last executing test programs: 1m30.452584726s ago: executing program 3 (id=1086): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/system/clockevents/clockevent0/current_device\x00', 0x80500, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x20100, 0x0) sysfs$auto(0x2, 0x4, 0x0) r0 = fsopen$auto(0x0, 0x31) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0xd4) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x200040, 0x0) syslog$auto(0x3, &(0x7f0000000200)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xe1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xfff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r3, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x0) ioctl$auto(r4, 0x4008af24, r1) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) mmap$auto(0x80, 0x20009, 0x4000000000dc, 0xeb1, r2, 0x8000) socket(0x25, 0x5, 0x6) openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') 1m28.774972546s ago: executing program 3 (id=1092): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) r1 = bpf$auto_BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)=@query={@target_ifindex, 0x7f, 0x4, 0x8, 0x1, @prog_cnt=0x400, 0x0, 0x9, 0x0, 0x5, 0x2}, 0x8) r2 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x808, 0xc, 0xe3, 0x400000000a, 0x3}, 0x200) ioctl$auto_MON_IOCH_MFLUSH(r1, 0x9208, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) sendto$auto(r1, &(0x7f0000000140)="72a7a97a7b", 0xe4, 0x1, &(0x7f0000000180)=@in={0x2, 0x4e24, @multicast1}, 0x9) socket(0xa, 0x2, 0x3a) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x20000000000, 0x7ff, 0xffb, 0x8000000008011, 0x3, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) process_vm_readv$auto(r3, &(0x7f0000000400)={&(0x7f00000003c0)="d628e6300304", 0x4}, 0x5, &(0x7f0000000480)={&(0x7f0000000440)="f8fa2610706a81d18ae5f10621f6a09a626abc3ffbc332cda9fc07fd8600104d20efda862c46036bcfdc9e3d9e45c76477f7376d599a17237b87", 0x5}, 0x80000000, 0x2) sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x3c, r5, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfffffffffffffff7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) setresuid$auto(0x60, 0x1000, 0x607) ioctl$auto(r0, 0x2284, 0xffffffffffffffff) timer_create$auto_CLOCK_BOOTTIME(0x7, &(0x7f0000000340)={@sival_ptr=&(0x7f0000000280)="5fe19d26f96927a36f296326c1122c797f487dd72b2fd7be3dfa44cfee143b8094b41eceea92646915114bbb5a257f8ecab8349df1f52e8d85c29f9a6dd6cd7d9ee1fcb07ed61dc205fed04f800e5ff3344afde67ad8450bdb42bae0223c7281145649dac5c9861c4ce721f4416844b6f89353ff020e66fd7073b786e5f68ec8f424e734e5e48c1eb9da4dc84c44cfdd", @inferred=r2, 0xfffffffd, @_tid=r3}, &(0x7f0000000380)=0x1) 1m28.367849807s ago: executing program 3 (id=1095): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) read$auto_tracing_entries_fops_trace(r0, &(0x7f0000000000)=""/238, 0xee) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x2) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video20\x00', 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/irq/default_smp_affinity\x00', 0x200c82, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dmmidi2\x00', 0x220841, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x0, 0x483, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) semctl$auto(0x1ff, 0x2, 0x13, 0x1) (async) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) (async) getdents64$auto(r0, 0x0, 0x400) (async) read$auto_tracing_entries_fops_trace(r0, &(0x7f0000000000)=""/238, 0xee) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) memfd_create$auto(0x0, 0x2) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x11, 0x3, 0x2) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) (async) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video20\x00', 0x80000, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/irq/default_smp_affinity\x00', 0x200c82, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dmmidi2\x00', 0x220841, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) (async) socket(0xa, 0x1, 0x84) (async) getsockopt$auto(r2, 0x0, 0x483, 0x0, 0x0) (async) 1m27.264912723s ago: executing program 3 (id=1101): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) r1 = socket(0xa, 0x1, 0x100) setsockopt$auto_SO_MAX_PACING_RATE(r1, 0x6, 0x2f, &(0x7f0000000300)='\xba\xf13\xa4o\xd3\xd2\xe0v\x95\xe6mAk\x90\xa1\xfd\xb0\xe1\xa6W\x85py\x91Q\xe7\xc9\x05\xce\x17\xe6<0e\x12\xe8/\x16\xf0\xd2\xe5\x06[\vFb\xd6\xc0sTv*\xa6\x97\xb4\xcf\xc8d^\xb1\x7f\xeeH\xd2\xa8\xeb\xad\xdfw\xad\x1e\xcf\x13\xd2\xbbh\xb7\xb1\xa2\x14\xbe=Q\xf3\xd6\x85\x8as\x04\x93\x8c3\n\x9e\xcc\xbdP\x89\xee\xa8\x82\x03\x97\xe6^\x85#\x11T\x8dE\xba\nF\xc2\xe2\x06k\xf0~\xa3\x86h\xc2\xb8\xcfk\x1f', 0x6) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000400)={{0x5, 0x22, 0x8672, 0x80}, "66ac010005000000000068d590eb0d4a4cada7272464294b9183349eef4c1f028fdcc8ecc66fdd02316f064ebd81dcdbd3b2683e95b822f66eb624ad63110d61771552c03de65800"}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x40) r2 = socket(0xa, 0x4, 0x8) sendto$auto(r2, 0x0, 0x4, 0xfffffffe, &(0x7f0000000000)=@generic={0xa, "e208004002de00"}, 0x1c) io_uring_setup$auto(0x1, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyr8\x00', 0xa44c0, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x3, @rand_addr=0x64010102}, 0x54) openat$auto_udf_dir_operations_udfdecl(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x100800, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x8, 0x3, 0xeb1, r4, 0x100000000008000) r5 = socket(0x2, 0x1, 0x106) bind$auto(r5, &(0x7f0000000000)=@in={0x2, 0x3, @multicast1}, 0x6a) syz_genetlink_get_family_id$auto_ovs_vport(0x0, r5) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r5) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty12\x00', 0x40000, 0x0) ioctl$auto(r6, 0x4b4b, r6) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x6fffffe) io_uring_setup$auto(0x401, 0x0) 1m26.378859184s ago: executing program 3 (id=1109): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose14/carrier_changes\x00', 0x103000, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x541c, r1) 1m26.304953083s ago: executing program 3 (id=1110): mmap$auto(0x4, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) mmap$auto(0x0, 0x402000b, 0x80000001, 0x10, r1, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/bInterfaceNumber\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x278a02, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/discover\x00', 0x80101, 0x0) pread64$auto(r1, &(0x7f0000000180)=']y\x00\xaf=\x1ct\xe8j\x02U\xb1\x1f\xcf\xb7pN\x8a\xe1\xed`l\x19\xb2\xe6\x88]>\\q\xc5Z%Lk\xe8\xb0Io\xab]\xe9y\x00\x00\x00\x00|\xce\x8cA\xfd\xf7\xd0i\a\x00\x9a\x16L\x816)\x83/he\b\xb1vG\xf7\xc5\xe5\xe7]LL\x17\x0f\xa0t7)\xbe<\x02\xa6\x12l\xc1a\x8b\xe2\xca\x05\xac\xb5\xce\xc2\x05\x98\xeeZP3T>\xa1\xfa\x96\xefe\xe6P*]\x1e\xce\x14\x8dnU\x16\r\xb13\x98\x02zt&\xc8R\x1b\xbc\x06#(G;\xbb\xab~D\xb5\xc7\xd9\x03hS=z\xb2\xb4}\x96H\xb1R\x87A@0\xe8|\xe5\x0e\x11\xb3\xc6\x1d\xec\xee\xfeB', 0x10, 0x8) setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x80502, 0x0) write$auto_tty_fops_tty_io(r4, &(0x7f0000000140)="2a3f92", 0x3) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x100000001, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000080), r5) sendmsg$auto_ILA_CMD_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="57e9b868ebc8801ae7e702669380bb8dd02c83b96e513795b1a715f694c8c8313a0996fe644d416662cfb12ffbce87cdef9af8dc4254218e0a854f86ff3d9d7c0300000000000000ba93b849a0552ff89cf44175006987b723b260cb3d5da77c0a68244cc584d26c8784d3667a5fe6aa2496bb1466fb85aa99c804d5411de44eb14e61f9b0855eeb417e", @ANYRES16=r6, @ANYBLOB="09002dbd7000fbdbdf25030000000500080005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x20048840) setsockopt$auto(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x3) acct$auto(&(0x7f0000000000)='/dev/tty\x00`Mx\x9d\xfa\xb3\x1f\xc6k\x01\x13\x9b\x15[\xf7\xaan\x1fOgo\xbb(\xcbx\x9bJ\x91*\xa5a\x02\xf3\x1b\x9d\xddy\xef\xee\xe4h\xd5\nH\x80\x8a\xd7Y\xb8\xcb\x90') mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0x601, 0x0) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r8, 0x0, 0x23) sendmsg$auto_NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000428bd7000fddbdf25040000000800010080a3053e08000200540a6b00"], 0x24}, 0x1, 0x0, 0x0, 0x2000c001}, 0x40) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyb6\x00', 0x8a4282, 0x0) write$auto(r7, 0x0, 0x1) 1m11.025318596s ago: executing program 32 (id=1110): mmap$auto(0x4, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) mmap$auto(0x0, 0x402000b, 0x80000001, 0x10, r1, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/bInterfaceNumber\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x278a02, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/discover\x00', 0x80101, 0x0) pread64$auto(r1, &(0x7f0000000180)=']y\x00\xaf=\x1ct\xe8j\x02U\xb1\x1f\xcf\xb7pN\x8a\xe1\xed`l\x19\xb2\xe6\x88]>\\q\xc5Z%Lk\xe8\xb0Io\xab]\xe9y\x00\x00\x00\x00|\xce\x8cA\xfd\xf7\xd0i\a\x00\x9a\x16L\x816)\x83/he\b\xb1vG\xf7\xc5\xe5\xe7]LL\x17\x0f\xa0t7)\xbe<\x02\xa6\x12l\xc1a\x8b\xe2\xca\x05\xac\xb5\xce\xc2\x05\x98\xeeZP3T>\xa1\xfa\x96\xefe\xe6P*]\x1e\xce\x14\x8dnU\x16\r\xb13\x98\x02zt&\xc8R\x1b\xbc\x06#(G;\xbb\xab~D\xb5\xc7\xd9\x03hS=z\xb2\xb4}\x96H\xb1R\x87A@0\xe8|\xe5\x0e\x11\xb3\xc6\x1d\xec\xee\xfeB', 0x10, 0x8) setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x80502, 0x0) write$auto_tty_fops_tty_io(r4, &(0x7f0000000140)="2a3f92", 0x3) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x100000001, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000080), r5) sendmsg$auto_ILA_CMD_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="57e9b868ebc8801ae7e702669380bb8dd02c83b96e513795b1a715f694c8c8313a0996fe644d416662cfb12ffbce87cdef9af8dc4254218e0a854f86ff3d9d7c0300000000000000ba93b849a0552ff89cf44175006987b723b260cb3d5da77c0a68244cc584d26c8784d3667a5fe6aa2496bb1466fb85aa99c804d5411de44eb14e61f9b0855eeb417e", @ANYRES16=r6, @ANYBLOB="09002dbd7000fbdbdf25030000000500080005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x20048840) setsockopt$auto(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x3) acct$auto(&(0x7f0000000000)='/dev/tty\x00`Mx\x9d\xfa\xb3\x1f\xc6k\x01\x13\x9b\x15[\xf7\xaan\x1fOgo\xbb(\xcbx\x9bJ\x91*\xa5a\x02\xf3\x1b\x9d\xddy\xef\xee\xe4h\xd5\nH\x80\x8a\xd7Y\xb8\xcb\x90') mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0x601, 0x0) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r8, 0x0, 0x23) sendmsg$auto_NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000428bd7000fddbdf25040000000800010080a3053e08000200540a6b00"], 0x24}, 0x1, 0x0, 0x0, 0x2000c001}, 0x40) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyb6\x00', 0x8a4282, 0x0) write$auto(r7, 0x0, 0x1) 14.943676349s ago: executing program 1 (id=1279): socket(0x21, 0x2, 0x0) r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/loop9/hctx0/tags\x00', 0x80000, 0x0) (async) mmap$auto(0x0, 0x4, 0xe, 0x3132, 0x4008df3, 0x0) read$auto(0x3, 0x0, 0x80) (async) socket(0x22, 0x3, 0x0) (async) bind$auto(0x3, &(0x7f0000000080)=@isdn={0x22, 0x3d, 0x7, 0x6, 0x7}, 0x6b) fadvise64$auto_POSIX_FADV_NORMAL(r0, 0x4, 0x7, 0x0) bind$auto(0x3, &(0x7f0000000040)=@qipcrtr={0x2a, 0x3}, 0x6a) (async) r1 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) read$auto_stat_fops_per_vm_kvm_main(r1, 0x0, 0x0) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) (async) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x24044805) (async) syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mmap$auto(0x5, 0x2, 0xffff, 0x9b76, 0x2, 0x4) (async) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x452) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x5, 0x3, 0x66) (async) r3 = io_uring_setup$auto(0x9, 0x0) io_uring_register$auto(r3, 0x14, 0x0, 0xfffffffb) (async) getdents$auto(0x0, 0x0, 0x18) (async) sysfs$auto(0x2, 0x0, 0x0) (async) epoll_create$auto(0x7) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDCTL_DSP_POST(r2, 0x5008, &(0x7f0000000180)="ffe58f826f91eb7b96b2db06cde79b563abb303bcb384d8c5a53d1b3115a28675efbc8c7248273278e5f5c755f719dc0bb62dee77c596593352b1fb63bc8afe199b01763e0ceec23c5efffec5fd06dda33c9f05149ee75e77f681091df0f902307083b109850bea4453d0e2ccac98c53a1d607d9e0b237f6663a2855cc3a77c74d02fe546b8eb0578b8b748e07066b3c09690b195d67930b94d6f73f9d12cc991ffeb33889afb7a1d0a6b2b9b01f99e397936c63025ce6e680c0f201e83b370a7c25690f2ecd4ae3") (async) epoll_ctl$auto(0x5, 0x1, r4, 0x0) 13.036243366s ago: executing program 1 (id=1282): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1d00, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_cpumask\x00', 0x38b047, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) socketpair$auto(0x1, 0x1, 0x4, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0xeac40, 0x0) socket(0x10, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20480, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 10.618876145s ago: executing program 1 (id=1290): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) r0 = socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000002c0)={0x8, r2, 0x0, 0x33}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r3, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x80008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) madvise$auto(0x2, 0x5c61fa2c, 0xf) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRESHEX=r0, @ANYBLOB="130029bd704fb068c18e97d09150d3fdaa6dd200fbdbdf25030000000400080914000180080002800400325908001400a9c12c20"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r5, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x24000044) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x4000000000000000, 0x40000000020004, 0x201, 0xeb1, 0x8000000000000024, 0x8000) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x40001, 0x0) 9.522462965s ago: executing program 2 (id=1294): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x1, 0x400000000f54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(0x3, 0x200000000001, 0x2e, 0x0, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="011d3da4420008bd7100f9db5f250200000000000010", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x20044011}, 0x80) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bpq3/carrier_up_count\x00', 0x101000, 0x0) read$auto(r2, 0x0, 0x9) socket(0x1e, 0x4, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x5, 0x84) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) select$auto(0xf, 0x0, &(0x7f0000002400)={[0x1, 0x400, 0x0, 0x8, 0x200000000000027f, 0xe0d3, 0x4, 0x17c750d60, 0xfffffffffffffac1, 0x106, 0x8000, 0x8000000000000000, 0x0, 0x10001, 0x2, 0x24f]}, &(0x7f0000002480)={[0xf, 0x5, 0x8, 0x4, 0x6, 0xffffffffffffff7a, 0x8, 0x45f6c183, 0xaeb, 0x3, 0x3, 0x8, 0x8000, 0x2, 0x8000000000000001, 0xfffffffffffffffc]}, 0x0) socket(0x1d, 0x2, 0x7) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x101802, 0x0) prctl$auto(0x101, 0x8, 0x0, 0x40, 0x7) mmap$auto(0x2, 0x202000a, 0x1, 0xeb1, r3, 0x8000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r4, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto(r4, 0x8926, r4) read$auto_proc_sessionid_operations_base(0xffffffffffffffff, 0x0, 0x0) 7.858577072s ago: executing program 2 (id=1297): socket(0xa, 0x3, 0x3b) socket(0x2b, 0x1, 0x1) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x6, 0x1f, 0x0, 0x3d) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket(0xa, 0x3, 0x3a) ioctl$auto_I2C_FUNCS(r1, 0x705, &(0x7f0000000300)="ada4288e04bf6096991e8b4bdf68467e1270ca0efd7e1790bf3de8f0f291f69caf8623822f3f71c032d5dd41fef14a4e9384162587788976ed4aa105561bec853286d777e0e92ad7059cb254eed14a256b6f764ff75aab4a3b7aa80e2b603b0381d939837bc588246cf3a8cdf91d96690a6349e5dd0600fc4c12f755c3225c4504a1300bc7d6118e56a337c62184f913e1849190879f4fa0ad33216dd2ff50c67dd4acb18cebbcbb2c50a5cf13fe2b882c6e68462badd86ddc0e0fd698b8a2c592fa964cd66a4196380000b6ea4095a025a9d14d47e40aaa07aeac268551746a24") mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x240600, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) capset$auto(0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(r2, &(0x7f0000000080)=@generic={0xa, "0900000000000000905caf7ac800"}, 0x68) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) socket(0x10, 0x2, 0x0) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x10, &(0x7f0000001700)=@query={@target_ifindex, 0x11, 0x1, 0x9, 0x7f, @prog_cnt=0x2, 0x0, 0x1000f, 0xa, 0x7, 0x400000000001}, 0x7) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r3 = socket(0x29, 0x2, 0x0) ioctl$auto(r3, 0x8923, 0x24) 6.347803192s ago: executing program 2 (id=1300): mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) mount$auto(0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0) syz_clone(0x802000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sched_get_priority_min$auto(0xffffffff) 5.734694182s ago: executing program 0 (id=1302): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0xffffffffffffffff, 0x8, 0x0) r0 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0xfdef) read$auto(0x3, 0x0, 0x1f40) read$auto(0x3, 0x0, 0x1f40) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x6) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x3, 0x0) userfaultfd$auto(0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x101, 0x8000, 0x3fa, 0x200000401, 0x1000008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040)='+$', 0x0) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(r0, 0x29, 0x3, 0x0, 0x56b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x5, 0x2009, 0x0, 0x0) r2 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/numa_maps\x00', 0x64001, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x84240, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) read$auto_proc_sessionid_operations_base(r2, &(0x7f00000000c0)=""/4073, 0xfe9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr4/statistics/tx_window_errors\x00', 0x40000, 0x0) 5.369674582s ago: executing program 2 (id=1304): mmap$auto(0x0, 0x4, 0x3, 0x1000000000000eb1, 0xfffffffffffffffa, 0xf) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000013c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000001440)={0x14, r1, 0x1, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = socket(0x2, 0x801, 0x106) getsockopt$auto(r4, 0x11c, 0x3, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r5, 0x541c, r6) 5.101131935s ago: executing program 4 (id=1305): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) semctl$auto_GETPID(0x0, 0x4, 0xb, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clock_getres$auto(0x10, &(0x7f0000000080)={0x5, 0x200}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000001440)='/dev/dmmidi2\x00', 0x800, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, 0xfffffffffffffffd) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) write$auto(0x3, 0x0, 0x80000003) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYBLOB, @ANYRES32], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) r4 = getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000100)=0x9) preadv2$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6}, 0x6, 0x7fff, 0xd01f, 0x4) r5 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/framebuffer\x00', 0x200800, 0x0) setsockopt$auto_SO_INCOMING_CPU(r5, 0x8, 0x31, &(0x7f0000000040)='/dev/sda\x00', 0x4) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x2272, r6) 4.790543054s ago: executing program 2 (id=1306): socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) unshare$auto(0x40000080) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(0x0, 0x0) r0 = socket(0x12, 0x4, 0x440a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xdccc1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000040)) io_setup$auto(0x80002, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x20400, 0x0) r3 = syz_genetlink_get_family_id$auto_ethtool(0x0, r0) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r3], 0x18}, 0x1, 0x0, 0x0, 0x8080}, 0x8041) getpid() epoll_pwait2$auto(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0, 0x8) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180)="f121fdfc4775e1f0615594d687bb1e003e0d1cb4c90bd5bae3215c051ba36ac409f5041f19837851ba4c0fc605471ac3c7ba2c7c8af39a2368a6dc487d1443a008d645e835d5") openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x100000000000037, 0x0) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0xc) setreuid$auto(0x8, 0x9d7) shutdown$auto(0x200000003, 0x2) socketpair$auto(0x5, 0xfffffffe, 0xef77, &(0x7f00000000c0)=0xb7) listen$auto(0x3, 0x83) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x90}}, 0x54) 4.590116681s ago: executing program 0 (id=1307): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8003, 0x0) setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x28) mmap$auto(0x4, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x75d455db) ioctl$auto_TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000540)={0x2, &(0x7f0000000500)={0xa7, 0xf3, 0x1, @raw=0x2}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f00000010c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fedbdf25040000000c000180080001000300000010000a800c000180080001000200000008000800", @ANYRES32=r3, @ANYBLOB="38df14f698f9fa936f37db4171a4e378b2b02cca032ac36b187536206ed0bf68e0b62c5dd6164c54bfc950d0db8994e4b80ec8ec92b7d1076af4344d9724ea3823929f5850779c3434b297695e2889727bce7a085e017e027b9e98be0d0000440799b7c72e23ffac3dff1282b2b8d9cec9a13dd2a2476991a694e98c16551ce2a1d0a2cf1da448f3a3ccdf5a7a8179ee2f8abacf29e8cb095e21b455e256a6d5bfff32e67aa2bb609b989e9574b373ffaa4300b976f0f69a7f59f1c3dbd4edff6e574695fd471b83a6a922b042589e6845566fa965a3f1642c7ad1"], 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x14) sendmsg$auto_NET_SHAPER_CMD_DELETE(r0, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="08002cbd7000fcdbdf25030000001c00018008000100000200000800010001000000080001000500000044000180080001000000"], 0x74}, 0x1, 0x0, 0x0, 0x4000011}, 0x10) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, &(0x7f0000000300)={[0x1ff, 0x5, 0xd, 0xfffffffffffff4d6, 0x948b, 0x3, 0x15f4da0e, 0x3, 0x0, 0x9, 0x80000001, 0x1000, 0x1, 0x9, 0x3, 0x1]}, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) clock_adjtime$auto(0x1, &(0x7f0000000280)={0xfff, 0x0, 0x6fe, 0x40004, 0x7, 0x4, 0x8227, 0x0, 0x2, 0x0, 0x8, {0x7, 0x800}, 0x101, 0xf8, 0xa, 0xd94, 0x0, 0x1, 0x7, 0x6, 0xa9, 0x3, 0xfffffffe}) writev$auto(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x9}, 0xb) write$auto(r4, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/ip6tnl0/bootp_relay\x00', 0x5014c0, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r5, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.218905624s ago: executing program 1 (id=1308): mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x60800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, 0x0) creat$auto(&(0x7f0000000280)='./file0\x00', 0x101) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x17, 0x401, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) mmap$auto(0x0, 0x40009, 0x3, 0x38, 0xffffffffffffffff, 0x28000) unshare$auto(0x8) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm_amd/parameters/pause_filter_thresh\x00', 0x200, 0x0) read$auto(r2, 0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r3 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f00000001c0)=""/204, 0xcc) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x20040, 0x0) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/options/latency-format\x00', 0x121082, 0x0) writev$auto(0x4, &(0x7f0000000080)={0x0, 0x8}, 0x1) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/snd_dummy.0/sound/card0/audio/power/runtime_suspended_time\x00', 0x602e02, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x3, 0x20009, 0x2b, 0xeb1, r1, 0xd1a) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_TIOCSTI2(r4, 0x5412, &(0x7f0000000000)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) read$auto(0x3, 0x0, 0x80) socket(0x2, 0x1, 0x100) 3.143678813s ago: executing program 4 (id=1309): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = socket(0x2, 0x2, 0x73) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRESOCT=r0, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x28, r5, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_TX_AGGR_TIME_USECS={0x8}, @ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x810) r7 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x58, r7, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_BLA_CRC={0x6, 0x22, 0xff}, @BATADV_ATTR_TPMETER_RESULT={0x5, 0xa, 0x40}, @BATADV_ATTR_TT_VID={0x6, 0x14, 0x4}, @BATADV_ATTR_MCAST_FLAGS={0x8, 0x26, 0x2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x4010) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r3) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="018c1400000100"/22, @ANYRES32=0x0, @ANYBLOB="040001800c0001800800030009000000"], 0x30}, 0x1, 0x0, 0x0, 0x2004d081}, 0x4010) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1f000000", @ANYBLOB="1200", @ANYRES8], 0x1ac}}, 0x40000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x24, 0x0, 0x1, 0x70bd2c, 0x25dfdbfa, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r11}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x140000e4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.819470059s ago: executing program 4 (id=1310): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = socket(0x2, 0x2, 0x73) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRESOCT=r0, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x28, r5, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_TX_AGGR_TIME_USECS={0x8}, @ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x810) r7 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x58, r7, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_BLA_CRC={0x6, 0x22, 0xff}, @BATADV_ATTR_TPMETER_RESULT={0x5, 0xa, 0x40}, @BATADV_ATTR_TT_VID={0x6, 0x14, 0x4}, @BATADV_ATTR_MCAST_FLAGS={0x8, 0x26, 0x2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x4010) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r3) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="018c1400000100"/22, @ANYRES32=0x0, @ANYBLOB="040001800c0001800800030009000000"], 0x30}, 0x1, 0x0, 0x0, 0x2004d081}, 0x4010) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1f000000", @ANYBLOB="1200", @ANYRES8], 0x1ac}}, 0x40000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) r12 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_SET_MESH(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x24, r12, 0x1, 0x70bd2c, 0x25dfdbfa, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r11}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x140000e4) 2.754304316s ago: executing program 0 (id=1311): fanotify_init$auto(0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x4, 0xeb2, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x406, 0x0) poll$auto(&(0x7f0000000d40)={0x3, 0x3, 0xa}, 0x5, 0x3fc) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) r0 = openat$auto_fops_u64_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim0/psample/latency_max\x00', 0x17b002, 0x0) getsockopt$auto(r0, 0x0, 0x404, 0x0, 0x0) mkdir$auto(&(0x7f0000000100)='./file1\x00', 0x1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/netdevsim1/locktime\x00', 0x28a43, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x22, 0x800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/firmware/acpi/hotplug/force_remove\x00', 0x2062, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x17, 0x7, 0x28000) write$auto(0x3, 0x0, 0xfdf3) socket(0x8, 0x6, 0xfffffffd) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) mmap$auto(0x0, 0x100000001, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x8000000000002, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x0, 0x5, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x5, 0x9, 0x2, 0x1]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x3ff) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x90, 0x1, 0x5, 0x3, 0x5, 0x3, 0x5, 0x3, 0x9, 0x2, 0x6d3c, 0x9, 0x2, 0x10001]}, 0x0) 2.395384082s ago: executing program 4 (id=1312): write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000012c0)="0a1b9a3c3e20fd2da3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a1fe65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9918291c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b25230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x106) 2.149044161s ago: executing program 4 (id=1313): r0 = socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) adjtimex$auto(&(0x7f0000000300)={0x3, 0x0, 0x7fffffff, 0x55d, 0x12, 0xf2, 0x9, 0x0, 0x5, 0x0, 0xfffffffffffffffb, {0x9, 0xa7}, 0x9, 0x7, 0x1, 0x8, 0x0, 0x8, 0xce34, 0x6, 0x3, 0xfff, 0x3}) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SG_GET_NUM_WAITING(r1, 0x227d, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0x40df, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000740)={@siginfo_0_0={0xfffffe00, 0xfffffffd, 0x6, @_sigpoll={0x3, r1}}}, 0x80000000, &(0x7f00000007c0)={{0xffff, 0x1}, {0x9, 0xffffffffffffffff}, 0x800, 0x10, 0x7, 0xfffffffffffffffb, 0xfff, 0x7, 0x401, 0xfffffffffffff001, 0x100, 0x10000000000000, 0xfff, 0x1, 0x4, 0x3}) mmap$auto(0x1, 0x2000a, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x15, 0x5, 0x0) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sg1\x00', 0x224a00, 0x0) ioctl$auto_SG_SET_FORCE_PACK_ID(r4, 0x227b, &(0x7f0000000500)="4b6ae5a86f3e0896077902fc8f82ac5cb8f94c1757788661e5ada565ee130f2b21dcd686d6b7bde10f9b118083c706021357747ec7d9b1d7b1434d4b6e8231f6700860eaf8cd33328886a3ccba4f6664af143341598b695ccde77fbb68e441242248de69729a6bc2d5c85cbb16360ce93c7826e93bf96e10d76f8eac711ac0f68dfc18ab026af1875a9e618fe36dbf3c79cb9b8e79dba179b23be9de0c69918f0d71603abf9bb1b8894e65c338b9320b5502561bedb5e5bc608a305e7fd0b3e966a277478be2373c73b9cbc62ade124976") setsockopt$auto(r3, 0x114, 0x8, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) link$auto(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x20000, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_ADD(r6, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x30, r7, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_TZ_TRIP_ID={0x8, 0x5, 0x69}, @THERMAL_GENL_ATTR_CDEV={0x4}, @THERMAL_GENL_ATTR_CDEV_MAX_STATE={0x8, 0x11, 0x3}, @THERMAL_GENL_ATTR_CPU_CAPABILITY_ID={0x8, 0x15, 0x57}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000880) ioctl$auto(r5, 0x40045108, 0x0) 2.078796102s ago: executing program 1 (id=1314): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x2012, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto_IMDELTIMER(0xffffffffffffffff, 0x80044941, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) pread64$auto(r1, 0x0, 0x40000000f42c, 0x2) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='\x00\x00i\xffw', 0x4, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000180)={0x7f, 0x1, 0x1, 0x2, 0xffffffff}) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) setreuid$auto(0xffffffffffffffff, 0x8) r2 = socket(0xa, 0x2, 0x0) setsockopt$auto(r2, 0x29, 0x37, 0x0, 0x110) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) connect$auto(0xffffffffffffffff, &(0x7f0000000040)=@generic={0x25, "835aabaf5dc454e38226799f73aa"}, 0x3d) shutdown$auto(0x200000003, 0x2) bpf$auto(0x0, 0x0, 0x6f4) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) 1.736287318s ago: executing program 0 (id=1315): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r2, &(0x7f0000000080)={0x0, 0x7}, 0x2) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) 1.613417283s ago: executing program 2 (id=1316): socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0xe883, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) futex$auto(&(0x7f00000000c0)=0x1, 0x8c, 0x1, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(0xffffffffffffffff, 0x3304, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) ioperm$auto(0x7, 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r0, 0x29, 0xce, 0x0, 0x0) socket(0x2, 0x1, 0x0) prctl$auto(0x1000, 0xd21, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) fanotify_init$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) 820.487358ms ago: executing program 4 (id=1317): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x40242, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x10}, 0x3) r2 = wait4$auto(0xffffffffffffffff, 0x0, 0x2, 0x0) prctl$auto(0x3e, 0x0, r2, 0x1, 0x0) r3 = getegid() setregid$auto(r3, r3) setfsgid$auto(r3) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r5, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) r6 = openat$auto_fops_ulong_ro_(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy18/netdev:wlan1/stations/08:02:11:00:00:00/rx_fragments\x00', 0x480800, 0x0) write$auto_fops_ulong_ro_(r6, &(0x7f0000000340), 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd2a, 0xc, 0x8, 0x5, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) socket(0xa, 0x2, 0x3a) mmap$auto(0x1f00, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) 704.377546ms ago: executing program 0 (id=1318): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000000)=@ethernet={0x1, @broadcast}, 0x55) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x52, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x44, r2, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0x14, 0x0, 0x1, [@typed={0xc, 0x17, 0x0, 0x0, @u64}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "f75447b747e6d6a37eba86000001"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) bpf$auto_BPF_OBJ_PIN(0x6, 0x0, 0x5) socket(0x10, 0x2, 0x0) semctl$auto(0xc5, 0x4, 0x1, 0xc000000000000) 149.698222ms ago: executing program 0 (id=1319): mmap$auto(0x0, 0x2, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000853b884a05d59929f0a37d5ff1b70ce851abc650ecf668deacf9ac187699194b6d6ed9cc3c692771aca87883de80e1d592b91da16d95dd0ed6b9a29af521c508267f1184d4e42c20523501ea801a87226703019eac5ef39755810c20bd3299e98074400d05e3666fb286aa941d6349a1e3c7c9eda1f1a577f2fb5b686718d7e2cdeb1869d5ab891b0e4241023d9c74c1cc86f250d1c3492faff4b2c2215c0851e13fa01607e6b7a2042c3a7c2fb237198feaf2a4", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x1000c090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}, 0x1, 0x0, 0x0, 0x40000000}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x1c04, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r1, r2, 0x0, 0x1) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/pages_shared\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001100)=""/4106, 0x100a) mmap$auto(0x2, 0x118dc03a, 0xffffffff, 0x40eb2, 0x402, 0x300000000000) semctl$auto(0xc, 0x2, 0x13, 0x100004) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xbf3, 0x465a, 0xdd, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card0/pcm0p/sub1/xrun_injection\x00', 0x0, 0x0) r6 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x107000, 0x0) ioctl$auto_UI_DEV_SETUP(r6, 0x405c5503, &(0x7f00000000c0)={{0x2, 0xf2cf, 0x5, 0x7c}, "6a034a0700010000000000002576f893fba86c9dd051a0094a3833d61c9300fefb58be31ef9368c7996e841f3f1561d4992f72eaba6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x40}) ioctl$auto_UI_DEV_CREATE(r6, 0x5501, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) open_by_handle_at$auto(r5, &(0x7f00000002c0)={0xd, 0x136a, "8f42b1077e737d4629d7867bca"}, 0x7d) geteuid() sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, 0x0, 0x200000c0) close_range$auto(0x2, 0xa, 0x0) 0s ago: executing program 1 (id=1320): mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) write$auto(0xca, 0x0, 0x2d9) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = fanotify_init$auto(0x5, 0x2000000000002) r1 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x4c) r2 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(0x0, 0x451, 0xa, 0xffffffffffffffff, 0x0) fanotify_mark$auto(r2, 0x451, 0x800000a, r1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') ioctl$auto_TIOCSETD2(r0, 0x5423, &(0x7f0000000140)="1b4fb007f3a0f2608fb39844c11ca28cd6f6c6cba286f22d8c57c737969b582e94fda5741d8a7de2f0d82a426b154152f8e1bab0970f1092150f78af16290499f01b27d20a869d4db92d84f1846febf350ec88b29ed7bdb7365c8b95cefbaf917be3761084d75b1534558a0a0f43dacc966b2f14161de84e525984135a435c4598c0f134724081bf51de801b554a12ea91b1cc0bbda837468dca21d3a93f74a4c0fe1b6c72111f7957443ddb3847fee73526877eab8d847092f5") r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(r3, 0xfffffffffffffff9, 0x1) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x3c41, 0x0) r4 = open(0x0, 0x80400, 0xb5d1af1605322dd2) close_range$auto(0x2, 0x8, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x1}, 0x7) read$auto_lowpan_enable_fops_(r4, &(0x7f00000002c0)=""/120, 0x78) rt_tgsigqueueinfo$auto(0x0, 0x0, 0x21, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x1c51, 0xfffffffe, @_sigsys={0x0, 0x2, 0xffffffff}}}) kernel console output (not intermixed with test programs):                                                                                                                                          [ 266.140488][ T5868] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 266.165115][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.179072][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.772212][ T8514] random: crng reseeded on system resumption [ 266.943650][ T8522] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 267.478200][ T8521] binder: 8519:8521 ioctl 400c620e 200000000040 returned -22 [ 267.698461][ T8511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.771227][ T8511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.632079][ T8531] kexec: Could not allocate control_code_buffer [ 271.387275][ T8572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.518'. [ 272.805192][ T8595] __vm_enough_memory: pid: 8595, comm: syz.1.522, bytes: 4398046511104 not enough memory for the allocation [ 273.061288][ T8601] misc userio: No port type given on /dev/userio [ 274.941105][ T8620] net_ratelimit: 544 callbacks suppressed [ 274.941132][ T8620] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 275.773503][ T8644] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(16) [ 275.800612][ T8651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.530'. [ 276.486671][ T8665] misc userio: No port type given on /dev/userio [ 280.009785][ T8717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.540'. [ 281.025294][ T8734] misc userio: No port type given on /dev/userio [ 281.732972][ T8744] netlink: 334 bytes leftover after parsing attributes in process `syz.2.545'. [ 283.152195][ T8785] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 285.650198][ T8808] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 285.692812][ T5868] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 285.704447][ T8808] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 285.733389][ T8808] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 285.762710][ T8808] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 285.796054][ T8809] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 286.185048][ T8839] Invalid ELF header magic: != ELF [ 287.048384][ T5868] Bluetooth: hci0: command 0x0c1a tx timeout [ 287.761298][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 287.768819][ T5865] Bluetooth: hci1: command 0x0c1a tx timeout [ 287.838614][ T5868] Bluetooth: hci3: command 0x0c1a tx timeout [ 288.576490][ T5868] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 292.437681][ T31] audit: type=1804 audit(6051229690.455:8): pid=8923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.577" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=1050 res=1 errno=0 [ 292.826100][ T5868] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 294.870232][ T8935] Process accounting resumed [ 295.963674][ T8872] Process accounting paused [ 299.493378][ T9022] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 299.519326][ T9022] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 299.525705][ T9022] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 299.535935][ T9022] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 299.796615][ T9035] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 300.666618][ T9055] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub [ 300.958442][ T5865] Bluetooth: hci0: command 0x0c1a tx timeout [ 301.601000][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.602749][ T5868] Bluetooth: hci1: command 0x0c1a tx timeout [ 301.614525][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 303.037947][ T9100] FAULT_INJECTION: forcing a failure. [ 303.037947][ T9100] name failslab, interval 1, probability 0, space 0, times 0 [ 303.052471][ T9100] CPU: 1 UID: 0 PID: 9100 Comm: syz.0.605 Not tainted syzkaller #0 PREEMPT(full) [ 303.052530][ T9100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 303.052549][ T9100] Call Trace: [ 303.052560][ T9100] [ 303.052573][ T9100] dump_stack_lvl+0x16c/0x1f0 [ 303.052624][ T9100] should_fail_ex+0x512/0x640 [ 303.052671][ T9100] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 303.052729][ T9100] should_failslab+0xc2/0x120 [ 303.052773][ T9100] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 303.052814][ T9100] ? alloc_inode+0x64/0x240 [ 303.052865][ T9100] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 303.052898][ T9100] alloc_inode+0x64/0x240 [ 303.052945][ T9100] new_inode+0x22/0x1c0 [ 303.052995][ T9100] debugfs_create_symlink+0xd3/0x320 [ 303.053037][ T9100] ref_tracker_dir_symlink+0x255/0x360 [ 303.053089][ T9100] ? __pfx_ref_tracker_dir_symlink+0x10/0x10 [ 303.053203][ T9100] net_ns_net_init+0x19a/0x220 [ 303.053251][ T9100] ? __pfx_net_ns_net_init+0x10/0x10 [ 303.053295][ T9100] ops_init+0x1e2/0x5f0 [ 303.053345][ T9100] setup_net+0x10f/0x380 [ 303.053388][ T9100] ? lockdep_init_map_type+0x5c/0x280 [ 303.053432][ T9100] ? __pfx_setup_net+0x10/0x10 [ 303.053482][ T9100] ? debug_mutex_init+0x37/0x70 [ 303.053513][ T9100] copy_net_ns+0x2a6/0x5f0 [ 303.053558][ T9100] create_new_namespaces+0x3ea/0xa90 [ 303.053597][ T9100] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 303.053631][ T9100] ksys_unshare+0x45b/0xa40 [ 303.053669][ T9100] ? __pfx_ksys_unshare+0x10/0x10 [ 303.053708][ T9100] ? xfd_validate_state+0x61/0x180 [ 303.053765][ T9100] __x64_sys_unshare+0x31/0x40 [ 303.053807][ T9100] do_syscall_64+0xcd/0x490 [ 303.053854][ T9100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.053886][ T9100] RIP: 0033:0x7fba28f8ebe9 [ 303.053909][ T9100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.053941][ T9100] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 303.053969][ T9100] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 303.053990][ T9100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 303.054008][ T9100] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 303.054027][ T9100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.054045][ T9100] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 303.054087][ T9100] [ 303.054099][ T9100] debugfs: out of free dentries, can not create symlink 'netns-8d-4026533768-notrefcnt' [ 303.821637][ T9101] blktrace: Concurrent blktraces are not allowed on ram7 [ 304.894055][ T9117] FAULT_INJECTION: forcing a failure. [ 304.894055][ T9117] name failslab, interval 1, probability 0, space 0, times 0 [ 304.938810][ T9117] CPU: 0 UID: 0 PID: 9117 Comm: syz.0.608 Not tainted syzkaller #0 PREEMPT(full) [ 304.938863][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.938884][ T9117] Call Trace: [ 304.938895][ T9117] [ 304.938908][ T9117] dump_stack_lvl+0x16c/0x1f0 [ 304.938968][ T9117] should_fail_ex+0x512/0x640 [ 304.939022][ T9117] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 304.939072][ T9117] should_failslab+0xc2/0x120 [ 304.939124][ T9117] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 304.939166][ T9117] ? inode_set_ctime_current+0x2a1/0x8f0 [ 304.939210][ T9117] ? __d_alloc+0x32/0xae0 [ 304.939255][ T9117] __d_alloc+0x32/0xae0 [ 304.939302][ T9117] d_alloc_pseudo+0x1c/0xc0 [ 304.939353][ T9117] alloc_file_pseudo+0xcf/0x230 [ 304.939408][ T9117] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 304.939462][ T9117] ? hugetlbfs_get_inode+0x31f/0x730 [ 304.939505][ T9117] hugetlb_file_setup+0x4ce/0x620 [ 304.939546][ T9117] ksys_mmap_pgoff+0x189/0x5c0 [ 304.939602][ T9117] __x64_sys_mmap+0x125/0x190 [ 304.939659][ T9117] do_syscall_64+0xcd/0x490 [ 304.939709][ T9117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.939743][ T9117] RIP: 0033:0x7fba28f8ebe9 [ 304.939769][ T9117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.939814][ T9117] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 304.939847][ T9117] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 304.939869][ T9117] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 304.939889][ T9117] RBP: 00007fba29011e19 R08: 0000000000000004 R09: 0000300000000000 [ 304.939909][ T9117] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 304.939929][ T9117] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 304.939971][ T9117] [ 306.791876][ T9147] raw_sendmsg: syz.0.615 forgot to set AF_INET. Fix it! [ 309.451976][ T31] audit: type=1800 audit(6051229707.475:9): pid=9196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.622" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 310.700585][ T5865] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 311.105123][ T9215] netlink: 'syz.1.628': attribute type 1 has an invalid length. [ 311.219415][ T31] audit: type=1400 audit(6051229709.235:10): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=9214 comm="syz.1.628" [ 311.338064][ T9200] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 314.174882][ T9266] netlink: 12 bytes leftover after parsing attributes in process `syz.0.639'. [ 314.935085][ T9281] Invalid ELF header magic: != ELF [ 318.051215][ T9323] program syz.3.650 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 318.084038][ T9318] zswap: compressor not available [ 318.506687][ T9326] ecryptfs_miscdev_write: Invalid packet size [192] [ 318.808119][ T5865] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 323.344416][ T31] audit: type=1800 audit(6051229721.365:11): pid=9424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.665" name="dbroot" dev="configfs" ino=25732 res=0 errno=0 [ 323.393799][ T9424] db_root: not a directory: /dev/audio1 [ 325.269471][ T9431] Process accounting paused [ 325.906386][ T9460] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 326.217442][ T9458] Process accounting resumed [ 327.373718][ T9485] nbd: couldn't find device at index 137 [ 327.608125][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.614979][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.521242][ T9499] netlink: 'syz.1.684': attribute type 1 has an invalid length. [ 329.565249][ T9507] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 330.731709][ T9531] can: request_module (can-proto-0) failed. [ 331.556885][ T9550] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 331.569107][ T9545] netlink: 29 bytes leftover after parsing attributes in process `syz.2.694'. [ 333.514825][ T9581] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 334.232824][ T9527] kexec: Could not allocate control_code_buffer [ 334.913879][ T9595] zswap: compressor not available [ 335.094673][ T9601] FAULT_INJECTION: forcing a failure. [ 335.094673][ T9601] name failslab, interval 1, probability 0, space 0, times 0 [ 335.117917][ T9601] CPU: 1 UID: 0 PID: 9601 Comm: syz.3.704 Not tainted syzkaller #0 PREEMPT(full) [ 335.117960][ T9601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 335.117992][ T9601] Call Trace: [ 335.118002][ T9601] [ 335.118013][ T9601] dump_stack_lvl+0x16c/0x1f0 [ 335.118059][ T9601] should_fail_ex+0x512/0x640 [ 335.118117][ T9601] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 335.118161][ T9601] should_failslab+0xc2/0x120 [ 335.118204][ T9601] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 335.118244][ T9601] ? prepare_creds+0x2c/0x7d0 [ 335.118299][ T9601] prepare_creds+0x2c/0x7d0 [ 335.118349][ T9601] __do_sys_landlock_restrict_self+0x13e/0x910 [ 335.118387][ T9601] ? rcu_is_watching+0x12/0xc0 [ 335.118424][ T9601] do_syscall_64+0xcd/0x490 [ 335.118472][ T9601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.118522][ T9601] RIP: 0033:0x7f8ed618ebe9 [ 335.118547][ T9601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.118581][ T9601] RSP: 002b:00007f8ed707f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 335.118622][ T9601] RAX: ffffffffffffffda RBX: 00007f8ed63b5fa0 RCX: 00007f8ed618ebe9 [ 335.118642][ T9601] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005 [ 335.118660][ T9601] RBP: 00007f8ed6211e19 R08: 0000000000000000 R09: 0000000000000000 [ 335.118678][ T9601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.118695][ T9601] R13: 00007f8ed63b6038 R14: 00007f8ed63b5fa0 R15: 00007ffcabf47bd8 [ 335.118734][ T9601] [ 336.047406][ T9613] FAULT_INJECTION: forcing a failure. [ 336.047406][ T9613] name fail_futex, interval 1, probability 0, space 0, times 0 [ 336.078845][ T9613] CPU: 0 UID: 0 PID: 9613 Comm: syz.0.706 Not tainted syzkaller #0 PREEMPT(full) [ 336.078889][ T9613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 336.078909][ T9613] Call Trace: [ 336.078920][ T9613] [ 336.078932][ T9613] dump_stack_lvl+0x16c/0x1f0 [ 336.078980][ T9613] should_fail_ex+0x512/0x640 [ 336.079033][ T9613] get_futex_key+0x1d0/0x1560 [ 336.079076][ T9613] ? __pfx_get_futex_key+0x10/0x10 [ 336.079119][ T9613] ? kasan_save_stack+0x42/0x60 [ 336.079156][ T9613] ? kasan_save_stack+0x33/0x60 [ 336.079192][ T9613] ? kasan_save_track+0x14/0x30 [ 336.079235][ T9613] futex_wait_setup+0x9d/0x550 [ 336.079306][ T9613] __futex_wait+0x194/0x2f0 [ 336.079360][ T9613] ? __pfx___futex_wait+0x10/0x10 [ 336.079419][ T9613] ? __pfx_futex_wake_mark+0x10/0x10 [ 336.079476][ T9613] ? futex_private_hash_put+0x176/0x300 [ 336.079522][ T9613] ? futex_private_hash_put+0x18a/0x300 [ 336.079566][ T9613] futex_wait+0xe8/0x380 [ 336.079615][ T9613] ? __pfx_futex_wait+0x10/0x10 [ 336.079674][ T9613] ? errseq_sample+0x53/0x70 [ 336.079704][ T9613] ? file_init_path+0x4fe/0x760 [ 336.079758][ T9613] do_futex+0x229/0x350 [ 336.079801][ T9613] ? __pfx_do_futex+0x10/0x10 [ 336.079844][ T9613] ? fd_install+0x225/0x750 [ 336.079887][ T9613] __x64_sys_futex+0x1e0/0x4c0 [ 336.079931][ T9613] ? __sys_socket+0xac/0x260 [ 336.079966][ T9613] ? __pfx___x64_sys_futex+0x10/0x10 [ 336.080009][ T9613] ? xfd_validate_state+0x61/0x180 [ 336.080059][ T9613] ? __pfx_do_writev+0x10/0x10 [ 336.080107][ T9613] do_syscall_64+0xcd/0x490 [ 336.080154][ T9613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.080187][ T9613] RIP: 0033:0x7fba28f8ebe9 [ 336.080213][ T9613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.080247][ T9613] RSP: 002b:00007fba29df60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 336.080286][ T9613] RAX: ffffffffffffffda RBX: 00007fba291b5fa8 RCX: 00007fba28f8ebe9 [ 336.080309][ T9613] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fba291b5fa8 [ 336.080330][ T9613] RBP: 00007fba291b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 336.080351][ T9613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.080370][ T9613] R13: 00007fba291b6038 R14: 00007ffcf2826580 R15: 00007ffcf2826668 [ 336.080413][ T9613] [ 337.512706][ T9616] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 337.535983][ T9616] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 337.566425][ T9625] zswap: compressor not available [ 337.567330][ T9634] netlink: 28 bytes leftover after parsing attributes in process `syz.2.709'. [ 337.586566][ T9616] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 337.596512][ T9616] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 338.213426][ T9651] ecryptfs_parse_packet_length: Error parsing packet length [ 338.221132][ T9651] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 338.619825][ T9656] FAULT_INJECTION: forcing a failure. [ 338.619825][ T9656] name fail_futex, interval 1, probability 0, space 0, times 0 [ 338.648446][ T5865] Bluetooth: hci0: command 0x0c1a tx timeout [ 338.738790][ T9656] CPU: 0 UID: 0 PID: 9656 Comm: syz.3.715 Not tainted syzkaller #0 PREEMPT(full) [ 338.738824][ T9656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 338.738838][ T9656] Call Trace: [ 338.738846][ T9656] [ 338.738854][ T9656] dump_stack_lvl+0x16c/0x1f0 [ 338.738890][ T9656] should_fail_ex+0x512/0x640 [ 338.738930][ T9656] get_futex_key+0x1d0/0x1560 [ 338.738963][ T9656] ? __pfx_get_futex_key+0x10/0x10 [ 338.738995][ T9656] ? __lock_acquire+0xb97/0x1ce0 [ 338.739032][ T9656] futex_wake+0xea/0x530 [ 338.739071][ T9656] ? futex_wait+0x120/0x380 [ 338.739110][ T9656] ? __pfx_futex_wake+0x10/0x10 [ 338.739148][ T9656] ? __might_fault+0xe3/0x190 [ 338.739174][ T9656] ? __might_fault+0x13b/0x190 [ 338.739207][ T9656] do_futex+0x1e3/0x350 [ 338.739238][ T9656] ? __pfx_do_futex+0x10/0x10 [ 338.739267][ T9656] ? __pfx_do_utimes+0x10/0x10 [ 338.739295][ T9656] ? __pfx_get_timespec64+0x10/0x10 [ 338.739330][ T9656] __x64_sys_futex+0x1e0/0x4c0 [ 338.739362][ T9656] ? __do_sys_openat2+0x1c8/0x2d0 [ 338.739400][ T9656] ? __pfx___x64_sys_futex+0x10/0x10 [ 338.739432][ T9656] ? syscall_user_dispatch+0x78/0x140 [ 338.739478][ T9656] do_syscall_64+0xcd/0x490 [ 338.739513][ T9656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.739537][ T9656] RIP: 0033:0x7f8ed618ebe9 [ 338.739555][ T9656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.739579][ T9656] RSP: 002b:00007f8ed707f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 338.739602][ T9656] RAX: ffffffffffffffda RBX: 00007f8ed63b5fa8 RCX: 00007f8ed618ebe9 [ 338.739617][ T9656] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8ed63b5fac [ 338.739632][ T9656] RBP: 00007f8ed63b5fa0 R08: 00007f8ed7080000 R09: 0000000000000000 [ 338.739647][ T9656] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 338.739661][ T9656] R13: 00007f8ed63b6038 R14: 00007ffcabf47af0 R15: 00007ffcabf47bd8 [ 338.739690][ T9656] [ 339.598615][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 339.604727][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 339.604798][ T5872] Bluetooth: hci1: command 0x0c1a tx timeout [ 339.813880][ T9665] netlink: 28 bytes leftover after parsing attributes in process `syz.3.717'. [ 339.876729][ T31] audit: type=1800 audit(6051229737.865:12): pid=9661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.716" name="members" dev="configfs" ino=25372 res=0 errno=0 [ 340.149171][ T9668] random: crng reseeded on system resumption [ 341.054729][ T9675] blktrace: Concurrent blktraces are not allowed on ram7 [ 341.956252][ T5872] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 345.337226][ T9738] random: crng reseeded on system resumption [ 345.760325][ T9744] netlink: 28 bytes leftover after parsing attributes in process `syz.3.734'. [ 346.011440][ T9738] netlink: 338 bytes leftover after parsing attributes in process `syz.1.733'. [ 346.165495][ T9744] bridge_slave_1: left allmulticast mode [ 346.215901][ T9744] bridge_slave_1: left promiscuous mode [ 346.265437][ T9744] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.285130][ T9745] netlink: 'syz.1.733': attribute type 1 has an invalid length. [ 346.384685][ T9744] bridge_slave_0: left allmulticast mode [ 346.417399][ T9744] bridge_slave_0: left promiscuous mode [ 346.437847][ T9744] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.007012][ T9763] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163f829 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 347.022735][ T9763] Call Trace: [ 347.026029][ T9763] [ 347.029000][ T9763] mce_cpu_restart+0x98/0xb0 [ 347.033601][ T9763] ? __pfx_mce_cpu_restart+0x10/0x10 [ 347.038894][ T9763] smp_call_function_many_cond+0x1227/0x1600 [ 347.044885][ T9763] ? __pfx_mce_cpu_restart+0x10/0x10 [ 347.050183][ T9763] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 347.056028][ T9763] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 347.062377][ T9763] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 347.068439][ T9763] ? __pfx_mce_cpu_restart+0x10/0x10 [ 347.073756][ T9763] on_each_cpu_cond_mask+0x40/0x90 [ 347.078985][ T9763] set_bank+0x240/0x3a0 [ 347.083186][ T9763] ? __pfx_set_bank+0x10/0x10 [ 347.087907][ T9763] ? find_held_lock+0x2b/0x80 [ 347.092618][ T9763] ? __pfx_set_bank+0x10/0x10 [ 347.097332][ T9763] dev_attr_store+0x55/0x80 [ 347.101876][ T9763] ? __pfx_dev_attr_store+0x10/0x10 [ 347.107123][ T9763] sysfs_kf_write+0xf2/0x150 [ 347.111752][ T9763] kernfs_fop_write_iter+0x354/0x510 [ 347.117061][ T9763] ? __pfx_sysfs_kf_write+0x10/0x10 [ 347.122302][ T9763] vfs_write+0x7d0/0x11d0 [ 347.126665][ T9763] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 347.132494][ T9763] ? __pfx___mutex_lock+0x10/0x10 [ 347.137551][ T9763] ? __pfx_vfs_write+0x10/0x10 [ 347.142368][ T9763] ksys_write+0x12a/0x250 [ 347.146745][ T9763] ? __pfx_ksys_write+0x10/0x10 [ 347.151624][ T9763] ? fput+0x9b/0xd0 [ 347.155475][ T9763] do_syscall_64+0xcd/0x490 [ 347.160023][ T9763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.165934][ T9763] RIP: 0033:0x7fba28f8ebe9 [ 347.170378][ T9763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.190020][ T9763] RSP: 002b:00007fba29dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 347.198467][ T9763] RAX: ffffffffffffffda RBX: 00007fba291b6090 RCX: 00007fba28f8ebe9 [ 347.206464][ T9763] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 347.214468][ T9763] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 347.222466][ T9763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.230458][ T9763] R13: 00007fba291b6128 R14: 00007fba291b6090 R15: 00007ffcf2826668 [ 347.238564][ T9763] [ 348.348137][ T9772] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 348.444388][ T9781] FAULT_INJECTION: forcing a failure. [ 348.444388][ T9781] name failslab, interval 1, probability 0, space 0, times 0 [ 348.490737][ T9781] CPU: 0 UID: 0 PID: 9781 Comm: syz.2.741 Not tainted syzkaller #0 PREEMPT(full) [ 348.490794][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 348.490813][ T9781] Call Trace: [ 348.490823][ T9781] [ 348.490834][ T9781] dump_stack_lvl+0x16c/0x1f0 [ 348.490881][ T9781] should_fail_ex+0x512/0x640 [ 348.490935][ T9781] ? __kmalloc_noprof+0xbf/0x510 [ 348.490971][ T9781] ? lsm_blob_alloc+0x68/0x90 [ 348.490994][ T9781] should_failslab+0xc2/0x120 [ 348.491033][ T9781] __kmalloc_noprof+0xd2/0x510 [ 348.491075][ T9781] lsm_blob_alloc+0x68/0x90 [ 348.491101][ T9781] security_prepare_creds+0x30/0x270 [ 348.491147][ T9781] prepare_creds+0x56f/0x7d0 [ 348.491196][ T9781] __sys_setfsgid+0xe3/0x380 [ 348.491228][ T9781] ? rcu_is_watching+0x12/0xc0 [ 348.491262][ T9781] do_syscall_64+0xcd/0x490 [ 348.491303][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.491332][ T9781] RIP: 0033:0x7f0e3cb8ebe9 [ 348.491362][ T9781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.491391][ T9781] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 348.491420][ T9781] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 348.491439][ T9781] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 348.491456][ T9781] RBP: 00007f0e3cc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 348.491474][ T9781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.491491][ T9781] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 348.491529][ T9781] [ 349.903515][ T9819] netlink: 28 bytes leftover after parsing attributes in process `syz.2.750'. [ 350.513181][ T31] audit: type=1800 audit(6051230771.540:13): pid=9830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.753" name="dummy_udc" dev="gadgetfs" ino=7273 res=0 errno=0 [ 350.555696][ T9830] FAULT_INJECTION: forcing a failure. [ 350.555696][ T9830] name failslab, interval 1, probability 0, space 0, times 0 [ 350.585143][ T9830] CPU: 1 UID: 0 PID: 9830 Comm: syz.0.753 Not tainted syzkaller #0 PREEMPT(full) [ 350.585185][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 350.585204][ T9830] Call Trace: [ 350.585213][ T9830] [ 350.585225][ T9830] dump_stack_lvl+0x16c/0x1f0 [ 350.585272][ T9830] should_fail_ex+0x512/0x640 [ 350.585318][ T9830] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 350.585362][ T9830] should_failslab+0xc2/0x120 [ 350.585405][ T9830] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 350.585444][ T9830] ? d_instantiate+0x77/0x90 [ 350.585502][ T9830] ? alloc_empty_file+0x55/0x1e0 [ 350.585556][ T9830] alloc_empty_file+0x55/0x1e0 [ 350.585607][ T9830] alloc_file_pseudo+0x13a/0x230 [ 350.585660][ T9830] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 350.585713][ T9830] ? alloc_fd+0x471/0x7d0 [ 350.585754][ T9830] sock_alloc_file+0x50/0x210 [ 350.585803][ T9830] __sys_socket+0x1c0/0x260 [ 350.585836][ T9830] ? __pfx___sys_socket+0x10/0x10 [ 350.585881][ T9830] __x64_sys_socket+0x72/0xb0 [ 350.585913][ T9830] ? lockdep_hardirqs_on+0x7c/0x110 [ 350.585955][ T9830] do_syscall_64+0xcd/0x490 [ 350.586014][ T9830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.586049][ T9830] RIP: 0033:0x7fba28f8ebe9 [ 350.586075][ T9830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.586109][ T9830] RSP: 002b:00007fba29dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 350.586140][ T9830] RAX: ffffffffffffffda RBX: 00007fba291b6090 RCX: 00007fba28f8ebe9 [ 350.586161][ T9830] RDX: 000000000000003b RSI: 0000000000000003 RDI: 000000000000000a [ 350.586180][ T9830] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 350.586201][ T9830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.586220][ T9830] R13: 00007fba291b6128 R14: 00007fba291b6090 R15: 00007ffcf2826668 [ 350.586263][ T9830] [ 350.611226][ T9832] FAULT_INJECTION: forcing a failure. [ 350.611226][ T9832] name failslab, interval 1, probability 0, space 0, times 0 [ 350.798147][ T9832] CPU: 1 UID: 0 PID: 9832 Comm: syz.3.754 Not tainted syzkaller #0 PREEMPT(full) [ 350.798189][ T9832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 350.798218][ T9832] Call Trace: [ 350.798228][ T9832] [ 350.798239][ T9832] dump_stack_lvl+0x16c/0x1f0 [ 350.798285][ T9832] should_fail_ex+0x512/0x640 [ 350.798327][ T9832] ? __kmalloc_noprof+0xbf/0x510 [ 350.798365][ T9832] ? lsm_blob_alloc+0x68/0x90 [ 350.798390][ T9832] should_failslab+0xc2/0x120 [ 350.798430][ T9832] __kmalloc_noprof+0xd2/0x510 [ 350.798474][ T9832] lsm_blob_alloc+0x68/0x90 [ 350.798501][ T9832] security_prepare_creds+0x30/0x270 [ 350.798548][ T9832] prepare_creds+0x56f/0x7d0 [ 350.798597][ T9832] __sys_setfsgid+0xe3/0x380 [ 350.798629][ T9832] ? rcu_is_watching+0x12/0xc0 [ 350.798663][ T9832] do_syscall_64+0xcd/0x490 [ 350.798707][ T9832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.798737][ T9832] RIP: 0033:0x7f8ed618ebe9 [ 350.798760][ T9832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.798791][ T9832] RSP: 002b:00007f8ed707f038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 350.798819][ T9832] RAX: ffffffffffffffda RBX: 00007f8ed63b5fa0 RCX: 00007f8ed618ebe9 [ 350.798840][ T9832] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 350.798858][ T9832] RBP: 00007f8ed6211e19 R08: 0000000000000000 R09: 0000000000000000 [ 350.798877][ T9832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.798895][ T9832] R13: 00007f8ed63b6038 R14: 00007f8ed63b5fa0 R15: 00007ffcabf47bd8 [ 350.798933][ T9832] [ 352.205306][ T9854] netlink: 148 bytes leftover after parsing attributes in process `syz.0.760'. [ 353.024725][ T9868] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 354.624520][ T9895] FAULT_INJECTION: forcing a failure. [ 354.624520][ T9895] name failslab, interval 1, probability 0, space 0, times 0 [ 354.731249][ T9895] CPU: 1 UID: 0 PID: 9895 Comm: syz.3.768 Not tainted syzkaller #0 PREEMPT(full) [ 354.731281][ T9895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 354.731295][ T9895] Call Trace: [ 354.731302][ T9895] [ 354.731310][ T9895] dump_stack_lvl+0x16c/0x1f0 [ 354.731345][ T9895] should_fail_ex+0x512/0x640 [ 354.731378][ T9895] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 354.731409][ T9895] should_failslab+0xc2/0x120 [ 354.731440][ T9895] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 354.731467][ T9895] ? create_new_namespaces+0x30/0xa90 [ 354.731498][ T9895] create_new_namespaces+0x30/0xa90 [ 354.731523][ T9895] ? bpf_lsm_capable+0x9/0x10 [ 354.731544][ T9895] ? security_capable+0x7e/0x260 [ 354.731570][ T9895] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 354.731599][ T9895] ksys_unshare+0x45b/0xa40 [ 354.731631][ T9895] ? __pfx_ksys_unshare+0x10/0x10 [ 354.731663][ T9895] ? xfd_validate_state+0x61/0x180 [ 354.731713][ T9895] __x64_sys_unshare+0x31/0x40 [ 354.731745][ T9895] do_syscall_64+0xcd/0x490 [ 354.731778][ T9895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.731801][ T9895] RIP: 0033:0x7f8ed618ebe9 [ 354.731819][ T9895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.731843][ T9895] RSP: 002b:00007f8ed703d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 354.731865][ T9895] RAX: ffffffffffffffda RBX: 00007f8ed63b6180 RCX: 00007f8ed618ebe9 [ 354.731881][ T9895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 354.731895][ T9895] RBP: 00007f8ed6211e19 R08: 0000000000000000 R09: 0000000000000000 [ 354.731910][ T9895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.731924][ T9895] R13: 00007f8ed63b6218 R14: 00007f8ed63b6180 R15: 00007ffcabf47bd8 [ 354.731953][ T9895] [ 355.634873][ T9914] netlink: 93 bytes leftover after parsing attributes in process `syz.0.770'. [ 355.809269][ T9895] Process accounting resumed [ 356.123349][ T5872] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 357.644137][ T9926] Process accounting paused [ 357.949245][ T9961] block nbd9: NBD_DISCONNECT [ 358.634150][ T9985] Unable to find swap-space signature [ 359.121020][ T9993] blktrace: Concurrent blktraces are not allowed on ram7 [ 359.855908][T10013] netlink: 338 bytes leftover after parsing attributes in process `syz.3.787'. [ 362.338644][T10055] netlink: 'syz.0.795': attribute type 2 has an invalid length. [ 362.403263][T10055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.795'. [ 362.799827][T10062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.797'. [ 362.872766][T10064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.797'. [ 363.323100][T10069] nfs: Unknown parameter 'w`_I+; HY Lu>>uh' [ 363.554636][T10071] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 366.422745][T10126] netlink: 28 bytes leftover after parsing attributes in process `syz.3.810'. [ 366.466584][T10126] caif0: entered promiscuous mode [ 367.496569][ T5872] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 367.661020][T10148] vivid-003: ================= START STATUS ================= [ 367.676364][T10148] vivid-003: RDS Tx I/O Mode: Controls [ 367.730678][T10148] vivid-003: RDS Program ID: 32904 [ 367.782332][T10148] vivid-003: RDS Program Type: 3 [ 367.807680][T10148] vivid-003: RDS PS Name: VIVID-TX [ 367.821078][T10148] vivid-003: RDS Radio Text: This is a VIVID default Radio Text template text, change at will [ 368.051039][T10148] vivid-003: RDS Stereo: true [ 368.093199][T10148] vivid-003: RDS Artificial Head: false [ 368.105376][T10148] vivid-003: RDS Compressed: false [ 368.113960][T10148] vivid-003: RDS Dynamic PTY: false [ 368.119351][T10148] vivid-003: RDS Traffic Announcement: false [ 368.237439][T10148] vivid-003: RDS Traffic Program: true [ 368.296332][T10148] vivid-003: RDS Music: true [ 368.361270][T10148] vivid-003: ================== END STATUS ================== [ 368.944016][T10159] sysfs_service_op_show: Client not running :-5: [ 369.558825][T10183] netlink: 28 bytes leftover after parsing attributes in process `syz.1.823'. [ 369.592122][T10176] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 369.973348][ T5872] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 370.493555][T10207] blktrace: Concurrent blktraces are not allowed on loop2 [ 372.135570][T10241] __vm_enough_memory: pid: 10241, comm: syz.3.837, bytes: 4398046511104 not enough memory for the allocation [ 372.192350][ T5872] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 372.517129][T10253] netlink: 624 bytes leftover after parsing attributes in process `syz.2.840'. [ 373.782110][T10269] nvme_fcloop: unknown parameter or missing value '7' [ 374.834139][ T5872] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 376.184518][ T5872] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 377.149980][ T5872] bt_warn_ratelimited: 23 callbacks suppressed [ 377.150003][ T5872] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 377.175238][ T5872] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 377.190150][ T5872] Bluetooth: hci1: Dropping invalid advertising data [ 377.200755][ T5872] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 377.200801][ T5872] Bluetooth: hci1: Dropping invalid advertising data [ 377.216051][ T5872] Bluetooth: hci1: Malformed LE Event: 0x02 [ 377.716175][T10370] netlink: 28 bytes leftover after parsing attributes in process `syz.1.866'. [ 378.208773][T10378] misc userio: No port type given on /dev/userio [ 378.249311][T10380] kAFS: Invalid Command on /proc/fs/afs/cells file [ 378.289814][T10381] FAULT_INJECTION: forcing a failure. [ 378.289814][T10381] name failslab, interval 1, probability 0, space 0, times 0 [ 378.310761][T10381] CPU: 0 UID: 0 PID: 10381 Comm: syz.2.871 Not tainted syzkaller #0 PREEMPT(full) [ 378.310801][T10381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 378.310821][T10381] Call Trace: [ 378.310831][T10381] [ 378.310842][T10381] dump_stack_lvl+0x16c/0x1f0 [ 378.310888][T10381] should_fail_ex+0x512/0x640 [ 378.310932][T10381] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 378.310974][T10381] should_failslab+0xc2/0x120 [ 378.311016][T10381] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 378.311054][T10381] ? acpi_ut_create_integer_object+0x64/0x180 [ 378.311086][T10381] ? acpi_ds_init_aml_walk+0x2d3/0x590 [ 378.311134][T10381] acpi_ut_create_integer_object+0x64/0x180 [ 378.311175][T10381] acpi_ps_execute_method+0x516/0xb30 [ 378.311224][T10381] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 378.311277][T10381] acpi_ns_evaluate+0x76c/0xca0 [ 378.311325][T10381] ? kasan_save_track+0x14/0x30 [ 378.311365][T10381] acpi_evaluate_object+0x1fa/0xa90 [ 378.311404][T10381] ? do_syscall_64+0xcd/0x490 [ 378.311444][T10381] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.311487][T10381] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 378.311522][T10381] ? __mutex_trylock_common+0xe9/0x250 [ 378.311569][T10381] acpi_evaluate_integer+0xdd/0x200 [ 378.311616][T10381] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 378.311666][T10381] ? __pfx_status_show+0x10/0x10 [ 378.311703][T10381] status_show+0xa0/0x120 [ 378.311740][T10381] ? __pfx_status_show+0x10/0x10 [ 378.311793][T10381] dev_attr_show+0x56/0xe0 [ 378.311843][T10381] ? __pfx_dev_attr_show+0x10/0x10 [ 378.311889][T10381] sysfs_kf_seq_show+0x216/0x3e0 [ 378.311932][T10381] seq_read_iter+0x509/0x12c0 [ 378.311964][T10381] ? __mutex_trylock_common+0xe9/0x250 [ 378.312019][T10381] kernfs_fop_read_iter+0x40f/0x5a0 [ 378.312048][T10381] ? rw_verify_area+0xcf/0x6c0 [ 378.312084][T10381] vfs_read+0x8bc/0xcf0 [ 378.312123][T10381] ? __pfx___mutex_lock+0x10/0x10 [ 378.312178][T10381] ? __pfx_vfs_read+0x10/0x10 [ 378.312241][T10381] ksys_read+0x12a/0x250 [ 378.312276][T10381] ? __pfx_ksys_read+0x10/0x10 [ 378.312324][T10381] do_syscall_64+0xcd/0x490 [ 378.312369][T10381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.312400][T10381] RIP: 0033:0x7f0e3cb8ebe9 [ 378.312424][T10381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.312473][T10381] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 378.312504][T10381] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 378.312526][T10381] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000008 [ 378.312546][T10381] RBP: 00007f0e3cc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 378.312566][T10381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.312586][T10381] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 378.312629][T10381] [ 378.316089][T10381] ACPI Error: [ 378.503800][T10382] netlink: 28 bytes leftover after parsing attributes in process `syz.2.871'. [ 378.524891][T10381] Could not allocate an object descriptor (20250404/utobject-180) [ 378.751521][T10381] ACPI Error: ffff88802a21a000 walk still has a scope list (20250404/dswstate-694) [ 378.844106][T10382] hsr_slave_0: left promiscuous mode [ 378.864589][T10382] hsr_slave_1: left promiscuous mode [ 380.116655][T10402] FAULT_INJECTION: forcing a failure. [ 380.116655][T10402] name failslab, interval 1, probability 0, space 0, times 0 [ 380.174213][T10402] CPU: 1 UID: 0 PID: 10402 Comm: syz.2.877 Not tainted syzkaller #0 PREEMPT(full) [ 380.174257][T10402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 380.174295][T10402] Call Trace: [ 380.174306][T10402] [ 380.174319][T10402] dump_stack_lvl+0x16c/0x1f0 [ 380.174368][T10402] should_fail_ex+0x512/0x640 [ 380.174414][T10402] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 380.174452][T10402] should_failslab+0xc2/0x120 [ 380.174494][T10402] __kmalloc_cache_noprof+0x6a/0x3e0 [ 380.174527][T10402] ? pty_common_install+0x10e/0xb30 [ 380.174570][T10402] pty_common_install+0x10e/0xb30 [ 380.174615][T10402] ? __pfx_pty_install+0x10/0x10 [ 380.174653][T10402] tty_init_dev.part.0+0x99/0x500 [ 380.174705][T10402] tty_open+0xa50/0xf90 [ 380.174758][T10402] ? __pfx_tty_open+0x10/0x10 [ 380.174817][T10402] ? chrdev_open+0x58c/0x6a0 [ 380.174880][T10402] ? __pfx_tty_open+0x10/0x10 [ 380.174926][T10402] chrdev_open+0x234/0x6a0 [ 380.174978][T10402] ? __pfx_chrdev_open+0x10/0x10 [ 380.175029][T10402] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 380.175073][T10402] do_dentry_open+0x982/0x1530 [ 380.175111][T10402] ? __pfx_chrdev_open+0x10/0x10 [ 380.175157][T10402] vfs_open+0x82/0x3f0 [ 380.175225][T10402] path_openat+0x1de4/0x2cb0 [ 380.175274][T10402] ? __pfx_path_openat+0x10/0x10 [ 380.175322][T10402] do_filp_open+0x20b/0x470 [ 380.175359][T10402] ? __pfx_do_filp_open+0x10/0x10 [ 380.175423][T10402] ? alloc_fd+0x471/0x7d0 [ 380.175473][T10402] do_sys_openat2+0x11b/0x1d0 [ 380.175540][T10402] ? __pfx_do_sys_openat2+0x10/0x10 [ 380.175607][T10402] __x64_sys_openat+0x174/0x210 [ 380.175657][T10402] ? __pfx___x64_sys_openat+0x10/0x10 [ 380.175708][T10402] ? ksys_read+0x1ac/0x250 [ 380.175756][T10402] do_syscall_64+0xcd/0x490 [ 380.175806][T10402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.175840][T10402] RIP: 0033:0x7f0e3cb8ebe9 [ 380.175866][T10402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.175899][T10402] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 380.175932][T10402] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 380.175954][T10402] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 380.175975][T10402] RBP: 00007f0e3cc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 380.175995][T10402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.176015][T10402] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 380.176069][T10402] [ 381.337945][ T5872] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 381.739674][T10427] ubi0: attaching mtd0 [ 381.755514][T10427] ubi0: scanning is finished [ 382.015400][T10427] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 382.017667][T10427] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 382.018776][T10427] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 382.019896][T10427] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 382.020998][T10427] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 382.022126][T10427] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 382.023232][T10427] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3502143923 [ 382.025815][T10427] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 382.029150][T10433] ubi0: background thread "ubi_bgt0d" started, PID 10433 [ 382.259158][T10440] Invalid ELF header magic: != ELF [ 382.271815][T10440] Setting dangerous option i915.mitigations - tainting kernel [ 384.061699][T10464] netlink: 28 bytes leftover after parsing attributes in process `syz.0.893'. [ 384.965622][T10475] vivid-011: ================= START STATUS ================= [ 385.015581][T10475] vivid-011: ================== END STATUS ================== [ 385.038481][T10480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.898'. [ 385.188918][T10480] netlink: 13 bytes leftover after parsing attributes in process `syz.0.898'. [ 385.530775][T10488] ubi: mtd0 is already attached to ubi0 [ 385.552597][T10488] ubi0: detaching mtd0 [ 385.619411][T10488] ubi0: mtd0 is detached [ 386.257163][T10497] Process accounting paused [ 386.366452][T10502] netlink: 306 bytes leftover after parsing attributes in process `syz.2.901'. [ 387.840181][T10495] Process accounting resumed [ 388.075169][T10535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.906'. [ 389.047143][T10544] Format for deleting device is "id" (uint). [ 389.049061][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.067372][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 389.898076][T10559] random: crng reseeded on system resumption [ 390.800408][T10581] FAULT_INJECTION: forcing a failure. [ 390.800408][T10581] name failslab, interval 1, probability 0, space 0, times 0 [ 390.800463][T10581] CPU: 0 UID: 0 PID: 10581 Comm: syz.1.916 Tainted: G U syzkaller #0 PREEMPT(full) [ 390.800506][T10581] Tainted: [U]=USER [ 390.800515][T10581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 390.800534][T10581] Call Trace: [ 390.800543][T10581] [ 390.800555][T10581] dump_stack_lvl+0x16c/0x1f0 [ 390.800600][T10581] should_fail_ex+0x512/0x640 [ 390.800643][T10581] ? __kmalloc_noprof+0xbf/0x510 [ 390.800695][T10581] ? lsm_blob_alloc+0x68/0x90 [ 390.800718][T10581] should_failslab+0xc2/0x120 [ 390.800758][T10581] __kmalloc_noprof+0xd2/0x510 [ 390.800800][T10581] lsm_blob_alloc+0x68/0x90 [ 390.800826][T10581] security_prepare_creds+0x30/0x270 [ 390.800873][T10581] prepare_creds+0x56f/0x7d0 [ 390.800919][T10581] __sys_setfsgid+0xe3/0x380 [ 390.800952][T10581] ? rcu_is_watching+0x12/0xc0 [ 390.800985][T10581] do_syscall_64+0xcd/0x490 [ 390.801028][T10581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.801058][T10581] RIP: 0033:0x7f5cbf58ebe9 [ 390.801080][T10581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.801109][T10581] RSP: 002b:00007f5cc048d038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 390.801136][T10581] RAX: ffffffffffffffda RBX: 00007f5cbf7b5fa0 RCX: 00007f5cbf58ebe9 [ 390.801156][T10581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 390.801172][T10581] RBP: 00007f5cbf611e19 R08: 0000000000000000 R09: 0000000000000000 [ 390.801189][T10581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 390.801205][T10581] R13: 00007f5cbf7b6038 R14: 00007f5cbf7b5fa0 R15: 00007ffeec177198 [ 390.801273][T10581] [ 392.323873][ T5872] Bluetooth: hci1: Malformed Event: 0x02 [ 392.930307][T10636] FAULT_INJECTION: forcing a failure. [ 392.930307][T10636] name failslab, interval 1, probability 0, space 0, times 0 [ 393.007951][T10625] zswap: compressor not available [ 393.029146][T10636] CPU: 1 UID: 0 PID: 10636 Comm: syz.1.926 Tainted: G U syzkaller #0 PREEMPT(full) [ 393.029196][T10636] Tainted: [U]=USER [ 393.029206][T10636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 393.029226][T10636] Call Trace: [ 393.029237][T10636] [ 393.029249][T10636] dump_stack_lvl+0x16c/0x1f0 [ 393.029296][T10636] should_fail_ex+0x512/0x640 [ 393.029341][T10636] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 393.029386][T10636] should_failslab+0xc2/0x120 [ 393.029428][T10636] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 393.029467][T10636] ? _raw_spin_unlock+0x28/0x50 [ 393.029514][T10636] ? alloc_inode+0xc3/0x240 [ 393.029561][T10636] alloc_inode+0xc3/0x240 [ 393.029622][T10636] new_inode+0x22/0x1c0 [ 393.029671][T10636] simple_fill_super+0x306/0x720 [ 393.029712][T10636] ? __pfx_nfsd_fill_super+0x10/0x10 [ 393.029751][T10636] nfsd_fill_super+0x90/0x530 [ 393.029785][T10636] ? __pfx_set_anon_super_fc+0x10/0x10 [ 393.029818][T10636] ? __pfx_nfsd_fill_super+0x10/0x10 [ 393.029853][T10636] get_tree_keyed+0x10e/0x1d0 [ 393.029891][T10636] vfs_get_tree+0x8b/0x340 [ 393.029920][T10636] path_mount+0x1513/0x2000 [ 393.029967][T10636] ? __pfx_path_mount+0x10/0x10 [ 393.030010][T10636] ? kmem_cache_free+0x2d1/0x4d0 [ 393.030044][T10636] ? putname+0x154/0x1a0 [ 393.030101][T10636] ? putname+0x154/0x1a0 [ 393.030152][T10636] ? __x64_sys_mount+0x28d/0x310 [ 393.030190][T10636] __x64_sys_mount+0x28d/0x310 [ 393.030231][T10636] ? __pfx___x64_sys_mount+0x10/0x10 [ 393.030284][T10636] do_syscall_64+0xcd/0x490 [ 393.030331][T10636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.030363][T10636] RIP: 0033:0x7f5cbf58ebe9 [ 393.030387][T10636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.030417][T10636] RSP: 002b:00007f5cc048d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 393.030447][T10636] RAX: ffffffffffffffda RBX: 00007f5cbf7b5fa0 RCX: 00007f5cbf58ebe9 [ 393.030466][T10636] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 0000000000000000 [ 393.030484][T10636] RBP: 00007f5cbf611e19 R08: 0000000000000000 R09: 0000000000000000 [ 393.030501][T10636] R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000000000 [ 393.030518][T10636] R13: 00007f5cbf7b6038 R14: 00007f5cbf7b5fa0 R15: 00007ffeec177198 [ 393.030556][T10636] [ 393.290558][T10625] program syz.2.925 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 393.765175][T10651] netlink: 25 bytes leftover after parsing attributes in process `syz.0.927'. [ 393.994131][T10656] kvm: kvm [10654]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x9 [ 394.557084][T10665] can: request_module (can-proto-0) failed. [ 396.635820][T10698] zswap: compressor not available [ 396.716762][T10704] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(306702475.2317486867.3513036934), cmd(5) [ 396.736579][T10698] program syz.0.937 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 397.324201][T10728] vhci_hcd: invalid port number 16 [ 397.357007][T10728] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 398.130978][T10747] Invalid ELF header magic: != ELF [ 398.291623][T10750] netlink: 28 bytes leftover after parsing attributes in process `syz.3.944'. [ 398.395366][T10754] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 398.622214][T10751] hub 8-0:1.0: USB hub found [ 398.643118][T10751] hub 8-0:1.0: 1 port detected [ 399.007748][T10756] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 401.684806][T10801] [U] [ 401.687969][T10801] [U] [ 401.690713][T10801] [U] [ 401.693469][T10801] [U] [ 401.709739][T10801] [U] [ 401.712514][T10801] [U] [ 401.715264][T10801] [U] [ 401.717997][T10801] [U] [ 401.747649][T10801] [U] [ 401.750418][T10801] [U] [ 401.753161][T10801] [U] [ 401.755919][T10801] [U] [ 401.813220][T10801] [U] [ 401.816004][T10801] [U] [ 401.818761][T10801] [U] [ 401.821533][T10801] [U] [ 401.831067][T10801] [U] [ 401.833827][T10801] [U] [ 401.836570][T10801] [U] [ 401.839313][T10801] [U] [ 401.841103][T10811] netlink: 32 bytes leftover after parsing attributes in process `syz.1.953'. [ 401.847287][T10801] [U] [ 401.853594][T10801] [U] [ 401.856328][T10801] [U] [ 401.859065][T10801] [U] [ 401.865695][T10801] [U] [ 401.868469][T10801] [U] [ 401.871216][T10801] [U] [ 401.873961][T10801] [U] [ 401.905557][T10801] [U] [ 401.908330][T10801] [U] [ 401.911076][T10801] [U] [ 401.913810][T10801] [U] [ 401.924840][T10801] [U] [ 401.927602][T10801] [U] [ 401.930366][T10801] [U] [ 401.933107][T10801] [U] [ 401.945482][T10801] [U] [ 401.948240][T10801] [U] [ 401.951102][T10801] [U] [ 401.953841][T10801] [U] [ 401.977295][T10801] [U] [ 401.980051][T10801] [U] [ 401.982796][T10801] [U] [ 401.985558][T10801] [U] [ 401.989637][T10801] [U] [ 401.992743][T10801] [U] [ 401.995500][T10801] [U] [ 401.998237][T10801] [U] [ 402.009562][T10801] [U] [ 402.012326][T10801] [U] [ 402.015069][T10801] [U] [ 402.017817][T10801] [U] [ 402.027821][T10801] [U] [ 402.030591][T10801] [U] [ 402.033330][T10801] [U] [ 402.036085][T10801] [U] [ 402.040314][T10801] [U] [ 402.043069][T10801] [U] [ 402.045813][T10801] [U] [ 402.048562][T10801] [U] [ 402.056102][T10801] [U] [ 402.058858][T10801] [U] [ 402.061606][T10801] [U] [ 402.064343][T10801] [U] [ 402.069188][T10801] [U] [ 402.071957][T10801] [U] [ 402.074697][T10801] [U] [ 402.077427][T10801] [U] [ 402.082970][T10801] [U] [ 402.085736][T10801] [U] [ 402.088482][T10801] [U] [ 402.091215][T10801] [U] [ 402.096398][T10801] [U] [ 402.099140][T10801] [U] [ 402.101868][T10801] [U] [ 402.104597][T10801] [U] [ 402.107809][T10801] [U] [ 402.110556][T10801] [U] [ 402.113294][T10801] [U] [ 402.116032][T10801] [U] [ 402.119320][T10801] [U] [ 402.122069][T10801] [U] [ 402.124808][T10801] [U] [ 402.127558][T10801] [U] [ 402.130786][T10801] [U] [ 402.133610][T10801] [U] [ 402.136366][T10801] [U] [ 402.139110][T10801] [U] [ 402.142439][T10801] [U] [ 402.145207][T10801] [U] [ 402.147965][T10801] [U] [ 402.150743][T10801] [U] [ 402.154384][T10801] [U] [ 402.157127][T10801] [U] [ 402.159845][T10801] [U] [ 402.162569][T10801] [U] [ 402.165906][T10801] [U] [ 402.168656][T10801] [U] [ 402.171434][T10801] [U] [ 402.174177][T10801] [U] [ 402.177282][T10801] [U] [ 402.180022][T10801] [U] [ 402.182759][T10801] [U] [ 402.185498][T10801] [U] [ 402.188721][T10801] [U] [ 402.191454][T10801] [U] [ 402.194195][T10801] [U] [ 402.196930][T10801] [U] [ 402.200710][T10801] [U] [ 402.203463][T10801] [U] [ 402.206196][T10801] [U] [ 402.208927][T10801] [U] [ 402.212276][T10801] [U] [ 402.215022][T10801] [U] [ 402.217765][T10801] [U] [ 402.220500][T10801] [U] [ 402.223679][T10801] [U] [ 402.226434][T10801] [U] [ 402.229174][T10801] [U] [ 402.231915][T10801] [U] [ 402.235253][T10801] [U] [ 402.238013][T10801] [U] [ 402.240762][T10801] [U] [ 402.243515][T10801] [U] [ 402.246724][T10801] [U] [ 402.249466][T10801] [U] [ 402.252294][T10801] [U] [ 402.256897][T10802] [U] [ 402.259739][T10802] [U] [ 402.262483][T10802] [U] [ 402.265227][T10802] [U] [ 402.268641][T10802] [U] [ 402.271403][T10802] [U] [ 402.274146][T10802] [U] [ 402.276892][T10802] [U] [ 402.279646][T10802] [U] [ 402.283198][T10802] [U] [ 402.285953][T10802] [U] [ 402.288706][T10802] [U] [ 402.291875][T10802] [U] [ 402.295047][T10802] [U] [ 402.297797][T10802] [U] [ 402.300544][T10802] [U] [ 402.303287][T10802] [U] [ 402.307231][T10802] [U] [ 402.309983][T10802] [U] [ 402.312716][T10802] [U] [ 402.315453][T10802] [U] [ 402.318579][T10802] [U] [ 402.321331][T10802] [U] [ 402.324076][T10802] [U] [ 402.326821][T10802] [U] [ 402.333528][T10802] [U] [ 402.336278][T10802] [U] [ 402.339011][T10802] [U] [ 402.341746][T10802] [U] [ 402.347614][T10802] [U] [ 402.350434][T10802] [U] [ 402.353160][T10802] [U] [ 402.355882][T10802] [U] [ 402.359493][T10802] [U] [ 402.362243][T10802] [U] [ 402.364967][T10802] [U] [ 402.367698][T10802] [U] [ 402.374624][T10802] [U] [ 402.377406][T10802] [U] [ 402.380226][T10802] [U] [ 402.382944][T10802] [U] [ 402.391738][T10802] [U] [ 402.394508][T10802] [U] [ 402.397253][T10802] [U] [ 402.400011][T10802] [U] [ 402.412688][T10802] [U] [ 402.415539][T10802] [U] [ 402.418277][T10802] [U] [ 402.421007][T10802] [U] [ 402.425787][T10802] [U] [ 402.428632][T10802] [U] [ 402.431374][T10802] [U] [ 402.434130][T10802] [U] [ 402.439894][T10802] [U] [ 402.442650][T10802] [U] [ 402.445387][T10802] [U] [ 402.448135][T10802] [U] [ 402.473073][T10802] [U] [ 402.475941][T10802] [U] [ 402.478681][T10802] [U] [ 402.481456][T10802] [U] [ 402.501497][T10802] [U] [ 402.580514][T10820] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 403.333031][T10839] serio: Serial port pty6 [ 403.645334][T10841] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 405.097626][T10858] FAULT_INJECTION: forcing a failure. [ 405.097626][T10858] name fail_futex, interval 1, probability 0, space 0, times 0 [ 405.134743][T10858] CPU: 0 UID: 0 PID: 10858 Comm: syz.3.965 Tainted: G U syzkaller #0 PREEMPT(full) [ 405.134786][T10858] Tainted: [U]=USER [ 405.134793][T10858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 405.134807][T10858] Call Trace: [ 405.134814][T10858] [ 405.134822][T10858] dump_stack_lvl+0x16c/0x1f0 [ 405.134857][T10858] should_fail_ex+0x512/0x640 [ 405.134894][T10858] get_futex_key+0xff0/0x1560 [ 405.134936][T10858] ? __pfx_get_futex_key+0x10/0x10 [ 405.134964][T10858] ? __mutex_trylock_common+0xe9/0x250 [ 405.135004][T10858] futex_wake+0xea/0x530 [ 405.135041][T10858] ? __pfx_futex_wake+0x10/0x10 [ 405.135087][T10858] do_futex+0x1e3/0x350 [ 405.135120][T10858] ? __pfx_do_futex+0x10/0x10 [ 405.135147][T10858] ? __might_fault+0xe3/0x190 [ 405.135182][T10858] mm_release+0x24e/0x300 [ 405.135209][T10858] do_exit+0x68e/0x2bf0 [ 405.135256][T10858] ? __pfx_do_exit+0x10/0x10 [ 405.135288][T10858] ? do_raw_spin_lock+0x12c/0x2b0 [ 405.135325][T10858] ? find_held_lock+0x2b/0x80 [ 405.135363][T10858] do_group_exit+0xd3/0x2a0 [ 405.135408][T10858] get_signal+0x2673/0x26d0 [ 405.135461][T10858] ? __pfx_get_signal+0x10/0x10 [ 405.135504][T10858] ? do_futex+0x122/0x350 [ 405.135540][T10858] ? __pfx_do_futex+0x10/0x10 [ 405.135572][T10858] arch_do_signal_or_restart+0x8f/0x790 [ 405.135604][T10858] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 405.135652][T10858] exit_to_user_mode_loop+0x84/0x110 [ 405.135688][T10858] do_syscall_64+0x3f6/0x490 [ 405.135722][T10858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.135745][T10858] RIP: 0033:0x7f8ed618ebe9 [ 405.135763][T10858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.135786][T10858] RSP: 002b:00007f8ed703d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 405.135808][T10858] RAX: fffffffffffffe00 RBX: 00007f8ed63b6188 RCX: 00007f8ed618ebe9 [ 405.135823][T10858] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8ed63b6188 [ 405.135837][T10858] RBP: 00007f8ed63b6180 R08: 0000000000000000 R09: 0000000000000000 [ 405.135851][T10858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 405.135865][T10858] R13: 00007f8ed63b6218 R14: 00007ffcabf47af0 R15: 00007ffcabf47bd8 [ 405.135894][T10858] [ 405.705175][T10873] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 405.805418][T10883] FAULT_INJECTION: forcing a failure. [ 405.805418][T10883] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 405.822858][T10883] CPU: 1 UID: 0 PID: 10883 Comm: syz.2.971 Tainted: G U syzkaller #0 PREEMPT(full) [ 405.822904][T10883] Tainted: [U]=USER [ 405.822914][T10883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 405.822932][T10883] Call Trace: [ 405.822942][T10883] [ 405.822954][T10883] dump_stack_lvl+0x16c/0x1f0 [ 405.822998][T10883] should_fail_ex+0x512/0x640 [ 405.823046][T10883] should_fail_alloc_page+0xe7/0x130 [ 405.823093][T10883] prepare_alloc_pages+0x3c2/0x610 [ 405.823139][T10883] ? rcu_is_watching+0x12/0xc0 [ 405.823174][T10883] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 405.823213][T10883] ? __lock_acquire+0xb97/0x1ce0 [ 405.823268][T10883] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 405.823306][T10883] ? do_raw_spin_lock+0x12c/0x2b0 [ 405.823355][T10883] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 405.823401][T10883] ? find_held_lock+0x2b/0x80 [ 405.823436][T10883] ? __lock_acquire+0xb97/0x1ce0 [ 405.823484][T10883] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 405.823530][T10883] ? policy_nodemask+0xea/0x4e0 [ 405.823574][T10883] alloc_pages_mpol+0x1fb/0x550 [ 405.823616][T10883] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 405.823687][T10883] folio_alloc_mpol_noprof+0x36/0x2f0 [ 405.823738][T10883] shmem_alloc_folio+0x135/0x160 [ 405.823792][T10883] shmem_alloc_and_add_folio+0x499/0xc20 [ 405.823836][T10883] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 405.823877][T10883] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 405.823943][T10883] shmem_get_folio_gfp+0x67f/0x1600 [ 405.823993][T10883] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 405.824038][T10883] ? filemap_map_pages+0xf58/0x1670 [ 405.824085][T10883] shmem_fault+0x1fe/0xa30 [ 405.824127][T10883] ? __pfx_shmem_fault+0x10/0x10 [ 405.824174][T10883] ? __pfx_filemap_map_pages+0x10/0x10 [ 405.824229][T10883] ? __pfx_filemap_map_pages+0x10/0x10 [ 405.824268][T10883] __do_fault+0x10d/0x490 [ 405.824313][T10883] ? __pfx_filemap_map_pages+0x10/0x10 [ 405.824352][T10883] do_pte_missing+0xf50/0x3ba0 [ 405.824388][T10883] ? find_held_lock+0x2b/0x80 [ 405.824423][T10883] ? __handle_mm_fault+0x14fd/0x2a50 [ 405.824473][T10883] __handle_mm_fault+0x152a/0x2a50 [ 405.824515][T10883] ? mt_find+0x3ef/0xa30 [ 405.824568][T10883] ? __pfx___handle_mm_fault+0x10/0x10 [ 405.824601][T10883] ? __pfx_mt_find+0x10/0x10 [ 405.824674][T10883] ? find_vma+0xbf/0x140 [ 405.824719][T10883] ? __pfx_find_vma+0x10/0x10 [ 405.824769][T10883] handle_mm_fault+0x589/0xd10 [ 405.824806][T10883] ? __bpf_trace_exceptions+0x1/0x40 [ 405.824862][T10883] do_user_addr_fault+0x7a6/0x1370 [ 405.824920][T10883] ? rcu_is_watching+0x12/0xc0 [ 405.824959][T10883] exc_page_fault+0x5c/0xb0 [ 405.825003][T10883] asm_exc_page_fault+0x26/0x30 [ 405.825034][T10883] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 405.825069][T10883] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 405.825102][T10883] RSP: 0018:ffffc90002fd79d0 EFLAGS: 00050206 [ 405.825129][T10883] RAX: 0000000000000001 RBX: 000000000000fdef RCX: 0000000000005def [ 405.825149][T10883] RDX: ffffed1005fb9fbe RSI: 000000000000a000 RDI: ffff88802fdca000 [ 405.825182][T10883] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1005fb9fbd [ 405.825202][T10883] R10: ffff88802fdcfdee R11: 0000000000000000 R12: ffffc90002fd7c58 [ 405.825235][T10883] R13: 000000000000fdef R14: ffff88802fdc0000 R15: 00007ffffffff000 [ 405.825274][T10883] _copy_from_iter+0x383/0x1720 [ 405.825326][T10883] ? rcu_is_watching+0x12/0xc0 [ 405.825360][T10883] ? rcu_is_watching+0x12/0xc0 [ 405.825391][T10883] ? __pfx__copy_from_iter+0x10/0x10 [ 405.825438][T10883] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 405.825484][T10883] ? __asan_memset+0x23/0x50 [ 405.825534][T10883] ? __build_skb_around+0x278/0x3b0 [ 405.825571][T10883] ? is_vmalloc_addr+0x86/0xa0 [ 405.825614][T10883] netlink_sendmsg+0x829/0xdd0 [ 405.825667][T10883] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.825719][T10883] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 405.825763][T10883] sock_write_iter+0x4ff/0x5b0 [ 405.825795][T10883] ? __pfx_sock_write_iter+0x10/0x10 [ 405.825843][T10883] ? bpf_lsm_file_permission+0x9/0x10 [ 405.825890][T10883] ? security_file_permission+0x71/0x210 [ 405.825937][T10883] ? rw_verify_area+0xcf/0x6c0 [ 405.825974][T10883] vfs_write+0x7d0/0x11d0 [ 405.826012][T10883] ? __pfx_sock_write_iter+0x10/0x10 [ 405.826049][T10883] ? __pfx_vfs_write+0x10/0x10 [ 405.826084][T10883] ? find_held_lock+0x2b/0x80 [ 405.826142][T10883] ksys_write+0x1f8/0x250 [ 405.826179][T10883] ? __pfx_ksys_write+0x10/0x10 [ 405.826232][T10883] do_syscall_64+0xcd/0x490 [ 405.826280][T10883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.826313][T10883] RIP: 0033:0x7f0e3cb8ebe9 [ 405.826337][T10883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.826369][T10883] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 405.826398][T10883] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 405.826419][T10883] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 405.826438][T10883] RBP: 00007f0e3cc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 405.826463][T10883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 405.826484][T10883] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 405.826526][T10883] [ 406.752395][T10887] random: crng reseeded on system resumption [ 407.124577][T10897] netlink: 28 bytes leftover after parsing attributes in process `syz.3.974'. [ 407.164477][T10890] zswap: compressor not available [ 407.789645][T10890] program syz.0.973 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 409.051661][T10933] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 409.234576][T10948] ima: policy update failed [ 409.239431][ T31] audit: type=1802 audit(6051230830.260:14): pid=10948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.985" res=0 errno=0 [ 409.338885][T10945] netlink: 342 bytes leftover after parsing attributes in process `syz.2.985'. [ 409.996326][T10963] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ<85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)> not available [ 411.101735][T10986] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 411.375162][T10998] netlink: zone id is out of range [ 411.562640][T11004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1002'. [ 413.158783][T11018] FAULT_INJECTION: forcing a failure. [ 413.158783][T11018] name failslab, interval 1, probability 0, space 0, times 0 [ 413.250726][T11018] CPU: 1 UID: 0 PID: 11018 Comm: syz.0.1007 Tainted: G U syzkaller #0 PREEMPT(full) [ 413.250781][T11018] Tainted: [U]=USER [ 413.250794][T11018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 413.250814][T11018] Call Trace: [ 413.250826][T11018] [ 413.250839][T11018] dump_stack_lvl+0x16c/0x1f0 [ 413.250891][T11018] should_fail_ex+0x512/0x640 [ 413.250947][T11018] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 413.250988][T11018] should_failslab+0xc2/0x120 [ 413.251034][T11018] __kmalloc_cache_noprof+0x6a/0x3e0 [ 413.251071][T11018] ? mark_held_locks+0x49/0x80 [ 413.251112][T11018] ? rfkill_fop_open+0x1b6/0x750 [ 413.251151][T11018] rfkill_fop_open+0x1b6/0x750 [ 413.251191][T11018] ? __pfx_rfkill_fop_open+0x10/0x10 [ 413.251226][T11018] misc_open+0x35a/0x420 [ 413.251263][T11018] ? __pfx_misc_open+0x10/0x10 [ 413.251300][T11018] chrdev_open+0x234/0x6a0 [ 413.251343][T11018] ? __pfx_apparmor_file_open+0x10/0x10 [ 413.251381][T11018] ? __pfx_chrdev_open+0x10/0x10 [ 413.251428][T11018] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 413.251477][T11018] do_dentry_open+0x982/0x1530 [ 413.251520][T11018] ? __pfx_chrdev_open+0x10/0x10 [ 413.251575][T11018] vfs_open+0x82/0x3f0 [ 413.251631][T11018] path_openat+0x1de4/0x2cb0 [ 413.251687][T11018] ? __pfx_path_openat+0x10/0x10 [ 413.251740][T11018] do_filp_open+0x20b/0x470 [ 413.251794][T11018] ? __pfx_do_filp_open+0x10/0x10 [ 413.251866][T11018] ? alloc_fd+0x471/0x7d0 [ 413.251914][T11018] do_sys_openat2+0x11b/0x1d0 [ 413.251976][T11018] ? __pfx_do_sys_openat2+0x10/0x10 [ 413.252045][T11018] __x64_sys_openat+0x174/0x210 [ 413.252097][T11018] ? __pfx___x64_sys_openat+0x10/0x10 [ 413.252169][T11018] do_syscall_64+0xcd/0x490 [ 413.252218][T11018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.252250][T11018] RIP: 0033:0x7fba28f8ebe9 [ 413.252275][T11018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.252309][T11018] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 413.252359][T11018] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 413.252381][T11018] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 413.252404][T11018] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 413.252424][T11018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.252444][T11018] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 413.252490][T11018] [ 414.191081][T11026] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 414.287471][T11014] kexec: Could not allocate control_code_buffer [ 415.600099][T11057] syz.2.1015 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 416.722744][T11062] Process accounting resumed [ 417.653481][T11087] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 417.958343][T11090] Process accounting paused [ 419.530001][T11132] random: crng reseeded on system resumption [ 420.944020][ T31] audit: type=1806 audit(6051230841.970:15): xattr="" res=-22 [ 421.485875][T11160] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 422.983012][T11178] FAULT_INJECTION: forcing a failure. [ 422.983012][T11178] name failslab, interval 1, probability 0, space 0, times 0 [ 423.015790][T11178] CPU: 1 UID: 0 PID: 11178 Comm: syz.0.1043 Tainted: G U syzkaller #0 PREEMPT(full) [ 423.015846][T11178] Tainted: [U]=USER [ 423.015858][T11178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 423.015876][T11178] Call Trace: [ 423.015887][T11178] [ 423.015899][T11178] dump_stack_lvl+0x16c/0x1f0 [ 423.015947][T11178] should_fail_ex+0x512/0x640 [ 423.015993][T11178] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 423.016038][T11178] should_failslab+0xc2/0x120 [ 423.016082][T11178] __kmalloc_cache_noprof+0x6a/0x3e0 [ 423.016117][T11178] ? mark_held_locks+0x49/0x80 [ 423.016156][T11178] ? rfkill_fop_open+0x1b6/0x750 [ 423.016195][T11178] rfkill_fop_open+0x1b6/0x750 [ 423.016232][T11178] ? __pfx_rfkill_fop_open+0x10/0x10 [ 423.016265][T11178] misc_open+0x35a/0x420 [ 423.016301][T11178] ? __pfx_misc_open+0x10/0x10 [ 423.016335][T11178] chrdev_open+0x234/0x6a0 [ 423.016377][T11178] ? __pfx_apparmor_file_open+0x10/0x10 [ 423.016412][T11178] ? __pfx_chrdev_open+0x10/0x10 [ 423.016458][T11178] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 423.016504][T11178] do_dentry_open+0x982/0x1530 [ 423.016543][T11178] ? __pfx_chrdev_open+0x10/0x10 [ 423.016594][T11178] vfs_open+0x82/0x3f0 [ 423.016656][T11178] path_openat+0x1de4/0x2cb0 [ 423.016706][T11178] ? __pfx_path_openat+0x10/0x10 [ 423.016753][T11178] do_filp_open+0x20b/0x470 [ 423.016792][T11178] ? __pfx_do_filp_open+0x10/0x10 [ 423.016858][T11178] ? alloc_fd+0x471/0x7d0 [ 423.016901][T11178] do_sys_openat2+0x11b/0x1d0 [ 423.016949][T11178] ? __pfx_do_sys_openat2+0x10/0x10 [ 423.017013][T11178] __x64_sys_openat+0x174/0x210 [ 423.017071][T11178] ? __pfx___x64_sys_openat+0x10/0x10 [ 423.017136][T11178] do_syscall_64+0xcd/0x490 [ 423.017181][T11178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.017212][T11178] RIP: 0033:0x7fba28f8ebe9 [ 423.017236][T11178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.017266][T11178] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 423.017296][T11178] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 423.017316][T11178] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 423.017336][T11178] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 423.017354][T11178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.017372][T11178] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 423.017412][T11178] [ 423.566052][T11187] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1046'. [ 424.571645][T11196] kexec: Could not allocate control_code_buffer [ 425.957685][T11234] tipc: Started in network mode [ 425.976998][T11234] tipc: Node identity ee00, cluster identity 4711 [ 425.998060][T11234] tipc: Node number set to 60928 [ 426.220297][T11237] queue_state_write: unsupported operation '' [ 426.305405][T11237] queue_state_write: use 'run', 'start' or 'kick' [ 426.407230][T11233] queue_state_write: operation too long [ 426.448255][T11233] queue_state_write: use 'run', 'start' or 'kick' [ 426.711499][T11244] zswap: compressor not available [ 427.410348][T11266] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 427.925757][T11288] ICMPv6: process `syz.0.1073' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 427.953899][T11287] FAULT_INJECTION: forcing a failure. [ 427.953899][T11287] name failslab, interval 1, probability 0, space 0, times 0 [ 427.990918][T11287] CPU: 0 UID: 0 PID: 11287 Comm: syz.3.1072 Tainted: G U syzkaller #0 PREEMPT(full) [ 427.990978][T11287] Tainted: [U]=USER [ 427.990989][T11287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 427.991009][T11287] Call Trace: [ 427.991021][T11287] [ 427.991033][T11287] dump_stack_lvl+0x16c/0x1f0 [ 427.991082][T11287] should_fail_ex+0x512/0x640 [ 427.991128][T11287] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 427.991172][T11287] should_failslab+0xc2/0x120 [ 427.991217][T11287] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 427.991256][T11287] ? d_instantiate+0x77/0x90 [ 427.991299][T11287] ? alloc_empty_file+0x55/0x1e0 [ 427.991353][T11287] alloc_empty_file+0x55/0x1e0 [ 427.991405][T11287] alloc_file_pseudo+0x13a/0x230 [ 427.991458][T11287] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 427.991510][T11287] ? alloc_fd+0x471/0x7d0 [ 427.991552][T11287] sock_alloc_file+0x50/0x210 [ 427.991613][T11287] __sys_socket+0x1c0/0x260 [ 427.991645][T11287] ? __pfx___sys_socket+0x10/0x10 [ 427.991677][T11287] ? xfd_validate_state+0x61/0x180 [ 427.991733][T11287] __x64_sys_socket+0x72/0xb0 [ 427.991763][T11287] ? lockdep_hardirqs_on+0x7c/0x110 [ 427.991808][T11287] do_syscall_64+0xcd/0x490 [ 427.991854][T11287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.991904][T11287] RIP: 0033:0x7f8ed618ebe9 [ 427.991930][T11287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.991969][T11287] RSP: 002b:00007f8ed707f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 427.992012][T11287] RAX: ffffffffffffffda RBX: 00007f8ed63b5fa0 RCX: 00007f8ed618ebe9 [ 427.992050][T11287] RDX: 000000000000000a RSI: 0000000000000003 RDI: 0000000000000002 [ 427.992071][T11287] RBP: 00007f8ed6211e19 R08: 0000000000000000 R09: 0000000000000000 [ 427.992092][T11287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.992112][T11287] R13: 00007f8ed63b6038 R14: 00007f8ed63b5fa0 R15: 00007ffcabf47bd8 [ 427.992155][T11287] [ 428.635221][T11302] random: crng reseeded on system resumption [ 429.433565][T11317] syz.3.1079(11317): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 429.924299][T11326] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 430.407231][T11328] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 430.824974][T11337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1083'. [ 431.948129][T11360] block nbd0: NBD_DISCONNECT [ 431.960319][ T31] audit: type=1326 audit(6051230852.980:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11357 comm="syz.2.1087" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0e3cb8ebe9 code=0x0 [ 432.295956][T11367] program syz.1.1090 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 434.592074][T11412] input: f as /devices/virtual/input/input25 [ 434.932640][T11415] zero sized request [ 435.902498][ T43] smpboot: CPU 0 is now offline [ 436.317011][T11458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1107'. [ 436.841886][T11469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1108'. [ 437.507426][T11481] FAULT_INJECTION: forcing a failure. [ 437.507426][T11481] name failslab, interval 1, probability 0, space 0, times 0 [ 437.629287][T11481] CPU: 1 UID: 0 PID: 11481 Comm: syz.1.1113 Tainted: G U syzkaller #0 PREEMPT(full) [ 437.629325][T11481] Tainted: [U]=USER [ 437.629332][T11481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 437.629346][T11481] Call Trace: [ 437.629354][T11481] [ 437.629362][T11481] dump_stack_lvl+0x16c/0x1f0 [ 437.629402][T11481] should_fail_ex+0x512/0x640 [ 437.629436][T11481] ? __kmalloc_noprof+0xbf/0x510 [ 437.629466][T11481] ? __register_sysctl_table+0xb3/0x1900 [ 437.629500][T11481] should_failslab+0xc2/0x120 [ 437.629532][T11481] __kmalloc_noprof+0xd2/0x510 [ 437.629566][T11481] __register_sysctl_table+0xb3/0x1900 [ 437.629602][T11481] ? is_module_address+0x5f/0xf0 [ 437.629640][T11481] ? __pfx___register_sysctl_table+0x10/0x10 [ 437.629675][T11481] ? is_module_address+0x69/0xf0 [ 437.629708][T11481] ? register_net_sysctl_sz+0x228/0x3e0 [ 437.629744][T11481] ? __asan_memcpy+0x3c/0x60 [ 437.629770][T11481] xfrm_sysctl_init+0x1f5/0x2d0 [ 437.629810][T11481] xfrm_net_init+0x842/0xcc0 [ 437.629850][T11481] ? __pfx_xfrm_net_init+0x10/0x10 [ 437.629884][T11481] ops_init+0x1e2/0x5f0 [ 437.629920][T11481] setup_net+0x10f/0x380 [ 437.629952][T11481] ? lockdep_init_map_type+0x5c/0x280 [ 437.629985][T11481] ? __pfx_setup_net+0x10/0x10 [ 437.630027][T11481] ? debug_mutex_init+0x37/0x70 [ 437.630052][T11481] copy_net_ns+0x2a6/0x5f0 [ 437.630092][T11481] create_new_namespaces+0x3ea/0xa90 [ 437.630138][T11481] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 437.630166][T11481] ksys_unshare+0x45b/0xa40 [ 437.630196][T11481] ? __pfx_ksys_unshare+0x10/0x10 [ 437.630227][T11481] ? xfd_validate_state+0x61/0x180 [ 437.630267][T11481] __x64_sys_unshare+0x31/0x40 [ 437.630296][T11481] do_syscall_64+0xcd/0x490 [ 437.630327][T11481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.630349][T11481] RIP: 0033:0x7f5cbf58ebe9 [ 437.630365][T11481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.630387][T11481] RSP: 002b:00007f5cc046c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 437.630407][T11481] RAX: ffffffffffffffda RBX: 00007f5cbf7b6090 RCX: 00007f5cbf58ebe9 [ 437.630421][T11481] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 437.630434][T11481] RBP: 00007f5cbf611e19 R08: 0000000000000000 R09: 0000000000000000 [ 437.630448][T11481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.630461][T11481] R13: 00007f5cbf7b6128 R14: 00007f5cbf7b6090 R15: 00007ffeec177198 [ 437.630488][T11481] [ 438.571959][T11487] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 438.826611][T11484] FAULT_INJECTION: forcing a failure. [ 438.826611][T11484] name failslab, interval 1, probability 0, space 0, times 0 [ 438.932015][T11484] CPU: 1 UID: 0 PID: 11484 Comm: syz.2.1114 Tainted: G U syzkaller #0 PREEMPT(full) [ 438.932052][T11484] Tainted: [U]=USER [ 438.932060][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 438.932074][T11484] Call Trace: [ 438.932081][T11484] [ 438.932089][T11484] dump_stack_lvl+0x16c/0x1f0 [ 438.932125][T11484] should_fail_ex+0x512/0x640 [ 438.932158][T11484] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 438.932196][T11484] should_failslab+0xc2/0x120 [ 438.932227][T11484] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 438.932260][T11484] ? sysctl_route_net_init+0x42/0x2c0 [ 438.932301][T11484] ? register_net_sysctl_sz+0x228/0x3e0 [ 438.932336][T11484] ? __pfx_sysctl_route_net_init+0x10/0x10 [ 438.932372][T11484] kmemdup_noprof+0x29/0x60 [ 438.932401][T11484] sysctl_route_net_init+0x42/0x2c0 [ 438.932438][T11484] ? __pfx_sysctl_route_net_init+0x10/0x10 [ 438.932474][T11484] ops_init+0x1e2/0x5f0 [ 438.932510][T11484] setup_net+0x10f/0x380 [ 438.932552][T11484] ? lockdep_init_map_type+0x5c/0x280 [ 438.932583][T11484] ? __pfx_setup_net+0x10/0x10 [ 438.932615][T11484] ? debug_mutex_init+0x37/0x70 [ 438.932639][T11484] copy_net_ns+0x2a6/0x5f0 [ 438.932675][T11484] create_new_namespaces+0x3ea/0xa90 [ 438.932706][T11484] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 438.932733][T11484] ksys_unshare+0x45b/0xa40 [ 438.932764][T11484] ? __pfx_ksys_unshare+0x10/0x10 [ 438.932794][T11484] ? xfd_validate_state+0x61/0x180 [ 438.932834][T11484] __x64_sys_unshare+0x31/0x40 [ 438.932863][T11484] do_syscall_64+0xcd/0x490 [ 438.932894][T11484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.932922][T11484] RIP: 0033:0x7f0e3cb8ebe9 [ 438.932939][T11484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.932960][T11484] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 438.932980][T11484] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 438.932994][T11484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 438.933007][T11484] RBP: 00007f0e3cc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 438.933020][T11484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.933033][T11484] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 438.933061][T11484] [ 441.206031][T11524] FAULT_INJECTION: forcing a failure. [ 441.206031][T11524] name fail_futex, interval 1, probability 0, space 0, times 0 [ 441.265973][T11505] zswap: compressor not available [ 441.386293][T11524] CPU: 1 UID: 0 PID: 11524 Comm: syz.0.1120 Tainted: G U syzkaller #0 PREEMPT(full) [ 441.386332][T11524] Tainted: [U]=USER [ 441.386341][T11524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 441.386355][T11524] Call Trace: [ 441.386363][T11524] [ 441.386371][T11524] dump_stack_lvl+0x16c/0x1f0 [ 441.386407][T11524] should_fail_ex+0x512/0x640 [ 441.386446][T11524] get_futex_key+0x1d0/0x1560 [ 441.386480][T11524] ? __pfx_get_futex_key+0x10/0x10 [ 441.386511][T11524] ? __pick_eevdf+0x30a/0x670 [ 441.386545][T11524] futex_wait_setup+0x9d/0x550 [ 441.386590][T11524] __futex_wait+0x194/0x2f0 [ 441.386628][T11524] ? __pfx___futex_wait+0x10/0x10 [ 441.386663][T11524] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 441.386692][T11524] ? lockdep_hardirqs_on+0x7c/0x110 [ 441.386726][T11524] ? __pfx_futex_wake_mark+0x10/0x10 [ 441.386768][T11524] ? futex_private_hash_put+0x176/0x300 [ 441.386808][T11524] ? futex_private_hash_put+0x18a/0x300 [ 441.386840][T11524] futex_wait+0xe8/0x380 [ 441.386876][T11524] ? __pfx_futex_wait+0x10/0x10 [ 441.386918][T11524] ? ldsem_up_read+0x44/0x80 [ 441.386956][T11524] ? tty_ioctl+0x264/0x1680 [ 441.386993][T11524] do_futex+0x229/0x350 [ 441.387023][T11524] ? __pfx_do_futex+0x10/0x10 [ 441.387062][T11524] __x64_sys_futex+0x1e0/0x4c0 [ 441.387094][T11524] ? __x64_sys_openat+0x174/0x210 [ 441.387133][T11524] ? __pfx___x64_sys_futex+0x10/0x10 [ 441.387175][T11524] do_syscall_64+0xcd/0x490 [ 441.387223][T11524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.387246][T11524] RIP: 0033:0x7fba28f8ebe9 [ 441.387276][T11524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.387298][T11524] RSP: 002b:00007fba29db40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 441.387318][T11524] RAX: ffffffffffffffda RBX: 00007fba291b6188 RCX: 00007fba28f8ebe9 [ 441.387332][T11524] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fba291b6188 [ 441.387344][T11524] RBP: 00007fba291b6180 R08: 0000000000000000 R09: 0000000000000000 [ 441.387357][T11524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.387370][T11524] R13: 00007fba291b6218 R14: 00007ffcf2826580 R15: 00007ffcf2826668 [ 441.387396][T11524] [ 443.243340][T11543] .^: entered promiscuous mode [ 443.618012][T11533] tty tty12: ldisc open failed (-12), clearing slot 11 [ 443.633140][T11534] tty tty12: ldisc open failed (-12), clearing slot 11 [ 446.265104][T11571] zswap: compressor not available [ 446.917420][T11588] zswap: compressor 000 not available [ 447.916019][T11605] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1138'. [ 449.207401][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.214128][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 450.053190][T11617] mkiss: ax0: crc mode is auto. [ 450.862312][T11642] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 450.937041][ T5870] Process accounting paused [ 450.957791][T11642] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 451.048958][T11642] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 452.464699][T11634] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 452.474759][T11634] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 452.491396][T11634] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 452.500091][T11634] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 452.508017][T11634] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 452.907106][T11658] FAULT_INJECTION: forcing a failure. [ 452.907106][T11658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 452.993602][T11661] zswap: compressor 000 not available [ 453.016248][T11658] CPU: 1 UID: 0 PID: 11658 Comm: syz.1.1145 Tainted: G U syzkaller #0 PREEMPT(full) [ 453.016280][T11658] Tainted: [U]=USER [ 453.016287][T11658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 453.016299][T11658] Call Trace: [ 453.016306][T11658] [ 453.016313][T11658] dump_stack_lvl+0x16c/0x1f0 [ 453.016345][T11658] should_fail_ex+0x512/0x640 [ 453.016379][T11658] _copy_from_user+0x2e/0xd0 [ 453.016420][T11658] get_timespec64+0x8b/0x1b0 [ 453.016447][T11658] ? __pfx_get_timespec64+0x10/0x10 [ 453.016471][T11658] ? ktime_get+0x200/0x310 [ 453.016502][T11658] __x64_sys_futex+0x288/0x4c0 [ 453.016532][T11658] ? __pfx___x64_sys_futex+0x10/0x10 [ 453.016559][T11658] ? xfd_validate_state+0x61/0x180 [ 453.016600][T11658] do_syscall_64+0xcd/0x490 [ 453.016631][T11658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.016652][T11658] RIP: 0033:0x7f5cbf58ebe9 [ 453.016668][T11658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.016689][T11658] RSP: 002b:00007ffeec1772f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 453.016708][T11658] RAX: ffffffffffffffda RBX: 000000000006e902 RCX: 00007f5cbf58ebe9 [ 453.016721][T11658] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5cbf7b627c [ 453.016733][T11658] RBP: 0000000000000032 R08: 00007f5cc048e000 R09: 00000018ec1775ef [ 453.016746][T11658] R10: 00007ffeec1773f0 R11: 0000000000000246 R12: 00007f5cbf7b627c [ 453.016759][T11658] R13: 00007ffeec1773f0 R14: 000000000006e934 R15: 00007ffeec177410 [ 453.016784][T11658] [ 454.560262][T11654] chnl_net:caif_netlink_parms(): no params data found [ 454.570664][T11639] Bluetooth: hci4: command tx timeout [ 455.282000][T11654] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.289128][T11654] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.354398][T11654] bridge_slave_0: entered allmulticast mode [ 455.413473][T11654] bridge_slave_0: entered promiscuous mode [ 455.461368][T11654] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.510581][T11654] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.517801][T11654] bridge_slave_1: entered allmulticast mode [ 455.594239][T11654] bridge_slave_1: entered promiscuous mode [ 455.974205][T11654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 456.040701][T11654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 456.328725][T11713] FAULT_INJECTION: forcing a failure. [ 456.328725][T11713] name failslab, interval 1, probability 0, space 0, times 0 [ 456.394402][T11713] CPU: 1 UID: 0 PID: 11713 Comm: syz.2.1154 Tainted: G U syzkaller #0 PREEMPT(full) [ 456.394436][T11713] Tainted: [U]=USER [ 456.394442][T11713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 456.394456][T11713] Call Trace: [ 456.394463][T11713] [ 456.394471][T11713] dump_stack_lvl+0x16c/0x1f0 [ 456.394504][T11713] should_fail_ex+0x512/0x640 [ 456.394535][T11713] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 456.394560][T11713] should_failslab+0xc2/0x120 [ 456.394590][T11713] __kmalloc_cache_noprof+0x6a/0x3e0 [ 456.394612][T11713] ? mark_held_locks+0x49/0x80 [ 456.394639][T11713] ? rfkill_fop_open+0x1b6/0x750 [ 456.394664][T11713] rfkill_fop_open+0x1b6/0x750 [ 456.394706][T11713] ? __pfx_rfkill_fop_open+0x10/0x10 [ 456.394736][T11713] misc_open+0x35a/0x420 [ 456.394762][T11713] ? __pfx_misc_open+0x10/0x10 [ 456.394786][T11713] chrdev_open+0x234/0x6a0 [ 456.394816][T11713] ? __pfx_apparmor_file_open+0x10/0x10 [ 456.394842][T11713] ? __pfx_chrdev_open+0x10/0x10 [ 456.394874][T11713] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 456.394906][T11713] do_dentry_open+0x982/0x1530 [ 456.394935][T11713] ? __pfx_chrdev_open+0x10/0x10 [ 456.394971][T11713] vfs_open+0x82/0x3f0 [ 456.395009][T11713] path_openat+0x1de4/0x2cb0 [ 456.395046][T11713] ? __pfx_path_openat+0x10/0x10 [ 456.395082][T11713] do_filp_open+0x20b/0x470 [ 456.395110][T11713] ? __pfx_do_filp_open+0x10/0x10 [ 456.395158][T11713] ? alloc_fd+0x471/0x7d0 [ 456.395190][T11713] do_sys_openat2+0x11b/0x1d0 [ 456.395226][T11713] ? __pfx_do_sys_openat2+0x10/0x10 [ 456.395273][T11713] __x64_sys_openat+0x174/0x210 [ 456.395310][T11713] ? __pfx___x64_sys_openat+0x10/0x10 [ 456.395358][T11713] do_syscall_64+0xcd/0x490 [ 456.395392][T11713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.395415][T11713] RIP: 0033:0x7f0e3cb8ebe9 [ 456.395433][T11713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.395456][T11713] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 456.395479][T11713] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 456.395494][T11713] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 456.395509][T11713] RBP: 00007f0e3cc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 456.395523][T11713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 456.395555][T11713] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 456.395586][T11713] [ 457.020646][T11639] Bluetooth: hci4: command tx timeout [ 457.425698][T11654] team0: Port device team_slave_0 added [ 457.443281][T11654] team0: Port device team_slave_1 added [ 457.665035][T11654] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 457.702362][T11654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.847467][T11654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 457.912051][T11654] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 457.960557][T11654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.100609][T11654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.471738][T11654] hsr_slave_0: entered promiscuous mode [ 458.507394][T11654] hsr_slave_1: entered promiscuous mode [ 458.551896][T11654] debugfs: 'hsr0' already exists in 'hsr' [ 458.557664][T11654] Cannot create hsr debugfs directory [ 459.041145][T11639] Bluetooth: hci4: command tx timeout [ 459.700683][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1161'. [ 459.782018][T11654] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 459.841556][T11654] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 459.911526][T11654] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 460.041776][T11654] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 460.468753][T11654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 460.592744][T11654] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.666860][T11633] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.674075][T11633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.810101][T11640] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.817282][T11640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.123232][T11639] Bluetooth: hci4: command tx timeout [ 461.246368][T11770] FAULT_INJECTION: forcing a failure. [ 461.246368][T11770] name failslab, interval 1, probability 0, space 0, times 0 [ 461.346618][T11770] CPU: 1 UID: 0 PID: 11770 Comm: syz.2.1164 Tainted: G U syzkaller #0 PREEMPT(full) [ 461.346655][T11770] Tainted: [U]=USER [ 461.346662][T11770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 461.346676][T11770] Call Trace: [ 461.346684][T11770] [ 461.346693][T11770] dump_stack_lvl+0x16c/0x1f0 [ 461.346740][T11770] should_fail_ex+0x512/0x640 [ 461.346772][T11770] ? __kmalloc_noprof+0xbf/0x510 [ 461.346800][T11770] ? kernfs_fop_write_iter+0x237/0x510 [ 461.346821][T11770] should_failslab+0xc2/0x120 [ 461.346850][T11770] __kmalloc_noprof+0xd2/0x510 [ 461.346882][T11770] kernfs_fop_write_iter+0x237/0x510 [ 461.346907][T11770] vfs_write+0x7d0/0x11d0 [ 461.346934][T11770] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 461.346958][T11770] ? __pfx_vfs_write+0x10/0x10 [ 461.346986][T11770] ? __pfx_do_sys_openat2+0x10/0x10 [ 461.347034][T11770] ksys_write+0x12a/0x250 [ 461.347059][T11770] ? __pfx_ksys_write+0x10/0x10 [ 461.347092][T11770] do_syscall_64+0xcd/0x490 [ 461.347124][T11770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.347147][T11770] RIP: 0033:0x7f0e3cb8ebe9 [ 461.347163][T11770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.347185][T11770] RSP: 002b:00007f0e3d91b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 461.347205][T11770] RAX: ffffffffffffffda RBX: 00007f0e3cdb5fa0 RCX: 00007f0e3cb8ebe9 [ 461.347219][T11770] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000000 [ 461.347232][T11770] RBP: 00007f0e3d91b090 R08: 0000000000000000 R09: 0000000000000000 [ 461.347260][T11770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 461.347274][T11770] R13: 00007f0e3cdb6038 R14: 00007f0e3cdb5fa0 R15: 00007ffcfb9cf168 [ 461.347302][T11770] [ 462.018899][T11781] blktrace: Concurrent blktraces are not allowed on ram7 [ 462.219477][T11654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.055695][T11794] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1168'. [ 463.420544][T11639] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 463.589519][T11654] veth0_vlan: entered promiscuous mode [ 463.732377][T11654] veth1_vlan: entered promiscuous mode [ 463.859024][T11654] veth0_macvtap: entered promiscuous mode [ 463.953731][T11654] veth1_macvtap: entered promiscuous mode [ 464.093909][T11654] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.142571][T11654] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.292025][T11643] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.320675][T11643] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.586410][T11643] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.640697][T11643] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.177870][T11637] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.218491][T11637] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.362732][T11636] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 466.403664][T11636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.369989][T11829] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input26 [ 467.946671][T11828] zswap: compressor not available [ 468.142206][T11639] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 468.547971][T11846] netlink: 'syz.2.1179': attribute type 1 has an invalid length. [ 468.639707][T11634] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 468.725585][T11846] netlink: 'syz.2.1179': attribute type 6 has an invalid length. [ 469.214432][T11859] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1182'. [ 472.043125][T11890] FAULT_INJECTION: forcing a failure. [ 472.043125][T11890] name failslab, interval 1, probability 0, space 0, times 0 [ 472.110992][T11885] zswap: compressor not available [ 472.149849][T11890] CPU: 1 UID: 0 PID: 11890 Comm: syz.0.1188 Tainted: G U syzkaller #0 PREEMPT(full) [ 472.149887][T11890] Tainted: [U]=USER [ 472.149894][T11890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 472.149909][T11890] Call Trace: [ 472.149917][T11890] [ 472.149925][T11890] dump_stack_lvl+0x16c/0x1f0 [ 472.149962][T11890] should_fail_ex+0x512/0x640 [ 472.149994][T11890] ? fs_reclaim_acquire+0xae/0x150 [ 472.150032][T11890] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 472.150065][T11890] should_failslab+0xc2/0x120 [ 472.150097][T11890] __kmalloc_noprof+0xd2/0x510 [ 472.150131][T11890] tomoyo_realpath_from_path+0xc2/0x6e0 [ 472.150173][T11890] tomoyo_check_open_permission+0x2ab/0x3c0 [ 472.150203][T11890] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 472.150273][T11890] ? do_raw_spin_lock+0x12c/0x2b0 [ 472.150315][T11890] tomoyo_file_open+0x6b/0x90 [ 472.150336][T11890] security_file_open+0x84/0x1e0 [ 472.150367][T11890] do_dentry_open+0x596/0x1530 [ 472.150402][T11890] vfs_open+0x82/0x3f0 [ 472.150441][T11890] path_openat+0x1de4/0x2cb0 [ 472.150476][T11890] ? __pfx_path_openat+0x10/0x10 [ 472.150509][T11890] do_filp_open+0x20b/0x470 [ 472.150534][T11890] ? __pfx_do_filp_open+0x10/0x10 [ 472.150580][T11890] ? alloc_fd+0x471/0x7d0 [ 472.150611][T11890] do_sys_openat2+0x11b/0x1d0 [ 472.150650][T11890] ? __pfx_do_sys_openat2+0x10/0x10 [ 472.150695][T11890] __x64_sys_openat+0x174/0x210 [ 472.150729][T11890] ? __pfx___x64_sys_openat+0x10/0x10 [ 472.150775][T11890] do_syscall_64+0xcd/0x490 [ 472.150807][T11890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.150829][T11890] RIP: 0033:0x7fba28f8ebe9 [ 472.150846][T11890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.150867][T11890] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 472.150887][T11890] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 472.150901][T11890] RDX: 000000000014be02 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 472.150915][T11890] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 472.150928][T11890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 472.150941][T11890] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 472.150968][T11890] [ 472.873555][T11895] FAULT_INJECTION: forcing a failure. [ 472.873555][T11895] name failslab, interval 1, probability 0, space 0, times 0 [ 473.110651][T11895] CPU: 1 UID: 0 PID: 11895 Comm: syz.1.1189 Tainted: G U syzkaller #0 PREEMPT(full) [ 473.110684][T11895] Tainted: [U]=USER [ 473.110690][T11895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 473.110703][T11895] Call Trace: [ 473.110709][T11895] [ 473.110717][T11895] dump_stack_lvl+0x16c/0x1f0 [ 473.110751][T11895] should_fail_ex+0x512/0x640 [ 473.110781][T11895] ? fs_reclaim_acquire+0xae/0x150 [ 473.110816][T11895] should_failslab+0xc2/0x120 [ 473.110844][T11895] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 473.110877][T11895] ? ima_alloc_tfm+0x21a/0x2e0 [ 473.110898][T11895] ? ima_collect_measurement+0x4b5/0xa40 [ 473.110927][T11895] krealloc_noprof+0x1ff/0x3a0 [ 473.110954][T11895] ima_collect_measurement+0x4b5/0xa40 [ 473.110987][T11895] ? __pfx_ima_collect_measurement+0x10/0x10 [ 473.111031][T11895] ? do_raw_read_unlock+0x44/0xe0 [ 473.111069][T11895] ? vfs_getxattr_alloc+0xec/0x340 [ 473.111097][T11895] ? ima_get_hash_algo+0x27c/0x400 [ 473.111116][T11895] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 473.111145][T11895] ? process_measurement+0x11fa/0x23e0 [ 473.111165][T11895] process_measurement+0x11fa/0x23e0 [ 473.111195][T11895] ? __pfx_process_measurement+0x10/0x10 [ 473.111261][T11895] ima_bprm_check+0xe7/0x210 [ 473.111282][T11895] ? __pfx_ima_bprm_check+0x10/0x10 [ 473.111310][T11895] security_bprm_check+0xa5/0x1e0 [ 473.111332][T11895] bprm_execve+0x81a/0x1640 [ 473.111358][T11895] ? __pfx_bprm_execve+0x10/0x10 [ 473.111379][T11895] ? copy_string_kernel+0x460/0x520 [ 473.111406][T11895] do_execveat_common.isra.0+0x4a5/0x610 [ 473.111435][T11895] __x64_sys_execve+0x8e/0xb0 [ 473.111458][T11895] do_syscall_64+0xcd/0x490 [ 473.111488][T11895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.111508][T11895] RIP: 0033:0x7f5cbf58ebe9 [ 473.111523][T11895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.111543][T11895] RSP: 002b:00007f5cc046c038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 473.111562][T11895] RAX: ffffffffffffffda RBX: 00007f5cbf7b6090 RCX: 00007f5cbf58ebe9 [ 473.111575][T11895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 473.111592][T11895] RBP: 00007f5cbf611e19 R08: 0000000000000000 R09: 0000000000000000 [ 473.111603][T11895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.111615][T11895] R13: 00007f5cbf7b6128 R14: 00007f5cbf7b6090 R15: 00007ffeec177198 [ 473.111642][T11895] [ 473.655184][ T31] audit: type=1800 audit(6051230894.140:17): pid=11895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1189" name=":," dev="tmpfs" ino=1656 res=0 errno=0 [ 473.897852][ T31] audit: type=1800 audit(6051230894.850:18): pid=11899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1190" name="members" dev="configfs" ino=39093 res=0 errno=0 [ 473.977425][T11890] ERROR: Out of memory at tomoyo_realpath_from_path. [ 474.566913][T11910] FAULT_INJECTION: forcing a failure. [ 474.566913][T11910] name failslab, interval 1, probability 0, space 0, times 0 [ 474.733007][T11910] CPU: 1 UID: 0 PID: 11910 Comm: syz.0.1192 Tainted: G U syzkaller #0 PREEMPT(full) [ 474.733042][T11910] Tainted: [U]=USER [ 474.733050][T11910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 474.733062][T11910] Call Trace: [ 474.733070][T11910] [ 474.733077][T11910] dump_stack_lvl+0x16c/0x1f0 [ 474.733111][T11910] should_fail_ex+0x512/0x640 [ 474.733142][T11910] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 474.733168][T11910] should_failslab+0xc2/0x120 [ 474.733197][T11910] __kmalloc_cache_noprof+0x6a/0x3e0 [ 474.733219][T11910] ? mark_held_locks+0x49/0x80 [ 474.733246][T11910] ? rfkill_fop_open+0x1b6/0x750 [ 474.733271][T11910] rfkill_fop_open+0x1b6/0x750 [ 474.733296][T11910] ? __pfx_rfkill_fop_open+0x10/0x10 [ 474.733318][T11910] misc_open+0x35a/0x420 [ 474.733341][T11910] ? __pfx_misc_open+0x10/0x10 [ 474.733363][T11910] chrdev_open+0x234/0x6a0 [ 474.733391][T11910] ? __pfx_apparmor_file_open+0x10/0x10 [ 474.733415][T11910] ? __pfx_chrdev_open+0x10/0x10 [ 474.733445][T11910] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 474.733484][T11910] do_dentry_open+0x982/0x1530 [ 474.733512][T11910] ? __pfx_chrdev_open+0x10/0x10 [ 474.733546][T11910] vfs_open+0x82/0x3f0 [ 474.733582][T11910] path_openat+0x1de4/0x2cb0 [ 474.733616][T11910] ? __pfx_path_openat+0x10/0x10 [ 474.733649][T11910] do_filp_open+0x20b/0x470 [ 474.733676][T11910] ? __pfx_do_filp_open+0x10/0x10 [ 474.733721][T11910] ? alloc_fd+0x471/0x7d0 [ 474.733752][T11910] do_sys_openat2+0x11b/0x1d0 [ 474.733785][T11910] ? __pfx_do_sys_openat2+0x10/0x10 [ 474.733829][T11910] __x64_sys_openat+0x174/0x210 [ 474.733863][T11910] ? __pfx___x64_sys_openat+0x10/0x10 [ 474.733908][T11910] do_syscall_64+0xcd/0x490 [ 474.733939][T11910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.733961][T11910] RIP: 0033:0x7fba28f8ebe9 [ 474.733978][T11910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.733999][T11910] RSP: 002b:00007fba29db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 474.734020][T11910] RAX: ffffffffffffffda RBX: 00007fba291b6180 RCX: 00007fba28f8ebe9 [ 474.734034][T11910] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 474.734047][T11910] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 474.734060][T11910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.734073][T11910] R13: 00007fba291b6218 R14: 00007fba291b6180 R15: 00007ffcf2826668 [ 474.734101][T11910] [ 477.665019][T11937] zswap: compressor not available [ 480.717864][T12000] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1206'. [ 480.717903][T12000] mac80211_hwsim hwsim8 : renamed from wlan0 (while UP) [ 481.210709][T11634] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 481.802648][T12017] FAULT_INJECTION: forcing a failure. [ 481.802648][T12017] name fail_futex, interval 1, probability 0, space 0, times 0 [ 481.968289][T12017] CPU: 1 UID: 0 PID: 12017 Comm: syz.0.1209 Tainted: G U syzkaller #0 PREEMPT(full) [ 481.968323][T12017] Tainted: [U]=USER [ 481.968331][T12017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 481.968344][T12017] Call Trace: [ 481.968355][T12017] [ 481.968362][T12017] dump_stack_lvl+0x16c/0x1f0 [ 481.968395][T12017] should_fail_ex+0x512/0x640 [ 481.968432][T12017] get_futex_key+0x1d0/0x1560 [ 481.968462][T12017] ? __pfx_get_futex_key+0x10/0x10 [ 481.968497][T12017] futex_wake+0xea/0x530 [ 481.968530][T12017] ? rcu_is_watching+0x12/0xc0 [ 481.968553][T12017] ? __pfx_futex_wake+0x10/0x10 [ 481.968588][T12017] ? kmem_cache_free+0x2d1/0x4d0 [ 481.968612][T12017] ? fd_install+0x225/0x750 [ 481.968634][T12017] ? putname+0x154/0x1a0 [ 481.968668][T12017] do_futex+0x1e3/0x350 [ 481.968707][T12017] ? __pfx_do_futex+0x10/0x10 [ 481.968739][T12017] __x64_sys_futex+0x1e0/0x4c0 [ 481.968767][T12017] ? __x64_sys_openat+0x174/0x210 [ 481.968799][T12017] ? __pfx___x64_sys_futex+0x10/0x10 [ 481.968835][T12017] do_syscall_64+0xcd/0x490 [ 481.968864][T12017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.968885][T12017] RIP: 0033:0x7fba28f8ebe9 [ 481.968900][T12017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.968920][T12017] RSP: 002b:00007fba29df60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 481.968938][T12017] RAX: ffffffffffffffda RBX: 00007fba291b5fa8 RCX: 00007fba28f8ebe9 [ 481.968951][T12017] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fba291b5fac [ 481.968964][T12017] RBP: 00007fba291b5fa0 R08: 00007fba29df7000 R09: 0000000000000000 [ 481.968983][T12017] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 481.968995][T12017] R13: 00007fba291b6038 R14: 00007ffcf2826580 R15: 00007ffcf2826668 [ 481.969020][T12017] [ 482.421629][T12024] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1209'. [ 482.949711][ T24] Process accounting resumed [ 483.510758][T12015] ptrace attach of ""[12032] was attempted by "./syz-executor exec"[12015] [ 484.840621][T12047] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 485.008624][T12049] vivid-003: ================= START STATUS ================= [ 485.121692][T12049] vivid-003: Radio HW Seek Mode: Bounded [ 485.127548][T12049] vivid-003: Radio Programmable HW Seek: false [ 485.228371][T12049] vivid-003: RDS Rx I/O Mode: Block I/O [ 485.246959][T12049] vivid-003: Generate RBDS Instead of RDS: false [ 485.301874][T12049] vivid-003: RDS Reception: true [ 485.306902][T12049] vivid-003: RDS Program Type: 0 inactive [ 485.417330][T12049] vivid-003: RDS PS Name: inactive [ 485.493708][T12049] vivid-003: RDS Radio Text: inactive [ 485.499230][T12049] vivid-003: RDS Traffic Announcement: false inactive [ 485.630592][T12049] vivid-003: RDS Traffic Program: false inactive [ 485.690619][T12049] vivid-003: RDS Music: false inactive [ 485.743373][T12049] vivid-003: ================== END STATUS ================== [ 487.221850][T12065] kexec: Could not allocate control_code_buffer [ 487.841371][T12092] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 488.082089][T12094] ptrace attach of "./syz-executor exec"[12099] was attempted by "./syz-executor exec"[12094] [ 488.176520][T12095] ptrace attach of "./syz-executor exec"[12099] was attempted by "./syz-executor exec"[12095] [ 489.158396][T12116] FAULT_INJECTION: forcing a failure. [ 489.158396][T12116] name fail_futex, interval 1, probability 0, space 0, times 0 [ 489.259203][T12116] CPU: 1 UID: 0 PID: 12116 Comm: syz.4.1228 Tainted: G U syzkaller #0 PREEMPT(full) [ 489.259239][T12116] Tainted: [U]=USER [ 489.259246][T12116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 489.259259][T12116] Call Trace: [ 489.259266][T12116] [ 489.259275][T12116] dump_stack_lvl+0x16c/0x1f0 [ 489.259309][T12116] should_fail_ex+0x512/0x640 [ 489.259346][T12116] get_futex_key+0x293/0x1560 [ 489.259377][T12116] ? __pfx_get_futex_key+0x10/0x10 [ 489.259403][T12116] ? __mutex_trylock_common+0xe9/0x250 [ 489.259441][T12116] futex_wake+0xea/0x530 [ 489.259477][T12116] ? __pfx_futex_wake+0x10/0x10 [ 489.259531][T12116] do_futex+0x1e3/0x350 [ 489.259559][T12116] ? __pfx_do_futex+0x10/0x10 [ 489.259586][T12116] ? __might_fault+0xe3/0x190 [ 489.259619][T12116] mm_release+0x24e/0x300 [ 489.259664][T12116] do_exit+0x68e/0x2bf0 [ 489.259702][T12116] ? __pfx_do_exit+0x10/0x10 [ 489.259734][T12116] ? do_raw_spin_lock+0x12c/0x2b0 [ 489.259769][T12116] ? find_held_lock+0x2b/0x80 [ 489.259796][T12116] do_group_exit+0xd3/0x2a0 [ 489.259831][T12116] get_signal+0x2673/0x26d0 [ 489.259868][T12116] ? __pfx_get_signal+0x10/0x10 [ 489.259894][T12116] ? do_futex+0x122/0x350 [ 489.259923][T12116] ? __pfx_do_futex+0x10/0x10 [ 489.259955][T12116] arch_do_signal_or_restart+0x8f/0x790 [ 489.259988][T12116] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 489.260035][T12116] exit_to_user_mode_loop+0x84/0x110 [ 489.260072][T12116] do_syscall_64+0x3f6/0x490 [ 489.260106][T12116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.260130][T12116] RIP: 0033:0x7fae81d8ebe9 [ 489.260148][T12116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.260171][T12116] RSP: 002b:00007fae82c310e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 489.260193][T12116] RAX: fffffffffffffe00 RBX: 00007fae81fb6188 RCX: 00007fae81d8ebe9 [ 489.260208][T12116] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fae81fb6188 [ 489.260223][T12116] RBP: 00007fae81fb6180 R08: 0000000000000000 R09: 0000000000000000 [ 489.260237][T12116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 489.260251][T12116] R13: 00007fae81fb6218 R14: 00007ffe01327cf0 R15: 00007ffe01327dd8 [ 489.260280][T12116] [ 489.486839][ C1] vkms_vblank_simulate: vblank timer overrun [ 489.961598][T12124] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1229'. [ 491.521262][T12124] team0: Port device team_slave_1 removed [ 492.698376][T12168] FAULT_INJECTION: forcing a failure. [ 492.698376][T12168] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 492.782186][T12168] CPU: 1 UID: 0 PID: 12168 Comm: syz.4.1235 Tainted: G U syzkaller #0 PREEMPT(full) [ 492.782231][T12168] Tainted: [U]=USER [ 492.782239][T12168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 492.782253][T12168] Call Trace: [ 492.782264][T12168] [ 492.782273][T12168] dump_stack_lvl+0x16c/0x1f0 [ 492.782308][T12168] should_fail_ex+0x512/0x640 [ 492.782345][T12168] should_fail_alloc_page+0xe7/0x130 [ 492.782378][T12168] prepare_alloc_pages+0x3c2/0x610 [ 492.782412][T12168] ? arch_stack_walk+0xa6/0x100 [ 492.782443][T12168] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 492.782478][T12168] ? stack_trace_save+0x8e/0xc0 [ 492.782504][T12168] ? __pfx_stack_trace_save+0x10/0x10 [ 492.782530][T12168] ? stack_depot_save_flags+0x29/0x9c0 [ 492.782566][T12168] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 492.782596][T12168] ? kasan_save_stack+0x42/0x60 [ 492.782621][T12168] ? kasan_save_stack+0x33/0x60 [ 492.782646][T12168] ? kasan_save_track+0x14/0x30 [ 492.782671][T12168] ? __kasan_slab_alloc+0x89/0x90 [ 492.782698][T12168] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 492.782724][T12168] ? security_inode_alloc+0x3b/0x2b0 [ 492.782749][T12168] ? inode_init_always_gfp+0xce4/0x1030 [ 492.782777][T12168] ? do_syscall_64+0xcd/0x490 [ 492.782807][T12168] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.782837][T12168] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 492.782874][T12168] ? policy_nodemask+0xea/0x4e0 [ 492.782906][T12168] alloc_pages_mpol+0x1fb/0x550 [ 492.782938][T12168] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 492.782975][T12168] ? sk_prot_alloc+0x1a8/0x2a0 [ 492.783010][T12168] ___kmalloc_large_node+0xed/0x160 [ 492.783049][T12168] ? sk_prot_alloc+0x1a8/0x2a0 [ 492.783083][T12168] __kmalloc_large_node_noprof+0x1c/0x70 [ 492.783121][T12168] __kmalloc_noprof.cold+0xc/0x61 [ 492.783162][T12168] sk_prot_alloc+0x1a8/0x2a0 [ 492.783210][T12168] sk_alloc+0x36/0xc20 [ 492.783262][T12168] can_create+0x1e5/0x600 [ 492.783294][T12168] __sock_create+0x335/0x8d0 [ 492.783322][T12168] __sys_socket+0x14d/0x260 [ 492.783346][T12168] ? __pfx___sys_socket+0x10/0x10 [ 492.783369][T12168] ? xfd_validate_state+0x61/0x180 [ 492.783421][T12168] ? __pfx_ksys_write+0x10/0x10 [ 492.783455][T12168] __x64_sys_socket+0x72/0xb0 [ 492.783478][T12168] ? lockdep_hardirqs_on+0x7c/0x110 [ 492.783508][T12168] do_syscall_64+0xcd/0x490 [ 492.783543][T12168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.783566][T12168] RIP: 0033:0x7fae81d8ebe9 [ 492.783585][T12168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.783609][T12168] RSP: 002b:00007fae82c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 492.783631][T12168] RAX: ffffffffffffffda RBX: 00007fae81fb6180 RCX: 00007fae81d8ebe9 [ 492.783647][T12168] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 492.783661][T12168] RBP: 00007fae81e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 492.783675][T12168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.783689][T12168] R13: 00007fae81fb6218 R14: 00007fae81fb6180 R15: 00007ffe01327dd8 [ 492.783719][T12168] [ 493.099265][ C1] vkms_vblank_simulate: vblank timer overrun [ 493.283474][T12171] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 494.501428][ T43] Process accounting resumed [ 495.270842][T12211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1243'. [ 499.086511][T12273] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 499.510868][T11634] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 499.775939][T12288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1258'. [ 500.045646][T12287] HfR: entered promiscuous mode [ 500.268691][T12288] HfR: left promiscuous mode [ 501.022874][T12299] zswap: compressor not available [ 502.011347][T12326] cgroup: fork rejected by pids controller in /syz2 [ 503.470108][T12424] program syz.1.1273 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 503.875499][T12425] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 506.402488][T12459] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 506.519353][T12476] zswap: compressor not available [ 509.380522][T12512] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 509.482371][T12519] FAULT_INJECTION: forcing a failure. [ 509.482371][T12519] name failslab, interval 1, probability 0, space 0, times 0 [ 509.555916][T12519] CPU: 1 UID: 0 PID: 12519 Comm: syz.4.1284 Tainted: G U syzkaller #0 PREEMPT(full) [ 509.555954][T12519] Tainted: [U]=USER [ 509.555962][T12519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 509.555976][T12519] Call Trace: [ 509.555984][T12519] [ 509.555993][T12519] dump_stack_lvl+0x16c/0x1f0 [ 509.556027][T12519] should_fail_ex+0x512/0x640 [ 509.556060][T12519] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 509.556094][T12519] should_failslab+0xc2/0x120 [ 509.556125][T12519] __kmalloc_cache_noprof+0x6a/0x3e0 [ 509.556149][T12519] ? mark_held_locks+0x49/0x80 [ 509.556178][T12519] ? rfkill_fop_open+0x1b6/0x750 [ 509.556205][T12519] rfkill_fop_open+0x1b6/0x750 [ 509.556231][T12519] ? __pfx_rfkill_fop_open+0x10/0x10 [ 509.556254][T12519] misc_open+0x35a/0x420 [ 509.556291][T12519] ? __pfx_misc_open+0x10/0x10 [ 509.556313][T12519] chrdev_open+0x234/0x6a0 [ 509.556358][T12519] ? __pfx_apparmor_file_open+0x10/0x10 [ 509.556384][T12519] ? __pfx_chrdev_open+0x10/0x10 [ 509.556416][T12519] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 509.556448][T12519] do_dentry_open+0x982/0x1530 [ 509.556476][T12519] ? __pfx_chrdev_open+0x10/0x10 [ 509.556512][T12519] vfs_open+0x82/0x3f0 [ 509.556550][T12519] path_openat+0x1de4/0x2cb0 [ 509.556587][T12519] ? __pfx_path_openat+0x10/0x10 [ 509.556622][T12519] do_filp_open+0x20b/0x470 [ 509.556650][T12519] ? __pfx_do_filp_open+0x10/0x10 [ 509.556698][T12519] ? alloc_fd+0x471/0x7d0 [ 509.556731][T12519] do_sys_openat2+0x11b/0x1d0 [ 509.556766][T12519] ? __pfx_do_sys_openat2+0x10/0x10 [ 509.556814][T12519] __x64_sys_openat+0x174/0x210 [ 509.556850][T12519] ? __pfx___x64_sys_openat+0x10/0x10 [ 509.556899][T12519] do_syscall_64+0xcd/0x490 [ 509.556933][T12519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.556956][T12519] RIP: 0033:0x7fae81d8ebe9 [ 509.556977][T12519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.557000][T12519] RSP: 002b:00007fae82c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 509.557021][T12519] RAX: ffffffffffffffda RBX: 00007fae81fb6090 RCX: 00007fae81d8ebe9 [ 509.557036][T12519] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 509.557051][T12519] RBP: 00007fae81e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 509.557065][T12519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.557083][T12519] R13: 00007fae81fb6128 R14: 00007fae81fb6090 R15: 00007ffe01327dd8 [ 509.557112][T12519] [ 509.808669][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.472390][T12528] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input28 [ 510.829048][T12537] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1287'. [ 511.932212][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.944024][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.107296][T12560] program syz.0.1293 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 515.105506][T12605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1298'. [ 515.201906][T12607] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1299'. [ 516.371195][T12625] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 516.434828][T12624] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 517.679483][T12642] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 517.740851][T12642] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 517.899275][T12642] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 517.924458][T12642] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 518.086722][T12642] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 518.114445][T12642] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 518.192549][T12642] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 518.198513][T12642] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 518.330714][T12642] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 518.473138][T12642] CPU0 is offline. [ 519.362555][T11634] Bluetooth: hci0: command 0x0c1a tx timeout [ 519.920588][T11634] Bluetooth: hci1: command 0x0c1a tx timeout [ 520.163860][T11634] Bluetooth: hci3: command 0x0c1a tx timeout [ 520.169907][T11634] Bluetooth: hci2: command 0x0c1a tx timeout [ 520.241268][T11634] Bluetooth: hci4: command 0x0c1a tx timeout [ 521.129133][T12700] FAULT_INJECTION: forcing a failure. [ 521.129133][T12700] name failslab, interval 1, probability 0, space 0, times 0 [ 521.191005][T12700] CPU: 1 UID: 0 PID: 12700 Comm: syz.4.1317 Tainted: G U syzkaller #0 PREEMPT(full) [ 521.191040][T12700] Tainted: [U]=USER [ 521.191047][T12700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 521.191060][T12700] Call Trace: [ 521.191067][T12700] [ 521.191075][T12700] dump_stack_lvl+0x16c/0x1f0 [ 521.191108][T12700] should_fail_ex+0x512/0x640 [ 521.191140][T12700] ? __kmalloc_noprof+0xbf/0x510 [ 521.191167][T12700] ? lsm_blob_alloc+0x68/0x90 [ 521.191186][T12700] should_failslab+0xc2/0x120 [ 521.191214][T12700] __kmalloc_noprof+0xd2/0x510 [ 521.191245][T12700] lsm_blob_alloc+0x68/0x90 [ 521.191264][T12700] security_prepare_creds+0x30/0x270 [ 521.191305][T12700] prepare_creds+0x56f/0x7d0 [ 521.191341][T12700] __sys_setregid+0x101/0x910 [ 521.191364][T12700] ? rcu_is_watching+0x12/0xc0 [ 521.191388][T12700] do_syscall_64+0xcd/0x490 [ 521.191419][T12700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.191441][T12700] RIP: 0033:0x7fae81d8ebe9 [ 521.191457][T12700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.191479][T12700] RSP: 002b:00007fae82c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 521.191510][T12700] RAX: ffffffffffffffda RBX: 00007fae81fb5fa0 RCX: 00007fae81d8ebe9 [ 521.191523][T12700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 521.191536][T12700] RBP: 00007fae81e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 521.191548][T12700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 521.191561][T12700] R13: 00007fae81fb6038 R14: 00007fae81fb5fa0 R15: 00007ffe01327dd8 [ 521.191587][T12700] [ 521.382911][T12703] openvswitch: netlink: Message has 8 unknown bytes. [ 521.648377][T11634] Bluetooth: hci0: command 0x0c1a tx timeout [ 521.697427][T12708] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1319'. [ 521.795156][T12700] svc: failed to register nfsdv3 RPC service (errno 111). [ 521.808841][T12700] svc: failed to register nfsaclv3 RPC service (errno 111). [ 521.868741][T12708] ================================================================== [ 521.868761][T12708] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 521.868798][T12708] Read of size 256 at addr ffff88802229ffa0 by task syz.0.1319/12708 [ 521.868817][T12708] [ 521.868829][T12708] CPU: 1 UID: 0 PID: 12708 Comm: syz.0.1319 Tainted: G U syzkaller #0 PREEMPT(full) [ 521.868861][T12708] Tainted: [U]=USER [ 521.868869][T12708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 521.868883][T12708] Call Trace: [ 521.868890][T12708] [ 521.868898][T12708] dump_stack_lvl+0x116/0x1f0 [ 521.868930][T12708] print_report+0xcd/0x630 [ 521.868959][T12708] ? __virt_addr_valid+0x81/0x610 [ 521.868988][T12708] ? __phys_addr+0xe8/0x180 [ 521.869028][T12708] ? fbcon_prepare_logo+0xa03/0xc70 [ 521.869054][T12708] kasan_report+0xe0/0x110 [ 521.869082][T12708] ? fbcon_prepare_logo+0xa03/0xc70 [ 521.869113][T12708] kasan_check_range+0x100/0x1b0 [ 521.869146][T12708] __asan_memcpy+0x23/0x60 [ 521.869167][T12708] fbcon_prepare_logo+0xa03/0xc70 [ 521.869200][T12708] fbcon_init+0xd77/0x1900 [ 521.869227][T12708] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 521.869259][T12708] visual_init+0x320/0x620 [ 521.869282][T12708] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 521.869315][T12708] store_bind+0x61d/0x760 [ 521.869342][T12708] ? sysfs_file_kobj+0xe4/0x290 [ 521.869366][T12708] ? __pfx_store_bind+0x10/0x10 [ 521.869391][T12708] dev_attr_store+0x55/0x80 [ 521.869423][T12708] ? __pfx_dev_attr_store+0x10/0x10 [ 521.869455][T12708] sysfs_kf_write+0xf2/0x150 [ 521.869478][T12708] kernfs_fop_write_iter+0x354/0x510 [ 521.869498][T12708] ? __pfx_sysfs_kf_write+0x10/0x10 [ 521.869523][T12708] iter_file_splice_write+0xa24/0x12e0 [ 521.869555][T12708] ? __pfx_iter_file_splice_write+0x10/0x10 [ 521.869581][T12708] ? __pfx_copy_splice_read+0x10/0x10 [ 521.869609][T12708] ? __pfx_iter_file_splice_write+0x10/0x10 [ 521.869633][T12708] direct_splice_actor+0x18f/0x6c0 [ 521.869657][T12708] splice_direct_to_actor+0x345/0xa30 [ 521.869679][T12708] ? __pfx_direct_splice_actor+0x10/0x10 [ 521.869705][T12708] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 521.869731][T12708] do_splice_direct+0x174/0x240 [ 521.869752][T12708] ? __pfx_do_splice_direct+0x10/0x10 [ 521.869774][T12708] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 521.869798][T12708] ? rw_verify_area+0xcf/0x6c0 [ 521.869820][T12708] do_sendfile+0xb06/0xe50 [ 521.869846][T12708] ? __pfx_do_sendfile+0x10/0x10 [ 521.869868][T12708] ? __sys_sendmsg+0x18c/0x220 [ 521.869898][T12708] ? __x64_sys_futex+0x1e0/0x4c0 [ 521.869925][T12708] ? __x64_sys_futex+0x1e9/0x4c0 [ 521.869954][T12708] __x64_sys_sendfile64+0x1d8/0x220 [ 521.869984][T12708] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 521.870018][T12708] do_syscall_64+0xcd/0x490 [ 521.870049][T12708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.870070][T12708] RIP: 0033:0x7fba28f8ebe9 [ 521.870086][T12708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.870107][T12708] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 521.870128][T12708] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 521.870143][T12708] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 521.870156][T12708] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 521.870169][T12708] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 521.870182][T12708] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 521.870203][T12708] [ 521.870210][T12708] [ 521.870216][T12708] Allocated by task 12708: [ 521.870225][T12708] kasan_save_stack+0x33/0x60 [ 521.870257][T12708] kasan_save_track+0x14/0x30 [ 521.870279][T12708] __kasan_kmalloc+0xaa/0xb0 [ 521.870302][T12708] __kmalloc_noprof+0x223/0x510 [ 521.870325][T12708] vc_do_resize+0x1de/0x10e0 [ 521.870349][T12708] fbcon_init+0xd53/0x1900 [ 521.870373][T12708] visual_init+0x320/0x620 [ 521.870393][T12708] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 521.870419][T12708] store_bind+0x61d/0x760 [ 521.870442][T12708] dev_attr_store+0x55/0x80 [ 521.870471][T12708] sysfs_kf_write+0xf2/0x150 [ 521.870492][T12708] kernfs_fop_write_iter+0x354/0x510 [ 521.870510][T12708] iter_file_splice_write+0xa24/0x12e0 [ 521.870531][T12708] direct_splice_actor+0x18f/0x6c0 [ 521.870552][T12708] splice_direct_to_actor+0x345/0xa30 [ 521.870571][T12708] do_splice_direct+0x174/0x240 [ 521.870590][T12708] do_sendfile+0xb06/0xe50 [ 521.870610][T12708] __x64_sys_sendfile64+0x1d8/0x220 [ 521.870638][T12708] do_syscall_64+0xcd/0x490 [ 521.870665][T12708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.870685][T12708] [ 521.870689][T12708] The buggy address belongs to the object at ffff88802229f000 [ 521.870689][T12708] which belongs to the cache kmalloc-2k of size 2048 [ 521.870706][T12708] The buggy address is located 2464 bytes to the right of [ 521.870706][T12708] allocated 1536-byte region [ffff88802229f000, ffff88802229f600) [ 521.870728][T12708] [ 521.870733][T12708] The buggy address belongs to the physical page: [ 521.870757][T12708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22298 [ 521.870775][T12708] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 521.870791][T12708] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 521.870812][T12708] page_type: f5(slab) [ 521.870832][T12708] raw: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 521.870850][T12708] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 521.870870][T12708] head: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 521.870888][T12708] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 521.870907][T12708] head: 00fff00000000003 ffffea000088a601 00000000ffffffff 00000000ffffffff [ 521.870925][T12708] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 521.870936][T12708] page dumped because: kasan: bad access detected [ 521.870945][T12708] page_owner tracks the page as allocated [ 521.870951][T12708] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 4105137836, free_ts 0 [ 521.870985][T12708] post_alloc_hook+0x1c0/0x230 [ 521.871005][T12708] get_page_from_freelist+0x132b/0x38e0 [ 521.871027][T12708] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 521.871050][T12708] alloc_pages_mpol+0x1fb/0x550 [ 521.871074][T12708] new_slab+0x247/0x330 [ 521.871090][T12708] ___slab_alloc+0xcf2/0x1740 [ 521.871107][T12708] __slab_alloc.constprop.0+0x56/0xb0 [ 521.871125][T12708] __kmalloc_cache_noprof+0xfb/0x3e0 [ 521.871143][T12708] wakeup_source_device_create+0x46/0x2a0 [ 521.871175][T12708] wakeup_source_sysfs_add+0x1c/0x90 [ 521.871192][T12708] wakeup_source_register+0x154/0x3e0 [ 521.871218][T12708] acpi_add_pm_notifier+0x12e/0x270 [ 521.871254][T12708] pci_acpi_setup+0x263/0x6e0 [ 521.871283][T12708] acpi_device_notify+0x27e/0x480 [ 521.871306][T12708] device_add+0x2a8/0x1aa0 [ 521.871321][T12708] pci_device_add+0x83b/0x1420 [ 521.871339][T12708] page_owner free stack trace missing [ 521.871345][T12708] [ 521.871349][T12708] Memory state around the buggy address: [ 521.871359][T12708] ffff88802229fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 521.871373][T12708] ffff88802229ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 521.871387][T12708] >ffff88802229ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 521.871398][T12708] ^ [ 521.871408][T12708] ffff8880222a0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 521.871422][T12708] ffff8880222a0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 521.871433][T12708] ================================================================== [ 521.915953][T12708] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 521.915974][T12708] CPU: 1 UID: 0 PID: 12708 Comm: syz.0.1319 Tainted: G U syzkaller #0 PREEMPT(full) [ 521.916006][T12708] Tainted: [U]=USER [ 521.916015][T12708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 521.916029][T12708] Call Trace: [ 521.916037][T12708] [ 521.916045][T12708] dump_stack_lvl+0x3d/0x1f0 [ 521.916080][T12708] vpanic+0x6e8/0x7a0 [ 521.916115][T12708] ? __pfx_vpanic+0x10/0x10 [ 521.916152][T12708] ? fbcon_prepare_logo+0xa03/0xc70 [ 521.916183][T12708] panic+0xca/0xd0 [ 521.916215][T12708] ? __pfx_panic+0x10/0x10 [ 521.916268][T12708] ? fbcon_prepare_logo+0xa03/0xc70 [ 521.916297][T12708] ? preempt_schedule_common+0x44/0xc0 [ 521.916326][T12708] ? preempt_schedule_thunk+0x16/0x30 [ 521.916362][T12708] check_panic_on_warn+0xab/0xb0 [ 521.916397][T12708] end_report+0x107/0x170 [ 521.916426][T12708] kasan_report+0xee/0x110 [ 521.916456][T12708] ? fbcon_prepare_logo+0xa03/0xc70 [ 521.916489][T12708] kasan_check_range+0x100/0x1b0 [ 521.916524][T12708] __asan_memcpy+0x23/0x60 [ 521.916547][T12708] fbcon_prepare_logo+0xa03/0xc70 [ 521.916582][T12708] fbcon_init+0xd77/0x1900 [ 521.916612][T12708] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 521.916637][T12708] visual_init+0x320/0x620 [ 521.916662][T12708] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 521.916697][T12708] store_bind+0x61d/0x760 [ 521.916739][T12708] ? sysfs_file_kobj+0xe4/0x290 [ 521.916762][T12708] ? __pfx_store_bind+0x10/0x10 [ 521.916788][T12708] dev_attr_store+0x55/0x80 [ 521.916820][T12708] ? __pfx_dev_attr_store+0x10/0x10 [ 521.916852][T12708] sysfs_kf_write+0xf2/0x150 [ 521.916876][T12708] kernfs_fop_write_iter+0x354/0x510 [ 521.916896][T12708] ? __pfx_sysfs_kf_write+0x10/0x10 [ 521.916920][T12708] iter_file_splice_write+0xa24/0x12e0 [ 521.916952][T12708] ? __pfx_iter_file_splice_write+0x10/0x10 [ 521.916978][T12708] ? __pfx_copy_splice_read+0x10/0x10 [ 521.917007][T12708] ? __pfx_iter_file_splice_write+0x10/0x10 [ 521.917031][T12708] direct_splice_actor+0x18f/0x6c0 [ 521.917055][T12708] splice_direct_to_actor+0x345/0xa30 [ 521.917078][T12708] ? __pfx_direct_splice_actor+0x10/0x10 [ 521.917103][T12708] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 521.917130][T12708] do_splice_direct+0x174/0x240 [ 521.917151][T12708] ? __pfx_do_splice_direct+0x10/0x10 [ 521.917173][T12708] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 521.917197][T12708] ? rw_verify_area+0xcf/0x6c0 [ 521.917219][T12708] do_sendfile+0xb06/0xe50 [ 521.917250][T12708] ? __pfx_do_sendfile+0x10/0x10 [ 521.917273][T12708] ? __sys_sendmsg+0x18c/0x220 [ 521.917303][T12708] ? __x64_sys_futex+0x1e0/0x4c0 [ 521.917331][T12708] ? __x64_sys_futex+0x1e9/0x4c0 [ 521.917359][T12708] __x64_sys_sendfile64+0x1d8/0x220 [ 521.917390][T12708] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 521.917425][T12708] do_syscall_64+0xcd/0x490 [ 521.917455][T12708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.917477][T12708] RIP: 0033:0x7fba28f8ebe9 [ 521.917493][T12708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.917515][T12708] RSP: 002b:00007fba29df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 521.917535][T12708] RAX: ffffffffffffffda RBX: 00007fba291b5fa0 RCX: 00007fba28f8ebe9 [ 521.917550][T12708] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 521.917564][T12708] RBP: 00007fba29011e19 R08: 0000000000000000 R09: 0000000000000000 [ 521.917577][T12708] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 521.917591][T12708] R13: 00007fba291b6038 R14: 00007fba291b5fa0 R15: 00007ffcf2826668 [ 521.917612][T12708] [ 521.917674][T12708] Kernel Offset: disabled