last executing test programs: 6.11519113s ago: executing program 2 (id=1570): unshare$auto(0x40000080) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time\x00') setns(r0, 0x40000000) r1 = socket(0xa, 0x5, 0x0) ioctl$auto(r1, 0x8903, 0x8) mmap$auto(0x10000000000001, 0x3, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, 0x0, 0x800) unshare$auto(0x40000080) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r2, &(0x7f00000056c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) mmap$auto(0x100002, 0x4020007, 0xdb, 0xeb1, 0xffffffffffffffff, 0x1c56) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb2, 0x4, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, 0x6) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x1c, r5, 0x27c9d9d5b13b6c03, 0x70bd25, 0x25dfdbfd, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) 4.864552228s ago: executing program 2 (id=1573): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x204c0, 0x0) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x2000, 0x0) sysinfo$auto(0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/fail-nth\x00', 0x40, 0x0) writev$auto(r3, 0x0, 0x3) getsockopt$auto(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) unshare$auto(0x40000080) ioctl$auto_SNDCTL_DSP_STEREO(r0, 0xc0045003, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0xe8) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r4, 0x28000) r6 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000007380)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x109041, 0x0) write$auto(r6, 0x0, 0x40) 4.687457299s ago: executing program 0 (id=1574): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) socket(0x10, 0x2, 0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6gre0/power/control\x00', 0x10b142, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000280)={{0x3, 0x10000, 0x0, 0x7, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) readv$auto(r1, &(0x7f00000000c0)={0x0, 0x1}, 0x6) mmap$auto(0x0, 0xff, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r1, 0x5420, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vhci_hcd.0/usb10/10-0:1.0/usb10-port2/power/autosuspend_delay_ms\x00', 0x1000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) 4.643112564s ago: executing program 1 (id=1575): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0xe43, 0xd, 0x10400, 0xe, 0x4, 0x80000000, 0xffffffffffffffff, [0x0, 0x0, 0x20000000], {0x5, 0x6, 0x8c48, 0x2a3, 0x100, 0x7ffffffb, 0x100101, 0x6, 0x9340}, {0xf8, 0x1, 0x1001, 0x1, 0x9, 0x40, 0x76c5, 0x8, 0x9}}) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x401) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r1, 0x0, 0xc801) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) execve$auto(0x0, 0x0, &(0x7f0000000100)=0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) prctl$auto(0x1d, 0xfffffffffffffffb, 0x8, 0x10000005, 0xfffffffffffffff9) clock_nanosleep$auto(0x7, 0x7fff, &(0x7f0000000000)={0x5, 0x5}, 0x0) write$auto(r2, 0x0, 0x81) r3 = openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/mounts\x00', 0xaa080, 0x0) pread64$auto(r3, 0x0, 0x3c02, 0x100007) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getpid() gettid() 4.607266342s ago: executing program 3 (id=1576): mmap$auto(0x0, 0x20009, 0x4000000002df, 0xeb1, 0x401, 0x8000) r0 = prctl$auto(0x1000000003b, 0x2, 0x0, 0x3, 0x2a) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="00010000", @ANYRES16=0x0, @ANYBLOB="000326bd7000fcdbdf2503000000790008805b4f2525b2dc3a73ec37e7122e6f0d55382854d419b883b7ed64bd3c7b9fb15273e787030718751e0a22cc6cabcae114aa6448d0356183e1ca7c01536c5c6f37915b26a3e75515ab02807fe932b8a415a581dcdc7800f91e231c001d800400d3800c002000f3000000002b3c0c7e9b52baf56fe40000000008008c00ac1414aa000000700002806a00e400addd3588300c750bd8c6341eedf20d260a37a63d761fd730c00d02e9ba0a478e7a2f6629a6ad62011d9ab5dc40c92828"], 0x100}, 0x1, 0x0, 0x0, 0x8000}, 0x42) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_register$auto_IORING_REGISTER_ENABLE_RINGS(r0, 0xc, &(0x7f0000000080)="e2a24d403c48b274bba86b36c48148aeda1822f347c637d16fc9b4a7b5bd66b4e8adda5d0fba743106c8deecf997e060395f5eb68c692afed3087c2007d9417d9b440d75b415e8bb8a14a10e0e6a4866081580bd3b35447aa486cac9103d441c227979a339c1f5473576c41a20e7464fc2aee09cf5bb7dfa9f0b540c64c0ccd0f1a5d0623a63cf3102", 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x40400, 0x48) setitimer$auto(0x2, &(0x7f0000000040)={{0x0, 0x5}, {0x0, 0x8}}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) getitimer$auto_ITIMER_PROF(0x2, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0x63, 0x0, 0x0, 0x0, 0x1002, 0x8, 0x80000008000000a, 0x40000402, 0x9, 0x8, 0xffffffff80000000, 0x800000000000d, 0x6, 0x240000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r2 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x10000) listxattrat$auto(r1, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x6) 4.101793788s ago: executing program 0 (id=1577): socket(0x11, 0x2, 0x9) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x82002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cgroup\x00', 0x100382, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/netdevsim3/delay_first_probe_time\x00', 0x2400, 0x0) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0xd1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 3.612540677s ago: executing program 0 (id=1578): socket(0x10, 0x2, 0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6gre0/power/control\x00', 0x10b142, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x10000, 0x0, 0x7, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x1}, 0x6) mmap$auto(0x0, 0xff, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x2, 0x1, 0x0) setsockopt$auto(r3, 0x6, 0x20, 0x0, 0x40) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r2, 0x5420, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vhci_hcd.0/usb10/10-0:1.0/usb10-port2/power/autosuspend_delay_ms\x00', 0x1000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 3.448637771s ago: executing program 3 (id=1579): close_range$auto(0x2, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) mknod$auto(&(0x7f0000000180)='./file0\x00', 0x1001, 0x804) open(&(0x7f0000000000)='./file0\x00', 0x28400, 0x82) open(&(0x7f00000001c0)='./file0\x00', 0x40841, 0x118) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x2012, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 3.039084652s ago: executing program 3 (id=1580): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0xfffffff5, 0x0, 0x5) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) readv$auto(0x3, &(0x7f0000000600)={0x0, 0x4}, 0x1da) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x40401, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x4010ae67, 0x38) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x60040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.585237245s ago: executing program 2 (id=1581): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.throttle.read_bps_device\x00', 0x2002, 0x0) mount$auto(0x0, &(0x7f0000000080)='}[,&*}\x00', 0x0, 0x80000, 0x0) write$auto_tty_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x183d02, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(0x0, 0x6) shmctl$auto_SHM_UNLOCK(0x200, 0xc, 0x0) sendmsg$auto_OVS_METER_CMD_SET(r2, 0x0, 0x40) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='./file0\x00') openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci1/rfkill6/power\x00', 0x280400, 0x0) rename$auto(&(0x7f0000000000)='./file0\x00', 0x0) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), 0xffffffffffffffff) unshare$auto(0x40000080) 2.581930883s ago: executing program 1 (id=1589): ioprio_get$auto(0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socket(0x2b, 0x1, 0x1) ioctl$auto(r2, 0x8983, 0x4) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x1, 0x4, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x8, 0x3, 0x2, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x8, 0x4, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x5, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0xf93, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x8, 0x1000, 0x40004545, 0x4, 0x2000000000000a, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x1, 0x4, 0x800000, 0x5, 0x80, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x2, 0x9, 0x8, 0x80000001]}, 0x40, 0x36) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/134, 0x86) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto_SO_DETACH_REUSEPORT_BPF(0xffffffffffffffff, 0x2, 0x44, &(0x7f0000000180)='\x00', 0x7) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 2.429615848s ago: executing program 0 (id=1582): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000002180), 0x100, 0x0) eventfd$auto(0x3) pipe$auto(0x0) socket(0xa, 0x2, 0x88) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, r0, 0x8000) ioctl$auto_TCFLSH2(r1, 0x40204706, 0x0) 1.345475893s ago: executing program 2 (id=1583): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x121d02, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x622340, 0x0) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000002180), 0x100, 0x0) eventfd$auto(0x3) pipe$auto(0x0) socket(0xa, 0x2, 0x88) socketpair$auto(0x1e, 0x1, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, r0, 0x8000) ioctl$auto_TCFLSH2(r1, 0x40384708, 0x0) 1.34465405s ago: executing program 1 (id=1592): mmap$auto(0x0, 0x9bc, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x2, 0x801, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x15, 0x5, 0x0) socket(0x10, 0x2, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r0, @ANYRES32], 0x18}, 0x1, 0x2000}, 0x80) 1.183245596s ago: executing program 3 (id=1584): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/wlan1/mcast_solicit\x00', 0x2000, 0x0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x301, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.3/usb4/power/wakeup_last_time_ms\x00', 0x200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x108002, 0x0) epoll_create$auto(0x3e) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) eventfd$auto(0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd5/queue/iosched/front_merges\x00', 0xc0202, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x40384708, 0x0) 1.027362348s ago: executing program 2 (id=1585): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) socket(0x10, 0x2, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6gre0/power/control\x00', 0x10b142, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x10000, 0x0, 0x7, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x1}, 0x6) mmap$auto(0x0, 0xff, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x2, 0x1, 0x0) setsockopt$auto(r3, 0x6, 0x20, 0x0, 0x40) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r2, 0x5420, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/vhci_hcd.0/usb10/10-0:1.0/usb10-port2/power/autosuspend_delay_ms\x00', 0x1000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 900.415699ms ago: executing program 1 (id=1586): close_range$auto(0x2, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) mknod$auto(&(0x7f0000000180)='./file0\x00', 0x1001, 0x804) open(&(0x7f0000000000)='./file0\x00', 0x28400, 0x82) open(&(0x7f00000001c0)='./file0\x00', 0x40841, 0x118) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x2012, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) pread64$auto(r1, 0x0, 0x40000000f42c, 0x2) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r2 = open(&(0x7f0000000140)='./file0\x00', 0x3ac41, 0xe2) ioctl$auto_XFS_IOC_FREESP64(r2, 0x40305825, &(0x7f0000000180)={0x7f, 0x1, 0x1, 0x2, 0xffffffff}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) 585.865103ms ago: executing program 3 (id=1587): r0 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x2012, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), r0) 502.923207ms ago: executing program 3 (id=1588): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) clock_getres$auto(0x8000400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SG_GET_NUM_WAITING(r0, 0x227d, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x2) mmap$auto(0x0, 0x400005, 0x40df, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) r2 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, r2, 0x454f, 0x5f, 0x0, 0x3f, r2, 0x80000001}, 0x6d4) 473.900487ms ago: executing program 0 (id=1590): bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) 311.913105ms ago: executing program 1 (id=1591): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x100382, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 223.210255ms ago: executing program 0 (id=1593): openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/erspan0/queues/tx-0/byte_queue_limits/hold_time\x00', 0x2, 0x0) read$auto_ptdump_curusr_fops_(r0, &(0x7f0000000400)=""/76, 0x4c) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x86840, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x309502, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r1, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/midiC2D2\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2, 0x1, 0x106) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) lsm_get_self_attr$auto(0x64, 0x0, &(0x7f0000002440)=0x1ff, 0x0) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyuf\x00', 0x102, 0x0) 34.399257ms ago: executing program 1 (id=1594): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) lseek$auto(0x3, 0x2, 0x4) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2280, 0x0) socket(0x1e, 0x1, 0x0) lsm_set_self_attr$auto(0x11, 0x0, 0x7e, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000016c0)='/dev/snd/controlC0\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f0000001700)={@inferred, 0xc, 0x3, 0x9, "9d4724b76f4d07faf46cb94d85033d940fdf05ecff75c12163ddeab942ed73d07dadd6f419694d591eca8162"}) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/ping_group_range\x00', 0x202, 0x0) write$auto(r2, &(0x7f00000000c0)='\\\xf3%\x00', 0x8) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x0, 0x9, 0x8, 0x8, 0x1, 0x5, 0x7, 0x5d, 0x0, 0x3ff, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x0, 0x4, 0x0, 0x0, 0xe3a, 0x3]}, 0x400, 0x81) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x304, 0xfffffffe, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0xfffffffc}, 0x3, 0x3, 0x4, @inferred, @integer={0x3, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada8dbdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendfile$auto(r0, r4, 0x0, 0x1) 0s ago: executing program 2 (id=1595): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x26c982, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyu3\x00', 0x1, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, &(0x7f0000000080)) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffe, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x0) getresgid$auto(0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x180342, 0x0) msgget$auto(0x0, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgsnd$auto(0x0, &(0x7f0000000040)={0x5}, 0x1000, 0x4) msgctl$auto(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): .482728][T10051] R13: 00007fc034bc6038 R14: 00007fc034bc5fa0 R15: 00007ffed7d632f8 [ 428.482767][T10051] [ 428.951498][T10051] net_ratelimit: 63 callbacks suppressed [ 428.951571][T10051] netlink: zone id is out of range [ 429.110478][T10051] netlink: zone id is out of range [ 429.146878][T10051] netlink: zone id is out of range [ 429.152192][T10051] netlink: zone id is out of range [ 429.165774][T10051] netlink: zone id is out of range [ 429.171084][T10051] netlink: zone id is out of range [ 429.185059][T10051] netlink: zone id is out of range [ 429.195324][T10051] netlink: zone id is out of range [ 429.236580][T10051] netlink: zone id is out of range [ 429.269146][T10058] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 1966 with max blocks 1 with error 117 [ 429.272009][T10051] netlink: zone id is out of range [ 429.323326][T10058] EXT4-fs (sda1): This should not happen!! Data will be lost [ 429.323326][T10058] [ 429.493625][T10057] zswap: compressor not available [ 429.507058][T10061] Setting dangerous option i915.mitigations - tainting kernel [ 430.042370][T10068] random: crng reseeded on system resumption [ 430.150225][T10074] netlink: 28 bytes leftover after parsing attributes in process `syz.0.914'. [ 430.184131][T10074] geneve1: entered promiscuous mode [ 430.232832][T10074] geneve1: entered allmulticast mode [ 430.259050][T10074] netlink: 28 bytes leftover after parsing attributes in process `syz.0.914'. [ 432.687412][T10106] __vm_enough_memory: pid: 10106, comm: syz.0.912, bytes: 4398046511104 not enough memory for the allocation [ 433.016296][T10095] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.1.909: Error -117 reading block bitmap for 3 [ 433.075525][T10095] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.1.909: Error -117 reading block bitmap for 3 [ 433.129529][T10095] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.1.909: Error -117 reading block bitmap for 3 [ 433.176320][T10095] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.1.909: Error -117 reading block bitmap for 3 [ 434.040966][T10123] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.1.917: bg 4: bad block bitmap checksum [ 434.120546][T10123] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 434.150526][T10123] EXT4-fs (sda1): This should not happen!! Data will be lost [ 434.150526][T10123] [ 434.506694][T10131] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 434.519598][T10131] EXT4-fs (sda1): This should not happen!! Data will be lost [ 434.519598][T10131] [ 434.764706][T10133] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 434.948754][T10133] EXT4-fs (sda1): This should not happen!! Data will be lost [ 434.948754][T10133] [ 434.988964][T10137] random: crng reseeded on system resumption [ 436.124399][T10132] kexec: Could not allocate control_code_buffer [ 438.712384][T10189] netlink: 29 bytes leftover after parsing attributes in process `syz.3.932'. [ 439.100012][T10191] random: crng reseeded on system resumption [ 439.354008][T10196] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.3.934: Error -117 reading block bitmap for 4 [ 440.410444][T10211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.937'. [ 440.420650][T10211] netlink: 354 bytes leftover after parsing attributes in process `syz.2.937'. [ 441.709006][T10227] zswap: compressor not available [ 442.633144][T10247] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.945: bg 5: bad block bitmap checksum [ 442.647586][T10247] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 442.660128][T10247] EXT4-fs (sda1): This should not happen!! Data will be lost [ 442.660128][T10247] [ 443.174271][T10255] random: crng reseeded on system resumption [ 444.629854][T10251] kexec: Could not allocate control_code_buffer [ 445.939361][T10284] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 445.954045][T10284] EXT4-fs (sda1): This should not happen!! Data will be lost [ 445.954045][T10284] [ 445.997864][T10284] netlink: 28 bytes leftover after parsing attributes in process `syz.1.952'. [ 448.633275][T10321] Process accounting paused [ 448.786472][T10341] Console: switching to colour VGA+ 80x25 [ 449.031370][T10343] Console: switching to colour frame buffer device 128x48 [ 449.548004][T10350] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 449.602868][T10350] EXT4-fs (sda1): This should not happen!! Data will be lost [ 449.602868][T10350] [ 450.035990][T10358] zswap: compressor not available [ 450.580747][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.587361][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 450.630861][T10387] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 450.645735][T10388] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 450.706083][T10388] FAULT_INJECTION: forcing a failure. [ 450.706083][T10388] name failslab, interval 1, probability 0, space 0, times 0 [ 450.734737][T10388] CPU: 1 UID: 0 PID: 10388 Comm: syz.2.971 Tainted: G U syzkaller #0 PREEMPT(full) [ 450.734793][T10388] Tainted: [U]=USER [ 450.734805][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 450.734825][T10388] Call Trace: [ 450.734836][T10388] [ 450.734848][T10388] dump_stack_lvl+0x16c/0x1f0 [ 450.734900][T10388] should_fail_ex+0x512/0x640 [ 450.734947][T10388] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 450.734994][T10388] should_failslab+0xc2/0x120 [ 450.735038][T10388] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 450.735083][T10388] ? proc_alloc_inode+0x25/0x200 [ 450.735134][T10388] ? __pfx_proc_alloc_inode+0x10/0x10 [ 450.735187][T10388] proc_alloc_inode+0x25/0x200 [ 450.735229][T10388] alloc_inode+0x64/0x240 [ 450.735279][T10388] new_inode+0x22/0x1c0 [ 450.735332][T10388] proc_pid_make_inode+0x22/0x160 [ 450.735379][T10388] proc_pident_instantiate+0x85/0x310 [ 450.735430][T10388] proc_fill_cache+0x361/0x470 [ 450.735475][T10388] ? __pfx_proc_pident_instantiate+0x10/0x10 [ 450.735524][T10388] ? __pfx_proc_fill_cache+0x10/0x10 [ 450.735628][T10388] proc_pident_readdir+0x1bc/0x530 [ 450.735686][T10388] iterate_dir+0x296/0xaf0 [ 450.735726][T10388] __x64_sys_getdents+0x13c/0x2b0 [ 450.735760][T10388] ? __pfx___x64_sys_getdents+0x10/0x10 [ 450.735795][T10388] ? __pfx_filldir+0x10/0x10 [ 450.735842][T10388] do_syscall_64+0xcd/0x490 [ 450.735893][T10388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.735927][T10388] RIP: 0033:0x7f729998ebe9 [ 450.735955][T10388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.735991][T10388] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 450.736024][T10388] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 450.736047][T10388] RDX: 00000000000003f1 RSI: 0000000000000000 RDI: 0000000000000007 [ 450.736068][T10388] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 450.736090][T10388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.736111][T10388] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 450.736163][T10388] [ 450.954441][ C1] vkms_vblank_simulate: vblank timer overrun [ 451.223914][T10394] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 451.379165][ T1090] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1393 with max blocks 6 with error 117 [ 451.409397][T10403] FAULT_INJECTION: forcing a failure. [ 451.409397][T10403] name failslab, interval 1, probability 0, space 0, times 0 [ 451.422389][T10403] CPU: 0 UID: 0 PID: 10403 Comm: syz.1.977 Tainted: G U syzkaller #0 PREEMPT(full) [ 451.422441][T10403] Tainted: [U]=USER [ 451.422453][T10403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 451.422474][T10403] Call Trace: [ 451.422485][T10403] [ 451.422498][T10403] dump_stack_lvl+0x16c/0x1f0 [ 451.422551][T10403] should_fail_ex+0x512/0x640 [ 451.422600][T10403] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 451.422650][T10403] should_failslab+0xc2/0x120 [ 451.422696][T10403] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 451.422741][T10403] ? nlmsg_notify+0xac/0x220 [ 451.422797][T10403] ? nlmsg_notify+0x11e/0x220 [ 451.422840][T10403] ? __devinet_sysctl_register+0xbc/0x360 [ 451.422899][T10403] kmemdup_noprof+0x29/0x60 [ 451.422943][T10403] __devinet_sysctl_register+0xbc/0x360 [ 451.423000][T10403] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 451.423058][T10403] ? devinet_init_net+0xeb/0x910 [ 451.423113][T10403] ? __asan_memcpy+0x3c/0x60 [ 451.423152][T10403] devinet_init_net+0x347/0x910 [ 451.423207][T10403] ? __pfx_devinet_init_net+0x10/0x10 [ 451.423260][T10403] ops_init+0x1e2/0x5f0 [ 451.423305][T10403] setup_net+0x10f/0x380 [ 451.423344][T10403] ? lockdep_init_map_type+0x5c/0x280 [ 451.423388][T10403] ? __pfx_setup_net+0x10/0x10 [ 451.423440][T10403] ? debug_mutex_init+0x37/0x70 [ 451.423477][T10403] copy_net_ns+0x2a6/0x5f0 [ 451.423534][T10403] create_new_namespaces+0x3ea/0xa90 [ 451.423584][T10403] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 451.423627][T10403] ksys_unshare+0x45b/0xa40 [ 451.423673][T10403] ? __pfx_ksys_unshare+0x10/0x10 [ 451.423721][T10403] ? xfd_validate_state+0x61/0x180 [ 451.423796][T10403] __x64_sys_unshare+0x31/0x40 [ 451.423843][T10403] do_syscall_64+0xcd/0x490 [ 451.423892][T10403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.423925][T10403] RIP: 0033:0x7f16aff8ebe9 [ 451.423953][T10403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.423986][T10403] RSP: 002b:00007f16b0d4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 451.424018][T10403] RAX: ffffffffffffffda RBX: 00007f16b01c5fa0 RCX: 00007f16aff8ebe9 [ 451.424040][T10403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 451.424061][T10403] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 451.424082][T10403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.424102][T10403] R13: 00007f16b01c6038 R14: 00007f16b01c5fa0 R15: 00007ffd267e0e08 [ 451.424147][T10403] [ 451.464988][ T1090] EXT4-fs (sda1): This should not happen!! Data will be lost [ 451.464988][ T1090] [ 451.632982][ C1] vkms_vblank_simulate: vblank timer overrun [ 451.727674][ T1090] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 937 with max blocks 25 with error 117 [ 451.742370][ T1090] EXT4-fs (sda1): This should not happen!! Data will be lost [ 451.742370][ T1090] [ 451.797553][ T5877] Process accounting resumed [ 451.887095][T10403] EXT4-fs error (device sda1): ext4_discard_preallocations:5671: comm syz.1.977: Error -117 reading block bitmap for 5 [ 452.500436][T10421] Invalid ELF header magic: != ELF [ 454.288706][T10416] FAULT_INJECTION: forcing a failure. [ 454.288706][T10416] name failslab, interval 1, probability 0, space 0, times 0 [ 454.324260][T10416] CPU: 1 UID: 0 PID: 10416 Comm: syz.2.979 Tainted: G U syzkaller #0 PREEMPT(full) [ 454.324314][T10416] Tainted: [U]=USER [ 454.324326][T10416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 454.324346][T10416] Call Trace: [ 454.324357][T10416] [ 454.324369][T10416] dump_stack_lvl+0x16c/0x1f0 [ 454.324420][T10416] should_fail_ex+0x512/0x640 [ 454.324466][T10416] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 454.324511][T10416] should_failslab+0xc2/0x120 [ 454.324554][T10416] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 454.324593][T10416] ? __pfx_apparmor_file_open+0x10/0x10 [ 454.324632][T10416] ? proc_reg_open+0x23f/0x5f0 [ 454.324681][T10416] proc_reg_open+0x23f/0x5f0 [ 454.324728][T10416] do_dentry_open+0x982/0x1530 [ 454.324770][T10416] ? __pfx_proc_reg_open+0x10/0x10 [ 454.324822][T10416] vfs_open+0x82/0x3f0 [ 454.324883][T10416] path_openat+0x1de4/0x2cb0 [ 454.324937][T10416] ? __pfx_path_openat+0x10/0x10 [ 454.324987][T10416] do_filp_open+0x20b/0x470 [ 454.325027][T10416] ? __pfx_do_filp_open+0x10/0x10 [ 454.325095][T10416] ? alloc_fd+0x471/0x7d0 [ 454.325143][T10416] do_sys_openat2+0x11b/0x1d0 [ 454.325193][T10416] ? __pfx_do_sys_openat2+0x10/0x10 [ 454.325261][T10416] __x64_sys_openat+0x174/0x210 [ 454.325315][T10416] ? __pfx___x64_sys_openat+0x10/0x10 [ 454.325384][T10416] do_syscall_64+0xcd/0x490 [ 454.325436][T10416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.325470][T10416] RIP: 0033:0x7f729998ebe9 [ 454.325498][T10416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.325529][T10416] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 454.325562][T10416] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 454.325585][T10416] RDX: 0000000000020000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 454.325607][T10416] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 454.325628][T10416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.325649][T10416] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 454.325692][T10416] [ 456.323439][ T5201] Trying to write to read-only block-device sda1 [ 458.028952][T10499] zswap: compressor not available [ 459.597236][T10529] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 460.033019][T10534] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 460.175473][ T36] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 939 with max blocks 23 with error 117 [ 460.192638][ T36] EXT4-fs (sda1): This should not happen!! Data will be lost [ 460.192638][ T36] [ 460.538061][ T36] Trying to write to read-only block-device sda [ 461.251898][T10531] ima: policy update failed [ 461.304488][ T30] audit: type=1802 audit(4294968535.964:12): pid=10531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.999" res=0 errno=0 [ 463.112720][T10576] zswap: compressor not available [ 463.516371][T10586] FAULT_INJECTION: forcing a failure. [ 463.516371][T10586] name failslab, interval 1, probability 0, space 0, times 0 [ 463.600504][T10586] CPU: 0 UID: 0 PID: 10586 Comm: syz.2.1007 Tainted: G U syzkaller #0 PREEMPT(full) [ 463.600545][T10586] Tainted: [U]=USER [ 463.600552][T10586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 463.600567][T10586] Call Trace: [ 463.600574][T10586] [ 463.600583][T10586] dump_stack_lvl+0x16c/0x1f0 [ 463.600619][T10586] should_fail_ex+0x512/0x640 [ 463.600654][T10586] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 463.600689][T10586] should_failslab+0xc2/0x120 [ 463.600721][T10586] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 463.600753][T10586] ? lockdep_hardirqs_on+0x7c/0x110 [ 463.600784][T10586] ? fib_notifier_ops_register+0x32/0x270 [ 463.600825][T10586] kmemdup_noprof+0x29/0x60 [ 463.600855][T10586] fib_notifier_ops_register+0x32/0x270 [ 463.600903][T10586] fib4_notifier_init+0x4f/0xd0 [ 463.600939][T10586] fib_net_init+0xbf/0x3f0 [ 463.600974][T10586] ? __pfx___register_sysctl_table+0x10/0x10 [ 463.601012][T10586] ? __pfx_fib_net_init+0x10/0x10 [ 463.601047][T10586] ? lockdep_init_map_type+0x5c/0x280 [ 463.601082][T10586] ? do_init_timer+0xc9/0x110 [ 463.601111][T10586] ? devinet_init_net+0x5c2/0x910 [ 463.601155][T10586] ? __pfx_fib_net_init+0x10/0x10 [ 463.601189][T10586] ops_init+0x1e2/0x5f0 [ 463.601228][T10586] setup_net+0x10f/0x380 [ 463.601260][T10586] ? lockdep_init_map_type+0x5c/0x280 [ 463.601295][T10586] ? __pfx_setup_net+0x10/0x10 [ 463.601332][T10586] ? debug_mutex_init+0x37/0x70 [ 463.601359][T10586] copy_net_ns+0x2a6/0x5f0 [ 463.601400][T10586] create_new_namespaces+0x3ea/0xa90 [ 463.601437][T10586] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 463.601468][T10586] ksys_unshare+0x45b/0xa40 [ 463.601503][T10586] ? __pfx_ksys_unshare+0x10/0x10 [ 463.601538][T10586] ? xfd_validate_state+0x61/0x180 [ 463.601584][T10586] __x64_sys_unshare+0x31/0x40 [ 463.601618][T10586] do_syscall_64+0xcd/0x490 [ 463.601654][T10586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.601679][T10586] RIP: 0033:0x7f729998ebe9 [ 463.601698][T10586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.601722][T10586] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 463.601745][T10586] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 463.601762][T10586] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 463.601777][T10586] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 463.601791][T10586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.601806][T10586] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 463.601836][T10586] [ 464.834583][T10597] syz.2.1009 uses obsolete (PF_INET,SOCK_PACKET) [ 466.850895][T10641] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 466.868073][T10641] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 466.927746][T10641] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 466.938689][T10641] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 466.981156][T10641] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 467.303969][T10657] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 467.448323][T10659] vivid-003: ================= START STATUS ================= [ 467.456325][T10659] vivid-003: Radio HW Seek Mode: Bounded [ 467.462378][T10659] vivid-003: Radio Programmable HW Seek: false [ 467.480438][T10659] vivid-003: RDS Rx I/O Mode: Block I/O [ 467.498665][T10659] vivid-003: Generate RBDS Instead of RDS: false [ 467.508825][T10659] vivid-003: RDS Reception: true [ 467.546604][T10659] vivid-003: RDS Program Type: 0 inactive [ 467.598560][T10659] vivid-003: RDS PS Name: inactive [ 467.664390][T10659] vivid-003: RDS Radio Text: inactive [ 467.701710][T10662] vivid-007: ================= START STATUS ================= [ 467.711788][T10659] vivid-003: RDS Traffic Announcement: [ 467.711800][T10662] vivid-007: Generate PTS: true [ 467.736526][T10659] false inactive [ 467.737101][T10662] vivid-007: Generate SCR: [ 467.740344][T10659] vivid-003: RDS Traffic Program: [ 467.740351][T10662] true [ 467.896965][T10659] false inactive [ 467.899446][T10662] tpg source WxH: 320x240 (Y'CbCr) [ 467.899473][T10662] tpg field: 1 [ 467.903028][T10659] [ 467.903041][T10659] vivid-003: RDS Music: [ 467.908249][T10662] tpg crop: (0,0)/320x240 [ 467.911769][T10659] false [ 467.914101][T10662] tpg compose: (0,0)/320x240 [ 467.931527][T10662] tpg colorspace: 8 [ 467.931546][T10659] inactive [ 467.935433][T10662] tpg transfer function: 0/0 [ 467.935456][T10662] tpg Y'CbCr encoding: 0/0 [ 467.935472][T10662] tpg quantization: 0/0 [ 467.935486][T10662] tpg RGB range: 0/2 [ 467.935503][T10662] vivid-007: ================== END STATUS ================== [ 468.247290][T10659] [ 468.249684][T10659] vivid-003: ================== END STATUS ================== [ 468.425826][ T5870] Bluetooth: hci0: command 0x0c1a tx timeout [ 468.906902][ T5870] Bluetooth: hci2: command 0x0c1a tx timeout [ 468.907388][ T5875] Bluetooth: hci1: command 0x0c1a tx timeout [ 468.985987][ T5875] Bluetooth: hci3: command 0x0c1a tx timeout [ 471.067784][ T5875] Bluetooth: hci3: command 0x0c1a tx timeout [ 472.417993][T10729] bond0: option all_slaves_active: invalid value () [ 475.032538][T10766] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1038'. [ 475.255007][T10771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1039'. [ 475.624177][T10766] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1038'. [ 475.900999][T10766] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1038'. [ 477.769737][T10816] Invalid ELF header magic: != ELF [ 477.792288][T10819] FAULT_INJECTION: forcing a failure. [ 477.792288][T10819] name failslab, interval 1, probability 0, space 0, times 0 [ 477.854025][T10819] CPU: 0 UID: 0 PID: 10819 Comm: syz.0.1048 Tainted: G U syzkaller #0 PREEMPT(full) [ 477.854084][T10819] Tainted: [U]=USER [ 477.854096][T10819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 477.854117][T10819] Call Trace: [ 477.854128][T10819] [ 477.854142][T10819] dump_stack_lvl+0x16c/0x1f0 [ 477.854196][T10819] should_fail_ex+0x512/0x640 [ 477.854243][T10819] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 477.854288][T10819] should_failslab+0xc2/0x120 [ 477.854334][T10819] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 477.854372][T10819] ? __proc_create+0xc3/0x8e0 [ 477.854420][T10819] ? __proc_create+0x2ce/0x8e0 [ 477.854473][T10819] __proc_create+0x2ce/0x8e0 [ 477.854524][T10819] ? __pfx___proc_create+0x10/0x10 [ 477.854580][T10819] ? _raw_write_unlock+0x28/0x50 [ 477.854623][T10819] ? proc_register+0x314/0x5f0 [ 477.854676][T10819] proc_create_reg+0x7d/0x180 [ 477.854724][T10819] proc_create_net_data+0x8e/0x1c0 [ 477.854762][T10819] ? __pfx_proc_create_net_data+0x10/0x10 [ 477.854798][T10819] ? __pfx_proc_create_net_data+0x10/0x10 [ 477.854843][T10819] ? __kasan_kmalloc+0xaa/0xb0 [ 477.854876][T10819] ip_vs_conn_net_init+0x13f/0x200 [ 477.854907][T10819] __ip_vs_init+0x27d/0x520 [ 477.854936][T10819] ? __pfx___ip_vs_init+0x10/0x10 [ 477.854963][T10819] ops_init+0x1e2/0x5f0 [ 477.855001][T10819] setup_net+0x10f/0x380 [ 477.855038][T10819] ? lockdep_init_map_type+0x5c/0x280 [ 477.855073][T10819] ? __pfx_setup_net+0x10/0x10 [ 477.855109][T10819] ? debug_mutex_init+0x37/0x70 [ 477.855136][T10819] copy_net_ns+0x2a6/0x5f0 [ 477.855177][T10819] create_new_namespaces+0x3ea/0xa90 [ 477.855212][T10819] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 477.855243][T10819] ksys_unshare+0x45b/0xa40 [ 477.855276][T10819] ? __pfx_ksys_unshare+0x10/0x10 [ 477.855311][T10819] ? xfd_validate_state+0x61/0x180 [ 477.855355][T10819] __x64_sys_unshare+0x31/0x40 [ 477.855388][T10819] do_syscall_64+0xcd/0x490 [ 477.855424][T10819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.855449][T10819] RIP: 0033:0x7fc03498ebe9 [ 477.855468][T10819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.855492][T10819] RSP: 002b:00007fc0358c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 477.855514][T10819] RAX: ffffffffffffffda RBX: 00007fc034bc5fa0 RCX: 00007fc03498ebe9 [ 477.855530][T10819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 477.855545][T10819] RBP: 00007fc034a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 477.855560][T10819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 477.855574][T10819] R13: 00007fc034bc6038 R14: 00007fc034bc5fa0 R15: 00007ffed7d632f8 [ 477.855605][T10819] [ 479.393261][T10823] FAULT_INJECTION: forcing a failure. [ 479.393261][T10823] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 479.425896][T10823] CPU: 1 UID: 0 PID: 10823 Comm: syz.1.1049 Tainted: G U syzkaller #0 PREEMPT(full) [ 479.425950][T10823] Tainted: [U]=USER [ 479.425961][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 479.425981][T10823] Call Trace: [ 479.425991][T10823] [ 479.426004][T10823] dump_stack_lvl+0x16c/0x1f0 [ 479.426058][T10823] should_fail_ex+0x512/0x640 [ 479.426115][T10823] should_fail_alloc_page+0xe7/0x130 [ 479.426166][T10823] prepare_alloc_pages+0x3c2/0x610 [ 479.426229][T10823] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 479.426273][T10823] ? lockdep_hardirqs_on+0x7c/0x110 [ 479.426327][T10823] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 479.426373][T10823] ? stack_depot_save_flags+0x3de/0x9c0 [ 479.426436][T10823] ? kasan_save_stack+0x42/0x60 [ 479.426473][T10823] ? kasan_save_stack+0x33/0x60 [ 479.426512][T10823] ? kasan_save_track+0x14/0x30 [ 479.426550][T10823] ? __kasan_kmalloc+0xaa/0xb0 [ 479.426590][T10823] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 479.426634][T10823] ? subsystem_filter_write+0x95/0x120 [ 479.426677][T10823] ? ksys_write+0x12a/0x250 [ 479.426716][T10823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.426785][T10823] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 479.426842][T10823] ? policy_nodemask+0xea/0x4e0 [ 479.426897][T10823] alloc_pages_mpol+0x1fb/0x550 [ 479.426948][T10823] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 479.427006][T10823] ___kmalloc_large_node+0xed/0x160 [ 479.427069][T10823] __kmalloc_large_noprof+0x1c/0x70 [ 479.427126][T10823] append_filter_err+0x8f/0x5e0 [ 479.427174][T10823] apply_subsystem_event_filter+0x75a/0x17e0 [ 479.427236][T10823] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 479.427292][T10823] ? _copy_from_user+0x59/0xd0 [ 479.427354][T10823] subsystem_filter_write+0x95/0x120 [ 479.427398][T10823] ? __pfx_subsystem_filter_write+0x10/0x10 [ 479.427438][T10823] vfs_write+0x2a0/0x11d0 [ 479.427482][T10823] ? __pfx___mutex_lock+0x10/0x10 [ 479.427531][T10823] ? __pfx_vfs_write+0x10/0x10 [ 479.427587][T10823] ? __fget_files+0x20e/0x3c0 [ 479.427639][T10823] ksys_write+0x12a/0x250 [ 479.427681][T10823] ? __pfx_ksys_write+0x10/0x10 [ 479.427736][T10823] do_syscall_64+0xcd/0x490 [ 479.427797][T10823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.427831][T10823] RIP: 0033:0x7f16aff8ebe9 [ 479.427860][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.427895][T10823] RSP: 002b:00007f16b0d2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 479.427926][T10823] RAX: ffffffffffffffda RBX: 00007f16b01c6090 RCX: 00007f16aff8ebe9 [ 479.427950][T10823] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000007 [ 479.427970][T10823] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 479.427991][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.428011][T10823] R13: 00007f16b01c6128 R14: 00007f16b01c6090 R15: 00007ffd267e0e08 [ 479.428057][T10823] [ 482.565859][T10886] FAULT_INJECTION: forcing a failure. [ 482.565859][T10886] name failslab, interval 1, probability 0, space 0, times 0 [ 482.588048][T10886] CPU: 1 UID: 0 PID: 10886 Comm: syz.0.1063 Tainted: G U syzkaller #0 PREEMPT(full) [ 482.588103][T10886] Tainted: [U]=USER [ 482.588114][T10886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 482.588134][T10886] Call Trace: [ 482.588144][T10886] [ 482.588157][T10886] dump_stack_lvl+0x16c/0x1f0 [ 482.588208][T10886] should_fail_ex+0x512/0x640 [ 482.588256][T10886] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 482.588296][T10886] should_failslab+0xc2/0x120 [ 482.588341][T10886] __kmalloc_cache_noprof+0x6a/0x3e0 [ 482.588378][T10886] ? nd_alloc_stack+0x85/0x110 [ 482.588435][T10886] nd_alloc_stack+0x85/0x110 [ 482.588484][T10886] step_into+0x1ac7/0x2270 [ 482.588528][T10886] ? __pfx_step_into+0x10/0x10 [ 482.588561][T10886] ? __d_lookup+0x266/0x4a0 [ 482.588618][T10886] ? lookup_fast+0x156/0x610 [ 482.588658][T10886] walk_component+0xfc/0x5b0 [ 482.588697][T10886] link_path_walk+0x627/0xe20 [ 482.588756][T10886] path_lookupat+0x15a/0x6d0 [ 482.588792][T10886] ? __lock_acquire+0xb97/0x1ce0 [ 482.588841][T10886] filename_lookup+0x224/0x5f0 [ 482.588884][T10886] ? __pfx_filename_lookup+0x10/0x10 [ 482.588958][T10886] ? getname_flags.part.0+0x1c5/0x550 [ 482.589020][T10886] user_path_at+0x3a/0x60 [ 482.589060][T10886] vfs_open_tree+0x2ca/0x910 [ 482.589104][T10886] ? __pfx_vfs_open_tree+0x10/0x10 [ 482.589147][T10886] ? xfd_validate_state+0x61/0x180 [ 482.589207][T10886] __x64_sys_open_tree+0x84/0x130 [ 482.589253][T10886] do_syscall_64+0xcd/0x490 [ 482.589303][T10886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.589338][T10886] RIP: 0033:0x7fc03498ebe9 [ 482.589363][T10886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.589417][T10886] RSP: 002b:00007fc0358c2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 482.589449][T10886] RAX: ffffffffffffffda RBX: 00007fc034bc5fa0 RCX: 00007fc03498ebe9 [ 482.589472][T10886] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 482.589495][T10886] RBP: 00007fc034a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 482.589516][T10886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 482.589536][T10886] R13: 00007fc034bc6038 R14: 00007fc034bc5fa0 R15: 00007ffed7d632f8 [ 482.589579][T10886] [ 482.945164][T10884] FAULT_INJECTION: forcing a failure. [ 482.945164][T10884] name failslab, interval 1, probability 0, space 0, times 0 [ 482.979160][T10884] CPU: 1 UID: 0 PID: 10884 Comm: syz.2.1064 Tainted: G U syzkaller #0 PREEMPT(full) [ 482.979213][T10884] Tainted: [U]=USER [ 482.979225][T10884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 482.979246][T10884] Call Trace: [ 482.979257][T10884] [ 482.979270][T10884] dump_stack_lvl+0x16c/0x1f0 [ 482.979318][T10884] should_fail_ex+0x512/0x640 [ 482.979367][T10884] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 482.979412][T10884] should_failslab+0xc2/0x120 [ 482.979456][T10884] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 482.979497][T10884] ? __pmd_alloc+0xbf/0x930 [ 482.979552][T10884] __pmd_alloc+0xbf/0x930 [ 482.979600][T10884] ? __pud_alloc+0x526/0x750 [ 482.979654][T10884] copy_page_range+0x3eaf/0x5c80 [ 482.979688][T10884] ? copy_process+0x4081/0x7690 [ 482.979757][T10884] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 482.979804][T10884] ? mas_wr_store_entry+0xa14/0x2550 [ 482.979849][T10884] ? mas_destroy+0x5de/0xa20 [ 482.979891][T10884] ? __pfx_copy_page_range+0x10/0x10 [ 482.979925][T10884] ? mas_store+0x7a9/0x1160 [ 482.979967][T10884] ? find_held_lock+0x2b/0x80 [ 482.979996][T10884] ? __pfx_mas_store+0x10/0x10 [ 482.980034][T10884] ? __vma_enter_locked+0x163/0x3f0 [ 482.980081][T10884] dup_mmap+0xe88/0x21d0 [ 482.980137][T10884] ? __pfx_dup_mmap+0x10/0x10 [ 482.980206][T10884] copy_process+0x4081/0x7690 [ 482.980243][T10884] ? __pfx___futex_wait+0x10/0x10 [ 482.980303][T10884] ? __pfx_copy_process+0x10/0x10 [ 482.980346][T10884] ? futex_private_hash_put+0x176/0x300 [ 482.980390][T10884] ? futex_private_hash_put+0x18a/0x300 [ 482.980436][T10884] kernel_clone+0xfc/0x930 [ 482.980484][T10884] ? __pfx_kernel_clone+0x10/0x10 [ 482.980556][T10884] __do_sys_clone+0xce/0x120 [ 482.980598][T10884] ? __pfx___do_sys_clone+0x10/0x10 [ 482.980639][T10884] ? ksys_unshare+0x687/0xa40 [ 482.980701][T10884] ? xfd_validate_state+0x61/0x180 [ 482.980774][T10884] do_syscall_64+0xcd/0x490 [ 482.980825][T10884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.980858][T10884] RIP: 0033:0x7f729998ebe9 [ 482.980885][T10884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.980917][T10884] RSP: 002b:00007f729a836fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 482.980951][T10884] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 482.980973][T10884] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 482.980994][T10884] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 482.981013][T10884] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 482.981034][T10884] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 482.981078][T10884] [ 484.215358][T10909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1069'. [ 484.253824][T10910] netlink: 'syz.1.1068': attribute type 1 has an invalid length. [ 484.743499][T10917] ima: policy update failed [ 484.748564][ T30] audit: type=1802 audit(4294968559.422:13): pid=10917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1072" res=0 errno=0 [ 484.751513][T10917] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1072'. [ 485.025351][T10924] netlink: 'syz.1.1074': attribute type 28 has an invalid length. [ 485.048693][T10924] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1074'. [ 485.551248][T10934] net_ratelimit: 1 callbacks suppressed [ 485.551272][T10934] netlink: zone id is out of range [ 485.727091][T10937] netlink: 'syz.1.1076': attribute type 5 has an invalid length. [ 485.738590][T10934] netlink: zone id is out of range [ 485.796489][T10934] netlink: zone id is out of range [ 485.809236][T10934] netlink: zone id is out of range [ 485.821320][T10934] netlink: zone id is out of range [ 485.888111][T10934] netlink: zone id is out of range [ 485.893330][T10934] netlink: zone id is out of range [ 485.948509][T10934] netlink: zone id is out of range [ 485.992572][T10934] netlink: zone id is out of range [ 486.026808][T10783] Bluetooth: hci2: unexpected event 0x0e length: 440 > 260 [ 486.026871][T10783] Bluetooth: hci2: unexpected event for opcode 0x0f00 [ 486.055314][T10934] netlink: zone id is out of range [ 486.797524][T10959] ubi0: attaching mtd0 [ 486.801697][T10959] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 489.055651][T10999] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1088'. syzkaller syzkaller login: [ 490.038642][T10783] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 490.049194][T10783] Bluetooth: hci2: Injecting HCI hardware error event [ 490.062288][T10783] Bluetooth: hci2: hardware error 0x00 [ 490.091632][T11018] FAULT_INJECTION: forcing a failure. [ 490.091632][T11018] name failslab, interval 1, probability 0, space 0, times 0 [ 490.141984][T11018] CPU: 0 UID: 0 PID: 11018 Comm: syz.2.1092 Tainted: G U syzkaller #0 PREEMPT(full) [ 490.142042][T11018] Tainted: [U]=USER [ 490.142054][T11018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 490.142074][T11018] Call Trace: [ 490.142086][T11018] [ 490.142098][T11018] dump_stack_lvl+0x16c/0x1f0 [ 490.142150][T11018] should_fail_ex+0x512/0x640 [ 490.142207][T11018] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 490.142254][T11018] should_failslab+0xc2/0x120 [ 490.142299][T11018] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 490.142341][T11018] ? sk_prot_alloc+0x60/0x2a0 [ 490.142376][T11018] sk_prot_alloc+0x60/0x2a0 [ 490.142408][T11018] sk_alloc+0x36/0xc20 [ 490.142453][T11018] __vsock_create.constprop.0+0x3c/0xbb0 [ 490.142496][T11018] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 490.142550][T11018] vsock_create+0x139/0x500 [ 490.142600][T11018] __sock_create+0x335/0x8d0 [ 490.142642][T11018] __sys_socket+0x14d/0x260 [ 490.142679][T11018] ? __pfx___sys_socket+0x10/0x10 [ 490.142714][T11018] ? xfd_validate_state+0x61/0x180 [ 490.142764][T11018] ? __task_pid_nr_ns+0x17c/0x500 [ 490.142820][T11018] __x64_sys_socket+0x72/0xb0 [ 490.142854][T11018] ? lockdep_hardirqs_on+0x7c/0x110 [ 490.142899][T11018] do_syscall_64+0xcd/0x490 [ 490.142949][T11018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.142986][T11018] RIP: 0033:0x7f729998ebe9 [ 490.143016][T11018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.143051][T11018] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 490.143085][T11018] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 490.143108][T11018] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 490.143128][T11018] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 490.143149][T11018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.143170][T11018] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 490.143221][T11018] [ 490.749852][T11034] Console: switching to colour VGA+ 80x25 [ 490.887585][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1361 with max blocks 32 with error 117 [ 490.928605][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 490.928605][T10784] [ 491.099396][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1378 with max blocks 21 with error 117 [ 491.112290][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 491.112290][T10784] [ 491.129295][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 948 with max blocks 14 with error 117 [ 491.143244][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 491.143244][T10784] [ 492.129696][T10783] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 492.165314][T11059] Invalid ELF header magic: != ELF [ 492.244679][T11062] ima: policy update failed [ 492.268504][ T30] audit: type=1802 audit(4294968566.929:14): pid=11062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1100" res=0 errno=0 [ 492.298990][T11062] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1100'. [ 494.295979][T11091] can0: slcan on ttyS2. [ 494.544292][T11090] can0 (unregistered): slcan off ttyS2. [ 495.093954][T11104] HfR: entered promiscuous mode [ 495.755849][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 965 with max blocks 7 with error 117 [ 495.797664][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 495.797664][T10813] [ 495.828837][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 930 with max blocks 32 with error 117 [ 495.872310][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 495.872310][T10813] [ 495.930322][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 971 with max blocks 1 with error 117 [ 495.969496][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 495.969496][T10813] [ 496.056881][T11113] FAULT_INJECTION: forcing a failure. [ 496.056881][T11113] name failslab, interval 1, probability 0, space 0, times 0 [ 496.081636][T11113] CPU: 0 UID: 0 PID: 11113 Comm: syz.1.1112 Tainted: G U syzkaller #0 PREEMPT(full) [ 496.081689][T11113] Tainted: [U]=USER [ 496.081700][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 496.081720][T11113] Call Trace: [ 496.081730][T11113] [ 496.081742][T11113] dump_stack_lvl+0x16c/0x1f0 [ 496.081793][T11113] should_fail_ex+0x512/0x640 [ 496.081840][T11113] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 496.081881][T11113] should_failslab+0xc2/0x120 [ 496.081926][T11113] __kmalloc_cache_noprof+0x6a/0x3e0 [ 496.081962][T11113] ? sctp_auth_init+0x30d/0x570 [ 496.082015][T11113] sctp_auth_init+0x30d/0x570 [ 496.082065][T11113] sctp_setsockopt+0xa371/0xb870 [ 496.082127][T11113] ? __pfx_sctp_setsockopt+0x10/0x10 [ 496.082174][T11113] ? find_held_lock+0x2b/0x80 [ 496.082211][T11113] ? aa_sock_opt_perm+0xfd/0x1c0 [ 496.082244][T11113] ? sock_common_setsockopt+0x2e/0xf0 [ 496.082298][T11113] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 496.082359][T11113] do_sock_setsockopt+0xf0/0x1d0 [ 496.082419][T11113] __sys_setsockopt+0x120/0x1a0 [ 496.082470][T11113] __x64_sys_setsockopt+0xbd/0x160 [ 496.082523][T11113] ? do_syscall_64+0x91/0x490 [ 496.082567][T11113] ? lockdep_hardirqs_on+0x7c/0x110 [ 496.082610][T11113] do_syscall_64+0xcd/0x490 [ 496.082661][T11113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.082701][T11113] RIP: 0033:0x7f16aff8ebe9 [ 496.082726][T11113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.082757][T11113] RSP: 002b:00007f16ae1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 496.082785][T11113] RAX: ffffffffffffffda RBX: 00007f16b01c6180 RCX: 00007f16aff8ebe9 [ 496.082807][T11113] RDX: 0000000000000081 RSI: 0000010000000084 RDI: 0000000000000003 [ 496.082828][T11113] RBP: 00007f16b0011e19 R08: 0000000000000008 R09: 0000000000000000 [ 496.082847][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 496.082865][T11113] R13: 00007f16b01c6218 R14: 00007f16b01c6180 R15: 00007ffd267e0e08 [ 496.082905][T11113] [ 497.221293][T11127] program syz.3.1116 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 497.952784][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 497.965156][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 497.976856][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 497.984491][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 498.009345][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 498.017809][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 498.117038][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 498.134213][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 498.150934][T11139] deleting an unspecified loop device is not supported. [ 498.928043][T11147] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1121'. [ 498.938681][T11147] ipvlan1: entered allmulticast mode [ 498.945295][T11147] veth0_vlan: entered allmulticast mode [ 500.260568][T11179] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1127'. [ 501.675707][T11203] ALSA: mixer_oss: invalid OSS volume '' [ 501.730013][T11207] input: f as /devices/virtual/input/input16 [ 501.847201][T10783] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 501.847245][T10783] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 501.863654][T10783] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 501.863729][T10783] Bluetooth: hci3: adv larger than maximum supported [ 501.871153][T10783] Bluetooth: hci3: adv larger than maximum supported [ 501.882452][T10783] Bluetooth: hci3: Malformed LE Event: 0x0d [ 502.241890][T10783] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 502.241933][T10783] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 502.257293][T10783] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 502.257322][T10783] Bluetooth: hci3: adv larger than maximum supported [ 502.265555][T10783] Bluetooth: hci3: adv larger than maximum supported [ 502.272323][T10783] Bluetooth: hci3: Malformed LE Event: 0x0d [ 502.646891][T11214] ttyS ttyS2: ldisc open failed (-12), clearing slot 2 [ 505.899064][T11287] bond0: option all_slaves_active: invalid value () [ 506.493742][T11286] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 942 with max blocks 12 with error 117 [ 506.718750][T11286] EXT4-fs (sda1): This should not happen!! Data will be lost [ 506.718750][T11286] [ 507.383801][T11308] usb usb23: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 507.699681][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 947 with max blocks 5 with error 117 [ 507.762970][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 507.762970][T10813] [ 507.837892][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 940 with max blocks 32 with error 117 [ 507.855543][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 507.855543][T10813] [ 507.867974][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 959 with max blocks 3 with error 117 [ 507.872898][T11318] [U] [ 507.883400][T11318] [U] [ 507.886165][T11318] [U] [ 507.888923][T11318] [U] [ 507.909504][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 507.909504][T10813] [ 507.919641][T11318] [U] [ 507.922377][T11318] [U] [ 507.925091][T11318] [U] [ 507.927806][T11318] [U] [ 507.987199][T10813] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1394 with max blocks 5 with error 117 [ 508.032551][T10813] EXT4-fs (sda1): This should not happen!! Data will be lost [ 508.032551][T10813] [ 508.050022][T11318] [U] [ 508.052833][T11318] [U] [ 508.055593][T11318] [U] [ 508.058347][T11318] [U] [ 508.073476][T11318] [U] [ 508.076281][T11318] [U] [ 508.079058][T11318] [U] [ 508.081841][T11318] [U] [ 508.218198][T11318] [U] [ 508.221162][T11318] [U] [ 508.224022][T11318] [U] [ 508.226802][T11318] [U] [ 508.262532][T11318] [U] [ 508.265357][T11318] [U] [ 508.268122][T11318] [U] [ 508.270876][T11318] [U] [ 508.304282][T11318] [U] [ 508.307089][T11318] [U] [ 508.309850][T11318] [U] [ 508.312654][T11318] [U] [ 508.336380][T11318] [U] [ 508.339357][T11318] [U] [ 508.342121][T11318] [U] [ 508.344886][T11318] [U] [ 508.372394][T11318] [U] [ 508.375185][T11318] [U] i752B__' <"ӑ/;& w!`BB;hbu5)ᵽ-qjįbI |~)6[c,SQ'{Hhn+F:Gq~Ic@)A-(B2pPE( [ 508.392158][T11318] [U] Z4d D/5Vc, [ 508.396366][T11318] [U] Ѧd6&LU/1r.-bSo$j$\ hg g [ 508.403197][T11318] [U] *4;xGke.ŭJ&*|{#*͒͊#]ЖP7X9*mx̌MI{_B*z@F%x<ߌџ=+c~n zK>dQs3l]&6c\TJ-Amr;i [ 508.420043][T11318] [U] 5% .נdsi+g+lJS-'Cs@95Zчi(cx?W{/4|)V2+gfL{7ܿ]!d+k:8&iřHE3jS{q54`p_M:~UAճ2ަV6P`4R+C%AHq *ijb0i^FfBYLRkh 5{E}" [ 508.468632][T11318] [U] m$2@0[M70 =](m M[aÀkiY/I6HYh<}~kȂX-W-"G-^}≠q5u~4<÷WEaغ5wT< 6ê]޳,as"mA7]EPPLp W$Y:K?Xb[ !3ԙ:k0䕢U5VM9"i?  [ 537.144524][T11835] dump_stack_lvl+0x16c/0x1f0 [ 537.144580][T11835] should_fail_ex+0x512/0x640 [ 537.144636][T11835] should_fail_alloc_page+0xe7/0x130 [ 537.144687][T11835] prepare_alloc_pages+0x3c2/0x610 [ 537.144740][T11835] ? rcu_is_watching+0x12/0xc0 [ 537.144790][T11835] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 537.144840][T11835] ? rcu_is_watching+0x12/0xc0 [ 537.144875][T11835] ? trace_mm_page_alloc+0x11f/0x1a0 [ 537.144930][T11835] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 537.144976][T11835] ? __pfx_stack_trace_save+0x10/0x10 [ 537.145017][T11835] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 537.145059][T11835] ? stack_depot_save_flags+0x29/0x9c0 [ 537.145122][T11835] ? alloc_vmap_area+0x645/0x29c0 [ 537.145169][T11835] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 537.145202][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.145234][T11835] ? do_syscall_64+0xcd/0x490 [ 537.145280][T11835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.145334][T11835] alloc_pages_bulk_noprof+0x71c/0x1410 [ 537.145376][T11835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 537.145451][T11835] ? policy_nodemask+0xea/0x4e0 [ 537.145502][T11835] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 537.145548][T11835] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 537.145613][T11835] kasan_populate_vmalloc+0xf1/0x1f0 [ 537.145660][T11835] alloc_vmap_area+0x959/0x29c0 [ 537.145729][T11835] ? __pfx_alloc_vmap_area+0x10/0x10 [ 537.145800][T11835] __get_vm_area_node+0x1ca/0x330 [ 537.145864][T11835] __vmalloc_node_range_noprof+0x271/0x14b0 [ 537.145899][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.145934][T11835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 537.145988][T11835] ? policy_nodemask+0xea/0x4e0 [ 537.146036][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.146080][T11835] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 537.146122][T11835] ? ___kmalloc_large_node+0xed/0x160 [ 537.146182][T11835] __kvmalloc_node_noprof+0x30a/0x620 [ 537.146221][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.146257][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.146298][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.146330][T11835] __do_sys_listmount+0x1c2/0xf80 [ 537.146372][T11835] ? __x64_sys_futex+0x1e0/0x4c0 [ 537.146415][T11835] ? __x64_sys_futex+0x1e9/0x4c0 [ 537.146460][T11835] ? __pfx___do_sys_listmount+0x10/0x10 [ 537.146516][T11835] do_syscall_64+0xcd/0x490 [ 537.146561][T11835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.146595][T11835] RIP: 0033:0x7fc03498ebe9 [ 537.146623][T11835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.146658][T11835] RSP: 002b:00007fc0358a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 537.146691][T11835] RAX: ffffffffffffffda RBX: 00007fc034bc6090 RCX: 00007fc03498ebe9 [ 537.146715][T11835] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 537.146736][T11835] RBP: 00007fc034a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 537.146757][T11835] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 537.146787][T11835] R13: 00007fc034bc6128 R14: 00007fc034bc6090 R15: 00007ffed7d632f8 [ 537.146830][T11835] [ 537.511939][T11835] syz.0.1244: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 537.589016][T11835] CPU: 1 UID: 0 PID: 11835 Comm: syz.0.1244 Tainted: G U syzkaller #0 PREEMPT(full) [ 537.589069][T11835] Tainted: [U]=USER [ 537.589079][T11835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 537.589094][T11835] Call Trace: [ 537.589102][T11835] [ 537.589112][T11835] dump_stack_lvl+0x16c/0x1f0 [ 537.589149][T11835] warn_alloc+0x248/0x3a0 [ 537.589181][T11835] ? __pfx_warn_alloc+0x10/0x10 [ 537.589211][T11835] ? kfree+0x2b4/0x4d0 [ 537.589240][T11835] ? __get_vm_area_node+0x208/0x330 [ 537.589284][T11835] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 537.589309][T11835] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 537.589349][T11835] ? policy_nodemask+0xea/0x4e0 [ 537.589382][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.589414][T11835] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 537.589443][T11835] ? ___kmalloc_large_node+0xed/0x160 [ 537.589486][T11835] __kvmalloc_node_noprof+0x30a/0x620 [ 537.589513][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.589538][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.589568][T11835] ? __do_sys_listmount+0x1c2/0xf80 [ 537.589591][T11835] __do_sys_listmount+0x1c2/0xf80 [ 537.589620][T11835] ? __x64_sys_futex+0x1e0/0x4c0 [ 537.589649][T11835] ? __x64_sys_futex+0x1e9/0x4c0 [ 537.589680][T11835] ? __pfx___do_sys_listmount+0x10/0x10 [ 537.589718][T11835] do_syscall_64+0xcd/0x490 [ 537.589753][T11835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.589778][T11835] RIP: 0033:0x7fc03498ebe9 [ 537.589797][T11835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.589829][T11835] RSP: 002b:00007fc0358a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 537.589852][T11835] RAX: ffffffffffffffda RBX: 00007fc034bc6090 RCX: 00007fc03498ebe9 [ 537.589868][T11835] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 537.589883][T11835] RBP: 00007fc034a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 537.589898][T11835] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 537.589912][T11835] R13: 00007fc034bc6128 R14: 00007fc034bc6090 R15: 00007ffed7d632f8 [ 537.589941][T11835] [ 537.589950][T11835] Mem-Info: [ 537.952002][T11835] active_anon:32328 inactive_anon:15 isolated_anon:0 [ 537.952002][T11835] active_file:5390 inactive_file:53664 isolated_file:0 [ 537.952002][T11835] unevictable:768 dirty:683 writeback:0 [ 537.952002][T11835] slab_reclaimable:11917 slab_unreclaimable:94659 [ 537.952002][T11835] mapped:39694 shmem:22449 pagetables:1330 [ 537.952002][T11835] sec_pagetables:0 bounce:0 [ 537.952002][T11835] kernel_misc_reclaimable:0 [ 537.952002][T11835] free:1287401 free_pcp:17881 free_cma:0 [ 538.004040][T11835] Node 0 active_anon:129312kB inactive_anon:60kB active_file:21560kB inactive_file:214504kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:158764kB dirty:2724kB writeback:0kB shmem:88260kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11188kB pagetables:5148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 538.053823][T11835] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 538.094060][T11835] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 538.127043][T11835] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 538.133796][T11835] Node 0 DMA32 free:1234480kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:129368kB inactive_anon:60kB active_file:21560kB inactive_file:213196kB unevictable:1536kB writepending:2732kB present:3129332kB managed:2539584kB mlocked:0kB bounce:0kB free_pcp:57064kB local_pcp:36952kB free_cma:0kB [ 538.176682][T11835] lowmem_reserve[]: 0 0 1 1 1 [ 538.228608][T11835] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 538.379330][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 950 with max blocks 2 with error 117 [ 538.397734][T11835] lowmem_reserve[]: 0 0 0 0 0 [ 538.432594][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 538.432594][T10784] [ 538.495688][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 943 with max blocks 29 with error 117 [ 538.542601][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 538.542601][T10784] [ 538.546680][T11835] Node 1 Normal free:3899796kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:14488kB local_pcp:14488kB free_cma:0kB [ 538.691292][T11835] lowmem_reserve[]: 0 0 0 0 0 [ 538.700689][T11835] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 538.744952][T11835] Node 0 DMA32: 904*4kB (UME) 846*8kB (U) 438*16kB (UM) 206*32kB (ME) 304*64kB (UME) 142*128kB (UME) 203*256kB (UM) 115*512kB (UM) 64*1024kB (UM) 1*2048kB (U) 242*4096kB (UM) = 1231280kB [ 539.052384][T11835] Node 0 Normal: 3*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 539.072816][T11835] Node 1 Normal: 19*4kB (UME) 11*8kB (UME) 15*16kB (UME) 88*32kB (UME) 98*64kB (UME) 27*128kB (UME) 13*256kB (UME) 5*512kB (UME) 2*1024kB (UM) 2*2048kB (ME) 946*4096kB (UM) = 3899796kB [ 539.084999][T11848] FAULT_INJECTION: forcing a failure. [ 539.084999][T11848] name failslab, interval 1, probability 0, space 0, times 0 [ 539.105744][T11835] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 539.116546][T11835] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=2 hugepages_size=2048kB [ 539.142607][T11835] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 539.163976][T11848] CPU: 0 UID: 0 PID: 11848 Comm: syz.1.1247 Tainted: G U syzkaller #0 PREEMPT(full) [ 539.164029][T11848] Tainted: [U]=USER [ 539.164041][T11848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 539.164062][T11848] Call Trace: [ 539.164073][T11848] [ 539.164086][T11848] dump_stack_lvl+0x16c/0x1f0 [ 539.164139][T11848] should_fail_ex+0x512/0x640 [ 539.164185][T11848] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 539.164225][T11848] should_failslab+0xc2/0x120 [ 539.164269][T11848] __kmalloc_cache_noprof+0x6a/0x3e0 [ 539.164305][T11848] ? alloc_netdev_mqs+0xec4/0x1530 [ 539.164359][T11848] alloc_netdev_mqs+0xec4/0x1530 [ 539.164428][T11848] internal_dev_create+0x8a/0x520 [ 539.164483][T11848] ovs_vport_add+0x144/0x4d0 [ 539.164535][T11848] new_vport+0x16/0x1d0 [ 539.164574][T11848] ovs_dp_cmd_new+0x6ba/0xe60 [ 539.164625][T11848] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 539.164675][T11848] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 539.164730][T11848] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 539.164793][T11848] genl_family_rcv_msg_doit+0x209/0x2f0 [ 539.164850][T11848] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 539.164917][T11848] ? bpf_lsm_capable+0x9/0x10 [ 539.164945][T11848] ? security_capable+0x7e/0x260 [ 539.164980][T11848] ? ns_capable+0xd7/0x110 [ 539.165018][T11848] genl_rcv_msg+0x55c/0x800 [ 539.165054][T11848] ? __pfx_genl_rcv_msg+0x10/0x10 [ 539.165107][T11848] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 539.165151][T11848] ? __lock_acquire+0x62e/0x1ce0 [ 539.165203][T11848] netlink_rcv_skb+0x158/0x420 [ 539.165250][T11848] ? __pfx_genl_rcv_msg+0x10/0x10 [ 539.165332][T11848] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 539.165403][T11848] ? netlink_deliver_tap+0x1ae/0xd30 [ 539.165449][T11848] ? is_vmalloc_addr+0x86/0xa0 [ 539.165492][T11848] genl_rcv+0x28/0x40 [ 539.165539][T11848] netlink_unicast+0x5a7/0x870 [ 539.165591][T11848] ? __pfx_netlink_unicast+0x10/0x10 [ 539.165640][T11848] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 539.165685][T11848] ? __lock_acquire+0xb97/0x1ce0 [ 539.165739][T11848] netlink_sendmsg+0x8d1/0xdd0 [ 539.165791][T11848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 539.165841][T11848] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 539.165881][T11848] ____sys_sendmsg+0xa98/0xc70 [ 539.165917][T11848] ? copy_msghdr_from_user+0x10a/0x160 [ 539.165963][T11848] ? __pfx_____sys_sendmsg+0x10/0x10 [ 539.166004][T11848] ? __pfx_futex_wake_mark+0x10/0x10 [ 539.166046][T11848] ___sys_sendmsg+0x134/0x1d0 [ 539.166080][T11848] ? __pfx____sys_sendmsg+0x10/0x10 [ 539.166150][T11848] __sys_sendmsg+0x16d/0x220 [ 539.166184][T11848] ? __pfx___sys_sendmsg+0x10/0x10 [ 539.166216][T11848] ? __x64_sys_futex+0x1e0/0x4c0 [ 539.166265][T11848] do_syscall_64+0xcd/0x490 [ 539.166302][T11848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.166327][T11848] RIP: 0033:0x7f16aff8ebe9 [ 539.166347][T11848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.166370][T11848] RSP: 002b:00007f16b0d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 539.166400][T11848] RAX: ffffffffffffffda RBX: 00007f16b01c5fa0 RCX: 00007f16aff8ebe9 [ 539.166416][T11848] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 539.166431][T11848] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 539.166445][T11848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 539.166459][T11848] R13: 00007f16b01c6038 R14: 00007f16b01c5fa0 R15: 00007ffd267e0e08 [ 539.166490][T11848] [ 539.527743][T10783] Bluetooth: hci0: unexpected event 0x0f length: 726 > 4 [ 539.527790][T10783] Bluetooth: hci0: unexpected event for opcode 0xf6ff [ 539.545749][T11835] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 539.555307][T11835] 86163 total pagecache pages [ 539.560032][T11835] 5 pages in swap cache [ 539.564312][T11835] Free swap = 120744kB [ 539.568499][T11835] Total swap = 124996kB [ 539.572919][T11835] 2097051 pages RAM [ 539.576778][T11835] 0 pages HighMem/MovableOnly [ 539.581492][T11835] 430193 pages reserved [ 539.585749][T11835] 0 pages cma reserved [ 540.132082][T11862] bridge0: port 3(team0) entered blocking state [ 540.142629][T11862] bridge0: port 3(team0) entered disabled state [ 540.149450][T11862] team0: entered allmulticast mode [ 540.156539][T11862] team_slave_0: entered allmulticast mode [ 540.207803][T11862] team0: entered promiscuous mode [ 540.237854][T11862] team_slave_0: entered promiscuous mode [ 540.346189][T11862] bridge0: port 3(team0) entered blocking state [ 540.352763][T11862] bridge0: port 3(team0) entered forwarding state [ 540.409327][T11867] QAT: Stopping all acceleration devices. [ 541.188670][T11860] kexec: Could not allocate control_code_buffer [ 542.189862][T11895] QAT: Stopping all acceleration devices. [ 542.494841][T11901] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 543.224645][T11896] bond0: option all_slaves_active: invalid value () [ 543.928294][T11925] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 544.780494][T11939] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1263'. [ 544.881957][T11926] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 544.943099][T11930] HfR: entered promiscuous mode [ 545.107221][T11939] HfR: left promiscuous mode [ 545.670738][T11957] QAT: Stopping all acceleration devices. [ 545.863750][T11958] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input21 [ 547.040061][T11974] Invalid ELF header magic: != ELF [ 549.066434][T12017] FAULT_INJECTION: forcing a failure. [ 549.066434][T12017] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 549.098326][T12017] CPU: 0 UID: 0 PID: 12017 Comm: syz.2.1280 Tainted: G U syzkaller #0 PREEMPT(full) [ 549.098381][T12017] Tainted: [U]=USER [ 549.098393][T12017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 549.098413][T12017] Call Trace: [ 549.098424][T12017] [ 549.098437][T12017] dump_stack_lvl+0x16c/0x1f0 [ 549.098489][T12017] should_fail_ex+0x512/0x640 [ 549.098543][T12017] should_fail_alloc_page+0xe7/0x130 [ 549.098594][T12017] prepare_alloc_pages+0x3c2/0x610 [ 549.098647][T12017] ? rcu_is_watching+0x12/0xc0 [ 549.098686][T12017] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 549.098734][T12017] ? rcu_is_watching+0x12/0xc0 [ 549.098767][T12017] ? trace_mm_page_alloc+0x11f/0x1a0 [ 549.098820][T12017] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 549.098861][T12017] ? lock_acquire+0x179/0x350 [ 549.098916][T12017] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 549.098960][T12017] ? finish_task_switch.isra.0+0x21c/0xc10 [ 549.098997][T12017] ? rcu_is_watching+0x12/0xc0 [ 549.099031][T12017] ? finish_task_switch.isra.0+0x221/0xc10 [ 549.099077][T12017] ? trace_sched_exit_tp+0xd1/0x120 [ 549.099130][T12017] ? __schedule+0x11a3/0x5de0 [ 549.099185][T12017] alloc_pages_bulk_noprof+0x71c/0x1410 [ 549.099228][T12017] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 549.099283][T12017] ? policy_nodemask+0xea/0x4e0 [ 549.099333][T12017] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 549.099378][T12017] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 549.099443][T12017] kasan_populate_vmalloc+0xf1/0x1f0 [ 549.099490][T12017] alloc_vmap_area+0x959/0x29c0 [ 549.099558][T12017] ? __pfx_alloc_vmap_area+0x10/0x10 [ 549.099619][T12017] __get_vm_area_node+0x1ca/0x330 [ 549.099681][T12017] __vmalloc_node_range_noprof+0x271/0x14b0 [ 549.099716][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.099751][T12017] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 549.099805][T12017] ? policy_nodemask+0xea/0x4e0 [ 549.099852][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.099896][T12017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 549.099945][T12017] ? ___kmalloc_large_node+0xed/0x160 [ 549.100005][T12017] __kvmalloc_node_noprof+0x30a/0x620 [ 549.100045][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.100080][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.100121][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.100152][T12017] __do_sys_listmount+0x1c2/0xf80 [ 549.100195][T12017] ? __x64_sys_futex+0x1e0/0x4c0 [ 549.100236][T12017] ? __x64_sys_futex+0x1e9/0x4c0 [ 549.100282][T12017] ? __pfx___do_sys_listmount+0x10/0x10 [ 549.100337][T12017] do_syscall_64+0xcd/0x490 [ 549.100388][T12017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.100423][T12017] RIP: 0033:0x7f729998ebe9 [ 549.100450][T12017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.100483][T12017] RSP: 002b:00007f729a816038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 549.100514][T12017] RAX: ffffffffffffffda RBX: 00007f7299bc6090 RCX: 00007f729998ebe9 [ 549.100537][T12017] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 549.100558][T12017] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 549.100578][T12017] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 549.100599][T12017] R13: 00007f7299bc6128 R14: 00007f7299bc6090 R15: 00007ffc3661dd58 [ 549.100642][T12017] [ 549.498294][T12017] syz.2.1280: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 549.586514][T12017] CPU: 1 UID: 0 PID: 12017 Comm: syz.2.1280 Tainted: G U syzkaller #0 PREEMPT(full) [ 549.586571][T12017] Tainted: [U]=USER [ 549.586582][T12017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 549.586603][T12017] Call Trace: [ 549.586614][T12017] [ 549.586639][T12017] dump_stack_lvl+0x16c/0x1f0 [ 549.586689][T12017] warn_alloc+0x248/0x3a0 [ 549.586731][T12017] ? __pfx_warn_alloc+0x10/0x10 [ 549.586774][T12017] ? kfree+0x2b4/0x4d0 [ 549.586816][T12017] ? __get_vm_area_node+0x208/0x330 [ 549.586877][T12017] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 549.586912][T12017] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 549.586967][T12017] ? policy_nodemask+0xea/0x4e0 [ 549.587016][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.587062][T12017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 549.587103][T12017] ? ___kmalloc_large_node+0xed/0x160 [ 549.587163][T12017] __kvmalloc_node_noprof+0x30a/0x620 [ 549.587203][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.587239][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.587282][T12017] ? __do_sys_listmount+0x1c2/0xf80 [ 549.587314][T12017] __do_sys_listmount+0x1c2/0xf80 [ 549.587356][T12017] ? __x64_sys_futex+0x1e0/0x4c0 [ 549.587397][T12017] ? __x64_sys_futex+0x1e9/0x4c0 [ 549.587440][T12017] ? __pfx___do_sys_listmount+0x10/0x10 [ 549.587492][T12017] do_syscall_64+0xcd/0x490 [ 549.587542][T12017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.587576][T12017] RIP: 0033:0x7f729998ebe9 [ 549.587603][T12017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.587642][T12017] RSP: 002b:00007f729a816038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 549.587674][T12017] RAX: ffffffffffffffda RBX: 00007f7299bc6090 RCX: 00007f729998ebe9 [ 549.587696][T12017] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 549.587717][T12017] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 549.587737][T12017] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 549.587755][T12017] R13: 00007f7299bc6128 R14: 00007f7299bc6090 R15: 00007ffc3661dd58 [ 549.587796][T12017] [ 549.837926][T12017] Mem-Info: [ 549.841524][T12017] active_anon:10397 inactive_anon:15 isolated_anon:0 [ 549.841524][T12017] active_file:5353 inactive_file:51140 isolated_file:0 [ 549.841524][T12017] unevictable:768 dirty:624 writeback:0 [ 549.841524][T12017] slab_reclaimable:11709 slab_unreclaimable:93531 [ 549.841524][T12017] mapped:27865 shmem:1361 pagetables:1254 [ 549.841524][T12017] sec_pagetables:0 bounce:0 [ 549.841524][T12017] kernel_misc_reclaimable:0 [ 549.841524][T12017] free:1308149 free_pcp:23189 free_cma:0 [ 549.887715][T12017] Node 0 active_anon:40388kB inactive_anon:60kB active_file:21412kB inactive_file:201808kB unevictable:5936kB isolated(anon):0kB isolated(file):0kB mapped:111848kB dirty:2492kB writeback:0kB shmem:4408kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11040kB pagetables:4844kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 549.924799][T12017] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 550.070205][T12017] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 550.190048][T12017] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 550.205773][T12017] Node 0 DMA32 free:1346460kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44344kB inactive_anon:60kB active_file:21412kB inactive_file:200400kB unevictable:5736kB writepending:2492kB present:3129332kB managed:2539584kB mlocked:4204kB bounce:0kB free_pcp:44492kB local_pcp:22344kB free_cma:0kB [ 550.267360][T12017] lowmem_reserve[]: 0 0 1 1 1 [ 550.282496][T12017] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 550.341711][T12017] lowmem_reserve[]: 0 0 0 0 0 [ 550.422633][T12017] Node 1 Normal free:3871088kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:43184kB local_pcp:24484kB free_cma:0kB [ 550.456875][T12017] lowmem_reserve[]: 0 0 0 0 0 [ 550.600646][T12017] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 550.614368][T12017] Node 0 DMA32: 3117*4kB (UME) 1857*8kB (UME) 1552*16kB (UM) 947*32kB (UME) 618*64kB (UM) 366*128kB (UME) 195*256kB (UM) 118*512kB (UM) 64*1024kB (UM) 5*2048kB (UM) 242*4096kB (UM) = 1346204kB [ 550.634164][T12017] Node 0 Normal: 3*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 550.648903][T12017] Node 1 Normal: 14*4kB (UME) 9*8kB (UME) 15*16kB (UME) 6*32kB (UME) 13*64kB (UME) 8*128kB (UME) 8*256kB (UME) 2*512kB (UE) 1*1024kB (M) 3*2048kB (UME) 942*4096kB (M) = 3871088kB [ 550.667879][T12017] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 551.007659][T12017] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=2 hugepages_size=2048kB [ 551.045208][T12017] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 551.085646][T12017] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 551.095277][T12017] 58367 total pagecache pages [ 551.100213][T12017] 6 pages in swap cache [ 551.104760][T12017] Free swap = 118760kB [ 551.109723][T12017] Total swap = 124996kB [ 551.141921][T12017] 2097051 pages RAM [ 551.146144][T12017] 0 pages HighMem/MovableOnly [ 551.152119][T12017] 430193 pages reserved [ 551.160205][T12017] 0 pages cma reserved [ 554.693709][T12086] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 555.054856][T12091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.075510][T12091] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 555.212878][T12091] ecryptfs_miscdev_write: Invalid packet size [111] [ 555.590887][T12096] FAULT_INJECTION: forcing a failure. [ 555.590887][T12096] name failslab, interval 1, probability 0, space 0, times 0 [ 555.610920][T12088] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 555.613360][T12096] CPU: 1 UID: 0 PID: 12096 Comm: syz.1.1298 Tainted: G U syzkaller #0 PREEMPT(full) [ 555.613417][T12096] Tainted: [U]=USER [ 555.613429][T12096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 555.613462][T12096] Call Trace: [ 555.613474][T12096] [ 555.613489][T12096] dump_stack_lvl+0x16c/0x1f0 [ 555.613547][T12096] should_fail_ex+0x512/0x640 [ 555.613600][T12096] ? __kvmalloc_node_noprof+0x124/0x620 [ 555.613649][T12096] should_failslab+0xc2/0x120 [ 555.613699][T12096] __kvmalloc_node_noprof+0x137/0x620 [ 555.613738][T12096] ? trace_kmalloc+0x2b/0xd0 [ 555.613793][T12096] ? alloc_netdev_mqs+0xd2/0x1530 [ 555.613854][T12096] ? __pfx_do_setup+0x10/0x10 [ 555.613909][T12096] ? alloc_netdev_mqs+0xd2/0x1530 [ 555.613958][T12096] alloc_netdev_mqs+0xd2/0x1530 [ 555.614022][T12096] internal_dev_create+0x8a/0x520 [ 555.614081][T12096] ovs_vport_add+0x144/0x4d0 [ 555.614138][T12096] new_vport+0x16/0x1d0 [ 555.614181][T12096] ovs_dp_cmd_new+0x6ba/0xe60 [ 555.614236][T12096] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 555.614292][T12096] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 555.614357][T12096] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 555.614430][T12096] genl_family_rcv_msg_doit+0x209/0x2f0 [ 555.614500][T12096] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 555.614575][T12096] ? bpf_lsm_capable+0x9/0x10 [ 555.614608][T12096] ? security_capable+0x7e/0x260 [ 555.614647][T12096] ? ns_capable+0xd7/0x110 [ 555.614692][T12096] genl_rcv_msg+0x55c/0x800 [ 555.614730][T12096] ? __pfx_genl_rcv_msg+0x10/0x10 [ 555.614791][T12096] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 555.614842][T12096] ? __lock_acquire+0x62e/0x1ce0 [ 555.614900][T12096] netlink_rcv_skb+0x158/0x420 [ 555.614953][T12096] ? __pfx_genl_rcv_msg+0x10/0x10 [ 555.615015][T12096] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 555.615095][T12096] ? netlink_deliver_tap+0x1ae/0xd30 [ 555.615143][T12096] ? is_vmalloc_addr+0x86/0xa0 [ 555.615188][T12096] genl_rcv+0x28/0x40 [ 555.615244][T12096] netlink_unicast+0x5a7/0x870 [ 555.615306][T12096] ? __pfx_netlink_unicast+0x10/0x10 [ 555.615362][T12096] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 555.615412][T12096] ? __lock_acquire+0xb97/0x1ce0 [ 555.615482][T12096] netlink_sendmsg+0x8d1/0xdd0 [ 555.615544][T12096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 555.615605][T12096] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 555.615655][T12096] ____sys_sendmsg+0xa98/0xc70 [ 555.615694][T12096] ? copy_msghdr_from_user+0x10a/0x160 [ 555.615746][T12096] ? __pfx_____sys_sendmsg+0x10/0x10 [ 555.615793][T12096] ? __pfx_futex_wake_mark+0x10/0x10 [ 555.615856][T12096] ___sys_sendmsg+0x134/0x1d0 [ 555.615908][T12096] ? __pfx____sys_sendmsg+0x10/0x10 [ 555.616014][T12096] __sys_sendmsg+0x16d/0x220 [ 555.616065][T12096] ? __pfx___sys_sendmsg+0x10/0x10 [ 555.616115][T12096] ? __x64_sys_futex+0x1e0/0x4c0 [ 555.616189][T12096] do_syscall_64+0xcd/0x490 [ 555.616233][T12096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.616266][T12096] RIP: 0033:0x7f16aff8ebe9 [ 555.616297][T12096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.616335][T12096] RSP: 002b:00007f16b0d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 555.616371][T12096] RAX: ffffffffffffffda RBX: 00007f16b01c5fa0 RCX: 00007f16aff8ebe9 [ 555.616398][T12096] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 555.616421][T12096] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 555.616478][T12096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 555.616501][T12096] R13: 00007f16b01c6038 R14: 00007f16b01c5fa0 R15: 00007ffd267e0e08 [ 555.616549][T12096] [ 556.693406][T10783] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 556.693458][T10783] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 556.708492][T10783] Bluetooth: hci0: Dropping invalid advertising data [ 556.718824][T10783] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 556.718878][T10783] Bluetooth: hci0: Dropping invalid advertising data [ 556.732975][T10783] Bluetooth: hci0: Malformed LE Event: 0x02 [ 558.240280][T12139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1310'. [ 558.331148][T12132] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 558.341938][T12132] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 558.369647][T12132] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 558.491265][T12147] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 558.514818][T12147] FAULT_INJECTION: forcing a failure. [ 558.514818][T12147] name failslab, interval 1, probability 0, space 0, times 0 [ 558.548201][T12147] CPU: 0 UID: 0 PID: 12147 Comm: syz.2.1311 Tainted: G U syzkaller #0 PREEMPT(full) [ 558.548248][T12147] Tainted: [U]=USER [ 558.548257][T12147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 558.548272][T12147] Call Trace: [ 558.548282][T12147] [ 558.548292][T12147] dump_stack_lvl+0x16c/0x1f0 [ 558.548329][T12147] should_fail_ex+0x512/0x640 [ 558.548363][T12147] ? __kmalloc_noprof+0xbf/0x510 [ 558.548393][T12147] ? __register_sysctl_table+0xea2/0x1900 [ 558.548429][T12147] should_failslab+0xc2/0x120 [ 558.548463][T12147] __kmalloc_noprof+0xd2/0x510 [ 558.548489][T12147] ? __register_sysctl_table+0xe8e/0x1900 [ 558.548533][T12147] __register_sysctl_table+0xea2/0x1900 [ 558.548577][T12147] ? __pfx___register_sysctl_table+0x10/0x10 [ 558.548613][T12147] ? is_module_address+0x69/0xf0 [ 558.548648][T12147] ? register_net_sysctl_sz+0x228/0x3e0 [ 558.548686][T12147] ? __asan_memcpy+0x3c/0x60 [ 558.548714][T12147] nf_log_net_init+0x109/0x450 [ 558.548751][T12147] ? __pfx_nf_log_net_init+0x10/0x10 [ 558.548786][T12147] ops_init+0x1e2/0x5f0 [ 558.548824][T12147] setup_net+0x10f/0x380 [ 558.548856][T12147] ? lockdep_init_map_type+0x5c/0x280 [ 558.548892][T12147] ? __pfx_setup_net+0x10/0x10 [ 558.548928][T12147] ? debug_mutex_init+0x37/0x70 [ 558.548956][T12147] copy_net_ns+0x2a6/0x5f0 [ 558.549007][T12147] create_new_namespaces+0x3ea/0xa90 [ 558.549042][T12147] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 558.549074][T12147] ksys_unshare+0x45b/0xa40 [ 558.549108][T12147] ? __pfx_ksys_unshare+0x10/0x10 [ 558.549142][T12147] ? xfd_validate_state+0x61/0x180 [ 558.549187][T12147] __x64_sys_unshare+0x31/0x40 [ 558.549220][T12147] do_syscall_64+0xcd/0x490 [ 558.549256][T12147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.549281][T12147] RIP: 0033:0x7f729998ebe9 [ 558.549300][T12147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.549324][T12147] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 558.549347][T12147] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 558.549363][T12147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 558.549378][T12147] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 558.549393][T12147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.549408][T12147] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 558.549438][T12147] [ 558.549449][T12147] sysctl could not get directory: /net/netfilter/nf_log -12 [ 558.833277][T12154] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 559.208513][T12156] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 559.971059][T12175] vivid-003: ================= START STATUS ================= [ 560.035486][T12175] vivid-003: Radio HW Seek Mode: Bounded [ 560.094549][T12175] vivid-003: Radio Programmable HW Seek: false [ 560.131452][T12175] vivid-003: RDS Rx I/O Mode: Block I/O [ 560.137626][T12175] vivid-003: Generate RBDS Instead of RDS: false [ 560.177900][T12175] vivid-003: RDS Reception: true [ 560.204701][T12175] vivid-003: RDS Program Type: 0 inactive [ 560.212709][T10783] Bluetooth: hci0: command 0x0c1a tx timeout [ 560.221666][T12175] vivid-003: RDS PS Name: inactive [ 560.313941][T12175] vivid-003: RDS Radio Text: inactive [ 560.319640][T12175] vivid-003: RDS Traffic Announcement: false inactive [ 560.328114][T12175] vivid-003: RDS Traffic Program: false inactive [ 560.337667][T12175] vivid-003: RDS Music: false inactive [ 560.343562][T12175] vivid-003: ================== END STATUS ================== [ 560.383708][T10783] Bluetooth: hci1: command 0x0c1a tx timeout [ 560.442460][T10783] Bluetooth: hci3: command 0x0c1a tx timeout [ 561.746266][T12205] : Can't lookup blockdev [ 561.817281][T12208] FAULT_INJECTION: forcing a failure. [ 561.817281][T12208] name failslab, interval 1, probability 0, space 0, times 0 [ 561.821931][T12210] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 561.830257][T12208] CPU: 0 UID: 0 PID: 12208 Comm: syz.1.1323 Tainted: G U syzkaller #0 PREEMPT(full) [ 561.830316][T12208] Tainted: [U]=USER [ 561.830328][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 561.830352][T12208] Call Trace: [ 561.830365][T12208] [ 561.830380][T12208] dump_stack_lvl+0x16c/0x1f0 [ 561.830438][T12208] should_fail_ex+0x512/0x640 [ 561.830491][T12208] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 561.830542][T12208] should_failslab+0xc2/0x120 [ 561.830594][T12208] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 561.830636][T12208] ? __proc_create+0xc3/0x8e0 [ 561.830692][T12208] ? __proc_create+0x2ce/0x8e0 [ 561.830748][T12208] __proc_create+0x2ce/0x8e0 [ 561.830805][T12208] ? __pfx___proc_create+0x10/0x10 [ 561.830868][T12208] ? _raw_write_unlock+0x28/0x50 [ 561.830915][T12208] ? proc_register+0x314/0x5f0 [ 561.830974][T12208] proc_create_reg+0x7d/0x180 [ 561.831046][T12208] proc_create_net_data+0x8e/0x1c0 [ 561.831104][T12208] ? __pfx_proc_create_net_data+0x10/0x10 [ 561.831177][T12208] ac6_proc_init+0x53/0x70 [ 561.831222][T12208] inet6_net_init+0x85b/0xb20 [ 561.831261][T12208] ? __pfx_inet6_net_init+0x10/0x10 [ 561.831294][T12208] ops_init+0x1e2/0x5f0 [ 561.831355][T12208] setup_net+0x10f/0x380 [ 561.831405][T12208] ? lockdep_init_map_type+0x5c/0x280 [ 561.831459][T12208] ? __pfx_setup_net+0x10/0x10 [ 561.831515][T12208] ? debug_mutex_init+0x37/0x70 [ 561.831557][T12208] copy_net_ns+0x2a6/0x5f0 [ 561.831622][T12208] create_new_namespaces+0x3ea/0xa90 [ 561.831675][T12208] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 561.831725][T12208] ksys_unshare+0x45b/0xa40 [ 561.831777][T12208] ? __pfx_ksys_unshare+0x10/0x10 [ 561.831830][T12208] ? xfd_validate_state+0x61/0x180 [ 561.831898][T12208] __x64_sys_unshare+0x31/0x40 [ 561.831949][T12208] do_syscall_64+0xcd/0x490 [ 561.832019][T12208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.832059][T12208] RIP: 0033:0x7f16aff8ebe9 [ 561.832091][T12208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.832128][T12208] RSP: 002b:00007f16b0d4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 561.832162][T12208] RAX: ffffffffffffffda RBX: 00007f16b01c5fa0 RCX: 00007f16aff8ebe9 [ 561.832188][T12208] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 561.832212][T12208] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 561.832235][T12208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.832259][T12208] R13: 00007f16b01c6038 R14: 00007f16b01c5fa0 R15: 00007ffd267e0e08 [ 561.832307][T12208] [ 561.912820][T12189] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 562.125064][T12189] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 562.136288][T12189] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 563.562376][T10783] Bluetooth: hci0: command 0x0c1a tx timeout [ 563.678248][T12231] Invalid ELF header magic: != ELF /[ 564.221383][T10783] Bluetooth: hci3: command 0x0c1a tx timeout [ 564.227735][T11021] Bluetooth: hci1: command 0x0c1a tx timeout [ 564.534338][T12223] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 564.585812][T12245] random: crng reseeded on system resumption [ 564.879015][T12252] ubi0: attaching mtd0 [ 564.901976][T12252] ubi0: scanning is finished [ 564.908533][T12252] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 564.987347][T12250] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 954 with max blocks 18 with error 117 [ 565.021723][T12250] EXT4-fs (sda1): This should not happen!! Data will be lost [ 565.021723][T12250] [ 565.036706][T12251] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 941 with max blocks 21 with error 117 [ 565.038494][T12252] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 565.073687][T12251] EXT4-fs (sda1): This should not happen!! Data will be lost [ 565.073687][T12251] [ 565.659063][T12259] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1334'. [ 565.762161][T12259] veth1_macvtap: left allmulticast mode [ 565.784192][T12259] veth1_macvtap: left promiscuous mode [ 568.944634][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 970 with max blocks 2 with error 117 [ 568.971696][T12314] ubi0: attaching mtd0 [ 569.007802][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 569.007802][T10784] [ 569.031242][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 947 with max blocks 15 with error 117 [ 569.064111][T12314] ubi0: scanning is finished [ 569.068804][T12314] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 569.083110][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 569.083110][T10784] [ 569.102836][T10784] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 949 with max blocks 5 with error 117 [ 569.147226][T10784] EXT4-fs (sda1): This should not happen!! Data will be lost [ 569.147226][T10784] [ 569.411898][T12319] blktrace: Concurrent blktraces are not allowed on ram7 [ 569.692564][T12314] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 570.043625][T12329] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1347'. [ 571.300036][T12350] nbd: couldn't find device at index 137 [ 572.007848][T11163] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 947 with max blocks 15 with error 117 [ 572.041345][T11163] EXT4-fs (sda1): This should not happen!! Data will be lost [ 572.041345][T11163] [ 572.064892][T11163] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 951 with max blocks 1 with error 117 [ 572.077948][T11163] EXT4-fs (sda1): This should not happen!! Data will be lost [ 572.077948][T11163] [ 572.111094][T11163] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 942 with max blocks 5 with error 117 [ 572.128208][T11163] EXT4-fs (sda1): This should not happen!! Data will be lost [ 572.128208][T11163] [ 573.269347][T12383] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1359'. [ 573.497938][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.504458][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.522762][T12408] random: crng reseeded on system resumption [ 576.319316][T12433] kernel read not supported for file /gMQ_g _N{7vGlq wĉu}OUVW.uw.`O:KdYѮaj7nwKQHg[壣%'ϖX:DktހX [$O8 bŹ9F@eMU;$Q8҇ŝ赵DtS^0YJpu (pid: 12433 comm: syz.0.1368) [ 576.346223][ C1] vkms_vblank_simulate: vblank timer overrun [ 576.441004][ T30] audit: type=1800 audit(1056.070:18): pid=12433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1368" name=BEF282E71467B5EE4D5113A25F67BF09FAF25F4EB07BF9B53776EE47D96CBF8671207796D9E9A8E1F0C71F1EC4C4897583E87DBD7F4F91C15556572EB6AD047502772EEC604FC10E15E73AC91B4BCD64590395D1AEC19B969F616AD2FCFC1F37AFCA6EF6C0774BCEE751AEC9486701EFDA5BE5A3A325278FCF96583A04446B747FDE8001DD589188A109C3F1FE5B93244F382062B492F4BCC5B99839FC46ECDC40DDDA654DE055C83BF5E7245138D287DDC59DC5E8B5B5B8DF44D0E8748A53AABEAABA9E5E301AF859F54A700875BA98 dev="mqueue" ino=38106 res=0 errno=0 [ 576.804732][T12445] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 576.836199][T12443] zswap: compressor not available [ 577.101429][T12443] zswap: compressor not available [ 577.907652][T12477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1377'. [ 577.933213][T12477] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1377'. [ 578.777295][T12495] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1380'. [ 580.580923][T12523] Invalid ELF header magic: != ELF [ 580.865454][T12532] netlink: 54 bytes leftover after parsing attributes in process `syz.2.1387'. [ 580.877208][T12526] ima: policy update failed [ 580.897826][ T30] audit: type=1802 audit(1060.542:19): pid=12526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1387" res=0 errno=0 [ 589.299071][T12684] bridge0: port 2(veth1_macvtap) entered blocking state [ 589.306147][T12684] bridge0: port 2(veth1_macvtap) entered disabled state [ 589.377296][T12684] veth1_macvtap: entered allmulticast mode [ 589.385524][T12684] veth1_macvtap: left allmulticast mode [ 590.706425][T12709] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1418'. [ 591.263880][T12714] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.8192.1450), cmd(3) [ 591.892762][T12714] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 957 with max blocks 15 with error 117 [ 591.909322][T12714] EXT4-fs (sda1): This should not happen!! Data will be lost [ 591.909322][T12714]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      [ 621.122988][T11163] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 952 with max blocks 20 with error 117 [ 621.146076][T11163] EXT4-fs (sda1): This should not happen!! Data will be lost [ 621.146076][T11163] [ 621.506576][T11163] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 955 with max blocks 7 with error 117 [ 621.561437][T11163] EXT4-fs (sda1): This should not happen!! Data will be lost [ 621.561437][T11163] [ 621.633848][T11163] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 948 with max blocks 6 with error 117 syzkaller syzkaller login: [ 621.714788][T11163] EXT4-fs (sda1): This should not happen!! Data will be lost [ 621.714788][T11163] [ 621.735028][T13219] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 623.636136][T13258] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 623.741963][T13258] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 624.538706][T13271] [ 625.177305][T13257] ima: policy update failed [ 625.192646][ T30] audit: type=1802 audit(1104.871:20): pid=13257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1530" res=0 errno=0 [ 628.789265][T13355] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 628.896249][T13348] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 628.907371][T13348] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 628.916626][T13348] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 629.080783][T13363] vivid-007: ================= START STATUS ================= [ 629.100972][T13363] vivid-007: Generate PTS: true [ 629.110258][T13363] vivid-007: Generate SCR: true [ 629.129196][T13363] tpg source WxH: 320x240 (Y'CbCr) [ 629.153706][T13363] tpg field: 1 [ 629.157133][T13363] tpg crop: (0,0)/320x240 [ 629.161633][T13363] tpg compose: (0,0)/320x240 [ 629.172225][T13363] tpg colorspace: 8 [ 629.178504][T13363] tpg transfer function: 0/0 [ 629.183329][T13363] tpg Y'CbCr encoding: 0/0 [ 629.229846][T13363] tpg quantization: 0/0 [ 629.234054][T13363] tpg RGB range: 0/2 [ 629.238202][T13363] vivid-007: ================== END STATUS ================== [ 630.740708][T10783] Bluetooth: hci0: command 0x0c1a tx timeout [ 630.982619][T10783] Bluetooth: hci3: command 0x0c1a tx timeout [ 630.988724][T10783] Bluetooth: hci1: command 0x0c1a tx timeout [ 633.772573][T13406] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1552'. [ 633.976588][T13415] vivid-003: ================= START STATUS ================= [ 633.986579][T13415] vivid-003: Radio HW Seek Mode: Bounded [ 634.024347][T13417] bond0: option all_slaves_active: invalid value () [ 634.033631][T13415] vivid-003: Radio Programmable HW Seek: false [ 634.038401][T13418] vivid-007: ================= START STATUS ================= [ 634.040033][T13415] vivid-003: RDS Rx I/O Mode: [ 634.102699][T13418] vivid-007: Generate PTS: true [ 634.131872][T13415] Block I/O [ 634.131883][T13418] vivid-007: Generate SCR: true [ 634.135032][T13415] [ 634.135046][T13415] vivid-003: Generate RBDS Instead of RDS: false [ 634.150025][T13418] [ 634.150042][T13418] tpg source WxH: 320x240 (Y'CbCr) [ 634.156387][T13415] vivid-003: RDS Reception: true [ 634.156434][T13415] vivid-003: RDS Program Type: 0 inactive [ 634.156483][T13415] vivid-003: RDS PS Name: [ 634.181846][T13418] tpg field: 1 [ 634.181878][T13415] [ 634.298921][T13418] tpg crop: (0,0)/320x240 [ 634.305630][T13418] tpg compose: (0,0)/320x240 [ 634.375142][T13415] inactive [ 634.424311][T13418] tpg colorspace: 8 [ 634.439231][T13418] tpg transfer function: 0/0 [ 634.448089][T13415] vivid-003: RDS Radio Text: inactive [ 634.453670][T13415] vivid-003: RDS Traffic Announcement: false inactive [ 634.455453][T13418] tpg Y'CbCr encoding: 0/0 [ 634.465929][T13415] vivid-003: RDS Traffic Program: [ 634.465942][T13418] tpg quantization: 0/0 [ 634.465964][T13418] tpg RGB range: 0/2 [ 634.599901][T13415] false inactive [ 634.617668][T13415] vivid-003: RDS Music: false inactive [ 634.617753][T13418] vivid-007: ================== END STATUS ================== [ 634.623234][T13415] vivid-003: ================== END STATUS ================== [ 634.902801][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.909354][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 637.905313][T13466] ima: policy update failed [ 637.934830][ T30] audit: type=1802 audit(1117.596:21): pid=13466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1568" res=0 errno=0 [ 638.383867][T13478] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 958 with max blocks 14 with error 117 [ 638.403308][T13478] EXT4-fs (sda1): This should not happen!! Data will be lost [ 638.403308][T13478] [ 638.815084][T13505] Invalid ELF header magic: != ELF [ 638.837465][T13506] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1576'. [ 639.484740][T13511] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1576'. [ 639.581265][T13511] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1576'. [ 639.905978][T13497] FAULT_INJECTION: forcing a failure. [ 639.905978][T13497] name failslab, interval 1, probability 0, space 0, times 0 [ 639.919596][T13497] CPU: 1 UID: 0 PID: 13497 Comm: syz.2.1573 Tainted: G U syzkaller #0 PREEMPT(full) [ 639.919650][T13497] Tainted: [U]=USER [ 639.919662][T13497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 639.919682][T13497] Call Trace: [ 639.919692][T13497] [ 639.919707][T13497] dump_stack_lvl+0x16c/0x1f0 [ 639.919746][T13497] should_fail_ex+0x512/0x640 [ 639.919781][T13497] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 639.919811][T13497] should_failslab+0xc2/0x120 [ 639.919844][T13497] __kmalloc_cache_noprof+0x6a/0x3e0 [ 639.919869][T13497] ? apply_subsystem_event_filter+0x460/0x17e0 [ 639.919903][T13497] ? kasan_save_track+0x14/0x30 [ 639.919934][T13497] apply_subsystem_event_filter+0x460/0x17e0 [ 639.919975][T13497] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 639.920014][T13497] ? _copy_from_user+0x59/0xd0 [ 639.920057][T13497] subsystem_filter_write+0x95/0x120 [ 639.920090][T13497] ? __pfx_subsystem_filter_write+0x10/0x10 [ 639.920120][T13497] vfs_write+0x2a0/0x11d0 [ 639.920153][T13497] ? __pfx___mutex_lock+0x10/0x10 [ 639.920188][T13497] ? __pfx_vfs_write+0x10/0x10 [ 639.920225][T13497] ? __fget_files+0x20e/0x3c0 [ 639.920260][T13497] ksys_write+0x12a/0x250 [ 639.920287][T13497] ? __pfx_ksys_write+0x10/0x10 [ 639.920325][T13497] do_syscall_64+0xcd/0x490 [ 639.920361][T13497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.920396][T13497] RIP: 0033:0x7f729998ebe9 [ 639.920415][T13497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.920439][T13497] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 639.920461][T13497] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 639.920477][T13497] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000007 [ 639.920492][T13497] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 639.920506][T13497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 639.920521][T13497] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 639.920551][T13497] [ 641.162788][T13537] FAULT_INJECTION: forcing a failure. [ 641.162788][T13537] name failslab, interval 1, probability 0, space 0, times 0 [ 641.206429][T13537] CPU: 0 UID: 0 PID: 13537 Comm: syz.2.1581 Tainted: G U syzkaller #0 PREEMPT(full) [ 641.206483][T13537] Tainted: [U]=USER [ 641.206494][T13537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 641.206516][T13537] Call Trace: [ 641.206526][T13537] [ 641.206539][T13537] dump_stack_lvl+0x16c/0x1f0 [ 641.206592][T13537] should_fail_ex+0x512/0x640 [ 641.206641][T13537] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 641.206693][T13537] should_failslab+0xc2/0x120 [ 641.206739][T13537] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 641.206783][T13537] ? __register_sysctl_table+0x73b/0x1900 [ 641.206837][T13537] ? register_ip_vs_app+0x17a/0x370 [ 641.206893][T13537] kmemdup_noprof+0x29/0x60 [ 641.206937][T13537] register_ip_vs_app+0x17a/0x370 [ 641.206985][T13537] __ip_vs_ftp_init+0x60/0x220 [ 641.207031][T13537] ? __ip_vs_lblcr_init+0x189/0x330 [ 641.207073][T13537] ? __pfx___ip_vs_ftp_init+0x10/0x10 [ 641.207120][T13537] ops_init+0x1e2/0x5f0 [ 641.207173][T13537] setup_net+0x10f/0x380 [ 641.207219][T13537] ? lockdep_init_map_type+0x5c/0x280 [ 641.207278][T13537] ? __pfx_setup_net+0x10/0x10 [ 641.207329][T13537] ? debug_mutex_init+0x37/0x70 [ 641.207369][T13537] copy_net_ns+0x2a6/0x5f0 [ 641.207427][T13537] create_new_namespaces+0x3ea/0xa90 [ 641.207477][T13537] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 641.207523][T13537] ksys_unshare+0x45b/0xa40 [ 641.207570][T13537] ? __pfx_ksys_unshare+0x10/0x10 [ 641.207620][T13537] ? xfd_validate_state+0x61/0x180 [ 641.207683][T13537] __x64_sys_unshare+0x31/0x40 [ 641.207732][T13537] do_syscall_64+0xcd/0x490 [ 641.207783][T13537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.207818][T13537] RIP: 0033:0x7f729998ebe9 [ 641.207845][T13537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 641.207879][T13537] RSP: 002b:00007f729a837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 641.207912][T13537] RAX: ffffffffffffffda RBX: 00007f7299bc5fa0 RCX: 00007f729998ebe9 [ 641.207935][T13537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 641.207956][T13537] RBP: 00007f7299a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 641.207977][T13537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 641.207998][T13537] R13: 00007f7299bc6038 R14: 00007f7299bc5fa0 R15: 00007ffc3661dd58 [ 641.208043][T13537] [ 642.260202][T13549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1592'. [ 643.170429][T13569] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 643.435789][T13577] Console: switching to colour VGA+ 128x48 [ 643.659439][T13580] ================================================================== [ 643.659459][T13580] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 643.659506][T13580] Read of size 256 at addr ffff88804c23bf40 by task syz.1.1594/13580 [ 643.659533][T13580] [ 643.659551][T13580] CPU: 0 UID: 0 PID: 13580 Comm: syz.1.1594 Tainted: G U syzkaller #0 PREEMPT(full) [ 643.659593][T13580] Tainted: [U]=USER [ 643.659604][T13580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 643.659626][T13580] Call Trace: [ 643.659636][T13580] [ 643.659649][T13580] dump_stack_lvl+0x116/0x1f0 [ 643.659695][T13580] print_report+0xcd/0x630 [ 643.659738][T13580] ? __virt_addr_valid+0x81/0x610 [ 643.659779][T13580] ? __phys_addr+0xe8/0x180 [ 643.659821][T13580] ? fbcon_prepare_logo+0xa03/0xc70 [ 643.659862][T13580] kasan_report+0xe0/0x110 [ 643.659916][T13580] ? fbcon_prepare_logo+0xa03/0xc70 [ 643.659964][T13580] kasan_check_range+0x100/0x1b0 [ 643.660021][T13580] __asan_memcpy+0x23/0x60 [ 643.660053][T13580] fbcon_prepare_logo+0xa03/0xc70 [ 643.660104][T13580] fbcon_init+0xd77/0x1900 [ 643.660143][T13580] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 643.660174][T13580] visual_init+0x320/0x620 [ 643.660205][T13580] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 643.660258][T13580] store_bind+0x61d/0x760 [ 643.660302][T13580] ? sysfs_file_kobj+0xe4/0x290 [ 643.660339][T13580] ? __pfx_store_bind+0x10/0x10 [ 643.660380][T13580] dev_attr_store+0x58/0x80 [ 643.660417][T13580] ? __pfx_dev_attr_store+0x10/0x10 [ 643.660453][T13580] sysfs_kf_write+0xf2/0x150 [ 643.660479][T13580] kernfs_fop_write_iter+0x354/0x510 [ 643.660502][T13580] ? __pfx_sysfs_kf_write+0x10/0x10 [ 643.660529][T13580] iter_file_splice_write+0xa24/0x12e0 [ 643.660565][T13580] ? __pfx_iter_file_splice_write+0x10/0x10 [ 643.660594][T13580] ? __pfx_copy_splice_read+0x10/0x10 [ 643.660626][T13580] ? __pfx_iter_file_splice_write+0x10/0x10 [ 643.660653][T13580] direct_splice_actor+0x18f/0x6c0 [ 643.660688][T13580] splice_direct_to_actor+0x345/0xa30 [ 643.660723][T13580] ? __pfx_direct_splice_actor+0x10/0x10 [ 643.660763][T13580] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 643.660804][T13580] do_splice_direct+0x174/0x240 [ 643.660837][T13580] ? __pfx_do_splice_direct+0x10/0x10 [ 643.660904][T13580] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 643.660942][T13580] ? rw_verify_area+0xcf/0x6c0 [ 643.660979][T13580] do_sendfile+0xb06/0xe50 [ 643.661018][T13580] ? __pfx_do_sendfile+0x10/0x10 [ 643.661053][T13580] ? __sys_sendmsg+0x18c/0x220 [ 643.661100][T13580] ? __x64_sys_futex+0x1e0/0x4c0 [ 643.661140][T13580] ? __x64_sys_futex+0x1e9/0x4c0 [ 643.661181][T13580] __x64_sys_sendfile64+0x1d8/0x220 [ 643.661228][T13580] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 643.661284][T13580] do_syscall_64+0xcd/0x490 [ 643.661333][T13580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.661369][T13580] RIP: 0033:0x7f16aff8ebe9 [ 643.661394][T13580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.661427][T13580] RSP: 002b:00007f16b0d2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 643.661458][T13580] RAX: ffffffffffffffda RBX: 00007f16b01c6090 RCX: 00007f16aff8ebe9 [ 643.661481][T13580] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003 [ 643.661500][T13580] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 643.661519][T13580] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 643.661539][T13580] R13: 00007f16b01c6128 R14: 00007f16b01c6090 R15: 00007ffd267e0e08 [ 643.661570][T13580] [ 643.661581][T13580] [ 643.661589][T13580] The buggy address belongs to the physical page: [ 643.661602][T13580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804c23ba80 pfn:0x4c238 [ 643.661633][T13580] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 643.661656][T13580] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 643.661680][T13580] page_type: f8(unknown) [ 643.661703][T13580] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 643.661729][T13580] raw: ffff88804c23ba80 0000000000000000 00000000f8000000 0000000000000000 [ 643.661754][T13580] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 643.661779][T13580] head: ffff88804c23ba80 0000000000000000 00000000f8000000 0000000000000000 [ 643.661808][T13580] head: 00fff00000000002 ffffea0001308e01 00000000ffffffff 00000000ffffffff [ 643.661837][T13580] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 643.661853][T13580] page dumped because: kasan: bad access detected [ 643.661865][T13580] page_owner tracks the page as allocated [ 643.661885][T13580] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_ZERO|__GFP_COMP), pid 13580, tgid 13576 (syz.1.1594), ts 643567490871, free_ts 643542547889 [ 643.661931][T13580] post_alloc_hook+0x1c0/0x230 [ 643.661960][T13580] get_page_from_freelist+0x132b/0x38e0 [ 643.661992][T13580] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 643.662024][T13580] alloc_pages_mpol+0x1fb/0x550 [ 643.662062][T13580] ___kmalloc_large_node+0xed/0x160 [ 643.662103][T13580] __kmalloc_large_node_noprof+0x1c/0x70 [ 643.662146][T13580] __kmalloc_noprof.cold+0xc/0x61 [ 643.662184][T13580] vc_do_resize+0x1de/0x10e0 [ 643.662216][T13580] fbcon_init+0xd53/0x1900 [ 643.662248][T13580] visual_init+0x320/0x620 [ 643.662272][T13580] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 643.662306][T13580] store_bind+0x61d/0x760 [ 643.662336][T13580] dev_attr_store+0x58/0x80 [ 643.662375][T13580] sysfs_kf_write+0xf2/0x150 [ 643.662402][T13580] kernfs_fop_write_iter+0x354/0x510 [ 643.662426][T13580] iter_file_splice_write+0xa24/0x12e0 [ 643.662454][T13580] page last free pid 13580 tgid 13576 stack trace: [ 643.662469][T13580] __free_frozen_pages+0x7d5/0x10f0 [ 643.662493][T13580] vc_do_resize+0xe29/0x10e0 [ 643.662524][T13580] fbcon_startup+0x427/0xba0 [ 643.662555][T13580] do_bind_con_driver.isra.0+0x207/0xbf0 [ 643.662589][T13580] store_bind+0x61d/0x760 [ 643.662620][T13580] dev_attr_store+0x58/0x80 [ 643.662657][T13580] sysfs_kf_write+0xf2/0x150 [ 643.662684][T13580] kernfs_fop_write_iter+0x354/0x510 [ 643.662708][T13580] iter_file_splice_write+0xa24/0x12e0 [ 643.662735][T13580] direct_splice_actor+0x18f/0x6c0 [ 643.662761][T13580] splice_direct_to_actor+0x345/0xa30 [ 643.662787][T13580] do_splice_direct+0x174/0x240 [ 643.662811][T13580] do_sendfile+0xb06/0xe50 [ 643.662837][T13580] __x64_sys_sendfile64+0x1d8/0x220 [ 643.662879][T13580] do_syscall_64+0xcd/0x490 [ 643.662916][T13580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.662943][T13580] [ 643.662949][T13580] Memory state around the buggy address: [ 643.662963][T13580] ffff88804c23be00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 643.662984][T13580] ffff88804c23be80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 643.663004][T13580] >ffff88804c23bf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 643.663019][T13580] ^ [ 643.663034][T13580] ffff88804c23bf80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 643.663054][T13580] ffff88804c23c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 643.663069][T13580] ================================================================== [ 643.684667][T13580] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 643.684691][T13580] CPU: 1 UID: 0 PID: 13580 Comm: syz.1.1594 Tainted: G U syzkaller #0 PREEMPT(full) [ 643.684725][T13580] Tainted: [U]=USER [ 643.684733][T13580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 643.684748][T13580] Call Trace: [ 643.684755][T13580] [ 643.684765][T13580] dump_stack_lvl+0x3d/0x1f0 [ 643.684801][T13580] vpanic+0x6e8/0x7a0 [ 643.684836][T13580] ? __pfx_vpanic+0x10/0x10 [ 643.684875][T13580] ? fbcon_prepare_logo+0xa03/0xc70 [ 643.684906][T13580] panic+0xca/0xd0 [ 643.684944][T13580] ? __pfx_panic+0x10/0x10 [ 643.684991][T13580] ? fbcon_prepare_logo+0xa03/0xc70 [ 643.685020][T13580] ? preempt_schedule_common+0x44/0xc0 [ 643.685050][T13580] ? preempt_schedule_thunk+0x16/0x30 [ 643.685087][T13580] check_panic_on_warn+0xab/0xb0 [ 643.685128][T13580] end_report+0x107/0x170 [ 643.685159][T13580] kasan_report+0xee/0x110 [ 643.685189][T13580] ? fbcon_prepare_logo+0xa03/0xc70 [ 643.685223][T13580] kasan_check_range+0x100/0x1b0 [ 643.685258][T13580] __asan_memcpy+0x23/0x60 [ 643.685281][T13580] fbcon_prepare_logo+0xa03/0xc70 [ 643.685317][T13580] fbcon_init+0xd77/0x1900 [ 643.685347][T13580] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 643.685373][T13580] visual_init+0x320/0x620 [ 643.685399][T13580] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 643.685434][T13580] store_bind+0x61d/0x760 [ 643.685465][T13580] ? sysfs_file_kobj+0xe4/0x290 [ 643.685490][T13580] ? __pfx_store_bind+0x10/0x10 [ 643.685518][T13580] dev_attr_store+0x58/0x80 [ 643.685553][T13580] ? __pfx_dev_attr_store+0x10/0x10 [ 643.685588][T13580] sysfs_kf_write+0xf2/0x150 [ 643.685613][T13580] kernfs_fop_write_iter+0x354/0x510 [ 643.685635][T13580] ? __pfx_sysfs_kf_write+0x10/0x10 [ 643.685662][T13580] iter_file_splice_write+0xa24/0x12e0 [ 643.685697][T13580] ? __pfx_iter_file_splice_write+0x10/0x10 [ 643.685725][T13580] ? __pfx_copy_splice_read+0x10/0x10 [ 643.685756][T13580] ? __pfx_iter_file_splice_write+0x10/0x10 [ 643.685782][T13580] direct_splice_actor+0x18f/0x6c0 [ 643.685808][T13580] splice_direct_to_actor+0x345/0xa30 [ 643.685833][T13580] ? __pfx_direct_splice_actor+0x10/0x10 [ 643.685860][T13580] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 643.685888][T13580] do_splice_direct+0x174/0x240 [ 643.685911][T13580] ? __pfx_do_splice_direct+0x10/0x10 [ 643.685935][T13580] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 643.685960][T13580] ? rw_verify_area+0xcf/0x6c0 [ 643.685985][T13580] do_sendfile+0xb06/0xe50 [ 643.686012][T13580] ? __pfx_do_sendfile+0x10/0x10 [ 643.686036][T13580] ? __sys_sendmsg+0x18c/0x220 [ 643.686069][T13580] ? __x64_sys_futex+0x1e0/0x4c0 [ 643.686098][T13580] ? __x64_sys_futex+0x1e9/0x4c0 [ 643.686135][T13580] __x64_sys_sendfile64+0x1d8/0x220 [ 643.686168][T13580] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 643.686205][T13580] do_syscall_64+0xcd/0x490 [ 643.686239][T13580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.686263][T13580] RIP: 0033:0x7f16aff8ebe9 [ 643.686280][T13580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.686303][T13580] RSP: 002b:00007f16b0d2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 643.686325][T13580] RAX: ffffffffffffffda RBX: 00007f16b01c6090 RCX: 00007f16aff8ebe9 [ 643.686341][T13580] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003 [ 643.686355][T13580] RBP: 00007f16b0011e19 R08: 0000000000000000 R09: 0000000000000000 [ 643.686370][T13580] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 643.686403][T13580] R13: 00007f16b01c6128 R14: 00007f16b01c6090 R15: 00007ffd267e0e08 [ 643.686441][T13580] [ 643.686832][T13580] Kernel Offset: disabled