last executing test programs: 4m34.681921057s ago: executing program 1 (id=612): madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x0, 0x52, 0x0, &(0x7f0000000300)=0x5) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000740)=ANY=[@ANYBLOB="095c9ae9e003000083d8e22c681914cba3730448f16f1355afee6615001b41d6ff592cec4179455fb1d13a723b71eda420eec05b6f14d80f1f3e0e355796d6f200b13da4169f2ca6ae544e2d35cbbc6b0085820f876a7f2bc20b2fe5627e182223fabaa6a2eba994ed259396624f9e495ed44c80865704bbb17ea5b3b58210d8c4f64ab55da0b57f098cf12b9df42523e2", @ANYRES16=r3, @ANYBLOB="01002bbd7008fcdbdf2506000000cc0301807a0001002b02cb348f1b3b1b45aefb7a3a7cf8cd112f0f9d484277432c640a3cce76984ef9d4b56291a0233d83ffbaf0ca9bc8dfac1df710d92fce2a4327bfe140222e9bf86f3be6375c09f60b8ce30b1621f11abeef4fac55010583f1d401daf84d2da8e94c950231d6b8fc94f2cc228531d9c570cc0760b9fb000007000200402a0000100002002f6465762f6e756c6c6230001a000100a19ab74e6c615b0107d5a1aa0e533d6d645fe5f8e7660000e7000100f60338afd1346bea96e1ad56be35629048b58c6c7f919f5d2b2b5da266bacf286ea257ef04dfd38f4406749f58fbf8f5cbba9d931ee781279f9fde47440a8f2e07a085b4ce8841a24951eccb6d7e7f5831273860b76d84cf399048efa8971adf376aab401970ebbd0abdb921b11b3dadc23d58c1422dbd37ba7614ff68b6c1a8797c011ab8011a69018290adb2e051ac00342114e91f1cd96513d2d98e0a6cd7e308cf1ded582274fd4f109e5a55c39469f03c81a373f4f2d7d6b929cc7a92db96f8e1a3b85a712d0e4a378d0b350d8ff57d23bfbb174ec625ea7fda2f8d1231f1402900ba000100023524991f3f1b92bbf0e65b586fc76195dee0276424906deef62d4a54188ba2b3c39dfecb6231da5a07daf77eaeeec96448e75b5725c104ac15b131d2131ba7a7ce1453246595175a4ef27638125182ebc8e5f7937f4605651559f5efc24a072ea36fa96f170e01235391aa94f6457ea4999342810a500439adb471e76f7fd36826b1d5337380a43de2fc9bbb52c973c7f0f0543a26c7df69f2077175485bdeb5fb31b0fc0ad7a60b9d06fbed997fff1ed4825e89f70000ba00010003ff35afcf1219f712ed02f56d8910974eb4a95a45c53ba1268952b0a50b81309eed2f6fcfa4cb58dc18da1e0d3b0d07c2973fa3a7983161c1979f2f19baa6be76071962edc92bf7279deb60bf6b6cccc4cb915fe59e2d93d50677779cb1fb733f6385e952b09dd0761079917272e8014b2e10d8cf5bacea93cd940892579bcdc4a1331fa32ab8b362b8dfbc012a7a49b9bebffc8a3c4c77cda691331a70f08c2e867fb2ddedcfbb993e8e9943d37ab8dbe7a9b006270000150001003ad325c5167e8d272cfa57c8a4115306900000009e000100ab310b8c6ca55be122fb2de7db6f4a97cfe76648eb4d2ff1817dfc11eef39de8fbbcfc3f3c402b11772bc06c8f3c90e3d1ebe94101dee128d164b13b8b3bd339c5f7bebab112f2246ca1ada281830cbf6714677757ded34c9008674eaeeed6a8a584cf0c821a8591561f27f40f212c98c234544b11b36e98d4512ea3c5da4f6c2c34c6583664ff80f430dd58c5ef39c9e06f84f982576a6f67b40000"], 0x3e0}, 0x1, 0x0, 0x0, 0xc000}, 0x4005) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x8001, 0x0, 0x0, 0x0, 0x0) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x3, 0xbef, 0x9, 0x8000000000000011, r4, 0x755c913d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_clone(0x2419d6159e7d4f8a, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x1d, 0x3, 0x1) r7 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r8}, 0x6a) write$auto(r6, &(0x7f00000002c0)='@*\x00', 0xf) sendfile$auto(r5, r2, 0x0, 0x8) sendfile$auto(0x1, r5, 0x0, 0x7ffff000) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRESDEC, @ANYRES32], 0x1ac}}, 0x810) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0xf240, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x50}, 0x80000}, 0x10c, 0x8, 0x0) 4m31.887107992s ago: executing program 1 (id=620): r0 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/setgroups\x00', 0x28001, 0x0) mmap$auto(0x0, 0x40009, 0x20000000df, 0x9b72, 0x7, 0x28000) r1 = socket(0x1d, 0x3, 0x1) mmap$auto(0x0, 0x7, 0x0, 0x9b72, r1, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r0, 0x0, 0x4000018) getdents64$auto(0x0, 0x0, 0x41) getsockopt$auto(r1, 0x65, 0x4, 0xffffffffffffffff, 0x0) mmap$auto(0x9, 0x20009, 0x9, 0xeb1, 0xd4, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x2, 0x0) move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2) socket(0x1d, 0x2, 0x6) socketpair$auto(0x8, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) 4m31.482384195s ago: executing program 1 (id=621): pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\re\x1cJ\x99\xfc\x00/\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) 4m31.299711451s ago: executing program 1 (id=622): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/inode_readahead_blks\x00', 0xe0801, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/tty/ttyd0/power/runtime_suspended_time\x00', 0x42100, 0x0) read$auto(r1, 0x0, 0x20) write$auto(0x3, 0x0, 0xfdef) sendfile$auto(r0, r0, 0x0, 0x7fffe000) 4m31.040808996s ago: executing program 1 (id=624): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x80000000, 0xf, &(0x7f0000000040)='+\xe0^!#h{\x00', 0x3) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/orangefs/stats/reads\x00', 0x2002, 0x0) write$auto(r0, &(0x7f0000000100)='\x15!\xa8^J/\xddCx4\xa1\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x9e\x14\xe4\xa5\xfe\xb5', 0x5) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mlock$auto(0x200000000112, 0x80006) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r1, 0x5425, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, 0x0, 0x1fe, 0xc) mount$auto(&(0x7f0000000000)='bond_slave_0\x00', 0x0, &(0x7f0000000080)='-/}@\x00', 0xc2, &(0x7f0000000380)="d006787a7ba4498a2204b636acce3792d8698168d5a76889280650b335121c2185a83d496e3a722f7a57cbb53f09c22869663055b54b1b558a9a82511c") syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) getegid() mmap$auto(0x0, 0x20009, 0xdc, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x1, 0x8002, 0x1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) shmctl$auto_IPC_RMID(0x8, 0x0, 0x0) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0x4000c, 0x9, 0xffffffff, 0xffffffffffffffff, 0x15f4da0a, 0x8000004, 0x80000000, 0x400, 0x80000001, 0xb, 0x6d3f, 0x7, 0xffffffffffff0a01, 0xfffffffffffffffe]}, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) mmap$auto(0x1, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x1000, 0x4000000, 0x0) write$auto(0x3, 0x0, 0xfdef) 4m28.733658788s ago: executing program 1 (id=630): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/031/001\x00', 0x508a83, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/031/001\x00', 0x508a83, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) (async) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22040, 0x75) (async) open(0x0, 0x22040, 0x75) socket(0x10, 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x101040, 0x0) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x101040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe2400, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x1, 0x84) (async) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x8b1) (async) getsockopt$auto(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x8b1) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/arch_status\x00', 0x8203, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x8910, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x42, 0x0) sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x7}, 0x1a}, 0x3, 0x6) write$auto(r2, &(0x7f0000000100)='\r\xc2;\xdb\xef\x99.\xb9\xff\x81\x0f/\xe7audio1@&t\x95c,', 0xa3d9) (async) write$auto(r2, &(0x7f0000000100)='\r\xc2;\xdb\xef\x99.\xb9\xff\x81\x0f/\xe7audio1@&t\x95c,', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) (async) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/mb_group_prealloc\x00', 0x8001, 0x0) write$auto(r2, 0x0, 0xbb0) mmap$auto(0x0, 0x4000000001, 0x4000000000df, 0x40eb1, 0x402, 0x300000000000) madvise$auto(0x0, 0x5, 0x7cb2) 4m13.62992341s ago: executing program 32 (id=630): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/031/001\x00', 0x508a83, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/031/001\x00', 0x508a83, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) (async) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22040, 0x75) (async) open(0x0, 0x22040, 0x75) socket(0x10, 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x101040, 0x0) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x101040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe2400, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x1, 0x84) (async) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x8b1) (async) getsockopt$auto(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x8b1) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/arch_status\x00', 0x8203, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x8910, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x42, 0x0) sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x7}, 0x1a}, 0x3, 0x6) write$auto(r2, &(0x7f0000000100)='\r\xc2;\xdb\xef\x99.\xb9\xff\x81\x0f/\xe7audio1@&t\x95c,', 0xa3d9) (async) write$auto(r2, &(0x7f0000000100)='\r\xc2;\xdb\xef\x99.\xb9\xff\x81\x0f/\xe7audio1@&t\x95c,', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) (async) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/mb_group_prealloc\x00', 0x8001, 0x0) write$auto(r2, 0x0, 0xbb0) mmap$auto(0x0, 0x4000000001, 0x4000000000df, 0x40eb1, 0x402, 0x300000000000) madvise$auto(0x0, 0x5, 0x7cb2) 7.363556252s ago: executing program 3 (id=1521): socket(0x1a, 0x5, 0x6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/ksm_zero_pages\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/27, 0x1b) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x4, 0x0) mmap$auto(0x6, 0x20009, 0x1, 0xeb1, 0x401, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlockall$auto(0x800000000000005) 7.223350558s ago: executing program 0 (id=1522): r0 = bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_4={0x800000000012, 0x4, 0x80000001, 0x8}, 0x6f4) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) (async) madvise$auto(0x0, 0xffffffffffff0006, 0x17) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) (async) bind$auto(0x3, 0x0, 0x6a) (async) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) (async) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) read$auto_show_traces_fops_trace(r0, &(0x7f00000001c0)=""/174, 0xae) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x401, 0x5, 0x8000000000000000, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0xb2]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x2, 0x0) unshare$auto(0x40000080) (async) socket(0xa, 0xa, 0x100) (async) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x60d80, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, 0x0) (async) socket(0xa, 0x3, 0x3b) 6.702290412s ago: executing program 2 (id=1525): connect$auto(0x3, 0x0, 0xf) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027617c36720add70ab0343990f7d0bbc96dc0b"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) read$auto(r0, &(0x7f0000000040)='\x00', 0x10001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) 6.419834802s ago: executing program 4 (id=1526): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x80000000, 0xf, &(0x7f0000000040)='+\xe0^!#h{\x00', 0x3) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/orangefs/stats/reads\x00', 0x2002, 0x0) write$auto(r3, &(0x7f0000000440)='\x1e\x1b\xc3 \xe2\xa8\xd6\xfd\xdb\xda\xba~\xf5\xd6QcC\x00\x13\xac7;\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xbcn\xa0c\x16~\x86\"t\x9e\x14\xe4\xa5\xfe\xb5\x00\x00\x00\x00\x00{\xb2\x16\x1e\x8d\x8de\xeb1\xf4\xb6\xbd\xa2\xec\xcb+\x98X\xdd\xac\xa3\x13\x1cu\xff\xd03\xe9\xed\xee\xc6\xc9\n\xcd\xda\xcc\xb7\xe0\xc6S\xc5m\xe5y1j\xa9\x13\v\xd2\x9cu\xf5b\xd8\xcf\x82\xce\x97K\xee \xd2\x82\xf0\x9c Y7\x98\xc0;`\x0ea\xaf\x97\xc6\x13\xe7\xfb4:\xafw\xdf\x03\xb5\x01\xa3\xf0d\xdb\xe2g\x8c\xb7\xc3\x86\xb2\xa9\x1a\xdcY$\xe0\x1e\x974<\x93<\xce\xd2d\x18\xd6\xa5\xceO\xb9k9\xcf\t\x1d\xd1nU\b\xf0\x84=s\xa2\xa6\xe1<\xd9\xe4\x9c\xb09i\xc2\xcc\x1f\xf7|\xf9\xc1\xf7\xd1\x19IcE\x06:\x177\x9a\x14\x14q@xc\xf3\vv\xfe\x9c\xa6\x88a\xb1\vv\x9cBn\x86\xbc\x86\xc3\xac\xd0u\xf14\x98=|\xda\xcf\xe9\x03z\xbdi\xdcM@\x1d\xb1\x7f\"s\xc8\x93\x1a\xa4\x1e\xf0\xb4 2\xbb$q\xc0\xef\x8b%\n\xe3\xc5', 0x1) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f0000000300)={{@raw=0x4, 0x4, 0xf8, 0x5, "a401d243991a4de376cc2bd4dbe3e10d3cff152230323227f8d6c24be7ceeed84366bbadec1b7ea40209a468", @raw}, 0x1ea, 0x3, 0x1, @raw=0x8f10, @reserved="1f21b2aa03e626d5da400a9e13f017f54c625fbe785ff8a079f5f335840ca5ee5c72d7c5dd9684cc9ec3d4551843651db67be7a66dc7420e0baebb7eb8a880fe494bb541abf1fad77749d5d4e58490133df980172cacbfd9fe2e372ddc298dcd9e9b59e603a8f2cd3f3500e3850bf32ab968e7afd0388afaa3712b60835ab268", "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ed519d3613ea5b4243440fc9595b760cee784decb284ff015aa97d8f86dd61fd4f929"}) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) 5.551868132s ago: executing program 3 (id=1527): socket(0x10, 0x4, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/dfscache\x00', 0x101a41, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x28401, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x9, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x10000000000002d, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) sendto$auto(r1, 0x0, 0x8, 0x0, &(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x22) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x1, 0x400000000f54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x2, 0x8, 0x0) socket(0x1d, 0x4, 0x47a0fe77) socket(0x1d, 0x2, 0x7) r2 = prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x40000000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x101802, 0x0) prctl$auto(0x101, 0x8, 0x0, 0x40, 0x7) mmap$auto(0x2, 0x202000a, 0x1, 0xeb1, r2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r3 = socket(0x2, 0x2, 0x0) setsockopt$auto_SO_BUSY_POLL(r3, 0x5, 0x2e, &(0x7f0000000000)='/dev/sequencer\x00', 0x6) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x820000, 0x0) ioctl$auto_EVIOCGKEYCODE_V2(r4, 0x80284504, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 5.247341884s ago: executing program 2 (id=1528): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) madvise$auto(0xf2ff, 0xffffffffffff0005, 0x19) 4.930213584s ago: executing program 3 (id=1529): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/scheduler\x00', 0x0, 0x0) read$auto(r0, &(0x7f00000000c0)='%\x00', 0x1) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x288400, 0x0) 4.420216466s ago: executing program 3 (id=1530): close_range$auto(0x2, 0x8, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x200, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x101001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptyp2\x00', 0x2200, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/memory.kmem.tcp.limit_in_bytes\x00', 0xc2481, 0x0) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_score_adj\x00', 0xc0401, 0x0) socket(0x2, 0x5, 0x0) socketpair$auto(0x3, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x53) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets\x00', 0xc3280, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/76, 0x4c) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, 0x0, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) 4.308548299s ago: executing program 4 (id=1531): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/ip_vs_app\x00', 0x101000, 0x0) pread64$auto(r0, 0x0, 0x10a, 0x80000ffff) r1 = socket(0x27, 0x5, 0x6) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) socket(0x18, 0x1, 0x1) recvmmsg$auto(0x3, 0x0, 0x3, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'nicvf0\x00'}) write$auto(0xca, &(0x7f0000000140)='\x04\x14\xa8\x1bk|d\v\x00\x00@\x00\x81\x00\x12\x00\xf6\xf5\x00\xdf\xff\x00', 0x13) 4.274641182s ago: executing program 2 (id=1532): r0 = open(&(0x7f0000000800)='./file0\x00', 0x2a340, 0x74) r1 = fcntl$auto(r0, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x11, 0x80003, 0x300) read$auto_mon_fops_binary_mon_bin(r1, &(0x7f0000000840)=""/4096, 0x1000) setsockopt$auto(r2, 0x107, 0x1, 0x0, 0x8004) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) sendmsg$auto_NL80211_CMD_PROBE_CLIENT(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x254, r4, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x7}, @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x9}, @NL80211_ATTR_SCAN_SUPP_RATES={0x222, 0x7d, 0x0, 0x1, [@generic="40e34e3db3886a90c95690e8106312d0df4bd3c5866c9b1ccb237234011c04711b20cd5e173fd43f4d3c89f8b1234388de81daba9e2b896640bc446750c0614ee2b12fb778c312f26ee1fb8c7a52c07a54f461a39e9402607e7742bde0adbb64e5f5b7de0122093e0694a105917f6a3decbe2b369dbf0cd8abed27847df878e211077610d9b8e5ea9b7f05492f71e54d3336ec50f91aa9227379b1d07d8473d00c32a19177eace5a5ab54153f1a0377ec012e0fe442a2d2126ca2b42eaaa5a6755ac15", @generic="237e3aa99ed99a895aeea15662062d00a7376939e0f1fbfff9fff720cb4261e262559c75b10b74ffc1e71581c2a64b8e73276b77520029f693f6ef30a9ac024dcef23e4fa786289fe8cdd0407003f1d9f423055955b2d9572288678af71146e6dd899fc13537375eaceb24f7bfea8064218d7b", @nested={0xe5, 0xbe, 0x0, 0x1, [@generic="ea31b3712d494a0334931b6200d5038326d07bef932444413fa7f30e3462be099c370aacde21d03d8868b803e432dda8c66f0b9262f25ed73876ed7c6aa68fb03954a34eb68fa7935c8154c4e17e5fee55ed94e06a8c160df7b6c301997a6d079e1a5245da0a98089fc1442c9ebab8f91d28f3f41aa6cf9332a95bd7cf07a3ca133ccdc7195d694ba70c39bdbd4a959d1151bec4ab08c02eb3b71b4724a9b4b72ab8b5a0f5bb468c7c6b0df3b87fd72c6898bb24832cac8b8a8accba023ec4cc2effb6a5acf188c0d4b19163086ac62aa77ee4b4685dcd57c4b51f2221", @nested={0x4, 0x13d}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x480}, 0x40000) getegid() read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f0000000180)=""/250, 0xfa) 4.051980468s ago: executing program 0 (id=1533): mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) socket(0x2, 0x3, 0xa) ioctl$auto_BLKTRACESTOP2(0xffffffffffffffff, 0x1275, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) r1 = setfsuid$auto(0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x11, 0x3, 0x2) getsockopt$auto(r2, 0x107, 0x1, 0x0, 0x0) setuid$auto(r1) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x84000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendto$auto(0xffffffffffffffff, 0x0, 0xfffffffffffffdec, 0x8, 0x0, 0x20) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x18b202, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc00, 0x2c, 0x20, 0x3, 0x2}) 3.768356058s ago: executing program 4 (id=1534): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfs4.idtoname/content\x00', 0x181b80, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop7/queue/io_poll_delay\x00', 0x200, 0x0) read$auto(r1, 0x0, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpu0/power/pm_qos_resume_latency_us\x00', 0x48a22, 0x0) write$auto(r2, 0x0, 0x8) read$auto(r0, &(0x7f0000000440)='2\x06J Nwe0\xbd\"\x8f\xe5h_b\xde\x19\xa5\x0e\xfa\xe0\xcb\xb7\xaceW\x1a\x1f\xae\xd8\xfe\x01Y\xd6\xba\xde3\xc7\xf8\x91\xda\xf6_%\xf30\xdc\x97<\xf3A\xa7\xb4\x8dj\xbd\x02\xb1}{e\xf64\xecC\x83,\xecp7j\xf8<\xc8x\xd4\xb0\x1d\b\xb08\x01\x9e\x9et\x8aa\xe1\re\xcf\x8e\x02\xeeW\xf0z\vk\x02_\xdb\x15f8>;zM\xa95\x16\xe9l\xf5\xaa\xaa\x03\x18p\x0e\xde$\xc3\xa9\xac\xc7\x98\x05<\xef\xcd@z\fx}F\x93\xe1\xbd\xb3s\x80\xc1e\xe9T1\xbf\xc8_^\a\x03\xad\ni\n~-u)\x88\x97\xed\xa7\x9b\x0f\xef\x99\x13\xdc<\xd1{\br\xd6[\xd3\xa9-(KH\b\xdfJ\xdek\xef\xc9\xd7\n\x83m\x86\xf2\a\x8d\x19\xe0\\\xf0lg?\x98\xc8\x8e\xbd2?C\xa5\x8a\xe3\xc6\xd7\x00\x14n\xb8<\xab\x96\x8d\xa1\xf4\x87\xe5\a:z\xea\xcc\xa1\x8d\xae8\x12\xa6\xb9\xd99\xaa\xc5\x10\xad\xdd\x89\xddC\xf5\xd2Q\x92\xcd\xcc\x9f\x1a\xdbR\xeeL:\x87\xb3\xb0\x84\x1bR\xf2\xe2/\xa3\x0e\x90\x98\x8c\xc0\xa4\xda+U\b\x88\xa7\x88\x1fC\xbb\xa8\xce\x0f\xd5\xdew\x99\x18G.s\x16\xfa\xf2\x96|\x1e]\xe5\xf8\xb1\x8b.}\x841\xd8\x98\xd8f86h\xab\x94\x7f\xc4<\x03\xdd\x86=\xb6\x1e@\xab6\x81\xce\xaa\xcf\xfd\x947\xc3\x86\xfe\xb7O\xd9\xa9\xb6[\xcc\xd8\xe1\xa9\x84[\xe0\xd4\x03\x90@\x03\xbe\xba\xee\xed\xe9\xb1\xd2\xf1\x8cgn\xb7m/\xf1\"\xc2\xeb\x1d\x04\xf3\xf1\x96\xf2\x00C\xf0wg\xd6\x11\x18\xb5o\x9d\xd7`\xce\x81\x9b1b\x8ce\x99*\xa3\xd2\x8dAw\xd9\xa6l\\\x17\xbb\xf6\xe2\xa2<\n\xc0\f:\x97\xff\xc6y\x05<\xa6\x81\xd92\xc9\x9e\f[\xf9\xfc\xf1ih\"J\x92\xd2\xd4\xc2\xe8\x89 \x81\xbf8C\xa9\x1at\xa1\xdc\x94\xc5\xc8K\xbb\x14h\xa9)\xaa\xf2\xda\xaf\xb1\rs\xe6\x97\x1e\xcc6\x94\xff\x1b\x8e\x98\xf7\xa0', 0x67b) 3.355452502s ago: executing program 0 (id=1535): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x4, 0x2000000000000009, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2a543fd, 0x0, 0x0, 0x0, 0x0, 0x100000000]}, 0x1fe, 0x81) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c45d446", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000600060009000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a0005000180c200000e00000a0001000000000000000000080004001400000008000300050000000a00"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (fail_nth: 7) 3.290661842s ago: executing program 3 (id=1536): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb3/threaded\x00', 0x8a801, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/driver/nvram\x00', 0x40000, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x1, 0x84) r1 = socket(0x10, 0x2, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/pcmC1D0p\x00', 0x40102, 0x0) r2 = socket(0x10, 0x2, 0xc) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}}, 0x10044010) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x0, 0xa, 0x2, 0x9, 0x3, 0x9, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0xc, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xadd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x72, 0x0, 0x0, 0xff]}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="72010000092dc6f434f41dbe9a468ca450846cdd3612b311a29854cee2b775ea487ba72ad47436008c68de43cbcc75a22ac1e71f2fa9dc19c8b9c216d0c98854859aca82a7182feb4829df6bbf7f8b3d6f0fc91e6937551898181fd9c00980b1d47593659897f194123febc2f80b83b077efaacf8a19866427ef69d080c105e849365154538a30b5d64ce01b0c6bfd05a2ab71fe5fe29286fbba4fa5002a9e91a2ba39a790edf7495b", @ANYRES16=r4], 0x1ac}, 0x1, 0x0, 0x0, 0x8}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x6}, 0x3, 0x0) r5 = prctl$auto_PR_SYS_DISPATCH_ON(0x5, 0x1, 0x0, 0x0, 0x0) read$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(r5, &(0x7f0000000380)=""/100, 0x64) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/snmp\x00', 0x60980, 0x0) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x8080, 0x0) clone$auto(0x2, 0x81, 0x0, 0x0, 0x3) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000140), 0x40080, 0x0) r6 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r6, &(0x7f00000010c0)=""/4082, 0xff2) 3.269424394s ago: executing program 4 (id=1537): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop6\x00', 0x0, 0x0) mmap$auto(0x0, 0x580f, 0x1000000000001, 0x8000000008011, 0x3, 0x0) (fail_nth: 6) 3.059883663s ago: executing program 2 (id=1538): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b31, 0xffffffffffffffff) (fail_nth: 1) 2.307820035s ago: executing program 0 (id=1539): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x800001e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x40000006, 0x0) mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0xc081, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cmdline\x00', 0x2080, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/acpi/interrupts/gpe02\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/neigh/veth0/interval_probe_time_ms\x00', 0x62242, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x33, 0x3, 0xa) r2 = openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000640), 0x200a01, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xf, "354a44f2369f53ec0033ea48efd9"}, 0x55) write$auto(r2, 0x0, 0x5b0) r3 = prctl$auto(0x7, 0x5, 0x0, 0x7b, 0x0) close_range$auto(r0, r3, 0x7) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) 1.921377004s ago: executing program 4 (id=1540): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000040), 0x80200, 0x0) ioctl$auto_IMADDTIMER(r3, 0x80044940, &(0x7f0000000000)=0x100004) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r2, 0x8, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0x10) sendmsg$auto_ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40200880}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xac, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKSTATE_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @ETHTOOL_A_LINKSTATE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3ff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x40001}, 0x40444) r5 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) pread64$auto(r5, 0x0, 0x9b3, 0x40000010100) setdomainname$auto(0x0, 0x10000) 1.800989966s ago: executing program 3 (id=1541): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x80000000, 0xf, &(0x7f0000000040)='+\xe0^!#h{\x00', 0x3) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/orangefs/stats/reads\x00', 0x2002, 0x0) write$auto(r3, &(0x7f0000000440)='\x1e\x1b\xc3 \xe2\xa8\xd6\xfd\xdb\xda\xba~\xf5\xd6QcC\x00\x13\xac7;\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xbcn\xa0c\x16~\x86\"t\x9e\x14\xe4\xa5\xfe\xb5\x00\x00\x00\x00\x00{\xb2\x16\x1e\x8d\x8de\xeb1\xf4\xb6\xbd\xa2\xec\xcb+\x98X\xdd\xac\xa3\x13\x1cu\xff\xd03\xe9\xed\xee\xc6\xc9\n\xcd\xda\xcc\xb7\xe0\xc6S\xc5m\xe5y1j\xa9\x13\v\xd2\x9cu\xf5b\xd8\xcf\x82\xce\x97K\xee \xd2\x82\xf0\x9c Y7\x98\xc0;`\x0ea\xaf\x97\xc6\x13\xe7\xfb4:\xafw\xdf\x03\xb5\x01\xa3\xf0d\xdb\xe2g\x8c\xb7\xc3\x86\xb2\xa9\x1a\xdcY$\xe0\x1e\x974<\x93<\xce\xd2d\x18\xd6\xa5\xceO\xb9k9\xcf\t\x1d\xd1nU\b\xf0\x84=s\xa2\xa6\xe1<\xd9\xe4\x9c\xb09i\xc2\xcc\x1f\xf7|\xf9\xc1\xf7\xd1\x19IcE\x06:\x177\x9a\x14\x14q@xc\xf3\vv\xfe\x9c\xa6\x88a\xb1\vv\x9cBn\x86\xbc\x86\xc3\xac\xd0u\xf14\x98=|\xda\xcf\xe9\x03z\xbdi\xdcM@\x1d\xb1\x7f\"s\xc8\x93\x1a\xa4\x1e\xf0\xb4 2\xbb$q\xc0\xef\x8b%\n\xe3\xc5', 0x1) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f0000000300)={{@raw=0x4, 0x4, 0xf8, 0x5, "a401d243991a4de376cc2bd4dbe3e10d3cff152230323227f8d6c24be7ceeed84366bbadec1b7ea40209a468", @raw}, 0x1ea, 0x3, 0x1, @raw=0x8f10, @reserved="1f21b2aa03e626d5da400a9e13f017f54c625fbe785ff8a079f5f335840ca5ee5c72d7c5dd9684cc9ec3d4551843651db67be7a66dc7420e0baebb7eb8a880fe494bb541abf1fad77749d5d4e58490133df980172cacbfd9fe2e372ddc298dcd9e9b59e603a8f2cd3f3500e3850bf32ab968e7afd0388afaa3712b60835ab268", "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ed519d3613ea5b4243440fc9595b760cee784decb284ff015aa97d8f86dd61fd4f929"}) connect$auto(0x3, 0x0, 0x55) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) 1.664875887s ago: executing program 4 (id=1542): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto(0xffffffffffffffff, 0x4b66, 0x1) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) r2 = prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0x7ff, 0x1, 0xffffffffffffffff, 0xa, 0x9) read$auto_clk_dump_fops_(r2, &(0x7f0000000480)=""/4096, 0x1000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0xc00000000) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0xb4d3) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents64$auto(r3, 0x0, 0x8004) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=@bpf_attr_1={0xffffffffffffffff, 0xd3f, @value=0x40, 0x3}, 0x6) 1.519882047s ago: executing program 2 (id=1543): bpf$auto(0x0, 0x0, 0x6f4) mmap$auto(0x0, 0x6, 0x10000000000, 0x11, 0x3, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r1 = getpid() r2 = gettid() rt_tgsigqueueinfo$auto(r1, r2, 0x1f, &(0x7f0000000400)={@_si_pad}) ppoll$auto(&(0x7f0000000000)={0xffffffffffffffff, 0x692, 0xffa0}, 0x4, 0x0, &(0x7f00000000c0)={0x4}, 0x8) write$auto_nvmf_dev_fops_fabrics(r0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x209b72, 0x4e477f5a, 0x8000) capget$auto(&(0x7f0000000200)={0x5, 0xffffffffffffffff}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r3, 0x1, 0x15, &(0x7f0000000200)='\x00', 0x269) read$auto(r0, 0x0, 0x1f43) 614.342022ms ago: executing program 2 (id=1544): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/irq/2/wakeup\x00', 0x80000, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c06, 0x0) 469.614701ms ago: executing program 0 (id=1545): msgctl$auto_IPC_RMID(0x1fd3, 0x0, &(0x7f0000000080)={{0x5c8d, 0xffffffffffffffff, 0xee01, 0xfa2, 0x1, 0x1, 0x7ff}, &(0x7f0000000000)=0x87, &(0x7f0000000040)=0xb, 0x813e, 0xfffffffffffffffb, 0x264369f6, 0x1, 0xb, 0x200, 0x5, 0x9, @raw=0x5}) setpriority$auto(0x1, r0, 0xa) 0s ago: executing program 0 (id=1546): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c001400", @ANYRES16=r0, @ANYBLOB="130026bd7000dddbdf250200000008000300", @ANYRES32=r2, @ANYBLOB='\b\x00a\x00\x00\x00\x00\x00\b'], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) kernel console output (not intermixed with test programs): x_do_mremap+0x10/0x10 [ 424.324222][T10894] ? find_held_lock+0x2b/0x80 [ 424.324243][T10894] ? ksys_write+0x190/0x250 [ 424.324275][T10894] __do_sys_mremap+0x119/0x170 [ 424.324297][T10894] ? __pfx___do_sys_mremap+0x10/0x10 [ 424.324320][T10894] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 424.324389][T10894] do_syscall_64+0xcd/0x490 [ 424.324425][T10894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.324448][T10894] RIP: 0033:0x7f70cfb8eb69 [ 424.324468][T10894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.324490][T10894] RSP: 002b:00007f70d09b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 424.324512][T10894] RAX: ffffffffffffffda RBX: 00007f70cfdb5fa0 RCX: 00007f70cfb8eb69 [ 424.324528][T10894] RDX: 0000000000003fd6 RSI: 0000000000000007 RDI: 0000000000000000 [ 424.324542][T10894] RBP: 00007f70d09b8090 R08: 0000000000200000 R09: 0000000000000000 [ 424.324557][T10894] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 424.324571][T10894] R13: 0000000000000000 R14: 00007f70cfdb5fa0 R15: 00007ffca29cd0c8 [ 424.324599][T10894] [ 425.077160][T10892] random: crng reseeded on system resumption [ 425.729136][T10908] FAULT_INJECTION: forcing a failure. [ 425.729136][T10908] name failslab, interval 1, probability 0, space 0, times 0 [ 425.806332][T10908] CPU: 1 UID: 0 PID: 10908 Comm: syz.3.1044 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 425.806375][T10908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 425.806391][T10908] Call Trace: [ 425.806400][T10908] [ 425.806412][T10908] dump_stack_lvl+0x16c/0x1f0 [ 425.806455][T10908] should_fail_ex+0x512/0x640 [ 425.806479][T10908] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 425.806508][T10908] should_failslab+0xc2/0x120 [ 425.806539][T10908] __kmalloc_cache_noprof+0x6a/0x3e0 [ 425.806563][T10908] ? ww_mutex_lock+0x37/0x160 [ 425.806595][T10908] ? vkms_plane_duplicate_state+0x45/0x130 [ 425.806624][T10908] ? modeset_lock+0x114/0x6e0 [ 425.806653][T10908] vkms_plane_duplicate_state+0x45/0x130 [ 425.806682][T10908] drm_atomic_get_plane_state+0x20b/0x590 [ 425.806714][T10908] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 425.806745][T10908] ? __pfx___might_resched+0x10/0x10 [ 425.806779][T10908] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 425.806813][T10908] ? __mutex_lock+0x1c4/0x10b0 [ 425.806847][T10908] ? rcu_is_watching+0x12/0xc0 [ 425.806918][T10908] drm_client_modeset_commit_locked+0x14d/0x580 [ 425.806961][T10908] drm_client_modeset_commit+0x4f/0x80 [ 425.806997][T10908] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 425.807033][T10908] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 425.807061][T10908] drm_fbdev_client_restore+0x2c/0x40 [ 425.807086][T10908] drm_client_dev_restore+0x1f3/0x2a0 [ 425.807126][T10908] drm_release+0x2c4/0x360 [ 425.807161][T10908] ? __pfx_drm_release+0x10/0x10 [ 425.807189][T10908] __fput+0x3ff/0xb70 [ 425.807234][T10908] task_work_run+0x14d/0x240 [ 425.807273][T10908] ? __pfx_task_work_run+0x10/0x10 [ 425.807311][T10908] ? __pfx___do_sys_close_range+0x10/0x10 [ 425.807350][T10908] exit_to_user_mode_loop+0xeb/0x110 [ 425.807386][T10908] do_syscall_64+0x3f6/0x490 [ 425.807428][T10908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.807453][T10908] RIP: 0033:0x7f70cfb8eb69 [ 425.807473][T10908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.807497][T10908] RSP: 002b:00007f70d0997038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 425.807519][T10908] RAX: 0000000000000000 RBX: 00007f70cfdb6080 RCX: 00007f70cfb8eb69 [ 425.807535][T10908] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 425.807549][T10908] RBP: 00007f70cfc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 425.807563][T10908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 425.807577][T10908] R13: 0000000000000000 R14: 00007f70cfdb6080 R15: 00007ffca29cd0c8 [ 425.807613][T10908] [ 426.398591][T10916] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 426.965638][T10917] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 428.134955][T10940] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1050'. [ 428.144393][T10936] can: request_module (can-proto-3) failed. [ 429.014866][T10951] FAULT_INJECTION: forcing a failure. [ 429.014866][T10951] name failslab, interval 1, probability 0, space 0, times 0 [ 429.043557][T10951] CPU: 0 UID: 0 PID: 10951 Comm: syz.3.1052 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 429.043596][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 429.043612][T10951] Call Trace: [ 429.043621][T10951] [ 429.043631][T10951] dump_stack_lvl+0x16c/0x1f0 [ 429.043675][T10951] should_fail_ex+0x512/0x640 [ 429.043701][T10951] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 429.043734][T10951] should_failslab+0xc2/0x120 [ 429.043769][T10951] __kmalloc_cache_noprof+0x6a/0x3e0 [ 429.043795][T10951] ? ww_mutex_lock+0x37/0x160 [ 429.043833][T10951] ? vkms_plane_duplicate_state+0x45/0x130 [ 429.043865][T10951] ? modeset_lock+0x114/0x6e0 [ 429.043896][T10951] vkms_plane_duplicate_state+0x45/0x130 [ 429.043926][T10951] drm_atomic_get_plane_state+0x20b/0x590 [ 429.043964][T10951] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 429.043998][T10951] ? __pfx___might_resched+0x10/0x10 [ 429.044036][T10951] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 429.044070][T10951] ? __mutex_lock+0x1c4/0x10b0 [ 429.044104][T10951] ? rcu_is_watching+0x12/0xc0 [ 429.044169][T10951] drm_client_modeset_commit_locked+0x14d/0x580 [ 429.044209][T10951] drm_client_modeset_commit+0x4f/0x80 [ 429.044243][T10951] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 429.044279][T10951] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 429.044316][T10951] drm_fbdev_client_restore+0x2c/0x40 [ 429.044343][T10951] drm_client_dev_restore+0x1f3/0x2a0 [ 429.044385][T10951] drm_release+0x2c4/0x360 [ 429.044420][T10951] ? __pfx_drm_release+0x10/0x10 [ 429.044449][T10951] __fput+0x3ff/0xb70 [ 429.044493][T10951] task_work_run+0x14d/0x240 [ 429.044532][T10951] ? __pfx_task_work_run+0x10/0x10 [ 429.044569][T10951] ? __pfx___do_sys_close_range+0x10/0x10 [ 429.044609][T10951] exit_to_user_mode_loop+0xeb/0x110 [ 429.044646][T10951] do_syscall_64+0x3f6/0x490 [ 429.044686][T10951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.044713][T10951] RIP: 0033:0x7f70cfb8eb69 [ 429.044734][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.044759][T10951] RSP: 002b:00007f70d0997038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 429.044783][T10951] RAX: 0000000000000000 RBX: 00007f70cfdb6080 RCX: 00007f70cfb8eb69 [ 429.044800][T10951] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 429.044815][T10951] RBP: 00007f70cfc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 429.044831][T10951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 429.044845][T10951] R13: 0000000000000000 R14: 00007f70cfdb6080 R15: 00007ffca29cd0c8 [ 429.044883][T10951] [ 429.309246][ C0] vkms_vblank_simulate: vblank timer overrun [ 430.686165][T10979] block2mtd: Using custom MTD label '' for dev [ 430.710997][T10979] block2mtd: error: cannot open device [ 433.655679][T11019] kexec: Could not allocate control_code_buffer [ 433.762229][T11043] FAULT_INJECTION: forcing a failure. [ 433.762229][T11043] name failslab, interval 1, probability 0, space 0, times 0 [ 433.797793][T11043] CPU: 0 UID: 0 PID: 11043 Comm: syz.3.1065 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 433.797833][T11043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 433.797850][T11043] Call Trace: [ 433.797859][T11043] [ 433.797869][T11043] dump_stack_lvl+0x16c/0x1f0 [ 433.797919][T11043] should_fail_ex+0x512/0x640 [ 433.797945][T11043] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 433.797976][T11043] should_failslab+0xc2/0x120 [ 433.798010][T11043] __kmalloc_cache_noprof+0x6a/0x3e0 [ 433.798036][T11043] ? ww_mutex_lock+0x37/0x160 [ 433.798071][T11043] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 433.798114][T11043] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 433.798149][T11043] drm_atomic_get_crtc_state+0x16e/0x450 [ 433.798184][T11043] drm_atomic_get_plane_state+0x436/0x590 [ 433.798219][T11043] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 433.798253][T11043] ? __pfx___might_resched+0x10/0x10 [ 433.798290][T11043] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 433.798325][T11043] ? __mutex_lock+0x1c4/0x10b0 [ 433.798358][T11043] ? rcu_is_watching+0x12/0xc0 [ 433.798422][T11043] drm_client_modeset_commit_locked+0x14d/0x580 [ 433.798463][T11043] drm_client_modeset_commit+0x4f/0x80 [ 433.798497][T11043] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 433.798532][T11043] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 433.798560][T11043] drm_fbdev_client_restore+0x2c/0x40 [ 433.798586][T11043] drm_client_dev_restore+0x1f3/0x2a0 [ 433.798621][T11043] drm_release+0x2c4/0x360 [ 433.798652][T11043] ? __pfx_drm_release+0x10/0x10 [ 433.798680][T11043] __fput+0x3ff/0xb70 [ 433.798723][T11043] task_work_run+0x14d/0x240 [ 433.798760][T11043] ? __pfx_task_work_run+0x10/0x10 [ 433.798797][T11043] ? __pfx___do_sys_close_range+0x10/0x10 [ 433.798835][T11043] exit_to_user_mode_loop+0xeb/0x110 [ 433.798872][T11043] do_syscall_64+0x3f6/0x490 [ 433.798921][T11043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.798949][T11043] RIP: 0033:0x7f70cfb8eb69 [ 433.798971][T11043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.798995][T11043] RSP: 002b:00007f70d0997038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 433.799020][T11043] RAX: 0000000000000000 RBX: 00007f70cfdb6080 RCX: 00007f70cfb8eb69 [ 433.799038][T11043] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 433.799053][T11043] RBP: 00007f70cfc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 433.799069][T11043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.799085][T11043] R13: 0000000000000000 R14: 00007f70cfdb6080 R15: 00007ffca29cd0c8 [ 433.799123][T11043] [ 434.118954][T11036] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 434.767599][T11048] FAULT_INJECTION: forcing a failure. [ 434.767599][T11048] name fail_futex, interval 1, probability 0, space 0, times 0 [ 434.851516][T11049] openvswitch: netlink: Key type 56 is out of range max 32 [ 434.866478][T11048] CPU: 0 UID: 0 PID: 11048 Comm: syz.3.1067 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 434.866512][T11048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 434.866536][T11048] Call Trace: [ 434.866544][T11048] [ 434.866553][T11048] dump_stack_lvl+0x16c/0x1f0 [ 434.866593][T11048] should_fail_ex+0x512/0x640 [ 434.866621][T11048] get_futex_key+0x1d0/0x1560 [ 434.866651][T11048] ? __lock_acquire+0xb97/0x1ce0 [ 434.866687][T11048] ? __pfx_get_futex_key+0x10/0x10 [ 434.866715][T11048] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 434.866743][T11048] ? const_folio_flags+0x5b/0x100 [ 434.866782][T11048] futex_wait_setup+0x9d/0x550 [ 434.866825][T11048] __futex_wait+0x194/0x2f0 [ 434.866860][T11048] ? __pfx___futex_wait+0x10/0x10 [ 434.866897][T11048] ? __pfx_futex_wake_mark+0x10/0x10 [ 434.866933][T11048] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 434.866964][T11048] ? __hrtimer_setup+0x176/0x280 [ 434.866999][T11048] ? ktime_add_safe+0x60/0x70 [ 434.867034][T11048] futex_wait+0xe8/0x380 [ 434.867066][T11048] ? __pfx_futex_wait+0x10/0x10 [ 434.867093][T11048] ? __lock_acquire+0xb97/0x1ce0 [ 434.867123][T11048] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 434.867170][T11048] do_futex+0x229/0x350 [ 434.867198][T11048] ? __pfx_do_futex+0x10/0x10 [ 434.867225][T11048] ? rcu_is_watching+0x12/0xc0 [ 434.867248][T11048] ? ktime_get+0x200/0x310 [ 434.867273][T11048] ? lockdep_hardirqs_on+0x7c/0x110 [ 434.867330][T11048] ? read_tsc+0x9/0x20 [ 434.867367][T11048] __x64_sys_futex+0x1e0/0x4c0 [ 434.867398][T11048] ? __pfx___x64_sys_futex+0x10/0x10 [ 434.867441][T11048] do_syscall_64+0xcd/0x490 [ 434.867478][T11048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.867503][T11048] RIP: 0033:0x7f70cfb8eb69 [ 434.867523][T11048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.867546][T11048] RSP: 002b:00007ffca29cd228 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 434.867570][T11048] RAX: ffffffffffffffda RBX: 000000000006a235 RCX: 00007f70cfb8eb69 [ 434.867587][T11048] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f70cfdb608c [ 434.867602][T11048] RBP: 0000000000000032 R08: 00007f70d09b9000 R09: 0000001da29cd51f [ 434.867618][T11048] R10: 00007ffca29cd320 R11: 0000000000000246 R12: 00007f70cfdb608c [ 434.867634][T11048] R13: 00007ffca29cd320 R14: 000000000006a267 R15: 00007ffca29cd340 [ 434.867668][T11048] [ 435.449685][T11050] zswap: compressor not available [ 436.053188][ T30] audit: type=1804 audit(6049152860.032:86): pid=11072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1071" name="/newroot/87/file0" dev="tmpfs" ino=475 res=1 errno=0 [ 436.356336][T11081] FAULT_INJECTION: forcing a failure. [ 436.356336][T11081] name failslab, interval 1, probability 0, space 0, times 0 [ 436.406184][T11081] CPU: 0 UID: 0 PID: 11081 Comm: syz.2.1075 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 436.406225][T11081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 436.406241][T11081] Call Trace: [ 436.406250][T11081] [ 436.406260][T11081] dump_stack_lvl+0x16c/0x1f0 [ 436.406306][T11081] should_fail_ex+0x512/0x640 [ 436.406331][T11081] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 436.406362][T11081] should_failslab+0xc2/0x120 [ 436.406397][T11081] __kmalloc_cache_noprof+0x6a/0x3e0 [ 436.406423][T11081] ? ww_mutex_lock+0x37/0x160 [ 436.406459][T11081] ? vkms_plane_duplicate_state+0x45/0x130 [ 436.406490][T11081] ? modeset_lock+0x114/0x6e0 [ 436.406521][T11081] vkms_plane_duplicate_state+0x45/0x130 [ 436.406550][T11081] drm_atomic_get_plane_state+0x20b/0x590 [ 436.406587][T11081] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 436.406620][T11081] ? __pfx___might_resched+0x10/0x10 [ 436.406657][T11081] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 436.406691][T11081] ? __mutex_lock+0x1c4/0x10b0 [ 436.406725][T11081] ? rcu_is_watching+0x12/0xc0 [ 436.406791][T11081] drm_client_modeset_commit_locked+0x14d/0x580 [ 436.406832][T11081] drm_client_modeset_commit+0x4f/0x80 [ 436.406868][T11081] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 436.406911][T11081] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 436.406941][T11081] drm_fbdev_client_restore+0x2c/0x40 [ 436.406967][T11081] drm_client_dev_restore+0x1f3/0x2a0 [ 436.407009][T11081] drm_release+0x2c4/0x360 [ 436.407043][T11081] ? __pfx_drm_release+0x10/0x10 [ 436.407072][T11081] __fput+0x3ff/0xb70 [ 436.407116][T11081] task_work_run+0x14d/0x240 [ 436.407155][T11081] ? __pfx_task_work_run+0x10/0x10 [ 436.407193][T11081] ? __pfx___do_sys_close_range+0x10/0x10 [ 436.407234][T11081] exit_to_user_mode_loop+0xeb/0x110 [ 436.407271][T11081] do_syscall_64+0x3f6/0x490 [ 436.407311][T11081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.407338][T11081] RIP: 0033:0x7f95d2d8eb69 [ 436.407360][T11081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.407386][T11081] RSP: 002b:00007f95d3b29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 436.407411][T11081] RAX: 0000000000000000 RBX: 00007f95d2fb6080 RCX: 00007f95d2d8eb69 [ 436.407428][T11081] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 436.407443][T11081] RBP: 00007f95d2e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 436.407460][T11081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.407476][T11081] R13: 0000000000000000 R14: 00007f95d2fb6080 R15: 00007fff27cff438 [ 436.407515][T11081] [ 437.434523][T11103] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1083'. [ 437.613803][T11103] veth0_macvtap: left promiscuous mode [ 438.085458][T11107] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1084'. [ 438.748754][ T30] audit: type=1804 audit(6049152862.742:87): pid=11116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1086" name="/newroot/300/file0" dev="tmpfs" ino=1564 res=1 errno=0 [ 439.706652][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.713055][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.083221][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.092434][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.277208][T11150] FAULT_INJECTION: forcing a failure. [ 440.277208][T11150] name failslab, interval 1, probability 0, space 0, times 0 [ 440.323130][T11150] CPU: 1 UID: 0 PID: 11150 Comm: syz.0.1094 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 440.323169][T11150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 440.323185][T11150] Call Trace: [ 440.323195][T11150] [ 440.323205][T11150] dump_stack_lvl+0x16c/0x1f0 [ 440.323250][T11150] should_fail_ex+0x512/0x640 [ 440.323285][T11150] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 440.323316][T11150] should_failslab+0xc2/0x120 [ 440.323349][T11150] __kmalloc_cache_noprof+0x6a/0x3e0 [ 440.323375][T11150] ? ww_mutex_lock+0x37/0x160 [ 440.323409][T11150] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 440.323452][T11150] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 440.323486][T11150] drm_atomic_get_crtc_state+0x16e/0x450 [ 440.323521][T11150] drm_atomic_get_plane_state+0x436/0x590 [ 440.323556][T11150] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 440.323589][T11150] ? __pfx___might_resched+0x10/0x10 [ 440.323626][T11150] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 440.323660][T11150] ? __mutex_lock+0x1c4/0x10b0 [ 440.323692][T11150] ? rcu_is_watching+0x12/0xc0 [ 440.323756][T11150] drm_client_modeset_commit_locked+0x14d/0x580 [ 440.323796][T11150] drm_client_modeset_commit+0x4f/0x80 [ 440.323830][T11150] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 440.323864][T11150] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 440.323892][T11150] drm_fbdev_client_restore+0x2c/0x40 [ 440.323917][T11150] drm_client_dev_restore+0x1f3/0x2a0 [ 440.323956][T11150] drm_release+0x2c4/0x360 [ 440.323989][T11150] ? __pfx_drm_release+0x10/0x10 [ 440.324017][T11150] __fput+0x3ff/0xb70 [ 440.324061][T11150] task_work_run+0x14d/0x240 [ 440.324100][T11150] ? __pfx_task_work_run+0x10/0x10 [ 440.324137][T11150] ? __pfx___do_sys_close_range+0x10/0x10 [ 440.324175][T11150] exit_to_user_mode_loop+0xeb/0x110 [ 440.324212][T11150] do_syscall_64+0x3f6/0x490 [ 440.324251][T11150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.324286][T11150] RIP: 0033:0x7ff8f0f8eb69 [ 440.324308][T11150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.324333][T11150] RSP: 002b:00007ff8f1d97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 440.324358][T11150] RAX: 0000000000000000 RBX: 00007ff8f11b6080 RCX: 00007ff8f0f8eb69 [ 440.324375][T11150] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 440.324390][T11150] RBP: 00007ff8f1011df1 R08: 0000000000000000 R09: 0000000000000000 [ 440.324406][T11150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 440.324422][T11150] R13: 0000000000000000 R14: 00007ff8f11b6080 R15: 00007ffcc78f4ed8 [ 440.324459][T11150] [ 440.598364][T11135] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 441.800916][T11166] kafs: addr_prefs: Invalid Command [ 441.968136][T11168] FAULT_INJECTION: forcing a failure. [ 441.968136][T11168] name failslab, interval 1, probability 0, space 0, times 0 [ 442.010045][T11168] CPU: 1 UID: 0 PID: 11168 Comm: syz.3.1099 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 442.010082][T11168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 442.010097][T11168] Call Trace: [ 442.010106][T11168] [ 442.010116][T11168] dump_stack_lvl+0x16c/0x1f0 [ 442.010155][T11168] should_fail_ex+0x512/0x640 [ 442.010179][T11168] ? __kmalloc_noprof+0xbf/0x510 [ 442.010209][T11168] ? iter_file_splice_write+0x1cc/0x1150 [ 442.010234][T11168] should_failslab+0xc2/0x120 [ 442.010264][T11168] __kmalloc_noprof+0xd2/0x510 [ 442.010299][T11168] iter_file_splice_write+0x1cc/0x1150 [ 442.010339][T11168] ? kfree+0x2b4/0x4d0 [ 442.010361][T11168] ? copy_splice_read+0x897/0xba0 [ 442.010393][T11168] ? __pfx_iter_file_splice_write+0x10/0x10 [ 442.010420][T11168] ? __lock_acquire+0xb97/0x1ce0 [ 442.010453][T11168] ? __pfx_copy_splice_read+0x10/0x10 [ 442.010497][T11168] ? __pfx_iter_file_splice_write+0x10/0x10 [ 442.010526][T11168] direct_splice_actor+0x18f/0x6c0 [ 442.010556][T11168] splice_direct_to_actor+0x345/0xa30 [ 442.010584][T11168] ? __pfx_direct_splice_actor+0x10/0x10 [ 442.010616][T11168] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 442.010639][T11168] ? get_pid_task+0xfc/0x250 [ 442.010680][T11168] do_splice_direct+0x174/0x240 [ 442.010706][T11168] ? __pfx_do_splice_direct+0x10/0x10 [ 442.010731][T11168] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 442.010774][T11168] ? rw_verify_area+0xcf/0x6c0 [ 442.010802][T11168] do_sendfile+0xb06/0xe50 [ 442.010834][T11168] ? __pfx_do_sendfile+0x10/0x10 [ 442.010860][T11168] ? __fget_files+0x20e/0x3c0 [ 442.010896][T11168] __x64_sys_sendfile64+0x1d8/0x220 [ 442.010925][T11168] ? ksys_write+0x1ac/0x250 [ 442.010951][T11168] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 442.010993][T11168] do_syscall_64+0xcd/0x490 [ 442.011030][T11168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.011056][T11168] RIP: 0033:0x7f70cfb8eb69 [ 442.011076][T11168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.011098][T11168] RSP: 002b:00007f70d09b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 442.011121][T11168] RAX: ffffffffffffffda RBX: 00007f70cfdb5fa0 RCX: 00007f70cfb8eb69 [ 442.011137][T11168] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 442.011151][T11168] RBP: 00007f70d09b8090 R08: 0000000000000000 R09: 0000000000000000 [ 442.011166][T11168] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 442.011181][T11168] R13: 0000000000000000 R14: 00007f70cfdb5fa0 R15: 00007ffca29cd0c8 [ 442.011216][T11168] [ 442.916078][T11174] ptp ptp0: only physical clock in use now [ 442.966188][T11174] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1101'. [ 444.907102][T11195] FAULT_INJECTION: forcing a failure. [ 444.907102][T11195] name failslab, interval 1, probability 0, space 0, times 0 [ 444.984402][T11195] CPU: 1 UID: 0 PID: 11195 Comm: syz.2.1105 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 444.984442][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 444.984458][T11195] Call Trace: [ 444.984466][T11195] [ 444.984477][T11195] dump_stack_lvl+0x16c/0x1f0 [ 444.984521][T11195] should_fail_ex+0x512/0x640 [ 444.984545][T11195] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 444.984577][T11195] should_failslab+0xc2/0x120 [ 444.984610][T11195] __kmalloc_cache_noprof+0x6a/0x3e0 [ 444.984634][T11195] ? ww_mutex_lock+0x37/0x160 [ 444.984669][T11195] ? vkms_plane_duplicate_state+0x45/0x130 [ 444.984699][T11195] ? modeset_lock+0x114/0x6e0 [ 444.984728][T11195] vkms_plane_duplicate_state+0x45/0x130 [ 444.984758][T11195] drm_atomic_get_plane_state+0x20b/0x590 [ 444.984793][T11195] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 444.984835][T11195] ? __pfx___might_resched+0x10/0x10 [ 444.984874][T11195] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 444.984909][T11195] ? __mutex_lock+0x1c4/0x10b0 [ 444.984944][T11195] ? rcu_is_watching+0x12/0xc0 [ 444.985007][T11195] drm_client_modeset_commit_locked+0x14d/0x580 [ 444.985046][T11195] drm_client_modeset_commit+0x4f/0x80 [ 444.985080][T11195] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 444.985115][T11195] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 444.985142][T11195] drm_fbdev_client_restore+0x2c/0x40 [ 444.985167][T11195] drm_client_dev_restore+0x1f3/0x2a0 [ 444.985206][T11195] drm_release+0x2c4/0x360 [ 444.985239][T11195] ? __pfx_drm_release+0x10/0x10 [ 444.985267][T11195] __fput+0x3ff/0xb70 [ 444.985310][T11195] task_work_run+0x14d/0x240 [ 444.985348][T11195] ? __pfx_task_work_run+0x10/0x10 [ 444.985385][T11195] ? __pfx___do_sys_close_range+0x10/0x10 [ 444.985472][T11195] exit_to_user_mode_loop+0xeb/0x110 [ 444.985512][T11195] do_syscall_64+0x3f6/0x490 [ 444.985552][T11195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.985578][T11195] RIP: 0033:0x7f95d2d8eb69 [ 444.985599][T11195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.985623][T11195] RSP: 002b:00007f95d3b29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 444.985648][T11195] RAX: 0000000000000000 RBX: 00007f95d2fb6080 RCX: 00007f95d2d8eb69 [ 444.985665][T11195] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 444.985681][T11195] RBP: 00007f95d2e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 444.985697][T11195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.985712][T11195] R13: 0000000000000000 R14: 00007f95d2fb6080 R15: 00007fff27cff438 [ 444.985750][T11195] [ 446.117434][T11204] FAULT_INJECTION: forcing a failure. [ 446.117434][T11204] name failslab, interval 1, probability 0, space 0, times 0 [ 446.300245][T11204] CPU: 1 UID: 0 PID: 11204 Comm: syz.2.1107 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 446.300281][T11204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 446.300294][T11204] Call Trace: [ 446.300302][T11204] [ 446.300311][T11204] dump_stack_lvl+0x16c/0x1f0 [ 446.300350][T11204] should_fail_ex+0x512/0x640 [ 446.300381][T11204] should_failslab+0xc2/0x120 [ 446.300412][T11204] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 446.300442][T11204] ? skb_clone+0x190/0x3f0 [ 446.300481][T11204] skb_clone+0x190/0x3f0 [ 446.300517][T11204] netlink_deliver_tap+0xabd/0xd30 [ 446.300559][T11204] netlink_unicast+0x64c/0x870 [ 446.300697][T11204] ? __pfx_netlink_unicast+0x10/0x10 [ 446.300737][T11204] ? __asan_memset+0x23/0x50 [ 446.300762][T11204] ? __build_skb_around+0x278/0x3b0 [ 446.300792][T11204] ? is_vmalloc_addr+0x86/0xa0 [ 446.300823][T11204] netlink_sendmsg+0x8d1/0xdd0 [ 446.300866][T11204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.300925][T11204] ____sys_sendmsg+0xa95/0xc70 [ 446.300956][T11204] ? __pfx_____sys_sendmsg+0x10/0x10 [ 446.300990][T11204] ? __pfx__kstrtoull+0x10/0x10 [ 446.301047][T11204] ___sys_sendmsg+0x134/0x1d0 [ 446.301084][T11204] ? __pfx____sys_sendmsg+0x10/0x10 [ 446.301139][T11204] ? find_held_lock+0x2b/0x80 [ 446.301188][T11204] __sys_sendmmsg+0x200/0x420 [ 446.301228][T11204] ? __pfx___sys_sendmmsg+0x10/0x10 [ 446.301276][T11204] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 446.301329][T11204] ? fput+0x9b/0xd0 [ 446.301361][T11204] ? ksys_write+0x1ac/0x250 [ 446.301382][T11204] ? __pfx_ksys_write+0x10/0x10 [ 446.301411][T11204] __x64_sys_sendmmsg+0x9c/0x100 [ 446.301443][T11204] ? lockdep_hardirqs_on+0x7c/0x110 [ 446.301476][T11204] do_syscall_64+0xcd/0x490 [ 446.301513][T11204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.301540][T11204] RIP: 0033:0x7f95d2d8eb69 [ 446.301561][T11204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.301584][T11204] RSP: 002b:00007f95d3b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 446.301608][T11204] RAX: ffffffffffffffda RBX: 00007f95d2fb5fa0 RCX: 00007f95d2d8eb69 [ 446.301625][T11204] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 446.301640][T11204] RBP: 00007f95d3b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 446.301654][T11204] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 446.301668][T11204] R13: 0000000000000000 R14: 00007f95d2fb5fa0 R15: 00007fff27cff438 [ 446.301704][T11204] [ 446.937820][ T5866] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 446.945336][ T5866] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 447.443558][T11220] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 447.520376][T11220] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 447.653467][T11227] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1111'. [ 447.784539][T11225] openvswitch: HfR: Dropping previously announced user features [ 447.828562][T11227] HfR: left promiscuous mode [ 447.957632][T11232] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1114'. [ 448.574250][T11238] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1113'. [ 451.546098][ T30] audit: type=1804 audit(6049152875.532:88): pid=11289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1123" name="/newroot/307/file0" dev="tmpfs" ino=1600 res=1 errno=0 [ 452.835016][T11299] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1126'. [ 452.914057][T11299] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.932503][T11299] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 453.155093][T11299] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 453.197266][T11305] syz.0.1127 (11305): attempted to duplicate a private mapping with mremap. This is not supported. [ 453.388386][T11299] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 457.057158][T11352] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1134'. [ 457.277860][T11352] HfR: entered promiscuous mode [ 461.277581][T11397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1144'. [ 463.144585][T11435] FAULT_INJECTION: forcing a failure. [ 463.144585][T11435] name failslab, interval 1, probability 0, space 0, times 0 [ 463.178663][T11435] CPU: 0 UID: 0 PID: 11435 Comm: syz.0.1151 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 463.178702][T11435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 463.178718][T11435] Call Trace: [ 463.178727][T11435] [ 463.178737][T11435] dump_stack_lvl+0x16c/0x1f0 [ 463.178780][T11435] should_fail_ex+0x512/0x640 [ 463.178805][T11435] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 463.178836][T11435] should_failslab+0xc2/0x120 [ 463.178869][T11435] __kmalloc_cache_noprof+0x6a/0x3e0 [ 463.178895][T11435] ? ww_mutex_lock+0x37/0x160 [ 463.178930][T11435] ? vkms_plane_duplicate_state+0x45/0x130 [ 463.178973][T11435] ? modeset_lock+0x114/0x6e0 [ 463.179003][T11435] vkms_plane_duplicate_state+0x45/0x130 [ 463.179035][T11435] drm_atomic_get_plane_state+0x20b/0x590 [ 463.179070][T11435] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 463.179103][T11435] ? __pfx___might_resched+0x10/0x10 [ 463.179140][T11435] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 463.179173][T11435] ? __mutex_lock+0x1c4/0x10b0 [ 463.179208][T11435] ? rcu_is_watching+0x12/0xc0 [ 463.179272][T11435] drm_client_modeset_commit_locked+0x14d/0x580 [ 463.179314][T11435] drm_client_modeset_commit+0x4f/0x80 [ 463.179349][T11435] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 463.179383][T11435] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 463.179416][T11435] drm_fbdev_client_restore+0x2c/0x40 [ 463.179441][T11435] drm_client_dev_restore+0x1f3/0x2a0 [ 463.179480][T11435] drm_release+0x2c4/0x360 [ 463.179513][T11435] ? __pfx_drm_release+0x10/0x10 [ 463.179540][T11435] __fput+0x3ff/0xb70 [ 463.179584][T11435] task_work_run+0x14d/0x240 [ 463.179622][T11435] ? __pfx_task_work_run+0x10/0x10 [ 463.179659][T11435] ? __pfx___do_sys_close_range+0x10/0x10 [ 463.179697][T11435] exit_to_user_mode_loop+0xeb/0x110 [ 463.179733][T11435] do_syscall_64+0x3f6/0x490 [ 463.179772][T11435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.179798][T11435] RIP: 0033:0x7ff8f0f8eb69 [ 463.179819][T11435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.179842][T11435] RSP: 002b:00007ff8f1db8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 463.179866][T11435] RAX: 0000000000000000 RBX: 00007ff8f11b5fa0 RCX: 00007ff8f0f8eb69 [ 463.179883][T11435] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 463.179898][T11435] RBP: 00007ff8f1011df1 R08: 0000000000000000 R09: 0000000000000000 [ 463.179913][T11435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.179928][T11435] R13: 0000000000000000 R14: 00007ff8f11b5fa0 R15: 00007ffcc78f4ed8 [ 463.179971][T11435] [ 464.655126][T11454] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 464.774533][T11456] FAULT_INJECTION: forcing a failure. [ 464.774533][T11456] name failslab, interval 1, probability 0, space 0, times 0 [ 464.907011][T11456] CPU: 1 UID: 0 PID: 11456 Comm: syz.4.1157 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 464.907052][T11456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 464.907069][T11456] Call Trace: [ 464.907078][T11456] [ 464.907088][T11456] dump_stack_lvl+0x16c/0x1f0 [ 464.907133][T11456] should_fail_ex+0x512/0x640 [ 464.907159][T11456] ? fs_reclaim_acquire+0xae/0x150 [ 464.907201][T11456] should_failslab+0xc2/0x120 [ 464.907236][T11456] __kmalloc_cache_noprof+0x6a/0x3e0 [ 464.907265][T11456] ? __lock_acquire+0x62e/0x1ce0 [ 464.907296][T11456] ? usb_control_msg+0xbc/0x4a0 [ 464.907340][T11456] usb_control_msg+0xbc/0x4a0 [ 464.907380][T11456] ? __pfx_usb_control_msg+0x10/0x10 [ 464.907429][T11456] hub_ext_port_status+0x14e/0x670 [ 464.907480][T11456] hub_activate+0x6e5/0x1d60 [ 464.907530][T11456] ? __pfx_hub_activate+0x10/0x10 [ 464.907569][T11456] ? usb_generic_driver_resume+0x70/0xa0 [ 464.907619][T11456] hub_resume+0xa8/0x3f0 [ 464.907644][T11456] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 464.907685][T11456] ? __pfx_hub_resume+0x10/0x10 [ 464.907709][T11456] ? __pfx_hcd_bus_resume+0x10/0x10 [ 464.907750][T11456] usb_resume_interface.constprop.0.isra.0+0x2c5/0x3e0 [ 464.907788][T11456] usb_resume_both+0x273/0x800 [ 464.907822][T11456] ? __pfx_usb_resume_both+0x10/0x10 [ 464.907855][T11456] ? __pfx_usb_runtime_resume+0x10/0x10 [ 464.907891][T11456] ? __pfx_usb_runtime_resume+0x10/0x10 [ 464.907925][T11456] __rpm_callback+0xc8/0x610 [ 464.907954][T11456] ? __pfx_usb_runtime_resume+0x10/0x10 [ 464.907999][T11456] rpm_callback+0x1b7/0x200 [ 464.908024][T11456] ? __pfx_usb_runtime_resume+0x10/0x10 [ 464.908059][T11456] rpm_resume+0xd0a/0x1310 [ 464.908094][T11456] ? __pfx_rpm_resume+0x10/0x10 [ 464.908118][T11456] ? do_raw_spin_lock+0x12c/0x2b0 [ 464.908158][T11456] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 464.908210][T11456] __pm_runtime_resume+0xb6/0x170 [ 464.908239][T11456] usb_autoresume_device+0x23/0xe0 [ 464.908275][T11456] usbdev_open+0x228/0x8b0 [ 464.908310][T11456] ? do_raw_spin_lock+0x12c/0x2b0 [ 464.908346][T11456] ? __pfx_usbdev_open+0x10/0x10 [ 464.908380][T11456] ? chrdev_open+0x58c/0x6a0 [ 464.908417][T11456] ? __pfx_usbdev_open+0x10/0x10 [ 464.908450][T11456] chrdev_open+0x231/0x6a0 [ 464.908483][T11456] ? __pfx_chrdev_open+0x10/0x10 [ 464.908518][T11456] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 464.908554][T11456] do_dentry_open+0x982/0x1530 [ 464.908586][T11456] ? __pfx_chrdev_open+0x10/0x10 [ 464.908625][T11456] vfs_open+0x82/0x3f0 [ 464.908666][T11456] path_openat+0x1de4/0x2cb0 [ 464.908709][T11456] ? __pfx_path_openat+0x10/0x10 [ 464.908746][T11456] do_filp_open+0x20b/0x470 [ 464.908777][T11456] ? __pfx_do_filp_open+0x10/0x10 [ 464.908834][T11456] ? alloc_fd+0x471/0x7d0 [ 464.908873][T11456] do_sys_openat2+0x11b/0x1d0 [ 464.908910][T11456] ? __pfx_do_sys_openat2+0x10/0x10 [ 464.908962][T11456] __x64_sys_openat+0x174/0x210 [ 464.909008][T11456] ? __pfx___x64_sys_openat+0x10/0x10 [ 464.909064][T11456] do_syscall_64+0xcd/0x490 [ 464.909106][T11456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.909132][T11456] RIP: 0033:0x7fc5e798eb69 [ 464.909154][T11456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.909179][T11456] RSP: 002b:00007fc5e8855038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 464.909204][T11456] RAX: ffffffffffffffda RBX: 00007fc5e7bb5fa0 RCX: 00007fc5e798eb69 [ 464.909222][T11456] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 464.909239][T11456] RBP: 00007fc5e7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 464.909255][T11456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.909272][T11456] R13: 0000000000000000 R14: 00007fc5e7bb5fa0 R15: 00007ffc8dacf998 [ 464.909308][T11456] [ 465.296473][T11456] hub 2-0:1.0: hub_ext_port_status failed (err = -12) [ 465.818333][T11460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1158'. [ 466.289764][T11480] delete_channel: no stack [ 466.460163][T11474] netlink: zone id is out of range [ 466.465327][T11474] netlink: zone id is out of range [ 466.479743][T11474] netlink: zone id is out of range [ 466.484892][T11474] netlink: zone id is out of range [ 466.526072][T11474] netlink: zone id is out of range [ 466.531387][T11474] netlink: zone id is out of range [ 466.538659][T11474] netlink: zone id is out of range [ 466.544001][T11474] netlink: zone id is out of range [ 466.562054][T11485] FAULT_INJECTION: forcing a failure. [ 466.562054][T11485] name failslab, interval 1, probability 0, space 0, times 0 [ 466.575372][T11485] CPU: 1 UID: 0 PID: 11485 Comm: syz.2.1163 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 466.575410][T11485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 466.575424][T11485] Call Trace: [ 466.575432][T11485] [ 466.575442][T11485] dump_stack_lvl+0x16c/0x1f0 [ 466.575486][T11485] should_fail_ex+0x512/0x640 [ 466.575512][T11485] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 466.575543][T11485] should_failslab+0xc2/0x120 [ 466.575576][T11485] __kmalloc_cache_noprof+0x6a/0x3e0 [ 466.575601][T11485] ? ww_mutex_lock+0x37/0x160 [ 466.575639][T11485] ? vkms_plane_duplicate_state+0x45/0x130 [ 466.575670][T11485] ? modeset_lock+0x114/0x6e0 [ 466.575699][T11485] vkms_plane_duplicate_state+0x45/0x130 [ 466.575730][T11485] drm_atomic_get_plane_state+0x20b/0x590 [ 466.575767][T11485] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 466.575800][T11485] ? __pfx___might_resched+0x10/0x10 [ 466.575838][T11485] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 466.575873][T11485] ? __mutex_lock+0x1c4/0x10b0 [ 466.575907][T11485] ? rcu_is_watching+0x12/0xc0 [ 466.575981][T11485] drm_client_modeset_commit_locked+0x14d/0x580 [ 466.576020][T11485] drm_client_modeset_commit+0x4f/0x80 [ 466.576054][T11485] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 466.576089][T11485] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 466.576113][T11485] drm_fbdev_client_restore+0x2c/0x40 [ 466.576138][T11485] drm_client_dev_restore+0x1f3/0x2a0 [ 466.576179][T11485] drm_release+0x2c4/0x360 [ 466.576214][T11485] ? __pfx_drm_release+0x10/0x10 [ 466.576242][T11485] __fput+0x3ff/0xb70 [ 466.576286][T11485] task_work_run+0x14d/0x240 [ 466.576325][T11485] ? __pfx_task_work_run+0x10/0x10 [ 466.576363][T11485] ? __pfx___do_sys_close_range+0x10/0x10 [ 466.576403][T11485] exit_to_user_mode_loop+0xeb/0x110 [ 466.576440][T11485] do_syscall_64+0x3f6/0x490 [ 466.576480][T11485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.576506][T11485] RIP: 0033:0x7f95d2d8eb69 [ 466.576528][T11485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.576552][T11485] RSP: 002b:00007f95d3b29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 466.576577][T11485] RAX: 0000000000000000 RBX: 00007f95d2fb6080 RCX: 00007f95d2d8eb69 [ 466.576595][T11485] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 466.576610][T11485] RBP: 00007f95d2e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 466.576627][T11485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 466.576643][T11485] R13: 0000000000000000 R14: 00007f95d2fb6080 R15: 00007fff27cff438 [ 466.576682][T11485] [ 467.179759][T11474] netlink: zone id is out of range [ 467.184924][T11474] netlink: zone id is out of range [ 468.431270][ T30] audit: type=1804 audit(6049152892.422:89): pid=11512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1170" name="/newroot/302/file0" dev="tmpfs" ino=1581 res=1 errno=0 [ 469.082062][T11520] FAULT_INJECTION: forcing a failure. [ 469.082062][T11520] name failslab, interval 1, probability 0, space 0, times 0 [ 469.129884][T11520] CPU: 0 UID: 0 PID: 11520 Comm: syz.4.1173 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 469.129924][T11520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 469.129939][T11520] Call Trace: [ 469.129947][T11520] [ 469.129958][T11520] dump_stack_lvl+0x16c/0x1f0 [ 469.130004][T11520] should_fail_ex+0x512/0x640 [ 469.130027][T11520] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 469.130055][T11520] should_failslab+0xc2/0x120 [ 469.130087][T11520] __kmalloc_cache_noprof+0x6a/0x3e0 [ 469.130109][T11520] ? ww_mutex_lock+0x37/0x160 [ 469.130144][T11520] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 469.130184][T11520] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 469.130217][T11520] drm_atomic_get_crtc_state+0x16e/0x450 [ 469.130253][T11520] drm_atomic_get_plane_state+0x436/0x590 [ 469.130288][T11520] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 469.130323][T11520] ? __pfx___might_resched+0x10/0x10 [ 469.130359][T11520] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 469.130390][T11520] ? __mutex_lock+0x1c4/0x10b0 [ 469.130420][T11520] ? rcu_is_watching+0x12/0xc0 [ 469.130478][T11520] drm_client_modeset_commit_locked+0x14d/0x580 [ 469.130516][T11520] drm_client_modeset_commit+0x4f/0x80 [ 469.130550][T11520] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 469.130582][T11520] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 469.130607][T11520] drm_fbdev_client_restore+0x2c/0x40 [ 469.130633][T11520] drm_client_dev_restore+0x1f3/0x2a0 [ 469.130669][T11520] drm_release+0x2c4/0x360 [ 469.130712][T11520] ? __pfx_drm_release+0x10/0x10 [ 469.130740][T11520] __fput+0x3ff/0xb70 [ 469.130783][T11520] task_work_run+0x14d/0x240 [ 469.130819][T11520] ? __pfx_task_work_run+0x10/0x10 [ 469.130852][T11520] ? __pfx___do_sys_close_range+0x10/0x10 [ 469.130888][T11520] exit_to_user_mode_loop+0xeb/0x110 [ 469.130924][T11520] do_syscall_64+0x3f6/0x490 [ 469.130964][T11520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.130986][T11520] RIP: 0033:0x7fc5e798eb69 [ 469.131005][T11520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.131024][T11520] RSP: 002b:00007fc5e8834038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 469.131043][T11520] RAX: 0000000000000000 RBX: 00007fc5e7bb6080 RCX: 00007fc5e798eb69 [ 469.131056][T11520] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 469.131068][T11520] RBP: 00007fc5e7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 469.131080][T11520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.131092][T11520] R13: 0000000000000000 R14: 00007fc5e7bb6080 R15: 00007ffc8dacf998 [ 469.131122][T11520] [ 469.546130][ T30] audit: type=1804 audit(6049152893.522:90): pid=11516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1171" name="/newroot/296/file0" dev="tmpfs" ino=1547 res=1 errno=0 [ 471.872314][ T30] audit: type=1804 audit(6049152895.852:91): pid=11565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1180" name="/newroot/305/file0" dev="tmpfs" ino=1597 res=1 errno=0 [ 471.979113][T11569] FAULT_INJECTION: forcing a failure. [ 471.979113][T11569] name failslab, interval 1, probability 0, space 0, times 0 [ 471.995538][T11569] CPU: 1 UID: 0 PID: 11569 Comm: syz.2.1182 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 471.995575][T11569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 471.995589][T11569] Call Trace: [ 471.995598][T11569] [ 471.995607][T11569] dump_stack_lvl+0x16c/0x1f0 [ 471.995649][T11569] should_fail_ex+0x512/0x640 [ 471.995673][T11569] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 471.995703][T11569] should_failslab+0xc2/0x120 [ 471.995733][T11569] __kmalloc_cache_noprof+0x6a/0x3e0 [ 471.995747][T11569] ? ww_mutex_lock+0x37/0x160 [ 471.995767][T11569] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 471.995791][T11569] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 471.995810][T11569] drm_atomic_get_crtc_state+0x16e/0x450 [ 471.995830][T11569] drm_atomic_get_plane_state+0x436/0x590 [ 471.995848][T11569] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 471.995868][T11569] ? __pfx___might_resched+0x10/0x10 [ 471.995888][T11569] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 471.995906][T11569] ? __mutex_lock+0x1c4/0x10b0 [ 471.995926][T11569] ? rcu_is_watching+0x12/0xc0 [ 471.995967][T11569] drm_client_modeset_commit_locked+0x14d/0x580 [ 471.996003][T11569] drm_client_modeset_commit+0x4f/0x80 [ 471.996035][T11569] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 471.996067][T11569] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 471.996093][T11569] drm_fbdev_client_restore+0x2c/0x40 [ 471.996118][T11569] drm_client_dev_restore+0x1f3/0x2a0 [ 471.996168][T11569] drm_release+0x2c4/0x360 [ 471.996202][T11569] ? __pfx_drm_release+0x10/0x10 [ 471.996219][T11569] __fput+0x3ff/0xb70 [ 471.996243][T11569] task_work_run+0x14d/0x240 [ 471.996265][T11569] ? __pfx_task_work_run+0x10/0x10 [ 471.996286][T11569] ? __pfx___do_sys_close_range+0x10/0x10 [ 471.996307][T11569] exit_to_user_mode_loop+0xeb/0x110 [ 471.996328][T11569] do_syscall_64+0x3f6/0x490 [ 471.996351][T11569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.996365][T11569] RIP: 0033:0x7f95d2d8eb69 [ 471.996381][T11569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.996395][T11569] RSP: 002b:00007f95d3b29038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 471.996409][T11569] RAX: 0000000000000000 RBX: 00007f95d2fb6080 RCX: 00007f95d2d8eb69 [ 471.996418][T11569] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 471.996427][T11569] RBP: 00007f95d2e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 471.996435][T11569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.996446][T11569] R13: 0000000000000000 R14: 00007f95d2fb6080 R15: 00007fff27cff438 [ 471.996479][T11569] [ 472.260503][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.041626][T11586] FAULT_INJECTION: forcing a failure. [ 473.041626][T11586] name failslab, interval 1, probability 0, space 0, times 0 [ 473.054607][T11586] CPU: 0 UID: 0 PID: 11586 Comm: syz.3.1187 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 473.054630][T11586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 473.054639][T11586] Call Trace: [ 473.054646][T11586] [ 473.054653][T11586] dump_stack_lvl+0x16c/0x1f0 [ 473.054679][T11586] should_fail_ex+0x512/0x640 [ 473.054695][T11586] ? fs_reclaim_acquire+0xae/0x150 [ 473.054718][T11586] should_failslab+0xc2/0x120 [ 473.054739][T11586] __kmalloc_cache_noprof+0x6a/0x3e0 [ 473.054754][T11586] ? __lock_acquire+0x62e/0x1ce0 [ 473.054771][T11586] ? usb_control_msg+0xbc/0x4a0 [ 473.054796][T11586] usb_control_msg+0xbc/0x4a0 [ 473.054817][T11586] ? __pfx_usb_control_msg+0x10/0x10 [ 473.054844][T11586] hub_ext_port_status+0x14e/0x670 [ 473.054870][T11586] hub_activate+0x6e5/0x1d60 [ 473.054897][T11586] ? __pfx_hub_activate+0x10/0x10 [ 473.054919][T11586] ? usb_generic_driver_resume+0x70/0xa0 [ 473.054950][T11586] hub_resume+0xa8/0x3f0 [ 473.054962][T11586] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 473.054985][T11586] ? __pfx_hub_resume+0x10/0x10 [ 473.054997][T11586] ? __pfx_hcd_bus_resume+0x10/0x10 [ 473.055020][T11586] usb_resume_interface.constprop.0.isra.0+0x2c5/0x3e0 [ 473.055040][T11586] usb_resume_both+0x273/0x800 [ 473.055059][T11586] ? __pfx_usb_resume_both+0x10/0x10 [ 473.055076][T11586] ? __pfx_usb_runtime_resume+0x10/0x10 [ 473.055096][T11586] ? __pfx_usb_runtime_resume+0x10/0x10 [ 473.055114][T11586] __rpm_callback+0xc8/0x610 [ 473.055130][T11586] ? __pfx_usb_runtime_resume+0x10/0x10 [ 473.055148][T11586] rpm_callback+0x1b7/0x200 [ 473.055161][T11586] ? __pfx_usb_runtime_resume+0x10/0x10 [ 473.055179][T11586] rpm_resume+0xd0a/0x1310 [ 473.055207][T11586] ? __pfx_rpm_resume+0x10/0x10 [ 473.055219][T11586] ? do_raw_spin_lock+0x12c/0x2b0 [ 473.055242][T11586] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 473.055271][T11586] __pm_runtime_resume+0xb6/0x170 [ 473.055286][T11586] usb_autoresume_device+0x23/0xe0 [ 473.055305][T11586] usbdev_open+0x228/0x8b0 [ 473.055324][T11586] ? kobject_get_unless_zero+0x156/0x1e0 [ 473.055338][T11586] ? __pfx_usbdev_open+0x10/0x10 [ 473.055356][T11586] ? chrdev_open+0x10b/0x6a0 [ 473.055376][T11586] ? __pfx_usbdev_open+0x10/0x10 [ 473.055394][T11586] chrdev_open+0x231/0x6a0 [ 473.055410][T11586] ? __pfx_apparmor_file_open+0x10/0x10 [ 473.055426][T11586] ? __pfx_chrdev_open+0x10/0x10 [ 473.055444][T11586] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 473.055463][T11586] do_dentry_open+0x982/0x1530 [ 473.055480][T11586] ? __pfx_chrdev_open+0x10/0x10 [ 473.055501][T11586] vfs_open+0x82/0x3f0 [ 473.055523][T11586] path_openat+0x1de4/0x2cb0 [ 473.055546][T11586] ? __pfx_path_openat+0x10/0x10 [ 473.055567][T11586] do_filp_open+0x20b/0x470 [ 473.055583][T11586] ? __pfx_do_filp_open+0x10/0x10 [ 473.055613][T11586] ? alloc_fd+0x471/0x7d0 [ 473.055633][T11586] do_sys_openat2+0x11b/0x1d0 [ 473.055653][T11586] ? __pfx_do_sys_openat2+0x10/0x10 [ 473.055681][T11586] __x64_sys_openat+0x174/0x210 [ 473.055702][T11586] ? __pfx___x64_sys_openat+0x10/0x10 [ 473.055730][T11586] do_syscall_64+0xcd/0x490 [ 473.055753][T11586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.055768][T11586] RIP: 0033:0x7f70cfb8eb69 [ 473.055781][T11586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.055795][T11586] RSP: 002b:00007f70d09b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 473.055809][T11586] RAX: ffffffffffffffda RBX: 00007f70cfdb5fa0 RCX: 00007f70cfb8eb69 [ 473.055819][T11586] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 473.055828][T11586] RBP: 00007f70cfc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 473.055837][T11586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.055846][T11586] R13: 0000000000000000 R14: 00007f70cfdb5fa0 R15: 00007ffca29cd0c8 [ 473.055865][T11586] [ 473.055876][T11586] hub 2-0:1.0: hub_ext_port_status failed (err = -12) [ 473.526176][ T30] audit: type=1804 audit(6049152897.512:92): pid=11576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1186" name="/newroot/300/file0" dev="tmpfs" ino=1568 res=1 errno=0 [ 474.234336][ T30] audit: type=1804 audit(6049152898.222:93): pid=11605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1191" name="/newroot/110/file0" dev="tmpfs" ino=591 res=1 errno=0 [ 474.248520][T11609] FAULT_INJECTION: forcing a failure. [ 474.248520][T11609] name failslab, interval 1, probability 0, space 0, times 0 [ 474.325926][T11609] CPU: 0 UID: 0 PID: 11609 Comm: syz.3.1192 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 474.325969][T11609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 474.325983][T11609] Call Trace: [ 474.325990][T11609] [ 474.326000][T11609] dump_stack_lvl+0x16c/0x1f0 [ 474.326042][T11609] should_fail_ex+0x512/0x640 [ 474.326065][T11609] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 474.326104][T11609] should_failslab+0xc2/0x120 [ 474.326137][T11609] __kmalloc_cache_noprof+0x6a/0x3e0 [ 474.326165][T11609] ? vkms_plane_duplicate_state+0x87/0x130 [ 474.326195][T11609] ? kasan_save_track+0x14/0x30 [ 474.326226][T11609] vkms_plane_duplicate_state+0x87/0x130 [ 474.326252][T11609] drm_atomic_get_plane_state+0x20b/0x590 [ 474.326287][T11609] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 474.326320][T11609] ? __pfx___might_resched+0x10/0x10 [ 474.326358][T11609] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 474.326393][T11609] ? __mutex_lock+0x1c4/0x10b0 [ 474.326428][T11609] ? rcu_is_watching+0x12/0xc0 [ 474.326492][T11609] drm_client_modeset_commit_locked+0x14d/0x580 [ 474.326532][T11609] drm_client_modeset_commit+0x4f/0x80 [ 474.326567][T11609] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 474.326603][T11609] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 474.326632][T11609] drm_fbdev_client_restore+0x2c/0x40 [ 474.326658][T11609] drm_client_dev_restore+0x1f3/0x2a0 [ 474.326698][T11609] drm_release+0x2c4/0x360 [ 474.326733][T11609] ? __pfx_drm_release+0x10/0x10 [ 474.326761][T11609] __fput+0x3ff/0xb70 [ 474.326805][T11609] task_work_run+0x14d/0x240 [ 474.326845][T11609] ? __pfx_task_work_run+0x10/0x10 [ 474.326883][T11609] ? __pfx___do_sys_close_range+0x10/0x10 [ 474.326922][T11609] exit_to_user_mode_loop+0xeb/0x110 [ 474.326960][T11609] do_syscall_64+0x3f6/0x490 [ 474.327001][T11609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.327027][T11609] RIP: 0033:0x7f70cfb8eb69 [ 474.327049][T11609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.327073][T11609] RSP: 002b:00007f70d0997038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 474.327105][T11609] RAX: 0000000000000000 RBX: 00007f70cfdb6080 RCX: 00007f70cfb8eb69 [ 474.327122][T11609] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 474.327138][T11609] RBP: 00007f70cfc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 474.327154][T11609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.327169][T11609] R13: 0000000000000000 R14: 00007f70cfdb6080 R15: 00007ffca29cd0c8 [ 474.327208][T11609] [ 474.901052][ T30] audit: type=1804 audit(6049152898.892:94): pid=11612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1193" name="/newroot/302/file0" dev="tmpfs" ino=1579 res=1 errno=0 [ 475.772664][T11630] FAULT_INJECTION: forcing a failure. [ 475.772664][T11630] name fail_futex, interval 1, probability 0, space 0, times 0 [ 475.799860][T11630] CPU: 0 UID: 0 PID: 11630 Comm: syz.0.1198 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 475.799897][T11630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 475.799913][T11630] Call Trace: [ 475.799922][T11630] [ 475.799939][T11630] dump_stack_lvl+0x16c/0x1f0 [ 475.799982][T11630] should_fail_ex+0x512/0x640 [ 475.800013][T11630] get_futex_key+0x1d0/0x1560 [ 475.800049][T11630] ? __pfx_get_futex_key+0x10/0x10 [ 475.800078][T11630] ? __lock_acquire+0xb97/0x1ce0 [ 475.800114][T11630] ? __pfx___might_resched+0x10/0x10 [ 475.800143][T11630] futex_wake+0xea/0x530 [ 475.800181][T11630] ? __pfx_futex_wake+0x10/0x10 [ 475.800213][T11630] ? __might_fault+0xe3/0x190 [ 475.800239][T11630] ? __might_fault+0x13b/0x190 [ 475.800278][T11630] do_futex+0x1e3/0x350 [ 475.800308][T11630] ? __pfx_do_futex+0x10/0x10 [ 475.800334][T11630] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 475.800372][T11630] __x64_sys_futex+0x1e0/0x4c0 [ 475.800408][T11630] ? __pfx___x64_sys_futex+0x10/0x10 [ 475.800438][T11630] ? __sys_getsockopt+0x144/0x1b0 [ 475.800482][T11630] do_syscall_64+0xcd/0x490 [ 475.800521][T11630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.800547][T11630] RIP: 0033:0x7ff8f0f8eb69 [ 475.800567][T11630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.800592][T11630] RSP: 002b:00007ff8f1db80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 475.800616][T11630] RAX: ffffffffffffffda RBX: 00007ff8f11b5fa8 RCX: 00007ff8f0f8eb69 [ 475.800633][T11630] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff8f11b5fac [ 475.800648][T11630] RBP: 00007ff8f11b5fa0 R08: 00007ff8f1db9000 R09: 0000000000000000 [ 475.800663][T11630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8f11b5fac [ 475.800678][T11630] R13: 0000000000000000 R14: 00007ffcc78f4df0 R15: 00007ffcc78f4ed8 [ 475.800710][T11630] [ 477.101161][T11650] serio: Serial port pty238 [ 477.779243][ T30] audit: type=1804 audit(6049152901.762:95): pid=11663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1205" name="/newroot/328/file0" dev="tmpfs" ino=1710 res=1 errno=0 [ 478.263078][T11673] FAULT_INJECTION: forcing a failure. [ 478.263078][T11673] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 478.314646][T11673] CPU: 1 UID: 0 PID: 11673 Comm: syz.4.1211 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 478.314684][T11673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.314699][T11673] Call Trace: [ 478.314707][T11673] [ 478.314717][T11673] dump_stack_lvl+0x16c/0x1f0 [ 478.314763][T11673] should_fail_ex+0x512/0x640 [ 478.314794][T11673] should_fail_alloc_page+0xe7/0x130 [ 478.314827][T11673] prepare_alloc_pages+0x3c2/0x610 [ 478.314866][T11673] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 478.314897][T11673] ? stack_trace_save+0x8e/0xc0 [ 478.314924][T11673] ? __pfx_stack_trace_save+0x10/0x10 [ 478.314949][T11673] ? stack_depot_save_flags+0x28/0xa40 [ 478.314985][T11673] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 478.315012][T11673] ? __kasan_slab_alloc+0x89/0x90 [ 478.315039][T11673] ? __pmd_alloc+0xbf/0x930 [ 478.315070][T11673] ? handle_mm_fault+0x589/0xd10 [ 478.315091][T11673] ? __get_user_pages+0x551/0x34a0 [ 478.315122][T11673] ? populate_vma_page_range+0x267/0x3f0 [ 478.315154][T11673] ? __mm_populate+0x1d8/0x380 [ 478.315186][T11673] ? vm_mmap_pgoff+0x37f/0x470 [ 478.315221][T11673] ? ksys_mmap_pgoff+0x32c/0x5c0 [ 478.315248][T11673] ? __x64_sys_mmap+0x125/0x190 [ 478.315296][T11673] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 478.315331][T11673] ? policy_nodemask+0xea/0x4e0 [ 478.315363][T11673] alloc_pages_mpol+0x1fb/0x550 [ 478.315395][T11673] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 478.315434][T11673] alloc_pages_noprof+0x131/0x390 [ 478.315465][T11673] pte_alloc_one+0x1c/0x3a0 [ 478.315491][T11673] do_pte_missing+0x1afc/0x3ba0 [ 478.315516][T11673] ? do_raw_spin_unlock+0x172/0x230 [ 478.315551][T11673] ? __pmd_alloc+0x3fb/0x930 [ 478.315587][T11673] __handle_mm_fault+0x152a/0x2a50 [ 478.315622][T11673] ? __pfx___handle_mm_fault+0x10/0x10 [ 478.315682][T11673] handle_mm_fault+0x589/0xd10 [ 478.315714][T11673] __get_user_pages+0x551/0x34a0 [ 478.315766][T11673] ? __pfx___get_user_pages+0x10/0x10 [ 478.315810][T11673] populate_vma_page_range+0x267/0x3f0 [ 478.315847][T11673] ? __pfx_populate_vma_page_range+0x10/0x10 [ 478.315879][T11673] ? __pfx_find_vma_intersection+0x10/0x10 [ 478.315913][T11673] ? do_mmap+0x69c/0x1210 [ 478.315947][T11673] __mm_populate+0x1d8/0x380 [ 478.315980][T11673] ? __pfx___mm_populate+0x10/0x10 [ 478.316017][T11673] ? up_write+0x1b2/0x520 [ 478.316052][T11673] vm_mmap_pgoff+0x37f/0x470 [ 478.316088][T11673] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 478.316126][T11673] ? __fget_files+0x20e/0x3c0 [ 478.316158][T11673] ksys_mmap_pgoff+0x32c/0x5c0 [ 478.316188][T11673] ? __pfx_ksys_write+0x10/0x10 [ 478.316218][T11673] __x64_sys_mmap+0x125/0x190 [ 478.316256][T11673] do_syscall_64+0xcd/0x490 [ 478.316293][T11673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.316318][T11673] RIP: 0033:0x7fc5e798eb69 [ 478.316337][T11673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.316359][T11673] RSP: 002b:00007fc5e8855038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 478.316381][T11673] RAX: ffffffffffffffda RBX: 00007fc5e7bb5fa0 RCX: 00007fc5e798eb69 [ 478.316398][T11673] RDX: 0001000000000001 RSI: 000000000000580f RDI: 0000000000000000 [ 478.316413][T11673] RBP: 00007fc5e8855090 R08: 0000000000000003 R09: 0000000000000000 [ 478.316428][T11673] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000001 [ 478.316442][T11673] R13: 0000000000000000 R14: 00007fc5e7bb5fa0 R15: 00007ffc8dacf998 [ 478.316476][T11673] [ 480.988924][T11711] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 483.386393][T11742] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1226'. [ 483.598460][ T30] audit: type=1804 audit(6049152907.592:96): pid=11738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1225" name="/newroot/333/file0" dev="tmpfs" ino=1736 res=1 errno=0 [ 484.386652][T11752] __vm_enough_memory: pid: 11752, comm: syz.3.1229, bytes: 4398046511104 not enough memory for the allocation [ 486.018140][T11778] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.976749][T11806] FAULT_INJECTION: forcing a failure. [ 486.976749][T11806] name failslab, interval 1, probability 0, space 0, times 0 [ 487.029359][T11806] CPU: 0 UID: 0 PID: 11806 Comm: syz.4.1242 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 487.029400][T11806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 487.029414][T11806] Call Trace: [ 487.029423][T11806] [ 487.029432][T11806] dump_stack_lvl+0x16c/0x1f0 [ 487.029477][T11806] should_fail_ex+0x512/0x640 [ 487.029500][T11806] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 487.029531][T11806] should_failslab+0xc2/0x120 [ 487.029562][T11806] __kmalloc_cache_noprof+0x6a/0x3e0 [ 487.029589][T11806] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 487.029631][T11806] drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 487.029668][T11806] drm_atomic_get_connector_state+0x388/0x740 [ 487.029708][T11806] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 487.029743][T11806] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 487.029773][T11806] ? ww_mutex_lock+0x37/0x160 [ 487.029804][T11806] ? modeset_lock+0x114/0x6e0 [ 487.029836][T11806] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 487.029876][T11806] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 487.029925][T11806] ? drm_client_rotation+0x4da/0x6a0 [ 487.029965][T11806] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 487.030013][T11806] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 487.030050][T11806] ? rcu_is_watching+0x12/0xc0 [ 487.030111][T11806] drm_client_modeset_commit_locked+0x14d/0x580 [ 487.030149][T11806] drm_client_modeset_commit+0x4f/0x80 [ 487.030183][T11806] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 487.030215][T11806] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 487.030242][T11806] drm_fbdev_client_restore+0x2c/0x40 [ 487.030267][T11806] drm_client_dev_restore+0x1f3/0x2a0 [ 487.030302][T11806] drm_release+0x2c4/0x360 [ 487.030334][T11806] ? __pfx_drm_release+0x10/0x10 [ 487.030361][T11806] __fput+0x3ff/0xb70 [ 487.030405][T11806] task_work_run+0x14d/0x240 [ 487.030443][T11806] ? __pfx_task_work_run+0x10/0x10 [ 487.030478][T11806] ? __pfx___do_sys_close_range+0x10/0x10 [ 487.030518][T11806] exit_to_user_mode_loop+0xeb/0x110 [ 487.030555][T11806] do_syscall_64+0x3f6/0x490 [ 487.030594][T11806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.030621][T11806] RIP: 0033:0x7fc5e798eb69 [ 487.030642][T11806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.030667][T11806] RSP: 002b:00007fc5e8834038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 487.030691][T11806] RAX: 0000000000000000 RBX: 00007fc5e7bb6080 RCX: 00007fc5e798eb69 [ 487.030708][T11806] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 487.030723][T11806] RBP: 00007fc5e7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 487.030740][T11806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.030755][T11806] R13: 0000000000000000 R14: 00007fc5e7bb6080 R15: 00007ffc8dacf998 [ 487.030793][T11806] [ 487.368598][ T30] audit: type=1804 audit(6049152911.342:97): pid=11808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1243" name="/newroot/321/file0" dev="tmpfs" ino=1679 res=1 errno=0 [ 487.389921][ C1] vkms_vblank_simulate: vblank timer overrun [ 488.013278][T11820] net_ratelimit: 19 callbacks suppressed [ 488.013299][T11820] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 488.292428][T11828] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1248'. [ 488.790293][T11837] FAULT_INJECTION: forcing a failure. [ 488.790293][T11837] name failslab, interval 1, probability 0, space 0, times 0 [ 488.927380][T11837] CPU: 0 UID: 0 PID: 11837 Comm: syz.2.1250 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 488.927414][T11837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 488.927422][T11837] Call Trace: [ 488.927428][T11837] [ 488.927433][T11837] dump_stack_lvl+0x16c/0x1f0 [ 488.927458][T11837] should_fail_ex+0x512/0x640 [ 488.927472][T11837] ? fs_reclaim_acquire+0xae/0x150 [ 488.927494][T11837] ? tomoyo_encode2+0x100/0x3e0 [ 488.927509][T11837] should_failslab+0xc2/0x120 [ 488.927527][T11837] __kmalloc_noprof+0xd2/0x510 [ 488.927547][T11837] tomoyo_encode2+0x100/0x3e0 [ 488.927565][T11837] tomoyo_encode+0x29/0x50 [ 488.927580][T11837] tomoyo_realpath_from_path+0x18f/0x6e0 [ 488.927603][T11837] tomoyo_check_open_permission+0x2ab/0x3c0 [ 488.927617][T11837] ? __d_add+0x403/0xa50 [ 488.927634][T11837] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 488.927667][T11837] ? do_raw_spin_lock+0x12c/0x2b0 [ 488.927693][T11837] tomoyo_file_open+0x6b/0x90 [ 488.927713][T11837] security_file_open+0x84/0x1e0 [ 488.927729][T11837] do_dentry_open+0x596/0x1530 [ 488.927752][T11837] vfs_open+0x82/0x3f0 [ 488.927773][T11837] path_openat+0x1de4/0x2cb0 [ 488.927796][T11837] ? __pfx_path_openat+0x10/0x10 [ 488.927816][T11837] do_filp_open+0x20b/0x470 [ 488.927832][T11837] ? __pfx_do_filp_open+0x10/0x10 [ 488.927854][T11837] ? __pfx_kfree_link+0x10/0x10 [ 488.927880][T11837] ? alloc_fd+0x471/0x7d0 [ 488.927899][T11837] do_sys_openat2+0x11b/0x1d0 [ 488.927918][T11837] ? __pfx_do_sys_openat2+0x10/0x10 [ 488.927940][T11837] ? __fget_files+0x20e/0x3c0 [ 488.927957][T11837] __x64_sys_openat+0x174/0x210 [ 488.927977][T11837] ? __pfx___x64_sys_openat+0x10/0x10 [ 488.927996][T11837] ? ksys_write+0x1ac/0x250 [ 488.928018][T11837] do_syscall_64+0xcd/0x490 [ 488.928039][T11837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.928053][T11837] RIP: 0033:0x7f95d2d8eb69 [ 488.928065][T11837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.928078][T11837] RSP: 002b:00007f95d3b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 488.928091][T11837] RAX: ffffffffffffffda RBX: 00007f95d2fb5fa0 RCX: 00007f95d2d8eb69 [ 488.928100][T11837] RDX: 0000000000000000 RSI: 0000200000001480 RDI: ffffffffffffff9c [ 488.928109][T11837] RBP: 00007f95d3b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 488.928117][T11837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 488.928125][T11837] R13: 0000000000000001 R14: 00007f95d2fb5fa0 R15: 00007fff27cff438 [ 488.928143][T11837] [ 488.928172][T11837] ERROR: Out of memory at tomoyo_realpath_from_path. [ 490.358973][ T30] audit: type=1804 audit(6049152914.352:98): pid=11864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1255" name="/newroot/131/file0" dev="tmpfs" ino=697 res=1 errno=0 [ 490.386289][T11863] FAULT_INJECTION: forcing a failure. [ 490.386289][T11863] name failslab, interval 1, probability 0, space 0, times 0 [ 490.489184][T11863] CPU: 0 UID: 0 PID: 11863 Comm: syz.0.1256 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 490.489231][T11863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 490.489246][T11863] Call Trace: [ 490.489254][T11863] [ 490.489264][T11863] dump_stack_lvl+0x16c/0x1f0 [ 490.489305][T11863] should_fail_ex+0x512/0x640 [ 490.489330][T11863] ? __kmalloc_noprof+0xbf/0x510 [ 490.489361][T11863] ? vkms_crtc_atomic_check+0x3c5/0x880 [ 490.489394][T11863] should_failslab+0xc2/0x120 [ 490.489426][T11863] __kmalloc_noprof+0xd2/0x510 [ 490.489453][T11863] ? drm_atomic_add_affected_planes+0x32b/0x3f0 [ 490.489494][T11863] vkms_crtc_atomic_check+0x3c5/0x880 [ 490.489535][T11863] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 490.489565][T11863] drm_atomic_helper_check_planes+0x4dd/0x900 [ 490.489605][T11863] drm_atomic_helper_check+0xae/0x190 [ 490.489636][T11863] vkms_atomic_check+0x1d9/0x250 [ 490.489663][T11863] ? __pfx_vkms_atomic_check+0x10/0x10 [ 490.489692][T11863] drm_atomic_check_only+0x19c7/0x3130 [ 490.489741][T11863] drm_atomic_commit+0x136/0x300 [ 490.489770][T11863] ? __pfx_drm_atomic_commit+0x10/0x10 [ 490.489800][T11863] ? __pfx___drm_printfn_info+0x10/0x10 [ 490.489843][T11863] ? drm_client_rotation+0x4da/0x6a0 [ 490.489880][T11863] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 490.489925][T11863] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 490.489959][T11863] ? rcu_is_watching+0x12/0xc0 [ 490.490022][T11863] drm_client_modeset_commit_locked+0x14d/0x580 [ 490.490061][T11863] drm_client_modeset_commit+0x4f/0x80 [ 490.490094][T11863] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 490.490128][T11863] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 490.490155][T11863] drm_fbdev_client_restore+0x2c/0x40 [ 490.490180][T11863] drm_client_dev_restore+0x1f3/0x2a0 [ 490.490227][T11863] drm_release+0x2c4/0x360 [ 490.490262][T11863] ? __pfx_drm_release+0x10/0x10 [ 490.490290][T11863] __fput+0x3ff/0xb70 [ 490.490333][T11863] task_work_run+0x14d/0x240 [ 490.490370][T11863] ? __pfx_task_work_run+0x10/0x10 [ 490.490413][T11863] ? __pfx___do_sys_close_range+0x10/0x10 [ 490.490453][T11863] exit_to_user_mode_loop+0xeb/0x110 [ 490.490490][T11863] do_syscall_64+0x3f6/0x490 [ 490.490529][T11863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.490557][T11863] RIP: 0033:0x7ff8f0f8eb69 [ 490.490577][T11863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.490602][T11863] RSP: 002b:00007ff8f1d97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 490.490624][T11863] RAX: 0000000000000000 RBX: 00007ff8f11b6080 RCX: 00007ff8f0f8eb69 [ 490.490639][T11863] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 490.490652][T11863] RBP: 00007ff8f1011df1 R08: 0000000000000000 R09: 0000000000000000 [ 490.490666][T11863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.490680][T11863] R13: 0000000000000000 R14: 00007ff8f11b6080 R15: 00007ffcc78f4ed8 [ 490.490714][T11863] [ 491.486987][T11874] FAULT_INJECTION: forcing a failure. [ 491.486987][T11874] name failslab, interval 1, probability 0, space 0, times 0 [ 491.538662][T11874] CPU: 0 UID: 0 PID: 11874 Comm: syz.0.1259 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 491.538702][T11874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 491.538717][T11874] Call Trace: [ 491.538726][T11874] [ 491.538736][T11874] dump_stack_lvl+0x16c/0x1f0 [ 491.538780][T11874] should_fail_ex+0x512/0x640 [ 491.538805][T11874] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 491.538840][T11874] should_failslab+0xc2/0x120 [ 491.538873][T11874] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 491.538905][T11874] ? __alloc_skb+0x2b2/0x380 [ 491.538953][T11874] __alloc_skb+0x2b2/0x380 [ 491.538988][T11874] ? __pfx___alloc_skb+0x10/0x10 [ 491.539019][T11874] ? __pfx_rtnl_newlink+0x10/0x10 [ 491.539057][T11874] netlink_ack+0x15d/0xb80 [ 491.539106][T11874] netlink_rcv_skb+0x332/0x420 [ 491.539143][T11874] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 491.539170][T11874] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 491.539221][T11874] ? netlink_deliver_tap+0x1ae/0xd30 [ 491.539265][T11874] netlink_unicast+0x5a7/0x870 [ 491.539307][T11874] ? __pfx_netlink_unicast+0x10/0x10 [ 491.539345][T11874] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 491.539391][T11874] netlink_sendmsg+0x8d1/0xdd0 [ 491.539448][T11874] ? __pfx_netlink_sendmsg+0x10/0x10 [ 491.539503][T11874] __sys_sendto+0x4a3/0x520 [ 491.539540][T11874] ? __pfx___sys_sendto+0x10/0x10 [ 491.539607][T11874] ? xfd_validate_state+0x61/0x180 [ 491.539642][T11874] ? __pfx_do_writev+0x10/0x10 [ 491.539675][T11874] __x64_sys_sendto+0xe0/0x1c0 [ 491.539707][T11874] ? do_syscall_64+0x91/0x490 [ 491.539744][T11874] ? lockdep_hardirqs_on+0x7c/0x110 [ 491.539779][T11874] do_syscall_64+0xcd/0x490 [ 491.539818][T11874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.539844][T11874] RIP: 0033:0x7ff8f0f909fc [ 491.539866][T11874] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 491.539891][T11874] RSP: 002b:00007ff8f1db6ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 491.539917][T11874] RAX: ffffffffffffffda RBX: 00007ff8f1db6fc0 RCX: 00007ff8f0f909fc [ 491.539934][T11874] RDX: 000000000000001c RSI: 00007ff8f1db7010 RDI: 0000000000000004 [ 491.539951][T11874] RBP: 0000000000000000 R08: 00007ff8f1db6f14 R09: 000000000000000c [ 491.539967][T11874] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 491.539982][T11874] R13: 00007ff8f1db6f68 R14: 00007ff8f1db7010 R15: 0000000000000000 [ 491.540017][T11874] [ 493.363065][T11903] openvswitch: HfR: Dropping previously announced user features [ 493.374858][T11903] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1267'. [ 493.397904][ T30] audit: type=1804 audit(6049152917.372:99): pid=11905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1266" name="/newroot/326/file0" dev="tmpfs" ino=1705 res=1 errno=0 [ 493.438800][T11903] HfR: left promiscuous mode [ 494.729926][T11931] FAULT_INJECTION: forcing a failure. [ 494.729926][T11931] name failslab, interval 1, probability 0, space 0, times 0 [ 494.811870][T11931] CPU: 1 UID: 0 PID: 11931 Comm: syz.3.1276 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 494.811908][T11931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 494.811923][T11931] Call Trace: [ 494.811931][T11931] [ 494.811940][T11931] dump_stack_lvl+0x16c/0x1f0 [ 494.811981][T11931] should_fail_ex+0x512/0x640 [ 494.812004][T11931] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 494.812033][T11931] should_failslab+0xc2/0x120 [ 494.812063][T11931] __kmalloc_cache_noprof+0x6a/0x3e0 [ 494.812088][T11931] ? cgroup_show_path+0xb2/0x740 [ 494.812115][T11931] ? __pfx_cgroup_show_path+0x10/0x10 [ 494.812140][T11931] cgroup_show_path+0xb2/0x740 [ 494.812168][T11931] ? __pfx_cgroup_show_path+0x10/0x10 [ 494.812191][T11931] kernfs_sop_show_path+0xe9/0x160 [ 494.812218][T11931] ? __pfx_kernfs_sop_show_path+0x10/0x10 [ 494.812244][T11931] show_path+0x9e/0x100 [ 494.812275][T11931] show_mountinfo+0x1d8/0x820 [ 494.812296][T11931] ? trace_kmalloc+0x2b/0xd0 [ 494.812327][T11931] ? __pfx_show_mountinfo+0x10/0x10 [ 494.812360][T11931] ? ww_mutex_lock+0x90/0x160 [ 494.812404][T11931] traverse.part.0.constprop.0+0x107/0x640 [ 494.812442][T11931] seq_read_iter+0x932/0x12c0 [ 494.812468][T11931] ? trace_kmalloc+0x2b/0xd0 [ 494.812510][T11931] copy_splice_read+0x615/0xba0 [ 494.812544][T11931] ? __pfx_copy_splice_read+0x10/0x10 [ 494.812566][T11931] ? look_up_lock_class+0x59/0x150 [ 494.812605][T11931] ? lockdep_init_map_type+0x5c/0x280 [ 494.812639][T11931] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 494.812669][T11931] ? __pfx_copy_splice_read+0x10/0x10 [ 494.812692][T11931] do_splice_read+0x285/0x370 [ 494.812721][T11931] splice_direct_to_actor+0x2a1/0xa30 [ 494.812749][T11931] ? __pfx_direct_splice_actor+0x10/0x10 [ 494.812782][T11931] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 494.812805][T11931] ? get_pid_task+0xfc/0x250 [ 494.812853][T11931] do_splice_direct+0x174/0x240 [ 494.812882][T11931] ? __pfx_do_splice_direct+0x10/0x10 [ 494.812908][T11931] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 494.812952][T11931] ? rw_verify_area+0xcf/0x6c0 [ 494.812980][T11931] do_sendfile+0xb06/0xe50 [ 494.813013][T11931] ? __pfx_do_sendfile+0x10/0x10 [ 494.813053][T11931] __x64_sys_sendfile64+0x154/0x220 [ 494.813086][T11931] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 494.813128][T11931] do_syscall_64+0xcd/0x490 [ 494.813165][T11931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.813190][T11931] RIP: 0033:0x7f70cfb8eb69 [ 494.813209][T11931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 494.813232][T11931] RSP: 002b:00007f70d09b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 494.813255][T11931] RAX: ffffffffffffffda RBX: 00007f70cfdb5fa0 RCX: 00007f70cfb8eb69 [ 494.813271][T11931] RDX: 0000200000000040 RSI: 0000000000000003 RDI: 0000000000000003 [ 494.813286][T11931] RBP: 00007f70d09b8090 R08: 0000000000000000 R09: 0000000000000000 [ 494.813301][T11931] R10: 000000000000788b R11: 0000000000000246 R12: 0000000000000001 [ 494.813315][T11931] R13: 0000000000000000 R14: 00007f70cfdb5fa0 R15: 00007ffca29cd0c8 [ 494.813351][T11931] [ 498.247245][T11985] tipc: Started in network mode [ 498.264609][T11985] tipc: Node identity ee00, cluster identity 4711 [ 498.309772][T11985] tipc: Node number set to 60928 [ 499.865483][T12026] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1296'. [ 501.517663][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.524533][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.739254][ T30] audit: type=1804 audit(6049152925.712:100): pid=12055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1302" name="/newroot/147/file0" dev="tmpfs" ino=778 res=1 errno=0 [ 503.492582][T12087] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1310'. [ 507.048638][ T30] audit: type=1804 audit(6049152931.042:101): pid=12143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1317" name="/newroot/151/file0" dev="tmpfs" ino=799 res=1 errno=0 [ 507.069961][ C1] vkms_vblank_simulate: vblank timer overrun [ 512.430577][T12228] FAULT_INJECTION: forcing a failure. [ 512.430577][T12228] name failslab, interval 1, probability 0, space 0, times 0 [ 512.458168][T12228] CPU: 0 UID: 0 PID: 12228 Comm: syz.0.1341 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 512.458191][T12228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 512.458201][T12228] Call Trace: [ 512.458206][T12228] [ 512.458212][T12228] dump_stack_lvl+0x16c/0x1f0 [ 512.458240][T12228] should_fail_ex+0x512/0x640 [ 512.458254][T12228] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 512.458272][T12228] should_failslab+0xc2/0x120 [ 512.458292][T12228] __kmalloc_cache_noprof+0x6a/0x3e0 [ 512.458306][T12228] ? ww_mutex_lock+0x37/0x160 [ 512.458327][T12228] ? vkms_plane_duplicate_state+0x45/0x130 [ 512.458344][T12228] ? modeset_lock+0x114/0x6e0 [ 512.458366][T12228] vkms_plane_duplicate_state+0x45/0x130 [ 512.458385][T12228] drm_atomic_get_plane_state+0x20b/0x590 [ 512.458406][T12228] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 512.458426][T12228] ? __pfx___might_resched+0x10/0x10 [ 512.458446][T12228] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 512.458465][T12228] ? __mutex_lock+0x1c4/0x10b0 [ 512.458484][T12228] ? rcu_is_watching+0x12/0xc0 [ 512.458518][T12228] drm_client_modeset_commit_locked+0x14d/0x580 [ 512.458541][T12228] drm_client_modeset_commit+0x4f/0x80 [ 512.458561][T12228] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 512.458581][T12228] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 512.458596][T12228] drm_fbdev_client_restore+0x2c/0x40 [ 512.458610][T12228] drm_client_dev_restore+0x1f3/0x2a0 [ 512.458641][T12228] drm_release+0x2c4/0x360 [ 512.458672][T12228] ? __pfx_drm_release+0x10/0x10 [ 512.458697][T12228] __fput+0x3ff/0xb70 [ 512.458737][T12228] task_work_run+0x14d/0x240 [ 512.458764][T12228] ? __pfx_task_work_run+0x10/0x10 [ 512.458785][T12228] ? __pfx___do_sys_close_range+0x10/0x10 [ 512.458806][T12228] exit_to_user_mode_loop+0xeb/0x110 [ 512.458827][T12228] do_syscall_64+0x3f6/0x490 [ 512.458850][T12228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.458865][T12228] RIP: 0033:0x7ff8f0f8eb69 [ 512.458877][T12228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.458892][T12228] RSP: 002b:00007ff8f1d97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 512.458906][T12228] RAX: 0000000000000000 RBX: 00007ff8f11b6080 RCX: 00007ff8f0f8eb69 [ 512.458915][T12228] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 512.458923][T12228] RBP: 00007ff8f1011df1 R08: 0000000000000000 R09: 0000000000000000 [ 512.458931][T12228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 512.458940][T12228] R13: 0000000000000000 R14: 00007ff8f11b6080 R15: 00007ffcc78f4ed8 [ 512.458960][T12228] [ 513.298203][ T5874] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 514.786669][T12242] aoe: could not set interface list: too many interfaces [ 516.100307][T12257] aoe: could not set interface list: too many interfaces [ 517.592843][T12282] aoe: could not set interface list: too many interfaces [ 519.704752][T12304] aoe: could not set interface list: too many interfaces [ 520.639431][T12323] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1351'. [ 524.011355][T12369] FAULT_INJECTION: forcing a failure. [ 524.011355][T12369] name failslab, interval 1, probability 0, space 0, times 0 [ 524.242070][T12369] CPU: 0 UID: 0 PID: 12369 Comm: syz.3.1361 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 524.242109][T12369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 524.242122][T12369] Call Trace: [ 524.242129][T12369] [ 524.242138][T12369] dump_stack_lvl+0x16c/0x1f0 [ 524.242180][T12369] should_fail_ex+0x512/0x640 [ 524.242203][T12369] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 524.242240][T12369] should_failslab+0xc2/0x120 [ 524.242275][T12369] __kmalloc_cache_noprof+0x6a/0x3e0 [ 524.242303][T12369] ? vkms_plane_duplicate_state+0x87/0x130 [ 524.242333][T12369] ? kasan_save_track+0x14/0x30 [ 524.242365][T12369] vkms_plane_duplicate_state+0x87/0x130 [ 524.242395][T12369] drm_atomic_get_plane_state+0x20b/0x590 [ 524.242427][T12369] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 524.242460][T12369] ? __pfx___might_resched+0x10/0x10 [ 524.242497][T12369] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 524.242525][T12369] ? __mutex_lock+0x1c4/0x10b0 [ 524.242554][T12369] ? rcu_is_watching+0x12/0xc0 [ 524.242613][T12369] drm_client_modeset_commit_locked+0x14d/0x580 [ 524.242648][T12369] drm_client_modeset_commit+0x4f/0x80 [ 524.242679][T12369] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 524.242714][T12369] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 524.242741][T12369] drm_fbdev_client_restore+0x2c/0x40 [ 524.242765][T12369] drm_client_dev_restore+0x1f3/0x2a0 [ 524.242802][T12369] drm_release+0x2c4/0x360 [ 524.242833][T12369] ? __pfx_drm_release+0x10/0x10 [ 524.242860][T12369] __fput+0x3ff/0xb70 [ 524.242904][T12369] task_work_run+0x14d/0x240 [ 524.242943][T12369] ? __pfx_task_work_run+0x10/0x10 [ 524.242979][T12369] ? __pfx___do_sys_close_range+0x10/0x10 [ 524.243017][T12369] exit_to_user_mode_loop+0xeb/0x110 [ 524.243055][T12369] do_syscall_64+0x3f6/0x490 [ 524.243093][T12369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.243119][T12369] RIP: 0033:0x7f70cfb8eb69 [ 524.243138][T12369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.243159][T12369] RSP: 002b:00007f70d0997038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 524.243184][T12369] RAX: 0000000000000000 RBX: 00007f70cfdb6080 RCX: 00007f70cfb8eb69 [ 524.243201][T12369] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 524.243215][T12369] RBP: 00007f70cfc11df1 R08: 0000000000000000 R09: 0000000000000000 [ 524.243246][T12369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 524.243262][T12369] R13: 0000000000000000 R14: 00007f70cfdb6080 R15: 00007ffca29cd0c8 [ 524.243301][T12369] [ 525.106481][T12376] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1363'. [ 525.189069][T12376] netlink: 'syz.0.1363': attribute type 3 has an invalid length. [ 525.217809][T12376] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1363'. [ 525.548281][T12374] netlink: 'syz.4.1364': attribute type 4 has an invalid length. [ 525.556799][T12374] netlink: 'syz.4.1364': attribute type 5 has an invalid length. [ 525.637419][T12374] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1364'. [ 527.388321][T12413] random: crng reseeded on system resumption [ 527.610357][T12417] FAULT_INJECTION: forcing a failure. [ 527.610357][T12417] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 527.703336][T12417] CPU: 0 UID: 0 PID: 12417 Comm: syz.2.1376 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 527.703370][T12417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 527.703383][T12417] Call Trace: [ 527.703392][T12417] [ 527.703400][T12417] dump_stack_lvl+0x16c/0x1f0 [ 527.703453][T12417] should_fail_ex+0x512/0x640 [ 527.703480][T12417] should_fail_alloc_page+0xe7/0x130 [ 527.703511][T12417] prepare_alloc_pages+0x3c2/0x610 [ 527.703546][T12417] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 527.703575][T12417] ? rcu_is_watching+0x12/0xc0 [ 527.703597][T12417] ? trace_kmem_cache_alloc+0x28/0xc0 [ 527.703628][T12417] ? __lock_acquire+0xb97/0x1ce0 [ 527.703652][T12417] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 527.703675][T12417] ? mas_destroy+0x5de/0xa20 [ 527.703699][T12417] ? perf_event_mmap+0xbb/0xd40 [ 527.703734][T12417] ? __pfx_perf_event_mmap+0x10/0x10 [ 527.703767][T12417] ? uprobe_mmap+0x133/0x10e0 [ 527.703795][T12417] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 527.703832][T12417] ? policy_nodemask+0xea/0x4e0 [ 527.703873][T12417] alloc_pages_mpol+0x1fb/0x550 [ 527.703905][T12417] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 527.703946][T12417] alloc_pages_noprof+0x131/0x390 [ 527.703978][T12417] __pmd_alloc+0x3b/0x930 [ 527.704010][T12417] ? find_held_lock+0x2b/0x80 [ 527.704035][T12417] __handle_mm_fault+0xa06/0x2a50 [ 527.704071][T12417] ? __pfx___handle_mm_fault+0x10/0x10 [ 527.704128][T12417] handle_mm_fault+0x589/0xd10 [ 527.704161][T12417] __get_user_pages+0x551/0x34a0 [ 527.704210][T12417] ? __pfx___get_user_pages+0x10/0x10 [ 527.704255][T12417] populate_vma_page_range+0x267/0x3f0 [ 527.704293][T12417] ? __pfx_populate_vma_page_range+0x10/0x10 [ 527.704327][T12417] ? __pfx_find_vma_intersection+0x10/0x10 [ 527.704361][T12417] ? do_mmap+0x69c/0x1210 [ 527.704408][T12417] __mm_populate+0x1d8/0x380 [ 527.704444][T12417] ? __pfx___mm_populate+0x10/0x10 [ 527.704481][T12417] ? up_write+0x1b2/0x520 [ 527.704518][T12417] vm_mmap_pgoff+0x37f/0x470 [ 527.704554][T12417] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 527.704593][T12417] ? __fget_files+0x20e/0x3c0 [ 527.704626][T12417] ksys_mmap_pgoff+0x32c/0x5c0 [ 527.704657][T12417] ? __pfx_ksys_write+0x10/0x10 [ 527.704688][T12417] __x64_sys_mmap+0x125/0x190 [ 527.704728][T12417] do_syscall_64+0xcd/0x490 [ 527.704765][T12417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.704790][T12417] RIP: 0033:0x7f95d2d8eb69 [ 527.704810][T12417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.704832][T12417] RSP: 002b:00007f95d3b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 527.704863][T12417] RAX: ffffffffffffffda RBX: 00007f95d2fb5fa0 RCX: 00007f95d2d8eb69 [ 527.704878][T12417] RDX: 0001000000000001 RSI: 000000000000580f RDI: 0000000000000000 [ 527.704892][T12417] RBP: 00007f95d3b4a090 R08: 0000000000000003 R09: 0000000000000000 [ 527.704907][T12417] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000001 [ 527.704922][T12417] R13: 0000000000000000 R14: 00007f95d2fb5fa0 R15: 00007fff27cff438 [ 527.704957][T12417] [ 529.469422][ T30] audit: type=1804 audit(6049152953.452:102): pid=12439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1381" name="/newroot/366/file0" dev="tmpfs" ino=1908 res=1 errno=0 [ 530.069491][T12448] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1384'. [ 530.087254][T12449] vivid-003: ================= START STATUS ================= [ 530.113488][T12448] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1384'. [ 530.134410][T12449] vivid-003: Radio HW Seek Mode: Bounded [ 530.160185][T12449] vivid-003: Radio Programmable HW Seek: false [ 530.179365][T12449] vivid-003: RDS Rx I/O Mode: Block I/O [ 530.191288][T12449] vivid-003: Generate RBDS Instead of RDS: false [ 530.213331][T12449] vivid-003: RDS Reception: true [ 530.239088][T12449] vivid-003: RDS Program Type: 0 inactive [ 530.246371][T12449] vivid-003: RDS PS Name: inactive [ 530.251801][T12449] vivid-003: RDS Radio Text: inactive [ 530.279860][T12449] vivid-003: RDS Traffic Announcement: false inactive [ 530.347596][T12449] vivid-003: RDS Traffic Program: false inactive [ 530.354001][T12449] vivid-003: RDS Music: false inactive [ 530.377742][T12449] vivid-003: ================== END STATUS ================== [ 532.313001][T12478] aoe: could not set interface list: too many interfaces [ 536.889819][T12528] aoe: could not set interface list: too many interfaces [ 537.254215][T12541] netlink: 302 bytes leftover after parsing attributes in process `syz.0.1407'. [ 537.344477][ T30] audit: type=1804 audit(6049152961.332:103): pid=12536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1404" name="/newroot/357/file0" dev="tmpfs" ino=1867 res=1 errno=0 [ 537.907445][T12558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1411'. [ 538.017939][T12561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1411'. [ 538.965008][T12569] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1414'. [ 539.654680][T12575] openvswitch: netlink: Key type 56 is out of range max 32 [ 540.054068][T12579] aoe: could not set interface list: too many interfaces [ 540.172259][ T30] audit: type=1800 audit(6049152964.132:104): pid=12584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1420" name="features" dev="configfs" ino=35824 res=0 errno=0 [ 540.464197][T12587] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1417'. [ 541.142188][T12603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1424'. [ 541.490351][T12605] FAULT_INJECTION: forcing a failure. [ 541.490351][T12605] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 541.566226][T12605] CPU: 0 UID: 0 PID: 12605 Comm: syz.2.1425 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 541.566260][T12605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 541.566272][T12605] Call Trace: [ 541.566279][T12605] [ 541.566288][T12605] dump_stack_lvl+0x16c/0x1f0 [ 541.566336][T12605] should_fail_ex+0x512/0x640 [ 541.566368][T12605] should_fail_alloc_page+0xe7/0x130 [ 541.566398][T12605] prepare_alloc_pages+0x3c2/0x610 [ 541.566433][T12605] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 541.566460][T12605] ? __lock_acquire+0x62e/0x1ce0 [ 541.566488][T12605] ? __lock_acquire+0x62e/0x1ce0 [ 541.566522][T12605] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 541.566565][T12605] ? find_held_lock+0x2b/0x80 [ 541.566587][T12605] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 541.566620][T12605] ? policy_nodemask+0xea/0x4e0 [ 541.566651][T12605] alloc_pages_mpol+0x1fb/0x550 [ 541.566682][T12605] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 541.566718][T12605] folio_alloc_mpol_noprof+0x36/0x2f0 [ 541.566753][T12605] shmem_alloc_folio+0x135/0x160 [ 541.566789][T12605] shmem_alloc_and_add_folio+0x499/0xc20 [ 541.566823][T12605] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 541.566852][T12605] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 541.566885][T12605] shmem_get_folio_gfp+0x67f/0x1600 [ 541.566918][T12605] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 541.566947][T12605] ? filemap_map_pages+0xf58/0x1670 [ 541.566978][T12605] shmem_fault+0x1fe/0xa30 [ 541.567008][T12605] ? __pfx_shmem_fault+0x10/0x10 [ 541.567037][T12605] ? rcu_is_watching+0x12/0xc0 [ 541.567062][T12605] ? __pfx_filemap_map_pages+0x10/0x10 [ 541.567100][T12605] ? __pfx_filemap_map_pages+0x10/0x10 [ 541.567125][T12605] __do_fault+0x10a/0x490 [ 541.567155][T12605] ? __pfx_filemap_map_pages+0x10/0x10 [ 541.567180][T12605] do_pte_missing+0xf50/0x3ba0 [ 541.567204][T12605] ? do_raw_spin_unlock+0x172/0x230 [ 541.567240][T12605] ? __pmd_alloc+0x3fb/0x930 [ 541.567276][T12605] __handle_mm_fault+0x152a/0x2a50 [ 541.567313][T12605] ? mt_find+0x3ef/0xa30 [ 541.567338][T12605] ? __pfx___handle_mm_fault+0x10/0x10 [ 541.567359][T12605] ? __pfx_mt_find+0x10/0x10 [ 541.567404][T12605] ? find_vma+0xbf/0x140 [ 541.567431][T12605] ? __pfx_find_vma+0x10/0x10 [ 541.567465][T12605] handle_mm_fault+0x589/0xd10 [ 541.567491][T12605] ? __pkru_allows_pkey+0x51/0xb0 [ 541.567527][T12605] do_user_addr_fault+0x7a6/0x1370 [ 541.567564][T12605] ? rcu_is_watching+0x12/0xc0 [ 541.567591][T12605] exc_page_fault+0x5c/0xb0 [ 541.567625][T12605] asm_exc_page_fault+0x26/0x30 [ 541.567648][T12605] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 541.567677][T12605] Code: c4 10 e9 84 22 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 22 04 00 66 66 [ 541.567699][T12605] RSP: 0018:ffffc900191179d0 EFLAGS: 00050202 [ 541.567719][T12605] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007 [ 541.567734][T12605] RDX: fffff52003222f4c RSI: 0000000000000000 RDI: ffffc90019117a58 [ 541.567749][T12605] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52003222f4b [ 541.567764][T12605] R10: ffffc90019117a5e R11: 0000000000000000 R12: 0000000000000000 [ 541.567779][T12605] R13: ffffc90019117a58 R14: 1ffff92003222f45 R15: ffffc90019117d8c [ 541.567814][T12605] _copy_from_user+0x98/0xd0 [ 541.567843][T12605] ____sys_sendmsg+0x607/0xc70 [ 541.567874][T12605] ? __pfx_____sys_sendmsg+0x10/0x10 [ 541.567907][T12605] ? __pfx__kstrtoull+0x10/0x10 [ 541.567947][T12605] ___sys_sendmsg+0x134/0x1d0 [ 541.567983][T12605] ? __pfx____sys_sendmsg+0x10/0x10 [ 541.568035][T12605] ? find_held_lock+0x2b/0x80 [ 541.568083][T12605] __sys_sendmmsg+0x200/0x420 [ 541.568121][T12605] ? __pfx___sys_sendmmsg+0x10/0x10 [ 541.568167][T12605] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 541.568216][T12605] ? fput+0x9b/0xd0 [ 541.568247][T12605] ? ksys_write+0x1ac/0x250 [ 541.568272][T12605] ? __pfx_ksys_write+0x10/0x10 [ 541.568311][T12605] __x64_sys_sendmmsg+0x9c/0x100 [ 541.568344][T12605] ? lockdep_hardirqs_on+0x7c/0x110 [ 541.568376][T12605] do_syscall_64+0xcd/0x490 [ 541.568412][T12605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.568435][T12605] RIP: 0033:0x7f95d2d8eb69 [ 541.568453][T12605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.568475][T12605] RSP: 002b:00007f95d3b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 541.568497][T12605] RAX: ffffffffffffffda RBX: 00007f95d2fb5fa0 RCX: 00007f95d2d8eb69 [ 541.568513][T12605] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 541.568527][T12605] RBP: 00007f95d3b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 541.568542][T12605] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 541.568555][T12605] R13: 0000000000000000 R14: 00007f95d2fb5fa0 R15: 00007fff27cff438 [ 541.568662][T12605] [ 543.884086][T12626] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1432'. [ 544.773024][T12632] FAULT_INJECTION: forcing a failure. [ 544.773024][T12632] name failslab, interval 1, probability 0, space 0, times 0 [ 544.830441][T12632] CPU: 1 UID: 0 PID: 12632 Comm: syz.4.1433 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 544.830479][T12632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 544.830493][T12632] Call Trace: [ 544.830501][T12632] [ 544.830510][T12632] dump_stack_lvl+0x16c/0x1f0 [ 544.830549][T12632] should_fail_ex+0x512/0x640 [ 544.830573][T12632] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 544.830606][T12632] should_failslab+0xc2/0x120 [ 544.830635][T12632] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 544.830664][T12632] ? __alloc_skb+0x2b2/0x380 [ 544.830701][T12632] __alloc_skb+0x2b2/0x380 [ 544.830732][T12632] ? __pfx___alloc_skb+0x10/0x10 [ 544.830764][T12632] ? genl_rcv_msg+0x4a0/0x800 [ 544.830787][T12632] ? genl_rcv_msg+0x4bb/0x800 [ 544.830822][T12632] netlink_ack+0x15d/0xb80 [ 544.830873][T12632] netlink_rcv_skb+0x332/0x420 [ 544.830908][T12632] ? __pfx_genl_rcv_msg+0x10/0x10 [ 544.830936][T12632] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 544.830985][T12632] ? netlink_deliver_tap+0x1ae/0xd30 [ 544.831024][T12632] genl_rcv+0x28/0x40 [ 544.831046][T12632] netlink_unicast+0x5a7/0x870 [ 544.831086][T12632] ? __pfx_netlink_unicast+0x10/0x10 [ 544.831121][T12632] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 544.831155][T12632] ? __lock_acquire+0xb97/0x1ce0 [ 544.831195][T12632] netlink_sendmsg+0x8d1/0xdd0 [ 544.831237][T12632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 544.831290][T12632] ____sys_sendmsg+0xa95/0xc70 [ 544.831315][T12632] ? copy_msghdr_from_user+0x10a/0x160 [ 544.831345][T12632] ? __pfx_____sys_sendmsg+0x10/0x10 [ 544.831400][T12632] ___sys_sendmsg+0x134/0x1d0 [ 544.831434][T12632] ? __pfx____sys_sendmsg+0x10/0x10 [ 544.831498][T12632] ? __mutex_unlock_slowpath+0xc0/0x800 [ 544.831544][T12632] __sys_sendmsg+0x16d/0x220 [ 544.831578][T12632] ? __pfx___sys_sendmsg+0x10/0x10 [ 544.831635][T12632] do_syscall_64+0xcd/0x490 [ 544.831671][T12632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.831697][T12632] RIP: 0033:0x7fc5e798eb69 [ 544.831715][T12632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.831737][T12632] RSP: 002b:00007fc5e8855038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 544.831760][T12632] RAX: ffffffffffffffda RBX: 00007fc5e7bb5fa0 RCX: 00007fc5e798eb69 [ 544.831776][T12632] RDX: 0000000000000800 RSI: 0000200000000240 RDI: 0000000000000003 [ 544.831791][T12632] RBP: 00007fc5e8855090 R08: 0000000000000000 R09: 0000000000000000 [ 544.831805][T12632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.831819][T12632] R13: 0000000000000000 R14: 00007fc5e7bb5fa0 R15: 00007ffc8dacf998 [ 544.831852][T12632] [ 547.159107][T12650] mkiss: ax0: crc mode is auto. [ 547.395419][ T5874] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 547.684722][ T30] audit: type=1804 audit(6049152971.672:105): pid=12666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1441" name="/newroot/367/file0" dev="tmpfs" ino=1914 res=1 errno=0 [ 548.344736][T12676] FAULT_INJECTION: forcing a failure. [ 548.344736][T12676] name failslab, interval 1, probability 0, space 0, times 0 [ 548.357634][T12676] CPU: 1 UID: 0 PID: 12676 Comm: syz.4.1444 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 548.357668][T12676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 548.357685][T12676] Call Trace: [ 548.357693][T12676] [ 548.357704][T12676] dump_stack_lvl+0x16c/0x1f0 [ 548.357751][T12676] should_fail_ex+0x512/0x640 [ 548.357777][T12676] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 548.357811][T12676] should_failslab+0xc2/0x120 [ 548.357843][T12676] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 548.357874][T12676] ? alloc_empty_file+0x55/0x1e0 [ 548.357910][T12676] ? pidfs_stash_dentry+0xaf/0xe0 [ 548.357938][T12676] alloc_empty_file+0x55/0x1e0 [ 548.357976][T12676] dentry_open+0x46/0xd0 [ 548.358012][T12676] pidfs_alloc_file+0x18f/0x290 [ 548.358037][T12676] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 548.358064][T12676] ? _raw_spin_unlock_irq+0x23/0x50 [ 548.358096][T12676] pidfd_prepare+0x129/0x200 [ 548.358128][T12676] __x64_sys_pidfd_open+0x105/0x1a0 [ 548.358166][T12676] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 548.358208][T12676] ? rcu_is_watching+0x12/0xc0 [ 548.358238][T12676] do_syscall_64+0xcd/0x490 [ 548.358279][T12676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.358305][T12676] RIP: 0033:0x7fc5e798eb69 [ 548.358327][T12676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.358352][T12676] RSP: 002b:00007fc5e87d1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 548.358377][T12676] RAX: ffffffffffffffda RBX: 00007fc5e7bb6320 RCX: 00007fc5e798eb69 [ 548.358395][T12676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 548.358411][T12676] RBP: 00007fc5e7a11df1 R08: 0000000000000000 R09: 0000000000000000 [ 548.358427][T12676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.358443][T12676] R13: 0000000000000000 R14: 00007fc5e7bb6320 R15: 00007ffc8dacf998 [ 548.358478][T12676] [ 549.540310][ T5874] Bluetooth: hci1: unexpected event 0x35 length: 13 > 6 [ 549.608870][T12696] [U] [ 549.618820][T12696] [U] [ 549.621535][T12696] [U] [ 549.624242][T12696] [U] [ 549.686228][T12696] [U] [ 549.688993][T12696] [U] [ 549.691736][T12696] [U] [ 549.694442][T12696] [U] [ 549.726700][T12696] [U] [ 549.729457][T12696] [U] [ 549.732172][T12696] [U] [ 549.734891][T12696] [U] [ 549.762150][T12707] blktrace: Concurrent blktraces are not allowed on loop2 [ 549.778725][T12701] [U] [ 550.893907][ T30] audit: type=1804 audit(6049152974.882:106): pid=12724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1457" name="/newroot/369/file0" dev="tmpfs" ino=1928 res=1 errno=0 [ 552.363781][T12751] FAULT_INJECTION: forcing a failure. [ 552.363781][T12751] name failslab, interval 1, probability 0, space 0, times 0 [ 552.464963][T12751] CPU: 1 UID: 0 PID: 12751 Comm: syz.4.1464 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 552.464999][T12751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 552.465014][T12751] Call Trace: [ 552.465022][T12751] [ 552.465031][T12751] dump_stack_lvl+0x16c/0x1f0 [ 552.465071][T12751] should_fail_ex+0x512/0x640 [ 552.465094][T12751] ? __kmalloc_noprof+0xbf/0x510 [ 552.465124][T12751] ? kernfs_fop_write_iter+0x237/0x510 [ 552.465145][T12751] should_failslab+0xc2/0x120 [ 552.465174][T12751] __kmalloc_noprof+0xd2/0x510 [ 552.465210][T12751] kernfs_fop_write_iter+0x237/0x510 [ 552.465237][T12751] iter_file_splice_write+0x91f/0x1150 [ 552.465285][T12751] ? __pfx_iter_file_splice_write+0x10/0x10 [ 552.465318][T12751] ? __pfx_copy_splice_read+0x10/0x10 [ 552.465362][T12751] ? __pfx_iter_file_splice_write+0x10/0x10 [ 552.465390][T12751] direct_splice_actor+0x18f/0x6c0 [ 552.465419][T12751] splice_direct_to_actor+0x345/0xa30 [ 552.465446][T12751] ? __pfx_direct_splice_actor+0x10/0x10 [ 552.465484][T12751] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 552.465507][T12751] ? get_pid_task+0xfc/0x250 [ 552.465547][T12751] do_splice_direct+0x174/0x240 [ 552.465573][T12751] ? __pfx_do_splice_direct+0x10/0x10 [ 552.465598][T12751] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 552.465640][T12751] ? rw_verify_area+0xcf/0x6c0 [ 552.465667][T12751] do_sendfile+0xb06/0xe50 [ 552.465699][T12751] ? __pfx_do_sendfile+0x10/0x10 [ 552.465724][T12751] ? __fget_files+0x20e/0x3c0 [ 552.465759][T12751] __x64_sys_sendfile64+0x1d8/0x220 [ 552.465788][T12751] ? ksys_write+0x1ac/0x250 [ 552.465813][T12751] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 552.465855][T12751] do_syscall_64+0xcd/0x490 [ 552.465890][T12751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.465914][T12751] RIP: 0033:0x7fc5e798eb69 [ 552.465936][T12751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.465957][T12751] RSP: 002b:00007fc5e8855038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 552.465978][T12751] RAX: ffffffffffffffda RBX: 00007fc5e7bb5fa0 RCX: 00007fc5e798eb69 [ 552.465992][T12751] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 552.466005][T12751] RBP: 00007fc5e8855090 R08: 0000000000000000 R09: 0000000000000000 [ 552.466019][T12751] R10: 0000000000000ef3 R11: 0000000000000246 R12: 0000000000000001 [ 552.466032][T12751] R13: 0000000000000000 R14: 00007fc5e7bb5fa0 R15: 00007ffc8dacf998 [ 552.466065][T12751] [ 552.986613][T12758] binder: 12756:12758 ioctl 4030580b 0 returned -22 [ 553.292897][ T30] audit: type=1804 audit(6049152977.282:107): pid=12766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1467" name="/newroot/372/file0" dev="tmpfs" ino=1944 res=1 errno=0 [ 556.258101][T12829] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1482'. [ 556.374432][T12823] HfR: entered promiscuous mode [ 556.397127][T12829] HfR: left promiscuous mode [ 557.198266][T12841] vhci_hcd: invalid port number 16 [ 557.211673][T12841] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 557.731803][T12846] could not allocate digest TFM handle  [ 557.974870][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 558.072726][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 558.146062][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 558.197879][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 558.388943][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 558.460469][T12861] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 558.516128][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 558.669911][T12866] FAULT_INJECTION: forcing a failure. [ 558.669911][T12866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 558.683857][T12866] CPU: 1 UID: 0 PID: 12866 Comm: syz.2.1491 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 558.683893][T12866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 558.683907][T12866] Call Trace: [ 558.683916][T12866] [ 558.683924][T12866] dump_stack_lvl+0x16c/0x1f0 [ 558.683964][T12866] should_fail_ex+0x512/0x640 [ 558.683994][T12866] _copy_to_user+0x32/0xd0 [ 558.684025][T12866] simple_read_from_buffer+0xcb/0x170 [ 558.684066][T12866] proc_fail_nth_read+0x197/0x240 [ 558.684094][T12866] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 558.684124][T12866] ? rw_verify_area+0xcf/0x6c0 [ 558.684147][T12866] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 558.684173][T12866] vfs_read+0x1e4/0xc60 [ 558.684205][T12866] ? __pfx___mutex_lock+0x10/0x10 [ 558.684240][T12866] ? __pfx_vfs_read+0x10/0x10 [ 558.684276][T12866] ? __fget_files+0x20e/0x3c0 [ 558.684312][T12866] ksys_read+0x12a/0x250 [ 558.684338][T12866] ? __pfx_ksys_read+0x10/0x10 [ 558.684376][T12866] do_syscall_64+0xcd/0x490 [ 558.684413][T12866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.684438][T12866] RIP: 0033:0x7f95d2d8d57c [ 558.684458][T12866] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 558.684481][T12866] RSP: 002b:00007f95d0bf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 558.684496][T12866] RAX: ffffffffffffffda RBX: 00007f95d2fb6160 RCX: 00007f95d2d8d57c [ 558.684505][T12866] RDX: 000000000000000f RSI: 00007f95d0bf60a0 RDI: 000000000000000a [ 558.684513][T12866] RBP: 00007f95d0bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 558.684521][T12866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 558.684529][T12866] R13: 0000000000000000 R14: 00007f95d2fb6160 R15: 00007fff27cff438 [ 558.684550][T12866] [ 558.918648][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 559.389510][T12851] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1488'. [ 560.819803][T12902] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1500'. [ 561.663202][T12917] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 562.371723][T12930] FAULT_INJECTION: forcing a failure. [ 562.371723][T12930] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 562.486164][T12930] CPU: 0 UID: 0 PID: 12930 Comm: syz.3.1505 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 562.486198][T12930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 562.486212][T12930] Call Trace: [ 562.486220][T12930] [ 562.486228][T12930] dump_stack_lvl+0x16c/0x1f0 [ 562.486273][T12930] should_fail_ex+0x512/0x640 [ 562.486296][T12930] _copy_from_user+0x2e/0xd0 [ 562.486319][T12930] copy_msghdr_from_user+0x98/0x160 [ 562.486349][T12930] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 562.486381][T12930] ? kfree+0x24f/0x4d0 [ 562.486396][T12930] ? __pfx__kstrtoull+0x10/0x10 [ 562.486428][T12930] ___sys_sendmsg+0xfe/0x1d0 [ 562.486457][T12930] ? __pfx____sys_sendmsg+0x10/0x10 [ 562.486511][T12930] ? __pfx___might_resched+0x10/0x10 [ 562.486537][T12930] __sys_sendmmsg+0x200/0x420 [ 562.486569][T12930] ? __pfx___sys_sendmmsg+0x10/0x10 [ 562.486607][T12930] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 562.486648][T12930] ? fput+0x9b/0xd0 [ 562.486675][T12930] ? ksys_write+0x1ac/0x250 [ 562.486695][T12930] ? __pfx_ksys_write+0x10/0x10 [ 562.486722][T12930] __x64_sys_sendmmsg+0x9c/0x100 [ 562.486750][T12930] ? lockdep_hardirqs_on+0x7c/0x110 [ 562.486777][T12930] do_syscall_64+0xcd/0x490 [ 562.486808][T12930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.486828][T12930] RIP: 0033:0x7f70cfb8eb69 [ 562.486844][T12930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.486861][T12930] RSP: 002b:00007f70d09b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 562.486880][T12930] RAX: ffffffffffffffda RBX: 00007f70cfdb5fa0 RCX: 00007f70cfb8eb69 [ 562.486893][T12930] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 562.486905][T12930] RBP: 00007f70d09b8090 R08: 0000000000000000 R09: 0000000000000000 [ 562.486917][T12930] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 562.486929][T12930] R13: 0000000000000000 R14: 00007f70cfdb5fa0 R15: 00007ffca29cd0c8 [ 562.486955][T12930] [ 562.950500][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.956902][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.672708][T12950] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 565.026973][T12957] program syz.2.1511 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 565.578840][T12968] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 566.038666][T12971] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1515'. [ 570.723002][ T5874] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 571.580259][T13066] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1536'. [ 571.587520][T13068] FAULT_INJECTION: forcing a failure. [ 571.587520][T13068] name failslab, interval 1, probability 0, space 0, times 0 [ 571.598630][T13069] FAULT_INJECTION: forcing a failure. [ 571.598630][T13069] name failslab, interval 1, probability 0, space 0, times 0 [ 571.652921][T13070] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1536'. [ 571.686158][T13069] CPU: 1 UID: 0 PID: 13069 Comm: syz.0.1535 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 571.686194][T13069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 571.686208][T13069] Call Trace: [ 571.686217][T13069] [ 571.686226][T13069] dump_stack_lvl+0x16c/0x1f0 [ 571.686273][T13069] should_fail_ex+0x512/0x640 [ 571.686297][T13069] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 571.686331][T13069] should_failslab+0xc2/0x120 [ 571.686361][T13069] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 571.686390][T13069] ? __alloc_skb+0x2b2/0x380 [ 571.686429][T13069] __alloc_skb+0x2b2/0x380 [ 571.686460][T13069] ? __pfx___alloc_skb+0x10/0x10 [ 571.686497][T13069] ? __lock_acquire+0xb97/0x1ce0 [ 571.686531][T13069] netlink_alloc_large_skb+0x69/0x130 [ 571.686569][T13069] netlink_sendmsg+0x6a1/0xdd0 [ 571.686610][T13069] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.686659][T13069] ____sys_sendmsg+0xa95/0xc70 [ 571.686687][T13069] ? copy_msghdr_from_user+0x10a/0x160 [ 571.686721][T13069] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.686753][T13069] ? kfree+0x24f/0x4d0 [ 571.686772][T13069] ? __pfx__kstrtoull+0x10/0x10 [ 571.686811][T13069] ___sys_sendmsg+0x134/0x1d0 [ 571.686847][T13069] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.686915][T13069] ? __pfx___might_resched+0x10/0x10 [ 571.686947][T13069] __sys_sendmmsg+0x200/0x420 [ 571.686985][T13069] ? __pfx___sys_sendmmsg+0x10/0x10 [ 571.687031][T13069] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 571.687081][T13069] ? fput+0x9b/0xd0 [ 571.687113][T13069] ? ksys_write+0x1ac/0x250 [ 571.687139][T13069] ? __pfx_ksys_write+0x10/0x10 [ 571.687226][T13069] __x64_sys_sendmmsg+0x9c/0x100 [ 571.687266][T13069] ? lockdep_hardirqs_on+0x7c/0x110 [ 571.687299][T13069] do_syscall_64+0xcd/0x490 [ 571.687336][T13069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.687362][T13069] RIP: 0033:0x7ff8f0f8eb69 [ 571.687382][T13069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.687405][T13069] RSP: 002b:00007ff8f1db8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 571.687428][T13069] RAX: ffffffffffffffda RBX: 00007ff8f11b5fa0 RCX: 00007ff8f0f8eb69 [ 571.687445][T13069] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000002 [ 571.687460][T13069] RBP: 00007ff8f1db8090 R08: 0000000000000000 R09: 0000000000000000 [ 571.687474][T13069] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 571.687489][T13069] R13: 0000000000000000 R14: 00007ff8f11b5fa0 R15: 00007ffcc78f4ed8 [ 571.687519][T13069] [ 572.096097][T13068] CPU: 0 UID: 0 PID: 13068 Comm: syz.4.1537 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 572.096135][T13068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 572.096150][T13068] Call Trace: [ 572.096158][T13068] [ 572.096169][T13068] dump_stack_lvl+0x16c/0x1f0 [ 572.096209][T13068] should_fail_ex+0x512/0x640 [ 572.096233][T13068] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 572.096265][T13068] should_failslab+0xc2/0x120 [ 572.096296][T13068] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 572.096324][T13068] ? ptlock_alloc+0x1f/0x70 [ 572.096352][T13068] ptlock_alloc+0x1f/0x70 [ 572.096375][T13068] pte_alloc_one+0x82/0x3a0 [ 572.096401][T13068] do_pte_missing+0x1afc/0x3ba0 [ 572.096428][T13068] ? do_raw_spin_unlock+0x172/0x230 [ 572.096465][T13068] ? __pmd_alloc+0x3fb/0x930 [ 572.096502][T13068] __handle_mm_fault+0x152a/0x2a50 [ 572.096539][T13068] ? __pfx___handle_mm_fault+0x10/0x10 [ 572.096610][T13068] handle_mm_fault+0x589/0xd10 [ 572.096643][T13068] __get_user_pages+0x551/0x34a0 [ 572.096693][T13068] ? __pfx___get_user_pages+0x10/0x10 [ 572.096738][T13068] populate_vma_page_range+0x267/0x3f0 [ 572.096776][T13068] ? __pfx_populate_vma_page_range+0x10/0x10 [ 572.096810][T13068] ? __pfx_find_vma_intersection+0x10/0x10 [ 572.096846][T13068] ? do_mmap+0x69c/0x1210 [ 572.096881][T13068] __mm_populate+0x1d8/0x380 [ 572.096918][T13068] ? __pfx___mm_populate+0x10/0x10 [ 572.096955][T13068] ? up_write+0x1b2/0x520 [ 572.096991][T13068] vm_mmap_pgoff+0x37f/0x470 [ 572.097029][T13068] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 572.097069][T13068] ? __fget_files+0x20e/0x3c0 [ 572.097102][T13068] ksys_mmap_pgoff+0x32c/0x5c0 [ 572.097137][T13068] ? __pfx_ksys_write+0x10/0x10 [ 572.097169][T13068] __x64_sys_mmap+0x125/0x190 [ 572.097208][T13068] do_syscall_64+0xcd/0x490 [ 572.097245][T13068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.097271][T13068] RIP: 0033:0x7fc5e798eb69 [ 572.097291][T13068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.097313][T13068] RSP: 002b:00007fc5e8855038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 572.097337][T13068] RAX: ffffffffffffffda RBX: 00007fc5e7bb5fa0 RCX: 00007fc5e798eb69 [ 572.097355][T13068] RDX: 0001000000000001 RSI: 000000000000580f RDI: 0000000000000000 [ 572.097370][T13068] RBP: 00007fc5e8855090 R08: 0000000000000003 R09: 0000000000000000 [ 572.097385][T13068] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000001 [ 572.097400][T13068] R13: 0000000000000000 R14: 00007fc5e7bb5fa0 R15: 00007ffc8dacf998 [ 572.097435][T13068] [ 572.443301][T13074] FAULT_INJECTION: forcing a failure. [ 572.443301][T13074] name failslab, interval 1, probability 0, space 0, times 0 [ 572.561911][T13074] CPU: 1 UID: 0 PID: 13074 Comm: syz.2.1538 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 572.561947][T13074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 572.561961][T13074] Call Trace: [ 572.561970][T13074] [ 572.561979][T13074] dump_stack_lvl+0x16c/0x1f0 [ 572.562019][T13074] should_fail_ex+0x512/0x640 [ 572.562042][T13074] ? fs_reclaim_acquire+0xae/0x150 [ 572.562078][T13074] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 572.562107][T13074] should_failslab+0xc2/0x120 [ 572.562137][T13074] __kmalloc_noprof+0xd2/0x510 [ 572.562173][T13074] tomoyo_realpath_from_path+0xc2/0x6e0 [ 572.562206][T13074] ? tomoyo_profile+0x47/0x60 [ 572.562241][T13074] tomoyo_path_number_perm+0x245/0x580 [ 572.562264][T13074] ? tomoyo_path_number_perm+0x237/0x580 [ 572.562298][T13074] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 572.562324][T13074] ? find_held_lock+0x2b/0x80 [ 572.562381][T13074] ? find_held_lock+0x2b/0x80 [ 572.562403][T13074] ? hook_file_ioctl_common+0x145/0x410 [ 572.562448][T13074] ? __fget_files+0x20e/0x3c0 [ 572.562480][T13074] security_file_ioctl+0x9b/0x240 [ 572.562508][T13074] __x64_sys_ioctl+0xb7/0x210 [ 572.562545][T13074] do_syscall_64+0xcd/0x490 [ 572.562582][T13074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.562607][T13074] RIP: 0033:0x7f95d2d8eb69 [ 572.562627][T13074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.562649][T13074] RSP: 002b:00007f95d3b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 572.562672][T13074] RAX: ffffffffffffffda RBX: 00007f95d2fb5fa0 RCX: 00007f95d2d8eb69 [ 572.562689][T13074] RDX: ffffffffffffffff RSI: 0000000000004b31 RDI: 0000000000000003 [ 572.562703][T13074] RBP: 00007f95d3b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 572.562718][T13074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 572.562733][T13074] R13: 0000000000000000 R14: 00007f95d2fb5fa0 R15: 00007fff27cff438 [ 572.562766][T13074] [ 572.562777][T13074] ERROR: Out of memory at tomoyo_realpath_from_path. [ 573.165417][T13076] FAULT_INJECTION: forcing a failure. [ 573.165417][T13076] name failslab, interval 1, probability 0, space 0, times 0 [ 573.246210][T13076] CPU: 1 UID: 0 PID: 13076 Comm: syz.0.1539 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 573.246250][T13076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 573.246266][T13076] Call Trace: [ 573.246275][T13076] [ 573.246285][T13076] dump_stack_lvl+0x16c/0x1f0 [ 573.246327][T13076] should_fail_ex+0x512/0x640 [ 573.246352][T13076] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 573.246388][T13076] should_failslab+0xc2/0x120 [ 573.246424][T13076] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 573.246455][T13076] ? __d_alloc+0x32/0xae0 [ 573.246490][T13076] __d_alloc+0x32/0xae0 [ 573.246524][T13076] d_alloc_parallel+0x111/0x1480 [ 573.246576][T13076] ? __pfx_d_alloc_parallel+0x10/0x10 [ 573.246617][T13076] ? lockdep_init_map_type+0x5c/0x280 [ 573.246652][T13076] ? lockdep_init_map_type+0x5c/0x280 [ 573.246691][T13076] __lookup_slow+0x193/0x460 [ 573.246728][T13076] ? __pfx___lookup_slow+0x10/0x10 [ 573.246786][T13076] ? lookup_fast+0x156/0x610 [ 573.246807][T13076] ? __pfx_kernfs_iop_permission+0x10/0x10 [ 573.246843][T13076] walk_component+0x353/0x5b0 [ 573.246871][T13076] link_path_walk+0x627/0xe20 [ 573.246910][T13076] path_openat+0x1b0/0x2cb0 [ 573.246935][T13076] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.246974][T13076] ? __pfx_path_openat+0x10/0x10 [ 573.247014][T13076] do_filp_open+0x20b/0x470 [ 573.247045][T13076] ? __pfx_do_filp_open+0x10/0x10 [ 573.247103][T13076] ? alloc_fd+0x471/0x7d0 [ 573.247141][T13076] do_sys_openat2+0x11b/0x1d0 [ 573.247176][T13076] ? __pfx_do_sys_openat2+0x10/0x10 [ 573.247235][T13076] __x64_sys_openat+0x174/0x210 [ 573.247273][T13076] ? __pfx___x64_sys_openat+0x10/0x10 [ 573.247327][T13076] do_syscall_64+0xcd/0x490 [ 573.247367][T13076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.247391][T13076] RIP: 0033:0x7ff8f0f8eb69 [ 573.247412][T13076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.247436][T13076] RSP: 002b:00007ff8f1db8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 573.247459][T13076] RAX: ffffffffffffffda RBX: 00007ff8f11b5fa0 RCX: 00007ff8f0f8eb69 [ 573.247476][T13076] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 573.247492][T13076] RBP: 00007ff8f1011df1 R08: 0000000000000000 R09: 0000000000000000 [ 573.247507][T13076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.247521][T13076] R13: 0000000000000000 R14: 00007ff8f11b5fa0 R15: 00007ffcc78f4ed8 [ 573.247556][T13076] [ 573.591270][T13087] sock: sock_set_timeout: `syz.2.1543' (pid 13087) tries to set negative timeout [ 573.806033][T13085] nvme_fabrics: missing parameter 'transport=%s' [ 573.812596][T13085] nvme_fabrics: missing parameter 'nqn=%s' [ 574.686911][T13097] [ 574.689288][T13097] ====================================================== [ 574.696308][T13097] WARNING: possible circular locking dependency detected [ 574.703308][T13097] 6.16.0-syzkaller-11129-geacf91b0c78a #0 Not tainted [ 574.710053][T13097] ------------------------------------------------------ [ 574.717057][T13097] syz.2.1544/13097 is trying to acquire lock: [ 574.723103][T13097] ffff88801c6ffa20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 574.733274][T13097] [ 574.733274][T13097] but task is already holding lock: [ 574.740632][T13097] ffff888142b41448 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 574.751898][T13097] [ 574.751898][T13097] which lock already depends on the new lock. [ 574.751898][T13097] [ 574.762298][T13097] [ 574.762298][T13097] the existing dependency chain (in reverse order) is: [ 574.771299][T13097] [ 574.771299][T13097] -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 574.779902][T13097] blk_alloc_queue+0x619/0x760 [ 574.785221][T13097] blk_mq_alloc_queue+0x172/0x280 [ 574.790770][T13097] __blk_mq_alloc_disk+0x29/0x120 [ 574.796308][T13097] loop_add+0x490/0xb70 [ 574.801000][T13097] loop_init+0x164/0x270 [ 574.805766][T13097] do_one_initcall+0x120/0x6e0 [ 574.811073][T13097] kernel_init_freeable+0x5c2/0x900 [ 574.816799][T13097] kernel_init+0x1c/0x2b0 [ 574.821640][T13097] ret_from_fork+0x5d4/0x6f0 [ 574.826776][T13097] ret_from_fork_asm+0x1a/0x30 [ 574.832119][T13097] [ 574.832119][T13097] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 574.839324][T13097] fs_reclaim_acquire+0x102/0x150 [ 574.844896][T13097] kmem_cache_alloc_noprof+0x53/0x3b0 [ 574.850786][T13097] __kernfs_iattrs+0x124/0x3e0 [ 574.856068][T13097] __kernfs_setattr+0x4d/0x3c0 [ 574.861355][T13097] kernfs_iop_setattr+0xda/0x120 [ 574.866808][T13097] notify_change+0x6a6/0x1230 [ 574.872004][T13097] do_truncate+0x1d7/0x230 [ 574.876932][T13097] path_openat+0x2678/0x2cb0 [ 574.882046][T13097] do_filp_open+0x20b/0x470 [ 574.887153][T13097] do_sys_openat2+0x11b/0x1d0 [ 574.892359][T13097] __x64_sys_openat+0x174/0x210 [ 574.897729][T13097] do_syscall_64+0xcd/0x490 [ 574.902769][T13097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.909182][T13097] [ 574.909182][T13097] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 574.917713][T13097] __lock_acquire+0x12a6/0x1ce0 [ 574.923102][T13097] lock_acquire+0x179/0x350 [ 574.928119][T13097] down_read+0x9b/0x480 [ 574.932779][T13097] kernfs_iop_getattr+0x9c/0xf0 [ 574.938140][T13097] vfs_getattr_nosec+0x2ac/0x430 [ 574.943603][T13097] vfs_getattr+0x4a/0x60 [ 574.948362][T13097] loop_query_min_dio_size.isra.0+0x117/0x250 [ 574.954944][T13097] lo_ioctl+0x179b/0x20b0 [ 574.959793][T13097] blkdev_ioctl+0x274/0x6d0 [ 574.964811][T13097] __x64_sys_ioctl+0x18b/0x210 [ 574.970089][T13097] do_syscall_64+0xcd/0x490 [ 574.975108][T13097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.981510][T13097] [ 574.981510][T13097] other info that might help us debug this: [ 574.981510][T13097] [ 574.991719][T13097] Chain exists of: [ 574.991719][T13097] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#23 [ 574.991719][T13097] [ 575.006132][T13097] Possible unsafe locking scenario: [ 575.006132][T13097] [ 575.013573][T13097] CPU0 CPU1 [ 575.018927][T13097] ---- ---- [ 575.024299][T13097] lock(&q->q_usage_counter(io)#23); [ 575.029659][T13097] lock(fs_reclaim); [ 575.036147][T13097] lock(&q->q_usage_counter(io)#23); [ 575.044025][T13097] rlock(&root->kernfs_iattr_rwsem); [ 575.049382][T13097] [ 575.049382][T13097] *** DEADLOCK *** [ 575.049382][T13097] [ 575.057513][T13097] 3 locks held by syz.2.1544/13097: [ 575.062685][T13097] #0: ffff888142b37400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 575.072855][T13097] #1: ffff888142b41448 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 575.084501][T13097] #2: ffff888142b41480 (&q->q_usage_counter(queue)#22){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 575.096409][T13097] [ 575.096409][T13097] stack backtrace: [ 575.102278][T13097] CPU: 0 UID: 0 PID: 13097 Comm: syz.2.1544 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 575.102295][T13097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 575.102304][T13097] Call Trace: [ 575.102311][T13097] [ 575.102316][T13097] dump_stack_lvl+0x116/0x1f0 [ 575.102340][T13097] print_circular_bug+0x275/0x350 [ 575.102358][T13097] check_noncircular+0x14c/0x170 [ 575.102375][T13097] __lock_acquire+0x12a6/0x1ce0 [ 575.102395][T13097] lock_acquire+0x179/0x350 [ 575.102411][T13097] ? kernfs_iop_getattr+0x9c/0xf0 [ 575.102428][T13097] ? __pfx___might_resched+0x10/0x10 [ 575.102443][T13097] down_read+0x9b/0x480 [ 575.102456][T13097] ? kernfs_iop_getattr+0x9c/0xf0 [ 575.102470][T13097] ? find_held_lock+0x2b/0x80 [ 575.102481][T13097] ? __pfx_down_read+0x10/0x10 [ 575.102493][T13097] ? kernfs_root+0xee/0x2a0 [ 575.102508][T13097] kernfs_iop_getattr+0x9c/0xf0 [ 575.102524][T13097] vfs_getattr_nosec+0x2ac/0x430 [ 575.102542][T13097] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 575.102558][T13097] vfs_getattr+0x4a/0x60 [ 575.102575][T13097] loop_query_min_dio_size.isra.0+0x117/0x250 [ 575.102595][T13097] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 575.102613][T13097] ? mark_held_locks+0x49/0x80 [ 575.102633][T13097] ? blk_freeze_queue_start+0xec/0x140 [ 575.102652][T13097] lo_ioctl+0x179b/0x20b0 [ 575.102672][T13097] ? __pfx_lo_ioctl+0x10/0x10 [ 575.102689][T13097] ? kasan_quarantine_put+0x10a/0x240 [ 575.102704][T13097] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.102724][T13097] ? blk_get_meta_cap+0x482/0x700 [ 575.102742][T13097] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 575.102762][T13097] ? blkdev_common_ioctl+0x1d6/0x2470 [ 575.102779][T13097] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 575.102795][T13097] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 575.102814][T13097] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 575.102833][T13097] ? do_vfs_ioctl+0x128/0x14f0 [ 575.102853][T13097] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 575.102875][T13097] ? __pfx_lo_ioctl+0x10/0x10 [ 575.102892][T13097] blkdev_ioctl+0x274/0x6d0 [ 575.102909][T13097] ? __pfx_blkdev_ioctl+0x10/0x10 [ 575.102927][T13097] ? __pfx_blkdev_ioctl+0x10/0x10 [ 575.102945][T13097] __x64_sys_ioctl+0x18b/0x210 [ 575.102964][T13097] do_syscall_64+0xcd/0x490 [ 575.102989][T13097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.103003][T13097] RIP: 0033:0x7f95d2d8eb69 [ 575.103015][T13097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.103029][T13097] RSP: 002b:00007f95d3b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 575.103042][T13097] RAX: ffffffffffffffda RBX: 00007f95d2fb5fa0 RCX: 00007f95d2d8eb69 [ 575.103052][T13097] RDX: 0000000000000000 RSI: 0000000000004c06 RDI: 0000000000000001 [ 575.103060][T13097] RBP: 00007f95d2e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 575.103068][T13097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.103076][T13097] R13: 0000000000000000 R14: 00007f95d2fb5fa0 R15: 00007fff27cff438 [ 575.103088][T13097]