last executing test programs: 7.236690409s ago: executing program 3 (id=1209): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vbi21\x00', 0x149800, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x2, 0xa, 0x1) r2 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r1, 0x10000}, 0x10) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x0, 0x5, 0x0, &(0x7f00000003c0)=0x1, 0x0, 0x2) r4 = socket(0x2, 0x801, 0x106) setsockopt$auto(r4, 0x6, 0x19, 0x0, 0x9) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x34048854}, 0x200408c4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x2000001000eb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x39, 0x1, 0x4, 0x5, 0x7) mremap$auto(0x1000, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0xfff, 0xfffffffffffffff9, 0x8000200008013, r2, 0x8000) mmap$auto(0x0, 0x10, 0xdf, 0xeb2, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x10000000000000, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000000)=0x84) r5 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r5, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r3, &(0x7f0000000180)="a166a4d90bf9a6b1e645ebdc5340be8d6678daeb08f1efda3355a0b7c3e7f257db42bee1d59f885ce48f25b28d6cbe2d1c7f2716501f65afd0dcccbbd31510f3e9df370239eb084d729b23892077a93d4e2c2b", 0x53) socket(0x16, 0x2, 0x7) 6.471250877s ago: executing program 3 (id=1211): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) r1 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r4, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c815}, 0x804) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x9, &(0x7f0000000000)={0x87, 0x3, 0xb0, @raw=0x43}}) r7 = getsockopt$auto_SO_PEERPIDFD(r1, 0x8, 0x4d, &(0x7f00000000c0)='\x00', &(0x7f0000000240)=0xccd000) read$auto_snd_pcm_f_ops_pcm1(r7, &(0x7f0000000280)=""/90, 0x5a) 5.468262011s ago: executing program 0 (id=1222): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = ioctl$auto_TUNSETLINK(0xffffffffffffffff, 0x400454cd, &(0x7f0000000080)=0xff) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) ioctl$auto_XFS_IOC_COMMIT_RANGE(r1, 0x40585883, &(0x7f0000000180)={r2, 0x0, 0x5, 0x101, 0x1, 0xa61, [0x4, 0x4, 0x1, 0x5, 0x80, 0x6]}) read$auto(r0, 0x0, 0x9) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram0\x00', 0x6e642, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) fstatfs$auto(0xffffffffffffffff, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x842, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7kt\xdf\x1ao\x06\x89|%\'hf!\x04\xb4\x80U\xa14m\xfa\xf4\xa8g\ta{\xc4', 0x200000000009) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 5.468127381s ago: executing program 2 (id=1223): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = ioctl$auto_TUNSETLINK(0xffffffffffffffff, 0x400454cd, &(0x7f0000000080)=0xff) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) ioctl$auto_XFS_IOC_COMMIT_RANGE(r1, 0x40585883, &(0x7f0000000180)={r2, 0x0, 0x5, 0x101, 0x1, 0xa61, [0x4, 0x4, 0x1, 0x5, 0x80, 0x6]}) io_uring_setup$auto(0x2, 0x0) read$auto(r0, 0x0, 0x9) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram0\x00', 0x6e642, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) fstatfs$auto(0xffffffffffffffff, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x842, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7kt\xdf\x1ao\x06\x89|%\'hf!\x04\xb4\x80U\xa14m\xfa\xf4\xa8g\ta{\xc4', 0x200000000009) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 4.807704684s ago: executing program 1 (id=1224): bpf$auto(0x4, &(0x7f00000001c0)=@query={@target_ifindex, 0x2, 0x10, 0xa4a7, 0x100000001, @count=0x8000, 0x0, 0xd, 0x8, 0x8, 0x9}, 0x6f4) mmap$auto(0x0, 0x400008, 0xdf, 0x200000000009b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) madvise$auto(0xfffffffffffffffe, 0x7fffffffffffffff, 0xa) r0 = prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) fsconfig$auto_FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, 0x0, 0x0, 0xc) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x989c01, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) bind$auto(0xffffffffffffffff, 0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x2, "aaa80da75834a5e579ae5051b6f73897764d14324df6fd02bf4a3049aa56fac9", @inferred=r1}) writev$auto(r3, &(0x7f0000000200)={0x0, 0x9}, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) 4.228813647s ago: executing program 3 (id=1225): sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, 0x0, 0xd0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_counters/ncache\x00', 0xa001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x28, 0x801, 0x0) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_IEEE802154_ADD_IFACE(r0, 0x0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x40000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x12, 0x0, 0x0, &(0x7f0000000100)={[0x1fe, 0x6, 0x2, 0xffffffffffffffe7, 0x800000000000948b, 0x3, 0x15f4da0a, 0x3, 0x4000000000000003, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x8000000000000000, 0x6]}, 0x0) mmap$auto(0x6, 0x400008, 0x10000000000df, 0x15, 0xffffffffffffffff, 0xd) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x400) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) ioctl$auto(0x4000000000000c8, 0x400454da, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) mmap$auto(0xfffffffffffffff9, 0x2020009, 0x3, 0xeb1, r2, 0x8000) read$auto(0x3, 0x0, 0x80) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4048885) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x481, 0x0) ioctl$auto(0x3, 0x40a0ae49, r4) sendmsg$auto_NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, 0x0, 0x48880) 3.946996715s ago: executing program 1 (id=1226): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'bond_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth0_to_bond\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pimreg1\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x1c, r6, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000050}, 0x240088e4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000980)={&(0x7f00000007c0)={0x1a8, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_LINKINFO_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfffffff9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x400}]}, @ETHTOOL_A_LINKINFO_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xb0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6ea4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x48c44}, 0x40) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x208840, 0x0) close_range$auto(0x2, 0x8, 0x0) r9 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r10 = ioctl$auto_KVM_CREATE_VM(r9, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r11 = socketcall$auto(0x8000, 0x0) r12 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) r13 = ioctl$auto_KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r11) r14 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r15 = openat$auto(r13, &(0x7f0000000040)='./file0\x00', 0x5, 0xcddb) r16 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r10) sendmsg$auto_NL80211_CMD_SET_MPATH(r15, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)={0x3a4, r16, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_RECEIVE_MULTICAST={0x4}, @NL80211_ATTR_BEACON_HEAD={0x37a, 0xe, "e44bd2e5d036794bd43a53fa17347a27d3aa1ca2eed6abe326556b339142f0a7608c975c53ec5eef2ae605bb4911333346fe8955b3d50cd521064d0012c359ab0754095899596095858d4026dabbf7cbce048cd5d245e3750f91c181b84ee2d99633b9c68a1cb8276e2dd0a17f1922e2f065a524fef9d80837a5e6fa5314dd9aaffd95b916631d2b159003ce6c8fadab03ace7b3e56f47cebeb715b0e3555389e468033ebb24804dbfd6e0f445cdd8d2e360bb1faa38c4fe28c43b2a85160fdee78a3e57b4760018a30c0fd7576712d90c001ea8d38a0a9e637965e1c3f2661aa0f286d102e32defb3022d2180852f49efc052d42e7416fb7d1f51dd8c254895023691ea513ae45d37cd0f9689a01e47f9bf157bae8e03eeb8790b8a9a5dd9882b3a161d58c0c9e331bbe141aa4737a4921df2cb2d10d76342ef3a3c64cbcce56fa56d6c0205b6b10f8a4884caaac37ae724d70d9f971c3368e4e991fa26d5fdb79042619c27b9fc9af6768b3f1f68306f3c20c9765a1a61b4cc3cd4afa9eae08f0c9118bf6fbab7a5562fee196aefbb7e59fd54518181d665f2ec734a8c3ee4b8cc1c69d32e49d2621410316d60310c60348efbd86876eba417b0948f6cc9c73a6e7dec74f0a9ddb3b36c72a71aef50f0373b7c33b2b7bb87383b007e0d72f3f4d565d3a820571b37553f9329220aeefa3c13b26f369c8517bf84d4fdf099a3884cf0dd0ec7299ba2576a2d88e28fd028f2998087e60e3d59c3974bff62da64a8266c3ce9db04427d511bc7a6285dc1630aeae82b9b7c2cabb8a4b8ce5a9250e6ed68b0abe6176e2de907d1242c281546ed2f0667c20e296a7354c40c693fa8c6ba0aa84319e3f16dbbde01c6744ea9a8d3333137470adf52052a07ce30c7c8bd079874b6d5494547b98785e6e2dc31df196144eecc44dcbef25642b17316f61088b297adb1170663a618c62e41570de945a1efaeb7a459642395c87f503ac83f1afb1818908fe41875b92faeb14eba2ddf937be54df9e08299aec08684b49e4d85f151e050ddcc4c8b06a78f2cb8769fdb894a42efef15d34d0622e87dacef57fe7bcfd6f0845b5bf7b3c9a1d5c37d03436b9a15d2c6515fde81ef4398c0775a67494ef687ffb249699aeeb2113ce764c6cf3fc7f47a67bbe333dfba0c43feb3eadcedcb598a302ed8da253dfda4821038c19625c2e1958e7fc694f76cc12b4cd8d781414c1f45f67a09de642bb13967dc35b83646"}, @NL80211_ATTR_TDLS_SUPPORT={0x4}, @NL80211_ATTR_SPLIT_WIPHY_DUMP={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x5}]}, 0x3a4}}, 0x800) ioctl$auto(0x3, 0xae41, r14) ioctl$auto(0x3, 0xae41, r9) ioctl$auto_KVM_GET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x4b564d06, 0xe3, 0xe}]}) 3.913677573s ago: executing program 2 (id=1227): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x5, 0xdf, 0x15, r0, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r1, r1, 0x0) brk$auto(0xffffffffffffff66) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r3, 0x0, 0x800003, 0x270) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x9, &(0x7f0000000080)={0x7fffffff, 0xd, 0xc000, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0x1000000f, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x10000}, {0x5, 0x1, 0x21bb800, 0x5, 0x6f, 0x2, 0x1, 0x8, 0x100002000}}) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x202, 0x0) personality$auto(0xfffff032) ppoll$auto(&(0x7f0000001ac0)={0xffffffffffffffff, 0x9, 0x7}, 0x8, &(0x7f0000001b00)={0xf2, 0x9}, &(0x7f00000002c0)={0x10000}, 0x8) mprotect$auto(0x110c230000, 0xa588, 0x6) r5 = syz_genetlink_get_family_id$auto_ila(&(0x7f00000001c0), r4) r6 = socket(0xa, 0x2, 0x88) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r8, r7, 0x4, 0x1ff, r6, @relative_id=0x13, 0xe600}, 0xf) sendmsg$auto_ILA_CMD_FLUSH(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="1100082568036e873e2456bf7a4d3e0868ab2ec8059fa69e628bf0b07bf9ad6d807749e616b8727bc643f7ae8e2b62777a3825919a867e3c2cd21feb5659bf4e3b66e61bf62403cc3180c2fe1e5c34fc98cac3893e5d55355d71192fcddfa24e174cf3a09ef6", @ANYRES16=r5, @ANYBLOB="00012cbd7000fbdbdf2504000000050007000200000008000400", @ANYRES32=r8, @ANYBLOB="0500080002000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) mremap$auto(0xfffffff7fffffffb, 0x0, 0x101, 0x3, 0x0) move_pages$auto(0x0, 0x9, 0x0, 0x0, 0x0, 0x2) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9}) read$auto(0x3, 0x0, 0x1f40) 3.170844541s ago: executing program 0 (id=1228): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000280), 0x20202, 0x0) mmap$auto(0x0, 0x10005, 0x1, 0xeb1, 0x40000000000a5, 0x8000) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r1, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r1, 0x40046f41, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) mmap$auto(0x0, 0x200, 0x3, 0xf8, r0, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) unshare$auto(0x40000080) bind$auto(0x3, 0x0, 0x6a) r3 = io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000400)='/dev/binderfs/binder0\x00', 0x40, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r2) r6 = setfsuid$auto(0xee00) setresuid$auto(0xffffffffffffffff, r6, 0xffffffffffffffff) capget$auto(&(0x7f00000000c0)={0x4, 0x0}, &(0x7f0000000100)={0x3, 0x321, 0x7}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'syzkaller1\x00', 0x0}) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_VPORT_CMD_DEL(r10, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000d80)={0x260, r5, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x5, 0x1, 0x3ff}, @OVS_VPORT_ATTR_NAME={0x1a, 0x3, '/dev/binder\xedfs/binder0\x00'}, @OVS_VPORT_ATTR_UPCALL_STATS={0x17f, 0xa, 0x0, 0x1, [@generic="124e660f55234adda3c89271921b91c928153d00eccefe707b8aab42e4f8847291126672cc64608be89d014d5e3942d3b29e4e71f9c62d9601e79e70e1e5393e81a913b82a8fe024d470063c8f525d533313b296dc9009ee4a488d0edaa93bb5809cc157e63ab7844445b0d2a205f92bc3901f27515adab6b2ebf83105d588860fd1e2be1fd7f2bcdb0c849688d33e79eae6cce3af585439422359255367d27c2195d5da082d7737dfaa7b8ad4315eb7153b148762b03bf5e8e281ca01ed2f858e33f86c57707bededd286dbc95759adb8a1a1d032513ac86a930f775520b6040c69626b44da2d8daff1", @generic="3822ebcc83aedbdf959743b5bfa1ab7caf3fa70b2a8368fd1139c36c8749ca4fd92145e187a35d2207208c08ea061c44b87b847e0b6c1b614a6f0c4a26507892269dee08b765f7d9d01283cbc312a217e335d683814c62cbf29cd9864663e89b7fa4b33476c58eb456c68ab736c7d822ecb3c9a22f8297c18bdc6a506e", @nested={0x0, 0x121, 0x0, 0x1, [@nested={0x0, 0xf0, 0x0, 0x1, [@nested={0x0, 0x6c}, @generic="f4d862db6399567cf042a4cde1577994798638bbe234121462b37174c6bb936e1e830a0c8c295d246cb7042619ff6b8940642b2ff419c2310268b132ebd3be29cd808ce1e8c1248bda27728b15ff3ebdd75b8ddaa0b80203854cae516771ee23d7fe9adc3ec748df334e6b3e98522ea6dcdbec15ff1fe1c26438dba5ad070b71e494809692ff4bcb62fce6376c5b2a15b39c8abc880bc2bc05322eea75ff6436962bd7c1196752d5143a3f7a", @typed={0x0, 0xa4, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @typed={0x0, 0xed, 0x0, 0x0, @uid=r6}, @nested={0x0, 0x1a}]}, @nested={0x0, 0xe9, 0x0, 0x1, [@nested={0x0, 0xd0}]}, @generic="f5f4380ad6a4f9fd58ae7e35a2b6a2808cfda1da124f12f1613e359f0478", @typed={0x0, 0xdb}, @nested={0x0, 0x69, 0x0, 0x1, [@generic, @typed={0x0, 0x10, 0x0, 0x0, @u64=0x8}, @generic="d624af0a2aef76722ad344daac958e34b96b611e5fb81be13dcea23f00c66c4b029900318cc1d55cf32a8b123c58c95d022a6d5833552f601bc85328547bf82b1de30ed1842a2dd6d1a85c37dae7bc29210b1a50ec1d4a4396121c2bb4f139ec7266a335760b4ca73a6d49a22aaf0ad2e5a47c56ffe6f4e978963b682d146dda5832ac2e0d442b75fc71e509099bb0f6b572c2be460717794ff915701148e7ac5d0c78903a741c4312d027890d31c8238e8bfc569cd04e0d5fda90d8"]}, @nested={0x0, 0x138, 0x0, 0x1, [@typed={0x0, 0x4d, 0x0, 0x0, @pid=r7}, @nested={0x0, 0xd8}, @generic="42f92f26244a40ee1e26c629dc4ea5aa8aec3e8bc0b7af160dc047", @generic="1dfefb9abc820516c53c642f3483849817abf9184611d60bdd99a51b7c95b6acbe37d0293d8b4ceb81299060c47f682e01e33aff7232c21fe98e65f962b519315db62d56b4a34d769f28c4", @generic="a08213b3c78100ba201c0b3e18eb33815fe19038565835e7428f9988286ef1921d31055a404fb654eb639ab36dec5262acd0cfc3f0e7fae7f966a72a8dd54d471b5fcb7d1b63270f4a643d12b5d395876dbbb4e1c3013879c180686cff05d6acdccf170eda1c794b3cc72cc49f4376415e6dcb4175f7db0c690f4d7bcf13d935542b445a86484be3f338505253db6f19260b6704c42fe7f8d7a62fb1ff61476bbfc7f85565b7f1a937e3d822c80d4f5098ba6de630a39dd9544fde7006750d03eb96c58113fc32d645367cf38ab1beb5c2b673a5f77fd7382eba70fce0fbab876667ceb4c00fb963c4a07e25486265b1ad6fbc3e7d59", @typed={0x0, 0xf2, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @nested={0x0, 0x79}, @typed={0x0, 0x27}, @generic="6e5f1b1440eaa9e280b4a1fc25da04f58d8a29e01726a6877d645224a0664817c660466e131ce95a5f91ea6765c1107bf1ffe811c6bf1380f80daa200362e71ab3be9b60209f000523920606395c590d4c57f276151f9e9647b2fe9f18e626b9fb6ac613a9ec5180df369472bab18729af5b9efb16dc62c936160e97148b742da615a5e8d9dda728f50cc33f0f245565f01c4d3e09c035a1c408972659109b1395e5887fc40619", @typed={0x0, 0xdb, 0x0, 0x0, @u64=0x7}]}, @nested={0x0, 0x3a, 0x0, 0x1, [@typed={0x0, 0xd1, 0x0, 0x0, @fd=r10}]}, @generic="2fe34d93d29605404857cb2c41ac6bede849749e25c8a5bb907e19eb234c3319e9a344c34ca2d66428a31561130a6e14c86190b5e6fa20d3c357f86a2a3783e465f0d717db1c13f5cf323c8e300b", @nested={0x0, 0x110, 0x0, 0x1, [@typed={0x0, 0x92, 0x0, 0x0, @ipv6=@remote}, @generic, @typed={0x0, 0x12c, 0x0, 0x0, @pid=r7}, @nested={0x0, 0x150}]}]}, @nested={0x4, 0x6}, @typed={0x8, 0x103, 0x0, 0x0, @fd=r4}]}, @OVS_VPORT_ATTR_UPCALL_PID={0x43, 0x5, "9292ac2339618a35c74b6ea1dddb9ace429f66938048fc66b25e6558247a9b63f7b836e6c2e7fe14d00266863daa63948968aeb8008422031eb92da446032b"}, @OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r8}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x5}, @OVS_VPORT_ATTR_IFINDEX={0x8, 0x8, r9}, @OVS_VPORT_ATTR_STATS={0x44, 0x6, {0xa6e, 0x3, 0x7, 0x8, 0xfffffffffffffffb, 0xfffffffffffffffc, 0x6, 0x5}}, @OVS_VPORT_ATTR_NETNSID={0x8, 0x9, 0x7}]}, 0x260}, 0x1, 0x0, 0x0, 0x40}, 0x4000) ioctl$auto_BINDER_GET_EXTENDED_ERROR(r4, 0xc00c6211, 0x0) ioctl$auto_BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)="fc1c4959f721a2458364a2b1590d19513f344e1b39ce") mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) 3.167738251s ago: executing program 3 (id=1229): mmap$auto(0x0, 0x20009, 0x1, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd693840f03c423aa0000008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x404c050}, 0x80) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010326bd7000ffdbdf252d"], 0x20}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000300), 0xffffffffffffffff) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.911089012s ago: executing program 3 (id=1230): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = ioctl$auto_TUNSETLINK(0xffffffffffffffff, 0x400454cd, &(0x7f0000000080)=0xff) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) ioctl$auto_XFS_IOC_COMMIT_RANGE(r1, 0x40585883, &(0x7f0000000180)={r2, 0x0, 0x5, 0x101, 0x1, 0xa61, [0x4, 0x4, 0x1, 0x5, 0x80, 0x6]}) read$auto(r0, 0x0, 0x9) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram0\x00', 0x6e642, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) fstatfs$auto(0xffffffffffffffff, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x842, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7kt\xdf\x1ao\x06\x89|%\'hf!\x04\xb4\x80U\xa14m\xfa\xf4\xa8g\ta{\xc4', 0x200000000009) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 2.909582739s ago: executing program 1 (id=1238): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'bond_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth0_to_bond\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pimreg1\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x1c, r6, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000050}, 0x240088e4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000980)={&(0x7f00000007c0)={0x1a8, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_LINKINFO_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfffffff9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x400}]}, @ETHTOOL_A_LINKINFO_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xb0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6ea4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x48c44}, 0x40) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x208840, 0x0) close_range$auto(0x2, 0x8, 0x0) r9 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r10 = ioctl$auto_KVM_CREATE_VM(r9, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r11 = socketcall$auto(0x8000, 0x0) r12 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) r13 = ioctl$auto_KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r11) r14 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r15 = openat$auto(r13, &(0x7f0000000040)='./file0\x00', 0x5, 0xcddb) r16 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r10) sendmsg$auto_NL80211_CMD_SET_MPATH(r15, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)={0x3a4, r16, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_RECEIVE_MULTICAST={0x4}, @NL80211_ATTR_BEACON_HEAD={0x37a, 0xe, "e44bd2e5d036794bd43a53fa17347a27d3aa1ca2eed6abe326556b339142f0a7608c975c53ec5eef2ae605bb4911333346fe8955b3d50cd521064d0012c359ab0754095899596095858d4026dabbf7cbce048cd5d245e3750f91c181b84ee2d99633b9c68a1cb8276e2dd0a17f1922e2f065a524fef9d80837a5e6fa5314dd9aaffd95b916631d2b159003ce6c8fadab03ace7b3e56f47cebeb715b0e3555389e468033ebb24804dbfd6e0f445cdd8d2e360bb1faa38c4fe28c43b2a85160fdee78a3e57b4760018a30c0fd7576712d90c001ea8d38a0a9e637965e1c3f2661aa0f286d102e32defb3022d2180852f49efc052d42e7416fb7d1f51dd8c254895023691ea513ae45d37cd0f9689a01e47f9bf157bae8e03eeb8790b8a9a5dd9882b3a161d58c0c9e331bbe141aa4737a4921df2cb2d10d76342ef3a3c64cbcce56fa56d6c0205b6b10f8a4884caaac37ae724d70d9f971c3368e4e991fa26d5fdb79042619c27b9fc9af6768b3f1f68306f3c20c9765a1a61b4cc3cd4afa9eae08f0c9118bf6fbab7a5562fee196aefbb7e59fd54518181d665f2ec734a8c3ee4b8cc1c69d32e49d2621410316d60310c60348efbd86876eba417b0948f6cc9c73a6e7dec74f0a9ddb3b36c72a71aef50f0373b7c33b2b7bb87383b007e0d72f3f4d565d3a820571b37553f9329220aeefa3c13b26f369c8517bf84d4fdf099a3884cf0dd0ec7299ba2576a2d88e28fd028f2998087e60e3d59c3974bff62da64a8266c3ce9db04427d511bc7a6285dc1630aeae82b9b7c2cabb8a4b8ce5a9250e6ed68b0abe6176e2de907d1242c281546ed2f0667c20e296a7354c40c693fa8c6ba0aa84319e3f16dbbde01c6744ea9a8d3333137470adf52052a07ce30c7c8bd079874b6d5494547b98785e6e2dc31df196144eecc44dcbef25642b17316f61088b297adb1170663a618c62e41570de945a1efaeb7a459642395c87f503ac83f1afb1818908fe41875b92faeb14eba2ddf937be54df9e08299aec08684b49e4d85f151e050ddcc4c8b06a78f2cb8769fdb894a42efef15d34d0622e87dacef57fe7bcfd6f0845b5bf7b3c9a1d5c37d03436b9a15d2c6515fde81ef4398c0775a67494ef687ffb249699aeeb2113ce764c6cf3fc7f47a67bbe333dfba0c43feb3eadcedcb598a302ed8da253dfda4821038c19625c2e1958e7fc694f76cc12b4cd8d781414c1f45f67a09de642bb13967dc35b83646"}, @NL80211_ATTR_TDLS_SUPPORT={0x4}, @NL80211_ATTR_SPLIT_WIPHY_DUMP={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x5}]}, 0x3a4}}, 0x800) ioctl$auto(0x3, 0xae41, r14) ioctl$auto(0x3, 0xae41, r9) ioctl$auto_KVM_GET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x4b564d06, 0xe3, 0xe}]}) 2.406996157s ago: executing program 2 (id=1231): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'bond_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'pimreg1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x1c, r5, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000050}, 0x240088e4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'pimreg1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000980)={&(0x7f00000007c0)={0x1a8, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKINFO_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfffffff9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x400}]}, @ETHTOOL_A_LINKINFO_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xb0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6ea4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x48c44}, 0x40) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x208840, 0x0) close_range$auto(0x2, 0x8, 0x0) r9 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r10 = ioctl$auto_KVM_CREATE_VM(r9, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r11 = socketcall$auto(0x8000, 0x0) r12 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) r13 = ioctl$auto_KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r11) r14 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r15 = openat$auto(r13, &(0x7f0000000040)='./file0\x00', 0x5, 0xcddb) r16 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r10) sendmsg$auto_NL80211_CMD_SET_MPATH(r15, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)={0x3a4, r16, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_RECEIVE_MULTICAST={0x4}, @NL80211_ATTR_BEACON_HEAD={0x37a, 0xe, "e44bd2e5d036794bd43a53fa17347a27d3aa1ca2eed6abe326556b339142f0a7608c975c53ec5eef2ae605bb4911333346fe8955b3d50cd521064d0012c359ab0754095899596095858d4026dabbf7cbce048cd5d245e3750f91c181b84ee2d99633b9c68a1cb8276e2dd0a17f1922e2f065a524fef9d80837a5e6fa5314dd9aaffd95b916631d2b159003ce6c8fadab03ace7b3e56f47cebeb715b0e3555389e468033ebb24804dbfd6e0f445cdd8d2e360bb1faa38c4fe28c43b2a85160fdee78a3e57b4760018a30c0fd7576712d90c001ea8d38a0a9e637965e1c3f2661aa0f286d102e32defb3022d2180852f49efc052d42e7416fb7d1f51dd8c254895023691ea513ae45d37cd0f9689a01e47f9bf157bae8e03eeb8790b8a9a5dd9882b3a161d58c0c9e331bbe141aa4737a4921df2cb2d10d76342ef3a3c64cbcce56fa56d6c0205b6b10f8a4884caaac37ae724d70d9f971c3368e4e991fa26d5fdb79042619c27b9fc9af6768b3f1f68306f3c20c9765a1a61b4cc3cd4afa9eae08f0c9118bf6fbab7a5562fee196aefbb7e59fd54518181d665f2ec734a8c3ee4b8cc1c69d32e49d2621410316d60310c60348efbd86876eba417b0948f6cc9c73a6e7dec74f0a9ddb3b36c72a71aef50f0373b7c33b2b7bb87383b007e0d72f3f4d565d3a820571b37553f9329220aeefa3c13b26f369c8517bf84d4fdf099a3884cf0dd0ec7299ba2576a2d88e28fd028f2998087e60e3d59c3974bff62da64a8266c3ce9db04427d511bc7a6285dc1630aeae82b9b7c2cabb8a4b8ce5a9250e6ed68b0abe6176e2de907d1242c281546ed2f0667c20e296a7354c40c693fa8c6ba0aa84319e3f16dbbde01c6744ea9a8d3333137470adf52052a07ce30c7c8bd079874b6d5494547b98785e6e2dc31df196144eecc44dcbef25642b17316f61088b297adb1170663a618c62e41570de945a1efaeb7a459642395c87f503ac83f1afb1818908fe41875b92faeb14eba2ddf937be54df9e08299aec08684b49e4d85f151e050ddcc4c8b06a78f2cb8769fdb894a42efef15d34d0622e87dacef57fe7bcfd6f0845b5bf7b3c9a1d5c37d03436b9a15d2c6515fde81ef4398c0775a67494ef687ffb249699aeeb2113ce764c6cf3fc7f47a67bbe333dfba0c43feb3eadcedcb598a302ed8da253dfda4821038c19625c2e1958e7fc694f76cc12b4cd8d781414c1f45f67a09de642bb13967dc35b83646"}, @NL80211_ATTR_TDLS_SUPPORT={0x4}, @NL80211_ATTR_SPLIT_WIPHY_DUMP={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x5}]}, 0x3a4}}, 0x800) ioctl$auto(0x3, 0xae41, r14) ioctl$auto(0x3, 0xae41, r9) ioctl$auto_KVM_GET_MSRS(r8, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x4b564d06, 0xe3, 0xe}]}) 2.406219117s ago: executing program 0 (id=1240): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b38b0b3c7da1361fef8e0e23a77846b4e400f96eb989b4f68220f90f3df243e352f17abbc44e0cfececd72dc611200c0fc4cb84d1fc175dc31b38e002c53627c358cc121ffefc1e0f3a31c079ae368fd33dedc87d100f7f3eafc4e10d22e8e8d6c27ef8c0e1b12f18389c2473fbc695cbf8d352993273c0382ab671751b4d7bc4942acdee8681eb66d140456e01000000000000006c67926fd396c0c8b56130d7b15f8f4af2ad291a8167c8a417b4c223186e652f422d6412901803956a5fa9e7d5be14aaa9937ed9eec3b28bed7a097821f1fde88c7388ff3e003b581185248590dfc525ff65094e47bbe7b92d023c914e37d6030526c33570fc69f6e38bbdd698", 0x13c) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0xe779, 0x400000000007, 0xdf, 0x13, 0xffffffffffffffff, 0x0) socket(0x2b, 0x1, 0x0) socket(0xa, 0x1, 0x84) socket(0x28, 0x5, 0x0) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x82202, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x2, 0xa, 0x0) mbind$auto(0x0, 0x8, 0xcc, &(0x7f0000000080)=0x7, 0x8001, 0x4) 1.574834324s ago: executing program 2 (id=1232): sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, 0x0, 0xd0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_counters/ncache\x00', 0xa001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x28, 0x801, 0x0) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_IEEE802154_ADD_IFACE(r0, 0x0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x40000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x12, 0x0, 0x0, &(0x7f0000000100)={[0x1fe, 0x6, 0x2, 0xffffffffffffffe7, 0x800000000000948b, 0x3, 0x15f4da0a, 0x3, 0x4000000000000003, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x8000000000000000, 0x6]}, 0x0) mmap$auto(0x6, 0x400008, 0x10000000000df, 0x15, 0xffffffffffffffff, 0xd) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r2, 0x0, 0x400) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) ioctl$auto(0x4000000000000c8, 0x400454da, 0x3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) mmap$auto(0xfffffffffffffff9, 0x2020009, 0x3, 0xeb1, r2, 0x8000) read$auto(0x3, 0x0, 0x80) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4048885) sendfile$auto(r4, r4, 0x0, 0x5) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x481, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) 1.570084574s ago: executing program 1 (id=1242): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000000100)="0a1b9a3c3e3e006e163bb154d7886d8ea5c2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694dabdbc", 0x30) 1.230276263s ago: executing program 0 (id=1233): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x3, 0x810004, 0x400008000ffb, 0xffff, 0x3, 0x8800) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r1 = bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f00000002c0)=@batch={0x7, 0x7fff, 0x7fffffff, 0x7, 0xb8, r0, 0xb, 0x3}, 0x8) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_GW_SEL_CLASS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, r4, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_BLA_CRC={0x6, 0x22, 0x7a1}, @BATADV_ATTR_MESH_ADDRESS={0xa, 0x5, @broadcast}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x4}, @BATADV_ATTR_ALGO_NAME={0x5, 0x2, '\xc9'}, @BATADV_ATTR_BANDWIDTH_DOWN={0x8, 0x1c, 0x6}, @BATADV_ATTR_TT_FLAGS={0x8, 0x15, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008045}, 0x20000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x9, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x4, 0x7, 0x10, r2, 0x4) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/rcutree/parameters/jiffies_till_first_fqs\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r7, &(0x7f0000003900)='\t', 0x1) sysfs$auto(0x2, 0x200000001d, 0x0) fsopen$auto(0x0, 0x1) r8 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x408) getdents$auto(r8, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) ioctl$auto_SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f0000000380)="796d4101cab21d42a1a411f71b9128fd47d338c32a894f98e5f1e45b77b39bb1065dbf7baf4cd4ed8e1eb25839e181747128186eceb58181439a2644790be4b2751c9e978f9fc665036c61272a90a23adeaf8d6b439d2e5d8ab532cc368b") 1.229467609s ago: executing program 1 (id=1234): statx$auto(0xffffffffffffffff, 0x0, 0x2, 0x4, &(0x7f0000000180)={0x3, 0x0, 0xd57, 0xff, 0xee01, 0x0, 0x5, 0x2, 0x444c59c2, 0x80, 0x6000000000, 0x8, {0xffffffffffffff38, 0xc78}, {0x0, 0x9}, {0x0, 0xfffffffd}, {0x7fffffff, 0x4}, 0xfffffff9, 0xfffffff9, 0x8f, 0x7c2b, 0x2, 0x0, 0x0, 0x1651, 0x9, 0x9, 0x9, 0x7, [0x0, 0x10, 0xfffffffeffffffff, 0x3, 0x8, 0x4000000009, 0x6, 0x1, 0x9]}) r0 = io_uring_setup$auto(0x8, 0x0) madvise$auto(0x0, 0x80000001, 0x8) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x900, 0x0) r2 = semctl$auto_GETPID(0xe, 0x2, 0xb, 0x1) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(0xffffffffffffffff, &(0x7f0000001c40)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001c00)={&(0x7f0000000280)=ANY=[@ANYBLOB="44190000", @ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf2502000000080005004f0c0000b113018056efbdd70292994b5f9628f4692506922d06bc9c19cc2cae43341c9ecf511b56e02d6a8786dbe59f5821e0994aeb81173dba3f60159da7945e13ff379470d4c69091bba8486f2e12d258033a0c96ef49eb0be1fa89bf393558abd566ed4e0a6db16f856d5b855349cc43dcd23373c014d352d158a1b4202a886af8a16f417346ade69c7c2b3a5d57812861ea791e00f30c4b67e271962819022e80517296aceeeb6b60d85945b7ea12dabebd0d8b22d103f736153dfae1b0a59f36434a91539867f3fc6ada40ecda33d52dd8a2c250a5eeea1a612907583a78d728b4ddbb2e59bad57d50934925d4b01e00054d5ccc5a418ef09c72612efdc6895022774a3a9050f9d5244142fa3cbe7ca691eb209f684c8fdac7c9c04995fa93478532bca40fb414741ca9d422a64eb5589438e729c1dd9ee5163b60501f5b0871e693fd557c860341cd52c587a09413a4648aed2ed38cb38877385c2f4a783cac06929debb9e4baaca4f83299ce277e8651c1b68005d5fba84444accf07687b8767fcb981f9791f4cf991cbae4b39869c9f0669bab3673edef220072d8a13caa98b5ea405dba845f805ac30e90d360d736e2ad524945246112fa86c4f5dc7fa19b6c14c1a7b4fe966cbd750c4fca0f2fdeabe5947425f4d87f07cf5d8251a26ecbe76fa7a2f9166d62d910de59ff8b79c42760cf39bb30c37962bef5e079f417a55afed93826aa6f0ba585e116c2f83f322eae522b249b154fb2c7a7094f294ef2e3c09be3f47af58633f1413727fcce944605e755c4155f1d1ad6e54b65fcfc15aae7cc6fe490e9859e7341e4d956bc67564dfdd9b97bd0f9d8a332e5e04fab3e198f89345b67ef4f84916a4ebef3aaf3cbb0a00118dd163b91fa90c1edf73a150caf15612e5ff840ce5a4100fe67afcf015694de5dd8a4c73f7bb68986ef80aa4c6495708003200", @ANYRES32, @ANYRES32, @ANYBLOB="3bc0258df86e5ecbd17bcd5e26439512cbdb64ecd9efd32004c96b94ae5064464867d2f10da0e0e0e788d366a8e0b9da4ac43f18b0cdcd56e45a26f79c5a2ac1745a1f5af0a3cbc7ac1463c52f328b7bae14ede8712bdeb60b53637c607587fb10b37c301ca7fe4d0094fbd972f606ca7fc3b26ee1e9a69c2b56e7119e1717a106228565b7d2e2a9c3b0b84743fdc7f2033cbe90352fef4252c2166fcf588421a4a304abc4d766b23b56919c61475e18fb060e18a45ab368cfe17de69c98ae872a3f6a1fa8eab0b514e604107c0092a6e17c9c46a37f5621763cf5a33199f21192414006d1e196619bab747c31aba44598c84fe5968d8a597a61dc3d0454ddebcfacd927af284592bdf23eb2d5cf7b94eb991e801c3e776c189403edad0731f21b14572d1d9106769605efc99abcc211bee2f7ab069369b42be7319b3227a7b1d6145a79c08656bba8157b9a09af8491ff9040c20775a81f972b8614688a23243d1a30be0f65ce4fcf52fb95d580cf773852f27630f3dac04a6a539f4d7a5c8792dd5925a9e76fd496cca112653d233917f7099fa2728acb017eea2d44051043b3f707200d0d85e1e2ba02e8f7ab87337b2582cd45cb94894f640d976af4d17a56aa8baccfbd44416f4be62d64705847ebb24cdf8a2600a319b9669c3483ff5b3e35b9f2e8a89fad08d3a5e3ffc23e949f03163975127a832599db7a4f8b6ec0a6a73789fade2526b67a860fadf3573cf4d7c8d7b56d931d51e7febea07e549f38bf79ba6bec27684377981f5cc87405fc9e71c0a4d5ba0aaf6a7b3a02c31f76c26452e09df772b8295485d5922f4198a4da230b52a551917bcda27409687b550dcdef66069c8873fafc185f033caa28eea8afdf0e73ac16b6a2430936b660b7000cb99b57e9cd25858a83036d1bd140e1b9d4f57fd4a8e42eb62791b53105cf4d7abc38d22eed39e0ee675c5823bc1c9617736895950896945fea1e8ff5f987c777fef4c44b96134d02d3ee801091fcd13ebb2ac4e75e4b64f5b09dff471a1cf8a4fa8fdd521904e0d8499bcc24c6511e54a4894b6dca43510c7e6abb65757aeb30a07780d42b768a34b27fd402f33da1238ed421a965506620992ff95da86c23690d8cc784ac123fe31ee97a3224361cd5051c39c20d9ea5391ac9b84ed907473ca442a23b3655b624e7ade5a609b73e1249e96d2751ed1906918929701b10457e01d23497370e84ba7f774384fc67ee2b4d0ca47d08a108fee9c566352ec53c45d5cc7015ea421ba66bdec5f8c71f9af7b7bf2ec19df90cb625b62b14cca7553c32947cd58f50faaa50304139c304608d3dc3ad7b4d85656603d0e77c47f936c7d583cd63e4d8e890f4c09f5f6d32d9baee2fe89e0ce17ea0a12068dc9723d92b63641134bbf518060715da2380311301449c02671e1a83cb058ea1dd6879492674b297d14eacfe53f475164299f09f6dfee543155e7ada97cb1c74a57d49e72dd05e9266ebd59b4c4efd9f51a5941e704997b2c827c6cca57f536d798e636bd5c7eec5d97015714a1d1a8cf7e3780b5d761a551dbe5cef919e36385367af5f769b44c8934e07689f153e7c80ac10e80e56b740c7b589f582791ff69724352668e5b8f8cce64c18a01d458ddb3a2b64ae067aa22b2099ad97e06da2e46e8a84ecd854b6a179c74d928bb8e56cad71827948843acd670b1e9c1e5a99bd8fd0d250f4436036ef47817dc6070c91a435a1e6a6e4f6797a9b7a2c992a7700176d3e93554518b6c4916b02a40e3c391d79dcad21e339b918eaab3f98bd47e0f3cdacd03916caefa1fe09ea275db15df9fe90bd8e09479f67e20ce872846b0fca60679e61c231da29ab7cae854c2c05a24f87a2579445f1b250ca4cea4e45b96d9d38180026eacccc089e15414c7733cbadb80f5f135b8f1cc121efb5d9800171cea9abd5f6ef80934890a21073392b9109d2ee4abdee2de4b42701ce0e9c25ecd079f59a1d3beddaf46c146cf4521bcd400a2c851f7a056a8b86336ad69467e2826708f1a8b5d881d6bd9544c514ab9cad9ccdd6467c078f92cede1bb528017df2f0844b7c1c71dcebc69e1461de96247efc1f5c98c169d7f7466a432d3c3b57e07b76b316fae1bc9541e60a5f223e1fb165f5528406b6afd14891b8cf2308e172b50f429db9c90a1294fc6fd9f70ae4545bea94e792177506650cbb0edaf95630c666405c6d2c78507201a911e4d941a31a55cd49613dbba84c1ecfee28c3287b7beb0769c801e6ca56d261c571c5eb819f7cb5028e08e64fd3a4a4e229dfad14d32dc1f6e4aa3c1a151665cb1c19f2113ca890190c4dfa6edf5cbe8419b7757836a34cdd24d903800176ff6e6041ba0b41c38d4ce563b3a69aec67da6ee17e3916d11a4af8eb1bdbd6a34df7cd78e0eedfdd2346c6733470675ccb7c197b5afc2338129ed9ca0ff732e31c9835d5116601463c8c44d1fbd26e3fbd0bf902cb4be6e2d85565a7b5ef9863b0d1097666bb8e82f155411a7a692d2153ad4491c9a39e3d4a0925807efc63d3499e3bd07a64ebfd937c6b20d429afb356099686dab7a44f2df41d815ff7842b14c7a07e2ff7166c4a36d5e7c7f27c0c2b2012fc468036709be60025cf26aaf02d0b28453c05299cce4123e1ec9209ee8fa8a564939851d89380f23006f03afb01553f23de3ed1623609964c8c4903879bd1dbe6795aaf9e6ac1f336f9771c64a8eb8abb07fd1b8e3891ced629cdccebc44528cedff22441ea7719b26b52bcdb38df0e398e374975e576da15ac3dcb8b7ccdf93f468a99b5d412c659bcc51378cf05a8aa842dea6ef600ccbe7f36f900f2b9be22a58b5b9b6477791ec567e6db341026c743d5776c01535bcf323b23023a4538ecf8cec47f2ba62dc2f038ff72e76858e13f65717583c611b5124cdb7f88719fb9c36ae8377ab0ed470c9bc7c415359fbb04d6d601e8ef5df578a562c7595003f85faa6ec9834417927d08d9876b4e5f31adac7589f4a29daff717b862bf50140ab8f2146b3a870a2df4818f79c786b38ab9ee82e6c0259867366cfdf60adb4f9553a4a411bea4350e9cff4aac9980ab1c8994b07de8cbffaede4695eb53d1aeb23682e823f70193b5a07f9f2eb0350a134f7e6ed9437880ff023ef660bd62bebc4e62640a6bc9201730c154315698e6eb50833229cee160c1c79b22d1fde8bd1e22bbd0364b1ad9cf3e80adf96f53fa782de74ee9e84adb2cc560544db5a2f1a50059a792b7fa3e76ab08df70f907bd18dad8ace7c6f11a62335894cbef00e4b2dd629e83135d9120ac4430f818be46b01fc4b024c3be81e9197bda85cf0e386a06ebb8af564d9613e51009129862c76ab4ee2c5f1fc45f92fcaa2a2c34b0e028d44ce9bf921a221bac5bea0100fb218e6ea4f0a7e7a5a8df57a334e6825e0d8d415d3eafdadda7f75fba9711bdaa5a7e8d6a11ef48948bfc01180c75cdab7cf19cc0054b63e8f1ced58836c2f67b17ebb75f1fb7641ae27f47aa6e2fd7559a9daba157025936a887f03d3af8b6fd859dfa1fc59b140116ad603449ef02317e6046ff219cebc2175938e300cbbc87a3c41b3e4908c81af1039d0a6b713e9721da6b5128386101fc467e813b8c2cc4dc80dc49cf8c089110eab476945b3ef24604a3738e81f98d4ad62847d163d097aa68dfc7d19584e01b1157a64523b1d7e0ec3b7b60149c3cdd475100560f95f5d57b3f7d57ba02b11dc94f08134357d04ec038796e57064d8750cafb1c12958c911f8e45c16d86a4d0356887db7373a0b4e4f956db6a58d5edb57a1e68491b21191264185e279f38d31f9dc182f161c1a3b928fb34943460260805daa078c42cdd299e124afaee0197e8e58debf6130a85cfdecbca593f6e48d600d72336b68adf538c2d871727f29ddff3ed3344d40592d9419f31843f4910b2adaae1e36fad4e08f5f67c0968ea71f5a0cece549c6b3ada47046141095bcf91833c391ca648aa7058da2b6cb1e101fe8575e1f9efeb802ae340543b5629a941ac08a7eaf425de9687d59d5d62594e11724a18cf4b8eb6cd24affe1db05eaf5a91049fb576ab500ed38a64495f7769a2a7a54d0cb1879ad6d5e6100fb54128c8d22e780d4b15e92999e560344821afbba95fc60b12793f6f822cc9d4ca18c47d79997ff432ba51d3a9a97a9f29d9be063055a33757548c20fe1cc7b574354bb830a6d31a53292b57a7555b535993f222b33007d528a554b27587d2dd14101d4344d08fecf13499f373ce73b2fee74d9f7a34bda594c31720b1cbdd61f5cee9fd9a8bfef1ef2e832043528f7918cb4612cbb920ae8feb9febc9fa42e0f159b9467ed691c5cfb357f23a67bcc55becda173bf16b107141e65612afdc85a25a68f13cbf6d97f674887b4aa9db683d6cd60a76f6f7aa1c72852496a872881f7ab387f57316d557ef53d20b6db8c637a1614c65fd75dd4c9886bb60fcc3c54b5bbee823e3327ad18d08771fa47318a1c52cdc3e668ab60091198d9c27665ac193f7d8027ac296a3bde21f3754c24db5e6291b23bfbd30cb13a78c4e0abe16db07210f068764392d2dcfcb9d56d7ca6692ff9bc043ea2beba2e963d016ac61a0e0e3bd1dd0429c62bac5e2f737f45981e54585cb1f44038ca619924a4f39cb87eb9cc8bee27dd9c7aed67b3910f27c9ac8ee87be1c7c60b292e8ab1b78e7c3d93fd34cec6c31e5da6c153dfe13f430e189429ed46acca5d0558335bd04c0fb34a4c3daee5f27219a5195738399c70477403a5cde6f04419c884dca1a7b2d1ab24d1e83b557d967576b7b7b1b13b2da73906f5356c4c7b24191c99ad76daec2210732e5899e191c26f609de968b6975a74c5a445d05dc216651b8ecb773e0c9424a07d8e4e6517edcde28a1623a85c9b410a56a231b4a0e25598a06cf357172ac6540bb1fc37434dc1c217b17b3531d8e45aac8b4549415c1c803a5b2ad658c0b8f5ad1c939513541d5cb8249314af582509c8c1ce4db5515a129470fc10cbf714562bf1f4a1376bddd79c33cc4ee63a545f2cd1d6219d52d53ced59800c567b2e6811f2d9237cf89ddea900176cc4057cb62877df4415a8b2f1e8bc5d0f00941fecc866f6356bed96949f70431b6bfe382433d0eac05bce5b272463f61fbbcd3613dd4e7dd60f3701fa8911daaf446e5f85fea3cd6066953f75744755df3a3332dd7ee2ae78a97669983030193330aaefb1e6ed6f5ae8b5d0d4c1b8e72100bcf103e9604ca9cd295efcc029592dc1d3518557dcfdc906ef16103bf49d4c3a54368979add39f1a1fe782c967487fca9130db2a6b895a1c1cc63d88177da799e794c2dceabe6cf65a3c93f234a26c60652376b993853f051c75a6268aaaf8c0c887a289f07df7a7f12f8c0609bd10fc1a59b60857fdc7bdf8a646ac8cdfbdbca6bc655f954819b4703fd1f6c2b70ca2cfab181426318be23727341bba6add86c203b898057bf90a314501116c2ba2971ee868498a5b366e364f2fc93463efd3eab804a021f8c85cd6bbc2eab5632dd9585c2e8fcf1633d128559cbc409046dcd85b9454c566ebce0d6683556576a8ed52d75ccab58f78c5aece9cf4108c28f67ae71d60dcefe1749dcf381d0b45677884c0a6c1d06080c395be3bae77dc2ad8e6a549c0ad4a943e8da6cdc1ed2fcae3636b3bced5fa5ec3233c812030323491db046f23b44d2b1c8b7d5416e0de14f20ebd3908ad3880836b65bb5f6972aef09515910507f8ad2cc30effbc5a32f79411c2de54cbb51ee9fd99dfe8f960d43bb26e6568049f41058fcabe0827c2119690f158f094ee8975d0f07a2d21a91fcd6bb54834b7bb44dfff83ef58aedf1a25abdbdc8a5643215a6443d9721d8ce799bb65046a3e3b92a24c1deb6385835a1a3839e4e68643962b3213991c6ab1c9a907b06e1168e2933c7f070e9cc3bd544c599e840c24097c84710f5f4fa264873cfd3fafc3b0faeb566c436e0d373bf8173eaf2aee4b9d3bafcfb4f39c031af124be98adf53fa66fb7d590375d79171089287ca3fd9e1da1297df31b0527cc6a0e2630da1e6d5e93c52cbb6cc1400000000020180e3001e800400cc800400df802e33af459966d5bca9b4c8c385acf3ec170534721792b657c9d88c0f16eab5ddbbd42d585cf5c092b63de43af01d4d3b264e2aecf8e1974e0d27edbc9f6c05145a5ba7a03a79fd2bd5e65dcf85dfb2279e059e33f2e78f1f3617d6c5805e99b4892ca6833334000d69d897a2e9008166b040a6bd3676499442fc48442e4c4ca53a312b907a1342650022689782d13adc97210bb6b550b962565892a2ef75921959c0c9271171fd2df434f4ce713fa025b929fa90f30f44980dd286d0b63879", @ANYRES32=0x0, @ANYBLOB="0c007000f7ffffffffffffff00ec0048809379bbc58d06192483beefc4bcc7598157cf2d524c5199f58b5c8c94880939b582014b006c0c3afb8f416d83570655f9f8d0d6bc78b9dbb4c584ef57564b22cd4f84fc67e65b3cfa7f9a10794e70a38341f97e585529e1f4879467c58466708a719c6824a2ee8f0256ca94188d0c89453df13b26469905cf5d4602fe8692ec4ccc4baa135ea5eb0e9566c0f648923a2ecc3721dd088bffe424520774510e4100232b2df98af5eb4270a192d708916d035b9d7d26acb0b342e2a903c9fa846ac525d3c6819dec1f8b816faf9af74b16a5024798140c03ef5608004900ffffffff08009500", @ANYRES32, @ANYBLOB="0400410008003300", @ANYRES32, @ANYBLOB="132e2355a155cdc75420b98514005f0700004d00000200000800e000", @ANYRES32=r1, @ANYBLOB="08001a0006000000080011000400000008000b000600000014001200766574683000000000000000000000000e000d004e4c424c5f4d474d54000000080006000900000030030c80a200b3800e0036004e4c424c5f4d474d54000000b4413fa93966c720fe963dc92674e7f8b58c7501786407beec140e18c33ec364b92bcd57dd8b6d9146fec15ff261842b10a9292ebb83084ab0e24048928649ea7ee5274c070203a0839a6690b889704c098de2d70fe17d456031b9aa9bb4f9e799fe4b51db614efb4154fdcab848a3c294927fbf0fd2bb919edaec7f6bfa68f58d97bf6401ec04008200040008800000a2003980d71184aadf115c15d5bebb52cc84c18ce7eb6ccd9a7178e89f87f5e17acb44cbec266b56b9073cba17721a3349780cd93483152f8d27b3d0a1d7e5edf7ad8e721957db7eb62e7728303a625a1f86c60587af1ebbbabf017c9c9d3efb23b64fcde323701021930d0899c87828426c8c7db8b23e1db95e9d3dcdca53872cdd9e95914c37ee25a7e58a298f4541504f17b5c3d937843e31e5125a25eb3c381700001000ad8008004a000024000004004d8008007e00", @ANYRES32=r2, @ANYBLOB="fc004680bc36e01b6c340d8f6c9f402346c1b41b26883f54bbb2064be3ae37d2ce33aa683bc58f4b1b557082bde4dfdfad6c161b4d19e3b0d2e4aa8bb3e407510902a9c7b7d4d55012e0d4080185af33bf155fd64cd8aaa232f7a4db0279261e959b48de717fd33a2b1810ba5daef9507d7a9035d6b5fbd427b03216140bb86f42be001bc7c7e9f73246f2883cd4f78622e834ed3caf7d689288296f877ec167f1702f73d5a4465a4706604049f8b43d5fe6ae43941b13be3709854955b242166777c13a42c16bd9228ceb9f9c87b2003f79e3f3fae4799bfc9f049829ba63e9f547b0f3e484cb33ca66d500c4e7f7a97d69cbfe19e4b9bd0400f680a00081800c005300ff000000000000008900f4002b792f6dacca461a2cfe5a60d8c10c9b88543b0c0db1e5b0d24d1e73e92072fb6b6f57a058f930f05d08c757f3b6ed4030f60bd711b922387d07a6631a197dfe31f2011355f0f6dd5d05cde0797f3aa8f8295dfe6dc9dd4072d901bbf623614f1d908b", @ANYRES32, @ANYBLOB], 0x1944}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000001c80)={0x28, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@THERMAL_GENL_ATTR_CPU_CAPABILITY_EFFICIENCY={0x8, 0x17, 0x619}, @THERMAL_GENL_ATTR_TZ={0x4}, @THERMAL_GENL_ATTR_TZ_TEMP={0x8, 0x3, 0x80000000}]}, 0x28}}, 0x40000) mmap$auto(0x0, 0x4, 0x4000000000db, 0x40eb1, 0xffffffffffffffff, 0x300000000000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x40001, 0x0) ioctl$auto_BLKDISCARD(r3, 0x1277, 0x0) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000009c0), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD_OLD(r4, 0x40045402, &(0x7f0000000a00)=0x105) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(0xffffffffffffffff, 0xc1004111, &(0x7f0000000600)={0x3, [0x7fff, 0x6, 0x9], [{0x200, 0x5a, 0x1}, {0x9ce8, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x18, 0x1, 0x0, 0x1}, {0xa, 0xa74, 0x1, 0x1}, {0x6, 0x401, 0x0, 0x1, 0x0, 0x1}, {0x8, 0x8, 0x1}, {0x6, 0x0, 0x1, 0x0, 0x1}, {0xfffffff8, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x0, 0xfffffffe, 0x1, 0x1, 0x1, 0x1}, {0x8, 0x1, 0x0, 0x1}, {0xfbae, 0x4, 0x1, 0x0, 0x1, 0x1}, {0x8, 0xc, 0x0, 0x1, 0x1}], 0x1cfa, 0x7, 0x3, 0x0, 0x8, 0xe, 0x8, "121a5dd39a395dd22903d4a132fbe843ecfa71e97f1059086ad2897dc5316e5bdcf8bf17c074cb0358d24d87fa8e6688916fa22fc8fe34bf993aa36eeaf242f9"}) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x5a95, 0x95f4da0a, 0x10001, 0x3, 0x62, 0xc, 0xa, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) 1.080918992s ago: executing program 3 (id=1235): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = ioctl$auto_TUNSETLINK(0xffffffffffffffff, 0x400454cd, &(0x7f0000000080)=0xff) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) ioctl$auto_XFS_IOC_COMMIT_RANGE(r1, 0x40585883, &(0x7f0000000180)={r2, 0x0, 0x5, 0x101, 0x1, 0xa61, [0x4, 0x4, 0x1, 0x5, 0x80, 0x6]}) io_uring_setup$auto(0x2, 0x0) read$auto(r0, 0x0, 0x9) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram0\x00', 0x6e642, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) fstatfs$auto(0xffffffffffffffff, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x842, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7kt\xdf\x1ao\x06\x89|%\'hf!\x04\xb4\x80U\xa14m\xfa\xf4\xa8g\ta{\xc4', 0x200000000009) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 926.800837ms ago: executing program 0 (id=1236): mlockall$auto(0x7) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) socket(0x2, 0x3, 0xa) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r1, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x8, 0x0) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, 0x0, 0xc000) setsockopt$auto(0x3, 0x0, 0x30, 0x0, 0x10001) r2 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) mlockall$auto(0x0) fchdir$auto(r2) mkdir$auto(&(0x7f00000001c0)='./cgroup\x00', 0xa) r3 = ioctl$auto_TUNGETVNETBE2(r2, 0x800454df, &(0x7f0000000100)=0x3ff) open_tree_attr$auto(r3, &(0x7f0000000200)='./file0\x00', 0xfffffff8, &(0x7f0000000240)={0x6, 0x8000000000000001, 0x81, @inferred=r0}, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) rmdir$auto(&(0x7f0000000080)='./cgroup\x00') readv$auto(r4, &(0x7f0000000040)={0x0, 0x3ff}, 0x1) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) chdir$auto(&(0x7f0000000180)='./file0\x00') rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') 89.904116ms ago: executing program 1 (id=1237): mmap$auto(0x0, 0x66e, 0x80, 0x20eb2, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ustat$auto(0x801, 0x0) open(0x0, 0x22240, 0x155) socket(0x11, 0x1, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x12b882, 0x0) socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1c\x00', 0x40001, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_REWIND2(r0, 0x40084146, &(0x7f0000000040)=0x80000001) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mq_open$auto(0x0, 0xde8, 0xb, 0x0) mq_unlink$auto(0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) write$auto(0xffffffffffffffff, 0x0, 0x8000000000000001) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.unix.ip/flush\x00', 0x40d81, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) getpid() openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2100, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, 0x0, 0x40800) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000140)='/dev/usbmon17\x00', 0x40, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) 89.776381ms ago: executing program 2 (id=1239): mmap$auto(0x0, 0x20009, 0x1, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd693840f03c423aa0000008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x404c050}, 0x80) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010326bd7000ffdbdf252d"], 0x20}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000300), 0xffffffffffffffff) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 89.17009ms ago: executing program 0 (id=1248): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) lchown$auto(&(0x7f0000000080)='./file0\x00', 0xee01, 0xee00) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x19, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0xc800) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendfile$auto(0x3, r2, 0x0, 0x400000000006) 0s ago: executing program 2 (id=1241): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x800000000001, 0x0) write$auto(r0, &(0x7f00000005c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D_#\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d3.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc^:\xd1\xe3\xf1@\xc0\x93^:Mn#Oi\xaa\x92X\x93)\x8f\x03K\xe6\xa4\x11?\xf1\x02+\\\xf9\x8b\xe5l5\x11\x006c\x907E\xeb\x81\fB\xe3\xf8n\x8f\x94V\xbcB\x9cm\x9f\x15\x00Q\xf8\x8fFW#?\xd5Z~\xa51\x832\xbd|\x19\xda\x8e\xff\x17\r\x96\xa3\xcc+\xf4a\xffN\xd2_\xe5\\\xf8Lzc\xd4\xa0\x1f\x04_\xf1\xc6\fO\xbe?)Q\xc7\\B\xdb\xeaI\xde\xe9m\xf5\xf9\x19\xd3@IK\xe3c\x0ek\x8drZ\xad\xdc\xbb\xfc\xd4\x1f\xdaOW\x87\xb6Fm\x12\xadw(z\\j\xcc0P\xaeC\x9f\xbf\xd5\xf9\xe3\x85~cG\f\x85\xd6\x84ma\xfd\xdayNj\x80\xdd3^\x87,\x14\x8e\xbe$\x05\x8a\xb0 M\xf6$B TCs\xa9\x91dil[\xfc\a\xbfD\xd9\x8d(F\x1e\f\xec\xe9K|h\xf5\xcaUI\x18#\xbed\xa8C\x8a\xbb\fE\xe6\xa3|\xf7\xa8\xbb\xd3\x97l.V\x02\x1c\xb6c\x00\x00\x00\x00\x03\xa1\xc1\xc8\xe2=RK\x7fWV;\xe4\xccTsf\xa7[\xdd\x9cR\xab\xf81s\xbc\x9c\xaa\x01\x00H\x9al\xb9%u\v\xb4\x9d\x95\x16\x01\xbbT\x99S\xf8A\xcd\bRC\xf4\xb0\x1a%\xdd+1\x81\x9d6\x90\xe8\xc6\xc1\x1e\xf0~\xaf\x10g&\xd6\x01l::V\xdbJiVW\xab4G\x97\x9cl\x00\x00\x00\x00', 0x100000a3d9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) pread64$auto(r1, 0x0, 0x8, 0xffff) openat2$auto(r0, &(0x7f0000000080)='./file1/file0\x00', &(0x7f0000000100)={0x3, 0xfffffffffffffff8, 0x3}, 0x5) kernel console output (not intermixed with test programs): .2.70 Not tainted syzkaller #0 PREEMPT(full) [ 100.084470][ T6220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 100.084483][ T6220] Call Trace: [ 100.084490][ T6220] [ 100.084498][ T6220] dump_stack_lvl+0x16c/0x1f0 [ 100.084535][ T6220] should_fail_ex+0x512/0x640 [ 100.084558][ T6220] ? __kmalloc_cache_noprof+0x5f/0x800 [ 100.084587][ T6220] should_failslab+0xc2/0x120 [ 100.084618][ T6220] __kmalloc_cache_noprof+0x80/0x800 [ 100.084642][ T6220] ? relay_open+0x121/0xad0 [ 100.084674][ T6220] ? relay_open+0x121/0xad0 [ 100.084699][ T6220] relay_open+0x121/0xad0 [ 100.084724][ T6220] ? debugfs_create_file_full+0x41/0x60 [ 100.084749][ T6220] blk_trace_setup_prepare+0x38e/0x700 [ 100.084781][ T6220] blk_trace_setup+0x1c5/0x3b0 [ 100.084811][ T6220] ? __pfx_blk_trace_setup+0x10/0x10 [ 100.084835][ T6220] ? vsnprintf+0x331/0x11e0 [ 100.084877][ T6220] ? __pfx_vsnprintf+0x10/0x10 [ 100.084924][ T6220] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 100.084959][ T6220] ? do_vfs_ioctl+0x128/0x14f0 [ 100.084987][ T6220] blk_trace_ioctl+0x2ce/0x300 [ 100.085012][ T6220] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 100.085042][ T6220] ? find_held_lock+0x2b/0x80 [ 100.085068][ T6220] ? hook_file_ioctl_common+0x144/0x410 [ 100.085095][ T6220] blkdev_ioctl+0x1fa/0x6e0 [ 100.085122][ T6220] ? __pfx_blkdev_ioctl+0x10/0x10 [ 100.085152][ T6220] ? __pfx_blkdev_ioctl+0x10/0x10 [ 100.085178][ T6220] __x64_sys_ioctl+0x18e/0x210 [ 100.085207][ T6220] do_syscall_64+0xcd/0xf80 [ 100.085240][ T6220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.085263][ T6220] RIP: 0033:0x7fbda0d8f7c9 [ 100.085281][ T6220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.085302][ T6220] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.085322][ T6220] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 100.085336][ T6220] RDX: 00002000000004c0 RSI: 00000000c0481273 RDI: 0000000000000003 [ 100.085349][ T6220] RBP: 00007fbda1c73090 R08: 0000000000000000 R09: 0000000000000000 [ 100.085362][ T6220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 100.085372][ T6220] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 100.085406][ T6220] [ 100.333512][ T6224] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 100.344490][ T6224] FAULT_INJECTION: forcing a failure. [ 100.344490][ T6224] name failslab, interval 1, probability 0, space 0, times 0 [ 100.357437][ T6224] CPU: 0 UID: 0 PID: 6224 Comm: syz.1.72 Not tainted syzkaller #0 PREEMPT(full) [ 100.357457][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 100.357466][ T6224] Call Trace: [ 100.357471][ T6224] [ 100.357477][ T6224] dump_stack_lvl+0x16c/0x1f0 [ 100.357501][ T6224] should_fail_ex+0x512/0x640 [ 100.357523][ T6224] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 100.357544][ T6224] should_failslab+0xc2/0x120 [ 100.357565][ T6224] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 100.357584][ T6224] ? kstrdup_const+0x63/0x80 [ 100.357606][ T6224] ? kstrdup+0x53/0x100 [ 100.357619][ T6224] kstrdup+0x53/0x100 [ 100.357634][ T6224] kstrdup_const+0x63/0x80 [ 100.357648][ T6224] alloc_vfsmnt+0xea/0x6b0 [ 100.357663][ T6224] fc_mount+0x105/0x220 [ 100.357678][ T6224] trace_automount+0xfb/0x110 [ 100.357695][ T6224] __traverse_mounts+0x1b9/0x830 [ 100.357711][ T6224] step_into_slowpath+0x772/0xf50 [ 100.357727][ T6224] ? __d_lookup+0x25c/0x4a0 [ 100.357744][ T6224] ? __pfx_step_into_slowpath+0x10/0x10 [ 100.357759][ T6224] ? __d_lookup+0x266/0x4a0 [ 100.357776][ T6224] ? lookup_fast+0x156/0x610 [ 100.357790][ T6224] ? inode_permission+0x37b/0x640 [ 100.357805][ T6224] link_path_walk+0xd26/0x1c70 [ 100.357835][ T6224] path_openat+0x1bd/0x3140 [ 100.357852][ T6224] ? do_syscall_64+0xcd/0xf80 [ 100.357871][ T6224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.357891][ T6224] ? __pfx_path_openat+0x10/0x10 [ 100.357917][ T6224] do_filp_open+0x20b/0x470 [ 100.357935][ T6224] ? __pfx_do_filp_open+0x10/0x10 [ 100.357966][ T6224] ? alloc_fd+0x471/0x7d0 [ 100.357988][ T6224] do_sys_openat2+0x121/0x290 [ 100.358002][ T6224] ? __pfx_do_sys_openat2+0x10/0x10 [ 100.358022][ T6224] __x64_sys_openat+0x174/0x210 [ 100.358037][ T6224] ? __pfx___x64_sys_openat+0x10/0x10 [ 100.358058][ T6224] do_syscall_64+0xcd/0xf80 [ 100.358077][ T6224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.358090][ T6224] RIP: 0033:0x7efc1d98f7c9 [ 100.358102][ T6224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.358114][ T6224] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 100.358127][ T6224] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 100.358135][ T6224] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 100.358143][ T6224] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 100.358151][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.358159][ T6224] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 100.358178][ T6224] [ 100.860379][ T6228] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 101.011230][ T6238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.75'. [ 101.055780][ T6238] netlink: 5 bytes leftover after parsing attributes in process `syz.2.75'. [ 102.010103][ T6254] binder: 6253:6254 ioctl c018620c 0 returned -1 [ 102.189412][ T6256] FAULT_INJECTION: forcing a failure. [ 102.189412][ T6256] name failslab, interval 1, probability 0, space 0, times 0 [ 102.260660][ T6256] CPU: 1 UID: 0 PID: 6256 Comm: syz.2.83 Not tainted syzkaller #0 PREEMPT(full) [ 102.260695][ T6256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 102.260710][ T6256] Call Trace: [ 102.260719][ T6256] [ 102.260730][ T6256] dump_stack_lvl+0x16c/0x1f0 [ 102.260772][ T6256] should_fail_ex+0x512/0x640 [ 102.260798][ T6256] ? __kmalloc_cache_noprof+0x5f/0x800 [ 102.260830][ T6256] should_failslab+0xc2/0x120 [ 102.260865][ T6256] __kmalloc_cache_noprof+0x80/0x800 [ 102.260894][ T6256] ? tracefs_init_fs_context+0x43/0x110 [ 102.260923][ T6256] ? __pfx_tracefs_init_fs_context+0x10/0x10 [ 102.260957][ T6256] ? tracefs_init_fs_context+0x43/0x110 [ 102.260979][ T6256] tracefs_init_fs_context+0x43/0x110 [ 102.261001][ T6256] ? __pfx_tracefs_init_fs_context+0x10/0x10 [ 102.261034][ T6256] alloc_fs_context+0x629/0xf50 [ 102.261066][ T6256] fs_context_for_submount+0x26/0xc0 [ 102.261091][ T6256] trace_automount+0x49/0x110 [ 102.261119][ T6256] ? debugfs_automount+0x12/0xe0 [ 102.261152][ T6256] __traverse_mounts+0x1b9/0x830 [ 102.261183][ T6256] step_into_slowpath+0x772/0xf50 [ 102.261213][ T6256] ? __d_lookup+0x25c/0x4a0 [ 102.261244][ T6256] ? __pfx_step_into_slowpath+0x10/0x10 [ 102.261273][ T6256] ? __d_lookup+0x266/0x4a0 [ 102.261304][ T6256] ? lookup_fast+0x156/0x610 [ 102.261327][ T6256] ? inode_permission+0x37b/0x640 [ 102.261357][ T6256] link_path_walk+0xd26/0x1c70 [ 102.261399][ T6256] path_openat+0x1bd/0x3140 [ 102.261430][ T6256] ? do_syscall_64+0xcd/0xf80 [ 102.261460][ T6256] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.261495][ T6256] ? __pfx_path_openat+0x10/0x10 [ 102.261541][ T6256] do_filp_open+0x20b/0x470 [ 102.261582][ T6256] ? __pfx_do_filp_open+0x10/0x10 [ 102.261642][ T6256] ? alloc_fd+0x471/0x7d0 [ 102.261687][ T6256] do_sys_openat2+0x121/0x290 [ 102.261714][ T6256] ? __pfx_do_sys_openat2+0x10/0x10 [ 102.261754][ T6256] __x64_sys_openat+0x174/0x210 [ 102.261781][ T6256] ? __pfx___x64_sys_openat+0x10/0x10 [ 102.261822][ T6256] do_syscall_64+0xcd/0xf80 [ 102.261858][ T6256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.261881][ T6256] RIP: 0033:0x7fbda0d8f7c9 [ 102.261902][ T6256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.261926][ T6256] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 102.261949][ T6256] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 102.261964][ T6256] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 102.261980][ T6256] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 102.261995][ T6256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.262009][ T6256] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 102.262045][ T6256] [ 102.646700][ T6267] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 103.513061][ T6292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'. [ 103.932565][ T6307] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 103.963945][ T6307] FAULT_INJECTION: forcing a failure. [ 103.963945][ T6307] name failslab, interval 1, probability 0, space 0, times 0 [ 103.994325][ T6307] CPU: 1 UID: 0 PID: 6307 Comm: syz.1.97 Not tainted syzkaller #0 PREEMPT(full) [ 103.994361][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 103.994375][ T6307] Call Trace: [ 103.994384][ T6307] [ 103.994393][ T6307] dump_stack_lvl+0x16c/0x1f0 [ 103.994432][ T6307] should_fail_ex+0x512/0x640 [ 103.994457][ T6307] ? kmem_cache_alloc_noprof+0x62/0x770 [ 103.994490][ T6307] should_failslab+0xc2/0x120 [ 103.994523][ T6307] kmem_cache_alloc_noprof+0x83/0x770 [ 103.994550][ T6307] ? fc_mount+0xa2/0x220 [ 103.994574][ T6307] ? alloc_vfsmnt+0x23/0x6b0 [ 103.994604][ T6307] ? alloc_vfsmnt+0x23/0x6b0 [ 103.994625][ T6307] alloc_vfsmnt+0x23/0x6b0 [ 103.994651][ T6307] fc_mount+0x105/0x220 [ 103.994678][ T6307] trace_automount+0xfb/0x110 [ 103.994708][ T6307] __traverse_mounts+0x1b9/0x830 [ 103.994739][ T6307] step_into_slowpath+0x772/0xf50 [ 103.994771][ T6307] ? __d_lookup+0x25c/0x4a0 [ 103.994800][ T6307] ? __pfx_step_into_slowpath+0x10/0x10 [ 103.994828][ T6307] ? __d_lookup+0x266/0x4a0 [ 103.994859][ T6307] ? lookup_fast+0x156/0x610 [ 103.994883][ T6307] ? inode_permission+0x37b/0x640 [ 103.994913][ T6307] link_path_walk+0xd26/0x1c70 [ 103.994954][ T6307] path_openat+0x1bd/0x3140 [ 103.994983][ T6307] ? do_syscall_64+0xcd/0xf80 [ 103.995011][ T6307] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.995047][ T6307] ? __pfx_path_openat+0x10/0x10 [ 103.995091][ T6307] do_filp_open+0x20b/0x470 [ 103.995132][ T6307] ? __pfx_do_filp_open+0x10/0x10 [ 103.995184][ T6307] ? alloc_fd+0x471/0x7d0 [ 103.995223][ T6307] do_sys_openat2+0x121/0x290 [ 103.995248][ T6307] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.995281][ T6307] __x64_sys_openat+0x174/0x210 [ 103.995306][ T6307] ? __pfx___x64_sys_openat+0x10/0x10 [ 103.995344][ T6307] do_syscall_64+0xcd/0xf80 [ 103.995376][ T6307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.995401][ T6307] RIP: 0033:0x7efc1d98f7c9 [ 103.995420][ T6307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.995442][ T6307] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 103.995463][ T6307] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 103.995477][ T6307] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 103.995491][ T6307] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 103.995504][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.995517][ T6307] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 103.995550][ T6307] [ 104.831680][ T6318] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 105.595519][ T6328] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.701523][ T6331] FAULT_INJECTION: forcing a failure. [ 105.701523][ T6331] name failslab, interval 1, probability 0, space 0, times 0 [ 105.752395][ T6331] CPU: 0 UID: 0 PID: 6331 Comm: syz.3.104 Not tainted syzkaller #0 PREEMPT(full) [ 105.752426][ T6331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 105.752439][ T6331] Call Trace: [ 105.752446][ T6331] [ 105.752455][ T6331] dump_stack_lvl+0x16c/0x1f0 [ 105.752492][ T6331] should_fail_ex+0x512/0x640 [ 105.752516][ T6331] ? kmem_cache_alloc_noprof+0x62/0x770 [ 105.752545][ T6331] should_failslab+0xc2/0x120 [ 105.752576][ T6331] kmem_cache_alloc_noprof+0x83/0x770 [ 105.752601][ T6331] ? ptlock_alloc+0x1f/0x70 [ 105.752630][ T6331] ? ptlock_alloc+0x1f/0x70 [ 105.752651][ T6331] ptlock_alloc+0x1f/0x70 [ 105.752672][ T6331] pte_alloc_one+0x84/0x3d0 [ 105.752702][ T6331] do_fault+0x8b8/0x1ad0 [ 105.752732][ T6331] ? __pfx_filemap_map_pages+0x10/0x10 [ 105.752764][ T6331] __handle_mm_fault+0x1919/0x2bb0 [ 105.752798][ T6331] ? __pfx___handle_mm_fault+0x10/0x10 [ 105.752822][ T6331] ? folio_mark_accessed+0xc1/0xbf0 [ 105.752850][ T6331] ? __pfx_folio_mark_accessed+0x10/0x10 [ 105.752876][ T6331] ? find_held_lock+0x2b/0x80 [ 105.752922][ T6331] handle_mm_fault+0x3fe/0xad0 [ 105.752960][ T6331] __get_user_pages+0x54e/0x3590 [ 105.753007][ T6331] ? __pfx___get_user_pages+0x10/0x10 [ 105.753048][ T6331] populate_vma_page_range+0x267/0x3f0 [ 105.753083][ T6331] ? __pfx_populate_vma_page_range+0x10/0x10 [ 105.753114][ T6331] ? __pfx_find_vma_intersection+0x10/0x10 [ 105.753146][ T6331] ? do_mmap+0x69c/0x1210 [ 105.753179][ T6331] __mm_populate+0x1d8/0x380 [ 105.753216][ T6331] ? __pfx___mm_populate+0x10/0x10 [ 105.753251][ T6331] ? up_write+0x282/0x4e0 [ 105.753276][ T6331] vm_mmap_pgoff+0x37f/0x470 [ 105.753309][ T6331] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 105.753344][ T6331] ? __fget_files+0x20e/0x3c0 [ 105.753379][ T6331] ksys_mmap_pgoff+0x32c/0x5c0 [ 105.753408][ T6331] ? __pfx_ksys_write+0x10/0x10 [ 105.753441][ T6331] __x64_sys_mmap+0x125/0x190 [ 105.753473][ T6331] do_syscall_64+0xcd/0xf80 [ 105.753507][ T6331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.753528][ T6331] RIP: 0033:0x7f23f698f7c9 [ 105.753546][ T6331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.753567][ T6331] RSP: 002b:00007f23f785b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 105.753589][ T6331] RAX: ffffffffffffffda RBX: 00007f23f6be5fa0 RCX: 00007f23f698f7c9 [ 105.753604][ T6331] RDX: 0000000000000005 RSI: 0000000000810004 RDI: 0000000000000000 [ 105.753617][ T6331] RBP: 00007f23f785b090 R08: 0000000000000003 R09: 0000000000008000 [ 105.753631][ T6331] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 105.753644][ T6331] R13: 00007f23f6be6038 R14: 00007f23f6be5fa0 R15: 00007ffe6c58b648 [ 105.753679][ T6331] [ 107.387589][ T6369] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 107.399803][ T6369] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 107.421227][ T6350] warning: `syz.0.107' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 107.514341][ T6369] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 107.532211][ T6375] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.607060][ T6369] Bluetooth: hci3: Opcode 0x0c1a failed: -4 “[ 107.684651][ T6369] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 107.728730][ T6369] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 107.750979][ T6369] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 107.759429][ T6369] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 107.794645][ T6369] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 107.808082][ T6369] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 107.820041][ T6369] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 107.838387][ T6369] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 108.208029][ T6389] FAULT_INJECTION: forcing a failure. [ 108.208029][ T6389] name failslab, interval 1, probability 0, space 0, times 0 [ 108.221754][ T6389] CPU: 0 UID: 0 PID: 6389 Comm: syz.0.118 Not tainted syzkaller #0 PREEMPT(full) [ 108.221785][ T6389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 108.221799][ T6389] Call Trace: [ 108.221807][ T6389] [ 108.221818][ T6389] dump_stack_lvl+0x16c/0x1f0 [ 108.221867][ T6389] should_fail_ex+0x512/0x640 [ 108.221894][ T6389] ? __kmalloc_node_noprof+0xcd/0x930 [ 108.221931][ T6389] should_failslab+0xc2/0x120 [ 108.221966][ T6389] __kmalloc_node_noprof+0xee/0x930 [ 108.221999][ T6389] ? user_buffer_init+0x4d0/0x750 [ 108.222035][ T6389] ? user_buffer_init+0x4d0/0x750 [ 108.222063][ T6389] user_buffer_init+0x4d0/0x750 [ 108.222099][ T6389] tracing_mark_open+0x19d/0x220 [ 108.222135][ T6389] do_dentry_open+0x748/0x1590 [ 108.222167][ T6389] ? __pfx_tracing_mark_open+0x10/0x10 [ 108.222209][ T6389] vfs_open+0x82/0x3f0 [ 108.222240][ T6389] path_openat+0x2078/0x3140 [ 108.222284][ T6389] ? __pfx_path_openat+0x10/0x10 [ 108.222332][ T6389] do_filp_open+0x20b/0x470 [ 108.222367][ T6389] ? __pfx_do_filp_open+0x10/0x10 [ 108.222428][ T6389] ? alloc_fd+0x471/0x7d0 [ 108.222470][ T6389] do_sys_openat2+0x121/0x290 [ 108.222493][ T6389] ? __pfx_do_sys_openat2+0x10/0x10 [ 108.222529][ T6389] __x64_sys_openat+0x174/0x210 [ 108.222554][ T6389] ? __pfx___x64_sys_openat+0x10/0x10 [ 108.222592][ T6389] do_syscall_64+0xcd/0xf80 [ 108.222625][ T6389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.222649][ T6389] RIP: 0033:0x7f4778d8f7c9 [ 108.222668][ T6389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.222692][ T6389] RSP: 002b:00007f4779c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 108.222716][ T6389] RAX: ffffffffffffffda RBX: 00007f4778fe5fa0 RCX: 00007f4778d8f7c9 [ 108.222732][ T6389] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 108.222748][ T6389] RBP: 00007f4778e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 108.222763][ T6389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.222778][ T6389] R13: 00007f4778fe6038 R14: 00007f4778fe5fa0 R15: 00007ffd196d5df8 [ 108.222815][ T6389] [ 108.703242][ T6396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.117'. [ 109.115877][ T6406] FAULT_INJECTION: forcing a failure. [ 109.115877][ T6406] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 109.174548][ T6406] CPU: 0 UID: 0 PID: 6406 Comm: syz.3.122 Not tainted syzkaller #0 PREEMPT(full) [ 109.174588][ T6406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 109.174600][ T6406] Call Trace: [ 109.174608][ T6406] [ 109.174617][ T6406] dump_stack_lvl+0x16c/0x1f0 [ 109.174658][ T6406] should_fail_ex+0x512/0x640 [ 109.174688][ T6406] should_fail_alloc_page+0xe7/0x130 [ 109.174723][ T6406] prepare_alloc_pages+0x401/0x670 [ 109.174756][ T6406] ? page_table_check_set+0x7dd/0xa40 [ 109.174789][ T6406] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 109.174816][ T6406] ? page_table_check_set+0x7e7/0xa40 [ 109.174844][ T6406] ? xas_move_index+0xb0/0x110 [ 109.174876][ T6406] ? xas_find+0x303/0x890 [ 109.174909][ T6406] ? __pfx___page_table_check_ptes_set+0x10/0x10 [ 109.174944][ T6406] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 109.174973][ T6406] ? find_held_lock+0x2b/0x80 [ 109.175002][ T6406] ? filemap_map_pages+0x1260/0x1e00 [ 109.175033][ T6406] ? filemap_map_pages+0x12dd/0x1e00 [ 109.175062][ T6406] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 109.175097][ T6406] ? policy_nodemask+0xea/0x4e0 [ 109.175132][ T6406] alloc_pages_mpol+0x1fb/0x550 [ 109.175165][ T6406] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 109.175207][ T6406] alloc_pages_noprof+0x131/0x390 [ 109.175240][ T6406] pte_alloc_one+0x1e/0x3d0 [ 109.175271][ T6406] do_fault+0x8b8/0x1ad0 [ 109.175300][ T6406] ? __pfx_filemap_map_pages+0x10/0x10 [ 109.175331][ T6406] __handle_mm_fault+0x1919/0x2bb0 [ 109.175365][ T6406] ? __pfx___handle_mm_fault+0x10/0x10 [ 109.175388][ T6406] ? folio_mark_accessed+0xc1/0xbf0 [ 109.175416][ T6406] ? __pfx_folio_mark_accessed+0x10/0x10 [ 109.175443][ T6406] ? find_held_lock+0x2b/0x80 [ 109.175490][ T6406] handle_mm_fault+0x3fe/0xad0 [ 109.175521][ T6406] __get_user_pages+0x54e/0x3590 [ 109.175572][ T6406] ? __pfx___get_user_pages+0x10/0x10 [ 109.175614][ T6406] populate_vma_page_range+0x267/0x3f0 [ 109.175648][ T6406] ? __pfx_populate_vma_page_range+0x10/0x10 [ 109.175679][ T6406] ? __pfx_find_vma_intersection+0x10/0x10 [ 109.175712][ T6406] ? do_mmap+0x69c/0x1210 [ 109.175745][ T6406] __mm_populate+0x1d8/0x380 [ 109.175779][ T6406] ? __pfx___mm_populate+0x10/0x10 [ 109.175813][ T6406] ? up_write+0x282/0x4e0 [ 109.175840][ T6406] vm_mmap_pgoff+0x37f/0x470 [ 109.175875][ T6406] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 109.175912][ T6406] ? __fget_files+0x20e/0x3c0 [ 109.175949][ T6406] ksys_mmap_pgoff+0x32c/0x5c0 [ 109.175978][ T6406] ? __pfx_ksys_write+0x10/0x10 [ 109.176012][ T6406] __x64_sys_mmap+0x125/0x190 [ 109.176040][ T6406] do_syscall_64+0xcd/0xf80 [ 109.176073][ T6406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.176096][ T6406] RIP: 0033:0x7f23f698f7c9 [ 109.176115][ T6406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.176136][ T6406] RSP: 002b:00007f23f785b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 109.176157][ T6406] RAX: ffffffffffffffda RBX: 00007f23f6be5fa0 RCX: 00007f23f698f7c9 [ 109.176173][ T6406] RDX: 0000000000000005 RSI: 0000000000810004 RDI: 0000000000000000 [ 109.176186][ T6406] RBP: 00007f23f785b090 R08: 0000000000000003 R09: 0000000000008000 [ 109.176200][ T6406] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 109.176214][ T6406] R13: 00007f23f6be6038 R14: 00007f23f6be5fa0 R15: 00007ffe6c58b648 [ 109.176248][ T6406] [ 109.654035][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 109.660189][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.776399][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.857345][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.834160][ T6433] netlink: 12 bytes leftover after parsing attributes in process `syz.2.131'. [ 110.893606][ T6435] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 110.926092][ T6435] FAULT_INJECTION: forcing a failure. [ 110.926092][ T6435] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 110.947038][ T6435] CPU: 0 UID: 0 PID: 6435 Comm: syz.1.132 Not tainted syzkaller #0 PREEMPT(full) [ 110.947060][ T6435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 110.947069][ T6435] Call Trace: [ 110.947074][ T6435] [ 110.947080][ T6435] dump_stack_lvl+0x16c/0x1f0 [ 110.947105][ T6435] should_fail_ex+0x512/0x640 [ 110.947123][ T6435] _copy_to_user+0x32/0xd0 [ 110.947138][ T6435] ctl_ioctl+0x4e8/0xd70 [ 110.947155][ T6435] ? __pfx_ctl_ioctl+0x10/0x10 [ 110.947187][ T6435] ? __fget_files+0x20e/0x3c0 [ 110.947207][ T6435] dm_ctl_ioctl+0x22/0x30 [ 110.947220][ T6435] ? __pfx_dm_ctl_ioctl+0x10/0x10 [ 110.947233][ T6435] __x64_sys_ioctl+0x18e/0x210 [ 110.947250][ T6435] do_syscall_64+0xcd/0xf80 [ 110.947269][ T6435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.947283][ T6435] RIP: 0033:0x7efc1d98f7c9 [ 110.947295][ T6435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.947308][ T6435] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 110.947328][ T6435] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 110.947337][ T6435] RDX: 0000200000000140 RSI: fffffffffffffd03 RDI: 0000000000000005 [ 110.947346][ T6435] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 110.947354][ T6435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.947361][ T6435] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 110.947380][ T6435] [ 111.624016][ T6442] netlink: 252 bytes leftover after parsing attributes in process `syz.0.134'. [ 111.688084][ T6445] netlink: 252 bytes leftover after parsing attributes in process `syz.0.134'. [ 111.697482][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 111.704219][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 111.780871][ T6448] netlink: 12 bytes leftover after parsing attributes in process `syz.3.136'. [ 111.859047][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 111.933931][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 112.076766][ T6456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 112.195330][ T6461] bridge0: port 3(hsr0) entered blocking state [ 112.218896][ T6461] bridge0: port 3(hsr0) entered disabled state [ 112.225434][ T6461] hsr0: entered allmulticast mode [ 112.230480][ T6461] hsr_slave_0: entered allmulticast mode [ 112.242133][ T6461] hsr_slave_1: entered allmulticast mode [ 112.252544][ T6461] hsr0: entered promiscuous mode [ 112.262837][ T6461] bridge0: port 3(hsr0) entered blocking state [ 112.269400][ T6461] bridge0: port 3(hsr0) entered forwarding state [ 112.482848][ T6469] FAULT_INJECTION: forcing a failure. [ 112.482848][ T6469] name failslab, interval 1, probability 0, space 0, times 0 [ 112.496291][ T6469] CPU: 1 UID: 0 PID: 6469 Comm: syz.0.143 Not tainted syzkaller #0 PREEMPT(full) [ 112.496322][ T6469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 112.496334][ T6469] Call Trace: [ 112.496342][ T6469] [ 112.496351][ T6469] dump_stack_lvl+0x16c/0x1f0 [ 112.496388][ T6469] should_fail_ex+0x512/0x640 [ 112.496410][ T6469] ? kmem_cache_alloc_noprof+0x62/0x770 [ 112.496438][ T6469] should_failslab+0xc2/0x120 [ 112.496468][ T6469] kmem_cache_alloc_noprof+0x83/0x770 [ 112.496492][ T6469] ? ptlock_alloc+0x1f/0x70 [ 112.496521][ T6469] ? ptlock_alloc+0x1f/0x70 [ 112.496540][ T6469] ptlock_alloc+0x1f/0x70 [ 112.496560][ T6469] pte_alloc_one+0x84/0x3d0 [ 112.496590][ T6469] do_fault+0x8b8/0x1ad0 [ 112.496619][ T6469] ? __pfx_filemap_map_pages+0x10/0x10 [ 112.496648][ T6469] __handle_mm_fault+0x1919/0x2bb0 [ 112.496680][ T6469] ? __pfx___handle_mm_fault+0x10/0x10 [ 112.496702][ T6469] ? folio_mark_accessed+0xc1/0xbf0 [ 112.496730][ T6469] ? __pfx_folio_mark_accessed+0x10/0x10 [ 112.496756][ T6469] ? find_held_lock+0x2b/0x80 [ 112.496804][ T6469] handle_mm_fault+0x3fe/0xad0 [ 112.496834][ T6469] __get_user_pages+0x54e/0x3590 [ 112.496879][ T6469] ? __pfx___get_user_pages+0x10/0x10 [ 112.496919][ T6469] populate_vma_page_range+0x267/0x3f0 [ 112.496954][ T6469] ? __pfx_populate_vma_page_range+0x10/0x10 [ 112.496984][ T6469] ? __pfx_find_vma_intersection+0x10/0x10 [ 112.497016][ T6469] ? do_mmap+0x69c/0x1210 [ 112.497049][ T6469] __mm_populate+0x1d8/0x380 [ 112.497082][ T6469] ? __pfx___mm_populate+0x10/0x10 [ 112.497122][ T6469] ? up_write+0x282/0x4e0 [ 112.497147][ T6469] vm_mmap_pgoff+0x37f/0x470 [ 112.497179][ T6469] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 112.497214][ T6469] ? __fget_files+0x20e/0x3c0 [ 112.497250][ T6469] ksys_mmap_pgoff+0x32c/0x5c0 [ 112.497279][ T6469] ? __pfx_ksys_write+0x10/0x10 [ 112.497312][ T6469] __x64_sys_mmap+0x125/0x190 [ 112.497340][ T6469] do_syscall_64+0xcd/0xf80 [ 112.497373][ T6469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.497396][ T6469] RIP: 0033:0x7f4778d8f7c9 [ 112.497415][ T6469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.497434][ T6469] RSP: 002b:00007f4779c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 112.497455][ T6469] RAX: ffffffffffffffda RBX: 00007f4778fe5fa0 RCX: 00007f4778d8f7c9 [ 112.497470][ T6469] RDX: 0000000000000005 RSI: 0000000000810004 RDI: 0000000000000000 [ 112.497482][ T6469] RBP: 00007f4779c43090 R08: 0000000000000003 R09: 0000000000008000 [ 112.497496][ T6469] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 112.497509][ T6469] R13: 00007f4778fe6038 R14: 00007f4778fe5fa0 R15: 00007ffd196d5df8 [ 112.497541][ T6469] “[ 113.773914][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 113.780081][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 113.936808][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 114.013947][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.610709][ T6523] FAULT_INJECTION: forcing a failure. [ 114.610709][ T6523] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 114.673993][ T6523] CPU: 1 UID: 0 PID: 6523 Comm: syz.0.160 Not tainted syzkaller #0 PREEMPT(full) [ 114.674025][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 114.674037][ T6523] Call Trace: [ 114.674045][ T6523] [ 114.674053][ T6523] dump_stack_lvl+0x16c/0x1f0 [ 114.674091][ T6523] should_fail_ex+0x512/0x640 [ 114.674119][ T6523] should_fail_alloc_page+0xe7/0x130 [ 114.674152][ T6523] prepare_alloc_pages+0x401/0x670 [ 114.674194][ T6523] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 114.674219][ T6523] ? page_table_check_set+0x7e7/0xa40 [ 114.674247][ T6523] ? xas_move_index+0xb0/0x110 [ 114.674279][ T6523] ? do_raw_spin_lock+0x12c/0x2b0 [ 114.674310][ T6523] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 114.674335][ T6523] ? mark_held_locks+0x49/0x80 [ 114.674356][ T6523] ? find_held_lock+0x2b/0x80 [ 114.674383][ T6523] ? filemap_map_pages+0x1260/0x1e00 [ 114.674413][ T6523] ? filemap_map_pages+0x12dd/0x1e00 [ 114.674441][ T6523] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 114.674475][ T6523] ? policy_nodemask+0xea/0x4e0 [ 114.674508][ T6523] alloc_pages_mpol+0x1fb/0x550 [ 114.674540][ T6523] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 114.674580][ T6523] alloc_pages_noprof+0x131/0x390 [ 114.674611][ T6523] pte_alloc_one+0x1e/0x3d0 [ 114.674640][ T6523] do_fault+0x8b8/0x1ad0 [ 114.674669][ T6523] ? __pfx_filemap_map_pages+0x10/0x10 [ 114.674699][ T6523] __handle_mm_fault+0x1919/0x2bb0 [ 114.674731][ T6523] ? __pfx___handle_mm_fault+0x10/0x10 [ 114.674754][ T6523] ? folio_mark_accessed+0xc1/0xbf0 [ 114.674781][ T6523] ? __pfx_folio_mark_accessed+0x10/0x10 [ 114.674808][ T6523] ? find_held_lock+0x2b/0x80 [ 114.674855][ T6523] handle_mm_fault+0x3fe/0xad0 [ 114.674884][ T6523] __get_user_pages+0x54e/0x3590 [ 114.674927][ T6523] ? __pfx___get_user_pages+0x10/0x10 [ 114.674967][ T6523] populate_vma_page_range+0x267/0x3f0 [ 114.675000][ T6523] ? __pfx_populate_vma_page_range+0x10/0x10 [ 114.675030][ T6523] ? __pfx_find_vma_intersection+0x10/0x10 [ 114.675062][ T6523] ? do_mmap+0x69c/0x1210 [ 114.675095][ T6523] __mm_populate+0x1d8/0x380 [ 114.675128][ T6523] ? __pfx___mm_populate+0x10/0x10 [ 114.675167][ T6523] ? up_write+0x282/0x4e0 [ 114.675192][ T6523] vm_mmap_pgoff+0x37f/0x470 [ 114.675223][ T6523] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 114.675256][ T6523] ? __fget_files+0x20e/0x3c0 [ 114.675289][ T6523] ksys_mmap_pgoff+0x32c/0x5c0 [ 114.675317][ T6523] ? __pfx_ksys_write+0x10/0x10 [ 114.675352][ T6523] __x64_sys_mmap+0x125/0x190 [ 114.675378][ T6523] do_syscall_64+0xcd/0xf80 [ 114.675408][ T6523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.675429][ T6523] RIP: 0033:0x7f4778d8f7c9 [ 114.675448][ T6523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.675469][ T6523] RSP: 002b:00007f4779c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 114.675491][ T6523] RAX: ffffffffffffffda RBX: 00007f4778fe5fa0 RCX: 00007f4778d8f7c9 [ 114.675506][ T6523] RDX: 0000000000000005 RSI: 0000000000810004 RDI: 0000000000000000 [ 114.675518][ T6523] RBP: 00007f4779c43090 R08: 0000000000000003 R09: 0000000000008000 [ 114.675531][ T6523] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000002 [ 114.675544][ T6523] R13: 00007f4778fe6038 R14: 00007f4778fe5fa0 R15: 00007ffd196d5df8 [ 114.675576][ T6523] [ 115.047138][ T6533] futex_wake_op: syz.2.161 tries to shift op by -2048; fix this program [ 115.100580][ T6533] futex_wake_op: syz.2.161 tries to shift op by -2048; fix this program [ 116.986862][ T6577] netlink: 'syz.3.169': attribute type 2 has an invalid length. [ 117.006500][ T6576] netlink: 'syz.3.169': attribute type 2 has an invalid length. [ 118.239242][ T6601] sg_write: process 142 (syz.2.174) changed security contexts after opening file descriptor, this is not allowed. [ 118.827600][ T6599] syz.0.172 (6599) used greatest stack depth: 19688 bytes left [ 119.594986][ T6628] netlink: 'syz.3.179': attribute type 2 has an invalid length. [ 119.602752][ T6625] Console: switching to colour frame buffer device 128x48 [ 120.158460][ T6641] Invalid ELF header magic: != ELF [ 120.423021][ T6648] netlink: 8 bytes leftover after parsing attributes in process `syz.3.187'. [ 121.766130][ T6671] [U] [ 121.769170][ T6671] [U] [ 121.771885][ T6671] [U] [ 121.774603][ T6671] [U] [ 121.777319][ T6671] [U] [ 121.780397][ T6671] [U] [ 121.783086][ T6671] [U] [ 121.785757][ T6671] [U] [ 121.788427][ T6671] [U] [ 121.791979][ T6671] [U] [ 121.794667][ T6671] [U] [ 121.797337][ T6671] [U] [ 121.800007][ T6671] [U] [ 121.806079][ T6671] [U] [ 121.808814][ T6671] [U] [ 121.811524][ T6671] [U] [ 121.814243][ T6671] [U] [ 121.818338][ T6671] [U] [ 121.821073][ T6671] [U] [ 121.823775][ T6671] [U] [ 121.826461][ T6671] [U] [ 121.830920][ T6671] [U] [ 121.833648][ T6671] [U] [ 121.836341][ T6671] [U] [ 121.839027][ T6671] [U] [ 121.842276][ T6671] [U] [ 121.845000][ T6671] [U] [ 121.847705][ T6671] [U] [ 121.850406][ T6671] [U] [ 121.853876][ T6671] [U] [ 121.856597][ T6671] [U] [ 121.859299][ T6671] [U] [ 121.861994][ T6671] [U] [ 122.264728][ T6671] [U] [ 122.267489][ T6671] [U] [ 122.270205][ T6671] [U] [ 122.272916][ T6671] [U] [ 122.325484][ T6671] [U] [ 122.328199][ T6671] [U] [ 122.330867][ T6671] [U] [ 122.333555][ T6671] [U] [ 122.429204][ T6671] [U] [ 122.431946][ T6671] [U] [ 122.434625][ T6671] [U] [ 122.437303][ T6671] [U] [ 122.516618][ T6671] [U] [ 122.519330][ T6671] [U] [ 122.522000][ T6671] [U] [ 122.524667][ T6671] [U] [ 122.564032][ T6671] [U] [ 122.566749][ T6671] [U] [ 122.569420][ T6671] [U] [ 122.572090][ T6671] [U] [ 122.687321][ T6671] [U] [ 124.356612][ T6708] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 125.274156][ T6724] netlink: 16 bytes leftover after parsing attributes in process `syz.2.203'. [ 125.543387][ T6717] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 125.550237][ T6717] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 125.556683][ T6717] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 125.563058][ T6717] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.973837][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.623961][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 127.624055][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 127.630026][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 127.984237][ T6783] FAULT_INJECTION: forcing a failure. [ 127.984237][ T6783] name failslab, interval 1, probability 0, space 0, times 0 [ 128.014978][ T6783] CPU: 0 UID: 0 PID: 6783 Comm: syz.0.217 Not tainted syzkaller #0 PREEMPT(full) [ 128.015011][ T6783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 128.015026][ T6783] Call Trace: [ 128.015034][ T6783] [ 128.015044][ T6783] dump_stack_lvl+0x16c/0x1f0 [ 128.015087][ T6783] should_fail_ex+0x512/0x640 [ 128.015113][ T6783] ? kmem_cache_alloc_noprof+0x62/0x770 [ 128.015146][ T6783] should_failslab+0xc2/0x120 [ 128.015183][ T6783] kmem_cache_alloc_noprof+0x83/0x770 [ 128.015209][ T6783] ? futex_wait+0xc0/0x380 [ 128.015238][ T6783] ? do_epoll_ctl+0x1170/0x3790 [ 128.015276][ T6783] ? do_epoll_ctl+0x1170/0x3790 [ 128.015303][ T6783] do_epoll_ctl+0x1170/0x3790 [ 128.015334][ T6783] ? io_uring_setup+0x137/0x1f60 [ 128.015372][ T6783] ? __pfx_do_epoll_ctl+0x10/0x10 [ 128.015397][ T6783] ? find_held_lock+0x2b/0x80 [ 128.015421][ T6783] ? __might_fault+0xe3/0x190 [ 128.015441][ T6783] ? __might_fault+0xe3/0x190 [ 128.015474][ T6783] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 128.015498][ T6783] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 128.015528][ T6783] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 128.015573][ T6783] do_syscall_64+0xcd/0xf80 [ 128.015609][ T6783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.015632][ T6783] RIP: 0033:0x7f4778d8f7c9 [ 128.015671][ T6783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.015695][ T6783] RSP: 002b:00007f4779c43038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 128.015719][ T6783] RAX: ffffffffffffffda RBX: 00007f4778fe5fa0 RCX: 00007f4778d8f7c9 [ 128.015735][ T6783] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 128.015749][ T6783] RBP: 00007f4778e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 128.015763][ T6783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.015778][ T6783] R13: 00007f4778fe6038 R14: 00007f4778fe5fa0 R15: 00007ffd196d5df8 [ 128.015816][ T6783] [ 128.038438][ T6750] kexec: Could not allocate control_code_buffer [ 128.343221][ T6787] MTRR 1 not used [ 128.716291][ T6797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.223'. [ 128.979964][ T6806] netlink: 158 bytes leftover after parsing attributes in process `syz.3.226'. [ 129.608689][ T6821] FAULT_INJECTION: forcing a failure. [ 129.608689][ T6821] name fail_futex, interval 1, probability 0, space 0, times 0 [ 129.665598][ T6821] CPU: 1 UID: 0 PID: 6821 Comm: syz.1.230 Not tainted syzkaller #0 PREEMPT(full) [ 129.665633][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 129.665647][ T6821] Call Trace: [ 129.665655][ T6821] [ 129.665666][ T6821] dump_stack_lvl+0x16c/0x1f0 [ 129.665706][ T6821] should_fail_ex+0x512/0x640 [ 129.665731][ T6821] ? __lock_acquire+0x436/0x2890 [ 129.665757][ T6821] get_futex_key+0x1d0/0x15f0 [ 129.665788][ T6821] ? __pfx_get_futex_key+0x10/0x10 [ 129.665815][ T6821] ? rcu_is_watching+0x12/0xc0 [ 129.665854][ T6821] futex_wait_setup+0x9d/0x570 [ 129.665897][ T6821] __futex_wait+0x193/0x2f0 [ 129.665929][ T6821] ? __pfx___futex_wait+0x10/0x10 [ 129.665956][ T6821] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 129.665987][ T6821] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.666022][ T6821] ? __pfx_futex_wake_mark+0x10/0x10 [ 129.666056][ T6821] ? find_held_lock+0x2b/0x80 [ 129.666086][ T6821] ? futex_private_hash_put+0x160/0x1b0 [ 129.666111][ T6821] futex_wait+0xe8/0x380 [ 129.666140][ T6821] ? __pfx_futex_wait+0x10/0x10 [ 129.666178][ T6821] ? putname+0xf5/0x1a0 [ 129.666208][ T6821] do_futex+0x229/0x350 [ 129.666243][ T6821] ? __pfx_do_futex+0x10/0x10 [ 129.666280][ T6821] __x64_sys_futex+0x1e0/0x4c0 [ 129.666307][ T6821] ? __x64_sys_openat+0x174/0x210 [ 129.666333][ T6821] ? __pfx___x64_sys_futex+0x10/0x10 [ 129.666373][ T6821] do_syscall_64+0xcd/0xf80 [ 129.666408][ T6821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.666433][ T6821] RIP: 0033:0x7efc1d98f7c9 [ 129.666452][ T6821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.666474][ T6821] RSP: 002b:00007efc1e84b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.666496][ T6821] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa8 RCX: 00007efc1d98f7c9 [ 129.666513][ T6821] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efc1dbe5fa8 [ 129.666528][ T6821] RBP: 00007efc1dbe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 129.666543][ T6821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.666557][ T6821] R13: 00007efc1dbe6038 R14: 00007ffd3a4468d0 R15: 00007ffd3a4469b8 [ 129.666592][ T6821] [ 130.229986][ T6830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.234'. [ 130.265305][ T6831] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 131.401544][ T6868] syz.3.242 uses obsolete (PF_INET,SOCK_PACKET) [ 132.209747][ T6889] syz.3.249 (6889): attempted to duplicate a private mapping with mremap. This is not supported. [ 132.451030][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.250'. [ 132.897306][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.903898][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.414349][ T6912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.255'. [ 133.886322][ T6925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.259'. [ 133.930279][ T6925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.259'. [ 133.982343][ T30] audit: type=1326 audit(1766274727.693:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6928 comm="syz.0.261" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4778d8f7c9 code=0x0 [ 134.798443][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.268'. [ 134.942272][ T6958] usb usb4: usbfs: interface 0 claimed by hub while 'syz.2.270' sets config #4 [ 135.446624][ T6971] netlink: 20 bytes leftover after parsing attributes in process `syz.3.274'. [ 136.158636][ T6983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.276'. syzkaller syzkaller login: [ 136.853521][ T7014] futex_wake_op: syz.1.285 tries to shift op by -2048; fix this program [ 136.931485][ T7014] futex_wake_op: syz.1.285 tries to shift op by -2048; fix this program [ 136.957851][ T7022] usb usb4: usbfs: interface 0 claimed by hub while 'syz.2.287' sets config #4 [ 136.971890][ T7014] 0x000000000001-0x000000020000 : "" [ 137.034903][ T7014] ftl_cs: FTL header corrupt! [ 137.149609][ T7031] FAULT_INJECTION: forcing a failure. [ 137.149609][ T7031] name failslab, interval 1, probability 0, space 0, times 0 [ 137.190068][ T7031] CPU: 1 UID: 0 PID: 7031 Comm: syz.2.288 Not tainted syzkaller #0 PREEMPT(full) [ 137.190103][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 137.190116][ T7031] Call Trace: [ 137.190124][ T7031] [ 137.190134][ T7031] dump_stack_lvl+0x16c/0x1f0 [ 137.190174][ T7031] should_fail_ex+0x512/0x640 [ 137.190199][ T7031] ? __kmalloc_node_noprof+0xcd/0x930 [ 137.190235][ T7031] should_failslab+0xc2/0x120 [ 137.190272][ T7031] __kmalloc_node_noprof+0xee/0x930 [ 137.190301][ T7031] ? user_buffer_init+0x4d0/0x750 [ 137.190336][ T7031] ? user_buffer_init+0x4d0/0x750 [ 137.190373][ T7031] user_buffer_init+0x4d0/0x750 [ 137.190410][ T7031] tracing_mark_open+0x19d/0x220 [ 137.190444][ T7031] do_dentry_open+0x748/0x1590 [ 137.190475][ T7031] ? __pfx_tracing_mark_open+0x10/0x10 [ 137.190516][ T7031] vfs_open+0x82/0x3f0 [ 137.190546][ T7031] path_openat+0x2078/0x3140 [ 137.190589][ T7031] ? __pfx_path_openat+0x10/0x10 [ 137.190636][ T7031] do_filp_open+0x20b/0x470 [ 137.190670][ T7031] ? __pfx_do_filp_open+0x10/0x10 [ 137.190729][ T7031] ? alloc_fd+0x471/0x7d0 [ 137.190771][ T7031] do_sys_openat2+0x121/0x290 [ 137.190797][ T7031] ? __pfx_do_sys_openat2+0x10/0x10 [ 137.190836][ T7031] __x64_sys_openat+0x174/0x210 [ 137.190862][ T7031] ? __pfx___x64_sys_openat+0x10/0x10 [ 137.190902][ T7031] do_syscall_64+0xcd/0xf80 [ 137.190939][ T7031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.190962][ T7031] RIP: 0033:0x7fbda0d8f7c9 [ 137.190982][ T7031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.191004][ T7031] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 137.191027][ T7031] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 137.191042][ T7031] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 137.191057][ T7031] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 137.191071][ T7031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.191084][ T7031] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 137.191119][ T7031] [ 137.620163][ T7039] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 138.320741][ T7061] netlink: 326 bytes leftover after parsing attributes in process `syz.0.296'. [ 139.482852][ T7091] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 139.507606][ T7092] capability: warning: `syz.2.306' uses 32-bit capabilities (legacy support in use) [ 139.518451][ T7092] UHID_CREATE from different security context by process 234 (syz.2.306), this is not allowed. [ 139.556979][ T7087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.305'. [ 141.434483][ T7144] bond0: Unable to set down delay as MII monitoring is disabled [ 141.737626][ T7153] usb usb36: usbfs: process 7153 (syz.1.320) did not claim interface 0 before use [ 142.649096][ T7181] openvswitch: netlink: Flow key attribute not present in set flow. [ 142.670760][ T7184] zswap: compressor ûW–îë“;Å0못„?u=8å}Öƒ•L­Ö(£E‘¤¤Ö¹‰jj–8+ÕÄxp¥—Èœ‹ŒNkR³¦°¤uoêÇo‹ÿ¬<µSÔH ¾}ïEd }¡ìöP¢…8a [ 146.519850][ T7276] dump_stack_lvl+0x16c/0x1f0 [ 146.519876][ T7276] should_fail_ex+0x512/0x640 [ 146.519894][ T7276] get_futex_key+0x1d0/0x15f0 [ 146.519911][ T7276] ? __pfx_get_futex_key+0x10/0x10 [ 146.519931][ T7276] futex_wake+0xea/0x530 [ 146.519949][ T7276] ? __lock_acquire+0x436/0x2890 [ 146.519962][ T7276] ? __pfx_futex_wake+0x10/0x10 [ 146.519987][ T7276] do_futex+0x1e3/0x350 [ 146.520002][ T7276] ? __pfx_do_futex+0x10/0x10 [ 146.520021][ T7276] __x64_sys_futex+0x1e0/0x4c0 [ 146.520037][ T7276] ? fdget_pos+0x2b8/0x370 [ 146.520056][ T7276] ? __pfx___x64_sys_futex+0x10/0x10 [ 146.520071][ T7276] ? __pfx_do_writev+0x10/0x10 [ 146.520094][ T7276] do_syscall_64+0xcd/0xf80 [ 146.520114][ T7276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.520128][ T7276] RIP: 0033:0x7fbda0d8f7c9 [ 146.520139][ T7276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.520151][ T7276] RSP: 002b:00007fbda1c730e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 146.520165][ T7276] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa8 RCX: 00007fbda0d8f7c9 [ 146.520173][ T7276] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbda0fe5fac [ 146.520181][ T7276] RBP: 00007fbda0fe5fa0 R08: 00007fbda1c74000 R09: 0000000000000000 [ 146.520189][ T7276] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 146.520197][ T7276] R13: 00007fbda0fe6038 R14: 00007ffd90ee10b0 R15: 00007ffd90ee1198 [ 146.520214][ T7276] [ 146.750776][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.750799][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.756928][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 147.029061][ T7285] FAULT_INJECTION: forcing a failure. [ 147.029061][ T7285] name failslab, interval 1, probability 0, space 0, times 0 [ 147.062304][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz.2.350 Not tainted syzkaller #0 PREEMPT(full) [ 147.062339][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 147.062354][ T7285] Call Trace: [ 147.062362][ T7285] [ 147.062372][ T7285] dump_stack_lvl+0x16c/0x1f0 [ 147.062412][ T7285] should_fail_ex+0x512/0x640 [ 147.062437][ T7285] ? kmem_cache_alloc_noprof+0x62/0x770 [ 147.062472][ T7285] should_failslab+0xc2/0x120 [ 147.062514][ T7285] kmem_cache_alloc_noprof+0x83/0x770 [ 147.062543][ T7285] ? alloc_empty_file+0x55/0x1e0 [ 147.062577][ T7285] ? alloc_empty_file+0x55/0x1e0 [ 147.062598][ T7285] alloc_empty_file+0x55/0x1e0 [ 147.062624][ T7285] alloc_file_pseudo+0x13a/0x230 [ 147.062650][ T7285] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 147.062686][ T7285] __shmem_file_setup+0x1a8/0x350 [ 147.062724][ T7285] shmem_zero_setup+0x93/0x1b0 [ 147.062754][ T7285] __mmap_region+0x2271/0x2a00 [ 147.062785][ T7285] ? __lock_acquire+0x436/0x2890 [ 147.062808][ T7285] ? __pfx___mmap_region+0x10/0x10 [ 147.062847][ T7285] ? lock_acquire+0x179/0x330 [ 147.062883][ T7285] ? finish_task_switch.isra.0+0x207/0xbd0 [ 147.062986][ T7285] ? rcu_is_watching+0x12/0xc0 [ 147.063026][ T7285] mmap_region+0x1ab/0x3f0 [ 147.063054][ T7285] ? __get_unmapped_area+0x267/0x3f0 [ 147.063091][ T7285] do_mmap+0xa3e/0x1210 [ 147.063130][ T7285] ? __pfx_do_mmap+0x10/0x10 [ 147.063188][ T7285] ? __pfx_down_write_killable+0x10/0x10 [ 147.063222][ T7285] vm_mmap_pgoff+0x29e/0x470 [ 147.063262][ T7285] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 147.063302][ T7285] ? __x64_sys_futex+0x1e0/0x4c0 [ 147.063327][ T7285] ? __x64_sys_futex+0x1e9/0x4c0 [ 147.063358][ T7285] ksys_mmap_pgoff+0x7d/0x5c0 [ 147.063389][ T7285] ? xfd_validate_state+0x61/0x180 [ 147.063410][ T7285] ? __pfx_do_writev+0x10/0x10 [ 147.063445][ T7285] __x64_sys_mmap+0x125/0x190 [ 147.063473][ T7285] do_syscall_64+0xcd/0xf80 [ 147.063516][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.063542][ T7285] RIP: 0033:0x7fbda0d8f7c9 [ 147.063563][ T7285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.063586][ T7285] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 147.063609][ T7285] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 147.063625][ T7285] RDX: 00000000000000df RSI: 0000000004020009 RDI: 0000000000000000 [ 147.063640][ T7285] RBP: 00007fbda0e13f91 R08: 0000000000000401 R09: 0000000000008000 [ 147.063655][ T7285] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 147.063669][ T7285] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 147.063705][ T7285] [ 147.628116][ T5838] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 148.942986][ T7318] zswap: compressor  not available [ 149.047195][ T7320] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 149.791348][ T7346] netlink: 186 bytes leftover after parsing attributes in process `syz.1.364'. [ 149.816528][ T7352] netlink: 'syz.3.366': attribute type 1 has an invalid length. [ 150.518628][ T7375] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 151.017654][ T5838] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 153.414062][ T7443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.386'. [ 153.564094][ T7449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.387'. [ 153.600164][ T7449] netlink: 17 bytes leftover after parsing attributes in process `syz.0.387'. [ 153.787655][ T7451] netlink: 'syz.0.387': attribute type 11 has an invalid length. [ 156.392189][ T7487] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 157.064587][ T7523] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.408'. [ 157.202540][ T7523] nvme_fabrics: missing parameter 'transport=%s' [ 157.223041][ T7523] nvme_fabrics: missing parameter 'nqn=%s' [ 157.801540][ T5838] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 160.191638][ T7583] zswap: compressor not available [ 161.121462][ T7622] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 161.197309][ T7626] [U] [ 161.200118][ T7626] [U] [ 161.202795][ T7626] [U] [ 161.205469][ T7626] [U] [ 161.234288][ T7626] [U] [ 161.237049][ T7626] [U] [ 161.239771][ T7626] [U] [ 161.242485][ T7626] [U] [ 161.252667][ T7626] [U] [ 161.255423][ T7626] [U] [ 161.258139][ T7626] [U] [ 161.260853][ T7626] [U] [ 161.332145][ T7626] [U] [ 161.334889][ T7626] [U] [ 161.337606][ T7626] [U] [ 161.340296][ T7626] [U] [ 161.518958][ T7626] [U] [ 161.521716][ T7626] [U] [ 161.524415][ T7626] [U] [ 161.527090][ T7626] [U] [ 161.588459][ T7626] [U] [ 161.591221][ T7626] [U] [ 161.593919][ T7626] [U] [ 161.596627][ T7626] [U] [ 161.602773][ T7625] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 161.640681][ T7626] [U] [ 161.643394][ T7626] [U] [ 161.646067][ T7626] [U] [ 161.648742][ T7626] [U] [ 161.745188][ T7626] [U] [ 161.747899][ T7626] [U] [ 161.750572][ T7626] [U] [ 161.753250][ T7626] [U] [ 161.861631][ T7626] [U] [ 161.864391][ T7626] [U] [ 161.867106][ T7626] [U] [ 161.869801][ T7626] [U] [ 161.920981][ T7626] [U] [ 162.291564][ T7637] ======================================================= [ 162.291564][ T7637] WARNING: The mand mount option has been deprecated and [ 162.291564][ T7637] and is ignored by this kernel. Remove the mand [ 162.291564][ T7637] option from the mount to silence this warning. [ 162.291564][ T7637] ======================================================= [ 163.861554][ T7682] netlink: 'syz.0.450': attribute type 28 has an invalid length. [ 163.900011][ T7682] netlink: 'syz.0.450': attribute type 3 has an invalid length. [ 163.935464][ T7682] netlink: 306 bytes leftover after parsing attributes in process `syz.0.450'. [ 164.662018][ T7701] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [2147479552]. [ 165.778892][ T7726] netlink: 'syz.3.462': attribute type 28 has an invalid length. [ 165.786756][ T7726] netlink: 'syz.3.462': attribute type 3 has an invalid length. [ 165.794500][ T7726] netlink: 306 bytes leftover after parsing attributes in process `syz.3.462'. [ 167.315581][ T30] audit: type=1326 audit(1766274761.033:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7755 comm="syz.2.471" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbda0d8f7c9 code=0x0 [ 168.193306][ T7777] netlink: 12 bytes leftover after parsing attributes in process `syz.1.476'. [ 169.322912][ T7793] vhci_hcd vhci_hcd.0: invalid port number 16 [ 170.345609][ T7815] FAULT_INJECTION: forcing a failure. [ 170.345609][ T7815] name failslab, interval 1, probability 0, space 0, times 0 [ 170.358433][ T7815] CPU: 1 UID: 0 PID: 7815 Comm: syz.2.485 Not tainted syzkaller #0 PREEMPT(full) [ 170.358453][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 170.358461][ T7815] Call Trace: [ 170.358467][ T7815] [ 170.358472][ T7815] dump_stack_lvl+0x16c/0x1f0 [ 170.358496][ T7815] should_fail_ex+0x512/0x640 [ 170.358511][ T7815] ? __kmalloc_node_noprof+0xcd/0x930 [ 170.358532][ T7815] should_failslab+0xc2/0x120 [ 170.358552][ T7815] __kmalloc_node_noprof+0xee/0x930 [ 170.358569][ T7815] ? user_buffer_init+0x4d0/0x750 [ 170.358613][ T7815] ? user_buffer_init+0x4d0/0x750 [ 170.358639][ T7815] user_buffer_init+0x4d0/0x750 [ 170.358675][ T7815] tracing_mark_open+0x19d/0x220 [ 170.358707][ T7815] do_dentry_open+0x748/0x1590 [ 170.358737][ T7815] ? __pfx_tracing_mark_open+0x10/0x10 [ 170.358776][ T7815] vfs_open+0x82/0x3f0 [ 170.358805][ T7815] path_openat+0x2078/0x3140 [ 170.358850][ T7815] ? __pfx_path_openat+0x10/0x10 [ 170.358896][ T7815] do_filp_open+0x20b/0x470 [ 170.358929][ T7815] ? __pfx_do_filp_open+0x10/0x10 [ 170.358988][ T7815] ? alloc_fd+0x471/0x7d0 [ 170.359030][ T7815] do_sys_openat2+0x121/0x290 [ 170.359056][ T7815] ? __pfx_do_sys_openat2+0x10/0x10 [ 170.359096][ T7815] __x64_sys_openat+0x174/0x210 [ 170.359123][ T7815] ? __pfx___x64_sys_openat+0x10/0x10 [ 170.359164][ T7815] do_syscall_64+0xcd/0xf80 [ 170.359198][ T7815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.359221][ T7815] RIP: 0033:0x7fbda0d8f7c9 [ 170.359239][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.359263][ T7815] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 170.359285][ T7815] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 170.359301][ T7815] RDX: 0000000000000201 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 170.359316][ T7815] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 170.359331][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.359342][ T7815] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 170.359373][ T7815] [ 172.022273][ T7850] netlink: 8 bytes leftover after parsing attributes in process `syz.0.490'. [ 173.164308][ T30] audit: type=1326 audit(1766274766.873:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7879 comm="syz.0.494" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4778d8f7c9 code=0x0 [ 173.493434][ T7894] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 175.287303][ T7928] netlink: set zone limit has 8 unknown bytes [ 175.382137][ T7928] netlink: zone id is out of range [ 178.684016][ T7974] FAULT_INJECTION: forcing a failure. [ 178.684016][ T7974] name failslab, interval 1, probability 0, space 0, times 0 [ 178.704961][ T7979] netlink: 12 bytes leftover after parsing attributes in process `syz.1.518'. [ 178.747060][ T7974] CPU: 0 UID: 0 PID: 7974 Comm: syz.2.517 Not tainted syzkaller #0 PREEMPT(full) [ 178.747095][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.747109][ T7974] Call Trace: [ 178.747117][ T7974] [ 178.747131][ T7974] dump_stack_lvl+0x16c/0x1f0 [ 178.747174][ T7974] should_fail_ex+0x512/0x640 [ 178.747199][ T7974] ? __kmalloc_noprof+0xca/0x910 [ 178.747230][ T7974] should_failslab+0xc2/0x120 [ 178.747264][ T7974] __kmalloc_noprof+0xeb/0x910 [ 178.747291][ T7974] ? nfc_llcp_build_tlv+0xff/0x260 [ 178.747329][ T7974] ? nfc_llcp_build_tlv+0xff/0x260 [ 178.747358][ T7974] nfc_llcp_build_tlv+0xff/0x260 [ 178.747393][ T7974] nfc_llcp_build_gb.isra.0+0xed/0x3f0 [ 178.747426][ T7974] ? __pfx_nfc_llcp_build_gb.isra.0+0x10/0x10 [ 178.747454][ T7974] ? __pfx___debug_object_init+0x10/0x10 [ 178.747496][ T7974] ? lockdep_init_map_type+0x5c/0x270 [ 178.747524][ T7974] ? lockdep_init_map_type+0x5c/0x270 [ 178.747553][ T7974] nfc_llcp_register_device+0x600/0xa60 [ 178.747588][ T7974] nfc_register_device+0x6d/0x410 [ 178.747625][ T7974] nci_register_device+0x7f1/0xb80 [ 178.747655][ T7974] ? __pfx_nci_register_device+0x10/0x10 [ 178.747688][ T7974] ? lockdep_init_map_type+0x5c/0x270 [ 178.747719][ T7974] virtual_ncidev_open+0x141/0x220 [ 178.747756][ T7974] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 178.747790][ T7974] misc_open+0x26d/0x450 [ 178.747816][ T7974] ? __pfx_misc_open+0x10/0x10 [ 178.747842][ T7974] chrdev_open+0x234/0x6a0 [ 178.747874][ T7974] ? __pfx_apparmor_file_open+0x10/0x10 [ 178.747905][ T7974] ? __pfx_chrdev_open+0x10/0x10 [ 178.747943][ T7974] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 178.747988][ T7974] do_dentry_open+0x748/0x1590 [ 178.748020][ T7974] ? __pfx_chrdev_open+0x10/0x10 [ 178.748063][ T7974] vfs_open+0x82/0x3f0 [ 178.748094][ T7974] path_openat+0x2078/0x3140 [ 178.748139][ T7974] ? __pfx_path_openat+0x10/0x10 [ 178.748185][ T7974] do_filp_open+0x20b/0x470 [ 178.748219][ T7974] ? __pfx_do_filp_open+0x10/0x10 [ 178.748279][ T7974] ? alloc_fd+0x471/0x7d0 [ 178.748321][ T7974] do_sys_openat2+0x121/0x290 [ 178.748348][ T7974] ? __pfx_do_sys_openat2+0x10/0x10 [ 178.748376][ T7974] ? find_held_lock+0x2b/0x80 [ 178.748414][ T7974] __x64_sys_openat+0x174/0x210 [ 178.748441][ T7974] ? __pfx___x64_sys_openat+0x10/0x10 [ 178.748483][ T7974] do_syscall_64+0xcd/0xf80 [ 178.748520][ T7974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.748544][ T7974] RIP: 0033:0x7fbda0d8f7c9 [ 178.748563][ T7974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.748587][ T7974] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 178.748610][ T7974] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 178.748626][ T7974] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 178.748641][ T7974] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 178.748655][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.748669][ T7974] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 178.748711][ T7974] [ 179.627986][ T7990] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.911533][ T7990] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.978716][ T8000] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 180.153291][ T8003] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 180.346669][ T7990] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.666793][ T8013] FAULT_INJECTION: forcing a failure. [ 180.666793][ T8013] name failslab, interval 1, probability 0, space 0, times 0 [ 180.720370][ T8013] CPU: 0 UID: 0 PID: 8013 Comm: syz.2.526 Not tainted syzkaller #0 PREEMPT(full) [ 180.720391][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 180.720400][ T8013] Call Trace: [ 180.720406][ T8013] [ 180.720413][ T8013] dump_stack_lvl+0x16c/0x1f0 [ 180.720444][ T8013] should_fail_ex+0x512/0x640 [ 180.720459][ T8013] ? kmem_cache_alloc_noprof+0x62/0x770 [ 180.720478][ T8013] should_failslab+0xc2/0x120 [ 180.720498][ T8013] kmem_cache_alloc_noprof+0x83/0x770 [ 180.720513][ T8013] ? ptlock_alloc+0x1f/0x70 [ 180.720531][ T8013] ? ptlock_alloc+0x1f/0x70 [ 180.720543][ T8013] ptlock_alloc+0x1f/0x70 [ 180.720556][ T8013] pte_alloc_one+0x84/0x3d0 [ 180.720573][ T8013] do_fault+0x8b8/0x1ad0 [ 180.720590][ T8013] ? __pfx_filemap_map_pages+0x10/0x10 [ 180.720605][ T8013] ? __pmd_alloc+0x6aa/0x9c0 [ 180.720624][ T8013] __handle_mm_fault+0x1919/0x2bb0 [ 180.720642][ T8013] ? __pfx___handle_mm_fault+0x10/0x10 [ 180.720666][ T8013] ? find_vma+0xbf/0x140 [ 180.720682][ T8013] ? __pfx_find_vma+0x10/0x10 [ 180.720700][ T8013] handle_mm_fault+0x3fe/0xad0 [ 180.720717][ T8013] do_user_addr_fault+0x7a6/0x1370 [ 180.720734][ T8013] ? rcu_is_watching+0x12/0xc0 [ 180.720754][ T8013] exc_page_fault+0x64/0xc0 [ 180.720773][ T8013] asm_exc_page_fault+0x26/0x30 [ 180.720785][ T8013] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 180.720801][ T8013] Code: c4 10 e9 44 81 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 0d 81 04 00 66 66 [ 180.720813][ T8013] RSP: 0018:ffffc9000c457d60 EFLAGS: 00050202 [ 180.720823][ T8013] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 180.720831][ T8013] RDX: fffff5200188afba RSI: 0000000000000000 RDI: ffffc9000c457dd0 [ 180.720839][ T8013] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff5200188afba [ 180.720847][ T8013] R10: 0000000000000003 R11: ffff8880281f66b0 R12: 0000000000000000 [ 180.720854][ T8013] R13: ffffc9000c457dd0 R14: 0000000000000000 R15: 0000000000000000 [ 180.720871][ T8013] _copy_from_user+0x98/0xd0 [ 180.720886][ T8013] do_sock_getsockopt+0x3a1/0x410 [ 180.720907][ T8013] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 180.720924][ T8013] ? __fget_files+0x204/0x3c0 [ 180.720951][ T8013] __sys_getsockopt+0x123/0x1b0 [ 180.720971][ T8013] __x64_sys_getsockopt+0xbd/0x160 [ 180.720985][ T8013] ? do_syscall_64+0x91/0xf80 [ 180.721002][ T8013] ? lockdep_hardirqs_on+0x7c/0x110 [ 180.721020][ T8013] do_syscall_64+0xcd/0xf80 [ 180.721039][ T8013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.721051][ T8013] RIP: 0033:0x7fbda0d8f7c9 [ 180.721062][ T8013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.721074][ T8013] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 180.721086][ T8013] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 180.721094][ T8013] RDX: 0000000000000001 RSI: 000000000000011c RDI: 0000000000000003 [ 180.721101][ T8013] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 180.721109][ T8013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.721116][ T8013] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 180.721134][ T8013] [ 181.120350][ T7990] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.376477][ T8016] ubi0: attaching mtd0 [ 181.382352][ T8016] ubi0: scanning is finished [ 181.407683][ T8016] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 181.510792][ T8016] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 181.581971][ T8017] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.527'. [ 183.214216][ T8057] netlink: 12 bytes leftover after parsing attributes in process `syz.1.533'. [ 183.548497][ T8062] mmap: syz.2.534 (8062) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 183.806259][ T8069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.535'. [ 184.902384][ T8077] FAULT_INJECTION: forcing a failure. [ 184.902384][ T8077] name failslab, interval 1, probability 0, space 0, times 0 [ 184.915102][ T8077] CPU: 1 UID: 0 PID: 8077 Comm: syz.0.537 Not tainted syzkaller #0 PREEMPT(full) [ 184.915132][ T8077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 184.915146][ T8077] Call Trace: [ 184.915154][ T8077] [ 184.915163][ T8077] dump_stack_lvl+0x16c/0x1f0 [ 184.915203][ T8077] should_fail_ex+0x512/0x640 [ 184.915235][ T8077] ? lockdep_hardirqs_on+0x7c/0x110 [ 184.915274][ T8077] should_failslab+0xc2/0x120 [ 184.915306][ T8077] kmem_cache_alloc_noprof+0x83/0x770 [ 184.915334][ T8077] ? do_raw_spin_lock+0x12c/0x2b0 [ 184.915357][ T8077] ? inet_bind_bucket_create+0x2d/0x280 [ 184.915393][ T8077] ? inet_bind_bucket_create+0x2d/0x280 [ 184.915418][ T8077] inet_bind_bucket_create+0x2d/0x280 [ 184.915448][ T8077] inet_csk_get_port+0x117d/0x2890 [ 184.915495][ T8077] ? trace_inet_sock_set_state+0x194/0x1f0 [ 184.915522][ T8077] ? __pfx_inet_csk_get_port+0x10/0x10 [ 184.915550][ T8077] inet_csk_listen_start+0x158/0x380 [ 184.915596][ T8077] __inet_listen_sk+0x20f/0x520 [ 184.915623][ T8077] ? __pfx___inet_listen_sk+0x10/0x10 [ 184.915650][ T8077] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 184.915685][ T8077] ? __local_bh_enable_ip+0xa4/0x120 [ 184.915720][ T8077] inet_listen+0x93/0xd0 [ 184.915748][ T8077] __sys_listen_socket+0x117/0x160 [ 184.915772][ T8077] __sys_listen+0xa7/0x130 [ 184.915794][ T8077] __x64_sys_listen+0x53/0x80 [ 184.915816][ T8077] do_syscall_64+0xcd/0xf80 [ 184.915850][ T8077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.915873][ T8077] RIP: 0033:0x7f4778d8f7c9 [ 184.915894][ T8077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.915934][ T8077] RSP: 002b:00007f4779c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 184.915956][ T8077] RAX: ffffffffffffffda RBX: 00007f4778fe5fa0 RCX: 00007f4778d8f7c9 [ 184.915972][ T8077] RDX: 0000000000000000 RSI: 00000000000000a1 RDI: 0000000000000003 [ 184.915986][ T8077] RBP: 00007f4778e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 184.915998][ T8077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.916011][ T8077] R13: 00007f4778fe6038 R14: 00007f4778fe5fa0 R15: 00007ffd196d5df8 [ 184.916044][ T8077] [ 186.130050][ T8089] bond0: option all_slaves_active: invalid value () [ 186.928111][ T8104] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input17 [ 188.255722][ T8125] FAULT_INJECTION: forcing a failure. [ 188.255722][ T8125] name fail_futex, interval 1, probability 0, space 0, times 0 [ 188.284353][ T8125] CPU: 1 UID: 0 PID: 8125 Comm: syz.0.549 Not tainted syzkaller #0 PREEMPT(full) [ 188.284390][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 188.284405][ T8125] Call Trace: [ 188.284414][ T8125] [ 188.284424][ T8125] dump_stack_lvl+0x16c/0x1f0 [ 188.284464][ T8125] should_fail_ex+0x512/0x640 [ 188.284496][ T8125] get_futex_key+0x1d0/0x15f0 [ 188.284528][ T8125] ? __pfx_get_futex_key+0x10/0x10 [ 188.284566][ T8125] futex_wait_setup+0x9d/0x570 [ 188.284609][ T8125] __futex_wait+0x193/0x2f0 [ 188.284641][ T8125] ? __pfx___futex_wait+0x10/0x10 [ 188.284678][ T8125] ? __pfx_futex_wake_mark+0x10/0x10 [ 188.284713][ T8125] ? futex_hash+0x2c5/0x380 [ 188.284742][ T8125] ? futex_private_hash_put+0x160/0x1b0 [ 188.284771][ T8125] futex_wait+0xe8/0x380 [ 188.284800][ T8125] ? __pfx_futex_wait+0x10/0x10 [ 188.284839][ T8125] ? __might_fault+0xe3/0x190 [ 188.284863][ T8125] ? __might_fault+0x13b/0x190 [ 188.284908][ T8125] do_futex+0x229/0x350 [ 188.284937][ T8125] ? __pfx_do_futex+0x10/0x10 [ 188.284964][ T8125] ? fput+0x70/0xf0 [ 188.284987][ T8125] ? __sys_connect+0xe0/0x160 [ 188.285016][ T8125] __x64_sys_futex+0x1e0/0x4c0 [ 188.285048][ T8125] ? __pfx___x64_sys_futex+0x10/0x10 [ 188.285075][ T8125] ? xfd_validate_state+0x61/0x180 [ 188.285096][ T8125] ? __pfx_ksys_write+0x10/0x10 [ 188.285138][ T8125] do_syscall_64+0xcd/0xf80 [ 188.285174][ T8125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.285198][ T8125] RIP: 0033:0x7f4778d8f7c9 [ 188.285219][ T8125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.285242][ T8125] RSP: 002b:00007f4779c430e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 188.285266][ T8125] RAX: ffffffffffffffda RBX: 00007f4778fe5fa8 RCX: 00007f4778d8f7c9 [ 188.285282][ T8125] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4778fe5fa8 [ 188.285296][ T8125] RBP: 00007f4778fe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 188.285311][ T8125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.285325][ T8125] R13: 00007f4778fe6038 R14: 00007ffd196d5d10 R15: 00007ffd196d5df8 [ 188.285361][ T8125] [ 188.366222][ T8131] ptrace attach of "./syz-executor exec"[5829] was attempted by ""[8131] [ 188.583236][ T8125] NFSD: Failed to start, no listeners configured. [ 188.728438][ T5838] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 188.728474][ T5838] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 188.763878][ T5838] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 188.796203][ T8126] program syz.1.547 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 190.687032][ T8177] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 190.693834][ T8177] hsr_slave_1: hsr_addr_subst_dest: Unknown node “[ 193.955041][ T8268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.580'. [ 194.342389][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.362059][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.969802][ T30] audit: type=1804 audit(1766274789.683:5): pid=8292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.584" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 197.792686][ T30] audit: type=1800 audit(1766274791.503:6): pid=8331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.595" name="lu_gp_id" dev="configfs" ino=21930 res=0 errno=0 [ 197.907644][ T8336] lo: entered allmulticast mode [ 197.912605][ T8336] lo: left allmulticast mode [ 198.036594][ T8337] zswap: compressor û not available [ 198.046195][ T8340] Setting dangerous option i915.mitigations - tainting kernel [ 198.056067][ T8339] Setting dangerous option i915.mitigations - tainting kernel [ 199.104968][ T8362] bond0: Unable to set up delay as MII monitoring is disabled [ 200.057470][ T8377] FAULT_INJECTION: forcing a failure. [ 200.057470][ T8377] name failslab, interval 1, probability 0, space 0, times 0 [ 200.094727][ T8377] CPU: 0 UID: 0 PID: 8377 Comm: syz.2.603 Tainted: G U syzkaller #0 PREEMPT(full) [ 200.094766][ T8377] Tainted: [U]=USER [ 200.094775][ T8377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 200.094789][ T8377] Call Trace: [ 200.094797][ T8377] [ 200.094807][ T8377] dump_stack_lvl+0x16c/0x1f0 [ 200.094848][ T8377] should_fail_ex+0x512/0x640 [ 200.094872][ T8377] ? __kmalloc_cache_noprof+0x5f/0x800 [ 200.094903][ T8377] should_failslab+0xc2/0x120 [ 200.094935][ T8377] __kmalloc_cache_noprof+0x80/0x800 [ 200.094960][ T8377] ? __thp_vma_allowable_orders+0x1c8/0xcd0 [ 200.094983][ T8377] ? madvise_collapse+0x1a9/0xa40 [ 200.095012][ T8377] ? madvise_collapse+0x1a9/0xa40 [ 200.095035][ T8377] madvise_collapse+0x1a9/0xa40 [ 200.095059][ T8377] ? find_held_lock+0x2b/0x80 [ 200.095088][ T8377] ? finish_task_switch.isra.0+0x202/0xbd0 [ 200.095122][ T8377] ? __pfx_madvise_collapse+0x10/0x10 [ 200.095144][ T8377] ? finish_task_switch.isra.0+0x207/0xbd0 [ 200.095173][ T8377] ? lockdep_hardirqs_on+0x11/0x110 [ 200.095216][ T8377] madvise_vma_behavior+0xe8a/0x29e0 [ 200.095241][ T8377] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 200.095274][ T8377] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 200.095298][ T8377] ? mas_prev+0x9b/0xf0 [ 200.095318][ T8377] ? __pfx_mas_prev+0x10/0x10 [ 200.095348][ T8377] ? find_vma_prev+0xd3/0x150 [ 200.095377][ T8377] ? find_held_lock+0x2b/0x80 [ 200.095404][ T8377] ? __pfx_find_vma_prev+0x10/0x10 [ 200.095448][ T8377] ? __futex_wait+0x24b/0x2f0 [ 200.095493][ T8377] madvise_walk_vmas+0x31f/0xac0 [ 200.095523][ T8377] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 200.095559][ T8377] madvise_do_behavior+0x1e2/0x530 [ 200.095582][ T8377] ? futex_private_hash_put+0x160/0x1b0 [ 200.095609][ T8377] ? __pfx_madvise_do_behavior+0x10/0x10 [ 200.095635][ T8377] ? down_read+0x13d/0x460 [ 200.095675][ T8377] do_madvise+0x176/0x240 [ 200.095697][ T8377] ? __pfx_do_madvise+0x10/0x10 [ 200.095718][ T8377] ? do_futex+0x122/0x350 [ 200.095770][ T8377] ? syscall_user_dispatch+0x78/0x140 [ 200.095805][ T8377] __x64_sys_madvise+0xa9/0x110 [ 200.095829][ T8377] do_syscall_64+0xcd/0xf80 [ 200.095863][ T8377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.095888][ T8377] RIP: 0033:0x7fbda0d8f7c9 [ 200.095908][ T8377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.095931][ T8377] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 200.095954][ T8377] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 200.095970][ T8377] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 200.095985][ T8377] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 200.096000][ T8377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 200.096015][ T8377] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 200.096050][ T8377] [ 201.501682][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.606'. [ 201.585235][ T8449] netlink: 'syz.0.606': attribute type 1 has an invalid length. [ 201.620944][ T8449] netlink: 5 bytes leftover after parsing attributes in process `syz.0.606'. [ 202.486677][ T8465] netlink: 13 bytes leftover after parsing attributes in process `syz.0.613'. [ 204.057700][ T8506] __vm_enough_memory: pid: 8506, comm: syz.1.625, bytes: 8589938688 not enough memory for the allocation [ 207.727412][ T30] audit: type=1800 audit(1766274801.443:7): pid=8587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.638" name="dbroot" dev="configfs" ino=23313 res=0 errno=0 [ 209.088692][ T8621] busy [ 214.422648][ T8736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.677'. [ 214.717527][ T8747] netlink: 354 bytes leftover after parsing attributes in process `syz.3.679'. [ 215.185642][ T8757] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 216.075126][ T8758] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 216.127053][ T8776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.684'. [ 216.655030][ T8785] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 217.289869][ T8790] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 217.339967][ T8790] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 217.363018][ T8790] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 217.375930][ T8790] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 217.422998][ T8790] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 217.904350][ T8808] FAULT_INJECTION: forcing a failure. [ 217.904350][ T8808] name fail_futex, interval 1, probability 0, space 0, times 0 [ 217.987097][ T8808] CPU: 1 UID: 0 PID: 8808 Comm: syz.1.691 Tainted: G U syzkaller #0 PREEMPT(full) [ 217.987137][ T8808] Tainted: [U]=USER [ 217.987145][ T8808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 217.987160][ T8808] Call Trace: [ 217.987168][ T8808] [ 217.987177][ T8808] dump_stack_lvl+0x16c/0x1f0 [ 217.987219][ T8808] should_fail_ex+0x512/0x640 [ 217.987250][ T8808] get_futex_key+0x1d0/0x15f0 [ 217.987289][ T8808] ? __pfx_get_futex_key+0x10/0x10 [ 217.987328][ T8808] futex_wait_setup+0x9d/0x570 [ 217.987371][ T8808] __futex_wait+0x193/0x2f0 [ 217.987403][ T8808] ? __pfx___futex_wait+0x10/0x10 [ 217.987435][ T8808] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 217.987472][ T8808] ? __pfx_futex_wake_mark+0x10/0x10 [ 217.987510][ T8808] ? futex_hash+0x2c5/0x380 [ 217.987538][ T8808] ? futex_private_hash_put+0x160/0x1b0 [ 217.987566][ T8808] futex_wait+0xe8/0x380 [ 217.987596][ T8808] ? __pfx_futex_wait+0x10/0x10 [ 217.987635][ T8808] ? __fget_files+0x204/0x3c0 [ 217.987674][ T8808] do_futex+0x229/0x350 [ 217.987700][ T8808] ? __pfx_do_futex+0x10/0x10 [ 217.987725][ T8808] ? __fget_files+0x204/0x3c0 [ 217.987763][ T8808] __x64_sys_futex+0x1e0/0x4c0 [ 217.987795][ T8808] ? __pfx___x64_sys_futex+0x10/0x10 [ 217.987822][ T8808] ? __sys_setsockopt+0x140/0x1a0 [ 217.987861][ T8808] do_syscall_64+0xcd/0xf80 [ 217.987896][ T8808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.987920][ T8808] RIP: 0033:0x7efc1d98f7c9 [ 217.987941][ T8808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.987963][ T8808] RSP: 002b:00007efc1e84b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 217.987986][ T8808] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa8 RCX: 00007efc1d98f7c9 [ 217.988003][ T8808] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efc1dbe5fa8 [ 217.988018][ T8808] RBP: 00007efc1dbe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 217.988034][ T8808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.988048][ T8808] R13: 00007efc1dbe6038 R14: 00007ffd3a4468d0 R15: 00007ffd3a4469b8 [ 217.988083][ T8808] [ 218.356096][ T8815] netlink: 12 bytes leftover after parsing attributes in process `syz.2.697'. [ 218.943616][ T8841] netlink: 28 bytes leftover after parsing attributes in process `syz.1.701'. [ 219.294119][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 219.374772][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 219.380926][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 219.454023][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 219.578630][ T8857] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 219.644368][ T8855] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.657382][ T8855] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 219.666021][ T8855] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 219.675134][ T8855] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 219.747642][ T8866] FAULT_INJECTION: forcing a failure. [ 219.747642][ T8866] name failslab, interval 1, probability 0, space 0, times 0 [ 219.779635][ T8866] CPU: 0 UID: 0 PID: 8866 Comm: syz.2.707 Tainted: G U syzkaller #0 PREEMPT(full) [ 219.779671][ T8866] Tainted: [U]=USER [ 219.779682][ T8866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 219.779694][ T8866] Call Trace: [ 219.779701][ T8866] [ 219.779710][ T8866] dump_stack_lvl+0x16c/0x1f0 [ 219.779745][ T8866] should_fail_ex+0x512/0x640 [ 219.779767][ T8866] ? kmem_cache_alloc_noprof+0x62/0x770 [ 219.779797][ T8866] should_failslab+0xc2/0x120 [ 219.779826][ T8866] kmem_cache_alloc_noprof+0x83/0x770 [ 219.779851][ T8866] ? mas_alloc_nodes+0x27b/0x380 [ 219.779882][ T8866] ? mas_alloc_nodes+0x27b/0x380 [ 219.779906][ T8866] mas_alloc_nodes+0x27b/0x380 [ 219.779935][ T8866] mas_preallocate+0x5e3/0xee0 [ 219.779971][ T8866] ? __pfx_mas_preallocate+0x10/0x10 [ 219.780007][ T8866] ? vm_area_alloc+0x1f/0x160 [ 219.780032][ T8866] ? lockdep_init_map_type+0x5c/0x270 [ 219.780059][ T8866] __mmap_region+0x1262/0x2a00 [ 219.780088][ T8866] ? __lock_acquire+0x436/0x2890 [ 219.780107][ T8866] ? __pfx___mmap_region+0x10/0x10 [ 219.780141][ T8866] ? lock_acquire+0x179/0x330 [ 219.780176][ T8866] ? finish_task_switch.isra.0+0x207/0xbd0 [ 219.780272][ T8866] ? rcu_is_watching+0x12/0xc0 [ 219.780309][ T8866] mmap_region+0x1ab/0x3f0 [ 219.780335][ T8866] ? __get_unmapped_area+0x267/0x3f0 [ 219.780369][ T8866] do_mmap+0xa3e/0x1210 [ 219.780406][ T8866] ? __pfx_do_mmap+0x10/0x10 [ 219.780436][ T8866] ? __pfx_down_write_killable+0x10/0x10 [ 219.780467][ T8866] vm_mmap_pgoff+0x29e/0x470 [ 219.780504][ T8866] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 219.780537][ T8866] ? __x64_sys_futex+0x1e0/0x4c0 [ 219.780559][ T8866] ? __x64_sys_futex+0x1e9/0x4c0 [ 219.780585][ T8866] ksys_mmap_pgoff+0x7d/0x5c0 [ 219.780612][ T8866] ? xfd_validate_state+0x61/0x180 [ 219.780636][ T8866] __x64_sys_mmap+0x125/0x190 [ 219.780663][ T8866] do_syscall_64+0xcd/0xf80 [ 219.780697][ T8866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.780721][ T8866] RIP: 0033:0x7fbda0d8f7c9 [ 219.780740][ T8866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.780761][ T8866] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 219.780783][ T8866] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 219.780798][ T8866] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 219.780812][ T8866] RBP: 00007fbda0e13f91 R08: fffffffffffffffa R09: 0000000000008000 [ 219.780827][ T8866] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 219.780840][ T8866] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 219.780874][ T8866] [ 220.141529][ T8856] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 220.910081][ T5838] Bluetooth: hci2: unexpected event 0x36 length: 123 > 7 [ 221.174319][ T8889] binder: BINDER_SET_CONTEXT_MGR already set [ 221.189699][ T8889] binder: 8886:8889 ioctl 4018620d 9 returned -16 [ 221.434939][ T8901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.717'. [ 221.694118][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.700152][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.706234][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.712239][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 222.127566][ T8917] FAULT_INJECTION: forcing a failure. [ 222.127566][ T8917] name failslab, interval 1, probability 0, space 0, times 0 [ 222.259714][ T8917] CPU: 1 UID: 0 PID: 8917 Comm: syz.1.722 Tainted: G U syzkaller #0 PREEMPT(full) [ 222.259743][ T8917] Tainted: [U]=USER [ 222.259748][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 222.259756][ T8917] Call Trace: [ 222.259760][ T8917] [ 222.259766][ T8917] dump_stack_lvl+0x16c/0x1f0 [ 222.259789][ T8917] should_fail_ex+0x512/0x640 [ 222.259804][ T8917] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 222.259823][ T8917] should_failslab+0xc2/0x120 [ 222.259843][ T8917] kmem_cache_alloc_node_noprof+0x86/0x800 [ 222.259858][ T8917] ? __alloc_skb+0x156/0x410 [ 222.259872][ T8917] ? __alloc_skb+0x35d/0x410 [ 222.259888][ T8917] ? __alloc_skb+0x156/0x410 [ 222.259900][ T8917] __alloc_skb+0x156/0x410 [ 222.259912][ T8917] ? __alloc_skb+0x35d/0x410 [ 222.259925][ T8917] ? __pfx___alloc_skb+0x10/0x10 [ 222.259939][ T8917] ? _raw_spin_unlock_irqrestore+0x40/0x80 [ 222.259959][ T8917] ? __pfx___might_resched+0x10/0x10 [ 222.259977][ T8917] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 222.259994][ T8917] ? __wake_up+0x3f/0x60 [ 222.260014][ T8917] netlink_alloc_large_skb+0x69/0x140 [ 222.260035][ T8917] netlink_sendmsg+0x698/0xdd0 [ 222.260056][ T8917] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.260077][ T8917] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 222.260101][ T8917] __sys_sendto+0x4a3/0x520 [ 222.260116][ T8917] ? __pfx___sys_sendto+0x10/0x10 [ 222.260137][ T8917] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 222.260156][ T8917] ? count_memcg_events+0x122/0x290 [ 222.260185][ T8917] __x64_sys_sendto+0xe0/0x1c0 [ 222.260199][ T8917] ? do_syscall_64+0x91/0xf80 [ 222.260217][ T8917] ? lockdep_hardirqs_on+0x7c/0x110 [ 222.260239][ T8917] do_syscall_64+0xcd/0xf80 [ 222.260259][ T8917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.260273][ T8917] RIP: 0033:0x7efc1d99165c [ 222.260284][ T8917] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 222.260296][ T8917] RSP: 002b:00007efc1e849ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 222.260309][ T8917] RAX: ffffffffffffffda RBX: 00007efc1e849fc0 RCX: 00007efc1d99165c [ 222.260319][ T8917] RDX: 0000000000000020 RSI: 00007efc1e84a010 RDI: 0000000000000004 [ 222.260326][ T8917] RBP: 0000000000000000 R08: 00007efc1e849f14 R09: 000000000000000c [ 222.260334][ T8917] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 222.260342][ T8917] R13: 00007efc1e849f68 R14: 00007efc1e84a010 R15: 0000000000000000 [ 222.260360][ T8917] [ 223.489555][ T8947] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 223.514532][ T8950] usb usb3: usbfs: interface 0 claimed by hub while 'syz.2.729' sets config #-1 [ 223.537936][ T8947] FAULT_INJECTION: forcing a failure. [ 223.537936][ T8947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.567046][ T8947] CPU: 0 UID: 0 PID: 8947 Comm: syz.0.730 Tainted: G U syzkaller #0 PREEMPT(full) [ 223.567079][ T8947] Tainted: [U]=USER [ 223.567083][ T8947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 223.567092][ T8947] Call Trace: [ 223.567098][ T8947] [ 223.567104][ T8947] dump_stack_lvl+0x16c/0x1f0 [ 223.567128][ T8947] should_fail_ex+0x512/0x640 [ 223.567146][ T8947] strncpy_from_user+0x3b/0x2e0 [ 223.567162][ T8947] getname_flags.part.0+0x8f/0x550 [ 223.567180][ T8947] getname_flags+0x93/0xf0 [ 223.567196][ T8947] do_sys_openat2+0xb9/0x290 [ 223.567211][ T8947] ? __pfx_do_sys_openat2+0x10/0x10 [ 223.567233][ T8947] __x64_sys_openat+0x174/0x210 [ 223.567248][ T8947] ? __pfx___x64_sys_openat+0x10/0x10 [ 223.567270][ T8947] do_syscall_64+0xcd/0xf80 [ 223.567290][ T8947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.567304][ T8947] RIP: 0033:0x7f4778d8f7c9 [ 223.567316][ T8947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.567329][ T8947] RSP: 002b:00007f4779c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 223.567342][ T8947] RAX: ffffffffffffffda RBX: 00007f4778fe5fa0 RCX: 00007f4778d8f7c9 [ 223.567351][ T8947] RDX: 0000000000000001 RSI: 00002000000017c0 RDI: ffffffffffffff9c [ 223.567359][ T8947] RBP: 00007f4778e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 223.567366][ T8947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.567374][ T8947] R13: 00007f4778fe6038 R14: 00007f4778fe5fa0 R15: 00007ffd196d5df8 [ 223.567392][ T8947] [ 224.073641][ T30] audit: type=1800 audit(1766274817.783:8): pid=8958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.734" name="dbroot" dev="configfs" ino=26663 res=0 errno=0 [ 224.406446][ T5838] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 224.406481][ T5838] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 224.426701][ T5838] Bluetooth: hci3: Dropping invalid advertising data [ 224.435490][ T5838] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 224.435525][ T5838] Bluetooth: hci3: Dropping invalid advertising data [ 224.449431][ T5838] Bluetooth: hci3: Malformed LE Event: 0x02 [ 225.987556][ T9006] bridge0: port 3(gretap0) entered blocking state [ 226.005860][ T9006] bridge0: port 3(gretap0) entered disabled state [ 226.020979][ T9006] gretap0: entered allmulticast mode [ 226.077556][ T9006] gretap0: entered promiscuous mode [ 226.119341][ T9006] bridge0: port 3(gretap0) entered blocking state [ 226.125887][ T9006] bridge0: port 3(gretap0) entered forwarding state [ 226.595851][ T9029] random: crng reseeded on system resumption [ 227.134708][ T9055] zram0: detected capacity change from 0 to 8 [ 227.325702][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.758'. [ 228.872310][ T9103] netlink: 342 bytes leftover after parsing attributes in process `syz.3.767'. [ 229.912323][ T9120] FAULT_INJECTION: forcing a failure. [ 229.912323][ T9120] name failslab, interval 1, probability 0, space 0, times 0 [ 229.925698][ T9120] CPU: 0 UID: 0 PID: 9120 Comm: syz.2.769 Tainted: G U syzkaller #0 PREEMPT(full) [ 229.925735][ T9120] Tainted: [U]=USER [ 229.925744][ T9120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 229.925756][ T9120] Call Trace: [ 229.925764][ T9120] [ 229.925773][ T9120] dump_stack_lvl+0x16c/0x1f0 [ 229.925812][ T9120] should_fail_ex+0x512/0x640 [ 229.925837][ T9120] ? __kmalloc_cache_noprof+0x5f/0x800 [ 229.925879][ T9120] should_failslab+0xc2/0x120 [ 229.925917][ T9120] __kmalloc_cache_noprof+0x80/0x800 [ 229.925942][ T9120] ? percpu_ref_init+0xec/0x410 [ 229.925979][ T9120] ? percpu_ref_init+0xec/0x410 [ 229.926009][ T9120] ? __pfx_css_release+0x10/0x10 [ 229.926036][ T9120] percpu_ref_init+0xec/0x410 [ 229.926064][ T9120] ? init_and_link_css+0x32c/0x700 [ 229.926089][ T9120] cgroup_apply_control_enable+0x50b/0xbb0 [ 229.926134][ T9120] cgroup_mkdir+0x5e0/0x12e0 [ 229.926171][ T9120] ? __pfx_cgroup_mkdir+0x10/0x10 [ 229.926205][ T9120] kernfs_iop_mkdir+0x111/0x190 [ 229.926233][ T9120] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 229.926259][ T9120] vfs_mkdir+0x731/0xb60 [ 229.926293][ T9120] do_mkdirat+0x442/0x5e0 [ 229.926330][ T9120] ? __pfx_do_mkdirat+0x10/0x10 [ 229.926361][ T9120] ? strncpy_from_user+0x203/0x2e0 [ 229.926388][ T9120] ? getname_flags.part.0+0x1c5/0x550 [ 229.926415][ T9120] __x64_sys_mkdir+0xef/0x140 [ 229.926448][ T9120] do_syscall_64+0xcd/0xf80 [ 229.926484][ T9120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.926508][ T9120] RIP: 0033:0x7fbda0d8f7c9 [ 229.926526][ T9120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.926549][ T9120] RSP: 002b:00007fbda1c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 229.926572][ T9120] RAX: ffffffffffffffda RBX: 00007fbda0fe6180 RCX: 00007fbda0d8f7c9 [ 229.926589][ T9120] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 229.926604][ T9120] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 229.926618][ T9120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.926632][ T9120] R13: 00007fbda0fe6218 R14: 00007fbda0fe6180 R15: 00007ffd90ee1198 [ 229.926667][ T9120] [ 230.587621][ T9117] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 230.644070][ T9117] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.695281][ T9117] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 230.716983][ T9117] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 231.635207][ T9155] FAULT_INJECTION: forcing a failure. [ 231.635207][ T9155] name failslab, interval 1, probability 0, space 0, times 0 [ 231.648252][ T9155] CPU: 1 UID: 0 PID: 9155 Comm: syz.1.778 Tainted: G U syzkaller #0 PREEMPT(full) [ 231.648275][ T9155] Tainted: [U]=USER [ 231.648280][ T9155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 231.648288][ T9155] Call Trace: [ 231.648293][ T9155] [ 231.648300][ T9155] dump_stack_lvl+0x16c/0x1f0 [ 231.648325][ T9155] should_fail_ex+0x512/0x640 [ 231.648340][ T9155] ? fs_reclaim_acquire+0xae/0x150 [ 231.648363][ T9155] should_failslab+0xc2/0x120 [ 231.648382][ T9155] kmem_cache_alloc_noprof+0x83/0x770 [ 231.648397][ T9155] ? __pfx_map_id_range_down+0x10/0x10 [ 231.648415][ T9155] ? security_inode_alloc+0x3b/0x2b0 [ 231.648432][ T9155] ? security_inode_alloc+0x3b/0x2b0 [ 231.648445][ T9155] security_inode_alloc+0x3b/0x2b0 [ 231.648458][ T9155] inode_init_always_gfp+0xced/0x1040 [ 231.648480][ T9155] alloc_inode+0x86/0x240 [ 231.648494][ T9155] sock_alloc+0x40/0x280 [ 231.648513][ T9155] __sock_create+0xc2/0x8a0 [ 231.648529][ T9155] __sys_socket+0x14d/0x260 [ 231.648541][ T9155] ? __pfx___sys_socket+0x10/0x10 [ 231.648553][ T9155] ? xfd_validate_state+0x61/0x180 [ 231.648570][ T9155] __x64_sys_socket+0x72/0xb0 [ 231.648581][ T9155] ? lockdep_hardirqs_on+0x7c/0x110 [ 231.648600][ T9155] do_syscall_64+0xcd/0xf80 [ 231.648619][ T9155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.648632][ T9155] RIP: 0033:0x7efc1d9916e7 [ 231.648645][ T9155] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.648657][ T9155] RSP: 002b:00007efc1e828fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 231.648669][ T9155] RAX: ffffffffffffffda RBX: 00007efc1dbe6090 RCX: 00007efc1d9916e7 [ 231.648678][ T9155] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 231.648686][ T9155] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 231.648693][ T9155] R10: 0000200000000440 R11: 0000000000000286 R12: 0000000000000000 [ 231.648700][ T9155] R13: 00007efc1dbe6128 R14: 00007efc1dbe6090 R15: 00007ffd3a4469b8 [ 231.648719][ T9155] [ 231.648740][ T9155] socket: no more sockets [ 231.961437][ T9158] syz.2.779(9158): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 232.388895][ T9166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.780'. [ 232.493811][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 232.623805][ T9173] FAULT_INJECTION: forcing a failure. [ 232.623805][ T9173] name failslab, interval 1, probability 0, space 0, times 0 [ 232.653830][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 232.721748][ T9173] CPU: 0 UID: 0 PID: 9173 Comm: syz.1.781 Tainted: G U syzkaller #0 PREEMPT(full) [ 232.721784][ T9173] Tainted: [U]=USER [ 232.721792][ T9173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 232.721804][ T9173] Call Trace: [ 232.721810][ T9173] [ 232.721816][ T9173] dump_stack_lvl+0x16c/0x1f0 [ 232.721841][ T9173] should_fail_ex+0x512/0x640 [ 232.721856][ T9173] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 232.721882][ T9173] should_failslab+0xc2/0x120 [ 232.721902][ T9173] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 232.721918][ T9173] ? __pfx___might_resched+0x10/0x10 [ 232.721936][ T9173] ? sock_alloc_inode+0x25/0x1c0 [ 232.721959][ T9173] ? __pfx_sock_alloc_inode+0x10/0x10 [ 232.721977][ T9173] ? sock_alloc_inode+0x25/0x1c0 [ 232.721994][ T9173] sock_alloc_inode+0x25/0x1c0 [ 232.722012][ T9173] alloc_inode+0x64/0x240 [ 232.722027][ T9173] sock_alloc+0x40/0x280 [ 232.722045][ T9173] __sock_create+0xc2/0x8a0 [ 232.722060][ T9173] __sys_socket+0x14d/0x260 [ 232.722073][ T9173] ? __pfx___sys_socket+0x10/0x10 [ 232.722085][ T9173] ? xfd_validate_state+0x61/0x180 [ 232.722102][ T9173] __x64_sys_socket+0x72/0xb0 [ 232.722114][ T9173] ? lockdep_hardirqs_on+0x7c/0x110 [ 232.722134][ T9173] do_syscall_64+0xcd/0xf80 [ 232.722154][ T9173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.722168][ T9173] RIP: 0033:0x7efc1d98f7c9 [ 232.722179][ T9173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.722192][ T9173] RSP: 002b:00007efc1e809038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 232.722206][ T9173] RAX: ffffffffffffffda RBX: 00007efc1dbe6180 RCX: 00007efc1d98f7c9 [ 232.722214][ T9173] RDX: 0000000000000073 RSI: 000000000000000a RDI: 0000000000000002 [ 232.722222][ T9173] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 232.722230][ T9173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.722238][ T9173] R13: 00007efc1dbe6218 R14: 00007efc1dbe6180 R15: 00007ffd3a4469b8 [ 232.722255][ T9173] [ 232.722262][ T9173] socket: no more sockets [ 232.743808][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 232.768972][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 233.350510][ T9187] Console: switching to colour VGA+ 80x3 [ 233.972954][ T9206] FAULT_INJECTION: forcing a failure. [ 233.972954][ T9206] name failslab, interval 1, probability 0, space 0, times 0 [ 233.993780][ T9206] CPU: 1 UID: 0 PID: 9206 Comm: syz.1.792 Tainted: G U syzkaller #0 PREEMPT(full) [ 233.993817][ T9206] Tainted: [U]=USER [ 233.993824][ T9206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 233.993837][ T9206] Call Trace: [ 233.993845][ T9206] [ 233.993854][ T9206] dump_stack_lvl+0x16c/0x1f0 [ 233.993892][ T9206] should_fail_ex+0x512/0x640 [ 233.993917][ T9206] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 233.993948][ T9206] should_failslab+0xc2/0x120 [ 233.993967][ T9206] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 233.993984][ T9206] ? __d_alloc+0x35/0xa80 [ 233.993999][ T9206] ? __d_alloc+0x35/0xa80 [ 233.994009][ T9206] __d_alloc+0x35/0xa80 [ 233.994022][ T9206] d_alloc_parallel+0x111/0x1510 [ 233.994043][ T9206] ? find_held_lock+0x2b/0x80 [ 233.994061][ T9206] ? __pfx_d_alloc_parallel+0x10/0x10 [ 233.994079][ T9206] ? __d_lookup+0x266/0x4a0 [ 233.994098][ T9206] lookup_open.isra.0+0x66c/0x1780 [ 233.994119][ T9206] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 233.994146][ T9206] ? mnt_get_write_access+0x1e9/0x2f0 [ 233.994164][ T9206] path_openat+0x12bb/0x3140 [ 233.994188][ T9206] ? __pfx_path_openat+0x10/0x10 [ 233.994213][ T9206] do_filp_open+0x20b/0x470 [ 233.994232][ T9206] ? __pfx_do_filp_open+0x10/0x10 [ 233.994264][ T9206] ? alloc_fd+0x471/0x7d0 [ 233.994287][ T9206] do_sys_openat2+0x121/0x290 [ 233.994302][ T9206] ? __pfx_do_sys_openat2+0x10/0x10 [ 233.994317][ T9206] ? find_held_lock+0x2b/0x80 [ 233.994338][ T9206] __x64_sys_openat+0x174/0x210 [ 233.994352][ T9206] ? __pfx___x64_sys_openat+0x10/0x10 [ 233.994374][ T9206] do_syscall_64+0xcd/0xf80 [ 233.994394][ T9206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.994408][ T9206] RIP: 0033:0x7efc1d98f7c9 [ 233.994420][ T9206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.994433][ T9206] RSP: 002b:00007efc1e82a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 233.994446][ T9206] RAX: ffffffffffffffda RBX: 00007efc1dbe6090 RCX: 00007efc1d98f7c9 [ 233.994455][ T9206] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 233.994463][ T9206] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 233.994471][ T9206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.994478][ T9206] R13: 00007efc1dbe6128 R14: 00007efc1dbe6090 R15: 00007ffd3a4469b8 [ 233.994497][ T9206] [ 238.531926][ T30] audit: type=1800 audit(1766274832.243:9): pid=9336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.829" name="discovery_nqn" dev="configfs" ino=29213 res=0 errno=0 [ 238.597652][ T9329] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 239.597236][ T9371] netlink: 16 bytes leftover after parsing attributes in process `syz.0.839'. [ 239.905185][ T9379] FAULT_INJECTION: forcing a failure. [ 239.905185][ T9379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.924547][ T9379] CPU: 1 UID: 0 PID: 9379 Comm: syz.2.841 Tainted: G U syzkaller #0 PREEMPT(full) [ 239.924589][ T9379] Tainted: [U]=USER [ 239.924598][ T9379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 239.924616][ T9379] Call Trace: [ 239.924625][ T9379] [ 239.924635][ T9379] dump_stack_lvl+0x16c/0x1f0 [ 239.924677][ T9379] should_fail_ex+0x512/0x640 [ 239.924708][ T9379] strncpy_from_user+0x3b/0x2e0 [ 239.924737][ T9379] getname_flags.part.0+0x8f/0x550 [ 239.924768][ T9379] getname_flags+0x93/0xf0 [ 239.924800][ T9379] __x64_sys_symlink+0x65/0x90 [ 239.924825][ T9379] do_syscall_64+0xcd/0xf80 [ 239.924861][ T9379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.924887][ T9379] RIP: 0033:0x7fbda0d8f7c9 [ 239.924907][ T9379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.924930][ T9379] RSP: 002b:00007fbda1c73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 239.924954][ T9379] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa0 RCX: 00007fbda0d8f7c9 [ 239.924971][ T9379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 239.924994][ T9379] RBP: 00007fbda0e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 239.925009][ T9379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.925024][ T9379] R13: 00007fbda0fe6038 R14: 00007fbda0fe5fa0 R15: 00007ffd90ee1198 [ 239.925059][ T9379] [ 241.240458][ T9405] Invalid ELF header magic: != ELF [ 243.325697][ T9450] FAULT_INJECTION: forcing a failure. [ 243.325697][ T9450] name failslab, interval 1, probability 0, space 0, times 0 [ 243.376779][ T9450] CPU: 0 UID: 0 PID: 9450 Comm: syz.1.858 Tainted: G U syzkaller #0 PREEMPT(full) [ 243.376820][ T9450] Tainted: [U]=USER [ 243.376828][ T9450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 243.376857][ T9450] Call Trace: [ 243.376865][ T9450] [ 243.376876][ T9450] dump_stack_lvl+0x16c/0x1f0 [ 243.376917][ T9450] should_fail_ex+0x512/0x640 [ 243.376943][ T9450] ? fs_reclaim_acquire+0xae/0x150 [ 243.376983][ T9450] should_failslab+0xc2/0x120 [ 243.377018][ T9450] __kmalloc_noprof+0xeb/0x910 [ 243.377044][ T9450] ? tomoyo_encode2+0x100/0x3e0 [ 243.377080][ T9450] ? tomoyo_encode2+0x100/0x3e0 [ 243.377109][ T9450] tomoyo_encode2+0x100/0x3e0 [ 243.377144][ T9450] tomoyo_encode+0x29/0x50 [ 243.377172][ T9450] tomoyo_realpath_from_path+0x18f/0x6e0 [ 243.377214][ T9450] tomoyo_path_perm+0x274/0x460 [ 243.377238][ T9450] ? tomoyo_path_perm+0x260/0x460 [ 243.377268][ T9450] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 243.377299][ T9450] ? find_held_lock+0x2b/0x80 [ 243.377342][ T9450] ? do_raw_spin_unlock+0x172/0x230 [ 243.377392][ T9450] ? __pfx_current_check_access_path+0x10/0x10 [ 243.377426][ T9450] ? simple_lookup+0x105/0x1d0 [ 243.377460][ T9450] ? lookup_one_qstr_excl+0xb3/0x250 [ 243.377491][ T9450] tomoyo_path_symlink+0x97/0xe0 [ 243.377524][ T9450] ? __pfx_tomoyo_path_symlink+0x10/0x10 [ 243.377568][ T9450] security_path_symlink+0x152/0x2e0 [ 243.377592][ T9450] do_symlinkat+0x126/0x4b0 [ 243.377617][ T9450] ? __pfx_do_symlinkat+0x10/0x10 [ 243.377643][ T9450] ? getname_flags.part.0+0x1c5/0x550 [ 243.377675][ T9450] __x64_sys_symlink+0x75/0x90 [ 243.377698][ T9450] do_syscall_64+0xcd/0xf80 [ 243.377734][ T9450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.377758][ T9450] RIP: 0033:0x7efc1d98f7c9 [ 243.377778][ T9450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.377802][ T9450] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 243.377824][ T9450] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 243.377840][ T9450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 243.377852][ T9450] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 243.377867][ T9450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.377881][ T9450] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 243.377919][ T9450] [ 243.665609][ T9450] ERROR: Out of memory at tomoyo_realpath_from_path. [ 245.161078][ T9483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.869'. [ 245.998737][ T9490] netlink: 'syz.2.870': attribute type 2 has an invalid length. [ 246.063810][ T9490] netlink: 'syz.2.870': attribute type 4 has an invalid length. [ 246.714876][ T9497] MTRR 1 not used [ 247.280509][ T9510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.874'. [ 247.495459][ T9514] zram0: detected capacity change from 8 to 0 [ 248.858810][ T9545] random: crng reseeded on system resumption [ 249.008714][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 249.477322][ T9554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'. [ 250.346069][ T9567] zswap: compressor not available [ 251.249512][ T9590] netlink: 8 bytes leftover after parsing attributes in process `syz.0.906'. [ 251.447374][ T9592] Console: switching to colour frame buffer device 128x48 [ 251.541605][ T51] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 252.021777][ T9605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.900'. [ 253.024949][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 253.662508][ T9641] netlink: 8 bytes leftover after parsing attributes in process `syz.0.912'. [ 255.001060][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.923'. [ 255.585309][ T9693] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 255.820602][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.827018][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.145998][ T9696] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 syzkaller syzkaller login: [ 256.920591][ T9716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.934'. [ 257.505791][ T9729] zswap: compressor not available [ 258.247661][ T9742] random: crng reseeded on system resumption [ 258.286342][ T51] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 258.788193][ T9757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.946'. [ 260.039572][ T51] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 261.388634][ T9824] futex_wake_op: syz.0.966 tries to shift op by -2048; fix this program [ 261.416439][ T9824] futex_wake_op: syz.0.966 tries to shift op by -2048; fix this program [ 261.635795][ T9827] zswap: compressor not available [ 262.743206][ T51] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 264.211147][ T9899] netlink: 'syz.1.987': attribute type 2 has an invalid length. [ 264.225965][ T9899] netlink: 'syz.1.987': attribute type 4 has an invalid length. [ 264.610240][ T9910] random: crng reseeded on system resumption [ 264.711103][ T51] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 266.478657][ T9898] kexec: Could not allocate control_code_buffer [ 266.896474][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 269.157932][T10003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'. [ 272.458819][T10055] random: crng reseeded on system resumption [ 272.576703][ T51] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 syzkaller syzkaller login: [ 279.713089][T10183] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1066'. [ 282.548253][ T30] audit: type=1326 audit(1766274876.253:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10248 comm="syz.0.1078" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4778d8f7c9 code=0x0 [ 283.928524][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 283.958386][T10278] mkiss: ax0: crc mode is auto. [ 284.122282][T10278] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 285.668155][T10307] forcing mempool usage for bio_alloc_bioset+0x3de/0x8c0 [ 285.888405][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 286.588201][T10343] FAULT_INJECTION: forcing a failure. [ 286.588201][T10343] name failslab, interval 1, probability 0, space 0, times 0 [ 286.610926][T10343] CPU: 0 UID: 0 PID: 10343 Comm: syz.1.1101 Tainted: G U syzkaller #0 PREEMPT(full) [ 286.610967][T10343] Tainted: [U]=USER [ 286.610974][T10343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 286.610989][T10343] Call Trace: [ 286.610997][T10343] [ 286.611008][T10343] dump_stack_lvl+0x16c/0x1f0 [ 286.611047][T10343] should_fail_ex+0x512/0x640 [ 286.611073][T10343] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 286.611111][T10343] should_failslab+0xc2/0x120 [ 286.611142][T10343] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 286.611172][T10343] ? __kthread_create_on_node+0x186/0x3f0 [ 286.611214][T10343] ? kvasprintf+0xbc/0x150 [ 286.611233][T10343] kvasprintf+0xbc/0x150 [ 286.611247][T10343] ? __pfx_kvasprintf+0x10/0x10 [ 286.611268][T10343] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 286.611287][T10343] __kthread_create_on_node+0x186/0x3f0 [ 286.611307][T10343] ? __pfx___kthread_create_on_node+0x10/0x10 [ 286.611331][T10343] ? dvb_frontend_open+0x5e8/0x1780 [ 286.611349][T10343] ? __lock_acquire+0x436/0x2890 [ 286.611363][T10343] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 286.611383][T10343] kthread_create_on_node+0xc7/0x100 [ 286.611401][T10343] ? __pfx_kthread_create_on_node+0x10/0x10 [ 286.611423][T10343] ? mark_held_locks+0x49/0x80 [ 286.611435][T10343] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 286.611453][T10343] ? lockdep_hardirqs_on+0x7c/0x110 [ 286.611474][T10343] dvb_frontend_open+0xf97/0x1780 [ 286.611495][T10343] ? find_held_lock+0x2b/0x80 [ 286.611511][T10343] ? __pfx_dvb_frontend_open+0x10/0x10 [ 286.611531][T10343] dvb_device_open+0x270/0x3b0 [ 286.611550][T10343] ? __pfx_dvb_device_open+0x10/0x10 [ 286.611569][T10343] chrdev_open+0x234/0x6a0 [ 286.611588][T10343] ? __pfx_apparmor_file_open+0x10/0x10 [ 286.611602][T10343] ? __pfx_chrdev_open+0x10/0x10 [ 286.611621][T10343] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 286.611644][T10343] do_dentry_open+0x748/0x1590 [ 286.611661][T10343] ? __pfx_chrdev_open+0x10/0x10 [ 286.611685][T10343] vfs_open+0x82/0x3f0 [ 286.611701][T10343] path_openat+0x2078/0x3140 [ 286.611734][T10343] ? __pfx_path_openat+0x10/0x10 [ 286.611760][T10343] do_filp_open+0x20b/0x470 [ 286.611779][T10343] ? __pfx_do_filp_open+0x10/0x10 [ 286.611813][T10343] ? alloc_fd+0x471/0x7d0 [ 286.611838][T10343] do_sys_openat2+0x121/0x290 [ 286.611852][T10343] ? __pfx_do_sys_openat2+0x10/0x10 [ 286.611866][T10343] ? __pfx___might_resched+0x10/0x10 [ 286.611888][T10343] ? blkcg_maybe_throttle_current+0x650/0xf30 [ 286.611904][T10343] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.611925][T10343] __x64_sys_openat+0x174/0x210 [ 286.611940][T10343] ? __pfx___x64_sys_openat+0x10/0x10 [ 286.611962][T10343] do_syscall_64+0xcd/0xf80 [ 286.611981][T10343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.611995][T10343] RIP: 0033:0x7efc1d98f7c9 [ 286.612007][T10343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.612021][T10343] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 286.612034][T10343] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 286.612044][T10343] RDX: 0000000000008203 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 286.612053][T10343] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 286.612061][T10343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.612069][T10343] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 286.612088][T10343] [ 287.074125][T10343] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 288.102325][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 288.555335][T10386] forcing mempool usage for bio_alloc_bioset+0x3de/0x8c0 [ 289.635221][T10413] random: crng reseeded on system resumption [ 289.686304][ T51] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 290.438572][T10426] zswap: compressor not available [ 290.840745][T10446] random: crng reseeded on system resumption [ 290.893757][ T51] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 290.905910][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 293.689761][T10501] NFSD: Failed to start, no listeners configured. [ 294.146532][T10518] blktrace: Concurrent blktraces are not allowed on loop2 [ 294.649986][T10512] forcing mempool usage for bio_alloc_bioset+0x3de/0x8c0 [ 294.878842][T10513] forcing mempool usage for bio_alloc_bioset+0x3de/0x8c0 [ 297.029784][T10573] random: crng reseeded on system resumption [ 297.425063][T10585] ptrace attach of "./syz-executor exec"[5827] was attempted by ""[10585] [ 297.616235][ T51] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 297.616275][ T51] Bluetooth: hci1: unexpected subevent 0x0e length: 725 > 15 [ 297.632716][ T51] Bluetooth: hci1: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 298.852572][T10600] FAULT_INJECTION: forcing a failure. [ 298.852572][T10600] name fail_futex, interval 1, probability 0, space 0, times 0 [ 299.043985][T10600] CPU: 1 UID: 0 PID: 10600 Comm: syz.2.1165 Tainted: G U syzkaller #0 PREEMPT(full) [ 299.044026][T10600] Tainted: [U]=USER [ 299.044034][T10600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 299.044057][T10600] Call Trace: [ 299.044066][T10600] [ 299.044076][T10600] dump_stack_lvl+0x16c/0x1f0 [ 299.044121][T10600] should_fail_ex+0x512/0x640 [ 299.044153][T10600] get_futex_key+0x1d0/0x15f0 [ 299.044184][T10600] ? __pfx_get_futex_key+0x10/0x10 [ 299.044218][T10600] futex_wake+0xea/0x530 [ 299.044248][T10600] ? kasan_quarantine_put+0x10a/0x240 [ 299.044280][T10600] ? __pfx_futex_wake+0x10/0x10 [ 299.044311][T10600] ? putname+0xf5/0x1a0 [ 299.044339][T10600] do_futex+0x1e3/0x350 [ 299.044366][T10600] ? __pfx_do_futex+0x10/0x10 [ 299.044390][T10600] ? __pfx___might_resched+0x10/0x10 [ 299.044422][T10600] ? blkcg_maybe_throttle_current+0x650/0xf30 [ 299.044450][T10600] ? _raw_spin_unlock_irq+0x23/0x50 [ 299.044484][T10600] __x64_sys_futex+0x1e0/0x4c0 [ 299.044514][T10600] ? __x64_sys_openat+0x174/0x210 [ 299.044538][T10600] ? __pfx___x64_sys_futex+0x10/0x10 [ 299.044563][T10600] ? xfd_validate_state+0x61/0x180 [ 299.044596][T10600] do_syscall_64+0xcd/0xf80 [ 299.044631][T10600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.044655][T10600] RIP: 0033:0x7fbda0d8f7c9 [ 299.044674][T10600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.044697][T10600] RSP: 002b:00007fbda1c730e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 299.044721][T10600] RAX: ffffffffffffffda RBX: 00007fbda0fe5fa8 RCX: 00007fbda0d8f7c9 [ 299.044737][T10600] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbda0fe5fac [ 299.044753][T10600] RBP: 00007fbda0fe5fa0 R08: 00007fbda1c74000 R09: 0000000000000000 [ 299.044767][T10600] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 299.044782][T10600] R13: 00007fbda0fe6038 R14: 00007ffd90ee10b0 R15: 00007ffd90ee1198 [ 299.044818][T10600] [ 299.424358][T10610] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1169'. [ 300.562398][ T51] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 301.554342][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1181'. [ 302.122051][ T51] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 303.608252][T10705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1192'. [ 303.905432][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 304.462271][T10712] FAULT_INJECTION: forcing a failure. [ 304.462271][T10712] name fail_futex, interval 1, probability 0, space 0, times 0 [ 304.482816][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 304.515284][T10712] CPU: 1 UID: 0 PID: 10712 Comm: syz.1.1193 Tainted: G U syzkaller #0 PREEMPT(full) [ 304.515322][T10712] Tainted: [U]=USER [ 304.515329][T10712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.515342][T10712] Call Trace: [ 304.515349][T10712] [ 304.515359][T10712] dump_stack_lvl+0x16c/0x1f0 [ 304.515396][T10712] should_fail_ex+0x512/0x640 [ 304.515425][T10712] get_futex_key+0x293/0x15f0 [ 304.515454][T10712] ? __pfx_get_futex_key+0x10/0x10 [ 304.515489][T10712] futex_wake+0xea/0x530 [ 304.515532][T10712] ? __pfx_futex_wake+0x10/0x10 [ 304.515577][T10712] do_futex+0x1e3/0x350 [ 304.515603][T10712] ? __pfx_do_futex+0x10/0x10 [ 304.515625][T10712] ? __might_fault+0xe3/0x190 [ 304.515658][T10712] mm_release+0x24e/0x300 [ 304.515687][T10712] do_exit+0x69e/0x2bd0 [ 304.515714][T10712] ? __pfx_do_exit+0x10/0x10 [ 304.515734][T10712] ? do_raw_spin_lock+0x12c/0x2b0 [ 304.515757][T10712] ? find_held_lock+0x2b/0x80 [ 304.515787][T10712] do_group_exit+0xd3/0x2a0 [ 304.515811][T10712] get_signal+0x2671/0x26d0 [ 304.515849][T10712] ? __pfx_get_signal+0x10/0x10 [ 304.515880][T10712] ? do_futex+0x122/0x350 [ 304.515907][T10712] arch_do_signal_or_restart+0x8f/0x7a0 [ 304.515939][T10712] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 304.515977][T10712] ? fput+0x70/0xf0 [ 304.515997][T10712] ? __pfx___x64_sys_futex+0x10/0x10 [ 304.516028][T10712] exit_to_user_mode_loop+0x8c/0x540 [ 304.516059][T10712] do_syscall_64+0x4ee/0xf80 [ 304.516093][T10712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.516116][T10712] RIP: 0033:0x7efc1d98f7c9 [ 304.516135][T10712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.516157][T10712] RSP: 002b:00007efc1e82a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 304.516179][T10712] RAX: fffffffffffffe00 RBX: 00007efc1dbe6098 RCX: 00007efc1d98f7c9 [ 304.516195][T10712] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efc1dbe6098 [ 304.516209][T10712] RBP: 00007efc1dbe6090 R08: 0000000000000000 R09: 0000000000000000 [ 304.516224][T10712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.516236][T10712] R13: 00007efc1dbe6128 R14: 00007ffd3a4468d0 R15: 00007ffd3a4469b8 [ 304.516270][T10712] [ 306.094832][T10757] random: crng reseeded on system resumption [ 306.156970][ T51] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 306.237041][T10760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1205'. [ 308.550715][T10822] random: crng reseeded on system resumption [ 308.604295][ T51] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 308.736622][T10827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1216'. [ 309.344612][T10846] blktrace: Concurrent blktraces are not allowed on loop2 [ 310.016641][T10856] FAULT_INJECTION: forcing a failure. [ 310.016641][T10856] name failslab, interval 1, probability 0, space 0, times 0 [ 310.072872][T10856] CPU: 0 UID: 0 PID: 10856 Comm: syz.1.1224 Tainted: G U syzkaller #0 PREEMPT(full) [ 310.072914][T10856] Tainted: [U]=USER [ 310.072922][T10856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 310.072936][T10856] Call Trace: [ 310.072944][T10856] [ 310.072954][T10856] dump_stack_lvl+0x16c/0x1f0 [ 310.072996][T10856] should_fail_ex+0x512/0x640 [ 310.073022][T10856] ? __kmalloc_cache_noprof+0x5f/0x800 [ 310.073054][T10856] should_failslab+0xc2/0x120 [ 310.073088][T10856] __kmalloc_cache_noprof+0x80/0x800 [ 310.073115][T10856] ? __kthread_create_on_node+0xce/0x3f0 [ 310.073156][T10856] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 310.073191][T10856] ? __kthread_create_on_node+0xce/0x3f0 [ 310.073224][T10856] __kthread_create_on_node+0xce/0x3f0 [ 310.073259][T10856] ? __pfx___kthread_create_on_node+0x10/0x10 [ 310.073304][T10856] ? dvb_frontend_open+0x5e8/0x1780 [ 310.073337][T10856] ? __lock_acquire+0x436/0x2890 [ 310.073363][T10856] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 310.073399][T10856] kthread_create_on_node+0xc7/0x100 [ 310.073432][T10856] ? __pfx_kthread_create_on_node+0x10/0x10 [ 310.073474][T10856] ? mark_held_locks+0x49/0x80 [ 310.073495][T10856] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 310.073527][T10856] ? lockdep_hardirqs_on+0x7c/0x110 [ 310.073566][T10856] dvb_frontend_open+0xf97/0x1780 [ 310.073606][T10856] ? find_held_lock+0x2b/0x80 [ 310.073636][T10856] ? __pfx_dvb_frontend_open+0x10/0x10 [ 310.073672][T10856] dvb_device_open+0x270/0x3b0 [ 310.073705][T10856] ? __pfx_dvb_device_open+0x10/0x10 [ 310.073736][T10856] chrdev_open+0x234/0x6a0 [ 310.073765][T10856] ? __pfx_apparmor_file_open+0x10/0x10 [ 310.073788][T10856] ? __pfx_chrdev_open+0x10/0x10 [ 310.073822][T10856] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 310.073866][T10856] do_dentry_open+0x748/0x1590 [ 310.073900][T10856] ? __pfx_chrdev_open+0x10/0x10 [ 310.073946][T10856] vfs_open+0x82/0x3f0 [ 310.073977][T10856] path_openat+0x2078/0x3140 [ 310.074023][T10856] ? __pfx_path_openat+0x10/0x10 [ 310.074070][T10856] do_filp_open+0x20b/0x470 [ 310.074105][T10856] ? __pfx_do_filp_open+0x10/0x10 [ 310.074165][T10856] ? alloc_fd+0x471/0x7d0 [ 310.074208][T10856] do_sys_openat2+0x121/0x290 [ 310.074235][T10856] ? __pfx_do_sys_openat2+0x10/0x10 [ 310.074259][T10856] ? __pfx___might_resched+0x10/0x10 [ 310.074291][T10856] ? blkcg_maybe_throttle_current+0x650/0xf30 [ 310.074319][T10856] ? _raw_spin_unlock_irq+0x23/0x50 [ 310.074359][T10856] __x64_sys_openat+0x174/0x210 [ 310.074386][T10856] ? __pfx___x64_sys_openat+0x10/0x10 [ 310.074428][T10856] do_syscall_64+0xcd/0xf80 [ 310.074464][T10856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.074489][T10856] RIP: 0033:0x7efc1d98f7c9 [ 310.074510][T10856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.074534][T10856] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 310.074558][T10856] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 310.074574][T10856] RDX: 0000000000008203 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 310.074591][T10856] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 310.074606][T10856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 310.074620][T10856] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 310.074656][T10856] [ 310.574103][T10856] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 310.911090][T10865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1227'. [ 311.630000][T10875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1229'. [ 314.601711][T10924] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1239'. [ 314.728037][T10927] ================================================================== [ 314.736116][T10927] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 314.743830][T10927] Read of size 8 at addr ffff888146b34a18 by task syz.1.1237/10927 [ 314.751701][T10927] [ 314.754016][T10927] CPU: 0 UID: 0 PID: 10927 Comm: syz.1.1237 Tainted: G U syzkaller #0 PREEMPT(full) [ 314.754037][T10927] Tainted: [U]=USER [ 314.754043][T10927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 314.754052][T10927] Call Trace: [ 314.754058][T10927] [ 314.754064][T10927] dump_stack_lvl+0x116/0x1f0 [ 314.754088][T10927] print_report+0xcd/0x630 [ 314.754108][T10927] ? __virt_addr_valid+0x81/0x610 [ 314.754127][T10927] ? __phys_addr+0xe8/0x180 [ 314.754146][T10927] ? dvb_device_open+0x36a/0x3b0 [ 314.754165][T10927] kasan_report+0xe0/0x110 [ 314.754182][T10927] ? dvb_device_open+0x36a/0x3b0 [ 314.754202][T10927] ? __pfx_dvb_device_open+0x10/0x10 [ 314.754220][T10927] dvb_device_open+0x36a/0x3b0 [ 314.754238][T10927] ? __pfx_dvb_device_open+0x10/0x10 [ 314.754257][T10927] chrdev_open+0x234/0x6a0 [ 314.754275][T10927] ? __pfx_apparmor_file_open+0x10/0x10 [ 314.754289][T10927] ? __pfx_chrdev_open+0x10/0x10 [ 314.754307][T10927] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 314.754328][T10927] do_dentry_open+0x748/0x1590 [ 314.754352][T10927] ? __pfx_chrdev_open+0x10/0x10 [ 314.754373][T10927] vfs_open+0x82/0x3f0 [ 314.754388][T10927] path_openat+0x2078/0x3140 [ 314.754408][T10927] ? __pfx_path_openat+0x10/0x10 [ 314.754429][T10927] do_filp_open+0x20b/0x470 [ 314.754446][T10927] ? __pfx_do_filp_open+0x10/0x10 [ 314.754469][T10927] ? alloc_fd+0x471/0x7d0 [ 314.754489][T10927] do_sys_openat2+0x121/0x290 [ 314.754502][T10927] ? __pfx_do_sys_openat2+0x10/0x10 [ 314.754519][T10927] __x64_sys_openat+0x174/0x210 [ 314.754533][T10927] ? __pfx___x64_sys_openat+0x10/0x10 [ 314.754551][T10927] do_syscall_64+0xcd/0xf80 [ 314.754570][T10927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.754584][T10927] RIP: 0033:0x7efc1d98f7c9 [ 314.754596][T10927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.754610][T10927] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 314.754623][T10927] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 314.754632][T10927] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 314.754641][T10927] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 314.754649][T10927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.754658][T10927] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 314.754671][T10927] [ 314.754676][T10927] [ 314.999017][T10927] Allocated by task 1: [ 315.003061][T10927] kasan_save_stack+0x33/0x60 [ 315.007725][T10927] kasan_save_track+0x14/0x30 [ 315.012381][T10927] __kasan_kmalloc+0xaa/0xb0 [ 315.016949][T10927] dvb_register_device+0x1e4/0x2370 [ 315.022131][T10927] dvb_register_frontend+0x5a6/0x8a0 [ 315.027399][T10927] vidtv_bridge_probe+0x459/0xa90 [ 315.032410][T10927] platform_probe+0x106/0x1d0 [ 315.037062][T10927] really_probe+0x241/0xb20 [ 315.041548][T10927] __driver_probe_device+0x1de/0x470 [ 315.046812][T10927] driver_probe_device+0x4c/0x1b0 [ 315.051816][T10927] __driver_attach+0x283/0x5e0 [ 315.056559][T10927] bus_for_each_dev+0x13e/0x1d0 [ 315.061399][T10927] bus_add_driver+0x30f/0x6c0 [ 315.066052][T10927] driver_register+0x15c/0x4b0 [ 315.070794][T10927] vidtv_bridge_init+0x45/0x80 [ 315.075538][T10927] do_one_initcall+0x123/0x680 [ 315.080287][T10927] kernel_init_freeable+0x5c8/0x920 [ 315.085467][T10927] kernel_init+0x1c/0x2b0 [ 315.089777][T10927] ret_from_fork+0x983/0xb10 [ 315.094345][T10927] ret_from_fork_asm+0x1a/0x30 [ 315.099093][T10927] [ 315.101395][T10927] Freed by task 10856: [ 315.105439][T10927] kasan_save_stack+0x33/0x60 [ 315.110100][T10927] kasan_save_track+0x14/0x30 [ 315.114755][T10927] kasan_save_free_info+0x3b/0x60 [ 315.119757][T10927] __kasan_slab_free+0x5f/0x80 [ 315.124504][T10927] kfree+0x2f8/0x6e0 [ 315.128379][T10927] dvb_device_put.part.0+0x60/0x90 [ 315.133474][T10927] dvb_device_open+0x2a4/0x3b0 [ 315.138219][T10927] chrdev_open+0x234/0x6a0 [ 315.142619][T10927] do_dentry_open+0x748/0x1590 [ 315.147364][T10927] vfs_open+0x82/0x3f0 [ 315.151410][T10927] path_openat+0x2078/0x3140 [ 315.155985][T10927] do_filp_open+0x20b/0x470 [ 315.160470][T10927] do_sys_openat2+0x121/0x290 [ 315.165121][T10927] __x64_sys_openat+0x174/0x210 [ 315.169951][T10927] do_syscall_64+0xcd/0xf80 [ 315.174445][T10927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.180343][T10927] [ 315.182648][T10927] The buggy address belongs to the object at ffff888146b34a00 [ 315.182648][T10927] which belongs to the cache kmalloc-256 of size 256 [ 315.196676][T10927] The buggy address is located 24 bytes inside of [ 315.196676][T10927] freed 256-byte region [ffff888146b34a00, ffff888146b34b00) [ 315.210360][T10927] [ 315.212663][T10927] The buggy address belongs to the physical page: [ 315.219063][T10927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x146b34 [ 315.227891][T10927] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 315.236374][T10927] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 315.243984][T10927] page_type: f5(slab) [ 315.247951][T10927] raw: 057ff00000000040 ffff88813ff26b40 dead000000000122 0000000000000000 [ 315.256515][T10927] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 315.265076][T10927] head: 057ff00000000040 ffff88813ff26b40 dead000000000122 0000000000000000 [ 315.273729][T10927] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 315.282387][T10927] head: 057ff00000000001 ffffea00051acd01 00000000ffffffff 00000000ffffffff [ 315.291037][T10927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 315.299677][T10927] page dumped because: kasan: bad access detected [ 315.306072][T10927] page_owner tracks the page as allocated [ 315.311763][T10927] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19283711119, free_ts 0 [ 315.331452][T10927] post_alloc_hook+0x1af/0x220 [ 315.336202][T10927] get_page_from_freelist+0xd0b/0x31a0 [ 315.341640][T10927] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 315.347509][T10927] alloc_pages_mpol+0x1fb/0x550 [ 315.352342][T10927] new_slab+0x2c3/0x430 [ 315.356477][T10927] ___slab_alloc+0xe18/0x1c90 [ 315.361132][T10927] __slab_alloc.constprop.0+0x63/0x110 [ 315.366572][T10927] __kmalloc_cache_noprof+0x485/0x800 [ 315.371924][T10927] bus_add_driver+0x92/0x6c0 [ 315.376495][T10927] driver_register+0x15c/0x4b0 [ 315.381243][T10927] usb_register_driver+0x216/0x4d0 [ 315.386337][T10927] do_one_initcall+0x123/0x680 [ 315.391085][T10927] kernel_init_freeable+0x5c8/0x920 [ 315.396259][T10927] kernel_init+0x1c/0x2b0 [ 315.400569][T10927] ret_from_fork+0x983/0xb10 [ 315.405134][T10927] ret_from_fork_asm+0x1a/0x30 [ 315.409881][T10927] page_owner free stack trace missing [ 315.415222][T10927] [ 315.417522][T10927] Memory state around the buggy address: [ 315.423125][T10927] ffff888146b34900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.431166][T10927] ffff888146b34980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.439206][T10927] >ffff888146b34a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 315.447241][T10927] ^ [ 315.452067][T10927] ffff888146b34a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 315.460103][T10927] ffff888146b34b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 315.468138][T10927] ================================================================== [ 315.595702][T10927] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 315.602925][T10927] CPU: 1 UID: 0 PID: 10927 Comm: syz.1.1237 Tainted: G U syzkaller #0 PREEMPT(full) [ 315.613847][T10927] Tainted: [U]=USER [ 315.617629][T10927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.627663][T10927] Call Trace: [ 315.630921][T10927] [ 315.633831][T10927] dump_stack_lvl+0x3d/0x1f0 [ 315.638411][T10927] vpanic+0x640/0x6f0 [ 315.642634][T10927] panic+0xca/0xd0 [ 315.646335][T10927] ? __pfx_panic+0x10/0x10 [ 315.650729][T10927] ? dvb_device_open+0x36a/0x3b0 [ 315.655652][T10927] ? preempt_schedule_common+0x44/0xc0 [ 315.661095][T10927] ? preempt_schedule_thunk+0x16/0x30 [ 315.666453][T10927] check_panic_on_warn+0xab/0xb0 [ 315.671379][T10927] end_report+0x107/0x160 [ 315.675694][T10927] kasan_report+0xee/0x110 [ 315.680096][T10927] ? dvb_device_open+0x36a/0x3b0 [ 315.685018][T10927] ? __pfx_dvb_device_open+0x10/0x10 [ 315.690288][T10927] dvb_device_open+0x36a/0x3b0 [ 315.695038][T10927] ? __pfx_dvb_device_open+0x10/0x10 [ 315.700310][T10927] chrdev_open+0x234/0x6a0 [ 315.704714][T10927] ? __pfx_apparmor_file_open+0x10/0x10 [ 315.710238][T10927] ? __pfx_chrdev_open+0x10/0x10 [ 315.715162][T10927] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 315.721476][T10927] do_dentry_open+0x748/0x1590 [ 315.726231][T10927] ? __pfx_chrdev_open+0x10/0x10 [ 315.731155][T10927] vfs_open+0x82/0x3f0 [ 315.735209][T10927] path_openat+0x2078/0x3140 [ 315.739789][T10927] ? __pfx_path_openat+0x10/0x10 [ 315.744712][T10927] do_filp_open+0x20b/0x470 [ 315.749198][T10927] ? __pfx_do_filp_open+0x10/0x10 [ 315.754211][T10927] ? alloc_fd+0x471/0x7d0 [ 315.758525][T10927] do_sys_openat2+0x121/0x290 [ 315.763181][T10927] ? __pfx_do_sys_openat2+0x10/0x10 [ 315.768365][T10927] __x64_sys_openat+0x174/0x210 [ 315.773202][T10927] ? __pfx___x64_sys_openat+0x10/0x10 [ 315.778558][T10927] do_syscall_64+0xcd/0xf80 [ 315.783051][T10927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.788921][T10927] RIP: 0033:0x7efc1d98f7c9 [ 315.793316][T10927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.812903][T10927] RSP: 002b:00007efc1e84b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 315.821297][T10927] RAX: ffffffffffffffda RBX: 00007efc1dbe5fa0 RCX: 00007efc1d98f7c9 [ 315.829249][T10927] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 315.837197][T10927] RBP: 00007efc1da13f91 R08: 0000000000000000 R09: 0000000000000000 [ 315.845147][T10927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.853095][T10927] R13: 00007efc1dbe6038 R14: 00007efc1dbe5fa0 R15: 00007ffd3a4469b8 [ 315.861051][T10927] [ 315.864411][T10927] Kernel Offset: disabled [ 315.868723][T10927] Rebooting in 86400 seconds..