last executing test programs: 8.258205583s ago: executing program 2 (id=2527): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram10\x00', 0x749202, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008013, r0, 0x8000) preadv2$auto(r0, 0x0, 0x6, 0x6, 0x0, 0x2f) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim2/new_port\x00', 0x133d01, 0x0) getpid() getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0xffffffff, 0x14, &(0x7f0000000040)='[-%[}+*-#&\x00', &(0x7f0000000080)=0x9) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/route\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x10000005, 0x7fff) mlockall$auto(0x5) mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0x1b6, 0x15) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) fanotify_init$auto(0x5, 0x2000000000002) ioctl$auto(0xffffffffffffffff, 0x40246f4c, 0x38) prctl$auto(0x23, 0x4, 0x7fffffffefff, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio1\x00', 0x10dc00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) 7.78936767s ago: executing program 1 (id=2530): bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@isdn={0x22, 0x80, 0x0, 0xfe}, 0x4) ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(0xffffffffffffffff, 0xc038586c, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000040)="ba7698b8f9418ebf4cfbf798a8d88ef598f9963a61d13fb8183348c062fd1ec8404ee9", 0x1ff, &(0x7f0000000080)="15a8", 0x4, &(0x7f00000000c0)="f2215db19a22da2b4f2771ff8dfbffb9e810771392aaa434686205e598f8b1136e374ef3626c9886475621fee211dac3829ab533841e740760e3ba4778e1eea6829a0fa6209ec21bc26470", &(0x7f0000000140)=0xfffffff8}) r1 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x9c, r1, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@WGDEVICE_A_PUBLIC_KEY={0x86, 0x4, "c02d4e9ac6fc6b2f870841d344a10f110ff93d134fe3e7d8532aea102a07cb315a526547047da838746191d73fc4a8d9dc6338418fb62cff0d33c3a15e363966534d4f567b8396eab2f3bdb499c88cf9e428b63bfae03872e5c0db4355cab75715e3b84deadce8abd5453697c7d1e12f1ac899847f41498af4942dd4d7bdc3ee9d23"}]}, 0x9c}, 0x1, 0x0, 0x0, 0x80}, 0x44004015) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000003c0), r0) msgctl$auto_IPC_STAT(0x4, 0x2, &(0x7f0000000480)={{0x8, 0xee01, 0xee01, 0x245a673f, 0x4, 0x82, 0x5}, &(0x7f0000000400)=0xdd, &(0x7f0000000440)=0x6, 0x0, 0xfff, 0x7, 0x5, 0xfffffffffffffffd, 0x15, 0x1ff, 0x3, @raw=0x6, @inferred=0xffffffffffffffff}) sendmsg$auto_TIPC_NL_MON_PEER_GET(r2, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x6c, r3, 0x300, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_UNSPEC={0x49, 0x0, "3abd1a9c90737b67976368505b752d870b1d2eebcb1e134903f603fb2a24671e3716ba2036a44f658fe9f85bb40ac77002ef88fac017ddbc554b548a24b0b56c86f9caf0bd"}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x31, 0x0, 0x0, @uid=r4}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x20048004) r6 = socket$nl_generic(0x10, 0x3, 0x10) mseal$auto(0x3, 0x1, 0x200) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x8000000000000000, 0x7, 0x0) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000640), r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'ip_vti0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000006c0)={'bond_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000700)={'macvlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000740)={'rose0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'veth1_vlan\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000007c0)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000800)={'caif0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000840)={'nr0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000880)={'veth1_macvtap\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000008c0)={'wg2\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000900)={'lo\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000940)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000980)={'bridge_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000000c80)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000c40)={&(0x7f00000009c0)={0x264, r7, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_PHY_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xeefe}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x918}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_PHY_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}, @ETHTOOL_A_PHY_HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xdc}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @ETHTOOL_A_PHY_HEADER={0x4}, @ETHTOOL_A_PHY_HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffff}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @ETHTOOL_A_PHY_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fff}]}, @ETHTOOL_A_PHY_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8f03}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x81}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xa2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fffffff}]}, @ETHTOOL_A_PHY_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r18}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r19}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r20}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}]}, 0x264}, 0x1, 0x0, 0x0, 0x28000000}, 0x4040) sendfile$auto(r0, r6, &(0x7f0000000cc0)=0x8000, 0x10000) r21 = prctl$auto_PR_SET_MM_ENV_END(0x1b9, 0xb, r5, 0x3ff, 0xfffffffffffffff8) r22 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000d40), r2) sendmsg$auto_IEEE802154_SCAN_REQ(r21, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x40, r22, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x10}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x7}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x4}, @IEEE802154_ATTR_SRC_HW_ADDR={0xc, 0xc, 0x7f}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000800}, 0x4000000) 7.447563814s ago: executing program 1 (id=2532): openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x2301, 0x0) r0 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(0xffffffffffffffff, 0x471, 0xa, r0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x0, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b04", 0x159) r2 = socket(0x1b, 0x3, 0x1) open(&(0x7f0000000340)='./cgroup/file0\x00', 0x101840, 0x100) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) socket(0x5, 0xa, 0x2000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xd551) socket(0x2c, 0x6, 0x2) write$auto_rfkill_fops_core(r4, &(0x7f0000000200)="9dea31913cb498217735bbce17f68148281da8acc8b124f8dc04f11f1fa2a9ae7463c4f77ee1feaf711d833ea95c4f433afc6d44d6e591370504369fcc8b786d2db722ab2d5d80df1c7d2ae6eeb0b7cd11d603918ac22abe77711c05c1c11d59bb7c542b966790f31b3d100e436e619db789dd3ae1413d0d9bf34731f5e94f49f389f79f3a3ed9d518bee3c6545f096462d8dad84732", 0x96) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r5, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) ioctl$auto_OTPERASE(r0, 0x400c4d19, &(0x7f0000000000)={0x8, 0x80000000, 0x8}) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x2183, 0x0) 7.013714073s ago: executing program 2 (id=2534): chdir$auto(&(0x7f0000000040)='./cgroup\x00') openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/file0/file0\x00', &(0x7f0000000080)={0x10080, 0x146, 0x5}, 0x18) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x100, 0xcaf620a8fcfa7adc) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x3, 0x0, 0x4) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r1 = fanotify_init$auto(0x5, 0x2000000000002) r2 = bpf$auto(0x0, 0x0, 0x6f3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(r0, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) ioctl$auto_TIOCCONS(r1, 0x541d, &(0x7f0000000200)="76840924f7a036f202583e15406272017a8117daf25600eb035e673640a69f76108c3b858aa249b6731ce33811132b3b2106afa52bb979e2a26548083442b5ba4613aa962928711fc0668ec043d3a939d379182ce9766f5bee001335889be074b1e9fb70cc3a7e957d1f21fad9b72d77b29f395ce1c1dbed8043facdace591a11e3c27ed48e3b19d47c5a4dcf9c41f9590") sysfs$auto(0x2, 0x100000000000030, 0x0) fsopen$auto(0x0, 0x1) fcntl$auto_F_SETLEASE(r2, 0x400, 0x3a) fsconfig$auto(r3, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0x4008ae8a, 0x0) 6.449833432s ago: executing program 2 (id=2535): mmap$auto(0x100000000000, 0x8, 0xe3, 0x1a, 0xffffffffffffffff, 0xfffffffffffffffd) getrandom$auto(0x0, 0x5, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_DEL_PMK(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x441) statmount$auto(0x0, &(0x7f0000000700)={0x7fffffff, 0x1, 0x100000001, 0x3, 0xfffffff8, 0xdd0e, 0x1ffde, 0x3, 0x7, 0xfffffffffffffffb, 0x9, 0x1, 0x1, 0x7, 0xb3, 0xc, 0x2, 0x3, 0x5, 0x80000007, 0x4, 0x0, 0x401, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0x0, 0xd3, 0x0, 0x8000000000000001, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x100000000, 0x4, 0x0, 0x0, 0x0, 0xba, 0x200000, 0x0, 0x100000000, 0x8a0, 0x2, 0x1, 0xbbe, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xdcaf, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], "8528401cd108b4e835a2d665361884d375585e88fe99e5228fd81cadfd6fd7f864c69686e28f1eb52736a447772c5781e5b0484d65a509a6ed43a6c0ac98b6e5f908308a9007cd25fb2b5b3a6218694be48b2fe0d4b165f6046e5228a465fe06230da6e33db893f0c025619a27049a1d0a7c012e7ec88b250a1fe828ed6697630f9711a5a82af03d11a75275a7fc58e4fe7bb61fc80b92a973a0c70adfd62c74865ee4e81032445e6cf5f1fbd4293df67f0e81c88090"}, 0x1000000200, 0x7d) r1 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='nfs4\x00', 0x200, &(0x7f00000001c0)) mmap$auto(0x0, 0x2000c, 0xfffffffffffffffb, 0xeb1, 0x401, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x9a28) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2000d, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xaa241, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/veth0_to_team/unres_qlen\x00', 0x40100, 0x0) read$auto(r3, 0x0, 0x1ff) write$auto(0xffffffffffffffff, 0x0, 0xfdf1) mmap$auto(0xfffffffffffffffa, 0x3, 0x401006, 0x10, r1, 0x6) mmap$auto(0x4, 0x60f2, 0x2, 0x17, r2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x800, 0xffffff02) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x1) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_DUPFD_CLOEXEC(r4, 0x406, r5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) 6.136718568s ago: executing program 2 (id=2538): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x8002, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x408802, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x5, 0x8, 0x0, 0x5, 0x7) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, 0x0, 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfs4.idtoname/content\x00', 0x181b80, 0x0) read$auto(r1, &(0x7f0000000440)='2\x06J Nwe0\xbd\"\x8f\xe5h_b\xde\x19\xa5\x0e\xfa\xe0\xcb\xb7\xaceW\x1a\x1f\xae\xd8\xfe\x01Y\xd6\xba\xde3\xc7\xf8\x91\xda\xf6_%\xf30\xdc\x97<\xf3A\xa7\xb4\x8dj\xbd\x02\xb1}{e\xf64\xecC\x83,\xecp7j\xf8<\xc8x\xd4\xb0\x1d\b\xb08\x01\x9e\x9et\x8aa\xe1\re\xcf\x8e\x02\xeeW\xf0z\vk\x02_\xdb\x15f8>;zM\xa95\x16\xe9l\xf5\xaa\xaa\x03\x18p\x0e\xde$\xc3\xa9\xac\xc7\x98\x05<\xef\xcd@z\fx}F\x93\xe1\xbd\xb3s\x80\xc1e\xe9T1\xbf\xc8_^\a\x03\xad\ni\n~-u)\x88\x97\xed\xa7\x9b\x0f\xef\x99\x13\xdc<\xd1{\br\xd6[\xd3\xa9-(KH\b\xdfJ\xdek\xef\xc9\xd7\n\x83m\x86\xf2\a\x8d\x19\xe0\\\xf0lg?\x98\xc8\x8e\xbd2?C\xa5\x8a\xe3\xc6\xd7\x00\x14n\xb8<\xab\x96\x8d\xa1\xf4\x87\xe5\a:z\xea\xcc\xa1\x8d\xae8\x12\xa6\xb9\xd99\xaa\xc5\x10\xad\xdd\x89\xddC\xf5\xd2Q\x92\xcd\xcc\x9f\x1a\xdbR\xeeL:\x87\xb3\xb0\x84\x1bR\xf2\xe2/\xa3\x0e\x90\x98\x8c\xc0\xa4\xda+U\b\x88\xa7\x88\x1fC\xbb\xa8\xce\x0f\xd5\xdew\x99\x18G.s\x16\xfa\xf2\x96|\x1e]\xe5\xf8\xb1\x8b.}\x841\xd8\x98\xd8f86h\xab\x94\x7f\xc4<\x03\xdd\x86=\xb6\x1e@\xab6\x81\xce\xaa\xcf\xfd\x947\xc3\x86\xfe\xb7O\xd9\xa9\xb6[\xcc\xd8\xe1\xa9\x84[\xe0\xd4\x03\x90@\x03\xbe\xba\xee\xed\xe9\xb1\xd2\xf1\x8cgn\xb7m/\xf1\"\xc2\xeb\x1d\x04\xf3\xf1\x96\xf2\x00C\xf0wg\xd6\x11\x18\xb5o\x9d\xd7`\xce\x81\x9b1b\x8ce\x99*\xa3\xd2\x8dAw\xd9\xa6l\\\x17\xbb\xf6\xe2\xa2<\n\xc0\f:\x97\xff\xc6y\x05<\xa6\x81\xd92\xc9\x9e\f[\xf9\xfc\xf1ih\"J\x92\xd2\xd4\xc2\xe8\x89 \x81\xbf8C\xa9\x1at\xa1\xdc\x94\xc5\xc8K\xbb\x14h\xa9)\xaa\xf2\xda\xaf\xb1\rs\xe6\x97\x1e\xcc6\x94\xff\x1b\x8e\x98\xf7\xa0', 0x67b) socket(0x1e, 0x3, 0x5ef) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000440)={0x1c, r3, 0x301, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x8, 0x4, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x3, 0xdf, 0x400000000009b72, 0x2, 0x8000000000000001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r5, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) 5.882238277s ago: executing program 1 (id=2539): mmap$auto(0x0, 0x4000a, 0xdf, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) close_range$auto(r1, r0, 0x7) read$auto(r1, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PAUSE2(r2, 0x40044145, &(0x7f0000000000)=0x3) 5.661782302s ago: executing program 2 (id=2540): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1b, 0x3, 0x1) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7004feb1df25010000000c000300060000000000000044544c277b851a207336181df9183f916cbcb6e4c5cb7c2faef597a8bdd6403ef8210a1f24a5a75ff6ffb52520c0d3f8079c9fe678120833e7bd456e397c7bd302c4da2174bd9c26050d25b5016f05e2ec1405f9ad6b69fb04792e3c924661244aab28a2866e9903152639ac2102fa46e3362d5a76d849b29ff10c76412461fd2a5ea272f4c222c5942a1bcf684829854047f7b59a9b032b7030a009e749603060b9095fdf3fcd21fed0f2e971bdcbb2faea81d7a9ead382ed1666a59bf55cbb6537c7f1abdcc9472e915686f7"], 0x20}, 0x1, 0x0, 0x0, 0x20040880}, 0x4) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) socket(0x5, 0xa, 0x2000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptydc\x00', 0x80502, 0x0) ioctl$auto(0x3, 0x5420, 0x38) sendfile$auto(0x1, 0x3, 0x0, 0xd551) socket(0x2c, 0x6, 0x2) write$auto_rfkill_fops_core(r2, &(0x7f0000000200)="9dea31913cb498217735bbce17f68148281da8acc8b124f8dc04f11f1fa2a9ae7463c4f77ee1feaf711d833ea95c4f433afc6d44d6e591370504369fcc8b786d2db722ab2d5d80df1c7d2ae6eeb0b7cd11d603918ac22abe77711c05c1c11d59bb7c542b966790f31b3d100e436e619db789dd3ae1413d0d9bf34731f5e94f49f389", 0x82) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000400), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 5.657719261s ago: executing program 1 (id=2541): openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x2301, 0x0) r0 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r0, 0x209, 0xa, r0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x801, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b04", 0x159) socket(0x1b, 0x3, 0x1) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/bond0/bonding/queue_id\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xfffffdef) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) socket(0x5, 0xa, 0x2000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xd551) socket(0x2c, 0x6, 0x2) write$auto_rfkill_fops_core(r3, &(0x7f0000000200)="9dea31913cb498217735bbce17f68148281da8acc8b124f8dc04f11f1fa2a9ae7463c4f77ee1feaf711d833ea95c4f433afc6d44d6e591370504369fcc8b786d2db722ab2d5d80df1c7d2ae6eeb0b7cd11d603918ac22abe77711c05c1c11d59bb7c542b966790f31b3d100e436e619db789dd3ae1413d0d9bf34731f5e94f49f389f79f3a3ed9d518bee3c6545f096462d8dad84732", 0x96) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x42, 0x0) 3.52859761s ago: executing program 3 (id=2546): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@hci={0x1f, 0x2}, 0x5b) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/xfs/stats/stats_clear\x00', 0x20681, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0x4eb2, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x80002, 0x0) read$auto(r0, 0x0, 0x6) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4810}, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x880c2, 0x95) acct$auto(&(0x7f0000000280)='/sys/devices/virtual/mtd/mtd0/size\x00') socket(0x2, 0x3, 0x100) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x400d0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) 3.395864362s ago: executing program 2 (id=2547): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x11, 0x0) r0 = fsopen$auto(0x0, 0x1) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi29\x00', 0x16b040, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto(r2, 0xc0285628, r2) 2.972986096s ago: executing program 1 (id=2548): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)={0x54, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}, @HWSIM_ATTR_PMSR_SUPPORT={0x10, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x387}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syslog$auto(0x7fffffff, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0xee) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) shmdt$auto(0x0) unshare$auto(0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x4000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0x2, 0x1, 0x0) listen$auto(0x3, 0x81) getsockopt$auto(r4, 0x6, 0x23, 0x0, &(0x7f00000000c0)=0x28000) r5 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), r3) sendmsg$auto_TCP_METRICS_CMD_DEL(r3, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01092700000000000000000000ffff7f00000114000c00fe80000000000000000000001100000e00"/51], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 2.893641054s ago: executing program 0 (id=2549): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/block/ram3/queue/max_segment_size\x00', 0x1e1f00, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = setfsuid$auto(0xee00) r2 = setfsuid$auto(0xee01) setresuid$auto(r1, r2, r1) geteuid() r3 = setfsuid$auto(0xee00) r4 = setfsuid$auto(0xee01) setresuid$auto(r3, r4, r3) keyctl$auto(0x1f, r3, r2, 0x5, 0x8) r5 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r5, 0x29, 0x1b, 0x0, 0x13) bpf$auto(0xa, &(0x7f00000001c0)=@task_fd_query={0x9, 0xffffffffffffffff, 0x400007fe, 0x2, 0x6, 0x5, 0x5f, 0x0, 0x3}, 0x6f3) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/4096, 0x1000) 2.749157028s ago: executing program 0 (id=2550): r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x7, 0x0, 0x5, 0x3, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x2, 0x3, 0x105, 0x7, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)=ANY=[@ANYBLOB='*', @ANYRES16, @ANYBLOB="010029bd"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x400c890}, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), r0) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r1, &(0x7f0000000940)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000900)={&(0x7f0000000980)=ANY=[@ANYBLOB="10050000eeec0277be2d2ffe25799c443c0c9dac921bb3e6a06a2c2da94a94b6cddc9bd5955564d13ed5d8d2f340f1a3c64bd34ecaa5d3a0e04ed21b1785af06ac967f0fbba13efb59ac02e7a8b72a8e54121523", @ANYRES16=r2, @ANYBLOB="000426bd7000fcdbdf2572000000f4041d803400008005000b0006000000050008000d00000005000a00010000000500080002000000060005000700000005000700010000002400008004000400050006000600000005000b00050000000c00030005000000000000001400008005000c00f800000005000a00810000002000008005000900fe0000000c000200330000000000000005000b0004000000700100806c010d8005000400050000008d000500252667f7b94a750accba8d9795a0542185b8d9bdad53cc17ecb738ca1856bd84e5cf8b20b7dbdb443c6b7732583355bf43c86710b0a7dcd6578f0f6d6cdb436c9db389759c71d51a8b8c29af88355e51165f9ec3bed5b5664de11ebabb47e6a19f616a3b91c7eed29d914b3ac61d04f8c447ccc257c035ab1e7f4e7d79a5fe905ebf35e0e031a0ecbd000000c7000300ad5e460b13855b520cf3de3548e079d716a2c2553ed1b50c8733a57c3b82ecc73fdd050e9b8ee94123a0c36356ea0165aff90ed40af39998c342c9ee50c1b7019bf275526d1b602df340af493b727dc5aa040b4942935d763ffdc383750be852e0431c7656fcfa0b31ee85bda04d9dc2a9e186dc53a75e40f81a2366a506d02456b5a6370920cb74fe3f713ba65b79de6fc0fa9738f1313da0b1ddee74a438b0becb3daca2b6ebac296db162e7e8ac0e2b4e92888453664fdbca3060bf0f5e9a9e9cfd000500060009000000c800008006000500010000000500070006000000040004000500070009000000050008000700000005000b001200000098000d800e000100cd66cadde2863bcd66ec000079000300f7ef8424f080925589533c9d3867744a41b08db278e0e6b4527c933e01e96cc3c13df4658d7a9b36849f3237f138f22dd43cf83e9b6ccffedadfe6eac0fceb7e43604c2127a46dbb2155d33447461bb50c03ebd28fef3af021183cd4ce1bda75d31c4540250f1fd5110c2b5b591e4218bcd8908779000000050006000e0000000c020080f0010d80050006000400000024000100d8a2592799e66abbdc458674d3488b906667bc3e692a90c0500be7c0c403f45d0500060007000000af00030093783b57eaa56ff32fff4eee3ccf94a82eb56a10113af6461845a4ed84c1d7f826a1aba80b1d8e043a542eea9a8f4834632457c7e460b5897a591e7d297ca6451182cc3a0413d56db85b988ee68e2b1259435cf1cde9722d924e3974d57e3b37a6eafd9b128c7e6311c2519bb49b6d5bccd6705dc5ce55c29df1829a3f4aaff22b50e6d2c51f08dd65565a020f77657622c7a98979b183c8087d4ce0f0e12b7d243145b900372506dbda83001c000100d44ef449aadffa1958cb06dae79ad14725acf03ef895932305000400010000009900050095e15fa1547af21004e3d447ad5786b7599eef67faaf9b33efa760d761d0cf979074619c66fc0c1528bc5fd5d7ef61ae3ee739adf818e388ddd019ec35d81a132be0be192be9724b93daded7c27422dff32771f3800d452a5e757c75d96cdc9e62d4f2cae73e8d34c0fd1d848213c92953f222ef5827bb51697bb53adfdfec1737c1c9dc02d7e106372ee91fb5bbce63133c09933b0000001d000200bcaaeb8f245faa576e4c8dbb98082ea762c5134f8f04bb607d00000027000200ee77907ed454db7ef3900abbff760347c1e025cd09b80afe59d0c7e0cfa1c583bae9a400040004000c000200080000000000000005000c00060000002000008005000600000000000c000300ffffff7f0000000005000b000100000008002600d9a00000"], 0x510}, 0x1, 0x0, 0x0, 0x20048180}, 0x40010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r2], 0x1ac}}, 0x4004) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x20800, 0x0) ioctl$auto_SNDCTL_SYNTH_INFO(r3, 0xc08c5102, &(0x7f0000000100)="b5af8abdd024aade135d0e8ab37e685a53d96119acf0e47ed653d56bfef3f56abe0c98ab") sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="04002bbd7004ffdbdf250500000008000500030000000c00018008000302"], 0x28}, 0x1, 0x0, 0x0, 0x278e18a297a8387c}, 0x24000802) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x5, 0x0) socket(0x10, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x400, 0x0, 0x31}, 0x18) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram2\x00', 0xc642, 0x0) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x1, 0x100) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x0, 0x9) rseq$auto(&(0x7f0000000300)={0xe, 0xffffffff, 0x1, 0x106, 0xffffffff, 0x2}, 0x8002, 0x0, 0x6) rseq$auto(&(0x7f0000000140)={0x35, 0xa41, 0x1c186f2b, 0x4, 0x1, 0x9, "0387712376a0beaa7069937193ba4f73aec3d5239f935020c6a13ab22ec45a1a549defc89265e6d2c1cfbe59c66e6860d9f668153ab25ce5234a7402cc57432388abae45eee1d61fcd41f309ef7f26a70f7a1db1c0fa653b323fd4e62f168a6e1ee084847957516c8ecee8a136e5427cfde05de464ac031dff482802c448b3e3bc0198da363dcaae1abb2ccd310706eb062ac3e6c62765ed7d5f88c1a0f79ca4818f67f11f21254f3200d703075dcc13cfcca04498b0711f3a15867d4271664f8706dcce174dea35611f5727b47138d09d33f75c7dfc0ba72562c0b653f855b9b189b97662fe64c1aaef00272a3cbe13f4b2105be94b"}, 0x0, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x254, 0x9}, 0x20000007}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) 2.536603339s ago: executing program 3 (id=2551): r0 = socket(0x25, 0x1, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x401, 0x0) shutdown$auto(0xffffffffffffffff, 0x2) socket(0xa, 0x1, 0x100) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, 0x0, 0x7ff, 0x400) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = socket(0x1d, 0x2, 0x6) r4 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x6c}, 0x1, 0x0, 0x0, 0x40084}, 0x40) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400, 0x3, 0xfffffffffffffffa, r0, 0x8800) socket(0x11, 0x2, 0x73) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) ioctl$auto(0x3, 0x5411, 0x38) 2.406326582s ago: executing program 0 (id=2552): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x600240, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x4b0302, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0x10, 0xeb1, r0, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7000fbdbdf2502f9ffff0700030000000000080003001f080000"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0xa, 0x2, 0x0) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x2, 0x0) socket(0x2, 0x2, 0x1) socket(0x10, 0x2, 0x4) socketpair$auto(0x8001, 0x8, 0xdd, 0x0) io_uring_setup$auto(0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) 2.097940328s ago: executing program 3 (id=2553): mmap$auto(0x8000000000000001, 0x20009, 0x5, 0xeb1, 0x401, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r0, 0x209, 0xa, r0, 0x0) read$auto_dai_list_fops_(r0, &(0x7f0000000200)=""/206, 0xce) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x801, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b04", 0x159) socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810008, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r2, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x4c4303, 0x0) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) ioctl$auto_VHOST_SET_BACKEND_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, r3, 0x4b4a) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x9, 0x2020009, 0x1, 0x80000010, 0xfffffffffffffffa, 0x7ffd) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) 2.049555543s ago: executing program 0 (id=2554): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) writev$auto(0x3, 0x0, 0x8009) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async, rerun: 64) io_uring_setup$auto(0x6, 0x0) (rerun: 64) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async, rerun: 32) unshare$auto(0x40000080) (rerun: 32) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) (async, rerun: 32) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) (async, rerun: 32) read$auto(0x3, 0x0, 0xf34) (async) socket(0x1b, 0x3, 0x1) (async, rerun: 32) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) (rerun: 32) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 64) sysfs$auto(0x2, 0x20, 0x0) (async, rerun: 64) fsopen$auto(0x0, 0x1) (async) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) (async) futex$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0xa0000001) 1.814487004s ago: executing program 1 (id=2556): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) (async) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) write$auto_snd_pcm_oss_f_reg_pcm_oss(r0, &(0x7f0000000080)="c2", 0x1) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x80302, 0x0) r2 = ioctl$auto_SW_SYNC_IOC_INC(r1, 0x40045701, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop12\x00', 0x8200, 0x0) fadvise64$auto(r4, 0x4a, 0x400000000000006, 0x5) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x163b02, 0x0) r5 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x0) ioctl$auto_NS_GET_PARENT(r5, 0xb702, 0x0) execveat$auto(r5, 0x0, 0x0, 0x0, 0x11000) ioctl$auto_SNDCTL_DSP_GETIPTR(r5, 0x800c5011, &(0x7f0000000200)="d6ed362b75b48a09425a5a0ed8625279f9d075372dd32fa8ca2a1b7689552703be0272fd6efce39000da1cf23142ac36f3da62496cf3a0112557976d94c1dfb0ac3013dc3ba3cd6eeaf655335de6881902070410c866c73ff82ebda106") (async) mmap$auto(0xfffffffffffffffd, 0xc37, 0xdf, 0x8000000000000010, 0x2, 0x100000000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x18, 0x2, 0x408000) (async) io_uring_setup$auto(0x8, 0x0) (async) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_CLAIM_PORT(r6, 0x80045518, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty21\x00', 0x0, 0x0) (async) dup2$auto(r2, r3) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x1a5a40, 0x0) socket(0x1e, 0x2, 0xe387) (async) r7 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dri/card1\x00', 0x800, 0x0) ioctl$auto(r7, 0x921064ad, 0xffffffffffffffff) (async) acct$auto(&(0x7f0000000040)) 1.046356126s ago: executing program 3 (id=2557): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x8002, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x408802, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x5, 0x8, 0x0, 0x5, 0x7) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, 0x0, 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfs4.idtoname/content\x00', 0x181b80, 0x0) read$auto(r1, &(0x7f0000000440)='2\x06J Nwe0\xbd\"\x8f\xe5h_b\xde\x19\xa5\x0e\xfa\xe0\xcb\xb7\xaceW\x1a\x1f\xae\xd8\xfe\x01Y\xd6\xba\xde3\xc7\xf8\x91\xda\xf6_%\xf30\xdc\x97<\xf3A\xa7\xb4\x8dj\xbd\x02\xb1}{e\xf64\xecC\x83,\xecp7j\xf8<\xc8x\xd4\xb0\x1d\b\xb08\x01\x9e\x9et\x8aa\xe1\re\xcf\x8e\x02\xeeW\xf0z\vk\x02_\xdb\x15f8>;zM\xa95\x16\xe9l\xf5\xaa\xaa\x03\x18p\x0e\xde$\xc3\xa9\xac\xc7\x98\x05<\xef\xcd@z\fx}F\x93\xe1\xbd\xb3s\x80\xc1e\xe9T1\xbf\xc8_^\a\x03\xad\ni\n~-u)\x88\x97\xed\xa7\x9b\x0f\xef\x99\x13\xdc<\xd1{\br\xd6[\xd3\xa9-(KH\b\xdfJ\xdek\xef\xc9\xd7\n\x83m\x86\xf2\a\x8d\x19\xe0\\\xf0lg?\x98\xc8\x8e\xbd2?C\xa5\x8a\xe3\xc6\xd7\x00\x14n\xb8<\xab\x96\x8d\xa1\xf4\x87\xe5\a:z\xea\xcc\xa1\x8d\xae8\x12\xa6\xb9\xd99\xaa\xc5\x10\xad\xdd\x89\xddC\xf5\xd2Q\x92\xcd\xcc\x9f\x1a\xdbR\xeeL:\x87\xb3\xb0\x84\x1bR\xf2\xe2/\xa3\x0e\x90\x98\x8c\xc0\xa4\xda+U\b\x88\xa7\x88\x1fC\xbb\xa8\xce\x0f\xd5\xdew\x99\x18G.s\x16\xfa\xf2\x96|\x1e]\xe5\xf8\xb1\x8b.}\x841\xd8\x98\xd8f86h\xab\x94\x7f\xc4<\x03\xdd\x86=\xb6\x1e@\xab6\x81\xce\xaa\xcf\xfd\x947\xc3\x86\xfe\xb7O\xd9\xa9\xb6[\xcc\xd8\xe1\xa9\x84[\xe0\xd4\x03\x90@\x03\xbe\xba\xee\xed\xe9\xb1\xd2\xf1\x8cgn\xb7m/\xf1\"\xc2\xeb\x1d\x04\xf3\xf1\x96\xf2\x00C\xf0wg\xd6\x11\x18\xb5o\x9d\xd7`\xce\x81\x9b1b\x8ce\x99*\xa3\xd2\x8dAw\xd9\xa6l\\\x17\xbb\xf6\xe2\xa2<\n\xc0\f:\x97\xff\xc6y\x05<\xa6\x81\xd92\xc9\x9e\f[\xf9\xfc\xf1ih\"J\x92\xd2\xd4\xc2\xe8\x89 \x81\xbf8C\xa9\x1at\xa1\xdc\x94\xc5\xc8K\xbb\x14h\xa9)\xaa\xf2\xda\xaf\xb1\rs\xe6\x97\x1e\xcc6\x94\xff\x1b\x8e\x98\xf7\xa0', 0x67b) socket(0x1e, 0x3, 0x5ef) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000440)={0x1c, r3, 0x301, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x8, 0x4, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x3, 0xdf, 0x400000000009b72, 0x2, 0x8000000000000001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r5, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) 279.571657ms ago: executing program 3 (id=2558): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) userfaultfd$auto(0xfffffffa) futex$auto(&(0x7f0000000000)=0x7, 0x9, 0x7, &(0x7f0000000040)={0xb, 0x401}, &(0x7f0000000080)=0x6f5, 0x4) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) write$auto_dfs_global_fops_debug(0xffffffffffffffff, 0x0, 0x0) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000100)=@enable_stats, 0x3) (async) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000100)=@enable_stats, 0x3) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(r2, 0x8, 0x0) (async) close_range$auto(r2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) (async) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x40002, 0x0) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000200)=@raw_tracepoint={0x6, r0, 0x0, 0x8b56}, 0x1ff) (async) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000000200)=@raw_tracepoint={0x6, r0, 0x0, 0x8b56}, 0x1ff) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) open(0x0, 0x1676c1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) preadv2$auto(r3, &(0x7f00000000c0)={&(0x7f0000000000)="8699bb3d623314a9d7f08e462ce8ecbc7866368d20f29dfcfcc574064d5eefede296f119c472f198229c10222f0915570671e3aa20c23f9d6ec882462a1c2a597bb485d90c37f9c166ca8f532476e409936f7c42dd30545f9a59c83543f745fd9320008a7650fb4ad66f8c6b25d3a654926f8a25615f03ebb7e24bbed3c966058287872a50d14f4f928689b694ac4075988fd916ed09a8db793bb93e312a3fb467db6393b7a70b498efe213f964edc2dd877327ab5636d0a2d2bd3506c274a", 0x248}, 0x40000000, 0x400, 0x0, 0x7fffffff) pwritev$auto(r3, 0x0, 0x3, 0x1, 0x3ff) read$auto(r1, 0x0, 0x20) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/cpu.weight\x00', 0x128082, 0x0) write$auto(r4, 0x0, 0x4) 224.644787ms ago: executing program 0 (id=2559): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) r0 = socket(0x22, 0x2, 0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x129000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x400006, 0xdf, 0x809b72, 0x2, 0x8000) pipe2$auto(0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) dup2$auto(0x5, 0x4) select$auto(0xb, &(0x7f0000000100)={[0x7f, 0x31, 0xffffffffffffffff, 0x80000000, 0x7, 0x6, 0x81, 0x67e, 0x8, 0x2, 0x5, 0x10001, 0x334, 0x4, 0xfffffffffffffffe, 0x8]}, 0x0, 0x0, 0x0) ioctl$auto(0x3, 0xae41, r1) fstat$auto(r0, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0x4048aecb, 0x0) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) 9.628234ms ago: executing program 3 (id=2560): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm1c/sub3/sw_params\x00', 0x141440, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1\x00', 0x20002, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="05002bbd7000fddbdf25001b2bb2c82b000012000500"], 0x1c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYBLOB="6a0051b1"], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 0s ago: executing program 0 (id=2561): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x8, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) io_uring_register$auto(r0, 0x15, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r2, r3, 0x0, 0x1) r4 = socket(0x2, 0x801, 0x106) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)={0x170, r5, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0xf7}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_NONE={0xfb, 0x0, "a17c9129cf8dcf794be89f330f9f696e96697b79a3f49c92562700e01e0b0ee07768892d0454e1c5a5eee5fa756bb653b4ea7688d20061498d75e19709ef56995ca3ec4085d99d9ebf70cf1b1d44873c93752fc26ca0f18eef9758a104b3ee2996b5178b70fe435e5ee6ab0c3e33fa3bd0fc7dc42b88bfb32600fd253bad73e00c53cada2b3d0fe683a5535c3f7e17ae352a76dfa7d48f088249d7b9525e2e5ea9e4f4216a18031b92a2919690a8439ed62a5324e78c8df4b8fb133aabe6597d45ffc24383aa10d5f08fac67408b2b8cf0ed28b3714be2b7081bc3529141909674e5e0b571f6f6a37f4b3bf2a98c872103612294c5b1e9"}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'hsr0\x00'}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x4}, @L2TP_ATTR_DATA_SEQ={0x5}]}, 0x170}, 0x1, 0x0, 0x0, 0xc040}, 0x4800) mremap$auto(0x110c230000, 0x0, 0x2000101, 0x3, 0xf000) getsockopt$auto(r4, 0x11c, 0x1, 0x0, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x44040, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r6 = openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, r6, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r7, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4040, 0x0) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) kernel console output (not intermixed with test programs): 07ff3923e5fa8 [ 534.104754][T19140] RBP: 00007ff3923e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 534.104770][T19140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 534.104785][T19140] R13: 00007ff3923e6038 R14: 00007ffc60b94de0 R15: 00007ffc60b94ec8 [ 534.104821][T19140] [ 534.604794][T16790] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:35: bg 4: bad block bitmap checksum [ 534.798155][T16790] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 2 with error 74 [ 534.827507][T16790] EXT4-fs (sda1): This should not happen!! Data will be lost [ 534.827507][T16790] [ 535.333857][T16789] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 535.367555][T16789] EXT4-fs (sda1): This should not happen!! Data will be lost [ 535.367555][T16789] [ 536.334761][ T8655] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 536.424424][ T8655] EXT4-fs (sda1): This should not happen!! Data will be lost [ 536.424424][ T8655] [ 536.464019][ T5151] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 537.719541][T19318] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1629'. [ 537.968672][ T1162] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 538.003797][ T1162] EXT4-fs (sda1): This should not happen!! Data will be lost [ 538.003797][ T1162] [ 538.037241][T19318] team0: Port device team_slave_1 removed [ 539.397997][T16785] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 539.449525][T16785] EXT4-fs (sda1): This should not happen!! Data will be lost [ 539.449525][T16785] [ 539.524372][T19377] Invalid ELF header magic: != ELF [ 540.016399][T19409] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 540.524944][T16790] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 540.599357][T16790] EXT4-fs (sda1): This should not happen!! Data will be lost [ 540.599357][T16790] [ 541.474064][T19464] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1639'. [ 541.598282][T19477] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 541.624670][T16790] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 541.646566][T19474] FAULT_INJECTION: forcing a failure. [ 541.646566][T19474] name failslab, interval 1, probability 0, space 0, times 0 [ 541.668402][T19474] CPU: 1 UID: 0 PID: 19474 Comm: syz.0.1642 Not tainted syzkaller #0 PREEMPT(full) [ 541.668438][T19474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 541.668453][T19474] Call Trace: [ 541.668461][T19474] [ 541.668471][T19474] dump_stack_lvl+0x16c/0x1f0 [ 541.668506][T19474] should_fail_ex+0x512/0x640 [ 541.668525][T19474] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 541.668543][T19474] should_failslab+0xc2/0x120 [ 541.668562][T19474] kmem_cache_alloc_noprof+0x75/0x6e0 [ 541.668576][T19474] ? key_alloc+0x3e0/0x1330 [ 541.668593][T19474] ? key_alloc+0x3e0/0x1330 [ 541.668604][T19474] key_alloc+0x3e0/0x1330 [ 541.668624][T19474] ? __pfx_key_alloc+0x10/0x10 [ 541.668636][T19474] ? __pfx_key_default_cmp+0x10/0x10 [ 541.668652][T19474] ? __pfx_keyring_search_iterator+0x10/0x10 [ 541.668669][T19474] keyring_alloc+0x44/0xc0 [ 541.668686][T19474] look_up_user_keyrings+0x510/0x760 [ 541.668712][T19474] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 541.668739][T19474] lookup_user_key+0x1a3/0x1300 [ 541.668762][T19474] ? __pfx_lookup_user_key+0x10/0x10 [ 541.668781][T19474] ? do_futex+0x122/0x350 [ 541.668805][T19474] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 541.668829][T19474] ? fput+0x9b/0xd0 [ 541.668850][T19474] keyctl_keyring_clear+0x24/0x1a0 [ 541.668869][T19474] __do_sys_keyctl+0x355/0x590 [ 541.668889][T19474] do_syscall_64+0xcd/0xfa0 [ 541.668907][T19474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.668921][T19474] RIP: 0033:0x7ff39218eec9 [ 541.668934][T19474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.668957][T19474] RSP: 002b:00007ff392fe2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 541.668972][T19474] RAX: ffffffffffffffda RBX: 00007ff3923e5fa0 RCX: 00007ff39218eec9 [ 541.668982][T19474] RDX: 0000000000000002 RSI: 00000000fffffffb RDI: 0000000000000007 [ 541.668991][T19474] RBP: 00007ff392211f91 R08: 0000000000000008 R09: 0000000000000000 [ 541.669000][T19474] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000000 [ 541.669009][T19474] R13: 00007ff3923e6038 R14: 00007ff3923e5fa0 R15: 00007ffc60b94ec8 [ 541.669030][T19474] [ 541.713085][T16790] EXT4-fs (sda1): This should not happen!! Data will be lost [ 541.713085][T16790] [ 541.718264][ C1] vkms_vblank_simulate: vblank timer overrun [ 542.113616][T19473] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1641'. [ 542.324816][ T1162] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 542.340377][ T1162] EXT4-fs (sda1): This should not happen!! Data will be lost [ 542.340377][ T1162] [ 542.857283][T16782] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 542.884083][T19501] Invalid ELF header magic: != ELF [ 542.900708][T16782] EXT4-fs (sda1): This should not happen!! Data will be lost [ 542.900708][T16782] [ 543.465092][T16790] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 543.517631][T16790] EXT4-fs (sda1): This should not happen!! Data will be lost [ 543.517631][T16790] [ 543.566338][T19545] Invalid ELF header magic: != ELF [ 544.658290][T19601] netlink: 544 bytes leftover after parsing attributes in process `syz.2.1651'. [ 544.698810][T19601] openvswitch: netlink: Flow key attr not present in new flow. [ 544.916769][T19601] random: crng reseeded on system resumption [ 545.645382][T15201] EXT4-fs: 4 callbacks suppressed [ 545.645400][T15201] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 545.715260][T15201] EXT4-fs (sda1): This should not happen!! Data will be lost [ 545.715260][T15201] [ 546.250130][T16785] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 546.297643][T16785] EXT4-fs (sda1): This should not happen!! Data will be lost [ 546.297643][T16785] [ 546.616768][T19669] Invalid ELF header magic: != ELF [ 546.999245][T15201] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 547.107236][T15201] EXT4-fs (sda1): This should not happen!! Data will be lost [ 547.107236][T15201] [ 547.265835][ T5151] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 548.090341][T16785] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 548.117726][T16785] EXT4-fs (sda1): This should not happen!! Data will be lost [ 548.117726][T16785] [ 548.296230][T19774] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 549.651640][T19810] FAULT_INJECTION: forcing a failure. [ 549.651640][T19810] name failslab, interval 1, probability 0, space 0, times 0 [ 549.667242][T19810] CPU: 1 UID: 0 PID: 19810 Comm: syz.0.1669 Not tainted syzkaller #0 PREEMPT(full) [ 549.667263][T19810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 549.667271][T19810] Call Trace: [ 549.667276][T19810] [ 549.667282][T19810] dump_stack_lvl+0x16c/0x1f0 [ 549.667304][T19810] should_fail_ex+0x512/0x640 [ 549.667323][T19810] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 549.667340][T19810] should_failslab+0xc2/0x120 [ 549.667368][T19810] kmem_cache_alloc_noprof+0x75/0x6e0 [ 549.667388][T19810] ? __lock_acquire+0x62e/0x1ce0 [ 549.667414][T19810] ? sk_prot_alloc+0x60/0x2a0 [ 549.667448][T19810] ? sk_prot_alloc+0x60/0x2a0 [ 549.667474][T19810] sk_prot_alloc+0x60/0x2a0 [ 549.667506][T19810] sk_alloc+0x36/0xc20 [ 549.667532][T19810] __vsock_create.constprop.0+0x3c/0xbb0 [ 549.667568][T19810] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 549.667608][T19810] vsock_create+0x139/0x500 [ 549.667635][T19810] __sock_create+0x335/0x8d0 [ 549.667674][T19810] __sys_socket+0x14d/0x260 [ 549.667708][T19810] ? __pfx___sys_socket+0x10/0x10 [ 549.667741][T19810] ? xfd_validate_state+0x61/0x180 [ 549.667772][T19810] ? __task_pid_nr_ns+0x1f5/0x500 [ 549.667812][T19810] __x64_sys_socket+0x72/0xb0 [ 549.667843][T19810] ? lockdep_hardirqs_on+0x7c/0x110 [ 549.667868][T19810] do_syscall_64+0xcd/0xfa0 [ 549.667897][T19810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.667922][T19810] RIP: 0033:0x7ff39218eec9 [ 549.667941][T19810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.667964][T19810] RSP: 002b:00007ff392fc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 549.667988][T19810] RAX: ffffffffffffffda RBX: 00007ff3923e6090 RCX: 00007ff39218eec9 [ 549.668005][T19810] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 549.668020][T19810] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 549.668034][T19810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.668049][T19810] R13: 00007ff3923e6128 R14: 00007ff3923e6090 R15: 00007ffc60b94ec8 [ 549.668093][T19810] [ 550.456445][ T13] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 550.486461][T19851] Invalid ELF header magic: != ELF [ 550.517138][ T13] EXT4-fs (sda1): This should not happen!! Data will be lost [ 550.517138][ T13] [ 551.504933][T19891] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 551.521228][T16790] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 551.588296][T16790] EXT4-fs (sda1): This should not happen!! Data will be lost [ 551.588296][T16790] [ 551.999776][T15201] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 552.040839][T15201] EXT4-fs (sda1): This should not happen!! Data will be lost [ 552.040839][T15201] [ 552.437069][T19896] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 552.548195][T16786] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 552.587692][T16786] EXT4-fs (sda1): This should not happen!! Data will be lost [ 552.587692][T16786] [ 552.771770][T19908] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1678'. [ 552.809467][T19914] sysfs_service_op_show: Client not running :-5: [ 552.822164][T19916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1679'. [ 553.752470][T15201] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 553.765053][T15201] EXT4-fs (sda1): This should not happen!! Data will be lost [ 553.765053][T15201] [ 554.281075][T19996] sctp: [Deprecated]: syz.2.1684 (pid 19996) Use of struct sctp_assoc_value in delayed_ack socket option. [ 554.281075][T19996] Use struct sctp_sack_info instead [ 554.382732][T20014] random: crng reseeded on system resumption [ 554.413758][T15201] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 554.458851][T15201] EXT4-fs (sda1): This should not happen!! Data will be lost [ 554.458851][T15201] [ 555.194604][T19997] Invalid ELF header magic: != ELF [ 556.906155][ T8654] EXT4-fs: 2 callbacks suppressed [ 556.906174][ T8654] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 556.969439][ T8654] EXT4-fs (sda1): This should not happen!! Data will be lost [ 556.969439][ T8654] [ 557.058403][T20137] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 557.484641][T20134] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 558.075400][T20175] random: crng reseeded on system resumption [ 558.265342][ T8654] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 558.283648][ T8654] EXT4-fs (sda1): This should not happen!! Data will be lost [ 558.283648][ T8654] [ 558.403185][T20175] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 558.447013][T20175] EXT4-fs (sda1): This should not happen!! Data will be lost [ 558.447013][T20175] [ 558.766542][T20194] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 559.447199][ T8654] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 559.485424][ T8654] EXT4-fs (sda1): This should not happen!! Data will be lost [ 559.485424][ T8654] [ 559.963466][T20257] __vm_enough_memory: pid: 20257, comm: syz.1.1707, bytes: 4398046511104 not enough memory for the allocation [ 560.092029][ T8654] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 560.141875][T20260] Invalid ELF header magic: != ELF [ 560.162912][ T8654] EXT4-fs (sda1): This should not happen!! Data will be lost [ 560.162912][ T8654] [ 561.043404][T20351] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1712'. [ 561.425924][T20373] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 563.078779][ T49] EXT4-fs: 4 callbacks suppressed [ 563.078798][ T49] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 563.123141][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.137956][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.237641][ T49] EXT4-fs (sda1): This should not happen!! Data will be lost [ 563.237641][ T49] [ 563.862561][T20465] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 563.957490][T20465] EXT4-fs (sda1): This should not happen!! Data will be lost [ 563.957490][T20465] [ 564.699952][ T8655] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 564.727104][ T8655] EXT4-fs (sda1): This should not happen!! Data will be lost [ 564.727104][ T8655] [ 565.128217][T20498] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.0.1733: Error -117 reading block bitmap for 4 [ 567.905769][T20618] program syz.0.1744 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 567.961800][T20621] program syz.0.1744 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 568.224618][T20629] program syz.0.1746 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 568.617861][T20653] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1747'. syzkaller syzkaller login: [ 569.619419][T20683] netlink: get zone limit has 8 unknown bytes [ 569.965982][T20701] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 570.264226][T20705] FAULT_INJECTION: forcing a failure. [ 570.264226][T20705] name fail_futex, interval 1, probability 0, space 0, times 0 [ 570.279243][T20705] CPU: 0 UID: 0 PID: 20705 Comm: syz.2.1753 Not tainted syzkaller #0 PREEMPT(full) [ 570.279272][T20705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 570.279281][T20705] Call Trace: [ 570.279287][T20705] [ 570.279293][T20705] dump_stack_lvl+0x16c/0x1f0 [ 570.279316][T20705] should_fail_ex+0x512/0x640 [ 570.279338][T20705] get_futex_key+0x1d0/0x1560 [ 570.279361][T20705] ? __pfx_get_futex_key+0x10/0x10 [ 570.279379][T20705] ? futex_private_hash_put+0x176/0x300 [ 570.279402][T20705] futex_wake+0xea/0x530 [ 570.279425][T20705] ? __pfx_futex_wake+0x10/0x10 [ 570.279532][T20705] ? _setid_policy_lookup+0x218/0x3e0 [ 570.279563][T20705] do_futex+0x1e3/0x350 [ 570.279584][T20705] ? __pfx_do_futex+0x10/0x10 [ 570.279609][T20705] __x64_sys_futex+0x1e0/0x4c0 [ 570.279631][T20705] ? __pfx___x64_sys_futex+0x10/0x10 [ 570.279651][T20705] ? xfd_validate_state+0x61/0x180 [ 570.279677][T20705] do_syscall_64+0xcd/0xfa0 [ 570.279695][T20705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.279709][T20705] RIP: 0033:0x7f5fc4d8eec9 [ 570.279724][T20705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 570.279738][T20705] RSP: 002b:00007f5fc5cec0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 570.279752][T20705] RAX: ffffffffffffffda RBX: 00007f5fc4fe5fa8 RCX: 00007f5fc4d8eec9 [ 570.279762][T20705] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5fc4fe5fac [ 570.279771][T20705] RBP: 00007f5fc4fe5fa0 R08: 00007f5fc5ced000 R09: 0000000000000000 [ 570.279781][T20705] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 570.279790][T20705] R13: 00007f5fc4fe6038 R14: 00007ffc0841c5c0 R15: 00007ffc0841c6a8 [ 570.279811][T20705] [ 572.914143][T20879] random: crng reseeded on system resumption [ 572.947701][T20880] Unrecognized hibernate image header format! [ 572.953840][T20880] PM: hibernation: Image mismatch: architecture specific data [ 573.002386][T20879] Unrecognized hibernate image header format! [ 573.021787][T20879] PM: hibernation: Image mismatch: architecture specific data [ 573.038768][T20889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1762'. [ 573.091201][T20889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1762'. [ 575.368082][T20982] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 575.436493][T20982] CPU: 0 UID: 0 PID: 20982 Comm: syz.1.1771 Not tainted syzkaller #0 PREEMPT(full) [ 575.436528][T20982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 575.436542][T20982] Call Trace: [ 575.436550][T20982] [ 575.436559][T20982] dump_stack_lvl+0x16c/0x1f0 [ 575.436592][T20982] sysfs_warn_dup+0x7f/0xa0 [ 575.436621][T20982] sysfs_do_create_link_sd+0x124/0x140 [ 575.436651][T20982] sysfs_create_link+0x61/0xc0 [ 575.436679][T20982] device_add+0x62c/0x1aa0 [ 575.436710][T20982] ? __pfx_device_add+0x10/0x10 [ 575.436735][T20982] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 575.436774][T20982] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 575.436810][T20982] wiphy_register+0x1eb0/0x2b20 [ 575.436841][T20982] ? netdev_run_todo+0x864/0x1320 [ 575.436881][T20982] ? __pfx_wiphy_register+0x10/0x10 [ 575.436931][T20982] ieee80211_register_hw+0x253d/0x4120 [ 575.436977][T20982] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 575.437007][T20982] ? __pfx___debug_object_init+0x10/0x10 [ 575.437051][T20982] ? find_held_lock+0x2b/0x80 [ 575.437077][T20982] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 575.437125][T20982] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 575.437149][T20982] ? __hrtimer_setup+0x176/0x280 [ 575.437188][T20982] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 575.437245][T20982] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 575.437290][T20982] hwsim_new_radio_nl+0xba2/0x1330 [ 575.437327][T20982] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 575.437374][T20982] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 575.437404][T20982] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 575.437442][T20982] genl_family_rcv_msg_doit+0x206/0x2f0 [ 575.437475][T20982] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 575.437520][T20982] ? bpf_lsm_capable+0x9/0x10 [ 575.437545][T20982] ? security_capable+0x7e/0x260 [ 575.437575][T20982] ? ns_capable+0xd7/0x110 [ 575.437603][T20982] genl_rcv_msg+0x55c/0x800 [ 575.437638][T20982] ? __pfx_genl_rcv_msg+0x10/0x10 [ 575.437670][T20982] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 575.437717][T20982] netlink_rcv_skb+0x155/0x420 [ 575.437745][T20982] ? __pfx_genl_rcv_msg+0x10/0x10 [ 575.437776][T20982] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 575.437821][T20982] ? netlink_deliver_tap+0x1ae/0xd30 [ 575.437855][T20982] genl_rcv+0x28/0x40 [ 575.437882][T20982] netlink_unicast+0x5aa/0x870 [ 575.437915][T20982] ? __pfx_netlink_unicast+0x10/0x10 [ 575.437942][T20982] ? __pfx___might_resched+0x10/0x10 [ 575.437967][T20982] ? __lock_acquire+0xb97/0x1ce0 [ 575.438008][T20982] netlink_sendmsg+0x8c8/0xdd0 [ 575.438040][T20982] ? __pfx_netlink_sendmsg+0x10/0x10 [ 575.438071][T20982] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 575.438125][T20982] ____sys_sendmsg+0xa98/0xc70 [ 575.438159][T20982] ? copy_msghdr_from_user+0x10a/0x160 [ 575.438186][T20982] ? __pfx_____sys_sendmsg+0x10/0x10 [ 575.438238][T20982] ___sys_sendmsg+0x134/0x1d0 [ 575.438266][T20982] ? __pfx____sys_sendmsg+0x10/0x10 [ 575.438342][T20982] __sys_sendmsg+0x16d/0x220 [ 575.438370][T20982] ? __pfx___sys_sendmsg+0x10/0x10 [ 575.438397][T20982] ? __x64_sys_futex+0x1e0/0x4c0 [ 575.438452][T20982] do_syscall_64+0xcd/0xfa0 [ 575.438483][T20982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.438507][T20982] RIP: 0033:0x7fec6838eec9 [ 575.438528][T20982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.438548][T20982] RSP: 002b:00007fec69235038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 575.438573][T20982] RAX: ffffffffffffffda RBX: 00007fec685e5fa0 RCX: 00007fec6838eec9 [ 575.438589][T20982] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 575.438604][T20982] RBP: 00007fec68411f91 R08: 0000000000000000 R09: 0000000000000000 [ 575.438619][T20982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.438633][T20982] R13: 00007fec685e6038 R14: 00007fec685e5fa0 R15: 00007fffc227c448 [ 575.438671][T20982] [ 576.008105][T20994] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1773'. [ 576.048246][T20990] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1773'. [ 576.317171][T20996] FAULT_INJECTION: forcing a failure. [ 576.317171][T20996] name failslab, interval 1, probability 0, space 0, times 0 [ 576.332315][T20996] CPU: 1 UID: 0 PID: 20996 Comm: syz.3.1772 Not tainted syzkaller #0 PREEMPT(full) [ 576.332354][T20996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 576.332372][T20996] Call Trace: [ 576.332381][T20996] [ 576.332392][T20996] dump_stack_lvl+0x16c/0x1f0 [ 576.332430][T20996] should_fail_ex+0x512/0x640 [ 576.332464][T20996] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 576.332497][T20996] should_failslab+0xc2/0x120 [ 576.332533][T20996] kmem_cache_alloc_noprof+0x75/0x6e0 [ 576.332558][T20996] ? fasync_helper+0x3d/0xd0 [ 576.332599][T20996] ? fasync_helper+0x3d/0xd0 [ 576.332629][T20996] fasync_helper+0x3d/0xd0 [ 576.332664][T20996] pipe_fasync+0x117/0x200 [ 576.332692][T20996] ? __pfx_pipe_fasync+0x10/0x10 [ 576.332718][T20996] do_fcntl+0xa3d/0x15a0 [ 576.332748][T20996] ? __pfx_do_fcntl+0x10/0x10 [ 576.332785][T20996] ? tomoyo_file_fcntl+0xa5/0xc0 [ 576.332820][T20996] __x64_sys_fcntl+0x163/0x200 [ 576.332877][T20996] do_syscall_64+0xcd/0xfa0 [ 576.332911][T20996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.332940][T20996] RIP: 0033:0x7f5c82d8eec9 [ 576.332963][T20996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.332988][T20996] RSP: 002b:00007f5c83c9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 576.333014][T20996] RAX: ffffffffffffffda RBX: 00007f5c82fe5fa0 RCX: 00007f5c82d8eec9 [ 576.333031][T20996] RDX: 000000000000a553 RSI: 0000000000000004 RDI: 0000000000000003 [ 576.333046][T20996] RBP: 00007f5c82e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 576.333061][T20996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 576.333076][T20996] R13: 00007f5c82fe6038 R14: 00007f5c82fe5fa0 R15: 00007ffcf7367b78 [ 576.333113][T20996] [ 576.873828][T21009] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 576.992991][T21013] random: crng reseeded on system resumption [ 578.022719][T21078] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 580.713787][T21171] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 581.776246][T21203] vhci_hcd: invalid port number 255 [ 582.638450][T21267] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1799'. [ 582.924204][T21267] hsr_slave_0: left promiscuous mode [ 582.932261][T21266] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 582.944165][T21267] hsr_slave_1: left promiscuous mode [ 583.440798][T21315] FAULT_INJECTION: forcing a failure. [ 583.440798][T21315] name failslab, interval 1, probability 0, space 0, times 0 [ 583.461790][T21315] CPU: 0 UID: 0 PID: 21315 Comm: syz.0.1800 Not tainted syzkaller #0 PREEMPT(full) [ 583.461825][T21315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 583.461841][T21315] Call Trace: [ 583.461850][T21315] [ 583.461861][T21315] dump_stack_lvl+0x16c/0x1f0 [ 583.461894][T21315] should_fail_ex+0x512/0x640 [ 583.461923][T21315] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 583.461953][T21315] should_failslab+0xc2/0x120 [ 583.461985][T21315] kmem_cache_alloc_noprof+0x75/0x6e0 [ 583.462010][T21315] ? alloc_empty_file+0x55/0x1e0 [ 583.462049][T21315] ? alloc_empty_file+0x55/0x1e0 [ 583.462079][T21315] ? _raw_spin_unlock+0x28/0x50 [ 583.462101][T21315] alloc_empty_file+0x55/0x1e0 [ 583.462135][T21315] alloc_file_pseudo+0x13a/0x230 [ 583.462170][T21315] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 583.462214][T21315] __shmem_file_setup+0x1a3/0x330 [ 583.462253][T21315] shmem_zero_setup+0x93/0x1a0 [ 583.462282][T21315] __mmap_region+0x2076/0x27a0 [ 583.462313][T21315] ? __pfx___mmap_region+0x10/0x10 [ 583.462336][T21315] ? finish_task_switch.isra.0+0x21c/0xc10 [ 583.462365][T21315] ? rcu_is_watching+0x12/0xc0 [ 583.462391][T21315] ? finish_task_switch.isra.0+0x221/0xc10 [ 583.462417][T21315] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.462444][T21315] ? finish_task_switch.isra.0+0x221/0xc10 [ 583.462513][T21315] ? __pfx___schedule+0x10/0x10 [ 583.462583][T21315] ? trace_cap_capable+0x18d/0x200 [ 583.462630][T21315] mmap_region+0x1ab/0x3f0 [ 583.462655][T21315] ? __get_unmapped_area+0x267/0x440 [ 583.462690][T21315] do_mmap+0xa3e/0x1210 [ 583.462727][T21315] ? __pfx_do_mmap+0x10/0x10 [ 583.462759][T21315] ? __pfx_down_write_killable+0x10/0x10 [ 583.462799][T21315] vm_mmap_pgoff+0x29e/0x470 [ 583.462836][T21315] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 583.462864][T21315] ? __fget_files+0x204/0x3c0 [ 583.462897][T21315] ? __x64_sys_futex+0x1e0/0x4c0 [ 583.462928][T21315] ? __x64_sys_futex+0x1e9/0x4c0 [ 583.462967][T21315] ksys_mmap_pgoff+0x7d/0x5c0 [ 583.462997][T21315] ? xfd_validate_state+0x61/0x180 [ 583.463029][T21315] ? __sys_setsockopt+0x140/0x1a0 [ 583.463061][T21315] __x64_sys_mmap+0x125/0x190 [ 583.463101][T21315] do_syscall_64+0xcd/0xfa0 [ 583.463133][T21315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.463159][T21315] RIP: 0033:0x7ff39218eec9 [ 583.463180][T21315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.463205][T21315] RSP: 002b:00007ff392fe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 583.463231][T21315] RAX: ffffffffffffffda RBX: 00007ff3923e5fa0 RCX: 00007ff39218eec9 [ 583.463249][T21315] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 583.463266][T21315] RBP: 00007ff392211f91 R08: fffffffffffffffa R09: 0000000000008000 [ 583.463282][T21315] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 583.463298][T21315] R13: 00007ff3923e6038 R14: 00007ff3923e5fa0 R15: 00007ffc60b94ec8 [ 583.463336][T21315] [ 583.778073][T21317] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 584.976489][T21376] FAULT_INJECTION: forcing a failure. [ 584.976489][T21376] name failslab, interval 1, probability 0, space 0, times 0 [ 584.990614][T21376] CPU: 0 UID: 0 PID: 21376 Comm: syz.3.1804 Not tainted syzkaller #0 PREEMPT(full) [ 584.990646][T21376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 584.990660][T21376] Call Trace: [ 584.990668][T21376] [ 584.990675][T21376] dump_stack_lvl+0x16c/0x1f0 [ 584.990707][T21376] should_fail_ex+0x512/0x640 [ 584.990735][T21376] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 584.990763][T21376] should_failslab+0xc2/0x120 [ 584.990793][T21376] kmem_cache_alloc_noprof+0x75/0x6e0 [ 584.990815][T21376] ? alloc_empty_file+0x55/0x1e0 [ 584.990853][T21376] ? alloc_empty_file+0x55/0x1e0 [ 584.990882][T21376] alloc_empty_file+0x55/0x1e0 [ 584.990912][T21376] alloc_file_pseudo+0x13a/0x230 [ 584.990946][T21376] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 584.990979][T21376] ? alloc_fd+0x471/0x7d0 [ 584.991008][T21376] sock_alloc_file+0x50/0x210 [ 584.991038][T21376] __sys_socket+0x1c0/0x260 [ 584.991071][T21376] ? __pfx___sys_socket+0x10/0x10 [ 584.991109][T21376] ? xfd_validate_state+0x61/0x180 [ 584.991141][T21376] ? __pfx_ksys_write+0x10/0x10 [ 584.991173][T21376] __x64_sys_socket+0x72/0xb0 [ 584.991203][T21376] ? lockdep_hardirqs_on+0x7c/0x110 [ 584.991228][T21376] do_syscall_64+0xcd/0xfa0 [ 584.991254][T21376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.991276][T21376] RIP: 0033:0x7f5c82d8eec9 [ 584.991293][T21376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.991316][T21376] RSP: 002b:00007f5c83c9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 584.991340][T21376] RAX: ffffffffffffffda RBX: 00007f5c82fe5fa0 RCX: 00007f5c82d8eec9 [ 584.991355][T21376] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000010 [ 584.991369][T21376] RBP: 00007f5c82e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 584.991384][T21376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.991397][T21376] R13: 00007f5c82fe6038 R14: 00007f5c82fe5fa0 R15: 00007ffcf7367b78 [ 584.991443][T21376] [ 585.613610][ T30] audit: type=1800 audit(4294967315.940:16): pid=21419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1806" name="features" dev="configfs" ino=54613 res=0 errno=0 [ 586.802618][T21457] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1813'. [ 587.797922][T21477] Invalid ELF header magic: != ELF [ 588.746282][T21491] random: crng reseeded on system resumption [ 590.156595][T21526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1826'. [ 590.318178][T21529] misc userio: No port type given on /dev/userio [ 591.218553][T21555] random: crng reseeded on system resumption [ 592.489564][T21578] FAULT_INJECTION: forcing a failure. [ 592.489564][T21578] name failslab, interval 1, probability 0, space 0, times 0 [ 592.547543][T21578] CPU: 1 UID: 0 PID: 21578 Comm: syz.3.1836 Not tainted syzkaller #0 PREEMPT(full) [ 592.547568][T21578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 592.547577][T21578] Call Trace: [ 592.547583][T21578] [ 592.547590][T21578] dump_stack_lvl+0x16c/0x1f0 [ 592.547613][T21578] should_fail_ex+0x512/0x640 [ 592.547632][T21578] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 592.547650][T21578] should_failslab+0xc2/0x120 [ 592.547670][T21578] kmem_cache_alloc_noprof+0x75/0x6e0 [ 592.547684][T21578] ? alloc_empty_file+0x55/0x1e0 [ 592.547706][T21578] ? alloc_empty_file+0x55/0x1e0 [ 592.547723][T21578] ? _raw_spin_unlock+0x28/0x50 [ 592.547735][T21578] alloc_empty_file+0x55/0x1e0 [ 592.547754][T21578] alloc_file_pseudo+0x13a/0x230 [ 592.547784][T21578] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 592.547809][T21578] __shmem_file_setup+0x1a3/0x330 [ 592.547835][T21578] shmem_zero_setup+0x93/0x1a0 [ 592.547851][T21578] __mmap_region+0x2076/0x27a0 [ 592.547868][T21578] ? __pfx___mmap_region+0x10/0x10 [ 592.547880][T21578] ? finish_task_switch.isra.0+0x21c/0xc10 [ 592.547896][T21578] ? rcu_is_watching+0x12/0xc0 [ 592.547911][T21578] ? finish_task_switch.isra.0+0x221/0xc10 [ 592.547925][T21578] ? lockdep_hardirqs_on+0x7c/0x110 [ 592.547940][T21578] ? finish_task_switch.isra.0+0x221/0xc10 [ 592.547971][T21578] ? __pfx___schedule+0x10/0x10 [ 592.548007][T21578] ? trace_cap_capable+0x18d/0x200 [ 592.548032][T21578] mmap_region+0x1ab/0x3f0 [ 592.548045][T21578] ? __get_unmapped_area+0x267/0x440 [ 592.548065][T21578] do_mmap+0xa3e/0x1210 [ 592.548086][T21578] ? __pfx_do_mmap+0x10/0x10 [ 592.548103][T21578] ? __pfx_down_write_killable+0x10/0x10 [ 592.548125][T21578] vm_mmap_pgoff+0x29e/0x470 [ 592.548146][T21578] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 592.548161][T21578] ? __fget_files+0x204/0x3c0 [ 592.548178][T21578] ? __x64_sys_futex+0x1e0/0x4c0 [ 592.548196][T21578] ? __x64_sys_futex+0x1e9/0x4c0 [ 592.548217][T21578] ksys_mmap_pgoff+0x7d/0x5c0 [ 592.548234][T21578] ? xfd_validate_state+0x61/0x180 [ 592.548253][T21578] ? __sys_setsockopt+0x140/0x1a0 [ 592.548272][T21578] __x64_sys_mmap+0x125/0x190 [ 592.548299][T21578] do_syscall_64+0xcd/0xfa0 [ 592.548321][T21578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.548336][T21578] RIP: 0033:0x7f5c82d8eec9 [ 592.548349][T21578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.548365][T21578] RSP: 002b:00007f5c83c9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 592.548379][T21578] RAX: ffffffffffffffda RBX: 00007f5c82fe5fa0 RCX: 00007f5c82d8eec9 [ 592.548389][T21578] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 592.548397][T21578] RBP: 00007f5c82e11f91 R08: fffffffffffffffa R09: 0000000000008000 [ 592.548406][T21578] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 592.548414][T21578] R13: 00007f5c82fe6038 R14: 00007f5c82fe5fa0 R15: 00007ffcf7367b78 [ 592.548435][T21578] [ 592.848744][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.607024][T21593] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1839'. [ 593.650647][T21593] hsr_slave_0: left promiscuous mode [ 593.721152][T21593] hsr_slave_1: left promiscuous mode [ 595.298934][T21610] FAULT_INJECTION: forcing a failure. [ 595.298934][T21610] name failslab, interval 1, probability 0, space 0, times 0 [ 595.328455][T21610] CPU: 1 UID: 0 PID: 21610 Comm: syz.2.1842 Not tainted syzkaller #0 PREEMPT(full) [ 595.328493][T21610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 595.328509][T21610] Call Trace: [ 595.328518][T21610] [ 595.328528][T21610] dump_stack_lvl+0x16c/0x1f0 [ 595.328564][T21610] should_fail_ex+0x512/0x640 [ 595.328604][T21610] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 595.328634][T21610] should_failslab+0xc2/0x120 [ 595.328668][T21610] kmem_cache_alloc_noprof+0x75/0x6e0 [ 595.328694][T21610] ? fasync_helper+0x3d/0xd0 [ 595.328733][T21610] ? fasync_helper+0x3d/0xd0 [ 595.328762][T21610] fasync_helper+0x3d/0xd0 [ 595.328795][T21610] pipe_fasync+0x117/0x200 [ 595.328823][T21610] ? __pfx_pipe_fasync+0x10/0x10 [ 595.328845][T21610] do_fcntl+0xa3d/0x15a0 [ 595.328878][T21610] ? __pfx_do_fcntl+0x10/0x10 [ 595.328918][T21610] ? tomoyo_file_fcntl+0xa5/0xc0 [ 595.328954][T21610] __x64_sys_fcntl+0x163/0x200 [ 595.328989][T21610] do_syscall_64+0xcd/0xfa0 [ 595.329019][T21610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.329046][T21610] RIP: 0033:0x7f5fc4d8eec9 [ 595.329067][T21610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.329090][T21610] RSP: 002b:00007f5fc5cec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 595.329115][T21610] RAX: ffffffffffffffda RBX: 00007f5fc4fe5fa0 RCX: 00007f5fc4d8eec9 [ 595.329132][T21610] RDX: 000000000000a553 RSI: 0000000000000004 RDI: 0000000000000003 [ 595.329147][T21610] RBP: 00007f5fc4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 595.329162][T21610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.329177][T21610] R13: 00007f5fc4fe6038 R14: 00007f5fc4fe5fa0 R15: 00007ffc0841c6a8 [ 595.329215][T21610] [ 595.516694][ C1] vkms_vblank_simulate: vblank timer overrun [ 595.787201][T21622] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 596.306135][T21632] bond0: invalid ARP target specified [ 596.785100][T21639] FAULT_INJECTION: forcing a failure. [ 596.785100][T21639] name failslab, interval 1, probability 0, space 0, times 0 [ 596.821684][T21639] CPU: 0 UID: 0 PID: 21639 Comm: syz.3.1847 Not tainted syzkaller #0 PREEMPT(full) [ 596.821719][T21639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 596.821733][T21639] Call Trace: [ 596.821741][T21639] [ 596.821750][T21639] dump_stack_lvl+0x16c/0x1f0 [ 596.821783][T21639] should_fail_ex+0x512/0x640 [ 596.821811][T21639] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 596.821843][T21639] should_failslab+0xc2/0x120 [ 596.821874][T21639] __kvmalloc_node_noprof+0x141/0x9c0 [ 596.821905][T21639] ? nf_hook_entries_grow+0x230/0x860 [ 596.821930][T21639] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 596.821961][T21639] ? nf_hook_entries_grow+0x230/0x860 [ 596.821984][T21639] nf_hook_entries_grow+0x230/0x860 [ 596.822023][T21639] __nf_register_net_hook+0x1cd/0x730 [ 596.822058][T21639] nf_register_net_hook+0x109/0x160 [ 596.822085][T21639] nf_register_net_hooks+0x5d/0xd0 [ 596.822114][T21639] ? __pfx_apparmor_nf_register+0x10/0x10 [ 596.822143][T21639] ops_init+0x1df/0x5f0 [ 596.822176][T21639] setup_net+0x100/0x390 [ 596.822205][T21639] ? __pfx_setup_net+0x10/0x10 [ 596.822239][T21639] ? debug_mutex_init+0x37/0x70 [ 596.822269][T21639] copy_net_ns+0x2f8/0x690 [ 596.822304][T21639] create_new_namespaces+0x3ea/0xa90 [ 596.822341][T21639] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 596.822372][T21639] ksys_unshare+0x45b/0xa40 [ 596.822405][T21639] ? __pfx_ksys_unshare+0x10/0x10 [ 596.822445][T21639] ? xfd_validate_state+0x61/0x180 [ 596.822489][T21639] __x64_sys_unshare+0x31/0x40 [ 596.822519][T21639] do_syscall_64+0xcd/0xfa0 [ 596.822548][T21639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.822573][T21639] RIP: 0033:0x7f5c82d8eec9 [ 596.822592][T21639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.822614][T21639] RSP: 002b:00007f5c83c5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 596.822635][T21639] RAX: ffffffffffffffda RBX: 00007f5c82fe6180 RCX: 00007f5c82d8eec9 [ 596.822650][T21639] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 596.822663][T21639] RBP: 00007f5c82e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 596.822677][T21639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.822690][T21639] R13: 00007f5c82fe6218 R14: 00007f5c82fe6180 R15: 00007ffcf7367b78 [ 596.822727][T21639] [ 599.657950][T21835] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1859'. [ 600.217537][T21847] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 600.298029][T21846] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 600.349823][T21847] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 600.443368][T21852] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 601.085421][T21862] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1864'. [ 602.052976][T21924] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 602.565530][T21936] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 605.341344][ T5151] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 605.349371][ T5151] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 605.359576][ T5151] CPU: 0 UID: 0 PID: 5151 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 605.359608][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 605.359626][ T5151] Workqueue: hci2 hci_rx_work [ 605.359657][ T5151] Call Trace: [ 605.359666][ T5151] [ 605.359677][ T5151] dump_stack_lvl+0x16c/0x1f0 [ 605.359709][ T5151] sysfs_warn_dup+0x7f/0xa0 [ 605.359741][ T5151] sysfs_create_dir_ns+0x24b/0x2b0 [ 605.359772][ T5151] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 605.359802][ T5151] ? find_held_lock+0x2b/0x80 [ 605.359837][ T5151] ? do_raw_spin_unlock+0x172/0x230 [ 605.359876][ T5151] kobject_add_internal+0x2c4/0x9b0 [ 605.359911][ T5151] kobject_add+0x16e/0x240 [ 605.360045][ T5151] ? __pfx_kobject_add+0x10/0x10 [ 605.360066][ T5151] ? do_raw_spin_unlock+0x172/0x230 [ 605.360090][ T5151] ? kobject_put+0xab/0x5a0 [ 605.360114][ T5151] device_add+0x288/0x1aa0 [ 605.360133][ T5151] ? __pfx_dev_set_name+0x10/0x10 [ 605.360152][ T5151] ? __pfx_device_add+0x10/0x10 [ 605.360169][ T5151] ? mgmt_send_event_skb+0x2fb/0x460 [ 605.360190][ T5151] hci_conn_add_sysfs+0x17e/0x230 [ 605.360208][ T5151] le_conn_complete_evt+0x1260/0x2150 [ 605.360228][ T5151] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 605.360242][ T5151] ? bt_warn+0xe4/0x120 [ 605.360262][ T5151] ? __pfx_bt_warn+0x10/0x10 [ 605.360288][ T5151] hci_le_conn_complete_evt+0x23c/0x370 [ 605.360308][ T5151] hci_le_meta_evt+0x357/0x5e0 [ 605.360324][ T5151] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 605.360343][ T5151] hci_event_packet+0x685/0x11c0 [ 605.360358][ T5151] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 605.360375][ T5151] ? __pfx_hci_event_packet+0x10/0x10 [ 605.360393][ T5151] ? kcov_remote_start+0x3c9/0x6d0 [ 605.360407][ T5151] ? lockdep_hardirqs_on+0x7c/0x110 [ 605.360428][ T5151] hci_rx_work+0x2c5/0x16b0 [ 605.360445][ T5151] ? rcu_is_watching+0x12/0xc0 [ 605.360467][ T5151] process_one_work+0x9cf/0x1b70 [ 605.360500][ T5151] ? __pfx_process_one_work+0x10/0x10 [ 605.360529][ T5151] ? assign_work+0x1a0/0x250 [ 605.360551][ T5151] worker_thread+0x6c8/0xf10 [ 605.360579][ T5151] ? __kthread_parkme+0x19e/0x250 [ 605.360599][ T5151] ? __pfx_worker_thread+0x10/0x10 [ 605.360621][ T5151] kthread+0x3c2/0x780 [ 605.360643][ T5151] ? __pfx_kthread+0x10/0x10 [ 605.360671][ T5151] ? rcu_is_watching+0x12/0xc0 [ 605.360687][ T5151] ? __pfx_kthread+0x10/0x10 [ 605.360709][ T5151] ret_from_fork+0x675/0x7d0 [ 605.360730][ T5151] ? __pfx_kthread+0x10/0x10 [ 605.360753][ T5151] ret_from_fork_asm+0x1a/0x30 [ 605.360791][ T5151] [ 605.360832][ T5151] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 605.629337][ T5151] Bluetooth: hci2: failed to register connection device [ 606.073066][T22143] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1889'. [ 607.289713][T22258] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1899'. [ 607.452748][T22262] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 607.678946][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 608.812493][T22413] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 612.203086][T22561] sd 0:0:1:0: PR command failed: 1026 [ 612.278108][T22561] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 612.390353][T22561] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 613.671255][T22683] FAULT_INJECTION: forcing a failure. [ 613.671255][T22683] name fail_futex, interval 1, probability 0, space 0, times 0 [ 613.700950][T22683] CPU: 1 UID: 0 PID: 22683 Comm: syz.0.1919 Not tainted syzkaller #0 PREEMPT(full) [ 613.700989][T22683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 613.701006][T22683] Call Trace: [ 613.701015][T22683] [ 613.701026][T22683] dump_stack_lvl+0x16c/0x1f0 [ 613.701062][T22683] should_fail_ex+0x512/0x640 [ 613.701100][T22683] get_futex_key+0x1d0/0x1560 [ 613.701135][T22683] ? kasan_quarantine_put+0x10a/0x240 [ 613.701165][T22683] ? __pfx_get_futex_key+0x10/0x10 [ 613.701196][T22683] ? look_up_lock_class+0x59/0x150 [ 613.701226][T22683] ? register_lock_class+0x41/0x4c0 [ 613.701262][T22683] ? tomoyo_check_open_permission+0x1d8/0x3c0 [ 613.701305][T22683] futex_wake+0xea/0x530 [ 613.701348][T22683] ? __pfx_futex_wake+0x10/0x10 [ 613.701427][T22683] do_futex+0x1e3/0x350 [ 613.701462][T22683] ? __pfx_do_futex+0x10/0x10 [ 613.701499][T22683] ? _raw_spin_unlock+0x28/0x50 [ 613.701523][T22683] ? do_fcntl+0x1eb/0x15a0 [ 613.701559][T22683] __x64_sys_futex+0x1e0/0x4c0 [ 613.701598][T22683] ? __pfx___x64_sys_futex+0x10/0x10 [ 613.701633][T22683] ? tomoyo_file_fcntl+0xa5/0xc0 [ 613.701674][T22683] do_syscall_64+0xcd/0xfa0 [ 613.701705][T22683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.701732][T22683] RIP: 0033:0x7ff39218eec9 [ 613.701753][T22683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.701777][T22683] RSP: 002b:00007ff392fe20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 613.701803][T22683] RAX: ffffffffffffffda RBX: 00007ff3923e5fa8 RCX: 00007ff39218eec9 [ 613.701821][T22683] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff3923e5fac [ 613.701837][T22683] RBP: 00007ff3923e5fa0 R08: 00007ff392fe3000 R09: 0000000000000000 [ 613.701854][T22683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 613.701870][T22683] R13: 00007ff3923e6038 R14: 00007ffc60b94de0 R15: 00007ffc60b94ec8 [ 613.701908][T22683] [ 613.901734][ C1] vkms_vblank_simulate: vblank timer overrun [ 614.010870][T22685] FAULT_INJECTION: forcing a failure. [ 614.010870][T22685] name fail_futex, interval 1, probability 0, space 0, times 0 [ 614.043890][T22685] CPU: 0 UID: 0 PID: 22685 Comm: syz.3.1921 Not tainted syzkaller #0 PREEMPT(full) [ 614.043927][T22685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 614.043944][T22685] Call Trace: [ 614.043953][T22685] [ 614.043963][T22685] dump_stack_lvl+0x16c/0x1f0 [ 614.043998][T22685] should_fail_ex+0x512/0x640 [ 614.044036][T22685] get_futex_key+0x1d0/0x1560 [ 614.044075][T22685] ? kasan_quarantine_put+0x10a/0x240 [ 614.044103][T22685] ? __pfx_get_futex_key+0x10/0x10 [ 614.044137][T22685] ? look_up_lock_class+0x59/0x150 [ 614.044168][T22685] ? register_lock_class+0x41/0x4c0 [ 614.044203][T22685] ? tomoyo_check_open_permission+0x1d8/0x3c0 [ 614.044247][T22685] futex_wake+0xea/0x530 [ 614.044290][T22685] ? __pfx_futex_wake+0x10/0x10 [ 614.044344][T22685] do_futex+0x1e3/0x350 [ 614.044390][T22685] ? __pfx_do_futex+0x10/0x10 [ 614.044427][T22685] ? _raw_spin_unlock+0x28/0x50 [ 614.044451][T22685] ? do_fcntl+0x1eb/0x15a0 [ 614.044487][T22685] __x64_sys_futex+0x1e0/0x4c0 [ 614.044526][T22685] ? __pfx___x64_sys_futex+0x10/0x10 [ 614.044560][T22685] ? tomoyo_file_fcntl+0xa5/0xc0 [ 614.044602][T22685] do_syscall_64+0xcd/0xfa0 [ 614.044633][T22685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.044659][T22685] RIP: 0033:0x7f5c82d8eec9 [ 614.044681][T22685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.044705][T22685] RSP: 002b:00007f5c83c9e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 614.044730][T22685] RAX: ffffffffffffffda RBX: 00007f5c82fe5fa8 RCX: 00007f5c82d8eec9 [ 614.044749][T22685] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5c82fe5fac [ 614.044764][T22685] RBP: 00007f5c82fe5fa0 R08: 00007f5c83c9f000 R09: 0000000000000000 [ 614.044780][T22685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.044796][T22685] R13: 00007f5c82fe6038 R14: 00007ffcf7367a90 R15: 00007ffcf7367b78 [ 614.044833][T22685] [ 614.500745][T22690] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 614.548811][T22696] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1924'. [ 614.566174][T22698] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1924'. [ 615.297906][T22757] syz.1.1929 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 616.222289][T22865] FAULT_INJECTION: forcing a failure. [ 616.222289][T22865] name fail_futex, interval 1, probability 0, space 0, times 0 [ 616.238891][T22865] CPU: 0 UID: 0 PID: 22865 Comm: syz.2.1934 Not tainted syzkaller #0 PREEMPT(full) [ 616.238939][T22865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 616.238955][T22865] Call Trace: [ 616.238964][T22865] [ 616.238974][T22865] dump_stack_lvl+0x16c/0x1f0 [ 616.239009][T22865] should_fail_ex+0x512/0x640 [ 616.239047][T22865] get_futex_key+0x1d0/0x1560 [ 616.239083][T22865] ? kasan_quarantine_put+0x10a/0x240 [ 616.239113][T22865] ? __pfx_get_futex_key+0x10/0x10 [ 616.239144][T22865] ? look_up_lock_class+0x59/0x150 [ 616.239181][T22865] ? register_lock_class+0x41/0x4c0 [ 616.239217][T22865] ? tomoyo_check_open_permission+0x1d8/0x3c0 [ 616.239262][T22865] futex_wake+0xea/0x530 [ 616.239302][T22865] ? __pfx_futex_wake+0x10/0x10 [ 616.239355][T22865] do_futex+0x1e3/0x350 [ 616.239390][T22865] ? __pfx_do_futex+0x10/0x10 [ 616.239422][T22865] ? _raw_spin_unlock+0x28/0x50 [ 616.239444][T22865] ? do_fcntl+0x1eb/0x15a0 [ 616.239480][T22865] __x64_sys_futex+0x1e0/0x4c0 [ 616.239517][T22865] ? __pfx___x64_sys_futex+0x10/0x10 [ 616.239551][T22865] ? tomoyo_file_fcntl+0xa5/0xc0 [ 616.239593][T22865] do_syscall_64+0xcd/0xfa0 [ 616.239623][T22865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.239647][T22865] RIP: 0033:0x7f5fc4d8eec9 [ 616.239665][T22865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.239686][T22865] RSP: 002b:00007f5fc5cec0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 616.239714][T22865] RAX: ffffffffffffffda RBX: 00007f5fc4fe5fa8 RCX: 00007f5fc4d8eec9 [ 616.239733][T22865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5fc4fe5fac [ 616.239750][T22865] RBP: 00007f5fc4fe5fa0 R08: 00007f5fc5ced000 R09: 0000000000000000 [ 616.239765][T22865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 616.239777][T22865] R13: 00007f5fc4fe6038 R14: 00007ffc0841c5c0 R15: 00007ffc0841c6a8 [ 616.239810][T22865] [ 618.295908][T22921] sysfs_service_op_show: Client not running :-5: [ 618.462569][T22940] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 618.549435][T22940] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 619.612742][T23025] random: crng reseeded on system resumption [ 622.395184][T23071] netlink: 'syz.0.1957': attribute type 5 has an invalid length. [ 623.611524][T23128] FAULT_INJECTION: forcing a failure. [ 623.611524][T23128] name failslab, interval 1, probability 0, space 0, times 0 [ 623.625595][T23128] CPU: 0 UID: 0 PID: 23128 Comm: syz.2.1961 Not tainted syzkaller #0 PREEMPT(full) [ 623.625628][T23128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 623.625637][T23128] Call Trace: [ 623.625642][T23128] [ 623.625649][T23128] dump_stack_lvl+0x16c/0x1f0 [ 623.625670][T23128] should_fail_ex+0x512/0x640 [ 623.625688][T23128] ? __kmalloc_noprof+0xca/0x880 [ 623.625712][T23128] should_failslab+0xc2/0x120 [ 623.625732][T23128] __kmalloc_noprof+0xdd/0x880 [ 623.625752][T23128] ? vhost_dev_set_owner+0x20c/0xa50 [ 623.625774][T23128] ? vhost_dev_set_owner+0x20c/0xa50 [ 623.625790][T23128] vhost_dev_set_owner+0x20c/0xa50 [ 623.625814][T23128] vhost_dev_ioctl+0x2eb/0xe20 [ 623.625831][T23128] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 623.625857][T23128] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 623.625881][T23128] vhost_vsock_dev_ioctl+0x3a5/0xb30 [ 623.625898][T23128] ? hook_file_ioctl_common+0x145/0x410 [ 623.625920][T23128] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 623.625939][T23128] ? __fget_files+0x20e/0x3c0 [ 623.625957][T23128] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 623.625975][T23128] __x64_sys_ioctl+0x18b/0x210 [ 623.625996][T23128] do_syscall_64+0xcd/0xfa0 [ 623.626013][T23128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.626028][T23128] RIP: 0033:0x7f5fc4d8eec9 [ 623.626040][T23128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.626055][T23128] RSP: 002b:00007f5fc5cec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.626070][T23128] RAX: ffffffffffffffda RBX: 00007f5fc4fe5fa0 RCX: 00007f5fc4d8eec9 [ 623.626079][T23128] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000004 [ 623.626087][T23128] RBP: 00007f5fc4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 623.626096][T23128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.626103][T23128] R13: 00007f5fc4fe6038 R14: 00007f5fc4fe5fa0 R15: 00007ffc0841c6a8 [ 623.626123][T23128] [ 623.845506][T23131] sg_write: data in/out 585358300/31 bytes for SCSI command 0x87-- guessing data in; [ 623.845506][T23131] program syz.2.1961 not setting count and/or reply_len properly [ 624.562027][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.569076][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.805379][T23198] random: crng reseeded on system resumption [ 626.441355][T23290] kAFS: Invalid Command on /proc/fs/afs/cells file [ 628.294794][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.339735][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.367753][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.382432][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.410352][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.427538][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.448717][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.462200][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.504909][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 628.517812][T23391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1979'. [ 632.592734][T23623] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 632.649933][T23623] sd 0:0:1:0: PR command failed: 1026 [ 632.655462][T23623] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 632.674210][T23623] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 633.748468][T23721] netlink: 'syz.3.2007': attribute type 5 has an invalid length. [ 637.545713][T23894] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81646c1a (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 637.561511][T23894] Call Trace: [ 637.564823][T23894] [ 637.567755][T23894] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 637.574440][T23894] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 637.580270][T23894] ? __pfx_call_function_single_prep_ipi+0x10/0x10 [ 637.586772][T23894] mce_cpu_restart+0xd9/0x1f0 [ 637.591452][T23894] ? __pfx_mce_cpu_restart+0x10/0x10 [ 637.596744][T23894] smp_call_function_many_cond+0x122a/0x1600 [ 637.602747][T23894] ? __pfx_mce_cpu_restart+0x10/0x10 [ 637.608138][T23894] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 637.613941][T23894] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 637.620306][T23894] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 637.626315][T23894] ? __pfx_mce_cpu_restart+0x10/0x10 [ 637.631626][T23894] on_each_cpu_cond_mask+0x40/0x90 [ 637.636742][T23894] set_bank+0x240/0x3a0 [ 637.640903][T23894] ? __pfx_set_bank+0x10/0x10 [ 637.645590][T23894] ? find_held_lock+0x2b/0x80 [ 637.650292][T23894] ? __pfx_set_bank+0x10/0x10 [ 637.654967][T23894] dev_attr_store+0x58/0x80 [ 637.659461][T23894] ? __pfx_dev_attr_store+0x10/0x10 [ 637.664646][T23894] sysfs_kf_write+0xf2/0x150 [ 637.669318][T23894] kernfs_fop_write_iter+0x3af/0x570 [ 637.674633][T23894] ? __pfx_sysfs_kf_write+0x10/0x10 [ 637.679844][T23894] vfs_write+0x7d3/0x11d0 [ 637.684204][T23894] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 637.690050][T23894] ? __pfx___mutex_lock+0x10/0x10 [ 637.695075][T23894] ? __pfx_vfs_write+0x10/0x10 [ 637.699843][T23894] ksys_write+0x12a/0x250 [ 637.704180][T23894] ? __pfx_ksys_write+0x10/0x10 [ 637.709022][T23894] do_syscall_64+0xcd/0xfa0 [ 637.713518][T23894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.719429][T23894] RIP: 0033:0x7ff39218eec9 [ 637.723857][T23894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.744074][T23894] RSP: 002b:00007ff392fc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 637.752509][T23894] RAX: ffffffffffffffda RBX: 00007ff3923e6090 RCX: 00007ff39218eec9 [ 637.760483][T23894] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000005 [ 637.768469][T23894] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 637.776493][T23894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 637.784464][T23894] R13: 00007ff3923e6128 R14: 00007ff3923e6090 R15: 00007ffc60b94ec8 [ 637.792448][T23894] [ 638.338816][ T5828] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 638.663589][T23936] openvswitch: netlink: Multiple metadata blocks provided [ 638.755965][T23931] sp0: Synchronizing with TNC [ 639.135649][T23984] __nla_validate_parse: 55 callbacks suppressed [ 639.135664][T23984] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2038'. [ 639.223456][T23984] bridge_slave_1: left allmulticast mode [ 639.231560][T23984] bridge_slave_1: left promiscuous mode [ 639.250080][T23984] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.268626][T23984] bridge_slave_0: left allmulticast mode [ 639.276644][T23984] bridge_slave_0: left promiscuous mode [ 639.303965][T23984] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.953619][T24100] ICMPv6: process `syz.0.2053' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 642.098225][T24109] __vm_enough_memory: pid: 24109, comm: syz.1.2054, bytes: 4398046511104 not enough memory for the allocation [ 646.187766][T24175] zswap: compressor not available [ 646.496541][T24237] FAULT_INJECTION: forcing a failure. [ 646.496541][T24237] name failslab, interval 1, probability 0, space 0, times 0 [ 646.562634][T24237] CPU: 0 UID: 0 PID: 24237 Comm: syz.0.2068 Not tainted syzkaller #0 PREEMPT(full) [ 646.562672][T24237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 646.562688][T24237] Call Trace: [ 646.562697][T24237] [ 646.562707][T24237] dump_stack_lvl+0x16c/0x1f0 [ 646.562741][T24237] should_fail_ex+0x512/0x640 [ 646.562772][T24237] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 646.562802][T24237] should_failslab+0xc2/0x120 [ 646.562843][T24237] kmem_cache_alloc_noprof+0x75/0x6e0 [ 646.562869][T24237] ? alloc_empty_file+0x55/0x1e0 [ 646.562911][T24237] ? alloc_empty_file+0x55/0x1e0 [ 646.562944][T24237] alloc_empty_file+0x55/0x1e0 [ 646.562981][T24237] path_openat+0xda/0x2cb0 [ 646.563020][T24237] ? __pfx_path_openat+0x10/0x10 [ 646.563057][T24237] do_filp_open+0x20b/0x470 [ 646.563085][T24237] ? __pfx_do_filp_open+0x10/0x10 [ 646.563139][T24237] ? alloc_fd+0x471/0x7d0 [ 646.563173][T24237] do_sys_openat2+0x11b/0x1d0 [ 646.563208][T24237] ? __pfx_do_sys_openat2+0x10/0x10 [ 646.563245][T24237] ? __sys_connect+0xe0/0x160 [ 646.563280][T24237] __x64_sys_openat+0x174/0x210 [ 646.563316][T24237] ? __pfx___x64_sys_openat+0x10/0x10 [ 646.563366][T24237] do_syscall_64+0xcd/0xfa0 [ 646.563397][T24237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.563423][T24237] RIP: 0033:0x7ff39218eec9 [ 646.563444][T24237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 646.563469][T24237] RSP: 002b:00007ff392fe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 646.563493][T24237] RAX: ffffffffffffffda RBX: 00007ff3923e5fa0 RCX: 00007ff39218eec9 [ 646.563510][T24237] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 646.563527][T24237] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 646.563544][T24237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 646.563559][T24237] R13: 00007ff3923e6038 R14: 00007ff3923e5fa0 R15: 00007ffc60b94ec8 [ 646.563595][T24237] [ 647.092327][T24242] FAULT_INJECTION: forcing a failure. [ 647.092327][T24242] name fail_futex, interval 1, probability 0, space 0, times 0 [ 647.127500][T24242] CPU: 0 UID: 0 PID: 24242 Comm: syz.0.2069 Not tainted syzkaller #0 PREEMPT(full) [ 647.127536][T24242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 647.127559][T24242] Call Trace: [ 647.127568][T24242] [ 647.127578][T24242] dump_stack_lvl+0x16c/0x1f0 [ 647.127612][T24242] should_fail_ex+0x512/0x640 [ 647.127646][T24242] get_futex_key+0x1d0/0x1560 [ 647.127685][T24242] ? __pfx_get_futex_key+0x10/0x10 [ 647.127717][T24242] ? __lock_acquire+0xb97/0x1ce0 [ 647.127756][T24242] ? find_held_lock+0x2b/0x80 [ 647.127787][T24242] futex_wake+0xea/0x530 [ 647.127830][T24242] ? __pfx_futex_wake+0x10/0x10 [ 647.127869][T24242] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 647.127915][T24242] do_futex+0x1e3/0x350 [ 647.127950][T24242] ? __pfx_do_futex+0x10/0x10 [ 647.127986][T24242] ? _raw_spin_unlock+0x28/0x50 [ 647.128010][T24242] ? do_fcntl+0x1eb/0x15a0 [ 647.128046][T24242] __x64_sys_futex+0x1e0/0x4c0 [ 647.128086][T24242] ? __pfx___x64_sys_futex+0x10/0x10 [ 647.128121][T24242] ? tomoyo_file_fcntl+0xa5/0xc0 [ 647.128163][T24242] do_syscall_64+0xcd/0xfa0 [ 647.128195][T24242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.128221][T24242] RIP: 0033:0x7ff39218eec9 [ 647.128244][T24242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.128269][T24242] RSP: 002b:00007ff392fe20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 647.128296][T24242] RAX: ffffffffffffffda RBX: 00007ff3923e5fa8 RCX: 00007ff39218eec9 [ 647.128321][T24242] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff3923e5fac [ 647.128340][T24242] RBP: 00007ff3923e5fa0 R08: 00007ff392fe3000 R09: 0000000000000000 [ 647.128357][T24242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.128374][T24242] R13: 00007ff3923e6038 R14: 00007ffc60b94de0 R15: 00007ffc60b94ec8 [ 647.128414][T24242] syzkaller syzkaller login: [ 649.928100][T24341] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 653.442550][T24486] FAULT_INJECTION: forcing a failure. [ 653.442550][T24486] name failslab, interval 1, probability 0, space 0, times 0 [ 653.474873][T24486] CPU: 1 UID: 0 PID: 24486 Comm: syz.0.2094 Not tainted syzkaller #0 PREEMPT(full) [ 653.474908][T24486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 653.474922][T24486] Call Trace: [ 653.474930][T24486] [ 653.474940][T24486] dump_stack_lvl+0x16c/0x1f0 [ 653.474974][T24486] should_fail_ex+0x512/0x640 [ 653.475004][T24486] ? __kmalloc_cache_noprof+0x5f/0x780 [ 653.475043][T24486] should_failslab+0xc2/0x120 [ 653.475082][T24486] __kmalloc_cache_noprof+0x72/0x780 [ 653.475119][T24486] ? sctp_auth_shkey_create+0x9e/0x210 [ 653.475154][T24486] ? sctp_auth_shkey_create+0x9e/0x210 [ 653.475181][T24486] sctp_auth_shkey_create+0x9e/0x210 [ 653.475211][T24486] sctp_endpoint_new+0x589/0xb20 [ 653.475244][T24486] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 653.475275][T24486] ? lockdep_init_map_type+0x5c/0x280 [ 653.475309][T24486] ? lockdep_init_map_type+0x5c/0x280 [ 653.475346][T24486] sctp_init_sock+0xe2b/0x12f0 [ 653.475372][T24486] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 653.475399][T24486] sctp_v6_init_sock+0x16/0x70 [ 653.475424][T24486] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 653.475450][T24486] inet6_create+0xb30/0x12b0 [ 653.475481][T24486] ? inet6_create+0x7f/0x12b0 [ 653.475512][T24486] __sock_create+0x335/0x8d0 [ 653.475557][T24486] __sys_socket+0x14d/0x260 [ 653.475593][T24486] ? __pfx___sys_socket+0x10/0x10 [ 653.475627][T24486] ? xfd_validate_state+0x61/0x180 [ 653.475659][T24486] ? __pfx_ksys_write+0x10/0x10 [ 653.475692][T24486] __x64_sys_socket+0x72/0xb0 [ 653.475724][T24486] ? lockdep_hardirqs_on+0x7c/0x110 [ 653.475751][T24486] do_syscall_64+0xcd/0xfa0 [ 653.475780][T24486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.475804][T24486] RIP: 0033:0x7ff39218eec9 [ 653.475826][T24486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.475848][T24486] RSP: 002b:00007ff392fc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 653.475872][T24486] RAX: ffffffffffffffda RBX: 00007ff3923e6090 RCX: 00007ff39218eec9 [ 653.475888][T24486] RDX: 0000000000000084 RSI: 0000000000000005 RDI: 000000000000000a [ 653.475902][T24486] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 653.475916][T24486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 653.475930][T24486] R13: 00007ff3923e6128 R14: 00007ff3923e6090 R15: 00007ffc60b94ec8 [ 653.475965][T24486] [ 654.002423][T24524] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2097'. [ 654.034485][T24502] random: crng reseeded on system resumption [ 654.041299][T24524] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2097'. [ 657.273198][T24683] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 657.395517][T24680] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 658.337651][T24705] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.2113: bg 1: bad block bitmap checksum [ 658.369239][T24705] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 658.897059][T24688] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2110'. [ 659.031456][T24736] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2116'. [ 659.121568][T24741] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2116'. [ 661.482588][T24824] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 662.360885][T24844] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 662.540339][T24849] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 662.841392][T24854] netlink: 50 bytes leftover after parsing attributes in process `syz.1.2134'. [ 663.646609][T24930] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 664.043489][T24940] FAULT_INJECTION: forcing a failure. [ 664.043489][T24940] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 664.237635][T24940] CPU: 1 UID: 0 PID: 24940 Comm: syz.0.2142 Not tainted syzkaller #0 PREEMPT(full) [ 664.237671][T24940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 664.237681][T24940] Call Trace: [ 664.237686][T24940] [ 664.237693][T24940] dump_stack_lvl+0x16c/0x1f0 [ 664.237716][T24940] should_fail_ex+0x512/0x640 [ 664.237737][T24940] should_fail_alloc_page+0xe7/0x130 [ 664.237759][T24940] prepare_alloc_pages+0x3c2/0x610 [ 664.237777][T24940] ? rcu_is_watching+0x12/0xc0 [ 664.237794][T24940] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 664.237811][T24940] ? rcu_is_watching+0x12/0xc0 [ 664.237825][T24940] ? trace_mm_page_alloc+0x11f/0x1a0 [ 664.237844][T24940] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 664.237860][T24940] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 664.237877][T24940] ? is_bpf_text_address+0x8a/0x1a0 [ 664.237896][T24940] ? bpf_ksym_find+0x124/0x1c0 [ 664.237912][T24940] ? is_bpf_text_address+0x94/0x1a0 [ 664.237930][T24940] ? kernel_text_address+0x8d/0x100 [ 664.237951][T24940] ? __kernel_text_address+0xd/0x40 [ 664.237964][T24940] ? unwind_get_return_address+0x59/0xa0 [ 664.237990][T24940] alloc_pages_bulk_noprof+0x71c/0x1410 [ 664.238005][T24940] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 664.238031][T24940] ? policy_nodemask+0xea/0x4e0 [ 664.238052][T24940] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 664.238067][T24940] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 664.238092][T24940] kasan_populate_vmalloc+0x112/0x2d0 [ 664.238107][T24940] ? alloc_vmap_area+0x8b5/0x29e0 [ 664.238127][T24940] alloc_vmap_area+0x960/0x29e0 [ 664.238159][T24940] ? __pfx_alloc_vmap_area+0x10/0x10 [ 664.238182][T24940] __get_vm_area_node+0x1ca/0x330 [ 664.238203][T24940] ? ringbuf_map_alloc+0x3da/0x7f0 [ 664.238233][T24940] get_vm_area_caller+0x71/0xa0 [ 664.238251][T24940] ? ringbuf_map_alloc+0x3da/0x7f0 [ 664.238274][T24940] vmap+0x135/0x320 [ 664.238292][T24940] ? __pfx_vmap+0x10/0x10 [ 664.238318][T24940] ringbuf_map_alloc+0x3da/0x7f0 [ 664.238343][T24940] ? __pfx_ringbuf_map_mem_usage+0x10/0x10 [ 664.238363][T24940] map_create+0x659/0x27e0 [ 664.238390][T24940] ? __pfx_map_create+0x10/0x10 [ 664.238410][T24940] ? __might_fault+0xe3/0x190 [ 664.238422][T24940] ? __might_fault+0xe3/0x190 [ 664.238434][T24940] ? __might_fault+0x13b/0x190 [ 664.238453][T24940] __sys_bpf+0x3d9d/0x4980 [ 664.238467][T24940] ? futex_private_hash_put+0x18a/0x300 [ 664.238493][T24940] ? __pfx___sys_bpf+0x10/0x10 [ 664.238506][T24940] ? __pfx_futex_wait+0x10/0x10 [ 664.238532][T24940] ? errseq_sample+0x53/0x70 [ 664.238554][T24940] ? do_futex+0x122/0x350 [ 664.238581][T24940] ? __sys_socket+0xac/0x260 [ 664.238603][T24940] ? xfd_validate_state+0x61/0x180 [ 664.238621][T24940] ? __pfx___do_sys_close_range+0x10/0x10 [ 664.238640][T24940] __x64_sys_bpf+0x78/0xc0 [ 664.238654][T24940] ? lockdep_hardirqs_on+0x7c/0x110 [ 664.238669][T24940] do_syscall_64+0xcd/0xfa0 [ 664.238686][T24940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.238700][T24940] RIP: 0033:0x7ff39218eec9 [ 664.238713][T24940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.238727][T24940] RSP: 002b:00007ff392fe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 664.238742][T24940] RAX: ffffffffffffffda RBX: 00007ff3923e5fa0 RCX: 00007ff39218eec9 [ 664.238751][T24940] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000 [ 664.238760][T24940] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 664.238769][T24940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.238778][T24940] R13: 00007ff3923e6038 R14: 00007ff3923e5fa0 R15: 00007ffc60b94ec8 [ 664.238798][T24940] [ 665.180416][T24958] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2149'. [ 665.257320][T24958] vivid-005: kernel_thread() failed [ 669.305226][T25143] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 671.927527][ T30] audit: type=1800 audit(4294967325.029:17): pid=25271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2176" name="version" dev="configfs" ino=61264 res=0 errno=0 [ 672.371651][T25289] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2177'. [ 672.554870][T25289] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2177'. [ 673.063448][T25333] netlink: 50 bytes leftover after parsing attributes in process `syz.2.2180'. [ 673.678534][T25378] FAULT_INJECTION: forcing a failure. [ 673.678534][T25378] name failslab, interval 1, probability 0, space 0, times 0 [ 673.730610][T25378] CPU: 1 UID: 0 PID: 25378 Comm: syz.2.2185 Not tainted syzkaller #0 PREEMPT(full) [ 673.730632][T25378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 673.730641][T25378] Call Trace: [ 673.730646][T25378] [ 673.730652][T25378] dump_stack_lvl+0x16c/0x1f0 [ 673.730673][T25378] should_fail_ex+0x512/0x640 [ 673.730690][T25378] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 673.730710][T25378] should_failslab+0xc2/0x120 [ 673.730729][T25378] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 673.730746][T25378] ? nf_log_net_init+0x9f/0x450 [ 673.730765][T25378] ? __pfx_nf_log_net_init+0x10/0x10 [ 673.730781][T25378] ? kmemdup_noprof+0x29/0x60 [ 673.730795][T25378] kmemdup_noprof+0x29/0x60 [ 673.730813][T25378] nf_log_net_init+0x9f/0x450 [ 673.730831][T25378] ? __pfx_nf_log_net_init+0x10/0x10 [ 673.730847][T25378] ops_init+0x1df/0x5f0 [ 673.730866][T25378] setup_net+0x100/0x390 [ 673.730882][T25378] ? __pfx_setup_net+0x10/0x10 [ 673.730899][T25378] ? debug_mutex_init+0x37/0x70 [ 673.730917][T25378] copy_net_ns+0x2f8/0x690 [ 673.730936][T25378] create_new_namespaces+0x3ea/0xa90 [ 673.730958][T25378] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 673.730975][T25378] ksys_unshare+0x45b/0xa40 [ 673.730995][T25378] ? __pfx_ksys_unshare+0x10/0x10 [ 673.731013][T25378] ? xfd_validate_state+0x61/0x180 [ 673.731039][T25378] __x64_sys_unshare+0x31/0x40 [ 673.731062][T25378] do_syscall_64+0xcd/0xfa0 [ 673.731082][T25378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.731096][T25378] RIP: 0033:0x7f5fc4d8eec9 [ 673.731109][T25378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.731122][T25378] RSP: 002b:00007f5fc5ccb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 673.731136][T25378] RAX: ffffffffffffffda RBX: 00007f5fc4fe6090 RCX: 00007f5fc4d8eec9 [ 673.731145][T25378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 673.731154][T25378] RBP: 00007f5fc4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 673.731162][T25378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.731170][T25378] R13: 00007f5fc4fe6128 R14: 00007f5fc4fe6090 R15: 00007ffc0841c6a8 [ 673.731189][T25378] [ 674.124737][T25383] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2186'. [ 674.760519][T25438] vivid-003: ================= START STATUS ================= [ 674.787641][T25438] vivid-003: Radio HW Seek Mode: Bounded [ 674.793350][T25438] vivid-003: Radio Programmable HW Seek: false [ 674.841208][T25438] vivid-003: RDS Rx I/O Mode: Block I/O [ 674.859160][T25438] vivid-003: Generate RBDS Instead of RDS: false [ 674.904401][T25438] vivid-003: RDS Reception: true [ 674.914961][T25438] vivid-003: RDS Program Type: 0 inactive [ 674.921493][T25438] vivid-003: RDS PS Name: inactive [ 674.927167][T25438] vivid-003: RDS Radio Text: inactive [ 674.932773][T25438] vivid-003: RDS Traffic Announcement: false inactive [ 674.939739][T25438] vivid-003: RDS Traffic Program: false inactive [ 674.947214][T25438] vivid-003: RDS Music: false inactive [ 674.952923][T25438] vivid-003: ================== END STATUS ================== [ 675.320879][T25489] netlink: 206 bytes leftover after parsing attributes in process `syz.3.2191'. [ 676.924658][T25548] FAULT_INJECTION: forcing a failure. [ 676.924658][T25548] name fail_futex, interval 1, probability 0, space 0, times 0 [ 676.965431][T25548] CPU: 0 UID: 0 PID: 25548 Comm: syz.2.2199 Not tainted syzkaller #0 PREEMPT(full) [ 676.965464][T25548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 676.965478][T25548] Call Trace: [ 676.965486][T25548] [ 676.965495][T25548] dump_stack_lvl+0x16c/0x1f0 [ 676.965527][T25548] should_fail_ex+0x512/0x640 [ 676.965558][T25548] get_futex_key+0x1d0/0x1560 [ 676.965593][T25548] ? __pfx_get_futex_key+0x10/0x10 [ 676.965621][T25548] ? futex_private_hash_put+0x176/0x300 [ 676.965661][T25548] futex_wake+0xea/0x530 [ 676.965694][T25548] ? futex_wait+0x120/0x380 [ 676.965728][T25548] ? __pfx_futex_wait+0x10/0x10 [ 676.965764][T25548] ? __pfx_futex_wake+0x10/0x10 [ 676.965804][T25548] ? __lock_acquire+0x62e/0x1ce0 [ 676.965842][T25548] do_futex+0x1e3/0x350 [ 676.965874][T25548] ? __pfx_do_futex+0x10/0x10 [ 676.965907][T25548] ? find_held_lock+0x2b/0x80 [ 676.965958][T25548] __x64_sys_futex+0x1e0/0x4c0 [ 676.965991][T25548] ? __fget_files+0x20e/0x3c0 [ 676.966013][T25548] ? __pfx___x64_sys_futex+0x10/0x10 [ 676.966048][T25548] ? fdget+0x187/0x210 [ 676.966075][T25548] do_syscall_64+0xcd/0xfa0 [ 676.966107][T25548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.966131][T25548] RIP: 0033:0x7f5fc4d8eec9 [ 676.966151][T25548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.966173][T25548] RSP: 002b:00007f5fc5ccb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 676.966204][T25548] RAX: ffffffffffffffda RBX: 00007f5fc4fe6098 RCX: 00007f5fc4d8eec9 [ 676.966221][T25548] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5fc4fe609c [ 676.966236][T25548] RBP: 00007f5fc4fe6090 R08: 00007f5fc5ced000 R09: 0000000000000000 [ 676.966249][T25548] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 676.966263][T25548] R13: 00007f5fc4fe6128 R14: 00007ffc0841c5c0 R15: 00007ffc0841c6a8 [ 676.966299][T25548] [ 677.620011][T25595] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2202'. [ 677.681309][T25607] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2201'. [ 678.030954][T25654] netlink: 206 bytes leftover after parsing attributes in process `syz.2.2204'. [ 680.731698][T25796] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 680.771410][T25796] random: crng reseeded on system resumption [ 680.794605][T25796] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2214'. [ 681.310656][T25813] netlink: 'syz.1.2216': attribute type 17 has an invalid length. [ 681.349264][T25813] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2216'. [ 685.178265][T26121] page: refcount:5 mapcount:4 mapping:0000000000000000 index:0x0 pfn:0x78001 [ 685.204839][T26121] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 685.243687][T26155] __vm_enough_memory: pid: 26155, comm: syz.0.2240, bytes: 4398046511104 not enough memory for the allocation [ 685.247937][T26121] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 685.273580][T26121] raw: 0000000000000000 0000000000000000 0000000500000003 0000000000000000 [ 685.292006][T26121] page dumped because: unmovable page [ 685.307815][T26121] page_owner tracks the page as allocated [ 685.313948][T26121] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5823, tgid 5823 (syz-executor), ts 84685655135, free_ts 73033930843 [ 685.335158][T26121] post_alloc_hook+0x1c0/0x230 [ 685.340348][T26121] get_page_from_freelist+0x10a3/0x3a30 [ 685.346128][T26121] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 685.352214][T26121] alloc_pages_mpol+0x1fb/0x550 [ 685.359616][T26121] alloc_pages_noprof+0x131/0x390 [ 685.365816][T26121] __vmalloc_node_range_noprof+0x6f8/0x1480 [ 685.372342][T26121] vmalloc_user_noprof+0x9e/0xe0 [ 685.377317][T26121] kcov_ioctl+0x4c/0x730 [ 685.382766][T26121] __x64_sys_ioctl+0x18b/0x210 [ 685.388667][T26121] do_syscall_64+0xcd/0xfa0 [ 685.393852][T26121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.404689][T26121] page last free pid 5721 tgid 5721 stack trace: [ 685.411547][T26121] __free_frozen_pages+0x7df/0x1160 [ 685.419417][T26121] __folio_put+0x329/0x450 [ 685.423899][T26121] anon_pipe_buf_release+0x40a/0x520 [ 685.429966][T26121] anon_pipe_read+0x5cd/0x1210 [ 685.434774][T26121] vfs_read+0xa98/0xcf0 [ 685.439419][T26121] ksys_read+0x1f8/0x250 [ 685.445326][T26121] do_syscall_64+0xcd/0xfa0 [ 685.451050][T26121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.010402][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.016859][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.118445][T26350] openvswitch: netlink: Missing valid actions attribute. [ 688.741316][T26386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2256'. [ 688.770089][T26386] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2256'. [ 688.899632][T26395] FAULT_INJECTION: forcing a failure. [ 688.899632][T26395] name failslab, interval 1, probability 0, space 0, times 0 [ 688.927173][T26395] CPU: 0 UID: 0 PID: 26395 Comm: syz.0.2260 Not tainted syzkaller #0 PREEMPT(full) [ 688.927211][T26395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 688.927228][T26395] Call Trace: [ 688.927237][T26395] [ 688.927248][T26395] dump_stack_lvl+0x16c/0x1f0 [ 688.927283][T26395] should_fail_ex+0x512/0x640 [ 688.927315][T26395] ? __kmalloc_noprof+0xca/0x880 [ 688.927361][T26395] should_failslab+0xc2/0x120 [ 688.927398][T26395] __kmalloc_noprof+0xdd/0x880 [ 688.927438][T26395] ? lsm_blob_alloc+0x68/0x90 [ 688.927472][T26395] ? lsm_blob_alloc+0x68/0x90 [ 688.927499][T26395] lsm_blob_alloc+0x68/0x90 [ 688.927529][T26395] security_sk_alloc+0x30/0x270 [ 688.927567][T26395] sk_prot_alloc+0x1c7/0x2a0 [ 688.927605][T26395] sk_alloc+0x36/0xc20 [ 688.927632][T26395] pppoe_create+0x32/0x360 [ 688.927670][T26395] pppox_create+0x159/0x2c0 [ 688.927710][T26395] __sock_create+0x335/0x8d0 [ 688.927751][T26395] __sys_socket+0x14d/0x260 [ 688.927788][T26395] ? __pfx___sys_socket+0x10/0x10 [ 688.927824][T26395] ? xfd_validate_state+0x61/0x180 [ 688.927869][T26395] __x64_sys_socket+0x72/0xb0 [ 688.927903][T26395] ? lockdep_hardirqs_on+0x7c/0x110 [ 688.927930][T26395] do_syscall_64+0xcd/0xfa0 [ 688.927960][T26395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.927986][T26395] RIP: 0033:0x7ff39218eec9 [ 688.928007][T26395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.928031][T26395] RSP: 002b:00007ff392fe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 688.928056][T26395] RAX: ffffffffffffffda RBX: 00007ff3923e5fa0 RCX: 00007ff39218eec9 [ 688.928074][T26395] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000018 [ 688.928091][T26395] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 688.928107][T26395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 688.928121][T26395] R13: 00007ff3923e6038 R14: 00007ff3923e5fa0 R15: 00007ffc60b94ec8 [ 688.928155][T26395] [ 689.239570][T26395] random: crng reseeded on system resumption [ 692.033314][T26584] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2280'. [ 692.319751][T26595] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 692.349398][T26595] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 692.407250][T26595] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 693.330311][ T5151] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 693.346912][ T5151] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 693.361480][ T5151] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 693.380213][ T5151] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 693.388174][ T5151] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 694.386583][T26628] chnl_net:caif_netlink_parms(): no params data found [ 694.680129][T26766] netlink: zone id is out of range [ 694.956736][T16786] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.079901][T26768] netlink: 206 bytes leftover after parsing attributes in process `syz.3.2291'. [ 695.249729][T16786] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.438144][ T5151] Bluetooth: hci4: command tx timeout [ 695.468853][T26805] Invalid ELF header magic: != ELF [ 695.477877][T16786] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.539741][T26805] delete_channel: no stack [ 695.626380][T26823] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 695.650481][T16786] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.755862][T26628] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.773997][T26628] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.825577][T26628] bridge_slave_0: entered allmulticast mode [ 695.856146][T26628] bridge_slave_0: entered promiscuous mode [ 695.882785][T26628] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.903724][T26628] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.916039][T26628] bridge_slave_1: entered allmulticast mode [ 695.951369][T26628] bridge_slave_1: entered promiscuous mode [ 696.161567][T26628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 696.329528][T26628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 696.568385][T26628] team0: Port device team_slave_0 added [ 697.355976][T16786] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.370761][T16786] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.382397][T16786] bond0 (unregistering): Released all slaves [ 697.398303][T26628] team0: Port device team_slave_1 added [ 697.524767][ T5151] Bluetooth: hci4: command tx timeout [ 697.653511][T26628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 697.664583][T26628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 697.730975][T26986] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 697.747574][T26628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 697.764245][T26986] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 697.805907][T26628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 697.848953][T26628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 697.879419][T26628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 698.212955][T26628] hsr_slave_0: entered promiscuous mode [ 698.220316][T26628] hsr_slave_1: entered promiscuous mode [ 698.227836][T26628] debugfs: 'hsr0' already exists in 'hsr' [ 698.233813][T26628] Cannot create hsr debugfs directory [ 699.088387][T16786] hsr_slave_0: left promiscuous mode [ 699.114330][T16786] hsr_slave_1: left promiscuous mode [ 699.128506][T16786] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.135985][T16786] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.161502][T16786] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.180802][T16786] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.252932][T16786] veth1_macvtap: left promiscuous mode [ 699.270946][T16786] veth1_vlan: left promiscuous mode [ 699.276461][T16786] veth0_vlan: left promiscuous mode [ 699.598500][ T5151] Bluetooth: hci4: command tx timeout [ 700.703337][T27135] tty tty28: ldisc open failed (-12), clearing slot 27 [ 700.938842][T16786] team0 (unregistering): Port device team_slave_0 removed [ 701.687545][ T5151] Bluetooth: hci4: command tx timeout [ 703.637991][T26628] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 703.696200][T26628] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 703.718610][T26628] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 703.752645][T26628] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 704.097240][T26628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.166960][T26628] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.205228][T15201] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.212474][T15201] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.287142][ T8655] bridge0: port 2(bridge_slave_1) entered blocking state [ 704.294451][ T8655] bridge0: port 2(bridge_slave_1) entered forwarding state [ 704.805383][T26628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 704.925642][T26628] veth0_vlan: entered promiscuous mode [ 704.959011][T26628] veth1_vlan: entered promiscuous mode [ 705.017043][T26628] veth0_macvtap: entered promiscuous mode [ 705.056859][T26628] veth1_macvtap: entered promiscuous mode [ 705.122366][T26628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 705.165831][T26628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 705.207306][T16786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.239376][T16786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.262393][T16786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.335078][T16786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.833399][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 705.861843][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 705.968591][ T8655] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 705.976457][ T8655] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 707.232030][T27415] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 707.500582][ T5828] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 707.517345][ T5828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 707.538860][ T5828] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 707.580416][ T5828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 707.589813][ T5828] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 707.995673][T27434] syz.2.2331 (27434): /proc/27432/oom_adj is deprecated, please use /proc/27432/oom_score_adj instead. [ 708.045744][T27434] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2331'. [ 708.112787][T27434] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.163348][T27434] bridge_slave_1 (unregistering): left allmulticast mode [ 708.188640][T27434] bridge_slave_1 (unregistering): left promiscuous mode [ 708.195747][T27434] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.984446][T27420] chnl_net:caif_netlink_parms(): no params data found [ 709.198697][T27589] netlink: 'syz.1.2335': attribute type 1 has an invalid length. [ 709.312367][T27420] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.350552][T27420] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.358845][T27420] bridge_slave_0: entered allmulticast mode [ 709.366815][T27420] bridge_slave_0: entered promiscuous mode [ 709.379184][T27420] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.386655][T27420] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.406943][T27420] bridge_slave_1: entered allmulticast mode [ 709.424713][T27420] bridge_slave_1: entered promiscuous mode [ 709.679123][ T5151] Bluetooth: hci2: command tx timeout [ 709.720140][T27420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 709.766341][T27420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.905285][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.029975][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.052011][T27420] team0: Port device team_slave_0 added [ 710.075826][T27420] team0: Port device team_slave_1 added [ 710.244631][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.273574][T27420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 710.281674][T27420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 710.309206][T27420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 710.343715][T27420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 710.369539][T27420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 710.397161][T27420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 710.427482][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.820173][T27420] hsr_slave_0: entered promiscuous mode [ 710.826931][T27420] hsr_slave_1: entered promiscuous mode [ 710.985988][T27786] FAULT_INJECTION: forcing a failure. [ 710.985988][T27786] name failslab, interval 1, probability 0, space 0, times 0 [ 710.999238][T27786] CPU: 1 UID: 0 PID: 27786 Comm: syz.0.2338 Not tainted syzkaller #0 PREEMPT(full) [ 710.999273][T27786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 710.999287][T27786] Call Trace: [ 710.999296][T27786] [ 710.999306][T27786] dump_stack_lvl+0x16c/0x1f0 [ 710.999340][T27786] should_fail_ex+0x512/0x640 [ 710.999370][T27786] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 710.999402][T27786] should_failslab+0xc2/0x120 [ 710.999435][T27786] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 710.999463][T27786] ? __alloc_disk_node+0x5a/0x640 [ 710.999490][T27786] ? blk_alloc_queue+0x630/0x760 [ 710.999529][T27786] ? __alloc_disk_node+0x5a/0x640 [ 710.999555][T27786] __alloc_disk_node+0x5a/0x640 [ 710.999584][T27786] ? blk_alloc_queue+0x1a3/0x760 [ 710.999637][T27786] __blk_alloc_disk+0xd0/0x160 [ 710.999669][T27786] ? __pfx___blk_alloc_disk+0x10/0x10 [ 710.999725][T27786] ? lockdep_init_map_type+0x5c/0x280 [ 710.999765][T27786] ? lockdep_init_map_type+0x5c/0x280 [ 710.999805][T27786] dm_create+0x4c4/0x1160 [ 710.999834][T27786] dev_create+0x121/0x290 [ 710.999862][T27786] ? __pfx_dev_create+0x10/0x10 [ 710.999889][T27786] ? __might_fault+0x13b/0x190 [ 710.999924][T27786] ctl_ioctl+0x798/0xd70 [ 710.999952][T27786] ? __pfx_dev_create+0x10/0x10 [ 710.999981][T27786] ? __pfx_ctl_ioctl+0x10/0x10 [ 711.000046][T27786] ? __fget_files+0x20e/0x3c0 [ 711.000079][T27786] dm_ctl_ioctl+0x22/0x30 [ 711.000104][T27786] ? __pfx_dm_ctl_ioctl+0x10/0x10 [ 711.000131][T27786] __x64_sys_ioctl+0x18b/0x210 [ 711.000171][T27786] do_syscall_64+0xcd/0xfa0 [ 711.000202][T27786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.000229][T27786] RIP: 0033:0x7ff39218eec9 [ 711.000250][T27786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.000276][T27786] RSP: 002b:00007ff392fe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 711.000302][T27786] RAX: ffffffffffffffda RBX: 00007ff3923e5fa0 RCX: 00007ff39218eec9 [ 711.000320][T27786] RDX: 00002000000001c0 RSI: fffffffffffffd03 RDI: 0000000000000004 [ 711.000338][T27786] RBP: 00007ff392211f91 R08: 0000000000000000 R09: 0000000000000000 [ 711.000355][T27786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.000372][T27786] R13: 00007ff3923e6038 R14: 00007ff3923e5fa0 R15: 00007ffc60b94ec8 [ 711.000409][T27786] [ 711.722117][T27916] snd_aloop snd_aloop.0: control 1:262152:7::0 is already present [ 711.764092][ T5151] Bluetooth: hci2: command tx timeout [ 712.173698][T27932] overlayfs: missing 'lowerdir' syzkaller syzkaller login: [ 712.982423][T27950] input: f_>{~hՐ'$d)K4Lo0ø"n$cawR=X as /devices/virtual/input/input23 [ 713.221359][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 713.239231][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 713.266922][ T49] bond0 (unregistering): Released all slaves [ 713.415439][ T49] HfR: left promiscuous mode [ 713.781994][ T49] tipc: Left network mode [ 713.839874][ T5151] Bluetooth: hci2: command tx timeout [ 714.997096][T27420] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 715.125936][T27420] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 715.176339][T27420] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 715.193412][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 715.207556][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 715.222558][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 715.234519][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 715.295402][ T49] veth0_macvtap: left promiscuous mode [ 715.427908][ T49] veth1_vlan: left promiscuous mode [ 715.433470][ T49] veth0_vlan: left promiscuous mode [ 715.918222][ T5151] Bluetooth: hci2: command tx timeout [ 716.365367][ T49] team0 (unregistering): Port device team_slave_0 removed [ 716.761818][T28081] usb usb23: usbfs: interface 0 claimed by hub while 'syz.0.2350' sets config #65536 [ 716.887868][T27420] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 717.573034][T27420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 717.655066][T27420] 8021q: adding VLAN 0 to HW filter on device team0 [ 717.690273][ T8655] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.697528][ T8655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 717.734224][ T8655] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.741443][ T8655] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.769788][T27420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 718.940108][T27420] veth0_vlan: entered promiscuous mode [ 718.982328][T27420] veth1_vlan: entered promiscuous mode [ 719.224075][T27420] veth0_macvtap: entered promiscuous mode [ 719.448352][T27420] veth1_macvtap: entered promiscuous mode [ 719.576827][T27420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 719.644900][T27420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 719.694238][T16785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.744670][T16785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.776916][T16785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.794415][T16785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.137474][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 720.145339][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 720.232454][T16785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 720.337770][T16785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 720.539610][T28268] FAULT_INJECTION: forcing a failure. [ 720.539610][T28268] name failslab, interval 1, probability 0, space 0, times 0 [ 720.568927][T28268] CPU: 0 UID: 0 PID: 28268 Comm: syz.3.2328 Not tainted syzkaller #0 PREEMPT(full) [ 720.568965][T28268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 720.568980][T28268] Call Trace: [ 720.568987][T28268] [ 720.568993][T28268] dump_stack_lvl+0x16c/0x1f0 [ 720.569016][T28268] should_fail_ex+0x512/0x640 [ 720.569038][T28268] ? __kmalloc_cache_noprof+0x5f/0x780 [ 720.569063][T28268] should_failslab+0xc2/0x120 [ 720.569082][T28268] __kmalloc_cache_noprof+0x72/0x780 [ 720.569105][T28268] ? find_held_lock+0x2b/0x80 [ 720.569119][T28268] ? yama_ptracer_add+0x48/0x590 [ 720.569137][T28268] ? yama_ptracer_add+0x48/0x590 [ 720.569151][T28268] yama_ptracer_add+0x48/0x590 [ 720.569168][T28268] yama_task_prctl+0xf4/0x1d0 [ 720.569184][T28268] security_task_prctl+0xc2/0x160 [ 720.569203][T28268] __do_sys_prctl+0xaa/0x2250 [ 720.569227][T28268] ? __pfx___do_sys_prctl+0x10/0x10 [ 720.569253][T28268] do_syscall_64+0xcd/0xfa0 [ 720.569269][T28268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.569284][T28268] RIP: 0033:0x7f412a18eec9 [ 720.569295][T28268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.569309][T28268] RSP: 002b:00007f412af82038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 720.569323][T28268] RAX: ffffffffffffffda RBX: 00007f412a3e5fa0 RCX: 00007f412a18eec9 [ 720.569332][T28268] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000059616d61 [ 720.569340][T28268] RBP: 00007f412a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 720.569349][T28268] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 720.569357][T28268] R13: 00007f412a3e6038 R14: 00007f412a3e5fa0 R15: 00007ffef5a6d268 [ 720.569376][T28268] [ 722.012495][T28324] FAULT_INJECTION: forcing a failure. [ 722.012495][T28324] name failslab, interval 1, probability 0, space 0, times 0 [ 722.026077][T28324] CPU: 1 UID: 0 PID: 28324 Comm: syz.2.2363 Not tainted syzkaller #0 PREEMPT(full) [ 722.026114][T28324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 722.026130][T28324] Call Trace: [ 722.026139][T28324] [ 722.026149][T28324] dump_stack_lvl+0x16c/0x1f0 [ 722.026183][T28324] should_fail_ex+0x512/0x640 [ 722.026213][T28324] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 722.026242][T28324] should_failslab+0xc2/0x120 [ 722.026276][T28324] kmem_cache_alloc_noprof+0x75/0x6e0 [ 722.026301][T28324] ? alloc_empty_file+0x55/0x1e0 [ 722.026343][T28324] ? alloc_empty_file+0x55/0x1e0 [ 722.026373][T28324] alloc_empty_file+0x55/0x1e0 [ 722.026409][T28324] path_openat+0xda/0x2cb0 [ 722.026446][T28324] ? __pfx_path_openat+0x10/0x10 [ 722.026483][T28324] do_filp_open+0x20b/0x470 [ 722.026510][T28324] ? __pfx_do_filp_open+0x10/0x10 [ 722.026564][T28324] ? alloc_fd+0x471/0x7d0 [ 722.026599][T28324] do_sys_openat2+0x11b/0x1d0 [ 722.026633][T28324] ? __pfx_do_sys_openat2+0x10/0x10 [ 722.026669][T28324] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 722.026707][T28324] __x64_sys_openat+0x174/0x210 [ 722.026752][T28324] ? __pfx___x64_sys_openat+0x10/0x10 [ 722.026804][T28324] do_syscall_64+0xcd/0xfa0 [ 722.026835][T28324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.026861][T28324] RIP: 0033:0x7f5fc4d8eec9 [ 722.026881][T28324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 722.026906][T28324] RSP: 002b:00007f5fc5cec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 722.026930][T28324] RAX: ffffffffffffffda RBX: 00007f5fc4fe5fa0 RCX: 00007f5fc4d8eec9 [ 722.026946][T28324] RDX: 0000000000080101 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 722.026963][T28324] RBP: 00007f5fc4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 722.026979][T28324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 722.026994][T28324] R13: 00007f5fc4fe6038 R14: 00007f5fc4fe5fa0 R15: 00007ffc0841c6a8 [ 722.027030][T28324] [ 724.403300][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 724.416036][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 724.424697][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 724.433045][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 724.474541][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 725.280221][ T1112] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.358735][T28433] chnl_net:caif_netlink_parms(): no params data found [ 725.549945][ T1112] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.767231][ T1112] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.276083][T28433] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.304489][T28433] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.331082][T28433] bridge_slave_0: entered allmulticast mode [ 726.357781][T28433] bridge_slave_0: entered promiscuous mode [ 726.472807][T28433] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.496840][T28433] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.551579][T28433] bridge_slave_1: entered allmulticast mode [ 726.567865][ T5828] Bluetooth: hci3: command tx timeout [ 726.619067][T28433] bridge_slave_1: entered promiscuous mode [ 726.864105][T28433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.960515][T28433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.207122][T28433] team0: Port device team_slave_0 added [ 727.243423][T28433] team0: Port device team_slave_1 added [ 727.354751][ T1112] bridge_slave_1: left allmulticast mode [ 727.363865][ T1112] bridge_slave_1: left promiscuous mode [ 727.372841][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.394105][ T1112] bridge_slave_0: left allmulticast mode [ 727.406963][ T1112] bridge_slave_0: left promiscuous mode [ 727.414230][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.573486][T28770] zswap: compressor not available [ 728.648558][ T5828] Bluetooth: hci3: command tx timeout [ 728.701422][T28780] FAULT_INJECTION: forcing a failure. [ 728.701422][T28780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 728.735287][T28780] CPU: 1 UID: 0 PID: 28780 Comm: syz.3.2384 Not tainted syzkaller #0 PREEMPT(full) [ 728.735324][T28780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 728.735341][T28780] Call Trace: [ 728.735350][T28780] [ 728.735360][T28780] dump_stack_lvl+0x16c/0x1f0 [ 728.735395][T28780] should_fail_ex+0x512/0x640 [ 728.735432][T28780] strncpy_from_user+0x3b/0x2e0 [ 728.735464][T28780] getname_flags.part.0+0x8f/0x550 [ 728.735504][T28780] getname_flags+0x93/0xf0 [ 728.735528][T28780] do_sys_openat2+0xb8/0x1d0 [ 728.735563][T28780] ? __pfx_do_sys_openat2+0x10/0x10 [ 728.735600][T28780] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 728.735638][T28780] __x64_sys_openat+0x174/0x210 [ 728.735674][T28780] ? __pfx___x64_sys_openat+0x10/0x10 [ 728.735725][T28780] do_syscall_64+0xcd/0xfa0 [ 728.735756][T28780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.735782][T28780] RIP: 0033:0x7f412a18eec9 [ 728.735803][T28780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 728.735826][T28780] RSP: 002b:00007f412af82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 728.735851][T28780] RAX: ffffffffffffffda RBX: 00007f412a3e5fa0 RCX: 00007f412a18eec9 [ 728.735869][T28780] RDX: 0000000000080101 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 728.735890][T28780] RBP: 00007f412a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 728.735906][T28780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.735921][T28780] R13: 00007f412a3e6038 R14: 00007f412a3e5fa0 R15: 00007ffef5a6d268 [ 728.735960][T28780] [ 729.019384][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 729.031214][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 729.043145][ T1112] bond0 (unregistering): Released all slaves [ 729.068196][T28433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 729.075653][T28433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 729.103252][T28433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 729.125571][T28433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 729.132695][T28433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 729.158947][T28433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 729.206418][ T1112] HfR: left promiscuous mode [ 729.322397][ T1112] tipc: Left network mode [ 729.549882][T28433] hsr_slave_0: entered promiscuous mode [ 729.556628][T28433] hsr_slave_1: entered promiscuous mode [ 729.576723][T28433] debugfs: 'hsr0' already exists in 'hsr' [ 729.582987][T28433] Cannot create hsr debugfs directory [ 730.462646][T28984] Invalid ELF header magic: != ELF [ 730.727754][ T5828] Bluetooth: hci3: command tx timeout [ 730.814611][T29007] usb usb17: usbfs: process 29007 (syz.1.2389) did not claim interface 0 before use [ 730.897741][ T49] Trying to write to read-only block-device sda1 [ 730.923492][ T49] Trying to write to read-only block-device sda [ 731.890239][ T1112] veth1_macvtap: left promiscuous mode [ 731.910771][ T1112] veth0_macvtap: left promiscuous mode [ 731.917859][ T1112] veth1_vlan: left promiscuous mode [ 731.924141][ T1112] veth0_vlan: left promiscuous mode [ 732.200363][T29071] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2396'. [ 732.385009][T29078] FAULT_INJECTION: forcing a failure. [ 732.385009][T29078] name failslab, interval 1, probability 0, space 0, times 0 [ 732.398192][T29078] CPU: 1 UID: 0 PID: 29078 Comm: syz.1.2396 Not tainted syzkaller #0 PREEMPT(full) [ 732.398229][T29078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 732.398245][T29078] Call Trace: [ 732.398253][T29078] [ 732.398263][T29078] dump_stack_lvl+0x16c/0x1f0 [ 732.398299][T29078] should_fail_ex+0x512/0x640 [ 732.398337][T29078] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 732.398367][T29078] should_failslab+0xc2/0x120 [ 732.398400][T29078] kmem_cache_alloc_noprof+0x75/0x6e0 [ 732.398427][T29078] ? mas_preallocate+0xe6a/0x11f0 [ 732.398463][T29078] ? mas_preallocate+0xe6a/0x11f0 [ 732.398490][T29078] mas_preallocate+0xe6a/0x11f0 [ 732.398527][T29078] ? __pfx_mas_preallocate+0x10/0x10 [ 732.398554][T29078] ? find_held_lock+0x2b/0x80 [ 732.398594][T29078] ? __pfx___might_resched+0x10/0x10 [ 732.398626][T29078] vma_link+0x12e/0x6a0 [ 732.398650][T29078] ? anon_vma_clone+0x3fe/0x5c0 [ 732.398689][T29078] ? __pfx_vma_link+0x10/0x10 [ 732.398722][T29078] ? anon_vma_clone+0x405/0x5c0 [ 732.398769][T29078] copy_vma+0x6b7/0xa90 [ 732.398800][T29078] ? __pfx_copy_vma+0x10/0x10 [ 732.398835][T29078] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 732.398888][T29078] copy_vma_and_data+0x1cf/0x790 [ 732.398926][T29078] ? __pfx_copy_vma_and_data+0x10/0x10 [ 732.398960][T29078] ? __vma_enter_locked+0x163/0x3f0 [ 732.399000][T29078] ? find_held_lock+0x2b/0x80 [ 732.399027][T29078] ? move_vma+0x52e/0x1770 [ 732.399046][T29078] ? __vm_enough_memory+0x184/0x3f0 [ 732.399085][T29078] move_vma+0x540/0x1770 [ 732.399114][T29078] ? __pfx_move_vma+0x10/0x10 [ 732.399143][T29078] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 732.399175][T29078] ? cap_mmap_addr+0x4b/0x120 [ 732.399205][T29078] ? bpf_lsm_mmap_addr+0x9/0x10 [ 732.399233][T29078] ? security_mmap_addr+0x6c/0x1e0 [ 732.399258][T29078] ? __get_unmapped_area+0x267/0x440 [ 732.399293][T29078] ? vrm_set_new_addr+0x208/0x290 [ 732.399336][T29078] mremap_to+0x1b7/0x450 [ 732.399363][T29078] do_mremap+0x13a8/0x2020 [ 732.399391][T29078] ? futex_private_hash_put+0xf0/0x300 [ 732.399434][T29078] ? __pfx_do_mremap+0x10/0x10 [ 732.399467][T29078] ? ksys_write+0x190/0x250 [ 732.399504][T29078] __do_sys_mremap+0x119/0x170 [ 732.399529][T29078] ? __pfx___do_sys_mremap+0x10/0x10 [ 732.399572][T29078] ? __x64_sys_futex+0x1e0/0x4c0 [ 732.399630][T29078] do_syscall_64+0xcd/0xfa0 [ 732.399664][T29078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.399691][T29078] RIP: 0033:0x7f33ce78eec9 [ 732.399713][T29078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.399738][T29078] RSP: 002b:00007f33cf55b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 732.399763][T29078] RAX: ffffffffffffffda RBX: 00007f33ce9e6180 RCX: 00007f33ce78eec9 [ 732.399782][T29078] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 732.399798][T29078] RBP: 00007f33ce811f91 R08: 0000000100000000 R09: 0000000000000000 [ 732.399815][T29078] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 732.399830][T29078] R13: 00007f33ce9e6218 R14: 00007f33ce9e6180 R15: 00007ffc4ad75bc8 [ 732.399868][T29078] [ 732.805840][ T5828] Bluetooth: hci3: command tx timeout [ 733.172910][ T1112] team0 (unregistering): Port device team_slave_0 removed [ 733.961829][T28433] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 734.113377][T28433] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 734.127120][T28433] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 734.151863][T28433] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 734.756758][T28433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 735.074154][T28433] 8021q: adding VLAN 0 to HW filter on device team0 [ 735.253075][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 735.260234][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 735.307939][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.315128][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 736.456420][T28433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 736.592956][T29250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2406'. [ 736.609362][T29239] FAULT_INJECTION: forcing a failure. [ 736.609362][T29239] name failslab, interval 1, probability 0, space 0, times 0 [ 736.632580][T28433] veth0_vlan: entered promiscuous mode [ 736.642413][T29239] CPU: 0 UID: 0 PID: 29239 Comm: syz.1.2405 Not tainted syzkaller #0 PREEMPT(full) [ 736.642460][T29239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 736.642477][T29239] Call Trace: [ 736.642487][T29239] [ 736.642498][T29239] dump_stack_lvl+0x16c/0x1f0 [ 736.642539][T29239] should_fail_ex+0x512/0x640 [ 736.642570][T29239] ? fs_reclaim_acquire+0xae/0x150 [ 736.642606][T29239] should_failslab+0xc2/0x120 [ 736.642646][T29239] kmem_cache_alloc_noprof+0x75/0x6e0 [ 736.642671][T29239] ? __pfx_map_id_range_down+0x10/0x10 [ 736.642711][T29239] ? security_inode_alloc+0x3b/0x2b0 [ 736.642753][T29239] ? security_inode_alloc+0x3b/0x2b0 [ 736.642785][T29239] security_inode_alloc+0x3b/0x2b0 [ 736.642822][T29239] inode_init_always_gfp+0xce4/0x1030 [ 736.642853][T29239] ? __pfx_dax_test+0x10/0x10 [ 736.642888][T29239] ? __pfx_dax_set+0x10/0x10 [ 736.642923][T29239] alloc_inode+0x86/0x240 [ 736.642958][T29239] iget5_locked+0x67/0xb0 [ 736.642996][T29239] alloc_dax+0x107/0x360 [ 736.643033][T29239] ? __pfx_alloc_dax+0x10/0x10 [ 736.643071][T29239] ? lockdep_init_map_type+0x5c/0x280 [ 736.643109][T29239] dm_create+0xbd3/0x1160 [ 736.643135][T29239] dev_create+0x121/0x290 [ 736.643165][T29239] ? __pfx_dev_create+0x10/0x10 [ 736.643192][T29239] ? __might_fault+0x13b/0x190 [ 736.643226][T29239] ctl_ioctl+0x798/0xd70 [ 736.643254][T29239] ? __pfx_dev_create+0x10/0x10 [ 736.643284][T29239] ? __pfx_ctl_ioctl+0x10/0x10 [ 736.643348][T29239] ? __fget_files+0x20e/0x3c0 [ 736.643381][T29239] dm_ctl_ioctl+0x22/0x30 [ 736.643406][T29239] ? __pfx_dm_ctl_ioctl+0x10/0x10 [ 736.643434][T29239] __x64_sys_ioctl+0x18b/0x210 [ 736.643474][T29239] do_syscall_64+0xcd/0xfa0 [ 736.643506][T29239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.643532][T29239] RIP: 0033:0x7f33ce78eec9 [ 736.643553][T29239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.643578][T29239] RSP: 002b:00007f33cf59d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 736.643603][T29239] RAX: ffffffffffffffda RBX: 00007f33ce9e5fa0 RCX: 00007f33ce78eec9 [ 736.643621][T29239] RDX: 00002000000001c0 RSI: fffffffffffffd03 RDI: 0000000000000004 [ 736.643647][T29239] RBP: 00007f33ce811f91 R08: 0000000000000000 R09: 0000000000000000 [ 736.643665][T29239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 736.643681][T29239] R13: 00007f33ce9e6038 R14: 00007f33ce9e5fa0 R15: 00007ffc4ad75bc8 [ 736.643719][T29239] [ 736.917212][T29250] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 736.926948][T29250] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 736.961261][T29250] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 737.002951][T29250] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 737.083951][T28433] veth1_vlan: entered promiscuous mode [ 737.160077][T28433] veth0_macvtap: entered promiscuous mode [ 737.194340][T28433] veth1_macvtap: entered promiscuous mode [ 737.275153][T28433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 737.369350][T28433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 737.487927][ T1112] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.500172][ T1112] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.660521][ T1112] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.679934][ T8652] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 syzkaller syzkaller login: [ 738.037916][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 738.089962][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 738.266253][T16778] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 738.293367][T16778] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 740.865199][T29450] netlink: 'syz.1.2425': attribute type 9 has an invalid length. [ 740.901208][T29450] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2425'. [ 740.913213][T29453] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2424'. [ 740.924143][T29453] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2424'. [ 744.020859][T29537] zswap: compressor not available [ 744.235616][T29598] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 747.060682][ T30] audit: type=1800 audit(4294967334.870:18): pid=29769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2454" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 747.241384][T29798] __vm_enough_memory: pid: 29798, comm: syz.2.2455, bytes: 4398046511104 not enough memory for the allocation [ 747.343368][T29814] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 747.358364][T29817] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 747.457639][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.479423][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.134304][T29891] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 748.448259][T29896] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 750.034231][T30000] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2468'. [ 750.066153][T30002] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2468'. [ 750.066213][T30005] vivid-003: ================= START STATUS ================= [ 750.128727][T30005] vivid-003: Radio HW Seek Mode: Bounded [ 750.134453][T30005] vivid-003: Radio Programmable HW Seek: false [ 750.156232][T30005] vivid-003: RDS Rx I/O Mode: Block I/O [ 750.200069][T30005] vivid-003: Generate RBDS Instead of RDS: false [ 750.217914][T30005] vivid-003: RDS Reception: true [ 750.259605][T30005] vivid-003: RDS Program Type: 0 inactive [ 750.265389][T30005] vivid-003: RDS PS Name: inactive [ 750.330223][T30005] vivid-003: RDS Radio Text: inactive [ 750.335780][T30005] vivid-003: RDS Traffic Announcement: false inactive [ 750.380728][T30005] vivid-003: RDS Traffic Program: false inactive [ 750.390714][T30005] vivid-003: RDS Music: false inactive [ 750.400748][T30005] vivid-003: ================== END STATUS ================== [ 751.581284][T30096] netlink: 'syz.0.2472': attribute type 9 has an invalid length. [ 751.665677][T30096] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2472'. [ 753.992374][T30192] random: crng reseeded on system resumption [ 754.165894][T30196] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 754.708620][T30221] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request syzkaller syzkaller login: [ 761.238412][T30624] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2510'. syzkaller syzkaller login: [ 763.157561][T30705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'. syzkaller syzkaller login: [ 767.674054][T30985] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 768.878841][T31032] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 768.901426][T30972] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 771.079001][T31141] random: crng reseeded on system resumption [ 771.157010][T31141] can0: slcan on pty238. [ 771.301275][T31138] can0 (unregistered): slcan off pty238. [ 772.579889][T31233] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 772.591362][T31233] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 772.604303][T31233] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 772.615181][T31233] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 772.626029][T31233] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 773.291260][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.469417][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.506884][T31221] chnl_net:caif_netlink_parms(): no params data found [ 773.551043][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.579024][T31380] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 773.601795][T31380] FAULT_INJECTION: forcing a failure. [ 773.601795][T31380] name failslab, interval 1, probability 0, space 0, times 0 [ 773.623188][T31380] CPU: 1 UID: 0 PID: 31380 Comm: syz.3.2560 Not tainted syzkaller #0 PREEMPT(full) [ 773.623223][T31380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 773.623238][T31380] Call Trace: [ 773.623247][T31380] [ 773.623257][T31380] dump_stack_lvl+0x16c/0x1f0 [ 773.623292][T31380] should_fail_ex+0x512/0x640 [ 773.623328][T31380] ? fs_reclaim_acquire+0xae/0x150 [ 773.623363][T31380] should_failslab+0xc2/0x120 [ 773.623394][T31380] kmem_cache_alloc_noprof+0x75/0x6e0 [ 773.623419][T31380] ? __pfx_map_id_range_down+0x10/0x10 [ 773.623454][T31380] ? security_inode_alloc+0x3b/0x2b0 [ 773.623495][T31380] ? security_inode_alloc+0x3b/0x2b0 [ 773.623525][T31380] security_inode_alloc+0x3b/0x2b0 [ 773.623556][T31380] inode_init_always_gfp+0xce4/0x1030 [ 773.623584][T31380] alloc_inode+0x86/0x240 [ 773.623612][T31380] sock_alloc+0x40/0x280 [ 773.623641][T31380] __sock_create+0xc1/0x8d0 [ 773.623677][T31380] __sys_socket+0x14d/0x260 [ 773.623710][T31380] ? __pfx___sys_socket+0x10/0x10 [ 773.623742][T31380] ? xfd_validate_state+0x61/0x180 [ 773.623781][T31380] __x64_sys_socket+0x72/0xb0 [ 773.623810][T31380] ? lockdep_hardirqs_on+0x7c/0x110 [ 773.623834][T31380] do_syscall_64+0xcd/0xfa0 [ 773.623859][T31380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.623881][T31380] RIP: 0033:0x7f412a18eec9 [ 773.623899][T31380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.623919][T31380] RSP: 002b:00007f412af61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 773.623941][T31380] RAX: ffffffffffffffda RBX: 00007f412a3e6090 RCX: 00007f412a18eec9 [ 773.623955][T31380] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000010 [ 773.623968][T31380] RBP: 00007f412a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 773.623982][T31380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.624003][T31380] R13: 00007f412a3e6128 R14: 00007f412a3e6090 R15: 00007ffef5a6d268 [ 773.624034][T31380] [ 773.624080][T31380] socket: no more sockets [ 773.922781][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.963291][T31391] ================================================================== [ 773.963310][T31391] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 773.963347][T31391] Read of size 256 at addr ffff8880a02223c0 by task syz.0.2561/31391 [ 773.963370][T31391] [ 773.963382][T31391] CPU: 0 UID: 0 PID: 31391 Comm: syz.0.2561 Not tainted syzkaller #0 PREEMPT(full) [ 773.963413][T31391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 773.963428][T31391] Call Trace: [ 773.963436][T31391] [ 773.963445][T31391] dump_stack_lvl+0x116/0x1f0 [ 773.963473][T31391] print_report+0xcd/0x630 [ 773.963504][T31391] ? __virt_addr_valid+0x81/0x610 [ 773.963536][T31391] ? __phys_addr+0xe8/0x180 [ 773.963569][T31391] ? fbcon_prepare_logo+0xa03/0xc70 [ 773.963596][T31391] kasan_report+0xe0/0x110 [ 773.963627][T31391] ? fbcon_prepare_logo+0xa03/0xc70 [ 773.963657][T31391] kasan_check_range+0x100/0x1b0 [ 773.963692][T31391] __asan_memcpy+0x23/0x60 [ 773.963716][T31391] fbcon_prepare_logo+0xa03/0xc70 [ 773.963759][T31391] fbcon_init+0xd77/0x1900 [ 773.963787][T31391] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 773.963817][T31391] visual_init+0x320/0x620 [ 773.963846][T31391] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 773.963882][T31391] store_bind+0x61d/0x760 [ 773.963914][T31391] ? sysfs_file_kobj+0xe4/0x290 [ 773.963942][T31391] ? __pfx_store_bind+0x10/0x10 [ 773.963974][T31391] dev_attr_store+0x58/0x80 [ 773.964002][T31391] ? __pfx_dev_attr_store+0x10/0x10 [ 773.964029][T31391] sysfs_kf_write+0xf2/0x150 [ 773.964057][T31391] kernfs_fop_write_iter+0x3af/0x570 [ 773.964094][T31391] ? __pfx_sysfs_kf_write+0x10/0x10 [ 773.964122][T31391] iter_file_splice_write+0xa21/0x12e0 [ 773.964159][T31391] ? __pfx_iter_file_splice_write+0x10/0x10 [ 773.964189][T31391] ? __pfx_copy_splice_read+0x10/0x10 [ 773.964236][T31391] ? __pfx_iter_file_splice_write+0x10/0x10 [ 773.964264][T31391] direct_splice_actor+0x18f/0x6c0 [ 773.964291][T31391] splice_direct_to_actor+0x342/0xa30 [ 773.964331][T31391] ? __pfx_direct_splice_actor+0x10/0x10 [ 773.964359][T31391] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 773.964404][T31391] do_splice_direct+0x174/0x240 [ 773.964443][T31391] ? __pfx_do_splice_direct+0x10/0x10 [ 773.964482][T31391] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 773.964524][T31391] ? rw_verify_area+0xcf/0x6c0 [ 773.964563][T31391] do_sendfile+0xb06/0xe50 [ 773.964591][T31391] ? __pfx_do_sendfile+0x10/0x10 [ 773.964618][T31391] ? __x64_sys_futex+0x1e0/0x4c0 [ 773.964651][T31391] ? __x64_sys_futex+0x1e9/0x4c0 [ 773.964686][T31391] __x64_sys_sendfile64+0x1d8/0x220 [ 773.964718][T31391] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 773.964766][T31391] do_syscall_64+0xcd/0xfa0 [ 773.964796][T31391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.964823][T31391] RIP: 0033:0x7fa5ccb8eec9 [ 773.964844][T31391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.964869][T31391] RSP: 002b:00007fa5cda8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 773.964894][T31391] RAX: ffffffffffffffda RBX: 00007fa5ccde6180 RCX: 00007fa5ccb8eec9 [ 773.964915][T31391] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 773.964930][T31391] RBP: 00007fa5ccc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 773.964946][T31391] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 773.964960][T31391] R13: 00007fa5ccde6218 R14: 00007fa5ccde6180 R15: 00007fffdcc9a168 [ 773.964987][T31391] [ 773.964996][T31391] [ 773.965004][T31391] Allocated by task 8652: [ 773.965017][T31391] kasan_save_stack+0x33/0x60 [ 773.965044][T31391] kasan_save_track+0x14/0x30 [ 773.965070][T31391] __kasan_kmalloc+0xaa/0xb0 [ 773.965097][T31391] __kmalloc_node_track_caller_noprof+0x345/0x8a0 [ 773.965127][T31391] kmalloc_reserve+0xef/0x2c0 [ 773.965156][T31391] __alloc_skb+0x166/0x380 [ 773.965178][T31391] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 773.965206][T31391] process_one_work+0x9cf/0x1b70 [ 773.965241][T31391] worker_thread+0x6c8/0xf10 [ 773.965274][T31391] kthread+0x3c2/0x780 [ 773.965303][T31391] ret_from_fork+0x675/0x7d0 [ 773.965335][T31391] ret_from_fork_asm+0x1a/0x30 [ 773.965358][T31391] [ 773.965365][T31391] Freed by task 8652: [ 773.965376][T31391] kasan_save_stack+0x33/0x60 [ 773.965401][T31391] kasan_save_track+0x14/0x30 [ 773.965425][T31391] __kasan_save_free_info+0x3b/0x60 [ 773.965458][T31391] __kasan_slab_free+0x5f/0x80 [ 773.965483][T31391] kfree+0x2b8/0x6d0 [ 773.965514][T31391] skb_free_head+0x114/0x210 [ 773.965534][T31391] skb_release_data+0x795/0x9e0 [ 773.965558][T31391] consume_skb+0xbf/0x100 [ 773.965590][T31391] nsim_dev_trap_report_work+0x8bd/0xcf0 [ 773.965619][T31391] process_one_work+0x9cf/0x1b70 [ 773.965654][T31391] worker_thread+0x6c8/0xf10 [ 773.965687][T31391] kthread+0x3c2/0x780 [ 773.965718][T31391] ret_from_fork+0x675/0x7d0 [ 773.965763][T31391] ret_from_fork_asm+0x1a/0x30 [ 773.965788][T31391] [ 773.965795][T31391] The buggy address belongs to the object at ffff8880a0222000 [ 773.965795][T31391] which belongs to the cache kmalloc-4k of size 4096 [ 773.965817][T31391] The buggy address is located 960 bytes inside of [ 773.965817][T31391] freed 4096-byte region [ffff8880a0222000, ffff8880a0223000) [ 773.965844][T31391] [ 773.965852][T31391] The buggy address belongs to the physical page: [ 773.965865][T31391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa0220 [ 773.965889][T31391] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 773.965911][T31391] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 773.965934][T31391] page_type: f5(slab) [ 773.965957][T31391] raw: 00fff00000000040 ffff88813ffa7140 dead000000000122 0000000000000000 [ 773.965979][T31391] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 773.966005][T31391] head: 00fff00000000040 ffff88813ffa7140 dead000000000122 0000000000000000 [ 773.966025][T31391] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 773.966046][T31391] head: 00fff00000000003 ffffea0002808801 00000000ffffffff 00000000ffffffff [ 773.966066][T31391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 773.966080][T31391] page dumped because: kasan: bad access detected [ 773.966092][T31391] page_owner tracks the page as allocated [ 773.966100][T31391] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8652, tgid 8652 (kworker/u8:13), ts 772197962739, free_ts 771829395945 [ 773.966144][T31391] post_alloc_hook+0x1c0/0x230 [ 773.966178][T31391] get_page_from_freelist+0x10a3/0x3a30 [ 773.966213][T31391] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 773.966237][T31391] alloc_pages_mpol+0x1fb/0x550 [ 773.966264][T31391] new_slab+0x24a/0x360 [ 773.966295][T31391] ___slab_alloc+0xdc4/0x1ae0 [ 773.966327][T31391] __slab_alloc.constprop.0+0x63/0x110 [ 773.966361][T31391] __kmalloc_node_track_caller_noprof+0x4db/0x8a0 [ 773.966384][T31391] kmalloc_reserve+0xef/0x2c0 [ 773.966411][T31391] __alloc_skb+0x166/0x380 [ 773.966433][T31391] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 773.966461][T31391] process_one_work+0x9cf/0x1b70 [ 773.966493][T31391] worker_thread+0x6c8/0xf10 [ 773.966525][T31391] kthread+0x3c2/0x780 [ 773.966555][T31391] ret_from_fork+0x675/0x7d0 [ 773.966587][T31391] ret_from_fork_asm+0x1a/0x30 [ 773.966611][T31391] page last free pid 31191 tgid 31191 stack trace: [ 773.966626][T31391] __free_frozen_pages+0x7df/0x1160 [ 773.966656][T31391] __put_partials+0x130/0x170 [ 773.966689][T31391] qlist_free_all+0x4d/0x120 [ 773.966712][T31391] kasan_quarantine_reduce+0x195/0x1e0 [ 773.966745][T31391] __kasan_slab_alloc+0x69/0x90 [ 773.966772][T31391] __kmalloc_noprof+0x2e8/0x880 [ 773.966804][T31391] load_elf_phdrs+0x102/0x210 [ 773.966827][T31391] load_elf_binary+0x24d/0x4fe0 [ 773.966850][T31391] bprm_execve+0x8bb/0x1640 [ 773.966870][T31391] kernel_execve+0x2ef/0x3b0 [ 773.966891][T31391] call_usermodehelper_exec_async+0x255/0x4c0 [ 773.966916][T31391] ret_from_fork+0x675/0x7d0 [ 773.966947][T31391] ret_from_fork_asm+0x1a/0x30 [ 773.966971][T31391] [ 773.966976][T31391] Memory state around the buggy address: [ 773.966991][T31391] ffff8880a0222280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 773.967008][T31391] ffff8880a0222300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 773.967025][T31391] >ffff8880a0222380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 773.967039][T31391] ^ [ 773.967053][T31391] ffff8880a0222400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 773.967071][T31391] ffff8880a0222480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 773.967085][T31391] ================================================================== [ 773.983988][T31391] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 773.984012][T31391] CPU: 0 UID: 0 PID: 31391 Comm: syz.0.2561 Not tainted syzkaller #0 PREEMPT(full) [ 773.984043][T31391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 773.984058][T31391] Call Trace: [ 773.984068][T31391] [ 773.984079][T31391] dump_stack_lvl+0x3d/0x1f0 [ 773.984111][T31391] vpanic+0x640/0x6f0 [ 773.984146][T31391] panic+0xca/0xd0 [ 773.984177][T31391] ? __pfx_panic+0x10/0x10 [ 773.984211][T31391] ? fbcon_prepare_logo+0xa03/0xc70 [ 773.984239][T31391] ? preempt_schedule_common+0x44/0xc0 [ 773.984266][T31391] ? preempt_schedule_thunk+0x16/0x30 [ 773.984300][T31391] check_panic_on_warn+0xab/0xb0 [ 773.984334][T31391] end_report+0x107/0x170 [ 773.984364][T31391] kasan_report+0xee/0x110 [ 773.984393][T31391] ? fbcon_prepare_logo+0xa03/0xc70 [ 773.984425][T31391] kasan_check_range+0x100/0x1b0 [ 773.984460][T31391] __asan_memcpy+0x23/0x60 [ 773.984485][T31391] fbcon_prepare_logo+0xa03/0xc70 [ 773.984519][T31391] fbcon_init+0xd77/0x1900 [ 773.984548][T31391] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 773.984578][T31391] visual_init+0x320/0x620 [ 773.984607][T31391] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 773.984644][T31391] store_bind+0x61d/0x760 [ 773.984677][T31391] ? sysfs_file_kobj+0xe4/0x290 [ 773.984703][T31391] ? __pfx_store_bind+0x10/0x10 [ 773.984742][T31391] dev_attr_store+0x58/0x80 [ 773.984770][T31391] ? __pfx_dev_attr_store+0x10/0x10 [ 773.984795][T31391] sysfs_kf_write+0xf2/0x150 [ 773.984823][T31391] kernfs_fop_write_iter+0x3af/0x570 [ 773.984860][T31391] ? __pfx_sysfs_kf_write+0x10/0x10 [ 773.984889][T31391] iter_file_splice_write+0xa21/0x12e0 [ 773.984927][T31391] ? __pfx_iter_file_splice_write+0x10/0x10 [ 773.984956][T31391] ? __pfx_copy_splice_read+0x10/0x10 [ 773.985002][T31391] ? __pfx_iter_file_splice_write+0x10/0x10 [ 773.985026][T31391] direct_splice_actor+0x18f/0x6c0 [ 773.985051][T31391] splice_direct_to_actor+0x342/0xa30 [ 773.985088][T31391] ? __pfx_direct_splice_actor+0x10/0x10 [ 773.985115][T31391] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 773.985158][T31391] do_splice_direct+0x174/0x240 [ 773.985194][T31391] ? __pfx_do_splice_direct+0x10/0x10 [ 773.985231][T31391] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 773.985270][T31391] ? rw_verify_area+0xcf/0x6c0 [ 773.985307][T31391] do_sendfile+0xb06/0xe50 [ 773.985335][T31391] ? __pfx_do_sendfile+0x10/0x10 [ 773.985362][T31391] ? __x64_sys_futex+0x1e0/0x4c0 [ 773.985394][T31391] ? __x64_sys_futex+0x1e9/0x4c0 [ 773.985427][T31391] __x64_sys_sendfile64+0x1d8/0x220 [ 773.985458][T31391] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 773.985494][T31391] do_syscall_64+0xcd/0xfa0 [ 773.985521][T31391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.985547][T31391] RIP: 0033:0x7fa5ccb8eec9 [ 773.985567][T31391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.985592][T31391] RSP: 002b:00007fa5cda8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 773.985617][T31391] RAX: ffffffffffffffda RBX: 00007fa5ccde6180 RCX: 00007fa5ccb8eec9 [ 773.985635][T31391] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 773.985650][T31391] RBP: 00007fa5ccc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 773.985666][T31391] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 773.985681][T31391] R13: 00007fa5ccde6218 R14: 00007fa5ccde6180 R15: 00007fffdcc9a168 [ 773.985707][T31391] [ 773.985977][T31391] Kernel Offset: disabled