last executing test programs: 11.34373115s ago: executing program 1 (id=854): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) ioctl$auto_USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000240)={0x88, 0x9, 0x0}) unshare$auto(0x9) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x29, 0x1, 0x2) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x3, 0x9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xfb, 0x2000c, 0x4000000000df, 0xeb1, r2, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x18380, 0x0) unshare$auto(0x40000080) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video17\x00', 0x80800, 0x0) select$auto(0x5, &(0x7f0000000080)={[0x400020000008, 0xfffffffffffffffc, 0xb, 0x6, 0x6c0, 0x3, 0x3, 0x1ffe000, 0x5, 0x2, 0x9, 0x4, 0xa657, 0x202, 0xd3, 0x1]}, 0x0, 0x0, 0x0) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, &(0x7f0000000140)="181ecff6d65ff321d095a776216661fdba3cee5a776c2dfc4a45e730a9df0a45e9f3eae21340ffbd639751250ebb9c6b6c1ec022596c8542ba41316d9b143dea2cf13c3b3fcd2e2c947ad5394f56c581488fd092a87664f7842bcc00c51950b69ca2d9ead673cd822bc905e80ee4a85182ed8bc817a674bc4e44e9321c924b7a") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 11.238420831s ago: executing program 3 (id=855): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x3, 0xa, @state_change={0xc, 0x6, 0x8}}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) write$auto(0xffffffffffffffff, 0x0, 0x7) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x9, 0x1, 0x6d2e99e8, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @bytes=@data_ptr=&(0x7f00000000c0)='\x9e*:-$$\x00', "528d458095d42b72adda0cac2d45bdaacfc82245992af763188ba00ab57d5d73b094925aa928ca41e93023ab4510269ed959a79a7895fd181a33375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea81f7e333cf1c9da590b3fea1258074885c899d75cd52751f9be959d90fa5c200"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000140), 0x1a3780, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x201, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x1000000003, 0x9, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, 0x0, 0x814) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010329bd7000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40044010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) 9.839708898s ago: executing program 0 (id=856): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = socket(0x2b, 0x1, 0xf6ba) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, 0x0, 0x20000001) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(r0, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) write$auto(r1, 0x0, 0x6) sysfs$auto(0x5, 0x7fff, 0x2) mmap$auto(0x4, 0x400007, 0xdf, 0x9b7e, 0x2, 0x8000) fsopen$auto(0x0, 0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) 9.783192479s ago: executing program 1 (id=858): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(0xffffffffffffffff, 0x0, 0x20000001) madvise$auto(0x192ad524, 0x1, 0x19) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(0xffffffffffffffff, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), 0xffffffffffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) write$auto(r0, 0x0, 0x6) sysfs$auto(0x5, 0x7fff, 0x2) mmap$auto(0x4, 0x400007, 0xdf, 0x9b7e, 0x2, 0x8000) fsopen$auto(0x0, 0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) 9.367852822s ago: executing program 2 (id=859): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x800000}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) socket(0xa, 0x5, 0x3) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0xab07, 0xffffffffffffffff) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) keyctl$auto(0x1e, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) semctl$auto(0x8, 0x806, 0x13, 0x46) setsockopt$auto(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x10000) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sync_file_range$auto(r1, 0x0, 0x8, 0xbeb) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) 9.36769504s ago: executing program 3 (id=860): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0x6, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r5 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r5, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 6.964861977s ago: executing program 3 (id=861): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r2, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 6.901527784s ago: executing program 1 (id=862): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0x6, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r5 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r5, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 6.776429191s ago: executing program 2 (id=863): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r2, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 6.629259915s ago: executing program 0 (id=864): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r2, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 5.290393074s ago: executing program 2 (id=865): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) brk$auto(0x7fffffffafff) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) read$auto_stat_fops_per_vm_kvm_main(r2, 0x0, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fstat$auto(r3, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) semctl$auto_SETALL(0x2, 0x6, 0x11, 0xb1c) r5 = socket(0x15, 0x5, 0x0) r6 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/state\x00', 0x2, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r6, &(0x7f0000000240)=""/155, 0x9b) getsockopt$auto(r5, 0x114, 0x271f, 0xfffffffffffffffc, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) 4.269251044s ago: executing program 2 (id=866): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x44, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x6, 0xfffffffa, 0x6) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, 0x0, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) 4.268561924s ago: executing program 3 (id=867): mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x406, 0x0) poll$auto(&(0x7f0000000d40)={0x3, 0x3, 0xa}, 0x5, 0x3fc) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x7ffffffe, 0xa, 0x0, 0x46) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0xfffffffffffffffd, 0x20009, 0x4000000000df, 0x11, 0x401, 0x8400) socket(0xa, 0x1, 0x100) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x112) statx$auto(r0, 0x0, 0xfffffffb, 0x2, 0x0) unshare$auto(0x40000080) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_0={0x7, 0xb5, 0xe, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x8005, 0x7, 0x7, 0x6}, 0x10) ioctl$auto_USBDEVFS_SUBMITURB32(0xffffffffffffffff, 0x802c550a, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(0x0, 0x261c2, 0x84) read$auto(0xffffffffffffffff, 0x0, 0x6) memfd_create$auto(0x0, 0x12) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x900, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) syz_genetlink_get_family_id$auto_psample(0x0, 0xffffffffffffffff) 4.263186177s ago: executing program 1 (id=874): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, 0x0, 0x0) prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0xffffffffffffffff, 0xd, 0x13) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000200)='5', 0x1) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) capset$auto(&(0x7f0000000340)={0x19980330}, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x4, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x193, 0xfffffffffffffff9, 0x3, 0x5e4, 0x1000, 0x1, 0x1]}, &(0x7f0000000380)={[0x8000000000000001, 0x5, 0x1, 0x10001, 0xe, 0xf, 0x5, 0x3, 0x59fc8000, 0x200006, 0x8000000000000000, 0x3, 0x800, 0x7, 0x1ff, 0x5]}, &(0x7f0000000280)={0x6, 0xc8}) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) socket(0xa, 0x5, 0x94) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card0\x00', 0x6c800, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) unshare$auto(0x40000080) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r2, 0x1260, 0x5) 4.262565645s ago: executing program 0 (id=868): r0 = openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) lseek$auto(r0, 0x8a05, 0x1) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r1, r1, 0x0, 0x200) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x1f) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) init_module$auto(0x0, 0xffff9, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400, 0x0) pread64$auto(r2, 0x0, 0x1ff, 0x8800000000) semtimedop$auto(0x0, 0x0, 0x1f4, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty34\x00', 0x8000, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r4, 0x80dc5521, r3) r5 = socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) recvmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x7, &(0x7f0000000040)={0x0, 0x1}, 0x6, 0x0, 0x4, 0x6}, 0x7) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x7000000) connect$auto(r5, &(0x7f0000000000)=@ax25={0x3, @null, 0x8}, 0x8) 4.106222035s ago: executing program 0 (id=869): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x90000001, 0x3, 0x1, 0x5, 0x5]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto(0xffffffffffffffff, 0x400454cb, 0x5) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) mmap$auto(0x7, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r2, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 2.975154716s ago: executing program 1 (id=870): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@HSR_A_IF2_AGE={0x8, 0x4, 0xb2c7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r2, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 2.957527495s ago: executing program 3 (id=871): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(0xffffffffffffffff, 0x0, 0x20000001) madvise$auto(0x192ad524, 0x1, 0x19) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(0xffffffffffffffff, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), 0xffffffffffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) write$auto(r0, 0x0, 0x6) sysfs$auto(0x5, 0x7fff, 0x2) mmap$auto(0x4, 0x400007, 0xdf, 0x9b7e, 0x2, 0x8000) fsopen$auto(0x0, 0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) 2.366391287s ago: executing program 2 (id=872): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r0, 0x6) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[0x0], 0x1}, 0x58) madvise$auto(0x1ffff000, 0x7, 0x100000000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) ioperm$auto(0x7, 0x6, 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) 1.956392566s ago: executing program 0 (id=873): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/soft_watchdog\x00', 0x101201, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4001, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv6/neigh/ip_vti0/base_reachable_time_ms\x00', 0x202, 0x0) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={0x0}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000003080)={0x0, 0x4}, 0x9) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/sys/kernel/kptr_restrict\x00', 0x202, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r4, 0x0, 0xb5) write$auto(0x3, 0x0, 0xfdef) 393.142789ms ago: executing program 1 (id=875): openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0) getdents$auto(r0, &(0x7f0000000100)={0x87ca, 0x800000000b, 0x2, "a660cf952830d6b59342986f083f22a065f981808d387536df04a6bae760a711030b17ab3756967e99904d776c2c1eb31bf09f336d9fc1257279a7cbb8412fded1ba89fb34480378ce2110f560b2a7b32228eab71fbcb1ef495c00f09ef91d35267d9362b029530026ba94c22d213ecbd977f05075ffe092ae356f3f9b37da8b05bc648feaacda1c5334be98388a32075a624d407c18f059a07cfede3ea28121e5cd6c7e89ce1b0ad80b4e8b147c7b6e8e770fdc09ea05c76cca00a9245951b0e5434b143fb2f7e83f33f7659a6806fe74c6486836704a1553477750d016a3f3a0aebcf32c4ffab9af2140657f796da281b650abfd7fee28990809b01260da6e72b4284915b3d0518994fa57c69344b8e62352982f3649c7350b273399a21463ba8b517b621ee6cfef7a1fa31caf101d82d808afc2edf8a2a5d4e9f79e71427d1439db0d9acf4620a4c5ae7bd47bfd9755a4586663c1e61edcbf8e61ef22ae45e177c120590dcbd4e4c4e37976ccfeedc36ba4315ee36717168526e7c6ff7b892bd9edc0b890b438d779cd8f88fd08d733970da66cae225ab821bc5d"}, 0x4) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) socket(0x23, 0x80000, 0x92) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa102, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) fsopen$auto(&(0x7f0000000040)='nfsd\x00', 0x1) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x8}, 0x400) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_overcommit_hugepages\x00', 0x1c9282, 0x0) sendfile$auto(r1, r1, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0x3) socketpair$auto(0x9, 0x2, 0xb, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd1\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) select$auto(0x3, &(0x7f0000000440)={[0x5, 0x3, 0x1000, 0xdf, 0x8, 0x7, 0x10001, 0x8, 0x438c82bf, 0x4, 0x0, 0x4, 0x788, 0x6, 0x5, 0x8]}, &(0x7f00000004c0)={[0x6, 0x1, 0x9, 0x8, 0x8, 0x9, 0xd, 0x7, 0x1, 0xffffffffffffffff, 0x2, 0x6, 0xb, 0x7, 0xfffffffffffffffd, 0x8000]}, &(0x7f0000000540)={[0x497, 0x7, 0xfffffffffffffffb, 0x9, 0x3, 0x7, 0x4, 0x2, 0xfffffffffffffffa, 0x3, 0x4, 0xe, 0x5, 0xf9, 0x2, 0x31]}, &(0x7f00000003c0)={0x6, 0x400}) ioctl$auto(0x3, 0x5401, 0x1) 9.801878ms ago: executing program 3 (id=876): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) brk$auto(0x7fffffffafff) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) read$auto_stat_fops_per_vm_kvm_main(r2, 0x0, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fstat$auto(r3, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) semctl$auto_SETALL(0x2, 0x6, 0x11, 0xb1c) r5 = socket(0x15, 0x5, 0x0) r6 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/state\x00', 0x2, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r6, &(0x7f0000000240)=""/155, 0x9b) getsockopt$auto(r5, 0x114, 0x271f, 0xfffffffffffffffc, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) 5.983751ms ago: executing program 0 (id=877): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020008, 0x7, 0xb9, 0xfffffffffffffffa, 0x9) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket(0x25, 0x6, 0x0) mmap$auto(0x0, 0x20009, 0x3, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0) read$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000040)=""/1, 0x1) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000240)="1c520b214b19", 0x6) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000ff, 0x400, 0x9}]}) setgroups$auto(0xe32, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) 0s ago: executing program 2 (id=878): openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, 0x0, 0x90203, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x6, 0x800, 0x8) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, &(0x7f0000000040)='nbd\x00', 0x4) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x87, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r2, 0x0, 0x800) getsockopt$auto(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0x23, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x3, 0x2, 0x0, 0x3, 0x8, 0x2, {0x2100000000, 0x1000010000}, 0xfffffffffffffffc, 0x73d, 0xffffffffffffffdd, 0x1008001, 0x0, 0x6, 0x21b, 0xffffffff, 0xa745, 0x6, 0x1000}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0xa2100, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101c81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x3) gettid() kexec_load$auto(0x7, 0x2, &(0x7f0000000040)={@buf=&(0x7f0000000140)="5bafd56c2c122bc0003f91ad0e2963b1259c512c75114cd1bf833777c5f1aa905ac6eaa258e2aca172f1b2fb7932baaa9e6bdd5d4c193da127fe2ae6116f2ad909a5ee204ca4094f82cb444aed85374298875fd1e2c861610242a6b8c01c0e2bb8d7896b6d6286d95dcd06fbd7120d0e562fe7fb9f334d7067ea429bd6914891fa48b2bea45968c3fe24052221cec0fd646ebea2baa46ac5f8e8af6bdfaa451cd4e6da", 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) write$auto_console_fops_tty_io(r1, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b4d", 0x3a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) kernel console output (not intermixed with test programs): .0+0x99/0x500 [ 111.730484][ T6024] tty_open+0xa50/0xf90 [ 111.730511][ T6024] ? __pfx_tty_open+0x10/0x10 [ 111.730533][ T6024] ? chrdev_open+0x58c/0x6a0 [ 111.730573][ T6024] ? __pfx_tty_open+0x10/0x10 [ 111.730595][ T6024] chrdev_open+0x231/0x6a0 [ 111.730632][ T6024] ? __pfx_chrdev_open+0x10/0x10 [ 111.730670][ T6024] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 111.730707][ T6024] do_dentry_open+0x744/0x1c10 [ 111.730743][ T6024] ? __pfx_chrdev_open+0x10/0x10 [ 111.730785][ T6024] vfs_open+0x82/0x3f0 [ 111.730812][ T6024] path_openat+0x1de4/0x2cb0 [ 111.730853][ T6024] ? __pfx_path_openat+0x10/0x10 [ 111.730887][ T6024] ? __lock_acquire+0xb8a/0x1c90 [ 111.730919][ T6024] do_filp_open+0x20b/0x470 [ 111.730951][ T6024] ? __pfx_do_filp_open+0x10/0x10 [ 111.731014][ T6024] ? alloc_fd+0x471/0x7d0 [ 111.731054][ T6024] do_sys_openat2+0x11b/0x1d0 [ 111.731080][ T6024] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.731117][ T6024] __x64_sys_openat+0x174/0x210 [ 111.731144][ T6024] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.731183][ T6024] do_syscall_64+0xcd/0x490 [ 111.731206][ T6024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.731229][ T6024] RIP: 0033:0x7f9eb038e929 [ 111.731247][ T6024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.731269][ T6024] RSP: 002b:00007f9eb12cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.731291][ T6024] RAX: ffffffffffffffda RBX: 00007f9eb05b5fa0 RCX: 00007f9eb038e929 [ 111.731306][ T6024] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 111.731321][ T6024] RBP: 00007f9eb0410b39 R08: 0000000000000000 R09: 0000000000000000 [ 111.731335][ T6024] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 111.731349][ T6024] R13: 0000000000000000 R14: 00007f9eb05b5fa0 R15: 00007ffc8b826cf8 [ 111.731378][ T6024] [ 111.803963][ T5156] Bluetooth: hci2: command 0x0c1a tx timeout [ 112.036786][ T5156] Bluetooth: hci3: command 0x0c1a tx timeout [ 113.409114][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout [ 113.796765][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout [ 113.876852][ T5156] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.116739][ T5156] Bluetooth: hci3: command 0x0c1a tx timeout [ 115.774748][ T6064] FAULT_INJECTION: forcing a failure. [ 115.774748][ T6064] name fail_futex, interval 1, probability 0, space 0, times 0 [ 115.805606][ T6064] CPU: 0 UID: 0 PID: 6064 Comm: syz.0.22 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 115.805650][ T6064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.805668][ T6064] Call Trace: [ 115.805678][ T6064] [ 115.805689][ T6064] dump_stack_lvl+0x16c/0x1f0 [ 115.805745][ T6064] should_fail_ex+0x512/0x640 [ 115.805797][ T6064] get_futex_key+0x1d0/0x1540 [ 115.805840][ T6064] ? __pfx_get_futex_key+0x10/0x10 [ 115.805877][ T6064] ? __pfx___schedule+0x10/0x10 [ 115.805919][ T6064] ? psi_group_change+0x6dc/0xd20 [ 115.805968][ T6064] futex_wait_setup+0x9d/0x550 [ 115.806028][ T6064] __futex_wait+0x194/0x2f0 [ 115.806076][ T6064] ? __pfx___futex_wait+0x10/0x10 [ 115.806129][ T6064] ? __pfx_futex_wake_mark+0x10/0x10 [ 115.806202][ T6064] futex_wait+0xe8/0x380 [ 115.806249][ T6064] ? __pfx_futex_wait+0x10/0x10 [ 115.806306][ T6064] ? kmem_cache_free+0x2d1/0x4d0 [ 115.806351][ T6064] ? fd_install+0x225/0x750 [ 115.806391][ T6064] ? putname+0x154/0x1a0 [ 115.806428][ T6064] do_futex+0x229/0x350 [ 115.806480][ T6064] ? __pfx_do_futex+0x10/0x10 [ 115.806534][ T6064] __x64_sys_futex+0x1e0/0x4c0 [ 115.806577][ T6064] ? __x64_sys_openat+0x174/0x210 [ 115.806613][ T6064] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.806676][ T6064] do_syscall_64+0xcd/0x490 [ 115.806710][ T6064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.806743][ T6064] RIP: 0033:0x7fd79158e929 [ 115.806767][ T6064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.806799][ T6064] RSP: 002b:00007fd7924840e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.806829][ T6064] RAX: ffffffffffffffda RBX: 00007fd7917b6088 RCX: 00007fd79158e929 [ 115.806849][ T6064] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd7917b6088 [ 115.806868][ T6064] RBP: 00007fd7917b6080 R08: 0000000000000000 R09: 0000000000000000 [ 115.806886][ T6064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd7917b608c [ 115.806904][ T6064] R13: 0000000000000000 R14: 00007ffee97112f0 R15: 00007ffee97113d8 [ 115.806946][ T6064] [ 118.997133][ T5156] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 119.007512][ T6092] ubi0: attaching mtd0 [ 119.089703][ T6092] ubi0: scanning is finished [ 119.094394][ T6092] ubi0: empty MTD device detected [ 119.430471][ T6092] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 119.528628][ T6090] size and base must be multiples of 4 kiB [ 119.534524][ T6090] CPU: 0 UID: 0 PID: 6090 Comm: syz.2.27 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 119.534567][ T6090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.534586][ T6090] Call Trace: [ 119.534598][ T6090] [ 119.534610][ T6090] dump_stack_lvl+0x16c/0x1f0 [ 119.534668][ T6090] mtrr_del+0xd1/0x110 [ 119.534709][ T6090] mtrr_ioctl+0x922/0xcf0 [ 119.534752][ T6090] ? __pfx_mtrr_ioctl+0x10/0x10 [ 119.534801][ T6090] ? find_held_lock+0x2b/0x80 [ 119.534846][ T6090] ? __fget_files+0x20e/0x3c0 [ 119.534892][ T6090] ? __pfx_mtrr_ioctl+0x10/0x10 [ 119.534932][ T6090] proc_reg_unlocked_ioctl+0x226/0x320 [ 119.534981][ T6090] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 119.535035][ T6090] __x64_sys_ioctl+0x18b/0x210 [ 119.535076][ T6090] do_syscall_64+0xcd/0x490 [ 119.535110][ T6090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.535143][ T6090] RIP: 0033:0x7f9eb038e929 [ 119.535169][ T6090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.535200][ T6090] RSP: 002b:00007f9eb12ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.535231][ T6090] RAX: ffffffffffffffda RBX: 00007f9eb05b6080 RCX: 00007f9eb038e929 [ 119.535251][ T6090] RDX: 0000000000000009 RSI: 00000000400c4d04 RDI: 0000000000000009 [ 119.535270][ T6090] RBP: 00007f9eb0410b39 R08: 0000000000000000 R09: 0000000000000000 [ 119.535289][ T6090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.535308][ T6090] R13: 0000000000000000 R14: 00007f9eb05b6080 R15: 00007ffc8b826cf8 [ 119.535349][ T6090] [ 119.536399][ T6092] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 119.781489][ T6092] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 119.788675][ T6092] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 119.824915][ T6092] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 119.847909][ T6092] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 119.867627][ T6092] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1942312777 [ 119.897649][ T6092] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 119.957000][ T6097] ubi0: background thread "ubi_bgt0d" started, PID 6097 [ 120.384398][ T6104] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 120.670510][ T6109] sd 0:0:1:0: PR command failed: 1026 [ 120.676391][ T6109] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 120.684352][ T6109] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 122.592740][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.33'. [ 123.123111][ T6134] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 123.145149][ T6134] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 123.257967][ T6134] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 123.264162][ T6134] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 123.590067][ T6145] FAULT_INJECTION: forcing a failure. [ 123.590067][ T6145] name failslab, interval 1, probability 0, space 0, times 0 [ 123.609964][ T6145] CPU: 1 UID: 0 PID: 6145 Comm: syz.1.35 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 123.610005][ T6145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.610022][ T6145] Call Trace: [ 123.610032][ T6145] [ 123.610044][ T6145] dump_stack_lvl+0x16c/0x1f0 [ 123.610097][ T6145] should_fail_ex+0x512/0x640 [ 123.610147][ T6145] ? fs_reclaim_acquire+0xae/0x150 [ 123.610185][ T6145] should_failslab+0xc2/0x120 [ 123.610214][ T6145] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 123.610261][ T6145] ? jbd2__journal_start+0x193/0x6a0 [ 123.610316][ T6145] jbd2__journal_start+0x193/0x6a0 [ 123.610369][ T6145] __ext4_journal_start_sb+0x195/0x690 [ 123.610408][ T6145] ? ext4_punch_hole+0x782/0x1070 [ 123.610457][ T6145] ext4_punch_hole+0x782/0x1070 [ 123.610511][ T6145] ext4_fallocate+0xd42/0x3720 [ 123.610578][ T6145] ? __pfx_ext4_fallocate+0x10/0x10 [ 123.610627][ T6145] vfs_fallocate+0x60b/0x10c0 [ 123.610678][ T6145] ? __pfx_vfs_fallocate+0x10/0x10 [ 123.610724][ T6145] ? madvise_vma_behavior+0x222c/0x2420 [ 123.610757][ T6145] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 123.610810][ T6145] madvise_vma_behavior+0x21ca/0x2420 [ 123.610851][ T6145] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 123.610885][ T6145] ? __pfx_mas_prev+0x10/0x10 [ 123.610947][ T6145] ? find_vma_prev+0xda/0x160 [ 123.610982][ T6145] ? __pfx_find_vma_prev+0x10/0x10 [ 123.611040][ T6145] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 123.611072][ T6145] madvise_walk_vmas+0x1ce/0x2c0 [ 123.611106][ T6145] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 123.611155][ T6145] madvise_do_behavior+0x15d/0x3f0 [ 123.611195][ T6145] ? __pfx_madvise_do_behavior+0x10/0x10 [ 123.611256][ T6145] do_madvise+0x161/0x230 [ 123.611289][ T6145] ? __pfx_do_madvise+0x10/0x10 [ 123.611341][ T6145] ? xfd_validate_state+0x61/0x180 [ 123.611390][ T6145] __x64_sys_madvise+0xa9/0x110 [ 123.611422][ T6145] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.611468][ T6145] do_syscall_64+0xcd/0x490 [ 123.611498][ T6145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.611529][ T6145] RIP: 0033:0x7f31d618e929 [ 123.611554][ T6145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.611584][ T6145] RSP: 002b:00007f31d7055038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 123.611621][ T6145] RAX: ffffffffffffffda RBX: 00007f31d63b6080 RCX: 00007f31d618e929 [ 123.611641][ T6145] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 123.611659][ T6145] RBP: 00007f31d6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 123.611678][ T6145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.611695][ T6145] R13: 0000000000000000 R14: 00007f31d63b6080 R15: 00007ffc6b8b3708 [ 123.611737][ T6145] [ 123.613651][ T6145] EXT4-fs error (device sda1) in ext4_punch_hole:4398: Out of memory [ 124.836792][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 125.160950][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.320037][ T5156] Bluetooth: hci2: command 0x0c1a tx timeout [ 125.331713][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 126.102742][ T6178] bond0: option all_slaves_active: invalid value () [ 126.524639][ T6183] sd 0:0:1:0: PR command failed: 1026 [ 126.556878][ T6183] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 126.594188][ T6183] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 127.285684][ T6188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'. [ 127.593130][ T6192] FAULT_INJECTION: forcing a failure. [ 127.593130][ T6192] name fail_futex, interval 1, probability 0, space 0, times 0 [ 127.650012][ T6192] CPU: 1 UID: 0 PID: 6192 Comm: syz.1.44 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 127.650054][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.650071][ T6192] Call Trace: [ 127.650080][ T6192] [ 127.650090][ T6192] dump_stack_lvl+0x16c/0x1f0 [ 127.650140][ T6192] should_fail_ex+0x512/0x640 [ 127.650186][ T6192] get_futex_key+0x1d0/0x1540 [ 127.650222][ T6192] ? __pfx_get_futex_key+0x10/0x10 [ 127.650265][ T6192] futex_wake+0xea/0x530 [ 127.650300][ T6192] ? futex_wait+0x120/0x380 [ 127.650338][ T6192] ? __pfx_futex_wait+0x10/0x10 [ 127.650376][ T6192] ? __pfx_futex_wake+0x10/0x10 [ 127.650427][ T6192] ? __lock_acquire+0x622/0x1c90 [ 127.650470][ T6192] do_futex+0x1e3/0x350 [ 127.650504][ T6192] ? __pfx_do_futex+0x10/0x10 [ 127.650539][ T6192] ? find_held_lock+0x2b/0x80 [ 127.650570][ T6192] __x64_sys_futex+0x1e0/0x4c0 [ 127.650604][ T6192] ? __fget_files+0x20e/0x3c0 [ 127.650641][ T6192] ? __pfx___x64_sys_futex+0x10/0x10 [ 127.650679][ T6192] ? fdget+0x187/0x210 [ 127.650718][ T6192] do_syscall_64+0xcd/0x490 [ 127.650745][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.650772][ T6192] RIP: 0033:0x7f31d618e929 [ 127.650793][ T6192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.650828][ T6192] RSP: 002b:00007f31d70550e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.650853][ T6192] RAX: ffffffffffffffda RBX: 00007f31d63b6088 RCX: 00007f31d618e929 [ 127.650871][ T6192] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31d63b608c [ 127.650887][ T6192] RBP: 00007f31d63b6080 R08: 00007f31d7077000 R09: 0000000000000000 [ 127.650904][ T6192] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f31d63b608c [ 127.650920][ T6192] R13: 0000000000000000 R14: 00007ffc6b8b3620 R15: 00007ffc6b8b3708 [ 127.650954][ T6192] [ 127.950454][ T6188] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 127.975096][ T6188] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 128.007238][ T6188] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 128.034894][ T6188] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 129.557610][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.783649][ T6216] FAULT_INJECTION: forcing a failure. [ 129.783649][ T6216] name fail_futex, interval 1, probability 0, space 0, times 0 [ 129.797225][ T6216] CPU: 0 UID: 0 PID: 6216 Comm: syz.1.49 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 129.797269][ T6216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.797288][ T6216] Call Trace: [ 129.797298][ T6216] [ 129.797310][ T6216] dump_stack_lvl+0x16c/0x1f0 [ 129.797366][ T6216] should_fail_ex+0x512/0x640 [ 129.797433][ T6216] get_futex_key+0x1d0/0x1540 [ 129.797477][ T6216] ? __pfx_get_futex_key+0x10/0x10 [ 129.797531][ T6216] futex_wake+0xea/0x530 [ 129.797576][ T6216] ? rcu_is_watching+0x12/0xc0 [ 129.797610][ T6216] ? __pfx_futex_wake+0x10/0x10 [ 129.797661][ T6216] ? kmem_cache_free+0x2d1/0x4d0 [ 129.797707][ T6216] ? fd_install+0x225/0x750 [ 129.797751][ T6216] ? putname+0x154/0x1a0 [ 129.797788][ T6216] do_futex+0x1e3/0x350 [ 129.797826][ T6216] ? __pfx_do_futex+0x10/0x10 [ 129.797918][ T6216] __x64_sys_futex+0x1e0/0x4c0 [ 129.797963][ T6216] ? __x64_sys_openat+0x174/0x210 [ 129.798000][ T6216] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.798059][ T6216] do_syscall_64+0xcd/0x490 [ 129.798091][ T6216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.798123][ T6216] RIP: 0033:0x7f31d618e929 [ 129.798149][ T6216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.798181][ T6216] RSP: 002b:00007f31d70760e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.798211][ T6216] RAX: ffffffffffffffda RBX: 00007f31d63b5fa8 RCX: 00007f31d618e929 [ 129.798231][ T6216] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31d63b5fac [ 129.798250][ T6216] RBP: 00007f31d63b5fa0 R08: 00007f31d7077000 R09: 0000000000000000 [ 129.798269][ T6216] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f31d63b5fac [ 129.798288][ T6216] R13: 0000000000000000 R14: 00007ffc6b8b3620 R15: 00007ffc6b8b3708 [ 129.798329][ T6216] [ 130.036861][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 130.043094][ T5156] Bluetooth: hci2: command 0x0c1a tx timeout [ 130.049287][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.012724][ T6236] FAULT_INJECTION: forcing a failure. [ 132.012724][ T6236] name fail_futex, interval 1, probability 0, space 0, times 0 [ 132.061894][ T6236] CPU: 0 UID: 0 PID: 6236 Comm: syz.1.51 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 132.061939][ T6236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.061957][ T6236] Call Trace: [ 132.061966][ T6236] [ 132.061978][ T6236] dump_stack_lvl+0x16c/0x1f0 [ 132.062033][ T6236] should_fail_ex+0x512/0x640 [ 132.062085][ T6236] get_futex_key+0x1d0/0x1540 [ 132.062124][ T6236] ? madvise_walk_vmas+0x238/0x2c0 [ 132.062154][ T6236] ? __pfx_get_futex_key+0x10/0x10 [ 132.062204][ T6236] ? __pfx___blk_flush_plug+0x10/0x10 [ 132.062244][ T6236] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 132.062289][ T6236] futex_wake+0xea/0x530 [ 132.062341][ T6236] ? __pfx_futex_wake+0x10/0x10 [ 132.062392][ T6236] ? __pfx___up_read+0x10/0x10 [ 132.062441][ T6236] ? madvise_unlock+0xf6/0x190 [ 132.062480][ T6236] do_futex+0x1e3/0x350 [ 132.062529][ T6236] ? __pfx_do_futex+0x10/0x10 [ 132.062570][ T6236] ? __pfx_do_madvise+0x10/0x10 [ 132.062612][ T6236] __x64_sys_futex+0x1e0/0x4c0 [ 132.062661][ T6236] ? __pfx___x64_sys_futex+0x10/0x10 [ 132.062702][ T6236] ? xfd_validate_state+0x61/0x180 [ 132.062758][ T6236] do_syscall_64+0xcd/0x490 [ 132.062792][ T6236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.062825][ T6236] RIP: 0033:0x7f31d618e929 [ 132.062850][ T6236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.062881][ T6236] RSP: 002b:00007f31d70550e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 132.062915][ T6236] RAX: ffffffffffffffda RBX: 00007f31d63b6088 RCX: 00007f31d618e929 [ 132.062936][ T6236] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31d63b608c [ 132.062955][ T6236] RBP: 00007f31d63b6080 R08: 00007f31d7077000 R09: 0000000000000000 [ 132.062974][ T6236] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f31d63b608c [ 132.062992][ T6236] R13: 0000000000000000 R14: 00007ffc6b8b3620 R15: 00007ffc6b8b3708 [ 132.063034][ T6236] [ 138.638193][ T6304] FAULT_INJECTION: forcing a failure. [ 138.638193][ T6304] name failslab, interval 1, probability 0, space 0, times 0 [ 138.692012][ T6304] CPU: 1 UID: 0 PID: 6304 Comm: syz.1.60 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 138.692056][ T6304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.692073][ T6304] Call Trace: [ 138.692083][ T6304] [ 138.692094][ T6304] dump_stack_lvl+0x16c/0x1f0 [ 138.692148][ T6304] should_fail_ex+0x512/0x640 [ 138.692189][ T6304] ? fs_reclaim_acquire+0xae/0x150 [ 138.692227][ T6304] should_failslab+0xc2/0x120 [ 138.692255][ T6304] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 138.692299][ T6304] ? jbd2__journal_start+0x193/0x6a0 [ 138.692354][ T6304] jbd2__journal_start+0x193/0x6a0 [ 138.692408][ T6304] __ext4_journal_start_sb+0x195/0x690 [ 138.692464][ T6304] ? ext4_punch_hole+0x782/0x1070 [ 138.692513][ T6304] ext4_punch_hole+0x782/0x1070 [ 138.692569][ T6304] ext4_fallocate+0xd42/0x3720 [ 138.692632][ T6304] ? __pfx_ext4_fallocate+0x10/0x10 [ 138.692682][ T6304] vfs_fallocate+0x60b/0x10c0 [ 138.692734][ T6304] ? __pfx_vfs_fallocate+0x10/0x10 [ 138.692783][ T6304] ? madvise_vma_behavior+0x222c/0x2420 [ 138.692816][ T6304] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 138.692870][ T6304] madvise_vma_behavior+0x21ca/0x2420 [ 138.692909][ T6304] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 138.692944][ T6304] ? __pfx_mas_prev+0x10/0x10 [ 138.693010][ T6304] ? find_vma_prev+0xda/0x160 [ 138.693048][ T6304] ? __pfx_find_vma_prev+0x10/0x10 [ 138.693106][ T6304] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 138.693138][ T6304] madvise_walk_vmas+0x1ce/0x2c0 [ 138.693173][ T6304] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 138.693216][ T6304] madvise_do_behavior+0x15d/0x3f0 [ 138.693254][ T6304] ? __pfx_madvise_do_behavior+0x10/0x10 [ 138.693313][ T6304] do_madvise+0x161/0x230 [ 138.693346][ T6304] ? __pfx_do_madvise+0x10/0x10 [ 138.693400][ T6304] ? xfd_validate_state+0x61/0x180 [ 138.693451][ T6304] __x64_sys_madvise+0xa9/0x110 [ 138.693483][ T6304] ? lockdep_hardirqs_on+0x7c/0x110 [ 138.693531][ T6304] do_syscall_64+0xcd/0x490 [ 138.693562][ T6304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.693595][ T6304] RIP: 0033:0x7f31d618e929 [ 138.693621][ T6304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.693652][ T6304] RSP: 002b:00007f31d7055038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 138.693681][ T6304] RAX: ffffffffffffffda RBX: 00007f31d63b6080 RCX: 00007f31d618e929 [ 138.693699][ T6304] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 138.693717][ T6304] RBP: 00007f31d6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 138.693734][ T6304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.693752][ T6304] R13: 0000000000000000 R14: 00007f31d63b6080 R15: 00007ffc6b8b3708 [ 138.693794][ T6304] [ 138.693810][ T6304] EXT4-fs error (device sda1) in ext4_punch_hole:4398: Out of memory [ 139.258423][ T6310] FAULT_INJECTION: forcing a failure. [ 139.258423][ T6310] name failslab, interval 1, probability 0, space 0, times 0 [ 139.271598][ T6310] CPU: 1 UID: 0 PID: 6310 Comm: syz.2.62 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 139.271640][ T6310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.271658][ T6310] Call Trace: [ 139.271668][ T6310] [ 139.271680][ T6310] dump_stack_lvl+0x16c/0x1f0 [ 139.271737][ T6310] should_fail_ex+0x512/0x640 [ 139.271783][ T6310] ? fs_reclaim_acquire+0xae/0x150 [ 139.271824][ T6310] should_failslab+0xc2/0x120 [ 139.271853][ T6310] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 139.271900][ T6310] ? inode_set_ctime_current+0x2a1/0x8f0 [ 139.271957][ T6310] ? jbd2__journal_start+0x193/0x6a0 [ 139.272016][ T6310] jbd2__journal_start+0x193/0x6a0 [ 139.272073][ T6310] __ext4_journal_start_sb+0x195/0x690 [ 139.272116][ T6310] ? ext4_dirty_inode+0xa1/0x130 [ 139.272166][ T6310] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 139.272214][ T6310] ext4_dirty_inode+0xa1/0x130 [ 139.272260][ T6310] ? rcu_is_watching+0x12/0xc0 [ 139.272292][ T6310] __mark_inode_dirty+0x1ee/0xe50 [ 139.272330][ T6310] generic_update_time+0xcf/0xf0 [ 139.272385][ T6310] file_modified+0x207/0x240 [ 139.272439][ T6310] ext4_fallocate+0x176/0x3720 [ 139.272503][ T6310] ? __pfx_ext4_fallocate+0x10/0x10 [ 139.272554][ T6310] vfs_fallocate+0x60b/0x10c0 [ 139.272607][ T6310] ? __pfx_vfs_fallocate+0x10/0x10 [ 139.272656][ T6310] ? madvise_vma_behavior+0x222c/0x2420 [ 139.272690][ T6310] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 139.272744][ T6310] madvise_vma_behavior+0x21ca/0x2420 [ 139.272784][ T6310] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 139.272819][ T6310] ? __pfx_mas_prev+0x10/0x10 [ 139.272878][ T6310] ? find_vma_prev+0xda/0x160 [ 139.272915][ T6310] ? __pfx_find_vma_prev+0x10/0x10 [ 139.272969][ T6310] ? lockdep_hardirqs_on+0x7c/0x110 [ 139.273028][ T6310] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 139.273060][ T6310] madvise_walk_vmas+0x1ce/0x2c0 [ 139.273094][ T6310] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 139.273138][ T6310] madvise_do_behavior+0x15d/0x3f0 [ 139.273178][ T6310] ? __pfx_madvise_do_behavior+0x10/0x10 [ 139.273240][ T6310] do_madvise+0x161/0x230 [ 139.273273][ T6310] ? __pfx_do_madvise+0x10/0x10 [ 139.273328][ T6310] ? xfd_validate_state+0x61/0x180 [ 139.273379][ T6310] __x64_sys_madvise+0xa9/0x110 [ 139.273413][ T6310] ? lockdep_hardirqs_on+0x7c/0x110 [ 139.273461][ T6310] do_syscall_64+0xcd/0x490 [ 139.273492][ T6310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.273524][ T6310] RIP: 0033:0x7f9eb038e929 [ 139.273549][ T6310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.273579][ T6310] RSP: 002b:00007f9eb12ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 139.273609][ T6310] RAX: ffffffffffffffda RBX: 00007f9eb05b6080 RCX: 00007f9eb038e929 [ 139.273629][ T6310] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 139.273647][ T6310] RBP: 00007f9eb0410b39 R08: 0000000000000000 R09: 0000000000000000 [ 139.273666][ T6310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.273684][ T6310] R13: 0000000000000000 R14: 00007f9eb05b6080 R15: 00007ffc8b826cf8 [ 139.273725][ T6310] [ 140.829506][ T6327] FAULT_INJECTION: forcing a failure. [ 140.829506][ T6327] name fail_futex, interval 1, probability 0, space 0, times 0 [ 140.858796][ T6327] CPU: 0 UID: 0 PID: 6327 Comm: syz.2.65 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 140.858844][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.858865][ T6327] Call Trace: [ 140.858876][ T6327] [ 140.858889][ T6327] dump_stack_lvl+0x16c/0x1f0 [ 140.858948][ T6327] should_fail_ex+0x512/0x640 [ 140.859002][ T6327] get_futex_key+0x1d0/0x1540 [ 140.859045][ T6327] ? __pfx_get_futex_key+0x10/0x10 [ 140.859099][ T6327] futex_wake+0xea/0x530 [ 140.859142][ T6327] ? futex_wait+0x120/0x380 [ 140.859188][ T6327] ? __pfx_futex_wait+0x10/0x10 [ 140.859235][ T6327] ? __pfx_futex_wake+0x10/0x10 [ 140.859288][ T6327] ? __lock_acquire+0x622/0x1c90 [ 140.859340][ T6327] do_futex+0x1e3/0x350 [ 140.859380][ T6327] ? __pfx_do_futex+0x10/0x10 [ 140.859423][ T6327] ? find_held_lock+0x2b/0x80 [ 140.859459][ T6327] __x64_sys_futex+0x1e0/0x4c0 [ 140.859502][ T6327] ? __fget_files+0x20e/0x3c0 [ 140.859545][ T6327] ? __pfx___x64_sys_futex+0x10/0x10 [ 140.859601][ T6327] ? fdget+0x187/0x210 [ 140.859651][ T6327] do_syscall_64+0xcd/0x490 [ 140.859685][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.859717][ T6327] RIP: 0033:0x7f9eb038e929 [ 140.859753][ T6327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.859781][ T6327] RSP: 002b:00007f9eb12cc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 140.859808][ T6327] RAX: ffffffffffffffda RBX: 00007f9eb05b5fa8 RCX: 00007f9eb038e929 [ 140.859826][ T6327] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9eb05b5fac [ 140.859843][ T6327] RBP: 00007f9eb05b5fa0 R08: 00007f9eb12cd000 R09: 0000000000000000 [ 140.859860][ T6327] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9eb05b5fac [ 140.859878][ T6327] R13: 0000000000000000 R14: 00007ffc8b826c10 R15: 00007ffc8b826cf8 [ 140.859914][ T6327] [ 141.527856][ T6333] netlink: 20 bytes leftover after parsing attributes in process `syz.1.74'. [ 141.892160][ T6333] hsr_slave_0 (unregistering): left promiscuous mode [ 142.821285][ T6351] Invalid ELF header magic: != ELF [ 143.149124][ T6355] random: crng reseeded on system resumption [ 143.182964][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.192242][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.820847][ T6365] process 'syz.0.70' launched ':,' with NULL argv: empty string added [ 144.208772][ T6372] sd 0:0:1:0: PR command failed: 1026 [ 144.290125][ T6372] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 144.298748][ T6372] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 145.010171][ T6379] netlink: 'syz.3.75': attribute type 11 has an invalid length. [ 145.010226][ T6379] netlink: 'syz.3.75': attribute type 11 has an invalid length. [ 145.768908][ T6393] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 146.297250][ T6394] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 147.528191][ T6420] FAULT_INJECTION: forcing a failure. [ 147.528191][ T6420] name failslab, interval 1, probability 0, space 0, times 0 [ 147.601679][ T6420] CPU: 0 UID: 0 PID: 6420 Comm: syz.2.82 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 147.601721][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.601739][ T6420] Call Trace: [ 147.601749][ T6420] [ 147.601760][ T6420] dump_stack_lvl+0x16c/0x1f0 [ 147.601811][ T6420] should_fail_ex+0x512/0x640 [ 147.601852][ T6420] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 147.601898][ T6420] should_failslab+0xc2/0x120 [ 147.601943][ T6420] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 147.601990][ T6420] ? getname_flags.part.0+0x4c/0x550 [ 147.602032][ T6420] getname_flags.part.0+0x4c/0x550 [ 147.602073][ T6420] getname_flags+0x93/0xf0 [ 147.602117][ T6420] do_sys_openat2+0xb8/0x1d0 [ 147.602152][ T6420] ? __pfx_do_sys_openat2+0x10/0x10 [ 147.602190][ T6420] ? __pfx___might_resched+0x10/0x10 [ 147.602234][ T6420] __x64_sys_openat+0x174/0x210 [ 147.602281][ T6420] ? __pfx___x64_sys_openat+0x10/0x10 [ 147.602336][ T6420] do_syscall_64+0xcd/0x490 [ 147.602365][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.602394][ T6420] RIP: 0033:0x7f9eb038e929 [ 147.602417][ T6420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.602445][ T6420] RSP: 002b:00007f9eb12ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 147.602473][ T6420] RAX: ffffffffffffffda RBX: 00007f9eb05b6080 RCX: 00007f9eb038e929 [ 147.602492][ T6420] RDX: 0000000000004001 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 147.602509][ T6420] RBP: 00007f9eb0410b39 R08: 0000000000000000 R09: 0000000000000000 [ 147.602545][ T6420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.602563][ T6420] R13: 0000000000000000 R14: 00007f9eb05b6080 R15: 00007ffc8b826cf8 [ 147.602604][ T6420] [ 147.924734][ T6415] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 147.969925][ T6415] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 148.007200][ T6415] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 148.013344][ T6415] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 148.916773][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 150.037138][ T5156] Bluetooth: hci2: command 0x0c1a tx timeout [ 150.037236][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 150.049509][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 151.000491][ T6468] ALSA: mixer_oss: invalid OSS volume '0' [ 151.006309][ T6468] ALSA: mixer_oss: invalid OSS volume '' [ 151.841447][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.342200][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.504114][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.789788][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.859958][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.870881][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.881337][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.889434][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.898780][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 153.372338][ T13] bridge_slave_1: left allmulticast mode [ 153.387571][ T13] bridge_slave_1: left promiscuous mode [ 153.394426][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.421654][ T13] bridge_slave_0: left allmulticast mode [ 153.436713][ T13] bridge_slave_0: left promiscuous mode [ 153.442546][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.116569][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.131313][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.141989][ T13] bond0 (unregistering): Released all slaves [ 154.996920][ T51] Bluetooth: hci3: command tx timeout [ 155.068273][ T13] hsr_slave_0: left promiscuous mode [ 155.116928][ T13] hsr_slave_1: left promiscuous mode [ 155.147340][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.165189][ T6511] FAULT_INJECTION: forcing a failure. [ 155.165189][ T6511] name failslab, interval 1, probability 0, space 0, times 0 [ 155.178456][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.241462][ T6511] CPU: 0 UID: 0 PID: 6511 Comm: syz.3.98 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 155.241515][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.241533][ T6511] Call Trace: [ 155.241543][ T6511] [ 155.241554][ T6511] dump_stack_lvl+0x16c/0x1f0 [ 155.241609][ T6511] should_fail_ex+0x512/0x640 [ 155.241655][ T6511] ? fs_reclaim_acquire+0xae/0x150 [ 155.241697][ T6511] should_failslab+0xc2/0x120 [ 155.241727][ T6511] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 155.241774][ T6511] ? inode_set_ctime_current+0x2a1/0x8f0 [ 155.241823][ T6511] ? jbd2__journal_start+0x193/0x6a0 [ 155.241880][ T6511] jbd2__journal_start+0x193/0x6a0 [ 155.241938][ T6511] __ext4_journal_start_sb+0x195/0x690 [ 155.241980][ T6511] ? ext4_dirty_inode+0xa1/0x130 [ 155.242028][ T6511] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 155.242095][ T6511] ext4_dirty_inode+0xa1/0x130 [ 155.242143][ T6511] ? rcu_is_watching+0x12/0xc0 [ 155.242176][ T6511] __mark_inode_dirty+0x1ee/0xe50 [ 155.242216][ T6511] generic_update_time+0xcf/0xf0 [ 155.242270][ T6511] file_modified+0x207/0x240 [ 155.242337][ T6511] ext4_fallocate+0x176/0x3720 [ 155.242405][ T6511] ? __pfx_ext4_fallocate+0x10/0x10 [ 155.242458][ T6511] vfs_fallocate+0x60b/0x10c0 [ 155.242519][ T6511] ? __pfx_vfs_fallocate+0x10/0x10 [ 155.242569][ T6511] ? madvise_vma_behavior+0x222c/0x2420 [ 155.242603][ T6511] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 155.242662][ T6511] madvise_vma_behavior+0x21ca/0x2420 [ 155.242705][ T6511] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 155.242741][ T6511] ? __pfx_mas_prev+0x10/0x10 [ 155.242805][ T6511] ? find_vma_prev+0xda/0x160 [ 155.242842][ T6511] ? __pfx_find_vma_prev+0x10/0x10 [ 155.242902][ T6511] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 155.242936][ T6511] madvise_walk_vmas+0x1ce/0x2c0 [ 155.242970][ T6511] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 155.243015][ T6511] madvise_do_behavior+0x15d/0x3f0 [ 155.243056][ T6511] ? __pfx_madvise_do_behavior+0x10/0x10 [ 155.243118][ T6511] do_madvise+0x161/0x230 [ 155.243153][ T6511] ? __pfx_do_madvise+0x10/0x10 [ 155.243208][ T6511] ? xfd_validate_state+0x61/0x180 [ 155.243259][ T6511] __x64_sys_madvise+0xa9/0x110 [ 155.243293][ T6511] ? lockdep_hardirqs_on+0x7c/0x110 [ 155.243344][ T6511] do_syscall_64+0xcd/0x490 [ 155.243377][ T6511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.243409][ T6511] RIP: 0033:0x7f295a98e929 [ 155.243435][ T6511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.243466][ T6511] RSP: 002b:00007f295b830038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 155.243502][ T6511] RAX: ffffffffffffffda RBX: 00007f295abb6080 RCX: 00007f295a98e929 [ 155.243536][ T6511] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 155.243555][ T6511] RBP: 00007f295aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 155.243573][ T6511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.243591][ T6511] R13: 0000000000000000 R14: 00007f295abb6080 R15: 00007fff0b146cb8 [ 155.243632][ T6511] [ 155.656049][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.752413][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.999184][ T13] veth1_macvtap: left promiscuous mode [ 156.025464][ T13] veth0_macvtap: left promiscuous mode [ 156.057247][ T13] veth1_vlan: left promiscuous mode [ 156.068844][ T13] veth0_vlan: left promiscuous mode [ 156.665577][ T6535] syz.3.100 uses obsolete (PF_INET,SOCK_PACKET) [ 157.013379][ T6520] FAULT_INJECTION: forcing a failure. [ 157.013379][ T6520] name failslab, interval 1, probability 0, space 0, times 0 [ 157.030014][ T6520] CPU: 1 UID: 0 PID: 6520 Comm: syz.1.99 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 157.030057][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.030076][ T6520] Call Trace: [ 157.030086][ T6520] [ 157.030098][ T6520] dump_stack_lvl+0x16c/0x1f0 [ 157.030155][ T6520] should_fail_ex+0x512/0x640 [ 157.030201][ T6520] ? fs_reclaim_acquire+0xae/0x150 [ 157.030241][ T6520] ? tomoyo_encode2+0x100/0x3e0 [ 157.030282][ T6520] should_failslab+0xc2/0x120 [ 157.030311][ T6520] __kmalloc_noprof+0xd2/0x510 [ 157.030366][ T6520] ? d_absolute_path+0x136/0x1a0 [ 157.030407][ T6520] tomoyo_encode2+0x100/0x3e0 [ 157.030458][ T6520] tomoyo_encode+0x29/0x50 [ 157.030501][ T6520] tomoyo_realpath_from_path+0x18f/0x6e0 [ 157.030557][ T6520] tomoyo_path_number_perm+0x245/0x580 [ 157.030593][ T6520] ? tomoyo_path_number_perm+0x237/0x580 [ 157.030635][ T6520] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 157.030717][ T6520] ? find_held_lock+0x2b/0x80 [ 157.030748][ T6520] ? hook_file_ioctl_common+0x145/0x410 [ 157.030793][ T6520] ? __fget_files+0x20e/0x3c0 [ 157.030844][ T6520] security_file_ioctl+0x9b/0x240 [ 157.030886][ T6520] __x64_sys_ioctl+0xb7/0x210 [ 157.030925][ T6520] do_syscall_64+0xcd/0x490 [ 157.030958][ T6520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.030991][ T6520] RIP: 0033:0x7f31d618e929 [ 157.031017][ T6520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.031048][ T6520] RSP: 002b:00007f31d7076038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.031078][ T6520] RAX: ffffffffffffffda RBX: 00007f31d63b5fa0 RCX: 00007f31d618e929 [ 157.031098][ T6520] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000003 [ 157.031115][ T6520] RBP: 00007f31d6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 157.031134][ T6520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.031151][ T6520] R13: 0000000000000000 R14: 00007f31d63b5fa0 R15: 00007ffc6b8b3708 [ 157.031192][ T6520] [ 157.031277][ T6520] ERROR: Out of memory at tomoyo_realpath_from_path. [ 157.080855][ T51] Bluetooth: hci3: command tx timeout [ 158.101516][ T13] team0 (unregistering): Port device team_slave_1 removed [ 158.228737][ T13] team0 (unregistering): Port device team_slave_0 removed [ 159.132541][ T6483] chnl_net:caif_netlink_parms(): no params data found [ 159.316861][ T51] Bluetooth: hci3: command tx timeout [ 159.466421][ T6557] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 160.101674][ T6483] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.117046][ T6483] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.159398][ T6483] bridge_slave_0: entered allmulticast mode [ 160.187950][ T6483] bridge_slave_0: entered promiscuous mode [ 160.230697][ T6483] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.262979][ T6483] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.319235][ T6483] bridge_slave_1: entered allmulticast mode [ 160.356959][ T6483] bridge_slave_1: entered promiscuous mode [ 160.740112][ T6483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.805127][ T6563] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 160.833133][ T6483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.231073][ T6483] team0: Port device team_slave_0 added [ 161.254951][ T6483] team0: Port device team_slave_1 added [ 161.398299][ T51] Bluetooth: hci3: command tx timeout [ 161.800735][ T6483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 161.830427][ T6483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.945392][ T6483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 161.977062][ T6483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 161.998360][ T6483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.182559][ T6483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 162.599974][ T6483] hsr_slave_0: entered promiscuous mode [ 162.646377][ T6483] hsr_slave_1: entered promiscuous mode [ 162.665257][ T6483] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 162.729278][ T6483] Cannot create hsr debugfs directory [ 164.614028][ T6483] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 164.701523][ T6483] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 164.731378][ T6483] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 164.781383][ T6483] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 165.280198][ T6483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.821184][ T6483] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.953133][ T4103] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.960462][ T4103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.069848][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.077190][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.622092][ T6667] FAULT_INJECTION: forcing a failure. [ 166.622092][ T6667] name failslab, interval 1, probability 0, space 0, times 0 [ 166.655275][ T6667] CPU: 0 UID: 0 PID: 6667 Comm: syz.0.115 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 166.655338][ T6667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.655357][ T6667] Call Trace: [ 166.655367][ T6667] [ 166.655379][ T6667] dump_stack_lvl+0x16c/0x1f0 [ 166.655436][ T6667] should_fail_ex+0x512/0x640 [ 166.655485][ T6667] ? fs_reclaim_acquire+0xae/0x150 [ 166.655528][ T6667] should_failslab+0xc2/0x120 [ 166.655560][ T6667] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 166.655619][ T6667] ? security_inode_alloc+0x3b/0x2b0 [ 166.655661][ T6667] security_inode_alloc+0x3b/0x2b0 [ 166.655699][ T6667] inode_init_always_gfp+0xce4/0x1030 [ 166.655753][ T6667] alloc_inode+0x86/0x240 [ 166.655787][ T6667] path_from_stashed+0x2be/0xb00 [ 166.655842][ T6667] ? __pfx_path_from_stashed+0x10/0x10 [ 166.655890][ T6667] ? find_held_lock+0x2b/0x80 [ 166.655923][ T6667] ? alloc_fd+0x471/0x7d0 [ 166.655971][ T6667] pidfs_alloc_file+0xf8/0x330 [ 166.656011][ T6667] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 166.656062][ T6667] pidfd_prepare+0x10c/0x1b0 [ 166.656105][ T6667] copy_process+0x46ea/0x76a0 [ 166.656143][ T6667] ? __pfx___futex_wait+0x10/0x10 [ 166.656206][ T6667] ? __pfx_copy_process+0x10/0x10 [ 166.656269][ T6667] kernel_clone+0xfc/0x960 [ 166.656312][ T6667] ? __pfx_kernel_clone+0x10/0x10 [ 166.656375][ T6667] __do_sys_clone+0xce/0x120 [ 166.656415][ T6667] ? __pfx___do_sys_clone+0x10/0x10 [ 166.656454][ T6667] ? __pfx___might_resched+0x10/0x10 [ 166.656516][ T6667] ? xfd_validate_state+0x61/0x180 [ 166.656571][ T6667] do_syscall_64+0xcd/0x490 [ 166.656629][ T6667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.656680][ T6667] RIP: 0033:0x7fd79158e929 [ 166.656705][ T6667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.656735][ T6667] RSP: 002b:00007fd7924a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 166.656766][ T6667] RAX: ffffffffffffffda RBX: 00007fd7917b5fa0 RCX: 00007fd79158e929 [ 166.656786][ T6667] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 166.656804][ T6667] RBP: 00007fd791610b39 R08: 0000000000000002 R09: 0000000000000000 [ 166.656822][ T6667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.656840][ T6667] R13: 0000000000000000 R14: 00007fd7917b5fa0 R15: 00007ffee97113d8 [ 166.656882][ T6667] [ 167.142314][ T6483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.338618][ T6483] veth0_vlan: entered promiscuous mode [ 167.383521][ T6483] veth1_vlan: entered promiscuous mode [ 167.425087][ T6680] netlink: 'syz.0.118': attribute type 11 has an invalid length. [ 167.433096][ T6680] netlink: 'syz.0.118': attribute type 11 has an invalid length. [ 167.520329][ T6483] veth0_macvtap: entered promiscuous mode [ 167.580841][ T6483] veth1_macvtap: entered promiscuous mode [ 167.653558][ T6483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.712825][ T6483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 167.777236][ T6483] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.864480][ T6483] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.020185][ T6483] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.029121][ T6483] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.920258][ T4103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.935027][ T4103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.959801][ T4103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.089140][ T4103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.945896][ T6707] ubi: mtd0 is already attached to ubi0 [ 169.990631][ T6712] FAULT_INJECTION: forcing a failure. [ 169.990631][ T6712] name failslab, interval 1, probability 0, space 0, times 0 [ 170.032555][ T6716] size and base must be multiples of 4 kiB [ 170.040127][ T6712] CPU: 0 UID: 0 PID: 6712 Comm: syz.3.123 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 170.040167][ T6712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.040184][ T6712] Call Trace: [ 170.040194][ T6712] [ 170.040204][ T6712] dump_stack_lvl+0x16c/0x1f0 [ 170.040254][ T6712] should_fail_ex+0x512/0x640 [ 170.040295][ T6712] ? fs_reclaim_acquire+0xae/0x150 [ 170.040329][ T6712] should_failslab+0xc2/0x120 [ 170.040355][ T6712] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 170.040396][ T6712] ? inode_set_ctime_current+0x2a1/0x8f0 [ 170.040440][ T6712] ? jbd2__journal_start+0x193/0x6a0 [ 170.040491][ T6712] jbd2__journal_start+0x193/0x6a0 [ 170.040540][ T6712] __ext4_journal_start_sb+0x195/0x690 [ 170.040578][ T6712] ? ext4_dirty_inode+0xa1/0x130 [ 170.040620][ T6712] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 170.040661][ T6712] ext4_dirty_inode+0xa1/0x130 [ 170.040717][ T6712] ? rcu_is_watching+0x12/0xc0 [ 170.040745][ T6712] __mark_inode_dirty+0x1ee/0xe50 [ 170.040779][ T6712] generic_update_time+0xcf/0xf0 [ 170.040825][ T6712] file_modified+0x207/0x240 [ 170.040870][ T6712] ext4_fallocate+0x176/0x3720 [ 170.040925][ T6712] ? __pfx_ext4_fallocate+0x10/0x10 [ 170.040967][ T6712] vfs_fallocate+0x60b/0x10c0 [ 170.041012][ T6712] ? __pfx_vfs_fallocate+0x10/0x10 [ 170.041063][ T6712] ? madvise_vma_behavior+0x222c/0x2420 [ 170.041093][ T6712] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 170.041142][ T6712] madvise_vma_behavior+0x21ca/0x2420 [ 170.041179][ T6712] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 170.041209][ T6712] ? __pfx_mas_prev+0x10/0x10 [ 170.041261][ T6712] ? find_vma_prev+0xda/0x160 [ 170.041292][ T6712] ? __pfx_find_vma_prev+0x10/0x10 [ 170.041332][ T6712] ? lockdep_hardirqs_on+0x7c/0x110 [ 170.041382][ T6712] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 170.041410][ T6712] madvise_walk_vmas+0x1ce/0x2c0 [ 170.041440][ T6712] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 170.041479][ T6712] madvise_do_behavior+0x15d/0x3f0 [ 170.041512][ T6712] ? __pfx_madvise_do_behavior+0x10/0x10 [ 170.041564][ T6712] do_madvise+0x161/0x230 [ 170.041593][ T6712] ? __pfx_do_madvise+0x10/0x10 [ 170.041641][ T6712] ? xfd_validate_state+0x61/0x180 [ 170.041691][ T6712] __x64_sys_madvise+0xa9/0x110 [ 170.041720][ T6712] ? lockdep_hardirqs_on+0x7c/0x110 [ 170.041762][ T6712] do_syscall_64+0xcd/0x490 [ 170.041790][ T6712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.041818][ T6712] RIP: 0033:0x7f295a98e929 [ 170.041840][ T6712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.041866][ T6712] RSP: 002b:00007f295b830038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 170.041892][ T6712] RAX: ffffffffffffffda RBX: 00007f295abb6080 RCX: 00007f295a98e929 [ 170.041911][ T6712] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 170.041929][ T6712] RBP: 00007f295aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 170.041946][ T6712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.041963][ T6712] R13: 0000000000000000 R14: 00007f295abb6080 R15: 00007fff0b146cb8 [ 170.042000][ T6712] [ 170.042222][ T6716] CPU: 0 UID: 0 PID: 6716 Comm: syz.1.122 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 170.042261][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.042277][ T6716] Call Trace: [ 170.042285][ T6716] [ 170.042295][ T6716] dump_stack_lvl+0x16c/0x1f0 [ 170.042341][ T6716] mtrr_del+0xd1/0x110 [ 170.042375][ T6716] mtrr_ioctl+0x922/0xcf0 [ 170.042409][ T6716] ? __pfx_mtrr_ioctl+0x10/0x10 [ 170.042451][ T6716] ? find_held_lock+0x2b/0x80 [ 170.042488][ T6716] ? __fget_files+0x20e/0x3c0 [ 170.042548][ T6716] ? __pfx_mtrr_ioctl+0x10/0x10 [ 170.042582][ T6716] proc_reg_unlocked_ioctl+0x226/0x320 [ 170.042622][ T6716] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 170.042672][ T6716] __x64_sys_ioctl+0x18b/0x210 [ 170.042707][ T6716] do_syscall_64+0xcd/0x490 [ 170.042735][ T6716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.042762][ T6716] RIP: 0033:0x7f31d618e929 [ 170.042783][ T6716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.042810][ T6716] RSP: 002b:00007f31d7034038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.042843][ T6716] RAX: ffffffffffffffda RBX: 00007f31d63b6160 RCX: 00007f31d618e929 [ 170.042862][ T6716] RDX: 0000000000000009 RSI: 00000000400c4d04 RDI: 0000000000000009 [ 170.042879][ T6716] RBP: 00007f31d6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 170.042897][ T6716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.042913][ T6716] R13: 0000000000000000 R14: 00007f31d63b6160 R15: 00007ffc6b8b3708 [ 170.042949][ T6716] [ 170.813118][ T6715] batman_adv: Routing algorithm '' is not supported [ 172.687252][ T6761] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 173.650356][ T6763] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 174.619162][ T6795] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 175.348676][ T6797] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 176.782280][ T6831] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 177.846893][ T30] audit: type=1800 audit(6045098776.218:2): pid=6841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.138" name="lu_gp_id" dev="configfs" ino=10896 res=0 errno=0 [ 177.884612][ T6841] ALUA LU Group already has a valid ID, ignoring request [ 179.347107][ T6865] random: crng reseeded on system resumption [ 179.394133][ T6865] FAULT_INJECTION: forcing a failure. [ 179.394133][ T6865] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 179.446815][ T6865] CPU: 1 UID: 0 PID: 6865 Comm: syz.3.142 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 179.446862][ T6865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.446880][ T6865] Call Trace: [ 179.446890][ T6865] [ 179.446902][ T6865] dump_stack_lvl+0x16c/0x1f0 [ 179.446960][ T6865] should_fail_ex+0x512/0x640 [ 179.447015][ T6865] should_fail_alloc_page+0xe7/0x130 [ 179.447051][ T6865] prepare_alloc_pages+0x3c2/0x610 [ 179.447103][ T6865] ? rcu_is_watching+0x12/0xc0 [ 179.447140][ T6865] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 179.447205][ T6865] ? stack_trace_save+0x8e/0xc0 [ 179.447239][ T6865] ? __pfx_stack_trace_save+0x10/0x10 [ 179.447272][ T6865] ? stack_depot_save_flags+0x28/0xa40 [ 179.447322][ T6865] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 179.447375][ T6865] ? kasan_save_stack+0x42/0x60 [ 179.447419][ T6865] ? kasan_save_stack+0x33/0x60 [ 179.447469][ T6865] ? do_dentry_open+0x744/0x1c10 [ 179.447512][ T6865] ? vfs_open+0x82/0x3f0 [ 179.447540][ T6865] ? path_openat+0x1de4/0x2cb0 [ 179.447578][ T6865] ? do_filp_open+0x20b/0x470 [ 179.447618][ T6865] ? do_sys_openat2+0x11b/0x1d0 [ 179.447651][ T6865] ? __x64_sys_openat+0x174/0x210 [ 179.447696][ T6865] ? do_syscall_64+0xcd/0x490 [ 179.447722][ T6865] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.447757][ T6865] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 179.447803][ T6865] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 179.447852][ T6865] ? policy_nodemask+0xea/0x4e0 [ 179.447906][ T6865] alloc_pages_mpol+0x1fb/0x550 [ 179.447940][ T6865] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 179.447982][ T6865] alloc_pages_noprof+0x131/0x390 [ 179.448014][ T6865] get_zeroed_page_noprof+0x18/0xb0 [ 179.448049][ T6865] get_image_page+0x18/0x190 [ 179.448080][ T6865] alloc_rtree_node+0x3c/0xb0 [ 179.448111][ T6865] memory_bm_create+0x519/0x810 [ 179.448161][ T6865] create_basic_memory_bitmaps+0xbd/0x320 [ 179.448203][ T6865] snapshot_open+0x235/0x2b0 [ 179.448240][ T6865] ? __pfx_snapshot_open+0x10/0x10 [ 179.448277][ T6865] misc_open+0x35d/0x420 [ 179.448317][ T6865] ? __pfx_misc_open+0x10/0x10 [ 179.448355][ T6865] chrdev_open+0x231/0x6a0 [ 179.448415][ T6865] ? __pfx_apparmor_file_open+0x10/0x10 [ 179.448452][ T6865] ? __pfx_chrdev_open+0x10/0x10 [ 179.448499][ T6865] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 179.448554][ T6865] do_dentry_open+0x744/0x1c10 [ 179.448599][ T6865] ? __pfx_chrdev_open+0x10/0x10 [ 179.448662][ T6865] vfs_open+0x82/0x3f0 [ 179.448716][ T6865] path_openat+0x1de4/0x2cb0 [ 179.448778][ T6865] ? __pfx_path_openat+0x10/0x10 [ 179.448827][ T6865] ? __lock_acquire+0xb8a/0x1c90 [ 179.448884][ T6865] do_filp_open+0x20b/0x470 [ 179.448928][ T6865] ? __pfx_do_filp_open+0x10/0x10 [ 179.448997][ T6865] ? alloc_fd+0x471/0x7d0 [ 179.449047][ T6865] do_sys_openat2+0x11b/0x1d0 [ 179.449079][ T6865] ? __pfx_do_sys_openat2+0x10/0x10 [ 179.449115][ T6865] ? __pfx___might_resched+0x10/0x10 [ 179.449156][ T6865] __x64_sys_openat+0x174/0x210 [ 179.449189][ T6865] ? __pfx___x64_sys_openat+0x10/0x10 [ 179.449238][ T6865] do_syscall_64+0xcd/0x490 [ 179.449268][ T6865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.449297][ T6865] RIP: 0033:0x7f295a98e929 [ 179.449321][ T6865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.449350][ T6865] RSP: 002b:00007f295b851038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 179.449396][ T6865] RAX: ffffffffffffffda RBX: 00007f295abb5fa0 RCX: 00007f295a98e929 [ 179.449416][ T6865] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 179.449436][ T6865] RBP: 00007f295aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 179.449454][ T6865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.449470][ T6865] R13: 0000000000000000 R14: 00007f295abb5fa0 R15: 00007fff0b146cb8 [ 179.449511][ T6865] [ 179.933069][ T6877] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 180.525006][ T6879] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 181.347132][ T6899] Invalid ELF header magic: != ELF [ 181.354409][ T6911] FAULT_INJECTION: forcing a failure. [ 181.354409][ T6911] name failslab, interval 1, probability 0, space 0, times 0 [ 181.375652][ T6911] CPU: 1 UID: 0 PID: 6911 Comm: syz.0.151 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 181.375694][ T6911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 181.375709][ T6911] Call Trace: [ 181.375716][ T6911] [ 181.375725][ T6911] dump_stack_lvl+0x16c/0x1f0 [ 181.375770][ T6911] should_fail_ex+0x512/0x640 [ 181.375805][ T6911] ? fs_reclaim_acquire+0xae/0x150 [ 181.375836][ T6911] should_failslab+0xc2/0x120 [ 181.375858][ T6911] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 181.375895][ T6911] ? inode_set_ctime_current+0x2a1/0x8f0 [ 181.375934][ T6911] ? jbd2__journal_start+0x193/0x6a0 [ 181.375978][ T6911] jbd2__journal_start+0x193/0x6a0 [ 181.376022][ T6911] __ext4_journal_start_sb+0x195/0x690 [ 181.376054][ T6911] ? ext4_dirty_inode+0xa1/0x130 [ 181.376091][ T6911] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 181.376128][ T6911] ext4_dirty_inode+0xa1/0x130 [ 181.376163][ T6911] ? rcu_is_watching+0x12/0xc0 [ 181.376187][ T6911] __mark_inode_dirty+0x1ee/0xe50 [ 181.376215][ T6911] generic_update_time+0xcf/0xf0 [ 181.376256][ T6911] file_modified+0x207/0x240 [ 181.376296][ T6911] ext4_fallocate+0x176/0x3720 [ 181.376344][ T6911] ? __pfx_ext4_fallocate+0x10/0x10 [ 181.376382][ T6911] vfs_fallocate+0x60b/0x10c0 [ 181.376421][ T6911] ? __pfx_vfs_fallocate+0x10/0x10 [ 181.376458][ T6911] ? madvise_vma_behavior+0x222c/0x2420 [ 181.376483][ T6911] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 181.376550][ T6911] madvise_vma_behavior+0x21ca/0x2420 [ 181.376579][ T6911] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 181.376615][ T6911] ? __pfx_mas_prev+0x10/0x10 [ 181.376687][ T6911] ? find_vma_prev+0xda/0x160 [ 181.376718][ T6911] ? __pfx_find_vma_prev+0x10/0x10 [ 181.376758][ T6911] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 181.376781][ T6911] madvise_walk_vmas+0x1ce/0x2c0 [ 181.376803][ T6911] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 181.376831][ T6911] madvise_do_behavior+0x15d/0x3f0 [ 181.376857][ T6911] ? __pfx_madvise_do_behavior+0x10/0x10 [ 181.376896][ T6911] do_madvise+0x161/0x230 [ 181.376918][ T6911] ? __pfx_do_madvise+0x10/0x10 [ 181.376956][ T6911] ? xfd_validate_state+0x61/0x180 [ 181.376990][ T6911] __x64_sys_madvise+0xa9/0x110 [ 181.377013][ T6911] ? lockdep_hardirqs_on+0x7c/0x110 [ 181.377046][ T6911] do_syscall_64+0xcd/0x490 [ 181.377067][ T6911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.377089][ T6911] RIP: 0033:0x7fd79158e929 [ 181.377105][ T6911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.377127][ T6911] RSP: 002b:00007fd792484038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 181.377146][ T6911] RAX: ffffffffffffffda RBX: 00007fd7917b6080 RCX: 00007fd79158e929 [ 181.377161][ T6911] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 181.377174][ T6911] RBP: 00007fd791610b39 R08: 0000000000000000 R09: 0000000000000000 [ 181.377187][ T6911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.377199][ T6911] R13: 0000000000000000 R14: 00007fd7917b6080 R15: 00007ffee97113d8 [ 181.377226][ T6911] [ 183.057370][ T6931] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 183.619791][ T6937] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 183.901138][ T6947] FAULT_INJECTION: forcing a failure. [ 183.901138][ T6947] name failslab, interval 1, probability 0, space 0, times 0 [ 183.973770][ T6947] CPU: 0 UID: 0 PID: 6947 Comm: syz.1.158 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 183.973812][ T6947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.973827][ T6947] Call Trace: [ 183.973835][ T6947] [ 183.973844][ T6947] dump_stack_lvl+0x16c/0x1f0 [ 183.973887][ T6947] should_fail_ex+0x512/0x640 [ 183.973922][ T6947] ? fs_reclaim_acquire+0xae/0x150 [ 183.973951][ T6947] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 183.973986][ T6947] should_failslab+0xc2/0x120 [ 183.974009][ T6947] __kmalloc_noprof+0xd2/0x510 [ 183.974052][ T6947] tomoyo_realpath_from_path+0xc2/0x6e0 [ 183.974095][ T6947] tomoyo_check_open_permission+0x2ab/0x3c0 [ 183.974124][ T6947] ? init_file+0x93/0x4c0 [ 183.974146][ T6947] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 183.974175][ T6947] ? pidfd_prepare+0x10c/0x1b0 [ 183.974204][ T6947] ? __do_sys_clone+0xce/0x120 [ 183.974232][ T6947] ? do_syscall_64+0xcd/0x490 [ 183.974279][ T6947] ? find_held_lock+0x2b/0x80 [ 183.974322][ T6947] tomoyo_file_open+0x6b/0x90 [ 183.974382][ T6947] security_file_open+0x84/0x1e0 [ 183.974426][ T6947] do_dentry_open+0x596/0x1c10 [ 183.974486][ T6947] vfs_open+0x82/0x3f0 [ 183.974523][ T6947] dentry_open+0x71/0xd0 [ 183.974557][ T6947] pidfs_alloc_file+0x1ca/0x330 [ 183.974595][ T6947] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 183.974647][ T6947] pidfd_prepare+0x10c/0x1b0 [ 183.974687][ T6947] copy_process+0x46ea/0x76a0 [ 183.974744][ T6947] ? __pfx_copy_process+0x10/0x10 [ 183.974779][ T6947] ? plist_check_head+0xa3/0x150 [ 183.974829][ T6947] ? futex_private_hash_put+0xc7/0x240 [ 183.974872][ T6947] kernel_clone+0xfc/0x960 [ 183.974912][ T6947] ? __pfx_futex_wake+0x10/0x10 [ 183.974954][ T6947] ? __pfx_kernel_clone+0x10/0x10 [ 183.974990][ T6947] ? rcu_is_watching+0x12/0xc0 [ 183.975045][ T6947] __do_sys_clone+0xce/0x120 [ 183.975087][ T6947] ? __pfx___do_sys_clone+0x10/0x10 [ 183.975144][ T6947] ? __pfx___might_resched+0x10/0x10 [ 183.975195][ T6947] ? xfd_validate_state+0x61/0x180 [ 183.975259][ T6947] do_syscall_64+0xcd/0x490 [ 183.975308][ T6947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.975352][ T6947] RIP: 0033:0x7f31d618e929 [ 183.975379][ T6947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.975411][ T6947] RSP: 002b:00007f31d7076038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 183.975442][ T6947] RAX: ffffffffffffffda RBX: 00007f31d63b5fa0 RCX: 00007f31d618e929 [ 183.975462][ T6947] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 183.975480][ T6947] RBP: 00007f31d6210b39 R08: 0000000000000002 R09: 0000000000000000 [ 183.975498][ T6947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.975515][ T6947] R13: 0000000000000000 R14: 00007f31d63b5fa0 R15: 00007ffc6b8b3708 [ 183.975557][ T6947] [ 184.258288][ C0] vkms_vblank_simulate: vblank timer overrun [ 184.270755][ T6947] ERROR: Out of memory at tomoyo_realpath_from_path. [ 190.678985][ T7029] random: crng reseeded on system resumption [ 192.174136][ T7042] FAULT_INJECTION: forcing a failure. [ 192.174136][ T7042] name failslab, interval 1, probability 0, space 0, times 0 [ 192.207414][ T7042] CPU: 0 UID: 0 PID: 7042 Comm: syz.2.181 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 192.207444][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.207457][ T7042] Call Trace: [ 192.207464][ T7042] [ 192.207472][ T7042] dump_stack_lvl+0x16c/0x1f0 [ 192.207511][ T7042] should_fail_ex+0x512/0x640 [ 192.207543][ T7042] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 192.207575][ T7042] should_failslab+0xc2/0x120 [ 192.207595][ T7042] __kmalloc_cache_noprof+0x6a/0x3e0 [ 192.207625][ T7042] ? single_open+0x4d/0x1f0 [ 192.207650][ T7042] ? __pfx_snd_info_seq_show+0x10/0x10 [ 192.207672][ T7042] single_open+0x4d/0x1f0 [ 192.207695][ T7042] snd_info_text_entry_open+0x175/0x2a0 [ 192.207720][ T7042] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 192.207743][ T7042] ? trace_kmem_cache_alloc+0x28/0xc0 [ 192.207766][ T7042] ? __pfx_apparmor_file_open+0x10/0x10 [ 192.207794][ T7042] ? proc_reg_open+0x21d/0x610 [ 192.207826][ T7042] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 192.207851][ T7042] proc_reg_open+0x286/0x610 [ 192.207884][ T7042] do_dentry_open+0x744/0x1c10 [ 192.207917][ T7042] ? __pfx_proc_reg_open+0x10/0x10 [ 192.207954][ T7042] vfs_open+0x82/0x3f0 [ 192.207988][ T7042] path_openat+0x1de4/0x2cb0 [ 192.208029][ T7042] ? __pfx_path_openat+0x10/0x10 [ 192.208063][ T7042] ? __lock_acquire+0xb8a/0x1c90 [ 192.208095][ T7042] do_filp_open+0x20b/0x470 [ 192.208127][ T7042] ? __pfx_do_filp_open+0x10/0x10 [ 192.208178][ T7042] ? alloc_fd+0x471/0x7d0 [ 192.208214][ T7042] do_sys_openat2+0x11b/0x1d0 [ 192.208238][ T7042] ? __pfx_do_sys_openat2+0x10/0x10 [ 192.208272][ T7042] __x64_sys_openat+0x174/0x210 [ 192.208297][ T7042] ? __pfx___x64_sys_openat+0x10/0x10 [ 192.208352][ T7042] do_syscall_64+0xcd/0x490 [ 192.208375][ T7042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.208399][ T7042] RIP: 0033:0x7fed0e78e929 [ 192.208416][ T7042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.208439][ T7042] RSP: 002b:00007fed0f569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 192.208460][ T7042] RAX: ffffffffffffffda RBX: 00007fed0e9b6080 RCX: 00007fed0e78e929 [ 192.208475][ T7042] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 192.208490][ T7042] RBP: 00007fed0e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 192.208504][ T7042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.208517][ T7042] R13: 0000000000000000 R14: 00007fed0e9b6080 R15: 00007ffdd27346b8 [ 192.208546][ T7042] [ 198.866244][ T7112] warning: `syz.3.195' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 204.252040][ T7161] HfR: entered promiscuous mode [ 204.255346][ T7162] netlink: 12 bytes leftover after parsing attributes in process `syz.2.200'. [ 204.304207][ T7162] HfR: left promiscuous mode [ 204.601948][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.608527][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.722128][ T7161] HfR: entered promiscuous mode [ 207.761296][ T7193] FAULT_INJECTION: forcing a failure. [ 207.761296][ T7193] name failslab, interval 1, probability 0, space 0, times 0 [ 207.806418][ T7193] CPU: 1 UID: 0 PID: 7193 Comm: syz.1.208 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 207.806465][ T7193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.806484][ T7193] Call Trace: [ 207.806494][ T7193] [ 207.806507][ T7193] dump_stack_lvl+0x16c/0x1f0 [ 207.806583][ T7193] should_fail_ex+0x512/0x640 [ 207.806632][ T7193] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 207.806688][ T7193] should_failslab+0xc2/0x120 [ 207.806715][ T7193] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 207.806768][ T7193] ? kstrdup_const+0x63/0x80 [ 207.806822][ T7193] kstrdup+0x53/0x100 [ 207.806868][ T7193] kstrdup_const+0x63/0x80 [ 207.806913][ T7193] __kernfs_new_node+0x9b/0x8e0 [ 207.806961][ T7193] ? __pfx___kernfs_new_node+0x10/0x10 [ 207.807017][ T7193] ? find_held_lock+0x2b/0x80 [ 207.807049][ T7193] ? kernfs_root+0xee/0x2a0 [ 207.807101][ T7193] kernfs_new_node+0x13c/0x1e0 [ 207.807156][ T7193] kernfs_create_dir_ns+0x4c/0x1a0 [ 207.807210][ T7193] sysfs_create_dir_ns+0x13a/0x2b0 [ 207.807252][ T7193] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 207.807292][ T7193] ? find_held_lock+0x2b/0x80 [ 207.807329][ T7193] ? do_raw_spin_unlock+0x172/0x230 [ 207.807379][ T7193] kobject_add_internal+0x2c4/0x9b0 [ 207.807421][ T7193] kobject_add+0x16e/0x240 [ 207.807454][ T7193] ? __pfx_kobject_add+0x10/0x10 [ 207.807488][ T7193] ? do_raw_spin_unlock+0x172/0x230 [ 207.807546][ T7193] ? kobject_put+0xab/0x5a0 [ 207.807589][ T7193] device_add+0x288/0x1a70 [ 207.807622][ T7193] ? __pfx_dev_set_name+0x10/0x10 [ 207.807661][ T7193] ? __pfx_device_add+0x10/0x10 [ 207.807692][ T7193] ? lockdep_init_map_type+0x5c/0x280 [ 207.807754][ T7193] ? __init_waitqueue_head+0xca/0x150 [ 207.807818][ T7193] rfkill_register+0x1ad/0xb40 [ 207.807864][ T7193] nfc_register_device+0x11f/0x3c0 [ 207.807900][ T7193] nci_register_device+0x7f1/0xb80 [ 207.807949][ T7193] ? __pfx_nci_register_device+0x10/0x10 [ 207.808001][ T7193] ? lockdep_init_map_type+0x5c/0x280 [ 207.808054][ T7193] virtual_ncidev_open+0x141/0x220 [ 207.808094][ T7193] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 207.808133][ T7193] misc_open+0x35d/0x420 [ 207.808174][ T7193] ? __pfx_misc_open+0x10/0x10 [ 207.808213][ T7193] chrdev_open+0x231/0x6a0 [ 207.808262][ T7193] ? __pfx_apparmor_file_open+0x10/0x10 [ 207.808303][ T7193] ? __pfx_chrdev_open+0x10/0x10 [ 207.808357][ T7193] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 207.808408][ T7193] do_dentry_open+0x744/0x1c10 [ 207.808459][ T7193] ? __pfx_chrdev_open+0x10/0x10 [ 207.808525][ T7193] vfs_open+0x82/0x3f0 [ 207.808578][ T7193] path_openat+0x1de4/0x2cb0 [ 207.808640][ T7193] ? __pfx_path_openat+0x10/0x10 [ 207.808687][ T7193] ? __lock_acquire+0xb8a/0x1c90 [ 207.808733][ T7193] do_filp_open+0x20b/0x470 [ 207.808779][ T7193] ? __pfx_do_filp_open+0x10/0x10 [ 207.808879][ T7193] ? alloc_fd+0x471/0x7d0 [ 207.808936][ T7193] do_sys_openat2+0x11b/0x1d0 [ 207.808971][ T7193] ? __pfx_do_sys_openat2+0x10/0x10 [ 207.809036][ T7193] __x64_sys_openat+0x174/0x210 [ 207.809072][ T7193] ? __pfx___x64_sys_openat+0x10/0x10 [ 207.809126][ T7193] do_syscall_64+0xcd/0x490 [ 207.809158][ T7193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.809189][ T7193] RIP: 0033:0x7f31d618e929 [ 207.809215][ T7193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.809246][ T7193] RSP: 002b:00007f31d7055038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 207.809276][ T7193] RAX: ffffffffffffffda RBX: 00007f31d63b6080 RCX: 00007f31d618e929 [ 207.809295][ T7193] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 207.809315][ T7193] RBP: 00007f31d6210b39 R08: 0000000000000000 R09: 0000000000000000 [ 207.809333][ T7193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 207.809350][ T7193] R13: 0000000000000000 R14: 00007f31d63b6080 R15: 00007ffc6b8b3708 [ 207.809392][ T7193] [ 208.211005][ T7193] kobject: kobject_add_internal failed for rfkill23 (error: -12 parent: nfc2) [ 212.629508][ T7266] netlink: 330 bytes leftover after parsing attributes in process `syz.3.219'. [ 212.638764][ T7266] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 214.167323][ T7277] capability: warning: `syz.3.220' uses 32-bit capabilities (legacy support in use) [ 214.715157][ T7279] FAULT_INJECTION: forcing a failure. [ 214.715157][ T7279] name failslab, interval 1, probability 0, space 0, times 0 [ 214.747488][ T7279] CPU: 1 UID: 0 PID: 7279 Comm: syz.2.222 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 214.747532][ T7279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.747550][ T7279] Call Trace: [ 214.747560][ T7279] [ 214.747572][ T7279] dump_stack_lvl+0x16c/0x1f0 [ 214.747627][ T7279] should_fail_ex+0x512/0x640 [ 214.747671][ T7279] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 214.747721][ T7279] should_failslab+0xc2/0x120 [ 214.747750][ T7279] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 214.747810][ T7279] ? __kernfs_new_node+0xd2/0x8e0 [ 214.747858][ T7279] __kernfs_new_node+0xd2/0x8e0 [ 214.747904][ T7279] ? __pfx___kernfs_new_node+0x10/0x10 [ 214.747958][ T7279] ? find_held_lock+0x2b/0x80 [ 214.747988][ T7279] ? kernfs_root+0xee/0x2a0 [ 214.748038][ T7279] kernfs_new_node+0x13c/0x1e0 [ 214.748091][ T7279] __kernfs_create_file+0x53/0x350 [ 214.748129][ T7279] sysfs_add_file_mode_ns+0x207/0x3c0 [ 214.748178][ T7279] internal_create_group+0x578/0xf30 [ 214.748231][ T7279] ? __pfx_internal_create_group+0x10/0x10 [ 214.748290][ T7279] ? kernfs_create_link+0x1bd/0x240 [ 214.748331][ T7279] internal_create_groups+0x9d/0x150 [ 214.748378][ T7279] device_add+0x6d1/0x1a70 [ 214.748413][ T7279] ? __pfx_device_add+0x10/0x10 [ 214.748446][ T7279] ? lockdep_init_map_type+0x5c/0x280 [ 214.748489][ T7279] ? __init_waitqueue_head+0xca/0x150 [ 214.748547][ T7279] netdev_register_kobject+0x182/0x3a0 [ 214.748588][ T7279] register_netdevice+0x13dc/0x2270 [ 214.748630][ T7279] ? __pfx_register_netdevice+0x10/0x10 [ 214.748675][ T7279] ? __pfx_loopback_net_init+0x10/0x10 [ 214.748721][ T7279] register_netdev+0x34/0x50 [ 214.748757][ T7279] loopback_net_init+0x7a/0x170 [ 214.748794][ T7279] ? __pfx_loopback_net_init+0x10/0x10 [ 214.748828][ T7279] ops_init+0x1e2/0x5f0 [ 214.748862][ T7279] setup_net+0x1ff/0x510 [ 214.748890][ T7279] ? lockdep_init_map_type+0x5c/0x280 [ 214.748932][ T7279] ? __pfx_setup_net+0x10/0x10 [ 214.748964][ T7279] ? debug_mutex_init+0x37/0x70 [ 214.748997][ T7279] copy_net_ns+0x2a6/0x5f0 [ 214.749036][ T7279] create_new_namespaces+0x3ea/0xa90 [ 214.749079][ T7279] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 214.749116][ T7279] ksys_unshare+0x45b/0xa40 [ 214.749156][ T7279] ? __pfx_ksys_unshare+0x10/0x10 [ 214.749197][ T7279] ? xfd_validate_state+0x61/0x180 [ 214.749254][ T7279] __x64_sys_unshare+0x31/0x40 [ 214.749294][ T7279] do_syscall_64+0xcd/0x490 [ 214.749326][ T7279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.749358][ T7279] RIP: 0033:0x7fed0e78e929 [ 214.749381][ T7279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.749409][ T7279] RSP: 002b:00007fed0f58a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 214.749437][ T7279] RAX: ffffffffffffffda RBX: 00007fed0e9b5fa0 RCX: 00007fed0e78e929 [ 214.749456][ T7279] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 214.749473][ T7279] RBP: 00007fed0e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 214.749490][ T7279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.749507][ T7279] R13: 0000000000000000 R14: 00007fed0e9b5fa0 R15: 00007ffdd27346b8 [ 214.749547][ T7279] [ 218.292086][ T7344] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.232'. [ 222.530816][ T7386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.240'. [ 225.036492][ T7399] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 225.874106][ T7402] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 227.169328][ T7419] random: crng reseeded on system resumption [ 234.239719][ T30] audit: type=1804 audit(6045098832.618:3): pid=7482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.255" name="/newroot/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw" dev="tracefs" ino=258 res=1 errno=0 [ 234.532412][ T7493] random: crng reseeded on system resumption [ 238.989607][ T7538] ima: policy update failed [ 239.025976][ T7538] netlink: 25 bytes leftover after parsing attributes in process `syz.0.266'. [ 239.036766][ T30] audit: type=1802 audit(6045098837.398:4): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.266" res=0 errno=0 [ 240.471898][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.478543][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.499438][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.513557][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.524694][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.531258][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.568972][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.576566][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 241.603115][ T7560] FAULT_INJECTION: forcing a failure. [ 241.603115][ T7560] name failslab, interval 1, probability 0, space 0, times 0 [ 241.634374][ T7560] CPU: 0 UID: 0 PID: 7560 Comm: syz.3.270 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 241.634407][ T7560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.634420][ T7560] Call Trace: [ 241.634428][ T7560] [ 241.634436][ T7560] dump_stack_lvl+0x16c/0x1f0 [ 241.634478][ T7560] should_fail_ex+0x512/0x640 [ 241.634512][ T7560] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 241.634547][ T7560] should_failslab+0xc2/0x120 [ 241.634568][ T7560] __kmalloc_cache_noprof+0x6a/0x3e0 [ 241.634600][ T7560] ? device_add+0xccc/0x1a70 [ 241.634628][ T7560] device_add+0xccc/0x1a70 [ 241.634649][ T7560] ? dev_set_name+0xc7/0x100 [ 241.634676][ T7560] ? __pfx_dev_set_name+0x10/0x10 [ 241.634703][ T7560] ? __pfx_device_add+0x10/0x10 [ 241.634726][ T7560] ? lockdep_init_map_type+0x5c/0x280 [ 241.634760][ T7560] ? __init_waitqueue_head+0xca/0x150 [ 241.634805][ T7560] rfkill_register+0x1ad/0xb40 [ 241.634837][ T7560] nfc_register_device+0x11f/0x3c0 [ 241.634863][ T7560] nci_register_device+0x7f1/0xb80 [ 241.634898][ T7560] ? __pfx_nci_register_device+0x10/0x10 [ 241.634936][ T7560] ? lockdep_init_map_type+0x5c/0x280 [ 241.634973][ T7560] virtual_ncidev_open+0x141/0x220 [ 241.635012][ T7560] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 241.635040][ T7560] misc_open+0x35d/0x420 [ 241.635070][ T7560] ? __pfx_misc_open+0x10/0x10 [ 241.635099][ T7560] chrdev_open+0x231/0x6a0 [ 241.635135][ T7560] ? __pfx_apparmor_file_open+0x10/0x10 [ 241.635165][ T7560] ? __pfx_chrdev_open+0x10/0x10 [ 241.635204][ T7560] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 241.635242][ T7560] do_dentry_open+0x744/0x1c10 [ 241.635278][ T7560] ? __pfx_chrdev_open+0x10/0x10 [ 241.635321][ T7560] vfs_open+0x82/0x3f0 [ 241.635368][ T7560] path_openat+0x1de4/0x2cb0 [ 241.635423][ T7560] ? __pfx_path_openat+0x10/0x10 [ 241.635460][ T7560] ? __lock_acquire+0xb8a/0x1c90 [ 241.635495][ T7560] do_filp_open+0x20b/0x470 [ 241.635530][ T7560] ? __pfx_do_filp_open+0x10/0x10 [ 241.635588][ T7560] ? alloc_fd+0x471/0x7d0 [ 241.635629][ T7560] do_sys_openat2+0x11b/0x1d0 [ 241.635655][ T7560] ? __pfx_do_sys_openat2+0x10/0x10 [ 241.635693][ T7560] __x64_sys_openat+0x174/0x210 [ 241.635721][ T7560] ? __pfx___x64_sys_openat+0x10/0x10 [ 241.635760][ T7560] do_syscall_64+0xcd/0x490 [ 241.635784][ T7560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.635808][ T7560] RIP: 0033:0x7f295a98e929 [ 241.635827][ T7560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.635850][ T7560] RSP: 002b:00007f295b851038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 241.635872][ T7560] RAX: ffffffffffffffda RBX: 00007f295abb5fa0 RCX: 00007f295a98e929 [ 241.635888][ T7560] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 241.635903][ T7560] RBP: 00007f295aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 241.635918][ T7560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.635932][ T7560] R13: 0000000000000000 R14: 00007f295abb5fa0 R15: 00007fff0b146cb8 [ 241.635962][ T7560]                                                                                                                                                                                                                                                                syzkaller syzkaller login:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               syzkaller syzkaller login: [ 319.623986][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.636706][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.654060][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.660426][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.668773][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.675080][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.711637][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.718029][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.481131][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.487666][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 336.395839][ T8579] Invalid ELF header magic: != ELF [ 339.716680][ T5837] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 342.064837][ T8630] syz.2.447: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 342.165224][ T8630] CPU: 0 UID: 0 PID: 8630 Comm: syz.2.447 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 342.165258][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.165272][ T8630] Call Trace: [ 342.165279][ T8630] [ 342.165288][ T8630] dump_stack_lvl+0x16c/0x1f0 [ 342.165334][ T8630] warn_alloc+0x248/0x3a0 [ 342.165386][ T8630] ? __pfx_warn_alloc+0x10/0x10 [ 342.165434][ T8630] ? packet_set_ring+0xb07/0x18d0 [ 342.165471][ T8630] ? __vmalloc_node_noprof+0xad/0xf0 [ 342.165507][ T8630] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 342.165548][ T8630] ? packet_set_ring+0xb07/0x18d0 [ 342.165587][ T8630] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 342.165618][ T8630] ? alloc_pages_mpol+0x25a/0x550 [ 342.165642][ T8630] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 342.165669][ T8630] ? packet_set_ring+0xb07/0x18d0 [ 342.165700][ T8630] __vmalloc_node_noprof+0xad/0xf0 [ 342.165732][ T8630] ? packet_set_ring+0xb07/0x18d0 [ 342.165767][ T8630] packet_set_ring+0xb07/0x18d0 [ 342.165810][ T8630] packet_setsockopt+0x121b/0x33c0 [ 342.165853][ T8630] ? __pfx_packet_setsockopt+0x10/0x10 [ 342.165895][ T8630] ? aa_sk_perm+0x2f4/0xb10 [ 342.165925][ T8630] ? __pfx_aa_sk_perm+0x10/0x10 [ 342.165955][ T8630] ? errseq_sample+0x53/0x70 [ 342.165998][ T8630] ? __pfx_packet_setsockopt+0x10/0x10 [ 342.166034][ T8630] do_sock_setsockopt+0x221/0x470 [ 342.166062][ T8630] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 342.166107][ T8630] __sys_setsockopt+0x120/0x1a0 [ 342.166162][ T8630] __x64_sys_setsockopt+0xbd/0x160 [ 342.166210][ T8630] ? do_syscall_64+0x91/0x490 [ 342.166239][ T8630] ? lockdep_hardirqs_on+0x7c/0x110 [ 342.166285][ T8630] do_syscall_64+0xcd/0x490 [ 342.166317][ T8630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.166347][ T8630] RIP: 0033:0x7fed0e78e929 [ 342.166368][ T8630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.166394][ T8630] RSP: 002b:00007fed0f569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 342.166418][ T8630] RAX: ffffffffffffffda RBX: 00007fed0e9b6080 RCX: 00007fed0e78e929 [ 342.166437][ T8630] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000006 [ 342.166452][ T8630] RBP: 00007fed0e810b39 R08: 000000000000ce24 R09: 0000000000000000 [ 342.166477][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 342.166494][ T8630] R13: 0000000000000000 R14: 00007fed0e9b6080 R15: 00007ffdd27346b8 [ 342.166533][ T8630] [ 342.478006][ T8630] Mem-Info: [ 342.481456][ T8630] active_anon:11081 inactive_anon:3 isolated_anon:0 [ 342.481456][ T8630] active_file:12315 inactive_file:47774 isolated_file:0 [ 342.481456][ T8630] unevictable:768 dirty:2404 writeback:0 [ 342.481456][ T8630] slab_reclaimable:11150 slab_unreclaimable:94885 [ 342.481456][ T8630] mapped:33212 shmem:1363 pagetables:1164 [ 342.481456][ T8630] sec_pagetables:0 bounce:0 [ 342.481456][ T8630] kernel_misc_reclaimable:0 [ 342.481456][ T8630] free:1306941 free_pcp:16228 free_cma:0 [ 342.526962][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.732548][ T8630] Node 0 active_anon:40336kB inactive_anon:12kB active_file:49260kB inactive_file:190804kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132860kB dirty:9800kB writeback:0kB shmem:4524kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11408kB pagetables:4540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 342.776847][ T8630] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:292kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 342.808392][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.905115][ T8630] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 342.947531][ T8630] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 342.955154][ T8630] Node 0 DMA32 free:1317880kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39968kB inactive_anon:4kB active_file:49260kB inactive_file:189476kB unevictable:1536kB writepending:9812kB present:3129332kB managed:2540876kB mlocked:0kB bounce:0kB free_pcp:42980kB local_pcp:16444kB free_cma:0kB [ 342.987602][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.035521][ T8630] lowmem_reserve[]: 0 0 1 1 1 [ 343.061650][ T8630] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 343.090672][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.154069][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 343.172752][ T8630] Node 1 Normal free:3893284kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:292kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28356kB local_pcp:12428kB free_cma:0kB [ 343.178690][ T8646] bridge0: port 3(batadv0) entered blocking state [ 343.204092][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.222253][ T8646] bridge0: port 3(batadv0) entered disabled state [ 343.226912][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 343.230754][ T8646] batadv0: entered allmulticast mode [ 343.234506][ T8630] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 343.257493][ T8630] Node 0 DMA32: 432*4kB (UM) 861*8kB (M) 1133*16kB (UM) 761*32kB (UM) 373*64kB (ME) 222*128kB (UME) 106*256kB (UM) 85*512kB (UME) 47*1024kB (UME) 3*2048kB (M) 266*4096kB (M) = 1317848kB [ 343.304685][ T8646] batadv0: entered promiscuous mode [ 343.329355][ T8630] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 343.337936][ T8646] bridge0: port 3(batadv0) entered blocking state [ 343.345824][ T8630] Node 1 Normal: 9*4kB (UME) 40*8kB (UME) 44*16kB (UME) 138*32kB (UME) 51*64kB (UME) 12*128kB (UME) 8*256kB (UM) 4*512kB (M) 4*1024kB (UME) 2*2048kB [ 343.348874][ T8646] bridge0: port 3(batadv0) entered forwarding state [ 343.374590][ T8630] (ME) 945*4096kB (M) = 3893284kB [ 343.380876][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 343.403213][ T8630] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 343.414006][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 343.429143][ T8630] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 343.441528][ T8630] 61453 total pagecache pages [ 343.446384][ T8630] 6 pages in swap cache [ 343.453284][ T8630] Free swap = 124996kB [ 343.462392][ T8630] Total swap = 124996kB [ 343.468665][ T8630] 2097051 pages RAM [ 343.472701][ T8630] 0 pages HighMem/MovableOnly [ 343.478230][ T8630] 429854 pages reserved [ 343.482499][ T8630] 0 pages cma reserved [ 343.821477][ T4103] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 343.831095][ T4103] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 344.979204][ T8670] Invalid ELF header magic: != ELF [ 346.799846][ T8693] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input24 [ 347.499492][ T8706] program syz.2.458 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 347.579301][ T8706] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 352.722208][ T8772] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 352.851481][ T8773] random: crng reseeded on system resumption [ 353.317192][ T8774] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26                                                                                                                                                                                                                                     syzkaller syzkaller login: [ 398.556068][ T9313] kvm: kvm [9310]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x40000025) = 0x2 [ 401.425891][ T9328] FAULT_INJECTION: forcing a failure. [ 401.425891][ T9328] name failslab, interval 1, probability 0, space 0, times 0 [ 401.587662][ T9328] CPU: 0 UID: 0 PID: 9328 Comm: syz.2.559 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 401.587704][ T9328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 401.587722][ T9328] Call Trace: [ 401.587731][ T9328] [ 401.587741][ T9328] dump_stack_lvl+0x16c/0x1f0 [ 401.587791][ T9328] should_fail_ex+0x512/0x640 [ 401.587833][ T9328] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 401.587880][ T9328] should_failslab+0xc2/0x120 [ 401.587907][ T9328] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 401.587951][ T9328] ? acpi_ut_create_thread_state+0x63/0x170 [ 401.587996][ T9328] acpi_ut_create_thread_state+0x63/0x170 [ 401.588036][ T9328] acpi_ps_parse_aml+0x79/0xcb0 [ 401.588084][ T9328] acpi_ps_execute_method+0x55a/0xb30 [ 401.588133][ T9328] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 401.588169][ T9328] acpi_ns_evaluate+0x76c/0xca0 [ 401.588207][ T9328] ? kasan_save_track+0x14/0x30 [ 401.588253][ T9328] acpi_evaluate_object+0x1fa/0xa90 [ 401.588296][ T9328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.588328][ T9328] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 401.588370][ T9328] ? __mutex_trylock_common+0xe9/0x250 [ 401.588413][ T9328] acpi_evaluate_integer+0xdd/0x200 [ 401.588448][ T9328] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 401.588501][ T9328] ? __pfx_status_show+0x10/0x10 [ 401.588539][ T9328] status_show+0xa0/0x120 [ 401.588579][ T9328] ? __pfx_status_show+0x10/0x10 [ 401.588630][ T9328] dev_attr_show+0x56/0xe0 [ 401.588678][ T9328] ? __pfx_dev_attr_show+0x10/0x10 [ 401.588706][ T9328] sysfs_kf_seq_show+0x213/0x3e0 [ 401.588752][ T9328] seq_read_iter+0x509/0x12c0 [ 401.588807][ T9328] kernfs_fop_read_iter+0x40f/0x5a0 [ 401.588839][ T9328] ? rw_verify_area+0xcf/0x680 [ 401.588883][ T9328] vfs_read+0x8bf/0xc60 [ 401.588931][ T9328] ? __pfx___mutex_lock+0x10/0x10 [ 401.588961][ T9328] ? __pfx_vfs_read+0x10/0x10 [ 401.589029][ T9328] ksys_read+0x12a/0x250 [ 401.589071][ T9328] ? __pfx_ksys_read+0x10/0x10 [ 401.589125][ T9328] do_syscall_64+0xcd/0x490 [ 401.589175][ T9328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.589218][ T9328] RIP: 0033:0x7fed0e78e929 [ 401.589243][ T9328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.589274][ T9328] RSP: 002b:00007fed0f569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 401.589304][ T9328] RAX: ffffffffffffffda RBX: 00007fed0e9b6080 RCX: 00007fed0e78e929 [ 401.589326][ T9328] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000006 [ 401.589345][ T9328] RBP: 00007fed0e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 401.589363][ T9328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.589382][ T9328] R13: 0000000000000000 R14: 00007fed0e9b6080 R15: 00007ffdd27346b8 [ 401.589424][ T9328] [ 401.589517][ T9328] ACPI Error: ffff88807b7ea000 walk still has a scope list (20250404/dswstate-694) [ 403.050665][ T9350] ptp ptp0: new virtual clock ptp1 [ 403.141553][ T9350] ptp ptp0: new virtual clock ptp2 [ 403.222833][ T9350] ptp ptp0: new virtual clock ptp3 [ 403.253767][ T9350] ptp ptp0: guarantee physical clock free running [ 409.791223][ T9438] vivid-003: ================= START STATUS ================= [ 409.814708][ T9438] vivid-003: Radio HW Seek Mode: Bounded [ 409.822966][ T9438] vivid-003: Radio Programmable HW Seek: false [ 409.829348][ T9438] vivid-003: RDS Rx I/O Mode: Block I/O [ 409.837112][ T9438] vivid-003: Generate RBDS Instead of RDS: false [ 409.858614][ T9438] vivid-003: RDS Reception: true [ 409.863715][ T9438] vivid-003: RDS Program Type: 0 inactive [ 409.900441][ T9438] vivid-003: RDS PS Name: inactive [ 409.949282][ T9438] vivid-003: RDS Radio Text: inactive [ 409.998330][ T9438] vivid-003: RDS Traffic Announcement: false inactive [ 410.065609][ T9438] vivid-003: RDS Traffic Program: false inactive [ 410.144870][ T9438] vivid-003: RDS Music: false inactive [ 410.179361][ T9448] .SR: entered promiscuous mode [ 410.181174][ T9438] vivid-003: ================== END STATUS ================== [ 410.256275][ T9448] Invalid ELF header magic: != ELF [ 411.411296][ T9448] could not allocate digest TFM handle [ 411.417089][ T9451] could not allocate digest TFM handle [ 413.935684][ T9503] FAULT_INJECTION: forcing a failure. [ 413.935684][ T9503] name failslab, interval 1, probability 0, space 0, times 0 [ 413.971013][ T9503] CPU: 0 UID: 0 PID: 9503 Comm: syz.0.588 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 413.971053][ T9503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 413.971071][ T9503] Call Trace: [ 413.971080][ T9503] [ 413.971090][ T9503] dump_stack_lvl+0x16c/0x1f0 [ 413.971143][ T9503] should_fail_ex+0x512/0x640 [ 413.971185][ T9503] ? __kmalloc_noprof+0xbf/0x510 [ 413.971230][ T9503] ? alloc_pipe_info+0x1ec/0x590 [ 413.971271][ T9503] should_failslab+0xc2/0x120 [ 413.971306][ T9503] __kmalloc_noprof+0xd2/0x510 [ 413.971356][ T9503] alloc_pipe_info+0x1ec/0x590 [ 413.971406][ T9503] create_pipe_files+0x8c/0x930 [ 413.971456][ T9503] do_pipe2+0xaf/0x1c0 [ 413.971501][ T9503] ? __pfx_do_pipe2+0x10/0x10 [ 413.971548][ T9503] ? xfd_validate_state+0x61/0x180 [ 413.971585][ T9503] ? __pfx_ksys_write+0x10/0x10 [ 413.971635][ T9503] __x64_sys_pipe+0x33/0x50 [ 413.971681][ T9503] do_syscall_64+0xcd/0x490 [ 413.971712][ T9503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.971742][ T9503] RIP: 0033:0x7fd79158e929 [ 413.971766][ T9503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.971796][ T9503] RSP: 002b:00007fd792442038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 413.971824][ T9503] RAX: ffffffffffffffda RBX: 00007fd7917b6240 RCX: 00007fd79158e929 [ 413.971843][ T9503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.971860][ T9503] RBP: 00007fd791610b39 R08: 0000000000000000 R09: 0000000000000000 [ 413.971878][ T9503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.971895][ T9503] R13: 0000000000000000 R14: 00007fd7917b6240 R15: 00007ffee97113d8 [ 413.971933][ T9503] [ 415.483908][ T9518] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 415.817789][ T9526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.593'. [ 418.705891][ T9565] netlink: 16 bytes leftover after parsing attributes in process `syz.1.599'. [ 425.095144][ T9645] netlink: 28 bytes leftover after parsing attributes in process `syz.2.613'. [ 425.326702][ T9645] bridge_slave_1: left allmulticast mode [ 425.348302][ T9645] bridge_slave_1: left promiscuous mode [ 425.397245][ T9645] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.475280][ T9645] bridge_slave_0: left allmulticast mode [ 425.524079][ T9645] bridge_slave_0: left promiscuous mode [ 425.573204][ T9645] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.057564][ T9837] program syz.1.645 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 439.080811][ T9837] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 445.970304][ T9918] netlink: 350 bytes leftover after parsing attributes in process `syz.0.658'. [ 448.070061][ T9953] FAULT_INJECTION: forcing a failure. [ 448.070061][ T9953] name failslab, interval 1, probability 0, space 0, times 0 [ 448.099973][ T9953] CPU: 0 UID: 0 PID: 9953 Comm: syz.3.666 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 448.100038][ T9953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 448.100058][ T9953] Call Trace: [ 448.100068][ T9953] [ 448.100080][ T9953] dump_stack_lvl+0x16c/0x1f0 [ 448.100138][ T9953] should_fail_ex+0x512/0x640 [ 448.100183][ T9953] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 448.100229][ T9953] should_failslab+0xc2/0x120 [ 448.100261][ T9953] __kmalloc_cache_noprof+0x6a/0x3e0 [ 448.100304][ T9953] ? mon_bin_open+0x1a8/0x4a0 [ 448.100341][ T9953] mon_bin_open+0x1a8/0x4a0 [ 448.100373][ T9953] ? __pfx_mon_bin_open+0x10/0x10 [ 448.100404][ T9953] chrdev_open+0x231/0x6a0 [ 448.100452][ T9953] ? __pfx_apparmor_file_open+0x10/0x10 [ 448.100505][ T9953] ? __pfx_chrdev_open+0x10/0x10 [ 448.100559][ T9953] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 448.100611][ T9953] do_dentry_open+0x744/0x1c10 [ 448.100662][ T9953] ? __pfx_chrdev_open+0x10/0x10 [ 448.100720][ T9953] vfs_open+0x82/0x3f0 [ 448.100760][ T9953] path_openat+0x1de4/0x2cb0 [ 448.100820][ T9953] ? __pfx_path_openat+0x10/0x10 [ 448.100869][ T9953] ? __lock_acquire+0xb8a/0x1c90 [ 448.100918][ T9953] do_filp_open+0x20b/0x470 [ 448.100964][ T9953] ? __pfx_do_filp_open+0x10/0x10 [ 448.101041][ T9953] ? alloc_fd+0x471/0x7d0 [ 448.101097][ T9953] do_sys_openat2+0x11b/0x1d0 [ 448.101133][ T9953] ? __pfx_do_sys_openat2+0x10/0x10 [ 448.101167][ T9953] ? rcu_is_watching+0x12/0xc0 [ 448.101214][ T9953] __x64_sys_openat+0x174/0x210 [ 448.101252][ T9953] ? __pfx___x64_sys_openat+0x10/0x10 [ 448.101307][ T9953] do_syscall_64+0xcd/0x490 [ 448.101341][ T9953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.101373][ T9953] RIP: 0033:0x7f295a98e929 [ 448.101400][ T9953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.101433][ T9953] RSP: 002b:00007f295b851038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 448.101492][ T9953] RAX: ffffffffffffffda RBX: 00007f295abb5fa0 RCX: 00007f295a98e929 [ 448.101513][ T9953] RDX: 0000000000000640 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 448.101533][ T9953] RBP: 00007f295aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 448.101552][ T9953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.101570][ T9953] R13: 0000000000000000 R14: 00007f295abb5fa0 R15: 00007fff0b146cb8 [ 448.101611][ T9953] [ 450.362524][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.373146][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.581872][ T9991] netlink: 11092 bytes leftover after parsing attributes in process `syz.2.671'. [ 456.506996][T10049] mkiss: ax0: crc mode is auto. [ 459.581156][T10098] sp0: Synchronizing with TNC [ 459.785698][T10099] sp0: Synchronizing with TNC [ 462.337509][T10134] netlink: 28 bytes leftover after parsing attributes in process `syz.0.696'. [ 466.611779][T10157] kexec: Could not allocate control_code_buffer [ 478.768142][T10311] mkiss: ax0: crc mode is auto. [ 482.817567][T10369] ubi: mtd0 is already attached to ubi0 [ 491.742264][T10488] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input28 [ 494.167415][ T5837] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 500.279567][T10588] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input29 [ 501.104986][ C0] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163e939 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 501.120389][ C0] Call Trace: [ 501.123699][ C0] [ 501.126581][ C0] ? __pfx_mce_cpu_restart+0x10/0x10 [ 501.131925][ C0] mce_cpu_restart+0x98/0xb0 [ 501.136573][ C0] __flush_smp_call_function_queue+0x27a/0x8c0 [ 501.142987][ C0] __sysvec_call_function_single+0x87/0x400 [ 501.148934][ C0] sysvec_call_function_single+0x9f/0xc0 [ 501.154619][ C0] [ 501.157586][ C0] [ 501.160543][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 501.166733][ C0] RIP: 0010:lock_acquire+0x6/0x350 [ 501.171883][ C0] Code: 00 eb c3 e8 6c 35 e4 09 eb c3 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <4d> 89 cf 41 56 41 89 f6 41 55 41 89 d5 41 54 45 89 c4 55 89 cd 53 [ 501.191611][ C0] RSP: 0018:ffffc9000cc87b10 EFLAGS: 00000246 [ 501.197714][ C0] RAX: ffffffff8b497d79 RBX: ffff888076e48a78 RCX: 0000000000000002 [ 501.205711][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e5c4700 [ 501.213795][ C0] RBP: 000000000000014f R08: 0000000000000000 R09: 0000000000000000 [ 501.221806][ C0] R10: 0000000000000400 R11: 0000000000000001 R12: 0000000000000001 [ 501.229824][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 501.237847][ C0] ? batadv_nc_worker+0x159/0x1030 [ 501.243046][ C0] batadv_nc_worker+0x16a/0x1030 [ 501.248043][ C0] ? batadv_nc_worker+0x159/0x1030 [ 501.253216][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 501.259071][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 501.264489][ C0] ? rcu_is_watching+0x12/0xc0 [ 501.269284][ C0] process_one_work+0x9cc/0x1b70 [ 501.274274][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 501.279688][ C0] ? __pfx_process_one_work+0x10/0x10 [ 501.285114][ C0] ? assign_work+0x1a0/0x250 [ 501.289754][ C0] worker_thread+0x6c8/0xf10 [ 501.294410][ C0] ? __pfx_worker_thread+0x10/0x10 [ 501.299579][ C0] kthread+0x3c5/0x780 [ 501.303696][ C0] ? __pfx_kthread+0x10/0x10 [ 501.308324][ C0] ? rcu_is_watching+0x12/0xc0 [ 501.313136][ C0] ? __pfx_kthread+0x10/0x10 [ 501.317765][ C0] ret_from_fork+0x5d7/0x6f0 [ 501.322390][ C0] ? __pfx_kthread+0x10/0x10 [ 501.327020][ C0] ret_from_fork_asm+0x1a/0x30 [ 501.331830][ C0] [ 501.618222][T10598] program syz.1.775 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 502.899454][T10614] Invalid ELF header magic: != ELF [ 502.912028][T10599] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 502.941613][T10599] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 502.994001][T10599] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 503.032033][T10599] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 503.068565][T10599] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 503.079008][T10599] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 503.518501][T10626] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 504.022484][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 504.971089][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 505.051028][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 505.130844][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 507.140694][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 507.210337][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 511.772214][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.778746][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 513.755643][T10753] netlink: 28 bytes leftover after parsing attributes in process `syz.3.802'. [ 517.503074][T10786] netlink: 28 bytes leftover after parsing attributes in process `syz.3.808'. [ 524.236081][T10859] FAULT_INJECTION: forcing a failure. [ 524.236081][T10859] name failslab, interval 1, probability 0, space 0, times 0 [ 524.279767][T10859] CPU: 0 UID: 0 PID: 10859 Comm: syz.3.821 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 524.279809][T10859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 524.279828][T10859] Call Trace: [ 524.279840][T10859] [ 524.279869][T10859] dump_stack_lvl+0x16c/0x1f0 [ 524.279927][T10859] should_fail_ex+0x512/0x640 [ 524.279973][T10859] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 524.280024][T10859] should_failslab+0xc2/0x120 [ 524.280054][T10859] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 524.280103][T10859] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 524.280155][T10859] acpi_ut_create_generic_state+0x5c/0xb0 [ 524.280199][T10859] acpi_ps_push_scope+0x22/0x230 [ 524.280255][T10859] acpi_ps_parse_loop+0x9f3/0x1d00 [ 524.280318][T10859] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 524.280366][T10859] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 524.280417][T10859] ? acpi_ut_create_thread_state+0x63/0x170 [ 524.280473][T10859] acpi_ps_parse_aml+0x3c1/0xcb0 [ 524.280532][T10859] acpi_ps_execute_method+0x55a/0xb30 [ 524.280592][T10859] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 524.280632][T10859] acpi_ns_evaluate+0x76c/0xca0 [ 524.280667][T10859] ? kasan_save_track+0x14/0x30 [ 524.280739][T10859] acpi_evaluate_object+0x1fa/0xa90 [ 524.280789][T10859] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.280826][T10859] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 524.280875][T10859] ? __mutex_trylock_common+0xe9/0x250 [ 524.280926][T10859] acpi_evaluate_integer+0xdd/0x200 [ 524.280965][T10859] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 524.281026][T10859] ? __pfx_status_show+0x10/0x10 [ 524.281071][T10859] status_show+0xa0/0x120 [ 524.281118][T10859] ? __pfx_status_show+0x10/0x10 [ 524.281176][T10859] dev_attr_show+0x56/0xe0 [ 524.281209][T10859] ? __pfx_dev_attr_show+0x10/0x10 [ 524.281239][T10859] sysfs_kf_seq_show+0x213/0x3e0 [ 524.281286][T10859] seq_read_iter+0x509/0x12c0 [ 524.281345][T10859] kernfs_fop_read_iter+0x40f/0x5a0 [ 524.281376][T10859] ? rw_verify_area+0xcf/0x680 [ 524.281419][T10859] vfs_read+0x8bf/0xc60 [ 524.281468][T10859] ? __pfx___mutex_lock+0x10/0x10 [ 524.281497][T10859] ? __pfx_vfs_read+0x10/0x10 [ 524.281567][T10859] ksys_read+0x12a/0x250 [ 524.281609][T10859] ? __pfx_ksys_read+0x10/0x10 [ 524.281667][T10859] do_syscall_64+0xcd/0x490 [ 524.281705][T10859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.281733][T10859] RIP: 0033:0x7f295a98e929 [ 524.281755][T10859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.281782][T10859] RSP: 002b:00007f295b830038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 524.281807][T10859] RAX: ffffffffffffffda RBX: 00007f295abb6080 RCX: 00007f295a98e929 [ 524.281825][T10859] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000006 [ 524.281841][T10859] RBP: 00007f295aa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 524.281857][T10859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 524.281873][T10859] R13: 0000000000000000 R14: 00007f295abb6080 R15: 00007fff0b146cb8 [ 524.281909][T10859] [ 524.338605][T10874] netlink: 25 bytes leftover after parsing attributes in process `syz.0.823'. [ 524.657147][T10859] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250404/psparse-529) [ 550.878437][T11196] ================================================================== [ 550.878453][T11196] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x15d4/0x17b0 [ 550.878491][T11196] Write of size 8 at addr ffffc900036e9000 by task syz.2.878/11196 [ 550.878512][T11196] [ 550.878522][T11196] CPU: 0 UID: 0 PID: 11196 Comm: syz.2.878 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 550.878553][T11196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 550.878568][T11196] Call Trace: [ 550.878576][T11196] [ 550.878585][T11196] dump_stack_lvl+0x116/0x1f0 [ 550.878625][T11196] print_report+0xcd/0x680 [ 550.878663][T11196] ? __virt_addr_valid+0x81/0x610 [ 550.878690][T11196] ? sys_fillrect+0x15d4/0x17b0 [ 550.878718][T11196] kasan_report+0xe0/0x110 [ 550.878739][T11196] ? sys_fillrect+0x15d4/0x17b0 [ 550.878772][T11196] sys_fillrect+0x15d4/0x17b0 [ 550.878803][T11196] ? __pfx_sys_fillrect+0x10/0x10 [ 550.878834][T11196] ? __pfx_bit_putcs+0x10/0x10 [ 550.878853][T11196] ? bit_cursor+0xeca/0x17e0 [ 550.878877][T11196] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 550.878917][T11196] bit_clear+0x17a/0x220 [ 550.878939][T11196] ? __pfx_bit_clear+0x10/0x10 [ 550.878960][T11196] ? __pfx___might_resched+0x10/0x10 [ 550.878985][T11196] ? fb_get_color_depth+0x120/0x250 [ 550.879022][T11196] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 550.879062][T11196] ? __pfx_bit_clear+0x10/0x10 [ 550.879082][T11196] __fbcon_clear+0x600/0x780 [ 550.879122][T11196] fbcon_scroll+0x48b/0x690 [ 550.879159][T11196] con_scroll+0x45f/0x690 [ 550.879198][T11196] do_con_write+0x5560/0x8280 [ 550.879230][T11196] ? __pfx_do_con_write+0x10/0x10 [ 550.879259][T11196] con_write+0x23/0xb0 [ 550.879279][T11196] n_tty_write+0x40f/0x1160 [ 550.879313][T11196] ? __pfx_n_tty_write+0x10/0x10 [ 550.879339][T11196] ? rcu_is_watching+0x12/0xc0 [ 550.879363][T11196] ? __pfx_woken_wake_function+0x10/0x10 [ 550.879404][T11196] ? kfree+0x24f/0x4d0 [ 550.879432][T11196] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 550.879473][T11196] ? __pfx_n_tty_write+0x10/0x10 [ 550.879501][T11196] file_tty_write.constprop.0+0x504/0x9b0 [ 550.879545][T11196] redirected_tty_write+0xd4/0x150 [ 550.879584][T11196] vfs_write+0x6c7/0x1150 [ 550.879618][T11196] ? __pfx_redirected_tty_write+0x10/0x10 [ 550.879660][T11196] ? __pfx_vfs_write+0x10/0x10 [ 550.879692][T11196] ? find_held_lock+0x2b/0x80 [ 550.879724][T11196] ksys_write+0x12a/0x250 [ 550.879758][T11196] ? __pfx_ksys_write+0x10/0x10 [ 550.879797][T11196] do_syscall_64+0xcd/0x490 [ 550.879819][T11196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.879844][T11196] RIP: 0033:0x7fed0e78e929 [ 550.879863][T11196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.879897][T11196] RSP: 002b:00007fed0f548038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 550.879936][T11196] RAX: ffffffffffffffda RBX: 00007fed0e9b6160 RCX: 00007fed0e78e929 [ 550.879958][T11196] RDX: 000000000000003a RSI: 0000200000000440 RDI: 0000000000000005 [ 550.879977][T11196] RBP: 00007fed0e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 550.879998][T11196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.880015][T11196] R13: 0000000000000001 R14: 00007fed0e9b6160 R15: 00007ffdd27346b8 [ 550.880047][T11196] [ 550.880058][T11196] [ 550.880070][T11196] The buggy address ffffc900036e9000 belongs to a vmalloc virtual mapping [ 550.880089][T11196] Memory state around the buggy address: [ 550.880106][T11196] ffffc900036e8f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 550.880128][T11196] ffffc900036e8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 550.880149][T11196] >ffffc900036e9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 550.880166][T11196] ^ [ 550.880181][T11196] ffffc900036e9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 550.880202][T11196] ffffc900036e9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 550.880219][T11196] ================================================================== [ 550.906257][T11196] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 550.906286][T11196] CPU: 1 UID: 0 PID: 11196 Comm: syz.2.878 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 550.906330][T11196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 550.906351][T11196] Call Trace: [ 550.906363][T11196] [ 550.906376][T11196] dump_stack_lvl+0x3d/0x1f0 [ 550.906432][T11196] panic+0x71c/0x800 [ 550.906479][T11196] ? __pfx_panic+0x10/0x10 [ 550.906523][T11196] ? mark_held_locks+0x49/0x80 [ 550.906568][T11196] ? preempt_schedule_thunk+0x16/0x30 [ 550.906610][T11196] ? sys_fillrect+0x15d4/0x17b0 [ 550.906659][T11196] ? preempt_schedule_common+0x44/0xc0 [ 550.906715][T11196] ? sys_fillrect+0x15d4/0x17b0 [ 550.906753][T11196] check_panic_on_warn+0xab/0xb0 [ 550.906803][T11196] end_report+0x107/0x170 [ 550.906857][T11196] kasan_report+0xee/0x110 [ 550.906889][T11196] ? sys_fillrect+0x15d4/0x17b0 [ 550.906934][T11196] sys_fillrect+0x15d4/0x17b0 [ 550.906979][T11196] ? __pfx_sys_fillrect+0x10/0x10 [ 550.907021][T11196] ? __pfx_bit_putcs+0x10/0x10 [ 550.907050][T11196] ? bit_cursor+0xeca/0x17e0 [ 550.907082][T11196] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 550.907129][T11196] bit_clear+0x17a/0x220 [ 550.907158][T11196] ? __pfx_bit_clear+0x10/0x10 [ 550.907188][T11196] ? __pfx___might_resched+0x10/0x10 [ 550.907222][T11196] ? fb_get_color_depth+0x120/0x250 [ 550.907270][T11196] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 550.907329][T11196] ? __pfx_bit_clear+0x10/0x10 [ 550.907357][T11196] __fbcon_clear+0x600/0x780 [ 550.907412][T11196] fbcon_scroll+0x48b/0x690 [ 550.907464][T11196] con_scroll+0x45f/0x690 [ 550.907517][T11196] do_con_write+0x5560/0x8280 [ 550.907562][T11196] ? __pfx_do_con_write+0x10/0x10 [ 550.907605][T11196] con_write+0x23/0xb0 [ 550.907654][T11196] n_tty_write+0x40f/0x1160 [ 550.907704][T11196] ? __pfx_n_tty_write+0x10/0x10 [ 550.907741][T11196] ? rcu_is_watching+0x12/0xc0 [ 550.907775][T11196] ? __pfx_woken_wake_function+0x10/0x10 [ 550.907831][T11196] ? kfree+0x24f/0x4d0 [ 550.907869][T11196] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 550.907926][T11196] ? __pfx_n_tty_write+0x10/0x10 [ 550.907965][T11196] file_tty_write.constprop.0+0x504/0x9b0 [ 550.908024][T11196] redirected_tty_write+0xd4/0x150 [ 550.908077][T11196] vfs_write+0x6c7/0x1150 [ 550.908123][T11196] ? __pfx_redirected_tty_write+0x10/0x10 [ 550.908180][T11196] ? __pfx_vfs_write+0x10/0x10 [ 550.908225][T11196] ? find_held_lock+0x2b/0x80 [ 550.908270][T11196] ksys_write+0x12a/0x250 [ 550.908317][T11196] ? __pfx_ksys_write+0x10/0x10 [ 550.908370][T11196] do_syscall_64+0xcd/0x490 [ 550.908401][T11196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.908435][T11196] RIP: 0033:0x7fed0e78e929 [ 550.908462][T11196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.908497][T11196] RSP: 002b:00007fed0f548038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 550.908532][T11196] RAX: ffffffffffffffda RBX: 00007fed0e9b6160 RCX: 00007fed0e78e929 [ 550.908556][T11196] RDX: 000000000000003a RSI: 0000200000000440 RDI: 0000000000000005 [ 550.908579][T11196] RBP: 00007fed0e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 550.908601][T11196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.908623][T11196] R13: 0000000000000001 R14: 00007fed0e9b6160 R15: 00007ffdd27346b8 [ 550.908663][T11196] [ 550.908967][T11196] Kernel Offset: disabled