attributes in process `syz.1.5023'. [ 792.839913][T18408] FAULT_INJECTION: forcing a failure. [ 792.839913][T18408] name failslab, interval 1, probability 0, space 0, times 0 [ 793.067898][T18408] CPU: 1 UID: 0 PID: 18408 Comm: syz.2.5024 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 793.067945][T18408] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 793.067956][T18408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.067984][T18408] Call Trace: [ 793.067996][T18408] [ 793.068006][T18408] dump_stack_lvl+0x16c/0x1f0 [ 793.068051][T18408] should_fail_ex+0x512/0x640 [ 793.068076][T18408] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 793.068106][T18408] should_failslab+0xc2/0x120 [ 793.068138][T18408] __kmalloc_cache_noprof+0x6a/0x3e0 [ 793.068162][T18408] ? kasan_save_stack+0x42/0x60 [ 793.068188][T18408] ? kasan_save_stack+0x33/0x60 [ 793.068221][T18408] ? snd_seq_queue_alloc+0x56/0x5a0 [ 793.068258][T18408] snd_seq_queue_alloc+0x56/0x5a0 [ 793.068300][T18408] snd_seq_ioctl_create_queue+0xa9/0x380 [ 793.068343][T18408] snd_seq_kernel_client_ctl+0x10a/0x1c0 [ 793.068375][T18408] alloc_seq_queue+0xda/0x180 [ 793.068401][T18408] ? __pfx_alloc_seq_queue+0x10/0x10 [ 793.068446][T18408] ? mark_held_locks+0x49/0x80 [ 793.068480][T18408] ? _raw_spin_unlock_irq+0x23/0x50 [ 793.068518][T18408] snd_seq_oss_open+0x38c/0xa20 [ 793.068551][T18408] odev_open+0x6f/0x90 [ 793.068573][T18408] ? __pfx_odev_open+0x10/0x10 [ 793.068596][T18408] soundcore_open+0x409/0x580 [ 793.068622][T18408] ? __pfx_soundcore_open+0x10/0x10 [ 793.068645][T18408] chrdev_open+0x231/0x6a0 [ 793.068677][T18408] ? __pfx_apparmor_file_open+0x10/0x10 [ 793.068706][T18408] ? __pfx_chrdev_open+0x10/0x10 [ 793.068740][T18408] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 793.068774][T18408] do_dentry_open+0x97f/0x1530 [ 793.068806][T18408] ? __pfx_chrdev_open+0x10/0x10 [ 793.068844][T18408] vfs_open+0x82/0x3f0 [ 793.068885][T18408] path_openat+0x1de4/0x2cb0 [ 793.068924][T18408] ? __pfx_path_openat+0x10/0x10 [ 793.068962][T18408] do_filp_open+0x20b/0x470 [ 793.068992][T18408] ? __pfx_do_filp_open+0x10/0x10 [ 793.069044][T18408] ? alloc_fd+0x471/0x7d0 [ 793.069079][T18408] do_sys_openat2+0x11b/0x1d0 [ 793.069117][T18408] ? __pfx_do_sys_openat2+0x10/0x10 [ 793.069157][T18408] ? do_fcntl+0x1eb/0x15a0 [ 793.069205][T18408] __x64_sys_openat+0x174/0x210 [ 793.069244][T18408] ? __pfx___x64_sys_openat+0x10/0x10 [ 793.069297][T18408] do_syscall_64+0xcd/0x490 [ 793.069322][T18408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.069348][T18408] RIP: 0033:0x7f016398eb69 [ 793.069368][T18408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.069392][T18408] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 793.069416][T18408] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 793.069433][T18408] RDX: 0000000000143900 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 793.069449][T18408] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 793.069465][T18408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.069480][T18408] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 793.069511][T18408] [ 793.712375][T18416] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5025'. [ 793.941245][T18421] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5029'. [ 793.953687][T18416] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5025'. [ 794.691389][T18431] FAULT_INJECTION: forcing a failure. [ 794.691389][T18431] name failslab, interval 1, probability 0, space 0, times 0 [ 794.822405][T18431] CPU: 1 UID: 0 PID: 18431 Comm: syz.1.5033 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 794.822453][T18431] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 794.822464][T18431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 794.822480][T18431] Call Trace: [ 794.822488][T18431] [ 794.822497][T18431] dump_stack_lvl+0x16c/0x1f0 [ 794.822541][T18431] should_fail_ex+0x512/0x640 [ 794.822566][T18431] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 794.822600][T18431] should_failslab+0xc2/0x120 [ 794.822634][T18431] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 794.822665][T18431] ? dup_fd+0x4e/0xb90 [ 794.822692][T18431] ? do_futex+0x122/0x350 [ 794.822725][T18431] dup_fd+0x4e/0xb90 [ 794.822750][T18431] ? _raw_spin_unlock+0x28/0x50 [ 794.822783][T18431] ? do_set_mempolicy+0x220/0x480 [ 794.822824][T18431] __do_sys_close_range+0x4ca/0x730 [ 794.822861][T18431] ? __pfx___do_sys_close_range+0x10/0x10 [ 794.822900][T18431] do_syscall_64+0xcd/0x490 [ 794.822925][T18431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.822950][T18431] RIP: 0033:0x7fcf0198eb69 [ 794.822969][T18431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 794.822994][T18431] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 794.823018][T18431] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 794.823034][T18431] RDX: 0000000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 794.823056][T18431] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 794.823072][T18431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.823087][T18431] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 794.823119][T18431] [ 795.670436][T18437] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5035'. [ 796.408575][T18446] FAULT_INJECTION: forcing a failure. [ 796.408575][T18446] name failslab, interval 1, probability 0, space 0, times 0 [ 796.593018][T18446] CPU: 1 UID: 0 PID: 18446 Comm: syz.1.5038 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 796.593065][T18446] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 796.593075][T18446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.593091][T18446] Call Trace: [ 796.593100][T18446] [ 796.593110][T18446] dump_stack_lvl+0x16c/0x1f0 [ 796.593154][T18446] should_fail_ex+0x512/0x640 [ 796.593179][T18446] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 796.593213][T18446] should_failslab+0xc2/0x120 [ 796.593248][T18446] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 796.593276][T18446] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.593303][T18446] ? fuse_request_alloc+0x22/0x200 [ 796.593347][T18446] fuse_request_alloc+0x22/0x200 [ 796.593388][T18446] fuse_get_req+0x748/0xfd0 [ 796.593419][T18446] ? __pfx_fuse_get_req+0x10/0x10 [ 796.593458][T18446] fuse_simple_background+0x464/0x5f0 [ 796.593483][T18446] ? kasan_save_track+0x14/0x30 [ 796.593515][T18446] cuse_channel_open+0x561/0x7f0 [ 796.593546][T18446] ? __pfx_cuse_channel_open+0x10/0x10 [ 796.593580][T18446] misc_open+0x35a/0x420 [ 796.593615][T18446] ? __pfx_misc_open+0x10/0x10 [ 796.593649][T18446] chrdev_open+0x231/0x6a0 [ 796.593680][T18446] ? __pfx_apparmor_file_open+0x10/0x10 [ 796.593710][T18446] ? __pfx_chrdev_open+0x10/0x10 [ 796.593744][T18446] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 796.593779][T18446] do_dentry_open+0x97f/0x1530 [ 796.593810][T18446] ? __pfx_chrdev_open+0x10/0x10 [ 796.593848][T18446] vfs_open+0x82/0x3f0 [ 796.593889][T18446] path_openat+0x1de4/0x2cb0 [ 796.593928][T18446] ? __pfx_path_openat+0x10/0x10 [ 796.593974][T18446] do_filp_open+0x20b/0x470 [ 796.594004][T18446] ? __pfx_do_filp_open+0x10/0x10 [ 796.594055][T18446] ? alloc_fd+0x471/0x7d0 [ 796.594091][T18446] do_sys_openat2+0x11b/0x1d0 [ 796.594130][T18446] ? __pfx_do_sys_openat2+0x10/0x10 [ 796.594181][T18446] __x64_sys_openat+0x174/0x210 [ 796.594221][T18446] ? __pfx___x64_sys_openat+0x10/0x10 [ 796.594273][T18446] do_syscall_64+0xcd/0x490 [ 796.594299][T18446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.594324][T18446] RIP: 0033:0x7fcf0198eb69 [ 796.594344][T18446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.594370][T18446] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 796.594393][T18446] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 796.594411][T18446] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 796.594427][T18446] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 796.594443][T18446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.594458][T18446] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 796.594489][T18446] [ 797.778316][T18466] FAULT_INJECTION: forcing a failure. [ 797.778316][T18466] name failslab, interval 1, probability 0, space 0, times 0 [ 797.872380][T18466] CPU: 1 UID: 0 PID: 18466 Comm: syz.0.5046 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 797.872427][T18466] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 797.872437][T18466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 797.872452][T18466] Call Trace: [ 797.872461][T18466] [ 797.872470][T18466] dump_stack_lvl+0x16c/0x1f0 [ 797.872514][T18466] should_fail_ex+0x512/0x640 [ 797.872540][T18466] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 797.872569][T18466] should_failslab+0xc2/0x120 [ 797.872602][T18466] __kmalloc_cache_noprof+0x6a/0x3e0 [ 797.872628][T18466] ? find_held_lock+0x2b/0x80 [ 797.872651][T18466] ? audit_log_d_path+0xe7/0x200 [ 797.872689][T18466] audit_log_d_path+0xe7/0x200 [ 797.872724][T18466] audit_log_d_path_exe+0x46/0x70 [ 797.872759][T18466] audit_log_task+0x31d/0x3f0 [ 797.872798][T18466] ? __pfx_audit_log_task+0x10/0x10 [ 797.872844][T18466] ? arch_do_signal_or_restart+0x211/0x790 [ 797.872885][T18466] audit_seccomp+0x79/0x1f0 [ 797.872916][T18466] __secure_computing+0x2bf/0x320 [ 797.872948][T18466] syscall_trace_enter+0x89/0x240 [ 797.872990][T18466] do_syscall_64+0x347/0x490 [ 797.873015][T18466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.873041][T18466] RIP: 0033:0x7f4773d8eb69 [ 797.873060][T18466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.873087][T18466] RSP: 002b:00007f4774b9c9f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 797.873111][T18466] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f4773d8eb69 [ 797.873127][T18466] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 797.873143][T18466] RBP: 00007f4774b9d040 R08: 00007f4774b9e000 R09: 000000000000000b [ 797.873158][T18466] R10: 0000000000024b68 R11: 0000000000000246 R12: 0000000000000000 [ 797.873173][T18466] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 797.873203][T18466] [ 797.878696][ T31] audit: type=1326 audit(4294968486.450:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18465 comm="syz.0.5046" exe="" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4773d8eb69 code=0x0 [ 798.648907][T18473] FAULT_INJECTION: forcing a failure. [ 798.648907][T18473] name failslab, interval 1, probability 0, space 0, times 0 [ 798.826019][T18473] CPU: 1 UID: 0 PID: 18473 Comm: syz.4.5048 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 798.826066][T18473] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 798.826076][T18473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 798.826091][T18473] Call Trace: [ 798.826100][T18473] [ 798.826109][T18473] dump_stack_lvl+0x16c/0x1f0 [ 798.826153][T18473] should_fail_ex+0x512/0x640 [ 798.826183][T18473] should_failslab+0xc2/0x120 [ 798.826217][T18473] __kmalloc_cache_noprof+0x6a/0x3e0 [ 798.826243][T18473] ? __pfx_sctp_get_port_local+0x10/0x10 [ 798.826279][T18473] ? sctp_bind_addr_match+0x193/0x300 [ 798.826309][T18473] ? sctp_add_bind_addr+0xae/0x3f0 [ 798.826344][T18473] sctp_add_bind_addr+0xae/0x3f0 [ 798.826380][T18473] sctp_do_bind+0x2d6/0x700 [ 798.826409][T18473] sctp_connect_new_asoc+0x5e7/0x770 [ 798.826437][T18473] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 798.826466][T18473] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 798.826512][T18473] __sctp_connect+0x3f3/0xc60 [ 798.826541][T18473] ? do_raw_spin_lock+0x12c/0x2b0 [ 798.826581][T18473] ? __pfx___sctp_connect+0x10/0x10 [ 798.826609][T18473] ? __pfx_sctp_inet_connect+0x10/0x10 [ 798.826636][T18473] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 798.826676][T18473] ? __pfx_sctp_inet_connect+0x10/0x10 [ 798.826708][T18473] sctp_inet_connect+0x15f/0x200 [ 798.826736][T18473] __sys_connect_file+0x141/0x1a0 [ 798.826775][T18473] __sys_connect+0x13b/0x160 [ 798.826808][T18473] ? __pfx___sys_connect+0x10/0x10 [ 798.826852][T18473] ? xfd_validate_state+0x61/0x180 [ 798.826898][T18473] __x64_sys_connect+0x72/0xb0 [ 798.826931][T18473] ? lockdep_hardirqs_on+0x7c/0x110 [ 798.826968][T18473] do_syscall_64+0xcd/0x490 [ 798.826993][T18473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.827018][T18473] RIP: 0033:0x7f3b04d8eb69 [ 798.827037][T18473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 798.827062][T18473] RSP: 002b:00007f3b05c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 798.827086][T18473] RAX: ffffffffffffffda RBX: 00007f3b04fb5fa0 RCX: 00007f3b04d8eb69 [ 798.827103][T18473] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 798.827119][T18473] RBP: 00007f3b04e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 798.827135][T18473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.827150][T18473] R13: 0000000000000000 R14: 00007f3b04fb5fa0 R15: 00007ffdb7002de8 [ 798.827180][T18473] [ 801.071876][T18502] netlink: 338 bytes leftover after parsing attributes in process `syz.4.5055'. [ 801.149900][T18503] netlink: 'syz.1.5057': attribute type 5 has an invalid length. [ 801.190618][T18502] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.199909][T18502] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.271923][T18503] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5057'. [ 801.518354][T18507] FAULT_INJECTION: forcing a failure. [ 801.518354][T18507] name failslab, interval 1, probability 0, space 0, times 0 [ 801.886909][T18507] CPU: 1 UID: 0 PID: 18507 Comm: syz.2.5058 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 801.886956][T18507] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 801.886967][T18507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 801.886983][T18507] Call Trace: [ 801.886991][T18507] [ 801.887001][T18507] dump_stack_lvl+0x16c/0x1f0 [ 801.887046][T18507] should_fail_ex+0x512/0x640 [ 801.887071][T18507] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 801.887101][T18507] should_failslab+0xc2/0x120 [ 801.887134][T18507] __kmalloc_cache_noprof+0x6a/0x3e0 [ 801.887161][T18507] ? snd_midi_event_new+0x6f/0x210 [ 801.887191][T18507] snd_midi_event_new+0x6f/0x210 [ 801.887217][T18507] snd_virmidi_input_open+0x107/0x4d0 [ 801.887248][T18507] open_substream+0x478/0x990 [ 801.887286][T18507] rawmidi_open_priv+0x513/0x6e0 [ 801.887325][T18507] snd_rawmidi_open+0x4cc/0xbf0 [ 801.887366][T18507] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 801.887409][T18507] ? __pfx_default_wake_function+0x10/0x10 [ 801.887438][T18507] ? kobject_get_unless_zero+0x156/0x1e0 [ 801.887467][T18507] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 801.887502][T18507] snd_open+0x22a/0x4c0 [ 801.887528][T18507] ? __pfx_snd_open+0x10/0x10 [ 801.887552][T18507] chrdev_open+0x231/0x6a0 [ 801.887583][T18507] ? __pfx_apparmor_file_open+0x10/0x10 [ 801.887613][T18507] ? __pfx_chrdev_open+0x10/0x10 [ 801.887647][T18507] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 801.887682][T18507] do_dentry_open+0x97f/0x1530 [ 801.887713][T18507] ? __pfx_chrdev_open+0x10/0x10 [ 801.887752][T18507] vfs_open+0x82/0x3f0 [ 801.887793][T18507] path_openat+0x1de4/0x2cb0 [ 801.887833][T18507] ? __pfx_path_openat+0x10/0x10 [ 801.887871][T18507] do_filp_open+0x20b/0x470 [ 801.887900][T18507] ? __pfx_do_filp_open+0x10/0x10 [ 801.887957][T18507] ? alloc_fd+0x471/0x7d0 [ 801.887991][T18507] do_sys_openat2+0x11b/0x1d0 [ 801.888029][T18507] ? __pfx_do_sys_openat2+0x10/0x10 [ 801.888080][T18507] __x64_sys_openat+0x174/0x210 [ 801.888121][T18507] ? __pfx___x64_sys_openat+0x10/0x10 [ 801.888172][T18507] do_syscall_64+0xcd/0x490 [ 801.888198][T18507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.888224][T18507] RIP: 0033:0x7f016398eb69 [ 801.888244][T18507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.888270][T18507] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 801.888294][T18507] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 801.888311][T18507] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 801.888327][T18507] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 801.888343][T18507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.888358][T18507] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 801.888390][T18507] [ 802.584823][T18519] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 803.767893][T18532] FAULT_INJECTION: forcing a failure. [ 803.767893][T18532] name failslab, interval 1, probability 0, space 0, times 0 [ 803.969056][T18532] CPU: 1 UID: 0 PID: 18532 Comm: syz.1.5066 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 803.969108][T18532] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 803.969119][T18532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 803.969135][T18532] Call Trace: [ 803.969143][T18532] [ 803.969152][T18532] dump_stack_lvl+0x16c/0x1f0 [ 803.969196][T18532] should_fail_ex+0x512/0x640 [ 803.969221][T18532] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 803.969256][T18532] should_failslab+0xc2/0x120 [ 803.969289][T18532] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 803.969319][T18532] ? __pfx___might_resched+0x10/0x10 [ 803.969344][T18532] ? pidfs_register_pid+0x97/0x1f0 [ 803.969368][T18532] ? unix_create1+0x50e/0x700 [ 803.969407][T18532] pidfs_register_pid+0x97/0x1f0 [ 803.969433][T18532] unix_socketpair+0x126/0x860 [ 803.969473][T18532] ? bpf_lsm_socket_post_create+0x9/0x10 [ 803.969506][T18532] ? security_socket_post_create+0x21d/0x260 [ 803.969555][T18532] ? __pfx_unix_socketpair+0x10/0x10 [ 803.969594][T18532] ? __sock_create+0xa2/0x8d0 [ 803.969629][T18532] __sys_socketpair+0x2f2/0x5a0 [ 803.969663][T18532] ? __pfx___sys_socketpair+0x10/0x10 [ 803.969693][T18532] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 803.969736][T18532] ? xfd_validate_state+0x61/0x180 [ 803.969780][T18532] __x64_sys_socketpair+0x96/0x100 [ 803.969811][T18532] ? lockdep_hardirqs_on+0x7c/0x110 [ 803.969849][T18532] do_syscall_64+0xcd/0x490 [ 803.969874][T18532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.969899][T18532] RIP: 0033:0x7fcf0198eb69 [ 803.969919][T18532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.969943][T18532] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 803.969966][T18532] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 803.969983][T18532] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 803.969999][T18532] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 803.970014][T18532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 803.970029][T18532] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 803.970059][T18532] [ 806.342925][T18561] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5077'. [ 806.474492][T18561] IPv6: NLM_F_CREATE should be specified when creating new route [ 806.482870][T18561] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 806.490513][T18561] IPv6: NLM_F_CREATE should be set when creating new route [ 806.498013][T18561] IPv6: NLM_F_CREATE should be set when creating new route [ 806.867023][T18565] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5077'. [ 807.014811][T18565] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 807.618505][T18572] 0x000200000001-0xa29656a63616329 : "" [ 807.679645][T18462] syz.0.5045 (18462) used greatest stack depth: 19656 bytes left [ 807.707564][T18572] mtd: partition "" is out of reach -- disabled [ 807.742330][T18576] ubi0: attaching mtd0 [ 807.781948][T18576] ubi0: scanning is finished [ 807.813389][T18572] ftl_cs: FTL header not found. [ 807.830456][T18576] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 808.768106][T18576] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 812.189383][T18659] FAULT_INJECTION: forcing a failure. [ 812.189383][T18659] name failslab, interval 1, probability 0, space 0, times 0 [ 812.202627][T18659] CPU: 1 UID: 0 PID: 18659 Comm: syz.4.5109 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 812.202672][T18659] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 812.202683][T18659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 812.202698][T18659] Call Trace: [ 812.202708][T18659] [ 812.202718][T18659] dump_stack_lvl+0x16c/0x1f0 [ 812.202762][T18659] should_fail_ex+0x512/0x640 [ 812.202799][T18659] should_failslab+0xc2/0x120 [ 812.202834][T18659] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 812.202866][T18659] ? stack_depot_save_flags+0x29/0x9c0 [ 812.202895][T18659] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 812.202935][T18659] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 812.202975][T18659] idr_get_free+0x528/0xa30 [ 812.203022][T18659] idr_alloc_u32+0x190/0x2f0 [ 812.203061][T18659] ? __pfx_idr_alloc_u32+0x10/0x10 [ 812.203109][T18659] idr_alloc+0xc0/0x130 [ 812.203143][T18659] ? __pfx_idr_alloc+0x10/0x10 [ 812.203176][T18659] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 812.203224][T18659] tipc_conn_alloc+0x337/0x590 [ 812.203258][T18659] tipc_topsrv_kern_subscr+0x11c/0x3c0 [ 812.203295][T18659] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 812.203333][T18659] ? net_generic+0xea/0x2a0 [ 812.203372][T18659] tipc_group_create+0x4ab/0x660 [ 812.203412][T18659] tipc_setsockopt+0x7f0/0xdb0 [ 812.203440][T18659] ? __pfx_tipc_setsockopt+0x10/0x10 [ 812.203470][T18659] ? __fget_files+0x204/0x3c0 [ 812.203501][T18659] ? __pfx_tipc_setsockopt+0x10/0x10 [ 812.203528][T18659] do_sock_setsockopt+0xf3/0x1d0 [ 812.203559][T18659] __sys_setsockopt+0x120/0x1a0 [ 812.203601][T18659] __x64_sys_setsockopt+0xbd/0x160 [ 812.203637][T18659] ? do_syscall_64+0x91/0x490 [ 812.203658][T18659] ? lockdep_hardirqs_on+0x7c/0x110 [ 812.203696][T18659] do_syscall_64+0xcd/0x490 [ 812.203721][T18659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.203747][T18659] RIP: 0033:0x7f3b04d8eb69 [ 812.203767][T18659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.203799][T18659] RSP: 002b:00007f3b05c7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 812.203823][T18659] RAX: ffffffffffffffda RBX: 00007f3b04fb5fa0 RCX: 00007f3b04d8eb69 [ 812.203840][T18659] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000004 [ 812.203856][T18659] RBP: 00007f3b04e11df1 R08: 0000000000000014 R09: 0000000000000000 [ 812.203872][T18659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.203887][T18659] R13: 0000000000000000 R14: 00007f3b04fb5fa0 R15: 00007ffdb7002de8 [ 812.203918][T18659] [ 813.650409][T18683] zswap: compressor 000 not available [ 815.224036][T18718] binder: 18716:18718 ioctl c0306201 0 returned -14 [ 815.866646][T18736] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5131'. [ 817.740772][T18771] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5140'. [ 818.308946][T18784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5144'. [ 818.731528][T18792] FAULT_INJECTION: forcing a failure. [ 818.731528][T18792] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 818.922432][T18792] CPU: 1 UID: 0 PID: 18792 Comm: syz.2.5147 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 818.922477][T18792] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 818.922488][T18792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 818.922504][T18792] Call Trace: [ 818.922512][T18792] [ 818.922521][T18792] dump_stack_lvl+0x16c/0x1f0 [ 818.922565][T18792] should_fail_ex+0x512/0x640 [ 818.922595][T18792] should_fail_alloc_page+0xe7/0x130 [ 818.922632][T18792] prepare_alloc_pages+0x3c2/0x610 [ 818.922669][T18792] ? stack_trace_save+0x8e/0xc0 [ 818.922702][T18792] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 818.922739][T18792] ? kasan_save_stack+0x42/0x60 [ 818.922766][T18792] ? kasan_save_stack+0x33/0x60 [ 818.922793][T18792] ? kasan_save_track+0x14/0x30 [ 818.922821][T18792] ? __kasan_kmalloc+0xaa/0xb0 [ 818.922847][T18792] ? fuse_dev_alloc+0x8e/0x280 [ 818.922880][T18792] ? fuse_dev_alloc_install+0x13/0x40 [ 818.922913][T18792] ? cuse_channel_open+0x100/0x7f0 [ 818.922943][T18792] ? misc_open+0x35a/0x420 [ 818.922975][T18792] ? chrdev_open+0x231/0x6a0 [ 818.923005][T18792] ? do_dentry_open+0x97f/0x1530 [ 818.923034][T18792] ? vfs_open+0x82/0x3f0 [ 818.923068][T18792] ? path_openat+0x1de4/0x2cb0 [ 818.923095][T18792] ? look_up_lock_class+0x6b/0x150 [ 818.923143][T18792] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 818.923195][T18792] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 818.923236][T18792] ? policy_nodemask+0xea/0x4e0 [ 818.923272][T18792] alloc_pages_mpol+0x1fb/0x550 [ 818.923308][T18792] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 818.923343][T18792] ? fuse_dev_alloc_install+0x2b/0x40 [ 818.923384][T18792] folio_alloc_noprof+0x20/0x2d0 [ 818.923428][T18792] cuse_channel_open+0x198/0x7f0 [ 818.923460][T18792] ? __pfx_cuse_channel_open+0x10/0x10 [ 818.923494][T18792] misc_open+0x35a/0x420 [ 818.923529][T18792] ? __pfx_misc_open+0x10/0x10 [ 818.923563][T18792] chrdev_open+0x231/0x6a0 [ 818.923595][T18792] ? __pfx_apparmor_file_open+0x10/0x10 [ 818.923624][T18792] ? __pfx_chrdev_open+0x10/0x10 [ 818.923659][T18792] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 818.923694][T18792] do_dentry_open+0x97f/0x1530 [ 818.923726][T18792] ? __pfx_chrdev_open+0x10/0x10 [ 818.923765][T18792] vfs_open+0x82/0x3f0 [ 818.923806][T18792] path_openat+0x1de4/0x2cb0 [ 818.923846][T18792] ? __pfx_path_openat+0x10/0x10 [ 818.923887][T18792] do_filp_open+0x20b/0x470 [ 818.923918][T18792] ? __pfx_do_filp_open+0x10/0x10 [ 818.923969][T18792] ? alloc_fd+0x471/0x7d0 [ 818.924005][T18792] do_sys_openat2+0x11b/0x1d0 [ 818.924044][T18792] ? __pfx_do_sys_openat2+0x10/0x10 [ 818.924094][T18792] __x64_sys_openat+0x174/0x210 [ 818.924141][T18792] ? __pfx___x64_sys_openat+0x10/0x10 [ 818.924194][T18792] do_syscall_64+0xcd/0x490 [ 818.924219][T18792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.924244][T18792] RIP: 0033:0x7f016398eb69 [ 818.924265][T18792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.924290][T18792] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 818.924315][T18792] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 818.924332][T18792] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 818.924348][T18792] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 818.924364][T18792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 818.924380][T18792] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 818.924411][T18792] [ 819.710293][T18793] Loading of unsigned module is rejected [ 819.723775][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.809388][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 820.050615][T18796] Process accounting paused [ 821.132696][T18821] FAULT_INJECTION: forcing a failure. [ 821.132696][T18821] name failslab, interval 1, probability 0, space 0, times 0 [ 821.160097][T18821] CPU: 1 UID: 0 PID: 18821 Comm: syz.0.5152 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 821.160144][T18821] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 821.160154][T18821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 821.160171][T18821] Call Trace: [ 821.160179][T18821] [ 821.160189][T18821] dump_stack_lvl+0x16c/0x1f0 [ 821.160233][T18821] should_fail_ex+0x512/0x640 [ 821.160259][T18821] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 821.160288][T18821] should_failslab+0xc2/0x120 [ 821.160322][T18821] __kmalloc_cache_noprof+0x6a/0x3e0 [ 821.160347][T18821] ? __genradix_ptr_alloc+0x340/0x5f0 [ 821.160379][T18821] ? sctp_auth_shkey_create+0x9e/0x210 [ 821.160421][T18821] sctp_auth_shkey_create+0x9e/0x210 [ 821.160461][T18821] sctp_auth_asoc_copy_shkeys+0x1f2/0x360 [ 821.160506][T18821] sctp_association_new+0x19ad/0x2a00 [ 821.160539][T18821] sctp_connect_new_asoc+0x1a8/0x770 [ 821.160567][T18821] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 821.160596][T18821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 821.160641][T18821] __sctp_connect+0x3f3/0xc60 [ 821.160670][T18821] ? do_raw_spin_lock+0x12c/0x2b0 [ 821.160711][T18821] ? __pfx___sctp_connect+0x10/0x10 [ 821.160739][T18821] ? __pfx_sctp_inet_connect+0x10/0x10 [ 821.160766][T18821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 821.160806][T18821] ? __pfx_sctp_inet_connect+0x10/0x10 [ 821.160831][T18821] sctp_inet_connect+0x15f/0x200 [ 821.160857][T18821] __sys_connect_file+0x141/0x1a0 [ 821.160895][T18821] __sys_connect+0x13b/0x160 [ 821.160928][T18821] ? __pfx___sys_connect+0x10/0x10 [ 821.160972][T18821] ? xfd_validate_state+0x61/0x180 [ 821.161017][T18821] ? __pfx_do_writev+0x10/0x10 [ 821.161050][T18821] __x64_sys_connect+0x72/0xb0 [ 821.161086][T18821] ? lockdep_hardirqs_on+0x7c/0x110 [ 821.161124][T18821] do_syscall_64+0xcd/0x490 [ 821.161149][T18821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.161174][T18821] RIP: 0033:0x7f4773d8eb69 [ 821.161194][T18821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 821.161219][T18821] RSP: 002b:00007f4774b9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 821.161243][T18821] RAX: ffffffffffffffda RBX: 00007f4773fb5fa0 RCX: 00007f4773d8eb69 [ 821.161260][T18821] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 821.161275][T18821] RBP: 00007f4773e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 821.161291][T18821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.161306][T18821] R13: 0000000000000000 R14: 00007f4773fb5fa0 R15: 00007fffe1ee0638 [ 821.161348][T18821] [ 821.723290][T18822] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5151'. [ 822.135794][T18829] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 823.119064][T18848] netlink: 146 bytes leftover after parsing attributes in process `syz.0.5165'. [ 823.399937][T18853] [U]  [ 823.402815][T18853] [U] [ 823.405532][T18853] [U] [ 823.408260][T18853] [U] [ 823.629375][T18858] [U] [ 824.196286][T18869] mkiss: ax0: crc mode is auto. [ 824.299350][T18871] FAULT_INJECTION: forcing a failure. [ 824.299350][T18871] name failslab, interval 1, probability 0, space 0, times 0 [ 824.441558][T18871] CPU: 1 UID: 0 PID: 18871 Comm: syz.2.5170 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 824.441605][T18871] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 824.441616][T18871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 824.441632][T18871] Call Trace: [ 824.441641][T18871] [ 824.441650][T18871] dump_stack_lvl+0x16c/0x1f0 [ 824.441701][T18871] should_fail_ex+0x512/0x640 [ 824.441726][T18871] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 824.441759][T18871] should_failslab+0xc2/0x120 [ 824.441793][T18871] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 824.441824][T18871] ? __pfx_apparmor_file_open+0x10/0x10 [ 824.441852][T18871] ? seq_open+0x55/0x170 [ 824.441892][T18871] seq_open+0x55/0x170 [ 824.441928][T18871] probes_open+0xb8/0x100 [ 824.441962][T18871] do_dentry_open+0x97f/0x1530 [ 824.441994][T18871] ? __pfx_probes_open+0x10/0x10 [ 824.442032][T18871] vfs_open+0x82/0x3f0 [ 824.442073][T18871] path_openat+0x1de4/0x2cb0 [ 824.442112][T18871] ? __pfx_path_openat+0x10/0x10 [ 824.442149][T18871] do_filp_open+0x20b/0x470 [ 824.442179][T18871] ? __pfx_do_filp_open+0x10/0x10 [ 824.442229][T18871] ? alloc_fd+0x471/0x7d0 [ 824.442263][T18871] do_sys_openat2+0x11b/0x1d0 [ 824.442302][T18871] ? __pfx_do_sys_openat2+0x10/0x10 [ 824.442339][T18871] ? __sock_release+0x20b/0x270 [ 824.442373][T18871] __x64_sys_openat+0x174/0x210 [ 824.442413][T18871] ? __pfx___x64_sys_openat+0x10/0x10 [ 824.442465][T18871] do_syscall_64+0xcd/0x490 [ 824.442490][T18871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.442515][T18871] RIP: 0033:0x7f016398eb69 [ 824.442534][T18871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 824.442559][T18871] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 824.442582][T18871] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 824.442599][T18871] RDX: 0000000000000002 RSI: 0000200000001680 RDI: ffffffffffffff9c [ 824.442616][T18871] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 824.442631][T18871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.442647][T18871] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 824.442677][T18871] [ 825.492795][T18887] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5176'. [ 825.677024][T18894] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 826.381016][T18910] netlink: 'syz.0.5185': attribute type 4 has an invalid length. [ 827.295578][T18928] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5190'. [ 827.651482][T18932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5192'. [ 827.683654][T18932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5192'. [ 828.216176][T18943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5196'. [ 828.403377][T18945] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5195'. [ 829.415252][T18960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5203'. [ 829.484364][T18960] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5203'. [ 829.738841][T18964] FAULT_INJECTION: forcing a failure. [ 829.738841][T18964] name failslab, interval 1, probability 0, space 0, times 0 [ 829.936285][T18964] CPU: 1 UID: 0 PID: 18964 Comm: syz.1.5202 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 829.936331][T18964] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 829.936342][T18964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 829.936357][T18964] Call Trace: [ 829.936365][T18964] [ 829.936375][T18964] dump_stack_lvl+0x16c/0x1f0 [ 829.936419][T18964] should_fail_ex+0x512/0x640 [ 829.936445][T18964] ? __kmalloc_noprof+0xbf/0x510 [ 829.936477][T18964] ? lsm_blob_alloc+0x68/0x90 [ 829.936511][T18964] should_failslab+0xc2/0x120 [ 829.936545][T18964] __kmalloc_noprof+0xd2/0x510 [ 829.936581][T18964] lsm_blob_alloc+0x68/0x90 [ 829.936617][T18964] security_sk_alloc+0x30/0x270 [ 829.936660][T18964] sk_prot_alloc+0xfb/0x2a0 [ 829.936690][T18964] sk_alloc+0x36/0xc20 [ 829.936727][T18964] inet_create+0x3a1/0x1040 [ 829.936759][T18964] ? inet_create+0x93/0x1040 [ 829.936794][T18964] __sock_create+0x335/0x8d0 [ 829.936829][T18964] mptcp_subflow_create_socket+0xf5/0xed0 [ 829.936857][T18964] ? futex_unqueue+0x133/0x2c0 [ 829.936912][T18964] ? aa_label_sk_perm+0x19b/0x5a0 [ 829.936938][T18964] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 829.936976][T18964] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 829.937007][T18964] __mptcp_nmpc_sk+0x182/0x7d0 [ 829.937039][T18964] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 829.937079][T18964] mptcp_connect+0x7e/0xae0 [ 829.937113][T18964] __inet_stream_connect+0x917/0xf60 [ 829.937152][T18964] ? __pfx___inet_stream_connect+0x10/0x10 [ 829.937183][T18964] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 829.937227][T18964] ? __pfx_inet_stream_connect+0x10/0x10 [ 829.937259][T18964] ? __local_bh_enable_ip+0xa4/0x120 [ 829.937292][T18964] ? __pfx_inet_stream_connect+0x10/0x10 [ 829.937322][T18964] inet_stream_connect+0x57/0xa0 [ 829.937354][T18964] __sys_connect_file+0x141/0x1a0 [ 829.937392][T18964] __sys_connect+0x13b/0x160 [ 829.937425][T18964] ? __pfx___sys_connect+0x10/0x10 [ 829.937470][T18964] ? xfd_validate_state+0x61/0x180 [ 829.937515][T18964] __x64_sys_connect+0x72/0xb0 [ 829.937548][T18964] ? lockdep_hardirqs_on+0x7c/0x110 [ 829.937586][T18964] do_syscall_64+0xcd/0x490 [ 829.937610][T18964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.937636][T18964] RIP: 0033:0x7fcf0198eb69 [ 829.937656][T18964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 829.937682][T18964] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 829.937706][T18964] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 829.937723][T18964] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000003 [ 829.937740][T18964] RBP: 00007fcf01a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 829.937756][T18964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 829.937771][T18964] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 829.937802][T18964] [ 830.253460][T18976] netlink: 146 bytes leftover after parsing attributes in process `syz.0.5208'. [ 830.947840][T18986] FAULT_INJECTION: forcing a failure. [ 830.947840][T18986] name failslab, interval 1, probability 0, space 0, times 0 [ 830.995216][T18986] CPU: 1 UID: 0 PID: 18986 Comm: syz.1.5212 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 830.995263][T18986] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 830.995274][T18986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 830.995289][T18986] Call Trace: [ 830.995297][T18986] [ 830.995308][T18986] dump_stack_lvl+0x16c/0x1f0 [ 830.995352][T18986] should_fail_ex+0x512/0x640 [ 830.995377][T18986] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 830.995406][T18986] should_failslab+0xc2/0x120 [ 830.995439][T18986] __kmalloc_cache_noprof+0x6a/0x3e0 [ 830.995466][T18986] ? sctp_auth_init_hmacs+0xf2/0x440 [ 830.995509][T18986] sctp_auth_init_hmacs+0xf2/0x440 [ 830.995547][T18986] ? kasan_save_track+0x14/0x30 [ 830.995578][T18986] sctp_auth_init+0x90/0x570 [ 830.995621][T18986] sctp_setsockopt+0xa371/0xb870 [ 830.995653][T18986] ? __pfx_sctp_setsockopt+0x10/0x10 [ 830.995679][T18986] ? __pfx_aa_sk_perm+0x10/0x10 [ 830.995705][T18986] ? __fget_files+0x204/0x3c0 [ 830.995735][T18986] ? sock_common_setsockopt+0x2e/0xf0 [ 830.995762][T18986] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 830.995792][T18986] do_sock_setsockopt+0xf3/0x1d0 [ 830.995823][T18986] __sys_setsockopt+0x120/0x1a0 [ 830.995872][T18986] __x64_sys_setsockopt+0xbd/0x160 [ 830.995908][T18986] ? do_syscall_64+0x91/0x490 [ 830.995930][T18986] ? lockdep_hardirqs_on+0x7c/0x110 [ 830.995968][T18986] do_syscall_64+0xcd/0x490 [ 830.995992][T18986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.996018][T18986] RIP: 0033:0x7fcf0198eb69 [ 830.996037][T18986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 830.996062][T18986] RSP: 002b:00007fceff7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 830.996086][T18986] RAX: ffffffffffffffda RBX: 00007fcf01bb5fa0 RCX: 00007fcf0198eb69 [ 830.996103][T18986] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 830.996119][T18986] RBP: 00007fcf01a11df1 R08: 0000000000000008 R09: 0000000000000000 [ 830.996135][T18986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 830.996150][T18986] R13: 0000000000000000 R14: 00007fcf01bb5fa0 R15: 00007ffcb93d4808 [ 830.996181][T18986] [ 833.113375][T15177] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 833.202493][ T31] audit: type=1800 audit(4294968521.863:24): pid=19022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5221" name="dbroot" dev="configfs" ino=65525 res=0 errno=0 [ 833.404322][T19026] netlink: 'syz.2.5223': attribute type 27 has an invalid length. [ 833.530129][T19026] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5223'. [ 835.731652][T19065] ================================================================== [ 835.739848][T19065] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 835.747684][T19065] Read of size 8 at addr ffff888146eb8818 by task syz.2.5235/19065 [ 835.755600][T19065] [ 835.757947][T19065] CPU: 1 UID: 0 PID: 19065 Comm: syz.2.5235 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 835.757992][T19065] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 835.758002][T19065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 835.758018][T19065] Call Trace: [ 835.758029][T19065] [ 835.758039][T19065] dump_stack_lvl+0x116/0x1f0 [ 835.758083][T19065] print_report+0xcd/0x630 [ 835.758115][T19065] ? __virt_addr_valid+0x81/0x610 [ 835.758146][T19065] ? __phys_addr+0xe8/0x180 [ 835.758177][T19065] ? dvb_device_open+0x36a/0x3b0 [ 835.758201][T19065] kasan_report+0xe0/0x110 [ 835.758234][T19065] ? dvb_device_open+0x36a/0x3b0 [ 835.758260][T19065] ? __pfx_dvb_device_open+0x10/0x10 [ 835.758284][T19065] dvb_device_open+0x36a/0x3b0 [ 835.758307][T19065] ? __pfx_dvb_device_open+0x10/0x10 [ 835.758331][T19065] chrdev_open+0x231/0x6a0 [ 835.758362][T19065] ? __pfx_apparmor_file_open+0x10/0x10 [ 835.758392][T19065] ? __pfx_chrdev_open+0x10/0x10 [ 835.758426][T19065] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 835.758462][T19065] do_dentry_open+0x97f/0x1530 [ 835.758493][T19065] ? __pfx_chrdev_open+0x10/0x10 [ 835.758528][T19065] vfs_open+0x82/0x3f0 [ 835.758569][T19065] path_openat+0x1de4/0x2cb0 [ 835.758603][T19065] ? __pfx_path_openat+0x10/0x10 [ 835.758637][T19065] do_filp_open+0x20b/0x470 [ 835.758666][T19065] ? __pfx_do_filp_open+0x10/0x10 [ 835.758706][T19065] ? alloc_fd+0x471/0x7d0 [ 835.758736][T19065] do_sys_openat2+0x11b/0x1d0 [ 835.758775][T19065] ? __pfx_do_sys_openat2+0x10/0x10 [ 835.758815][T19065] ? do_raw_spin_unlock+0x172/0x230 [ 835.758859][T19065] __x64_sys_openat+0x174/0x210 [ 835.758898][T19065] ? __pfx___x64_sys_openat+0x10/0x10 [ 835.758944][T19065] do_syscall_64+0xcd/0x490 [ 835.758968][T19065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.758995][T19065] RIP: 0033:0x7f016398eb69 [ 835.759016][T19065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 835.759041][T19065] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 835.759066][T19065] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 835.759084][T19065] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 835.759100][T19065] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 835.759117][T19065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 835.759133][T19065] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 835.759157][T19065] [ 835.759166][T19065] [ 836.018091][T19065] Allocated by task 1: [ 836.022192][T19065] kasan_save_stack+0x33/0x60 [ 836.026990][T19065] kasan_save_track+0x14/0x30 [ 836.031691][T19065] __kasan_kmalloc+0xaa/0xb0 [ 836.036389][T19065] dvb_register_device+0x1e4/0x2370 [ 836.041621][T19065] dvb_register_frontend+0x5a6/0x880 [ 836.046956][T19065] vidtv_bridge_probe+0x459/0xa90 [ 836.052020][T19065] platform_probe+0x106/0x1d0 [ 836.056726][T19065] really_probe+0x23e/0xa90 [ 836.061452][T19065] __driver_probe_device+0x1de/0x440 [ 836.066774][T19065] driver_probe_device+0x4c/0x1b0 [ 836.071828][T19065] __driver_attach+0x283/0x580 [ 836.076628][T19065] bus_for_each_dev+0x13b/0x1d0 [ 836.081551][T19065] bus_add_driver+0x2e9/0x690 [ 836.086280][T19065] driver_register+0x15c/0x4b0 [ 836.091072][T19065] vidtv_bridge_init+0x45/0x80 [ 836.095985][T19065] do_one_initcall+0x120/0x6e0 [ 836.100875][T19065] kernel_init_freeable+0x5c2/0x910 [ 836.106366][T19065] kernel_init+0x1c/0x2b0 [ 836.110724][T19065] ret_from_fork+0x5d4/0x6f0 [ 836.115616][T19065] ret_from_fork_asm+0x1a/0x30 [ 836.120583][T19065] [ 836.123012][T19065] Freed by task 18894: [ 836.127123][T19065] kasan_save_stack+0x33/0x60 [ 836.131938][T19065] kasan_save_track+0x14/0x30 [ 836.136638][T19065] kasan_save_free_info+0x3b/0x60 [ 836.141715][T19065] __kasan_slab_free+0x51/0x70 [ 836.146507][T19065] kfree+0x2b4/0x4d0 [ 836.150598][T19065] dvb_device_put.part.0+0x60/0x90 [ 836.155743][T19065] dvb_device_open+0x2a4/0x3b0 [ 836.160516][T19065] chrdev_open+0x231/0x6a0 [ 836.164971][T19065] do_dentry_open+0x97f/0x1530 [ 836.169770][T19065] vfs_open+0x82/0x3f0 [ 836.173880][T19065] path_openat+0x1de4/0x2cb0 [ 836.178576][T19065] do_filp_open+0x20b/0x470 [ 836.183142][T19065] do_sys_openat2+0x11b/0x1d0 [ 836.187861][T19065] __x64_sys_openat+0x174/0x210 [ 836.193360][T19065] do_syscall_64+0xcd/0x490 [ 836.197913][T19065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.203818][T19065] [ 836.206148][T19065] The buggy address belongs to the object at ffff888146eb8800 [ 836.206148][T19065] which belongs to the cache kmalloc-256 of size 256 [ 836.220203][T19065] The buggy address is located 24 bytes inside of [ 836.220203][T19065] freed 256-byte region [ffff888146eb8800, ffff888146eb8900) [ 836.234278][T19065] [ 836.236702][T19065] The buggy address belongs to the physical page: [ 836.243242][T19065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146eb8 [ 836.252106][T19065] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 836.260787][T19065] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 836.268626][T19065] page_type: f5(slab) [ 836.272658][T19065] raw: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 836.281268][T19065] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 836.290016][T19065] head: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 836.298715][T19065] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 836.307421][T19065] head: 057ff00000000001 ffffea00051bae01 00000000ffffffff 00000000ffffffff [ 836.316240][T19065] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 836.324954][T19065] page dumped because: kasan: bad access detected [ 836.331489][T19065] page_owner tracks the page as allocated [ 836.337239][T19065] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 26688799756, free_ts 0 [ 836.357085][T19065] post_alloc_hook+0x1c0/0x230 [ 836.361970][T19065] get_page_from_freelist+0x132b/0x38e0 [ 836.367547][T19065] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 836.373472][T19065] alloc_pages_mpol+0x1fb/0x550 [ 836.378441][T19065] new_slab+0x247/0x330 [ 836.382610][T19065] ___slab_alloc+0xcf2/0x1740 [ 836.387305][T19065] __slab_alloc.constprop.0+0x56/0xb0 [ 836.392734][T19065] __kmalloc_cache_noprof+0xfb/0x3e0 [ 836.398049][T19065] bus_add_driver+0x92/0x690 [ 836.402687][T19065] driver_register+0x15c/0x4b0 [ 836.407554][T19065] do_one_initcall+0x120/0x6e0 [ 836.412467][T19065] kernel_init_freeable+0x5c2/0x910 [ 836.417758][T19065] kernel_init+0x1c/0x2b0 [ 836.422115][T19065] ret_from_fork+0x5d4/0x6f0 [ 836.426744][T19065] ret_from_fork_asm+0x1a/0x30 [ 836.431725][T19065] page_owner free stack trace missing [ 836.437116][T19065] [ 836.439468][T19065] Memory state around the buggy address: [ 836.445231][T19065] ffff888146eb8700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 836.453340][T19065] ffff888146eb8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 836.461416][T19065] >ffff888146eb8800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 836.469487][T19065] ^ [ 836.474494][T19065] ffff888146eb8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 836.482637][T19065] ffff888146eb8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 836.490748][T19065] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 838.963605][T19065] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 838.970858][T19065] CPU: 1 UID: 0 PID: 19065 Comm: syz.2.5235 Tainted: G U I 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) [ 838.984750][T19065] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 838.991018][T19065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 839.001191][T19065] Call Trace: [ 839.004481][T19065] [ 839.007428][T19065] dump_stack_lvl+0x3d/0x1f0 [ 839.012139][T19065] vpanic+0x6e8/0x7a0 [ 839.016149][T19065] ? __pfx_vpanic+0x10/0x10 [ 839.020674][T19065] ? __pfx_vprintk_emit+0x10/0x10 [ 839.025716][T19065] ? dvb_device_open+0x36a/0x3b0 [ 839.030753][T19065] panic+0xca/0xd0 [ 839.034502][T19065] ? __pfx_panic+0x10/0x10 [ 839.038945][T19065] ? dvb_device_open+0x36a/0x3b0 [ 839.043981][T19065] ? preempt_schedule_common+0x44/0xc0 [ 839.049468][T19065] ? preempt_schedule_thunk+0x16/0x30 [ 839.054885][T19065] check_panic_on_warn+0xab/0xb0 [ 839.059879][T19065] end_report+0x107/0x170 [ 839.064330][T19065] kasan_report+0xee/0x110 [ 839.068771][T19065] ? dvb_device_open+0x36a/0x3b0 [ 839.073725][T19065] ? __pfx_dvb_device_open+0x10/0x10 [ 839.079047][T19065] dvb_device_open+0x36a/0x3b0 [ 839.083911][T19065] ? __pfx_dvb_device_open+0x10/0x10 [ 839.089342][T19065] chrdev_open+0x231/0x6a0 [ 839.094093][T19065] ? __pfx_apparmor_file_open+0x10/0x10 [ 839.099688][T19065] ? __pfx_chrdev_open+0x10/0x10 [ 839.105281][T19065] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 839.111805][T19065] do_dentry_open+0x97f/0x1530 [ 839.116645][T19065] ? __pfx_chrdev_open+0x10/0x10 [ 839.121799][T19065] vfs_open+0x82/0x3f0 [ 839.125921][T19065] path_openat+0x1de4/0x2cb0 [ 839.130536][T19065] ? __pfx_path_openat+0x10/0x10 [ 839.135497][T19065] do_filp_open+0x20b/0x470 [ 839.140020][T19065] ? __pfx_do_filp_open+0x10/0x10 [ 839.145189][T19065] ? alloc_fd+0x471/0x7d0 [ 839.149541][T19065] do_sys_openat2+0x11b/0x1d0 [ 839.154320][T19065] ? __pfx_do_sys_openat2+0x10/0x10 [ 839.159775][T19065] ? do_raw_spin_unlock+0x172/0x230 [ 839.165044][T19065] __x64_sys_openat+0x174/0x210 [ 839.170028][T19065] ? __pfx___x64_sys_openat+0x10/0x10 [ 839.175476][T19065] do_syscall_64+0xcd/0x490 [ 839.180009][T19065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.185921][T19065] RIP: 0033:0x7f016398eb69 [ 839.190347][T19065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 839.209989][T19065] RSP: 002b:00007f0164838038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 839.218428][T19065] RAX: ffffffffffffffda RBX: 00007f0163bb5fa0 RCX: 00007f016398eb69 [ 839.226414][T19065] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 839.234577][T19065] RBP: 00007f0163a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 839.242662][T19065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 839.250671][T19065] R13: 0000000000000000 R14: 00007f0163bb5fa0 R15: 00007ffe1f14c1e8 [ 839.258839][T19065] [ 839.261965][T19065] Kernel Offset: disabled [ 839.266338][T19065] Rebooting in 86400 seconds..