last executing test programs: 3m0.345720762s ago: executing program 2 (id=4456): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) 3m0.148796609s ago: executing program 2 (id=4459): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x900, 0x0) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, 0x0, 0x4) write$auto(0x3, 0x0, 0xffd8) 2m59.793946309s ago: executing program 2 (id=4460): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x3a) r1 = userfaultfd$auto(0x1) statx$auto(r1, 0x0, 0x1000, 0x8, 0x0) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) keyctl$auto(0x6, 0xffffffffffffffff, 0x8, 0x803, 0x4) setsockopt$auto(r0, 0x29, 0x14, 0x0, 0x56b) 2m59.603438808s ago: executing program 2 (id=4462): socket(0x22, 0x2, 0x3) mmap$auto(0x0, 0x2009, 0x4000000020df, 0x10000000eb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x400000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x1c9002, 0x0) 2m59.149132677s ago: executing program 2 (id=4465): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x6, 0x16, 0x0, 0x40) tkill$auto(0x1, 0x7) 2m58.440747023s ago: executing program 2 (id=4471): socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PROBE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m57.971003054s ago: executing program 32 (id=4471): socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PROBE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m21.432734537s ago: executing program 0 (id=5088): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x7, 0x0) socketpair$auto(0x1b, 0x9, 0x20000, 0x0) open(0x0, 0x14d443, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r1, 0xc10c5541, r0) 1m20.957424469s ago: executing program 0 (id=5084): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r0 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000840), 0x1, 0x0) writev$auto(r0, &(0x7f0000000940)={0x0, 0xb}, 0x3) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) shutdown$auto(0x200000003, 0x2) 1m20.393379482s ago: executing program 0 (id=5095): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@generic={0xa}, 0x55) mprotect$auto(0x200000000000, 0x806121, 0x6) 1m19.413042782s ago: executing program 0 (id=5097): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 1m19.236343037s ago: executing program 0 (id=5098): mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r0, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$auto(0x3, 0x4008af03, 0x0) capset$auto(0x0, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) 1m18.853128144s ago: executing program 0 (id=5102): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0xee7, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) 1m18.477555416s ago: executing program 33 (id=5102): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0xee7, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) 7.177532811s ago: executing program 5 (id=5535): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) write$auto(0x3, 0x0, 0x100082) capset$auto(0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, 0x0) 5.992277055s ago: executing program 3 (id=5531): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0xa, 0xb) close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x8000006, 0x6, 0x3, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x8000100, 0x1, 0x8000052, 0x5, 0x1, 0x40, 0x76c5, 0x9a, 0x100000000}}) capset$auto(0x0, 0x0) io_uring_enter$auto(r0, 0x9, 0x820e, 0x9, 0x0, 0x18) 5.811315266s ago: executing program 3 (id=5532): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto(0x3, 0x80045438, 0x10000000000402) unshare$auto(0x8000400) 5.234326414s ago: executing program 4 (id=5533): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/assocs\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0xfffffe36) 4.893929828s ago: executing program 4 (id=5536): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fcntl$auto(0x3, 0x4, 0xa553) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x48, 0x15, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x1]}, 0x0, 0x0) 4.893801427s ago: executing program 3 (id=5537): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)={0x14, r1, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8) madvise$auto(0x0, 0x20499d, 0x9) 4.434119794s ago: executing program 4 (id=5538): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r1, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 4.433143375s ago: executing program 1 (id=5547): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x2, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x65, 0x0, 0x1c) 4.304277044s ago: executing program 1 (id=5539): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socketpair$auto(0x0, 0xc, 0x8000000000000000, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) 3.604694501s ago: executing program 5 (id=5540): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000ff0000030004020000060007040080000300000000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000300000008000200", @ANYRES32=0x0, @ANYBLOB="0800030001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40008d0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.46205339s ago: executing program 3 (id=5541): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4082, 0xff2) 3.43303053s ago: executing program 1 (id=5543): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto(0x3, 0x80045438, 0x10000000000402) unshare$auto(0x8000400) 3.281949972s ago: executing program 4 (id=5544): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) fsconfig$auto_FSCONFIG_SET_FLAG(r0, 0x0, 0x0, 0x0, 0x2) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) 3.035029172s ago: executing program 5 (id=5545): mmap$auto(0x0, 0x20008, 0x4, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0xf, &(0x7f00000001c0)=@bpf_attr_3={0x5, 0xaa, 0x276, 0x0, 0x3, 0x2, 0x8, 0x33, 0xd, "6326bcc7c57ffed984639b375ee8d538", 0x0, 0x3, 0xffffffffffffffff, 0xfffffffc, 0x6, 0x5, 0x0, 0x9, 0x2, 0x7f, @attach_prog_fd, 0xce51, 0x0, 0x7, 0x92c, 0x8}, 0xc) 2.168793026s ago: executing program 5 (id=5546): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = socket(0x2, 0x801, 0x106) getsockopt$auto(r1, 0x11c, 0x3, 0x0, 0x0) 2.037393916s ago: executing program 1 (id=5548): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xc000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x2, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x807111}, 0x8) 1.447694479s ago: executing program 3 (id=5549): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fcntl$auto(0x3, 0x4, 0xa553) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x48, 0x15, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x1]}, 0x0, 0x0) 1.44581873s ago: executing program 1 (id=5557): mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x5}, 0x1, 0x0, 0x0, 0x9}, 0x100005}, 0x31cd1c7c, 0x12) pwrite64$auto(0xc8, 0x0, 0x10, 0x3) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 1.44534531s ago: executing program 4 (id=5550): socket(0x10, 0x800, 0x0) openat$auto_fops_x64_ro_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy14/netdev:wlan1/stations/08:02:11:00:00:00/driver_buffered_tids\x00', 0x84000, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptyt8\x00', 0x2200, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/format\x00', 0x345480, 0x0) r0 = mq_open$auto(&(0x7f0000000540)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\x12\xf6\x9a\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5\"\xf2h\xc6\x94u\xd5\x8d6\xc6\x985\x95\xde2\x0fh\xf1\xe8\xbf\xb7A;\xcc\x05\xfb\xc5\xd8\xa5M\xf2\x11\x88\xac\xbcE\xb4\x82\f\xe6\x97\x8b\v\xe6\xa3H|[\xc9\xed\xf4\xe9-\xb7[\x03\xcb\x82\xa9\v\xe6\x19\x9dU\xc3q{\xe2\xb06\x03\xb4!WR\xa2?\x99\xa5\x1ax6pTm\xa1i\xe8\t\xd6s\xb7\x9b5\xfcG\xf2h)\xaf\xb3\xd6\xdf!\x96\x93\x842-\xc5pr\x06!S\f(Bt\x909\xef\x86\xc9V/\xb4\x05\xc2\x81\x1e\x14\xe6\'Y\x81s\xf2x+%\xb4M\x82\xe8X\xdf8\xf0\xf5B\v', 0x5f, 0xfffc, 0x0) mq_timedsend$auto(r0, 0x0, 0x80, 0x9, 0x0) 1.278135737s ago: executing program 4 (id=5551): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) write$auto(0x3, 0x0, 0x100082) capset$auto(0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, 0x0) 1.145962698s ago: executing program 5 (id=5552): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)={0x14, r1, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8) madvise$auto(0x0, 0x20499d, 0x9) 708.206µs ago: executing program 5 (id=5553): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socketpair$auto(0x0, 0xc, 0x8000000000000000, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) 612.122µs ago: executing program 3 (id=5554): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0x3dad24b1}, 0x800}, 0x7, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f1, 0x24) 0s ago: executing program 1 (id=5555): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x98081, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f00000001c0)) socket(0x23, 0x80805, 0x0) sendfile$auto(r0, r2, 0x0, 0x1000200) kernel console output (not intermixed with test programs): [T18907] do_fanotify_mark+0x270b/0x3600 [ 720.764567][T18907] ? __pfx_do_fanotify_mark+0x10/0x10 [ 720.764638][T18907] ? __x64_sys_futex+0x1e0/0x4c0 [ 720.764688][T18907] ? __x64_sys_futex+0x1e9/0x4c0 [ 720.764749][T18907] ? xfd_validate_state+0x61/0x180 [ 720.764804][T18907] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 720.764857][T18907] __x64_sys_fanotify_mark+0xbd/0x160 [ 720.764916][T18907] ? do_syscall_64+0x91/0x490 [ 720.764963][T18907] ? lockdep_hardirqs_on+0x7c/0x110 [ 720.765008][T18907] do_syscall_64+0xcd/0x490 [ 720.765059][T18907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.765100][T18907] RIP: 0033:0x7fb60118e9a9 [ 720.765130][T18907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.765168][T18907] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 720.765204][T18907] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 720.765230][T18907] RDX: 000000000000000a RSI: 0000000000000451 RDI: 0000000000000000 [ 720.765254][T18907] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 720.765277][T18907] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 720.765301][T18907] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 720.765349][T18907] [ 721.024826][T18902] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 721.041305][T18902] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 721.138537][T18918] FAULT_INJECTION: forcing a failure. [ 721.138537][T18918] name failslab, interval 1, probability 0, space 0, times 0 [ 721.193753][T18918] CPU: 0 UID: 0 PID: 18918 Comm: syz.1.5082 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 721.193816][T18918] Tainted: [U]=USER [ 721.193827][T18918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 721.193846][T18918] Call Trace: [ 721.193858][T18918] [ 721.193871][T18918] dump_stack_lvl+0x16c/0x1f0 [ 721.193915][T18918] should_fail_ex+0x512/0x640 [ 721.193982][T18918] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 721.194035][T18918] should_failslab+0xc2/0x120 [ 721.194077][T18918] __kmalloc_cache_noprof+0x6a/0x3e0 [ 721.194132][T18918] ? ima_calc_file_hash_tfm+0x231/0x350 [ 721.194181][T18918] ima_calc_file_hash_tfm+0x231/0x350 [ 721.194228][T18918] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 721.194316][T18918] ? stack_trace_save+0x8e/0xc0 [ 721.194358][T18918] ? ima_alloc_tfm+0x21a/0x2e0 [ 721.194394][T18918] ? generic_fillattr+0x6bf/0x940 [ 721.194441][T18918] ima_calc_file_hash+0x1ba/0x490 [ 721.194507][T18918] ima_collect_measurement+0x899/0xa40 [ 721.194568][T18918] ? __pfx_ima_collect_measurement+0x10/0x10 [ 721.194644][T18918] ? __mutex_lock+0x1c2/0x1070 [ 721.194687][T18918] ? is_bad_inode+0xd/0x40 [ 721.194736][T18918] ? xattr_resolve_name+0x27b/0x3f0 [ 721.194802][T18918] ? vfs_getxattr_alloc+0xec/0x340 [ 721.194847][T18918] ? ima_get_hash_algo+0x27c/0x400 [ 721.194883][T18918] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 721.194926][T18918] ? process_measurement+0x11fa/0x23e0 [ 721.194964][T18918] process_measurement+0x11fa/0x23e0 [ 721.195019][T18918] ? __pfx_process_measurement+0x10/0x10 [ 721.195059][T18918] ? __lock_acquire+0x622/0x1c90 [ 721.195109][T18918] ? hugetlb_file_setup+0x4cd/0x620 [ 721.195163][T18918] ? ksys_mmap_pgoff+0x189/0x5c0 [ 721.195210][T18918] ? __x64_sys_mmap+0x125/0x190 [ 721.195273][T18918] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.195364][T18918] ima_file_mmap+0x1b1/0x1d0 [ 721.195402][T18918] ? __pfx_ima_file_mmap+0x10/0x10 [ 721.195453][T18918] security_mmap_file+0x88c/0x990 [ 721.195487][T18918] vm_mmap_pgoff+0xec/0x450 [ 721.195533][T18918] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 721.195573][T18918] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 721.195622][T18918] ? hugetlbfs_get_inode+0x31f/0x730 [ 721.195683][T18918] ksys_mmap_pgoff+0x1c8/0x5c0 [ 721.195740][T18918] __x64_sys_mmap+0x125/0x190 [ 721.195801][T18918] do_syscall_64+0xcd/0x490 [ 721.195848][T18918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.195881][T18918] RIP: 0033:0x7fb60118e9a9 [ 721.195907][T18918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.195941][T18918] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 721.195972][T18918] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 721.195993][T18918] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 721.196013][T18918] RBP: 00007fb601210d69 R08: 0000000000000401 R09: 0000300000000000 [ 721.196043][T18918] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 721.196063][T18918] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 721.196105][T18918] [ 721.197120][ T31] audit: type=1800 audit(4294968669.863:15): pid=18918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5082" name="anon_hugepage" dev="hugetlbfs" ino=65163 res=0 errno=0 [ 722.011359][T18936] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5091'. [ 722.045381][T18936] veth0_macvtap: left promiscuous mode [ 722.341555][T18942] netlink: 350 bytes leftover after parsing attributes in process `syz.4.5093'. [ 723.241659][T18955] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5100'. [ 723.368554][T18955] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.417550][T18955] bridge_slave_1 (unregistering): left allmulticast mode [ 723.430593][T18955] bridge_slave_1 (unregistering): left promiscuous mode [ 723.438545][T18955] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.792975][T18961] hub 1-0:1.0: USB hub found [ 723.813172][T18961] hub 1-0:1.0: 1 port detected [ 724.100802][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 724.109310][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 724.119036][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 724.127468][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 724.136078][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 724.351578][T18970] chnl_net:caif_netlink_parms(): no params data found [ 724.441642][T18970] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.449100][T18970] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.456285][T18970] bridge_slave_0: entered allmulticast mode [ 724.464697][T18970] bridge_slave_0: entered promiscuous mode [ 724.473267][T18970] bridge0: port 2(bridge_slave_1) entered blocking state [ 724.481138][T18970] bridge0: port 2(bridge_slave_1) entered disabled state [ 724.490256][T18970] bridge_slave_1: entered allmulticast mode [ 724.497797][T18970] bridge_slave_1: entered promiscuous mode [ 724.536806][T18970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 724.550985][T18970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 724.596800][T18970] team0: Port device team_slave_0 added [ 724.609001][T18970] team0: Port device team_slave_1 added [ 724.653366][T18970] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 724.660598][T18970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.687632][T18970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 724.703245][T18970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 724.711676][T18970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.738492][T18970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 724.792392][T18970] hsr_slave_0: entered promiscuous mode [ 724.800039][T18970] hsr_slave_1: entered promiscuous mode [ 724.806148][T18970] debugfs: 'hsr0' already exists in 'hsr' [ 724.812201][T18970] Cannot create hsr debugfs directory [ 724.985598][T18970] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 724.998768][T18970] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 725.009333][T18970] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 725.019817][T18970] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 725.054311][T18970] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.061616][T18970] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.070099][T18970] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.077428][T18970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.099980][T17390] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.110014][T17390] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.167031][T18970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.191964][T18970] 8021q: adding VLAN 0 to HW filter on device team0 [ 725.207529][T17390] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.214836][T17390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.232290][T17390] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.239494][T17390] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.489873][T18970] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 725.779597][T18970] veth0_vlan: entered promiscuous mode [ 725.794571][T18970] veth1_vlan: entered promiscuous mode [ 725.832999][T18970] veth0_macvtap: entered promiscuous mode [ 725.842780][T18970] veth1_macvtap: entered promiscuous mode [ 725.865947][T18970] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 725.882174][T18970] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 725.895323][T18970] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.906165][T18970] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.916334][T18970] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 725.926615][T18970] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 726.024227][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 726.039431][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 726.072657][ T799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 726.081131][ T799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 726.211250][ T5158] Bluetooth: hci3: command tx timeout [ 726.248110][T19001] FAULT_INJECTION: forcing a failure. [ 726.248110][T19001] name failslab, interval 1, probability 0, space 0, times 0 [ 726.287226][T19001] CPU: 0 UID: 0 PID: 19001 Comm: syz.1.5115 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 726.287284][T19001] Tainted: [U]=USER [ 726.287295][T19001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 726.287315][T19001] Call Trace: [ 726.287327][T19001] [ 726.287341][T19001] dump_stack_lvl+0x16c/0x1f0 [ 726.287386][T19001] should_fail_ex+0x512/0x640 [ 726.287434][T19001] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 726.287479][T19001] should_failslab+0xc2/0x120 [ 726.287521][T19001] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 726.287558][T19001] ? __x64_sys_futex+0x1e0/0x4c0 [ 726.287600][T19001] ? __x64_sys_futex+0x1e9/0x4c0 [ 726.287642][T19001] ? prepare_creds+0x2c/0x7d0 [ 726.287696][T19001] prepare_creds+0x2c/0x7d0 [ 726.287750][T19001] keyctl_set_reqkey_keyring+0x8e/0x1c0 [ 726.287805][T19001] __do_sys_keyctl+0x6d/0x590 [ 726.287855][T19001] do_syscall_64+0xcd/0x490 [ 726.287905][T19001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.287941][T19001] RIP: 0033:0x7fb60118e9a9 [ 726.287969][T19001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.288004][T19001] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 726.288060][T19001] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 726.288085][T19001] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000e [ 726.288105][T19001] RBP: 00007fb601210d69 R08: 0000000000000008 R09: 0000000000000000 [ 726.288125][T19001] R10: 0000000000005eaf R11: 0000000000000246 R12: 0000000000000000 [ 726.288144][T19001] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 726.288187][T19001] [ 726.288990][T18994] Process accounting paused [ 726.814324][T19012] FAULT_INJECTION: forcing a failure. [ 726.814324][T19012] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 726.878803][T19012] CPU: 1 UID: 0 PID: 19012 Comm: syz.1.5109 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 726.878857][T19012] Tainted: [U]=USER [ 726.878868][T19012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 726.878885][T19012] Call Trace: [ 726.878897][T19012] [ 726.878908][T19012] dump_stack_lvl+0x16c/0x1f0 [ 726.878952][T19012] should_fail_ex+0x512/0x640 [ 726.879010][T19012] should_fail_alloc_page+0xe7/0x130 [ 726.879056][T19012] prepare_alloc_pages+0x3c2/0x610 [ 726.879107][T19012] ? rcu_is_watching+0x12/0xc0 [ 726.879145][T19012] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 726.879186][T19012] ? __lock_acquire+0xb8a/0x1c90 [ 726.879254][T19012] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 726.879308][T19012] ? do_raw_spin_lock+0x12c/0x2b0 [ 726.879366][T19012] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 726.879413][T19012] ? find_held_lock+0x2b/0x80 [ 726.879469][T19012] ? __lock_acquire+0xb8a/0x1c90 [ 726.879509][T19012] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 726.879561][T19012] ? policy_nodemask+0xea/0x4e0 [ 726.879602][T19012] alloc_pages_mpol+0x1fb/0x550 [ 726.879642][T19012] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 726.879711][T19012] folio_alloc_mpol_noprof+0x36/0x2f0 [ 726.879761][T19012] shmem_alloc_folio+0x135/0x160 [ 726.879812][T19012] shmem_alloc_and_add_folio+0x499/0xc20 [ 726.879856][T19012] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 726.879895][T19012] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 726.879936][T19012] shmem_get_folio_gfp+0x67f/0x1600 [ 726.879978][T19012] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 726.880015][T19012] ? __pfx___might_resched+0x10/0x10 [ 726.880056][T19012] shmem_fallocate+0x795/0xf50 [ 726.880109][T19012] ? __pfx_shmem_fallocate+0x10/0x10 [ 726.880143][T19012] ? aa_file_perm+0x495/0xf70 [ 726.880188][T19012] ? __lock_acquire+0xb8a/0x1c90 [ 726.880234][T19012] ? __lock_acquire+0x622/0x1c90 [ 726.880299][T19012] ? __pfx_shmem_fallocate+0x10/0x10 [ 726.880342][T19012] vfs_fallocate+0x595/0x10c0 [ 726.880382][T19012] ? __pfx_vfs_fallocate+0x10/0x10 [ 726.880430][T19012] __x64_sys_fallocate+0xd5/0x150 [ 726.880474][T19012] do_syscall_64+0xcd/0x490 [ 726.880517][T19012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.880549][T19012] RIP: 0033:0x7fb60118e9a9 [ 726.880575][T19012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.880609][T19012] RSP: 002b:00007fb5feff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 726.880639][T19012] RAX: ffffffffffffffda RBX: 00007fb6013b6080 RCX: 00007fb60118e9a9 [ 726.880661][T19012] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 726.880680][T19012] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 726.880700][T19012] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 726.880719][T19012] R13: 0000000000000000 R14: 00007fb6013b6080 R15: 00007ffc6cbff458 [ 726.880760][T19012] [ 727.826296][T19031] input: f¬ as /devices/virtual/input/input18 [ 728.212492][T19034] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 728.280595][ T5158] Bluetooth: hci3: command tx timeout [ 728.536752][T19041] netlink: 'syz.5.5123': attribute type 27 has an invalid length. [ 728.553935][T19041] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5123'. [ 728.785719][T19046] netlink: 302 bytes leftover after parsing attributes in process `syz.5.5125'. [ 729.366948][T19068] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5135'. [ 729.393286][T19068] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5135'. [ 730.352074][ T5158] Bluetooth: hci3: command tx timeout [ 731.740941][T19127] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 731.770424][T19127] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 731.803189][T19127] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 731.860226][T19127] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 731.893866][T19125] ERROR: Out of memory at tomoyo_memory_ok. [ 732.121907][T19129] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 732.188564][T19129] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 732.232475][T19129] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 732.265600][T19129] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 732.362210][T19137] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 732.400954][T19137] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 732.401590][T19137] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 732.401632][T19137] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 732.431697][ T5158] Bluetooth: hci3: command tx timeout [ 732.520367][ T31] audit: type=1804 audit(4294968681.227:16): pid=19139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5161" name="/newroot/161/file0" dev="tmpfs" ino=834 res=1 errno=0 [ 732.900697][T19151] FAULT_INJECTION: forcing a failure. [ 732.900697][T19151] name failslab, interval 1, probability 0, space 0, times 0 [ 732.933622][T19151] CPU: 0 UID: 0 PID: 19151 Comm: syz.4.5164 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 732.933679][T19151] Tainted: [U]=USER [ 732.933691][T19151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 732.933711][T19151] Call Trace: [ 732.933722][T19151] [ 732.933736][T19151] dump_stack_lvl+0x16c/0x1f0 [ 732.933783][T19151] should_fail_ex+0x512/0x640 [ 732.933831][T19151] ? __kmalloc_noprof+0xbf/0x510 [ 732.933870][T19151] ? rfkill_alloc+0xac/0x330 [ 732.933916][T19151] should_failslab+0xc2/0x120 [ 732.933957][T19151] __kmalloc_noprof+0xd2/0x510 [ 732.933997][T19151] ? lockdep_init_map_type+0x5c/0x280 [ 732.934047][T19151] rfkill_alloc+0xac/0x330 [ 732.934100][T19151] wiphy_new_nm+0x136a/0x2160 [ 732.934148][T19151] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 732.934197][T19151] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 732.934247][T19151] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 732.934292][T19151] ? __local_bh_enable_ip+0xa4/0x120 [ 732.934334][T19151] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 732.934399][T19151] ? __asan_memset+0x23/0x50 [ 732.934432][T19151] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 732.934490][T19151] hwsim_new_radio_nl+0xb51/0x12c0 [ 732.934537][T19151] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 732.934603][T19151] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 732.934640][T19151] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 732.934684][T19151] genl_family_rcv_msg_doit+0x209/0x2f0 [ 732.934719][T19151] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 732.934752][T19151] ? trace_cap_capable+0x18d/0x200 [ 732.934807][T19151] ? bpf_lsm_capable+0x9/0x10 [ 732.934853][T19151] ? security_capable+0x7e/0x260 [ 732.934902][T19151] ? ns_capable+0xd7/0x110 [ 732.934941][T19151] genl_rcv_msg+0x55c/0x800 [ 732.934977][T19151] ? __pfx_genl_rcv_msg+0x10/0x10 [ 732.935012][T19151] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 732.935072][T19151] netlink_rcv_skb+0x158/0x420 [ 732.935124][T19151] ? __pfx_genl_rcv_msg+0x10/0x10 [ 732.935159][T19151] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 732.935228][T19151] ? netlink_deliver_tap+0x1ae/0xd30 [ 732.935283][T19151] genl_rcv+0x28/0x40 [ 732.935332][T19151] netlink_unicast+0x58a/0x850 [ 732.935388][T19151] ? __pfx_netlink_unicast+0x10/0x10 [ 732.935451][T19151] netlink_sendmsg+0x8d1/0xdd0 [ 732.935510][T19151] ? __pfx_netlink_sendmsg+0x10/0x10 [ 732.935602][T19151] ____sys_sendmsg+0xa98/0xc70 [ 732.935662][T19151] ? copy_msghdr_from_user+0x10a/0x160 [ 732.935706][T19151] ? __pfx_____sys_sendmsg+0x10/0x10 [ 732.935782][T19151] ___sys_sendmsg+0x134/0x1d0 [ 732.935824][T19151] ? futex_private_hash_put+0x176/0x300 [ 732.935867][T19151] ? __pfx____sys_sendmsg+0x10/0x10 [ 732.935909][T19151] ? __lock_acquire+0x622/0x1c90 [ 732.936009][T19151] __sys_sendmsg+0x16d/0x220 [ 732.936052][T19151] ? __pfx___sys_sendmsg+0x10/0x10 [ 732.936096][T19151] ? __x64_sys_futex+0x1e0/0x4c0 [ 732.936167][T19151] do_syscall_64+0xcd/0x490 [ 732.936214][T19151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.936248][T19151] RIP: 0033:0x7f2222d8e9a9 [ 732.936278][T19151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.936313][T19151] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 732.936346][T19151] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 732.936369][T19151] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000003 [ 732.936389][T19151] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 732.936409][T19151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 732.936428][T19151] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 732.936483][T19151] [ 733.308048][ C0] vkms_vblank_simulate: vblank timer overrun [ 733.441274][T19159] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 733.459076][T19159] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 733.473638][T19159] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 733.492021][T19159] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 733.587925][T19160] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 733.603980][T19160] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 733.618272][T19160] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 733.635193][T19160] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 733.669653][T19162] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5170'. [ 735.062327][T19191] netlink: 350 bytes leftover after parsing attributes in process `syz.1.5182'. [ 735.244383][T19193] sp0: Synchronizing with TNC [ 735.618805][T19201] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5186'. [ 735.693161][T19204] random: crng reseeded on system resumption [ 735.704015][T19205] netlink: 'syz.5.5189': attribute type 16 has an invalid length. [ 735.730750][T19205] netlink: 326 bytes leftover after parsing attributes in process `syz.5.5189'. [ 735.749804][T19205] veth1_macvtap: left promiscuous mode [ 735.998180][T19210] FAULT_INJECTION: forcing a failure. [ 735.998180][T19210] name failslab, interval 1, probability 0, space 0, times 0 [ 736.033988][T19210] CPU: 0 UID: 0 PID: 19210 Comm: syz.1.5190 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 736.034047][T19210] Tainted: [U]=USER [ 736.034058][T19210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 736.034078][T19210] Call Trace: [ 736.034088][T19210] [ 736.034102][T19210] dump_stack_lvl+0x16c/0x1f0 [ 736.034149][T19210] should_fail_ex+0x512/0x640 [ 736.034199][T19210] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 736.034241][T19210] should_failslab+0xc2/0x120 [ 736.034279][T19210] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 736.034327][T19210] ? __kernfs_new_node+0xd2/0x8e0 [ 736.034374][T19210] __kernfs_new_node+0xd2/0x8e0 [ 736.034413][T19210] ? __pfx___kernfs_new_node+0x10/0x10 [ 736.034456][T19210] ? find_held_lock+0x2b/0x80 [ 736.034486][T19210] ? kernfs_root+0xee/0x2a0 [ 736.034526][T19210] kernfs_new_node+0x13c/0x1e0 [ 736.034567][T19210] ? net_ns_get_ownership+0xf8/0x1b0 [ 736.034611][T19210] kernfs_create_dir_ns+0x4c/0x1a0 [ 736.034657][T19210] internal_create_group+0x34d/0xf30 [ 736.034712][T19210] ? __pfx_internal_create_group+0x10/0x10 [ 736.034762][T19210] ? kernfs_create_link+0x1bd/0x240 [ 736.034822][T19210] internal_create_groups+0x9d/0x150 [ 736.034867][T19210] device_add+0xf30/0x1a70 [ 736.034923][T19210] ? __pfx_device_add+0x10/0x10 [ 736.034974][T19210] ? lockdep_init_map_type+0x5c/0x280 [ 736.035022][T19210] ? __init_waitqueue_head+0xca/0x150 [ 736.035062][T19210] netdev_register_kobject+0x182/0x3a0 [ 736.035119][T19210] register_netdevice+0x13dc/0x2270 [ 736.035179][T19210] ? __pfx_register_netdevice+0x10/0x10 [ 736.035242][T19210] slip_open+0xb86/0x1150 [ 736.035295][T19210] ? __pfx_slip_open+0x10/0x10 [ 736.035330][T19210] ? down_write+0x14d/0x200 [ 736.035379][T19210] ? __pfx_slip_open+0x10/0x10 [ 736.035416][T19210] tty_ldisc_open+0x9f/0x120 [ 736.035456][T19210] tty_set_ldisc+0x32b/0x780 [ 736.035503][T19210] tty_ioctl+0xc2e/0x1640 [ 736.035546][T19210] ? __pfx_tty_ioctl+0x10/0x10 [ 736.035607][T19210] ? find_held_lock+0x2b/0x80 [ 736.035638][T19210] ? hook_file_ioctl_common+0x145/0x410 [ 736.035697][T19210] ? __fget_files+0x20e/0x3c0 [ 736.035737][T19210] ? __pfx_tty_ioctl+0x10/0x10 [ 736.035784][T19210] __x64_sys_ioctl+0x18b/0x210 [ 736.035838][T19210] do_syscall_64+0xcd/0x490 [ 736.035885][T19210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.035917][T19210] RIP: 0033:0x7fb60118e9a9 [ 736.035945][T19210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.035979][T19210] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 736.036011][T19210] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 736.036033][T19210] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000005 [ 736.036052][T19210] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 736.036072][T19210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 736.036091][T19210] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 736.036135][T19210] [ 736.346415][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.470728][T19218] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5195'. [ 737.399499][T19236] netlink: 'syz.3.5200': attribute type 16 has an invalid length. [ 737.407553][T19236] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5200'. [ 737.431636][T19236] veth1_macvtap: left promiscuous mode [ 737.445589][T19238] netlink: 146 bytes leftover after parsing attributes in process `syz.5.5201'. [ 737.719195][T19242] FAULT_INJECTION: forcing a failure. [ 737.719195][T19242] name failslab, interval 1, probability 0, space 0, times 0 [ 737.733442][T19242] CPU: 1 UID: 0 PID: 19242 Comm: syz.4.5203 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 737.733495][T19242] Tainted: [U]=USER [ 737.733506][T19242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 737.733527][T19242] Call Trace: [ 737.733539][T19242] [ 737.733552][T19242] dump_stack_lvl+0x16c/0x1f0 [ 737.733598][T19242] should_fail_ex+0x512/0x640 [ 737.733648][T19242] ? fs_reclaim_acquire+0xae/0x150 [ 737.733701][T19242] should_failslab+0xc2/0x120 [ 737.733744][T19242] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 737.733784][T19242] ? security_inode_alloc+0x3b/0x2b0 [ 737.733838][T19242] security_inode_alloc+0x3b/0x2b0 [ 737.733890][T19242] inode_init_always_gfp+0xce4/0x1030 [ 737.733932][T19242] alloc_inode+0x86/0x240 [ 737.733976][T19242] alloc_anon_inode+0x28/0x3e0 [ 737.734010][T19242] ? alloc_fd+0x471/0x7d0 [ 737.734049][T19242] anon_inode_make_secure_inode+0x31/0x140 [ 737.734090][T19242] secretmem_file_create.constprop.0+0x43/0x290 [ 737.734137][T19242] __x64_sys_memfd_secret+0xc1/0x150 [ 737.734178][T19242] do_syscall_64+0xcd/0x490 [ 737.734222][T19242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.734256][T19242] RIP: 0033:0x7f2222d8e9a9 [ 737.734282][T19242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.734315][T19242] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 737.734346][T19242] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 737.734366][T19242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 737.734385][T19242] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 737.734404][T19242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.734421][T19242] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 737.734462][T19242] [ 738.790170][T19268] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5212'. [ 739.796958][T19288] mkiss: ax0: crc mode is auto. [ 739.803595][T19287] FAULT_INJECTION: forcing a failure. [ 739.803595][T19287] name failslab, interval 1, probability 0, space 0, times 0 [ 739.823542][T19287] CPU: 0 UID: 0 PID: 19287 Comm: syz.4.5218 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 739.823596][T19287] Tainted: [U]=USER [ 739.823608][T19287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 739.823629][T19287] Call Trace: [ 739.823640][T19287] [ 739.823653][T19287] dump_stack_lvl+0x16c/0x1f0 [ 739.823698][T19287] should_fail_ex+0x512/0x640 [ 739.823746][T19287] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 739.823783][T19287] should_failslab+0xc2/0x120 [ 739.823826][T19287] __kmalloc_cache_noprof+0x6a/0x3e0 [ 739.823860][T19287] ? rtnl_newlink+0x11b/0x2000 [ 739.823910][T19287] ? __pfx_rtnl_newlink+0x10/0x10 [ 739.823953][T19287] rtnl_newlink+0x11b/0x2000 [ 739.824011][T19287] ? __pfx_rtnl_newlink+0x10/0x10 [ 739.824053][T19287] ? kasan_quarantine_put+0x10a/0x240 [ 739.824087][T19287] ? lockdep_hardirqs_on+0x7c/0x110 [ 739.824138][T19287] ? kmem_cache_free+0x2d1/0x4d0 [ 739.824190][T19287] ? kfree_skbmem+0x1a4/0x1f0 [ 739.824235][T19287] ? __lock_acquire+0x622/0x1c90 [ 739.824282][T19287] ? rcu_is_watching+0x12/0xc0 [ 739.824316][T19287] ? trace_cap_capable+0x18d/0x200 [ 739.824373][T19287] ? find_held_lock+0x2b/0x80 [ 739.824404][T19287] ? __pfx_rtnl_newlink+0x10/0x10 [ 739.824445][T19287] ? __pfx_rtnl_newlink+0x10/0x10 [ 739.824485][T19287] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 739.824534][T19287] ? __pfx_rtnl_newlink+0x10/0x10 [ 739.824580][T19287] rtnetlink_rcv_msg+0x95e/0xe90 [ 739.824629][T19287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 739.824690][T19287] ? ref_tracker_free+0x37c/0x830 [ 739.824745][T19287] netlink_rcv_skb+0x158/0x420 [ 739.824795][T19287] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 739.824844][T19287] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 739.824909][T19287] ? netlink_deliver_tap+0x1ae/0xd30 [ 739.824966][T19287] netlink_unicast+0x58a/0x850 [ 739.825020][T19287] ? __pfx_netlink_unicast+0x10/0x10 [ 739.825082][T19287] netlink_sendmsg+0x8d1/0xdd0 [ 739.825148][T19287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 739.825225][T19287] __sys_sendto+0x4a0/0x520 [ 739.825264][T19287] ? __pfx___sys_sendto+0x10/0x10 [ 739.825316][T19287] ? find_held_lock+0x2b/0x80 [ 739.825380][T19287] __x64_sys_sendto+0xe0/0x1c0 [ 739.825417][T19287] ? do_syscall_64+0x91/0x490 [ 739.825457][T19287] ? lockdep_hardirqs_on+0x7c/0x110 [ 739.825496][T19287] do_syscall_64+0xcd/0x490 [ 739.825538][T19287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.825571][T19287] RIP: 0033:0x7f2222d9083c [ 739.825597][T19287] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 739.825629][T19287] RSP: 002b:00007f2223b3fec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 739.825661][T19287] RAX: ffffffffffffffda RBX: 00007f2223b3ffc0 RCX: 00007f2222d9083c [ 739.825682][T19287] RDX: 000000000000001c RSI: 00007f2223b40010 RDI: 0000000000000003 [ 739.825701][T19287] RBP: 0000000000000000 R08: 00007f2223b3ff14 R09: 000000000000000c [ 739.825720][T19287] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 739.825738][T19287] R13: 00007f2223b3ff68 R14: 00007f2223b40010 R15: 0000000000000000 [ 739.825779][T19287] [ 740.134177][ C0] vkms_vblank_simulate: vblank timer overrun [ 741.850483][T19327] FAULT_INJECTION: forcing a failure. [ 741.850483][T19327] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 741.881096][T19327] CPU: 1 UID: 0 PID: 19327 Comm: syz.4.5232 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 741.881152][T19327] Tainted: [U]=USER [ 741.881164][T19327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 741.881183][T19327] Call Trace: [ 741.881194][T19327] [ 741.881208][T19327] dump_stack_lvl+0x16c/0x1f0 [ 741.881254][T19327] should_fail_ex+0x512/0x640 [ 741.881311][T19327] should_fail_alloc_page+0xe7/0x130 [ 741.881357][T19327] prepare_alloc_pages+0x3c2/0x610 [ 741.881405][T19327] ? rcu_is_watching+0x12/0xc0 [ 741.881444][T19327] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 741.881486][T19327] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 741.881525][T19327] ? is_bpf_text_address+0x94/0x1a0 [ 741.881573][T19327] ? kernel_text_address+0x8d/0x100 [ 741.881625][T19327] ? __kernel_text_address+0xd/0x40 [ 741.881688][T19327] ? unwind_get_return_address+0x59/0xa0 [ 741.881742][T19327] ? arch_stack_walk+0xa6/0x100 [ 741.881782][T19327] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 741.881838][T19327] ? stack_depot_save_flags+0x28/0xa40 [ 741.881892][T19327] ? stack_trace_save+0x8e/0xc0 [ 741.881932][T19327] ? __pfx_stack_trace_save+0x10/0x10 [ 741.881975][T19327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 741.882031][T19327] ? policy_nodemask+0xea/0x4e0 [ 741.882082][T19327] alloc_pages_mpol+0x1fb/0x550 [ 741.882129][T19327] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 741.882185][T19327] alloc_pages_noprof+0x131/0x390 [ 741.882231][T19327] kimage_alloc_pages+0x75/0x350 [ 741.882290][T19327] kimage_alloc_control_pages+0x153/0xa00 [ 741.882336][T19327] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 741.882384][T19327] do_kexec_load+0x480/0x8d0 [ 741.882422][T19327] ? __pfx_do_kexec_load+0x10/0x10 [ 741.882464][T19327] ? _copy_from_user+0x59/0xd0 [ 741.882502][T19327] __x64_sys_kexec_load+0x1bf/0x230 [ 741.882543][T19327] do_syscall_64+0xcd/0x490 [ 741.882589][T19327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.882623][T19327] RIP: 0033:0x7f2222d8e9a9 [ 741.882651][T19327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 741.882697][T19327] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 741.882729][T19327] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 741.882752][T19327] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 741.882771][T19327] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 741.882791][T19327] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 741.882810][T19327] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 741.882852][T19327] [ 741.885292][T19327] kexec: Could not allocate control_code_buffer [ 742.532000][T19340] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5236'. [ 742.575357][T19340] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5236'. [ 743.333555][T19358] FAULT_INJECTION: forcing a failure. [ 743.333555][T19358] name failslab, interval 1, probability 0, space 0, times 0 [ 743.380748][T19358] CPU: 1 UID: 0 PID: 19358 Comm: syz.3.5242 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 743.380808][T19358] Tainted: [U]=USER [ 743.380820][T19358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 743.380839][T19358] Call Trace: [ 743.380851][T19358] [ 743.380864][T19358] dump_stack_lvl+0x16c/0x1f0 [ 743.380910][T19358] should_fail_ex+0x512/0x640 [ 743.380966][T19358] should_failslab+0xc2/0x120 [ 743.381009][T19358] __kmalloc_cache_noprof+0x6a/0x3e0 [ 743.381042][T19358] ? sctp_add_bind_addr+0xae/0x3f0 [ 743.381087][T19358] sctp_add_bind_addr+0xae/0x3f0 [ 743.381130][T19358] sctp_copy_local_addr_list+0x39d/0x5a0 [ 743.381182][T19358] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 743.381236][T19358] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 743.381290][T19358] ? sctp_bind_addr_copy+0xe0/0x530 [ 743.381328][T19358] sctp_bind_addr_copy+0xe0/0x530 [ 743.381377][T19358] sctp_connect_new_asoc+0x1d7/0x790 [ 743.381414][T19358] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 743.381452][T19358] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 743.381505][T19358] ? sctp_get_af_specific+0x62/0x70 [ 743.381563][T19358] __sctp_connect+0x3f3/0xc60 [ 743.381600][T19358] ? do_raw_spin_lock+0x12c/0x2b0 [ 743.381654][T19358] ? __pfx___sctp_connect+0x10/0x10 [ 743.381687][T19358] ? __pfx_sctp_inet_connect+0x10/0x10 [ 743.381721][T19358] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 743.381774][T19358] ? __pfx_sctp_inet_connect+0x10/0x10 [ 743.381803][T19358] sctp_inet_connect+0x15f/0x200 [ 743.381836][T19358] __sys_connect_file+0x141/0x1a0 [ 743.381879][T19358] __sys_connect+0x13b/0x160 [ 743.381915][T19358] ? __pfx___sys_connect+0x10/0x10 [ 743.381965][T19358] ? xfd_validate_state+0x61/0x180 [ 743.382008][T19358] ? __pfx_do_writev+0x10/0x10 [ 743.382049][T19358] __x64_sys_connect+0x72/0xb0 [ 743.382083][T19358] ? lockdep_hardirqs_on+0x7c/0x110 [ 743.382121][T19358] do_syscall_64+0xcd/0x490 [ 743.382184][T19358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.382218][T19358] RIP: 0033:0x7ffa0638e9a9 [ 743.382244][T19358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 743.382277][T19358] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 743.382321][T19358] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 743.382342][T19358] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 743.382361][T19358] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 743.382380][T19358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 743.382399][T19358] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 743.382442][T19358] [ 745.097713][T19377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5250'. [ 745.602176][T19384] FAULT_INJECTION: forcing a failure. [ 745.602176][T19384] name failslab, interval 1, probability 0, space 0, times 0 [ 745.716495][T19384] CPU: 0 UID: 0 PID: 19384 Comm: syz.1.5252 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 745.716553][T19384] Tainted: [U]=USER [ 745.716573][T19384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 745.716592][T19384] Call Trace: [ 745.716604][T19384] [ 745.716618][T19384] dump_stack_lvl+0x16c/0x1f0 [ 745.716664][T19384] should_fail_ex+0x512/0x640 [ 745.716712][T19384] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 745.716751][T19384] should_failslab+0xc2/0x120 [ 745.716793][T19384] __kmalloc_cache_noprof+0x6a/0x3e0 [ 745.716824][T19384] ? ww_mutex_lock+0x37/0x160 [ 745.716862][T19384] ? vkms_plane_duplicate_state+0x45/0x130 [ 745.716914][T19384] ? modeset_lock+0x114/0x6e0 [ 745.716959][T19384] vkms_plane_duplicate_state+0x45/0x130 [ 745.717010][T19384] drm_atomic_get_plane_state+0x20e/0x590 [ 745.717064][T19384] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 745.717123][T19384] ? __pfx___might_resched+0x10/0x10 [ 745.717188][T19384] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 745.717292][T19384] drm_client_modeset_commit_locked+0x14d/0x580 [ 745.717356][T19384] drm_client_modeset_commit+0x4f/0x80 [ 745.717412][T19384] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 745.717465][T19384] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 745.717511][T19384] drm_fbdev_client_restore+0x2c/0x40 [ 745.717549][T19384] drm_client_dev_restore+0x1f6/0x2a0 [ 745.717617][T19384] drm_release+0x2c4/0x360 [ 745.717670][T19384] ? __pfx_drm_release+0x10/0x10 [ 745.717719][T19384] __fput+0x402/0xb70 [ 745.717774][T19384] task_work_run+0x14d/0x240 [ 745.717829][T19384] ? __pfx_task_work_run+0x10/0x10 [ 745.717880][T19384] ? __pfx___do_sys_close_range+0x10/0x10 [ 745.717928][T19384] exit_to_user_mode_loop+0xeb/0x110 [ 745.717981][T19384] do_syscall_64+0x3f6/0x490 [ 745.718026][T19384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.718060][T19384] RIP: 0033:0x7fb60118e9a9 [ 745.718087][T19384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.718121][T19384] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 745.718152][T19384] RAX: 0000000000000000 RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 745.718172][T19384] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 745.718192][T19384] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 745.718211][T19384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 745.718231][T19384] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 745.718275][T19384] [ 746.612276][T19391] netlink: 'syz.4.5256': attribute type 19 has an invalid length. [ 746.629280][T19391] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5256'. [ 747.102291][T19397] FAULT_INJECTION: forcing a failure. [ 747.102291][T19397] name fail_futex, interval 1, probability 0, space 0, times 0 [ 747.191406][T19397] CPU: 1 UID: 0 PID: 19397 Comm: syz.4.5259 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 747.191460][T19397] Tainted: [U]=USER [ 747.191471][T19397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 747.191491][T19397] Call Trace: [ 747.191502][T19397] [ 747.191515][T19397] dump_stack_lvl+0x16c/0x1f0 [ 747.191580][T19397] should_fail_ex+0x512/0x640 [ 747.191642][T19397] get_futex_key+0x1d0/0x1540 [ 747.191691][T19397] ? __pfx_get_futex_key+0x10/0x10 [ 747.191747][T19397] futex_wake+0xea/0x530 [ 747.191802][T19397] ? __pfx_futex_wake+0x10/0x10 [ 747.191873][T19397] do_futex+0x1e3/0x350 [ 747.191921][T19397] ? __pfx_do_futex+0x10/0x10 [ 747.191968][T19397] ? find_held_lock+0x2b/0x80 [ 747.192012][T19397] __x64_sys_futex+0x1e0/0x4c0 [ 747.192061][T19397] ? __do_sys_close_range+0x278/0x730 [ 747.192102][T19397] ? __pfx___x64_sys_futex+0x10/0x10 [ 747.192148][T19397] ? __pfx___do_sys_close_range+0x10/0x10 [ 747.192199][T19397] do_syscall_64+0xcd/0x490 [ 747.192256][T19397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.192291][T19397] RIP: 0033:0x7f2222d8e9a9 [ 747.192318][T19397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 747.192350][T19397] RSP: 002b:00007f2223b410e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 747.192383][T19397] RAX: ffffffffffffffda RBX: 00007f2222fb5fa8 RCX: 00007f2222d8e9a9 [ 747.192405][T19397] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2222fb5fac [ 747.192426][T19397] RBP: 00007f2222fb5fa0 R08: 00007f2223b42000 R09: 0000000000000000 [ 747.192446][T19397] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2222fb5fac [ 747.192467][T19397] R13: 0000000000000000 R14: 00007ffc7a87c2b0 R15: 00007ffc7a87c398 [ 747.192509][T19397] [ 748.254246][T19414] FAULT_INJECTION: forcing a failure. [ 748.254246][T19414] name failslab, interval 1, probability 0, space 0, times 0 [ 748.267817][T19414] CPU: 0 UID: 0 PID: 19414 Comm: syz.1.5265 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 748.267869][T19414] Tainted: [U]=USER [ 748.267881][T19414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 748.267902][T19414] Call Trace: [ 748.267914][T19414] [ 748.267927][T19414] dump_stack_lvl+0x16c/0x1f0 [ 748.267974][T19414] should_fail_ex+0x512/0x640 [ 748.268025][T19414] ? lock_acquire+0x179/0x350 [ 748.268075][T19414] should_failslab+0xc2/0x120 [ 748.268129][T19414] __kmalloc_cache_noprof+0x6a/0x3e0 [ 748.268166][T19414] ? tipc_service_create+0xb1/0x350 [ 748.268216][T19414] tipc_service_create+0xb1/0x350 [ 748.268256][T19414] ? tipc_service_find+0x161/0x1c0 [ 748.268313][T19414] tipc_nametbl_insert_publ+0xf78/0x1720 [ 748.268364][T19414] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 748.268414][T19414] ? net_generic+0xea/0x2a0 [ 748.268464][T19414] tipc_nametbl_publish+0x137/0x280 [ 748.268514][T19414] tipc_sk_publish+0x1d8/0x430 [ 748.268561][T19414] ? __pfx_tipc_sk_publish+0x10/0x10 [ 748.268609][T19414] ? __local_bh_enable_ip+0xa4/0x120 [ 748.268654][T19414] tipc_sk_bind+0x16f/0x380 [ 748.268702][T19414] tipc_bind+0x190/0x2a0 [ 748.268750][T19414] __sys_bind+0x1a7/0x260 [ 748.268787][T19414] ? __pfx___sys_bind+0x10/0x10 [ 748.268837][T19414] ? xfd_validate_state+0x61/0x180 [ 748.268882][T19414] ? __pfx_do_writev+0x10/0x10 [ 748.268923][T19414] __x64_sys_bind+0x72/0xb0 [ 748.268954][T19414] ? lockdep_hardirqs_on+0x7c/0x110 [ 748.268994][T19414] do_syscall_64+0xcd/0x490 [ 748.269037][T19414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.269070][T19414] RIP: 0033:0x7fb60118e9a9 [ 748.269104][T19414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.269136][T19414] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 748.269168][T19414] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 748.269190][T19414] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000005 [ 748.269209][T19414] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 748.269229][T19414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.269248][T19414] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 748.269290][T19414] [ 748.269303][T19414] tipc: Service creation failed, no memory [ 750.949104][T19458] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5280'. [ 752.333186][T19485] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5292'. [ 752.994988][T19498] netlink: 'syz.4.5297': attribute type 4 has an invalid length. [ 753.097973][T19498] netlink: 314 bytes leftover after parsing attributes in process `syz.4.5297'. syzkaller syzkaller login: [ 755.045121][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.051863][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 755.545626][ T31] audit: type=1800 audit(4294969727.380:17): pid=19542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5311" name="dbroot" dev="configfs" ino=69125 res=0 errno=0 [ 755.594367][T19544] FAULT_INJECTION: forcing a failure. [ 755.594367][T19544] name failslab, interval 1, probability 0, space 0, times 0 [ 755.612138][T19544] CPU: 1 UID: 0 PID: 19544 Comm: syz.3.5314 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 755.612192][T19544] Tainted: [U]=USER [ 755.612203][T19544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 755.612224][T19544] Call Trace: [ 755.612235][T19544] [ 755.612253][T19544] dump_stack_lvl+0x16c/0x1f0 [ 755.612298][T19544] should_fail_ex+0x512/0x640 [ 755.612346][T19544] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 755.612382][T19544] ? __pfx_drm_debugfs_entry_open+0x10/0x10 [ 755.612422][T19544] should_failslab+0xc2/0x120 [ 755.612476][T19544] __kmalloc_cache_noprof+0x6a/0x3e0 [ 755.612512][T19544] ? single_open+0x4d/0x1f0 [ 755.612562][T19544] ? __pfx_drm_debugfs_entry_open+0x10/0x10 [ 755.612603][T19544] ? __pfx_vkms_config_show+0x10/0x10 [ 755.612642][T19544] single_open+0x4d/0x1f0 [ 755.612690][T19544] drm_debugfs_entry_open+0x127/0x1c0 [ 755.612735][T19544] full_proxy_open_regular+0x1b9/0x360 [ 755.612785][T19544] do_dentry_open+0x741/0x1c10 [ 755.612823][T19544] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 755.612889][T19544] vfs_open+0x82/0x3f0 [ 755.612937][T19544] path_openat+0x1de4/0x2cb0 [ 755.612985][T19544] ? __pfx_path_openat+0x10/0x10 [ 755.613023][T19544] ? __lock_acquire+0xb8a/0x1c90 [ 755.613071][T19544] do_filp_open+0x20b/0x470 [ 755.613106][T19544] ? __pfx_do_filp_open+0x10/0x10 [ 755.613172][T19544] ? alloc_fd+0x471/0x7d0 [ 755.613215][T19544] do_sys_openat2+0x11b/0x1d0 [ 755.613260][T19544] ? __pfx_do_sys_openat2+0x10/0x10 [ 755.613323][T19544] __x64_sys_openat+0x174/0x210 [ 755.613397][T19544] ? __pfx___x64_sys_openat+0x10/0x10 [ 755.613474][T19544] do_syscall_64+0xcd/0x490 [ 755.613521][T19544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.613555][T19544] RIP: 0033:0x7ffa0638e9a9 [ 755.613583][T19544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.613617][T19544] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 755.613649][T19544] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 755.613671][T19544] RDX: 0000000000000000 RSI: 0000200000001040 RDI: ffffffffffffff9c [ 755.613691][T19544] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 755.613711][T19544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.613730][T19544] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 755.613772][T19544] [ 756.260226][T19548] i2c i2c-0: Invalid 7-bit I2C address 0x00 [ 756.804863][T19560] netlink: 'syz.5.5320': attribute type 4 has an invalid length. [ 757.100693][T19555] Process accounting resumed [ 759.294148][T19598] FAULT_INJECTION: forcing a failure. [ 759.294148][T19598] name failslab, interval 1, probability 0, space 0, times 0 [ 759.317424][T19598] CPU: 1 UID: 0 PID: 19598 Comm: syz.3.5334 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 759.317478][T19598] Tainted: [U]=USER [ 759.317490][T19598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 759.317510][T19598] Call Trace: [ 759.317521][T19598] [ 759.317535][T19598] dump_stack_lvl+0x16c/0x1f0 [ 759.317582][T19598] should_fail_ex+0x512/0x640 [ 759.317632][T19598] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 759.317672][T19598] should_failslab+0xc2/0x120 [ 759.317715][T19598] __kmalloc_cache_noprof+0x6a/0x3e0 [ 759.317752][T19598] ? apply_subsystem_event_filter+0x44e/0x17d0 [ 759.317809][T19598] apply_subsystem_event_filter+0x44e/0x17d0 [ 759.317873][T19598] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 759.317933][T19598] ? _copy_from_user+0x59/0xd0 [ 759.317970][T19598] subsystem_filter_write+0x95/0x120 [ 759.318019][T19598] ? __pfx_subsystem_filter_write+0x10/0x10 [ 759.318065][T19598] vfs_write+0x29d/0x1150 [ 759.318115][T19598] ? __pfx___mutex_lock+0x10/0x10 [ 759.318159][T19598] ? __pfx_vfs_write+0x10/0x10 [ 759.318208][T19598] ? __fget_files+0x20e/0x3c0 [ 759.318255][T19598] ksys_write+0x12a/0x250 [ 759.318291][T19598] ? __pfx_ksys_write+0x10/0x10 [ 759.318340][T19598] do_syscall_64+0xcd/0x490 [ 759.318397][T19598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.318431][T19598] RIP: 0033:0x7ffa0638e9a9 [ 759.318456][T19598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.318489][T19598] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 759.318519][T19598] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 759.318540][T19598] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 [ 759.318559][T19598] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 759.318577][T19598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.318595][T19598] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 759.318637][T19598] [ 759.850790][T19608] netlink: 346 bytes leftover after parsing attributes in process `syz.4.5338'. [ 760.907928][T19634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5349'. [ 760.958529][T19634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5349'. syzkaller syzkaller login: [ 761.446257][T19648] netlink: 10 bytes leftover after parsing attributes in process `syz.1.5354'. [ 761.488631][T19650] FAULT_INJECTION: forcing a failure. [ 761.488631][T19650] name failslab, interval 1, probability 0, space 0, times 0 [ 761.576324][T19650] CPU: 0 UID: 0 PID: 19650 Comm: syz.3.5355 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 761.576382][T19650] Tainted: [U]=USER [ 761.576393][T19650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 761.576431][T19650] Call Trace: [ 761.576443][T19650] [ 761.576456][T19650] dump_stack_lvl+0x16c/0x1f0 [ 761.576503][T19650] should_fail_ex+0x512/0x640 [ 761.576551][T19650] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 761.576596][T19650] should_failslab+0xc2/0x120 [ 761.576639][T19650] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 761.576677][T19650] ? __kernfs_new_node+0xd2/0x8e0 [ 761.576721][T19650] __kernfs_new_node+0xd2/0x8e0 [ 761.576766][T19650] ? __pfx___kernfs_new_node+0x10/0x10 [ 761.576815][T19650] ? find_held_lock+0x2b/0x80 [ 761.576861][T19650] ? kernfs_root+0xee/0x2a0 [ 761.576912][T19650] kernfs_new_node+0x13c/0x1e0 [ 761.576963][T19650] __kernfs_create_file+0x53/0x350 [ 761.577019][T19650] sysfs_add_file_mode_ns+0x207/0x3c0 [ 761.577066][T19650] sysfs_merge_group+0x1aa/0x340 [ 761.577108][T19650] ? __pfx_sysfs_merge_group+0x10/0x10 [ 761.577155][T19650] ? __pfx_dev_add_physical_location+0x10/0x10 [ 761.577206][T19650] ? bus_to_subsys+0x131/0x160 [ 761.577263][T19650] dpm_sysfs_add+0x237/0x280 [ 761.577316][T19650] device_add+0x9a6/0x1a70 [ 761.577376][T19650] ? __pfx_device_add+0x10/0x10 [ 761.577447][T19650] nfc_register_device+0x41/0x3c0 [ 761.577497][T19650] nci_register_device+0x7f1/0xb80 [ 761.577537][T19650] ? __pfx_nci_register_device+0x10/0x10 [ 761.577581][T19650] ? lockdep_init_map_type+0x5c/0x280 [ 761.577637][T19650] virtual_ncidev_open+0x141/0x220 [ 761.577674][T19650] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 761.577708][T19650] misc_open+0x35d/0x420 [ 761.577743][T19650] ? __pfx_misc_open+0x10/0x10 [ 761.577779][T19650] chrdev_open+0x231/0x6a0 [ 761.577819][T19650] ? __pfx_apparmor_file_open+0x10/0x10 [ 761.577853][T19650] ? __pfx_chrdev_open+0x10/0x10 [ 761.577908][T19650] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 761.577954][T19650] do_dentry_open+0x741/0x1c10 [ 761.577995][T19650] ? __pfx_chrdev_open+0x10/0x10 [ 761.578048][T19650] vfs_open+0x82/0x3f0 [ 761.578101][T19650] path_openat+0x1de4/0x2cb0 [ 761.578153][T19650] ? __pfx_path_openat+0x10/0x10 [ 761.578193][T19650] ? __lock_acquire+0xb8a/0x1c90 [ 761.578245][T19650] do_filp_open+0x20b/0x470 [ 761.578283][T19650] ? __pfx_do_filp_open+0x10/0x10 [ 761.578367][T19650] ? alloc_fd+0x471/0x7d0 [ 761.578412][T19650] do_sys_openat2+0x11b/0x1d0 [ 761.578468][T19650] ? __pfx_do_sys_openat2+0x10/0x10 [ 761.578528][T19650] __x64_sys_openat+0x174/0x210 [ 761.578594][T19650] ? __pfx___x64_sys_openat+0x10/0x10 [ 761.578662][T19650] do_syscall_64+0xcd/0x490 [ 761.578707][T19650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.578739][T19650] RIP: 0033:0x7ffa0638e9a9 [ 761.578768][T19650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.578801][T19650] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 761.578833][T19650] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 761.578872][T19650] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 761.578904][T19650] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 761.578926][T19650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.578946][T19650] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 761.578991][T19650] [ 761.927292][ C0] vkms_vblank_simulate: vblank timer overrun syzkaller syzkaller login: [ 762.929439][T19670] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5361'. [ 762.972517][T19670] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5361'. [ 763.016051][T19670] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5361'. [ 763.081526][T19673] netlink: 'syz.5.5361': attribute type 3 has an invalid length. [ 763.097852][T19670] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5361'. [ 763.135884][T19673] netlink: 146 bytes leftover after parsing attributes in process `syz.5.5361'. [ 763.155183][T19670] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5361'. [ 763.597176][T19681] FAULT_INJECTION: forcing a failure. [ 763.597176][T19681] name failslab, interval 1, probability 0, space 0, times 0 [ 763.610947][T19681] CPU: 1 UID: 0 PID: 19681 Comm: syz.5.5373 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 763.610996][T19681] Tainted: [U]=USER [ 763.611008][T19681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 763.611027][T19681] Call Trace: [ 763.611037][T19681] [ 763.611050][T19681] dump_stack_lvl+0x16c/0x1f0 [ 763.611093][T19681] should_fail_ex+0x512/0x640 [ 763.611146][T19681] should_failslab+0xc2/0x120 [ 763.611185][T19681] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 763.611218][T19681] ? lockdep_hardirqs_on+0x7c/0x110 [ 763.611254][T19681] ? __es_insert_extent+0x743/0x1440 [ 763.611306][T19681] __es_insert_extent+0x743/0x1440 [ 763.611369][T19681] ext4_es_insert_extent+0x502/0x11b0 [ 763.611428][T19681] ? __pfx_ext4_es_insert_extent+0x10/0x10 [ 763.611491][T19681] ? __pfx_ext4_ext_remove_space+0x10/0x10 [ 763.611532][T19681] ? ext4_es_remove_extent+0x103/0x4e0 [ 763.611586][T19681] ? __pfx_ext4_es_remove_extent+0x10/0x10 [ 763.611639][T19681] ? __ext4_journal_start_sb+0x11c/0x690 [ 763.611681][T19681] ext4_punch_hole+0x950/0x1070 [ 763.611730][T19681] ext4_fallocate+0x22d2/0x3790 [ 763.611795][T19681] ? __pfx_ext4_fallocate+0x10/0x10 [ 763.611837][T19681] vfs_fallocate+0x595/0x10c0 [ 763.611878][T19681] ? __pfx_vfs_fallocate+0x10/0x10 [ 763.611915][T19681] ? madvise_vma_behavior+0x222c/0x2420 [ 763.611958][T19681] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 763.612014][T19681] madvise_vma_behavior+0x21ca/0x2420 [ 763.612063][T19681] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 763.612108][T19681] ? __pfx_mas_prev+0x10/0x10 [ 763.612156][T19681] ? find_vma_prev+0xda/0x160 [ 763.612202][T19681] ? __pfx_find_vma_prev+0x10/0x10 [ 763.612257][T19681] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 763.612300][T19681] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 763.612341][T19681] madvise_walk_vmas+0x1d1/0x2c0 [ 763.612384][T19681] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 763.612438][T19681] madvise_do_behavior+0x15d/0x3f0 [ 763.612507][T19681] ? __pfx_madvise_do_behavior+0x10/0x10 [ 763.612579][T19681] do_madvise+0x161/0x230 [ 763.612626][T19681] ? __pfx_do_madvise+0x10/0x10 [ 763.612692][T19681] ? xfd_validate_state+0x61/0x180 [ 763.612750][T19681] __x64_sys_madvise+0xa9/0x110 [ 763.612815][T19681] ? lockdep_hardirqs_on+0x7c/0x110 [ 763.612852][T19681] do_syscall_64+0xcd/0x490 [ 763.612893][T19681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.612924][T19681] RIP: 0033:0x7f1d60f8e9a9 [ 763.612949][T19681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.612980][T19681] RSP: 002b:00007f1d61eae038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 763.613009][T19681] RAX: ffffffffffffffda RBX: 00007f1d611b5fa0 RCX: 00007f1d60f8e9a9 [ 763.613029][T19681] RDX: 0000000000000009 RSI: 00000000000031ca RDI: 000000110c230000 [ 763.613047][T19681] RBP: 00007f1d61010d69 R08: 0000000000000000 R09: 0000000000000000 [ 763.613064][T19681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.613082][T19681] R13: 0000000000000000 R14: 00007f1d611b5fa0 R15: 00007ffc390fbe48 [ 763.613121][T19681] [ 764.692244][T19695] serio: Serial port pty238 [ 764.837560][T19697] ERROR: Out of memory at tomoyo_memory_ok. [ 765.063532][T19705] ERROR: Out of memory at tomoyo_memory_ok. [ 765.098335][T19705] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/211/:,' not defined. [ 765.489479][T19718] netlink: 186 bytes leftover after parsing attributes in process `syz.4.5382'. [ 768.577137][T19769] 0x000200000001-0xa29656a63616329 : "" [ 768.582868][T19769] mtd: partition "" is out of reach -- disabled [ 768.600939][T19769] ftl_cs: FTL header not found. [ 768.792113][T19770] ERROR: Out of memory at tomoyo_memory_ok. [ 768.910522][T19775] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5401'. [ 768.930627][T19775] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.968430][T19775] bridge_slave_1 (unregistering): left allmulticast mode [ 768.976509][T19775] bridge_slave_1 (unregistering): left promiscuous mode [ 768.984174][T19775] bridge0: port 2(bridge_slave_1) entered disabled state [ 769.413956][T19788] FAULT_INJECTION: forcing a failure. [ 769.413956][T19788] name failslab, interval 1, probability 0, space 0, times 0 [ 769.442744][T19788] CPU: 0 UID: 0 PID: 19788 Comm: syz.3.5406 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 769.442789][T19788] Tainted: [U]=USER [ 769.442799][T19788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 769.442815][T19788] Call Trace: [ 769.442825][T19788] [ 769.442836][T19788] dump_stack_lvl+0x16c/0x1f0 [ 769.442875][T19788] should_fail_ex+0x512/0x640 [ 769.442915][T19788] ? fs_reclaim_acquire+0xae/0x150 [ 769.442958][T19788] should_failslab+0xc2/0x120 [ 769.442991][T19788] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 769.443021][T19788] ? jbd2__journal_start+0x193/0x6a0 [ 769.443059][T19788] ? __pfx___might_resched+0x10/0x10 [ 769.443109][T19788] jbd2__journal_start+0x193/0x6a0 [ 769.443154][T19788] __ext4_journal_start_sb+0x195/0x690 [ 769.443186][T19788] ? ext4_punch_hole+0x782/0x1070 [ 769.443225][T19788] ext4_punch_hole+0x782/0x1070 [ 769.443268][T19788] ext4_fallocate+0x22d2/0x3790 [ 769.443319][T19788] ? __pfx_ext4_fallocate+0x10/0x10 [ 769.443357][T19788] vfs_fallocate+0x595/0x10c0 [ 769.443393][T19788] ? __pfx_vfs_fallocate+0x10/0x10 [ 769.443424][T19788] ? madvise_vma_behavior+0x222c/0x2420 [ 769.443463][T19788] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 769.443512][T19788] madvise_vma_behavior+0x21ca/0x2420 [ 769.443563][T19788] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 769.443604][T19788] ? __pfx_mas_prev+0x10/0x10 [ 769.443646][T19788] ? find_vma_prev+0xda/0x160 [ 769.443688][T19788] ? __pfx_find_vma_prev+0x10/0x10 [ 769.443745][T19788] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 769.443783][T19788] madvise_walk_vmas+0x1d1/0x2c0 [ 769.443821][T19788] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 769.443867][T19788] madvise_do_behavior+0x15d/0x3f0 [ 769.443910][T19788] ? __pfx_madvise_do_behavior+0x10/0x10 [ 769.443969][T19788] do_madvise+0x161/0x230 [ 769.444007][T19788] ? __pfx_do_madvise+0x10/0x10 [ 769.444061][T19788] ? xfd_validate_state+0x61/0x180 [ 769.444109][T19788] __x64_sys_madvise+0xa9/0x110 [ 769.444146][T19788] ? lockdep_hardirqs_on+0x7c/0x110 [ 769.444179][T19788] do_syscall_64+0xcd/0x490 [ 769.444231][T19788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.444260][T19788] RIP: 0033:0x7ffa0638e9a9 [ 769.444283][T19788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 769.444311][T19788] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 769.444337][T19788] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 769.444356][T19788] RDX: 0000000000000009 RSI: 00000000000031ca RDI: 000000110c230000 [ 769.444373][T19788] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 769.444390][T19788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 769.444406][T19788] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 769.444441][T19788] [ 769.444459][T19788] EXT4-fs error: 2 callbacks suppressed [ 769.444476][T19788] EXT4-fs error (device sda1) in ext4_punch_hole:4393: Out of memory [ 769.936482][T19792] netlink: 350 bytes leftover after parsing attributes in process `syz.3.5407'. [ 770.412917][T19803] 0x000200000001-0xa29656a63616329 : "" [ 770.420529][T19803] mtd: partition "" is out of reach -- disabled [ 770.449014][T19803] ftl_cs: FTL header not found. [ 770.736586][T19804] ERROR: Out of memory at tomoyo_memory_ok. [ 771.203240][T19816] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5413'. [ 771.220862][T19816] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.312329][T19816] bridge_slave_1 (unregistering): left allmulticast mode [ 771.323784][T19816] bridge_slave_1 (unregistering): left promiscuous mode [ 771.362851][T19816] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.849005][T19827] FAULT_INJECTION: forcing a failure. [ 771.849005][T19827] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 771.888755][T19827] CPU: 0 UID: 0 PID: 19827 Comm: syz.5.5416 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 771.888807][T19827] Tainted: [U]=USER [ 771.888817][T19827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 771.888835][T19827] Call Trace: [ 771.888844][T19827] [ 771.888856][T19827] dump_stack_lvl+0x16c/0x1f0 [ 771.888896][T19827] should_fail_ex+0x512/0x640 [ 771.888944][T19827] should_fail_alloc_page+0xe7/0x130 [ 771.888985][T19827] prepare_alloc_pages+0x3c2/0x610 [ 771.889028][T19827] ? rcu_is_watching+0x12/0xc0 [ 771.889061][T19827] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 771.889107][T19827] ? __lock_acquire+0xb8a/0x1c90 [ 771.889156][T19827] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 771.889189][T19827] ? do_raw_spin_lock+0x12c/0x2b0 [ 771.889233][T19827] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 771.889275][T19827] ? find_held_lock+0x2b/0x80 [ 771.889314][T19827] ? __lock_acquire+0xb8a/0x1c90 [ 771.889353][T19827] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 771.889399][T19827] ? policy_nodemask+0xea/0x4e0 [ 771.889438][T19827] alloc_pages_mpol+0x1fb/0x550 [ 771.889476][T19827] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 771.889540][T19827] folio_alloc_mpol_noprof+0x36/0x2f0 [ 771.889585][T19827] shmem_alloc_folio+0x135/0x160 [ 771.889632][T19827] shmem_alloc_and_add_folio+0x499/0xc20 [ 771.889670][T19827] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 771.889705][T19827] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 771.889744][T19827] shmem_get_folio_gfp+0x67f/0x1600 [ 771.889789][T19827] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 771.889824][T19827] ? __pfx___might_resched+0x10/0x10 [ 771.889862][T19827] shmem_fallocate+0x795/0xf50 [ 771.889909][T19827] ? __pfx_shmem_fallocate+0x10/0x10 [ 771.889940][T19827] ? aa_file_perm+0x495/0xf70 [ 771.889980][T19827] ? __lock_acquire+0xb8a/0x1c90 [ 771.890022][T19827] ? __lock_acquire+0x622/0x1c90 [ 771.890089][T19827] ? __pfx_shmem_fallocate+0x10/0x10 [ 771.890124][T19827] vfs_fallocate+0x595/0x10c0 [ 771.890162][T19827] ? __pfx_vfs_fallocate+0x10/0x10 [ 771.890205][T19827] __x64_sys_fallocate+0xd5/0x150 [ 771.890244][T19827] do_syscall_64+0xcd/0x490 [ 771.890285][T19827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.890316][T19827] RIP: 0033:0x7f1d60f8e9a9 [ 771.890340][T19827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.890369][T19827] RSP: 002b:00007f1d61e8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 771.890397][T19827] RAX: ffffffffffffffda RBX: 00007f1d611b6080 RCX: 00007f1d60f8e9a9 [ 771.890418][T19827] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 771.890436][T19827] RBP: 00007f1d61010d69 R08: 0000000000000000 R09: 0000000000000000 [ 771.890454][T19827] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 771.890472][T19827] R13: 0000000000000000 R14: 00007f1d611b6080 R15: 00007ffc390fbe48 [ 771.890523][T19827] [ 772.185679][ C0] vkms_vblank_simulate: vblank timer overrun [ 772.488953][T19838] netlink: 302 bytes leftover after parsing attributes in process `syz.1.5423'. [ 772.588874][T19837] FAULT_INJECTION: forcing a failure. [ 772.588874][T19837] name failslab, interval 1, probability 0, space 0, times 0 [ 772.611156][T19837] CPU: 0 UID: 0 PID: 19837 Comm: syz.4.5420 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 772.611217][T19837] Tainted: [U]=USER [ 772.611228][T19837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 772.611246][T19837] Call Trace: [ 772.611257][T19837] [ 772.611270][T19837] dump_stack_lvl+0x16c/0x1f0 [ 772.611315][T19837] should_fail_ex+0x512/0x640 [ 772.611364][T19837] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 772.611403][T19837] should_failslab+0xc2/0x120 [ 772.611445][T19837] __kmalloc_cache_noprof+0x6a/0x3e0 [ 772.611477][T19837] ? append_filter_err+0x41f/0x5e0 [ 772.611517][T19837] ? apply_subsystem_event_filter+0x54e/0x17d0 [ 772.611569][T19837] apply_subsystem_event_filter+0x54e/0x17d0 [ 772.611629][T19837] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 772.611685][T19837] ? _copy_from_user+0x59/0xd0 [ 772.611724][T19837] subsystem_filter_write+0x95/0x120 [ 772.611780][T19837] ? __pfx_subsystem_filter_write+0x10/0x10 [ 772.611822][T19837] vfs_write+0x29d/0x1150 [ 772.611864][T19837] ? __pfx___mutex_lock+0x10/0x10 [ 772.611905][T19837] ? __pfx_vfs_write+0x10/0x10 [ 772.611953][T19837] ? __fget_files+0x20e/0x3c0 [ 772.612000][T19837] ksys_write+0x12a/0x250 [ 772.612033][T19837] ? __pfx_ksys_write+0x10/0x10 [ 772.612078][T19837] do_syscall_64+0xcd/0x490 [ 772.612121][T19837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.612153][T19837] RIP: 0033:0x7f2222d8e9a9 [ 772.612185][T19837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 772.612218][T19837] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 772.612248][T19837] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 772.612269][T19837] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 [ 772.612288][T19837] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 772.612306][T19837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.612323][T19837] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 772.612362][T19837] [ 772.824520][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.074758][T19851] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5428'. [ 773.085618][T19847] FAULT_INJECTION: forcing a failure. [ 773.085618][T19847] name failslab, interval 1, probability 0, space 0, times 0 [ 773.099746][T19847] CPU: 1 UID: 0 PID: 19847 Comm: syz.4.5427 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 773.099796][T19847] Tainted: [U]=USER [ 773.099807][T19847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 773.099826][T19847] Call Trace: [ 773.099837][T19847] [ 773.099849][T19847] dump_stack_lvl+0x16c/0x1f0 [ 773.099894][T19847] should_fail_ex+0x512/0x640 [ 773.099942][T19847] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 773.099985][T19847] should_failslab+0xc2/0x120 [ 773.100027][T19847] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 773.100064][T19847] ? __kernfs_new_node+0xd2/0x8e0 [ 773.100118][T19847] __kernfs_new_node+0xd2/0x8e0 [ 773.100171][T19847] ? __pfx___kernfs_new_node+0x10/0x10 [ 773.100218][T19847] ? find_held_lock+0x2b/0x80 [ 773.100250][T19847] ? kernfs_root+0xee/0x2a0 [ 773.100293][T19847] kernfs_new_node+0x13c/0x1e0 [ 773.100340][T19847] kernfs_create_dir_ns+0x4c/0x1a0 [ 773.100386][T19847] internal_create_group+0x34d/0xf30 [ 773.100429][T19847] ? kernfs_add_one+0x14e/0x840 [ 773.100469][T19847] ? __pfx_internal_create_group+0x10/0x10 [ 773.100513][T19847] ? __pfx_dev_add_physical_location+0x10/0x10 [ 773.100566][T19847] ? bus_to_subsys+0x131/0x160 [ 773.100602][T19847] dpm_sysfs_add+0x80/0x280 [ 773.100671][T19847] device_add+0x9a6/0x1a70 [ 773.100725][T19847] ? __pfx_device_add+0x10/0x10 [ 773.100789][T19847] nfc_register_device+0x41/0x3c0 [ 773.100836][T19847] nci_register_device+0x7f1/0xb80 [ 773.100874][T19847] ? __pfx_nci_register_device+0x10/0x10 [ 773.100918][T19847] ? lockdep_init_map_type+0x5c/0x280 [ 773.100972][T19847] virtual_ncidev_open+0x141/0x220 [ 773.101008][T19847] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 773.101042][T19847] misc_open+0x35d/0x420 [ 773.101078][T19847] ? __pfx_misc_open+0x10/0x10 [ 773.101112][T19847] chrdev_open+0x231/0x6a0 [ 773.101157][T19847] ? __pfx_apparmor_file_open+0x10/0x10 [ 773.101206][T19847] ? __pfx_chrdev_open+0x10/0x10 [ 773.101270][T19847] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 773.101315][T19847] do_dentry_open+0x741/0x1c10 [ 773.101353][T19847] ? __pfx_chrdev_open+0x10/0x10 [ 773.101402][T19847] vfs_open+0x82/0x3f0 [ 773.101453][T19847] path_openat+0x1de4/0x2cb0 [ 773.101505][T19847] ? __pfx_path_openat+0x10/0x10 [ 773.101544][T19847] ? __lock_acquire+0xb8a/0x1c90 [ 773.101595][T19847] do_filp_open+0x20b/0x470 [ 773.101634][T19847] ? __pfx_do_filp_open+0x10/0x10 [ 773.101704][T19847] ? alloc_fd+0x471/0x7d0 [ 773.101752][T19847] do_sys_openat2+0x11b/0x1d0 [ 773.101799][T19847] ? __pfx_do_sys_openat2+0x10/0x10 [ 773.101864][T19847] __x64_sys_openat+0x174/0x210 [ 773.101916][T19847] ? __pfx___x64_sys_openat+0x10/0x10 [ 773.101987][T19847] do_syscall_64+0xcd/0x490 [ 773.102032][T19847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.102066][T19847] RIP: 0033:0x7f2222d8e9a9 [ 773.102094][T19847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.102135][T19847] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 773.102166][T19847] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 773.102188][T19847] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 773.102209][T19847] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 773.102228][T19847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.102248][T19847] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 773.102291][T19847] [ 773.586114][T19857] netlink: 266 bytes leftover after parsing attributes in process `syz.4.5430'. [ 773.595778][T19857] IPv6: NLM_F_CREATE should be specified when creating new route [ 773.791913][T19862] FAULT_INJECTION: forcing a failure. [ 773.791913][T19862] name failslab, interval 1, probability 0, space 0, times 0 [ 773.810487][T19862] CPU: 1 UID: 0 PID: 19862 Comm: syz.4.5433 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 773.810542][T19862] Tainted: [U]=USER [ 773.810553][T19862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 773.810573][T19862] Call Trace: [ 773.810585][T19862] [ 773.810598][T19862] dump_stack_lvl+0x16c/0x1f0 [ 773.810645][T19862] should_fail_ex+0x512/0x640 [ 773.810696][T19862] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 773.810735][T19862] should_failslab+0xc2/0x120 [ 773.810778][T19862] __kmalloc_cache_noprof+0x6a/0x3e0 [ 773.810811][T19862] ? lockdep_hardirqs_on+0x7c/0x110 [ 773.810850][T19862] ? snd_seq_fifo_new+0x42/0x260 [ 773.810885][T19862] ? seq_create_client1+0x420/0x5e0 [ 773.810932][T19862] ? __pfx_snd_seq_open+0x10/0x10 [ 773.810978][T19862] snd_seq_fifo_new+0x42/0x260 [ 773.811012][T19862] snd_seq_open+0x15c/0x550 [ 773.811059][T19862] ? __pfx_snd_seq_open+0x10/0x10 [ 773.811100][T19862] snd_open+0x1fe/0x450 [ 773.811146][T19862] ? __pfx_snd_open+0x10/0x10 [ 773.811214][T19862] chrdev_open+0x231/0x6a0 [ 773.811253][T19862] ? __pfx_apparmor_file_open+0x10/0x10 [ 773.811286][T19862] ? __pfx_chrdev_open+0x10/0x10 [ 773.811330][T19862] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 773.811376][T19862] do_dentry_open+0x741/0x1c10 [ 773.811417][T19862] ? __pfx_chrdev_open+0x10/0x10 [ 773.811467][T19862] vfs_open+0x82/0x3f0 [ 773.811518][T19862] path_openat+0x1de4/0x2cb0 [ 773.811569][T19862] ? __pfx_path_openat+0x10/0x10 [ 773.811608][T19862] ? __lock_acquire+0xb8a/0x1c90 [ 773.811657][T19862] do_filp_open+0x20b/0x470 [ 773.811693][T19862] ? __pfx_do_filp_open+0x10/0x10 [ 773.811761][T19862] ? alloc_fd+0x471/0x7d0 [ 773.811818][T19862] do_sys_openat2+0x11b/0x1d0 [ 773.811863][T19862] ? __pfx_do_sys_openat2+0x10/0x10 [ 773.811929][T19862] __x64_sys_openat+0x174/0x210 [ 773.811976][T19862] ? __pfx___x64_sys_openat+0x10/0x10 [ 773.812042][T19862] do_syscall_64+0xcd/0x490 [ 773.812084][T19862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.812116][T19862] RIP: 0033:0x7f2222d8e9a9 [ 773.812142][T19862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.812181][T19862] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 773.812212][T19862] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 773.812234][T19862] RDX: 0000000000000100 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 773.812254][T19862] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 773.812273][T19862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.812291][T19862] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 773.812330][T19862] [ 774.240956][T19864] FAULT_INJECTION: forcing a failure. [ 774.240956][T19864] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 774.254652][T19864] CPU: 1 UID: 0 PID: 19864 Comm: syz.3.5431 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 774.254701][T19864] Tainted: [U]=USER [ 774.254711][T19864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 774.254731][T19864] Call Trace: [ 774.254741][T19864] [ 774.254753][T19864] dump_stack_lvl+0x16c/0x1f0 [ 774.254796][T19864] should_fail_ex+0x512/0x640 [ 774.254850][T19864] should_fail_alloc_page+0xe7/0x130 [ 774.254894][T19864] prepare_alloc_pages+0x3c2/0x610 [ 774.254940][T19864] ? rcu_is_watching+0x12/0xc0 [ 774.254977][T19864] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 774.255016][T19864] ? __lock_acquire+0xb8a/0x1c90 [ 774.255073][T19864] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 774.255111][T19864] ? do_raw_spin_lock+0x12c/0x2b0 [ 774.255165][T19864] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 774.255212][T19864] ? find_held_lock+0x2b/0x80 [ 774.255254][T19864] ? __lock_acquire+0xb8a/0x1c90 [ 774.255314][T19864] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 774.255369][T19864] ? policy_nodemask+0xea/0x4e0 [ 774.255415][T19864] alloc_pages_mpol+0x1fb/0x550 [ 774.255458][T19864] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 774.255513][T19864] folio_alloc_mpol_noprof+0x36/0x2f0 [ 774.255564][T19864] shmem_alloc_folio+0x135/0x160 [ 774.255617][T19864] shmem_alloc_and_add_folio+0x499/0xc20 [ 774.255662][T19864] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 774.255702][T19864] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 774.255746][T19864] shmem_get_folio_gfp+0x67f/0x1600 [ 774.255791][T19864] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 774.255830][T19864] ? __pfx___might_resched+0x10/0x10 [ 774.255871][T19864] shmem_fallocate+0x795/0xf50 [ 774.255927][T19864] ? __pfx_shmem_fallocate+0x10/0x10 [ 774.255962][T19864] ? aa_file_perm+0x495/0xf70 [ 774.256008][T19864] ? __lock_acquire+0xb8a/0x1c90 [ 774.256058][T19864] ? __lock_acquire+0x622/0x1c90 [ 774.256155][T19864] ? __pfx_shmem_fallocate+0x10/0x10 [ 774.256193][T19864] vfs_fallocate+0x595/0x10c0 [ 774.256238][T19864] ? __pfx_vfs_fallocate+0x10/0x10 [ 774.256291][T19864] __x64_sys_fallocate+0xd5/0x150 [ 774.256337][T19864] do_syscall_64+0xcd/0x490 [ 774.256384][T19864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 774.256419][T19864] RIP: 0033:0x7ffa0638e9a9 [ 774.256446][T19864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 774.256480][T19864] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 774.256512][T19864] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 774.256533][T19864] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 774.256552][T19864] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 774.256572][T19864] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 774.256591][T19864] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 774.256635][T19864] [ 774.608263][T19869] hub 1-0:1.0: USB hub found [ 774.619299][T19869] hub 1-0:1.0: 1 port detected [ 775.251282][T19887] FAULT_INJECTION: forcing a failure. [ 775.251282][T19887] name failslab, interval 1, probability 0, space 0, times 0 [ 775.301650][T19887] CPU: 1 UID: 0 PID: 19887 Comm: syz.1.5440 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 775.301708][T19887] Tainted: [U]=USER [ 775.301720][T19887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 775.301740][T19887] Call Trace: [ 775.301751][T19887] [ 775.301764][T19887] dump_stack_lvl+0x16c/0x1f0 [ 775.301809][T19887] should_fail_ex+0x512/0x640 [ 775.301859][T19887] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 775.301899][T19887] should_failslab+0xc2/0x120 [ 775.301941][T19887] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 775.301980][T19887] ? __kernfs_new_node+0xd2/0x8e0 [ 775.302034][T19887] __kernfs_new_node+0xd2/0x8e0 [ 775.302074][T19887] ? __pfx___kernfs_new_node+0x10/0x10 [ 775.302119][T19887] ? find_held_lock+0x2b/0x80 [ 775.302150][T19887] ? kernfs_root+0xee/0x2a0 [ 775.302194][T19887] kernfs_new_node+0x13c/0x1e0 [ 775.302243][T19887] __kernfs_create_file+0x53/0x350 [ 775.302295][T19887] sysfs_add_file_mode_ns+0x207/0x3c0 [ 775.302338][T19887] sysfs_merge_group+0x1aa/0x340 [ 775.302375][T19887] ? __pfx_sysfs_merge_group+0x10/0x10 [ 775.302418][T19887] ? __pfx_dev_add_physical_location+0x10/0x10 [ 775.302467][T19887] ? bus_to_subsys+0x131/0x160 [ 775.302504][T19887] dpm_sysfs_add+0x237/0x280 [ 775.302570][T19887] device_add+0x9a6/0x1a70 [ 775.302625][T19887] ? __pfx_device_add+0x10/0x10 [ 775.302690][T19887] nfc_register_device+0x41/0x3c0 [ 775.302749][T19887] nci_register_device+0x7f1/0xb80 [ 775.302787][T19887] ? __pfx_nci_register_device+0x10/0x10 [ 775.302828][T19887] ? lockdep_init_map_type+0x5c/0x280 [ 775.302883][T19887] virtual_ncidev_open+0x141/0x220 [ 775.302918][T19887] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 775.302953][T19887] misc_open+0x35d/0x420 [ 775.302988][T19887] ? __pfx_misc_open+0x10/0x10 [ 775.303022][T19887] chrdev_open+0x231/0x6a0 [ 775.303058][T19887] ? __pfx_apparmor_file_open+0x10/0x10 [ 775.303090][T19887] ? __pfx_chrdev_open+0x10/0x10 [ 775.303131][T19887] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 775.303174][T19887] do_dentry_open+0x741/0x1c10 [ 775.303210][T19887] ? __pfx_chrdev_open+0x10/0x10 [ 775.303256][T19887] vfs_open+0x82/0x3f0 [ 775.303306][T19887] path_openat+0x1de4/0x2cb0 [ 775.303356][T19887] ? __pfx_path_openat+0x10/0x10 [ 775.303395][T19887] ? __lock_acquire+0xb8a/0x1c90 [ 775.303443][T19887] do_filp_open+0x20b/0x470 [ 775.303479][T19887] ? __pfx_do_filp_open+0x10/0x10 [ 775.303545][T19887] ? alloc_fd+0x471/0x7d0 [ 775.303587][T19887] do_sys_openat2+0x11b/0x1d0 [ 775.303634][T19887] ? __pfx_do_sys_openat2+0x10/0x10 [ 775.303723][T19887] __x64_sys_openat+0x174/0x210 [ 775.303771][T19887] ? __pfx___x64_sys_openat+0x10/0x10 [ 775.303837][T19887] do_syscall_64+0xcd/0x490 [ 775.303883][T19887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.303916][T19887] RIP: 0033:0x7fb60118e9a9 [ 775.303941][T19887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 775.303974][T19887] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 775.304005][T19887] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 775.304025][T19887] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 775.304046][T19887] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 775.304065][T19887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 775.304084][T19887] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 775.304126][T19887] [ 775.761613][T19894] serio: Serial port pty238 [ 778.390996][T19908] FAULT_INJECTION: forcing a failure. [ 778.390996][T19908] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 778.409078][T19908] CPU: 1 UID: 0 PID: 19908 Comm: syz.4.5445 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 778.409129][T19908] Tainted: [U]=USER [ 778.409140][T19908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 778.409159][T19908] Call Trace: [ 778.409171][T19908] [ 778.409183][T19908] dump_stack_lvl+0x16c/0x1f0 [ 778.409226][T19908] should_fail_ex+0x512/0x640 [ 778.409279][T19908] should_fail_alloc_page+0xe7/0x130 [ 778.409324][T19908] prepare_alloc_pages+0x3c2/0x610 [ 778.409373][T19908] ? rcu_is_watching+0x12/0xc0 [ 778.409422][T19908] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 778.409463][T19908] ? __lock_acquire+0xb8a/0x1c90 [ 778.409524][T19908] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 778.409563][T19908] ? do_raw_spin_lock+0x12c/0x2b0 [ 778.409613][T19908] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 778.409664][T19908] ? find_held_lock+0x2b/0x80 [ 778.409709][T19908] ? __lock_acquire+0xb8a/0x1c90 [ 778.409751][T19908] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 778.409805][T19908] ? policy_nodemask+0xea/0x4e0 [ 778.409851][T19908] alloc_pages_mpol+0x1fb/0x550 [ 778.409896][T19908] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 778.409956][T19908] folio_alloc_mpol_noprof+0x36/0x2f0 [ 778.410009][T19908] shmem_alloc_folio+0x135/0x160 [ 778.410062][T19908] shmem_alloc_and_add_folio+0x499/0xc20 [ 778.410106][T19908] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 778.410146][T19908] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 778.410188][T19908] shmem_get_folio_gfp+0x67f/0x1600 [ 778.410234][T19908] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 778.410271][T19908] ? __pfx___might_resched+0x10/0x10 [ 778.410313][T19908] shmem_fallocate+0x795/0xf50 [ 778.410386][T19908] ? __pfx_shmem_fallocate+0x10/0x10 [ 778.410429][T19908] ? aa_file_perm+0x495/0xf70 [ 778.410478][T19908] ? __lock_acquire+0xb8a/0x1c90 [ 778.410528][T19908] ? __lock_acquire+0x622/0x1c90 [ 778.410596][T19908] ? __pfx_shmem_fallocate+0x10/0x10 [ 778.410633][T19908] vfs_fallocate+0x595/0x10c0 [ 778.410674][T19908] ? __pfx_vfs_fallocate+0x10/0x10 [ 778.410739][T19908] __x64_sys_fallocate+0xd5/0x150 [ 778.410781][T19908] do_syscall_64+0xcd/0x490 [ 778.410826][T19908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.410860][T19908] RIP: 0033:0x7f2222d8e9a9 [ 778.410885][T19908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.410919][T19908] RSP: 002b:00007f2223b20038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 778.410948][T19908] RAX: ffffffffffffffda RBX: 00007f2222fb6080 RCX: 00007f2222d8e9a9 [ 778.410970][T19908] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 778.410988][T19908] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 778.411006][T19908] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 778.411023][T19908] R13: 0000000000000000 R14: 00007f2222fb6080 R15: 00007ffc7a87c398 [ 778.411059][T19908] [ 778.969980][T19920] hub 1-0:1.0: USB hub found [ 778.979137][T19920] hub 1-0:1.0: 1 port detected [ 779.345365][T19926] 0x000200000001-0xa29656a63616329 : "" [ 779.353989][T19926] mtd: partition "" is out of reach -- disabled [ 779.386076][T19926] ftl_cs: FTL header not found. [ 779.614230][T19929] ERROR: Out of memory at tomoyo_memory_ok. [ 779.784492][T19935] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5456'. [ 779.795567][T19934] FAULT_INJECTION: forcing a failure. [ 779.795567][T19934] name failslab, interval 1, probability 0, space 0, times 0 [ 779.809202][T19935] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5456'. [ 779.819965][T19934] CPU: 0 UID: 0 PID: 19934 Comm: syz.4.5455 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 779.820014][T19934] Tainted: [U]=USER [ 779.820025][T19934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 779.820045][T19934] Call Trace: [ 779.820055][T19934] [ 779.820068][T19934] dump_stack_lvl+0x16c/0x1f0 [ 779.820114][T19934] should_fail_ex+0x512/0x640 [ 779.820161][T19934] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 779.820199][T19934] should_failslab+0xc2/0x120 [ 779.820241][T19934] __kmalloc_cache_noprof+0x6a/0x3e0 [ 779.820327][T19934] ? apparmor_capable+0x114/0x1d0 [ 779.820373][T19934] ? fsnotify_alloc_group+0x92/0x330 [ 779.820415][T19934] fsnotify_alloc_group+0x92/0x330 [ 779.820450][T19934] __do_sys_fanotify_init+0x287/0xc00 [ 779.820497][T19934] ? rcu_is_watching+0x12/0xc0 [ 779.820536][T19934] do_syscall_64+0xcd/0x490 [ 779.820580][T19934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.820611][T19934] RIP: 0033:0x7f2222d8e9a9 [ 779.820638][T19934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 779.820670][T19934] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 779.820702][T19934] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 779.820723][T19934] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 779.820742][T19934] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 779.820761][T19934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.820780][T19934] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 779.820820][T19934] [ 780.794019][ T1153] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 780.945180][ T1153] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 781.157179][ T1153] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 781.267233][ T1153] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 781.561305][T19966] netlink: 'syz.1.5469': attribute type 5 has an invalid length. [ 781.586329][T19966] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5469'. [ 781.627079][ T1153] bridge_slave_1: left allmulticast mode [ 781.638556][ T1153] bridge_slave_1: left promiscuous mode [ 781.654992][ T1153] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.732695][ T1153] bridge_slave_0: left allmulticast mode [ 781.741837][ T1153] bridge_slave_0: left promiscuous mode [ 781.754360][ T1153] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.926990][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 781.942784][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 781.965597][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 781.984081][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 781.996589][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 782.241265][ T1153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 782.252470][ T1153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 782.263136][ T1153] bond0 (unregistering): Released all slaves [ 782.408099][T19977] EXT4-fs warning: 2 callbacks suppressed [ 782.408121][T19977] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 782.474416][T19977] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 782.501501][T19977] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 782.520018][T19977] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 782.618347][T19979] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 782.635738][T19979] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 782.654348][T19979] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 782.675825][T19979] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 782.767423][ T1153] hsr_slave_0: left promiscuous mode [ 782.774935][ T1153] hsr_slave_1: left promiscuous mode [ 782.781079][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 782.790275][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 782.799729][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 782.807457][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 782.834638][ T1153] veth0_macvtap: left promiscuous mode [ 782.841535][ T1153] veth1_vlan: left promiscuous mode [ 782.847293][ T1153] veth0_vlan: left promiscuous mode [ 783.267555][ T1153] team0 (unregistering): Port device team_slave_1 removed [ 783.314837][ T1153] team0 (unregistering): Port device team_slave_0 removed [ 783.693606][T19972] chnl_net:caif_netlink_parms(): no params data found [ 783.872762][T19985] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 783.890668][T19985] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 783.918637][T19985] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 783.935835][T19985] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 783.937986][T19972] bridge0: port 1(bridge_slave_0) entered blocking state [ 783.959455][T19972] bridge0: port 1(bridge_slave_0) entered disabled state [ 783.966736][T19972] bridge_slave_0: entered allmulticast mode [ 783.975657][T19972] bridge_slave_0: entered promiscuous mode [ 783.993593][T19972] bridge0: port 2(bridge_slave_1) entered blocking state [ 784.001607][T19972] bridge0: port 2(bridge_slave_1) entered disabled state [ 784.015528][T19972] bridge_slave_1: entered allmulticast mode [ 784.021000][T19986] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.022279][ T5158] Bluetooth: hci3: command tx timeout [ 784.037283][T19986] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 784.037765][T19986] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.053630][T19972] bridge_slave_1: entered promiscuous mode [ 784.058010][T19986] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 784.151912][T19972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 784.168930][T19972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 784.215325][T19972] team0: Port device team_slave_0 added [ 784.226680][T19972] team0: Port device team_slave_1 added [ 784.266450][T19972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 784.278845][T19972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 784.307833][T19972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 784.321732][T19972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 784.328919][T19972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 784.355804][T19972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 784.421177][T19972] hsr_slave_0: entered promiscuous mode [ 784.431350][T19972] hsr_slave_1: entered promiscuous mode [ 784.438282][T19987] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.438740][T19972] debugfs: 'hsr0' already exists in 'hsr' [ 784.460543][T19987] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 784.474719][T19972] Cannot create hsr debugfs directory [ 784.477737][T19987] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.497617][T19987] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 785.150306][T19972] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 785.162248][T19972] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 785.176687][T19972] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 785.196268][T19972] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 785.348348][T19972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.385103][T19972] 8021q: adding VLAN 0 to HW filter on device team0 [ 785.399101][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 785.406380][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 785.427107][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 785.434354][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 785.740788][T19972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 786.019115][T19972] veth0_vlan: entered promiscuous mode [ 786.033980][T19972] veth1_vlan: entered promiscuous mode [ 786.069749][T19972] veth0_macvtap: entered promiscuous mode [ 786.079612][T19972] veth1_macvtap: entered promiscuous mode [ 786.088988][ T5158] Bluetooth: hci3: command tx timeout [ 786.101540][T19972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 786.120347][T19972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 786.134033][T19972] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.143787][T19972] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.153744][T19972] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.162821][T19972] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.246138][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.263675][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.295530][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 786.304052][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 787.928742][T20020] Process accounting paused [ 788.109352][T20031] ERROR: Out of memory at tomoyo_memory_ok. [ 788.169873][ T5158] Bluetooth: hci3: command tx timeout [ 788.291789][T20042] bond0: mtu greater than device maximum [ 789.194786][T20058] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5485'. [ 789.227743][T20059] random: crng reseeded on system resumption [ 790.183325][T20081] FAULT_INJECTION: forcing a failure. [ 790.183325][T20081] name failslab, interval 1, probability 0, space 0, times 0 [ 790.206250][T20081] CPU: 1 UID: 0 PID: 20081 Comm: syz.3.5494 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 790.206304][T20081] Tainted: [U]=USER [ 790.206314][T20081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 790.206331][T20081] Call Trace: [ 790.206341][T20081] [ 790.206362][T20081] dump_stack_lvl+0x16c/0x1f0 [ 790.206403][T20081] should_fail_ex+0x512/0x640 [ 790.206446][T20081] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 790.206482][T20081] should_failslab+0xc2/0x120 [ 790.206522][T20081] __kmalloc_cache_noprof+0x6a/0x3e0 [ 790.206552][T20081] ? alloc_mnt_ns+0xd2/0x520 [ 790.206603][T20081] alloc_mnt_ns+0xd2/0x520 [ 790.206649][T20081] vfs_open_tree+0x37c/0x910 [ 790.206693][T20081] ? __sys_accept4+0x146/0x1c0 [ 790.206723][T20081] ? __pfx_vfs_open_tree+0x10/0x10 [ 790.206754][T20081] ? xfd_validate_state+0x61/0x180 [ 790.206793][T20081] ? __pfx_do_writev+0x10/0x10 [ 790.206826][T20081] __x64_sys_open_tree+0x84/0x130 [ 790.206860][T20081] do_syscall_64+0xcd/0x490 [ 790.206897][T20081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.206925][T20081] RIP: 0033:0x7ffa0638e9a9 [ 790.206947][T20081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 790.206975][T20081] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 790.207001][T20081] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 790.207019][T20081] RDX: 0000000000000101 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 790.207037][T20081] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 790.207054][T20081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.207070][T20081] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 790.207102][T20081] [ 790.391690][ C1] vkms_vblank_simulate: vblank timer overrun [ 790.423992][ T5158] Bluetooth: hci3: command tx timeout [ 791.150752][T20094] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5501'. [ 791.222163][T20096] netlink: 'syz.4.5502': attribute type 5 has an invalid length. [ 791.233029][T20096] netlink: 314 bytes leftover after parsing attributes in process `syz.4.5502'. [ 791.421445][T20100] FAULT_INJECTION: forcing a failure. [ 791.421445][T20100] name fail_futex, interval 1, probability 0, space 0, times 0 [ 791.440862][T20100] CPU: 0 UID: 0 PID: 20100 Comm: syz.4.5504 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 791.440914][T20100] Tainted: [U]=USER [ 791.440926][T20100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 791.440945][T20100] Call Trace: [ 791.440957][T20100] [ 791.440970][T20100] dump_stack_lvl+0x16c/0x1f0 [ 791.441015][T20100] should_fail_ex+0x512/0x640 [ 791.441070][T20100] get_futex_key+0x1d0/0x1540 [ 791.441118][T20100] ? __pfx_get_futex_key+0x10/0x10 [ 791.441173][T20100] futex_wake+0xea/0x530 [ 791.441224][T20100] ? rcu_is_watching+0x12/0xc0 [ 791.441260][T20100] ? __pfx_futex_wake+0x10/0x10 [ 791.441314][T20100] ? kmem_cache_free+0x2d1/0x4d0 [ 791.441348][T20100] ? fd_install+0x225/0x750 [ 791.441377][T20100] ? putname+0x154/0x1a0 [ 791.441426][T20100] do_futex+0x1e3/0x350 [ 791.441471][T20100] ? __pfx_do_futex+0x10/0x10 [ 791.441526][T20100] __x64_sys_futex+0x1e0/0x4c0 [ 791.441580][T20100] ? __x64_sys_openat+0x174/0x210 [ 791.441631][T20100] ? __pfx___x64_sys_futex+0x10/0x10 [ 791.441674][T20100] ? xfd_validate_state+0x61/0x180 [ 791.441737][T20100] do_syscall_64+0xcd/0x490 [ 791.441781][T20100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.441814][T20100] RIP: 0033:0x7f2222d8e9a9 [ 791.441840][T20100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 791.441873][T20100] RSP: 002b:00007f2223b410e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 791.441904][T20100] RAX: ffffffffffffffda RBX: 00007f2222fb5fa8 RCX: 00007f2222d8e9a9 [ 791.441924][T20100] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2222fb5fac [ 791.441944][T20100] RBP: 00007f2222fb5fa0 R08: 00007f2223b42000 R09: 0000000000000000 [ 791.441963][T20100] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f2222fb5fac [ 791.441982][T20100] R13: 0000000000000000 R14: 00007ffc7a87c2b0 R15: 00007ffc7a87c398 [ 791.442023][T20100] [ 793.008019][T20123] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5511'. [ 793.019780][T20123] : renamed from gre0 (while UP) [ 793.044476][T20123] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5511'. [ 793.439913][T20132] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5512'. [ 793.773338][T20141] FAULT_INJECTION: forcing a failure. [ 793.773338][T20141] name failslab, interval 1, probability 0, space 0, times 0 [ 793.787328][T20141] CPU: 1 UID: 0 PID: 20141 Comm: syz.3.5517 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 793.787382][T20141] Tainted: [U]=USER [ 793.787393][T20141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.787411][T20141] Call Trace: [ 793.787422][T20141] [ 793.787433][T20141] dump_stack_lvl+0x16c/0x1f0 [ 793.787475][T20141] should_fail_ex+0x512/0x640 [ 793.787519][T20141] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 793.787558][T20141] should_failslab+0xc2/0x120 [ 793.787595][T20141] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 793.787628][T20141] ? apparmor_capable+0x114/0x1d0 [ 793.787668][T20141] ? prepare_creds+0x2c/0x7d0 [ 793.787712][T20141] prepare_creds+0x2c/0x7d0 [ 793.787756][T20141] __sys_setresuid+0x46d/0x1160 [ 793.787794][T20141] do_syscall_64+0xcd/0x490 [ 793.787833][T20141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.787861][T20141] RIP: 0033:0x7ffa0638e9a9 [ 793.787884][T20141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.787915][T20141] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 793.787946][T20141] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 793.787968][T20141] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000002 [ 793.787988][T20141] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 793.788008][T20141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.788028][T20141] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 793.788070][T20141] [ 793.955414][ C1] vkms_vblank_simulate: vblank timer overrun [ 794.362141][T20155] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5522'. [ 794.371706][T20155] : renamed from gre0 (while UP) [ 794.395435][T20155] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5522'. [ 794.481250][T20157] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5523'. [ 794.995622][T20166] FAULT_INJECTION: forcing a failure. [ 794.995622][T20166] name failslab, interval 1, probability 0, space 0, times 0 [ 795.043845][T20166] CPU: 1 UID: 0 PID: 20166 Comm: syz.4.5528 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 795.043907][T20166] Tainted: [U]=USER [ 795.043919][T20166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 795.043936][T20166] Call Trace: [ 795.043946][T20166] [ 795.043958][T20166] dump_stack_lvl+0x16c/0x1f0 [ 795.044001][T20166] should_fail_ex+0x512/0x640 [ 795.044043][T20166] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 795.044080][T20166] should_failslab+0xc2/0x120 [ 795.044115][T20166] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 795.044148][T20166] ? __kernfs_new_node+0xd2/0x8e0 [ 795.044186][T20166] __kernfs_new_node+0xd2/0x8e0 [ 795.044223][T20166] ? __pfx___kernfs_new_node+0x10/0x10 [ 795.044264][T20166] ? find_held_lock+0x2b/0x80 [ 795.044293][T20166] ? kernfs_root+0xee/0x2a0 [ 795.044332][T20166] kernfs_new_node+0x13c/0x1e0 [ 795.044374][T20166] __kernfs_create_file+0x53/0x350 [ 795.044424][T20166] sysfs_add_file_mode_ns+0x207/0x3c0 [ 795.044463][T20166] internal_create_group+0x578/0xf30 [ 795.044506][T20166] ? __pfx_internal_create_group+0x10/0x10 [ 795.044545][T20166] ? kernfs_create_link+0x1bd/0x240 [ 795.044594][T20166] internal_create_groups+0x9d/0x150 [ 795.044635][T20166] device_add+0x77f/0x1a70 [ 795.044688][T20166] ? __pfx_device_add+0x10/0x10 [ 795.044737][T20166] ? lockdep_init_map_type+0x5c/0x280 [ 795.044782][T20166] ? __init_waitqueue_head+0xca/0x150 [ 795.044820][T20166] netdev_register_kobject+0x182/0x3a0 [ 795.044867][T20166] register_netdevice+0x13dc/0x2270 [ 795.044924][T20166] ? idr_alloc+0xdd/0x130 [ 795.044960][T20166] ? __pfx_register_netdevice+0x10/0x10 [ 795.045019][T20166] ppp_dev_configure+0x99b/0xc80 [ 795.045063][T20166] ppp_ioctl+0x17e0/0x2660 [ 795.045103][T20166] ? find_held_lock+0x2b/0x80 [ 795.045137][T20166] ? __pfx_ppp_ioctl+0x10/0x10 [ 795.045178][T20166] ? __fget_files+0x20e/0x3c0 [ 795.045218][T20166] ? __pfx_ppp_ioctl+0x10/0x10 [ 795.045256][T20166] __x64_sys_ioctl+0x18b/0x210 [ 795.045305][T20166] do_syscall_64+0xcd/0x490 [ 795.045347][T20166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.045380][T20166] RIP: 0033:0x7f2222d8e9a9 [ 795.045406][T20166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 795.045439][T20166] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 795.045468][T20166] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 795.045490][T20166] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000005 [ 795.045509][T20166] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 795.045529][T20166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.045547][T20166] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 795.045589][T20166] [ 795.325902][ C1] vkms_vblank_simulate: vblank timer overrun [ 796.299545][T20183] FAULT_INJECTION: forcing a failure. [ 796.299545][T20183] name failslab, interval 1, probability 0, space 0, times 0 [ 796.313158][T20183] CPU: 0 UID: 0 PID: 20183 Comm: syz.3.5532 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 796.313211][T20183] Tainted: [U]=USER [ 796.313222][T20183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.313242][T20183] Call Trace: [ 796.313252][T20183] [ 796.313265][T20183] dump_stack_lvl+0x16c/0x1f0 [ 796.313311][T20183] should_fail_ex+0x512/0x640 [ 796.313362][T20183] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 796.313405][T20183] should_failslab+0xc2/0x120 [ 796.313459][T20183] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 796.313498][T20183] ? dup_fd+0x4e/0xb90 [ 796.313528][T20183] ? do_futex+0x122/0x350 [ 796.313574][T20183] dup_fd+0x4e/0xb90 [ 796.313603][T20183] ? _raw_spin_unlock+0x28/0x50 [ 796.313636][T20183] ? do_set_mempolicy+0x220/0x480 [ 796.313687][T20183] __do_sys_close_range+0x4ca/0x730 [ 796.313729][T20183] ? __pfx___do_sys_close_range+0x10/0x10 [ 796.313777][T20183] do_syscall_64+0xcd/0x490 [ 796.313823][T20183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.313855][T20183] RIP: 0033:0x7ffa0638e9a9 [ 796.313880][T20183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.313912][T20183] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 796.313941][T20183] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 796.313962][T20183] RDX: 0000000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 796.313982][T20183] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 796.314001][T20183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.314020][T20183] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 796.314068][T20183] [ 796.325357][T20183] FAULT_INJECTION: forcing a failure. [ 796.325357][T20183] name failslab, interval 1, probability 0, space 0, times 0 [ 796.518109][T20183] CPU: 1 UID: 0 PID: 20183 Comm: syz.3.5532 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 796.518162][T20183] Tainted: [U]=USER [ 796.518174][T20183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.518194][T20183] Call Trace: [ 796.518205][T20183] [ 796.518218][T20183] dump_stack_lvl+0x16c/0x1f0 [ 796.518265][T20183] should_fail_ex+0x512/0x640 [ 796.518324][T20183] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 796.518377][T20183] should_failslab+0xc2/0x120 [ 796.518415][T20183] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 796.518448][T20183] ? dup_fd+0x4e/0xb90 [ 796.518481][T20183] dup_fd+0x4e/0xb90 [ 796.518512][T20183] ? find_held_lock+0x2b/0x80 [ 796.518551][T20183] ksys_unshare+0x831/0xa40 [ 796.518592][T20183] ? __pfx_ksys_unshare+0x10/0x10 [ 796.518635][T20183] ? xfd_validate_state+0x61/0x180 [ 796.518692][T20183] __x64_sys_unshare+0x31/0x40 [ 796.518753][T20183] do_syscall_64+0xcd/0x490 [ 796.518797][T20183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.518828][T20183] RIP: 0033:0x7ffa0638e9a9 [ 796.518853][T20183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.518885][T20183] RSP: 002b:00007ffa041f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 796.518916][T20183] RAX: ffffffffffffffda RBX: 00007ffa065b5fa0 RCX: 00007ffa0638e9a9 [ 796.518949][T20183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 796.518968][T20183] RBP: 00007ffa06410d69 R08: 0000000000000000 R09: 0000000000000000 [ 796.518987][T20183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.519004][T20183] R13: 0000000000000000 R14: 00007ffa065b5fa0 R15: 00007fff9ca8d858 [ 796.519056][T20183] [ 796.695494][ C1] vkms_vblank_simulate: vblank timer overrun [ 798.135395][T20206] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 798.612482][T20210] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5540'. [ 798.643139][T20210] : renamed from gre0 (while UP) [ 798.712047][T20210] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5540'. [ 798.737050][T20214] FAULT_INJECTION: forcing a failure. [ 798.737050][T20214] name failslab, interval 1, probability 0, space 0, times 0 [ 798.750934][T20214] CPU: 1 UID: 0 PID: 20214 Comm: syz.1.5543 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 798.750987][T20214] Tainted: [U]=USER [ 798.750998][T20214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 798.751018][T20214] Call Trace: [ 798.751028][T20214] [ 798.751041][T20214] dump_stack_lvl+0x16c/0x1f0 [ 798.751086][T20214] should_fail_ex+0x512/0x640 [ 798.751134][T20214] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 798.751175][T20214] should_failslab+0xc2/0x120 [ 798.751218][T20214] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 798.751257][T20214] ? dup_fd+0x4e/0xb90 [ 798.751288][T20214] ? do_futex+0x122/0x350 [ 798.751334][T20214] dup_fd+0x4e/0xb90 [ 798.751363][T20214] ? _raw_spin_unlock+0x28/0x50 [ 798.751395][T20214] ? do_set_mempolicy+0x220/0x480 [ 798.751446][T20214] __do_sys_close_range+0x4ca/0x730 [ 798.751486][T20214] ? __pfx___do_sys_close_range+0x10/0x10 [ 798.751535][T20214] do_syscall_64+0xcd/0x490 [ 798.751578][T20214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.751612][T20214] RIP: 0033:0x7fb60118e9a9 [ 798.751637][T20214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 798.751669][T20214] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 798.751700][T20214] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 798.751720][T20214] RDX: 0000000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 798.751740][T20214] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 798.751760][T20214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.751779][T20214] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 798.751831][T20214] [ 799.051626][T20216] FAULT_INJECTION: forcing a failure. [ 799.051626][T20216] name failslab, interval 1, probability 0, space 0, times 0 [ 799.064502][T20216] CPU: 1 UID: 0 PID: 20216 Comm: syz.4.5544 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 799.064556][T20216] Tainted: [U]=USER [ 799.064565][T20216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 799.064581][T20216] Call Trace: [ 799.064590][T20216] [ 799.064600][T20216] dump_stack_lvl+0x16c/0x1f0 [ 799.064638][T20216] should_fail_ex+0x512/0x640 [ 799.064676][T20216] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 799.064713][T20216] should_failslab+0xc2/0x120 [ 799.064746][T20216] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 799.064779][T20216] ? neigh_parms_alloc+0x85/0x5d0 [ 799.064822][T20216] kmemdup_noprof+0x29/0x60 [ 799.064851][T20216] neigh_parms_alloc+0x85/0x5d0 [ 799.064893][T20216] inetdev_init+0x13c/0x5a0 [ 799.064919][T20216] inetdev_event+0xc5f/0x18a0 [ 799.064944][T20216] ? ib_netdevice_event+0xfc/0x330 [ 799.064968][T20216] ? __pfx_inetdev_event+0x10/0x10 [ 799.064993][T20216] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 799.065040][T20216] notifier_call_chain+0xb9/0x410 [ 799.065069][T20216] ? __pfx_inetdev_event+0x10/0x10 [ 799.065098][T20216] call_netdevice_notifiers_info+0xbe/0x140 [ 799.065143][T20216] register_netdevice+0x182e/0x2270 [ 799.065184][T20216] ? idr_alloc+0xdd/0x130 [ 799.065210][T20216] ? __pfx_register_netdevice+0x10/0x10 [ 799.065256][T20216] ppp_dev_configure+0x99b/0xc80 [ 799.065289][T20216] ppp_ioctl+0x17e0/0x2660 [ 799.065317][T20216] ? find_held_lock+0x2b/0x80 [ 799.065342][T20216] ? __pfx_ppp_ioctl+0x10/0x10 [ 799.065373][T20216] ? __fget_files+0x20e/0x3c0 [ 799.065403][T20216] ? __pfx_ppp_ioctl+0x10/0x10 [ 799.065430][T20216] __x64_sys_ioctl+0x18b/0x210 [ 799.065470][T20216] do_syscall_64+0xcd/0x490 [ 799.065503][T20216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.065529][T20216] RIP: 0033:0x7f2222d8e9a9 [ 799.065570][T20216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.065593][T20216] RSP: 002b:00007f2223b41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 799.065615][T20216] RAX: ffffffffffffffda RBX: 00007f2222fb5fa0 RCX: 00007f2222d8e9a9 [ 799.065630][T20216] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000005 [ 799.065645][T20216] RBP: 00007f2222e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 799.065659][T20216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.065673][T20216] R13: 0000000000000000 R14: 00007f2222fb5fa0 R15: 00007ffc7a87c398 [ 799.065708][T20216] [ 799.113056][T20214] FAULT_INJECTION: forcing a failure. [ 799.113056][T20214] name failslab, interval 1, probability 0, space 0, times 0 [ 799.362350][T20214] CPU: 1 UID: 0 PID: 20214 Comm: syz.1.5543 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 799.362392][T20214] Tainted: [U]=USER [ 799.362400][T20214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 799.362416][T20214] Call Trace: [ 799.362425][T20214] [ 799.362435][T20214] dump_stack_lvl+0x16c/0x1f0 [ 799.362471][T20214] should_fail_ex+0x512/0x640 [ 799.362509][T20214] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 799.362539][T20214] should_failslab+0xc2/0x120 [ 799.362572][T20214] __kmalloc_cache_noprof+0x6a/0x3e0 [ 799.362595][T20214] ? do_raw_spin_lock+0x12c/0x2b0 [ 799.362634][T20214] ? find_held_lock+0x2b/0x80 [ 799.362658][T20214] ? alloc_fdtable+0xbd/0x2d0 [ 799.362684][T20214] alloc_fdtable+0xbd/0x2d0 [ 799.362714][T20214] dup_fd+0x83b/0xb90 [ 799.362741][T20214] ? find_held_lock+0x2b/0x80 [ 799.362793][T20214] ksys_unshare+0x831/0xa40 [ 799.362838][T20214] ? __pfx_ksys_unshare+0x10/0x10 [ 799.362877][T20214] ? xfd_validate_state+0x61/0x180 [ 799.362922][T20214] __x64_sys_unshare+0x31/0x40 [ 799.362954][T20214] do_syscall_64+0xcd/0x490 [ 799.362988][T20214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.363012][T20214] RIP: 0033:0x7fb60118e9a9 [ 799.363031][T20214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.363056][T20214] RSP: 002b:00007fb601f2b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 799.363078][T20214] RAX: ffffffffffffffda RBX: 00007fb6013b5fa0 RCX: 00007fb60118e9a9 [ 799.363095][T20214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 799.363111][T20214] RBP: 00007fb601210d69 R08: 0000000000000000 R09: 0000000000000000 [ 799.363126][T20214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.363142][T20214] R13: 0000000000000000 R14: 00007fb6013b5fa0 R15: 00007ffc6cbff458 [ 799.363171][T20214] [ 802.171769][T20248] ================================================================== [ 802.179930][T20248] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 802.187723][T20248] Read of size 8 at addr ffff88802ad05618 by task syz.5.5553/20248 [ 802.195673][T20248] [ 802.198050][T20248] CPU: 1 UID: 0 PID: 20248 Comm: syz.5.5553 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 802.198102][T20248] Tainted: [U]=USER [ 802.198114][T20248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 802.198134][T20248] Call Trace: [ 802.198145][T20248] [ 802.198158][T20248] dump_stack_lvl+0x116/0x1f0 [ 802.198203][T20248] print_report+0xcd/0x630 [ 802.198244][T20248] ? __virt_addr_valid+0x81/0x610 [ 802.198293][T20248] ? __phys_addr+0xe8/0x180 [ 802.198334][T20248] ? dvb_device_open+0x36a/0x3b0 [ 802.198378][T20248] kasan_report+0xe0/0x110 [ 802.198420][T20248] ? dvb_device_open+0x36a/0x3b0 [ 802.198469][T20248] ? __pfx_dvb_device_open+0x10/0x10 [ 802.198516][T20248] dvb_device_open+0x36a/0x3b0 [ 802.198560][T20248] ? __pfx_dvb_device_open+0x10/0x10 [ 802.198607][T20248] chrdev_open+0x231/0x6a0 [ 802.198648][T20248] ? __pfx_apparmor_file_open+0x10/0x10 [ 802.198682][T20248] ? __pfx_chrdev_open+0x10/0x10 [ 802.198725][T20248] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 802.198764][T20248] do_dentry_open+0x741/0x1c10 [ 802.198803][T20248] ? __pfx_chrdev_open+0x10/0x10 [ 802.198848][T20248] vfs_open+0x82/0x3f0 [ 802.198895][T20248] path_openat+0x1de4/0x2cb0 [ 802.198939][T20248] ? __pfx_path_openat+0x10/0x10 [ 802.198976][T20248] ? __lock_acquire+0xb8a/0x1c90 [ 802.199026][T20248] do_filp_open+0x20b/0x470 [ 802.199062][T20248] ? __pfx_do_filp_open+0x10/0x10 [ 802.199116][T20248] ? alloc_fd+0x471/0x7d0 [ 802.199152][T20248] do_sys_openat2+0x11b/0x1d0 [ 802.199200][T20248] ? __pfx_do_sys_openat2+0x10/0x10 [ 802.199251][T20248] ? do_raw_spin_unlock+0x172/0x230 [ 802.199319][T20248] __x64_sys_openat+0x174/0x210 [ 802.199370][T20248] ? __pfx___x64_sys_openat+0x10/0x10 [ 802.199431][T20248] do_syscall_64+0xcd/0x490 [ 802.199476][T20248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.199511][T20248] RIP: 0033:0x7f1a52b8e9a9 [ 802.199538][T20248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 802.199571][T20248] RSP: 002b:00007f1a509f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 802.199603][T20248] RAX: ffffffffffffffda RBX: 00007f1a52db5fa0 RCX: 00007f1a52b8e9a9 [ 802.199625][T20248] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 802.199646][T20248] RBP: 00007f1a52c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 802.199666][T20248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.199684][T20248] R13: 0000000000000000 R14: 00007f1a52db5fa0 R15: 00007ffdcb5fdec8 [ 802.199716][T20248] [ 802.199728][T20248] [ 802.459115][T20248] Allocated by task 1: [ 802.463231][T20248] kasan_save_stack+0x33/0x60 [ 802.467984][T20248] kasan_save_track+0x14/0x30 [ 802.472727][T20248] __kasan_kmalloc+0xaa/0xb0 [ 802.477388][T20248] dvb_register_device+0x1e4/0x2370 [ 802.482674][T20248] dvb_register_frontend+0x5a6/0x880 [ 802.488041][T20248] vidtv_bridge_probe+0x459/0xa90 [ 802.493136][T20248] platform_probe+0x103/0x1d0 [ 802.497878][T20248] really_probe+0x241/0xa90 [ 802.502445][T20248] __driver_probe_device+0x1de/0x440 [ 802.507795][T20248] driver_probe_device+0x4c/0x1b0 [ 802.512900][T20248] __driver_attach+0x283/0x580 [ 802.517725][T20248] bus_for_each_dev+0x13e/0x1d0 [ 802.522632][T20248] bus_add_driver+0x2e9/0x690 [ 802.527363][T20248] driver_register+0x15c/0x4b0 [ 802.532194][T20248] vidtv_bridge_init+0x45/0x80 [ 802.537031][T20248] do_one_initcall+0x120/0x6e0 [ 802.541885][T20248] kernel_init_freeable+0x5c2/0x900 [ 802.547158][T20248] kernel_init+0x1c/0x2b0 [ 802.551566][T20248] ret_from_fork+0x5d4/0x6f0 [ 802.556232][T20248] ret_from_fork_asm+0x1a/0x30 [ 802.561051][T20248] [ 802.563418][T20248] Freed by task 20206: [ 802.567522][T20248] kasan_save_stack+0x33/0x60 [ 802.572264][T20248] kasan_save_track+0x14/0x30 [ 802.577000][T20248] kasan_save_free_info+0x3b/0x60 [ 802.582100][T20248] __kasan_slab_free+0x51/0x70 [ 802.586922][T20248] kfree+0x2b4/0x4d0 [ 802.590867][T20248] dvb_device_put.part.0+0x60/0x90 [ 802.596040][T20248] dvb_device_open+0x2a4/0x3b0 [ 802.600872][T20248] chrdev_open+0x231/0x6a0 [ 802.605346][T20248] do_dentry_open+0x741/0x1c10 [ 802.610168][T20248] vfs_open+0x82/0x3f0 [ 802.614316][T20248] path_openat+0x1de4/0x2cb0 [ 802.618959][T20248] do_filp_open+0x20b/0x470 [ 802.623517][T20248] do_sys_openat2+0x11b/0x1d0 [ 802.628261][T20248] __x64_sys_openat+0x174/0x210 [ 802.633191][T20248] do_syscall_64+0xcd/0x490 [ 802.637778][T20248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.643728][T20248] [ 802.646088][T20248] The buggy address belongs to the object at ffff88802ad05600 [ 802.646088][T20248] which belongs to the cache kmalloc-256 of size 256 [ 802.660214][T20248] The buggy address is located 24 bytes inside of [ 802.660214][T20248] freed 256-byte region [ffff88802ad05600, ffff88802ad05700) [ 802.673984][T20248] [ 802.676338][T20248] The buggy address belongs to the physical page: [ 802.682787][T20248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ad04 [ 802.691594][T20248] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 802.700224][T20248] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 802.707827][T20248] page_type: f5(slab) [ 802.711858][T20248] raw: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 802.720498][T20248] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 802.729149][T20248] head: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000 [ 802.737875][T20248] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 802.746599][T20248] head: 00fff00000000001 ffffea0000ab4101 00000000ffffffff 00000000ffffffff [ 802.755317][T20248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 802.764024][T20248] page dumped because: kasan: bad access detected [ 802.770485][T20248] page_owner tracks the page as allocated [ 802.776238][T20248] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25887294144, free_ts 0 [ 802.796014][T20248] post_alloc_hook+0x1c0/0x230 [ 802.800838][T20248] get_page_from_freelist+0x1321/0x3890 [ 802.806455][T20248] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 802.812409][T20248] alloc_pages_mpol+0x1fb/0x550 [ 802.817313][T20248] new_slab+0x23b/0x330 [ 802.821524][T20248] ___slab_alloc+0xd9c/0x1940 [ 802.826254][T20248] __slab_alloc.constprop.0+0x56/0xb0 [ 802.831671][T20248] __kmalloc_cache_noprof+0xfb/0x3e0 [ 802.837005][T20248] bus_add_driver+0x92/0x690 [ 802.841650][T20248] driver_register+0x15c/0x4b0 [ 802.846484][T20248] usb_register_driver+0x216/0x4d0 [ 802.851654][T20248] do_one_initcall+0x120/0x6e0 [ 802.856481][T20248] kernel_init_freeable+0x5c2/0x900 [ 802.861835][T20248] kernel_init+0x1c/0x2b0 [ 802.866236][T20248] ret_from_fork+0x5d4/0x6f0 [ 802.870889][T20248] ret_from_fork_asm+0x1a/0x30 [ 802.875705][T20248] page_owner free stack trace missing [ 802.881109][T20248] [ 802.883499][T20248] Memory state around the buggy address: [ 802.889172][T20248] ffff88802ad05500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 802.897285][T20248] ffff88802ad05580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 802.905396][T20248] >ffff88802ad05600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 802.913506][T20248] ^ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 802.918420][T20248] ffff88802ad05680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 802.926535][T20248] ffff88802ad05700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 802.934642][T20248] ================================================================== [ 802.998449][T20248] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 803.005770][T20248] CPU: 1 UID: 0 PID: 20248 Comm: syz.5.5553 Tainted: G U 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 803.019119][T20248] Tainted: [U]=USER [ 803.022961][T20248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 803.033059][T20248] Call Trace: [ 803.036375][T20248] [ 803.039345][T20248] dump_stack_lvl+0x3d/0x1f0 [ 803.043996][T20248] panic+0x71c/0x800 [ 803.047950][T20248] ? __pfx_panic+0x10/0x10 [ 803.052434][T20248] ? mark_held_locks+0x49/0x80 [ 803.057257][T20248] ? preempt_schedule_thunk+0x16/0x30 [ 803.062676][T20248] ? dvb_device_open+0x36a/0x3b0 [ 803.067661][T20248] ? preempt_schedule_common+0x44/0xc0 [ 803.073166][T20248] ? dvb_device_open+0x36a/0x3b0 [ 803.078151][T20248] check_panic_on_warn+0xab/0xb0 [ 803.083142][T20248] end_report+0x107/0x170 [ 803.087511][T20248] kasan_report+0xee/0x110 [ 803.091965][T20248] ? dvb_device_open+0x36a/0x3b0 [ 803.096942][T20248] ? __pfx_dvb_device_open+0x10/0x10 [ 803.102271][T20248] dvb_device_open+0x36a/0x3b0 [ 803.107073][T20248] ? __pfx_dvb_device_open+0x10/0x10 [ 803.112402][T20248] chrdev_open+0x231/0x6a0 [ 803.116863][T20248] ? __pfx_apparmor_file_open+0x10/0x10 [ 803.122454][T20248] ? __pfx_chrdev_open+0x10/0x10 [ 803.127430][T20248] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 803.134231][T20248] do_dentry_open+0x741/0x1c10 [ 803.139022][T20248] ? __pfx_chrdev_open+0x10/0x10 [ 803.143995][T20248] vfs_open+0x82/0x3f0 [ 803.148106][T20248] path_openat+0x1de4/0x2cb0 [ 803.152744][T20248] ? __pfx_path_openat+0x10/0x10 [ 803.157717][T20248] ? __lock_acquire+0xb8a/0x1c90 [ 803.162702][T20248] do_filp_open+0x20b/0x470 [ 803.167241][T20248] ? __pfx_do_filp_open+0x10/0x10 [ 803.172323][T20248] ? alloc_fd+0x471/0x7d0 [ 803.176703][T20248] do_sys_openat2+0x11b/0x1d0 [ 803.181428][T20248] ? __pfx_do_sys_openat2+0x10/0x10 [ 803.186751][T20248] ? do_raw_spin_unlock+0x172/0x230 [ 803.192006][T20248] __x64_sys_openat+0x174/0x210 [ 803.196898][T20248] ? __pfx___x64_sys_openat+0x10/0x10 [ 803.202326][T20248] do_syscall_64+0xcd/0x490 [ 803.206866][T20248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.212786][T20248] RIP: 0033:0x7f1a52b8e9a9 [ 803.217231][T20248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.236872][T20248] RSP: 002b:00007f1a509f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 803.245319][T20248] RAX: ffffffffffffffda RBX: 00007f1a52db5fa0 RCX: 00007f1a52b8e9a9 [ 803.253326][T20248] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 803.261328][T20248] RBP: 00007f1a52c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 803.269334][T20248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 803.277357][T20248] R13: 0000000000000000 R14: 00007f1a52db5fa0 R15: 00007ffdcb5fdec8 [ 803.285458][T20248] [ 803.288831][T20248] Kernel Offset: disabled [ 803.293175][T20248] Rebooting in 86400 seconds..