last executing test programs: 7.987036505s ago: executing program 1 (id=1398): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x3, 0x1) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x4e22, @multicast2}, 0x5) sendmmsg$auto(r0, 0x0, 0x5, 0x20000002) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy_home_node$auto(0x41000000, 0x5, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x9f06, 0x0, 0x17) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x4, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000180)={0x0, 0x1002}, 0x80001, &(0x7f0000000280)={&(0x7f0000000080), 0x45}, 0x6, 0x0) ioctl$auto(0xffffffffffffffff, 0x40246f4c, 0x38) close_range$auto(0xffffffffffffffff, 0x8, 0x6) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r3 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r3, 0x65, 0x1, 0x0, 0x800) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r4, &(0x7f0000000440)="671d9b4a", 0x4) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r1, 0x300000000000) semtimedop$auto(0x40, 0x0, 0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) 7.353628036s ago: executing program 1 (id=1401): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r1, 0x0, 0x400c080) connect$auto(0x3, 0x0, 0x55) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000100)="000004") r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) sendmsg$auto_NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000c4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x7fff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x24008015) 6.134773224s ago: executing program 0 (id=1405): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0x38) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) fremovexattr$auto(r2, &(0x7f0000000000)='system.posix_acl_access\x00') sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fedbdf250a000000080003000100000008000200", @ANYRES32, @ANYBLOB="080001"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) 5.966446708s ago: executing program 2 (id=1406): openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) ioctl$auto_FIGETBSZ(0xffffffffffffffff, 0x2, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)=""/209, 0xd1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x6041, 0x0) socket(0x6, 0x2, 0x6) semctl$auto_SETVAL(0x4, 0xfffffff7, 0x10, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/ad_actor_system\x00', 0x0, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000180)={0x7fffffff, 0xffffff03, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0xfffffffd, 0x101, 0x17f, 0x2}, {0x2ff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) write$auto(0x3, 0x0, 0x7) socket(0x2b, 0x1, 0x0) 5.697695978s ago: executing program 0 (id=1407): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8003) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') mount$auto(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x100000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204282, 0x0) setsockopt$auto_SO_DEVMEM_DONTNEED(r0, 0xdb, 0x50, 0x0, 0xb) clock_nanosleep$auto(0x400000, 0x1, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_history_size\x00', 0x1182, 0x0) io_uring_setup$auto(0x86, 0x0) socket(0x10, 0x4, 0xffffffc0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(0x0) getsid$auto(0xffffffffffffffff) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0) close_range$auto(r2, 0xa, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) ioctl$auto_IOCTL_VMCI_VERSION(r3, 0x79f, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 5.037051729s ago: executing program 3 (id=1409): mmap$auto(0xffffffffffffffff, 0x100000004020009, 0x3, 0x19, 0x401, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0x2000000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000003bc0)={0x0, 0x0, &(0x7f0000003b80)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r1, @ANYRES16, @ANYRES64=r0], 0x1c}, 0x1, 0x0, 0x0, 0x440c5}, 0x4044) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f00000000c0)={0x1c, r4, 0x59e638bc4fbb3f7d, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) r6 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000980), r2) sendmsg$auto_TIPC_NL_MEDIA_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f000000a480)={&(0x7f0000000100)=ANY=[@ANYBLOB="1800000071e4887659967da562e9a75bdbcbdc3750a92026c9475b6261f5195a09c44faed168bb08cc874c230f5cf6c36a12b70be56baebc21c0ce", @ANYRES16=r6, @ANYRES64=r1], 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x20000048) r7 = socket(0x2, 0x801, 0x84) r8 = getsockopt$auto(r7, 0x84, 0x6f, 0x0, &(0x7f0000000280)) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.9/usb28/28-0:1.0/ep_81/interval\x00', 0x15900, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x80007ffff000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/vulnerabilities/spec_store_bypass\x00', 0x101800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r8, &(0x7f0000000340)=""/104, 0x68) prctl$auto(0x1000000003b, 0x1, 0x4, 0x2, 0xc000000000000000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x11, 0x5, 0x4) readlinkat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1) r9 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) fstatfs$auto(0x3, 0x0) ioctl$auto(r9, 0x4b67, 0x1) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8002, 0x0, 0x6) 4.527778314s ago: executing program 0 (id=1410): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x3, 0x1) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x4e22, @multicast2}, 0x5) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/ext4/sda1/first_error_func\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/114, 0x72) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_NEW_KEY(r3, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000004880)={&(0x7f0000000140)={0x1c, r2, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x890) setsockopt$auto(0x3, 0x10f, 0x9f06, 0x0, 0x17) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r4, 0x300000000000) semtimedop$auto(0x40, 0x0, 0x6, 0x0) 4.175441706s ago: executing program 1 (id=1411): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ustat$auto(0x801, 0x0) r1 = socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r2 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @none}, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(r2, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) pselect6$auto(0x3ff, &(0x7f0000000080)={[0x8, 0xffffffffffffffff, 0x7fffffff, 0x2, 0x1, 0x3, 0x15, 0x6, 0xe, 0x0, 0x3, 0x7, 0x3, 0x100000000, 0xc5e, 0xffffffffffffffff]}, &(0x7f0000000140)={[0x5, 0xa, 0x7146a078, 0x2c, 0xfffffffffffff12f, 0x2, 0x6, 0x0, 0x1fd, 0xd9, 0xfea0, 0x1000, 0x1, 0x50, 0x4, 0x3d4]}, &(0x7f00000001c0)={[0x3ff, 0x401, 0x1, 0x2, 0x1, 0xf51, 0x7, 0x4cf8, 0x9, 0x643, 0x0, 0x4, 0x1, 0x1, 0x2, 0x37a]}, &(0x7f0000000000)={0x4, 0x33ec}, &(0x7f0000000240)="5a614175107dbfe370278050aed2d81f1233c305ef11a2b76f5bdc2b") pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) 4.091496407s ago: executing program 2 (id=1412): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x3, 0x1) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) r1 = socket(0x2, 0x801, 0x100) r2 = open(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0xa0400, 0x8) r3 = open_by_handle_at$auto(r2, &(0x7f0000000040)={0x8, 0x2, "0200000000000000"}, 0x2) sendfile$auto(r1, r3, 0x0, 0xffff) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x4e22, @multicast2}, 0x5) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x10f, 0x9f06, 0x0, 0x17) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="0100289e01cac5ed0600d30000007d84b38faf7763cd2f626fd87c6b57ed4fc48142"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0xd0) r6 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r6, 0x300000000000) semtimedop$auto(0x40, 0x0, 0x6, 0x0) 3.940546586s ago: executing program 1 (id=1413): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x8de, 0x2, 0x591b, 0x2, 0xa) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4, @dev={0xac, 0x14, 0x14, 0x32}}, 0xff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x800, 0x0, &(0x7f00000001c0)) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) ioctl$auto(0xffffffffffffffff, 0x8983, 0x4) preadv$auto(0xffffffffffffffff, 0x0, 0x9, 0x5, 0x100000021) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/cgroup\x00') mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x200006, 0x9, 0x40eb1, 0x602, 0x300000000000) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) bind$auto(0xffffffffffffffff, 0x0, 0x6a) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x23, 0x7, 0x7fffffffefff, 0x0, 0x0) brk$auto(0x7fffffffafff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x2404c8c0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(r1, 0x0, 0x100000a3d9) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) 3.492975049s ago: executing program 0 (id=1414): mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) mknod$auto(0x0, 0x20e9, 0x103) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r1 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000003, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r1, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x6) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10006, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x58, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x801, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r2, 0x11c, 0x1, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 3.423157302s ago: executing program 3 (id=1415): close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r1 = openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$auto_ep0_operations_inode(r1, 0x2, &(0x7f00000000c0)="e100d80c7154a037547c0f272f78bb555a784d490feb40") connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r2, 0x0, 0x5f) fcntl$auto(0x8000000000000001, 0x25, 0x8) getsockopt$auto(r0, 0x84, 0x82, 0x0, &(0x7f0000000280)=0x1000c0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 3.210335069s ago: executing program 3 (id=1416): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = ioctl$auto_TUNSETGROUP(0xffffffffffffffff, 0x400454ce, &(0x7f0000000080)=0x6) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x848000000015, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x6b) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000040)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x55) sendmsg$auto_NL80211_CMD_GET_MPATH(r1, 0x0, 0x0) close_range$auto(0xffffffffffffffff, r0, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x24008870) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='O\x00', @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[], 0x1ac}}, 0x24000814) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x7, 0xffffffffffffffff, 0xdf, 0x809b72, 0x7, 0x28000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) ioctl$auto_UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) get_mempolicy$auto(0x0, &(0x7f00000000c0), 0xffffffff80000001, 0x7ff, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x70cfe3aab3c82e5b, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x6, 0x2, 0x2) r3 = socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x12}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r3, 0x0, 0x9a6, 0xe000) write$auto(0x3, 0x0, 0x800) close_range$auto(0x2, 0x8, 0x0) 3.006629919s ago: executing program 1 (id=1417): syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x11, 0x3, 0x400) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x500000000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = io_uring_setup$auto(0x6, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x8000734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x5, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfdc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8040) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00'], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x6) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) write$auto(r1, 0x0, 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/extra\x00', 0xa142, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x0, 0x40000000000eb3, 0x401, 0x8000) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) sendfile$auto(r2, 0xffffffffffffffff, 0x0, 0x10000) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(0xffffffffffffffff, 0x0, 0x880) mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8) 2.677983571s ago: executing program 2 (id=1418): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = ioctl$auto_TUNSETGROUP(0xffffffffffffffff, 0x400454ce, &(0x7f0000000080)=0x6) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x848000000015, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x6b) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55) sendmsg$auto_NL80211_CMD_GET_MPATH(r1, 0x0, 0x100300) close_range$auto(0xffffffffffffffff, r0, 0x8) mmap$auto(0x0, 0x40002, 0xdf, 0x809b72, 0x7, 0x28000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0) ioctl$auto_UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) get_mempolicy$auto(0x0, &(0x7f00000000c0), 0xffffffff80000001, 0x7ff, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x70cfe3aab3c82e5b, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x6, 0x2, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x6, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) 2.673487269s ago: executing program 3 (id=1419): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r1) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000ffdbdf25040000000a0016070000000400000000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = socket(0x11, 0x80003, 0x2300) r5 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r5, &(0x7f0000000000)={0x8, 0x2, 'u\x00\x00\x00\x00\x00\x00\x00'}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) recvmsg$auto(r3, &(0x7f00000005c0)={0x0, 0x8, &(0x7f00000004c0)={&(0x7f00000003c0)="444debcb5d4827b41b873d646e2663fb2d4aa24da78f4b3472bd8daf8c57304fe5302fe1869cfca458a5a39bd4006710640f6032088c509f0c082c1b04896afe04d524b8b80ce2949dae1a1d2bec705c343bc92a41212ae3ed0a036e67d0c6d7b35e6cb8956ef9b289a7e42615af9f0470dc70d3deea952a1d85a1a845530a190757f55d6e53993d1e8f22b49f44b8a5b9b989d8ed44e1a1f0002bb9f9c8813bee34cfb9b329b8b45794054ee04fdb17a945013b532f53854704c99cc8f02c1582b9c91704e2ed3d57e019cf620547", 0x3}, 0xd3, &(0x7f0000000500), 0xc, 0xffffffff}, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getsockopt$auto_SO_WIFI_STATUS(r4, 0x9, 0x29, &(0x7f00000002c0)=']]/\x00', &(0x7f0000000300)=0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) 2.50608162s ago: executing program 0 (id=1420): rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x9}, 0x8000, 0x0, 0x10000006) mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0x8000000000000eb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) socket(0x21, 0x2, 0x2) shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f0000000340)={{0x5, 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x2, 0x2}, 0x5, 0x2, 0xfffffffffffffffc, 0x62, @raw=0xd, @raw=0x30, 0xb, 0x0, 0x0, 0x0}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) close_range$auto(0xffffffffffffffff, 0x8, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000007380)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x109041, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000008d40)='($}-)#@\x00', 0x3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/dentry-state\x00', 0x0, 0x0) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r1 = socket(0x2c, 0xa, 0x11) setsockopt$auto(r1, 0x1, 0xc, 0x0, 0x7fffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptye8\x00', 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r3, 0x0, 0xc000) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r3, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETSYNCRO(r4, 0x5015, 0x0) 2.38455834s ago: executing program 2 (id=1421): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r1) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000ffdbdf25040000000a0016070000000400000000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = socket(0x11, 0x80003, 0x2300) r5 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r5, &(0x7f0000000000)={0x8, 0x2, 'u\x00\x00\x00\x00\x00\x00\x00'}, 0x2) read$auto(0xffffffffffffffff, 0x0, 0x20) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) recvmsg$auto(r3, &(0x7f00000005c0)={0x0, 0x8, &(0x7f00000004c0)={&(0x7f00000003c0)="444debcb5d4827b41b873d646e2663fb2d4aa24da78f4b3472bd8daf8c57304fe5302fe1869cfca458a5a39bd4006710640f6032088c509f0c082c1b04896afe04d524b8b80ce2949dae1a1d2bec705c343bc92a41212ae3ed0a036e67d0c6d7b35e6cb8956ef9b289a7e42615af9f0470dc70d3deea952a1d85a1a845530a190757f55d6e53993d1e8f22b49f44b8a5b9b989d8ed44e1a1f0002bb9f9c8813bee34cfb9b329b8b45794054ee04fdb17a945013b532f53854704c99cc8f02c1582b9c91704e2ed3d57e019cf620547", 0x3}, 0xd3, &(0x7f0000000500), 0xc, 0xffffffff}, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getsockopt$auto_SO_WIFI_STATUS(r4, 0x9, 0x29, &(0x7f00000002c0)=']]/\x00', &(0x7f0000000300)=0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) 1.117965964s ago: executing program 2 (id=1422): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40007, 0x1000000005, 0x9b72, 0x2, 0x8000) userfaultfd$auto(0x1) ioctl$auto(0x3, 0xc018aa3f, 0xf0b) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket(0xa, 0xa, 0x7ffe) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r3, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000005, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) read$auto_objects_fops_(r1, &(0x7f0000000240)=""/66, 0x42) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x28800, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x40200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0xfffffffffffffff9, 0x400003, 0x7, 0x9b72, 0x2, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) sendfile$auto(r5, r4, 0x0, 0x1000202) 1.073458295s ago: executing program 3 (id=1423): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x3, 0x1) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xdef\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x15) r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r3) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_4={0x8000, r1, 0xfffff000, r0}, 0x6f3) r4 = socket(0xa, 0x2, 0x88) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = socket(0x2, 0x80000, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) getsockopt$auto(r5, 0x0, 0x4, 0x0, 0x0) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r4, @new_prog_fd=0x4, 0x4, @old_map_fd}, 0xa3) mmap$auto(0x5, 0x4020008, 0x1001, 0xeb1, r4, 0x8003) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x800, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x0, 0x0, 0x69], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x0, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x7, 0x101, 0xa76, 0xffffffffffffffff, 0x10000a) 410.148592ms ago: executing program 3 (id=1425): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) socket(0x2, 0x2, 0x0) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async, rerun: 64) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async, rerun: 64) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x28, r2, 0x82652360e804c8d3, 0x70bd25, 0x25dfdbfe, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_BANDS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0xfffbfff8}, @OVS_METER_ATTR_CLEAR={0x4}]}, 0x28}}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="24822af36330a5f0de76059a0ea0", @ANYRES16=0x0, @ANYBLOB="200025bd7000fbdbdf251f000000e20391003189961d2e604c4cb72dbfe205b98ef57f8d2172aecfdb8aefe6cb104a3b3b05e347ae70ff3644c24426404f4a41620c9c34f57b44261374ecd81f7f675b835b2caeb5961718f3a34c32d833a43cf62d781307755985bd28949e0c5dd0ca665b23e310ae0fff09c082a61a912c1b1ad595b587031dec40bf0ec34523790b1553c459495328db848f9248f19003852197dbbc48769f1225fd70ec34de14d69c3c4fdcdf77b5e375a633d7429356fd2e12c642a333136610dbda17ed055fd154451ec22ec4593f791baad86a626a8ea13af284dcff1256d6ce246231ae4f86ba5690ca8e30926c2cb521b40e47addfe904d312869c6c3f1f7cb71377d71493fb524f5a96849c66a0ac21e2643ed937b53de23d7a97efc1e72cf896d6de6ef4c3102a434c588042f2780ed89d9acf4cc43425a29eee06fac774ee0444aafcca46bcf62acc2304b332f7952197024854192dd6b2701a46c62fa8521e18b650f53830c51d60c7a2d0ed4f49130b28e2e7410f135fdd153a7ea5b5156a6f4bd9da3b04ef82f71084d6e6da064981d6cf904de0e55a229daf5977d196fab96f30a28fd216b407597631c02c496b6ddcb27ee478d10b82c9c995e57203fe524fd71164a414f8a6c244e3979f4b6e6566c4d52c218d5bcf77626f666ceb36aa53f2b4455953bfcd3961f68515ef18d5562ca35d1d8617786bccea2099f73613617704aa319e1435739a3771d93d0e4338c74bbfd13d8ab21d847f4b6c0eabd4e1c56c6ae9c73e41fd4335c5e85b380b98e1552e4a018bb74abad15905f08bd066ceeb5f718013e413a56d20cfe96bb12f802c07cc9242e79a7c5f590f2c7449e00561a54ab66dd09e7b9313e6d611011e70deebb8bde7900f977d5bdc35152355641ded2556c2d0dd4b7f41e9dc56bab98d3be6d838e5fe3b36974ad2b326c9e83152eb7a8f9af03ab5a2fdc3046f2e5eac27cf07e61d2a60de345954cb55c93da719d9075ce2b992c8d35667191e8f7f6bf1e6f95a9cfcc4ae84a3a5629192de72da28f17bd7aff752e7fef9b4ddc7aed8144c20159c356d4c87f3f50224f6ea2cc8e0adfa658f2d4e4290537139ca695ea5177073414848daab134cf02a13a3091c91dd936c4e0b5cfd9bf545790e3f6f67a65d6da33d53531a04e94b8ce75a1e9bacbe158fbc49b6e6867abaffd37e45b7ef338306af5052c5ead7e36142c5c37b7e572629c783001c0b7af291b32218ba9e88883004c06063bf0b7dacf06f1233ef15fc0a4010518af669b5d3aff2a2295112c7f5b0d6d713f32fee2000b684d4f8dd02050902ee688fdff44a28113d4b7fc22cffb53700e44a4fe11d267e53e457952547e4cc31cb83a367d67eab25e829ed673af7f4106e886cd188696859a600001e0094006ec0bb0e4b9e745e50cab995f46d4cf85068e662d51cf5ac9e0c00000400440108000a0103000000f200f5000dfca2abf38dfe4736db7a30a219a173211e8fe230c7be7f7d81597db5401db3813ac5c978d31d2ec541facbe5e4d242da63c09a430de16065b3256fbe5f35fa96a130fd4de7a4665b91ee11b88a3fe0e025a3d5207be631e362e5d6184614866e1f5b7dd65220851fbb57b6edd9e776964a1ec4a1f93271ed2b86e831c080efc68d7731e7957bb424e1a463d11323188e493df54c76b8a7529527ece3c6e65bd0a7ed4b817eb752e738451ce5d64425536b263d6cd54bdfc4c464179988263cec7b6a4c64e98f3dedda6cfd5317c1fe5e7a8c334b6ae1173b471d545482f49fe59e6ce0b7f0ceda71bd1a49f99b0000060065000000000004004580"], 0x524}, 0x1, 0x0, 0x0, 0x12ad540ae5a84650}, 0x4000000) (async) read$auto_trace_fops_debugfs(r0, &(0x7f0000000140)=""/110, 0x6e) 88.179023ms ago: executing program 2 (id=1426): socket(0x25, 0x1, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) shutdown$auto(0xffffffffffffffff, 0x2) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) mmap$auto(0x0, 0x400008, 0x400, 0xf1, 0x2, 0x8000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto_VHOST_NET_SET_BACKEND(r1, 0x4008af30, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x8, 0x13, 0x0, 0xfb3) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r2, 0xc0045004, &(0x7f0000000000)) pread64$auto(r0, 0x0, 0x7ff, 0x422) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, 0x0, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x201, 0x6, 0x0, 0x1, 0xd511, 0x1003, 0x15f4da0a, 0x3, 0x3, 0x40000000006f2, 0x8000001e, 0x1fe, 0x5b284b9b, 0x5, 0x100007, 0x7]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8800) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1427): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) lseek$auto(0x3, 0x2, 0x4) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2280, 0x0) socket(0x1e, 0x1, 0x0) lsm_set_self_attr$auto(0x11, 0x0, 0x7a, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000016c0)='/dev/snd/controlC0\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f0000001700)={@inferred, 0xc, 0x3, 0x9, "9d4724b76f4d07faf46cb94d85033d940fdf05ecff75c12163ddeab942ed73d07dadd6f419694d591eca8162"}) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/ping_group_range\x00', 0x202, 0x0) write$auto(r2, &(0x7f00000000c0)='\\\xf3%\x00', 0x8) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x0, 0x9, 0x8, 0x8, 0x1, 0x5, 0x7, 0x5d, 0x0, 0x3ff, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x0, 0x4, 0x0, 0x0, 0xe3a, 0x3]}, 0x400, 0x81) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x304, 0xfffffffe, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0xfffffffc}, 0x3, 0x3, 0x4, @inferred, @integer={0x3, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada8dbdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendfile$auto(r0, r4, 0x0, 0x1) kernel console output (not intermixed with test programs): x90 [ 300.522667][ T9781] Code: c4 10 e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 [ 300.522690][ T9781] RSP: 0018:ffffc90004bc7d70 EFLAGS: 00050202 [ 300.522712][ T9781] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 300.522727][ T9781] RDX: fffff52000978fbc RSI: 0000000000000000 RDI: ffffc90004bc7de0 [ 300.522744][ T9781] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000978fbc [ 300.522759][ T9781] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 300.522774][ T9781] R13: ffffc90004bc7de0 R14: 0000000000000000 R15: 0000000000000000 [ 300.522812][ T9781] _copy_from_user+0x98/0xd0 [ 300.522853][ T9781] do_sock_getsockopt+0x3ca/0x440 [ 300.522896][ T9781] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 300.522934][ T9781] ? __fget_files+0x204/0x3c0 [ 300.522980][ T9781] __sys_getsockopt+0x123/0x1b0 [ 300.523021][ T9781] __x64_sys_getsockopt+0xbd/0x160 [ 300.523056][ T9781] ? do_syscall_64+0x91/0x490 [ 300.523089][ T9781] ? lockdep_hardirqs_on+0x7c/0x110 [ 300.523121][ T9781] do_syscall_64+0xcd/0x490 [ 300.523167][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.523193][ T9781] RIP: 0033:0x7fe5ab78ebe9 [ 300.523213][ T9781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.523238][ T9781] RSP: 002b:00007fe5ac52f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 300.523263][ T9781] RAX: ffffffffffffffda RBX: 00007fe5ab9b5fa0 RCX: 00007fe5ab78ebe9 [ 300.523280][ T9781] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004 [ 300.523296][ T9781] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 300.523311][ T9781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 300.523326][ T9781] R13: 00007fe5ab9b6038 R14: 00007fe5ab9b5fa0 R15: 00007ffe3233f848 [ 300.523362][ T9781] [ 301.288425][ T5185] Bluetooth: hci0: command 0x0419 tx timeout [ 301.368414][ T5185] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.374479][ T5185] Bluetooth: hci3: command 0x0c1a tx timeout [ 301.380578][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 302.896311][ T9829] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 302.926722][ T9829] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 302.941506][ T9832] Debayer A: ================= START STATUS ================= [ 302.956459][ T9832] Debayer A: Debayer Mean Window Size: 3 [ 302.971218][ T9829] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 302.977332][ T9832] Debayer A: ================== END STATUS ================== [ 303.042807][ T9829] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 303.695810][ T9847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.717'. [ 304.996966][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 305.003865][ T51] Bluetooth: hci0: command 0x0419 tx timeout [ 305.049127][ T5185] Bluetooth: hci2: command 0x0c1a tx timeout [ 305.055282][ T5185] Bluetooth: hci3: command 0x0c1a tx timeout [ 306.258574][ T9886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.723'. [ 306.681921][ T9899] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 306.707500][ T9899] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 306.715178][ T9899] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 306.724059][ T9899] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 307.750839][ T9925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.728'. [ 308.728465][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 308.728482][ T5185] Bluetooth: hci3: command 0x0c1a tx timeout [ 308.728521][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 308.734595][ T51] Bluetooth: hci0: command 0x0419 tx timeout [ 308.745600][ T9942] can: request_module (can-proto-3) failed. [ 308.865973][ T9944] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.731: bg 1: bad block bitmap checksum [ 308.882617][ T9944] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6657: Filesystem failed CRC [ 309.032196][ T9953] binder: 9951:9953 ioctl c018620c 0 returned -22 [ 309.656389][ T9964] FAULT_INJECTION: forcing a failure. [ 309.656389][ T9964] name failslab, interval 1, probability 0, space 0, times 0 [ 309.680434][ T9953] FAULT_INJECTION: forcing a failure. [ 309.680434][ T9953] name failslab, interval 1, probability 0, space 0, times 0 [ 309.734353][ T9953] CPU: 0 UID: 0 PID: 9953 Comm: syz.2.735 Not tainted syzkaller #0 PREEMPT(full) [ 309.734375][ T9953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 309.734385][ T9953] Call Trace: [ 309.734391][ T9953] [ 309.734396][ T9953] dump_stack_lvl+0x16c/0x1f0 [ 309.734420][ T9953] should_fail_ex+0x512/0x640 [ 309.734440][ T9953] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 309.734462][ T9953] should_failslab+0xc2/0x120 [ 309.734480][ T9953] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 309.734499][ T9953] ? xfrm_sysctl_init+0x10a/0x2d0 [ 309.734523][ T9953] kmemdup_noprof+0x29/0x60 [ 309.734540][ T9953] xfrm_sysctl_init+0x10a/0x2d0 [ 309.734563][ T9953] xfrm_net_init+0x842/0xcc0 [ 309.734586][ T9953] ? __pfx_xfrm_net_init+0x10/0x10 [ 309.734605][ T9953] ops_init+0x1e2/0x5f0 [ 309.734627][ T9953] setup_net+0x10f/0x380 [ 309.734644][ T9953] ? lockdep_init_map_type+0x5c/0x280 [ 309.734664][ T9953] ? __pfx_setup_net+0x10/0x10 [ 309.734683][ T9953] ? debug_mutex_init+0x37/0x70 [ 309.734699][ T9953] copy_net_ns+0x2a6/0x5f0 [ 309.734722][ T9953] create_new_namespaces+0x3ea/0xa90 [ 309.734742][ T9953] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 309.734760][ T9953] ksys_unshare+0x45b/0xa40 [ 309.734780][ T9953] ? __pfx_ksys_unshare+0x10/0x10 [ 309.734799][ T9953] ? xfd_validate_state+0x61/0x180 [ 309.734824][ T9953] __x64_sys_unshare+0x31/0x40 [ 309.734842][ T9953] do_syscall_64+0xcd/0x490 [ 309.734863][ T9953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.734877][ T9953] RIP: 0033:0x7f858d58ebe9 [ 309.734889][ T9953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.734902][ T9953] RSP: 002b:00007f858e4dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 309.734916][ T9953] RAX: ffffffffffffffda RBX: 00007f858d7b5fa0 RCX: 00007f858d58ebe9 [ 309.734925][ T9953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 309.734933][ T9953] RBP: 00007f858d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 309.734941][ T9953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.734948][ T9953] R13: 00007f858d7b6038 R14: 00007f858d7b5fa0 R15: 00007ffc9b6c6da8 [ 309.734967][ T9953] [ 309.961650][ T9964] CPU: 0 UID: 0 PID: 9964 Comm: syz.3.736 Not tainted syzkaller #0 PREEMPT(full) [ 309.961683][ T9964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 309.961696][ T9964] Call Trace: [ 309.961704][ T9964] [ 309.961713][ T9964] dump_stack_lvl+0x16c/0x1f0 [ 309.961749][ T9964] should_fail_ex+0x512/0x640 [ 309.961782][ T9964] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 309.961811][ T9964] should_failslab+0xc2/0x120 [ 309.961841][ T9964] __kmalloc_cache_noprof+0x6a/0x3e0 [ 309.961865][ T9964] ? trace_kmalloc+0x2b/0xd0 [ 309.961896][ T9964] ? call_usermodehelper_setup+0xaf/0x360 [ 309.961919][ T9964] ? __pfx_free_modprobe_argv+0x10/0x10 [ 309.961954][ T9964] call_usermodehelper_setup+0xaf/0x360 [ 309.961982][ T9964] __request_module+0x3bd/0x690 [ 309.962017][ T9964] ? __pfx___request_module+0x10/0x10 [ 309.962057][ T9964] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 309.962104][ T9964] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 309.962145][ T9964] nfnetlink_rcv_batch+0x17d8/0x2330 [ 309.962183][ T9964] ? consume_skb+0xcc/0x100 [ 309.962219][ T9964] ? __pfx_nfnetlink_rcv_batch+0x10/0x10 [ 309.962245][ T9964] ? __local_bh_enable_ip+0xa4/0x120 [ 309.962271][ T9964] ? lockdep_hardirqs_on+0x7c/0x110 [ 309.962305][ T9964] ? __dev_queue_xmit+0xaf1/0x4490 [ 309.962329][ T9964] ? __local_bh_enable_ip+0xa4/0x120 [ 309.962355][ T9964] ? __dev_queue_xmit+0xaf1/0x4490 [ 309.962379][ T9964] ? __dev_queue_xmit+0xb12/0x4490 [ 309.962428][ T9964] ? __pfx___dev_queue_xmit+0x10/0x10 [ 309.962456][ T9964] ? __asan_memset+0x23/0x50 [ 309.962479][ T9964] ? __nla_validate_parse+0x600/0x2880 [ 309.962509][ T9964] ? rcu_is_watching+0x12/0xc0 [ 309.962533][ T9964] ? __pfx___nla_validate_parse+0x10/0x10 [ 309.962558][ T9964] ? aa_get_newest_label+0xd2/0x250 [ 309.962585][ T9964] ? apparmor_capable+0x114/0x1d0 [ 309.962618][ T9964] ? __nla_parse+0x40/0x60 [ 309.962647][ T9964] nfnetlink_rcv+0x3c1/0x430 [ 309.962671][ T9964] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 309.962705][ T9964] netlink_unicast+0x5aa/0x870 [ 309.962743][ T9964] ? __pfx_netlink_unicast+0x10/0x10 [ 309.962787][ T9964] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 309.962829][ T9964] netlink_sendmsg+0x8d1/0xdd0 [ 309.962868][ T9964] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.962905][ T9964] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 309.962937][ T9964] __sys_sendto+0x4a0/0x520 [ 309.962967][ T9964] ? __pfx___sys_sendto+0x10/0x10 [ 309.963006][ T9964] ? find_held_lock+0x2b/0x80 [ 309.963055][ T9964] __x64_sys_sendto+0xe0/0x1c0 [ 309.963082][ T9964] ? do_syscall_64+0x91/0x490 [ 309.963111][ T9964] ? lockdep_hardirqs_on+0x7c/0x110 [ 309.963141][ T9964] do_syscall_64+0xcd/0x490 [ 309.963174][ T9964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.963197][ T9964] RIP: 0033:0x7fe5ab790a7c [ 309.963216][ T9964] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 309.963239][ T9964] RSP: 002b:00007fe5ac50cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 309.963263][ T9964] RAX: ffffffffffffffda RBX: 00007fe5ac50cfc0 RCX: 00007fe5ab790a7c [ 309.963280][ T9964] RDX: 0000000000000020 RSI: 00007fe5ac50d010 RDI: 0000000000000002 [ 309.963295][ T9964] RBP: 0000000000000000 R08: 00007fe5ac50cf14 R09: 000000000000000c [ 309.963308][ T9964] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 309.963323][ T9964] R13: 00007fe5ac50cf68 R14: 00007fe5ac50d010 R15: 0000000000000000 [ 309.963354][ T9964] [ 310.309245][ T9964] binder: 9962:9964 ioctl c018620c 0 returned -22 [ 311.172847][ T9984] netlink: 4 bytes leftover after parsing attributes in process `syz.3.739'. [ 311.411030][ T9991] netlink: 326 bytes leftover after parsing attributes in process `syz.3.742'. [ 311.892903][T10007] netlink: zone id is out of range [ 311.898090][T10007] netlink: zone id is out of range [ 311.903427][T10007] netlink: zone id is out of range [ 311.910350][T10007] netlink: zone id is out of range [ 311.921157][T10007] netlink: zone id is out of range [ 311.936617][T10007] netlink: zone id is out of range [ 311.953302][T10007] netlink: zone id is out of range [ 311.964054][T10007] netlink: zone id is out of range [ 311.994088][T10007] netlink: zone id is out of range [ 312.020184][T10007] netlink: zone id is out of range [ 313.577763][T10026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.748'. [ 314.325290][ T7742] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:10: bg 2: bad block bitmap checksum [ 314.352254][ T7742] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1120 with max blocks 1 with error 74 [ 314.376742][ T7742] EXT4-fs (sda1): This should not happen!! Data will be lost [ 314.376742][ T7742] [ 315.261653][T10086] ptrace attach of "./syz-executor exec"[10089] was attempted by "./syz-executor exec"[10086] [ 316.434072][T10117] FAULT_INJECTION: forcing a failure. [ 316.434072][T10117] name fail_futex, interval 1, probability 0, space 0, times 0 [ 316.461400][T10117] CPU: 1 UID: 0 PID: 10117 Comm: syz.2.761 Not tainted syzkaller #0 PREEMPT(full) [ 316.461434][T10117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 316.461448][T10117] Call Trace: [ 316.461456][T10117] [ 316.461465][T10117] dump_stack_lvl+0x16c/0x1f0 [ 316.461503][T10117] should_fail_ex+0x512/0x640 [ 316.461540][T10117] get_futex_key+0x293/0x1560 [ 316.461575][T10117] ? __pfx_get_futex_key+0x10/0x10 [ 316.461603][T10117] ? __mutex_trylock_common+0xe9/0x250 [ 316.461644][T10117] futex_wake+0xea/0x530 [ 316.461682][T10117] ? __pfx_futex_wake+0x10/0x10 [ 316.461739][T10117] do_futex+0x1e3/0x350 [ 316.461770][T10117] ? __pfx_do_futex+0x10/0x10 [ 316.461797][T10117] ? __might_fault+0xe3/0x190 [ 316.461837][T10117] mm_release+0x24e/0x300 [ 316.461864][T10117] do_exit+0x68e/0x2bf0 [ 316.461902][T10117] ? __pfx_do_exit+0x10/0x10 [ 316.461932][T10117] ? do_raw_spin_lock+0x12c/0x2b0 [ 316.461964][T10117] ? find_held_lock+0x2b/0x80 [ 316.462000][T10117] do_group_exit+0xd3/0x2a0 [ 316.462034][T10117] get_signal+0x2673/0x26d0 [ 316.462070][T10117] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 316.462097][T10117] ? __pfx_get_signal+0x10/0x10 [ 316.462123][T10117] ? do_futex+0x122/0x350 [ 316.462154][T10117] ? __pfx_do_futex+0x10/0x10 [ 316.462184][T10117] arch_do_signal_or_restart+0x8f/0x790 [ 316.462216][T10117] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 316.462253][T10117] ? ksys_write+0x1ac/0x250 [ 316.462279][T10117] ? __pfx_ksys_write+0x10/0x10 [ 316.462315][T10117] exit_to_user_mode_loop+0x84/0x110 [ 316.462348][T10117] do_syscall_64+0x3f6/0x490 [ 316.462381][T10117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.462405][T10117] RIP: 0033:0x7f858d58ebe9 [ 316.462424][T10117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.462447][T10117] RSP: 002b:00007f858e4dc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 316.462475][T10117] RAX: fffffffffffffe00 RBX: 00007f858d7b5fa8 RCX: 00007f858d58ebe9 [ 316.462487][T10117] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f858d7b5fa8 [ 316.462498][T10117] RBP: 00007f858d7b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 316.462509][T10117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.462520][T10117] R13: 00007f858d7b6038 R14: 00007ffc9b6c6cc0 R15: 00007ffc9b6c6da8 [ 316.462548][T10117] [ 317.293117][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.302327][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.375771][T10133] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 319.889790][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'. [ 320.565512][T10197] ptrace attach of "./syz-executor exec"[5861] was attempted by ""[10197] [ 320.767046][T10207] syz.3.779 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 322.482628][T10241] net_ratelimit: 19 callbacks suppressed [ 322.482650][T10241] netlink: zone id is out of range [ 322.548266][T10241] netlink: zone id is out of range [ 322.562335][T10241] netlink: zone id is out of range [ 322.578921][T10241] netlink: zone id is out of range [ 322.584062][T10241] netlink: zone id is out of range [ 322.618298][T10241] netlink: zone id is out of range [ 322.623651][T10241] netlink: zone id is out of range [ 322.631510][T10241] netlink: zone id is out of range [ 322.636658][T10241] netlink: zone id is out of range [ 322.745326][T10241] netlink: zone id is out of range [ 324.232046][T10283] netlink: 'syz.0.788': attribute type 1 has an invalid length. [ 324.868931][T10295] FAULT_INJECTION: forcing a failure. [ 324.868931][T10295] name fail_futex, interval 1, probability 0, space 0, times 0 [ 324.909196][T10295] CPU: 0 UID: 0 PID: 10295 Comm: syz.1.792 Not tainted syzkaller #0 PREEMPT(full) [ 324.909230][T10295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 324.909244][T10295] Call Trace: [ 324.909253][T10295] [ 324.909262][T10295] dump_stack_lvl+0x16c/0x1f0 [ 324.909299][T10295] should_fail_ex+0x512/0x640 [ 324.909337][T10295] get_futex_key+0x293/0x1560 [ 324.909377][T10295] ? __pfx_get_futex_key+0x10/0x10 [ 324.909405][T10295] ? __mutex_trylock_common+0xe9/0x250 [ 324.909446][T10295] futex_wake+0xea/0x530 [ 324.909485][T10295] ? __pfx_futex_wake+0x10/0x10 [ 324.909535][T10295] do_futex+0x1e3/0x350 [ 324.909566][T10295] ? __pfx_do_futex+0x10/0x10 [ 324.909593][T10295] ? __might_fault+0xe3/0x190 [ 324.909630][T10295] mm_release+0x24e/0x300 [ 324.909665][T10295] do_exit+0x68e/0x2bf0 [ 324.909705][T10295] ? __pfx_do_exit+0x10/0x10 [ 324.909736][T10295] ? do_raw_spin_lock+0x12c/0x2b0 [ 324.909770][T10295] ? find_held_lock+0x2b/0x80 [ 324.909799][T10295] do_group_exit+0xd3/0x2a0 [ 324.909834][T10295] get_signal+0x2673/0x26d0 [ 324.909870][T10295] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 324.909898][T10295] ? __pfx_get_signal+0x10/0x10 [ 324.909923][T10295] ? do_futex+0x122/0x350 [ 324.909952][T10295] ? __pfx_do_futex+0x10/0x10 [ 324.909984][T10295] arch_do_signal_or_restart+0x8f/0x790 [ 324.910018][T10295] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 324.910058][T10295] ? ksys_write+0x1ac/0x250 [ 324.910085][T10295] ? __pfx_ksys_write+0x10/0x10 [ 324.910119][T10295] exit_to_user_mode_loop+0x84/0x110 [ 324.910154][T10295] do_syscall_64+0x3f6/0x490 [ 324.910183][T10295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.910205][T10295] RIP: 0033:0x7f139f78ebe9 [ 324.910224][T10295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.910244][T10295] RSP: 002b:00007f13a068e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 324.910266][T10295] RAX: fffffffffffffe00 RBX: 00007f139f9b5fa8 RCX: 00007f139f78ebe9 [ 324.910282][T10295] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f139f9b5fa8 [ 324.910296][T10295] RBP: 00007f139f9b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 324.910310][T10295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.910322][T10295] R13: 00007f139f9b6038 R14: 00007ffc79368900 R15: 00007ffc793689e8 [ 324.910353][T10295] [ 325.641456][T10312] FAULT_INJECTION: forcing a failure. [ 325.641456][T10312] name failslab, interval 1, probability 0, space 0, times 0 [ 325.691104][T10312] CPU: 0 UID: 0 PID: 10312 Comm: syz.3.795 Not tainted syzkaller #0 PREEMPT(full) [ 325.691131][T10312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 325.691140][T10312] Call Trace: [ 325.691146][T10312] [ 325.691152][T10312] dump_stack_lvl+0x16c/0x1f0 [ 325.691177][T10312] should_fail_ex+0x512/0x640 [ 325.691198][T10312] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 325.691218][T10312] should_failslab+0xc2/0x120 [ 325.691237][T10312] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 325.691253][T10312] ? find_held_lock+0x2b/0x80 [ 325.691267][T10312] ? vm_area_dup+0x27/0x8d0 [ 325.691282][T10312] ? dup_mmap+0x5cb/0x21d0 [ 325.691304][T10312] vm_area_dup+0x27/0x8d0 [ 325.691320][T10312] dup_mmap+0x877/0x21d0 [ 325.691348][T10312] ? __pfx_dup_mmap+0x10/0x10 [ 325.691381][T10312] copy_process+0x4081/0x7690 [ 325.691399][T10312] ? __pfx___futex_wait+0x10/0x10 [ 325.691427][T10312] ? __pfx_copy_process+0x10/0x10 [ 325.691444][T10312] ? futex_private_hash_put+0x176/0x300 [ 325.691464][T10312] ? futex_private_hash_put+0x18a/0x300 [ 325.691483][T10312] kernel_clone+0xfc/0x930 [ 325.691503][T10312] ? __pfx_kernel_clone+0x10/0x10 [ 325.691532][T10312] __do_sys_clone+0xce/0x120 [ 325.691549][T10312] ? __pfx___do_sys_clone+0x10/0x10 [ 325.691566][T10312] ? ksys_unshare+0x687/0xa40 [ 325.691592][T10312] ? xfd_validate_state+0x61/0x180 [ 325.691619][T10312] do_syscall_64+0xcd/0x490 [ 325.691640][T10312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.691654][T10312] RIP: 0033:0x7fe5ab78ebe9 [ 325.691666][T10312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.691680][T10312] RSP: 002b:00007fe5ac52efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 325.691694][T10312] RAX: ffffffffffffffda RBX: 00007fe5ab9b5fa0 RCX: 00007fe5ab78ebe9 [ 325.691703][T10312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 325.691711][T10312] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 325.691720][T10312] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 325.691728][T10312] R13: 00007fe5ab9b6038 R14: 00007fe5ab9b5fa0 R15: 00007ffe3233f848 [ 325.691746][T10312] [ 328.687051][T10369] netlink: 4 bytes leftover after parsing attributes in process `syz.3.802'. [ 328.947279][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.040160][T10371] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 329.085207][T10371] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 329.112564][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.128322][T10371] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 329.272470][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.411563][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.447652][T10375] netlink: 146 bytes leftover after parsing attributes in process `syz.1.804'. [ 329.794755][ T12] bridge_slave_1: left allmulticast mode [ 329.811414][ T12] bridge_slave_1: left promiscuous mode [ 329.818333][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.931839][ T12] bridge_slave_0: left allmulticast mode [ 329.937582][ T12] bridge_slave_0: left promiscuous mode [ 329.958131][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.271206][ T5185] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 330.284572][ T5185] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 330.295855][ T5185] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 330.306514][ T5185] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 330.310707][T10392] ERROR: Out of memory at tomoyo_memory_ok. [ 330.339097][ T5185] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 331.911716][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.087570][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.114464][ T12] bond0 (unregistering): Released all slaves [ 332.413739][ T5185] Bluetooth: hci1: command tx timeout [ 333.813733][ T12] hsr_slave_0: left promiscuous mode [ 333.885832][ T12] hsr_slave_1: left promiscuous mode [ 333.976924][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.990742][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.134807][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.150830][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.324022][ T12] veth1_macvtap: left promiscuous mode [ 334.330293][ T12] veth0_macvtap: left promiscuous mode [ 334.337628][ T12] veth1_vlan: left promiscuous mode [ 334.347466][ T12] veth0_vlan: left promiscuous mode [ 334.496249][ T5185] Bluetooth: hci1: command tx timeout [ 334.926032][ T12] team0 (unregistering): Port device team_slave_1 removed [ 334.972505][ T12] team0 (unregistering): Port device team_slave_0 removed [ 335.647249][T10398] chnl_net:caif_netlink_parms(): no params data found [ 335.888397][T10398] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.895791][T10398] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.907629][T10398] bridge_slave_0: entered allmulticast mode [ 335.915807][T10398] bridge_slave_0: entered promiscuous mode [ 335.972224][T10398] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.979388][T10398] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.994517][T10398] bridge_slave_1: entered allmulticast mode [ 336.005538][T10398] bridge_slave_1: entered promiscuous mode [ 336.076714][T10398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.109856][T10398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 336.320602][T10398] team0: Port device team_slave_0 added [ 336.422537][T10503] ptrace attach of "./syz-executor exec"[10505] was attempted by "./syz-executor exec"[10503] [ 336.515207][T10398] team0: Port device team_slave_1 added [ 336.576217][ T5185] Bluetooth: hci1: command tx timeout [ 336.624795][T10398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 336.631752][T10398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.732098][T10398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 336.781104][T10398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 336.822093][T10398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.882608][T10398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 337.026768][T10398] hsr_slave_0: entered promiscuous mode [ 337.048163][T10398] hsr_slave_1: entered promiscuous mode [ 338.618436][T10398] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 338.653100][ T5185] Bluetooth: hci1: command tx timeout [ 338.666905][T10398] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 338.727614][T10398] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 338.781331][T10545] ptrace attach of "./syz-executor exec"[10550] was attempted by "./syz-executor exec"[10545] [ 338.796082][T10398] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 339.665184][T10398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.718567][T10398] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.922388][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.930484][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.995820][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.003005][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.235702][T10398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.241209][T10398] veth0_vlan: entered promiscuous mode [ 342.299124][T10398] veth1_vlan: entered promiscuous mode [ 342.544760][T10398] veth0_macvtap: entered promiscuous mode [ 342.668665][T10398] veth1_macvtap: entered promiscuous mode [ 342.816792][T10398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 342.876538][T10398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 342.946205][ T7742] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.956134][T10650] net_ratelimit: 19 callbacks suppressed [ 342.956164][T10650] sock: sock_set_timeout: `syz.3.830' (pid 10650) tries to set negative timeout [ 342.984851][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 342.999144][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.009087][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.449438][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.470431][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.613928][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.670096][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.787519][T10670] netlink: 25 bytes leftover after parsing attributes in process `syz.3.835'. [ 344.376594][T10658] EXT4-fs (sda1): Delayed block allocation failed for inode 2028 at logical offset 8 with max blocks 2 with error 117 [ 344.533566][T10658] EXT4-fs (sda1): This should not happen!! Data will be lost [ 344.533566][T10658] [ 346.851676][T10705] cougar: G6 mapped to space [ 346.892641][T10705] cougar: G6 mapped to space [ 346.926977][T10705] cougar: G6 mapped to space [ 346.971818][T10705] cougar: G6 mapped to space [ 347.002321][T10705] cougar: G6 mapped to space [ 347.035715][T10705] cougar: G6 mapped to space [ 347.048628][T10705] cougar: G6 mapped to space [ 347.053448][T10705] cougar: G6 mapped to space [ 347.061789][T10705] cougar: G6 mapped to space [ 347.082584][T10705] cougar: G6 mapped to space [ 347.107454][T10705] cougar: G6 mapped to space [ 347.124421][T10705] cougar: G6 mapped to space [ 347.151180][T10705] cougar: G6 mapped to space [ 347.180916][T10705] cougar: G6 mapped to space [ 347.205032][T10705] cougar: G6 mapped to space [ 347.234156][T10705] cougar: G6 mapped to space [ 347.248268][T10705] cougar: G6 mapped to space [ 347.339039][T10705] cougar: G6 mapped to space [ 347.345374][T10705] cougar: G6 mapped to space [ 347.350364][T10705] cougar: G6 mapped to space [ 347.355090][T10705] cougar: G6 mapped to space [ 347.360146][T10705] cougar: G6 mapped to space [ 347.365654][T10705] cougar: G6 mapped to space [ 347.370981][T10705] cougar: G6 mapped to space [ 347.375684][T10705] cougar: G6 mapped to space [ 347.380509][T10705] cougar: G6 mapped to space [ 347.385231][T10705] cougar: G6 mapped to space [ 347.390009][T10705] cougar: G6 mapped to space [ 347.394732][T10705] cougar: G6 mapped to space [ 347.401047][T10705] cougar: G6 mapped to space [ 347.405756][T10705] cougar: G6 mapped to space [ 347.444681][T10705] cougar: G6 mapped to space [ 347.450761][T10705] cougar: G6 mapped to space [ 349.695548][ T30] audit: type=1804 audit(4294968381.842:5): pid=10769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.853" name="/newroot/229/file0" dev="tmpfs" ino=1199 res=1 errno=0 [ 350.455416][T10748] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 350.462150][T10748] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 350.469077][T10748] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 350.475654][T10748] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 350.482457][T10748] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 350.500607][T10748] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 351.221537][ T5185] Bluetooth: hci0: command 0x0419 tx timeout [ 352.062997][T10819] netlink: 252 bytes leftover after parsing attributes in process `syz.3.863'. [ 352.099320][T10819] unsupported nla_type 65535 [ 352.506190][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 352.512638][ T5874] Bluetooth: hci3: command 0x0c1a tx timeout [ 352.512644][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 353.960738][T10839] ubi0: attaching mtd0 [ 353.964968][T10839] ubi0 error: ubi_attach_mtd_dev: bad VID header (536870975) or data offsets (536871039) [ 354.241745][T10842] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 354.303017][T10842] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 354.396423][T10842] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 354.411195][ T3528] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:7: bg 3: bad block bitmap checksum [ 354.511308][T10842] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 354.705324][ T3528] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1311 with max blocks 1 with error 74 [ 354.767568][ T3528] EXT4-fs (sda1): This should not happen!! Data will be lost [ 354.767568][ T3528] [ 354.794868][ T13] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1322 with max blocks 1 with error 117 [ 354.842274][ T13] EXT4-fs (sda1): This should not happen!! Data will be lost [ 354.842274][ T13] [ 355.182449][T10862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.870'. [ 355.516276][T10872] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1335 with max blocks 1 with error 117 [ 355.529270][T10872] EXT4-fs (sda1): This should not happen!! Data will be lost [ 355.529270][T10872] [ 356.219174][ T30] audit: type=1326 audit(4294968388.339:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10880 comm="syz.3.876" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe5ab78ebe9 code=0x0 [ 356.261966][ T5874] Bluetooth: hci0: command 0x0419 tx timeout [ 356.342566][ T5874] Bluetooth: hci2: command 0x0c1a tx timeout [ 356.342809][ T5185] Bluetooth: hci3: command 0x0c1a tx timeout [ 356.582054][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 356.846339][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1316 with max blocks 1 with error 117 [ 356.890946][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 356.890946][ T12] [ 356.918083][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1340 with max blocks 1 with error 117 [ 356.931261][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 356.931261][ T12] [ 357.061460][T10899] random: crng reseeded on system resumption [ 357.406762][T10916] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'. [ 358.667044][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 359.721868][ T12] EXT4-fs: 4 callbacks suppressed [ 359.721881][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1345 with max blocks 2 with error 117 [ 359.741641][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 359.741641][ T12] [ 360.194990][T10975] netlink: 4 bytes leftover after parsing attributes in process `syz.3.894'. [ 360.696302][T10992] ubi0: attaching mtd0 [ 360.704139][T10992] ubi0 error: ubi_attach_mtd_dev: bad VID header (536870975) or data offsets (536871039) [ 362.496928][ T7742] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1269 with max blocks 1 with error 117 [ 362.586709][ T7742] EXT4-fs (sda1): This should not happen!! Data will be lost [ 362.586709][ T7742] [ 362.679161][ T7742] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1310 with max blocks 1 with error 117 [ 362.725019][ T7742] EXT4-fs (sda1): This should not happen!! Data will be lost [ 362.725019][ T7742] [ 363.178164][ T49] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1312 with max blocks 1 with error 117 [ 363.193487][T11016] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 363.205906][T11016] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 363.212260][T11016] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 363.243195][T11016] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 363.245560][ T49] EXT4-fs (sda1): This should not happen!! Data will be lost [ 363.245560][ T49] [ 363.285156][ T49] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1325 with max blocks 1 with error 117 [ 363.301941][ T49] EXT4-fs (sda1): This should not happen!! Data will be lost [ 363.301941][ T49] [ 363.774986][T11051] ptrace attach of "./syz-executor exec"[5867] was attempted by "./syz-executor exec"[11051] [ 364.668459][ T5185] Bluetooth: hci0: command 0x0419 tx timeout [ 365.055982][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1351 with max blocks 1 with error 117 [ 365.137504][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 365.137504][ T12] [ 365.237295][ T5185] Bluetooth: hci2: command 0x0c1a tx timeout [ 365.237312][ T5874] Bluetooth: hci3: command 0x0c1a tx timeout [ 365.323837][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 365.328043][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1354 with max blocks 1 with error 117 [ 365.366366][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 365.366366][ T12] [ 366.168295][T11107] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 366.610232][T11119] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 367.658739][T11141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.925'. [ 367.844642][ T214] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1263 with max blocks 1 with error 117 [ 367.877410][ T214] EXT4-fs (sda1): This should not happen!! Data will be lost [ 367.877410][ T214] [ 367.952284][ T214] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 930 with max blocks 2 with error 117 [ 368.060748][ T214] EXT4-fs (sda1): This should not happen!! Data will be lost [ 368.060748][ T214] [ 368.130657][ T214] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1282 with max blocks 1 with error 117 [ 368.175210][ T214] EXT4-fs (sda1): This should not happen!! Data will be lost [ 368.175210][ T214] [ 368.570673][T11161] futex_wake_op: syz.3.930 tries to shift op by -2048; fix this program [ 368.579904][T11161] futex_wake_op: syz.3.930 tries to shift op by -2048; fix this program [ 368.661501][T11161] FAULT_INJECTION: forcing a failure. [ 368.661501][T11161] name failslab, interval 1, probability 0, space 0, times 0 [ 368.686599][T11161] CPU: 0 UID: 0 PID: 11161 Comm: syz.3.930 Not tainted syzkaller #0 PREEMPT(full) [ 368.686636][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 368.686653][T11161] Call Trace: [ 368.686662][T11161] [ 368.686673][T11161] dump_stack_lvl+0x16c/0x1f0 [ 368.686714][T11161] should_fail_ex+0x512/0x640 [ 368.686749][T11161] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 368.686783][T11161] should_failslab+0xc2/0x120 [ 368.686816][T11161] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 368.686846][T11161] ? security_file_alloc+0x34/0x2b0 [ 368.686882][T11161] security_file_alloc+0x34/0x2b0 [ 368.686914][T11161] init_file+0x93/0x4c0 [ 368.686949][T11161] alloc_empty_file+0x73/0x1e0 [ 368.686987][T11161] alloc_file_pseudo+0x13a/0x230 [ 368.687026][T11161] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 368.687064][T11161] ? do_raw_spin_unlock+0x172/0x230 [ 368.687105][T11161] __anon_inode_getfile+0xe8/0x280 [ 368.687143][T11161] anon_inode_getfile_fmode+0x37/0xa0 [ 368.687176][T11161] do_signalfd4+0x206/0x430 [ 368.687210][T11161] __x64_sys_signalfd4+0x14b/0x1d0 [ 368.687240][T11161] ? __pfx___x64_sys_signalfd4+0x10/0x10 [ 368.687282][T11161] do_syscall_64+0xcd/0x490 [ 368.687326][T11161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.687352][T11161] RIP: 0033:0x7fe5ab78ebe9 [ 368.687373][T11161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.687398][T11161] RSP: 002b:00007fe5ac52f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000121 [ 368.687421][T11161] RAX: ffffffffffffffda RBX: 00007fe5ab9b5fa0 RCX: 00007fe5ab78ebe9 [ 368.687437][T11161] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00000000ffffffff [ 368.687452][T11161] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 368.687466][T11161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.687480][T11161] R13: 00007fe5ab9b6038 R14: 00007fe5ab9b5fa0 R15: 00007ffe3233f848 [ 368.687513][T11161] [ 370.341209][T11163] vivid-009: ================= START STATUS ================= [ 370.349276][T11163] vivid-009: Enable Output Cropping: true grabbed [ 370.355956][T11163] vivid-009: Enable Output Composing: true grabbed [ 370.363591][T11163] vivid-009: Enable Output Scaler: true grabbed [ 370.374499][T11163] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 370.401875][T11163] vivid-009: Transmit Mode: HDMI grabbed [ 370.414163][T11163] vivid-009: Hotplug Present: 0x00000000 [ 370.492000][T11163] vivid-009: RxSense Present: 0x00000000 [ 370.524019][T11163] vivid-009: EDID Present: 0x00000000 [ 370.529722][T11163] vivid-009: ================== END STATUS ================== [ 371.426443][T11227] ubi0: attaching mtd0 [ 371.473348][T11227] ubi0 error: ubi_attach_mtd_dev: bad VID header (536870975) or data offsets (536871039) [ 372.897640][T11262] ptm ptm3: ldisc open failed (-12), clearing slot 3 [ 373.370780][ T59] EXT4-fs: 10 callbacks suppressed [ 373.370800][ T59] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 928 with max blocks 4 with error 117 [ 373.411213][ T59] EXT4-fs (sda1): This should not happen!! Data will be lost [ 373.411213][ T59] [ 373.453429][ T59] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1248 with max blocks 2 with error 117 [ 373.488325][ T59] EXT4-fs (sda1): This should not happen!! Data will be lost [ 373.488325][ T59] [ 373.516210][ T59] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 1330 with max blocks 36 with error 117 [ 373.543851][ T59] EXT4-fs (sda1): This should not happen!! Data will be lost [ 373.543851][ T59] [ 373.607609][ T59] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1281 with max blocks 1 with error 117 [ 373.649657][ T59] EXT4-fs (sda1): This should not happen!! Data will be lost [ 373.649657][ T59] [ 374.018304][T11301] netlink: 4 bytes leftover after parsing attributes in process `syz.3.955'. [ 375.580689][T11346] FAULT_INJECTION: forcing a failure. [ 375.580689][T11346] name failslab, interval 1, probability 0, space 0, times 0 [ 375.611086][T11346] CPU: 0 UID: 0 PID: 11346 Comm: syz.3.962 Not tainted syzkaller #0 PREEMPT(full) [ 375.611122][T11346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 375.611137][T11346] Call Trace: [ 375.611145][T11346] [ 375.611154][T11346] dump_stack_lvl+0x16c/0x1f0 [ 375.611193][T11346] should_fail_ex+0x512/0x640 [ 375.611226][T11346] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 375.611262][T11346] should_failslab+0xc2/0x120 [ 375.611296][T11346] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 375.611327][T11346] ? __alloc_skb+0x2b2/0x380 [ 375.611364][T11346] __alloc_skb+0x2b2/0x380 [ 375.611398][T11346] ? __pfx___alloc_skb+0x10/0x10 [ 375.611433][T11346] ? if_nlmsg_size+0x475/0xaf0 [ 375.611474][T11346] rtmsg_ifinfo_build_skb+0x81/0x280 [ 375.611520][T11346] rtmsg_ifinfo+0x9f/0x1a0 [ 375.611564][T11346] netif_state_change+0x17f/0x3b0 [ 375.611589][T11346] ? __pfx_netif_state_change+0x10/0x10 [ 375.611633][T11346] ? tun_get+0x191/0x370 [ 375.611686][T11346] netdev_state_change+0xaa/0x240 [ 375.611728][T11346] __tun_chr_ioctl+0x2443/0x48b0 [ 375.611753][T11346] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 375.611799][T11346] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 375.611830][T11346] ? hook_file_ioctl_common+0x145/0x410 [ 375.611873][T11346] ? __fget_files+0x20e/0x3c0 [ 375.611907][T11346] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 375.611933][T11346] __x64_sys_ioctl+0x18e/0x210 [ 375.611975][T11346] do_syscall_64+0xcd/0x490 [ 375.612013][T11346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.612037][T11346] RIP: 0033:0x7fe5ab78ebe9 [ 375.612058][T11346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.612083][T11346] RSP: 002b:00007fe5a91b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 375.612107][T11346] RAX: ffffffffffffffda RBX: 00007fe5ab9b6360 RCX: 00007fe5ab78ebe9 [ 375.612122][T11346] RDX: 000000000000006f RSI: 00000000400454cc RDI: 04000000000000c8 [ 375.612138][T11346] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 375.612154][T11346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.612169][T11346] R13: 00007fe5ab9b63f8 R14: 00007fe5ab9b6360 R15: 00007ffe3233f848 [ 375.612203][T11346] [ 375.866677][T11347] FAULT_INJECTION: forcing a failure. [ 375.866677][T11347] name failslab, interval 1, probability 0, space 0, times 0 [ 375.879445][T11347] CPU: 0 UID: 0 PID: 11347 Comm: syz.1.963 Not tainted syzkaller #0 PREEMPT(full) [ 375.879468][T11347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 375.879477][T11347] Call Trace: [ 375.879483][T11347] [ 375.879489][T11347] dump_stack_lvl+0x16c/0x1f0 [ 375.879513][T11347] should_fail_ex+0x512/0x640 [ 375.879534][T11347] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 375.879552][T11347] should_failslab+0xc2/0x120 [ 375.879571][T11347] __kmalloc_cache_noprof+0x6a/0x3e0 [ 375.879586][T11347] ? madvise_collapse+0x1a6/0xaa0 [ 375.879618][T11347] madvise_collapse+0x1a6/0xaa0 [ 375.879644][T11347] ? rcu_is_watching+0x12/0xc0 [ 375.879659][T11347] ? finish_task_switch.isra.0+0x221/0xc10 [ 375.879673][T11347] ? lockdep_hardirqs_on+0x7c/0x110 [ 375.879691][T11347] ? finish_task_switch.isra.0+0x221/0xc10 [ 375.879705][T11347] ? __pfx_madvise_collapse+0x10/0x10 [ 375.879723][T11347] ? rcu_is_watching+0x12/0xc0 [ 375.879737][T11347] ? trace_sched_exit_tp+0xd1/0x120 [ 375.879763][T11347] madvise_vma_behavior+0x10a4/0x2d60 [ 375.879785][T11347] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 375.879803][T11347] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 375.879824][T11347] ? __pfx_mas_prev+0x10/0x10 [ 375.879849][T11347] ? find_vma_prev+0xda/0x160 [ 375.879868][T11347] ? find_held_lock+0x2b/0x80 [ 375.879881][T11347] ? __pfx_find_vma_prev+0x10/0x10 [ 375.879901][T11347] ? futex_unqueue+0x133/0x2c0 [ 375.879923][T11347] ? __futex_wait+0x24c/0x2f0 [ 375.879946][T11347] madvise_walk_vmas+0x31f/0x9c0 [ 375.879969][T11347] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 375.879994][T11347] madvise_do_behavior+0x1e2/0x530 [ 375.880013][T11347] ? futex_private_hash_put+0x18a/0x300 [ 375.880030][T11347] ? __pfx_madvise_do_behavior+0x10/0x10 [ 375.880051][T11347] ? down_read+0x13d/0x480 [ 375.880080][T11347] do_madvise+0x176/0x240 [ 375.880099][T11347] ? __pfx_do_madvise+0x10/0x10 [ 375.880117][T11347] ? do_futex+0x122/0x350 [ 375.880148][T11347] ? syscall_user_dispatch+0x78/0x140 [ 375.880172][T11347] __x64_sys_madvise+0xa9/0x110 [ 375.880193][T11347] do_syscall_64+0xcd/0x490 [ 375.880213][T11347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.880227][T11347] RIP: 0033:0x7f139f78ebe9 [ 375.880240][T11347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.880254][T11347] RSP: 002b:00007f13a062b038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 375.880269][T11347] RAX: ffffffffffffffda RBX: 00007f139f9b6270 RCX: 00007f139f78ebe9 [ 375.880283][T11347] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 375.880296][T11347] RBP: 00007f139f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 375.880309][T11347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.880323][T11347] R13: 00007f139f9b6308 R14: 00007f139f9b6270 R15: 00007ffc793689e8 [ 375.880356][T11347] [ 376.195296][T11339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'. [ 377.586889][T11368] netlink: 4 bytes leftover after parsing attributes in process `syz.1.967'. [ 378.012817][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1248 with max blocks 1 with error 117 [ 378.059434][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 378.059434][ T3594] [ 378.616179][ T3594] EXT4-fs: 8 callbacks suppressed [ 378.616197][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1306 with max blocks 1 with error 117 [ 378.693292][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 378.693292][ T3594] [ 378.725865][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1320 with max blocks 1 with error 117 [ 378.740976][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 378.740976][ T3594] [ 378.758054][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.765910][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.521445][ T5185] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 381.386896][T11430] vivid-009: ================= START STATUS ================= [ 381.435747][T11430] vivid-009: Enable Output Cropping: true grabbed [ 381.449185][T11430] vivid-009: Enable Output Composing: true grabbed [ 381.475527][T11430] vivid-009: Enable Output Scaler: true grabbed [ 381.494846][T11430] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 381.502071][T11430] vivid-009: Transmit Mode: HDMI grabbed [ 381.535885][T11430] vivid-009: Hotplug Present: 0x00000000 [ 381.556575][ T5185] Bluetooth: hci3: command 0x0c1a tx timeout [ 381.566672][T11430] vivid-009: RxSense Present: 0x00000000 [ 381.572466][T11430] vivid-009: EDID Present: 0x00000000 [ 381.617962][T11430] vivid-009: ================== END STATUS ================== [ 381.883790][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1248 with max blocks 1 with error 117 [ 381.915372][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 381.915372][ T12] [ 382.004715][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1349 with max blocks 7 with error 117 [ 382.029274][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 382.029274][ T12] [ 382.051950][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1259 with max blocks 1 with error 117 [ 382.073279][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 382.073279][ T12] [ 383.139325][T11494] netlink: 16 bytes leftover after parsing attributes in process `syz.1.992'. [ 383.175125][T11494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.992'. [ 384.259423][T11515] ubi0: attaching mtd0 [ 384.282240][T11515] ubi0: scanning is finished [ 384.298821][T11515] ubi0: empty MTD device detected [ 384.503581][T11209] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1244 with max blocks 1 with error 117 [ 384.566129][T11209] EXT4-fs (sda1): This should not happen!! Data will be lost [ 384.566129][T11209] [ 384.638186][T11209] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1349 with max blocks 1 with error 117 [ 384.726246][T11209] EXT4-fs (sda1): This should not happen!! Data will be lost [ 384.726246][T11209] [ 384.728240][T11515] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 384.754170][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1246 with max blocks 1 with error 117 [ 384.795798][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 384.795798][ T3594] [ 384.808144][T11515] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 384.829874][T11515] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 384.839940][T11515] ubi0: VID header offset: 514 (aligned 514), data offset: 578 [ 384.849867][T11515] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 384.859970][T11515] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 384.897439][T11515] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1723777035 [ 384.946430][T11515] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 384.958031][T11529] ubi0: background thread "ubi_bgt0d" started, PID 11529 [ 385.930440][T11558] FAULT_INJECTION: forcing a failure. [ 385.930440][T11558] name failslab, interval 1, probability 0, space 0, times 0 [ 385.944707][T11558] CPU: 1 UID: 0 PID: 11558 Comm: syz.0.1003 Not tainted syzkaller #0 PREEMPT(full) [ 385.944742][T11558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 385.944757][T11558] Call Trace: [ 385.944767][T11558] [ 385.944777][T11558] dump_stack_lvl+0x16c/0x1f0 [ 385.944817][T11558] should_fail_ex+0x512/0x640 [ 385.944861][T11558] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 385.944894][T11558] should_failslab+0xc2/0x120 [ 385.944929][T11558] __kmalloc_cache_noprof+0x6a/0x3e0 [ 385.944957][T11558] ? madvise_collapse+0x1a6/0xaa0 [ 385.944998][T11558] madvise_collapse+0x1a6/0xaa0 [ 385.945033][T11558] ? rcu_is_watching+0x12/0xc0 [ 385.945059][T11558] ? finish_task_switch.isra.0+0x221/0xc10 [ 385.945089][T11558] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 385.945115][T11558] ? __pfx_madvise_collapse+0x10/0x10 [ 385.945150][T11558] ? rcu_is_watching+0x12/0xc0 [ 385.945176][T11558] ? trace_sched_exit_tp+0xd1/0x120 [ 385.945225][T11558] madvise_vma_behavior+0x10a4/0x2d60 [ 385.945267][T11558] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 385.945301][T11558] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 385.945341][T11558] ? __pfx_mas_prev+0x10/0x10 [ 385.945383][T11558] ? find_vma_prev+0xda/0x160 [ 385.945418][T11558] ? find_held_lock+0x2b/0x80 [ 385.945443][T11558] ? __pfx_find_vma_prev+0x10/0x10 [ 385.945478][T11558] ? futex_unqueue+0x133/0x2c0 [ 385.945519][T11558] ? __futex_wait+0x24c/0x2f0 [ 385.945561][T11558] madvise_walk_vmas+0x31f/0x9c0 [ 385.945602][T11558] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 385.945649][T11558] madvise_do_behavior+0x1e2/0x530 [ 385.945684][T11558] ? futex_private_hash_put+0x18a/0x300 [ 385.945715][T11558] ? __pfx_madvise_do_behavior+0x10/0x10 [ 385.945754][T11558] ? down_read+0x13d/0x480 [ 385.945807][T11558] do_madvise+0x176/0x240 [ 385.945855][T11558] ? __pfx_do_madvise+0x10/0x10 [ 385.945890][T11558] ? do_futex+0x122/0x350 [ 385.945950][T11558] ? syscall_user_dispatch+0x78/0x140 [ 385.945996][T11558] __x64_sys_madvise+0xa9/0x110 [ 385.946035][T11558] do_syscall_64+0xcd/0x490 [ 385.946073][T11558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.946099][T11558] RIP: 0033:0x7f03d918ebe9 [ 385.946120][T11558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.946146][T11558] RSP: 002b:00007f03d9fce038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 385.946172][T11558] RAX: ffffffffffffffda RBX: 00007f03d93b6270 RCX: 00007f03d918ebe9 [ 385.946189][T11558] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 385.946205][T11558] RBP: 00007f03d9211e19 R08: 0000000000000000 R09: 0000000000000000 [ 385.946222][T11558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.946238][T11558] R13: 00007f03d93b6308 R14: 00007f03d93b6270 R15: 00007ffe5a224938 [ 385.946274][T11558] [ 386.224139][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.449489][T11294] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1277 with max blocks 1 with error 117 [ 387.560367][T11294] EXT4-fs (sda1): This should not happen!! Data will be lost [ 387.560367][T11294] [ 387.609868][T11294] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 927 with max blocks 1 with error 117 [ 387.633366][T11294] EXT4-fs (sda1): This should not happen!! Data will be lost [ 387.633366][T11294] [ 387.954709][T11584] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input14 [ 389.005134][T11580] Process accounting resumed [ 390.662525][T11638] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.320392][T11615] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 391.327607][T11615] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 391.334837][T11615] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 391.341961][T11615] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 391.348198][T11615] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 391.584458][T11654] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1026'. [ 391.605206][T11654] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1026'. [ 391.630887][T11653] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 391.656958][T11653] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 391.665538][T11653] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 391.687012][T11653] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 392.596750][T11294] EXT4-fs: 12 callbacks suppressed [ 392.596768][T11294] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1241 with max blocks 1 with error 117 [ 392.697586][T11294] EXT4-fs (sda1): This should not happen!! Data will be lost [ 392.697586][T11294] [ 392.841194][T11294] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1351 with max blocks 1 with error 117 [ 392.880203][T11294] EXT4-fs (sda1): This should not happen!! Data will be lost [ 392.880203][T11294] [ 393.642493][ T5185] Bluetooth: hci0: command 0x0419 tx timeout [ 393.720819][ T5185] Bluetooth: hci1: command 0x0c1a tx timeout [ 393.726968][ T5874] Bluetooth: hci2: command 0x0c1a tx timeout [ 393.733094][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 395.801666][ T5185] Bluetooth: hci3: command 0x0c1a tx timeout [ 396.083327][ T30] audit: type=1800 audit(4294968428.189:7): pid=11746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1043" name="members" dev="configfs" ino=34874 res=0 errno=0 [ 396.866201][T11763] ptrace attach of "./syz-executor exec"[11765] was attempted by "./syz-executor exec"[11763] [ 398.428579][ T30] audit: type=1806 audit(4294968430.538:8): xattr="" res=-22 [ 398.579124][T11806] ICMPv6: process `syz.2.1050' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 399.446177][T11809] FAULT_INJECTION: forcing a failure. [ 399.446177][T11809] name failslab, interval 1, probability 0, space 0, times 0 [ 399.462883][T11809] CPU: 0 UID: 0 PID: 11809 Comm: syz.0.1052 Not tainted syzkaller #0 PREEMPT(full) [ 399.462917][T11809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 399.462931][T11809] Call Trace: [ 399.462940][T11809] [ 399.462951][T11809] dump_stack_lvl+0x16c/0x1f0 [ 399.462986][T11809] should_fail_ex+0x512/0x640 [ 399.463020][T11809] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 399.463051][T11809] should_failslab+0xc2/0x120 [ 399.463085][T11809] __kmalloc_cache_noprof+0x6a/0x3e0 [ 399.463112][T11809] ? madvise_collapse+0x1a6/0xaa0 [ 399.463153][T11809] madvise_collapse+0x1a6/0xaa0 [ 399.463189][T11809] ? rcu_is_watching+0x12/0xc0 [ 399.463215][T11809] ? finish_task_switch.isra.0+0x221/0xc10 [ 399.463241][T11809] ? lockdep_hardirqs_on+0x7c/0x110 [ 399.463274][T11809] ? finish_task_switch.isra.0+0x221/0xc10 [ 399.463320][T11809] ? __pfx_madvise_collapse+0x10/0x10 [ 399.463352][T11809] ? rcu_is_watching+0x12/0xc0 [ 399.463375][T11809] ? trace_sched_exit_tp+0xd1/0x120 [ 399.463417][T11809] madvise_vma_behavior+0x10a4/0x2d60 [ 399.463451][T11809] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 399.463483][T11809] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 399.463520][T11809] ? __pfx_mas_prev+0x10/0x10 [ 399.463555][T11809] ? find_vma_prev+0xda/0x160 [ 399.463586][T11809] ? find_held_lock+0x2b/0x80 [ 399.463609][T11809] ? __pfx_find_vma_prev+0x10/0x10 [ 399.463640][T11809] ? futex_unqueue+0x133/0x2c0 [ 399.463681][T11809] ? __futex_wait+0x24c/0x2f0 [ 399.463720][T11809] madvise_walk_vmas+0x31f/0x9c0 [ 399.463759][T11809] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 399.463801][T11809] madvise_do_behavior+0x1e2/0x530 [ 399.463833][T11809] ? futex_private_hash_put+0x18a/0x300 [ 399.463861][T11809] ? __pfx_madvise_do_behavior+0x10/0x10 [ 399.463897][T11809] ? down_read+0x13d/0x480 [ 399.463941][T11809] do_madvise+0x176/0x240 [ 399.463970][T11809] ? __pfx_do_madvise+0x10/0x10 [ 399.464001][T11809] ? do_futex+0x122/0x350 [ 399.464054][T11809] ? syscall_user_dispatch+0x78/0x140 [ 399.464097][T11809] __x64_sys_madvise+0xa9/0x110 [ 399.464132][T11809] do_syscall_64+0xcd/0x490 [ 399.464167][T11809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.464192][T11809] RIP: 0033:0x7f03d918ebe9 [ 399.464210][T11809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.464234][T11809] RSP: 002b:00007f03da031038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 399.464258][T11809] RAX: ffffffffffffffda RBX: 00007f03d93b5fa0 RCX: 00007f03d918ebe9 [ 399.464273][T11809] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 399.464288][T11809] RBP: 00007f03d9211e19 R08: 0000000000000000 R09: 0000000000000000 [ 399.464314][T11809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 399.464329][T11809] R13: 00007f03d93b6038 R14: 00007f03d93b5fa0 R15: 00007ffe5a224938 [ 399.464364][T11809] [ 400.296286][T11830] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1062'. [ 400.341215][T11830] FAULT_INJECTION: forcing a failure. [ 400.341215][T11830] name failslab, interval 1, probability 0, space 0, times 0 [ 400.354118][T11830] CPU: 1 UID: 0 PID: 11830 Comm: syz.3.1062 Not tainted syzkaller #0 PREEMPT(full) [ 400.354142][T11830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 400.354152][T11830] Call Trace: [ 400.354158][T11830] [ 400.354164][T11830] dump_stack_lvl+0x16c/0x1f0 [ 400.354188][T11830] should_fail_ex+0x512/0x640 [ 400.354209][T11830] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 400.354228][T11830] should_failslab+0xc2/0x120 [ 400.354248][T11830] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 400.354265][T11830] ? mas_alloc_nodes+0x18b/0x8b0 [ 400.354284][T11830] mas_alloc_nodes+0x18b/0x8b0 [ 400.354303][T11830] mas_node_count_gfp+0x105/0x130 [ 400.354321][T11830] mas_preallocate+0x7e0/0xde0 [ 400.354340][T11830] ? __memcg_slab_post_alloc_hook+0x412/0x960 [ 400.354363][T11830] ? __pfx_mas_preallocate+0x10/0x10 [ 400.354389][T11830] ? anon_vma_name+0x81/0x2f0 [ 400.354412][T11830] __split_vma+0x34a/0x1070 [ 400.354430][T11830] ? __pfx___split_vma+0x10/0x10 [ 400.354449][T11830] ? __lock_acquire+0x62e/0x1ce0 [ 400.354472][T11830] vma_modify+0x16dc/0x2030 [ 400.354491][T11830] ? find_held_lock+0x2b/0x80 [ 400.354519][T11830] ? __pfx_vma_modify+0x10/0x10 [ 400.354541][T11830] vma_modify_flags+0x212/0x2d0 [ 400.354557][T11830] ? __pfx_vma_modify_flags+0x10/0x10 [ 400.354588][T11830] mlock_fixup+0x27c/0xe50 [ 400.354605][T11830] ? mas_find+0x156/0x6d0 [ 400.354625][T11830] apply_vma_lock_flags+0x261/0x390 [ 400.354643][T11830] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 400.354659][T11830] ? __pfx___might_resched+0x10/0x10 [ 400.354679][T11830] ? __pfx_down_write_killable+0x10/0x10 [ 400.354700][T11830] ? do_futex+0x122/0x350 [ 400.354720][T11830] do_mlock+0x2ac/0x810 [ 400.354737][T11830] ? __pfx_do_mlock+0x10/0x10 [ 400.354751][T11830] ? __x64_sys_futex+0x1e0/0x4c0 [ 400.354768][T11830] ? __x64_sys_futex+0x1e9/0x4c0 [ 400.354785][T11830] ? __x64_sys_openat+0x174/0x210 [ 400.354808][T11830] ? xfd_validate_state+0x61/0x180 [ 400.354833][T11830] __x64_sys_mlock+0x59/0x80 [ 400.354849][T11830] do_syscall_64+0xcd/0x490 [ 400.354869][T11830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.354884][T11830] RIP: 0033:0x7fe5ab78ebe9 [ 400.354897][T11830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.354910][T11830] RSP: 002b:00007fe5ac52f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 400.354924][T11830] RAX: ffffffffffffffda RBX: 00007fe5ab9b5fa0 RCX: 00007fe5ab78ebe9 [ 400.354934][T11830] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000fbe8 [ 400.354943][T11830] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 400.354952][T11830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.354960][T11830] R13: 00007fe5ab9b6038 R14: 00007fe5ab9b5fa0 R15: 00007ffe3233f848 [ 400.354978][T11830] [ 400.974605][T11825] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.2.1050: Error -117 reading block bitmap for 3 [ 401.034625][T11837] Debayer A: ================= START STATUS ================= [ 401.082618][T11837] Debayer A: Debayer Mean Window Size: 3 [ 401.111920][T11837] Debayer A: ================== END STATUS ================== [ 402.414741][T11864] FAULT_INJECTION: forcing a failure. [ 402.414741][T11864] name failslab, interval 1, probability 0, space 0, times 0 [ 402.428599][T11864] CPU: 1 UID: 0 PID: 11864 Comm: syz.3.1060 Not tainted syzkaller #0 PREEMPT(full) [ 402.428635][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 402.428652][T11864] Call Trace: [ 402.428661][T11864] [ 402.428672][T11864] dump_stack_lvl+0x16c/0x1f0 [ 402.428712][T11864] should_fail_ex+0x512/0x640 [ 402.428748][T11864] ? fs_reclaim_acquire+0xae/0x150 [ 402.428796][T11864] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 402.428833][T11864] should_failslab+0xc2/0x120 [ 402.428867][T11864] __kmalloc_noprof+0xd2/0x510 [ 402.428908][T11864] tomoyo_realpath_from_path+0xc2/0x6e0 [ 402.428954][T11864] tomoyo_check_open_permission+0x2ab/0x3c0 [ 402.428988][T11864] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 402.429058][T11864] ? do_raw_spin_lock+0x12c/0x2b0 [ 402.429106][T11864] tomoyo_file_open+0x6b/0x90 [ 402.429134][T11864] security_file_open+0x84/0x1e0 [ 402.429167][T11864] do_dentry_open+0x596/0x1530 [ 402.429214][T11864] vfs_open+0x82/0x3f0 [ 402.429253][T11864] path_openat+0x1de4/0x2cb0 [ 402.429291][T11864] ? __pfx_path_openat+0x10/0x10 [ 402.429327][T11864] do_filp_open+0x20b/0x470 [ 402.429355][T11864] ? __pfx_do_filp_open+0x10/0x10 [ 402.429405][T11864] ? alloc_fd+0x471/0x7d0 [ 402.429438][T11864] do_sys_openat2+0x11b/0x1d0 [ 402.429471][T11864] ? __pfx_do_sys_openat2+0x10/0x10 [ 402.429516][T11864] __x64_sys_openat+0x174/0x210 [ 402.429549][T11864] ? __pfx___x64_sys_openat+0x10/0x10 [ 402.429596][T11864] do_syscall_64+0xcd/0x490 [ 402.429627][T11864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.429650][T11864] RIP: 0033:0x7fe5ab78ebe9 [ 402.429668][T11864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.429691][T11864] RSP: 002b:00007fe5ac50e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 402.429713][T11864] RAX: ffffffffffffffda RBX: 00007fe5ab9b6090 RCX: 00007fe5ab78ebe9 [ 402.429728][T11864] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 402.429742][T11864] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 402.429756][T11864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 402.429769][T11864] R13: 00007fe5ab9b6128 R14: 00007fe5ab9b6090 R15: 00007ffe3233f848 [ 402.429799][T11864] [ 402.429891][T11864] ERROR: Out of memory at tomoyo_realpath_from_path. [ 402.908856][T11871] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 403.511844][T11887] FAULT_INJECTION: forcing a failure. [ 403.511844][T11887] name failslab, interval 1, probability 0, space 0, times 0 [ 403.537764][T11887] CPU: 1 UID: 0 PID: 11887 Comm: syz.1.1067 Not tainted syzkaller #0 PREEMPT(full) [ 403.537798][T11887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 403.537812][T11887] Call Trace: [ 403.537820][T11887] [ 403.537830][T11887] dump_stack_lvl+0x16c/0x1f0 [ 403.537866][T11887] should_fail_ex+0x512/0x640 [ 403.537900][T11887] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 403.537936][T11887] should_failslab+0xc2/0x120 [ 403.537968][T11887] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 403.538000][T11887] ? trace_kmem_cache_alloc+0x28/0xc0 [ 403.538032][T11887] ? key_alloc+0xc4d/0x1330 [ 403.538069][T11887] kmemdup_noprof+0x29/0x60 [ 403.538099][T11887] key_alloc+0xc4d/0x1330 [ 403.538141][T11887] ? __pfx_key_alloc+0x10/0x10 [ 403.538170][T11887] ? __asan_memcpy+0x3c/0x60 [ 403.538210][T11887] keyring_alloc+0x44/0xc0 [ 403.538248][T11887] keyctl_get_persistent+0x750/0x8c0 [ 403.538286][T11887] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 403.538326][T11887] ? __x64_sys_futex+0x1e0/0x4c0 [ 403.538355][T11887] ? __x64_sys_futex+0x1e9/0x4c0 [ 403.538392][T11887] ? xfd_validate_state+0x61/0x180 [ 403.538434][T11887] __do_sys_keyctl+0x1a9/0x590 [ 403.538463][T11887] do_syscall_64+0xcd/0x490 [ 403.538498][T11887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.538522][T11887] RIP: 0033:0x7f139f78ebe9 [ 403.538541][T11887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.538565][T11887] RSP: 002b:00007f13a068e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 403.538588][T11887] RAX: ffffffffffffffda RBX: 00007f139f9b5fa0 RCX: 00007f139f78ebe9 [ 403.538604][T11887] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000016 [ 403.538621][T11887] RBP: 00007f139f811e19 R08: 0000000000000001 R09: 0000000000000000 [ 403.538636][T11887] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 403.538651][T11887] R13: 00007f139f9b6038 R14: 00007f139f9b5fa0 R15: 00007ffc793689e8 [ 403.538686][T11887] [ 404.373454][T11909] nfs: Unknown parameter 'w¾Ã`_…à‚ûÏI+;ýá ÑöHYø º†»·«ÏLuõ>>ËÕuh*àéC<+ °ðÀÛ' [ 404.501803][T11913] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 404.799120][ T3594] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:9: bg 4: bad block bitmap checksum [ 404.892131][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1354 with max blocks 1 with error 74 [ 405.247396][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 405.247396][ T3594] [ 405.418706][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1357 with max blocks 3 with error 117 [ 405.550065][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 405.550065][ T3594] [ 405.561807][ T3594] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1364 with max blocks 1 with error 117 [ 405.575263][ T3594] EXT4-fs (sda1): This should not happen!! Data will be lost [ 405.575263][ T3594] [ 406.501955][ T175] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:5: bg 5: bad block bitmap checksum [ 406.535088][ T175] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1240 with max blocks 2 with error 74 [ 406.613436][ T175] EXT4-fs (sda1): This should not happen!! Data will be lost [ 406.613436][ T175] [ 406.801292][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1340 with max blocks 1 with error 117 [ 406.850061][T11944] FAULT_INJECTION: forcing a failure. [ 406.850061][T11944] name failslab, interval 1, probability 0, space 0, times 0 [ 406.874739][T11944] CPU: 0 UID: 0 PID: 11944 Comm: syz.3.1076 Not tainted syzkaller #0 PREEMPT(full) [ 406.874787][T11944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 406.874804][T11944] Call Trace: [ 406.874813][T11944] [ 406.874825][T11944] dump_stack_lvl+0x16c/0x1f0 [ 406.874865][T11944] should_fail_ex+0x512/0x640 [ 406.874900][T11944] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 406.874933][T11944] should_failslab+0xc2/0x120 [ 406.874967][T11944] __kmalloc_cache_noprof+0x6a/0x3e0 [ 406.874996][T11944] ? device_add+0xccc/0x1aa0 [ 406.875025][T11944] device_add+0xccc/0x1aa0 [ 406.875046][T11944] ? dev_set_name+0xc7/0x100 [ 406.875072][T11944] ? __pfx_dev_set_name+0x10/0x10 [ 406.875100][T11944] ? __pfx_device_add+0x10/0x10 [ 406.875124][T11944] ? lockdep_init_map_type+0x5c/0x280 [ 406.875161][T11944] ? __init_waitqueue_head+0xca/0x150 [ 406.875208][T11944] netdev_register_kobject+0x1a9/0x3d0 [ 406.875254][T11944] register_netdevice+0x13dc/0x2270 [ 406.875298][T11944] ? __pfx_register_netdevice+0x10/0x10 [ 406.875346][T11944] slip_open+0xb86/0x1150 [ 406.875391][T11944] ? __pfx_slip_open+0x10/0x10 [ 406.875426][T11944] ? down_write+0x14d/0x200 [ 406.875465][T11944] ? __pfx_slip_open+0x10/0x10 [ 406.875500][T11944] tty_ldisc_open+0x9f/0x120 [ 406.875531][T11944] tty_set_ldisc+0x32b/0x780 [ 406.875566][T11944] tty_ioctl+0xc2e/0x1680 [ 406.875602][T11944] ? __pfx_tty_ioctl+0x10/0x10 [ 406.875648][T11944] ? find_held_lock+0x2b/0x80 [ 406.875673][T11944] ? hook_file_ioctl_common+0x145/0x410 [ 406.875715][T11944] ? __fget_files+0x20e/0x3c0 [ 406.875749][T11944] ? __pfx_tty_ioctl+0x10/0x10 [ 406.875791][T11944] __x64_sys_ioctl+0x18e/0x210 [ 406.875832][T11944] do_syscall_64+0xcd/0x490 [ 406.875866][T11944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.875892][T11944] RIP: 0033:0x7fe5ab78ebe9 [ 406.875913][T11944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.875938][T11944] RSP: 002b:00007fe5ac50e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 406.875963][T11944] RAX: ffffffffffffffda RBX: 00007fe5ab9b6090 RCX: 00007fe5ab78ebe9 [ 406.875981][T11944] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000c [ 406.875998][T11944] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 406.876014][T11944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.876029][T11944] R13: 00007fe5ab9b6128 R14: 00007fe5ab9b6090 R15: 00007ffe3233f848 [ 406.876066][T11944] [ 407.135287][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 407.135287][ T12] [ 407.939668][T11980] FAULT_INJECTION: forcing a failure. [ 407.939668][T11980] name failslab, interval 1, probability 0, space 0, times 0 [ 407.952874][T11980] CPU: 1 UID: 0 PID: 11980 Comm: syz.1.1080 Not tainted syzkaller #0 PREEMPT(full) [ 407.952909][T11980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 407.952925][T11980] Call Trace: [ 407.952934][T11980] [ 407.952942][T11980] dump_stack_lvl+0x16c/0x1f0 [ 407.952968][T11980] should_fail_ex+0x512/0x640 [ 407.952988][T11980] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 407.953006][T11980] should_failslab+0xc2/0x120 [ 407.953025][T11980] __kmalloc_cache_noprof+0x6a/0x3e0 [ 407.953040][T11980] ? madvise_collapse+0x1a6/0xaa0 [ 407.953063][T11980] madvise_collapse+0x1a6/0xaa0 [ 407.953084][T11980] ? lock_acquire+0x179/0x350 [ 407.953102][T11980] ? find_held_lock+0x2b/0x80 [ 407.953115][T11980] ? __pfx_madvise_collapse+0x10/0x10 [ 407.953142][T11980] madvise_vma_behavior+0x10a4/0x2d60 [ 407.953164][T11980] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 407.953183][T11980] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 407.953204][T11980] ? __pfx_mas_prev+0x10/0x10 [ 407.953227][T11980] ? find_vma_prev+0xda/0x160 [ 407.953246][T11980] ? __pfx___schedule+0x10/0x10 [ 407.953261][T11980] ? __pfx_find_vma_prev+0x10/0x10 [ 407.953280][T11980] ? futex_unqueue+0x133/0x2c0 [ 407.953307][T11980] madvise_walk_vmas+0x31f/0x9c0 [ 407.953345][T11980] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 407.953381][T11980] ? lock_acquire+0x62/0x350 [ 407.953414][T11980] madvise_do_behavior+0x1e2/0x530 [ 407.953464][T11980] ? futex_private_hash_put+0x18a/0x300 [ 407.953483][T11980] ? __pfx_madvise_do_behavior+0x10/0x10 [ 407.953505][T11980] ? down_read+0x13d/0x480 [ 407.953535][T11980] do_madvise+0x176/0x240 [ 407.953554][T11980] ? __pfx_do_madvise+0x10/0x10 [ 407.953572][T11980] ? do_futex+0x122/0x350 [ 407.953603][T11980] ? syscall_user_dispatch+0x78/0x140 [ 407.953628][T11980] __x64_sys_madvise+0xa9/0x110 [ 407.953648][T11980] do_syscall_64+0xcd/0x490 [ 407.953668][T11980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.953686][T11980] RIP: 0033:0x7f139f78ebe9 [ 407.953700][T11980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.953714][T11980] RSP: 002b:00007f13a062b038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 407.953729][T11980] RAX: ffffffffffffffda RBX: 00007f139f9b6270 RCX: 00007f139f78ebe9 [ 407.953738][T11980] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 407.953747][T11980] RBP: 00007f139f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 407.953755][T11980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.953763][T11980] R13: 00007f139f9b6308 R14: 00007f139f9b6270 R15: 00007ffc793689e8 [ 407.953782][T11980] [ 409.685660][T11664] syz.2.1028 (11664) used greatest stack depth: 19400 bytes left [ 410.156131][T12011] netlink: zone id is out of range [ 410.161570][T12011] netlink: zone id is out of range [ 410.166710][T12011] netlink: zone id is out of range [ 410.172495][T12011] netlink: zone id is out of range [ 410.177722][T12011] netlink: zone id is out of range [ 410.183514][T12011] netlink: zone id is out of range [ 410.188855][T12011] netlink: zone id is out of range [ 410.199818][T12011] netlink: zone id is out of range [ 410.205088][T12011] netlink: zone id is out of range [ 410.211754][T12011] netlink: zone id is out of range [ 411.023939][T12022] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 411.180166][T12031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1091'. [ 411.496122][T12041] ima: policy update failed [ 411.513620][ T30] audit: type=1802 audit(4294968443.621:9): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1093" res=0 errno=0 [ 413.188479][T11659] syz.2.1028 (11659) used greatest stack depth: 19016 bytes left [ 413.460523][T12075] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078001000 pfn:0x78000 [ 413.535510][T12075] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 413.565392][T12075] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 413.612787][T12075] raw: ffff888078001000 0000000000000000 00000001ffffffff 0000000000000000 [ 413.701935][T12075] page dumped because: unmovable page [ 413.873735][T12075] page_owner tracks the page as allocated [ 413.880216][T12075] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 338897023898, free_ts 330190409882 [ 413.909133][T12075] post_alloc_hook+0x1c0/0x230 [ 413.909172][T12075] get_page_from_freelist+0x132b/0x38e0 [ 413.909205][T12075] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 413.909237][T12075] alloc_pages_mpol+0x1fb/0x550 [ 413.909270][T12075] alloc_pages_noprof+0x131/0x390 [ 413.909303][T12075] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 413.909329][T12075] __vmalloc_node_noprof+0xad/0xf0 [ 413.909354][T12075] copy_process+0x2c70/0x7690 [ 413.909385][T12075] kernel_clone+0xfc/0x930 [ 413.909416][T12075] kernel_thread+0xd4/0x120 [ 413.909447][T12075] kthreadd+0x503/0x800 [ 413.909483][T12075] ret_from_fork+0x5d4/0x6f0 [ 413.909521][T12075] ret_from_fork_asm+0x1a/0x30 [ 413.909552][T12075] page last free pid 10392 tgid 10391 stack trace: [ 413.909569][T12075] __free_frozen_pages+0x7d5/0x10f0 [ 413.909594][T12075] vfree+0x1fd/0xb50 [ 413.909630][T12075] snd_dma_free_pages+0x51/0x70 [ 413.909659][T12075] snd_pcm_lib_free_pages+0x172/0x390 [ 413.909688][T12075] snd_pcm_release_substream.part.0+0x2a8/0x340 [ 413.909719][T12075] snd_pcm_release_substream+0x5b/0x70 [ 413.909748][T12075] snd_pcm_oss_release+0x16f/0x310 [ 413.909774][T12075] __fput+0x402/0xb70 [ 413.909808][T12075] task_work_run+0x14d/0x240 [ 413.909844][T12075] exit_to_user_mode_loop+0xeb/0x110 [ 413.909882][T12075] do_syscall_64+0x3f6/0x490 [ 413.909917][T12075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.257476][T12124] net_ratelimit: 19 callbacks suppressed [ 415.257491][T12124] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 416.269681][ T30] audit: type=1800 audit(4294968448.379:10): pid=12150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1108" name="members" dev="configfs" ino=36391 res=0 errno=0 [ 417.043788][T12162] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 418.018897][T12189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1116'. [ 418.677546][T12212] ICMPv6: process `syz.1.1120' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 419.602061][T12236] Process accounting paused [ 422.392702][T12307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1135'. [ 422.763556][T12099] EXT4-fs: 4 callbacks suppressed [ 422.763575][T12099] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1341 with max blocks 1 with error 117 [ 422.839488][T12099] EXT4-fs (sda1): This should not happen!! Data will be lost [ 422.839488][T12099] [ 422.907769][T12099] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1358 with max blocks 2 with error 117 [ 422.968096][T12099] EXT4-fs (sda1): This should not happen!! Data will be lost [ 422.968096][T12099] [ 423.013449][T12321] binder: 12320:12321 ioctl c00c620f 200000000180 returned -22 [ 423.034050][T12321] binder: 12320:12321 ioctl 541b 38 returned -22 [ 423.333802][T12332] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1364 with max blocks 1 with error 117 [ 423.350221][T12332] EXT4-fs (sda1): This should not happen!! Data will be lost [ 423.350221][T12332] [ 423.419083][T12326] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1369 with max blocks 1 with error 117 [ 423.458367][T12326] EXT4-fs (sda1): This should not happen!! Data will be lost [ 423.458367][T12326] [ 424.111131][T12350] FAULT_INJECTION: forcing a failure. [ 424.111131][T12350] name failslab, interval 1, probability 0, space 0, times 0 [ 424.128135][T12350] CPU: 1 UID: 0 PID: 12350 Comm: syz.2.1137 Not tainted syzkaller #0 PREEMPT(full) [ 424.128170][T12350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 424.128185][T12350] Call Trace: [ 424.128195][T12350] [ 424.128204][T12350] dump_stack_lvl+0x16c/0x1f0 [ 424.128243][T12350] should_fail_ex+0x512/0x640 [ 424.128277][T12350] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 424.128306][T12350] should_failslab+0xc2/0x120 [ 424.128341][T12350] __kmalloc_cache_noprof+0x6a/0x3e0 [ 424.128368][T12350] ? madvise_collapse+0x1a6/0xaa0 [ 424.128406][T12350] madvise_collapse+0x1a6/0xaa0 [ 424.128437][T12350] ? rcu_is_watching+0x12/0xc0 [ 424.128462][T12350] ? finish_task_switch.isra.0+0x221/0xc10 [ 424.128489][T12350] ? lockdep_hardirqs_on+0x7c/0x110 [ 424.128521][T12350] ? finish_task_switch.isra.0+0x221/0xc10 [ 424.128547][T12350] ? __pfx_madvise_collapse+0x10/0x10 [ 424.128581][T12350] ? rcu_is_watching+0x12/0xc0 [ 424.128603][T12350] ? trace_sched_exit_tp+0xd1/0x120 [ 424.128641][T12350] madvise_vma_behavior+0x10a4/0x2d60 [ 424.128673][T12350] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 424.128703][T12350] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 424.128741][T12350] ? __pfx_mas_prev+0x10/0x10 [ 424.128781][T12350] ? find_vma_prev+0xda/0x160 [ 424.128822][T12350] ? find_held_lock+0x2b/0x80 [ 424.128849][T12350] ? __pfx_find_vma_prev+0x10/0x10 [ 424.128886][T12350] ? futex_unqueue+0x133/0x2c0 [ 424.128928][T12350] ? __futex_wait+0x24c/0x2f0 [ 424.128968][T12350] madvise_walk_vmas+0x31f/0x9c0 [ 424.129010][T12350] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 424.129058][T12350] madvise_do_behavior+0x1e2/0x530 [ 424.129088][T12350] ? futex_private_hash_put+0x18a/0x300 [ 424.129119][T12350] ? __pfx_madvise_do_behavior+0x10/0x10 [ 424.129157][T12350] ? down_read+0x13d/0x480 [ 424.129211][T12350] do_madvise+0x176/0x240 [ 424.129246][T12350] ? __pfx_do_madvise+0x10/0x10 [ 424.129281][T12350] ? do_futex+0x122/0x350 [ 424.129339][T12350] ? syscall_user_dispatch+0x78/0x140 [ 424.129390][T12350] __x64_sys_madvise+0xa9/0x110 [ 424.129429][T12350] do_syscall_64+0xcd/0x490 [ 424.129468][T12350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.129495][T12350] RIP: 0033:0x7f4560d8ebe9 [ 424.129516][T12350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.129542][T12350] RSP: 002b:00007f455ebb2038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 424.129567][T12350] RAX: ffffffffffffffda RBX: 00007f4560fb6270 RCX: 00007f4560d8ebe9 [ 424.129584][T12350] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 424.129601][T12350] RBP: 00007f4560e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 424.129617][T12350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.129633][T12350] R13: 00007f4560fb6308 R14: 00007f4560fb6270 R15: 00007fff8166d6e8 [ 424.129670][T12350] [ 424.502684][T12358] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1378 with max blocks 1 with error 117 [ 424.515379][T12358] EXT4-fs (sda1): This should not happen!! Data will be lost [ 424.515379][T12358] [ 430.910289][T12461] netlink: 98 bytes leftover after parsing attributes in process `syz.3.1161'. [ 430.949453][T12461] netlink: 50 bytes leftover after parsing attributes in process `syz.3.1161'. [ 431.145929][T12476] FAULT_INJECTION: forcing a failure. [ 431.145929][T12476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 431.181274][T12476] CPU: 0 UID: 0 PID: 12476 Comm: syz.0.1162 Not tainted syzkaller #0 PREEMPT(full) [ 431.181311][T12476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 431.181326][T12476] Call Trace: [ 431.181336][T12476] [ 431.181346][T12476] dump_stack_lvl+0x16c/0x1f0 [ 431.181397][T12476] should_fail_ex+0x512/0x640 [ 431.181440][T12476] _copy_to_user+0x32/0xd0 [ 431.181468][T12476] copy_to_sockptr_offset.constprop.0+0x129/0x150 [ 431.181521][T12476] ? __pfx_copy_to_sockptr_offset.constprop.0+0x10/0x10 [ 431.181580][T12476] ? bpf_vlog_finalize+0x1ba/0x360 [ 431.181607][T12476] btf_new_fd+0x16b9/0x5490 [ 431.181642][T12476] ? __lock_acquire+0xb97/0x1ce0 [ 431.181687][T12476] ? __pfx_btf_new_fd+0x10/0x10 [ 431.181716][T12476] ? aa_get_newest_label+0xd2/0x250 [ 431.181746][T12476] ? apparmor_capable+0x114/0x1d0 [ 431.181773][T12476] ? bpf_lsm_capable+0x9/0x10 [ 431.181795][T12476] ? security_capable+0x7e/0x260 [ 431.181821][T12476] ? ns_capable+0xd7/0x110 [ 431.181851][T12476] __sys_bpf+0x38a/0x4de0 [ 431.181886][T12476] ? __pfx_futex_wake+0x10/0x10 [ 431.181937][T12476] ? __pfx___sys_bpf+0x10/0x10 [ 431.181986][T12476] ? do_futex+0x122/0x350 [ 431.182020][T12476] ? __pfx_do_futex+0x10/0x10 [ 431.182073][T12476] ? xfd_validate_state+0x61/0x180 [ 431.182109][T12476] ? __pfx_do_pwritev+0x10/0x10 [ 431.182141][T12476] __x64_sys_bpf+0x78/0xc0 [ 431.182178][T12476] ? lockdep_hardirqs_on+0x7c/0x110 [ 431.182211][T12476] do_syscall_64+0xcd/0x490 [ 431.182248][T12476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.182274][T12476] RIP: 0033:0x7f03d918ebe9 [ 431.182295][T12476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.182327][T12476] RSP: 002b:00007f03da010038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 431.182353][T12476] RAX: ffffffffffffffda RBX: 00007f03d93b6090 RCX: 00007f03d918ebe9 [ 431.182379][T12476] RDX: 0000000000000026 RSI: 0000000000000000 RDI: 0000000000000012 [ 431.182395][T12476] RBP: 00007f03d9211e19 R08: 0000000000000000 R09: 0000000000000000 [ 431.182411][T12476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.182431][T12476] R13: 00007f03d93b6128 R14: 00007f03d93b6090 R15: 00007ffe5a224938 [ 431.182467][T12476] [ 431.557004][T12483] FAULT_INJECTION: forcing a failure. [ 431.557004][T12483] name failslab, interval 1, probability 0, space 0, times 0 [ 431.557056][T12483] CPU: 0 UID: 0 PID: 12483 Comm: syz.1.1165 Not tainted syzkaller #0 PREEMPT(full) [ 431.557106][T12483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 431.557121][T12483] Call Trace: [ 431.557129][T12483] [ 431.557140][T12483] dump_stack_lvl+0x16c/0x1f0 [ 431.557177][T12483] should_fail_ex+0x512/0x640 [ 431.557212][T12483] ? fs_reclaim_acquire+0xae/0x150 [ 431.557248][T12483] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 431.557281][T12483] should_failslab+0xc2/0x120 [ 431.557312][T12483] __kmalloc_noprof+0xd2/0x510 [ 431.557349][T12483] tomoyo_realpath_from_path+0xc2/0x6e0 [ 431.557395][T12483] tomoyo_check_open_permission+0x2ab/0x3c0 [ 431.557425][T12483] ? security_file_alloc+0x34/0x2b0 [ 431.557457][T12483] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 431.557487][T12483] ? pidfs_alloc_file+0x18f/0x290 [ 431.557510][T12483] ? do_syscall_64+0xcd/0x490 [ 431.557542][T12483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.557600][T12483] ? find_held_lock+0x2b/0x80 [ 431.557635][T12483] tomoyo_file_open+0x6b/0x90 [ 431.557661][T12483] security_file_open+0x84/0x1e0 [ 431.557695][T12483] do_dentry_open+0x596/0x1530 [ 431.557735][T12483] vfs_open+0x82/0x3f0 [ 431.557776][T12483] dentry_open+0x71/0xd0 [ 431.557814][T12483] pidfs_alloc_file+0x18f/0x290 [ 431.557840][T12483] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 431.557870][T12483] ? _raw_spin_unlock_irq+0x23/0x50 [ 431.557902][T12483] pidfd_prepare+0x129/0x200 [ 431.557934][T12483] __x64_sys_pidfd_open+0x105/0x1a0 [ 431.557971][T12483] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 431.558012][T12483] ? rcu_is_watching+0x12/0xc0 [ 431.558041][T12483] do_syscall_64+0xcd/0x490 [ 431.558075][T12483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.558108][T12483] RIP: 0033:0x7f139f78ebe9 [ 431.558130][T12483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.558154][T12483] RSP: 002b:00007f13a066d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 431.558180][T12483] RAX: ffffffffffffffda RBX: 00007f139f9b6090 RCX: 00007f139f78ebe9 [ 431.558198][T12483] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 431.558213][T12483] RBP: 00007f139f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 431.558228][T12483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.558243][T12483] R13: 00007f139f9b6128 R14: 00007f139f9b6090 R15: 00007ffc793689e8 [ 431.558278][T12483] [ 431.570787][T12483] ERROR: Out of memory at tomoyo_realpath_from_path. [ 433.115509][T12520] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 433.714558][T12535] netlink: 290 bytes leftover after parsing attributes in process `syz.2.1174'. [ 433.775723][T12535] overlayfs: missing 'lowerdir' [ 434.031856][T12538] FAULT_INJECTION: forcing a failure. [ 434.031856][T12538] name failslab, interval 1, probability 0, space 0, times 0 [ 434.065082][T12538] CPU: 1 UID: 0 PID: 12538 Comm: syz.2.1175 Not tainted syzkaller #0 PREEMPT(full) [ 434.065120][T12538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 434.065135][T12538] Call Trace: [ 434.065154][T12538] [ 434.065166][T12538] dump_stack_lvl+0x16c/0x1f0 [ 434.065209][T12538] should_fail_ex+0x512/0x640 [ 434.065249][T12538] should_failslab+0xc2/0x120 [ 434.065282][T12538] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 434.065312][T12538] ? skb_clone+0x190/0x3f0 [ 434.065349][T12538] skb_clone+0x190/0x3f0 [ 434.065385][T12538] netlink_deliver_tap+0xabd/0xd30 [ 434.065426][T12538] netlink_unicast+0x64c/0x870 [ 434.065465][T12538] ? __pfx_netlink_unicast+0x10/0x10 [ 434.065496][T12538] ? __pfx___might_resched+0x10/0x10 [ 434.065520][T12538] ? __pfx_futex_wake_mark+0x10/0x10 [ 434.065567][T12538] netlink_sendmsg+0x8d1/0xdd0 [ 434.065607][T12538] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.065643][T12538] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 434.065678][T12538] __sys_sendto+0x4a0/0x520 [ 434.065709][T12538] ? __pfx___sys_sendto+0x10/0x10 [ 434.065771][T12538] ? xfd_validate_state+0x61/0x180 [ 434.065807][T12538] ? __pfx_ksys_write+0x10/0x10 [ 434.065841][T12538] __x64_sys_sendto+0xe0/0x1c0 [ 434.065869][T12538] ? do_syscall_64+0x91/0x490 [ 434.065900][T12538] ? lockdep_hardirqs_on+0x7c/0x110 [ 434.065932][T12538] do_syscall_64+0xcd/0x490 [ 434.065970][T12538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.065996][T12538] RIP: 0033:0x7f4560d90a7c [ 434.066018][T12538] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 434.066042][T12538] RSP: 002b:00007f4561b1aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 434.066067][T12538] RAX: ffffffffffffffda RBX: 00007f4561b1afc0 RCX: 00007f4560d90a7c [ 434.066085][T12538] RDX: 0000000000000020 RSI: 00007f4561b1b010 RDI: 0000000000000004 [ 434.066101][T12538] RBP: 0000000000000000 R08: 00007f4561b1af14 R09: 000000000000000c [ 434.066118][T12538] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 434.066133][T12538] R13: 00007f4561b1af68 R14: 00007f4561b1b010 R15: 0000000000000000 [ 434.066178][T12538] [ 434.891776][T12557] ubi: mtd0 is already attached to ubi0 [ 435.370877][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1346 with max blocks 1 with error 117 [ 435.395004][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 435.395004][T12089] [ 435.737736][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2030 at logical offset 8 with max blocks 3 with error 117 [ 435.815306][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 435.815306][T12089] [ 435.978715][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1382 with max blocks 1 with error 117 [ 436.062256][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 436.062256][T12089] [ 437.263322][T12598] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 437.269421][T12598] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 437.312102][T12598] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 437.318134][T12598] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 437.524600][T12629] random: crng reseeded on system resumption [ 438.170644][T12623] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 438.296246][ T30] audit: type=1800 audit(4294968470.400:11): pid=12619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1193" name="dbroot" dev="configfs" ino=37618 res=0 errno=0 [ 438.861814][T12085] Bluetooth: hci0: command 0x0419 tx timeout [ 439.340649][T12085] Bluetooth: hci1: command 0x0c1a tx timeout [ 439.346717][T12085] Bluetooth: hci2: command 0x0c1a tx timeout [ 439.353876][T12085] Bluetooth: hci3: command 0x0c1a tx timeout [ 440.224247][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.234184][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.306081][T12671] zswap: compressor not available [ 441.445320][T12715] FAULT_INJECTION: forcing a failure. [ 441.445320][T12715] name failslab, interval 1, probability 0, space 0, times 0 [ 441.526977][T12715] CPU: 0 UID: 0 PID: 12715 Comm: syz.0.1207 Not tainted syzkaller #0 PREEMPT(full) [ 441.527001][T12715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 441.527012][T12715] Call Trace: [ 441.527020][T12715] [ 441.527026][T12715] dump_stack_lvl+0x16c/0x1f0 [ 441.527050][T12715] should_fail_ex+0x512/0x640 [ 441.527070][T12715] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 441.527089][T12715] should_failslab+0xc2/0x120 [ 441.527107][T12715] __kmalloc_cache_noprof+0x6a/0x3e0 [ 441.527123][T12715] ? madvise_collapse+0x1a6/0xaa0 [ 441.527146][T12715] madvise_collapse+0x1a6/0xaa0 [ 441.527164][T12715] ? rcu_is_watching+0x12/0xc0 [ 441.527179][T12715] ? finish_task_switch.isra.0+0x221/0xc10 [ 441.527194][T12715] ? lockdep_hardirqs_on+0x7c/0x110 [ 441.527211][T12715] ? finish_task_switch.isra.0+0x221/0xc10 [ 441.527226][T12715] ? __pfx_madvise_collapse+0x10/0x10 [ 441.527244][T12715] ? rcu_is_watching+0x12/0xc0 [ 441.527259][T12715] ? trace_sched_exit_tp+0xd1/0x120 [ 441.527287][T12715] madvise_vma_behavior+0x10a4/0x2d60 [ 441.527309][T12715] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 441.527328][T12715] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 441.527349][T12715] ? __pfx_mas_prev+0x10/0x10 [ 441.527378][T12715] ? find_vma_prev+0xda/0x160 [ 441.527398][T12715] ? find_held_lock+0x2b/0x80 [ 441.527413][T12715] ? __pfx_find_vma_prev+0x10/0x10 [ 441.527432][T12715] ? futex_unqueue+0x133/0x2c0 [ 441.527455][T12715] ? __futex_wait+0x24c/0x2f0 [ 441.527478][T12715] madvise_walk_vmas+0x31f/0x9c0 [ 441.527501][T12715] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 441.527527][T12715] madvise_do_behavior+0x1e2/0x530 [ 441.527545][T12715] ? futex_private_hash_put+0x18a/0x300 [ 441.527562][T12715] ? __pfx_madvise_do_behavior+0x10/0x10 [ 441.527583][T12715] ? down_read+0x13d/0x480 [ 441.527611][T12715] do_madvise+0x176/0x240 [ 441.527630][T12715] ? __pfx_do_madvise+0x10/0x10 [ 441.527648][T12715] ? do_futex+0x122/0x350 [ 441.527678][T12715] ? syscall_user_dispatch+0x78/0x140 [ 441.527703][T12715] __x64_sys_madvise+0xa9/0x110 [ 441.527723][T12715] do_syscall_64+0xcd/0x490 [ 441.527743][T12715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.527758][T12715] RIP: 0033:0x7f03d918ebe9 [ 441.527771][T12715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.527798][T12715] RSP: 002b:00007f03d9fce038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 441.527821][T12715] RAX: ffffffffffffffda RBX: 00007f03d93b6270 RCX: 00007f03d918ebe9 [ 441.527836][T12715] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 441.527855][T12715] RBP: 00007f03d9211e19 R08: 0000000000000000 R09: 0000000000000000 [ 441.527871][T12715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.527883][T12715] R13: 00007f03d93b6308 R14: 00007f03d93b6270 R15: 00007ffe5a224938 [ 441.527903][T12715] [ 443.044249][T12762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1214'. [ 444.104834][T12800] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1358 with max blocks 1 with error 117 [ 444.203218][T12800] EXT4-fs (sda1): This should not happen!! Data will be lost [ 444.203218][T12800] [ 444.285233][ T30] audit: type=1800 audit(4294968476.335:12): pid=12805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1220" name="features" dev="configfs" ino=39033 res=0 errno=0 [ 445.112884][T12810] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 445.727093][T12084] Bluetooth: hci4: Frame reassembly failed (-84) [ 445.735714][T12084] Bluetooth: hci4: Frame reassembly failed (-84) [ 446.716521][T12826] FAULT_INJECTION: forcing a failure. [ 446.716521][T12826] name failslab, interval 1, probability 0, space 0, times 0 [ 446.772846][T12826] CPU: 0 UID: 0 PID: 12826 Comm: syz.3.1226 Not tainted syzkaller #0 PREEMPT(full) [ 446.772883][T12826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 446.772897][T12826] Call Trace: [ 446.772907][T12826] [ 446.772916][T12826] dump_stack_lvl+0x16c/0x1f0 [ 446.772953][T12826] should_fail_ex+0x512/0x640 [ 446.772987][T12826] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 446.773019][T12826] should_failslab+0xc2/0x120 [ 446.773053][T12826] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 446.773081][T12826] ? security_file_alloc+0x34/0x2b0 [ 446.773117][T12826] security_file_alloc+0x34/0x2b0 [ 446.773150][T12826] init_file+0x93/0x4c0 [ 446.773183][T12826] alloc_empty_file+0x73/0x1e0 [ 446.773219][T12826] dentry_open+0x46/0xd0 [ 446.773253][T12826] pidfs_alloc_file+0x18f/0x290 [ 446.773278][T12826] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 446.773306][T12826] ? _raw_spin_unlock_irq+0x23/0x50 [ 446.773338][T12826] pidfd_prepare+0x129/0x200 [ 446.773373][T12826] __x64_sys_pidfd_open+0x105/0x1a0 [ 446.773410][T12826] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 446.773447][T12826] ? rcu_is_watching+0x12/0xc0 [ 446.773475][T12826] do_syscall_64+0xcd/0x490 [ 446.773510][T12826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.773534][T12826] RIP: 0033:0x7fe5ab78ebe9 [ 446.773555][T12826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.773579][T12826] RSP: 002b:00007fe5ac52f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 446.773614][T12826] RAX: ffffffffffffffda RBX: 00007fe5ab9b5fa0 RCX: 00007fe5ab78ebe9 [ 446.773629][T12826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 446.773642][T12826] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 446.773655][T12826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 446.773669][T12826] R13: 00007fe5ab9b6038 R14: 00007fe5ab9b5fa0 R15: 00007ffe3233f848 [ 446.773694][T12826] [ 447.811947][T12655] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 447.818485][T12093] Bluetooth: hci4: command 0x1003 tx timeout [ 448.609454][T12861] random: crng reseeded on system resumption [ 448.731309][T12869] FAULT_INJECTION: forcing a failure. [ 448.731309][T12869] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 448.773354][T12869] CPU: 1 UID: 0 PID: 12869 Comm: syz.2.1235 Not tainted syzkaller #0 PREEMPT(full) [ 448.773387][T12869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 448.773401][T12869] Call Trace: [ 448.773409][T12869] [ 448.773418][T12869] dump_stack_lvl+0x16c/0x1f0 [ 448.773453][T12869] should_fail_ex+0x512/0x640 [ 448.773491][T12869] _copy_to_user+0x32/0xd0 [ 448.773517][T12869] simple_read_from_buffer+0xcb/0x170 [ 448.773545][T12869] proc_fail_nth_read+0x197/0x240 [ 448.773571][T12869] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 448.773599][T12869] ? rw_verify_area+0xcf/0x6c0 [ 448.773622][T12869] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 448.773648][T12869] vfs_read+0x1e4/0xcf0 [ 448.773680][T12869] ? __pfx___mutex_lock+0x10/0x10 [ 448.773719][T12869] ? __pfx_vfs_read+0x10/0x10 [ 448.773756][T12869] ? __fget_files+0x20e/0x3c0 [ 448.773779][T12869] ? rcu_watching_snap_stopped_since+0xf0/0x110 [ 448.773817][T12869] ksys_read+0x12a/0x250 [ 448.773844][T12869] ? __pfx_ksys_read+0x10/0x10 [ 448.773871][T12869] ? arch_ptrace+0x6c/0x650 [ 448.773902][T12869] do_syscall_64+0xcd/0x490 [ 448.773936][T12869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.773960][T12869] RIP: 0033:0x7f4560d8d5fc [ 448.773980][T12869] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 448.774003][T12869] RSP: 002b:00007f4561b1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 448.774026][T12869] RAX: ffffffffffffffda RBX: 00007f4560fb5fa0 RCX: 00007f4560d8d5fc [ 448.774042][T12869] RDX: 000000000000000f RSI: 00007f4561b1c0a0 RDI: 0000000000000003 [ 448.774057][T12869] RBP: 00007f4561b1c090 R08: 0000000000000000 R09: 0000000000000000 [ 448.774070][T12869] R10: 00000000000027dd R11: 0000000000000246 R12: 0000000000000001 [ 448.774084][T12869] R13: 00007f4560fb6038 R14: 00007f4560fb5fa0 R15: 00007fff8166d6e8 [ 448.774118][T12869] [ 449.019649][T12093] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 449.019683][T12093] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 449.035955][T12093] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 449.035997][T12093] Bluetooth: hci2: adv larger than maximum supported [ 449.043533][T12093] Bluetooth: hci2: adv larger than maximum supported [ 449.050233][T12093] Bluetooth: hci2: Malformed LE Event: 0x0d [ 449.531513][T12888] synth uevent: /devices/virtual/tty/ptyta: unknown uevent action string [ 449.639497][T12888] tty ptyta: uevent: failed to send synthetic uevent: -22 [ 450.515527][T12892] Process accounting resumed [ 450.911526][T12918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1245'. [ 451.310090][T12921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1245'. [ 451.540014][T12935] FAULT_INJECTION: forcing a failure. [ 451.540014][T12935] name failslab, interval 1, probability 0, space 0, times 0 [ 451.595510][T12935] CPU: 0 UID: 0 PID: 12935 Comm: syz.2.1247 Not tainted syzkaller #0 PREEMPT(full) [ 451.595534][T12935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 451.595543][T12935] Call Trace: [ 451.595550][T12935] [ 451.595556][T12935] dump_stack_lvl+0x16c/0x1f0 [ 451.595581][T12935] should_fail_ex+0x512/0x640 [ 451.595603][T12935] ? __kmalloc_noprof+0xbf/0x510 [ 451.595621][T12935] ? sk_prot_alloc+0x1a8/0x2a0 [ 451.595642][T12935] should_failslab+0xc2/0x120 [ 451.595660][T12935] __kmalloc_noprof+0xd2/0x510 [ 451.595681][T12935] sk_prot_alloc+0x1a8/0x2a0 [ 451.595704][T12935] sk_alloc+0x36/0xc20 [ 451.595722][T12935] pppoe_create+0x32/0x310 [ 451.595739][T12935] pppox_create+0x15c/0x2c0 [ 451.595756][T12935] __sock_create+0x335/0x8d0 [ 451.595773][T12935] __sys_socket+0x14d/0x260 [ 451.595788][T12935] ? __pfx___sys_socket+0x10/0x10 [ 451.595802][T12935] ? xfd_validate_state+0x61/0x180 [ 451.595827][T12935] __x64_sys_socket+0x72/0xb0 [ 451.595840][T12935] ? lockdep_hardirqs_on+0x7c/0x110 [ 451.595858][T12935] do_syscall_64+0xcd/0x490 [ 451.595877][T12935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.595892][T12935] RIP: 0033:0x7f4560d8ebe9 [ 451.595903][T12935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.595917][T12935] RSP: 002b:00007f4561b1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 451.595932][T12935] RAX: ffffffffffffffda RBX: 00007f4560fb5fa0 RCX: 00007f4560d8ebe9 [ 451.595942][T12935] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018 [ 451.595950][T12935] RBP: 00007f4560e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 451.595958][T12935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.595966][T12935] R13: 00007f4560fb6038 R14: 00007f4560fb5fa0 R15: 00007fff8166d6e8 [ 451.595984][T12935] [ 452.110189][T12923] binder: 12919:12923 unknown command 0 [ 452.167997][T12923] binder: 12919:12923 ioctl c0306201 2000000000c0 returned -22 [ 452.647380][T12930] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 453.100074][T12947] sock: sock_set_timeout: `syz.0.1250' (pid 12947) tries to set negative timeout [ 453.922052][T12969] ima: policy update failed [ 453.946034][ T30] audit: type=1802 audit(4294968486.055:13): pid=12969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1254" res=0 errno=0 [ 454.995620][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 455.002249][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 455.600535][T12986] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 455.937003][T12986] CIFS mount error: No usable UNC path provided in device string! [ 455.937003][T12986] [ 456.004536][T12986] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 456.288309][T13016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1259'. [ 456.939060][T13025] zswap: compressor not available [ 457.167261][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1332 with max blocks 1 with error 117 [ 457.264053][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 457.264053][T12089] [ 457.310805][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 924 with max blocks 4 with error 117 [ 457.371630][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 457.371630][T12089] [ 457.478192][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 928 with max blocks 4 with error 117 [ 457.496712][T13046] FAULT_INJECTION: forcing a failure. [ 457.496712][T13046] name failslab, interval 1, probability 0, space 0, times 0 [ 457.529245][T13046] CPU: 0 UID: 0 PID: 13046 Comm: syz.3.1266 Not tainted syzkaller #0 PREEMPT(full) [ 457.529279][T13046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 457.529293][T13046] Call Trace: [ 457.529302][T13046] [ 457.529311][T13046] dump_stack_lvl+0x16c/0x1f0 [ 457.529349][T13046] should_fail_ex+0x512/0x640 [ 457.529387][T13046] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 457.529405][T13046] should_failslab+0xc2/0x120 [ 457.529425][T13046] __kmalloc_cache_noprof+0x6a/0x3e0 [ 457.529441][T13046] ? madvise_collapse+0x1a6/0xaa0 [ 457.529464][T13046] madvise_collapse+0x1a6/0xaa0 [ 457.529484][T13046] ? rcu_is_watching+0x12/0xc0 [ 457.529499][T13046] ? finish_task_switch.isra.0+0x221/0xc10 [ 457.529515][T13046] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 457.529529][T13046] ? __pfx_madvise_collapse+0x10/0x10 [ 457.529548][T13046] ? rcu_is_watching+0x12/0xc0 [ 457.529562][T13046] ? trace_sched_exit_tp+0xd1/0x120 [ 457.529588][T13046] madvise_vma_behavior+0x10a4/0x2d60 [ 457.529618][T13046] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 457.529637][T13046] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 457.529660][T13046] ? __pfx_mas_prev+0x10/0x10 [ 457.529683][T13046] ? find_vma_prev+0xda/0x160 [ 457.529702][T13046] ? find_held_lock+0x2b/0x80 [ 457.529716][T13046] ? __pfx_find_vma_prev+0x10/0x10 [ 457.529735][T13046] ? futex_unqueue+0x133/0x2c0 [ 457.529756][T13046] ? __futex_wait+0x24c/0x2f0 [ 457.529779][T13046] madvise_walk_vmas+0x31f/0x9c0 [ 457.529802][T13046] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 457.529827][T13046] madvise_do_behavior+0x1e2/0x530 [ 457.529846][T13046] ? futex_private_hash_put+0x18a/0x300 [ 457.529863][T13046] ? __pfx_madvise_do_behavior+0x10/0x10 [ 457.529884][T13046] ? down_read+0x13d/0x480 [ 457.529913][T13046] do_madvise+0x176/0x240 [ 457.529932][T13046] ? __pfx_do_madvise+0x10/0x10 [ 457.529950][T13046] ? do_futex+0x122/0x350 [ 457.529981][T13046] ? syscall_user_dispatch+0x78/0x140 [ 457.530005][T13046] __x64_sys_madvise+0xa9/0x110 [ 457.530026][T13046] do_syscall_64+0xcd/0x490 [ 457.530046][T13046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.530060][T13046] RIP: 0033:0x7fe5ab78ebe9 [ 457.530074][T13046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.530088][T13046] RSP: 002b:00007fe5a95d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 457.530102][T13046] RAX: ffffffffffffffda RBX: 00007fe5ab9b6270 RCX: 00007fe5ab78ebe9 [ 457.530112][T13046] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 457.530120][T13046] RBP: 00007fe5ab811e19 R08: 0000000000000000 R09: 0000000000000000 [ 457.530129][T13046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.530138][T13046] R13: 00007fe5ab9b6308 R14: 00007fe5ab9b6270 R15: 00007ffe3233f848 [ 457.530158][T13046] [ 457.835203][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 457.835203][T12089] [ 457.885617][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1345 with max blocks 11 with error 117 [ 457.898398][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 457.898398][T12089] [ 457.937115][T12099] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1369 with max blocks 1 with error 117 [ 457.954155][T12099] EXT4-fs (sda1): This should not happen!! Data will be lost [ 457.954155][T12099] [ 459.961599][T13087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1276'. [ 460.006391][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1276'. [ 460.623681][T13093] random: crng reseeded on system resumption [ 463.971564][T13225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1290'. [ 464.645338][T13229] zswap: compressor not available [ 467.318678][T13306] bridge0: port 3(team0) entered blocking state [ 467.374594][T13306] bridge0: port 3(team0) entered disabled state [ 467.381184][T13306] team0: entered allmulticast mode [ 467.496067][T13306] team_slave_0: entered allmulticast mode [ 467.541973][T13306] team_slave_1: entered allmulticast mode [ 467.628511][T13306] team0: entered promiscuous mode [ 467.635331][T13306] team_slave_0: entered promiscuous mode [ 467.641200][T13306] team_slave_1: entered promiscuous mode [ 467.648150][T13306] bridge0: port 3(team0) entered blocking state [ 467.654691][T13306] bridge0: port 3(team0) entered forwarding state [ 468.686482][T13354] can: request_module (can-proto-0) failed. [ 470.737336][T13411] EXT4-fs: 10 callbacks suppressed [ 470.737350][T13411] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1334 with max blocks 1 with error 117 [ 470.769281][T13411] EXT4-fs (sda1): This should not happen!! Data will be lost [ 470.769281][T13411] [ 471.664262][T13427] random: crng reseeded on system resumption [ 471.986980][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1359 with max blocks 1 with error 117 [ 472.037236][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 472.037236][T12089] [ 472.108658][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 1364 with max blocks 2 with error 117 [ 472.244364][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 472.244364][T12089] [ 472.397179][T12084] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1387 with max blocks 1 with error 117 [ 472.433940][T12084] EXT4-fs (sda1): This should not happen!! Data will be lost [ 472.433940][T12084] [ 473.302928][T13469] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 473.373296][T13469] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 473.410620][T13469] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 473.416766][T13469] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 475.306497][T12655] Bluetooth: hci0: command 0x0419 tx timeout [ 475.385423][T12655] Bluetooth: hci3: command 0x0c1a tx timeout [ 475.465374][T12093] Bluetooth: hci2: command 0x0c1a tx timeout [ 475.471489][T12655] Bluetooth: hci1: command 0x0c1a tx timeout [ 475.540538][T13528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1331'. [ 475.613810][T13514] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1396 with max blocks 1 with error 117 [ 475.824182][T13514] EXT4-fs (sda1): This should not happen!! Data will be lost [ 475.824182][T13514] [ 477.483444][T12084] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1345 with max blocks 1 with error 117 [ 477.525618][T12084] EXT4-fs (sda1): This should not happen!! Data will be lost [ 477.525618][T12084] [ 477.720124][T12084] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1398 with max blocks 1 with error 117 [ 477.753993][T12084] EXT4-fs (sda1): This should not happen!! Data will be lost [ 477.753993][T12084] [ 478.739893][T13572] FAULT_INJECTION: forcing a failure. [ 478.739893][T13572] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 478.814590][T13572] CPU: 0 UID: 0 PID: 13572 Comm: syz.1.1334 Not tainted syzkaller #0 PREEMPT(full) [ 478.814613][T13572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.814623][T13572] Call Trace: [ 478.814629][T13572] [ 478.814635][T13572] dump_stack_lvl+0x16c/0x1f0 [ 478.814659][T13572] should_fail_ex+0x512/0x640 [ 478.814683][T13572] _copy_to_user+0x32/0xd0 [ 478.814699][T13572] read_page_owner+0xa26/0x1570 [ 478.814727][T13572] ? __pfx_read_page_owner+0x10/0x10 [ 478.814748][T13572] ? futex_private_hash_put+0x176/0x300 [ 478.814777][T13572] full_proxy_read+0x12e/0x1a0 [ 478.814801][T13572] ? __pfx_full_proxy_read+0x10/0x10 [ 478.814823][T13572] vfs_read+0x1e4/0xcf0 [ 478.814843][T13572] ? __pfx_vfs_read+0x10/0x10 [ 478.814857][T13572] ? find_held_lock+0x2b/0x80 [ 478.814871][T13572] ? __fget_files+0x204/0x3c0 [ 478.814889][T13572] ? __fget_files+0x20e/0x3c0 [ 478.814909][T13572] __x64_sys_pread64+0x1eb/0x250 [ 478.814926][T13572] ? __pfx___x64_sys_pread64+0x10/0x10 [ 478.814949][T13572] do_syscall_64+0xcd/0x490 [ 478.814969][T13572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.814984][T13572] RIP: 0033:0x7f139f78ebe9 [ 478.814996][T13572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.815017][T13572] RSP: 002b:00007f13a068e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 478.815032][T13572] RAX: ffffffffffffffda RBX: 00007f139f9b5fa0 RCX: 00007f139f78ebe9 [ 478.815042][T13572] RDX: 0000020000000001 RSI: 0000000000000000 RDI: 0000000000000008 [ 478.815051][T13572] RBP: 00007f139f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 478.815059][T13572] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000000 [ 478.815068][T13572] R13: 00007f139f9b6038 R14: 00007f139f9b5fa0 R15: 00007ffc793689e8 [ 478.815087][T13572] [ 480.563306][T13604] Process accounting paused [ 481.239203][T12099] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1382 with max blocks 2 with error 117 [ 481.320111][T12099] EXT4-fs (sda1): This should not happen!! Data will be lost [ 481.320111][T12099] [ 481.394306][T12099] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1404 with max blocks 2 with error 117 [ 481.424287][T12099] EXT4-fs (sda1): This should not happen!! Data will be lost [ 481.424287][T12099] [ 482.529540][T12084] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1409 with max blocks 5 with error 117 [ 482.596381][T12084] EXT4-fs (sda1): This should not happen!! Data will be lost [ 482.596381][T12084] [ 482.659158][T12128] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1417 with max blocks 2 with error 117 [ 482.678749][T12128] EXT4-fs (sda1): This should not happen!! Data will be lost [ 482.678749][T12128] [ 482.774236][T13657] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.3.1351: Error -117 reading block bitmap for 4 [ 483.333157][T13662] ima: policy update failed [ 483.341811][ T30] audit: type=1802 audit(4294968515.483:14): pid=13662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1354" res=0 errno=0 [ 484.542104][T13694] random: crng reseeded on system resumption [ 485.553841][T13702] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.1360'. [ 487.388084][T13709] kexec: Could not allocate control_code_buffer [ 487.571895][T12655] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 487.794150][T12089] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 3428 with max blocks 37 with error 117 [ 487.817528][T12089] EXT4-fs (sda1): This should not happen!! Data will be lost [ 487.817528][T12089] [ 492.096712][T13799] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1379'. [ 493.928804][T13836] vivid-007: ================= START STATUS ================= [ 493.936575][T13836] vivid-007: Generate PTS: true [ 493.943172][T13836] vivid-007: Generate SCR: true [ 493.948086][T13836] tpg source WxH: 320x240 (Y'CbCr) [ 493.955726][T13836] tpg field: 1 [ 493.959456][T13836] tpg crop: (0,0)/320x240 [ 493.964588][T13836] tpg compose: (0,0)/320x240 [ 493.974744][T13836] tpg colorspace: 8 [ 493.981369][T13836] tpg transfer function: 0/0 [ 493.988439][T13836] tpg Y'CbCr encoding: 0/0 [ 493.992872][T13836] tpg quantization: 0/0 [ 494.015864][T13836] tpg RGB range: 0/2 [ 494.020363][T13836] vivid-007: ================== END STATUS ================== [ 494.223906][T13832] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 931 with max blocks 5 with error 117 [ 494.251944][T13832] EXT4-fs (sda1): This should not happen!! Data will be lost [ 494.251944][T13832] [ 494.454532][T13852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1388'. [ 494.515289][T13853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1388'. [ 495.341371][T13869] netlink: 'syz.3.1391': attribute type 2 has an invalid length. [ 495.481564][T13875] vhci_hcd: invalid port number 255 [ 495.486924][T13875] vhci_hcd: default hub control req: 5903 v0001 i00ff l1 [ 498.768017][T13929] vivid-003: ================= START STATUS ================= [ 498.778523][T13929] vivid-003: Radio HW Seek Mode: Bounded [ 498.786750][T13929] vivid-003: Radio Programmable HW Seek: false [ 498.803224][T13929] vivid-003: RDS Rx I/O Mode: Block I/O [ 498.813440][T13929] vivid-003: Generate RBDS Instead of RDS: false [ 498.821625][T13929] vivid-003: RDS Reception: true [ 498.848596][T13929] vivid-003: RDS Program Type: 0 inactive [ 498.855829][T13929] vivid-003: RDS PS Name: inactive [ 498.862783][T13929] vivid-003: RDS Radio Text: inactive [ 498.877474][T13929] vivid-003: RDS Traffic Announcement: false inactive [ 498.892549][T13929] vivid-003: RDS Traffic Program: false inactive [ 498.908646][T13929] vivid-003: RDS Music: false inactive [ 498.915872][T13929] vivid-003: ================== END STATUS ================== [ 500.876638][T13964] FAULT_INJECTION: forcing a failure. [ 500.876638][T13964] name failslab, interval 1, probability 0, space 0, times 0 [ 500.890634][T13964] CPU: 0 UID: 0 PID: 13964 Comm: syz.1.1413 Not tainted syzkaller #0 PREEMPT(full) [ 500.890672][T13964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 500.890689][T13964] Call Trace: [ 500.890698][T13964] [ 500.890709][T13964] dump_stack_lvl+0x16c/0x1f0 [ 500.890749][T13964] should_fail_ex+0x512/0x640 [ 500.890786][T13964] ? fs_reclaim_acquire+0xae/0x150 [ 500.890829][T13964] should_failslab+0xc2/0x120 [ 500.890860][T13964] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 500.890892][T13964] ? security_inode_alloc+0x3b/0x2b0 [ 500.890927][T13964] security_inode_alloc+0x3b/0x2b0 [ 500.890958][T13964] inode_init_always_gfp+0xce4/0x1030 [ 500.890993][T13964] alloc_inode+0x86/0x240 [ 500.891029][T13964] new_inode+0x22/0x1c0 [ 500.891062][T13964] ? trace_cap_capable+0x18d/0x200 [ 500.891092][T13964] shmem_get_inode+0x19a/0xfb0 [ 500.891132][T13964] ? __vm_enough_memory+0x184/0x3f0 [ 500.891171][T13964] __shmem_file_setup+0x279/0x330 [ 500.891202][T13964] shmem_zero_setup+0x93/0x1a0 [ 500.891235][T13964] __mmap_region+0x2081/0x27b0 [ 500.891276][T13964] ? lock_acquire+0x179/0x350 [ 500.891311][T13964] ? __pfx___mmap_region+0x10/0x10 [ 500.891351][T13964] ? lockdep_hardirqs_on+0x7c/0x110 [ 500.891384][T13964] ? finish_task_switch.isra.0+0x221/0xc10 [ 500.891413][T13964] ? rcu_is_watching+0x12/0xc0 [ 500.891439][T13964] ? trace_sched_exit_tp+0xd1/0x120 [ 500.891476][T13964] ? __schedule+0x11a3/0x5de0 [ 500.891565][T13964] ? trace_cap_capable+0x18d/0x200 [ 500.891604][T13964] mmap_region+0x1ab/0x3f0 [ 500.891634][T13964] ? __get_unmapped_area+0x267/0x440 [ 500.891675][T13964] do_mmap+0xa3e/0x1210 [ 500.891717][T13964] ? __pfx_do_mmap+0x10/0x10 [ 500.891754][T13964] ? __pfx_down_write_killable+0x10/0x10 [ 500.891798][T13964] vm_mmap_pgoff+0x29e/0x470 [ 500.891840][T13964] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 500.891885][T13964] ? __x64_sys_futex+0x1e0/0x4c0 [ 500.891915][T13964] ? __x64_sys_futex+0x1e9/0x4c0 [ 500.891951][T13964] ksys_mmap_pgoff+0x7d/0x5c0 [ 500.891984][T13964] ? xfd_validate_state+0x61/0x180 [ 500.892015][T13964] ? __pfx_ksys_write+0x10/0x10 [ 500.892048][T13964] __x64_sys_mmap+0x125/0x190 [ 500.892084][T13964] do_syscall_64+0xcd/0x490 [ 500.892117][T13964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.892143][T13964] RIP: 0033:0x7f139f78ebe9 [ 500.892164][T13964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.892189][T13964] RSP: 002b:00007f13a068e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 500.892213][T13964] RAX: ffffffffffffffda RBX: 00007f139f9b5fa0 RCX: 00007f139f78ebe9 [ 500.892230][T13964] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 500.892243][T13964] RBP: 00007f139f811e19 R08: fffffffffffffffa R09: 0000000000008000 [ 500.892269][T13964] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 500.892286][T13964] R13: 00007f139f9b6038 R14: 00007f139f9b5fa0 R15: 00007ffc793689e8 [ 500.892323][T13964] [ 501.411146][T13967] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 501.417950][T13967] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 501.462506][T13967] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 501.497390][T13967] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 501.607099][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.613851][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.439778][T12093] Bluetooth: hci3: command 0x0c1a tx timeout [ 503.445819][T12655] Bluetooth: hci0: command 0x0419 tx timeout [ 503.519940][T12655] Bluetooth: hci1: command 0x0c1a tx timeout [ 503.526018][T12093] Bluetooth: hci2: command 0x0c1a tx timeout [ 504.079705][T14021] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 504.854816][T14037] Console: switching to colour VGA+ 80x25 [ 504.951677][T14039] ================================================================== [ 504.951690][T14039] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 504.951716][T14039] Read of size 126 at addr ffff888025313bae by task syz.1.1427/14039 [ 504.951728][T14039] [ 504.951736][T14039] CPU: 0 UID: 0 PID: 14039 Comm: syz.1.1427 Not tainted syzkaller #0 PREEMPT(full) [ 504.951753][T14039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 504.951762][T14039] Call Trace: [ 504.951767][T14039] [ 504.951773][T14039] dump_stack_lvl+0x116/0x1f0 [ 504.951792][T14039] print_report+0xcd/0x630 [ 504.951811][T14039] ? __virt_addr_valid+0x81/0x610 [ 504.951828][T14039] ? __phys_addr+0xe8/0x180 [ 504.951845][T14039] ? fbcon_prepare_logo+0xa03/0xc70 [ 504.951864][T14039] kasan_report+0xe0/0x110 [ 504.951882][T14039] ? fbcon_prepare_logo+0xa03/0xc70 [ 504.951901][T14039] kasan_check_range+0x100/0x1b0 [ 504.951921][T14039] __asan_memcpy+0x23/0x60 [ 504.951935][T14039] fbcon_prepare_logo+0xa03/0xc70 [ 504.951956][T14039] fbcon_init+0xd77/0x1900 [ 504.951974][T14039] visual_init+0x320/0x620 [ 504.951990][T14039] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 504.952010][T14039] store_bind+0x61d/0x760 [ 504.952027][T14039] ? sysfs_file_kobj+0xe4/0x290 [ 504.952042][T14039] ? __pfx_store_bind+0x10/0x10 [ 504.952058][T14039] dev_attr_store+0x55/0x80 [ 504.952078][T14039] ? __pfx_dev_attr_store+0x10/0x10 [ 504.952098][T14039] sysfs_kf_write+0xf2/0x150 [ 504.952119][T14039] kernfs_fop_write_iter+0x354/0x510 [ 504.952133][T14039] ? __pfx_sysfs_kf_write+0x10/0x10 [ 504.952149][T14039] iter_file_splice_write+0xa24/0x12e0 [ 504.952170][T14039] ? __pfx_iter_file_splice_write+0x10/0x10 [ 504.952188][T14039] ? __pfx_copy_splice_read+0x10/0x10 [ 504.952207][T14039] ? __pfx_iter_file_splice_write+0x10/0x10 [ 504.952223][T14039] direct_splice_actor+0x18f/0x6c0 [ 504.952239][T14039] splice_direct_to_actor+0x345/0xa30 [ 504.952253][T14039] ? __pfx_direct_splice_actor+0x10/0x10 [ 504.952269][T14039] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 504.952286][T14039] do_splice_direct+0x174/0x240 [ 504.952300][T14039] ? __pfx_do_splice_direct+0x10/0x10 [ 504.952316][T14039] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 504.952331][T14039] ? rw_verify_area+0xcf/0x6c0 [ 504.952346][T14039] do_sendfile+0xb06/0xe50 [ 504.952362][T14039] ? __pfx_do_sendfile+0x10/0x10 [ 504.952377][T14039] ? __sys_sendmsg+0x18c/0x220 [ 504.952396][T14039] ? __x64_sys_futex+0x1e0/0x4c0 [ 504.952413][T14039] ? __x64_sys_futex+0x1e9/0x4c0 [ 504.952432][T14039] __x64_sys_sendfile64+0x1d8/0x220 [ 504.952454][T14039] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 504.952475][T14039] do_syscall_64+0xcd/0x490 [ 504.952494][T14039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.952509][T14039] RIP: 0033:0x7f139f78ebe9 [ 504.952520][T14039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.952534][T14039] RSP: 002b:00007f13a066d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 504.952548][T14039] RAX: ffffffffffffffda RBX: 00007f139f9b6090 RCX: 00007f139f78ebe9 [ 504.952558][T14039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003 [ 504.952566][T14039] RBP: 00007f139f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 504.952575][T14039] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 504.952584][T14039] R13: 00007f139f9b6128 R14: 00007f139f9b6090 R15: 00007ffc793689e8 [ 504.952597][T14039] [ 504.952602][T14039] [ 504.952606][T14039] Allocated by task 12087: [ 504.952613][T14039] kasan_save_stack+0x33/0x60 [ 504.952629][T14039] kasan_save_track+0x14/0x30 [ 504.952643][T14039] __kasan_kmalloc+0xaa/0xb0 [ 504.952657][T14039] __kmalloc_noprof+0x223/0x510 [ 504.952672][T14039] ieee802_11_parse_elems_full+0x1db/0x3780 [ 504.952688][T14039] ieee80211_inform_bss+0x10b/0x1140 [ 504.952709][T14039] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 504.952726][T14039] cfg80211_inform_bss_data+0x224/0x3bd0 [ 504.952741][T14039] cfg80211_inform_bss_frame_data+0x26f/0x750 [ 504.952756][T14039] ieee80211_bss_info_update+0x310/0xab0 [ 504.952777][T14039] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 504.952798][T14039] ieee80211_iface_work+0xe2e/0x1360 [ 504.952810][T14039] cfg80211_wiphy_work+0x2c7/0x580 [ 504.952827][T14039] process_one_work+0x9cf/0x1b70 [ 504.952848][T14039] worker_thread+0x6c8/0xf10 [ 504.952858][T14039] kthread+0x3c5/0x780 [ 504.952875][T14039] ret_from_fork+0x5d4/0x6f0 [ 504.952895][T14039] ret_from_fork_asm+0x1a/0x30 [ 504.952910][T14039] [ 504.952914][T14039] Freed by task 12087: [ 504.952920][T14039] kasan_save_stack+0x33/0x60 [ 504.952934][T14039] kasan_save_track+0x14/0x30 [ 504.952948][T14039] kasan_save_free_info+0x3b/0x60 [ 504.952968][T14039] __kasan_slab_free+0x60/0x70 [ 504.952983][T14039] kfree+0x2b4/0x4d0 [ 504.952994][T14039] ieee80211_inform_bss+0x77c/0x1140 [ 504.953014][T14039] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 504.953029][T14039] cfg80211_inform_bss_data+0x224/0x3bd0 [ 504.953044][T14039] cfg80211_inform_bss_frame_data+0x26f/0x750 [ 504.953059][T14039] ieee80211_bss_info_update+0x310/0xab0 [ 504.953080][T14039] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 504.953108][T14039] ieee80211_iface_work+0xe2e/0x1360 [ 504.953121][T14039] cfg80211_wiphy_work+0x2c7/0x580 [ 504.953138][T14039] process_one_work+0x9cf/0x1b70 [ 504.953159][T14039] worker_thread+0x6c8/0xf10 [ 504.953170][T14039] kthread+0x3c5/0x780 [ 504.953188][T14039] ret_from_fork+0x5d4/0x6f0 [ 504.953207][T14039] ret_from_fork_asm+0x1a/0x30 [ 504.953223][T14039] [ 504.953226][T14039] The buggy address belongs to the object at ffff888025313800 [ 504.953226][T14039] which belongs to the cache kmalloc-1k of size 1024 [ 504.953237][T14039] The buggy address is located 942 bytes inside of [ 504.953237][T14039] freed 1024-byte region [ffff888025313800, ffff888025313c00) [ 504.953251][T14039] [ 504.953255][T14039] The buggy address belongs to the physical page: [ 504.953262][T14039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25310 [ 504.953274][T14039] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 504.953285][T14039] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 504.953298][T14039] page_type: f5(slab) [ 504.953311][T14039] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 504.953323][T14039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 504.953336][T14039] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 504.953348][T14039] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 504.953361][T14039] head: 00fff00000000003 ffffea000094c401 00000000ffffffff 00000000ffffffff [ 504.953373][T14039] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 504.953381][T14039] page dumped because: kasan: bad access detected [ 504.953388][T14039] page_owner tracks the page as allocated [ 504.953393][T14039] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3594, tgid 3594 (kworker/u8:9), ts 100913008677, free_ts 100887845195 [ 504.953416][T14039] post_alloc_hook+0x1c0/0x230 [ 504.953430][T14039] get_page_from_freelist+0x132b/0x38e0 [ 504.953445][T14039] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 504.953460][T14039] alloc_pages_mpol+0x1fb/0x550 [ 504.953476][T14039] new_slab+0x247/0x330 [ 504.953487][T14039] ___slab_alloc+0xcf2/0x1740 [ 504.953499][T14039] __slab_alloc.constprop.0+0x56/0xb0 [ 504.953512][T14039] __kmalloc_noprof+0x2f2/0x510 [ 504.953526][T14039] ieee802_11_parse_elems_full+0x1db/0x3780 [ 504.953539][T14039] ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 504.953560][T14039] ieee80211_iface_work+0xe2e/0x1360 [ 504.953573][T14039] cfg80211_wiphy_work+0x2c7/0x580 [ 504.953589][T14039] process_one_work+0x9cf/0x1b70 [ 504.953608][T14039] worker_thread+0x6c8/0xf10 [ 504.953619][T14039] kthread+0x3c5/0x780 [ 504.953636][T14039] ret_from_fork+0x5d4/0x6f0 [ 504.953654][T14039] page last free pid 6067 tgid 6067 stack trace: [ 504.953662][T14039] __free_frozen_pages+0x7d5/0x10f0 [ 504.953674][T14039] qlist_free_all+0x4d/0x120 [ 504.953687][T14039] kasan_quarantine_reduce+0x195/0x1e0 [ 504.953701][T14039] __kasan_slab_alloc+0x69/0x90 [ 504.953716][T14039] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 504.953731][T14039] jbd2__journal_start+0x193/0x6a0 [ 504.953752][T14039] __ext4_journal_start_sb+0x195/0x690 [ 504.953768][T14039] ext4_dirty_inode+0xa1/0x130 [ 504.953786][T14039] __mark_inode_dirty+0x1ee/0xe40 [ 504.953805][T14039] generic_update_time+0xcf/0xf0 [ 504.953821][T14039] file_update_time+0x17d/0x1c0 [ 504.953837][T14039] ext4_page_mkwrite+0x33d/0x1880 [ 504.953855][T14039] do_page_mkwrite+0x174/0x380 [ 504.953870][T14039] do_pte_missing+0x29d/0x3ba0 [ 504.953882][T14039] __handle_mm_fault+0x152a/0x2a50 [ 504.953894][T14039] handle_mm_fault+0x589/0xd10 [ 504.953907][T14039] [ 504.953910][T14039] Memory state around the buggy address: [ 504.953917][T14039] ffff888025313a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 504.953927][T14039] ffff888025313b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 504.953936][T14039] >ffff888025313b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 504.953943][T14039] ^ [ 504.953951][T14039] ffff888025313c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 504.953961][T14039] ffff888025313c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 504.953968][T14039] ================================================================== [ 504.956797][T14039] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 504.956813][T14039] CPU: 0 UID: 0 PID: 14039 Comm: syz.1.1427 Not tainted syzkaller #0 PREEMPT(full) [ 504.956835][T14039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 504.956844][T14039] Call Trace: [ 504.956850][T14039] [ 504.956858][T14039] dump_stack_lvl+0x3d/0x1f0 [ 504.956880][T14039] vpanic+0x6e8/0x7a0 [ 504.956902][T14039] ? __pfx_vpanic+0x10/0x10 [ 504.956923][T14039] ? fbcon_prepare_logo+0xa03/0xc70 [ 504.956942][T14039] panic+0xca/0xd0 [ 504.956961][T14039] ? __pfx_panic+0x10/0x10 [ 504.956980][T14039] ? fbcon_prepare_logo+0xa03/0xc70 [ 504.956996][T14039] ? preempt_schedule_common+0x44/0xc0 [ 504.957013][T14039] ? preempt_schedule_thunk+0x16/0x30 [ 504.957034][T14039] check_panic_on_warn+0xab/0xb0 [ 504.957054][T14039] end_report+0x107/0x170 [ 504.957072][T14039] kasan_report+0xee/0x110 [ 504.957089][T14039] ? fbcon_prepare_logo+0xa03/0xc70 [ 504.957117][T14039] kasan_check_range+0x100/0x1b0 [ 504.957139][T14039] __asan_memcpy+0x23/0x60 [ 504.957154][T14039] fbcon_prepare_logo+0xa03/0xc70 [ 504.957175][T14039] fbcon_init+0xd77/0x1900 [ 504.957195][T14039] visual_init+0x320/0x620 [ 504.957210][T14039] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 504.957231][T14039] store_bind+0x61d/0x760 [ 504.957248][T14039] ? sysfs_file_kobj+0xe4/0x290 [ 504.957263][T14039] ? __pfx_store_bind+0x10/0x10 [ 504.957280][T14039] dev_attr_store+0x55/0x80 [ 504.957301][T14039] ? __pfx_dev_attr_store+0x10/0x10 [ 504.957320][T14039] sysfs_kf_write+0xf2/0x150 [ 504.957336][T14039] kernfs_fop_write_iter+0x354/0x510 [ 504.957349][T14039] ? __pfx_sysfs_kf_write+0x10/0x10 [ 504.957366][T14039] iter_file_splice_write+0xa24/0x12e0 [ 504.957386][T14039] ? __pfx_iter_file_splice_write+0x10/0x10 [ 504.957403][T14039] ? __pfx_copy_splice_read+0x10/0x10 [ 504.957421][T14039] ? __pfx_iter_file_splice_write+0x10/0x10 [ 504.957440][T14039] direct_splice_actor+0x18f/0x6c0 [ 504.957455][T14039] splice_direct_to_actor+0x345/0xa30 [ 504.957470][T14039] ? __pfx_direct_splice_actor+0x10/0x10 [ 504.957486][T14039] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 504.957503][T14039] do_splice_direct+0x174/0x240 [ 504.957517][T14039] ? __pfx_do_splice_direct+0x10/0x10 [ 504.957532][T14039] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 504.957551][T14039] ? rw_verify_area+0xcf/0x6c0 [ 504.957574][T14039] do_sendfile+0xb06/0xe50 [ 504.957603][T14039] ? __pfx_do_sendfile+0x10/0x10 [ 504.957629][T14039] ? __sys_sendmsg+0x18c/0x220 [ 504.957652][T14039] ? __x64_sys_futex+0x1e0/0x4c0 [ 504.957669][T14039] ? __x64_sys_futex+0x1e9/0x4c0 [ 504.957687][T14039] __x64_sys_sendfile64+0x1d8/0x220 [ 504.957706][T14039] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 504.957728][T14039] do_syscall_64+0xcd/0x490 [ 504.957748][T14039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.957762][T14039] RIP: 0033:0x7f139f78ebe9 [ 504.957774][T14039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.957789][T14039] RSP: 002b:00007f13a066d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 504.957803][T14039] RAX: ffffffffffffffda RBX: 00007f139f9b6090 RCX: 00007f139f78ebe9 [ 504.957813][T14039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003 [ 504.957824][T14039] RBP: 00007f139f811e19 R08: 0000000000000000 R09: 0000000000000000 [ 504.957833][T14039] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 504.957842][T14039] R13: 00007f139f9b6128 R14: 00007f139f9b6090 R15: 00007ffc793689e8 [ 504.957858][T14039] [ 504.958124][T14039] Kernel Offset: disabled