last executing test programs: 2m55.243119626s ago: executing program 0 (id=1249): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x96141, 0x0) madvise$auto(0x0, 0x2000040080000003, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) select$auto(0x10006, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x58, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x6, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x80000c}, 0x5, 0x2000fdff) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8301, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio11\x00', 0x80002, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x80000000) socket(0x2, 0x801, 0x106) getsockopt$auto(r0, 0x11c, 0x1, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 2m53.552606479s ago: executing program 0 (id=1254): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r0, 0x6) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) fsopen$auto(0x0, 0x1) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) shmget$auto(0x8, 0x10563, 0x568d1af2) 2m50.01588119s ago: executing program 0 (id=1261): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x167) mount$auto(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) r0 = socket(0xf, 0x3, 0x2) mmap$auto(0x11, 0x401, 0x2, 0x2000000017, r0, 0x3ff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/rds/tcp/rds_tcp_sndbuf\x00', 0x40601, 0x0) socket(0x2, 0x5, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x840, 0x0) ioctl$auto(r1, 0x4b65, 0x7) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) getpid() socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da06, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x582, 0x0) 2m48.426017498s ago: executing program 0 (id=1267): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ati_remote2/parameters/channel_mask\x00', 0x1e1842, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='./cgroup\x00') openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) r1 = socket(0x25, 0x80000, 0x1) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x2e810) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x20000000000, 0xe983, 0x7f, 0xeb1, 0x401, 0x8000) ioctl$auto_SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, &(0x7f0000000200)=0x823) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) prctl$auto(0x23, 0x3, 0x7fffffffefff, 0x8, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) 2m46.352068337s ago: executing program 0 (id=1279): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x8, 0x2020009, 0x3, 0x216, r0, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r1, 0xc0045405, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffdfffe}, 0x3ff) socket(0x22, 0x3, 0x1) rename$auto(&(0x7f00000003c0)='./file1/file0\x00', &(0x7f0000000400)='./file1\x00') sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x101040, 0x149) getxattrat$auto(r2, &(0x7f0000000300)='./file0\x00', 0xeb, &(0x7f0000000340)='/sys/kernel/debug/check_wx_pages\x00', &(0x7f0000000380)={0x10, 0x5, 0x4}, 0xffffffff) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, 0xffffffffffffffff, 0x6) r3 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) read$auto_check_wx_fops_(r3, &(0x7f0000000080)=""/228, 0xe4) 2m38.990287381s ago: executing program 0 (id=1277): mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) bpf$auto(0x3, 0x0, 0x8) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000004c0)=""/244, 0xf4) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r2 = socket(0x1d, 0x2, 0x7) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) bind$auto(0x3, 0x0, 0x6a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) connect$auto(0x3, 0x0, 0x18) recvmmsg$auto(0x3, 0x0, 0x10000, 0x2, 0x0) socket(0xa, 0x1, 0x100) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) readv$auto(0x3, 0x0, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0x101600, 0x0) unshare$auto(0x40000080) 2m23.947320057s ago: executing program 32 (id=1277): mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) bpf$auto(0x3, 0x0, 0x8) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000004c0)=""/244, 0xf4) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r2 = socket(0x1d, 0x2, 0x7) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) bind$auto(0x3, 0x0, 0x6a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) connect$auto(0x3, 0x0, 0x18) recvmmsg$auto(0x3, 0x0, 0x10000, 0x2, 0x0) socket(0xa, 0x1, 0x100) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) readv$auto(0x3, 0x0, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0x101600, 0x0) unshare$auto(0x40000080) 2m22.682161733s ago: executing program 2 (id=1300): r0 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) write$auto_safesetid_uid_file_fops_securityfs(r0, &(0x7f0000000b40)="33e06908f7cef2ef9652d5e3d0f91cdb9aa7fcd4f56b3ae50e2e7a3fce17ad39061182af048f047adfa552adf5a64941ae9a2564ce32560a", 0x38) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x10003c, 0x1, 0x1ffde, 0x7, 0x3, 0xfffffffffffffffe, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x9, 0x10005, 0x80, 0x4, 0xffefffff, 0x7, 0x2000, 0x203, 0x0, 0x20e9d17d, 0x400300000000000, 0xdb, 0x0, 0x80000000, 0xf04, [0xfffffffffffffffe, 0x0, 0x2, 0xfffffffffffffffd, 0x2, 0xfffffffffffffffe, 0x0, 0x20000000000007, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff5b, 0xc72, 0x0, 0x9, 0x0, 0x66, 0x2, 0x1, 0x0, 0x0, 0x80000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x8c]}, 0x2, 0xd) write$auto(r3, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x15) madvise$auto(0xffdffffffffffffc, 0x200006, 0x0) setresuid$auto(0x2, 0x7, 0x8080) socket(0x2b, 0x2, 0x20a) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x200300, 0x0) 2m21.143076354s ago: executing program 2 (id=1301): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r0, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) r1 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r1, 0x40086602, &(0x7f0000000100)) r2 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r2, 0x8, 0x1, 0x0, 0x40) socket(0x1e, 0xa, 0x9) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) bpf$auto(0x0, 0x0, 0x98) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) close_range$auto(0x2, 0xa, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) 2m19.600285825s ago: executing program 2 (id=1303): r0 = socket(0x25, 0x1, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) shutdown$auto(r0, 0x2) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r3, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) 2m17.462346458s ago: executing program 2 (id=1307): unshare$auto(0x40000080) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) fcntl$auto(r0, 0x4, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000002c0)={{@inferred=0x0, 0x5, 0x800009, 0x2, "4941aa833e2fc65b6b3cf7cec56d67c8dd3500f11581916caa0d445300", @raw=0x7}, 0x4, 0xfffffff9, 0x1, @inferred, @enumerated={0xffff, 0xffe, "4bd04167d52dbe3758dcb7641f58661870525adcaedaa5deaa336a58b7382f979a0ff0b3d9583c08610104000049d9f994ef5578e78507d4f25cd03a4c4b5700", 0x9, 0x3fd}, "6cc1888a6393f1b4285854c5368de438f8cc142ef6df1259b05ba1183bedbd31b642b4051bc7955610c61c329794e5311121c760cb8211c78e6947a99807bcc1"}) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, r2, 0x5, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) select$auto(0xe, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x7}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) mmap$auto(0x3, 0x60009, 0xffffffffffff0002, 0x9b72, 0x7, 0x4) close_range$auto(0x2, 0xa, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f00000004c0)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x2) io_uring_setup$auto(0xd, 0x0) io_uring_setup$auto(0x4000006, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) msgsnd$auto(0x0, &(0x7f0000000040)={0x40000007fc, 0x7}, 0x400, 0x2) msgrcv$auto(0xfffffffc, 0x0, 0x9, 0xffffffffffffffff, 0xf9) mmap$auto(0x0, 0x30008, 0x4000000000e3, 0x4000eb1, 0x401, 0x208000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0xfffffffb, 0x5, 0x8000000000000000, 0x0) 2m15.906374373s ago: executing program 1 (id=1310): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x0) r1 = getsockopt$auto(r0, 0x0, 0x1, 0xfffffffffffffffc, 0x0) mmap$auto(0x0, 0x2020007, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) mmap$auto(0x7, 0x580f, 0x2, 0x8000000008011, 0x3, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x6}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8000, 0xe9) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x3, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) ioctl$auto(0x3, 0x560a, 0x38) write$auto(0x1, 0x0, 0x80000000) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x109180, 0x0) pread64$auto(r2, 0x0, 0x682c3390, 0xcff) write$auto(r1, 0x0, 0x100000abd9) munmap$auto(0x8000, 0xffffffff) 2m15.906201262s ago: executing program 2 (id=1311): syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/fs/ext4/sda1/extent_max_zeroout_kb\x00', 0x4929c1, 0x0) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, 0x0, 0x20000004) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan1\x00'}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r0) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)={0x2e20, r1, 0x1, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2e07}]}, 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r2, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f00000009c0)={0x38, r3, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x20, 0x1, 0x0, 0x1, [@nested={0x1c, 0x2f, 0x0, 0x1, [@typed={0x14, 0x42, 0x0, 0x0, @ipv6=@local}, @nested={0x4, 0xf7}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40c4}, 0x4000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r5, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0xfffffffffffffeee, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) r6 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(r6, 0x6, 0x25, 0x0, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) setsockopt$auto(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x56b) mlock$auto(0x800, 0x85fc) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x200403, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 2m14.070243794s ago: executing program 1 (id=1312): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r0, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) r1 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r1, 0x40086602, &(0x7f0000000100)) r2 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r2, 0x8, 0x1, 0x0, 0x40) socket(0x1e, 0xa, 0x9) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) bpf$auto(0x0, 0x0, 0x98) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) close_range$auto(0x2, 0xa, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) 2m14.061795211s ago: executing program 2 (id=1320): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) ioctl$auto_LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$auto_LOOP_CTL_GET_FREE(r0, 0x4c82, 0x0) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x2c201, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80004001, 0x9) write$auto(0x6, 0x0, 0x100000001) 2m7.743260147s ago: executing program 1 (id=1319): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0x1c, 0x5d7, 0x9) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) writev$auto(r0, &(0x7f0000000140)={&(0x7f0000000040), 0x5}, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f000000adc0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16, @ANYBLOB="1b002bbd7000fddb0300030000000400080018000380140011801000f280edff0000000000000000000012000100898771f1c19f17790485908288470000"], 0x48}, 0x1, 0x0, 0x0, 0x4044}, 0xc800) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/io\x00', 0x800, 0x0) read$auto_proc_single_file_operations_base(r2, &(0x7f00000000c0)=""/14, 0xe) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x9, 0x400000008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x40401, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x60040, 0x0) 2m6.320885876s ago: executing program 1 (id=1324): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) sysfs$auto(0x2, 0x10000000000002a, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/machinecheck/machinecheck0/print_all\x00', 0x80302, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) socket(0xf, 0x3, 0x2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x80000000001ff, 0x7, 0xd3d, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xb, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0x1000000000]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/038/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000001040)={0xa0, 0x6, 0x2a00, 0x17, 0xfff, 0x80000, 0x0}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xc451, 0xd, 0x1, 0x4, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x208000001f, 0x2, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0) 2m3.296222707s ago: executing program 1 (id=1327): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0x2c, 0x3, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto_SO_ATTACH_REUSEPORT_EBPF(r0, 0x3, 0x34, &(0x7f00000001c0)='/sys/kernel/debug/lru_gen\x00', 0xffffffff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/018/001\x00', 0x101202, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) unshare$auto(0x40000080) socketpair$auto(0x1, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) recvmmsg$auto(0x3, 0x0, 0xfff, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) 2m1.52478942s ago: executing program 1 (id=1332): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) sendmmsg$auto(r0, 0x0, 0x5, 0x311) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0x9, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 1m58.862488678s ago: executing program 33 (id=1320): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) ioctl$auto_LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$auto_LOOP_CTL_GET_FREE(r0, 0x4c82, 0x0) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x2c201, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80004001, 0x9) write$auto(0x6, 0x0, 0x100000001) 1m46.308712493s ago: executing program 34 (id=1332): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) sendmmsg$auto(r0, 0x0, 0x5, 0x311) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0x9, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 19.343074784s ago: executing program 5 (id=1498): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x100082) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) ioctl$auto_SNDCTL_SEQ_NRSYNTHS(r2, 0x8004510a, &(0x7f0000000040)) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2, 0x2, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x9, 0x6, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x4, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000000000000000, 0x2, 0x6d3c, 0x9, 0x2, 0x8000000000000006]}, 0x0) getpid() r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/dev_mcast\x00', 0x40280, 0x0) pread64$auto(r4, &(0x7f0000000040)='veth1\x00', 0x200000000004, 0xfc) getresuid$auto(&(0x7f00000000c0)=0x3, &(0x7f0000000100)=0x380, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 16.495533853s ago: executing program 5 (id=1506): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810008, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r2 = socket(0x23, 0x5, 0x0) bind$auto(r2, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) socket(0xf, 0xa, 0x5) ioperm$auto(0x7, 0x75, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) 15.265952078s ago: executing program 3 (id=1510): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0x8, 0x2) r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000007380)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x109041, 0x0) write$auto(r0, &(0x7f0000008d40)='($}-)#@\x00', 0x3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x10cc3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r1 = socket(0xf, 0xa, 0xf) setsockopt$auto(r1, 0x1, 0xc, 0x0, 0x7fffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189082, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) 13.998759963s ago: executing program 3 (id=1511): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x39}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x20009, 0x20000000) io_uring_setup$auto(0x1, 0x0) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_regulator_summary_fops_(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000480)={{0x0, 0x7, 0x0, 0x7, &(0x7f00000003c0)="36d426922608a1214940a348067f49ef5a4d2096455f61a11dd81b0c0527ec1674ba4f30dbe32e7da22234e8cb9c6fe2169af82540e2e52f7391e8cc3662de9bd60f64967569142153cfe766dfc79b00e70cbf2ced9db314dd2c7ccb9c52d29ada52e587c23b324fb9a0939378550faad663c872f3cf571cf7e1a437eea1d673edc290a12a2d941d2e6e9b26840bf8423611d93270b746", 0x0, 0x9}, 0x8}, 0x4, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(0xffffffffffffffff, 0x806c4120, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) adjtimex$auto(&(0x7f0000000200)={0x5f95, 0x0, 0x2, 0x2000000a, 0xff7d, 0xbc58, 0x4000005, 0x0, 0x5, 0x5, 0x80000000, {0x38c8b38f, 0xfc23f}, 0x2544, 0x200000001, 0xfb, 0x1000007, 0x0, 0x203c8, 0x8, 0x8, 0xffffffffffffffff, 0x1560cc85, 0x9}) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b34, 0x2, 0x100) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80000001) readv$auto(r1, 0x0, 0x1) pread64$auto(0xffffffffffffffff, &(0x7f0000000340)='/dev/bus/usb/013/001\x00', 0x6f, 0xdf) close_range$auto(0x2, 0x8, 0x0) 13.62833549s ago: executing program 4 (id=1512): socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/007/001\x00', 0x482301, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) r1 = openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci1/force_suspend\x00', 0x121401, 0x0) write$auto_force_suspend_fops_hci_vhci(r1, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x7) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) r2 = prctl$auto(0x401, 0x7fff, 0x0, 0xfffd, 0x2d5) mmap$auto(0x0, 0xfffffffffffffff7, 0x5, 0x19, r0, 0x7) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7f, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0xffffffffffffffff, 0x2) epoll_pwait$auto(r2, 0x0, 0x76bc33ad, 0x1e232711, &(0x7f00000000c0)={0x8}, 0x8) 12.290572396s ago: executing program 3 (id=1514): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xf, 0x0, 0x0, &(0x7f00000002c0)={[0x200, 0xe, 0x74, 0x1, 0x948a, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x4, 0xc, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, 0x0, 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x600, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x200000000000d, 0x1000000000001, 0x958b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x4, 0x40008000001f, 0x7, 0x6d3e, 0x2, 0x2, 0x1a00000000]}, 0x0) unshare$auto(0x1000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0x40401, 0x0) read$auto_event_trigger_fops_trace(r4, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x981, 0x0) sendmsg$auto_NL802154_CMD_SET_ACKREQ_DEFAULT(r0, 0x0, 0x24000000) 12.14285457s ago: executing program 4 (id=1515): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) write$auto_tty_fops_tty_io(r0, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296ebe6f598901d632a206d9bb056d8c8d9a5b4cf165c931477ba53f3a80c522fc11555ea", 0x51) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) io_uring_setup$auto(0x1, 0x0) bpf$auto(0x5, 0x0, 0x102) getpid() r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(r3, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000140)={0x14, r4, 0xd3ac6c422733a379, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) read$auto(r2, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) ioprio_get$auto_IOPRIO_WHO_PGRP(0x2, 0x0) 11.202484004s ago: executing program 3 (id=1516): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0xffffffffffffb8f1, 0x5, 0x3, 0x613, 0xfffffffffffffffa, 0x100000000000006) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) setresgid$auto(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve0\x00'}) bpf$auto(0x4, &(0x7f0000000180)=@query={@target_fd=r0, 0x9, 0x1, 0x6f7, 0x8, @count=0xf58000, 0x0, 0x7, 0x81, 0x0, 0xe}, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) fanotify_init$auto(0x1000, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) 10.649007713s ago: executing program 5 (id=1517): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20001, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = getsid$auto(0x0) r2 = waitid$auto_P_PID(0x1, r1, &(0x7f0000000080)={@siginfo_0_0={0x100, 0x1, 0x6, @_sigpoll={0x5, r0}}}, 0x8, &(0x7f0000000100)={{0x5a3c, 0xfffffffffffffffa}, {0x8, 0x6dbb}, 0x0, 0x76b7bc4, 0xf5, 0x8202, 0x100000000, 0x0, 0xfffffffffffff4b3, 0x10000, 0x3, 0x1, 0xd, 0xc2b4, 0x4, 0xfffffffffffffffc}) move_pages$auto(r2, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) listen$auto(r3, 0x80000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_create$auto(0x4) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 9.826847734s ago: executing program 4 (id=1518): r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f00000010c0), 0x0, 0x0) read$auto_proc_page_owner_operations_page_owner(r0, &(0x7f00000000c0)=""/4085, 0xff5) getsockopt$auto_SO_NETNS_COOKIE(r0, 0x1, 0x47, &(0x7f0000001100)='/dev/sequencer\x00', &(0x7f0000000040)=0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2b, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x800000000000e2a) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, 0x0, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socket(0x2c, 0x1, 0x3) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x108000, 0x800032, 0x4) 8.515091552s ago: executing program 6 (id=1520): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x6af3, 0x800) r3 = socket(0x1e, 0x1, 0x0) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r3, @new_map_fd=r0, 0x3, @old_prog_fd=r1}, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x2901, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0x3, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x7f, 0x32, 0x7440, 0xd0, 0xa, 0x9, 0xdffffffffffffffe]}, 0x0) select$auto(0x1, &(0x7f0000000340)={[0x2, 0x200, 0xfffffffffffffff1, 0x9, 0x100000001, 0xfac, 0x59900000000000, 0x4, 0x2, 0x5, 0x0, 0xdec6, 0x9, 0x2, 0xf09, 0xd2e]}, &(0x7f00000003c0)={[0x2c2a1cb0, 0x100, 0xd0a, 0x0, 0x4, 0x6, 0xe0b, 0x10001, 0x6, 0x7ff, 0xe7, 0x0, 0x14, 0xb4ca, 0x2, 0x2]}, &(0x7f0000000440)={[0x6, 0x80, 0x1d, 0x7, 0x7, 0x2, 0x4, 0xf99, 0x5cb1, 0x3, 0x6, 0x7e87, 0x1, 0xee6f, 0x100, 0xdd95]}, &(0x7f00000004c0)={0x4896, 0xfffffffffffffffb}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0x2, 0x20000000000001, 0x9487, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/security/tomoyo/query\x00', 0x82a02, 0x0) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x2, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.0/usb1/avoid_reset_quirk\x00', 0x68006, 0x0) read$auto(r4, 0x0, 0x20) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x3e, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0x5c8) 7.601966493s ago: executing program 5 (id=1521): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, r0) socket(0x2, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c9180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(0xffffffffffffffff, 0x0, 0x40) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) fcntl$auto(0x8000000000000001, 0x26, 0x8) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) close_range$auto(0x2, 0x8, 0x0) io_submit$auto(0xa, 0x7, &(0x7f0000000040)=&(0x7f0000000000)={0x7, 0x839a, 0x0, 0x2, 0xe7, 0xffffffffffffffff, 0x0, 0x2, 0x45, 0x0, 0x1}) bpf$auto(0x0, &(0x7f0000000000)=@raw_tracepoint={0x1a, 0xffffffffffffffff, 0x0, 0x4}, 0x7f) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r1) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r2, 0x1, 0x70bd26, 0x25dbdbfb, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x7a}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) gettid() timer_create$auto(0xffffffff, 0x0, &(0x7f0000001980)=0x80000000) 7.355155334s ago: executing program 6 (id=1522): mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0x400053, 0x9) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000180)=""/250, 0xfa) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x8, 0x8000) 7.269650934s ago: executing program 3 (id=1523): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x6, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x23, 0x80805, 0x0) poll$auto(&(0x7f0000000040)={r2, 0x7, 0x8}, 0x80, 0x400400) setsockopt$auto(r3, 0x113, 0x1, 0x0, 0x81) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r4, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x70) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) write$auto(r5, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0x48da548d) 6.485474432s ago: executing program 4 (id=1524): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/wlan1/mcast_solicit\x00', 0x2000, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x301, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.3/usb4/power/wakeup_last_time_ms\x00', 0x200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x108002, 0x0) epoll_create$auto(0x3e) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) eventfd$auto(0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd5/queue/iosched/front_merges\x00', 0xc0202, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x40384708, 0x0) 5.645095736s ago: executing program 4 (id=1525): mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0) mmap$auto(0x0, 0x7fff, 0x3, 0xeb0, 0xfffffffffffffffa, 0x208000) unshare$auto(0x40000080) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x200000000002d57, 0xeb1, 0xffffffffffffffff, 0x8000) mknod$auto(&(0x7f0000000080)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x1081, 0x8) socket(0x18, 0x1, 0x5) io_uring_setup$auto(0x1, 0x0) uname$auto(0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) write$auto(r2, 0x0, 0x3) prctl$auto_PR_SME_SET_VL(0x3f, 0x9, 0x0, 0x5, 0x8b00) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYRES8], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) 5.027740084s ago: executing program 6 (id=1526): socket(0xa, 0x3, 0x3b) socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r2) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) 5.024912339s ago: executing program 5 (id=1527): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd13/queue/scheduler\x00', 0x2c62, 0x0) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x100010008000) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={0x0, 0x1ffffffff}, 0x6, 0x0) r2 = socket(0xa, 0x2, 0x0) setsockopt$auto(r2, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000540), 0xa0100, 0x0) lseek$auto(r3, 0x0, 0x3) memfd_create$auto(0x0, 0x9) socket(0x1a, 0x6, 0x968c) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r4, 0x545c, 0xffffffffffffffff) 3.426750175s ago: executing program 4 (id=1528): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810008, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r2 = socket(0x23, 0x5, 0x0) bind$auto(r2, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) socket(0xf, 0xa, 0x5) ioperm$auto(0x7, 0x75, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) 2.971426095s ago: executing program 6 (id=1529): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(r0, 0x1, r0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, &(0x7f0000004440)) syz_clone3(&(0x7f0000000640)={0x108000, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) io_uring_setup$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffffc, 0xfffd, 0xdf, 0x13, 0xffffffffffffffff, 0x8100) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) acct$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003200)={0x0, 0x4c8}, 0x1, 0x0, 0x0, 0xc4}, 0x40) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, 0x0, 0x200000c0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.403662971s ago: executing program 3 (id=1530): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20001, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = getsid$auto(0x0) r2 = waitid$auto_P_PID(0x1, r1, &(0x7f0000000080)={@siginfo_0_0={0x100, 0x1, 0x6, @_sigpoll={0x5, r0}}}, 0x8, &(0x7f0000000100)={{0x5a3c, 0xfffffffffffffffa}, {0x8, 0x6dbb}, 0x0, 0x76b7bc4, 0xf5, 0x8202, 0x100000000, 0x0, 0xfffffffffffff4b3, 0x10000, 0x3, 0x1, 0xd, 0xc2b4, 0x4, 0xfffffffffffffffc}) move_pages$auto(r2, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) listen$auto(r3, 0x80000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_create$auto(0x4) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 1.663012118s ago: executing program 6 (id=1531): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x14, 0x5, 0x7fc, 0x7fb, &(0x7f00000002c0)}) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv6/conf/netdevsim2/hop_limit\x00', 0x5014c0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004814}, 0x8800) mmap$auto(0x0, 0x0, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0x1a1382, 0x0) write$auto_mousedev_fops_mousedev(r2, &(0x7f0000001380)="22d2", 0x2) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x108002, 0x0) r3 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_nvram_misc_fops_nvram(r3, &(0x7f0000000280)=""/210, 0xd2) ioctl$auto_NVRAM_INIT(r3, 0x7040, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/sockstat\x00', 0xc0880, 0x0) read$auto(r4, &(0x7f0000000040)='/proc/self/net/icmp\x00', 0x80000001) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) prctl$auto(0x43, 0x0, 0xffffffffffffffff, 0x0, 0x0) getsockopt$auto_SO_PEERPIDFD(0xffffffffffffffff, 0x1, 0x4d, &(0x7f0000000180)='\x00\x10\\.\x87\xf8Bw\x9bJx\amt\n\xfe\x9c', &(0x7f0000000040)=0xf7) futex$auto(0x0, 0x5, 0x9, 0x0, 0x0, 0xffff7fff) 180.325676ms ago: executing program 5 (id=1532): socket(0x2, 0x1, 0x106) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto(0xffffffffffffffff, 0xab07, 0xffffffffffffffff) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x48050) r2 = openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/netdevsim/netdevsim4/psample/out_tc\x00', 0x0, 0x0) setsockopt$auto_SO_MARK(r2, 0x6, 0x24, &(0x7f0000000380)='\x00', 0x163fdb7e) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) semctl$auto(0x8, 0x806, 0x13, 0x46) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r1) setsockopt$auto(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x10000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/nbd12\x00', 0x10000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/peer_notif_delay\x00', 0x20502, 0x0) read$auto(r3, 0x0, 0x1f) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xeffd) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7) 0s ago: executing program 6 (id=1533): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80001, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40080, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001c00)=""/4111, 0x100f) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) sysfs$auto(0x2, 0x16, 0x0) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000001040), 0x880, 0x0) close_range$auto(0xffffffffffffffff, r2, 0x80000001) rseq$auto(&(0x7f0000000840)={0xa, 0x9, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) kernel console output (not intermixed with test programs): 0xcf2/0x1750 [ 467.574176][T12297] __slab_alloc.constprop.0+0x56/0xb0 [ 467.600278][T12297] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 467.674767][T12297] kmalloc_reserve+0xef/0x2c0 [ 467.728917][T12297] __alloc_skb+0x166/0x380 [ 467.743911][T12297] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 467.808822][T12297] process_one_work+0x9cf/0x1b70 [ 467.813874][T12297] worker_thread+0x6c8/0xf10 [ 467.920460][T12297] kthread+0x3c5/0x780 [ 467.953174][T12297] ret_from_fork+0x56d/0x730 [ 467.957852][T12297] ret_from_fork_asm+0x1a/0x30 [ 468.041359][T12297] page last free pid 12143 tgid 12143 stack trace: [ 468.060161][T12370] netlink: 25 bytes leftover after parsing attributes in process `syz.3.899'. [ 468.119696][T12297] __free_frozen_pages+0x7d5/0x10f0 [ 468.178609][T12297] __put_partials+0x165/0x1c0 [ 468.183597][T12297] qlist_free_all+0x4d/0x120 [ 468.225773][T12297] kasan_quarantine_reduce+0x195/0x1e0 [ 468.253490][T12297] __kasan_slab_alloc+0x69/0x90 [ 468.258469][T12297] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 468.306189][T12297] vm_area_dup+0x27/0x8d0 [ 468.330500][T12297] __split_vma+0x18e/0x1070 [ 468.335158][T12297] vma_modify+0x16dc/0x2030 [ 468.358924][T12297] vma_modify_flags+0x212/0x2d0 [ 468.363841][T12297] mprotect_fixup+0x1df/0xb40 [ 468.390592][T12297] do_mprotect_pkey+0x9ca/0xd50 [ 468.395512][T12297] __x64_sys_mprotect+0x78/0xc0 [ 468.420693][T12297] do_syscall_64+0xcd/0x4c0 [ 468.438750][T12297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.085579][T12395] ubi0: attaching mtd0 [ 469.252807][T12395] ubi0: scanning is finished [ 469.304725][T12395] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 469.914312][T12395] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 470.541529][T12418] netlink: 28 bytes leftover after parsing attributes in process `syz.0.906'. [ 472.539492][T12463] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 473.826249][T12435] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 474.032460][T12532] can0: slcan on ttyS2. [ 474.200105][T12536] can0 (unregistered): slcan off ttyS2. [ 474.458414][T12555] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 475.193471][T12581] FAULT_INJECTION: forcing a failure. [ 475.193471][T12581] name failslab, interval 1, probability 0, space 0, times 0 [ 475.589823][T12581] CPU: 0 UID: 0 PID: 12581 Comm: syz.3.917 Not tainted syzkaller #0 PREEMPT(full) [ 475.589857][T12581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 475.589872][T12581] Call Trace: [ 475.589880][T12581] [ 475.589890][T12581] dump_stack_lvl+0x16c/0x1f0 [ 475.589932][T12581] should_fail_ex+0x512/0x640 [ 475.589970][T12581] ? __kvmalloc_node_noprof+0x124/0x620 [ 475.590002][T12581] should_failslab+0xc2/0x120 [ 475.590035][T12581] __kvmalloc_node_noprof+0x137/0x620 [ 475.590063][T12581] ? v4l2_ctrl_new+0x97d/0x2180 [ 475.590084][T12581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 475.590125][T12581] ? v4l2_ctrl_new+0x97d/0x2180 [ 475.590145][T12581] v4l2_ctrl_new+0x97d/0x2180 [ 475.590178][T12581] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 475.590198][T12581] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 475.590228][T12581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 475.590267][T12581] v4l2_ctrl_new_std+0x1be/0x290 [ 475.590298][T12581] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 475.590319][T12581] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 475.590345][T12581] ? rcu_is_watching+0x12/0xc0 [ 475.590370][T12581] ? trace_kmalloc+0x2b/0xd0 [ 475.590402][T12581] ? __kvmalloc_node_noprof+0x298/0x620 [ 475.590436][T12581] ? media_request_object_init+0x100/0x180 [ 475.590467][T12581] vicodec_open+0x1f7/0xf90 [ 475.590505][T12581] v4l2_open+0x222/0x490 [ 475.590539][T12581] ? __pfx_v4l2_open+0x10/0x10 [ 475.590573][T12581] chrdev_open+0x231/0x6a0 [ 475.590603][T12581] ? __pfx_apparmor_file_open+0x10/0x10 [ 475.590631][T12581] ? __pfx_chrdev_open+0x10/0x10 [ 475.590671][T12581] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 475.590705][T12581] do_dentry_open+0x97f/0x1530 [ 475.590736][T12581] ? __pfx_chrdev_open+0x10/0x10 [ 475.590773][T12581] vfs_open+0x82/0x3f0 [ 475.590813][T12581] path_openat+0x1de4/0x2cb0 [ 475.590851][T12581] ? __pfx_path_openat+0x10/0x10 [ 475.590888][T12581] do_filp_open+0x20b/0x470 [ 475.590917][T12581] ? __pfx_do_filp_open+0x10/0x10 [ 475.590967][T12581] ? alloc_fd+0x471/0x7d0 [ 475.591001][T12581] do_sys_openat2+0x11b/0x1d0 [ 475.591038][T12581] ? __pfx_do_sys_openat2+0x10/0x10 [ 475.591089][T12581] __x64_sys_openat+0x174/0x210 [ 475.591111][T12581] ? __pfx___x64_sys_openat+0x10/0x10 [ 475.591145][T12581] do_syscall_64+0xcd/0x4c0 [ 475.591169][T12581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.591194][T12581] RIP: 0033:0x7f048258eba9 [ 475.591213][T12581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.591237][T12581] RSP: 002b:00007f04833d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 475.591260][T12581] RAX: ffffffffffffffda RBX: 00007f04827d6180 RCX: 00007f048258eba9 [ 475.591277][T12581] RDX: 00000000000c0400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 475.591293][T12581] RBP: 00007f0482611e19 R08: 0000000000000000 R09: 0000000000000000 [ 475.591308][T12581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 475.591323][T12581] R13: 00007f04827d6218 R14: 00007f04827d6180 R15: 00007fff11279d58 [ 475.591353][T12581] [ 478.424325][T12621] zswap: compressor not available [ 478.470180][T12635] Setting dangerous option i915.mitigations - tainting kernel [ 484.158135][T12916] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(173544298.2314043776.706666779), cmd(6) [ 484.897326][T12927] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 486.346787][T12971] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 487.242399][T12994] FAULT_INJECTION: forcing a failure. [ 487.242399][T12994] name failslab, interval 1, probability 0, space 0, times 0 [ 487.343558][T12994] CPU: 0 UID: 0 PID: 12994 Comm: syz.2.945 Tainted: G U syzkaller #0 PREEMPT(full) [ 487.343598][T12994] Tainted: [U]=USER [ 487.343605][T12994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 487.343620][T12994] Call Trace: [ 487.343628][T12994] [ 487.343637][T12994] dump_stack_lvl+0x16c/0x1f0 [ 487.343686][T12994] should_fail_ex+0x512/0x640 [ 487.343725][T12994] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 487.343753][T12994] should_failslab+0xc2/0x120 [ 487.343786][T12994] __kmalloc_cache_noprof+0x6a/0x3e0 [ 487.343811][T12994] ? ktime_get_coarse_real_ts64_mg+0x240/0x300 [ 487.343845][T12994] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 487.343876][T12994] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 487.343904][T12994] hugetlb_reserve_pages+0x151/0xf40 [ 487.343943][T12994] ? __vma_enter_locked+0x163/0x3f0 [ 487.343969][T12994] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 487.344008][T12994] ? atime_needs_update+0x8b/0x710 [ 487.344054][T12994] hugetlbfs_file_mmap+0x4a1/0x730 [ 487.344099][T12994] __mmap_region+0x1311/0x27b0 [ 487.344132][T12994] ? __pfx___mmap_region+0x10/0x10 [ 487.344169][T12994] ? is_bpf_text_address+0x94/0x1a0 [ 487.344200][T12994] ? kernel_text_address+0x8d/0x100 [ 487.344222][T12994] ? __kernel_text_address+0xd/0x40 [ 487.344243][T12994] ? unwind_get_return_address+0x59/0xa0 [ 487.344269][T12994] ? arch_stack_walk+0xa6/0x100 [ 487.344345][T12994] ? trace_cap_capable+0x18d/0x200 [ 487.344381][T12994] mmap_region+0x32b/0x3f0 [ 487.344415][T12994] do_mmap+0xa3e/0x1210 [ 487.344463][T12994] ? __pfx_do_mmap+0x10/0x10 [ 487.344499][T12994] ? __pfx_down_write_killable+0x10/0x10 [ 487.344531][T12994] vm_mmap_pgoff+0x29e/0x470 [ 487.344572][T12994] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 487.344604][T12994] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 487.344643][T12994] ? hugetlbfs_get_inode+0x31f/0x730 [ 487.344678][T12994] ksys_mmap_pgoff+0x1c8/0x5c0 [ 487.344717][T12994] __x64_sys_mmap+0x125/0x190 [ 487.344758][T12994] do_syscall_64+0xcd/0x4c0 [ 487.344782][T12994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.344807][T12994] RIP: 0033:0x7f21a898eba9 [ 487.344826][T12994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.344850][T12994] RSP: 002b:00007f21a9777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 487.344872][T12994] RAX: ffffffffffffffda RBX: 00007f21a8bd5fa0 RCX: 00007f21a898eba9 [ 487.344887][T12994] RDX: 0000000000400002 RSI: 0000000000a00006 RDI: 0000000000000000 [ 487.344903][T12994] RBP: 00007f21a8a11e19 R08: 0000000000000602 R09: 0000300000000000 [ 487.344919][T12994] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 487.344935][T12994] R13: 00007f21a8bd6038 R14: 00007f21a8bd5fa0 R15: 00007ffc70af1398 [ 487.344965][T12994] [ 487.344974][T12994] HugeTLB: unable to allocate vma specific lock [ 488.325099][T13004] GUP no longer grows the stack in syz.1.944 (13004): 1000-401000 (0) [ 488.549867][T13004] CPU: 0 UID: 0 PID: 13004 Comm: syz.1.944 Tainted: G U syzkaller #0 PREEMPT(full) [ 488.549906][T13004] Tainted: [U]=USER [ 488.549913][T13004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 488.549927][T13004] Call Trace: [ 488.549935][T13004] [ 488.549945][T13004] dump_stack_lvl+0x16c/0x1f0 [ 488.549985][T13004] gup_vma_lookup+0x1d2/0x220 [ 488.550023][T13004] fixup_user_fault+0x26f/0x540 [ 488.550058][T13004] ? futex_wake_op+0x974/0xe40 [ 488.550097][T13004] fault_in_user_writeable+0x70/0xe0 [ 488.550127][T13004] futex_wake_op+0x9a0/0xe40 [ 488.550171][T13004] ? __pfx_futex_wake_op+0x10/0x10 [ 488.550219][T13004] ? css_rstat_updated+0x1c2/0x510 [ 488.550248][T13004] do_futex+0x2e9/0x350 [ 488.550279][T13004] ? __pfx_do_futex+0x10/0x10 [ 488.550316][T13004] ? find_held_lock+0x2b/0x80 [ 488.550341][T13004] ? handle_mm_fault+0x2ab/0xd10 [ 488.550368][T13004] __x64_sys_futex+0x1e0/0x4c0 [ 488.550401][T13004] ? exc_page_fault+0x5c/0xb0 [ 488.550437][T13004] ? __pfx___x64_sys_futex+0x10/0x10 [ 488.550480][T13004] do_syscall_64+0xcd/0x4c0 [ 488.550503][T13004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.550528][T13004] RIP: 0033:0x7f685438eba9 [ 488.550547][T13004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.550570][T13004] RSP: 002b:00007f6855209038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 488.550592][T13004] RAX: ffffffffffffffda RBX: 00007f68545d6360 RCX: 00007f685438eba9 [ 488.550608][T13004] RDX: 0000000000000002 RSI: 0000000000000085 RDI: 0000000000000000 [ 488.550622][T13004] RBP: 00007f6854411e19 R08: 0000000000000000 R09: 0000000000000001 [ 488.550636][T13004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 488.550650][T13004] R13: 00007f68545d63f8 R14: 00007f68545d6360 R15: 00007ffde41c91d8 [ 488.550680][T13004] [ 488.747470][ C0] vkms_vblank_simulate: vblank timer overrun [ 491.973697][T13063] binder: 13061:13063 ioctl 400c620e 0 returned -22 [ 494.861136][T13110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.961'. [ 498.640877][T13195] binder: 13192:13195 ioctl c018620c 0 returned -22 [ 498.853832][T13201] net_ratelimit: 4 callbacks suppressed [ 498.853851][T13201] netlink: zone id is out of range [ 499.064031][T13201] netlink: zone id is out of range [ 499.156304][T13201] netlink: zone id is out of range [ 499.274804][T13201] netlink: zone id is out of range [ 499.350800][T13201] netlink: zone id is out of range [ 499.392006][T13201] netlink: zone id is out of range [ 499.453296][T13201] netlink: zone id is out of range [ 499.499723][T13201] netlink: zone id is out of range [ 499.601080][T13201] netlink: zone id is out of range [ 499.641014][T13201] netlink: zone id is out of range [ 500.111180][T13219] netlink: 330 bytes leftover after parsing attributes in process `syz.0.976'. [ 500.191222][T13219] mac80211_hwsim hwsim2 : renamed from wlan0 (while UP) [ 500.698989][T13221] zswap: compressor not available [ 502.222607][T13257] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 503.553329][T13260] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 504.839553][T13333] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 508.587160][T13386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.993'. [ 508.723361][T13390] netlink: 354 bytes leftover after parsing attributes in process `syz.2.993'. [ 511.975838][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.982367][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.459735][T13445] netlink: 93 bytes leftover after parsing attributes in process `syz.2.998'. [ 512.735222][T13443] netlink: 93 bytes leftover after parsing attributes in process `syz.2.998'. [ 513.906128][T13470] Invalid ELF header magic: != ELF [ 514.860433][T13487] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1002'. [ 515.518861][T13499] ima: policy update failed [ 515.548595][ T30] audit: type=1802 audit(4294967347.020:13): pid=13499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1004" res=0 errno=0 [ 518.358848][T13511] random: crng reseeded on system resumption [ 519.229849][T13518] netlink: 'syz.3.1007': attribute type 5 has an invalid length. [ 521.258786][T13539] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1010'. [ 521.670250][T13541] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 523.210630][T13529] kexec: Could not allocate control_code_buffer [ 523.712990][T13595] vivid-003: ================= START STATUS ================= [ 523.782666][T13595] vivid-003: Radio HW Seek Mode: Bounded [ 523.788430][T13595] vivid-003: Radio Programmable HW Seek: false [ 524.518773][T13605] vivid-007: ================= START STATUS ================= [ 524.600778][T13595] vivid-003: RDS Rx I/O Mode: Block I/O [ 524.606478][T13595] vivid-003: Generate RBDS Instead of RDS: false [ 524.723869][T13605] vivid-007: Generate PTS: true [ 524.839042][T13605] vivid-007: Generate SCR: true [ 524.878882][T13595] vivid-003: RDS Reception: true [ 524.883956][T13595] vivid-003: RDS Program Type: 0 inactive [ 525.011893][T13605] tpg source WxH: 320x240 (Y'CbCr) [ 525.017114][T13605] tpg field: 1 [ 525.091321][T13595] vivid-003: RDS PS Name: inactive [ 525.161522][T13605] tpg crop: (0,0)/320x240 [ 525.209677][T13595] vivid-003: RDS Radio Text: inactive [ 525.216415][T13595] vivid-003: RDS Traffic Announcement: false inactive [ 525.322702][T13605] tpg compose: (0,0)/320x240 [ 525.327401][T13605] tpg colorspace: 8 [ 525.421870][T13605] tpg transfer function: 0/0 [ 525.426582][T13605] tpg Y'CbCr encoding: 0/0 [ 525.499271][T13595] vivid-003: RDS Traffic Program: false inactive [ 525.505732][T13595] vivid-003: RDS Music: false inactive [ 525.590283][T13605] tpg quantization: 0/0 [ 525.594563][T13605] tpg RGB range: 0/2 [ 525.609377][T13636] netlink: 'syz.3.1014': attribute type 1 has an invalid length. [ 525.649532][T13595] vivid-003: ================== END STATUS ================== [ 525.685230][T13605] vivid-007: ================== END STATUS ================== [ 527.459105][T13670] ima: policy update failed [ 527.468612][ T30] audit: type=1802 audit(4294967358.960:14): pid=13670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1017" res=0 errno=0 [ 527.506107][T13670] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1017'. [ 529.771628][T13684] net_ratelimit: 62 callbacks suppressed [ 529.771648][T13684] netlink: zone id is out of range [ 530.438213][T13684] netlink: zone id is out of range [ 530.526024][T13684] netlink: zone id is out of range [ 530.886331][T13684] netlink: zone id is out of range [ 531.287028][T13684] netlink: zone id is out of range [ 531.386925][T13684] netlink: zone id is out of range [ 531.481366][T13684] netlink: zone id is out of range [ 531.589228][T13702] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1023'. [ 531.600939][T13684] netlink: zone id is out of range [ 531.699744][T13684] netlink: zone id is out of range [ 531.858803][T13684] netlink: zone id is out of range [ 541.327487][T13846] serio: Serial port pty6 [ 543.010195][T13871] FAULT_INJECTION: forcing a failure. [ 543.010195][T13871] name failslab, interval 1, probability 0, space 0, times 0 [ 543.158625][T13871] CPU: 0 UID: 0 PID: 13871 Comm: syz.3.1041 Tainted: G U syzkaller #0 PREEMPT(full) [ 543.158665][T13871] Tainted: [U]=USER [ 543.158673][T13871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 543.158687][T13871] Call Trace: [ 543.158695][T13871] [ 543.158703][T13871] dump_stack_lvl+0x16c/0x1f0 [ 543.158747][T13871] should_fail_ex+0x512/0x640 [ 543.158785][T13871] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 543.158816][T13871] should_failslab+0xc2/0x120 [ 543.158849][T13871] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 543.158879][T13871] ? sk_prot_alloc+0x60/0x2a0 [ 543.158908][T13871] sk_prot_alloc+0x60/0x2a0 [ 543.158935][T13871] sk_alloc+0x36/0xc20 [ 543.158970][T13871] __vsock_create.constprop.0+0x3c/0xbb0 [ 543.159003][T13871] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 543.159042][T13871] vsock_create+0x139/0x500 [ 543.159083][T13871] __sock_create+0x335/0x8d0 [ 543.159117][T13871] __sys_socket+0x14d/0x260 [ 543.159146][T13871] ? __pfx___sys_socket+0x10/0x10 [ 543.159174][T13871] ? xfd_validate_state+0x61/0x180 [ 543.159210][T13871] ? __task_pid_nr_ns+0x17c/0x500 [ 543.159249][T13871] __x64_sys_socket+0x72/0xb0 [ 543.159277][T13871] ? lockdep_hardirqs_on+0x7c/0x110 [ 543.159313][T13871] do_syscall_64+0xcd/0x4c0 [ 543.159336][T13871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.159360][T13871] RIP: 0033:0x7f048258eba9 [ 543.159378][T13871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.159402][T13871] RSP: 002b:00007f0483413038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 543.159435][T13871] RAX: ffffffffffffffda RBX: 00007f04827d5fa0 RCX: 00007f048258eba9 [ 543.159451][T13871] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 543.159465][T13871] RBP: 00007f0482611e19 R08: 0000000000000000 R09: 0000000000000000 [ 543.159480][T13871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 543.159494][T13871] R13: 00007f04827d6038 R14: 00007f04827d5fa0 R15: 00007fff11279d58 [ 543.159525][T13871] [ 544.514281][T13884] [U]  [ 544.517134][T13884] [U] [ 544.519848][T13884] [U] [ 544.522567][T13884] [U] [ 544.715496][T13884] [U] [ 544.718362][T13884] [U] [ 544.721109][T13884] [U] [ 544.723830][T13884] [U] [ 544.920381][T13884] [U] [ 544.923135][T13884] [U] [ 544.925855][T13884] [U] [ 544.928567][T13884] [U] [ 545.060413][T13884] [U] [ 545.508235][T13893] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1039'. [ 545.538342][T13894] ubi0: attaching mtd0 [ 545.766463][T13894] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 545.776489][T13893] ipvlan0: entered promiscuous mode [ 545.839203][T13900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1046'. [ 545.848960][T13893] ipvlan0: entered allmulticast mode [ 545.854386][T13893] veth0_vlan: entered allmulticast mode [ 546.079818][T13906] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1046'. [ 546.335160][T13907] FAULT_INJECTION: forcing a failure. [ 546.335160][T13907] name failslab, interval 1, probability 0, space 0, times 0 [ 546.858547][T13907] CPU: 0 UID: 0 PID: 13907 Comm: syz.3.1045 Tainted: G U syzkaller #0 PREEMPT(full) [ 546.858585][T13907] Tainted: [U]=USER [ 546.858593][T13907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 546.858607][T13907] Call Trace: [ 546.858615][T13907] [ 546.858624][T13907] dump_stack_lvl+0x16c/0x1f0 [ 546.858666][T13907] should_fail_ex+0x512/0x640 [ 546.858710][T13907] should_failslab+0xc2/0x120 [ 546.858743][T13907] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 546.858774][T13907] ? zswap_store+0x839/0x25a0 [ 546.858819][T13907] zswap_store+0x839/0x25a0 [ 546.858868][T13907] ? __pfx_zswap_store+0x10/0x10 [ 546.858905][T13907] ? do_raw_spin_lock+0x12c/0x2b0 [ 546.858942][T13907] ? find_held_lock+0x2b/0x80 [ 546.858966][T13907] ? folio_free_swap+0x171/0x580 [ 546.858998][T13907] ? do_raw_spin_unlock+0x172/0x230 [ 546.859040][T13907] ? swp_swap_info+0xce/0x130 [ 546.859073][T13907] ? __pfx_swp_swap_info+0x10/0x10 [ 546.859107][T13907] ? mod_memcg_lruvec_state+0x389/0x5f0 [ 546.859151][T13907] swap_writeout+0x3b2/0xfe0 [ 546.859189][T13907] ? mark_held_locks+0x49/0x80 [ 546.859219][T13907] ? _raw_spin_unlock_irq+0x23/0x50 [ 546.859255][T13907] shmem_writeout+0xc29/0x1140 [ 546.859287][T13907] ? __pfx_shmem_writeout+0x10/0x10 [ 546.859317][T13907] ? inode_to_bdi+0x9e/0x160 [ 546.859348][T13907] ? folio_clear_dirty_for_io+0x112/0x810 [ 546.859391][T13907] shrink_folio_list+0x2f4c/0x4880 [ 546.859426][T13907] ? __pfx_shrink_folio_list+0x10/0x10 [ 546.859452][T13907] ? __page_table_check_puds_set+0x1e0/0x250 [ 546.859485][T13907] ? lockdep_hardirqs_on+0x7c/0x110 [ 546.859532][T13907] ? get_page_from_freelist+0x132b/0x38e0 [ 546.859598][T13907] reclaim_folio_list+0xda/0x5d0 [ 546.859627][T13907] ? __pfx_reclaim_folio_list+0x10/0x10 [ 546.859665][T13907] ? css_rstat_updated+0x1c2/0x510 [ 546.859696][T13907] ? do_raw_spin_lock+0x12c/0x2b0 [ 546.859731][T13907] ? lru_gen_del_folio+0x32b/0x540 [ 546.859756][T13907] reclaim_pages+0x47b/0x650 [ 546.859784][T13907] ? __pfx_reclaim_pages+0x10/0x10 [ 546.859809][T13907] ? find_held_lock+0x2b/0x80 [ 546.859832][T13907] ? madvise_cold_or_pageout_pte_range+0x749/0x2120 [ 546.859874][T13907] madvise_cold_or_pageout_pte_range+0x1546/0x2120 [ 546.859925][T13907] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 546.859974][T13907] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 546.860012][T13907] walk_pgd_range+0xc02/0x1f50 [ 546.860068][T13907] ? __pfx_walk_pgd_range+0x10/0x10 [ 546.860106][T13907] __walk_page_range+0x163/0x820 [ 546.860140][T13907] ? __lock_acquire+0xb97/0x1ce0 [ 546.860179][T13907] walk_page_range_vma+0x2c7/0xa20 [ 546.860214][T13907] ? __pfx_walk_page_range_vma+0x10/0x10 [ 546.860245][T13907] ? find_held_lock+0x2b/0x80 [ 546.860280][T13907] madvise_pageout+0x257/0x540 [ 546.860314][T13907] ? __pfx_madvise_pageout+0x10/0x10 [ 546.860345][T13907] ? finish_task_switch.isra.0+0x21c/0xc10 [ 546.860392][T13907] madvise_vma_behavior+0xb22/0x2d60 [ 546.860431][T13907] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 546.860469][T13907] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 546.860507][T13907] ? __pfx_mas_prev+0x10/0x10 [ 546.860551][T13907] ? find_vma_prev+0xda/0x160 [ 546.860585][T13907] ? find_held_lock+0x2b/0x80 [ 546.860607][T13907] ? __pfx_find_vma_prev+0x10/0x10 [ 546.860642][T13907] ? futex_unqueue+0x133/0x2c0 [ 546.860679][T13907] ? __futex_wait+0x24c/0x2f0 [ 546.860719][T13907] madvise_walk_vmas+0x31f/0x9c0 [ 546.860759][T13907] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 546.860803][T13907] madvise_do_behavior+0x1e2/0x530 [ 546.860837][T13907] ? futex_private_hash_put+0x18a/0x300 [ 546.860867][T13907] ? __pfx_madvise_do_behavior+0x10/0x10 [ 546.860904][T13907] ? down_read+0x13d/0x480 [ 546.860941][T13907] do_madvise+0x176/0x240 [ 546.860975][T13907] ? __pfx_do_madvise+0x10/0x10 [ 546.861009][T13907] ? do_futex+0x122/0x350 [ 546.861069][T13907] ? syscall_user_dispatch+0x78/0x140 [ 546.861114][T13907] __x64_sys_madvise+0xa9/0x110 [ 546.861151][T13907] do_syscall_64+0xcd/0x4c0 [ 546.861174][T13907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.861199][T13907] RIP: 0033:0x7f048258eba9 [ 546.861219][T13907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.861242][T13907] RSP: 002b:00007f04833b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 546.861264][T13907] RAX: ffffffffffffffda RBX: 00007f04827d6270 RCX: 00007f048258eba9 [ 546.861280][T13907] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 546.861294][T13907] RBP: 00007f0482611e19 R08: 0000000000000000 R09: 0000000000000000 [ 546.861309][T13907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 546.861323][T13907] R13: 00007f04827d6308 R14: 00007f04827d6270 R15: 00007fff11279d58 [ 546.861353][T13907] [ 555.381425][ T5874] Bluetooth: hci1: unexpected event 0x16 length: 440 > 6 [ 557.586471][T14288] netlink: 'syz.1.1060': attribute type 28 has an invalid length. [ 557.700315][T14288] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1060'. [ 558.451489][T14296] random: crng reseeded on system resumption [ 558.521199][T14303] ICMPv6: process `syz.1.1062' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 558.719743][T14303] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 559.390516][T14315] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 561.780560][T14379] Invalid ELF header magic: != ELF [ 562.470063][T12606] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:7: bg 2: bad block bitmap checksum [ 562.559328][T12606] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 943 with max blocks 20 with error 74 [ 562.688809][T12606] EXT4-fs (sda1): This should not happen!! Data will be lost [ 562.688809][T12606] [ 565.018785][T14461] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 565.110440][ T30] audit: type=1800 audit(4294967396.610:15): pid=14456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1081" name="features" dev="configfs" ino=65810 res=0 errno=0 [ 565.194514][ T10] Process accounting resumed [ 567.969351][ T1097] EXT4-fs (sda1): Delayed block allocation failed for inode 2032 at logical offset 2 with max blocks 4 with error 117 [ 568.050776][ T1097] EXT4-fs (sda1): This should not happen!! Data will be lost [ 568.050776][ T1097] [ 568.838961][T14551] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 569.958026][T14572] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 573.417681][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.438664][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 581.021279][T14958] futex_wake_op: syz.2.1116 tries to shift op by -9; fix this program [ 584.380270][T15066] FAULT_INJECTION: forcing a failure. [ 584.380270][T15066] name fail_futex, interval 1, probability 0, space 0, times 0 [ 584.499682][T15066] CPU: 0 UID: 0 PID: 15066 Comm: syz.2.1121 Tainted: G U syzkaller #0 PREEMPT(full) [ 584.499720][T15066] Tainted: [U]=USER [ 584.499728][T15066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 584.499743][T15066] Call Trace: [ 584.499750][T15066] [ 584.499760][T15066] dump_stack_lvl+0x16c/0x1f0 [ 584.499803][T15066] should_fail_ex+0x512/0x640 [ 584.499847][T15066] get_futex_key+0x1d0/0x1560 [ 584.499880][T15066] ? __pfx_get_futex_key+0x10/0x10 [ 584.499912][T15066] ? __pick_eevdf+0x30a/0x670 [ 584.499947][T15066] futex_wait_setup+0x9d/0x550 [ 584.499992][T15066] __futex_wait+0x194/0x2f0 [ 584.500035][T15066] ? __pfx___futex_wait+0x10/0x10 [ 584.500070][T15066] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 584.500103][T15066] ? lockdep_hardirqs_on+0x7c/0x110 [ 584.500143][T15066] ? __pfx_futex_wake_mark+0x10/0x10 [ 584.500184][T15066] ? futex_private_hash_put+0x176/0x300 [ 584.500216][T15066] ? futex_private_hash_put+0x18a/0x300 [ 584.500246][T15066] futex_wait+0xe8/0x380 [ 584.500282][T15066] ? __pfx_futex_wait+0x10/0x10 [ 584.500324][T15066] ? kmem_cache_free+0x2d1/0x4d0 [ 584.500350][T15066] ? fd_install+0x225/0x750 [ 584.500374][T15066] ? putname+0x154/0x1a0 [ 584.500411][T15066] do_futex+0x229/0x350 [ 584.500442][T15066] ? __pfx_do_futex+0x10/0x10 [ 584.500480][T15066] __x64_sys_futex+0x1e0/0x4c0 [ 584.500513][T15066] ? __x64_sys_openat+0x174/0x210 [ 584.500535][T15066] ? __pfx___x64_sys_futex+0x10/0x10 [ 584.500577][T15066] do_syscall_64+0xcd/0x4c0 [ 584.500600][T15066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.500625][T15066] RIP: 0033:0x7f21a898eba9 [ 584.500644][T15066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.500667][T15066] RSP: 002b:00007f21a97350e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 584.500689][T15066] RAX: ffffffffffffffda RBX: 00007f21a8bd6188 RCX: 00007f21a898eba9 [ 584.500705][T15066] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f21a8bd6188 [ 584.500719][T15066] RBP: 00007f21a8bd6180 R08: 0000000000000000 R09: 0000000000000000 [ 584.500733][T15066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.500747][T15066] R13: 00007f21a8bd6218 R14: 00007ffc70af12b0 R15: 00007ffc70af1398 [ 584.500776][T15066] [ 585.171538][T15054] netlink: 'syz.2.1121': attribute type 1 has an invalid length. [ 585.975136][T15054] tty tty26: ldisc open failed (-12), clearing slot 25 [ 586.507806][T15097] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 593.583354][ T6667] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 952 with max blocks 11 with error 117 [ 593.632691][T15302] kexec: Could not allocate control_code_buffer [ 593.723038][ T6667] EXT4-fs (sda1): This should not happen!! Data will be lost [ 593.723038][ T6667] [ 596.229804][ T6667] EXT4-fs (sda1): Delayed block allocation failed for inode 2032 at logical offset 2 with max blocks 4 with error 117 [ 596.324319][ T6667] EXT4-fs (sda1): This should not happen!! Data will be lost [ 596.324319][ T6667] [ 597.335067][T15337] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 597.424745][T15360] netlink: 'syz.2.1146': attribute type 1 has an invalid length. [ 597.923256][T15361] serio: Serial port pty6 [ 599.272598][T15394] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1152'. [ 599.410246][T15397] usb usb17: usbfs: process 15397 (syz.3.1150) did not claim interface 0 before use [ 600.929982][T15421] Trying to write to read-only block-device sda1 [ 604.309073][T15473] FAULT_INJECTION: forcing a failure. [ 604.309073][T15473] name failslab, interval 1, probability 0, space 0, times 0 [ 604.421381][T15473] CPU: 0 UID: 0 PID: 15473 Comm: syz.2.1164 Tainted: G U syzkaller #0 PREEMPT(full) [ 604.421420][T15473] Tainted: [U]=USER [ 604.421427][T15473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 604.421442][T15473] Call Trace: [ 604.421449][T15473] [ 604.421458][T15473] dump_stack_lvl+0x16c/0x1f0 [ 604.421501][T15473] should_fail_ex+0x512/0x640 [ 604.421539][T15473] ? __kmalloc_noprof+0xbf/0x510 [ 604.421569][T15473] ? ovs_vport_alloc+0x30/0x3d0 [ 604.421591][T15473] should_failslab+0xc2/0x120 [ 604.421622][T15473] __kmalloc_noprof+0xd2/0x510 [ 604.421649][T15473] ? lockdep_hardirqs_on+0x7c/0x110 [ 604.421692][T15473] ovs_vport_alloc+0x30/0x3d0 [ 604.421717][T15473] internal_dev_create+0x25/0x520 [ 604.421743][T15473] ovs_vport_add+0x144/0x4d0 [ 604.421784][T15473] new_vport+0x16/0x1d0 [ 604.421814][T15473] ovs_dp_cmd_new+0x6ba/0xe60 [ 604.421855][T15473] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 604.421896][T15473] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 604.421932][T15473] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 604.421966][T15473] genl_family_rcv_msg_doit+0x206/0x2f0 [ 604.421995][T15473] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 604.422031][T15473] ? bpf_lsm_capable+0x9/0x10 [ 604.422053][T15473] ? security_capable+0x7e/0x260 [ 604.422078][T15473] ? ns_capable+0xd7/0x110 [ 604.422107][T15473] genl_rcv_msg+0x55c/0x800 [ 604.422138][T15473] ? __pfx_genl_rcv_msg+0x10/0x10 [ 604.422165][T15473] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 604.422209][T15473] netlink_rcv_skb+0x155/0x420 [ 604.422247][T15473] ? __pfx_genl_rcv_msg+0x10/0x10 [ 604.422274][T15473] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 604.422325][T15473] ? netlink_deliver_tap+0x1ae/0xd30 [ 604.422366][T15473] genl_rcv+0x28/0x40 [ 604.422387][T15473] netlink_unicast+0x5aa/0x870 [ 604.422429][T15473] ? __pfx_netlink_unicast+0x10/0x10 [ 604.422467][T15473] ? __pfx___might_resched+0x10/0x10 [ 604.422490][T15473] ? __lock_acquire+0xb97/0x1ce0 [ 604.422530][T15473] netlink_sendmsg+0x8d1/0xdd0 [ 604.422573][T15473] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.422615][T15473] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 604.422646][T15473] ____sys_sendmsg+0xa95/0xc70 [ 604.422675][T15473] ? copy_msghdr_from_user+0x10a/0x160 [ 604.422711][T15473] ? __pfx_____sys_sendmsg+0x10/0x10 [ 604.422753][T15473] ___sys_sendmsg+0x134/0x1d0 [ 604.422791][T15473] ? __pfx____sys_sendmsg+0x10/0x10 [ 604.422865][T15473] __sys_sendmsg+0x16d/0x220 [ 604.422903][T15473] ? __pfx___sys_sendmsg+0x10/0x10 [ 604.422944][T15473] ? __x64_sys_futex+0x1e0/0x4c0 [ 604.422993][T15473] do_syscall_64+0xcd/0x4c0 [ 604.423017][T15473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.423042][T15473] RIP: 0033:0x7f21a898eba9 [ 604.423061][T15473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.423085][T15473] RSP: 002b:00007f21a9777038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 604.423108][T15473] RAX: ffffffffffffffda RBX: 00007f21a8bd5fa0 RCX: 00007f21a898eba9 [ 604.423123][T15473] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 000000000000000a [ 604.423138][T15473] RBP: 00007f21a8a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 604.423152][T15473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.423166][T15473] R13: 00007f21a8bd6038 R14: 00007f21a8bd5fa0 R15: 00007ffc70af1398 [ 604.423196][T15473] [ 605.590129][T15499] FAULT_INJECTION: forcing a failure. [ 605.590129][T15499] name failslab, interval 1, probability 0, space 0, times 0 [ 605.602859][T15499] CPU: 0 UID: 0 PID: 15499 Comm: syz.1.1165 Tainted: G U syzkaller #0 PREEMPT(full) [ 605.602895][T15499] Tainted: [U]=USER [ 605.602903][T15499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 605.602919][T15499] Call Trace: [ 605.602926][T15499] [ 605.602935][T15499] dump_stack_lvl+0x16c/0x1f0 [ 605.602978][T15499] should_fail_ex+0x512/0x640 [ 605.603020][T15499] should_failslab+0xc2/0x120 [ 605.603054][T15499] __kmalloc_cache_noprof+0x6a/0x3e0 [ 605.603080][T15499] ? tipc_nametbl_insert_publ+0x700/0x1720 [ 605.603123][T15499] tipc_nametbl_insert_publ+0x700/0x1720 [ 605.603164][T15499] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 605.603201][T15499] ? net_generic+0xea/0x2a0 [ 605.603245][T15499] tipc_nametbl_publish+0x137/0x280 [ 605.603288][T15499] tipc_sk_publish+0x1d8/0x430 [ 605.603310][T15499] ? __pfx_tipc_sk_publish+0x10/0x10 [ 605.603336][T15499] ? __local_bh_enable_ip+0xa4/0x120 [ 605.603369][T15499] tipc_sk_bind+0x16f/0x380 [ 605.603393][T15499] tipc_bind+0x190/0x2a0 [ 605.603418][T15499] __sys_bind+0x1a7/0x260 [ 605.603448][T15499] ? __pfx___sys_bind+0x10/0x10 [ 605.603489][T15499] ? xfd_validate_state+0x61/0x180 [ 605.603523][T15499] ? __pfx_do_writev+0x10/0x10 [ 605.603555][T15499] __x64_sys_bind+0x72/0xb0 [ 605.603583][T15499] ? lockdep_hardirqs_on+0x7c/0x110 [ 605.603618][T15499] do_syscall_64+0xcd/0x4c0 [ 605.603641][T15499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.603666][T15499] RIP: 0033:0x7f685438eba9 [ 605.603685][T15499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.603709][T15499] RSP: 002b:00007f685526c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 605.603731][T15499] RAX: ffffffffffffffda RBX: 00007f68545d6090 RCX: 00007f685438eba9 [ 605.603747][T15499] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000006 [ 605.603762][T15499] RBP: 00007f6854411e19 R08: 0000000000000000 R09: 0000000000000000 [ 605.603782][T15499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.603797][T15499] R13: 00007f68545d6128 R14: 00007f68545d6090 R15: 00007ffde41c91d8 [ 605.603826][T15499] [ 605.603836][T15499] tipc: Failed to bind to 65,0,0 [ 606.979861][ T5874] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 608.272175][T15596] FAULT_INJECTION: forcing a failure. [ 608.272175][T15596] name failslab, interval 1, probability 0, space 0, times 0 [ 608.345492][T15596] CPU: 0 UID: 0 PID: 15596 Comm: syz.2.1170 Tainted: G U syzkaller #0 PREEMPT(full) [ 608.345530][T15596] Tainted: [U]=USER [ 608.345537][T15596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 608.345552][T15596] Call Trace: [ 608.345559][T15596] [ 608.345568][T15596] dump_stack_lvl+0x16c/0x1f0 [ 608.345609][T15596] should_fail_ex+0x512/0x640 [ 608.345649][T15596] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 608.345686][T15596] should_failslab+0xc2/0x120 [ 608.345719][T15596] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 608.345754][T15596] ? fib_rules_register+0x30/0x500 [ 608.345794][T15596] ? __pfx_fib6_rules_net_init+0x10/0x10 [ 608.345826][T15596] kmemdup_noprof+0x29/0x60 [ 608.345857][T15596] fib_rules_register+0x30/0x500 [ 608.345897][T15596] ? __pfx_fib6_rules_net_init+0x10/0x10 [ 608.345928][T15596] fib6_rules_net_init+0x1f/0x140 [ 608.345960][T15596] ops_init+0x1e2/0x5f0 [ 608.345985][T15596] setup_net+0x10f/0x380 [ 608.346004][T15596] ? lockdep_init_map_type+0x5c/0x280 [ 608.346039][T15596] ? __pfx_setup_net+0x10/0x10 [ 608.346063][T15596] ? debug_mutex_init+0x37/0x70 [ 608.346090][T15596] copy_net_ns+0x2a6/0x5f0 [ 608.346118][T15596] create_new_namespaces+0x3ea/0xa90 [ 608.346153][T15596] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 608.346184][T15596] ksys_unshare+0x45b/0xa40 [ 608.346219][T15596] ? __pfx_ksys_unshare+0x10/0x10 [ 608.346254][T15596] ? xfd_validate_state+0x61/0x180 [ 608.346299][T15596] __x64_sys_unshare+0x31/0x40 [ 608.346332][T15596] do_syscall_64+0xcd/0x4c0 [ 608.346356][T15596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.346380][T15596] RIP: 0033:0x7f21a898eba9 [ 608.346399][T15596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.346423][T15596] RSP: 002b:00007f21a9777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 608.346445][T15596] RAX: ffffffffffffffda RBX: 00007f21a8bd5fa0 RCX: 00007f21a898eba9 [ 608.346470][T15596] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 608.346485][T15596] RBP: 00007f21a8a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 608.346499][T15596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.346513][T15596] R13: 00007f21a8bd6038 R14: 00007f21a8bd5fa0 R15: 00007ffc70af1398 [ 608.346544][T15596] [ 609.603169][T15628] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 609.982569][T15630] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 612.501574][T15700] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1179'. [ 613.369839][T15705] FAULT_INJECTION: forcing a failure. [ 613.369839][T15705] name fail_futex, interval 1, probability 0, space 0, times 0 [ 613.490998][T15717] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1191'. [ 613.639746][T15731] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1191'. [ 613.662699][T15705] CPU: 0 UID: 0 PID: 15705 Comm: syz.1.1182 Tainted: G U syzkaller #0 PREEMPT(full) [ 613.662738][T15705] Tainted: [U]=USER [ 613.662746][T15705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 613.662759][T15705] Call Trace: [ 613.662767][T15705] [ 613.662776][T15705] dump_stack_lvl+0x16c/0x1f0 [ 613.662816][T15705] should_fail_ex+0x512/0x640 [ 613.662859][T15705] get_futex_key+0x1d0/0x1560 [ 613.662902][T15705] ? __pfx_get_futex_key+0x10/0x10 [ 613.662940][T15705] ? do_raw_spin_lock+0x12c/0x2b0 [ 613.662984][T15705] futex_wake+0xea/0x530 [ 613.663017][T15705] ? find_held_lock+0x2b/0x80 [ 613.663043][T15705] ? __pfx_futex_wake+0x10/0x10 [ 613.663076][T15705] ? rcu_is_watching+0x12/0xc0 [ 613.663101][T15705] ? lockdep_hardirqs_on+0x7c/0x110 [ 613.663139][T15705] ? posix_timer_unhash_and_free+0x375/0x400 [ 613.663172][T15705] ? posix_cpu_timer_create+0x257/0x4a0 [ 613.663204][T15705] do_futex+0x1e3/0x350 [ 613.663241][T15705] ? __pfx_do_futex+0x10/0x10 [ 613.663280][T15705] __x64_sys_futex+0x1e0/0x4c0 [ 613.663312][T15705] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 613.663349][T15705] ? __pfx___x64_sys_futex+0x10/0x10 [ 613.663380][T15705] ? xfd_validate_state+0x61/0x180 [ 613.663415][T15705] ? __task_pid_nr_ns+0x17c/0x500 [ 613.663457][T15705] do_syscall_64+0xcd/0x4c0 [ 613.663480][T15705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.663505][T15705] RIP: 0033:0x7f685438eba9 [ 613.663523][T15705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.663547][T15705] RSP: 002b:00007f685528d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 613.663569][T15705] RAX: ffffffffffffffda RBX: 00007f68545d5fa8 RCX: 00007f685438eba9 [ 613.663584][T15705] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f68545d5fac [ 613.663599][T15705] RBP: 00007f68545d5fa0 R08: 00007f685528e000 R09: 0000000000000000 [ 613.663614][T15705] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 613.663628][T15705] R13: 00007f68545d6038 R14: 00007ffde41c90f0 R15: 00007ffde41c91d8 [ 613.663658][T15705] [ 613.874910][ C0] vkms_vblank_simulate: vblank timer overrun [ 613.995421][T15717] geneve1: entered promiscuous mode [ 614.000813][T15717] geneve1: entered allmulticast mode [ 619.339411][T15908] FAULT_INJECTION: forcing a failure. [ 619.339411][T15908] name failslab, interval 1, probability 0, space 0, times 0 [ 619.415250][T15908] CPU: 0 UID: 0 PID: 15908 Comm: syz.1.1196 Tainted: G U syzkaller #0 PREEMPT(full) [ 619.415288][T15908] Tainted: [U]=USER [ 619.415295][T15908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 619.415318][T15908] Call Trace: [ 619.415326][T15908] [ 619.415335][T15908] dump_stack_lvl+0x16c/0x1f0 [ 619.415377][T15908] should_fail_ex+0x512/0x640 [ 619.415415][T15908] ? __kvmalloc_node_noprof+0x124/0x620 [ 619.415447][T15908] should_failslab+0xc2/0x120 [ 619.415479][T15908] __kvmalloc_node_noprof+0x137/0x620 [ 619.415505][T15908] ? rcu_is_watching+0x12/0xc0 [ 619.415529][T15908] ? kfree+0x24f/0x4d0 [ 619.415549][T15908] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 619.415578][T15908] ? mark_held_locks+0x49/0x80 [ 619.415615][T15908] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 619.415643][T15908] snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 619.415680][T15908] snd_pcm_plug_alloc+0x146/0x330 [ 619.415713][T15908] snd_pcm_oss_change_params_locked+0x19b8/0x3a30 [ 619.415758][T15908] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 619.415812][T15908] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 619.415849][T15908] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 619.415880][T15908] ? hook_file_ioctl_common+0x145/0x410 [ 619.415914][T15908] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 619.415946][T15908] ? __fget_files+0x20e/0x3c0 [ 619.415977][T15908] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 619.416008][T15908] __x64_sys_ioctl+0x18b/0x210 [ 619.416048][T15908] do_syscall_64+0xcd/0x4c0 [ 619.416077][T15908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.416102][T15908] RIP: 0033:0x7f685438eba9 [ 619.416121][T15908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 619.416145][T15908] RSP: 002b:00007f685528d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.416167][T15908] RAX: ffffffffffffffda RBX: 00007f68545d5fa0 RCX: 00007f685438eba9 [ 619.416183][T15908] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 619.416197][T15908] RBP: 00007f6854411e19 R08: 0000000000000000 R09: 0000000000000000 [ 619.416211][T15908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 619.416225][T15908] R13: 00007f68545d6038 R14: 00007f68545d5fa0 R15: 00007ffde41c91d8 [ 619.416255][T15908] [ 620.457942][T15916] FAULT_INJECTION: forcing a failure. [ 620.457942][T15916] name failslab, interval 1, probability 0, space 0, times 0 [ 620.511023][T15916] CPU: 0 UID: 0 PID: 15916 Comm: syz.2.1197 Tainted: G U syzkaller #0 PREEMPT(full) [ 620.511063][T15916] Tainted: [U]=USER [ 620.511070][T15916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 620.511084][T15916] Call Trace: [ 620.511092][T15916] [ 620.511101][T15916] dump_stack_lvl+0x16c/0x1f0 [ 620.511142][T15916] should_fail_ex+0x512/0x640 [ 620.511181][T15916] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 620.511210][T15916] should_failslab+0xc2/0x120 [ 620.511242][T15916] __kmalloc_cache_noprof+0x6a/0x3e0 [ 620.511268][T15916] ? sctp_auth_init+0x30d/0x570 [ 620.511309][T15916] sctp_auth_init+0x30d/0x570 [ 620.511349][T15916] sctp_setsockopt+0xa371/0xb870 [ 620.511380][T15916] ? __pfx_sctp_setsockopt+0x10/0x10 [ 620.511413][T15916] ? find_held_lock+0x2b/0x80 [ 620.511440][T15916] ? aa_sock_opt_perm+0xfd/0x1c0 [ 620.511464][T15916] ? sock_common_setsockopt+0x2e/0xf0 [ 620.511490][T15916] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 620.511519][T15916] do_sock_setsockopt+0xf3/0x1d0 [ 620.511548][T15916] __sys_setsockopt+0x120/0x1a0 [ 620.511588][T15916] __x64_sys_setsockopt+0xbd/0x160 [ 620.511622][T15916] ? do_syscall_64+0x91/0x4c0 [ 620.511642][T15916] ? lockdep_hardirqs_on+0x7c/0x110 [ 620.511677][T15916] do_syscall_64+0xcd/0x4c0 [ 620.511700][T15916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.511725][T15916] RIP: 0033:0x7f21a898eba9 [ 620.511744][T15916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.511772][T15916] RSP: 002b:00007f21a9756038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 620.511794][T15916] RAX: ffffffffffffffda RBX: 00007f21a8bd6090 RCX: 00007f21a898eba9 [ 620.511810][T15916] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 620.511824][T15916] RBP: 00007f21a8a11e19 R08: 0000000000000008 R09: 0000000000000000 [ 620.511839][T15916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 620.511853][T15916] R13: 00007f21a8bd6128 R14: 00007f21a8bd6090 R15: 00007ffc70af1398 [ 620.511883][T15916] [ 622.616101][T16045] random: crng reseeded on system resumption [ 624.290006][T16116] FAULT_INJECTION: forcing a failure. [ 624.290006][T16116] name failslab, interval 1, probability 0, space 0, times 0 [ 624.373031][T16116] CPU: 0 UID: 0 PID: 16116 Comm: syz.3.1204 Tainted: G U syzkaller #0 PREEMPT(full) [ 624.373070][T16116] Tainted: [U]=USER [ 624.373078][T16116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 624.373092][T16116] Call Trace: [ 624.373100][T16116] [ 624.373109][T16116] dump_stack_lvl+0x16c/0x1f0 [ 624.373150][T16116] should_fail_ex+0x512/0x640 [ 624.373189][T16116] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 624.373217][T16116] should_failslab+0xc2/0x120 [ 624.373250][T16116] __kmalloc_cache_noprof+0x6a/0x3e0 [ 624.373273][T16116] ? lockdep_init_map_type+0x5c/0x280 [ 624.373308][T16116] ? nci_hci_allocate+0x45/0x330 [ 624.373353][T16116] nci_hci_allocate+0x45/0x330 [ 624.373390][T16116] nci_allocate_device+0x26f/0x430 [ 624.373423][T16116] virtual_ncidev_open+0x6f/0x220 [ 624.373455][T16116] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 624.373486][T16116] misc_open+0x35a/0x420 [ 624.373516][T16116] ? __pfx_misc_open+0x10/0x10 [ 624.373544][T16116] chrdev_open+0x231/0x6a0 [ 624.373575][T16116] ? __pfx_apparmor_file_open+0x10/0x10 [ 624.373603][T16116] ? __pfx_chrdev_open+0x10/0x10 [ 624.373636][T16116] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 624.373669][T16116] do_dentry_open+0x97f/0x1530 [ 624.373700][T16116] ? __pfx_chrdev_open+0x10/0x10 [ 624.373737][T16116] vfs_open+0x82/0x3f0 [ 624.373785][T16116] path_openat+0x1de4/0x2cb0 [ 624.373824][T16116] ? __pfx_path_openat+0x10/0x10 [ 624.373861][T16116] do_filp_open+0x20b/0x470 [ 624.373891][T16116] ? __pfx_do_filp_open+0x10/0x10 [ 624.373942][T16116] ? alloc_fd+0x471/0x7d0 [ 624.373976][T16116] do_sys_openat2+0x11b/0x1d0 [ 624.374013][T16116] ? __pfx_do_sys_openat2+0x10/0x10 [ 624.374062][T16116] __x64_sys_openat+0x174/0x210 [ 624.374084][T16116] ? __pfx___x64_sys_openat+0x10/0x10 [ 624.374117][T16116] do_syscall_64+0xcd/0x4c0 [ 624.374141][T16116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.374165][T16116] RIP: 0033:0x7f048258eba9 [ 624.374184][T16116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 624.374208][T16116] RSP: 002b:00007f04833f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 624.374230][T16116] RAX: ffffffffffffffda RBX: 00007f04827d6090 RCX: 00007f048258eba9 [ 624.374246][T16116] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 624.374261][T16116] RBP: 00007f0482611e19 R08: 0000000000000000 R09: 0000000000000000 [ 624.374275][T16116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 624.374288][T16116] R13: 00007f04827d6128 R14: 00007f04827d6090 R15: 00007fff11279d58 [ 624.374318][T16116] [ 624.637943][ C0] vkms_vblank_simulate: vblank timer overrun [ 625.301273][T16148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1206'. [ 626.177585][T16156] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1208'. [ 626.743973][T16158] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1208'. [ 627.113490][T16175] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1208'. [ 628.168643][T16194] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.1214: iget: checksum invalid [ 628.286948][T16194] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 628.343671][T16195] vivid-003: ================= START STATUS ================= [ 628.435994][T16194] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.1214: iget: checksum invalid [ 628.457351][T16195] vivid-003: Radio HW Seek Mode: Bounded [ 628.504668][T16194] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 628.555167][T16195] vivid-003: Radio Programmable HW Seek: false [ 628.575606][T16194] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.1214: iget: checksum invalid [ 628.635611][T16195] vivid-003: RDS Rx I/O Mode: Block I/O [ 628.656560][T16194] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 628.680319][T16195] vivid-003: Generate RBDS Instead of RDS: false [ 628.686766][T16195] vivid-003: RDS Reception: true [ 628.710792][T16194] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.1214: iget: checksum invalid [ 628.769491][T16195] vivid-003: RDS Program Type: 0 inactive [ 628.780683][T16194] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 628.820890][T16195] vivid-003: RDS PS Name: inactive [ 628.852892][T16199] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 628.859157][T16195] vivid-003: RDS Radio Text: inactive [ 628.883667][T16194] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 628.900623][T16195] vivid-003: RDS Traffic Announcement: false inactive [ 628.946613][T16199] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 628.954799][T16195] vivid-003: RDS Traffic Program: false inactive [ 628.981138][T16194] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 629.010382][T16195] vivid-003: RDS Music: false inactive [ 629.015930][T16195] vivid-003: ================== END STATUS ================== [ 629.064456][T16199] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 629.100848][T16199] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 629.160111][T16210] netlink: 'syz.2.1216': attribute type 4 has an invalid length. [ 629.210325][T16210] netlink: 'syz.2.1216': attribute type 5 has an invalid length. [ 629.218116][T16210] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1216'. [ 629.956077][T16222] futex_wake_op: syz.3.1219 tries to shift op by -9; fix this program [ 630.451106][ T5875] Bluetooth: hci0: command 0x0c1a tx timeout [ 631.088597][ T5875] Bluetooth: hci1: command 0x0c1a tx timeout [ 631.490342][T16256] random: crng reseeded on system resumption [ 631.565405][T16259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1224'. [ 631.993730][T16264] Console: switching to colour VGA+ 80x25 [ 632.490065][T16271] Console: switching to colour frame buffer device 128x48 [ 632.530778][ T5875] Bluetooth: hci0: command 0x0c1a tx timeout [ 633.168736][T16309] Bluetooth: hci1: command 0x0c1a tx timeout [ 634.233612][ T30] audit: type=1804 audit(4294967465.730:16): pid=16335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1233" name="/newroot/310/file0" dev="tmpfs" ino=1644 res=1 errno=0 [ 634.254965][ C0] vkms_vblank_simulate: vblank timer overrun [ 634.356411][T16333] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 634.448275][T16333] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 634.854365][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.860792][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.377089][T16351] can0: slcan on ttyS2. [ 635.468862][T16350] can0 (unregistered): slcan off ttyS2. [ 638.117009][T16491] nbd: must specify a device to reconfigure [ 638.204453][T16493] blktrace: Concurrent blktraces are not allowed on ram7 [ 638.384803][T16501] serio: Serial port pty6 [ 639.675517][T16530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 639.743676][T16530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 640.095856][T16541] 0x000200000001-0xa29656a63616329 : "" [ 640.155523][T16541] mtd: partition "" is out of reach -- disabled [ 640.341980][T16541] ftl_cs: FTL header not found. [ 641.572731][T16588] sd 0:0:1:0: PR command failed: 1026 [ 641.578182][T16588] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 641.732694][T16309] Bluetooth: hci0: command 0x0c1a tx timeout [ 641.758653][T16588] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 641.808710][T16309] Bluetooth: hci1: command 0x0c1a tx timeout [ 642.120319][T16603] vivid-003: ================= START STATUS ================= [ 642.230598][T16603] vivid-003: Radio HW Seek Mode: Bounded [ 642.285412][T16603] vivid-003: Radio Programmable HW Seek: false [ 642.330316][T16603] vivid-003: RDS Rx I/O Mode: Block I/O [ 642.352887][T16603] vivid-003: Generate RBDS Instead of RDS: false [ 642.406997][T16603] vivid-003: RDS Reception: true [ 642.490444][T16603] vivid-003: RDS Program Type: 0 inactive [ 642.640125][T16603] vivid-003: RDS PS Name: inactive [ 642.645483][T16603] vivid-003: RDS Radio Text: inactive [ 642.921070][T16603] vivid-003: RDS Traffic Announcement: false inactive [ 643.037722][T16603] vivid-003: RDS Traffic Program: false inactive [ 643.084897][T16603] vivid-003: RDS Music: false inactive [ 643.180144][T16603] vivid-003: ================== END STATUS ================== [ 643.836556][ T30] audit: type=1804 audit(4294967475.330:17): pid=16632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1257" name="/newroot/315/file0" dev="tmpfs" ino=1673 res=1 errno=0 [ 644.028265][T16637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1258'. [ 644.071891][T16640] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 644.533796][T16654] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 648.184539][T16736] can0: slcan on ttyS2. [ 648.434186][T16724] can0 (unregistered): slcan off ttyS2. [ 650.770707][T16343] Trying to write to read-only block-device sda [ 651.374122][T16871] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.1273: iget: checksum invalid [ 651.458361][T16871] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 651.522480][T16871] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.1273: iget: checksum invalid [ 651.622737][T16871] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 651.692987][T16871] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.1273: iget: checksum invalid [ 651.797910][T16871] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 651.870535][T16871] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.1273: iget: checksum invalid [ 651.939560][T16871] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 652.011025][T16871] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 652.068584][T16871] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 654.397438][T16942] FAULT_INJECTION: forcing a failure. [ 654.397438][T16942] name failslab, interval 1, probability 0, space 0, times 0 [ 654.486715][T16822] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 654.494359][T16942] CPU: 0 UID: 0 PID: 16942 Comm: syz.2.1287 Tainted: G U syzkaller #0 PREEMPT(full) [ 654.494396][T16942] Tainted: [U]=USER [ 654.494404][T16942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 654.494418][T16942] Call Trace: [ 654.494426][T16942] [ 654.494435][T16942] dump_stack_lvl+0x16c/0x1f0 [ 654.494477][T16942] should_fail_ex+0x512/0x640 [ 654.494515][T16942] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 654.494548][T16942] should_failslab+0xc2/0x120 [ 654.494588][T16942] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 654.494618][T16942] ? acpi_ut_create_thread_state+0x63/0x170 [ 654.494656][T16942] acpi_ut_create_thread_state+0x63/0x170 [ 654.494688][T16942] acpi_ps_parse_aml+0x79/0xcb0 [ 654.494729][T16942] acpi_ps_execute_method+0x55a/0xb30 [ 654.494769][T16942] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 654.494797][T16942] acpi_ns_evaluate+0x76c/0xca0 [ 654.494820][T16942] ? kasan_save_track+0x14/0x30 [ 654.494851][T16942] acpi_evaluate_object+0x1fa/0xa90 [ 654.494883][T16942] ? __avic_vcpu_put+0x4e/0x390 [ 654.494906][T16942] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.494933][T16942] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 654.494966][T16942] ? __mutex_trylock_common+0xe9/0x250 [ 654.495006][T16942] acpi_evaluate_integer+0xdd/0x200 [ 654.495035][T16942] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 654.495077][T16942] ? __pfx_status_show+0x10/0x10 [ 654.495109][T16942] status_show+0xa0/0x120 [ 654.495142][T16942] ? __pfx_status_show+0x10/0x10 [ 654.495184][T16942] dev_attr_show+0x56/0xe0 [ 654.495209][T16942] ? __pfx_dev_attr_show+0x10/0x10 [ 654.495231][T16942] sysfs_kf_seq_show+0x213/0x3e0 [ 654.495265][T16942] seq_read_iter+0x506/0x12c0 [ 654.495302][T16942] kernfs_fop_read_iter+0x46c/0x610 [ 654.495326][T16942] ? rw_verify_area+0xcf/0x6c0 [ 654.495353][T16942] vfs_read+0x8bf/0xcf0 [ 654.495384][T16942] ? __pfx___mutex_lock+0x10/0x10 [ 654.495406][T16942] ? __pfx_vfs_read+0x10/0x10 [ 654.495453][T16942] ksys_read+0x12a/0x250 [ 654.495479][T16942] ? __pfx_ksys_read+0x10/0x10 [ 654.495516][T16942] do_syscall_64+0xcd/0x4c0 [ 654.495564][T16942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.495588][T16942] RIP: 0033:0x7f21a898eba9 [ 654.495608][T16942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.495632][T16942] RSP: 002b:00007f21a9777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 654.495653][T16942] RAX: ffffffffffffffda RBX: 00007f21a8bd5fa0 RCX: 00007f21a898eba9 [ 654.495669][T16942] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 654.495683][T16942] RBP: 00007f21a8a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 654.495698][T16942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.495712][T16942] R13: 00007f21a8bd6038 R14: 00007f21a8bd5fa0 R15: 00007ffc70af1398 [ 654.495743][T16942] [ 654.495802][T16942] ACPI Error: [ 654.831713][T16953] FAULT_INJECTION: forcing a failure. [ 654.831713][T16953] name failslab, interval 1, probability 0, space 0, times 0 [ 655.053524][T16953] CPU: 0 UID: 0 PID: 16953 Comm: syz.1.1275 Tainted: G U syzkaller #0 PREEMPT(full) [ 655.053563][T16953] Tainted: [U]=USER [ 655.053571][T16953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 655.053585][T16953] Call Trace: [ 655.053592][T16953] [ 655.053601][T16953] dump_stack_lvl+0x16c/0x1f0 [ 655.053643][T16953] should_fail_ex+0x512/0x640 [ 655.053681][T16953] ? __kmalloc_noprof+0xbf/0x510 [ 655.053711][T16953] ? handler_new_ref+0x1b0/0xc60 [ 655.053732][T16953] should_failslab+0xc2/0x120 [ 655.053765][T16953] __kmalloc_noprof+0xd2/0x510 [ 655.053791][T16953] ? __asan_memcpy+0x3c/0x60 [ 655.053820][T16953] handler_new_ref+0x1b0/0xc60 [ 655.053850][T16953] v4l2_ctrl_new+0x1963/0x2180 [ 655.053882][T16953] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 655.053913][T16953] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 655.053953][T16953] v4l2_ctrl_new_std+0x1be/0x290 [ 655.053984][T16953] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 655.054010][T16953] ? rcu_is_watching+0x12/0xc0 [ 655.054035][T16953] ? trace_kmalloc+0x2b/0xd0 [ 655.054067][T16953] ? __kvmalloc_node_noprof+0x298/0x620 [ 655.054095][T16953] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 655.054138][T16953] ? media_request_object_init+0x100/0x180 [ 655.054169][T16953] vicodec_open+0x1d0/0xf90 [ 655.054206][T16953] v4l2_open+0x222/0x490 [ 655.054240][T16953] ? __pfx_v4l2_open+0x10/0x10 [ 655.054273][T16953] chrdev_open+0x231/0x6a0 [ 655.054304][T16953] ? __pfx_apparmor_file_open+0x10/0x10 [ 655.054338][T16953] ? __pfx_chrdev_open+0x10/0x10 [ 655.054371][T16953] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 655.054405][T16953] do_dentry_open+0x97f/0x1530 [ 655.054436][T16953] ? __pfx_chrdev_open+0x10/0x10 [ 655.054473][T16953] vfs_open+0x82/0x3f0 [ 655.054518][T16953] path_openat+0x1de4/0x2cb0 [ 655.054557][T16953] ? __pfx_path_openat+0x10/0x10 [ 655.054594][T16953] do_filp_open+0x20b/0x470 [ 655.054624][T16953] ? __pfx_do_filp_open+0x10/0x10 [ 655.054674][T16953] ? alloc_fd+0x471/0x7d0 [ 655.054709][T16953] do_sys_openat2+0x11b/0x1d0 [ 655.054746][T16953] ? __pfx_do_sys_openat2+0x10/0x10 [ 655.054794][T16953] __x64_sys_openat+0x174/0x210 [ 655.054816][T16953] ? __pfx___x64_sys_openat+0x10/0x10 [ 655.054849][T16953] do_syscall_64+0xcd/0x4c0 [ 655.054873][T16953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.054897][T16953] RIP: 0033:0x7f685438eba9 [ 655.054915][T16953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 655.054939][T16953] RSP: 002b:00007f685524b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 655.054962][T16953] RAX: ffffffffffffffda RBX: 00007f68545d6180 RCX: 00007f685438eba9 [ 655.054977][T16953] RDX: 00000000000c0400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 655.054992][T16953] RBP: 00007f6854411e19 R08: 0000000000000000 R09: 0000000000000000 [ 655.055006][T16953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 655.055020][T16953] R13: 00007f68545d6218 R14: 00007f68545d6180 R15: 00007ffde41c91d8 [ 655.055050][T16953] [ 656.027264][T16975] net_ratelimit: 19 callbacks suppressed [ 656.027283][T16975] netlink: zone id is out of range [ 656.048669][T16975] netlink: zone id is out of range [ 656.053821][T16975] netlink: zone id is out of range [ 656.111718][T16975] netlink: zone id is out of range [ 656.138563][T16975] netlink: zone id is out of range [ 656.160708][T16942] ffff8880281ef000 walk still has a scope list (20250404/dswstate-694) [ 656.208648][T16975] netlink: zone id is out of range [ 656.291953][T16969] zswap: compressor not available [ 656.297943][T16975] netlink: zone id is out of range [ 656.337825][T16973] Setting dangerous option i915.mitigations - tainting kernel [ 656.356320][T16975] netlink: zone id is out of range [ 656.368747][T16975] netlink: zone id is out of range [ 656.373903][T16975] netlink: zone id is out of range [ 660.984969][T17154] futex_wake_op: syz.3.1286 tries to shift op by -2048; fix this program [ 661.029461][T17154] futex_wake_op: syz.3.1286 tries to shift op by -2048; fix this program [ 665.638328][T17228] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 670.840722][T17234] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 670.920103][T17234] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 670.949818][T17241] binder: 17237:17241 ioctl 400c620e 0 returned -22 [ 670.997163][T17234] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 671.150302][T17244] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 672.204705][T17257] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 672.243761][T17261] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 672.254050][T17261] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 672.263796][T17261] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 672.272546][T17261] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 672.280168][T17261] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 673.241948][T17258] chnl_net:caif_netlink_parms(): no params data found [ 673.704236][T17258] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.750674][T17258] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.757947][T17258] bridge_slave_0: entered allmulticast mode [ 673.824612][T17258] bridge_slave_0: entered promiscuous mode [ 673.856548][T17258] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.928861][T17258] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.936133][T17258] bridge_slave_1: entered allmulticast mode [ 673.995119][T17258] bridge_slave_1: entered promiscuous mode [ 674.191008][T17446] FAULT_INJECTION: forcing a failure. [ 674.191008][T17446] name failslab, interval 1, probability 0, space 0, times 0 [ 674.216506][T17258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 674.231790][T17446] CPU: 0 UID: 0 PID: 17446 Comm: syz.2.1301 Tainted: G U syzkaller #0 PREEMPT(full) [ 674.231827][T17446] Tainted: [U]=USER [ 674.231835][T17446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 674.231850][T17446] Call Trace: [ 674.231857][T17446] [ 674.231866][T17446] dump_stack_lvl+0x16c/0x1f0 [ 674.231908][T17446] should_fail_ex+0x512/0x640 [ 674.231946][T17446] ? kmem_cache_alloc_bulk_noprof+0x6d/0xbc0 [ 674.231980][T17446] should_failslab+0xc2/0x120 [ 674.232013][T17446] kmem_cache_alloc_bulk_noprof+0x85/0xbc0 [ 674.232047][T17446] ? trace_kmem_cache_alloc+0x28/0xc0 [ 674.232083][T17446] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 674.232112][T17446] ? mas_alloc_nodes+0x18b/0x8b0 [ 674.232147][T17446] ? mas_alloc_nodes+0x2f1/0x8b0 [ 674.232179][T17446] mas_alloc_nodes+0x2f1/0x8b0 [ 674.232220][T17446] mas_node_count_gfp+0x105/0x130 [ 674.232256][T17446] mas_preallocate+0x7e0/0xde0 [ 674.232279][T17446] ? __memcg_slab_post_alloc_hook+0x492/0x960 [ 674.232318][T17446] ? __pfx_mas_preallocate+0x10/0x10 [ 674.232353][T17446] ? anon_vma_name+0x81/0x2f0 [ 674.232392][T17446] __split_vma+0x34a/0x1070 [ 674.232422][T17446] ? __pfx___split_vma+0x10/0x10 [ 674.232455][T17446] ? __pfx_mas_prev+0x10/0x10 [ 674.232506][T17446] vms_gather_munmap_vmas+0x3b1/0x1340 [ 674.232539][T17446] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 674.232571][T17446] ? mas_walk+0x6f5/0x980 [ 674.232614][T17446] __mmap_region+0x436/0x27b0 [ 674.232645][T17446] ? finish_task_switch.isra.0+0x21c/0xc10 [ 674.232671][T17446] ? __pfx___mmap_region+0x10/0x10 [ 674.232698][T17446] ? rcu_is_watching+0x12/0xc0 [ 674.232729][T17446] ? rcu_is_watching+0x12/0xc0 [ 674.232753][T17446] ? trace_sched_exit_tp+0xd1/0x120 [ 674.232790][T17446] ? __schedule+0x11a3/0x5de0 [ 674.232822][T17446] ? __lock_acquire+0x62e/0x1ce0 [ 674.232864][T17446] ? __lock_acquire+0x62e/0x1ce0 [ 674.232899][T17446] ? __pfx___schedule+0x10/0x10 [ 674.232965][T17446] ? trace_cap_capable+0x18d/0x200 [ 674.233001][T17446] mmap_region+0x1ab/0x3f0 [ 674.233029][T17446] ? __get_unmapped_area+0x267/0x440 [ 674.233069][T17446] do_mmap+0xa3e/0x1210 [ 674.233109][T17446] ? __pfx_do_mmap+0x10/0x10 [ 674.233144][T17446] ? __pfx_down_write_killable+0x10/0x10 [ 674.233175][T17446] vm_mmap_pgoff+0x29e/0x470 [ 674.233215][T17446] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 674.233260][T17446] ? __x64_sys_futex+0x1e0/0x4c0 [ 674.233290][T17446] ? __x64_sys_futex+0x1e9/0x4c0 [ 674.233325][T17446] ksys_mmap_pgoff+0x7d/0x5c0 [ 674.233358][T17446] ? xfd_validate_state+0x61/0x180 [ 674.233394][T17446] ? __pfx_ksys_write+0x10/0x10 [ 674.233441][T17446] __x64_sys_mmap+0x125/0x190 [ 674.233487][T17446] do_syscall_64+0xcd/0x4c0 [ 674.233510][T17446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.233535][T17446] RIP: 0033:0x7f21a898eba9 [ 674.233554][T17446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.233578][T17446] RSP: 002b:00007f21a9777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 674.233601][T17446] RAX: ffffffffffffffda RBX: 00007f21a8bd5fa0 RCX: 00007f21a898eba9 [ 674.233617][T17446] RDX: 00000000000000e2 RSI: 0000000000020009 RDI: 0000000000000000 [ 674.233631][T17446] RBP: 00007f21a8a11e19 R08: 0000000000000405 R09: 0000000000008000 [ 674.233646][T17446] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 674.233660][T17446] R13: 00007f21a8bd6038 R14: 00007f21a8bd5fa0 R15: 00007ffc70af1398 [ 674.233689][T17446] [ 674.692871][T17261] Bluetooth: hci4: command tx timeout [ 674.779141][T17258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.916671][T17258] team0: Port device team_slave_0 added [ 674.927068][T17258] team0: Port device team_slave_1 added [ 675.022637][T17258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 675.042010][T17258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.133509][T17258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.219559][T17258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.247324][T17258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 675.320792][T17258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 675.637854][T17258] hsr_slave_0: entered promiscuous mode [ 675.702848][T17258] hsr_slave_1: entered promiscuous mode [ 676.773095][T17261] Bluetooth: hci4: command tx timeout [ 676.830826][T17258] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 676.872533][T17258] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 676.942294][T17258] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 676.991749][T17258] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 677.427752][T17258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.630061][T17258] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.690880][T16293] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.698043][T16293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 677.788257][T16293] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.795445][T16293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 677.991966][T17258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 678.552627][T17258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.853996][T17261] Bluetooth: hci4: command tx timeout [ 679.007575][T17727] net_ratelimit: 12 callbacks suppressed [ 679.007594][T17727] netlink: zone id is out of range [ 679.353014][T17736] HfR: entered promiscuous mode [ 679.403082][T17727] netlink: del zone limit has 4 unknown bytes [ 679.462503][T17724] netlink: set zone limit has 8 unknown bytes [ 679.806833][T17258] veth0_vlan: entered promiscuous mode [ 679.914056][T17258] veth1_vlan: entered promiscuous mode [ 680.053468][T17258] veth0_macvtap: entered promiscuous mode [ 680.113393][T17258] veth1_macvtap: entered promiscuous mode [ 680.214948][T17258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 680.272761][T17258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 680.341929][T16293] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.366963][T16293] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.439596][T16293] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.470918][T16293] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.942129][T17261] Bluetooth: hci4: command tx timeout [ 681.018826][T16290] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.086695][T16290] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.366079][T16344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 681.437865][T16344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.432084][T17803] FAULT_INJECTION: forcing a failure. [ 682.432084][T17803] name failslab, interval 1, probability 0, space 0, times 0 [ 682.479108][T17858] FAULT_INJECTION: forcing a failure. [ 682.479108][T17858] name failslab, interval 1, probability 0, space 0, times 0 [ 682.536604][T17858] CPU: 0 UID: 0 PID: 17858 Comm: syz.4.1294 Tainted: G U syzkaller #0 PREEMPT(full) [ 682.536643][T17858] Tainted: [U]=USER [ 682.536650][T17858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 682.536677][T17858] Call Trace: [ 682.536685][T17858] [ 682.536694][T17858] dump_stack_lvl+0x16c/0x1f0 [ 682.536737][T17858] should_fail_ex+0x512/0x640 [ 682.536777][T17858] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 682.536810][T17858] should_failslab+0xc2/0x120 [ 682.536842][T17858] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 682.536872][T17858] ? acpi_ut_create_thread_state+0x63/0x170 [ 682.536909][T17858] acpi_ut_create_thread_state+0x63/0x170 [ 682.536942][T17858] acpi_ps_parse_aml+0x79/0xcb0 [ 682.536982][T17858] acpi_ps_execute_method+0x55a/0xb30 [ 682.537022][T17858] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 682.537050][T17858] acpi_ns_evaluate+0x76c/0xca0 [ 682.537074][T17858] ? kasan_save_track+0x14/0x30 [ 682.537105][T17858] acpi_evaluate_object+0x1fa/0xa90 [ 682.537136][T17858] ? __avic_vcpu_put+0x4e/0x390 [ 682.537160][T17858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.537186][T17858] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 682.537219][T17858] ? __mutex_trylock_common+0xe9/0x250 [ 682.537260][T17858] acpi_evaluate_integer+0xdd/0x200 [ 682.537290][T17858] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 682.537332][T17858] ? __pfx_status_show+0x10/0x10 [ 682.537365][T17858] status_show+0xa0/0x120 [ 682.537398][T17858] ? __pfx_status_show+0x10/0x10 [ 682.537440][T17858] dev_attr_show+0x56/0xe0 [ 682.537466][T17858] ? __pfx_dev_attr_show+0x10/0x10 [ 682.537489][T17858] sysfs_kf_seq_show+0x213/0x3e0 [ 682.537523][T17858] seq_read_iter+0x506/0x12c0 [ 682.537561][T17858] kernfs_fop_read_iter+0x46c/0x610 [ 682.537586][T17858] ? rw_verify_area+0xcf/0x6c0 [ 682.537613][T17858] vfs_read+0x8bf/0xcf0 [ 682.537645][T17858] ? __pfx___mutex_lock+0x10/0x10 [ 682.537673][T17858] ? __pfx_vfs_read+0x10/0x10 [ 682.537720][T17858] ksys_read+0x12a/0x250 [ 682.537747][T17858] ? __pfx_ksys_read+0x10/0x10 [ 682.537784][T17858] do_syscall_64+0xcd/0x4c0 [ 682.537808][T17858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.537832][T17858] RIP: 0033:0x7ff1b418eba9 [ 682.537850][T17858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.537874][T17858] RSP: 002b:00007ff1b50b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 682.537896][T17858] RAX: ffffffffffffffda RBX: 00007ff1b43d5fa0 RCX: 00007ff1b418eba9 [ 682.537911][T17858] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 682.537926][T17858] RBP: 00007ff1b4211e19 R08: 0000000000000000 R09: 0000000000000000 [ 682.537940][T17858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.537954][T17858] R13: 00007ff1b43d6038 R14: 00007ff1b43d5fa0 R15: 00007fffb37e3d38 [ 682.537984][T17858] [ 682.538039][T17858] ACPI Error: [ 682.868543][T17803] CPU: 0 UID: 0 PID: 17803 Comm: syz.1.1312 Tainted: G U syzkaller #0 PREEMPT(full) [ 682.868588][T17803] Tainted: [U]=USER [ 682.868596][T17803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 682.868610][T17803] Call Trace: [ 682.868617][T17803] [ 682.868626][T17803] dump_stack_lvl+0x16c/0x1f0 [ 682.868668][T17803] should_fail_ex+0x512/0x640 [ 682.868706][T17803] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 682.868738][T17803] should_failslab+0xc2/0x120 [ 682.868770][T17803] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 682.868800][T17803] ? mas_alloc_nodes+0x18b/0x8b0 [ 682.868837][T17803] mas_alloc_nodes+0x18b/0x8b0 [ 682.868876][T17803] mas_node_count_gfp+0x105/0x130 [ 682.868911][T17803] mas_preallocate+0x7e0/0xde0 [ 682.868934][T17803] ? __memcg_slab_post_alloc_hook+0x492/0x960 [ 682.868973][T17803] ? __pfx_mas_preallocate+0x10/0x10 [ 682.869006][T17803] ? anon_vma_name+0x81/0x2f0 [ 682.869046][T17803] __split_vma+0x34a/0x1070 [ 682.869076][T17803] ? __pfx___split_vma+0x10/0x10 [ 682.869108][T17803] ? __pfx_mas_prev+0x10/0x10 [ 682.869152][T17803] vms_gather_munmap_vmas+0x3b1/0x1340 [ 682.869186][T17803] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 682.869217][T17803] ? mas_walk+0x6f5/0x980 [ 682.869259][T17803] __mmap_region+0x436/0x27b0 [ 682.869289][T17803] ? finish_task_switch.isra.0+0x21c/0xc10 [ 682.869315][T17803] ? __pfx___mmap_region+0x10/0x10 [ 682.869342][T17803] ? rcu_is_watching+0x12/0xc0 [ 682.869373][T17803] ? rcu_is_watching+0x12/0xc0 [ 682.869396][T17803] ? trace_sched_exit_tp+0xd1/0x120 [ 682.869437][T17803] ? __schedule+0x11a3/0x5de0 [ 682.869468][T17803] ? __lock_acquire+0x62e/0x1ce0 [ 682.869513][T17803] ? __lock_acquire+0x62e/0x1ce0 [ 682.869551][T17803] ? __pfx___schedule+0x10/0x10 [ 682.869625][T17803] ? trace_cap_capable+0x18d/0x200 [ 682.869667][T17803] mmap_region+0x1ab/0x3f0 [ 682.869700][T17803] ? __get_unmapped_area+0x267/0x440 [ 682.869739][T17803] do_mmap+0xa3e/0x1210 [ 682.869780][T17803] ? __pfx_do_mmap+0x10/0x10 [ 682.869816][T17803] ? __pfx_down_write_killable+0x10/0x10 [ 682.869846][T17803] vm_mmap_pgoff+0x29e/0x470 [ 682.869887][T17803] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 682.869928][T17803] ? __x64_sys_futex+0x1e0/0x4c0 [ 682.869958][T17803] ? __x64_sys_futex+0x1e9/0x4c0 [ 682.869992][T17803] ksys_mmap_pgoff+0x7d/0x5c0 [ 682.870025][T17803] ? xfd_validate_state+0x61/0x180 [ 682.870061][T17803] ? __pfx_ksys_write+0x10/0x10 [ 682.870093][T17803] __x64_sys_mmap+0x125/0x190 [ 682.870133][T17803] do_syscall_64+0xcd/0x4c0 [ 682.870156][T17803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.870180][T17803] RIP: 0033:0x7f685438eba9 [ 682.870199][T17803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.870223][T17803] RSP: 002b:00007f685528d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 682.870246][T17803] RAX: ffffffffffffffda RBX: 00007f68545d5fa0 RCX: 00007f685438eba9 [ 682.870261][T17803] RDX: 00000000000000e2 RSI: 0000000000020009 RDI: 0000000000000000 [ 682.870276][T17803] RBP: 00007f6854411e19 R08: 0000000000000405 R09: 0000000000008000 [ 682.870291][T17803] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 682.870305][T17803] R13: 00007f68545d6038 R14: 00007f68545d5fa0 R15: 00007ffde41c91d8 [ 682.870334][T17803] [ 683.206388][ C0] vkms_vblank_simulate: vblank timer overrun [ 683.270236][T17883] netlink: zone id is out of range [ 683.275406][T17883] netlink: zone id is out of range [ 683.280684][T17883] netlink: zone id is out of range [ 683.285902][T17883] netlink: zone id is out of range [ 683.291056][T17883] netlink: zone id is out of range [ 683.296163][T17883] netlink: zone id is out of range [ 683.301330][T17883] netlink: zone id is out of range [ 683.311694][T17858] ffff88807a0ff000 walk still has a scope list (20250404/dswstate-694) [ 691.514215][T18029] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 692.921537][T18149] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 694.794223][T18197] netlink: 'syz.4.1333': attribute type 1 has an invalid length. [ 696.201139][T18271] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(173544298.2314043776.706666779), cmd(6) [ 696.294787][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.294853][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.817404][T17261] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 696.819098][T17261] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 696.819811][T17261] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 696.820604][T17261] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 696.821543][T17261] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 697.667618][T18290] chnl_net:caif_netlink_parms(): no params data found [ 698.122202][T18290] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.155974][T18290] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.188715][T18290] bridge_slave_0: entered allmulticast mode [ 698.213363][T18290] bridge_slave_0: entered promiscuous mode [ 698.242177][T18290] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.275870][T18290] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.309389][T18290] bridge_slave_1: entered allmulticast mode [ 698.341158][T18290] bridge_slave_1: entered promiscuous mode [ 698.546413][T18290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 698.627783][T18290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 698.800421][T18290] team0: Port device team_slave_0 added [ 698.835733][T18290] team0: Port device team_slave_1 added [ 698.848909][T16309] Bluetooth: hci5: command tx timeout [ 699.005428][T18290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 699.045742][T18290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.121596][T18290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 699.155218][T18290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 699.175381][T18290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.252633][T18290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 699.533844][T18290] hsr_slave_0: entered promiscuous mode [ 699.582675][T18290] hsr_slave_1: entered promiscuous mode [ 699.621436][T18290] debugfs: 'hsr0' already exists in 'hsr' [ 699.646024][T18290] Cannot create hsr debugfs directory [ 700.669734][T18290] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 700.723189][T18290] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 700.792303][T18290] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 700.866866][T18290] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 700.928600][T17261] Bluetooth: hci5: command tx timeout [ 701.277918][T18290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 701.359983][T18290] 8021q: adding VLAN 0 to HW filter on device team0 [ 701.416483][T16344] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.423697][T16344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.494686][T16344] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.501922][T16344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 701.678035][T16344] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 2 with max blocks 2 with error 117 [ 701.720317][T16344] EXT4-fs (sda1): This should not happen!! Data will be lost [ 701.720317][T16344] [ 702.108135][T18290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 702.804666][T18290] veth0_vlan: entered promiscuous mode [ 702.838820][T18290] veth1_vlan: entered promiscuous mode [ 702.922717][T18290] veth0_macvtap: entered promiscuous mode [ 702.955121][T18290] veth1_macvtap: entered promiscuous mode [ 703.009201][T17261] Bluetooth: hci5: command tx timeout [ 703.019658][T18290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 703.058913][T18290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 703.101954][T16290] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.132956][T16290] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.159302][T16290] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.204695][T16290] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.366221][T16290] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.401611][T16290] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.496657][T16293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.522600][T16293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.733928][T18686] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 703.883540][T17261] Bluetooth: hci5: unexpected event 0x30 length: 47 > 3 [ 704.494388][T18690] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 705.091346][T17261] Bluetooth: hci5: command tx timeout [ 709.589985][T18802] FAULT_INJECTION: forcing a failure. [ 709.589985][T18802] name failslab, interval 1, probability 0, space 0, times 0 [ 709.692162][T16309] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 709.701595][T16309] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 709.710335][T16309] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 709.718145][T16309] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 709.726333][T16309] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 709.749045][T18802] CPU: 0 UID: 0 PID: 18802 Comm: syz.3.1353 Tainted: G U syzkaller #0 PREEMPT(full) [ 709.749085][T18802] Tainted: [U]=USER [ 709.749092][T18802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 709.749106][T18802] Call Trace: [ 709.749114][T18802] [ 709.749122][T18802] dump_stack_lvl+0x16c/0x1f0 [ 709.749163][T18802] should_fail_ex+0x512/0x640 [ 709.749201][T18802] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 709.749230][T18802] should_failslab+0xc2/0x120 [ 709.749263][T18802] __kmalloc_cache_noprof+0x6a/0x3e0 [ 709.749286][T18802] ? ip6addrlbl_add+0x69c/0xc40 [ 709.749321][T18802] ? ip6addrlbl_add+0xbb/0xc40 [ 709.749359][T18802] ip6addrlbl_add+0xbb/0xc40 [ 709.749402][T18802] ip6addrlbl_net_init+0x10a/0x380 [ 709.749440][T18802] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 709.749476][T18802] ops_init+0x1e2/0x5f0 [ 709.749501][T18802] setup_net+0x10f/0x380 [ 709.749520][T18802] ? lockdep_init_map_type+0x5c/0x280 [ 709.749554][T18802] ? __pfx_setup_net+0x10/0x10 [ 709.749577][T18802] ? debug_mutex_init+0x37/0x70 [ 709.749604][T18802] copy_net_ns+0x2a6/0x5f0 [ 709.749631][T18802] create_new_namespaces+0x3ea/0xa90 [ 709.749689][T18802] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 709.749720][T18802] ksys_unshare+0x45b/0xa40 [ 709.749754][T18802] ? __pfx_ksys_unshare+0x10/0x10 [ 709.749789][T18802] ? xfd_validate_state+0x61/0x180 [ 709.749833][T18802] __x64_sys_unshare+0x31/0x40 [ 709.749866][T18802] do_syscall_64+0xcd/0x4c0 [ 709.749888][T18802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.749913][T18802] RIP: 0033:0x7f048258eba9 [ 709.749931][T18802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 709.749961][T18802] RSP: 002b:00007f0483413038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 709.749983][T18802] RAX: ffffffffffffffda RBX: 00007f04827d5fa0 RCX: 00007f048258eba9 [ 709.749999][T18802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 709.750014][T18802] RBP: 00007f0482611e19 R08: 0000000000000000 R09: 0000000000000000 [ 709.750028][T18802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.750042][T18802] R13: 00007f04827d6038 R14: 00007f04827d5fa0 R15: 00007fff11279d58 [ 709.750072][T18802] [ 711.290269][T18953] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1356'. [ 711.403028][T18809] chnl_net:caif_netlink_parms(): no params data found [ 712.176924][T18809] bridge0: port 1(bridge_slave_0) entered blocking state [ 712.222928][T18809] bridge0: port 1(bridge_slave_0) entered disabled state [ 712.259383][T18809] bridge_slave_0: entered allmulticast mode [ 712.295327][T18809] bridge_slave_0: entered promiscuous mode [ 712.363618][T18809] bridge0: port 2(bridge_slave_1) entered blocking state [ 712.410981][T18809] bridge0: port 2(bridge_slave_1) entered disabled state [ 712.448925][T16289] Bluetooth: hci0: command tx timeout [ 712.460126][T18809] bridge_slave_1: entered allmulticast mode [ 712.492935][T18809] bridge_slave_1: entered promiscuous mode [ 712.785359][T18809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.843667][T18809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 713.252780][T18809] team0: Port device team_slave_0 added [ 713.286915][T18809] team0: Port device team_slave_1 added [ 713.588170][T18809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 713.605577][T18809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 713.693565][T18809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 713.762463][T18809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 713.776990][T18809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 713.866562][T18809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 714.252182][T18809] hsr_slave_0: entered promiscuous mode [ 714.281642][T18809] hsr_slave_1: entered promiscuous mode [ 714.314139][T18809] debugfs: 'hsr0' already exists in 'hsr' [ 714.338546][T18809] Cannot create hsr debugfs directory [ 714.528839][T16289] Bluetooth: hci0: command tx timeout [ 715.173558][T19194] FAULT_INJECTION: forcing a failure. [ 715.173558][T19194] name failslab, interval 1, probability 0, space 0, times 0 [ 715.246694][T19194] CPU: 0 UID: 0 PID: 19194 Comm: syz.5.1360 Tainted: G U syzkaller #0 PREEMPT(full) [ 715.246731][T19194] Tainted: [U]=USER [ 715.246739][T19194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 715.246753][T19194] Call Trace: [ 715.246761][T19194] [ 715.246769][T19194] dump_stack_lvl+0x16c/0x1f0 [ 715.246810][T19194] should_fail_ex+0x512/0x640 [ 715.246848][T19194] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 715.246881][T19194] should_failslab+0xc2/0x120 [ 715.246913][T19194] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 715.246943][T19194] ? mas_alloc_nodes+0x18b/0x8b0 [ 715.246980][T19194] mas_alloc_nodes+0x18b/0x8b0 [ 715.247018][T19194] mas_node_count_gfp+0x105/0x130 [ 715.247054][T19194] mas_preallocate+0x7e0/0xde0 [ 715.247076][T19194] ? __memcg_slab_post_alloc_hook+0x492/0x960 [ 715.247122][T19194] ? __pfx_mas_preallocate+0x10/0x10 [ 715.247156][T19194] ? anon_vma_name+0x81/0x2f0 [ 715.247195][T19194] __split_vma+0x34a/0x1070 [ 715.247227][T19194] ? __pfx___split_vma+0x10/0x10 [ 715.247260][T19194] ? __pfx_mas_prev+0x10/0x10 [ 715.247303][T19194] vms_gather_munmap_vmas+0x3b1/0x1340 [ 715.247336][T19194] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 715.247368][T19194] ? mas_walk+0x6f5/0x980 [ 715.247410][T19194] __mmap_region+0x436/0x27b0 [ 715.247440][T19194] ? finish_task_switch.isra.0+0x21c/0xc10 [ 715.247466][T19194] ? __pfx___mmap_region+0x10/0x10 [ 715.247493][T19194] ? rcu_is_watching+0x12/0xc0 [ 715.247524][T19194] ? rcu_is_watching+0x12/0xc0 [ 715.247547][T19194] ? trace_sched_exit_tp+0xd1/0x120 [ 715.247584][T19194] ? __schedule+0x11a3/0x5de0 [ 715.247616][T19194] ? __lock_acquire+0x62e/0x1ce0 [ 715.247658][T19194] ? __lock_acquire+0x62e/0x1ce0 [ 715.247693][T19194] ? __pfx___schedule+0x10/0x10 [ 715.247759][T19194] ? trace_cap_capable+0x18d/0x200 [ 715.247795][T19194] mmap_region+0x1ab/0x3f0 [ 715.247824][T19194] ? __get_unmapped_area+0x267/0x440 [ 715.247862][T19194] do_mmap+0xa3e/0x1210 [ 715.247908][T19194] ? __pfx_do_mmap+0x10/0x10 [ 715.247944][T19194] ? __pfx_down_write_killable+0x10/0x10 [ 715.247974][T19194] vm_mmap_pgoff+0x29e/0x470 [ 715.248016][T19194] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 715.248058][T19194] ? __x64_sys_futex+0x1e0/0x4c0 [ 715.248090][T19194] ? __x64_sys_futex+0x1e9/0x4c0 [ 715.248130][T19194] ksys_mmap_pgoff+0x7d/0x5c0 [ 715.248164][T19194] ? xfd_validate_state+0x61/0x180 [ 715.248199][T19194] ? __pfx_ksys_write+0x10/0x10 [ 715.248231][T19194] __x64_sys_mmap+0x125/0x190 [ 715.248272][T19194] do_syscall_64+0xcd/0x4c0 [ 715.248295][T19194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.248320][T19194] RIP: 0033:0x7f9c8b18eba9 [ 715.248338][T19194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.248362][T19194] RSP: 002b:00007f9c893f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 715.248384][T19194] RAX: ffffffffffffffda RBX: 00007f9c8b3d5fa0 RCX: 00007f9c8b18eba9 [ 715.248400][T19194] RDX: 00000000000000e2 RSI: 0000000000020009 RDI: 0000000000000000 [ 715.248414][T19194] RBP: 00007f9c8b211e19 R08: 0000000000000405 R09: 0000000000008000 [ 715.248429][T19194] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 715.248443][T19194] R13: 00007f9c8b3d6038 R14: 00007f9c8b3d5fa0 R15: 00007fff93601f78 [ 715.248473][T19194] [ 716.059121][T18809] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 716.185032][T18809] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 716.425259][T18809] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 716.635729][T18809] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 716.653868][T16289] Bluetooth: hci0: command tx timeout [ 717.326856][T18809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 717.494521][T18809] 8021q: adding VLAN 0 to HW filter on device team0 [ 717.582860][T16310] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.590069][T16310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 717.838496][T16310] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.845653][T16310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.307703][T18809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 718.688997][T16289] Bluetooth: hci0: command tx timeout [ 719.317924][T18809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.092312][T18809] veth0_vlan: entered promiscuous mode [ 721.140652][T18809] veth1_vlan: entered promiscuous mode [ 721.281770][T18809] veth0_macvtap: entered promiscuous mode [ 721.422749][T18809] veth1_macvtap: entered promiscuous mode [ 721.581559][T18809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 721.638112][T18809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 721.823433][T16344] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 721.879485][T16344] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.068540][T16344] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.109242][T16344] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.556615][T19291] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 722.610653][T16290] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.684771][T16290] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 722.829963][T16290] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.888278][T16290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.814631][T19368] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 726.853688][T19489] FAULT_INJECTION: forcing a failure. [ 726.853688][T19489] name failslab, interval 1, probability 0, space 0, times 0 [ 726.932938][T19489] CPU: 0 UID: 0 PID: 19489 Comm: syz.5.1377 Tainted: G U syzkaller #0 PREEMPT(full) [ 726.932977][T19489] Tainted: [U]=USER [ 726.932985][T19489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 726.932999][T19489] Call Trace: [ 726.933007][T19489] [ 726.933015][T19489] dump_stack_lvl+0x16c/0x1f0 [ 726.933058][T19489] should_fail_ex+0x512/0x640 [ 726.933096][T19489] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 726.933133][T19489] should_failslab+0xc2/0x120 [ 726.933166][T19489] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 726.933201][T19489] ? fib_rules_register+0x30/0x500 [ 726.933244][T19489] kmemdup_noprof+0x29/0x60 [ 726.933274][T19489] fib_rules_register+0x30/0x500 [ 726.933322][T19489] fib4_rules_init+0x1f/0x1c0 [ 726.933354][T19489] fib_net_init+0x1dc/0x3f0 [ 726.933376][T19489] ? __pfx___register_sysctl_table+0x10/0x10 [ 726.933414][T19489] ? __pfx_fib_net_init+0x10/0x10 [ 726.933436][T19489] ? lockdep_init_map_type+0x5c/0x280 [ 726.933470][T19489] ? do_init_timer+0xc9/0x110 [ 726.933500][T19489] ? devinet_init_net+0x5c2/0x910 [ 726.933528][T19489] ? __pfx_fib_net_init+0x10/0x10 [ 726.933549][T19489] ops_init+0x1e2/0x5f0 [ 726.933573][T19489] setup_net+0x10f/0x380 [ 726.933592][T19489] ? lockdep_init_map_type+0x5c/0x280 [ 726.933626][T19489] ? __pfx_setup_net+0x10/0x10 [ 726.933649][T19489] ? debug_mutex_init+0x37/0x70 [ 726.933676][T19489] copy_net_ns+0x2a6/0x5f0 [ 726.933704][T19489] create_new_namespaces+0x3ea/0xa90 [ 726.933738][T19489] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 726.933769][T19489] ksys_unshare+0x45b/0xa40 [ 726.933803][T19489] ? __pfx_ksys_unshare+0x10/0x10 [ 726.933837][T19489] ? xfd_validate_state+0x61/0x180 [ 726.933882][T19489] __x64_sys_unshare+0x31/0x40 [ 726.933920][T19489] do_syscall_64+0xcd/0x4c0 [ 726.933944][T19489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.933970][T19489] RIP: 0033:0x7f9c8b18eba9 [ 726.933990][T19489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.934014][T19489] RSP: 002b:00007f9c893f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 726.934036][T19489] RAX: ffffffffffffffda RBX: 00007f9c8b3d5fa0 RCX: 00007f9c8b18eba9 [ 726.934052][T19489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 726.934066][T19489] RBP: 00007f9c8b211e19 R08: 0000000000000000 R09: 0000000000000000 [ 726.934080][T19489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.934094][T19489] R13: 00007f9c8b3d6038 R14: 00007f9c8b3d5fa0 R15: 00007fff93601f78 [ 726.934123][T19489] [ 727.211895][T19442] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 730.345885][T19628] net_ratelimit: 4 callbacks suppressed [ 730.345904][T19628] netlink: zone id is out of range [ 730.444081][T19626] netlink: set zone limit has 8 unknown bytes [ 730.490091][T19628] netlink: del zone limit has 4 unknown bytes [ 730.587387][T19632] HfR: entered promiscuous mode [ 733.272100][T19703] __vm_enough_memory: pid: 19703, comm: syz.5.1392, bytes: 4398046511104 not enough memory for the allocation [ 738.799669][T19826] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 740.125103][T19852] random: crng reseeded on system resumption [ 742.122669][T19944] __vm_enough_memory: pid: 19944, comm: syz.3.1407, bytes: 4398046511104 not enough memory for the allocation [ 744.241922][T20010] netlink: 'syz.6.1418': attribute type 1 has an invalid length. [ 744.348300][T20017] netlink: 93 bytes leftover after parsing attributes in process `syz.6.1418'. [ 746.580615][T20056] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1412'. [ 746.688757][T20056] mac80211_hwsim hwsim19 : renamed from wlan0 (while UP) [ 746.900780][T20063] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 747.617981][T20065] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 749.864602][T20097] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 750.796929][T20163] netlink: 25 bytes leftover after parsing attributes in process `syz.6.1420'. [ 751.038704][T20172] netlink: 'syz.3.1422': attribute type 1 has an invalid length. [ 751.155044][T20182] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1422'. [ 757.189473][T20299] serio: Serial port pty6 [ 757.750224][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.756557][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 759.108902][T20333] FAULT_INJECTION: forcing a failure. [ 759.108902][T20333] name failslab, interval 1, probability 0, space 0, times 0 [ 759.108942][T20333] CPU: 0 UID: 0 PID: 20333 Comm: syz.6.1437 Tainted: G U syzkaller #0 PREEMPT(full) [ 759.108975][T20333] Tainted: [U]=USER [ 759.108982][T20333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 759.108997][T20333] Call Trace: [ 759.109004][T20333] [ 759.109012][T20333] dump_stack_lvl+0x16c/0x1f0 [ 759.109053][T20333] should_fail_ex+0x512/0x640 [ 759.109090][T20333] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 759.109122][T20333] should_failslab+0xc2/0x120 [ 759.109155][T20333] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 759.109184][T20333] ? sk_prot_alloc+0x60/0x2a0 [ 759.109213][T20333] sk_prot_alloc+0x60/0x2a0 [ 759.109240][T20333] sk_alloc+0x36/0xc20 [ 759.109275][T20333] __vsock_create.constprop.0+0x3c/0xbb0 [ 759.109308][T20333] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 759.109347][T20333] vsock_create+0x139/0x500 [ 759.109385][T20333] __sock_create+0x335/0x8d0 [ 759.109418][T20333] __sys_socket+0x14d/0x260 [ 759.109454][T20333] ? __pfx___sys_socket+0x10/0x10 [ 759.109483][T20333] ? xfd_validate_state+0x61/0x180 [ 759.109520][T20333] ? __task_pid_nr_ns+0x17c/0x500 [ 759.109562][T20333] __x64_sys_socket+0x72/0xb0 [ 759.109590][T20333] ? lockdep_hardirqs_on+0x7c/0x110 [ 759.109626][T20333] do_syscall_64+0xcd/0x4c0 [ 759.109649][T20333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.109676][T20333] RIP: 0033:0x7fd558f8eba9 [ 759.109700][T20333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.109724][T20333] RSP: 002b:00007fd559d5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 759.109746][T20333] RAX: ffffffffffffffda RBX: 00007fd5591d5fa0 RCX: 00007fd558f8eba9 [ 759.109762][T20333] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 759.109776][T20333] RBP: 00007fd559011e19 R08: 0000000000000000 R09: 0000000000000000 [ 759.109790][T20333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.109804][T20333] R13: 00007fd5591d6038 R14: 00007fd5591d5fa0 R15: 00007fff7033e498 [ 759.109834][T20333] [ 763.455373][T20386] ubi0: attaching mtd0 [ 763.482405][T20386] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 770.372189][T20542] netlink: zone id is out of range [ 770.377357][T20542] netlink: zone id is out of range [ 770.440789][T20542] netlink: zone id is out of range [ 770.458740][T20542] netlink: zone id is out of range [ 770.497419][T20542] netlink: zone id is out of range [ 770.523733][T20542] netlink: zone id is out of range [ 770.554036][T20542] netlink: zone id is out of range [ 770.589861][T20542] netlink: zone id is out of range [ 770.624043][T20542] netlink: zone id is out of range [ 770.645617][T20542] netlink: zone id is out of range [ 771.113990][T20553] FAULT_INJECTION: forcing a failure. [ 771.113990][T20553] name failslab, interval 1, probability 0, space 0, times 0 [ 771.193576][T20553] CPU: 0 UID: 0 PID: 20553 Comm: syz.5.1450 Tainted: G U syzkaller #0 PREEMPT(full) [ 771.193615][T20553] Tainted: [U]=USER [ 771.193623][T20553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 771.193637][T20553] Call Trace: [ 771.193644][T20553] [ 771.193653][T20553] dump_stack_lvl+0x16c/0x1f0 [ 771.193695][T20553] should_fail_ex+0x512/0x640 [ 771.193733][T20553] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 771.193766][T20553] should_failslab+0xc2/0x120 [ 771.193804][T20553] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 771.193833][T20553] ? sk_prot_alloc+0x60/0x2a0 [ 771.193862][T20553] sk_prot_alloc+0x60/0x2a0 [ 771.193890][T20553] sk_alloc+0x36/0xc20 [ 771.193924][T20553] __vsock_create.constprop.0+0x3c/0xbb0 [ 771.193959][T20553] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 771.193997][T20553] vsock_create+0x139/0x500 [ 771.194039][T20553] __sock_create+0x335/0x8d0 [ 771.194075][T20553] __sys_socket+0x14d/0x260 [ 771.194103][T20553] ? __pfx___sys_socket+0x10/0x10 [ 771.194132][T20553] ? xfd_validate_state+0x61/0x180 [ 771.194166][T20553] ? __task_pid_nr_ns+0x17c/0x500 [ 771.194212][T20553] __x64_sys_socket+0x72/0xb0 [ 771.194240][T20553] ? lockdep_hardirqs_on+0x7c/0x110 [ 771.194276][T20553] do_syscall_64+0xcd/0x4c0 [ 771.194300][T20553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.194325][T20553] RIP: 0033:0x7f9c8b18eba9 [ 771.194343][T20553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.194367][T20553] RSP: 002b:00007f9c893f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 771.194389][T20553] RAX: ffffffffffffffda RBX: 00007f9c8b3d5fa0 RCX: 00007f9c8b18eba9 [ 771.194405][T20553] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 771.194419][T20553] RBP: 00007f9c8b211e19 R08: 0000000000000000 R09: 0000000000000000 [ 771.194433][T20553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.194446][T20553] R13: 00007f9c8b3d6038 R14: 00007f9c8b3d5fa0 R15: 00007fff93601f78 [ 771.194476][T20553] [ 773.899354][T20620] serio: Serial port pty6 [ 776.000950][T20695] random: crng reseeded on system resumption [ 777.362215][T20738] FAULT_INJECTION: forcing a failure. [ 777.362215][T20738] name failslab, interval 1, probability 0, space 0, times 0 [ 777.627943][T20738] CPU: 0 UID: 0 PID: 20738 Comm: syz.4.1461 Tainted: G U syzkaller #0 PREEMPT(full) [ 777.627988][T20738] Tainted: [U]=USER [ 777.627996][T20738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 777.628010][T20738] Call Trace: [ 777.628017][T20738] [ 777.628026][T20738] dump_stack_lvl+0x16c/0x1f0 [ 777.628067][T20738] should_fail_ex+0x512/0x640 [ 777.628109][T20738] should_failslab+0xc2/0x120 [ 777.628143][T20738] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 777.628173][T20738] ? zswap_store+0x839/0x25a0 [ 777.628215][T20738] zswap_store+0x839/0x25a0 [ 777.628263][T20738] ? __pfx_zswap_store+0x10/0x10 [ 777.628300][T20738] ? do_raw_spin_lock+0x12c/0x2b0 [ 777.628340][T20738] ? find_held_lock+0x2b/0x80 [ 777.628364][T20738] ? folio_free_swap+0x171/0x580 [ 777.628396][T20738] ? do_raw_spin_unlock+0x172/0x230 [ 777.628433][T20738] ? swp_swap_info+0xce/0x130 [ 777.628472][T20738] ? __pfx_swp_swap_info+0x10/0x10 [ 777.628507][T20738] ? mod_memcg_lruvec_state+0x389/0x5f0 [ 777.628551][T20738] swap_writeout+0x3b2/0xfe0 [ 777.628588][T20738] ? mark_held_locks+0x49/0x80 [ 777.628619][T20738] ? _raw_spin_unlock_irq+0x23/0x50 [ 777.628655][T20738] shmem_writeout+0xc29/0x1140 [ 777.628686][T20738] ? __pfx_shmem_writeout+0x10/0x10 [ 777.628717][T20738] ? inode_to_bdi+0x9e/0x160 [ 777.628747][T20738] ? folio_clear_dirty_for_io+0x112/0x810 [ 777.628790][T20738] shrink_folio_list+0x2f4c/0x4880 [ 777.628825][T20738] ? __pfx_shrink_folio_list+0x10/0x10 [ 777.628851][T20738] ? __page_table_check_puds_set+0x1e0/0x250 [ 777.628884][T20738] ? lockdep_hardirqs_on+0x7c/0x110 [ 777.628930][T20738] ? get_page_from_freelist+0x132b/0x38e0 [ 777.628996][T20738] reclaim_folio_list+0xda/0x5d0 [ 777.629025][T20738] ? __pfx_reclaim_folio_list+0x10/0x10 [ 777.629063][T20738] ? css_rstat_updated+0x1c2/0x510 [ 777.629093][T20738] ? do_raw_spin_lock+0x12c/0x2b0 [ 777.629128][T20738] ? lru_gen_del_folio+0x32b/0x540 [ 777.629153][T20738] reclaim_pages+0x47b/0x650 [ 777.629182][T20738] ? __pfx_reclaim_pages+0x10/0x10 [ 777.629206][T20738] ? find_held_lock+0x2b/0x80 [ 777.629230][T20738] ? madvise_cold_or_pageout_pte_range+0x749/0x2120 [ 777.629272][T20738] madvise_cold_or_pageout_pte_range+0x1546/0x2120 [ 777.629322][T20738] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 777.629371][T20738] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 777.629410][T20738] walk_pgd_range+0xc02/0x1f50 [ 777.629466][T20738] ? __pfx_walk_pgd_range+0x10/0x10 [ 777.629497][T20738] ? __pfx___up_read+0x10/0x10 [ 777.629531][T20738] ? inode_to_bdi+0x9e/0x160 [ 777.629567][T20738] __walk_page_range+0x163/0x820 [ 777.629601][T20738] ? __lock_acquire+0xb97/0x1ce0 [ 777.629640][T20738] walk_page_range_vma+0x2c7/0xa20 [ 777.629674][T20738] ? __pfx_walk_page_range_vma+0x10/0x10 [ 777.629706][T20738] ? find_held_lock+0x2b/0x80 [ 777.629741][T20738] madvise_pageout+0x257/0x540 [ 777.629774][T20738] ? __pfx_madvise_pageout+0x10/0x10 [ 777.629806][T20738] ? finish_task_switch.isra.0+0x21c/0xc10 [ 777.629852][T20738] madvise_vma_behavior+0xb22/0x2d60 [ 777.629891][T20738] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 777.629928][T20738] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 777.629967][T20738] ? __pfx_mas_prev+0x10/0x10 [ 777.630011][T20738] ? find_vma_prev+0xda/0x160 [ 777.630043][T20738] ? find_held_lock+0x2b/0x80 [ 777.630066][T20738] ? __pfx_find_vma_prev+0x10/0x10 [ 777.630100][T20738] ? futex_unqueue+0x133/0x2c0 [ 777.630137][T20738] ? __futex_wait+0x24c/0x2f0 [ 777.630177][T20738] madvise_walk_vmas+0x31f/0x9c0 [ 777.630218][T20738] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 777.630261][T20738] madvise_do_behavior+0x1e2/0x530 [ 777.630295][T20738] ? futex_private_hash_put+0x18a/0x300 [ 777.630324][T20738] ? __pfx_madvise_do_behavior+0x10/0x10 [ 777.630362][T20738] ? down_read+0x13d/0x480 [ 777.630399][T20738] do_madvise+0x176/0x240 [ 777.630432][T20738] ? __pfx_do_madvise+0x10/0x10 [ 777.630473][T20738] ? do_futex+0x122/0x350 [ 777.630525][T20738] ? syscall_user_dispatch+0x78/0x140 [ 777.630569][T20738] __x64_sys_madvise+0xa9/0x110 [ 777.630605][T20738] do_syscall_64+0xcd/0x4c0 [ 777.630629][T20738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.630654][T20738] RIP: 0033:0x7ff1b418eba9 [ 777.630673][T20738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 777.630697][T20738] RSP: 002b:00007ff1b5055038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 777.630719][T20738] RAX: ffffffffffffffda RBX: 00007ff1b43d6270 RCX: 00007ff1b418eba9 [ 777.630735][T20738] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 777.630749][T20738] RBP: 00007ff1b4211e19 R08: 0000000000000000 R09: 0000000000000000 [ 777.630763][T20738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 777.630777][T20738] R13: 00007ff1b43d6308 R14: 00007ff1b43d6270 R15: 00007fffb37e3d38 [ 777.630807][T20738] [ 786.008995][T20925] random: crng reseeded on system resumption [ 789.112321][T20974] FAULT_INJECTION: forcing a failure. [ 789.112321][T20974] name fail_futex, interval 1, probability 0, space 0, times 0 [ 789.362866][T20974] CPU: 0 UID: 0 PID: 20974 Comm: syz.6.1485 Tainted: G U syzkaller #0 PREEMPT(full) [ 789.362906][T20974] Tainted: [U]=USER [ 789.362914][T20974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 789.362929][T20974] Call Trace: [ 789.362937][T20974] [ 789.362946][T20974] dump_stack_lvl+0x16c/0x1f0 [ 789.362988][T20974] should_fail_ex+0x512/0x640 [ 789.363031][T20974] get_futex_key+0x1d0/0x1560 [ 789.363065][T20974] ? __pfx_get_futex_key+0x10/0x10 [ 789.363096][T20974] ? __pick_eevdf+0x30a/0x670 [ 789.363130][T20974] futex_wait_setup+0x9d/0x550 [ 789.363176][T20974] __futex_wait+0x194/0x2f0 [ 789.363214][T20974] ? __pfx___futex_wait+0x10/0x10 [ 789.363256][T20974] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 789.363290][T20974] ? lockdep_hardirqs_on+0x7c/0x110 [ 789.363333][T20974] ? __pfx_futex_wake_mark+0x10/0x10 [ 789.363374][T20974] ? futex_private_hash_put+0x176/0x300 [ 789.363407][T20974] ? futex_private_hash_put+0x18a/0x300 [ 789.363438][T20974] futex_wait+0xe8/0x380 [ 789.363473][T20974] ? __pfx_futex_wait+0x10/0x10 [ 789.363516][T20974] ? kmem_cache_free+0x2d1/0x4d0 [ 789.363542][T20974] ? fd_install+0x225/0x750 [ 789.363565][T20974] ? putname+0x154/0x1a0 [ 789.363603][T20974] do_futex+0x229/0x350 [ 789.363634][T20974] ? __pfx_do_futex+0x10/0x10 [ 789.363672][T20974] __x64_sys_futex+0x1e0/0x4c0 [ 789.363705][T20974] ? __x64_sys_openat+0x174/0x210 [ 789.363727][T20974] ? __pfx___x64_sys_futex+0x10/0x10 [ 789.363758][T20974] ? xfd_validate_state+0x61/0x180 [ 789.363804][T20974] do_syscall_64+0xcd/0x4c0 [ 789.363827][T20974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.363851][T20974] RIP: 0033:0x7fd558f8eba9 [ 789.363870][T20974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 789.363894][T20974] RSP: 002b:00007fd5571f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 789.363917][T20974] RAX: ffffffffffffffda RBX: 00007fd5591d6188 RCX: 00007fd558f8eba9 [ 789.363933][T20974] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd5591d6188 [ 789.363948][T20974] RBP: 00007fd5591d6180 R08: 0000000000000000 R09: 0000000000000000 [ 789.363962][T20974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.363976][T20974] R13: 00007fd5591d6218 R14: 00007fff7033e3b0 R15: 00007fff7033e498 [ 789.364006][T20974] [ 790.607306][T20972] netlink: 'syz.6.1485': attribute type 1 has an invalid length. [ 793.064356][T21023] kexec: Could not allocate control_code_buffer [ 793.166770][T21042] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input29 [ 793.342312][T19636] Process accounting resumed [ 795.653777][T16309] Bluetooth: hci4: command 0x0406 tx timeout [ 796.739546][T21086] FAULT_INJECTION: forcing a failure. [ 796.739546][T21086] name fail_futex, interval 1, probability 0, space 0, times 0 [ 796.805037][T21086] CPU: 0 UID: 0 PID: 21086 Comm: syz.3.1499 Tainted: G U syzkaller #0 PREEMPT(full) [ 796.805076][T21086] Tainted: [U]=USER [ 796.805083][T21086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 796.805098][T21086] Call Trace: [ 796.805105][T21086] [ 796.805114][T21086] dump_stack_lvl+0x16c/0x1f0 [ 796.805154][T21086] should_fail_ex+0x512/0x640 [ 796.805191][T21086] ? unwind_get_return_address+0x59/0xa0 [ 796.805219][T21086] get_futex_key+0x1d0/0x1560 [ 796.805253][T21086] ? __pfx_get_futex_key+0x10/0x10 [ 796.805282][T21086] ? stack_trace_save+0x8e/0xc0 [ 796.805309][T21086] ? __pfx_stack_trace_save+0x10/0x10 [ 796.805342][T21086] futex_wait_setup+0x9d/0x550 [ 796.805386][T21086] __futex_wait+0x194/0x2f0 [ 796.805424][T21086] ? __pfx___futex_wait+0x10/0x10 [ 796.805465][T21086] ? __pfx_futex_wake_mark+0x10/0x10 [ 796.805513][T21086] ? futex_private_hash_put+0x176/0x300 [ 796.805546][T21086] ? futex_private_hash_put+0x18a/0x300 [ 796.805577][T21086] futex_wait+0xe8/0x380 [ 796.805613][T21086] ? __pfx_futex_wait+0x10/0x10 [ 796.805655][T21086] ? kmem_cache_free+0x2d1/0x4d0 [ 796.805682][T21086] ? fd_install+0x225/0x750 [ 796.805706][T21086] ? putname+0x154/0x1a0 [ 796.805744][T21086] do_futex+0x229/0x350 [ 796.805775][T21086] ? __pfx_do_futex+0x10/0x10 [ 796.805814][T21086] __x64_sys_futex+0x1e0/0x4c0 [ 796.805847][T21086] ? __x64_sys_openat+0x174/0x210 [ 796.805868][T21086] ? __pfx___x64_sys_futex+0x10/0x10 [ 796.805911][T21086] do_syscall_64+0xcd/0x4c0 [ 796.805934][T21086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.805959][T21086] RIP: 0033:0x7f048258eba9 [ 796.805977][T21086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.806001][T21086] RSP: 002b:00007f04834130e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 796.806023][T21086] RAX: ffffffffffffffda RBX: 00007f04827d5fa8 RCX: 00007f048258eba9 [ 796.806039][T21086] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f04827d5fa8 [ 796.806057][T21086] RBP: 00007f04827d5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 796.806071][T21086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.806086][T21086] R13: 00007f04827d6038 R14: 00007fff11279c70 R15: 00007fff11279d58 [ 796.806115][T21086] [ 797.045089][T21088] netlink: 'syz.3.1499': attribute type 1 has an invalid length. [ 797.191130][T21100] usb usb17: usbfs: process 21100 (syz.6.1501) did not claim interface 0 before use [ 797.244062][T21125] HfR: entered promiscuous mode [ 797.411028][T21131] FAULT_INJECTION: forcing a failure. [ 797.411028][T21131] name failslab, interval 1, probability 0, space 0, times 0 [ 797.464288][T21131] CPU: 0 UID: 0 PID: 21131 Comm: syz.3.1504 Tainted: G U syzkaller #0 PREEMPT(full) [ 797.464328][T21131] Tainted: [U]=USER [ 797.464336][T21131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 797.464350][T21131] Call Trace: [ 797.464365][T21131] [ 797.464373][T21131] dump_stack_lvl+0x16c/0x1f0 [ 797.464416][T21131] should_fail_ex+0x512/0x640 [ 797.464453][T21131] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 797.464486][T21131] should_failslab+0xc2/0x120 [ 797.464519][T21131] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 797.464546][T21131] ? __proc_create+0xc3/0x8e0 [ 797.464581][T21131] ? __proc_create+0x2ce/0x8e0 [ 797.464619][T21131] __proc_create+0x2ce/0x8e0 [ 797.464655][T21131] ? __pfx___proc_create+0x10/0x10 [ 797.464695][T21131] ? _raw_write_unlock+0x28/0x50 [ 797.464729][T21131] ? proc_register+0x559/0x8b0 [ 797.464768][T21131] proc_create_reg+0x7d/0x180 [ 797.464805][T21131] ? __pfx_sockstat6_seq_show+0x10/0x10 [ 797.464839][T21131] proc_create_net_single+0x86/0x180 [ 797.464877][T21131] ? __pfx_proc_create_net_single+0x10/0x10 [ 797.464916][T21131] ? __pfx_ndisc_net_init+0x10/0x10 [ 797.464953][T21131] ? __pfx_ipv6_proc_init_net+0x10/0x10 [ 797.464986][T21131] ipv6_proc_init_net+0x56/0x1e0 [ 797.465019][T21131] ops_init+0x1e2/0x5f0 [ 797.465044][T21131] setup_net+0x10f/0x380 [ 797.465063][T21131] ? lockdep_init_map_type+0x5c/0x280 [ 797.465097][T21131] ? __pfx_setup_net+0x10/0x10 [ 797.465121][T21131] ? debug_mutex_init+0x37/0x70 [ 797.465148][T21131] copy_net_ns+0x2a6/0x5f0 [ 797.465175][T21131] create_new_namespaces+0x3ea/0xa90 [ 797.465210][T21131] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 797.465241][T21131] ksys_unshare+0x45b/0xa40 [ 797.465275][T21131] ? __pfx_ksys_unshare+0x10/0x10 [ 797.465313][T21131] ? xfd_validate_state+0x61/0x180 [ 797.465367][T21131] __x64_sys_unshare+0x31/0x40 [ 797.465400][T21131] do_syscall_64+0xcd/0x4c0 [ 797.465424][T21131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.465448][T21131] RIP: 0033:0x7f048258eba9 [ 797.465467][T21131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.465491][T21131] RSP: 002b:00007f0483413038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 797.465513][T21131] RAX: ffffffffffffffda RBX: 00007f04827d5fa0 RCX: 00007f048258eba9 [ 797.465529][T21131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 797.465543][T21131] RBP: 00007f0482611e19 R08: 0000000000000000 R09: 0000000000000000 [ 797.465557][T21131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 797.465572][T21131] R13: 00007f04827d6038 R14: 00007f04827d5fa0 R15: 00007fff11279d58 [ 797.465602][T21131] [ 808.685945][T21291] FAULT_INJECTION: forcing a failure. [ 808.685945][T21291] name fail_futex, interval 1, probability 0, space 0, times 0 [ 809.050398][T21291] CPU: 0 UID: 0 PID: 21291 Comm: syz.5.1521 Tainted: G U syzkaller #0 PREEMPT(full) [ 809.050436][T21291] Tainted: [U]=USER [ 809.050444][T21291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 809.050459][T21291] Call Trace: [ 809.050466][T21291] [ 809.050475][T21291] dump_stack_lvl+0x16c/0x1f0 [ 809.050518][T21291] should_fail_ex+0x512/0x640 [ 809.050561][T21291] get_futex_key+0x1d0/0x1560 [ 809.050596][T21291] ? __pfx_get_futex_key+0x10/0x10 [ 809.050628][T21291] ? do_raw_spin_lock+0x12c/0x2b0 [ 809.050672][T21291] futex_wake+0xea/0x530 [ 809.050707][T21291] ? find_held_lock+0x2b/0x80 [ 809.050733][T21291] ? __pfx_futex_wake+0x10/0x10 [ 809.050767][T21291] ? rcu_is_watching+0x12/0xc0 [ 809.050792][T21291] ? lockdep_hardirqs_on+0x7c/0x110 [ 809.050830][T21291] ? posix_timer_unhash_and_free+0x375/0x400 [ 809.050864][T21291] ? posix_cpu_timer_create+0x257/0x4a0 [ 809.050897][T21291] do_futex+0x1e3/0x350 [ 809.050929][T21291] ? __pfx_do_futex+0x10/0x10 [ 809.050968][T21291] __x64_sys_futex+0x1e0/0x4c0 [ 809.051001][T21291] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 809.051039][T21291] ? __pfx___x64_sys_futex+0x10/0x10 [ 809.051071][T21291] ? xfd_validate_state+0x61/0x180 [ 809.051107][T21291] ? __task_pid_nr_ns+0x17c/0x500 [ 809.051150][T21291] do_syscall_64+0xcd/0x4c0 [ 809.051173][T21291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.051198][T21291] RIP: 0033:0x7f9c8b18eba9 [ 809.051216][T21291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 809.051241][T21291] RSP: 002b:00007f9c893f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 809.051263][T21291] RAX: ffffffffffffffda RBX: 00007f9c8b3d5fa8 RCX: 00007f9c8b18eba9 [ 809.051279][T21291] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9c8b3d5fac [ 809.051293][T21291] RBP: 00007f9c8b3d5fa0 R08: 00007f9c8bf18000 R09: 0000000000000000 [ 809.051308][T21291] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 809.051323][T21291] R13: 00007f9c8b3d6038 R14: 00007fff93601e90 R15: 00007fff93601f78 [ 809.051352][T21291] [ 811.928977][T21422] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input31 [ 812.064052][ T10] Process accounting resumed [ 813.496017][T21457] futex_wake_op: syz.6.1531 tries to shift op by -9; fix this program [ 814.698872][ T31] INFO: task kworker/u10:0:16286 blocked for more than 143 seconds. [ 814.706909][ T31] Tainted: G U syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 814.789979][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 814.888517][ T31] task:kworker/u10:0 state:D stack:26952 pid:16286 tgid:16286 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 814.954742][ T31] Workqueue: netns cleanup_net [ 814.982843][ T31] Call Trace: [ 814.986172][ T31] [ 815.060136][ T31] __schedule+0x1190/0x5de0 [ 815.064732][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 815.118504][ T31] ? __pfx___schedule+0x10/0x10 [ 815.161400][ T31] ? find_held_lock+0x2b/0x80 [ 815.207605][ T31] ? schedule+0x2d7/0x3a0 [ 815.236542][ T31] schedule+0xe7/0x3a0 [ 815.277006][ T31] schedule_timeout+0x257/0x290 [ 815.318020][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 815.360623][ T31] ? mark_held_locks+0x49/0x80 [ 815.365451][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 815.409551][ T31] __wait_for_common+0x2fc/0x4e0 [ 815.446679][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 815.474088][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 815.505812][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 815.534745][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 815.564632][ T31] __flush_workqueue+0x3e2/0x1230 [ 815.593867][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 815.625661][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 815.657516][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 815.718491][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 815.786642][ T31] rds_tcp_listen_stop+0x104/0x150 [ 815.849656][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 815.855121][ T31] rds_tcp_exit_net+0xcb/0x810 [ 815.958467][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 815.963906][ T31] ? __pfx___might_resched+0x10/0x10 [ 816.018614][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 816.024163][ T31] ops_undo_list+0x2ee/0xab0 [ 816.061345][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 816.066560][ T31] ? cleanup_net+0x334/0x890 [ 816.138056][ T31] ? idr_destroy+0x62/0x2e0 [ 816.167790][ T31] cleanup_net+0x408/0x890 [ 816.178794][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 816.183772][ T31] ? rcu_is_watching+0x12/0xc0 [ 816.238473][ T31] process_one_work+0x9cf/0x1b70 [ 816.243496][ T31] ? __pfx_process_one_work+0x10/0x10 [ 816.298466][ T31] ? assign_work+0x1a0/0x250 [ 816.303176][ T31] worker_thread+0x6c8/0xf10 [ 816.307796][ T31] ? __pfx_worker_thread+0x10/0x10 [ 816.368823][ T31] kthread+0x3c5/0x780 [ 816.372964][ T31] ? __pfx_kthread+0x10/0x10 [ 816.377598][ T31] ? rcu_is_watching+0x12/0xc0 [ 816.432229][ T31] ? __pfx_kthread+0x10/0x10 [ 816.436965][ T31] ret_from_fork+0x56d/0x730 [ 816.498488][ T31] ? __pfx_kthread+0x10/0x10 [ 816.503178][ T31] ret_from_fork_asm+0x1a/0x30 [ 816.507976][ T31] [ 816.561706][ T31] INFO: task syz.0.1277:16981 blocked for more than 145 seconds. [ 816.621994][ T31] Tainted: G U syzkaller #0 [ 816.668687][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 816.677415][ T31] task:syz.0.1277 state:D stack:27032 pid:16981 tgid:16968 ppid:5870 task_flags:0x400140 flags:0x00004006 [ 816.768533][ T31] Call Trace: [ 816.771860][ T31] [ 816.774804][ T31] __schedule+0x1190/0x5de0 [ 816.808449][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 816.813458][ T31] ? __pfx___schedule+0x10/0x10 [ 816.818339][ T31] ? find_held_lock+0x2b/0x80 [ 816.863144][ T31] ? schedule+0x2d7/0x3a0 [ 816.867542][ T31] schedule+0xe7/0x3a0 [ 816.898464][ T31] schedule_timeout+0x257/0x290 [ 816.903383][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 816.933678][ T31] ? mark_held_locks+0x49/0x80 [ 816.962850][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 816.968114][ T31] __wait_for_common+0x2fc/0x4e0 [ 817.001842][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 817.007284][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 817.046794][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 817.059102][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 817.064979][ T31] __flush_workqueue+0x3e2/0x1230 [ 817.103596][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 817.128451][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 817.133797][ T31] ? release_sock+0x21/0x220 [ 817.168260][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 817.198579][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 817.203926][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 817.228446][ T31] rds_tcp_listen_stop+0x104/0x150 [ 817.233621][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 817.291866][ T31] rds_tcp_exit_net+0xcb/0x810 [ 817.296696][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 817.328713][ T31] ? __pfx___might_resched+0x10/0x10 [ 817.334065][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 817.366449][ T31] ops_undo_list+0x2ee/0xab0 [ 817.378633][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 817.383806][ T31] ? ops_init+0x2fa/0x5f0 [ 817.388153][ T31] setup_net+0x1f1/0x380 [ 817.418917][ T31] ? lockdep_set_lock_cmp_fn+0xc1/0xe0 [ 817.424476][ T31] ? __pfx_setup_net+0x10/0x10 [ 817.438701][ T31] ? debug_mutex_init+0x37/0x70 [ 817.443684][ T31] copy_net_ns+0x2a6/0x5f0 [ 817.448133][ T31] create_new_namespaces+0x3ea/0xa90 [ 817.478671][ T31] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 817.484402][ T31] ksys_unshare+0x45b/0xa40 [ 817.512181][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 817.517372][ T31] ? xfd_validate_state+0x61/0x180 [ 817.538431][ T31] __x64_sys_unshare+0x31/0x40 [ 817.543293][ T31] do_syscall_64+0xcd/0x4c0 [ 817.547853][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.582070][ T31] RIP: 0033:0x7f44b238eba9 [ 817.586618][ T31] RSP: 002b:00007f44af9cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 817.613397][ T31] RAX: ffffffffffffffda RBX: 00007f44b25d6450 RCX: 00007f44b238eba9 [ 817.629916][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 817.637928][ T31] RBP: 00007f44b2411e19 R08: 0000000000000000 R09: 0000000000000000 [ 817.648934][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.656933][ T31] R13: 00007f44b25d64e8 R14: 00007f44b25d6450 R15: 00007ffef6b89a68 [ 817.672252][ T31] [ 817.790861][ T31] [ 817.790861][ T31] Showing all locks held in the system: [ 817.841794][ T31] 1 lock held by khungtaskd/31: [ 817.846685][ T31] #0: ffffffff8e5c1420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 817.938449][ T31] 3 locks held by kworker/u10:0/16286: [ 817.943978][ T31] #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 818.031772][ T31] #1: ffffc90018887d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 818.083711][ T31] #2: ffffffff903728d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 818.125098][ T31] 2 locks held by getty/16419: [ 818.141748][ T31] #0: ffff88814dd060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 818.181700][ T31] #1: ffffc900032602f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 818.238556][ T31] 1 lock held by syz.0.1277/16981: [ 818.243710][ T31] #0: ffffffff903728d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 818.308454][ T31] 5 locks held by syz-executor/17258: [ 818.313885][ T31] #0: ffff88803036cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 818.408516][ T31] #1: ffff88803036c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 818.418266][ T31] #2: ffffffff905f11e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 818.484584][ T31] #3: ffff88805a2d3338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 818.534599][ T31] #4: ffffffff8e5cc9b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 [ 818.554365][ T31] 1 lock held by syz.2.1320/17795: [ 818.563855][ T31] #0: ffffffff903728d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 818.577025][ T31] 1 lock held by syz.1.1332/18159: [ 818.582580][ T31] #0: ffffffff903728d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 818.598649][ T31] 3 locks held by syz.5.1521/21308: [ 818.603893][ T31] #0: ffff888056a4cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 818.617296][ T31] #1: ffff888056a4c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 818.627293][ T31] #2: ffffffff905f11e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 818.642659][ T31] 1 lock held by syz.3.1530/21443: [ 818.647803][ T31] #0: ffffffff90388bc8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 [ 818.658176][ T31] 1 lock held by syz.6.1533/21467: [ 818.666457][ T31] #0: ffffffff8e5cc9b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 818.753179][ T31] [ 818.755543][ T31] ============================================= [ 818.755543][ T31] [ 818.855984][ T31] NMI backtrace for cpu 0 [ 818.856007][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 818.856040][ T31] Tainted: [U]=USER [ 818.856048][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 818.856060][ T31] Call Trace: [ 818.856068][ T31] [ 818.856077][ T31] dump_stack_lvl+0x116/0x1f0 [ 818.856119][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 818.856145][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 818.856181][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 818.856217][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 818.856249][ T31] watchdog+0xf0e/0x1260 [ 818.856289][ T31] ? __pfx_watchdog+0x10/0x10 [ 818.856322][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 818.856358][ T31] ? __kthread_parkme+0x19e/0x250 [ 818.856395][ T31] ? __pfx_watchdog+0x10/0x10 [ 818.856429][ T31] kthread+0x3c5/0x780 [ 818.856464][ T31] ? __pfx_kthread+0x10/0x10 [ 818.856500][ T31] ? rcu_is_watching+0x12/0xc0 [ 818.856524][ T31] ? __pfx_kthread+0x10/0x10 [ 818.856559][ T31] ret_from_fork+0x56d/0x730 [ 818.856594][ T31] ? __pfx_kthread+0x10/0x10 [ 818.856629][ T31] ret_from_fork_asm+0x1a/0x30 [ 818.856671][ T31] [ 818.856686][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 818.984424][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 818.995109][ T31] Tainted: [U]=USER [ 818.998930][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 819.008987][ T31] Call Trace: [ 819.012268][ T31] [ 819.015205][ T31] dump_stack_lvl+0x3d/0x1f0 [ 819.019816][ T31] vpanic+0x6e8/0x7a0 [ 819.023822][ T31] ? __pfx_vpanic+0x10/0x10 [ 819.028348][ T31] panic+0xca/0xd0 [ 819.032106][ T31] ? __pfx_panic+0x10/0x10 [ 819.036552][ T31] ? nmi_backtrace_stall_check+0x6e/0x540 [ 819.042283][ T31] ? irq_work_queue+0xce/0x100 [ 819.047068][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 819.053066][ T31] ? __wake_up_klogd.part.0+0x99/0xf0 [ 819.058457][ T31] ? watchdog+0xd78/0x1260 [ 819.062890][ T31] ? watchdog+0xd6b/0x1260 [ 819.067345][ T31] watchdog+0xd89/0x1260 [ 819.071617][ T31] ? __pfx_watchdog+0x10/0x10 [ 819.076314][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 819.081538][ T31] ? __kthread_parkme+0x19e/0x250 [ 819.086578][ T31] ? __pfx_watchdog+0x10/0x10 [ 819.091275][ T31] kthread+0x3c5/0x780 [ 819.095381][ T31] ? __pfx_kthread+0x10/0x10 [ 819.100008][ T31] ? rcu_is_watching+0x12/0xc0 [ 819.104783][ T31] ? __pfx_kthread+0x10/0x10 [ 819.109396][ T31] ret_from_fork+0x56d/0x730 [ 819.114004][ T31] ? __pfx_kthread+0x10/0x10 [ 819.118612][ T31] ret_from_fork_asm+0x1a/0x30 [ 819.123402][ T31] [ 819.126500][ T31] Kernel Offset: disabled [ 819.130833][ T31] Rebooting in 86400 seconds..