last executing test programs: 15.944337623s ago: executing program 3 (id=1625): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x18, 0x3, 0x200000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x0, 0x0) pread64$auto(r0, &(0x7f00000000c0)='/sys/bus/netdevsim/new_device\x00', 0xd30f, 0xca) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptytc\x00', 0x128100, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) clone$auto(0x1, 0x8, 0x0, 0x0, 0x20000000009) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) 14.725732074s ago: executing program 3 (id=1628): setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) clone$auto(0x2, 0x5feb, 0x0, 0x0, 0x2000000000003) ioperm$auto(0x7, 0x6, 0x80) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000003, 0x0) r0 = mq_open$auto(&(0x7f00000000c0)='-\x00', 0x8, 0x5, &(0x7f0000000200)={0xc, 0x5, 0x7f, 0x1}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram10\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x55) mprotect$auto(0x200000000000, 0x806121, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 12.187523665s ago: executing program 2 (id=1633): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x18, 0x3, 0x200000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x0, 0x0) pread64$auto(r2, &(0x7f00000000c0)='/sys/bus/netdevsim/new_device\x00', 0xd30f, 0xca) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptytc\x00', 0x128100, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r3) sendmsg$auto_NL80211_CMD_SET_REG(r1, &(0x7f0000001500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000014c0)={&(0x7f0000000180)={0x12a8, r4, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0xfffd}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x4}, @NL80211_ATTR_REKEY_DATA={0x187, 0x7a, 0x0, 0x1, [@typed={0x8, 0x1c, 0x0, 0x0, @fd=r0}, @generic="5218d353780059c25e0b47b7ba93935edf7518f700a06b2f74c993cb3343a4a7bf456a5c65181b99b8bf059c7f70885f377901a4d532964aea9015973b06d4ab9afc837213849eb691cef0c7fe85e0aef6d82f622ac520535bff6be6219583285501dbba5464e8264889f34b8f3efbc190b528cebcaf176880b19bf26249ac5f4ba41c27fd4651f54298f591d7f958452f91f5c4d0fbc4ee437498e1fdf02c19164a4143f51611ff953dc960487721cc57d70b8b05c2811cb8904eee802976c1c9e33fe13e317dcfbed9b1e2ac3a59eaecf9b7b15f403221e2392c88c0e25a0c72d18b1851", @generic="7cfff91223670dbb3a61062cd9db54a901baafc23fb470d7c3407703a2ca8ac1fa41d8e9f0c5fe8992e396cd260b7cbcd092b7eb4f8edb4ec4", @generic="eaf87185231a739d660ededb7235f80e3b34dee5712e106c5aa9af52b0eeca78cf03b301e99bc11802879df62ef5b41d12c8df86d97eaf4282256774bff997ad163dff370263e43ce046f468b6d1b0dd3bc37aa34dc2973257deaa55a7"]}, @NL80211_ATTR_USER_PRIO={0x5}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x8}, @NL80211_ATTR_CNTDWN_OFFS_BEACON={0xc2, 0xba, "3aa658da55bf3db9a30752dacbff494fb568f62e55a8401e560b8de7d37617e4f657dcc825852507052f53592586633fd45ba5e1920af1618bc22dd681c099f6524b36ede045a9579a1da09d0152d3883eec09a93c8f48107f4b304804abd8a68cab43f8a4db782dda41d76a9e5753015e8716b69c7f53f486ec430771752813f0142dfecb6884a5720460e2f1692e71218b214a9a38684132f4db080abc607e9a4555de765b22e2b76f2c26ba2bd100d999b08b9e0ba25fd0de93394ba8"}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x9}, @NL80211_ATTR_CNTDWN_OFFS_BEACON={0x22, 0xba, "6c8b3d9221356ad6168447ead7f0984e816d7300962e188084eeb4ae212e"}, @NL80211_ATTR_COLOR_CHANGE_ELEMS={0xffc, 0x131, 0x0, 0x1, [@NL80211_ATTR_HT_CAPABILITY={0x62, 0x1f, "16a3e03ee1cfa89fd5fb8404580612287c30d4eda5629a005224ed64f868af02a4ddba03b615e8053217fa1e5b48ba9c8a8cb17dfd42f91060f1d0f9bfa1d742e61ac3e715db30d4ec02718e0714dbc6beee8df256957eb2bf7427770332"}, @NL80211_ATTR_TIMEOUT_REASON={0x8, 0xf8, 0x2}, @NL80211_ATTR_PREV_BSSID={0xf84, 0x4f, "9548201fe9fad555a69252c240475903411570ecf4ba197133503865479aecbb0fe3504c083f2c5e493734672b7485403301c5d3c16757b6557d5d2363a015124c679ea94c04a4a6aa39cd4b45f4ab43386078ad69bceb329583e8e449077b642d8cb09bd965fb75cee2d6d3815ec30ca3635460b9863b63ffd3a5cf6f389b285bcf490c85f9b16548f4c235db90bf07908e733394275e6060e9a62f6a4ad43ccf6173bfb8c05332efcf9a216fd8ae85eef3c82b2a04ceca1c9a16b8121a03733e7618f185ca452fc2afad961c6f163221be2df77cd1811a34cff2d64c236c734681390a9ac5c5198e10dbf9c1a670e78b985506c600f8f309e5d41e016ddbc1353ed845bd78ee83de18419e38b99bab3f4bb1174e3ea21673fc9de0aa13bd71e7386c4cb4193f3f79387f8cbf6c204ffae43ff52e9b4a1ec0d4f9623dad351e37864dfbc1a1ad010def9afec065f2e99a8a54a7528994ecb72985fe9349a083e9c40bbba50e98635f70c5bf4fe85ece668c13c65176e44f6a54cf19dbf2d3ec209478815f85eebf0971d705b260a2ca9a7d5b6a561f311aa77be89d3de54c20862bd3c9110b8281421859d2552576a53da8fb244a57cbf591bfae2d5aba80d00266bc89680571bdd91ee443d67ea6410560ac82c89b4e8c1a9aa046e59edc8a32b8ec457701bf35c855fe09cca4809fd799df50ad7a04a6e836b0b0f445abc8ee9ec1d2379bee9e56a4e52643eed2d32ae4407d23787ba499c71e74b633d8f7f3f9e73ba400bc9f586c0dfdd17a0d7d12bf7a53677800551aa90d6b8e31fb2863d6abfde4bc8ea1b33e87b9d665243951246a702b08c7213b594e899a23558731bbaa3da228df3a7f0aebc645ed4de1995ab1ff75bf7fcbb498d60d593ba36eb2b7d91b067ed42e869fbbfa8e603307ede56739e9b73b443d67943aa6c773ee323827a86ffbc6db5374c62e91e9288580fed93d85fd3d18052afca3dad189a431ed44d48945cd99d768932f8b1ec7233357c7760fa46970907fed537b72a702114f6c317b79019781dcd07bd6a4a56d18a6eb816dd661201f6f846853a0e04f004a58981000adf37682581f88a3ca9abbb7caecd605650b386d5df8414762114a42d6c54868a83e54475e3ae3cd65f9b521f1630c251af06f4b435a213eee53fe4bc914192c918f66f6a2ce12fe1986c0b9dc71feddb09786875d8926b1275a772a6927e81a8ca5397df8874236ce94d2e2d3f97c443f52361dea95da035e351906a76519b5fff8033324957a7a8b9e52f1ac07b6519c94038001f9a7c37f6a8d3ae129db96b84833d865559f98b00e7986e07a3103e87e05d8735977316d124a8bb97e4b1d609d88caea4b8b399ff03044b3964a6e9538eea7826e225f0ae7b7abd826fcfe6372e16884a0b41d3c41806dbac350ad93a8126a7a0d6023c52b98ec6ffd8cf057a3387942da8dc9451ef8fb6fa3f0dbf53fb324afb2da0973cc00784033f148c33f291db03377e7886871f6c59e6196f5c2d8f48d43d8bf5898b1a2666865cc5be3466d540ffea1ddc5edde9b778f1dd379c616a69614bdc60725828c130cec7b063c6cada078f985513eb7a78ca064bf266d57f1afba1a2dc28eba1e77f938e498bf441abc0fe78071f494590fdd1a0a1aa1109fb3c775a2ee74fdef90c445f250d38b39d75eccfcd08ef7ab0d31a2b8f4a28261ff78f420e2ca24c482a2103d6888f09eb846c513066dfb8a2f3ecae815365ed844872ea751a70960ba141f9c1cd7aaa110ce5566f8cd1fe5c2dd3742a1da76a22a67280c6f79a71529bf1689e71dd8980cf789a84529722af4faca085cce351c1cab176d760b3cd0f8e8bd75cda746543bd1a22da723c7ef4fd75ab854be17702ca61eea9ab7de284018622d769fa86f64e87d2d713e9d24d33ec6ec7b52cbd6a8afdff1de104676ac773d114afc1e362f39df5782beef6e631872f7b4749964eee7da0bcf93157deff548a2136dcb91d57c2014e2e37f1e2b9d142953e4039f3bfbfe3b7ebdbea9733c6fa9701044dfb2b1e0fb63a8516fed6d74dc79d830146089862674faf81f9327bd48f1729b09a4354789f2c59d1d41c6e2637485738678bba5fa2d0c1460a4e43ec3ec495af452be12cdfa435411170bb1b49f9cd8a349d44dc0f433af49c159968076793fcb42c3183786f55a21462ca7958ebf9032103e649bf2d0e3f175125b689127b881a7554b079ebbbfd21b677ef563752ab4779bdc89e452fceeeb4d3bcd9abc43b72549e25f6a0771a179eeac0b40e01ab6d087ada9c65dad9ab1c3966a24f494a66371f5feead980e967886d7cc46facd11138adab58fbff225fabdcb221d124cddcd670427cc658b3de86ea0b7b07fb0f6994d5b8c5854ae883f7f9f870c139129eddd8c4285d593538900fe97087b6daf36f78e821e534647cdae87b19e586d18c5a0fd7652ba184c0f7e6e3b649644ac4be630917ade3151679ab7a23b89f3096603c16efc166233ebeef5865fde80ebcc7610142f733e4d55cfe02872ad5b00216d11d4fecdebc7a64118b22f8db3f4336e3fa01aabadcc457690f1d7e5e4879d5516b08ed5b122f40fb709eeffffc08d6fd9dafa71c79e73a039acc0d163a83cd02d4570438bfcc2290dca7105e6e1f4d5651d9121c9a6190779328187926ae592ff2d33888a2957bccf2385910b1527adf6c0926aa78d224fd3b240bc3e8a2b36554cf1fea4ef9ba64307038425073fac10bf95bee99cb41b461aa24775ff8e7c146f663a91e2649e3744a3b97e1c27ecfb6d46fd305ad76a25ae58ebde514d2c7fba71054987deed29cefb24a75b96765de6b7aa8917a089afa5181da39c7e4d246ed96cb0eb32ba3ff5f2658db2b949bbbd3ae6ad95fad685f68a9dd9ac09cc3c4aa936621524a3977dab83f353a883d4518470c72e438ac03fdbe017f758ac0d6c09fc8fba3a7bade949105d7041ed07e781d4efff76d03e7b9f9e451bb1ba3f7e103b9338599efa337a4b1600fd08df708064df91962a30656e7dba0313784dc47333363c608250553b94b896412f522c3b629fdb4f0e45d1af1dbb7079d827d27c8f9c5df511a61b04ec03b837f3d4aa6cc0ed59c3487feecb4f0679a565a2c126bfc6787774cf442c4da47e7a59187a4a4fe5ae2bcb40868dfe1fa53b87cb99054583a8d1af267c9925fce1ec17e20f6a633b3435aa1f36e147f264b2aaae2a5c42d8717641415014c9144ce9c9d98cb387f4e06ac2313c19839f6b80358c3182ce3a36a6f97d8e71f83d00a3884e4aadef8e3fb3bc5525d618acc8f4960a271b9cccc6acb1c624c6208c53ed894d783a4b4df754e22dd9634c19b374134c040de418dbee6c568e5a207a0191c1de5ef14e88e8f839c76ce0d55b477e0eddde4e7c3c85e2beec5ff31261fd7153286870210f8ba30184284b202c45fb67dfe0f1fc9583daf60824d1aeee38e053b31254342e100e3ece66fc78943088554944edf8cdaf82d112f0f4b220fb5f0a8333e2f055ef7ff0b750dbbeb88a1179864c02c4693d6aeafec6179913375332485e03acd2b5f8a5516728d7a028283154e40e0f52d6ea78a112bb064f3210c35a33d935ef9c9cbc6be3979ac892c90e293fb7556a698e9216e4f587afc7488ba2d32ec3190190cc97d66a40498a3d2342cf5fe7676d2cdd8b505a8d64333f528cb1d1a4b46d504c56ee4279bd0aa101e826e4eb2680a184e8104ef10ed2fd2fc086eabb8a13b26462e11c23cc73ddce1c77856353ad8c9fa772f0d438f3cb4260625f059a7010a2eeb8401b19caa97ebf3254ffdb39f740eadd4898906e32f34f51b5e1fc0c641971a7c326ca9ff31fc1c35de77c77bef86238b20279813967d5c9b9cd9a53c9b346716eaec54473acdf0677293cc661c045e2e5844509b96395b1be929fa83ba0ccade3c3198d1f8b14c4eda00ad7c79ec056532c8fd82bfcebc1b4eb69262f5a676c51c18ff4a7b39470e3afbe67115c0088314c0942ebd188638f9d039634cf18a4e3053ceb4f1414a828b27bfab0c73920fc673235922f22ad228b2bad073c046c985ce216eddd7cd8f4ba162abe91ac7bb766b696c47a8eabaed9db8152d2c0f1a3de5c9f188961534524e2310d2fe2d4d95934700c2c18ba6713930759e1b58d8bad9d3d89d5797bff1bdc4721d6d7b4d8dc7ef743f6f6f97da2e7202c152a5e19624c14818f074d45debdda68caa7cbc83d285c61c17ec301d6d074b17665530e1d59f79017361435e6537d12a6133993d0ac4697ac055f2786a4dfc7e5f8810301da3061995497be44167aae43d59e4cc20bf9d0c29d69091bb009168605bccee76d083d6541d9ba728afbf7325b5c2e82bcdf0f2af77771498f2e57c8bcdc36f9d62abc721d8b37e8da6e712385303df64c901d87621844fb7864a0023e62089c9f6a76e71330bc75620625a84ecf62e78f02ea3811460ee446a2e72a8534067ff98fa4fdba45f119335a2369b7b6794395a51abb5c90166e3682fda4f65d2522d371a35eeb68a1de70bfe4e532000aefe0dc8006874b10b3893c8388b52a2e95d710093c1ddbe4a42398b51425694f183549444205e208dfe2603ecbabc3ff94b0f62a7e39042655746d0468e9662747012539f0799519d0666420016e6344bd9b45b556de6a4ef2c0ac20b2c33119a3700d33b0fb1a89aa408a942ffb98b50761ff09a285fb5075837ef188cec7cf48789670032efb9754d654bf3db3ba0ae3c7308bee217e90ae0fe0fe9dab92608bf38f9e5233cc1dd791161f4dc1790347835c1b225c5fb84fd330036068819e8874bb5752b8c81c259b81608d14a090f2dc36b67eb904e5bd4b680ee7a2c6801fc2e5512d6139e2f4af68193c0eaacbb62ee4b92f5385528258e75a36d5e2b467587590d5fc0df3dd7b77ebf941ca6cfd06ceb9fcdf8c0536de47de3ff46c80e53cab9a97d7ccb5b035766b8605d947aba74dd2b5955b16eb00ef8021a0851d2404cd1233389017b96cde4eb9e66503c4748afab36c78b0f617984b07b6473fb3a4df3cbc504c0d3622ecb15b00dc9365c7f18c3b0e30e93774b9453bebb3d5ed53c3b0886597c230ea34f556dbdcd5193008bda62764e1ead1e8fac267578aa72a5edc913d58f5458dd7d6f72ebea43abc5518e2f9e21034423f69f4ec1e4b1f31642eb89b556b7858e9c6192d2778fb90b210992c734a971192c3bbe933234dd1eb51bdf62a4e64eb9320cbb3d9b0563a7f577ea89922cd63209bae7c3c9118464c7c2b37a880caf6f8f988a8de8f43c1cf6cb406b88365d3a1103ab8b4a1ebfff0f6cb42ee605be9c56253740aec7a64d1a954ddd8d5f90a58e0233c8f2cdd50b1f93f55bbb95d7e0e94867ec5a7f0a5a81c0dabea6e887951c380c9e154e4a0f49171fe8d2c3a32ab110021e4dd06d3ae1b5a9834e030ced7f0e6b45ff4d8bf0c43822d0710cb97b384f0ffeb4896e38e41f98c9bed469deeaddebd0313d64e79f9374b4135485ef1fa6935bc0515fcefb5bafb8c4bb5e1ae8a9a3838522437f006140d738c50bed65f559da115ad0e4b16a4a3fbcafef74a6294d0ec7ff19200c54f94c3c"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x5}]}]}, 0x12a8}, 0x1, 0x0, 0x0, 0xc0}, 0x4c000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) clone$auto(0x1, 0x8, 0x0, 0x0, 0x20000000009) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xc048aeca, 0x0) 12.094162227s ago: executing program 1 (id=1634): setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) clone$auto(0x2, 0x5feb, 0x0, 0x0, 0x2000000000003) ioperm$auto(0x7, 0x6, 0x80) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000003, 0x0) r0 = mq_open$auto(&(0x7f00000000c0)='-\x00', 0x8, 0x5, &(0x7f0000000200)={0xc, 0x5, 0x7f, 0x1}) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram10\x00', 0x60742, 0x0) write$auto(r4, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x55) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c0090000", @ANYRES16=r1, @ANYBLOB="131f2cbd700023723ab36bf877ac08000300", @ANYRES32=r3], 0x9c0}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) mprotect$auto(0x200000000000, 0x806121, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 12.017841678s ago: executing program 0 (id=1635): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x2) setsockopt$auto_SO_ATTACH_FILTER(r0, 0x0, 0x1a, 0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x39db00, 0x0) io_uring_setup$auto(0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$auto(0x8000000, 0x0, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x40, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x194) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f00000000c0), 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x202003, 0x0) io_uring_setup$auto(0x2, 0x0) io_uring_register$auto(0x2, 0xe, 0x0, 0x20) io_uring_setup$auto(0x8008, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 10.907791878s ago: executing program 2 (id=1636): r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r0, 0x4d13, r0) unshare$auto(0x40000080) mq_notify$auto(0xffffffffffffffff, 0x0) preadv2$auto(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x68f}, 0x6, 0xffffffffffffffff, 0x8000000000040, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x20048000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x82, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0x5, 0x0) epoll_create$auto(0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) capset$auto(0x0, 0x0) epoll_ctl$auto(0x5, 0x3, r1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0x20000a, 0x8) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) 10.178731829s ago: executing program 3 (id=1637): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x18, 0x3, 0x200000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x0, 0x0) pread64$auto(r0, &(0x7f00000000c0)='/sys/bus/netdevsim/new_device\x00', 0xd30f, 0xca) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptytc\x00', 0x128100, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) clone$auto(0x1, 0x8, 0x0, 0x0, 0x20000000009) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) 9.707916436s ago: executing program 1 (id=1638): setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) clone$auto(0x2, 0x5feb, 0x0, 0x0, 0x2000000000003) ioperm$auto(0x7, 0x6, 0x80) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000003, 0x0) r0 = mq_open$auto(&(0x7f00000000c0)='-\x00', 0x8, 0x5, &(0x7f0000000200)={0xc, 0x5, 0x7f, 0x1}) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram10\x00', 0x60742, 0x0) write$auto(r4, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c0090000", @ANYRES16=r1, @ANYBLOB="131f2cbd700023723ab36bf877ac08000300", @ANYRES32=r3], 0x9c0}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) mprotect$auto(0x200000000000, 0x806121, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 8.447719835s ago: executing program 2 (id=1639): r0 = socket(0xa, 0x80002, 0x73) sendmsg$auto_VDPA_CMD_DEV_DEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x18, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@VDPA_ATTR_DEV_NET_CFG_MACADDR={0x4}]}, 0x18}}, 0x840) sendmmsg$auto(r0, &(0x7f0000000200)={{&(0x7f0000000000), 0x3ff, 0x0, 0x9, 0x0, 0x7b5e, 0x24000000}, 0x5}, 0x2, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/rawdata_compression_level\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f00000001c0)={0x71, &(0x7f0000000100)="00a787de879862efa043c23aca3fec4588f1495d0186b097e889375afeec18d5b286dde121a74f5e206f4dfaf41f03587fdbd432ad16821a29501a955ff3feb3ee6319c67994cd63cf20999166dd1b7eb42693f5bb75504807d90d0f385a3769b77b3486ed4081170f5b26ff10f14d2c5c126dbaa47194ae91a00c", 0x8000000000000001}) close_range$auto(r0, r1, 0x5) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a0001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='O'], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 8.287155096s ago: executing program 0 (id=1640): mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x7, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0xfffffffe}, 0x52) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_register$auto(r0, 0x1e, 0x0, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) r5 = socket(0xa, 0x802, 0x3a) fcntl$auto_F_DUPFD(r5, 0x0, r4) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), 0xffffffffffffffff) rename$auto(0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 7.730585872s ago: executing program 2 (id=1641): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x3b) connect$auto(r1, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) pipe$auto(0x0) mincore$auto(0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) r2 = socket(0x2, 0x1, 0x0) getsockopt$auto(r2, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x40440, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) readv$auto(0xffffffffffffffff, 0x0, 0x10000004) r4 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x3fffff, 0x5, 0x11, 0xdd, 0x0) mount$auto(0x0, &(0x7f0000000140)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) ioctl$auto(r4, 0x8982, 0x1) 6.590626682s ago: executing program 0 (id=1642): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close$auto(0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x100000000000000, 0x400053, 0x9) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000040)=0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008012, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x9, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x55) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000e80)=""/206, 0xce) 6.58999563s ago: executing program 3 (id=1643): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x1, 0x1, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) r1 = socket(0xa, 0x5, 0x84) getsockopt$auto(r1, 0x84, 0x9, 0x0, 0x0) mmap$auto(0x4, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x0, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) sendmsg$auto_NFC_CMD_FW_DOWNLOAD(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20}, 0x20004045) r2 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x8) setsockopt$auto(r2, 0x1, 0x21, 0x0, 0x9) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x545c, 0x0) 6.44028731s ago: executing program 2 (id=1644): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0xfd, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x2003f2, 0x15) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20342, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x52, 0x0) bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000000100)=@link_detach={r0}, 0xa) waitid$auto_P_PIDFD(0x3, r2, &(0x7f00000001c0)={@_si_pad}, 0x9, &(0x7f0000000300)={{0xf99c, 0xf}, {0x4, 0x3}, 0xe, 0xdd, 0xf7d, 0x7fff, 0x2, 0x10, 0xfffffffffffffff3, 0x1, 0x4ae, 0x9, 0xb8a, 0x2, 0x2, 0x2}) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x29}, 0x20100007}, 0x3, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x64a000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r3, 0x0, 0x39b8) ioctl$auto_SNDCTL_DSP_GETISPACE(r1, 0x8010500d, &(0x7f0000000040)) 4.854676785s ago: executing program 1 (id=1645): r0 = socket(0xa, 0x80002, 0x73) sendmsg$auto_VDPA_CMD_DEV_DEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x18, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@VDPA_ATTR_DEV_NET_CFG_MACADDR={0x4}]}, 0x18}}, 0x840) sendmmsg$auto(r0, &(0x7f0000000200)={{&(0x7f0000000000), 0x3ff, 0x0, 0x9, 0x0, 0x7b5e, 0x24000000}, 0x5}, 0x2, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/rawdata_compression_level\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f00000001c0)={0x71, &(0x7f0000000100)="00a787de879862efa043c23aca3fec4588f1495d0186b097e889375afeec18d5b286dde121a74f5e206f4dfaf41f03587fdbd432ad16821a29501a955ff3feb3ee6319c67994cd63cf20999166dd1b7eb42693f5bb75504807d90d0f385a3769b77b3486ed4081170f5b26ff10f14d2c5c126d", 0x8000000000000001}) close_range$auto(r0, r1, 0x5) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a0001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='O'], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3.67406357s ago: executing program 0 (id=1646): syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) r0 = clone$auto(0x6d8, 0xffe, 0x0, 0x0, 0x4000000a) io_uring_setup$auto(0x1, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(0x0, 0x3, 0x8, 0x0, 0x0, 0x7ffffffe) migrate_pages$auto(r0, 0x4, 0x0, 0x0) open_tree$auto(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0xfff) shmctl$auto_IPC_INFO(0xfffffff8, 0x3, &(0x7f0000000400)={{0x3, 0xee00, 0xffffffffffffffff, 0x400, 0x101, 0x1, 0x8001}, 0x9, 0x9, 0x9, 0x5, @raw=0x2, @inferred=r0, 0x4, 0x0, &(0x7f0000000280)="2d37153d73b3a92a8713de1b1211c9a8219231a3693a0ad633a5d1e46384ef061a7e14453625bafdeb1a8e47304bf692ed948d1c8762d3ba048e5758ce110b0a72a1c3227c84dba91d0386fe6ccd0bf52bf83f0a722351e2f9191bfc3f64b04f11185752de2b48ed52", &(0x7f0000000340)="1085c0e3c37d126d17d1ed0f50890b4e70aa27d491ed7eb251a57af490a1333331b74d11b7a6056b2c874f24de6f504714f30271f798acbc650f20ed6766bb0b66302b415866f2880c8d76a99da91330e6a012b70889bcb896af00f66e32e02721b02191535eaef40c64480da9508c83d2f87b52906bde82073ddeef5d716a340f6cfad3c1413efa851446fd3228fcf245f1669d1649cae7f4cd9cfda3db2ddf"}) getpid() sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000980)={0x0, 0x7ba4}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000) write$auto(0x1, 0x0, 0x80000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.500915314s ago: executing program 1 (id=1647): r0 = socket(0xa, 0x80002, 0x73) sendmsg$auto_VDPA_CMD_DEV_DEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x18, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@VDPA_ATTR_DEV_NET_CFG_MACADDR={0x4}]}, 0x18}}, 0x840) sendmmsg$auto(r0, &(0x7f0000000200)={{&(0x7f0000000000), 0x3ff, 0x0, 0x9, 0x0, 0x7b5e, 0x24000000}, 0x5}, 0x2, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/rawdata_compression_level\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/ifb0/flags\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f00000001c0)={0x71, &(0x7f0000000100)="00a787de879862efa043c23aca3fec4588f1495d0186b097e889375afeec18d5b286dde121a74f5e206f4dfaf41f03587fdbd432ad16821a29501a955ff3feb3ee6319c67994cd63cf20999166dd1b7eb42693f5bb75504807d90d0f385a3769b77b34", 0x8000000000000001}) close_range$auto(r0, r1, 0x5) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a0001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='O'], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) 3.161926816s ago: executing program 3 (id=1648): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) r0 = openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000001640), 0x200, 0x0) read$auto_nst_seq_fops_netdebug(r0, &(0x7f0000001680)=""/222, 0xde) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x301, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ustat$auto(0x801, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x48040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0) rt_sigtimedwait$auto(&(0x7f0000000040)={0xc00000}, 0x0, &(0x7f0000000180), 0x8) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40000403c6f2b, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x6f29, 0x0) io_uring_setup$auto(0x5, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1adf82, 0x0) ioctl$auto(0x3, 0x80286f4e, r3) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r4 = open(0x0, 0x101800, 0xbf) r5 = socket(0x2, 0x3, 0x100) splice$auto(r4, 0x0, r5, 0x0, 0x7fffffffffffffff, 0x9) close_range$auto(0x2, 0x8, 0x0) 2.973337847s ago: executing program 1 (id=1649): close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 2.496641435s ago: executing program 0 (id=1650): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x1, 0x1, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) r1 = socket(0xa, 0x5, 0x84) getsockopt$auto(r1, 0x84, 0x9, 0x0, 0x0) mmap$auto(0x4, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x0, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) sendmsg$auto_NFC_CMD_FW_DOWNLOAD(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20}, 0x20004045) r2 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x8) setsockopt$auto(r2, 0x1, 0x21, 0x0, 0x9) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x545c, 0x0) 751.704155ms ago: executing program 3 (id=1651): r0 = socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(r0, &(0x7f0000000100)=@in={0x2, 0x4003, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) mmap$auto(0x0, 0x4, 0x5, 0x40ebf, r0, 0x300000000000) r1 = socket(0x6, 0x4, 0xfffffc01) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xee, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r1, [0x1, 0xf, 0x1000], {0x8, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x690, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0xc) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000000)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x20004880) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) ioctl$auto_AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000200)=0x579b) syz_clone3(0x0, 0x0) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00', @ANYRES16=r2, @ANYBLOB="2f212cbd7000fa", @ANYRES32=r3, @ANYBLOB="0600eb000f"], 0x24}, 0x1, 0x0, 0x0, 0x20001000}, 0x4000000) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) io_uring_setup$auto(0x2, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0xc0042, 0x0) mmap$auto(0xffffffffffffffff, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x8300000000000) 747.032254ms ago: executing program 1 (id=1652): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x2800, 0x0) r1 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2, 0x80002, 0x73) r3 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_proc_single_file_operations_base(r3, &(0x7f00000051c0)=""/103, 0x67) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x27) r4 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000180)={0xfffffffd}) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, r2, 0x0) io_uring_setup$auto(0x59, 0x0) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) wait4$auto(0xffffffffffffffff, 0x0, 0x3ff, 0x0) 597.211095ms ago: executing program 0 (id=1653): bpf$auto(0x0, 0x0, 0xee) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shutdown$auto(0x200000003, 0x2) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) mmap$auto(0x2, 0xffffffbffffffffd, 0x4000000000df, 0x1c, r0, 0x300000000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) 0s ago: executing program 2 (id=1654): io_uring_setup$auto(0x386, &(0x7f0000000000)={0x5, 0x1, 0x4c, 0x0, 0x1, 0x8, 0xffffffffffffffff, [0x10001, 0x8, 0xa], {0x8, 0x8, 0x3fc000, 0x4, 0xffffff7a, 0x3, 0x9, 0xec5, 0xffff}, {0xd5, 0x80000000, 0x1bee, 0x5d, 0x400, 0x9, 0x7, 0x8000, 0x7f}}) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x100) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/memory.force_empty\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000000)='3\xc7\xff\xff\xff\xdd\x00\b(Ks\x0f\x87|P\x11\xd1li0\x89\x85\x90QM\xd6wfF\xf1x\xb3;c\tP\x03\x84\x97\x99\x83\x97\x81:\xf3\xa3o5\xc5\x86\xed\xa4\x18]\xa3\xc9\x0f\xff\xdak\xb0m\xe1U\xb3\xa2\xee\xdcTJQO\x98\xc8w\x8c\xe7\x00\x00\x00\x1dj\x1e\xebQT\xdd\x9b\x00'/101, 0x9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/thread-self/net/stat/rt_cache\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f00000002c0)=""/266, 0x10a) mmap$auto(0x5, 0x2020009, 0xb, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): 72] RSP: 002b:00007f4b91bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 298.152771][ T8472] RAX: ffffffffffffffda RBX: 00007f4b93c15fa0 RCX: 00007f4b9399cdd9 [ 298.152787][ T8472] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000300 [ 298.152836][ T8472] RBP: 00007f4b93a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 298.152855][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.152875][ T8472] R13: 00007f4b93c16038 R14: 00007f4b93c15fa0 R15: 00007ffd68d48c68 [ 298.152924][ T8472] [ 298.696746][ T8472] ERROR: Out of memory at tomoyo_realpath_from_path. [ 298.984056][ T8477] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 301.097229][ T8509] binder: 8508:8509 ioctl 40046210 0 returned -14 [ 301.198701][ T8512] netlink: 28 bytes leftover after parsing attributes in process `syz.3.562'. [ 301.739025][ T8523] netlink: 330 bytes leftover after parsing attributes in process `syz.2.564'. [ 302.431139][ T8534] bridge0: port 3(gretap0) entered blocking state [ 302.452742][ T8534] bridge0: port 3(gretap0) entered disabled state [ 302.468331][ T8534] gretap0: entered allmulticast mode [ 302.508389][ T8534] FAULT_INJECTION: forcing a failure. [ 302.508389][ T8534] name failslab, interval 1, probability 0, space 0, times 0 [ 302.548184][ T8534] CPU: 1 UID: 0 PID: 8534 Comm: syz.1.566 Not tainted syzkaller #0 PREEMPT(full) [ 302.548218][ T8534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 302.548232][ T8534] Call Trace: [ 302.548241][ T8534] [ 302.548251][ T8534] dump_stack_lvl+0x100/0x190 [ 302.548282][ T8534] should_fail_ex.cold+0x5/0xa [ 302.548318][ T8534] should_failslab+0xc2/0x120 [ 302.548346][ T8534] __kvmalloc_node_noprof+0xfa/0xa00 [ 302.548370][ T8534] ? bucket_table_alloc.isra.0+0x88/0x460 [ 302.548413][ T8534] bucket_table_alloc.isra.0+0x88/0x460 [ 302.548450][ T8534] rhashtable_init_noprof+0x43b/0x890 [ 302.548489][ T8534] nbp_vlan_init+0x254/0x500 [ 302.548526][ T8534] ? __pfx_nbp_vlan_init+0x10/0x10 [ 302.548565][ T8534] ? __local_bh_enable_ip+0x9e/0x120 [ 302.548597][ T8534] ? lockdep_hardirqs_on+0x78/0x100 [ 302.548627][ T8534] ? br_fdb_add_local+0x43/0x60 [ 302.548656][ T8534] ? __local_bh_enable_ip+0x9e/0x120 [ 302.548691][ T8534] br_add_if+0xf79/0x1b40 [ 302.548736][ T8534] add_del_if+0x114/0x160 [ 302.548775][ T8534] br_dev_siocdevprivate+0x8ac/0x1650 [ 302.548817][ T8534] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 302.548862][ T8534] ? do_raw_spin_lock+0x128/0x260 [ 302.548891][ T8534] ? find_held_lock+0x2b/0x80 [ 302.548921][ T8534] ? debug_mutex_remove_waiter+0xa8/0x320 [ 302.548952][ T8534] ? debug_mutex_remove_waiter+0xa8/0x320 [ 302.548994][ T8534] ? netdev_name_node_lookup+0x107/0x150 [ 302.549030][ T8534] ? __mutex_lock+0x838/0x1b10 [ 302.549066][ T8534] dev_ifsioc+0xc2f/0x1f10 [ 302.549108][ T8534] ? __pfx_dev_ifsioc+0x10/0x10 [ 302.549144][ T8534] ? __pfx___mutex_lock+0x10/0x10 [ 302.549184][ T8534] ? dev_load+0x8e/0x240 [ 302.549219][ T8534] ? dev_load+0x8e/0x240 [ 302.549262][ T8534] dev_ioctl+0x70e/0x1070 [ 302.549308][ T8534] sock_ioctl+0x494/0x6b0 [ 302.549342][ T8534] ? __pfx_sock_ioctl+0x10/0x10 [ 302.549373][ T8534] ? hook_file_ioctl_common+0x149/0x410 [ 302.549405][ T8534] ? __fget_files+0x21f/0x3d0 [ 302.549437][ T8534] ? __pfx_sock_ioctl+0x10/0x10 [ 302.549471][ T8534] __x64_sys_ioctl+0x18e/0x210 [ 302.549496][ T8534] do_syscall_64+0x10b/0xf80 [ 302.549524][ T8534] ? clear_bhb_loop+0x40/0x90 [ 302.549554][ T8534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.549582][ T8534] RIP: 0033:0x7f3551f9cdd9 [ 302.549602][ T8534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 302.549625][ T8534] RSP: 002b:00007f35501d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 302.549647][ T8534] RAX: ffffffffffffffda RBX: 00007f3552216090 RCX: 00007f3551f9cdd9 [ 302.549663][ T8534] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 302.549677][ T8534] RBP: 00007f3552032d69 R08: 0000000000000000 R09: 0000000000000000 [ 302.549691][ T8534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.549705][ T8534] R13: 00007f3552216128 R14: 00007f3552216090 R15: 00007fffe431eef8 [ 302.549736][ T8534] [ 302.932041][ T8534] bridge0: port 3(gretap0) entered blocking state [ 302.938712][ T8534] bridge0: port 3(gretap0) entered listening state [ 303.399794][ T8544] FAULT_INJECTION: forcing a failure. [ 303.399794][ T8544] name fail_futex, interval 1, probability 0, space 0, times 0 [ 303.443222][ T8544] CPU: 0 UID: 0 PID: 8544 Comm: syz.3.570 Not tainted syzkaller #0 PREEMPT(full) [ 303.443266][ T8544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 303.443290][ T8544] Call Trace: [ 303.443308][ T8544] [ 303.443321][ T8544] dump_stack_lvl+0x100/0x190 [ 303.443362][ T8544] should_fail_ex.cold+0x5/0xa [ 303.443405][ T8544] get_futex_key+0x1d2/0x1510 [ 303.443444][ T8544] ? __pfx_get_futex_key+0x10/0x10 [ 303.443492][ T8544] futex_wait_setup+0x83/0x510 [ 303.443547][ T8544] __futex_wait+0x19f/0x300 [ 303.443594][ T8544] ? __pfx___futex_wait+0x10/0x10 [ 303.443638][ T8544] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 303.443682][ T8544] ? __pfx_futex_wake_mark+0x10/0x10 [ 303.443731][ T8544] ? futex_hash+0x2ad/0x370 [ 303.443765][ T8544] ? futex_hash+0x141/0x370 [ 303.443801][ T8544] futex_wait+0xe6/0x370 [ 303.443844][ T8544] ? __pfx_futex_wait+0x10/0x10 [ 303.443897][ T8544] ? ksys_write+0x190/0x250 [ 303.443934][ T8544] ? ksys_write+0x190/0x250 [ 303.443978][ T8544] do_futex+0x1ef/0x350 [ 303.444014][ T8544] ? __pfx_do_futex+0x10/0x10 [ 303.444053][ T8544] ? do_set_mempolicy+0x217/0x3d0 [ 303.444091][ T8544] ? __pfx_do_set_mempolicy+0x10/0x10 [ 303.444134][ T8544] __x64_sys_futex+0x34f/0x4d0 [ 303.444176][ T8544] ? __pfx___x64_sys_futex+0x10/0x10 [ 303.444215][ T8544] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 303.444259][ T8544] ? rcu_is_watching+0x12/0xc0 [ 303.444310][ T8544] do_syscall_64+0x10b/0xf80 [ 303.444350][ T8544] ? clear_bhb_loop+0x40/0x90 [ 303.444391][ T8544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.444425][ T8544] RIP: 0033:0x7f4b9399cdd9 [ 303.444456][ T8544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.444488][ T8544] RSP: 002b:00007f4b91bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 303.444525][ T8544] RAX: ffffffffffffffda RBX: 00007f4b93c15fa8 RCX: 00007f4b9399cdd9 [ 303.444547][ T8544] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4b93c15fa8 [ 303.444566][ T8544] RBP: 00007f4b93c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 303.444586][ T8544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.444605][ T8544] R13: 00007f4b93c16038 R14: 00007ffd68d48b80 R15: 00007ffd68d48c68 [ 303.444647][ T8544] [ 304.966164][ T8555] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 305.871111][ T8571] binder: 8569:8571 ioctl 40046210 0 returned -14 [ 306.205988][ T8564] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 306.240517][ T8573] netlink: 342 bytes leftover after parsing attributes in process `syz.1.573'. [ 306.947560][ T8589] FAULT_INJECTION: forcing a failure. [ 306.947560][ T8589] name fail_futex, interval 1, probability 0, space 0, times 0 [ 306.989778][ T8589] CPU: 1 UID: 0 PID: 8589 Comm: syz.1.581 Not tainted syzkaller #0 PREEMPT(full) [ 306.989813][ T8589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 306.989827][ T8589] Call Trace: [ 306.989835][ T8589] [ 306.989844][ T8589] dump_stack_lvl+0x100/0x190 [ 306.989874][ T8589] should_fail_ex.cold+0x5/0xa [ 306.989913][ T8589] get_futex_key+0x1d2/0x1510 [ 306.989941][ T8589] ? __pfx_get_futex_key+0x10/0x10 [ 306.989974][ T8589] futex_wait_setup+0x83/0x510 [ 306.990015][ T8589] __futex_wait+0x19f/0x300 [ 306.990049][ T8589] ? __pfx___futex_wait+0x10/0x10 [ 306.990086][ T8589] ? __pfx_futex_wake_mark+0x10/0x10 [ 306.990121][ T8589] ? futex_hash+0x2ad/0x370 [ 306.990145][ T8589] ? futex_hash+0x141/0x370 [ 306.990170][ T8589] futex_wait+0xe6/0x370 [ 306.990202][ T8589] ? __pfx_futex_wait+0x10/0x10 [ 306.990239][ T8589] ? ksys_write+0x190/0x250 [ 306.990265][ T8589] ? ksys_write+0x190/0x250 [ 306.990297][ T8589] do_futex+0x1ef/0x350 [ 306.990323][ T8589] ? __pfx_do_futex+0x10/0x10 [ 306.990349][ T8589] ? do_set_mempolicy+0x217/0x3d0 [ 306.990376][ T8589] ? __pfx_do_set_mempolicy+0x10/0x10 [ 306.990411][ T8589] __x64_sys_futex+0x34f/0x4d0 [ 306.990441][ T8589] ? __pfx___x64_sys_futex+0x10/0x10 [ 306.990469][ T8589] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 306.990499][ T8589] ? rcu_is_watching+0x12/0xc0 [ 306.990532][ T8589] do_syscall_64+0x10b/0xf80 [ 306.990560][ T8589] ? clear_bhb_loop+0x40/0x90 [ 306.990589][ T8589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.990648][ T8589] RIP: 0033:0x7f3551f9cdd9 [ 306.990676][ T8589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 306.990700][ T8589] RSP: 002b:00007f35501f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 306.990722][ T8589] RAX: ffffffffffffffda RBX: 00007f3552215fa8 RCX: 00007f3551f9cdd9 [ 306.990743][ T8589] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3552215fa8 [ 306.990757][ T8589] RBP: 00007f3552215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 306.990771][ T8589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 306.990785][ T8589] R13: 00007f3552216038 R14: 00007fffe431ee10 R15: 00007fffe431eef8 [ 306.990815][ T8589] [ 307.293225][ T8584] FAULT_INJECTION: forcing a failure. [ 307.293225][ T8584] name failslab, interval 1, probability 0, space 0, times 0 [ 307.409471][ T8584] CPU: 0 UID: 0 PID: 8584 Comm: syz.2.578 Not tainted syzkaller #0 PREEMPT(full) [ 307.409503][ T8584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 307.409521][ T8584] Call Trace: [ 307.409541][ T8584] [ 307.409549][ T8584] dump_stack_lvl+0x100/0x190 [ 307.409579][ T8584] should_fail_ex.cold+0x5/0xa [ 307.409610][ T8584] ? tomoyo_encode2+0xfb/0x3c0 [ 307.409638][ T8584] should_failslab+0xc2/0x120 [ 307.409665][ T8584] __kmalloc_noprof+0xe0/0x850 [ 307.409702][ T8584] ? d_absolute_path+0x136/0x1b0 [ 307.409745][ T8584] tomoyo_encode2+0xfb/0x3c0 [ 307.409776][ T8584] tomoyo_encode+0x29/0x50 [ 307.409802][ T8584] tomoyo_realpath_from_path+0x18c/0x690 [ 307.409838][ T8584] tomoyo_path_number_perm+0x23c/0x580 [ 307.409866][ T8584] ? tomoyo_path_number_perm+0x22e/0x580 [ 307.409892][ T8584] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.409924][ T8584] ? do_raw_spin_lock+0x128/0x260 [ 307.409950][ T8584] ? find_held_lock+0x2b/0x80 [ 307.410015][ T8584] ? current_check_access_path+0x269/0x430 [ 307.410046][ T8584] ? __pfx_current_check_access_path+0x10/0x10 [ 307.410072][ T8584] ? do_raw_spin_unlock+0x145/0x1e0 [ 307.410104][ T8584] ? simple_lookup+0x105/0x1d0 [ 307.410132][ T8584] ? lookup_one_qstr_excl+0xaf/0x250 [ 307.410172][ T8584] tomoyo_path_mkdir+0x9b/0xe0 [ 307.410205][ T8584] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 307.410247][ T8584] security_path_mkdir+0x154/0x2e0 [ 307.410278][ T8584] filename_mkdirat+0x168/0x5e0 [ 307.410313][ T8584] ? __pfx_filename_mkdirat+0x10/0x10 [ 307.410345][ T8584] ? strncpy_from_user+0x19d/0x2d0 [ 307.410372][ T8584] ? do_getname+0x191/0x390 [ 307.410409][ T8584] __x64_sys_mkdir+0x6b/0x90 [ 307.410441][ T8584] do_syscall_64+0x10b/0xf80 [ 307.410471][ T8584] ? clear_bhb_loop+0x40/0x90 [ 307.410501][ T8584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.410525][ T8584] RIP: 0033:0x7f95da19cdd9 [ 307.410545][ T8584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.410567][ T8584] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 307.410590][ T8584] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 307.410605][ T8584] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000300 [ 307.410621][ T8584] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 307.410635][ T8584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.410649][ T8584] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 307.410679][ T8584] [ 307.683009][ T8584] ERROR: Out of memory at tomoyo_realpath_from_path. [ 308.466963][ T8606] netlink: 330 bytes leftover after parsing attributes in process `syz.1.584'. [ 308.511403][ T8606] mac80211_hwsim hwsim4 : renamed from wlan0 (while UP) [ 308.764876][ T8614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.588'. [ 308.834403][ T30] audit: type=1804 audit(1777498424.913:13): pid=8619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.590" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1057 res=1 errno=0 [ 308.850494][ T8619] binder: 8617:8619 ioctl 40046210 0 returned -14 [ 309.180049][ T8626] binder: 8625:8626 ioctl 40046210 0 returned -14 [ 310.086643][ T8634] FAULT_INJECTION: forcing a failure. [ 310.086643][ T8634] name fail_futex, interval 1, probability 0, space 0, times 0 [ 310.102975][ T8634] CPU: 0 UID: 0 PID: 8634 Comm: syz.2.593 Not tainted syzkaller #0 PREEMPT(full) [ 310.103022][ T8634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 310.103043][ T8634] Call Trace: [ 310.103053][ T8634] [ 310.103066][ T8634] dump_stack_lvl+0x100/0x190 [ 310.103108][ T8634] should_fail_ex.cold+0x5/0xa [ 310.103152][ T8634] get_futex_key+0x1d2/0x1510 [ 310.103193][ T8634] ? __pfx_get_futex_key+0x10/0x10 [ 310.103242][ T8634] futex_wait_setup+0x83/0x510 [ 310.103296][ T8634] __futex_wait+0x19f/0x300 [ 310.103345][ T8634] ? __pfx___futex_wait+0x10/0x10 [ 310.103397][ T8634] ? __pfx_cmp_ex_search+0x10/0x10 [ 310.103448][ T8634] ? __pfx_futex_wake_mark+0x10/0x10 [ 310.103499][ T8634] ? futex_hash+0x2ad/0x370 [ 310.103535][ T8634] ? futex_hash+0x141/0x370 [ 310.103573][ T8634] futex_wait+0xe6/0x370 [ 310.103617][ T8634] ? __pfx_futex_wait+0x10/0x10 [ 310.103670][ T8634] ? rcu_is_watching+0x12/0xc0 [ 310.103711][ T8634] ? irqentry_exit+0x246/0x790 [ 310.103750][ T8634] ? lockdep_hardirqs_on+0x78/0x100 [ 310.103799][ T8634] do_futex+0x1ef/0x350 [ 310.103829][ T8634] ? __pfx_do_futex+0x10/0x10 [ 310.103877][ T8634] ? do_set_mempolicy+0x217/0x3d0 [ 310.103909][ T8634] ? __pfx_do_set_mempolicy+0x10/0x10 [ 310.103944][ T8634] __x64_sys_futex+0x34f/0x4d0 [ 310.103980][ T8634] ? __pfx___x64_sys_futex+0x10/0x10 [ 310.104012][ T8634] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 310.104049][ T8634] ? rcu_is_watching+0x12/0xc0 [ 310.104087][ T8634] do_syscall_64+0x10b/0xf80 [ 310.104120][ T8634] ? clear_bhb_loop+0x40/0x90 [ 310.104155][ T8634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.104188][ T8634] RIP: 0033:0x7f95da19cdd9 [ 310.104211][ T8634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.104238][ T8634] RSP: 002b:00007f95dafaa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 310.104266][ T8634] RAX: ffffffffffffffda RBX: 00007f95da416098 RCX: 00007f95da19cdd9 [ 310.104284][ T8634] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f95da416098 [ 310.104301][ T8634] RBP: 00007f95da416090 R08: 0000000000000000 R09: 0000000000000000 [ 310.104318][ T8634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 310.104334][ T8634] R13: 00007f95da416128 R14: 00007ffe86c27d00 R15: 00007ffe86c27de8 [ 310.104376][ T8634] [ 310.593005][ T8636] FAULT_INJECTION: forcing a failure. [ 310.593005][ T8636] name failslab, interval 1, probability 0, space 0, times 0 [ 310.637710][ T8645] binder: 8644:8645 ioctl 40046210 0 returned -14 [ 310.654981][ T8636] CPU: 1 UID: 0 PID: 8636 Comm: syz.0.594 Not tainted syzkaller #0 PREEMPT(full) [ 310.655026][ T8636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 310.655040][ T8636] Call Trace: [ 310.655048][ T8636] [ 310.655056][ T8636] dump_stack_lvl+0x100/0x190 [ 310.655119][ T8636] should_fail_ex.cold+0x5/0xa [ 310.655164][ T8636] ? tomoyo_encode2+0xfb/0x3c0 [ 310.655191][ T8636] should_failslab+0xc2/0x120 [ 310.655219][ T8636] __kmalloc_noprof+0xe0/0x850 [ 310.655255][ T8636] ? d_absolute_path+0x136/0x1b0 [ 310.655298][ T8636] tomoyo_encode2+0xfb/0x3c0 [ 310.655334][ T8636] tomoyo_encode+0x29/0x50 [ 310.655361][ T8636] tomoyo_realpath_from_path+0x18c/0x690 [ 310.655396][ T8636] tomoyo_path_number_perm+0x23c/0x580 [ 310.655419][ T8636] ? tomoyo_path_number_perm+0x22e/0x580 [ 310.655441][ T8636] ? __print_lock_name+0x21/0x80 [ 310.655473][ T8636] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 310.655506][ T8636] ? do_raw_spin_lock+0x128/0x260 [ 310.655532][ T8636] ? find_held_lock+0x2b/0x80 [ 310.655577][ T8636] ? current_check_access_path+0x269/0x430 [ 310.655608][ T8636] ? __pfx_current_check_access_path+0x10/0x10 [ 310.655634][ T8636] ? do_raw_spin_unlock+0x145/0x1e0 [ 310.655665][ T8636] ? simple_lookup+0x105/0x1d0 [ 310.655692][ T8636] ? lookup_one_qstr_excl+0xaf/0x250 [ 310.655732][ T8636] tomoyo_path_mkdir+0x9b/0xe0 [ 310.655765][ T8636] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 310.655805][ T8636] security_path_mkdir+0x154/0x2e0 [ 310.655836][ T8636] filename_mkdirat+0x168/0x5e0 [ 310.655871][ T8636] ? __pfx_filename_mkdirat+0x10/0x10 [ 310.655901][ T8636] ? strncpy_from_user+0x19d/0x2d0 [ 310.655927][ T8636] ? do_getname+0x191/0x390 [ 310.655970][ T8636] __x64_sys_mkdir+0x6b/0x90 [ 310.656021][ T8636] do_syscall_64+0x10b/0xf80 [ 310.656049][ T8636] ? clear_bhb_loop+0x40/0x90 [ 310.656080][ T8636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.656105][ T8636] RIP: 0033:0x7fc42bb9cdd9 [ 310.656125][ T8636] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.656149][ T8636] RSP: 002b:00007fc42c9f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 310.656172][ T8636] RAX: ffffffffffffffda RBX: 00007fc42be15fa0 RCX: 00007fc42bb9cdd9 [ 310.656187][ T8636] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000300 [ 310.656202][ T8636] RBP: 00007fc42bc32d69 R08: 0000000000000000 R09: 0000000000000000 [ 310.656216][ T8636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 310.656231][ T8636] R13: 00007fc42be16038 R14: 00007fc42be15fa0 R15: 00007fffbb989778 [ 310.656262][ T8636] [ 310.656282][ T8636] ERROR: Out of memory at tomoyo_realpath_from_path. [ 311.774418][ T8662] binder: 8661:8662 ioctl 40046210 0 returned -14 [ 313.371278][ T8681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.602'. [ 313.435751][ T8678] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 314.033337][ T8688] FAULT_INJECTION: forcing a failure. [ 314.033337][ T8688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.046663][ T8688] CPU: 1 UID: 0 PID: 8688 Comm: syz.1.607 Not tainted syzkaller #0 PREEMPT(full) [ 314.046706][ T8688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 314.046726][ T8688] Call Trace: [ 314.046736][ T8688] [ 314.046749][ T8688] dump_stack_lvl+0x100/0x190 [ 314.046791][ T8688] should_fail_ex.cold+0x5/0xa [ 314.046833][ T8688] _copy_from_user+0x2e/0xd0 [ 314.046889][ T8688] snd_rawmidi_kernel_write1+0x390/0x7c0 [ 314.046961][ T8688] snd_rawmidi_write+0x2dc/0xc60 [ 314.047023][ T8688] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 314.047079][ T8688] ? __pfx_default_wake_function+0x10/0x10 [ 314.047125][ T8688] ? bpf_lsm_file_permission+0x9/0x10 [ 314.047158][ T8688] ? security_file_permission+0x76/0x210 [ 314.047198][ T8688] ? rw_verify_area+0xce/0x6d0 [ 314.047234][ T8688] vfs_write+0x2aa/0x1070 [ 314.047286][ T8688] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 314.047340][ T8688] ? __pfx_vfs_write+0x10/0x10 [ 314.047374][ T8688] ? find_held_lock+0x2b/0x80 [ 314.047416][ T8688] ? __fget_files+0x215/0x3d0 [ 314.047453][ T8688] ? __fget_files+0x215/0x3d0 [ 314.047497][ T8688] ? __fget_files+0x21f/0x3d0 [ 314.047547][ T8688] ksys_write+0x1f8/0x250 [ 314.047583][ T8688] ? __pfx_ksys_write+0x10/0x10 [ 314.047621][ T8688] ? rcu_is_watching+0x12/0xc0 [ 314.047661][ T8688] do_syscall_64+0x10b/0xf80 [ 314.047701][ T8688] ? clear_bhb_loop+0x40/0x90 [ 314.047744][ T8688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.047778][ T8688] RIP: 0033:0x7f3551f9cdd9 [ 314.047806][ T8688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 314.047837][ T8688] RSP: 002b:00007f35501f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 314.047868][ T8688] RAX: ffffffffffffffda RBX: 00007f3552215fa0 RCX: 00007f3551f9cdd9 [ 314.047890][ T8688] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000009 [ 314.047909][ T8688] RBP: 00007f3552032d69 R08: 0000000000000000 R09: 0000000000000000 [ 314.047929][ T8688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.047948][ T8688] R13: 00007f3552216038 R14: 00007f3552215fa0 R15: 00007fffe431eef8 [ 314.047993][ T8688] [ 314.695079][ T8699] netlink: 330 bytes leftover after parsing attributes in process `syz.3.612'. [ 314.735964][ T8699] mac80211_hwsim hwsim12 : renamed from wlan0 [ 315.969715][ T8705] netlink: 12 bytes leftover after parsing attributes in process `syz.1.611'. [ 316.244912][ T8718] ubi0: attaching mtd0 [ 316.295007][ T8718] ubi0: scanning is finished [ 316.617387][ T8718] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 316.641486][ T8718] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 316.669467][ T8718] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 316.683159][ T8718] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 316.697930][ T8718] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 316.708897][ T8718] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 316.723171][ T8718] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3813870492 [ 316.874725][ T8718] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 316.905648][ T8730] ubi0: background thread "ubi_bgt0d" started, PID 8730 [ 316.918955][ T8722] ubi0: detaching mtd0 [ 317.075163][ T8722] ubi0: mtd0 is detached [ 317.508325][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.516189][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.786093][ T8741] sd 0:0:1:0: PR command failed: 1026 [ 317.816380][ T8741] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 317.837149][ T8741] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 318.142928][ C1] bridge0: port 3(gretap0) entered learning state [ 319.362099][ T8758] FAULT_INJECTION: forcing a failure. [ 319.362099][ T8758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.377354][ T8758] CPU: 0 UID: 0 PID: 8758 Comm: syz.2.621 Not tainted syzkaller #0 PREEMPT(full) [ 319.377398][ T8758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 319.377417][ T8758] Call Trace: [ 319.377428][ T8758] [ 319.377440][ T8758] dump_stack_lvl+0x100/0x190 [ 319.377482][ T8758] should_fail_ex.cold+0x5/0xa [ 319.377527][ T8758] _copy_from_user+0x2e/0xd0 [ 319.377581][ T8758] snd_rawmidi_kernel_write1+0x390/0x7c0 [ 319.377658][ T8758] snd_rawmidi_write+0x2dc/0xc60 [ 319.377718][ T8758] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 319.377771][ T8758] ? __pfx_default_wake_function+0x10/0x10 [ 319.377823][ T8758] ? bpf_lsm_file_permission+0x9/0x10 [ 319.377857][ T8758] ? security_file_permission+0x76/0x210 [ 319.377896][ T8758] ? rw_verify_area+0xce/0x6d0 [ 319.377934][ T8758] vfs_write+0x2aa/0x1070 [ 319.377973][ T8758] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 319.378029][ T8758] ? __pfx_vfs_write+0x10/0x10 [ 319.378063][ T8758] ? find_held_lock+0x2b/0x80 [ 319.378107][ T8758] ? __fget_files+0x215/0x3d0 [ 319.378145][ T8758] ? __fget_files+0x215/0x3d0 [ 319.378190][ T8758] ? __fget_files+0x21f/0x3d0 [ 319.378240][ T8758] ksys_write+0x1f8/0x250 [ 319.378278][ T8758] ? __pfx_ksys_write+0x10/0x10 [ 319.378320][ T8758] ? rcu_is_watching+0x12/0xc0 [ 319.378367][ T8758] do_syscall_64+0x10b/0xf80 [ 319.378407][ T8758] ? clear_bhb_loop+0x40/0x90 [ 319.378450][ T8758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.378484][ T8758] RIP: 0033:0x7f95da19cdd9 [ 319.378513][ T8758] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 319.378545][ T8758] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 319.378578][ T8758] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 319.378601][ T8758] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000009 [ 319.378631][ T8758] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 319.378652][ T8758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 319.378672][ T8758] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 319.378716][ T8758] [ 319.379191][ T8764] netlink: 8 bytes leftover after parsing attributes in process `syz.1.623'. [ 319.927863][ T8769] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 320.061463][ T8774] netlink: 330 bytes leftover after parsing attributes in process `syz.0.625'. [ 320.715186][ T8790] binder: 8789:8790 ioctl 40046210 0 returned -14 [ 320.996748][ T8793] netlink: 12 bytes leftover after parsing attributes in process `syz.2.628'. [ 322.715706][ T8822] mmap: syz.0.637 (8822) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 323.357352][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz.1.640'. [ 323.791488][ T8838] binder: 8837:8838 ioctl 40046210 0 returned -14 [ 324.494667][ T8850] binder: 8849:8850 ioctl 40046210 0 returned -14 [ 324.979238][ T8859] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 326.431213][ T8886] binder: 8885:8886 ioctl 40046210 0 returned -14 [ 326.519467][ T8884] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 326.690692][ T8892] binder: 8891:8892 ioctl 40046210 0 returned -14 [ 327.944203][ T8907] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 328.006181][ T8907] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 328.111489][ T8907] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 328.139769][ T8907] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 328.175219][ T8907] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 328.778975][ T8920] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 328.778975][ T8920] The task syz.2.667 (8920) triggered the difference, watch for misbehavior. [ 329.282332][ T8931] binder: 8930:8931 ioctl 40046210 0 returned -14 [ 329.742964][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 330.063006][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 330.143564][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 330.223436][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 330.528432][ T8948] FAULT_INJECTION: forcing a failure. [ 330.528432][ T8948] name failslab, interval 1, probability 0, space 0, times 0 [ 330.560020][ T8948] CPU: 0 UID: 0 PID: 8948 Comm: syz.1.673 Not tainted syzkaller #0 PREEMPT(full) [ 330.560065][ T8948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 330.560085][ T8948] Call Trace: [ 330.560094][ T8948] [ 330.560106][ T8948] dump_stack_lvl+0x100/0x190 [ 330.560147][ T8948] should_fail_ex.cold+0x5/0xa [ 330.560189][ T8948] ? sk_prot_alloc+0x10b/0x2a0 [ 330.560226][ T8948] should_failslab+0xc2/0x120 [ 330.560265][ T8948] __kmalloc_noprof+0xe0/0x850 [ 330.560325][ T8948] sk_prot_alloc+0x10b/0x2a0 [ 330.560369][ T8948] sk_alloc+0x36/0xe80 [ 330.560421][ T8948] __netlink_create+0x5e/0x2c0 [ 330.560454][ T8948] ? __wake_up+0x3f/0x60 [ 330.560503][ T8948] netlink_create+0x29b/0x610 [ 330.560540][ T8948] ? __pfx_genl_bind+0x10/0x10 [ 330.560614][ T8948] ? __pfx_genl_unbind+0x10/0x10 [ 330.560658][ T8948] ? __pfx_genl_release+0x10/0x10 [ 330.560710][ T8948] __sock_create+0x339/0x860 [ 330.560763][ T8948] __sys_socket+0x14d/0x260 [ 330.560819][ T8948] ? __pfx___sys_socket+0x10/0x10 [ 330.560878][ T8948] __x64_sys_socket+0x72/0xb0 [ 330.560924][ T8948] ? lockdep_hardirqs_on+0x78/0x100 [ 330.560966][ T8948] do_syscall_64+0x10b/0xf80 [ 330.561006][ T8948] ? clear_bhb_loop+0x40/0x90 [ 330.561049][ T8948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.561083][ T8948] RIP: 0033:0x7f3551f9cdd9 [ 330.561112][ T8948] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 330.561145][ T8948] RSP: 002b:00007f35501f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 330.561178][ T8948] RAX: ffffffffffffffda RBX: 00007f3552215fa0 RCX: 00007f3551f9cdd9 [ 330.561200][ T8948] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 330.561219][ T8948] RBP: 00007f3552032d69 R08: 0000000000000000 R09: 0000000000000000 [ 330.561237][ T8948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.561262][ T8948] R13: 00007f3552216038 R14: 00007f3552215fa0 R15: 00007fffe431eef8 [ 330.561308][ T8948] [ 332.235686][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 332.294765][ T8975] FAULT_INJECTION: forcing a failure. [ 332.294765][ T8975] name fail_futex, interval 1, probability 0, space 0, times 0 [ 332.334041][ T8967] ubi0: attaching mtd0 [ 332.376552][ T8975] CPU: 1 UID: 0 PID: 8975 Comm: syz.0.680 Not tainted syzkaller #0 PREEMPT(full) [ 332.376603][ T8975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 332.376624][ T8975] Call Trace: [ 332.376635][ T8975] [ 332.376648][ T8975] dump_stack_lvl+0x100/0x190 [ 332.376694][ T8975] should_fail_ex.cold+0x5/0xa [ 332.376738][ T8975] get_futex_key+0x1d2/0x1510 [ 332.376778][ T8975] ? __pfx_get_futex_key+0x10/0x10 [ 332.376826][ T8975] futex_wait_setup+0x83/0x510 [ 332.376882][ T8975] __futex_wait+0x19f/0x300 [ 332.376930][ T8975] ? __pfx___futex_wait+0x10/0x10 [ 332.376974][ T8975] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 332.377019][ T8975] ? __pfx_futex_wake_mark+0x10/0x10 [ 332.377066][ T8975] ? futex_hash+0x2ad/0x370 [ 332.377100][ T8975] ? futex_hash+0x141/0x370 [ 332.377136][ T8975] futex_wait+0xe6/0x370 [ 332.377180][ T8975] ? __pfx_futex_wait+0x10/0x10 [ 332.377228][ T8975] ? ksys_write+0x190/0x250 [ 332.377254][ T8975] ? ksys_write+0x190/0x250 [ 332.377287][ T8975] do_futex+0x1ef/0x350 [ 332.377313][ T8975] ? __pfx_do_futex+0x10/0x10 [ 332.377341][ T8975] ? do_set_mempolicy+0x217/0x3d0 [ 332.377369][ T8975] ? __pfx_do_set_mempolicy+0x10/0x10 [ 332.377406][ T8975] __x64_sys_futex+0x34f/0x4d0 [ 332.377436][ T8975] ? __pfx___x64_sys_futex+0x10/0x10 [ 332.377464][ T8975] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 332.377496][ T8975] ? rcu_is_watching+0x12/0xc0 [ 332.377529][ T8975] do_syscall_64+0x10b/0xf80 [ 332.377558][ T8975] ? clear_bhb_loop+0x40/0x90 [ 332.377591][ T8975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.377616][ T8975] RIP: 0033:0x7fc42bb9cdd9 [ 332.377638][ T8975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 332.377663][ T8975] RSP: 002b:00007fc42c9f30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 332.377687][ T8975] RAX: ffffffffffffffda RBX: 00007fc42be15fa8 RCX: 00007fc42bb9cdd9 [ 332.377702][ T8975] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc42be15fa8 [ 332.377717][ T8975] RBP: 00007fc42be15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 332.377732][ T8975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 332.377747][ T8975] R13: 00007fc42be16038 R14: 00007fffbb989690 R15: 00007fffbb989778 [ 332.377777][ T8975] [ 332.379649][ T8967] ubi0: scanning is finished [ 332.925986][ T8967] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 332.977041][ T8967] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 333.051953][ T8967] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 333.096830][ T8967] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 333.104559][ T8967] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 333.114463][ T8967] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 333.127588][ T8967] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3813870492 [ 333.145357][ T8967] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 333.155536][ T8973] ubi0: detaching mtd0 [ 333.158593][ T8981] ubi0: background thread "ubi_bgt0d" started, PID 8981 [ 333.214091][ T8973] ubi0: mtd0 is detached [ 333.503016][ C1] bridge0: port 3(gretap0) entered forwarding state [ 333.509775][ C1] bridge0: topology change detected, propagating [ 334.291508][ T8990] binder: 8989:8990 ioctl 40046210 0 returned -14 [ 334.558726][ T8995] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 336.386490][ T9020] FAULT_INJECTION: forcing a failure. [ 336.386490][ T9020] name fail_futex, interval 1, probability 0, space 0, times 0 [ 336.421917][ T9020] CPU: 1 UID: 0 PID: 9020 Comm: syz.1.689 Not tainted syzkaller #0 PREEMPT(full) [ 336.421963][ T9020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 336.421985][ T9020] Call Trace: [ 336.421995][ T9020] [ 336.422008][ T9020] dump_stack_lvl+0x100/0x190 [ 336.422054][ T9020] should_fail_ex.cold+0x5/0xa [ 336.422108][ T9020] get_futex_key+0x1d2/0x1510 [ 336.422149][ T9020] ? __pfx_get_futex_key+0x10/0x10 [ 336.422198][ T9020] futex_wait_setup+0x83/0x510 [ 336.422256][ T9020] __futex_wait+0x19f/0x300 [ 336.422304][ T9020] ? __pfx___futex_wait+0x10/0x10 [ 336.422358][ T9020] ? __pfx_futex_wake_mark+0x10/0x10 [ 336.422426][ T9020] ? futex_hash+0x2ad/0x370 [ 336.422461][ T9020] ? futex_hash+0x141/0x370 [ 336.422499][ T9020] futex_wait+0xe6/0x370 [ 336.422546][ T9020] ? __pfx_futex_wait+0x10/0x10 [ 336.422599][ T9020] ? ksys_write+0x190/0x250 [ 336.422637][ T9020] ? ksys_write+0x190/0x250 [ 336.422684][ T9020] do_futex+0x1ef/0x350 [ 336.422722][ T9020] ? __pfx_do_futex+0x10/0x10 [ 336.422760][ T9020] ? do_set_mempolicy+0x217/0x3d0 [ 336.422798][ T9020] ? __pfx_do_set_mempolicy+0x10/0x10 [ 336.422840][ T9020] __x64_sys_futex+0x34f/0x4d0 [ 336.422881][ T9020] ? __pfx___x64_sys_futex+0x10/0x10 [ 336.422920][ T9020] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 336.422964][ T9020] ? rcu_is_watching+0x12/0xc0 [ 336.423018][ T9020] do_syscall_64+0x10b/0xf80 [ 336.423060][ T9020] ? clear_bhb_loop+0x40/0x90 [ 336.423114][ T9020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.423150][ T9020] RIP: 0033:0x7f3551f9cdd9 [ 336.423178][ T9020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 336.423212][ T9020] RSP: 002b:00007f35501f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 336.423245][ T9020] RAX: ffffffffffffffda RBX: 00007f3552215fa8 RCX: 00007f3551f9cdd9 [ 336.423268][ T9020] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3552215fa8 [ 336.423289][ T9020] RBP: 00007f3552215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 336.423309][ T9020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.423329][ T9020] R13: 00007f3552216038 R14: 00007fffe431ee10 R15: 00007fffe431eef8 [ 336.423374][ T9020] [ 337.369906][ T9032] binder: 9030:9032 ioctl 40046210 0 returned -14 [ 337.432465][ T9033] FAULT_INJECTION: forcing a failure. [ 337.432465][ T9033] name failslab, interval 1, probability 0, space 0, times 0 [ 337.452961][ T9033] CPU: 0 UID: 0 PID: 9033 Comm: syz.0.701 Not tainted syzkaller #0 PREEMPT(full) [ 337.453004][ T9033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 337.453024][ T9033] Call Trace: [ 337.453034][ T9033] [ 337.453046][ T9033] dump_stack_lvl+0x100/0x190 [ 337.453088][ T9033] should_fail_ex.cold+0x5/0xa [ 337.453133][ T9033] should_failslab+0xc2/0x120 [ 337.453171][ T9033] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 337.453233][ T9033] ? sock_alloc_inode+0x26/0x290 [ 337.453277][ T9033] ? __pfx_sock_alloc_inode+0x10/0x10 [ 337.453314][ T9033] sock_alloc_inode+0x26/0x290 [ 337.453348][ T9033] ? __pfx_sock_alloc_inode+0x10/0x10 [ 337.453381][ T9033] alloc_inode+0x68/0x250 [ 337.453426][ T9033] sock_alloc+0x44/0x280 [ 337.453454][ T9033] ? security_socket_create+0x7f/0x250 [ 337.453500][ T9033] __sock_create+0xc2/0x860 [ 337.453548][ T9033] __sys_socket+0x14d/0x260 [ 337.453589][ T9033] ? __pfx___sys_socket+0x10/0x10 [ 337.453639][ T9033] __x64_sys_socket+0x72/0xb0 [ 337.453677][ T9033] ? lockdep_hardirqs_on+0x78/0x100 [ 337.453713][ T9033] do_syscall_64+0x10b/0xf80 [ 337.453747][ T9033] ? clear_bhb_loop+0x40/0x90 [ 337.453783][ T9033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.453813][ T9033] RIP: 0033:0x7fc42bb9cdd9 [ 337.453838][ T9033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 337.453867][ T9033] RSP: 002b:00007fc42c9f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 337.453900][ T9033] RAX: ffffffffffffffda RBX: 00007fc42be15fa0 RCX: 00007fc42bb9cdd9 [ 337.453920][ T9033] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 337.453940][ T9033] RBP: 00007fc42bc32d69 R08: 0000000000000000 R09: 0000000000000000 [ 337.453960][ T9033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.453980][ T9033] R13: 00007fc42be16038 R14: 00007fc42be15fa0 R15: 00007fffbb989778 [ 337.454023][ T9033] [ 337.454133][ T9033] socket: no more sockets [ 338.570117][ T9046] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 341.107621][ T9080] FAULT_INJECTION: forcing a failure. [ 341.107621][ T9080] name fail_futex, interval 1, probability 0, space 0, times 0 [ 341.149338][ T9080] CPU: 0 UID: 0 PID: 9080 Comm: syz.0.705 Not tainted syzkaller #0 PREEMPT(full) [ 341.149386][ T9080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 341.149407][ T9080] Call Trace: [ 341.149419][ T9080] [ 341.149433][ T9080] dump_stack_lvl+0x100/0x190 [ 341.149478][ T9080] should_fail_ex.cold+0x5/0xa [ 341.149523][ T9080] get_futex_key+0x1d2/0x1510 [ 341.149563][ T9080] ? __pfx_get_futex_key+0x10/0x10 [ 341.149611][ T9080] futex_wait_setup+0x83/0x510 [ 341.149675][ T9080] __futex_wait+0x19f/0x300 [ 341.149726][ T9080] ? __pfx___futex_wait+0x10/0x10 [ 341.149770][ T9080] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 341.149816][ T9080] ? __pfx_futex_wake_mark+0x10/0x10 [ 341.149866][ T9080] ? futex_hash+0x2ad/0x370 [ 341.149901][ T9080] ? futex_hash+0x141/0x370 [ 341.149939][ T9080] futex_wait+0xe6/0x370 [ 341.149983][ T9080] ? __pfx_futex_wait+0x10/0x10 [ 341.150037][ T9080] ? ksys_write+0x190/0x250 [ 341.150075][ T9080] ? ksys_write+0x190/0x250 [ 341.150120][ T9080] do_futex+0x1ef/0x350 [ 341.150157][ T9080] ? __pfx_do_futex+0x10/0x10 [ 341.150204][ T9080] ? do_set_mempolicy+0x217/0x3d0 [ 341.150244][ T9080] ? __pfx_do_set_mempolicy+0x10/0x10 [ 341.150288][ T9080] __x64_sys_futex+0x34f/0x4d0 [ 341.150331][ T9080] ? __pfx___x64_sys_futex+0x10/0x10 [ 341.150370][ T9080] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 341.150414][ T9080] ? rcu_is_watching+0x12/0xc0 [ 341.150459][ T9080] do_syscall_64+0x10b/0xf80 [ 341.150499][ T9080] ? clear_bhb_loop+0x40/0x90 [ 341.150540][ T9080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.150576][ T9080] RIP: 0033:0x7fc42bb9cdd9 [ 341.150604][ T9080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 341.150645][ T9080] RSP: 002b:00007fc42c9f30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 341.150686][ T9080] RAX: ffffffffffffffda RBX: 00007fc42be15fa8 RCX: 00007fc42bb9cdd9 [ 341.150709][ T9080] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc42be15fa8 [ 341.150730][ T9080] RBP: 00007fc42be15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 341.150754][ T9080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.150775][ T9080] R13: 00007fc42be16038 R14: 00007fffbb989690 R15: 00007fffbb989778 [ 341.150818][ T9080] [ 341.590955][ T9086] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 343.442067][ T9107] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 344.001349][ T9113] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 346.358275][ T9148] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 347.768480][ T9172] FAULT_INJECTION: forcing a failure. [ 347.768480][ T9172] name failslab, interval 1, probability 0, space 0, times 0 [ 347.803424][ T9172] CPU: 1 UID: 0 PID: 9172 Comm: syz.2.726 Not tainted syzkaller #0 PREEMPT(full) [ 347.803468][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 347.803487][ T9172] Call Trace: [ 347.803498][ T9172] [ 347.803516][ T9172] dump_stack_lvl+0x100/0x190 [ 347.803559][ T9172] should_fail_ex.cold+0x5/0xa [ 347.803600][ T9172] ? sk_prot_alloc+0x10b/0x2a0 [ 347.803641][ T9172] should_failslab+0xc2/0x120 [ 347.803679][ T9172] __kmalloc_noprof+0xe0/0x850 [ 347.803742][ T9172] sk_prot_alloc+0x10b/0x2a0 [ 347.803786][ T9172] sk_alloc+0x36/0xe80 [ 347.803841][ T9172] __netlink_create+0x5e/0x2c0 [ 347.803874][ T9172] ? __wake_up+0x3f/0x60 [ 347.803925][ T9172] netlink_create+0x29b/0x610 [ 347.803961][ T9172] ? __pfx_genl_bind+0x10/0x10 [ 347.804004][ T9172] ? __pfx_genl_unbind+0x10/0x10 [ 347.804080][ T9172] ? __pfx_genl_release+0x10/0x10 [ 347.804132][ T9172] __sock_create+0x339/0x860 [ 347.804183][ T9172] __sys_socket+0x14d/0x260 [ 347.804229][ T9172] ? __pfx___sys_socket+0x10/0x10 [ 347.804292][ T9172] __x64_sys_socket+0x72/0xb0 [ 347.804340][ T9172] ? lockdep_hardirqs_on+0x78/0x100 [ 347.804383][ T9172] do_syscall_64+0x10b/0xf80 [ 347.804422][ T9172] ? clear_bhb_loop+0x40/0x90 [ 347.804463][ T9172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.804497][ T9172] RIP: 0033:0x7f95da19cdd9 [ 347.804526][ T9172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 347.804560][ T9172] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 347.804594][ T9172] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 347.804616][ T9172] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 347.804636][ T9172] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 347.804657][ T9172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.804678][ T9172] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 347.804721][ T9172] [ 348.500892][ T9183] binder: 9181:9183 ioctl 40046210 0 returned -14 [ 349.029168][ T9194] serio: Serial port pty6 [ 349.560777][ T9206] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 349.927258][ T9215] binder: 9214:9215 ioctl 40046210 0 returned -14 [ 350.219903][ T9226] FAULT_INJECTION: forcing a failure. [ 350.219903][ T9226] name fail_futex, interval 1, probability 0, space 0, times 0 [ 350.219956][ T9226] CPU: 0 UID: 0 PID: 9226 Comm: syz.3.741 Not tainted syzkaller #0 PREEMPT(full) [ 350.219996][ T9226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 350.220016][ T9226] Call Trace: [ 350.220028][ T9226] [ 350.220040][ T9226] dump_stack_lvl+0x100/0x190 [ 350.220084][ T9226] should_fail_ex.cold+0x5/0xa [ 350.220126][ T9226] get_futex_key+0x1d2/0x1510 [ 350.220169][ T9226] ? __pfx_get_futex_key+0x10/0x10 [ 350.220206][ T9226] ? trace_pid_list_is_set+0x22c/0x390 [ 350.220261][ T9226] futex_wait_setup+0x83/0x510 [ 350.220317][ T9226] __futex_wait+0x19f/0x300 [ 350.220366][ T9226] ? __pfx___futex_wait+0x10/0x10 [ 350.220409][ T9226] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 350.220454][ T9226] ? __pfx_futex_wake_mark+0x10/0x10 [ 350.220506][ T9226] ? find_held_lock+0x2b/0x80 [ 350.220549][ T9226] ? futex_wake+0x456/0x530 [ 350.220602][ T9226] futex_wait+0xe6/0x370 [ 350.220647][ T9226] ? __pfx_futex_wait+0x10/0x10 [ 350.220699][ T9226] ? ksys_write+0x190/0x250 [ 350.220735][ T9226] ? ksys_write+0x190/0x250 [ 350.220780][ T9226] do_futex+0x1ef/0x350 [ 350.220817][ T9226] ? __pfx_do_futex+0x10/0x10 [ 350.220871][ T9226] ? do_set_mempolicy+0x217/0x3d0 [ 350.220910][ T9226] ? __pfx_do_set_mempolicy+0x10/0x10 [ 350.220953][ T9226] __x64_sys_futex+0x34f/0x4d0 [ 350.220996][ T9226] ? __pfx___x64_sys_futex+0x10/0x10 [ 350.221035][ T9226] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 350.221079][ T9226] ? rcu_is_watching+0x12/0xc0 [ 350.221128][ T9226] do_syscall_64+0x10b/0xf80 [ 350.221168][ T9226] ? clear_bhb_loop+0x40/0x90 [ 350.221210][ T9226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.221246][ T9226] RIP: 0033:0x7f4b9399cdd9 [ 350.221273][ T9226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.221309][ T9226] RSP: 002b:00007f4b91bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 350.221342][ T9226] RAX: ffffffffffffffda RBX: 00007f4b93c15fa8 RCX: 00007f4b9399cdd9 [ 350.221414][ T9226] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4b93c15fa8 [ 350.221494][ T9226] RBP: 00007f4b93c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 350.221613][ T9226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.221668][ T9226] R13: 00007f4b93c16038 R14: 00007ffd68d48b80 R15: 00007ffd68d48c68 [ 350.221797][ T9226] [ 350.771088][ T9232] netlink: 25 bytes leftover after parsing attributes in process `syz.3.742'. [ 351.036993][ T9236] FAULT_INJECTION: forcing a failure. [ 351.036993][ T9236] name fail_futex, interval 1, probability 0, space 0, times 0 [ 351.037050][ T9236] CPU: 1 UID: 0 PID: 9236 Comm: syz.0.743 Not tainted syzkaller #0 PREEMPT(full) [ 351.037087][ T9236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 351.037106][ T9236] Call Trace: [ 351.037117][ T9236] [ 351.037129][ T9236] dump_stack_lvl+0x100/0x190 [ 351.037168][ T9236] should_fail_ex.cold+0x5/0xa [ 351.037209][ T9236] get_futex_key+0x1d2/0x1510 [ 351.037246][ T9236] ? __pfx_get_futex_key+0x10/0x10 [ 351.037292][ T9236] futex_wait_setup+0x83/0x510 [ 351.037346][ T9236] __futex_wait+0x19f/0x300 [ 351.037393][ T9236] ? __pfx___futex_wait+0x10/0x10 [ 351.037434][ T9236] ? __pfx_cmp_ex_search+0x10/0x10 [ 351.037480][ T9236] ? __pfx_futex_wake_mark+0x10/0x10 [ 351.037528][ T9236] ? futex_hash+0x2ad/0x370 [ 351.037561][ T9236] ? futex_hash+0x141/0x370 [ 351.037600][ T9236] futex_wait+0xe6/0x370 [ 351.037643][ T9236] ? __pfx_futex_wait+0x10/0x10 [ 351.037694][ T9236] ? rcu_is_watching+0x12/0xc0 [ 351.037734][ T9236] ? irqentry_exit+0x246/0x790 [ 351.037773][ T9236] ? lockdep_hardirqs_on+0x78/0x100 [ 351.037816][ T9236] do_futex+0x1ef/0x350 [ 351.037852][ T9236] ? __pfx_do_futex+0x10/0x10 [ 351.037889][ T9236] ? do_set_mempolicy+0x217/0x3d0 [ 351.037926][ T9236] ? __pfx_do_set_mempolicy+0x10/0x10 [ 351.037967][ T9236] __x64_sys_futex+0x34f/0x4d0 [ 351.038008][ T9236] ? __pfx___x64_sys_futex+0x10/0x10 [ 351.038051][ T9236] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 351.038093][ T9236] ? rcu_is_watching+0x12/0xc0 [ 351.038137][ T9236] do_syscall_64+0x10b/0xf80 [ 351.038174][ T9236] ? clear_bhb_loop+0x40/0x90 [ 351.038214][ T9236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.038248][ T9236] RIP: 0033:0x7fc42bb9cdd9 [ 351.038274][ T9236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.038305][ T9236] RSP: 002b:00007fc42c9d20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 351.038335][ T9236] RAX: ffffffffffffffda RBX: 00007fc42be16098 RCX: 00007fc42bb9cdd9 [ 351.038356][ T9236] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc42be16098 [ 351.038377][ T9236] RBP: 00007fc42be16090 R08: 0000000000000000 R09: 0000000000000000 [ 351.038396][ T9236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.038416][ T9236] R13: 00007fc42be16128 R14: 00007fffbb989690 R15: 00007fffbb989778 [ 351.038458][ T9236] [ 351.926165][ T9246] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 352.470831][ T9259] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 353.770598][ T9274] binder: 9271:9274 ioctl 40046210 0 returned -14 [ 360.381757][ T9337] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 360.443362][ T9335] FAULT_INJECTION: forcing a failure. [ 360.443362][ T9335] name failslab, interval 1, probability 0, space 0, times 0 [ 360.471265][ T9335] CPU: 1 UID: 0 PID: 9335 Comm: syz.0.775 Not tainted syzkaller #0 PREEMPT(full) [ 360.471314][ T9335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 360.471336][ T9335] Call Trace: [ 360.471348][ T9335] [ 360.471362][ T9335] dump_stack_lvl+0x100/0x190 [ 360.471409][ T9335] should_fail_ex.cold+0x5/0xa [ 360.471452][ T9335] ? __alloc_workqueue+0x148/0x19f0 [ 360.471499][ T9335] should_failslab+0xc2/0x120 [ 360.471539][ T9335] __kmalloc_noprof+0xe0/0x850 [ 360.471600][ T9335] __alloc_workqueue+0x148/0x19f0 [ 360.471648][ T9335] ? __pfx_vsnprintf+0x10/0x10 [ 360.471685][ T9335] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 360.471723][ T9335] ? lockdep_hardirqs_on+0x78/0x100 [ 360.471764][ T9335] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 360.471807][ T9335] alloc_workqueue_noprof+0xd2/0x200 [ 360.471857][ T9335] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 360.471917][ T9335] ? __pfx___debug_object_init+0x10/0x10 [ 360.471980][ T9335] nci_register_device+0x394/0xb80 [ 360.472040][ T9335] ? __pfx_nci_register_device+0x10/0x10 [ 360.472099][ T9335] ? lockdep_init_map_type+0x5c/0x250 [ 360.472141][ T9335] virtual_ncidev_open+0x141/0x220 [ 360.472201][ T9335] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 360.472252][ T9335] misc_open+0x26d/0x450 [ 360.472295][ T9335] ? __pfx_misc_open+0x10/0x10 [ 360.472335][ T9335] chrdev_open+0x234/0x6a0 [ 360.472376][ T9335] ? __pfx_apparmor_file_open+0x10/0x10 [ 360.472434][ T9335] ? __pfx_chrdev_open+0x10/0x10 [ 360.472479][ T9335] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 360.472532][ T9335] do_dentry_open+0x6d8/0x1660 [ 360.472593][ T9335] ? __pfx_chrdev_open+0x10/0x10 [ 360.472644][ T9335] vfs_open+0x82/0x3f0 [ 360.472699][ T9335] path_openat+0x208c/0x31a0 [ 360.472754][ T9335] ? __pfx_path_openat+0x10/0x10 [ 360.472808][ T9335] do_file_open+0x20e/0x430 [ 360.472853][ T9335] ? __pfx_do_file_open+0x10/0x10 [ 360.472925][ T9335] ? alloc_fd+0x476/0x790 [ 360.472970][ T9335] ? do_getname+0x191/0x390 [ 360.473022][ T9335] do_sys_openat2+0x10d/0x1e0 [ 360.473074][ T9335] ? __pfx_do_sys_openat2+0x10/0x10 [ 360.473131][ T9335] ? __sys_sendmsg+0x18f/0x220 [ 360.473180][ T9335] __x64_sys_openat+0x12d/0x210 [ 360.473236][ T9335] ? __pfx___x64_sys_openat+0x10/0x10 [ 360.473296][ T9335] ? rcu_is_watching+0x12/0xc0 [ 360.473342][ T9335] do_syscall_64+0x10b/0xf80 [ 360.473381][ T9335] ? clear_bhb_loop+0x40/0x90 [ 360.473422][ T9335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.473457][ T9335] RIP: 0033:0x7fc42bb9cdd9 [ 360.473486][ T9335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 360.473519][ T9335] RSP: 002b:00007fc42c9f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 360.473552][ T9335] RAX: ffffffffffffffda RBX: 00007fc42be15fa0 RCX: 00007fc42bb9cdd9 [ 360.473573][ T9335] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 360.473594][ T9335] RBP: 00007fc42bc32d69 R08: 0000000000000000 R09: 0000000000000000 [ 360.473615][ T9335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.473635][ T9335] R13: 00007fc42be16038 R14: 00007fc42be15fa0 R15: 00007fffbb989778 [ 360.473676][ T9335] [ 361.641587][ T9359] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 361.822297][ T9363] FAULT_INJECTION: forcing a failure. [ 361.822297][ T9363] name failslab, interval 1, probability 0, space 0, times 0 [ 361.837212][ T9363] CPU: 1 UID: 0 PID: 9363 Comm: syz.2.771 Not tainted syzkaller #0 PREEMPT(full) [ 361.837256][ T9363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 361.837276][ T9363] Call Trace: [ 361.837287][ T9363] [ 361.837300][ T9363] dump_stack_lvl+0x100/0x190 [ 361.837345][ T9363] should_fail_ex.cold+0x5/0xa [ 361.837388][ T9363] ? sk_prot_alloc+0x10b/0x2a0 [ 361.837430][ T9363] should_failslab+0xc2/0x120 [ 361.837470][ T9363] __kmalloc_noprof+0xe0/0x850 [ 361.837540][ T9363] sk_prot_alloc+0x10b/0x2a0 [ 361.837586][ T9363] sk_alloc+0x36/0xe80 [ 361.837640][ T9363] __netlink_create+0x5e/0x2c0 [ 361.837675][ T9363] ? __wake_up+0x3f/0x60 [ 361.837728][ T9363] netlink_create+0x29b/0x610 [ 361.837765][ T9363] ? __pfx_genl_bind+0x10/0x10 [ 361.837833][ T9363] ? __pfx_genl_unbind+0x10/0x10 [ 361.837878][ T9363] ? __pfx_genl_release+0x10/0x10 [ 361.837932][ T9363] __sock_create+0x339/0x860 [ 361.837985][ T9363] __sys_socket+0x14d/0x260 [ 361.838033][ T9363] ? __pfx___sys_socket+0x10/0x10 [ 361.838095][ T9363] __x64_sys_socket+0x72/0xb0 [ 361.838140][ T9363] ? lockdep_hardirqs_on+0x78/0x100 [ 361.838182][ T9363] do_syscall_64+0x10b/0xf80 [ 361.838223][ T9363] ? clear_bhb_loop+0x40/0x90 [ 361.838266][ T9363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.838300][ T9363] RIP: 0033:0x7f95da19cdd9 [ 361.838355][ T9363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 361.838390][ T9363] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 361.838423][ T9363] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 361.838439][ T9363] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 361.838453][ T9363] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 361.838467][ T9363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.838482][ T9363] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 361.838512][ T9363] [ 364.887819][ T9404] netlink: 25 bytes leftover after parsing attributes in process `syz.0.780'. [ 366.736750][ T9441] FAULT_INJECTION: forcing a failure. [ 366.736750][ T9441] name failslab, interval 1, probability 0, space 0, times 0 [ 366.780164][ T9441] CPU: 0 UID: 0 PID: 9441 Comm: syz.2.786 Not tainted syzkaller #0 PREEMPT(full) [ 366.780209][ T9441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 366.780228][ T9441] Call Trace: [ 366.780239][ T9441] [ 366.780252][ T9441] dump_stack_lvl+0x100/0x190 [ 366.780295][ T9441] should_fail_ex.cold+0x5/0xa [ 366.780345][ T9441] ? sk_prot_alloc+0x10b/0x2a0 [ 366.780374][ T9441] should_failslab+0xc2/0x120 [ 366.780405][ T9441] __kmalloc_noprof+0xe0/0x850 [ 366.780450][ T9441] sk_prot_alloc+0x10b/0x2a0 [ 366.780481][ T9441] sk_alloc+0x36/0xe80 [ 366.780520][ T9441] __netlink_create+0x5e/0x2c0 [ 366.780544][ T9441] ? __wake_up+0x3f/0x60 [ 366.780581][ T9441] netlink_create+0x29b/0x610 [ 366.780607][ T9441] ? __pfx_genl_bind+0x10/0x10 [ 366.780644][ T9441] ? __pfx_genl_unbind+0x10/0x10 [ 366.780676][ T9441] ? __pfx_genl_release+0x10/0x10 [ 366.780713][ T9441] __sock_create+0x339/0x860 [ 366.780749][ T9441] __sys_socket+0x14d/0x260 [ 366.780787][ T9441] ? __pfx___sys_socket+0x10/0x10 [ 366.780828][ T9441] __x64_sys_socket+0x72/0xb0 [ 366.780860][ T9441] ? lockdep_hardirqs_on+0x78/0x100 [ 366.780890][ T9441] do_syscall_64+0x10b/0xf80 [ 366.780919][ T9441] ? clear_bhb_loop+0x40/0x90 [ 366.780948][ T9441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.780973][ T9441] RIP: 0033:0x7f95da19cdd9 [ 366.780994][ T9441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 366.781018][ T9441] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 366.781041][ T9441] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 366.781057][ T9441] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 366.781072][ T9441] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 366.781086][ T9441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.781101][ T9441] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 366.781131][ T9441] Ijn9_UVQ8j@:Un M%Ux[ 370.245119][ T9498] netlink: 17 bytes leftover after parsing attributes in process `syz.3.796'. [ 370.621682][ T9490] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 373.230299][ T9532] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 373.722157][ T9536] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 376.257648][ T9555] block2mtd: illegal erase size [ 376.729248][ T9559] netlink: 222 bytes leftover after parsing attributes in process `syz.2.811'. [ 378.098164][ T9576] netlink: 222 bytes leftover after parsing attributes in process `syz.2.817'. [ 378.443123][ T9583] netlink: 16 bytes leftover after parsing attributes in process `syz.0.819'. [ 378.555156][ T9584] binder: 9582:9584 ioctl c018620c 200000000300 returned -22 [ 378.945784][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.956419][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.971515][ T9574] kexec: Could not allocate control_code_buffer [ 380.303448][ T9605] FAULT_INJECTION: forcing a failure. [ 380.303448][ T9605] name failslab, interval 1, probability 0, space 0, times 0 [ 380.348389][ T9605] CPU: 1 UID: 0 PID: 9605 Comm: syz.3.823 Not tainted syzkaller #0 PREEMPT(full) [ 380.348423][ T9605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 380.348438][ T9605] Call Trace: [ 380.348445][ T9605] [ 380.348454][ T9605] dump_stack_lvl+0x100/0x190 [ 380.348486][ T9605] should_fail_ex.cold+0x5/0xa [ 380.348517][ T9605] should_failslab+0xc2/0x120 [ 380.348548][ T9605] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 380.348588][ T9605] ? sock_alloc_inode+0x26/0x290 [ 380.348620][ T9605] ? __pfx_sock_alloc_inode+0x10/0x10 [ 380.348650][ T9605] sock_alloc_inode+0x26/0x290 [ 380.348678][ T9605] ? __pfx_sock_alloc_inode+0x10/0x10 [ 380.348706][ T9605] alloc_inode+0x68/0x250 [ 380.348743][ T9605] sock_alloc+0x44/0x280 [ 380.348767][ T9605] ? security_socket_create+0x7f/0x250 [ 380.348806][ T9605] __sock_create+0xc2/0x860 [ 380.348842][ T9605] __sys_socket+0x14d/0x260 [ 380.348876][ T9605] ? __pfx___sys_socket+0x10/0x10 [ 380.348917][ T9605] __x64_sys_socket+0x72/0xb0 [ 380.348981][ T9605] ? lockdep_hardirqs_on+0x78/0x100 [ 380.349026][ T9605] do_syscall_64+0x10b/0xf80 [ 380.349054][ T9605] ? clear_bhb_loop+0x40/0x90 [ 380.349084][ T9605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.349109][ T9605] RIP: 0033:0x7f4b9399cdd9 [ 380.349129][ T9605] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 380.349153][ T9605] RSP: 002b:00007f4b91bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 380.349176][ T9605] RAX: ffffffffffffffda RBX: 00007f4b93c15fa0 RCX: 00007f4b9399cdd9 [ 380.349192][ T9605] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 380.349206][ T9605] RBP: 00007f4b93a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 380.349224][ T9605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.349238][ T9605] R13: 00007f4b93c16038 R14: 00007f4b93c15fa0 R15: 00007ffd68d48c68 [ 380.349268][ T9605] [ 380.350573][ T9605] socket: no more sockets [ 381.969426][ T9624] netlink: 222 bytes leftover after parsing attributes in process `syz.2.828'. [ 383.258903][ T9641] netlink: 222 bytes leftover after parsing attributes in process `syz.1.833'. [ 384.768236][ T9687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.844'. [ 384.894446][ T9688] bridge0: port 3(vlan0) entered blocking state [ 384.915279][ T9688] bridge0: port 3(vlan0) entered disabled state [ 384.951402][ T9688] vlan0: entered allmulticast mode [ 384.996398][ T9688] veth0_vlan: entered allmulticast mode [ 385.031087][ T9688] vlan0: entered promiscuous mode [ 385.300570][ T9692] netlink: 28 bytes leftover after parsing attributes in process `syz.1.845'. [ 385.416767][ T9692] netlink: zone id is out of range [ 385.588318][ T9697] ubi0: attaching mtd0 [ 385.610969][ T9697] ubi0: scanning is finished [ 385.920272][ T9697] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 385.947922][ T9697] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 385.970861][ T9697] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 385.995159][ T9697] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 386.004308][ T9697] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 386.011240][ T9697] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 386.020094][ T9697] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3813870492 [ 386.030813][ T9697] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 386.044001][ T9705] ubi0: background thread "ubi_bgt0d" started, PID 9705 [ 386.102249][ T9698] ubi0: detaching mtd0 [ 386.194387][ T9698] ubi0: mtd0 is detached [ 386.482720][ T9713] netlink: 222 bytes leftover after parsing attributes in process `syz.2.851'. [ 387.268986][ T9721] binder: 9718:9721 ioctl 40046210 0 returned -14 [ 390.217130][ T9775] netlink: 222 bytes leftover after parsing attributes in process `syz.1.866'. [ 392.562112][ T9802] FAULT_INJECTION: forcing a failure. [ 392.562112][ T9802] name fail_futex, interval 1, probability 0, space 0, times 0 [ 392.602990][ T9802] CPU: 1 UID: 0 PID: 9802 Comm: syz.3.870 Not tainted syzkaller #0 PREEMPT(full) [ 392.603035][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 392.603055][ T9802] Call Trace: [ 392.603065][ T9802] [ 392.603077][ T9802] dump_stack_lvl+0x100/0x190 [ 392.603130][ T9802] should_fail_ex.cold+0x5/0xa [ 392.603174][ T9802] get_futex_key+0x1d2/0x1510 [ 392.603214][ T9802] ? __pfx_get_futex_key+0x10/0x10 [ 392.603248][ T9802] ? __pfx_core_sys_select+0x10/0x10 [ 392.603297][ T9802] futex_wake+0xea/0x530 [ 392.603344][ T9802] ? __pfx_futex_wake+0x10/0x10 [ 392.603398][ T9802] ? poll_select_finish+0x36e/0x670 [ 392.603437][ T9802] ? __pfx_poll_select_finish+0x10/0x10 [ 392.603478][ T9802] do_futex+0x32b/0x350 [ 392.603515][ T9802] ? __pfx_do_futex+0x10/0x10 [ 392.603564][ T9802] __x64_sys_futex+0x34f/0x4d0 [ 392.603606][ T9802] ? __pfx___x64_sys_futex+0x10/0x10 [ 392.603651][ T9802] ? rcu_is_watching+0x12/0xc0 [ 392.603696][ T9802] do_syscall_64+0x10b/0xf80 [ 392.603736][ T9802] ? clear_bhb_loop+0x40/0x90 [ 392.603776][ T9802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.603809][ T9802] RIP: 0033:0x7f4b9399cdd9 [ 392.603836][ T9802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 392.603869][ T9802] RSP: 002b:00007f4b91bb40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 392.603902][ T9802] RAX: ffffffffffffffda RBX: 00007f4b93c16188 RCX: 00007f4b9399cdd9 [ 392.603924][ T9802] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4b93c1618c [ 392.603945][ T9802] RBP: 00007f4b93c16180 R08: 0000000000000001 R09: 0000000000000000 [ 392.603965][ T9802] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 392.603985][ T9802] R13: 00007f4b93c16218 R14: 00007ffd68d48b80 R15: 00007ffd68d48c68 [ 392.604027][ T9802] [ 394.195023][ T9825] FAULT_INJECTION: forcing a failure. [ 394.195023][ T9825] name fail_futex, interval 1, probability 0, space 0, times 0 [ 394.254412][ T9825] CPU: 0 UID: 0 PID: 9825 Comm: syz.3.875 Not tainted syzkaller #0 PREEMPT(full) [ 394.254456][ T9825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 394.254476][ T9825] Call Trace: [ 394.254487][ T9825] [ 394.254499][ T9825] dump_stack_lvl+0x100/0x190 [ 394.254542][ T9825] should_fail_ex.cold+0x5/0xa [ 394.254586][ T9825] get_futex_key+0x1d2/0x1510 [ 394.254625][ T9825] ? __pfx_get_futex_key+0x10/0x10 [ 394.254672][ T9825] futex_wait_setup+0x83/0x510 [ 394.254727][ T9825] __futex_wait+0x19f/0x300 [ 394.254773][ T9825] ? __pfx___futex_wait+0x10/0x10 [ 394.254816][ T9825] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 394.254861][ T9825] ? __pfx_futex_wake_mark+0x10/0x10 [ 394.254909][ T9825] ? futex_hash+0x2ad/0x370 [ 394.254960][ T9825] ? futex_hash+0x141/0x370 [ 394.255005][ T9825] futex_wait+0xe6/0x370 [ 394.255050][ T9825] ? __pfx_futex_wait+0x10/0x10 [ 394.255101][ T9825] ? ksys_write+0x190/0x250 [ 394.255139][ T9825] ? ksys_write+0x190/0x250 [ 394.255184][ T9825] do_futex+0x1ef/0x350 [ 394.255221][ T9825] ? __pfx_do_futex+0x10/0x10 [ 394.255260][ T9825] ? do_set_mempolicy+0x217/0x3d0 [ 394.255299][ T9825] ? __pfx_do_set_mempolicy+0x10/0x10 [ 394.255343][ T9825] __x64_sys_futex+0x34f/0x4d0 [ 394.255387][ T9825] ? __pfx___x64_sys_futex+0x10/0x10 [ 394.255427][ T9825] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 394.255472][ T9825] ? rcu_is_watching+0x12/0xc0 [ 394.255518][ T9825] do_syscall_64+0x10b/0xf80 [ 394.255559][ T9825] ? clear_bhb_loop+0x40/0x90 [ 394.255601][ T9825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.255638][ T9825] RIP: 0033:0x7f4b9399cdd9 [ 394.255671][ T9825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 394.255705][ T9825] RSP: 002b:00007f4b91bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 394.255738][ T9825] RAX: ffffffffffffffda RBX: 00007f4b93c15fa8 RCX: 00007f4b9399cdd9 [ 394.255760][ T9825] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4b93c15fa8 [ 394.255782][ T9825] RBP: 00007f4b93c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 394.255802][ T9825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.255822][ T9825] R13: 00007f4b93c16038 R14: 00007ffd68d48b80 R15: 00007ffd68d48c68 [ 394.255865][ T9825] [ 395.391284][ T9832] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 396.829518][ T30] audit: type=1800 audit(1777498512.903:14): pid=9845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.880" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 398.875901][ T9889] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.1.890: 7 [ 398.958034][ T9883] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 400.651029][ T9921] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 402.016369][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.898'. [ 402.222199][ T9939] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 404.251486][ T9970] binder: 9968:9970 ioctl 40046210 0 returned -14 [ 404.300289][ T9971] FAULT_INJECTION: forcing a failure. [ 404.300289][ T9971] name failslab, interval 1, probability 0, space 0, times 0 [ 404.347067][ T9971] CPU: 1 UID: 0 PID: 9971 Comm: syz.2.904 Not tainted syzkaller #0 PREEMPT(full) [ 404.347106][ T9971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 404.347121][ T9971] Call Trace: [ 404.347129][ T9971] [ 404.347139][ T9971] dump_stack_lvl+0x100/0x190 [ 404.347170][ T9971] should_fail_ex.cold+0x5/0xa [ 404.347201][ T9971] should_failslab+0xc2/0x120 [ 404.347229][ T9971] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 404.347269][ T9971] ? __d_alloc+0x34/0xa40 [ 404.347300][ T9971] ? lockdep_init_map_type+0x5c/0x250 [ 404.347329][ T9971] __d_alloc+0x34/0xa40 [ 404.347366][ T9971] d_alloc_pseudo+0x1c/0xc0 [ 404.347389][ T9971] alloc_file_pseudo+0xcf/0x230 [ 404.347426][ T9971] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 404.347463][ T9971] ? alloc_fd+0x476/0x790 [ 404.347496][ T9971] sock_alloc_file+0x50/0x210 [ 404.347523][ T9971] __sys_socket+0x1c0/0x260 [ 404.347556][ T9971] ? __pfx___sys_socket+0x10/0x10 [ 404.347588][ T9971] ? ksys_write+0x1ac/0x250 [ 404.347622][ T9971] __x64_sys_socket+0x72/0xb0 [ 404.347654][ T9971] ? lockdep_hardirqs_on+0x78/0x100 [ 404.347712][ T9971] do_syscall_64+0x10b/0xf80 [ 404.347755][ T9971] ? clear_bhb_loop+0x40/0x90 [ 404.347784][ T9971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.347809][ T9971] RIP: 0033:0x7f95da19cdd9 [ 404.347829][ T9971] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.347853][ T9971] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 404.347876][ T9971] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 404.347892][ T9971] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 404.347907][ T9971] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 404.347921][ T9971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.347936][ T9971] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 404.347966][ T9971] [ 405.460691][ T9980] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 405.539795][ T9990] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 406.095112][ T9986] FAULT_INJECTION: forcing a failure. [ 406.095112][ T9986] name fail_futex, interval 1, probability 0, space 0, times 0 [ 406.140811][ T9986] CPU: 1 UID: 0 PID: 9986 Comm: syz.2.908 Not tainted syzkaller #0 PREEMPT(full) [ 406.140919][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 406.140971][ T9986] Call Trace: [ 406.140996][ T9986] [ 406.141022][ T9986] dump_stack_lvl+0x100/0x190 [ 406.141135][ T9986] should_fail_ex.cold+0x5/0xa [ 406.141246][ T9986] get_futex_key+0xf78/0x1510 [ 406.141339][ T9986] ? __pfx_get_futex_key+0x10/0x10 [ 406.141428][ T9986] ? lock_acquire+0x1b1/0x370 [ 406.141470][ T9986] futex_wake+0xea/0x530 [ 406.141513][ T9986] ? __pfx_futex_wake+0x10/0x10 [ 406.141554][ T9986] ? exit_mm_release+0x19/0x30 [ 406.141612][ T9986] do_futex+0x32b/0x350 [ 406.141647][ T9986] ? __pfx_do_futex+0x10/0x10 [ 406.141677][ T9986] ? __might_fault+0xc5/0x140 [ 406.141763][ T9986] mm_release+0x24a/0x2f0 [ 406.141806][ T9986] do_exit+0x707/0x2a60 [ 406.141861][ T9986] ? __pfx_do_exit+0x10/0x10 [ 406.141911][ T9986] ? do_raw_spin_lock+0x128/0x260 [ 406.141946][ T9986] ? find_held_lock+0x2b/0x80 [ 406.141986][ T9986] ? get_signal+0x7e0/0x21e0 [ 406.142031][ T9986] do_group_exit+0xd5/0x2a0 [ 406.142084][ T9986] get_signal+0x1ec7/0x21e0 [ 406.142146][ T9986] ? __pfx_get_signal+0x10/0x10 [ 406.142194][ T9986] ? do_futex+0x192/0x350 [ 406.142234][ T9986] arch_do_signal_or_restart+0x91/0x770 [ 406.142283][ T9986] ? blkcg_maybe_throttle_current+0x5e7/0xeb0 [ 406.142323][ T9986] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 406.142384][ T9986] ? __pfx___x64_sys_futex+0x10/0x10 [ 406.142423][ T9986] ? rcu_is_watching+0x12/0xc0 [ 406.142466][ T9986] exit_to_user_mode_loop+0x86/0x4a0 [ 406.142499][ T9986] ? do_syscall_64+0x519/0xf80 [ 406.142541][ T9986] do_syscall_64+0x6f2/0xf80 [ 406.142578][ T9986] ? clear_bhb_loop+0x40/0x90 [ 406.142618][ T9986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.142652][ T9986] RIP: 0033:0x7f95da19cdd9 [ 406.142679][ T9986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 406.142710][ T9986] RSP: 002b:00007f95dafcb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 406.142743][ T9986] RAX: fffffffffffffe00 RBX: 00007f95da415fa8 RCX: 00007f95da19cdd9 [ 406.142763][ T9986] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f95da415fa8 [ 406.142782][ T9986] RBP: 00007f95da415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 406.142802][ T9986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 406.142820][ T9986] R13: 00007f95da416038 R14: 00007ffe86c27d00 R15: 00007ffe86c27de8 [ 406.142862][ T9986] [ 407.020912][ T9998] netlink: 28 bytes leftover after parsing attributes in process `syz.2.910'. [ 407.217743][ T9998] netlink: zone id is out of range [ 408.432490][ T30] audit: type=1804 audit(1777498524.503:15): pid=10005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.912" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1057 res=1 errno=0 [ 408.739499][T10027] binder: 10026:10027 ioctl 40046210 0 returned -14 [ 409.653092][T10031] FAULT_INJECTION: forcing a failure. [ 409.653092][T10031] name failslab, interval 1, probability 0, space 0, times 0 [ 409.666638][T10031] CPU: 0 UID: 0 PID: 10031 Comm: syz.0.916 Not tainted syzkaller #0 PREEMPT(full) [ 409.666683][T10031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 409.666703][T10031] Call Trace: [ 409.666715][T10031] [ 409.666727][T10031] dump_stack_lvl+0x100/0x190 [ 409.666771][T10031] should_fail_ex.cold+0x5/0xa [ 409.666813][T10031] ? sk_prot_alloc+0x10b/0x2a0 [ 409.666851][T10031] should_failslab+0xc2/0x120 [ 409.666890][T10031] __kmalloc_noprof+0xe0/0x850 [ 409.666956][T10031] sk_prot_alloc+0x10b/0x2a0 [ 409.666999][T10031] sk_alloc+0x36/0xe80 [ 409.667054][T10031] __netlink_create+0x5e/0x2c0 [ 409.667087][T10031] ? __wake_up+0x3f/0x60 [ 409.667136][T10031] netlink_create+0x29b/0x610 [ 409.667173][T10031] ? __pfx_genl_bind+0x10/0x10 [ 409.667216][T10031] ? __pfx_genl_unbind+0x10/0x10 [ 409.667258][T10031] ? __pfx_genl_release+0x10/0x10 [ 409.667310][T10031] __sock_create+0x339/0x860 [ 409.667362][T10031] __sys_socket+0x14d/0x260 [ 409.667410][T10031] ? __pfx___sys_socket+0x10/0x10 [ 409.667455][T10031] ? ksys_write+0x1ac/0x250 [ 409.667505][T10031] __x64_sys_socket+0x72/0xb0 [ 409.667550][T10031] ? lockdep_hardirqs_on+0x78/0x100 [ 409.667592][T10031] do_syscall_64+0x10b/0xf80 [ 409.667643][T10031] ? clear_bhb_loop+0x40/0x90 [ 409.667685][T10031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.667721][T10031] RIP: 0033:0x7fc42bb9cdd9 [ 409.667748][T10031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 409.667782][T10031] RSP: 002b:00007fc42c9f3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 409.667814][T10031] RAX: ffffffffffffffda RBX: 00007fc42be15fa0 RCX: 00007fc42bb9cdd9 [ 409.667837][T10031] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 409.667858][T10031] RBP: 00007fc42bc32d69 R08: 0000000000000000 R09: 0000000000000000 [ 409.667878][T10031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.667899][T10031] R13: 00007fc42be16038 R14: 00007fc42be15fa0 R15: 00007fffbb989778 [ 409.667943][T10031] [ 417.693317][T10081] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 418.911976][ T30] audit: type=1804 audit(1777498534.983:16): pid=10088 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.927" name="/newroot/227/file0" dev="tmpfs" ino=1188 res=1 errno=0 [ 418.972180][ T30] audit: type=1804 audit(1777498534.983:17): pid=10098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.927" name="/newroot/227/file0" dev="tmpfs" ino=1188 res=1 errno=0 [ 419.694410][T10085] kexec: Could not allocate control_code_buffer [ 419.843135][T10104] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 420.865292][T10127] block2mtd: illegal erase size [ 425.778624][T10175] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 428.055009][T10201] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 429.044616][T10210] binder: 10206:10210 ioctl 40046210 0 returned -14 [ 429.113315][T10212] ======================================================= [ 429.113315][T10212] WARNING: The mand mount option has been deprecated and [ 429.113315][T10212] and is ignored by this kernel. Remove the mand [ 429.113315][T10212] option from the mount to silence this warning. [ 429.113315][T10212] ======================================================= [ 429.298889][T10196] FAULT_INJECTION: forcing a failure. [ 429.298889][T10196] name failslab, interval 1, probability 0, space 0, times 0 [ 429.343196][T10196] CPU: 1 UID: 0 PID: 10196 Comm: syz.2.950 Not tainted syzkaller #0 PREEMPT(full) [ 429.343239][T10196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 429.343259][T10196] Call Trace: [ 429.343269][T10196] [ 429.343281][T10196] dump_stack_lvl+0x100/0x190 [ 429.343322][T10196] should_fail_ex.cold+0x5/0xa [ 429.343365][T10196] should_failslab+0xc2/0x120 [ 429.343403][T10196] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 429.343455][T10196] ? __mpol_dup+0x74/0x390 [ 429.343503][T10196] __mpol_dup+0x74/0x390 [ 429.343543][T10196] ? __pfx___mpol_dup+0x10/0x10 [ 429.343588][T10196] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 429.343661][T10196] ? sp_alloc+0x27/0x160 [ 429.343711][T10196] sp_alloc+0x4d/0x160 [ 429.343758][T10196] mpol_set_shared_policy+0xa5/0x890 [ 429.343812][T10196] ? __pfx_shmem_set_policy+0x10/0x10 [ 429.343852][T10196] mbind_range+0x339/0x550 [ 429.343900][T10196] do_mbind+0x7dc/0xfd0 [ 429.343955][T10196] ? __might_fault+0xc5/0x140 [ 429.344005][T10196] ? __pfx_do_mbind+0x10/0x10 [ 429.344059][T10196] ? _copy_from_user+0x59/0xd0 [ 429.344119][T10196] ? __pfx_get_nodes+0x10/0x10 [ 429.344164][T10196] kernel_mbind+0x1b7/0x200 [ 429.344224][T10196] ? __pfx_kernel_mbind+0x10/0x10 [ 429.344275][T10196] ? rcu_is_watching+0x12/0xc0 [ 429.344322][T10196] do_syscall_64+0x10b/0xf80 [ 429.344361][T10196] ? clear_bhb_loop+0x40/0x90 [ 429.344404][T10196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.344439][T10196] RIP: 0033:0x7f95da19cdd9 [ 429.344465][T10196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 429.344499][T10196] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 429.344531][T10196] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 429.344553][T10196] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 429.344572][T10196] RBP: 00007f95da232d69 R08: 0000000000000003 R09: 0000000000000003 [ 429.344592][T10196] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 429.344611][T10196] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 429.344654][T10196] [ 430.347925][T10238] openvswitch: netlink: Either Ethernet header or EtherType is required. getty: ttyS0: read error: Resource temporarily unavailable [ 430.990791][T10259] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 431.457737][T10263] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 432.163786][T10275] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 435.296191][T10341] binder: 10340:10341 ioctl 40046210 0 returned -14 [ 437.141591][ T30] audit: type=1800 audit(1777498553.213:18): pid=10372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.978" name="members" dev="configfs" ino=34184 res=0 errno=0 [ 439.216649][T10403] binder: 10402:10403 ioctl 40046210 0 returned -14 [ 440.396418][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.403055][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.516023][ T30] audit: type=1804 audit(1777498556.593:19): pid=10414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.987" name="/newroot/254/file0" dev="tmpfs" ino=1339 res=1 errno=0 [ 440.545750][ T30] audit: type=1804 audit(1777498556.613:20): pid=10421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.987" name="/newroot/254/file0" dev="tmpfs" ino=1339 res=1 errno=0 [ 442.889718][T10451] __vm_enough_memory: pid: 10451, comm: syz.3.995, bytes: 4398046511104 not enough memory for the allocation [ 444.479240][T10465] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1000'. [ 444.771068][T10484] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1002'. [ 445.259841][T10495] FAULT_INJECTION: forcing a failure. [ 445.259841][T10495] name failslab, interval 1, probability 0, space 0, times 0 [ 445.295979][T10495] CPU: 1 UID: 0 PID: 10495 Comm: syz.3.1005 Not tainted syzkaller #0 PREEMPT(full) [ 445.296026][T10495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 445.296045][T10495] Call Trace: [ 445.296055][T10495] [ 445.296068][T10495] dump_stack_lvl+0x100/0x190 [ 445.296110][T10495] should_fail_ex.cold+0x5/0xa [ 445.296153][T10495] should_failslab+0xc2/0x120 [ 445.296193][T10495] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 445.296251][T10495] ? sock_alloc_inode+0x26/0x290 [ 445.296297][T10495] ? __pfx_sock_alloc_inode+0x10/0x10 [ 445.296340][T10495] sock_alloc_inode+0x26/0x290 [ 445.296378][T10495] ? __pfx_sock_alloc_inode+0x10/0x10 [ 445.296419][T10495] alloc_inode+0x68/0x250 [ 445.296472][T10495] sock_alloc+0x44/0x280 [ 445.296515][T10495] ? security_socket_create+0x7f/0x250 [ 445.296572][T10495] __sock_create+0xc2/0x860 [ 445.296624][T10495] __sys_socket+0x14d/0x260 [ 445.296672][T10495] ? __pfx___sys_socket+0x10/0x10 [ 445.296732][T10495] __x64_sys_socket+0x72/0xb0 [ 445.296777][T10495] ? lockdep_hardirqs_on+0x78/0x100 [ 445.296824][T10495] do_syscall_64+0x10b/0xf80 [ 445.296865][T10495] ? clear_bhb_loop+0x40/0x90 [ 445.296908][T10495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.296944][T10495] RIP: 0033:0x7f4b9399cdd9 [ 445.296973][T10495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 445.297006][T10495] RSP: 002b:00007f4b91bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 445.297041][T10495] RAX: ffffffffffffffda RBX: 00007f4b93c15fa0 RCX: 00007f4b9399cdd9 [ 445.297063][T10495] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 445.297085][T10495] RBP: 00007f4b93a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 445.297105][T10495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 445.297125][T10495] R13: 00007f4b93c16038 R14: 00007f4b93c15fa0 R15: 00007ffd68d48c68 [ 445.297167][T10495] [ 445.297297][T10495] socket: no more sockets [ 446.544971][T10509] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 446.652694][T10513] binder: 10512:10513 ioctl 40046210 0 returned -14 [ 447.899038][T10516] FAULT_INJECTION: forcing a failure. [ 447.899038][T10516] name failslab, interval 1, probability 0, space 0, times 0 [ 447.953771][T10516] CPU: 1 UID: 0 PID: 10516 Comm: syz.0.1010 Not tainted syzkaller #0 PREEMPT(full) [ 447.953819][T10516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 447.953840][T10516] Call Trace: [ 447.953850][T10516] [ 447.953862][T10516] dump_stack_lvl+0x100/0x190 [ 447.953903][T10516] should_fail_ex.cold+0x5/0xa [ 447.953945][T10516] should_failslab+0xc2/0x120 [ 447.953983][T10516] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 447.954037][T10516] ? __mpol_dup+0x74/0x390 [ 447.954088][T10516] __mpol_dup+0x74/0x390 [ 447.954129][T10516] ? __pfx___mpol_dup+0x10/0x10 [ 447.954169][T10516] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 447.954218][T10516] ? sp_alloc+0x27/0x160 [ 447.954285][T10516] sp_alloc+0x4d/0x160 [ 447.954329][T10516] mpol_set_shared_policy+0xa5/0x890 [ 447.954388][T10516] ? __pfx_shmem_set_policy+0x10/0x10 [ 447.954428][T10516] mbind_range+0x339/0x550 [ 447.954476][T10516] do_mbind+0x7dc/0xfd0 [ 447.954536][T10516] ? __might_fault+0xc5/0x140 [ 447.954588][T10516] ? __pfx_do_mbind+0x10/0x10 [ 447.954640][T10516] ? _copy_from_user+0x59/0xd0 [ 447.954703][T10516] ? __pfx_get_nodes+0x10/0x10 [ 447.954746][T10516] kernel_mbind+0x1b7/0x200 [ 447.954793][T10516] ? __pfx_kernel_mbind+0x10/0x10 [ 447.954842][T10516] ? rcu_is_watching+0x12/0xc0 [ 447.954887][T10516] do_syscall_64+0x10b/0xf80 [ 447.954925][T10516] ? clear_bhb_loop+0x40/0x90 [ 447.954965][T10516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.954998][T10516] RIP: 0033:0x7fc42bb9cdd9 [ 447.955025][T10516] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 447.955060][T10516] RSP: 002b:00007fc42c9f3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 447.955093][T10516] RAX: ffffffffffffffda RBX: 00007fc42be15fa0 RCX: 00007fc42bb9cdd9 [ 447.955115][T10516] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 447.955135][T10516] RBP: 00007fc42bc32d69 R08: 0000000000000003 R09: 0000000000000003 [ 447.955156][T10516] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 447.955177][T10516] R13: 00007fc42be16038 R14: 00007fc42be15fa0 R15: 00007fffbb989778 [ 447.955220][T10516] [ 448.994228][T10555] binder: 10554:10555 ioctl 40046210 0 returned -14 [ 449.969348][T10570] binder: 10569:10570 ioctl 40046210 0 returned -14 [ 451.707014][T10600] FAULT_INJECTION: forcing a failure. [ 451.707014][T10600] name fail_futex, interval 1, probability 0, space 0, times 0 [ 451.758472][T10600] CPU: 1 UID: 0 PID: 10600 Comm: syz.3.1031 Not tainted syzkaller #0 PREEMPT(full) [ 451.758516][T10600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 451.758535][T10600] Call Trace: [ 451.758563][T10600] [ 451.758576][T10600] dump_stack_lvl+0x100/0x190 [ 451.758616][T10600] should_fail_ex.cold+0x5/0xa [ 451.758658][T10600] get_futex_key+0x1d2/0x1510 [ 451.758695][T10600] ? __pfx_get_futex_key+0x10/0x10 [ 451.758741][T10600] futex_wait_setup+0x83/0x510 [ 451.758800][T10600] __futex_wait+0x19f/0x300 [ 451.758847][T10600] ? __pfx___futex_wait+0x10/0x10 [ 451.758891][T10600] ? __pfx_cmp_ex_search+0x10/0x10 [ 451.758950][T10600] ? __pfx_futex_wake_mark+0x10/0x10 [ 451.758998][T10600] ? futex_hash+0x2ad/0x370 [ 451.759031][T10600] ? futex_hash+0x141/0x370 [ 451.759066][T10600] futex_wait+0xe6/0x370 [ 451.759108][T10600] ? __pfx_futex_wait+0x10/0x10 [ 451.759153][T10600] ? rcu_is_watching+0x12/0xc0 [ 451.759191][T10600] ? irqentry_exit+0x246/0x790 [ 451.759239][T10600] ? lockdep_hardirqs_on+0x78/0x100 [ 451.759281][T10600] do_futex+0x1ef/0x350 [ 451.759316][T10600] ? __pfx_do_futex+0x10/0x10 [ 451.759350][T10600] ? do_set_mempolicy+0x217/0x3d0 [ 451.759387][T10600] ? __pfx_do_set_mempolicy+0x10/0x10 [ 451.759426][T10600] __x64_sys_futex+0x34f/0x4d0 [ 451.759467][T10600] ? __pfx___x64_sys_futex+0x10/0x10 [ 451.759503][T10600] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 451.759542][T10600] ? rcu_is_watching+0x12/0xc0 [ 451.759582][T10600] do_syscall_64+0x10b/0xf80 [ 451.759618][T10600] ? clear_bhb_loop+0x40/0x90 [ 451.759655][T10600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.759687][T10600] RIP: 0033:0x7f4b9399cdd9 [ 451.759712][T10600] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.759762][T10600] RSP: 002b:00007f4b91bf60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 451.759795][T10600] RAX: ffffffffffffffda RBX: 00007f4b93c15fa8 RCX: 00007f4b9399cdd9 [ 451.759816][T10600] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4b93c15fa8 [ 451.759848][T10600] RBP: 00007f4b93c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 451.759867][T10600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.759886][T10600] R13: 00007f4b93c16038 R14: 00007ffd68d48b80 R15: 00007ffd68d48c68 [ 451.759937][T10600] [ 453.125422][T10578] kexec: Could not allocate control_code_buffer [ 453.339918][T10610] binder: 10609:10610 ioctl 40046210 0 returned -14 [ 455.761416][T10636] binder: 10635:10636 ioctl 40046210 0 returned -14 [ 455.843280][T10640] binder: 10639:10640 ioctl 40046210 0 returned -14 [ 456.744788][T10646] netlink: 'syz.2.1044': attribute type 1 has an invalid length. [ 456.761127][T10646] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1044'. [ 457.247478][T10647] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 457.850826][T10670] bridge0: port 4(gretap0) entered blocking state [ 457.865597][T10670] bridge0: port 4(gretap0) entered disabled state [ 457.879121][T10670] gretap0: entered allmulticast mode [ 457.901835][T10670] FAULT_INJECTION: forcing a failure. [ 457.901835][T10670] name failslab, interval 1, probability 0, space 0, times 0 [ 457.914683][T10670] CPU: 1 UID: 0 PID: 10670 Comm: syz.0.1048 Not tainted syzkaller #0 PREEMPT(full) [ 457.914727][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 457.914747][T10670] Call Trace: [ 457.914759][T10670] [ 457.914772][T10670] dump_stack_lvl+0x100/0x190 [ 457.914813][T10670] should_fail_ex.cold+0x5/0xa [ 457.914843][T10670] should_failslab+0xc2/0x120 [ 457.914871][T10670] __kmalloc_cache_noprof+0x7a/0x6f0 [ 457.914905][T10670] ? __netdev_adjacent_dev_insert+0x22b/0xbf0 [ 457.914943][T10670] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 457.914976][T10670] __netdev_adjacent_dev_insert+0x22b/0xbf0 [ 457.915014][T10670] ? ip6_route_dev_notify+0xe4/0x750 [ 457.915041][T10670] ? ndisc_netdev_event+0xa1/0x560 [ 457.915075][T10670] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 457.915112][T10670] ? notifier_call_chain+0x330/0x400 [ 457.915157][T10670] __netdev_upper_dev_link+0x3d8/0x7e0 [ 457.915191][T10670] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 457.915221][T10670] ? kernfs_root+0xf8/0x2a0 [ 457.915248][T10670] ? kernfs_add_one+0x214/0x850 [ 457.915284][T10670] netdev_master_upper_dev_link+0x9f/0xd0 [ 457.915316][T10670] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 457.915349][T10670] ? lockdep_rtnl_is_held+0x26/0x40 [ 457.915388][T10670] ? netdev_is_rx_handler_busy+0x83/0x140 [ 457.915417][T10670] br_add_if+0x9fd/0x1b40 [ 457.915456][T10670] ? security_capable+0x80/0x260 [ 457.915493][T10670] add_del_if+0x114/0x160 [ 457.915530][T10670] br_dev_siocdevprivate+0x8ac/0x1650 [ 457.915570][T10670] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 457.915614][T10670] ? do_raw_spin_lock+0x128/0x260 [ 457.915646][T10670] ? find_held_lock+0x2b/0x80 [ 457.915677][T10670] ? debug_mutex_remove_waiter+0xa8/0x320 [ 457.915708][T10670] ? debug_mutex_remove_waiter+0xa8/0x320 [ 457.915748][T10670] ? netdev_name_node_lookup+0x107/0x150 [ 457.915818][T10670] ? __mutex_lock+0x838/0x1b10 [ 457.915864][T10670] dev_ifsioc+0xc2f/0x1f10 [ 457.915907][T10670] ? __pfx_dev_ifsioc+0x10/0x10 [ 457.915945][T10670] ? __pfx___mutex_lock+0x10/0x10 [ 457.915984][T10670] ? dev_load+0x8e/0x240 [ 457.916018][T10670] ? dev_load+0x8e/0x240 [ 457.916059][T10670] dev_ioctl+0x70e/0x1070 [ 457.916099][T10670] sock_ioctl+0x494/0x6b0 [ 457.916132][T10670] ? __pfx_sock_ioctl+0x10/0x10 [ 457.916162][T10670] ? hook_file_ioctl_common+0x149/0x410 [ 457.916192][T10670] ? __fget_files+0x21f/0x3d0 [ 457.916256][T10670] ? __pfx_sock_ioctl+0x10/0x10 [ 457.916290][T10670] __x64_sys_ioctl+0x18e/0x210 [ 457.916315][T10670] do_syscall_64+0x10b/0xf80 [ 457.916343][T10670] ? clear_bhb_loop+0x40/0x90 [ 457.916377][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.916402][T10670] RIP: 0033:0x7fc42bb9cdd9 [ 457.916421][T10670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 457.916444][T10670] RSP: 002b:00007fc42c9d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.916471][T10670] RAX: ffffffffffffffda RBX: 00007fc42be16090 RCX: 00007fc42bb9cdd9 [ 457.916486][T10670] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 457.916501][T10670] RBP: 00007fc42bc32d69 R08: 0000000000000000 R09: 0000000000000000 [ 457.916533][T10670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.916548][T10670] R13: 00007fc42be16128 R14: 00007fc42be16090 R15: 00007fffbb989778 [ 457.916578][T10670] [ 458.387315][T10670] gretap0: left allmulticast mode [ 458.648380][T10681] binder: 10680:10681 ioctl 40046210 0 returned -14 [ 459.635247][T10693] FAULT_INJECTION: forcing a failure. [ 459.635247][T10693] name failslab, interval 1, probability 0, space 0, times 0 [ 459.685247][T10693] CPU: 0 UID: 0 PID: 10693 Comm: syz.2.1056 Not tainted syzkaller #0 PREEMPT(full) [ 459.685279][T10693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 459.685293][T10693] Call Trace: [ 459.685300][T10693] [ 459.685309][T10693] dump_stack_lvl+0x100/0x190 [ 459.685339][T10693] should_fail_ex.cold+0x5/0xa [ 459.685369][T10693] should_failslab+0xc2/0x120 [ 459.685395][T10693] __kvmalloc_node_noprof+0xfa/0xa00 [ 459.685418][T10693] ? evdev_open+0x11a/0x690 [ 459.685447][T10693] evdev_open+0x11a/0x690 [ 459.685473][T10693] ? __pfx_evdev_open+0x10/0x10 [ 459.685496][T10693] chrdev_open+0x234/0x6a0 [ 459.685525][T10693] ? __pfx_apparmor_file_open+0x10/0x10 [ 459.685562][T10693] ? __pfx_chrdev_open+0x10/0x10 [ 459.685592][T10693] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 459.685629][T10693] do_dentry_open+0x6d8/0x1660 [ 459.685657][T10693] ? __pfx_chrdev_open+0x10/0x10 [ 459.685693][T10693] vfs_open+0x82/0x3f0 [ 459.685730][T10693] path_openat+0x208c/0x31a0 [ 459.685768][T10693] ? __pfx_path_openat+0x10/0x10 [ 459.685807][T10693] do_file_open+0x20e/0x430 [ 459.685837][T10693] ? __pfx_do_file_open+0x10/0x10 [ 459.685885][T10693] ? alloc_fd+0x476/0x790 [ 459.685915][T10693] ? do_getname+0x191/0x390 [ 459.685952][T10693] do_sys_openat2+0x10d/0x1e0 [ 459.685987][T10693] ? __pfx_do_sys_openat2+0x10/0x10 [ 459.686025][T10693] ? blkcg_maybe_throttle_current+0x5e7/0xeb0 [ 459.686058][T10693] __x64_sys_openat+0x12d/0x210 [ 459.686095][T10693] ? __pfx___x64_sys_openat+0x10/0x10 [ 459.686141][T10693] ? rcu_is_watching+0x12/0xc0 [ 459.686172][T10693] do_syscall_64+0x10b/0xf80 [ 459.686200][T10693] ? clear_bhb_loop+0x40/0x90 [ 459.686229][T10693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.686274][T10693] RIP: 0033:0x7f95da19cdd9 [ 459.686294][T10693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.686317][T10693] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 459.686340][T10693] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 459.686355][T10693] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: ffffffffffffff9c [ 459.686370][T10693] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 459.686385][T10693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.686399][T10693] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 459.686427][T10693] [ 459.966047][T10693] FAULT_INJECTION: forcing a failure. [ 459.966047][T10693] name failslab, interval 1, probability 0, space 0, times 0 [ 459.978810][T10693] CPU: 0 UID: 0 PID: 10693 Comm: syz.2.1056 Not tainted syzkaller #0 PREEMPT(full) [ 459.978850][T10693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 459.978869][T10693] Call Trace: [ 459.978879][T10693] [ 459.978891][T10693] dump_stack_lvl+0x100/0x190 [ 459.978930][T10693] should_fail_ex.cold+0x5/0xa [ 459.978971][T10693] should_failslab+0xc2/0x120 [ 459.979008][T10693] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 459.979057][T10693] ? do_timer_create+0x209/0x1480 [ 459.979104][T10693] do_timer_create+0x209/0x1480 [ 459.979145][T10693] ? __might_fault+0xc5/0x140 [ 459.979206][T10693] ? __pfx_do_timer_create+0x10/0x10 [ 459.979259][T10693] __x64_sys_timer_create+0x182/0x1d0 [ 459.979302][T10693] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 459.979352][T10693] ? rcu_is_watching+0x12/0xc0 [ 459.979396][T10693] do_syscall_64+0x10b/0xf80 [ 459.979434][T10693] ? clear_bhb_loop+0x40/0x90 [ 459.979472][T10693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.979505][T10693] RIP: 0033:0x7f95da19cdd9 [ 459.979531][T10693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.979562][T10693] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 459.979594][T10693] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 459.979616][T10693] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000000000000007 [ 459.979637][T10693] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 459.979657][T10693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.979675][T10693] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 459.979716][T10693] [ 460.576490][T10703] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 461.229232][T10714] FAULT_INJECTION: forcing a failure. [ 461.229232][T10714] name failslab, interval 1, probability 0, space 0, times 0 [ 461.242909][T10714] CPU: 1 UID: 0 PID: 10714 Comm: syz.2.1059 Not tainted syzkaller #0 PREEMPT(full) [ 461.242953][T10714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 461.242974][T10714] Call Trace: [ 461.242986][T10714] [ 461.242999][T10714] dump_stack_lvl+0x100/0x190 [ 461.243049][T10714] should_fail_ex.cold+0x5/0xa [ 461.243091][T10714] should_failslab+0xc2/0x120 [ 461.243130][T10714] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 461.243181][T10714] ? alloc_empty_file+0x5b/0x1c0 [ 461.243228][T10714] alloc_empty_file+0x5b/0x1c0 [ 461.243269][T10714] alloc_file_pseudo+0x13a/0x230 [ 461.243332][T10714] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 461.243375][T10714] ? alloc_fd+0x476/0x790 [ 461.243414][T10714] sock_alloc_file+0x50/0x210 [ 461.243446][T10714] __sys_socket+0x1c0/0x260 [ 461.243486][T10714] ? __pfx___sys_socket+0x10/0x10 [ 461.243534][T10714] __x64_sys_socket+0x72/0xb0 [ 461.243571][T10714] ? lockdep_hardirqs_on+0x78/0x100 [ 461.243607][T10714] do_syscall_64+0x10b/0xf80 [ 461.243640][T10714] ? clear_bhb_loop+0x40/0x90 [ 461.243676][T10714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.243709][T10714] RIP: 0033:0x7f95da19cdd9 [ 461.243734][T10714] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 461.243763][T10714] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 461.243792][T10714] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 461.243810][T10714] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 461.243827][T10714] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 461.243845][T10714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.243862][T10714] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 461.243898][T10714] [ 461.847546][T10730] binder: 10725:10730 ioctl 40046210 0 returned -14 [ 462.051346][T10731] bridge0: port 3(gretap0) entered blocking state [ 462.093768][T10731] bridge0: port 3(gretap0) entered disabled state [ 462.113672][T10731] gretap0: entered allmulticast mode [ 462.128543][T10731] FAULT_INJECTION: forcing a failure. [ 462.128543][T10731] name failslab, interval 1, probability 0, space 0, times 0 [ 462.145892][T10731] CPU: 1 UID: 0 PID: 10731 Comm: syz.2.1061 Not tainted syzkaller #0 PREEMPT(full) [ 462.145935][T10731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 462.145955][T10731] Call Trace: [ 462.145964][T10731] [ 462.145983][T10731] dump_stack_lvl+0x100/0x190 [ 462.146021][T10731] should_fail_ex.cold+0x5/0xa [ 462.146060][T10731] should_failslab+0xc2/0x120 [ 462.146095][T10731] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 462.146126][T10731] ? kstrdup_const+0x63/0x80 [ 462.146164][T10731] kstrdup+0x51/0xe0 [ 462.146199][T10731] kstrdup_const+0x63/0x80 [ 462.146231][T10731] __kernfs_new_node+0x9b/0x9f0 [ 462.146265][T10731] ? up_write+0x28c/0x4f0 [ 462.146304][T10731] ? __pfx___kernfs_new_node+0x10/0x10 [ 462.146348][T10731] ? find_held_lock+0x2b/0x80 [ 462.146388][T10731] ? kernfs_root+0xee/0x2a0 [ 462.146422][T10731] ? kernfs_root+0xee/0x2a0 [ 462.146464][T10731] kernfs_new_node+0x11b/0x1a0 [ 462.146512][T10731] kernfs_create_link+0xcc/0x240 [ 462.146583][T10731] sysfs_do_create_link_sd+0x90/0x140 [ 462.146621][T10731] sysfs_create_link+0x61/0xc0 [ 462.146658][T10731] br_sysfs_addif+0x1ae/0x210 [ 462.146697][T10731] br_add_if+0x701/0x1b40 [ 462.146749][T10731] ? security_capable+0x80/0x260 [ 462.146805][T10731] add_del_if+0x114/0x160 [ 462.146860][T10731] br_dev_siocdevprivate+0x8ac/0x1650 [ 462.146918][T10731] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 462.146978][T10731] ? __lock_acquire+0x4a5/0x2630 [ 462.147029][T10731] ? lock_acquire+0x1b1/0x370 [ 462.147074][T10731] ? netdev_name_node_lookup+0x107/0x150 [ 462.147131][T10731] dev_ifsioc+0xc2f/0x1f10 [ 462.147190][T10731] ? __pfx_dev_ifsioc+0x10/0x10 [ 462.147242][T10731] ? __pfx___mutex_lock+0x10/0x10 [ 462.147301][T10731] ? dev_load+0x8e/0x240 [ 462.147350][T10731] ? dev_load+0x8e/0x240 [ 462.147411][T10731] dev_ioctl+0x70e/0x1070 [ 462.147466][T10731] sock_ioctl+0x494/0x6b0 [ 462.147510][T10731] ? __pfx_sock_ioctl+0x10/0x10 [ 462.147551][T10731] ? hook_file_ioctl_common+0x149/0x410 [ 462.147593][T10731] ? __fget_files+0x21f/0x3d0 [ 462.147637][T10731] ? __pfx_sock_ioctl+0x10/0x10 [ 462.147684][T10731] __x64_sys_ioctl+0x18e/0x210 [ 462.147722][T10731] do_syscall_64+0x10b/0xf80 [ 462.147775][T10731] ? clear_bhb_loop+0x40/0x90 [ 462.147817][T10731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.147852][T10731] RIP: 0033:0x7f95da19cdd9 [ 462.147881][T10731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 462.147914][T10731] RSP: 002b:00007f95dafaa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 462.147946][T10731] RAX: ffffffffffffffda RBX: 00007f95da416090 RCX: 00007f95da19cdd9 [ 462.147979][T10731] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 462.148000][T10731] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 462.148020][T10731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.148040][T10731] R13: 00007f95da416128 R14: 00007f95da416090 R15: 00007ffe86c27de8 [ 462.148082][T10731] [ 462.458799][T10731] gretap0: left allmulticast mode [ 462.871208][T10748] block2mtd: illegal erase size [ 466.095141][T10792] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 467.038293][T10805] zswap: compressor qNdEl6/T~ܼ[(K8 B~B"I)TY~bUi۞v [ 467.038293][T10805] 5 r3?恰E not available [ 468.098487][T10832] block2mtd: illegal erase size [ 471.330857][T10862] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 473.348802][T10899] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1099'. [ 473.386480][T10899] netlink: 29 bytes leftover after parsing attributes in process `syz.1.1099'. [ 473.773233][T10893] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 477.552024][T10933] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 479.293055][T10970] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 481.298911][T10994] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 482.936561][T11020] block2mtd: illegal erase size [ 486.405018][T11055] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 487.546112][T11069] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.166646][T11162] bond0: Unable to set down delay as MII monitoring is disabled [ 493.606068][T11161] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 494.231123][T11183] zswap: compressor not available [ 497.531122][T11232] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 499.429123][T11257] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1177'. [ 499.458249][T11257] netlink: 29 bytes leftover after parsing attributes in process `syz.3.1177'. [ 499.767044][T11258] bridge0: port 3(gretap0) entered blocking state [ 499.809398][T11258] bridge0: port 3(gretap0) entered disabled state [ 499.857619][T11258] gretap0: entered allmulticast mode [ 499.872476][T11258] FAULT_INJECTION: forcing a failure. [ 499.872476][T11258] name failslab, interval 1, probability 0, space 0, times 0 [ 499.933618][T11258] CPU: 0 UID: 0 PID: 11258 Comm: syz.2.1174 Not tainted syzkaller #0 PREEMPT(full) [ 499.933651][T11258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 499.933672][T11258] Call Trace: [ 499.933679][T11258] [ 499.933688][T11258] dump_stack_lvl+0x100/0x190 [ 499.933720][T11258] should_fail_ex.cold+0x5/0xa [ 499.933750][T11258] should_failslab+0xc2/0x120 [ 499.933778][T11258] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 499.933816][T11258] ? __kernfs_new_node+0xd2/0x9f0 [ 499.933847][T11258] __kernfs_new_node+0xd2/0x9f0 [ 499.933875][T11258] ? __pfx___kernfs_new_node+0x10/0x10 [ 499.933907][T11258] ? find_held_lock+0x2b/0x80 [ 499.933939][T11258] ? kernfs_root+0xee/0x2a0 [ 499.933962][T11258] ? kernfs_root+0xee/0x2a0 [ 499.933992][T11258] kernfs_new_node+0x11b/0x1a0 [ 499.934026][T11258] __kernfs_create_file+0x53/0x350 [ 499.934065][T11258] sysfs_add_file_mode_ns+0x207/0x3c0 [ 499.934094][T11258] sysfs_create_file_ns+0x145/0x1e0 [ 499.934117][T11258] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 499.934140][T11258] ? kernfs_create_link+0x1bd/0x240 [ 499.934176][T11258] ? kernfs_put+0x3f/0x60 [ 499.934201][T11258] ? sysfs_do_create_link_sd+0xbb/0x140 [ 499.934229][T11258] br_sysfs_addif+0xe4/0x210 [ 499.934256][T11258] br_add_if+0x701/0x1b40 [ 499.934292][T11258] ? security_capable+0x80/0x260 [ 499.934329][T11258] add_del_if+0x114/0x160 [ 499.934371][T11258] br_dev_siocdevprivate+0x8ac/0x1650 [ 499.934411][T11258] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 499.934455][T11258] ? do_raw_spin_lock+0x128/0x260 [ 499.934511][T11258] ? find_held_lock+0x2b/0x80 [ 499.934553][T11258] ? debug_mutex_remove_waiter+0xa8/0x320 [ 499.934596][T11258] ? debug_mutex_remove_waiter+0xa8/0x320 [ 499.934654][T11258] ? netdev_name_node_lookup+0x107/0x150 [ 499.934710][T11258] ? __mutex_lock+0x838/0x1b10 [ 499.934745][T11258] dev_ifsioc+0xc2f/0x1f10 [ 499.934785][T11258] ? __pfx_dev_ifsioc+0x10/0x10 [ 499.934821][T11258] ? __pfx___mutex_lock+0x10/0x10 [ 499.934859][T11258] ? dev_load+0x8e/0x240 [ 499.934893][T11258] ? dev_load+0x8e/0x240 [ 499.934936][T11258] dev_ioctl+0x70e/0x1070 [ 499.934976][T11258] sock_ioctl+0x494/0x6b0 [ 499.935009][T11258] ? __pfx_sock_ioctl+0x10/0x10 [ 499.935038][T11258] ? hook_file_ioctl_common+0x149/0x410 [ 499.935069][T11258] ? __fget_files+0x21f/0x3d0 [ 499.935100][T11258] ? __pfx_sock_ioctl+0x10/0x10 [ 499.935132][T11258] __x64_sys_ioctl+0x18e/0x210 [ 499.935157][T11258] do_syscall_64+0x10b/0xf80 [ 499.935185][T11258] ? clear_bhb_loop+0x40/0x90 [ 499.935214][T11258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.935239][T11258] RIP: 0033:0x7f95da19cdd9 [ 499.935258][T11258] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 499.935281][T11258] RSP: 002b:00007f95dafaa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 499.935303][T11258] RAX: ffffffffffffffda RBX: 00007f95da416090 RCX: 00007f95da19cdd9 [ 499.935318][T11258] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 499.935333][T11258] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 499.935366][T11258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 499.935381][T11258] R13: 00007f95da416128 R14: 00007f95da416090 R15: 00007ffe86c27de8 [ 499.935411][T11258] [ 499.940777][T11258] gretap0: left allmulticast mode [ 500.554815][T11267] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 501.307603][T11272] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 501.601993][T11277] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 501.837059][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.846406][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.343505][T11298] __vm_enough_memory: pid: 11298, comm: syz.0.1183, bytes: 4398046511104 not enough memory for the allocation [ 503.491064][ T30] audit: type=1804 audit(1777498619.563:21): pid=11320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1198" name="/newroot/293/file0" dev="tmpfs" ino=1526 res=1 errno=0 [ 504.308952][T11332] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 504.532596][T11331] bond0: Unable to set down delay as MII monitoring is disabled [ 507.144738][T11328] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 512.827060][T11414] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 518.723977][T11504] bond0: Unable to set down delay as MII monitoring is disabled [ 519.710535][T11512] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1226'. [ 520.149194][T11516] random: crng reseeded on system resumption [ 520.439294][T11520] serio: Serial port ttyS0 [ 520.604164][T11502] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 521.055439][T11534] block2mtd: illegal erase size [ 523.555103][T11571] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1240'. [ 523.634866][T11574] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 524.018582][T11575] bond0: Unable to set down delay as MII monitoring is disabled [ 525.137945][T11572] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 525.378611][T11591] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 527.898990][T11636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1254'. [ 527.961521][T11636] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1254'. [ 528.430949][T11646] bond0: Unable to set down delay as MII monitoring is disabled [ 529.786380][T11643] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 530.059540][T11669] FAULT_INJECTION: forcing a failure. [ 530.059540][T11669] name fail_futex, interval 1, probability 0, space 0, times 0 [ 530.091002][T11669] CPU: 1 UID: 0 PID: 11669 Comm: syz.2.1263 Not tainted syzkaller #0 PREEMPT(full) [ 530.091068][T11669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 530.091089][T11669] Call Trace: [ 530.091101][T11669] [ 530.091114][T11669] dump_stack_lvl+0x100/0x190 [ 530.091156][T11669] should_fail_ex.cold+0x5/0xa [ 530.091198][T11669] get_futex_key+0x1d2/0x1510 [ 530.091235][T11669] ? __pfx_get_futex_key+0x10/0x10 [ 530.091281][T11669] futex_wait_setup+0x83/0x510 [ 530.091334][T11669] __futex_wait+0x19f/0x300 [ 530.091378][T11669] ? __pfx___futex_wait+0x10/0x10 [ 530.091417][T11669] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 530.091459][T11669] ? __pfx_futex_wake_mark+0x10/0x10 [ 530.091504][T11669] ? futex_hash+0x2ad/0x370 [ 530.091534][T11669] ? futex_hash+0x141/0x370 [ 530.091568][T11669] futex_wait+0xe6/0x370 [ 530.091607][T11669] ? __pfx_futex_wait+0x10/0x10 [ 530.091653][T11669] ? ksys_write+0x190/0x250 [ 530.091686][T11669] ? ksys_write+0x190/0x250 [ 530.091728][T11669] do_futex+0x1ef/0x350 [ 530.091761][T11669] ? __pfx_do_futex+0x10/0x10 [ 530.091795][T11669] ? do_set_mempolicy+0x217/0x3d0 [ 530.091842][T11669] ? __pfx_do_set_mempolicy+0x10/0x10 [ 530.091886][T11669] __x64_sys_futex+0x34f/0x4d0 [ 530.091930][T11669] ? __pfx___x64_sys_futex+0x10/0x10 [ 530.091968][T11669] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 530.092018][T11669] ? rcu_is_watching+0x12/0xc0 [ 530.092062][T11669] do_syscall_64+0x10b/0xf80 [ 530.092100][T11669] ? clear_bhb_loop+0x40/0x90 [ 530.092138][T11669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.092172][T11669] RIP: 0033:0x7f95da19cdd9 [ 530.092199][T11669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 530.092230][T11669] RSP: 002b:00007f95dafcb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 530.092260][T11669] RAX: ffffffffffffffda RBX: 00007f95da415fa8 RCX: 00007f95da19cdd9 [ 530.092282][T11669] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f95da415fa8 [ 530.092301][T11669] RBP: 00007f95da415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 530.092320][T11669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 530.092339][T11669] R13: 00007f95da416038 R14: 00007ffe86c27d00 R15: 00007ffe86c27de8 [ 530.092378][T11669] [ 530.900435][T11681] block2mtd: illegal erase size [ 532.921850][T11705] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 533.776945][T11712] syz.2.1270 uses obsolete (PF_INET,SOCK_PACKET) [ 535.267624][T11730] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 537.027138][T11762] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 539.091074][T11778] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.1287'. [ 540.776224][T11812] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 541.097810][T11815] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1293'. [ 541.836346][T11819] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 541.856345][T11822] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 542.394188][T11829] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 542.465757][ T50] Bluetooth: hci1: unexpected subevent 0x0c length: 118 > 5 [ 543.425644][T11852] block2mtd: illegal erase size [ 545.972556][T11890] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 546.492409][T11898] serio: Serial port ttyS0 [ 547.907011][T11928] block2mtd: illegal erase size [ 548.577843][T11935] block2mtd: illegal erase size [ 553.463004][T11943] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.1323'. [ 554.356634][T12002] can: request_module (can-proto-4) failed. [ 558.009814][T12060] netlink: 'syz.3.1350': attribute type 1 has an invalid length. [ 558.057398][T12060] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1350'. [ 558.227628][T12061] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 559.639894][T12080] capability: warning: `syz.3.1355' uses 32-bit capabilities (legacy support in use) [ 560.049659][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 560.306519][T12085] futex_wake_op: syz.1.1356 tries to shift op by -2048; fix this program [ 560.346582][T12085] futex_wake_op: syz.1.1356 tries to shift op by -2048; fix this program [ 562.533121][T12123] block2mtd: illegal erase size [ 563.271945][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.281599][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.820061][T12141] netlink: 'syz.0.1367': attribute type 1 has an invalid length. [ 563.839526][T12141] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1367'. [ 567.039305][T12184] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 571.368593][T12228] netlink: 'syz.2.1390': attribute type 1 has an invalid length. [ 571.392760][T12228] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1390'. [ 572.575473][T12205] kexec: Could not allocate control_code_buffer [ 572.965077][T12240] block2mtd: illegal erase size [ 573.574632][T12244] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 576.864666][T12277] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 579.743525][T12311] block2mtd: illegal erase size [ 579.906377][T12086] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 581.022273][T12316] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 582.031636][T12338] bond0: Unable to set down delay as MII monitoring is disabled [ 583.759310][T12331] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 584.702933][T12086] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 586.889880][T12380] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 587.933875][T12392] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 588.651770][T12409] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 591.258784][T12443] block2mtd: illegal erase size [ 592.120966][T12453] block2mtd: illegal erase size [ 594.375725][T12476] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 595.688370][T12497] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 595.846053][T12487] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 595.905288][T12487] File: /dev/nullb0 PID: 12487 Comm: syz.3.1444 [ 599.035160][T12533] block2mtd: illegal erase size [ 601.428825][T12544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1458'. [ 603.518762][T12564] smpboot: CPU 1 is now offline [ 605.769646][T12086] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 606.073169][T12590] futex_wake_op: syz.3.1468 tries to shift op by -2048; fix this program [ 606.290204][T12590] futex_wake_op: syz.3.1468 tries to shift op by -2048; fix this program [ 620.710771][T12701] block2mtd: illegal erase size [ 621.468371][T12715] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 624.185459][T12739] netlink: 222 bytes leftover after parsing attributes in process `syz.3.1499'. [ 624.334706][T12744] block2mtd: illegal erase size [ 624.706694][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.715187][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.153543][T12757] futex_wake_op: syz.1.1511 tries to shift op by -2048; fix this program [ 626.224931][T12758] netlink: 222 bytes leftover after parsing attributes in process `syz.3.1504'. [ 627.943336][T12780] block2mtd: illegal erase size [ 630.134634][T12785] netlink: 222 bytes leftover after parsing attributes in process `syz.2.1510'. [ 631.065881][T12764] kexec: Could not allocate control_code_buffer [ 631.630403][T12806] block2mtd: illegal erase size [ 632.983461][T12819] netlink: 222 bytes leftover after parsing attributes in process `syz.0.1515'. [ 633.850684][T12830] futex_wake_op: syz.0.1517 tries to shift op by -2048; fix this program [ 634.008384][T12830] futex_wake_op: syz.0.1517 tries to shift op by -2048; fix this program [ 634.044475][T12835] sysfs_service_op_show: Client not running :-5: [ 634.600751][T12824] 0x000000000001-0x000000020000 : "" [ 634.985143][T12846] can: request_module (can-proto-0) failed. [ 635.268156][T12824] ftl_cs: FTL header corrupt! [ 636.950136][T12871] netlink: 222 bytes leftover after parsing attributes in process `syz.2.1526'. [ 637.075534][T12858] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.1523'. [ 638.528179][T12891] netlink: 222 bytes leftover after parsing attributes in process `syz.3.1530'. [ 639.521782][T12902] netlink: 222 bytes leftover after parsing attributes in process `syz.3.1533'. [ 641.241530][T12895] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 641.359036][T12895] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 641.451459][T12895] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 641.613555][T12923] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 641.885740][T12895] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 642.024653][T12895] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 642.290207][T12895] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 642.944232][T12086] Bluetooth: hci0: command 0x0c1a tx timeout [ 643.358503][T12938] block2mtd: illegal erase size [ 643.423338][T12086] Bluetooth: hci1: command 0x0c1a tx timeout [ 643.903851][T12086] Bluetooth: hci2: command 0x0c1a tx timeout [ 643.960938][T12942] netlink: 222 bytes leftover after parsing attributes in process `syz.1.1540'. [ 644.107685][T12086] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 644.303037][ T5624] Bluetooth: hci3: command 0x0c1a tx timeout [ 644.482351][T12949] futex_wake_op: syz.0.1541 tries to shift op by -2048; fix this program [ 644.728838][T12949] futex_wake_op: syz.0.1541 tries to shift op by -2048; fix this program [ 645.258812][T12955] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 645.503147][ T5624] Bluetooth: hci1: command 0x0c1a tx timeout [ 645.983213][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 648.875580][T12978] netlink: 222 bytes leftover after parsing attributes in process `syz.1.1546'. [ 651.675967][T13006] netlink: 222 bytes leftover after parsing attributes in process `syz.0.1550'. [ 654.998583][ T5624] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 655.363639][T13050] futex_wake_op: syz.2.1553 tries to shift op by -2048; fix this program [ 655.623906][T13050] futex_wake_op: syz.2.1553 tries to shift op by -2048; fix this program [ 655.878641][T13038] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 656.100937][T13038] File: /dev/nullb0 PID: 13038 Comm: syz.0.1561 [ 657.180424][T13068] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 658.401997][T13081] futex_wake_op: syz.0.1560 tries to shift op by -2048; fix this program [ 660.671087][T13098] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1563'. [ 660.861887][T13098] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 661.102149][T13098] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 666.070439][T13149] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 666.378727][T13144] futex_wake_op: syz.3.1572 tries to shift op by -2048; fix this program [ 666.675178][T13144] futex_wake_op: syz.3.1572 tries to shift op by -2048; fix this program [ 667.803977][T13162] netlink: 222 bytes leftover after parsing attributes in process `syz.2.1574'. [ 668.201908][T13173] device-mapper: ioctl: Invalid ioctl structure: name d, dev 3000000000 [ 669.849430][T13186] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1579'. [ 670.122138][T13193] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 671.829139][T13210] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 673.733257][T13223] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 674.437583][T13231] can: request_module (can-proto-0) failed. [ 674.466544][T13226] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 677.237493][T13267] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 678.402427][T13270] futex_wake_op: syz.3.1596 tries to shift op by -2048; fix this program [ 679.784760][T13291] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 683.003272][T13325] futex_wake_op: syz.2.1607 tries to shift op by -2048; fix this program [ 683.266800][T13325] futex_wake_op: syz.2.1607 tries to shift op by -2048; fix this program [ 684.758600][T13348] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 685.105891][T13350] smpboot: CPU 1 is now offline [ 686.145938][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.157260][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.096100][T13378] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 691.517144][T13376] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.1615'. [ 693.408724][T13431] can: request_module (can-proto-0) failed. [ 693.971815][T13441] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 695.396708][T13461] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1627'. [ 695.490734][T13467] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1627'. [ 699.041790][T13509] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.1634'. [ 699.576100][T13507] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 700.545818][T13511] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 701.172928][T13512] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 701.525192][T13514] futex_wake_op: syz.2.1636 tries to shift op by -2048; fix this program [ 703.769370][T13522] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.1638'. [ 710.860790][T13607] ================================================================== [ 710.860812][T13607] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 710.860859][T13607] Write of size 8 at addr ffffc90004ad9000 by task syz.2.1654/13607 [ 710.860879][T13607] [ 710.860894][T13607] CPU: 0 UID: 0 PID: 13607 Comm: syz.2.1654 Tainted: G L syzkaller #0 PREEMPT(full) [ 710.860927][T13607] Tainted: [L]=SOFTLOCKUP [ 710.860936][T13607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 710.860951][T13607] Call Trace: [ 710.860959][T13607] [ 710.860968][T13607] dump_stack_lvl+0x100/0x190 [ 710.860995][T13607] print_report+0x13d/0x4b0 [ 710.861029][T13607] ? _raw_spin_lock_irqsave+0x52/0x60 [ 710.861058][T13607] ? sys_fillrect+0x174a/0x1910 [ 710.861091][T13607] kasan_report+0xdf/0x1d0 [ 710.861119][T13607] ? sys_fillrect+0x174a/0x1910 [ 710.861164][T13607] sys_fillrect+0x174a/0x1910 [ 710.861204][T13607] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 710.861233][T13607] bit_clear+0x17d/0x220 [ 710.861261][T13607] ? __pfx_bit_clear+0x10/0x10 [ 710.861289][T13607] ? fb_get_color_depth+0x120/0x250 [ 710.861314][T13607] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 710.861352][T13607] __fbcon_clear+0x633/0x760 [ 710.861377][T13607] ? __pfx_bit_clear+0x10/0x10 [ 710.861407][T13607] fbcon_scroll+0x314/0x650 [ 710.861432][T13607] con_scroll+0x464/0x690 [ 710.861468][T13607] csi_ECMA.constprop.0+0xc57/0x3b60 [ 710.861505][T13607] ? find_held_lock+0x2b/0x80 [ 710.861536][T13607] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 710.861578][T13607] do_con_write+0x3946/0x4a10 [ 710.861617][T13607] ? trace_contention_end+0x122/0x170 [ 710.861651][T13607] ? __pfx_do_con_write+0x10/0x10 [ 710.861694][T13607] con_write+0x23/0xb0 [ 710.861729][T13607] n_tty_write+0x431/0x11c0 [ 710.861760][T13607] ? __pfx_n_tty_write+0x10/0x10 [ 710.861784][T13607] ? trace_kmalloc+0xe3/0x110 [ 710.861812][T13607] ? __pfx_woken_wake_function+0x10/0x10 [ 710.861842][T13607] ? rcu_is_watching+0x12/0xc0 [ 710.861871][T13607] ? file_tty_write.isra.0+0x694/0x890 [ 710.861906][T13607] ? kfree+0x1dd/0x6c0 [ 710.861939][T13607] ? __pfx_n_tty_write+0x10/0x10 [ 710.861964][T13607] file_tty_write.isra.0+0x4d2/0x890 [ 710.862003][T13607] redirected_tty_write+0xd4/0x120 [ 710.862038][T13607] vfs_write+0x6ac/0x1070 [ 710.862066][T13607] ? __pfx_redirected_tty_write+0x10/0x10 [ 710.862103][T13607] ? __pfx_vfs_write+0x10/0x10 [ 710.862128][T13607] ? find_held_lock+0x2b/0x80 [ 710.862174][T13607] ksys_write+0x12a/0x250 [ 710.862200][T13607] ? __pfx_ksys_write+0x10/0x10 [ 710.862228][T13607] ? rcu_is_watching+0x12/0xc0 [ 710.862259][T13607] do_syscall_64+0x10b/0xf80 [ 710.862288][T13607] ? clear_bhb_loop+0x40/0x90 [ 710.862316][T13607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.862341][T13607] RIP: 0033:0x7f95da19cdd9 [ 710.862361][T13607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 710.862386][T13607] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 710.862409][T13607] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 710.862425][T13607] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 710.862441][T13607] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 710.862456][T13607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 710.862470][T13607] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 710.862494][T13607] [ 710.862503][T13607] [ 710.862515][T13607] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc900047d9000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 710.862558][T13607] Memory state around the buggy address: [ 710.862571][T13607] ffffc90004ad8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 710.862592][T13607] ffffc90004ad8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 710.862610][T13607] >ffffc90004ad9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 710.862623][T13607] ^ [ 710.862635][T13607] ffffc90004ad9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 710.862652][T13607] ffffc90004ad9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 710.862666][T13607] ================================================================== [ 710.886325][T13607] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 710.886353][T13607] CPU: 0 UID: 0 PID: 13607 Comm: syz.2.1654 Tainted: G L syzkaller #0 PREEMPT(full) [ 710.886390][T13607] Tainted: [L]=SOFTLOCKUP [ 710.886399][T13607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 710.886415][T13607] Call Trace: [ 710.886424][T13607] [ 710.886433][T13607] dump_stack_lvl+0x100/0x190 [ 710.886465][T13607] vpanic+0x552/0x970 [ 710.886489][T13607] ? __pfx_vpanic+0x10/0x10 [ 710.886518][T13607] ? sys_fillrect+0x174a/0x1910 [ 710.886554][T13607] panic+0xd1/0xe0 [ 710.886580][T13607] ? __pfx_panic+0x10/0x10 [ 710.886604][T13607] ? sys_fillrect+0x174a/0x1910 [ 710.886640][T13607] ? preempt_schedule_common+0x42/0xc0 [ 710.886674][T13607] check_panic_on_warn.cold+0x19/0x34 [ 710.886701][T13607] end_report.part.0+0x3a/0x90 [ 710.886738][T13607] kasan_report.cold+0xe/0x18 [ 710.886776][T13607] ? sys_fillrect+0x174a/0x1910 [ 710.886815][T13607] sys_fillrect+0x174a/0x1910 [ 710.886857][T13607] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 710.886887][T13607] bit_clear+0x17d/0x220 [ 710.886915][T13607] ? __pfx_bit_clear+0x10/0x10 [ 710.886945][T13607] ? fb_get_color_depth+0x120/0x250 [ 710.886971][T13607] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 710.887011][T13607] __fbcon_clear+0x633/0x760 [ 710.887038][T13607] ? __pfx_bit_clear+0x10/0x10 [ 710.887082][T13607] fbcon_scroll+0x314/0x650 [ 710.887110][T13607] con_scroll+0x464/0x690 [ 710.887153][T13607] csi_ECMA.constprop.0+0xc57/0x3b60 [ 710.887192][T13607] ? find_held_lock+0x2b/0x80 [ 710.887226][T13607] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 710.887270][T13607] do_con_write+0x3946/0x4a10 [ 710.887307][T13607] ? trace_contention_end+0x122/0x170 [ 710.887342][T13607] ? __pfx_do_con_write+0x10/0x10 [ 710.887386][T13607] con_write+0x23/0xb0 [ 710.887424][T13607] n_tty_write+0x431/0x11c0 [ 710.887456][T13607] ? __pfx_n_tty_write+0x10/0x10 [ 710.887481][T13607] ? trace_kmalloc+0xe3/0x110 [ 710.887510][T13607] ? __pfx_woken_wake_function+0x10/0x10 [ 710.887541][T13607] ? rcu_is_watching+0x12/0xc0 [ 710.887571][T13607] ? file_tty_write.isra.0+0x694/0x890 [ 710.887607][T13607] ? kfree+0x1dd/0x6c0 [ 710.887642][T13607] ? __pfx_n_tty_write+0x10/0x10 [ 710.887668][T13607] file_tty_write.isra.0+0x4d2/0x890 [ 710.887709][T13607] redirected_tty_write+0xd4/0x120 [ 710.887746][T13607] vfs_write+0x6ac/0x1070 [ 710.887779][T13607] ? __pfx_redirected_tty_write+0x10/0x10 [ 710.887819][T13607] ? __pfx_vfs_write+0x10/0x10 [ 710.887845][T13607] ? find_held_lock+0x2b/0x80 [ 710.887887][T13607] ksys_write+0x12a/0x250 [ 710.887914][T13607] ? __pfx_ksys_write+0x10/0x10 [ 710.887943][T13607] ? rcu_is_watching+0x12/0xc0 [ 710.887975][T13607] do_syscall_64+0x10b/0xf80 [ 710.888006][T13607] ? clear_bhb_loop+0x40/0x90 [ 710.888034][T13607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.888061][T13607] RIP: 0033:0x7f95da19cdd9 [ 710.888082][T13607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 710.888108][T13607] RSP: 002b:00007f95dafcb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 710.888139][T13607] RAX: ffffffffffffffda RBX: 00007f95da415fa0 RCX: 00007f95da19cdd9 [ 710.888157][T13607] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 710.888173][T13607] RBP: 00007f95da232d69 R08: 0000000000000000 R09: 0000000000000000 [ 710.888189][T13607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 710.888205][T13607] R13: 00007f95da416038 R14: 00007f95da415fa0 R15: 00007ffe86c27de8 [ 710.888230][T13607] [ 710.888302][T13607] Kernel Offset: disabled