last executing test programs: 1m41.517787968s ago: executing program 3 (id=602): r0 = mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0) ftruncate$auto(r0, 0x10000000004) syz_clone3(&(0x7f0000000100)={0x13088000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000000)=0x200000000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/net/rpc/nfs4.nametoid/flush\x00', 0x4c0800, 0x0) read$auto(r2, 0x0, 0x2401) alarm$auto(0x2) write$auto(0xca, &(0x7f0000000300)='\x00', 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0xa, 0x1, 0x84) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r5], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x20040850) mmap$auto(0x3, 0x400008, 0x40000000000df, 0x9b72, 0x2, 0x5b1) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f00000001c0)) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r7, 0x5001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x3e, 0x20000000000001, 0x0, 0xfffffffffffffffd, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) 1m40.57725002s ago: executing program 3 (id=605): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram7\x00', 0x60742, 0x0) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x4008084) bpf$auto(0xfffff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x204000, 0x8000, 0x468, 0x9, 0x2, 0x4, 0x2, 0x0, 0x200, 0x1ff, 0xb6, 0x4, 0x3, 0x3}, 0x7fff) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 1m40.425123973s ago: executing program 3 (id=607): socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000000)=0x1) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event\x00', 0x40800, 0x0) socket(0x21, 0x1, 0x100) r1 = socket(0x2, 0x80002, 0x73) getsockopt$auto_SO_RCVTIMEO_OLD(r1, 0x1, 0x14, &(0x7f0000000000)='\x00', &(0x7f0000000100)=0x68) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x29e4}, 0xe8) read$auto_fops_u8_(0xffffffffffffffff, &(0x7f0000001e40)=""/109, 0x6d) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x5, 0x15f4da0a, 0x100000000003, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(r3, 0x4, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100), 0x4) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1f9, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x4, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) pread64$auto(r0, &(0x7f0000002680)='/dev/snapshot\x00', 0x73528428, 0x3) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) setfsuid$auto(0x0) 1m39.366606526s ago: executing program 3 (id=612): mmap$auto(0x1fffffffefff, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) prctl$auto(0x41555856, 0xc, 0x2008, 0x0, 0x0) r0 = socket(0xa, 0x3, 0x3a) ioctl$auto(r0, 0x890c, 0x1) 1m39.204365426s ago: executing program 3 (id=613): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd0\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x6, 0x40e32, 0x402, 0x300000000000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages\x00', 0x480, 0x0) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x24, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xb78}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x140000e4) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000340)=""/152, 0x98) tkill$auto(0x1, 0x7) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_VENDOR(r5, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000001700)={0x14, r6, 0x705, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$auto_FIBMAP(r5, 0x1, 0x401) pipe$auto(0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) socket(0x2, 0x1, 0x0) pipe$auto(0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r7 = openat$auto_stats_fops_2(0xffffffffffffff9c, &(0x7f000000b000), 0x80, 0x0) pread64$auto(r7, &(0x7f000000b040)='\xe8', 0xb, 0x8) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D0p\x00', 0x80, 0x0) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) ioctl$auto(r0, 0xab05, 0xffffffffffffffff) 1m38.424913794s ago: executing program 3 (id=618): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000240)={{0x6, 0x1, 0x1, 0x8}, "9693e5a374c8f3bf18d67b0eef4fe8e3d0634e094ed76da8c51b2902b8d087f8e6e14f2fc4176c5f1a706bd7e06ad0a6c62dea17fa5fd6d45586d9be548c3fc58188a118731b8ab6c0d5d6e0bc5410fd", 0x5}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000031c0)='/sys/devices/pci0000:00/0000:00:03.0/virtio0/vendor\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000003200)=""/64, 0x40) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000001800)={{0x8, 0x5, 0x8, 0x200}, "dfb2f0254e93744362d79f46b0740b3a91740a656cc233ce0173aca29b21372c6928ec6b04413f9b272b621f00e6d596fdc408db42c6b0dc55d9dd81e4fcca5a5d3ae63a9d73db6e4bc90f3048411a25", 0x7}) 1m38.082793664s ago: executing program 32 (id=618): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000240)={{0x6, 0x1, 0x1, 0x8}, "9693e5a374c8f3bf18d67b0eef4fe8e3d0634e094ed76da8c51b2902b8d087f8e6e14f2fc4176c5f1a706bd7e06ad0a6c62dea17fa5fd6d45586d9be548c3fc58188a118731b8ab6c0d5d6e0bc5410fd", 0x5}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000031c0)='/sys/devices/pci0000:00/0000:00:03.0/virtio0/vendor\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000003200)=""/64, 0x40) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000001800)={{0x8, 0x5, 0x8, 0x200}, "dfb2f0254e93744362d79f46b0740b3a91740a656cc233ce0173aca29b21372c6928ec6b04413f9b272b621f00e6d596fdc408db42c6b0dc55d9dd81e4fcca5a5d3ae63a9d73db6e4bc90f3048411a25", 0x7}) 6.067808746s ago: executing program 2 (id=1001): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x6) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xc7f16bff2a10ba01, 0x0) socket(0x1e, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) socket(0x2, 0x3, 0xa) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x15, 0x5, 0x0) socket(0x10, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf252c00000005002000070000002400320015c42d24e204cfbd78f6dd886edb9cfa5769b179587fa188d5c599003416e1c9"], 0x40}, 0x1, 0x0, 0x0, 0x20000810}, 0x20000010) open(0x0, 0x22240, 0xb0) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1, 0x3}, 0x55) 5.720398845s ago: executing program 2 (id=1004): rt_sigqueueinfo$auto(0x0, 0x9, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x45, 0x7e73, @_sigsys={0x0, 0x7, 0xff}}}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x16, 0x2, 0x6) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC0\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x8000) mmap$auto(0x9, 0x3, 0xfffffffffffffff9, 0xffffffffffffff91, r1, 0x1) rename$auto(&(0x7f00000000c0)=':,\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012601000000f9ff0200edfaf0acc8af0ecd7029fe45c031a45581f04e0af3ba00001dec4a3e34f80970ec3297ab94c7a951081212fc522b3e8f4566e9da6ca90f281a3449251585ea5ccd1a024efa909c48", @ANYRES32=0x4, @ANYBLOB="0800010048665200"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x80) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioprio_set$auto(0x2, 0x800000000, 0x8) mmap$auto(0x0, 0x4, 0x5, 0x40eb2, 0x402, 0x300000000000) io_uring_setup$auto(0x6, 0x0) mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\#[./\',-\x00', 0x7d, 0x9, 0x0) r4 = socket(0x10, 0x2, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)="9929af000b095b6460a41e6ff82c8ca0", 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x7fd}, 0x8, 0x8) setresuid$auto(0x0, 0x0, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 5.024651657s ago: executing program 4 (id=1007): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(r0, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x40, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000140)='0[.[\x00', 0xcd04) r2 = socket(0x2, 0x1, 0x0) getsockopt$auto(r2, 0xfffffffc, 0x10b4, &(0x7f0000000400)='/dev/ptys4\x000yk\xd2V\x82\xd0\x9fW|U\x06\x9a-L\x85\xeb\x9fWha\x00\xfb\x84\x11v\x06\x99\xb2\xfb=\xb3Z\x87\xbe\xba\x0f\x14\x93\xd1[\x9a\x11V\xc2A\xa8\xc9N\tz;\x1f\xcaH\xa4\xd7\x8bh\x1ff\xa14b\x19\xf1\xc0\f\x86\xbamy\xe1\xac\xfcE\xf9Skm\xe0/*\x82\xb0H\x91\xfd\xdfh\xb8*\xb95\x0e\xa339\xccv\n`\xa9\x84\xff=\xday\x83\x8f*`(\xdc\xc6\xb0\t\xa6;\x84\x96\xb94\x87}\x92\xc9\xd0x\xcfCS\xee\xdd\xd7k\xc6\x1d\x99e{f\'\xf4\xe2d\xe5{g{\x89\xf4|0\x81\x03\x9a\xb3\x80\xa7f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,v\xf58\x83\xcf\xc5D\xcc', 0x100000a3d9) recvmmsg$auto(r0, &(0x7f0000000240)={{&(0x7f00000000c0)="be9c33df5c8c353735ae9f0e59896ce734a2947de470705514969d5d39224c22b3e740f3eb49f4caac69d2876cd1c27ee4a8a6f1800b38e925041b8cb1a698e738fa874547d44e0a4a5cb5a7cfae9a5940c7d0294ba5e07d0a0e1fc49e31effbba8d3c76977c377b68625c5c083983cea584", 0x7, &(0x7f0000000200)={&(0x7f00000001c0)="76afa3c1fd10f38db0dd5c8d0e58ae3a6495bcaad4f3c263d15f2b932ecf25bf0b87101b7f7a715a9184db333d581b8caaba407596", 0x2}, 0x6, 0x0, 0x7, 0x2}, 0x9}, 0x7, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4e20, @loopback}, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000007c0)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3a8935ae}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) connect$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x802000c, 0x8, 0x10, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r3, 0x0, 0x100000001, 0x100) readv$auto(0x3, 0x0, 0x4) unshare$auto(0x40000080) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x1f40) r5 = socket(0x15, 0x5, 0x3) getsockopt$auto(r5, 0x114, 0x5, 0xfffffffffffffffc, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$auto(0x0, 0x0, 0x0, 0x100000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/018/001\x00', 0x100, 0x0) capset$auto(0x0, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) 3.634865357s ago: executing program 0 (id=1012): mmap$auto(0x10000000000000, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) prctl$auto(0x41555856, 0xc, 0x2008, 0x0, 0x0) r0 = socket(0xa, 0x3, 0x3a) ioctl$auto(r0, 0x890c, 0x1) 3.525677533s ago: executing program 4 (id=1013): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x4) ustat$auto(0x7ff, 0x0) mmap$auto(0x10000000000000, 0x20005, 0x4000000000df, 0xeb1, 0x8, 0x8000) 3.421673977s ago: executing program 0 (id=1014): close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x89e0, 0x91) ioctl$auto(0x3, 0x89e1, 0x91) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x2, 0x73) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"]) ioctl$auto(r0, 0x4004550c, r0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) accept$auto(0x3, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x18, r2, 0x1, 0x60bd27, 0x25dfdbfa, {0x4, 0x0, 0x1f}}, 0x18}, 0x1, 0x0, 0x0, 0x4800}, 0x240440a0) 3.195049394s ago: executing program 4 (id=1015): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {0x1, 0x0, 0x6000}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x80) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x8000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x4ab00, 0x0) 2.899281781s ago: executing program 1 (id=1016): clone$auto(0x716, 0x69a000, &(0x7f0000000040)=0xfffeffff, &(0x7f0000000080)=0x40, 0x20d) openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/clk/clk_orphan_summary\x00', 0x80, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x208080, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000100)="3e9293563587b09704f15b6dab42eb2086baf963e96858ca2255c023525dc53853e8c2e832f5ce14940ab703973a2b3cc28007258dc0777a43bdf89a05a6590098866a035764760b5d437939d4de7d1f6d341b412c7096976f09949b64636f7c484fddfec4c41978e3856792d6ab4e5286b82892b0f351be064045c95a1fe3728bbde550d9897190a27727efba0f486026fa30f259cf477ab52e2a98d272a436d8d67c246c7140c93ca40c52e8666d51") readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x7}, 0x1) clone$auto(0x716, 0x69a000, &(0x7f0000000040)=0xfffeffff, &(0x7f0000000080)=0x40, 0x20d) (async) openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/clk/clk_orphan_summary\x00', 0x80, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x208080, 0x0) (async) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000100)="3e9293563587b09704f15b6dab42eb2086baf963e96858ca2255c023525dc53853e8c2e832f5ce14940ab703973a2b3cc28007258dc0777a43bdf89a05a6590098866a035764760b5d437939d4de7d1f6d341b412c7096976f09949b64636f7c484fddfec4c41978e3856792d6ab4e5286b82892b0f351be064045c95a1fe3728bbde550d9897190a27727efba0f486026fa30f259cf477ab52e2a98d272a436d8d67c246c7140c93ca40c52e8666d51") (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x7}, 0x1) (async) 2.835265188s ago: executing program 0 (id=1017): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x1, 0x1ff, 0x100, 0x83, 0x101, 0x6, 0x6}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x876c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) mremap$auto(0x200000000000, 0x40000000004, 0x8, 0x3, 0x100000021) 2.814897714s ago: executing program 4 (id=1018): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) ioctl$auto_tracing_buffers_fops_trace(r0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001640), r1) mmap$auto(0x12, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r3, 0x0, 0x1f40) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0xa0082, 0x0) ioctl$auto_SOUND_MIXER_WRITE_RECSRC2(r2, 0xc0044dff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80800, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a7042, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x18b202, 0x0) pread64$auto(r5, 0x0, 0x100000001, 0x96) mmap$auto(0x411, 0x0, 0x7, 0xeb1, 0x404, 0x10008000) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r8 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e21, @remote}, 0x6a) recvmmsg$auto(r7, 0x0, 0x10000, 0x8, 0x0) sendmsg$auto(r8, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) 2.36859687s ago: executing program 0 (id=1019): ioctl$auto_BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000011c0)={@inferred=0xffffffffffffffff, 0x5, 0xb, @btrfs_ioctl_vol_args_v2_3_0={0x6, &(0x7f0000000140)={0x0, 0x1000, 0x1000, 0x10, {0x10000, 0xffffffffffffffff, 0x8001, 0x4, 0xf9}}}, @devid=0xffff}) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) writev$auto(r1, &(0x7f0000000140)={&(0x7f0000002ac0), 0xe4}, 0x4) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x143e02, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/007/001\x00', 0x40000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0xc00009}, 0x5, 0x20000000) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r4 = io_uring_setup$auto(0x1, 0x0) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, 0x0) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b9b3f3063", 0x26) r6 = fcntl$auto_F_DUPFD(r4, 0x0, r3) readv$auto(r6, 0x0, 0x11) r7 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(r7, 0x400, 0x1) socket(0xa, 0x5, 0x2) fcntl$auto(0x3, 0x8, 0x0) r8 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x1ff, 0x1000, 0x2beb80, 0x8001) write$auto(r8, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mprotect$auto(0x200000000000, 0x806121, 0x6) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) r9 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sr0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r9, 0x28000) openat$auto_trace_time_stamp_mode_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/timestamp_mode\x00', 0x101800, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x890006, 0x3ff, 0x8000000008012, r2, 0x8000) preadv2$auto(r2, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 2.072917132s ago: executing program 2 (id=1020): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r0, 0x0, 0x3ff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x88841, 0x0) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/neigh/veth1_to_bridge/base_reachable_time\x00', 0x101202, 0x0) socket(0x2c, 0x3, 0x9) fcntl$auto(0x0, 0x407, 0x100000) 1.99738184s ago: executing program 1 (id=1021): r0 = prctl$auto_PR_SET_MM_ARG_END(0x4, 0x9, 0x0, 0x9, 0x7) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={"d4a2ec1b3b1d358fd4d9be9cc53847abe7e1aae2de83790b0d0ee7538b795762", 0x1, 0x10001, 0x81, 0x4, 0x6, 0x0}) ioctl$auto_XFS_IOC_ALLOCSP(r0, 0x4030580a, &(0x7f0000000080)={0x40, 0x3, 0x6, 0x3, 0x2, r1}) sendmsg$auto(r0, &(0x7f0000000340)={&(0x7f00000000c0)="fca8fdb0ec16c1d051cd932c5daf1899e5d0795558059f1866f881ef1001630a828cd4f1e452ca435172733697fb9a7b2fc517d41e9046fb282b3c94ca934fb3776b08f683221142282857d565241e0aebe1c4ffab88ca36df768a75b7949782f0593e68fed83994970e0785e1340b433259c360b378d5f890f764ca038a5d3f5841f8067234cb17e6ea3561f401f4fbd900ceebb423cdb6c1b66579f9b693c0f3dfe661392350f582db4b430a7d5135719d233aea", 0x101, &(0x7f0000000200)={&(0x7f0000000180)="def090d504f8a475399acababa5d588c1499027b62dc4e51fd862fcb461855cc264a4c4648aa46ab31fe6d07cd6a4b16217ef6621dc146cc02b5b72f7e3dab63f8e4df17b6e2dcbbb00c1492ae90b557ccd0b0f101a1a2405924", 0x8}, 0x6, &(0x7f0000000240)="c9eae136a64b34da60912ac916b62a896c72a92639818b489540a41dbe748210fcd9332cf1e65fa5f739e2d690106d738c3a294249e9cf2e58b886c5071e585040d23b993e0a4aaee35b76dac1e0593c930d8b83b396615a12a2a33791ea1137b0dfe0e78ae69465d4e326fdb72e9b1969c0e4f3934439c8fdaadb05c7740cce4e0269901cf32b399bcc898121efafedaf6a32a3b6758fb9bbb0038d32d8aebdb6c150d251c4a9150dad5e61e614e52c27fb419e2646491dc7f8ae81be79756b497802727de6628585d9ff1ec80b9f4c00dddfe80003ffbe4aff6f0d988664fc01d8ebb2ef682e6d", 0x1, 0x1}, 0x6) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r0, 0x81, &(0x7f00000003c0)={@siginfo_0_0={0x3ff, 0x1000, 0xe, @_timer={r1, 0x9, @sival_ptr=&(0x7f0000000380)="5a0146fff7cc0cba80e41d78ef113c68899fa1b86c9908eabb", 0x6}}}, 0x4) select$auto(0xf, &(0x7f0000000440)={[0x7, 0x4, 0x6, 0x40, 0x5, 0xa47, 0x110, 0xffffffffffff9519, 0x4, 0x1, 0xf, 0x0, 0x5, 0x1, 0x7]}, &(0x7f00000004c0)={[0x3, 0x8fc5, 0x5, 0x16b, 0x10001, 0x9, 0x0, 0x4, 0x4, 0x8, 0xffff, 0x10001, 0x7, 0x7, 0xe, 0x40000000000000]}, &(0x7f0000000540)={[0x0, 0x4, 0x4, 0x400, 0x72b1, 0x0, 0xf5, 0x7f, 0x400080000000, 0x4, 0x101, 0xfffffffffffffff9, 0x8, 0xfffffffffffff800, 0x0, 0xd1]}, &(0x7f00000005c0)={0x6b7, 0x1}) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000600)='/dev/loop9\x00', 0x701802, 0x0) r5 = ioctl$auto_NS_GET_OWNER_UID(r0, 0xb704, 0x0) bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000640)=@enable_stats={0x6}, 0x7) ioctl$auto_SNDCTL_TMR_START(r5, 0x5402, &(0x7f0000000700)="f0726c7198dbf927afd733b15865bd4cf7eb1a725773e1bce43fdcb48b91b2775350554d3e440c115b349cebbc526cb26113180e1391ff8520f72dea40177445c75e1b6390c668a4e53ef8831845e5a66cc223a5e8fac1bafc8e5ab42cf8a74bb8541cfb28c59abbe1ae9c1c43a2f58ad7530502bb3f2867ba58797711b8042a2780b29324e3b19ca7f857351a3f2d3d16a32b7b85d5d89957a48c3ca208fe64bbb98c9a4cb7e30f445b761f3ffef6534e57c64e7be822f41e941eadf916984c1e2c9c6ae05ba0ced323e9bfd14db48ca5e51ae5f0026e2c50dd27ca4c4af2e3fe4df64cde00b0291887bbcc5ee72117c8fff498950613d00a0e753998b27f84812b8f2ae41e1943cb59bb2244a89ddc39897b572c88bb78b57031bdff63e0cd2a0d18f8e3a9df773e58ef3294763344374cab0494a43d73a72c722b490d3063d92e0c6fbb3064fb2edf27f5e11c20870d42be14862764d1640b5d34fe1b530191866010c19ec0a9467046b1cd6641adf22137e92d773f751b395d6205426ca748d3c5f3caaf750f5df3baaf03cb99cee0b72d52fd119b557bc250b8282d68b699bfe14a37795d5a26bdce1b53d1cc28461b15c8b3e6aae2bdb134e6711361baa0966202e9afcaccb0dfe386dfd2796fe9a4a421ba95efb3f9e242e74fe81d0e9a5973423dcbe09d4d42072d56322049e913c0ae11243a6c5438e9dadab132781fcc7c6dacf19f42f2b62e9f1ff5697db3f73548485de715d4714cd4467f55532854b33999b4484ce944d42d88a792d3617dca293828ebaf5aa8958a69ab07210ad1a698dea620ed04c76b2364cd978fe54991466b860cab7be89a31f104e910fa7ab456f0804f13a898bcb69abc684aecabf8b783a25aa4e92225d1437fdd94fe476e762e3a899aa9b72419b571f4cdbb61e1d884ca3496078bddfbc67811612dfc1abe1966b58094744669fe0dd3d478bd64ca44f9345ae98072fb14fb1c847d63173e8e4da28c905ace7889669d380da5981d41121784252956f43ee4fda1f09c37c9046c3296ac50185c277c2534b2c6d5f91716653842da7eaa365597db0276ae0c66f5337ec7ca5829d8d00581d0e61bf756cfe6bed6116327b5b84188aa4f6216a4e92bbb39bd311e21fa0cfa39433aa33c08e19929100f20787a8a912158caa82ae85204371674f3718ac3d021ff693c9ff1762bfb790104d5e35219ba7573756584c9d805360adfd98ee1239a76d1e1dfacf90484da56bc197b89925704a3db61631a98fdd954ba4776c415e1aa4c031a6cad30c71ce36d26e5d4cefcc7d19c09e8c562752f80be17e7001ea3eb10a1e57d38198cf1a94485510f655bd9cd256804a37acb2f32406255a90fa6b44d45b6cdc3bdc5edbdd3baf50ee50cd29863cdb7227477dfd95ac0d8b2de581dee35da9fc1ad59fd0940898f33bef394100d7275718bf611f6d27b037dddf7183e62f310d7f130fcb1c93c398ba51733e804a7209c979db99742fa2f282b2c4e701dab939d249d7ba580063f09a654ac85776f1da52edb313e655399c374a4e106dbcd6455a63d21f04ea4a403e29d9d6c162e3f3469e1291921f93f610511f0bdbcd24c9a9d49520b505e2ee209774daf6b9528f8e2495808de64ac4eeb10222edc044d1275409263be664f98cfe687432aa93b59b2f8333f483bbe74ba178e0e3c221694414b106072c301f8fa98584201213591e1b248a84301ed9bfb11539151c8c3a98c9df00175c03feaa856142a7b7f3f686c75ea067244aec3c947edab1c2d014d29ff54da9fd2d139e0da72db089b8f2056219f66074e5d64ac7b585f5406a7cf5a0c680d0ace9788fa410f56ccb0959c674bfe743a30d972984ab0512a17bea4c1c1f3aed626f8d018c764177589de2a4975b5d7ccfd2b73bc6c2aa59d8dd556e8095adb74baea74c6eb53ed6cd101e31c71954ac91fa926d4c8b895c2e514fd0a7a4451cfda3bc70b54730662a6fe07d35b7b702c4b6a291b4cb1f1ec7376c122f358788059ef3d6f43daca58c557524a8bb585d449291fb9ce50c3e31c1f66542bfa37152c8dd82f2f8b0473c1ecee997855ef3a00a42492716a3922ad1b3915bb0805c2be8a80f300b42ff2b4e35ca665f2ab49eb8455cb52a31745e82c70308859582d58197dbf91188ab505f364c3588013f287d2f0dcccea13c185d4a9ad48cae4eb585dc2bf85487ec859a9229a8a3ea86f6077a62eaf8e540c9a7353625508d22e303fbf7e6be3141ee139331ba19a4e6eaed9d62835b69af2154b8b83467ef6615b31e967517d371812ff604df9ff2d567837c86cdf29b5e17da8f21419235f8603aa4e3d07b1bd3ce281ac9ac412864cfe0266f459c491b2f54323a54e00fc766c54117ec7d128610a19a59d5331bdcc191d63e25149b698bd1afd8f6b7c0429784d0cbd563a66f1225089487e451c31548d93e91fed48d7bf5c8a38eb83a54e68e3ae9bdf21d5cf4aa5fd836ec3e7696e0d7590152e913340c7599d38c8b0119883533b5296cdc08041de6864c8a193ebcdd3954d9f54accb9935afd3b9f2d6f37fcd89340eec35f617b55bf5f00ee5d9f459d313169a468c0236bf8b8bb368af4a20fd43d909d34b03dfc84d5b7b17ddf308066c1700421f2f6333707c39203fe7bab09a11be368136a1ad23ad8545bebfdd65bfb0d13ebfe2596cb5070afbee0031097c35f666761a103e138e5e9060754399ee59dbd4fb87436d8e72e9ad44ce1b2d59713a1a901f8d985a26ccfaa1df117ea86c6eb6366001aef72fa677b68ee34e363fb68799a1376f25b54523d39e21d576ebfd4c061f5b048cd014f66d1c98e75d254fefd5c72fe6b35bb0f1b992fefb4cd00d48460bc7f0dbe7444058ac7db86be087568a9311e552be9df93bb83c218c1679eae0e7960a639bddcd21c3fc032051121699b933ad04c3f3f37b17113ef36e309950302d7064fbb2cd7059e8598842094e2ae8a99bb137d49fed041572a05a1ff200bb346821a588d3305bb2991ef6cc053584f2bcb3836ec0f330c4869baed2440a2be3e9780898dea2807e62ae3d792ae8e27de3ab5e766a73952fe097d04291d9c97d6547e5bc8ecf1ff4af7c0377bd0e2fa2e407dce097871bf651e3f3634f661ba3d3165188282b8b4662fbdf8481b597adfbae24861eaf7efbc278ec2034308cb55092853c48cd21dc29863328dfceb2ba2016131c12f9d310f2aceed74432f86c7ee6b0d21c46ca10c5cd75321762eba81b2199b35e5dbc8fce022278447088237d6156e815474775935bf3089b3a692f155080cd325ab5ad1bf06928d27224f11f30aa115cd62ab3f15fc93d7b3f4db39b334b6521dae5eafd8719754a168386e26462486d22404067086e1ba034df249830c33974a004f0003873a3979f6a34c575a65a6240c1b9f99487e4c95bbf87d9da86ed71d3fb5491794884052d1ea2086f5ec725b4939272baa1a48e95b992cac1c2fc9a81d82660c67d4597ec7162136141fd207f41cb9162a229e58507c9c7809c9646e709f10613cd1d44630f046302b820741fe18877f86f52974e41cbc8def0159dbe11bbcb83620824661120499200c161e114016963e6096764c090c7a5b3ab74fb5749b8323c2b6878639aa04bc8106aed410bc50db8a911e5a7f74833a77abbb4691cec7f593f0fbb966dbce564773a4ef39d0a414058fe99a20aa57be09ccaeed525ffc26d128386073e8e83788bbdce589e55dd0e6f00dd2768d9a0015c84255f61cc7e8258fb87cae988340e905b379d0810524b8a3c51d31839886899d57a51ffad68c52134f9882febd48d545ecbbb54dcd48397aeeed6ba544044feb42ac90633cdda93a449c922b46f49962cf53472455793827b1cdf2d1696cf02f15043c7674034e6331068f141cf197b39c7666c9f438cf80626e1f3afc27922940a4fc21f483a012b61cba612ad9b7fe5bdb3c038cefa1f175309f627267397487cd766e55cc7366f830894a7182ddcd6ff42b94598b7bde1ff255f49c5d1e7c0e9e80484b12dedda9d9bf88acd6fef48dd9193a31fa7380ec276b684cf0177700e5ee649f919858bf60521f0554dfce295ff9af274f484746f2f22602736d6e87a5d26a1785553e08800a5ca2f8817a3cb9bf3bdbf871d9365b7df3a080140eb10e5b9f97a7b1dfc6042f249e49ac470ff2d435f76a5406082ac24633739af2e44b5b9dcf64acdad3274b91eb688b121f46a310fa1e97ac7836e615277a8bd3731e535abb8fa2b22e650a4a3bcf03242b20a3d5cef24fd41f39841ccc8bc8b4f351bf8e5e7c8912524c8ea630e8a9fd7279dc17cc0ecc896e5f39568d5a93600bde31387b514920c88b61c5769239417894869c88786acbb774dcf1544af74c4e0f149cc12b6fb21f103896201e54606a17160fcf404c53b1b6863d77ae30dae59985c160528cc9f20e2bf4984906259850fc74a300281e94b87cdc6a400c1f839dfb8cd2fa05cfdd80ad06d2838a1c3298623345a216739888049d871aa44cc0de8877216ff96d929d373c49f803c8edeadf0fa39d379b69e6ae76d298065b345252d05cc8829c768c13ba7dcc2f77d87e20b96eb664aabd59b4d5a1f130dd6815637b091fae502926df795610703f5d439f688f642377cf5fe892d0b56c6ac94b2b7a5221158f7ca238416591c1b560a8af8cc697f7780fcdf1c2aa70c3ec9a02ed08f575490125f07a705b16cd62c352f286b1a378faeebb6ccb3276b15e55b51afa9fd6dbabd24698e9e2ec0e93b2b4c908c590abc2202e5b24bdb247950556390a937f5302607c27b1072f9c8ca6119d02b11253f1fa8160ae5bc1cd8de31ebf52411677104f2e02fe6f481d7c13bf3245084ec825c223753953f0ff98aac2d0ad56247fc04d4810a174860f2215da08ca71a4f0e594fdf5743c617f04becc5f7e914be5e70bcbf5b3dba2662fab2e017a2f951fd99f78a2163deb2ab71dbad8383ec3e46d3ac7a657de337b6d9727414f737af8d4ab971a70097a1f314db8d327103133f98bee8476dc7d0c6c5dad7112d") io_uring_register$auto_IORING_REGISTER_CLONE_BUFFERS(r4, 0x1e, &(0x7f0000001700), 0x5) r6 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000001740)='/dev/vcsa\x00', 0x200001, 0x0) sendfile$auto(r6, r5, &(0x7f0000001780)=0x80000000, 0x60000) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f0000001900)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001800)={0xb4, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x9a, 0xbe, "685894cc97bfd51dde113e07d2247560e3bedaca48fb48786e0d301f09c13a94ad77e0504c6198e79b91b74600184451add82a1cef8ee62527617611ac9913d0ad8738bbde449ffb9435ba670571a58cfea1d3cef07695c483dedd4b62811f6728063a02747a4acce50610256ce9d6dc5db2b9fd362b0e2e3c17cc85deb247ec5c809c05e3c6cdf0e05134c2b1413a121da84dd7be70"}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20004004}, 0x40000050) setsockopt$auto_SO_DETACH_REUSEPORT_BPF(r6, 0x1, 0x44, &(0x7f0000001940)='/dev/loop9\x00', 0x3) r7 = syz_clone3(&(0x7f0000001bc0)={0x8080, &(0x7f0000001980)=0xffffffffffffffff, &(0x7f00000019c0), &(0x7f0000001a00), {0x1d}, &(0x7f0000001a40)=""/155, 0x9b, &(0x7f0000001b00)=""/89, &(0x7f0000001b80)=[r2, r1, r1], 0x3, {r5}}, 0x58) read$auto_ptdump_curknl_fops_(r5, &(0x7f0000001c40)=""/92, 0x5c) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000001cc0)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x0, 0x0) r9 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001d00), 0x440, 0x0) fcntl$auto_F_SETFL(r9, 0x4, 0x5000000000000000) r10 = ioctl$auto_userfaultfd_dev_fops_userfaultfd(r5, 0x5b2, &(0x7f0000001d40)="f6d160cc653127379f13e4aa2a16ac32ef5e494a85d1b133709e65941591a1e23513658329168372746d3c28cae2f79349aa00a2c5c1cef4be06557ed548991b6dbac2057fc8b7ea59f999ccbca4d0858737d032f26a758653539424151ec8cb95dc2e91e78ff6b7b93296afcc7365cc0fb6cb8e00e3977ef00078a9daa54af02c6f4acbabc7") getsid$auto(r1) ioctl$auto_SNDRV_PCM_IOCTL_LINK(r10, 0x40044160, &(0x7f0000001e00)=0xffffffff) acct$auto(&(0x7f0000001e40)='/dev/vcsa\x00') openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000001e80), 0x101800, 0x0) fsconfig$auto_FSCONFIG_CMD_CREATE_EXCL(r8, 0x8, &(0x7f0000001ec0)='/dev/loop9\x00', &(0x7f0000001f00)="3fc02b09616336df960a9ec634daee9d1c93cf983e0d7e615dbb73d13bcd7f12ddd27ff52d9f43a46464e6305e231acd7145aa5b95256a8ee585f49021c6f1e04c6b85483f1843a076cff172aeb5d7eceba0ef63493a357c3c3ef7ae6c070d3d5a898da4d5a9d181246ee0d99c2bae8172b3491f45ac091bb3091a2e582b314692590b", 0x6) socketpair$auto(0x9, 0x9, 0xfffffff8, &(0x7f0000001fc0)=0x200) msgctl$auto_MSG_INFO(0xfffffffc, 0xc, &(0x7f0000002080)={{0x5, 0xee00, 0xee01, 0x10, 0x3, 0x28}, &(0x7f0000002000)=0xd, &(0x7f0000002040), 0xffffffffffffffff, 0xc2, 0x9, 0x55, 0x3, 0xc, 0x2, 0xa, @inferred=r7, @raw=0x3}) rt_sigqueueinfo$auto(r3, 0x0, &(0x7f0000002100)={@siginfo_0_0={0xb, 0x1, 0xfffffffd, @_rt={r7, r11, @sival_int=0x9}}}) readv$auto(r4, &(0x7f0000002280)={&(0x7f0000002180)="510bccfe1f4476be1bf659fc637475002f6a5146fe91724f4fc6fcb4691520e6101cdf320421d4f535ee854ef2ea206ab3782df8615f4754a2c91465e2d3d137b1aa72746dcd50d89f8de085917367c799c64452c6dc8924f3a566e51349257ee162308a177e61926d1a0d87aa4b3373fbf24a30c25f2b2a4f1bfe1ce08485fc7c0b0adfd4ede739a8a4cf128217215dc0e8e8b0d694c7bfac9acca33567a7d633656ab434f5d5c3212ce7ac09ba9fadd761a30c9c2a26f1926129498759c7a4d762f6939fdaeb02e334dd04606aac55c912640d3c33141c49f90b55531159e09c4f65428428f3e57dfce0418e27513624e89cc7918dbe", 0x1}, 0x7a) 1.907760541s ago: executing program 1 (id=1022): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) setsockopt$auto(0xffffffffffffffff, 0x9, 0xff, &(0x7f00000002c0)='SEG6\x00', 0xeec) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(r2, &(0x7f0000000340)=""/253, 0xfd) ioctl$auto_SNDCTL_TMR_CONTINUE(r2, 0x5404, &(0x7f0000000040)="156186d667cd51ca7604ae3262d13686c56afd139ea81faf") bpf$auto(0x6, 0x0, 0x56) getsockopt$auto_SO_PASSCRED(0xffffffffffffffff, 0x1009, 0x10, 0x0, 0x0) gettid() openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) 1.737378461s ago: executing program 0 (id=1023): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) read$auto(r0, 0x0, 0x42) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000000e, 0x0) fsopen$auto(0x0, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x1, 0x2020009, 0x3, 0xebe, 0xfffffffffffffffa, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0xc01) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x23, 0x1, 0x2, 0xc, 0x0, 0x7fb, 0x0}) mmap$auto(0x0, 0x38, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) quotactl_fd$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0) getdents64$auto(0xffffffffffffffff, 0x0, 0x400) ioctl$auto_VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x3a) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) read$auto(0x3, 0x0, 0x1f40) read$auto(0x3, 0x0, 0x1f40) 1.591155029s ago: executing program 4 (id=1024): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x7ffffffde000, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) 1.193375016s ago: executing program 2 (id=1025): statx$auto(0xffffffffffffffff, 0x0, 0x2, 0x8004, &(0x7f0000000300)={0x7, 0x1, 0xfffffffffffffff9, 0x7, 0xffffffffffffffff, 0xffffffffffffffff, 0x3, 0x0, 0x401, 0x1, 0x5, 0x1fc, {0x80000001, 0xfb44}, {0x5, 0x8}, {0xffffffffffffffff, 0x1ff}, {0xffffffffffffff60, 0x9}, 0x2, 0x6, 0x80000000, 0x17e9, 0x709c, 0x101, 0x5, 0x938, 0x8, 0x5, 0xb6a, 0xdfc, [0x6, 0x200000000006, 0x80000001, 0x5, 0xffffffff, 0x1c9fb31b, 0xfffffffffffffff8, 0xe, 0x3]}) mmap$auto(0x2, 0xc00008, 0xdf, 0x800009b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/ext4/sda1/mb_groups\x00', 0x109180, 0x0) pread64$auto(r0, 0x0, 0x682c3390, 0xcff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0xe8) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/nr11/tx_queue_len\x00', 0x2000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc0c00, 0x0) adjtimex$auto(0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x2e241, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendmsg$auto_ILA_CMD_DEL(0xffffffffffffffff, 0x0, 0x88d4) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mbind$auto(0x2, 0x80, 0x3, &(0x7f0000000200)=0xff, 0x3, 0x3) prctl$auto(0x3e, 0x3, 0x0, 0x6, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x60000, 0x0) read$auto(0x3, 0x0, 0x80) r3 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r3, 0x0, 0x9) mknod$auto(&(0x7f0000000180)=':,\x00', 0x800, 0x4) 1.181357823s ago: executing program 4 (id=1026): socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000000)=0x1) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event\x00', 0x40800, 0x0) socket(0x21, 0x1, 0x100) r1 = socket(0x2, 0x80002, 0x73) getsockopt$auto_SO_RCVTIMEO_OLD(r1, 0x1, 0x14, &(0x7f0000000000)='\x00', &(0x7f0000000100)=0x68) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x29e4}, 0xe8) read$auto_fops_u8_(0xffffffffffffffff, &(0x7f0000001e40)=""/109, 0x6d) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x5, 0x15f4da0a, 0x100000000003, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(r3, 0x4, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100), 0x4) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1f9, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x4, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) pread64$auto(r0, &(0x7f0000002680)='/dev/snapshot\x00', 0x73528428, 0x3) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) setfsuid$auto(0x0) 769.589626ms ago: executing program 0 (id=1027): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x2, 0x7, 0xd, 0x2, 0x2, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r1 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) lseek$auto(0x3, 0xfffffffffffffffd, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) msync$auto(0x0, 0xe0, 0x6) r3 = io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x401, 0x15) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x2, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000080)={{@raw=0x7, 0x4, 0xfffff7bb, 0x2f, "984e784f697ebcc30053822c357eb55df43e9e037b650dfc7a3df9aa20e32749384f515111de5da4403cab68", @raw=0x7}, 0x200000, 0x1, 0x4, @raw=0x5, @enumerated={0x8, 0x0, "3544fac47a801d819cb534605db6a893115890fe4787b893bf2d3f312883af26fc4d92993388bae934e26fa2157468e873f1359a98377e7310a5f19b224938a6", 0xf}, "b210e8ae72f3052d09004297cc39fbd4fe51f972eb62ed41cec2ea5c1e45264907d818e9711e2b57cd159b796ab9e6c81a2f47680e3d2a7f677dccfd260d82fe"}) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram15\x00', 0x7e9d00, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) 699.484455ms ago: executing program 1 (id=1028): r0 = prctl$auto_PR_SET_MM_ARG_END(0x4, 0x9, 0x0, 0x9, 0x7) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={"d4a2ec1b3b1d358fd4d9be9cc53847abe7e1aae2de83790b0d0ee7538b795762", 0x1, 0x10001, 0x81, 0x4, 0x6, 0x0}) ioctl$auto_XFS_IOC_ALLOCSP(r0, 0x4030580a, &(0x7f0000000080)={0x40, 0x3, 0x6, 0x3, 0x2, r1}) sendmsg$auto(r0, &(0x7f0000000340)={&(0x7f00000000c0)="fca8fdb0ec16c1d051cd932c5daf1899e5d0795558059f1866f881ef1001630a828cd4f1e452ca435172733697fb9a7b2fc517d41e9046fb282b3c94ca934fb3776b08f683221142282857d565241e0aebe1c4ffab88ca36df768a75b7949782f0593e68fed83994970e0785e1340b433259c360b378d5f890f764ca038a5d3f5841f8067234cb17e6ea3561f401f4fbd900ceebb423cdb6c1b66579f9b693c0f3dfe661392350f582db4b430a7d5135719d233aea", 0x101, &(0x7f0000000200)={&(0x7f0000000180)="def090d504f8a475399acababa5d588c1499027b62dc4e51fd862fcb461855cc264a4c4648aa46ab31fe6d07cd6a4b16217ef6621dc146cc02b5b72f7e3dab63f8e4df17b6e2dcbbb00c1492ae90b557ccd0b0f101a1a2405924", 0x8}, 0x6, &(0x7f0000000240)="c9eae136a64b34da60912ac916b62a896c72a92639818b489540a41dbe748210fcd9332cf1e65fa5f739e2d690106d738c3a294249e9cf2e58b886c5071e585040d23b993e0a4aaee35b76dac1e0593c930d8b83b396615a12a2a33791ea1137b0dfe0e78ae69465d4e326fdb72e9b1969c0e4f3934439c8fdaadb05c7740cce4e0269901cf32b399bcc898121efafedaf6a32a3b6758fb9bbb0038d32d8aebdb6c150d251c4a9150dad5e61e614e52c27fb419e2646491dc7f8ae81be79756b497802727de6628585d9ff1ec80b9f4c00dddfe80003ffbe4aff6f0d988664fc01d8ebb2ef682e6d", 0x1, 0x1}, 0x6) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r0, 0x81, &(0x7f00000003c0)={@siginfo_0_0={0x3ff, 0x1000, 0xe, @_timer={r1, 0x9, @sival_ptr=&(0x7f0000000380)="5a0146fff7cc0cba80e41d78ef113c68899fa1b86c9908eabb", 0x6}}}, 0x4) select$auto(0xf, &(0x7f0000000440)={[0x7, 0x4, 0x6, 0x40, 0x5, 0xa47, 0x110, 0xffffffffffff9519, 0x4, 0x1, 0xf, 0x0, 0x5, 0x1, 0x7]}, &(0x7f00000004c0)={[0x3, 0x8fc5, 0x5, 0x16b, 0x10001, 0x9, 0x0, 0x4, 0x4, 0x8, 0xffff, 0x10001, 0x7, 0x7, 0xe, 0x40000000000000]}, &(0x7f0000000540)={[0x0, 0x4, 0x4, 0x400, 0x72b1, 0x0, 0xf5, 0x7f, 0x400080000000, 0x4, 0x101, 0xfffffffffffffff9, 0x8, 0xfffffffffffff800, 0x0, 0xd1]}, &(0x7f00000005c0)={0x6b7, 0x1}) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000600)='/dev/loop9\x00', 0x701802, 0x0) r5 = ioctl$auto_NS_GET_OWNER_UID(r0, 0xb704, 0x0) bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000640)=@enable_stats={0x6}, 0x7) ioctl$auto_SNDCTL_TMR_START(r5, 0x5402, &(0x7f0000000700)="f0726c7198dbf927afd733b15865bd4cf7eb1a725773e1bce43fdcb48b91b2775350554d3e440c115b349cebbc526cb26113180e1391ff8520f72dea40177445c75e1b6390c668a4e53ef8831845e5a66cc223a5e8fac1bafc8e5ab42cf8a74bb8541cfb28c59abbe1ae9c1c43a2f58ad7530502bb3f2867ba58797711b8042a2780b29324e3b19ca7f857351a3f2d3d16a32b7b85d5d89957a48c3ca208fe64bbb98c9a4cb7e30f445b761f3ffef6534e57c64e7be822f41e941eadf916984c1e2c9c6ae05ba0ced323e9bfd14db48ca5e51ae5f0026e2c50dd27ca4c4af2e3fe4df64cde00b0291887bbcc5ee72117c8fff498950613d00a0e753998b27f84812b8f2ae41e1943cb59bb2244a89ddc39897b572c88bb78b57031bdff63e0cd2a0d18f8e3a9df773e58ef3294763344374cab0494a43d73a72c722b490d3063d92e0c6fbb3064fb2edf27f5e11c20870d42be14862764d1640b5d34fe1b530191866010c19ec0a9467046b1cd6641adf22137e92d773f751b395d6205426ca748d3c5f3caaf750f5df3baaf03cb99cee0b72d52fd119b557bc250b8282d68b699bfe14a37795d5a26bdce1b53d1cc28461b15c8b3e6aae2bdb134e6711361baa0966202e9afcaccb0dfe386dfd2796fe9a4a421ba95efb3f9e242e74fe81d0e9a5973423dcbe09d4d42072d56322049e913c0ae11243a6c5438e9dadab132781fcc7c6dacf19f42f2b62e9f1ff5697db3f73548485de715d4714cd4467f55532854b33999b4484ce944d42d88a792d3617dca293828ebaf5aa8958a69ab07210ad1a698dea620ed04c76b2364cd978fe54991466b860cab7be89a31f104e910fa7ab456f0804f13a898bcb69abc684aecabf8b783a25aa4e92225d1437fdd94fe476e762e3a899aa9b72419b571f4cdbb61e1d884ca3496078bddfbc67811612dfc1abe1966b58094744669fe0dd3d478bd64ca44f9345ae98072fb14fb1c847d63173e8e4da28c905ace7889669d380da5981d41121784252956f43ee4fda1f09c37c9046c3296ac50185c277c2534b2c6d5f91716653842da7eaa365597db0276ae0c66f5337ec7ca5829d8d00581d0e61bf756cfe6bed6116327b5b84188aa4f6216a4e92bbb39bd311e21fa0cfa39433aa33c08e19929100f20787a8a912158caa82ae85204371674f3718ac3d021ff693c9ff1762bfb790104d5e35219ba7573756584c9d805360adfd98ee1239a76d1e1dfacf90484da56bc197b89925704a3db61631a98fdd954ba4776c415e1aa4c031a6cad30c71ce36d26e5d4cefcc7d19c09e8c562752f80be17e7001ea3eb10a1e57d38198cf1a94485510f655bd9cd256804a37acb2f32406255a90fa6b44d45b6cdc3bdc5edbdd3baf50ee50cd29863cdb7227477dfd95ac0d8b2de581dee35da9fc1ad59fd0940898f33bef394100d7275718bf611f6d27b037dddf7183e62f310d7f130fcb1c93c398ba51733e804a7209c979db99742fa2f282b2c4e701dab939d249d7ba580063f09a654ac85776f1da52edb313e655399c374a4e106dbcd6455a63d21f04ea4a403e29d9d6c162e3f3469e1291921f93f610511f0bdbcd24c9a9d49520b505e2ee209774daf6b9528f8e2495808de64ac4eeb10222edc044d1275409263be664f98cfe687432aa93b59b2f8333f483bbe74ba178e0e3c221694414b106072c301f8fa98584201213591e1b248a84301ed9bfb11539151c8c3a98c9df00175c03feaa856142a7b7f3f686c75ea067244aec3c947edab1c2d014d29ff54da9fd2d139e0da72db089b8f2056219f66074e5d64ac7b585f5406a7cf5a0c680d0ace9788fa410f56ccb0959c674bfe743a30d972984ab0512a17bea4c1c1f3aed626f8d018c764177589de2a4975b5d7ccfd2b73bc6c2aa59d8dd556e8095adb74baea74c6eb53ed6cd101e31c71954ac91fa926d4c8b895c2e514fd0a7a4451cfda3bc70b54730662a6fe07d35b7b702c4b6a291b4cb1f1ec7376c122f358788059ef3d6f43daca58c557524a8bb585d449291fb9ce50c3e31c1f66542bfa37152c8dd82f2f8b0473c1ecee997855ef3a00a42492716a3922ad1b3915bb0805c2be8a80f300b42ff2b4e35ca665f2ab49eb8455cb52a31745e82c70308859582d58197dbf91188ab505f364c3588013f287d2f0dcccea13c185d4a9ad48cae4eb585dc2bf85487ec859a9229a8a3ea86f6077a62eaf8e540c9a7353625508d22e303fbf7e6be3141ee139331ba19a4e6eaed9d62835b69af2154b8b83467ef6615b31e967517d371812ff604df9ff2d567837c86cdf29b5e17da8f21419235f8603aa4e3d07b1bd3ce281ac9ac412864cfe0266f459c491b2f54323a54e00fc766c54117ec7d128610a19a59d5331bdcc191d63e25149b698bd1afd8f6b7c0429784d0cbd563a66f1225089487e451c31548d93e91fed48d7bf5c8a38eb83a54e68e3ae9bdf21d5cf4aa5fd836ec3e7696e0d7590152e913340c7599d38c8b0119883533b5296cdc08041de6864c8a193ebcdd3954d9f54accb9935afd3b9f2d6f37fcd89340eec35f617b55bf5f00ee5d9f459d313169a468c0236bf8b8bb368af4a20fd43d909d34b03dfc84d5b7b17ddf308066c1700421f2f6333707c39203fe7bab09a11be368136a1ad23ad8545bebfdd65bfb0d13ebfe2596cb5070afbee0031097c35f666761a103e138e5e9060754399ee59dbd4fb87436d8e72e9ad44ce1b2d59713a1a901f8d985a26ccfaa1df117ea86c6eb6366001aef72fa677b68ee34e363fb68799a1376f25b54523d39e21d576ebfd4c061f5b048cd014f66d1c98e75d254fefd5c72fe6b35bb0f1b992fefb4cd00d48460bc7f0dbe7444058ac7db86be087568a9311e552be9df93bb83c218c1679eae0e7960a639bddcd21c3fc032051121699b933ad04c3f3f37b17113ef36e309950302d7064fbb2cd7059e8598842094e2ae8a99bb137d49fed041572a05a1ff200bb346821a588d3305bb2991ef6cc053584f2bcb3836ec0f330c4869baed2440a2be3e9780898dea2807e62ae3d792ae8e27de3ab5e766a73952fe097d04291d9c97d6547e5bc8ecf1ff4af7c0377bd0e2fa2e407dce097871bf651e3f3634f661ba3d3165188282b8b4662fbdf8481b597adfbae24861eaf7efbc278ec2034308cb55092853c48cd21dc29863328dfceb2ba2016131c12f9d310f2aceed74432f86c7ee6b0d21c46ca10c5cd75321762eba81b2199b35e5dbc8fce022278447088237d6156e815474775935bf3089b3a692f155080cd325ab5ad1bf06928d27224f11f30aa115cd62ab3f15fc93d7b3f4db39b334b6521dae5eafd8719754a168386e26462486d22404067086e1ba034df249830c33974a004f0003873a3979f6a34c575a65a6240c1b9f99487e4c95bbf87d9da86ed71d3fb5491794884052d1ea2086f5ec725b4939272baa1a48e95b992cac1c2fc9a81d82660c67d4597ec7162136141fd207f41cb9162a229e58507c9c7809c9646e709f10613cd1d44630f046302b820741fe18877f86f52974e41cbc8def0159dbe11bbcb83620824661120499200c161e114016963e6096764c090c7a5b3ab74fb5749b8323c2b6878639aa04bc8106aed410bc50db8a911e5a7f74833a77abbb4691cec7f593f0fbb966dbce564773a4ef39d0a414058fe99a20aa57be09ccaeed525ffc26d128386073e8e83788bbdce589e55dd0e6f00dd2768d9a0015c84255f61cc7e8258fb87cae988340e905b379d0810524b8a3c51d31839886899d57a51ffad68c52134f9882febd48d545ecbbb54dcd48397aeeed6ba544044feb42ac90633cdda93a449c922b46f49962cf53472455793827b1cdf2d1696cf02f15043c7674034e6331068f141cf197b39c7666c9f438cf80626e1f3afc27922940a4fc21f483a012b61cba612ad9b7fe5bdb3c038cefa1f175309f627267397487cd766e55cc7366f830894a7182ddcd6ff42b94598b7bde1ff255f49c5d1e7c0e9e80484b12dedda9d9bf88acd6fef48dd9193a31fa7380ec276b684cf0177700e5ee649f919858bf60521f0554dfce295ff9af274f484746f2f22602736d6e87a5d26a1785553e08800a5ca2f8817a3cb9bf3bdbf871d9365b7df3a080140eb10e5b9f97a7b1dfc6042f249e49ac470ff2d435f76a5406082ac24633739af2e44b5b9dcf64acdad3274b91eb688b121f46a310fa1e97ac7836e615277a8bd3731e535abb8fa2b22e650a4a3bcf03242b20a3d5cef24fd41f39841ccc8bc8b4f351bf8e5e7c8912524c8ea630e8a9fd7279dc17cc0ecc896e5f39568d5a93600bde31387b514920c88b61c5769239417894869c88786acbb774dcf1544af74c4e0f149cc12b6fb21f103896201e54606a17160fcf404c53b1b6863d77ae30dae59985c160528cc9f20e2bf4984906259850fc74a300281e94b87cdc6a400c1f839dfb8cd2fa05cfdd80ad06d2838a1c3298623345a216739888049d871aa44cc0de8877216ff96d929d373c49f803c8edeadf0fa39d379b69e6ae76d298065b345252d05cc8829c768c13ba7dcc2f77d87e20b96eb664aabd59b4d5a1f130dd6815637b091fae502926df795610703f5d439f688f642377cf5fe892d0b56c6ac94b2b7a5221158f7ca238416591c1b560a8af8cc697f7780fcdf1c2aa70c3ec9a02ed08f575490125f07a705b16cd62c352f286b1a378faeebb6ccb3276b15e55b51afa9fd6dbabd24698e9e2ec0e93b2b4c908c590abc2202e5b24bdb247950556390a937f5302607c27b1072f9c8ca6119d02b11253f1fa8160ae5bc1cd8de31ebf52411677104f2e02fe6f481d7c13bf3245084ec825c223753953f0ff98aac2d0ad56247fc04d4810a174860f2215da08ca71a4f0e594fdf5743c617f04becc5f7e914be5e70bcbf5b3dba2662fab2e017a2f951fd99f78a2163deb2ab71dbad8383ec3e46d3ac7a657de337b6d9727414f737af8d4ab971a70097a1f314db8d327103133f98bee8476dc7d0c6c5dad7112d4b6272dba4ee87bb50084b5f0cc367ee17372da9f5b6fdd3b3582d3333d13d7178d11b1481c15a1fad6fa307126bdbe165455a75fe905988a359aec7ef98ad9fcdfbafad556635575bba0f1f5723327755eb30e1eaed48c1d57bfba1ed17e05195008c15199d2a51baa9fa86ad75a0853fa331c8d5c56d7309513362279ab47cabbd22e951c1f574956845b7b285c036077f0e745fac9a557a86169afb0d2affd92783186d375885fb550e4bbabab692cfe7ee2e3b0e28dcd32870765bb40f28ec95a8aaf88986003d7c1f9cd96aad4643564ed5a4c7f84a9c7f76d5f8fee2dda55378cf54f552d6272703c3c1f9e72af6ce88b71d2d364680d42fd2c1cb886b") io_uring_register$auto_IORING_REGISTER_CLONE_BUFFERS(r4, 0x1e, &(0x7f0000001700), 0x5) r6 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000001740)='/dev/vcsa\x00', 0x200001, 0x0) sendfile$auto(r6, r5, &(0x7f0000001780)=0x80000000, 0x60000) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f0000001900)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001800)={0xb4, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x9a, 0xbe, "685894cc97bfd51dde113e07d2247560e3bedaca48fb48786e0d301f09c13a94ad77e0504c6198e79b91b74600184451add82a1cef8ee62527617611ac9913d0ad8738bbde449ffb9435ba670571a58cfea1d3cef07695c483dedd4b62811f6728063a02747a4acce50610256ce9d6dc5db2b9fd362b0e2e3c17cc85deb247ec5c809c05e3c6cdf0e05134c2b1413a121da84dd7be70"}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20004004}, 0x40000050) setsockopt$auto_SO_DETACH_REUSEPORT_BPF(r6, 0x1, 0x44, &(0x7f0000001940)='/dev/loop9\x00', 0x3) r7 = syz_clone3(&(0x7f0000001bc0)={0x8080, &(0x7f0000001980)=0xffffffffffffffff, &(0x7f00000019c0), &(0x7f0000001a00), {0x1d}, &(0x7f0000001a40)=""/155, 0x9b, &(0x7f0000001b00)=""/89, &(0x7f0000001b80)=[r2, r1, r1], 0x3, {r5}}, 0x58) read$auto_ptdump_curknl_fops_(r5, &(0x7f0000001c40)=""/92, 0x5c) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000001cc0)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x0, 0x0) r9 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000001d00), 0x440, 0x0) fcntl$auto_F_SETFL(r9, 0x4, 0x5000000000000000) r10 = ioctl$auto_userfaultfd_dev_fops_userfaultfd(r5, 0x5b2, &(0x7f0000001d40)="f6d160cc653127379f13e4aa2a16ac32ef5e494a85d1b133709e65941591a1e23513658329168372746d3c28cae2f79349aa00a2c5c1cef4be06557ed548991b6dbac2057fc8b7ea59f999ccbca4d0858737d032f26a758653539424151ec8cb95dc2e91e78ff6b7b93296afcc7365cc0fb6cb8e00e3977ef00078a9daa54af02c6f4acbabc7") getsid$auto(r1) ioctl$auto_SNDRV_PCM_IOCTL_LINK(r10, 0x40044160, &(0x7f0000001e00)=0xffffffff) acct$auto(&(0x7f0000001e40)='/dev/vcsa\x00') openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000001e80), 0x101800, 0x0) fsconfig$auto_FSCONFIG_CMD_CREATE_EXCL(r8, 0x8, &(0x7f0000001ec0)='/dev/loop9\x00', &(0x7f0000001f00)="3fc02b09616336df960a9ec634daee9d1c93cf983e0d7e615dbb73d13bcd7f12ddd27ff52d9f43a46464e6305e231acd7145aa5b95256a8ee585f49021c6f1e04c6b85483f1843a076cff172aeb5d7eceba0ef63493a357c3c3ef7ae6c070d3d5a898da4d5a9d181246ee0d99c2bae8172b3491f45ac091bb3091a2e582b314692590b", 0x6) socketpair$auto(0x9, 0x9, 0xfffffff8, &(0x7f0000001fc0)=0x200) msgctl$auto_MSG_INFO(0xfffffffc, 0xc, &(0x7f0000002080)={{0x5, 0xee00, 0xee01, 0x10, 0x3, 0x28}, &(0x7f0000002000)=0xd, &(0x7f0000002040), 0xffffffffffffffff, 0xc2, 0x9, 0x55, 0x3, 0xc, 0x2, 0xa, @inferred=r7, @raw=0x3}) rt_sigqueueinfo$auto(r3, 0x0, &(0x7f0000002100)={@siginfo_0_0={0xb, 0x1, 0xfffffffd, @_rt={r7, r11, @sival_int=0x9}}}) readv$auto(r4, &(0x7f0000002280)={&(0x7f0000002180)="510bccfe1f4476be1bf659fc637475002f6a5146fe91724f4fc6fcb4691520e6101cdf320421d4f535ee854ef2ea206ab3782df8615f4754a2c91465e2d3d137b1aa72746dcd50d89f8de085917367c799c64452c6dc8924f3a566e51349257ee162308a177e61926d1a0d87aa4b3373fbf24a30c25f2b2a4f1bfe1ce08485fc7c0b0adfd4ede739a8a4cf128217215dc0e8e8b0d694c7bfac9acca33567a7d633656ab434f5d5c3212ce7ac09ba9fadd761a30c9c2a26f1926129498759c7a4d762f6939fdaeb02e334dd04606aac55c912640d3c33141c49f90b55531159e09c4f65428428f3e57dfce0418e27513624e89cc7918dbe", 0x1}, 0x7a) 644.320741ms ago: executing program 1 (id=1029): socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000000)=0x1) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event\x00', 0x40800, 0x0) socket(0x21, 0x1, 0x100) r1 = socket(0x2, 0x80002, 0x73) getsockopt$auto_SO_RCVTIMEO_OLD(r1, 0x1, 0x14, &(0x7f0000000000)='\x00', &(0x7f0000000100)=0x68) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x29e4}, 0xe8) read$auto_fops_u8_(0xffffffffffffffff, &(0x7f0000001e40)=""/109, 0x6d) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x5, 0x15f4da0a, 0x100000000003, 0x3, 0x62, 0x1, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(r3, 0x4, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100), 0x4) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1f9, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x4, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) pread64$auto(r0, &(0x7f0000002680)='/dev/snapshot\x00', 0x73528428, 0x3) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 2 (id=1030): socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketcall$auto_SYS_LISTEN(0x4, &(0x7f0000000000)=0x1) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event\x00', 0x40800, 0x0) socket(0x21, 0x1, 0x100) r1 = socket(0x2, 0x80002, 0x73) getsockopt$auto_SO_RCVTIMEO_OLD(r1, 0x1, 0x14, &(0x7f0000000000)='\x00', &(0x7f0000000100)=0x68) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x29e4}, 0xe8) read$auto_fops_u8_(0xffffffffffffffff, &(0x7f0000001e40)=""/109, 0x6d) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x5, 0x15f4da0a, 0x100000000003, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(r3, 0x4, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100), 0x4) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1f9, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x4, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) pread64$auto(r0, &(0x7f0000002680)='/dev/snapshot\x00', 0x73528428, 0x3) (fail_nth: 2) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) setfsuid$auto(0x0) kernel console output (not intermixed with test programs): 8/2025 [ 239.135692][ T8210] Call Trace: [ 239.135700][ T8210] [ 239.135710][ T8210] dump_stack_lvl+0x16c/0x1f0 [ 239.135749][ T8210] should_fail_ex+0x512/0x640 [ 239.135784][ T8210] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 239.135818][ T8210] should_failslab+0xc2/0x120 [ 239.135848][ T8210] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 239.135878][ T8210] ? proc_alloc_inode+0x25/0x200 [ 239.135913][ T8210] ? __pfx_proc_alloc_inode+0x10/0x10 [ 239.135942][ T8210] proc_alloc_inode+0x25/0x200 [ 239.135970][ T8210] alloc_inode+0x61/0x240 [ 239.136004][ T8210] new_inode+0x22/0x1c0 [ 239.136034][ T8210] ? proc_lookup_de+0x201/0x360 [ 239.136071][ T8210] proc_get_inode+0x1d/0x780 [ 239.136111][ T8210] proc_lookup_de+0x236/0x360 [ 239.136151][ T8210] proc_lookup+0xcf/0x110 [ 239.136184][ T8210] proc_root_lookup+0x3b/0x70 [ 239.136219][ T8210] __lookup_slow+0x251/0x460 [ 239.136257][ T8210] ? __pfx___lookup_slow+0x10/0x10 [ 239.136317][ T8210] ? lookup_fast+0x156/0x610 [ 239.136347][ T8210] walk_component+0x353/0x5b0 [ 239.136375][ T8210] link_path_walk+0x627/0xe20 [ 239.136415][ T8210] path_openat+0x1b0/0x2cb0 [ 239.136441][ T8210] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.136479][ T8210] ? __pfx_path_openat+0x10/0x10 [ 239.136518][ T8210] do_filp_open+0x20b/0x470 [ 239.136548][ T8210] ? __pfx_do_filp_open+0x10/0x10 [ 239.136604][ T8210] ? alloc_fd+0x471/0x7d0 [ 239.136640][ T8210] do_sys_openat2+0x11b/0x1d0 [ 239.136676][ T8210] ? __pfx_do_sys_openat2+0x10/0x10 [ 239.136715][ T8210] ? __fget_files+0x20e/0x3c0 [ 239.136751][ T8210] __x64_sys_openat+0x174/0x210 [ 239.136774][ T8210] ? __pfx___x64_sys_openat+0x10/0x10 [ 239.136794][ T8210] ? ksys_write+0x1ac/0x250 [ 239.136848][ T8210] do_syscall_64+0xcd/0x4c0 [ 239.136873][ T8210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.136897][ T8210] RIP: 0033:0x7f657d38eba9 [ 239.136917][ T8210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.136940][ T8210] RSP: 002b:00007f657b5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 239.136963][ T8210] RAX: ffffffffffffffda RBX: 00007f657d5d5fa0 RCX: 00007f657d38eba9 [ 239.136980][ T8210] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 239.136996][ T8210] RBP: 00007f657b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 239.137011][ T8210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.137025][ T8210] R13: 00007f657d5d6038 R14: 00007f657d5d5fa0 R15: 00007ffca27d2748 [ 239.137060][ T8210] [ 239.411174][ C1] vkms_vblank_simulate: vblank timer overrun [ 239.917154][ T8219] FAULT_INJECTION: forcing a failure. [ 239.917154][ T8219] name failslab, interval 1, probability 0, space 0, times 0 [ 239.949454][ T8219] CPU: 1 UID: 0 PID: 8219 Comm: syz.2.547 Not tainted syzkaller #0 PREEMPT(full) [ 239.949491][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 239.949506][ T8219] Call Trace: [ 239.949515][ T8219] [ 239.949525][ T8219] dump_stack_lvl+0x16c/0x1f0 [ 239.949568][ T8219] should_fail_ex+0x512/0x640 [ 239.949605][ T8219] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 239.949634][ T8219] should_failslab+0xc2/0x120 [ 239.949667][ T8219] __kmalloc_cache_noprof+0x6a/0x3e0 [ 239.949693][ T8219] ? rcu_is_watching+0x12/0xc0 [ 239.949718][ T8219] ? single_open+0x4d/0x1f0 [ 239.949751][ T8219] ? __pfx_apparmor_file_open+0x10/0x10 [ 239.949782][ T8219] ? __pfx_irq_effective_aff_proc_show+0x10/0x10 [ 239.949828][ T8219] single_open+0x4d/0x1f0 [ 239.949863][ T8219] ? __pfx_proc_single_open+0x10/0x10 [ 239.949895][ T8219] proc_reg_open+0x2ab/0x5f0 [ 239.949926][ T8219] do_dentry_open+0x97f/0x1530 [ 239.949957][ T8219] ? __pfx_proc_reg_open+0x10/0x10 [ 239.949994][ T8219] vfs_open+0x82/0x3f0 [ 239.950031][ T8219] path_openat+0x1de4/0x2cb0 [ 239.950071][ T8219] ? __pfx_path_openat+0x10/0x10 [ 239.950109][ T8219] do_filp_open+0x20b/0x470 [ 239.950138][ T8219] ? __pfx_do_filp_open+0x10/0x10 [ 239.950192][ T8219] ? alloc_fd+0x471/0x7d0 [ 239.950228][ T8219] do_sys_openat2+0x11b/0x1d0 [ 239.950264][ T8219] ? __pfx_do_sys_openat2+0x10/0x10 [ 239.950313][ T8219] __x64_sys_openat+0x174/0x210 [ 239.950336][ T8219] ? __pfx___x64_sys_openat+0x10/0x10 [ 239.950373][ T8219] do_syscall_64+0xcd/0x4c0 [ 239.950398][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.950424][ T8219] RIP: 0033:0x7f9d2078eba9 [ 239.950446][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.950473][ T8219] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 239.950498][ T8219] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 239.950517][ T8219] RDX: 0000000003000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 239.950534][ T8219] RBP: 00007f9d20811e19 R08: 0000000000000000 R09: 0000000000000000 [ 239.950547][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.950560][ T8219] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 239.950592][ T8219] [ 240.180018][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.904002][ T8220] CIFS: VFS: Invalid SecurityFlags: [ 241.079640][ T30] audit: type=1804 audit(41971.894:16): pid=8238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.552" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=28 res=1 errno=0 [ 241.322620][ T8241] netlink: 322 bytes leftover after parsing attributes in process `syz.2.553'. [ 241.349552][ T8241] netlink: 330 bytes leftover after parsing attributes in process `syz.2.553'. [ 241.391929][ T8241] netlink: 330 bytes leftover after parsing attributes in process `syz.2.553'. [ 241.429257][ T8241] netlink: 314 bytes leftover after parsing attributes in process `syz.2.553'. [ 242.300315][ T8262] binder: 8261:8262 ioctl 5380 2000000000c0 returned -22 [ 242.695000][ T8262] syz.1.560 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 242.708436][ T8262] capability: warning: `syz.1.560' uses 32-bit capabilities (legacy support in use) [ 242.819792][ T8262] sd 0:0:1:0: PR command failed: 1026 [ 242.856381][ T8262] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 242.872866][ T8262] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 243.552972][ T8286] bridge0: port 3(hsr0) entered blocking state [ 243.575647][ T8286] bridge0: port 3(hsr0) entered disabled state [ 243.582049][ T8286] hsr0: entered allmulticast mode [ 243.612305][ T8286] hsr_slave_0: entered allmulticast mode [ 243.617999][ T8286] hsr_slave_1: entered allmulticast mode [ 243.683384][ T8286] hsr0: entered promiscuous mode [ 243.702557][ T8286] bridge0: port 3(hsr0) entered blocking state [ 243.709151][ T8286] bridge0: port 3(hsr0) entered forwarding state [ 245.190906][ T8313] Invalid ELF header magic: != ELF [ 245.742679][ T8339] netlink: 40 bytes leftover after parsing attributes in process `syz.1.582'. [ 247.172327][ T8373] FAULT_INJECTION: forcing a failure. [ 247.172327][ T8373] name failslab, interval 1, probability 0, space 0, times 0 [ 247.185429][ T8373] CPU: 1 UID: 0 PID: 8373 Comm: syz.2.593 Not tainted syzkaller #0 PREEMPT(full) [ 247.185469][ T8373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 247.185496][ T8373] Call Trace: [ 247.185506][ T8373] [ 247.185516][ T8373] dump_stack_lvl+0x16c/0x1f0 [ 247.185555][ T8373] should_fail_ex+0x512/0x640 [ 247.185594][ T8373] ? fs_reclaim_acquire+0xae/0x150 [ 247.185633][ T8373] should_failslab+0xc2/0x120 [ 247.185670][ T8373] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 247.185701][ T8373] ? security_inode_alloc+0x3b/0x2b0 [ 247.185732][ T8373] security_inode_alloc+0x3b/0x2b0 [ 247.185763][ T8373] inode_init_always_gfp+0xce4/0x1030 [ 247.185800][ T8373] alloc_inode+0x86/0x240 [ 247.185831][ T8373] new_inode+0x22/0x1c0 [ 247.185858][ T8373] ? trace_cap_capable+0x18d/0x200 [ 247.185889][ T8373] shmem_get_inode+0x19a/0xfb0 [ 247.185930][ T8373] ? __vm_enough_memory+0x184/0x3f0 [ 247.185964][ T8373] __shmem_file_setup+0x279/0x330 [ 247.185992][ T8373] shmem_zero_setup+0x93/0x1a0 [ 247.186025][ T8373] __mmap_region+0x2081/0x27b0 [ 247.186066][ T8373] ? lock_acquire+0x179/0x350 [ 247.186098][ T8373] ? __pfx___mmap_region+0x10/0x10 [ 247.186136][ T8373] ? lockdep_hardirqs_on+0x7c/0x110 [ 247.186171][ T8373] ? finish_task_switch.isra.0+0x221/0xc10 [ 247.186196][ T8373] ? rcu_is_watching+0x12/0xc0 [ 247.186221][ T8373] ? trace_sched_exit_tp+0xd1/0x120 [ 247.186254][ T8373] ? __schedule+0x11a3/0x5de0 [ 247.186350][ T8373] ? mm_get_unmapped_area+0x95/0xe0 [ 247.186390][ T8373] mmap_region+0x1ab/0x3f0 [ 247.186417][ T8373] ? __get_unmapped_area+0x267/0x440 [ 247.186452][ T8373] do_mmap+0xa3e/0x1210 [ 247.186499][ T8373] ? __pfx_do_mmap+0x10/0x10 [ 247.186540][ T8373] ? __pfx_down_write_killable+0x10/0x10 [ 247.186566][ T8373] ? find_held_lock+0x2b/0x80 [ 247.186598][ T8373] vm_mmap_pgoff+0x29e/0x470 [ 247.186642][ T8373] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 247.186675][ T8373] ? __do_sys_ustat+0x126/0x1f0 [ 247.186713][ T8373] ? __pfx___do_sys_ustat+0x10/0x10 [ 247.186756][ T8373] ? __x64_sys_futex+0x1e0/0x4c0 [ 247.186788][ T8373] ? __x64_sys_futex+0x1e9/0x4c0 [ 247.186824][ T8373] ksys_mmap_pgoff+0x7d/0x5c0 [ 247.186858][ T8373] ? xfd_validate_state+0x61/0x180 [ 247.186901][ T8373] __x64_sys_mmap+0x125/0x190 [ 247.186943][ T8373] do_syscall_64+0xcd/0x4c0 [ 247.186969][ T8373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.186995][ T8373] RIP: 0033:0x7f9d2078eba9 [ 247.187016][ T8373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.187041][ T8373] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 247.187076][ T8373] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 247.187094][ T8373] RDX: 00004000000000df RSI: 0000000000020005 RDI: 00000000bb230000 [ 247.187111][ T8373] RBP: 00007f9d20811e19 R08: 0000000000000008 R09: 0000000000008000 [ 247.187128][ T8373] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 247.187144][ T8373] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 247.187181][ T8373] [ 247.495638][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.700633][ T8379] FAULT_INJECTION: forcing a failure. [ 247.700633][ T8379] name failslab, interval 1, probability 0, space 0, times 0 [ 247.717332][ T8379] CPU: 1 UID: 0 PID: 8379 Comm: syz.2.595 Not tainted syzkaller #0 PREEMPT(full) [ 247.717365][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 247.717379][ T8379] Call Trace: [ 247.717386][ T8379] [ 247.717395][ T8379] dump_stack_lvl+0x16c/0x1f0 [ 247.717433][ T8379] should_fail_ex+0x512/0x640 [ 247.717468][ T8379] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 247.717500][ T8379] should_failslab+0xc2/0x120 [ 247.717531][ T8379] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 247.717561][ T8379] ? __kernfs_new_node+0xd2/0x8e0 [ 247.717598][ T8379] __kernfs_new_node+0xd2/0x8e0 [ 247.717634][ T8379] ? __pfx___kernfs_new_node+0x10/0x10 [ 247.717674][ T8379] ? find_held_lock+0x2b/0x80 [ 247.717700][ T8379] ? kernfs_root+0xee/0x2a0 [ 247.717738][ T8379] kernfs_new_node+0x13c/0x1e0 [ 247.717778][ T8379] __kernfs_create_file+0x53/0x350 [ 247.717808][ T8379] sysfs_add_file_mode_ns+0x207/0x3c0 [ 247.717847][ T8379] internal_create_group+0x578/0xf30 [ 247.717888][ T8379] ? __pfx_internal_create_group+0x10/0x10 [ 247.717924][ T8379] ? kernfs_create_link+0x1bd/0x240 [ 247.717955][ T8379] internal_create_groups+0x9d/0x150 [ 247.717991][ T8379] device_add+0xf30/0x1aa0 [ 247.718022][ T8379] ? __pfx_device_add+0x10/0x10 [ 247.718047][ T8379] ? lockdep_init_map_type+0x5c/0x280 [ 247.718072][ T8379] ? __init_waitqueue_head+0xca/0x150 [ 247.718117][ T8379] netdev_register_kobject+0x1a9/0x3d0 [ 247.718149][ T8379] register_netdevice+0x13dc/0x2270 [ 247.718182][ T8379] ? __pfx_register_netdevice+0x10/0x10 [ 247.718215][ T8379] ? __pfx_loopback_net_init+0x10/0x10 [ 247.718246][ T8379] register_netdev+0x34/0x50 [ 247.718270][ T8379] loopback_net_init+0x7a/0x170 [ 247.718309][ T8379] ? __pfx_loopback_net_init+0x10/0x10 [ 247.718337][ T8379] ops_init+0x1e2/0x5f0 [ 247.718364][ T8379] setup_net+0x10f/0x380 [ 247.718384][ T8379] ? lockdep_init_map_type+0x5c/0x280 [ 247.718417][ T8379] ? __pfx_setup_net+0x10/0x10 [ 247.718441][ T8379] ? debug_mutex_init+0x37/0x70 [ 247.718470][ T8379] copy_net_ns+0x2a6/0x5f0 [ 247.718499][ T8379] create_new_namespaces+0x3ea/0xa90 [ 247.718537][ T8379] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 247.718569][ T8379] ksys_unshare+0x45b/0xa40 [ 247.718602][ T8379] ? __pfx_ksys_unshare+0x10/0x10 [ 247.718636][ T8379] ? xfd_validate_state+0x61/0x180 [ 247.718681][ T8379] __x64_sys_unshare+0x31/0x40 [ 247.718712][ T8379] do_syscall_64+0xcd/0x4c0 [ 247.718738][ T8379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.718761][ T8379] RIP: 0033:0x7f9d2078eba9 [ 247.718782][ T8379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.718805][ T8379] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 247.718828][ T8379] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 247.718845][ T8379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 247.718859][ T8379] RBP: 00007f9d20811e19 R08: 0000000000000000 R09: 0000000000000000 [ 247.718874][ T8379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.718888][ T8379] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 247.718923][ T8379] [ 248.032433][ C1] vkms_vblank_simulate: vblank timer overrun [ 248.719516][ T8395] FAULT_INJECTION: forcing a failure. [ 248.719516][ T8395] name failslab, interval 1, probability 0, space 0, times 0 [ 248.732269][ T8395] CPU: 0 UID: 0 PID: 8395 Comm: syz.0.596 Not tainted syzkaller #0 PREEMPT(full) [ 248.732309][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 248.732323][ T8395] Call Trace: [ 248.732332][ T8395] [ 248.732342][ T8395] dump_stack_lvl+0x16c/0x1f0 [ 248.732382][ T8395] should_fail_ex+0x512/0x640 [ 248.732424][ T8395] should_failslab+0xc2/0x120 [ 248.732457][ T8395] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 248.732488][ T8395] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 248.732526][ T8395] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 248.732564][ T8395] idr_get_free+0x528/0xa30 [ 248.732613][ T8395] idr_alloc_u32+0x190/0x2f0 [ 248.732653][ T8395] ? __pfx_idr_alloc_u32+0x10/0x10 [ 248.732683][ T8395] ? do_raw_spin_lock+0x12c/0x2b0 [ 248.732721][ T8395] ? net_generic+0xea/0x2a0 [ 248.732762][ T8395] l2tp_tunnel_register+0xf8/0xbe0 [ 248.732789][ T8395] ? __pfx___debug_object_init+0x10/0x10 [ 248.732819][ T8395] ? sprintf+0xcc/0x100 [ 248.732851][ T8395] ? __pfx_l2tp_tunnel_register+0x10/0x10 [ 248.732885][ T8395] ? lockdep_init_map_type+0x5c/0x280 [ 248.732924][ T8395] ? lockdep_init_map_type+0x5c/0x280 [ 248.732962][ T8395] ? l2tp_tunnel_create+0x2cf/0x460 [ 248.732994][ T8395] ? l2tp_tunnel_create+0x37d/0x460 [ 248.733031][ T8395] pppol2tp_tunnel_get.constprop.0+0x3f0/0x540 [ 248.733062][ T8395] ? __pfx_pppol2tp_tunnel_get.constprop.0+0x10/0x10 [ 248.733112][ T8395] pppol2tp_connect+0xb1b/0x1ce0 [ 248.733145][ T8395] ? __pfx_pppol2tp_connect+0x10/0x10 [ 248.733170][ T8395] ? __pfx_tomoyo_socket_connect_permission+0x10/0x10 [ 248.733208][ T8395] ? __pfx_aa_sk_perm+0x10/0x10 [ 248.733250][ T8395] ? apparmor_socket_connect+0x100/0x1d0 [ 248.733279][ T8395] ? __pfx_pppol2tp_connect+0x10/0x10 [ 248.733303][ T8395] __sys_connect_file+0x141/0x1a0 [ 248.733339][ T8395] __sys_connect+0x13b/0x160 [ 248.733367][ T8395] ? __pfx___sys_connect+0x10/0x10 [ 248.733402][ T8395] ? __pfx_ksys_write+0x10/0x10 [ 248.733433][ T8395] __x64_sys_connect+0x72/0xb0 [ 248.733460][ T8395] ? lockdep_hardirqs_on+0x7c/0x110 [ 248.733490][ T8395] do_syscall_64+0xcd/0x4c0 [ 248.733512][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.733537][ T8395] RIP: 0033:0x7fc63f78eba9 [ 248.733556][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.733579][ T8395] RSP: 002b:00007fc640603038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 248.733603][ T8395] RAX: ffffffffffffffda RBX: 00007fc63f9d6090 RCX: 00007fc63f78eba9 [ 248.733619][ T8395] RDX: 000000000000003a RSI: 0000200000000000 RDI: 0000000000000007 [ 248.733632][ T8395] RBP: 00007fc640603090 R08: 0000000000000000 R09: 0000000000000000 [ 248.733646][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.733660][ T8395] R13: 00007fc63f9d6128 R14: 00007fc63f9d6090 R15: 00007ffc5c373e28 [ 248.733694][ T8395] [ 250.378263][ T8407] netlink: 342 bytes leftover after parsing attributes in process `syz.3.602'. [ 250.398566][ T8407] netlink: 342 bytes leftover after parsing attributes in process `syz.3.602'. [ 251.000355][ T5872] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 252.262234][ T8442] syz.1.610 uses obsolete (PF_INET,SOCK_PACKET) [ 252.333574][ T8450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 252.366855][ T8450] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 252.395880][ T8450] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 252.432213][ T8450] page_type: f5(slab) [ 252.442542][ T8450] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 252.464327][ T8450] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 252.481966][ T8450] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 252.491475][ T8450] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 252.503843][ T8450] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 252.541269][ T8450] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 252.567296][ T8450] page dumped because: unmovable page [ 252.598359][ T8450] page_owner tracks the page as allocated [ 252.604225][ T8450] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 252.671622][ T8450] post_alloc_hook+0x1c0/0x230 [ 252.683441][ T8450] get_page_from_freelist+0x132b/0x38e0 [ 252.717989][ T8450] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 252.732163][ T8450] alloc_pages_mpol+0x1fb/0x550 [ 252.751240][ T8450] new_slab+0x247/0x330 [ 252.763251][ T8450] ___slab_alloc+0xcf2/0x1750 [ 252.777634][ T8450] __slab_alloc.constprop.0+0x56/0xb0 [ 252.784349][ T8450] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 252.798128][ T8450] alloc_inode+0xc3/0x240 [ 252.802665][ T8450] iget_locked+0x2e4/0x830 [ 252.807667][ T8450] kernfs_get_inode+0x48/0x460 [ 252.812477][ T8450] kernfs_iop_lookup+0x1a7/0x2d0 [ 252.817831][ T8450] lookup_open.isra.0+0x4da/0x1580 [ 252.822989][ T8450] path_openat+0x893/0x2cb0 [ 252.827548][ T8450] do_filp_open+0x20b/0x470 [ 252.832636][ T8450] do_sys_openat2+0x11b/0x1d0 [ 252.837435][ T8450] page last free pid 1 tgid 1 stack trace: [ 252.843390][ T8450] __free_frozen_pages+0x7d5/0x10f0 [ 252.848666][ T8450] free_contig_range+0x183/0x4b0 [ 252.853675][ T8450] destroy_args+0x794/0xc10 [ 252.858459][ T8450] debug_vm_pgtable+0x1a32/0x3640 [ 252.863558][ T8450] do_one_initcall+0x120/0x6e0 [ 252.868529][ T8450] kernel_init_freeable+0x5c2/0x910 [ 252.873787][ T8450] kernel_init+0x1c/0x2b0 [ 252.880694][ T8450] ret_from_fork+0x56d/0x730 [ 252.885446][ T8450] ret_from_fork_asm+0x1a/0x30 [ 252.988902][ T5872] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 253.187893][ T1161] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.310216][ T1161] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.392974][ T1161] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.518783][ T8481] FAULT_INJECTION: forcing a failure. [ 253.518783][ T8481] name failslab, interval 1, probability 0, space 0, times 0 [ 253.567085][ T8481] CPU: 0 UID: 0 PID: 8481 Comm: syz.1.620 Not tainted syzkaller #0 PREEMPT(full) [ 253.567120][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 253.567135][ T8481] Call Trace: [ 253.567143][ T8481] [ 253.567152][ T8481] dump_stack_lvl+0x16c/0x1f0 [ 253.567193][ T8481] should_fail_ex+0x512/0x640 [ 253.567228][ T8481] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 253.567260][ T8481] should_failslab+0xc2/0x120 [ 253.567292][ T8481] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 253.567318][ T8481] ? __pfx_apparmor_file_open+0x10/0x10 [ 253.567346][ T8481] ? proc_reg_open+0x23f/0x5f0 [ 253.567381][ T8481] proc_reg_open+0x23f/0x5f0 [ 253.567414][ T8481] do_dentry_open+0x97f/0x1530 [ 253.567451][ T8481] ? __pfx_proc_reg_open+0x10/0x10 [ 253.567488][ T8481] vfs_open+0x82/0x3f0 [ 253.567527][ T8481] path_openat+0x1de4/0x2cb0 [ 253.567567][ T8481] ? __pfx_path_openat+0x10/0x10 [ 253.567605][ T8481] do_filp_open+0x20b/0x470 [ 253.567634][ T8481] ? __pfx_do_filp_open+0x10/0x10 [ 253.567685][ T8481] ? alloc_fd+0x471/0x7d0 [ 253.567721][ T8481] do_sys_openat2+0x11b/0x1d0 [ 253.567756][ T8481] ? __pfx_do_sys_openat2+0x10/0x10 [ 253.567794][ T8481] ? __fget_files+0x20e/0x3c0 [ 253.567826][ T8481] __x64_sys_openat+0x174/0x210 [ 253.567849][ T8481] ? __pfx___x64_sys_openat+0x10/0x10 [ 253.567869][ T8481] ? ksys_write+0x1ac/0x250 [ 253.567909][ T8481] do_syscall_64+0xcd/0x4c0 [ 253.567933][ T8481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.567957][ T8481] RIP: 0033:0x7f15beb8eba9 [ 253.567977][ T8481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.567999][ T8481] RSP: 002b:00007f15bfa62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 253.568022][ T8481] RAX: ffffffffffffffda RBX: 00007f15bedd5fa0 RCX: 00007f15beb8eba9 [ 253.568038][ T8481] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 253.568054][ T8481] RBP: 00007f15bfa62090 R08: 0000000000000000 R09: 0000000000000000 [ 253.568068][ T8481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.568083][ T8481] R13: 00007f15bedd6038 R14: 00007f15bedd5fa0 R15: 00007ffe6ab4dcd8 [ 253.568116][ T8481] [ 253.810687][ T8486] FAULT_INJECTION: forcing a failure. [ 253.810687][ T8486] name failslab, interval 1, probability 0, space 0, times 0 [ 253.823424][ T8486] CPU: 0 UID: 0 PID: 8486 Comm: syz.0.623 Not tainted syzkaller #0 PREEMPT(full) [ 253.823459][ T8486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 253.823475][ T8486] Call Trace: [ 253.823484][ T8486] [ 253.823494][ T8486] dump_stack_lvl+0x16c/0x1f0 [ 253.823538][ T8486] should_fail_ex+0x512/0x640 [ 253.823578][ T8486] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 253.823613][ T8486] should_failslab+0xc2/0x120 [ 253.823646][ T8486] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 253.823677][ T8486] ? seq_open+0x55/0x170 [ 253.823716][ T8486] ? __pfx_irq_effective_aff_proc_show+0x10/0x10 [ 253.823755][ T8486] seq_open+0x55/0x170 [ 253.823788][ T8486] ? __pfx_irq_effective_aff_proc_show+0x10/0x10 [ 253.823827][ T8486] single_open+0xfc/0x1f0 [ 253.823862][ T8486] ? __pfx_proc_single_open+0x10/0x10 [ 253.823899][ T8486] proc_reg_open+0x2ab/0x5f0 [ 253.823935][ T8486] do_dentry_open+0x97f/0x1530 [ 253.823967][ T8486] ? __pfx_proc_reg_open+0x10/0x10 [ 253.824007][ T8486] vfs_open+0x82/0x3f0 [ 253.824048][ T8486] path_openat+0x1de4/0x2cb0 [ 253.824090][ T8486] ? __pfx_path_openat+0x10/0x10 [ 253.824130][ T8486] do_filp_open+0x20b/0x470 [ 253.824162][ T8486] ? __pfx_do_filp_open+0x10/0x10 [ 253.824217][ T8486] ? alloc_fd+0x471/0x7d0 [ 253.824255][ T8486] do_sys_openat2+0x11b/0x1d0 [ 253.824292][ T8486] ? __pfx_do_sys_openat2+0x10/0x10 [ 253.824344][ T8486] __x64_sys_openat+0x174/0x210 [ 253.824368][ T8486] ? __pfx___x64_sys_openat+0x10/0x10 [ 253.824414][ T8486] do_syscall_64+0xcd/0x4c0 [ 253.824441][ T8486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.824467][ T8486] RIP: 0033:0x7fc63f78eba9 [ 253.824489][ T8486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.824514][ T8486] RSP: 002b:00007fc640624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 253.824539][ T8486] RAX: ffffffffffffffda RBX: 00007fc63f9d5fa0 RCX: 00007fc63f78eba9 [ 253.824557][ T8486] RDX: 0000000007000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 253.824574][ T8486] RBP: 00007fc63f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 253.824591][ T8486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 253.824607][ T8486] R13: 00007fc63f9d6038 R14: 00007fc63f9d5fa0 R15: 00007ffc5c373e28 [ 253.824641][ T8486] [ 254.074936][ T1161] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.095840][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 254.126896][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 254.140891][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 254.153648][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 254.322883][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 254.342378][ T5872] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 254.881443][ T1161] hsr0: left allmulticast mode [ 254.897182][ T1161] hsr_slave_0: left allmulticast mode [ 254.936116][ T1161] hsr_slave_1: left allmulticast mode [ 254.954850][ T1161] hsr0: left promiscuous mode [ 254.961877][ T1161] bridge0: port 3(hsr0) entered disabled state [ 255.056464][ T1161] bridge_slave_1: left allmulticast mode [ 255.062287][ T1161] bridge_slave_1: left promiscuous mode [ 255.075014][ T1161] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.100787][ T1161] bridge_slave_0: left allmulticast mode [ 255.115616][ T1161] bridge_slave_0: left promiscuous mode [ 255.149970][ T1161] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.264988][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.272504][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.598184][ T8519] netlink: 64 bytes leftover after parsing attributes in process `syz.0.629'. [ 256.395714][ T5872] Bluetooth: hci2: command tx timeout [ 256.697385][ T8538] vhci_hcd: invalid port number 16 [ 256.705015][ T8538] vhci_hcd: invalid port number 16 [ 257.071006][ T1161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.153682][ T1161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.172509][ T1161] bond0 (unregistering): Released all slaves [ 257.585963][ T8552] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 258.010830][ T8561] netlink: 12 bytes leftover after parsing attributes in process `syz.2.634'. [ 258.450545][ T5872] Bluetooth: hci2: command tx timeout [ 258.538037][ T8487] chnl_net:caif_netlink_parms(): no params data found [ 258.729926][ T8556] HfR: entered promiscuous mode [ 258.773428][ T8561] HfR: left promiscuous mode [ 259.370498][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.392261][ T8487] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.421192][ T8487] bridge_slave_0: entered allmulticast mode [ 259.438477][ T8487] bridge_slave_0: entered promiscuous mode [ 259.665817][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.682671][ T8487] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.691847][ T8487] bridge_slave_1: entered allmulticast mode [ 259.700117][ T8487] bridge_slave_1: entered promiscuous mode [ 259.760298][ T8590] binder: 8589:8590 ioctl c0306201 2000000000c0 returned -14 [ 259.818971][ T8487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 259.874440][ T8487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.998277][ T8487] team0: Port device team_slave_0 added [ 260.034886][ T1161] hsr_slave_0: left promiscuous mode [ 260.056550][ T1161] hsr_slave_1: left promiscuous mode [ 260.077230][ T1161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.084684][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.149641][ T1161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.177531][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 260.233886][ T1161] veth1_macvtap: left promiscuous mode [ 260.265693][ T1161] veth0_macvtap: left promiscuous mode [ 260.271766][ T1161] veth1_vlan: left promiscuous mode [ 260.285810][ T1161] veth0_vlan: left promiscuous mode [ 260.372850][ T8614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.644'. [ 260.514281][ T5872] Bluetooth: hci2: command tx timeout [ 260.745923][ T8613] Invalid ELF header magic: != ELF [ 261.849787][ T30] audit: type=1800 audit(41992.782:17): pid=8637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.645" name="features" dev="configfs" ino=19955 res=0 errno=0 [ 262.174290][ T8642] FAULT_INJECTION: forcing a failure. [ 262.174290][ T8642] name failslab, interval 1, probability 0, space 0, times 0 [ 262.226182][ T8642] CPU: 1 UID: 0 PID: 8642 Comm: syz.0.647 Not tainted syzkaller #0 PREEMPT(full) [ 262.226204][ T8642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 262.226213][ T8642] Call Trace: [ 262.226218][ T8642] [ 262.226224][ T8642] dump_stack_lvl+0x16c/0x1f0 [ 262.226250][ T8642] should_fail_ex+0x512/0x640 [ 262.226271][ T8642] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 262.226291][ T8642] should_failslab+0xc2/0x120 [ 262.226310][ T8642] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 262.226326][ T8642] ? ptlock_alloc+0x1f/0x70 [ 262.226343][ T8642] ptlock_alloc+0x1f/0x70 [ 262.226356][ T8642] pte_alloc_one+0x82/0x3a0 [ 262.226372][ T8642] __pte_alloc+0x6d/0x3c0 [ 262.226391][ T8642] ? __pfx___pte_alloc+0x10/0x10 [ 262.226408][ T8642] ? __pfx___might_resched+0x10/0x10 [ 262.226423][ T8642] ? copy_page_range+0x1fa8/0x5c80 [ 262.226439][ T8642] copy_page_range+0x3b83/0x5c80 [ 262.226476][ T8642] ? __pfx_copy_page_range+0x10/0x10 [ 262.226497][ T8642] ? __pfx___might_resched+0x10/0x10 [ 262.226509][ T8642] ? __pfx_mas_store+0x10/0x10 [ 262.226522][ T8642] ? __vma_enter_locked+0x163/0x3f0 [ 262.226538][ T8642] ? dup_mmap+0xe38/0x21d0 [ 262.226557][ T8642] ? down_write+0x14d/0x200 [ 262.226573][ T8642] ? up_write+0x1b2/0x520 [ 262.226595][ T8642] dup_mmap+0xe88/0x21d0 [ 262.226622][ T8642] ? __pfx_dup_mmap+0x10/0x10 [ 262.226655][ T8642] copy_process+0x4081/0x7690 [ 262.226682][ T8642] ? __pfx_copy_process+0x10/0x10 [ 262.226699][ T8642] ? futex_private_hash_put+0x176/0x300 [ 262.226718][ T8642] ? futex_private_hash_put+0x18a/0x300 [ 262.226737][ T8642] kernel_clone+0xfc/0x930 [ 262.226755][ T8642] ? __pfx_futex_wake+0x10/0x10 [ 262.226774][ T8642] ? __pfx_kernel_clone+0x10/0x10 [ 262.226802][ T8642] __do_sys_clone+0xce/0x120 [ 262.226820][ T8642] ? __pfx___do_sys_clone+0x10/0x10 [ 262.226846][ T8642] ? xfd_validate_state+0x61/0x180 [ 262.226878][ T8642] do_syscall_64+0xcd/0x4c0 [ 262.226892][ T8642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.226906][ T8642] RIP: 0033:0x7fc63f78eba9 [ 262.226918][ T8642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.226931][ T8642] RSP: 002b:00007fc640623fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 262.226945][ T8642] RAX: ffffffffffffffda RBX: 00007fc63f9d5fa0 RCX: 00007fc63f78eba9 [ 262.226954][ T8642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020a08200 [ 262.226962][ T8642] RBP: 00007fc63f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 262.226970][ T8642] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 262.226978][ T8642] R13: 00007fc63f9d6038 R14: 00007fc63f9d5fa0 R15: 00007ffc5c373e28 [ 262.226997][ T8642] [ 262.588496][ T5872] Bluetooth: hci2: command tx timeout [ 262.662038][ T1161] team0 (unregistering): Port device team_slave_1 removed [ 262.702394][ T1161] team0 (unregistering): Port device team_slave_0 removed [ 263.452210][ T8487] team0: Port device team_slave_1 added [ 263.595488][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.602979][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.631442][ T8487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.704892][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.712317][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.744434][ T8487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.952650][ T8487] hsr_slave_0: entered promiscuous mode [ 263.967373][ T8487] hsr_slave_1: entered promiscuous mode [ 263.977017][ T8487] debugfs: 'hsr0' already exists in 'hsr' [ 263.982778][ T8487] Cannot create hsr debugfs directory [ 264.561437][ T5872] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 264.721316][ T8487] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 264.749638][ T8487] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 264.791637][ T8487] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 264.828988][ T8487] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 265.149959][ T8487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.220394][ T8487] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.242881][ T2969] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.250204][ T2969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.318664][ T2969] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.325829][ T2969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.423921][ T8730] netlink: 28 bytes leftover after parsing attributes in process `syz.2.660'. [ 266.437616][ T8722] FAULT_INJECTION: forcing a failure. [ 266.437616][ T8722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 266.456587][ T8722] CPU: 0 UID: 0 PID: 8722 Comm: syz.1.658 Not tainted syzkaller #0 PREEMPT(full) [ 266.456622][ T8722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 266.456635][ T8722] Call Trace: [ 266.456643][ T8722] [ 266.456653][ T8722] dump_stack_lvl+0x16c/0x1f0 [ 266.456694][ T8722] should_fail_ex+0x512/0x640 [ 266.456736][ T8722] _copy_to_user+0x32/0xd0 [ 266.456765][ T8722] simple_read_from_buffer+0xcb/0x170 [ 266.456794][ T8722] proc_fail_nth_read+0x197/0x240 [ 266.456822][ T8722] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 266.456852][ T8722] ? rw_verify_area+0xcf/0x6c0 [ 266.456876][ T8722] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 266.456903][ T8722] vfs_read+0x1e1/0xcf0 [ 266.456935][ T8722] ? __pfx___mutex_lock+0x10/0x10 [ 266.456958][ T8722] ? __pfx_vfs_read+0x10/0x10 [ 266.456994][ T8722] ? __fget_files+0x20e/0x3c0 [ 266.457032][ T8722] ksys_read+0x12a/0x250 [ 266.457059][ T8722] ? __pfx_ksys_read+0x10/0x10 [ 266.457097][ T8722] do_syscall_64+0xcd/0x4c0 [ 266.457123][ T8722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.457146][ T8722] RIP: 0033:0x7f15beb8d5bc [ 266.457166][ T8722] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 266.457189][ T8722] RSP: 002b:00007f15bfa41030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 266.457212][ T8722] RAX: ffffffffffffffda RBX: 00007f15bedd6090 RCX: 00007f15beb8d5bc [ 266.457229][ T8722] RDX: 000000000000000f RSI: 00007f15bfa410a0 RDI: 0000000000000008 [ 266.457244][ T8722] RBP: 00007f15bfa41090 R08: 0000000000000000 R09: 0000000000000000 [ 266.457258][ T8722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.457273][ T8722] R13: 00007f15bedd6128 R14: 00007f15bedd6090 R15: 00007ffe6ab4dcd8 [ 266.457308][ T8722] [ 266.573067][ T5875] Bluetooth: hci0: command 0x0406 tx timeout [ 266.898323][ T8487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.552032][ T8746] FAULT_INJECTION: forcing a failure. [ 267.552032][ T8746] name failslab, interval 1, probability 0, space 0, times 0 [ 267.590146][ T8746] CPU: 1 UID: 0 PID: 8746 Comm: syz.2.664 Not tainted syzkaller #0 PREEMPT(full) [ 267.590182][ T8746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 267.590198][ T8746] Call Trace: [ 267.590208][ T8746] [ 267.590218][ T8746] dump_stack_lvl+0x16c/0x1f0 [ 267.590267][ T8746] should_fail_ex+0x512/0x640 [ 267.590304][ T8746] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 267.590335][ T8746] should_failslab+0xc2/0x120 [ 267.590368][ T8746] __kmalloc_cache_noprof+0x6a/0x3e0 [ 267.590393][ T8746] ? landlock_merge_ruleset+0x118/0x870 [ 267.590424][ T8746] landlock_merge_ruleset+0x118/0x870 [ 267.590454][ T8746] ? prepare_creds+0x583/0x7d0 [ 267.590494][ T8746] __do_sys_landlock_restrict_self+0x2a2/0x910 [ 267.590530][ T8746] do_syscall_64+0xcd/0x4c0 [ 267.590557][ T8746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.590584][ T8746] RIP: 0033:0x7f9d2078eba9 [ 267.590605][ T8746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.590630][ T8746] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 267.590655][ T8746] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 267.590673][ T8746] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005 [ 267.590688][ T8746] RBP: 00007f9d20811e19 R08: 0000000000000000 R09: 0000000000000000 [ 267.590704][ T8746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 267.590719][ T8746] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 267.590754][ T8746] [ 267.592050][ T8746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.664'. [ 267.902507][ T8740] FAULT_INJECTION: forcing a failure. [ 267.902507][ T8740] name failslab, interval 1, probability 0, space 0, times 0 [ 267.904364][ T8756] FAULT_INJECTION: forcing a failure. [ 267.904364][ T8756] name failslab, interval 1, probability 0, space 0, times 0 [ 267.945694][ T8756] CPU: 1 UID: 0 PID: 8756 Comm: syz.1.666 Not tainted syzkaller #0 PREEMPT(full) [ 267.945732][ T8756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 267.945748][ T8756] Call Trace: [ 267.945757][ T8756] [ 267.945767][ T8756] dump_stack_lvl+0x16c/0x1f0 [ 267.945811][ T8756] should_fail_ex+0x512/0x640 [ 267.945850][ T8756] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 267.945886][ T8756] should_failslab+0xc2/0x120 [ 267.945921][ T8756] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 267.945953][ T8756] ? seq_open+0x55/0x170 [ 267.945992][ T8756] ? __pfx_irq_effective_aff_proc_show+0x10/0x10 [ 267.946029][ T8756] seq_open+0x55/0x170 [ 267.946074][ T8756] ? __pfx_irq_effective_aff_proc_show+0x10/0x10 [ 267.946115][ T8756] single_open+0xfc/0x1f0 [ 267.946151][ T8756] ? __pfx_proc_single_open+0x10/0x10 [ 267.946187][ T8756] proc_reg_open+0x2ab/0x5f0 [ 267.946222][ T8756] do_dentry_open+0x97f/0x1530 [ 267.946255][ T8756] ? __pfx_proc_reg_open+0x10/0x10 [ 267.946295][ T8756] vfs_open+0x82/0x3f0 [ 267.946335][ T8756] path_openat+0x1de4/0x2cb0 [ 267.946375][ T8756] ? __pfx_path_openat+0x10/0x10 [ 267.946414][ T8756] do_filp_open+0x20b/0x470 [ 267.946445][ T8756] ? __pfx_do_filp_open+0x10/0x10 [ 267.946500][ T8756] ? alloc_fd+0x471/0x7d0 [ 267.946540][ T8756] do_sys_openat2+0x11b/0x1d0 [ 267.946577][ T8756] ? __pfx_do_sys_openat2+0x10/0x10 [ 267.946628][ T8756] __x64_sys_openat+0x174/0x210 [ 267.946652][ T8756] ? __pfx___x64_sys_openat+0x10/0x10 [ 267.946690][ T8756] do_syscall_64+0xcd/0x4c0 [ 267.946716][ T8756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.946742][ T8756] RIP: 0033:0x7f15beb8eba9 [ 267.946763][ T8756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.946789][ T8756] RSP: 002b:00007f15bfa62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 267.946815][ T8756] RAX: ffffffffffffffda RBX: 00007f15bedd5fa0 RCX: 00007f15beb8eba9 [ 267.946833][ T8756] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 267.946850][ T8756] RBP: 00007f15bec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 267.946866][ T8756] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000000 [ 267.946881][ T8756] R13: 00007f15bedd6038 R14: 00007f15bedd5fa0 R15: 00007ffe6ab4dcd8 [ 267.946916][ T8756] [ 267.964040][ T8740] CPU: 0 UID: 0 PID: 8740 Comm: syz.0.662 Not tainted syzkaller #0 PREEMPT(full) [ 267.964075][ T8740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 267.964089][ T8740] Call Trace: [ 267.964099][ T8740] [ 267.964109][ T8740] dump_stack_lvl+0x16c/0x1f0 [ 267.964151][ T8740] should_fail_ex+0x512/0x640 [ 267.964188][ T8740] ? fs_reclaim_acquire+0xae/0x150 [ 267.964229][ T8740] ? tomoyo_encode2+0x100/0x3e0 [ 267.964262][ T8740] should_failslab+0xc2/0x120 [ 267.964294][ T8740] __kmalloc_noprof+0xd2/0x510 [ 267.964335][ T8740] ? d_absolute_path+0x136/0x1a0 [ 267.964378][ T8740] tomoyo_encode2+0x100/0x3e0 [ 267.964419][ T8740] tomoyo_encode+0x29/0x50 [ 267.964452][ T8740] tomoyo_realpath_from_path+0x18f/0x6e0 [ 267.964500][ T8740] tomoyo_path_number_perm+0x245/0x580 [ 267.964530][ T8740] ? tomoyo_path_number_perm+0x237/0x580 [ 267.964565][ T8740] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 267.964631][ T8740] ? find_held_lock+0x2b/0x80 [ 267.964655][ T8740] ? hook_file_ioctl_common+0x145/0x410 [ 267.964696][ T8740] ? __fget_files+0x20e/0x3c0 [ 267.964731][ T8740] security_file_ioctl+0x9b/0x240 [ 267.964765][ T8740] __x64_sys_ioctl+0xb7/0x210 [ 267.964805][ T8740] do_syscall_64+0xcd/0x4c0 [ 267.964830][ T8740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.964856][ T8740] RIP: 0033:0x7fc63f78eba9 [ 267.964876][ T8740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.964901][ T8740] RSP: 002b:00007fc640624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 267.964926][ T8740] RAX: ffffffffffffffda RBX: 00007fc63f9d5fa0 RCX: 00007fc63f78eba9 [ 267.964943][ T8740] RDX: 0000200000000100 RSI: 000000004004550a RDI: 0000000000000008 [ 267.964960][ T8740] RBP: 00007fc63f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 267.964974][ T8740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 267.964989][ T8740] R13: 00007fc63f9d6038 R14: 00007fc63f9d5fa0 R15: 00007ffc5c373e28 [ 267.965023][ T8740] [ 267.980010][ T8740] ERROR: Out of memory at tomoyo_realpath_from_path. [ 268.082677][ T8487] veth0_vlan: entered promiscuous mode [ 268.436670][ T8487] veth1_vlan: entered promiscuous mode [ 268.468358][ T8487] veth0_macvtap: entered promiscuous mode [ 268.475324][ T8487] veth1_macvtap: entered promiscuous mode [ 268.590811][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.737611][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.831891][ T1161] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.870252][ T1161] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.907742][ T1161] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.929158][ T1161] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.075356][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.113489][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.203653][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.219831][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.485041][ T8786] random: crng reseeded on system resumption [ 269.579972][ T8788] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 270.027015][ T8790] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 270.979761][ T8815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 271.039703][ T8815] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 271.142210][ T8815] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 271.322089][ T8815] page_type: f5(slab) [ 271.393849][ T8815] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 271.456045][ T8815] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 271.507978][ T8814] ima: policy update failed [ 271.513686][ T30] audit: type=1802 audit(4294967297.904:18): pid=8814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.679" res=0 errno=0 [ 271.553173][ T8815] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 271.586059][ T8815] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 271.630661][ T8815] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 271.706138][ T8815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 271.714863][ T8815] page dumped because: unmovable page [ 271.760188][ T8815] page_owner tracks the page as allocated [ 271.852004][ T8815] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 271.958698][ T8815] post_alloc_hook+0x1c0/0x230 [ 271.963537][ T8815] get_page_from_freelist+0x132b/0x38e0 [ 271.987801][ T8815] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 272.045149][ T8815] alloc_pages_mpol+0x1fb/0x550 [ 272.099503][ T8815] new_slab+0x247/0x330 [ 272.133617][ T8815] ___slab_alloc+0xcf2/0x1750 [ 272.170162][ T8815] __slab_alloc.constprop.0+0x56/0xb0 [ 272.225938][ T8815] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 272.271204][ T8815] alloc_inode+0xc3/0x240 [ 272.296165][ T8815] iget_locked+0x2e4/0x830 [ 272.300649][ T8815] kernfs_get_inode+0x48/0x460 [ 272.305619][ T8815] kernfs_iop_lookup+0x1a7/0x2d0 [ 272.310593][ T8815] lookup_open.isra.0+0x4da/0x1580 [ 272.316207][ T8815] path_openat+0x893/0x2cb0 [ 272.320836][ T8815] do_filp_open+0x20b/0x470 [ 272.325468][ T8815] do_sys_openat2+0x11b/0x1d0 [ 272.330192][ T8815] page last free pid 1 tgid 1 stack trace: [ 272.336055][ T8815] __free_frozen_pages+0x7d5/0x10f0 [ 272.341303][ T8815] free_contig_range+0x183/0x4b0 [ 272.346357][ T8815] destroy_args+0x794/0xc10 [ 272.350883][ T8815] debug_vm_pgtable+0x1a32/0x3640 [ 272.356328][ T8815] do_one_initcall+0x120/0x6e0 [ 272.361126][ T8815] kernel_init_freeable+0x5c2/0x910 [ 272.366852][ T8815] kernel_init+0x1c/0x2b0 [ 272.371207][ T8815] ret_from_fork+0x56d/0x730 [ 272.376506][ T8815] ret_from_fork_asm+0x1a/0x30 [ 272.665681][ T8836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 272.675199][ T30] audit: type=1800 audit(4294967299.070:19): pid=8838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.686" name="lu_gp_id" dev="configfs" ino=21633 res=0 errno=0 [ 272.711461][ T8836] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 272.733153][ T8836] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 272.747416][ T8836] page_type: f5(slab) [ 272.776818][ T8836] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 272.799086][ T8836] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 272.828384][ T8836] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 272.837481][ T8836] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 272.849667][ T8836] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 272.859618][ T8836] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 272.875100][ T8836] page dumped because: unmovable page [ 272.883213][ T8836] page_owner tracks the page as allocated [ 272.889123][ T8836] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 272.914487][ T8836] post_alloc_hook+0x1c0/0x230 [ 272.919305][ T8836] get_page_from_freelist+0x132b/0x38e0 [ 272.925498][ T8836] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 272.932587][ T8836] alloc_pages_mpol+0x1fb/0x550 [ 272.937705][ T8836] new_slab+0x247/0x330 [ 272.955425][ T8836] ___slab_alloc+0xcf2/0x1750 [ 272.960727][ T8836] __slab_alloc.constprop.0+0x56/0xb0 [ 272.966250][ T8836] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 273.037309][ T8836] alloc_inode+0xc3/0x240 [ 273.051631][ T8839] netlink: 346 bytes leftover after parsing attributes in process `syz.2.685'. [ 273.099106][ T8836] iget_locked+0x2e4/0x830 [ 273.204049][ T8836] kernfs_get_inode+0x48/0x460 [ 273.228156][ T8836] kernfs_iop_lookup+0x1a7/0x2d0 [ 273.243950][ T8836] lookup_open.isra.0+0x4da/0x1580 [ 273.255109][ T8836] path_openat+0x893/0x2cb0 [ 273.284259][ T8836] do_filp_open+0x20b/0x470 [ 273.299687][ T8796] zswap: compressor not available [ 273.310847][ T8836] do_sys_openat2+0x11b/0x1d0 [ 273.367458][ T8836] page last free pid 1 tgid 1 stack trace: [ 273.377711][ T8836] __free_frozen_pages+0x7d5/0x10f0 [ 273.397601][ T8836] free_contig_range+0x183/0x4b0 [ 273.402629][ T8836] destroy_args+0x794/0xc10 [ 273.458478][ T8836] debug_vm_pgtable+0x1a32/0x3640 [ 273.463592][ T8836] do_one_initcall+0x120/0x6e0 [ 273.496780][ T8836] kernel_init_freeable+0x5c2/0x910 [ 273.512460][ T8836] kernel_init+0x1c/0x2b0 [ 273.526554][ T8836] ret_from_fork+0x56d/0x730 [ 273.539976][ T8836] ret_from_fork_asm+0x1a/0x30 [ 274.292889][ T8867] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input13 [ 274.704904][ T8874] FAULT_INJECTION: forcing a failure. [ 274.704904][ T8874] name failslab, interval 1, probability 0, space 0, times 0 [ 274.732433][ T8874] CPU: 0 UID: 0 PID: 8874 Comm: syz.4.692 Not tainted syzkaller #0 PREEMPT(full) [ 274.732468][ T8874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 274.732482][ T8874] Call Trace: [ 274.732490][ T8874] [ 274.732500][ T8874] dump_stack_lvl+0x16c/0x1f0 [ 274.732541][ T8874] should_fail_ex+0x512/0x640 [ 274.732576][ T8874] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 274.732609][ T8874] should_failslab+0xc2/0x120 [ 274.732647][ T8874] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 274.732675][ T8874] ? d_alloc_parallel+0x828/0x1480 [ 274.732710][ T8874] ? proc_alloc_inode+0x25/0x200 [ 274.732745][ T8874] ? __pfx_proc_alloc_inode+0x10/0x10 [ 274.732774][ T8874] proc_alloc_inode+0x25/0x200 [ 274.732803][ T8874] alloc_inode+0x61/0x240 [ 274.732838][ T8874] new_inode+0x22/0x1c0 [ 274.732869][ T8874] ? proc_lookup_de+0x201/0x360 [ 274.732906][ T8874] proc_get_inode+0x1d/0x780 [ 274.732940][ T8874] proc_lookup_de+0x236/0x360 [ 274.732979][ T8874] proc_lookup+0xcf/0x110 [ 274.733014][ T8874] __lookup_slow+0x251/0x460 [ 274.733051][ T8874] ? __pfx___lookup_slow+0x10/0x10 [ 274.733110][ T8874] ? lookup_fast+0x156/0x610 [ 274.733139][ T8874] walk_component+0x353/0x5b0 [ 274.733168][ T8874] link_path_walk+0x627/0xe20 [ 274.733206][ T8874] path_openat+0x1b0/0x2cb0 [ 274.733232][ T8874] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.733269][ T8874] ? __pfx_path_openat+0x10/0x10 [ 274.733330][ T8874] do_filp_open+0x20b/0x470 [ 274.733356][ T8874] ? __pfx_do_filp_open+0x10/0x10 [ 274.733401][ T8874] ? alloc_fd+0x471/0x7d0 [ 274.733437][ T8874] do_sys_openat2+0x11b/0x1d0 [ 274.733471][ T8874] ? __pfx_do_sys_openat2+0x10/0x10 [ 274.733509][ T8874] ? __fget_files+0x20e/0x3c0 [ 274.733549][ T8874] __x64_sys_openat+0x174/0x210 [ 274.733571][ T8874] ? __pfx___x64_sys_openat+0x10/0x10 [ 274.733591][ T8874] ? ksys_write+0x1ac/0x250 [ 274.733631][ T8874] do_syscall_64+0xcd/0x4c0 [ 274.733655][ T8874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.733678][ T8874] RIP: 0033:0x7f315038eba9 [ 274.733696][ T8874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.733716][ T8874] RSP: 002b:00007f3151276038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 274.733737][ T8874] RAX: ffffffffffffffda RBX: 00007f31505d5fa0 RCX: 00007f315038eba9 [ 274.733751][ T8874] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 274.733765][ T8874] RBP: 00007f3151276090 R08: 0000000000000000 R09: 0000000000000000 [ 274.733778][ T8874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.733789][ T8874] R13: 00007f31505d6038 R14: 00007f31505d5fa0 R15: 00007ffc270bec58 [ 274.733816][ T8874] [ 275.640862][ T8884] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 276.917159][ T8906] Invalid ELF header magic: != ELF [ 277.537733][ T8926] FAULT_INJECTION: forcing a failure. [ 277.537733][ T8926] name fail_futex, interval 1, probability 0, space 0, times 0 [ 277.552819][ T8926] CPU: 0 UID: 0 PID: 8926 Comm: syz.0.704 Not tainted syzkaller #0 PREEMPT(full) [ 277.552853][ T8926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 277.552866][ T8926] Call Trace: [ 277.552875][ T8926] [ 277.552884][ T8926] dump_stack_lvl+0x16c/0x1f0 [ 277.552923][ T8926] should_fail_ex+0x512/0x640 [ 277.552964][ T8926] get_futex_key+0x1d0/0x1560 [ 277.553016][ T8926] ? __pfx_get_futex_key+0x10/0x10 [ 277.553054][ T8926] ? percpu_ref_put_many.constprop.0+0xc4/0x2a0 [ 277.553096][ T8926] futex_wait_setup+0x9d/0x550 [ 277.553141][ T8926] __futex_wait+0x194/0x2f0 [ 277.553177][ T8926] ? __pfx___futex_wait+0x10/0x10 [ 277.553217][ T8926] ? __pfx_futex_wake_mark+0x10/0x10 [ 277.553257][ T8926] ? futex_private_hash_put+0x176/0x300 [ 277.553290][ T8926] ? futex_private_hash_put+0x18a/0x300 [ 277.553321][ T8926] futex_wait+0xe8/0x380 [ 277.553356][ T8926] ? __pfx_futex_wait+0x10/0x10 [ 277.553401][ T8926] ? css_rstat_updated+0x1c2/0x510 [ 277.553431][ T8926] do_futex+0x229/0x350 [ 277.553461][ T8926] ? __pfx_do_futex+0x10/0x10 [ 277.553489][ T8926] ? find_held_lock+0x2b/0x80 [ 277.553515][ T8926] ? handle_mm_fault+0x2ab/0xd10 [ 277.553544][ T8926] __x64_sys_futex+0x1e0/0x4c0 [ 277.553576][ T8926] ? exc_page_fault+0x5c/0xb0 [ 277.553610][ T8926] ? __pfx___x64_sys_futex+0x10/0x10 [ 277.553641][ T8926] ? xfd_validate_state+0x61/0x180 [ 277.553686][ T8926] do_syscall_64+0xcd/0x4c0 [ 277.553711][ T8926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.553735][ T8926] RIP: 0033:0x7fc63f78eba9 [ 277.553754][ T8926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.553778][ T8926] RSP: 002b:00007fc6405e20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 277.553801][ T8926] RAX: ffffffffffffffda RBX: 00007fc63f9d6188 RCX: 00007fc63f78eba9 [ 277.553818][ T8926] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc63f9d6188 [ 277.553833][ T8926] RBP: 00007fc63f9d6180 R08: 0000000000000000 R09: 0000000000000000 [ 277.553848][ T8926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 277.553863][ T8926] R13: 00007fc63f9d6218 R14: 00007ffc5c373d40 R15: 00007ffc5c373e28 [ 277.553897][ T8926] [ 280.658826][ T8999] FAULT_INJECTION: forcing a failure. [ 280.658826][ T8999] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 280.769919][ T9002] FAULT_INJECTION: forcing a failure. [ 280.769919][ T9002] name failslab, interval 1, probability 0, space 0, times 0 [ 280.779663][ T8999] CPU: 0 UID: 0 PID: 8999 Comm: syz.1.713 Not tainted syzkaller #0 PREEMPT(full) [ 280.779701][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 280.779724][ T8999] Call Trace: [ 280.779733][ T8999] [ 280.779743][ T8999] dump_stack_lvl+0x16c/0x1f0 [ 280.779788][ T8999] should_fail_ex+0x512/0x640 [ 280.779831][ T8999] should_fail_alloc_page+0xe7/0x130 [ 280.779868][ T8999] prepare_alloc_pages+0x3c2/0x610 [ 280.779904][ T8999] ? rcu_is_watching+0x12/0xc0 [ 280.779934][ T8999] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 280.779966][ T8999] ? __lock_acquire+0xb97/0x1ce0 [ 280.780012][ T8999] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 280.780043][ T8999] ? do_raw_spin_lock+0x12c/0x2b0 [ 280.780080][ T8999] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 280.780116][ T8999] ? find_held_lock+0x2b/0x80 [ 280.780151][ T8999] ? __lock_acquire+0xb97/0x1ce0 [ 280.780183][ T8999] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 280.780223][ T8999] ? policy_nodemask+0xea/0x4e0 [ 280.780259][ T8999] alloc_pages_mpol+0x1fb/0x550 [ 280.780292][ T8999] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 280.780336][ T8999] folio_alloc_mpol_noprof+0x36/0x2f0 [ 280.780373][ T8999] shmem_alloc_folio+0x135/0x160 [ 280.780399][ T8999] shmem_alloc_and_add_folio+0x499/0xc20 [ 280.780436][ T8999] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 280.780469][ T8999] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 280.780506][ T8999] shmem_get_folio_gfp+0x67f/0x1600 [ 280.780543][ T8999] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 280.780574][ T8999] ? __pfx___might_resched+0x10/0x10 [ 280.780605][ T8999] shmem_fallocate+0x795/0xf50 [ 280.780651][ T8999] ? __pfx_shmem_fallocate+0x10/0x10 [ 280.780695][ T8999] ? __lock_acquire+0xb97/0x1ce0 [ 280.780737][ T8999] ? __lock_acquire+0x62e/0x1ce0 [ 280.780792][ T8999] ? __pfx_shmem_fallocate+0x10/0x10 [ 280.780823][ T8999] vfs_fallocate+0x5b1/0x10e0 [ 280.780859][ T8999] ? __pfx_vfs_fallocate+0x10/0x10 [ 280.780899][ T8999] __x64_sys_fallocate+0xd5/0x150 [ 280.780934][ T8999] do_syscall_64+0xcd/0x4c0 [ 280.780959][ T8999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.780984][ T8999] RIP: 0033:0x7f15beb8eba9 [ 280.781005][ T8999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.781031][ T8999] RSP: 002b:00007f15bfa62038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 280.781056][ T8999] RAX: ffffffffffffffda RBX: 00007f15bedd5fa0 RCX: 00007f15beb8eba9 [ 280.781072][ T8999] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 280.781088][ T8999] RBP: 00007f15bec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 280.781103][ T8999] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 280.781118][ T8999] R13: 00007f15bedd6038 R14: 00007f15bedd5fa0 R15: 00007ffe6ab4dcd8 [ 280.781152][ T8999] [ 281.130432][ T9002] CPU: 1 UID: 0 PID: 9002 Comm: syz.1.713 Not tainted syzkaller #0 PREEMPT(full) [ 281.130467][ T9002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 281.130482][ T9002] Call Trace: [ 281.130490][ T9002] [ 281.130500][ T9002] dump_stack_lvl+0x16c/0x1f0 [ 281.130541][ T9002] should_fail_ex+0x512/0x640 [ 281.130577][ T9002] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 281.130609][ T9002] ? __pfx_dma_buf_debug_open+0x10/0x10 [ 281.130638][ T9002] should_failslab+0xc2/0x120 [ 281.130668][ T9002] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 281.130698][ T9002] ? seq_open+0x55/0x170 [ 281.130734][ T9002] ? __pfx_dma_buf_debug_open+0x10/0x10 [ 281.130763][ T9002] ? __pfx_dma_buf_debug_show+0x10/0x10 [ 281.130792][ T9002] seq_open+0x55/0x170 [ 281.130823][ T9002] ? __pfx_dma_buf_debug_show+0x10/0x10 [ 281.130854][ T9002] single_open+0xfc/0x1f0 [ 281.130888][ T9002] full_proxy_open_regular+0x1b6/0x360 [ 281.130923][ T9002] do_dentry_open+0x97f/0x1530 [ 281.130953][ T9002] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 281.130986][ T9002] vfs_open+0x82/0x3f0 [ 281.131028][ T9002] path_openat+0x1de4/0x2cb0 [ 281.131068][ T9002] ? __pfx_path_openat+0x10/0x10 [ 281.131107][ T9002] do_filp_open+0x20b/0x470 [ 281.131136][ T9002] ? __pfx_do_filp_open+0x10/0x10 [ 281.131206][ T9002] ? alloc_fd+0x471/0x7d0 [ 281.131242][ T9002] do_sys_openat2+0x11b/0x1d0 [ 281.131277][ T9002] ? __pfx_do_sys_openat2+0x10/0x10 [ 281.131326][ T9002] __x64_sys_openat+0x174/0x210 [ 281.131349][ T9002] ? __pfx___x64_sys_openat+0x10/0x10 [ 281.131386][ T9002] do_syscall_64+0xcd/0x4c0 [ 281.131410][ T9002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.131435][ T9002] RIP: 0033:0x7f15beb8eba9 [ 281.131454][ T9002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.131479][ T9002] RSP: 002b:00007f15bfa41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 281.131502][ T9002] RAX: ffffffffffffffda RBX: 00007f15bedd6090 RCX: 00007f15beb8eba9 [ 281.131519][ T9002] RDX: 0000000000004880 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 281.131535][ T9002] RBP: 00007f15bec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 281.131550][ T9002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.131564][ T9002] R13: 00007f15bedd6128 R14: 00007f15bedd6090 R15: 00007ffe6ab4dcd8 [ 281.131597][ T9002] [ 281.371743][ C1] vkms_vblank_simulate: vblank timer overrun [ 284.590099][ T9059] : Can't lookup blockdev [ 284.666979][ T30] audit: type=1800 audit(4294967311.123:20): pid=9062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.726" name="features" dev="configfs" ino=20978 res=0 errno=0 [ 285.856386][ T9095] FAULT_INJECTION: forcing a failure. [ 285.856386][ T9095] name failslab, interval 1, probability 0, space 0, times 0 [ 285.960800][ T9095] CPU: 1 UID: 0 PID: 9095 Comm: syz.0.733 Not tainted syzkaller #0 PREEMPT(full) [ 285.960839][ T9095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 285.960857][ T9095] Call Trace: [ 285.960866][ T9095] [ 285.960877][ T9095] dump_stack_lvl+0x16c/0x1f0 [ 285.960922][ T9095] should_fail_ex+0x512/0x640 [ 285.960960][ T9095] ? kmem_cache_alloc_bulk_noprof+0x6d/0xbc0 [ 285.960998][ T9095] should_failslab+0xc2/0x120 [ 285.961031][ T9095] kmem_cache_alloc_bulk_noprof+0x85/0xbc0 [ 285.961068][ T9095] ? trace_kmem_cache_alloc+0x28/0xc0 [ 285.961104][ T9095] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 285.961136][ T9095] ? mas_alloc_nodes+0x18b/0x8b0 [ 285.961173][ T9095] ? mas_alloc_nodes+0x2f1/0x8b0 [ 285.961204][ T9095] mas_alloc_nodes+0x2f1/0x8b0 [ 285.961245][ T9095] mas_node_count_gfp+0x105/0x130 [ 285.961282][ T9095] mas_preallocate+0x7e0/0xde0 [ 285.961315][ T9095] ? __pfx_mas_preallocate+0x10/0x10 [ 285.961352][ T9095] ? vma_merge_new_range+0x3ae/0xa50 [ 285.961380][ T9095] ? vm_area_alloc+0x1f/0x160 [ 285.961408][ T9095] ? lockdep_init_map_type+0x5c/0x280 [ 285.961447][ T9095] __mmap_region+0x118a/0x27b0 [ 285.961480][ T9095] ? finish_task_switch.isra.0+0x21c/0xc10 [ 285.961515][ T9095] ? __pfx___mmap_region+0x10/0x10 [ 285.961546][ T9095] ? rcu_is_watching+0x12/0xc0 [ 285.961582][ T9095] ? rcu_is_watching+0x12/0xc0 [ 285.961607][ T9095] ? trace_sched_exit_tp+0xd1/0x120 [ 285.961643][ T9095] ? __schedule+0x11a3/0x5de0 [ 285.961674][ T9095] ? __lock_acquire+0x62e/0x1ce0 [ 285.961729][ T9095] ? __pfx___schedule+0x10/0x10 [ 285.961807][ T9095] ? mm_get_unmapped_area+0x95/0xe0 [ 285.961855][ T9095] mmap_region+0x1ab/0x3f0 [ 285.961886][ T9095] ? __get_unmapped_area+0x267/0x440 [ 285.961926][ T9095] do_mmap+0xa3e/0x1210 [ 285.961969][ T9095] ? __pfx_do_mmap+0x10/0x10 [ 285.962005][ T9095] ? __pfx_down_write_killable+0x10/0x10 [ 285.962030][ T9095] ? find_held_lock+0x2b/0x80 [ 285.962061][ T9095] vm_mmap_pgoff+0x29e/0x470 [ 285.962104][ T9095] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 285.962136][ T9095] ? __do_sys_ustat+0x126/0x1f0 [ 285.962173][ T9095] ? __pfx___do_sys_ustat+0x10/0x10 [ 285.962217][ T9095] ? __x64_sys_futex+0x1e0/0x4c0 [ 285.962248][ T9095] ? __x64_sys_futex+0x1e9/0x4c0 [ 285.962285][ T9095] ksys_mmap_pgoff+0x7d/0x5c0 [ 285.962319][ T9095] ? xfd_validate_state+0x61/0x180 [ 285.962362][ T9095] __x64_sys_mmap+0x125/0x190 [ 285.962405][ T9095] do_syscall_64+0xcd/0x4c0 [ 285.962432][ T9095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.962458][ T9095] RIP: 0033:0x7fc63f78eba9 [ 285.962481][ T9095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.962514][ T9095] RSP: 002b:00007fc640624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 285.962540][ T9095] RAX: ffffffffffffffda RBX: 00007fc63f9d5fa0 RCX: 00007fc63f78eba9 [ 285.962557][ T9095] RDX: 00004000000000df RSI: 0000000000020005 RDI: 00000000ff600000 [ 285.962575][ T9095] RBP: 00007fc63f811e19 R08: 0000000000000008 R09: 0000000000008000 [ 285.962592][ T9095] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 285.962607][ T9095] R13: 00007fc63f9d6038 R14: 00007fc63f9d5fa0 R15: 00007ffc5c373e28 [ 285.962648][ T9095] [ 286.278168][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.657099][ T9105] netlink: 338 bytes leftover after parsing attributes in process `syz.2.737'. [ 286.679248][ T9105] netlink: 338 bytes leftover after parsing attributes in process `syz.2.737'. [ 286.749019][ T9105] netlink: 134 bytes leftover after parsing attributes in process `syz.2.737'. [ 288.095619][ T9122] QAT: Device 7 not found [ 288.558364][ T9127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.740'. [ 288.568908][ T9127] nbd: must specify at least one socket [ 289.482141][ T9135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 289.519201][ T9135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 289.569380][ T9135] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 289.593033][ T9135] page_type: f5(slab) [ 289.605412][ T9135] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 289.660937][ T9135] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 289.710955][ T9138] netlink: 346 bytes leftover after parsing attributes in process `syz.2.743'. [ 289.755894][ T9135] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 289.826768][ T9135] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 289.970054][ T9135] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 290.075763][ T9135] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 290.084617][ T9135] page dumped because: unmovable page [ 290.090477][ T9135] page_owner tracks the page as allocated [ 290.096225][ T9135] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 290.119244][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.126071][ T9135] post_alloc_hook+0x1c0/0x230 [ 290.130937][ T9135] get_page_from_freelist+0x132b/0x38e0 [ 290.136596][ T9135] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 290.142598][ T9135] alloc_pages_mpol+0x1fb/0x550 [ 290.147490][ T9135] new_slab+0x247/0x330 [ 290.199929][ T9135] ___slab_alloc+0xcf2/0x1750 [ 290.204711][ T9135] __slab_alloc.constprop.0+0x56/0xb0 [ 290.337586][ T9135] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 290.368989][ T9135] alloc_inode+0xc3/0x240 [ 290.373409][ T9135] iget_locked+0x2e4/0x830 [ 290.377905][ T9135] kernfs_get_inode+0x48/0x460 [ 290.530972][ T9135] kernfs_iop_lookup+0x1a7/0x2d0 [ 290.535991][ T9135] lookup_open.isra.0+0x4da/0x1580 [ 290.661147][ T9135] path_openat+0x893/0x2cb0 [ 290.757125][ T9135] do_filp_open+0x20b/0x470 [ 290.761715][ T9135] do_sys_openat2+0x11b/0x1d0 [ 290.836621][ T9135] page last free pid 1 tgid 1 stack trace: [ 290.898489][ T9135] __free_frozen_pages+0x7d5/0x10f0 [ 290.904604][ T9135] free_contig_range+0x183/0x4b0 [ 291.136573][ T9135] destroy_args+0x794/0xc10 [ 291.144978][ T9135] debug_vm_pgtable+0x1a32/0x3640 [ 291.171921][ T9135] do_one_initcall+0x120/0x6e0 [ 291.195886][ T9135] kernel_init_freeable+0x5c2/0x910 [ 291.216740][ T9135] kernel_init+0x1c/0x2b0 [ 291.274380][ T9135] ret_from_fork+0x56d/0x730 [ 291.279279][ T9135] ret_from_fork_asm+0x1a/0x30 [ 291.382427][ T9156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 291.401982][ T9156] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 291.410854][ T9156] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 291.418948][ T9156] page_type: f5(slab) [ 291.423151][ T9156] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 291.473363][ T9156] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 291.534801][ T9156] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 291.565588][ T9156] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 291.599272][ T9156] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 291.644347][ T9156] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 291.706046][ T9156] page dumped because: unmovable page [ 291.768610][ T9156] page_owner tracks the page as allocated [ 291.819547][ T9156] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 291.871262][ T9156] post_alloc_hook+0x1c0/0x230 [ 291.876108][ T9156] get_page_from_freelist+0x132b/0x38e0 [ 291.891010][ T9156] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 291.896990][ T9156] alloc_pages_mpol+0x1fb/0x550 [ 291.940866][ T9156] new_slab+0x247/0x330 [ 291.945089][ T9156] ___slab_alloc+0xcf2/0x1750 [ 291.949805][ T9156] __slab_alloc.constprop.0+0x56/0xb0 [ 292.070084][ T9156] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 292.075910][ T9156] alloc_inode+0xc3/0x240 [ 292.099947][ T9156] iget_locked+0x2e4/0x830 [ 292.105291][ T9156] kernfs_get_inode+0x48/0x460 [ 292.118466][ T9156] kernfs_iop_lookup+0x1a7/0x2d0 [ 292.129951][ T9156] lookup_open.isra.0+0x4da/0x1580 [ 292.135147][ T9156] path_openat+0x893/0x2cb0 [ 292.148116][ T9156] do_filp_open+0x20b/0x470 [ 292.158772][ T9156] do_sys_openat2+0x11b/0x1d0 [ 292.186190][ T9156] page last free pid 1 tgid 1 stack trace: [ 292.219393][ T9156] __free_frozen_pages+0x7d5/0x10f0 [ 292.224683][ T9156] free_contig_range+0x183/0x4b0 [ 292.239470][ T9156] destroy_args+0x794/0xc10 [ 292.244049][ T9156] debug_vm_pgtable+0x1a32/0x3640 [ 292.279156][ T9156] do_one_initcall+0x120/0x6e0 [ 292.284029][ T9156] kernel_init_freeable+0x5c2/0x910 [ 292.290947][ T9156] kernel_init+0x1c/0x2b0 [ 292.295332][ T9156] ret_from_fork+0x56d/0x730 [ 292.300343][ T9156] ret_from_fork_asm+0x1a/0x30 [ 292.399747][ T9172] netlink: 28 bytes leftover after parsing attributes in process `syz.1.753'. [ 293.008457][ T9178] FAULT_INJECTION: forcing a failure. [ 293.008457][ T9178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 293.045412][ T9178] CPU: 0 UID: 0 PID: 9178 Comm: syz.4.754 Not tainted syzkaller #0 PREEMPT(full) [ 293.045446][ T9178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 293.045460][ T9178] Call Trace: [ 293.045469][ T9178] [ 293.045481][ T9178] dump_stack_lvl+0x16c/0x1f0 [ 293.045530][ T9178] should_fail_ex+0x512/0x640 [ 293.045572][ T9178] _copy_to_user+0x32/0xd0 [ 293.045602][ T9178] simple_read_from_buffer+0xcb/0x170 [ 293.045630][ T9178] proc_fail_nth_read+0x197/0x240 [ 293.045660][ T9178] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.045687][ T9178] ? rw_verify_area+0xcf/0x6c0 [ 293.045713][ T9178] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 293.045740][ T9178] vfs_read+0x1e1/0xcf0 [ 293.045772][ T9178] ? __pfx___mutex_lock+0x10/0x10 [ 293.045794][ T9178] ? __pfx_vfs_read+0x10/0x10 [ 293.045831][ T9178] ? __fget_files+0x20e/0x3c0 [ 293.045867][ T9178] ksys_read+0x12a/0x250 [ 293.045894][ T9178] ? __pfx_ksys_read+0x10/0x10 [ 293.045932][ T9178] do_syscall_64+0xcd/0x4c0 [ 293.045957][ T9178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.045982][ T9178] RIP: 0033:0x7f315038d5bc [ 293.046001][ T9178] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 293.046024][ T9178] RSP: 002b:00007f3151276030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 293.046048][ T9178] RAX: ffffffffffffffda RBX: 00007f31505d5fa0 RCX: 00007f315038d5bc [ 293.046064][ T9178] RDX: 000000000000000f RSI: 00007f31512760a0 RDI: 0000000000000005 [ 293.046078][ T9178] RBP: 00007f3151276090 R08: 0000000000000000 R09: 0000000000000000 [ 293.046093][ T9178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 293.046106][ T9178] R13: 00007f31505d6038 R14: 00007f31505d5fa0 R15: 00007ffc270bec58 [ 293.046140][ T9178] [ 294.993751][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.012905][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.243813][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.273741][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.319575][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.466385][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.549492][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.552156][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.557258][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.711634][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.718807][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.744887][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.796887][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.831723][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 295.880430][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.892122][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 295.938751][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 296.059620][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 296.059841][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 296.068636][ T9207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 296.376536][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 296.512661][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 296.556901][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 296.595575][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.064278][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.135580][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.193758][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.240212][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.314524][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.364079][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.424958][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.432071][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.495506][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.514000][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.536144][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.556473][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.591010][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.637961][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 297.651390][ T9206] blktrace: Concurrent blktraces are not allowed on ram7 [ 299.133981][ T9258] random: crng reseeded on system resumption [ 301.126335][ T30] audit: type=1800 audit(4294967327.678:21): pid=9311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.783" name="members" dev="configfs" ino=22914 res=0 errno=0 [ 302.282090][ T9316] Invalid ELF header magic: != ELF [ 302.440394][ T9333] i2c i2c-0: delete_device: Can't parse I2C address [ 302.784224][ T9337] Setting dangerous option i915.mitigations - tainting kernel [ 302.888877][ T9337] Bad "i915.mitigations=!hóì@ÛSÌ", 'hóì@ÛSÌ' is unknown [ 304.576573][ T9391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 304.605120][ T9391] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 304.623892][ T9391] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 304.654378][ T9391] page_type: f5(slab) [ 304.659137][ T9391] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 304.670073][ T9391] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 304.678870][ T9397] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 304.710797][ T9391] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 304.721695][ T9395] __nla_validate_parse: 24 callbacks suppressed [ 304.721716][ T9395] netlink: 346 bytes leftover after parsing attributes in process `syz.0.807'. [ 304.734286][ T9391] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 304.746680][ T9391] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 304.755450][ T9391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 304.764781][ T9391] page dumped because: unmovable page [ 304.771097][ T9391] page_owner tracks the page as allocated [ 304.776999][ T9391] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 304.800474][ T9391] post_alloc_hook+0x1c0/0x230 [ 304.805487][ T9391] get_page_from_freelist+0x132b/0x38e0 [ 304.811084][ T9391] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 304.817070][ T9391] alloc_pages_mpol+0x1fb/0x550 [ 304.821964][ T9391] new_slab+0x247/0x330 [ 304.826229][ T9391] ___slab_alloc+0xcf2/0x1750 [ 304.830956][ T9391] __slab_alloc.constprop.0+0x56/0xb0 [ 304.836422][ T9391] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 304.842194][ T9391] alloc_inode+0xc3/0x240 [ 304.847321][ T9391] iget_locked+0x2e4/0x830 [ 304.851987][ T9391] kernfs_get_inode+0x48/0x460 [ 304.856837][ T9391] kernfs_iop_lookup+0x1a7/0x2d0 [ 304.862182][ T9391] lookup_open.isra.0+0x4da/0x1580 [ 304.867372][ T9391] path_openat+0x893/0x2cb0 [ 304.871912][ T9391] do_filp_open+0x20b/0x470 [ 304.877354][ T9391] do_sys_openat2+0x11b/0x1d0 [ 304.882085][ T9391] page last free pid 1 tgid 1 stack trace: [ 304.903479][ T9391] __free_frozen_pages+0x7d5/0x10f0 [ 304.908742][ T9391] free_contig_range+0x183/0x4b0 [ 304.963166][ T9391] destroy_args+0x794/0xc10 [ 304.974965][ T9391] debug_vm_pgtable+0x1a32/0x3640 [ 304.980065][ T9391] do_one_initcall+0x120/0x6e0 [ 305.023257][ T9391] kernel_init_freeable+0x5c2/0x910 [ 305.028558][ T9391] kernel_init+0x1c/0x2b0 [ 305.037985][ T9391] ret_from_fork+0x56d/0x730 [ 305.053473][ T9391] ret_from_fork_asm+0x1a/0x30 [ 305.233811][ T9414] __vm_enough_memory: pid: 9414, comm: syz.1.813, bytes: 4398046511104 not enough memory for the allocation [ 305.576384][ T9428] FAULT_INJECTION: forcing a failure. [ 305.576384][ T9428] name failslab, interval 1, probability 0, space 0, times 0 [ 305.600306][ T9428] CPU: 0 UID: 0 PID: 9428 Comm: syz.2.816 Tainted: G U syzkaller #0 PREEMPT(full) [ 305.600349][ T9428] Tainted: [U]=USER [ 305.600357][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 305.600371][ T9428] Call Trace: [ 305.600379][ T9428] [ 305.600389][ T9428] dump_stack_lvl+0x16c/0x1f0 [ 305.600431][ T9428] should_fail_ex+0x512/0x640 [ 305.600470][ T9428] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 305.600501][ T9428] should_failslab+0xc2/0x120 [ 305.600535][ T9428] __kmalloc_cache_noprof+0x6a/0x3e0 [ 305.600561][ T9428] ? rcu_is_watching+0x12/0xc0 [ 305.600587][ T9428] ? single_open+0x4d/0x1f0 [ 305.600623][ T9428] ? __pfx_apparmor_file_open+0x10/0x10 [ 305.600657][ T9428] ? __pfx_irq_effective_aff_proc_show+0x10/0x10 [ 305.600690][ T9428] single_open+0x4d/0x1f0 [ 305.600725][ T9428] ? __pfx_proc_single_open+0x10/0x10 [ 305.600758][ T9428] proc_reg_open+0x2ab/0x5f0 [ 305.600793][ T9428] do_dentry_open+0x97f/0x1530 [ 305.600822][ T9428] ? __pfx_proc_reg_open+0x10/0x10 [ 305.600862][ T9428] vfs_open+0x82/0x3f0 [ 305.600900][ T9428] path_openat+0x1de4/0x2cb0 [ 305.600941][ T9428] ? __pfx_path_openat+0x10/0x10 [ 305.600976][ T9428] do_filp_open+0x20b/0x470 [ 305.601005][ T9428] ? __pfx_do_filp_open+0x10/0x10 [ 305.601059][ T9428] ? alloc_fd+0x471/0x7d0 [ 305.601096][ T9428] do_sys_openat2+0x11b/0x1d0 [ 305.601127][ T9428] ? __pfx_do_sys_openat2+0x10/0x10 [ 305.601170][ T9428] __x64_sys_openat+0x174/0x210 [ 305.601190][ T9428] ? __pfx___x64_sys_openat+0x10/0x10 [ 305.601222][ T9428] do_syscall_64+0xcd/0x4c0 [ 305.601255][ T9428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.601278][ T9428] RIP: 0033:0x7f9d2078eba9 [ 305.601296][ T9428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.601354][ T9428] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 305.601376][ T9428] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 305.601391][ T9428] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 305.601407][ T9428] RBP: 00007f9d20811e19 R08: 0000000000000000 R09: 0000000000000000 [ 305.601421][ T9428] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000000 [ 305.601435][ T9428] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 305.601464][ T9428] [ 306.034520][ T9425] bond0: option arp_interval: invalid value () [ 306.263272][ T9425] bond0: option arp_interval: allowed values 0 - 2147483647 [ 307.655506][ T9462] netlink: 'syz.4.821': attribute type 1 has an invalid length. [ 308.108811][ T9479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 308.229619][ T9479] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 308.238692][ T9479] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 308.248093][ T9479] page_type: f5(slab) [ 308.252777][ T9479] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 308.448058][ T9479] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 308.712210][ T9479] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 308.721373][ T9479] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 308.833230][ T9479] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 308.863007][ T9489] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.828' sets config #23 [ 309.012554][ T9479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 309.089955][ T9479] page dumped because: unmovable page [ 309.095487][ T9479] page_owner tracks the page as allocated [ 309.101230][ T9479] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 309.124431][ T9479] post_alloc_hook+0x1c0/0x230 [ 309.129672][ T9479] get_page_from_freelist+0x132b/0x38e0 [ 309.135936][ T9479] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 309.142501][ T9479] alloc_pages_mpol+0x1fb/0x550 [ 309.147409][ T9479] new_slab+0x247/0x330 [ 309.161341][ T9479] ___slab_alloc+0xcf2/0x1750 [ 309.166075][ T9479] __slab_alloc.constprop.0+0x56/0xb0 [ 309.245111][ T9479] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 309.260240][ T9479] alloc_inode+0xc3/0x240 [ 309.265045][ T9498] kAFS: Invalid Command on /proc/fs/afs/cells file [ 309.385035][ T9479] iget_locked+0x2e4/0x830 [ 309.538659][ T9479] kernfs_get_inode+0x48/0x460 [ 309.543687][ T9479] kernfs_iop_lookup+0x1a7/0x2d0 [ 309.553807][ T9479] lookup_open.isra.0+0x4da/0x1580 [ 309.574862][ T9479] path_openat+0x893/0x2cb0 [ 309.603146][ T9479] do_filp_open+0x20b/0x470 [ 309.607809][ T9479] do_sys_openat2+0x11b/0x1d0 [ 309.681600][ T9479] page last free pid 1 tgid 1 stack trace: [ 309.687467][ T9479] __free_frozen_pages+0x7d5/0x10f0 [ 309.708411][ T9479] free_contig_range+0x183/0x4b0 [ 309.719877][ T9479] destroy_args+0x794/0xc10 [ 309.800303][ T9479] debug_vm_pgtable+0x1a32/0x3640 [ 309.831291][ T9479] do_one_initcall+0x120/0x6e0 [ 309.856463][ T9479] kernel_init_freeable+0x5c2/0x910 [ 309.888751][ T9479] kernel_init+0x1c/0x2b0 [ 309.906637][ T9479] ret_from_fork+0x56d/0x730 [ 309.916886][ T9479] ret_from_fork_asm+0x1a/0x30 [ 310.034971][ T9518] FAULT_INJECTION: forcing a failure. [ 310.034971][ T9518] name fail_futex, interval 1, probability 0, space 0, times 0 [ 310.080766][ T9518] CPU: 0 UID: 0 PID: 9518 Comm: syz.2.836 Tainted: G U syzkaller #0 PREEMPT(full) [ 310.080793][ T9518] Tainted: [U]=USER [ 310.080797][ T9518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 310.080806][ T9518] Call Trace: [ 310.080812][ T9518] [ 310.080819][ T9518] dump_stack_lvl+0x16c/0x1f0 [ 310.080889][ T9518] should_fail_ex+0x512/0x640 [ 310.080915][ T9518] get_futex_key+0x1d0/0x1560 [ 310.080937][ T9518] ? __pfx_get_futex_key+0x10/0x10 [ 310.080954][ T9518] ? __pfx_kernel_waitid_prepare+0x10/0x10 [ 310.080981][ T9518] futex_wake+0xea/0x530 [ 310.081000][ T9518] ? kernel_waitid+0xbc/0x180 [ 310.081020][ T9518] ? __pfx_kernel_waitid+0x10/0x10 [ 310.081040][ T9518] ? __pfx_futex_wake+0x10/0x10 [ 310.081063][ T9518] ? ksys_read+0x190/0x250 [ 310.081082][ T9518] do_futex+0x1e3/0x350 [ 310.081101][ T9518] ? __pfx_do_futex+0x10/0x10 [ 310.081118][ T9518] ? __pfx___do_sys_waitid+0x10/0x10 [ 310.081143][ T9518] __x64_sys_futex+0x1e0/0x4c0 [ 310.081164][ T9518] ? __pfx___x64_sys_futex+0x10/0x10 [ 310.081181][ T9518] ? xfd_validate_state+0x61/0x180 [ 310.081200][ T9518] ? __pfx_ksys_read+0x10/0x10 [ 310.081221][ T9518] do_syscall_64+0xcd/0x4c0 [ 310.081235][ T9518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.081250][ T9518] RIP: 0033:0x7f9d2078eba9 [ 310.081262][ T9518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.081276][ T9518] RSP: 002b:00007f9d2162c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 310.081290][ T9518] RAX: ffffffffffffffda RBX: 00007f9d209d5fa8 RCX: 00007f9d2078eba9 [ 310.081299][ T9518] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9d209d5fac [ 310.081308][ T9518] RBP: 00007f9d209d5fa0 R08: 00007f9d2162d000 R09: 0000000000000000 [ 310.081316][ T9518] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 310.081325][ T9518] R13: 00007f9d209d6038 R14: 00007ffc70bc7250 R15: 00007ffc70bc7338 [ 310.081343][ T9518] [ 311.681328][ T9550] netlink: 206 bytes leftover after parsing attributes in process `syz.4.844'. [ 311.868494][ T9547] Invalid ELF header magic: != ELF [ 312.574643][ T9575] netlink: 'syz.4.850': attribute type 1 has an invalid length. [ 312.827936][ T30] audit: type=1804 audit(4294967339.439:22): pid=9582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.851" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=28 res=1 errno=0 [ 313.324811][ T30] audit: type=1804 audit(4294967339.469:23): pid=9581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.854" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=28 res=1 errno=0 [ 314.203370][ T9603] FAULT_INJECTION: forcing a failure. [ 314.203370][ T9603] name failslab, interval 1, probability 0, space 0, times 0 [ 314.217313][ T9603] CPU: 0 UID: 0 PID: 9603 Comm: syz.1.859 Tainted: G U syzkaller #0 PREEMPT(full) [ 314.217354][ T9603] Tainted: [U]=USER [ 314.217363][ T9603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 314.217389][ T9603] Call Trace: [ 314.217398][ T9603] [ 314.217408][ T9603] dump_stack_lvl+0x16c/0x1f0 [ 314.217453][ T9603] should_fail_ex+0x512/0x640 [ 314.217492][ T9603] ? kmem_cache_alloc_bulk_noprof+0x6d/0xbc0 [ 314.217528][ T9603] should_failslab+0xc2/0x120 [ 314.217561][ T9603] kmem_cache_alloc_bulk_noprof+0x85/0xbc0 [ 314.217598][ T9603] ? trace_kmem_cache_alloc+0x28/0xc0 [ 314.217633][ T9603] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 314.217664][ T9603] ? mas_alloc_nodes+0x18b/0x8b0 [ 314.217701][ T9603] ? mas_alloc_nodes+0x2f1/0x8b0 [ 314.217732][ T9603] mas_alloc_nodes+0x2f1/0x8b0 [ 314.217773][ T9603] mas_node_count_gfp+0x105/0x130 [ 314.217809][ T9603] mas_preallocate+0x7e0/0xde0 [ 314.217843][ T9603] ? __pfx_mas_preallocate+0x10/0x10 [ 314.217880][ T9603] ? vma_merge_new_range+0x3ae/0xa50 [ 314.217907][ T9603] ? vm_area_alloc+0x1f/0x160 [ 314.217933][ T9603] ? lockdep_init_map_type+0x5c/0x280 [ 314.217973][ T9603] __mmap_region+0x118a/0x27b0 [ 314.218006][ T9603] ? finish_task_switch.isra.0+0x21c/0xc10 [ 314.218033][ T9603] ? __pfx___mmap_region+0x10/0x10 [ 314.218060][ T9603] ? rcu_is_watching+0x12/0xc0 [ 314.218089][ T9603] ? rcu_is_watching+0x12/0xc0 [ 314.218113][ T9603] ? trace_sched_exit_tp+0xd1/0x120 [ 314.218151][ T9603] ? __schedule+0x11a3/0x5de0 [ 314.218183][ T9603] ? __lock_acquire+0x62e/0x1ce0 [ 314.218236][ T9603] ? __pfx___schedule+0x10/0x10 [ 314.218316][ T9603] ? mm_get_unmapped_area+0x95/0xe0 [ 314.218361][ T9603] mmap_region+0x1ab/0x3f0 [ 314.218402][ T9603] ? __get_unmapped_area+0x267/0x440 [ 314.218443][ T9603] do_mmap+0xa3e/0x1210 [ 314.218487][ T9603] ? __pfx_do_mmap+0x10/0x10 [ 314.218524][ T9603] ? __pfx_down_write_killable+0x10/0x10 [ 314.218549][ T9603] ? find_held_lock+0x2b/0x80 [ 314.218580][ T9603] vm_mmap_pgoff+0x29e/0x470 [ 314.218623][ T9603] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 314.218656][ T9603] ? __do_sys_ustat+0x126/0x1f0 [ 314.218692][ T9603] ? __pfx___do_sys_ustat+0x10/0x10 [ 314.218735][ T9603] ? __x64_sys_futex+0x1e0/0x4c0 [ 314.218766][ T9603] ? __x64_sys_futex+0x1e9/0x4c0 [ 314.218803][ T9603] ksys_mmap_pgoff+0x7d/0x5c0 [ 314.218836][ T9603] ? xfd_validate_state+0x61/0x180 [ 314.218878][ T9603] __x64_sys_mmap+0x125/0x190 [ 314.218919][ T9603] do_syscall_64+0xcd/0x4c0 [ 314.218945][ T9603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.218971][ T9603] RIP: 0033:0x7f15beb8eba9 [ 314.218993][ T9603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.219018][ T9603] RSP: 002b:00007f15bfa62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 314.219043][ T9603] RAX: ffffffffffffffda RBX: 00007f15bedd5fa0 RCX: 00007f15beb8eba9 [ 314.219061][ T9603] RDX: 00004000000000df RSI: 0000000000020005 RDI: 0000040000000000 [ 314.219079][ T9603] RBP: 00007f15bec11e19 R08: 0000000000000008 R09: 0000000000008000 [ 314.219095][ T9603] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 314.219111][ T9603] R13: 00007f15bedd6038 R14: 00007f15bedd5fa0 R15: 00007ffe6ab4dcd8 [ 314.219148][ T9603] [ 315.072164][ T9611] : Can't lookup blockdev [ 315.146158][ T30] audit: type=1800 audit(4294967341.771:24): pid=9614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.855" name="features" dev="configfs" ino=24232 res=0 errno=0 [ 315.585368][ T9620] netlink: 28 bytes leftover after parsing attributes in process `syz.1.861'. [ 316.416242][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.424838][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.151663][ T9643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.869'. [ 317.180111][ T9644] random: crng reseeded on system resumption [ 317.563892][ T9643] bond_slave_1: entered allmulticast mode [ 318.015660][ T9655] FAULT_INJECTION: forcing a failure. [ 318.015660][ T9655] name failslab, interval 1, probability 0, space 0, times 0 [ 318.064174][ T9651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 318.065448][ T9655] CPU: 1 UID: 0 PID: 9655 Comm: syz.2.872 Tainted: G U syzkaller #0 PREEMPT(full) [ 318.065488][ T9655] Tainted: [U]=USER [ 318.065497][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 318.065512][ T9655] Call Trace: [ 318.065520][ T9655] [ 318.065530][ T9655] dump_stack_lvl+0x16c/0x1f0 [ 318.065573][ T9655] should_fail_ex+0x512/0x640 [ 318.065610][ T9655] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 318.065645][ T9655] should_failslab+0xc2/0x120 [ 318.065679][ T9655] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 318.065709][ T9655] ? __pfx_apparmor_file_open+0x10/0x10 [ 318.065736][ T9655] ? seq_open+0x55/0x170 [ 318.065775][ T9655] seq_open+0x55/0x170 [ 318.065810][ T9655] dyn_event_open+0xb5/0x100 [ 318.065836][ T9655] do_dentry_open+0x97f/0x1530 [ 318.065867][ T9655] ? __pfx_dyn_event_open+0x10/0x10 [ 318.065899][ T9655] vfs_open+0x82/0x3f0 [ 318.065939][ T9655] path_openat+0x1de4/0x2cb0 [ 318.065992][ T9655] ? __pfx_path_openat+0x10/0x10 [ 318.066031][ T9655] do_filp_open+0x20b/0x470 [ 318.066062][ T9655] ? __pfx_do_filp_open+0x10/0x10 [ 318.066117][ T9655] ? alloc_fd+0x471/0x7d0 [ 318.066155][ T9655] do_sys_openat2+0x11b/0x1d0 [ 318.066191][ T9655] ? __pfx_do_sys_openat2+0x10/0x10 [ 318.066241][ T9655] __x64_sys_openat+0x174/0x210 [ 318.066264][ T9655] ? __pfx___x64_sys_openat+0x10/0x10 [ 318.066301][ T9655] do_syscall_64+0xcd/0x4c0 [ 318.066325][ T9655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.066351][ T9655] RIP: 0033:0x7f9d2078eba9 [ 318.066371][ T9655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.066396][ T9655] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 318.066420][ T9655] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 318.066437][ T9655] RDX: 0000000000000001 RSI: 0000200000000bc0 RDI: ffffffffffffff9c [ 318.066453][ T9655] RBP: 00007f9d20811e19 R08: 0000000000000000 R09: 0000000000000000 [ 318.066469][ T9655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 318.066484][ T9655] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 318.066517][ T9655] [ 318.302466][ T9651] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 318.312018][ T9651] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 318.321761][ T9651] page_type: f5(slab) [ 318.326177][ T9651] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 318.335908][ T9651] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 318.345683][ T9651] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 318.373776][ T9651] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 318.404159][ T9651] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 318.451454][ T9651] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 318.476686][ T9651] page dumped because: unmovable page [ 318.493074][ T9651] page_owner tracks the page as allocated [ 318.526356][ T9651] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 318.549203][ C0] vkms_vblank_simulate: vblank timer overrun [ 318.571075][ T9659] ptrace attach of "./syz-executor exec"[9661] was attempted by "./syz-executor exec"[9659] [ 318.602121][ T9651] post_alloc_hook+0x1c0/0x230 [ 318.651460][ T9651] get_page_from_freelist+0x132b/0x38e0 [ 318.677665][ T9651] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 318.695982][ T9666] netlink: 346 bytes leftover after parsing attributes in process `syz.4.874'. [ 318.728794][ T9651] alloc_pages_mpol+0x1fb/0x550 [ 318.733789][ T9651] new_slab+0x247/0x330 [ 318.741429][ T9651] ___slab_alloc+0xcf2/0x1750 [ 318.751733][ T9651] __slab_alloc.constprop.0+0x56/0xb0 [ 318.797063][ T9651] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 318.809363][ T9651] alloc_inode+0xc3/0x240 [ 318.826754][ T9651] iget_locked+0x2e4/0x830 [ 318.840899][ T9651] kernfs_get_inode+0x48/0x460 [ 318.854672][ T9651] kernfs_iop_lookup+0x1a7/0x2d0 [ 318.870052][ T9651] lookup_open.isra.0+0x4da/0x1580 [ 318.875504][ T9651] path_openat+0x893/0x2cb0 [ 318.888052][ T9651] do_filp_open+0x20b/0x470 [ 318.904083][ T9651] do_sys_openat2+0x11b/0x1d0 [ 318.908817][ T9651] page last free pid 1 tgid 1 stack trace: [ 318.935058][ T9651] __free_frozen_pages+0x7d5/0x10f0 [ 318.965327][ T9651] free_contig_range+0x183/0x4b0 [ 318.983105][ T9651] destroy_args+0x794/0xc10 [ 319.005286][ T9651] debug_vm_pgtable+0x1a32/0x3640 [ 319.024246][ T9651] do_one_initcall+0x120/0x6e0 [ 319.044867][ T9651] kernel_init_freeable+0x5c2/0x910 [ 319.079755][ T9651] kernel_init+0x1c/0x2b0 [ 319.084161][ T9651] ret_from_fork+0x56d/0x730 [ 319.088801][ T9651] ret_from_fork_asm+0x1a/0x30 [ 319.985273][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.0.879'. [ 320.335515][ T9686] delete_channel: no stack [ 321.144364][ T9690] netlink: 'syz.1.882': attribute type 1 has an invalid length. [ 321.494132][ T5875] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 321.494166][ T5875] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 321.509459][ T5875] Bluetooth: hci0: Dropping invalid advertising data [ 321.516653][ T5875] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 321.516701][ T5875] Bluetooth: hci0: Malformed LE Event: 0x02 [ 323.589963][ T9735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 323.626081][ T9735] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 323.669523][ T9735] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 323.725653][ T9735] page_type: f5(slab) [ 323.729726][ T9735] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 323.774701][ T9735] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 323.845212][ T9735] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 323.897627][ T9735] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 323.986944][ T9735] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 324.082636][ T9735] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 324.120984][ T9735] page dumped because: unmovable page [ 324.205741][ T9735] page_owner tracks the page as allocated [ 324.242822][ T9735] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 324.353973][ T9737] netlink: 8 bytes leftover after parsing attributes in process `syz.4.891'. [ 324.372223][ T9735] post_alloc_hook+0x1c0/0x230 [ 324.408524][ T9735] get_page_from_freelist+0x132b/0x38e0 [ 324.452948][ T9735] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 324.458921][ T9735] alloc_pages_mpol+0x1fb/0x550 [ 324.532321][ T9735] new_slab+0x247/0x330 [ 324.536549][ T9735] ___slab_alloc+0xcf2/0x1750 [ 324.561222][ T9735] __slab_alloc.constprop.0+0x56/0xb0 [ 324.567517][ T9735] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 324.583618][ T9735] alloc_inode+0xc3/0x240 [ 324.594820][ T9735] iget_locked+0x2e4/0x830 [ 324.607325][ T9735] kernfs_get_inode+0x48/0x460 [ 324.622244][ T9735] kernfs_iop_lookup+0x1a7/0x2d0 [ 324.634366][ T9735] lookup_open.isra.0+0x4da/0x1580 [ 324.645417][ T9735] path_openat+0x893/0x2cb0 [ 324.659043][ T9735] do_filp_open+0x20b/0x470 [ 324.671860][ T9735] do_sys_openat2+0x11b/0x1d0 [ 324.683307][ T9735] page last free pid 1 tgid 1 stack trace: [ 324.696944][ T9735] __free_frozen_pages+0x7d5/0x10f0 [ 324.710361][ T9735] free_contig_range+0x183/0x4b0 [ 324.720580][ T9735] destroy_args+0x794/0xc10 [ 324.732184][ T9735] debug_vm_pgtable+0x1a32/0x3640 [ 324.746158][ T9735] do_one_initcall+0x120/0x6e0 [ 324.758282][ T9735] kernel_init_freeable+0x5c2/0x910 [ 324.771556][ T9735] kernel_init+0x1c/0x2b0 [ 324.782633][ T9735] ret_from_fork+0x56d/0x730 [ 324.793093][ T9735] ret_from_fork_asm+0x1a/0x30 [ 325.107786][ T9768] netlink: 16 bytes leftover after parsing attributes in process `syz.2.902'. [ 325.387154][ T9765] : Can't lookup blockdev [ 325.517976][ T30] audit: type=1800 audit(4294967352.195:25): pid=9771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.901" name="features" dev="configfs" ino=25144 res=0 errno=0 [ 326.812866][ T9777] kexec: Could not allocate control_code_buffer [ 327.263759][ T30] audit: type=1804 audit(4294967353.934:26): pid=9815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.912" name="/newroot/65/file0" dev="tmpfs" ino=364 res=1 errno=0 [ 327.447426][ T30] audit: type=1804 audit(4294967354.125:27): pid=9806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.912" name="/newroot/65/file0" dev="tmpfs" ino=364 res=1 errno=0 [ 328.162177][ T9833] netlink: 8 bytes leftover after parsing attributes in process `syz.4.919'. [ 328.523194][ T9840] block2mtd: device name too long [ 329.357704][ T9841] syz.1.921 (9841) used greatest stack depth: 19752 bytes left [ 331.872003][ T9903] netlink: 28 bytes leftover after parsing attributes in process `syz.4.937'. [ 332.387282][ T9907] FAULT_INJECTION: forcing a failure. [ 332.387282][ T9907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.416165][ T9905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.939'. [ 332.520180][ T9907] CPU: 0 UID: 0 PID: 9907 Comm: syz.4.937 Tainted: G U syzkaller #0 PREEMPT(full) [ 332.520220][ T9907] Tainted: [U]=USER [ 332.520228][ T9907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 332.520241][ T9907] Call Trace: [ 332.520249][ T9907] [ 332.520259][ T9907] dump_stack_lvl+0x16c/0x1f0 [ 332.520300][ T9907] should_fail_ex+0x512/0x640 [ 332.520340][ T9907] _copy_from_user+0x2e/0xd0 [ 332.520368][ T9907] copy_msghdr_from_user+0x98/0x160 [ 332.520404][ T9907] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 332.520445][ T9907] ? __pfx__kstrtoull+0x10/0x10 [ 332.520483][ T9907] ___sys_sendmsg+0xfe/0x1d0 [ 332.520520][ T9907] ? __pfx____sys_sendmsg+0x10/0x10 [ 332.520571][ T9907] ? find_held_lock+0x2b/0x80 [ 332.520628][ T9907] __sys_sendmmsg+0x200/0x420 [ 332.520667][ T9907] ? __pfx___sys_sendmmsg+0x10/0x10 [ 332.520714][ T9907] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 332.520764][ T9907] ? fput+0x9b/0xd0 [ 332.520797][ T9907] ? ksys_write+0x1ac/0x250 [ 332.520823][ T9907] ? __pfx_ksys_write+0x10/0x10 [ 332.520856][ T9907] __x64_sys_sendmmsg+0x9c/0x100 [ 332.520889][ T9907] ? lockdep_hardirqs_on+0x7c/0x110 [ 332.520923][ T9907] do_syscall_64+0xcd/0x4c0 [ 332.520948][ T9907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.520971][ T9907] RIP: 0033:0x7f315038eba9 [ 332.520991][ T9907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.521014][ T9907] RSP: 002b:00007f3151255038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 332.521037][ T9907] RAX: ffffffffffffffda RBX: 00007f31505d6090 RCX: 00007f315038eba9 [ 332.521053][ T9907] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 332.521067][ T9907] RBP: 00007f3151255090 R08: 0000000000000000 R09: 0000000000000000 [ 332.521082][ T9907] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 332.521096][ T9907] R13: 00007f31505d6128 R14: 00007f31505d6090 R15: 00007ffc270bec58 [ 332.521130][ T9907] [ 332.729191][ C0] vkms_vblank_simulate: vblank timer overrun [ 334.239059][ T9926] FAULT_INJECTION: forcing a failure. [ 334.239059][ T9926] name failslab, interval 1, probability 0, space 0, times 0 [ 334.309122][ T9926] CPU: 0 UID: 0 PID: 9926 Comm: syz.1.946 Tainted: G U syzkaller #0 PREEMPT(full) [ 334.309166][ T9926] Tainted: [U]=USER [ 334.309175][ T9926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 334.309191][ T9926] Call Trace: [ 334.309200][ T9926] [ 334.309210][ T9926] dump_stack_lvl+0x16c/0x1f0 [ 334.309253][ T9926] should_fail_ex+0x512/0x640 [ 334.309291][ T9926] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 334.309326][ T9926] should_failslab+0xc2/0x120 [ 334.309358][ T9926] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 334.309389][ T9926] ? sk_prot_alloc+0x60/0x2a0 [ 334.309422][ T9926] sk_prot_alloc+0x60/0x2a0 [ 334.309452][ T9926] sk_alloc+0x36/0xc20 [ 334.309489][ T9926] inet6_create+0x381/0x12b0 [ 334.309521][ T9926] ? inet6_create+0x7f/0x12b0 [ 334.309551][ T9926] __sock_create+0x335/0x8d0 [ 334.309585][ T9926] smc_create_clcsk+0x37/0xd0 [ 334.309622][ T9926] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 334.309646][ T9926] inet6_create+0xb30/0x12b0 [ 334.309678][ T9926] ? inet6_create+0x7f/0x12b0 [ 334.309710][ T9926] __sock_create+0x335/0x8d0 [ 334.309746][ T9926] __sys_socket+0x14d/0x260 [ 334.309776][ T9926] ? __pfx___sys_socket+0x10/0x10 [ 334.309806][ T9926] ? xfd_validate_state+0x61/0x180 [ 334.309841][ T9926] ? __pfx___do_sys_prctl+0x10/0x10 [ 334.309887][ T9926] __x64_sys_socket+0x72/0xb0 [ 334.309915][ T9926] ? lockdep_hardirqs_on+0x7c/0x110 [ 334.309951][ T9926] do_syscall_64+0xcd/0x4c0 [ 334.309977][ T9926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.309998][ T9926] RIP: 0033:0x7f15beb8eba9 [ 334.310017][ T9926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.310041][ T9926] RSP: 002b:00007f15bfa62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 334.310064][ T9926] RAX: ffffffffffffffda RBX: 00007f15bedd5fa0 RCX: 00007f15beb8eba9 [ 334.310078][ T9926] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 000000000000000a [ 334.310092][ T9926] RBP: 00007f15bec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 334.310107][ T9926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.310121][ T9926] R13: 00007f15bedd6038 R14: 00007f15bedd5fa0 R15: 00007ffe6ab4dcd8 [ 334.310149][ T9926] [ 334.531940][ C0] vkms_vblank_simulate: vblank timer overrun [ 334.559517][ T9932] netlink: 146 bytes leftover after parsing attributes in process `syz.0.948'. [ 335.554702][ T9950] random: crng reseeded on system resumption [ 335.754207][ T9948] : Can't lookup blockdev [ 335.870974][ T30] audit: type=1800 audit(4294967362.579:28): pid=9952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.952" name="features" dev="configfs" ino=25464 res=0 errno=0 [ 337.044215][ T9976] ======================================================= [ 337.044215][ T9976] WARNING: The mand mount option has been deprecated and [ 337.044215][ T9976] and is ignored by this kernel. Remove the mand [ 337.044215][ T9976] option from the mount to silence this warning. [ 337.044215][ T9976] ======================================================= [ 338.212313][T10003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 338.236076][T10003] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 338.309827][T10003] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 338.365935][T10003] page_type: f5(slab) [ 338.377758][T10003] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 338.492833][T10003] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 338.506376][T10003] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 338.560714][T10003] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 338.683768][T10003] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 338.707721][T10003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 338.756112][T10003] page dumped because: unmovable page [ 338.766234][T10013] random: crng reseeded on system resumption [ 338.782971][T10003] page_owner tracks the page as allocated [ 338.800464][T10003] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 338.846412][T10003] post_alloc_hook+0x1c0/0x230 [ 338.859484][T10003] get_page_from_freelist+0x132b/0x38e0 [ 338.884865][T10003] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 338.934578][T10003] alloc_pages_mpol+0x1fb/0x550 [ 338.940182][T10003] new_slab+0x247/0x330 [ 338.944378][T10003] ___slab_alloc+0xcf2/0x1750 [ 338.950256][T10003] __slab_alloc.constprop.0+0x56/0xb0 [ 339.009545][T10003] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 339.085759][T10003] alloc_inode+0xc3/0x240 [ 339.090982][T10003] iget_locked+0x2e4/0x830 [ 339.095415][T10003] kernfs_get_inode+0x48/0x460 [ 339.116924][T10003] kernfs_iop_lookup+0x1a7/0x2d0 [ 339.141390][T10003] lookup_open.isra.0+0x4da/0x1580 [ 339.168105][T10003] path_openat+0x893/0x2cb0 [ 339.190846][T10003] do_filp_open+0x20b/0x470 [ 339.205131][T10003] do_sys_openat2+0x11b/0x1d0 [ 339.226741][T10003] page last free pid 1 tgid 1 stack trace: [ 339.232705][T10003] __free_frozen_pages+0x7d5/0x10f0 [ 339.275373][T10003] free_contig_range+0x183/0x4b0 [ 339.280968][T10003] destroy_args+0x794/0xc10 [ 339.300154][T10003] debug_vm_pgtable+0x1a32/0x3640 [ 339.308612][T10003] do_one_initcall+0x120/0x6e0 [ 339.313427][T10003] kernel_init_freeable+0x5c2/0x910 [ 339.324386][T10003] kernel_init+0x1c/0x2b0 [ 339.339386][T10003] ret_from_fork+0x56d/0x730 [ 339.355814][T10003] ret_from_fork_asm+0x1a/0x30 [ 339.644326][T10029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 339.668149][T10029] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 339.702740][T10029] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 339.716868][T10029] page_type: f5(slab) [ 339.720904][T10029] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 339.780865][T10029] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 339.801493][T10029] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 339.810737][T10029] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 339.820068][T10029] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 339.829588][T10029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 339.838646][T10029] page dumped because: unmovable page [ 339.844640][T10029] page_owner tracks the page as allocated [ 339.850454][T10029] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 339.876742][T10029] post_alloc_hook+0x1c0/0x230 [ 339.892587][T10029] get_page_from_freelist+0x132b/0x38e0 [ 339.898812][T10029] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 339.906025][T10029] alloc_pages_mpol+0x1fb/0x550 [ 339.911075][T10029] new_slab+0x247/0x330 [ 339.915815][T10029] ___slab_alloc+0xcf2/0x1750 [ 339.920695][T10029] __slab_alloc.constprop.0+0x56/0xb0 [ 339.927372][T10029] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 339.933911][T10029] alloc_inode+0xc3/0x240 [ 339.938552][T10029] iget_locked+0x2e4/0x830 [ 339.943577][T10029] kernfs_get_inode+0x48/0x460 [ 339.948669][T10029] kernfs_iop_lookup+0x1a7/0x2d0 [ 339.954616][T10029] lookup_open.isra.0+0x4da/0x1580 [ 339.959988][T10029] path_openat+0x893/0x2cb0 [ 339.965004][T10029] do_filp_open+0x20b/0x470 [ 339.969678][T10029] do_sys_openat2+0x11b/0x1d0 [ 339.978529][T10029] page last free pid 1 tgid 1 stack trace: [ 339.994335][T10029] __free_frozen_pages+0x7d5/0x10f0 [ 340.020811][T10029] free_contig_range+0x183/0x4b0 [ 340.036889][T10029] destroy_args+0x794/0xc10 [ 340.052201][T10029] debug_vm_pgtable+0x1a32/0x3640 [ 340.075917][T10029] do_one_initcall+0x120/0x6e0 [ 340.205669][T10029] kernel_init_freeable+0x5c2/0x910 [ 340.238383][T10029] kernel_init+0x1c/0x2b0 [ 340.269730][T10029] ret_from_fork+0x56d/0x730 [ 340.274543][T10029] ret_from_fork_asm+0x1a/0x30 [ 340.343180][T10033] netlink: 346 bytes leftover after parsing attributes in process `syz.2.975'. [ 346.084691][T10194] FAULT_INJECTION: forcing a failure. [ 346.084691][T10194] name failslab, interval 1, probability 0, space 0, times 0 [ 346.134891][T10194] CPU: 0 UID: 0 PID: 10194 Comm: syz.2.1004 Tainted: G U syzkaller #0 PREEMPT(full) [ 346.134933][T10194] Tainted: [U]=USER [ 346.134942][T10194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 346.134957][T10194] Call Trace: [ 346.134965][T10194] [ 346.134975][T10194] dump_stack_lvl+0x16c/0x1f0 [ 346.135029][T10194] should_fail_ex+0x512/0x640 [ 346.135069][T10194] ? fs_reclaim_acquire+0xae/0x150 [ 346.135111][T10194] should_failslab+0xc2/0x120 [ 346.135147][T10194] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 346.135190][T10194] ? security_inode_alloc+0x3b/0x2b0 [ 346.135225][T10194] security_inode_alloc+0x3b/0x2b0 [ 346.135256][T10194] inode_init_always_gfp+0xce4/0x1030 [ 346.135292][T10194] alloc_inode+0x86/0x240 [ 346.135328][T10194] sock_alloc+0x40/0x280 [ 346.135354][T10194] sock_create_lite+0x82/0x120 [ 346.135382][T10194] __netlink_kernel_create+0xbd/0x750 [ 346.135424][T10194] ? __pfx___netlink_kernel_create+0x10/0x10 [ 346.135474][T10194] uevent_net_init+0xf8/0x350 [ 346.135501][T10194] ? __pfx_uevent_net_init+0x10/0x10 [ 346.135531][T10194] ? __pfx_uevent_net_rcv+0x10/0x10 [ 346.135569][T10194] ? __pfx_uevent_net_init+0x10/0x10 [ 346.135595][T10194] ops_init+0x1e2/0x5f0 [ 346.135623][T10194] setup_net+0x10f/0x380 [ 346.135644][T10194] ? lockdep_init_map_type+0x5c/0x280 [ 346.135679][T10194] ? __pfx_setup_net+0x10/0x10 [ 346.135705][T10194] ? debug_mutex_init+0x37/0x70 [ 346.135735][T10194] copy_net_ns+0x2a6/0x5f0 [ 346.135766][T10194] create_new_namespaces+0x3ea/0xa90 [ 346.135804][T10194] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 346.135841][T10194] ksys_unshare+0x45b/0xa40 [ 346.135877][T10194] ? __pfx_ksys_unshare+0x10/0x10 [ 346.135915][T10194] ? xfd_validate_state+0x61/0x180 [ 346.135962][T10194] __x64_sys_unshare+0x31/0x40 [ 346.135997][T10194] do_syscall_64+0xcd/0x4c0 [ 346.136023][T10194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.136049][T10194] RIP: 0033:0x7f9d2078eba9 [ 346.136072][T10194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.136097][T10194] RSP: 002b:00007f9d2162c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 346.136123][T10194] RAX: ffffffffffffffda RBX: 00007f9d209d5fa0 RCX: 00007f9d2078eba9 [ 346.136142][T10194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 346.136157][T10194] RBP: 00007f9d20811e19 R08: 0000000000000000 R09: 0000000000000000 [ 346.136185][T10194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 346.136201][T10194] R13: 00007f9d209d6038 R14: 00007f9d209d5fa0 R15: 00007ffc70bc7338 [ 346.136237][T10194] [ 346.136360][T10194] kobject_uevent: unable to create netlink socket! [ 346.428716][T10199] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1004'. [ 346.697734][T10206] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1007'. [ 346.786336][T10204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 346.827021][T10204] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 346.855463][T10204] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 346.875836][T10204] page_type: f5(slab) [ 346.879878][T10204] raw: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 346.943052][T10204] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 347.008817][T10204] head: 00fff00000000040 ffff88801ce9a8c0 dead000000000122 0000000000000000 [ 347.133289][T10204] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 347.210236][T10204] head: 00fff00000000002 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 347.228291][T10204] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 347.263164][T10204] page dumped because: unmovable page [ 347.271391][T10204] page_owner tracks the page as allocated [ 347.279260][T10204] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5235, tgid 5235 (udevadm), ts 34450951158, free_ts 28605460247 [ 347.302947][T10204] post_alloc_hook+0x1c0/0x230 [ 347.307843][T10204] get_page_from_freelist+0x132b/0x38e0 [ 347.314055][T10204] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 347.320076][T10204] alloc_pages_mpol+0x1fb/0x550 [ 347.325628][T10204] new_slab+0x247/0x330 [ 347.329912][T10204] ___slab_alloc+0xcf2/0x1750 [ 347.335306][T10204] __slab_alloc.constprop.0+0x56/0xb0 [ 347.341193][T10204] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 347.347791][T10204] alloc_inode+0xc3/0x240 [ 347.352252][T10204] iget_locked+0x2e4/0x830 [ 347.357482][T10204] kernfs_get_inode+0x48/0x460 [ 347.362372][T10204] kernfs_iop_lookup+0x1a7/0x2d0 [ 347.368354][T10204] lookup_open.isra.0+0x4da/0x1580 [ 347.375083][T10204] path_openat+0x893/0x2cb0 [ 347.379866][T10204] do_filp_open+0x20b/0x470 [ 347.384879][T10204] do_sys_openat2+0x11b/0x1d0 [ 347.389700][T10204] page last free pid 1 tgid 1 stack trace: [ 347.426538][T10204] __free_frozen_pages+0x7d5/0x10f0 [ 347.450048][T10204] free_contig_range+0x183/0x4b0 [ 347.467483][T10204] destroy_args+0x794/0xc10 [ 347.479030][T10204] debug_vm_pgtable+0x1a32/0x3640 [ 347.486922][T10204] do_one_initcall+0x120/0x6e0 [ 347.510968][T10204] kernel_init_freeable+0x5c2/0x910 [ 347.539594][T10204] kernel_init+0x1c/0x2b0 [ 347.592793][T10204] ret_from_fork+0x56d/0x730 [ 347.674964][T10204] ret_from_fork_asm+0x1a/0x30 [ 348.251598][T10232] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1014'. [ 348.730030][T10238] FAULT_INJECTION: forcing a failure. [ 348.730030][T10238] name failslab, interval 1, probability 0, space 0, times 0 [ 348.746292][T10238] CPU: 1 UID: 0 PID: 10238 Comm: syz.4.1018 Tainted: G U syzkaller #0 PREEMPT(full) [ 348.746335][T10238] Tainted: [U]=USER [ 348.746343][T10238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 348.746359][T10238] Call Trace: [ 348.746368][T10238] [ 348.746378][T10238] dump_stack_lvl+0x16c/0x1f0 [ 348.746423][T10238] should_fail_ex+0x512/0x640 [ 348.746463][T10238] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 348.746495][T10238] should_failslab+0xc2/0x120 [ 348.746528][T10238] __kmalloc_cache_noprof+0x6a/0x3e0 [ 348.746553][T10238] ? snd_mixer_oss_put_volume1_sw.constprop.0.isra.0+0x305/0x610 [ 348.746584][T10238] ? snd_mixer_oss_put_volume1_sw.constprop.0.isra.0+0x3b3/0x610 [ 348.746613][T10238] ? snd_mixer_oss_put_volume1_sw.constprop.0.isra.0+0xa4/0x610 [ 348.746648][T10238] snd_mixer_oss_put_volume1_sw.constprop.0.isra.0+0xa4/0x610 [ 348.746680][T10238] snd_mixer_oss_put_recsrc1_sw+0x87/0xc0 [ 348.746706][T10238] snd_mixer_oss_ioctl1+0xb52/0x1e40 [ 348.746734][T10238] ? lockdep_hardirqs_on+0x7c/0x110 [ 348.746771][T10238] ? __pfx_snd_mixer_oss_put_recsrc1_sw+0x10/0x10 [ 348.746799][T10238] ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10 [ 348.746824][T10238] ? tomoyo_path_number_perm+0x295/0x580 [ 348.746863][T10238] ? tomoyo_path_number_perm+0x18d/0x580 [ 348.746899][T10238] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 348.746949][T10238] snd_mixer_oss_ioctl_card+0x102/0x170 [ 348.746976][T10238] ? __pfx_snd_mixer_oss_ioctl_card+0x10/0x10 [ 348.747014][T10238] snd_pcm_oss_ioctl+0x137c/0x37a0 [ 348.747045][T10238] ? find_held_lock+0x2b/0x80 [ 348.747071][T10238] ? hook_file_ioctl_common+0x145/0x410 [ 348.747107][T10238] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 348.747142][T10238] ? __fget_files+0x20e/0x3c0 [ 348.747178][T10238] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 348.747220][T10238] __x64_sys_ioctl+0x18b/0x210 [ 348.747264][T10238] do_syscall_64+0xcd/0x4c0 [ 348.747291][T10238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.747317][T10238] RIP: 0033:0x7f315038eba9 [ 348.747338][T10238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.747365][T10238] RSP: 002b:00007f3151276038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 348.747390][T10238] RAX: ffffffffffffffda RBX: 00007f31505d5fa0 RCX: 00007f315038eba9 [ 348.747409][T10238] RDX: 0000000000000000 RSI: 00000000c0044dff RDI: 0000000000000002 [ 348.747425][T10238] RBP: 00007f3150411e19 R08: 0000000000000000 R09: 0000000000000000 [ 348.747441][T10238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.747458][T10238] R13: 00007f31505d6038 R14: 00007f31505d5fa0 R15: 00007ffc270bec58 [ 348.747492][T10238] [ 351.870659][T10299] FAULT_INJECTION: forcing a failure. [ 351.870659][T10299] name failslab, interval 1, probability 0, space 0, times 0 [ 351.883646][T10299] CPU: 0 UID: 0 PID: 10299 Comm: syz.2.1030 Tainted: G U syzkaller #0 PREEMPT(full) [ 351.883676][T10299] Tainted: [U]=USER [ 351.883680][T10299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 351.883688][T10299] Call Trace: [ 351.883694][T10299] [ 351.883699][T10299] dump_stack_lvl+0x16c/0x1f0 [ 351.883725][T10299] should_fail_ex+0x512/0x640 [ 351.883746][T10299] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 351.883763][T10299] should_failslab+0xc2/0x120 [ 351.883781][T10299] __kmalloc_cache_noprof+0x6a/0x3e0 [ 351.883795][T10299] ? rcu_is_watching+0x12/0xc0 [ 351.883809][T10299] ? s_start+0x7b/0x320 [ 351.883836][T10299] s_start+0x7b/0x320 [ 351.883857][T10299] traverse.part.0.constprop.0+0xac/0x640 [ 351.883872][T10299] ? aa_file_perm+0x28f/0x12e0 [ 351.883897][T10299] seq_read_iter+0x932/0x12c0 [ 351.883913][T10299] ? __pfx_aa_file_perm+0x10/0x10 [ 351.883936][T10299] seq_read+0x3a3/0x570 [ 351.883949][T10299] ? __pfx_seq_read+0x10/0x10 [ 351.883963][T10299] ? get_pid_task+0xfc/0x250 [ 351.883991][T10299] ? rw_verify_area+0xcf/0x6c0 [ 351.884004][T10299] ? __pfx_seq_read+0x10/0x10 [ 351.884018][T10299] vfs_read+0x1e1/0xcf0 [ 351.884037][T10299] ? __pfx_vfs_read+0x10/0x10 [ 351.884051][T10299] ? find_held_lock+0x2b/0x80 [ 351.884065][T10299] ? __fget_files+0x204/0x3c0 [ 351.884086][T10299] ? __fget_files+0x20e/0x3c0 [ 351.884099][T10299] ? __fget_files+0x1d0/0x3c0 [ 351.884118][T10299] __x64_sys_pread64+0x1eb/0x250 [ 351.884135][T10299] ? __pfx___x64_sys_pread64+0x10/0x10 [ 351.884158][T10299] do_syscall_64+0xcd/0x4c0 [ 351.884171][T10299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.884185][T10299] RIP: 0033:0x7f9d2078eba9 [ 351.884197][T10299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.884210][T10299] RSP: 002b:00007f9d215c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 351.884224][T10299] RAX: ffffffffffffffda RBX: 00007f9d209d6270 RCX: 00007f9d2078eba9 [ 351.884234][T10299] RDX: 0000000073528428 RSI: 0000200000002680 RDI: 0000000000000004 [ 351.884242][T10299] RBP: 00007f9d215c9090 R08: 0000000000000000 R09: 0000000000000000 [ 351.884250][T10299] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 351.884258][T10299] R13: 00007f9d209d6308 R14: 00007f9d209d6270 R15: 00007ffc70bc7338 [ 351.884276][T10299] [ 351.884283][T10299] [ 352.121078][T10299] ===================================== [ 352.126611][T10299] WARNING: bad unlock balance detected! [ 352.132151][T10299] syzkaller #0 Tainted: G U [ 352.138116][T10299] ------------------------------------- [ 352.143639][T10299] syz.2.1030/10299 is trying to release lock (event_mutex) at: [ 352.151176][T10299] [] traverse.part.0.constprop.0+0x2c0/0x640 [ 352.159420][T10299] but there are no more locks to release! [ 352.165118][T10299] [ 352.165118][T10299] other info that might help us debug this: [ 352.173161][T10299] 1 lock held by syz.2.1030/10299: [ 352.178258][T10299] #0: ffff88807588ac30 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0 [ 352.187227][T10299] [ 352.187227][T10299] stack backtrace: [ 352.193108][T10299] CPU: 0 UID: 0 PID: 10299 Comm: syz.2.1030 Tainted: G U syzkaller #0 PREEMPT(full) [ 352.193138][T10299] Tainted: [U]=USER [ 352.193144][T10299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 352.193156][T10299] Call Trace: [ 352.193163][T10299] [ 352.193170][T10299] dump_stack_lvl+0x116/0x1f0 [ 352.193203][T10299] ? traverse.part.0.constprop.0+0x2c0/0x640 [ 352.193225][T10299] print_unlock_imbalance_bug+0x11b/0x130 [ 352.193250][T10299] ? traverse.part.0.constprop.0+0x2c0/0x640 [ 352.193270][T10299] lock_release+0x242/0x2f0 [ 352.193296][T10299] __mutex_unlock_slowpath+0xa2/0x7b0 [ 352.193327][T10299] ? rcu_is_watching+0x12/0xc0 [ 352.193347][T10299] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 352.193376][T10299] ? __kmalloc_cache_noprof+0x249/0x3e0 [ 352.193397][T10299] ? rcu_is_watching+0x12/0xc0 [ 352.193417][T10299] ? kfree+0x24f/0x4d0 [ 352.193435][T10299] ? s_start+0x28c/0x320 [ 352.193462][T10299] traverse.part.0.constprop.0+0x2c0/0x640 [ 352.193483][T10299] ? aa_file_perm+0x28f/0x12e0 [ 352.193515][T10299] seq_read_iter+0x932/0x12c0 [ 352.193536][T10299] ? __pfx_aa_file_perm+0x10/0x10 [ 352.193566][T10299] seq_read+0x3a3/0x570 [ 352.193584][T10299] ? __pfx_seq_read+0x10/0x10 [ 352.193603][T10299] ? get_pid_task+0xfc/0x250 [ 352.193642][T10299] ? rw_verify_area+0xcf/0x6c0 [ 352.193661][T10299] ? __pfx_seq_read+0x10/0x10 [ 352.193680][T10299] vfs_read+0x1e1/0xcf0 [ 352.193703][T10299] ? __pfx_vfs_read+0x10/0x10 [ 352.193724][T10299] ? find_held_lock+0x2b/0x80 [ 352.193743][T10299] ? __fget_files+0x204/0x3c0 [ 352.193766][T10299] ? __fget_files+0x20e/0x3c0 [ 352.193786][T10299] ? __fget_files+0x1d0/0x3c0 [ 352.193809][T10299] __x64_sys_pread64+0x1eb/0x250 [ 352.193833][T10299] ? __pfx___x64_sys_pread64+0x10/0x10 [ 352.193861][T10299] do_syscall_64+0xcd/0x4c0 [ 352.193879][T10299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.193900][T10299] RIP: 0033:0x7f9d2078eba9 [ 352.193916][T10299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.193935][T10299] RSP: 002b:00007f9d215c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 352.193955][T10299] RAX: ffffffffffffffda RBX: 00007f9d209d6270 RCX: 00007f9d2078eba9 [ 352.193968][T10299] RDX: 0000000073528428 RSI: 0000200000002680 RDI: 0000000000000004 [ 352.193981][T10299] RBP: 00007f9d215c9090 R08: 0000000000000000 R09: 0000000000000000 [ 352.193994][T10299] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 352.194006][T10299] R13: 00007f9d209d6308 R14: 00007f9d209d6270 R15: 00007ffc70bc7338 [ 352.194025][T10299] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 353.425564][T10108] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.545999][T10108] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.766434][T10108] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.014352][T10108] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.223424][T10108] bridge_slave_1: left allmulticast mode [ 354.230682][T10108] bridge_slave_1: left promiscuous mode [ 354.236549][T10108] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.245411][T10108] bridge_slave_0: left allmulticast mode [ 354.252142][T10108] bridge_slave_0: left promiscuous mode [ 354.258735][T10108] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.381451][T10108] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.392686][T10108] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.405386][T10108] bond0 (unregistering): Released all slaves [ 354.684073][T10108] hsr_slave_0: left promiscuous mode [ 354.690902][T10108] hsr_slave_1: left promiscuous mode [ 354.697747][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 354.706610][T10108] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 354.714154][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 354.721662][T10108] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 354.731889][T10108] veth1_macvtap: left promiscuous mode [ 354.737518][T10108] veth0_macvtap: left promiscuous mode [ 354.743243][T10108] veth1_vlan: left promiscuous mode [ 354.748573][T10108] veth0_vlan: left promiscuous mode [ 354.870754][T10108] team0 (unregistering): Port device team_slave_1 removed [ 354.891850][T10108] team0 (unregistering): Port device team_slave_0 removed [ 355.208576][T10108] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.256252][T10108] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.309930][T10108] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.356410][T10108] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.449193][T10108] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.485662][T10108] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.526071][T10108] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.626922][T10108] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.677305][T10108] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.726684][T10108] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.775799][T10108] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.887036][T10108] bridge_slave_1: left allmulticast mode [ 355.893085][T10108] bridge_slave_1: left promiscuous mode [ 355.900068][T10108] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.908510][T10108] bridge_slave_0: left allmulticast mode [ 355.914154][T10108] bridge_slave_0: left promiscuous mode [ 355.920048][T10108] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.929438][T10108] bridge_slave_1: left allmulticast mode [ 355.935088][T10108] bridge_slave_1: left promiscuous mode [ 355.941224][T10108] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.949394][T10108] bridge_slave_0: left allmulticast mode [ 355.955026][T10108] bridge_slave_0: left promiscuous mode [ 355.960938][T10108] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.970402][T10108] bridge_slave_1: left allmulticast mode [ 355.976047][T10108] bridge_slave_1: left promiscuous mode [ 355.982121][T10108] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.990125][T10108] bridge_slave_0: left allmulticast mode [ 355.995752][T10108] bridge_slave_0: left promiscuous mode [ 356.001643][T10108] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.112398][T10108] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.122914][T10108] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.132626][T10108] bond0 (unregistering): Released all slaves [ 356.197732][T10108] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.207686][T10108] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.217418][T10108] bond0 (unregistering): Released all slaves [ 356.270270][T10108] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.280035][T10108] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.289529][T10108] bond0 (unregistering): Released all slaves [ 356.838560][T10108] hsr_slave_0: left promiscuous mode [ 356.845948][T10108] hsr_slave_1: left promiscuous mode [ 356.851749][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 356.860952][T10108] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 356.872139][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 356.879713][T10108] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 356.890969][T10108] hsr_slave_0: left promiscuous mode [ 356.897972][T10108] hsr_slave_1: left promiscuous mode [ 356.904738][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 356.912153][T10108] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 356.919734][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 356.927766][T10108] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 356.937419][T10108] hsr_slave_0: left promiscuous mode [ 356.943595][T10108] hsr_slave_1: left promiscuous mode [ 356.949146][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 356.958178][T10108] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 356.966209][T10108] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 356.973698][T10108] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 356.987020][T10108] veth1_macvtap: left promiscuous mode [ 356.992556][T10108] veth0_macvtap: left promiscuous mode [ 356.998075][T10108] veth1_vlan: left promiscuous mode [ 357.003454][T10108] veth0_vlan: left promiscuous mode [ 357.009244][T10108] veth1_macvtap: left promiscuous mode [ 357.014810][T10108] veth0_macvtap: left promiscuous mode [ 357.020339][T10108] veth1_vlan: left promiscuous mode [ 357.025898][T10108] veth0_vlan: left promiscuous mode [ 357.031655][T10108] veth1_macvtap: left promiscuous mode [ 357.037184][T10108] veth0_macvtap: left promiscuous mode [ 357.042860][T10108] veth1_vlan: left promiscuous mode [ 357.048122][T10108] veth0_vlan: left promiscuous mode [ 357.238024][T10108] team0 (unregistering): Port device team_slave_1 removed [ 357.251176][T10108] team0 (unregistering): Port device team_slave_0 removed [ 357.399602][T10108] team0 (unregistering): Port device team_slave_1 removed [ 357.417953][T10108] team0 (unregistering): Port device team_slave_0 removed [ 357.545319][T10108] team0 (unregistering): Port device team_slave_1 removed [ 357.567107][T10108] team0 (unregistering): Port device team_slave_0 removed