last executing test programs: 23.235488473s ago: executing program 1 (id=4892): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x0) r1 = socket(0x2a, 0x2, 0x0) ioctl$auto(r1, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x29, 0x2, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x53401, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01001abd0300fcdbdf840a00000008ed4500", @ANYRES32=0x4, @ANYBLOB="080001002e53520008000200", @ANYRES32=0x9, @ANYBLOB="0800070004000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) bpf$auto(0xd, 0x0, 0x6f5) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x480, 0x0) mprotect$auto(0x0, 0x806121, 0x6) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r5, 0xc0606610, 0x0) 17.70548342s ago: executing program 1 (id=4910): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x0) r1 = socket(0x2a, 0x2, 0x0) ioctl$auto(r1, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x29, 0x2, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x53401, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01001abd0300fcdbdf840a00000008ed4500", @ANYRES32=0x4, @ANYBLOB="080001002e53520008000200", @ANYRES32=0x9, @ANYBLOB="0800070004000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) bpf$auto(0xd, 0x0, 0x6f5) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x480, 0x0) mprotect$auto(0x0, 0x806121, 0x6) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r5, 0xc0606610, 0x0) 16.781179022s ago: executing program 1 (id=4913): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pmtimer\x00', 0x0, 0x0) ioperm$auto(0x7, 0x6, 0x2) fstat$auto(0x1, &(0x7f0000001a40)={0x2, 0x3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x6, 0xe, 0x7, 0x7e0, 0x200000000007, 0x7ff, 0xffffffff80000000, 0x7, 0xa, 0x81}) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x7) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x1d, 0x3, 0x1) arch_prctl$auto(0x5003, 0x5) arch_prctl$auto(0x5002, 0x1) getsockopt$auto(r3, 0x65, 0x2, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x3, 0x5, 0x0) ioctl$auto(0x3, 0xc048aec8, r1) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/45, 0x2d) 14.969108079s ago: executing program 1 (id=4904): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) fsconfig$auto_EROFS_MOUNT_DAX_ALWAYS(0xffffffffffffffff, 0x100, &(0x7f0000000040)='\x00', &(0x7f0000000080)="058aa3b2a1f44cac3d90e21777ca007b1c0e2277e48d56de2a4db564937d9478dd290800d4729ce3385e295a4794a6a62b82d6fef36d8d189b4d02", 0x40) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x5a002, 0x0) r0 = prctl$auto(0x4e, 0x88af, 0x0, 0x4, 0x8) read$auto(r0, 0x0, 0x42e485c7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 14.710042878s ago: executing program 1 (id=4911): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/peer_notif_delay\x00', 0x101c00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000b40)=""/4096, 0x1000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/015/001\x00', 0x195000, 0x0) r1 = socket(0x11, 0x80003, 0x300) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/fail-nth\x00', 0x941, 0x0) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) r2 = bpf$auto(0xaf7b, &(0x7f00000001c0)=@info={r1, 0x4, 0x6}, 0x5bc8) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) write$auto(r3, &(0x7f0000000480)='0\x00\xb9:\xaa\xc1\r\x02T\xf5\b\x00\x00\x00\x00\x00\x00\x00\xa1\xd0\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xcc!\"\xa6\"jH\xcd\x10&b/\x9a\xf1w\xddS\x87\xd1vi\xa9\xeaM\x1dY\xa6\x8d\xf2\\\xac\xe1\xcf\xf7\xff\xff\x148\t\xba\xa0Z\x00M\xbcHM{\xa9\xf1R3X\xdfMbe\t\t\x86\x11v\xa2W\x93m\xd9\x93\x98.7Z\xe7|\x9f\x88\x05\x9ej\xc5\xfaT\xa0\x9a\\i\xd1\xb3\x02\xfa\xfeaq\x8d\xf1\xba\xaf\xcc\xce\xb2\xd3~TR\xf1\xad\xd0\x90n\xb6\xd0\xfc(p\xa3\xabk\x19\xcb\xfda\xff&\xad1\x95\xc5\xa9Gb\xe3\xa4\xf1\xe2\x91\x0e\x91iy\xba%+=\xb7\xd3D,\x19\b\x00\x00\x00\x00\x00\x00\x00\xadG\x94\v\xff\xa4\xfc\x95\x00By\xe9\x80\xd3U\xcd9\xe0\xbc\x8cK\xf3\xfd\x89\xda\xaeH.\xe3\x95Xbw\x02\x99\x03\x00\x00\x00\x00\x00\x00\x00\xaf\xc3\x89\x91\x19\xfc+\xe9l\xd3\xf5\x00\x00\x00\x00\x00\x00\x00\x85%c\xa6\x0f\xcfI\xb4a\x1d\xc4\x8f\x12X\xdf\xc2\xd7\x8e\xf4\xb9_\xf6\x10\xfc\x9b\xce\xab\xcf\xa9_\x88\xf4\x1b\x12\x12N\f\x84\r\vsI\x86\xe9\xe6J\xb8\xe4\x8f\x02\x9e\xf45\xd9\xf1\xbd\xfd\x97\xd8OU\t\x9e2K\xe2*~\x9dIe\x00\x00\x00\x00\x00\x00\xce;E\x8c\x05~\x1f\xa5\xa4\x9d\xf6\'\xc4\xf7\xa3\xf2\xfb\x85z>\xd71\xb8\x83\x8e\xa9c6I\x8f\x00\xb2\x03\xfd3\xb8\xe9Xo\xaa\xaeg\xb3\x9e\x8fM:\xa5\x1c \xbe\xfe\"\xa1\x11\xf4~\xa1\x90D/e\xe1\xb1C:}\xd2\x9dT\xc1\xd6[Ld\x06\xee\xc6\xe4\x99uT\xfdl\x94\xe1:\'2aO\xf1\xfa8l\n\xe0l\x1c\x89\xd7U\x99\xe9d?\x04\xd8\xf3\x9c\xd8t\x88@\x89\x15p\x84\xad\xa3V=,U\xa4_\xb9\xa7\xd7O\x91\xb2\x03\xbe\xd5\xa8\x03o\x0e\xa7\x93\xabubg\x10\x19\x82D\xa7\xae9\xf1\xc0\n\xfe;n)OAV\xfe\x8fE-\xea\x7fzO0\xde\xc0WK\xe1\x9b\xfe\xbfR\x8c$p\xf0\xe4\xa5\xbe_\x8d:\xd6\xc5\xf5\x80+\xe6O\xbeH\x86<\xdcJq\xe9\xab\x00\xab\x8e\xff\xd0\xb2\t\x14\xc0\xe5\xce\xe4\b\xc3qB', 0x7e) ioctl$auto_RTC_PARAM_GET(r2, 0x40187013, &(0x7f0000000280)={0xdafa, @uvalue=0x9, 0x1}) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x2, 0x80002, 0x73) r5 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r5, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000804) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) read$auto(r4, &(0x7f00000006c0)='0\x00\xb9:\xaa\xc1\r\x02T\xf5\b\x00\x00\x00\x00\x00\x00\x00\xa1\xd0\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xcc!\"\xa6\"jH\xcd\x10&b/\x9a\xf1w\xddS\x87\xd1vi\xa9\xeaM\x1dY\xa6\x8d\xf2\\\xac\xe1\xcf\xf7\xff\xff\x148\t\xba\xa0Z\x00M\xbcHM{\xa9\xf1R3X\xdfMbe\t\t\x86\x11v\xa2W\x93m\xd9\x93\x98.7Z\xe7|\x9f\x88\x05\x9ej\xc5\xfaT\xa0\x9a\\i\xd1\xb3\x02\xfa\xfeaq\x8d\xf1\xba\xaf\xcc\xce\xb2\xd3~TR\xf1\xad\xd0\x90n\xb6\xd0\xfc(p\xa3\xabk\x19\xcb\xfda\xff&\xad1\x95\xc5\xa9Gb\xe3\xa4\xf1\xe2\x91\x0e\x91iy\xba%+=\xb7\xd3D,\x19\b\x00\x00\x00\x00\x00\x00\x00\xadG\x94\v\xff\xa4\xfc\x95\x00By\xe9\x80\xd3U\xcd9\xe0\xbc\x8cK\xf3\xfd\x89\xda\xaeH.\xe3\x95Xbw\x02\x99\x03\x00\x00\x00\x00\x00\x00\x00\xaf\xc3\x89\x91\x19\xfc+\xe9l\xd3\xf5\x00\x00\x00\x00\x00\x00\x00\x85%c\xa6\x0f\xcfI\xb4a\x1d\xc4\x8f\x12X\xdf\xc2\xd7\x8e\xf4\xb9_\xf6\x10\xfc\x9b\xce\xab\xcf\xa9_\x88\xf4\x1b\x12\x12N\f\x84\r\vsI\x86\xe9\xe6J\xb8\xe4\x8f\x02\x9e\xf45\xd9\xf1\xbd\xfd\x97\xd8OU\t\x9e2K\xe2*~\x9dIe\x00\x00\x00\x00\x00\x00\xce;E\x8c\x05~\x1f\xa5\xa4\x9d\xf6\'\xc4\xf7\xa3\xf2\xfb\x85z>\xd71\xb8\x83\x8e\xa9c6I\x8f\x00\xb2\x03\xfd3\xb8\xe9Xo\xaa\xaeg\xb3\x9e\x8fM:\xa5\x1c \xbe\xfe\"\xa1\x11\xf4~\xa1\x90D/e\xe1\xb1C:}\xd2\x9dT\xc1\xd6[Ld\x06\xee\xc6\xe4\x99uT\xfdl\x94\xe1:\'2aO\xf1\xfa8l\n\xe0l\x1c\x89\xd7U\x99\xe9d?\x04\xd8\xf3\x9c\xd8t\x88@\x89\x15p\x84\xad\xa3V=,U\xa4_\xb9\xa7\xd7O\x91\xb2\x03\xbe\xd5\xa8\x03o\x0e\xa7\x93\xabubg\x10\x19\x82D\xa7\xae9\xf1\xc0\n\xfe;n)OAV\xfe\x8fE-\xea\x7fzO0\xde\xc0WK\xe1\x9b\xfe\xbfR\x8c$p\xf0\xe4\xa5\xbe_\x8d:\xd6\xc5\xf5\x80+\xe6O\xbeH\x86<\xdcJq\xe9\xab\x00\xab\x8e\xff\xd0\xb2\t\x14\xc0\xe5\xce\xe4\b\xc3qB', 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) ioctl$auto_FIOASYNC(r5, 0x5452, 0x9) read$auto(0x4, 0x0, 0xfdef) 11.2359959s ago: executing program 0 (id=4925): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x84) r1 = semctl$auto(0x8, 0x806, 0x13, 0x46) setsockopt$auto(r0, 0x0, 0x40, 0x0, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x11, 0x80003, 0x300) sysfs$auto(0x2, 0x10000000000048, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0xffffffffffffffff, 0x10081, 0x0) r2 = fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) r3 = getpgid$auto(r1) ptrace$auto_PTRACE_LISTEN(0x4208, r3, 0x0, 0x100000001) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x20800, 0x0) ioctl$auto_TIOCSTI2(r5, 0x5412, &(0x7f0000000040)) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0x4188aec6, r2) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto(0x3, 0xae41, r7) bpf$auto(0x1de, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x2104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x98) 8.619363427s ago: executing program 0 (id=4936): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/net/dev_mcast\x00', 0x404080, 0x0) write$auto(r0, 0x0, 0x7ef) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/type\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/116, 0x74) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f0000000440)='/Eev/audio1\x00VI\xa3\xaa\xb1\x05\x00\x00\x00\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\x89C:\xc3\xcbx*=\x12\xb4q\xeeC\x81\n\\_\x04D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\x9e\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x8cec, 0x6]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) fchownat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x80400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0xffffffffffffbfff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000100), 0x200003, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) 6.742572155s ago: executing program 2 (id=4933): r0 = socket(0x22, 0x2, 0x24) socket(0x22, 0x2, 0x4) (async) r1 = socket(0x22, 0x2, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x0) io_uring_setup$auto(0x4, 0x0) (async) r2 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r2, 0x0) (async) close_range$auto(0x2, r2, 0x0) close_range$auto(r1, r0, 0x1) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (async) r4 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) unshare$auto(0x8) ioctl$auto(r4, 0x80046f45, 0x38) getpgid(0x0) (async) r5 = getpgid(0x0) rt_tgsigqueueinfo$auto(r5, r5, 0xe, &(0x7f0000000100)={@siginfo_0_0={0x2a, 0x5, 0xb2, @_rt={r5, 0x0, @sival_ptr=&(0x7f0000000380)="62c89a0bc2225ee5b054049908213cc431697f9ba2f348e13a794b6ba3e4ceec16073e01359b1f6ffdb710160b8a0d422d64716074fea4531148e38310343efae6efdd5cf2bd1196d0afcfc4c147fadbab8f16589a00d47f8c961715c6638edf390b3536590d48b7f27eceabb74dbc679641c8c51cd8cb185e6a58924c16a99a2ff39fa04c36d1826a616bf7f43f3b3732"}}}) pidfd_open$auto(r5, 0x6) r6 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xaece, 0xffffffffffffffff) (async) ioctl$auto(0x3, 0xaece, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_USBDEVFS_BULK32(r6, 0xc0105502, &(0x7f0000000000)={0x8001, 0x8, 0x5, 0x7fff}) 5.718012182s ago: executing program 3 (id=4934): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050328bd7000fbdbdf250600000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x40008}, 0x4000040) (fail_nth: 1) 4.337341921s ago: executing program 2 (id=4935): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x84) r1 = semctl$auto(0x8, 0x806, 0x13, 0x46) setsockopt$auto(r0, 0x0, 0x40, 0x0, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x11, 0x80003, 0x300) sysfs$auto(0x2, 0x10000000000048, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0xffffffffffffffff, 0x10081, 0x0) r2 = fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) r3 = getpgid$auto(r1) ptrace$auto_PTRACE_LISTEN(0x4208, r3, 0x0, 0x100000001) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x20800, 0x0) ioctl$auto_TIOCSTI2(r5, 0x5412, &(0x7f0000000040)) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0x4188aec6, r2) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto(0x3, 0xae41, r7) bpf$auto(0x1de, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x2104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x98) 4.335480009s ago: executing program 3 (id=4937): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x10, 0x3, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x2}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x24008040) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_HWSIM_CMD_GET_RADIO(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x28, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_NAME={0xc, 0x11, 'ethtool\x00'}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000d0) r7 = socket(0x10, 0x3, 0x6) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r8, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050328bd7000fbdbdf250600000008000300", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x40008}, 0x4000040) 3.835595347s ago: executing program 2 (id=4938): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bdi/1:3/max_ratio\x00', 0xa041, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x200408a4}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40040) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x7, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/maps\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x11, 0x800, 0x2) mmap$auto(0xfffffffffffffffd, 0x5a5, 0x4000000000e0, 0x40eb2, r2, 0x300000800000) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000000100)="4ceac02070916ed1dc1f91", 0xb) r7 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r1) sendmsg$auto_NL802154_CMD_SET_TX_POWER(r3, &(0x7f00000004c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYRES16=r7, @ANYBLOB="000d27bd7000fddbdf250c000000a30018804b30567ddba58d860194dfd3c941e1a3ee42bec05aebc699755384579aa88a0303b89c82f9977dfd5c54bd757285d9210ce4145ffbd44ae7adffd405f59105104d05e78bb9df91f5af6cab59d80b7f9f8ffb88c383bed830e02ae679ee57ab1b282588487841dc5cf6a142d549b11bcdfb448aac8b043097306d4029fe1a7b023a115fc7890259e865f419ad12d32f70d7f97dc58976bf0275719da239da7a00"], 0xb8}, 0x1, 0x0, 0x0, 0x8010}, 0x4004) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16], 0x2c}, 0x1, 0x0, 0x0, 0x20040041}, 0x8000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r8, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010023bd7000fadbdf2501000000040007800c00020005000000dd00000008000100232e0000", @ANYRESHEX=r5], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) 3.835341286s ago: executing program 3 (id=4939): socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000000)={0x0, 0x0, 0x13d, 0x7, 0x9, 0x0}) r1 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000840), 0x1, 0x0) writev$auto(r1, &(0x7f0000000940)={0x0, 0xb}, 0x3) prctl$auto(0x6, 0x41, r0, 0x5, 0x4) mmap$auto(0x0, 0xc, 0xdb, 0x19, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mknod$auto(0x0, 0xc9, 0xfffffffa) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x18b40, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) landlock_restrict_self$auto(0xffffffffffffffff, 0x2) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x105000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0xc0000102, 0x400, 0x2}]}) unshare$auto(0x40000080) io_uring_setup$auto(0x6, 0x0) r5 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/5u\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x0, 0x40000000009) read$auto_mon_fops_text_t_mon_text(r5, 0x0, 0x0) close_range$auto(0x2, 0x5, 0x0) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) 3.50033279s ago: executing program 0 (id=4940): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r0, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="230027bd7000fcdbdf2508ffe9000c000380050001801500000004000280080001"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44044) 3.265390597s ago: executing program 0 (id=4941): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, 0x0, 0x840, 0xc) socket(0x1d, 0x2, 0x6) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x84) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x4004004) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) 2.780596364s ago: executing program 2 (id=4942): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bdi/1:3/max_ratio\x00', 0xa041, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x200408a4}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40040) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x7, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/maps\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x11, 0x800, 0x2) mmap$auto(0xfffffffffffffffd, 0x5a5, 0x4000000000e0, 0x40eb2, r2, 0x300000800000) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000000100)="4ceac02070916ed1dc1f91", 0xb) r7 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), r1) sendmsg$auto_NL802154_CMD_SET_TX_POWER(r3, &(0x7f00000004c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYRES16=r7, @ANYBLOB="000d27bd7000fddbdf250c000000a30018804b30567ddba58d860194dfd3c941e1a3ee42bec05aebc699755384579aa88a0303b89c82f9977dfd5c54bd757285d9210ce4145ffbd44ae7adffd405f59105104d05e78bb9df91f5af6cab59d80b7f9f8ffb88c383bed830e02ae679ee57ab1b282588487841dc5cf6a142d549b11bcdfb448aac8b043097306d4029fe1a7b023a115fc7890259e865f419ad12d32f70d7f97dc58976bf0275719da239da7a00"], 0xb8}, 0x1, 0x0, 0x0, 0x8010}, 0x4004) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20040041}, 0x8000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r8, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010023bd7000fadbdf2501000000040007800c00020005000000dd00000008000100232e0000", @ANYRESHEX=r5], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) 2.689038163s ago: executing program 0 (id=4943): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop5/mq/0/nr_reserved_tags\x00', 0x80880, 0x0) mmap$auto(0x4000, 0x24009, 0x4000000000df, 0x12, r0, 0x8001) r1 = socket$nl_generic(0x11, 0x3, 0x10) r2 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) listen$auto(r2, 0x611e) getsockopt$auto_SO_REUSEADDR(r2, 0x9, 0x2, &(0x7f0000000000)='[\'%@-g\x00', &(0x7f0000000040)=0x8) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) futex$auto(0x0, 0xb, 0x5, 0x0, 0x0, 0x7ff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000280)='batad,0\x00', 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x9, 0x3) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) clock_gettime$auto(0x4, &(0x7f0000000000)={0x10000, 0x8}) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000080)={0x0, 0x7, [0x81, 0x7, 0x8, 0x0, 0x4, 0x7]}) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r3, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xffffffffffffffff, 0x28000) bind$auto(r1, &(0x7f0000000200)=@generic={0x11, "00030f00"}, 0x80) read$auto(0x3, 0x0, 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_FLUSH(r4, &(0x7f0000001f80)={0x0, 0x6000, &(0x7f0000001f40)={&(0x7f0000000540)={0x14, r5, 0x1, 0x2, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x40844) 2.428689711s ago: executing program 3 (id=4944): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, 0x0, 0x840, 0xc) socket(0x1d, 0x2, 0x6) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x84) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x4004004) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (fail_nth: 3) 1.734925423s ago: executing program 2 (id=4945): socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xd4, 0xfffffffffffffffc, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x81) readv$auto(0x3, &(0x7f00000001c0)={0x0}, 0x100000007) 1.654556193s ago: executing program 3 (id=4946): mmap$auto(0x0, 0x40008, 0xdf, 0x9b72, 0x7, 0x28000) r0 = signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, 0x0, 0x840, 0xc) socket(0x1d, 0x2, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = inotify_init1$auto(0x3000000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) r3 = open(0x0, 0x1a33c1, 0x157) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r5 = socket(0x2, 0x3, 0xa) recvmmsg$auto(r5, 0x0, 0x400fffd, 0x0, 0x0) prctl$auto_PR_SET_VMA_ANON_NAME(0xffff, 0x0, 0x0, 0x1ff, 0x513c) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), r0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r1, &(0x7f0000000100)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES64=r3, @ANYRES64=r2, @ANYRES32, @ANYRESOCT], 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x800) r6 = socket$nl_generic(0x10, 0x3, 0x10) pwrite64$auto(0xc8, &(0x7f0000000440)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\x88\xa8\x8a>\x88\xa8\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2\x9f*\xa67\xbd\xac\a\xe6\x97\x83\xa0\x06Q\xed4\xe2\x8c\x95(\xd9\xe3%\xb3\xbdx`=\xbc\x108U_\xde\xf1\xe3\xd5\xcf\x9e\xd2\xb2\xcb\x1bB#\x9e\xe4\x9ej\xe8\xc5\x80\xd0\xe7u\xc4\xe6ke&8J\xf0\xaa\x14Z;w\xb6\xc3\xd2\xf8\x0ey\x9c~%\xd96}x&\xd3\xa9\x1c\xc4\xabZ\v\nyM\x1f\xd74\xc0\xee\xf7\xbcO\xc1\xd0\xdcSh\x177 ^\x9e\xcb\x13{\x95\x17q5\xbf\xec\x8af\\d\x0f\xda\x90\xb9\xf27\xdb\xcc\xe4\xf7W\x1ebM\xf9\xdf\xcf\xcc\xc2\x9cB\xf9\xc3)p^H\xbb\xa0\x7f\xf3\a\xd9S\xfa\x9d\xbf\x01\x13\x83j{B\xd1\x17\x90\x84s\x0fx\n\xdfw\x18\xda\xd10q\xbb\xb6\xc8\x80})\xbb\xf4.\x91\x8d\x90', 0x4e, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0xdd, 0x9b75, r6, 0x8000) socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x84) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x4004004) io_uring_setup$auto(0x1, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r7, 0x5423, 0x0) 30.49025ms ago: executing program 1 (id=4920): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, r1, 0xb01, 0x70bd27, 0x25dfdbfc, {0x5, 0x0, 0x3f00}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000084) 26.104833ms ago: executing program 0 (id=4954): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/set_event\x00', 0x80580, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) 20.050645ms ago: executing program 2 (id=4955): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/set_event\x00', 0x80580, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) (fail_nth: 2) 0s ago: executing program 3 (id=4956): mmap$auto(0xfffffffffffffffc, 0x2, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x6, 0x19, 0x0, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000026d00)='/dev/dri/card1\x00', 0x2000, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x1bb98e6850e6203, 0xe1d2b27bdc14aab4) flock$auto(r2, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000cf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8) msgctl$auto_MSG_STAT_ANY(0x2, 0xd, &(0x7f0000000240)={{0x762, 0x0, 0xee00, 0x3, 0x7, 0x8, 0xdeb7}, 0x0, 0x0, 0x4, 0x7ff, 0x4, 0x7, 0x400, 0x4, 0x100, 0x7, @raw=0x4}) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptye9\x00', 0x185400, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x8000, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x8000, 0x0) ioctl$auto_EVIOCGEFFECTS(r4, 0x80044584, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) sendfile$auto(r5, r3, 0x0, 0x10000) r6 = open(&(0x7f0000000080)='./file0\x00', 0x4242, 0x40) flock$auto(r6, 0x2) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x402) socket(0x1d, 0x3, 0x9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/015/001\x00', 0x80000, 0x0) kernel console output (not intermixed with test programs): 566.540680][T29338] get_futex_key+0xf3e/0x1540 [ 1566.540725][T29338] ? __pfx_get_futex_key+0x10/0x10 [ 1566.540763][T29338] ? __mutex_trylock_common+0xe9/0x250 [ 1566.540827][T29338] futex_wake+0xea/0x530 [ 1566.540876][T29338] ? __pfx_futex_wake+0x10/0x10 [ 1566.540926][T29338] ? __lock_acquire+0xb8a/0x1c90 [ 1566.540989][T29338] do_futex+0x1e3/0x350 [ 1566.541031][T29338] ? __pfx_do_futex+0x10/0x10 [ 1566.541067][T29338] ? __might_fault+0xe3/0x190 [ 1566.541127][T29338] mm_release+0x24e/0x300 [ 1566.541162][T29338] do_exit+0x683/0x2bd0 [ 1566.541213][T29338] ? __pfx_do_exit+0x10/0x10 [ 1566.541255][T29338] ? do_raw_spin_lock+0x12c/0x2b0 [ 1566.541301][T29338] ? find_held_lock+0x2b/0x80 [ 1566.541338][T29338] do_group_exit+0xd3/0x2a0 [ 1566.541385][T29338] get_signal+0x2673/0x26d0 [ 1566.541437][T29338] ? __pfx_get_signal+0x10/0x10 [ 1566.541474][T29338] ? do_futex+0x122/0x350 [ 1566.541513][T29338] ? __pfx_do_futex+0x10/0x10 [ 1566.541556][T29338] arch_do_signal_or_restart+0x8f/0x790 [ 1566.541596][T29338] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1566.541646][T29338] ? xfd_validate_state+0x61/0x180 [ 1566.541698][T29338] exit_to_user_mode_loop+0x84/0x110 [ 1566.541752][T29338] do_syscall_64+0x3f6/0x490 [ 1566.541785][T29338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1566.541828][T29338] RIP: 0033:0x7f01c338e929 [ 1566.541855][T29338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1566.541888][T29338] RSP: 002b:00007f01c42580e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1566.541918][T29338] RAX: fffffffffffffe00 RBX: 00007f01c35b6088 RCX: 00007f01c338e929 [ 1566.541938][T29338] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01c35b6088 [ 1566.541957][T29338] RBP: 00007f01c35b6080 R08: 0000000000000000 R09: 0000000000000000 [ 1566.541975][T29338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01c35b608c [ 1566.541994][T29338] R13: 0000000000000000 R14: 00007ffc9ada5150 R15: 00007ffc9ada5238 [ 1566.542035][T29338] [ 1569.240280][T29472] nbd: nbd11811 already in use [ 1571.520884][T29578] FAULT_INJECTION: forcing a failure. [ 1571.520884][T29578] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1571.544443][T29578] CPU: 0 UID: 0 PID: 29578 Comm: syz.2.4715 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1571.544496][T29578] Tainted: [U]=USER [ 1571.544508][T29578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1571.544526][T29578] Call Trace: [ 1571.544537][T29578] [ 1571.544551][T29578] dump_stack_lvl+0x16c/0x1f0 [ 1571.544605][T29578] should_fail_ex+0x512/0x640 [ 1571.544666][T29578] should_fail_alloc_page+0xe7/0x130 [ 1571.544702][T29578] prepare_alloc_pages+0x3c2/0x610 [ 1571.544749][T29578] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1571.544822][T29578] ? lock_acquire+0x179/0x350 [ 1571.544866][T29578] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1571.544916][T29578] ? find_held_lock+0x2b/0x80 [ 1571.544948][T29578] ? page_table_check_set+0x627/0x750 [ 1571.545018][T29578] ? __page_table_check_ptes_set+0x1ae/0x420 [ 1571.545070][T29578] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1571.545121][T29578] ? policy_nodemask+0xea/0x4e0 [ 1571.545178][T29578] alloc_pages_mpol+0x1fb/0x550 [ 1571.545211][T29578] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1571.545255][T29578] alloc_pages_noprof+0x131/0x390 [ 1571.545287][T29578] pte_alloc_one+0x1c/0x3a0 [ 1571.545334][T29578] __pte_alloc+0x6d/0x3c0 [ 1571.545366][T29578] ? __pfx___pte_alloc+0x10/0x10 [ 1571.545396][T29578] ? __pfx___might_resched+0x10/0x10 [ 1571.545429][T29578] ? copy_page_range+0x13f0/0x5740 [ 1571.545478][T29578] copy_page_range+0x1aed/0x5740 [ 1571.545537][T29578] ? __lock_acquire+0x622/0x1c90 [ 1571.545619][T29578] ? __pfx_copy_page_range+0x10/0x10 [ 1571.545672][T29578] ? __pfx___might_resched+0x10/0x10 [ 1571.545705][T29578] ? __vma_enter_locked+0x163/0x3f0 [ 1571.545752][T29578] ? dup_mmap+0xe38/0x21d0 [ 1571.545790][T29578] ? down_write+0x14d/0x200 [ 1571.545827][T29578] ? up_write+0x1b2/0x520 [ 1571.545879][T29578] dup_mmap+0xe88/0x21d0 [ 1571.545935][T29578] ? __pfx_dup_mmap+0x10/0x10 [ 1571.546005][T29578] copy_process+0x4081/0x76a0 [ 1571.546042][T29578] ? preempt_schedule_thunk+0x16/0x30 [ 1571.546102][T29578] ? __pfx_copy_process+0x10/0x10 [ 1571.546139][T29578] ? plist_check_head+0xa3/0x150 [ 1571.546191][T29578] ? futex_private_hash_put+0xc7/0x240 [ 1571.546235][T29578] kernel_clone+0xfc/0x960 [ 1571.546274][T29578] ? __pfx_futex_wake+0x10/0x10 [ 1571.546319][T29578] ? __pfx_kernel_clone+0x10/0x10 [ 1571.546386][T29578] __do_sys_clone+0xce/0x120 [ 1571.546426][T29578] ? __pfx___do_sys_clone+0x10/0x10 [ 1571.546466][T29578] ? ksys_unshare+0x687/0xa40 [ 1571.546527][T29578] ? xfd_validate_state+0x61/0x180 [ 1571.546584][T29578] do_syscall_64+0xcd/0x490 [ 1571.546623][T29578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.546657][T29578] RIP: 0033:0x7f66d098e929 [ 1571.546684][T29578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1571.546715][T29578] RSP: 002b:00007f66d1750fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1571.546745][T29578] RAX: ffffffffffffffda RBX: 00007f66d0bb6160 RCX: 00007f66d098e929 [ 1571.546766][T29578] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1571.546785][T29578] RBP: 00007f66d0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1571.546804][T29578] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1571.546822][T29578] R13: 0000000000000000 R14: 00007f66d0bb6160 R15: 00007ffed7a79128 [ 1571.546865][T29578] [ 1573.733515][T29684] FAULT_INJECTION: forcing a failure. [ 1573.733515][T29684] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1573.751620][T29684] CPU: 0 UID: 0 PID: 29684 Comm: syz.2.4723 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1573.751676][T29684] Tainted: [U]=USER [ 1573.751688][T29684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1573.751707][T29684] Call Trace: [ 1573.751719][T29684] [ 1573.751733][T29684] dump_stack_lvl+0x16c/0x1f0 [ 1573.751789][T29684] should_fail_ex+0x512/0x640 [ 1573.751843][T29684] should_fail_alloc_page+0xe7/0x130 [ 1573.751879][T29684] prepare_alloc_pages+0x3c2/0x610 [ 1573.751924][T29684] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1573.751973][T29684] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 1573.752033][T29684] ? __lock_acquire+0x622/0x1c90 [ 1573.752082][T29684] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1573.752130][T29684] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1573.752215][T29684] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1573.752267][T29684] ? policy_nodemask+0xea/0x4e0 [ 1573.752323][T29684] alloc_pages_mpol+0x1fb/0x550 [ 1573.752356][T29684] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1573.752385][T29684] ? do_raw_spin_lock+0x12c/0x2b0 [ 1573.752435][T29684] ? find_held_lock+0x2b/0x80 [ 1573.752472][T29684] alloc_pages_noprof+0x131/0x390 [ 1573.752504][T29684] __pmd_alloc+0x3b/0x930 [ 1573.752539][T29684] ? __pud_alloc+0x526/0x750 [ 1573.752582][T29684] copy_page_range+0x2419/0x5740 [ 1573.752625][T29684] ? dup_mmap+0x152e/0x21d0 [ 1573.752660][T29684] ? copy_process+0x4081/0x76a0 [ 1573.752698][T29684] ? kernel_clone+0xfc/0x960 [ 1573.752733][T29684] ? __do_sys_clone+0xce/0x120 [ 1573.752774][T29684] ? __lock_acquire+0x622/0x1c90 [ 1573.752846][T29684] ? __pfx_copy_page_range+0x10/0x10 [ 1573.752889][T29684] ? mas_store+0x7a9/0x1160 [ 1573.752924][T29684] ? find_held_lock+0x2b/0x80 [ 1573.752957][T29684] ? __pfx_mas_store+0x10/0x10 [ 1573.752987][T29684] ? __vma_enter_locked+0x163/0x3f0 [ 1573.753055][T29684] dup_mmap+0xe88/0x21d0 [ 1573.753108][T29684] ? __pfx_dup_mmap+0x10/0x10 [ 1573.753182][T29684] copy_process+0x4081/0x76a0 [ 1573.753222][T29684] ? preempt_schedule_thunk+0x16/0x30 [ 1573.753281][T29684] ? __pfx_copy_process+0x10/0x10 [ 1573.753317][T29684] ? plist_check_head+0xa3/0x150 [ 1573.753368][T29684] ? futex_private_hash_put+0xc7/0x240 [ 1573.753413][T29684] kernel_clone+0xfc/0x960 [ 1573.753454][T29684] ? __pfx_futex_wake+0x10/0x10 [ 1573.753499][T29684] ? __pfx_kernel_clone+0x10/0x10 [ 1573.753563][T29684] __do_sys_clone+0xce/0x120 [ 1573.753602][T29684] ? __pfx___do_sys_clone+0x10/0x10 [ 1573.753641][T29684] ? ksys_unshare+0x687/0xa40 [ 1573.753700][T29684] ? xfd_validate_state+0x61/0x180 [ 1573.753755][T29684] do_syscall_64+0xcd/0x490 [ 1573.753789][T29684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1573.753824][T29684] RIP: 0033:0x7f66d098e929 [ 1573.753852][T29684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1573.753884][T29684] RSP: 002b:00007f66d1792fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1573.753916][T29684] RAX: ffffffffffffffda RBX: 00007f66d0bb5fa0 RCX: 00007f66d098e929 [ 1573.753938][T29684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1573.753959][T29684] RBP: 00007f66d0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1573.753980][T29684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1573.753999][T29684] R13: 0000000000000000 R14: 00007f66d0bb5fa0 R15: 00007ffed7a79128 [ 1573.754041][T29684] [ 1575.954464][T29817] FAULT_INJECTION: forcing a failure. [ 1575.954464][T29817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1575.977972][T29817] CPU: 1 UID: 0 PID: 29817 Comm: syz.3.4729 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1575.978027][T29817] Tainted: [U]=USER [ 1575.978038][T29817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1575.978056][T29817] Call Trace: [ 1575.978066][T29817] [ 1575.978080][T29817] dump_stack_lvl+0x16c/0x1f0 [ 1575.978135][T29817] should_fail_ex+0x512/0x640 [ 1575.978190][T29817] _copy_from_iter+0x463/0x16f0 [ 1575.978260][T29817] ? __pfx__copy_from_iter+0x10/0x10 [ 1575.978316][T29817] ? rcu_is_watching+0x12/0xc0 [ 1575.978349][T29817] ? trace_kmalloc+0x2b/0xd0 [ 1575.978380][T29817] ? __kmalloc_noprof+0x242/0x510 [ 1575.978439][T29817] kernfs_fop_write_iter+0x19a/0x510 [ 1575.978482][T29817] do_iter_readv_writev+0x657/0x950 [ 1575.978527][T29817] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1575.978590][T29817] vfs_writev+0x35f/0xde0 [ 1575.978629][T29817] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1575.978683][T29817] ? __pfx_vfs_writev+0x10/0x10 [ 1575.978726][T29817] ? __mutex_lock+0x1ca/0xb90 [ 1575.978767][T29817] ? __pfx___mutex_lock+0x10/0x10 [ 1575.978813][T29817] ? __fget_files+0x20e/0x3c0 [ 1575.978854][T29817] ? __fget_files+0x150/0x3c0 [ 1575.978909][T29817] ? do_writev+0x132/0x340 [ 1575.978948][T29817] do_writev+0x132/0x340 [ 1575.978989][T29817] ? __pfx_do_writev+0x10/0x10 [ 1575.979042][T29817] do_syscall_64+0xcd/0x490 [ 1575.979076][T29817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1575.979108][T29817] RIP: 0033:0x7fd05f58e929 [ 1575.979135][T29817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1575.979169][T29817] RSP: 002b:00007fd0603c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1575.979200][T29817] RAX: ffffffffffffffda RBX: 00007fd05f7b5fa0 RCX: 00007fd05f58e929 [ 1575.979221][T29817] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000005 [ 1575.979248][T29817] RBP: 00007fd0603c1090 R08: 0000000000000000 R09: 0000000000000000 [ 1575.979269][T29817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1575.979288][T29817] R13: 0000000000000000 R14: 00007fd05f7b5fa0 R15: 00007ffd954c0878 [ 1575.979333][T29817] [ 1576.215280][T29767] FAULT_INJECTION: forcing a failure. [ 1576.215280][T29767] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1576.230289][T29767] CPU: 0 UID: 0 PID: 29767 Comm: syz.0.4728 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1576.230342][T29767] Tainted: [U]=USER [ 1576.230354][T29767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1576.230372][T29767] Call Trace: [ 1576.230383][T29767] [ 1576.230396][T29767] dump_stack_lvl+0x16c/0x1f0 [ 1576.230452][T29767] should_fail_ex+0x512/0x640 [ 1576.230504][T29767] get_futex_key+0x293/0x1540 [ 1576.230548][T29767] ? __pfx_get_futex_key+0x10/0x10 [ 1576.230588][T29767] ? __mutex_trylock_common+0xe9/0x250 [ 1576.230643][T29767] futex_wake+0xea/0x530 [ 1576.230693][T29767] ? __pfx_futex_wake+0x10/0x10 [ 1576.230736][T29767] ? __lock_acquire+0xb8a/0x1c90 [ 1576.230799][T29767] do_futex+0x1e3/0x350 [ 1576.230838][T29767] ? __pfx_do_futex+0x10/0x10 [ 1576.230874][T29767] ? __might_fault+0xe3/0x190 [ 1576.230933][T29767] mm_release+0x24e/0x300 [ 1576.230981][T29767] do_exit+0x683/0x2bd0 [ 1576.231033][T29767] ? __pfx_do_exit+0x10/0x10 [ 1576.231076][T29767] ? do_raw_spin_lock+0x12c/0x2b0 [ 1576.231123][T29767] ? find_held_lock+0x2b/0x80 [ 1576.231163][T29767] do_group_exit+0xd3/0x2a0 [ 1576.231209][T29767] get_signal+0x2673/0x26d0 [ 1576.231261][T29767] ? __pfx_get_signal+0x10/0x10 [ 1576.231297][T29767] ? do_futex+0x122/0x350 [ 1576.231341][T29767] ? __pfx_do_futex+0x10/0x10 [ 1576.231383][T29767] arch_do_signal_or_restart+0x8f/0x790 [ 1576.231424][T29767] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1576.231474][T29767] ? xfd_validate_state+0x61/0x180 [ 1576.231527][T29767] exit_to_user_mode_loop+0x84/0x110 [ 1576.231580][T29767] do_syscall_64+0x3f6/0x490 [ 1576.231614][T29767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1576.231645][T29767] RIP: 0033:0x7fa2d598e929 [ 1576.231672][T29767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1576.231704][T29767] RSP: 002b:00007fa2d37f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1576.231736][T29767] RAX: fffffffffffffe00 RBX: 00007fa2d5bb6088 RCX: 00007fa2d598e929 [ 1576.231757][T29767] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2d5bb6088 [ 1576.231776][T29767] RBP: 00007fa2d5bb6080 R08: 0000000000000000 R09: 0000000000000000 [ 1576.231795][T29767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2d5bb608c [ 1576.231815][T29767] R13: 0000000000000000 R14: 00007ffca52cd6a0 R15: 00007ffca52cd788 [ 1576.231856][T29767] [ 1577.850122][T29860] FAULT_INJECTION: forcing a failure. [ 1577.850122][T29860] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.863926][T29860] CPU: 0 UID: 0 PID: 29860 Comm: syz.1.4738 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1577.863968][T29860] Tainted: [U]=USER [ 1577.863976][T29860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1577.863991][T29860] Call Trace: [ 1577.864000][T29860] [ 1577.864009][T29860] dump_stack_lvl+0x16c/0x1f0 [ 1577.864054][T29860] should_fail_ex+0x512/0x640 [ 1577.864090][T29860] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1577.864133][T29860] should_failslab+0xc2/0x120 [ 1577.864156][T29860] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1577.864193][T29860] ? ptlock_alloc+0x1f/0x70 [ 1577.864227][T29860] ptlock_alloc+0x1f/0x70 [ 1577.864256][T29860] pte_alloc_one+0x82/0x3a0 [ 1577.864294][T29860] __pte_alloc+0x6d/0x3c0 [ 1577.864316][T29860] ? __pfx___pte_alloc+0x10/0x10 [ 1577.864338][T29860] ? __pfx___might_resched+0x10/0x10 [ 1577.864362][T29860] ? copy_page_range+0x13f0/0x5740 [ 1577.864397][T29860] copy_page_range+0x1aed/0x5740 [ 1577.864439][T29860] ? __lock_acquire+0x622/0x1c90 [ 1577.864491][T29860] ? __pfx_copy_page_range+0x10/0x10 [ 1577.864530][T29860] ? __pfx___might_resched+0x10/0x10 [ 1577.864553][T29860] ? __vma_enter_locked+0x163/0x3f0 [ 1577.864596][T29860] ? dup_mmap+0xe38/0x21d0 [ 1577.864635][T29860] ? down_write+0x14d/0x200 [ 1577.864669][T29860] ? up_write+0x1b2/0x520 [ 1577.864709][T29860] dup_mmap+0xe88/0x21d0 [ 1577.864750][T29860] ? __pfx_dup_mmap+0x10/0x10 [ 1577.864800][T29860] copy_process+0x4081/0x76a0 [ 1577.864830][T29860] ? __pfx___futex_wait+0x10/0x10 [ 1577.864885][T29860] ? __pfx_copy_process+0x10/0x10 [ 1577.864930][T29860] kernel_clone+0xfc/0x960 [ 1577.864963][T29860] ? __pfx_kernel_clone+0x10/0x10 [ 1577.865011][T29860] __do_sys_clone+0xce/0x120 [ 1577.865042][T29860] ? __pfx___do_sys_clone+0x10/0x10 [ 1577.865073][T29860] ? ksys_unshare+0x687/0xa40 [ 1577.865120][T29860] ? xfd_validate_state+0x61/0x180 [ 1577.865162][T29860] do_syscall_64+0xcd/0x490 [ 1577.865187][T29860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1577.865213][T29860] RIP: 0033:0x7f01c338e929 [ 1577.865233][T29860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1577.865259][T29860] RSP: 002b:00007f01c4257fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1577.865283][T29860] RAX: ffffffffffffffda RBX: 00007f01c35b6080 RCX: 00007f01c338e929 [ 1577.865301][T29860] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1577.865317][T29860] RBP: 00007f01c3410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1577.865334][T29860] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1577.865348][T29860] R13: 0000000000000000 R14: 00007f01c35b6080 R15: 00007ffc9ada5238 [ 1577.865379][T29860] [ 1582.214388][T30126] FAULT_INJECTION: forcing a failure. [ 1582.214388][T30126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1582.239892][T30126] CPU: 1 UID: 0 PID: 30126 Comm: syz.1.4747 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1582.239944][T30126] Tainted: [U]=USER [ 1582.239955][T30126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1582.239974][T30126] Call Trace: [ 1582.239984][T30126] [ 1582.239997][T30126] dump_stack_lvl+0x16c/0x1f0 [ 1582.240057][T30126] should_fail_ex+0x512/0x640 [ 1582.240110][T30126] core_sys_select+0x4c5/0xc10 [ 1582.240163][T30126] ? __pfx_core_sys_select+0x10/0x10 [ 1582.240215][T30126] ? proc_fail_nth_write+0x9f/0x250 [ 1582.240288][T30126] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1582.240353][T30126] kern_select+0x15d/0x1e0 [ 1582.240397][T30126] ? __pfx_kern_select+0x10/0x10 [ 1582.240446][T30126] ? __pfx_ksys_write+0x10/0x10 [ 1582.240499][T30126] __x64_sys_select+0xbd/0x160 [ 1582.240540][T30126] ? do_syscall_64+0x91/0x490 [ 1582.240568][T30126] ? lockdep_hardirqs_on+0x7c/0x110 [ 1582.240615][T30126] do_syscall_64+0xcd/0x490 [ 1582.240646][T30126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1582.240678][T30126] RIP: 0033:0x7f01c338e929 [ 1582.240703][T30126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1582.240740][T30126] RSP: 002b:00007f01c4279038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1582.240771][T30126] RAX: ffffffffffffffda RBX: 00007f01c35b5fa0 RCX: 00007f01c338e929 [ 1582.240792][T30126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1582.240810][T30126] RBP: 00007f01c4279090 R08: 0000000000000000 R09: 0000000000000000 [ 1582.240830][T30126] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1582.240849][T30126] R13: 0000000000000000 R14: 00007f01c35b5fa0 R15: 00007ffc9ada5238 [ 1582.240889][T30126] [ 1583.378366][T30181] FAULT_INJECTION: forcing a failure. [ 1583.378366][T30181] name failslab, interval 1, probability 0, space 0, times 0 [ 1583.448785][T30181] CPU: 1 UID: 0 PID: 30181 Comm: syz.3.4750 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1583.448842][T30181] Tainted: [U]=USER [ 1583.448853][T30181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1583.448874][T30181] Call Trace: [ 1583.448886][T30181] [ 1583.448900][T30181] dump_stack_lvl+0x16c/0x1f0 [ 1583.448956][T30181] should_fail_ex+0x512/0x640 [ 1583.449005][T30181] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1583.449061][T30181] should_failslab+0xc2/0x120 [ 1583.449094][T30181] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1583.449144][T30181] ? anon_vma_fork+0x200/0x620 [ 1583.449198][T30181] anon_vma_fork+0x200/0x620 [ 1583.449249][T30181] dup_mmap+0x152e/0x21d0 [ 1583.449307][T30181] ? __pfx_dup_mmap+0x10/0x10 [ 1583.449391][T30181] copy_process+0x4081/0x76a0 [ 1583.449434][T30181] ? __pfx___futex_wait+0x10/0x10 [ 1583.449497][T30181] ? __pfx_copy_process+0x10/0x10 [ 1583.449567][T30181] kernel_clone+0xfc/0x960 [ 1583.449613][T30181] ? __pfx_kernel_clone+0x10/0x10 [ 1583.449683][T30181] __do_sys_clone+0xce/0x120 [ 1583.449724][T30181] ? __pfx___do_sys_clone+0x10/0x10 [ 1583.449765][T30181] ? ksys_unshare+0x687/0xa40 [ 1583.449827][T30181] ? xfd_validate_state+0x61/0x180 [ 1583.449886][T30181] do_syscall_64+0xcd/0x490 [ 1583.449921][T30181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1583.449955][T30181] RIP: 0033:0x7fd05f58e929 [ 1583.449982][T30181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1583.450016][T30181] RSP: 002b:00007fd0603c0fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1583.450048][T30181] RAX: ffffffffffffffda RBX: 00007fd05f7b5fa0 RCX: 00007fd05f58e929 [ 1583.450071][T30181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1583.450091][T30181] RBP: 00007fd05f610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1583.450112][T30181] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1583.450134][T30181] R13: 0000000000000000 R14: 00007fd05f7b5fa0 R15: 00007ffd954c0878 [ 1583.450179][T30181] [ 1584.420804][T30260] ubi0: attaching mtd0 [ 1584.434413][T30260] ubi0: scanning is finished [ 1584.439771][T30260] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1584.594884][T30260] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1586.279556][T30344] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4761'. [ 1587.144665][T30347] FAULT_INJECTION: forcing a failure. [ 1587.144665][T30347] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1587.181510][T30347] CPU: 1 UID: 0 PID: 30347 Comm: syz.3.4762 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1587.181565][T30347] Tainted: [U]=USER [ 1587.181576][T30347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1587.181595][T30347] Call Trace: [ 1587.181605][T30347] [ 1587.181618][T30347] dump_stack_lvl+0x16c/0x1f0 [ 1587.181688][T30347] should_fail_ex+0x512/0x640 [ 1587.181742][T30347] get_futex_key+0xf3e/0x1540 [ 1587.181786][T30347] ? __pfx_get_futex_key+0x10/0x10 [ 1587.181825][T30347] ? __mutex_trylock_common+0xe9/0x250 [ 1587.181880][T30347] futex_wake+0xea/0x530 [ 1587.181930][T30347] ? __pfx_futex_wake+0x10/0x10 [ 1587.181971][T30347] ? __lock_acquire+0xb8a/0x1c90 [ 1587.182031][T30347] do_futex+0x1e3/0x350 [ 1587.182071][T30347] ? __pfx_do_futex+0x10/0x10 [ 1587.182106][T30347] ? __might_fault+0xe3/0x190 [ 1587.182170][T30347] mm_release+0x24e/0x300 [ 1587.182206][T30347] do_exit+0x683/0x2bd0 [ 1587.182257][T30347] ? __pfx_do_exit+0x10/0x10 [ 1587.182314][T30347] ? do_raw_spin_lock+0x12c/0x2b0 [ 1587.182381][T30347] ? find_held_lock+0x2b/0x80 [ 1587.182420][T30347] do_group_exit+0xd3/0x2a0 [ 1587.182477][T30347] get_signal+0x2673/0x26d0 [ 1587.182528][T30347] ? __pfx_get_signal+0x10/0x10 [ 1587.182562][T30347] ? do_futex+0x122/0x350 [ 1587.182602][T30347] ? __pfx_do_futex+0x10/0x10 [ 1587.182644][T30347] arch_do_signal_or_restart+0x8f/0x790 [ 1587.182683][T30347] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1587.182731][T30347] ? xfd_validate_state+0x61/0x180 [ 1587.182782][T30347] exit_to_user_mode_loop+0x84/0x110 [ 1587.182835][T30347] do_syscall_64+0x3f6/0x490 [ 1587.182866][T30347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1587.182898][T30347] RIP: 0033:0x7fd05f58e929 [ 1587.182924][T30347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1587.182955][T30347] RSP: 002b:00007fd0603a00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1587.182986][T30347] RAX: fffffffffffffe00 RBX: 00007fd05f7b6088 RCX: 00007fd05f58e929 [ 1587.183007][T30347] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd05f7b6088 [ 1587.183026][T30347] RBP: 00007fd05f7b6080 R08: 0000000000000000 R09: 0000000000000000 [ 1587.183044][T30347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd05f7b608c [ 1587.183062][T30347] R13: 0000000000000000 R14: 00007ffd954c0790 R15: 00007ffd954c0878 [ 1587.183101][T30347] [ 1587.784051][T30355] FAULT_INJECTION: forcing a failure. [ 1587.784051][T30355] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1587.861458][T30355] CPU: 0 UID: 0 PID: 30355 Comm: syz.0.4763 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1587.861515][T30355] Tainted: [U]=USER [ 1587.861526][T30355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1587.861545][T30355] Call Trace: [ 1587.861558][T30355] [ 1587.861573][T30355] dump_stack_lvl+0x16c/0x1f0 [ 1587.861634][T30355] should_fail_ex+0x512/0x640 [ 1587.861691][T30355] should_fail_alloc_page+0xe7/0x130 [ 1587.861728][T30355] prepare_alloc_pages+0x3c2/0x610 [ 1587.861776][T30355] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1587.861848][T30355] ? lock_acquire+0x179/0x350 [ 1587.861895][T30355] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1587.861944][T30355] ? find_held_lock+0x2b/0x80 [ 1587.861978][T30355] ? page_table_check_set+0x627/0x750 [ 1587.862043][T30355] ? look_up_lock_class+0x6b/0x150 [ 1587.862098][T30355] ? register_lock_class+0x41/0x4c0 [ 1587.862143][T30355] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1587.862197][T30355] ? policy_nodemask+0xea/0x4e0 [ 1587.862267][T30355] alloc_pages_mpol+0x1fb/0x550 [ 1587.862302][T30355] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1587.862350][T30355] alloc_pages_noprof+0x131/0x390 [ 1587.862384][T30355] pte_alloc_one+0x1c/0x3a0 [ 1587.862438][T30355] __pte_alloc+0x6d/0x3c0 [ 1587.862470][T30355] ? __pfx___pte_alloc+0x10/0x10 [ 1587.862503][T30355] ? __pfx___might_resched+0x10/0x10 [ 1587.862537][T30355] ? copy_page_range+0x13f0/0x5740 [ 1587.862587][T30355] copy_page_range+0x1aed/0x5740 [ 1587.862641][T30355] ? __lock_acquire+0x622/0x1c90 [ 1587.862715][T30355] ? __pfx_copy_page_range+0x10/0x10 [ 1587.862771][T30355] ? __pfx___might_resched+0x10/0x10 [ 1587.862806][T30355] ? __vma_enter_locked+0x163/0x3f0 [ 1587.862856][T30355] ? dup_mmap+0xe38/0x21d0 [ 1587.862895][T30355] ? down_write+0x14d/0x200 [ 1587.862935][T30355] ? up_write+0x1b2/0x520 [ 1587.862989][T30355] dup_mmap+0xe88/0x21d0 [ 1587.863046][T30355] ? __pfx_dup_mmap+0x10/0x10 [ 1587.863116][T30355] copy_process+0x4081/0x76a0 [ 1587.863159][T30355] ? __pfx___futex_wait+0x10/0x10 [ 1587.863205][T30355] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1587.863281][T30355] ? __pfx_copy_process+0x10/0x10 [ 1587.863345][T30355] kernel_clone+0xfc/0x960 [ 1587.863390][T30355] ? __pfx_kernel_clone+0x10/0x10 [ 1587.863458][T30355] __do_sys_clone+0xce/0x120 [ 1587.863499][T30355] ? __pfx___do_sys_clone+0x10/0x10 [ 1587.863540][T30355] ? ksys_unshare+0x687/0xa40 [ 1587.863604][T30355] ? xfd_validate_state+0x61/0x180 [ 1587.863665][T30355] do_syscall_64+0xcd/0x490 [ 1587.863700][T30355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1587.863735][T30355] RIP: 0033:0x7fa2d598e929 [ 1587.863763][T30355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1587.863797][T30355] RSP: 002b:00007fa2d6711fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1587.863829][T30355] RAX: ffffffffffffffda RBX: 00007fa2d5bb5fa0 RCX: 00007fa2d598e929 [ 1587.863851][T30355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1587.863870][T30355] RBP: 00007fa2d5a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1587.863889][T30355] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1587.863909][T30355] R13: 0000000000000000 R14: 00007fa2d5bb5fa0 R15: 00007ffca52cd788 [ 1587.863953][T30355] [ 1589.383927][T30417] ubi0: attaching mtd0 [ 1589.440596][T30417] ubi0: scanning is finished [ 1589.461934][T30417] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1589.507924][T30436] kexec: Could not allocate control_code_buffer [ 1589.701815][T30417] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1590.236845][T30454] FAULT_INJECTION: forcing a failure. [ 1590.236845][T30454] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1590.252585][T30454] CPU: 0 UID: 0 PID: 30454 Comm: syz.3.4770 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1590.252637][T30454] Tainted: [U]=USER [ 1590.252648][T30454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1590.252667][T30454] Call Trace: [ 1590.252678][T30454] [ 1590.252691][T30454] dump_stack_lvl+0x16c/0x1f0 [ 1590.252745][T30454] should_fail_ex+0x512/0x640 [ 1590.252796][T30454] get_futex_key+0xf3e/0x1540 [ 1590.252849][T30454] ? __pfx_get_futex_key+0x10/0x10 [ 1590.252889][T30454] ? __mutex_trylock_common+0xe9/0x250 [ 1590.252943][T30454] futex_wake+0xea/0x530 [ 1590.252992][T30454] ? __pfx_futex_wake+0x10/0x10 [ 1590.253034][T30454] ? __lock_acquire+0xb8a/0x1c90 [ 1590.253094][T30454] do_futex+0x1e3/0x350 [ 1590.253135][T30454] ? __pfx_do_futex+0x10/0x10 [ 1590.253170][T30454] ? __might_fault+0xe3/0x190 [ 1590.253228][T30454] mm_release+0x24e/0x300 [ 1590.253265][T30454] do_exit+0x683/0x2bd0 [ 1590.253317][T30454] ? __pfx_do_exit+0x10/0x10 [ 1590.253358][T30454] ? do_raw_spin_lock+0x12c/0x2b0 [ 1590.253407][T30454] ? find_held_lock+0x2b/0x80 [ 1590.253446][T30454] do_group_exit+0xd3/0x2a0 [ 1590.253492][T30454] get_signal+0x2673/0x26d0 [ 1590.253546][T30454] ? __pfx_get_signal+0x10/0x10 [ 1590.253581][T30454] ? do_futex+0x122/0x350 [ 1590.253620][T30454] ? __pfx_do_futex+0x10/0x10 [ 1590.253664][T30454] arch_do_signal_or_restart+0x8f/0x790 [ 1590.253705][T30454] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1590.253754][T30454] ? xfd_validate_state+0x61/0x180 [ 1590.253805][T30454] exit_to_user_mode_loop+0x84/0x110 [ 1590.253871][T30454] do_syscall_64+0x3f6/0x490 [ 1590.253904][T30454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1590.253938][T30454] RIP: 0033:0x7fd05f58e929 [ 1590.253964][T30454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1590.253996][T30454] RSP: 002b:00007fd0603a00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1590.254026][T30454] RAX: fffffffffffffe00 RBX: 00007fd05f7b6088 RCX: 00007fd05f58e929 [ 1590.254047][T30454] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd05f7b6088 [ 1590.254066][T30454] RBP: 00007fd05f7b6080 R08: 0000000000000000 R09: 0000000000000000 [ 1590.254086][T30454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd05f7b608c [ 1590.254105][T30454] R13: 0000000000000000 R14: 00007ffd954c0790 R15: 00007ffd954c0878 [ 1590.254147][T30454] [ 1591.498347][T30466] FAULT_INJECTION: forcing a failure. [ 1591.498347][T30466] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1591.547978][T30466] CPU: 0 UID: 0 PID: 30466 Comm: syz.3.4771 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1591.548035][T30466] Tainted: [U]=USER [ 1591.548047][T30466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1591.548066][T30466] Call Trace: [ 1591.548076][T30466] [ 1591.548090][T30466] dump_stack_lvl+0x16c/0x1f0 [ 1591.548152][T30466] should_fail_ex+0x512/0x640 [ 1591.548206][T30466] get_futex_key+0xf3e/0x1540 [ 1591.548251][T30466] ? __pfx_get_futex_key+0x10/0x10 [ 1591.548291][T30466] ? __mutex_trylock_common+0xe9/0x250 [ 1591.548346][T30466] futex_wake+0xea/0x530 [ 1591.548397][T30466] ? __pfx_futex_wake+0x10/0x10 [ 1591.548439][T30466] ? __lock_acquire+0xb8a/0x1c90 [ 1591.548504][T30466] do_futex+0x1e3/0x350 [ 1591.548551][T30466] ? __pfx_do_futex+0x10/0x10 [ 1591.548586][T30466] ? __might_fault+0xe3/0x190 [ 1591.548641][T30466] mm_release+0x24e/0x300 [ 1591.548676][T30466] do_exit+0x683/0x2bd0 [ 1591.548722][T30466] ? __pfx_do_exit+0x10/0x10 [ 1591.548757][T30466] ? do_raw_spin_lock+0x12c/0x2b0 [ 1591.548799][T30466] ? find_held_lock+0x2b/0x80 [ 1591.548831][T30466] do_group_exit+0xd3/0x2a0 [ 1591.548883][T30466] get_signal+0x2673/0x26d0 [ 1591.548925][T30466] ? __pfx_get_signal+0x10/0x10 [ 1591.548953][T30466] ? do_futex+0x122/0x350 [ 1591.548984][T30466] ? __pfx_do_futex+0x10/0x10 [ 1591.549018][T30466] arch_do_signal_or_restart+0x8f/0x790 [ 1591.549051][T30466] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1591.549090][T30466] ? xfd_validate_state+0x61/0x180 [ 1591.549134][T30466] exit_to_user_mode_loop+0x84/0x110 [ 1591.549178][T30466] do_syscall_64+0x3f6/0x490 [ 1591.549209][T30466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1591.549239][T30466] RIP: 0033:0x7fd05f58e929 [ 1591.549263][T30466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1591.549292][T30466] RSP: 002b:00007fd0603a00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1591.549321][T30466] RAX: fffffffffffffe00 RBX: 00007fd05f7b6088 RCX: 00007fd05f58e929 [ 1591.549342][T30466] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd05f7b6088 [ 1591.549361][T30466] RBP: 00007fd05f7b6080 R08: 0000000000000000 R09: 0000000000000000 [ 1591.549380][T30466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd05f7b608c [ 1591.549398][T30466] R13: 0000000000000000 R14: 00007ffd954c0790 R15: 00007ffd954c0878 [ 1591.549435][T30466] [ 1592.484882][T30507] FAULT_INJECTION: forcing a failure. [ 1592.484882][T30507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1592.498804][T30507] CPU: 1 UID: 0 PID: 30507 Comm: syz.2.4777 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1592.498868][T30507] Tainted: [U]=USER [ 1592.498879][T30507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1592.498902][T30507] Call Trace: [ 1592.498914][T30507] [ 1592.498927][T30507] dump_stack_lvl+0x16c/0x1f0 [ 1592.498999][T30507] should_fail_ex+0x512/0x640 [ 1592.499052][T30507] _copy_from_user+0x2e/0xd0 [ 1592.499107][T30507] kstrtouint_from_user+0xd6/0x1d0 [ 1592.499149][T30507] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1592.499189][T30507] ? __lock_acquire+0xb8a/0x1c90 [ 1592.499251][T30507] proc_fail_nth_write+0x83/0x250 [ 1592.499289][T30507] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1592.499340][T30507] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1592.499378][T30507] vfs_write+0x29d/0x1150 [ 1592.499431][T30507] ? __pfx___mutex_lock+0x10/0x10 [ 1592.499462][T30507] ? __pfx_vfs_write+0x10/0x10 [ 1592.499520][T30507] ? __fget_files+0x20e/0x3c0 [ 1592.499560][T30507] ? rcu_watching_snap_stopped_since+0xa0/0x110 [ 1592.499612][T30507] ksys_write+0x12a/0x250 [ 1592.499658][T30507] ? __pfx_ksys_write+0x10/0x10 [ 1592.499719][T30507] do_syscall_64+0xcd/0x490 [ 1592.499754][T30507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1592.499788][T30507] RIP: 0033:0x7f66d098d3df [ 1592.499828][T30507] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1592.499865][T30507] RSP: 002b:00007f66d1793030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1592.499897][T30507] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f66d098d3df [ 1592.499917][T30507] RDX: 0000000000000001 RSI: 00007f66d17930a0 RDI: 0000000000000004 [ 1592.499936][T30507] RBP: 00007f66d1793090 R08: 0000000000000000 R09: 0000000000000000 [ 1592.499954][T30507] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1592.499971][T30507] R13: 0000000000000000 R14: 00007f66d0bb5fa0 R15: 00007ffed7a79128 [ 1592.500009][T30507] [ 1593.448313][T30518] ubi0: attaching mtd0 [ 1593.454201][T30518] ubi0: scanning is finished [ 1593.459327][T30518] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1593.546981][T30518] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1594.488614][ T30] audit: type=1800 audit(4294967363.510:57): pid=30553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4784" name="lu_gp_id" dev="configfs" ino=93096 res=0 errno=0 [ 1594.727236][T30554] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1594.727276][T30554] CIFS mount error: No usable UNC path provided in device string! [ 1594.727276][T30554] [ 1594.727523][T30554] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1595.185816][T30568] FAULT_INJECTION: forcing a failure. [ 1595.185816][T30568] name failslab, interval 1, probability 0, space 0, times 0 [ 1595.198818][T30568] CPU: 0 UID: 0 PID: 30568 Comm: syz.3.4785 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1595.198871][T30568] Tainted: [U]=USER [ 1595.198882][T30568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1595.198903][T30568] Call Trace: [ 1595.198915][T30568] [ 1595.198929][T30568] dump_stack_lvl+0x16c/0x1f0 [ 1595.198988][T30568] should_fail_ex+0x512/0x640 [ 1595.199036][T30568] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1595.199094][T30568] should_failslab+0xc2/0x120 [ 1595.199127][T30568] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1595.199176][T30568] ? find_held_lock+0x2b/0x80 [ 1595.199207][T30568] ? vm_area_dup+0x27/0x8d0 [ 1595.199251][T30568] ? dup_mmap+0x5cb/0x21d0 [ 1595.199295][T30568] vm_area_dup+0x27/0x8d0 [ 1595.199343][T30568] dup_mmap+0x877/0x21d0 [ 1595.199399][T30568] ? __pfx_dup_mmap+0x10/0x10 [ 1595.199469][T30568] copy_process+0x4081/0x76a0 [ 1595.199511][T30568] ? __pfx___futex_wait+0x10/0x10 [ 1595.199560][T30568] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1595.199638][T30568] ? __pfx_copy_process+0x10/0x10 [ 1595.199703][T30568] kernel_clone+0xfc/0x960 [ 1595.199748][T30568] ? __pfx_kernel_clone+0x10/0x10 [ 1595.199816][T30568] __do_sys_clone+0xce/0x120 [ 1595.199856][T30568] ? __pfx___do_sys_clone+0x10/0x10 [ 1595.199897][T30568] ? ksys_unshare+0x687/0xa40 [ 1595.199960][T30568] ? xfd_validate_state+0x61/0x180 [ 1595.200020][T30568] do_syscall_64+0xcd/0x490 [ 1595.200054][T30568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1595.200088][T30568] RIP: 0033:0x7fd05f58e929 [ 1595.200116][T30568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1595.200149][T30568] RSP: 002b:00007fd0603c0fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1595.200181][T30568] RAX: ffffffffffffffda RBX: 00007fd05f7b5fa0 RCX: 00007fd05f58e929 [ 1595.200204][T30568] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000002360411 [ 1595.200225][T30568] RBP: 00007fd05f610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1595.200245][T30568] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1595.200265][T30568] R13: 0000000000000000 R14: 00007fd05f7b5fa0 R15: 00007ffd954c0878 [ 1595.200309][T30568] [ 1595.299553][T30560] FAULT_INJECTION: forcing a failure. [ 1595.299553][T30560] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1595.479026][T30560] CPU: 1 UID: 0 PID: 30560 Comm: syz.0.4791 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1595.479079][T30560] Tainted: [U]=USER [ 1595.479091][T30560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1595.479109][T30560] Call Trace: [ 1595.479120][T30560] [ 1595.479132][T30560] dump_stack_lvl+0x16c/0x1f0 [ 1595.479187][T30560] should_fail_ex+0x512/0x640 [ 1595.479242][T30560] get_futex_key+0x293/0x1540 [ 1595.479285][T30560] ? __pfx_get_futex_key+0x10/0x10 [ 1595.479324][T30560] ? __mutex_trylock_common+0xe9/0x250 [ 1595.479380][T30560] futex_wake+0xea/0x530 [ 1595.479447][T30560] ? __pfx_futex_wake+0x10/0x10 [ 1595.479489][T30560] ? __lock_acquire+0xb8a/0x1c90 [ 1595.479557][T30560] do_futex+0x1e3/0x350 [ 1595.479607][T30560] ? __pfx_do_futex+0x10/0x10 [ 1595.479642][T30560] ? __might_fault+0xe3/0x190 [ 1595.479700][T30560] mm_release+0x24e/0x300 [ 1595.479737][T30560] do_exit+0x683/0x2bd0 [ 1595.479789][T30560] ? __pfx_do_exit+0x10/0x10 [ 1595.479830][T30560] ? do_raw_spin_lock+0x12c/0x2b0 [ 1595.479878][T30560] ? find_held_lock+0x2b/0x80 [ 1595.479915][T30560] do_group_exit+0xd3/0x2a0 [ 1595.479962][T30560] get_signal+0x2673/0x26d0 [ 1595.480015][T30560] ? __pfx_get_signal+0x10/0x10 [ 1595.480050][T30560] ? do_futex+0x122/0x350 [ 1595.480089][T30560] ? __pfx_do_futex+0x10/0x10 [ 1595.480129][T30560] arch_do_signal_or_restart+0x8f/0x790 [ 1595.480167][T30560] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1595.480217][T30560] ? xfd_validate_state+0x61/0x180 [ 1595.480269][T30560] exit_to_user_mode_loop+0x84/0x110 [ 1595.480322][T30560] do_syscall_64+0x3f6/0x490 [ 1595.480355][T30560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1595.480389][T30560] RIP: 0033:0x7fa2d598e929 [ 1595.480416][T30560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1595.480447][T30560] RSP: 002b:00007fa2d37f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1595.480479][T30560] RAX: fffffffffffffe00 RBX: 00007fa2d5bb6088 RCX: 00007fa2d598e929 [ 1595.480500][T30560] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2d5bb6088 [ 1595.480518][T30560] RBP: 00007fa2d5bb6080 R08: 0000000000000000 R09: 0000000000000000 [ 1595.480536][T30560] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2d5bb608c [ 1595.480554][T30560] R13: 0000000000000000 R14: 00007ffca52cd6a0 R15: 00007ffca52cd788 [ 1595.480603][T30560] [ 1595.867371][T30601] sd 0:0:1:0: PR command failed: 1026 [ 1595.872977][T30601] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1595.880106][T30601] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1597.182833][T30610] FAULT_INJECTION: forcing a failure. [ 1597.182833][T30610] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.197181][T30610] CPU: 0 UID: 0 PID: 30610 Comm: syz.0.4790 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1597.197223][T30610] Tainted: [U]=USER [ 1597.197231][T30610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1597.197247][T30610] Call Trace: [ 1597.197255][T30610] [ 1597.197265][T30610] dump_stack_lvl+0x16c/0x1f0 [ 1597.197309][T30610] should_fail_ex+0x512/0x640 [ 1597.197346][T30610] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1597.197388][T30610] should_failslab+0xc2/0x120 [ 1597.197411][T30610] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1597.197450][T30610] ? ptlock_alloc+0x1f/0x70 [ 1597.197486][T30610] ptlock_alloc+0x1f/0x70 [ 1597.197518][T30610] pte_alloc_one+0x82/0x3a0 [ 1597.197557][T30610] __pte_alloc+0x6d/0x3c0 [ 1597.197581][T30610] ? __pfx___pte_alloc+0x10/0x10 [ 1597.197604][T30610] ? __pfx___might_resched+0x10/0x10 [ 1597.197630][T30610] ? copy_page_range+0x13f0/0x5740 [ 1597.197667][T30610] copy_page_range+0x1aed/0x5740 [ 1597.197711][T30610] ? __lock_acquire+0x622/0x1c90 [ 1597.197765][T30610] ? __pfx_copy_page_range+0x10/0x10 [ 1597.197805][T30610] ? __pfx___might_resched+0x10/0x10 [ 1597.197830][T30610] ? __vma_enter_locked+0x163/0x3f0 [ 1597.197866][T30610] ? dup_mmap+0xe38/0x21d0 [ 1597.197895][T30610] ? down_write+0x14d/0x200 [ 1597.197923][T30610] ? up_write+0x1b2/0x520 [ 1597.197962][T30610] dup_mmap+0xe88/0x21d0 [ 1597.198003][T30610] ? __pfx_dup_mmap+0x10/0x10 [ 1597.198052][T30610] copy_process+0x4081/0x76a0 [ 1597.198081][T30610] ? preempt_schedule_thunk+0x16/0x30 [ 1597.198125][T30610] ? __pfx_copy_process+0x10/0x10 [ 1597.198160][T30610] ? plist_check_head+0xa3/0x150 [ 1597.198198][T30610] ? futex_private_hash_put+0xc7/0x240 [ 1597.198232][T30610] kernel_clone+0xfc/0x960 [ 1597.198263][T30610] ? __pfx_futex_wake+0x10/0x10 [ 1597.198297][T30610] ? __pfx_kernel_clone+0x10/0x10 [ 1597.198346][T30610] __do_sys_clone+0xce/0x120 [ 1597.198376][T30610] ? __pfx___do_sys_clone+0x10/0x10 [ 1597.198406][T30610] ? ksys_unshare+0x687/0xa40 [ 1597.198451][T30610] ? xfd_validate_state+0x61/0x180 [ 1597.198498][T30610] do_syscall_64+0xcd/0x490 [ 1597.198533][T30610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1597.198566][T30610] RIP: 0033:0x7fa2d598e929 [ 1597.198592][T30610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1597.198625][T30610] RSP: 002b:00007fa2d37f5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1597.198657][T30610] RAX: ffffffffffffffda RBX: 00007fa2d5bb6080 RCX: 00007fa2d598e929 [ 1597.198678][T30610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1597.198699][T30610] RBP: 00007fa2d5a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1597.198720][T30610] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1597.198739][T30610] R13: 0000000000000000 R14: 00007fa2d5bb6080 R15: 00007ffca52cd788 [ 1597.198783][T30610] [ 1598.283874][T30672] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1598.404562][T30658] ubi0: attaching mtd0 [ 1598.430885][T30658] ubi0: scanning is finished [ 1598.494048][T30658] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1598.708731][T30658] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1599.071139][T30670] FAULT_INJECTION: forcing a failure. [ 1599.071139][T30670] name failslab, interval 1, probability 0, space 0, times 0 [ 1599.087647][T30670] CPU: 0 UID: 0 PID: 30670 Comm: syz.2.4798 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1599.087696][T30670] Tainted: [U]=USER [ 1599.087705][T30670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1599.087720][T30670] Call Trace: [ 1599.087728][T30670] [ 1599.087738][T30670] dump_stack_lvl+0x16c/0x1f0 [ 1599.087783][T30670] should_fail_ex+0x512/0x640 [ 1599.087820][T30670] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1599.087862][T30670] should_failslab+0xc2/0x120 [ 1599.087886][T30670] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1599.087922][T30670] ? find_held_lock+0x2b/0x80 [ 1599.087946][T30670] ? vm_area_dup+0x27/0x8d0 [ 1599.087979][T30670] ? dup_mmap+0x5cb/0x21d0 [ 1599.088012][T30670] vm_area_dup+0x27/0x8d0 [ 1599.088048][T30670] dup_mmap+0x877/0x21d0 [ 1599.088088][T30670] ? __pfx_dup_mmap+0x10/0x10 [ 1599.088138][T30670] copy_process+0x4081/0x76a0 [ 1599.088169][T30670] ? __pfx___futex_wait+0x10/0x10 [ 1599.088216][T30670] ? __pfx_copy_process+0x10/0x10 [ 1599.088272][T30670] kernel_clone+0xfc/0x960 [ 1599.088306][T30670] ? __pfx_kernel_clone+0x10/0x10 [ 1599.088355][T30670] __do_sys_clone+0xce/0x120 [ 1599.088385][T30670] ? __pfx___do_sys_clone+0x10/0x10 [ 1599.088416][T30670] ? ksys_unshare+0x687/0xa40 [ 1599.088461][T30670] ? xfd_validate_state+0x61/0x180 [ 1599.088517][T30670] do_syscall_64+0xcd/0x490 [ 1599.088549][T30670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1599.088584][T30670] RIP: 0033:0x7f66d098e929 [ 1599.088604][T30670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1599.088628][T30670] RSP: 002b:00007f66d1792fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1599.088651][T30670] RAX: ffffffffffffffda RBX: 00007f66d0bb5fa0 RCX: 00007f66d098e929 [ 1599.088669][T30670] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000002360411 [ 1599.088684][T30670] RBP: 00007f66d0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1599.088700][T30670] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1599.088715][T30670] R13: 0000000000000000 R14: 00007f66d0bb5fa0 R15: 00007ffed7a79128 [ 1599.088748][T30670] [ 1601.701227][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1601.710430][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1601.719444][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1601.729347][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1601.741466][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1602.366154][ T1154] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1602.641761][ T1154] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1602.702303][T30801] ovs_: entered promiscuous mode [ 1602.981192][ T1154] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1603.426712][ T1154] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1603.446751][T30820] ubi0: attaching mtd0 [ 1603.474503][T30820] ubi0: scanning is finished [ 1603.496909][T30820] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1603.839097][T28227] Bluetooth: hci4: command tx timeout [ 1604.056167][T30820] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1604.199886][T30761] chnl_net:caif_netlink_parms(): no params data found [ 1604.593560][T30815] FAULT_INJECTION: forcing a failure. [ 1604.593560][T30815] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.608661][T30815] CPU: 0 UID: 0 PID: 30815 Comm: syz.1.4810 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1604.608715][T30815] Tainted: [U]=USER [ 1604.608726][T30815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1604.608743][T30815] Call Trace: [ 1604.608752][T30815] [ 1604.608766][T30815] dump_stack_lvl+0x16c/0x1f0 [ 1604.608822][T30815] should_fail_ex+0x512/0x640 [ 1604.608879][T30815] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1604.608934][T30815] should_failslab+0xc2/0x120 [ 1604.608968][T30815] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1604.609019][T30815] ? __pmd_alloc+0xbf/0x930 [ 1604.609061][T30815] __pmd_alloc+0xbf/0x930 [ 1604.609096][T30815] ? __pud_alloc+0x526/0x750 [ 1604.609136][T30815] copy_page_range+0x2419/0x5740 [ 1604.609184][T30815] ? dup_mmap+0x877/0x21d0 [ 1604.609220][T30815] ? copy_process+0x4081/0x76a0 [ 1604.609261][T30815] ? do_syscall_64+0xcd/0x490 [ 1604.609296][T30815] ? __lock_acquire+0x622/0x1c90 [ 1604.609370][T30815] ? __pfx_copy_page_range+0x10/0x10 [ 1604.609423][T30815] ? __pfx___might_resched+0x10/0x10 [ 1604.609457][T30815] ? __pfx_mas_store+0x10/0x10 [ 1604.609488][T30815] ? __vma_enter_locked+0x163/0x3f0 [ 1604.609535][T30815] ? dup_mmap+0xe38/0x21d0 [ 1604.609589][T30815] ? down_write+0x14d/0x200 [ 1604.609628][T30815] ? up_write+0x1b2/0x520 [ 1604.609682][T30815] dup_mmap+0xe88/0x21d0 [ 1604.609737][T30815] ? __pfx_dup_mmap+0x10/0x10 [ 1604.609808][T30815] copy_process+0x4081/0x76a0 [ 1604.609860][T30815] ? __pfx___futex_wait+0x10/0x10 [ 1604.609928][T30815] ? __pfx_copy_process+0x10/0x10 [ 1604.609994][T30815] kernel_clone+0xfc/0x960 [ 1604.610046][T30815] ? __pfx_kernel_clone+0x10/0x10 [ 1604.610115][T30815] __do_sys_clone+0xce/0x120 [ 1604.610157][T30815] ? __pfx___do_sys_clone+0x10/0x10 [ 1604.610199][T30815] ? ksys_unshare+0x687/0xa40 [ 1604.610265][T30815] ? xfd_validate_state+0x61/0x180 [ 1604.610325][T30815] do_syscall_64+0xcd/0x490 [ 1604.610359][T30815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1604.610394][T30815] RIP: 0033:0x7f01c338e929 [ 1604.610423][T30815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1604.610457][T30815] RSP: 002b:00007f01c4278fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1604.610489][T30815] RAX: ffffffffffffffda RBX: 00007f01c35b5fa0 RCX: 00007f01c338e929 [ 1604.610511][T30815] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000002360411 [ 1604.610531][T30815] RBP: 00007f01c3410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1604.610550][T30815] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1604.610569][T30815] R13: 0000000000000000 R14: 00007f01c35b5fa0 R15: 00007ffc9ada5238 [ 1604.610613][T30815] [ 1605.126708][ T1154] bridge_slave_1: left allmulticast mode [ 1605.132623][ T1154] bridge_slave_1: left promiscuous mode [ 1605.169512][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state [ 1605.394484][ T1154] bridge_slave_0: left allmulticast mode [ 1605.428675][ T1154] bridge_slave_0: left promiscuous mode [ 1605.434589][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state [ 1605.918951][T28227] Bluetooth: hci4: command tx timeout [ 1606.909679][T31043] FAULT_INJECTION: forcing a failure. [ 1606.909679][T31043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1606.926169][T31043] CPU: 0 UID: 0 PID: 31043 Comm: syz.1.4819 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1606.926220][T31043] Tainted: [U]=USER [ 1606.926231][T31043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1606.926251][T31043] Call Trace: [ 1606.926259][T31043] [ 1606.926269][T31043] dump_stack_lvl+0x16c/0x1f0 [ 1606.926312][T31043] should_fail_ex+0x512/0x640 [ 1606.926352][T31043] _copy_from_user+0x2e/0xd0 [ 1606.926392][T31043] do_pages_stat+0x239/0x820 [ 1606.926426][T31043] ? __pfx_do_pages_stat+0x10/0x10 [ 1606.926454][T31043] ? __lock_acquire+0x622/0x1c90 [ 1606.926505][T31043] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1606.926541][T31043] ? lockdep_hardirqs_on+0x7c/0x110 [ 1606.926580][T31043] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1606.926626][T31043] kernel_move_pages+0xfd4/0x13b0 [ 1606.926664][T31043] ? __pfx_kernel_move_pages+0x10/0x10 [ 1606.926693][T31043] ? __fget_files+0x20e/0x3c0 [ 1606.926731][T31043] ? fput+0x70/0xf0 [ 1606.926753][T31043] ? ksys_write+0x1ac/0x250 [ 1606.926787][T31043] ? __pfx_ksys_write+0x10/0x10 [ 1606.926824][T31043] __x64_sys_move_pages+0xe0/0x1c0 [ 1606.926851][T31043] ? do_syscall_64+0x91/0x490 [ 1606.926872][T31043] ? lockdep_hardirqs_on+0x7c/0x110 [ 1606.926908][T31043] do_syscall_64+0xcd/0x490 [ 1606.926932][T31043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1606.926957][T31043] RIP: 0033:0x7f01c338e929 [ 1606.926976][T31043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1606.927001][T31043] RSP: 002b:00007f01c4279038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1606.927024][T31043] RAX: ffffffffffffffda RBX: 00007f01c35b5fa0 RCX: 00007f01c338e929 [ 1606.927041][T31043] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1606.927056][T31043] RBP: 00007f01c4279090 R08: 0000000000000000 R09: 0000000000000002 [ 1606.927071][T31043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1606.927086][T31043] R13: 0000000000000000 R14: 00007f01c35b5fa0 R15: 00007ffc9ada5238 [ 1606.927117][T31043] [ 1607.727303][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1607.754258][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1607.786577][ T1154] bond0 (unregistering): Released all slaves [ 1607.837974][T30761] bridge0: port 1(bridge_slave_0) entered blocking state [ 1607.854920][T30761] bridge0: port 1(bridge_slave_0) entered disabled state [ 1607.875397][T30761] bridge_slave_0: entered allmulticast mode [ 1607.884912][T30761] bridge_slave_0: entered promiscuous mode [ 1608.009667][T28227] Bluetooth: hci4: command tx timeout [ 1608.085159][T30761] bridge0: port 2(bridge_slave_1) entered blocking state [ 1608.114583][T30761] bridge0: port 2(bridge_slave_1) entered disabled state [ 1608.157526][T30761] bridge_slave_1: entered allmulticast mode [ 1608.207199][T30761] bridge_slave_1: entered promiscuous mode [ 1608.555612][ T1154] .SR: left promiscuous mode [ 1608.910244][T30761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1608.949900][T30761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1608.971399][T31109] ubi0: attaching mtd0 [ 1608.989809][T31109] ubi0: scanning is finished [ 1609.008997][T31109] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1609.359727][T31109] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1609.863349][T30761] team0: Port device team_slave_0 added [ 1610.056408][T30761] team0: Port device team_slave_1 added [ 1610.081927][T28227] Bluetooth: hci4: command tx timeout [ 1610.134716][T31125] FAULT_INJECTION: forcing a failure. [ 1610.134716][T31125] name failslab, interval 1, probability 0, space 0, times 0 [ 1610.153173][T31125] CPU: 1 UID: 0 PID: 31125 Comm: syz.0.4823 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1610.153230][T31125] Tainted: [U]=USER [ 1610.153242][T31125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1610.153262][T31125] Call Trace: [ 1610.153273][T31125] [ 1610.153286][T31125] dump_stack_lvl+0x16c/0x1f0 [ 1610.153346][T31125] should_fail_ex+0x512/0x640 [ 1610.153395][T31125] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1610.153451][T31125] should_failslab+0xc2/0x120 [ 1610.153484][T31125] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1610.153535][T31125] ? find_held_lock+0x2b/0x80 [ 1610.153568][T31125] ? vm_area_dup+0x27/0x8d0 [ 1610.153611][T31125] ? dup_mmap+0x5cb/0x21d0 [ 1610.153656][T31125] vm_area_dup+0x27/0x8d0 [ 1610.153706][T31125] dup_mmap+0x877/0x21d0 [ 1610.153764][T31125] ? __pfx_dup_mmap+0x10/0x10 [ 1610.153837][T31125] copy_process+0x4081/0x76a0 [ 1610.153877][T31125] ? preempt_schedule_thunk+0x16/0x30 [ 1610.153956][T31125] ? __pfx_copy_process+0x10/0x10 [ 1610.153995][T31125] ? plist_check_head+0xa3/0x150 [ 1610.154049][T31125] ? futex_private_hash_put+0xc7/0x240 [ 1610.154107][T31125] kernel_clone+0xfc/0x960 [ 1610.154149][T31125] ? __pfx_futex_wake+0x10/0x10 [ 1610.154195][T31125] ? __pfx_kernel_clone+0x10/0x10 [ 1610.154264][T31125] __do_sys_clone+0xce/0x120 [ 1610.154306][T31125] ? __pfx___do_sys_clone+0x10/0x10 [ 1610.154347][T31125] ? ksys_unshare+0x687/0xa40 [ 1610.154410][T31125] ? xfd_validate_state+0x61/0x180 [ 1610.154469][T31125] do_syscall_64+0xcd/0x490 [ 1610.154503][T31125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.154537][T31125] RIP: 0033:0x7fa2d598e929 [ 1610.154566][T31125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1610.154602][T31125] RSP: 002b:00007fa2d37f5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1610.154635][T31125] RAX: ffffffffffffffda RBX: 00007fa2d5bb6080 RCX: 00007fa2d598e929 [ 1610.154658][T31125] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000002360411 [ 1610.154677][T31125] RBP: 00007fa2d5a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1610.154698][T31125] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1610.154719][T31125] R13: 0000000000000000 R14: 00007fa2d5bb6080 R15: 00007ffca52cd788 [ 1610.154763][T31125] [ 1610.803693][T30761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1610.811910][T30761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1610.842039][T30761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1610.875993][T30761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1610.887758][T30761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1610.915370][T30761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1610.986427][ T1154] hsr_slave_0: left promiscuous mode [ 1610.994365][ T1154] hsr_slave_1: left promiscuous mode [ 1611.001836][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1611.011019][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1611.021539][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1611.029287][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1611.050568][ T1154] veth1_macvtap: left promiscuous mode [ 1611.056156][ T1154] veth0_macvtap: left promiscuous mode [ 1611.062209][ T1154] veth1_vlan: left promiscuous mode [ 1611.067566][ T1154] veth0_vlan: left promiscuous mode [ 1611.585788][ T1154] team0 (unregistering): Port device team_slave_1 removed [ 1611.635515][ T1154] team0 (unregistering): Port device team_slave_0 removed [ 1612.302820][T30761] hsr_slave_0: entered promiscuous mode [ 1612.314511][T30761] hsr_slave_1: entered promiscuous mode [ 1613.149696][T31406] ubi0: attaching mtd0 [ 1613.162485][T31406] ubi0: scanning is finished [ 1613.167170][T31406] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1613.314510][T31406] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1614.134055][T30761] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1614.152592][T30761] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1614.163953][T30761] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1614.175971][T30761] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1614.282939][T30761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1614.308413][T30761] 8021q: adding VLAN 0 to HW filter on device team0 [ 1614.325159][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1614.332369][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1614.353723][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 1614.361109][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1614.785465][T30761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1614.871864][T30761] veth0_vlan: entered promiscuous mode [ 1614.886484][T30761] veth1_vlan: entered promiscuous mode [ 1614.935259][T30761] veth0_macvtap: entered promiscuous mode [ 1614.950850][T30761] veth1_macvtap: entered promiscuous mode [ 1614.980177][T30761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1615.004570][T30761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1615.024998][T30761] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1615.046570][T30761] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1615.059835][T30761] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1615.070837][T30761] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1615.206946][T28405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1615.230798][T28405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1615.287265][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1615.297066][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1615.416785][T31520] FAULT_INJECTION: forcing a failure. [ 1615.416785][T31520] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1615.491020][T31520] CPU: 0 UID: 0 PID: 31520 Comm: syz.3.4803 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1615.491073][T31520] Tainted: [U]=USER [ 1615.491084][T31520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1615.491103][T31520] Call Trace: [ 1615.491114][T31520] [ 1615.491126][T31520] dump_stack_lvl+0x16c/0x1f0 [ 1615.491181][T31520] should_fail_ex+0x512/0x640 [ 1615.491235][T31520] should_fail_alloc_page+0xe7/0x130 [ 1615.491269][T31520] prepare_alloc_pages+0x3c2/0x610 [ 1615.491315][T31520] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1615.491367][T31520] ? kasan_save_stack+0x33/0x60 [ 1615.491413][T31520] ? kasan_save_track+0x14/0x30 [ 1615.491458][T31520] ? __kasan_slab_alloc+0x89/0x90 [ 1615.491507][T31520] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1615.491553][T31520] ? __pmd_alloc+0xbf/0x930 [ 1615.491587][T31520] ? __handle_mm_fault+0xaac/0x5490 [ 1615.491643][T31520] ? handle_mm_fault+0x589/0xd10 [ 1615.491683][T31520] ? __get_user_pages+0x589/0x3b80 [ 1615.491716][T31520] ? __gup_longterm_locked+0x20d/0x1850 [ 1615.491752][T31520] ? gup_fast_fallback+0x1ab3/0x29e0 [ 1615.491787][T31520] ? pin_user_pages_fast+0xa7/0xf0 [ 1615.491823][T31520] ? iov_iter_extract_pages+0x3a2/0x1ed0 [ 1615.491873][T31520] ? bio_iov_iter_get_pages+0x384/0x10d0 [ 1615.491914][T31520] ? __blkdev_direct_IO_simple+0x38e/0x850 [ 1615.491960][T31520] ? blkdev_direct_IO+0xc3e/0x1ff0 [ 1615.492003][T31520] ? blkdev_write_iter+0x6fd/0xdf0 [ 1615.492047][T31520] ? vfs_write+0x6c7/0x1150 [ 1615.492090][T31520] ? ksys_write+0x12a/0x250 [ 1615.492133][T31520] ? do_syscall_64+0xcd/0x490 [ 1615.492164][T31520] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1615.492237][T31520] ? __lock_acquire+0xb8a/0x1c90 [ 1615.492282][T31520] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1615.492475][T31520] ? policy_nodemask+0xea/0x4e0 [ 1615.492631][T31520] alloc_pages_mpol+0x1fb/0x550 [ 1615.492669][T31520] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1615.492703][T31520] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 1615.492748][T31520] alloc_pages_noprof+0x131/0x390 [ 1615.492780][T31520] pte_alloc_one+0x1c/0x3a0 [ 1615.492831][T31520] __handle_mm_fault+0x3a68/0x5490 [ 1615.492887][T31520] ? __pfx___handle_mm_fault+0x10/0x10 [ 1615.492937][T31520] ? mpage_read_end_io+0x2b6/0x340 [ 1615.492968][T31520] ? bio_endio+0x70a/0x850 [ 1615.492995][T31520] ? blk_update_request+0x96b/0x1630 [ 1615.493067][T31520] handle_mm_fault+0x589/0xd10 [ 1615.493120][T31520] __get_user_pages+0x589/0x3b80 [ 1615.493176][T31520] ? __pfx___get_user_pages+0x10/0x10 [ 1615.493214][T31520] ? __pfx_down_read_killable+0x10/0x10 [ 1615.493265][T31520] __gup_longterm_locked+0x20d/0x1850 [ 1615.493325][T31520] ? find_held_lock+0x2b/0x80 [ 1615.493357][T31520] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1615.493403][T31520] ? find_held_lock+0x2b/0x80 [ 1615.493435][T31520] ? sanity_check_pinned_pages+0x23/0x1200 [ 1615.493492][T31520] gup_fast_fallback+0x1ab3/0x29e0 [ 1615.493562][T31520] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1615.493599][T31520] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1615.493638][T31520] ? is_bpf_text_address+0x94/0x1a0 [ 1615.493684][T31520] ? kernel_text_address+0x8d/0x100 [ 1615.493735][T31520] ? __kernel_text_address+0xd/0x40 [ 1615.493785][T31520] ? unwind_get_return_address+0x59/0xa0 [ 1615.493833][T31520] ? arch_stack_walk+0xa6/0x100 [ 1615.493890][T31520] pin_user_pages_fast+0xa7/0xf0 [ 1615.493940][T31520] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 1615.493976][T31520] ? __blkdev_direct_IO_simple+0x691/0x850 [ 1615.494025][T31520] ? stack_trace_save+0x8e/0xc0 [ 1615.494059][T31520] ? __pfx_stack_trace_save+0x10/0x10 [ 1615.494099][T31520] iov_iter_extract_pages+0x3a2/0x1ed0 [ 1615.494155][T31520] ? __blkdev_direct_IO_simple+0x691/0x850 [ 1615.494202][T31520] ? kasan_save_stack+0x42/0x60 [ 1615.494247][T31520] ? kasan_save_stack+0x33/0x60 [ 1615.494290][T31520] ? kasan_save_track+0x14/0x30 [ 1615.494333][T31520] ? __kasan_kmalloc+0xaa/0xb0 [ 1615.494375][T31520] ? __kmalloc_noprof+0x223/0x510 [ 1615.494418][T31520] ? __blkdev_direct_IO_simple+0x691/0x850 [ 1615.494464][T31520] ? blkdev_direct_IO+0xc3e/0x1ff0 [ 1615.494507][T31520] ? blkdev_write_iter+0x6fd/0xdf0 [ 1615.494553][T31520] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 1615.494613][T31520] ? __lock_acquire+0x622/0x1c90 [ 1615.494676][T31520] bio_iov_iter_get_pages+0x384/0x10d0 [ 1615.494713][T31520] ? find_held_lock+0x2b/0x80 [ 1615.494747][T31520] ? bio_associate_blkg_from_css+0x394/0x13e0 [ 1615.494802][T31520] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 1615.494837][T31520] ? bio_associate_blkg+0x137/0x2a0 [ 1615.494889][T31520] __blkdev_direct_IO_simple+0x38e/0x850 [ 1615.494952][T31520] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 1615.495048][T31520] ? iov_iter_is_aligned+0xf2/0x5a0 [ 1615.495093][T31520] ? iov_iter_npages+0xf0/0x5a0 [ 1615.495143][T31520] blkdev_direct_IO+0xc3e/0x1ff0 [ 1615.495210][T31520] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 1615.495265][T31520] ? rcu_is_watching+0x12/0xc0 [ 1615.495300][T31520] ? filemap_check_errors+0xa9/0x160 [ 1615.495352][T31520] blkdev_write_iter+0x6fd/0xdf0 [ 1615.495410][T31520] vfs_write+0x6c7/0x1150 [ 1615.495459][T31520] ? __pfx_blkdev_write_iter+0x10/0x10 [ 1615.495513][T31520] ? __pfx_vfs_write+0x10/0x10 [ 1615.495556][T31520] ? find_held_lock+0x2b/0x80 [ 1615.495616][T31520] ksys_write+0x12a/0x250 [ 1615.495662][T31520] ? __pfx_ksys_write+0x10/0x10 [ 1615.495723][T31520] do_syscall_64+0xcd/0x490 [ 1615.495757][T31520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1615.495791][T31520] RIP: 0033:0x7fa72618e929 [ 1615.495816][T31520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1615.495849][T31520] RSP: 002b:00007fa726ff3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1615.495879][T31520] RAX: ffffffffffffffda RBX: 00007fa7263b5fa0 RCX: 00007fa72618e929 [ 1615.495901][T31520] RDX: 000000007fffffff RSI: 0000000000000000 RDI: 0000000000000003 [ 1615.495927][T31520] RBP: 00007fa726ff3090 R08: 0000000000000000 R09: 0000000000000000 [ 1615.495946][T31520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1615.495966][T31520] R13: 0000000000000000 R14: 00007fa7263b5fa0 R15: 00007ffe6639fff8 [ 1615.496010][T31520] [ 1617.577942][T31581] FAULT_INJECTION: forcing a failure. [ 1617.577942][T31581] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1617.619846][T31581] CPU: 1 UID: 0 PID: 31581 Comm: syz.2.4829 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1617.619900][T31581] Tainted: [U]=USER [ 1617.619912][T31581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1617.619931][T31581] Call Trace: [ 1617.619940][T31581] [ 1617.619953][T31581] dump_stack_lvl+0x16c/0x1f0 [ 1617.620007][T31581] should_fail_ex+0x512/0x640 [ 1617.620065][T31581] should_fail_alloc_page+0xe7/0x130 [ 1617.620100][T31581] prepare_alloc_pages+0x3c2/0x610 [ 1617.620148][T31581] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1617.620206][T31581] ? find_held_lock+0x2b/0x80 [ 1617.620240][T31581] ? is_bpf_text_address+0x8a/0x1a0 [ 1617.620287][T31581] ? bpf_ksym_find+0x124/0x1c0 [ 1617.620323][T31581] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1617.620375][T31581] ? kernel_text_address+0x8d/0x100 [ 1617.620426][T31581] ? __kernel_text_address+0xd/0x40 [ 1617.620474][T31581] ? unwind_get_return_address+0x59/0xa0 [ 1617.620524][T31581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1617.620576][T31581] ? ip4_string+0x2e8/0x480 [ 1617.620615][T31581] ? widen_string+0xdc/0x2d0 [ 1617.620655][T31581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1617.620709][T31581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1617.620755][T31581] ? put_dec_trunc8+0x28b/0x370 [ 1617.620789][T31581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1617.620840][T31581] ? policy_nodemask+0xea/0x4e0 [ 1617.620897][T31581] alloc_pages_mpol+0x1fb/0x550 [ 1617.620930][T31581] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1617.620975][T31581] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1617.621015][T31581] vma_alloc_folio_noprof+0xed/0x1e0 [ 1617.621052][T31581] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1617.621088][T31581] ? find_held_lock+0x2b/0x80 [ 1617.621120][T31581] ? __handle_mm_fault+0x1092/0x5490 [ 1617.621170][T31581] __handle_mm_fault+0x2f21/0x5490 [ 1617.621226][T31581] ? __pfx___handle_mm_fault+0x10/0x10 [ 1617.621267][T31581] ? __pfx_mt_find+0x10/0x10 [ 1617.621326][T31581] ? find_vma+0xbf/0x140 [ 1617.621360][T31581] ? __pfx_find_vma+0x10/0x10 [ 1617.621396][T31581] handle_mm_fault+0x589/0xd10 [ 1617.621439][T31581] ? __pkru_allows_pkey+0x41/0xb0 [ 1617.621486][T31581] do_user_addr_fault+0x7a6/0x1370 [ 1617.621534][T31581] ? rcu_is_watching+0x12/0xc0 [ 1617.621571][T31581] exc_page_fault+0x5c/0xb0 [ 1617.621618][T31581] asm_exc_page_fault+0x26/0x30 [ 1617.621648][T31581] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1617.621696][T31581] Code: 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 10 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1617.621727][T31581] RSP: 0018:ffffc9000c8a79b0 EFLAGS: 00050206 [ 1617.621753][T31581] RAX: 0000000000000001 RBX: 0000000000000ed5 RCX: 00000000000008c9 [ 1617.621772][T31581] RDX: ffffed100f20b9db RSI: ffff88807905c60c RDI: 0000200000001000 [ 1617.621793][T31581] RBP: 0000000000000ed5 R08: 0000000000000000 R09: ffffed100f20b9da [ 1617.621812][T31581] R10: ffff88807905ced4 R11: 0000000000000000 R12: 00000000000004b4 [ 1617.621831][T31581] R13: ffffc9000c8a7bc8 R14: ffff88807905c000 R15: 00002000000009f4 [ 1617.621874][T31581] _copy_to_iter+0x4eb/0x16f0 [ 1617.621934][T31581] ? lockdep_hardirqs_on+0x7c/0x110 [ 1617.621984][T31581] ? __pfx__copy_to_iter+0x10/0x10 [ 1617.622035][T31581] ? rcu_preempt_deferred_qs_irqrestore+0x4f5/0xbc0 [ 1617.622102][T31581] seq_read_iter+0xcf8/0x12c0 [ 1617.622157][T31581] seq_read+0x39e/0x4e0 [ 1617.622191][T31581] ? __pfx_seq_read+0x10/0x10 [ 1617.622239][T31581] ? get_pid_task+0xfc/0x250 [ 1617.622296][T31581] ? __pfx_seq_read+0x10/0x10 [ 1617.622335][T31581] proc_reg_read+0x240/0x330 [ 1617.622383][T31581] ? __pfx_proc_reg_read+0x10/0x10 [ 1617.622431][T31581] vfs_read+0x1e4/0xc60 [ 1617.622487][T31581] ? __pfx_vfs_read+0x10/0x10 [ 1617.622528][T31581] ? find_held_lock+0x2b/0x80 [ 1617.622561][T31581] ? __fget_files+0x204/0x3c0 [ 1617.622610][T31581] ? __fget_files+0x20e/0x3c0 [ 1617.622650][T31581] ? __fget_files+0x150/0x3c0 [ 1617.622713][T31581] __x64_sys_pread64+0x1eb/0x250 [ 1617.622762][T31581] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1617.622824][T31581] do_syscall_64+0xcd/0x490 [ 1617.622858][T31581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.622890][T31581] RIP: 0033:0x7f66d098e929 [ 1617.622916][T31581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1617.622948][T31581] RSP: 002b:00007f66d1793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1617.622978][T31581] RAX: ffffffffffffffda RBX: 00007f66d0bb5fa0 RCX: 00007f66d098e929 [ 1617.622999][T31581] RDX: 000020000000003f RSI: 0000200000000540 RDI: 0000000000000003 [ 1617.623019][T31581] RBP: 00007f66d1793090 R08: 0000000000000000 R09: 0000000000000000 [ 1617.623039][T31581] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1617.623057][T31581] R13: 0000000000000000 R14: 00007f66d0bb5fa0 R15: 00007ffed7a79128 [ 1617.623098][T31581] [ 1618.108476][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1618.115276][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1618.276058][T31567] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1618.282328][T31567] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1618.352940][T31567] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1618.359287][T31567] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1618.424127][T31567] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1618.432752][T31567] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1618.443674][T31567] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1618.460054][T31567] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1618.466058][T31567] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1618.473882][T31567] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1619.204440][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 1620.400670][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 1620.480077][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout [ 1620.487204][T28227] Bluetooth: hci3: command 0x0c1a tx timeout [ 1621.278893][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 1622.478735][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 1622.572295][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout [ 1622.579866][T28227] Bluetooth: hci3: command 0x0c1a tx timeout [ 1622.619699][T31754] FAULT_INJECTION: forcing a failure. [ 1622.619699][T31754] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1622.659456][T31754] CPU: 1 UID: 0 PID: 31754 Comm: syz.0.4842 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1622.659507][T31754] Tainted: [U]=USER [ 1622.659519][T31754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1622.659538][T31754] Call Trace: [ 1622.659548][T31754] [ 1622.659567][T31754] dump_stack_lvl+0x16c/0x1f0 [ 1622.659623][T31754] should_fail_ex+0x512/0x640 [ 1622.659677][T31754] get_futex_key+0xf3e/0x1540 [ 1622.659722][T31754] ? __pfx_get_futex_key+0x10/0x10 [ 1622.659761][T31754] ? __mutex_trylock_common+0xe9/0x250 [ 1622.659815][T31754] futex_wake+0xea/0x530 [ 1622.659865][T31754] ? __pfx_futex_wake+0x10/0x10 [ 1622.659907][T31754] ? __lock_acquire+0xb8a/0x1c90 [ 1622.659967][T31754] do_futex+0x1e3/0x350 [ 1622.660013][T31754] ? __pfx_do_futex+0x10/0x10 [ 1622.660049][T31754] ? __might_fault+0xe3/0x190 [ 1622.660106][T31754] mm_release+0x24e/0x300 [ 1622.660142][T31754] do_exit+0x683/0x2bd0 [ 1622.660192][T31754] ? __pfx_do_exit+0x10/0x10 [ 1622.660239][T31754] ? do_raw_spin_lock+0x12c/0x2b0 [ 1622.660287][T31754] ? find_held_lock+0x2b/0x80 [ 1622.660326][T31754] do_group_exit+0xd3/0x2a0 [ 1622.660372][T31754] get_signal+0x2673/0x26d0 [ 1622.660422][T31754] ? __pfx_get_signal+0x10/0x10 [ 1622.660457][T31754] ? do_futex+0x122/0x350 [ 1622.660495][T31754] ? __pfx_do_futex+0x10/0x10 [ 1622.660539][T31754] arch_do_signal_or_restart+0x8f/0x790 [ 1622.660579][T31754] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1622.660627][T31754] ? xfd_validate_state+0x61/0x180 [ 1622.660678][T31754] exit_to_user_mode_loop+0x84/0x110 [ 1622.660729][T31754] do_syscall_64+0x3f6/0x490 [ 1622.660761][T31754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1622.660795][T31754] RIP: 0033:0x7fa2d598e929 [ 1622.660820][T31754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1622.660852][T31754] RSP: 002b:00007fa2d37f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1622.660881][T31754] RAX: fffffffffffffe00 RBX: 00007fa2d5bb6088 RCX: 00007fa2d598e929 [ 1622.660902][T31754] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2d5bb6088 [ 1622.660920][T31754] RBP: 00007fa2d5bb6080 R08: 0000000000000000 R09: 0000000000000000 [ 1622.660938][T31754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2d5bb608c [ 1622.660956][T31754] R13: 0000000000000000 R14: 00007ffca52cd6a0 R15: 00007ffca52cd788 [ 1622.661004][T31754] [ 1622.908481][ C1] vkms_vblank_simulate: vblank timer overrun [ 1624.096768][T31840] FAULT_INJECTION: forcing a failure. [ 1624.096768][T31840] name failslab, interval 1, probability 0, space 0, times 0 [ 1624.138599][T31840] CPU: 1 UID: 0 PID: 31840 Comm: syz.1.4857 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1624.138651][T31840] Tainted: [U]=USER [ 1624.138661][T31840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1624.138680][T31840] Call Trace: [ 1624.138691][T31840] [ 1624.138704][T31840] dump_stack_lvl+0x16c/0x1f0 [ 1624.138753][T31840] should_fail_ex+0x512/0x640 [ 1624.138792][T31840] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1624.138837][T31840] should_failslab+0xc2/0x120 [ 1624.138863][T31840] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1624.138905][T31840] ? security_file_alloc+0x34/0x2b0 [ 1624.138947][T31840] security_file_alloc+0x34/0x2b0 [ 1624.138983][T31840] init_file+0x93/0x4c0 [ 1624.139010][T31840] alloc_empty_file+0x73/0x1e0 [ 1624.139041][T31840] path_openat+0xda/0x2cb0 [ 1624.139077][T31840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1624.139117][T31840] ? __pfx_path_openat+0x10/0x10 [ 1624.139174][T31840] do_filp_open+0x20b/0x470 [ 1624.139214][T31840] ? __pfx_do_filp_open+0x10/0x10 [ 1624.139276][T31840] ? _raw_spin_unlock+0x28/0x50 [ 1624.139313][T31840] ? alloc_fd+0x471/0x7d0 [ 1624.139358][T31840] do_sys_openat2+0x11b/0x1d0 [ 1624.139388][T31840] ? __pfx_do_sys_openat2+0x10/0x10 [ 1624.139421][T31840] ? __fget_files+0x20e/0x3c0 [ 1624.139464][T31840] __x64_sys_open+0x153/0x1e0 [ 1624.139494][T31840] ? __pfx___x64_sys_open+0x10/0x10 [ 1624.139532][T31840] ? rcu_is_watching+0x12/0xc0 [ 1624.139563][T31840] do_syscall_64+0xcd/0x490 [ 1624.139590][T31840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1624.139616][T31840] RIP: 0033:0x7f01c338e929 [ 1624.139639][T31840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1624.139666][T31840] RSP: 002b:00007f01c4258038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1624.139691][T31840] RAX: ffffffffffffffda RBX: 00007f01c35b6080 RCX: 00007f01c338e929 [ 1624.139709][T31840] RDX: 0000000000000172 RSI: 0000000000145300 RDI: 00002000000002c0 [ 1624.139726][T31840] RBP: 00007f01c4258090 R08: 0000000000000000 R09: 0000000000000000 [ 1624.139745][T31840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1624.139764][T31840] R13: 0000000000000001 R14: 00007f01c35b6080 R15: 00007ffc9ada5238 [ 1624.139805][T31840] [ 1624.376372][ C1] vkms_vblank_simulate: vblank timer overrun [ 1624.386559][T31859] FAULT_INJECTION: forcing a failure. [ 1624.386559][T31859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1624.455058][T31859] CPU: 0 UID: 0 PID: 31859 Comm: syz.2.4858 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1624.455110][T31859] Tainted: [U]=USER [ 1624.455120][T31859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1624.455139][T31859] Call Trace: [ 1624.455151][T31859] [ 1624.455165][T31859] dump_stack_lvl+0x16c/0x1f0 [ 1624.455220][T31859] should_fail_ex+0x512/0x640 [ 1624.455274][T31859] _copy_from_iter+0x29f/0x16f0 [ 1624.455331][T31859] ? __alloc_skb+0x200/0x380 [ 1624.455381][T31859] ? __pfx__copy_from_iter+0x10/0x10 [ 1624.455435][T31859] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1624.455486][T31859] netlink_sendmsg+0x829/0xdd0 [ 1624.455530][T31859] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1624.455584][T31859] ____sys_sendmsg+0xa98/0xc70 [ 1624.455625][T31859] ? copy_msghdr_from_user+0x10a/0x160 [ 1624.455676][T31859] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1624.455735][T31859] ___sys_sendmsg+0x134/0x1d0 [ 1624.455789][T31859] ? __pfx____sys_sendmsg+0x10/0x10 [ 1624.455841][T31859] ? __lock_acquire+0x622/0x1c90 [ 1624.455936][T31859] __sys_sendmsg+0x16d/0x220 [ 1624.455989][T31859] ? __pfx___sys_sendmsg+0x10/0x10 [ 1624.456067][T31859] do_syscall_64+0xcd/0x490 [ 1624.456105][T31859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1624.456139][T31859] RIP: 0033:0x7f66d098e929 [ 1624.456164][T31859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1624.456197][T31859] RSP: 002b:00007f66d1772038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1624.456228][T31859] RAX: ffffffffffffffda RBX: 00007f66d0bb6080 RCX: 00007f66d098e929 [ 1624.456249][T31859] RDX: 000000000000c044 RSI: 0000200000003bc0 RDI: 0000000000000003 [ 1624.456268][T31859] RBP: 00007f66d1772090 R08: 0000000000000000 R09: 0000000000000000 [ 1624.456287][T31859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1624.456305][T31859] R13: 0000000000000000 R14: 00007f66d0bb6080 R15: 00007ffed7a79128 [ 1624.456345][T31859] [ 1624.703672][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout [ 1624.709865][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 1625.103280][T31871] FAULT_INJECTION: forcing a failure. [ 1625.103280][T31871] name failslab, interval 1, probability 0, space 0, times 0 [ 1625.118856][T31871] CPU: 0 UID: 0 PID: 31871 Comm: syz.2.4861 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1625.118912][T31871] Tainted: [U]=USER [ 1625.118923][T31871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1625.118945][T31871] Call Trace: [ 1625.118957][T31871] [ 1625.118970][T31871] dump_stack_lvl+0x16c/0x1f0 [ 1625.119028][T31871] should_fail_ex+0x512/0x640 [ 1625.119085][T31871] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1625.119134][T31871] should_failslab+0xc2/0x120 [ 1625.119166][T31871] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1625.119213][T31871] ? trace_kmalloc+0x2b/0xd0 [ 1625.119245][T31871] ? snd_virmidi_output_open+0xc4/0x670 [ 1625.119289][T31871] snd_virmidi_output_open+0xc4/0x670 [ 1625.119332][T31871] open_substream+0x47b/0x9b0 [ 1625.119379][T31871] rawmidi_open_priv+0x543/0x6e0 [ 1625.119431][T31871] snd_rawmidi_open+0x4cc/0xbf0 [ 1625.119484][T31871] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1625.119533][T31871] ? __pfx_default_wake_function+0x10/0x10 [ 1625.119574][T31871] ? kobject_get_unless_zero+0x156/0x1e0 [ 1625.119614][T31871] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1625.119659][T31871] snd_open+0x1fe/0x450 [ 1625.119693][T31871] ? __pfx_snd_open+0x10/0x10 [ 1625.119725][T31871] chrdev_open+0x231/0x6a0 [ 1625.119777][T31871] ? __pfx_apparmor_file_open+0x10/0x10 [ 1625.119821][T31871] ? __pfx_chrdev_open+0x10/0x10 [ 1625.119875][T31871] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1625.119928][T31871] do_dentry_open+0x744/0x1c10 [ 1625.119979][T31871] ? __pfx_chrdev_open+0x10/0x10 [ 1625.120042][T31871] vfs_open+0x82/0x3f0 [ 1625.120090][T31871] path_openat+0x1de4/0x2cb0 [ 1625.120155][T31871] ? __pfx_path_openat+0x10/0x10 [ 1625.120207][T31871] ? __lock_acquire+0xb8a/0x1c90 [ 1625.120257][T31871] do_filp_open+0x20b/0x470 [ 1625.120308][T31871] ? __pfx_do_filp_open+0x10/0x10 [ 1625.120387][T31871] ? alloc_fd+0x471/0x7d0 [ 1625.120445][T31871] do_sys_openat2+0x11b/0x1d0 [ 1625.120483][T31871] ? __pfx_do_sys_openat2+0x10/0x10 [ 1625.120540][T31871] __x64_sys_openat+0x174/0x210 [ 1625.120578][T31871] ? __pfx___x64_sys_openat+0x10/0x10 [ 1625.120634][T31871] do_syscall_64+0xcd/0x490 [ 1625.120669][T31871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1625.120704][T31871] RIP: 0033:0x7f66d098e929 [ 1625.120732][T31871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1625.120765][T31871] RSP: 002b:00007f66d1793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1625.120796][T31871] RAX: ffffffffffffffda RBX: 00007f66d0bb5fa0 RCX: 00007f66d098e929 [ 1625.120820][T31871] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1625.120842][T31871] RBP: 00007f66d0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1625.120862][T31871] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 1625.120881][T31871] R13: 0000000000000000 R14: 00007f66d0bb5fa0 R15: 00007ffed7a79128 [ 1625.120925][T31871] [ 1625.752744][T31898] FAULT_INJECTION: forcing a failure. [ 1625.752744][T31898] name failslab, interval 1, probability 0, space 0, times 0 [ 1625.765920][T31898] CPU: 0 UID: 0 PID: 31898 Comm: syz.2.4871 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1625.765975][T31898] Tainted: [U]=USER [ 1625.765986][T31898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1625.766007][T31898] Call Trace: [ 1625.766018][T31898] [ 1625.766031][T31898] dump_stack_lvl+0x16c/0x1f0 [ 1625.766093][T31898] should_fail_ex+0x512/0x640 [ 1625.766143][T31898] ? __kmalloc_noprof+0xbf/0x510 [ 1625.766196][T31898] ? snd_midi_event_new+0xa1/0x210 [ 1625.766227][T31898] should_failslab+0xc2/0x120 [ 1625.766258][T31898] __kmalloc_noprof+0xd2/0x510 [ 1625.766318][T31898] snd_midi_event_new+0xa1/0x210 [ 1625.766352][T31898] snd_virmidi_output_open+0x106/0x670 [ 1625.766394][T31898] open_substream+0x47b/0x9b0 [ 1625.766439][T31898] rawmidi_open_priv+0x543/0x6e0 [ 1625.766492][T31898] snd_rawmidi_open+0x4cc/0xbf0 [ 1625.766546][T31898] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1625.766595][T31898] ? __pfx_default_wake_function+0x10/0x10 [ 1625.766635][T31898] ? kobject_get_unless_zero+0x156/0x1e0 [ 1625.766674][T31898] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1625.766731][T31898] snd_open+0x1fe/0x450 [ 1625.766766][T31898] ? __pfx_snd_open+0x10/0x10 [ 1625.766797][T31898] chrdev_open+0x231/0x6a0 [ 1625.766850][T31898] ? __pfx_apparmor_file_open+0x10/0x10 [ 1625.766894][T31898] ? __pfx_chrdev_open+0x10/0x10 [ 1625.766950][T31898] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1625.767004][T31898] do_dentry_open+0x744/0x1c10 [ 1625.767055][T31898] ? __pfx_chrdev_open+0x10/0x10 [ 1625.767116][T31898] vfs_open+0x82/0x3f0 [ 1625.767157][T31898] path_openat+0x1de4/0x2cb0 [ 1625.767219][T31898] ? __pfx_path_openat+0x10/0x10 [ 1625.767270][T31898] ? __lock_acquire+0xb8a/0x1c90 [ 1625.767320][T31898] do_filp_open+0x20b/0x470 [ 1625.767370][T31898] ? __pfx_do_filp_open+0x10/0x10 [ 1625.767449][T31898] ? alloc_fd+0x471/0x7d0 [ 1625.767506][T31898] do_sys_openat2+0x11b/0x1d0 [ 1625.767543][T31898] ? __pfx_do_sys_openat2+0x10/0x10 [ 1625.767598][T31898] __x64_sys_openat+0x174/0x210 [ 1625.767637][T31898] ? __pfx___x64_sys_openat+0x10/0x10 [ 1625.767694][T31898] do_syscall_64+0xcd/0x490 [ 1625.767738][T31898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1625.767773][T31898] RIP: 0033:0x7f66d098e929 [ 1625.767801][T31898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1625.767834][T31898] RSP: 002b:00007f66d1793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1625.767866][T31898] RAX: ffffffffffffffda RBX: 00007f66d0bb5fa0 RCX: 00007f66d098e929 [ 1625.767888][T31898] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1625.767908][T31898] RBP: 00007f66d0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1625.767928][T31898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1625.767948][T31898] R13: 0000000000000000 R14: 00007f66d0bb5fa0 R15: 00007ffed7a79128 [ 1625.767994][T31898] [ 1625.770533][T31901] FAULT_INJECTION: forcing a failure. [ 1625.770533][T31901] name failslab, interval 1, probability 0, space 0, times 0 [ 1626.092236][T31901] CPU: 1 UID: 0 PID: 31901 Comm: syz.0.4870 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1626.092287][T31901] Tainted: [U]=USER [ 1626.092296][T31901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1626.092314][T31901] Call Trace: [ 1626.092323][T31901] [ 1626.092335][T31901] dump_stack_lvl+0x16c/0x1f0 [ 1626.092383][T31901] should_fail_ex+0x512/0x640 [ 1626.092422][T31901] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1626.092467][T31901] should_failslab+0xc2/0x120 [ 1626.092493][T31901] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1626.092535][T31901] ? security_file_alloc+0x34/0x2b0 [ 1626.092597][T31901] security_file_alloc+0x34/0x2b0 [ 1626.092634][T31901] init_file+0x93/0x4c0 [ 1626.092662][T31901] alloc_empty_file+0x73/0x1e0 [ 1626.092692][T31901] path_openat+0xda/0x2cb0 [ 1626.092729][T31901] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1626.092769][T31901] ? __pfx_path_openat+0x10/0x10 [ 1626.092809][T31901] ? __lock_acquire+0xb8a/0x1c90 [ 1626.092850][T31901] do_filp_open+0x20b/0x470 [ 1626.092889][T31901] ? __pfx_do_filp_open+0x10/0x10 [ 1626.092957][T31901] ? alloc_fd+0x471/0x7d0 [ 1626.093002][T31901] do_sys_openat2+0x11b/0x1d0 [ 1626.093032][T31901] ? __pfx_do_sys_openat2+0x10/0x10 [ 1626.093065][T31901] ? __fget_files+0x20e/0x3c0 [ 1626.093107][T31901] __x64_sys_openat+0x174/0x210 [ 1626.093138][T31901] ? __pfx___x64_sys_openat+0x10/0x10 [ 1626.093167][T31901] ? ksys_write+0x1ac/0x250 [ 1626.093217][T31901] do_syscall_64+0xcd/0x490 [ 1626.093244][T31901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1626.093272][T31901] RIP: 0033:0x7fa2d598e929 [ 1626.093295][T31901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1626.093321][T31901] RSP: 002b:00007fa2d6712038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1626.093347][T31901] RAX: ffffffffffffffda RBX: 00007fa2d5bb5fa0 RCX: 00007fa2d598e929 [ 1626.093365][T31901] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1626.093382][T31901] RBP: 00007fa2d6712090 R08: 0000000000000000 R09: 0000000000000000 [ 1626.093398][T31901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.093415][T31901] R13: 0000000000000000 R14: 00007fa2d5bb5fa0 R15: 00007ffca52cd788 [ 1626.093450][T31901] [ 1626.525059][ C1] vkms_vblank_simulate: vblank timer overrun [ 1626.644447][T31903] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1629.905453][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1629.916186][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1629.926375][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1629.942459][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1629.951713][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1631.027959][T32052] chnl_net:caif_netlink_parms(): no params data found [ 1631.642713][T32052] bridge0: port 1(bridge_slave_0) entered blocking state [ 1631.659086][T32052] bridge0: port 1(bridge_slave_0) entered disabled state [ 1631.675902][T32052] bridge_slave_0: entered allmulticast mode [ 1631.684817][T32052] bridge_slave_0: entered promiscuous mode [ 1631.694775][T32052] bridge0: port 2(bridge_slave_1) entered blocking state [ 1631.702387][T32052] bridge0: port 2(bridge_slave_1) entered disabled state [ 1631.710554][T32052] bridge_slave_1: entered allmulticast mode [ 1631.719754][T32052] bridge_slave_1: entered promiscuous mode [ 1631.803831][T32052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1631.833335][T32052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1632.003709][T32052] team0: Port device team_slave_0 added [ 1632.006240][ T5838] Bluetooth: hci0: command tx timeout [ 1632.039809][T32052] team0: Port device team_slave_1 added [ 1632.138381][T32052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1632.155796][T32052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1632.189739][T32052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1632.246254][T28405] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1632.267959][T32052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1632.275164][T32052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1632.326919][T32052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1632.421208][T28405] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1632.522479][T28405] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1632.554434][T32052] hsr_slave_0: entered promiscuous mode [ 1632.564666][T32052] hsr_slave_1: entered promiscuous mode [ 1632.578901][T32052] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1632.586645][T32052] Cannot create hsr debugfs directory [ 1632.610699][T28405] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1633.146010][T28405] bridge_slave_1: left allmulticast mode [ 1633.157972][T28405] bridge_slave_1: left promiscuous mode [ 1633.171055][T28405] bridge0: port 2(bridge_slave_1) entered disabled state [ 1633.236041][T28405] bridge_slave_0: left allmulticast mode [ 1633.256815][T32443] FAULT_INJECTION: forcing a failure. [ 1633.256815][T32443] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1633.272842][T28405] bridge_slave_0: left promiscuous mode [ 1633.285499][T28405] bridge0: port 1(bridge_slave_0) entered disabled state [ 1633.301428][T32443] CPU: 1 UID: 0 PID: 32443 Comm: syz.0.4895 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1633.301480][T32443] Tainted: [U]=USER [ 1633.301492][T32443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1633.301511][T32443] Call Trace: [ 1633.301521][T32443] [ 1633.301534][T32443] dump_stack_lvl+0x16c/0x1f0 [ 1633.301587][T32443] should_fail_ex+0x512/0x640 [ 1633.301641][T32443] should_fail_alloc_page+0xe7/0x130 [ 1633.301675][T32443] prepare_alloc_pages+0x3c2/0x610 [ 1633.301720][T32443] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1633.301777][T32443] ? rcu_is_watching+0x12/0xc0 [ 1633.301809][T32443] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1633.301846][T32443] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 1633.301899][T32443] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1633.301954][T32443] ? is_bpf_text_address+0x8a/0x1a0 [ 1633.301999][T32443] ? bpf_ksym_find+0x124/0x1c0 [ 1633.302037][T32443] ? is_bpf_text_address+0x94/0x1a0 [ 1633.302084][T32443] ? __kernel_text_address+0xd/0x40 [ 1633.302142][T32443] ? unwind_get_return_address+0x59/0xa0 [ 1633.302208][T32443] alloc_pages_bulk_noprof+0x71c/0x1410 [ 1633.302256][T32443] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1633.302308][T32443] ? policy_nodemask+0xea/0x4e0 [ 1633.302366][T32443] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1633.302419][T32443] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1633.302469][T32443] kasan_populate_vmalloc+0xf1/0x1f0 [ 1633.302525][T32443] alloc_vmap_area+0x959/0x29c0 [ 1633.302578][T32443] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1633.302627][T32443] __get_vm_area_node+0x1ca/0x330 [ 1633.302674][T32443] __vmalloc_node_range_noprof+0x271/0x14b0 [ 1633.302716][T32443] ? htab_map_alloc+0x44b/0x1570 [ 1633.302764][T32443] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1633.302825][T32443] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1633.302881][T32443] ? htab_map_alloc+0x44b/0x1570 [ 1633.302932][T32443] ? mark_held_locks+0x49/0x80 [ 1633.302978][T32443] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1633.303022][T32443] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 1633.303079][T32443] ? htab_map_alloc+0x44b/0x1570 [ 1633.303131][T32443] __bpf_map_area_alloc+0x12e/0x200 [ 1633.303165][T32443] ? htab_map_alloc+0x44b/0x1570 [ 1633.303220][T32443] htab_map_alloc+0x44b/0x1570 [ 1633.303279][T32443] ? htab_map_alloc_check+0x2f2/0x430 [ 1633.303333][T32443] map_create+0x58f/0x1db0 [ 1633.303396][T32443] ? __pfx_map_create+0x10/0x10 [ 1633.303440][T32443] ? __might_fault+0xe3/0x190 [ 1633.303486][T32443] ? __might_fault+0xe3/0x190 [ 1633.303532][T32443] ? __might_fault+0x13b/0x190 [ 1633.303595][T32443] __sys_bpf+0x47cc/0x4d80 [ 1633.303648][T32443] ? __pfx___sys_bpf+0x10/0x10 [ 1633.303700][T32443] ? ksys_write+0x190/0x250 [ 1633.303752][T32443] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1633.303827][T32443] ? fput+0x70/0xf0 [ 1633.303858][T32443] ? ksys_write+0x1ac/0x250 [ 1633.303904][T32443] ? __pfx_ksys_write+0x10/0x10 [ 1633.303955][T32443] __x64_sys_bpf+0x78/0xc0 [ 1633.303987][T32443] ? lockdep_hardirqs_on+0x7c/0x110 [ 1633.304033][T32443] do_syscall_64+0xcd/0x490 [ 1633.304064][T32443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1633.304105][T32443] RIP: 0033:0x7fa2d598e929 [ 1633.304132][T32443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1633.304164][T32443] RSP: 002b:00007fa2d6712038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1633.304193][T32443] RAX: ffffffffffffffda RBX: 00007fa2d5bb5fa0 RCX: 00007fa2d598e929 [ 1633.304213][T32443] RDX: 0000000000000098 RSI: 0000200000000100 RDI: 0000000000000000 [ 1633.304233][T32443] RBP: 00007fa2d6712090 R08: 0000000000000000 R09: 0000000000000000 [ 1633.304252][T32443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1633.304271][T32443] R13: 0000000000000000 R14: 00007fa2d5bb5fa0 R15: 00007ffca52cd788 [ 1633.304312][T32443] [ 1633.685250][ C1] vkms_vblank_simulate: vblank timer overrun [ 1634.083386][ T5838] Bluetooth: hci0: command tx timeout [ 1634.755280][T28405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1634.767300][T28405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1634.779160][T28405] bond0 (unregistering): Released all slaves [ 1634.898842][T28405] .SR: left promiscuous mode [ 1634.986762][T28405] ovs_: left promiscuous mode [ 1635.023359][T32456] FAULT_INJECTION: forcing a failure. [ 1635.023359][T32456] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1635.049478][T32456] CPU: 0 UID: 0 PID: 32456 Comm: syz.0.4896 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1635.049532][T32456] Tainted: [U]=USER [ 1635.049543][T32456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1635.049562][T32456] Call Trace: [ 1635.049573][T32456] [ 1635.049586][T32456] dump_stack_lvl+0x16c/0x1f0 [ 1635.049640][T32456] should_fail_ex+0x512/0x640 [ 1635.049693][T32456] get_futex_key+0x293/0x1540 [ 1635.049734][T32456] ? __pfx_get_futex_key+0x10/0x10 [ 1635.049771][T32456] ? __mutex_trylock_common+0xe9/0x250 [ 1635.049830][T32456] futex_wake+0xea/0x530 [ 1635.049886][T32456] ? __pfx_futex_wake+0x10/0x10 [ 1635.049928][T32456] ? __lock_acquire+0xb8a/0x1c90 [ 1635.049989][T32456] do_futex+0x1e3/0x350 [ 1635.050036][T32456] ? __pfx_do_futex+0x10/0x10 [ 1635.050072][T32456] ? __might_fault+0xe3/0x190 [ 1635.050127][T32456] mm_release+0x24e/0x300 [ 1635.050162][T32456] do_exit+0x683/0x2bd0 [ 1635.050209][T32456] ? __pfx_do_exit+0x10/0x10 [ 1635.050251][T32456] ? do_raw_spin_lock+0x12c/0x2b0 [ 1635.050297][T32456] ? find_held_lock+0x2b/0x80 [ 1635.050336][T32456] do_group_exit+0xd3/0x2a0 [ 1635.050383][T32456] get_signal+0x2673/0x26d0 [ 1635.050436][T32456] ? __pfx_get_signal+0x10/0x10 [ 1635.050470][T32456] ? do_futex+0x122/0x350 [ 1635.050507][T32456] ? __pfx_do_futex+0x10/0x10 [ 1635.050548][T32456] arch_do_signal_or_restart+0x8f/0x790 [ 1635.050585][T32456] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1635.050631][T32456] ? xfd_validate_state+0x61/0x180 [ 1635.050682][T32456] exit_to_user_mode_loop+0x84/0x110 [ 1635.050729][T32456] do_syscall_64+0x3f6/0x490 [ 1635.050760][T32456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1635.050792][T32456] RIP: 0033:0x7fa2d598e929 [ 1635.050816][T32456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1635.050846][T32456] RSP: 002b:00007fa2d37f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1635.050876][T32456] RAX: fffffffffffffe00 RBX: 00007fa2d5bb6088 RCX: 00007fa2d598e929 [ 1635.050896][T32456] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2d5bb6088 [ 1635.050915][T32456] RBP: 00007fa2d5bb6080 R08: 0000000000000000 R09: 0000000000000000 [ 1635.050933][T32456] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2d5bb608c [ 1635.050953][T32456] R13: 0000000000000000 R14: 00007ffca52cd6a0 R15: 00007ffca52cd788 [ 1635.050995][T32456] [ 1636.054236][T32052] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1636.102053][T28405] hsr_slave_0: left promiscuous mode [ 1636.108396][T28405] hsr_slave_1: left promiscuous mode [ 1636.126077][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1636.140673][T28405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1636.158661][ T5838] Bluetooth: hci0: command tx timeout [ 1636.164236][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1636.176739][T28405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1636.207157][T28405] veth1_macvtap: left promiscuous mode [ 1636.215721][T28405] veth0_macvtap: left promiscuous mode [ 1636.221612][T28405] veth1_vlan: left promiscuous mode [ 1636.227559][T28405] veth0_vlan: left promiscuous mode [ 1636.772632][T28405] team0 (unregistering): Port device team_slave_1 removed [ 1636.817109][T28405] team0 (unregistering): Port device team_slave_0 removed [ 1637.285940][T32052] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1637.297510][T32052] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1637.325525][T32052] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1637.570555][T32052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1637.595456][T32052] 8021q: adding VLAN 0 to HW filter on device team0 [ 1637.610355][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1637.617553][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1637.673286][T14118] bridge0: port 2(bridge_slave_1) entered blocking state [ 1637.680578][T14118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1638.073668][T32052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1638.148444][T32052] veth0_vlan: entered promiscuous mode [ 1638.175362][T32052] veth1_vlan: entered promiscuous mode [ 1638.216835][T32052] veth0_macvtap: entered promiscuous mode [ 1638.232596][T32052] veth1_macvtap: entered promiscuous mode [ 1638.241205][ T5838] Bluetooth: hci0: command tx timeout [ 1638.266211][T32052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1638.283385][T32052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1638.298390][T32052] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.307861][T32052] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.317045][T32052] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.329428][T32052] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.414131][T28405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1638.432628][T28405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1638.461493][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1638.469499][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1639.560030][T32625] FAULT_INJECTION: forcing a failure. [ 1639.560030][T32625] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1639.581056][T32625] CPU: 0 UID: 0 PID: 32625 Comm: syz.0.4912 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1639.581108][T32625] Tainted: [U]=USER [ 1639.581118][T32625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1639.581137][T32625] Call Trace: [ 1639.581148][T32625] [ 1639.581161][T32625] dump_stack_lvl+0x16c/0x1f0 [ 1639.581217][T32625] should_fail_ex+0x512/0x640 [ 1639.581273][T32625] _copy_to_iter+0x29f/0x16f0 [ 1639.581327][T32625] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1639.581395][T32625] ? __pfx__copy_to_iter+0x10/0x10 [ 1639.581446][T32625] ? kernfs_seq_stop+0xcd/0x120 [ 1639.581488][T32625] ? kernfs_put_active+0x86/0xe0 [ 1639.581540][T32625] seq_read_iter+0xcf8/0x12c0 [ 1639.581600][T32625] kernfs_fop_read_iter+0x40f/0x5a0 [ 1639.581633][T32625] ? rw_verify_area+0xcf/0x680 [ 1639.581677][T32625] vfs_read+0x8bf/0xc60 [ 1639.581733][T32625] ? __pfx___mutex_lock+0x10/0x10 [ 1639.581761][T32625] ? __pfx_vfs_read+0x10/0x10 [ 1639.581834][T32625] ksys_read+0x12a/0x250 [ 1639.581877][T32625] ? __pfx_ksys_read+0x10/0x10 [ 1639.581934][T32625] do_syscall_64+0xcd/0x490 [ 1639.581966][T32625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1639.581999][T32625] RIP: 0033:0x7fa2d598e929 [ 1639.582026][T32625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1639.582056][T32625] RSP: 002b:00007fa2d6712038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1639.582086][T32625] RAX: ffffffffffffffda RBX: 00007fa2d5bb5fa0 RCX: 00007fa2d598e929 [ 1639.582106][T32625] RDX: 000000000000002d RSI: 0000200000000000 RDI: 0000000000000003 [ 1639.582124][T32625] RBP: 00007fa2d6712090 R08: 0000000000000000 R09: 0000000000000000 [ 1639.582142][T32625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.582160][T32625] R13: 0000000000000000 R14: 00007fa2d5bb5fa0 R15: 00007ffca52cd788 [ 1639.582201][T32625] [ 1640.785513][T32687] ptrace attach of "./syz-executor exec"[28223] was attempted by ""[32687] [ 1642.519739][T32762] kAFS: Invalid Command on /proc/fs/afs/cells file [ 1644.255967][T28227] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1644.266118][T28227] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1644.274924][T28227] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1644.284460][T28227] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1644.292717][T28227] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1644.351517][T28405] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1644.624201][T28405] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1644.986056][T28405] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1645.119659][T28405] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1645.643244][ T372] chnl_net:caif_netlink_parms(): no params data found [ 1646.135500][T28405] bridge_slave_1: left allmulticast mode [ 1646.161855][T28405] bridge_slave_1: left promiscuous mode [ 1646.167795][T28405] bridge0: port 2(bridge_slave_1) entered disabled state [ 1646.280804][T28405] bridge_slave_0: left allmulticast mode [ 1646.286541][T28405] bridge_slave_0: left promiscuous mode [ 1646.292592][T28405] bridge0: port 1(bridge_slave_0) entered disabled state [ 1646.322475][ T5838] Bluetooth: hci1: command tx timeout [ 1647.157142][T28405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1647.179282][T28405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1647.196980][T28405] bond0 (unregistering): Released all slaves [ 1647.229559][ T562] FAULT_INJECTION: forcing a failure. [ 1647.229559][ T562] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1647.259134][ T562] CPU: 1 UID: 0 PID: 562 Comm: syz.3.4928 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1647.259200][ T562] Tainted: [U]=USER [ 1647.259212][ T562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1647.259231][ T562] Call Trace: [ 1647.259242][ T562] [ 1647.259255][ T562] dump_stack_lvl+0x16c/0x1f0 [ 1647.259311][ T562] should_fail_ex+0x512/0x640 [ 1647.259363][ T562] get_futex_key+0xf3e/0x1540 [ 1647.259406][ T562] ? __pfx_get_futex_key+0x10/0x10 [ 1647.259445][ T562] ? __mutex_trylock_common+0xe9/0x250 [ 1647.259500][ T562] futex_wake+0xea/0x530 [ 1647.259549][ T562] ? __pfx_futex_wake+0x10/0x10 [ 1647.259597][ T562] ? __lock_acquire+0xb8a/0x1c90 [ 1647.259658][ T562] do_futex+0x1e3/0x350 [ 1647.259697][ T562] ? __pfx_do_futex+0x10/0x10 [ 1647.259734][ T562] ? __might_fault+0xe3/0x190 [ 1647.259793][ T562] mm_release+0x24e/0x300 [ 1647.259830][ T562] do_exit+0x683/0x2bd0 [ 1647.259880][ T562] ? __pfx_do_exit+0x10/0x10 [ 1647.259922][ T562] ? do_raw_spin_lock+0x12c/0x2b0 [ 1647.259972][ T562] ? find_held_lock+0x2b/0x80 [ 1647.260010][ T562] do_group_exit+0xd3/0x2a0 [ 1647.260056][ T562] get_signal+0x2673/0x26d0 [ 1647.260107][ T562] ? __pfx_get_signal+0x10/0x10 [ 1647.260141][ T562] ? do_futex+0x122/0x350 [ 1647.260186][ T562] ? __pfx_do_futex+0x10/0x10 [ 1647.260229][ T562] arch_do_signal_or_restart+0x8f/0x790 [ 1647.260269][ T562] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1647.260316][ T562] ? xfd_validate_state+0x61/0x180 [ 1647.260369][ T562] exit_to_user_mode_loop+0x84/0x110 [ 1647.260422][ T562] do_syscall_64+0x3f6/0x490 [ 1647.260455][ T562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.260488][ T562] RIP: 0033:0x7fa72618e929 [ 1647.260514][ T562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1647.260547][ T562] RSP: 002b:00007fa726fd20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1647.260578][ T562] RAX: fffffffffffffe00 RBX: 00007fa7263b6088 RCX: 00007fa72618e929 [ 1647.260599][ T562] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa7263b6088 [ 1647.260618][ T562] RBP: 00007fa7263b6080 R08: 0000000000000000 R09: 0000000000000000 [ 1647.260637][ T562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7263b608c [ 1647.260656][ T562] R13: 0000000000000000 R14: 00007ffe6639ff10 R15: 00007ffe6639fff8 [ 1647.260696][ T562] [ 1647.577891][T28405] .SR: left promiscuous mode [ 1647.649038][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 1647.656270][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 1647.666642][ T372] bridge_slave_0: entered allmulticast mode [ 1647.675091][ T372] bridge_slave_0: entered promiscuous mode [ 1647.686197][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 1647.694617][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 1647.702085][ T372] bridge_slave_1: entered allmulticast mode [ 1647.710207][ T372] bridge_slave_1: entered promiscuous mode [ 1647.975084][ T372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1647.992531][ T372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1648.398722][ T5838] Bluetooth: hci1: command tx timeout [ 1648.435608][ T372] team0: Port device team_slave_0 added [ 1648.560691][ T372] team0: Port device team_slave_1 added [ 1648.643740][T28405] hsr_slave_0: left promiscuous mode [ 1648.678117][T28405] hsr_slave_1: left promiscuous mode [ 1648.690110][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1648.697617][T28405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1648.786470][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1648.847718][T28405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1649.047698][T28405] veth1_macvtap: left promiscuous mode [ 1649.079337][T28405] veth0_macvtap: left promiscuous mode [ 1649.091881][T28405] veth1_vlan: left promiscuous mode [ 1649.110108][T28405] veth0_vlan: left promiscuous mode [ 1649.608819][ T696] delete_channel: no stack [ 1650.488739][ T5838] Bluetooth: hci1: command tx timeout [ 1650.569702][T28405] team0 (unregistering): Port device team_slave_1 removed [ 1650.578426][ T707] FAULT_INJECTION: forcing a failure. [ 1650.578426][ T707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1650.593215][ T707] CPU: 1 UID: 0 PID: 707 Comm: syz.3.4934 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1650.593261][ T707] Tainted: [U]=USER [ 1650.593271][ T707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1650.593289][ T707] Call Trace: [ 1650.593301][ T707] [ 1650.593313][ T707] dump_stack_lvl+0x16c/0x1f0 [ 1650.593364][ T707] should_fail_ex+0x512/0x640 [ 1650.593412][ T707] _copy_from_user+0x2e/0xd0 [ 1650.593460][ T707] copy_msghdr_from_user+0x98/0x160 [ 1650.593508][ T707] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1650.593576][ T707] ___sys_sendmsg+0xfe/0x1d0 [ 1650.593622][ T707] ? __pfx____sys_sendmsg+0x10/0x10 [ 1650.593666][ T707] ? __lock_acquire+0x622/0x1c90 [ 1650.593754][ T707] __sys_sendmsg+0x16d/0x220 [ 1650.593800][ T707] ? __pfx___sys_sendmsg+0x10/0x10 [ 1650.593882][ T707] do_syscall_64+0xcd/0x490 [ 1650.593914][ T707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1650.593945][ T707] RIP: 0033:0x7fa72618e929 [ 1650.593970][ T707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1650.593999][ T707] RSP: 002b:00007fa726ff3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1650.594026][ T707] RAX: ffffffffffffffda RBX: 00007fa7263b5fa0 RCX: 00007fa72618e929 [ 1650.594045][ T707] RDX: 0000000004000040 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 1650.594063][ T707] RBP: 00007fa726ff3090 R08: 0000000000000000 R09: 0000000000000000 [ 1650.594080][ T707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1650.594097][ T707] R13: 0000000000000000 R14: 00007fa7263b5fa0 R15: 00007ffe6639fff8 [ 1650.594134][ T707] [ 1650.820087][T28405] team0 (unregistering): Port device team_slave_0 removed [ 1651.417672][ T372] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1651.426578][ T372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1651.454611][ T372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1651.469071][ T372] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1651.477223][ T372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1651.505354][ T372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1651.666186][ T372] hsr_slave_0: entered promiscuous mode [ 1651.682287][ T372] hsr_slave_1: entered promiscuous mode [ 1651.689809][ T372] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1651.697468][ T372] Cannot create hsr debugfs directory [ 1651.958183][ T820] netlink: 'syz.3.4937': attribute type 1 has an invalid length. [ 1651.985983][ T820] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4937'. [ 1652.038181][ T820] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4937'. [ 1652.568868][ T5838] Bluetooth: hci1: command tx timeout [ 1653.663201][ T372] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1653.702942][ T372] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1653.750468][ T372] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1653.770380][ T372] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1654.091190][ T996] FAULT_INJECTION: forcing a failure. [ 1654.091190][ T996] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.121759][ T996] CPU: 0 UID: 0 PID: 996 Comm: syz.3.4944 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1654.121811][ T996] Tainted: [U]=USER [ 1654.121822][ T996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1654.121840][ T996] Call Trace: [ 1654.121850][ T996] [ 1654.121862][ T996] dump_stack_lvl+0x16c/0x1f0 [ 1654.121918][ T996] should_fail_ex+0x512/0x640 [ 1654.121963][ T996] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1654.122016][ T996] should_failslab+0xc2/0x120 [ 1654.122048][ T996] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1654.122097][ T996] ? alloc_empty_file+0x55/0x1e0 [ 1654.122137][ T996] alloc_empty_file+0x55/0x1e0 [ 1654.122171][ T996] path_openat+0xda/0x2cb0 [ 1654.122212][ T996] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1654.122260][ T996] ? __pfx_path_openat+0x10/0x10 [ 1654.122318][ T996] ? __lock_acquire+0xb8a/0x1c90 [ 1654.122366][ T996] do_filp_open+0x20b/0x470 [ 1654.122413][ T996] ? __pfx_do_filp_open+0x10/0x10 [ 1654.122485][ T996] ? alloc_fd+0x471/0x7d0 [ 1654.122536][ T996] do_sys_openat2+0x11b/0x1d0 [ 1654.122572][ T996] ? __pfx_do_sys_openat2+0x10/0x10 [ 1654.122614][ T996] ? __fget_files+0x20e/0x3c0 [ 1654.122664][ T996] __x64_sys_openat+0x174/0x210 [ 1654.122701][ T996] ? __pfx___x64_sys_openat+0x10/0x10 [ 1654.122737][ T996] ? ksys_write+0x1ac/0x250 [ 1654.122797][ T996] do_syscall_64+0xcd/0x490 [ 1654.122830][ T996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1654.122862][ T996] RIP: 0033:0x7fa72618e929 [ 1654.122888][ T996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1654.122919][ T996] RSP: 002b:00007fa726ff3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1654.122949][ T996] RAX: ffffffffffffffda RBX: 00007fa7263b5fa0 RCX: 00007fa72618e929 [ 1654.122969][ T996] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1654.122990][ T996] RBP: 00007fa726ff3090 R08: 0000000000000000 R09: 0000000000000000 [ 1654.123009][ T996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1654.123026][ T996] R13: 0000000000000000 R14: 00007fa7263b5fa0 R15: 00007ffe6639fff8 [ 1654.123066][ T996] [ 1654.139028][ T372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1654.463852][ T372] 8021q: adding VLAN 0 to HW filter on device team0 [ 1654.542258][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1654.549637][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1654.594049][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1654.601361][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1654.718078][ T372] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1654.762647][ T372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1655.254722][ T372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1655.347179][ T372] veth0_vlan: entered promiscuous mode [ 1655.365924][ T372] veth1_vlan: entered promiscuous mode [ 1655.434945][ T372] veth0_macvtap: entered promiscuous mode [ 1655.451214][ T372] veth1_macvtap: entered promiscuous mode [ 1655.513683][ T372] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1655.583847][ T372] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1655.637058][ T372] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1655.663686][ T372] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1655.689899][ T372] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1655.708569][ T372] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1656.037311][T28405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1656.064162][T28405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1656.119505][T28405] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1656.127428][T28405] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1656.281483][ T1074] FAULT_INJECTION: forcing a failure. [ 1656.281483][ T1074] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.330764][ T1074] CPU: 0 UID: 0 PID: 1074 Comm: syz.2.4955 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1656.330818][ T1074] Tainted: [U]=USER [ 1656.330827][ T1074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1656.330845][ T1074] Call Trace: [ 1656.330856][ T1074] [ 1656.330868][ T1074] dump_stack_lvl+0x16c/0x1f0 [ 1656.330923][ T1074] should_fail_ex+0x512/0x640 [ 1656.330969][ T1074] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1656.331015][ T1074] should_failslab+0xc2/0x120 [ 1656.331047][ T1074] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1656.331089][ T1074] ? rcu_is_watching+0x12/0xc0 [ 1656.331120][ T1074] ? s_start+0x7b/0x320 [ 1656.331179][ T1074] s_start+0x7b/0x320 [ 1656.331229][ T1074] seq_read_iter+0x2be/0x12c0 [ 1656.331289][ T1074] seq_read+0x39e/0x4e0 [ 1656.331330][ T1074] ? __pfx_seq_read+0x10/0x10 [ 1656.331369][ T1074] ? get_pid_task+0xfc/0x250 [ 1656.331416][ T1074] ? __mutex_trylock_common+0xe9/0x250 [ 1656.331477][ T1074] ? rw_verify_area+0xcf/0x680 [ 1656.331517][ T1074] ? __pfx_seq_read+0x10/0x10 [ 1656.331558][ T1074] vfs_read+0x1e4/0xc60 [ 1656.331609][ T1074] ? __pfx___mutex_lock+0x10/0x10 [ 1656.331641][ T1074] ? __pfx_vfs_read+0x10/0x10 [ 1656.331698][ T1074] ? __fget_files+0x20e/0x3c0 [ 1656.331756][ T1074] ksys_read+0x12a/0x250 [ 1656.331799][ T1074] ? __pfx_ksys_read+0x10/0x10 [ 1656.331854][ T1074] do_syscall_64+0xcd/0x490 [ 1656.331887][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1656.331917][ T1074] RIP: 0033:0x7f74f9b8e929 [ 1656.331939][ T1074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1656.331965][ T1074] RSP: 002b:00007f74f79f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1656.331990][ T1074] RAX: ffffffffffffffda RBX: 00007f74f9db5fa0 RCX: 00007f74f9b8e929 [ 1656.332008][ T1074] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1656.332025][ T1074] RBP: 00007f74f79f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1656.332041][ T1074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1656.332057][ T1074] R13: 0000000000000000 R14: 00007f74f9db5fa0 R15: 00007ffdecd80c98 [ 1656.332092][ T1074] [ 1656.332128][ T1074] [ 1656.552861][ T1074] ===================================== [ 1656.558426][ T1074] WARNING: bad unlock balance detected! [ 1656.564007][ T1074] 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 Tainted: G U [ 1656.572713][ T1074] ------------------------------------- [ 1656.578306][ T1074] syz.2.4955/1074 is trying to release lock (event_mutex) at: [ 1656.585815][ T1074] [] seq_read_iter+0x610/0x12c0 [ 1656.592303][ T1074] but there are no more locks to release! [ 1656.598040][ T1074] [ 1656.598040][ T1074] other info that might help us debug this: [ 1656.606118][ T1074] 2 locks held by syz.2.4955/1074: [ 1656.611262][ T1074] #0: ffff8880306f1438 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 1656.620392][ T1074] #1: ffff888063d27540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0 [ 1656.629333][ T1074] [ 1656.629333][ T1074] stack backtrace: [ 1656.635248][ T1074] CPU: 0 UID: 0 PID: 1074 Comm: syz.2.4955 Tainted: G U 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 1656.635290][ T1074] Tainted: [U]=USER [ 1656.635299][ T1074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1656.635315][ T1074] Call Trace: [ 1656.635326][ T1074] [ 1656.635336][ T1074] dump_stack_lvl+0x116/0x1f0 [ 1656.635379][ T1074] ? seq_read_iter+0x610/0x12c0 [ 1656.635411][ T1074] print_unlock_imbalance_bug+0x11b/0x130 [ 1656.635446][ T1074] ? seq_read_iter+0x610/0x12c0 [ 1656.635477][ T1074] lock_release+0x242/0x2f0 [ 1656.635512][ T1074] __mutex_unlock_slowpath+0xa2/0x6a0 [ 1656.635559][ T1074] ? rcu_is_watching+0x12/0xc0 [ 1656.635586][ T1074] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1656.635630][ T1074] ? rcu_is_watching+0x12/0xc0 [ 1656.635655][ T1074] ? kfree+0x24f/0x4d0 [ 1656.635686][ T1074] ? __kasan_kmalloc+0x8a/0xb0 [ 1656.635727][ T1074] seq_read_iter+0x610/0x12c0 [ 1656.635766][ T1074] seq_read+0x39e/0x4e0 [ 1656.635796][ T1074] ? __pfx_seq_read+0x10/0x10 [ 1656.635827][ T1074] ? get_pid_task+0xfc/0x250 [ 1656.635864][ T1074] ? __mutex_trylock_common+0xe9/0x250 [ 1656.635905][ T1074] ? rw_verify_area+0xcf/0x680 [ 1656.635938][ T1074] ? __pfx_seq_read+0x10/0x10 [ 1656.635969][ T1074] vfs_read+0x1e4/0xc60 [ 1656.636006][ T1074] ? __pfx___mutex_lock+0x10/0x10 [ 1656.636029][ T1074] ? __pfx_vfs_read+0x10/0x10 [ 1656.636068][ T1074] ? __fget_files+0x20e/0x3c0 [ 1656.636107][ T1074] ksys_read+0x12a/0x250 [ 1656.636143][ T1074] ? __pfx_ksys_read+0x10/0x10 [ 1656.636184][ T1074] do_syscall_64+0xcd/0x490 [ 1656.636215][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1656.636242][ T1074] RIP: 0033:0x7f74f9b8e929 [ 1656.636264][ T1074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1656.636290][ T1074] RSP: 002b:00007f74f79f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1656.636315][ T1074] RAX: ffffffffffffffda RBX: 00007f74f9db5fa0 RCX: 00007f74f9b8e929 [ 1656.636333][ T1074] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1656.636350][ T1074] RBP: 00007f74f79f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1656.636367][ T1074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1656.636383][ T1074] R13: 0000000000000000 R14: 00007f74f9db5fa0 R15: 00007ffdecd80c98 [ 1656.636408][ T1074] [ 1656.636458][ C0] vkms_vblank_simulate: vblank timer overrun [ 1656.877402][ C0] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1657.847149][T28405] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1657.942479][T28405] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.031882][T28405] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.117317][T28405] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.264311][T28405] bridge_slave_1: left allmulticast mode [ 1658.273091][T28405] bridge_slave_1: left promiscuous mode [ 1658.279511][T28405] bridge0: port 2(bridge_slave_1) entered disabled state [ 1658.288455][T28405] bridge_slave_0: left allmulticast mode [ 1658.296150][T28405] bridge_slave_0: left promiscuous mode [ 1658.302615][T28405] bridge0: port 1(bridge_slave_0) entered disabled state [ 1658.436566][T28405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1658.451739][T28405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1658.463394][T28405] bond0 (unregistering): Released all slaves [ 1658.697181][T28405] hsr_slave_0: left promiscuous mode [ 1658.705500][T28405] hsr_slave_1: left promiscuous mode [ 1658.711519][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1658.719471][T28405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1658.728414][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1658.736464][T28405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1658.752548][T28405] veth1_macvtap: left promiscuous mode [ 1658.758146][T28405] veth0_macvtap: left promiscuous mode [ 1658.764189][T28405] veth1_vlan: left promiscuous mode [ 1658.769696][T28405] veth0_vlan: left promiscuous mode [ 1659.006771][T28405] team0 (unregistering): Port device team_slave_1 removed [ 1659.040805][T28405] team0 (unregistering): Port device team_slave_0 removed [ 1659.423280][T28405] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.496410][T28405] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.594173][T28405] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.655477][T28405] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.769664][T28405] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.816405][T28405] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.887055][T28405] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.936788][T28405] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1660.060361][T28405] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1660.134280][T28405] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1660.205187][T28405] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1660.276553][T28405] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1660.414771][T28405] bridge_slave_1: left allmulticast mode [ 1660.422090][T28405] bridge_slave_1: left promiscuous mode [ 1660.427901][T28405] bridge0: port 2(bridge_slave_1) entered disabled state [ 1660.437809][T28405] bridge_slave_0: left allmulticast mode [ 1660.443852][T28405] bridge_slave_0: left promiscuous mode [ 1660.450637][T28405] bridge0: port 1(bridge_slave_0) entered disabled state [ 1660.462169][T28405] bridge_slave_1: left allmulticast mode [ 1660.467876][T28405] bridge_slave_1: left promiscuous mode [ 1660.473723][T28405] bridge0: port 2(bridge_slave_1) entered disabled state [ 1660.482653][T28405] bridge_slave_0: left allmulticast mode [ 1660.488373][T28405] bridge_slave_0: left promiscuous mode [ 1660.495917][T28405] bridge0: port 1(bridge_slave_0) entered disabled state [ 1660.505327][T28405] bridge_slave_1: left allmulticast mode [ 1660.511148][T28405] bridge_slave_1: left promiscuous mode [ 1660.516886][T28405] bridge0: port 2(bridge_slave_1) entered disabled state [ 1660.525570][T28405] bridge_slave_0: left allmulticast mode [ 1660.531538][T28405] bridge_slave_0: left promiscuous mode [ 1660.537259][T28405] bridge0: port 1(bridge_slave_0) entered disabled state [ 1660.694840][T28405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1660.706470][T28405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1660.716586][T28405] bond0 (unregistering): Released all slaves [ 1660.785830][T28405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1660.796728][T28405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1660.807155][T28405] bond0 (unregistering): Released all slaves [ 1660.892586][T28405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1660.904726][T28405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1660.914594][T28405] bond0 (unregistering): Released all slaves [ 1661.395486][T28405] hsr_slave_0: left promiscuous mode [ 1661.401494][T28405] hsr_slave_1: left promiscuous mode [ 1661.407299][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1661.416443][T28405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1661.424406][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1661.431910][T28405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1661.443413][T28405] hsr_slave_0: left promiscuous mode [ 1661.449174][T28405] hsr_slave_1: left promiscuous mode [ 1661.454872][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1661.462413][T28405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1661.470177][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1661.477628][T28405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1661.487732][T28405] hsr_slave_0: left promiscuous mode [ 1661.494530][T28405] hsr_slave_1: left promiscuous mode [ 1661.500401][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1661.507846][T28405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1661.515888][T28405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1661.523539][T28405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1661.539392][T28405] veth1_macvtap: left promiscuous mode [ 1661.544942][T28405] veth0_macvtap: left promiscuous mode [ 1661.550714][T28405] veth1_vlan: left promiscuous mode [ 1661.556022][T28405] veth0_vlan: left promiscuous mode [ 1661.562195][T28405] veth1_macvtap: left promiscuous mode [ 1661.567718][T28405] veth0_macvtap: left promiscuous mode [ 1661.573986][T28405] veth1_vlan: left promiscuous mode [ 1661.579344][T28405] veth0_vlan: left promiscuous mode [ 1661.585422][T28405] veth1_macvtap: left promiscuous mode [ 1661.591217][T28405] veth0_macvtap: left promiscuous mode [ 1661.596855][T28405] veth1_vlan: left promiscuous mode [ 1661.602337][T28405] veth0_vlan: left promiscuous mode [ 1661.873926][T28405] team0 (unregistering): Port device team_slave_1 removed [ 1661.896819][T28405] team0 (unregistering): Port device team_slave_0 removed [ 1662.122974][T28405] team0 (unregistering): Port device team_slave_1 removed [ 1662.150223][T28405] team0 (unregistering): Port device team_slave_0 removed [ 1662.327726][T28405] team0 (unregistering): Port device team_slave_1 removed [ 1662.342464][T28405] team0 (unregistering): Port device team_slave_0 removed