last executing test programs: 6.984920016s ago: executing program 1 (id=3037): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) sendmmsg$auto(r0, 0x0, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x88002, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 6.874323758s ago: executing program 0 (id=3030): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001400)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) write$auto(0x4, 0x0, 0x100082) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5408, r2) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000240)="1c520b214b197e", 0x7) unshare$auto(0x40000080) r4 = socket(0xa, 0x1, 0x84) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(r4, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r4, 0xca, 0x7, 0x2) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x0) pread64$auto(r5, 0x0, 0x40000000f42c, 0x585) 6.536735562s ago: executing program 3 (id=3031): r0 = socket(0x25, 0x1, 0x0) sendto$auto(r0, 0x0, 0x0, 0x0, 0x0, 0x3) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) shutdown$auto(0xffffffffffffffff, 0x2) socket(0xa, 0x1, 0x100) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, 0x0, 0x7ff, 0x400) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x1]}, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) madvise$auto(0x0, 0x20200, 0x15) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) 6.176623758s ago: executing program 2 (id=3032): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = socket(0x2b, 0x1, 0x1) ioctl$auto(r2, 0x8983, 0x4) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x3, 0x948b, 0x8000000000003, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) statmount$auto(0x0, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x1, 0x4, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x8, 0x3, 0x2, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x8, 0x4, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x5, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0xf93, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x8, 0x1000, 0x40004545, 0x4, 0x2000000000000a, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x1, 0x4, 0x800000, 0x5, 0x80, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x2, 0x9, 0x8, 0x80000001]}, 0x40, 0x36) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/134, 0x86) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0xb02, 0x0) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto_SO_DETACH_REUSEPORT_BPF(0xffffffffffffffff, 0x2, 0x44, &(0x7f0000000180)='\x00', 0x7) 6.171882387s ago: executing program 1 (id=3033): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c080) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) connect$auto(0x3, 0x0, 0x55) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0xa001, 0x0) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 5.545619387s ago: executing program 3 (id=3034): r0 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0xee8c, 0x4) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) setuid$auto(0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x10000, 0x0) read$auto(r1, 0x0, 0x2) mkdir$auto(0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socket(0x18, 0xa, 0x1) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x302, 0x0) 5.331045448s ago: executing program 0 (id=3035): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x88002, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 5.135700307s ago: executing program 2 (id=3036): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xc7f16bff2a10ba01, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x88002, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 4.130097428s ago: executing program 2 (id=3038): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r0 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000fcdbdf2502000000180001800800058004007d000c000180"], 0x2c}, 0x1, 0x0, 0x0, 0x44050}, 0x4008000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x2, 0x5, 0x0) r2 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000000), 0x48840, 0x0) ioctl$auto_LOOP_CTL_ADD(r2, 0x4c80, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) sendmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) shutdown$auto(0x200000003, 0x2) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x5, 0xb81, 0x9) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_available_congestion_control\x00', 0x0, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_OFF(0x3, 0x0, 0x0, 0x8000, 0xe13c) read$auto_proc_sys_file_operations_proc_sysctl(r3, 0x0, 0x0) 4.129936622s ago: executing program 3 (id=3039): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) clock_getres$auto(0x8000400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SG_GET_NUM_WAITING(r0, 0x227d, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x2) mmap$auto(0x0, 0x400005, 0x40df, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) r2 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, r2, 0x454f, 0x5f, 0x0, 0x3f, r2, 0x80000001}, 0x6d4) 4.119847786s ago: executing program 0 (id=3046): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x88002, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 4.11930111s ago: executing program 1 (id=3047): close_range$auto(0x2, 0xa, 0x0) unshare$auto(0x40000080) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x105240, 0x0) r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) sysfs$auto(0x100000e, 0x4, 0x7d) ioctl$auto(0x3, 0x541b, 0x10000000000402) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) socketpair$auto(0x2, 0xc62, 0x8000000000000000, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x4611, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlock$auto(0xfbe8, 0x1000000000000004) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x22202, 0x0) write$auto_tty_fops_tty_io(r2, 0x0, 0x0) 2.881184812s ago: executing program 3 (id=3040): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0xa44) socket(0x3, 0x3, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) open(0x0, 0x0, 0x408) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0xffff, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/misc/vmci/power/runtime_active_time\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x60800, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) sendfile$auto(r3, r2, 0x0, 0x1000202) 2.880137415s ago: executing program 0 (id=3050): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xc7f16bff2a10ba01, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x88002, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 2.879616696s ago: executing program 1 (id=3041): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x10000, 0x0, 0x7, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x15, 0x8000000000000003, 0x8000) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ptrace$auto_PTRACE_PEEKSIGINFO(0x4209, 0x0, 0xb4, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(r2, 0xc1205531, r1) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x0, 0x0) setitimer$auto(0x2, &(0x7f0000000040)={{}, {0x0, 0x8}}, 0x0) mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) writev$auto(0xffffffffffffffff, 0x0, 0x100) unshare$auto(0x40000080) 1.889204783s ago: executing program 0 (id=3042): r0 = socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc9, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r4 = socket(0x18, 0x5, 0x1) pselect6$auto(0x200, &(0x7f0000000440)={[0x5, 0xd9c, 0x81, 0x6, 0xff00000000000, 0x9, 0x9, 0x5661, 0x4, 0x3, 0x6, 0x35e, 0xfffffffffffffffd, 0xc1, 0xfffffffffffffffc, 0xc]}, &(0x7f00000004c0)={[0x3ef, 0x3, 0xfffffffffffffffa, 0x9, 0x5, 0x997, 0xe593, 0x7fff, 0x5, 0x6, 0x81, 0x0, 0x8, 0x7c97, 0x4b53, 0x4]}, &(0x7f0000000540)={[0x3, 0x9, 0x40, 0x633, 0x9, 0xfffffffffffffffa, 0x3, 0x80000000001, 0x958, 0x0, 0x6, 0xf, 0xc4, 0x7, 0xfffffffffffffbff, 0x3]}, &(0x7f00000003c0)={0x1, 0x29}, &(0x7f00000005c0)="ceb5e0ab69d18d815e33f7774f9f0043c0126baa808909de2df68fc203ffa31e13d9970e1f79172539a28fb2e91c57a2d5c73a2c2c682dd90caf002d5404bda662a7e3d307fead4338542817893bff1e1867ec37d9566977336fb42ccfa059292cad71cd0793f0582bf8003a947af8713aad3f985522ea9c0ffa8e355a10964f47dc656c756a910d5c069b7f8aa810c8cb9c8864946da96eb21492139e864378d3b35ca875d129ba6cdc45a6e8aebe8593716459af87014044e2eb5209881b548621f93ecdf388aa4ea50c24a1f5ca6cb443e26414c2de02d2873347d0237d0067018786") connect$auto(r4, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) r5 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r5, 0x100, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x30004850) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r6, 0x5425, 0x0) ioctl$auto_userfaultfd_dev_fops_userfaultfd(r2, 0x0, &(0x7f0000000180)="dc100debc7fd2c4fa89d950e1933e53f8a7a4ce5ce731ee4a3e31a7b62979e93c11e0853962e1f52fca001d62735f7a14fa942a74a70f490f73180a5b476885471f52edabde6ea5d51ad5c1e7a750984447a64bb9ff1d3a7") r7 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/net\x00') ioctl$auto(r6, 0x6, r7) 1.889048856s ago: executing program 1 (id=3043): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev1\x00', 0xe0800, 0x0) ioctl$auto(r0, 0xc0205648, r0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x32bc2, 0x0) madvise$auto(0x4, 0xfffffffffffb0005, 0x17) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x3, 0x7, 0x401, r0, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x705b}, {0x100, 0x1, 0x4e, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x200ffff}, 0x1) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x123000, 0x0) r2 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) mmap$auto(0x0, 0x20009, 0xa0, 0xebf, 0xffffffffffffffff, 0x4) write$auto(r1, &(0x7f0000000080)='-/%\'\xef#\x00', 0x8000000000000001) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r3, 0x560c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.888941043s ago: executing program 2 (id=3044): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x100382, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 1.692874603s ago: executing program 3 (id=3045): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001400)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) write$auto(0x4, 0x0, 0x100082) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5408, r2) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000240)="1c520b214b197e", 0x7) unshare$auto(0x40000080) r4 = socket(0xa, 0x1, 0x84) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(r4, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r4, 0xca, 0x7, 0x2) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x0) pread64$auto(r5, 0x0, 0x40000000f42c, 0x585) 1.593689048s ago: executing program 2 (id=3048): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x71) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xc7f16bff2a10ba01, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x88002, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 728.341471ms ago: executing program 2 (id=3049): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) ioperm$auto(0x7, 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x2, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram1/queue/read_ahead_kb\x00', 0x181482, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) madvise$auto(0x0, 0x2003f0, 0x18) close_range$auto(0x0, 0xfffffffffffff000, 0x0) ioctl$auto_FUSE_DEV_IOC_BACKING_OPEN(r1, 0x4010e501, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r2, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 705.671074ms ago: executing program 0 (id=3051): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x40000000000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0x0, 0x9, 0x8000, 0xe238, 0x602, 0x5) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) rseq$auto(0x0, 0x6, 0x3, 0xff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, r2, 0x10001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8df41, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) 205.53011ms ago: executing program 1 (id=3052): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) lseek$auto(0x3, 0x2, 0x4) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2280, 0x0) socket(0x1e, 0x1, 0x0) lsm_set_self_attr$auto(0x11, 0x0, 0x7e, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000016c0)='/dev/snd/controlC0\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f0000001700)={@inferred, 0xc, 0x3, 0x9, "9d4724b76f4d07faf46cb94d85033d940fdf05ecff75c12163ddeab942ed73d07dadd6f419694d591eca8162"}) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/ping_group_range\x00', 0x202, 0x0) write$auto(r2, &(0x7f00000000c0)='\\\xf3%\x00', 0x8) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x0, 0x9, 0x8, 0x8, 0x1, 0x5, 0x7, 0x5d, 0x0, 0x3ff, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c9, 0x0, 0x4, 0x0, 0x0, 0xe3a, 0x3]}, 0x400, 0x81) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x304, 0xfffffffe, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0xfffffffc}, 0x3, 0x3, 0x4, @inferred, @integer={0x3, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada8dbdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendfile$auto(r0, r4, 0x0, 0x1) 0s ago: executing program 3 (id=3053): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r0, 0x6) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              [ 736.862967][T15709] random: crng reseeded on system resumption [ 736.910310][ T36] ERROR: Out of memory at tomoyo_memory_ok. [ 736.939442][ T13] ERROR: Out of memory at tomoyo_memory_ok. [ 737.446461][T15721] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2477'. [ 737.675429][T15715] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4096.0.0), cmd(5) [ 738.063357][T15729] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2479'. [ 740.362969][T15742] ptrace attach of "./syz-executor exec"[5874] was attempted by "./syz-executor exec"[15742] [ 740.861297][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 740.868471][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 740.881684][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 740.888193][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 740.898545][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 740.904860][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 740.918827][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 740.932371][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 741.007560][ T30] audit: type=1804 audit(4294967380.490:31): pid=15785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2488" name="/newroot/595/file0" dev="tmpfs" ino=3131 res=1 errno=0 [ 742.221951][T15801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'. [ 743.321288][ T3562] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 949 with max blocks 33 with error 117 [ 743.407029][ T3562] EXT4-fs (sda1): This should not happen!! Data will be lost [ 743.407029][ T3562] [ 744.139062][T12333] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 744.139104][T12333] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 744.155084][T12333] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 744.155120][T12333] Bluetooth: hci1: adv larger than maximum supported [ 744.163731][T12333] Bluetooth: hci1: Malformed LE Event: 0x0d [ 745.105139][T15864] FAULT_INJECTION: forcing a failure. [ 745.105139][T15864] name failslab, interval 1, probability 0, space 0, times 0 [ 745.309516][T15864] CPU: 0 UID: 0 PID: 15864 Comm: syz.3.2505 Tainted: G U syzkaller #0 PREEMPT(full) [ 745.309556][T15864] Tainted: [U]=USER [ 745.309564][T15864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 745.309579][T15864] Call Trace: [ 745.309587][T15864] [ 745.309596][T15864] dump_stack_lvl+0x16c/0x1f0 [ 745.309630][T15864] should_fail_ex+0x512/0x640 [ 745.309667][T15864] ? handler_new_ref+0x1b0/0xc60 [ 745.309701][T15864] should_failslab+0xc2/0x120 [ 745.309733][T15864] __kmalloc_noprof+0xd2/0x510 [ 745.309760][T15864] ? __asan_memcpy+0x3c/0x60 [ 745.309786][T15864] handler_new_ref+0x1b0/0xc60 [ 745.309823][T15864] v4l2_ctrl_new+0x1963/0x2180 [ 745.309861][T15864] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 745.309898][T15864] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 745.309941][T15864] v4l2_ctrl_new_std+0x1be/0x290 [ 745.309979][T15864] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 745.310014][T15864] ? rcu_is_watching+0x12/0xc0 [ 745.310038][T15864] ? trace_kmalloc+0x2b/0xd0 [ 745.310078][T15864] ? __kvmalloc_node_noprof+0x298/0x620 [ 745.310105][T15864] ? v4l2_ctrl_handler_init_class+0x1fc/0x340 [ 745.310140][T15864] ? media_request_object_init+0x100/0x180 [ 745.310181][T15864] vicodec_open+0x1d0/0xf90 [ 745.310209][T15864] v4l2_open+0x225/0x490 [ 745.310237][T15864] ? __pfx_v4l2_open+0x10/0x10 [ 745.310265][T15864] chrdev_open+0x231/0x6a0 [ 745.310295][T15864] ? __pfx_apparmor_file_open+0x10/0x10 [ 745.310322][T15864] ? __pfx_chrdev_open+0x10/0x10 [ 745.310353][T15864] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 745.310383][T15864] do_dentry_open+0x97f/0x1530 [ 745.310413][T15864] ? __pfx_chrdev_open+0x10/0x10 [ 745.310446][T15864] vfs_open+0x82/0x3f0 [ 745.310483][T15864] path_openat+0x1de4/0x2cb0 [ 745.310515][T15864] ? __pfx_path_openat+0x10/0x10 [ 745.310547][T15864] do_filp_open+0x20b/0x470 [ 745.310575][T15864] ? __pfx_do_filp_open+0x10/0x10 [ 745.310613][T15864] ? alloc_fd+0x471/0x7d0 [ 745.310641][T15864] do_sys_openat2+0x11b/0x1d0 [ 745.310678][T15864] ? __pfx_do_sys_openat2+0x10/0x10 [ 745.310720][T15864] __x64_sys_openat+0x174/0x210 [ 745.310758][T15864] ? __pfx___x64_sys_openat+0x10/0x10 [ 745.310802][T15864] do_syscall_64+0xcd/0x490 [ 745.310834][T15864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.310859][T15864] RIP: 0033:0x7fac1098ebe9 [ 745.310877][T15864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.310902][T15864] RSP: 002b:00007fac1189c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 745.310925][T15864] RAX: ffffffffffffffda RBX: 00007fac10bb6180 RCX: 00007fac1098ebe9 [ 745.310941][T15864] RDX: 00000000000c0400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 745.310957][T15864] RBP: 00007fac10a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 745.310972][T15864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 745.310988][T15864] R13: 00007fac10bb6218 R14: 00007fac10bb6180 R15: 00007ffd9fbf56b8 [ 745.311010][T15864] [ 746.136859][T15874] 0x000200000001-0xa29656a63616329 : "" [ 746.172579][T15874] mtd: partition "" is out of reach -- disabled [ 746.238839][T12333] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 746.243168][T15874] ftl_cs: FTL header not found. [ 746.538449][T15879] ERROR: Out of memory at tomoyo_memory_ok. [ 746.621625][T15882] tipc: Started in network mode [ 746.667351][T15882] tipc: Node identity ee00, cluster identity 4711 [ 746.694642][T15885] nvme_fabrics: missing parameter 'transport=%s' [ 746.701579][T15882] tipc: Node number set to 60928 [ 746.711671][T15885] nvme_fabrics: missing parameter 'nqn=%s' [ 746.774988][T15882] Process accounting resumed [ 748.919658][T15909] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1358 with max blocks 17 with error 117 [ 749.123367][T15909] EXT4-fs (sda1): This should not happen!! Data will be lost [ 749.123367][T15909] [ 750.952277][T15956] svc: failed to register nfsdv3 RPC service (errno 111). [ 751.020039][T15956] svc: failed to register nfsaclv3 RPC service (errno 111). [ 751.351544][ T30] audit: type=1800 audit(4294967390.830:32): pid=15960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2524" name="members" dev="configfs" ino=61522 res=0 errno=0 [ 751.830443][T15973] vhci_hcd: invalid port number 16 [ 751.869573][T15973] vhci_hcd: invalid port number 16 [ 753.061164][T15982] FAULT_INJECTION: forcing a failure. [ 753.061164][T15982] name failslab, interval 1, probability 0, space 0, times 0 [ 753.193264][T15982] CPU: 0 UID: 2054 PID: 15982 Comm: syz.2.2529 Tainted: G U syzkaller #0 PREEMPT(full) [ 753.193304][T15982] Tainted: [U]=USER [ 753.193313][T15982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 753.193328][T15982] Call Trace: [ 753.193336][T15982] [ 753.193345][T15982] dump_stack_lvl+0x16c/0x1f0 [ 753.193380][T15982] should_fail_ex+0x512/0x640 [ 753.193417][T15982] should_failslab+0xc2/0x120 [ 753.193451][T15982] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 753.193486][T15982] ? rcu_is_watching+0x12/0xc0 [ 753.193511][T15982] ? key_alloc+0x3e0/0x1330 [ 753.193545][T15982] key_alloc+0x3e0/0x1330 [ 753.193582][T15982] ? __pfx_key_alloc+0x10/0x10 [ 753.193613][T15982] ? __pfx_key_default_cmp+0x10/0x10 [ 753.193649][T15982] ? __pfx_keyring_search_iterator+0x10/0x10 [ 753.193688][T15982] keyring_alloc+0x44/0xc0 [ 753.193724][T15982] look_up_user_keyrings+0x46d/0x760 [ 753.193755][T15982] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 753.193784][T15982] ? __pfx_futex_wake+0x10/0x10 [ 753.193823][T15982] lookup_user_key+0x1a3/0x1300 [ 753.193853][T15982] ? __pfx_lookup_user_key+0x10/0x10 [ 753.193880][T15982] ? do_futex+0x122/0x350 [ 753.193913][T15982] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 753.193944][T15982] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 753.193981][T15982] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 753.194017][T15982] keyctl_keyring_clear+0x24/0x1a0 [ 753.194041][T15982] __do_sys_keyctl+0x355/0x590 [ 753.194068][T15982] do_syscall_64+0xcd/0x490 [ 753.194101][T15982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.194125][T15982] RIP: 0033:0x7f1401d8ebe9 [ 753.194143][T15982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 753.194167][T15982] RSP: 002b:00007f1402b30038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 753.194190][T15982] RAX: ffffffffffffffda RBX: 00007f1401fb5fa0 RCX: 00007f1401d8ebe9 [ 753.194206][T15982] RDX: 0000000000000002 RSI: 00000000fffffffb RDI: 0000000000000007 [ 753.194220][T15982] RBP: 00007f1401e11e19 R08: 0000000000000008 R09: 0000000000000000 [ 753.194235][T15982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 753.194249][T15982] R13: 00007f1401fb6038 R14: 00007f1401fb5fa0 R15: 00007ffda8204e48 [ 753.194273][T15982] [ 754.257721][T15995] random: crng reseeded on system resumption [ 754.270598][ T4627] ERROR: Out of memory at tomoyo_memory_ok. [ 754.287703][ T49] ERROR: Out of memory at tomoyo_memory_ok. [ 756.336841][T16028] Invalid ELF header magic: != ELF [ 756.614009][T16028] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2539'. [ 757.802868][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.809964][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 758.096458][T16065] Invalid ELF header magic: != ELF [ 758.726732][ T2978] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 947 with max blocks 26 with error 117 [ 758.827562][ T2978] EXT4-fs (sda1): This should not happen!! Data will be lost [ 758.827562][ T2978] [ 758.878815][ T2978] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 952 with max blocks 30 with error 117 [ 758.965231][ T2978] EXT4-fs (sda1): This should not happen!! Data will be lost [ 758.965231][ T2978] [ 758.976628][ T5869] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 760.034107][T16088] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2552'. [ 760.145096][T16088] team0: Port device team_slave_1 removed [ 761.437626][T16120] FAULT_INJECTION: forcing a failure. [ 761.437626][T16120] name failslab, interval 1, probability 0, space 0, times 0 [ 761.512992][T16120] CPU: 0 UID: 0 PID: 16120 Comm: syz.3.2560 Tainted: G U syzkaller #0 PREEMPT(full) [ 761.513032][T16120] Tainted: [U]=USER [ 761.513040][T16120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 761.513055][T16120] Call Trace: [ 761.513063][T16120] [ 761.513072][T16120] dump_stack_lvl+0x16c/0x1f0 [ 761.513112][T16120] should_fail_ex+0x512/0x640 [ 761.513149][T16120] should_failslab+0xc2/0x120 [ 761.513182][T16120] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 761.513211][T16120] ? do_epoll_ctl+0x1170/0x3790 [ 761.513239][T16120] do_epoll_ctl+0x1170/0x3790 [ 761.513265][T16120] ? lockdep_init_map_type+0x5c/0x280 [ 761.513303][T16120] ? __pfx_do_epoll_ctl+0x10/0x10 [ 761.513333][T16120] ? __might_fault+0xe3/0x190 [ 761.513360][T16120] ? __might_fault+0x13b/0x190 [ 761.513385][T16120] ? rcu_is_watching+0x12/0xc0 [ 761.513415][T16120] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 761.513442][T16120] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 761.513468][T16120] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 761.513500][T16120] do_syscall_64+0xcd/0x490 [ 761.513532][T16120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.513556][T16120] RIP: 0033:0x7fac1098ebe9 [ 761.513574][T16120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.513598][T16120] RSP: 002b:00007fac118de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 761.513620][T16120] RAX: ffffffffffffffda RBX: 00007fac10bb5fa0 RCX: 00007fac1098ebe9 [ 761.513636][T16120] RDX: 8000000000000000 RSI: 0000000000000001 RDI: 0000000000000006 [ 761.513651][T16120] RBP: 00007fac10a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 761.513666][T16120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.513681][T16120] R13: 00007fac10bb6038 R14: 00007fac10bb5fa0 R15: 00007ffd9fbf56b8 [ 761.513703][T16120] [ 761.807721][T16125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2563'. [ 761.836229][T16127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2562'. [ 762.998150][T16156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2569'. [ 763.058439][T16156] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2569'. [ 763.554443][T16175] FAULT_INJECTION: forcing a failure. [ 763.554443][T16175] name failslab, interval 1, probability 0, space 0, times 0 [ 763.587383][T16173] netlink: 'syz.0.2572': attribute type 5 has an invalid length. [ 763.699455][T16175] CPU: 0 UID: 0 PID: 16175 Comm: syz.2.2571 Tainted: G U syzkaller #0 PREEMPT(full) [ 763.699494][T16175] Tainted: [U]=USER [ 763.699503][T16175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 763.699518][T16175] Call Trace: [ 763.699526][T16175] [ 763.699534][T16175] dump_stack_lvl+0x16c/0x1f0 [ 763.699569][T16175] should_fail_ex+0x512/0x640 [ 763.699606][T16175] should_failslab+0xc2/0x120 [ 763.699639][T16175] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 763.699668][T16175] ? trace_kmem_cache_alloc+0x28/0xc0 [ 763.699705][T16175] ? sk_prot_alloc+0x60/0x2a0 [ 763.699744][T16175] sk_prot_alloc+0x60/0x2a0 [ 763.699781][T16175] sk_alloc+0x36/0xc20 [ 763.699809][T16175] __vsock_create.constprop.0+0x3c/0xbb0 [ 763.699837][T16175] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 763.699875][T16175] vsock_create+0x139/0x500 [ 763.699905][T16175] __sock_create+0x338/0x8d0 [ 763.699929][T16175] __sys_socket+0x14d/0x260 [ 763.699952][T16175] ? __pfx___sys_socket+0x10/0x10 [ 763.699975][T16175] ? xfd_validate_state+0x61/0x180 [ 763.700015][T16175] __x64_sys_socket+0x72/0xb0 [ 763.700047][T16175] do_syscall_64+0xcd/0x490 [ 763.700080][T16175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.700105][T16175] RIP: 0033:0x7f1401d8ebe9 [ 763.700123][T16175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.700148][T16175] RSP: 002b:00007f1402b30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 763.700171][T16175] RAX: ffffffffffffffda RBX: 00007f1401fb5fa0 RCX: 00007f1401d8ebe9 [ 763.700187][T16175] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 763.700202][T16175] RBP: 00007f1401e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 763.700217][T16175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.700231][T16175] R13: 00007f1401fb6038 R14: 00007f1401fb5fa0 R15: 00007ffda8204e48 [ 763.700254][T16175] [ 765.013870][ T30] audit: type=1804 audit(6138071826.490:33): pid=16198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2576" name="/newroot/633/file0" dev="tmpfs" ino=3313 res=1 errno=0 [ 765.193932][T16202] lo: entered allmulticast mode [ 765.360807][T16206] lo: left allmulticast mode [ 765.512727][T16198] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 765.551261][T16198] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 765.845089][T16217] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 765.928066][ T5220] ERROR: Out of memory at tomoyo_memory_ok. [ 766.121809][T16226] ima: policy update failed [ 766.126619][ T30] audit: type=1802 audit(6138071827.600:34): pid=16226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2582" res=0 errno=0 [ 766.168615][T16226] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2582'. [ 766.275240][T16219] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 767.095031][ C0] sd 0:0:1:0: [sda] tag#431 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 767.105833][ C0] sd 0:0:1:0: [sda] tag#431 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 768.067326][ T5869] Bluetooth: hci3: unexpected event 0x0e length: 440 > 260 [ 768.067386][ T5869] Bluetooth: hci3: unexpected event for opcode 0x0f00 [ 769.354286][T16282] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 947 with max blocks 35 with error 117 [ 769.497044][T16282] EXT4-fs (sda1): This should not happen!! Data will be lost [ 769.497044][T16282] [ 770.138786][T16298] serio: Serial port pty6 [ 772.117011][ T5869] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 772.125360][ T5869] Bluetooth: hci3: Injecting HCI hardware error event [ 772.132712][ T5869] Bluetooth: hci3: hardware error 0x00 [ 772.199118][T16337] FAULT_INJECTION: forcing a failure. [ 772.199118][T16337] name failslab, interval 1, probability 0, space 0, times 0 [ 772.259115][T16337] CPU: 0 UID: 0 PID: 16337 Comm: syz.3.2605 Tainted: G U syzkaller #0 PREEMPT(full) [ 772.259153][T16337] Tainted: [U]=USER [ 772.259161][T16337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 772.259176][T16337] Call Trace: [ 772.259183][T16337] [ 772.259192][T16337] dump_stack_lvl+0x16c/0x1f0 [ 772.259226][T16337] should_fail_ex+0x512/0x640 [ 772.259261][T16337] should_failslab+0xc2/0x120 [ 772.259293][T16337] __kmalloc_cache_noprof+0x6a/0x3e0 [ 772.259317][T16337] ? _raw_spin_unlock+0x28/0x50 [ 772.259341][T16337] ? snd_rawmidi_open+0x3c3/0xbf0 [ 772.259370][T16337] snd_rawmidi_open+0x3c3/0xbf0 [ 772.259398][T16337] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 772.259423][T16337] ? rcu_is_watching+0x12/0xc0 [ 772.259449][T16337] ? kobject_get_unless_zero+0x156/0x1e0 [ 772.259483][T16337] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 772.259509][T16337] snd_open+0x22a/0x4c0 [ 772.259542][T16337] ? __pfx_snd_open+0x10/0x10 [ 772.259574][T16337] chrdev_open+0x231/0x6a0 [ 772.259603][T16337] ? __pfx_apparmor_file_open+0x10/0x10 [ 772.259629][T16337] ? __pfx_chrdev_open+0x10/0x10 [ 772.259660][T16337] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 772.259690][T16337] do_dentry_open+0x97f/0x1530 [ 772.259718][T16337] ? __pfx_chrdev_open+0x10/0x10 [ 772.259750][T16337] vfs_open+0x82/0x3f0 [ 772.259786][T16337] path_openat+0x1de4/0x2cb0 [ 772.259817][T16337] ? __pfx_path_openat+0x10/0x10 [ 772.259847][T16337] do_filp_open+0x20b/0x470 [ 772.259874][T16337] ? __pfx_do_filp_open+0x10/0x10 [ 772.259910][T16337] ? alloc_fd+0x471/0x7d0 [ 772.259937][T16337] do_sys_openat2+0x11b/0x1d0 [ 772.259972][T16337] ? __pfx_do_sys_openat2+0x10/0x10 [ 772.260013][T16337] __x64_sys_openat+0x174/0x210 [ 772.260050][T16337] ? __pfx___x64_sys_openat+0x10/0x10 [ 772.260102][T16337] do_syscall_64+0xcd/0x490 [ 772.260133][T16337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.260157][T16337] RIP: 0033:0x7fac1098ebe9 [ 772.260174][T16337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 772.260197][T16337] RSP: 002b:00007fac118de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 772.260219][T16337] RAX: ffffffffffffffda RBX: 00007fac10bb5fa0 RCX: 00007fac1098ebe9 [ 772.260235][T16337] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 772.260249][T16337] RBP: 00007fac10a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 772.260264][T16337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.260278][T16337] R13: 00007fac10bb6038 R14: 00007fac10bb5fa0 R15: 00007ffd9fbf56b8 [ 772.260300][T16337] [ 772.531652][T16337] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2605'. [ 772.598410][T16337] team_slave_0: entered allmulticast mode [ 773.284142][T16352] FAULT_INJECTION: forcing a failure. [ 773.284142][T16352] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 773.329322][T16352] CPU: 0 UID: 0 PID: 16352 Comm: syz.1.2609 Tainted: G U syzkaller #0 PREEMPT(full) [ 773.329362][T16352] Tainted: [U]=USER [ 773.329370][T16352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 773.329384][T16352] Call Trace: [ 773.329392][T16352] [ 773.329401][T16352] dump_stack_lvl+0x16c/0x1f0 [ 773.329435][T16352] should_fail_ex+0x512/0x640 [ 773.329472][T16352] should_fail_alloc_page+0xe7/0x130 [ 773.329506][T16352] prepare_alloc_pages+0x3c2/0x610 [ 773.329542][T16352] ? rcu_is_watching+0x12/0xc0 [ 773.329568][T16352] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 773.329597][T16352] ? rcu_is_watching+0x12/0xc0 [ 773.329620][T16352] ? trace_kmem_cache_alloc+0x28/0xc0 [ 773.329657][T16352] ? kmem_cache_alloc_lru_noprof+0x223/0x3b0 [ 773.329686][T16352] ? xas_alloc+0x34f/0x460 [ 773.329717][T16352] ? xas_alloc+0x27c/0x460 [ 773.329745][T16352] ? css_rstat_updated+0x1c2/0x510 [ 773.329769][T16352] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 773.329800][T16352] ? do_raw_spin_lock+0x12c/0x2b0 [ 773.329837][T16352] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 773.329878][T16352] ? do_raw_spin_unlock+0x172/0x230 [ 773.329916][T16352] ? _raw_spin_unlock+0x28/0x50 [ 773.329940][T16352] ? __dquot_alloc_space+0x520/0xe20 [ 773.329988][T16352] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 773.330026][T16352] ? policy_nodemask+0xea/0x4e0 [ 773.330059][T16352] alloc_pages_mpol+0x1fb/0x550 [ 773.330092][T16352] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 773.330123][T16352] ? __folio_batch_add_and_move+0x602/0xc90 [ 773.330156][T16352] ? rcu_is_watching+0x12/0xc0 [ 773.330191][T16352] ? lock_release+0x201/0x2f0 [ 773.330222][T16352] folio_alloc_mpol_noprof+0x36/0x2f0 [ 773.330258][T16352] shmem_alloc_folio+0x135/0x160 [ 773.330296][T16352] shmem_alloc_and_add_folio+0x499/0xc20 [ 773.330325][T16352] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 773.330353][T16352] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 773.330382][T16352] shmem_get_folio_gfp+0x67f/0x1600 [ 773.330411][T16352] ? rcu_is_watching+0x12/0xc0 [ 773.330434][T16352] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 773.330462][T16352] ? filemap_map_pages+0xf58/0x1670 [ 773.330491][T16352] shmem_fault+0x1fe/0xa30 [ 773.330518][T16352] ? __pfx_shmem_fault+0x10/0x10 [ 773.330546][T16352] ? __pfx_filemap_map_pages+0x10/0x10 [ 773.330577][T16352] ? __pfx_filemap_map_pages+0x10/0x10 [ 773.330605][T16352] __do_fault+0x10d/0x490 [ 773.330633][T16352] ? __pfx_filemap_map_pages+0x10/0x10 [ 773.330660][T16352] do_pte_missing+0xf50/0x3ba0 [ 773.330684][T16352] ? __handle_mm_fault+0x14fd/0x2a50 [ 773.330706][T16352] ? rcu_is_watching+0x12/0xc0 [ 773.330729][T16352] ? lock_release+0x201/0x2f0 [ 773.330760][T16352] __handle_mm_fault+0x152a/0x2a50 [ 773.330785][T16352] ? mt_find+0x3ef/0xa30 [ 773.330817][T16352] ? __pfx___handle_mm_fault+0x10/0x10 [ 773.330839][T16352] ? __pfx_mt_find+0x10/0x10 [ 773.330877][T16352] ? find_vma+0xbf/0x140 [ 773.330926][T16352] ? __pfx_find_vma+0x10/0x10 [ 773.330960][T16352] handle_mm_fault+0x589/0xd10 [ 773.330993][T16352] ? __bpf_trace_exceptions+0x1/0x40 [ 773.331031][T16352] do_user_addr_fault+0x7a6/0x1370 [ 773.331070][T16352] ? rcu_is_watching+0x12/0xc0 [ 773.331096][T16352] exc_page_fault+0x5c/0xb0 [ 773.331124][T16352] asm_exc_page_fault+0x26/0x30 [ 773.331147][T16352] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 773.331172][T16352] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 773.331195][T16352] RSP: 0018:ffffc9000ae7fa10 EFLAGS: 00050206 [ 773.331215][T16352] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000 [ 773.331231][T16352] RDX: 0000000000000000 RSI: 0000000000005000 RDI: ffff88805f380000 [ 773.331246][T16352] RBP: 0000000000005000 R08: 0000000000000001 R09: ffffed100be701ff [ 773.331261][T16352] R10: ffff88805f380fff R11: 0000000000000000 R12: ffffc9000ae7fda0 [ 773.331277][T16352] R13: 0000000000006000 R14: ffff88805f380000 R15: 00007ffffffff000 [ 773.331300][T16352] _copy_from_iter+0x383/0x16f0 [ 773.331339][T16352] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 773.331377][T16352] ? __pfx__copy_from_iter+0x10/0x10 [ 773.331415][T16352] ? alloc_pages_mpol+0x25a/0x550 [ 773.331448][T16352] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 773.331482][T16352] copy_page_from_iter+0xde/0x180 [ 773.331522][T16352] anon_pipe_write+0xbe7/0x1a90 [ 773.331557][T16352] ? lock_release+0x201/0x2f0 [ 773.331588][T16352] ? __pfx_anon_pipe_write+0x10/0x10 [ 773.331621][T16352] ? common_file_perm+0x1a9/0x340 [ 773.331654][T16352] fifo_pipe_write+0x24/0x530 [ 773.331685][T16352] vfs_write+0x7d0/0x11d0 [ 773.331712][T16352] ? __pfx_fifo_pipe_write+0x10/0x10 [ 773.331744][T16352] ? __pfx_vfs_write+0x10/0x10 [ 773.331772][T16352] ? lock_release+0x201/0x2f0 [ 773.331809][T16352] ksys_write+0x1f8/0x250 [ 773.331836][T16352] ? __pfx_ksys_write+0x10/0x10 [ 773.331867][T16352] do_syscall_64+0xcd/0x490 [ 773.331900][T16352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.331923][T16352] RIP: 0033:0x7ff54418ebe9 [ 773.331941][T16352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.331965][T16352] RSP: 002b:00007ff544f7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 773.331994][T16352] RAX: ffffffffffffffda RBX: 00007ff5443b5fa0 RCX: 00007ff54418ebe9 [ 773.332010][T16352] RDX: 0000000000008001 RSI: 0000000000000000 RDI: 0000000000000004 [ 773.332025][T16352] RBP: 00007ff544211e19 R08: 0000000000000000 R09: 0000000000000000 [ 773.332039][T16352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.332055][T16352] R13: 00007ff5443b6038 R14: 00007ff5443b5fa0 R15: 00007ffe46098d08 [ 773.332078][T16352] [ 774.172024][ C0] sd 0:0:1:0: [sda] tag#385 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 774.182455][ C0] sd 0:0:1:0: [sda] tag#385 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 774.597244][ T5869] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 774.643171][T16368] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 775.011126][T16375] random: crng reseeded on system resumption [ 775.037287][ T2978] ERROR: Out of memory at tomoyo_memory_ok. [ 775.049322][ T49] ERROR: Out of memory at tomoyo_memory_ok. [ 775.534131][T16387] ubi0: attaching mtd0 [ 775.558218][T16387] ubi0: scanning is finished [ 775.567194][T16387] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 775.708831][T16387] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 775.873021][T16391] zswap: compressor û not available [ 777.098874][ T5869] Bluetooth: hci0: unexpected event 0x16 length: 440 > 6 [ 777.232140][T16409] Process accounting paused [ 777.770719][T16432] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2628'. [ 778.098746][T16439] netlink: 29 bytes leftover after parsing attributes in process `syz.0.2629'. [ 779.034479][T16457] can0: slcan on ttyS2. [ 779.108003][T16455] can0 (unregistered): slcan off ttyS2. [ 779.397114][T16467] FAULT_INJECTION: forcing a failure. [ 779.397114][T16467] name failslab, interval 1, probability 0, space 0, times 0 [ 779.468413][T16467] CPU: 0 UID: 0 PID: 16467 Comm: syz.1.2636 Tainted: G U syzkaller #0 PREEMPT(full) [ 779.468453][T16467] Tainted: [U]=USER [ 779.468461][T16467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 779.468476][T16467] Call Trace: [ 779.468483][T16467] [ 779.468492][T16467] dump_stack_lvl+0x16c/0x1f0 [ 779.468528][T16467] should_fail_ex+0x512/0x640 [ 779.468566][T16467] should_failslab+0xc2/0x120 [ 779.468600][T16467] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 779.468633][T16467] ? __kthread_create_on_node+0x186/0x3f0 [ 779.468669][T16467] kvasprintf+0xbc/0x160 [ 779.468705][T16467] ? __pfx_kvasprintf+0x10/0x10 [ 779.468732][T16467] ? __pfx_rescuer_thread+0x10/0x10 [ 779.468768][T16467] __kthread_create_on_node+0x186/0x3f0 [ 779.468799][T16467] ? __pfx___kthread_create_on_node+0x10/0x10 [ 779.468834][T16467] ? __pfx_vsnprintf+0x10/0x10 [ 779.468863][T16467] ? __pfx_rescuer_thread+0x10/0x10 [ 779.468900][T16467] kthread_create_on_node+0xc7/0x100 [ 779.468930][T16467] ? __pfx_kthread_create_on_node+0x10/0x10 [ 779.468960][T16467] ? __pfx_scnprintf+0x10/0x10 [ 779.468993][T16467] init_rescuer+0x320/0x640 [ 779.469026][T16467] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 779.469062][T16467] ? __pfx_init_rescuer+0x10/0x10 [ 779.469099][T16467] ? wq_adjust_max_active+0x39d/0x4a0 [ 779.469137][T16467] __alloc_workqueue+0xc37/0x1810 [ 779.469169][T16467] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 779.469198][T16467] alloc_workqueue_noprof+0xd2/0x200 [ 779.469229][T16467] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 779.469271][T16467] ? __pfx___debug_object_init+0x10/0x10 [ 779.469301][T16467] nci_register_device+0x511/0xb80 [ 779.469327][T16467] ? __pfx_nci_register_device+0x10/0x10 [ 779.469354][T16467] ? lockdep_init_map_type+0x5c/0x280 [ 779.469389][T16467] virtual_ncidev_open+0x141/0x220 [ 779.469415][T16467] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 779.469440][T16467] misc_open+0x35a/0x420 [ 779.469464][T16467] ? __pfx_misc_open+0x10/0x10 [ 779.469487][T16467] chrdev_open+0x231/0x6a0 [ 779.469517][T16467] ? __pfx_apparmor_file_open+0x10/0x10 [ 779.469542][T16467] ? __pfx_chrdev_open+0x10/0x10 [ 779.469573][T16467] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 779.469602][T16467] do_dentry_open+0x97f/0x1530 [ 779.469631][T16467] ? __pfx_chrdev_open+0x10/0x10 [ 779.469663][T16467] vfs_open+0x82/0x3f0 [ 779.469698][T16467] path_openat+0x1de4/0x2cb0 [ 779.469729][T16467] ? __pfx_path_openat+0x10/0x10 [ 779.469759][T16467] do_filp_open+0x20b/0x470 [ 779.469786][T16467] ? __pfx_do_filp_open+0x10/0x10 [ 779.469823][T16467] ? alloc_fd+0x471/0x7d0 [ 779.469850][T16467] do_sys_openat2+0x11b/0x1d0 [ 779.469885][T16467] ? __pfx_do_sys_openat2+0x10/0x10 [ 779.469927][T16467] __x64_sys_openat+0x174/0x210 [ 779.469963][T16467] ? __pfx___x64_sys_openat+0x10/0x10 [ 779.470006][T16467] do_syscall_64+0xcd/0x490 [ 779.470037][T16467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.470061][T16467] RIP: 0033:0x7ff54418ebe9 [ 779.470079][T16467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 779.470101][T16467] RSP: 002b:00007ff544f7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 779.470123][T16467] RAX: ffffffffffffffda RBX: 00007ff5443b5fa0 RCX: 00007ff54418ebe9 [ 779.470139][T16467] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 779.470153][T16467] RBP: 00007ff544211e19 R08: 0000000000000000 R09: 0000000000000000 [ 779.470168][T16467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.470182][T16467] R13: 00007ff5443b6038 R14: 00007ff5443b5fa0 R15: 00007ffe46098d08 [ 779.470204][T16467] [ 779.470223][T16467] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -ENOMEM [ 781.982514][T16535] ERROR: Out of memory at tomoyo_memory_ok. [ 782.212489][T16541] lo: entered allmulticast mode [ 782.338548][T16541] lo: left allmulticast mode [ 782.443588][T16549] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 783.129830][T16555] mkiss: ax0: crc mode is auto. [ 783.379659][ T30] audit: type=1800 audit(6138071844.860:35): pid=16555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2647" name="dbroot" dev="configfs" ino=65179 res=0 errno=0 [ 784.315447][T16586] random: crng reseeded on system resumption [ 786.928394][T16635] mkiss: ax0: crc mode is auto. [ 786.987934][ T5869] Bluetooth: hci2: unexpected event 0x0f length: 440 > 4 [ 786.987975][ T5869] Bluetooth: hci2: unexpected event for opcode 0x0010 [ 787.502344][ T30] audit: type=1800 audit(6138071848.980:36): pid=16634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2660" name="dbroot" dev="configfs" ino=65980 res=0 errno=0 [ 787.901165][T16656] random: crng reseeded on system resumption [ 789.957385][ T36] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 935 with max blocks 38 with error 117 [ 790.034615][ T36] EXT4-fs (sda1): This should not happen!! Data will be lost [ 790.034615][ T36] [ 790.110215][ T36] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 948 with max blocks 34 with error 117 [ 790.207366][ T36] EXT4-fs (sda1): This should not happen!! Data will be lost [ 790.207366][ T36] [ 790.997030][ T5869] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 791.006089][ T5869] Bluetooth: hci2: Injecting HCI hardware error event [ 791.015558][T12333] Bluetooth: hci2: hardware error 0x00 [ 791.512738][ T5869] Bluetooth: hci0: unexpected event 0x30 length: 47 > 3 [ 793.076980][T12333] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 796.915355][T16793] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 800.197664][T16848] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2705'. [ 800.251594][T16848] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.326438][T16848] bridge_slave_1 (unregistering): left allmulticast mode [ 800.358188][T16848] bridge_slave_1 (unregistering): left promiscuous mode [ 800.387362][T16848] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.869025][T16861] bond0: option xmit_hash_policy: invalid value (0x00060000) [ 803.092169][T16882] FAULT_INJECTION: forcing a failure. [ 803.092169][T16882] name failslab, interval 1, probability 0, space 0, times 0 [ 803.202932][T16882] CPU: 0 UID: 0 PID: 16882 Comm: syz.1.2720 Tainted: G U syzkaller #0 PREEMPT(full) [ 803.202976][T16882] Tainted: [U]=USER [ 803.202984][T16882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 803.202999][T16882] Call Trace: [ 803.203008][T16882] [ 803.203017][T16882] dump_stack_lvl+0x16c/0x1f0 [ 803.203058][T16882] should_fail_ex+0x512/0x640 [ 803.203095][T16882] should_failslab+0xc2/0x120 [ 803.203128][T16882] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 803.203157][T16882] ? stashed_dentry_get+0x10a/0x2c0 [ 803.203186][T16882] ? rcu_is_watching+0x12/0xc0 [ 803.203210][T16882] ? alloc_inode+0xc3/0x240 [ 803.203245][T16882] alloc_inode+0xc3/0x240 [ 803.203283][T16882] path_from_stashed+0x25b/0x750 [ 803.203311][T16882] ? do_raw_spin_unlock+0x172/0x230 [ 803.203351][T16882] ns_get_path+0x5f/0x80 [ 803.203376][T16882] proc_ns_get_link+0x121/0x230 [ 803.203406][T16882] ? __pfx_proc_ns_get_link+0x10/0x10 [ 803.203437][T16882] ? try_to_unlazy+0x2a9/0x660 [ 803.203466][T16882] ? __pfx_proc_ns_get_link+0x10/0x10 [ 803.203497][T16882] step_into+0x1a2c/0x2270 [ 803.203523][T16882] ? __pfx_step_into+0x10/0x10 [ 803.203555][T16882] ? lookup_fast+0x156/0x610 [ 803.203580][T16882] path_openat+0x6db/0x2cb0 [ 803.203612][T16882] ? __pfx_path_openat+0x10/0x10 [ 803.203644][T16882] do_filp_open+0x20b/0x470 [ 803.203672][T16882] ? __pfx_do_filp_open+0x10/0x10 [ 803.203710][T16882] ? alloc_fd+0x471/0x7d0 [ 803.203739][T16882] do_sys_openat2+0x11b/0x1d0 [ 803.203776][T16882] ? __pfx_do_sys_openat2+0x10/0x10 [ 803.203820][T16882] __x64_sys_openat+0x174/0x210 [ 803.203858][T16882] ? __pfx___x64_sys_openat+0x10/0x10 [ 803.203919][T16882] do_syscall_64+0xcd/0x490 [ 803.203953][T16882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.203981][T16882] RIP: 0033:0x7ff54418d550 [ 803.204000][T16882] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 803.204024][T16882] RSP: 002b:00007ff544f7af10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 803.204046][T16882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff54418d550 [ 803.204061][T16882] RDX: 0000000000000000 RSI: 00007ff544f7afa0 RDI: 00000000ffffff9c [ 803.204076][T16882] RBP: 00007ff544f7afa0 R08: 0000000000000000 R09: 0000000000000000 [ 803.204092][T16882] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 803.204107][T16882] R13: 00007ff5443b6038 R14: 00007ff5443b5fa0 R15: 00007ffe46098d08 [ 803.204130][T16882] [ 804.117333][T12333] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 805.747363][T12333] Bluetooth: hci1: unexpected event 0x16 length: 440 > 6 [ 806.647065][T16922] kernel profiling enabled (shift: 7) [ 807.267955][T16931] QAT: Stopping all acceleration devices. [ 807.672515][T16908] Process accounting resumed [ 808.625835][T16963] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2730'. [ 809.349363][T16977] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2732'. [ 809.412909][T16977] bridge0: port 2(bridge_slave_1) entered disabled state [ 809.460642][T16977] bridge_slave_1 (unregistering): left allmulticast mode [ 809.500375][T16977] bridge_slave_1 (unregistering): left promiscuous mode [ 809.519042][T16977] bridge0: port 2(bridge_slave_1) entered disabled state [ 809.696256][T16974] bond0: option xmit_hash_policy: invalid value () [ 810.000718][T16986] tipc: Started in network mode [ 810.036528][T16986] tipc: Node identity ee00, cluster identity 4711 [ 810.106964][T16986] tipc: Node number set to 60928 [ 811.877322][T17010] netlink: 'syz.2.2740': attribute type 4 has an invalid length. [ 811.905491][T17010] netlink: 'syz.2.2740': attribute type 5 has an invalid length. [ 811.947603][T17010] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2740'. [ 812.597208][T12333] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 812.779373][T17028] netlink: 'syz.1.2751': attribute type 4 has an invalid length. [ 812.857519][T17028] netlink: 'syz.1.2751': attribute type 5 has an invalid length. [ 812.865309][T17028] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2751'. [ 814.627440][T17057] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 945 with max blocks 28 with error 117 [ 814.868671][T17057] EXT4-fs (sda1): This should not happen!! Data will be lost [ 814.868671][T17057] [ 816.691219][ T2978] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 948 with max blocks 34 with error 117 [ 816.788091][ T2978] EXT4-fs (sda1): This should not happen!! Data will be lost [ 816.788091][ T2978] [ 817.712338][ T3562] ERROR: Out of memory at tomoyo_memory_ok. [ 817.744796][ T36] ERROR: Out of memory at tomoyo_memory_ok. [ 818.383152][T17108] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 818.407641][T17108] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 819.241919][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.248483][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.349287][T17134] netlink: 25520 bytes leftover after parsing attributes in process `syz.1.2763'. [ 819.391499][T17134] netlink: zone id is out of range [ 819.420668][T17134] netlink: zone id is out of range [ 819.434152][T17134] netlink: zone id is out of range [ 819.461533][T17134] netlink: zone id is out of range [ 819.471632][T17134] netlink: zone id is out of range [ 819.481903][T17134] netlink: zone id is out of range [ 819.501971][T17134] netlink: zone id is out of range [ 819.526789][T17134] netlink: zone id is out of range [ 819.564979][T17134] netlink: zone id is out of range [ 819.571071][T17134] netlink: zone id is out of range [ 819.813432][T17138] zswap: compressor not available [ 819.836097][T17144] Setting dangerous option i915.mitigations - tainting kernel [ 819.879282][T12333] Bluetooth: hci0: command 0x0c1a tx timeout [ 820.440773][T12333] Bluetooth: hci1: command 0x0c1a tx timeout [ 820.911901][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 820.920799][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 820.940372][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 820.949201][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 820.967259][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 820.977235][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 820.989331][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 820.995910][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 821.802351][T17173] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 947 with max blocks 26 with error 117 [ 821.984025][T17173] EXT4-fs (sda1): This should not happen!! Data will be lost [ 821.984025][T17173] [ 822.115706][ T30] audit: type=1800 audit(6138071883.590:37): pid=17183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2771" name="members" dev="configfs" ino=70019 res=0 errno=0 [ 822.561422][T17195] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 822.601907][T17195] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 823.422504][T17219] FAULT_INJECTION: forcing a failure. [ 823.422504][T17219] name failslab, interval 1, probability 0, space 0, times 0 [ 823.495273][T17219] CPU: 0 UID: 0 PID: 17219 Comm: syz.3.2781 Tainted: G U syzkaller #0 PREEMPT(full) [ 823.495310][T17219] Tainted: [U]=USER [ 823.495318][T17219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 823.495332][T17219] Call Trace: [ 823.495340][T17219] [ 823.495348][T17219] dump_stack_lvl+0x16c/0x1f0 [ 823.495391][T17219] should_fail_ex+0x512/0x640 [ 823.495426][T17219] should_failslab+0xc2/0x120 [ 823.495458][T17219] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 823.495506][T17219] ? bdev_alloc_inode+0x26/0x90 [ 823.495546][T17219] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 823.495583][T17219] bdev_alloc_inode+0x26/0x90 [ 823.495619][T17219] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 823.495657][T17219] alloc_inode+0x61/0x240 [ 823.495691][T17219] new_inode+0x22/0x1c0 [ 823.495726][T17219] bdev_alloc+0x2b/0x420 [ 823.495751][T17219] __alloc_disk_node+0x116/0x640 [ 823.495787][T17219] __blk_mq_alloc_disk+0x89/0x120 [ 823.495819][T17219] loop_add+0x490/0xb70 [ 823.495844][T17219] ? __pfx_loop_add+0x10/0x10 [ 823.495876][T17219] ? rcu_is_watching+0x12/0xc0 [ 823.495901][T17219] ? __fget_files+0x204/0x3c0 [ 823.495928][T17219] loop_control_ioctl+0x13e/0x630 [ 823.495953][T17219] ? __pfx_loop_control_ioctl+0x10/0x10 [ 823.495981][T17219] ? __pfx_loop_control_ioctl+0x10/0x10 [ 823.496007][T17219] __x64_sys_ioctl+0x18e/0x210 [ 823.496046][T17219] do_syscall_64+0xcd/0x490 [ 823.496079][T17219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.496109][T17219] RIP: 0033:0x7fac1098ebe9 [ 823.496127][T17219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.496152][T17219] RSP: 002b:00007fac118de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 823.496175][T17219] RAX: ffffffffffffffda RBX: 00007fac10bb5fa0 RCX: 00007fac1098ebe9 [ 823.496192][T17219] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 823.496208][T17219] RBP: 00007fac10a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 823.496222][T17219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.496237][T17219] R13: 00007fac10bb6038 R14: 00007fac10bb5fa0 R15: 00007ffd9fbf56b8 [ 823.496259][T17219] [ 824.538519][T17237] ubi0: attaching mtd0 [ 824.543345][T17237] ubi0: scanning is finished [ 824.554146][T17237] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 824.754941][T17237] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 824.943192][T17242] zswap: compressor û not available [ 825.176653][T17193] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 981 with max blocks 1 with error 117 [ 825.236129][T17193] EXT4-fs (sda1): This should not happen!! Data will be lost [ 825.236129][T17193] [ 825.286082][T17193] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 946 with max blocks 27 with error 117 [ 825.359502][T17193] EXT4-fs (sda1): This should not happen!! Data will be lost [ 825.359502][T17193] [ 827.902278][T17310] ptrace attach of "./syz-executor exec"[5874] was attempted by ""[17310] [ 828.074097][T17314] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2796'. [ 829.761917][T17343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2802'. [ 829.832102][T17344] net_ratelimit: 210 callbacks suppressed [ 829.832132][T17344] netlink: zone id is out of range [ 829.954803][T17344] netlink: zone id is out of range [ 830.109676][T17344] netlink: zone id is out of range [ 830.114829][T17344] netlink: zone id is out of range [ 830.236218][T17344] netlink: zone id is out of range [ 830.281394][T17344] netlink: zone id is out of range [ 830.336962][T17344] netlink: zone id is out of range [ 830.352291][T17344] netlink: zone id is out of range [ 830.376080][T17344] netlink: zone id is out of range [ 830.405275][T17344] netlink: zone id is out of range [ 833.176627][T17381] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 949 with max blocks 33 with error 117 [ 833.255774][T17381] EXT4-fs (sda1): This should not happen!! Data will be lost [ 833.255774][T17381] [ 833.561495][T17397] ubi0: attaching mtd0 [ 833.566463][T17397] ubi0: scanning is finished [ 833.612519][T17397] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 833.827268][T17397] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 833.865348][T17401] ubi0: attaching mtd0 [ 833.890307][T17401] ubi0: scanning is finished [ 833.946321][T17401] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 834.238129][T17401] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 836.135027][T17437] input: f¬ as /devices/virtual/input/input35 [ 838.949842][T17490] FAULT_INJECTION: forcing a failure. [ 838.949842][T17490] name failslab, interval 1, probability 0, space 0, times 0 [ 838.998182][T17490] CPU: 0 UID: 0 PID: 17490 Comm: syz.2.2829 Tainted: G U syzkaller #0 PREEMPT(full) [ 838.998221][T17490] Tainted: [U]=USER [ 838.998230][T17490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 838.998245][T17490] Call Trace: [ 838.998253][T17490] [ 838.998263][T17490] dump_stack_lvl+0x16c/0x1f0 [ 838.998298][T17490] should_fail_ex+0x512/0x640 [ 838.998336][T17490] should_failslab+0xc2/0x120 [ 838.998368][T17490] __kvmalloc_node_noprof+0x137/0x620 [ 838.998396][T17490] ? alloc_shrinker_info+0xea/0x470 [ 838.998429][T17490] ? alloc_shrinker_info+0xea/0x470 [ 838.998459][T17490] ? mem_cgroup_css_online+0x1ba/0x640 [ 838.998498][T17490] alloc_shrinker_info+0xea/0x470 [ 838.998533][T17490] mem_cgroup_css_online+0x217/0x640 [ 838.998571][T17490] ? __pfx_mem_cgroup_css_online+0x10/0x10 [ 838.998610][T17490] online_css+0xaf/0x350 [ 838.998642][T17490] cgroup_apply_control_enable+0x702/0xbb0 [ 838.998683][T17490] cgroup_mkdir+0x5e7/0x11f0 [ 838.998721][T17490] ? __pfx_cgroup_mkdir+0x10/0x10 [ 838.998758][T17490] kernfs_iop_mkdir+0x111/0x190 [ 838.998792][T17490] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 838.998824][T17490] vfs_mkdir+0x590/0x8c0 [ 838.998847][T17490] do_mkdirat+0x304/0x3e0 [ 838.998877][T17490] ? __pfx_do_mkdirat+0x10/0x10 [ 838.998917][T17490] ? getname_flags.part.0+0x1c5/0x550 [ 838.998957][T17490] __x64_sys_mkdir+0xef/0x140 [ 838.998987][T17490] do_syscall_64+0xcd/0x490 [ 838.999020][T17490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.999045][T17490] RIP: 0033:0x7f1401d8ebe9 [ 838.999063][T17490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 838.999087][T17490] RSP: 002b:00007f1402b30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 838.999110][T17490] RAX: ffffffffffffffda RBX: 00007f1401fb5fa0 RCX: 00007f1401d8ebe9 [ 838.999126][T17490] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 838.999141][T17490] RBP: 00007f1401e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 838.999156][T17490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 838.999171][T17490] R13: 00007f1401fb6038 R14: 00007f1401fb5fa0 R15: 00007ffda8204e48 [ 838.999193][T17490] [ 839.227452][ C0] vkms_vblank_simulate: vblank timer overrun [ 840.299642][T17247] ERROR: Out of memory at tomoyo_memory_ok. [ 840.308056][T17193] ERROR: Out of memory at tomoyo_memory_ok. [ 840.548152][T17506] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 840.565223][T17506] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 840.819934][T17514] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.2842'. [ 840.891994][T17467] Process accounting paused [ 842.357721][T17238] Bluetooth: hci0: command 0x0c1a tx timeout [ 842.597322][T17238] Bluetooth: hci1: command 0x0c1a tx timeout [ 843.578303][T17553] ubi0: attaching mtd0 [ 843.597838][T17553] ubi0: scanning is finished [ 843.602493][T17553] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 843.805738][T17553] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 843.845066][T17559] ubi0: attaching mtd0 [ 843.866003][T17559] ubi0: scanning is finished [ 843.949084][T17559] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 844.128129][T17559] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 844.647914][T17582] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 844.655265][T17582] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 845.651204][T17598] ERROR: Out of memory at tomoyo_memory_ok. [ 845.689146][T17595] ERROR: Out of memory at tomoyo_memory_ok. [ 845.698022][T17607] input: f¬ as /devices/virtual/input/input36 [ 845.915110][T17603] tipc: Withdrawal distribution failure [ 846.772223][T17622] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 950 with max blocks 32 with error 117 [ 846.833821][T17632] __vm_enough_memory: pid: 17632, comm: syz.1.2859, bytes: 4398046511104 not enough memory for the allocation [ 846.877899][T17622] EXT4-fs (sda1): This should not happen!! Data will be lost [ 846.877899][T17622] [ 846.897016][T17633] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 847.757160][T17641] Invalid ELF header magic: != ELF [ 847.805919][T17643] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 847.964007][T17634] kexec: Could not allocate control_code_buffer [ 847.986682][T17646] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 848.343734][T17651] zswap: compressor not available [ 848.351801][T17658] Setting dangerous option i915.mitigations - tainting kernel [ 848.745670][T17666] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 848.805742][ T30] audit: type=1800 audit(6138071910.280:38): pid=17668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2865" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 848.873233][ T5220] ERROR: Out of memory at tomoyo_memory_ok. [ 848.913312][T17669] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 849.292578][T17674] input: f¬ as /devices/virtual/input/input39 [ 849.972431][T17683] random: crng reseeded on system resumption [ 852.597498][T17730] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 852.849227][T17731] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 853.122810][T17738] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 854.536443][T17766] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 854.798138][T17210] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 947 with max blocks 26 with error 117 [ 854.890743][T17210] EXT4-fs (sda1): This should not happen!! Data will be lost [ 854.890743][T17210] [ 856.173763][T17790] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2892'. [ 856.804535][T17811] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.2895'. [ 859.208624][T17861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'. [ 859.730747][T17872] 0x000200000001-0xa29656a63616329 : "" [ 859.776936][T17872] mtd: partition "" is out of reach -- disabled [ 859.823872][T17872] ftl_cs: FTL header not found. [ 859.836554][T17238] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 859.836583][T17238] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 859.851685][T17238] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 859.851712][T17238] Bluetooth: hci0: adv larger than maximum supported [ 859.859420][T17238] Bluetooth: hci0: Malformed LE Event: 0x0d [ 860.034632][T17878] ERROR: Out of memory at tomoyo_memory_ok. [ 860.176745][T17238] Bluetooth: hci1: unexpected event 0x35 length: 13 > 6 [ 861.383127][T17914] random: crng reseeded on system resumption [ 862.145861][T17899] kexec: Could not allocate control_code_buffer [ 863.116742][T17933] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1353 with max blocks 22 with error 117 [ 863.280610][T17933] EXT4-fs (sda1): This should not happen!! Data will be lost [ 863.280610][T17933] [ 863.982725][T17947] 0x000200000001-0xa29656a63616329 : "" [ 864.012532][T17947] mtd: partition "" is out of reach -- disabled [ 864.049764][T17947] ftl_cs: FTL header not found. [ 864.190011][T17949] ERROR: Out of memory at tomoyo_memory_ok. [ 865.822607][T17982] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2928'. [ 865.899651][T17982] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2928'. [ 866.770245][T17971] kexec: Could not allocate control_code_buffer [ 867.247131][T18003] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2931'. [ 867.859347][T18016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2934'. [ 869.791312][T18041] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 958 with max blocks 15 with error 117 [ 869.890183][T18041] EXT4-fs (sda1): This should not happen!! Data will be lost [ 869.890183][T18041] [ 870.345650][T18050] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2941'. [ 870.409646][T18050] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2941'. [ 870.745829][T18060] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2952'. [ 870.982114][T18058] Process accounting resumed [ 871.141780][T18066] svc: failed to register nfsdv3 RPC service (errno 101). [ 871.205124][T18066] svc: failed to register nfsaclv3 RPC service (errno 101). [ 872.721143][T18081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2947'. [ 873.159370][T17249] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1360 with max blocks 15 with error 117 [ 873.233454][T17249] EXT4-fs (sda1): This should not happen!! Data will be lost [ 873.233454][T17249] [ 874.047074][T18113] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 874.816314][T18130] random: crng reseeded on system resumption [ 874.880438][T17249] ERROR: Out of memory at tomoyo_memory_ok. [ 874.925398][T17191] ERROR: Out of memory at tomoyo_memory_ok. [ 876.540142][T18130] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(4096.0.0), cmd(5) [ 878.337629][T17238] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 880.301342][ T30] audit: type=1107 audit(6138071941.770:39): pid=18230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 880.313992][T18232] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2982'. [ 880.353363][T18232] bridge_slave_0: left allmulticast mode [ 880.379268][T18232] bridge_slave_0: left promiscuous mode [ 880.405271][T18232] bridge0: port 1(bridge_slave_0) entered disabled state [ 880.687468][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 880.693779][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 880.755652][T18244] random: crng reseeded on system resumption [ 882.394889][T18267] FAULT_INJECTION: forcing a failure. [ 882.394889][T18267] name failslab, interval 1, probability 0, space 0, times 0 [ 882.597422][T18267] CPU: 0 UID: 0 PID: 18267 Comm: syz.3.2978 Tainted: G U syzkaller #0 PREEMPT(full) [ 882.597461][T18267] Tainted: [U]=USER [ 882.597469][T18267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 882.597484][T18267] Call Trace: [ 882.597492][T18267] [ 882.597504][T18267] dump_stack_lvl+0x16c/0x1f0 [ 882.597540][T18267] should_fail_ex+0x512/0x640 [ 882.597577][T18267] should_failslab+0xc2/0x120 [ 882.597611][T18267] __kmalloc_cache_noprof+0x6a/0x3e0 [ 882.597636][T18267] ? tomoyo_find_next_domain+0xfd/0x20b0 [ 882.597665][T18267] tomoyo_find_next_domain+0xfd/0x20b0 [ 882.597693][T18267] ? __pfx___kernel_read+0x10/0x10 [ 882.597731][T18267] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 882.597758][T18267] ? lock_acquire+0x2cd/0x350 [ 882.597790][T18267] ? bpf_lsm_file_permission+0x9/0x10 [ 882.597827][T18267] ? security_file_permission+0x71/0x210 [ 882.597862][T18267] tomoyo_bprm_check_security+0x12e/0x1d0 [ 882.597885][T18267] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 882.597910][T18267] security_bprm_check+0x1b9/0x1e0 [ 882.597934][T18267] bprm_execve+0x81a/0x1640 [ 882.597960][T18267] ? __pfx_bprm_execve+0x10/0x10 [ 882.597985][T18267] ? copy_string_kernel+0x460/0x520 [ 882.598013][T18267] do_execveat_common.isra.0+0x4a5/0x610 [ 882.598043][T18267] __x64_sys_execve+0x8e/0xb0 [ 882.598069][T18267] do_syscall_64+0xcd/0x490 [ 882.598102][T18267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.598127][T18267] RIP: 0033:0x7fac1098ebe9 [ 882.598145][T18267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 882.598169][T18267] RSP: 002b:00007fac118bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 882.598192][T18267] RAX: ffffffffffffffda RBX: 00007fac10bb6090 RCX: 00007fac1098ebe9 [ 882.598208][T18267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 882.598223][T18267] RBP: 00007fac10a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 882.598238][T18267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 882.598253][T18267] R13: 00007fac10bb6128 R14: 00007fac10bb6090 R15: 00007ffd9fbf56b8 [ 882.598276][T18267] [ 883.260903][T18283] Invalid ELF header magic: != ELF [ 883.446349][T18280] svc: failed to register nfsdv3 RPC service (errno 111). [ 883.504613][T18280] svc: failed to register nfsaclv3 RPC service (errno 111). [ 883.799842][ T30] audit: type=1800 audit(6138071945.280:40): pid=18292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2983" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 884.258710][T18299] vhci_hcd: invalid port number 16 [ 884.277487][T18299] vhci_hcd: invalid port number 16 [ 885.092278][T18317] random: crng reseeded on system resumption [ 886.342362][T17246] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 949 with max blocks 24 with error 117 [ 886.427938][T17246] EXT4-fs (sda1): This should not happen!! Data will be lost [ 886.427938][T17246] [ 886.482717][T17246] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 948 with max blocks 34 with error 117 [ 886.577706][T17246] EXT4-fs (sda1): This should not happen!! Data will be lost [ 886.577706][T17246] [ 887.355072][T18352] svc: failed to register nfsdv3 RPC service (errno 101). [ 887.396127][T18352] svc: failed to register nfsaclv3 RPC service (errno 101). [ 887.503387][T18353] FAULT_INJECTION: forcing a failure. [ 887.503387][T18353] name failslab, interval 1, probability 0, space 0, times 0 [ 887.572633][T18353] CPU: 0 UID: 0 PID: 18353 Comm: syz.2.3002 Tainted: G U syzkaller #0 PREEMPT(full) [ 887.572672][T18353] Tainted: [U]=USER [ 887.572680][T18353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 887.572694][T18353] Call Trace: [ 887.572701][T18353] [ 887.572714][T18353] dump_stack_lvl+0x16c/0x1f0 [ 887.572746][T18353] should_fail_ex+0x512/0x640 [ 887.572783][T18353] should_failslab+0xc2/0x120 [ 887.572815][T18353] __kmalloc_cache_noprof+0x6a/0x3e0 [ 887.572840][T18353] ? tomoyo_find_next_domain+0x145/0x20b0 [ 887.572868][T18353] tomoyo_find_next_domain+0x145/0x20b0 [ 887.572895][T18353] ? __pfx___kernel_read+0x10/0x10 [ 887.572926][T18353] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 887.572952][T18353] ? lock_acquire+0x2cd/0x350 [ 887.572983][T18353] ? bpf_lsm_file_permission+0x9/0x10 [ 887.573018][T18353] ? security_file_permission+0x71/0x210 [ 887.573051][T18353] tomoyo_bprm_check_security+0x12e/0x1d0 [ 887.573074][T18353] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 887.573098][T18353] security_bprm_check+0x1b9/0x1e0 [ 887.573122][T18353] bprm_execve+0x81a/0x1640 [ 887.573148][T18353] ? __pfx_bprm_execve+0x10/0x10 [ 887.573171][T18353] ? copy_string_kernel+0x460/0x520 [ 887.573205][T18353] do_execveat_common.isra.0+0x4a5/0x610 [ 887.573235][T18353] __x64_sys_execve+0x8e/0xb0 [ 887.573261][T18353] do_syscall_64+0xcd/0x490 [ 887.573293][T18353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.573317][T18353] RIP: 0033:0x7f1401d8ebe9 [ 887.573335][T18353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 887.573358][T18353] RSP: 002b:00007f1402b0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 887.573380][T18353] RAX: ffffffffffffffda RBX: 00007f1401fb6090 RCX: 00007f1401d8ebe9 [ 887.573397][T18353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 887.573411][T18353] RBP: 00007f1401e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 887.573426][T18353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 887.573440][T18353] R13: 00007f1401fb6128 R14: 00007f1401fb6090 R15: 00007ffda8204e48 [ 887.573462][T18353] [ 889.691490][T18398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3008'. [ 889.978050][T18405] random: crng reseeded on system resumption [ 890.184578][T17238] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 891.164141][T17246] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 946 with max blocks 36 with error 117 [ 891.259212][T17246] EXT4-fs (sda1): This should not happen!! Data will be lost [ 891.259212][T17246] [ 891.523464][T18418] bond0: option all_slaves_active: invalid value () [ 894.901276][T18489] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 894.990219][T17210] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 950 with max blocks 32 with error 117 [ 895.052393][T17210] EXT4-fs (sda1): This should not happen!! Data will be lost [ 895.052393][T17210] [ 895.645380][T18510] random: crng reseeded on system resumption [ 900.740657][T18595] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 900.834156][T18603] random: crng reseeded on system resumption [ 900.966504][T18600] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 945 with max blocks 37 with error 117 [ 901.067746][T18600] EXT4-fs (sda1): This should not happen!! Data will be lost [ 901.067746][T18600] [ 901.696371][T18597] Process accounting paused [ 902.481043][T18632] ================================================================== [ 902.481060][T18632] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 902.481100][T18632] Read of size 2 at addr ffff8880212bb12a by task syz.1.3052/18632 [ 902.481121][T18632] [ 902.481135][T18632] CPU: 0 UID: 0 PID: 18632 Comm: syz.1.3052 Tainted: G U syzkaller #0 PREEMPT(full) [ 902.481170][T18632] Tainted: [U]=USER [ 902.481178][T18632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 902.481194][T18632] Call Trace: [ 902.481202][T18632] [ 902.481211][T18632] dump_stack_lvl+0x116/0x1f0 [ 902.481244][T18632] print_report+0xcd/0x630 [ 902.481275][T18632] ? __virt_addr_valid+0x81/0x610 [ 902.481305][T18632] ? __phys_addr+0xe8/0x180 [ 902.481336][T18632] ? fbcon_prepare_logo+0xa03/0xc70 [ 902.481366][T18632] kasan_report+0xe0/0x110 [ 902.481398][T18632] ? fbcon_prepare_logo+0xa03/0xc70 [ 902.481432][T18632] kasan_check_range+0x100/0x1b0 [ 902.481469][T18632] __asan_memcpy+0x23/0x60 [ 902.481493][T18632] fbcon_prepare_logo+0xa03/0xc70 [ 902.481529][T18632] fbcon_init+0xd77/0x1900 [ 902.481568][T18632] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 902.481595][T18632] visual_init+0x320/0x620 [ 902.481622][T18632] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 902.481658][T18632] store_bind+0x61d/0x760 [ 902.481694][T18632] ? __pfx_store_bind+0x10/0x10 [ 902.481723][T18632] dev_attr_store+0x58/0x80 [ 902.481759][T18632] ? __pfx_dev_attr_store+0x10/0x10 [ 902.481795][T18632] sysfs_kf_write+0xf2/0x150 [ 902.481823][T18632] kernfs_fop_write_iter+0x354/0x510 [ 902.481846][T18632] ? __pfx_sysfs_kf_write+0x10/0x10 [ 902.481873][T18632] iter_file_splice_write+0xa24/0x12e0 [ 902.481907][T18632] ? copy_splice_read+0x89c/0xc20 [ 902.481930][T18632] ? __pfx_iter_file_splice_write+0x10/0x10 [ 902.481959][T18632] ? __pfx_copy_splice_read+0x10/0x10 [ 902.481984][T18632] ? look_up_lock_class+0x59/0x150 [ 902.482017][T18632] ? __pfx___might_resched+0x10/0x10 [ 902.482041][T18632] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 902.482070][T18632] ? __pfx_iter_file_splice_write+0x10/0x10 [ 902.482097][T18632] direct_splice_actor+0x192/0x6c0 [ 902.482124][T18632] splice_direct_to_actor+0x345/0xa30 [ 902.482149][T18632] ? __pfx_direct_splice_actor+0x10/0x10 [ 902.482177][T18632] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 902.482203][T18632] ? futex_private_hash_put+0x11c/0x300 [ 902.482233][T18632] do_splice_direct+0x174/0x240 [ 902.482257][T18632] ? __pfx_do_splice_direct+0x10/0x10 [ 902.482282][T18632] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 902.482306][T18632] ? bpf_lsm_file_permission+0x9/0x10 [ 902.482342][T18632] ? security_file_permission+0x71/0x210 [ 902.482376][T18632] ? rw_verify_area+0xcf/0x6c0 [ 902.482401][T18632] do_sendfile+0xb06/0xe50 [ 902.482429][T18632] ? __pfx_do_sendfile+0x10/0x10 [ 902.482455][T18632] ? __sys_sendmsg+0x18c/0x220 [ 902.482487][T18632] ? __x64_sys_futex+0x1e0/0x4c0 [ 902.482517][T18632] ? __x64_sys_futex+0x1e9/0x4c0 [ 902.482549][T18632] __x64_sys_sendfile64+0x1d8/0x220 [ 902.482590][T18632] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 902.482628][T18632] do_syscall_64+0xcd/0x490 [ 902.482661][T18632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.482686][T18632] RIP: 0033:0x7ff54418ebe9 [ 902.482704][T18632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 902.482729][T18632] RSP: 002b:00007ff544f5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 902.482764][T18632] RAX: ffffffffffffffda RBX: 00007ff5443b6090 RCX: 00007ff54418ebe9 [ 902.482781][T18632] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003 [ 902.482795][T18632] RBP: 00007ff544211e19 R08: 0000000000000000 R09: 0000000000000000 [ 902.482810][T18632] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 902.482825][T18632] R13: 00007ff5443b6128 R14: 00007ff5443b6090 R15: 00007ffe46098d08 [ 902.482866][T18632] [ 902.482874][T18632] [ 902.482879][T18632] Allocated by task 5874: [ 902.482891][T18632] kasan_save_stack+0x33/0x60 [ 902.482918][T18632] kasan_save_track+0x14/0x30 [ 902.482945][T18632] __kasan_kmalloc+0xaa/0xb0 [ 902.482971][T18632] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 902.483004][T18632] kvasprintf+0xbc/0x160 [ 902.483025][T18632] kvasprintf_const+0x66/0x1a0 [ 902.483047][T18632] kobject_set_name_vargs+0x5a/0x140 [ 902.483082][T18632] kobject_init_and_add+0xe7/0x190 [ 902.483116][T18632] netdev_queue_update_kobjects+0x32d/0x720 [ 902.483154][T18632] netdev_register_kobject+0x2b3/0x3d0 [ 902.483191][T18632] register_netdevice+0x13dc/0x2270 [ 902.483225][T18632] veth_newlink+0x30f/0xa00 [ 902.483254][T18632] rtnl_newlink+0xc45/0x2000 [ 902.483286][T18632] rtnetlink_rcv_msg+0x95b/0xe90 [ 902.483318][T18632] netlink_rcv_skb+0x155/0x420 [ 902.483350][T18632] netlink_unicast+0x5aa/0x870 [ 902.483380][T18632] netlink_sendmsg+0x8d1/0xdd0 [ 902.483411][T18632] __sys_sendto+0x4a3/0x520 [ 902.483436][T18632] __x64_sys_sendto+0xe0/0x1c0 [ 902.483463][T18632] do_syscall_64+0xcd/0x490 [ 902.483493][T18632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.483516][T18632] [ 902.483522][T18632] The buggy address belongs to the object at ffff8880212bb120 [ 902.483522][T18632] which belongs to the cache kmalloc-8 of size 8 [ 902.483542][T18632] The buggy address is located 5 bytes to the right of [ 902.483542][T18632] allocated 5-byte region [ffff8880212bb120, ffff8880212bb125) [ 902.483572][T18632] [ 902.483578][T18632] The buggy address belongs to the physical page: [ 902.483595][T18632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x212bb [ 902.483617][T18632] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 902.483637][T18632] page_type: f5(slab) [ 902.483657][T18632] raw: 00fff00000000000 ffff88801b841500 dead000000000100 dead000000000122 [ 902.483680][T18632] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 902.483694][T18632] page dumped because: kasan: bad access detected [ 902.483706][T18632] page_owner tracks the page as allocated [ 902.483715][T18632] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 4292721056, free_ts 0 [ 902.483754][T18632] post_alloc_hook+0x1c0/0x230 [ 902.483777][T18632] get_page_from_freelist+0x132b/0x38e0 [ 902.483804][T18632] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 902.483832][T18632] alloc_pages_mpol+0x1fb/0x550 [ 902.483867][T18632] new_slab+0x247/0x330 [ 902.483887][T18632] ___slab_alloc+0xcf2/0x1740 [ 902.483908][T18632] __slab_alloc.constprop.0+0x56/0xb0 [ 902.483931][T18632] __kmalloc_noprof+0x2f2/0x510 [ 902.483958][T18632] acpi_ex_allocate_name_string+0x6f/0x2e0 [ 902.484000][T18632] acpi_ex_get_name_string+0x131/0x5d0 [ 902.484036][T18632] acpi_ds_create_operand+0x37d/0x880 [ 902.484065][T18632] acpi_ds_create_operands+0x25f/0x440 [ 902.484094][T18632] acpi_ds_exec_end_op+0x5ef/0x1460 [ 902.484123][T18632] acpi_ps_parse_loop+0x425/0x1d00 [ 902.484152][T18632] acpi_ps_parse_aml+0x3c1/0xcb0 [ 902.484181][T18632] acpi_ps_execute_method+0x55a/0xb30 [ 902.484214][T18632] page_owner free stack trace missing [ 902.484222][T18632] [ 902.484228][T18632] Memory state around the buggy address: [ 902.484240][T18632] ffff8880212bb000: 05 fc fc fc 05 fc fc fc 05 fc fc fc 05 fc fc fc [ 902.484257][T18632] ffff8880212bb080: 07 fc fc fc 05 fc fc fc 05 fc fc fc 07 fc fc fc [ 902.484275][T18632] >ffff8880212bb100: 04 fc fc fc 05 fc fc fc 05 fc fc fc 06 fc fc fc [ 902.484288][T18632] ^ [ 902.484302][T18632] ffff8880212bb180: 05 fc fc fc 05 fc fc fc 05 fc fc fc 06 fc fc fc [ 902.484319][T18632] ffff8880212bb200: 00 fc fc fc 05 fc fc fc 05 fc fc fc 07 fc fc fc [ 902.484332][T18632] ================================================================== [ 902.512665][ T5217] ERROR: Out of memory at tomoyo_memory_ok. [ 902.520355][T18632] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 902.520379][T18632] CPU: 0 UID: 0 PID: 18632 Comm: syz.1.3052 Tainted: G U syzkaller #0 PREEMPT(full) [ 902.520414][T18632] Tainted: [U]=USER [ 902.520422][T18632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 902.520438][T18632] Call Trace: [ 902.520447][T18632] [ 902.520456][T18632] dump_stack_lvl+0x3d/0x1f0 [ 902.520490][T18632] vpanic+0x6e8/0x7a0 [ 902.520526][T18632] ? __pfx_vpanic+0x10/0x10 [ 902.520566][T18632] ? __pfx_vprintk_emit+0x10/0x10 [ 902.520595][T18632] ? fbcon_prepare_logo+0xa03/0xc70 [ 902.520626][T18632] panic+0xca/0xd0 [ 902.520660][T18632] ? __pfx_panic+0x10/0x10 [ 902.520695][T18632] ? fbcon_prepare_logo+0xa03/0xc70 [ 902.520725][T18632] ? preempt_schedule_common+0x44/0xc0 [ 902.520755][T18632] ? preempt_schedule_thunk+0x16/0x30 [ 902.520792][T18632] check_panic_on_warn+0xab/0xb0 [ 902.520829][T18632] end_report+0x107/0x170 [ 902.520860][T18632] kasan_report+0xee/0x110 [ 902.520892][T18632] ? fbcon_prepare_logo+0xa03/0xc70 [ 902.520927][T18632] kasan_check_range+0x100/0x1b0 [ 902.520964][T18632] __asan_memcpy+0x23/0x60 [ 902.520988][T18632] fbcon_prepare_logo+0xa03/0xc70 [ 902.521025][T18632] fbcon_init+0xd77/0x1900 [ 902.521056][T18632] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 902.521083][T18632] visual_init+0x320/0x620 [ 902.521110][T18632] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 902.521147][T18632] store_bind+0x61d/0x760 [ 902.521179][T18632] ? __pfx_store_bind+0x10/0x10 [ 902.521208][T18632] dev_attr_store+0x58/0x80 [ 902.521244][T18632] ? __pfx_dev_attr_store+0x10/0x10 [ 902.521281][T18632] sysfs_kf_write+0xf2/0x150 [ 902.521308][T18632] kernfs_fop_write_iter+0x354/0x510 [ 902.521331][T18632] ? __pfx_sysfs_kf_write+0x10/0x10 [ 902.521359][T18632] iter_file_splice_write+0xa24/0x12e0 [ 902.521399][T18632] ? copy_splice_read+0x89c/0xc20 [ 902.521422][T18632] ? __pfx_iter_file_splice_write+0x10/0x10 [ 902.521452][T18632] ? __pfx_copy_splice_read+0x10/0x10 [ 902.521478][T18632] ? look_up_lock_class+0x59/0x150 [ 902.521511][T18632] ? __pfx___might_resched+0x10/0x10 [ 902.521536][T18632] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 902.521570][T18632] ? __pfx_iter_file_splice_write+0x10/0x10 [ 902.521598][T18632] direct_splice_actor+0x192/0x6c0 [ 902.521626][T18632] splice_direct_to_actor+0x345/0xa30 [ 902.521652][T18632] ? __pfx_direct_splice_actor+0x10/0x10 [ 902.521680][T18632] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 902.521708][T18632] ? futex_private_hash_put+0x11c/0x300 [ 902.521739][T18632] do_splice_direct+0x174/0x240 [ 902.521764][T18632] ? __pfx_do_splice_direct+0x10/0x10 [ 902.521790][T18632] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 902.521814][T18632] ? bpf_lsm_file_permission+0x9/0x10 [ 902.521850][T18632] ? security_file_permission+0x71/0x210 [ 902.521884][T18632] ? rw_verify_area+0xcf/0x6c0 [ 902.521910][T18632] do_sendfile+0xb06/0xe50 [ 902.521939][T18632] ? __pfx_do_sendfile+0x10/0x10 [ 902.521964][T18632] ? __sys_sendmsg+0x18c/0x220 [ 902.521997][T18632] ? __x64_sys_futex+0x1e0/0x4c0 [ 902.522028][T18632] ? __x64_sys_futex+0x1e9/0x4c0 [ 902.522060][T18632] __x64_sys_sendfile64+0x1d8/0x220 [ 902.522095][T18632] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 902.522133][T18632] do_syscall_64+0xcd/0x490 [ 902.522166][T18632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.522191][T18632] RIP: 0033:0x7ff54418ebe9 [ 902.522210][T18632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 902.522234][T18632] RSP: 002b:00007ff544f5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 902.522258][T18632] RAX: ffffffffffffffda RBX: 00007ff5443b6090 RCX: 00007ff54418ebe9 [ 902.522275][T18632] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000003 [ 902.522291][T18632] RBP: 00007ff544211e19 R08: 0000000000000000 R09: 0000000000000000 [ 902.522306][T18632] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 902.522322][T18632] R13: 00007ff5443b6128 R14: 00007ff5443b6090 R15: 00007ffe46098d08 [ 902.522346][T18632] [ 902.522419][T18632] Kernel Offset: disabled