last executing test programs: 10.439174441s ago: executing program 2 (id=2405): readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b01, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/fs/xfs/stats_clear\x00', 0x1, 0x0) openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000740), 0x101001, 0x0) write$auto(0x3, 0x0, 0x3f00) 8.530848055s ago: executing program 2 (id=2412): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/023/001\x00', 0x201, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx3\x00', 0x42880, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0x7) 7.588863251s ago: executing program 2 (id=2415): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x2, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) prlimit64$auto(0x0, 0xa3d, 0x0, 0x0) 3.720697441s ago: executing program 1 (id=2432): mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) fsconfig$auto(0xffffffffffffffff, 0x6, &(0x7f0000000080)=',\xd6{/@){--\xd4\x00', 0x0, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) 3.652578261s ago: executing program 0 (id=2433): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x2, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="810b25bd7000ffdbdf253200000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) 3.271070308s ago: executing program 1 (id=2435): r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x980800, 0x0) read$auto(r2, 0x0, 0x3a8) 2.82264071s ago: executing program 2 (id=2436): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x40040}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f0, 0x24) 2.815543739s ago: executing program 0 (id=2437): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x8200, 0x1001, 0x8, 0x1000000f, 0x66b, 0x0, 0x5}, 0x6f4) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) writev$auto(0x5, &(0x7f0000000100)={0x0, 0x7}, 0x201) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x80000000002}, 0x3, 0x4) 2.207467384s ago: executing program 3 (id=2439): mmap$auto(0x9, 0xfe, 0xffffffffffff7fff, 0xeb1, 0xffffffffffffffff, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0x1a000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.179719294s ago: executing program 1 (id=2440): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r0 = memfd_create$auto(0x0, 0x4) r1 = socket(0xa, 0x3, 0x3a) statx$auto(r0, 0x0, 0x1000, 0xbdfc, 0x0) setsockopt$auto(r1, 0x29, 0x14, 0x0, 0x56b) r2 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x56b) close_range$auto(0x2, 0x8, 0x0) 1.869806741s ago: executing program 1 (id=2441): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000000000600010000000a0005000000000000000000b3fc010000000000000000000a0001000000000000000000060006000500000008000200", @ANYRES32=0x0, @ANYBLOB='\b\x007'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) socket(0x2, 0x3, 0x6) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.691563364s ago: executing program 0 (id=2442): mprotect$auto(0x110c230000, 0x1, 0x2) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x0) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000140)=""/240, 0xf0) timer_create$auto(0x3, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x0, 0x400}, {0x0, 0x87}}, 0x0) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) 1.428867902s ago: executing program 3 (id=2443): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0000fbdbdf35020000000800fb"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) r0 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="8b0500000000fedbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.409005777s ago: executing program 2 (id=2444): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="8b0500000000fedbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='B'], 0x1ac}}, 0x40000) readv$auto(r0, &(0x7f0000000280)={&(0x7f0000000100), 0x6}, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x2, 0xc}, 0x9}, 0x2, 0x0) 1.180813198s ago: executing program 3 (id=2445): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) r0 = open(&(0x7f0000000000)='}[,&*}\x00', 0x8000, 0x408) getdents$auto(r0, 0x0, 0x40) setsockopt$auto(0x3, 0x10000000084, 0x72, 0x0, 0xc) 1.160470219s ago: executing program 1 (id=2446): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = gettid() lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) tkill$auto(r0, 0x7) 1.105728789s ago: executing program 0 (id=2447): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20800, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 963.49265ms ago: executing program 3 (id=2448): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 786.884007ms ago: executing program 1 (id=2449): mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) mlock2$auto(0x1, 0x8001, 0x0) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xc7f16bff2a3c9a00, 0x0) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x1, 0x200, &(0x7f0000000140)={0x0, 0x2800000a}, 0x0) close_range$auto(0x2, 0x8, 0x0) 422.145693ms ago: executing program 0 (id=2450): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) 397.091265ms ago: executing program 3 (id=2451): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 387.330956ms ago: executing program 2 (id=2452): r0 = socket(0xa, 0x3, 0x2f) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, r0, 0x8000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_create$auto(0x4) r1 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x448c0) bpf$auto(0xfffff011, &(0x7f0000000000)=@test={r1, 0x4, 0xf9c, 0x468, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x4}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 23.331039ms ago: executing program 3 (id=2453): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x7ff}, 0x7, 0x0, 0x0, 0x8) kill$auto(0x0, 0x21) 0s ago: executing program 0 (id=2454): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) semctl$auto(0x2, 0x5, 0x13, 0x9) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) kernel console output (not intermixed with test programs): d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.813822][T11006] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 343.813855][T11006] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 343.813877][T11006] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 343.813899][T11006] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 343.813919][T11006] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000000 [ 343.813938][T11006] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 343.813982][T11006] [ 344.361663][T11017] netlink: 'syz.0.1930': attribute type 25 has an invalid length. [ 344.946658][T11035] netlink: 'syz.2.1938': attribute type 19 has an invalid length. [ 344.979057][T11035] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1938'. [ 345.621336][T11050] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1944'. [ 346.115479][T11059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1947'. [ 346.522443][T11071] mkiss: ax0: crc mode is auto. [ 346.897486][T11081] FAULT_INJECTION: forcing a failure. [ 346.897486][T11081] name failslab, interval 1, probability 0, space 0, times 0 [ 346.945139][T11081] CPU: 1 UID: 0 PID: 11081 Comm: syz.3.1957 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 346.945187][T11081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 346.945206][T11081] Call Trace: [ 346.945217][T11081] [ 346.945230][T11081] dump_stack_lvl+0x16c/0x1f0 [ 346.945269][T11081] should_fail_ex+0x512/0x640 [ 346.945320][T11081] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 346.945373][T11081] should_failslab+0xc2/0x120 [ 346.945421][T11081] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 346.945468][T11081] ? drm_atomic_get_connector_state+0x231/0x740 [ 346.945533][T11081] krealloc_noprof+0x1ff/0x3a0 [ 346.945580][T11081] drm_atomic_get_connector_state+0x231/0x740 [ 346.945641][T11081] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 346.945704][T11081] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 346.945760][T11081] ? ww_mutex_lock+0x37/0x160 [ 346.945795][T11081] ? modeset_lock+0x114/0x6e0 [ 346.945851][T11081] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 346.945914][T11081] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 346.945979][T11081] ? drm_client_rotation+0x4da/0x6a0 [ 346.946019][T11081] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 346.946068][T11081] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 346.946156][T11081] drm_client_modeset_commit_locked+0x14d/0x580 [ 346.946205][T11081] drm_client_modeset_commit+0x4f/0x80 [ 346.946241][T11081] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 346.946300][T11081] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 346.946347][T11081] drm_fbdev_client_restore+0x2c/0x40 [ 346.946392][T11081] drm_client_dev_restore+0x1f6/0x2a0 [ 346.946454][T11081] drm_release+0x2c4/0x360 [ 346.946513][T11081] ? __pfx_drm_release+0x10/0x10 [ 346.946565][T11081] __fput+0x3ff/0xb70 [ 346.946623][T11081] task_work_run+0x150/0x240 [ 346.946680][T11081] ? __pfx_task_work_run+0x10/0x10 [ 346.946735][T11081] ? __pfx___do_sys_close_range+0x10/0x10 [ 346.946783][T11081] exit_to_user_mode_loop+0xeb/0x110 [ 346.946836][T11081] do_syscall_64+0x3f6/0x490 [ 346.946875][T11081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.946912][T11081] RIP: 0033:0x7fd428f8eb69 [ 346.946937][T11081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.946971][T11081] RSP: 002b:00007fd429e14038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 346.947002][T11081] RAX: 0000000000000000 RBX: 00007fd4291b5fa0 RCX: 00007fd428f8eb69 [ 346.947022][T11081] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 346.947042][T11081] RBP: 00007fd429011df1 R08: 0000000000000000 R09: 0000000000000000 [ 346.947064][T11081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 346.947084][T11081] R13: 0000000000000000 R14: 00007fd4291b5fa0 R15: 00007fff7339dbd8 [ 346.947144][T11081] [ 347.774464][T11095] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1962'. [ 348.522931][T11110] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1967'. [ 348.555746][T11110] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1967'. [ 348.823512][T11108] FAULT_INJECTION: forcing a failure. [ 348.823512][T11108] name fail_futex, interval 1, probability 0, space 0, times 0 [ 348.859085][T11108] CPU: 0 UID: 0 PID: 11108 Comm: syz.2.1966 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 348.859130][T11108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 348.859150][T11108] Call Trace: [ 348.859160][T11108] [ 348.859172][T11108] dump_stack_lvl+0x16c/0x1f0 [ 348.859209][T11108] should_fail_ex+0x512/0x640 [ 348.859265][T11108] get_futex_key+0x1d0/0x1540 [ 348.859308][T11108] ? __pfx_get_futex_key+0x10/0x10 [ 348.859352][T11108] ? find_held_lock+0x2b/0x80 [ 348.859388][T11108] futex_wake+0xea/0x530 [ 348.859434][T11108] ? sched_mm_cid_remote_clear+0x395/0x4f0 [ 348.859491][T11108] ? __pfx_futex_wake+0x10/0x10 [ 348.859545][T11108] ? task_mm_cid_work+0x37b/0x910 [ 348.859605][T11108] do_futex+0x1e3/0x350 [ 348.859647][T11108] ? __pfx_do_futex+0x10/0x10 [ 348.859687][T11108] ? __pfx_task_mm_cid_work+0x10/0x10 [ 348.859747][T11108] ? __pfx___might_resched+0x10/0x10 [ 348.859784][T11108] __x64_sys_futex+0x1e0/0x4c0 [ 348.859827][T11108] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 348.859874][T11108] ? __pfx___x64_sys_futex+0x10/0x10 [ 348.859917][T11108] ? xfd_validate_state+0x61/0x180 [ 348.859979][T11108] do_syscall_64+0xcd/0x490 [ 348.860013][T11108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.860046][T11108] RIP: 0033:0x7fe4c338eb69 [ 348.860071][T11108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.860102][T11108] RSP: 002b:00007fe4c422d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 348.860131][T11108] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa8 RCX: 00007fe4c338eb69 [ 348.860153][T11108] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe4c35b5fac [ 348.860172][T11108] RBP: 00007fe4c35b5fa0 R08: 00007fe4c422e000 R09: 0000000000000000 [ 348.860193][T11108] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe4c35b5fac [ 348.860212][T11108] R13: 0000000000000000 R14: 00007ffe1b856100 R15: 00007ffe1b8561e8 [ 348.860252][T11108] [ 349.192433][T11117] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1969'. [ 350.660248][T11152] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1978'. [ 350.876704][T11158] mkiss: ax0: crc mode is auto. [ 350.906306][T11160] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1980'. [ 351.294124][T11170] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1984'. [ 352.295152][T11185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1986'. [ 352.813526][T11198] FAULT_INJECTION: forcing a failure. [ 352.813526][T11198] name failslab, interval 1, probability 0, space 0, times 0 [ 352.847656][T11198] CPU: 1 UID: 0 PID: 11198 Comm: syz.0.1990 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 352.847715][T11198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 352.847735][T11198] Call Trace: [ 352.847745][T11198] [ 352.847759][T11198] dump_stack_lvl+0x16c/0x1f0 [ 352.847798][T11198] should_fail_ex+0x512/0x640 [ 352.847848][T11198] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 352.847889][T11198] should_failslab+0xc2/0x120 [ 352.847937][T11198] __kmalloc_cache_noprof+0x6a/0x3e0 [ 352.847973][T11198] ? ww_mutex_lock+0x37/0x160 [ 352.848006][T11198] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 352.848050][T11198] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 352.848089][T11198] drm_atomic_get_crtc_state+0x16e/0x450 [ 352.848148][T11198] drm_atomic_get_plane_state+0x436/0x590 [ 352.848207][T11198] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 352.848244][T11198] ? __pfx___might_resched+0x10/0x10 [ 352.848288][T11198] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 352.848368][T11198] drm_client_modeset_commit_locked+0x14d/0x580 [ 352.848411][T11198] drm_client_modeset_commit+0x4f/0x80 [ 352.848446][T11198] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 352.848506][T11198] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 352.848554][T11198] drm_fbdev_client_restore+0x2c/0x40 [ 352.848599][T11198] drm_client_dev_restore+0x1f6/0x2a0 [ 352.848672][T11198] drm_release+0x2c4/0x360 [ 352.848730][T11198] ? __pfx_drm_release+0x10/0x10 [ 352.848780][T11198] __fput+0x3ff/0xb70 [ 352.848836][T11198] task_work_run+0x150/0x240 [ 352.848889][T11198] ? __pfx_task_work_run+0x10/0x10 [ 352.848945][T11198] ? __pfx___do_sys_close_range+0x10/0x10 [ 352.848991][T11198] exit_to_user_mode_loop+0xeb/0x110 [ 352.849041][T11198] do_syscall_64+0x3f6/0x490 [ 352.849075][T11198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.849108][T11198] RIP: 0033:0x7f09e5f8eb69 [ 352.849134][T11198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.849168][T11198] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 352.849203][T11198] RAX: 0000000000000000 RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 352.849225][T11198] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 352.849246][T11198] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 352.849266][T11198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 352.849286][T11198] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 352.849331][T11198] [ 354.726812][T11219] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1998'. [ 355.172553][T11233] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2004'. [ 355.424379][T11239] FAULT_INJECTION: forcing a failure. [ 355.424379][T11239] name failslab, interval 1, probability 0, space 0, times 0 [ 355.468041][T11239] CPU: 1 UID: 0 PID: 11239 Comm: syz.0.2006 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 355.468091][T11239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 355.468111][T11239] Call Trace: [ 355.468123][T11239] [ 355.468136][T11239] dump_stack_lvl+0x16c/0x1f0 [ 355.468176][T11239] should_fail_ex+0x512/0x640 [ 355.468228][T11239] ? __kmalloc_noprof+0xbf/0x510 [ 355.468282][T11239] ? realloc_user_queue+0x270/0x310 [ 355.468321][T11239] should_failslab+0xc2/0x120 [ 355.468369][T11239] __kmalloc_noprof+0xd2/0x510 [ 355.468420][T11239] realloc_user_queue+0x270/0x310 [ 355.468464][T11239] ? __pfx_snd_timer_user_open+0x10/0x10 [ 355.468506][T11239] snd_timer_user_open+0xfc/0x180 [ 355.468548][T11239] snd_open+0x201/0x450 [ 355.468583][T11239] ? __pfx_snd_open+0x10/0x10 [ 355.468616][T11239] chrdev_open+0x234/0x6a0 [ 355.468657][T11239] ? __pfx_apparmor_file_open+0x10/0x10 [ 355.468689][T11239] ? __pfx_chrdev_open+0x10/0x10 [ 355.468733][T11239] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 355.468778][T11239] do_dentry_open+0x744/0x1c10 [ 355.468819][T11239] ? __pfx_chrdev_open+0x10/0x10 [ 355.468869][T11239] vfs_open+0x82/0x3f0 [ 355.468923][T11239] path_openat+0x1de4/0x2cb0 [ 355.468970][T11239] ? __pfx_path_openat+0x10/0x10 [ 355.469005][T11239] ? __lock_acquire+0xb8a/0x1c90 [ 355.469051][T11239] do_filp_open+0x20b/0x470 [ 355.469087][T11239] ? __pfx_do_filp_open+0x10/0x10 [ 355.469150][T11239] ? alloc_fd+0x471/0x7d0 [ 355.469192][T11239] do_sys_openat2+0x11b/0x1d0 [ 355.469240][T11239] ? __pfx_do_sys_openat2+0x10/0x10 [ 355.469317][T11239] __x64_sys_openat+0x174/0x210 [ 355.469367][T11239] ? __pfx___x64_sys_openat+0x10/0x10 [ 355.469435][T11239] do_syscall_64+0xcd/0x490 [ 355.469470][T11239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.469504][T11239] RIP: 0033:0x7f09e5f8eb69 [ 355.469531][T11239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.469563][T11239] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 355.469596][T11239] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 355.469619][T11239] RDX: 0000000000101440 RSI: 0000200000001cc0 RDI: ffffffffffffff9c [ 355.469641][T11239] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 355.469662][T11239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.469682][T11239] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 355.469724][T11239] [ 357.658444][T11275] FAULT_INJECTION: forcing a failure. [ 357.658444][T11275] name failslab, interval 1, probability 0, space 0, times 0 [ 357.749599][T11275] CPU: 1 UID: 0 PID: 11275 Comm: syz.2.2018 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 357.749648][T11275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 357.749668][T11275] Call Trace: [ 357.749679][T11275] [ 357.749692][T11275] dump_stack_lvl+0x16c/0x1f0 [ 357.749729][T11275] should_fail_ex+0x512/0x640 [ 357.749779][T11275] ? __kmalloc_noprof+0xbf/0x510 [ 357.749823][T11275] ? nfc_llcp_build_tlv+0xfd/0x230 [ 357.749854][T11275] should_failslab+0xc2/0x120 [ 357.749900][T11275] __kmalloc_noprof+0xd2/0x510 [ 357.749951][T11275] nfc_llcp_build_tlv+0xfd/0x230 [ 357.749990][T11275] nfc_llcp_build_gb.isra.0+0xed/0x400 [ 357.750045][T11275] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 357.750110][T11275] ? nfc_genl_dep_link_down+0x90/0xf0 [ 357.750159][T11275] ? lockdep_init_map_type+0x5c/0x280 [ 357.750213][T11275] nfc_llcp_register_device+0x600/0xa60 [ 357.750250][T11275] nfc_register_device+0x6d/0x3c0 [ 357.750289][T11275] nci_register_device+0x7f1/0xb80 [ 357.750341][T11275] ? __pfx_nci_register_device+0x10/0x10 [ 357.750396][T11275] ? lockdep_init_map_type+0x5c/0x280 [ 357.750450][T11275] virtual_ncidev_open+0x141/0x220 [ 357.750485][T11275] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 357.750519][T11275] misc_open+0x35d/0x420 [ 357.750557][T11275] ? __pfx_misc_open+0x10/0x10 [ 357.750593][T11275] chrdev_open+0x234/0x6a0 [ 357.750638][T11275] ? __pfx_apparmor_file_open+0x10/0x10 [ 357.750670][T11275] ? __pfx_chrdev_open+0x10/0x10 [ 357.750713][T11275] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 357.750758][T11275] do_dentry_open+0x744/0x1c10 [ 357.750796][T11275] ? __pfx_chrdev_open+0x10/0x10 [ 357.750845][T11275] vfs_open+0x82/0x3f0 [ 357.750896][T11275] path_openat+0x1de4/0x2cb0 [ 357.750948][T11275] ? __pfx_path_openat+0x10/0x10 [ 357.750986][T11275] ? __lock_acquire+0xb8a/0x1c90 [ 357.751034][T11275] do_filp_open+0x20b/0x470 [ 357.751070][T11275] ? __pfx_do_filp_open+0x10/0x10 [ 357.751138][T11275] ? alloc_fd+0x471/0x7d0 [ 357.751188][T11275] do_sys_openat2+0x11b/0x1d0 [ 357.751234][T11275] ? __pfx_do_sys_openat2+0x10/0x10 [ 357.751300][T11275] __x64_sys_openat+0x174/0x210 [ 357.751347][T11275] ? __pfx___x64_sys_openat+0x10/0x10 [ 357.751411][T11275] do_syscall_64+0xcd/0x490 [ 357.751447][T11275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.751479][T11275] RIP: 0033:0x7fe4c338eb69 [ 357.751503][T11275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.751535][T11275] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 357.751566][T11275] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 357.751588][T11275] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 357.751608][T11275] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 357.751629][T11275] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000000 [ 357.751648][T11275] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 357.751689][T11275] [ 359.677360][T11304] RDS: rds_bind could not find a transport for ::ffff:172.20.20.55, load rds_tcp or rds_rdma? [ 359.984487][T11308] FAULT_INJECTION: forcing a failure. [ 359.984487][T11308] name failslab, interval 1, probability 0, space 0, times 0 [ 360.061156][T11308] CPU: 1 UID: 0 PID: 11308 Comm: syz.2.2029 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 360.061211][T11308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 360.061235][T11308] Call Trace: [ 360.061259][T11308] [ 360.061271][T11308] dump_stack_lvl+0x16c/0x1f0 [ 360.061314][T11308] should_fail_ex+0x512/0x640 [ 360.061366][T11308] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 360.061420][T11308] should_failslab+0xc2/0x120 [ 360.061472][T11308] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 360.061516][T11308] ? sk_prot_alloc+0x60/0x2a0 [ 360.061569][T11308] sk_prot_alloc+0x60/0x2a0 [ 360.061614][T11308] sk_alloc+0x36/0xc20 [ 360.061673][T11308] inet_create+0x3a1/0x1040 [ 360.061726][T11308] ? inet_create+0x93/0x1040 [ 360.061779][T11308] __sock_create+0x335/0x8d0 [ 360.061837][T11308] mptcp_subflow_create_socket+0xf5/0xed0 [ 360.061891][T11308] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 360.061949][T11308] __mptcp_nmpc_sk+0x182/0x7d0 [ 360.061998][T11308] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 360.062049][T11308] ? __local_bh_enable_ip+0xa4/0x120 [ 360.062094][T11308] mptcp_getsockopt+0xcf8/0xe20 [ 360.062135][T11308] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 360.062178][T11308] ? find_held_lock+0x2b/0x80 [ 360.062208][T11308] ? __might_fault+0xe3/0x190 [ 360.062255][T11308] ? __might_fault+0xe3/0x190 [ 360.062293][T11308] ? __might_fault+0x13b/0x190 [ 360.062353][T11308] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 360.062395][T11308] do_sock_getsockopt+0x34a/0x440 [ 360.062443][T11308] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 360.062483][T11308] ? __fget_files+0x204/0x3c0 [ 360.062539][T11308] __sys_getsockopt+0x123/0x1b0 [ 360.062606][T11308] __x64_sys_getsockopt+0xbd/0x160 [ 360.062661][T11308] ? do_syscall_64+0x91/0x490 [ 360.062694][T11308] ? lockdep_hardirqs_on+0x7c/0x110 [ 360.062751][T11308] do_syscall_64+0xcd/0x490 [ 360.062791][T11308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.062827][T11308] RIP: 0033:0x7fe4c338eb69 [ 360.062853][T11308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 360.062891][T11308] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 360.062924][T11308] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 360.062951][T11308] RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000005 [ 360.062971][T11308] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 360.062991][T11308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.063012][T11308] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 360.063060][T11308] [ 360.333425][ C1] vkms_vblank_simulate: vblank timer overrun [ 361.815999][T11347] FAULT_INJECTION: forcing a failure. [ 361.815999][T11347] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 361.849536][T11347] CPU: 1 UID: 0 PID: 11347 Comm: syz.0.2044 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 361.849587][T11347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 361.849610][T11347] Call Trace: [ 361.849623][T11347] [ 361.849637][T11347] dump_stack_lvl+0x16c/0x1f0 [ 361.849676][T11347] should_fail_ex+0x512/0x640 [ 361.849739][T11347] should_fail_alloc_page+0xe7/0x130 [ 361.849791][T11347] prepare_alloc_pages+0x3c2/0x610 [ 361.849850][T11347] ? rcu_is_watching+0x12/0xc0 [ 361.849888][T11347] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 361.849938][T11347] ? __lock_acquire+0xb8a/0x1c90 [ 361.850005][T11347] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 361.850055][T11347] ? do_raw_spin_lock+0x12c/0x2b0 [ 361.850116][T11347] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 361.850173][T11347] ? find_held_lock+0x2b/0x80 [ 361.850222][T11347] ? __lock_acquire+0xb8a/0x1c90 [ 361.850265][T11347] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 361.850327][T11347] ? policy_nodemask+0xea/0x4e0 [ 361.850390][T11347] alloc_pages_mpol+0x1fb/0x550 [ 361.850440][T11347] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 361.850510][T11347] folio_alloc_mpol_noprof+0x36/0x2f0 [ 361.850566][T11347] shmem_alloc_folio+0x135/0x160 [ 361.850624][T11347] shmem_alloc_and_add_folio+0x499/0xc20 [ 361.850677][T11347] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 361.850722][T11347] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 361.850775][T11347] shmem_get_folio_gfp+0x67f/0x1600 [ 361.850824][T11347] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 361.850868][T11347] ? __lock_acquire+0x622/0x1c90 [ 361.850917][T11347] shmem_fault+0x1fe/0xa30 [ 361.850963][T11347] ? __pfx_shmem_fault+0x10/0x10 [ 361.851012][T11347] ? __lock_acquire+0xb8a/0x1c90 [ 361.851061][T11347] __do_fault+0x10d/0x490 [ 361.851110][T11347] ? __pfx_filemap_map_pages+0x10/0x10 [ 361.851151][T11347] __handle_mm_fault+0x371a/0x5390 [ 361.851197][T11347] ? __pfx___handle_mm_fault+0x10/0x10 [ 361.851234][T11347] ? __pte_offset_map_lock+0x174/0x310 [ 361.851284][T11347] ? find_held_lock+0x2b/0x80 [ 361.851313][T11347] ? find_held_lock+0x2b/0x80 [ 361.851354][T11347] ? follow_page_pte+0x3af/0x14c0 [ 361.851415][T11347] handle_mm_fault+0x589/0xd10 [ 361.851459][T11347] __get_user_pages+0x589/0x3b80 [ 361.851528][T11347] ? __pfx___get_user_pages+0x10/0x10 [ 361.851581][T11347] ? __pfx_down_read_killable+0x10/0x10 [ 361.851622][T11347] ? __lock_acquire+0xb8a/0x1c90 [ 361.851673][T11347] faultin_page_range+0x249/0x980 [ 361.851715][T11347] madvise_do_behavior+0x268/0x3f0 [ 361.851771][T11347] ? __pfx_madvise_do_behavior+0x10/0x10 [ 361.851846][T11347] do_madvise+0x161/0x230 [ 361.851896][T11347] ? __pfx_do_madvise+0x10/0x10 [ 361.851963][T11347] ? xfd_validate_state+0x61/0x180 [ 361.852009][T11347] ? __pfx_do_writev+0x10/0x10 [ 361.852048][T11347] __x64_sys_madvise+0xa9/0x110 [ 361.852106][T11347] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.852160][T11347] do_syscall_64+0xcd/0x490 [ 361.852197][T11347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.852231][T11347] RIP: 0033:0x7f09e5f8eb69 [ 361.852257][T11347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.852289][T11347] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 361.852321][T11347] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 361.852342][T11347] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 361.852363][T11347] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 361.852382][T11347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.852402][T11347] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 361.852445][T11347] [ 362.217526][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.738605][T11357] Process accounting resumed [ 364.919769][T11386] netlink: 'syz.0.2057': attribute type 4 has an invalid length. [ 365.286976][T11395] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2060'. [ 365.846281][T11397] vhci_hcd: not connected 4 [ 367.470922][T11426] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2069'. [ 369.247016][T11459] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2081'. [ 369.693513][T11472] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2085'. [ 369.703613][T11472] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.711139][T11472] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.911068][T11511] FAULT_INJECTION: forcing a failure. [ 371.911068][T11511] name failslab, interval 1, probability 0, space 0, times 0 [ 371.961677][T11511] CPU: 1 UID: 0 PID: 11511 Comm: syz.3.2098 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 371.961726][T11511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 371.961747][T11511] Call Trace: [ 371.961757][T11511] [ 371.961770][T11511] dump_stack_lvl+0x16c/0x1f0 [ 371.961809][T11511] should_fail_ex+0x512/0x640 [ 371.961859][T11511] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 371.961907][T11511] should_failslab+0xc2/0x120 [ 371.961954][T11511] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 371.961997][T11511] ? skb_clone+0x190/0x3f0 [ 371.962037][T11511] skb_clone+0x190/0x3f0 [ 371.962072][T11511] netlink_broadcast_filtered+0xb76/0xf90 [ 371.962147][T11511] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 371.962215][T11511] ? sprintf+0xcc/0x100 [ 371.962282][T11511] ? netlink_has_listeners+0x20f/0x430 [ 371.962345][T11511] netlink_broadcast+0x39/0x50 [ 371.962406][T11511] kobject_uevent_env+0xc6a/0x1870 [ 371.962459][T11511] ? bus_to_subsys+0x131/0x160 [ 371.962499][T11511] device_add+0x10dd/0x1a70 [ 371.962555][T11511] ? __pfx_device_add+0x10/0x10 [ 371.962624][T11511] nfc_register_device+0x41/0x3c0 [ 371.962664][T11511] nci_register_device+0x7f1/0xb80 [ 371.962717][T11511] ? __pfx_nci_register_device+0x10/0x10 [ 371.962775][T11511] ? lockdep_init_map_type+0x5c/0x280 [ 371.962829][T11511] virtual_ncidev_open+0x141/0x220 [ 371.962866][T11511] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 371.962902][T11511] misc_open+0x35d/0x420 [ 371.962940][T11511] ? __pfx_misc_open+0x10/0x10 [ 371.962977][T11511] chrdev_open+0x234/0x6a0 [ 371.963018][T11511] ? __pfx_apparmor_file_open+0x10/0x10 [ 371.963052][T11511] ? __pfx_chrdev_open+0x10/0x10 [ 371.963096][T11511] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 371.963141][T11511] do_dentry_open+0x744/0x1c10 [ 371.963200][T11511] ? __pfx_chrdev_open+0x10/0x10 [ 371.963250][T11511] vfs_open+0x82/0x3f0 [ 371.963305][T11511] path_openat+0x1de4/0x2cb0 [ 371.963374][T11511] ? __pfx_path_openat+0x10/0x10 [ 371.963419][T11511] ? __lock_acquire+0xb8a/0x1c90 [ 371.963472][T11511] do_filp_open+0x20b/0x470 [ 371.963518][T11511] ? __pfx_do_filp_open+0x10/0x10 [ 371.963593][T11511] ? alloc_fd+0x471/0x7d0 [ 371.963647][T11511] do_sys_openat2+0x11b/0x1d0 [ 371.963703][T11511] ? __pfx_do_sys_openat2+0x10/0x10 [ 371.963771][T11511] __x64_sys_openat+0x174/0x210 [ 371.963824][T11511] ? __pfx___x64_sys_openat+0x10/0x10 [ 371.963905][T11511] do_syscall_64+0xcd/0x490 [ 371.963943][T11511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.963990][T11511] RIP: 0033:0x7fd428f8eb69 [ 371.964017][T11511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.964050][T11511] RSP: 002b:00007fd429e14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 371.964088][T11511] RAX: ffffffffffffffda RBX: 00007fd4291b5fa0 RCX: 00007fd428f8eb69 [ 371.964111][T11511] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 371.964142][T11511] RBP: 00007fd429011df1 R08: 0000000000000000 R09: 0000000000000000 [ 371.964163][T11511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.964190][T11511] R13: 0000000000000000 R14: 00007fd4291b5fa0 R15: 00007fff7339dbd8 [ 371.964241][T11511] [ 372.818711][T11526] input: f¬ as /devices/virtual/input/input18 [ 372.850163][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 372.871171][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 374.419716][T11547] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2110'. [ 374.649000][T11552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2112'. [ 374.842406][T11550] vhci_hcd: not connected 4 [ 377.188258][T11590] vhci_hcd: not connected 4 [ 377.256911][T11594] FAULT_INJECTION: forcing a failure. [ 377.256911][T11594] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 377.297714][T11596] FAULT_INJECTION: forcing a failure. [ 377.297714][T11596] name failslab, interval 1, probability 0, space 0, times 0 [ 377.317190][T11594] CPU: 0 UID: 0 PID: 11594 Comm: syz.1.2126 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 377.317237][T11594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 377.317257][T11594] Call Trace: [ 377.317268][T11594] [ 377.317281][T11594] dump_stack_lvl+0x16c/0x1f0 [ 377.317322][T11594] should_fail_ex+0x512/0x640 [ 377.317378][T11594] should_fail_alloc_page+0xe7/0x130 [ 377.317426][T11594] prepare_alloc_pages+0x3c2/0x610 [ 377.317480][T11594] ? rcu_is_watching+0x12/0xc0 [ 377.317516][T11594] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 377.317563][T11594] ? __lock_acquire+0xb8a/0x1c90 [ 377.317623][T11594] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 377.317667][T11594] ? do_raw_spin_lock+0x12c/0x2b0 [ 377.317719][T11594] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 377.317770][T11594] ? find_held_lock+0x2b/0x80 [ 377.317816][T11594] ? __lock_acquire+0xb8a/0x1c90 [ 377.317859][T11594] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 377.317914][T11594] ? policy_nodemask+0xea/0x4e0 [ 377.317963][T11594] alloc_pages_mpol+0x1fb/0x550 [ 377.318011][T11594] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 377.318070][T11594] folio_alloc_mpol_noprof+0x36/0x2f0 [ 377.318133][T11594] shmem_alloc_folio+0x135/0x160 [ 377.318190][T11594] shmem_alloc_and_add_folio+0x499/0xc20 [ 377.318238][T11594] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 377.318283][T11594] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 377.318331][T11594] shmem_get_folio_gfp+0x67f/0x1600 [ 377.318381][T11594] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 377.318424][T11594] ? __lock_acquire+0x622/0x1c90 [ 377.318472][T11594] shmem_fault+0x1fe/0xa30 [ 377.318515][T11594] ? __pfx_shmem_fault+0x10/0x10 [ 377.318563][T11594] ? __lock_acquire+0xb8a/0x1c90 [ 377.318616][T11594] __do_fault+0x10d/0x490 [ 377.318657][T11594] ? __pfx_filemap_map_pages+0x10/0x10 [ 377.318700][T11594] __handle_mm_fault+0x371a/0x5390 [ 377.318749][T11594] ? __pfx___handle_mm_fault+0x10/0x10 [ 377.318788][T11594] ? __pte_offset_map_lock+0x174/0x310 [ 377.318835][T11594] ? find_held_lock+0x2b/0x80 [ 377.318862][T11594] ? find_held_lock+0x2b/0x80 [ 377.318901][T11594] ? follow_page_pte+0x3af/0x14c0 [ 377.318960][T11594] handle_mm_fault+0x589/0xd10 [ 377.319004][T11594] __get_user_pages+0x589/0x3b80 [ 377.319070][T11594] ? __pfx___get_user_pages+0x10/0x10 [ 377.319124][T11594] ? __pfx_down_read_killable+0x10/0x10 [ 377.319159][T11594] ? __lock_acquire+0xb8a/0x1c90 [ 377.319201][T11594] faultin_page_range+0x249/0x980 [ 377.319234][T11594] madvise_do_behavior+0x268/0x3f0 [ 377.319281][T11594] ? __pfx_madvise_do_behavior+0x10/0x10 [ 377.319343][T11594] do_madvise+0x161/0x230 [ 377.319386][T11594] ? __pfx_do_madvise+0x10/0x10 [ 377.319457][T11594] ? xfd_validate_state+0x61/0x180 [ 377.319513][T11594] ? __pfx_do_writev+0x10/0x10 [ 377.319559][T11594] __x64_sys_madvise+0xa9/0x110 [ 377.319615][T11594] ? lockdep_hardirqs_on+0x7c/0x110 [ 377.319673][T11594] do_syscall_64+0xcd/0x490 [ 377.319713][T11594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.319751][T11594] RIP: 0033:0x7f699718eb69 [ 377.319782][T11594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.319820][T11594] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 377.319851][T11594] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 377.319877][T11594] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 377.319901][T11594] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 377.319923][T11594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 377.319946][T11594] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 377.319994][T11594] [ 377.375511][T11596] CPU: 0 UID: 0 PID: 11596 Comm: syz.3.2127 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 377.375565][T11596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 377.375587][T11596] Call Trace: [ 377.375600][T11596] [ 377.375614][T11596] dump_stack_lvl+0x16c/0x1f0 [ 377.375656][T11596] should_fail_ex+0x512/0x640 [ 377.375712][T11596] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 377.375756][T11596] should_failslab+0xc2/0x120 [ 377.375808][T11596] __kmalloc_cache_noprof+0x6a/0x3e0 [ 377.375850][T11596] ? ima_calc_file_hash_tfm+0x231/0x350 [ 377.375915][T11596] ima_calc_file_hash_tfm+0x231/0x350 [ 377.375966][T11596] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 377.376072][T11596] ? stack_trace_save+0x8e/0xc0 [ 377.376116][T11596] ? ima_alloc_tfm+0x21a/0x2e0 [ 377.376157][T11596] ? generic_fillattr+0x6bf/0x940 [ 377.376211][T11596] ima_calc_file_hash+0x1ba/0x490 [ 377.376265][T11596] ima_collect_measurement+0x899/0xa40 [ 377.376330][T11596] ? __pfx_ima_collect_measurement+0x10/0x10 [ 377.376413][T11596] ? __mutex_lock+0x1c2/0x1070 [ 377.376453][T11596] ? is_bad_inode+0xd/0x40 [ 377.376508][T11596] ? xattr_resolve_name+0x27b/0x3f0 [ 377.376575][T11596] ? vfs_getxattr_alloc+0xec/0x340 [ 377.376622][T11596] ? ima_get_hash_algo+0x27c/0x400 [ 377.376663][T11596] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 377.376712][T11596] ? process_measurement+0x11fa/0x23e0 [ 377.376756][T11596] process_measurement+0x11fa/0x23e0 [ 377.376818][T11596] ? __pfx_process_measurement+0x10/0x10 [ 377.376865][T11596] ? __lock_acquire+0x622/0x1c90 [ 377.376925][T11596] ? hugetlb_file_setup+0x4cd/0x620 [ 377.376982][T11596] ? ksys_mmap_pgoff+0x189/0x5c0 [ 377.377036][T11596] ? __x64_sys_mmap+0x125/0x190 [ 377.377092][T11596] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.377195][T11596] ima_file_mmap+0x1b1/0x1d0 [ 377.377237][T11596] ? __pfx_ima_file_mmap+0x10/0x10 [ 377.377293][T11596] security_mmap_file+0x88c/0x990 [ 377.377333][T11596] vm_mmap_pgoff+0xec/0x450 [ 377.377391][T11596] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 377.377440][T11596] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 377.377496][T11596] ? hugetlbfs_get_inode+0x31f/0x730 [ 377.377566][T11596] ksys_mmap_pgoff+0x1c8/0x5c0 [ 377.377631][T11596] __x64_sys_mmap+0x125/0x190 [ 377.377692][T11596] do_syscall_64+0xcd/0x490 [ 377.377732][T11596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.377769][T11596] RIP: 0033:0x7fd428f8eb69 [ 377.377798][T11596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.377835][T11596] RSP: 002b:00007fd429e14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 377.377870][T11596] RAX: ffffffffffffffda RBX: 00007fd4291b5fa0 RCX: 00007fd428f8eb69 [ 377.377898][T11596] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 377.377926][T11596] RBP: 00007fd429011df1 R08: 0000000000000401 R09: 0000300000000000 [ 377.377951][T11596] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 377.377973][T11596] R13: 0000000000000000 R14: 00007fd4291b5fa0 R15: 00007fff7339dbd8 [ 377.378021][T11596] [ 377.419008][ T30] audit: type=1800 audit(1753969294.042:12): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2127" name="anon_hugepage" dev="hugetlbfs" ino=34646 res=0 errno=0 [ 377.652087][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.099326][T11603] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 378.276622][T11610] FAULT_INJECTION: forcing a failure. [ 378.276622][T11610] name failslab, interval 1, probability 0, space 0, times 0 [ 378.312923][T11610] CPU: 0 UID: 0 PID: 11610 Comm: syz.0.2131 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 378.312975][T11610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 378.312997][T11610] Call Trace: [ 378.313008][T11610] [ 378.313021][T11610] dump_stack_lvl+0x16c/0x1f0 [ 378.313061][T11610] should_fail_ex+0x512/0x640 [ 378.313113][T11610] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 378.313165][T11610] should_failslab+0xc2/0x120 [ 378.313211][T11610] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 378.313260][T11610] ? kvasprintf_const+0x66/0x1a0 [ 378.313304][T11610] kvasprintf+0xbc/0x160 [ 378.313338][T11610] ? __pfx_kvasprintf+0x10/0x10 [ 378.313375][T11610] ? find_held_lock+0x2b/0x80 [ 378.313407][T11610] ? rcu_read_unlock+0x17/0x60 [ 378.313459][T11610] kvasprintf_const+0x66/0x1a0 [ 378.313498][T11610] kobject_set_name_vargs+0x5a/0x140 [ 378.313540][T11610] dev_set_name+0xc7/0x100 [ 378.313573][T11610] ? __pfx_dev_set_name+0x10/0x10 [ 378.313602][T11610] ? rcu_is_watching+0x12/0xc0 [ 378.313637][T11610] ? rcu_is_watching+0x12/0xc0 [ 378.313669][T11610] ? trace_kmalloc+0x2b/0xd0 [ 378.313716][T11610] ? __kmalloc_noprof.cold+0x5c/0x61 [ 378.313775][T11610] wiphy_new_nm+0x811/0x2190 [ 378.313809][T11610] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 378.313847][T11610] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 378.313892][T11610] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 378.313926][T11610] ? __local_bh_enable_ip+0xa4/0x120 [ 378.313970][T11610] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 378.314046][T11610] ? __asan_memset+0x23/0x50 [ 378.314082][T11610] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 378.314149][T11610] hwsim_new_radio_nl+0xb51/0x12c0 [ 378.314207][T11610] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 378.314275][T11610] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 378.314320][T11610] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 378.314373][T11610] genl_family_rcv_msg_doit+0x206/0x2f0 [ 378.314418][T11610] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 378.314460][T11610] ? trace_cap_capable+0x18d/0x200 [ 378.314516][T11610] ? bpf_lsm_capable+0x9/0x10 [ 378.314546][T11610] ? security_capable+0x7e/0x260 [ 378.314592][T11610] ? ns_capable+0xd7/0x110 [ 378.314629][T11610] genl_rcv_msg+0x55c/0x800 [ 378.314673][T11610] ? __pfx_genl_rcv_msg+0x10/0x10 [ 378.314715][T11610] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 378.314786][T11610] netlink_rcv_skb+0x155/0x420 [ 378.314820][T11610] ? __pfx_genl_rcv_msg+0x10/0x10 [ 378.314870][T11610] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 378.314925][T11610] ? netlink_deliver_tap+0x1ae/0xd30 [ 378.314988][T11610] genl_rcv+0x28/0x40 [ 378.315023][T11610] netlink_unicast+0x5aa/0x870 [ 378.315065][T11610] ? __pfx_netlink_unicast+0x10/0x10 [ 378.315100][T11610] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 378.315150][T11610] netlink_sendmsg+0x8d1/0xdd0 [ 378.315192][T11610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 378.315245][T11610] ____sys_sendmsg+0xa98/0xc70 [ 378.315290][T11610] ? copy_msghdr_from_user+0x10a/0x160 [ 378.315322][T11610] ? __pfx_____sys_sendmsg+0x10/0x10 [ 378.315376][T11610] ? __pfx_futex_wake_mark+0x10/0x10 [ 378.315432][T11610] ___sys_sendmsg+0x134/0x1d0 [ 378.315461][T11610] ? futex_private_hash_put+0x176/0x300 [ 378.315510][T11610] ? __pfx____sys_sendmsg+0x10/0x10 [ 378.315540][T11610] ? __lock_acquire+0x622/0x1c90 [ 378.315638][T11610] __sys_sendmsg+0x16d/0x220 [ 378.315673][T11610] ? __pfx___sys_sendmsg+0x10/0x10 [ 378.315705][T11610] ? __x64_sys_futex+0x1e0/0x4c0 [ 378.315775][T11610] do_syscall_64+0xcd/0x490 [ 378.315812][T11610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.315846][T11610] RIP: 0033:0x7f09e5f8eb69 [ 378.315881][T11610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.315915][T11610] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 378.315948][T11610] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 378.315970][T11610] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000003 [ 378.315991][T11610] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 378.316012][T11610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.316032][T11610] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 378.316076][T11610] [ 378.744764][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.150451][T11621] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 379.172926][T11622] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 379.482190][T11627] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2138'. [ 380.023633][T11637] FAULT_INJECTION: forcing a failure. [ 380.023633][T11637] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 380.100385][T11637] CPU: 0 UID: 0 PID: 11637 Comm: syz.3.2142 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 380.100429][T11637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 380.100447][T11637] Call Trace: [ 380.100456][T11637] [ 380.100467][T11637] dump_stack_lvl+0x16c/0x1f0 [ 380.100498][T11637] should_fail_ex+0x512/0x640 [ 380.100548][T11637] should_fail_alloc_page+0xe7/0x130 [ 380.100591][T11637] prepare_alloc_pages+0x3c2/0x610 [ 380.100637][T11637] ? rcu_is_watching+0x12/0xc0 [ 380.100668][T11637] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 380.100705][T11637] ? __lock_acquire+0xb8a/0x1c90 [ 380.100754][T11637] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 380.100789][T11637] ? do_raw_spin_lock+0x12c/0x2b0 [ 380.100831][T11637] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 380.100872][T11637] ? find_held_lock+0x2b/0x80 [ 380.100915][T11637] ? __lock_acquire+0xb8a/0x1c90 [ 380.100950][T11637] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 380.100996][T11637] ? policy_nodemask+0xea/0x4e0 [ 380.101037][T11637] alloc_pages_mpol+0x1fb/0x550 [ 380.101078][T11637] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 380.101128][T11637] folio_alloc_mpol_noprof+0x36/0x2f0 [ 380.101174][T11637] shmem_alloc_folio+0x135/0x160 [ 380.101220][T11637] shmem_alloc_and_add_folio+0x499/0xc20 [ 380.101259][T11637] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 380.101294][T11637] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 380.101333][T11637] shmem_get_folio_gfp+0x67f/0x1600 [ 380.101372][T11637] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 380.101406][T11637] ? __lock_acquire+0x622/0x1c90 [ 380.101445][T11637] shmem_fault+0x1fe/0xa30 [ 380.101478][T11637] ? __pfx_shmem_fault+0x10/0x10 [ 380.101516][T11637] ? __lock_acquire+0xb8a/0x1c90 [ 380.101558][T11637] __do_fault+0x10d/0x490 [ 380.101593][T11637] ? __pfx_filemap_map_pages+0x10/0x10 [ 380.101629][T11637] __handle_mm_fault+0x371a/0x5390 [ 380.101668][T11637] ? __pfx___handle_mm_fault+0x10/0x10 [ 380.101699][T11637] ? __pte_offset_map_lock+0x174/0x310 [ 380.101740][T11637] ? find_held_lock+0x2b/0x80 [ 380.101763][T11637] ? find_held_lock+0x2b/0x80 [ 380.101797][T11637] ? follow_page_pte+0x3af/0x14c0 [ 380.101848][T11637] handle_mm_fault+0x589/0xd10 [ 380.101883][T11637] __get_user_pages+0x589/0x3b80 [ 380.101952][T11637] ? __pfx___get_user_pages+0x10/0x10 [ 380.101997][T11637] ? __pfx_down_read_killable+0x10/0x10 [ 380.102032][T11637] ? __lock_acquire+0xb8a/0x1c90 [ 380.102073][T11637] faultin_page_range+0x249/0x980 [ 380.102107][T11637] madvise_do_behavior+0x268/0x3f0 [ 380.102153][T11637] ? __pfx_madvise_do_behavior+0x10/0x10 [ 380.102214][T11637] do_madvise+0x161/0x230 [ 380.102254][T11637] ? __pfx_do_madvise+0x10/0x10 [ 380.102311][T11637] ? xfd_validate_state+0x61/0x180 [ 380.102350][T11637] ? __pfx_do_writev+0x10/0x10 [ 380.102382][T11637] __x64_sys_madvise+0xa9/0x110 [ 380.102423][T11637] ? lockdep_hardirqs_on+0x7c/0x110 [ 380.102466][T11637] do_syscall_64+0xcd/0x490 [ 380.102496][T11637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.102523][T11637] RIP: 0033:0x7fd428f8eb69 [ 380.102545][T11637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.102572][T11637] RSP: 002b:00007fd429e14038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 380.102599][T11637] RAX: ffffffffffffffda RBX: 00007fd4291b5fa0 RCX: 00007fd428f8eb69 [ 380.102617][T11637] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 380.102635][T11637] RBP: 00007fd429011df1 R08: 0000000000000000 R09: 0000000000000000 [ 380.102653][T11637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.102669][T11637] R13: 0000000000000000 R14: 00007fd4291b5fa0 R15: 00007fff7339dbd8 [ 380.102703][T11637] [ 380.475517][ C0] vkms_vblank_simulate: vblank timer overrun [ 381.917804][T11667] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2154'. [ 382.522393][T11678] FAULT_INJECTION: forcing a failure. [ 382.522393][T11678] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 382.564072][T11678] CPU: 0 UID: 0 PID: 11678 Comm: syz.2.2158 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 382.564122][T11678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 382.564143][T11678] Call Trace: [ 382.564154][T11678] [ 382.564166][T11678] dump_stack_lvl+0x16c/0x1f0 [ 382.564206][T11678] should_fail_ex+0x512/0x640 [ 382.564264][T11678] should_fail_alloc_page+0xe7/0x130 [ 382.564315][T11678] prepare_alloc_pages+0x3c2/0x610 [ 382.564370][T11678] ? rcu_is_watching+0x12/0xc0 [ 382.564407][T11678] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 382.564454][T11678] ? __lock_acquire+0xb8a/0x1c90 [ 382.564521][T11678] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 382.564566][T11678] ? do_raw_spin_lock+0x12c/0x2b0 [ 382.564618][T11678] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 382.564670][T11678] ? find_held_lock+0x2b/0x80 [ 382.564715][T11678] ? __lock_acquire+0xb8a/0x1c90 [ 382.564757][T11678] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 382.564813][T11678] ? policy_nodemask+0xea/0x4e0 [ 382.564863][T11678] alloc_pages_mpol+0x1fb/0x550 [ 382.564912][T11678] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 382.564970][T11678] folio_alloc_mpol_noprof+0x36/0x2f0 [ 382.565027][T11678] shmem_alloc_folio+0x135/0x160 [ 382.565085][T11678] shmem_alloc_and_add_folio+0x499/0xc20 [ 382.565134][T11678] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 382.565179][T11678] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 382.565227][T11678] shmem_get_folio_gfp+0x67f/0x1600 [ 382.565276][T11678] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 382.565320][T11678] ? __lock_acquire+0x622/0x1c90 [ 382.565368][T11678] shmem_fault+0x1fe/0xa30 [ 382.565410][T11678] ? __pfx_shmem_fault+0x10/0x10 [ 382.565459][T11678] ? __lock_acquire+0xb8a/0x1c90 [ 382.565519][T11678] __do_fault+0x10d/0x490 [ 382.565561][T11678] ? __pfx_filemap_map_pages+0x10/0x10 [ 382.565605][T11678] __handle_mm_fault+0x371a/0x5390 [ 382.565653][T11678] ? __pfx___handle_mm_fault+0x10/0x10 [ 382.565690][T11678] ? __pte_offset_map_lock+0x174/0x310 [ 382.565740][T11678] ? find_held_lock+0x2b/0x80 [ 382.565769][T11678] ? find_held_lock+0x2b/0x80 [ 382.565812][T11678] ? follow_page_pte+0x3af/0x14c0 [ 382.565875][T11678] handle_mm_fault+0x589/0xd10 [ 382.565919][T11678] __get_user_pages+0x589/0x3b80 [ 382.565990][T11678] ? __pfx___get_user_pages+0x10/0x10 [ 382.566043][T11678] ? __pfx_down_read_killable+0x10/0x10 [ 382.566084][T11678] ? __lock_acquire+0xb8a/0x1c90 [ 382.566136][T11678] faultin_page_range+0x249/0x980 [ 382.566178][T11678] madvise_do_behavior+0x268/0x3f0 [ 382.566238][T11678] ? __pfx_madvise_do_behavior+0x10/0x10 [ 382.566310][T11678] do_madvise+0x161/0x230 [ 382.566357][T11678] ? __pfx_do_madvise+0x10/0x10 [ 382.566426][T11678] ? xfd_validate_state+0x61/0x180 [ 382.566471][T11678] ? __pfx_do_writev+0x10/0x10 [ 382.566520][T11678] __x64_sys_madvise+0xa9/0x110 [ 382.566571][T11678] ? lockdep_hardirqs_on+0x7c/0x110 [ 382.566623][T11678] do_syscall_64+0xcd/0x490 [ 382.566659][T11678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.566693][T11678] RIP: 0033:0x7fe4c338eb69 [ 382.566720][T11678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.566753][T11678] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 382.566786][T11678] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 382.566809][T11678] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 382.566830][T11678] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 382.566851][T11678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 382.566871][T11678] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 382.566915][T11678] [ 383.878029][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.884484][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.037123][T11693] random: crng reseeded on system resumption [ 384.549089][ T30] audit: type=1326 audit(1753969301.168:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11696 comm="syz.0.2164" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f09e5f8eb69 code=0x0 [ 384.601599][T11705] FAULT_INJECTION: forcing a failure. [ 384.601599][T11705] name failslab, interval 1, probability 0, space 0, times 0 [ 384.654793][T11705] CPU: 0 UID: 0 PID: 11705 Comm: syz.0.2164 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 384.654843][T11705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 384.654863][T11705] Call Trace: [ 384.654874][T11705] [ 384.654887][T11705] dump_stack_lvl+0x16c/0x1f0 [ 384.654927][T11705] should_fail_ex+0x512/0x640 [ 384.654978][T11705] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 384.655020][T11705] should_failslab+0xc2/0x120 [ 384.655068][T11705] __kmalloc_cache_noprof+0x6a/0x3e0 [ 384.655106][T11705] ? snd_seq_create_port+0xf7/0xad0 [ 384.655146][T11705] snd_seq_create_port+0xf7/0xad0 [ 384.655193][T11705] snd_seq_ioctl_create_port+0x253/0x950 [ 384.655252][T11705] ? __pfx_snd_seq_ioctl_create_port+0x10/0x10 [ 384.655311][T11705] ? kasan_save_stack+0x42/0x60 [ 384.655349][T11705] ? kasan_save_stack+0x33/0x60 [ 384.655395][T11705] ? kasan_save_track+0x14/0x30 [ 384.655441][T11705] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 384.655486][T11705] create_port+0x197/0x260 [ 384.655521][T11705] ? __pfx_create_port+0x10/0x10 [ 384.655564][T11705] ? __pfx_snd_seq_oss_event_input+0x10/0x10 [ 384.655605][T11705] ? __pfx_free_devinfo+0x10/0x10 [ 384.655673][T11705] ? mark_held_locks+0x49/0x80 [ 384.655716][T11705] ? _raw_spin_unlock_irq+0x23/0x50 [ 384.655772][T11705] snd_seq_oss_open+0x36c/0xa20 [ 384.655818][T11705] odev_open+0x6f/0x90 [ 384.655848][T11705] ? __pfx_odev_open+0x10/0x10 [ 384.655880][T11705] soundcore_open+0x40c/0x580 [ 384.655917][T11705] ? __pfx_soundcore_open+0x10/0x10 [ 384.655947][T11705] chrdev_open+0x234/0x6a0 [ 384.655987][T11705] ? __pfx_apparmor_file_open+0x10/0x10 [ 384.656020][T11705] ? __pfx_chrdev_open+0x10/0x10 [ 384.656065][T11705] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 384.656110][T11705] do_dentry_open+0x744/0x1c10 [ 384.656149][T11705] ? __pfx_chrdev_open+0x10/0x10 [ 384.656205][T11705] vfs_open+0x82/0x3f0 [ 384.656258][T11705] path_openat+0x1de4/0x2cb0 [ 384.656312][T11705] ? __pfx_path_openat+0x10/0x10 [ 384.656352][T11705] ? __lock_acquire+0xb8a/0x1c90 [ 384.656413][T11705] do_filp_open+0x20b/0x470 [ 384.656448][T11705] ? __pfx_do_filp_open+0x10/0x10 [ 384.656512][T11705] ? alloc_fd+0x471/0x7d0 [ 384.656556][T11705] do_sys_openat2+0x11b/0x1d0 [ 384.656605][T11705] ? __pfx_do_sys_openat2+0x10/0x10 [ 384.656657][T11705] ? handle_mm_fault+0x2ab/0xd10 [ 384.656701][T11705] __x64_sys_openat+0x174/0x210 [ 384.656749][T11705] ? __pfx___x64_sys_openat+0x10/0x10 [ 384.656816][T11705] do_syscall_64+0xcd/0x490 [ 384.656854][T11705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.656888][T11705] RIP: 0033:0x7f09e5f8eb69 [ 384.656914][T11705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.656946][T11705] RSP: 002b:00007f09e6e93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 384.656974][T11705] RAX: ffffffffffffffda RBX: 00007f09e61b6080 RCX: 00007f09e5f8eb69 [ 384.656995][T11705] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 384.657012][T11705] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 384.657030][T11705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.657049][T11705] R13: 0000000000000000 R14: 00007f09e61b6080 R15: 00007fff27f456c8 [ 384.657089][T11705] [ 384.657101][T11705] ALSA: seq_oss: can't create port [ 384.898475][T11708] FAULT_INJECTION: forcing a failure. [ 384.898475][T11708] name failslab, interval 1, probability 0, space 0, times 0 [ 384.898569][T11708] CPU: 1 UID: 0 PID: 11708 Comm: syz.3.2166 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 384.898618][T11708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 384.898638][T11708] Call Trace: [ 384.898648][T11708] [ 384.898661][T11708] dump_stack_lvl+0x16c/0x1f0 [ 384.898698][T11708] should_fail_ex+0x512/0x640 [ 384.898749][T11708] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 384.898795][T11708] should_failslab+0xc2/0x120 [ 384.898842][T11708] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 384.898887][T11708] ? __kernfs_new_node+0xd2/0x8e0 [ 384.898942][T11708] __kernfs_new_node+0xd2/0x8e0 [ 384.898992][T11708] ? __pfx___kernfs_new_node+0x10/0x10 [ 384.899048][T11708] ? find_held_lock+0x2b/0x80 [ 384.899084][T11708] ? kernfs_root+0xee/0x2a0 [ 384.899137][T11708] kernfs_new_node+0x13c/0x1e0 [ 384.899194][T11708] __kernfs_create_file+0x53/0x350 [ 384.899264][T11708] sysfs_add_file_mode_ns+0x207/0x3c0 [ 384.899317][T11708] internal_create_group+0x578/0xf30 [ 384.899374][T11708] ? __pfx_internal_create_group+0x10/0x10 [ 384.899427][T11708] ? kernfs_create_link+0x1bd/0x240 [ 384.899494][T11708] internal_create_groups+0x9d/0x150 [ 384.899543][T11708] device_add+0x6d1/0x1a70 [ 384.899613][T11708] ? __pfx_device_add+0x10/0x10 [ 384.899670][T11708] ? lockdep_init_map_type+0x5c/0x280 [ 384.899722][T11708] ? __init_waitqueue_head+0xca/0x150 [ 384.899790][T11708] netdev_register_kobject+0x1a9/0x3d0 [ 384.899848][T11708] register_netdevice+0x13dc/0x2270 [ 384.899898][T11708] ? __pfx_register_netdevice+0x10/0x10 [ 384.899955][T11708] slip_open+0xb86/0x1150 [ 384.900015][T11708] ? __pfx_slip_open+0x10/0x10 [ 384.900064][T11708] ? down_write+0x14d/0x200 [ 384.900108][T11708] ? __pfx_slip_open+0x10/0x10 [ 384.900157][T11708] tty_ldisc_open+0x9f/0x120 [ 384.900203][T11708] tty_set_ldisc+0x32b/0x780 [ 384.900256][T11708] tty_ioctl+0xc2e/0x1640 [ 384.900311][T11708] ? __pfx_tty_ioctl+0x10/0x10 [ 384.900379][T11708] ? find_held_lock+0x2b/0x80 [ 384.900414][T11708] ? hook_file_ioctl_common+0x145/0x410 [ 384.900480][T11708] ? __fget_files+0x20e/0x3c0 [ 384.900524][T11708] ? __pfx_tty_ioctl+0x10/0x10 [ 384.900576][T11708] __x64_sys_ioctl+0x18e/0x210 [ 384.900645][T11708] do_syscall_64+0xcd/0x490 [ 384.900686][T11708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.900723][T11708] RIP: 0033:0x7fd428f8eb69 [ 384.900752][T11708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.900790][T11708] RSP: 002b:00007fd429e14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 384.900825][T11708] RAX: ffffffffffffffda RBX: 00007fd4291b5fa0 RCX: 00007fd428f8eb69 [ 384.900852][T11708] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000005 [ 384.900874][T11708] RBP: 00007fd429011df1 R08: 0000000000000000 R09: 0000000000000000 [ 384.900898][T11708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.900922][T11708] R13: 0000000000000000 R14: 00007fd4291b5fa0 R15: 00007fff7339dbd8 [ 384.900971][T11708] [ 385.507674][T11710] FAULT_INJECTION: forcing a failure. [ 385.507674][T11710] name failslab, interval 1, probability 0, space 0, times 0 [ 385.558628][T11710] CPU: 0 UID: 0 PID: 11710 Comm: syz.1.2167 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 385.558677][T11710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 385.558698][T11710] Call Trace: [ 385.558710][T11710] [ 385.558723][T11710] dump_stack_lvl+0x16c/0x1f0 [ 385.558761][T11710] should_fail_ex+0x512/0x640 [ 385.558813][T11710] ? fs_reclaim_acquire+0xae/0x150 [ 385.558872][T11710] should_failslab+0xc2/0x120 [ 385.558918][T11710] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 385.558962][T11710] ? jbd2__journal_start+0x193/0x6a0 [ 385.559012][T11710] ? __pfx___might_resched+0x10/0x10 [ 385.559052][T11710] jbd2__journal_start+0x193/0x6a0 [ 385.559108][T11710] __ext4_journal_start_sb+0x195/0x690 [ 385.559149][T11710] ? ext4_punch_hole+0x782/0x1070 [ 385.559198][T11710] ext4_punch_hole+0x782/0x1070 [ 385.559254][T11710] ext4_fallocate+0x22d2/0x3790 [ 385.559352][T11710] ? __pfx_ext4_fallocate+0x10/0x10 [ 385.559400][T11710] vfs_fallocate+0x592/0x10c0 [ 385.559444][T11710] ? __pfx_vfs_fallocate+0x10/0x10 [ 385.559485][T11710] ? madvise_vma_behavior+0x222c/0x2420 [ 385.559536][T11710] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 385.559597][T11710] madvise_vma_behavior+0x21ca/0x2420 [ 385.559655][T11710] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 385.559708][T11710] ? __pfx_mas_prev+0x10/0x10 [ 385.559752][T11710] ? find_vma_prev+0xda/0x160 [ 385.559808][T11710] ? __pfx_find_vma_prev+0x10/0x10 [ 385.559885][T11710] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 385.559935][T11710] madvise_walk_vmas+0x1d1/0x2c0 [ 385.559987][T11710] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 385.560048][T11710] madvise_do_behavior+0x15d/0x3f0 [ 385.560106][T11710] ? __pfx_madvise_do_behavior+0x10/0x10 [ 385.560180][T11710] do_madvise+0x161/0x230 [ 385.560231][T11710] ? __pfx_do_madvise+0x10/0x10 [ 385.560311][T11710] ? xfd_validate_state+0x61/0x180 [ 385.560374][T11710] __x64_sys_madvise+0xa9/0x110 [ 385.560427][T11710] ? lockdep_hardirqs_on+0x7c/0x110 [ 385.560482][T11710] do_syscall_64+0xcd/0x490 [ 385.560520][T11710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.560556][T11710] RIP: 0033:0x7f699718eb69 [ 385.560582][T11710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.560615][T11710] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 385.560647][T11710] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 385.560669][T11710] RDX: 0000000000000009 RSI: 00000000000031ca RDI: 000000110c230000 [ 385.560691][T11710] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 385.560712][T11710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.560732][T11710] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 385.560773][T11710] [ 385.560790][T11710] EXT4-fs error (device sda1) in ext4_punch_hole:4393: Out of memory [ 385.887376][T11714] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2169'. [ 386.208885][T11718] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 387.858398][T11746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2179'. [ 388.360650][T11757] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 390.250064][T11805] mkiss: ax0: crc mode is auto. [ 391.084724][T11818] syz.0.2208 (11818) used greatest stack depth: 19752 bytes left [ 391.611225][T11837] serio: Serial port pty238 [ 392.524841][T11855] FAULT_INJECTION: forcing a failure. [ 392.524841][T11855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 392.639775][T11855] CPU: 1 UID: 0 PID: 11855 Comm: syz.2.2219 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 392.639820][T11855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 392.639838][T11855] Call Trace: [ 392.639848][T11855] [ 392.639859][T11855] dump_stack_lvl+0x16c/0x1f0 [ 392.639893][T11855] should_fail_ex+0x512/0x640 [ 392.639943][T11855] _copy_from_user+0x2e/0xd0 [ 392.639977][T11855] btf_new_fd+0x70a/0x5490 [ 392.640023][T11855] ? __lock_acquire+0xb8a/0x1c90 [ 392.640082][T11855] ? aa_get_newest_label+0x375/0x680 [ 392.640139][T11855] ? __pfx_btf_new_fd+0x10/0x10 [ 392.640177][T11855] ? trace_cap_capable+0x18d/0x200 [ 392.640228][T11855] ? apparmor_capable+0x114/0x1d0 [ 392.640276][T11855] ? bpf_lsm_capable+0x9/0x10 [ 392.640306][T11855] ? security_capable+0x7e/0x260 [ 392.640350][T11855] ? ns_capable+0xd7/0x110 [ 392.640388][T11855] __sys_bpf+0x38a/0x4de0 [ 392.640444][T11855] ? __pfx___sys_bpf+0x10/0x10 [ 392.640506][T11855] ? do_futex+0x122/0x350 [ 392.640548][T11855] ? __pfx_do_futex+0x10/0x10 [ 392.640613][T11855] ? xfd_validate_state+0x61/0x180 [ 392.640661][T11855] ? __pfx_do_pwritev+0x10/0x10 [ 392.640703][T11855] __x64_sys_bpf+0x78/0xc0 [ 392.640755][T11855] ? lockdep_hardirqs_on+0x7c/0x110 [ 392.640806][T11855] do_syscall_64+0xcd/0x490 [ 392.640842][T11855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.640876][T11855] RIP: 0033:0x7fe4c338eb69 [ 392.640903][T11855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.640937][T11855] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 392.640969][T11855] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 392.640993][T11855] RDX: 0000000000000026 RSI: 0000000000000000 RDI: 0000000000000012 [ 392.641013][T11855] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 392.641033][T11855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.641053][T11855] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 392.641106][T11855] [ 393.102283][T11864] netlink: 'syz.2.2223': attribute type 27 has an invalid length. [ 393.226564][T11864] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2223'. [ 393.749800][T11878] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2227'. [ 393.860980][T11878] veth0_macvtap: left promiscuous mode [ 393.926496][ T30] audit: type=1804 audit(1753969310.544:14): pid=11884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2229" name="/newroot/552/file0" dev="tmpfs" ino=2856 res=1 errno=0 [ 395.110289][T11893] Process accounting paused [ 395.290405][T11900] FAULT_INJECTION: forcing a failure. [ 395.290405][T11900] name failslab, interval 1, probability 0, space 0, times 0 [ 395.343277][T11900] CPU: 0 UID: 0 PID: 11900 Comm: syz.3.2238 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 395.343328][T11900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 395.343349][T11900] Call Trace: [ 395.343361][T11900] [ 395.343374][T11900] dump_stack_lvl+0x16c/0x1f0 [ 395.343413][T11900] should_fail_ex+0x512/0x640 [ 395.343461][T11900] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 395.343501][T11900] should_failslab+0xc2/0x120 [ 395.343550][T11900] __kmalloc_cache_noprof+0x6a/0x3e0 [ 395.343588][T11900] ? mpi_alloc+0x46/0x230 [ 395.343633][T11900] mpi_alloc+0x46/0x230 [ 395.343672][T11900] rsa_check_payload+0x3b/0xc0 [ 395.343716][T11900] rsa_enc+0x198/0x3b0 [ 395.343758][T11900] ? __pfx_rsa_enc+0x10/0x10 [ 395.343798][T11900] ? __virt_addr_valid+0x81/0x610 [ 395.343839][T11900] ? __phys_addr+0xe8/0x180 [ 395.343879][T11900] ? sg_init_one+0xf5/0x1b0 [ 395.343945][T11900] rsassa_pkcs1_verify+0x502/0xb60 [ 395.344010][T11900] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 395.344081][T11900] ? rsa_max_size+0xd/0x70 [ 395.344148][T11900] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 395.344211][T11900] public_key_verify_signature+0x66f/0x970 [ 395.344265][T11900] ? __pfx_public_key_verify_signature+0x10/0x10 [ 395.344340][T11900] x509_check_for_self_signed+0x31a/0x500 [ 395.344397][T11900] x509_cert_parse+0x5f8/0x900 [ 395.344434][T11900] ? kasan_save_stack+0x42/0x60 [ 395.344473][T11900] ? kasan_save_stack+0x33/0x60 [ 395.344510][T11900] ? kasan_save_track+0x14/0x30 [ 395.344552][T11900] pkcs7_extract_cert+0xa4/0x320 [ 395.344611][T11900] asn1_ber_decoder+0xc5f/0x1df0 [ 395.344695][T11900] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 395.344785][T11900] pkcs7_parse_message+0x288/0x720 [ 395.344838][T11900] verify_pkcs7_signature+0x30/0xa0 [ 395.344907][T11900] valid_regdb+0x211/0x590 [ 395.344966][T11900] ? __pfx___mutex_lock+0x10/0x10 [ 395.345003][T11900] ? __pfx_valid_regdb+0x10/0x10 [ 395.345069][T11900] reg_reload_regdb+0x11a/0x460 [ 395.345116][T11900] ? __pfx_reg_reload_regdb+0x10/0x10 [ 395.345155][T11900] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 395.345203][T11900] ? nl80211_pre_doit+0x1b0/0xb10 [ 395.345257][T11900] genl_family_rcv_msg_doit+0x206/0x2f0 [ 395.345304][T11900] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 395.345345][T11900] ? rcu_is_watching+0x12/0xc0 [ 395.345392][T11900] ? bpf_lsm_capable+0x9/0x10 [ 395.345425][T11900] ? security_capable+0x7e/0x260 [ 395.345482][T11900] genl_rcv_msg+0x55c/0x800 [ 395.345528][T11900] ? __pfx_genl_rcv_msg+0x10/0x10 [ 395.345568][T11900] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 395.345613][T11900] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 395.345645][T11900] ? __pfx_nl80211_post_doit+0x10/0x10 [ 395.345707][T11900] netlink_rcv_skb+0x155/0x420 [ 395.345742][T11900] ? __pfx_genl_rcv_msg+0x10/0x10 [ 395.345785][T11900] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 395.345837][T11900] ? netlink_deliver_tap+0x1ae/0xd30 [ 395.345908][T11900] genl_rcv+0x28/0x40 [ 395.345944][T11900] netlink_unicast+0x5aa/0x870 [ 395.345985][T11900] ? __pfx_netlink_unicast+0x10/0x10 [ 395.346021][T11900] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 395.346068][T11900] netlink_sendmsg+0x8d1/0xdd0 [ 395.346112][T11900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.346164][T11900] ____sys_sendmsg+0xa98/0xc70 [ 395.346213][T11900] ? copy_msghdr_from_user+0x10a/0x160 [ 395.346246][T11900] ? __pfx_____sys_sendmsg+0x10/0x10 [ 395.346300][T11900] ? __pfx_futex_wake_mark+0x10/0x10 [ 395.346355][T11900] ___sys_sendmsg+0x134/0x1d0 [ 395.346384][T11900] ? futex_private_hash_put+0x176/0x300 [ 395.346422][T11900] ? __pfx____sys_sendmsg+0x10/0x10 [ 395.346451][T11900] ? __lock_acquire+0x622/0x1c90 [ 395.346540][T11900] __sys_sendmsg+0x16d/0x220 [ 395.346574][T11900] ? __pfx___sys_sendmsg+0x10/0x10 [ 395.346606][T11900] ? __x64_sys_futex+0x1e0/0x4c0 [ 395.346675][T11900] do_syscall_64+0xcd/0x490 [ 395.346713][T11900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.346748][T11900] RIP: 0033:0x7fd428f8eb69 [ 395.346775][T11900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.346808][T11900] RSP: 002b:00007fd429e14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 395.346839][T11900] RAX: ffffffffffffffda RBX: 00007fd4291b5fa0 RCX: 00007fd428f8eb69 [ 395.346861][T11900] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 395.346882][T11900] RBP: 00007fd429011df1 R08: 0000000000000000 R09: 0000000000000000 [ 395.346911][T11900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.346930][T11900] R13: 0000000000000000 R14: 00007fd4291b5fa0 R15: 00007fff7339dbd8 [ 395.346973][T11900] [ 396.509997][T11915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2241'. [ 396.930889][T11924] sp0: Synchronizing with TNC [ 396.966086][T11926] netlink: 'syz.3.2247': attribute type 4 has an invalid length. [ 398.050894][T11936] FAULT_INJECTION: forcing a failure. [ 398.050894][T11936] name failslab, interval 1, probability 0, space 0, times 0 [ 398.092881][T11936] CPU: 0 UID: 0 PID: 11936 Comm: syz.2.2248 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 398.092936][T11936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 398.092959][T11936] Call Trace: [ 398.092970][T11936] [ 398.092983][T11936] dump_stack_lvl+0x16c/0x1f0 [ 398.093021][T11936] should_fail_ex+0x512/0x640 [ 398.093072][T11936] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 398.093114][T11936] should_failslab+0xc2/0x120 [ 398.093163][T11936] __kmalloc_cache_noprof+0x6a/0x3e0 [ 398.093197][T11936] ? do_syscall_64+0xcd/0x490 [ 398.093228][T11936] ? preempt_count_add+0x76/0x150 [ 398.093278][T11936] ? mpi_alloc+0x46/0x230 [ 398.093323][T11936] mpi_alloc+0x46/0x230 [ 398.093360][T11936] mpi_read_raw_from_sgl+0x222/0x5b0 [ 398.093401][T11936] ? __pfx_mpi_read_raw_from_sgl+0x10/0x10 [ 398.093451][T11936] ? kasan_save_track+0x14/0x30 [ 398.093501][T11936] ? __kasan_kmalloc+0xaa/0xb0 [ 398.093546][T11936] rsa_enc+0x15d/0x3b0 [ 398.093591][T11936] ? __pfx_rsa_enc+0x10/0x10 [ 398.093632][T11936] ? __virt_addr_valid+0x81/0x610 [ 398.093673][T11936] ? __phys_addr+0xe8/0x180 [ 398.093713][T11936] ? sg_init_one+0xf5/0x1b0 [ 398.093765][T11936] rsassa_pkcs1_verify+0x502/0xb60 [ 398.093829][T11936] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 398.093902][T11936] ? rsa_max_size+0xd/0x70 [ 398.093940][T11936] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 398.093994][T11936] public_key_verify_signature+0x66f/0x970 [ 398.094042][T11936] ? __pfx_public_key_verify_signature+0x10/0x10 [ 398.094116][T11936] x509_check_for_self_signed+0x31a/0x500 [ 398.094168][T11936] x509_cert_parse+0x5f8/0x900 [ 398.094205][T11936] ? kasan_save_stack+0x42/0x60 [ 398.094243][T11936] ? kasan_save_stack+0x33/0x60 [ 398.094281][T11936] ? kasan_save_track+0x14/0x30 [ 398.094324][T11936] pkcs7_extract_cert+0xa4/0x320 [ 398.094377][T11936] asn1_ber_decoder+0xc5f/0x1df0 [ 398.094451][T11936] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 398.094552][T11936] pkcs7_parse_message+0x288/0x720 [ 398.094604][T11936] verify_pkcs7_signature+0x30/0xa0 [ 398.094661][T11936] valid_regdb+0x211/0x590 [ 398.094718][T11936] ? __pfx___mutex_lock+0x10/0x10 [ 398.094756][T11936] ? __pfx_valid_regdb+0x10/0x10 [ 398.094823][T11936] reg_reload_regdb+0x11a/0x460 [ 398.094862][T11936] ? __pfx_reg_reload_regdb+0x10/0x10 [ 398.094903][T11936] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 398.094950][T11936] ? nl80211_pre_doit+0x1b0/0xb10 [ 398.095004][T11936] genl_family_rcv_msg_doit+0x206/0x2f0 [ 398.095051][T11936] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 398.095091][T11936] ? rcu_is_watching+0x12/0xc0 [ 398.095139][T11936] ? bpf_lsm_capable+0x9/0x10 [ 398.095170][T11936] ? security_capable+0x7e/0x260 [ 398.095223][T11936] genl_rcv_msg+0x55c/0x800 [ 398.095269][T11936] ? __pfx_genl_rcv_msg+0x10/0x10 [ 398.095312][T11936] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 398.095358][T11936] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 398.095393][T11936] ? __pfx_nl80211_post_doit+0x10/0x10 [ 398.095457][T11936] netlink_rcv_skb+0x155/0x420 [ 398.095500][T11936] ? __pfx_genl_rcv_msg+0x10/0x10 [ 398.095545][T11936] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 398.095600][T11936] ? netlink_deliver_tap+0x1ae/0xd30 [ 398.095663][T11936] genl_rcv+0x28/0x40 [ 398.095697][T11936] netlink_unicast+0x5aa/0x870 [ 398.095738][T11936] ? __pfx_netlink_unicast+0x10/0x10 [ 398.095774][T11936] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 398.095821][T11936] netlink_sendmsg+0x8d1/0xdd0 [ 398.095864][T11936] ? __pfx_netlink_sendmsg+0x10/0x10 [ 398.095916][T11936] ____sys_sendmsg+0xa98/0xc70 [ 398.095962][T11936] ? copy_msghdr_from_user+0x10a/0x160 [ 398.095996][T11936] ? __pfx_____sys_sendmsg+0x10/0x10 [ 398.096050][T11936] ? __pfx_futex_wake_mark+0x10/0x10 [ 398.096107][T11936] ___sys_sendmsg+0x134/0x1d0 [ 398.096137][T11936] ? futex_private_hash_put+0x176/0x300 [ 398.096179][T11936] ? __pfx____sys_sendmsg+0x10/0x10 [ 398.096209][T11936] ? __lock_acquire+0x622/0x1c90 [ 398.096305][T11936] __sys_sendmsg+0x16d/0x220 [ 398.096340][T11936] ? __pfx___sys_sendmsg+0x10/0x10 [ 398.096372][T11936] ? __x64_sys_futex+0x1e0/0x4c0 [ 398.096440][T11936] do_syscall_64+0xcd/0x490 [ 398.096485][T11936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.096520][T11936] RIP: 0033:0x7fe4c338eb69 [ 398.096547][T11936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.096581][T11936] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 398.096611][T11936] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 398.096632][T11936] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 398.096652][T11936] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 398.096673][T11936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.096695][T11936] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 398.096739][T11936] [ 400.271172][T11956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2258'. [ 400.302884][T11956] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2258'. [ 400.401498][T11960] netlink: 266 bytes leftover after parsing attributes in process `syz.2.2259'. [ 400.434558][T11960] IPv6: NLM_F_CREATE should be specified when creating new route [ 401.224242][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.354092][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.476628][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.687748][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.951653][ T62] bridge_slave_1: left allmulticast mode [ 401.958014][ T62] bridge_slave_1: left promiscuous mode [ 401.983893][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.007226][ T62] bridge_slave_0: left allmulticast mode [ 402.016475][ T62] bridge_slave_0: left promiscuous mode [ 402.023096][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.826354][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 402.855323][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 402.883679][ T62] bond0 (unregistering): Released all slaves [ 403.317929][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 403.326435][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 403.338349][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 403.346831][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 403.384193][ T62] veth1_macvtap: left promiscuous mode [ 403.390370][ T62] veth0_macvtap: left promiscuous mode [ 403.820995][ T62] team0 (unregistering): Port device team_slave_1 removed [ 403.875157][ T62] team0 (unregistering): Port device team_slave_0 removed [ 404.218425][T11964] FAULT_INJECTION: forcing a failure. [ 404.218425][T11964] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 404.262428][T11964] CPU: 1 UID: 0 PID: 11964 Comm: syz.0.2270 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 404.262481][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 404.262501][T11964] Call Trace: [ 404.262512][T11964] [ 404.262524][T11964] dump_stack_lvl+0x16c/0x1f0 [ 404.262562][T11964] should_fail_ex+0x512/0x640 [ 404.262619][T11964] should_fail_alloc_page+0xe7/0x130 [ 404.262669][T11964] prepare_alloc_pages+0x3c2/0x610 [ 404.262731][T11964] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 404.262778][T11964] ? copy_splice_read+0x1a8/0xba0 [ 404.262831][T11964] ? stack_trace_save+0x8e/0xc0 [ 404.262867][T11964] ? __pfx_stack_trace_save+0x10/0x10 [ 404.262903][T11964] ? stack_depot_save_flags+0x28/0xa40 [ 404.262965][T11964] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 404.263007][T11964] ? kasan_save_stack+0x33/0x60 [ 404.263044][T11964] ? __kasan_kmalloc+0xaa/0xb0 [ 404.263093][T11964] ? copy_splice_read+0x1a8/0xba0 [ 404.263142][T11964] ? do_splice_read+0x285/0x370 [ 404.263188][T11964] ? splice_direct_to_actor+0x2a1/0xa30 [ 404.263238][T11964] ? do_splice_direct+0x174/0x240 [ 404.263295][T11964] ? do_sendfile+0xb06/0xe50 [ 404.263323][T11964] ? __x64_sys_sendfile64+0x1d8/0x220 [ 404.263364][T11964] ? do_syscall_64+0xcd/0x490 [ 404.263424][T11964] alloc_pages_bulk_noprof+0x71c/0x1410 [ 404.263479][T11964] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 404.263530][T11964] ? trace_kmalloc+0x2b/0xd0 [ 404.263576][T11964] ? __kmalloc_noprof+0x242/0x510 [ 404.263623][T11964] copy_splice_read+0x1e1/0xba0 [ 404.263677][T11964] ? __pfx_pipe_to_null+0x10/0x10 [ 404.263730][T11964] ? __pfx_copy_splice_read+0x10/0x10 [ 404.263780][T11964] ? pipe_unlock+0x4a/0x70 [ 404.263816][T11964] ? __pfx_splice_from_pipe+0x10/0x10 [ 404.263854][T11964] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 404.263891][T11964] ? __pfx_copy_splice_read+0x10/0x10 [ 404.263939][T11964] do_splice_read+0x285/0x370 [ 404.263992][T11964] splice_direct_to_actor+0x2a1/0xa30 [ 404.264047][T11964] ? __pfx_direct_splice_actor+0x10/0x10 [ 404.264085][T11964] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 404.264152][T11964] do_splice_direct+0x174/0x240 [ 404.264174][T11968] FAULT_INJECTION: forcing a failure. [ 404.264174][T11968] name failslab, interval 1, probability 0, space 0, times 0 [ 404.264205][T11964] ? __pfx_do_splice_direct+0x10/0x10 [ 404.264254][T11964] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 404.264322][T11964] ? bpf_lsm_file_permission+0x9/0x10 [ 404.264381][T11964] ? security_file_permission+0x71/0x210 [ 404.264419][T11964] ? rw_verify_area+0xcf/0x680 [ 404.264480][T11964] do_sendfile+0xb06/0xe50 [ 404.264525][T11964] ? __pfx_do_sendfile+0x10/0x10 [ 404.264569][T11964] ? __x64_sys_futex+0x1e0/0x4c0 [ 404.264613][T11964] ? __x64_sys_futex+0x1e9/0x4c0 [ 404.264664][T11964] __x64_sys_sendfile64+0x1d8/0x220 [ 404.264712][T11964] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 404.264772][T11964] do_syscall_64+0xcd/0x490 [ 404.264812][T11964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.264849][T11964] RIP: 0033:0x7f09e5f8eb69 [ 404.264880][T11964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.264916][T11964] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 404.264949][T11964] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 404.264974][T11964] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 404.264997][T11964] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 404.265018][T11964] R10: 0010000800000003 R11: 0000000000000246 R12: 0000000000000000 [ 404.265040][T11964] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 404.265085][T11964] [ 404.674142][T11968] CPU: 0 UID: 0 PID: 11968 Comm: syz.2.2263 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 404.674190][T11968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 404.674210][T11968] Call Trace: [ 404.674220][T11968] [ 404.674233][T11968] dump_stack_lvl+0x16c/0x1f0 [ 404.674270][T11968] should_fail_ex+0x512/0x640 [ 404.674319][T11968] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 404.674367][T11968] should_failslab+0xc2/0x120 [ 404.674414][T11968] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 404.674455][T11968] ? shmem_alloc_inode+0x25/0x50 [ 404.674507][T11968] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 404.674552][T11968] shmem_alloc_inode+0x25/0x50 [ 404.674595][T11968] alloc_inode+0x61/0x240 [ 404.674641][T11968] new_inode+0x22/0x1c0 [ 404.674684][T11968] ? alloc_fd+0x471/0x7d0 [ 404.674717][T11968] shmem_get_inode+0x19a/0xfb0 [ 404.674779][T11968] __shmem_file_setup+0x107/0x330 [ 404.674817][T11968] __do_sys_memfd_create+0x267/0x8a0 [ 404.674874][T11968] do_syscall_64+0xcd/0x490 [ 404.674910][T11968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.674945][T11968] RIP: 0033:0x7fe4c338eb69 [ 404.674971][T11968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.675013][T11968] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 404.675045][T11968] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 404.675067][T11968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 404.675088][T11968] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 404.675109][T11968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.675129][T11968] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 404.675171][T11968] [ 405.295203][T11974] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2267'. [ 405.408583][T11976] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2268'. [ 405.470690][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 405.500300][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 405.515599][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 405.526061][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 405.554089][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 405.694312][T11967] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 405.743087][T11967] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 405.796733][T11967] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 406.168064][T11987] vhci_hcd: default hub control req: 0010 v0000 i0000 l0 [ 406.681503][ T30] audit: type=1800 audit(1753969323.287:15): pid=12000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2276" name="dbroot" dev="configfs" ino=36689 res=0 errno=0 [ 406.976424][T12006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2278'. [ 407.019782][T11977] chnl_net:caif_netlink_parms(): no params data found [ 407.065560][T12006] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2278'. [ 407.177967][T12011] FAULT_INJECTION: forcing a failure. [ 407.177967][T12011] name failslab, interval 1, probability 0, space 0, times 0 [ 407.276575][T12011] CPU: 1 UID: 0 PID: 12011 Comm: syz.0.2280 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 407.276624][T12011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 407.276645][T12011] Call Trace: [ 407.276657][T12011] [ 407.276670][T12011] dump_stack_lvl+0x16c/0x1f0 [ 407.276709][T12011] should_fail_ex+0x512/0x640 [ 407.276762][T12011] ? fs_reclaim_acquire+0xae/0x150 [ 407.276821][T12011] ? tomoyo_encode2+0x100/0x3e0 [ 407.276854][T12011] should_failslab+0xc2/0x120 [ 407.276901][T12011] __kmalloc_noprof+0xd2/0x510 [ 407.276954][T12011] tomoyo_encode2+0x100/0x3e0 [ 407.276997][T12011] tomoyo_encode+0x29/0x50 [ 407.277032][T12011] tomoyo_realpath_from_path+0x18f/0x6e0 [ 407.277090][T12011] tomoyo_check_open_permission+0x2ab/0x3c0 [ 407.277149][T12011] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 407.277251][T12011] ? find_held_lock+0x2b/0x80 [ 407.277295][T12011] tomoyo_file_open+0x6b/0x90 [ 407.277342][T12011] security_file_open+0x84/0x1e0 [ 407.277378][T12011] do_dentry_open+0x596/0x1c10 [ 407.277442][T12011] vfs_open+0x82/0x3f0 [ 407.277493][T12011] path_openat+0x1de4/0x2cb0 [ 407.277544][T12011] ? __pfx_path_openat+0x10/0x10 [ 407.277583][T12011] ? __lock_acquire+0xb8a/0x1c90 [ 407.277639][T12011] do_filp_open+0x20b/0x470 [ 407.277676][T12011] ? __pfx_do_filp_open+0x10/0x10 [ 407.277743][T12011] ? alloc_fd+0x471/0x7d0 [ 407.277788][T12011] do_sys_openat2+0x11b/0x1d0 [ 407.277836][T12011] ? __pfx_do_sys_openat2+0x10/0x10 [ 407.277879][T12011] ? __sock_release+0x20b/0x270 [ 407.277927][T12011] __x64_sys_openat+0x174/0x210 [ 407.277974][T12011] ? __pfx___x64_sys_openat+0x10/0x10 [ 407.278036][T12011] do_syscall_64+0xcd/0x490 [ 407.278070][T12011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.278108][T12011] RIP: 0033:0x7f09e5f8eb69 [ 407.278133][T12011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.278164][T12011] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 407.278195][T12011] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 407.278216][T12011] RDX: 0000000000000002 RSI: 0000200000001680 RDI: ffffffffffffff9c [ 407.278236][T12011] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 407.278255][T12011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.278274][T12011] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 407.278316][T12011] [ 407.373966][T12011] ERROR: Out of memory at tomoyo_realpath_from_path. [ 407.559248][T12009] netlink: 110 bytes leftover after parsing attributes in process `syz.2.2279'. [ 407.644180][ T5846] Bluetooth: hci3: command tx timeout [ 407.678436][T11977] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.724138][T11977] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.762379][T11977] bridge_slave_0: entered allmulticast mode [ 407.816047][T11977] bridge_slave_0: entered promiscuous mode [ 407.849471][T11977] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.875758][T11977] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.883078][T11977] bridge_slave_1: entered allmulticast mode [ 407.926974][T11977] bridge_slave_1: entered promiscuous mode [ 408.226272][T11977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.268279][T11977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.476065][T11977] team0: Port device team_slave_0 added [ 408.492319][T11977] team0: Port device team_slave_1 added [ 408.772565][T11977] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 408.790193][T11977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.879194][T11977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 408.916874][T11977] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 408.941482][T11977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.999961][T12039] i2c i2c-0: Invalid 7-bit I2C address 0x00 [ 409.032225][T11977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 409.563721][T11977] hsr_slave_0: entered promiscuous mode [ 409.609281][T11977] hsr_slave_1: entered promiscuous mode [ 409.635867][T11977] debugfs: 'hsr0' already exists in 'hsr' [ 409.641791][T11977] Cannot create hsr debugfs directory [ 409.725153][ T5846] Bluetooth: hci3: command tx timeout [ 410.729526][T12065] FAULT_INJECTION: forcing a failure. [ 410.729526][T12065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.772638][T12065] CPU: 1 UID: 0 PID: 12065 Comm: syz.0.2296 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 410.772690][T12065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 410.772711][T12065] Call Trace: [ 410.772723][T12065] [ 410.772735][T12065] dump_stack_lvl+0x16c/0x1f0 [ 410.772775][T12065] should_fail_ex+0x512/0x640 [ 410.772831][T12065] _copy_from_iter+0x463/0x16f0 [ 410.772875][T12065] ? __pfx__copy_from_iter+0x10/0x10 [ 410.772905][T12065] ? do_raw_spin_lock+0x12c/0x2b0 [ 410.772966][T12065] ? find_held_lock+0x2b/0x80 [ 410.773001][T12065] ? rcu_is_watching+0x12/0xc0 [ 410.773033][T12065] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 410.773092][T12065] write_pool_user+0xe8/0x2f0 [ 410.773151][T12065] ? __pfx_write_pool_user+0x10/0x10 [ 410.773215][T12065] ? __futex_wait+0x24c/0x2f0 [ 410.773265][T12065] ? copy_iovec_from_user+0x131/0x170 [ 410.773302][T12065] do_iter_readv_writev+0x654/0x950 [ 410.773338][T12065] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 410.773379][T12065] ? bpf_lsm_file_permission+0x9/0x10 [ 410.773428][T12065] ? security_file_permission+0x71/0x210 [ 410.773465][T12065] ? rw_verify_area+0xcf/0x680 [ 410.773535][T12065] vfs_writev+0x35f/0xde0 [ 410.773577][T12065] ? __pfx_vfs_writev+0x10/0x10 [ 410.773611][T12065] ? kmem_cache_free+0x2d1/0x4d0 [ 410.773674][T12065] ? __fget_files+0x20e/0x3c0 [ 410.773717][T12065] ? do_writev+0x132/0x340 [ 410.773745][T12065] do_writev+0x132/0x340 [ 410.773776][T12065] ? __pfx_do_writev+0x10/0x10 [ 410.773820][T12065] do_syscall_64+0xcd/0x490 [ 410.773855][T12065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.773889][T12065] RIP: 0033:0x7f09e5f8eb69 [ 410.773919][T12065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.773953][T12065] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 410.773984][T12065] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 410.774006][T12065] RDX: 0000000000000003 RSI: 00002000000003c0 RDI: 0000000000000005 [ 410.774027][T12065] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 410.774047][T12065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.774066][T12065] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 410.774108][T12065] [ 411.007958][ C1] vkms_vblank_simulate: vblank timer overrun [ 411.337292][T12068] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2298'. [ 411.806215][ T5846] Bluetooth: hci3: command tx timeout [ 412.170054][T11977] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 412.267656][T11977] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 412.361651][T11977] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 412.435723][T11977] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 412.812593][T11977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.886690][T11977] 8021q: adding VLAN 0 to HW filter on device team0 [ 412.987214][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.994421][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 413.028953][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.036151][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 413.238178][T12096] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2305'. [ 413.887265][ T5846] Bluetooth: hci3: command tx timeout [ 413.956260][T11977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 414.117208][T11977] veth0_vlan: entered promiscuous mode [ 414.172162][T11977] veth1_vlan: entered promiscuous mode [ 414.292712][T11977] veth0_macvtap: entered promiscuous mode [ 414.353595][T11977] veth1_macvtap: entered promiscuous mode [ 414.421625][T11977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 414.443721][T11977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 414.577570][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.586665][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.681694][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.823611][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.022719][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.117904][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.206935][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.233470][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.011721][ T30] audit: type=1800 audit(1753969332.623:16): pid=12129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2315" name="dbroot" dev="configfs" ino=38386 res=0 errno=0 [ 416.733255][T12144] FAULT_INJECTION: forcing a failure. [ 416.733255][T12144] name failslab, interval 1, probability 0, space 0, times 0 [ 416.778711][T12144] CPU: 1 UID: 0 PID: 12144 Comm: syz.0.2320 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 416.778759][T12144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 416.778781][T12144] Call Trace: [ 416.778791][T12144] [ 416.778803][T12144] dump_stack_lvl+0x16c/0x1f0 [ 416.778841][T12144] should_fail_ex+0x512/0x640 [ 416.778890][T12144] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 416.778932][T12144] should_failslab+0xc2/0x120 [ 416.778978][T12144] __kmalloc_cache_noprof+0x6a/0x3e0 [ 416.779013][T12144] ? __genradix_ptr_alloc+0x340/0x5f0 [ 416.779048][T12144] ? sctp_auth_shkey_create+0x9e/0x210 [ 416.779109][T12144] sctp_auth_shkey_create+0x9e/0x210 [ 416.779166][T12144] sctp_auth_asoc_copy_shkeys+0x1f2/0x360 [ 416.779228][T12144] sctp_association_new+0x19ad/0x2a00 [ 416.779277][T12144] sctp_connect_new_asoc+0x1a8/0x770 [ 416.779328][T12144] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 416.779372][T12144] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 416.779435][T12144] __sctp_connect+0x3f3/0xc60 [ 416.779479][T12144] ? do_raw_spin_lock+0x12c/0x2b0 [ 416.779532][T12144] ? __pfx___sctp_connect+0x10/0x10 [ 416.779573][T12144] ? __pfx_sctp_inet_connect+0x10/0x10 [ 416.779613][T12144] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 416.779669][T12144] ? __pfx_sctp_inet_connect+0x10/0x10 [ 416.779704][T12144] sctp_inet_connect+0x15f/0x200 [ 416.779745][T12144] __sys_connect_file+0x141/0x1a0 [ 416.779800][T12144] __sys_connect+0x13b/0x160 [ 416.779849][T12144] ? __pfx___sys_connect+0x10/0x10 [ 416.779914][T12144] ? xfd_validate_state+0x61/0x180 [ 416.779962][T12144] ? __pfx_do_writev+0x10/0x10 [ 416.780004][T12144] __x64_sys_connect+0x72/0xb0 [ 416.780052][T12144] ? lockdep_hardirqs_on+0x7c/0x110 [ 416.780107][T12144] do_syscall_64+0xcd/0x490 [ 416.780144][T12144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.780177][T12144] RIP: 0033:0x7f09e5f8eb69 [ 416.780201][T12144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.780234][T12144] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 416.780265][T12144] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 416.780288][T12144] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 416.780319][T12144] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 416.780340][T12144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.780361][T12144] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 416.780405][T12144] [ 417.042647][ C1] vkms_vblank_simulate: vblank timer overrun [ 417.054362][T12146] syz.3.2321 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 417.371833][T12150] netlink: 'syz.0.2322': attribute type 20 has an invalid length. [ 417.380733][T12150] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2322'. [ 417.389965][T12150] IPv6: NLM_F_CREATE should be specified when creating new route [ 417.515741][T12154] FAULT_INJECTION: forcing a failure. [ 417.515741][T12154] name failslab, interval 1, probability 0, space 0, times 0 [ 417.559051][T12154] CPU: 0 UID: 0 PID: 12154 Comm: syz.3.2323 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 417.559099][T12154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 417.559124][T12154] Call Trace: [ 417.559136][T12154] [ 417.559149][T12154] dump_stack_lvl+0x16c/0x1f0 [ 417.559195][T12154] should_fail_ex+0x512/0x640 [ 417.559244][T12154] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 417.559300][T12154] should_failslab+0xc2/0x120 [ 417.559346][T12154] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 417.559403][T12154] ? __kthread_create_on_node+0x186/0x3f0 [ 417.559461][T12154] kvasprintf+0xbc/0x160 [ 417.559511][T12154] ? __pfx_kvasprintf+0x10/0x10 [ 417.559562][T12154] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 417.559596][T12154] __kthread_create_on_node+0x186/0x3f0 [ 417.559638][T12154] ? __pfx___mutex_trylock_common+0x10/0x10 [ 417.559691][T12154] ? __pfx___kthread_create_on_node+0x10/0x10 [ 417.559742][T12154] ? xen_error_entry+0x30/0x60 [ 417.559789][T12154] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 417.559825][T12154] kthread_create_on_node+0xc7/0x100 [ 417.559869][T12154] ? __pfx_kthread_create_on_node+0x10/0x10 [ 417.559924][T12154] ? mark_held_locks+0x49/0x80 [ 417.559965][T12154] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 417.560018][T12154] ? lockdep_hardirqs_on+0x7c/0x110 [ 417.560080][T12154] dvb_frontend_open+0xf47/0x1730 [ 417.560124][T12154] ? __pfx_dvb_frontend_open+0x10/0x10 [ 417.560160][T12154] dvb_device_open+0x270/0x3b0 [ 417.560203][T12154] ? __pfx_dvb_device_open+0x10/0x10 [ 417.560238][T12154] chrdev_open+0x234/0x6a0 [ 417.560278][T12154] ? __pfx_apparmor_file_open+0x10/0x10 [ 417.560311][T12154] ? __pfx_chrdev_open+0x10/0x10 [ 417.560355][T12154] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 417.560399][T12154] do_dentry_open+0x744/0x1c10 [ 417.560439][T12154] ? __pfx_chrdev_open+0x10/0x10 [ 417.560490][T12154] vfs_open+0x82/0x3f0 [ 417.560542][T12154] path_openat+0x1de4/0x2cb0 [ 417.560598][T12154] ? __pfx_path_openat+0x10/0x10 [ 417.560642][T12154] ? __lock_acquire+0xb8a/0x1c90 [ 417.560690][T12154] do_filp_open+0x20b/0x470 [ 417.560733][T12154] ? __pfx_do_filp_open+0x10/0x10 [ 417.560803][T12154] ? alloc_fd+0x471/0x7d0 [ 417.560853][T12154] do_sys_openat2+0x11b/0x1d0 [ 417.560901][T12154] ? __pfx_do_sys_openat2+0x10/0x10 [ 417.560966][T12154] __x64_sys_openat+0x174/0x210 [ 417.561018][T12154] ? __pfx___x64_sys_openat+0x10/0x10 [ 417.561085][T12154] do_syscall_64+0xcd/0x490 [ 417.561122][T12154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.561156][T12154] RIP: 0033:0x7fc53e18eb69 [ 417.561196][T12154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.561230][T12154] RSP: 002b:00007fc53efad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 417.561262][T12154] RAX: ffffffffffffffda RBX: 00007fc53e3b5fa0 RCX: 00007fc53e18eb69 [ 417.561285][T12154] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 417.561307][T12154] RBP: 00007fc53e211df1 R08: 0000000000000000 R09: 0000000000000000 [ 417.561327][T12154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.561347][T12154] R13: 0000000000000000 R14: 00007fc53e3b5fa0 R15: 00007ffef9f5f988 [ 417.561391][T12154] [ 417.562285][T12154] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 418.043567][ T30] audit: type=1800 audit(1753969334.652:17): pid=12156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2325" name="dbroot" dev="configfs" ino=38439 res=0 errno=0 [ 419.337575][T12178] FAULT_INJECTION: forcing a failure. [ 419.337575][T12178] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 419.391965][T12178] CPU: 0 UID: 0 PID: 12178 Comm: syz.0.2335 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 419.392014][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 419.392036][T12178] Call Trace: [ 419.392047][T12178] [ 419.392059][T12178] dump_stack_lvl+0x16c/0x1f0 [ 419.392099][T12178] should_fail_ex+0x512/0x640 [ 419.392169][T12178] should_fail_alloc_page+0xe7/0x130 [ 419.392220][T12178] prepare_alloc_pages+0x3c2/0x610 [ 419.392278][T12178] ? rcu_is_watching+0x12/0xc0 [ 419.392319][T12178] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 419.392368][T12178] ? __lock_acquire+0xb8a/0x1c90 [ 419.392429][T12178] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 419.392473][T12178] ? do_raw_spin_lock+0x12c/0x2b0 [ 419.392525][T12178] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 419.392578][T12178] ? find_held_lock+0x2b/0x80 [ 419.392624][T12178] ? __lock_acquire+0xb8a/0x1c90 [ 419.392666][T12178] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 419.392721][T12178] ? policy_nodemask+0xea/0x4e0 [ 419.392771][T12178] alloc_pages_mpol+0x1fb/0x550 [ 419.392820][T12178] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 419.392882][T12178] folio_alloc_mpol_noprof+0x36/0x2f0 [ 419.392940][T12178] shmem_alloc_folio+0x135/0x160 [ 419.392998][T12178] shmem_alloc_and_add_folio+0x499/0xc20 [ 419.393047][T12178] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 419.393093][T12178] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 419.393151][T12178] shmem_get_folio_gfp+0x67f/0x1600 [ 419.393202][T12178] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 419.393243][T12178] ? __sanitizer_cov_trace_pc+0x56/0x70 [ 419.393294][T12178] ? __pfx___might_resched+0x10/0x10 [ 419.393336][T12178] shmem_fallocate+0x795/0xf50 [ 419.393395][T12178] ? __pfx_shmem_fallocate+0x10/0x10 [ 419.393436][T12178] ? aa_file_perm+0x495/0xf70 [ 419.393484][T12178] ? __lock_acquire+0xb8a/0x1c90 [ 419.393533][T12178] ? __lock_acquire+0x622/0x1c90 [ 419.393602][T12178] ? __pfx_shmem_fallocate+0x10/0x10 [ 419.393645][T12178] vfs_fallocate+0x592/0x10c0 [ 419.393689][T12178] ? __pfx_vfs_fallocate+0x10/0x10 [ 419.393741][T12178] __x64_sys_fallocate+0xd5/0x150 [ 419.393788][T12178] do_syscall_64+0xcd/0x490 [ 419.393825][T12178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.393860][T12178] RIP: 0033:0x7f09e5f8eb69 [ 419.393887][T12178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.393922][T12178] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 419.393955][T12178] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 419.393978][T12178] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 419.394000][T12178] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 419.394021][T12178] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 419.394042][T12178] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 419.394086][T12178] [ 420.191988][T12188] FAULT_INJECTION: forcing a failure. [ 420.191988][T12188] name failslab, interval 1, probability 0, space 0, times 0 [ 420.316668][T12188] CPU: 0 UID: 0 PID: 12188 Comm: syz.2.2337 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 420.316717][T12188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 420.316738][T12188] Call Trace: [ 420.316749][T12188] [ 420.316761][T12188] dump_stack_lvl+0x16c/0x1f0 [ 420.316800][T12188] should_fail_ex+0x512/0x640 [ 420.316851][T12188] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 420.316905][T12188] should_failslab+0xc2/0x120 [ 420.316953][T12188] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 420.317012][T12188] ? __kthread_create_on_node+0x186/0x3f0 [ 420.317066][T12188] kvasprintf+0xbc/0x160 [ 420.317102][T12188] ? __pfx_kvasprintf+0x10/0x10 [ 420.317154][T12188] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 420.317187][T12188] __kthread_create_on_node+0x186/0x3f0 [ 420.317233][T12188] ? __pfx___mutex_trylock_common+0x10/0x10 [ 420.317278][T12188] ? __pfx___kthread_create_on_node+0x10/0x10 [ 420.317332][T12188] ? xen_error_entry+0x30/0x60 [ 420.317376][T12188] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 420.317412][T12188] kthread_create_on_node+0xc7/0x100 [ 420.317458][T12188] ? __pfx_kthread_create_on_node+0x10/0x10 [ 420.317512][T12188] ? mark_held_locks+0x49/0x80 [ 420.317555][T12188] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 420.317607][T12188] ? lockdep_hardirqs_on+0x7c/0x110 [ 420.317669][T12188] dvb_frontend_open+0xf47/0x1730 [ 420.317720][T12188] ? __pfx_dvb_frontend_open+0x10/0x10 [ 420.317755][T12188] dvb_device_open+0x270/0x3b0 [ 420.317792][T12188] ? __pfx_dvb_device_open+0x10/0x10 [ 420.317826][T12188] chrdev_open+0x234/0x6a0 [ 420.317866][T12188] ? __pfx_apparmor_file_open+0x10/0x10 [ 420.317899][T12188] ? __pfx_chrdev_open+0x10/0x10 [ 420.317944][T12188] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 420.317997][T12188] do_dentry_open+0x744/0x1c10 [ 420.318038][T12188] ? __pfx_chrdev_open+0x10/0x10 [ 420.318088][T12188] vfs_open+0x82/0x3f0 [ 420.318141][T12188] path_openat+0x1de4/0x2cb0 [ 420.318194][T12188] ? __pfx_path_openat+0x10/0x10 [ 420.318234][T12188] ? __lock_acquire+0xb8a/0x1c90 [ 420.318284][T12188] do_filp_open+0x20b/0x470 [ 420.318321][T12188] ? __pfx_do_filp_open+0x10/0x10 [ 420.318392][T12188] ? alloc_fd+0x471/0x7d0 [ 420.318436][T12188] do_sys_openat2+0x11b/0x1d0 [ 420.318485][T12188] ? __pfx_do_sys_openat2+0x10/0x10 [ 420.318553][T12188] __x64_sys_openat+0x174/0x210 [ 420.318605][T12188] ? __pfx___x64_sys_openat+0x10/0x10 [ 420.318675][T12188] do_syscall_64+0xcd/0x490 [ 420.318712][T12188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.318746][T12188] RIP: 0033:0x7fe4c338eb69 [ 420.318773][T12188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.318808][T12188] RSP: 002b:00007fe4c422d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 420.318841][T12188] RAX: ffffffffffffffda RBX: 00007fe4c35b5fa0 RCX: 00007fe4c338eb69 [ 420.318864][T12188] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 420.318885][T12188] RBP: 00007fe4c3411df1 R08: 0000000000000000 R09: 0000000000000000 [ 420.318907][T12188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.318928][T12188] R13: 0000000000000000 R14: 00007fe4c35b5fa0 R15: 00007ffe1b8561e8 [ 420.318981][T12188] [ 420.706595][T12188] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 421.180459][T12205] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2344'. [ 421.923921][T12222] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2352'. [ 423.530918][T12253] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2365'. [ 423.797502][T12260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2368'. [ 423.819227][T12262] 0x000200000001-0xa29656a63616329 : "" [ 423.850883][T12262] mtd: partition "" is out of reach -- disabled [ 423.898115][T12259] FAULT_INJECTION: forcing a failure. [ 423.898115][T12259] name failslab, interval 1, probability 0, space 0, times 0 [ 423.912359][T12262] ftl_cs: FTL header not found. [ 423.972540][T12259] CPU: 1 UID: 0 PID: 12259 Comm: syz.3.2366 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 423.972589][T12259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 423.972610][T12259] Call Trace: [ 423.972620][T12259] [ 423.972633][T12259] dump_stack_lvl+0x16c/0x1f0 [ 423.972669][T12259] should_fail_ex+0x512/0x640 [ 423.972718][T12259] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 423.972763][T12259] should_failslab+0xc2/0x120 [ 423.972809][T12259] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 423.972862][T12259] ? __kernfs_new_node+0xd2/0x8e0 [ 423.972908][T12259] __kernfs_new_node+0xd2/0x8e0 [ 423.972951][T12259] ? __pfx___kernfs_new_node+0x10/0x10 [ 423.973001][T12259] ? find_held_lock+0x2b/0x80 [ 423.973033][T12259] ? kernfs_root+0xee/0x2a0 [ 423.973077][T12259] kernfs_new_node+0x13c/0x1e0 [ 423.973129][T12259] __kernfs_create_file+0x53/0x350 [ 423.973185][T12259] sysfs_add_file_mode_ns+0x207/0x3c0 [ 423.973231][T12259] internal_create_group+0x578/0xf30 [ 423.973281][T12259] ? __pfx_internal_create_group+0x10/0x10 [ 423.973328][T12259] ? kernfs_create_link+0x1bd/0x240 [ 423.973388][T12259] internal_create_groups+0x9d/0x150 [ 423.973432][T12259] device_add+0x77f/0x1a70 [ 423.973485][T12259] ? __pfx_device_add+0x10/0x10 [ 423.973534][T12259] ? lockdep_init_map_type+0x5c/0x280 [ 423.973584][T12259] ? __init_waitqueue_head+0xca/0x150 [ 423.973644][T12259] netdev_register_kobject+0x1a9/0x3d0 [ 423.973690][T12259] register_netdevice+0x13dc/0x2270 [ 423.973737][T12259] ? __pfx_register_netdevice+0x10/0x10 [ 423.973786][T12259] ppp_dev_configure+0xa1e/0xd40 [ 423.973844][T12259] ppp_ioctl+0x17e0/0x2660 [ 423.973889][T12259] ? find_held_lock+0x2b/0x80 [ 423.973918][T12259] ? __pfx_ppp_ioctl+0x10/0x10 [ 423.973968][T12259] ? __fget_files+0x20e/0x3c0 [ 423.974006][T12259] ? __pfx_ppp_ioctl+0x10/0x10 [ 423.974050][T12259] __x64_sys_ioctl+0x18e/0x210 [ 423.974104][T12259] do_syscall_64+0xcd/0x490 [ 423.974140][T12259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.974173][T12259] RIP: 0033:0x7fc53e18eb69 [ 423.974199][T12259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.974232][T12259] RSP: 002b:00007fc53efad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 423.974263][T12259] RAX: ffffffffffffffda RBX: 00007fc53e3b5fa0 RCX: 00007fc53e18eb69 [ 423.974285][T12259] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000005 [ 423.974304][T12259] RBP: 00007fc53e211df1 R08: 0000000000000000 R09: 0000000000000000 [ 423.974325][T12259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.974344][T12259] R13: 0000000000000000 R14: 00007fc53e3b5fa0 R15: 00007ffef9f5f988 [ 423.974387][T12259] [ 424.252213][ C1] vkms_vblank_simulate: vblank timer overrun [ 425.219287][T12275] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2373'. [ 425.298333][T12275] Process accounting resumed [ 426.305536][T12297] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2384'. [ 426.975087][T12314] netlink: 'syz.0.2389': attribute type 5 has an invalid length. [ 426.982892][T12314] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2389'. [ 427.255462][T12310] size and base must be multiples of 4 kiB [ 427.324202][T12310] CPU: 0 UID: 0 PID: 12310 Comm: syz.1.2388 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 427.324251][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 427.324270][T12310] Call Trace: [ 427.324281][T12310] [ 427.324293][T12310] dump_stack_lvl+0x16c/0x1f0 [ 427.324329][T12310] mtrr_add+0xdf/0x110 [ 427.324378][T12310] mtrr_ioctl+0x7ef/0xcf0 [ 427.324427][T12310] ? __pfx_mtrr_ioctl+0x10/0x10 [ 427.324483][T12310] ? find_held_lock+0x2b/0x80 [ 427.324535][T12310] ? __fget_files+0x20e/0x3c0 [ 427.324571][T12310] ? __pfx_mtrr_ioctl+0x10/0x10 [ 427.324619][T12310] proc_reg_unlocked_ioctl+0x226/0x320 [ 427.324662][T12310] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 427.324709][T12310] __x64_sys_ioctl+0x18e/0x210 [ 427.324763][T12310] do_syscall_64+0xcd/0x490 [ 427.324800][T12310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.324833][T12310] RIP: 0033:0x7f699718eb69 [ 427.324859][T12310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.324892][T12310] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 427.324923][T12310] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 427.324945][T12310] RDX: 0000000000000005 RSI: 00000000400c4d01 RDI: 0000000000000005 [ 427.324967][T12310] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 427.324987][T12310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.325007][T12310] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 427.325050][T12310] [ 428.446750][T12323] FAULT_INJECTION: forcing a failure. [ 428.446750][T12323] name failslab, interval 1, probability 0, space 0, times 0 [ 428.474433][T12323] CPU: 1 UID: 0 PID: 12323 Comm: syz.1.2392 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 428.474482][T12323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 428.474502][T12323] Call Trace: [ 428.474513][T12323] [ 428.474525][T12323] dump_stack_lvl+0x16c/0x1f0 [ 428.474563][T12323] should_fail_ex+0x512/0x640 [ 428.474613][T12323] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 428.474662][T12323] should_failslab+0xc2/0x120 [ 428.474709][T12323] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 428.474754][T12323] ? sock_alloc_inode+0x25/0x1c0 [ 428.474809][T12323] ? __pfx_sock_alloc_inode+0x10/0x10 [ 428.474848][T12323] sock_alloc_inode+0x25/0x1c0 [ 428.474889][T12323] alloc_inode+0x61/0x240 [ 428.474936][T12323] sock_alloc+0x40/0x280 [ 428.474973][T12323] __sock_create+0xc1/0x8d0 [ 428.475023][T12323] __sys_socketpair+0x25c/0x5a0 [ 428.475074][T12323] ? __pfx___sys_socketpair+0x10/0x10 [ 428.475120][T12323] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 428.475170][T12323] ? xfd_validate_state+0x61/0x180 [ 428.475228][T12323] __x64_sys_socketpair+0x96/0x100 [ 428.475276][T12323] ? lockdep_hardirqs_on+0x7c/0x110 [ 428.475331][T12323] do_syscall_64+0xcd/0x490 [ 428.475368][T12323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.475402][T12323] RIP: 0033:0x7f699718eb69 [ 428.475429][T12323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.475462][T12323] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 428.475494][T12323] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 428.475517][T12323] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 428.475538][T12323] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 428.475558][T12323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.475579][T12323] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 428.475621][T12323] [ 428.475637][T12323] socket: no more sockets [ 429.011650][T12327] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2394'. [ 429.089792][T12327] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.230064][T12327] bridge_slave_1 (unregistering): left allmulticast mode [ 429.241474][T12327] bridge_slave_1 (unregistering): left promiscuous mode [ 429.249038][T12327] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.686459][T12349] FAULT_INJECTION: forcing a failure. [ 430.686459][T12349] name failslab, interval 1, probability 0, space 0, times 0 [ 430.712144][T12349] CPU: 1 UID: 0 PID: 12349 Comm: syz.1.2403 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 430.712195][T12349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 430.712216][T12349] Call Trace: [ 430.712226][T12349] [ 430.712239][T12349] dump_stack_lvl+0x16c/0x1f0 [ 430.712277][T12349] should_fail_ex+0x512/0x640 [ 430.712327][T12349] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 430.712386][T12349] should_failslab+0xc2/0x120 [ 430.712434][T12349] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 430.712478][T12349] ? __d_alloc+0x32/0xae0 [ 430.712522][T12349] __d_alloc+0x32/0xae0 [ 430.712566][T12349] d_alloc_pseudo+0x1c/0xc0 [ 430.712615][T12349] alloc_file_pseudo+0xcf/0x230 [ 430.712666][T12349] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 430.712716][T12349] ? security_inode_init_security_anon+0x79/0x240 [ 430.712778][T12349] secretmem_file_create.constprop.0+0x89/0x290 [ 430.712829][T12349] __x64_sys_memfd_secret+0xc1/0x150 [ 430.712873][T12349] do_syscall_64+0xcd/0x490 [ 430.712909][T12349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.712943][T12349] RIP: 0033:0x7f699718eb69 [ 430.712970][T12349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.713004][T12349] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 430.713037][T12349] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 430.713060][T12349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 430.713081][T12349] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 430.713101][T12349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 430.713121][T12349] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 430.713163][T12349] [ 431.396420][T12359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2406'. [ 431.536996][T12360] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2406'. [ 431.607973][T12357] FAULT_INJECTION: forcing a failure. [ 431.607973][T12357] name failslab, interval 1, probability 0, space 0, times 0 [ 431.660111][T12357] CPU: 1 UID: 0 PID: 12357 Comm: syz.1.2407 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 431.660163][T12357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 431.660184][T12357] Call Trace: [ 431.660195][T12357] [ 431.660207][T12357] dump_stack_lvl+0x16c/0x1f0 [ 431.660247][T12357] should_fail_ex+0x512/0x640 [ 431.660298][T12357] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 431.660343][T12357] should_failslab+0xc2/0x120 [ 431.660391][T12357] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 431.660431][T12357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.660468][T12357] ? fuse_request_alloc+0x22/0x200 [ 431.660530][T12357] fuse_request_alloc+0x22/0x200 [ 431.660582][T12357] fuse_get_req+0x748/0xfd0 [ 431.660644][T12357] ? __pfx_fuse_get_req+0x10/0x10 [ 431.660718][T12357] fuse_simple_background+0x464/0x5f0 [ 431.660771][T12357] ? kasan_save_track+0x14/0x30 [ 431.660816][T12357] cuse_channel_open+0x561/0x7f0 [ 431.660853][T12357] ? __pfx_cuse_channel_open+0x10/0x10 [ 431.660894][T12357] misc_open+0x35d/0x420 [ 431.660934][T12357] ? __pfx_misc_open+0x10/0x10 [ 431.660971][T12357] chrdev_open+0x234/0x6a0 [ 431.661012][T12357] ? __pfx_apparmor_file_open+0x10/0x10 [ 431.661043][T12357] ? __pfx_chrdev_open+0x10/0x10 [ 431.661079][T12357] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 431.661115][T12357] do_dentry_open+0x744/0x1c10 [ 431.661151][T12357] ? __pfx_chrdev_open+0x10/0x10 [ 431.661191][T12357] vfs_open+0x82/0x3f0 [ 431.661233][T12357] path_openat+0x1de4/0x2cb0 [ 431.661275][T12357] ? __pfx_path_openat+0x10/0x10 [ 431.661307][T12357] ? __lock_acquire+0xb8a/0x1c90 [ 431.661347][T12357] do_filp_open+0x20b/0x470 [ 431.661377][T12357] ? __pfx_do_filp_open+0x10/0x10 [ 431.661431][T12357] ? alloc_fd+0x471/0x7d0 [ 431.661466][T12357] do_sys_openat2+0x11b/0x1d0 [ 431.661506][T12357] ? __pfx_do_sys_openat2+0x10/0x10 [ 431.661566][T12357] __x64_sys_openat+0x174/0x210 [ 431.661606][T12357] ? __pfx___x64_sys_openat+0x10/0x10 [ 431.661661][T12357] do_syscall_64+0xcd/0x490 [ 431.661691][T12357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.661720][T12357] RIP: 0033:0x7f699718eb69 [ 431.661741][T12357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.661769][T12357] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 431.661795][T12357] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 431.661814][T12357] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 431.661831][T12357] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 431.661849][T12357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.661865][T12357] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 431.661900][T12357] [ 433.493695][T12380] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2413'. [ 433.536433][T12382] FAULT_INJECTION: forcing a failure. [ 433.536433][T12382] name failslab, interval 1, probability 0, space 0, times 0 [ 433.587042][T12382] CPU: 1 UID: 0 PID: 12382 Comm: syz.1.2414 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 433.587085][T12382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 433.587106][T12382] Call Trace: [ 433.587116][T12382] [ 433.587127][T12382] dump_stack_lvl+0x16c/0x1f0 [ 433.587164][T12382] should_fail_ex+0x512/0x640 [ 433.587222][T12382] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 433.587264][T12382] should_failslab+0xc2/0x120 [ 433.587310][T12382] __kmalloc_cache_noprof+0x6a/0x3e0 [ 433.587346][T12382] ? do_kimage_alloc_init+0x40/0x350 [ 433.587406][T12382] do_kimage_alloc_init+0x40/0x350 [ 433.587460][T12382] do_kexec_load+0x1fd/0x8d0 [ 433.587495][T12382] ? __pfx_do_kexec_load+0x10/0x10 [ 433.587533][T12382] ? _copy_from_user+0x59/0xd0 [ 433.587570][T12382] __x64_sys_kexec_load+0x1bf/0x230 [ 433.587608][T12382] do_syscall_64+0xcd/0x490 [ 433.587642][T12382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.587675][T12382] RIP: 0033:0x7f699718eb69 [ 433.587701][T12382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.587735][T12382] RSP: 002b:00007f6997fa9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 433.587766][T12382] RAX: ffffffffffffffda RBX: 00007f69973b5fa0 RCX: 00007f699718eb69 [ 433.587789][T12382] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 433.587808][T12382] RBP: 00007f6997211df1 R08: 0000000000000000 R09: 0000000000000000 [ 433.587829][T12382] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 433.587849][T12382] R13: 0000000000000000 R14: 00007f69973b5fa0 R15: 00007fffb81b2ac8 [ 433.587890][T12382] [ 434.776404][T12399] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2420'. [ 435.059125][T12405] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2422'. [ 435.168569][T12405] veth1_macvtap: left promiscuous mode [ 439.567553][T12465] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2441'. [ 439.838147][T12470] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2443'. [ 440.315673][T12478] FAULT_INJECTION: forcing a failure. [ 440.315673][T12478] name failslab, interval 1, probability 0, space 0, times 0 [ 440.410481][T12478] CPU: 0 UID: 0 PID: 12478 Comm: syz.0.2447 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 440.410532][T12478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 440.410553][T12478] Call Trace: [ 440.410564][T12478] [ 440.410576][T12478] dump_stack_lvl+0x16c/0x1f0 [ 440.410614][T12478] should_fail_ex+0x512/0x640 [ 440.410664][T12478] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 440.410712][T12478] should_failslab+0xc2/0x120 [ 440.410758][T12478] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 440.410801][T12478] ? __d_alloc+0x32/0xae0 [ 440.410842][T12478] __d_alloc+0x32/0xae0 [ 440.410877][T12478] ? rcu_is_watching+0x12/0xc0 [ 440.410916][T12478] d_alloc_pseudo+0x1c/0xc0 [ 440.410965][T12478] alloc_file_pseudo+0xcf/0x230 [ 440.411024][T12478] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 440.411073][T12478] ? __pfx_unix_socketpair+0x10/0x10 [ 440.411114][T12478] sock_alloc_file+0x50/0x210 [ 440.411151][T12478] __sys_socketpair+0x31c/0x5a0 [ 440.411200][T12478] ? __pfx___sys_socketpair+0x10/0x10 [ 440.411245][T12478] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 440.411307][T12478] ? xfd_validate_state+0x61/0x180 [ 440.411365][T12478] __x64_sys_socketpair+0x96/0x100 [ 440.411411][T12478] ? lockdep_hardirqs_on+0x7c/0x110 [ 440.411463][T12478] do_syscall_64+0xcd/0x490 [ 440.411499][T12478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.411538][T12478] RIP: 0033:0x7f09e5f8eb69 [ 440.411564][T12478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.411599][T12478] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 440.411632][T12478] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 440.411655][T12478] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 440.411676][T12478] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 440.411697][T12478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 440.411717][T12478] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 440.411759][T12478] [ 440.629805][ C0] vkms_vblank_simulate: vblank timer overrun [ 441.355992][T12498] ================================================================== [ 441.364127][T12498] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 441.371899][T12498] Read of size 8 at addr ffff88802a6d0418 by task syz.0.2454/12498 [ 441.379814][T12498] [ 441.382164][T12498] CPU: 0 UID: 0 PID: 12498 Comm: syz.0.2454 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 441.382203][T12498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 441.382221][T12498] Call Trace: [ 441.382232][T12498] [ 441.382245][T12498] dump_stack_lvl+0x116/0x1f0 [ 441.382276][T12498] print_report+0xcd/0x630 [ 441.382314][T12498] ? __virt_addr_valid+0x81/0x610 [ 441.382349][T12498] ? __phys_addr+0xe8/0x180 [ 441.382383][T12498] ? dvb_device_open+0x36a/0x3b0 [ 441.382410][T12498] kasan_report+0xe0/0x110 [ 441.382448][T12498] ? dvb_device_open+0x36a/0x3b0 [ 441.382478][T12498] ? __pfx_dvb_device_open+0x10/0x10 [ 441.382506][T12498] dvb_device_open+0x36a/0x3b0 [ 441.382534][T12498] ? __pfx_dvb_device_open+0x10/0x10 [ 441.382562][T12498] chrdev_open+0x234/0x6a0 [ 441.382595][T12498] ? __pfx_apparmor_file_open+0x10/0x10 [ 441.382622][T12498] ? __pfx_chrdev_open+0x10/0x10 [ 441.382658][T12498] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 441.382691][T12498] do_dentry_open+0x744/0x1c10 [ 441.382723][T12498] ? __pfx_chrdev_open+0x10/0x10 [ 441.382760][T12498] vfs_open+0x82/0x3f0 [ 441.382799][T12498] path_openat+0x1de4/0x2cb0 [ 441.382834][T12498] ? __pfx_path_openat+0x10/0x10 [ 441.382870][T12498] ? __lock_acquire+0xb8a/0x1c90 [ 441.382908][T12498] do_filp_open+0x20b/0x470 [ 441.382937][T12498] ? __pfx_do_filp_open+0x10/0x10 [ 441.382980][T12498] ? alloc_fd+0x471/0x7d0 [ 441.383012][T12498] do_sys_openat2+0x11b/0x1d0 [ 441.383052][T12498] ? __pfx_do_sys_openat2+0x10/0x10 [ 441.383092][T12498] ? __pfx_do_sys_openat2+0x10/0x10 [ 441.383133][T12498] ? __pfx___might_resched+0x10/0x10 [ 441.383165][T12498] __x64_sys_openat+0x174/0x210 [ 441.383206][T12498] ? __pfx___x64_sys_openat+0x10/0x10 [ 441.383255][T12498] do_syscall_64+0xcd/0x490 [ 441.383284][T12498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.383313][T12498] RIP: 0033:0x7f09e5f8eb69 [ 441.383335][T12498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.383363][T12498] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 441.383390][T12498] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 441.383410][T12498] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 441.383430][T12498] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 441.383448][T12498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.383466][T12498] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 441.383494][T12498] [ 441.383504][T12498] [ 441.642261][T12498] Allocated by task 1: [ 441.646357][T12498] kasan_save_stack+0x33/0x60 [ 441.651157][T12498] kasan_save_track+0x14/0x30 [ 441.655914][T12498] __kasan_kmalloc+0xaa/0xb0 [ 441.660537][T12498] dvb_register_device+0x1e4/0x2370 [ 441.665763][T12498] dvb_register_frontend+0x5a6/0x880 [ 441.671089][T12498] vidtv_bridge_probe+0x459/0xa90 [ 441.676150][T12498] platform_probe+0x103/0x1d0 [ 441.680861][T12498] really_probe+0x241/0xa90 [ 441.685420][T12498] __driver_probe_device+0x1de/0x440 [ 441.690735][T12498] driver_probe_device+0x4c/0x1b0 [ 441.695808][T12498] __driver_attach+0x283/0x580 [ 441.700609][T12498] bus_for_each_dev+0x13b/0x1d0 [ 441.705484][T12498] bus_add_driver+0x2e9/0x690 [ 441.710184][T12498] driver_register+0x15c/0x4b0 [ 441.714981][T12498] vidtv_bridge_init+0x45/0x80 [ 441.719775][T12498] do_one_initcall+0x120/0x6e0 [ 441.724570][T12498] kernel_init_freeable+0x5c2/0x900 [ 441.729806][T12498] kernel_init+0x1c/0x2b0 [ 441.734166][T12498] ret_from_fork+0x5d7/0x6f0 [ 441.738797][T12498] ret_from_fork_asm+0x1a/0x30 [ 441.743587][T12498] [ 441.745923][T12498] Freed by task 12188: [ 441.750002][T12498] kasan_save_stack+0x33/0x60 [ 441.754706][T12498] kasan_save_track+0x14/0x30 [ 441.759439][T12498] kasan_save_free_info+0x3b/0x60 [ 441.764482][T12498] __kasan_slab_free+0x51/0x70 [ 441.769277][T12498] kfree+0x2b4/0x4d0 [ 441.773206][T12498] dvb_device_put.part.0+0x60/0x90 [ 441.778340][T12498] dvb_device_open+0x2a4/0x3b0 [ 441.783128][T12498] chrdev_open+0x234/0x6a0 [ 441.787652][T12498] do_dentry_open+0x744/0x1c10 [ 441.792439][T12498] vfs_open+0x82/0x3f0 [ 441.796537][T12498] path_openat+0x1de4/0x2cb0 [ 441.801146][T12498] do_filp_open+0x20b/0x470 [ 441.805674][T12498] do_sys_openat2+0x11b/0x1d0 [ 441.810385][T12498] __x64_sys_openat+0x174/0x210 [ 441.815262][T12498] do_syscall_64+0xcd/0x490 [ 441.819782][T12498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.825695][T12498] [ 441.828024][T12498] The buggy address belongs to the object at ffff88802a6d0400 [ 441.828024][T12498] which belongs to the cache kmalloc-256 of size 256 [ 441.842091][T12498] The buggy address is located 24 bytes inside of [ 441.842091][T12498] freed 256-byte region [ffff88802a6d0400, ffff88802a6d0500) [ 441.855817][T12498] [ 441.858156][T12498] The buggy address belongs to the physical page: [ 441.864577][T12498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802a6d0400 pfn:0x2a6d0 [ 441.874662][T12498] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 441.883171][T12498] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 441.891683][T12498] page_type: f5(slab) [ 441.895681][T12498] raw: 00fff00000000240 ffff88801b841b40 ffffea00004a6d10 ffffea0001ce5690 [ 441.904286][T12498] raw: ffff88802a6d0400 000000000010000f 00000000f5000000 0000000000000000 [ 441.912893][T12498] head: 00fff00000000240 ffff88801b841b40 ffffea00004a6d10 ffffea0001ce5690 [ 441.921582][T12498] head: ffff88802a6d0400 000000000010000f 00000000f5000000 0000000000000000 [ 441.930277][T12498] head: 00fff00000000001 ffffea0000a9b401 00000000ffffffff 00000000ffffffff [ 441.938975][T12498] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 441.947655][T12498] page dumped because: kasan: bad access detected [ 441.954078][T12498] page_owner tracks the page as allocated [ 441.959806][T12498] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25515748900, free_ts 0 [ 441.979550][T12498] post_alloc_hook+0x1c0/0x230 [ 441.984342][T12498] get_page_from_freelist+0x1321/0x3890 [ 441.989912][T12498] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 441.995832][T12498] alloc_pages_mpol+0x1fb/0x550 [ 442.000713][T12498] new_slab+0x247/0x330 [ 442.004882][T12498] ___slab_alloc+0xd1e/0x1780 [ 442.009572][T12498] __slab_alloc.constprop.0+0x56/0xb0 [ 442.014963][T12498] __kmalloc_cache_noprof+0xfb/0x3e0 [ 442.020265][T12498] bus_add_driver+0x92/0x690 [ 442.024877][T12498] driver_register+0x15c/0x4b0 [ 442.029673][T12498] usb_register_driver+0x216/0x4d0 [ 442.034813][T12498] do_one_initcall+0x120/0x6e0 [ 442.039604][T12498] kernel_init_freeable+0x5c2/0x900 [ 442.044846][T12498] kernel_init+0x1c/0x2b0 [ 442.049205][T12498] ret_from_fork+0x5d7/0x6f0 [ 442.053829][T12498] ret_from_fork_asm+0x1a/0x30 [ 442.058613][T12498] page_owner free stack trace missing [ 442.063990][T12498] [ 442.066323][T12498] Memory state around the buggy address: [ 442.071966][T12498] ffff88802a6d0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 442.080042][T12498] ffff88802a6d0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 442.088178][T12498] >ffff88802a6d0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.096252][T12498] ^ [ 442.101111][T12498] ffff88802a6d0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.109191][T12498] ffff88802a6d0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 442.117262][T12498] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 442.396673][T12498] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 442.403954][T12498] CPU: 0 UID: 0 PID: 12498 Comm: syz.0.2454 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) [ 442.415715][T12498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 442.425812][T12498] Call Trace: [ 442.429122][T12498] [ 442.432100][T12498] dump_stack_lvl+0x3d/0x1f0 [ 442.436734][T12498] vpanic+0x6a3/0x780 [ 442.440774][T12498] ? __pfx_vpanic+0x10/0x10 [ 442.445326][T12498] ? __pfx_vprintk_emit+0x10/0x10 [ 442.450394][T12498] ? dvb_device_open+0x36a/0x3b0 [ 442.455375][T12498] panic+0xca/0xd0 [ 442.459163][T12498] ? __pfx_panic+0x10/0x10 [ 442.463636][T12498] ? dvb_device_open+0x36a/0x3b0 [ 442.468644][T12498] ? preempt_schedule_common+0x44/0xc0 [ 442.474180][T12498] ? preempt_schedule_thunk+0x16/0x30 [ 442.479612][T12498] check_panic_on_warn+0xab/0xb0 [ 442.484617][T12498] end_report+0x107/0x170 [ 442.489040][T12498] kasan_report+0xee/0x110 [ 442.493518][T12498] ? dvb_device_open+0x36a/0x3b0 [ 442.498503][T12498] ? __pfx_dvb_device_open+0x10/0x10 [ 442.503842][T12498] dvb_device_open+0x36a/0x3b0 [ 442.508662][T12498] ? __pfx_dvb_device_open+0x10/0x10 [ 442.513991][T12498] chrdev_open+0x234/0x6a0 [ 442.518465][T12498] ? __pfx_apparmor_file_open+0x10/0x10 [ 442.524053][T12498] ? __pfx_chrdev_open+0x10/0x10 [ 442.529048][T12498] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 442.535873][T12498] do_dentry_open+0x744/0x1c10 [ 442.540692][T12498] ? __pfx_chrdev_open+0x10/0x10 [ 442.545704][T12498] vfs_open+0x82/0x3f0 [ 442.549833][T12498] path_openat+0x1de4/0x2cb0 [ 442.554476][T12498] ? __pfx_path_openat+0x10/0x10 [ 442.559475][T12498] ? __lock_acquire+0xb8a/0x1c90 [ 442.564483][T12498] do_filp_open+0x20b/0x470 [ 442.569101][T12498] ? __pfx_do_filp_open+0x10/0x10 [ 442.574186][T12498] ? alloc_fd+0x471/0x7d0 [ 442.578558][T12498] do_sys_openat2+0x11b/0x1d0 [ 442.583292][T12498] ? __pfx_do_sys_openat2+0x10/0x10 [ 442.588550][T12498] ? __pfx_do_sys_openat2+0x10/0x10 [ 442.593807][T12498] ? __pfx___might_resched+0x10/0x10 [ 442.599134][T12498] __x64_sys_openat+0x174/0x210 [ 442.604064][T12498] ? __pfx___x64_sys_openat+0x10/0x10 [ 442.609512][T12498] do_syscall_64+0xcd/0x490 [ 442.614059][T12498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.619991][T12498] RIP: 0033:0x7f09e5f8eb69 [ 442.624439][T12498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.644088][T12498] RSP: 002b:00007f09e6eb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 442.652528][T12498] RAX: ffffffffffffffda RBX: 00007f09e61b5fa0 RCX: 00007f09e5f8eb69 [ 442.660522][T12498] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 442.668546][T12498] RBP: 00007f09e6011df1 R08: 0000000000000000 R09: 0000000000000000 [ 442.676546][T12498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 442.684536][T12498] R13: 0000000000000000 R14: 00007f09e61b5fa0 R15: 00007fff27f456c8 [ 442.692533][T12498] [ 442.695905][T12498] Kernel Offset: disabled [ 442.700243][T12498] Rebooting in 86400 seconds..