last executing test programs: 9.380141523s ago: executing program 2 (id=2368): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x7ff, 0x2, 0x13, 0x3) mbind$auto(0x0, 0x40, 0x4, 0x0, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0xfffffffffffffffc, 0xd8, 0x3) mmap$auto(0x8000002, 0x20009, 0x8000000400000003, 0xeb1, 0x401, 0x8001) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r1 = epoll_create$auto(0x7) r2 = socketpair$auto(0x2001e, 0x14, 0x8000000000000000, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/ppp/ppp/power/runtime_status\x00', 0x20040, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000080), r1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r3, 0x0, 0x98c7) socket(0x2b, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c800", @ANYRES16=0x0, @ANYBLOB="020029bd7000ffdbdf25860000006e00ba088a196e799870147306e5445590070667e385aadb6df0267c49063038211dccb616d55912decc80ef7c62d2733d24c92f9febc49866039df128cafc8fa696275ed3b5c6ee011082b49a65b510f0aa140df5e768bd36e5671c4527dd22bd481e3295eca31a668a21bf218000003d00bd00b72bcea7b45660d5aece677b8795054f900a134b5f1c8130711ee2a2e8c07d221841ffb40c2d3feb"], 0xc8}, 0x1, 0x0, 0x0, 0x809}, 0x20040940) r4 = geteuid() fstat$auto(0xffffffffffffffff, &(0x7f0000000040)={0x6, 0xc, 0x200, 0x3, 0xee01, 0x0, 0x0, 0x3, 0x8, 0xfffffefffffffff6, 0x5, 0xb, 0xfffffffffffffffc, 0x7ffffffe, 0x9, 0x8, 0xfffffffffffffffe}) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xa, 0x2, r4, r5, 0x42) msgctl$auto_IPC_RMID(0xffffff4b, 0x0, &(0x7f00000001c0)={{0x7f28, 0xee01, 0x0, 0xb024, 0x9, 0x6, 0x16d}, &(0x7f0000000440)=0x5f, &(0x7f0000000180)=0x80, 0xbffffffffffffffb, 0x30ba, 0x2, 0x4, 0x4, 0xc, 0x2, 0x6, @raw=0x4, @inferred=0xffffffffffffffff}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) set_mempolicy$auto(0x8003, 0x0, 0x4) write$auto(0x3, 0x0, 0x7fffffff) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$auto(0x0, 0x27fff, 0x3, 0xeb0, 0xfffffffffffffffa, 0x208000) 9.377862907s ago: executing program 1 (id=2376): r0 = io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x44040080) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0) write$auto_sg_fops_sg(r2, &(0x7f00000001c0)="bf5b1a8c24000000dbcbc7a996eea7f3804ca6c7591afff6578d2f5f520f687f316ba7327b581cd8d58309037c0ae2c7", 0x30) ioctl$auto_SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000040)) ioctl$auto(r1, 0xffffffff, 0xffffffffffffffff) sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000900)=ANY=[@ANYRES16=r0, @ANYBLOB="bcbfb20d37c0dba0aefb95d2c2a515dff3f897b6d840b23e209b5ffd753e49243fa0d791aaf67e39328ffd2e60497e12bebb48a88f17f346dab1b64f6bb9256158c6f728af89cd140b7ac6eebabf0a14e26e13c0bc703625aa09df3449860a5845f4897ab307d72083e4cd707c79de14618b00abb56394d9dfc76118270c6397a54dad0eb21d1d6a468db22eaf5a63718c06bc8414fe27d684cbb3be38722f873a7408a5721816afd2ce1147c64b7d14fd9a081bb8bdb3573750f654cd5648818a1a517f3f07acaab048d67acaa2776aa562463369be0e68a8ab192abf4e7c95aba60b112285715b5c83d175", @ANYRESHEX=r2, @ANYRES32=r1, @ANYRESOCT=0x0, @ANYRES8=0x0, @ANYRES8=0x0, @ANYRESHEX=r0, @ANYRES32=r1, @ANYRES8=r2, @ANYBLOB="0be4581f1597f721cef4d51d167dfc055053c5c9f91c193aef3a6335bae8ba3850e32e9a9f9e7927ab278a7b3f4abdabb74f39a518354f59fc7b8969600f59a1c833637276c61eeefa7d4e8efadefe7a9a8c3a9ad5c8155f6f95acce819c36c34c6a2e73eef5d37d24aee71bfc8fdf5951c98a51cf46a30af31922cca737e64ab53fc5093c61b407682581c3b3f3e0897514b33cd934530c"], 0x30}}, 0x40008800) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyv9\x00', 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x40000, 0xbf) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/amidi2\x00', 0x193001, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r5 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/tracing/trace\x00', 0x0, 0x0) socket(0x29, 0x1, 0x3a) mmap$auto(0x0, 0x2, 0x1000000004, 0x9b72, 0x2, 0x8000) ioperm$auto(0x7, 0x5ad2, 0x8) bpf$auto(0x0, 0x0, 0x6f4) rt_sigsuspend$auto(0x0, 0x4) setsockopt$auto(0x400000000000003, 0x29, 0xcf, 0x0, 0x4) read$auto(0xffffffffffffffff, &(0x7f00000003c0)='/dev/ptyv9\x00', 0x4) read$auto(r1, &(0x7f0000003580)='\x00', 0x2) readv$auto(r5, &(0x7f0000000240)={&(0x7f0000001680)="8ba83c181e6e59e0d33d11b0dab22af0e3b1cd096c0a68c9ef50689bc61b1a6bb76497d6568867f7dffc67298a7cf538a8957ed171bc5117de43b70ccff0b578aa49a7257cbd42485567538c0292a26caca087d45fe62582b02221d3b97716461b3c9638d6a1a2a9b409e3a468208f5541ff3005e9d45e1122a6496b53959c65db3d6f26d90406b07525f10df5c34e1ebd739a9ce2d71ce6d3108f0f593d21093085fa6020364f069fc3ae96852cd04427b73749356ba69882243908703d19732d81a20e5aa3ca35e5a89d76fe812675efe32833d7d8b57a455f003689bc9b9837874bcb92f977cf8af4556f55bb3d22ab771c786d45a0e596d6d2d1b931b9ba7c9241d6942f198ff9e9dc4ea676f4c87bffe14516e29644631c7eb9f01b4922cd97a16eb7a62c770d98ea03f5e877724908a7371af928287d4ef53295bf01621f72e77c08e23059794fa77067962976d6a6d2b7da59bccef0e6dc2d4e9ad40cfd0899635213d0e48225d606dfd4cabefa93ac7cca816dbcaf5eb23e1a353d7c3bcc4ff8329c7c8ee293ff0535eb991d6b02007442f55c29ad7d7e7d3e1c81717efa9659cd0950c53dd8417d1c67a21293a35596c2f09b78caf792a5bde8dc1f657f323ca5552a8e66e2c7db717a5745761ad82087b8f43debc82b1c08582c2ac7569fdf1bdcf348ac3e532457c320d3d79c050c79803115f58cee94ba048e15c51f554395e4a0595374c7f29252352fb5fb987493d12aa51b1a80111d2c54cf6abbfcdb8c69eea0dd8a2ec19ca4a04ee28af6724e18f6649b0771cd8faba3464558a4a4aef853c4dd77cdd0869f48571c860185de62c11fb51edc4d412e66b41f12bff126343a8f0b0197b6e0798ab7bdca12066dbbddc034eac09d22fa3f8223926a030531784cb817883cbb106ee511ba9dc0b584b35ad299a0cff6ea64446712277c31853db19001098110e0882d1105cff53ff28b01e85eabfbf432adbd4e2adc2b3764995081ae9bfac54c3e1d1f95841c1004674d34af4d1b700ddf3282e541b2248d686a62dcd521df5677e99e61f281b638c2c7583b4dad6278cd5058d1fc2542c887d0d9a32274c08a49b5ccfd698aaf3c7c237e8c7d3830acc662b15809f2175e07104eb8907f9344a143b393eed3b441e434ffddc0b77e373cd7d62e56886bc6e88059f177c688cdce4ebd62d112e94edde99ab0488601405ac4ea5e5d96b5f7f2ba08916c83c436f6e1b40058d5d4bd789eab8abb87d2299b584e5f39c9ac9a32ea581eedb5859a6c888acbca84fc2e59f69bae491efcbd728e58f936a6a2e5dd2da9790a07651f613aea39ca02d6ee532e976c2e581be4ed8636aa6822090fd60d26be658acfbff1a751fba7a6ada52049af33ecb63002c979e96e8eb7b88c9249e034b58306092a4b35835a84a881b615e7e15a143e61c7f5e435bac08a07feff9f9ab96a14048a61f4ae67be15de4052c76b49e05d9caaae35ff3a0fe0dacae3054567eeb287f13c7d897991aa0c9cf2d97ad598d7bf6f689952720aafa88990725302177a9e0a1374db3bcf099ddcde0c478532cb16e2946e13a666f68aa8315d62a3dbd9376f0fbf82d2f168e09d0dd489a38aaf1805619db0dce53fc35d5528da4c572b72787ee245d288e2a2fecef1caeb7d6129e0b2e12e6f787d50f2376e687ecfbd44148f155a7f15096304934b86c74c35cbd4804da92bf037117d5f302e220fd2a59cab5148b0d6dde6cf0bf8e65c87850e41153abbffacd826f2d8613770a7c79ee8da33872f433b6be664e38003ab6e6a4e915d5d008c09e6324616f1626bf5c78fd9fbb42af9b21608e65d4b95ad9dc1c1d98bd0da9f22af2ec20063660f2c9bbac944b91b4a134827fe935360d8fb92b97422be3c9d1e1276fecfaf9bb5ef4fa90dc98cd42943726fe1ccc000649048ef63e571017d97906db6822fbc46bc14ccaf92d79d55a273ad26bddb9ad3879f9a2168c975ea4f6ff1ebc6650836ce515bb9f58b84912623f75d33e891ca8e684a4ead39ce3d4ecb2257bf6991744a30789e14b24059c75b398ce8b6ef80101708ffee72f0340cfb1e0d25b8098b822cad8881a67fffadafaf29e9ebb5f4386dfeeb0b8a125d7010d1282ae59ce221f297cbe10440fbda321c8d87aa556c643a2c41d46a2dd129199990deee8869cacfa538cb2760d77a5d14cab245497e4fe24dc58364d6340989242fa5c2d6646c8e6913d53277884542f9ddf5ec1a9611f514a338d271d3d7a591083348d667e226ddeff77c42e41fd4285edf2ac3d916b7458e42844c5e3041710f7c852b15691aa9e4114c2f165cd8e33521cb0f1ae367c302aecce67e2f6d57b26b25c94d5a79dc17abe15a20f6eb62ca659cfee0f63eb9f50b68963439b0b36ab035ff0c69997cbe2ae808d7db2baa2f9f449b5c8a2dc4e6b1ba1937e3708c97ef8b92c8b77f27c881c1635814a908f396c842b9a3888e4a385e8bbec20a05d8033543e167b1ece130dd13f5ff6fdec3f31563fe0c01a478fa507dbe4bcc6a8bf6057a13b179ca419b537f36352dace416a63abe359e50f3e2f61797e9f8bc44f9d5541b24ec8d9f0e343bb41bd9941c1601495b73aea4a3cfd4df50ae381b5a156594e134fad0482a6716ac3fbd0a758836f345d230b83b4cf8084cca511b3f4f4295b8a0a69040426d7eff753927cf5a1132c8d62bf434b4ecec52c68a9ae39988da3cb59d3107bcc916f9c6576cea05ccfdc4e014edfed6e77f78336dea31790151ee2f9f4b8381e091d9a6a8927f2ab19a8f5458fc61302b66a06848e12c5f5c8b587157dc57bd4f10bcab90964a72895e1a6852a18f91f7abb3c80695cf589fff110bff4283d6bcf0b1e1b96838c09500d24ab1ff9a1afe1b62c122c79e2c8489ad2e84a0b92a3baa451985595242e5858a2bba78b8b48b878c32543ad19c2032bdeae226d29961f6c5469922a630afc98d8922d7982a2091acc4ec01be01b2e46b4d0a7a85a80fd0b982cbc6a3056bd2f81c613ba5b358393fc5d84ee963109fbd1577688362acd083a9df1ccd8499c1e59aee6b14a518a287889968cc9230769f57403ec9672c743295bf688fd0b31eec32ca4069da2d9ced9f585f9f32dc33dfebbe03e57b19cc9e4d5bcbca5b3ddb68a5742e8e08ce3ec21b18b80e0456c603aafd3c0eae5f42c2784b7e03f76f766ebf345a8a23a4cd3f29024302703cd7b99345694c71ec17a29f2ad0fb6b5780f54fc4f44dec6df129629523186ec0a2696bc6702a8322d5f68d6b5267e3c8e114dbf36a517344728eb5a61c48ded4ae3d0a5382fa7917e39c363b47d09adfdad646792c5f31241fb8d04c7126dc7390313e760307763d16911ba3b0f5d465b0f06cf18374d625ce1c86ed56bca8807e8372e6a3d6f8328f6f6d72bc64909dced45c666a4a7a7a44b97c662415a3d9b4e5d1288d7949e0cdbd601cb57ecedc8ce94efbe40d9e477d236ab11a7ef5649553e602136bd1f1d9dcabaacde8d52622050fa3f950de846596f0689a1a0df1f57b0e36b570fc86cdb4fb42e71220371e9d2e9f32f1fa9ab2084d122e188bd1ab2c0bf03b16533a9d949795ed49ce6d00b8cd81444033f0644a10895c4afcbd45af959b48762e7d4697d2f4154eca0850f7c26727a055e9c33e3f6e97b1c46e20536cb74a28a184001e1e4bf08fd23cef178fabe313f125cbaca3cb0aa07099f1e5d588fd031c21d60172388431bbdc45dbe23e111d06919fd7b4e341dd7a5e12df750cabaeaf806ae7a1df3f99a22e0aaa3dea9f576280bfc1c3a7435985c25ab9b6833903ac713f8a529e0c54c46d673e07a8c1b79adb8c92aa62dbb731b247d9f4c8818c1d6e0000ef30541fe9c85db1b522a8c6c40a309fb4fa9330f974e4377c78275bfdae070f760c361fb3ced6906a7a4b5a899f0d554d640f794396d776de6d699a1e6fcd47c8b6a2feccaabeddf74c5a1643f0283decf6342026024dec76d067bf59ff8fb2a6db54b888d726eb24c32a50446c4062af8a031aa5910cfbf4ff75d50097ac3c89be728e213adde087c6416ecc6ec32920624e61cbaaf6835cf9f8540009c86ad674c676f7f08e40aacad6e9700d4b38979651f3f25d46b0a153689440db882c42064a24a55c73eed2df5e1ff2220e1f8ebe281d6d506c15fdc0e5186f461df5fc0b78de385f98a133e3e26a27cc290fd6c3c4e9c7559ea5b50bb037f5b06ca8355a58af1ce2a3b3cb773d57b2eb8b87ed46edfd9f684ccf9858f9a0f9537a9d11715f23cdc749409de7c3a1d6416784759a22d9f968b3a8b8f8f3953b565c6e7202e3de56cf7f2572c27a07e19b9337f9e234986361fda4e00ab82b071ccdd4e7b9df094648075d8f6f214543bf967f1a40f661a97d533522da3427d611213ca4979d2351c32f3b9a27f17070b29ffa4eb8d6fd60cc67e9d1c3dc95a86a035bbe0dab1dcecc62c304a03a2b456453d8f432bec3333da024dcf2400467b7a41e2cace51bfc42540818c9f4bd7e041ac89bd9b80e93c6afe0a51d08ffa3f2402d6b7f4dfa5a5d68fbc1e0d4d73e3bf2c0c007abe8772a456e2930e6fe8cfdcd9c475bf580c50d3080e4c629b6c99487218b7737d20d2fc118c07626ecd71dd32c662ddf8f2caa128aba37b05b21b8143d4555cbe4e6288100c4d6eb6f1315cbb92282eee74660a7bb507ab08e70c8e807d04dba14919da973eef34f9776e29c82684d021d61c013b3c788d17c3638bb82ce7ae9d87e2a7f84d6b6cb1ef34bce0c8c5060aa2f800ebdaf6d35bdc6e4676ea0b411e1b9293a0da803c20fe03dfa68b0f1b7a2a71eaa5e352bd92085d1a7ef52f32dd11f1cb8d8946b60942bd417f9b448ea479a5a28c4e707438471a71954a82fc68aad083d49078e9ff4552b40a3860d68d94970a637a6e68bd56e671b618fbae018a451e0c5f5b935d4e007a5c834877da3d9066aef38001a570cd8366433994ee7de0bbed2d44d5a6a9252c1c927d69cdd2e811d94f81f95180fe63c61ea8e4b4de098c00f4aa0501fa13ead1149bd3304447ec9b5e4a641123c3d25a27de76bb63ce4065cc700b1a53edd711e6228fcd7f6345174eb2b4a0283016989c9554ba286ad90ab0bc029cacfb0d5ccf32d9eb7a0c86b1d6b9958a15f5acf44a6af2a5912e328c7b6a30370132352d971839267b0394facd0230ba4ab7375f44be58a1a04a5c38a69ee57e13c53a58fa831fc741926794748b5b1a353c254313aaaa994c4ee8f4a9e1b2e1a9692e3bdeb4653184edc44d871f8ff10a7f5258f5c5c0bc9a6b15978fb837c344071c2da6e3bd7afe40714e5652fe57a3934df9afbf34bb1e0792a47e27804810eb0f6631118b44a293213d69bc80bd96eac1a5da3e0e52fa3de61c2b2011f380b4f13a8e03889a6aa499481f01e778e5b93fe6e18f4a6aa2e89ecf3e6caa5cd1009d96dfe726730c36d65eb23f0b77b3ac6fefd959afb0a06b84d12eb1118221f562ed0b6a8e5774c98374be3bc1b4a82e4ee1b22bf1284e021c82ff457096bb72b14f1c6959670bab99f784166317339fc2a23262c98230459ac3e9f20bb828747f6dd424d03ebdb17588a133a6a8d19f8d5730a92097b9e99ab4ffe14d3a4ee22cee1829b54d914d3ab3fb8d3d9f4fefe018472fc270c4288eaeddc3408df4ea15dd68113ffb3e7500f8fa3d5a40205e86014cd9c0cf6cb9de0a951c5c3104f502e94e3e53ae50b093e124e26fd762927049f93d7a36153677c1b643bbc6004ae50a06b0bb92fa04a1508a93dd78d", 0x4e}, 0x6) mmap$auto(0x401, 0x40009, 0xd65, 0x9b72, r1, 0x28040) r6 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r6, 0x0, 0x1f40) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000002680)="b2e32897fbbeb59c5cac66014511bca9f308b799dc7a275fd48a324e07d88bf00c6667451b7fed87b2455e140863c3a8730cf51ea4e587fcb980c408f1dc9a1445f3e1aae22588ab3409bf8db92738890c63fea7ae71576f1412447bb111f5f978d94b5324d70a007ecd1406abb125c390590d3a504f87cb55d3ca337257b19235df528860f2968a1656fa00694b85e8828a25d83a8babdb631e74002e5be372375751d993ff4078b22f670163e13bc13ca59a230f6fa74b63ec242838cea126") openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0xffeb) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv6/conf/gre0/accept_ra_rt_info_max_plen\x00', 0x82, 0x0) 8.566416732s ago: executing program 1 (id=2370): openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0xa00c2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, 0x0, 0x840, 0xc) socket(0x1d, 0x2, 0x6) socket(0x1f, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) shutdown$auto(0x200000003, 0x2) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) 7.660094694s ago: executing program 1 (id=2372): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x5425, 0x5) mmap$auto(0x7fff, 0x2020007, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b32, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x1d, 0x2, 0x6) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) sendto$auto(0x3, 0x0, 0x206c, 0x101, 0x0, 0x1c) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) fspick$auto(0x1, 0x0, 0xc) r4 = socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) sendto$auto(r4, 0x0, 0xb, 0xc, &(0x7f0000000000), 0x1c) read$auto(0x3, 0x0, 0x7c) io_uring_setup$auto(0x71, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioperm$auto(0xfb, 0x5, 0xe) setreuid$auto(0x4, 0x8) sched_setaffinity$auto(0x1, 0x1, 0x0) r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r5, 0x400454a4, &(0x7f0000000100)) 6.978501975s ago: executing program 3 (id=2373): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200000, 0x0) ioctl$auto_TUNGETDEVNETNS(r0, 0x54e3, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/ad_actor_key\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/44, 0x2c) (async) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) (async) sysfs$auto(0x2, 0x44, 0x0) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0x440002, 0x0) getsockopt$auto_SO_WIFI_STATUS(r2, 0x1, 0x29, &(0x7f0000000040)='\\($\'@$%\x00', &(0x7f0000000080)=0xffffff8e) (async) prctl$auto_PR_SET_VMA(0x53564d41, 0x1, 0x2000009004, 0xfffffffffffffffb, 0x2) keyctl$auto_KEYCTL_MOVE(0x1e, 0x8, 0x4, 0x5, 0x8) r3 = timerfd_create$auto_CLOCK_TAI(0xb, 0x7) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r3) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="3b457522aaa1b640bc8ad144f2b0f92b31379020d40593ec0ef5125da3fce6b700"/44, @ANYRES16=r4, @ANYBLOB="00042cbd7000fbdbdf251f0000001000180006b310f4e572e5f0f2b49160"], 0x24}, 0x1, 0x0, 0x0, 0x24004055}, 0x8050) (async) read$auto_sync_info_debugfs_fops_(r3, &(0x7f0000000100)=""/130, 0x82) 6.744929295s ago: executing program 3 (id=2374): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x11, 0x3, 0x10) mmap$auto(0xca, 0x9, 0x3, 0x13, 0x1000000002, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/ip_vs_conn\x00', 0xf00, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dri/card1\x00', 0x6082, 0x0) r2 = socket(0xa, 0x2, 0x0) r3 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0) ioctl$auto_LOOP_CTL_ADD(r3, 0x4c80, 0x0) setsockopt$auto(r2, 0x29, 0xb, 0x0, 0xca6) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) write$auto(r4, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r5 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r6 = socket(0x2, 0x1, 0x0) setsockopt$auto(r6, 0x6, 0x1f, 0x0, 0x3d) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x1c}}, 0x4044820) readv$auto(0x3, 0x0, 0x23a8c70effffffe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_fault_around_bytes_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x2282, 0x0) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000140)=@raw_tracepoint={0x807, r0, 0x0, 0x2}, 0x81) madvise$auto(0x0, 0x20000a, 0x4) pread64$auto(r1, 0x0, 0x594c, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) r8 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r8, 0xc0105702, &(0x7f0000000000)={0x0, 0x0, r8}) ioperm$auto(0x7, 0x1, 0x7) 6.247560864s ago: executing program 1 (id=2375): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000006980)={0x124c, r3, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_PMSR_RESULT={0x1238, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x1084, 0x5, 0x0, 0x1, [{0x1080, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x24, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x7}, @NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x5}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x47, 0x1, "15498343c724307734086992dc1e25a2a9103e4bf48686438120218fc18eb8d92081607cef938d982b98b2ffabb3d4697d0e992a1ea9d3b471e918ae07e413f97503f8"}, @NL80211_PMSR_PEER_ATTR_RESP={0x4}, @NL80211_PMSR_PEER_ATTR_RESP={0x8, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_FINAL={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x1004, 0x1, "1fb5becd41368ab779a0b29218e67556fc4604877ebfcbd398c11fb77c35a8bf6e74ddc9b04a9138098aecf779ea7e3d541edf3023425cada97c0dc587c6fa47716dd359907f0a162a0b886614c1a7e9546da002cc83e2ed566b0379129f985c460fbbf435e700a4b5580b8a56632571928f8f21f4d11364a0ef75b476ff3956f1c7da142f79c10a4876ffcc63f2d86a0e69b888fc4f296dee02ad8557cdbfb9f0235a183eca304867b40759629cbc72b1502c43b99766ba6d68b0c0ab3c3f028eac0d0571801e5df2a1d739c243a58bf16cfb3859743e905b7ba869f46438f8ae3034bf72d5e80c5484943de2b70c62ef38e5219cc8006f282faca545419374470f9a70397a1f81bc4623e08269594bbebf9b08b81b87ccaebf876dcaf1fa4562e3163b353cb8ff91dba36cfd929ec300388d9224fe45abcc42e157398da0642301b14d590dd9a490eeb4555c64ae48caedffd84b246834f69dfa63f173ce93ba2775a6f4aba2492fe9d62fcae89dab6719935a28c2d614d93e984df4b3a292e0e5d6754a30e52d52b951092a4df3b6abb5c8b74740d551a77c41d02f0ea667e8acb61eac844c20151dac7c08ae95aed291d11cd81365501d3fb0120e11566f94afe38fb008e05536f93364d00a43b8f486bd9aeed50d5a38947982f5f700f06aa7d6783f30abda22a3c9948a274bfae36f6a66c3229520089d65cbddde93a28dd2a72e93bc6c0d9b98f49c9d771f73b1d4dcb6c06829b15422f0c596401ba563a88ded070e2a05a79c8070085502fb3ca34fc767ff2d3b490bb9a6abc3019eefaa4bd9f345f6b94d597166754c5f95140dc5fa9ce51a7cc3257885d074c7cdfd88bb400fd6dbe2d4a830134967cacad9beaff366bf7e3b0a4fa0526473a70c1f44e343a5b9fadf9fc536113772f0f7b0bf16f9b7a7dd8eaa5f7fd9cf259565247f0e58375156005c30e25691d7f8fbd489af83a18f71a38b1996be1ca10bdcbe8d850603d9b81ba828c907753483e9ff23d1d861c36d8045acadaa640a61357fcf9aed13afdf56d13861dd74ce620e592230d3c8699e9adccf2920614ae13c1e3e88a830f36bfcd40ff7c767995044f2ba1661c5f977d9754c58a0d9dd7aad1fbfd94d36dfc61c532c5cb3093ccc0c125ee0e762469f8680500675d4404db12b7062c19c4f0c81c0de489b5eb725f1d7d4cbe7a1f4b51fe8faffb6a709c0a7a4ae7efe75bc66d6c2e705fbee29c0858d9891735c97a28aa15c16fa0444ac2caeeffae42f1fbf0f17adbc9ee40236a844add60741eb64c722811c6f9fd7d614f9620d6f07914b6e7d5eb5dc3d7d6d5f5323575a7c9f864d9d5793d4ca606ab3234930a32e44d8a08d624861a6b94c72f551e7adc8daee91594175bdba18c663ced5991c0846f1c03a96b5d8f858c10dea4886e12ee90186d2130891eb1b354abb1040dd571589b4b7884b31cff7f8b3cdef5a61bc9644883c852106d9be09e5f4d649c669a64fadd3a9b129ab1c956e33dd5ac7224439feb0ccae51aa092c36b4e8d720170d20c22a49e5919d203b312096d625e4316f141f26a9257af159b3c47e025fa40d0150b7dd969d2ec67c727b81653f679f6ebbf8b3ad9c3b0acf232d1b869982879c4a2722cc1e4f0740e9d0feb661e45c5b081ad0546761e6a025529086ca4d38a4b22193e792bbfe6ceb22be5ca954210d0f93f5e38550054b6ae80e64673158815af6cd6adc3b942b4371d33d9662ac80e3ef2eb4acd44ec66cb6d8948d67c3ba8e578f52ac30ab107723e5ce51c4e6d59b20ba7085fd8dbde58cf9a0bd3385e95db6b56a9a68e3160ad36a93e26dc8b915cd4e4767d3dbd3b74052f55e3a74b1edb1068c973a5ca70809c6aeab8ad627955a815315330c51153dcdcb6e77029b0a3712a9231f0c188659e5bb9f89b6a8fd91536a47db7e5d596fa93f0719502e442417ee11bfcb364c6ddadfc8581ce7779d107d6f7aa8739c3254ce9b1e2dbbc1e75566b6d80817e1820e02e8df220e1c9b2d98a15e9db86c5a32bf52b0f1de1be7636cb21e87d777fa1e7828be02578cac204a8e9c7ca6119aa0bdd165bbf7d0f799f0d2ae118bd9037982c1fed3e223b60cc86f21e8c1d9336cb76cb521bc9791abcd99af0bf70a198de0d678cc8bdc0f74fef28407bf09d93054d5e20f5452fad596ae036bec1109e4541d5cb9d287b5498934fad3963a53030dc2264668467716afee211f4dc8082800be3829050b2e26c447b001c076dda2e2b7f17c96612b0f594b6ef5193c5dc3affa5778896e1e40a3953e5557d39799c312b4126a6086dd85393ed3322a48ca0afb9e5dd96ac9461dc7cfc8b02a23b7a1486ea8c9bb204e39298b1017a67a8c1cf1e0582c6b8d95a611c0053eccc9592e1af600e4386680be35c29acfd9033058a4842006fe429188e6a4783a9bf5fd7d1c36c0530f6a42be785419ef2192ffe02470d376f084a4352cdc7e34b9f4891304499b1e0946832b187762d191d7e9cd9cc9112ad768e5132f804f304a9ba0572d0e1c7eac6ff606baf0f0f2e1c836d9a9f7f01fe748dd5ae7b34ed6d51f6e4c8575de14c8552026c4c82516080d919a706fa62958742cc2843ce88c04a19cb66781f2b75d9a81d3f4f2c078e35bacf3a69dc717b61c9c9557d82bdaa636fe80e37f41d63f2388da0b79555f2b3d2b7b30db6d2837aecd455814118a737d3d2845704f4b8a7156dd582477d0b9f0d2622b1f963d243c73646d35dd25547446fa94f47b63637e37b9c61ed88c97b185f9b8d09ffd768cd1c79ab31ff33e82423872f4b2642a1530a248b1dac5a776d5c5d6381e38f01fe8b23921c7b52175619bfe522c945e45ea5a0d35f35fb7c7f772f32657b8b936de258ab52fcf2bc4973c7d8da82d113bd59831b658c62b6913c9162f66a92bcdba85a33796028c8285083f65eec0168039af09f83e27d94fa22f4a595702cbd51d8f48ad8aff4a74c5fd50922b3eba0341c6718f34f3a59181722e330ccfc7d1997357fbb1c95213b082d6b6f119118bb24a98c2c53de48b8b1bdd9c51c88c89acbcd4de108fb32f4beda27743b4a04e5ebc677862da939c7dfc616e765b79b1359d8e5ae4eeae5cd38954a7b6f8693496bfd2624f1a83182440510d7de981a321ccf81b75ab23317598adcb3bff8454110a056ee64a3b088c3ed6d0cd1d2e7033f872106205e95f171e347f02d9583f59113e49386e30ad92537b577e9822f3ecfc1b1374bf2911f61168f30b8f1e3af513e8248409d25c1d3bc09e93a66fa2c4bb3caaf1f4bc28e730ffd78375136e8c32d9bc26b8958c62aa7912dcdf44bbb6668c872df81c6362a679e57860484f003506ab7e1bd7344261c761bc03a7a0167047c1c07e8e46e9af814ab2b93fbdd8536448ee939188ed5a79c6d5d962efe69afde6999a5d52d71090bcb11a1eacb07185f9f5199d44c9bb5c48a09b28cc10e3f84f04677c3052e57d5426d3f5fa852a8f4ed3c8495a4f79261bbf6d1405c9ee97fe3df651819907bf93e4bd0c0a7d2d454e7ba0e84eada5731bf373ae529a6a1f17f959c77931d2ae261b588e844e8c1deae11cf6bbc1433ecabd2715cca3c7471b6f8de376a72647f7bbe11659adb21af39f0b71ae0aaee207f1811cef018fc70717c38b14948f307302bebca0450c6d1670996a92eebe691e0f7395fc20c554a171472df72761fca5a73a242f15c39b7fe6e4c013d655cdd09e319727758beb367aaadf6e70bfef6f8fce3e7c3848279f88ebe8a10f00dfe8f4dd87f9437b8bfa4b7b1517902cc06887ec5a9b9eef923c0e72e9ff82226ae8bf7cef3b3cf91e0ff8408e62421a4d88875b9f6a9382722d42aaf8fea280198a23eda48f6ddc26411825dbfadd25301735d1f9c74f61b15d3b2181dc9d77a4115c7047b9c6520b55dd2fcf343c4f1cb7cf93c10c0e01e282f28cf54575924024819409c322dce701d88f78c94416ebf4c2275bac8c75299636f3a507b7f933c5e13d853725a5ce8f9ec33de647b87a1d0775d62dfa07fead5253cc18526b5ffd90312ff098b81dd01c59f882b0223e6cf768b2ee0d5e0e8d10a2f5c04aa3b97a3dc92e102b30d60f3f0ff5b6253e49d960bc6b8d3a5daf6f3f4c06fcaa315e8315fe71023875f318934414cfd10fd7625e084b132b1c37b1b3e10777c10a3f9c47cca710012a77bf342bd64ba5fb08e24908cbf07143a49c2acf74d0c4097b0a8c2efcb6dbda4433acd0f1e2ad24cbcb4462aa7ce3d12514d4aaaec95457ec06f197c0df614d484af7987458ed2e33552b7a1cf72a4c4b016e7a7399ef9998bd52f860d2ef0751e7e96ebc472af3e666f7778f8eedb12bbac921eac8436b31ab61d72c259a2473678d88743f0f768c1782ee4702646bf349308712ea8cbad36d90b5c770971a1ff70719cdfdeb01927a561fb67d7cb6a2feec1215bac6eeedfb930d3556b5547a7e1af3199de6929a745c5323dbc34624761bb1beff6508463a5b7cac6d1d0265c733cb609b8cdaa56042d29fb70fa58c64b1fed6028d3a2ee7d6f3046cd980bea9f9e1d82fd9beafe7d66cfcbdd49caa5ea4f43faca173cba614e02f407b5c791e460a3ee590b3780ad8cbab34ff0379cc1f947201e28d0cbfa9cc5beef86ecc7090eac13ff614bf73f24b335fcff38a57bce197f67a5816f3d11bb558f0485b4441fcddb6b33c211f19f263f35462349492e26d5fc8437e09539c06fd6b14f243e0a51cc7ed7482677c5a9e7c864b81ae890e6412b6b387e887c9a70e5470c0d17800bb4e39a971a30151c2d5717a9c1183fc5e43902b25130f5fe2d85a64b77a8e64dc59d0b1e3b022efb9c1cbdfebb071c0fbd09619577bb1e18b488091d5c239589805b8df254db031aaa7751bb0b71bffe4b307ebd8359271c2376f2c75a8bea9808725cca6254f89e211cae70dce4cefa123d29238ecb0057d28eeaaabea6e99ab64ebea4c2c62806e6a9e2bccb96a4d07e816ee378e094acee3a9f31b0d1033634310baef6bc7f5e0870a2f1f7f519861834935b1073f9a5c348a46b3be82932d3cf1823a60fb9d0b269b94e58614b5cca1bf2f47ad4e15a93fce9995e06583c41b84930fc26cfe19e9ce9028c7ed8f6f701ed97a74ff3d3affcacf957946fd675240ea08b362a4c1d15aa0722f4cec99aae7d167c49c6123b1ddc36285804044883676921d8b9feed089851e819b782c1fc4025c44874f1454e53e477838e6ff0a472331da69f8e4efb474db064a4b4325c08b4db60377a142c19512b7d1e9fdcfb599662e5448ef3fed112a62bad364467613c73a3385df9766446627c2658c87b56c069440d4e0406e1220c79c2c99116c3224a7a90fee8b6c04f3ff85cbe993c3bb4f7961a801dd893557cd0be736f17e3fa2c65ecc61b907c9d919612ac73a41f91d88733b5830d135a457b3c13fceb0bd294f412bde878315b32c91529b5d55383a1f79f949a8424865b474d784a7a89153b88fc7ec11589b01b9b1aece6585de4d6dbf329c09f35426525addf3e1aa57dddace18fdb219b5e4b32c29a24de709f180b6ff5578141158f467ee9f0cccb580e5b9929c59e47cc8ff27b8401a934769d99f26cc9a9f66ecd0879df8b5becf0cb9a41006396075455306059a7dce312f4e08c54d13bd5da696b32f2c8efbdaad768e372049a3a58bb8c6972d34f859c4ea29ec46aa7752f5d7e8bd3523a10de8b876cb1d61d143d55a1f343252f0927fd5d853b663a71dbb0fff6a7ff07f9cf1e1eb23e07009ffde16778c6f"}]}]}, @NL80211_PMSR_ATTR_PEERS={0x1b0, 0x5, 0x0, 0x1, [{0x138, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x80, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0xfffff7f7}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0xffffffff}, @NL80211_PMSR_RESP_ATTR_DATA={0x64, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x5c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_RESP_ATTR_RX_RATE={0x1c, 0xc, 0x0, 0x1, [@HWSIM_RATE_INFO_ATTR_EHT_RU_ALLOC={0x5, 0xb, 0xb}, @HWSIM_RATE_INFO_ATTR_FLAGS={0x5}, @HWSIM_RATE_INFO_ATTR_EHT_GI={0x5, 0xa, 0x1}]}, @NL80211_PMSR_FTM_RESP_ATTR_DIST_SPREAD={0xc}, @NL80211_PMSR_FTM_RESP_ATTR_RTT_SPREAD={0xc, 0xf, 0xc}, @NL80211_PMSR_FTM_RESP_ATTR_RTT_VARIANCE={0xc}, @NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_SUCCESSES={0x8, 0x4, 0x100}, @NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC={0x6, 0x14, '+\x00'}, @NL80211_PMSR_FTM_RESP_ATTR_BURST_INDEX={0x6, 0x2, 0x9}]}, @NL80211_PMSR_TYPE_FTM={0x4}]}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xb3, 0x1, "adcb04a58b3c2f134a15760485188573b1cab1d6ed2698c24fdf710d4b3aa02e3d7206d8e192d58f52ccb69d864b538b8c63b8931a461b0050253fe028240d8b51489a8d52d59f5088bc258b350f375c597e492406740eed2730170fcc3f336f8984bdd9509765de2517c0b82b11ee8c84f1bfcf02152e5664f172dd6025ddb37ce75221e11f3db64fbf6953ac9b5f7bf14ccddc2e65070aa3eecd7a88c038f6ae9bc539ca6b583f997fcbb21becf7"}]}, {0x74, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x48, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x9}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x4}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x628}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc}, @NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x1}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc, 0x4, 0x8}]}, @NL80211_PMSR_PEER_ATTR_RESP={0x28, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc, 0x4, 0x2}, @NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x7}, @NL80211_PMSR_RESP_ATTR_STATUS={0x8, 0x2, 0x1}]}]}]}]}]}, 0x124c}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) prctl$auto(0x3f, 0x7ff, 0x0, 0x5, 0x5) tgkill$auto(0x0, 0x1, 0x1) mkdir$auto(&(0x7f0000004440)='./file0\x00', 0x1) rename$auto(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00') mkdir$auto(0x0, 0x8) io_uring_setup$auto(0x2, 0x0) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x5408, 0x0) getdents$auto(r4, 0x0, 0xfff) madvise$auto(0x0, 0xffffffffffff0009, 0x13) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) 6.194885199s ago: executing program 2 (id=2377): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff) waitid$auto_P_ALL(0x0, 0x0, &(0x7f0000000140)={@_si_pad}, 0x8000, &(0x7f0000000200)={{0xff85}, {0x100, 0x6}, 0x2, 0x2, 0x200, 0x9, 0x2, 0x0, 0x840, 0x6, 0x1, 0x1ff, 0x83, 0x4, 0x100000001, 0x9}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) futex$auto(0x0, 0x8d, 0x0, 0x0, 0x0, 0x100) mmap$auto(0x100000000, 0x4, 0x4000000000df, 0x40eb2, 0xffffffffffffffff, 0x300000000000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0xca406, 0x0) pwritev2$auto(r0, &(0x7f00000003c0)={0x0, 0x200}, 0x8000000000000004, 0xffffffffffffffff, 0x4, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182, 0x0) unshare$auto(0x40000080) r1 = io_uring_setup$auto(0x1d49, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x77, 0x8, 0x1, 0x80000000, 0x102, 0x83, 0x101, 0x6, 0x9}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0x10000, 0x3}}) bpf$auto(0x68, &(0x7f0000000000)=@bpf_attr_3={0xa332, 0x2, 0x6, 0x5, 0xfffffbff, 0x2, 0x1, 0x4, 0x7, "0108a5172d53c2dc73bf58e1423b2178", 0x0, 0x9, 0xffffffffffffffff, 0x81, 0x8, 0x81, 0xb03, 0xfffffffffffffffd, 0x3ff, 0x7, @attach_prog_fd, 0xb5f3, 0x632, 0x57d, 0x1ff, 0x8}, 0xa3) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) socket(0x11, 0x3, 0x9) msgctl$auto_MSG_STAT(0xf, 0xb, 0x0) io_uring_register$auto(r1, 0x15, 0x0, 0x9) 5.593417431s ago: executing program 3 (id=2379): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/fcloop/ctl/del_local_port\x00', 0x80001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x108002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0) sysfs$auto(0x2, 0x4b, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/bus/scsi/drivers/st/debug_flag\x00', 0xa000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 4.788474805s ago: executing program 3 (id=2380): r0 = socket(0xa, 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x133040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) setsockopt$auto(r0, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0xee8c, 0x4) 4.125809975s ago: executing program 3 (id=2382): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/nvmet_rdma/parameters/srq_size\x00', 0x183841, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x3c8082, 0x0) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/options/trace_printk_dest\x00', 0x121082, 0x0) write$auto(r0, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0xc) fanotify_init$auto(0x65, 0x2) r1 = pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, r1, 0x0, 0x80000001, 0x9) socket(0x23, 0x80805, 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) open(&(0x7f00000002c0)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0xa2c00, 0x0) ioperm$auto(0x3, 0x5, 0x149) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x40082, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x85, 0x0) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) fstatfs$auto(r2, 0x0) prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x4, &(0x7f0000000280)={&(0x7f00000000c0)="87f72c14db003920dcea3376c5b342a5bfb5550db2d815e9aee41c45ba8b2c", 0xffffffff}, 0x4, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xf, 0x3, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 3.63524768s ago: executing program 2 (id=2385): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0xf4240}, 0x7) 3.297745915s ago: executing program 1 (id=2387): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff) waitid$auto_P_ALL(0x0, 0x0, &(0x7f0000000140)={@_si_pad}, 0x8000, &(0x7f0000000200)={{0xff85}, {0x100, 0x6}, 0x2, 0x2, 0x200, 0x9, 0x2, 0x0, 0x840, 0x6, 0x1, 0x1ff, 0x83, 0x4, 0x100000001, 0x9}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) futex$auto(0x0, 0x8d, 0x0, 0x0, 0x0, 0x100) mmap$auto(0x100000000, 0x4, 0x4000000000df, 0x40eb2, 0xffffffffffffffff, 0x300000000000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0xca406, 0x0) pwritev2$auto(r0, &(0x7f00000003c0)={0x0, 0x200}, 0x8000000000000004, 0xffffffffffffffff, 0x4, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182, 0x0) unshare$auto(0x40000080) r1 = io_uring_setup$auto(0x1d49, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x77, 0x8, 0x1, 0x80000000, 0x102, 0x83, 0x101, 0x6, 0x9}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0x10000, 0x3}}) bpf$auto(0x68, &(0x7f0000000000)=@bpf_attr_3={0xa332, 0x2, 0x6, 0x5, 0xfffffbff, 0x2, 0x1, 0x4, 0x7, "0108a5172d53c2dc73bf58e1423b2178", 0x0, 0x9, 0xffffffffffffffff, 0x81, 0x8, 0x81, 0xb03, 0xfffffffffffffffd, 0x3ff, 0x7, @attach_prog_fd, 0xb5f3, 0x632, 0x57d, 0x1ff, 0x8}, 0xa3) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) io_uring_register$auto(r1, 0x15, 0x0, 0x9) 2.789564271s ago: executing program 2 (id=2388): r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0xa002, 0x0) writev$auto(r0, &(0x7f0000000300)={0x0, 0x1}, 0x100) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) close_range$auto(0x6, 0xeffff000, 0x6) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xfff, 0xffffffffffffffff, 0x8000) ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp1\x00', 0x620242, 0x0) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r2, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x109001, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) r3 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) splice$auto(0x4, 0x0, r3, 0x0, 0x1000, 0xf) 2.78938608s ago: executing program 3 (id=2389): mmap$auto(0x1, 0x20005, 0x103, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/vm/nr_hugepages_mempolicy\x00', 0x141241, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/net/teql0/statistics/rx_dropped\x00', 0x80000, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/mpls/conf/caif0/input\x00', 0x82, 0x0) mq_getsetattr$auto(0xffffffffffffffff, &(0x7f0000000000)={0x81, 0x25, 0x5, 0x80}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000080), 0x40400, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1ac}}, 0x40000) close_range$auto(r0, 0xffffffffffffffff, 0x5) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) capget$auto(0x0, 0xfffffffffffffffe) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x20000005, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x1, &(0x7f0000000140)={0x0, 0x2}, 0x7, 0x0, 0x2, 0x800}}, 0xffffffff, 0x7, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0x40103d02, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0xb1, 0xff, 0x0, @raw=0xfffff00c}}) sendfile$auto(r0, r0, 0x0, 0x7dfff001) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) 2.787907868s ago: executing program 0 (id=2396): openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x109482, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x4000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x2, &(0x7f00000001c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x80000006}, 0x7f}, 0x3, 0x0) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x22042, 0x45) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x60}, 0x3) open(&(0x7f0000000000)='./bus\x00', 0x12f27e, 0x100) unlink$auto(&(0x7f0000000180)='./bus\x00') bpf$auto(0x3, 0x0, 0x5) r1 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x149102, 0x0) sendfile$auto(r1, r1, 0x0, 0x10) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) 2.511694042s ago: executing program 0 (id=2390): mq_notify$auto(0x4, 0x0) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1}) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) sysfs$auto(0x2, 0x14, 0xc) fsopen$auto(0x0, 0x20003) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x2, 0x0, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0xdeaf, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x4a801, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x12000, 0x0) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x800) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba) execve$auto(&(0x7f00000002c0)='./file0\x00', 0x0, 0xffffffffffffffff) r2 = eventfd$auto(0x80) readv$auto(r2, &(0x7f0000000380)={0x0, 0x8}, 0x4) userfaultfd$auto(0x4) listmount$auto(&(0x7f0000000100)={0x0, @raw=0x8, 0xfff, 0xfffffffffffffff7, 0x2}, 0x0, 0x8000, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0) write$auto(r3, 0x0, 0x2b6) 1.570740495s ago: executing program 0 (id=2392): r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x2480, 0x0) r1 = getsockopt$auto_SO_PEERPIDFD(r0, 0x0, 0x4d, &(0x7f0000000040)='-]@!\x00', &(0x7f0000000080)) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) r3 = waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000140)={@_si_pad}, 0x1, &(0x7f00000001c0)={{0x7f, 0x4}, {0x475e, 0x7}, 0xa, 0x0, 0x704c4aeb, 0x6, 0x1, 0x8000, 0x0, 0x80, 0x1, 0x0, 0x5, 0xffffffff80000001, 0x4, 0xffffffff80000000}) sendmsg$auto_TIPC_NL_KEY_SET(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0x6c0, r2, 0x100, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x98, 0x9, 0x0, 0x1, [@typed={0x93, 0x58, 0x0, 0x0, @binary="a62b3858088ce8f70459e977dba579da3eb5db98861bc3c26b422455a6756db47d5f8089b45bbb4ccc5cd5db0d20288618080d913d992afa77271762f836085c9551c6da51906808008f0317b2b7d39a574755d5fe118c361993487ce9f66ad8e586e33446100393f3073de4a195d8bb033dee283b7f16d79241402bd4e3f8a73abe0ec8c1150e11cf80fa09c35d4b"}]}, @TIPC_NLA_NAME_TABLE={0x298, 0x8, 0x0, 0x1, [@nested={0x255, 0xef, 0x0, 0x1, [@nested={0x4, 0xdd}, @nested={0x4, 0x10e}, @generic="7ba497a415caf4e794109f2f5aaa3d145ba98d4318de8c12ae0db940e918a9abde90f287a0d45e36df65f9f43ce426ea51c4b90f1d536ff727ec0fcd9add9f923e32d0cde405c8d55490d98b3dd5a483da610b3db112be265a2fff00b9678a44a45a27683fc7bf98124711a34f78432c14e3d832986938ddd1823e40de1e1ae6fa301a871e7d7028b0ec7342bd4c0a5857391cb0e834d2062b2ee77aabd91119658a1aab555239986bfe448f875506e14bbc3ad75e88c2c0fbb46a282b6d67a31b6852723efc0f13ea50b3e714b618e5d87ca4904ff02ebbd7cce99bfa24a5b4e959622b5f7c48b2f6bf69c6b2638c8fa51c794c9cbe", @nested={0x4, 0xe0}, @generic="64c72242804b043b3e8dca", @nested={0x4, 0x8c}, @typed={0x14, 0xb8, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="386567e77fb920dac805ecd1aacef1a88f7d2b50b6fd02e9b6268ff7de46be1fa32cb0b046f347f0ab55c77d3412a4244747f8f35b7efcf9c54c0b19545f7c29eb9dd973f966dd8fac5392b69c1f71031d404d06841954bac074a29c5a1f47563664317f3cc6b344761f411b29dcf34c98d2bb9582a895d1591fd2b366f911", @generic="2331f7", @generic="b420280d71c9a4b6ff5e2d04fd30757813eab1dfc823efe7c4284d4c1c37990259c078525042e050a4bbf2472636186d1eaf764cb50ebdeae9654211331b4d4d06be9cb17519c5bfafc1c885b5439842dd0840a6f0f6459526484869b81b3b4f412a66c849976476297402516c6a55109a7cf054368dee33c5bb9f6bdaccbfe32e79997e3fdf157cdd3c96a1e07d481e2cf21a07bf67b1079e42de3bd1f2c0ad03309db8ed59ea55c4b9"]}, @nested={0x39, 0x13c, 0x0, 0x1, [@generic="6860268405098bb639af65b5c433ef6fb18b7137a9d8cbd683e837b8a0ede32b123b93bdfeab0663885a51412e99511823", @nested={0x4, 0x142}]}]}, @TIPC_NLA_BEARER={0x1c, 0x1, 0x0, 0x1, [@nested={0x18, 0x31, 0x0, 0x1, [@typed={0x14, 0x95, 0x0, 0x0, @ipv6=@mcast2}]}]}, @TIPC_NLA_MON={0xca, 0x9, 0x0, 0x1, [@generic="c3530a6fe2a6be75cd230d45160d83aba87cfd008defc44e5264ffe7c98987661b99d8953fb77ca99e1a92dc8e14a292c1d6ff960d498b46b1f7026a0975a84a0b5e97076545587ca26cef3656e07fae221408067864300d44373eac95a1960920e7515e2437e81dd08b28aae1dd260de5fb8ec87afb6f613dd46d2b8cd10db96087bd6b666521bc1cf7fceb90fb1e45d1411e2c424269526db6710fb3267ee1f5d47dc710dda771c9ca1b9f71f2de799eb227d51873f1f1cab394db70bae187929673a83e8c"]}, @TIPC_NLA_MEDIA={0x294, 0x5, 0x0, 0x1, [@typed={0x8, 0xce, 0x0, 0x0, @pid=r3}, @typed={0x8, 0xbd, 0x0, 0x0, @ipv4=@loopback}, @nested={0x280, 0x72, 0x0, 0x1, [@generic="72b9c3f9bf8b6725b155ee22e257a5c70ad0b6a1366a046b1e92e74692533fd3a4ab4f9000b1b3f97fb2756c33c203fff5ae06b4cf1e3cf86b3826525945b6a9476a922e93aed4a87e50ee00085d0ccf289a38677bb77331acf99539f031bd8e1a90646cba536f39e9df86f6787949399a35b6877a5d3c7bad98ee27d0408872427eae3c79638af083a108e19cc4ba", @generic="e56c07424b846f0f4c4793f10eace4e6cb48e3409d147e1d8f0e9959236ed69c0650f39df8879a11cd7a9dbdfd3d253da4d99bb773dcb5e14e226ccf3b9c9e7f5db536de4e4478f6d1a61776fad5b157a0a79c3bb92ba097d14c70d60c19b4626d262bf5156f70e3fcf5e9ae011e4462056612272fb323eadcbe3254d93e8c7346b2be0eddcc25981f77a948723ea0a00f", @generic="091ffefa21fce8251415d33bb8991c4762abfbeabbeb157dcd6296fd134b0d4cc0a9e8a28f07d20767cab14ee2f65fa0f30be62ae68f97117df32187bf6f509988ff5957da735ffd16b91de20b60db1b9144a7146c580332dad1f6059b1ba8367933779829e9461511ca916fc0f1a6ccd0406292552f607db98e333ca2c214780b16a00e813e250c8fc1d3bafe3e39d40a50a95a8e4af021ebb9e17fda939aae9d8d4424291fa925aab6326a116f898854f5de9779814c65126522e5029af62f9725e25ad5fe82d3eb2f158703376ce5e253d277788a82fb8295e471980c73", @nested={0x4, 0x3}, @generic="0ef592f3ce535c2f68242bf2018a44529d672bc0f6bb7c59801e4efc52edb1ffbd82545c8cea3100cbdfd8038cb6e807a429e0b7c0845651c5ae9d62666f985137389497d9837447a282c6c6a461d54dc8e63cd987c4d829f5da5405a691419d6dc69fd1bb646d730b128f1411f61c809f", @typed={0x8, 0x110, 0x0, 0x0, @ipv4=@local}]}]}]}, 0x6c0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000007180)='/sys/devices/virtual/block/zram0/debug_stat\x00', 0x80, 0x0) mmap$auto(0x0, 0x100000000, 0xdc, 0x40000009b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x2000b, 0xdd, 0x40eb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000480)=""/110, 0x6e) 1.396049298s ago: executing program 2 (id=2393): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000007180)='/sys/devices/virtual/block/zram0/debug_stat\x00', 0x80, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbfd, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, '\x00\x00\x00\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0xffffffffffffffff}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c855}, 0x4880) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8001, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x22042, 0x45) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x60}, 0x3) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x149102, 0x0) sendfile$auto(r3, r3, 0x0, 0x10000800000003) 1.345132969s ago: executing program 0 (id=2394): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.021714716s ago: executing program 0 (id=2395): mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x101000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x51) r0 = socket(0x11, 0x2, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0xd, 0x8}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, 0x0, 0x4, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) (fail_nth: 4) 63.958024ms ago: executing program 0 (id=2397): mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0x15, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x406, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/ext4/sda1/reserved_clusters\x00', 0x2101, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x2, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x64, 0x0, 0x1c) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900), 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x31, 0x0, 0x9) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/arch_status\x00', 0x100, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = io_uring_setup$auto(0x6, 0x0) r4 = socket(0x2, 0x6, 0x0) setsockopt$auto(r4, 0x0, 0x10, 0x0, 0x17) ioctl$auto_CEC_S_MODE(r3, 0x40046109, &(0x7f00000002c0)=0x2) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x81, 0x0) ioctl$auto(r5, 0x5111, 0x3) preadv$auto(r5, &(0x7f00000001c0)={&(0x7f0000000080)="3b078720b009f139a4c924bc982546f14008688ed5278ec25f7a7ae236c7005cffb4926dfc0a8372d9aaa7889a8432b4a156db7ee0099eee32f92f640892ebc052a9aa89b7b2bd151ccb7283eded900a6e2832deca8a1b7f52cc304560815a4bcdde53476b645b0dbc4864bc36141c2604233dc2a40206ab0d67c31b44b7d1b8f39f46461c87100779759d018e60509138bc6ed25a2629db4d9dcf1449e8dae1598a73e9979593fc7de520353eaa8ebefb976e002178487fcce7b5300b518f1af3c8dfb47350ac21ae92699d40dff4b6180d", 0x4}, 0x1b70000000000, 0x6, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/pci0000:00/0000:00:01.0/power/control\x00', 0x1a1842, 0x0) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) 20.192376ms ago: executing program 1 (id=2398): openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0xa00c2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) signalfd$auto(0xffffffff, 0x0, 0x8) socket(0x1f, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) shutdown$auto(0x200000003, 0x2) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0xfffd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) 0s ago: executing program 2 (id=2399): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x68a80, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/ip_vs_conn\x00', 0xf00, 0x0) read$auto(0x3, 0x0, 0x1f40) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x40246f4c, 0x38) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x6) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) unshare$auto(0x40000080) mmap$auto(0x4, 0xfb1, 0xffffffff, 0x409b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) select$auto(0xc, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x80000000001823, 0xcd40000000000000, 0x3ef, 0x5, 0x19, 0x100000000, 0x1000000005, 0x2dde, 0xc, 0xbc, 0x100000000000a7, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) fcntl$auto(0xffffffffffffffff, 0x400, 0x1) openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000003900)='/sys/devices/virtual/mtd/mtd0/writesize\x00', 0x22400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000003940)=""/207, 0xcf) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) unshare$auto(0x5) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x121000, 0x0) mmap$auto(0x0, 0xc, 0x94b, 0xeb1, r1, 0x81) close_range$auto(0xffffffffffffffff, 0x8, 0xf) socket(0x20, 0x80000, 0x77) socket(0x23, 0x5, 0x84) kernel console output (not intermixed with test programs): 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.089466][T14254] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 579.089497][T14254] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 579.089520][T14254] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 579.089543][T14254] RBP: 00007f71ee79c090 R08: 0000000000000000 R09: 0000000000000000 [ 579.089563][T14254] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000001 [ 579.089582][T14254] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 579.089627][T14254] [ 579.398835][T14258] FAULT_INJECTION: forcing a failure. [ 579.398835][T14258] name failslab, interval 1, probability 0, space 0, times 0 [ 579.445310][T14258] CPU: 1 UID: 0 PID: 14258 Comm: syz.3.1830 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 579.445373][T14258] Tainted: [U]=USER [ 579.445385][T14258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 579.445406][T14258] Call Trace: [ 579.445418][T14258] [ 579.445432][T14258] dump_stack_lvl+0x16c/0x1f0 [ 579.445489][T14258] should_fail_ex+0x512/0x640 [ 579.445537][T14258] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 579.445578][T14258] should_failslab+0xc2/0x120 [ 579.445622][T14258] __kmalloc_cache_noprof+0x6a/0x3e0 [ 579.445657][T14258] ? ring_buffer_read_prepare+0x101/0x320 [ 579.445701][T14258] ? lockdep_init_map_type+0x5c/0x280 [ 579.445753][T14258] ring_buffer_read_prepare+0x101/0x320 [ 579.445796][T14258] tracing_open+0x925/0xf90 [ 579.445839][T14258] do_dentry_open+0x741/0x1c10 [ 579.445876][T14258] ? __pfx_tracing_open+0x10/0x10 [ 579.445918][T14258] vfs_open+0x82/0x3f0 [ 579.445972][T14258] path_openat+0x1e5e/0x2d40 [ 579.446024][T14258] ? __pfx_path_openat+0x10/0x10 [ 579.446068][T14258] do_filp_open+0x20b/0x470 [ 579.446103][T14258] ? __pfx_do_filp_open+0x10/0x10 [ 579.446171][T14258] ? alloc_fd+0x471/0x7d0 [ 579.446215][T14258] do_sys_openat2+0x11b/0x1d0 [ 579.446261][T14258] ? __pfx_do_sys_openat2+0x10/0x10 [ 579.446310][T14258] ? find_held_lock+0x2b/0x80 [ 579.446354][T14258] __x64_sys_openat+0x174/0x210 [ 579.446402][T14258] ? __pfx___x64_sys_openat+0x10/0x10 [ 579.446453][T14258] ? rcu_is_watching+0x12/0xc0 [ 579.446497][T14258] do_syscall_64+0xcd/0x230 [ 579.446551][T14258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.446585][T14258] RIP: 0033:0x7ff501d8e969 [ 579.446612][T14258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.446656][T14258] RSP: 002b:00007ff4ffbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 579.446694][T14258] RAX: ffffffffffffffda RBX: 00007ff501fb6080 RCX: 00007ff501d8e969 [ 579.446716][T14258] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 579.446738][T14258] RBP: 00007ff501e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 579.446759][T14258] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000000 [ 579.446779][T14258] R13: 0000000000000000 R14: 00007ff501fb6080 R15: 00007ffe11a20098 [ 579.446822][T14258] [ 580.101205][T14265] hub 8-0:1.0: USB hub found [ 580.112273][T14265] hub 8-0:1.0: 1 port detected [ 580.151323][T14267] usbip-vudc usbip-vudc.0: gadget not bound [ 583.037139][T14344] bond0: option all_slaves_active: invalid value (8) [ 584.635985][T14381] usbip-vudc usbip-vudc.0: gadget not bound [ 584.924616][T14386] input: f as /devices/virtual/input/input76 [ 586.280007][T14412] hub 8-0:1.0: USB hub found [ 586.323137][T14412] hub 8-0:1.0: 1 port detected [ 586.325749][T14415] usbip-vudc usbip-vudc.0: gadget not bound syzkaller syzkaller login: [ 586.536712][T14422] input: f as /devices/virtual/input/input77 [ 586.916859][T14436] input: f as /devices/virtual/input/input78 [ 587.515237][T14454] FAULT_INJECTION: forcing a failure. [ 587.515237][T14454] name failslab, interval 1, probability 0, space 0, times 0 [ 587.545521][T14454] CPU: 1 UID: 0 PID: 14454 Comm: syz.0.1876 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 587.545580][T14454] Tainted: [U]=USER [ 587.545592][T14454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 587.545614][T14454] Call Trace: [ 587.545626][T14454] [ 587.545641][T14454] dump_stack_lvl+0x16c/0x1f0 [ 587.545700][T14454] should_fail_ex+0x512/0x640 [ 587.545751][T14454] ? __kmalloc_noprof+0xbf/0x510 [ 587.545795][T14454] ? tracing_open+0x2ba/0xf90 [ 587.545826][T14454] should_failslab+0xc2/0x120 [ 587.545871][T14454] __kmalloc_noprof+0xd2/0x510 [ 587.545922][T14454] tracing_open+0x2ba/0xf90 [ 587.545956][T14454] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 587.546019][T14454] do_dentry_open+0x741/0x1c10 [ 587.546057][T14454] ? __pfx_tracing_open+0x10/0x10 [ 587.546100][T14454] vfs_open+0x82/0x3f0 [ 587.546152][T14454] path_openat+0x1e5e/0x2d40 [ 587.546206][T14454] ? __pfx_path_openat+0x10/0x10 [ 587.546254][T14454] do_filp_open+0x20b/0x470 [ 587.546291][T14454] ? __pfx_do_filp_open+0x10/0x10 [ 587.546368][T14454] ? alloc_fd+0x471/0x7d0 [ 587.546414][T14454] do_sys_openat2+0x11b/0x1d0 [ 587.546462][T14454] ? __pfx_do_sys_openat2+0x10/0x10 [ 587.546514][T14454] ? find_held_lock+0x2b/0x80 [ 587.546560][T14454] __x64_sys_openat+0x174/0x210 [ 587.546610][T14454] ? __pfx___x64_sys_openat+0x10/0x10 [ 587.546674][T14454] ? rcu_is_watching+0x12/0xc0 [ 587.546718][T14454] do_syscall_64+0xcd/0x230 [ 587.546767][T14454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.546797][T14454] RIP: 0033:0x7f1510b8e969 [ 587.546820][T14454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.546850][T14454] RSP: 002b:00007f15119fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 587.546878][T14454] RAX: ffffffffffffffda RBX: 00007f1510db5fa0 RCX: 00007f1510b8e969 [ 587.546899][T14454] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 587.546921][T14454] RBP: 00007f1510c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 587.546940][T14454] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000000 [ 587.546960][T14454] R13: 0000000000000000 R14: 00007f1510db5fa0 R15: 00007fff7c96d978 [ 587.546999][T14454] syzkaller syzkaller login: [ 588.319281][T14472] netlink: 350 bytes leftover after parsing attributes in process `syz.1.1884'. [ 588.569744][T14478] aoe: skb alloc failure [ 588.610852][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 588.619913][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 588.711046][T14476] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input79 [ 588.899828][T14490] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1891'. [ 588.920323][T14490] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1891'. [ 589.108356][T14476] vivid-003: ================= START STATUS ================= [ 589.119059][T14476] vivid-003: Radio HW Seek Mode: Bounded [ 589.143473][T14476] vivid-003: Radio Programmable HW Seek: false [ 589.149743][T14476] vivid-003: RDS Rx I/O Mode: Block I/O [ 589.158252][T14476] vivid-003: Generate RBDS Instead of RDS: false [ 589.195741][T14476] vivid-003: RDS Reception: true [ 589.201420][T14476] vivid-003: RDS Program Type: 0 inactive [ 589.210219][T14476] vivid-003: RDS PS Name: inactive [ 589.216785][T14476] vivid-003: RDS Radio Text: inactive [ 589.225255][T14476] vivid-003: RDS Traffic Announcement: false inactive [ 589.235291][T14476] vivid-003: RDS Traffic Program: false inactive [ 589.246264][T14476] vivid-003: RDS Music: false inactive [ 589.254193][T14476] vivid-003: ================== END STATUS ================== [ 589.489779][T14501] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1896'. [ 589.520192][T14503] usbip-vudc usbip-vudc.0: gadget not bound [ 589.797937][T14514] input: f as /devices/virtual/input/input80 [ 590.727551][T14523] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input81 [ 590.835598][T14535] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1907'. [ 591.058888][T14542] FAULT_INJECTION: forcing a failure. [ 591.058888][T14542] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 591.073503][T14542] CPU: 1 UID: 0 PID: 14542 Comm: syz.2.1910 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 591.073575][T14542] Tainted: [U]=USER [ 591.073590][T14542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 591.073608][T14542] Call Trace: [ 591.073620][T14542] [ 591.073632][T14542] dump_stack_lvl+0x16c/0x1f0 [ 591.073682][T14542] should_fail_ex+0x512/0x640 [ 591.073735][T14542] should_fail_alloc_page+0xe7/0x130 [ 591.073778][T14542] prepare_alloc_pages+0x3c2/0x610 [ 591.073829][T14542] ? rcu_is_watching+0x12/0xc0 [ 591.073864][T14542] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 591.073925][T14542] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 591.073965][T14542] ? do_raw_spin_lock+0x12c/0x2b0 [ 591.074014][T14542] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 591.074062][T14542] ? find_held_lock+0x2b/0x80 [ 591.074113][T14542] ? __lock_acquire+0xaa4/0x1ba0 [ 591.074156][T14542] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 591.074202][T14542] ? policy_nodemask+0xea/0x4e0 [ 591.074243][T14542] alloc_pages_mpol+0x1fb/0x550 [ 591.074278][T14542] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 591.074318][T14542] folio_alloc_mpol_noprof+0x36/0x2f0 [ 591.074356][T14542] shmem_alloc_folio+0x135/0x160 [ 591.074382][T14542] shmem_alloc_and_add_folio+0x499/0xc20 [ 591.074420][T14542] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 591.074454][T14542] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 591.074491][T14542] shmem_get_folio_gfp+0x687/0x1530 [ 591.074528][T14542] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 591.074562][T14542] ? filemap_map_pages+0xf6c/0x1680 [ 591.074601][T14542] shmem_fault+0x1fe/0xa30 [ 591.074639][T14542] ? __pfx_shmem_fault+0x10/0x10 [ 591.074674][T14542] ? __pfx_filemap_map_pages+0x10/0x10 [ 591.074716][T14542] __do_fault+0x10d/0x490 [ 591.074750][T14542] do_pte_missing+0x1031/0x3fb0 [ 591.074779][T14542] ? __handle_mm_fault+0x1010/0x2a40 [ 591.074809][T14542] __handle_mm_fault+0x103d/0x2a40 [ 591.074848][T14542] ? __pfx___handle_mm_fault+0x10/0x10 [ 591.074897][T14542] ? find_vma+0xbf/0x140 [ 591.074934][T14542] ? __pfx_find_vma+0x10/0x10 [ 591.074976][T14542] handle_mm_fault+0x3fe/0xad0 [ 591.075010][T14542] do_user_addr_fault+0x7a6/0x1370 [ 591.075039][T14542] ? rcu_is_watching+0x12/0xc0 [ 591.075067][T14542] exc_page_fault+0x5c/0xc0 [ 591.075113][T14542] asm_exc_page_fault+0x26/0x30 [ 591.075138][T14542] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 591.075171][T14542] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 591.075195][T14542] RSP: 0018:ffffc9000476fb28 EFLAGS: 00050206 [ 591.075215][T14542] RAX: 0000000000000001 RBX: 000000000000fdef RCX: 000000000000adef [ 591.075230][T14542] RDX: ffffed1009991fbe RSI: 0000000000005000 RDI: ffff88804cc85000 [ 591.075246][T14542] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1009991fbd [ 591.075262][T14542] R10: ffff88804cc8fdee R11: 0000000000000000 R12: 0000000000000000 [ 591.075278][T14542] R13: ffffc9000476fda0 R14: 000000000000fdef R15: ffff88804cc80000 [ 591.075313][T14542] _copy_from_iter+0x391/0x15b0 [ 591.075367][T14542] ? rcu_is_watching+0x12/0xc0 [ 591.075394][T14542] ? __pfx__copy_from_iter+0x10/0x10 [ 591.075456][T14542] ? rcu_is_watching+0x12/0xc0 [ 591.075485][T14542] ? trace_kmalloc+0x2b/0xd0 [ 591.075529][T14542] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 591.075571][T14542] ? sysctl_head_grab+0x51/0x70 [ 591.075606][T14542] ? proc_sys_call_handler+0x2a6/0x5c0 [ 591.075654][T14542] proc_sys_call_handler+0x317/0x5c0 [ 591.075695][T14542] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 591.075751][T14542] vfs_write+0x5bd/0x1180 [ 591.075786][T14542] ? __pfx_proc_sys_write+0x10/0x10 [ 591.075823][T14542] ? __pfx___mutex_lock+0x10/0x10 [ 591.075871][T14542] ? __pfx_vfs_write+0x10/0x10 [ 591.075931][T14542] ksys_write+0x12a/0x240 [ 591.075964][T14542] ? __pfx_ksys_write+0x10/0x10 [ 591.075995][T14542] ? rcu_is_watching+0x12/0xc0 [ 591.076038][T14542] do_syscall_64+0xcd/0x230 [ 591.076097][T14542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.076131][T14542] RIP: 0033:0x7fd7d1b8e969 [ 591.076158][T14542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.076190][T14542] RSP: 002b:00007fd7d291a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 591.076220][T14542] RAX: ffffffffffffffda RBX: 00007fd7d1db5fa0 RCX: 00007fd7d1b8e969 [ 591.076241][T14542] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 591.076261][T14542] RBP: 00007fd7d291a090 R08: 0000000000000000 R09: 0000000000000000 [ 591.076281][T14542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 591.076302][T14542] R13: 0000000000000000 R14: 00007fd7d1db5fa0 R15: 00007ffd2f24fb28 [ 591.076347][T14542] syzkaller syzkaller login: [ 591.600098][T14525] vivid-003: ================= START STATUS ================= [ 591.610563][T14525] vivid-003: Radio HW Seek Mode: Bounded [ 591.623210][T14525] vivid-003: Radio Programmable HW Seek: false [ 591.630347][T14525] vivid-003: RDS Rx I/O Mode: Block I/O [ 591.671046][T14525] vivid-003: Generate RBDS Instead of RDS: false [ 591.678942][T14525] vivid-003: RDS Reception: true [ 591.687153][T14525] vivid-003: RDS Program Type: 0 inactive [ 591.694033][T14525] vivid-003: RDS PS Name: inactive [ 591.699451][T14525] vivid-003: RDS Radio Text: inactive [ 591.719436][T14525] vivid-003: RDS Traffic Announcement: false inactive [ 591.729068][T14525] vivid-003: RDS Traffic Program: false inactive [ 591.736814][T14525] vivid-003: RDS Music: false inactive [ 591.745100][T14525] vivid-003: ================== END STATUS ================== [ 591.764382][T14549] input: f as /devices/virtual/input/input82 [ 592.229414][T14557] ubi: mtd0 is already attached to ubi0 syzkaller syzkaller login: [ 593.160434][T14581] FAULT_INJECTION: forcing a failure. [ 593.160434][T14581] name failslab, interval 1, probability 0, space 0, times 0 [ 593.185311][T14581] CPU: 1 UID: 0 PID: 14581 Comm: syz.1.1918 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 593.185361][T14581] Tainted: [U]=USER [ 593.185372][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 593.185391][T14581] Call Trace: [ 593.185402][T14581] [ 593.185414][T14581] dump_stack_lvl+0x16c/0x1f0 [ 593.185487][T14581] should_fail_ex+0x512/0x640 [ 593.185542][T14581] should_failslab+0xc2/0x120 [ 593.185584][T14581] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 593.185636][T14581] ? __alloc_skb+0x2b2/0x380 [ 593.185682][T14581] __alloc_skb+0x2b2/0x380 [ 593.185719][T14581] ? __pfx___alloc_skb+0x10/0x10 [ 593.185774][T14581] new_skb+0x21/0x230 [ 593.185806][T14581] aoecmd_cfg+0x21c/0x7d0 [ 593.185845][T14581] ? __pfx_aoecmd_cfg+0x10/0x10 [ 593.185892][T14581] ? apparmor_file_permission+0x251/0x400 [ 593.185943][T14581] ? aoechr_write+0x120/0x160 [ 593.185972][T14581] aoechr_write+0x120/0x160 [ 593.186004][T14581] vfs_write+0x25c/0x1180 [ 593.186039][T14581] ? __pfx_aoechr_write+0x10/0x10 [ 593.186080][T14581] ? __pfx_vfs_write+0x10/0x10 [ 593.186110][T14581] ? find_held_lock+0x2b/0x80 [ 593.186143][T14581] ? __fget_files+0x204/0x3c0 [ 593.186180][T14581] ? __fget_files+0x20e/0x3c0 [ 593.186223][T14581] ksys_write+0x12a/0x240 [ 593.186257][T14581] ? __pfx_ksys_write+0x10/0x10 [ 593.186289][T14581] ? rcu_is_watching+0x12/0xc0 [ 593.186334][T14581] do_syscall_64+0xcd/0x230 [ 593.186388][T14581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.186421][T14581] RIP: 0033:0x7f71ed98e969 [ 593.186447][T14581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.186481][T14581] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 593.186513][T14581] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 593.186535][T14581] RDX: 00000000000000d3 RSI: 0000000000000000 RDI: 0000000000000004 [ 593.186554][T14581] RBP: 00007f71ee79c090 R08: 0000000000000000 R09: 0000000000000000 [ 593.186575][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 593.186595][T14581] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 593.186660][T14581] [ 593.186754][T14581] aoe: skb alloc failure [ 593.558078][T14587] FAULT_INJECTION: forcing a failure. [ 593.558078][T14587] name failslab, interval 1, probability 0, space 0, times 0 [ 593.613641][T14587] CPU: 1 UID: 0 PID: 14587 Comm: syz.3.1921 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 593.613694][T14587] Tainted: [U]=USER [ 593.613704][T14587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 593.613723][T14587] Call Trace: [ 593.613734][T14587] [ 593.613746][T14587] dump_stack_lvl+0x16c/0x1f0 [ 593.613795][T14587] should_fail_ex+0x512/0x640 [ 593.613843][T14587] ? __kmalloc_noprof+0xbf/0x510 [ 593.613880][T14587] ? kernfs_fop_write_iter+0x237/0x510 [ 593.613920][T14587] should_failslab+0xc2/0x120 [ 593.613960][T14587] __kmalloc_noprof+0xd2/0x510 [ 593.614007][T14587] kernfs_fop_write_iter+0x237/0x510 [ 593.614058][T14587] vfs_write+0x5bd/0x1180 [ 593.614091][T14587] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 593.614136][T14587] ? __pfx___mutex_lock+0x10/0x10 [ 593.614184][T14587] ? __pfx_vfs_write+0x10/0x10 [ 593.614246][T14587] ksys_write+0x12a/0x240 [ 593.614277][T14587] ? __pfx_ksys_write+0x10/0x10 [ 593.614307][T14587] ? rcu_is_watching+0x12/0xc0 [ 593.614350][T14587] do_syscall_64+0xcd/0x230 [ 593.614400][T14587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.614433][T14587] RIP: 0033:0x7ff501d8e969 [ 593.614458][T14587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.614490][T14587] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 593.614520][T14587] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 593.614542][T14587] RDX: 0000000000000009 RSI: 0000200000000040 RDI: 0000000000000003 [ 593.614562][T14587] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 593.614589][T14587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 593.614608][T14587] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 593.614651][T14587] [ 593.617281][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 593.834083][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 593.994419][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 594.000964][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 594.158218][T14602] FAULT_INJECTION: forcing a failure. [ 594.158218][T14602] name failslab, interval 1, probability 0, space 0, times 0 [ 594.185249][T14602] CPU: 1 UID: 0 PID: 14602 Comm: syz.1.1928 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 594.185299][T14602] Tainted: [U]=USER [ 594.185309][T14602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 594.185328][T14602] Call Trace: [ 594.185338][T14602] [ 594.185349][T14602] dump_stack_lvl+0x16c/0x1f0 [ 594.185399][T14602] should_fail_ex+0x512/0x640 [ 594.185461][T14602] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 594.185500][T14602] should_failslab+0xc2/0x120 [ 594.185553][T14602] __kmalloc_cache_noprof+0x6a/0x3e0 [ 594.185588][T14602] ? tracing_open+0x328/0xf90 [ 594.185628][T14602] tracing_open+0x328/0xf90 [ 594.185659][T14602] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 594.185720][T14602] do_dentry_open+0x741/0x1c10 [ 594.185757][T14602] ? __pfx_tracing_open+0x10/0x10 [ 594.185795][T14602] vfs_open+0x82/0x3f0 [ 594.185846][T14602] path_openat+0x1e5e/0x2d40 [ 594.185895][T14602] ? __pfx_path_openat+0x10/0x10 [ 594.185939][T14602] do_filp_open+0x20b/0x470 [ 594.185973][T14602] ? __pfx_do_filp_open+0x10/0x10 [ 594.186048][T14602] ? alloc_fd+0x471/0x7d0 [ 594.186092][T14602] do_sys_openat2+0x11b/0x1d0 [ 594.186138][T14602] ? __pfx_do_sys_openat2+0x10/0x10 [ 594.186188][T14602] ? __fget_files+0x20e/0x3c0 [ 594.186228][T14602] __x64_sys_openat+0x174/0x210 [ 594.186280][T14602] ? __pfx___x64_sys_openat+0x10/0x10 [ 594.186327][T14602] ? ksys_write+0x1b9/0x240 [ 594.186360][T14602] ? rcu_is_watching+0x12/0xc0 [ 594.186403][T14602] do_syscall_64+0xcd/0x230 [ 594.186457][T14602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.186492][T14602] RIP: 0033:0x7f71ed98e969 [ 594.186517][T14602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.186557][T14602] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 594.186590][T14602] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 594.186612][T14602] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 594.186646][T14602] RBP: 00007f71ee79c090 R08: 0000000000000000 R09: 0000000000000000 [ 594.186667][T14602] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 594.186686][T14602] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 594.186729][T14602] [ 594.789364][T14614] FAULT_INJECTION: forcing a failure. [ 594.789364][T14614] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 594.789486][T14614] CPU: 1 UID: 0 PID: 14614 Comm: syz.2.1932 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 594.789540][T14614] Tainted: [U]=USER [ 594.789551][T14614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 594.789570][T14614] Call Trace: [ 594.789581][T14614] [ 594.789593][T14614] dump_stack_lvl+0x16c/0x1f0 [ 594.789642][T14614] should_fail_ex+0x512/0x640 [ 594.789694][T14614] should_fail_alloc_page+0xe7/0x130 [ 594.789749][T14614] prepare_alloc_pages+0x3c2/0x610 [ 594.789796][T14614] ? rcu_is_watching+0x12/0xc0 [ 594.789827][T14614] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 594.789885][T14614] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 594.789921][T14614] ? do_raw_spin_lock+0x12c/0x2b0 [ 594.789968][T14614] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 594.790015][T14614] ? find_held_lock+0x2b/0x80 [ 594.790056][T14614] ? __lock_acquire+0xaa4/0x1ba0 [ 594.790095][T14614] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 594.790140][T14614] ? policy_nodemask+0xea/0x4e0 [ 594.790181][T14614] alloc_pages_mpol+0x1fb/0x550 [ 594.790222][T14614] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 594.790271][T14614] folio_alloc_mpol_noprof+0x36/0x2f0 [ 594.790317][T14614] shmem_alloc_folio+0x135/0x160 [ 594.790349][T14614] shmem_alloc_and_add_folio+0x499/0xc20 [ 594.790395][T14614] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 594.790437][T14614] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 594.790482][T14614] shmem_get_folio_gfp+0x687/0x1530 [ 594.790537][T14614] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 594.790579][T14614] ? filemap_map_pages+0xf6c/0x1680 [ 594.790624][T14614] shmem_fault+0x1fe/0xa30 [ 594.790664][T14614] ? __pfx_shmem_fault+0x10/0x10 [ 594.790709][T14614] ? __pfx_filemap_map_pages+0x10/0x10 [ 594.790760][T14614] __do_fault+0x10d/0x490 [ 594.790803][T14614] do_pte_missing+0x1031/0x3fb0 [ 594.790839][T14614] ? __handle_mm_fault+0x1010/0x2a40 [ 594.790878][T14614] __handle_mm_fault+0x103d/0x2a40 [ 594.790921][T14614] ? __pfx___handle_mm_fault+0x10/0x10 [ 594.790978][T14614] ? find_vma+0xbf/0x140 [ 594.791019][T14614] ? __pfx_find_vma+0x10/0x10 [ 594.791066][T14614] handle_mm_fault+0x3fe/0xad0 [ 594.791106][T14614] do_user_addr_fault+0x7a6/0x1370 [ 594.791142][T14614] ? rcu_is_watching+0x12/0xc0 [ 594.791174][T14614] exc_page_fault+0x5c/0xc0 [ 594.791218][T14614] asm_exc_page_fault+0x26/0x30 [ 594.791246][T14614] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 594.791282][T14614] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 594.791311][T14614] RSP: 0018:ffffc9000ff27b28 EFLAGS: 00050206 [ 594.791335][T14614] RAX: 0000000000000001 RBX: 000000000000fdef RCX: 0000000000009def [ 594.791353][T14614] RDX: ffffed100fba9fbe RSI: 0000000000006000 RDI: ffff88807dd46000 [ 594.791373][T14614] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100fba9fbd [ 594.791393][T14614] R10: ffff88807dd4fdee R11: 0000000000000000 R12: 0000000000000000 [ 594.791412][T14614] R13: ffffc9000ff27da0 R14: 000000000000fdef R15: ffff88807dd40000 [ 594.791454][T14614] _copy_from_iter+0x391/0x15b0 [ 594.791533][T14614] ? rcu_is_watching+0x12/0xc0 [ 594.791563][T14614] ? __pfx__copy_from_iter+0x10/0x10 [ 594.791610][T14614] ? rcu_is_watching+0x12/0xc0 [ 594.791640][T14614] ? trace_kmalloc+0x2b/0xd0 [ 594.791681][T14614] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 594.791724][T14614] ? sysctl_head_grab+0x51/0x70 [ 594.791757][T14614] ? proc_sys_call_handler+0x2a6/0x5c0 [ 594.791803][T14614] proc_sys_call_handler+0x317/0x5c0 [ 594.791843][T14614] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 594.791896][T14614] vfs_write+0x5bd/0x1180 [ 594.791931][T14614] ? __pfx_proc_sys_write+0x10/0x10 [ 594.791967][T14614] ? __pfx___mutex_lock+0x10/0x10 [ 594.792014][T14614] ? __pfx_vfs_write+0x10/0x10 [ 594.792076][T14614] ksys_write+0x12a/0x240 [ 594.792108][T14614] ? __pfx_ksys_write+0x10/0x10 [ 594.792137][T14614] ? rcu_is_watching+0x12/0xc0 [ 594.792180][T14614] do_syscall_64+0xcd/0x230 [ 594.792231][T14614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.792262][T14614] RIP: 0033:0x7fd7d1b8e969 [ 594.792286][T14614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.792317][T14614] RSP: 002b:00007fd7d291a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 594.792346][T14614] RAX: ffffffffffffffda RBX: 00007fd7d1db5fa0 RCX: 00007fd7d1b8e969 [ 594.792368][T14614] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 594.792386][T14614] RBP: 00007fd7d291a090 R08: 0000000000000000 R09: 0000000000000000 [ 594.792406][T14614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 594.792425][T14614] R13: 0000000000000000 R14: 00007fd7d1db5fa0 R15: 00007ffd2f24fb28 [ 594.792468][T14614] [ 595.987969][T14623] tty tty12: ldisc open failed (-12), clearing slot 11 [ 598.195331][T14672] input: f as /devices/virtual/input/input83 [ 598.345378][T14675] Setting dangerous option i915.mitigations - tainting kernel [ 599.151984][T14689] netlink: 246 bytes leftover after parsing attributes in process `syz.3.1952'. [ 599.212001][T14680] Process accounting paused [ 599.260797][T14693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1954'. [ 599.613633][T14704] Setting dangerous option i915.mitigations - tainting kernel [ 599.691779][T14707] input: f as /devices/virtual/input/input84 [ 600.184568][T14720] ubi: mtd0 is already attached to ubi0 [ 600.645085][T14723] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1965'. [ 601.082174][T14730] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1967'. syzkaller syzkaller login: [ 601.279076][T14736] ubi: mtd0 is already attached to ubi0 [ 601.398344][T14742] Setting dangerous option i915.mitigations - tainting kernel [ 602.303923][T14756] ubi: mtd0 is already attached to ubi0 [ 603.578110][T14780] aoe: skb alloc failure [ 603.585739][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 603.604866][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 603.919351][T14787] ubi: mtd0 is already attached to ubi0 [ 604.172132][T14792] ubi: mtd0 is already attached to ubi0 [ 605.053467][T14810] FAULT_INJECTION: forcing a failure. [ 605.053467][T14810] name failslab, interval 1, probability 0, space 0, times 0 [ 605.092461][T14810] CPU: 1 UID: 0 PID: 14810 Comm: syz.3.1992 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 605.092515][T14810] Tainted: [U]=USER [ 605.092526][T14810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.092545][T14810] Call Trace: [ 605.092555][T14810] [ 605.092568][T14810] dump_stack_lvl+0x16c/0x1f0 [ 605.092620][T14810] should_fail_ex+0x512/0x640 [ 605.092664][T14810] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 605.092709][T14810] should_failslab+0xc2/0x120 [ 605.092752][T14810] __kmalloc_cache_noprof+0x6a/0x3e0 [ 605.092785][T14810] ? ring_buffer_read_prepare+0x101/0x320 [ 605.092820][T14810] ? lockdep_init_map_type+0x5c/0x280 [ 605.092868][T14810] ring_buffer_read_prepare+0x101/0x320 [ 605.092907][T14810] tracing_open+0x925/0xf90 [ 605.092949][T14810] do_dentry_open+0x741/0x1c10 [ 605.092984][T14810] ? __pfx_tracing_open+0x10/0x10 [ 605.093025][T14810] vfs_open+0x82/0x3f0 [ 605.093072][T14810] path_openat+0x1e5e/0x2d40 [ 605.093121][T14810] ? __pfx_path_openat+0x10/0x10 [ 605.093162][T14810] do_filp_open+0x20b/0x470 [ 605.093190][T14810] ? __pfx_do_filp_open+0x10/0x10 [ 605.093241][T14810] ? alloc_fd+0x471/0x7d0 [ 605.093275][T14810] do_sys_openat2+0x11b/0x1d0 [ 605.093311][T14810] ? __pfx_do_sys_openat2+0x10/0x10 [ 605.093352][T14810] ? __fget_files+0x20e/0x3c0 [ 605.093382][T14810] __x64_sys_openat+0x174/0x210 [ 605.093419][T14810] ? __pfx___x64_sys_openat+0x10/0x10 [ 605.093455][T14810] ? ksys_write+0x1b9/0x240 [ 605.093481][T14810] ? rcu_is_watching+0x12/0xc0 [ 605.093516][T14810] do_syscall_64+0xcd/0x230 [ 605.093558][T14810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.093584][T14810] RIP: 0033:0x7ff501d8e969 [ 605.093605][T14810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.093631][T14810] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 605.093655][T14810] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 605.093673][T14810] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 605.093695][T14810] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 605.093711][T14810] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 605.093727][T14810] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 605.093761][T14810] [ 606.450378][T14827] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1997'. [ 606.471124][T14827] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 608.152469][T14857] Setting dangerous option i915.mitigations - tainting kernel [ 609.220918][T14873] input: f as /devices/virtual/input/input85 [ 609.588870][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 609.596510][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 609.615646][T14831] Process accounting paused [ 609.867767][T14882] ubi: mtd0 is already attached to ubi0 syzkaller syzkaller login: [ 611.235102][T14901] ubi: mtd0 is already attached to ubi0 [ 612.513966][T14922] input: f as /devices/virtual/input/input86 [ 613.028589][T14938] Setting dangerous option i915.mitigations - tainting kernel [ 613.483492][T14943] input: f as /devices/virtual/input/input87 syzkaller syzkaller login: [ 613.871967][T14946] ubi: mtd0 is already attached to ubi0 [ 615.239508][T14973] Setting dangerous option i915.mitigations - tainting kernel [ 615.932958][T14981] nvme_fcloop: unknown parameter or missing value '^/]' [ 616.040345][T14984] netlink: 246 bytes leftover after parsing attributes in process `syz.3.2044'. [ 616.126026][T14987] Setting dangerous option i915.mitigations - tainting kernel [ 617.848904][T15010] ubi: mtd0 is already attached to ubi0 [ 618.336253][T15019] Setting dangerous option i915.mitigations - tainting kernel [ 618.460392][T15013] lo: entered allmulticast mode [ 618.523820][T15018] lo: left allmulticast mode [ 619.073907][T15024] ubi: mtd0 is already attached to ubi0 [ 619.895150][T15039] input: f as /devices/virtual/input/input88 [ 620.474600][T15051] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2066'. [ 620.671146][T15056] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 620.806514][T15061] FAULT_INJECTION: forcing a failure. [ 620.806514][T15061] name failslab, interval 1, probability 0, space 0, times 0 [ 620.827393][T15062] ubi: mtd0 is already attached to ubi0 [ 620.838345][T15061] CPU: 1 UID: 0 PID: 15061 Comm: syz.3.2068 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 620.838395][T15061] Tainted: [U]=USER [ 620.838406][T15061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 620.838426][T15061] Call Trace: [ 620.838436][T15061] [ 620.838449][T15061] dump_stack_lvl+0x16c/0x1f0 [ 620.838500][T15061] should_fail_ex+0x512/0x640 [ 620.838546][T15061] ? fs_reclaim_acquire+0xae/0x150 [ 620.838599][T15061] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 620.838646][T15061] should_failslab+0xc2/0x120 [ 620.838687][T15061] __kmalloc_noprof+0xd2/0x510 [ 620.838734][T15061] tomoyo_realpath_from_path+0xc2/0x6e0 [ 620.838793][T15061] ? tomoyo_profile+0x47/0x60 [ 620.838826][T15061] tomoyo_path_number_perm+0x245/0x580 [ 620.838865][T15061] ? tomoyo_path_number_perm+0x237/0x580 [ 620.838910][T15061] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 620.838957][T15061] ? find_held_lock+0x2b/0x80 [ 620.839034][T15061] ? find_held_lock+0x2b/0x80 [ 620.839065][T15061] ? hook_file_ioctl_common+0x145/0x410 [ 620.839111][T15061] ? __fget_files+0x20e/0x3c0 [ 620.839148][T15061] security_file_ioctl+0x9b/0x240 [ 620.839193][T15061] __x64_sys_ioctl+0xb7/0x200 [ 620.839241][T15061] do_syscall_64+0xcd/0x230 [ 620.839292][T15061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.839324][T15061] RIP: 0033:0x7ff501d8e969 [ 620.839350][T15061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.839383][T15061] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.839412][T15061] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 620.839432][T15061] RDX: 0000200000000080 RSI: 00000000c0305710 RDI: 0000000000000003 [ 620.839451][T15061] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 620.839471][T15061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.839490][T15061] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 620.839533][T15061] [ 620.839616][T15061] ERROR: Out of memory at tomoyo_realpath_from_path. syzkaller syzkaller login: [ 621.597301][T15075] input: f as /devices/virtual/input/input89 [ 621.879135][T15079] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2075'. [ 621.950354][T15081] FAULT_INJECTION: forcing a failure. [ 621.950354][T15081] name failslab, interval 1, probability 0, space 0, times 0 [ 622.000513][T15081] CPU: 1 UID: 0 PID: 15081 Comm: syz.3.2076 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 622.000568][T15081] Tainted: [U]=USER [ 622.000580][T15081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 622.000600][T15081] Call Trace: [ 622.000612][T15081] [ 622.000625][T15081] dump_stack_lvl+0x16c/0x1f0 [ 622.000687][T15081] should_fail_ex+0x512/0x640 [ 622.000736][T15081] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 622.000786][T15081] should_failslab+0xc2/0x120 [ 622.000829][T15081] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 622.000872][T15081] ? register_lock_class+0x41/0x4c0 [ 622.000917][T15081] ? fcloop_parse_nm_options.constprop.0+0xff/0x430 [ 622.000982][T15081] kstrdup+0x53/0x100 [ 622.001029][T15081] fcloop_parse_nm_options.constprop.0+0xff/0x430 [ 622.001091][T15081] ? __pfx_fcloop_parse_nm_options.constprop.0+0x10/0x10 [ 622.001157][T15081] ? __mutex_trylock_common+0xe9/0x250 [ 622.001218][T15081] ? __lock_acquire+0x5ca/0x1ba0 [ 622.001267][T15081] fcloop_delete_local_port+0xa9/0x470 [ 622.001307][T15081] ? __pfx_fcloop_delete_local_port+0x10/0x10 [ 622.001356][T15081] ? find_held_lock+0x2b/0x80 [ 622.001396][T15081] ? __pfx_fcloop_delete_local_port+0x10/0x10 [ 622.001434][T15081] dev_attr_store+0x58/0x80 [ 622.001477][T15081] ? __pfx_dev_attr_store+0x10/0x10 [ 622.001519][T15081] sysfs_kf_write+0xf2/0x150 [ 622.001587][T15081] kernfs_fop_write_iter+0x351/0x510 [ 622.001626][T15081] ? __pfx_sysfs_kf_write+0x10/0x10 [ 622.001685][T15081] vfs_write+0x5bd/0x1180 [ 622.001719][T15081] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 622.001765][T15081] ? __pfx___mutex_lock+0x10/0x10 [ 622.001814][T15081] ? __pfx_vfs_write+0x10/0x10 [ 622.001875][T15081] ksys_write+0x12a/0x240 [ 622.001907][T15081] ? __pfx_ksys_write+0x10/0x10 [ 622.001937][T15081] ? rcu_is_watching+0x12/0xc0 [ 622.001980][T15081] do_syscall_64+0xcd/0x230 [ 622.002031][T15081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.002063][T15081] RIP: 0033:0x7ff501d8e969 [ 622.002088][T15081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.002120][T15081] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 622.002150][T15081] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 622.002171][T15081] RDX: 0000000000000009 RSI: 0000200000000040 RDI: 0000000000000003 [ 622.002191][T15081] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 622.002211][T15081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.002230][T15081] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 622.002274][T15081] [ 623.034700][T15093] FAULT_INJECTION: forcing a failure. [ 623.034700][T15093] name failslab, interval 1, probability 0, space 0, times 0 [ 623.047805][T15093] CPU: 1 UID: 0 PID: 15093 Comm: syz.3.2079 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 623.047853][T15093] Tainted: [U]=USER [ 623.047864][T15093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 623.047883][T15093] Call Trace: [ 623.047895][T15093] [ 623.047908][T15093] dump_stack_lvl+0x16c/0x1f0 [ 623.047955][T15093] should_fail_ex+0x512/0x640 [ 623.048001][T15093] ? __kmalloc_noprof+0xbf/0x510 [ 623.048041][T15093] ? ring_buffer_read_prepare+0x171/0x320 [ 623.048075][T15093] should_failslab+0xc2/0x120 [ 623.048116][T15093] __kmalloc_noprof+0xd2/0x510 [ 623.048154][T15093] ? kasan_save_track+0x14/0x30 [ 623.048193][T15093] ring_buffer_read_prepare+0x171/0x320 [ 623.048229][T15093] tracing_open+0x925/0xf90 [ 623.048276][T15093] do_dentry_open+0x741/0x1c10 [ 623.048312][T15093] ? __pfx_tracing_open+0x10/0x10 [ 623.048352][T15093] vfs_open+0x82/0x3f0 [ 623.048400][T15093] path_openat+0x1e5e/0x2d40 [ 623.048449][T15093] ? __pfx_path_openat+0x10/0x10 [ 623.048493][T15093] do_filp_open+0x20b/0x470 [ 623.048527][T15093] ? __pfx_do_filp_open+0x10/0x10 [ 623.048592][T15093] ? alloc_fd+0x471/0x7d0 [ 623.048633][T15093] do_sys_openat2+0x11b/0x1d0 [ 623.048675][T15093] ? __pfx_do_sys_openat2+0x10/0x10 [ 623.048723][T15093] ? __fget_files+0x20e/0x3c0 [ 623.048761][T15093] __x64_sys_openat+0x174/0x210 [ 623.048807][T15093] ? __pfx___x64_sys_openat+0x10/0x10 [ 623.048849][T15093] ? ksys_write+0x1b9/0x240 [ 623.048881][T15093] ? rcu_is_watching+0x12/0xc0 [ 623.048924][T15093] do_syscall_64+0xcd/0x230 [ 623.048977][T15093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.049010][T15093] RIP: 0033:0x7ff501d8e969 [ 623.049035][T15093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.049067][T15093] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 623.049095][T15093] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 623.049117][T15093] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 623.049136][T15093] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 623.049155][T15093] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 623.049173][T15093] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 623.049217][T15093] syzkaller syzkaller login: [ 623.395027][T15099] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2080'. [ 623.565329][T15102] ubi: mtd0 is already attached to ubi0 [ 623.877574][T15108] Setting dangerous option i915.mitigations - tainting kernel [ 624.092707][T15105] ubi: mtd0 is already attached to ubi0 [ 624.813918][T15112] input: f as /devices/virtual/input/input90 [ 625.659338][T15140] Setting dangerous option i915.mitigations - tainting kernel [ 626.261728][T15148] ubi: mtd0 is already attached to ubi0 syzkaller syzkaller login: [ 626.482095][T15150] FAULT_INJECTION: forcing a failure. [ 626.482095][T15150] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 626.591771][T15150] CPU: 1 UID: 0 PID: 15150 Comm: syz.3.2094 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 626.591824][T15150] Tainted: [U]=USER [ 626.591836][T15150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 626.591856][T15150] Call Trace: [ 626.591867][T15150] [ 626.591880][T15150] dump_stack_lvl+0x16c/0x1f0 [ 626.591933][T15150] should_fail_ex+0x512/0x640 [ 626.591998][T15150] should_fail_alloc_page+0xe7/0x130 [ 626.592040][T15150] prepare_alloc_pages+0x3c2/0x610 [ 626.592089][T15150] ? rcu_is_watching+0x12/0xc0 [ 626.592123][T15150] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 626.592200][T15150] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 626.592243][T15150] ? do_raw_spin_lock+0x12c/0x2b0 [ 626.592324][T15150] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 626.592372][T15150] ? policy_nodemask+0xea/0x4e0 [ 626.592418][T15150] alloc_pages_mpol+0x1fb/0x550 [ 626.592461][T15150] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 626.592502][T15150] ? lock_acquire+0x179/0x350 [ 626.592553][T15150] folio_alloc_mpol_noprof+0x36/0x2f0 [ 626.592605][T15150] shmem_alloc_folio+0x135/0x160 [ 626.592640][T15150] shmem_alloc_and_add_folio+0x499/0xc20 [ 626.592691][T15150] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 626.592737][T15150] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 626.592786][T15150] shmem_get_folio_gfp+0x687/0x1530 [ 626.592837][T15150] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 626.592882][T15150] ? filemap_map_pages+0xf6c/0x1680 [ 626.592930][T15150] shmem_fault+0x1fe/0xa30 [ 626.592973][T15150] ? __pfx_shmem_fault+0x10/0x10 [ 626.593022][T15150] ? __pfx_filemap_map_pages+0x10/0x10 [ 626.593079][T15150] __do_fault+0x10d/0x490 [ 626.593125][T15150] do_pte_missing+0x1031/0x3fb0 [ 626.593164][T15150] ? __handle_mm_fault+0x1010/0x2a40 [ 626.593205][T15150] __handle_mm_fault+0x103d/0x2a40 [ 626.593254][T15150] ? __pfx___handle_mm_fault+0x10/0x10 [ 626.593321][T15150] ? find_vma+0xbf/0x140 [ 626.593365][T15150] ? __pfx_find_vma+0x10/0x10 [ 626.593418][T15150] handle_mm_fault+0x3fe/0xad0 [ 626.593460][T15150] do_user_addr_fault+0x7a6/0x1370 [ 626.593499][T15150] ? rcu_is_watching+0x12/0xc0 [ 626.593535][T15150] exc_page_fault+0x5c/0xc0 [ 626.593581][T15150] asm_exc_page_fault+0x26/0x30 [ 626.593614][T15150] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 626.593651][T15150] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 626.593682][T15150] RSP: 0018:ffffc900046dfb28 EFLAGS: 00050206 [ 626.593709][T15150] RAX: 0000000000000001 RBX: 000000000000fdef RCX: 0000000000007def [ 626.593729][T15150] RDX: ffffed1008699fbe RSI: 0000000000008000 RDI: ffff8880434c8000 [ 626.593751][T15150] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1008699fbd [ 626.593772][T15150] R10: ffff8880434cfdee R11: 0000000000000000 R12: 0000000000000000 [ 626.593793][T15150] R13: ffffc900046dfda0 R14: 000000000000fdef R15: ffff8880434c0000 [ 626.593839][T15150] _copy_from_iter+0x391/0x15b0 [ 626.593896][T15150] ? rcu_is_watching+0x12/0xc0 [ 626.593927][T15150] ? __pfx__copy_from_iter+0x10/0x10 [ 626.593976][T15150] ? rcu_is_watching+0x12/0xc0 [ 626.594007][T15150] ? trace_kmalloc+0x2b/0xd0 [ 626.594050][T15150] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 626.594094][T15150] ? sysctl_head_grab+0x51/0x70 [ 626.594127][T15150] ? proc_sys_call_handler+0x2a6/0x5c0 [ 626.594174][T15150] proc_sys_call_handler+0x317/0x5c0 [ 626.594214][T15150] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 626.594276][T15150] vfs_write+0x5bd/0x1180 [ 626.594311][T15150] ? __pfx_proc_sys_write+0x10/0x10 [ 626.594346][T15150] ? __pfx___mutex_lock+0x10/0x10 [ 626.594395][T15150] ? __pfx_vfs_write+0x10/0x10 [ 626.594458][T15150] ksys_write+0x12a/0x240 [ 626.594491][T15150] ? __pfx_ksys_write+0x10/0x10 [ 626.594521][T15150] ? rcu_is_watching+0x12/0xc0 [ 626.594563][T15150] do_syscall_64+0xcd/0x230 [ 626.594615][T15150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.594647][T15150] RIP: 0033:0x7ff501d8e969 [ 626.594672][T15150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.594701][T15150] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 626.594729][T15150] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 626.594751][T15150] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 626.594771][T15150] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 626.594792][T15150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 626.594812][T15150] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 626.594854][T15150] [ 629.284663][T15186] Process accounting resumed [ 629.450131][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.456597][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.682815][T15206] ubi: mtd0 is already attached to ubi0 [ 629.860520][T15204] Invalid ELF header magic: != ELF [ 630.861529][T15229] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2111'. [ 631.663867][T15239] Setting dangerous option i915.mitigations - tainting kernel [ 632.191877][T15244] nvme_fcloop: unknown parameter or missing value '^/]' [ 632.473113][T15252] input: f as /devices/virtual/input/input91 [ 632.674603][T15260] aoe: skb alloc failure [ 632.695380][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 632.701990][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.715572][T15263] FAULT_INJECTION: forcing a failure. [ 632.715572][T15263] name failslab, interval 1, probability 0, space 0, times 0 [ 632.750975][T15263] CPU: 1 UID: 0 PID: 15263 Comm: syz.1.2124 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 632.751040][T15263] Tainted: [U]=USER [ 632.751051][T15263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 632.751069][T15263] Call Trace: [ 632.751079][T15263] [ 632.751091][T15263] dump_stack_lvl+0x16c/0x1f0 [ 632.751160][T15263] should_fail_ex+0x512/0x640 [ 632.751206][T15263] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 632.751261][T15263] should_failslab+0xc2/0x120 [ 632.751304][T15263] __kmalloc_cache_noprof+0x6a/0x3e0 [ 632.751338][T15263] ? ring_buffer_read_prepare+0x101/0x320 [ 632.751374][T15263] ? kasan_save_track+0x14/0x30 [ 632.751416][T15263] ring_buffer_read_prepare+0x101/0x320 [ 632.751462][T15263] tracing_open+0x925/0xf90 [ 632.751511][T15263] do_dentry_open+0x741/0x1c10 [ 632.751547][T15263] ? __pfx_tracing_open+0x10/0x10 [ 632.751587][T15263] vfs_open+0x82/0x3f0 [ 632.751634][T15263] path_openat+0x1e5e/0x2d40 [ 632.751684][T15263] ? __pfx_path_openat+0x10/0x10 [ 632.751731][T15263] do_filp_open+0x20b/0x470 [ 632.751767][T15263] ? __pfx_do_filp_open+0x10/0x10 [ 632.751834][T15263] ? alloc_fd+0x471/0x7d0 [ 632.751879][T15263] do_sys_openat2+0x11b/0x1d0 [ 632.751926][T15263] ? __pfx_do_sys_openat2+0x10/0x10 [ 632.751977][T15263] ? __fget_files+0x20e/0x3c0 [ 632.752016][T15263] __x64_sys_openat+0x174/0x210 [ 632.752063][T15263] ? __pfx___x64_sys_openat+0x10/0x10 [ 632.752109][T15263] ? ksys_write+0x1b9/0x240 [ 632.752143][T15263] ? rcu_is_watching+0x12/0xc0 [ 632.752189][T15263] do_syscall_64+0xcd/0x230 [ 632.752244][T15263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.752276][T15263] RIP: 0033:0x7f71ed98e969 [ 632.752302][T15263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.752336][T15263] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 632.752366][T15263] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 632.752387][T15263] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 632.752410][T15263] RBP: 00007f71ee79c090 R08: 0000000000000000 R09: 0000000000000000 [ 632.752430][T15263] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 632.752449][T15263] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 632.752510][T15263] [ 633.084971][T15271] Setting dangerous option i915.mitigations - tainting kernel [ 634.016712][T15282] Setting dangerous option i915.mitigations - tainting kernel syzkaller syzkaller login: [ 634.537498][T15285] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2131'. [ 634.596972][T15285] net_ratelimit: 72 callbacks suppressed [ 634.597001][T15285] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 634.685285][T15292] input: f as /devices/virtual/input/input92 [ 634.884176][T15296] usbip-vudc usbip-vudc.0: gadget not bound [ 635.233247][T15307] nvme_fcloop: unknown parameter or missing value '^/]' [ 635.384626][T15309] netlink: 246 bytes leftover after parsing attributes in process `syz.0.2140'. syzkaller syzkaller login: [ 636.199690][T15321] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2145'. [ 636.261809][T15321] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 637.188591][T15339] ubi: mtd0 is already attached to ubi0 [ 638.436383][T15367] Setting dangerous option i915.mitigations - tainting kernel [ 639.555228][T15377] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2157'. [ 639.566805][T15378] Setting dangerous option i915.mitigations - tainting kernel [ 639.692601][T15377] Process accounting resumed [ 642.249219][T15422] ubi: mtd0 is already attached to ubi0 [ 642.446037][T15426] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2167'. [ 642.462837][T15426] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 643.594389][T15443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2171'. [ 643.626486][T15443] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 643.905801][T15446] FAULT_INJECTION: forcing a failure. [ 643.905801][T15446] name failslab, interval 1, probability 0, space 0, times 0 [ 643.989745][T15446] CPU: 0 UID: 0 PID: 15446 Comm: syz.3.2172 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 643.989788][T15446] Tainted: [U]=USER [ 643.989796][T15446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 643.989811][T15446] Call Trace: [ 643.989820][T15446] [ 643.989830][T15446] dump_stack_lvl+0x16c/0x1f0 [ 643.989869][T15446] should_fail_ex+0x512/0x640 [ 643.989911][T15446] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 643.989938][T15446] should_failslab+0xc2/0x120 [ 643.989969][T15446] __kmalloc_cache_noprof+0x6a/0x3e0 [ 643.989994][T15446] ? ring_buffer_read_prepare+0x101/0x320 [ 643.990020][T15446] ? lockdep_init_map_type+0x5c/0x280 [ 643.990057][T15446] ring_buffer_read_prepare+0x101/0x320 [ 643.990086][T15446] tracing_open+0x925/0xf90 [ 643.990116][T15446] do_dentry_open+0x741/0x1c10 [ 643.990142][T15446] ? __pfx_tracing_open+0x10/0x10 [ 643.990172][T15446] vfs_open+0x82/0x3f0 [ 643.990208][T15446] path_openat+0x1e5e/0x2d40 [ 643.990244][T15446] ? __pfx_path_openat+0x10/0x10 [ 643.990276][T15446] do_filp_open+0x20b/0x470 [ 643.990301][T15446] ? __pfx_do_filp_open+0x10/0x10 [ 643.990348][T15446] ? alloc_fd+0x471/0x7d0 [ 643.990378][T15446] do_sys_openat2+0x11b/0x1d0 [ 643.990411][T15446] ? __pfx_do_sys_openat2+0x10/0x10 [ 643.990446][T15446] ? find_held_lock+0x2b/0x80 [ 643.990478][T15446] __x64_sys_openat+0x174/0x210 [ 643.990512][T15446] ? __pfx___x64_sys_openat+0x10/0x10 [ 643.990548][T15446] ? rcu_is_watching+0x12/0xc0 [ 643.990580][T15446] do_syscall_64+0xcd/0x230 [ 643.990619][T15446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.990650][T15446] RIP: 0033:0x7ff501d8e969 [ 643.990670][T15446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.990694][T15446] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 643.990718][T15446] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 643.990735][T15446] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 643.990752][T15446] RBP: 00007ff501e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 643.990772][T15446] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000000 [ 643.990787][T15446] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 643.990818][T15446] [ 644.526582][T15457] input: f as /devices/virtual/input/input93 [ 644.548660][T15460] ubi: mtd0 is already attached to ubi0 [ 644.562548][T15461] FAULT_INJECTION: forcing a failure. [ 644.562548][T15461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 644.615766][T15459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2177'. [ 644.626076][T15459] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 644.651810][T15461] CPU: 1 UID: 0 PID: 15461 Comm: syz.0.2175 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 644.651851][T15461] Tainted: [U]=USER [ 644.651858][T15461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 644.651871][T15461] Call Trace: [ 644.651879][T15461] [ 644.651887][T15461] dump_stack_lvl+0x16c/0x1f0 [ 644.651924][T15461] should_fail_ex+0x512/0x640 [ 644.651959][T15461] _copy_from_user+0x2e/0xd0 [ 644.651993][T15461] copy_from_sockptr_offset.constprop.0+0x136/0x170 [ 644.652018][T15461] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 644.652050][T15461] mptcp_setsockopt+0xe64/0x30e0 [ 644.652076][T15461] ? __pfx_mptcp_setsockopt+0x10/0x10 [ 644.652098][T15461] ? __lock_acquire+0x5ca/0x1ba0 [ 644.652126][T15461] ? __pfx_aa_sk_perm+0x10/0x10 [ 644.652151][T15461] ? find_held_lock+0x2b/0x80 [ 644.652174][T15461] ? sock_common_setsockopt+0x2e/0xf0 [ 644.652205][T15461] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 644.652235][T15461] do_sock_setsockopt+0x221/0x470 [ 644.652264][T15461] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 644.652309][T15461] __sys_setsockopt+0x120/0x1a0 [ 644.652336][T15461] __x64_sys_setsockopt+0xbd/0x160 [ 644.652358][T15461] ? do_syscall_64+0x91/0x230 [ 644.652388][T15461] ? lockdep_hardirqs_on+0x7c/0x110 [ 644.652424][T15461] do_syscall_64+0xcd/0x230 [ 644.652457][T15461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.652479][T15461] RIP: 0033:0x7f1510b8e969 [ 644.652496][T15461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.652517][T15461] RSP: 002b:00007f15119dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 644.652538][T15461] RAX: ffffffffffffffda RBX: 00007f1510db6080 RCX: 00007f1510b8e969 [ 644.652553][T15461] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 0000000000000003 [ 644.652565][T15461] RBP: 00007f15119dd090 R08: 000000000000eb66 R09: 0000000000000000 [ 644.652579][T15461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 644.652592][T15461] R13: 0000000000000001 R14: 00007f1510db6080 R15: 00007fff7c96d978 [ 644.652618][T15461] [ 645.831057][T15479] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2184'. syzkaller syzkaller login: [ 646.188298][T15486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2185'. [ 646.210288][T15486] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 646.566269][T15497] input: f as /devices/virtual/input/input94 [ 646.773026][T15498] ubi: mtd0 is already attached to ubi0 [ 646.955077][T15505] Setting dangerous option i915.mitigations - tainting kernel syzkaller syzkaller login: [ 647.977741][T15521] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2193'. [ 648.259093][T15530] ubi: mtd0 is already attached to ubi0 [ 648.375098][T15522] QAT: Device 0 not found [ 648.902968][T15536] Setting dangerous option i915.mitigations - tainting kernel [ 650.998557][T15569] Invalid ELF header magic: != ELF [ 651.583687][T15582] Setting dangerous option i915.mitigations - tainting kernel [ 652.523281][T15589] FAULT_INJECTION: forcing a failure. [ 652.523281][T15589] name failslab, interval 1, probability 0, space 0, times 0 [ 652.550569][T15589] CPU: 1 UID: 0 PID: 15589 Comm: syz.1.2207 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 652.550614][T15589] Tainted: [U]=USER [ 652.550624][T15589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 652.550639][T15589] Call Trace: [ 652.550648][T15589] [ 652.550659][T15589] dump_stack_lvl+0x16c/0x1f0 [ 652.550704][T15589] should_fail_ex+0x512/0x640 [ 652.550746][T15589] ? __kmalloc_noprof+0xbf/0x510 [ 652.550780][T15589] ? ring_buffer_read_prepare+0x171/0x320 [ 652.550808][T15589] should_failslab+0xc2/0x120 [ 652.550844][T15589] __kmalloc_noprof+0xd2/0x510 [ 652.550878][T15589] ? kasan_save_track+0x14/0x30 [ 652.550914][T15589] ring_buffer_read_prepare+0x171/0x320 [ 652.550949][T15589] tracing_open+0x925/0xf90 [ 652.550986][T15589] do_dentry_open+0x741/0x1c10 [ 652.551017][T15589] ? __pfx_tracing_open+0x10/0x10 [ 652.551054][T15589] vfs_open+0x82/0x3f0 [ 652.551099][T15589] path_openat+0x1e5e/0x2d40 [ 652.551145][T15589] ? __pfx_path_openat+0x10/0x10 [ 652.551186][T15589] do_filp_open+0x20b/0x470 [ 652.551229][T15589] ? __pfx_do_filp_open+0x10/0x10 [ 652.551289][T15589] ? alloc_fd+0x471/0x7d0 [ 652.551328][T15589] do_sys_openat2+0x11b/0x1d0 [ 652.551369][T15589] ? __pfx_do_sys_openat2+0x10/0x10 [ 652.551415][T15589] ? __fget_files+0x20e/0x3c0 [ 652.551449][T15589] __x64_sys_openat+0x174/0x210 [ 652.551500][T15589] ? __pfx___x64_sys_openat+0x10/0x10 [ 652.551542][T15589] ? ksys_write+0x1b9/0x240 [ 652.551567][T15589] ? rcu_is_watching+0x12/0xc0 [ 652.551605][T15589] do_syscall_64+0xcd/0x230 [ 652.551651][T15589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.551679][T15589] RIP: 0033:0x7f71ed98e969 [ 652.551700][T15589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.551729][T15589] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 652.551755][T15589] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 652.551775][T15589] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 652.551794][T15589] RBP: 00007f71ee79c090 R08: 0000000000000000 R09: 0000000000000000 [ 652.551812][T15589] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 652.551829][T15589] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 652.551868][T15589] [ 652.890862][T15590] usbip-vudc usbip-vudc.0: gadget not bound [ 653.319178][T15606] ubi: mtd0 is already attached to ubi0 [ 653.506462][T15610] netlink: 246 bytes leftover after parsing attributes in process `syz.2.2213'. [ 654.021470][T15617] FAULT_INJECTION: forcing a failure. [ 654.021470][T15617] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 654.098824][T15617] CPU: 1 UID: 0 PID: 15617 Comm: syz.2.2216 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 654.098910][T15617] Tainted: [U]=USER [ 654.098921][T15617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.098939][T15617] Call Trace: [ 654.098950][T15617] [ 654.098961][T15617] dump_stack_lvl+0x16c/0x1f0 [ 654.099011][T15617] should_fail_ex+0x512/0x640 [ 654.099062][T15617] should_fail_alloc_page+0xe7/0x130 [ 654.099113][T15617] prepare_alloc_pages+0x3c2/0x610 [ 654.099171][T15617] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 654.099215][T15617] ? kernel_text_address+0x8d/0x100 [ 654.099246][T15617] ? __kernel_text_address+0xd/0x40 [ 654.099275][T15617] ? unwind_get_return_address+0x59/0xa0 [ 654.099315][T15617] ? arch_stack_walk+0xa6/0x100 [ 654.099361][T15617] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 654.099401][T15617] ? __lock_acquire+0x5ca/0x1ba0 [ 654.099447][T15617] ? stack_trace_save+0x8e/0xc0 [ 654.099489][T15617] ? look_up_lock_class+0x59/0x150 [ 654.099538][T15617] ? register_lock_class+0x41/0x4c0 [ 654.099581][T15617] ? find_held_lock+0x2b/0x80 [ 654.099610][T15617] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 654.099658][T15617] ? policy_nodemask+0xea/0x4e0 [ 654.099703][T15617] alloc_pages_mpol+0x1fb/0x550 [ 654.099746][T15617] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 654.099792][T15617] ? __lock_acquire+0x5ca/0x1ba0 [ 654.099840][T15617] folio_alloc_mpol_noprof+0x36/0x2f0 [ 654.099889][T15617] vma_alloc_folio_noprof+0xed/0x1e0 [ 654.099934][T15617] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 654.099994][T15617] do_pte_missing+0x223d/0x3fb0 [ 654.100042][T15617] __handle_mm_fault+0x103d/0x2a40 [ 654.100098][T15617] ? __pfx___handle_mm_fault+0x10/0x10 [ 654.100157][T15617] ? find_vma+0xbf/0x140 [ 654.100201][T15617] ? __pfx_find_vma+0x10/0x10 [ 654.100250][T15617] handle_mm_fault+0x3fe/0xad0 [ 654.100291][T15617] do_user_addr_fault+0x7a6/0x1370 [ 654.100330][T15617] ? rcu_is_watching+0x12/0xc0 [ 654.100364][T15617] exc_page_fault+0x5c/0xc0 [ 654.100411][T15617] asm_exc_page_fault+0x26/0x30 [ 654.100443][T15617] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 654.100482][T15617] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 654.100514][T15617] RSP: 0018:ffffc9000c037af8 EFLAGS: 00050212 [ 654.100539][T15617] RAX: 3a6e6f6973726576 RBX: 0000000000000016 RCX: 0000000000000016 [ 654.100560][T15617] RDX: ffffed100c391c03 RSI: ffff888061c8e000 RDI: 0000200000000480 [ 654.100581][T15617] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100c391c02 [ 654.100602][T15617] R10: ffff888061c8e015 R11: 0000000000000000 R12: 0000200000000480 [ 654.100623][T15617] R13: ffffc9000c037da0 R14: 0000200000000496 R15: ffff888061c8e000 [ 654.100669][T15617] _copy_to_iter+0x391/0x15a0 [ 654.100710][T15617] ? __pfx__copy_to_iter+0x10/0x10 [ 654.100764][T15617] ? kernfs_seq_stop+0xcd/0x120 [ 654.100826][T15617] ? kernfs_put_active+0x86/0xe0 [ 654.100867][T15617] seq_read_iter+0xcf8/0x12c0 [ 654.100933][T15617] kernfs_fop_read_iter+0x40f/0x5a0 [ 654.100974][T15617] ? rw_verify_area+0xcf/0x680 [ 654.101026][T15617] vfs_read+0x8cb/0xc70 [ 654.101064][T15617] ? __pfx___mutex_lock+0x10/0x10 [ 654.101126][T15617] ? __pfx_vfs_read+0x10/0x10 [ 654.101186][T15617] ksys_read+0x12a/0x240 [ 654.101224][T15617] ? __pfx_ksys_read+0x10/0x10 [ 654.101252][T15617] ? rcu_is_watching+0x12/0xc0 [ 654.101302][T15617] do_syscall_64+0xcd/0x230 [ 654.101347][T15617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.101376][T15617] RIP: 0033:0x7fd7d1b8e969 [ 654.101399][T15617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.101446][T15617] RSP: 002b:00007fd7d291a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 654.101474][T15617] RAX: ffffffffffffffda RBX: 00007fd7d1db5fa0 RCX: 00007fd7d1b8e969 [ 654.101495][T15617] RDX: 000000000000006e RSI: 0000200000000480 RDI: 0000000000000003 [ 654.101516][T15617] RBP: 00007fd7d291a090 R08: 0000000000000000 R09: 0000000000000000 [ 654.101536][T15617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.101554][T15617] R13: 0000000000000000 R14: 00007fd7d1db5fa0 R15: 00007ffd2f24fb28 [ 654.101594][T15617] [ 654.730104][T15627] FAULT_INJECTION: forcing a failure. [ 654.730104][T15627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 654.743984][T15627] CPU: 1 UID: 0 PID: 15627 Comm: syz.3.2221 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 654.744036][T15627] Tainted: [U]=USER [ 654.744048][T15627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.744068][T15627] Call Trace: [ 654.744079][T15627] [ 654.744092][T15627] dump_stack_lvl+0x16c/0x1f0 [ 654.744144][T15627] should_fail_ex+0x512/0x640 [ 654.744199][T15627] should_fail_alloc_page+0xe7/0x130 [ 654.744233][T15627] prepare_alloc_pages+0x3c2/0x610 [ 654.744270][T15627] ? rcu_is_watching+0x12/0xc0 [ 654.744296][T15627] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 654.744340][T15627] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 654.744369][T15627] ? do_raw_spin_lock+0x12c/0x2b0 [ 654.744407][T15627] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 654.744443][T15627] ? find_held_lock+0x2b/0x80 [ 654.744475][T15627] ? __lock_acquire+0xaa4/0x1ba0 [ 654.744519][T15627] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 654.744553][T15627] ? policy_nodemask+0xea/0x4e0 [ 654.744585][T15627] alloc_pages_mpol+0x1fb/0x550 [ 654.744615][T15627] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 654.744653][T15627] folio_alloc_mpol_noprof+0x36/0x2f0 [ 654.744688][T15627] shmem_alloc_folio+0x135/0x160 [ 654.744713][T15627] shmem_alloc_and_add_folio+0x499/0xc20 [ 654.744748][T15627] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 654.744780][T15627] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 654.744821][T15627] shmem_get_folio_gfp+0x687/0x1530 [ 654.744856][T15627] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 654.744907][T15627] ? filemap_map_pages+0xf6c/0x1680 [ 654.744940][T15627] shmem_fault+0x1fe/0xa30 [ 654.744970][T15627] ? __pfx_shmem_fault+0x10/0x10 [ 654.745003][T15627] ? __pfx_filemap_map_pages+0x10/0x10 [ 654.745043][T15627] __do_fault+0x10d/0x490 [ 654.745077][T15627] do_pte_missing+0x1031/0x3fb0 [ 654.745105][T15627] ? __handle_mm_fault+0x1010/0x2a40 [ 654.745134][T15627] __handle_mm_fault+0x103d/0x2a40 [ 654.745168][T15627] ? __pfx___handle_mm_fault+0x10/0x10 [ 654.745211][T15627] ? find_vma+0xbf/0x140 [ 654.745243][T15627] ? __pfx_find_vma+0x10/0x10 [ 654.745280][T15627] handle_mm_fault+0x3fe/0xad0 [ 654.745311][T15627] do_user_addr_fault+0x7a6/0x1370 [ 654.745339][T15627] ? rcu_is_watching+0x12/0xc0 [ 654.745364][T15627] exc_page_fault+0x5c/0xc0 [ 654.745398][T15627] asm_exc_page_fault+0x26/0x30 [ 654.745425][T15627] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 654.745453][T15627] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 654.745476][T15627] RSP: 0018:ffffc900001f7b28 EFLAGS: 00050206 [ 654.745495][T15627] RAX: 0000000000000001 RBX: 000000000000fdef RCX: 0000000000005def [ 654.745510][T15627] RDX: ffffed1008ea9fbe RSI: 000000000000a000 RDI: ffff88804754a000 [ 654.745525][T15627] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1008ea9fbd [ 654.745540][T15627] R10: ffff88804754fdee R11: 0000000000000000 R12: 0000000000000000 [ 654.745555][T15627] R13: ffffc900001f7da0 R14: 000000000000fdef R15: ffff888047540000 [ 654.745587][T15627] _copy_from_iter+0x391/0x15b0 [ 654.745630][T15627] ? rcu_is_watching+0x12/0xc0 [ 654.745652][T15627] ? __pfx__copy_from_iter+0x10/0x10 [ 654.745688][T15627] ? rcu_is_watching+0x12/0xc0 [ 654.745710][T15627] ? trace_kmalloc+0x2b/0xd0 [ 654.745741][T15627] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 654.745773][T15627] ? sysctl_head_grab+0x51/0x70 [ 654.745797][T15627] ? proc_sys_call_handler+0x2a6/0x5c0 [ 654.745847][T15627] proc_sys_call_handler+0x317/0x5c0 [ 654.745876][T15627] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 654.745916][T15627] vfs_write+0x5bd/0x1180 [ 654.745940][T15627] ? __pfx_proc_sys_write+0x10/0x10 [ 654.745967][T15627] ? __pfx___mutex_lock+0x10/0x10 [ 654.746003][T15627] ? __pfx_vfs_write+0x10/0x10 [ 654.746047][T15627] ksys_write+0x12a/0x240 [ 654.746073][T15627] ? __pfx_ksys_write+0x10/0x10 [ 654.746095][T15627] ? rcu_is_watching+0x12/0xc0 [ 654.746126][T15627] do_syscall_64+0xcd/0x230 [ 654.746164][T15627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.746187][T15627] RIP: 0033:0x7ff501d8e969 [ 654.746205][T15627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.746227][T15627] RSP: 002b:00007ff502b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 654.746248][T15627] RAX: ffffffffffffffda RBX: 00007ff501fb5fa0 RCX: 00007ff501d8e969 [ 654.746264][T15627] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 654.746278][T15627] RBP: 00007ff502b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 654.746292][T15627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 654.746307][T15627] R13: 0000000000000000 R14: 00007ff501fb5fa0 R15: 00007ffe11a20098 [ 654.746350][T15627] [ 655.668375][T15635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2224'. [ 655.677485][T15635] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 655.710880][T15631] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 656.467670][T15647] input: f as /devices/virtual/input/input95 [ 656.956770][T15661] ubi: mtd0 is already attached to ubi0 [ 657.338701][T15668] ubi: mtd0 is already attached to ubi0 syzkaller syzkaller login: [ 659.223115][T15690] input: f as /devices/virtual/input/input96 [ 660.145222][T15706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2245'. [ 660.186775][T15706] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 660.408884][T15699] Process accounting paused [ 660.535422][T15712] FAULT_INJECTION: forcing a failure. [ 660.535422][T15712] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 660.554083][T15712] CPU: 0 UID: 0 PID: 15712 Comm: syz.3.2248 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 660.554134][T15712] Tainted: [U]=USER [ 660.554145][T15712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 660.554165][T15712] Call Trace: [ 660.554176][T15712] [ 660.554189][T15712] dump_stack_lvl+0x16c/0x1f0 [ 660.554240][T15712] should_fail_ex+0x512/0x640 [ 660.554294][T15712] should_fail_alloc_page+0xe7/0x130 [ 660.554346][T15712] prepare_alloc_pages+0x3c2/0x610 [ 660.554404][T15712] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 660.554443][T15712] ? find_held_lock+0x2b/0x80 [ 660.554483][T15712] ? __lock_acquire+0xaa4/0x1ba0 [ 660.554532][T15712] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 660.554588][T15712] ? __pfx___might_resched+0x10/0x10 [ 660.554631][T15712] ? find_held_lock+0x2b/0x80 [ 660.554664][T15712] ? process_measurement+0x4a6/0x23e0 [ 660.554713][T15712] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 660.554759][T15712] ? policy_nodemask+0xea/0x4e0 [ 660.554804][T15712] alloc_pages_mpol+0x1fb/0x550 [ 660.554847][T15712] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 660.554908][T15712] alloc_pages_noprof+0x131/0x390 [ 660.554949][T15712] __pmd_alloc+0x3f/0x870 [ 660.554992][T15712] ? find_held_lock+0x2b/0x80 [ 660.555025][T15712] __handle_mm_fault+0x948/0x2a40 [ 660.555067][T15712] ? __pfx___handle_mm_fault+0x10/0x10 [ 660.555123][T15712] ? find_vma+0xbf/0x140 [ 660.555164][T15712] ? __pfx_find_vma+0x10/0x10 [ 660.555212][T15712] handle_mm_fault+0x3fe/0xad0 [ 660.555251][T15712] do_user_addr_fault+0x7a6/0x1370 [ 660.555287][T15712] ? rcu_is_watching+0x12/0xc0 [ 660.555320][T15712] exc_page_fault+0x5c/0xc0 [ 660.555371][T15712] asm_exc_page_fault+0x26/0x30 [ 660.555400][T15712] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 660.555436][T15712] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 [ 660.555484][T15712] RSP: 0018:ffffc900051e7b98 EFLAGS: 00050202 [ 660.555528][T15712] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 660.555549][T15712] RDX: fffff52000a3cf98 RSI: 0000000000000000 RDI: ffffc900051e7cc0 [ 660.555570][T15712] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000a3cf98 [ 660.555591][T15712] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 660.555611][T15712] R13: ffffc900051e7cc0 R14: ffffc900051e7cc0 R15: 0000000000000000 [ 660.555658][T15712] _copy_from_user+0x98/0xd0 [ 660.555713][T15712] copy_from_sockptr_offset.constprop.0+0x136/0x170 [ 660.555754][T15712] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 660.555807][T15712] mptcp_setsockopt+0xe64/0x30e0 [ 660.555851][T15712] ? __pfx_mptcp_setsockopt+0x10/0x10 [ 660.555887][T15712] ? __lock_acquire+0x5ca/0x1ba0 [ 660.555929][T15712] ? __pfx_aa_sk_perm+0x10/0x10 [ 660.555970][T15712] ? find_held_lock+0x2b/0x80 [ 660.556007][T15712] ? sock_common_setsockopt+0x2e/0xf0 [ 660.556057][T15712] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 660.556107][T15712] do_sock_setsockopt+0x221/0x470 [ 660.556155][T15712] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 660.556227][T15712] __sys_setsockopt+0x120/0x1a0 [ 660.556272][T15712] __x64_sys_setsockopt+0xbd/0x160 [ 660.556307][T15712] ? do_syscall_64+0x91/0x230 [ 660.556363][T15712] ? lockdep_hardirqs_on+0x7c/0x110 [ 660.556410][T15712] do_syscall_64+0xcd/0x230 [ 660.556463][T15712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.556497][T15712] RIP: 0033:0x7ff501d8e969 [ 660.556521][T15712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.556553][T15712] RSP: 002b:00007ff4ffbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 660.556583][T15712] RAX: ffffffffffffffda RBX: 00007ff501fb6080 RCX: 00007ff501d8e969 [ 660.556604][T15712] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 0000000000000003 [ 660.556623][T15712] RBP: 00007ff4ffbf6090 R08: 000000000000eb66 R09: 0000000000000000 [ 660.556643][T15712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 660.556674][T15712] R13: 0000000000000001 R14: 00007ff501fb6080 R15: 00007ffe11a20098 [ 660.556727][T15712] syzkaller syzkaller login: [ 661.710974][T15731] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input97 [ 662.031141][T15735] FAULT_INJECTION: forcing a failure. [ 662.031141][T15735] name failslab, interval 1, probability 0, space 0, times 0 [ 662.054302][T15735] CPU: 1 UID: 0 PID: 15735 Comm: syz.0.2255 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 662.054351][T15735] Tainted: [U]=USER [ 662.054363][T15735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 662.054382][T15735] Call Trace: [ 662.054405][T15735] [ 662.054416][T15735] dump_stack_lvl+0x16c/0x1f0 [ 662.054482][T15735] should_fail_ex+0x512/0x640 [ 662.054528][T15735] ? fs_reclaim_acquire+0xae/0x150 [ 662.054581][T15735] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 662.054627][T15735] should_failslab+0xc2/0x120 [ 662.054668][T15735] __kmalloc_noprof+0xd2/0x510 [ 662.054715][T15735] tomoyo_realpath_from_path+0xc2/0x6e0 [ 662.054767][T15735] ? tomoyo_profile+0x47/0x60 [ 662.054800][T15735] tomoyo_path_number_perm+0x245/0x580 [ 662.054839][T15735] ? tomoyo_path_number_perm+0x237/0x580 [ 662.054882][T15735] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 662.054926][T15735] ? find_held_lock+0x2b/0x80 [ 662.054995][T15735] ? find_held_lock+0x2b/0x80 [ 662.055026][T15735] ? hook_file_ioctl_common+0x145/0x410 [ 662.055074][T15735] ? __fget_files+0x20e/0x3c0 [ 662.055111][T15735] security_file_ioctl+0x9b/0x240 [ 662.055155][T15735] __x64_sys_ioctl+0xb7/0x200 [ 662.055213][T15735] do_syscall_64+0xcd/0x230 [ 662.055264][T15735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.055296][T15735] RIP: 0033:0x7f1510b8e969 [ 662.055321][T15735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.055354][T15735] RSP: 002b:00007f15119fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 662.055384][T15735] RAX: ffffffffffffffda RBX: 00007f1510db5fa0 RCX: 00007f1510b8e969 [ 662.055405][T15735] RDX: 0000200000001a40 RSI: 00000000c018620c RDI: 0000000000000004 [ 662.055425][T15735] RBP: 00007f15119fe090 R08: 0000000000000000 R09: 0000000000000000 [ 662.055445][T15735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 662.055464][T15735] R13: 0000000000000000 R14: 00007f1510db5fa0 R15: 00007fff7c96d978 [ 662.055529][T15735] [ 662.055542][T15735] ERROR: Out of memory at tomoyo_realpath_from_path. [ 662.781299][T15742] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2257'. [ 662.795871][T15742] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 662.993816][T15744] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2258'. [ 663.011728][T15744] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 663.160059][T15750] Setting dangerous option i915.mitigations - tainting kernel [ 663.424650][T15755] ubi: mtd0 is already attached to ubi0 [ 664.001989][T15768] FAULT_INJECTION: forcing a failure. [ 664.001989][T15768] name failslab, interval 1, probability 0, space 0, times 0 [ 664.069478][T15768] CPU: 1 UID: 0 PID: 15768 Comm: syz.1.2264 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 664.069532][T15768] Tainted: [U]=USER [ 664.069544][T15768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 664.069563][T15768] Call Trace: [ 664.069574][T15768] [ 664.069586][T15768] dump_stack_lvl+0x16c/0x1f0 [ 664.069639][T15768] should_fail_ex+0x512/0x640 [ 664.069685][T15768] ? __kvmalloc_node_noprof+0x122/0x600 [ 664.069724][T15768] should_failslab+0xc2/0x120 [ 664.069776][T15768] __kvmalloc_node_noprof+0x135/0x600 [ 664.069809][T15768] ? resize_runtime_buffer+0x228/0x4f0 [ 664.069862][T15768] ? resize_runtime_buffer+0x228/0x4f0 [ 664.069903][T15768] ? lockdep_hardirqs_on+0x7c/0x110 [ 664.069944][T15768] resize_runtime_buffer+0x228/0x4f0 [ 664.069998][T15768] snd_rawmidi_input_params+0x1ff/0x2c0 [ 664.070034][T15768] snd_rawmidi_ioctl+0x470/0x950 [ 664.070066][T15768] ? __pfx_snd_rawmidi_ioctl+0x10/0x10 [ 664.070112][T15768] ? __pfx_snd_rawmidi_ioctl+0x10/0x10 [ 664.070151][T15768] __x64_sys_ioctl+0x193/0x200 [ 664.070197][T15768] do_syscall_64+0xcd/0x230 [ 664.070245][T15768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.070276][T15768] RIP: 0033:0x7f71ed98e969 [ 664.070299][T15768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.070335][T15768] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 664.070363][T15768] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 664.070383][T15768] RDX: 0000200000000080 RSI: 00000000c0305710 RDI: 0000000000000003 [ 664.070402][T15768] RBP: 00007f71ee79c090 R08: 0000000000000000 R09: 0000000000000000 [ 664.070422][T15768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 664.070440][T15768] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 664.070480][T15768] [ 664.617123][T15777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2267'. [ 664.637372][T15777] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 665.030631][T15782] svc: failed to register nfsdv3 RPC service (errno 111). [ 665.081077][T15782] svc: failed to register nfsaclv3 RPC service (errno 111). [ 665.091003][T15790] input: f as /devices/virtual/input/input98 [ 665.649056][T15803] FAULT_INJECTION: forcing a failure. [ 665.649056][T15803] name failslab, interval 1, probability 0, space 0, times 0 [ 665.671521][T15803] CPU: 0 UID: 0 PID: 15803 Comm: syz.0.2274 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 665.671573][T15803] Tainted: [U]=USER [ 665.671584][T15803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 665.671601][T15803] Call Trace: [ 665.671611][T15803] [ 665.671622][T15803] dump_stack_lvl+0x16c/0x1f0 [ 665.671672][T15803] should_fail_ex+0x512/0x640 [ 665.671718][T15803] ? __kmalloc_noprof+0xbf/0x510 [ 665.671754][T15803] ? __register_sysctl_table+0xea2/0x1900 [ 665.671790][T15803] should_failslab+0xc2/0x120 [ 665.671830][T15803] __kmalloc_noprof+0xd2/0x510 [ 665.671863][T15803] ? __register_sysctl_table+0xe8e/0x1900 [ 665.671908][T15803] __register_sysctl_table+0xea2/0x1900 [ 665.671955][T15803] ? __pfx___register_sysctl_table+0x10/0x10 [ 665.671991][T15803] ? is_module_address+0x69/0xf0 [ 665.672033][T15803] ? register_net_sysctl_sz+0x228/0x3e0 [ 665.672086][T15803] ? __asan_memcpy+0x3c/0x60 [ 665.672119][T15803] lowpan_frags_init_net+0x254/0x3a0 [ 665.672196][T15803] ? __pfx_lowpan_frags_init_net+0x10/0x10 [ 665.672252][T15803] ops_init+0x1df/0x5f0 [ 665.672298][T15803] setup_net+0x21e/0x850 [ 665.672346][T15803] ? __pfx_setup_net+0x10/0x10 [ 665.672387][T15803] ? lockdep_init_map_type+0x5c/0x280 [ 665.672434][T15803] ? __pfx_down_read_killable+0x10/0x10 [ 665.672471][T15803] ? debug_mutex_init+0x37/0x70 [ 665.672509][T15803] copy_net_ns+0x2a6/0x5f0 [ 665.672560][T15803] create_new_namespaces+0x3ea/0xad0 [ 665.672607][T15803] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 665.672650][T15803] ksys_unshare+0x45b/0xa40 [ 665.672697][T15803] ? __pfx_ksys_unshare+0x10/0x10 [ 665.672739][T15803] ? xfd_validate_state+0x5d/0x180 [ 665.672773][T15803] ? rcu_is_watching+0x12/0xc0 [ 665.672813][T15803] __x64_sys_unshare+0x31/0x40 [ 665.672860][T15803] do_syscall_64+0xcd/0x230 [ 665.672936][T15803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.672989][T15803] RIP: 0033:0x7f1510b8e969 [ 665.673017][T15803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.673049][T15803] RSP: 002b:00007f15119fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 665.673081][T15803] RAX: ffffffffffffffda RBX: 00007f1510db5fa0 RCX: 00007f1510b8e969 [ 665.673103][T15803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 665.673125][T15803] RBP: 00007f1510c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 665.673145][T15803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 665.673167][T15803] R13: 0000000000000000 R14: 00007f1510db5fa0 R15: 00007fff7c96d978 [ 665.673220][T15803] [ 665.952360][T15803] sysctl could not get directory: /net/ieee802154 -12 syzkaller syzkaller login: [ 666.971384][T15831] nvme_fcloop: unknown parameter or missing value '^/]' [ 667.089578][T15833] Setting dangerous option i915.mitigations - tainting kernel [ 667.833236][T15844] ubi: mtd0 is already attached to ubi0 [ 668.420160][T15854] ubi: mtd0 is already attached to ubi0 [ 668.751516][T15856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2284'. [ 668.801953][T15856] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 669.039747][T15860] Setting dangerous option i915.mitigations - tainting kernel [ 669.523020][T15870] input: f as /devices/virtual/input/input99 [ 669.690110][T15873] input: f as /devices/virtual/input/input100 [ 669.996844][T15880] netlink: 246 bytes leftover after parsing attributes in process `syz.3.2292'. [ 670.281776][T15865] Process accounting paused [ 670.500415][T15886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2294'. [ 670.533226][T15886] openvswitch: netlink: Geneve option length err (len 256, max 255). syzkaller syzkaller login: [ 670.868096][T15895] netlink: 'syz.0.2297': attribute type 1 has an invalid length. [ 671.020607][T15901] input: f as /devices/virtual/input/input101 syzkaller syzkaller login: [ 672.537805][T15938] FAULT_INJECTION: forcing a failure. [ 672.537805][T15938] name failslab, interval 1, probability 0, space 0, times 0 [ 672.571589][T15938] CPU: 1 UID: 0 PID: 15938 Comm: syz.1.2307 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 672.571644][T15938] Tainted: [U]=USER [ 672.571655][T15938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 672.571676][T15938] Call Trace: [ 672.571689][T15938] [ 672.571703][T15938] dump_stack_lvl+0x16c/0x1f0 [ 672.571760][T15938] should_fail_ex+0x512/0x640 [ 672.571810][T15938] ? __kmalloc_noprof+0xbf/0x510 [ 672.571852][T15938] ? __register_sysctl_table+0xb3/0x1900 [ 672.571890][T15938] should_failslab+0xc2/0x120 [ 672.571931][T15938] __kmalloc_noprof+0xd2/0x510 [ 672.571978][T15938] __register_sysctl_table+0xb3/0x1900 [ 672.572016][T15938] ? is_module_address+0x5f/0xf0 [ 672.572069][T15938] ? __pfx___register_sysctl_table+0x10/0x10 [ 672.572107][T15938] ? is_module_address+0x69/0xf0 [ 672.572149][T15938] ? register_net_sysctl_sz+0x228/0x3e0 [ 672.572207][T15938] ? __asan_memcpy+0x3c/0x60 [ 672.572239][T15938] ? __pfx_mpls_net_init+0x10/0x10 [ 672.572286][T15938] mpls_net_init+0x180/0x230 [ 672.572335][T15938] ops_init+0x1df/0x5f0 [ 672.572414][T15938] setup_net+0x21e/0x850 [ 672.572482][T15938] ? __pfx_setup_net+0x10/0x10 [ 672.572524][T15938] ? lockdep_init_map_type+0x5c/0x280 [ 672.572572][T15938] ? __pfx_down_read_killable+0x10/0x10 [ 672.572611][T15938] ? debug_mutex_init+0x37/0x70 [ 672.572651][T15938] copy_net_ns+0x2a6/0x5f0 [ 672.572704][T15938] create_new_namespaces+0x3ea/0xad0 [ 672.572753][T15938] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 672.572796][T15938] ksys_unshare+0x45b/0xa40 [ 672.572844][T15938] ? __pfx_ksys_unshare+0x10/0x10 [ 672.572890][T15938] ? xfd_validate_state+0x5d/0x180 [ 672.572925][T15938] ? rcu_is_watching+0x12/0xc0 [ 672.572969][T15938] __x64_sys_unshare+0x31/0x40 [ 672.573016][T15938] do_syscall_64+0xcd/0x230 [ 672.573072][T15938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.573106][T15938] RIP: 0033:0x7f71ed98e969 [ 672.573134][T15938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.573168][T15938] RSP: 002b:00007f71ee79c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 672.573200][T15938] RAX: ffffffffffffffda RBX: 00007f71edbb5fa0 RCX: 00007f71ed98e969 [ 672.573223][T15938] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 672.573246][T15938] RBP: 00007f71eda10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 672.573268][T15938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.573290][T15938] R13: 0000000000000000 R14: 00007f71edbb5fa0 R15: 00007ffc685746a8 [ 672.573335][T15938] [ 673.182390][T15949] FAULT_INJECTION: forcing a failure. [ 673.182390][T15949] name failslab, interval 1, probability 0, space 0, times 0 [ 673.224724][T15949] CPU: 1 UID: 0 PID: 15949 Comm: syz.2.2309 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 673.224778][T15949] Tainted: [U]=USER [ 673.224791][T15949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 673.224810][T15949] Call Trace: [ 673.224821][T15949] [ 673.224833][T15949] dump_stack_lvl+0x16c/0x1f0 [ 673.224885][T15949] should_fail_ex+0x512/0x640 [ 673.224931][T15949] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 673.224968][T15949] should_failslab+0xc2/0x120 [ 673.225010][T15949] __kmalloc_cache_noprof+0x6a/0x3e0 [ 673.225041][T15949] ? ring_buffer_read_prepare+0x101/0x320 [ 673.225076][T15949] ? lockdep_init_map_type+0x5c/0x280 [ 673.225121][T15949] ring_buffer_read_prepare+0x101/0x320 [ 673.225158][T15949] tracing_open+0x925/0xf90 [ 673.225197][T15949] do_dentry_open+0x741/0x1c10 [ 673.225232][T15949] ? __pfx_tracing_open+0x10/0x10 [ 673.225269][T15949] vfs_open+0x82/0x3f0 [ 673.225315][T15949] path_openat+0x1e5e/0x2d40 [ 673.225368][T15949] ? __pfx_path_openat+0x10/0x10 [ 673.225411][T15949] do_filp_open+0x20b/0x470 [ 673.225449][T15949] ? __pfx_do_filp_open+0x10/0x10 [ 673.225549][T15949] ? alloc_fd+0x471/0x7d0 [ 673.225594][T15949] do_sys_openat2+0x11b/0x1d0 [ 673.225642][T15949] ? __pfx_do_sys_openat2+0x10/0x10 [ 673.225691][T15949] ? find_held_lock+0x2b/0x80 [ 673.225737][T15949] __x64_sys_openat+0x174/0x210 [ 673.225786][T15949] ? __pfx___x64_sys_openat+0x10/0x10 [ 673.225837][T15949] ? rcu_is_watching+0x12/0xc0 [ 673.225881][T15949] do_syscall_64+0xcd/0x230 [ 673.225938][T15949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.225973][T15949] RIP: 0033:0x7fd7d1b8e969 [ 673.226001][T15949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.226036][T15949] RSP: 002b:00007fd7d291a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 673.226069][T15949] RAX: ffffffffffffffda RBX: 00007fd7d1db5fa0 RCX: 00007fd7d1b8e969 [ 673.226093][T15949] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 673.226115][T15949] RBP: 00007fd7d1c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 673.226138][T15949] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000000 [ 673.226159][T15949] R13: 0000000000000000 R14: 00007fd7d1db5fa0 R15: 00007ffd2f24fb28 [ 673.226204][T15949] [ 673.255177][T15952] rnbd_client L213: map_device: Parameters missing [ 673.551414][T15955] FAULT_INJECTION: forcing a failure. [ 673.551414][T15955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.582022][T15955] CPU: 0 UID: 0 PID: 15955 Comm: syz.2.2311 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 673.582068][T15955] Tainted: [U]=USER [ 673.582078][T15955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 673.582095][T15955] Call Trace: [ 673.582104][T15955] [ 673.582115][T15955] dump_stack_lvl+0x16c/0x1f0 [ 673.582163][T15955] should_fail_ex+0x512/0x640 [ 673.582209][T15955] _copy_from_user+0x2e/0xd0 [ 673.582254][T15955] move_addr_to_kernel+0x65/0x170 [ 673.582300][T15955] __copy_msghdr+0x386/0x470 [ 673.582334][T15955] copy_msghdr_from_user+0xc1/0x160 [ 673.582367][T15955] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 673.582408][T15955] ? __pfx__kstrtoull+0x10/0x10 [ 673.582450][T15955] ___sys_sendmsg+0xfe/0x1d0 [ 673.582485][T15955] ? __pfx____sys_sendmsg+0x10/0x10 [ 673.582545][T15955] ? find_held_lock+0x2b/0x80 [ 673.582597][T15955] __sys_sendmmsg+0x200/0x420 [ 673.582635][T15955] ? __pfx___sys_sendmmsg+0x10/0x10 [ 673.582682][T15955] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 673.582741][T15955] ? fput+0x70/0xf0 [ 673.582775][T15955] ? ksys_write+0x1b9/0x240 [ 673.582803][T15955] ? __pfx_ksys_write+0x10/0x10 [ 673.582829][T15955] ? rcu_is_watching+0x12/0xc0 [ 673.582861][T15955] __x64_sys_sendmmsg+0x9c/0x100 [ 673.582895][T15955] ? lockdep_hardirqs_on+0x7c/0x110 [ 673.582935][T15955] do_syscall_64+0xcd/0x230 [ 673.582981][T15955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.583009][T15955] RIP: 0033:0x7fd7d1b8e969 [ 673.583031][T15955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.583058][T15955] RSP: 002b:00007fd7d291a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 673.583085][T15955] RAX: ffffffffffffffda RBX: 00007fd7d1db5fa0 RCX: 00007fd7d1b8e969 [ 673.583103][T15955] RDX: 0000000000000002 RSI: 00002000000001c0 RDI: 0000000000000003 [ 673.583121][T15955] RBP: 00007fd7d291a090 R08: 0000000000000000 R09: 0000000000000000 [ 673.583138][T15955] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 673.583156][T15955] R13: 0000000000000000 R14: 00007fd7d1db5fa0 R15: 00007ffd2f24fb28 [ 673.583191][T15955] [ 673.991408][T15963] input: f as /devices/virtual/input/input102 [ 674.471436][T15980] netlink: 246 bytes leftover after parsing attributes in process `syz.1.2316'. [ 674.811916][T15988] Setting dangerous option i915.mitigations - tainting kernel [ 675.187421][T15991] openvswitch: netlink: Geneve option length err (len 256, max 255). syzkaller syzkaller login: [ 675.498785][T16003] FAULT_INJECTION: forcing a failure. [ 675.498785][T16003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.532632][T16003] CPU: 0 UID: 0 PID: 16003 Comm: syz.2.2322 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 675.532686][T16003] Tainted: [U]=USER [ 675.532698][T16003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 675.532717][T16003] Call Trace: [ 675.532728][T16003] [ 675.532740][T16003] dump_stack_lvl+0x16c/0x1f0 [ 675.532793][T16003] should_fail_ex+0x512/0x640 [ 675.532845][T16003] _copy_from_user+0x2e/0xd0 [ 675.532895][T16003] copy_msghdr_from_user+0x98/0x160 [ 675.532935][T16003] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 675.532982][T16003] ? __pfx__kstrtoull+0x10/0x10 [ 675.533030][T16003] ___sys_sendmsg+0xfe/0x1d0 [ 675.533070][T16003] ? __pfx____sys_sendmsg+0x10/0x10 [ 675.533128][T16003] ? find_held_lock+0x2b/0x80 [ 675.533187][T16003] __sys_sendmmsg+0x200/0x420 [ 675.533233][T16003] ? __pfx___sys_sendmmsg+0x10/0x10 [ 675.533285][T16003] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 675.533352][T16003] ? fput+0x70/0xf0 [ 675.533416][T16003] ? ksys_write+0x1b9/0x240 [ 675.533443][T16003] ? __pfx_ksys_write+0x10/0x10 [ 675.533468][T16003] ? rcu_is_watching+0x12/0xc0 [ 675.533502][T16003] __x64_sys_sendmmsg+0x9c/0x100 [ 675.533537][T16003] ? lockdep_hardirqs_on+0x7c/0x110 [ 675.533577][T16003] do_syscall_64+0xcd/0x230 [ 675.533622][T16003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.533651][T16003] RIP: 0033:0x7fd7d1b8e969 [ 675.533690][T16003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.533719][T16003] RSP: 002b:00007fd7d291a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 675.533747][T16003] RAX: ffffffffffffffda RBX: 00007fd7d1db5fa0 RCX: 00007fd7d1b8e969 [ 675.533767][T16003] RDX: 000000000000ee8c RSI: 0000000000000000 RDI: 0000000000000003 [ 675.533785][T16003] RBP: 00007fd7d291a090 R08: 0000000000000000 R09: 0000000000000000 [ 675.533804][T16003] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 675.533823][T16003] R13: 0000000000000000 R14: 00007fd7d1db5fa0 R15: 00007ffd2f24fb28 [ 675.533862][T16003] [ 676.799611][ T6604] bridge0: port 3(syz_tun) entered disabled state [ 676.834386][ T6604] syz_tun (unregistering): left allmulticast mode [ 676.840879][ T6604] syz_tun (unregistering): left promiscuous mode [ 676.890989][ T6604] bridge0: port 3(syz_tun) entered disabled state [ 677.201446][ T6855] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.296223][T16019] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input103 [ 677.581486][ T6855] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.806140][ T6855] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.978541][ T6855] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.257357][ T6855] bridge_slave_1: left allmulticast mode [ 678.312495][ T6855] bridge_slave_1: left promiscuous mode [ 678.318360][ T6855] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.373778][ T6855] bridge_slave_0: left allmulticast mode [ 678.379546][ T6855] bridge_slave_0: left promiscuous mode [ 678.389978][ T6855] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.142175][T16046] zswap: compressor not available [ 679.319593][T16055] FAULT_INJECTION: forcing a failure. [ 679.319593][T16055] name failslab, interval 1, probability 0, space 0, times 0 [ 679.351920][T16055] CPU: 0 UID: 0 PID: 16055 Comm: syz.0.2337 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 679.351969][T16055] Tainted: [U]=USER [ 679.351978][T16055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 679.351995][T16055] Call Trace: [ 679.352006][T16055] [ 679.352017][T16055] dump_stack_lvl+0x16c/0x1f0 [ 679.352065][T16055] should_fail_ex+0x512/0x640 [ 679.352107][T16055] ? fs_reclaim_acquire+0xae/0x150 [ 679.352162][T16055] ? tomoyo_encode2+0x100/0x3e0 [ 679.352201][T16055] should_failslab+0xc2/0x120 [ 679.352237][T16055] __kmalloc_noprof+0xd2/0x510 [ 679.352280][T16055] tomoyo_encode2+0x100/0x3e0 [ 679.352327][T16055] tomoyo_encode+0x29/0x50 [ 679.352367][T16055] tomoyo_realpath_from_path+0x18f/0x6e0 [ 679.352414][T16055] ? tomoyo_profile+0x47/0x60 [ 679.352444][T16055] tomoyo_path_perm+0x274/0x460 [ 679.352478][T16055] ? tomoyo_path_perm+0x260/0x460 [ 679.352517][T16055] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 679.352594][T16055] ? __pfx_ima_file_check+0x10/0x10 [ 679.352638][T16055] ? hook_file_truncate+0xc7/0x250 [ 679.352682][T16055] security_file_truncate+0x84/0x1e0 [ 679.352726][T16055] path_openat+0xc85/0x2d40 [ 679.352770][T16055] ? __pfx_path_openat+0x10/0x10 [ 679.352810][T16055] do_filp_open+0x20b/0x470 [ 679.352840][T16055] ? __pfx_do_filp_open+0x10/0x10 [ 679.352900][T16055] ? alloc_fd+0x471/0x7d0 [ 679.352939][T16055] do_sys_openat2+0x11b/0x1d0 [ 679.352979][T16055] ? __pfx_do_sys_openat2+0x10/0x10 [ 679.353023][T16055] ? __fget_files+0x20e/0x3c0 [ 679.353057][T16055] __x64_sys_openat+0x174/0x210 [ 679.353098][T16055] ? __pfx___x64_sys_openat+0x10/0x10 [ 679.353144][T16055] ? ksys_write+0x1b9/0x240 [ 679.353174][T16055] ? rcu_is_watching+0x12/0xc0 [ 679.353213][T16055] do_syscall_64+0xcd/0x230 [ 679.353260][T16055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.353290][T16055] RIP: 0033:0x7f1510b8e969 [ 679.353313][T16055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 679.353343][T16055] RSP: 002b:00007f15119fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 679.353371][T16055] RAX: ffffffffffffffda RBX: 00007f1510db5fa0 RCX: 00007f1510b8e969 [ 679.353390][T16055] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 679.353409][T16055] RBP: 00007f15119fe090 R08: 0000000000000000 R09: 0000000000000000 [ 679.353427][T16055] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 679.353445][T16055] R13: 0000000000000000 R14: 00007f1510db5fa0 R15: 00007fff7c96d978 [ 679.353484][T16055] [ 679.353515][T16055] ERROR: Out of memory at tomoyo_realpath_from_path. [ 679.501675][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 679.637618][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 679.646590][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 679.656266][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 679.665149][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 679.926432][ T6855] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 679.938935][ T6855] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 679.949418][ T6855] bond0 (unregistering): Released all slaves [ 680.586293][T16071] ubi: mtd0 is already attached to ubi0 [ 681.201312][T16056] chnl_net:caif_netlink_parms(): no params data found [ 681.687378][ T5839] Bluetooth: hci2: command tx timeout [ 681.859658][ T6855] hsr_slave_0: left promiscuous mode [ 681.876058][ T6855] hsr_slave_1: left promiscuous mode [ 681.888271][ T6855] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 681.910573][ T6855] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 681.957722][ T6855] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 682.014173][ T6855] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.162151][ T6855] veth1_macvtap: left promiscuous mode [ 682.200555][ T6855] veth0_macvtap: left promiscuous mode [ 682.236205][ T6855] veth1_vlan: left promiscuous mode [ 682.273667][ T6855] veth0_vlan: left promiscuous mode [ 683.762153][ T5839] Bluetooth: hci2: command tx timeout [ 683.799208][ T6855] team0 (unregistering): Port device team_slave_1 removed [ 683.860686][ T6855] team0 (unregistering): Port device team_slave_0 removed [ 685.198241][T16056] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.220954][T16056] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.228882][T16056] bridge_slave_0: entered allmulticast mode [ 685.248552][T16056] bridge_slave_0: entered promiscuous mode [ 685.321425][T16056] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.329872][T16056] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.340933][T16056] bridge_slave_1: entered allmulticast mode [ 685.351760][T16056] bridge_slave_1: entered promiscuous mode [ 685.461132][T16056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 685.512977][T16056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.645442][T16056] team0: Port device team_slave_0 added [ 685.667340][T16056] team0: Port device team_slave_1 added [ 685.836843][T16056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 685.844372][ T5839] Bluetooth: hci2: command tx timeout [ 685.862181][T16056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 685.921586][T16056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 685.946905][T16056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 685.956624][T16056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 685.991602][T16056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 686.422508][T16056] hsr_slave_0: entered promiscuous mode [ 686.430493][T16056] hsr_slave_1: entered promiscuous mode [ 686.855441][ T6855] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.876219][T16134] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input105 [ 687.084524][ T6855] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.415877][ T6855] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.747877][T16159] input: f as /devices/virtual/input/input106 [ 687.925236][ T5839] Bluetooth: hci2: command tx timeout [ 688.151099][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 688.166479][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 688.191993][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 688.205952][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 688.214913][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 688.382704][ T6855] bridge_slave_1: left allmulticast mode [ 688.406184][ T6855] bridge_slave_1: left promiscuous mode [ 688.447016][ T6855] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.509225][ T6855] bridge_slave_0: left allmulticast mode [ 688.535327][ T6855] bridge_slave_0: left promiscuous mode [ 688.542359][ T6855] bridge0: port 1(bridge_slave_0) entered disabled state syzkaller syzkaller login: [ 689.497820][ T6855] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 689.510373][ T6855] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 689.526112][ T6855] bond0 (unregistering): Released all slaves [ 690.213184][T16056] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 690.242153][ T5840] Bluetooth: hci0: command tx timeout [ 690.254035][T16056] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 690.324510][T16056] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 690.338254][T16056] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 690.423842][ T6855] hsr_slave_0: left promiscuous mode [ 690.471709][ T6855] hsr_slave_1: left promiscuous mode [ 690.488555][ T6855] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 690.508438][ T6855] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 690.525177][ T6855] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 690.546013][ T6855] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 690.608156][ T6855] veth1_macvtap: left promiscuous mode [ 690.637994][ T6855] veth0_macvtap: left promiscuous mode [ 690.661889][ T6855] veth1_vlan: left promiscuous mode [ 690.667339][ T6855] veth0_vlan: left promiscuous mode [ 690.888107][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.894732][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.786370][ T6855] team0 (unregistering): Port device team_slave_1 removed [ 691.839950][ T6855] team0 (unregistering): Port device team_slave_0 removed [ 692.321703][ T5840] Bluetooth: hci0: command tx timeout [ 692.902082][T16168] chnl_net:caif_netlink_parms(): no params data found [ 693.049362][T16207] Process accounting resumed [ 693.133485][T16056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 693.228494][T16168] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.238884][T16168] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.246336][T16168] bridge_slave_0: entered allmulticast mode [ 693.254107][T16168] bridge_slave_0: entered promiscuous mode [ 693.284344][T16056] 8021q: adding VLAN 0 to HW filter on device team0 [ 693.291879][T16168] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.299044][T16168] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.321649][T16168] bridge_slave_1: entered allmulticast mode [ 693.329606][T16168] bridge_slave_1: entered promiscuous mode [ 693.407023][T16168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.434904][T16168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 693.460108][ T6855] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.467364][ T6855] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.549203][ T6284] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.556467][ T6284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.649501][T16168] team0: Port device team_slave_0 added [ 693.686129][T16168] team0: Port device team_slave_1 added [ 693.780100][T16168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 693.801569][T16168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 693.827587][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.858924][T16168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 693.876768][T16168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 693.883842][T16168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 693.909749][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.918998][T16168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 694.096758][T16168] hsr_slave_0: entered promiscuous mode [ 694.112821][T16168] hsr_slave_1: entered promiscuous mode [ 694.119299][T16168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 694.147231][T16168] Cannot create hsr debugfs directory [ 694.402862][ T5840] Bluetooth: hci0: command tx timeout [ 694.764674][T16056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 695.042583][T16056] veth0_vlan: entered promiscuous mode [ 695.087109][T16056] veth1_vlan: entered promiscuous mode [ 695.197494][T16056] veth0_macvtap: entered promiscuous mode [ 695.247413][T16056] veth1_macvtap: entered promiscuous mode [ 695.345840][T16056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.391773][T16056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.411578][T16056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.431597][T16056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.453369][T16056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.460726][T16168] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 695.485059][T16056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.495864][T16056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.514167][T16056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.527549][T16056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.541103][T16056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.551293][T16168] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 695.574541][T16168] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 695.591361][T16168] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 695.614628][T16056] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.623692][T16056] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.633741][T16056] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.643650][T16056] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.822390][ T6855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.830281][ T6855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.917553][ T6284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.955804][ T6284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.996083][T16168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.083639][T16168] 8021q: adding VLAN 0 to HW filter on device team0 [ 696.155593][ T6284] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.162872][ T6284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 696.271303][ T6284] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.278563][ T6284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 696.483107][ T5840] Bluetooth: hci0: command tx timeout [ 696.878563][T16289] FAULT_INJECTION: forcing a failure. [ 696.878563][T16289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 696.962707][T16289] CPU: 0 UID: 0 PID: 16289 Comm: syz.3.2369 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 696.962767][T16289] Tainted: [U]=USER [ 696.962778][T16289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 696.962798][T16289] Call Trace: [ 696.962810][T16289] [ 696.962822][T16289] dump_stack_lvl+0x16c/0x1f0 [ 696.962875][T16289] should_fail_ex+0x512/0x640 [ 696.962929][T16289] should_fail_alloc_page+0xe7/0x130 [ 696.962973][T16289] prepare_alloc_pages+0x3c2/0x610 [ 696.963032][T16289] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 696.963086][T16289] ? stack_trace_save+0x8e/0xc0 [ 696.963117][T16289] ? __pfx_stack_trace_save+0x10/0x10 [ 696.963150][T16289] ? stack_depot_save_flags+0x28/0xa50 [ 696.963198][T16289] ? __alloc_frozen_pages_noprof+0x298/0x23a0 [ 696.963241][T16289] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 696.963276][T16289] ? __kasan_slab_alloc+0x89/0x90 [ 696.963310][T16289] ? __pmd_alloc+0xc3/0x870 [ 696.963354][T16289] ? handle_mm_fault+0x3fe/0xad0 [ 696.963383][T16289] ? do_user_addr_fault+0x7a6/0x1370 [ 696.963412][T16289] ? exc_page_fault+0x5c/0xc0 [ 696.963469][T16289] ? asm_exc_page_fault+0x26/0x30 [ 696.963500][T16289] ? rep_movs_alternative+0xf/0x90 [ 696.963535][T16289] ? _copy_from_user+0x98/0xd0 [ 696.963582][T16289] ? copy_from_sockptr_offset.constprop.0+0x136/0x170 [ 696.963622][T16289] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.963666][T16289] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 696.963715][T16289] ? policy_nodemask+0xea/0x4e0 [ 696.963768][T16289] alloc_pages_mpol+0x1fb/0x550 [ 696.963808][T16289] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 696.963848][T16289] ? cgroup_rstat_updated+0x2a/0xb20 [ 696.963909][T16289] alloc_pages_noprof+0x131/0x390 [ 696.963952][T16289] pte_alloc_one+0x19/0x380 [ 696.963989][T16289] do_pte_missing+0x1c0b/0x3fb0 [ 696.964024][T16289] ? do_raw_spin_unlock+0x172/0x230 [ 696.964076][T16289] ? __pmd_alloc+0x3c2/0x870 [ 696.964121][T16289] ? find_held_lock+0x2b/0x80 [ 696.964156][T16289] __handle_mm_fault+0x103d/0x2a40 [ 696.964203][T16289] ? __pfx___handle_mm_fault+0x10/0x10 [ 696.964262][T16289] ? find_vma+0xbf/0x140 [ 696.964305][T16289] ? __pfx_find_vma+0x10/0x10 [ 696.964355][T16289] handle_mm_fault+0x3fe/0xad0 [ 696.964397][T16289] do_user_addr_fault+0x7a6/0x1370 [ 696.964435][T16289] ? rcu_is_watching+0x12/0xc0 [ 696.964470][T16289] exc_page_fault+0x5c/0xc0 [ 696.964517][T16289] asm_exc_page_fault+0x26/0x30 [ 696.964548][T16289] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 696.964585][T16289] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 [ 696.964617][T16289] RSP: 0018:ffffc90005017b98 EFLAGS: 00050202 [ 696.964643][T16289] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 696.964663][T16289] RDX: fffff52000a02f98 RSI: 0000000000000000 RDI: ffffc90005017cc0 [ 696.964684][T16289] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000a02f98 [ 696.964704][T16289] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 696.964729][T16289] R13: ffffc90005017cc0 R14: ffffc90005017cc0 R15: 0000000000000000 [ 696.964774][T16289] _copy_from_user+0x98/0xd0 [ 696.964826][T16289] copy_from_sockptr_offset.constprop.0+0x136/0x170 [ 696.964875][T16289] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 696.964924][T16289] mptcp_setsockopt+0xe64/0x30e0 [ 696.964962][T16289] ? __pfx_mptcp_setsockopt+0x10/0x10 [ 696.964995][T16289] ? __lock_acquire+0x5ca/0x1ba0 [ 696.965034][T16289] ? __pfx_aa_sk_perm+0x10/0x10 [ 696.965071][T16289] ? find_held_lock+0x2b/0x80 [ 696.965105][T16289] ? sock_common_setsockopt+0x2e/0xf0 [ 696.965151][T16289] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 696.965196][T16289] do_sock_setsockopt+0x221/0x470 [ 696.965237][T16289] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 696.965326][T16289] __sys_setsockopt+0x120/0x1a0 [ 696.965370][T16289] __x64_sys_setsockopt+0xbd/0x160 [ 696.965404][T16289] ? do_syscall_64+0x91/0x230 [ 696.965451][T16289] ? lockdep_hardirqs_on+0x7c/0x110 [ 696.965516][T16289] do_syscall_64+0xcd/0x230 [ 696.965569][T16289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.965602][T16289] RIP: 0033:0x7ff501d8e969 [ 696.965627][T16289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.965659][T16289] RSP: 002b:00007ff4ffbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 696.965689][T16289] RAX: ffffffffffffffda RBX: 00007ff501fb6080 RCX: 00007ff501d8e969 [ 696.965711][T16289] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 0000000000000003 [ 696.965737][T16289] RBP: 00007ff4ffbf6090 R08: 000000000000eb66 R09: 0000000000000000 [ 696.965758][T16289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 696.965777][T16289] R13: 0000000000000001 R14: 00007ff501fb6080 R15: 00007ffe11a20098 [ 696.965819][T16289] [ 697.604347][T16168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 697.695196][T16168] veth0_vlan: entered promiscuous mode [ 697.710923][T16168] veth1_vlan: entered promiscuous mode [ 697.748765][T16168] veth0_macvtap: entered promiscuous mode [ 697.760537][T16168] veth1_macvtap: entered promiscuous mode [ 697.824542][T16168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 697.835351][T16168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.846579][T16168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 697.857316][T16168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.867195][T16168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 697.883087][T16168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.894818][T16168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 697.906700][T16168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 697.917321][T16168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.927515][T16168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 697.938386][T16168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.948286][T16168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 697.958858][T16168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 697.970446][T16168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 698.054939][T16168] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.088554][T16168] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.128888][T16168] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.171985][T16168] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.514995][ T4761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 698.546896][ T4761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 698.559521][T16287] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input108 [ 698.717263][ T6284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 698.755156][ T6284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 699.556510][T16331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2374'. [ 700.185414][T16343] netlink: 'syz.1.2375': attribute type 11 has an invalid length. [ 700.220550][T16343] netlink: 'syz.1.2375': attribute type 11 has an invalid length. [ 700.267929][T16343] netlink: 'syz.1.2375': attribute type 11 has an invalid length. [ 700.728373][T16352] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 702.758082][T16381] FAULT_INJECTION: forcing a failure. [ 702.758082][T16381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 702.781608][T16381] CPU: 1 UID: 0 PID: 16381 Comm: syz.0.2386 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 702.781658][T16381] Tainted: [U]=USER [ 702.781669][T16381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 702.781688][T16381] Call Trace: [ 702.781698][T16381] [ 702.781711][T16381] dump_stack_lvl+0x16c/0x1f0 [ 702.781763][T16381] should_fail_ex+0x512/0x640 [ 702.781817][T16381] _copy_to_user+0x32/0xd0 [ 702.781871][T16381] simple_read_from_buffer+0xcb/0x170 [ 702.781925][T16381] proc_fail_nth_read+0x197/0x270 [ 702.781973][T16381] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 702.782020][T16381] ? rw_verify_area+0xcf/0x680 [ 702.782068][T16381] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 702.782116][T16381] vfs_read+0x1de/0xc70 [ 702.782153][T16381] ? __pfx___mutex_lock+0x10/0x10 [ 702.782199][T16381] ? __pfx_vfs_read+0x10/0x10 [ 702.782243][T16381] ? __fget_files+0x20e/0x3c0 [ 702.782292][T16381] ksys_read+0x12a/0x240 [ 702.782323][T16381] ? __pfx_ksys_read+0x10/0x10 [ 702.782352][T16381] ? rcu_is_watching+0x12/0xc0 [ 702.782396][T16381] do_syscall_64+0xcd/0x230 [ 702.782448][T16381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.782479][T16381] RIP: 0033:0x7f6969f8d37c [ 702.782504][T16381] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 702.782537][T16381] RSP: 002b:00007f696adff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 702.782567][T16381] RAX: ffffffffffffffda RBX: 00007f696a1b5fa0 RCX: 00007f6969f8d37c [ 702.782590][T16381] RDX: 000000000000000f RSI: 00007f696adff0a0 RDI: 000000000000000b [ 702.782609][T16381] RBP: 00007f696adff090 R08: 0000000000000000 R09: 0000000000000000 [ 702.782630][T16381] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000002 [ 702.782650][T16381] R13: 0000000000000000 R14: 00007f696a1b5fa0 R15: 00007ffcbf9abbc8 [ 702.782693][T16381] [ 705.403431][T16428] FAULT_INJECTION: forcing a failure. [ 705.403431][T16428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 705.439626][T16428] CPU: 0 UID: 0 PID: 16428 Comm: syz.0.2395 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 705.439676][T16428] Tainted: [U]=USER [ 705.439686][T16428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 705.439705][T16428] Call Trace: [ 705.439715][T16428] [ 705.439727][T16428] dump_stack_lvl+0x16c/0x1f0 [ 705.439777][T16428] should_fail_ex+0x512/0x640 [ 705.439826][T16428] _copy_from_user+0x2e/0xd0 [ 705.439881][T16428] kstrtouint_from_user+0xd6/0x1d0 [ 705.439918][T16428] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 705.439951][T16428] ? __lock_acquire+0xaa4/0x1ba0 [ 705.440008][T16428] proc_fail_nth_write+0x83/0x250 [ 705.440051][T16428] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 705.440106][T16428] vfs_write+0x25c/0x1180 [ 705.440133][T16428] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 705.440181][T16428] ? __pfx___mutex_lock+0x10/0x10 [ 705.440225][T16428] ? __pfx_vfs_write+0x10/0x10 [ 705.440266][T16428] ? __fget_files+0x20e/0x3c0 [ 705.440305][T16428] ksys_write+0x12a/0x240 [ 705.440334][T16428] ? __pfx_ksys_write+0x10/0x10 [ 705.440360][T16428] ? rcu_is_watching+0x12/0xc0 [ 705.440400][T16428] do_syscall_64+0xcd/0x230 [ 705.440446][T16428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.440477][T16428] RIP: 0033:0x7f6969f8d41f [ 705.440500][T16428] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 705.440529][T16428] RSP: 002b:00007f696adde030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 705.440557][T16428] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6969f8d41f [ 705.440580][T16428] RDX: 0000000000000001 RSI: 00007f696adde0a0 RDI: 0000000000000004 [ 705.440599][T16428] RBP: 00007f696adde090 R08: 0000000000000000 R09: 0000000000000000 [ 705.440617][T16428] R10: 0000000000000100 R11: 0000000000000293 R12: 0000000000000001 [ 705.440635][T16428] R13: 0000000000000000 R14: 00007f696a1b6080 R15: 00007ffcbf9abbc8 [ 705.440675][T16428] [ 705.869715][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 705.898213][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 705.909881][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 705.925310][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 705.933767][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 706.197164][T16442] ================================================================== [ 706.205304][T16442] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 706.213089][T16442] Read of size 8 at addr ffff88802a3c5018 by task syz.2.2399/16442 [ 706.221030][T16442] [ 706.223389][T16442] CPU: 1 UID: 0 PID: 16442 Comm: syz.2.2399 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 706.223435][T16442] Tainted: [U]=USER [ 706.223445][T16442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 706.223464][T16442] Call Trace: [ 706.223474][T16442] [ 706.223485][T16442] dump_stack_lvl+0x116/0x1f0 [ 706.223532][T16442] print_report+0xc3/0x670 [ 706.223568][T16442] ? __virt_addr_valid+0x5e/0x590 [ 706.223624][T16442] ? __phys_addr+0xc6/0x150 [ 706.223665][T16442] ? dvb_device_open+0x36a/0x3b0 [ 706.223720][T16442] kasan_report+0xe0/0x110 [ 706.223757][T16442] ? dvb_device_open+0x36a/0x3b0 [ 706.223802][T16442] ? __pfx_dvb_device_open+0x10/0x10 [ 706.223846][T16442] dvb_device_open+0x36a/0x3b0 [ 706.223888][T16442] ? __pfx_dvb_device_open+0x10/0x10 [ 706.223930][T16442] chrdev_open+0x231/0x6a0 [ 706.223979][T16442] ? __pfx_apparmor_file_open+0x10/0x10 [ 706.224028][T16442] ? __pfx_chrdev_open+0x10/0x10 [ 706.224065][T16442] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 706.224119][T16442] do_dentry_open+0x741/0x1c10 [ 706.224152][T16442] ? __pfx_chrdev_open+0x10/0x10 [ 706.224190][T16442] vfs_open+0x82/0x3f0 [ 706.224234][T16442] path_openat+0x1e5e/0x2d40 [ 706.224272][T16442] ? __pfx_path_openat+0x10/0x10 [ 706.224309][T16442] do_filp_open+0x20b/0x470 [ 706.224339][T16442] ? __pfx_do_filp_open+0x10/0x10 [ 706.224385][T16442] ? alloc_fd+0x471/0x7d0 [ 706.224418][T16442] do_sys_openat2+0x11b/0x1d0 [ 706.224460][T16442] ? __pfx_do_sys_openat2+0x10/0x10 [ 706.224502][T16442] ? __pfx_do_sys_openat2+0x10/0x10 [ 706.224564][T16442] ? __pfx___might_resched+0x10/0x10 [ 706.224607][T16442] __x64_sys_openat+0x174/0x210 [ 706.224655][T16442] ? __pfx___x64_sys_openat+0x10/0x10 [ 706.224704][T16442] ? rcu_is_watching+0x12/0xc0 [ 706.224752][T16442] do_syscall_64+0xcd/0x230 [ 706.224803][T16442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.224833][T16442] RIP: 0033:0x7fe24858e969 [ 706.224857][T16442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.224889][T16442] RSP: 002b:00007fe24940b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 706.224918][T16442] RAX: ffffffffffffffda RBX: 00007fe2487b5fa0 RCX: 00007fe24858e969 [ 706.224939][T16442] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 706.224960][T16442] RBP: 00007fe248610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 706.224980][T16442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 706.225000][T16442] R13: 0000000000000000 R14: 00007fe2487b5fa0 R15: 00007fff8050cd98 [ 706.225036][T16442] [ 706.225048][T16442] [ 706.489391][T16442] Allocated by task 1: [ 706.493468][T16442] kasan_save_stack+0x33/0x60 [ 706.498162][T16442] kasan_save_track+0x14/0x30 [ 706.502851][T16442] __kasan_kmalloc+0xaa/0xb0 [ 706.507450][T16442] dvb_register_device+0x1e4/0x2370 [ 706.512672][T16442] dvb_register_frontend+0x5a6/0x880 [ 706.517999][T16442] vidtv_bridge_probe+0x459/0xa90 [ 706.523045][T16442] platform_probe+0xff/0x1f0 [ 706.527646][T16442] really_probe+0x241/0xa90 [ 706.532166][T16442] __driver_probe_device+0x1de/0x440 [ 706.537476][T16442] driver_probe_device+0x4c/0x1b0 [ 706.542514][T16442] __driver_attach+0x283/0x580 [ 706.547300][T16442] bus_for_each_dev+0x13e/0x1d0 [ 706.552185][T16442] bus_add_driver+0x2e9/0x690 [ 706.556885][T16442] driver_register+0x15c/0x4b0 [ 706.561675][T16442] vidtv_bridge_init+0x45/0x80 [ 706.566459][T16442] do_one_initcall+0x120/0x6e0 [ 706.571272][T16442] kernel_init_freeable+0x5c2/0x900 [ 706.576515][T16442] kernel_init+0x1c/0x2b0 [ 706.580878][T16442] ret_from_fork+0x48/0x80 [ 706.585309][T16442] ret_from_fork_asm+0x1a/0x30 [ 706.590103][T16442] [ 706.592437][T16442] Freed by task 16352: [ 706.596516][T16442] kasan_save_stack+0x33/0x60 [ 706.601218][T16442] kasan_save_track+0x14/0x30 [ 706.605915][T16442] kasan_save_free_info+0x3b/0x60 [ 706.610977][T16442] __kasan_slab_free+0x51/0x70 [ 706.615768][T16442] kfree+0x2b6/0x4d0 [ 706.619685][T16442] dvb_device_put.part.0+0x60/0x90 [ 706.624835][T16442] dvb_device_open+0x2a4/0x3b0 [ 706.629631][T16442] chrdev_open+0x231/0x6a0 [ 706.634106][T16442] do_dentry_open+0x741/0x1c10 [ 706.638908][T16442] vfs_open+0x82/0x3f0 [ 706.643002][T16442] path_openat+0x1e5e/0x2d40 [ 706.647623][T16442] do_filp_open+0x20b/0x470 [ 706.652145][T16442] do_sys_openat2+0x11b/0x1d0 [ 706.656855][T16442] __x64_sys_openat+0x174/0x210 [ 706.661735][T16442] do_syscall_64+0xcd/0x230 [ 706.666276][T16442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.672193][T16442] [ 706.674525][T16442] The buggy address belongs to the object at ffff88802a3c5000 [ 706.674525][T16442] which belongs to the cache kmalloc-256 of size 256 [ 706.688592][T16442] The buggy address is located 24 bytes inside of [ 706.688592][T16442] freed 256-byte region [ffff88802a3c5000, ffff88802a3c5100) [ 706.702324][T16442] [ 706.704658][T16442] The buggy address belongs to the physical page: [ 706.711074][T16442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a3c4 [ 706.719851][T16442] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 706.728362][T16442] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 706.735928][T16442] page_type: f5(slab) [ 706.739931][T16442] raw: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 706.748536][T16442] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 706.757143][T16442] head: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 706.765833][T16442] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 706.774523][T16442] head: 00fff00000000001 ffffea0000a8f101 00000000ffffffff 00000000ffffffff [ 706.783206][T16442] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 706.791882][T16442] page dumped because: kasan: bad access detected [ 706.798296][T16442] page_owner tracks the page as allocated [ 706.804016][T16442] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25040621585, free_ts 0 [ 706.823756][T16442] post_alloc_hook+0x181/0x1b0 [ 706.828544][T16442] get_page_from_freelist+0x135c/0x3920 [ 706.834110][T16442] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 706.840026][T16442] alloc_pages_mpol+0x1fb/0x550 [ 706.844896][T16442] new_slab+0x244/0x340 [ 706.849063][T16442] ___slab_alloc+0xd9c/0x1940 [ 706.853801][T16442] __slab_alloc.constprop.0+0x56/0xb0 [ 706.859191][T16442] __kmalloc_cache_noprof+0xfb/0x3e0 [ 706.864492][T16442] bus_add_driver+0x92/0x690 [ 706.869094][T16442] driver_register+0x15c/0x4b0 [ 706.873885][T16442] usb_register_driver+0x216/0x4d0 [ 706.879027][T16442] uvc_init+0x24/0x60 [ 706.883025][T16442] do_one_initcall+0x120/0x6e0 [ 706.887815][T16442] kernel_init_freeable+0x5c2/0x900 [ 706.893047][T16442] kernel_init+0x1c/0x2b0 [ 706.897391][T16442] ret_from_fork+0x48/0x80 [ 706.901833][T16442] page_owner free stack trace missing [ 706.907209][T16442] [ 706.909537][T16442] Memory state around the buggy address: [ 706.915170][T16442] ffff88802a3c4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 706.923239][T16442] ffff88802a3c4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 706.931315][T16442] >ffff88802a3c5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 706.939385][T16442] ^ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 706.944239][T16442] ffff88802a3c5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 706.952317][T16442] ffff88802a3c5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 706.960385][T16442] ================================================================== [ 707.091688][T16442] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 707.098966][T16442] CPU: 0 UID: 0 PID: 16442 Comm: syz.2.2399 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 707.112647][T16442] Tainted: [U]=USER [ 707.116475][T16442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 707.126570][T16442] Call Trace: [ 707.129880][T16442] [ 707.132851][T16442] dump_stack_lvl+0x3d/0x1f0 [ 707.137507][T16442] panic+0x71c/0x800 [ 707.141457][T16442] ? __pfx_panic+0x10/0x10 [ 707.145935][T16442] ? mark_held_locks+0x49/0x80 [ 707.150764][T16442] ? preempt_schedule_thunk+0x16/0x30 [ 707.156225][T16442] ? dvb_device_open+0x36a/0x3b0 [ 707.161224][T16442] ? preempt_schedule_common+0x44/0xc0 [ 707.166741][T16442] ? dvb_device_open+0x36a/0x3b0 [ 707.171739][T16442] check_panic_on_warn+0xab/0xb0 [ 707.176743][T16442] end_report+0x107/0x170 [ 707.181121][T16442] kasan_report+0xee/0x110 [ 707.185593][T16442] ? dvb_device_open+0x36a/0x3b0 [ 707.190604][T16442] ? __pfx_dvb_device_open+0x10/0x10 [ 707.195955][T16442] dvb_device_open+0x36a/0x3b0 [ 707.200761][T16442] ? __pfx_dvb_device_open+0x10/0x10 [ 707.206083][T16442] chrdev_open+0x231/0x6a0 [ 707.210528][T16442] ? __pfx_apparmor_file_open+0x10/0x10 [ 707.216112][T16442] ? __pfx_chrdev_open+0x10/0x10 [ 707.221076][T16442] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 707.227878][T16442] do_dentry_open+0x741/0x1c10 [ 707.232677][T16442] ? __pfx_chrdev_open+0x10/0x10 [ 707.237645][T16442] vfs_open+0x82/0x3f0 [ 707.241754][T16442] path_openat+0x1e5e/0x2d40 [ 707.246393][T16442] ? __pfx_path_openat+0x10/0x10 [ 707.251378][T16442] do_filp_open+0x20b/0x470 [ 707.255941][T16442] ? __pfx_do_filp_open+0x10/0x10 [ 707.261032][T16442] ? alloc_fd+0x471/0x7d0 [ 707.265401][T16442] do_sys_openat2+0x11b/0x1d0 [ 707.270128][T16442] ? __pfx_do_sys_openat2+0x10/0x10 [ 707.275374][T16442] ? __pfx_do_sys_openat2+0x10/0x10 [ 707.280633][T16442] ? __pfx___might_resched+0x10/0x10 [ 707.285969][T16442] __x64_sys_openat+0x174/0x210 [ 707.290869][T16442] ? __pfx___x64_sys_openat+0x10/0x10 [ 707.296303][T16442] ? rcu_is_watching+0x12/0xc0 [ 707.301103][T16442] do_syscall_64+0xcd/0x230 [ 707.305654][T16442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.311591][T16442] RIP: 0033:0x7fe24858e969 [ 707.316040][T16442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 707.335694][T16442] RSP: 002b:00007fe24940b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 707.344149][T16442] RAX: ffffffffffffffda RBX: 00007fe2487b5fa0 RCX: 00007fe24858e969 [ 707.352163][T16442] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 707.360159][T16442] RBP: 00007fe248610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 707.368154][T16442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 707.376152][T16442] R13: 0000000000000000 R14: 00007fe2487b5fa0 R15: 00007fff8050cd98 [ 707.384165][T16442] [ 707.387530][T16442] Kernel Offset: disabled [ 707.391885][T16442] Rebooting in 86400 seconds..