last executing test programs: 28.72156448s ago: executing program 3 (id=2365): mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_rfcomm_sock_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x10200, 0x0) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(r0, 0xa, &(0x7f0000000080)="0ed1dcc929267a7948fa73f6ecca2453d8becfc1e27653bbc2a08c184ff8da85a463066d8f958c22d4704bdfe069bce5aa0f2a21f33a7fa5e0e960c54e81d956ef23e830e5290ed7419c73dae820fbeff1e5ef2cd6df5006f9b6ac04320621eccf230a2ea5d5bdf7a171e90da4dc9c4d9a95248ee977c3d6dd78ee68ec8809e7", 0x3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) r2 = ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000080)) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x3b70, 0x0) finit_module$auto(r2, &(0x7f0000000100)='\x00', 0x4) 28.319564901s ago: executing program 3 (id=2366): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x2, 0x400007, 0xe895, 0x16, r0, 0x401) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r2, 0x300, 0x70bd26, 0x25dfdbff, {0x88, 0x0, 0x1f}}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0xce24) connect$auto(0x3, 0x0, 0x55) openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0xa001, 0x0) bpf$auto(0x0, 0x0, 0x0) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 25.940328286s ago: executing program 3 (id=2370): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r3, 0x7a6, 0x0) prctl$auto_PR_GET_SHADOW_STACK_STATUS(0x4a, 0x7fffffffffffffff, 0x0, 0x2, 0x8f) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x108000, 0x800034, 0x9) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0xa8, r2, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_MAC_MASK={0x88, 0xd7, "ce663be44c2ab39c0a411e0c0f4b05dbb10589d60e416fbc3a4d1abf8f0d864fbac193f3c08aba595d956e517214235b5c7ceaebcfa8a83e7f198a70fa2fe46142609e753548ee63ec78a9d9418858bf8085a0bcb741abfcd02b606adb439484fdbe0a4279ca405ec02f5ccb6f1357ecedd55958d3561eb7d04fe86859784a0016ba4380"}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_PRIVACY={0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x24008054) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00'}) unshare$auto(0x8000000) semtimedop$auto(0x7, &(0x7f0000000200)={0x3, 0x6, 0x1000}, 0x3, 0x0) unshare$auto(0x8000000) socket(0x2, 0x1, 0x0) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x82, 0x0) r5 = bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96) bpf$auto(0xffffffff, 0x0, 0xb) openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0) socket(0x30, 0x4, 0x6) sendmsg$auto_NL80211_CMD_NEW_MPATH(r5, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8800010}, 0xc, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000425bd7000fddbdf251700000033016e8008000300e00000014aaaff237f86cb195d10dd2b2dea889d71778fabff84e7999146fb5b6866ecc551ba62b701aed2b1f94b4e38a7fea5945a853dd6bc7d103cc20563a61212fada2196d0e23ee39260c0e7ad91c5730e6e5593500111fe92b15d8ef9a949fdafbb44a39d4a3757078f2e3314bc1ac27ca8ecac8394634b8ba1db9e3a8c59e7e3535657cfec0072ba1ce4857811f32246e20b6c88369d8ef3d38934df7d08e254f47c026c18db7dec8991f308fc1be97b006a766b121bea3657f1155ed400e592210f3ed30caf1cd0920d6f8784ed77bb855109f901537dc8d2646d6146e108d92b3bf706f3e24c3d881f0d92a52e1dd5f8322a55d34be3174ac1e57e225bb0b83871e1fe038210ad08867ad020cad6aebddf2a5f36c67b8139c8a2709f6190a60800fd0001000000000800230101000000"], 0x150}, 0x1, 0x0, 0x0, 0x1b6efac7cd8fe165}, 0x8010) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 23.75549831s ago: executing program 3 (id=2374): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) pipe2$auto(&(0x7f00000000c0)=r0, 0x8) r2 = socket(0x2a, 0x2, 0x1) connect$auto(r2, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) sendfile$auto(r3, r4, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) sendmsg$auto_BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4008050) sendmsg$auto_MACSEC_CMD_GET_TXSC(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, 0x0, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@MACSEC_ATTR_IFINDEX={0x8}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x48090) setsockopt$auto(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x9) socket(0x2d, 0x2, 0x0) recvfrom$auto(r3, 0x0, 0x2, 0xf90000, 0x0, 0xfffffffffffffffd) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x6, 0xb69, 0xed, 0x8, 0x3, 0x15f4da0a, 0x6, 0x3, 0x62, 0x4, 0x7, 0x200000000001, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(0x3, 0x0, 0xffd8) r5 = socket(0x2, 0x1, 0x0) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r5, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendto$auto(0x3, 0x0, 0xfffffffffffffdef, 0x7, 0x0, 0x101c) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x2c, 0x1, 0x105) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 12.41756913s ago: executing program 0 (id=2400): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003680)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_NEW_KEY(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000004880)={&(0x7f0000000100)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd700002dcdf25090000030400070008000300", @ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x40010}, 0x890) 11.152639994s ago: executing program 0 (id=2402): r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MON_PEER_GET(r1, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r0, 0x711, 0x70b52c, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x700000000000000, 0x0, 0x4405}, 0x4c848) 10.932121778s ago: executing program 0 (id=2404): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x2, 0x400007, 0xe895, 0x16, r0, 0x401) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r2, 0x300, 0x70bd26, 0x25dfdbff, {0x88, 0x0, 0x240}}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0xce24) connect$auto(0x3, 0x0, 0x55) openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0xa001, 0x0) bpf$auto(0x0, 0x0, 0x0) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 8.513371714s ago: executing program 0 (id=2410): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='x\f\x00L', @ANYRES16=0x0, @ANYBLOB="000026bd7000fedbdf250300000006000600810000000600070000800000060006000e0000000a00050000000000000000000a00010000000000000000000a000500aaaaaaaaaa400000080003003f00000008000200", @ANYRES32=0x0, @ANYBLOB="080004008000"], 0x68}, 0x1, 0x0, 0x0, 0x20040084}, 0x4018) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2, 0x0) pwrite64$auto(r0, 0x0, 0x1, 0x27) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = socket(0x2a, 0x805, 0x100) r2 = socket(0x10, 0x2, 0x0) r3 = socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) getsockopt$auto(r3, 0x29, 0x36, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0xe733054f64a28f9e}, 0x801) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000000), r1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000) readv$auto(0x3, 0x0, 0x1) read$auto(0xffffffffffffffff, 0x0, 0x790) getsockopt$auto_SO_PASSPIDFD(r2, 0x1, 0x4c, &(0x7f0000000040)='%+\x00', &(0x7f0000000100)=0x877) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x15, 0x0) 6.995371396s ago: executing program 0 (id=2412): syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(0xffffffffffffffff, 0x4018bc13, 0x0) write$auto(0xca, &(0x7f00000001c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'caif0\x00'}) unshare$auto(0x40000080) mmap$auto(0x763, 0x20007, 0x4000000000db, 0x17, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyr4\x00', 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x80000000, 0x4008) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/tty/ptmx/uevent\x00', 0x900, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = socket(0x2c, 0x3, 0x0) getsockopt$auto_SO_DEBUG(r2, 0x4, 0x1, 0x0, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x20800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000ec0)=""/4096, 0x1000) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000840)="13") openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/io\x00', 0x40, 0x0) 6.061075639s ago: executing program 0 (id=2414): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x6, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r2, 0x0, 0xfff) msync$auto(0x7f, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = socket(0x2, 0x3, 0xa) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'ipvlan0\x00'}) poll$auto(&(0x7f0000000180)={r4, 0x1, 0x9816}, 0x7f, 0x0) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x0) r7 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r7, 0x0, 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) remap_file_pages$auto(0x8, 0xda, 0x5, 0x4, 0x4) 5.664997802s ago: executing program 1 (id=2416): close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0) recvfrom$auto(0x3, 0x0, 0x6, 0x1000fb, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x7, 0x0) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141241, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) r1 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x0, 0x0, 0x7fffffff], {0xe, 0x6, 0xd, 0x2a1, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) pipe$auto(0x0) r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r2, &(0x7f0000000000)={0x1, 0xfffffff6, "02"}, 0x600000) ioctl$auto_EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f00000000c0)={0x600003, 0xfffffffd, "cdf86d1f5dd42c2d4551085a83043d13eb28268dfa6c2a14920762692e5b734822c8987269927a5fbf06b8a1abdbef7bd5d763b4e8bd85d40a973050391f471446961583106995d8743e3c5bcd28e1d850e77ef0fbe8c27d71013dceb6bb16662152891c7852d21c60690f87e7a4028271a3b7ad485fcd3ed7cfde488d0637acccaf3c"}) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) syz_clone3(&(0x7f00000006c0)={0x64b70200, &(0x7f0000000040), &(0x7f0000000380), &(0x7f00000003c0), {0x3e}, &(0x7f0000000400)=""/152, 0x98, &(0x7f00000004c0)=""/82, &(0x7f0000000680)=[0x0, 0x0], 0x2, {r1}}, 0x58) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x88000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x407, 0x1, 0x44f, 0x7, 0x40000001, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7, 0x89, 0x26, 0x4, 0x200000000001, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x30, 0x1, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x9, 0xd) r4 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r4, 0xfffffff7effffd06, &(0x7f00000001c0)) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0xae41, r3) 5.295421254s ago: executing program 1 (id=2417): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd6/range\x00', 0x100, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8) keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd) socket(0x10, 0x2, 0xc) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) getsockopt$auto_SO_RCVTIMEO_OLD(0xffffffffffffffff, 0x4, 0x14, &(0x7f0000000040)='\x00', 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/hwdep\x00', 0x0, 0x0) ioctl$auto_BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, 0x0) madvise$auto(0x110c230000, 0x8031ca, 0x9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/dev_mcast\x00', 0x4001, 0x0) prctl$auto_PR_GET_SHADOW_STACK_STATUS(0x4a, 0x7fffffffffffffff, 0x0, 0x2, 0x8f) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x10, 0x7, 0x8000017) socket(0x15, 0x5, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x108000, 0x800034, 0x9) mount$auto(0x0, 0x0, &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) 5.04325095s ago: executing program 2 (id=2418): r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/name\x00', 0x971b02, 0x0) mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x90\xc0\xba\xc0u\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u&\x81I6\v\xcc\x00\x00\x00\x00\x00\x00\x00\x00', 0x400062, 0xfffc, 0x0) mmap$auto(0xfffffffff8, 0xa, 0x8, 0x7427c1bb, r0, 0xfff) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) socket(0x28, 0x1, 0x106) mq_getsetattr$auto(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) kexec_load$auto(0x5, 0x2000000000002, &(0x7f0000000040)={@kbuf=0x0, 0x800c01f, 0x4800c000}, 0x1ff) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r3, 0x110, 0x1, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'xfrm0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x20000040) 4.743833827s ago: executing program 1 (id=2419): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_STATION(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400007ab569056a565ba258b200", @ANYRES16=0x0, @ANYBLOB="040025bd7000fcdbdf2512000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x2000c040) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000fc0), r1) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001040), r1) sendmsg$auto_NL80211_CMD_NEW_KEY(r2, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000140)=ANY=[@ANYBLOB="b400003e", @ANYRES16=r3, @ANYBLOB="010025bd7000fddbdf250b0000009d0028014ef0869ca25c4586412d8dba0253a8cadc218117c6a3974e78732d659e48e1b1cbfe2f95b74bace0408421345b683a9034f48318ad15ac3b61af0f4b801ab6d84ba51b239b8a0634afdaabbbe72047cac8fb5708f58e9577e87c80eb271229e53330ad92cfc6406084983d62f711f44bf1d43877b3168a0edc167c15d343fac4a9336b06e60c4c26cc947e7a71f3627f6d0c3d1f3e139a15e5000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4}, 0x864) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) socket(0xa, 0x2, 0x3a) read$auto(r0, 0x0, 0x2000000000007) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb4, 0x8000000000000024, 0x8000) io_uring_setup$auto(0x52, 0x0) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@generic={0x1}, 0x56) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r4, 0x8000) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 3.782667328s ago: executing program 3 (id=2379): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b4b, r0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x11, 0x3, 0x2) getsockopt$auto(r1, 0x107, 0x1, 0x0, 0x0) setuid$auto(0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x84000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) socket(0x2, 0x1, 0x0) mkdir$auto(&(0x7f0000000040)='./cgroup/../file0\x00', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r2, r2, 0x0, 0x200) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_FLUSH(r3, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000026c0)={0x3bc, r4, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x401}, @IPVS_CMD_ATTR_DAEMON={0x398, 0x3, 0x0, 0x1, [@typed={0x14, 0x14d, 0x0, 0x0, @ipv6=@private1}, @nested={0x34c, 0x3f, 0x0, 0x1, [@generic="911cd30cf8417d46affce53d0650c6dc57eef2a996139cc7734cc8c28837f7fddd5c5d1164d24b4a5dd497a7e7fcaa17124937e003048d0faa056aff76f685ec59daa17b48f2d4eec890bbfd23767e7ba2397dfdb591e492d3ed9ce6940f55bfc397d1b37518", @typed={0x5, 0x6a, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x51}, @generic="11e8e643f863a6c2c24b5958b098a4408c1c204b6f13f1cc42211763c63a38295587d5fe2b719371a09e3cef4cc28aa6d209ae99f1cc6f77d55c1280ced516fb9656dc85729ab38861d866d3e4ef46d3caf107829aae372aba13a2d7970525710ed5c3abff16079716056d5fcd7bfd31bbcb1dc21e890b0bf007dcf56228cb6e73f0a94ceae8daa411aa686cacadc8cdd1f2cc3f6405f589f3698f8ea648294a45b7fe37a550990c9976900703cf647416e53be2947b9d3db894ee43d8cbd62750f5fd17507b33", @generic="1e7dab60d3387d8182fb17f41776ce62c3c1be1cafa436590b3a516444b4f586276ddaae8a5721993ef9f32a410b961ad2b87cdc020486907017f99a0e09e4ae0c187b1307c4447b63f601b8f0f4b67554e05c3d52c9ea69118afe3324673337d68d82b23d", @typed={0x2a, 0xc2, 0x0, 0x0, @str='/sys/module/apparmor/parameters/audit\x00'}, @generic="6cc13bb66808529f147f31a841e1df64f5bdd99c8ba72a8fe3a9ecc4bc934ae07853c3f3c2686fb21381babe8851000e713a82769132daa30f47eba67c77e36ec21be39e7578fdb5861a78bcd6749430fc28a149c84437b5767cb4b70a826075b8ee7656774e2c69f66d1c9e514e934abbad8323fe2b3b87e26865f6cb5f1f723a5bba5e36b51b3a6d26d3d5acb9730de40453d6131305a66e7e12b52c76b121def3307f1d6b6df05daab4c38dc3aaf421d4153dd3b677558cbe49262b629d0ab5974129c0711231e4ef78c41152f3370d2138d866c6351df72ae50f7d770e80078f4fa740b7769b113fb19a790e10b1152a3fd7fd", @generic="4b5c0e8c4b38b3097cd8f6955d2c88ca21c48c8f88dc278b3394bfc5f0b88e990fc898005408f3c74a39b53c424d6a75e93b5a8568fc206601c4c3d7e48faa91c97748f4f7b2a787e36f65f30a02d379e0fe94ad30224aec1d5b0db00eed4e5ac707e94ed3d10bea0d", @typed={0x17, 0xee, 0x0, 0x0, @str=']\\-%[{.\'#A),{#/+$$\x00'}, @typed={0x8, 0x13d, 0x0, 0x0, @pid}]}, @typed={0x8, 0x127, 0x0, 0x0, @ipv4=@remote}, @typed={0x2a, 0x7f, 0x0, 0x0, @str='/sys/module/apparmor/parameters/audit\x00'}]}]}, 0x3bc}}, 0x4000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x14, r6, 0x2, 0x70bd26, 0x259fdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x80c1) 3.529968555s ago: executing program 2 (id=2420): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='x\f\x00L', @ANYRES16=0x0, @ANYBLOB="000026bd7000fedbdf250300000006000600810000000600070000800000060006000e0000000a00050000000000000000000a00010000000000000000000a000500aaaaaaaaaa400000080003003f00000008000200", @ANYRES32=0x0, @ANYBLOB="080004008000"], 0x68}, 0x1, 0x0, 0x0, 0x20040084}, 0x4018) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2, 0x0) pwrite64$auto(r0, 0x0, 0x1, 0x27) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = socket(0x2a, 0x805, 0x100) r2 = socket(0x10, 0x2, 0x0) r3 = socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) getsockopt$auto(r3, 0x29, 0x36, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0xe733054f64a28f9e}, 0x801) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000000), r1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) read$auto(0xffffffffffffffff, 0x0, 0x790) getsockopt$auto_SO_PASSPIDFD(r2, 0x1, 0x4c, 0x0, &(0x7f0000000100)=0x877) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x15, 0x0) 3.28111394s ago: executing program 1 (id=2421): r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/name\x00', 0x971b02, 0x0) mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x90\xc0\xba\xc0u\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u&\x81I6\v\xcc\x00\x00\x00\x00\x00\x00\x00\x00', 0x400062, 0xfffc, 0x0) mmap$auto(0xfffffffff8, 0xa, 0x8, 0x7427c1bb, r0, 0xfff) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) socket(0x28, 0x1, 0x106) mq_getsetattr$auto(0xffffffffffffffff, &(0x7f0000000000)={0x81, 0x25, 0x5, 0x80}, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) kexec_load$auto(0x5, 0x2000000000002, &(0x7f0000000040)={@kbuf=0x0, 0x800c01f, 0x4800c000}, 0x1ff) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r3, 0x110, 0x1, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'xfrm0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x20000040) 2.688643902s ago: executing program 2 (id=2422): prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000003280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000092b0f58b30a9af58e298f7b447c30d83a63463c9bb0526019f50cde4428cdc6e", @ANYBLOB="100025bd7000fbdbdf250f00000008000300", @ANYRES32=0x0, @ANYBLOB="080039000700000005002e0001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {0x7e, 0x0, 0x500}}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 2.46094905s ago: executing program 3 (id=2423): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r1, 0x0, 0xfff) msync$auto(0x7f, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = socket(0x2, 0x3, 0xa) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ipvlan0\x00'}) poll$auto(&(0x7f0000000180)={r3, 0x1, 0x9816}, 0x7f, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r6, 0x0, 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) remap_file_pages$auto(0x8, 0xda, 0x5, 0x4, 0x4) 1.596786726s ago: executing program 1 (id=2425): shmctl$auto_SHM_LOCK(0xc, 0xb, &(0x7f0000000480)={{0x255, 0xee00, 0xee01, 0x3, 0xfff, 0x8000, 0x4}, 0xfffffff3, 0x8, 0x64ad6e2b, 0x9, @raw=0x2a, @inferred=0xffffffffffffffff, 0x100, 0x0, &(0x7f00000003c0)="d21ed6bace9cac5313024a8e64a0059f385d8c2d2ecea10cf86601633b0dbe91471669c13aa3b5b1ddaca74444d4a2cd4ee3a63f24ae3eee66d9ead261f2ed4ad2f5ceaa92c373", &(0x7f0000000340)="9b31c9de27d0916161a6bd0ef28b40deafaca692c2e6b2f7b415618efe3c8de5876a09f0a2caa8123e7d210c"}) gettid() sendmsg$auto_NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000001a80)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001a40)={&(0x7f0000002080)=ANY=[@ANYBLOB="000000008915c65580584ccf7a4c98aa1013c5db0678c9c141866ea54cf7c8422ff059fa66e658", @ANYRES16=0x0, @ANYBLOB="000227bd7000fcdbdf257600000017002400d5a49d990b3d25b85e3032f5f881816ef68694003e00238014008d0020010000000000000000000000000001384e9e3f430446ae22791189eacbace3b01f62de590f7967be91fffacf2c0800d500", @ANYRES32=r0, @ANYBLOB="000005007400000000000c00990000000000000000008912848008006c00272e5b008bd8911d371a2564c7c67f8475c87775dc8bf3929146cf2f6dcaa71dc1804e94ae84b6a9ae1027ada446aa92723e88f46befc43d0eeb43a9993c450d93ef10856a9257f313d3841b68d3b62924ce7fbd33e812ab32b0952fb1df932df5bb0b09b555ae5fb968a08821c9b3a4867a3df05ae6c9c0e026e15af06529e66a0afd9fcf9c1fe9b732ae01fd29c2851d95601897f5eaf87158d43e6ec1de2d62a30c65f9c1dec980b71b41289f5592896b9e8d1be8b03f902988d6a1d01ea1653725067ce76385a23a261fc8b7bc570acea1b89342052341f81f2e1ca9613b1db5e07e9b5adef08f86f069d0228f6dc7b7a66c7cf7164739080cb3923ad38836e517367283c9448201592dfba9dc24f586549e0db3e77e4ca696c7cbcf729ca3ef6a37e5963360c2101fd1ec8da552d087747ea23e7290f18fa7aaee20cac7a683dce4da501a7bba40b55cb605a7c0322b545290ee91ce046cba9b7bea833e71050607e865014c4183c4e1debb595b11a8edb33a8ce73741941930b408c288fc82a2fc33821bc9960bcd12d12aaede9f6d1e80c529dce0edef6403ad587f884e636aeab8a3041b48a39a5d0ff740cadcf75b2384868faaa681064e01381c2d853f139dc5a11f28c464875888ab55daefae8e26e0a7ae865211677f0e7451d4f5637613e8e04e195a745d7c121fe1a4eca893a6c24457b2364053ed424b9ce35b6e5b03fd86798f2ef6c329c2545fa63f88aab5e5996c33ed7ddf216a1f5c0bef42a7dc09b1361d38cbc23f8d81af9150d6b139414ce4073cc6d41612a617406c4234fe9a2a351babe43b9283974707e34682edcc2415c0ac5300c78c3556824c0bbd718aaa14f595cbeb3e114462f81bfdf899982f3531ba0b2be1a35e0aee09955f97614ab495db883faca2f391b6f4eb46df0a1ec5c463d251daa5c03b344931c4119499adf749c0a58e287bd83dbb3775151c683833cc2737c753ca03498032a5badcec2617cb7034abd47c760c886b09d47dec8379182a8e6dc292a8f5a98bce78de1255af837cd4ec9ca4d56a6cea4d6f8541b58c871b538adfb62b469ead865c27796099dbd595e676adea29ff441f9a94270e5031fe14658ff979652227eb305820bf8cfba43a362c38c1149e3248cb1d01d1653ae1a1ed14eebdcc4730554d931f3c748d2d30a439a213def713aeb1f5b0726f24b797cecc56207decfa7df570956998c10580fb7169594c08a0a9ca247228609b2c92b70d83e105e88634de2fcc8ff741dadd176f48b1db757e1401d5d4dba62582322dcd6cbb383ad0cf2130259a8004192e08df4d816e5f9e8454002567b264035c2178abba4942c13e5d7b1eb57ab691091583ad2614f26de5df47c42368ace5a0e9b39704738f2b673c5798b61a85e53c5f9871714763c80b94a1baf3439fe78081451b2c23cdd6d50512895dfd30227963821f80083df9d00ae3b624071be223971f92db6f6913e1e43cb34fd3b5b8569c10e5d36914b04dcbd707a6129d622348aa7e0db777144531ab6c1b2bd9975eb40cf592a975dbd71792ebd273b4e11a72f0d5866f4d5216ac376f3fa065e7e15a232cfc600597b0628fddc85615a027ea1acd74488eb07db27b5b90602c5e6b1f39bd1531dc99bf762a14d3ccbe15f1efbe87881d1da97cae2b0bef868a6115b6c514739e7ebdbe9c4545e546d305e0bb3d36cfce791c0f0eff141afc7d4f416d66daa3d6473b5ad78db14f7085e172ad748d9b2faa5105472afc5afff0eb9142dc444ef95fd50b725b1c5d1aecd6c0e21fd3a5bb7927da9f2d4fb13c044475a8fc1e58e85a42ecf26e4bbc292568e9cc2e8569003ae3b4adf709ceef77508df813969f64da72e75fd1bf2c68fd4326192fb8db7df5e2292bde2db6298f714fc0ed80e979a2c584ca7260f9a2472d223d6b383c3456fc38ff91f284ad484ac89020daff85b36cedabd346c0719e7a4c71549d911f87f1c808824f69c4fb4fd75423dce1127bd67b9bb44cc0ca42ce4b7f0ef6895d6231e75395678861f9eeba2a92d2658030cb5b725e9e7a133e222fe20ce5926098fbb22f31aedea74c540052249682d86e23e634802874b6290f064ff148e08b5c7c198aa31ca8914b63f9e2f5266810aebe53db1b05a27f8122195eaf977c88ca2ff73b97f69d61331bdfa02fa1420559fd7cdbc5940215406066ee54b7679ba999a0671023c573ba2e7e6d7954995b6e20c3fc721a727bd41839419018092e9042af3ef887d9b24e3aa2bf8aa1003e460176cae5d17055110ff395dc1aa3b64f77ca9654cf5e2ac5c091a45deb40792a27071bb6b5f99f8f6ce2e723fc4969989551295e231a7529f5175d562706a6d0d4bd9f0f296107261e9881d231935927c0082607d0789a62a0825875a19fff383a487a3e67da3d431361aa001841b3d2477793e19e3ee0fb207c520e094597f7495e420cfa05f448733f1b1f98df1189ecd6628f1088a014942f400c0679bc251bf2449f77e867a73c53b7697e4385ba2a6c7fe60b8c2ce196d8de732236fa4688cb3d817d3c706614d71cd6ff6fbb21690c7befdf917f6582ceccc9f78dafd604702d1860944b552ddcf2fa148444ad7467eef8cc1a6366655b1585de1168049bb50b5b55a1c6880e1cc292305d7a6621a1a31a970e749a87b8f0b33502fef93b6a38e211f98392ae8dbf29c6ec7b5dded4ff2584a471ef1c65f57dc36024dc80f523e88b8c18b8500e471531a5fb89f9ff9bcdc652f07976df8602bbaa361eab8b7a870172bfc784deed90b1d2f6fc7039da6cc31523880ba48184009ef520bff24bdaa10fdd5a4891d0ef9f29cc88bf51e19176be00431fc763f701ab5ae804878aaf50dbcb6e60143e369663dced0d6e88ab28d8e1566167e589cfff7351159ccb1d751fcb4e1079e5c40582cef6f9b7fdec5f2589c56766fcb359d8dede079e8ca46495ba8f6cd1bf14a983e92bf08e144ac1f1dfaf4f10d11862253202004f83f39a4c9b8680c40aad0267db98fbd64d01f8b7d5e267ae4c64d535b778e2fc66381cac4ed500760ca71bd0ab979aa37b5ca884b4b2101b0614c3225b9c20da471997ff7989295df50e87f1f1668cbeedaac23dda525b0f99e81670ecfcffc4e56d3e1c64006c0bbba0a572f9ade942df4ae52b378058293bd9d12bfc1e038cef8f6662a4906af2c77dcd69378b72e9506ff41739d372a5e7f8f646f9a1455f610af37ee51fdca19a948b5bd21bf02b8f5a27ea3d6cf1b889dfd6959c173687acef86651bf5b70b68fecb83d1bac8a87e6a5c421aebca6387ef0a9c7a18543bc4f7f1536dfc04828694926b61cab46a2e9d2c04aa4ebfacdec58e66a9051e352e8b3229981c02067a505ce7e05d6f7f368e80c72d325f5e372ce3fdad64633957cb3e691ee9b984854cd3905721845eeb45c99c12d0a3cd3f0335caa7b008c7bcdbf1f4dae28e03161b9907d0cf030ed31334fa66dfe43fe3d320f0f58c1b9719434c88c6e96f1ea2ca4690d60d9ea3de7c7bb3b7ebb85cbff1a2a46c35182125f14369bee60d185302c64d88dbf302b17434d852c1f660708adef146b78095d2dcfb0ccf89e1b9bb199df1cff2a1e12d275de3f75cfe62a3563ec1797da76bb290cde6b1c24adf493bb2cd910c5010f47005aaee26993890689cc0a391ad1482207a399d637c9b522718d7253a6935cc3bb6f1978dc467798740ed5366513f197e78f8730a63fde274296b53b673a6e156641480f984e7904a4fd038f6fa3b9c98ae4b163dab45233cafb2f3a61c6025b7f0c72e854fb637df25b16f5fbf11024fdb832b7ea162e2e9871ef6983f1d127eccd1a329f2601c7840cb0ad01f87026e60cf81e6a3efede53afc88f163699812fa216a2e98bc827700fd08b90904dcfb29c988b761c404dac14e3b06d8937ecd75f71bcf02142c172422e9a9b63a1c4873ad627c1feb6ef77ccf58d2766e40941ad65e2b987ba2d18a8aeecfb7864e6b44c1e46468ba0249c9386f63c087b598bc05670aec86b91b66aeeb959840a05bd3a93a581960b65ed2d34b167bfe847737b30d0f086493486d12786b9acb40bfba9c11732e5efb05e212084491e09a4068b66465c3ecddb90ac5828a3e209667bc80093705ece65cce218b019e78a5f9dac837e1a132342dd92aca47e1e158170a5ec43307d54bca4a877c24c9edae2f5486d2ea2b7f28714f302314ce6da944a765eea5306cb0786021297a50551683358d02e045db1bd0e3e860eb2abb34d77b190a24b21d095508571e8c18f549a5973b992c85a1c839a469fe44ce946e70c250d9a9d2182fc51ff4f2edb88a4e5043da8d46bb02bf8ee8725c746990b18c1ce0bfce493a45e86260978c739602c91ffbad9cc027aba5ed356d8785e578f8017bec74223f888068ef8ade984ab4d533266b30b889eb9450188bccab4dda8083073defc8c37e313a3c04194cc7f39da3b1f810d6d2b53ac65c90b0af447168271a79af450d288f869bd2d39a32909b11aaa7a3709655821c71b3381621991f33782cb47cf4594d04ff64347dae1d0e09a1eb889b815d8bb79dedce64e26c2728c89035e80ef451dca2e797baafc30d59275f728dc1b70048991723b5ededc4ce4bcbae256818cb83d68e7c4c5072249eaa9e5adaeafc2e0777b6de9e1b452528c3ba3b8e688a50579a023d61e0133b416579cc09ef91709129c51174baf8ae20c4c03035a8e8fa8b7063bfdd02a2acae870e578acbb245e56a1aa1904f912c93a8b30f61c4016df3293c461a03b3eef01d4aee884f56ada352994119b493288395a28a1c27816764a8ea013aebe1f556e232d66a6a9508bb290cbc9f9b33375e871660cad91b7e7236c0503764dd2d6d8e246535fe288e3e72316b133b8e63444c02c00426f4285668882e369b99d0d3408734180f3dc7607d6bfeffbd6dd7ab1a151ae79786409dc0e27eaefe23d4dd8c2d5422c5c7fe175e2c26b850177f8d635f645f731d8522d39bb69c5ae6c88d062d6ce15a96f2f54d1e705ea4677c8362dea63025b446b6839c7fcb4c4b99abfbaee6bbb7d9da807baed0aa0a25baa02f0ba939ba67f191baa316668a3e2e3c22a5060c5179cbe2eb5c8e7a11d91ec5b9acc1759320ba9c04f73296daf429682dd438b029fda6d7f26d0bda8973753ecac61d07b81476a2953f51cb6705d60210dc5e8ddcb66ad9c01d5491eb78fed516b17b10b053f76952b67f52a26552330c24d687767e09b3e0bd4536b05ddfa9590346a5bd7f917ec850c9b5c811c18aaf7dbb4aefbb4540e134337b111b1dd8102f50f8974077046596b7c6f35b1188a32aebed9cd14d9d2e7191c320664bee573c72614a544e99e931c75849eb28293506cffbb4f63af7d50bb1d835791940b9baa9603ba79bf15a829c1e7bb3701e6feb79278eb06ce4a3510061387473623c3097f4af08b57c6813697f6e187fe2ffa1996af0bbb08ba8de5803544e0d7a07d1ca6e241dfda27168a9dfec3678c8631387ab71c2283253e2954edc001ded236863a03b795540da2fcfeceec4b5dab896d00c9929a69f67a6b40cc315259bc341120776d641db3d7ffa5634972686e46d3c46c3f6386284f447cfe3cff8fae61b859b89e47232f026d848e99e4efcf3488c95fb6a22e3170a697e48f194572c3a99e3cc571fed2be36f1f5d0672000ae699bb8ea0fca110213653f92ab9999f04f5c4091a44835d7fa8f6a04ed4da13bc717189d992c0cb554503e6ac30752cf50bf6efdc4da27f03424c71064d59c8eed3b99d0208185c5882598c525e8a3389d210aece4e2dc62200ff850d52008f90525cbcad2013a98ecbb996eea6e34164010d8876dd84265f7ab3e91cdc13a774b2240516134ac0e1c64d4669b9daa70a44ac60b878acced2aee29976ab189b09231a7a15fad1efaadada12a864e4e661d08b748abb61437d0d3e4af2524840c94d648141b92c37ccfa0c30525cdf32a6e2cf677d933c5ab78b22c30d3726cf1fcbaf992fbc64a0fb0161bc5edc19c3115045aa720cb72368d5d1831ff3a5348bc775993631df0b7f745a975cdc88b186f74a0e860a4f257677943e0558b9be9634775bcfb4f91e428aa7f9928372127f67c67d1b0815de16f93f0dcf4ce1fe65da60ea67a1bcaa913a5bd827e10aa98f7134feb8f7dde4b08590daad1323a9858cb7934555e676d0e17c918c0c38a220f7cb0282d96d16a9d096f5cae5b896338eeb93d8e014dcac717b0e65381da6a7d3b81d2ee0591c06b4ade97954cb2deed501f0b5642b180a00c880441af3b37b65000074008d80f2918b63867fccc0462516643f9c81628d576c59190b3871827ee42a95e0abe743a81bc0f3b952549290afe61ff0056722e1fa5a8e32c00628ef7096946fe7ef25713994b0931de904009a801400c200200100000000000000000000000000010c002300feffffffffffffff04002a801000c080040003800400ae800400268006aae28089267fcafd474e866f3aaa0f66ad737b7644cb125f8a75cec1d53544d1f5074f925165edb6d224a8b67a5d2683a00972efd4b865c64fb68b945f41bbb29831dfa1acfb633efecfb9f3a90d67789c8fba8043433bf2af12c1369975cdc7878c553723a93cc3ba4f6a7e696b13cecc2f3d8895c9a40b5c0800278004004280000000c40036015f416e4afa9889561ff6801f927429b255f26b15bf8b39f2fb8134ab137f0507493a591306fb4f9d1567d8bd3437d3844345cec02264dfd71564acf2ab440c19e6ba4b7ba8fdd3bc3efcc7af9acfa6ca21d83b4c9673f24f34eee102654382b02ec987a169383562406f3b6ce4fb15450ea601bd2064fe35f4f092152593584bc16cb3a0a30567698869c7dd6496cfa0dca66a988a77f8b5282d11f0b984b0803ca035258c3794d7e63f6a0b0388f6416779e5c46b296f60f7d92a0713db0e2a0600f7004a06000008004a000500000084001501d63914fa6a7d6edcff3864a3b9fbde900396010b9e2fa9d82548e3fc0ec480aa273a4eedb32aabb1b644c961867069791da4b86bb73c8b23eddc9fc34165b78a8df2f273cda317f7930906b9a62e9163309d2ae64056ae17109003b92c50c4e7b9a3334b35e3045f3a664724b31b9ab4a2adf4dff1921a37686cd21ab000144e"], 0x1464}, 0x1, 0x0, 0x0, 0x800c085}, 0x4040001) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xd97f760c479e8c8e, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x3, 0x660b, 0xa6e, 0x40eb4, 0xd, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x19523306) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000019c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup8/prevent_suspend_time_ms\x00', 0x38d0c1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000380)=""/11, 0xb) sysfs$auto(0x2, 0x23, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) shmat$auto(0x0, &(0x7f0000000000)='\x9a\x1e2\x8e\xe3o\rJ\x1e\xe3\xb9\x96\x0f\x80\x91\xb8\xb95\x98F\xf8Q\x01\x00\x93^', 0xfffffffa) mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000) 1.520763311s ago: executing program 2 (id=2426): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x179, [{0xc0000080, 0x400, 0x9}]}) 1.217523002s ago: executing program 2 (id=2427): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd6/range\x00', 0x100, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8) keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd) socket(0x10, 0x2, 0xc) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) getsockopt$auto_SO_RCVTIMEO_OLD(0xffffffffffffffff, 0x4, 0x14, &(0x7f0000000040)='\x00', 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/hwdep\x00', 0x0, 0x0) ioctl$auto_BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, 0x0) madvise$auto(0x110c230000, 0x8031ca, 0x9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/dev_mcast\x00', 0x4001, 0x0) prctl$auto_PR_GET_SHADOW_STACK_STATUS(0x4a, 0x7fffffffffffffff, 0x0, 0x2, 0x8f) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x10, 0x7, 0x8000017) socket(0x15, 0x5, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x108000, 0x800034, 0x9) mount$auto(0x0, 0x0, &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) 324.608616ms ago: executing program 1 (id=2428): r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(r0, 0x80000000, 0x1) read$auto_ctl_device_fops_user(r0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x40200}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0xf500000000000000, 0x200007, 0x19) arch_prctl$auto(0x1021, 0x3) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000014c0)='/proc/self/net/ip_vs_conn\x00', 0x20440, 0x0) pread64$auto(r1, 0x0, 0xa0, 0xf86) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen\x00', 0x0, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) 0s ago: executing program 2 (id=2429): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x2, 0x179, [{0x40000118, 0x400, 0x9}]}) kernel console output (not intermixed with test programs): x40/0x100 [ 652.206404][T14339] tty_init_dev.part.0+0x1ec/0x500 [ 652.206445][T14339] tty_open+0xa50/0xf90 [ 652.206490][T14339] ? __pfx_tty_open+0x10/0x10 [ 652.206528][T14339] ? chrdev_open+0x10b/0x6a0 [ 652.206566][T14339] ? __pfx_tty_open+0x10/0x10 [ 652.206602][T14339] chrdev_open+0x231/0x6a0 [ 652.206634][T14339] ? __pfx_apparmor_file_open+0x10/0x10 [ 652.206681][T14339] ? __pfx_chrdev_open+0x10/0x10 [ 652.206718][T14339] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 652.206772][T14339] do_dentry_open+0x744/0x1c10 [ 652.206804][T14339] ? __pfx_chrdev_open+0x10/0x10 [ 652.206871][T14339] vfs_open+0x82/0x3f0 [ 652.206915][T14339] path_openat+0x1de4/0x2cb0 [ 652.206959][T14339] ? __pfx_path_openat+0x10/0x10 [ 652.206992][T14339] ? __lock_acquire+0xb8a/0x1c90 [ 652.207039][T14339] do_filp_open+0x20b/0x470 [ 652.207069][T14339] ? __pfx_do_filp_open+0x10/0x10 [ 652.207128][T14339] ? alloc_fd+0x471/0x7d0 [ 652.207187][T14339] do_sys_openat2+0x11b/0x1d0 [ 652.207226][T14339] ? __pfx_do_sys_openat2+0x10/0x10 [ 652.207283][T14339] __x64_sys_openat+0x174/0x210 [ 652.207325][T14339] ? __pfx___x64_sys_openat+0x10/0x10 [ 652.207384][T14339] do_syscall_64+0xcd/0x490 [ 652.207419][T14339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.207450][T14339] RIP: 0033:0x7f186518e9a9 [ 652.207474][T14339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.207503][T14339] RSP: 002b:00007f1862fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 652.207531][T14339] RAX: ffffffffffffffda RBX: 00007f18653b6080 RCX: 00007f186518e9a9 [ 652.207550][T14339] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 652.207568][T14339] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 652.207584][T14339] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 652.207600][T14339] R13: 0000000000000000 R14: 00007f18653b6080 R15: 00007ffe15bf91b8 [ 652.207639][T14339] [ 652.207649][T14339] Mem-Info: [ 652.634621][T14339] active_anon:3660 inactive_anon:7263 isolated_anon:0 [ 652.634621][T14339] active_file:21412 inactive_file:38035 isolated_file:0 [ 652.634621][T14339] unevictable:768 dirty:2633 writeback:0 [ 652.634621][T14339] slab_reclaimable:11504 slab_unreclaimable:95520 [ 652.634621][T14339] mapped:32084 shmem:1366 pagetables:1175 [ 652.634621][T14339] sec_pagetables:0 bounce:0 [ 652.634621][T14339] kernel_misc_reclaimable:0 [ 652.634621][T14339] free:1310219 free_pcp:17843 free_cma:0 [ 652.698761][T14339] Node 0 active_anon:14640kB inactive_anon:29052kB active_file:85560kB inactive_file:152012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128324kB dirty:10532kB writeback:0kB shmem:3928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12404kB pagetables:4560kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 652.769613][T14339] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 652.822517][T14339] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 652.929991][T14339] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 652.994591][T14339] Node 0 DMA32 free:1320376kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14568kB inactive_anon:29596kB active_file:80016kB inactive_file:151940kB unevictable:1536kB writepending:10644kB present:3129332kB managed:2540456kB mlocked:0kB bounce:0kB free_pcp:63568kB local_pcp:38152kB free_cma:0kB [ 653.068384][T14356] Invalid ELF header magic: != ELF [ 653.091268][T14339] lowmem_reserve[]: 0 0 1 1 1 [ 653.096193][T14339] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1260kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 653.225065][T14339] lowmem_reserve[]: 0 0 0 0 0 [ 653.231932][T14339] Node 1 Normal free:3907268kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:128kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:6464kB local_pcp:2048kB free_cma:0kB [ 653.287675][T14339] lowmem_reserve[]: 0 0 0 0 0 [ 653.301729][T14339] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 653.316002][T14339] Node 0 DMA32: 1342*4kB (UM) 1029*8kB (UME) 1059*16kB (UME) 632*32kB (UME) 348*64kB (UME) 189*128kB (UM) 121*256kB (ME) 65*512kB (UME) 47*1024kB (UME) 7*2048kB (UM) 268*4096kB (UM) = 1321680kB [ 653.368036][T14339] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 653.397669][T14339] Node 1 Normal: 209*4kB (UME) 60*8kB (UME) 48*16kB (UME) 263*32kB (UME) 105*64kB (UME) 27*128kB (UME) 10*256kB (UME) 4*512kB (UME) 3*1024kB (ME) 4*2048kB (UM) 945*4096kB (M) = 3907268kB [ 653.493003][T14339] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 653.508275][T14339] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 653.541559][T14339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 653.585632][T14339] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 653.629147][T14339] 60375 total pagecache pages [ 653.646902][T14339] 44 pages in swap cache [ 653.655950][T14339] Free swap = 124704kB [ 653.669156][T14339] Total swap = 124996kB [ 653.686023][T14339] 2097051 pages RAM [ 653.695512][T14339] 0 pages HighMem/MovableOnly [ 653.708906][T14339] 429959 pages reserved [ 653.717700][T14339] 0 pages cma reserved [ 653.731323][T14339] tty tty26: ldisc open failed (-12), clearing slot 25 [ 656.744840][T14406] FAULT_INJECTION: forcing a failure. [ 656.744840][T14406] name failslab, interval 1, probability 0, space 0, times 0 [ 656.760479][T14406] CPU: 1 UID: 0 PID: 14406 Comm: syz.3.1924 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 656.760519][T14406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 656.760538][T14406] Call Trace: [ 656.760548][T14406] [ 656.760560][T14406] dump_stack_lvl+0x16c/0x1f0 [ 656.760597][T14406] should_fail_ex+0x512/0x640 [ 656.760629][T14406] ? __kmalloc_node_noprof+0xc5/0x500 [ 656.760667][T14406] should_failslab+0xc2/0x120 [ 656.760712][T14406] __kmalloc_node_noprof+0xd8/0x500 [ 656.760746][T14406] ? alloc_slab_obj_exts+0x41/0xa0 [ 656.760799][T14406] alloc_slab_obj_exts+0x41/0xa0 [ 656.760846][T14406] __memcg_slab_post_alloc_hook+0x255/0x960 [ 656.760896][T14406] ? kasan_save_track+0x14/0x30 [ 656.760932][T14406] kmem_cache_alloc_node_noprof+0x312/0x3b0 [ 656.760965][T14406] ? __alloc_skb+0x2b2/0x380 [ 656.761003][T14406] __alloc_skb+0x2b2/0x380 [ 656.761032][T14406] ? __pfx___alloc_skb+0x10/0x10 [ 656.761079][T14406] alloc_skb_with_frags+0xe0/0x860 [ 656.761117][T14406] ? aa_label_sk_perm+0x19b/0x5a0 [ 656.761169][T14406] sock_alloc_send_pskb+0x7fb/0x990 [ 656.761238][T14406] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 656.761291][T14406] ? __pfx___mutex_trylock_common+0x10/0x10 [ 656.761357][T14406] unix_stream_sendmsg+0x6d2/0x11d0 [ 656.761420][T14406] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 656.761472][T14406] ? __pfx_aa_sk_perm+0x10/0x10 [ 656.761520][T14406] ? schedule+0x2d7/0x3a0 [ 656.761578][T14406] sock_sendmsg+0x3cc/0x470 [ 656.761623][T14406] ? __pfx_sock_sendmsg+0x10/0x10 [ 656.761701][T14406] splice_to_socket+0xaf6/0x1110 [ 656.761750][T14406] ? pick_eevdf+0x3be/0x5b0 [ 656.761786][T14406] ? update_curr_se+0x8b/0x270 [ 656.761850][T14406] ? __pfx_splice_to_socket+0x10/0x10 [ 656.761954][T14406] ? apparmor_file_permission+0x251/0x400 [ 656.762001][T14406] ? bpf_lsm_file_permission+0x9/0x10 [ 656.762042][T14406] ? security_file_permission+0x71/0x210 [ 656.762094][T14406] ? rw_verify_area+0xcf/0x680 [ 656.762140][T14406] ? __pfx_splice_to_socket+0x10/0x10 [ 656.762194][T14406] do_splice+0x1475/0x1fc0 [ 656.762246][T14406] ? __lock_acquire+0x622/0x1c90 [ 656.762305][T14406] ? __pfx_do_splice+0x10/0x10 [ 656.762351][T14406] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 656.762400][T14406] ? find_held_lock+0x2b/0x80 [ 656.762437][T14406] __do_splice+0x32a/0x360 [ 656.762492][T14406] ? __pfx___do_splice+0x10/0x10 [ 656.762555][T14406] __x64_sys_splice+0x187/0x250 [ 656.762612][T14406] do_syscall_64+0xcd/0x490 [ 656.762650][T14406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.762688][T14406] RIP: 0033:0x7f186518e9a9 [ 656.762714][T14406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.762745][T14406] RSP: 002b:00007f1862ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 656.762774][T14406] RAX: ffffffffffffffda RBX: 00007f18653b5fa0 RCX: 00007f186518e9a9 [ 656.762795][T14406] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000004 [ 656.762814][T14406] RBP: 00007f1862ff6090 R08: 0000000080000001 R09: 0000000000000009 [ 656.762833][T14406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 656.762853][T14406] R13: 0000000000000000 R14: 00007f18653b5fa0 R15: 00007ffe15bf91b8 [ 656.762895][T14406] [ 657.257920][T14404] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1923'. [ 657.580963][T14418] tipc: Started in network mode [ 657.593628][T14418] tipc: Node identity ee00, cluster identity 4711 [ 657.617403][T14418] tipc: Node number set to 60928 [ 660.178195][ T79] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 660.602334][T14449] __vm_enough_memory: pid: 14449, comm: syz.0.1933, bytes: 4398046511104 not enough memory for the allocation [ 665.380963][T14524] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 665.387129][T14524] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 665.404939][T14524] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 665.454525][T14524] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 666.297939][T14548] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1951'. [ 666.802620][T14530] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 666.982470][T14562] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1955'. [ 667.429980][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout [ 667.436118][ T5168] Bluetooth: hci1: command 0x0c1a tx timeout [ 667.442371][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout [ 667.519538][T14579] Bluetooth: hci3: command 0x0c1a tx timeout [ 667.616249][T14581] FAULT_INJECTION: forcing a failure. [ 667.616249][T14581] name failslab, interval 1, probability 0, space 0, times 0 [ 667.651268][T14581] CPU: 0 UID: 0 PID: 14581 Comm: syz.0.1961 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 667.651314][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 667.651334][T14581] Call Trace: [ 667.651346][T14581] [ 667.651358][T14581] dump_stack_lvl+0x16c/0x1f0 [ 667.651400][T14581] should_fail_ex+0x512/0x640 [ 667.651434][T14581] ? fs_reclaim_acquire+0xae/0x150 [ 667.651485][T14581] should_failslab+0xc2/0x120 [ 667.651520][T14581] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 667.651554][T14581] ? inode_set_ctime_current+0x2a1/0x8f0 [ 667.651589][T14581] ? jbd2__journal_start+0x193/0x6a0 [ 667.651634][T14581] jbd2__journal_start+0x193/0x6a0 [ 667.651679][T14581] __ext4_journal_start_sb+0x195/0x690 [ 667.651743][T14581] ? ext4_dirty_inode+0xa1/0x130 [ 667.651780][T14581] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 667.651815][T14581] ext4_dirty_inode+0xa1/0x130 [ 667.651849][T14581] ? rcu_is_watching+0x12/0xc0 [ 667.651884][T14581] __mark_inode_dirty+0x1eb/0xe50 [ 667.651932][T14581] generic_update_time+0xcf/0xf0 [ 667.651971][T14581] file_modified+0x207/0x240 [ 667.652011][T14581] ext4_fallocate+0x176/0x3720 [ 667.652063][T14581] ? __pfx_ext4_fallocate+0x10/0x10 [ 667.652099][T14581] vfs_fallocate+0x608/0x10c0 [ 667.652139][T14581] ? __pfx_vfs_fallocate+0x10/0x10 [ 667.652173][T14581] ? madvise_vma_behavior+0x222c/0x2420 [ 667.652214][T14581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 667.652273][T14581] madvise_vma_behavior+0x21ca/0x2420 [ 667.652322][T14581] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 667.652366][T14581] ? __pfx_mas_prev+0x10/0x10 [ 667.652412][T14581] ? find_vma_prev+0xda/0x160 [ 667.652457][T14581] ? __pfx_find_vma_prev+0x10/0x10 [ 667.652527][T14581] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 667.652569][T14581] madvise_walk_vmas+0x1ce/0x2c0 [ 667.652612][T14581] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 667.652664][T14581] madvise_do_behavior+0x15d/0x3f0 [ 667.652722][T14581] ? __pfx_madvise_do_behavior+0x10/0x10 [ 667.652793][T14581] do_madvise+0x161/0x230 [ 667.652836][T14581] ? __pfx_do_madvise+0x10/0x10 [ 667.652900][T14581] ? xfd_validate_state+0x61/0x180 [ 667.652955][T14581] __x64_sys_madvise+0xa9/0x110 [ 667.652997][T14581] ? lockdep_hardirqs_on+0x7c/0x110 [ 667.653029][T14581] do_syscall_64+0xcd/0x490 [ 667.653066][T14581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.653100][T14581] RIP: 0033:0x7fdc2bf8e9a9 [ 667.653127][T14581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.653158][T14581] RSP: 002b:00007fdc2cec2038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 667.653190][T14581] RAX: ffffffffffffffda RBX: 00007fdc2c1b5fa0 RCX: 00007fdc2bf8e9a9 [ 667.653210][T14581] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 667.653230][T14581] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 667.653249][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.653268][T14581] R13: 0000000000000000 R14: 00007fdc2c1b5fa0 R15: 00007fff4f9c9bd8 [ 667.653309][T14581] [ 670.375110][T14578] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 671.085182][T14609] netlink: 'syz.2.1965': attribute type 1 has an invalid length. [ 672.689734][T14603] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 673.606061][T14649] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[14649] [ 673.735847][T14651] ubi0: attaching mtd0 [ 673.740253][T14651] ubi0 error: ubi_attach_mtd_dev: bad VID header (536870975) or data offsets (536871039) [ 675.191631][T14679] random: crng reseeded on system resumption [ 675.201609][T14679] FAULT_INJECTION: forcing a failure. [ 675.201609][T14679] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 675.231268][T14679] CPU: 0 UID: 0 PID: 14679 Comm: syz.3.1984 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 675.231307][T14679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 675.231326][T14679] Call Trace: [ 675.231334][T14679] [ 675.231344][T14679] dump_stack_lvl+0x16c/0x1f0 [ 675.231378][T14679] should_fail_ex+0x512/0x640 [ 675.231410][T14679] should_fail_alloc_page+0xe7/0x130 [ 675.231445][T14679] prepare_alloc_pages+0x3c2/0x610 [ 675.231482][T14679] ? __kernel_text_address+0xd/0x40 [ 675.231531][T14679] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 675.231571][T14679] ? stack_trace_save+0x8e/0xc0 [ 675.231602][T14679] ? __pfx_stack_trace_save+0x10/0x10 [ 675.231632][T14679] ? stack_depot_save_flags+0x28/0xa40 [ 675.231661][T14679] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 675.231695][T14679] ? kasan_save_stack+0x42/0x60 [ 675.231719][T14679] ? kasan_save_stack+0x33/0x60 [ 675.231747][T14679] ? misc_open+0x35a/0x420 [ 675.231796][T14679] ? chrdev_open+0x231/0x6a0 [ 675.231823][T14679] ? do_dentry_open+0x744/0x1c10 [ 675.231849][T14679] ? vfs_open+0x82/0x3f0 [ 675.231879][T14679] ? path_openat+0x1de4/0x2cb0 [ 675.231901][T14679] ? do_filp_open+0x20b/0x470 [ 675.231924][T14679] ? do_sys_openat2+0x11b/0x1d0 [ 675.231968][T14679] ? __x64_sys_openat+0x174/0x210 [ 675.232004][T14679] ? do_syscall_64+0xcd/0x490 [ 675.232033][T14679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.232062][T14679] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.232109][T14679] ? policy_nodemask+0xea/0x4e0 [ 675.232143][T14679] alloc_pages_mpol+0x1fb/0x550 [ 675.232178][T14679] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 675.232221][T14679] alloc_pages_noprof+0x131/0x390 [ 675.232255][T14679] get_zeroed_page_noprof+0x18/0xb0 [ 675.232293][T14679] get_image_page+0x18/0x190 [ 675.232322][T14679] chain_alloc+0x8c/0xd0 [ 675.232352][T14679] memory_bm_create+0x30f/0x810 [ 675.232396][T14679] create_basic_memory_bitmaps+0xbd/0x320 [ 675.232435][T14679] snapshot_open+0x235/0x2b0 [ 675.232468][T14679] ? __pfx_snapshot_open+0x10/0x10 [ 675.232504][T14679] misc_open+0x35a/0x420 [ 675.232547][T14679] ? __pfx_misc_open+0x10/0x10 [ 675.232588][T14679] chrdev_open+0x231/0x6a0 [ 675.232617][T14679] ? __pfx_apparmor_file_open+0x10/0x10 [ 675.232659][T14679] ? __pfx_chrdev_open+0x10/0x10 [ 675.232692][T14679] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 675.232743][T14679] do_dentry_open+0x744/0x1c10 [ 675.232791][T14679] ? __pfx_chrdev_open+0x10/0x10 [ 675.232825][T14679] vfs_open+0x82/0x3f0 [ 675.232862][T14679] path_openat+0x1de4/0x2cb0 [ 675.232896][T14679] ? __pfx_path_openat+0x10/0x10 [ 675.232923][T14679] ? __lock_acquire+0xb8a/0x1c90 [ 675.232960][T14679] do_filp_open+0x20b/0x470 [ 675.232986][T14679] ? __pfx_do_filp_open+0x10/0x10 [ 675.233036][T14679] ? alloc_fd+0x471/0x7d0 [ 675.233090][T14679] do_sys_openat2+0x11b/0x1d0 [ 675.233126][T14679] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.233178][T14679] __x64_sys_openat+0x174/0x210 [ 675.233215][T14679] ? __pfx___x64_sys_openat+0x10/0x10 [ 675.233268][T14679] do_syscall_64+0xcd/0x490 [ 675.233299][T14679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.233327][T14679] RIP: 0033:0x7f186518e9a9 [ 675.233349][T14679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.233376][T14679] RSP: 002b:00007f1862ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 675.233402][T14679] RAX: ffffffffffffffda RBX: 00007f18653b5fa0 RCX: 00007f186518e9a9 [ 675.233421][T14679] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 675.233439][T14679] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 675.233455][T14679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.233472][T14679] R13: 0000000000000000 R14: 00007f18653b5fa0 R15: 00007ffe15bf91b8 [ 675.233508][T14679] [ 675.616258][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.960588][T14678] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 675.966890][T14678] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 675.973191][T14678] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 675.979362][T14678] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 676.156524][T14693] FAULT_INJECTION: forcing a failure. [ 676.156524][T14693] name fail_futex, interval 1, probability 0, space 0, times 0 [ 676.167421][T14691] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input112 [ 676.213921][T14693] CPU: 0 UID: 0 PID: 14693 Comm: syz.0.1990 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 676.213973][T14693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 676.213993][T14693] Call Trace: [ 676.214005][T14693] [ 676.214017][T14693] dump_stack_lvl+0x16c/0x1f0 [ 676.214056][T14693] should_fail_ex+0x512/0x640 [ 676.214096][T14693] get_futex_key+0x1d0/0x1540 [ 676.214140][T14693] ? __pfx_get_futex_key+0x10/0x10 [ 676.214179][T14693] ? psi_group_change+0x6dc/0xd20 [ 676.214233][T14693] futex_wait_setup+0x84/0x510 [ 676.214289][T14693] __futex_wait+0x194/0x2f0 [ 676.214337][T14693] ? __pfx___futex_wait+0x10/0x10 [ 676.214381][T14693] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 676.214439][T14693] ? __pfx_futex_wake_mark+0x10/0x10 [ 676.214491][T14693] ? plist_check_head+0xa3/0x150 [ 676.214533][T14693] ? find_held_lock+0x2b/0x80 [ 676.214579][T14693] futex_wait+0xe8/0x380 [ 676.214625][T14693] ? __pfx_futex_wait+0x10/0x10 [ 676.214681][T14693] ? kmem_cache_free+0x2d1/0x4d0 [ 676.214710][T14693] ? fd_install+0x225/0x750 [ 676.214757][T14693] ? putname+0x154/0x1a0 [ 676.214802][T14693] do_futex+0x229/0x350 [ 676.214841][T14693] ? __pfx_do_futex+0x10/0x10 [ 676.214892][T14693] __x64_sys_futex+0x1e0/0x4c0 [ 676.214935][T14693] ? __x64_sys_openat+0x174/0x210 [ 676.214985][T14693] ? __pfx___x64_sys_futex+0x10/0x10 [ 676.215043][T14693] do_syscall_64+0xcd/0x490 [ 676.215079][T14693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.215112][T14693] RIP: 0033:0x7fdc2bf8e9a9 [ 676.215137][T14693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.215170][T14693] RSP: 002b:00007fdc2cec20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 676.215200][T14693] RAX: ffffffffffffffda RBX: 00007fdc2c1b5fa8 RCX: 00007fdc2bf8e9a9 [ 676.215223][T14693] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdc2c1b5fa8 [ 676.215243][T14693] RBP: 00007fdc2c1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 676.215263][T14693] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdc2c1b5fac [ 676.215284][T14693] R13: 0000000000000000 R14: 00007fff4f9c9af0 R15: 00007fff4f9c9bd8 [ 676.215326][T14693] [ 676.437816][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.750194][T14579] Bluetooth: hci0: command 0x0c1a tx timeout [ 677.989651][T14579] Bluetooth: hci3: command 0x0c1a tx timeout [ 677.995920][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 678.002229][ T5864] Bluetooth: hci2: command 0x0c1a tx timeout [ 678.329640][ T5864] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 678.616218][T14579] Bluetooth: hci2: Malformed Event: 0x02 [ 678.705266][T14746] FAULT_INJECTION: forcing a failure. [ 678.705266][T14746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 678.724414][T14746] CPU: 1 UID: 0 PID: 14746 Comm: syz.0.2000 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 678.724457][T14746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 678.724478][T14746] Call Trace: [ 678.724488][T14746] [ 678.724501][T14746] dump_stack_lvl+0x16c/0x1f0 [ 678.724540][T14746] should_fail_ex+0x512/0x640 [ 678.724580][T14746] should_fail_alloc_page+0xe7/0x130 [ 678.724624][T14746] prepare_alloc_pages+0x3c2/0x610 [ 678.724679][T14746] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 678.724734][T14746] ? find_held_lock+0x2b/0x80 [ 678.724772][T14746] ? is_bpf_text_address+0x8a/0x1a0 [ 678.724819][T14746] ? bpf_ksym_find+0x124/0x1c0 [ 678.724858][T14746] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 678.724892][T14746] ? is_bpf_text_address+0x94/0x1a0 [ 678.724942][T14746] ? __kernel_text_address+0xd/0x40 [ 678.724996][T14746] ? unwind_get_return_address+0x59/0xa0 [ 678.725067][T14746] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 678.725122][T14746] ? policy_nodemask+0xea/0x4e0 [ 678.725165][T14746] alloc_pages_mpol+0x1fb/0x550 [ 678.725205][T14746] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 678.725241][T14746] ? kasan_save_stack+0x33/0x60 [ 678.725274][T14746] ? __kasan_kmalloc+0xaa/0xb0 [ 678.725303][T14746] ? __get_vm_area_node+0x101/0x330 [ 678.725358][T14746] alloc_pages_noprof+0x131/0x390 [ 678.725400][T14746] get_free_pages_noprof+0x10/0xb0 [ 678.725442][T14746] kasan_populate_vmalloc+0x89/0x1f0 [ 678.725505][T14746] alloc_vmap_area+0x959/0x29c0 [ 678.725569][T14746] ? __pfx_alloc_vmap_area+0x10/0x10 [ 678.725623][T14746] __get_vm_area_node+0x1ca/0x330 [ 678.725678][T14746] __vmalloc_node_range_noprof+0x271/0x14b0 [ 678.725737][T14746] ? n_tty_open+0x1a/0x170 [ 678.725781][T14746] ? do_raw_spin_unlock+0x172/0x230 [ 678.725846][T14746] ? n_tty_open+0x1a/0x170 [ 678.725901][T14746] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 678.725951][T14746] ? console_unlock+0x184/0x210 [ 678.725984][T14746] ? __pfx_console_unlock+0x10/0x10 [ 678.726021][T14746] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 678.726072][T14746] ? n_tty_open+0x1a/0x170 [ 678.726113][T14746] __vmalloc_node_noprof+0xad/0xf0 [ 678.726161][T14746] ? n_tty_open+0x1a/0x170 [ 678.726204][T14746] ? __pfx_n_tty_open+0x10/0x10 [ 678.726251][T14746] n_tty_open+0x1a/0x170 [ 678.726292][T14746] ? __pfx_n_tty_open+0x10/0x10 [ 678.726335][T14746] tty_ldisc_open+0x9c/0x120 [ 678.726366][T14746] tty_ldisc_setup+0x40/0x100 [ 678.726401][T14746] tty_init_dev.part.0+0x1ec/0x500 [ 678.726445][T14746] tty_open+0xa50/0xf90 [ 678.726492][T14746] ? __pfx_tty_open+0x10/0x10 [ 678.726533][T14746] ? chrdev_open+0x10b/0x6a0 [ 678.726574][T14746] ? __pfx_tty_open+0x10/0x10 [ 678.726613][T14746] chrdev_open+0x231/0x6a0 [ 678.726647][T14746] ? __pfx_apparmor_file_open+0x10/0x10 [ 678.726699][T14746] ? __pfx_chrdev_open+0x10/0x10 [ 678.726745][T14746] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 678.726806][T14746] do_dentry_open+0x744/0x1c10 [ 678.726841][T14746] ? __pfx_chrdev_open+0x10/0x10 [ 678.726887][T14746] vfs_open+0x82/0x3f0 [ 678.726934][T14746] path_openat+0x1de4/0x2cb0 [ 678.726982][T14746] ? __pfx_path_openat+0x10/0x10 [ 678.727016][T14746] ? __lock_acquire+0xb8a/0x1c90 [ 678.727068][T14746] do_filp_open+0x20b/0x470 [ 678.727102][T14746] ? __pfx_do_filp_open+0x10/0x10 [ 678.727168][T14746] ? alloc_fd+0x471/0x7d0 [ 678.727233][T14746] do_sys_openat2+0x11b/0x1d0 [ 678.727279][T14746] ? __pfx_do_sys_openat2+0x10/0x10 [ 678.727342][T14746] __x64_sys_openat+0x174/0x210 [ 678.727387][T14746] ? __pfx___x64_sys_openat+0x10/0x10 [ 678.727453][T14746] do_syscall_64+0xcd/0x490 [ 678.727492][T14746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.727526][T14746] RIP: 0033:0x7fdc2bf8e9a9 [ 678.727551][T14746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.727583][T14746] RSP: 002b:00007fdc2ce80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 678.727613][T14746] RAX: ffffffffffffffda RBX: 00007fdc2c1b6160 RCX: 00007fdc2bf8e9a9 [ 678.727635][T14746] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 678.727656][T14746] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 678.727675][T14746] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 678.727694][T14746] R13: 0000000000000000 R14: 00007fdc2c1b6160 R15: 00007fff4f9c9bd8 [ 678.727745][T14746] [ 678.727804][T14746] syz.0.2000: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 679.190087][T14746] CPU: 1 UID: 0 PID: 14746 Comm: syz.0.2000 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 679.190129][T14746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 679.190148][T14746] Call Trace: [ 679.190158][T14746] [ 679.190170][T14746] dump_stack_lvl+0x16c/0x1f0 [ 679.190207][T14746] warn_alloc+0x248/0x3a0 [ 679.190241][T14746] ? __pfx_warn_alloc+0x10/0x10 [ 679.190278][T14746] ? kfree+0x2b4/0x4d0 [ 679.190334][T14746] ? __get_vm_area_node+0x208/0x330 [ 679.190390][T14746] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 679.190440][T14746] ? do_raw_spin_unlock+0x172/0x230 [ 679.190517][T14746] ? n_tty_open+0x1a/0x170 [ 679.190574][T14746] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 679.190623][T14746] ? console_unlock+0x184/0x210 [ 679.190656][T14746] ? __pfx_console_unlock+0x10/0x10 [ 679.190692][T14746] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 679.190744][T14746] ? n_tty_open+0x1a/0x170 [ 679.190785][T14746] __vmalloc_node_noprof+0xad/0xf0 [ 679.190842][T14746] ? n_tty_open+0x1a/0x170 [ 679.190896][T14746] ? __pfx_n_tty_open+0x10/0x10 [ 679.190948][T14746] n_tty_open+0x1a/0x170 [ 679.190984][T14746] ? __pfx_n_tty_open+0x10/0x10 [ 679.191021][T14746] tty_ldisc_open+0x9c/0x120 [ 679.191050][T14746] tty_ldisc_setup+0x40/0x100 [ 679.191081][T14746] tty_init_dev.part.0+0x1ec/0x500 [ 679.191122][T14746] tty_open+0xa50/0xf90 [ 679.191163][T14746] ? __pfx_tty_open+0x10/0x10 [ 679.191200][T14746] ? chrdev_open+0x10b/0x6a0 [ 679.191237][T14746] ? __pfx_tty_open+0x10/0x10 [ 679.191271][T14746] chrdev_open+0x231/0x6a0 [ 679.191302][T14746] ? __pfx_apparmor_file_open+0x10/0x10 [ 679.191348][T14746] ? __pfx_chrdev_open+0x10/0x10 [ 679.191383][T14746] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 679.191431][T14746] do_dentry_open+0x744/0x1c10 [ 679.191466][T14746] ? __pfx_chrdev_open+0x10/0x10 [ 679.191503][T14746] vfs_open+0x82/0x3f0 [ 679.191545][T14746] path_openat+0x1de4/0x2cb0 [ 679.191589][T14746] ? __pfx_path_openat+0x10/0x10 [ 679.191620][T14746] ? __lock_acquire+0xb8a/0x1c90 [ 679.191665][T14746] do_filp_open+0x20b/0x470 [ 679.191694][T14746] ? __pfx_do_filp_open+0x10/0x10 [ 679.191754][T14746] ? alloc_fd+0x471/0x7d0 [ 679.191812][T14746] do_sys_openat2+0x11b/0x1d0 [ 679.191850][T14746] ? __pfx_do_sys_openat2+0x10/0x10 [ 679.191905][T14746] __x64_sys_openat+0x174/0x210 [ 679.191946][T14746] ? __pfx___x64_sys_openat+0x10/0x10 [ 679.192003][T14746] do_syscall_64+0xcd/0x490 [ 679.192038][T14746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.192068][T14746] RIP: 0033:0x7fdc2bf8e9a9 [ 679.192092][T14746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 679.192122][T14746] RSP: 002b:00007fdc2ce80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 679.192150][T14746] RAX: ffffffffffffffda RBX: 00007fdc2c1b6160 RCX: 00007fdc2bf8e9a9 [ 679.192169][T14746] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 679.192189][T14746] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 679.192208][T14746] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 679.192226][T14746] R13: 0000000000000000 R14: 00007fdc2c1b6160 R15: 00007fff4f9c9bd8 [ 679.192267][T14746] [ 679.192367][T14746] Mem-Info: [ 679.529626][T14746] active_anon:3653 inactive_anon:8325 isolated_anon:0 [ 679.529626][T14746] active_file:18957 inactive_file:38038 isolated_file:0 [ 679.529626][T14746] unevictable:768 dirty:285 writeback:0 [ 679.529626][T14746] slab_reclaimable:11605 slab_unreclaimable:95810 [ 679.529626][T14746] mapped:27087 shmem:1368 pagetables:1210 [ 679.529626][T14746] sec_pagetables:0 bounce:0 [ 679.529626][T14746] kernel_misc_reclaimable:0 [ 679.529626][T14746] free:1313729 free_pcp:13642 free_cma:0 [ 679.617157][T14746] Node 0 active_anon:14612kB inactive_anon:31200kB active_file:75732kB inactive_file:152020kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:108336kB dirty:1240kB writeback:0kB shmem:3936kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12368kB pagetables:4700kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 679.718477][T14746] Node 1 active_anon:0kB inactive_anon:0kB active_file:96kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 679.774920][T14746] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 679.831714][T14746] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 679.846969][T14746] Node 0 DMA32 free:1339988kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14568kB inactive_anon:33300kB active_file:74572kB inactive_file:151948kB unevictable:1536kB writepending:1340kB present:3129332kB managed:2540456kB mlocked:0kB bounce:0kB free_pcp:43572kB local_pcp:19372kB free_cma:0kB [ 679.899284][T14746] lowmem_reserve[]: 0 0 1 1 1 [ 679.924522][T14746] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1260kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 679.970342][T14746] lowmem_reserve[]: 0 0 0 0 0 [ 679.978106][T14746] Node 1 Normal free:3903664kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:96kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10008kB local_pcp:0kB free_cma:0kB [ 680.016509][T14746] lowmem_reserve[]: 0 0 0 0 0 [ 680.025104][T14746] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 680.043081][T14746] Node 0 DMA32: 1515*4kB (UME) 1953*8kB (UME) 1334*16kB (UM) 799*32kB (UM) 400*64kB (UME) 204*128kB (UME) 116*256kB (UM) 62*512kB (UM) 47*1024kB (UME) 6*2048kB (UM) 268*4096kB (UM) = 1339892kB [ 680.068405][T14746] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 680.083793][T14746] Node 1 Normal: 209*4kB (UME) 58*8kB (UME) 45*16kB (UME) 258*32kB (UME) 99*64kB (UME) 32*128kB (UME) 12*256kB (UME) 4*512kB (UME) 3*1024kB (ME) 2*2048kB (U) 945*4096kB (M) = 3903716kB [ 680.103415][T14746] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 680.113721][T14746] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 680.138409][T14746] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 680.148608][T14746] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 680.182667][T14746] 58396 total pagecache pages [ 680.187575][T14746] 4 pages in swap cache [ 680.281131][T14746] Free swap = 124836kB [ 680.300631][T14746] Total swap = 124996kB [ 680.314899][T14746] 2097051 pages RAM [ 680.318941][T14746] 0 pages HighMem/MovableOnly [ 680.325584][T14746] 429959 pages reserved [ 680.329980][T14746] 0 pages cma reserved [ 680.334098][T14746] tty tty26: ldisc open failed (-12), clearing slot 25 [ 683.849901][T14815] FAULT_INJECTION: forcing a failure. [ 683.849901][T14815] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 683.863238][T14815] CPU: 0 UID: 0 PID: 14815 Comm: syz.3.2019 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 683.863278][T14815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 683.863297][T14815] Call Trace: [ 683.863307][T14815] [ 683.863319][T14815] dump_stack_lvl+0x16c/0x1f0 [ 683.863358][T14815] should_fail_ex+0x512/0x640 [ 683.863398][T14815] should_fail_alloc_page+0xe7/0x130 [ 683.863442][T14815] prepare_alloc_pages+0x3c2/0x610 [ 683.863496][T14815] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 683.863542][T14815] ? find_held_lock+0x2b/0x80 [ 683.863580][T14815] ? is_bpf_text_address+0x8a/0x1a0 [ 683.863626][T14815] ? bpf_ksym_find+0x124/0x1c0 [ 683.863664][T14815] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 683.863698][T14815] ? is_bpf_text_address+0x94/0x1a0 [ 683.863748][T14815] ? __kernel_text_address+0xd/0x40 [ 683.863801][T14815] ? unwind_get_return_address+0x59/0xa0 [ 683.863875][T14815] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 683.863929][T14815] ? policy_nodemask+0xea/0x4e0 [ 683.863973][T14815] alloc_pages_mpol+0x1fb/0x550 [ 683.864022][T14815] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 683.864059][T14815] ? kasan_save_stack+0x33/0x60 [ 683.864092][T14815] ? __kasan_kmalloc+0xaa/0xb0 [ 683.864121][T14815] ? __get_vm_area_node+0x101/0x330 [ 683.864175][T14815] alloc_pages_noprof+0x131/0x390 [ 683.864217][T14815] get_free_pages_noprof+0x10/0xb0 [ 683.864259][T14815] kasan_populate_vmalloc+0x89/0x1f0 [ 683.864323][T14815] alloc_vmap_area+0x959/0x29c0 [ 683.864385][T14815] ? __pfx_alloc_vmap_area+0x10/0x10 [ 683.864443][T14815] __get_vm_area_node+0x1ca/0x330 [ 683.864499][T14815] __vmalloc_node_range_noprof+0x271/0x14b0 [ 683.864553][T14815] ? n_tty_open+0x1a/0x170 [ 683.864595][T14815] ? do_raw_spin_unlock+0x172/0x230 [ 683.864659][T14815] ? n_tty_open+0x1a/0x170 [ 683.864715][T14815] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 683.864765][T14815] ? console_unlock+0x184/0x210 [ 683.864797][T14815] ? __pfx_console_unlock+0x10/0x10 [ 683.864833][T14815] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 683.864885][T14815] ? n_tty_open+0x1a/0x170 [ 683.864927][T14815] __vmalloc_node_noprof+0xad/0xf0 [ 683.864977][T14815] ? n_tty_open+0x1a/0x170 [ 683.865027][T14815] ? __pfx_n_tty_open+0x10/0x10 [ 683.865073][T14815] n_tty_open+0x1a/0x170 [ 683.865115][T14815] ? __pfx_n_tty_open+0x10/0x10 [ 683.865157][T14815] tty_ldisc_open+0x9c/0x120 [ 683.865190][T14815] tty_ldisc_setup+0x40/0x100 [ 683.865226][T14815] tty_init_dev.part.0+0x1ec/0x500 [ 683.865271][T14815] tty_open+0xa50/0xf90 [ 683.865321][T14815] ? __pfx_tty_open+0x10/0x10 [ 683.865361][T14815] ? chrdev_open+0x10b/0x6a0 [ 683.865404][T14815] ? __pfx_tty_open+0x10/0x10 [ 683.865444][T14815] chrdev_open+0x231/0x6a0 [ 683.865479][T14815] ? __pfx_apparmor_file_open+0x10/0x10 [ 683.865530][T14815] ? __pfx_chrdev_open+0x10/0x10 [ 683.865570][T14815] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 683.865630][T14815] do_dentry_open+0x744/0x1c10 [ 683.865666][T14815] ? __pfx_chrdev_open+0x10/0x10 [ 683.865711][T14815] vfs_open+0x82/0x3f0 [ 683.865761][T14815] path_openat+0x1de4/0x2cb0 [ 683.865809][T14815] ? __pfx_path_openat+0x10/0x10 [ 683.865845][T14815] ? __lock_acquire+0xb8a/0x1c90 [ 683.865896][T14815] do_filp_open+0x20b/0x470 [ 683.865930][T14815] ? __pfx_do_filp_open+0x10/0x10 [ 683.865997][T14815] ? alloc_fd+0x471/0x7d0 [ 683.866069][T14815] do_sys_openat2+0x11b/0x1d0 [ 683.866114][T14815] ? __pfx_do_sys_openat2+0x10/0x10 [ 683.866178][T14815] __x64_sys_openat+0x174/0x210 [ 683.866224][T14815] ? __pfx___x64_sys_openat+0x10/0x10 [ 683.866291][T14815] do_syscall_64+0xcd/0x490 [ 683.866329][T14815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.866363][T14815] RIP: 0033:0x7f186518e9a9 [ 683.866390][T14815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 683.866422][T14815] RSP: 002b:00007f1862fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 683.866452][T14815] RAX: ffffffffffffffda RBX: 00007f18653b6160 RCX: 00007f186518e9a9 [ 683.866473][T14815] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 683.866493][T14815] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 683.866512][T14815] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 683.866531][T14815] R13: 0000000000000000 R14: 00007f18653b6160 R15: 00007ffe15bf91b8 [ 683.866574][T14815] [ 683.866623][T14815] tty tty26: ldisc open failed (-12), clearing slot 25 [ 686.265248][T14857] random: crng reseeded on system resumption [ 687.088571][T14862] random: crng reseeded on system resumption [ 687.223548][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2026'. [ 689.036705][T14898] random: crng reseeded on system resumption [ 689.579269][T14886] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 691.055602][T14888] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 693.090710][T14942] random: crng reseeded on system resumption [ 695.227611][T14956] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 696.074051][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.080541][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 698.079587][T14579] Bluetooth: hci0: command 0x0c1a tx timeout [ 698.079611][T14993] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 698.489983][T15019] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 698.525290][T14993] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 698.532027][T14993] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 698.538213][T14993] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 698.547014][T14993] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 700.172283][T14579] Bluetooth: hci1: command 0x0c1a tx timeout [ 700.556039][T14579] Bluetooth: hci3: command 0x0c1a tx timeout [ 700.556082][ T5864] Bluetooth: hci2: command 0x0c1a tx timeout [ 701.470800][T15078] binder: 15077:15078 ioctl c0306201 2000000000c0 returned -14 [ 701.688744][T15083] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2084'. [ 701.898005][T15058] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 702.013443][T15086] netlink: 'syz.2.2085': attribute type 1 has an invalid length. [ 702.639576][ T5864] Bluetooth: hci3: command 0x0c1a tx timeout [ 703.509681][T15074] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 703.516059][ T5864] Bluetooth: hci0: command 0x0c1a tx timeout [ 703.712823][T15106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2090'. [ 704.222280][T15074] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 704.228455][T15074] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 704.245427][T15074] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 705.599482][ T5864] Bluetooth: hci1: command 0x0c1a tx timeout [ 705.716159][T15113] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[15113] [ 706.229603][ T5864] Bluetooth: hci2: command 0x0c1a tx timeout [ 706.313516][ T5864] Bluetooth: hci3: command 0x0c1a tx timeout [ 708.783500][T15139] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 709.550842][T15187] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input119 [ 710.420814][T15203] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[15203] [ 713.055460][ T30] audit: type=1800 audit(6048131689.998:13): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2114" name="dbroot" dev="configfs" ino=53320 res=0 errno=0 [ 713.123015][T15234] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 713.847682][T15267] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 716.340139][T15300] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2122'. [ 717.915526][T15324] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2128'. [ 717.977653][T15324] openvswitch: HfR: Dropping previously announced user features [ 718.581722][T15327] random: crng reseeded on system resumption [ 719.325696][T15315] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 720.625637][T15352] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2135'. [ 720.766494][T15314] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 723.448385][T15349] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 726.110675][T15431] FAULT_INJECTION: forcing a failure. [ 726.110675][T15431] name failslab, interval 1, probability 0, space 0, times 0 [ 726.126117][T15431] CPU: 1 UID: 0 PID: 15431 Comm: syz.3.2148 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 726.126160][T15431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.126179][T15431] Call Trace: [ 726.126189][T15431] [ 726.126202][T15431] dump_stack_lvl+0x16c/0x1f0 [ 726.126242][T15431] should_fail_ex+0x512/0x640 [ 726.126283][T15431] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 726.126324][T15431] should_failslab+0xc2/0x120 [ 726.126364][T15431] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 726.126398][T15431] ? __pfx___might_resched+0x10/0x10 [ 726.126435][T15431] ? alloc_vmap_area+0x645/0x29c0 [ 726.126485][T15431] alloc_vmap_area+0x645/0x29c0 [ 726.126549][T15431] ? __pfx_alloc_vmap_area+0x10/0x10 [ 726.126607][T15431] __get_vm_area_node+0x1ca/0x330 [ 726.126663][T15431] __vmalloc_node_range_noprof+0x271/0x14b0 [ 726.126716][T15431] ? n_tty_open+0x1a/0x170 [ 726.126759][T15431] ? do_raw_spin_unlock+0x172/0x230 [ 726.126825][T15431] ? n_tty_open+0x1a/0x170 [ 726.126880][T15431] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 726.126929][T15431] ? console_unlock+0x184/0x210 [ 726.126963][T15431] ? __pfx_console_unlock+0x10/0x10 [ 726.127001][T15431] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 726.127054][T15431] ? n_tty_open+0x1a/0x170 [ 726.127096][T15431] __vmalloc_node_noprof+0xad/0xf0 [ 726.127144][T15431] ? n_tty_open+0x1a/0x170 [ 726.127186][T15431] ? __pfx_n_tty_open+0x10/0x10 [ 726.127232][T15431] n_tty_open+0x1a/0x170 [ 726.127283][T15431] ? __pfx_n_tty_open+0x10/0x10 [ 726.127340][T15431] tty_ldisc_open+0x9c/0x120 [ 726.127371][T15431] tty_ldisc_setup+0x40/0x100 [ 726.127406][T15431] tty_init_dev.part.0+0x1ec/0x500 [ 726.127470][T15431] tty_open+0xa50/0xf90 [ 726.127521][T15431] ? __pfx_tty_open+0x10/0x10 [ 726.127562][T15431] ? chrdev_open+0x10b/0x6a0 [ 726.127604][T15431] ? __pfx_tty_open+0x10/0x10 [ 726.127645][T15431] chrdev_open+0x231/0x6a0 [ 726.127680][T15431] ? __pfx_apparmor_file_open+0x10/0x10 [ 726.127732][T15431] ? __pfx_chrdev_open+0x10/0x10 [ 726.127773][T15431] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 726.127835][T15431] do_dentry_open+0x744/0x1c10 [ 726.127871][T15431] ? __pfx_chrdev_open+0x10/0x10 [ 726.127918][T15431] vfs_open+0x82/0x3f0 [ 726.127967][T15431] path_openat+0x1de4/0x2cb0 [ 726.128015][T15431] ? __pfx_path_openat+0x10/0x10 [ 726.128051][T15431] ? __lock_acquire+0xb8a/0x1c90 [ 726.128103][T15431] do_filp_open+0x20b/0x470 [ 726.128137][T15431] ? __pfx_do_filp_open+0x10/0x10 [ 726.128204][T15431] ? alloc_fd+0x471/0x7d0 [ 726.128274][T15431] do_sys_openat2+0x11b/0x1d0 [ 726.128319][T15431] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.128385][T15431] __x64_sys_openat+0x174/0x210 [ 726.128441][T15431] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.128506][T15431] do_syscall_64+0xcd/0x490 [ 726.128545][T15431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.128577][T15431] RIP: 0033:0x7f186518e9a9 [ 726.128603][T15431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.128634][T15431] RSP: 002b:00007f1862fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 726.128663][T15431] RAX: ffffffffffffffda RBX: 00007f18653b6160 RCX: 00007f186518e9a9 [ 726.128683][T15431] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 726.128703][T15431] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 726.128721][T15431] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 726.128740][T15431] R13: 0000000000000000 R14: 00007f18653b6160 R15: 00007ffe15bf91b8 [ 726.128781][T15431] [ 726.128819][T15431] warn_alloc: 1 callbacks suppressed [ 726.128835][T15431] syz.3.2148: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 726.663659][T15431] CPU: 0 UID: 0 PID: 15431 Comm: syz.3.2148 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 726.663702][T15431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 726.663718][T15431] Call Trace: [ 726.663726][T15431] [ 726.663737][T15431] dump_stack_lvl+0x16c/0x1f0 [ 726.663772][T15431] warn_alloc+0x248/0x3a0 [ 726.663803][T15431] ? __pfx_warn_alloc+0x10/0x10 [ 726.663836][T15431] ? kfree+0x2b4/0x4d0 [ 726.663912][T15431] ? __get_vm_area_node+0x208/0x330 [ 726.663967][T15431] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 726.664017][T15431] ? do_raw_spin_unlock+0x172/0x230 [ 726.664077][T15431] ? n_tty_open+0x1a/0x170 [ 726.664129][T15431] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 726.664177][T15431] ? console_unlock+0x184/0x210 [ 726.664219][T15431] ? __pfx_console_unlock+0x10/0x10 [ 726.664254][T15431] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 726.664305][T15431] ? n_tty_open+0x1a/0x170 [ 726.664344][T15431] __vmalloc_node_noprof+0xad/0xf0 [ 726.664388][T15431] ? n_tty_open+0x1a/0x170 [ 726.664429][T15431] ? __pfx_n_tty_open+0x10/0x10 [ 726.664473][T15431] n_tty_open+0x1a/0x170 [ 726.664515][T15431] ? __pfx_n_tty_open+0x10/0x10 [ 726.664557][T15431] tty_ldisc_open+0x9c/0x120 [ 726.664589][T15431] tty_ldisc_setup+0x40/0x100 [ 726.664622][T15431] tty_init_dev.part.0+0x1ec/0x500 [ 726.664665][T15431] tty_open+0xa50/0xf90 [ 726.664713][T15431] ? __pfx_tty_open+0x10/0x10 [ 726.664752][T15431] ? chrdev_open+0x10b/0x6a0 [ 726.664792][T15431] ? __pfx_tty_open+0x10/0x10 [ 726.664832][T15431] chrdev_open+0x231/0x6a0 [ 726.664866][T15431] ? __pfx_apparmor_file_open+0x10/0x10 [ 726.664916][T15431] ? __pfx_chrdev_open+0x10/0x10 [ 726.664955][T15431] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 726.665014][T15431] do_dentry_open+0x744/0x1c10 [ 726.665050][T15431] ? __pfx_chrdev_open+0x10/0x10 [ 726.665095][T15431] vfs_open+0x82/0x3f0 [ 726.665142][T15431] path_openat+0x1de4/0x2cb0 [ 726.665200][T15431] ? __pfx_path_openat+0x10/0x10 [ 726.665248][T15431] ? __lock_acquire+0xb8a/0x1c90 [ 726.665313][T15431] do_filp_open+0x20b/0x470 [ 726.665344][T15431] ? __pfx_do_filp_open+0x10/0x10 [ 726.665403][T15431] ? alloc_fd+0x471/0x7d0 [ 726.665468][T15431] do_sys_openat2+0x11b/0x1d0 [ 726.665512][T15431] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.665572][T15431] __x64_sys_openat+0x174/0x210 [ 726.665619][T15431] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.665682][T15431] do_syscall_64+0xcd/0x490 [ 726.665720][T15431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.665752][T15431] RIP: 0033:0x7f186518e9a9 [ 726.665777][T15431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.665808][T15431] RSP: 002b:00007f1862fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 726.665838][T15431] RAX: ffffffffffffffda RBX: 00007f18653b6160 RCX: 00007f186518e9a9 [ 726.665859][T15431] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 726.665879][T15431] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 726.665896][T15431] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 726.665915][T15431] R13: 0000000000000000 R14: 00007f18653b6160 R15: 00007ffe15bf91b8 [ 726.665958][T15431] [ 726.666636][T15431] Mem-Info: [ 727.026566][T15431] active_anon:3681 inactive_anon:24340 isolated_anon:0 [ 727.026566][T15431] active_file:22908 inactive_file:38003 isolated_file:0 [ 727.026566][T15431] unevictable:768 dirty:2281 writeback:0 [ 727.026566][T15431] slab_reclaimable:11624 slab_unreclaimable:95429 [ 727.026566][T15431] mapped:38447 shmem:16805 pagetables:1347 [ 727.026566][T15431] sec_pagetables:0 bounce:0 [ 727.026566][T15431] kernel_misc_reclaimable:0 [ 727.026566][T15431] free:1298242 free_pcp:10071 free_cma:0 [ 727.134069][T15431] Node 0 active_anon:14724kB inactive_anon:97360kB active_file:91496kB inactive_file:151884kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:153656kB dirty:9120kB writeback:0kB shmem:65684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12468kB pagetables:5248kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 727.257063][T15431] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 727.296766][T15431] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 727.411381][T15431] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 727.417220][T15431] Node 0 DMA32 free:1274076kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14680kB inactive_anon:98160kB active_file:90236kB inactive_file:151812kB unevictable:1536kB writepending:9120kB present:3129332kB managed:2540456kB mlocked:0kB bounce:0kB free_pcp:29548kB local_pcp:10528kB free_cma:0kB [ 727.479526][T15431] lowmem_reserve[]: 0 0 1 1 1 [ 727.484368][T15431] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1260kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 727.591160][T15431] lowmem_reserve[]: 0 0 0 0 0 [ 727.596019][T15431] Node 1 Normal free:3903232kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:128kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10464kB local_pcp:2048kB free_cma:0kB [ 727.692896][T15431] lowmem_reserve[]: 0 0 0 0 0 [ 727.697753][T15431] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 727.733468][T15431] Node 0 DMA32: 2*4kB (UE) 156*8kB (U) 56*16kB (UME) 151*32kB (UME) 138*64kB (UME) 201*128kB (UM) 111*256kB (ME) 60*512kB (ME) 47*1024kB (UM) 6*2048kB (UM) 271*4096kB (UM) = 1271112kB [ 727.831769][T15431] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 727.949455][T15431] Node 1 Normal: 214*4kB (UME) 61*8kB (UME) 50*16kB (UME) 241*32kB (UME) 106*64kB (UME) 32*128kB (UME) 18*256kB (UME) 4*512kB (UME) 3*1024kB (ME) 3*2048kB (UM) 944*4096kB (M) = 3903232kB [ 728.113027][T15431] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 728.312021][T15431] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 728.379551][T15431] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 728.424763][T15431] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 728.526172][T15431] 70789 total pagecache pages [ 728.540857][T15431] 5 pages in swap cache [ 728.579529][T15431] Free swap = 124832kB [ 728.583731][T15431] Total swap = 124996kB [ 728.623557][T15431] 2097051 pages RAM [ 728.627641][T15431] 0 pages HighMem/MovableOnly [ 728.652397][T15431] 429959 pages reserved [ 728.656604][T15431] 0 pages cma reserved [ 728.759231][T15431] tty tty26: ldisc open failed (-12), clearing slot 25 [ 729.144929][T15428] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 729.750994][T15463] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2151'. [ 732.113280][T15470] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 732.438330][T15511] random: crng reseeded on system resumption [ 732.470216][T15511] FAULT_INJECTION: forcing a failure. [ 732.470216][T15511] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 732.516204][T15511] CPU: 0 UID: 0 PID: 15511 Comm: syz.3.2159 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 732.516250][T15511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 732.516270][T15511] Call Trace: [ 732.516281][T15511] [ 732.516294][T15511] dump_stack_lvl+0x16c/0x1f0 [ 732.516333][T15511] should_fail_ex+0x512/0x640 [ 732.516373][T15511] should_fail_alloc_page+0xe7/0x130 [ 732.516416][T15511] prepare_alloc_pages+0x3c2/0x610 [ 732.516463][T15511] ? rcu_is_watching+0x12/0xc0 [ 732.516502][T15511] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 732.516549][T15511] ? stack_trace_save+0x8e/0xc0 [ 732.516588][T15511] ? __pfx_stack_trace_save+0x10/0x10 [ 732.516625][T15511] ? stack_depot_save_flags+0x28/0xa40 [ 732.516663][T15511] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 732.516714][T15511] ? kasan_save_stack+0x42/0x60 [ 732.516746][T15511] ? kasan_save_stack+0x33/0x60 [ 732.516785][T15511] ? do_dentry_open+0x744/0x1c10 [ 732.516816][T15511] ? vfs_open+0x82/0x3f0 [ 732.516855][T15511] ? path_openat+0x1de4/0x2cb0 [ 732.516885][T15511] ? do_filp_open+0x20b/0x470 [ 732.516914][T15511] ? do_sys_openat2+0x11b/0x1d0 [ 732.516956][T15511] ? __x64_sys_openat+0x174/0x210 [ 732.517000][T15511] ? do_syscall_64+0xcd/0x490 [ 732.517032][T15511] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.517069][T15511] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 732.517119][T15511] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 732.517175][T15511] ? policy_nodemask+0xea/0x4e0 [ 732.517219][T15511] alloc_pages_mpol+0x1fb/0x550 [ 732.517265][T15511] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 732.517320][T15511] alloc_pages_noprof+0x131/0x390 [ 732.517364][T15511] get_zeroed_page_noprof+0x18/0xb0 [ 732.517412][T15511] get_image_page+0x18/0x190 [ 732.517450][T15511] alloc_rtree_node+0x3c/0xb0 [ 732.517488][T15511] memory_bm_create+0x519/0x810 [ 732.517542][T15511] create_basic_memory_bitmaps+0xbd/0x320 [ 732.517588][T15511] snapshot_open+0x235/0x2b0 [ 732.517628][T15511] ? __pfx_snapshot_open+0x10/0x10 [ 732.517672][T15511] misc_open+0x35a/0x420 [ 732.517735][T15511] ? __pfx_misc_open+0x10/0x10 [ 732.517787][T15511] chrdev_open+0x231/0x6a0 [ 732.517823][T15511] ? __pfx_apparmor_file_open+0x10/0x10 [ 732.517878][T15511] ? __pfx_chrdev_open+0x10/0x10 [ 732.517919][T15511] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 732.517981][T15511] do_dentry_open+0x744/0x1c10 [ 732.518017][T15511] ? __pfx_chrdev_open+0x10/0x10 [ 732.518063][T15511] vfs_open+0x82/0x3f0 [ 732.518111][T15511] path_openat+0x1de4/0x2cb0 [ 732.518158][T15511] ? __pfx_path_openat+0x10/0x10 [ 732.518194][T15511] ? __lock_acquire+0xb8a/0x1c90 [ 732.518247][T15511] do_filp_open+0x20b/0x470 [ 732.518281][T15511] ? __pfx_do_filp_open+0x10/0x10 [ 732.518347][T15511] ? alloc_fd+0x471/0x7d0 [ 732.518414][T15511] do_sys_openat2+0x11b/0x1d0 [ 732.518458][T15511] ? __pfx_do_sys_openat2+0x10/0x10 [ 732.518521][T15511] __x64_sys_openat+0x174/0x210 [ 732.518566][T15511] ? __pfx___x64_sys_openat+0x10/0x10 [ 732.518630][T15511] do_syscall_64+0xcd/0x490 [ 732.518670][T15511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.518714][T15511] RIP: 0033:0x7f186518e9a9 [ 732.518742][T15511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.518775][T15511] RSP: 002b:00007f1862ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 732.518807][T15511] RAX: ffffffffffffffda RBX: 00007f18653b5fa0 RCX: 00007f186518e9a9 [ 732.518828][T15511] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 732.518849][T15511] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 732.518869][T15511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 732.518889][T15511] R13: 0000000000000000 R14: 00007f18653b5fa0 R15: 00007ffe15bf91b8 [ 732.518932][T15511] [ 735.369587][T15529] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 737.468233][ T5864] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 739.435547][T15588] FAULT_INJECTION: forcing a failure. [ 739.435547][T15588] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 739.485343][T15588] CPU: 1 UID: 0 PID: 15588 Comm: syz.0.2172 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 739.485396][T15588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 739.485417][T15588] Call Trace: [ 739.485428][T15588] [ 739.485442][T15588] dump_stack_lvl+0x16c/0x1f0 [ 739.485482][T15588] should_fail_ex+0x512/0x640 [ 739.485523][T15588] should_fail_alloc_page+0xe7/0x130 [ 739.485566][T15588] prepare_alloc_pages+0x3c2/0x610 [ 739.485621][T15588] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 739.485666][T15588] ? find_held_lock+0x2b/0x80 [ 739.485703][T15588] ? is_bpf_text_address+0x8a/0x1a0 [ 739.485749][T15588] ? bpf_ksym_find+0x124/0x1c0 [ 739.485788][T15588] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 739.485823][T15588] ? is_bpf_text_address+0x94/0x1a0 [ 739.485871][T15588] ? __kernel_text_address+0xd/0x40 [ 739.485925][T15588] ? unwind_get_return_address+0x59/0xa0 [ 739.486000][T15588] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 739.486056][T15588] ? policy_nodemask+0xea/0x4e0 [ 739.486099][T15588] alloc_pages_mpol+0x1fb/0x550 [ 739.486146][T15588] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 739.486184][T15588] ? kasan_save_stack+0x33/0x60 [ 739.486216][T15588] ? __kasan_kmalloc+0xaa/0xb0 [ 739.486247][T15588] ? __get_vm_area_node+0x101/0x330 [ 739.486315][T15588] alloc_pages_noprof+0x131/0x390 [ 739.486355][T15588] get_free_pages_noprof+0x10/0xb0 [ 739.486403][T15588] kasan_populate_vmalloc+0x89/0x1f0 [ 739.486467][T15588] alloc_vmap_area+0x959/0x29c0 [ 739.486527][T15588] ? __pfx_alloc_vmap_area+0x10/0x10 [ 739.486582][T15588] __get_vm_area_node+0x1ca/0x330 [ 739.486637][T15588] __vmalloc_node_range_noprof+0x271/0x14b0 [ 739.486706][T15588] ? n_tty_open+0x1a/0x170 [ 739.486750][T15588] ? do_raw_spin_unlock+0x172/0x230 [ 739.486818][T15588] ? n_tty_open+0x1a/0x170 [ 739.486874][T15588] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 739.486925][T15588] ? console_unlock+0x184/0x210 [ 739.486957][T15588] ? __pfx_console_unlock+0x10/0x10 [ 739.486995][T15588] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 739.487048][T15588] ? n_tty_open+0x1a/0x170 [ 739.487091][T15588] __vmalloc_node_noprof+0xad/0xf0 [ 739.487141][T15588] ? n_tty_open+0x1a/0x170 [ 739.487183][T15588] ? __pfx_n_tty_open+0x10/0x10 [ 739.487229][T15588] n_tty_open+0x1a/0x170 [ 739.487273][T15588] ? __pfx_n_tty_open+0x10/0x10 [ 739.487316][T15588] tty_ldisc_open+0x9c/0x120 [ 739.487349][T15588] tty_ldisc_setup+0x40/0x100 [ 739.487392][T15588] tty_init_dev.part.0+0x1ec/0x500 [ 739.487437][T15588] tty_open+0xa50/0xf90 [ 739.487486][T15588] ? __pfx_tty_open+0x10/0x10 [ 739.487527][T15588] ? chrdev_open+0x10b/0x6a0 [ 739.487569][T15588] ? __pfx_tty_open+0x10/0x10 [ 739.487608][T15588] chrdev_open+0x231/0x6a0 [ 739.487643][T15588] ? __pfx_apparmor_file_open+0x10/0x10 [ 739.487695][T15588] ? __pfx_chrdev_open+0x10/0x10 [ 739.487735][T15588] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 739.487796][T15588] do_dentry_open+0x744/0x1c10 [ 739.487831][T15588] ? __pfx_chrdev_open+0x10/0x10 [ 739.487878][T15588] vfs_open+0x82/0x3f0 [ 739.487927][T15588] path_openat+0x1de4/0x2cb0 [ 739.487976][T15588] ? __pfx_path_openat+0x10/0x10 [ 739.488011][T15588] ? __lock_acquire+0xb8a/0x1c90 [ 739.488062][T15588] do_filp_open+0x20b/0x470 [ 739.488096][T15588] ? __pfx_do_filp_open+0x10/0x10 [ 739.488164][T15588] ? alloc_fd+0x471/0x7d0 [ 739.488230][T15588] do_sys_openat2+0x11b/0x1d0 [ 739.488275][T15588] ? __pfx_do_sys_openat2+0x10/0x10 [ 739.488336][T15588] __x64_sys_openat+0x174/0x210 [ 739.488388][T15588] ? __pfx___x64_sys_openat+0x10/0x10 [ 739.488452][T15588] do_syscall_64+0xcd/0x490 [ 739.488490][T15588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.488523][T15588] RIP: 0033:0x7fdc2bf8e9a9 [ 739.488549][T15588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.488582][T15588] RSP: 002b:00007fdc2cea1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 739.488615][T15588] RAX: ffffffffffffffda RBX: 00007fdc2c1b6080 RCX: 00007fdc2bf8e9a9 [ 739.488636][T15588] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 739.488659][T15588] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 739.488679][T15588] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 739.488699][T15588] R13: 0000000000000000 R14: 00007fdc2c1b6080 R15: 00007fff4f9c9bd8 [ 739.488742][T15588] [ 739.488919][T15588] syz.0.2172: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 740.202892][T15588] CPU: 1 UID: 0 PID: 15588 Comm: syz.0.2172 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 740.202937][T15588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 740.202957][T15588] Call Trace: [ 740.202968][T15588] [ 740.202980][T15588] dump_stack_lvl+0x16c/0x1f0 [ 740.203020][T15588] warn_alloc+0x248/0x3a0 [ 740.203064][T15588] ? __pfx_warn_alloc+0x10/0x10 [ 740.203101][T15588] ? kfree+0x2b4/0x4d0 [ 740.203159][T15588] ? __get_vm_area_node+0x208/0x330 [ 740.203218][T15588] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 740.203270][T15588] ? do_raw_spin_unlock+0x172/0x230 [ 740.203336][T15588] ? n_tty_open+0x1a/0x170 [ 740.203392][T15588] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 740.203441][T15588] ? console_unlock+0x184/0x210 [ 740.203474][T15588] ? __pfx_console_unlock+0x10/0x10 [ 740.203510][T15588] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 740.203562][T15588] ? n_tty_open+0x1a/0x170 [ 740.203605][T15588] __vmalloc_node_noprof+0xad/0xf0 [ 740.203653][T15588] ? n_tty_open+0x1a/0x170 [ 740.203695][T15588] ? __pfx_n_tty_open+0x10/0x10 [ 740.203739][T15588] n_tty_open+0x1a/0x170 [ 740.203781][T15588] ? __pfx_n_tty_open+0x10/0x10 [ 740.203824][T15588] tty_ldisc_open+0x9c/0x120 [ 740.203854][T15588] tty_ldisc_setup+0x40/0x100 [ 740.203889][T15588] tty_init_dev.part.0+0x1ec/0x500 [ 740.203932][T15588] tty_open+0xa50/0xf90 [ 740.204006][T15588] ? __pfx_tty_open+0x10/0x10 [ 740.204054][T15588] ? chrdev_open+0x10b/0x6a0 [ 740.204095][T15588] ? __pfx_tty_open+0x10/0x10 [ 740.204135][T15588] chrdev_open+0x231/0x6a0 [ 740.204170][T15588] ? __pfx_apparmor_file_open+0x10/0x10 [ 740.204220][T15588] ? __pfx_chrdev_open+0x10/0x10 [ 740.204260][T15588] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 740.204321][T15588] do_dentry_open+0x744/0x1c10 [ 740.204355][T15588] ? __pfx_chrdev_open+0x10/0x10 [ 740.204400][T15588] vfs_open+0x82/0x3f0 [ 740.204449][T15588] path_openat+0x1de4/0x2cb0 [ 740.204497][T15588] ? __pfx_path_openat+0x10/0x10 [ 740.204532][T15588] ? __lock_acquire+0xb8a/0x1c90 [ 740.204584][T15588] do_filp_open+0x20b/0x470 [ 740.204618][T15588] ? __pfx_do_filp_open+0x10/0x10 [ 740.204684][T15588] ? alloc_fd+0x471/0x7d0 [ 740.204747][T15588] do_sys_openat2+0x11b/0x1d0 [ 740.204791][T15588] ? __pfx_do_sys_openat2+0x10/0x10 [ 740.204854][T15588] __x64_sys_openat+0x174/0x210 [ 740.204899][T15588] ? __pfx___x64_sys_openat+0x10/0x10 [ 740.204962][T15588] do_syscall_64+0xcd/0x490 [ 740.204997][T15588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.205031][T15588] RIP: 0033:0x7fdc2bf8e9a9 [ 740.205065][T15588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.205098][T15588] RSP: 002b:00007fdc2cea1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 740.205128][T15588] RAX: ffffffffffffffda RBX: 00007fdc2c1b6080 RCX: 00007fdc2bf8e9a9 [ 740.205149][T15588] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 740.205169][T15588] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 740.205187][T15588] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 740.205206][T15588] R13: 0000000000000000 R14: 00007fdc2c1b6080 R15: 00007fff4f9c9bd8 [ 740.205247][T15588] [ 740.205259][T15588] Mem-Info: [ 740.603726][T15588] active_anon:3564 inactive_anon:39212 isolated_anon:0 [ 740.603726][T15588] active_file:21402 inactive_file:38296 isolated_file:0 [ 740.603726][T15588] unevictable:768 dirty:474 writeback:0 [ 740.603726][T15588] slab_reclaimable:11660 slab_unreclaimable:96879 [ 740.603726][T15588] mapped:30486 shmem:30810 pagetables:1219 [ 740.603726][T15588] sec_pagetables:0 bounce:0 [ 740.603726][T15588] kernel_misc_reclaimable:0 [ 740.603726][T15588] free:1281510 free_pcp:12848 free_cma:0 [ 740.649639][ C0] vkms_vblank_simulate: vblank timer overrun [ 740.663814][T15588] Node 0 active_anon:14256kB inactive_anon:156348kB active_file:85472kB inactive_file:153056kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120912kB dirty:1892kB writeback:0kB shmem:121004kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12136kB pagetables:4736kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 740.697951][ C0] vkms_vblank_simulate: vblank timer overrun [ 740.794745][T15588] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 740.826597][ C0] vkms_vblank_simulate: vblank timer overrun [ 740.999960][T15594] Invalid ELF header magic: != ELF [ 741.100132][T15588] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 741.289483][T15588] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 741.304162][T15588] Node 0 DMA32 free:1210280kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14076kB inactive_anon:111648kB active_file:84276kB inactive_file:152920kB unevictable:1536kB writepending:2096kB present:3129332kB managed:2540456kB mlocked:0kB bounce:0kB free_pcp:84100kB local_pcp:36984kB free_cma:0kB [ 741.372218][T15588] lowmem_reserve[]: 0 0 1 1 1 [ 741.529490][T15588] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1260kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 741.670268][T15588] lowmem_reserve[]: 0 0 0 0 0 [ 741.675130][T15588] Node 1 Normal free:3906796kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:128kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:6900kB local_pcp:2424kB free_cma:0kB [ 741.748588][T15588] lowmem_reserve[]: 0 0 0 0 0 [ 741.767991][T15588] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 741.811237][T15588] Node 0 DMA32: 1732*4kB (UM) 592*8kB (UME) 135*16kB (UME) 243*32kB (UME) 130*64kB (UME) 32*128kB (UM) 15*256kB (UME) 30*512kB (UME) 47*1024kB (UM) 5*2048kB (UM) 271*4096kB (UM) = 1221600kB [ 741.845330][T15588] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 741.883544][T15588] Node 1 Normal: 209*4kB (UME) 57*8kB (UE) 44*16kB (UE) 239*32kB (UE) 107*64kB (UME) 31*128kB (UME) 17*256kB (UME) 4*512kB (UME) 3*1024kB (ME) 3*2048kB (U) 945*4096kB (M) = 3906796kB [ 741.902508][T15588] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 741.990802][T15588] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 742.000440][T15588] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 742.010597][T15588] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 742.020195][T15588] 69567 total pagecache pages [ 742.025066][T15588] 5 pages in swap cache [ 742.029243][T15588] Free swap = 120924kB [ 742.035196][T15588] Total swap = 124996kB [ 742.039522][T15588] 2097051 pages RAM [ 742.057953][T15588] 0 pages HighMem/MovableOnly [ 742.065614][T15588] 429959 pages reserved [ 742.070002][T15588] 0 pages cma reserved [ 742.074109][T15588] tty tty26: ldisc open failed (-12), clearing slot 25 [ 742.140748][T15601] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input126 [ 742.290653][T15602] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input125 [ 744.274658][T15641] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2181'. [ 745.892208][T15665] netlink: 'syz.3.2185': attribute type 1 has an invalid length. [ 748.591611][T15711] ALSA: mixer_oss: invalid OSS volume '' [ 748.903480][T15717] netlink: 'syz.2.2195': attribute type 1 has an invalid length. [ 749.181672][T15448] udevd[15448]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 749.242199][T15609] udevd[15609]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 750.195978][T15731] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2199'. [ 750.815530][T15734] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2196'. [ 751.868716][T15761] FAULT_INJECTION: forcing a failure. [ 751.868716][T15761] name failslab, interval 1, probability 0, space 0, times 0 [ 751.881663][T15763] netlink: 'syz.0.2206': attribute type 1 has an invalid length. [ 751.915761][T15761] CPU: 1 UID: 0 PID: 15761 Comm: syz.3.2204 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 751.915803][T15761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 751.915824][T15761] Call Trace: [ 751.915834][T15761] [ 751.915846][T15761] dump_stack_lvl+0x16c/0x1f0 [ 751.915884][T15761] should_fail_ex+0x512/0x640 [ 751.915916][T15761] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 751.915971][T15761] should_failslab+0xc2/0x120 [ 751.916022][T15761] __kmalloc_cache_noprof+0x6a/0x3e0 [ 751.916078][T15761] ? kstrdup_quotable_cmdline+0x52/0x210 [ 751.916134][T15761] kstrdup_quotable_cmdline+0x52/0x210 [ 751.916188][T15761] __report_access+0x4b/0x3c0 [ 751.916236][T15761] ? _raw_spin_unlock_irq+0x23/0x50 [ 751.916292][T15761] task_work_run+0x150/0x240 [ 751.916347][T15761] ? __pfx_task_work_run+0x10/0x10 [ 751.916413][T15761] exit_to_user_mode_loop+0xeb/0x110 [ 751.916470][T15761] do_syscall_64+0x3f6/0x490 [ 751.916509][T15761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.916543][T15761] RIP: 0033:0x7f186518e9a9 [ 751.916570][T15761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 751.916602][T15761] RSP: 002b:00007f1862fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 751.916633][T15761] RAX: ffffffffffffffff RBX: 00007f18653b6080 RCX: 00007f186518e9a9 [ 751.916654][T15761] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 751.916674][T15761] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 751.916693][T15761] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000000 [ 751.916712][T15761] R13: 0000000000000000 R14: 00007f18653b6080 R15: 00007ffe15bf91b8 [ 751.916755][T15761] [ 751.916846][T15761] ptrace attach of "(null)"[5859] was attempted by "./syz-executor exec"[15761] [ 752.380577][T15768] random: crng reseeded on system resumption [ 753.034843][T15776] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2209'. [ 754.949372][T15812] random: crng reseeded on system resumption [ 755.011059][T15812] FAULT_INJECTION: forcing a failure. [ 755.011059][T15812] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 755.146195][T15812] CPU: 1 UID: 0 PID: 15812 Comm: syz.3.2218 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 755.146240][T15812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 755.146259][T15812] Call Trace: [ 755.146270][T15812] [ 755.146283][T15812] dump_stack_lvl+0x16c/0x1f0 [ 755.146322][T15812] should_fail_ex+0x512/0x640 [ 755.146382][T15812] should_fail_alloc_page+0xe7/0x130 [ 755.146427][T15812] prepare_alloc_pages+0x3c2/0x610 [ 755.146474][T15812] ? rcu_is_watching+0x12/0xc0 [ 755.146514][T15812] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 755.146563][T15812] ? stack_trace_save+0x8e/0xc0 [ 755.146602][T15812] ? __pfx_stack_trace_save+0x10/0x10 [ 755.146640][T15812] ? stack_depot_save_flags+0x28/0xa40 [ 755.146678][T15812] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 755.146720][T15812] ? kasan_save_stack+0x42/0x60 [ 755.146752][T15812] ? kasan_save_stack+0x33/0x60 [ 755.146790][T15812] ? do_dentry_open+0x744/0x1c10 [ 755.146822][T15812] ? vfs_open+0x82/0x3f0 [ 755.146861][T15812] ? path_openat+0x1de4/0x2cb0 [ 755.146889][T15812] ? do_filp_open+0x20b/0x470 [ 755.146917][T15812] ? do_sys_openat2+0x11b/0x1d0 [ 755.146966][T15812] ? __x64_sys_openat+0x174/0x210 [ 755.147009][T15812] ? do_syscall_64+0xcd/0x490 [ 755.147040][T15812] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.147074][T15812] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 755.147122][T15812] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 755.147174][T15812] ? policy_nodemask+0xea/0x4e0 [ 755.147221][T15812] alloc_pages_mpol+0x1fb/0x550 [ 755.147262][T15812] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 755.147314][T15812] alloc_pages_noprof+0x131/0x390 [ 755.147354][T15812] get_zeroed_page_noprof+0x18/0xb0 [ 755.147399][T15812] get_image_page+0x18/0x190 [ 755.147432][T15812] alloc_rtree_node+0x3c/0xb0 [ 755.147467][T15812] memory_bm_create+0x519/0x810 [ 755.147517][T15812] create_basic_memory_bitmaps+0xbd/0x320 [ 755.147564][T15812] snapshot_open+0x235/0x2b0 [ 755.147605][T15812] ? __pfx_snapshot_open+0x10/0x10 [ 755.147649][T15812] misc_open+0x35a/0x420 [ 755.147698][T15812] ? __pfx_misc_open+0x10/0x10 [ 755.147747][T15812] chrdev_open+0x231/0x6a0 [ 755.147781][T15812] ? __pfx_apparmor_file_open+0x10/0x10 [ 755.147830][T15812] ? __pfx_chrdev_open+0x10/0x10 [ 755.147869][T15812] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 755.147927][T15812] do_dentry_open+0x744/0x1c10 [ 755.147971][T15812] ? __pfx_chrdev_open+0x10/0x10 [ 755.148018][T15812] vfs_open+0x82/0x3f0 [ 755.148066][T15812] path_openat+0x1de4/0x2cb0 [ 755.148113][T15812] ? __pfx_path_openat+0x10/0x10 [ 755.148148][T15812] ? __lock_acquire+0xb8a/0x1c90 [ 755.148200][T15812] do_filp_open+0x20b/0x470 [ 755.148233][T15812] ? __pfx_do_filp_open+0x10/0x10 [ 755.148292][T15812] ? alloc_fd+0x471/0x7d0 [ 755.148355][T15812] do_sys_openat2+0x11b/0x1d0 [ 755.148398][T15812] ? __pfx_do_sys_openat2+0x10/0x10 [ 755.148461][T15812] __x64_sys_openat+0x174/0x210 [ 755.148506][T15812] ? __pfx___x64_sys_openat+0x10/0x10 [ 755.148567][T15812] do_syscall_64+0xcd/0x490 [ 755.148605][T15812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.148639][T15812] RIP: 0033:0x7f186518e9a9 [ 755.148666][T15812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.148699][T15812] RSP: 002b:00007f1862ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 755.148730][T15812] RAX: ffffffffffffffda RBX: 00007f18653b5fa0 RCX: 00007f186518e9a9 [ 755.148752][T15812] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 755.148773][T15812] RBP: 00007f1865210d69 R08: 0000000000000000 R09: 0000000000000000 [ 755.148793][T15812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.148811][T15812] R13: 0000000000000000 R14: 00007f18653b5fa0 R15: 00007ffe15bf91b8 [ 755.148853][T15812] [ 755.973820][T15805] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2217'. [ 756.430702][T15825] program syz.2.2223 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 757.507585][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.514059][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 758.716948][T15826] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 759.025242][T15856] random: crng reseeded on system resumption [ 759.047013][T15856] FAULT_INJECTION: forcing a failure. [ 759.047013][T15856] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 759.068111][T15856] CPU: 0 UID: 0 PID: 15856 Comm: syz.0.2230 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 759.068156][T15856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 759.068176][T15856] Call Trace: [ 759.068186][T15856] [ 759.068199][T15856] dump_stack_lvl+0x16c/0x1f0 [ 759.068239][T15856] should_fail_ex+0x512/0x640 [ 759.068280][T15856] should_fail_alloc_page+0xe7/0x130 [ 759.068325][T15856] prepare_alloc_pages+0x3c2/0x610 [ 759.068374][T15856] ? rcu_is_watching+0x12/0xc0 [ 759.068415][T15856] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 759.068465][T15856] ? stack_trace_save+0x8e/0xc0 [ 759.068504][T15856] ? __pfx_stack_trace_save+0x10/0x10 [ 759.068543][T15856] ? stack_depot_save_flags+0x28/0xa40 [ 759.068589][T15856] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 759.068631][T15856] ? kasan_save_stack+0x42/0x60 [ 759.068662][T15856] ? kasan_save_stack+0x33/0x60 [ 759.068701][T15856] ? do_dentry_open+0x744/0x1c10 [ 759.068733][T15856] ? vfs_open+0x82/0x3f0 [ 759.068771][T15856] ? path_openat+0x1de4/0x2cb0 [ 759.068799][T15856] ? do_filp_open+0x20b/0x470 [ 759.068827][T15856] ? do_sys_openat2+0x11b/0x1d0 [ 759.068869][T15856] ? __x64_sys_openat+0x174/0x210 [ 759.068913][T15856] ? do_syscall_64+0xcd/0x490 [ 759.068946][T15856] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.068984][T15856] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 759.069033][T15856] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 759.069088][T15856] ? policy_nodemask+0xea/0x4e0 [ 759.069130][T15856] alloc_pages_mpol+0x1fb/0x550 [ 759.069172][T15856] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 759.069224][T15856] alloc_pages_noprof+0x131/0x390 [ 759.069266][T15856] get_zeroed_page_noprof+0x18/0xb0 [ 759.069311][T15856] get_image_page+0x18/0x190 [ 759.069347][T15856] alloc_rtree_node+0x3c/0xb0 [ 759.069383][T15856] memory_bm_create+0x519/0x810 [ 759.069436][T15856] create_basic_memory_bitmaps+0xbd/0x320 [ 759.069482][T15856] snapshot_open+0x235/0x2b0 [ 759.069524][T15856] ? __pfx_snapshot_open+0x10/0x10 [ 759.069576][T15856] misc_open+0x35a/0x420 [ 759.069629][T15856] ? __pfx_misc_open+0x10/0x10 [ 759.069678][T15856] chrdev_open+0x231/0x6a0 [ 759.069713][T15856] ? __pfx_apparmor_file_open+0x10/0x10 [ 759.069763][T15856] ? __pfx_chrdev_open+0x10/0x10 [ 759.069803][T15856] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 759.069863][T15856] do_dentry_open+0x744/0x1c10 [ 759.069899][T15856] ? __pfx_chrdev_open+0x10/0x10 [ 759.069945][T15856] vfs_open+0x82/0x3f0 [ 759.069993][T15856] path_openat+0x1de4/0x2cb0 [ 759.070042][T15856] ? __pfx_path_openat+0x10/0x10 [ 759.070078][T15856] ? __lock_acquire+0xb8a/0x1c90 [ 759.070131][T15856] do_filp_open+0x20b/0x470 [ 759.070165][T15856] ? __pfx_do_filp_open+0x10/0x10 [ 759.070232][T15856] ? alloc_fd+0x471/0x7d0 [ 759.070299][T15856] do_sys_openat2+0x11b/0x1d0 [ 759.070345][T15856] ? __pfx_do_sys_openat2+0x10/0x10 [ 759.070407][T15856] __x64_sys_openat+0x174/0x210 [ 759.070454][T15856] ? __pfx___x64_sys_openat+0x10/0x10 [ 759.070520][T15856] do_syscall_64+0xcd/0x490 [ 759.070560][T15856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.070604][T15856] RIP: 0033:0x7fdc2bf8e9a9 [ 759.070630][T15856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.070664][T15856] RSP: 002b:00007fdc2cec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 759.070695][T15856] RAX: ffffffffffffffda RBX: 00007fdc2c1b5fa0 RCX: 00007fdc2bf8e9a9 [ 759.070718][T15856] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 759.070739][T15856] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 759.070759][T15856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.070779][T15856] R13: 0000000000000000 R14: 00007fdc2c1b5fa0 R15: 00007fff4f9c9bd8 [ 759.070824][T15856] [ 759.129057][T15848] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2228'. [ 759.133033][ C0] vkms_vblank_simulate: vblank timer overrun [ 759.860800][T15872] ucma_write: process 2115 (syz.3.2232) changed security contexts after opening file descriptor, this is not allowed. [ 759.968078][T15845] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2227'. [ 762.501503][T15877] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 762.607787][T15919] random: crng reseeded on system resumption [ 762.616570][T15919] FAULT_INJECTION: forcing a failure. [ 762.616570][T15919] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 762.689554][T15919] CPU: 1 UID: 0 PID: 15919 Comm: syz.0.2240 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 762.689597][T15919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 762.689616][T15919] Call Trace: [ 762.689626][T15919] [ 762.689639][T15919] dump_stack_lvl+0x16c/0x1f0 [ 762.689678][T15919] should_fail_ex+0x512/0x640 [ 762.689720][T15919] should_fail_alloc_page+0xe7/0x130 [ 762.689764][T15919] prepare_alloc_pages+0x3c2/0x610 [ 762.689810][T15919] ? rcu_is_watching+0x12/0xc0 [ 762.689850][T15919] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 762.689899][T15919] ? stack_trace_save+0x8e/0xc0 [ 762.689937][T15919] ? __pfx_stack_trace_save+0x10/0x10 [ 762.689974][T15919] ? stack_depot_save_flags+0x28/0xa40 [ 762.690012][T15919] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 762.690053][T15919] ? kasan_save_stack+0x42/0x60 [ 762.690083][T15919] ? kasan_save_stack+0x33/0x60 [ 762.690120][T15919] ? do_dentry_open+0x744/0x1c10 [ 762.690151][T15919] ? vfs_open+0x82/0x3f0 [ 762.690186][T15919] ? path_openat+0x1de4/0x2cb0 [ 762.690214][T15919] ? do_filp_open+0x20b/0x470 [ 762.690241][T15919] ? do_sys_openat2+0x11b/0x1d0 [ 762.690290][T15919] ? __x64_sys_openat+0x174/0x210 [ 762.690333][T15919] ? do_syscall_64+0xcd/0x490 [ 762.690365][T15919] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.690403][T15919] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 762.690453][T15919] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 762.690505][T15919] ? policy_nodemask+0xea/0x4e0 [ 762.690546][T15919] alloc_pages_mpol+0x1fb/0x550 [ 762.690587][T15919] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 762.690638][T15919] alloc_pages_noprof+0x131/0x390 [ 762.690679][T15919] get_zeroed_page_noprof+0x18/0xb0 [ 762.690723][T15919] get_image_page+0x18/0x190 [ 762.690758][T15919] alloc_rtree_node+0x3c/0xb0 [ 762.690793][T15919] memory_bm_create+0x519/0x810 [ 762.690845][T15919] create_basic_memory_bitmaps+0xbd/0x320 [ 762.690892][T15919] snapshot_open+0x235/0x2b0 [ 762.690933][T15919] ? __pfx_snapshot_open+0x10/0x10 [ 762.690988][T15919] misc_open+0x35a/0x420 [ 762.691034][T15919] ? __pfx_misc_open+0x10/0x10 [ 762.691081][T15919] chrdev_open+0x231/0x6a0 [ 762.691113][T15919] ? __pfx_apparmor_file_open+0x10/0x10 [ 762.691161][T15919] ? __pfx_chrdev_open+0x10/0x10 [ 762.691198][T15919] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 762.691254][T15919] do_dentry_open+0x744/0x1c10 [ 762.691294][T15919] ? __pfx_chrdev_open+0x10/0x10 [ 762.691337][T15919] vfs_open+0x82/0x3f0 [ 762.691384][T15919] path_openat+0x1de4/0x2cb0 [ 762.691430][T15919] ? __pfx_path_openat+0x10/0x10 [ 762.691464][T15919] ? __lock_acquire+0xb8a/0x1c90 [ 762.691513][T15919] do_filp_open+0x20b/0x470 [ 762.691545][T15919] ? __pfx_do_filp_open+0x10/0x10 [ 762.691608][T15919] ? alloc_fd+0x471/0x7d0 [ 762.691670][T15919] do_sys_openat2+0x11b/0x1d0 [ 762.691712][T15919] ? __pfx_do_sys_openat2+0x10/0x10 [ 762.691771][T15919] __x64_sys_openat+0x174/0x210 [ 762.691815][T15919] ? __pfx___x64_sys_openat+0x10/0x10 [ 762.691876][T15919] do_syscall_64+0xcd/0x490 [ 762.691913][T15919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.691946][T15919] RIP: 0033:0x7fdc2bf8e9a9 [ 762.691972][T15919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 762.692004][T15919] RSP: 002b:00007fdc2cec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 762.692053][T15919] RAX: ffffffffffffffda RBX: 00007fdc2c1b5fa0 RCX: 00007fdc2bf8e9a9 [ 762.692075][T15919] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 762.692098][T15919] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 762.692118][T15919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 762.692138][T15919] R13: 0000000000000000 R14: 00007fdc2c1b5fa0 R15: 00007fff4f9c9bd8 [ 762.692182][T15919] [ 763.072654][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.394972][T15952] FAULT_INJECTION: forcing a failure. [ 764.394972][T15952] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 764.410862][T15952] CPU: 1 UID: 0 PID: 15952 Comm: syz.0.2248 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 764.410907][T15952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 764.410935][T15952] Call Trace: [ 764.410946][T15952] [ 764.410958][T15952] dump_stack_lvl+0x16c/0x1f0 [ 764.411000][T15952] should_fail_ex+0x512/0x640 [ 764.411041][T15952] should_fail_alloc_page+0xe7/0x130 [ 764.411085][T15952] prepare_alloc_pages+0x3c2/0x610 [ 764.411133][T15952] ? rcu_is_watching+0x12/0xc0 [ 764.411175][T15952] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 764.411214][T15952] ? __lock_acquire+0xb8a/0x1c90 [ 764.411277][T15952] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 764.411314][T15952] ? do_raw_spin_lock+0x12c/0x2b0 [ 764.411368][T15952] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 764.411431][T15952] ? __lock_acquire+0xb8a/0x1c90 [ 764.411484][T15952] ? __lock_acquire+0xb8a/0x1c90 [ 764.411529][T15952] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 764.411583][T15952] ? policy_nodemask+0xea/0x4e0 [ 764.411626][T15952] alloc_pages_mpol+0x1fb/0x550 [ 764.411668][T15952] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 764.411706][T15952] ? do_raw_spin_unlock+0x172/0x230 [ 764.411768][T15952] folio_alloc_mpol_noprof+0x36/0x2f0 [ 764.411817][T15952] shmem_alloc_folio+0x135/0x160 [ 764.411868][T15952] shmem_alloc_and_add_folio+0x499/0xc20 [ 764.411950][T15952] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 764.412009][T15952] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 764.412051][T15952] shmem_get_folio_gfp+0x67f/0x1600 [ 764.412093][T15952] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 764.412128][T15952] ? __lock_acquire+0x622/0x1c90 [ 764.412179][T15952] shmem_fault+0x1fe/0xa30 [ 764.412214][T15952] ? __pfx_shmem_fault+0x10/0x10 [ 764.412269][T15952] __do_fault+0x10a/0x490 [ 764.412303][T15952] ? __pfx_filemap_map_pages+0x10/0x10 [ 764.412339][T15952] __handle_mm_fault+0x3c2a/0x5490 [ 764.412401][T15952] ? __pfx___handle_mm_fault+0x10/0x10 [ 764.412450][T15952] ? __pfx_mt_find+0x10/0x10 [ 764.412510][T15952] ? find_vma+0xbf/0x140 [ 764.412548][T15952] ? __pfx_find_vma+0x10/0x10 [ 764.412593][T15952] handle_mm_fault+0x589/0xd10 [ 764.412664][T15952] ? __pkru_allows_pkey+0x51/0xb0 [ 764.412714][T15952] do_user_addr_fault+0x7a6/0x1370 [ 764.412768][T15952] ? rcu_is_watching+0x12/0xc0 [ 764.412808][T15952] exc_page_fault+0x5c/0xb0 [ 764.412864][T15952] asm_exc_page_fault+0x26/0x30 [ 764.412897][T15952] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 764.412950][T15952] Code: 11 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 764.412984][T15952] RSP: 0018:ffffc90017ef78a8 EFLAGS: 00050206 [ 764.413012][T15952] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000 [ 764.413032][T15952] RDX: 0000000000000000 RSI: 0000000000010000 RDI: ffff888025e9f000 [ 764.413051][T15952] RBP: 0000000000010000 R08: 0000000000000001 R09: ffffed1004bd3fff [ 764.413071][T15952] R10: ffff888025e9ffff R11: 0000000000000000 R12: ffffc90017ef7d38 [ 764.413090][T15952] R13: 0000000000011000 R14: ffff888025e9f000 R15: 00007ffffffff000 [ 764.413134][T15952] _copy_from_iter+0x383/0x16f0 [ 764.413181][T15952] ? anon_pipe_write+0x6f1/0x1a70 [ 764.413216][T15952] ? __pfx__copy_from_iter+0x10/0x10 [ 764.413254][T15952] ? __pfx___mutex_lock+0x10/0x10 [ 764.413307][T15952] copy_page_from_iter+0xde/0x180 [ 764.413352][T15952] anon_pipe_write+0xbe7/0x1a70 [ 764.413406][T15952] ? __pfx_anon_pipe_write+0x10/0x10 [ 764.413444][T15952] ? __pfx_autoremove_wake_function+0x10/0x10 [ 764.413489][T15952] ? __futex_wait+0x24c/0x2f0 [ 764.413547][T15952] do_iter_readv_writev+0x657/0x950 [ 764.413603][T15952] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 764.413663][T15952] ? bpf_lsm_file_permission+0x9/0x10 [ 764.413706][T15952] ? security_file_permission+0x71/0x210 [ 764.413759][T15952] ? rw_verify_area+0xcf/0x680 [ 764.413813][T15952] vfs_writev+0x35f/0xde0 [ 764.413876][T15952] ? __pfx_vfs_writev+0x10/0x10 [ 764.413970][T15952] ? __fget_files+0x20e/0x3c0 [ 764.414037][T15952] ? do_writev+0x28c/0x340 [ 764.414086][T15952] do_writev+0x28c/0x340 [ 764.414137][T15952] ? __pfx_do_writev+0x10/0x10 [ 764.414204][T15952] do_syscall_64+0xcd/0x490 [ 764.414242][T15952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.414275][T15952] RIP: 0033:0x7fdc2bf8e9a9 [ 764.414301][T15952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 764.414334][T15952] RSP: 002b:00007fdc2cec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 764.414363][T15952] RAX: ffffffffffffffda RBX: 00007fdc2c1b5fa0 RCX: 00007fdc2bf8e9a9 [ 764.414383][T15952] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000001 [ 764.414402][T15952] RBP: 00007fdc2c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 764.414420][T15952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 764.414439][T15952] R13: 0000000000000000 R14: 00007fdc2c1b5fa0 R15: 00007fff4f9c9bd8 [ 764.414481][T15952] [ 765.624076][T15958] Invalid ELF header magic: != ELF [ 769.072414][T16011] netlink: 'syz.3.2262': attribute type 1 has an invalid length. [ 771.618294][T16052] vivid-003: ================= START STATUS ================= [ 771.627869][T16052] vivid-003: Radio HW Seek Mode: Bounded [ 771.633548][T16052] vivid-003: Radio Programmable HW Seek: false [ 771.680107][T16052] vivid-003: RDS Rx I/O Mode: Block I/O [ 771.686727][T16052] vivid-003: Generate RBDS Instead of RDS: false [ 771.693734][T16052] vivid-003: RDS Reception: true [ 771.698918][T16052] vivid-003: RDS Program Type: 0 inactive [ 771.709083][T16052] vivid-003: RDS PS Name: inactive [ 771.714347][T16052] vivid-003: RDS Radio Text: inactive [ 771.736317][T16052] vivid-003: RDS Traffic Announcement: false inactive [ 771.766835][T16052] vivid-003: RDS Traffic Program: false inactive [ 771.773258][T16052] vivid-003: RDS Music: false inactive [ 771.783052][T16052] vivid-003: ================== END STATUS ================== [ 772.630894][T16069] netlink: zone id is out of range [ 772.649483][T16069] netlink: zone id is out of range [ 772.721402][T16069] netlink: zone id is out of range [ 772.785850][T16069] netlink: zone id is out of range [ 772.791108][T16069] netlink: zone id is out of range [ 772.867510][T16069] netlink: zone id is out of range [ 772.921594][T16069] netlink: zone id is out of range [ 772.992513][T16069] netlink: zone id is out of range [ 773.014437][T16069] netlink: zone id is out of range [ 773.021674][T16069] netlink: zone id is out of range [ 773.912449][ T30] audit: type=1804 audit(6048131750.874:14): pid=16097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2278" name="/newroot/580/file0" dev="tmpfs" ino=3049 res=1 errno=0 [ 773.963536][ T30] audit: type=1800 audit(6048131750.904:15): pid=16097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2278" name="file0" dev="tmpfs" ino=3049 res=0 errno=0 [ 774.711272][T16113] random: crng reseeded on system resumption [ 774.877176][T16120] netlink: 'syz.1.2282': attribute type 1 has an invalid length. [ 777.209161][T16132] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 777.355385][T16160] random: crng reseeded on system resumption [ 778.556320][T16152] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 780.004339][T16183] device-mapper: ioctl: Unable to rename non-existent device,  to [ 780.417386][T16196] random: crng reseeded on system resumption [ 781.535455][T16211] random: crng reseeded on system resumption [ 782.499862][T16206] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2294'. [ 782.955129][T16205] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 783.502011][T16235] FAULT_INJECTION: forcing a failure. [ 783.502011][T16235] name failslab, interval 1, probability 0, space 0, times 0 [ 783.516951][T16235] CPU: 1 UID: 0 PID: 16235 Comm: syz.0.2304 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 783.516990][T16235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 783.517009][T16235] Call Trace: [ 783.517019][T16235] [ 783.517031][T16235] dump_stack_lvl+0x16c/0x1f0 [ 783.517070][T16235] should_fail_ex+0x512/0x640 [ 783.517103][T16235] ? fs_reclaim_acquire+0xae/0x150 [ 783.517153][T16235] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 783.517192][T16235] should_failslab+0xc2/0x120 [ 783.517232][T16235] __kmalloc_noprof+0xd2/0x510 [ 783.517275][T16235] tomoyo_realpath_from_path+0xc2/0x6e0 [ 783.517312][T16235] ? tomoyo_profile+0x47/0x60 [ 783.517353][T16235] tomoyo_path_number_perm+0x245/0x580 [ 783.517400][T16235] ? tomoyo_path_number_perm+0x237/0x580 [ 783.517451][T16235] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 783.517500][T16235] ? find_held_lock+0x2b/0x80 [ 783.517573][T16235] ? find_held_lock+0x2b/0x80 [ 783.517607][T16235] ? hook_file_ioctl_common+0x145/0x410 [ 783.517654][T16235] ? __fget_files+0x20e/0x3c0 [ 783.517697][T16235] security_file_ioctl+0x9b/0x240 [ 783.517735][T16235] __x64_sys_ioctl+0xb7/0x210 [ 783.517771][T16235] do_syscall_64+0xcd/0x490 [ 783.517797][T16235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.517822][T16235] RIP: 0033:0x7fdc2bf8e9a9 [ 783.517840][T16235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.517864][T16235] RSP: 002b:00007fdc2cea1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 783.517886][T16235] RAX: ffffffffffffffda RBX: 00007fdc2c1b6080 RCX: 00007fdc2bf8e9a9 [ 783.517902][T16235] RDX: 0000000000000000 RSI: 0000000000006f2a RDI: 0000000000000007 [ 783.517916][T16235] RBP: 00007fdc2cea1090 R08: 0000000000000000 R09: 0000000000000000 [ 783.517931][T16235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 783.517946][T16235] R13: 0000000000000000 R14: 00007fdc2c1b6080 R15: 00007fff4f9c9bd8 [ 783.517976][T16235] [ 783.618945][T16235] ERROR: Out of memory at tomoyo_realpath_from_path. [ 786.824866][T16273] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2309'. [ 787.003365][T16277] ptrace attach of "./syz-executor exec"[5859] was attempted by "./syz-executor exec"[16277] [ 787.302614][T16267] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2309'. [ 787.332124][T16282] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input135 [ 788.075587][T16291] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2313'. [ 789.657113][T16319] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2318'. [ 789.950029][T16326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2320'. [ 790.172926][T16305] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 790.180647][T14579] Bluetooth: hci1: Malformed Event: 0x02 [ 791.338620][T16356] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input137 [ 791.952267][T16367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2326'. [ 792.680443][T16381] netlink: 'syz.2.2331': attribute type 1 has an invalid length. [ 793.369386][T16397] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2336'. [ 794.160381][T16368] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 795.451029][ T5864] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 795.461978][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 795.489704][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 795.512956][ T5864] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 795.521121][ T5864] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 795.720242][T16427] netlink: 'syz.0.2342': attribute type 1 has an invalid length. [ 795.803119][T16429] batman_adv: Routing algorithm '' is not supported [ 795.967738][ T6584] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.240650][ T6584] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.451161][ T6584] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 796.766442][ T6584] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 797.073739][ T6584] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 797.561882][ T5864] Bluetooth: hci1: command tx timeout [ 797.566729][T16423] chnl_net:caif_netlink_parms(): no params data found [ 798.523992][T16445] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 799.653059][ T5864] Bluetooth: hci1: command tx timeout [ 800.040940][ T6584] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 800.147005][ T6584] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 800.269199][T16468] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 800.271609][ T6584] bond0 (unregistering): Released all slaves [ 800.634192][ T6584] HfR: left promiscuous mode [ 800.895298][T16423] bridge0: port 1(bridge_slave_0) entered blocking state [ 800.930436][T16423] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.937843][T16423] bridge_slave_0: entered allmulticast mode [ 800.961398][T16423] bridge_slave_0: entered promiscuous mode [ 800.977978][ T6584] tipc: Left network mode [ 801.042899][T16423] bridge0: port 2(bridge_slave_1) entered blocking state [ 801.052544][T16423] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.064089][T16423] bridge_slave_1: entered allmulticast mode [ 801.072013][T16423] bridge_slave_1: entered promiscuous mode [ 801.126471][T16488] netlink: 'syz.3.2351': attribute type 1 has an invalid length. [ 801.439195][T16423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 801.535215][T16423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 801.594453][T16498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2352'. [ 801.713329][T16498] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2352'. [ 801.720092][ T5864] Bluetooth: hci1: command tx timeout [ 802.216523][T16423] team0: Port device team_slave_0 added [ 802.228610][T16423] team0: Port device team_slave_1 added [ 802.484870][T16423] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 802.496007][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.527929][T16423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 802.580550][T16423] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 802.587531][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.676076][T16423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 802.794489][T16495] ima: policy update failed [ 802.819408][ T30] audit: type=1802 audit(6048131779.779:16): pid=16495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2352" res=0 errno=0 [ 802.874284][ T6584] hsr_slave_1: left promiscuous mode [ 802.884053][ T6584] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 802.893027][ T6584] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 802.909725][ T6584] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 802.917396][ T6584] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 802.943153][ T6584] veth1_macvtap: left promiscuous mode [ 803.569471][ T6584] team0 (unregistering): Port device team_slave_1 removed [ 803.642722][ T6584] team0 (unregistering): Port device team_slave_0 removed [ 803.802841][ T5864] Bluetooth: hci1: command tx timeout [ 804.050851][T16505] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 804.426336][T16423] hsr_slave_0: entered promiscuous mode [ 804.443597][T16423] hsr_slave_1: entered promiscuous mode [ 804.463364][T16423] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 804.473467][T16423] Cannot create hsr debugfs directory [ 805.594135][T16529] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2357'. [ 806.150271][T16539] netlink: 'syz.3.2359': attribute type 1 has an invalid length. [ 807.489521][T16423] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 807.616208][T16423] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 807.704051][T16423] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 807.731554][T16423] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 808.490148][T16423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.860263][T16423] 8021q: adding VLAN 0 to HW filter on device team0 [ 808.874997][ T6584] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.882221][ T6584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 808.994925][T10843] bridge0: port 2(bridge_slave_1) entered blocking state [ 809.002174][T10843] bridge0: port 2(bridge_slave_1) entered forwarding state [ 809.373877][T16423] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 809.394656][T16423] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 810.075840][T16587] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 810.375065][T16423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 810.694461][T16423] veth0_vlan: entered promiscuous mode [ 810.758462][T16423] veth1_vlan: entered promiscuous mode [ 810.847989][T16423] veth0_macvtap: entered promiscuous mode [ 810.890195][T16423] veth1_macvtap: entered promiscuous mode [ 811.033147][T16423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 811.178503][T16423] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 811.212944][T16423] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.243763][T16423] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.284982][T16423] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.342215][T16423] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.815636][T10843] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.984561][T10843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.114202][ T6951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.186113][ T6951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.008087][T16649] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2337'. [ 813.316725][ T30] audit: type=1800 audit(6048131790.294:17): pid=16651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2373" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 814.020829][T16639] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 815.933016][T14579] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 815.947021][T14579] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 815.956996][T14579] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 815.968032][T14579] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 815.976854][T14579] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 816.200939][T16676] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 816.773771][T16707] FAULT_INJECTION: forcing a failure. [ 816.773771][T16707] name failslab, interval 1, probability 0, space 0, times 0 [ 816.786624][T16707] CPU: 0 UID: 0 PID: 16707 Comm: syz.2.2382 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 816.786662][T16707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 816.786681][T16707] Call Trace: [ 816.786691][T16707] [ 816.786703][T16707] dump_stack_lvl+0x16c/0x1f0 [ 816.786740][T16707] should_fail_ex+0x512/0x640 [ 816.786772][T16707] ? fs_reclaim_acquire+0xae/0x150 [ 816.786819][T16707] ? tomoyo_encode2+0x100/0x3e0 [ 816.786846][T16707] should_failslab+0xc2/0x120 [ 816.786883][T16707] __kmalloc_noprof+0xd2/0x510 [ 816.786914][T16707] ? d_absolute_path+0x136/0x1a0 [ 816.786960][T16707] tomoyo_encode2+0x100/0x3e0 [ 816.786995][T16707] tomoyo_encode+0x29/0x50 [ 816.787023][T16707] tomoyo_realpath_from_path+0x18f/0x6e0 [ 816.787066][T16707] tomoyo_path_number_perm+0x245/0x580 [ 816.787109][T16707] ? tomoyo_path_number_perm+0x237/0x580 [ 816.787177][T16707] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 816.787228][T16707] ? find_held_lock+0x2b/0x80 [ 816.787310][T16707] ? find_held_lock+0x2b/0x80 [ 816.787343][T16707] ? hook_file_ioctl_common+0x145/0x410 [ 816.787392][T16707] ? __fget_files+0x20e/0x3c0 [ 816.787439][T16707] security_file_ioctl+0x9b/0x240 [ 816.787487][T16707] __x64_sys_ioctl+0xb7/0x210 [ 816.787526][T16707] do_syscall_64+0xcd/0x490 [ 816.787556][T16707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.787582][T16707] RIP: 0033:0x7f1a39f8e9a9 [ 816.787602][T16707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 816.787628][T16707] RSP: 002b:00007f1a3ad4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 816.787652][T16707] RAX: ffffffffffffffda RBX: 00007f1a3a1b6080 RCX: 00007f1a39f8e9a9 [ 816.787669][T16707] RDX: 0000000000000000 RSI: 0000000000006f2a RDI: 0000000000000007 [ 816.787684][T16707] RBP: 00007f1a3ad4f090 R08: 0000000000000000 R09: 0000000000000000 [ 816.787700][T16707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 816.787715][T16707] R13: 0000000000000000 R14: 00007f1a3a1b6080 R15: 00007ffd26cd40d8 [ 816.787747][T16707] [ 816.788113][T16707] ERROR: Out of memory at tomoyo_realpath_from_path. [ 817.700860][T10843] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.034736][ T5864] Bluetooth: hci4: command tx timeout [ 818.107183][T10843] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.280176][T10843] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.567559][T10843] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.641429][T16693] chnl_net:caif_netlink_parms(): no params data found [ 819.054742][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.061117][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.404993][T16693] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.424106][T16693] bridge0: port 1(bridge_slave_0) entered disabled state [ 819.431942][T16693] bridge_slave_0: entered allmulticast mode [ 819.439936][T16693] bridge_slave_0: entered promiscuous mode [ 819.458293][T16693] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.492002][T16693] bridge0: port 2(bridge_slave_1) entered disabled state [ 819.740265][T16693] bridge_slave_1: entered allmulticast mode [ 819.839192][T16693] bridge_slave_1: entered promiscuous mode [ 819.989425][T16703] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 820.113973][ T5864] Bluetooth: hci4: command tx timeout [ 820.366118][T16693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 820.415822][T10843] bridge_slave_0: left allmulticast mode [ 820.436115][T10843] bridge_slave_0: left promiscuous mode [ 820.480493][T10843] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.041006][T16746] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 821.103564][T16769] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2390'. [ 822.003166][T16759] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 822.019072][T10843] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 822.071798][T10843] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 822.104536][T10843] bond0 (unregistering): Released all slaves [ 822.177373][T16693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 822.194233][ T5864] Bluetooth: hci4: command tx timeout [ 822.263891][T10843] HfR: left promiscuous mode [ 822.268282][ T30] audit: type=1804 audit(6048131799.254:18): pid=16790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2393" name="/newroot/sys/kernel/debug/tracing/current_tracer" dev="tracefs" ino=130 res=1 errno=0 [ 822.431966][T16693] team0: Port device team_slave_0 added [ 822.487803][T16693] team0: Port device team_slave_1 added [ 822.790506][T16693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 822.825595][T16693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 822.934664][T16693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 822.960655][T16693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 822.974329][T16693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 823.002366][T16693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 823.571995][T16693] hsr_slave_0: entered promiscuous mode [ 823.610381][T16693] hsr_slave_1: entered promiscuous mode [ 823.623109][T16693] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 823.634392][T16693] Cannot create hsr debugfs directory [ 824.273950][ T5864] Bluetooth: hci4: command tx timeout [ 824.949319][T16835] QAT: Device 0 not found [ 824.982929][T16837] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2400'. [ 825.184622][T10843] hsr_slave_0: left promiscuous mode [ 825.193762][T10843] hsr_slave_1: left promiscuous mode [ 825.202269][T10843] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 825.222613][T10843] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 825.241021][T10843] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 825.260751][T10843] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 825.398770][T16843] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2401'. [ 825.734975][T10843] team0 (unregistering): Port device team_slave_1 removed [ 825.773488][T10843] team0 (unregistering): Port device team_slave_0 removed [ 827.855700][T16693] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 827.928088][T16693] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 828.056212][T16693] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 828.110825][T16693] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 829.277414][T16693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 829.436769][T16693] 8021q: adding VLAN 0 to HW filter on device team0 [ 829.633213][ T6585] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.640503][ T6585] bridge0: port 1(bridge_slave_0) entered forwarding state [ 829.848376][ T6585] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.855681][ T6585] bridge0: port 2(bridge_slave_1) entered forwarding state [ 830.060767][T16906] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2410'. [ 830.686614][T16923] random: crng reseeded on system resumption [ 830.748310][T16924] zram: Added device: zram1 [ 830.753588][T16923] FAULT_INJECTION: forcing a failure. [ 830.753588][T16923] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 830.783183][T16923] CPU: 1 UID: 0 PID: 16923 Comm: syz.2.2413 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 830.783229][T16923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 830.783248][T16923] Call Trace: [ 830.783259][T16923] [ 830.783272][T16923] dump_stack_lvl+0x16c/0x1f0 [ 830.783313][T16923] should_fail_ex+0x512/0x640 [ 830.783356][T16923] should_fail_alloc_page+0xe7/0x130 [ 830.783400][T16923] prepare_alloc_pages+0x3c2/0x610 [ 830.783449][T16923] ? rcu_is_watching+0x12/0xc0 [ 830.783489][T16923] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 830.783538][T16923] ? stack_trace_save+0x8e/0xc0 [ 830.783578][T16923] ? __pfx_stack_trace_save+0x10/0x10 [ 830.783615][T16923] ? stack_depot_save_flags+0x28/0xa40 [ 830.783654][T16923] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 830.783696][T16923] ? kasan_save_stack+0x42/0x60 [ 830.783727][T16923] ? kasan_save_stack+0x33/0x60 [ 830.783765][T16923] ? do_dentry_open+0x744/0x1c10 [ 830.783795][T16923] ? vfs_open+0x82/0x3f0 [ 830.783838][T16923] ? path_openat+0x1de4/0x2cb0 [ 830.783866][T16923] ? do_filp_open+0x20b/0x470 [ 830.783893][T16923] ? do_sys_openat2+0x11b/0x1d0 [ 830.783934][T16923] ? __x64_sys_openat+0x174/0x210 [ 830.783987][T16923] ? do_syscall_64+0xcd/0x490 [ 830.784019][T16923] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.784056][T16923] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 830.784105][T16923] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 830.784158][T16923] ? policy_nodemask+0xea/0x4e0 [ 830.784201][T16923] alloc_pages_mpol+0x1fb/0x550 [ 830.784242][T16923] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 830.784295][T16923] alloc_pages_noprof+0x131/0x390 [ 830.784335][T16923] get_zeroed_page_noprof+0x18/0xb0 [ 830.784384][T16923] get_image_page+0x18/0x190 [ 830.784420][T16923] alloc_rtree_node+0x3c/0xb0 [ 830.784457][T16923] memory_bm_create+0x519/0x810 [ 830.784511][T16923] create_basic_memory_bitmaps+0xbd/0x320 [ 830.784559][T16923] snapshot_open+0x235/0x2b0 [ 830.784601][T16923] ? __pfx_snapshot_open+0x10/0x10 [ 830.784643][T16923] misc_open+0x35a/0x420 [ 830.784696][T16923] ? __pfx_misc_open+0x10/0x10 [ 830.784747][T16923] chrdev_open+0x231/0x6a0 [ 830.784782][T16923] ? __pfx_apparmor_file_open+0x10/0x10 [ 830.784836][T16923] ? __pfx_chrdev_open+0x10/0x10 [ 830.784876][T16923] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 830.784938][T16923] do_dentry_open+0x744/0x1c10 [ 830.784982][T16923] ? __pfx_chrdev_open+0x10/0x10 [ 830.785027][T16923] vfs_open+0x82/0x3f0 [ 830.785074][T16923] path_openat+0x1de4/0x2cb0 [ 830.785118][T16923] ? __pfx_path_openat+0x10/0x10 [ 830.785153][T16923] ? __lock_acquire+0xb8a/0x1c90 [ 830.785203][T16923] do_filp_open+0x20b/0x470 [ 830.785236][T16923] ? __pfx_do_filp_open+0x10/0x10 [ 830.785299][T16923] ? alloc_fd+0x471/0x7d0 [ 830.785364][T16923] do_sys_openat2+0x11b/0x1d0 [ 830.785408][T16923] ? __pfx_do_sys_openat2+0x10/0x10 [ 830.785470][T16923] __x64_sys_openat+0x174/0x210 [ 830.785518][T16923] ? __pfx___x64_sys_openat+0x10/0x10 [ 830.785580][T16923] do_syscall_64+0xcd/0x490 [ 830.785619][T16923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.785652][T16923] RIP: 0033:0x7f1a39f8e9a9 [ 830.785676][T16923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 830.785707][T16923] RSP: 002b:00007f1a3ad70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 830.785738][T16923] RAX: ffffffffffffffda RBX: 00007f1a3a1b5fa0 RCX: 00007f1a39f8e9a9 [ 830.785759][T16923] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 830.785781][T16923] RBP: 00007f1a3a010d69 R08: 0000000000000000 R09: 0000000000000000 [ 830.785800][T16923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 830.785818][T16923] R13: 0000000000000000 R14: 00007f1a3a1b5fa0 R15: 00007ffd26cd40d8 [ 830.785860][T16923] [ 831.485274][T16909] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 831.745855][T16693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 831.986486][T16693] veth0_vlan: entered promiscuous mode [ 832.022797][T16693] veth1_vlan: entered promiscuous mode [ 832.137389][T16693] veth0_macvtap: entered promiscuous mode [ 832.174731][T16693] veth1_macvtap: entered promiscuous mode [ 832.245968][T16693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 832.321914][T16693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 832.409978][T16693] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.434117][T16693] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.448312][T16693] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.474921][T16693] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.685748][ T8270] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 832.724125][ T8270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 832.943196][ T6584] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 832.971555][ T6584] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 834.451151][T16990] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2420'. [ 834.493344][T16990] veth0_macvtap: left promiscuous mode [ 836.270858][T17014] FAULT_INJECTION: forcing a failure. [ 836.270858][T17014] name failslab, interval 1, probability 0, space 0, times 0 [ 836.305072][T17014] CPU: 0 UID: 0 PID: 17014 Comm: syz.2.2427 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 836.305116][T17014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 836.305134][T17014] Call Trace: [ 836.305145][T17014] [ 836.305157][T17014] dump_stack_lvl+0x16c/0x1f0 [ 836.305195][T17014] should_fail_ex+0x512/0x640 [ 836.305228][T17014] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 836.305284][T17014] should_failslab+0xc2/0x120 [ 836.305321][T17014] __kmalloc_cache_noprof+0x6a/0x3e0 [ 836.305371][T17014] ? alloc_info_private+0xc4/0x1b0 [ 836.305416][T17014] alloc_info_private+0xc4/0x1b0 [ 836.305456][T17014] snd_info_text_entry_open+0xae/0x2a0 [ 836.305509][T17014] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 836.305550][T17014] ? trace_kmem_cache_alloc+0x28/0xc0 [ 836.305591][T17014] ? __pfx_apparmor_file_open+0x10/0x10 [ 836.305643][T17014] ? proc_reg_open+0x21d/0x610 [ 836.305676][T17014] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 836.305717][T17014] proc_reg_open+0x289/0x610 [ 836.305752][T17014] do_dentry_open+0x744/0x1c10 [ 836.305786][T17014] ? __pfx_proc_reg_open+0x10/0x10 [ 836.305826][T17014] vfs_open+0x82/0x3f0 [ 836.305873][T17014] path_openat+0x1de4/0x2cb0 [ 836.305920][T17014] ? __pfx_path_openat+0x10/0x10 [ 836.305954][T17014] ? __lock_acquire+0xb8a/0x1c90 [ 836.306006][T17014] do_filp_open+0x20b/0x470 [ 836.306041][T17014] ? __pfx_do_filp_open+0x10/0x10 [ 836.306104][T17014] ? alloc_fd+0x471/0x7d0 [ 836.306167][T17014] do_sys_openat2+0x11b/0x1d0 [ 836.306209][T17014] ? __pfx_do_sys_openat2+0x10/0x10 [ 836.306270][T17014] __x64_sys_openat+0x174/0x210 [ 836.306313][T17014] ? __pfx___x64_sys_openat+0x10/0x10 [ 836.306376][T17014] do_syscall_64+0xcd/0x490 [ 836.306413][T17014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.306446][T17014] RIP: 0033:0x7f1a39f8e9a9 [ 836.306479][T17014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 836.306512][T17014] RSP: 002b:00007f1a3ad70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 836.306542][T17014] RAX: ffffffffffffffda RBX: 00007f1a3a1b5fa0 RCX: 00007f1a39f8e9a9 [ 836.306562][T17014] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 836.306581][T17014] RBP: 00007f1a3a010d69 R08: 0000000000000000 R09: 0000000000000000 [ 836.306600][T17014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 836.306618][T17014] R13: 0000000000000000 R14: 00007f1a3a1b5fa0 R15: 00007ffd26cd40d8 [ 836.306659][T17014] [ 837.125876][T14579] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 837.144245][T14579] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 837.153609][T14579] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 837.162148][T14579] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 837.171490][T14579] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 837.348169][T14459] ------------[ cut here ]------------ [ 837.353712][T14459] ODEBUG: free active (active state 0) object: ffff88803485d318 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 837.376470][T14459] WARNING: CPU: 0 PID: 14459 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 837.386316][T14459] Modules linked in: [ 837.390255][T14459] CPU: 0 UID: 0 PID: 14459 Comm: syz.0.1935 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 837.400731][T14459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 837.411737][T14459] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 837.418274][T14459] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 6e 15 8c 4c 89 e6 48 c7 c7 40 63 15 8c e8 5f d4 9d fc 90 <0f> 0b 90 90 58 83 05 16 b2 cc 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 837.437988][T14459] RSP: 0018:ffffc90018d37768 EFLAGS: 00010286 [ 837.444809][T14459] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817ab108 [ 837.452798][T14459] RDX: ffff8880793b9e00 RSI: ffffffff817ab115 RDI: 0000000000000001 [ 837.461091][T14459] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 837.469144][T14459] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c1569e0 [ 837.478611][T14459] R13: ffffffff8baff000 R14: ffffffff8a8df9a0 R15: ffffc90018d37868 [ 837.486972][T14459] FS: 0000000000000000(0000) GS:ffff88812472d000(0000) knlGS:0000000000000000 [ 837.496033][T14459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 837.502637][T14459] CR2: 00007fe85fd88b1c CR3: 000000002370e000 CR4: 00000000003526f0 [ 837.511843][T14459] Call Trace: [ 837.516699][T14459] [ 837.519656][T14459] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 837.525204][T14459] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 837.531114][T14459] debug_check_no_obj_freed+0x4b7/0x600 [ 837.536747][T14459] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 837.542841][T14459] ? rcu_is_watching+0x12/0xc0 [ 837.547658][T14459] ? kmem_cache_free+0x2d1/0x4d0 [ 837.552621][T14459] kfree+0x28f/0x4d0 [ 837.556573][T14459] ? hci_release_dev+0x4d8/0x600 [ 837.561550][T14459] hci_release_dev+0x4d8/0x600 [ 837.566373][T14459] ? __pfx_hci_release_dev+0x10/0x10 [ 837.571693][T14459] ? rcu_is_watching+0x12/0xc0 [ 837.576510][T14459] ? kfree+0x24f/0x4d0 [ 837.580615][T14459] bt_host_release+0x6a/0xb0 [ 837.585303][T14459] ? __pfx_bt_host_release+0x10/0x10 [ 837.590607][T14459] device_release+0xa4/0x240 [ 837.595283][T14459] kobject_put+0x1e7/0x5a0 [ 837.599784][T14459] ? __pfx_vhci_release+0x10/0x10 [ 837.604896][T14459] put_device+0x1f/0x30 [ 837.609115][T14459] vhci_release+0x81/0xf0 [ 837.614637][T14459] __fput+0x402/0xb70 [ 837.618719][T14459] task_work_run+0x150/0x240 [ 837.624279][T14459] ? __pfx_task_work_run+0x10/0x10 [ 837.629492][T14459] do_exit+0x86c/0x2bd0 [ 837.633821][T14459] ? __pfx_do_exit+0x10/0x10 [ 837.638943][T14459] ? do_raw_spin_lock+0x12c/0x2b0 [ 837.644293][T14459] ? find_held_lock+0x2b/0x80 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 837.649039][T14459] do_group_exit+0xd3/0x2a0 [ 837.653621][T14459] get_signal+0x2673/0x26d0 [ 837.658716][T14459] ? __pfx_get_signal+0x10/0x10 [ 837.663630][T14459] ? do_futex+0x122/0x350 [ 837.668068][T14459] ? __pfx_do_futex+0x10/0x10 [ 837.672790][T14459] arch_do_signal_or_restart+0x8f/0x790 [ 837.678409][T14459] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 837.684670][T14459] exit_to_user_mode_loop+0x84/0x110 [ 837.690008][T14459] do_syscall_64+0x3f6/0x490 [ 837.694658][T14459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.700572][T14459] RIP: 0033:0x7fdc2bf8e9a9 [ 837.705112][T14459] Code: Unable to access opcode bytes at 0x7fdc2bf8e97f. [ 837.712136][T14459] RSP: 002b:00007fdc2cec20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 837.721370][T14459] RAX: fffffffffffffe00 RBX: 00007fdc2c1b5fa8 RCX: 00007fdc2bf8e9a9 [ 837.730020][T14459] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdc2c1b5fa8 [ 837.738050][T14459] RBP: 00007fdc2c1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 837.746070][T14459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdc2c1b5fac [ 837.754104][T14459] R13: 0000000000000000 R14: 00007fff4f9c9af0 R15: 00007fff4f9c9bd8 [ 837.762103][T14459] [ 837.765174][T14459] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 837.772466][T14459] CPU: 0 UID: 0 PID: 14459 Comm: syz.0.1935 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 837.782809][T14459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 837.792964][T14459] Call Trace: [ 837.796251][T14459] [ 837.799192][T14459] dump_stack_lvl+0x3d/0x1f0 [ 837.803814][T14459] panic+0x71c/0x800 [ 837.807756][T14459] ? __pfx_panic+0x10/0x10 [ 837.812202][T14459] ? show_trace_log_lvl+0x29b/0x3e0 [ 837.817436][T14459] ? check_panic_on_warn+0x1f/0xb0 [ 837.822576][T14459] ? debug_print_object+0x1a2/0x2b0 [ 837.827807][T14459] check_panic_on_warn+0xab/0xb0 [ 837.832776][T14459] __warn+0xf6/0x3c0 [ 837.836700][T14459] ? debug_print_object+0x1a2/0x2b0 [ 837.841920][T14459] report_bug+0x3c3/0x580 [ 837.846276][T14459] ? debug_print_object+0x1a2/0x2b0 [ 837.851502][T14459] handle_bug+0x184/0x210 [ 837.855852][T14459] exc_invalid_op+0x17/0x50 [ 837.860380][T14459] asm_exc_invalid_op+0x1a/0x20 [ 837.865262][T14459] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 837.871093][T14459] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 6e 15 8c 4c 89 e6 48 c7 c7 40 63 15 8c e8 5f d4 9d fc 90 <0f> 0b 90 90 58 83 05 16 b2 cc 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 837.890725][T14459] RSP: 0018:ffffc90018d37768 EFLAGS: 00010286 [ 837.896815][T14459] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817ab108 [ 837.904803][T14459] RDX: ffff8880793b9e00 RSI: ffffffff817ab115 RDI: 0000000000000001 [ 837.912787][T14459] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 837.920774][T14459] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c1569e0 [ 837.928760][T14459] R13: ffffffff8baff000 R14: ffffffff8a8df9a0 R15: ffffc90018d37868 [ 837.936766][T14459] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 837.942264][T14459] ? __warn_printk+0x198/0x350 [ 837.947055][T14459] ? __warn_printk+0x1a5/0x350 [ 837.951847][T14459] ? debug_print_object+0x1a1/0x2b0 [ 837.957066][T14459] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 837.962552][T14459] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 837.968568][T14459] debug_check_no_obj_freed+0x4b7/0x600 [ 837.974171][T14459] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 837.980284][T14459] ? rcu_is_watching+0x12/0xc0 [ 837.985074][T14459] ? kmem_cache_free+0x2d1/0x4d0 [ 837.990030][T14459] kfree+0x28f/0x4d0 [ 837.993955][T14459] ? hci_release_dev+0x4d8/0x600 [ 837.998927][T14459] hci_release_dev+0x4d8/0x600 [ 838.003723][T14459] ? __pfx_hci_release_dev+0x10/0x10 [ 838.009128][T14459] ? rcu_is_watching+0x12/0xc0 [ 838.013913][T14459] ? kfree+0x24f/0x4d0 [ 838.018111][T14459] bt_host_release+0x6a/0xb0 [ 838.022734][T14459] ? __pfx_bt_host_release+0x10/0x10 [ 838.028048][T14459] device_release+0xa4/0x240 [ 838.032676][T14459] kobject_put+0x1e7/0x5a0 [ 838.037121][T14459] ? __pfx_vhci_release+0x10/0x10 [ 838.042184][T14459] put_device+0x1f/0x30 [ 838.046368][T14459] vhci_release+0x81/0xf0 [ 838.050716][T14459] __fput+0x402/0xb70 [ 838.054727][T14459] task_work_run+0x150/0x240 [ 838.059361][T14459] ? __pfx_task_work_run+0x10/0x10 [ 838.064514][T14459] do_exit+0x86c/0x2bd0 [ 838.068704][T14459] ? __pfx_do_exit+0x10/0x10 [ 838.073329][T14459] ? do_raw_spin_lock+0x12c/0x2b0 [ 838.078391][T14459] ? find_held_lock+0x2b/0x80 [ 838.083090][T14459] do_group_exit+0xd3/0x2a0 [ 838.087627][T14459] get_signal+0x2673/0x26d0 [ 838.092161][T14459] ? __pfx_get_signal+0x10/0x10 [ 838.097032][T14459] ? do_futex+0x122/0x350 [ 838.101389][T14459] ? __pfx_do_futex+0x10/0x10 [ 838.106091][T14459] arch_do_signal_or_restart+0x8f/0x790 [ 838.111665][T14459] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 838.117858][T14459] exit_to_user_mode_loop+0x84/0x110 [ 838.123182][T14459] do_syscall_64+0x3f6/0x490 [ 838.127792][T14459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.133698][T14459] RIP: 0033:0x7fdc2bf8e9a9 [ 838.138128][T14459] Code: Unable to access opcode bytes at 0x7fdc2bf8e97f. [ 838.145154][T14459] RSP: 002b:00007fdc2cec20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 838.153586][T14459] RAX: fffffffffffffe00 RBX: 00007fdc2c1b5fa8 RCX: 00007fdc2bf8e9a9 [ 838.161568][T14459] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdc2c1b5fa8 [ 838.169635][T14459] RBP: 00007fdc2c1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 838.177622][T14459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdc2c1b5fac [ 838.185604][T14459] R13: 0000000000000000 R14: 00007fff4f9c9af0 R15: 00007fff4f9c9bd8 [ 838.193605][T14459] [ 838.196964][T14459] Kernel Offset: disabled [ 838.201399][T14459] Rebooting in 86400 seconds..