last executing test programs: 4.712405629s ago: executing program 2 (id=3634): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r2, 0x0) r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r3, @ANYRES32=r2, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r5 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r5, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 4.359200803s ago: executing program 1 (id=3635): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x28, 0x1, 0x0) getsockopt$auto(r0, 0x28, 0x0, 0x0, 0x0) 4.201388186s ago: executing program 1 (id=3636): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/tty36/power/runtime_suspended_time\x00', 0x2e0000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.2/usb3/authorized_default\x00', 0x20a42, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) write$auto(0x4, 0x0, 0x100082) 4.072438073s ago: executing program 1 (id=3637): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r1 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r1, 0x0) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r2, @ANYRES16=r2, @ANYRES32=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r3, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r4 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r4, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 4.030801237s ago: executing program 0 (id=3639): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r0) sendmsg$auto_TIPC_NL_NET_SET(r0, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000140)={0x24, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@typed={0xc, 0x3, 0x0, 0x0, @binary="509b092db693f776"}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x4002) 3.547582049s ago: executing program 0 (id=3640): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x6, 0x80003, 0x2000000000004, 0x1ffffffffffd, 0xb4, 0xffffffffffffffff, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0xffffffff, 0x200, 0x0, 0x84, 0x0, 0xfff, 0x0, 0x0, 0x2, [0x9a8, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000000000000]}, 0x1fe, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd03, &(0x7f00000001c0)) 3.266391328s ago: executing program 0 (id=3641): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x5c, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x80}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @multicast1}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x3a}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x48040) 2.942649581s ago: executing program 0 (id=3644): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) futex_wait$auto(0x0, 0x0, 0x7f, 0xa, 0x0, 0x1) futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2) 2.775463226s ago: executing program 2 (id=3646): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x542, 0x0) writev$auto(0x3, &(0x7f0000004100)={0x0, 0xb}, 0x3ff) 2.753639767s ago: executing program 3 (id=3647): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/module/kvm/parameters/nx_huge_pages_recovery_period_ms\x00', 0x149b01, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\xf4\x97\xff*\x8a\xeb+8A\x99\x17\xfc\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 2.622587121s ago: executing program 3 (id=3648): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r2, 0x0) r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRES16=r3, @ANYRES32=r2, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r5 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r5, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 2.578839683s ago: executing program 0 (id=3649): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r2, 0x0) r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRES16=r3, @ANYRES32=r2, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r5 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r5, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 2.434902904s ago: executing program 2 (id=3650): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x4, 0x8000) ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, r0, 0xffffffffffffffff, 0x20000ce42) 2.166929756s ago: executing program 1 (id=3651): get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000380)={0x12a004080, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f0000000100)=[0x0], 0x1}, 0x58) 1.900786414s ago: executing program 1 (id=3652): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r1 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r1, 0x0) syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r2, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r3 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r3, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 1.739142024s ago: executing program 2 (id=3653): syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) semget$auto(0x0, 0x13c, 0x1ff) semtimedop$auto(0x0, &(0x7f0000000300)={0x4, 0xffff, 0x70}, 0x1f4, 0x0) 1.384994767s ago: executing program 3 (id=3654): close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0) read$auto(0x3, 0x0, 0x80) 1.29132635s ago: executing program 3 (id=3655): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r2, 0x0) r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r3, @ANYRES32=r2, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r5 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r5, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 1.238093456s ago: executing program 2 (id=3656): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r2 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r2, 0x0) r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRES16=r3, @ANYRES32=r2, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r5 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r5, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 975.762235ms ago: executing program 0 (id=3657): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r0 = socket(0x37, 0x4, 0xa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r1 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r1, 0x0) r2 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r2, @ANYRES16=r2, @ANYRES32=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r3, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r4 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r4, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 622.561075ms ago: executing program 1 (id=3658): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) mlock$auto(0x1000, 0x6) 117.923934ms ago: executing program 3 (id=3659): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x40, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x6}, @OVS_DP_ATTR_NAME={0x11, 0x1, '\xf3|B-\xfc\t\x02\x18\x00\x00\x00\x00\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 39.980771ms ago: executing program 3 (id=3660): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x6c, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_SEQ={0x6, 0x6, 0x81}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IF1_SEQ={0x6, 0x6, 0xe}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @local}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_SEQ={0x0, 0x7, 0x4}, @HSR_A_IF1_AGE={0x1, 0x3, 0x3e}, @HSR_A_IF2_SEQ={0x0, 0x7, 0x6}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20040084}, 0x40090) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf25030000000400080004000337"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xfffffffe, &(0x7f00000002c0)={0x0, 0xc6}, 0x8, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0xc208ae62, 0x38) bpf$auto(0xfffffffd, 0x0, 0xa3) write$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffffff, &(0x7f0000000000)="706f3a82d9e5cc7c2ceda8d50bfc94be9fe6c22ffaf8493a38", 0x19) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x0, 0x20499d, 0x9) setsockopt$auto(r0, 0x6, 0x3, &(0x7f0000000040)='/dev/ram7\x00', 0x8) 0s ago: executing program 2 (id=3661): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567) kernel console output (not intermixed with test programs): ut: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 256.780797][ T7970] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 260.161848][ T7994] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 260.830110][ T8006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.346'. [ 261.224833][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.231244][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.567720][ T8030] FAULT_INJECTION: forcing a failure. [ 262.567720][ T8030] name failslab, interval 1, probability 0, space 0, times 0 [ 262.600457][ T8030] CPU: 0 UID: 0 PID: 8030 Comm: syz.3.351 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 262.600502][ T8030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 262.600520][ T8030] Call Trace: [ 262.600530][ T8030] [ 262.600542][ T8030] dump_stack_lvl+0x16c/0x1f0 [ 262.600602][ T8030] should_fail_ex+0x512/0x640 [ 262.600632][ T8030] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 262.600680][ T8030] should_failslab+0xc2/0x120 [ 262.600721][ T8030] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 262.600761][ T8030] ? __kthread_create_on_node+0x186/0x3f0 [ 262.600810][ T8030] kvasprintf+0xbc/0x160 [ 262.600846][ T8030] ? __pfx_kvasprintf+0x10/0x10 [ 262.600900][ T8030] ? __pfx_rescuer_thread+0x10/0x10 [ 262.600945][ T8030] __kthread_create_on_node+0x186/0x3f0 [ 262.600987][ T8030] ? __pfx___kthread_create_on_node+0x10/0x10 [ 262.601038][ T8030] ? __pfx_vsnprintf+0x10/0x10 [ 262.601089][ T8030] ? __pfx_rescuer_thread+0x10/0x10 [ 262.601136][ T8030] kthread_create_on_node+0xc7/0x100 [ 262.601176][ T8030] ? __pfx_kthread_create_on_node+0x10/0x10 [ 262.601214][ T8030] ? __pfx_scnprintf+0x10/0x10 [ 262.601279][ T8030] init_rescuer+0x320/0x640 [ 262.601323][ T8030] ? __pfx_init_rescuer+0x10/0x10 [ 262.601374][ T8030] ? wq_adjust_max_active+0x39d/0x4a0 [ 262.601425][ T8030] __alloc_workqueue+0xc37/0x1810 [ 262.601477][ T8030] alloc_workqueue_noprof+0xd2/0x200 [ 262.601517][ T8030] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 262.601564][ T8030] ? debug_mutex_init+0x37/0x70 [ 262.601618][ T8030] nbd_dev_add+0x51b/0xbb0 [ 262.601645][ T8030] ? find_held_lock+0x2b/0x80 [ 262.601673][ T8030] ? __pfx_nbd_dev_add+0x10/0x10 [ 262.601700][ T8030] ? nbd_genl_connect+0x98e/0x1c60 [ 262.601761][ T8030] ? bpf_lsm_capable+0x9/0x10 [ 262.601791][ T8030] ? __radix_tree_lookup+0x21f/0x2c0 [ 262.601842][ T8030] nbd_genl_connect+0x8b0/0x1c60 [ 262.601883][ T8030] ? __pfx_nbd_genl_connect+0x10/0x10 [ 262.601918][ T8030] ? __nla_parse+0x40/0x60 [ 262.601962][ T8030] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 262.601997][ T8030] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 262.602042][ T8030] genl_family_rcv_msg_doit+0x209/0x2f0 [ 262.602079][ T8030] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 262.602112][ T8030] ? genl_get_cmd+0x194/0x580 [ 262.602155][ T8030] ? __radix_tree_lookup+0x21f/0x2c0 [ 262.602204][ T8030] genl_rcv_msg+0x55c/0x800 [ 262.602242][ T8030] ? __pfx_genl_rcv_msg+0x10/0x10 [ 262.602275][ T8030] ? __pfx_nbd_genl_connect+0x10/0x10 [ 262.602324][ T8030] netlink_rcv_skb+0x158/0x420 [ 262.602371][ T8030] ? __pfx_genl_rcv_msg+0x10/0x10 [ 262.602405][ T8030] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 262.602472][ T8030] ? netlink_deliver_tap+0x1ae/0xd30 [ 262.602524][ T8030] genl_rcv+0x28/0x40 [ 262.602551][ T8030] netlink_unicast+0x5a7/0x870 [ 262.602612][ T8030] ? __pfx_netlink_unicast+0x10/0x10 [ 262.602659][ T8030] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 262.602703][ T8030] ? __lock_acquire+0xb97/0x1ce0 [ 262.602755][ T8030] netlink_sendmsg+0x8d1/0xdd0 [ 262.602810][ T8030] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.602875][ T8030] ____sys_sendmsg+0xa95/0xc70 [ 262.602912][ T8030] ? copy_msghdr_from_user+0x10a/0x160 [ 262.602957][ T8030] ? __pfx_____sys_sendmsg+0x10/0x10 [ 262.603003][ T8030] ? __pfx_futex_wake_mark+0x10/0x10 [ 262.603054][ T8030] ___sys_sendmsg+0x134/0x1d0 [ 262.603103][ T8030] ? __pfx____sys_sendmsg+0x10/0x10 [ 262.603206][ T8030] __sys_sendmsg+0x16d/0x220 [ 262.603252][ T8030] ? __pfx___sys_sendmsg+0x10/0x10 [ 262.603296][ T8030] ? __x64_sys_futex+0x1e0/0x4c0 [ 262.603361][ T8030] do_syscall_64+0xcd/0x490 [ 262.603412][ T8030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.603442][ T8030] RIP: 0033:0x7f8c18b8eb69 [ 262.603467][ T8030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.603495][ T8030] RSP: 002b:00007f8c1995c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.603523][ T8030] RAX: ffffffffffffffda RBX: 00007f8c18db5fa0 RCX: 00007f8c18b8eb69 [ 262.603542][ T8030] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000008 [ 262.603561][ T8030] RBP: 00007f8c18c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 262.603586][ T8030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.603603][ T8030] R13: 0000000000000000 R14: 00007f8c18db5fa0 R15: 00007ffcac3b26b8 [ 262.603644][ T8030] [ 262.603690][ T8030] workqueue: Failed to create a rescuer kthread for wq "nbd11811-recv": -ENOMEM [ 263.062035][ T8030] block (null): Could not allocate knbd recv work queue. [ 263.080057][ T8030] nbd: failed to add new device [ 263.821788][ T8040] FAULT_INJECTION: forcing a failure. [ 263.821788][ T8040] name failslab, interval 1, probability 0, space 0, times 0 [ 263.834752][ T8040] CPU: 1 UID: 0 PID: 8040 Comm: syz.3.353 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 263.834778][ T8040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 263.834789][ T8040] Call Trace: [ 263.834796][ T8040] [ 263.834803][ T8040] dump_stack_lvl+0x16c/0x1f0 [ 263.834836][ T8040] should_fail_ex+0x512/0x640 [ 263.834853][ T8040] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 263.834874][ T8040] should_failslab+0xc2/0x120 [ 263.834897][ T8040] __kmalloc_cache_noprof+0x6a/0x3e0 [ 263.834915][ T8040] ? pty_common_install+0x10e/0xb30 [ 263.834944][ T8040] pty_common_install+0x10e/0xb30 [ 263.834972][ T8040] ? __pfx_pty_install+0x10/0x10 [ 263.834996][ T8040] tty_init_dev.part.0+0x9c/0x500 [ 263.835016][ T8040] tty_open+0xa50/0xf90 [ 263.835037][ T8040] ? __pfx_tty_open+0x10/0x10 [ 263.835055][ T8040] ? chrdev_open+0x58c/0x6a0 [ 263.835079][ T8040] ? __pfx_tty_open+0x10/0x10 [ 263.835096][ T8040] chrdev_open+0x231/0x6a0 [ 263.835118][ T8040] ? __pfx_chrdev_open+0x10/0x10 [ 263.835140][ T8040] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 263.835163][ T8040] do_dentry_open+0x982/0x1530 [ 263.835184][ T8040] ? __pfx_chrdev_open+0x10/0x10 [ 263.835210][ T8040] vfs_open+0x82/0x3f0 [ 263.835237][ T8040] path_openat+0x1de4/0x2cb0 [ 263.835264][ T8040] ? __pfx_path_openat+0x10/0x10 [ 263.835290][ T8040] do_filp_open+0x20b/0x470 [ 263.835310][ T8040] ? __pfx_do_filp_open+0x10/0x10 [ 263.835345][ T8040] ? alloc_fd+0x471/0x7d0 [ 263.835369][ T8040] do_sys_openat2+0x11b/0x1d0 [ 263.835393][ T8040] ? __pfx_do_sys_openat2+0x10/0x10 [ 263.835427][ T8040] __x64_sys_openat+0x174/0x210 [ 263.835452][ T8040] ? __pfx___x64_sys_openat+0x10/0x10 [ 263.835479][ T8040] ? syscall_user_dispatch+0x78/0x140 [ 263.835511][ T8040] do_syscall_64+0xcd/0x490 [ 263.835538][ T8040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.835556][ T8040] RIP: 0033:0x7f8c18b8eb69 [ 263.835571][ T8040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.835588][ T8040] RSP: 002b:00007f8c1995c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 263.835614][ T8040] RAX: ffffffffffffffda RBX: 00007f8c18db5fa0 RCX: 00007f8c18b8eb69 [ 263.835625][ T8040] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 263.835635][ T8040] RBP: 00007f8c18c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 263.835645][ T8040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.835656][ T8040] R13: 0000000000000000 R14: 00007f8c18db5fa0 R15: 00007ffcac3b26b8 [ 263.835678][ T8040] [ 264.768466][ T8052] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 265.236010][ T8061] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 265.721992][ T8069] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 267.581229][ T8096] netlink: 12 bytes leftover after parsing attributes in process `syz.3.362'. [ 268.390660][ T8103] netlink: 12 bytes leftover after parsing attributes in process `syz.3.363'. [ 268.579197][ T8106] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 268.844792][ T8116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.365'. [ 269.559119][ T8127] i2c i2c-0: Failed to register i2c client card: at 0x01 (-16) [ 269.681514][ T8127] netlink: 'syz.0.367': attribute type 1 has an invalid length. [ 269.845717][ T8127] netlink: 33 bytes leftover after parsing attributes in process `syz.0.367'. [ 270.355433][ T8139] netlink: 12 bytes leftover after parsing attributes in process `syz.3.371'. [ 270.676409][ T8142] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 271.618808][ T8156] FAULT_INJECTION: forcing a failure. [ 271.618808][ T8156] name failslab, interval 1, probability 0, space 0, times 0 [ 271.665614][ T8157] netlink: 12 bytes leftover after parsing attributes in process `syz.1.373'. [ 271.684644][ T8156] CPU: 1 UID: 0 PID: 8156 Comm: syz.2.375 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 271.684687][ T8156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 271.684703][ T8156] Call Trace: [ 271.684714][ T8156] [ 271.684725][ T8156] dump_stack_lvl+0x16c/0x1f0 [ 271.684773][ T8156] should_fail_ex+0x512/0x640 [ 271.684802][ T8156] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 271.684839][ T8156] should_failslab+0xc2/0x120 [ 271.684877][ T8156] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 271.684908][ T8156] ? __alloc_skb+0x2b2/0x380 [ 271.684953][ T8156] __alloc_skb+0x2b2/0x380 [ 271.684992][ T8156] ? __pfx___alloc_skb+0x10/0x10 [ 271.685032][ T8156] ? tcp_chrono_stop+0x95/0x420 [ 271.685079][ T8156] tcp_stream_alloc_skb+0x34/0x570 [ 271.685115][ T8156] tcp_connect+0xe21/0x4e10 [ 271.685162][ T8156] ? __pfx_tcp_connect+0x10/0x10 [ 271.685197][ T8156] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 271.685239][ T8156] ? inet6_hash_connect+0xe2/0x180 [ 271.685271][ T8156] tcp_v6_connect+0x157c/0x2170 [ 271.685320][ T8156] ? __pfx_tcp_v6_connect+0x10/0x10 [ 271.685352][ T8156] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 271.685405][ T8156] ? __lock_acquire+0xb97/0x1ce0 [ 271.685449][ T8156] ? __inet_stream_connect+0x917/0xf60 [ 271.685480][ T8156] __inet_stream_connect+0x917/0xf60 [ 271.685523][ T8156] ? __pfx___inet_stream_connect+0x10/0x10 [ 271.685555][ T8156] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 271.685611][ T8156] ? __pfx_inet_stream_connect+0x10/0x10 [ 271.685647][ T8156] ? __local_bh_enable_ip+0xa4/0x120 [ 271.685687][ T8156] ? __pfx_inet_stream_connect+0x10/0x10 [ 271.685721][ T8156] inet_stream_connect+0x57/0xa0 [ 271.685755][ T8156] __sys_connect_file+0x13e/0x1a0 [ 271.685796][ T8156] __sys_connect+0x13b/0x160 [ 271.685833][ T8156] ? __pfx___sys_connect+0x10/0x10 [ 271.685879][ T8156] ? xfd_validate_state+0x61/0x180 [ 271.685912][ T8156] ? __sys_setsockopt+0x140/0x1a0 [ 271.685951][ T8156] __x64_sys_connect+0x72/0xb0 [ 271.685979][ T8156] ? lockdep_hardirqs_on+0x7c/0x110 [ 271.686012][ T8156] do_syscall_64+0xcd/0x490 [ 271.686049][ T8156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.686072][ T8156] RIP: 0033:0x7f2b6df8eb69 [ 271.686091][ T8156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.686113][ T8156] RSP: 002b:00007f2b6ee7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 271.686138][ T8156] RAX: ffffffffffffffda RBX: 00007f2b6e1b5fa0 RCX: 00007f2b6df8eb69 [ 271.686153][ T8156] RDX: 000000000000001b RSI: 00002000000018c0 RDI: 0000000000000003 [ 271.686166][ T8156] RBP: 00007f2b6e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 271.686179][ T8156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.686192][ T8156] R13: 0000000000000000 R14: 00007f2b6e1b5fa0 R15: 00007ffeaa9a3a28 [ 271.686223][ T8156] [ 273.404476][ T8180] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k [ 289.521185][ T8411] dump_stack_lvl+0x16c/0x1f0 [ 289.521233][ T8411] should_fail_ex+0x512/0x640 [ 289.521261][ T8411] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 289.521307][ T8411] should_failslab+0xc2/0x120 [ 289.521347][ T8411] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 289.521380][ T8411] ? __alloc_skb+0x2b2/0x380 [ 289.521426][ T8411] __alloc_skb+0x2b2/0x380 [ 289.521462][ T8411] ? __pfx___alloc_skb+0x10/0x10 [ 289.521506][ T8411] ? tcp_chrono_stop+0x95/0x420 [ 289.521553][ T8411] tcp_stream_alloc_skb+0x34/0x570 [ 289.521588][ T8411] tcp_connect+0xe21/0x4e10 [ 289.521646][ T8411] ? __pfx_tcp_connect+0x10/0x10 [ 289.521684][ T8411] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 289.521723][ T8411] ? inet6_hash_connect+0xe2/0x180 [ 289.521756][ T8411] tcp_v6_connect+0x157c/0x2170 [ 289.521804][ T8411] ? __pfx_tcp_v6_connect+0x10/0x10 [ 289.521837][ T8411] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 289.521890][ T8411] ? __lock_acquire+0xb97/0x1ce0 [ 289.521936][ T8411] ? __inet_stream_connect+0x917/0xf60 [ 289.521966][ T8411] __inet_stream_connect+0x917/0xf60 [ 289.522010][ T8411] ? __pfx___inet_stream_connect+0x10/0x10 [ 289.522044][ T8411] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 289.522091][ T8411] ? __pfx_inet_stream_connect+0x10/0x10 [ 289.522124][ T8411] ? __local_bh_enable_ip+0xa4/0x120 [ 289.522162][ T8411] ? __pfx_inet_stream_connect+0x10/0x10 [ 289.522195][ T8411] inet_stream_connect+0x57/0xa0 [ 289.522229][ T8411] __sys_connect_file+0x13e/0x1a0 [ 289.522272][ T8411] __sys_connect+0x13b/0x160 [ 289.522317][ T8411] ? __pfx___sys_connect+0x10/0x10 [ 289.522372][ T8411] ? xfd_validate_state+0x61/0x180 [ 289.522416][ T8411] ? __sys_setsockopt+0x140/0x1a0 [ 289.522464][ T8411] __x64_sys_connect+0x72/0xb0 [ 289.522500][ T8411] ? lockdep_hardirqs_on+0x7c/0x110 [ 289.522543][ T8411] do_syscall_64+0xcd/0x490 [ 289.522590][ T8411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.522619][ T8411] RIP: 0033:0x7fa58c58eb69 [ 289.522645][ T8411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.522674][ T8411] RSP: 002b:00007fa58d47c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 289.522702][ T8411] RAX: ffffffffffffffda RBX: 00007fa58c7b5fa0 RCX: 00007fa58c58eb69 [ 289.522720][ T8411] RDX: 000000000000001b RSI: 00002000000018c0 RDI: 0000000000000003 [ 289.522739][ T8411] RBP: 00007fa58c611df1 R08: 0000000000000000 R09: 0000000000000000 [ 289.522755][ T8411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 289.522771][ T8411] R13: 0000000000000000 R14: 00007fa58c7b5fa0 R15: 00007ffe2770c4e8 [ 289.522810][ T8411] [ 291.091527][ T8436] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k [ 295.205517][ T8492] dump_stack_lvl+0x16c/0x1f0 [ 295.205570][ T8492] should_fail_ex+0x512/0x640 [ 295.205601][ T8492] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 295.205642][ T8492] should_failslab+0xc2/0x120 [ 295.205667][ T8492] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 295.205689][ T8492] ? __alloc_skb+0x2b2/0x380 [ 295.205717][ T8492] __alloc_skb+0x2b2/0x380 [ 295.205741][ T8492] ? __pfx___alloc_skb+0x10/0x10 [ 295.205766][ T8492] ? tcp_chrono_stop+0x95/0x420 [ 295.205794][ T8492] tcp_stream_alloc_skb+0x34/0x570 [ 295.205816][ T8492] tcp_connect+0xe21/0x4e10 [ 295.205850][ T8492] ? __pfx_tcp_connect+0x10/0x10 [ 295.205872][ T8492] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 295.205898][ T8492] ? inet6_hash_connect+0xe2/0x180 [ 295.205919][ T8492] tcp_v6_connect+0x157c/0x2170 [ 295.205947][ T8492] ? __pfx_tcp_v6_connect+0x10/0x10 [ 295.205968][ T8492] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 295.205998][ T8492] ? __lock_acquire+0xb97/0x1ce0 [ 295.206025][ T8492] ? __inet_stream_connect+0x917/0xf60 [ 295.206044][ T8492] __inet_stream_connect+0x917/0xf60 [ 295.206070][ T8492] ? __pfx___inet_stream_connect+0x10/0x10 [ 295.206091][ T8492] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 295.206119][ T8492] ? __pfx_inet_stream_connect+0x10/0x10 [ 295.206140][ T8492] ? __local_bh_enable_ip+0xa4/0x120 [ 295.206162][ T8492] ? __pfx_inet_stream_connect+0x10/0x10 [ 295.206181][ T8492] inet_stream_connect+0x57/0xa0 [ 295.206202][ T8492] __sys_connect_file+0x13e/0x1a0 [ 295.206228][ T8492] __sys_connect+0x13b/0x160 [ 295.206250][ T8492] ? __pfx___sys_connect+0x10/0x10 [ 295.206287][ T8492] ? xfd_validate_state+0x61/0x180 [ 295.206312][ T8492] ? __sys_setsockopt+0x140/0x1a0 [ 295.206340][ T8492] __x64_sys_connect+0x72/0xb0 [ 295.206361][ T8492] ? lockdep_hardirqs_on+0x7c/0x110 [ 295.206391][ T8492] do_syscall_64+0xcd/0x490 [ 295.206419][ T8492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.206437][ T8492] RIP: 0033:0x7f00d798eb69 [ 295.206452][ T8492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.206469][ T8492] RSP: 002b:00007f00d88b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 295.206486][ T8492] RAX: ffffffffffffffda RBX: 00007f00d7bb5fa0 RCX: 00007f00d798eb69 [ 295.206498][ T8492] RDX: 000000000000001b RSI: 00002000000018c0 RDI: 0000000000000003 [ 295.206508][ T8492] RBP: 00007f00d7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 295.206518][ T8492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.206529][ T8492] R13: 0000000000000000 R14: 00007f00d7bb5fa0 R15: 00007ffc423b1538 [ 295.206551][ T8492] [ 296.737667][ T8494] FAULT_INJECTION: forcing a failure. [ 296.737667][ T8494] name failslab, interval 1, probability 0, space 0, times 0 [ 296.765819][ T8494] CPU: 0 UID: 0 PID: 8494 Comm: syz.1.441 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 296.765865][ T8494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 296.765876][ T8494] Call Trace: [ 296.765883][ T8494] [ 296.765890][ T8494] dump_stack_lvl+0x16c/0x1f0 [ 296.765923][ T8494] should_fail_ex+0x512/0x640 [ 296.765941][ T8494] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 296.765962][ T8494] should_failslab+0xc2/0x120 [ 296.765985][ T8494] __kmalloc_cache_noprof+0x6a/0x3e0 [ 296.766003][ T8494] ? pty_common_install+0x10e/0xb30 [ 296.766031][ T8494] pty_common_install+0x10e/0xb30 [ 296.766058][ T8494] ? __pfx_pty_install+0x10/0x10 [ 296.766082][ T8494] tty_init_dev.part.0+0x9c/0x500 [ 296.766103][ T8494] tty_open+0xa50/0xf90 [ 296.766126][ T8494] ? __pfx_tty_open+0x10/0x10 [ 296.766143][ T8494] ? chrdev_open+0x10b/0x6a0 [ 296.766168][ T8494] ? __pfx_tty_open+0x10/0x10 [ 296.766185][ T8494] chrdev_open+0x231/0x6a0 [ 296.766205][ T8494] ? __pfx_apparmor_file_open+0x10/0x10 [ 296.766225][ T8494] ? __pfx_chrdev_open+0x10/0x10 [ 296.766248][ T8494] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 296.766279][ T8494] do_dentry_open+0x982/0x1530 [ 296.766300][ T8494] ? __pfx_chrdev_open+0x10/0x10 [ 296.766326][ T8494] vfs_open+0x82/0x3f0 [ 296.766354][ T8494] path_openat+0x1de4/0x2cb0 [ 296.766382][ T8494] ? __pfx_path_openat+0x10/0x10 [ 296.766409][ T8494] do_filp_open+0x20b/0x470 [ 296.766429][ T8494] ? __pfx_do_filp_open+0x10/0x10 [ 296.766467][ T8494] ? alloc_fd+0x471/0x7d0 [ 296.766493][ T8494] do_sys_openat2+0x11b/0x1d0 [ 296.766518][ T8494] ? __pfx_do_sys_openat2+0x10/0x10 [ 296.766553][ T8494] __x64_sys_openat+0x174/0x210 [ 296.766578][ T8494] ? __pfx___x64_sys_openat+0x10/0x10 [ 296.766613][ T8494] do_syscall_64+0xcd/0x490 [ 296.766641][ T8494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.766659][ T8494] RIP: 0033:0x7fa58c58eb69 [ 296.766674][ T8494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.766691][ T8494] RSP: 002b:00007fa58d45b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 296.766709][ T8494] RAX: ffffffffffffffda RBX: 00007fa58c7b6080 RCX: 00007fa58c58eb69 [ 296.766720][ T8494] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 296.766731][ T8494] RBP: 00007fa58c611df1 R08: 0000000000000000 R09: 0000000000000000 [ 296.766741][ T8494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 296.766751][ T8494] R13: 0000000000000000 R14: 00007fa58c7b6080 R15: 00007ffe2770c4e8 [ 296.766773][ T8494] [ 297.391409][ T8517] netlink: 342 bytes leftover after parsing attributes in process `syz.3.446'. [ 299.239518][ T8538] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k/[k [ 316.646209][ T8807] dump_stack_lvl+0x16c/0x1f0 [ 316.646241][ T8807] should_fail_ex+0x512/0x640 [ 316.646259][ T8807] ? __kmalloc_noprof+0xbf/0x510 [ 316.646282][ T8807] ? lsm_blob_alloc+0x68/0x90 [ 316.646303][ T8807] should_failslab+0xc2/0x120 [ 316.646326][ T8807] __kmalloc_noprof+0xd2/0x510 [ 316.646345][ T8807] ? down_write_nested+0x151/0x210 [ 316.646375][ T8807] lsm_blob_alloc+0x68/0x90 [ 316.646400][ T8807] security_sb_alloc+0x28/0x230 [ 316.646427][ T8807] alloc_super+0x23d/0xbd0 [ 316.646444][ T8807] ? sget_fc+0xd3/0xc20 [ 316.646466][ T8807] sget_fc+0x116/0xc20 [ 316.646485][ T8807] ? __pfx_set_anon_super_fc+0x10/0x10 [ 316.646503][ T8807] ? __pfx_mqueue_fill_super+0x10/0x10 [ 316.646526][ T8807] get_tree_nodev+0x28/0x190 [ 316.646546][ T8807] mqueue_get_tree+0xf1/0x130 [ 316.646570][ T8807] vfs_get_tree+0x8e/0x340 [ 316.646596][ T8807] fc_mount_longterm+0x18/0x160 [ 316.646623][ T8807] mq_init_ns+0x426/0x620 [ 316.646641][ T8807] copy_ipcs+0x383/0x610 [ 316.646655][ T8807] ? copy_utsname+0xab/0x470 [ 316.646680][ T8807] create_new_namespaces+0x20a/0xa90 [ 316.646699][ T8807] ? security_capable+0x7e/0x260 [ 316.646727][ T8807] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 316.646760][ T8807] ksys_unshare+0x45b/0xa40 [ 316.646785][ T8807] ? __pfx_ksys_unshare+0x10/0x10 [ 316.646810][ T8807] ? xfd_validate_state+0x61/0x180 [ 316.646843][ T8807] __x64_sys_unshare+0x31/0x40 [ 316.646867][ T8807] do_syscall_64+0xcd/0x490 [ 316.646895][ T8807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.646915][ T8807] RIP: 0033:0x7fa58c58eb69 [ 316.646941][ T8807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.646958][ T8807] RSP: 002b:00007fa58d47c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 316.646976][ T8807] RAX: ffffffffffffffda RBX: 00007fa58c7b5fa0 RCX: 00007fa58c58eb69 [ 316.646993][ T8807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 316.647007][ T8807] RBP: 00007fa58c611df1 R08: 0000000000000000 R09: 0000000000000000 [ 316.647017][ T8807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.647027][ T8807] R13: 0000000000000000 R14: 00007fa58c7b5fa0 R15: 00007ffe2770c4e8 [ 316.647049][ T8807] [ 318.355378][ T8837] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 319.310061][ T8846] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k/[k/[k/[k/[k/[k/[k/[k/[k/[k/[k [ 398.170600][ T9886] dump_stack_lvl+0x16c/0x1f0 [ 398.170632][ T9886] should_fail_ex+0x512/0x640 [ 398.170650][ T9886] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 398.170673][ T9886] should_failslab+0xc2/0x120 [ 398.170695][ T9886] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 398.170715][ T9886] ? vma_merge_new_range+0x3ae/0xa50 [ 398.170734][ T9886] ? vm_area_alloc+0x1f/0x160 [ 398.170755][ T9886] vm_area_alloc+0x1f/0x160 [ 398.170772][ T9886] __mmap_region+0xf90/0x27b0 [ 398.170792][ T9886] ? finish_task_switch.isra.0+0x21c/0xc10 [ 398.170811][ T9886] ? __pfx___mmap_region+0x10/0x10 [ 398.170831][ T9886] ? rcu_is_watching+0x12/0xc0 [ 398.170853][ T9886] ? rcu_is_watching+0x12/0xc0 [ 398.170869][ T9886] ? trace_sched_exit_tp+0xd1/0x120 [ 398.170895][ T9886] ? __schedule+0x11a3/0x5de0 [ 398.170919][ T9886] ? __lock_acquire+0x62e/0x1ce0 [ 398.170953][ T9886] ? __pfx___schedule+0x10/0x10 [ 398.170999][ T9886] ? trace_cap_capable+0x18d/0x200 [ 398.171032][ T9886] mmap_region+0x1ab/0x3f0 [ 398.171052][ T9886] ? __get_unmapped_area+0x267/0x440 [ 398.171078][ T9886] do_mmap+0xa3e/0x1210 [ 398.171106][ T9886] ? __pfx_do_mmap+0x10/0x10 [ 398.171129][ T9886] ? __pfx_down_write_killable+0x10/0x10 [ 398.171151][ T9886] vm_mmap_pgoff+0x29e/0x470 [ 398.171187][ T9886] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 398.171216][ T9886] ? __x64_sys_futex+0x1e0/0x4c0 [ 398.171236][ T9886] ? __x64_sys_futex+0x1e9/0x4c0 [ 398.171260][ T9886] ksys_mmap_pgoff+0x7d/0x5c0 [ 398.171282][ T9886] ? xfd_validate_state+0x61/0x180 [ 398.171307][ T9886] ? __pfx_ksys_write+0x10/0x10 [ 398.171331][ T9886] __x64_sys_mmap+0x125/0x190 [ 398.171359][ T9886] do_syscall_64+0xcd/0x490 [ 398.171387][ T9886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.171405][ T9886] RIP: 0033:0x7f8c18b8eb69 [ 398.171420][ T9886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.171436][ T9886] RSP: 002b:00007f8c1993b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 398.171453][ T9886] RAX: ffffffffffffffda RBX: 00007f8c18db6080 RCX: 00007f8c18b8eb69 [ 398.171465][ T9886] RDX: 0000001000000004 RSI: 0000000000000008 RDI: 0000000000000000 [ 398.171475][ T9886] RBP: 00007f8c18c11df1 R08: 0000000000000002 R09: 0000000000008000 [ 398.171485][ T9886] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 398.171495][ T9886] R13: 0000000000000000 R14: 00007f8c18db6080 R15: 00007ffcac3b26b8 [ 398.171517][ T9886] [ 398.761537][ T9886] zswap: compressor not available [ 399.719325][ T9908] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k [ 403.973733][ T9972] dump_stack_lvl+0x16c/0x1f0 [ 403.973784][ T9972] validate_ec_hdr+0x28c/0x330 [ 403.973846][ T9972] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 403.973900][ T9972] ubi_attach+0x5e7/0x4bd0 [ 403.973953][ T9972] ? __pfx_ubi_msg+0x10/0x10 [ 403.973994][ T9972] ? __pfx_ubi_attach+0x10/0x10 [ 403.974032][ T9972] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 403.974069][ T9972] ? __vmalloc_node_noprof+0xad/0xf0 [ 403.974118][ T9972] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 403.974162][ T9972] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 403.974221][ T9972] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 403.974258][ T9972] ? __pfx_get_mtd_device+0x10/0x10 [ 403.974318][ T9972] ctrl_cdev_ioctl+0x337/0x3d0 [ 403.974357][ T9972] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 403.974408][ T9972] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 403.974449][ T9972] __x64_sys_ioctl+0x18b/0x210 [ 403.974500][ T9972] do_syscall_64+0xcd/0x490 [ 403.974551][ T9972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.974584][ T9972] RIP: 0033:0x7f2b6df8eb69 [ 403.974608][ T9972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.974638][ T9972] RSP: 002b:00007f2b6ee39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 403.974667][ T9972] RAX: ffffffffffffffda RBX: 00007f2b6e1b6160 RCX: 00007f2b6df8eb69 [ 403.974687][ T9972] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 000000000000000c [ 403.974706][ T9972] RBP: 00007f2b6e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 403.974724][ T9972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.974743][ T9972] R13: 0000000000000000 R14: 00007f2b6e1b6160 R15: 00007ffeaa9a3a28 [ 403.974783][ T9972] [ 403.974836][ T9972] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 404.363439][ T9972] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 405.399203][ T30] audit: type=1800 audit(1754218911.590:16): pid=9997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.727" name="features" dev="configfs" ino=25211 res=0 errno=0 [ 406.678314][T10013] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 406.699265][T10013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.730'. [ 408.126613][T10039] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 408.354588][T10046] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 409.383222][T10051] netlink: 12 bytes leftover after parsing attributes in process `syz.3.739'. [ 410.464873][T10070] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 410.520950][T10073] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 412.249182][T10097] netlink: 12 bytes leftover after parsing attributes in process `syz.2.746'. [ 413.453225][T10114] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 413.802055][T10126] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 414.687016][T10136] misc userio: No port type given on /dev/userio [ 415.547424][T10141] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 415.581702][T10138] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 416.714155][T10162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.757'. [ 417.035910][T10146] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 417.083050][T10160] Process accounting resumed [ 417.269187][T10171] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k [ 455.295834][T10660] dump_stack_lvl+0x16c/0x1f0 [ 455.295888][T10660] should_fail_ex+0x512/0x640 [ 455.295917][T10660] ? fs_reclaim_acquire+0xae/0x150 [ 455.295968][T10660] should_failslab+0xc2/0x120 [ 455.296008][T10660] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 455.296047][T10660] ? add_lock_to_list+0x9d/0x130 [ 455.296080][T10660] ? kstrdup_const+0x63/0x80 [ 455.296124][T10660] kstrdup+0x53/0x100 [ 455.296163][T10660] kstrdup_const+0x63/0x80 [ 455.296197][T10660] kvasprintf_const+0x10f/0x1a0 [ 455.296240][T10660] kobject_set_name_vargs+0x5a/0x140 [ 455.296273][T10660] dev_set_name+0xc7/0x100 [ 455.296314][T10660] ? __pfx_dev_set_name+0x10/0x10 [ 455.296370][T10660] ? __pfx___might_resched+0x10/0x10 [ 455.296402][T10660] ? is_dynamic_key+0xb4/0x160 [ 455.296454][T10660] __add_disk+0x34e/0xf00 [ 455.296489][T10660] add_disk_fwnode+0x13f/0x5d0 [ 455.296521][T10660] nbd_dev_add+0x783/0xbb0 [ 455.296548][T10660] ? find_held_lock+0x2b/0x80 [ 455.296575][T10660] ? __pfx_nbd_dev_add+0x10/0x10 [ 455.296599][T10660] ? nbd_genl_connect+0x98e/0x1c60 [ 455.296653][T10660] ? bpf_lsm_capable+0x9/0x10 [ 455.296682][T10660] ? __radix_tree_lookup+0x21f/0x2c0 [ 455.296732][T10660] nbd_genl_connect+0x8b0/0x1c60 [ 455.296776][T10660] ? __pfx_nbd_genl_connect+0x10/0x10 [ 455.296811][T10660] ? __nla_parse+0x40/0x60 [ 455.296855][T10660] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 455.296893][T10660] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 455.296938][T10660] genl_family_rcv_msg_doit+0x209/0x2f0 [ 455.296976][T10660] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 455.297011][T10660] ? genl_get_cmd+0x194/0x580 [ 455.297056][T10660] ? __radix_tree_lookup+0x21f/0x2c0 [ 455.297107][T10660] genl_rcv_msg+0x55c/0x800 [ 455.297146][T10660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 455.297180][T10660] ? __pfx_nbd_genl_connect+0x10/0x10 [ 455.297231][T10660] netlink_rcv_skb+0x158/0x420 [ 455.297281][T10660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 455.297317][T10660] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 455.297396][T10660] ? netlink_deliver_tap+0x1ae/0xd30 [ 455.297450][T10660] genl_rcv+0x28/0x40 [ 455.297478][T10660] netlink_unicast+0x5a7/0x870 [ 455.297534][T10660] ? __pfx_netlink_unicast+0x10/0x10 [ 455.297582][T10660] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 455.297627][T10660] ? __lock_acquire+0xb97/0x1ce0 [ 455.297680][T10660] netlink_sendmsg+0x8d1/0xdd0 [ 455.297737][T10660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 455.297803][T10660] ____sys_sendmsg+0xa95/0xc70 [ 455.297841][T10660] ? copy_msghdr_from_user+0x10a/0x160 [ 455.297887][T10660] ? __pfx_____sys_sendmsg+0x10/0x10 [ 455.297933][T10660] ? __pfx_futex_wake_mark+0x10/0x10 [ 455.297986][T10660] ___sys_sendmsg+0x134/0x1d0 [ 455.298037][T10660] ? __pfx____sys_sendmsg+0x10/0x10 [ 455.298140][T10660] __sys_sendmsg+0x16d/0x220 [ 455.298188][T10660] ? __pfx___sys_sendmsg+0x10/0x10 [ 455.298235][T10660] ? __x64_sys_futex+0x1e0/0x4c0 [ 455.298302][T10660] do_syscall_64+0xcd/0x490 [ 455.298364][T10660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.298395][T10660] RIP: 0033:0x7f00d798eb69 [ 455.298422][T10660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.298453][T10660] RSP: 002b:00007f00d88b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 455.298483][T10660] RAX: ffffffffffffffda RBX: 00007f00d7bb5fa0 RCX: 00007f00d798eb69 [ 455.298503][T10660] RDX: 0000000000008880 RSI: 0000200000001e00 RDI: 0000000000000008 [ 455.298522][T10660] RBP: 00007f00d7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 455.298540][T10660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 455.298559][T10660] R13: 0000000000000000 R14: 00007f00d7bb5fa0 R15: 00007ffc423b1538 [ 455.298601][T10660] [ 455.752792][T10660] nbd: failed to add new device [ 456.967615][T10686] netlink: 12 bytes leftover after parsing attributes in process `syz.0.855'. [ 459.871167][T10717] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 461.493603][T10736] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 462.445493][T10743] Process accounting paused [ 462.758613][T10756] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 462.901336][T10761] netlink: 12 bytes leftover after parsing attributes in process `syz.1.865'. [ 466.437541][ T30] audit: type=1800 audit(1754218972.630:19): pid=10769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.867" name="dbroot" dev="configfs" ino=27921 res=0 errno=0 [ 466.778926][T10813] netlink: 12 bytes leftover after parsing attributes in process `syz.3.877'. [ 469.016815][T10836] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 470.555841][T10861] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 470.869909][T10867] futex_wake_op: syz.2.884 tries to shift op by -9; fix this program [ 471.665365][T10873] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k [ 473.682008][T10902] dump_stack_lvl+0x16c/0x1f0 [ 473.682060][T10902] should_fail_ex+0x512/0x640 [ 473.682113][T10902] should_fail_alloc_page+0xe7/0x130 [ 473.682157][T10902] prepare_alloc_pages+0x3c2/0x610 [ 473.682203][T10902] ? rcu_is_watching+0x12/0xc0 [ 473.682237][T10902] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 473.682273][T10902] ? rcu_is_watching+0x12/0xc0 [ 473.682303][T10902] ? trace_sched_exit_tp+0xd1/0x120 [ 473.682348][T10902] ? __schedule+0x11a3/0x5de0 [ 473.682386][T10902] ? lock_acquire+0x179/0x350 [ 473.682437][T10902] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 473.682491][T10902] ? __lock_acquire+0x62e/0x1ce0 [ 473.682535][T10902] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 473.682584][T10902] ? policy_nodemask+0xea/0x4e0 [ 473.682628][T10902] alloc_pages_mpol+0x1fb/0x550 [ 473.682670][T10902] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 473.682713][T10902] ? __lock_acquire+0x62e/0x1ce0 [ 473.682755][T10902] folio_alloc_mpol_noprof+0x36/0x2f0 [ 473.682804][T10902] vma_alloc_folio_noprof+0xed/0x1e0 [ 473.682848][T10902] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 473.682908][T10902] do_pte_missing+0x2230/0x3ba0 [ 473.682940][T10902] ? find_held_lock+0x2b/0x80 [ 473.682980][T10902] __handle_mm_fault+0x152a/0x2a50 [ 473.683025][T10902] ? __pfx___handle_mm_fault+0x10/0x10 [ 473.683060][T10902] ? __pte_offset_map_lock+0x174/0x310 [ 473.683112][T10902] ? find_held_lock+0x2b/0x80 [ 473.683154][T10902] ? follow_page_pte.constprop.0+0x5cf/0x1390 [ 473.683219][T10902] handle_mm_fault+0x589/0xd10 [ 473.683258][T10902] __get_user_pages+0x551/0x34a0 [ 473.683321][T10902] ? __pfx___get_user_pages+0x10/0x10 [ 473.683374][T10902] populate_vma_page_range+0x267/0x3f0 [ 473.683423][T10902] ? __pfx_populate_vma_page_range+0x10/0x10 [ 473.683469][T10902] ? __pfx_find_vma_intersection+0x10/0x10 [ 473.683513][T10902] ? do_mmap+0x69c/0x1210 [ 473.683561][T10902] __mm_populate+0x1d8/0x380 [ 473.683609][T10902] ? __pfx___mm_populate+0x10/0x10 [ 473.683657][T10902] ? up_write+0x1b2/0x520 [ 473.683704][T10902] vm_mmap_pgoff+0x37f/0x470 [ 473.683750][T10902] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 473.683789][T10902] ? fput+0x9b/0xd0 [ 473.683836][T10902] ? __x64_sys_futex+0x1e0/0x4c0 [ 473.683872][T10902] ? __x64_sys_futex+0x1e9/0x4c0 [ 473.683915][T10902] ksys_mmap_pgoff+0x7d/0x5c0 [ 473.683963][T10902] ? xfd_validate_state+0x61/0x180 [ 473.684015][T10902] __x64_sys_mmap+0x125/0x190 [ 473.684067][T10902] do_syscall_64+0xcd/0x490 [ 473.684123][T10902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.684152][T10902] RIP: 0033:0x7fa58c58eb69 [ 473.684176][T10902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.684204][T10902] RSP: 002b:00007fa58d45b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 473.684232][T10902] RAX: ffffffffffffffda RBX: 00007fa58c7b6080 RCX: 00007fa58c58eb69 [ 473.684251][T10902] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 473.684269][T10902] RBP: 00007fa58c611df1 R08: 0000000000000007 R09: 0000000000028000 [ 473.684288][T10902] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 473.684306][T10902] R13: 0000000000000000 R14: 00007fa58c7b6080 R15: 00007ffe2770c4e8 [ 473.684345][T10902] [ 477.519121][T10954] netlink: 12 bytes leftover after parsing attributes in process `syz.2.907'. [ 477.695774][T10934] Process accounting resumed [ 478.062505][T10951] FAULT_INJECTION: forcing a failure. [ 478.062505][T10951] name failslab, interval 1, probability 0, space 0, times 0 [ 478.116147][T10951] CPU: 0 UID: 0 PID: 10951 Comm: syz.0.900 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 478.116194][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.116212][T10951] Call Trace: [ 478.116223][T10951] [ 478.116234][T10951] dump_stack_lvl+0x16c/0x1f0 [ 478.116285][T10951] should_fail_ex+0x512/0x640 [ 478.116315][T10951] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 478.116360][T10951] should_failslab+0xc2/0x120 [ 478.116401][T10951] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 478.116441][T10951] ? trace_kmem_cache_alloc+0x28/0xc0 [ 478.116484][T10951] ? key_alloc+0xc4d/0x1330 [ 478.116524][T10951] kmemdup_noprof+0x29/0x60 [ 478.116562][T10951] key_alloc+0xc4d/0x1330 [ 478.116608][T10951] ? __pfx_key_alloc+0x10/0x10 [ 478.116639][T10951] ? __asan_memcpy+0x3c/0x60 [ 478.116680][T10951] keyring_alloc+0x44/0xc0 [ 478.116722][T10951] keyctl_get_persistent+0x750/0x8c0 [ 478.116765][T10951] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 478.116807][T10951] ? __x64_sys_futex+0x1e0/0x4c0 [ 478.116845][T10951] ? __x64_sys_futex+0x1e9/0x4c0 [ 478.116890][T10951] ? xfd_validate_state+0x61/0x180 [ 478.116944][T10951] __do_sys_keyctl+0x1a9/0x590 [ 478.116995][T10951] do_syscall_64+0xcd/0x490 [ 478.117055][T10951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.117087][T10951] RIP: 0033:0x7f00d798eb69 [ 478.117114][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.117145][T10951] RSP: 002b:00007f00d8872038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 478.117175][T10951] RAX: ffffffffffffffda RBX: 00007f00d7bb6160 RCX: 00007f00d798eb69 [ 478.117195][T10951] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 478.117215][T10951] RBP: 00007f00d7a11df1 R08: 0000000000000001 R09: 0000000000000000 [ 478.117234][T10951] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 478.117253][T10951] R13: 0000000000000000 R14: 00007f00d7bb6160 R15: 00007ffc423b1538 [ 478.117294][T10951] [ 478.328338][ C0] vkms_vblank_simulate: vblank timer overrun [ 479.802893][T10966] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 480.758306][T10984] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 485.239831][T11056] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 485.398429][T11058] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 486.414867][T11083] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 486.666514][T11084] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 488.566184][T11112] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 489.801687][T11126] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 490.010106][T11133] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 491.909562][T11161] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34 [ 492.747253][T11162] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 493.879588][T11202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.949'. [ 494.116296][T11208] Process accounting resumed [ 496.011223][T11242] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 497.225358][T11267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.959'. [ 497.599544][T11266] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 498.328212][T11282] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 498.607749][T11290] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 498.803943][T11299] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k [ 516.665626][T11589] dump_stack_lvl+0x16c/0x1f0 [ 516.665678][T11589] validate_ec_hdr+0x28c/0x330 [ 516.665722][T11589] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 516.665762][T11589] ubi_attach+0x5e7/0x4bd0 [ 516.665802][T11589] ? __pfx_ubi_msg+0x10/0x10 [ 516.665831][T11589] ? __pfx_ubi_attach+0x10/0x10 [ 516.665866][T11589] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 516.665894][T11589] ? __vmalloc_node_noprof+0xad/0xf0 [ 516.665930][T11589] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 516.665962][T11589] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 516.666006][T11589] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 516.666034][T11589] ? __pfx_get_mtd_device+0x10/0x10 [ 516.666079][T11589] ctrl_cdev_ioctl+0x337/0x3d0 [ 516.666108][T11589] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 516.666155][T11589] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 516.666186][T11589] __x64_sys_ioctl+0x18b/0x210 [ 516.666225][T11589] do_syscall_64+0xcd/0x490 [ 516.666263][T11589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.666295][T11589] RIP: 0033:0x7f8c18b8eb69 [ 516.666313][T11589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.666335][T11589] RSP: 002b:00007f8c1991a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 516.666358][T11589] RAX: ffffffffffffffda RBX: 00007f8c18db6160 RCX: 00007f8c18b8eb69 [ 516.666373][T11589] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 000000000000000b [ 516.666387][T11589] RBP: 00007f8c18c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 516.666400][T11589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 516.666414][T11589] R13: 0000000000000000 R14: 00007f8c18db6160 R15: 00007ffcac3b26b8 [ 516.666445][T11589] [ 516.666471][T11589] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 517.036443][T11589] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 517.965811][T11601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1035'. [ 518.083846][T11605] ptp ptp0: delete virtual clock ptp3 [ 518.128640][T11605] ptp ptp0: delete virtual clock ptp2 [ 518.162062][T11605] ptp ptp0: delete virtual clock ptp1 [ 518.192226][T11605] ptp ptp0: only physical clock in use now [ 519.012246][T11621] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 520.315761][T11632] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 520.866478][T11645] misc userio: No port type given on /dev/userio [ 521.070443][T11650] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 521.171768][T11644] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1046'. [ 522.079841][T11671] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 522.190961][T11652] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 524.406800][T11707] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 526.175336][T11712] Process accounting paused [ 527.804599][T11764] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 527.842004][T11763] misc userio: No port type given on /dev/userio [ 528.077935][T11768] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 528.237662][T11774] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(3.4.0), cmd(1) [ 528.327368][T11773] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1068'. [ 528.655123][T11772] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input39 [ 530.027030][T11787] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 530.139738][T11786] udc dummy_udc.0: soft-connect without a gadget driver [ 530.627116][T11793] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 531.107338][T11809] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 531.149661][T11776] kexec: Could not allocate control_code_buffer [ 531.808871][T11823] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 533.059351][T11846] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 535.970669][T11901] random: crng reseeded on system resumption [ 536.378871][T11911] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 537.153758][T11932] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 537.543727][T11880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.693204][T11880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 538.511952][T11939] Process accounting resumed [ 538.913175][T11960] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 539.377815][T11971] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 539.612491][T11973] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 539.929619][T11970] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43 [ 543.067767][T12041] netlink: 'syz.3.1124': attribute type 1 has an invalid length. syzkaller syzkaller login: [ 545.717136][T12084] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 546.553543][T12080] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 546.567589][T12080] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 546.585435][T12080] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 546.608402][T12080] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 546.867099][T12104] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 546.991307][T12111] ima: policy update failed [ 547.076919][ T30] audit: type=1802 audit(1754219053.279:20): pid=12111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1135" res=0 errno=0 [ 547.543442][T12123] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1140'. [ 548.571261][ T7596] Bluetooth: hci1: command 0x0c1a tx timeout [ 548.579993][ T7606] Bluetooth: hci0: command 0x0c1a tx timeout [ 548.651385][T12152] Bluetooth: hci2: command 0x0c1a tx timeout [ 548.658058][ T7596] Bluetooth: hci3: command 0x0c1a tx timeout [ 553.773912][T12225] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 555.406375][T12248] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 555.946737][T12274] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 556.449765][T12272] Process accounting resumed [ 556.594962][T12279] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1169'. [ 557.011870][T12294] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 558.365591][T12326] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k [ 583.925934][T12768] dump_stack_lvl+0x16c/0x1f0 [ 583.925986][T12768] should_fail_ex+0x512/0x640 [ 583.926016][T12768] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 583.926056][T12768] should_failslab+0xc2/0x120 [ 583.926088][T12768] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 583.926126][T12768] ? sk_prot_alloc+0x60/0x2a0 [ 583.926164][T12768] sk_prot_alloc+0x60/0x2a0 [ 583.926209][T12768] sk_alloc+0x36/0xc20 [ 583.926262][T12768] inet_create+0x3a1/0x1040 [ 583.926302][T12768] ? inet_create+0x93/0x1040 [ 583.926346][T12768] __sock_create+0x338/0x8d0 [ 583.926392][T12768] mptcp_subflow_create_socket+0xf5/0xed0 [ 583.926437][T12768] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 583.926490][T12768] __mptcp_nmpc_sk+0x182/0x7d0 [ 583.926528][T12768] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 583.926569][T12768] ? __local_bh_enable_ip+0xa4/0x120 [ 583.926612][T12768] mptcp_getsockopt+0xcf8/0xe20 [ 583.926646][T12768] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 583.926678][T12768] ? find_held_lock+0x2b/0x80 [ 583.926705][T12768] ? __might_fault+0xe3/0x190 [ 583.926737][T12768] ? __might_fault+0xe3/0x190 [ 583.926768][T12768] ? __might_fault+0x13b/0x190 [ 583.926825][T12768] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 583.926857][T12768] do_sock_getsockopt+0x34a/0x440 [ 583.926894][T12768] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 583.926923][T12768] ? __fget_files+0x204/0x3c0 [ 583.926982][T12768] __sys_getsockopt+0x123/0x1b0 [ 583.927039][T12768] __x64_sys_getsockopt+0xbd/0x160 [ 583.927081][T12768] ? do_syscall_64+0x91/0x490 [ 583.927126][T12768] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.927178][T12768] do_syscall_64+0xcd/0x490 [ 583.927227][T12768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.927257][T12768] RIP: 0033:0x7f2b6df8eb69 [ 583.927283][T12768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.927312][T12768] RSP: 002b:00007f2b6ee7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 583.927341][T12768] RAX: ffffffffffffffda RBX: 00007f2b6e1b5fa0 RCX: 00007f2b6df8eb69 [ 583.927361][T12768] RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000006 [ 583.927379][T12768] RBP: 00007f2b6e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 583.927397][T12768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 583.927415][T12768] R13: 0000000000000000 R14: 00007f2b6e1b5fa0 R15: 00007ffeaa9a3a28 [ 583.927458][T12768] [ 584.281347][T12773] FAULT_INJECTION: forcing a failure. [ 584.281347][T12773] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 584.296524][T12773] CPU: 1 UID: 0 PID: 12773 Comm: syz.2.1265 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 584.296569][T12773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 584.296588][T12773] Call Trace: [ 584.296597][T12773] [ 584.296608][T12773] dump_stack_lvl+0x16c/0x1f0 [ 584.296662][T12773] should_fail_ex+0x512/0x640 [ 584.296701][T12773] should_fail_alloc_page+0xe7/0x130 [ 584.296744][T12773] prepare_alloc_pages+0x3c2/0x610 [ 584.296797][T12773] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 584.296838][T12773] ? stack_depot_save_flags+0x3e0/0xa40 [ 584.296880][T12773] ? kasan_save_stack+0x42/0x60 [ 584.296912][T12773] ? kasan_save_stack+0x33/0x60 [ 584.296943][T12773] ? kasan_save_track+0x14/0x30 [ 584.296973][T12773] ? __kasan_kmalloc+0xaa/0xb0 [ 584.297007][T12773] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 584.297041][T12773] ? subsystem_filter_write+0x95/0x120 [ 584.297078][T12773] ? ksys_write+0x12a/0x250 [ 584.297112][T12773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.297167][T12773] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 584.297222][T12773] ? policy_nodemask+0xea/0x4e0 [ 584.297266][T12773] alloc_pages_mpol+0x1fb/0x550 [ 584.297308][T12773] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 584.297361][T12773] ___kmalloc_large_node+0xed/0x160 [ 584.297412][T12773] __kmalloc_large_noprof+0x1c/0x70 [ 584.297460][T12773] append_filter_err+0x8f/0x5e0 [ 584.297502][T12773] apply_subsystem_event_filter+0x75a/0x17e0 [ 584.297554][T12773] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 584.297604][T12773] ? _copy_from_user+0x59/0xd0 [ 584.297646][T12773] subsystem_filter_write+0x95/0x120 [ 584.297686][T12773] ? __pfx_subsystem_filter_write+0x10/0x10 [ 584.297722][T12773] vfs_write+0x29d/0x1150 [ 584.297764][T12773] ? __pfx___mutex_lock+0x10/0x10 [ 584.297810][T12773] ? __pfx_vfs_write+0x10/0x10 [ 584.297857][T12773] ? __fget_files+0x20e/0x3c0 [ 584.297903][T12773] ksys_write+0x12a/0x250 [ 584.297936][T12773] ? __pfx_ksys_write+0x10/0x10 [ 584.297984][T12773] do_syscall_64+0xcd/0x490 [ 584.298033][T12773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.298063][T12773] RIP: 0033:0x7f2b6df8eb69 [ 584.298087][T12773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.298117][T12773] RSP: 002b:00007f2b6ee5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 584.298146][T12773] RAX: ffffffffffffffda RBX: 00007f2b6e1b6080 RCX: 00007f2b6df8eb69 [ 584.298166][T12773] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000009 [ 584.298183][T12773] RBP: 00007f2b6e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 584.298209][T12773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.298227][T12773] R13: 0000000000000000 R14: 00007f2b6e1b6080 R15: 00007ffeaa9a3a28 [ 584.298268][T12773] [ 585.552803][T12816] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 585.806340][T12818] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 586.895032][T12808] Process accounting paused [ 587.743930][T12855] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 588.571298][T12869] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 588.962918][T12882] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 589.479351][T12896] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 590.275799][T12911] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 590.518495][T12920] random: crng reseeded on system resumption [ 591.014953][T12894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 591.031438][T12894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 592.054020][T12944] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 594.392680][T12988] random: crng reseeded on system resumption [ 594.451425][T12988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.465712][T12988] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.116445][T12950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.136561][T12950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 596.445747][T13015] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 599.830381][T13062] Process accounting resumed [ 600.645335][T13100] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 600.999285][T13107] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 603.534831][T13158] random: crng reseeded on system resumption [ 603.849094][T13161] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 604.006511][T13163] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 604.048196][T13148] FAULT_INJECTION: forcing a failure. [ 604.048196][T13148] name failslab, interval 1, probability 0, space 0, times 0 [ 604.150202][T13148] CPU: 0 UID: 0 PID: 13148 Comm: syz.1.1340 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 604.150238][T13148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 604.150249][T13148] Call Trace: [ 604.150255][T13148] [ 604.150263][T13148] dump_stack_lvl+0x16c/0x1f0 [ 604.150296][T13148] should_fail_ex+0x512/0x640 [ 604.150316][T13148] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 604.150341][T13148] should_failslab+0xc2/0x120 [ 604.150364][T13148] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 604.150385][T13148] ? sk_prot_alloc+0x60/0x2a0 [ 604.150407][T13148] sk_prot_alloc+0x60/0x2a0 [ 604.150428][T13148] sk_alloc+0x36/0xc20 [ 604.150454][T13148] inet_create+0x3a1/0x1040 [ 604.150476][T13148] ? inet_create+0x93/0x1040 [ 604.150500][T13148] __sock_create+0x338/0x8d0 [ 604.150524][T13148] mptcp_subflow_create_socket+0xf5/0xed0 [ 604.150547][T13148] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 604.150574][T13148] __mptcp_nmpc_sk+0x182/0x7d0 [ 604.150595][T13148] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 604.150618][T13148] ? __local_bh_enable_ip+0xa4/0x120 [ 604.150642][T13148] mptcp_getsockopt+0xcf8/0xe20 [ 604.150660][T13148] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 604.150678][T13148] ? find_held_lock+0x2b/0x80 [ 604.150703][T13148] ? __might_fault+0xe3/0x190 [ 604.150721][T13148] ? __might_fault+0xe3/0x190 [ 604.150739][T13148] ? __might_fault+0x13b/0x190 [ 604.150765][T13148] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 604.150784][T13148] do_sock_getsockopt+0x34a/0x440 [ 604.150804][T13148] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 604.150823][T13148] ? __fget_files+0x204/0x3c0 [ 604.150852][T13148] __sys_getsockopt+0x123/0x1b0 [ 604.150883][T13148] __x64_sys_getsockopt+0xbd/0x160 [ 604.150907][T13148] ? do_syscall_64+0x91/0x490 [ 604.150934][T13148] ? lockdep_hardirqs_on+0x7c/0x110 [ 604.150960][T13148] do_syscall_64+0xcd/0x490 [ 604.150987][T13148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.151006][T13148] RIP: 0033:0x7fa58c58eb69 [ 604.151021][T13148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.151038][T13148] RSP: 002b:00007fa58d47c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 604.151056][T13148] RAX: ffffffffffffffda RBX: 00007fa58c7b5fa0 RCX: 00007fa58c58eb69 [ 604.151067][T13148] RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000006 [ 604.151077][T13148] RBP: 00007fa58c611df1 R08: 0000000000000000 R09: 0000000000000000 [ 604.151087][T13148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.151105][T13148] R13: 0000000000000000 R14: 00007fa58c7b5fa0 R15: 00007ffe2770c4e8 [ 604.151127][T13148] [ 604.456924][T13139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 604.467451][T13139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 604.737918][T13156] FAULT_INJECTION: forcing a failure. [ 604.737918][T13156] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 604.764418][T13156] CPU: 1 UID: 0 PID: 13156 Comm: syz.1.1340 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 604.764464][T13156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 604.764483][T13156] Call Trace: [ 604.764493][T13156] [ 604.764506][T13156] dump_stack_lvl+0x16c/0x1f0 [ 604.764556][T13156] should_fail_ex+0x512/0x640 [ 604.764595][T13156] should_fail_alloc_page+0xe7/0x130 [ 604.764638][T13156] prepare_alloc_pages+0x3c2/0x610 [ 604.764690][T13156] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 604.764743][T13156] ? __pfx_stack_trace_save+0x10/0x10 [ 604.764777][T13156] ? stack_depot_save_flags+0x28/0xa40 [ 604.764818][T13156] ? kasan_save_stack+0x42/0x60 [ 604.764852][T13156] ? kasan_save_stack+0x33/0x60 [ 604.764883][T13156] ? kasan_save_track+0x14/0x30 [ 604.764915][T13156] ? __kasan_kmalloc+0xaa/0xb0 [ 604.764948][T13156] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 604.764981][T13156] ? subsystem_filter_write+0x95/0x120 [ 604.765019][T13156] ? ksys_write+0x12a/0x250 [ 604.765052][T13156] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.765108][T13156] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.765156][T13156] ? policy_nodemask+0xea/0x4e0 [ 604.765199][T13156] alloc_pages_mpol+0x1fb/0x550 [ 604.765242][T13156] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 604.765293][T13156] ___kmalloc_large_node+0xed/0x160 [ 604.765345][T13156] __kmalloc_large_noprof+0x1c/0x70 [ 604.765391][T13156] append_filter_err+0x8f/0x5e0 [ 604.765430][T13156] apply_subsystem_event_filter+0x75a/0x17e0 [ 604.765478][T13156] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 604.765523][T13156] ? _copy_from_user+0x59/0xd0 [ 604.765562][T13156] subsystem_filter_write+0x95/0x120 [ 604.765598][T13156] ? __pfx_subsystem_filter_write+0x10/0x10 [ 604.765633][T13156] vfs_write+0x29d/0x1150 [ 604.765674][T13156] ? __pfx___mutex_lock+0x10/0x10 [ 604.765731][T13156] ? __pfx_vfs_write+0x10/0x10 [ 604.765782][T13156] ? __fget_files+0x20e/0x3c0 [ 604.765830][T13156] ksys_write+0x12a/0x250 [ 604.765863][T13156] ? __pfx_ksys_write+0x10/0x10 [ 604.765920][T13156] do_syscall_64+0xcd/0x490 [ 604.765969][T13156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.766000][T13156] RIP: 0033:0x7fa58c58eb69 [ 604.766026][T13156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.766056][T13156] RSP: 002b:00007fa58d45b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 604.766087][T13156] RAX: ffffffffffffffda RBX: 00007fa58c7b6080 RCX: 00007fa58c58eb69 [ 604.766106][T13156] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000009 [ 604.766124][T13156] RBP: 00007fa58c611df1 R08: 0000000000000000 R09: 0000000000000000 [ 604.766142][T13156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.766159][T13156] R13: 0000000000000000 R14: 00007fa58c7b6080 R15: 00007ffe2770c4e8 [ 604.766199][T13156] [ 609.577618][T13259] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 610.476888][T13284] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(3.4.0), cmd(1) [ 610.506210][T13284] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1370'. [ 613.891152][T13354] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(3.4.0), cmd(1) [ 614.079989][T13346] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1382'. [ 616.861491][T13407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1396'. [ 616.975593][T13405] Process accounting resumed [ 617.826731][T13431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1401'. [ 618.040137][T13435] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1407'. [ 618.836999][T13453] random: crng reseeded on system resumption [ 619.326324][T13441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.402443][T13441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 623.137664][T13532] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 625.304412][T13572] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 628.425848][T13640] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 629.815959][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.822904][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.158876][T13663] Process accounting paused [ 631.973349][T13711] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 633.465578][ T30] audit: type=1800 audit(1843104530.085:22): pid=13722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1457" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 634.458080][T13736] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 634.464236][T13736] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 634.488065][T13736] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 634.495242][T13736] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 635.697275][T13786] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 635.793616][T13789] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 636.526917][T12152] Bluetooth: hci3: command 0x0c1a tx timeout [ 636.533039][T12152] Bluetooth: hci2: command 0x0c1a tx timeout [ 636.539222][ T7596] Bluetooth: hci1: command 0x0c1a tx timeout [ 636.545497][ T7596] Bluetooth: hci0: command 0x0c1a tx timeout [ 637.037898][T13810] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 637.921015][T13823] random: crng reseeded on system resumption [ 639.412638][T13848] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 642.033325][T13911] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 643.177066][T13923] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1491'. [ 645.538020][T13972] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k/[k/[k/[k /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/835/file0' not defined. [ 777.191430][T16212] Process accounting paused [ 777.735714][T16236] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 777.880505][ T30] audit: type=1800 audit(1843104626.223:25): pid=16228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1897" name="members" dev="configfs" ino=62928 res=0 errno=0 [ 783.960547][T16298] Process accounting resumed [ 786.027134][T16327] openvswitch: netlink: Key 0 has unexpected len 16 expected 0 [ 786.868900][T16351] random: crng reseeded on system resumption [ 787.640588][T16321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 787.653043][T16321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 790.731221][T16396] FAULT_INJECTION: forcing a failure. [ 790.731221][T16396] name failslab, interval 1, probability 0, space 0, times 0 [ 790.863115][T16396] CPU: 1 UID: 0 PID: 16396 Comm: syz.2.1925 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 790.863145][T16396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 790.863156][T16396] Call Trace: [ 790.863163][T16396] [ 790.863170][T16396] dump_stack_lvl+0x16c/0x1f0 [ 790.863216][T16396] should_fail_ex+0x512/0x640 [ 790.863246][T16396] ? __kmalloc_noprof+0xbf/0x510 [ 790.863274][T16396] ? ima_write_template_field_data+0x5d/0x1f0 [ 790.863294][T16396] should_failslab+0xc2/0x120 [ 790.863316][T16396] __kmalloc_noprof+0xd2/0x510 [ 790.863341][T16396] ima_write_template_field_data+0x5d/0x1f0 [ 790.863370][T16396] ima_eventname_init_common+0x1b8/0x260 [ 790.863392][T16396] ? __pfx_ima_eventname_init_common+0x10/0x10 [ 790.863415][T16396] ? trace_kmalloc+0x2b/0xd0 [ 790.863437][T16396] ? __kmalloc_noprof+0x242/0x510 [ 790.863462][T16396] ima_alloc_init_template+0x3a0/0x720 [ 790.863489][T16396] ? rcu_is_watching+0x12/0xc0 [ 790.863511][T16396] ima_store_measurement+0x1eb/0x5c0 [ 790.863539][T16396] ? __pfx_ima_store_measurement+0x10/0x10 [ 790.863566][T16396] ? vfs_getxattr_alloc+0xec/0x340 [ 790.863591][T16396] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 790.863617][T16396] process_measurement+0x1ddb/0x23e0 [ 790.863648][T16396] ? __pfx_process_measurement+0x10/0x10 [ 790.863679][T16396] ? __pfx___might_resched+0x10/0x10 [ 790.863702][T16396] ? tracing_check_open_get_tr.part.0+0xdc/0x190 [ 790.863745][T16396] ? tracing_check_open_get_tr.part.0+0xe1/0x190 [ 790.863768][T16396] ? inode_to_bdi+0x9e/0x160 [ 790.863794][T16396] ima_file_check+0xc5/0x110 [ 790.863818][T16396] ? __pfx_ima_file_check+0x10/0x10 [ 790.863847][T16396] security_file_post_open+0x8e/0x210 [ 790.863867][T16396] path_openat+0x1404/0x2cb0 [ 790.863894][T16396] ? __pfx_path_openat+0x10/0x10 [ 790.863920][T16396] do_filp_open+0x20b/0x470 [ 790.863940][T16396] ? __pfx_do_filp_open+0x10/0x10 [ 790.863975][T16396] ? alloc_fd+0x471/0x7d0 [ 790.863999][T16396] do_sys_openat2+0x11b/0x1d0 [ 790.864025][T16396] ? __pfx_do_sys_openat2+0x10/0x10 [ 790.864059][T16396] __x64_sys_openat+0x174/0x210 [ 790.864084][T16396] ? __pfx___x64_sys_openat+0x10/0x10 [ 790.864119][T16396] do_syscall_64+0xcd/0x490 [ 790.864147][T16396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.864165][T16396] RIP: 0033:0x7f2b6df8eb69 [ 790.864180][T16396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 790.864198][T16396] RSP: 002b:00007f2b6ee5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 790.864215][T16396] RAX: ffffffffffffffda RBX: 00007f2b6e1b6080 RCX: 00007f2b6df8eb69 [ 790.864227][T16396] RDX: 0000000000080100 RSI: 0000200000008140 RDI: ffffffffffffff9c [ 790.864237][T16396] RBP: 00007f2b6e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 790.864248][T16396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.864258][T16396] R13: 0000000000000000 R14: 00007f2b6e1b6080 R15: 00007ffeaa9a3a28 [ 790.864280][T16396] [ 790.864568][ T30] audit: type=1804 audit(1843104639.220:26): pid=16396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.1925" name="/newroot/sys/kernel/debug/tracing/per_cpu/cpu1/buffer_size_kb" dev="tracefs" ino=1207 res=0 errno=0 [ 791.192653][ C1] vkms_vblank_simulate: vblank timer overrun [ 793.351730][T16428] bond0: option all_slaves_active: invalid value () [ 795.389249][T16465] ERROR: Out of memory at tomoyo_memory_ok. [ 795.411407][T16468] random: crng reseeded on system resumption [ 795.914408][T16427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 795.927778][T16427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 798.477544][T16513] ERROR: Out of memory at tomoyo_memory_ok. [ 800.645381][T16552] random: crng reseeded on system resumption [ 800.672297][T16552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 800.681318][T16552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 807.309712][T16640] Process accounting resumed [ 808.465749][T16663] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1975'. [ 808.592051][T16667] ERROR: Out of memory at tomoyo_memory_ok. [ 809.713124][T16691] random: crng reseeded on system resumption [ 810.303909][T16697] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 810.631751][T16655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 810.739107][T16655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 810.894806][T16701] FAULT_INJECTION: forcing a failure. [ 810.894806][T16701] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 810.959740][T16701] CPU: 0 UID: 0 PID: 16701 Comm: syz.1.1979 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 810.959785][T16701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 810.959802][T16701] Call Trace: [ 810.959812][T16701] [ 810.959826][T16701] dump_stack_lvl+0x16c/0x1f0 [ 810.959887][T16701] should_fail_ex+0x512/0x640 [ 810.959919][T16701] should_fail_alloc_page+0xe7/0x130 [ 810.959961][T16701] prepare_alloc_pages+0x3c2/0x610 [ 810.960006][T16701] ? rcu_is_watching+0x12/0xc0 [ 810.960038][T16701] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 810.960077][T16701] ? rcu_is_watching+0x12/0xc0 [ 810.960101][T16701] ? trace_mm_page_alloc+0x11f/0x1a0 [ 810.960141][T16701] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 810.960173][T16701] ? stack_trace_save+0x8e/0xc0 [ 810.960203][T16701] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 810.960246][T16701] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 810.960275][T16701] ? __get_vm_area_node+0x1ca/0x330 [ 810.960309][T16701] ? __vmalloc_node_noprof+0xad/0xf0 [ 810.960347][T16701] ? pcpu_mem_zalloc+0x54/0xb0 [ 810.960371][T16701] ? pcpu_create_chunk+0x432/0x730 [ 810.960396][T16701] ? pcpu_alloc_noprof+0x11e3/0x1470 [ 810.960422][T16701] ? bpf_map_alloc_percpu+0x9a/0x4b0 [ 810.960453][T16701] ? htab_map_alloc+0x10ca/0x1570 [ 810.960489][T16701] ? map_create+0x58f/0x1f80 [ 810.960535][T16701] alloc_pages_bulk_noprof+0x71c/0x1410 [ 810.960572][T16701] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 810.960609][T16701] ? policy_nodemask+0xea/0x4e0 [ 810.960645][T16701] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 810.960680][T16701] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 810.960746][T16701] kasan_populate_vmalloc+0xf1/0x1f0 [ 810.960786][T16701] alloc_vmap_area+0x959/0x29c0 [ 810.960842][T16701] ? __pfx_alloc_vmap_area+0x10/0x10 [ 810.960890][T16701] __get_vm_area_node+0x1ca/0x330 [ 810.960936][T16701] __vmalloc_node_range_noprof+0x271/0x14b0 [ 810.960980][T16701] ? pcpu_mem_zalloc+0x54/0xb0 [ 810.961016][T16701] ? pcpu_mem_zalloc+0x54/0xb0 [ 810.961051][T16701] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 810.961111][T16701] ? pcpu_mem_zalloc+0x54/0xb0 [ 810.961134][T16701] __vmalloc_node_noprof+0xad/0xf0 [ 810.961175][T16701] ? pcpu_mem_zalloc+0x54/0xb0 [ 810.961203][T16701] pcpu_mem_zalloc+0x54/0xb0 [ 810.961228][T16701] pcpu_create_chunk+0x432/0x730 [ 810.961263][T16701] pcpu_alloc_noprof+0x11e3/0x1470 [ 810.961314][T16701] bpf_map_alloc_percpu+0x9a/0x4b0 [ 810.961354][T16701] htab_map_alloc+0x10ca/0x1570 [ 810.961406][T16701] ? ns_capable+0xd7/0x110 [ 810.961440][T16701] map_create+0x58f/0x1f80 [ 810.961490][T16701] ? __pfx_map_create+0x10/0x10 [ 810.961520][T16701] ? __might_fault+0xe3/0x190 [ 810.961548][T16701] ? __might_fault+0xe3/0x190 [ 810.961575][T16701] ? __might_fault+0x13b/0x190 [ 810.961620][T16701] __sys_bpf+0x44d2/0x4de0 [ 810.961660][T16701] ? __pfx___sys_bpf+0x10/0x10 [ 810.961800][T16701] ? do_writev+0x218/0x340 [ 810.961840][T16701] ? do_futex+0x122/0x350 [ 810.961873][T16701] ? __pfx_do_futex+0x10/0x10 [ 810.961929][T16701] ? xfd_validate_state+0x61/0x180 [ 810.961974][T16701] ? __pfx_do_writev+0x10/0x10 [ 810.962057][T16701] __x64_sys_bpf+0x78/0xc0 [ 810.962146][T16701] ? lockdep_hardirqs_on+0x7c/0x110 [ 810.962194][T16701] do_syscall_64+0xcd/0x490 [ 810.962236][T16701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.962259][T16701] RIP: 0033:0x7fa58c58eb69 [ 810.962281][T16701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 810.962309][T16701] RSP: 002b:00007fa58d45b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 810.962349][T16701] RAX: ffffffffffffffda RBX: 00007fa58c7b6080 RCX: 00007fa58c58eb69 [ 810.962368][T16701] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 810.962386][T16701] RBP: 00007fa58c611df1 R08: 0000000000000000 R09: 0000000000000000 [ 810.962403][T16701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 810.962420][T16701] R13: 0000000000000000 R14: 00007fa58c7b6080 R15: 00007ffe2770c4e8 [ 810.962469][T16701] [ 813.300983][T16730] openvswitch: netlink: Key 0 has unexpected len 16 expected 0 [ 814.052926][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.068055][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.645133][T16744] Process accounting paused [ 816.834742][T16781] random: crng reseeded on system resumption [ 816.941559][T16779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 816.968974][T16779] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 818.810426][T16821] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 819.670109][T16832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2005'. [ 819.746275][T16832] ERROR: Out of memory at tomoyo_memory_ok. [ 822.186154][T16875] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 822.635014][T16857] bond0: option all_slaves_active: invalid value () [ 824.412335][T16899] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2016'. [ 824.444282][T16899] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2016'. [ 824.464756][T16899] netlink: 290 bytes leftover after parsing attributes in process `syz.3.2016'. [ 824.478362][T16899] netlink: 290 bytes leftover after parsing attributes in process `syz.3.2016'. [ 824.928837][T16915] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2017'. [ 825.192640][T16908] ERROR: Out of memory at tomoyo_memory_ok. [ 826.034351][T16932] phram: not enough arguments [ 826.099593][T16932] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd12 [ 826.356066][T16939] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 826.963337][T16948] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 828.022020][T16961] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 828.052024][T16961] File: /dev/ram7 PID: 16961 Comm: syz.0.2033 [ 831.726335][T16983] kexec: Could not allocate control_code_buffer [ 832.093244][T17004] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2035'. [ 832.170215][T17004] bridge_slave_1: left allmulticast mode [ 832.176027][T17004] bridge_slave_1: left promiscuous mode [ 832.183424][T17004] bridge0: port 2(bridge_slave_1) entered disabled state [ 832.212282][T17004] bridge_slave_0: left allmulticast mode [ 832.219839][T17004] bridge_slave_0: left promiscuous mode [ 832.239237][T17004] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.093016][T17063] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 837.007075][T17053] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 838.665887][ T7606] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 840.624401][T17082] Process accounting paused [ 843.425184][T17157] FAULT_INJECTION: forcing a failure. [ 843.425184][T17157] name failslab, interval 1, probability 0, space 0, times 0 [ 843.490514][T17157] CPU: 0 UID: 0 PID: 17157 Comm: syz.0.2054 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 843.490562][T17157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 843.490580][T17157] Call Trace: [ 843.490591][T17157] [ 843.490603][T17157] dump_stack_lvl+0x16c/0x1f0 [ 843.490655][T17157] should_fail_ex+0x512/0x640 [ 843.490686][T17157] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 843.490727][T17157] should_failslab+0xc2/0x120 [ 843.490769][T17157] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 843.490806][T17157] ? getname_flags.part.0+0x4c/0x550 [ 843.490853][T17157] getname_flags.part.0+0x4c/0x550 [ 843.490900][T17157] getname_flags+0x93/0xf0 [ 843.490931][T17157] do_sys_openat2+0xb8/0x1d0 [ 843.490973][T17157] ? __pfx_do_sys_openat2+0x10/0x10 [ 843.491015][T17157] ? find_held_lock+0x2b/0x80 [ 843.491054][T17157] __x64_sys_openat+0x174/0x210 [ 843.491099][T17157] ? __pfx___x64_sys_openat+0x10/0x10 [ 843.491153][T17157] do_syscall_64+0xcd/0x490 [ 843.491198][T17157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.491228][T17157] RIP: 0033:0x7f00d798eb69 [ 843.491252][T17157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 843.491276][T17157] RSP: 002b:00007f00d8872038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 843.491304][T17157] RAX: ffffffffffffffda RBX: 00007f00d7bb6160 RCX: 00007f00d798eb69 [ 843.491323][T17157] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 843.491341][T17157] RBP: 00007f00d7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 843.491358][T17157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 843.491373][T17157] R13: 0000000000000000 R14: 00007f00d7bb6160 R15: 00007ffc423b1538 [ 843.491409][T17157] [ 844.423805][T17161] nbd: socks must be embedded in a SOCK_ITEM attr [ 846.695255][T17175] Process accounting resumed [ 846.919467][T17199] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 847.675874][T17213] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2069'. [ 847.713692][T17213] openvswitch: HfR: Dropping previously announced user features [ 847.984527][T17211] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2068'. [ 851.344923][T17269] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 851.895775][T17280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2079'. [ 852.234009][T17274] ERROR: Out of memory at tomoyo_memory_ok. [ 857.557516][T17362] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 857.564246][T17362] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 857.572028][T17362] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 857.589916][T17362] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 859.653039][T13797] Bluetooth: hci2: command 0x0c1a tx timeout [ 859.653140][T12152] Bluetooth: hci1: command 0x0c1a tx timeout [ 859.695178][T13797] Bluetooth: hci0: command 0x0c1a tx timeout [ 859.703197][ T7606] Bluetooth: hci3: command 0x0c1a tx timeout [ 861.395142][T17421] bond0: option all_slaves_active: invalid value () [ 868.198816][T17499] random: crng reseeded on system resumption [ 868.596098][T17509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2119'. [ 870.061859][T17478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 870.084170][T17478] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 870.902867][T17486] Process accounting resumed [ 873.407515][T17558] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2127'. [ 875.450778][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.457375][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 876.918277][T17581] Process accounting paused [ 877.031195][T17595] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 878.597017][T17619] random: crng reseeded on system resumption [ 881.217932][T17658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2145'. [ 881.234638][T17664] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 883.902230][T17700] Invalid ELF header magic: != ELF [ 884.465259][ T30] audit: type=1400 audit(1843104732.846:27): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=17701 comm="syz.1.2152" [ 886.584712][T17759] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input52 [ 886.872206][T17762] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 894.102305][T17876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2193'. [ 898.205184][T17924] QAT: Stopping all acceleration devices. [ 901.433200][T17933] Process accounting paused [ 903.061723][T17976] random: crng reseeded on system resumption [ 906.219581][T18025] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2225'. [ 906.249318][T18025] ERROR: Out of memory at tomoyo_memory_ok. [ 907.934073][T18051] Process accounting resumed [ 909.092375][T18075] random: crng reseeded on system resumption [ 912.289839][T18102] QAT: Stopping all acceleration devices. [ 913.798325][T18112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2239'. [ 921.172640][T18231] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 921.208933][T18231] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 921.240925][T18231] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 921.254895][T18231] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 922.700857][T18253] QAT: Stopping all acceleration devices. [ 923.183463][T17395] Bluetooth: hci0: command 0x0c1a tx timeout [ 923.266105][T17395] Bluetooth: hci3: command 0x0c1a tx timeout [ 923.267712][ T7606] Bluetooth: hci1: command 0x0c1a tx timeout [ 923.280840][ T7596] Bluetooth: hci2: command 0x0c1a tx timeout [ 933.399969][T18356] Process accounting resumed [ 936.880068][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.886554][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.126296][T18448] Process accounting paused [ 940.275038][T18487] random: crng reseeded on system resumption [ 944.195348][T18541] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 944.232015][T18541] .SR: entered promiscuous mode [ 944.312003][T18541] Invalid ELF header magic: != ELF [ 944.806129][T18546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 944.842453][T18546] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 944.851225][T18546] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 944.882521][T18546] page_type: f5(slab) [ 944.886689][T18546] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 944.912454][T18546] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 944.924852][T18546] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 944.964121][T18546] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 945.003353][T18546] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 945.024957][T18541] could not allocate digest TFM handle [ 945.032106][T18542] could not allocate digest TFM handle [ 945.081936][T18546] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 945.121964][T18546] page dumped because: unmovable page [ 945.142408][T18546] page_owner tracks the page as allocated [ 945.148827][T18546] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5245, tgid 5245 (udevadm), ts 42016879719, free_ts 33400304430 [ 945.176878][T18546] post_alloc_hook+0x1c0/0x230 [ 945.184074][T18546] get_page_from_freelist+0x132b/0x38e0 [ 945.189792][T18546] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 945.193153][ T5213] ERROR: Out of memory at tomoyo_memory_ok. [ 945.196167][T18546] alloc_pages_mpol+0x1fb/0x550 [ 945.222273][T18546] new_slab+0x247/0x330 [ 945.226515][T18546] ___slab_alloc+0xcf2/0x1740 [ 945.240720][T18546] __slab_alloc.constprop.0+0x56/0xb0 [ 945.246749][T18546] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 945.253038][T18546] alloc_inode+0xc3/0x240 [ 945.257526][T18546] iget_locked+0x2e4/0x830 [ 945.262004][T18546] kernfs_get_inode+0x48/0x460 [ 945.284329][T18546] kernfs_iop_lookup+0x1a7/0x2d0 [ 945.290225][T18546] __lookup_slow+0x251/0x460 [ 945.320557][T18546] walk_component+0x353/0x5b0 [ 945.371307][T18546] link_path_walk+0x627/0xe20 [ 945.382273][T18546] path_lookupat+0x15a/0x6d0 [ 945.387939][T18546] page last free pid 1 tgid 1 stack trace: [ 945.396929][T18546] __free_frozen_pages+0x7d5/0x10f0 [ 945.406256][T18546] free_contig_range+0x183/0x4b0 [ 945.413459][T18546] destroy_args+0x7f6/0xa60 [ 945.418268][T18546] debug_vm_pgtable+0x1a32/0x3640 [ 945.425782][T18546] do_one_initcall+0x120/0x6e0 [ 945.432023][T18546] kernel_init_freeable+0x5c2/0x900 [ 945.437461][T18546] kernel_init+0x1c/0x2b0 [ 945.442311][T18546] ret_from_fork+0x5d4/0x6f0 [ 945.447152][T18546] ret_from_fork_asm+0x1a/0x30 [ 1448.859375][T24861] ERROR: Out of memory at tomoyo_memory_ok. [ 1451.503030][T24877] ERROR: Out of memory at tomoyo_memory_ok. [ 1451.816422][T24882] ERROR: Out of memory at tomoyo_memory_ok. [ 1453.055646][T24915] ERROR: Out of memory at tomoyo_memory_ok. [ 1455.613849][T24948] ERROR: Out of memory at tomoyo_memory_ok. [ 1457.079845][T24967] ERROR: Out of memory at tomoyo_memory_ok. [ 1457.082718][T24963] Process accounting resumed [ 1458.503580][T24970] random: crng reseeded on system resumption [ 1459.648048][T24994] Process accounting paused [ 1460.391290][T25008] ERROR: Out of memory at tomoyo_memory_ok. [ 1461.053028][T25026] net_ratelimit: 228 callbacks suppressed [ 1461.053048][T25026] netlink: get zone limit has 8 unknown bytes [ 1462.162570][T25049] ERROR: Out of memory at tomoyo_memory_ok. [ 1464.007599][T25061] netlink: 'syz.1.3575': attribute type 1 has an invalid length. [ 1464.118651][T25063] ERROR: Out of memory at tomoyo_memory_ok. [ 1468.637116][T25133] netlink: 'syz.0.3607': attribute type 2 has an invalid length. [ 1468.655377][T25133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3607'. [ 1469.012668][T25148] ERROR: Out of memory at tomoyo_memory_ok. [ 1470.742586][T25168] ERROR: Out of memory at tomoyo_memory_ok. [ 1472.930153][T25196] ERROR: Out of memory at tomoyo_memory_ok. [ 1474.114541][T25211] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3623'. [ 1474.778399][T25222] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1475.693270][T25236] netlink: 'syz.1.3631': attribute type 11 has an invalid length. [ 1475.717215][T25236] netlink: 'syz.1.3631': attribute type 11 has an invalid length. [ 1477.163812][T25265] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4.131072.4294967293), cmd(3) [ 1480.762514][T25326] ================================================================== [ 1480.770683][T25326] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 1480.778630][T25326] Read of size 8 at addr ffff888141ab3618 by task syz.3.3660/25326 [ 1480.786561][T25326] [ 1480.788914][T25326] CPU: 1 UID: 0 PID: 25326 Comm: syz.3.3660 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 1480.788958][T25326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1480.788978][T25326] Call Trace: [ 1480.788988][T25326] [ 1480.789001][T25326] dump_stack_lvl+0x116/0x1f0 [ 1480.789051][T25326] print_report+0xcd/0x630 [ 1480.789089][T25326] ? __virt_addr_valid+0x81/0x610 [ 1480.789126][T25326] ? __phys_addr+0xe8/0x180 [ 1480.789164][T25326] ? dvb_device_open+0x36a/0x3b0 [ 1480.789191][T25326] kasan_report+0xe0/0x110 [ 1480.789228][T25326] ? dvb_device_open+0x36a/0x3b0 [ 1480.789259][T25326] ? __pfx_dvb_device_open+0x10/0x10 [ 1480.789288][T25326] dvb_device_open+0x36a/0x3b0 [ 1480.789315][T25326] ? __pfx_dvb_device_open+0x10/0x10 [ 1480.789353][T25326] chrdev_open+0x231/0x6a0 [ 1480.789390][T25326] ? __pfx_apparmor_file_open+0x10/0x10 [ 1480.789424][T25326] ? __pfx_chrdev_open+0x10/0x10 [ 1480.789461][T25326] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1480.789499][T25326] do_dentry_open+0x982/0x1530 [ 1480.789536][T25326] ? __pfx_chrdev_open+0x10/0x10 [ 1480.789577][T25326] vfs_open+0x82/0x3f0 [ 1480.789619][T25326] path_openat+0x1de4/0x2cb0 [ 1480.789660][T25326] ? __pfx_path_openat+0x10/0x10 [ 1480.789697][T25326] do_filp_open+0x20b/0x470 [ 1480.789731][T25326] ? __pfx_do_filp_open+0x10/0x10 [ 1480.789777][T25326] ? alloc_fd+0x471/0x7d0 [ 1480.789811][T25326] do_sys_openat2+0x11b/0x1d0 [ 1480.789854][T25326] ? __pfx_do_sys_openat2+0x10/0x10 [ 1480.789896][T25326] ? __pfx_do_sys_openat2+0x10/0x10 [ 1480.789941][T25326] ? __pfx___might_resched+0x10/0x10 [ 1480.789974][T25326] __x64_sys_openat+0x174/0x210 [ 1480.790019][T25326] ? __pfx___x64_sys_openat+0x10/0x10 [ 1480.790072][T25326] do_syscall_64+0xcd/0x490 [ 1480.790117][T25326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1480.790148][T25326] RIP: 0033:0x7f8c18b8eb69 [ 1480.790172][T25326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1480.790203][T25326] RSP: 002b:00007f8c1995c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1480.790233][T25326] RAX: ffffffffffffffda RBX: 00007f8c18db5fa0 RCX: 00007f8c18b8eb69 [ 1480.790253][T25326] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1480.790272][T25326] RBP: 00007f8c18c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 1480.790290][T25326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1480.790308][T25326] R13: 0000000000000000 R14: 00007f8c18db5fa0 R15: 00007ffcac3b26b8 [ 1480.790340][T25326] [ 1480.790351][T25326] [ 1481.047003][T25326] Allocated by task 1: [ 1481.051175][T25326] kasan_save_stack+0x33/0x60 [ 1481.055873][T25326] kasan_save_track+0x14/0x30 [ 1481.060568][T25326] __kasan_kmalloc+0xaa/0xb0 [ 1481.065380][T25326] dvb_register_device+0x1e4/0x2370 [ 1481.070593][T25326] dvb_register_frontend+0x5a6/0x880 [ 1481.076005][T25326] vidtv_bridge_probe+0x459/0xa90 [ 1481.081157][T25326] platform_probe+0x106/0x1d0 [ 1481.085860][T25326] really_probe+0x23e/0xa90 [ 1481.090384][T25326] __driver_probe_device+0x1de/0x440 [ 1481.095693][T25326] driver_probe_device+0x4c/0x1b0 [ 1481.100764][T25326] __driver_attach+0x283/0x580 [ 1481.105562][T25326] bus_for_each_dev+0x13b/0x1d0 [ 1481.110438][T25326] bus_add_driver+0x2e9/0x690 [ 1481.115161][T25326] driver_register+0x15c/0x4b0 [ 1481.119940][T25326] vidtv_bridge_init+0x45/0x80 [ 1481.124727][T25326] do_one_initcall+0x120/0x6e0 [ 1481.129618][T25326] kernel_init_freeable+0x5c2/0x900 [ 1481.135082][T25326] kernel_init+0x1c/0x2b0 [ 1481.139430][T25326] ret_from_fork+0x5d4/0x6f0 [ 1481.144041][T25326] ret_from_fork_asm+0x1a/0x30 [ 1481.148911][T25326] [ 1481.151234][T25326] Freed by task 25222: [ 1481.155390][T25326] kasan_save_stack+0x33/0x60 [ 1481.160079][T25326] kasan_save_track+0x14/0x30 [ 1481.164772][T25326] kasan_save_free_info+0x3b/0x60 [ 1481.169820][T25326] __kasan_slab_free+0x51/0x70 [ 1481.174605][T25326] kfree+0x2b4/0x4d0 [ 1481.178508][T25326] dvb_device_put.part.0+0x60/0x90 [ 1481.183662][T25326] dvb_device_open+0x2a4/0x3b0 [ 1481.188570][T25326] chrdev_open+0x231/0x6a0 [ 1481.193025][T25326] do_dentry_open+0x982/0x1530 [ 1481.197828][T25326] vfs_open+0x82/0x3f0 [ 1481.201947][T25326] path_openat+0x1de4/0x2cb0 [ 1481.206561][T25326] do_filp_open+0x20b/0x470 [ 1481.211351][T25326] do_sys_openat2+0x11b/0x1d0 [ 1481.216062][T25326] __x64_sys_openat+0x174/0x210 [ 1481.220932][T25326] do_syscall_64+0xcd/0x490 [ 1481.225467][T25326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1481.231386][T25326] [ 1481.233719][T25326] The buggy address belongs to the object at ffff888141ab3600 [ 1481.233719][T25326] which belongs to the cache kmalloc-256 of size 256 [ 1481.247880][T25326] The buggy address is located 24 bytes inside of [ 1481.247880][T25326] freed 256-byte region [ffff888141ab3600, ffff888141ab3700) [ 1481.261611][T25326] [ 1481.263944][T25326] The buggy address belongs to the physical page: [ 1481.270463][T25326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141ab2 [ 1481.279339][T25326] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1481.287875][T25326] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 1481.295610][T25326] page_type: f5(slab) [ 1481.299601][T25326] raw: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 1481.308201][T25326] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1481.316797][T25326] head: 057ff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 1481.325575][T25326] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1481.334257][T25326] head: 057ff00000000001 ffffea000506ac81 00000000ffffffff 00000000ffffffff [ 1481.343203][T25326] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1481.352050][T25326] page dumped because: kasan: bad access detected [ 1481.358465][T25326] page_owner tracks the page as allocated [ 1481.364181][T25326] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22979523035, free_ts 0 [ 1481.383926][T25326] post_alloc_hook+0x1c0/0x230 [ 1481.388814][T25326] get_page_from_freelist+0x132b/0x38e0 [ 1481.394651][T25326] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1481.400559][T25326] alloc_pages_mpol+0x1fb/0x550 [ 1481.405433][T25326] new_slab+0x247/0x330 [ 1481.409599][T25326] ___slab_alloc+0xcf2/0x1740 [ 1481.414312][T25326] __slab_alloc.constprop.0+0x56/0xb0 [ 1481.419699][T25326] __kmalloc_cache_noprof+0xfb/0x3e0 [ 1481.424991][T25326] bus_add_driver+0x92/0x690 [ 1481.429636][T25326] driver_register+0x15c/0x4b0 [ 1481.434503][T25326] usb_register_driver+0x216/0x4d0 [ 1481.439891][T25326] do_one_initcall+0x120/0x6e0 [ 1481.444758][T25326] kernel_init_freeable+0x5c2/0x900 [ 1481.449992][T25326] kernel_init+0x1c/0x2b0 [ 1481.454391][T25326] ret_from_fork+0x5d4/0x6f0 [ 1481.459087][T25326] ret_from_fork_asm+0x1a/0x30 [ 1481.463961][T25326] page_owner free stack trace missing [ 1481.469339][T25326] [ 1481.471822][T25326] Memory state around the buggy address: [ 1481.477640][T25326] ffff888141ab3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1481.485710][T25326] ffff888141ab3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1481.493780][T25326] >ffff888141ab3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1481.501938][T25326] ^ [ 1481.506786][T25326] ffff888141ab3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1481.514885][T25326] ffff888141ab3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1481.522951][T25326] ================================================================== [ 1481.604940][ T5213] ERROR: Out of memory at tomoyo_memory_ok. [ 1482.164573][T25326] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1482.171836][T25326] CPU: 0 UID: 0 PID: 25326 Comm: syz.3.3660 Not tainted 6.16.0-syzkaller-11241-g186f3edfdd41 #0 PREEMPT(full) [ 1482.183682][T25326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1482.194031][T25326] Call Trace: [ 1482.197336][T25326] [ 1482.200378][T25326] dump_stack_lvl+0x3d/0x1f0 [ 1482.205011][T25326] vpanic+0x6a3/0x780 [ 1482.209087][T25326] ? __pfx_vpanic+0x10/0x10 [ 1482.213594][T25326] ? __pfx_vprintk_emit+0x10/0x10 [ 1482.218618][T25326] ? dvb_device_open+0x36a/0x3b0 [ 1482.223567][T25326] panic+0xca/0xd0 [ 1482.227310][T25326] ? __pfx_panic+0x10/0x10 [ 1482.231836][T25326] ? dvb_device_open+0x36a/0x3b0 [ 1482.236792][T25326] ? preempt_schedule_common+0x44/0xc0 [ 1482.242379][T25326] ? preempt_schedule_thunk+0x16/0x30 [ 1482.247923][T25326] check_panic_on_warn+0xab/0xb0 [ 1482.252914][T25326] end_report+0x107/0x170 [ 1482.257252][T25326] kasan_report+0xee/0x110 [ 1482.261763][T25326] ? dvb_device_open+0x36a/0x3b0 [ 1482.266722][T25326] ? __pfx_dvb_device_open+0x10/0x10 [ 1482.272053][T25326] dvb_device_open+0x36a/0x3b0 [ 1482.276939][T25326] ? __pfx_dvb_device_open+0x10/0x10 [ 1482.282325][T25326] chrdev_open+0x231/0x6a0 [ 1482.286983][T25326] ? __pfx_apparmor_file_open+0x10/0x10 [ 1482.292655][T25326] ? __pfx_chrdev_open+0x10/0x10 [ 1482.297636][T25326] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1482.304113][T25326] do_dentry_open+0x982/0x1530 [ 1482.308970][T25326] ? __pfx_chrdev_open+0x10/0x10 [ 1482.313971][T25326] vfs_open+0x82/0x3f0 [ 1482.318184][T25326] path_openat+0x1de4/0x2cb0 [ 1482.322914][T25326] ? __pfx_path_openat+0x10/0x10 [ 1482.327990][T25326] do_filp_open+0x20b/0x470 [ 1482.332574][T25326] ? __pfx_do_filp_open+0x10/0x10 [ 1482.337681][T25326] ? alloc_fd+0x471/0x7d0 [ 1482.342078][T25326] do_sys_openat2+0x11b/0x1d0 [ 1482.346815][T25326] ? __pfx_do_sys_openat2+0x10/0x10 [ 1482.352064][T25326] ? __pfx_do_sys_openat2+0x10/0x10 [ 1482.357325][T25326] ? __pfx___might_resched+0x10/0x10 [ 1482.362667][T25326] __x64_sys_openat+0x174/0x210 [ 1482.367610][T25326] ? __pfx___x64_sys_openat+0x10/0x10 [ 1482.373051][T25326] do_syscall_64+0xcd/0x490 [ 1482.377615][T25326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.383641][T25326] RIP: 0033:0x7f8c18b8eb69 [ 1482.388099][T25326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.407978][T25326] RSP: 002b:00007f8c1995c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1482.416538][T25326] RAX: ffffffffffffffda RBX: 00007f8c18db5fa0 RCX: 00007f8c18b8eb69 [ 1482.425069][T25326] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1482.433078][T25326] RBP: 00007f8c18c11df1 R08: 0000000000000000 R09: 0000000000000000 [ 1482.441091][T25326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.449129][T25326] R13: 0000000000000000 R14: 00007f8c18db5fa0 R15: 00007ffcac3b26b8 [ 1482.457579][T25326] [ 1482.460995][T25326] Kernel Offset: disabled [ 1482.465342][T25326] Rebooting in 86400 seconds..