last executing test programs: 15m48.408619878s ago: executing program 3 (id=625): openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x24008010) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x8) 15m47.616954412s ago: executing program 3 (id=630): mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0x0, 0xa00006, 0x4001fd, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x40) ioctl$auto_SNDCTL_MIDI_PRETIME(0xffffffffffffffff, 0xc0046d00, 0x0) socket(0x18, 0x2, 0x0) 15m46.542109993s ago: executing program 3 (id=634): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000100)={0x3, 0x0, [{0x1a0, 0x10, 0x1}]}) 15m46.21420772s ago: executing program 3 (id=638): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 15m45.824776221s ago: executing program 3 (id=643): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0x7, 0x0, 0x7, 0xb, 0x1, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x13c, 0x0, 0xc3, 0x7, 0x2, 0x5, 0x90, 0xfffffff5}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbf4250200080008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 15m45.3768512s ago: executing program 3 (id=648): io_uring_register$auto(0xffffffffffffffff, 0x1f, 0x0, 0x1) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) connect$auto(0x3, 0x0, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x10001, 0x0) 15m45.00801184s ago: executing program 32 (id=648): io_uring_register$auto(0xffffffffffffffff, 0x1f, 0x0, 0x1) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) connect$auto(0x3, 0x0, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x10001, 0x0) 13m18.34385031s ago: executing program 0 (id=1660): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4038ae7a, r0) 13m17.60907871s ago: executing program 0 (id=1666): close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x110) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) lseek$auto(0x3, 0x2, 0x4) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) setsockopt$auto_SO_DEBUG(r0, 0x10, 0x1, &(0x7f00000001c0)='nl80211\x00', 0x0) read$auto(r0, &(0x7f0000000200)='nl80211\x00', 0x4) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0x20, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x24004001) 13m16.394940855s ago: executing program 0 (id=1676): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x315, 0xfffffffd, 0x401bf, 0x7352, 0x3c, 0x65f, 0x1ffde, 0x7fe, 0x3, 0x2, 0x9, 0xfffffffe, 0x4000006, 0x4, 0xb6, 0x80000000009, 0x6, 0x10003, 0xb, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x1fe, 0xd) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf25030000000600070008000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060006004000000006000600070000000a00"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 13m15.11288173s ago: executing program 0 (id=1680): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0xc0000100, 0x400, 0x2}]}) 13m14.063892424s ago: executing program 0 (id=1694): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 13m8.797839604s ago: executing program 0 (id=1709): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) 13m7.818126158s ago: executing program 33 (id=1709): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) 7m56.716905332s ago: executing program 5 (id=3363): openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/options/record-cmd\x00', 0x2802, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8301, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x10a, 0x400, 0x2}]}) 7m56.242968638s ago: executing program 5 (id=3365): capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80480, 0x0) socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) getpid() sysfs$auto(0x2, 0xe, 0x0) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x400053, 0x4) 7m54.340935085s ago: executing program 5 (id=3375): openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b03, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x401, 0x0) write$auto_proc_mem_operations_base(r1, &(0x7f0000001680), 0x0) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) 7m52.931096576s ago: executing program 5 (id=3392): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 7m52.632066965s ago: executing program 5 (id=3386): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 7m52.365334452s ago: executing program 5 (id=3388): statx$auto(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2, 0x8, 0x0) quotactl_fd$auto(0xffffffffffffffff, 0x9, 0x0, &(0x7f00000001c0)) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x80000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x9791bb56cd559a32, 0x0) openat$auto_proc_auxv_operations_base(0xffffffffffffff9c, 0x0, 0xc0800, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x80, 0x3, 0x909, 0x2) semctl$auto_SETVAL(0xb, 0x4, 0x10, 0x6) ioctl$auto_TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x5, 0xfffffffffffffacf, 0x4, 0x9) 7m37.323143981s ago: executing program 34 (id=3388): statx$auto(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2, 0x8, 0x0) quotactl_fd$auto(0xffffffffffffffff, 0x9, 0x0, &(0x7f00000001c0)) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x80000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x9791bb56cd559a32, 0x0) openat$auto_proc_auxv_operations_base(0xffffffffffffff9c, 0x0, 0xc0800, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x80, 0x3, 0x909, 0x2) semctl$auto_SETVAL(0xb, 0x4, 0x10, 0x6) ioctl$auto_TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x5, 0xfffffffffffffacf, 0x4, 0x9) 7m35.237037269s ago: executing program 1 (id=3448): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r0, 0x0, 0x1ff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendfile$auto(0xffffffffffffffff, r0, &(0x7f0000000040)=0xb, 0xa) fsconfig$auto_HIDEPID_NOT_PTRACEABLE(r1, 0x27c, 0x0, 0x0, 0x4) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x2400, 0x0) ioctl$auto_RTC_SET_TIME(r3, 0x4024700a, &(0x7f00000001c0)={0x3, 0x4, 0x9, 0x1b, 0x2, 0x81, 0x7f, 0x4fa, 0x8}) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000140)=""/122, 0x7a) 7m35.062483855s ago: executing program 1 (id=3449): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 7m34.946984384s ago: executing program 1 (id=3450): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000200)={0x38, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}, @NET_SHAPER_A_LEAVES={0x10, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x2}]}]}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}]}, 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x14) 7m34.187172228s ago: executing program 1 (id=3452): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) move_pages$auto(0x0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x1) gettid() move_pages$auto(0x0, 0x1, &(0x7f0000000080)=0x0, 0x0, &(0x7f0000000200)=0x7fff, 0x3) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x11, r0, 0x9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x9, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) 7m32.539284486s ago: executing program 1 (id=3462): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 7m32.088152323s ago: executing program 1 (id=3457): setitimer$auto_ITIMER_VIRTUAL(0x1, 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) msync$auto(0x0, 0xe0, 0x6) socket(0x2c, 0x3, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) pread64$auto(r1, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6) sysfs$auto(0x2, 0x100000000000036, 0x7) 7m16.828286732s ago: executing program 35 (id=3457): setitimer$auto_ITIMER_VIRTUAL(0x1, 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) msync$auto(0x0, 0xe0, 0x6) socket(0x2c, 0x3, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) pread64$auto(r1, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6) sysfs$auto(0x2, 0x100000000000036, 0x7) 1m16.849299681s ago: executing program 6 (id=4904): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300100000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x48, 0x0, 0x3) syz_clone3(0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x1e, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 1m15.646215505s ago: executing program 6 (id=4916): unshare$auto(0x40000080) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40401, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) pread64$auto(r0, 0x0, 0x8, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @rand_addr=0x64010100}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) prctl$auto(0x27, 0x0, 0x0, 0xfffffffffffffffe, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/wireless\x00', 0x80, 0x0) pread64$auto(r1, 0x0, 0x1ff, 0xf4) 1m14.894711s ago: executing program 6 (id=4911): io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x8300, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0x1}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x10001, 0x1, 0x400000000009, 0xc4, 0x9, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x7, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x71, 0x0, 0x8, 0x2, 0x3, 0x3, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x7, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x6, 0x1, 0x3, 0x3, 0xfffffffffffff16a, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x8, 0x4, 0x2, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x0, 0x8001, 0x0, 0x1, 0x7, 0xcf4, 0x1, 0x3, 0x0, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x210001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x3], {0x9, 0x3, 0x6, 0x0, 0x4, 0x895, 0x3fdc, 0x6, 0x5}, {0x2, 0x1d11, 0x54ed, 0x0, 0x101, 0xff, 0x7, 0xa, 0xb}}) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r1, 0x0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0xffffffffffffffff, r0, 0x2) open(0x0, 0x22040, 0x75) socket(0x10, 0x2, 0x0) ioctl$auto_RTC_PIE_ON(r0, 0x7005, 0x0) readv$auto(r0, &(0x7f00000004c0)={0x0, 0x4}, 0x5) 1m14.327712168s ago: executing program 6 (id=4914): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x800009b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x7fff, 0x4}, 0x80000b}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x4) 1m13.644237616s ago: executing program 6 (id=4919): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram11\x00', 0x20000, 0x0) mseal$auto(0x1ffff000, 0xfffffffffffffff3, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) madvise$auto(0x108000, 0x2, 0xa) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400, 0x2) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x100842, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, 0x0) ioctl$auto_SNDCTL_TMR_TEMPO(r1, 0xc0045405, &(0x7f0000000140)) 1m13.453807952s ago: executing program 6 (id=4920): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) mprotect$auto(0x1000, 0x400000, 0x4) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) gettimeofday$auto(0x0, &(0x7f0000000080)={0x3, 0xdd6}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dri/card1\x00', 0x6082, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) 58.308942328s ago: executing program 36 (id=4920): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) mprotect$auto(0x1000, 0x400000, 0x4) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) gettimeofday$auto(0x0, &(0x7f0000000080)={0x3, 0xdd6}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dri/card1\x00', 0x6082, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) 35.651100138s ago: executing program 7 (id=5036): socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x100000000000027, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(&(0x7f00000000c0)={0x20071026, 0xffffffffffffffff}, 0x0) epoll_ctl$auto(0xffffffffffffffff, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 31.808089017s ago: executing program 7 (id=5047): openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001180)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = socket(0x18, 0x805, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x40047452, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd5\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x2020009, 0x4, 0xeb1, 0xfffffffffffffffa, 0x8000) io_pgetevents$auto(0x8, 0xfffffffffffffffe, 0x4000003ff, 0x0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mknod$auto(&(0x7f0000001040)=':,\x00', 0xca, 0xfffffffa) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) pwrite64$auto(0xc8, &(0x7f0000000540)='\vX5n\x91p\xe6\x1eRN8\x99C\x05\x06\x00J\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\v\x00\x00\x00\x00\x00\x00\x00X\xb9_\xdd*\xd1\x14^\xbe\xa2\x00'/97, 0xd12, 0x4000005) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f0000000200)=&(0x7f00000001c0)=':,\x00') 28.131840396s ago: executing program 7 (id=5058): madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = ioctl$auto_TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000)=0x425792c7) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0) epoll_pwait2$auto(0x1, 0xfffffffffffffffc, 0x3, 0xfffffffffffffffd, 0xffffffffffffffff, 0x6) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r2, &(0x7f0000000000)='r\x02', 0x2fb) sendmsg$auto_IEEE802154_ASSOCIATE_RESP(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x48, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "386ea25c05200a8c522883de50158eec17952e4c04417e2b5ed7097a9515b757"}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x90}, 0x8104) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) sendmsg$auto_L2TP_CMD_NOOP(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1802", @ANYRES16=r1], 0x218}, 0x1, 0x0, 0x0, 0x4080}, 0x4000040) madvise$auto(0x0, 0x2003ec, 0x14) 27.062979733s ago: executing program 7 (id=5063): futex$auto(0x0, 0x10b, 0x1, 0x0, 0x0, 0xfbfffffa) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2a1042, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x80800, 0x0) setns(0xffffffffffffffff, 0x60020000) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) 27.045437937s ago: executing program 4 (id=5064): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/md_mod/parameters/new_array\x00', 0xa001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/bond0/bonding/ad_actor_sys_prio\x00', 0x942, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) process_vm_writev$auto(0x1, &(0x7f0000002980)={0x0, 0x4}, 0x3, 0x0, 0x4, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) socket(0x2, 0x801, 0x106) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/self/net/icmp6\x00', 0x8000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(r0, 0x541c, r1) 26.069186027s ago: executing program 4 (id=5065): r0 = socket(0xa, 0x5, 0x0) setsockopt$auto(r0, 0x0, 0x24, 0x0, 0x9) mmap$auto(0xffff7ffffffffffe, 0x400006, 0x2baa, 0x9b7b, r0, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b4a, 0x9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) newfstatat$auto(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x9, 0x88, 0xfffffffffffffffd, 0x1, 0xee01, 0xffffffffffffffff, 0x0, 0x46f, 0x6, 0x36, 0xfffffffffffffff1, 0x4, 0x8, 0x6, 0xe3b, 0x3928, 0x80000000}, 0xbbb3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001840), r2) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000018c0)={0x28, r3, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @uid}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x200480c7}, 0x80) 25.291929178s ago: executing program 7 (id=5067): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) r0 = socket(0xa, 0x3, 0x3a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='/sys/devices/platform/i8042/serio1/resync_time\x00') setsockopt$auto(r0, 0x8, 0xfffffffc, &(0x7f0000000040)=',%\x00', 0xfffffffc) add_key$auto(&(0x7f0000000740)='#)-\\&[}\x00', &(0x7f0000000780)='.\\@&\x00', 0x0, 0x5, 0x9) acct$auto(0x0) getsockopt$auto(r0, 0x29, 0xcf, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r1 = socket(0x29, 0x2, 0x0) getsockopt$auto(r1, 0x119, 0x1, 0x0, 0x0) epoll_create1$auto(0x4) 23.584169183s ago: executing program 4 (id=5070): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = signalfd$auto(0xffffffffffffffff, 0x0, 0x8) epoll_ctl$auto(0xffffffffffffffff, 0x1, 0x8000000000000000, 0x0) timer_create$auto(0x3, 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000a40)=""/4096, 0x1000) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x0, 0x400}, {0x0, 0x87}}, 0x0) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa0202, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0, 0x0) 23.357429934s ago: executing program 7 (id=5071): unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) write$auto_ftrace_enable_fops_trace_events(0xffffffffffffffff, &(0x7f0000000000)="a3a5ef09b5b35e13fae05cbc144f87d25db57560747a31736099f3281707ee3727cf3a430c340438cf2bfc7622074b9cbd47d33a8fcc675f800755e14e21f777602953a87d9d7c2e49c932f1c5241418c259f5e2a1b2503cceab9a366163116b184ac8d1b86457b107f50c1c04046b61946a73c534101cb745306fc6af1c74a0f948cb1d73e2ac13580c7e32d54d85beec07ff2eb69c8d41a15984f1972e642b9b23b6c352632fb7b4c1b5feef4cd41f6952484f2055b21b907aa67292afa156dbcc05f7e43ab888bb5aefab91adddec67f53b894be7cde405bd7a81f8f6cee1360bcea5d4953e7b0bb9c8806ecef879dcc644e379fbc46c61b31442cc91b967248f93ff7d880fe329752c8bb0be92332475e4f68c16a6a16223ad74ddbcc179c23864bc078e5f6da6ab5069a129c08405ad1a796579347990390966d71548262002f495a6824c9aeeae072347691188122d5bdd4b176aa40fe16f6f69f5dffbf63cee5af8facd6f083d35c609173ad85431a24a04d800275057a42ae08f9946f02cc0fcff16db4f719477937bcd107cc88d951326d537efad9840ab2898691d21d6f5ba539cebd073a20e7101b11866edc69c364300d1af3f366af7cbea46921c542e9fdcdbe614a8c5bc635b1b9fd0ea8019192416e2818de6b5c829fcb1551ef3c3916e45f32dca9915be6caef6da2dba8c099d2dbe5f8099afd4e5e1aa355a1a0be46fe5e9a26d9ed0667759cd68ba2a2fff7844016cdda98ad718ed1267d56bc79041edb3f9cf377f16cdd8d812399281f458f6612f66ea5fff4152a388998f91c8784d098276ac9770ffb1245e1e3b0df4d8718733b1aba36eec1fa1b52d01361090a92b65846b9d84bef1c73cb06b9c63d4296e2e08fc654dcdf74e61a88f74ae7f0810d0534dcec6312c2c", 0x28f) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='cifs\x00', 0x8002, &(0x7f00000001c0)) 22.28180294s ago: executing program 4 (id=5072): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/pagemap\x00', 0x80240, 0x0) ioctl$auto_PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000000)={0x60, 0x2, 0x100000, 0x100000, 0x100000000000002, 0x5, 0xffffffffffffffff, 0x0, 0x87, 0x2c, 0x4, 0x3}) fcntl$auto(0x8000000000000001, 0x26, 0x8) fcntl$auto(r0, 0x7, 0x4) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 20.265402416s ago: executing program 4 (id=5078): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0xc00, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x120c00, 0x0) socket(0x2, 0x801, 0x106) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/tty12\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 19.220613323s ago: executing program 4 (id=5082): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) unshare$auto(0x40000080) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/msr/parameters/allow_writes\x00', 0x80302, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) close_range$auto(0x2, 0x8, 0x0) 8.290788098s ago: executing program 37 (id=5071): unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) write$auto_ftrace_enable_fops_trace_events(0xffffffffffffffff, &(0x7f0000000000)="a3a5ef09b5b35e13fae05cbc144f87d25db57560747a31736099f3281707ee3727cf3a430c340438cf2bfc7622074b9cbd47d33a8fcc675f800755e14e21f777602953a87d9d7c2e49c932f1c5241418c259f5e2a1b2503cceab9a366163116b184ac8d1b86457b107f50c1c04046b61946a73c534101cb745306fc6af1c74a0f948cb1d73e2ac13580c7e32d54d85beec07ff2eb69c8d41a15984f1972e642b9b23b6c352632fb7b4c1b5feef4cd41f6952484f2055b21b907aa67292afa156dbcc05f7e43ab888bb5aefab91adddec67f53b894be7cde405bd7a81f8f6cee1360bcea5d4953e7b0bb9c8806ecef879dcc644e379fbc46c61b31442cc91b967248f93ff7d880fe329752c8bb0be92332475e4f68c16a6a16223ad74ddbcc179c23864bc078e5f6da6ab5069a129c08405ad1a796579347990390966d71548262002f495a6824c9aeeae072347691188122d5bdd4b176aa40fe16f6f69f5dffbf63cee5af8facd6f083d35c609173ad85431a24a04d800275057a42ae08f9946f02cc0fcff16db4f719477937bcd107cc88d951326d537efad9840ab2898691d21d6f5ba539cebd073a20e7101b11866edc69c364300d1af3f366af7cbea46921c542e9fdcdbe614a8c5bc635b1b9fd0ea8019192416e2818de6b5c829fcb1551ef3c3916e45f32dca9915be6caef6da2dba8c099d2dbe5f8099afd4e5e1aa355a1a0be46fe5e9a26d9ed0667759cd68ba2a2fff7844016cdda98ad718ed1267d56bc79041edb3f9cf377f16cdd8d812399281f458f6612f66ea5fff4152a388998f91c8784d098276ac9770ffb1245e1e3b0df4d8718733b1aba36eec1fa1b52d01361090a92b65846b9d84bef1c73cb06b9c63d4296e2e08fc654dcdf74e61a88f74ae7f0810d0534dcec6312c2c", 0x28f) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='cifs\x00', 0x8002, &(0x7f00000001c0)) 6.243733043s ago: executing program 2 (id=5101): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='#\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x800084) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) listen$auto(0x3, 0x0) pipe2$auto(0x0, 0x80) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8) listen$auto(0x3, 0x83) 5.832030822s ago: executing program 8 (id=5102): mmap$auto(0x0, 0x2020049, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f0000000380)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) 5.030074834s ago: executing program 2 (id=5103): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 5.027585416s ago: executing program 8 (id=5110): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = epoll_create$auto(0x107fb9) socket(0x10, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101242, 0x0) open(0x0, 0x206000, 0x195) pread64$auto(0xffffffffffffffff, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x10001, 0x3) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x440, 0x0) ioctl$auto_RTC_UIE_ON(r1, 0x7003, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) ioctl$auto_RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x1f, 0x7, 0x5, 0x2, 0x2, 0x80000, 0xcb, 0x6c36, 0x6}) 4.620187983s ago: executing program 2 (id=5104): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socket(0x2b, 0x1, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2}) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) 4.604042114s ago: executing program 8 (id=5105): mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x5, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.0/usb1/power/wakeup_active_count\x00', 0x0, 0x0) socket(0x2, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000140), 0x244002, 0x0) socket(0x2, 0x1, 0x0) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) setresuid$auto(0x60, 0x1000, 0x607) ioctl$auto(r1, 0x5393, r0) 4.131510863s ago: executing program 8 (id=5106): socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x100000000000027, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(&(0x7f00000000c0)={0x20071026, 0xffffffffffffffff}, 0x0) epoll_ctl$auto(0xffffffffffffffff, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 3.99514619s ago: executing program 38 (id=5082): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) unshare$auto(0x40000080) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/msr/parameters/allow_writes\x00', 0x80302, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.519305383s ago: executing program 2 (id=5108): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000180)="6da6b940dfe114cacac8b7cca871a393aaf922f69708e077a3ff54d760f973198c7f36202c9afdaf7bc2eb57e0") close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\b', @ANYRES16=0x0, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c000a000700000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) select$auto(0x4, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xfffffffffffffff9, 0x9, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0xffff, 0x1ff, 0xd, 0x3, 0x200000201, 0x7, 0x6]}, 0x0, 0x0) 2.264491808s ago: executing program 8 (id=5109): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0x5, 0x5d9, 0x0, 0x8) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1002, 0x0, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0xec) 1.47903541s ago: executing program 2 (id=5111): syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_wireguard(0x0, 0xffffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x141900, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000180), 0x80400, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x4e25, @remote}, 0x6d) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x51}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x80009, 0x0, 0x1, 0x0, 0x4, 0x9}, 0x3}, 0x3, 0x9) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xff, 0x0, 0xfffffffffffffffd) 52.458062ms ago: executing program 2 (id=5112): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/mem\x00', 0x100, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x2, 0x0) epoll_create$auto(0x3e) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/tracing_cpumask\x00', 0x20802, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a9, 0x7000000) mmap$auto(0xfffffffffffffffe, 0xe983, 0xffffffff, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) ioctl$auto(0x3, 0x80108907, 0x38) openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, 0x0, 0x2e6100, 0x0) 0s ago: executing program 8 (id=5113): mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2f8001, 0x0) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x409, 0x5, 0xffffffff, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc048aeca, 0x0) kernel console output (not intermixed with test programs): ffffffda RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 799.675263][T17596] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000000 [ 799.675278][T17596] RBP: 00007fb978e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 799.675293][T17596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.675308][T17596] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 799.675342][T17596] [ 800.273239][T17598] __vm_enough_memory: pid: 17598, comm: syz.2.3960, bytes: 4398046511104 not enough memory for the allocation [ 800.477708][T17603] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3962'. [ 800.532241][T17603] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3962'. [ 800.608700][T17607] netlink: 250 bytes leftover after parsing attributes in process `syz.4.3962'. [ 800.657222][T17610] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3964'. [ 801.726102][T17632] netlink: 330 bytes leftover after parsing attributes in process `syz.7.3972'. [ 802.509185][T17629] Process accounting paused [ 802.631879][T17649] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3977'. [ 803.210033][T17654] zswap: compressor not available [ 803.935309][T17682] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3984'. [ 804.990124][T17692] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 805.201220][T17696] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3987'. [ 805.247776][T17696] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3987'. [ 805.289518][T17698] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3988'. [ 805.563101][T17700] FAULT_INJECTION: forcing a failure. [ 805.563101][T17700] name failslab, interval 1, probability 393216, space 0, times 0 [ 805.576278][T17700] CPU: 1 UID: 0 PID: 17700 Comm: syz.6.3989 Not tainted syzkaller #0 PREEMPT(full) [ 805.576310][T17700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 805.576326][T17700] Call Trace: [ 805.576335][T17700] [ 805.576344][T17700] dump_stack_lvl+0x16c/0x1f0 [ 805.576377][T17700] should_fail_ex+0x512/0x640 [ 805.576419][T17700] should_failslab+0xc2/0x120 [ 805.576453][T17700] kmem_cache_alloc_noprof+0x75/0x6e0 [ 805.576477][T17700] ? pcpu_alloc_noprof+0x949/0x14c0 [ 805.576506][T17700] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 805.576553][T17700] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 805.576592][T17700] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 805.576638][T17700] idr_get_free+0x528/0xa30 [ 805.576673][T17700] idr_alloc_u32+0x190/0x2f0 [ 805.576701][T17700] ? __pfx_idr_alloc_u32+0x10/0x10 [ 805.576729][T17700] ? lock_acquire+0x179/0x350 [ 805.576768][T17700] idr_alloc_cyclic+0x10b/0x230 [ 805.576795][T17700] ? __pfx_idr_alloc_cyclic+0x10/0x10 [ 805.576819][T17700] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 805.576858][T17700] ? lsm_blob_alloc+0x2b/0x90 [ 805.576893][T17700] map_create+0x143e/0x27e0 [ 805.576942][T17700] ? __pfx_map_create+0x10/0x10 [ 805.576978][T17700] ? __might_fault+0xe3/0x190 [ 805.577000][T17700] ? __might_fault+0xe3/0x190 [ 805.577022][T17700] ? __might_fault+0x13b/0x190 [ 805.577056][T17700] __sys_bpf+0x3d9d/0x4980 [ 805.577079][T17700] ? futex_private_hash_put+0xd5/0x190 [ 805.577113][T17700] ? __pfx___sys_bpf+0x10/0x10 [ 805.577137][T17700] ? __pfx_futex_wait+0x10/0x10 [ 805.577238][T17700] ? do_futex+0x122/0x350 [ 805.577287][T17700] ? fput+0x9b/0xd0 [ 805.577322][T17700] ? xfd_validate_state+0x61/0x180 [ 805.577357][T17700] ? __pfx_ksys_write+0x10/0x10 [ 805.577389][T17700] __x64_sys_bpf+0x78/0xc0 [ 805.577413][T17700] ? lockdep_hardirqs_on+0x7c/0x110 [ 805.577442][T17700] do_syscall_64+0xcd/0xfa0 [ 805.577474][T17700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.577505][T17700] RIP: 0033:0x7f9b5db8f6c9 [ 805.577527][T17700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 805.577557][T17700] RSP: 002b:00007f9b5e9c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 805.577580][T17700] RAX: ffffffffffffffda RBX: 00007f9b5dde5fa0 RCX: 00007f9b5db8f6c9 [ 805.577601][T17700] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000000 [ 805.577616][T17700] RBP: 00007f9b5dc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 805.577630][T17700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 805.577644][T17700] R13: 00007f9b5dde6038 R14: 00007f9b5dde5fa0 R15: 00007ffd982190d8 [ 805.577676][T17700] [ 806.397819][ T52] Bluetooth: hci4: unexpected event 0x09 length: 435 > 3 [ 806.679785][T17715] sp0: Synchronizing with TNC [ 806.883770][T17719] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3996'. [ 807.015136][T17722] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3996'. [ 807.110185][T17719] netlink: 250 bytes leftover after parsing attributes in process `syz.2.3996'. [ 807.126438][T17724] netlink: 13 bytes leftover after parsing attributes in process `syz.6.3998'. [ 807.843146][T17735] netlink: 'syz.4.4001': attribute type 28 has an invalid length. [ 807.899121][T17735] netlink: 'syz.4.4001': attribute type 3 has an invalid length. [ 807.936684][T17735] netlink: 306 bytes leftover after parsing attributes in process `syz.4.4001'. [ 808.877233][T17745] netlink: 334 bytes leftover after parsing attributes in process `syz.6.4012'. [ 809.678658][T17757] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xdb pfn:0x78000 [ 809.723123][T17757] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 809.767670][T17757] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 809.827382][T17757] raw: 00000000000000db 0000000000000000 0000000400000002 0000000000000000 [ 809.870228][T17757] page dumped because: unmovable page [ 809.907483][T17757] page_owner tracks the page as allocated [ 809.959862][T17757] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 15746, tgid 15746 (syz-executor), ts 682641404769, free_ts 679344617515 [ 810.033136][ T52] Bluetooth: hci1: command 0x0406 tx timeout [ 810.065358][T17757] post_alloc_hook+0x1c0/0x230 [ 810.084043][T17760] zswap: compressor not available [ 810.089367][T17757] get_page_from_freelist+0x10a3/0x3a30 [ 810.112946][T17757] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 810.145698][T17757] alloc_pages_mpol+0x1fb/0x550 [ 810.173674][T17757] alloc_pages_noprof+0x131/0x390 [ 810.196137][T17757] __vmalloc_node_range_noprof+0x6f8/0x1480 [ 810.223922][T17757] vmalloc_user_noprof+0x9e/0xe0 [ 810.251280][T17757] kcov_ioctl+0x4c/0x730 [ 810.274135][T17757] __x64_sys_ioctl+0x18e/0x210 [ 810.300621][T17757] do_syscall_64+0xcd/0xfa0 [ 810.320858][T17757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.357766][T17757] page last free pid 15692 tgid 15692 stack trace: [ 810.402478][T17757] free_unref_folios+0xa31/0x1610 [ 810.455032][T17757] folios_put_refs+0x4be/0x750 [ 810.467184][T17757] shmem_undo_range+0x58f/0x1150 [ 810.472180][T17757] shmem_evict_inode+0x3a1/0xbe0 [ 810.514590][T17757] evict+0x3e6/0x920 [ 810.529598][T17757] iput.part.0+0x6a9/0xb00 [ 810.560002][T17757] iput+0x35/0x40 [ 810.580636][T17757] dentry_unlink_inode+0x29c/0x480 [ 810.598397][T17757] __dentry_kill+0x1d0/0x600 [ 810.603090][T17757] dput.part.0+0x4b1/0x9b0 [ 810.649900][T17757] dput+0x1f/0x30 [ 810.653622][T17757] __fput+0x51c/0xb70 [ 810.689499][T17757] task_work_run+0x150/0x240 [ 810.711926][T17757] do_exit+0x86f/0x2bf0 [ 810.740060][T17757] do_group_exit+0xd3/0x2a0 [ 810.750584][T17757] __x64_sys_exit_group+0x3e/0x50 [ 813.791140][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805cd7a000: rx timeout, send abort [ 813.801247][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cd7a000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 814.064414][T17817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4024'. [ 814.274363][T17821] netlink: 'syz.7.4026': attribute type 12 has an invalid length. [ 814.315199][T17821] netlink: 306 bytes leftover after parsing attributes in process `syz.7.4026'. [ 815.236326][ T5850] Bluetooth: hci0: unexpected event 0x07 length: 435 > 255 [ 816.656860][T17850] binder: 17845:17850 ioctl c0306201 0 returned -14 [ 817.988604][T17857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4035'. [ 818.079519][T17858] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4035'. [ 818.183778][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 818.193345][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.862629][ T5850] Bluetooth: hci1: unexpected event 0x09 length: 435 > 3 [ 820.174371][T17881] zswap: compressor not available [ 823.583400][T17937] netlink: 'syz.2.4056': attribute type 12 has an invalid length. [ 823.662354][T17937] netlink: 286 bytes leftover after parsing attributes in process `syz.2.4056'. [ 824.213049][T17939] could not allocate digest TFM handle [ 825.047053][T17974] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4069'. [ 826.709605][T17997] Process accounting resumed [ 827.287468][T18008] FAULT_INJECTION: forcing a failure. [ 827.287468][T18008] name failslab, interval 1, probability 393216, space 0, times 0 [ 827.349397][T18008] CPU: 1 UID: 0 PID: 18008 Comm: syz.6.4080 Not tainted syzkaller #0 PREEMPT(full) [ 827.349432][T18008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 827.349447][T18008] Call Trace: [ 827.349456][T18008] [ 827.349465][T18008] dump_stack_lvl+0x16c/0x1f0 [ 827.349499][T18008] should_fail_ex+0x512/0x640 [ 827.349547][T18008] should_failslab+0xc2/0x120 [ 827.349585][T18008] __kmalloc_cache_noprof+0x72/0x780 [ 827.349627][T18008] ? sctp_add_bind_addr+0xae/0x3f0 [ 827.349655][T18008] ? sctp_add_bind_addr+0xae/0x3f0 [ 827.349677][T18008] sctp_add_bind_addr+0xae/0x3f0 [ 827.349704][T18008] sctp_copy_local_addr_list+0x349/0x550 [ 827.349737][T18008] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 827.349769][T18008] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 827.349801][T18008] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 827.349844][T18008] sctp_bind_addr_copy+0xe0/0x530 [ 827.349875][T18008] sctp_connect_new_asoc+0x1c9/0x770 [ 827.349912][T18008] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 827.349953][T18008] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 827.349994][T18008] sctp_sendmsg+0x1557/0x1e00 [ 827.350043][T18008] ? __pfx_sctp_sendmsg+0x10/0x10 [ 827.350076][T18008] ? __pfx___might_resched+0x10/0x10 [ 827.350107][T18008] ? aa_sk_perm+0x2f4/0xb10 [ 827.350134][T18008] ? __pfx_aa_sk_perm+0x10/0x10 [ 827.350167][T18008] ? __pfx_sctp_sendmsg+0x10/0x10 [ 827.350203][T18008] inet_sendmsg+0x11c/0x140 [ 827.350240][T18008] ____sys_sendmsg+0x973/0xc70 [ 827.350274][T18008] ? __pfx_____sys_sendmsg+0x10/0x10 [ 827.350302][T18008] ? do_raw_spin_unlock+0x172/0x230 [ 827.350348][T18008] ? trace_ignore_this_task+0x6b/0x100 [ 827.350376][T18008] ___sys_sendmsg+0x134/0x1d0 [ 827.350406][T18008] ? __pfx____sys_sendmsg+0x10/0x10 [ 827.350448][T18008] ? find_held_lock+0x2b/0x80 [ 827.350491][T18008] __sys_sendmmsg+0x200/0x420 [ 827.350518][T18008] ? __pfx___sys_sendmmsg+0x10/0x10 [ 827.350556][T18008] ? __pfx_do_futex+0x10/0x10 [ 827.350601][T18008] ? fdget_pos+0x2b8/0x370 [ 827.350630][T18008] ? xfd_validate_state+0x61/0x180 [ 827.350663][T18008] ? __pfx_ksys_write+0x10/0x10 [ 827.350695][T18008] __x64_sys_sendmmsg+0x9c/0x100 [ 827.350718][T18008] ? lockdep_hardirqs_on+0x7c/0x110 [ 827.350752][T18008] do_syscall_64+0xcd/0xfa0 [ 827.350783][T18008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.350808][T18008] RIP: 0033:0x7f9b5db8f6c9 [ 827.350827][T18008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 827.350850][T18008] RSP: 002b:00007f9b5e9c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 827.350882][T18008] RAX: ffffffffffffffda RBX: 00007f9b5dde5fa0 RCX: 00007f9b5db8f6c9 [ 827.350898][T18008] RDX: 0000000000000008 RSI: 0000200000000140 RDI: 0000000000000004 [ 827.350914][T18008] RBP: 00007f9b5dc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 827.350929][T18008] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 827.350943][T18008] R13: 00007f9b5dde6038 R14: 00007f9b5dde5fa0 R15: 00007ffd982190d8 [ 827.350976][T18008] [ 828.532975][T18016] netlink: 'syz.6.4085': attribute type 29 has an invalid length. [ 828.589624][T18016] netlink: 'syz.6.4085': attribute type 30 has an invalid length. [ 828.597559][T18016] netlink: 'syz.6.4085': attribute type 31 has an invalid length. [ 828.659411][T18016] netlink: 'syz.6.4085': attribute type 32 has an invalid length. [ 828.698875][T18016] netlink: 'syz.6.4085': attribute type 33 has an invalid length. [ 828.738968][T18016] netlink: 'syz.6.4085': attribute type 35 has an invalid length. [ 828.777954][T18016] netlink: 'syz.6.4085': attribute type 37 has an invalid length. [ 828.822819][T18016] netlink: 18 bytes leftover after parsing attributes in process `syz.6.4085'. [ 829.356627][T18018] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4083'. [ 830.242890][T18035] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4091'. [ 830.499660][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 832.205957][T18057] blktrace: Concurrent blktraces are not allowed on loop2 [ 832.932924][T18063] futex_wake_op: syz.4.4100 tries to shift op by -2048; fix this program [ 832.989156][T18063] futex_wake_op: syz.4.4100 tries to shift op by -2048; fix this program [ 834.210085][T18072] FAULT_INJECTION: forcing a failure. [ 834.210085][T18072] name failslab, interval 1, probability 393216, space 0, times 0 [ 834.312878][T18072] CPU: 1 UID: 0 PID: 18072 Comm: syz.4.4104 Not tainted syzkaller #0 PREEMPT(full) [ 834.312912][T18072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 834.312927][T18072] Call Trace: [ 834.312935][T18072] [ 834.312946][T18072] dump_stack_lvl+0x16c/0x1f0 [ 834.312979][T18072] should_fail_ex+0x512/0x640 [ 834.313016][T18072] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 834.313051][T18072] should_failslab+0xc2/0x120 [ 834.313084][T18072] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 834.313116][T18072] ? __kthread_create_on_node+0x186/0x3f0 [ 834.313155][T18072] ? kvasprintf+0xbc/0x160 [ 834.313175][T18072] kvasprintf+0xbc/0x160 [ 834.313197][T18072] ? __pfx_kvasprintf+0x10/0x10 [ 834.313230][T18072] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 834.313252][T18072] __kthread_create_on_node+0x186/0x3f0 [ 834.313286][T18072] ? __pfx___kthread_create_on_node+0x10/0x10 [ 834.313333][T18072] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 834.313356][T18072] kthread_create_on_node+0xc7/0x100 [ 834.313389][T18072] ? __pfx_kthread_create_on_node+0x10/0x10 [ 834.313420][T18072] ? kasan_quarantine_put+0x10a/0x240 [ 834.313451][T18072] ? find_held_lock+0x2b/0x80 [ 834.313476][T18072] ? tomoyo_notify_gc+0xc6/0x470 [ 834.313504][T18072] tomoyo_notify_gc+0xea/0x470 [ 834.313525][T18072] ? ima_iint_find+0xea/0x130 [ 834.313560][T18072] ? __pfx_tomoyo_release+0x10/0x10 [ 834.313587][T18072] tomoyo_release+0x31/0x40 [ 834.313613][T18072] __fput+0x402/0xb70 [ 834.313653][T18072] task_work_run+0x150/0x240 [ 834.313692][T18072] ? __pfx_task_work_run+0x10/0x10 [ 834.313730][T18072] ? __pfx___do_sys_close_range+0x10/0x10 [ 834.313764][T18072] exit_to_user_mode_loop+0xec/0x130 [ 834.313802][T18072] do_syscall_64+0x426/0xfa0 [ 834.313833][T18072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.313866][T18072] RIP: 0033:0x7f6e1978f6c9 [ 834.313885][T18072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 834.313909][T18072] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 834.313932][T18072] RAX: 0000000000000000 RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 834.313947][T18072] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 834.313962][T18072] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 834.313977][T18072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 834.313991][T18072] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 834.314022][T18072] [ 835.896899][T18079] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0xdb pfn:0x78000 [ 835.946742][T18079] flags: 0xfff18000000210(dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 836.005544][T18079] raw: 00fff18000000210 0000000000000000 dead000000000122 0000000000000000 [ 836.057856][T18079] raw: 00000000000000db 0000000000000000 0000000400000002 0000000000000000 [ 836.100955][T18079] page dumped because: unmovable page [ 836.145128][T18079] page_owner tracks the page as allocated [ 836.177682][T18079] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 15746, tgid 15746 (syz-executor), ts 682641404769, free_ts 679344617515 [ 836.347864][T18079] post_alloc_hook+0x1c0/0x230 [ 836.382114][T18079] get_page_from_freelist+0x10a3/0x3a30 [ 836.418551][T18079] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 836.477380][T18079] alloc_pages_mpol+0x1fb/0x550 [ 836.505626][T18079] alloc_pages_noprof+0x131/0x390 [ 836.542287][T18079] __vmalloc_node_range_noprof+0x6f8/0x1480 [ 836.584321][T18079] vmalloc_user_noprof+0x9e/0xe0 [ 836.654491][T18079] kcov_ioctl+0x4c/0x730 [ 836.658797][T18079] __x64_sys_ioctl+0x18e/0x210 [ 836.724447][T18079] do_syscall_64+0xcd/0xfa0 [ 836.729044][T18079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.780428][T18079] page last free pid 15692 tgid 15692 stack trace: [ 836.825641][T18079] free_unref_folios+0xa31/0x1610 [ 836.858493][T18079] folios_put_refs+0x4be/0x750 [ 836.883805][T18079] shmem_undo_range+0x58f/0x1150 [ 836.911423][T18079] shmem_evict_inode+0x3a1/0xbe0 [ 836.916424][T18079] evict+0x3e6/0x920 [ 836.970216][T18079] iput.part.0+0x6a9/0xb00 [ 836.990237][T18079] iput+0x35/0x40 [ 837.006235][T18079] dentry_unlink_inode+0x29c/0x480 [ 837.029180][T18079] __dentry_kill+0x1d0/0x600 [ 837.057663][T18079] dput.part.0+0x4b1/0x9b0 [ 837.107225][T18079] dput+0x1f/0x30 [ 837.127498][T18079] __fput+0x51c/0xb70 [ 837.149339][T18079] task_work_run+0x150/0x240 [ 837.154002][T18079] do_exit+0x86f/0x2bf0 [ 837.158188][T18079] do_group_exit+0xd3/0x2a0 [ 837.215589][T18079] __x64_sys_exit_group+0x3e/0x50 [ 839.573703][T18118] FAULT_INJECTION: forcing a failure. [ 839.573703][T18118] name failslab, interval 1, probability 393216, space 0, times 0 [ 839.668835][T18118] CPU: 1 UID: 0 PID: 18118 Comm: syz.4.4121 Not tainted syzkaller #0 PREEMPT(full) [ 839.668870][T18118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 839.668885][T18118] Call Trace: [ 839.668894][T18118] [ 839.668903][T18118] dump_stack_lvl+0x16c/0x1f0 [ 839.668936][T18118] should_fail_ex+0x512/0x640 [ 839.668973][T18118] ? __kmalloc_cache_noprof+0x5f/0x780 [ 839.669016][T18118] should_failslab+0xc2/0x120 [ 839.669049][T18118] __kmalloc_cache_noprof+0x72/0x780 [ 839.669093][T18118] ? __do_sys_fanotify_init+0x4c3/0xc80 [ 839.669131][T18118] ? get_mem_cgroup_from_mm+0x12a/0x600 [ 839.669158][T18118] ? __do_sys_fanotify_init+0x4c3/0xc80 [ 839.669195][T18118] __do_sys_fanotify_init+0x4c3/0xc80 [ 839.669237][T18118] do_syscall_64+0xcd/0xfa0 [ 839.669268][T18118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.669293][T18118] RIP: 0033:0x7f6e1978f6c9 [ 839.669312][T18118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 839.669336][T18118] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 839.669366][T18118] RAX: ffffffffffffffda RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 839.669382][T18118] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000c00 [ 839.669397][T18118] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 839.669411][T18118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 839.669426][T18118] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 839.669458][T18118] [ 839.845299][T18118] bonding: no command found in bonding_masters - use +ifname or -ifname [ 843.034264][T18152] zswap: compressor not available [ 843.552569][T18171] netlink: 226 bytes leftover after parsing attributes in process `syz.4.4134'. [ 843.781670][T18171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4134'. [ 843.844497][T18171] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 845.915089][T18191] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4141'. [ 846.296015][T18191] hsr_slave_0 (unregistering): left promiscuous mode [ 846.781012][T18196] netlink: 258 bytes leftover after parsing attributes in process `syz.7.4143'. [ 849.742482][T18236] 0x000200000001-0xa29656a63616329 : "" [ 849.748168][T18236] mtd: partition "" is out of reach -- disabled [ 850.003200][T18236] ftl_cs: FTL header not found. [ 850.238810][T18244] mkiss: ax0: crc mode is auto. [ 856.290260][T18276] FAULT_INJECTION: forcing a failure. [ 856.290260][T18276] name failslab, interval 1, probability 393216, space 0, times 0 [ 856.388939][T18276] CPU: 1 UID: 0 PID: 18276 Comm: syz.7.4167 Not tainted syzkaller #0 PREEMPT(full) [ 856.388973][T18276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 856.388989][T18276] Call Trace: [ 856.388997][T18276] [ 856.389007][T18276] dump_stack_lvl+0x16c/0x1f0 [ 856.389049][T18276] should_fail_ex+0x512/0x640 [ 856.389085][T18276] ? __kmalloc_cache_noprof+0x5f/0x780 [ 856.389128][T18276] should_failslab+0xc2/0x120 [ 856.389162][T18276] __kmalloc_cache_noprof+0x72/0x780 [ 856.389202][T18276] ? ima_calc_file_hash_tfm+0x234/0x350 [ 856.389245][T18276] ? ima_calc_file_hash_tfm+0x234/0x350 [ 856.389282][T18276] ima_calc_file_hash_tfm+0x234/0x350 [ 856.389321][T18276] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 856.389394][T18276] ? stack_trace_snprint+0xd0/0xd0 [ 856.389423][T18276] ? __pfx_stack_trace_save+0x10/0x10 [ 856.389450][T18276] ? __pfx___might_resched+0x10/0x10 [ 856.389476][T18276] ? ima_alloc_tfm+0x21a/0x2e0 [ 856.389510][T18276] ? generic_fillattr+0x6bf/0x940 [ 856.389546][T18276] ima_calc_file_hash+0x1ba/0x490 [ 856.389587][T18276] ima_collect_measurement+0x8a6/0xa50 [ 856.389636][T18276] ? __pfx_ima_collect_measurement+0x10/0x10 [ 856.389694][T18276] ? __mutex_lock+0x1c5/0x1060 [ 856.389725][T18276] ? is_bad_inode+0xd/0x40 [ 856.389761][T18276] ? xattr_resolve_name+0x27b/0x3f0 [ 856.389805][T18276] ? vfs_getxattr_alloc+0xec/0x350 [ 856.389835][T18276] ? ima_get_hash_algo+0x27c/0x400 [ 856.389867][T18276] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 856.389905][T18276] ? process_measurement+0x11fa/0x23e0 [ 856.389939][T18276] process_measurement+0x11fa/0x23e0 [ 856.389981][T18276] ? __lock_acquire+0x622/0x1c90 [ 856.390019][T18276] ? __pfx_process_measurement+0x10/0x10 [ 856.390055][T18276] ? __kasan_slab_alloc+0x89/0x90 [ 856.390084][T18276] ? security_file_alloc+0x34/0x2b0 [ 856.390110][T18276] ? alloc_empty_file+0x73/0x1e0 [ 856.390143][T18276] ? alloc_file_pseudo+0x13a/0x230 [ 856.390184][T18276] ? find_held_lock+0x2b/0x80 [ 856.390243][T18276] ima_file_mmap+0x1b1/0x1d0 [ 856.390278][T18276] ? __pfx_ima_file_mmap+0x10/0x10 [ 856.390320][T18276] security_mmap_file+0x88c/0x990 [ 856.390347][T18276] vm_mmap_pgoff+0xec/0x470 [ 856.390381][T18276] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 856.390410][T18276] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 856.390447][T18276] ? hugetlbfs_get_inode+0x31f/0x730 [ 856.390484][T18276] ksys_mmap_pgoff+0x1c8/0x5c0 [ 856.390520][T18276] __x64_sys_mmap+0x125/0x190 [ 856.390560][T18276] do_syscall_64+0xcd/0xfa0 [ 856.390591][T18276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.390616][T18276] RIP: 0033:0x7fb978d8f6c9 [ 856.390637][T18276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 856.390661][T18276] RSP: 002b:00007fb979b4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 856.390683][T18276] RAX: ffffffffffffffda RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 856.390700][T18276] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 856.390714][T18276] RBP: 00007fb978e11f91 R08: 0000000000000004 R09: 0000300000000000 [ 856.390730][T18276] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 856.390744][T18276] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 856.390776][T18276] [ 856.726444][ T30] audit: type=1800 audit(8277292216.820:17): pid=18276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4167" name="anon_hugepage" dev="hugetlbfs" ino=84196 res=0 errno=0 [ 860.648636][T18326] netlink: 226 bytes leftover after parsing attributes in process `syz.7.4185'. [ 860.706173][T18326] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4185'. [ 860.777003][T18326] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 864.058985][T18351] ima: policy update failed [ 864.095510][ T30] audit: type=1802 audit(8277292224.566:18): pid=18351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.4194" res=0 errno=0 [ 868.989200][T18412] sp0: Synchronizing with TNC [ 869.876732][T18424] blktrace: Concurrent blktraces are not allowed on loop2 [ 870.404772][T18434] netlink: 'syz.2.4220': attribute type 10 has an invalid length. [ 870.412746][T18434] netlink: 'syz.2.4220': attribute type 13 has an invalid length. [ 871.420750][T18445] netlink: 246 bytes leftover after parsing attributes in process `syz.4.4224'. [ 871.865342][T18451] netlink: 'syz.7.4228': attribute type 10 has an invalid length. [ 871.915970][T18451] netlink: 230 bytes leftover after parsing attributes in process `syz.7.4228'. [ 871.994455][T18451] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 872.490443][T18455] FAULT_INJECTION: forcing a failure. [ 872.490443][T18455] name failslab, interval 1, probability 393216, space 0, times 0 [ 872.584357][T18455] CPU: 1 UID: 0 PID: 18455 Comm: syz.7.4230 Not tainted syzkaller #0 PREEMPT(full) [ 872.584391][T18455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 872.584406][T18455] Call Trace: [ 872.584415][T18455] [ 872.584424][T18455] dump_stack_lvl+0x16c/0x1f0 [ 872.584457][T18455] should_fail_ex+0x512/0x640 [ 872.584494][T18455] ? __kmalloc_noprof+0xca/0x880 [ 872.584535][T18455] should_failslab+0xc2/0x120 [ 872.584568][T18455] __kmalloc_noprof+0xdd/0x880 [ 872.584606][T18455] ? lsm_blob_alloc+0x68/0x90 [ 872.584641][T18455] ? lsm_blob_alloc+0x68/0x90 [ 872.584669][T18455] lsm_blob_alloc+0x68/0x90 [ 872.584699][T18455] security_prepare_creds+0x30/0x270 [ 872.584730][T18455] prepare_creds+0x56f/0x7d0 [ 872.584769][T18455] join_session_keyring+0x17/0x340 [ 872.584809][T18455] lookup_user_key+0x576/0x1300 [ 872.584851][T18455] ? __pfx_lookup_user_key+0x10/0x10 [ 872.584893][T18455] ? __pfx_do_futex+0x10/0x10 [ 872.584929][T18455] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 872.584974][T18455] ? __sys_socket+0xac/0x260 [ 872.585012][T18455] keyctl_keyring_move+0xb4/0x150 [ 872.585048][T18455] __do_sys_keyctl+0x171/0x590 [ 872.585085][T18455] do_syscall_64+0xcd/0xfa0 [ 872.585115][T18455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.585139][T18455] RIP: 0033:0x7fb978d8f6c9 [ 872.585159][T18455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 872.585182][T18455] RSP: 002b:00007fb979b4e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 872.585205][T18455] RAX: ffffffffffffffda RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 872.585221][T18455] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e [ 872.585237][T18455] RBP: 00007fb978e11f91 R08: 0000000000000001 R09: 0000000000000000 [ 872.585260][T18455] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 872.585274][T18455] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 872.585305][T18455] [ 875.082365][T18482] zswap: compressor not available [ 879.321646][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 879.328729][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 881.580962][T18546] zswap: compressor not available [ 884.084824][T18564] ima: policy update failed [ 884.172084][ T30] audit: type=1802 audit(8277292244.731:19): pid=18564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.4262" res=0 errno=0 [ 887.602559][T18603] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4272'. [ 889.929211][T18614] [U] [ 889.931974][T18614] [U] [ 889.934692][T18614] [U] [ 889.937404][T18614] [U] [ 890.341075][T18614] [U] [ 890.343927][T18614] [U] [ 890.346653][T18614] [U] [ 890.349394][T18614] [U] [ 890.844234][T18613] [U] [ 894.917916][T18651] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 895.049629][T18651] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 895.199242][T18651] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 895.445670][T18651] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 895.873692][T18651] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 896.002124][T18651] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 896.226759][T18651] CPU0 is offline. [ 896.980429][ T5850] Bluetooth: hci0: command 0x0406 tx timeout [ 897.057976][ T5850] Bluetooth: hci2: command 0x0406 tx timeout [ 897.217089][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 897.933820][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 899.243595][T18684] netlink: 'syz.6.4296': attribute type 1 has an invalid length. [ 899.289003][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 899.320767][T18688] netlink: 'syz.6.4296': attribute type 1 has an invalid length. [ 899.387027][T18684] netlink: 190 bytes leftover after parsing attributes in process `syz.6.4296'. [ 899.438755][T18688] netlink: 54 bytes leftover after parsing attributes in process `syz.6.4296'. [ 899.530328][T18683] ima: policy update failed [ 899.592908][ T30] audit: type=1802 audit(8277292260.223:20): pid=18683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.4296" res=0 errno=0 [ 900.007582][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 900.234739][ T5850] Bluetooth: hci2: unexpected event 0x06 length: 439 > 3 [ 900.454227][T18694] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 901.691296][T18712] FAULT_INJECTION: forcing a failure. [ 901.691296][T18712] name failslab, interval 1, probability 393216, space 0, times 0 [ 901.795687][T18712] CPU: 1 UID: 0 PID: 18712 Comm: syz.6.4305 Not tainted syzkaller #0 PREEMPT(full) [ 901.795722][T18712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 901.795737][T18712] Call Trace: [ 901.795745][T18712] [ 901.795755][T18712] dump_stack_lvl+0x16c/0x1f0 [ 901.795788][T18712] should_fail_ex+0x512/0x640 [ 901.795827][T18712] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 901.795859][T18712] should_failslab+0xc2/0x120 [ 901.795890][T18712] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 901.795918][T18712] ? bdi_alloc+0x44/0x170 [ 901.795952][T18712] ? bdi_alloc+0x44/0x170 [ 901.795979][T18712] bdi_alloc+0x44/0x170 [ 901.796006][T18712] __alloc_disk_node+0xac/0x640 [ 901.796042][T18712] __blk_mq_alloc_disk+0x89/0x120 [ 901.796073][T18712] loop_add+0x490/0xb70 [ 901.796099][T18712] ? __pfx_loop_add+0x10/0x10 [ 901.796141][T18712] ? find_held_lock+0x2b/0x80 [ 901.796169][T18712] loop_control_ioctl+0x13e/0x630 [ 901.796194][T18712] ? __pfx_loop_control_ioctl+0x10/0x10 [ 901.796223][T18712] ? __pfx_loop_control_ioctl+0x10/0x10 [ 901.796249][T18712] __x64_sys_ioctl+0x18e/0x210 [ 901.796286][T18712] do_syscall_64+0xcd/0xfa0 [ 901.796316][T18712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.796339][T18712] RIP: 0033:0x7f9b5db8f6c9 [ 901.796358][T18712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 901.796382][T18712] RSP: 002b:00007f9b5e9c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 901.796404][T18712] RAX: ffffffffffffffda RBX: 00007f9b5dde5fa0 RCX: 00007f9b5db8f6c9 [ 901.796422][T18712] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 901.796438][T18712] RBP: 00007f9b5dc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 901.796454][T18712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 901.796468][T18712] R13: 00007f9b5dde6038 R14: 00007f9b5dde5fa0 R15: 00007ffd982190d8 [ 901.796499][T18712] [ 903.213734][T18732] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4307'. [ 903.284698][T18731] ima: policy update failed [ 903.325455][ T30] audit: type=1802 audit(8277292263.971:21): pid=18731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.4307" res=0 errno=0 [ 903.703063][T18740] FAULT_INJECTION: forcing a failure. [ 903.703063][T18740] name failslab, interval 1, probability 393216, space 0, times 0 [ 903.797819][T18740] CPU: 1 UID: 0 PID: 18740 Comm: syz.4.4316 Not tainted syzkaller #0 PREEMPT(full) [ 903.797852][T18740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 903.797867][T18740] Call Trace: [ 903.797875][T18740] [ 903.797884][T18740] dump_stack_lvl+0x16c/0x1f0 [ 903.797917][T18740] should_fail_ex+0x512/0x640 [ 903.797954][T18740] ? __kmalloc_noprof+0xca/0x880 [ 903.797996][T18740] should_failslab+0xc2/0x120 [ 903.798029][T18740] __kmalloc_noprof+0xdd/0x880 [ 903.798067][T18740] ? trace_parser_get_init+0x30/0xc0 [ 903.798098][T18740] ? trace_parser_get_init+0x30/0xc0 [ 903.798122][T18740] trace_parser_get_init+0x30/0xc0 [ 903.798148][T18740] ftrace_event_write+0x177/0x2c0 [ 903.798178][T18740] ? __pfx_ftrace_event_write+0x10/0x10 [ 903.798217][T18740] ? __pfx_ftrace_event_write+0x10/0x10 [ 903.798244][T18740] vfs_writev+0x5df/0xde0 [ 903.798276][T18740] ? __pfx_vfs_writev+0x10/0x10 [ 903.798307][T18740] ? __mutex_lock+0x1c5/0x1060 [ 903.798346][T18740] ? __pfx___mutex_lock+0x10/0x10 [ 903.798387][T18740] ? __fget_files+0x20e/0x3c0 [ 903.798419][T18740] ? do_writev+0x132/0x340 [ 903.798441][T18740] do_writev+0x132/0x340 [ 903.798465][T18740] ? __pfx_do_writev+0x10/0x10 [ 903.798497][T18740] do_syscall_64+0xcd/0xfa0 [ 903.798528][T18740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.798552][T18740] RIP: 0033:0x7f6e1978f6c9 [ 903.798571][T18740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 903.798595][T18740] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 903.798617][T18740] RAX: ffffffffffffffda RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 903.798633][T18740] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 903.798647][T18740] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 903.798662][T18740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 903.798676][T18740] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 903.798708][T18740] [ 903.803467][T18736] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 904.818938][T18753] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4320'. [ 907.142845][T18787] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4326'. [ 914.033906][T18880] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4343'. [ 925.687396][T19004] binder: 19003:19004 ioctl c00c6211 0 returned -14 [ 929.431776][ T5850] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 929.439199][ T5850] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 929.529149][T19045] netlink: 'syz.2.4385': attribute type 19 has an invalid length. [ 929.629044][T19045] netlink: 226 bytes leftover after parsing attributes in process `syz.2.4385'. [ 932.100099][T19075] Invalid ELF header magic: != ELF [ 934.370725][T19096] FAULT_INJECTION: forcing a failure. [ 934.370725][T19096] name failslab, interval 1, probability 393216, space 0, times 0 [ 934.463391][T19096] CPU: 1 UID: 0 PID: 19096 Comm: syz.7.4402 Not tainted syzkaller #0 PREEMPT(full) [ 934.463431][T19096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 934.463447][T19096] Call Trace: [ 934.463456][T19096] [ 934.463465][T19096] dump_stack_lvl+0x16c/0x1f0 [ 934.463499][T19096] should_fail_ex+0x512/0x640 [ 934.463537][T19096] ? __kmalloc_cache_noprof+0x5f/0x780 [ 934.463580][T19096] should_failslab+0xc2/0x120 [ 934.463613][T19096] __kmalloc_cache_noprof+0x72/0x780 [ 934.463653][T19096] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 934.463692][T19096] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 934.463724][T19096] kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 934.463758][T19096] ? __pfx_kvm_vm_release+0x10/0x10 [ 934.463787][T19096] kvm_put_kvm+0xe3/0xb00 [ 934.463813][T19096] ? lockdep_hardirqs_on+0x7c/0x110 [ 934.463840][T19096] ? _raw_spin_unlock_irq+0x2e/0x50 [ 934.463868][T19096] ? __pfx_kvm_vm_release+0x10/0x10 [ 934.463894][T19096] kvm_vm_release+0x3c/0x50 [ 934.463920][T19096] __fput+0x402/0xb70 [ 934.463954][T19096] ? _raw_spin_unlock_irq+0x23/0x50 [ 934.463981][T19096] task_work_run+0x150/0x240 [ 934.464020][T19096] ? __pfx_task_work_run+0x10/0x10 [ 934.464058][T19096] ? __pfx___do_sys_close_range+0x10/0x10 [ 934.464091][T19096] exit_to_user_mode_loop+0xec/0x130 [ 934.464129][T19096] do_syscall_64+0x426/0xfa0 [ 934.464159][T19096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.464183][T19096] RIP: 0033:0x7fb978d8f6c9 [ 934.464202][T19096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 934.464226][T19096] RSP: 002b:00007fb979b4e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 934.464249][T19096] RAX: 0000000000000000 RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 934.464265][T19096] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 934.464281][T19096] RBP: 00007fb978e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 934.464296][T19096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 934.464310][T19096] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 934.464341][T19096] [ 940.425491][T19150] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 940.462223][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 940.474201][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 942.751869][T19169] zswap: compressor not available [ 945.585564][T19204] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4432'. [ 945.855613][T19204] team0: Port device team_slave_0 removed [ 947.103300][T19216] netlink: 206 bytes leftover after parsing attributes in process `syz.6.4436'. [ 948.005288][T19222] netlink: 62 bytes leftover after parsing attributes in process `syz.4.4438'. [ 948.794581][T19232] [U] [ 948.797428][T19232] [U] [ 948.800153][T19232] [U] [ 948.802875][T19232] [U] [ 948.805585][T19232] [U] [ 948.914287][T19232] [U] [ 948.917085][T19232] [U] [ 948.919804][T19232] [U] [ 948.922515][T19232] [U] [ 949.146039][T19231] [U] [ 949.846773][T19247] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 949.904163][T19247] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 949.982317][T19247] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 950.085303][T19247] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 950.199208][T19247] CPU0 is offline. [ 951.255821][T19273] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4452'. [ 951.920125][ T5850] Bluetooth: hci2: command 0x0406 tx timeout [ 951.926186][ T5850] Bluetooth: hci0: command 0x0406 tx timeout [ 952.003176][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 952.080378][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 954.258016][T19303] binder: 19302:19303 ioctl c00c6211 0 returned -14 [ 956.555766][T19325] zswap: compressor not available [ 959.537916][T19374] sp0: Synchronizing with TNC [ 960.257698][T19381] Invalid ELF header magic: != ELF [ 960.420481][T19388] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4487'. [ 960.504516][T19388] ipvlan1: entered allmulticast mode [ 960.532945][T19388] veth0_vlan: entered allmulticast mode [ 961.029595][T19398] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4490'. [ 962.754642][T19417] Invalid ELF header magic: != ELF [ 963.074477][T19427] blktrace: Concurrent blktraces are not allowed on loop2 [ 964.514327][T19444] netlink: 338 bytes leftover after parsing attributes in process `syz.7.4507'. [ 964.617712][T19444] netlink: 314 bytes leftover after parsing attributes in process `syz.7.4507'. [ 968.119683][T19491] [U] [ 968.122544][T19491] [U] [ 968.125340][T19491] [U] [ 968.128072][T19491] [U] [ 968.130875][T19491] [U] [ 968.214582][T19491] [U] [ 968.217352][T19491] [U] [ 968.220168][T19491] [U] [ 968.222881][T19491] [U] [ 968.443654][T19491] [U] [ 968.446415][T19491] [U] [ 968.449144][T19491] [U] [ 968.451868][T19491] [U] [ 968.695795][T19488] [U] [ 971.022885][T19518] netlink: 'syz.2.4531': attribute type 16 has an invalid length. [ 971.094109][T19518] netlink: 226 bytes leftover after parsing attributes in process `syz.2.4531'. [ 971.285986][T19518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4531'. [ 971.737055][T19527] FAULT_INJECTION: forcing a failure. [ 971.737055][T19527] name failslab, interval 1, probability 393216, space 0, times 0 [ 971.806904][T19527] CPU: 1 UID: 0 PID: 19527 Comm: syz.6.4537 Not tainted syzkaller #0 PREEMPT(full) [ 971.807003][T19527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 971.807018][T19527] Call Trace: [ 971.807026][T19527] [ 971.807035][T19527] dump_stack_lvl+0x16c/0x1f0 [ 971.807068][T19527] should_fail_ex+0x512/0x640 [ 971.807104][T19527] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 971.807131][T19527] should_failslab+0xc2/0x120 [ 971.807166][T19527] kmem_cache_alloc_noprof+0x75/0x6e0 [ 971.807190][T19527] ? taskstats_exit+0x654/0xbe0 [ 971.807232][T19527] ? taskstats_exit+0x654/0xbe0 [ 971.807266][T19527] ? acct_update_integrals+0x2ce/0x4a0 [ 971.807286][T19527] taskstats_exit+0x654/0xbe0 [ 971.807325][T19527] ? __pfx_taskstats_exit+0x10/0x10 [ 971.807365][T19527] ? exit_signals+0x38e/0xb40 [ 971.807395][T19527] do_exit+0x5dc/0x2bf0 [ 971.807432][T19527] ? __pfx_do_exit+0x10/0x10 [ 971.807463][T19527] ? do_raw_spin_lock+0x12c/0x2b0 [ 971.807499][T19527] ? find_held_lock+0x2b/0x80 [ 971.807527][T19527] do_group_exit+0xd3/0x2a0 [ 971.807562][T19527] get_signal+0x2671/0x26d0 [ 971.807594][T19527] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 971.807635][T19527] ? __pfx_get_signal+0x10/0x10 [ 971.807661][T19527] ? do_futex+0x122/0x350 [ 971.807693][T19527] ? __pfx_do_futex+0x10/0x10 [ 971.807726][T19527] arch_do_signal_or_restart+0x8f/0x790 [ 971.807757][T19527] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 971.807795][T19527] ? xfd_validate_state+0x61/0x180 [ 971.807826][T19527] ? __pfx_ksys_write+0x10/0x10 [ 971.807857][T19527] exit_to_user_mode_loop+0x85/0x130 [ 971.807895][T19527] do_syscall_64+0x426/0xfa0 [ 971.807931][T19527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 971.807956][T19527] RIP: 0033:0x7f9b5db8f6c9 [ 971.807975][T19527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 971.807998][T19527] RSP: 002b:00007f9b5e9800e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 971.808021][T19527] RAX: fffffffffffffe00 RBX: 00007f9b5dde6188 RCX: 00007f9b5db8f6c9 [ 971.808038][T19527] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9b5dde6188 [ 971.808053][T19527] RBP: 00007f9b5dde6180 R08: 0000000000000000 R09: 0000000000000000 [ 971.808068][T19527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 971.808084][T19527] R13: 00007f9b5dde6218 R14: 00007ffd98218ff0 R15: 00007ffd982190d8 [ 971.808115][T19527] [ 972.805915][T19547] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4538'. [ 972.842250][T19547] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4538'. [ 973.004630][T19545] FAULT_INJECTION: forcing a failure. [ 973.004630][T19545] name failslab, interval 1, probability 393216, space 0, times 0 [ 973.076182][T19545] CPU: 1 UID: 0 PID: 19545 Comm: syz.6.4536 Not tainted syzkaller #0 PREEMPT(full) [ 973.076215][T19545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 973.076231][T19545] Call Trace: [ 973.076239][T19545] [ 973.076248][T19545] dump_stack_lvl+0x16c/0x1f0 [ 973.076281][T19545] should_fail_ex+0x512/0x640 [ 973.076318][T19545] ? __kmalloc_noprof+0xca/0x880 [ 973.076360][T19545] should_failslab+0xc2/0x120 [ 973.076392][T19545] __kmalloc_noprof+0xdd/0x880 [ 973.076429][T19545] ? __pfx___mutex_lock+0x10/0x10 [ 973.076460][T19545] ? kvm_io_bus_register_dev+0x1cf/0x720 [ 973.076495][T19545] ? kvm_io_bus_register_dev+0x1cf/0x720 [ 973.076523][T19545] kvm_io_bus_register_dev+0x1cf/0x720 [ 973.076561][T19545] kvm_pic_init+0x1fd/0x380 [ 973.076601][T19545] kvm_arch_vm_ioctl+0x8f0/0x18b0 [ 973.076630][T19545] ? register_lock_class+0x41/0x4c0 [ 973.076663][T19545] ? find_held_lock+0x2b/0x80 [ 973.076687][T19545] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 973.076715][T19545] ? ima_match_policy+0x7f9/0x22e0 [ 973.076743][T19545] ? __lock_acquire+0x622/0x1c90 [ 973.076780][T19545] ? __lock_acquire+0x622/0x1c90 [ 973.076820][T19545] ? __lock_acquire+0x622/0x1c90 [ 973.076859][T19545] ? __lock_acquire+0x622/0x1c90 [ 973.076920][T19545] ? bpf_ksym_find+0x124/0x1c0 [ 973.076948][T19545] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 973.076978][T19545] ? is_bpf_text_address+0x94/0x1a0 [ 973.077013][T19545] ? kernel_text_address+0x8d/0x100 [ 973.077051][T19545] ? widen_string+0xdc/0x2d0 [ 973.077085][T19545] ? __kernel_text_address+0xd/0x40 [ 973.077122][T19545] ? unwind_get_return_address+0x59/0xa0 [ 973.077148][T19545] ? arch_stack_walk+0xa6/0x100 [ 973.077186][T19545] ? stack_trace_save+0x8e/0xc0 [ 973.077212][T19545] ? __pfx_stack_trace_save+0x10/0x10 [ 973.077241][T19545] ? stack_depot_save_flags+0x29/0x9c0 [ 973.077279][T19545] ? __lock_acquire+0xb8a/0x1c90 [ 973.077313][T19545] ? kasan_save_stack+0x42/0x60 [ 973.077339][T19545] ? kasan_save_stack+0x33/0x60 [ 973.077365][T19545] ? kasan_save_track+0x14/0x30 [ 973.077391][T19545] ? __kasan_save_free_info+0x3b/0x60 [ 973.077428][T19545] ? __kasan_slab_free+0x5f/0x80 [ 973.077455][T19545] ? kfree+0x2b8/0x6d0 [ 973.077489][T19545] ? tomoyo_path_number_perm+0x470/0x580 [ 973.077532][T19545] kvm_vm_ioctl+0x1a91/0x3fd0 [ 973.077570][T19545] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 973.077615][T19545] ? kasan_quarantine_put+0x10a/0x240 [ 973.077641][T19545] ? lockdep_hardirqs_on+0x7c/0x110 [ 973.077672][T19545] ? find_held_lock+0x2b/0x80 [ 973.077697][T19545] ? tomoyo_path_number_perm+0x295/0x580 [ 973.077740][T19545] ? tomoyo_path_number_perm+0x18d/0x580 [ 973.077782][T19545] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 973.077832][T19545] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 973.077879][T19545] ? do_vfs_ioctl+0x128/0x14f0 [ 973.077916][T19545] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 973.077960][T19545] ? find_held_lock+0x2b/0x80 [ 973.077983][T19545] ? hook_file_ioctl_common+0x145/0x410 [ 973.078014][T19545] ? __fget_files+0x20e/0x3c0 [ 973.078042][T19545] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 973.078070][T19545] __x64_sys_ioctl+0x18e/0x210 [ 973.078108][T19545] do_syscall_64+0xcd/0xfa0 [ 973.078139][T19545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 973.078164][T19545] RIP: 0033:0x7f9b5db8f6c9 [ 973.078183][T19545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 973.078205][T19545] RSP: 002b:00007f9b5e9c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 973.078228][T19545] RAX: ffffffffffffffda RBX: 00007f9b5dde5fa0 RCX: 00007f9b5db8f6c9 [ 973.078244][T19545] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 973.078258][T19545] RBP: 00007f9b5dc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 973.078272][T19545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 973.078286][T19545] R13: 00007f9b5dde6038 R14: 00007f9b5dde5fa0 R15: 00007ffd982190d8 [ 973.078325][T19545] [ 975.646740][T19565] FAULT_INJECTION: forcing a failure. [ 975.646740][T19565] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 975.760740][T19565] CPU: 1 UID: 0 PID: 19565 Comm: syz.7.4543 Not tainted syzkaller #0 PREEMPT(full) [ 975.760774][T19565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 975.760789][T19565] Call Trace: [ 975.760797][T19565] [ 975.760807][T19565] dump_stack_lvl+0x16c/0x1f0 [ 975.760840][T19565] should_fail_ex+0x512/0x640 [ 975.760882][T19565] should_fail_alloc_page+0xe7/0x130 [ 975.760917][T19565] prepare_alloc_pages+0x3c2/0x610 [ 975.760950][T19565] ? rcu_is_watching+0x12/0xc0 [ 975.760978][T19565] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 975.761007][T19565] ? __lock_acquire+0xb8a/0x1c90 [ 975.761051][T19565] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 975.761077][T19565] ? do_raw_spin_lock+0x12c/0x2b0 [ 975.761116][T19565] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 975.761154][T19565] ? find_held_lock+0x2b/0x80 [ 975.761188][T19565] ? __lock_acquire+0xb8a/0x1c90 [ 975.761220][T19565] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 975.761262][T19565] ? policy_nodemask+0xea/0x4e0 [ 975.761297][T19565] alloc_pages_mpol+0x1fb/0x550 [ 975.761331][T19565] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 975.761373][T19565] folio_alloc_mpol_noprof+0x36/0x2f0 [ 975.761412][T19565] shmem_alloc_folio+0x135/0x160 [ 975.761449][T19565] shmem_alloc_and_add_folio+0x499/0xc20 [ 975.761496][T19565] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 975.761548][T19565] ? shmem_allowable_huge_orders+0xd4/0x3f0 [ 975.761572][T19565] ? __lock_acquire+0xb70/0x1c90 [ 975.761610][T19565] shmem_get_folio_gfp+0x67f/0x1610 [ 975.761642][T19565] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 975.761668][T19565] ? __pfx___might_resched+0x10/0x10 [ 975.761698][T19565] shmem_fallocate+0x794/0xf50 [ 975.761736][T19565] ? __pfx_shmem_fallocate+0x10/0x10 [ 975.761770][T19565] ? __lock_acquire+0xb8a/0x1c90 [ 975.761806][T19565] ? __lock_acquire+0x622/0x1c90 [ 975.761855][T19565] ? __pfx_shmem_fallocate+0x10/0x10 [ 975.761880][T19565] vfs_fallocate+0x5b4/0x10e0 [ 975.761911][T19565] ? __pfx_vfs_fallocate+0x10/0x10 [ 975.761948][T19565] __x64_sys_fallocate+0xd5/0x150 [ 975.761980][T19565] do_syscall_64+0xcd/0xfa0 [ 975.762011][T19565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 975.762036][T19565] RIP: 0033:0x7fb978d8f6c9 [ 975.762055][T19565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 975.762079][T19565] RSP: 002b:00007fb979b4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 975.762102][T19565] RAX: ffffffffffffffda RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 975.762118][T19565] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003 [ 975.762133][T19565] RBP: 00007fb978e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 975.762148][T19565] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000 [ 975.762162][T19565] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 975.762194][T19565] [ 976.288345][T19567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4545'. [ 976.298168][T19567] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4545'. [ 976.928606][T19581] nvme_fcloop: unknown parameter or missing value '0' [ 976.971094][T19578] netlink: 50 bytes leftover after parsing attributes in process `syz.6.4548'. [ 977.028177][T19581] hub 1-0:1.0: USB hub found [ 977.065343][T19581] hub 1-0:1.0: 1 port detected [ 978.365182][T19602] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4554'. [ 978.796020][T19596] zswap: compressor not available [ 979.299315][T19617] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4559'. [ 980.114582][ T30] audit: type=1800 audit(4294967356.849:22): pid=19626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4562" name="lu_gp_id" dev="configfs" ino=116421 res=0 errno=0 [ 981.196014][T19634] zswap: compressor not available [ 982.049621][T19650] netlink: 'syz.2.4567': attribute type 27 has an invalid length. [ 982.101168][T19650] netlink: 'syz.2.4567': attribute type 28 has an invalid length. [ 982.152305][T19650] netlink: 'syz.2.4567': attribute type 29 has an invalid length. [ 982.213860][T19650] netlink: 'syz.2.4567': attribute type 30 has an invalid length. [ 982.276500][T19650] netlink: 'syz.2.4567': attribute type 31 has an invalid length. [ 982.308917][T19650] netlink: 'syz.2.4567': attribute type 32 has an invalid length. [ 982.369410][T19650] netlink: 'syz.2.4567': attribute type 33 has an invalid length. [ 982.421145][T19650] netlink: 'syz.2.4567': attribute type 35 has an invalid length. [ 982.470863][T19650] netlink: 'syz.2.4567': attribute type 37 has an invalid length. [ 982.517993][T19650] netlink: 'syz.2.4567': attribute type 39 has an invalid length. [ 982.557307][T19650] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4567'. [ 983.733309][T19666] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 984.827081][T19679] FAULT_INJECTION: forcing a failure. [ 984.827081][T19679] name failslab, interval 1, probability 393216, space 0, times 0 [ 984.902099][T19679] CPU: 1 UID: 0 PID: 19679 Comm: syz.4.4576 Not tainted syzkaller #0 PREEMPT(full) [ 984.902133][T19679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 984.902148][T19679] Call Trace: [ 984.902156][T19679] [ 984.902166][T19679] dump_stack_lvl+0x16c/0x1f0 [ 984.902199][T19679] should_fail_ex+0x512/0x640 [ 984.902236][T19679] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 984.902265][T19679] should_failslab+0xc2/0x120 [ 984.902298][T19679] kmem_cache_alloc_node_noprof+0x78/0x770 [ 984.902323][T19679] ? __alloc_skb+0x2b2/0x380 [ 984.902366][T19679] ? __alloc_skb+0x2b2/0x380 [ 984.902401][T19679] __alloc_skb+0x2b2/0x380 [ 984.902437][T19679] ? __pfx___alloc_skb+0x10/0x10 [ 984.902474][T19679] ? ip_frag_init+0x270/0x350 [ 984.902501][T19679] ? is_bpf_text_address+0x8a/0x1a0 [ 984.902541][T19679] __ip6_append_data+0x2b74/0x4740 [ 984.902584][T19679] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 984.902623][T19679] ? __pfx___ip6_append_data+0x10/0x10 [ 984.902665][T19679] ? __pfx_ip6_mtu+0x10/0x10 [ 984.902694][T19679] ? ip6_setup_cork+0xc51/0x1530 [ 984.902730][T19679] ip6_make_skb+0x2c8/0x3f0 [ 984.902767][T19679] ? ip6_dst_check+0x343/0x950 [ 984.902795][T19679] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 984.902825][T19679] ? __pfx_ip6_make_skb+0x10/0x10 [ 984.902861][T19679] ? find_held_lock+0x2b/0x80 [ 984.902893][T19679] ? sk_dst_check+0x1da/0x540 [ 984.902936][T19679] ? udpv6_sendmsg+0x2365/0x2d30 [ 984.902960][T19679] udpv6_sendmsg+0x2365/0x2d30 [ 984.902986][T19679] ? aa_label_sk_perm+0x195/0x600 [ 984.903010][T19679] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 984.903046][T19679] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 984.903082][T19679] ? __lock_acquire+0x622/0x1c90 [ 984.903124][T19679] ? __pfx___might_resched+0x10/0x10 [ 984.903170][T19679] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 984.903198][T19679] ? inet6_sendmsg+0x105/0x140 [ 984.903223][T19679] inet6_sendmsg+0x105/0x140 [ 984.903251][T19679] sock_write_iter+0x437/0x610 [ 984.903283][T19679] ? __pfx_sock_write_iter+0x10/0x10 [ 984.903323][T19679] ? bpf_lsm_file_permission+0x9/0x10 [ 984.903351][T19679] ? security_file_permission+0x71/0x210 [ 984.903378][T19679] ? rw_verify_area+0xcf/0x6c0 [ 984.903403][T19679] vfs_write+0x7d3/0x11d0 [ 984.903429][T19679] ? __pfx_sock_write_iter+0x10/0x10 [ 984.903463][T19679] ? __pfx_vfs_write+0x10/0x10 [ 984.903486][T19679] ? find_held_lock+0x2b/0x80 [ 984.903527][T19679] ksys_write+0x1f8/0x250 [ 984.903553][T19679] ? __pfx_ksys_write+0x10/0x10 [ 984.903587][T19679] do_syscall_64+0xcd/0xfa0 [ 984.903618][T19679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.903643][T19679] RIP: 0033:0x7f6e1978f6c9 [ 984.903667][T19679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 984.903691][T19679] RSP: 002b:00007f6e1a5cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 984.903713][T19679] RAX: ffffffffffffffda RBX: 00007f6e199e6090 RCX: 00007f6e1978f6c9 [ 984.903730][T19679] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 984.903745][T19679] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 984.903761][T19679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 984.903775][T19679] R13: 00007f6e199e6128 R14: 00007f6e199e6090 R15: 00007fffa3e7c5b8 [ 984.903807][T19679] [ 991.675273][T19754] netlink: 306 bytes leftover after parsing attributes in process `syz.6.4601'. [ 992.804128][T19767] FAULT_INJECTION: forcing a failure. [ 992.804128][T19767] name failslab, interval 1, probability 393216, space 0, times 0 [ 992.895774][T19767] CPU: 1 UID: 0 PID: 19767 Comm: syz.4.4606 Not tainted syzkaller #0 PREEMPT(full) [ 992.895808][T19767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 992.895823][T19767] Call Trace: [ 992.895836][T19767] [ 992.895846][T19767] dump_stack_lvl+0x16c/0x1f0 [ 992.895878][T19767] should_fail_ex+0x512/0x640 [ 992.895915][T19767] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 992.895943][T19767] should_failslab+0xc2/0x120 [ 992.895981][T19767] kmem_cache_alloc_noprof+0x75/0x6e0 [ 992.896006][T19767] ? getname_flags.part.0+0x4c/0x550 [ 992.896048][T19767] ? getname_flags.part.0+0x4c/0x550 [ 992.896082][T19767] getname_flags.part.0+0x4c/0x550 [ 992.896120][T19767] getname_flags+0x93/0xf0 [ 992.896144][T19767] do_sys_openat2+0xb8/0x1d0 [ 992.896179][T19767] ? __pfx_do_sys_openat2+0x10/0x10 [ 992.896226][T19767] __x64_sys_openat+0x174/0x210 [ 992.896262][T19767] ? __pfx___x64_sys_openat+0x10/0x10 [ 992.896310][T19767] do_syscall_64+0xcd/0xfa0 [ 992.896341][T19767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.896366][T19767] RIP: 0033:0x7f6e1978df10 [ 992.896385][T19767] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 992.896409][T19767] RSP: 002b:00007f6e1a5ebf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 992.896432][T19767] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6e1978df10 [ 992.896447][T19767] RDX: 0000000000000002 RSI: 00007f6e1a5ebfa0 RDI: 00000000ffffff9c [ 992.896463][T19767] RBP: 00007f6e1a5ebfa0 R08: 0000000000000000 R09: 0000000000000000 [ 992.896478][T19767] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 992.896492][T19767] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 992.896523][T19767] [ 995.194400][T19796] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4612'. [ 995.342458][T19801] netlink: 186 bytes leftover after parsing attributes in process `syz.6.4616'. [ 995.382671][T19801] netlink: 186 bytes leftover after parsing attributes in process `syz.6.4616'. [ 998.143095][T19851] validate_nla: 1 callbacks suppressed [ 998.143115][T19851] netlink: 'syz.4.4630': attribute type 6 has an invalid length. [ 998.213181][T19851] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4630'. [ 998.557652][T19855] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4631'. [ 998.941042][T19860] random: crng reseeded on system resumption [ 999.790317][T19864] serio: Serial port ttyS2 [ 1001.616716][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1001.623050][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1001.984003][T19898] netlink: 13 bytes leftover after parsing attributes in process `syz.6.4643'. [ 1006.178416][T19954] netlink: 25 bytes leftover after parsing attributes in process `syz.6.4660'. [ 1006.914704][T19974] lo: entered allmulticast mode [ 1006.942330][T19977] lo: left allmulticast mode [ 1008.449035][T19992] zswap: compressor not available [ 1008.741823][T20004] FAULT_INJECTION: forcing a failure. [ 1008.741823][T20004] name failslab, interval 1, probability 393216, space 0, times 0 [ 1008.802590][T20004] CPU: 1 UID: 0 PID: 20004 Comm: syz.4.4675 Not tainted syzkaller #0 PREEMPT(full) [ 1008.802624][T20004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1008.802639][T20004] Call Trace: [ 1008.802648][T20004] [ 1008.802658][T20004] dump_stack_lvl+0x16c/0x1f0 [ 1008.802691][T20004] should_fail_ex+0x512/0x640 [ 1008.802728][T20004] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1008.802772][T20004] should_failslab+0xc2/0x120 [ 1008.802805][T20004] __kmalloc_cache_noprof+0x72/0x780 [ 1008.802846][T20004] ? rfkill_fop_open+0x1b6/0x750 [ 1008.802874][T20004] ? rfkill_fop_open+0x1b6/0x750 [ 1008.802895][T20004] rfkill_fop_open+0x1b6/0x750 [ 1008.802922][T20004] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1008.802946][T20004] misc_open+0x26d/0x450 [ 1008.802983][T20004] ? __pfx_misc_open+0x10/0x10 [ 1008.803018][T20004] chrdev_open+0x234/0x6a0 [ 1008.803046][T20004] ? __pfx_apparmor_file_open+0x10/0x10 [ 1008.803083][T20004] ? __pfx_chrdev_open+0x10/0x10 [ 1008.803114][T20004] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1008.803146][T20004] do_dentry_open+0x982/0x1530 [ 1008.803175][T20004] ? __pfx_chrdev_open+0x10/0x10 [ 1008.803210][T20004] vfs_open+0x82/0x3f0 [ 1008.803248][T20004] path_openat+0x1de4/0x2cb0 [ 1008.803284][T20004] ? __pfx_path_openat+0x10/0x10 [ 1008.803312][T20004] ? __lock_acquire+0xb8a/0x1c90 [ 1008.803349][T20004] do_filp_open+0x20b/0x470 [ 1008.803375][T20004] ? __pfx_do_filp_open+0x10/0x10 [ 1008.803423][T20004] ? alloc_fd+0x471/0x7d0 [ 1008.803464][T20004] do_sys_openat2+0x11b/0x1d0 [ 1008.803500][T20004] ? __pfx_do_sys_openat2+0x10/0x10 [ 1008.803551][T20004] __x64_sys_openat+0x174/0x210 [ 1008.803589][T20004] ? __pfx___x64_sys_openat+0x10/0x10 [ 1008.803638][T20004] do_syscall_64+0xcd/0xfa0 [ 1008.803668][T20004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.803693][T20004] RIP: 0033:0x7f6e1978f6c9 [ 1008.803713][T20004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.803737][T20004] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1008.803760][T20004] RAX: ffffffffffffffda RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 1008.803776][T20004] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1008.803791][T20004] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1008.803806][T20004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1008.803821][T20004] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 1008.803852][T20004] [ 1010.297918][T20019] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4679'. [ 1010.849266][T20025] netlink: 'syz.6.4689': attribute type 3 has an invalid length. [ 1010.923477][T20025] netlink: 306 bytes leftover after parsing attributes in process `syz.6.4689'. [ 1013.625768][T20036] kexec: Could not allocate control_code_buffer [ 1016.133553][T20075] serio: Serial port ttyS2 [ 1020.524008][T20147] syz.7.4717 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1021.040046][T20156] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 1023.959027][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.004061][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.032438][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.071380][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.106107][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.161943][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.205238][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.250173][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.282810][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1024.331452][T20193] netlink: 62 bytes leftover after parsing attributes in process `syz.7.4732'. [ 1029.975293][T20251] kexec: Could not allocate control_code_buffer [ 1030.298898][T20274] __nla_validate_parse: 18 callbacks suppressed [ 1030.298920][T20274] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4753'. [ 1030.404325][T20276] netlink: 'syz.7.4755': attribute type 1 has an invalid length. [ 1030.440895][T20276] netlink: 13 bytes leftover after parsing attributes in process `syz.7.4755'. [ 1031.555655][T20286] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4759'. [ 1031.616647][T20294] FAULT_INJECTION: forcing a failure. [ 1031.616647][T20294] name failslab, interval 1, probability 393216, space 0, times 0 [ 1031.695128][T20294] CPU: 1 UID: 0 PID: 20294 Comm: syz.7.4761 Not tainted syzkaller #0 PREEMPT(full) [ 1031.695162][T20294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1031.695177][T20294] Call Trace: [ 1031.695185][T20294] [ 1031.695194][T20294] dump_stack_lvl+0x16c/0x1f0 [ 1031.695227][T20294] should_fail_ex+0x512/0x640 [ 1031.695264][T20294] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1031.695332][T20294] should_failslab+0xc2/0x120 [ 1031.695366][T20294] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1031.695391][T20294] ? vm_area_alloc+0x1f/0x160 [ 1031.695434][T20294] ? vm_area_alloc+0x1f/0x160 [ 1031.695474][T20294] vm_area_alloc+0x1f/0x160 [ 1031.695511][T20294] __mmap_region+0xf85/0x27a0 [ 1031.695536][T20294] ? find_held_lock+0x2b/0x80 [ 1031.695561][T20294] ? __pfx___mmap_region+0x10/0x10 [ 1031.695583][T20294] ? finish_task_switch.isra.0+0x21c/0xc10 [ 1031.695610][T20294] ? rcu_is_watching+0x12/0xc0 [ 1031.695635][T20294] ? finish_task_switch.isra.0+0x221/0xc10 [ 1031.695660][T20294] ? lockdep_hardirqs_on+0x7c/0x110 [ 1031.695689][T20294] ? finish_task_switch.isra.0+0x221/0xc10 [ 1031.695740][T20294] ? __pfx___schedule+0x10/0x10 [ 1031.695800][T20294] ? trace_cap_capable+0x18d/0x200 [ 1031.695846][T20294] mmap_region+0x1ab/0x3f0 [ 1031.695874][T20294] ? __get_unmapped_area+0x267/0x440 [ 1031.695909][T20294] do_mmap+0xa3e/0x1210 [ 1031.695945][T20294] ? __pfx_do_mmap+0x10/0x10 [ 1031.695977][T20294] ? __pfx_down_write_killable+0x10/0x10 [ 1031.696016][T20294] vm_mmap_pgoff+0x29e/0x470 [ 1031.696053][T20294] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1031.696091][T20294] ? __x64_sys_futex+0x1e0/0x4c0 [ 1031.696123][T20294] ? __x64_sys_futex+0x1e9/0x4c0 [ 1031.696160][T20294] ksys_mmap_pgoff+0x7d/0x5c0 [ 1031.696190][T20294] ? xfd_validate_state+0x61/0x180 [ 1031.696224][T20294] ? __task_pid_nr_ns+0x1f5/0x500 [ 1031.696260][T20294] __x64_sys_mmap+0x125/0x190 [ 1031.696306][T20294] do_syscall_64+0xcd/0xfa0 [ 1031.696337][T20294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1031.696362][T20294] RIP: 0033:0x7fb978d8f6c9 [ 1031.696383][T20294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1031.696407][T20294] RSP: 002b:00007fb979b4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1031.696430][T20294] RAX: ffffffffffffffda RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 1031.696446][T20294] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 1031.696461][T20294] RBP: 00007fb978e11f91 R08: 0000000000000401 R09: 0000000000008000 [ 1031.696476][T20294] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1031.696490][T20294] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 1031.696522][T20294] [ 1031.969765][ C1] vkms_vblank_simulate: vblank timer overrun [ 1032.548033][T20299] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4770'. [ 1032.599817][T20299] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4770'. [ 1034.511315][T20330] FAULT_INJECTION: forcing a failure. [ 1034.511315][T20330] name failslab, interval 1, probability 393216, space 0, times 0 [ 1034.532245][T20332] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4775'. [ 1034.609189][T20330] CPU: 1 UID: 0 PID: 20330 Comm: syz.6.4774 Not tainted syzkaller #0 PREEMPT(full) [ 1034.609223][T20330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1034.609239][T20330] Call Trace: [ 1034.609247][T20330] [ 1034.609256][T20330] dump_stack_lvl+0x16c/0x1f0 [ 1034.609289][T20330] should_fail_ex+0x512/0x640 [ 1034.609326][T20330] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1034.609369][T20330] should_failslab+0xc2/0x120 [ 1034.609402][T20330] __kmalloc_cache_noprof+0x72/0x780 [ 1034.609440][T20330] ? bpf_lsm_msg_msg_alloc_security+0x9/0x10 [ 1034.609477][T20330] ? security_msg_msg_alloc+0x9c/0x230 [ 1034.609507][T20330] ? do_mq_timedsend+0x89b/0xc40 [ 1034.609546][T20330] ? do_mq_timedsend+0x89b/0xc40 [ 1034.609579][T20330] do_mq_timedsend+0x89b/0xc40 [ 1034.609615][T20330] ? __pfx_do_mq_timedsend+0x10/0x10 [ 1034.609649][T20330] ? do_futex+0x122/0x350 [ 1034.609693][T20330] ? __x64_sys_futex+0x1e0/0x4c0 [ 1034.609729][T20330] __x64_sys_mq_timedsend+0x1cd/0x260 [ 1034.609766][T20330] ? __pfx___x64_sys_mq_timedsend+0x10/0x10 [ 1034.609811][T20330] do_syscall_64+0xcd/0xfa0 [ 1034.609842][T20330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.609867][T20330] RIP: 0033:0x7f9b5db8f6c9 [ 1034.609885][T20330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1034.609909][T20330] RSP: 002b:00007f9b5e9c2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f2 [ 1034.609931][T20330] RAX: ffffffffffffffda RBX: 00007f9b5dde5fa0 RCX: 00007f9b5db8f6c9 [ 1034.609947][T20330] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000004 [ 1034.609961][T20330] RBP: 00007f9b5dc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1034.609976][T20330] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1034.609990][T20330] R13: 00007f9b5dde6038 R14: 00007f9b5dde5fa0 R15: 00007ffd982190d8 [ 1034.610021][T20330] [ 1034.799671][ C1] vkms_vblank_simulate: vblank timer overrun [ 1034.805702][ C1] hrtimer: interrupt took 195570883 ns [ 1034.905796][ C1] vkms_vblank_simulate: vblank timer overrun [ 1036.275061][T20354] ubi0: attaching mtd0 [ 1036.301777][T20354] ubi0 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66) [ 1038.341583][T20389] random: crng reseeded on system resumption [ 1040.198313][T20416] netlink: 138 bytes leftover after parsing attributes in process `syz.2.4800'. [ 1041.743666][T20447] FAULT_INJECTION: forcing a failure. [ 1041.743666][T20447] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1041.827525][T20447] CPU: 1 UID: 0 PID: 20447 Comm: syz.6.4808 Not tainted syzkaller #0 PREEMPT(full) [ 1041.827559][T20447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1041.827574][T20447] Call Trace: [ 1041.827583][T20447] [ 1041.827593][T20447] dump_stack_lvl+0x16c/0x1f0 [ 1041.827625][T20447] should_fail_ex+0x512/0x640 [ 1041.827667][T20447] should_fail_alloc_page+0xe7/0x130 [ 1041.827702][T20447] prepare_alloc_pages+0x3c2/0x610 [ 1041.827740][T20447] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1041.827768][T20447] ? __lock_acquire+0x622/0x1c90 [ 1041.827806][T20447] ? __lock_acquire+0x622/0x1c90 [ 1041.827843][T20447] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1041.827881][T20447] ? __lock_acquire+0xb8a/0x1c90 [ 1041.827918][T20447] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1041.827961][T20447] ? policy_nodemask+0xea/0x4e0 [ 1041.827996][T20447] alloc_pages_mpol+0x1fb/0x550 [ 1041.828030][T20447] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1041.828065][T20447] ? __anon_vma_prepare+0x2db/0x5e0 [ 1041.828108][T20447] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1041.828147][T20447] vma_alloc_folio_noprof+0xed/0x1e0 [ 1041.828185][T20447] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1041.828221][T20447] ? __anon_vma_prepare+0x2e2/0x5e0 [ 1041.828267][T20447] do_wp_page+0x11d8/0x52b0 [ 1041.828331][T20447] ? __pfx_do_wp_page+0x10/0x10 [ 1041.828367][T20447] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1041.828406][T20447] ? ___pte_offset_map+0x2ad/0x4f0 [ 1041.828441][T20447] __handle_mm_fault+0x1ae3/0x2aa0 [ 1041.828489][T20447] ? __pfx___handle_mm_fault+0x10/0x10 [ 1041.828529][T20447] ? __pte_offset_map_lock+0x174/0x310 [ 1041.828559][T20447] ? find_held_lock+0x2b/0x80 [ 1041.828593][T20447] ? follow_page_pte+0x5cf/0x1390 [ 1041.828632][T20447] handle_mm_fault+0x589/0xd10 [ 1041.828675][T20447] __get_user_pages+0x54e/0x3530 [ 1041.828717][T20447] ? find_held_lock+0x2b/0x80 [ 1041.828742][T20447] ? __pfx___get_user_pages+0x10/0x10 [ 1041.828784][T20447] get_user_pages_remote+0x243/0xab0 [ 1041.828823][T20447] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1041.828858][T20447] ? __pfx___might_resched+0x10/0x10 [ 1041.828885][T20447] ? noop_dirty_folio+0x96/0xb0 [ 1041.828918][T20447] __access_remote_vm+0x250/0xaa0 [ 1041.828955][T20447] ? __pfx___access_remote_vm+0x10/0x10 [ 1041.828994][T20447] mem_rw+0x20e/0x640 [ 1041.829037][T20447] ? __pfx_mem_write+0x10/0x10 [ 1041.829073][T20447] vfs_write+0x2a0/0x11d0 [ 1041.829104][T20447] ? __pfx___mutex_lock+0x10/0x10 [ 1041.829135][T20447] ? __pfx_vfs_write+0x10/0x10 [ 1041.829169][T20447] ? __fget_files+0x20e/0x3c0 [ 1041.829202][T20447] ksys_write+0x12a/0x250 [ 1041.829227][T20447] ? __pfx_ksys_write+0x10/0x10 [ 1041.829263][T20447] do_syscall_64+0xcd/0xfa0 [ 1041.829294][T20447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1041.829325][T20447] RIP: 0033:0x7f9b5db8f6c9 [ 1041.829345][T20447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1041.829368][T20447] RSP: 002b:00007f9b5e9c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1041.829391][T20447] RAX: ffffffffffffffda RBX: 00007f9b5dde5fa0 RCX: 00007f9b5db8f6c9 [ 1041.829407][T20447] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1041.829423][T20447] RBP: 00007f9b5dc11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1041.829438][T20447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1041.829453][T20447] R13: 00007f9b5dde6038 R14: 00007f9b5dde5fa0 R15: 00007ffd982190d8 [ 1041.829485][T20447] [ 1044.092285][T20487] netlink: 46 bytes leftover after parsing attributes in process `syz.2.4823'. [ 1045.475493][T20506] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4828'. [ 1049.619162][T20560] FAULT_INJECTION: forcing a failure. [ 1049.619162][T20560] name failslab, interval 1, probability 393216, space 0, times 0 [ 1049.764482][T20560] CPU: 1 UID: 0 PID: 20560 Comm: syz.7.4846 Not tainted syzkaller #0 PREEMPT(full) [ 1049.764515][T20560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1049.764531][T20560] Call Trace: [ 1049.764538][T20560] [ 1049.764548][T20560] dump_stack_lvl+0x16c/0x1f0 [ 1049.764582][T20560] should_fail_ex+0x512/0x640 [ 1049.764619][T20560] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1049.764655][T20560] should_failslab+0xc2/0x120 [ 1049.764688][T20560] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1049.764713][T20560] ? ptlock_alloc+0x1f/0x70 [ 1049.764757][T20560] ? ptlock_alloc+0x1f/0x70 [ 1049.764791][T20560] ptlock_alloc+0x1f/0x70 [ 1049.764827][T20560] pte_alloc_one+0x84/0x350 [ 1049.764855][T20560] __pte_alloc+0x6d/0x380 [ 1049.764889][T20560] ? __pfx___pte_alloc+0x10/0x10 [ 1049.764917][T20560] ? __pfx___might_resched+0x10/0x10 [ 1049.764942][T20560] ? copy_page_range+0x1c69/0x6930 [ 1049.764983][T20560] copy_page_range+0x44a1/0x6930 [ 1049.765055][T20560] ? __pfx_copy_page_range+0x10/0x10 [ 1049.765095][T20560] ? mas_store+0x860/0x1030 [ 1049.765126][T20560] ? __pfx___might_resched+0x10/0x10 [ 1049.765151][T20560] ? find_held_lock+0x2b/0x80 [ 1049.765177][T20560] ? __pfx_mas_store+0x10/0x10 [ 1049.765208][T20560] ? __vma_enter_locked+0x163/0x3f0 [ 1049.765260][T20560] dup_mmap+0xe80/0x2280 [ 1049.765305][T20560] ? __pfx_dup_mmap+0x10/0x10 [ 1049.765358][T20560] copy_process+0x3f0c/0x76a0 [ 1049.765388][T20560] ? __pfx___futex_wait+0x10/0x10 [ 1049.765425][T20560] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1049.765463][T20560] ? __pfx_copy_process+0x10/0x10 [ 1049.765493][T20560] ? find_held_lock+0x2b/0x80 [ 1049.765521][T20560] ? futex_private_hash_put+0xd5/0x190 [ 1049.765557][T20560] kernel_clone+0xfc/0x930 [ 1049.765589][T20560] ? __pfx_kernel_clone+0x10/0x10 [ 1049.765641][T20560] __do_sys_clone+0xce/0x120 [ 1049.765674][T20560] ? __pfx___do_sys_clone+0x10/0x10 [ 1049.765719][T20560] ? xfd_validate_state+0x61/0x180 [ 1049.765752][T20560] ? __pfx_do_writev+0x10/0x10 [ 1049.765785][T20560] do_syscall_64+0xcd/0xfa0 [ 1049.765816][T20560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1049.765840][T20560] RIP: 0033:0x7fb978d8f6c9 [ 1049.765860][T20560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1049.765885][T20560] RSP: 002b:00007fb979b4dfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1049.765907][T20560] RAX: ffffffffffffffda RBX: 00007fb978fe5fa0 RCX: 00007fb978d8f6c9 [ 1049.765923][T20560] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1049.765937][T20560] RBP: 00007fb978e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1049.765952][T20560] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1049.765967][T20560] R13: 00007fb978fe6038 R14: 00007fb978fe5fa0 R15: 00007ffe240acb58 [ 1049.765999][T20560] [ 1052.525099][T20589] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 1053.056107][T20591] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 1053.374052][T20593] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1053.413820][T20593] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1053.456027][T20593] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1053.484114][T20593] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1053.490141][T20593] CPU0 is offline. [ 1054.716829][T19808] Bluetooth: hci0: command 0x0406 tx timeout [ 1055.435735][T19808] Bluetooth: hci2: command 0x0406 tx timeout [ 1055.514920][T19808] Bluetooth: hci4: command 0x0406 tx timeout [ 1055.521440][T19808] Bluetooth: hci1: command 0x0406 tx timeout [ 1056.531466][T20644] FAULT_INJECTION: forcing a failure. [ 1056.531466][T20644] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1056.601140][T20644] CPU: 1 UID: 0 PID: 20644 Comm: syz.4.4871 Not tainted syzkaller #0 PREEMPT(full) [ 1056.601173][T20644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1056.601190][T20644] Call Trace: [ 1056.601198][T20644] [ 1056.601208][T20644] dump_stack_lvl+0x16c/0x1f0 [ 1056.601241][T20644] should_fail_ex+0x512/0x640 [ 1056.601283][T20644] should_fail_alloc_page+0xe7/0x130 [ 1056.601319][T20644] prepare_alloc_pages+0x3c2/0x610 [ 1056.601357][T20644] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1056.601385][T20644] ? __lock_acquire+0x622/0x1c90 [ 1056.601423][T20644] ? __lock_acquire+0x622/0x1c90 [ 1056.601460][T20644] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1056.601498][T20644] ? __lock_acquire+0xb8a/0x1c90 [ 1056.601535][T20644] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1056.601577][T20644] ? policy_nodemask+0xea/0x4e0 [ 1056.601612][T20644] alloc_pages_mpol+0x1fb/0x550 [ 1056.601645][T20644] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1056.601680][T20644] ? __anon_vma_prepare+0x2db/0x5e0 [ 1056.601722][T20644] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1056.601762][T20644] vma_alloc_folio_noprof+0xed/0x1e0 [ 1056.601799][T20644] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1056.601835][T20644] ? __anon_vma_prepare+0x2e2/0x5e0 [ 1056.601881][T20644] do_wp_page+0x11d8/0x52b0 [ 1056.601921][T20644] ? __pfx_do_wp_page+0x10/0x10 [ 1056.601957][T20644] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1056.602005][T20644] ? ___pte_offset_map+0x2ad/0x4f0 [ 1056.602040][T20644] __handle_mm_fault+0x1ae3/0x2aa0 [ 1056.602087][T20644] ? __pfx___handle_mm_fault+0x10/0x10 [ 1056.602128][T20644] ? __pte_offset_map_lock+0x174/0x310 [ 1056.602158][T20644] ? find_held_lock+0x2b/0x80 [ 1056.602192][T20644] ? follow_page_pte+0x5cf/0x1390 [ 1056.602231][T20644] handle_mm_fault+0x589/0xd10 [ 1056.602274][T20644] __get_user_pages+0x54e/0x3530 [ 1056.602317][T20644] ? find_held_lock+0x2b/0x80 [ 1056.602341][T20644] ? __pfx___get_user_pages+0x10/0x10 [ 1056.602383][T20644] get_user_pages_remote+0x243/0xab0 [ 1056.602422][T20644] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1056.602457][T20644] ? __pfx___might_resched+0x10/0x10 [ 1056.602483][T20644] ? noop_dirty_folio+0x96/0xb0 [ 1056.602516][T20644] __access_remote_vm+0x250/0xaa0 [ 1056.602554][T20644] ? __pfx___access_remote_vm+0x10/0x10 [ 1056.602593][T20644] mem_rw+0x20e/0x640 [ 1056.602635][T20644] ? __pfx_mem_write+0x10/0x10 [ 1056.602671][T20644] vfs_write+0x2a0/0x11d0 [ 1056.602702][T20644] ? __pfx___mutex_lock+0x10/0x10 [ 1056.602733][T20644] ? __pfx_vfs_write+0x10/0x10 [ 1056.602768][T20644] ? __fget_files+0x20e/0x3c0 [ 1056.602800][T20644] ksys_write+0x12a/0x250 [ 1056.602826][T20644] ? __pfx_ksys_write+0x10/0x10 [ 1056.602861][T20644] do_syscall_64+0xcd/0xfa0 [ 1056.602892][T20644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1056.602917][T20644] RIP: 0033:0x7f6e1978f6c9 [ 1056.602936][T20644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1056.602961][T20644] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1056.602990][T20644] RAX: ffffffffffffffda RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 1056.603007][T20644] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1056.603022][T20644] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1056.603037][T20644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1056.603052][T20644] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 1056.603084][T20644] [ 1057.273282][T20652] netlink: set zone limit has 8 unknown bytes [ 1057.283259][T20652] netlink: zone id is out of range [ 1057.288646][T20652] netlink: del zone limit has 4 unknown bytes [ 1057.763475][T20669] netlink: 'syz.6.4886': attribute type 5 has an invalid length. [ 1057.789643][T20669] netlink: 'syz.6.4886': attribute type 1 has an invalid length. [ 1057.832107][T20669] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4886'. [ 1057.862590][T20671] netlink: 'syz.6.4886': attribute type 5 has an invalid length. [ 1057.870356][T20671] netlink: 'syz.6.4886': attribute type 1 has an invalid length. [ 1057.941627][T20671] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4886'. [ 1058.473176][T20675] sp0: Synchronizing with TNC [ 1059.880543][T20692] Invalid ELF header magic: != ELF [ 1060.123702][T20695] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4887'. [ 1060.182890][T20695] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4887'. [ 1060.816505][ T30] audit: type=1800 audit(4294985781.929:23): pid=20708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.4900" name="version" dev="configfs" ino=125225 res=0 errno=0 [ 1062.410210][T20733] netlink: 62 bytes leftover after parsing attributes in process `syz.6.4898'. [ 1062.762517][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1062.768973][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1063.761373][T20758] netlink: 330 bytes leftover after parsing attributes in process `syz.7.4905'. [ 1064.455883][T20768] warning: `syz.6.4916' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1065.770542][T20790] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4915'. [ 1065.812361][T20790] netlink: 274 bytes leftover after parsing attributes in process `syz.2.4915'. [ 1066.709907][T20800] FAULT_INJECTION: forcing a failure. [ 1066.709907][T20800] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1067.095119][T20800] CPU: 1 UID: 0 PID: 20800 Comm: syz.4.4917 Not tainted syzkaller #0 PREEMPT(full) [ 1067.095154][T20800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1067.095169][T20800] Call Trace: [ 1067.095178][T20800] [ 1067.095188][T20800] dump_stack_lvl+0x16c/0x1f0 [ 1067.095221][T20800] should_fail_ex+0x512/0x640 [ 1067.095264][T20800] should_fail_alloc_page+0xe7/0x130 [ 1067.095300][T20800] prepare_alloc_pages+0x3c2/0x610 [ 1067.095337][T20800] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1067.095369][T20800] ? rcu_is_watching+0x12/0xc0 [ 1067.095395][T20800] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1067.095429][T20800] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 1067.095455][T20800] ? stack_trace_save+0x8e/0xc0 [ 1067.095484][T20800] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1067.095520][T20800] ? kmem_cache_alloc_node_noprof+0x28a/0x770 [ 1067.095545][T20800] ? __get_vm_area_node+0x1ca/0x330 [ 1067.095577][T20800] ? __vmalloc_node_noprof+0xad/0xf0 [ 1067.095610][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1067.095632][T20800] ? snd_dma_alloc_dir_pages+0x151/0x240 [ 1067.095653][T20800] ? do_alloc_pages+0x136/0x2d0 [ 1067.095687][T20800] ? snd_pcm_lib_malloc_pages+0x3df/0x980 [ 1067.095724][T20800] ? snd_pcm_hw_params+0x1656/0x1ba0 [ 1067.095761][T20800] ? snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1067.095802][T20800] ? task_work_run+0x150/0x240 [ 1067.095838][T20800] ? exit_to_user_mode_loop+0xec/0x130 [ 1067.095876][T20800] ? do_syscall_64+0x426/0xfa0 [ 1067.095904][T20800] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.095933][T20800] alloc_pages_bulk_noprof+0x71c/0x1410 [ 1067.095958][T20800] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1067.096010][T20800] ? policy_nodemask+0xea/0x4e0 [ 1067.096045][T20800] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1067.096072][T20800] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1067.096118][T20800] kasan_populate_vmalloc+0x112/0x2d0 [ 1067.096145][T20800] ? alloc_vmap_area+0x8b5/0x29e0 [ 1067.096181][T20800] alloc_vmap_area+0x960/0x29e0 [ 1067.096224][T20800] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1067.096262][T20800] __get_vm_area_node+0x1ca/0x330 [ 1067.096301][T20800] __vmalloc_node_range_noprof+0x271/0x1480 [ 1067.096337][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1067.096364][T20800] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1067.096401][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1067.096423][T20800] ? rcu_is_watching+0x12/0xc0 [ 1067.096448][T20800] ? trace_contention_end+0xdd/0x130 [ 1067.096485][T20800] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1067.096526][T20800] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1067.096561][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1067.096583][T20800] __vmalloc_node_noprof+0xad/0xf0 [ 1067.096617][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1067.096638][T20800] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 1067.096665][T20800] __snd_dma_alloc_pages+0x53/0x90 [ 1067.096688][T20800] snd_dma_alloc_dir_pages+0x151/0x240 [ 1067.096714][T20800] do_alloc_pages+0x136/0x2d0 [ 1067.096756][T20800] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 1067.096800][T20800] snd_pcm_hw_params+0x1656/0x1ba0 [ 1067.096844][T20800] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1067.096881][T20800] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1067.096915][T20800] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1067.096952][T20800] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1067.096996][T20800] ? __asan_memset+0x23/0x50 [ 1067.097023][T20800] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1067.097064][T20800] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1067.097112][T20800] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1067.097149][T20800] ? __pfx___mutex_lock+0x10/0x10 [ 1067.097198][T20800] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 1067.097232][T20800] snd_pcm_oss_sync+0x1de/0x840 [ 1067.097268][T20800] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1067.097301][T20800] snd_pcm_oss_release+0x28b/0x310 [ 1067.097335][T20800] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1067.097367][T20800] __fput+0x402/0xb70 [ 1067.097407][T20800] task_work_run+0x150/0x240 [ 1067.097445][T20800] ? __pfx_task_work_run+0x10/0x10 [ 1067.097484][T20800] ? __pfx___do_sys_close_range+0x10/0x10 [ 1067.097517][T20800] exit_to_user_mode_loop+0xec/0x130 [ 1067.097554][T20800] do_syscall_64+0x426/0xfa0 [ 1067.097585][T20800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.097610][T20800] RIP: 0033:0x7f6e1978f6c9 [ 1067.097629][T20800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1067.097653][T20800] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1067.097677][T20800] RAX: 0000000000000000 RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 1067.097693][T20800] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1067.097708][T20800] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1067.097722][T20800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.097737][T20800] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 1067.097768][T20800] [ 1067.097845][T20800] syz.4.4917: vmalloc error: size 4096, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1072.289073][T20800] CPU: 1 UID: 0 PID: 20800 Comm: syz.4.4917 Not tainted syzkaller #0 PREEMPT(full) [ 1072.289106][T20800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1072.289121][T20800] Call Trace: [ 1072.289130][T20800] [ 1072.289139][T20800] dump_stack_lvl+0x16c/0x1f0 [ 1072.289173][T20800] warn_alloc+0x248/0x3a0 [ 1072.289199][T20800] ? __pfx_warn_alloc+0x10/0x10 [ 1072.289224][T20800] ? __get_vm_area_node+0x2cd/0x330 [ 1072.289263][T20800] ? __get_vm_area_node+0x2cd/0x330 [ 1072.289294][T20800] ? __get_vm_area_node+0x1dc/0x330 [ 1072.289325][T20800] ? __get_vm_area_node+0x208/0x330 [ 1072.289363][T20800] __vmalloc_node_range_noprof+0xaf5/0x1480 [ 1072.289404][T20800] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1072.289442][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1072.289466][T20800] ? rcu_is_watching+0x12/0xc0 [ 1072.289498][T20800] ? trace_contention_end+0xdd/0x130 [ 1072.289536][T20800] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1072.289577][T20800] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1072.289613][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1072.289634][T20800] __vmalloc_node_noprof+0xad/0xf0 [ 1072.289668][T20800] ? __snd_dma_alloc_pages+0x53/0x90 [ 1072.289690][T20800] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 1072.289717][T20800] __snd_dma_alloc_pages+0x53/0x90 [ 1072.289741][T20800] snd_dma_alloc_dir_pages+0x151/0x240 [ 1072.289767][T20800] do_alloc_pages+0x136/0x2d0 [ 1072.289809][T20800] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 1072.289854][T20800] snd_pcm_hw_params+0x1656/0x1ba0 [ 1072.289898][T20800] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1072.289935][T20800] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1072.289970][T20800] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1072.290007][T20800] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1072.290041][T20800] ? __asan_memset+0x23/0x50 [ 1072.290068][T20800] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1072.290113][T20800] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1072.290161][T20800] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1072.290197][T20800] ? __pfx___mutex_lock+0x10/0x10 [ 1072.290249][T20800] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 1072.290284][T20800] snd_pcm_oss_sync+0x1de/0x840 [ 1072.290320][T20800] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1072.290353][T20800] snd_pcm_oss_release+0x28b/0x310 [ 1072.290387][T20800] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1072.290420][T20800] __fput+0x402/0xb70 [ 1072.290458][T20800] task_work_run+0x150/0x240 [ 1072.290503][T20800] ? __pfx_task_work_run+0x10/0x10 [ 1072.290541][T20800] ? __pfx___do_sys_close_range+0x10/0x10 [ 1072.290575][T20800] exit_to_user_mode_loop+0xec/0x130 [ 1072.290614][T20800] do_syscall_64+0x426/0xfa0 [ 1072.290645][T20800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.290669][T20800] RIP: 0033:0x7f6e1978f6c9 [ 1072.290688][T20800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1072.290712][T20800] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1072.290735][T20800] RAX: 0000000000000000 RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 1072.290750][T20800] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1072.290764][T20800] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1072.290778][T20800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1072.290792][T20800] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 1072.290823][T20800] [ 1072.651902][T20800] Mem-Info: [ 1072.655062][T20800] active_anon:14269 inactive_anon:66905 isolated_anon:0 [ 1072.655062][T20800] active_file:21991 inactive_file:36813 isolated_file:0 [ 1072.655062][T20800] unevictable:769 dirty:636 writeback:0 [ 1072.655062][T20800] slab_reclaimable:12404 slab_unreclaimable:112306 [ 1072.655062][T20800] mapped:42700 shmem:65836 pagetables:1478 [ 1072.655062][T20800] sec_pagetables:0 bounce:0 [ 1072.655062][T20800] kernel_misc_reclaimable:0 [ 1072.655062][T20800] free:1234156 free_pcp:4676 free_cma:0 [ 1072.705442][T20800] Node 0 active_anon:57076kB inactive_anon:267620kB active_file:87828kB inactive_file:147252kB unevictable:1540kB isolated(anon):0kB isolated(file):0kB mapped:170800kB dirty:2544kB writeback:0kB shmem:261808kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12912kB pagetables:5804kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1072.738536][T20800] Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:108kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1072.776787][T20800] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1072.811123][T20800] lowmem_reserve[]: 0 2485 2487 2487 2487 [ 1072.817216][T20800] Node 0 DMA32 free:1013132kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:57076kB inactive_anon:267620kB active_file:87828kB inactive_file:147252kB unevictable:1540kB writepending:2544kB zspages:580kB present:3129332kB managed:2545088kB mlocked:0kB bounce:0kB free_pcp:18644kB local_pcp:18644kB free_cma:0kB [ 1072.852013][T20800] lowmem_reserve[]: 0 0 1 1 1 [ 1072.857013][T20800] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1072.899648][T20800] lowmem_reserve[]: 0 0 0 0 0 [ 1072.904431][T20800] Node 1 Normal free:3908176kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:1292kB local_pcp:1292kB free_cma:0kB [ 1072.937111][T20800] lowmem_reserve[]: 0 0 0 0 0 [ 1072.941857][T20800] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1073.000958][T20800] Node 0 DMA32: 160*4kB (UE) 169*8kB (UM) 46*16kB (UE) 1*32kB (M) 9*64kB (E) 5*128kB (ME) 2*256kB (ME) 26*512kB (UE) 16*1024kB (UME) 10*2048kB (UM) 234*4096kB (UM) = 1013128kB [ 1073.153451][T20800] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1073.223015][T20800] Node 1 Normal: 246*4kB (UME) 63*8kB (UME) 52*16kB (UME) 232*32kB (UME) 109*64kB (UME) 34*128kB (UME) 16*256kB (UM) 8*512kB (UME) 2*1024kB (UM) 3*2048kB (UME) 945*4096kB (UM) = 3908176kB [ 1073.342547][T20800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1073.352131][T20800] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1073.471764][T20800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1073.513643][T20800] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1073.580511][T20800] 125800 total pagecache pages [ 1073.598039][T20800] 7 pages in swap cache [ 1073.630928][T20800] Free swap = 123284kB [ 1073.635152][T20800] Total swap = 124996kB [ 1073.639367][T20800] 2097051 pages RAM [ 1073.699868][T20800] 0 pages HighMem/MovableOnly [ 1073.720399][T20800] 428689 pages reserved [ 1073.724599][T20800] 0 pages cma reserved [ 1074.023198][T20816] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4923'. [ 1074.383833][T20821] netlink: 'syz.2.4924': attribute type 10 has an invalid length. [ 1074.428208][T20821] netlink: 230 bytes leftover after parsing attributes in process `syz.2.4924'. [ 1075.625173][T20821] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1075.696035][T20826] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 1075.719848][T20826] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 1075.753918][T20826] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1077.548878][T20853] netlink: 'syz.2.4935': attribute type 1 has an invalid length. [ 1077.580414][T20853] netlink: 54 bytes leftover after parsing attributes in process `syz.2.4935'. [ 1077.774980][T20856] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4936'. [ 1077.998289][T20626] Bluetooth: hci4: Malformed Event: 0x02 [ 1078.107792][T20863] netlink: zone id is out of range [ 1078.152883][T20863] netlink: del zone limit has 4 unknown bytes [ 1078.183643][T20862] netlink: set zone limit has 8 unknown bytes [ 1078.524141][T20872] Invalid ELF header magic: != ELF [ 1078.536667][T20867] FAULT_INJECTION: forcing a failure. [ 1078.536667][T20867] name failslab, interval 1, probability 393216, space 0, times 0 [ 1078.679652][T20867] CPU: 1 UID: 0 PID: 20867 Comm: syz.4.4939 Not tainted syzkaller #0 PREEMPT(full) [ 1078.679686][T20867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1078.679701][T20867] Call Trace: [ 1078.679710][T20867] [ 1078.679720][T20867] dump_stack_lvl+0x16c/0x1f0 [ 1078.679753][T20867] should_fail_ex+0x512/0x640 [ 1078.679790][T20867] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1078.679820][T20867] should_failslab+0xc2/0x120 [ 1078.679853][T20867] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1078.679877][T20867] ? find_inode_fast+0x1da/0x600 [ 1078.679917][T20867] ? alloc_inode+0xc3/0x240 [ 1078.679955][T20867] ? alloc_inode+0xc3/0x240 [ 1078.679985][T20867] alloc_inode+0xc3/0x240 [ 1078.680017][T20867] iget_locked+0x2fa/0x860 [ 1078.680053][T20867] ? __pfx_iget_locked+0x10/0x10 [ 1078.680089][T20867] ? find_held_lock+0x2b/0x80 [ 1078.680115][T20867] ? kernfs_root+0xee/0x2a0 [ 1078.680151][T20867] kernfs_get_inode+0x48/0x460 [ 1078.680182][T20867] kernfs_iop_lookup+0x1a7/0x2d0 [ 1078.680217][T20867] __lookup_slow+0x251/0x460 [ 1078.680253][T20867] ? __pfx___lookup_slow+0x10/0x10 [ 1078.680306][T20867] ? lookup_fast+0x156/0x610 [ 1078.680325][T20867] ? __pfx_kernfs_iop_permission+0x10/0x10 [ 1078.680359][T20867] walk_component+0x353/0x5b0 [ 1078.680384][T20867] link_path_walk+0x627/0xe20 [ 1078.680417][T20867] path_openat+0x1b0/0x2cb0 [ 1078.680453][T20867] ? __pfx_path_openat+0x10/0x10 [ 1078.680481][T20867] ? __lock_acquire+0xb8a/0x1c90 [ 1078.680517][T20867] do_filp_open+0x20b/0x470 [ 1078.680544][T20867] ? __pfx_do_filp_open+0x10/0x10 [ 1078.680592][T20867] ? alloc_fd+0x471/0x7d0 [ 1078.680624][T20867] do_sys_openat2+0x11b/0x1d0 [ 1078.680660][T20867] ? __pfx_do_sys_openat2+0x10/0x10 [ 1078.680712][T20867] __x64_sys_openat+0x174/0x210 [ 1078.680749][T20867] ? __pfx___x64_sys_openat+0x10/0x10 [ 1078.680797][T20867] do_syscall_64+0xcd/0xfa0 [ 1078.680829][T20867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1078.680854][T20867] RIP: 0033:0x7f6e1978f6c9 [ 1078.680873][T20867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1078.680898][T20867] RSP: 002b:00007f6e1a5ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1078.680926][T20867] RAX: ffffffffffffffda RBX: 00007f6e199e5fa0 RCX: 00007f6e1978f6c9 [ 1078.680943][T20867] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1078.680959][T20867] RBP: 00007f6e19811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1078.680974][T20867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1078.680988][T20867] R13: 00007f6e199e6038 R14: 00007f6e199e5fa0 R15: 00007fffa3e7c5b8 [ 1078.681020][T20867] [ 1080.495517][T20899] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4952'. [ 1082.059172][T20922] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4958'. [ 1082.211419][T20923] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4958'. [ 1082.480751][T19786] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1082.494480][T19786] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1082.505635][T19786] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1082.537608][T19786] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1082.546182][T19786] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1082.837838][T20626] Bluetooth: hci4: unexpected event 0x20 length: 123 > 7 [ 1083.380017][T20925] chnl_net:caif_netlink_parms(): no params data found [ 1083.705231][T20938] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4961'. [ 1083.813678][T20942] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4964'. [ 1084.155143][T20925] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.178541][T20925] bridge0: port 1(bridge_slave_0) entered disabled state [ 1084.207704][T20925] bridge_slave_0: entered allmulticast mode [ 1084.249869][T20925] bridge_slave_0: entered promiscuous mode [ 1084.266769][T20925] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.266858][T20925] bridge0: port 2(bridge_slave_1) entered disabled state [ 1084.267047][T20925] bridge_slave_1: entered allmulticast mode [ 1084.268671][T20925] bridge_slave_1: entered promiscuous mode [ 1084.527745][T20925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1084.565943][T20925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1084.645482][T20626] Bluetooth: hci3: command tx timeout [ 1084.741828][T20925] team0: Port device team_slave_0 added [ 1084.764793][T20925] team0: Port device team_slave_1 added [ 1084.883481][T20626] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 1084.883514][T20626] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 1084.900428][T20626] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 1084.900515][T20626] Bluetooth: hci2: adv larger than maximum supported [ 1084.910968][T20626] Bluetooth: hci2: adv larger than maximum supported [ 1084.917866][T20626] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1084.941878][T20925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.957942][T20925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1085.031991][T20925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1085.089080][T20925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1085.110289][T20925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1085.169600][T20925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1085.692012][T20925] hsr_slave_0: entered promiscuous mode [ 1085.713850][T20925] hsr_slave_1: entered promiscuous mode [ 1085.733095][T20925] debugfs: 'hsr0' already exists in 'hsr' [ 1085.751874][T20925] Cannot create hsr debugfs directory [ 1086.713589][T20626] Bluetooth: hci3: command tx timeout [ 1087.426705][T20989] netlink: 'syz.2.4979': attribute type 1 has an invalid length. [ 1087.492558][T20925] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1087.612312][T20925] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1087.660314][T20925] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1087.707181][T20925] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1088.202182][T20925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1088.278305][T20925] 8021q: adding VLAN 0 to HW filter on device team0 [ 1088.358995][T19890] bridge0: port 1(bridge_slave_0) entered blocking state [ 1088.366220][T19890] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1088.408613][T19890] bridge0: port 2(bridge_slave_1) entered blocking state [ 1088.415800][T19890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1088.782844][T20626] Bluetooth: hci3: command tx timeout [ 1089.701295][T20925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1090.302414][T21026] netlink: 338 bytes leftover after parsing attributes in process `syz.7.4984'. [ 1090.379659][T21026] vxcan1: entered promiscuous mode [ 1090.800115][T20925] veth0_vlan: entered promiscuous mode [ 1090.842088][T20925] veth1_vlan: entered promiscuous mode [ 1090.851449][T20626] Bluetooth: hci3: command tx timeout [ 1090.948411][T20925] veth0_macvtap: entered promiscuous mode [ 1090.994133][T20925] veth1_macvtap: entered promiscuous mode [ 1091.061877][T20925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1091.131161][T20925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1091.161239][T20530] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.184935][T20530] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.221393][T20530] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.265725][T20530] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.561524][T19789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1091.591260][T20626] Bluetooth: hci0: Malformed Event: 0x02 [ 1091.618328][T19789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1091.756294][T19793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1091.782729][T19793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1092.560040][T21050] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4990'. [ 1092.894187][T21052] netlink: 'syz.4.4989': attribute type 4 has an invalid length. [ 1093.085330][T21052] netlink: 'syz.4.4989': attribute type 5 has an invalid length. [ 1093.167904][T21052] netlink: 10 bytes leftover after parsing attributes in process `syz.4.4989'. [ 1094.970378][T21079] netlink: 314 bytes leftover after parsing attributes in process `syz.8.4997'. [ 1095.320294][T21086] netlink: 246 bytes leftover after parsing attributes in process `syz.7.4999'. [ 1096.711731][T21108] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 1100.996328][T21170] dump_stack_lvl+0x16c/0x1f0 [ 1100.996361][T21170] should_fail_ex+0x512/0x640 [ 1100.996398][T21170] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 1100.996434][T21170] should_failslab+0xc2/0x120 [ 1100.996467][T21170] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 1100.996498][T21170] ? kasprintf+0xc7/0x100 [ 1100.996527][T21170] ? kvasprintf+0xbc/0x160 [ 1100.996548][T21170] kvasprintf+0xbc/0x160 [ 1100.996570][T21170] ? __pfx_kvasprintf+0x10/0x10 [ 1100.996595][T21170] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1100.996622][T21170] ? lockdep_hardirqs_on+0x7c/0x110 [ 1100.996650][T21170] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1100.996681][T21170] kasprintf+0xc7/0x100 [ 1100.996703][T21170] ? __pfx_kasprintf+0x10/0x10 [ 1100.996731][T21170] ? __pfx_sta_info_cleanup+0x10/0x10 [ 1100.996762][T21170] ieee80211_alloc_led_names+0x1b0/0x420 [ 1100.996800][T21170] ieee80211_alloc_hw_nm+0x197c/0x22b0 [ 1100.996837][T21170] mac80211_hwsim_new_radio+0x1d3/0x50b0 [ 1100.996875][T21170] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1100.996920][T21170] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1100.996955][T21170] hwsim_new_radio_nl+0xba2/0x1330 [ 1100.996983][T21170] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1100.997024][T21170] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1100.997059][T21170] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1100.997098][T21170] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1100.997131][T21170] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1100.997172][T21170] ? bpf_lsm_capable+0x9/0x10 [ 1100.997204][T21170] ? security_capable+0x7e/0x260 [ 1100.997244][T21170] ? ns_capable+0xd7/0x110 [ 1100.997272][T21170] genl_rcv_msg+0x55c/0x800 [ 1100.997309][T21170] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1100.997339][T21170] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1100.997375][T21170] netlink_rcv_skb+0x158/0x420 [ 1100.997400][T21170] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1100.997432][T21170] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1100.997471][T21170] ? netlink_deliver_tap+0x1ae/0xd30 [ 1100.997499][T21170] genl_rcv+0x28/0x40 [ 1100.997525][T21170] netlink_unicast+0x5aa/0x870 [ 1100.997554][T21170] ? __pfx_netlink_unicast+0x10/0x10 [ 1100.997591][T21170] netlink_sendmsg+0x8c8/0xdd0 [ 1100.997621][T21170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1100.997651][T21170] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1100.997691][T21170] ____sys_sendmsg+0xa98/0xc70 [ 1100.997723][T21170] ? copy_msghdr_from_user+0x10a/0x160 [ 1100.997746][T21170] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1100.997774][T21170] ? preempt_schedule_thunk+0x16/0x30 [ 1100.997818][T21170] ? try_to_wake_up+0xa67/0x1870 [ 1100.997847][T21170] ___sys_sendmsg+0x134/0x1d0 [ 1100.997868][T21170] ? find_held_lock+0x2b/0x80 [ 1100.997894][T21170] ? __pfx____sys_sendmsg+0x10/0x10 [ 1100.997915][T21170] ? __lock_acquire+0x622/0x1c90 [ 1100.997983][T21170] __sys_sendmsg+0x16d/0x220 [ 1100.998017][T21170] ? __pfx___sys_sendmsg+0x10/0x10 [ 1100.998041][T21170] ? __x64_sys_futex+0x1e0/0x4c0 [ 1100.998093][T21170] do_syscall_64+0xcd/0xfa0 [ 1100.998124][T21170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.998149][T21170] RIP: 0033:0x7f2d98f8f6c9 [ 1100.998169][T21170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1100.998193][T21170] RSP: 002b:00007f2d99e26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1100.998216][T21170] RAX: ffffffffffffffda RBX: 00007f2d991e5fa0 RCX: 00007f2d98f8f6c9 [ 1100.998233][T21170] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 1100.998248][T21170] RBP: 00007f2d99011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1100.998264][T21170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1100.998279][T21170] R13: 00007f2d991e6038 R14: 00007f2d991e5fa0 R15: 00007ffe6cf3a198 [ 1100.998311][T21170] [ 1102.152357][T21182] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(7) [ 1102.199933][T21182] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 1103.477428][T21205] FAULT_INJECTION: forcing a failure. [ 1103.477428][T21205] name failslab, interval 1, probability 393216, space 0, times 0 [ 1103.555392][T21205] CPU: 1 UID: 0 PID: 21205 Comm: syz.8.5042 Not tainted syzkaller #0 PREEMPT(full) [ 1103.555427][T21205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1103.555442][T21205] Call Trace: [ 1103.555453][T21205] [ 1103.555463][T21205] dump_stack_lvl+0x16c/0x1f0 [ 1103.555496][T21205] should_fail_ex+0x512/0x640 [ 1103.555542][T21205] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1103.555587][T21205] should_failslab+0xc2/0x120 [ 1103.555619][T21205] __kmalloc_cache_noprof+0x72/0x780 [ 1103.555661][T21205] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 1103.555700][T21205] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 1103.555731][T21205] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 1103.555767][T21205] devlink_fmsg_binary_pair_put+0x415/0x4f0 [ 1103.555809][T21205] nsim_dev_dummy_fmsg_put+0xb5/0x1e0 [ 1103.555844][T21205] devlink_health_do_dump+0x243/0x620 [ 1103.555884][T21205] devlink_health_report+0x6c3/0xb00 [ 1103.555927][T21205] ? __pfx_devlink_health_report+0x10/0x10 [ 1103.555966][T21205] ? _copy_from_user+0x59/0xd0 [ 1103.556007][T21205] nsim_dev_health_break_write+0x166/0x210 [ 1103.556041][T21205] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1103.556084][T21205] full_proxy_write+0x131/0x1a0 [ 1103.556118][T21205] ? __pfx_full_proxy_write+0x10/0x10 [ 1103.556150][T21205] vfs_write+0x2a0/0x11d0 [ 1103.556181][T21205] ? __pfx___mutex_lock+0x10/0x10 [ 1103.556211][T21205] ? __pfx_vfs_write+0x10/0x10 [ 1103.556245][T21205] ? __fget_files+0x20e/0x3c0 [ 1103.556277][T21205] ksys_write+0x12a/0x250 [ 1103.556303][T21205] ? __pfx_ksys_write+0x10/0x10 [ 1103.556348][T21205] do_syscall_64+0xcd/0xfa0 [ 1103.556379][T21205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.556405][T21205] RIP: 0033:0x7f2d98f8f6c9 [ 1103.556428][T21205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.556452][T21205] RSP: 002b:00007f2d99e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1103.556475][T21205] RAX: ffffffffffffffda RBX: 00007f2d991e5fa0 RCX: 00007f2d98f8f6c9 [ 1103.556498][T21205] RDX: 0000000000000006 RSI: 0000200000005900 RDI: 0000000000000007 [ 1103.556525][T21205] RBP: 00007f2d99011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1103.556540][T21205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1103.556554][T21205] R13: 00007f2d991e6038 R14: 00007f2d991e5fa0 R15: 00007ffe6cf3a198 [ 1103.556586][T21205] [ 1104.657371][T21215] capability: warning: `syz.7.5036' uses deprecated v2 capabilities in a way that may be insecure [ 1104.905864][T20626] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 1104.905899][T20626] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 1104.922791][T20626] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 1104.922842][T20626] Bluetooth: hci3: adv larger than maximum supported [ 1104.932605][T20626] Bluetooth: hci3: adv larger than maximum supported [ 1104.939801][T20626] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1108.150865][T21256] netlink: 25 bytes leftover after parsing attributes in process `syz.8.5055'. [ 1108.580180][T21261] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5049'. [ 1108.655793][T21261] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5049'. [ 1108.684710][T20626] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1110.748148][T20626] Bluetooth: hci3: command tx timeout [ 1111.431415][T21311] program syz.4.5056 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1114.538285][T21342] netlink: 'syz.4.5065': attribute type 1 has an invalid length. [ 1115.421729][T21347] FAULT_INJECTION: forcing a failure. [ 1115.421729][T21347] name failslab, interval 1, probability 393216, space 0, times 0 [ 1115.551086][T21347] CPU: 1 UID: 0 PID: 21347 Comm: syz.8.5068 Not tainted syzkaller #0 PREEMPT(full) [ 1115.551119][T21347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1115.551134][T21347] Call Trace: [ 1115.551142][T21347] [ 1115.551152][T21347] dump_stack_lvl+0x16c/0x1f0 [ 1115.551185][T21347] should_fail_ex+0x512/0x640 [ 1115.551227][T21347] should_failslab+0xc2/0x120 [ 1115.551261][T21347] __kmalloc_cache_noprof+0x72/0x780 [ 1115.551302][T21347] ? __hw_addr_add_ex+0x3c9/0x7c0 [ 1115.551338][T21347] ? __hw_addr_add_ex+0x3c9/0x7c0 [ 1115.551368][T21347] __hw_addr_add_ex+0x3c9/0x7c0 [ 1115.551403][T21347] ? __pfx___hw_addr_add_ex+0x10/0x10 [ 1115.551434][T21347] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1115.551472][T21347] ? __pfx_ppp_setup+0x10/0x10 [ 1115.551508][T21347] dev_addr_init+0x161/0x250 [ 1115.551543][T21347] ? __pfx_dev_addr_init+0x10/0x10 [ 1115.551588][T21347] alloc_netdev_mqs+0x363/0x1550 [ 1115.551619][T21347] ppp_ioctl+0x168f/0x2880 [ 1115.551655][T21347] ? find_held_lock+0x2b/0x80 [ 1115.551679][T21347] ? __pfx_ppp_ioctl+0x10/0x10 [ 1115.551723][T21347] ? __fget_files+0x20e/0x3c0 [ 1115.551751][T21347] ? __pfx_ppp_ioctl+0x10/0x10 [ 1115.551785][T21347] __x64_sys_ioctl+0x18e/0x210 [ 1115.551823][T21347] do_syscall_64+0xcd/0xfa0 [ 1115.551854][T21347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1115.551878][T21347] RIP: 0033:0x7f2d98f8f6c9 [ 1115.551897][T21347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1115.551921][T21347] RSP: 002b:00007f2d99e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1115.551943][T21347] RAX: ffffffffffffffda RBX: 00007f2d991e5fa0 RCX: 00007f2d98f8f6c9 [ 1115.551960][T21347] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 1115.551974][T21347] RBP: 00007f2d99011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1115.551989][T21347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1115.552003][T21347] R13: 00007f2d991e6038 R14: 00007f2d991e5fa0 R15: 00007ffe6cf3a198 [ 1115.552035][T21347] [ 1117.338006][T21360] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek 9 [ 1128.204861][T21425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5088'. [ 1128.902032][T21430] netlink: 25 bytes leftover after parsing attributes in process `syz.8.5090'. [ 1132.668036][T19786] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1132.691560][T19786] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1132.702952][T19786] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1132.711360][T19786] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1132.720006][T19786] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1133.628907][T21470] netlink: 25 bytes leftover after parsing attributes in process `syz.8.5100'. [ 1133.642994][T21461] chnl_net:caif_netlink_parms(): no params data found [ 1134.015467][T21461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1134.041602][T21461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.079020][T21461] bridge_slave_0: entered allmulticast mode [ 1134.107706][T21461] bridge_slave_0: entered promiscuous mode [ 1134.156964][T21461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1134.164190][T21461] bridge0: port 2(bridge_slave_1) entered disabled state [ 1134.238198][T21461] bridge_slave_1: entered allmulticast mode [ 1134.286145][T21461] bridge_slave_1: entered promiscuous mode [ 1134.476450][T21461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1134.536381][T21461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1134.784490][T19786] Bluetooth: hci5: command tx timeout [ 1134.871175][T21461] team0: Port device team_slave_0 added [ 1134.894034][T21461] team0: Port device team_slave_1 added [ 1135.155225][T21461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1135.191024][T21461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1135.290295][T21461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1135.341692][T21461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1135.348679][T21461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1135.429322][ C1] sd 0:0:1:0: [sda] tag#5542 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1135.439952][ C1] sd 0:0:1:0: [sda] tag#5542 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 1135.480327][T21461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1136.097897][T21461] hsr_slave_0: entered promiscuous mode [ 1136.104562][T21461] hsr_slave_1: entered promiscuous mode [ 1136.179644][T21461] debugfs: 'hsr0' already exists in 'hsr' [ 1136.185417][T21461] Cannot create hsr debugfs directory [ 1136.852512][T19786] Bluetooth: hci5: command tx timeout [ 1136.901405][T20626] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1136.913810][T20626] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1136.926252][T20626] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1136.935202][T20626] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1136.943914][T20626] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1137.666174][T21505] netlink: 'syz.2.5108': attribute type 10 has an invalid length. [ 1137.769414][T21505] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5108'. [ 1137.919656][T21461] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1138.055909][T21461] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1138.126723][T21461] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1138.392519][T21461] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1138.746409][T21497] chnl_net:caif_netlink_parms(): no params data found [ 1138.922337][T20626] Bluetooth: hci5: command tx timeout [ 1139.003454][T20626] Bluetooth: hci6: command tx timeout [ 1139.344916][T21497] bridge0: port 1(bridge_slave_0) entered blocking state [ 1139.379816][T21497] bridge0: port 1(bridge_slave_0) entered disabled state [ 1139.419715][T21497] bridge_slave_0: entered allmulticast mode [ 1139.460158][T21497] bridge_slave_0: entered promiscuous mode [ 1139.492488][T21497] bridge0: port 2(bridge_slave_1) entered blocking state [ 1139.528563][T21497] bridge0: port 2(bridge_slave_1) entered disabled state [ 1139.536067][T21497] bridge_slave_1: entered allmulticast mode [ 1139.601582][T21497] bridge_slave_1: entered promiscuous mode [ 1139.645464][T21461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1140.133690][T21497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1140.186813][T21497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1140.434185][ T31] INFO: task kworker/u10:2:19792 blocked for more than 143 seconds. [ 1140.442215][ T31] Not tainted syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1140.493468][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1140.533019][ T31] task:kworker/u10:2 state:D stack:26840 pid:19792 tgid:19792 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1140.605242][ T31] Workqueue: netns cleanup_net [ 1140.641035][ T31] Call Trace: [ 1140.651559][ T31] [ 1140.674857][ T31] __schedule+0x1190/0x5de0 [ 1140.679431][ T31] ? __lock_acquire+0x622/0x1c90 [ 1140.733601][ T31] ? __pfx___schedule+0x10/0x10 [ 1140.748171][ T31] ? find_held_lock+0x2b/0x80 [ 1140.785707][ T31] ? schedule+0x2d7/0x3a0 [ 1140.811939][ T31] schedule+0xe7/0x3a0 [ 1140.827622][ T31] schedule_timeout+0x257/0x290 [ 1140.861267][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1140.866826][ T31] ? mark_held_locks+0x49/0x80 [ 1140.905336][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1140.910598][ T31] __wait_for_common+0x2fc/0x4e0 [ 1140.961274][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1140.995268][T20626] Bluetooth: hci5: command tx timeout [ 1141.004972][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1141.028412][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1141.051033][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1141.071273][T20626] Bluetooth: hci6: command tx timeout [ 1141.104193][ T31] __flush_workqueue+0x3e2/0x1230 [ 1141.121574][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 1141.155284][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 1141.171637][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1141.177164][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1141.223590][ T31] rds_tcp_listen_stop+0x104/0x150 [ 1141.228777][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1141.275111][ T31] rds_tcp_exit_net+0xcb/0x810 [ 1141.342614][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1141.348074][ T31] ? __pfx___might_resched+0x10/0x10 [ 1141.443653][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1141.475677][ T31] ops_undo_list+0x2ee/0xab0 [ 1141.508002][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1141.513272][ T31] ? cleanup_net+0x347/0x8b0 [ 1141.540652][ T31] ? idr_destroy+0x62/0x2e0 [ 1141.568340][ T31] cleanup_net+0x41b/0x8b0 [ 1141.572824][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1141.598362][ T31] ? rcu_is_watching+0x12/0xc0 [ 1141.603189][ T31] process_one_work+0x9cf/0x1b70 [ 1141.637354][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1141.642805][ T31] ? assign_work+0x1a0/0x250 [ 1141.677881][ T31] worker_thread+0x6c8/0xf10 [ 1141.682558][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1141.716931][ T31] kthread+0x3c5/0x780 [ 1141.721858][ T31] ? __pfx_kthread+0x10/0x10 [ 1141.726493][ T31] ? rcu_is_watching+0x12/0xc0 [ 1141.759405][ T31] ? __pfx_kthread+0x10/0x10 [ 1141.764069][ T31] ret_from_fork+0x675/0x7d0 [ 1141.796432][ T31] ? __pfx_kthread+0x10/0x10 [ 1141.801092][ T31] ret_from_fork_asm+0x1a/0x30 [ 1141.805935][ T31] [ 1141.847682][ T31] [ 1141.847682][ T31] Showing all locks held in the system: [ 1141.878719][ T31] 1 lock held by khungtaskd/31: [ 1141.883612][ T31] #0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1141.935615][ T31] 2 locks held by getty/17417: [ 1141.940423][ T31] #0: ffff8880344020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1142.065070][ T31] #1: ffffc900021ae2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1142.120023][ T31] 3 locks held by kworker/u10:2/19792: [ 1142.134791][ T31] #0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1142.189085][ T31] #1: ffffc90000bd7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1142.229989][ T31] #2: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 [ 1142.254720][ T31] 1 lock held by syz.6.4920/20804: [ 1142.283961][ T31] #0: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1142.293482][ T31] 1 lock held by syz.7.5071/21359: [ 1142.331530][ T31] #0: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1142.364196][ T31] 1 lock held by syz.8.5074/21375: [ 1142.369356][ T31] 1 lock held by syz.4.5082/21395: [ 1142.403263][ T31] #0: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1142.412749][ T31] 1 lock held by syz-executor/21461: [ 1142.453635][ T31] #0: ffffffff8e3cfb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 1142.493762][ T31] 1 lock held by syz.2.5103/21484: [ 1142.505083][ T31] 1 lock held by syz-executor/21497: [ 1142.510408][ T31] #0: ffffffff8e3cfb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 [ 1142.562733][ T31] [ 1142.602907][ T31] ============================================= [ 1142.602907][ T31] [ 1142.611377][ T31] NMI backtrace for cpu 1 [ 1142.611399][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1142.611427][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1142.611442][ T31] Call Trace: [ 1142.611453][ T31] [ 1142.611463][ T31] dump_stack_lvl+0x116/0x1f0 [ 1142.611496][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1142.611530][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1142.611557][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1142.611594][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1142.611633][ T31] watchdog+0xf3f/0x1170 [ 1142.611659][ T31] ? rcu_is_watching+0x12/0xc0 [ 1142.611685][ T31] ? __pfx_watchdog+0x10/0x10 [ 1142.611705][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1142.611736][ T31] ? __kthread_parkme+0x19e/0x250 [ 1142.611766][ T31] ? __pfx_watchdog+0x10/0x10 [ 1142.611788][ T31] kthread+0x3c5/0x780 [ 1142.611823][ T31] ? __pfx_kthread+0x10/0x10 [ 1142.611864][ T31] ? rcu_is_watching+0x12/0xc0 [ 1142.611888][ T31] ? __pfx_kthread+0x10/0x10 [ 1142.611924][ T31] ret_from_fork+0x675/0x7d0 [ 1142.611959][ T31] ? __pfx_kthread+0x10/0x10 [ 1142.611993][ T31] ret_from_fork_asm+0x1a/0x30 [ 1142.612046][ T31] [ 1143.176736][T19786] Bluetooth: hci6: command tx timeout