last executing test programs: 3m33.745838778s ago: executing program 2 (id=305): mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000000c0), r1) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0x9, &(0x7f0000000040)='{6y\xfa\xd6\bk\xf0\xe3\n', 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x2, 0x0, 0x100, 0x2) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x1000000000006, 0x2, 0x6]}, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/scheduler\x00', 0xca002, 0x0) sendfile$auto(r3, 0xffffffffffffffff, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/6/smp_affinity_list\x00', 0xe0182, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7f0) chroot$auto(&(0x7f0000000080)='}[,&*}\x00') readv$auto(r4, 0x0, 0x200000000080003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x2, 0x7ba, 0x4) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) 3m32.784120816s ago: executing program 2 (id=310): r0 = socket(0xa, 0x5, 0x84) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x4e20, @rand_addr=0xfffffffe}, 0x57) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e21, @rand_addr=0x64010102}, 0x55) r1 = io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x10, 0x0, 0x8) close_range$auto(r0, r1, 0x9) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/lacp_active\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f00000000c0)=""/17, 0x11) sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r5, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8844}, 0x20000000) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0x11, 0x1, 0x1e00}]}) socket(0xa, 0x5, 0x84) (async) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x4e20, @rand_addr=0xfffffffe}, 0x57) (async) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e21, @rand_addr=0x64010102}, 0x55) (async) io_uring_setup$auto(0x2, 0x0) (async) setsockopt$auto(0x3, 0x10000000084, 0x10, 0x0, 0x8) (async) close_range$auto(r0, r1, 0x9) (async) socket(0x10, 0x2, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/lacp_active\x00', 0x80, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f00000000c0)=""/17, 0x11) (async) sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r5, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8844}, 0x20000000) (async) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r3) (async) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0x11, 0x1, 0x1e00}]}) (async) 3m32.34357977s ago: executing program 2 (id=314): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) (async) bpf$auto(0x8, &(0x7f0000000440)=@query={@target_fd=0xffffffffffffffff, 0x8, 0x7, 0x6, 0x0, @prog_cnt=0x2, 0x0, 0x8ba0, 0x277, 0xa}, 0xf) (async) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) (async) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/task_delayacct\x00', 0x80282, 0x0) sendfile$auto(r1, r1, 0x0, 0x1049) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000000), r0) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) r2 = socket(0x2, 0x1, 0x106) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) (async) connect$auto(0x3, 0x0, 0x54) (async, rerun: 64) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x52) (rerun: 64) r3 = open(&(0x7f0000001c00)='./file0\x00', 0x2002, 0x42) poll$auto(&(0x7f0000001c40)={r3, 0x8, 0x2}, 0xf11, 0x80000000) renameat2$auto(r0, &(0x7f0000000140)='}[,&*}\x00', r3, &(0x7f00000001c0)='}[,&*}/file0\x00', 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) getcwd$auto(&(0x7f0000000200)='\x00', 0xfffffffffffff980) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) (async, rerun: 64) getsockopt$auto(0x6, 0x40000000029, 0x50, 0xfffffffffffffffe, 0x0) (async, rerun: 64) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000080)='n\x82^d\x00\xe2p-\xca\xcd\x01\xe8\x92\xbf\x98\xfb&!\xc7I\xe2^\x94\xde/\xc2\xfe\x98D\xf5\xd2KD\x05\x1fI\xceE\xf5\x97\xd0\x9d\xdd\xf4%;{\x92\xcbf>.\t\x00\x00\x00\x00\x00\x00\x00N\xc4\'\xc8gi|\xa5\x85YG\xfcP\xc1v/\xe5\x86\x03C8\xfd\x94\xe7~/\xfb}\x8a', 0xc0ed0000, 0x0) 3m32.047634963s ago: executing program 2 (id=317): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x3, 0x0, 0x7) sendmsg$auto_MACSEC_CMD_ADD_TXSA(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4000005) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000280), r0) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r1, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @dev={0xac, 0x14, 0x14, 0x33}}, @TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8008) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_RTC_EPOCH_SET(r0, 0x4008700e, &(0x7f00000003c0)=0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) read$auto(0x3, 0x0, 0x80) get_robust_list$auto(0x0, 0x0, 0x0) r3 = mq_open$auto(&(0x7f0000000140)='/\'{#}#\xc3:}\xea\x00', 0x5, 0xfffc, &(0x7f0000000180)={0x4, 0x10000, 0x8000000000000001, 0x3703}) ioctl$auto_SNDCTL_SYNTH_INFO(r3, 0xc08c5102, &(0x7f00000001c0)="9ed44ea72b00581a09a5fc29c90312325b693e9e7a343a5479a553e5fbda08846fc9a5bb89c87dec852ce587d73d669879bdf77b57d26abf54e16f05c531530088f194251f051b1f9a95b2de302dacd06c095bf5bfc5c4172e5a3a13eceb35aa8b8bc5d9524d6d96e417613644ac627650848e02918eb21add0c") setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = epoll_create$auto(0x9) r5 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x80a80, 0x0) r6 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r6, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, 0x0) bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000040)=@link_update={r4, @new_map_fd=r5, 0x3, @old_map_fd=r6}, 0x9) 3m31.065745684s ago: executing program 2 (id=321): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) unshare$auto(0x8000000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@raw=0x7, 0x1, 0xfffffffb, 0x480008, "3112d58500a8b47148e22af9ffb683dbede3d0bf828bbf100000e5e2f96ee50484b0755015e48d00", @raw=0xfffffffe}, 0x2, 0x5, 0x4, @inferred, @integer64={0x8, 0x0, 0xf}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090d70925450ece0bb32777702b07552d000000000000000000ebff0000000000000059a200"}) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x1, @_sigpoll={0xd}}}) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x21}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x80001, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0xc040563d, 0x38) 3m30.86741382s ago: executing program 2 (id=322): mmap$auto(0x5, 0x8, 0x4000000000e3, 0x800000000000017, 0x401, 0x5) socket(0x11, 0x5, 0x1) (async) socket(0x11, 0x5, 0x1) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) (async) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) (async) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@ax25={0x3, @default, 0x5}, 0x10055) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/net/dev_snmp6/veth0_virt_wifi\x00', 0x200000, 0x0) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf250200c12b2bd90252"], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400000000004, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, r0, 0xfff) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) (async) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) (async) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) (async) read$auto(0x3, 0x0, 0xf34) write$auto(0x3, 0x0, 0xffd8) (async) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x10000000eb0, 0x401, 0x7fff) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) (async) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) 3m15.76073454s ago: executing program 32 (id=322): mmap$auto(0x5, 0x8, 0x4000000000e3, 0x800000000000017, 0x401, 0x5) socket(0x11, 0x5, 0x1) (async) socket(0x11, 0x5, 0x1) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) (async) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) (async) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@ax25={0x3, @default, 0x5}, 0x10055) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/net/dev_snmp6/veth0_virt_wifi\x00', 0x200000, 0x0) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf250200c12b2bd90252"], 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400000000004, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, r0, 0xfff) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) (async) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) (async) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) (async) read$auto(0x3, 0x0, 0xf34) write$auto(0x3, 0x0, 0xffd8) (async) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x10000000eb0, 0x401, 0x7fff) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) (async) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) 17.705723919s ago: executing program 4 (id=936): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000140)={{0xf764, 0x6, 0x40, 0x5, 0xffffff00}, "53970000000000000099a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/pid\x00') mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) setresgid$auto(0x0, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$auto(0x3, 0xae41, r1) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x410401, 0x0) pread64$auto(r3, 0x0, 0xeda5, 0xc86) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x3) r5 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r5, 0x0, 0x0) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$auto(0x3, 0xae41, r4) mount$auto(&(0x7f0000000100)='veth1_macvtap\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='\x00', 0x4, &(0x7f0000000280)="4502a4315b2620ba5d5c39e94a1d82994831cca6b176e45595c8d5328795cdab7c07b7473b2d7dc0519c06e41b3e12978c01c2bfbd1ef86fe00461f3e8c6f810775af22cc5ba98ebeb4eb9cb24a12fc410d153c8a3dc78d846fe54d692a8e02d0cf37edc6359d2788e716bab26bb8dce3a17421bbe26eeb2bfa921c2bc4b8552e6163214d6c29895740be64efe292d0399a4ee171a6e6478992f49446620c71022756ef7c971d77f9849efac5ca795246480e8d15e9c9a6910c0c7546e589902337ae0f8d7e71209b64e07b138374dcb0aac41d215210b") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, 0x0, 0x800, 0x0) r6 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x300, 0x0) ioctl$auto_EVIOCGREP(r6, 0x80084503, 0x0) madvise$auto(0x0, 0x1b6, 0x15) madvise$auto(0x0, 0x3, 0x67) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') 15.207833622s ago: executing program 4 (id=941): ioprio_set$auto(0x2, 0x800000000, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) r0 = getsid$auto(0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000) r1 = socket(0x15, 0x5, 0x0) setsockopt$auto(0x3, 0x114, 0x3f, 0x0, 0x4) fcntl$auto(0x3, 0x1, r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socket(0xa, 0x80803, 0x6) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r3 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000140), r2) sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(r2, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000228bd7000ffdbdf250700000014000200776c616e300000000000000000000000140004007465616d5f736c6176655f30005ee834d3"], 0x74}}, 0x7e83e2eb1e6628a5) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x1b) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) read$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000003dc0)=""/167, 0xa7) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x183681, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r1) 9.99782558s ago: executing program 4 (id=951): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) (async, rerun: 32) socket(0x25, 0x1, 0x3) (async, rerun: 32) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) (async, rerun: 32) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) (async, rerun: 32) r0 = socket(0x2a, 0x2, 0x0) ioctl$auto(r0, 0x8912, 0x38) (async) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) arch_prctl$auto(0x1003, 0xffffffffffffffff) (async) write$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000380)="0a1b9a5c7b0040000000b154d7886d8edeea371cadb848770dc8f745d1c76eedba12b9f694dabdbcf3401910000000000060000023b5d40a", 0x38) r2 = socket(0xa, 0x3, 0x3a) ioctl$auto(r2, 0x890b, 0x1) 9.519674216s ago: executing program 4 (id=952): ioprio_set$auto(0x2, 0x800000000, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) r0 = getsid$auto(0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000) r1 = socket(0x15, 0x5, 0x0) setsockopt$auto(0x3, 0x114, 0x3f, 0x0, 0x4) fcntl$auto(0x3, 0x1, r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socket(0xa, 0x80803, 0x6) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r3 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000140), r2) sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(r2, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000228bd7000ffdbdf250700000014000200776c616e300000000000000000000000140004007465616d5f736c6176655f30005ee834d3"], 0x74}}, 0x7e83e2eb1e6628a5) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x1b) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) read$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000003dc0)=""/167, 0xa7) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x183681, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r1) 6.446152898s ago: executing program 3 (id=963): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000140)={{0xf764, 0x6, 0x40, 0x5, 0xffffff00}, "53970000000000000099a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/pid\x00') mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x3) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) setresgid$auto(0x0, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$auto(0x3, 0xae41, r1) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x410401, 0x0) pread64$auto(r3, 0x0, 0xeda5, 0xc86) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x3) r5 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r5, 0x0, 0x0) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$auto(0x3, 0xae41, r4) mount$auto(&(0x7f0000000100)='veth1_macvtap\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='\x00', 0x4, &(0x7f0000000280)="4502a4315b2620ba5d5c39e94a1d82994831cca6b176e45595c8d5328795cdab7c07b7473b2d7dc0519c06e41b3e12978c01c2bfbd1ef86fe00461f3e8c6f810775af22cc5ba98ebeb4eb9cb24a12fc410d153c8a3dc78d846fe54d692a8e02d0cf37edc6359d2788e716bab26bb8dce3a17421bbe26eeb2bfa921c2bc4b8552e6163214d6c29895740be64efe292d0399a4ee171a6e6478992f49446620c71022756ef7c971d77f9849efac5ca795246480e8d15e9c9a6910c0c7546e589902337ae0f8d7e71209b64e07b138374dcb0aac41d215210b") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, 0x0, 0x800, 0x0) r6 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x300, 0x0) ioctl$auto_EVIOCGREP(r6, 0x80084503, 0x0) madvise$auto(0x0, 0x1b6, 0x15) madvise$auto(0x0, 0x3, 0x67) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') 5.788097881s ago: executing program 1 (id=964): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x8b, 0x400, 0x9}]}) unshare$auto(0x40000084) (async) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x5) (async) request_key$auto_KEY_SPEC_REQKEY_AUTH_KEY(&(0x7f0000000340)='\xfb\xbcq\xc5\xce\xf8\xe1\xd1\xd4\xac\b\x0f\xcc\xcc\xe9\x90\xf5\xd6\x86:\xad\xd0\x9b\xc9DmF\xf1 \x82\x9c\xcb\'\xf6\xe3\xd7\xd9n\xcegE\xdfO\x82\xf39\xbe9\xad\x19\xea\xd5\x94 \x05\xef\x90{\xd83\xca\x9d\x17&\xacx\xa5\x883\x91\x84tl\x98B\xc6W_\xb8\x88\xae\'\x18\xccb\xddl\xd8\xc6\xa5\x1a\x0f\n\x96\b\x12Ym\x05\x1e\xbb\\\xd8\xd1\xe04\xa3\xd4/Z\x8f\xa3\xe2P\xe9v 1\xf6\x12\x9bP0a\xf4p\xed\xe2D\xbe\xa59^\xc2', &(0x7f0000000480)='&^@\\([\xad$&$(]/\xf0u\xa5l\xbfH\xa3\x0f*z\x8b\xc2\x87o`\xac\xed\x80\xa2\xa4\xf7\x8e;\x133\xb0\x14n\xc5\xc9k&s\x8b\xb2v\xba\x8fP#|\xfc\xcd\x06\xeex\x9d{\x04(\xf2gW]\'Zn\x05\xacF\tz\xf3%8\x9f7\x95!\xbeD\xcc\x8b\x94\xb8\\y\xbb8\x9b`\x9c/FG\x1eA\xab/\xbf\xber%\x9a\x93Y\xbf\v\x9c\xd8 \xef\xa8\rr<\xd3\x83\xf9\xc6\xee\xcd\xa2CzL\x81\xef\xd1\xfb\x9f\x9ap \x88\xa3a\xea/\xdc\xb3\xc2`?\x1c\x95\x83\xb7\xfe\x12g\xca\xbd\x93q\xab\xcd\xd44\xfd\x8f\xdc>\x16m\xe2\x10\xean4\x9d\xf9\xc2\xee[\xaf\xc0\x98\xa2\xe4\xfa\'\xb0\xcaR\xbd\n\xb5\\\x97hOk~o\t\xa9\xfft\x0e{!\x95\x1ar\xff\x02ZE\xb7\xc8o\xd4,\xb8\xdd$\xfdt(\xf6\xa4^d0^\xd6\xb4\xea\xe6\xc1\xb9\xb4\xc5%\r\xa2\xac\x1azR\xec\xf0R3+\xa5\x8au\xed\x1f\xe3\x06\xa4\x98\n\xc3i^;\xcedj\xcc', &(0x7f00000000c0)='o\xfd\xe6\x1a(H\x01\x8b\xe2 \x00\x00\x00\x00\x00\x00\x00\x00', 0xfffffffffffffff9) r2 = fcntl$auto(0x3, 0x4, 0xa553) (async) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f00000005c0)={{@inferred, 0x1, 0x9, 0x1, "4941aa833e2fc65b6b3cf7cec76d6778ad8eac3cda35ba9c2b2d43eeb0dc59c8dd3500f11581916caa0d3053"}, 0x4, 0x2, 0x1, @raw=0x8, @reserved="8aa03506c1c39daf5bcda939a026f2d0d75d1e206609e509533b9d37340ed90b2d991dc15b7f54e7228aceb21133c8722c84b0b76691828d127d547a58b659c6d9067aa90ca0ed3b40ec58f8c911bb668c73715853880254b2d220bb3b4357a8feace45c65fb1d9a3c09cf3a379dc1a2acaabb4f067f0d60b906e16aedc80e21", "6cc1888a6393f1b4285854c5368de438f8cc142ef6df1259b05ba1183bedbd31b642b4051bc7955610c61c329794e53111217b0000000000000047a99807bcc1"}) (async) mmap$auto(0x0, 0xdf33, 0xe2, 0xeb1, 0x405, 0x8000) (async) r4 = clone$auto(0xfffffffffffffffc, 0x522, &(0x7f0000000080)=0x319, &(0x7f0000000280)=0x5f, 0x4e0) (async) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/sctp/rto_beta_exp_divisor\x00', 0xa0081, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r5, 0x0, 0x0) (async) waitid$auto_P_PGID(0x2, r4, &(0x7f0000000100)={@siginfo_0_0={0x7, 0xffffffb6, 0x9, @_timer={r4, 0x80000000, @sival_int=0x5, 0x7}}}, 0x7, &(0x7f0000000180)={{0x8000000080000001, 0x4}, {0x6, 0xfffffffffffffff7}, 0x80000000, 0x7, 0x2, 0x5, 0x800, 0x81, 0xfffffffffffffffe, 0x2, 0x7, 0xa, 0x3ff, 0xffffffffffffffba, 0x2, 0x1}) (async) mknod$auto(&(0x7f00000048c0)='./file0\x00', 0xc46e, 0x9) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) r6 = timerfd_create$auto_CLOCK_REALTIME(0x0, 0x2) (async) r7 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000400), r2) (async) shmctl$auto_SHM_STAT_ANY(0x2, 0xf, &(0x7f00000007c0)={{0x36, 0x0, 0xffffffffffffffff, 0x1, 0x5, 0xd101, 0x7f}, 0x3, 0x8, 0x1, 0xa3, @raw=0x2, @raw=0x8, 0xe5, 0x0, &(0x7f0000000440)="37db5c492e80463da0a1009e8f0570e1559e65664ec9735c21a3845d70256965592840af509e7ec48b58c71229d5b76ed7", &(0x7f0000000700)="3322f241892a0e1ca01cf1feffe19f2923c831cdf275a2ceeb2779ef8364e80df97a2e9df125e73c10d60ea256aad6d224efb7c87caf236aa36c2debbb314e16230642f85d45e5b61bd556da94d8caee781f0168e533e9e6f0aa69256b40267dcc5499e7dd76946715f259a1e9437d90044240b8330ab0be4a21351eeb196aa44dbd0566731217411acd5a23e2baf7e072a20c813f8540fec51d1969138f053fb6469fb1ebca5623f404a0cb3909726e06613edbfe17"}) (async) ioctl$auto_XFS_IOC_SWAPEXT(r2, 0xc0c0586d, &(0x7f0000000840)={0x7, @raw=0xfffffffffffffffd, @inferred=r3, 0x1, 0x6, '\x00', {0x1, 0x3, 0x81, 0x0, 0xffffffffffffffff, 0x3, 0x7c54, 0x0, {0x5, 0x2}, {0x9, 0x3}, {0x2, 0x72}, 0x4, 0x6, 0x1, 0x5, 0x0, 0x0, 0x8, 0x4, 0x9, 0x7f, '\x00', 0x9, 0x434, 0x2, 0x8}}) sendmsg$auto_OVS_FLOW_CMD_DEL(r6, &(0x7f0000000bc0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000900)={0x260, r7, 0x2, 0x70bd27, 0x25dfdbfe, {}, [@OVS_FLOW_ATTR_UFID_FLAGS={0x8, 0xa, 0x2}, @OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_ACTIONS={0x20d, 0x2, 0x0, 0x1, [@typed={0xf, 0x30, 0x0, 0x0, @str='o\xfd\xe6\x1a(H\x01\x8b\xe2 \x00'}, @nested={0x1bc, 0xe8, 0x0, 0x1, [@nested={0x4, 0x7}, @typed={0x8, 0xfa, 0x0, 0x0, @ipv4=@rand_addr=0x64010101}, @typed={0x8, 0x90, 0x0, 0x0, @uid=r8}, @typed={0x8, 0x151, 0x0, 0x0, @ipv4=@multicast2}, @generic="73b63fdc9413c5c7c0256beeb6789e8eb0303a36a100f7f01a6a587f259b042e6686b40295c4247d5d42e25d382395320b1273a2929c41f1b1f031e33cff48b9bd1370257a9d802d10ee95dae3af674ee843597f623cc146f4620b348624817eaba700c7c96fb971193e501c687839195b99730ddbad087f4d7a74abd0437d3cb7999ce4f187eb8491d479425f76c50cff33390cafe565898a117919d1a41a9a5d64cbdbe1ff1f4b436710b1e56725877cee617dcf2f43ebb4ac47c58e0f82f9", @nested={0x4, 0xeb}, @generic="b095a75917d69e26a3ecee10c1fc29074d591248721aaea9df65a320b864efbc89510b27d964a63c8256b990d873c946044fd63cbcd221c4e06fb05f3182df0abdd50858140d4c665e5538a1f52deb9674bf265ff357a4973c7fdf3553f02882f6121e4525cb7d9e8cc8144252bfac294656c0b979780d66e62da23dc5131ae8471768904a3b057b38b4a625f028ece457ed9886c4a0a3aee282fee69663aac48c9562d44a0c661692e21693bcc3ae8c8de19f7384d9225e792bcd0ba64186d4a5fbec14d350d006e3c974af9ff11a5e5174c4ee9e5d5cd4"]}, @nested={0x4, 0xfe}, @generic="702aa32188f3097c3152c0866d87f8c09b", @nested={0x20, 0x119, 0x0, 0x1, [@typed={0xc, 0x151, 0x0, 0x0, @u64=0xfff}, @typed={0x8, 0x10a, 0x0, 0x0, @uid=r9}, @typed={0x6, 0x6b, 0x0, 0x0, @str='(\x00'}]}, @typed={0x8, 0xb2, 0x0, 0x0, @ipv4=@broadcast}]}, @OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_UFID_FLAGS={0x8, 0xa, 0x80000001}, @OVS_FLOW_ATTR_UFID_FLAGS={0x8, 0xa, 0x7f}, @OVS_FLOW_ATTR_KEY={0x18, 0x1, 0x0, 0x1, [@typed={0x8, 0x46, 0x0, 0x0, @u32=0x8}, @typed={0x4, 0xc2}, @typed={0x8, 0x62, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x260}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) (async) r10 = socket(0x2, 0x3, 0xa) getsockopt$auto(r10, 0xd, 0x29, 0x0, &(0x7f0000000240)=0xdb8) 5.45154566s ago: executing program 1 (id=965): openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace_marker\x00', 0x341, 0x0) mmap$auto(0x401000000000, 0x40000004020009, 0xc, 0x15, 0xffffffffffffffff, 0x7ffe) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x40000000047, 0x0, 0x100, 0x4000000006) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram13/capability\x00', 0x101800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001080)=""/98, 0x62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), r1) getuid() sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004003}, 0x2004c080) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000300)=@bpf_attr_0={0x9a, 0x2, 0x5, 0x8, 0x7eb, r1, 0x5, "e03f43200a26d5ea743998fb7500", 0x0, 0xffffffffffffffff, 0x9, 0x1, 0x4, 0x7, r2, r2}, 0x7ff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) io_uring_setup$auto(0x4e8c, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) r6 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VFIO_IOMMU_MAP_DMA(r6, 0x3b71, 0x0) 5.076820713s ago: executing program 0 (id=966): ioctl$auto(0xffffffffffffffff, 0x4b4e, 0xffffffffffffffff) 4.74125867s ago: executing program 0 (id=967): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x70, r1, 0x300, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x80}, @NL80211_ATTR_FILS_KEK={0x37, 0xf2, "04b4556d2373a1a88c4201ab849e9a4a8f08b725c1c3de2eb8a4f8c89b3cb0faa516cd5c6755e5d7e7082528a96a5204d36a56"}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0xfff}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0xfc}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x1000}, 0x20000054) r2 = setfsuid$auto(0xee00) setresuid$auto(0xffffffffffffffff, r2, 0xffffffffffffffff) mmap$auto(0x0, 0x420009, 0x5, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r3 = gettid() rt_sigtimedwait$auto(&(0x7f00000000c0)={0x7fffffff}, 0x0, 0x0, 0x8) kill$auto(r3, 0x11) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x8000) r4 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$auto_RNDADDENTROPY2(r4, 0x40085203, &(0x7f0000000440)=[0xfff, 0xedc0]) socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x55) 4.490514871s ago: executing program 3 (id=968): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) madvise$auto(0x80, 0x8, 0x5) r1 = io_uring_setup$auto(0x85, 0x0) ioctl$auto(r0, 0x4004af07, r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/net/bond0/bonding/mii_status\x00', 0x80000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/bInterfaceProtocol\x00', 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r1) getpgid(0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r2 = open(&(0x7f0000000080)='./file0\x00', 0x442000, 0x0) getdents64$auto(r2, 0x0, 0x402) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, 0xfffffffffffff000, 0x2) landlock_add_rule$auto(r3, 0x1, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x3) io_uring_setup$auto(0x86, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x101000, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/mptcp/pm_type\x00', 0xe0002, 0x0) sendfile$auto(0x1, r4, 0x0, 0xc01) r5 = socket(0x10, 0x2, 0x0) socket(0x2b, 0x1, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) 4.138810592s ago: executing program 0 (id=969): socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\n'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x2b, 0x1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) msgrcv$auto(0x0, 0x0, 0xff9, 0xfffffffffffffffc, 0xb4) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="4c91f2c388274610e12c861bb2bfd9800e9b394b", 0x14) msgsnd$auto(0x0, &(0x7f0000000000)={0x40, 0x5}, 0x8, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 3.876118062s ago: executing program 1 (id=970): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty57\x00', 0x40000, 0x0) r1 = socket(0xa, 0x3, 0xff) setsockopt$auto(r1, 0xff, 0x6, &(0x7f0000000280)='m\x9e\x8b\x8b\v\x1c%\xc1l7a\xbc\x97\x9de\x95\xce\\j\xaf\xdf\x05\x7f\xb3\xa6\xda\x01YY\xcf\b\x98>\x89\xb2\xb6\x11)\xfd61\xe9\x00\x00\x00\x00\x00\x00\xffn\xeb\x9d+*\xa2!\xa5\xe1\xf2\xd5<\xb1\x06\xa9\xcc\xec+\x1fv\x0f\xee6\x96\xa0N\xab\xc9\xd2_\xa3;\x00', 0xac5) ioctl$auto(r0, 0x4b32, 0x7) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd6\x00', 0x12d981, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x3b72, 0x0) fcntl$auto_F_GETOWN(r1, 0x9, 0x7) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xb) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) getsockopt$auto(r2, 0x84, 0x84, 0x0, 0x0) socket(0x2, 0x80002, 0x73) syz_genetlink_get_family_id$auto_ioam6(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 3.52554236s ago: executing program 3 (id=972): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) ustat$auto(0x801, 0x0) (async) r0 = io_uring_setup$auto(0x6, 0x0) (async) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) (async) close_range$auto(0x2, 0x8000, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x4188aec6, r1) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x11e, 0x1, 0x8000000000000000, 0x0) (async) r3 = fcntl$auto_F_WRLCK(r0, 0x5, 0x1) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r4, 0x8000) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r5 = socket(0xa, 0x3, 0x3b) getsockopt$auto(r5, 0x29, 0x16, 0x0, 0x0) (async) clone$auto(0x1000020003b49, 0x1, 0x0, 0x0, 0x2) (async) r6 = socket(0x15, 0x5, 0x0) setsockopt$auto(r6, 0x114, 0xa, 0x0, 0x4) r7 = socket(0x11, 0x3, 0xfffff958) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8954, 0x0) 3.504414005s ago: executing program 4 (id=973): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000140)={{0xf764, 0x6, 0x40, 0x5, 0xffffff00}, "53970000000000000099a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/pid\x00') mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x3) close_range$auto(0x2, 0x8, 0x0) socketcall$auto(0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) setresgid$auto(0x0, 0xffffffffffffffff, 0xffffffffffffffff) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/smaps_rollup\x00', 0x410401, 0x0) pread64$auto(r3, 0x0, 0xeda5, 0xc86) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x3) r5 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r5, 0x0, 0x0) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$auto(0x3, 0xae41, r4) mount$auto(&(0x7f0000000100)='veth1_macvtap\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='\x00', 0x4, &(0x7f0000000280)="4502a4315b2620ba5d5c39e94a1d82994831cca6b176e45595c8d5328795cdab7c07b7473b2d7dc0519c06e41b3e12978c01c2bfbd1ef86fe00461f3e8c6f810775af22cc5ba98ebeb4eb9cb24a12fc410d153c8a3dc78d846fe54d692a8e02d0cf37edc6359d2788e716bab26bb8dce3a17421bbe26eeb2bfa921c2bc4b8552e6163214d6c29895740be64efe292d0399a4ee171a6e6478992f49446620c71022756ef7c971d77f9849efac5ca795246480e8d15e9c9a6910c0c7546e589902337ae0f8d7e71209b64e07b138374dcb0aac41d215210b") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, 0x0, 0x800, 0x0) r6 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x300, 0x0) ioctl$auto_EVIOCGREP(r6, 0x80084503, 0x0) madvise$auto(0x0, 0x1b6, 0x15) madvise$auto(0x0, 0x3, 0x67) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') 3.042815654s ago: executing program 0 (id=974): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) pipe$auto(0x0) mincore$auto(0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) sethostname$auto(0x0, 0xfffffff8) 2.800619951s ago: executing program 1 (id=975): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) semctl$auto_IPC_INFO(0x2, 0x8, 0x3, 0x3) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x40) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgget$auto(0xc, 0x77d9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8000ffff}, 0x3) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000002c0)='/dev/audio1\x00\x1b[\xdc\\7:\xff\xc0% n%R|\xcc\t.mp\x99\x92\x84w\x91\xc4;|\x06\xb3\x03\xe1[\xd3\xef\xcb\x11\xcbL\x85m\x0f\xca\xd6a\nJ\x02\x01\x00\x00\x00\x85\x97\xea\x9b\x0e\xcfGs\xa7I\xd2\aN|\x82\xc1\xd7!\b\x01M', 0x100000a3d8) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r2) sendmsg$auto_NL802154_CMD_DISASSOCIATE(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="28120000", @ANYRES16=r3, @ANYBLOB="00012bbd7000fcdbdf2529000000fa112b80111559531b46801998f324f70b9e1b32292e21136db6ce60e18242177561c56cbd9d75811592cf4935d67d652f4d697640e5804f0c27ba5f5e6323709591ac1c9f337347689a94bb7bbe5f3c0aaba641dccae8d6b32cc7d9488ddd69203b3639a6256147ba13eba823fa5bbd682df09d0270906c63f7b40e42920efd94338e4fb30df242095bf8b1ab20c16473d9d81a6bc986316c7ce886378fdcb4666f60189fecc79254507210318004008c802dbfffb8dd4a2055ebbdcb512847c547f2406e976ec82674ef18a69e0d655a8d119403496c3248d6762d8664506556b3630b5df170a3bc203a6c8edfe7d98d5d2edaae4537789f50eda0826c3ee56ddf6c85b04bf169f728da3b8eb2f150edc09fef4fbbafa8635a7f764d3dba49951f5953d5c665856bd0951b8ac41f0c54378662cf23a9f5a562050a1777b490a57970cd8508aaf500d10019d0e5334e8ee3007e33283c34266be5316db7ef5a8ba87eb6f08339ebc6272304f1e73dc0f669ccd79e1a67d16d600fc104d120b92a7ffbd7915d21e374d8ddeeda3dc12909d6254c337e7ed83643d534865f4f4c7e735df7b4e959d677a07205c35e0a59eb1d74408d8895feabe4cb95666745294e37ea207a8ea5a6c0bf0936d14f760708f0b8a5c5a95ef11941b325fe04ff53a0bb9eb77fa63ed2ffd897f49b192968e07c9a64f86bc17f0953c548e949f2c7719cbd16bbc5287e4cc26ee7a67f83e5fb4709042211b8ab828e2d8e865c6e803edf824f0e607c800ab05983d1da47fe9640dc4e124288ef249983850a6e25207fc1c04de4bc8da63afc9ec08a77542437b78ec921a14f2a0f99c42410db844f81b7112192a0df0b9408ed2749e219b4c64946f43705160835fbfda06a2034a736364f4d27ab422130ccc432329a63ccd5cab26f1ffaf7b69ef0963c2be4e8686be5a00d23e7ab46b17fd1b29da69b86852598bf3f6efd457f9b9acdc22c8cfbf6ed8e05adf0804a0dee76da93fb9bd4780144dd6383ea9e586bdfcb9b45294e2274ba3ed73125467751d090da64745f6c3fa8664ad4f615c9151cdafbfa53291953830e7b266a170caa0379d65077b1c7297a083610b0e5499eeab5acee71c45493b5d22b9600d052209c93e8146e0283884cb498e4d7a9066f01bed9853e535c87b0800b327cf47e04805d12679dffcec5f838ed34a92e29a73a842d6ae3dad582a8f8c1497c8ab9c28a1412d17b739f3c67b9f39f824265147e3a65032caed3209c1bba9d8b81d9ca168865892d89debc991f71d0a1e78336d6dbaae62a084646973877c9eff8879e0966215f33774b6b64d3355f1bd1b196b03e6a8d01262e04db8942785ac36ca29f8bb500ec8365c3c42c2014c2eeaa1cb07babb3b4c55374d9d53a84675e763559ba085d6e322448c1edbd55095b894c8556f02ab0f2d2ca375c4fa4ab6db63b1ae03906543f478e941097102416fbd74069e11c79c5e8b14af496dcb770a453d5bc0523f67ab40d397a7b89871a1105469a97e7680ebe2240cc5bd7b7d7819e639cd803ed1ed0f6eba9ecccb28648434d6aa7042f0e9c8cdbb4fd15b2f6f0988ee103b150df21df87cb0979f5fe19e65011708051ba53218b751a6f1f8df3bf975014ac02c2eeb06faf5d438db01a5c4f21f68aa9ad4a9e0a7ddbff77dbe322f76152fe0b61c0d510b9dac7f3ff914bc31a42a5afb42e5d8df674156bafda9ebdfa218341c77074f8138e58818fbe6a430aace9a722bab411ebd86235f3bb6e4fe2150e808a9006e3f8cf323a064f0c72849ef1c5d917c555e4d5689bbbdb5aff22fd8bb035186b8977cb4de92a095009dc0cc5014b2cd5934101175b320472b1d4657cf0f1c62c8ead78817a10dc841e70012f7218ee6e4c10aca1d0fe6be29621fe0b47d44d66888aa051ed81ec9e785e972c2d0772530566cf56e4bf314bbd23ba1eb5f638169412c5aefbfc95db4e3bcf7476a473d6b1b3610a4a471fb57a3825de83d5429fd6245af21825fcf57d71d652005f4a9f307ae2da380bb49aba62889489787242d7f7b1852da1821ea625cb35d8e0e469cdd2025651acc11b5fd6ebbd194ef095178095f657d1c458d822fd4e3115e80c90b2b11ad95a5ad5f2a893d97285df53d382bc7a49b9299249f9c94017c6d1273e5bc1bf2ac2a5587393e4d16811457c988b44f03a4d528b9969affeb2df3af4f4cbf0261056cca9dcbfdcf849660ef102b355c405054eb4ee5d871a424366a001c832dfdff045353e27ce6f619760b05c0a66b5fd5a4bf038864caffe1a9e85c3d82e4cbfa3bc067eb264eb6b749607649c77f46ce09671b59e3f34e39ea7820a2aee7c1fa04f6b97535ec6ee2ab2ac502d3de9245c4c665011208eec42f8826b31fb11c99ac460915675c371d15536481d479560804f01056167b8a226044ef6d50c637c1d3911ffa9d71b15f9bf6b34d74bf7556b93112ccf573d776d707c0b31f0b4844b905ca9edcf001020c557bceef63ecaf4b7aaf6e9323d86bc24e9d0ae8134552ddb21f39cf8d4a1d79ce1e01922b5bebb0d6873b5399385976ed2720ca0b0a014eb0f85baedf1c622543207832471b6cfc10fb388a8841b031a20ddda168bb7c0749d97046b08a4d24a4998d1fb6de52efdb7badd189349795cb69531730171d8b54b133612fce5178528fc8f251876c8f3c6e38a78663697492a4865b4d226715248451a1b3026a9ca363082ab688cfb246edc9882d0dedd99ffbcfcce0de7903ee3884e1d67633aa8800c0c83e892b6393dbe2982a2cbe4255a9d18732b5491cb0c25bf801dafdb3c9860bb83086011f8874ccf1e4dc088cf711e96e1963e75200d4a52aeda13ba0d47a0652408da80400dcd7f40d05f5bbff6d29ec82e4a7f8f720c7f7ebcb5f9fffbe18133afd5d84b8247bfd2d0b5864169b3e37074627fd76c3e5f7353e2762c85530803f881656dc43283081e07ae2fe4e5b99dfecc10a4b3b846621b09fa56eea399545f45e152be97604483cf75fa89a45a90252f8a87704b9eae81a58ef5f541d922ad4fc3644eb4c334c5dc1f0b7af3ecb5366e4372cf85c083c1cc45894bde9e2abad8752541a5cd345d748c4accff62628b59d2316395aa08e4683f8ef60922b2cc6733807769d5fd1c8101bf6c593b58438b4fbdb7ef2314ed1661eb89f7140ce00beb0381ab65f363bb575d46c34f38a3a8af7d90dbab950d787334209f5c7f06f28bdc701f6ae19a1d0b3c78799c77eea39fe0d2634243b2a1b5910713193329af998094d4733720e2ba47f6d0ede5afcd0eea4a2c1edbe7ca75f17540ffdac5dff591043c959cebc152f337b743bd874311c117b20284193fcc06ecd3dbf767f284ba9b9dea84e9d72ee4269d24cdaa8c2103465a8f35e65b6b57daa2c70f4ee13cf3fb258532341814606701e18ac3c23ad3e909a1b4fbe8305113fd185e6b052f5325582e449ec4e7656626f42ae17b4c12bc4511d6d930bed5e29dfad047ba568aec40ae3e515dc4f623287c2423a41d7e94ad7cd2e333072abbfb7e54cf0c7f16a14267894a855f8b34eface733515e33499bc795190d868d8ec96eb8c59fcd1d59295d7c74eb1272f11c6d696796306e65bf3cd244d5c58b4985fd8409a4dcdc9ffbe6e50e96c6102e1f874488bb7aa6a6535491e6fc1e52a8b154f545c1c595371a4a6c9c6f9ae6100b2295193b0002db57ea70afa5ce99949ddc4c9808841f8f96f3d3e474fec3d88b9b0a42e681f6c61a1ba63ae2d729c5a7d1d4a283d7a34a062c60eb6c9cd50abe123b71ceb8a9325a99d914aa459ab47005da0b2830ff066d12c0bbaa181536cc9a162a7caae30b6cbb494e991bd608ff7b546fc3ce0aaa1d8a95a54f2a477a3c2e20ffd242c6d68bef30e3e052b937fd4b2a73e7086b3357e241ae023f811da8b1b5c3137e4f9c61c52956900eab6ad31967bfa8779fd916d02509a657528cf02bfa1198d030b3033142e4b479087c13ce3ad19a17a7d83abd5954469431e585de4110596294cbc310d3fb6f825008422c685073befb520b47b74c3d5a6515f8eaf89ef43f5670e2af57e40fa4ba856d8a2887a51871214638858dbae146133014caf037e85683d2d9a574990505d7f1bfc5b9dc6715cb3a523c89f42acdfab38c80a1b16e22cf68e1142b605e11160a98d81b675fbde5c8f6849a669e7d52f72d8d1d1cea47b108f22bff88b104e812c40208af364581f6f0a4217c7d41732dcd26e091c615643a5271f011a605ea424c7c013cc63dec5cbd2349f741babb19870eecaebaf275d50bdd29de53537e36061cbaf366a4a7caa663ed3ef574d15efdfbe20bbb33e5ebedaa55c77c39f087c073b56822bd716241839fa9aa9d31f838f2dfee19ab54540ca08d5b70502d64d9ad4d907003d6334c5b595bfbb640b42a5fb9aea7089719a161c5d2cbe82f84b0af976b12987fce5f2443f68295d7f3d6f1bfb8137d315e187c5a53462bcc10b51e6fcc13885269b7e73c3baa34255f36478034820e691fcc3838a747d37f4fa9d2426746a53c1ad47e83c5466f1d389fb2141b693a14d039a6296800321a2e43c595a13c79dea4dcd6a0fe4c898f831d07e88aa5fd609d9d2a87f8a642e9440170a9b834101b919a3dde8ce7b1c3fd7ebe4abae5f8978535d1ce8e91f52ac1f392371caec0608795c78841f38a20194d309865d672106314f5fc0814fe744db26dbeb11665516f8193f9800ff7761ea7c045f72ef94860922563f262e19a7c22acd9e75a4c023796baa3cddc8ef8de199cc0ccdf0c659b5ca3eb670665895a1be908304d801f683eaa071c2557d95a7fc247689bc69cb01043d8bcfffea9a62da88cd65fecb7eeb86cc2ef852bb0aa51c678d161de4b623db257be8cb27751c786ba3f30d519b1d71876930d5dcb694747c681bdb787ec71b98e2780ccdca86127572c8d8b804d55c7610baf13622ff934fc7ef8bf4bb74a5170a603237b4f49d6e3509f7138b2d9261fb2c6a0f676c5a22117da0478fda5c69e3d9efdbb5cd59925aa78cbc18e09cf386c0ce3ec584e11af216460c952b395503946db9de41b56e0cfaa5868000735717a4a872b417393fe84c67b9fa4e071a4a085f939c39aa9fc0b341b550683db1da4ad1efb228a0f5b94dacf210e15c099f6205bc4fefbd48f277087d70bff4ae1e1dcd8c48755fef5c364326c0c139472835615de99cd342a6a260d28de34b0ec825930f7e1990c97a581b441c48f45c8333fb2908a589f56e8d5371298bd960d5374cc67a1b181346147c8efbb129ceb427b3ce27c18dfb2d9df6ba9beea99c9b01aa8377b24184d68000f064a29029f868c1ada2983b196ca0b665e099004eb12ce668545f09f48080968bd171e4d7c298ce5acbc365b0ee9b58fe48d9bfa353338399e2712301de4b3ec9a4204a52853939cc3d65fbaeb04e086cc0bf5052b8f2e17bd34cc2db21d4b3394e10c3ae2befe8c5149f6b781e564e204cca08ad7516aae9ad8dfefb5c22b09543a56b7d69d018d814074112f9439669981eaeb00fc53f6df502576f414af0b29b6a2ed9f0c14827acd338659132c59636e6dbb0398a24f64f4ad198e72f4f1f284ebd77f3212a5c13891a927196b35f53ad26e3ba9fe13b8fe26838bb9b282e267312e661ab8109a5497613e60484ea0b6ed962ae871af0f66feee5c26f63f5761aca2068ca0a0d4e82675dec53a61ee51ad66b4f74419cd527a4a3751093b3b78ba671d62a5dcc351ae38e60f89c71f440390060a510cb1896497836515421a65daf1c1963ee74d01560b641a62ababe5fa4ff699fa97c03e25a991cf5480f705bdcf2c4b41f4b8b3aa91cfd33526370ddfb20080fb9d890da5cc51a78fdcadc55baa5a10bd769287302e0065e390691e8c0a4d26d748691e2590670f63e4be0281f22172769d7d0b929809f3987686c95a835e44ad9a7bb490cd2f561f6174b874f096203d4f6d60173728e906cfc1149201971829330186378c7db640dcbdcd45d1b91d8adaeb7c857c81807d16b54e7344c2d89e0f2579ee659668ca6e5bc8942146176bcbe0064797fbf3cb78f499263ce8cfc0e05364727e1434ae0f9901e96bfdc14ab9e634f32ccc6cb351042b33cd0408a42118a5cdc71799e9a4030400a18000001d002a00a474652a69f6d5e799d583b4d5c043efbc739c35b3898709a80000004100fd00555b5bdc8c65a859bf69b3b60636746949c090de934a5c9da4b74d12b4517ed26ec4b55de1c39a1ec9d91094489630efb407ad81508a34d24a3845b555000000415dd0ffe3726c12b39338232d15434c4200cfd7274d4fccfa54f25b0918cc699e99a6aa7376976721b71dda5da7b946ce0c136a2b10f37a90318ca61351d75a19dc59ff4878c2c12eddc88398bae866d0c08d20d60af0e4bdfce071a56efa748118e40d9997806aa4496b6f2514fbd503b70db77ee57eef000008000e000400000008000c00a70000000800210081000000"], 0x1228}, 0x1, 0x0, 0x0, 0x4}, 0x20008000) select$auto(0x6, 0x0, 0x0, &(0x7f0000000440)={[0x40000000001ff, 0x9, 0xd, 0x8000000000005, 0x948b, 0x3, 0x15f4da07, 0x3, 0x7, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x7, 0x2, 0x8]}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty28\x00', 0x200102, 0x0) sendmsg$auto_NL802154_CMD_DEL_SEC_DEVKEY(r2, 0x0, 0x4000010) ioctl$auto_RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f00000001c0)={0x1, 0x7, 0x17, 0x8, 0x1, 0x63, 0x10, 0x3, 0x3}) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x4401d, 0x0) select$auto(0x9, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) flock$auto(0xffffffffffffffff, 0x3) 2.686377386s ago: executing program 0 (id=976): openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$auto(0x0, 0x0, 0x6f3) unshare$auto(0x40000080) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8080, 0x0) read$auto(r0, 0x0, 0x8) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x1}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x60}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x840}, 0x20000800) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1, 0x3, 0x500, 0x1, 0x9, 0x800, 0x10000, 0xc, 0x8000000000000000, 0x4000005, 0x400000000000008, 0x7, 0x6d3f, 0x1, 0x5, 0x6]}, 0x0) clone$auto(0x7, 0x1, 0x0, 0x0, 0x100000000) pwrite64$auto(0xc8, &(0x7f0000000100)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x06\x11\x00\x00\x00\x00\x00\x02\x83\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\a\x00\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\x1c\x1e\xd5H\a\x06\xec`\xbf\x12\xab\xe8\xd1\x92{\x86p\x98\xbb\xad\x0f\xc2Yr(\x87\x86\xdb>\x8az\x95:\xc7\xd8\xa0lhGr\x18j\xca\xf5\xe3\xea\xe2/\x0f\xb82\x0e\x8d\f\x7f\xc2\xa4\xa4h\xfc\xa9\x8a\xaa\x84\xad\x01\xe5\xfb=8\xd0lMBR\xda\x8d\xe9\x055\xb3e&6B\xac\xcdC\x96\x01T9\xa17\xcc\xf2\xc0\xf1Z\xd8@\xe9\x9c\x16C\xf4m\x16x\xaf\x82\x10\xb7\xb9\x03\xde\x11\x15j\xbf\x03n\xf9\xd26\a\xb6\x1e\xbd\xbb\"\xcay\xc2\xd7P\xd5\xd6\xf3&Cd\xcc\x97\x98\xe8\xd57M\x9c\xc4\xc5\xe5\n\xcf\xc7\xd1k\x87\a\x19\x80Q\xdc\xe3\n]y\xf3\x80<\xc2\xba_', 0xfdf2, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r3, 0x5412, 0x0) 2.455590407s ago: executing program 3 (id=977): ioctl$auto(0xffffffffffffffff, 0x4b4e, 0xffffffffffffffff) 2.204988188s ago: executing program 4 (id=978): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) sendfile$auto(r0, r0, 0x0, 0x4265) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x3c, 0x9, 0x4, 0x5, 0x9) fanotify_init$auto(0x5, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x30be43, 0x0) mmap$auto(0x7f, 0x2020007, 0x3, 0x10, r1, 0x8002) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x4000000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0xe8) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/fail-nth\x00', 0x1672c1, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129a00, 0x0) socket(0x28, 0x5, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) unshare$auto(0x40000080) madvise$auto(0x0, 0x20499d, 0x9) socket(0x2a, 0x4, 0x1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) sendmmsg$auto(r4, 0x0, 0x3, 0x6) write$auto(r4, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) unshare$auto(0xa4) 1.94990221s ago: executing program 3 (id=979): r0 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0x4) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) ioctl$auto_USB_RAW_IOCTL_INIT(r1, 0x41015500, &(0x7f0000000140)={"a7a018b09bb196a05739a38a73473b93f5452886bc599ef976c54a71a5ce72a9af15390e93a8760df83859e16320e8d0b1161f13d12afae66b1d900a49586aa98d3504ca431aabab1964249251e57fa70517cc19b0e3974dc2a89e90c932b8859c767780d65e849700", "e600d778e82f8b8db7e27a036e39a8ac08de7e036d650e2184857e6b64f6a2c7fb08c6f5ce3828fb4e9498c076bef49c99c9cd91332e12b53664dc20fa879020fbd184c0d300c13be6047a70685ce029fb2385ae6e132c1c6adbcfbd873a3b925d397a08e8733e19ef5ec4f40b0b473c72efd18b8a9e9f3d12c5e44468922beb", 0x3}) kill$auto_SIGCONT(r0, 0x12) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x1000000) socketpair$auto(0x1, 0x2, 0x7, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1a, &(0x7f0000000000), 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r2 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r2, &(0x7f0000000180)={@sival_ptr=0x0, @raw=0x1, 0x1, @_sigev_thread={0x0, 0x0}}) r3 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_msr_fops_msr(0xffffffffffffff9c, 0x0, 0x121980, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYRES32, @ANYBLOB="060006000500000008002e"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1.76611914s ago: executing program 1 (id=980): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000040), 0x98403, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='.\x00', @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x12000001, &(0x7f0000000080)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000000c0), 0x8, 0xa507}, 0x800}, 0x7, 0x4008) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) iopl$auto(0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0xa, 0x801, 0x84) connect$auto(0x3, 0x0, 0x54) timer_create$auto(0x7, 0x0, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) r3 = socket(0xa, 0x5, 0x84) r4 = getsockopt$auto(r3, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x9b) setsockopt$auto(r2, 0x10000000084, 0x9, 0x0, 0x9c) ioctl$auto_FS_IOC_ENABLE_VERITY3(r4, 0x40806685, &(0x7f0000000280)={0x6, 0x9, 0x6, 0xd2, 0x3, 0x2, 0x0, 0x8}) clone$auto(0x6, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x5) ioctl$auto_RNDADDTOENTCNT2(r0, 0x40045201, 0x0) 783.084156ms ago: executing program 1 (id=981): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek$auto(r0, 0x0, 0x2) readv$auto(r0, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="b3008ef718e02400870163a5123e771ec3c8937efc856c8da2a5493fc2debe9bd8d69ceb58a1828174a558ef7c287ebf69bbb89b348dd85b8e51aff2046d37f2308ee3a363a7d84d28947bf5c60566e9feb461028a82a6c0626d3787ffefc6855eb7ae541cd835652724f91fadddd586287d515a3736656452952ceaddb832b4d25d9e5c5aced1072c9bc7a119f5f32c2d22e2", @ANYRES16=0x0, @ANYBLOB="00022abd00000000df250200000008000300000000000800010047c7e2"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000040) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x3, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x4, 0x0) getsockopt$auto(r2, 0x84, 0xd, 0x0, 0x0) r3 = openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_on\x00', 0x80002, 0x0) ioctl$auto(r1, 0x228a, r3) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x7ff, 0xe2, 0xeb1, 0x405, 0x8000) r4 = socket(0x9, 0x1, 0x2fc) setsockopt$auto(r4, 0x107, 0x12, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000036, 0x0) fcntl$auto_F_GET_RW_HINT(r4, 0x40b, 0x2) 581.987337ms ago: executing program 0 (id=982): ioprio_set$auto(0x2, 0x800000000, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) r0 = getsid$auto(0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000) r1 = socket(0x15, 0x5, 0x0) setsockopt$auto(0x3, 0x114, 0x3f, 0x0, 0x4) fcntl$auto(0x3, 0x1, r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socket(0xa, 0x80803, 0x6) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r3 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000140), r2) sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(r2, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000228bd7000ffdbdf250700000014000200776c616e300000000000000000000000140004007465616d5f736c6176655f30005ee834d3"], 0x74}}, 0x7e83e2eb1e6628a5) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x1b) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) read$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000003dc0)=""/167, 0xa7) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x183681, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r1) 0s ago: executing program 3 (id=983): socket(0x2, 0x2, 0x1) bpf$auto(0x0, 0x0, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4000800) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) kernel console output (not intermixed with test programs): c9 [ 106.186854][ T6189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 106.186869][ T6189] RBP: 00007f002ae13f91 R08: 0000000000000000 R09: 0000000000000000 [ 106.186885][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.186900][ T6189] R13: 00007f002afe6128 R14: 00007f002afe6090 R15: 00007fffa0cd6908 [ 106.186938][ T6189] [ 106.565084][ T6196] netlink: 'syz.1.60': attribute type 1 has an invalid length. [ 106.627780][ T6195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.61'. [ 107.256162][ T6206] queue_state_write: operation too long [ 107.262745][ T6206] queue_state_write: use 'run', 'start' or 'kick' [ 107.293872][ T6206] hub 1-0:1.0: USB hub found [ 107.304113][ T6206] hub 1-0:1.0: 1 port detected [ 107.339777][ T6206] hub 1-0:1.0: USB hub found [ 107.345211][ T6206] hub 1-0:1.0: 1 port detected [ 107.582726][ T6204] netlink: 28 bytes leftover after parsing attributes in process `syz.0.63'. [ 107.606063][ T6212] hub 8-0:1.0: USB hub found [ 107.606426][ T6212] hub 8-0:1.0: 1 port detected [ 107.786105][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.62'. [ 107.829793][ T6215] netlink: 28 bytes leftover after parsing attributes in process `syz.2.66'. [ 107.866961][ T6215] veth1_macvtap: left promiscuous mode [ 107.967997][ T6220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.67'. [ 108.497952][ T6226] zswap: compressor not available [ 108.994191][ T6241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'. [ 109.198121][ T6248] nfs: Bad value for 'source' [ 109.301471][ T6248] FAULT_INJECTION: forcing a failure. [ 109.301471][ T6248] name failslab, interval 1, probability 0, space 0, times 0 [ 109.377901][ T6248] CPU: 0 UID: 0 PID: 6248 Comm: syz.3.73 Not tainted syzkaller #0 PREEMPT(full) [ 109.377923][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 109.377931][ T6248] Call Trace: [ 109.377936][ T6248] [ 109.377943][ T6248] dump_stack_lvl+0x16c/0x1f0 [ 109.377965][ T6248] should_fail_ex+0x512/0x640 [ 109.377986][ T6248] ? __kmalloc_cache_noprof+0x5f/0x780 [ 109.378016][ T6248] should_failslab+0xc2/0x120 [ 109.378035][ T6248] __kmalloc_cache_noprof+0x72/0x780 [ 109.378049][ T6248] ? net_generic+0xf4/0x2a0 [ 109.378070][ T6248] ? fib_net_init+0x1a4/0x3f0 [ 109.378091][ T6248] ? fib_net_init+0x1a4/0x3f0 [ 109.378106][ T6248] fib_net_init+0x1a4/0x3f0 [ 109.378122][ T6248] ? __pfx___register_sysctl_table+0x10/0x10 [ 109.378142][ T6248] ? __pfx_fib_net_init+0x10/0x10 [ 109.378157][ T6248] ? lockdep_init_map_type+0x5c/0x280 [ 109.378176][ T6248] ? do_init_timer+0xc9/0x110 [ 109.378192][ T6248] ? devinet_init_net+0x5c2/0x910 [ 109.378211][ T6248] ? __pfx_fib_net_init+0x10/0x10 [ 109.378225][ T6248] ops_init+0x1e2/0x5f0 [ 109.378241][ T6248] setup_net+0x100/0x390 [ 109.378256][ T6248] ? __pfx_setup_net+0x10/0x10 [ 109.378270][ T6248] ? debug_mutex_init+0x37/0x70 [ 109.378286][ T6248] copy_net_ns+0x2f8/0x690 [ 109.378303][ T6248] create_new_namespaces+0x3ea/0xa90 [ 109.378322][ T6248] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 109.378342][ T6248] ksys_unshare+0x45b/0xa40 [ 109.378360][ T6248] ? __pfx_ksys_unshare+0x10/0x10 [ 109.378377][ T6248] ? xfd_validate_state+0x61/0x180 [ 109.378401][ T6248] __x64_sys_unshare+0x31/0x40 [ 109.378419][ T6248] do_syscall_64+0xcd/0xfa0 [ 109.378437][ T6248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.378451][ T6248] RIP: 0033:0x7f090f18f7c9 [ 109.378462][ T6248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.378475][ T6248] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 109.378488][ T6248] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 109.378497][ T6248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 109.378505][ T6248] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 109.378513][ T6248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.378520][ T6248] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 109.378539][ T6248] [ 109.622487][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.057087][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'. [ 110.299715][ T6262] netlink: 28 bytes leftover after parsing attributes in process `syz.1.76'. [ 110.776944][ T6278] netlink: 28 bytes leftover after parsing attributes in process `syz.1.79'. [ 110.812484][ T6264] overlayfs: missing 'lowerdir' [ 110.856732][ T6278] veth1_macvtap: left promiscuous mode [ 111.212090][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.80'. [ 111.416302][ T6274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.78'. [ 111.591243][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.88'. [ 111.911188][ T6299] zswap: compressor not available [ 113.591731][ T6342] hub 8-0:1.0: USB hub found [ 113.603356][ T6342] hub 8-0:1.0: 1 port detected [ 113.650288][ T6344] queue_state_write: operation too long [ 113.655961][ T6344] queue_state_write: use 'run', 'start' or 'kick' [ 113.675241][ T6344] hub 1-0:1.0: USB hub found [ 113.681652][ T6344] hub 1-0:1.0: 1 port detected [ 113.704319][ T6344] hub 1-0:1.0: USB hub found [ 113.712143][ T6344] hub 1-0:1.0: 1 port detected [ 114.270800][ T6359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.98'. [ 114.779961][ T6364] netlink: 8 bytes leftover after parsing attributes in process `syz.1.99'. [ 116.346317][ T30] audit: type=1800 audit(1764556078.389:2): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.108" name="lu_gp_id" dev="configfs" ino=10993 res=0 errno=0 [ 117.083138][ T6422] FAULT_INJECTION: forcing a failure. [ 117.083138][ T6422] name failslab, interval 1, probability 0, space 0, times 0 [ 117.124895][ T6422] CPU: 1 UID: 0 PID: 6422 Comm: syz.3.110 Not tainted syzkaller #0 PREEMPT(full) [ 117.124933][ T6422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 117.124949][ T6422] Call Trace: [ 117.124957][ T6422] [ 117.124967][ T6422] dump_stack_lvl+0x16c/0x1f0 [ 117.125005][ T6422] should_fail_ex+0x512/0x640 [ 117.125044][ T6422] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 117.125078][ T6422] should_failslab+0xc2/0x120 [ 117.125114][ T6422] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 117.125142][ T6422] ? d_lookup+0xe7/0x190 [ 117.125179][ T6422] ? alloc_inode+0x64/0x240 [ 117.125220][ T6422] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 117.125258][ T6422] ? alloc_inode+0x64/0x240 [ 117.125291][ T6422] alloc_inode+0x64/0x240 [ 117.125326][ T6422] new_inode+0x22/0x1c0 [ 117.125364][ T6422] __debugfs_create_file+0x11c/0x6b0 [ 117.125397][ T6422] debugfs_create_file_full+0x41/0x60 [ 117.125429][ T6422] ref_tracker_dir_debugfs+0x19d/0x290 [ 117.125456][ T6422] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 117.125519][ T6422] ? lockdep_init_map_type+0x5c/0x280 [ 117.125563][ T6422] preinit_net.part.0+0x24e/0x8a0 [ 117.125596][ T6422] copy_net_ns+0x3ba/0x690 [ 117.125631][ T6422] create_new_namespaces+0x3ea/0xa90 [ 117.125671][ T6422] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 117.125704][ T6422] ksys_unshare+0x45b/0xa40 [ 117.125741][ T6422] ? __pfx_ksys_unshare+0x10/0x10 [ 117.125775][ T6422] ? xfd_validate_state+0x61/0x180 [ 117.125821][ T6422] __x64_sys_unshare+0x31/0x40 [ 117.125854][ T6422] do_syscall_64+0xcd/0xfa0 [ 117.125889][ T6422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.125916][ T6422] RIP: 0033:0x7f090f18f7c9 [ 117.125937][ T6422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.125961][ T6422] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 117.125986][ T6422] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 117.126003][ T6422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 117.126018][ T6422] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 117.126032][ T6422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.126047][ T6422] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 117.126085][ T6422] [ 117.356798][ C1] vkms_vblank_simulate: vblank timer overrun [ 117.412662][ T6422] debugfs: out of free dentries, can not create file 'net_refcnt@ffff8880348e4aa8' [ 118.081105][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.113'. [ 119.367809][ T6502] mkiss: ax0: crc mode is auto. [ 120.161423][ T6521] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 120.354480][ T5149] Bluetooth: hci0: ISO packet too small [ 120.363166][ T6527] random: crng reseeded on system resumption [ 121.697892][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.3.135'. [ 122.893198][ T6583] nvme_fcloop: unknown parameter or missing value '0' [ 123.904576][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.145'. [ 124.880774][ T6625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.149'. [ 126.122604][ T6654] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 130.513073][ T6753] netlink: 4 bytes leftover after parsing attributes in process `syz.0.166'. [ 130.782012][ T5149] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 131.769336][ T895] smpboot: CPU 1 is now offline [ 132.760114][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.766702][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.375970][ T6825] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 134.414673][ T6825] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 134.599615][ T6825] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 134.792137][ T6825] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 134.854572][ T6825] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 134.964763][ T6825] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 135.000712][ T6825] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 135.027047][ T6825] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 135.100443][ T6825] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 135.134012][ T6825] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 135.165930][ T6825] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 135.217990][ T6825] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 136.435831][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 136.836709][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 137.078071][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 137.155889][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 138.415804][ T30] audit: type=1800 audit(1764556100.459:3): pid=6880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.196" name="dummy_udc" dev="gadgetfs" ino=6788 res=0 errno=0 [ 138.517355][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.571980][ T6888] mmap: syz.1.197 (6888) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 138.916827][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 139.099706][ T6897] Console: switching to colour VGA+ 80x25 [ 139.156977][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 139.235900][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 139.777806][ T6908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.952095][ T6908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 140.378123][ T6917] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 140.596659][ T5149] Bluetooth: hci0: command 0x0c1a tx timeout [ 140.996179][ T5149] Bluetooth: hci1: command 0x0c1a tx timeout [ 141.236061][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 141.316058][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 143.442139][ T6967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.213'. [ 144.071046][ T6980] svc: failed to register nfsdv3 RPC service (errno 111). [ 144.187803][ T6980] svc: failed to register nfsaclv3 RPC service (errno 111). [ 145.817010][ T7002] netlink: 8 bytes leftover after parsing attributes in process `syz.0.223'. [ 146.826300][ T6547] syz.0.128 (6547) used greatest stack depth: 19304 bytes left [ 147.480580][ T7020] bdi 43:192: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 147.546940][ T7020] FAULT_INJECTION: forcing a failure. [ 147.546940][ T7020] name failslab, interval 1, probability 0, space 0, times 0 [ 147.619904][ T7020] CPU: 0 UID: 0 PID: 7020 Comm: syz.0.227 Not tainted syzkaller #0 PREEMPT(full) [ 147.619924][ T7020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 147.619932][ T7020] Call Trace: [ 147.619937][ T7020] [ 147.619942][ T7020] dump_stack_lvl+0x16c/0x1f0 [ 147.619963][ T7020] should_fail_ex+0x512/0x640 [ 147.619983][ T7020] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 147.620000][ T7020] should_failslab+0xc2/0x120 [ 147.620019][ T7020] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 147.620033][ T7020] ? __d_alloc+0x32/0xae0 [ 147.620052][ T7020] ? __d_alloc+0x32/0xae0 [ 147.620066][ T7020] __d_alloc+0x32/0xae0 [ 147.620083][ T7020] d_alloc_pseudo+0x1c/0xc0 [ 147.620103][ T7020] alloc_file_pseudo+0xcf/0x230 [ 147.620124][ T7020] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 147.620143][ T7020] ? alloc_fd+0x471/0x7d0 [ 147.620165][ T7020] sock_alloc_file+0x50/0x210 [ 147.620182][ T7020] __sys_socket+0x1c0/0x260 [ 147.620199][ T7020] ? __fget_files+0x20e/0x3c0 [ 147.620212][ T7020] ? __pfx___sys_socket+0x10/0x10 [ 147.620229][ T7020] ? xfd_validate_state+0x61/0x180 [ 147.620253][ T7020] __x64_sys_socket+0x72/0xb0 [ 147.620270][ T7020] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.620286][ T7020] do_syscall_64+0xcd/0xfa0 [ 147.620304][ T7020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.620317][ T7020] RIP: 0033:0x7f96a918f7c9 [ 147.620341][ T7020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.620353][ T7020] RSP: 002b:00007f96aa09f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 147.620366][ T7020] RAX: ffffffffffffffda RBX: 00007f96a93e5fa0 RCX: 00007f96a918f7c9 [ 147.620375][ T7020] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 147.620383][ T7020] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 147.620391][ T7020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.620399][ T7020] R13: 00007f96a93e6038 R14: 00007f96a93e5fa0 R15: 00007ffdefef76b8 [ 147.620417][ T7020] [ 148.177813][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.228'. [ 149.450830][ T7064] netlink: 8 bytes leftover after parsing attributes in process `syz.3.235'. [ 149.780109][ T30] audit: type=1800 audit(1764556111.829:4): pid=7074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=050820 name="lu_gp_id" dev="configfs" ino=14277 res=0 errno=0 [ 151.003955][ T7097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.241'. [ 152.364230][ T7138] block nbd14: the capability attribute has been deprecated. [ 153.111703][ T7151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.250'. [ 153.737241][ T7161] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'. [ 153.767946][ T7167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.255'. [ 155.114598][ T7183] netlink: 330 bytes leftover after parsing attributes in process `syz.1.257'. [ 155.667231][ T7203] netlink: 28 bytes leftover after parsing attributes in process `syz.2.263'. [ 155.717794][ T7205] svc: failed to register nfsdv3 RPC service (errno 111). [ 155.746464][ T7205] svc: failed to register nfsaclv3 RPC service (errno 111). [ 156.875348][ T7226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.268'. [ 158.658211][ T7262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.277'. [ 159.296693][ T7279] FAULT_INJECTION: forcing a failure. [ 159.296693][ T7279] name failslab, interval 1, probability 0, space 0, times 0 [ 159.337409][ T7279] CPU: 0 UID: 0 PID: 7279 Comm: syz.2.282 Not tainted syzkaller #0 PREEMPT(full) [ 159.337430][ T7279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 159.337438][ T7279] Call Trace: [ 159.337443][ T7279] [ 159.337449][ T7279] dump_stack_lvl+0x16c/0x1f0 [ 159.337471][ T7279] should_fail_ex+0x512/0x640 [ 159.337490][ T7279] ? __kmalloc_cache_noprof+0x5f/0x780 [ 159.337509][ T7279] should_failslab+0xc2/0x120 [ 159.337528][ T7279] __kmalloc_cache_noprof+0x72/0x780 [ 159.337541][ T7279] ? __do_sys_fanotify_init+0x4c3/0xc80 [ 159.337561][ T7279] ? get_mem_cgroup_from_mm+0x12a/0x600 [ 159.337576][ T7279] ? __do_sys_fanotify_init+0x4c3/0xc80 [ 159.337595][ T7279] __do_sys_fanotify_init+0x4c3/0xc80 [ 159.337617][ T7279] do_syscall_64+0xcd/0xfa0 [ 159.337635][ T7279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.337649][ T7279] RIP: 0033:0x7fe571d8f7c9 [ 159.337660][ T7279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.337673][ T7279] RSP: 002b:00007fe572ce4038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 159.337686][ T7279] RAX: ffffffffffffffda RBX: 00007fe571fe5fa0 RCX: 00007fe571d8f7c9 [ 159.337695][ T7279] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000004000 [ 159.337703][ T7279] RBP: 00007fe571e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 159.337711][ T7279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 159.337718][ T7279] R13: 00007fe571fe6038 R14: 00007fe571fe5fa0 R15: 00007ffdfaec5e88 [ 159.337736][ T7279] [ 160.746440][ T7306] zswap: compressor not available [ 160.751980][ T7310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.287'. [ 160.800493][ T7316] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 160.840900][ T7318] netlink: 25 bytes leftover after parsing attributes in process `syz.2.287'. [ 160.990061][ T7322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.290'. [ 162.547805][ T7354] hub 1-0:1.0: USB hub found [ 162.621777][ T7354] hub 1-0:1.0: 1 port detected [ 163.562645][ T7376] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 164.216601][ T7391] netlink: 28 bytes leftover after parsing attributes in process `syz.0.307'. [ 164.318883][ T7391] veth1_macvtap: left promiscuous mode [ 165.325045][ T7411] netlink: 32 bytes leftover after parsing attributes in process `syz.3.311'. [ 165.543957][ T7426] zswap: compressor >ablsZE<,ę Ö*^XY8Ejdok not available [ 167.570021][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'. [ 169.100140][ T7483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.331'. [ 169.272390][ T7481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.329'. [ 169.344916][ T7486] netlink: 25 bytes leftover after parsing attributes in process `syz.1.329'. [ 170.870547][ T7504] netlink: 330 bytes leftover after parsing attributes in process `syz.1.337'. [ 171.304677][ T7514] FAULT_INJECTION: forcing a failure. [ 171.304677][ T7514] name failslab, interval 1, probability 0, space 0, times 0 [ 171.440718][ T7514] CPU: 0 UID: 0 PID: 7514 Comm: syz.0.338 Not tainted syzkaller #0 PREEMPT(full) [ 171.440739][ T7514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 171.440747][ T7514] Call Trace: [ 171.440752][ T7514] [ 171.440757][ T7514] dump_stack_lvl+0x16c/0x1f0 [ 171.440784][ T7514] should_fail_ex+0x512/0x640 [ 171.440805][ T7514] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 171.440822][ T7514] should_failslab+0xc2/0x120 [ 171.440841][ T7514] kmem_cache_alloc_noprof+0x75/0x6e0 [ 171.440855][ T7514] ? alloc_empty_file+0x55/0x1e0 [ 171.440877][ T7514] ? alloc_empty_file+0x55/0x1e0 [ 171.440895][ T7514] ? _raw_spin_unlock+0x28/0x50 [ 171.440908][ T7514] alloc_empty_file+0x55/0x1e0 [ 171.440927][ T7514] alloc_file_pseudo+0x13a/0x230 [ 171.440948][ T7514] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 171.440969][ T7514] ? do_raw_spin_unlock+0x172/0x230 [ 171.440984][ T7514] __anon_inode_getfile+0xe8/0x280 [ 171.441004][ T7514] anon_inode_getfile_fmode+0x37/0xa0 [ 171.441021][ T7514] __do_sys_fanotify_init+0x9da/0xc80 [ 171.441045][ T7514] do_syscall_64+0xcd/0xfa0 [ 171.441063][ T7514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.441077][ T7514] RIP: 0033:0x7f96a918f7c9 [ 171.441088][ T7514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.441101][ T7514] RSP: 002b:00007f96aa01b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 171.441114][ T7514] RAX: ffffffffffffffda RBX: 00007f96a93e6360 RCX: 00007f96a918f7c9 [ 171.441123][ T7514] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000000004f1 [ 171.441131][ T7514] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 171.441139][ T7514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.441147][ T7514] R13: 00007f96a93e63f8 R14: 00007f96a93e6360 R15: 00007ffdefef76b8 [ 171.441165][ T7514] [ 171.631921][ C0] vkms_vblank_simulate: vblank timer overrun [ 172.936804][ T7541] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 174.115915][ T5149] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 174.243394][ T7553] netlink: 8 bytes leftover after parsing attributes in process `syz.1.345'. [ 174.411045][ T7549] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 175.147734][ T7565] netlink: 13 bytes leftover after parsing attributes in process `syz.0.348'. [ 175.479635][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.347'. [ 175.659220][ T7563] netlink: 25 bytes leftover after parsing attributes in process `syz.3.347'. [ 178.369995][ T7611] binder: 7605:7611 ioctl 5380 2000000000c0 returned -22 [ 178.606505][ T7607] sd 0:0:1:0: PR command failed: 1026 [ 178.611923][ T7607] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 178.925926][ T7607] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 179.529852][ T7626] zswap: compressor not available [ 180.312119][ T7651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'. [ 180.695931][ T7649] netlink: 25 bytes leftover after parsing attributes in process `syz.0.367'. [ 181.577371][ T7676] FAULT_INJECTION: forcing a failure. [ 181.577371][ T7676] name failslab, interval 1, probability 0, space 0, times 0 [ 181.873828][ T7676] CPU: 0 UID: 0 PID: 7676 Comm: syz.3.374 Not tainted syzkaller #0 PREEMPT(full) [ 181.873849][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 181.873860][ T7676] Call Trace: [ 181.873865][ T7676] [ 181.873870][ T7676] dump_stack_lvl+0x16c/0x1f0 [ 181.873893][ T7676] should_fail_ex+0x512/0x640 [ 181.873913][ T7676] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 181.873929][ T7676] should_failslab+0xc2/0x120 [ 181.873948][ T7676] kmem_cache_alloc_noprof+0x75/0x6e0 [ 181.873962][ T7676] ? alloc_empty_file+0x55/0x1e0 [ 181.873984][ T7676] ? alloc_empty_file+0x55/0x1e0 [ 181.874001][ T7676] alloc_empty_file+0x55/0x1e0 [ 181.874021][ T7676] alloc_file_pseudo+0x13a/0x230 [ 181.874041][ T7676] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 181.874063][ T7676] ? alloc_fd+0x471/0x7d0 [ 181.874080][ T7676] sock_alloc_file+0x50/0x210 [ 181.874096][ T7676] __sys_socket+0x1c0/0x260 [ 181.874114][ T7676] ? __pfx___sys_socket+0x10/0x10 [ 181.874132][ T7676] ? do_user_addr_fault+0x843/0x1370 [ 181.874149][ T7676] __x64_sys_socket+0x72/0xb0 [ 181.874165][ T7676] ? lockdep_hardirqs_on+0x7c/0x110 [ 181.874182][ T7676] do_syscall_64+0xcd/0xfa0 [ 181.874200][ T7676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.874213][ T7676] RIP: 0033:0x7f090f1916e7 [ 181.874228][ T7676] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.874241][ T7676] RSP: 002b:00007f091000bfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 181.874257][ T7676] RAX: ffffffffffffffda RBX: 00007f090f3e6270 RCX: 00007f090f1916e7 [ 181.874266][ T7676] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 181.874274][ T7676] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 181.874282][ T7676] R10: 0000200000000240 R11: 0000000000000286 R12: 0000000000000000 [ 181.874290][ T7676] R13: 00007f090f3e6308 R14: 00007f090f3e6270 R15: 00007ffc14efee88 [ 181.874308][ T7676] [ 182.069562][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.603757][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.694634][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.707807][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.843557][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.875982][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 183.526148][ T7684] chnl_net:caif_netlink_parms(): no params data found [ 183.750915][ T7718] FAULT_INJECTION: forcing a failure. [ 183.750915][ T7718] name fail_futex, interval 1, probability 0, space 0, times 0 [ 183.806558][ T7718] CPU: 0 UID: 0 PID: 7718 Comm: syz.1.384 Not tainted syzkaller #0 PREEMPT(full) [ 183.806577][ T7718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 183.806585][ T7718] Call Trace: [ 183.806590][ T7718] [ 183.806595][ T7718] dump_stack_lvl+0x16c/0x1f0 [ 183.806616][ T7718] should_fail_ex+0x512/0x640 [ 183.806639][ T7718] get_futex_key+0x1d0/0x1560 [ 183.806660][ T7718] ? __pfx_get_futex_key+0x10/0x10 [ 183.806683][ T7718] futex_wake+0xea/0x530 [ 183.806705][ T7718] ? __pfx_futex_wake+0x10/0x10 [ 183.806725][ T7718] ? rcu_is_watching+0x12/0xc0 [ 183.806748][ T7718] do_futex+0x1e3/0x350 [ 183.806767][ T7718] ? __pfx_do_futex+0x10/0x10 [ 183.806784][ T7718] ? __fput+0x68d/0xb70 [ 183.806801][ T7718] ? __pfx___might_resched+0x10/0x10 [ 183.806818][ T7718] __x64_sys_futex+0x1e0/0x4c0 [ 183.806836][ T7718] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 183.806853][ T7718] ? __pfx___x64_sys_futex+0x10/0x10 [ 183.806870][ T7718] ? xfd_validate_state+0x61/0x180 [ 183.806888][ T7718] ? __pfx___do_sys_close_range+0x10/0x10 [ 183.806909][ T7718] do_syscall_64+0xcd/0xfa0 [ 183.806926][ T7718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.806940][ T7718] RIP: 0033:0x7f002ad8f7c9 [ 183.806951][ T7718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.806964][ T7718] RSP: 002b:00007f002bc150e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 183.806977][ T7718] RAX: ffffffffffffffda RBX: 00007f002afe5fa8 RCX: 00007f002ad8f7c9 [ 183.806986][ T7718] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f002afe5fac [ 183.806994][ T7718] RBP: 00007f002afe5fa0 R08: 00007f002bc16000 R09: 0000000000000000 [ 183.807002][ T7718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.807009][ T7718] R13: 00007f002afe6038 R14: 00007fffa0cd6820 R15: 00007fffa0cd6908 [ 183.807028][ T7718] [ 183.812695][ T7684] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.197126][ T7727] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 184.459212][ T7736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.388'. [ 184.667380][ T7684] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.674543][ T7684] bridge_slave_0: entered allmulticast mode [ 184.766803][ T7684] bridge_slave_0: entered promiscuous mode [ 184.816914][ T7684] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.855851][ T7684] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.901602][ T7684] bridge_slave_1: entered allmulticast mode [ 184.936875][ T7684] bridge_slave_1: entered promiscuous mode [ 184.995825][ T5839] Bluetooth: hci4: command tx timeout [ 185.147889][ T7684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.220981][ T7684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.401040][ T7684] team0: Port device team_slave_0 added [ 185.460452][ T7684] team0: Port device team_slave_1 added [ 185.580740][ T7684] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.621323][ T7684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.798712][ T7684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.013580][ T7684] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.051481][ T7684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.199607][ T7684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.239792][ T30] audit: type=1804 audit(1764556148.289:5): pid=7773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.396" name=2F6E6577726F6F742F3130302F22050820 dev="tmpfs" ino=536 res=1 errno=0 [ 186.374437][ T30] audit: type=1800 audit(1764556148.289:6): pid=7773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.396" name=22050820 dev="tmpfs" ino=536 res=0 errno=0 [ 186.730570][ T7684] hsr_slave_0: entered promiscuous mode [ 186.764708][ T7684] hsr_slave_1: entered promiscuous mode [ 186.785658][ T7684] debugfs: 'hsr0' already exists in 'hsr' [ 186.818546][ T7684] Cannot create hsr debugfs directory [ 187.076118][ T5839] Bluetooth: hci4: command tx timeout [ 187.431454][ T7684] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 187.465297][ T7684] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 187.502580][ T7684] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 187.555687][ T7684] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 187.851259][ T7684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.940374][ T7684] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.045307][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.052437][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.114410][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.121533][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.723371][ T5839] Bluetooth: hci3: unexpected event 0x36 length: 123 > 7 [ 188.883411][ T7684] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.026383][ T7850] FAULT_INJECTION: forcing a failure. [ 189.026383][ T7850] name fail_futex, interval 1, probability 0, space 0, times 0 [ 189.115851][ T7850] CPU: 0 UID: 0 PID: 7850 Comm: syz.3.415 Not tainted syzkaller #0 PREEMPT(full) [ 189.115873][ T7850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 189.115881][ T7850] Call Trace: [ 189.115886][ T7850] [ 189.115892][ T7850] dump_stack_lvl+0x16c/0x1f0 [ 189.115915][ T7850] should_fail_ex+0x512/0x640 [ 189.115939][ T7850] get_futex_key+0x1d0/0x1560 [ 189.115960][ T7850] ? __pfx_get_futex_key+0x10/0x10 [ 189.115983][ T7850] futex_wait_setup+0x9d/0x550 [ 189.116001][ T7850] __futex_wait+0x193/0x2f0 [ 189.116014][ T7850] ? __pfx___futex_wait+0x10/0x10 [ 189.116030][ T7850] ? fdget+0x187/0x210 [ 189.116047][ T7850] ? __pfx_futex_wake_mark+0x10/0x10 [ 189.116071][ T7850] ? futex_hash+0x2c5/0x380 [ 189.116090][ T7850] ? futex_private_hash_put+0xd5/0x190 [ 189.116108][ T7850] futex_wait+0xe8/0x380 [ 189.116121][ T7850] ? __pfx_futex_wait+0x10/0x10 [ 189.116138][ T7850] ? __fget_files+0x204/0x3c0 [ 189.116156][ T7850] do_futex+0x229/0x350 [ 189.116175][ T7850] ? __pfx_do_futex+0x10/0x10 [ 189.116192][ T7850] ? fdget+0x187/0x210 [ 189.116205][ T7850] ? __sys_sendmsg+0x18c/0x220 [ 189.116220][ T7850] __x64_sys_futex+0x1e0/0x4c0 [ 189.116241][ T7850] ? __pfx___x64_sys_futex+0x10/0x10 [ 189.116265][ T7850] do_syscall_64+0xcd/0xfa0 [ 189.116283][ T7850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.116297][ T7850] RIP: 0033:0x7f090f18f7c9 [ 189.116309][ T7850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.116321][ T7850] RSP: 002b:00007f09100700e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 189.116335][ T7850] RAX: ffffffffffffffda RBX: 00007f090f3e5fa8 RCX: 00007f090f18f7c9 [ 189.116344][ T7850] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f090f3e5fa8 [ 189.116352][ T7850] RBP: 00007f090f3e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 189.116360][ T7850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.116367][ T7850] R13: 00007f090f3e6038 R14: 00007ffc14efeda0 R15: 00007ffc14efee88 [ 189.116386][ T7850] [ 189.629933][ T7855] netlink: 'syz.1.417': attribute type 11 has an invalid length. [ 189.660119][ T5839] Bluetooth: hci4: command tx timeout [ 189.680263][ T7855] netlink: 'syz.1.417': attribute type 11 has an invalid length. [ 190.264237][ T7870] bcache: register_bcache() error : failed to open device [ 190.317365][ T7684] veth0_vlan: entered promiscuous mode [ 190.370446][ T7684] veth1_vlan: entered promiscuous mode [ 190.404388][ T7874] netlink: 28 bytes leftover after parsing attributes in process `syz.0.421'. [ 190.492786][ T68] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.503734][ T7876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.421'. [ 190.515538][ T68] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.548323][ T7684] veth0_macvtap: entered promiscuous mode [ 190.570659][ T68] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.606026][ T68] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.648038][ T7684] veth1_macvtap: entered promiscuous mode [ 190.711412][ T7684] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.732582][ T7872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.420'. [ 190.762699][ T7684] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.849341][ T7875] netlink: 25 bytes leftover after parsing attributes in process `syz.1.420'. [ 190.883164][ T3079] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.911992][ T3079] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.984611][ T3079] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.032999][ T3079] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.042756][ T7881] FAULT_INJECTION: forcing a failure. [ 191.042756][ T7881] name failslab, interval 1, probability 0, space 0, times 0 [ 191.125939][ T7881] CPU: 0 UID: 0 PID: 7881 Comm: syz.3.423 Not tainted syzkaller #0 PREEMPT(full) [ 191.125960][ T7881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 191.125969][ T7881] Call Trace: [ 191.125974][ T7881] [ 191.125979][ T7881] dump_stack_lvl+0x16c/0x1f0 [ 191.126001][ T7881] should_fail_ex+0x512/0x640 [ 191.126021][ T7881] ? __kmalloc_cache_noprof+0x5f/0x780 [ 191.126037][ T7881] should_failslab+0xc2/0x120 [ 191.126055][ T7881] __kmalloc_cache_noprof+0x72/0x780 [ 191.126069][ T7881] ? __do_sys_fanotify_init+0x4c3/0xc80 [ 191.126089][ T7881] ? get_mem_cgroup_from_mm+0x12a/0x600 [ 191.126104][ T7881] ? __do_sys_fanotify_init+0x4c3/0xc80 [ 191.126122][ T7881] __do_sys_fanotify_init+0x4c3/0xc80 [ 191.126145][ T7881] do_syscall_64+0xcd/0xfa0 [ 191.126162][ T7881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.126176][ T7881] RIP: 0033:0x7f090f18f7c9 [ 191.126187][ T7881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.126199][ T7881] RSP: 002b:00007f0910070038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 191.126212][ T7881] RAX: ffffffffffffffda RBX: 00007f090f3e5fa0 RCX: 00007f090f18f7c9 [ 191.126221][ T7881] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000c00 [ 191.126229][ T7881] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 191.126237][ T7881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.126245][ T7881] R13: 00007f090f3e6038 R14: 00007f090f3e5fa0 R15: 00007ffc14efee88 [ 191.126262][ T7881] [ 191.603747][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.660872][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.706104][ T3079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.751451][ T3079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.766070][ T5839] Bluetooth: hci4: command tx timeout [ 193.629176][ T7900] binder: BINDER_SET_CONTEXT_MGR already set [ 193.663414][ T7900] binder: 7899:7900 ioctl 4018620d 9 returned -16 [ 194.199021][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.205353][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.551430][ T30] audit: type=1326 audit(1764556160.599:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7976 comm="syz.0.443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f96a918f7c9 code=0x0 [ 198.806806][ T7984] netlink: 28 bytes leftover after parsing attributes in process `syz.4.444'. [ 198.815915][ T7981] FAULT_INJECTION: forcing a failure. [ 198.815915][ T7981] name failslab, interval 1, probability 0, space 0, times 0 [ 198.916691][ T7981] CPU: 0 UID: 0 PID: 7981 Comm: syz.0.443 Not tainted syzkaller #0 PREEMPT(full) [ 198.916713][ T7981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 198.916721][ T7981] Call Trace: [ 198.916726][ T7981] [ 198.916732][ T7981] dump_stack_lvl+0x16c/0x1f0 [ 198.916753][ T7981] should_fail_ex+0x512/0x640 [ 198.916774][ T7981] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 198.916791][ T7981] should_failslab+0xc2/0x120 [ 198.916810][ T7981] kmem_cache_alloc_noprof+0x75/0x6e0 [ 198.916824][ T7981] ? alloc_empty_file+0x55/0x1e0 [ 198.916846][ T7981] ? alloc_empty_file+0x55/0x1e0 [ 198.916867][ T7981] alloc_empty_file+0x55/0x1e0 [ 198.916885][ T7981] alloc_file_pseudo+0x13a/0x230 [ 198.916905][ T7981] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 198.916924][ T7981] ? alloc_fd+0x471/0x7d0 [ 198.916941][ T7981] sock_alloc_file+0x50/0x210 [ 198.916957][ T7981] __sys_socket+0x1c0/0x260 [ 198.916974][ T7981] ? __pfx___sys_socket+0x10/0x10 [ 198.916992][ T7981] ? do_user_addr_fault+0x843/0x1370 [ 198.917008][ T7981] __x64_sys_socket+0x72/0xb0 [ 198.917025][ T7981] ? lockdep_hardirqs_on+0x7c/0x110 [ 198.917046][ T7981] do_syscall_64+0xcd/0xfa0 [ 198.917064][ T7981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.917078][ T7981] RIP: 0033:0x7f96a91916e7 [ 198.917090][ T7981] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.917103][ T7981] RSP: 002b:00007f96aa05bfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 198.917116][ T7981] RAX: ffffffffffffffda RBX: 00007f96a93e6180 RCX: 00007f96a91916e7 [ 198.917125][ T7981] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 198.917133][ T7981] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 198.917140][ T7981] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 198.917148][ T7981] R13: 00007f96a93e6218 R14: 00007f96a93e6180 R15: 00007ffdefef76b8 [ 198.917166][ T7981] [ 199.526682][ T7985] FAULT_INJECTION: forcing a failure. [ 199.526682][ T7985] name failslab, interval 1, probability 0, space 0, times 0 [ 199.549589][ T7980] netlink: 'syz.4.444': attribute type 4 has an invalid length. [ 199.571472][ T7985] CPU: 0 UID: 0 PID: 7985 Comm: syz.3.445 Not tainted syzkaller #0 PREEMPT(full) [ 199.571491][ T7985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 199.571499][ T7985] Call Trace: [ 199.571505][ T7985] [ 199.571511][ T7985] dump_stack_lvl+0x16c/0x1f0 [ 199.571533][ T7985] should_fail_ex+0x512/0x640 [ 199.571553][ T7985] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 199.571569][ T7985] should_failslab+0xc2/0x120 [ 199.571589][ T7985] kmem_cache_alloc_noprof+0x75/0x6e0 [ 199.571603][ T7985] ? fasync_helper+0x3d/0xd0 [ 199.571624][ T7985] ? fasync_helper+0x3d/0xd0 [ 199.571640][ T7985] fasync_helper+0x3d/0xd0 [ 199.571658][ T7985] pipe_fasync+0xc7/0x200 [ 199.571674][ T7985] ? __pfx_pipe_fasync+0x10/0x10 [ 199.571688][ T7985] do_fcntl+0xa3d/0x15a0 [ 199.571705][ T7985] ? __pfx_do_fcntl+0x10/0x10 [ 199.571727][ T7985] ? tomoyo_file_fcntl+0xa5/0xc0 [ 199.571747][ T7985] __x64_sys_fcntl+0x163/0x200 [ 199.571766][ T7985] do_syscall_64+0xcd/0xfa0 [ 199.571784][ T7985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.571798][ T7985] RIP: 0033:0x7f090f18f7c9 [ 199.571809][ T7985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.571822][ T7985] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 199.571835][ T7985] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 199.571844][ T7985] RDX: fffffffffffffffc RSI: 0000000000000004 RDI: ff80000000000000 [ 199.571852][ T7985] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 199.571860][ T7985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.571867][ T7985] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 199.571885][ T7985] [ 199.799160][ T7989] netlink: 4 bytes leftover after parsing attributes in process `syz.1.446'. [ 200.192792][ T7980] netlink: 314 bytes leftover after parsing attributes in process `syz.4.444'. [ 200.961084][ T7984] bond0: (slave bond_slave_1): Releasing backup interface [ 201.109054][ T30] audit: type=1804 audit(1764556163.149:8): pid=8002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.448" name=2F6E6577726F6F742F3130352F22050820 dev="tmpfs" ino=575 res=1 errno=0 [ 201.288239][ T30] audit: type=1800 audit(1764556163.159:9): pid=8002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.448" name=22050820 dev="tmpfs" ino=575 res=0 errno=0 [ 202.737283][ T8024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.453'. [ 202.885893][ T8031] netlink: 25 bytes leftover after parsing attributes in process `syz.4.453'. [ 203.078523][ T8039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.455'. [ 203.163931][ T8041] netlink: 8 bytes leftover after parsing attributes in process `syz.3.456'. [ 203.531005][ T8046] openvswitch: netlink: Key type 1539 is out of range max 32 [ 205.156460][ T30] audit: type=1800 audit(1764556167.199:10): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=050820 name="lu_gp_id" dev="configfs" ino=21228 res=0 errno=0 [ 205.376539][ T5839] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 205.376560][ T5839] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 205.391543][ T5839] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 205.391583][ T5839] Bluetooth: hci3: adv larger than maximum supported [ 205.402212][ T5839] Bluetooth: hci3: adv larger than maximum supported [ 205.408902][ T5839] Bluetooth: hci3: Malformed LE Event: 0x0d [ 205.678893][ T8058] FAULT_INJECTION: forcing a failure. [ 205.678893][ T8058] name failslab, interval 1, probability 0, space 0, times 0 [ 205.925830][ T8058] CPU: 0 UID: 0 PID: 8058 Comm: syz.3.459 Not tainted syzkaller #0 PREEMPT(full) [ 205.925850][ T8058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 205.925858][ T8058] Call Trace: [ 205.925863][ T8058] [ 205.925869][ T8058] dump_stack_lvl+0x16c/0x1f0 [ 205.925891][ T8058] should_fail_ex+0x512/0x640 [ 205.925911][ T8058] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 205.925928][ T8058] should_failslab+0xc2/0x120 [ 205.925952][ T8058] kmem_cache_alloc_noprof+0x75/0x6e0 [ 205.925966][ T8058] ? is_bpf_text_address+0x94/0x1a0 [ 205.925985][ T8058] ? alloc_empty_file+0x55/0x1e0 [ 205.926011][ T8058] ? alloc_empty_file+0x55/0x1e0 [ 205.926028][ T8058] alloc_empty_file+0x55/0x1e0 [ 205.926050][ T8058] path_openat+0xda/0x2cb0 [ 205.926070][ T8058] ? stack_trace_save+0x8e/0xc0 [ 205.926087][ T8058] ? __pfx_path_openat+0x10/0x10 [ 205.926100][ T8058] ? stack_depot_save_flags+0x29/0x9c0 [ 205.926125][ T8058] do_filp_open+0x20b/0x470 [ 205.926139][ T8058] ? kmem_cache_alloc_noprof+0x250/0x6e0 [ 205.926153][ T8058] ? __pfx_do_filp_open+0x10/0x10 [ 205.926167][ T8058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.926200][ T8058] do_open_execat+0xf9/0x3a0 [ 205.926214][ T8058] ? __pfx_do_open_execat+0x10/0x10 [ 205.926234][ T8058] alloc_bprm+0x2d/0x710 [ 205.926248][ T8058] do_execveat_common.isra.0+0x1ce/0x610 [ 205.926266][ T8058] __x64_sys_execve+0x8e/0xb0 [ 205.926283][ T8058] do_syscall_64+0xcd/0xfa0 [ 205.926302][ T8058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.926315][ T8058] RIP: 0033:0x7f090f18f7c9 [ 205.926326][ T8058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.926339][ T8058] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 205.926352][ T8058] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 205.926369][ T8058] RDX: 0000200000000100 RSI: 0000000000000000 RDI: 0000200000000000 [ 205.926377][ T8058] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 205.926385][ T8058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.926393][ T8058] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 205.926411][ T8058] [ 207.553501][ T8087] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 209.278934][ T8152] netlink: 93 bytes leftover after parsing attributes in process `syz.4.481'. [ 213.265959][ T8220] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 213.878447][ T8239] FAULT_INJECTION: forcing a failure. [ 213.878447][ T8239] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 213.979676][ T8239] CPU: 0 UID: 0 PID: 8239 Comm: syz.1.502 Not tainted syzkaller #0 PREEMPT(full) [ 213.979697][ T8239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 213.979705][ T8239] Call Trace: [ 213.979710][ T8239] [ 213.979715][ T8239] dump_stack_lvl+0x16c/0x1f0 [ 213.979737][ T8239] should_fail_ex+0x512/0x640 [ 213.979761][ T8239] _copy_from_user+0x2e/0xd0 [ 213.979783][ T8239] copy_from_sockptr_offset.constprop.0+0x153/0x1a0 [ 213.979806][ T8239] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 213.979831][ T8239] packet_setsockopt+0xbbd/0x33c0 [ 213.979845][ T8239] ? __pfx___might_resched+0x10/0x10 [ 213.979860][ T8239] ? __lock_acquire+0x622/0x1c90 [ 213.979880][ T8239] ? __pfx_packet_setsockopt+0x10/0x10 [ 213.979893][ T8239] ? aa_sk_perm+0x2f4/0xb10 [ 213.979906][ T8239] ? ksys_write+0x190/0x250 [ 213.979922][ T8239] ? __pfx_aa_sk_perm+0x10/0x10 [ 213.979937][ T8239] ? find_held_lock+0x2b/0x80 [ 213.979953][ T8239] ? aa_sock_opt_perm+0xfd/0x1c0 [ 213.979972][ T8239] ? __pfx_packet_setsockopt+0x10/0x10 [ 213.979986][ T8239] do_sock_setsockopt+0xf3/0x1d0 [ 213.980006][ T8239] __sys_setsockopt+0x120/0x1a0 [ 213.980030][ T8239] __x64_sys_setsockopt+0xbd/0x160 [ 213.980042][ T8239] ? do_syscall_64+0x91/0xfa0 [ 213.980058][ T8239] ? lockdep_hardirqs_on+0x7c/0x110 [ 213.980074][ T8239] do_syscall_64+0xcd/0xfa0 [ 213.980091][ T8239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.980104][ T8239] RIP: 0033:0x7f002ad8f7c9 [ 213.980116][ T8239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.980129][ T8239] RSP: 002b:00007f002bc15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 213.980143][ T8239] RAX: ffffffffffffffda RBX: 00007f002afe5fa0 RCX: 00007f002ad8f7c9 [ 213.980151][ T8239] RDX: 0000000000000012 RSI: 0000000000000107 RDI: 0000000000000003 [ 213.980159][ T8239] RBP: 00007f002bc15090 R08: 0000000000000008 R09: 0000000000000000 [ 213.980167][ T8239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.980175][ T8239] R13: 00007f002afe6038 R14: 00007f002afe5fa0 R15: 00007fffa0cd6908 [ 213.980193][ T8239] [ 218.651841][ T8360] netlink: 342 bytes leftover after parsing attributes in process `syz.4.522'. [ 219.562485][ T8383] FAULT_INJECTION: forcing a failure. [ 219.562485][ T8383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.682027][ T8383] CPU: 0 UID: 0 PID: 8383 Comm: syz.3.525 Not tainted syzkaller #0 PREEMPT(full) [ 219.682047][ T8383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 219.682055][ T8383] Call Trace: [ 219.682060][ T8383] [ 219.682066][ T8383] dump_stack_lvl+0x16c/0x1f0 [ 219.682087][ T8383] should_fail_ex+0x512/0x640 [ 219.682111][ T8383] _copy_from_user+0x2e/0xd0 [ 219.682133][ T8383] kstrtouint_from_user+0xd6/0x1d0 [ 219.682150][ T8383] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 219.682166][ T8383] ? __lock_acquire+0xb8a/0x1c90 [ 219.682194][ T8383] proc_fail_nth_write+0x83/0x220 [ 219.682210][ T8383] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 219.682229][ T8383] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 219.682243][ T8383] vfs_write+0x2a0/0x11d0 [ 219.682261][ T8383] ? __pfx___mutex_lock+0x10/0x10 [ 219.682279][ T8383] ? __pfx_vfs_write+0x10/0x10 [ 219.682299][ T8383] ? __fget_files+0x20e/0x3c0 [ 219.682319][ T8383] ksys_write+0x12a/0x250 [ 219.682333][ T8383] ? __pfx_ksys_write+0x10/0x10 [ 219.682354][ T8383] do_syscall_64+0xcd/0xfa0 [ 219.682371][ T8383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.682386][ T8383] RIP: 0033:0x7f090f18e27f [ 219.682397][ T8383] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 219.682409][ T8383] RSP: 002b:00007f091004f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 219.682423][ T8383] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f090f18e27f [ 219.682431][ T8383] RDX: 0000000000000001 RSI: 00007f091004f0a0 RDI: 0000000000000004 [ 219.682439][ T8383] RBP: 00007f091004f090 R08: 0000000000000000 R09: 0000000000000000 [ 219.682447][ T8383] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 219.682455][ T8383] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 219.682474][ T8383] [ 220.557362][ T8389] zswap: compressor not available [ 222.326425][ T8410] FAULT_INJECTION: forcing a failure. [ 222.326425][ T8410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.407407][ T8410] CPU: 0 UID: 0 PID: 8410 Comm: syz.3.529 Not tainted syzkaller #0 PREEMPT(full) [ 222.407428][ T8410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 222.407436][ T8410] Call Trace: [ 222.407440][ T8410] [ 222.407445][ T8410] dump_stack_lvl+0x16c/0x1f0 [ 222.407467][ T8410] should_fail_ex+0x512/0x640 [ 222.407491][ T8410] _copy_from_user+0x2e/0xd0 [ 222.407513][ T8410] copy_msghdr_from_user+0x98/0x160 [ 222.407527][ T8410] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 222.407549][ T8410] ___sys_sendmsg+0xfe/0x1d0 [ 222.407563][ T8410] ? __pfx____sys_sendmsg+0x10/0x10 [ 222.407575][ T8410] ? __lock_acquire+0x622/0x1c90 [ 222.407615][ T8410] __sys_sendmsg+0x16d/0x220 [ 222.407628][ T8410] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.407653][ T8410] do_syscall_64+0xcd/0xfa0 [ 222.407671][ T8410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.407693][ T8410] RIP: 0033:0x7f090f18f7c9 [ 222.407705][ T8410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.407717][ T8410] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 222.407731][ T8410] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 222.407740][ T8410] RDX: 0000000004000000 RSI: 0000200000000140 RDI: 0000000000000006 [ 222.407748][ T8410] RBP: 00007f091004f090 R08: 0000000000000000 R09: 0000000000000000 [ 222.407756][ T8410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.407764][ T8410] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 222.407782][ T8410] [ 224.022756][ T8451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.540'. [ 224.174338][ T8453] netlink: 32 bytes leftover after parsing attributes in process `syz.1.540'. [ 224.490895][ T8451] HfR: entered promiscuous mode [ 225.341556][ T8465] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 225.440051][ T8468] netlink: 186 bytes leftover after parsing attributes in process `syz.0.545'. [ 225.935234][ T8480] FAULT_INJECTION: forcing a failure. [ 225.935234][ T8480] name failslab, interval 1, probability 0, space 0, times 0 [ 226.088311][ T8480] CPU: 0 UID: 0 PID: 8480 Comm: syz.0.548 Not tainted syzkaller #0 PREEMPT(full) [ 226.088332][ T8480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 226.088340][ T8480] Call Trace: [ 226.088345][ T8480] [ 226.088351][ T8480] dump_stack_lvl+0x16c/0x1f0 [ 226.088373][ T8480] should_fail_ex+0x512/0x640 [ 226.088393][ T8480] ? __kmalloc_cache_noprof+0x5f/0x780 [ 226.088409][ T8480] should_failslab+0xc2/0x120 [ 226.088428][ T8480] __kmalloc_cache_noprof+0x72/0x780 [ 226.088441][ T8480] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 226.088464][ T8480] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 226.088482][ T8480] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 226.088505][ T8480] ? __mutex_lock+0x1c5/0x1060 [ 226.088525][ T8480] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 226.088545][ T8480] ? __pfx___mutex_lock+0x10/0x10 [ 226.088573][ T8480] ? __fsnotify_parent+0x24b/0xc40 [ 226.088595][ T8480] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 226.088615][ T8480] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 226.088633][ T8480] snd_pcm_oss_sync+0x1de/0x840 [ 226.088654][ T8480] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 226.088672][ T8480] snd_pcm_oss_release+0x28b/0x310 [ 226.088691][ T8480] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 226.088708][ T8480] __fput+0x402/0xb70 [ 226.088730][ T8480] task_work_run+0x150/0x240 [ 226.088751][ T8480] ? __pfx_task_work_run+0x10/0x10 [ 226.088771][ T8480] ? __pfx___do_sys_close_range+0x10/0x10 [ 226.088790][ T8480] exit_to_user_mode_loop+0xec/0x130 [ 226.088811][ T8480] do_syscall_64+0x426/0xfa0 [ 226.088828][ T8480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.088842][ T8480] RIP: 0033:0x7f96a918f7c9 [ 226.088854][ T8480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.088866][ T8480] RSP: 002b:00007f96aa07e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 226.088880][ T8480] RAX: 0000000000000000 RBX: 00007f96a93e6090 RCX: 00007f96a918f7c9 [ 226.088888][ T8480] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 226.088896][ T8480] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 226.088904][ T8480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 226.088912][ T8480] R13: 00007f96a93e6128 R14: 00007f96a93e6090 R15: 00007ffdefef76b8 [ 226.088931][ T8480] [ 227.479622][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.4.555'. [ 227.606010][ T8515] netlink: 32 bytes leftover after parsing attributes in process `syz.4.555'. [ 227.913300][ T8514] HfR: entered promiscuous mode [ 230.112503][ T8545] dyndbg: expected <4096 bytes into control [ 230.159640][ T8545] random: crng reseeded on system resumption [ 230.213725][ T8546] dyndbg: bad flag-op b, at start of blacklisting initcall %s\n [ 230.286878][ T8546] dyndbg: flags parse failed [ 230.316629][ T8546] dyndbg: bad flag-op i, at start of initcall %s blacklisted\n [ 230.380081][ T8546] dyndbg: flags parse failed [ 230.411972][ T8546] dyndbg: bad flag-op , at start of with arguments:\n [ 230.465459][ T8546] dyndbg: flags parse failed [ 230.488456][ T8546] dyndbg: bad flag-op , at start of %s\n [ 230.525862][ T8546] dyndbg: flags parse failed [ 230.555817][ T8546] dyndbg: bad flag-op , at start of with environment:\n [ 230.595836][ T8546] dyndbg: flags parse failed [ 230.610716][ T8546] dyndbg: bad flag-op , at start of %s\n [ 230.685911][ T8546] dyndbg: flags parse failed [ 230.702438][ T8546] dyndbg: bad flag-op D, at start of Detected %s compressed data\n [ 230.747873][ T8546] dyndbg: flags parse failed [ 230.785253][ T8546] dyndbg: bad flag-op F, at start of Failed to setup IBS LVT offset, IBSCTL = 0x%08x\n [ 230.865952][ T8546] dyndbg: flags parse failed [ 230.881451][ T8546] dyndbg: bad flag-op N, at start of No CPU node configured for IBS\n [ 230.939476][ T8546] dyndbg: flags parse failed [ 231.006476][ T8546] dyndbg: bad flag-op N, at start of No EILVT entry available\n [ 231.014123][ T8546] dyndbg: flags parse failed [ 231.086313][ T8546] dyndbg: bad flag-op #, at start of # table @%p, off %llx size %zx\n [ 231.094468][ T8546] dyndbg: flags parse failed [ 231.157584][ T8546] dyndbg: bad flag-op #, at start of # entry @%p (%lx sz %u %c%c%c) raw=%16llx\n [ 231.206366][ T8546] dyndbg: flags parse failed [ 231.210965][ T8546] dyndbg: bad flag-op k, at start of kvm [%i]: vcpu%i hv crash (0x%llx 0x%llx 0x%llx 0x%llx 0x%llx)\n [ 231.279089][ T8546] dyndbg: flags parse failed [ 231.327584][ T8546] dyndbg: bad flag-op k, at start of kvm [%i]: vcpu%i hyper-v reset requested\n [ 231.365850][ T8546] dyndbg: flags parse failed [ 231.380781][ T8546] dyndbg: bad flag-op c, at start of create pit timer, interval is %llu nsec\n [ 231.428806][ T8546] dyndbg: flags parse failed [ 231.449982][ T8546] dyndbg: bad flag-op l, at start of load_count val is %u, channel is %d\n [ 231.495817][ T8546] dyndbg: flags parse failed [ 231.512915][ T8546] dyndbg: unclosed quote: write addr is 0x%x, len is %d, val is 0 [ 231.565819][ T8546] dyndbg: tokenize failed [ 233.613773][ T8594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.574'. [ 233.662982][ T8596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.575'. [ 233.709797][ T8597] netlink: 25 bytes leftover after parsing attributes in process `syz.0.574'. [ 233.742864][ T8596] netlink: 25 bytes leftover after parsing attributes in process `syz.1.575'. [ 234.501009][ T8604] openvswitch: netlink: Duplicate key (type 15). [ 234.514834][ T8606] hub 1-0:1.0: USB hub found [ 234.564441][ T8606] hub 1-0:1.0: 1 port detected [ 235.459814][ T8623] FAULT_INJECTION: forcing a failure. [ 235.459814][ T8623] name failslab, interval 1, probability 0, space 0, times 0 [ 235.558648][ T8623] CPU: 0 UID: 0 PID: 8623 Comm: syz.1.581 Not tainted syzkaller #0 PREEMPT(full) [ 235.558670][ T8623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 235.558678][ T8623] Call Trace: [ 235.558684][ T8623] [ 235.558690][ T8623] dump_stack_lvl+0x16c/0x1f0 [ 235.558712][ T8623] should_fail_ex+0x512/0x640 [ 235.558733][ T8623] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 235.558751][ T8623] should_failslab+0xc2/0x120 [ 235.558769][ T8623] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 235.558785][ T8623] ? __d_alloc+0x32/0xae0 [ 235.558804][ T8623] ? __d_alloc+0x32/0xae0 [ 235.558817][ T8623] __d_alloc+0x32/0xae0 [ 235.558834][ T8623] d_alloc_pseudo+0x1c/0xc0 [ 235.558853][ T8623] alloc_file_pseudo+0xcf/0x230 [ 235.558872][ T8623] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 235.558891][ T8623] ? alloc_fd+0x471/0x7d0 [ 235.558908][ T8623] sock_alloc_file+0x50/0x210 [ 235.558923][ T8623] __sys_socket+0x1c0/0x260 [ 235.558941][ T8623] ? __pfx___sys_socket+0x10/0x10 [ 235.558958][ T8623] ? xfd_validate_state+0x61/0x180 [ 235.558981][ T8623] __x64_sys_socket+0x72/0xb0 [ 235.558997][ T8623] ? lockdep_hardirqs_on+0x7c/0x110 [ 235.559013][ T8623] do_syscall_64+0xcd/0xfa0 [ 235.559030][ T8623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.559043][ T8623] RIP: 0033:0x7f002ad8f7c9 [ 235.559054][ T8623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.559067][ T8623] RSP: 002b:00007f002bc15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 235.559080][ T8623] RAX: ffffffffffffffda RBX: 00007f002afe5fa0 RCX: 00007f002ad8f7c9 [ 235.559089][ T8623] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 235.559097][ T8623] RBP: 00007f002ae13f91 R08: 0000000000000000 R09: 0000000000000000 [ 235.559104][ T8623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 235.559112][ T8623] R13: 00007f002afe6038 R14: 00007f002afe5fa0 R15: 00007fffa0cd6908 [ 235.559130][ T8623] [ 237.146921][ T8638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 237.260863][ T8639] netlink: 25 bytes leftover after parsing attributes in process `syz.1.586'. [ 239.728458][ T8676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.596'. [ 239.793256][ T8676] netlink: 25 bytes leftover after parsing attributes in process `syz.1.596'. [ 241.386556][ T8704] vhci_hcd: invalid port number 16 [ 241.702872][ T8702] FAULT_INJECTION: forcing a failure. [ 241.702872][ T8702] name failslab, interval 1, probability 0, space 0, times 0 [ 241.844388][ T8702] CPU: 0 UID: 0 PID: 8702 Comm: syz.4.600 Not tainted syzkaller #0 PREEMPT(full) [ 241.844409][ T8702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 241.844417][ T8702] Call Trace: [ 241.844422][ T8702] [ 241.844429][ T8702] dump_stack_lvl+0x16c/0x1f0 [ 241.844452][ T8702] should_fail_ex+0x512/0x640 [ 241.844472][ T8702] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 241.844491][ T8702] should_failslab+0xc2/0x120 [ 241.844511][ T8702] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 241.844527][ T8702] ? tracing_mark_open+0x44f/0x6f0 [ 241.844551][ T8702] ? tracing_mark_open+0x44f/0x6f0 [ 241.844570][ T8702] tracing_mark_open+0x44f/0x6f0 [ 241.844594][ T8702] do_dentry_open+0x982/0x1530 [ 241.844611][ T8702] ? __pfx_tracing_mark_open+0x10/0x10 [ 241.844635][ T8702] vfs_open+0x82/0x3f0 [ 241.844656][ T8702] path_openat+0x1de4/0x2cb0 [ 241.844677][ T8702] ? __pfx_path_openat+0x10/0x10 [ 241.844693][ T8702] ? __lock_acquire+0xb8a/0x1c90 [ 241.844713][ T8702] do_filp_open+0x20b/0x470 [ 241.844745][ T8702] ? __pfx_do_filp_open+0x10/0x10 [ 241.844779][ T8702] ? alloc_fd+0x471/0x7d0 [ 241.844799][ T8702] do_sys_openat2+0x11b/0x1d0 [ 241.844819][ T8702] ? __pfx_do_sys_openat2+0x10/0x10 [ 241.844846][ T8702] __x64_sys_openat+0x174/0x210 [ 241.844866][ T8702] ? __pfx___x64_sys_openat+0x10/0x10 [ 241.844894][ T8702] do_syscall_64+0xcd/0xfa0 [ 241.844912][ T8702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.844926][ T8702] RIP: 0033:0x7fb7e518f7c9 [ 241.844937][ T8702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.844950][ T8702] RSP: 002b:00007fb7e6064038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 241.844964][ T8702] RAX: ffffffffffffffda RBX: 00007fb7e53e5fa0 RCX: 00007fb7e518f7c9 [ 241.844974][ T8702] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 241.844982][ T8702] RBP: 00007fb7e5213f91 R08: 0000000000000000 R09: 0000000000000000 [ 241.844990][ T8702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.844998][ T8702] R13: 00007fb7e53e6038 R14: 00007fb7e53e5fa0 R15: 00007ffd7a1b1958 [ 241.845016][ T8702] [ 243.653140][ T8733] .^: entered promiscuous mode [ 244.059966][ T8748] FAULT_INJECTION: forcing a failure. [ 244.059966][ T8748] name failslab, interval 1, probability 0, space 0, times 0 [ 244.248546][ T8748] CPU: 0 UID: 0 PID: 8748 Comm: syz.0.612 Not tainted syzkaller #0 PREEMPT(full) [ 244.248567][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 244.248583][ T8748] Call Trace: [ 244.248588][ T8748] [ 244.248594][ T8748] dump_stack_lvl+0x16c/0x1f0 [ 244.248614][ T8748] should_fail_ex+0x512/0x640 [ 244.248635][ T8748] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 244.248651][ T8748] should_failslab+0xc2/0x120 [ 244.248670][ T8748] kmem_cache_alloc_noprof+0x75/0x6e0 [ 244.248684][ T8748] ? alloc_empty_file+0x55/0x1e0 [ 244.248706][ T8748] ? alloc_empty_file+0x55/0x1e0 [ 244.248723][ T8748] alloc_empty_file+0x55/0x1e0 [ 244.248743][ T8748] path_openat+0xda/0x2cb0 [ 244.248763][ T8748] ? __pfx_path_openat+0x10/0x10 [ 244.248779][ T8748] ? __lock_acquire+0xb8a/0x1c90 [ 244.248800][ T8748] do_filp_open+0x20b/0x470 [ 244.248815][ T8748] ? __pfx_do_filp_open+0x10/0x10 [ 244.248842][ T8748] ? alloc_fd+0x471/0x7d0 [ 244.248861][ T8748] do_sys_openat2+0x11b/0x1d0 [ 244.248881][ T8748] ? __pfx_do_sys_openat2+0x10/0x10 [ 244.248907][ T8748] __x64_sys_openat+0x174/0x210 [ 244.248927][ T8748] ? __pfx___x64_sys_openat+0x10/0x10 [ 244.248954][ T8748] do_syscall_64+0xcd/0xfa0 [ 244.248972][ T8748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.248986][ T8748] RIP: 0033:0x7f96a918f7c9 [ 244.248998][ T8748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.249010][ T8748] RSP: 002b:00007f96aa05d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 244.249023][ T8748] RAX: ffffffffffffffda RBX: 00007f96a93e6180 RCX: 00007f96a918f7c9 [ 244.249032][ T8748] RDX: 0000000000000000 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 244.249040][ T8748] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 244.249048][ T8748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.249056][ T8748] R13: 00007f96a93e6218 R14: 00007f96a93e6180 R15: 00007ffdefef76b8 [ 244.249074][ T8748] [ 247.153260][ T8746] syz.3.613 (8746) used greatest stack depth: 17816 bytes left [ 247.858961][ T8786] sd 0:0:1:0: PR command failed: 1026 [ 247.864367][ T8786] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 248.003019][ T8786] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 249.600653][ T8801] delete_channel: no stack [ 250.474977][ T8831] FAULT_INJECTION: forcing a failure. [ 250.474977][ T8831] name failslab, interval 1, probability 0, space 0, times 0 [ 250.548321][ T8831] CPU: 0 UID: 0 PID: 8831 Comm: syz.1.631 Not tainted syzkaller #0 PREEMPT(full) [ 250.548343][ T8831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 250.548351][ T8831] Call Trace: [ 250.548357][ T8831] [ 250.548363][ T8831] dump_stack_lvl+0x16c/0x1f0 [ 250.548384][ T8831] should_fail_ex+0x512/0x640 [ 250.548408][ T8831] should_failslab+0xc2/0x120 [ 250.548427][ T8831] __kmalloc_cache_noprof+0x72/0x780 [ 250.548442][ T8831] ? sctp_add_bind_addr+0xae/0x3f0 [ 250.548456][ T8831] ? sctp_bind_addr_match+0x193/0x300 [ 250.548472][ T8831] ? sctp_add_bind_addr+0xae/0x3f0 [ 250.548485][ T8831] sctp_add_bind_addr+0xae/0x3f0 [ 250.548501][ T8831] sctp_do_bind+0x2d6/0x700 [ 250.548523][ T8831] sctp_connect_new_asoc+0x5e7/0x770 [ 250.548544][ T8831] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 250.548566][ T8831] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 250.548591][ T8831] __sctp_connect+0x3f3/0xc60 [ 250.548612][ T8831] ? do_raw_spin_lock+0x12c/0x2b0 [ 250.548633][ T8831] ? __pfx___sctp_connect+0x10/0x10 [ 250.548653][ T8831] ? __pfx_sctp_inet_connect+0x10/0x10 [ 250.548672][ T8831] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 250.548694][ T8831] ? __pfx_sctp_inet_connect+0x10/0x10 [ 250.548712][ T8831] sctp_inet_connect+0x15f/0x200 [ 250.548732][ T8831] __sys_connect_file+0x141/0x1a0 [ 250.548754][ T8831] __sys_connect+0x13b/0x160 [ 250.548772][ T8831] ? __pfx___sys_connect+0x10/0x10 [ 250.548801][ T8831] ? xfd_validate_state+0x61/0x180 [ 250.548819][ T8831] ? __pfx_ksys_write+0x10/0x10 [ 250.548838][ T8831] __x64_sys_connect+0x72/0xb0 [ 250.548855][ T8831] ? lockdep_hardirqs_on+0x7c/0x110 [ 250.548880][ T8831] do_syscall_64+0xcd/0xfa0 [ 250.548898][ T8831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.548912][ T8831] RIP: 0033:0x7f002ad8f7c9 [ 250.548924][ T8831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.548936][ T8831] RSP: 002b:00007f002bc15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 250.548950][ T8831] RAX: ffffffffffffffda RBX: 00007f002afe5fa0 RCX: 00007f002ad8f7c9 [ 250.548959][ T8831] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 250.548968][ T8831] RBP: 00007f002ae13f91 R08: 0000000000000000 R09: 0000000000000000 [ 250.548976][ T8831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 250.548984][ T8831] R13: 00007f002afe6038 R14: 00007f002afe5fa0 R15: 00007fffa0cd6908 [ 250.549003][ T8831] [ 251.933897][ T8832] ttyS ttyS3: ldisc open failed (-12), clearing slot 3 [ 253.196828][ T8869] hub 3-0:1.0: USB hub found [ 253.242456][ T8869] hub 3-0:1.0: 1 port detected [ 253.362339][ T8869] usb usb3: authorized to connect [ 253.719773][ T8884] FAULT_INJECTION: forcing a failure. [ 253.719773][ T8884] name fail_futex, interval 1, probability 0, space 0, times 0 [ 253.920880][ T8884] CPU: 0 UID: 0 PID: 8884 Comm: syz.4.634 Not tainted syzkaller #0 PREEMPT(full) [ 253.920900][ T8884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 253.920907][ T8884] Call Trace: [ 253.920912][ T8884] [ 253.920917][ T8884] dump_stack_lvl+0x16c/0x1f0 [ 253.920939][ T8884] should_fail_ex+0x512/0x640 [ 253.920963][ T8884] get_futex_key+0x1d0/0x1560 [ 253.920983][ T8884] ? __pfx_get_futex_key+0x10/0x10 [ 253.921002][ T8884] ? __pick_eevdf+0x30a/0x670 [ 253.921021][ T8884] futex_wait_setup+0x9d/0x550 [ 253.921039][ T8884] __futex_wait+0x193/0x2f0 [ 253.921052][ T8884] ? __pfx___futex_wait+0x10/0x10 [ 253.921063][ T8884] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 253.921078][ T8884] ? lockdep_hardirqs_on+0x7c/0x110 [ 253.921096][ T8884] ? __pfx_futex_wake_mark+0x10/0x10 [ 253.921120][ T8884] ? find_held_lock+0x2b/0x80 [ 253.921136][ T8884] ? futex_private_hash_put+0xd5/0x190 [ 253.921155][ T8884] futex_wait+0xe8/0x380 [ 253.921167][ T8884] ? __pfx_futex_wait+0x10/0x10 [ 253.921183][ T8884] ? kmem_cache_free+0x2d4/0x6c0 [ 253.921197][ T8884] ? putname+0x154/0x1a0 [ 253.921218][ T8884] do_futex+0x229/0x350 [ 253.921236][ T8884] ? __pfx_do_futex+0x10/0x10 [ 253.921259][ T8884] __x64_sys_futex+0x1e0/0x4c0 [ 253.921279][ T8884] ? __x64_sys_openat+0x174/0x210 [ 253.921299][ T8884] ? __pfx___x64_sys_futex+0x10/0x10 [ 253.921324][ T8884] do_syscall_64+0xcd/0xfa0 [ 253.921341][ T8884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.921355][ T8884] RIP: 0033:0x7fb7e518f7c9 [ 253.921367][ T8884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.921380][ T8884] RSP: 002b:00007fb7e60640e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 253.921393][ T8884] RAX: ffffffffffffffda RBX: 00007fb7e53e5fa8 RCX: 00007fb7e518f7c9 [ 253.921402][ T8884] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb7e53e5fa8 [ 253.921410][ T8884] RBP: 00007fb7e53e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 253.921418][ T8884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 253.921426][ T8884] R13: 00007fb7e53e6038 R14: 00007ffd7a1b1870 R15: 00007ffd7a1b1958 [ 253.921444][ T8884] [ 255.639972][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.655813][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.293877][ T8916] zswap: compressor not available [ 262.906303][ T8991] FAULT_INJECTION: forcing a failure. [ 262.906303][ T8991] name fail_futex, interval 1, probability 0, space 0, times 0 [ 262.976715][ T8991] CPU: 0 UID: 0 PID: 8991 Comm: syz.0.669 Not tainted syzkaller #0 PREEMPT(full) [ 262.976735][ T8991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 262.976743][ T8991] Call Trace: [ 262.976747][ T8991] [ 262.976753][ T8991] dump_stack_lvl+0x16c/0x1f0 [ 262.976773][ T8991] should_fail_ex+0x512/0x640 [ 262.976797][ T8991] get_futex_key+0xff0/0x1560 [ 262.976817][ T8991] ? __pfx_get_futex_key+0x10/0x10 [ 262.976834][ T8991] ? __mutex_trylock_common+0xe9/0x250 [ 262.976859][ T8991] futex_wake+0xea/0x530 [ 262.976881][ T8991] ? __pfx_futex_wake+0x10/0x10 [ 262.976900][ T8991] ? __lock_acquire+0xb8a/0x1c90 [ 262.976925][ T8991] do_futex+0x1e3/0x350 [ 262.976944][ T8991] ? __pfx_do_futex+0x10/0x10 [ 262.976960][ T8991] ? __might_fault+0xe3/0x190 [ 262.976979][ T8991] mm_release+0x24e/0x300 [ 262.976995][ T8991] do_exit+0x68e/0x2bf0 [ 262.977017][ T8991] ? __pfx_do_exit+0x10/0x10 [ 262.977035][ T8991] ? do_raw_spin_lock+0x12c/0x2b0 [ 262.977054][ T8991] ? find_held_lock+0x2b/0x80 [ 262.977071][ T8991] do_group_exit+0xd3/0x2a0 [ 262.977091][ T8991] get_signal+0x2671/0x26d0 [ 262.977108][ T8991] ? vfs_write+0xa38/0x11d0 [ 262.977127][ T8991] ? __pfx_get_signal+0x10/0x10 [ 262.977142][ T8991] ? do_futex+0x122/0x350 [ 262.977160][ T8991] ? __pfx_do_futex+0x10/0x10 [ 262.977179][ T8991] arch_do_signal_or_restart+0x8f/0x790 [ 262.977198][ T8991] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 262.977219][ T8991] ? ksys_write+0x1ac/0x250 [ 262.977233][ T8991] ? __pfx_ksys_write+0x10/0x10 [ 262.977251][ T8991] exit_to_user_mode_loop+0x85/0x130 [ 262.977272][ T8991] do_syscall_64+0x426/0xfa0 [ 262.977291][ T8991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.977304][ T8991] RIP: 0033:0x7f96a918f7c9 [ 262.977315][ T8991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.977328][ T8991] RSP: 002b:00007f96aa09f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 262.977341][ T8991] RAX: fffffffffffffe00 RBX: 00007f96a93e5fa8 RCX: 00007f96a918f7c9 [ 262.977350][ T8991] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f96a93e5fa8 [ 262.977358][ T8991] RBP: 00007f96a93e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 262.977366][ T8991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.977373][ T8991] R13: 00007f96a93e6038 R14: 00007ffdefef75d0 R15: 00007ffdefef76b8 [ 262.977392][ T8991] [ 263.500515][ T9003] netlink: 342 bytes leftover after parsing attributes in process `syz.3.672'. [ 263.519668][ T9003] IPv6: NLM_F_CREATE should be specified when creating new route [ 263.553738][ T9003] IPv6: Can't replace route, no match found [ 263.592877][ T9006] netlink: 342 bytes leftover after parsing attributes in process `syz.3.672'. [ 263.621974][ T9006] IPv6: Can't replace route, no match found [ 266.142825][ T30] audit: type=1800 audit(1764556228.189:11): pid=9038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.680" name="lu_gp_id" dev="configfs" ino=27333 res=0 errno=0 [ 270.068676][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 275.615989][ T9115] netlink: 4 bytes leftover after parsing attributes in process `syz.1.698'. [ 275.804758][ T9117] FAULT_INJECTION: forcing a failure. [ 275.804758][ T9117] name failslab, interval 1, probability 0, space 0, times 0 [ 275.917604][ T9117] CPU: 0 UID: 0 PID: 9117 Comm: syz.0.699 Not tainted syzkaller #0 PREEMPT(full) [ 275.917626][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 275.917634][ T9117] Call Trace: [ 275.917639][ T9117] [ 275.917645][ T9117] dump_stack_lvl+0x16c/0x1f0 [ 275.917666][ T9117] should_fail_ex+0x512/0x640 [ 275.917687][ T9117] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 275.917703][ T9117] should_failslab+0xc2/0x120 [ 275.917722][ T9117] kmem_cache_alloc_noprof+0x75/0x6e0 [ 275.917736][ T9117] ? __proc_create+0x2ce/0x8e0 [ 275.917758][ T9117] ? __proc_create+0x2ce/0x8e0 [ 275.917775][ T9117] __proc_create+0x2ce/0x8e0 [ 275.917794][ T9117] ? __pfx___proc_create+0x10/0x10 [ 275.917815][ T9117] ? _raw_write_unlock+0x28/0x50 [ 275.917831][ T9117] ? proc_register+0x559/0x8b0 [ 275.917852][ T9117] proc_create_reg+0x7d/0x180 [ 275.917872][ T9117] ? __pfx_can_rcvlist_proc_show+0x10/0x10 [ 275.917889][ T9117] proc_create_net_single+0x86/0x180 [ 275.917909][ T9117] ? __pfx_proc_create_net_single+0x10/0x10 [ 275.917934][ T9117] can_init_proc+0x24a/0x4d0 [ 275.917950][ T9117] can_pernet_init+0x1e4/0x370 [ 275.917966][ T9117] ? __pfx_can_pernet_init+0x10/0x10 [ 275.917981][ T9117] ops_init+0x1e2/0x5f0 [ 275.917997][ T9117] setup_net+0x100/0x390 [ 275.918011][ T9117] ? __pfx_setup_net+0x10/0x10 [ 275.918026][ T9117] ? debug_mutex_init+0x37/0x70 [ 275.918042][ T9117] copy_net_ns+0x2f8/0x690 [ 275.918059][ T9117] create_new_namespaces+0x3ea/0xa90 [ 275.918080][ T9117] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 275.918097][ T9117] ksys_unshare+0x45b/0xa40 [ 275.918114][ T9117] ? __pfx_ksys_unshare+0x10/0x10 [ 275.918132][ T9117] ? xfd_validate_state+0x61/0x180 [ 275.918155][ T9117] __x64_sys_unshare+0x31/0x40 [ 275.918172][ T9117] do_syscall_64+0xcd/0xfa0 [ 275.918189][ T9117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.918203][ T9117] RIP: 0033:0x7f96a918f7c9 [ 275.918215][ T9117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.918227][ T9117] RSP: 002b:00007f96aa09f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 275.918241][ T9117] RAX: ffffffffffffffda RBX: 00007f96a93e5fa0 RCX: 00007f96a918f7c9 [ 275.918249][ T9117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 275.918257][ T9117] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 275.918265][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.918273][ T9117] R13: 00007f96a93e6038 R14: 00007f96a93e5fa0 R15: 00007ffdefef76b8 [ 275.918291][ T9117] [ 280.142169][ T9173] netlink: 4 bytes leftover after parsing attributes in process `syz.3.710'. [ 280.213410][ T9173] netlink: 25 bytes leftover after parsing attributes in process `syz.3.710'. [ 280.324585][ T9177] usb usb36: usbfs: process 9177 (syz.1.711) did not claim interface 0 before use [ 287.831651][ T9247] bridge0: port 3(hsr0) entered blocking state [ 287.877529][ T9247] bridge0: port 3(hsr0) entered disabled state [ 287.918859][ T9247] hsr0: entered allmulticast mode [ 287.923893][ T9247] hsr_slave_0: entered allmulticast mode [ 287.970120][ T9247] hsr_slave_1: entered allmulticast mode [ 288.008051][ T9247] hsr0: entered promiscuous mode [ 288.037055][ T9247] bridge0: port 3(hsr0) entered blocking state [ 288.043631][ T9247] bridge0: port 3(hsr0) entered forwarding state [ 290.673826][ T9290] netlink: 28 bytes leftover after parsing attributes in process `syz.0.739'. [ 290.959351][ T9290] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 291.067277][ T9290] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 291.175553][ T9290] bond0 (unregistering): Released all slaves [ 292.207015][ T9312] Debayer A: ================= START STATUS ================= [ 292.267753][ T9312] Debayer A: Debayer Mean Window Size: 3 [ 292.346240][ T9312] Debayer A: ================== END STATUS ================== [ 296.108392][ T9370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.754'. [ 296.162064][ T9370] netlink: 25 bytes leftover after parsing attributes in process `syz.0.754'. [ 296.533146][ T9372] FAULT_INJECTION: forcing a failure. [ 296.533146][ T9372] name failslab, interval 1, probability 0, space 0, times 0 [ 296.590751][ T9372] CPU: 0 UID: 0 PID: 9372 Comm: syz.4.755 Not tainted syzkaller #0 PREEMPT(full) [ 296.590772][ T9372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 296.590781][ T9372] Call Trace: [ 296.590786][ T9372] [ 296.590792][ T9372] dump_stack_lvl+0x16c/0x1f0 [ 296.590814][ T9372] should_fail_ex+0x512/0x640 [ 296.590834][ T9372] ? fs_reclaim_acquire+0xae/0x150 [ 296.590859][ T9372] should_failslab+0xc2/0x120 [ 296.590877][ T9372] kmem_cache_alloc_noprof+0x75/0x6e0 [ 296.590892][ T9372] ? __pfx_map_id_range_down+0x10/0x10 [ 296.590904][ T9372] ? security_inode_alloc+0x3b/0x2b0 [ 296.590927][ T9372] ? security_inode_alloc+0x3b/0x2b0 [ 296.590945][ T9372] security_inode_alloc+0x3b/0x2b0 [ 296.590965][ T9372] inode_init_always_gfp+0xce4/0x1030 [ 296.590983][ T9372] alloc_inode+0x86/0x240 [ 296.591000][ T9372] new_inode+0x22/0x1c0 [ 296.591016][ T9372] ? trace_cap_capable+0x18d/0x200 [ 296.591036][ T9372] shmem_get_inode+0x19a/0xfb0 [ 296.591056][ T9372] ? __vm_enough_memory+0x184/0x3f0 [ 296.591074][ T9372] __shmem_file_setup+0x279/0x330 [ 296.591096][ T9372] shmem_zero_setup+0x93/0x1a0 [ 296.591111][ T9372] __mmap_region+0x2076/0x27a0 [ 296.591127][ T9372] ? __pfx___mmap_region+0x10/0x10 [ 296.591140][ T9372] ? finish_task_switch.isra.0+0x21c/0xc10 [ 296.591155][ T9372] ? rcu_is_watching+0x12/0xc0 [ 296.591169][ T9372] ? finish_task_switch.isra.0+0x221/0xc10 [ 296.591182][ T9372] ? lockdep_hardirqs_on+0x7c/0x110 [ 296.591199][ T9372] ? finish_task_switch.isra.0+0x221/0xc10 [ 296.591228][ T9372] ? __pfx___schedule+0x10/0x10 [ 296.591270][ T9372] ? trace_cap_capable+0x18d/0x200 [ 296.591295][ T9372] mmap_region+0x1ab/0x3f0 [ 296.591309][ T9372] ? __get_unmapped_area+0x267/0x440 [ 296.591330][ T9372] do_mmap+0xa3e/0x1210 [ 296.591351][ T9372] ? __pfx_do_mmap+0x10/0x10 [ 296.591368][ T9372] ? __pfx_down_write_killable+0x10/0x10 [ 296.591389][ T9372] vm_mmap_pgoff+0x29e/0x470 [ 296.591410][ T9372] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 296.591430][ T9372] ? __x64_sys_futex+0x1e0/0x4c0 [ 296.591447][ T9372] ? __x64_sys_futex+0x1e9/0x4c0 [ 296.591466][ T9372] ksys_mmap_pgoff+0x7d/0x5c0 [ 296.591482][ T9372] ? xfd_validate_state+0x61/0x180 [ 296.591500][ T9372] ? __pfx_ksys_write+0x10/0x10 [ 296.591517][ T9372] __x64_sys_mmap+0x125/0x190 [ 296.591538][ T9372] do_syscall_64+0xcd/0xfa0 [ 296.591555][ T9372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.591569][ T9372] RIP: 0033:0x7fb7e518f7c9 [ 296.591581][ T9372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.591593][ T9372] RSP: 002b:00007fb7e6064038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 296.591606][ T9372] RAX: ffffffffffffffda RBX: 00007fb7e53e5fa0 RCX: 00007fb7e518f7c9 [ 296.591615][ T9372] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 296.591623][ T9372] RBP: 00007fb7e5213f91 R08: fffffffffffffffa R09: 0000080000008000 [ 296.591632][ T9372] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 296.591640][ T9372] R13: 00007fb7e53e6038 R14: 00007fb7e53e5fa0 R15: 00007ffd7a1b1958 [ 296.591659][ T9372] [ 297.855596][ T9386] FAULT_INJECTION: forcing a failure. [ 297.855596][ T9386] name fail_futex, interval 1, probability 0, space 0, times 0 [ 297.921873][ T9386] CPU: 0 UID: 0 PID: 9386 Comm: syz.0.758 Not tainted syzkaller #0 PREEMPT(full) [ 297.921892][ T9386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 297.921900][ T9386] Call Trace: [ 297.921905][ T9386] [ 297.921911][ T9386] dump_stack_lvl+0x16c/0x1f0 [ 297.921933][ T9386] should_fail_ex+0x512/0x640 [ 297.921957][ T9386] get_futex_key+0x1d0/0x1560 [ 297.921977][ T9386] ? __pfx_get_futex_key+0x10/0x10 [ 297.921994][ T9386] ? stack_trace_save+0x8e/0xc0 [ 297.922009][ T9386] ? __pfx_stack_trace_save+0x10/0x10 [ 297.922025][ T9386] ? stack_depot_save_flags+0x29/0x9c0 [ 297.922046][ T9386] futex_wait_setup+0x9d/0x550 [ 297.922064][ T9386] __futex_wait+0x193/0x2f0 [ 297.922077][ T9386] ? __pfx___futex_wait+0x10/0x10 [ 297.922092][ T9386] ? __pfx_futex_wake_mark+0x10/0x10 [ 297.922125][ T9386] ? futex_hash+0x2c5/0x380 [ 297.922144][ T9386] ? futex_private_hash_put+0xd5/0x190 [ 297.922162][ T9386] futex_wait+0xe8/0x380 [ 297.922175][ T9386] ? __pfx_futex_wait+0x10/0x10 [ 297.922191][ T9386] ? kmem_cache_free+0x2d4/0x6c0 [ 297.922206][ T9386] ? putname+0x154/0x1a0 [ 297.922227][ T9386] do_futex+0x229/0x350 [ 297.922245][ T9386] ? __pfx_do_futex+0x10/0x10 [ 297.922267][ T9386] __x64_sys_futex+0x1e0/0x4c0 [ 297.922287][ T9386] ? __x64_sys_openat+0x174/0x210 [ 297.922306][ T9386] ? __pfx___x64_sys_futex+0x10/0x10 [ 297.922323][ T9386] ? xfd_validate_state+0x61/0x180 [ 297.922348][ T9386] do_syscall_64+0xcd/0xfa0 [ 297.922365][ T9386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.922380][ T9386] RIP: 0033:0x7f96a918f7c9 [ 297.922391][ T9386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.922404][ T9386] RSP: 002b:00007f96aa09f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 297.922418][ T9386] RAX: ffffffffffffffda RBX: 00007f96a93e5fa8 RCX: 00007f96a918f7c9 [ 297.922427][ T9386] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f96a93e5fa8 [ 297.922435][ T9386] RBP: 00007f96a93e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 297.922443][ T9386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.922451][ T9386] R13: 00007f96a93e6038 R14: 00007ffdefef75d0 R15: 00007ffdefef76b8 [ 297.922469][ T9386] [ 300.580440][ T30] audit: type=1800 audit(1764557285.613:12): pid=9435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.768" name="lu_gp_id" dev="configfs" ino=30218 res=0 errno=0 [ 301.840749][ T9445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.772'. [ 301.885019][ T9445] netlink: 25 bytes leftover after parsing attributes in process `syz.3.772'. [ 303.453977][ T9448] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 304.112873][ T9455] FAULT_INJECTION: forcing a failure. [ 304.112873][ T9455] name failslab, interval 1, probability 0, space 0, times 0 [ 304.414554][ T9455] CPU: 0 UID: 0 PID: 9455 Comm: syz.4.776 Not tainted syzkaller #0 PREEMPT(full) [ 304.414580][ T9455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.414588][ T9455] Call Trace: [ 304.414593][ T9455] [ 304.414599][ T9455] dump_stack_lvl+0x16c/0x1f0 [ 304.414620][ T9455] should_fail_ex+0x512/0x640 [ 304.414641][ T9455] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 304.414657][ T9455] should_failslab+0xc2/0x120 [ 304.414676][ T9455] kmem_cache_alloc_noprof+0x75/0x6e0 [ 304.414690][ T9455] ? __kernfs_new_node+0xd2/0x8e0 [ 304.414712][ T9455] ? __kernfs_new_node+0xd2/0x8e0 [ 304.414727][ T9455] __kernfs_new_node+0xd2/0x8e0 [ 304.414747][ T9455] ? __pfx___kernfs_new_node+0x10/0x10 [ 304.414769][ T9455] ? find_held_lock+0x2b/0x80 [ 304.414785][ T9455] ? kernfs_root+0xee/0x2a0 [ 304.414805][ T9455] kernfs_new_node+0x13c/0x1e0 [ 304.414828][ T9455] __kernfs_create_file+0x53/0x350 [ 304.414845][ T9455] sysfs_add_file_mode_ns+0x207/0x3c0 [ 304.414866][ T9455] internal_create_group+0x578/0xf30 [ 304.414890][ T9455] ? __pfx_internal_create_group+0x10/0x10 [ 304.414907][ T9455] ? __x64_sys_unshare+0x31/0x40 [ 304.414924][ T9455] ? do_syscall_64+0xcd/0xfa0 [ 304.414939][ T9455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.414959][ T9455] netdev_queue_update_kobjects+0x17a/0x720 [ 304.414983][ T9455] netdev_register_kobject+0x2b3/0x3d0 [ 304.415002][ T9455] register_netdevice+0x13dc/0x2270 [ 304.415022][ T9455] ? __pfx_register_netdevice+0x10/0x10 [ 304.415043][ T9455] __ip_tunnel_create+0x540/0x6e0 [ 304.415062][ T9455] ? __pfx___ip_tunnel_create+0x10/0x10 [ 304.415084][ T9455] ip_tunnel_init_net+0x22f/0x7d0 [ 304.415107][ T9455] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 304.415129][ T9455] ? ops_init+0x77/0x5f0 [ 304.415145][ T9455] ? __pfx_erspan_init_net+0x10/0x10 [ 304.415160][ T9455] ops_init+0x1e2/0x5f0 [ 304.415175][ T9455] setup_net+0x100/0x390 [ 304.415190][ T9455] ? __pfx_setup_net+0x10/0x10 [ 304.415205][ T9455] ? debug_mutex_init+0x37/0x70 [ 304.415221][ T9455] copy_net_ns+0x2f8/0x690 [ 304.415239][ T9455] create_new_namespaces+0x3ea/0xa90 [ 304.415260][ T9455] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 304.415277][ T9455] ksys_unshare+0x45b/0xa40 [ 304.415295][ T9455] ? __pfx_ksys_unshare+0x10/0x10 [ 304.415313][ T9455] ? xfd_validate_state+0x61/0x180 [ 304.415338][ T9455] __x64_sys_unshare+0x31/0x40 [ 304.415355][ T9455] do_syscall_64+0xcd/0xfa0 [ 304.415373][ T9455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.415385][ T9455] RIP: 0033:0x7fb7e518f7c9 [ 304.415398][ T9455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.415411][ T9455] RSP: 002b:00007fb7e6064038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 304.415424][ T9455] RAX: ffffffffffffffda RBX: 00007fb7e53e5fa0 RCX: 00007fb7e518f7c9 [ 304.415433][ T9455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 304.415442][ T9455] RBP: 00007fb7e5213f91 R08: 0000000000000000 R09: 0000000000000000 [ 304.415450][ T9455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.415458][ T9455] R13: 00007fb7e53e6038 R14: 00007fb7e53e5fa0 R15: 00007ffd7a1b1958 [ 304.415482][ T9455] [ 304.726761][ C0] vkms_vblank_simulate: vblank timer overrun [ 308.937276][ T5149] Bluetooth: hci4: command 0x0406 tx timeout [ 309.544755][ T9571] [U] [ 309.547790][ T9571] [U] [ 309.550449][ T9571] [U] version: 111 [ 309.554150][ T9571] [U] flags: 0x75 [ 309.557758][ T9571] [U] hdr_len: 12912 [ 309.561628][ T9571] [U] type_off: 0 [ 309.565238][ T9571] [U] type_len: 0 [ 309.568932][ T9571] [U] str_off: 0 [ 309.572454][ T9571] [U] str_len: 0 [ 309.575982][ T9571] [U] btf_total_size: 16384 [ 309.580477][ T9571] [U] Invalid magic [ 309.584283][ T9571] [U] [ 309.586964][ T9571] [U] [ 309.641506][ T9587] random: crng reseeded on system resumption [ 310.209695][ T9571] [U] [ 310.212417][ T9571] [U] [ 310.215095][ T9571] [U] [ 310.217770][ T9571] [U] [ 310.388058][ T9571] [U] [ 310.390772][ T9571] [U] [ 310.393455][ T9571] [U] [ 310.396126][ T9571] [U] [ 310.539684][ T9571] [U] [ 310.542394][ T9571] [U] [ 310.545066][ T9571] [U] [ 310.547738][ T9571] [U] [ 311.159347][ T9571] [U] [ 311.162064][ T9571] [U] [ 311.164744][ T9571] [U] [ 311.167418][ T9571] [U] [ 311.368220][ T9571] [U] [ 311.370932][ T9571] [U] [ 311.373609][ T9571] [U] [ 311.376280][ T9571] [U] [ 311.653000][ T9571] [U] [ 311.655707][ T9571] [U] [ 311.658379][ T9571] [U] [ 311.661053][ T9571] [U] [ 311.814182][ T9571] [U] [ 313.850324][ T9648] netlink: 4 bytes leftover after parsing attributes in process `syz.4.812'. [ 313.886776][ T9650] netlink: 28 bytes leftover after parsing attributes in process `syz.3.811'. [ 313.929213][ T9648] netlink: 25 bytes leftover after parsing attributes in process `syz.4.812'. [ 314.450167][ T9658] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.814'. [ 315.850275][ T9682] random: crng reseeded on system resumption [ 317.108127][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.121199][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.427325][ T9677] FAULT_INJECTION: forcing a failure. [ 317.427325][ T9677] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 317.594982][ T9677] CPU: 0 UID: 0 PID: 9677 Comm: syz.3.819 Not tainted syzkaller #0 PREEMPT(full) [ 317.595003][ T9677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 317.595012][ T9677] Call Trace: [ 317.595017][ T9677] [ 317.595023][ T9677] dump_stack_lvl+0x16c/0x1f0 [ 317.595045][ T9677] should_fail_ex+0x512/0x640 [ 317.595069][ T9677] should_fail_alloc_page+0xe7/0x130 [ 317.595090][ T9677] prepare_alloc_pages+0x3c2/0x610 [ 317.595109][ T9677] ? rcu_is_watching+0x12/0xc0 [ 317.595127][ T9677] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 317.595156][ T9677] ? __lock_acquire+0xb8a/0x1c90 [ 317.595178][ T9677] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 317.595205][ T9677] ? __lock_acquire+0x622/0x1c90 [ 317.595226][ T9677] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 317.595250][ T9677] ? policy_nodemask+0xea/0x4e0 [ 317.595270][ T9677] alloc_pages_mpol+0x1fb/0x550 [ 317.595289][ T9677] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 317.595313][ T9677] folio_alloc_mpol_noprof+0x36/0x2f0 [ 317.595335][ T9677] vma_alloc_folio_noprof+0xed/0x1e0 [ 317.595356][ T9677] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 317.595382][ T9677] do_pte_missing+0x2202/0x3ba0 [ 317.595404][ T9677] ? find_held_lock+0x2b/0x80 [ 317.595423][ T9677] __handle_mm_fault+0x1556/0x2aa0 [ 317.595449][ T9677] ? __pfx___handle_mm_fault+0x10/0x10 [ 317.595471][ T9677] ? __pte_offset_map_lock+0x174/0x310 [ 317.595489][ T9677] ? find_held_lock+0x2b/0x80 [ 317.595508][ T9677] ? follow_page_pte+0x5cf/0x1390 [ 317.595530][ T9677] handle_mm_fault+0x589/0xd10 [ 317.595554][ T9677] __get_user_pages+0x54e/0x3530 [ 317.595580][ T9677] ? __pfx___get_user_pages+0x10/0x10 [ 317.595604][ T9677] populate_vma_page_range+0x267/0x3f0 [ 317.595625][ T9677] ? __pfx_populate_vma_page_range+0x10/0x10 [ 317.595643][ T9677] ? __pfx_find_vma_intersection+0x10/0x10 [ 317.595662][ T9677] ? do_mmap+0x69c/0x1210 [ 317.595681][ T9677] __mm_populate+0x1d8/0x380 [ 317.595701][ T9677] ? __pfx___mm_populate+0x10/0x10 [ 317.595722][ T9677] ? up_write+0x1b2/0x520 [ 317.595744][ T9677] vm_mmap_pgoff+0x37f/0x470 [ 317.595764][ T9677] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 317.595785][ T9677] ? __x64_sys_futex+0x1e0/0x4c0 [ 317.595803][ T9677] ? __x64_sys_futex+0x1e9/0x4c0 [ 317.595823][ T9677] ksys_mmap_pgoff+0x7d/0x5c0 [ 317.595841][ T9677] ? syscall_user_dispatch+0x78/0x140 [ 317.595856][ T9677] __x64_sys_mmap+0x125/0x190 [ 317.595878][ T9677] do_syscall_64+0xcd/0xfa0 [ 317.595897][ T9677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.595911][ T9677] RIP: 0033:0x7f090f18f7c9 [ 317.595923][ T9677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.595937][ T9677] RSP: 002b:00007f0910070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 317.595951][ T9677] RAX: ffffffffffffffda RBX: 00007f090f3e5fa0 RCX: 00007f090f18f7c9 [ 317.595960][ T9677] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 317.595969][ T9677] RBP: 00007f090f213f91 R08: 0000000000000002 R09: 0000000000008000 [ 317.595977][ T9677] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 317.595986][ T9677] R13: 00007f090f3e6038 R14: 00007f090f3e5fa0 R15: 00007ffc14efee88 [ 317.596005][ T9677] [ 322.427243][ T9748] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3930829162 (15723316648 ns) > initial count (10539976056 ns). Using initial count to start timer. [ 324.988308][ T9757] syz.3.840 invoked oom-killer: gfp_mask=0x402cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 325.146638][ T9757] CPU: 0 UID: 0 PID: 9757 Comm: syz.3.840 Not tainted syzkaller #0 PREEMPT(full) [ 325.146660][ T9757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 325.146669][ T9757] Call Trace: [ 325.146674][ T9757] [ 325.146679][ T9757] dump_stack_lvl+0x16c/0x1f0 [ 325.146702][ T9757] dump_header+0x101/0x930 [ 325.146719][ T9757] oom_kill_process+0x272/0xa40 [ 325.146735][ T9757] out_of_memory+0x350/0x1700 [ 325.146754][ T9757] ? __pfx_out_of_memory+0x10/0x10 [ 325.146773][ T9757] mem_cgroup_out_of_memory+0x118/0x130 [ 325.146796][ T9757] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 325.146821][ T9757] ? do_raw_spin_unlock+0x172/0x230 [ 325.146838][ T9757] try_charge_memcg+0x695/0xd30 [ 325.146859][ T9757] ? __pfx_try_charge_memcg+0x10/0x10 [ 325.146876][ T9757] ? find_held_lock+0x2b/0x80 [ 325.146891][ T9757] ? rcu_read_unlock+0x17/0x60 [ 325.146914][ T9757] __memcg_kmem_charge_page+0xda/0x420 [ 325.146935][ T9757] __alloc_frozen_pages_noprof+0x323/0x2470 [ 325.146952][ T9757] ? __pfx_vmap_small_pages_range_noflush+0x10/0x10 [ 325.146974][ T9757] ? alloc_pages_bulk_noprof+0xac5/0x1410 [ 325.146990][ T9757] ? __vmap_pages_range_noflush+0x1d0/0x230 [ 325.147008][ T9757] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 325.147025][ T9757] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 325.147040][ T9757] ? __vmalloc_node_range_noprof+0xf53/0x1480 [ 325.147064][ T9757] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 325.147088][ T9757] ? policy_nodemask+0xea/0x4e0 [ 325.147106][ T9757] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 325.147129][ T9757] ? policy_nodemask+0xea/0x4e0 [ 325.147148][ T9757] alloc_pages_mpol+0x1fb/0x550 [ 325.147168][ T9757] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 325.147184][ T9757] ? __pfx_alloc_pages_bulk_mempolicy_noprof+0x10/0x10 [ 325.147208][ T9757] ? __do_sys_listmount+0x27f/0xf00 [ 325.147232][ T9757] alloc_pages_noprof+0x131/0x390 [ 325.147251][ T9757] __vmalloc_node_range_noprof+0x6f8/0x1480 [ 325.147277][ T9757] ? __do_sys_listmount+0x27f/0xf00 [ 325.147302][ T9757] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 325.147325][ T9757] ? ___kmalloc_large_node+0xed/0x160 [ 325.147348][ T9757] __kvmalloc_node_noprof+0x431/0x9c0 [ 325.147365][ T9757] ? __do_sys_listmount+0x27f/0xf00 [ 325.147394][ T9757] ? __do_sys_listmount+0x27f/0xf00 [ 325.147414][ T9757] ? _copy_from_user+0x59/0xd0 [ 325.147439][ T9757] ? __do_sys_listmount+0x27f/0xf00 [ 325.147459][ T9757] __do_sys_listmount+0x27f/0xf00 [ 325.147485][ T9757] ? __pfx___do_sys_listmount+0x10/0x10 [ 325.147519][ T9757] do_syscall_64+0xcd/0xfa0 [ 325.147538][ T9757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.147552][ T9757] RIP: 0033:0x7f090f18f7c9 [ 325.147563][ T9757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.147577][ T9757] RSP: 002b:00007f0910070038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 325.147591][ T9757] RAX: ffffffffffffffda RBX: 00007f090f3e5fa0 RCX: 00007f090f18f7c9 [ 325.147600][ T9757] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 325.147609][ T9757] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 325.147617][ T9757] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 325.147626][ T9757] R13: 00007f090f3e6038 R14: 00007f090f3e5fa0 R15: 00007ffc14efee88 [ 325.147645][ T9757] [ 325.147650][ T9757] memory: usage 3072kB, limit 3072kB, failcnt 34113 [ 326.167448][ T9757] memory+swap: usage 3128kB, limit 9007199254740988kB, failcnt 0 [ 326.306587][ T9757] kmem: usage 2256kB, limit 9007199254740988kB, failcnt 0 [ 326.347784][ T9757] Memory cgroup stats for /syz3: [ 326.348096][ T9757] cache 528384 [ 326.385645][ T9757] rss 167936 [ 326.407803][ T9757] rss_huge 0 [ 326.417953][ T9757] shmem 528384 [ 326.425481][ T9757] mapped_file 528384 [ 326.445774][ T9757] dirty 0 [ 326.453311][ T9757] writeback 0 [ 326.490643][ T9757] workingset_refault_anon 5589 [ 326.541183][ T9757] workingset_refault_file 6840 [ 326.575907][ T9757] swap 49152 [ 326.579347][ T9757] swapcached 86016 [ 326.607518][ T9757] pgpgin 205655 [ 326.625589][ T9757] pgpgout 215701 [ 326.644435][ T9757] pgfault 230144 [ 326.678223][ T9757] pgmajfault 2112 [ 326.685977][ T9757] inactive_anon 0 [ 326.714756][ T9757] active_anon 28672 [ 326.731704][ T9757] inactive_file 0 [ 326.765831][ T9757] active_file 0 [ 326.779443][ T9757] unevictable 684032 [ 326.794801][ T9757] hierarchical_memory_limit 3145728 [ 326.823893][ T9757] hierarchical_memsw_limit 9223372036854771712 [ 326.851454][ T9757] total_cache 528384 [ 326.879011][ T9757] total_rss 167936 [ 326.897009][ T9757] total_rss_huge 0 [ 326.931764][ T9757] total_shmem 528384 [ 326.955958][ T9757] total_mapped_file 528384 [ 326.982373][ T9757] total_dirty 0 [ 327.011822][ T9757] total_writeback 0 [ 327.025790][ T9757] total_workingset_refault_anon 5589 [ 327.048975][ T9757] total_workingset_refault_file 6840 [ 327.086108][ T9757] total_swap 49152 [ 327.094709][ T9757] total_swapcached 86016 [ 327.118880][ T9757] total_pgpgin 205655 [ 327.158779][ T9757] total_pgpgout 215701 [ 327.168604][ T9757] total_pgfault 230144 [ 327.194794][ T9757] total_pgmajfault 2112 [ 327.216187][ T9757] total_inactive_anon 0 [ 327.232811][ T9757] total_active_anon 28672 [ 327.258488][ T9757] total_inactive_file 0 [ 327.286068][ T9757] total_active_file 0 [ 327.302419][ T9757] total_unevictable 684032 [ 327.316963][ T9757] anon_cost 0 [ 327.339086][ T9757] file_cost 0 [ 327.378930][ T9757] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.840,pid=9756,uid=0 [ 327.453337][ T9757] Memory cgroup out of memory: Killed process 9757 (syz.3.840) total-vm:172200kB, anon-rss:1300kB, file-rss:26680kB, shmem-rss:512kB, UID:0 pgtables:184kB oom_score_adj:1000 [ 328.333248][ T9816] netlink: 28 bytes leftover after parsing attributes in process `syz.0.850'. [ 329.125445][ T9804] syz.3.849 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 329.293997][ T9827] netlink: 'syz.0.853': attribute type 22 has an invalid length. [ 329.327100][ T9804] CPU: 0 UID: 0 PID: 9804 Comm: syz.3.849 Not tainted syzkaller #0 PREEMPT(full) [ 329.327121][ T9804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 329.327129][ T9804] Call Trace: [ 329.327135][ T9804] [ 329.327141][ T9804] dump_stack_lvl+0x16c/0x1f0 [ 329.327163][ T9804] dump_header+0x101/0x930 [ 329.327179][ T9804] oom_kill_process+0x272/0xa40 [ 329.327196][ T9804] out_of_memory+0x350/0x1700 [ 329.327214][ T9804] ? __pfx_out_of_memory+0x10/0x10 [ 329.327233][ T9804] mem_cgroup_out_of_memory+0x118/0x130 [ 329.327256][ T9804] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 329.327281][ T9804] ? do_raw_spin_unlock+0x172/0x230 [ 329.327298][ T9804] try_charge_memcg+0x695/0xd30 [ 329.327319][ T9804] ? __pfx_try_charge_memcg+0x10/0x10 [ 329.327345][ T9804] ? find_held_lock+0x2b/0x80 [ 329.327362][ T9804] charge_memcg+0x8a/0x230 [ 329.327380][ T9804] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 329.327402][ T9804] __read_swap_cache_async+0x397/0x500 [ 329.327420][ T9804] ? __pfx___read_swap_cache_async+0x10/0x10 [ 329.327435][ T9804] ? __lock_acquire+0x570/0x1c90 [ 329.327458][ T9804] swap_cluster_readahead+0x432/0x770 [ 329.327478][ T9804] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 329.327492][ T9804] ? __lock_acquire+0x570/0x1c90 [ 329.327520][ T9804] ? get_vma_policy+0x242/0x3c0 [ 329.327541][ T9804] swapin_readahead+0x160/0x1180 [ 329.327556][ T9804] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 329.327578][ T9804] ? __pfx_swapin_readahead+0x10/0x10 [ 329.327592][ T9804] ? find_held_lock+0x2b/0x80 [ 329.327605][ T9804] ? swap_cache_get_folio+0x267/0x8e0 [ 329.327618][ T9804] ? swap_cache_get_folio+0x267/0x8e0 [ 329.327630][ T9804] ? swap_cache_get_folio+0x267/0x8e0 [ 329.327644][ T9804] ? swap_cache_get_folio+0x267/0x8e0 [ 329.327657][ T9804] ? swap_cache_get_folio+0x1f/0x8e0 [ 329.327669][ T9804] ? swap_cache_get_folio+0x293/0x8e0 [ 329.327683][ T9804] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 329.327696][ T9804] ? __pfx_get_swap_device+0x10/0x10 [ 329.327713][ T9804] ? do_swap_page+0x125/0x6340 [ 329.327734][ T9804] ? do_swap_page+0x86c/0x6340 [ 329.327750][ T9804] do_swap_page+0x86c/0x6340 [ 329.327777][ T9804] ? __pfx_do_swap_page+0x10/0x10 [ 329.327796][ T9804] ? __pfx_default_wake_function+0x10/0x10 [ 329.327812][ T9804] ? __lock_acquire+0x622/0x1c90 [ 329.327831][ T9804] ? rcu_is_watching+0x12/0xc0 [ 329.327846][ T9804] ? ___pte_offset_map+0x2ad/0x4f0 [ 329.327866][ T9804] __handle_mm_fault+0x17d1/0x2aa0 [ 329.327893][ T9804] ? __pfx___handle_mm_fault+0x10/0x10 [ 329.327916][ T9804] ? lock_vma_under_rcu+0x176/0x580 [ 329.327943][ T9804] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 329.327969][ T9804] handle_mm_fault+0x589/0xd10 [ 329.327990][ T9804] ? __pkru_allows_pkey+0x21/0xb0 [ 329.328013][ T9804] do_user_addr_fault+0x60c/0x1370 [ 329.328028][ T9804] ? rcu_is_watching+0x12/0xc0 [ 329.328044][ T9804] exc_page_fault+0x64/0xc0 [ 329.328062][ T9804] asm_exc_page_fault+0x26/0x30 [ 329.328075][ T9804] RIP: 0033:0x7f090f18f7d1 [ 329.328088][ T9804] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 329.328101][ T9804] RSP: 002b:00007f091002e038 EFLAGS: 00010203 [ 329.328113][ T9804] RAX: 0000000000000033 RBX: 00007f090f3e6180 RCX: 00007f090f18f7c9 [ 329.328121][ T9804] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000022 [ 329.328142][ T9804] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 329.328150][ T9804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.328158][ T9804] R13: 00007f090f3e6218 R14: 00007f090f3e6180 R15: 00007ffc14efee88 [ 329.328177][ T9804] [ 329.328183][ T9804] memory: usage 3072kB, limit 3072kB, failcnt 34329 [ 330.891614][ T9804] memory+swap: usage 3240kB, limit 9007199254740988kB, failcnt 0 [ 330.956550][ T9804] kmem: usage 3044kB, limit 9007199254740988kB, failcnt 0 [ 331.008364][ T9804] Memory cgroup stats for /syz3: [ 331.008533][ T9804] cache 0 [ 331.016389][ T9804] rss 0 [ 331.061245][ T9804] rss_huge 0 [ 331.078969][ T9804] shmem 0 [ 331.097158][ T9804] mapped_file 0 [ 331.118539][ T9804] dirty 0 [ 331.121470][ T9804] writeback 0 [ 331.124731][ T9804] workingset_refault_anon 5618 [ 331.199187][ T9804] workingset_refault_file 6840 [ 331.203958][ T9804] swap 192512 [ 331.252064][ T9804] swapcached 8192 [ 331.276199][ T9804] pgpgin 205735 [ 331.290195][ T9804] pgpgout 215953 [ 331.310526][ T9804] pgfault 230299 [ 331.335743][ T9804] pgmajfault 2132 [ 331.355479][ T9804] inactive_anon 0 [ 331.383603][ T9804] active_anon 8192 [ 331.404598][ T9804] inactive_file 0 [ 331.421530][ T9804] active_file 0 [ 331.444892][ T9804] unevictable 0 [ 331.471634][ T9804] hierarchical_memory_limit 3145728 [ 331.496597][ T9804] hierarchical_memsw_limit 9223372036854771712 [ 331.537031][ T9804] total_cache 0 [ 331.558395][ T9804] total_rss 0 [ 331.573159][ T9804] total_rss_huge 0 [ 331.595550][ T9804] total_shmem 0 [ 331.619779][ T9804] total_mapped_file 0 [ 331.640354][ T9804] total_dirty 0 [ 331.661780][ T9804] total_writeback 0 [ 331.690143][ T9804] total_workingset_refault_anon 5618 [ 331.715650][ T9804] total_workingset_refault_file 6840 [ 331.741813][ T9804] total_swap 192512 [ 331.751910][ T9804] total_swapcached 8192 [ 331.769051][ T9804] total_pgpgin 205735 [ 331.800661][ T9804] total_pgpgout 215953 [ 331.825697][ T9804] total_pgfault 230299 [ 331.844844][ T9804] total_pgmajfault 2132 [ 331.863559][ T9804] total_inactive_anon 0 [ 331.888401][ T9804] total_active_anon 8192 [ 331.911326][ T9804] total_inactive_file 0 [ 331.921301][ T9860] input: f as /devices/virtual/input/input12 [ 331.958729][ T9804] total_active_file 0 [ 331.978191][ T9804] total_unevictable 0 [ 332.011054][ T9804] anon_cost 0 [ 332.046159][ T9804] file_cost 0 [ 332.066260][ T9804] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.849,pid=9801,uid=0 [ 332.167980][ T9804] Memory cgroup out of memory: Killed process 9801 (syz.3.849) total-vm:131884kB, anon-rss:1140kB, file-rss:21648kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 333.260619][ T9864] netlink: 5976 bytes leftover after parsing attributes in process `syz.1.862'. [ 335.942179][ T9896] netlink: 'syz.1.867': attribute type 22 has an invalid length. [ 337.784014][ T9914] FAULT_INJECTION: forcing a failure. [ 337.784014][ T9914] name failslab, interval 1, probability 0, space 0, times 0 [ 337.827198][ T9914] CPU: 0 UID: 0 PID: 9914 Comm: syz.0.872 Not tainted syzkaller #0 PREEMPT(full) [ 337.827220][ T9914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 337.827229][ T9914] Call Trace: [ 337.827234][ T9914] [ 337.827240][ T9914] dump_stack_lvl+0x16c/0x1f0 [ 337.827262][ T9914] should_fail_ex+0x512/0x640 [ 337.827282][ T9914] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 337.827300][ T9914] should_failslab+0xc2/0x120 [ 337.827319][ T9914] kmem_cache_alloc_noprof+0x75/0x6e0 [ 337.827333][ T9914] ? security_file_alloc+0x34/0x2b0 [ 337.827351][ T9914] ? security_file_alloc+0x34/0x2b0 [ 337.827365][ T9914] security_file_alloc+0x34/0x2b0 [ 337.827379][ T9914] init_file+0x93/0x4c0 [ 337.827397][ T9914] alloc_empty_file+0x73/0x1e0 [ 337.827416][ T9914] path_openat+0xda/0x2cb0 [ 337.827436][ T9914] ? __pfx_path_openat+0x10/0x10 [ 337.827456][ T9914] do_filp_open+0x20b/0x470 [ 337.827471][ T9914] ? __pfx_do_filp_open+0x10/0x10 [ 337.827498][ T9914] ? _raw_spin_unlock+0x28/0x50 [ 337.827511][ T9914] ? alloc_fd+0x471/0x7d0 [ 337.827530][ T9914] do_sys_openat2+0x11b/0x1d0 [ 337.827549][ T9914] ? __pfx_do_sys_openat2+0x10/0x10 [ 337.827574][ T9914] __x64_sys_open+0x153/0x1e0 [ 337.827594][ T9914] ? __pfx___x64_sys_open+0x10/0x10 [ 337.827616][ T9914] ? rcu_is_watching+0x12/0xc0 [ 337.827632][ T9914] do_syscall_64+0xcd/0xfa0 [ 337.827649][ T9914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.827664][ T9914] RIP: 0033:0x7f96a918f7c9 [ 337.827675][ T9914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.827688][ T9914] RSP: 002b:00007f96aa09f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 337.827702][ T9914] RAX: ffffffffffffffda RBX: 00007f96a93e5fa0 RCX: 00007f96a918f7c9 [ 337.827711][ T9914] RDX: 00000000000001f5 RSI: 0000000000026a40 RDI: 0000200000000800 [ 337.827719][ T9914] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 337.827727][ T9914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.827735][ T9914] R13: 00007f96a93e6038 R14: 00007f96a93e5fa0 R15: 00007ffdefef76b8 [ 337.827754][ T9914] [ 340.495269][ T9965] input: f as /devices/virtual/input/input13 [ 342.242601][ T9997] random: crng reseeded on system resumption [ 343.079476][ T9999] [U] 0="/ [ 343.107016][ T9999] [U] [ 343.109790][ T9999] [U] EeQ@ [ 343.144328][T10002] random: crng reseeded on system resumption [ 343.394002][ T9999] netlink: 8 bytes leftover after parsing attributes in process `syz.0.890'. [ 344.161104][ T9998] [U]  [ 344.589365][T10015] netlink: 16 bytes leftover after parsing attributes in process `syz.0.903'. [ 345.730419][T10028] FAULT_INJECTION: forcing a failure. [ 345.730419][T10028] name failslab, interval 1, probability 0, space 0, times 0 [ 345.835478][T10028] CPU: 0 UID: 0 PID: 10028 Comm: syz.3.897 Not tainted syzkaller #0 PREEMPT(full) [ 345.835499][T10028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 345.835508][T10028] Call Trace: [ 345.835513][T10028] [ 345.835519][T10028] dump_stack_lvl+0x16c/0x1f0 [ 345.835541][T10028] should_fail_ex+0x512/0x640 [ 345.835562][T10028] ? __kmalloc_cache_noprof+0x5f/0x780 [ 345.835578][T10028] should_failslab+0xc2/0x120 [ 345.835597][T10028] __kmalloc_cache_noprof+0x72/0x780 [ 345.835610][T10028] ? io_uring_setup+0x278/0x20e0 [ 345.835629][T10028] ? io_uring_setup+0x278/0x20e0 [ 345.835645][T10028] io_uring_setup+0x278/0x20e0 [ 345.835663][T10028] ? __pfx_io_uring_setup+0x10/0x10 [ 345.835678][T10028] ? do_futex+0x122/0x350 [ 345.835696][T10028] ? __pfx_do_futex+0x10/0x10 [ 345.835714][T10028] ? fd_install+0x225/0x750 [ 345.835736][T10028] ? xfd_validate_state+0x61/0x180 [ 345.835754][T10028] ? __pfx_do_writev+0x10/0x10 [ 345.835771][T10028] __x64_sys_io_uring_setup+0xc2/0x170 [ 345.835792][T10028] do_syscall_64+0xcd/0xfa0 [ 345.835809][T10028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.835823][T10028] RIP: 0033:0x7f090f18f7c9 [ 345.835834][T10028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.835847][T10028] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 345.835860][T10028] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 345.835870][T10028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 345.835877][T10028] RBP: 00007f090f213f91 R08: 0000000000000000 R09: 0000000000000000 [ 345.835886][T10028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 345.835893][T10028] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 345.835912][T10028] [ 347.735333][T10050] netlink: 28 bytes leftover after parsing attributes in process `syz.0.905'. [ 349.782269][T10087] sock: sock_set_timeout: `syz.0.913' (pid 10087) tries to set negative timeout [ 349.964388][ T30] audit: type=1800 audit(1764557334.968:13): pid=10091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.914" name="dbroot" dev="configfs" ino=35564 res=0 errno=0 [ 351.152141][T10094] netlink: 28 bytes leftover after parsing attributes in process `syz.3.915'. [ 351.171255][T10100] random: crng reseeded on system resumption [ 354.727399][T10126] syz.3.924 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 354.827026][T10126] CPU: 0 UID: 0 PID: 10126 Comm: syz.3.924 Not tainted syzkaller #0 PREEMPT(full) [ 354.827047][T10126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 354.827056][T10126] Call Trace: [ 354.827061][T10126] [ 354.827067][T10126] dump_stack_lvl+0x16c/0x1f0 [ 354.827090][T10126] dump_header+0x101/0x930 [ 354.827108][T10126] oom_kill_process+0x272/0xa40 [ 354.827124][T10126] out_of_memory+0x350/0x1700 [ 354.827143][T10126] ? __pfx_out_of_memory+0x10/0x10 [ 354.827163][T10126] mem_cgroup_out_of_memory+0x118/0x130 [ 354.827185][T10126] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 354.827210][T10126] ? do_raw_spin_unlock+0x172/0x230 [ 354.827228][T10126] try_charge_memcg+0x695/0xd30 [ 354.827249][T10126] ? __pfx_try_charge_memcg+0x10/0x10 [ 354.827270][T10126] ? find_held_lock+0x2b/0x80 [ 354.827288][T10126] charge_memcg+0x8a/0x230 [ 354.827306][T10126] mem_cgroup_swapin_charge_folio+0xbb/0x440 [ 354.827328][T10126] __read_swap_cache_async+0x397/0x500 [ 354.827348][T10126] ? __pfx___read_swap_cache_async+0x10/0x10 [ 354.827368][T10126] ? post_alloc_hook+0x19e/0x220 [ 354.827391][T10126] swap_cluster_readahead+0x432/0x770 [ 354.827413][T10126] ? get_page_from_freelist+0x10a3/0x3a30 [ 354.827431][T10126] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 354.827451][T10126] ? rcu_is_watching+0x12/0xc0 [ 354.827469][T10126] ? css_rstat_updated+0x1c2/0x510 [ 354.827487][T10126] ? get_vma_policy+0x242/0x3c0 [ 354.827509][T10126] swapin_readahead+0x160/0x1180 [ 354.827529][T10126] ? __pfx_swapin_readahead+0x10/0x10 [ 354.827546][T10126] ? swap_cache_get_folio+0x267/0x8e0 [ 354.827559][T10126] ? swap_cache_get_folio+0x267/0x8e0 [ 354.827571][T10126] ? swap_cache_get_folio+0x267/0x8e0 [ 354.827586][T10126] ? swap_cache_get_folio+0x267/0x8e0 [ 354.827599][T10126] ? swap_cache_get_folio+0x1f/0x8e0 [ 354.827612][T10126] ? swap_cache_get_folio+0x293/0x8e0 [ 354.827626][T10126] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 354.827639][T10126] ? __pfx_get_swap_device+0x10/0x10 [ 354.827661][T10126] ? do_swap_page+0x86c/0x6340 [ 354.827679][T10126] do_swap_page+0x86c/0x6340 [ 354.827703][T10126] ? __page_table_check_ptes_set+0x1ae/0x420 [ 354.827721][T10126] ? __pfx_do_swap_page+0x10/0x10 [ 354.827741][T10126] ? __pfx_default_wake_function+0x10/0x10 [ 354.827761][T10126] ? rcu_is_watching+0x12/0xc0 [ 354.827775][T10126] ? ___pte_offset_map+0x2ad/0x4f0 [ 354.827796][T10126] __handle_mm_fault+0x17d1/0x2aa0 [ 354.827823][T10126] ? __pfx___handle_mm_fault+0x10/0x10 [ 354.827845][T10126] ? __pte_offset_map_lock+0x174/0x310 [ 354.827863][T10126] ? find_held_lock+0x2b/0x80 [ 354.827883][T10126] ? follow_page_pte+0x5cf/0x1390 [ 354.827905][T10126] handle_mm_fault+0x589/0xd10 [ 354.827930][T10126] __get_user_pages+0x54e/0x3530 [ 354.827957][T10126] ? __pfx___get_user_pages+0x10/0x10 [ 354.827981][T10126] populate_vma_page_range+0x267/0x3f0 [ 354.828002][T10126] ? __pfx_populate_vma_page_range+0x10/0x10 [ 354.828021][T10126] ? __pfx_find_vma_intersection+0x10/0x10 [ 354.828040][T10126] ? do_mmap+0x69c/0x1210 [ 354.828059][T10126] __mm_populate+0x1d8/0x380 [ 354.828080][T10126] ? __pfx___mm_populate+0x10/0x10 [ 354.828106][T10126] ? up_write+0x1b2/0x520 [ 354.828128][T10126] vm_mmap_pgoff+0x37f/0x470 [ 354.828149][T10126] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 354.828171][T10126] ? __x64_sys_futex+0x1e0/0x4c0 [ 354.828189][T10126] ? __x64_sys_futex+0x1e9/0x4c0 [ 354.828210][T10126] ksys_mmap_pgoff+0x7d/0x5c0 [ 354.828227][T10126] ? xfd_validate_state+0x61/0x180 [ 354.828250][T10126] __x64_sys_mmap+0x125/0x190 [ 354.828274][T10126] do_syscall_64+0xcd/0xfa0 [ 354.828292][T10126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.828307][T10126] RIP: 0033:0x7f090f18f7c9 [ 354.828319][T10126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.828333][T10126] RSP: 002b:00007f091004f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 354.828347][T10126] RAX: ffffffffffffffda RBX: 00007f090f3e6090 RCX: 00007f090f18f7c9 [ 354.828357][T10126] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 354.828365][T10126] RBP: 00007f090f213f91 R08: 0000000000000002 R09: 0000000000408000 [ 354.828374][T10126] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 354.828383][T10126] R13: 00007f090f3e6128 R14: 00007f090f3e6090 R15: 00007ffc14efee88 [ 354.828402][T10126] [ 354.828412][T10126] memory: usage 3072kB, limit 3072kB, failcnt 60599 [ 355.644910][ T30] audit: type=1800 audit(4294967304.227:14): pid=10133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.926" name="dbroot" dev="configfs" ino=35810 res=0 errno=0 [ 356.611392][T10126] memory+swap: usage 68836kB, limit 9007199254740988kB, failcnt 0 [ 356.649633][T10126] kmem: usage 1392kB, limit 9007199254740988kB, failcnt 0 [ 356.680904][T10126] Memory cgroup stats for /syz4: [ 356.681082][T10126] cache 0 [ 356.699073][T10126] rss 0 [ 356.711411][T10126] rss_huge 0 [ 356.730628][T10126] shmem 0 [ 356.739161][T10126] mapped_file 0 [ 356.750804][T10126] dirty 0 [ 356.760972][T10126] writeback 0 [ 356.774012][T10126] workingset_refault_anon 3828 [ 356.799125][T10126] workingset_refault_file 14401 [ 356.820866][T10126] swap 67342336 [ 356.840857][T10126] swapcached 1720320 [ 356.852828][T10126] pgpgin 131833 [ 356.860589][T10126] pgpgout 132946 [ 356.879879][T10126] pgfault 82743 [ 356.901004][T10126] pgmajfault 2115 [ 356.921033][T10126] inactive_anon 1720320 [ 356.930915][T10126] active_anon 0 [ 356.961176][T10126] inactive_file 0 [ 356.970936][T10126] active_file 0 [ 356.974422][T10126] unevictable 0 [ 356.989277][T10126] hierarchical_memory_limit 3145728 [ 357.011054][T10126] hierarchical_memsw_limit 9223372036854771712 [ 357.046022][T10126] total_cache 0 [ 357.071038][T10126] total_rss 0 [ 357.080978][T10126] total_rss_huge 0 [ 357.084930][T10126] total_shmem 0 [ 357.100661][T10126] total_mapped_file 0 [ 357.122434][T10126] total_dirty 0 [ 357.142009][T10126] total_writeback 0 [ 357.161153][T10126] total_workingset_refault_anon 3828 [ 357.181026][T10126] total_workingset_refault_file 14401 [ 357.201098][T10126] total_swap 67342336 [ 357.221286][T10126] total_swapcached 1720320 [ 357.235216][T10126] total_pgpgin 131833 [ 357.254396][T10126] total_pgpgout 132946 [ 357.271062][T10126] total_pgfault 82743 [ 357.281159][T10126] total_pgmajfault 2115 [ 357.285535][T10126] total_inactive_anon 1720320 [ 357.311237][T10126] total_active_anon 0 [ 357.315255][T10126] total_inactive_file 0 [ 357.331107][T10126] total_active_file 0 [ 357.351133][T10126] total_unevictable 0 [ 357.360105][T10126] anon_cost 0 [ 357.401258][T10126] file_cost 0 [ 357.411298][T10126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.769,pid=9434,uid=0 [ 357.467071][T10126] Memory cgroup out of memory: Killed process 9434 (syz.4.769) total-vm:102020kB, anon-rss:1168kB, file-rss:47104kB, shmem-rss:0kB, UID:0 pgtables:204kB oom_score_adj:1000 [ 358.249677][T10148] FAULT_INJECTION: forcing a failure. [ 358.249677][T10148] name failslab, interval 1, probability 0, space 0, times 0 [ 358.331810][T10148] CPU: 0 UID: 0 PID: 10148 Comm: syz.3.932 Not tainted syzkaller #0 PREEMPT(full) [ 358.331832][T10148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 358.331841][T10148] Call Trace: [ 358.331846][T10148] [ 358.331852][T10148] dump_stack_lvl+0x16c/0x1f0 [ 358.331873][T10148] should_fail_ex+0x512/0x640 [ 358.331894][T10148] ? fs_reclaim_acquire+0xae/0x150 [ 358.331914][T10148] should_failslab+0xc2/0x120 [ 358.331933][T10148] kmem_cache_alloc_noprof+0x75/0x6e0 [ 358.331946][T10148] ? __pfx_map_id_range_down+0x10/0x10 [ 358.331959][T10148] ? security_inode_alloc+0x3b/0x2b0 [ 358.331982][T10148] ? security_inode_alloc+0x3b/0x2b0 [ 358.332000][T10148] security_inode_alloc+0x3b/0x2b0 [ 358.332021][T10148] inode_init_always_gfp+0xce4/0x1030 [ 358.332039][T10148] alloc_inode+0x86/0x240 [ 358.332064][T10148] path_from_stashed+0x25b/0x750 [ 358.332080][T10148] ? do_raw_spin_unlock+0x172/0x230 [ 358.332097][T10148] ns_get_path+0x60/0x80 [ 358.332113][T10148] proc_ns_get_link+0x121/0x230 [ 358.332130][T10148] ? __pfx_proc_ns_get_link+0x10/0x10 [ 358.332154][T10148] ? atime_needs_update+0x8b/0x710 [ 358.332175][T10148] ? __pfx_proc_ns_get_link+0x10/0x10 [ 358.332191][T10148] step_into+0x196c/0x21a0 [ 358.332209][T10148] ? __pfx_step_into+0x10/0x10 [ 358.332221][T10148] ? find_held_lock+0x2b/0x80 [ 358.332241][T10148] path_openat+0x6db/0x2cb0 [ 358.332261][T10148] ? __pfx_path_openat+0x10/0x10 [ 358.332277][T10148] ? __lock_acquire+0xb8a/0x1c90 [ 358.332296][T10148] do_filp_open+0x20b/0x470 [ 358.332311][T10148] ? __pfx_do_filp_open+0x10/0x10 [ 358.332339][T10148] ? alloc_fd+0x471/0x7d0 [ 358.332357][T10148] do_sys_openat2+0x11b/0x1d0 [ 358.332377][T10148] ? __pfx_do_sys_openat2+0x10/0x10 [ 358.332402][T10148] __x64_sys_openat+0x174/0x210 [ 358.332421][T10148] ? __pfx___x64_sys_openat+0x10/0x10 [ 358.332448][T10148] do_syscall_64+0xcd/0xfa0 [ 358.332465][T10148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.332480][T10148] RIP: 0033:0x7f090f18e010 [ 358.332491][T10148] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 358.332504][T10148] RSP: 002b:00007f091006ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 358.332518][T10148] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f090f18e010 [ 358.332528][T10148] RDX: 0000000000000002 RSI: 00007f091006ffa0 RDI: 00000000ffffff9c [ 358.332536][T10148] RBP: 00007f091006ffa0 R08: 0000000000000000 R09: 0000000000000000 [ 358.332545][T10148] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 358.332554][T10148] R13: 00007f090f3e6038 R14: 00007f090f3e5fa0 R15: 00007ffc14efee88 [ 358.332573][T10148] [ 358.991918][ T30] audit: type=1800 audit(4294967307.336:15): pid=10148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.932" name="members" dev="configfs" ino=35935 res=0 errno=0 [ 361.713001][T10177] random: crng reseeded on system resumption [ 364.250601][T10201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.944'. [ 364.407238][ T30] audit: type=1800 audit(4294967313.133:16): pid=10209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.945" name="dbroot" dev="configfs" ino=36347 res=0 errno=0 [ 371.803632][T10296] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 375.249841][T10348] netlink: 'syz.0.976': attribute type 11 has an invalid length. [ 375.752888][T10363] netlink: 206 bytes leftover after parsing attributes in process `syz.1.980'. [ 377.641396][T10374] ================================================================== [ 377.649464][T10374] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 377.657172][T10374] Read of size 8 at addr ffff888029fa3618 by task syz.0.982/10374 [ 377.664952][T10374] [ 377.667258][T10374] CPU: 0 UID: 0 PID: 10374 Comm: syz.0.982 Not tainted syzkaller #0 PREEMPT(full) [ 377.667276][T10374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 377.667285][T10374] Call Trace: [ 377.667290][T10374] [ 377.667295][T10374] dump_stack_lvl+0x116/0x1f0 [ 377.667315][T10374] print_report+0xcd/0x630 [ 377.667334][T10374] ? __virt_addr_valid+0x81/0x610 [ 377.667351][T10374] ? __phys_addr+0xe8/0x180 [ 377.667368][T10374] ? dvb_device_open+0x36a/0x3b0 [ 377.667384][T10374] kasan_report+0xe0/0x110 [ 377.667402][T10374] ? dvb_device_open+0x36a/0x3b0 [ 377.667421][T10374] ? __pfx_dvb_device_open+0x10/0x10 [ 377.667438][T10374] dvb_device_open+0x36a/0x3b0 [ 377.667455][T10374] ? __pfx_dvb_device_open+0x10/0x10 [ 377.667472][T10374] chrdev_open+0x234/0x6a0 [ 377.667488][T10374] ? __pfx_apparmor_file_open+0x10/0x10 [ 377.667507][T10374] ? __pfx_chrdev_open+0x10/0x10 [ 377.667523][T10374] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 377.667540][T10374] do_dentry_open+0x982/0x1530 [ 377.667557][T10374] ? __pfx_chrdev_open+0x10/0x10 [ 377.667574][T10374] vfs_open+0x82/0x3f0 [ 377.667592][T10374] path_openat+0x1de4/0x2cb0 [ 377.667610][T10374] ? __pfx_path_openat+0x10/0x10 [ 377.667624][T10374] ? __lock_acquire+0xb8a/0x1c90 [ 377.667646][T10374] do_filp_open+0x20b/0x470 [ 377.667660][T10374] ? __pfx_do_filp_open+0x10/0x10 [ 377.667680][T10374] ? alloc_fd+0x471/0x7d0 [ 377.667695][T10374] do_sys_openat2+0x11b/0x1d0 [ 377.667713][T10374] ? __pfx_do_sys_openat2+0x10/0x10 [ 377.667735][T10374] __x64_sys_openat+0x174/0x210 [ 377.667754][T10374] ? __pfx___x64_sys_openat+0x10/0x10 [ 377.667776][T10374] do_syscall_64+0xcd/0xfa0 [ 377.667793][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.667806][T10374] RIP: 0033:0x7f96a918f7c9 [ 377.667820][T10374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.667834][T10374] RSP: 002b:00007f96aa09f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 377.667847][T10374] RAX: ffffffffffffffda RBX: 00007f96a93e5fa0 RCX: 00007f96a918f7c9 [ 377.667857][T10374] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 377.667866][T10374] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 377.667875][T10374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 377.667884][T10374] R13: 00007f96a93e6038 R14: 00007f96a93e5fa0 R15: 00007ffdefef76b8 [ 377.667898][T10374] [ 377.667903][T10374] [ 377.911732][T10374] Allocated by task 1: [ 377.915775][T10374] kasan_save_stack+0x33/0x60 [ 377.920438][T10374] kasan_save_track+0x14/0x30 [ 377.925132][T10374] __kasan_kmalloc+0xaa/0xb0 [ 377.929718][T10374] dvb_register_device+0x1e4/0x2370 [ 377.934901][T10374] dvb_register_frontend+0x5a6/0x880 [ 377.940167][T10374] vidtv_bridge_probe+0x459/0xa90 [ 377.945170][T10374] platform_probe+0x106/0x1d0 [ 377.949825][T10374] really_probe+0x241/0xa90 [ 377.954310][T10374] __driver_probe_device+0x1de/0x440 [ 377.959575][T10374] driver_probe_device+0x4c/0x1b0 [ 377.964583][T10374] __driver_attach+0x283/0x580 [ 377.969328][T10374] bus_for_each_dev+0x13e/0x1d0 [ 377.974155][T10374] bus_add_driver+0x2e9/0x690 [ 377.978813][T10374] driver_register+0x15c/0x4b0 [ 377.983560][T10374] vidtv_bridge_init+0x45/0x80 [ 377.988305][T10374] do_one_initcall+0x123/0x6e0 [ 377.993049][T10374] kernel_init_freeable+0x5c8/0x920 [ 377.998238][T10374] kernel_init+0x1c/0x2b0 [ 378.002550][T10374] ret_from_fork+0x675/0x7d0 [ 378.007123][T10374] ret_from_fork_asm+0x1a/0x30 [ 378.011865][T10374] [ 378.014169][T10374] Freed by task 10276: [ 378.018210][T10374] kasan_save_stack+0x33/0x60 [ 378.022865][T10374] kasan_save_track+0x14/0x30 [ 378.027522][T10374] __kasan_save_free_info+0x3b/0x60 [ 378.032698][T10374] __kasan_slab_free+0x5f/0x80 [ 378.037440][T10374] kfree+0x2b8/0x6d0 [ 378.041310][T10374] dvb_device_put.part.0+0x60/0x90 [ 378.046402][T10374] dvb_device_open+0x2a4/0x3b0 [ 378.051146][T10374] chrdev_open+0x234/0x6a0 [ 378.055542][T10374] do_dentry_open+0x982/0x1530 [ 378.060286][T10374] vfs_open+0x82/0x3f0 [ 378.064334][T10374] path_openat+0x1de4/0x2cb0 [ 378.068902][T10374] do_filp_open+0x20b/0x470 [ 378.073382][T10374] do_sys_openat2+0x11b/0x1d0 [ 378.078040][T10374] __x64_sys_openat+0x174/0x210 [ 378.082874][T10374] do_syscall_64+0xcd/0xfa0 [ 378.087354][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.093223][T10374] [ 378.095524][T10374] The buggy address belongs to the object at ffff888029fa3600 [ 378.095524][T10374] which belongs to the cache kmalloc-256 of size 256 [ 378.109550][T10374] The buggy address is located 24 bytes inside of [ 378.109550][T10374] freed 256-byte region [ffff888029fa3600, ffff888029fa3700) [ 378.123232][T10374] [ 378.125534][T10374] The buggy address belongs to the physical page: [ 378.131927][T10374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29fa2 [ 378.140662][T10374] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 378.149135][T10374] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 378.156653][T10374] page_type: f5(slab) [ 378.160613][T10374] raw: 00fff00000000040 ffff88813ffa6b40 dead000000000122 0000000000000000 [ 378.169174][T10374] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 378.177731][T10374] head: 00fff00000000040 ffff88813ffa6b40 dead000000000122 0000000000000000 [ 378.186376][T10374] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 378.195031][T10374] head: 00fff00000000001 ffffea0000a7e881 00000000ffffffff 00000000ffffffff [ 378.203682][T10374] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 378.212325][T10374] page dumped because: kasan: bad access detected [ 378.218722][T10374] page_owner tracks the page as allocated [ 378.224412][T10374] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17991624729, free_ts 0 [ 378.244095][T10374] post_alloc_hook+0x1af/0x220 [ 378.248849][T10374] get_page_from_freelist+0x10a3/0x3a30 [ 378.254381][T10374] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 378.260263][T10374] alloc_pages_mpol+0x1fb/0x550 [ 378.265105][T10374] new_slab+0x24a/0x360 [ 378.269250][T10374] ___slab_alloc+0xd79/0x1a50 [ 378.273910][T10374] __slab_alloc.constprop.0+0x63/0x110 [ 378.279352][T10374] __kmalloc_cache_noprof+0x477/0x780 [ 378.284700][T10374] bus_add_driver+0x92/0x690 [ 378.289271][T10374] driver_register+0x15c/0x4b0 [ 378.294022][T10374] usb_register_driver+0x216/0x4d0 [ 378.299117][T10374] do_one_initcall+0x123/0x6e0 [ 378.303865][T10374] kernel_init_freeable+0x5c8/0x920 [ 378.309038][T10374] kernel_init+0x1c/0x2b0 [ 378.313358][T10374] ret_from_fork+0x675/0x7d0 [ 378.317935][T10374] ret_from_fork_asm+0x1a/0x30 [ 378.322690][T10374] page_owner free stack trace missing [ 378.328032][T10374] [ 378.330334][T10374] Memory state around the buggy address: [ 378.335938][T10374] ffff888029fa3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 378.343987][T10374] ffff888029fa3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 378.352031][T10374] >ffff888029fa3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 378.360075][T10374] ^ [ 378.364901][T10374] ffff888029fa3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 378.372944][T10374] ffff888029fa3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 378.380989][T10374] ================================================================== [ 378.389069][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.721959][T10381] sctp: [Deprecated]: syz.1.981 (pid 10381) Use of int in maxseg socket option. [ 378.721959][T10381] Use struct sctp_assoc_value instead [ 378.825500][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.841833][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.605683][T10374] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 385.612907][T10374] CPU: 0 UID: 0 PID: 10374 Comm: syz.0.982 Not tainted syzkaller #0 PREEMPT(full) [ 385.622172][T10374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 385.632204][T10374] Call Trace: [ 385.635461][T10374] [ 385.638371][T10374] dump_stack_lvl+0x3d/0x1f0 [ 385.642946][T10374] vpanic+0x640/0x6f0 [ 385.646912][T10374] panic+0xca/0xd0 [ 385.650615][T10374] ? __pfx_panic+0x10/0x10 [ 385.655015][T10374] ? dvb_device_open+0x36a/0x3b0 [ 385.659939][T10374] ? preempt_schedule_common+0x44/0xc0 [ 385.665381][T10374] ? preempt_schedule_thunk+0x16/0x30 [ 385.670742][T10374] check_panic_on_warn+0xab/0xb0 [ 385.675666][T10374] end_report+0x107/0x170 [ 385.679980][T10374] kasan_report+0xee/0x110 [ 385.684382][T10374] ? dvb_device_open+0x36a/0x3b0 [ 385.689301][T10374] ? __pfx_dvb_device_open+0x10/0x10 [ 385.694575][T10374] dvb_device_open+0x36a/0x3b0 [ 385.699324][T10374] ? __pfx_dvb_device_open+0x10/0x10 [ 385.704593][T10374] chrdev_open+0x234/0x6a0 [ 385.708990][T10374] ? __pfx_apparmor_file_open+0x10/0x10 [ 385.714520][T10374] ? __pfx_chrdev_open+0x10/0x10 [ 385.719437][T10374] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 385.725747][T10374] do_dentry_open+0x982/0x1530 [ 385.730491][T10374] ? __pfx_chrdev_open+0x10/0x10 [ 385.735413][T10374] vfs_open+0x82/0x3f0 [ 385.739465][T10374] path_openat+0x1de4/0x2cb0 [ 385.744037][T10374] ? __pfx_path_openat+0x10/0x10 [ 385.748956][T10374] ? __lock_acquire+0xb8a/0x1c90 [ 385.753878][T10374] do_filp_open+0x20b/0x470 [ 385.758361][T10374] ? __pfx_do_filp_open+0x10/0x10 [ 385.763372][T10374] ? alloc_fd+0x471/0x7d0 [ 385.767681][T10374] do_sys_openat2+0x11b/0x1d0 [ 385.772342][T10374] ? __pfx_do_sys_openat2+0x10/0x10 [ 385.777528][T10374] __x64_sys_openat+0x174/0x210 [ 385.782362][T10374] ? __pfx___x64_sys_openat+0x10/0x10 [ 385.787722][T10374] do_syscall_64+0xcd/0xfa0 [ 385.792208][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.798079][T10374] RIP: 0033:0x7f96a918f7c9 [ 385.802472][T10374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.822057][T10374] RSP: 002b:00007f96aa09f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 385.830448][T10374] RAX: ffffffffffffffda RBX: 00007f96a93e5fa0 RCX: 00007f96a918f7c9 [ 385.838398][T10374] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 385.846348][T10374] RBP: 00007f96a9213f91 R08: 0000000000000000 R09: 0000000000000000 [ 385.854298][T10374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.862251][T10374] R13: 00007f96a93e6038 R14: 00007f96a93e5fa0 R15: 00007ffdefef76b8 [ 385.870219][T10374] [ 385.873274][T10374] Kernel Offset: disabled [ 385.877586][T10374] Rebooting in 86400 seconds..