last executing test programs: 11.084844101s ago: executing program 2 (id=1051): ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cd, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x5}) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f00000000c0)={&(0x7f0000000080)="4c0300", 0x49}, 0x2, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) io_uring_setup$auto(0x59, &(0x7f0000000080)={0xb, 0x40000d, 0x10400, 0x6, 0x4, 0x3, 0xffffffffffffffff, [], {0x7, 0x200004, 0x7, 0x2a3, 0x100, 0x3, 0x40100101, 0x6}, {0xf8, 0x4, 0x9, 0x1, 0x3, 0x40, 0xcc, 0x8, 0x100000000}}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/nmi_watchdog\x00', 0xe8002, 0x0) sendfile$auto(r3, r3, 0x0, 0xc01) ioctl$auto_TCSBRKP2(r2, 0x5425, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) socket(0xa, 0x1, 0x84) r4 = getsockopt$auto(r1, 0x0, 0x0, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', &(0x7f0000000180)=0x5e580000) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r4, 0x1, 0x5, 0x2) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x97.\x03\x11\xc1\xbaS\x1c\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1t\xee\xc9:\xcfE\x87Z&i\xd4\x00\x00\x00\x00\x00', 0xedef, 0x3) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000080)='/dev/\x0e?^\xd8[\xa1~\xf5\xdfaudio1\x00\x11I\x9f\xabA\a\x1c\xc4\x06\xde@z\xe0\xf9\xc3R\"\x06a\xa7\xe5\x03\x00\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x4, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000000)={[0x8000000000001fe, 0x20000000007, 0x1, 0x8, 0x7ff, 0x3, 0x21, 0x10001, 0x1, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0ef1, 0xffffdfffffffff81, 0x4]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 9.956636329s ago: executing program 2 (id=1056): socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-0/xps_cpus\x00', 0x10b062, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xe0300, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r0, &(0x7f00000110c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003ac0)={0x70, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@typed={0x55, 0x2, 0x0, 0x0, @str='\b\x8bJ\xe1\x14\xc2A\x81\x8b\xfd\rQ\xa8a\x02\x033\xb0\x11\xfa\xaf\xeb\xac\xd4\xeb\xe2\xb1)\\\xa8\xce\xe9QJD\x01J\x7f\xa4\xb6gv\xe8\xa96\x02<4\x88\xd7\xec\x1b\xbfR\x00\x80/\x8c\x88\\Z\xd7\xd1q\x17\xfd\xeb\xe7\xf1?\xc8\xcf\x8ak\xad\x18\xaeK\xfbf\t'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20008105}, 0x40) socket(0xa, 0x3, 0x3b) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = io_uring_setup$auto(0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x28102, 0x0) ioctl$auto_RTC_ALM_SET(0xffffffffffffffff, 0x40247007, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r2) sendmsg$auto_NL802154_CMD_SET_TX_POWER(r0, &(0x7f00000004c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r3, 0x400, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c040}, 0x4880) mmap$auto(0x8000, 0x2020009, 0x7eb, 0x17, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, 0x0, 0x40000) syz_clone(0x400, &(0x7f0000000240)="da88540ebb62855c50d655e37c72faaaadcbaff325d8e073a4ff6ea4e8ea0971a2c6eccbb485d052f0613e6db08bbb6f12d5bfd11f1d2a25b0273155a99f8ae2d3a22b96ac76bf54f54d1e5d57446a9830f0a632c0e915f4a3acfbc01a923120f66e67a5470e92d0e0faf67e19edba220fba9a50ebb6856152b61516a1b1a75310cfce86186cb6be40a76a5cfa709db5606d70c86262d65e79f6b67e2c0649c0ed5dc2aca528c96bc386ce2d8fd50c7a69745a00be771ca824aa2a54c8cf3f8316853f", 0xc3, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="e5fcc62762dc77222965536d0502515b006db5e7ab4ad78ab77457dfea8012e56ddc86080099ae57abe3df45e482907249c0b52e2ccd79bf947dfa83b3b5f41859a6eb46d9a34cbc745b69ccb851f95db9a538053ee865b166dc82d246ead1c67869607ec9dd22cc3c760dd0f1fa408b2506e57ba3b70473d339ea") openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtrr\x00', 0x0, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f0000000180)=""/178, 0xb2) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_fastopen_key\x00', 0x181081, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r5, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) 7.482448882s ago: executing program 3 (id=1064): mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/ipsec\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x3c, r3, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4044000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/beacon_timeout\x00', 0x0, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000240)={0x0, 0xfffffffd}, 0x6, 0xc, 0x1) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/profiling\x00', 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000080)='\x00', 0x1) write$auto(r1, &(0x7f0000000040)='Fm_\xbd\xc3!\x00', 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_0={0x9, 0xb5, 0x4, 0x48d0, 0x4, 0xffffffffffffffff, 0x74b, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x4, 0xe5, 0x3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4c342, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioperm$auto(0x3, 0xe, 0x2000000000000149) clock_getres$auto(0x8, 0x0) 6.026339284s ago: executing program 0 (id=1066): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001100)={0x28, r1, 0x301, 0x70bd25, 0x25dfdbff, {}, [@CTRL_ATTR_OP={0x8, 0xa, 0x3}, @CTRL_ATTR_FAMILY_NAME={0x9, 0x2, 'vdpa\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) syz_genetlink_get_family_id$auto_net_dm(&(0x7f0000000100), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x2400, 0x0) ioctl$auto_BLKSECDISCARD(r4, 0x127d, 0x0) sendmsg$auto_NBD_CMD_STATUS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdf2505"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40) 5.716776486s ago: executing program 3 (id=1068): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000fb3d89cb809172a3320003008000400088"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) socket(0x10, 0x2, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x2c, 0x0, 0x1, 0x5, 0x25dfdbfd, {}, [@GTPA_I_TEI={0x8, 0x8, 0x5}, @GTPA_LINK={0x8, 0x1, 0x6551e4e0}, @GTPA_VERSION={0x8, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x14) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) statmount$auto(0x0, &(0x7f0000000180)={0x770, 0xfffffffe, 0x8, 0x4, 0x4005, 0x0, 0x5, 0x400, 0x3, 0x9, 0x6, 0x6, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x6, 0x10, 0x80, 0x7ff, 0x8000, 0x1, 0xfffffffe, 0x202, 0xd, 0xbca7, 0x80, 0x0, 0x0, 0x0, 0x6b4, [0x2, 0x8, 0x0, 0x5, 0xfffffffffffffffd, 0x0, 0x20000000000, 0x2, 0x4, 0x100, 0x3169b201, 0xffffffffffffffff, 0x3, 0xfffffffffffffc01, 0x5, 0xfffffbfffffffffb, 0x0, 0x9, 0x2000000, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0x200000000000000, 0x0, 0x8000000000000000, 0x0, 0x1, 0x5, 0x0, 0x101, 0x0, 0x20000000000000, 0x40000000000000, 0x1000000000000200, 0x0, 0x400, 0x101, 0x5, 0x4, 0xe17, 0x0, 0x6]}, 0x1fe, 0x1) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x84) keyctl$auto(0x6, 0xfffffbfffffffffe, 0x0, 0x32, 0xfff) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mkdir$auto(&(0x7f0000000000)='./file1\x00', 0x4) renameat2$auto(r0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = socket(0x10, 0x2, 0xf) r2 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r1, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r2, 0x98}, 0x5) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffffffffffd03, &(0x7f00000001c0)) 5.398297522s ago: executing program 2 (id=1069): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000fb3d89cb809172a3320003008000400088"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) socket(0x10, 0x2, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x2c, 0x0, 0x1, 0x5, 0x25dfdbfd, {}, [@GTPA_I_TEI={0x8, 0x8, 0x5}, @GTPA_LINK={0x8, 0x1, 0x6551e4e0}, @GTPA_VERSION={0x8, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x14) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) statmount$auto(0x0, &(0x7f0000000180)={0x770, 0xfffffffe, 0x8, 0x4, 0x4005, 0x0, 0x5, 0x400, 0x3, 0x9, 0x6, 0x6, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x6, 0x10, 0x80, 0x7ff, 0x8000, 0x1, 0xfffffffe, 0x202, 0xd, 0xbca7, 0x80, 0x0, 0x0, 0x0, 0x6b4, [0x2, 0x8, 0x0, 0x5, 0xfffffffffffffffd, 0x0, 0x20000000000, 0x2, 0x4, 0x100, 0x3169b201, 0xffffffffffffffff, 0x3, 0xfffffffffffffc01, 0x5, 0xfffffbfffffffffb, 0x0, 0x9, 0x2000000, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0x200000000000000, 0x0, 0x8000000000000000, 0x0, 0x1, 0x5, 0x0, 0x101, 0x0, 0x20000000000000, 0x40000000000000, 0x1000000000000200, 0x0, 0x400, 0x101, 0x5, 0x4, 0xe17, 0x0, 0x6]}, 0x1fe, 0x1) r0 = socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x84) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="bfcd4738b564a2ff3b160bbe43260aec9633"], 0x1ac}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mkdir$auto(&(0x7f0000000000)='./file1\x00', 0x4) renameat2$auto(r1, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = socket(0x10, 0x2, 0xf) r3 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r2, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r3, 0x98}, 0x5) r4 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r4, 0xfffffffffffffd03, &(0x7f00000001c0)) 5.09349222s ago: executing program 3 (id=1070): mmap$auto(0x0, 0x402000a, 0x1006, 0xeb1, 0x401, 0x8000) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) inotify_init1$auto(0x6) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sched_rr_timeslice_ms\x00', 0x2, 0x0) pwrite64$auto(r1, &(0x7f0000000080)='+\\#', 0x3747, 0x100) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, 0x0, 0x58) quotactl$auto(0x9, 0x0, 0x62a0, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), r3) sendmsg$auto_TCP_METRICS_CMD_DEL(r3, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010927bd9500fbdbdf250200000008000100000014bbb39565211357e7ac458c2b04fc3ca1451a61b51efe0bd10a47526e"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40) 4.841822003s ago: executing program 0 (id=1071): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) listen$auto(0x3, 0x81) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x4, 0x9f, 0x8000000008012, r1, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x2) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) rt_sigsuspend$auto(0x0, 0x8) r2 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x29, 0xc, 0x0, 0x0) close_range$auto(0x2, 0x8, 0xfffff000) io_uring_setup$auto(0x1d48, &(0x7f0000000180)={0x7fffefff, 0x5, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x88, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x9, 0x8000000400000001}, {0x8, 0x1, 0x10000052, 0x7, 0x11, 0x101, 0x0, 0x2, 0x3}}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16, @ANYBLOB="000126bd7000fbdbdf2502000000080001"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x20044000) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010025bd7040ff0515250a0000005cd9085e37d33bd0ee2bb5c650e504ddd152f7bd18cc81d9d7fcc73ded925c49bf535b3b343c5fa31f0309ebf3b18363ad9d"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) r3 = openat$auto_proc_mountstats_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0x2000000fc2}, 0x2, &(0x7f00000001c0), 0x403, 0x5}, 0x800}, 0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 4.600661091s ago: executing program 3 (id=1072): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r1, &(0x7f0000000040)='Fm_\xbd\xc3!\x00', 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_0={0x9, 0xb5, 0x4, 0x48d0, 0x4, 0xffffffffffffffff, 0x74b, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x4, 0xe5, 0x3, 0xffffffffffffffff}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r2, 0x5) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x2000040080000004, 0xe) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec8\x00', 0x0, 0x0) ioctl$auto_CEC_DQEVENT(r3, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r3, 0xc0506107, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b7f, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.464660183s ago: executing program 2 (id=1073): r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) lseek$auto(r0, 0x0, 0x2) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket(0x11, 0x5, 0x100) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x44eb2, 0xffffffffffffffff, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) r2 = socket(0x11, 0x80003, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r3, 0xa, 0x1) fcntl$auto(r3, 0x10, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x4}, 0x200800}, 0xe, 0x7, 0x0) mmap$auto(0x0, 0x8000000004020009, 0xdf, 0xeb1, 0x401, 0x18000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0x20000001005}, 0x1, &(0x7f0000000040)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x0, 0x2072c2, 0xc, 0x100000000}}) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) r7 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000340), r6) sendmsg$auto_VDPA_CMD_DEV_ATTR_SET(r2, &(0x7f0000000780)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[@ANYBLOB="00c6", @ANYRES16=r7, @ANYBLOB="010027bd7000fcdbdf2508000000060001005d0000001400020076657468305f6d616376746170000000140004007866726d3000000010000000000000000c001400cf83000000000000af000a001c457dc9ced228a54f57452872b022acfcca6f68f99df28fd76f0af0673664b938d3345b0b68a51fd56ecad27c5bbbb2c9aa4d627d9ed9a82a13aebaf6f7613163f55fc9a6a31ffb7c9f6614ef7909a47e0000f8ff070000008fdd86d97028e12982bf885d2c518b29a889de17bbd78110f4d7245d75063f7b7c523c0147188d42906825f50b567ac31e765d2282378bbbec3b12a75f6f5148e74236e25ea3ef02af410ee596226ac16fc909"], 0x100}, 0x1, 0x0, 0x0, 0x24008800}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) 4.051125533s ago: executing program 1 (id=1075): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x24, r0, 0x13, 0x70bd2c, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000400), r1) sendmsg$auto_ETHTOOL_MSG_MM_SET(r1, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x4c, r3, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_MM_VERIFY_ENABLED={0x5}, @ETHTOOL_A_MM_PMAC_ENABLED={0x5, 0x2, 0x1}, @ETHTOOL_A_MM_VERIFY_TIME={0x8, 0x9, 0xfffeffff}, @ETHTOOL_A_MM_TX_ENABLED={0x5}, @ETHTOOL_A_MM_TX_MIN_FRAG_SIZE={0x8, 0x5, 0x6}, @ETHTOOL_A_MM_VERIFY_TIME={0x8, 0x9, 0xfffffeff}, @ETHTOOL_A_MM_TX_MIN_FRAG_SIZE={0x8, 0x5, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000055}, 0x200408c1) sendmsg$auto_NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, r0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7b}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xf4}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0xa}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x640c5}, 0x20040000) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x804) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x40000, 0x84) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/eql/ifalias\x00', 0xb02, 0x0) write$auto(r5, &(0x7f0000000040)='/sys/devices/virtual/bdi/43:0/strict_limit\x00', 0x6) write$auto_proc_clear_refs_operations_internal(0xffffffffffffffff, &(0x7f0000000280)="20056e823adee8a5e350c13bf4491ef375b91e644326f5ffc7cc83860dad119d80f3347b454248bf7f89a33ca43b41b079767a671b1a055fc51818d9c83ccf97c0e36277608c8f0955d6ed35cf4c5aaaaa0dec6be2054519d65eaa8ce553d7f69307bbaed6339ae1252c614f61186bdda715016f965293e9db6f1f273994b7ca195592a5355e1998cc8fc2b4e5ebd8b904ae10e519c7fa5ffe3feeab611ebf9faaebef662bb7f78c37e5d8a28c4537", 0xaf) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) munmap$auto(0x8000, 0xffffffff) 3.837545527s ago: executing program 0 (id=1076): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) socket(0x2, 0x1, 0x0) prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) select$auto(0x796, &(0x7f0000000180)={[0xfffffffffffffffc, 0x3, 0x9, 0x1, 0x17d, 0x1, 0x1, 0x6, 0x7, 0x7fff, 0x6, 0x0, 0x100000000, 0x9, 0x9, 0x7fffffffffffffff]}, &(0x7f0000000200)={[0x49aa, 0xffffffffffffff6b, 0x6, 0x3, 0x5, 0x5, 0x6, 0x6, 0xb1, 0x4, 0x6, 0x3, 0xffff, 0xcc9, 0xf57, 0x80]}, 0x0, &(0x7f0000000300)={0x9, 0x8}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x400053, 0x9) pread64$auto(r0, 0x0, 0x9, 0x7ffc) r1 = getsockopt$auto_SO_PEERPIDFD(r0, 0x6, 0x4d, &(0x7f0000000040)='/sys/kernel/debug/page_owner\x00', &(0x7f0000000080)=0x47) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f00000004c0)={{@raw=0x1, 0x5, 0x3, 0xffffffff, "76f006e37ceb76bfbde3245bee4c6625cb0662ccc64e124db4fedbdd228b9ced12ac206f688d4858a0b558db"}, 0x1, @integer=@value=[0x2, 0x7, 0x9, 0x4, 0xffffffff, 0x2, 0x7, 0xf52d, 0x8, 0x77, 0x4, 0x1c2, 0x1, 0x1, 0x9, 0x3, 0x8, 0xfffbfffffffffffd, 0x6, 0x1, 0x1840, 0x1, 0x40, 0x5, 0x9, 0x3ff, 0x4, 0x2, 0x3ff, 0x9, 0x101, 0x5, 0x3, 0x0, 0x38a, 0x5, 0x800000000002, 0x7, 0xe, 0xffffffffffffffff, 0x1000, 0x81, 0x80000000, 0x0, 0x81, 0xfe, 0x100, 0x4000, 0x10000, 0x1, 0x100, 0xec00000, 0x185d, 0xe, 0x10000, 0x2, 0x1, 0x6, 0x0, 0x6, 0xfffffffffffffffa, 0x6, 0x7, 0x7ff, 0x5, 0x7, 0x7, 0x5, 0x27d64140, 0x1ff, 0xffffffffffffffff, 0x4, 0x7, 0x3, 0x1ff, 0x200000000081, 0x5, 0x2, 0xfffffffffffff800, 0x9, 0x2, 0x208, 0x547, 0x7, 0x100000000, 0x2, 0x6, 0x7fffffff, 0x5, 0x400, 0x201, 0x8000, 0x80, 0x0, 0xf46, 0x2, 0xfffffffffffffff9, 0x8000000000000000, 0x35, 0x5, 0x8, 0x6, 0x2, 0x9, 0xfffffffffffffff9, 0x0, 0x0, 0x7, 0xe4, 0x8000000000000, 0x5, 0x9, 0x7ffffffffffffffc, 0x4, 0x0, 0xfffffdffffffffff, 0x7, 0xfffffffffffffffd, 0x6, 0x0, 0x5, 0x4, 0x40000000000000c0, 0x1400, 0x2000800, 0x6, 0x571a, 0x3], "6b54dd2e739e95a6f217b84988b4581576aaed11b340e4707992930f9a930325903b0e132daa477100a1107a85f3303896b5ec1e61dfb9c0e2698c93ebcd3e1508428d544319376037341d65bb6fb47a002356928a53d1534d8b947cbfcbfba7c7c74e86dc40dc6bca83c523e1e38c31cabf433dd0e3bc1b1b3128e5cf49b23f"}) mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0xc, @empty}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) open(&(0x7f0000000340)='./file0\x00', 0x90080, 0x80) ioctl$auto(0x3, 0x541b, 0x7f) getsockopt$auto_SO_PASSPIDFD(r1, 0x7fffffff, 0x4c, &(0x7f0000000100)='/dev/snd/controlC0\x00', &(0x7f0000000140)=0x4) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)="db1fa10b2b810ac3344bac9736b7cc1f387618a964d36989d41bc43d450af3b92bbd731d50c2597831f63bf583", 0x2d) bpf$auto(0x6, &(0x7f0000000100)=@query={@target_fd, 0x100008, 0x99, 0x80000001, 0x1, @count=0xd51, 0x0, 0x152, 0x1, 0x100000001}, 0x101) getcwd$auto(0x0, 0x7) r3 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/ap_power_level\x00', 0x0, 0x0) preadv$auto(r3, &(0x7f00000000c0)={0x0, 0x7}, 0x5, 0x37, 0x3) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) 3.412379242s ago: executing program 1 (id=1077): add_key$auto_KEY_SPEC_SESSION_KEYRING(&(0x7f0000000440)='keyring\x00', 0x0, 0x0, 0xff, 0xfffffffffffffffd) prctl$auto_PR_SYS_DISPATCH_ON(0x1000, 0x1, 0xffffffffffffffff, 0x4, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) timer_create$auto(0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) listmount$auto(&(0x7f0000000100)={0x20, @raw, 0xffffffffffffffff}, 0x0, 0xbc23c, 0x0) setregid$auto(0xffffffffffffffff, 0x0) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/comm\x00', 0x303400, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/diskstats\x00', 0x141100, 0x0) read$auto(r1, &(0x7f0000000000)='vdpa\x00', 0x8000) 2.921122629s ago: executing program 0 (id=1078): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000000000)={0x6, 0x3, 0x200, 0xba44, 0x2, 0xb, "e00026e8fdffdbcd2c02d3c293faa80c2f5336d79fc5b8202cb37f6b6d22c42432352deb58e78afdbae70400"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/netdevsim/netdevsim0/hwstats/l3/enable_ifindex\x00', 0x2641, 0x0) write$auto(r1, &(0x7f00000005c0)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85\x00 /zm\x7f\x8fg,p81\xb6\xbb\xd8D\xde\x0eR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~\b\x00\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xcf\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xe1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb\xf6n\x82\xd4\xd6\xcc\xc19\x95+\x94\xb0f\xbb\x85\xf9\x98\xf8\x85Z\x19\xc0\x8a:(\xf6\x7fR^&cU\xfc\xae\x87\xf2\\\x02\xd3\xe9\x9f\xeb&l\x86D\x98\xa0\xc0 \xcec\xa3\x13\xf7\x02\a\x9d\x9d\x8e\x81\x8eu\xc73\x9f\x02\xe7 \x03\x9c\xab\xbe\x85-\a\"H\x87\x12A\xdc\xedF\xa3t\x91\x9f!\x8c\xd1A\xe7\x95\xa7\"\x8c\xb5\x1b\x80\x12u\x90AI\xc2\xbao3Ob\x94\xfa\'\x8d\x0f\xc6&\x94C\xa6|~\xebn-\x17\x1e+-\xdc\xe6f0cm\xf2\t\xb4:\x93g}/%\xc2\xe5\x8c\xd8\xc1+T\xe9@ys\xa8\xf0\xf3\xd3\x1e\x93\xe5\xbe\xb5\xee\xbf\xb2\xbb\x1dP\xbb\xa2$\xd5`\x01\xf0G\xa8\xf2`\x9e\x98\xa6+xX6M>\x8fq\xab\xaa\xe4\x87\xa1\xaa\x1d\xee\xb1[\x9e\x03\xdd\x11\x1dTg\x1b\x91\x86\x05\xf6\xa5 1\xbeSL\x19\x80\x9f.\n\xa4\xa80\xd8\xeb\x86\xf1s\xea\x17\xb4\x1a@\xa3\x15\xd9\x8fE\xc5\x00\x00\x00\x00', 0x1) socket(0xa, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run\x00', 0x88b02, 0x0) write$auto(r2, &(0x7f0000000140)='1\x00\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00u(=\xd1<\xf9\x96\x10>\xb9\x05\xbe\xc8v\x81-ILplM\x98\x88J\xfd\x17\xc8K\xdd\x89;T@d\xa3_\xfcb8\x7fA\x11\xba\xefL\xe1L\x8aE}\xa7\x05\b\xd7\xe2\xae\xfek\xbbw\x8c\x88\x1emW-\xf5\x94\xdak\x81\xe4\x1e\x1cS\xf2~>\xb1\xc6\xd1\xee\xc8\x06e\xc1w\xf05%\xd76]\x0f\v\x01\xa4(\xec\xd3\xca\a\x15&nv\xc1}|D\xd0j\xdd\xc6\xbb^\xa92\xa9u/', 0x100000002) 2.664915262s ago: executing program 2 (id=1079): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r0 = openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/saved_cmdlines\x00', 0x60ce40, 0x0) mmap$auto(0x0, 0x2020009, 0x1, 0xeb1, r0, 0x100000008000) r1 = socket(0x29, 0x2, 0x0) sendmmsg$auto(r1, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x400, 0x0) r2 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x42001, 0x0) ioctl$auto(r2, 0xc05c5340, r2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/250:0/read_ahead_kb\x00', 0x5e30523b26a2a748, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x1ff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, 0x0, 0x2) acct$auto(&(0x7f0000000040)='(^\x00') io_uring_setup$auto(0xa, 0x0) r6 = gettid() waitid$auto_P_PGID(0x2, r6, &(0x7f00000000c0)={@_si_pad}, 0x5, 0x0) sendmsg$auto_IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000004680)={&(0x7f0000003b00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000004640)={&(0x7f00000046c0)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB, @ANYBLOB], 0xa94}, 0x1, 0x0, 0x0, 0x1}, 0x8000) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), 0xffffffffffffffff) ioctl$auto_MON_IOCX_GET(0xffffffffffffffff, 0x40189206, 0x0) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000000180)={{0x3, 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x100, 0x82a}, 0x0, &(0x7f0000000140), 0x2, 0xffff, 0x9, 0x5b53, 0x9, 0x9, 0x9, 0x6, @inferred, @raw=0xeaf}) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, 0x0) ioctl$auto(0xffffffffffffffff, 0x9, 0xffffffffffffffff) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x9) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r3) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x20, r7, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x1}]}, 0x20}}, 0x40000) 2.19166194s ago: executing program 2 (id=1080): r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) lseek$auto(r0, 0x0, 0x2) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket(0x11, 0x5, 0x100) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x44eb2, 0xffffffffffffffff, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) r2 = socket(0x11, 0x80003, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r3, 0xa, 0x1) fcntl$auto(r3, 0x10, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x4}, 0x200800}, 0xe, 0x7, 0x0) mmap$auto(0x0, 0x8000000004020009, 0xdf, 0xeb1, 0x401, 0x18000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0x20000001005}, 0x1, &(0x7f0000000040)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x0, 0x2072c2, 0xc, 0x100000000}}) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) r7 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000340), r6) sendmsg$auto_VDPA_CMD_DEV_ATTR_SET(r2, &(0x7f0000000780)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="010027bd7000fcdbdf2508000000060001005d0000001400020076657468305f6d616376746170000000140004007866726d3000000010000000000000000c001400cf83000000000000af000a001c457dc9ced228a54f57452872b022acfcca6f68f99df28fd76f0af0673664b938d3345b0b68a51fd56ecad27c5bbbb2c9aa4d627d9ed9a82a13aebaf6f7613163f55fc9a6a31ffb7c9f6614ef7909a47e0000f8ff070000008fdd86d97028e12982bf885d2c518b29a889de17bbd78110f4d7245d75063f7b7c523c0147188d42906825f50b567ac31e765d2282378bbbec3b12a75f6f5148e74236e25ea3ef02af410ee596226ac16fc909"], 0x100}, 0x1, 0x0, 0x0, 0x24008800}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) 2.062159134s ago: executing program 3 (id=1081): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r1, &(0x7f0000000040)='Fm_\xbd\xc3!\x00', 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_0={0x9, 0xb5, 0x4, 0x48d0, 0x4, 0xffffffffffffffff, 0x74b, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x4, 0xe5, 0x3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x100200000, 0x2000040080000004, 0xe) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec8\x00', 0x0, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b7f, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 1.793943245s ago: executing program 0 (id=1082): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r1, &(0x7f0000000040)='Fm_\xbd\xc3!\x00', 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_0={0x9, 0xb5, 0x4, 0x48d0, 0x4, 0xffffffffffffffff, 0x74b, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x4, 0xe5, 0x3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x6000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x2000040080000004, 0xe) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec8\x00', 0x0, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b7f, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 1.60620704s ago: executing program 1 (id=1083): openat$auto_fault_around_bytes_fops_(0xffffffffffffff9c, &(0x7f0000000380), 0x624b01, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) userfaultfd$auto(0x1) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x2, 0x80002, 0x73) getsockopt$auto_SO_RCVTIMEO_OLD(r1, 0x2001, 0x14, &(0x7f0000000000)='\x00', 0x0) getsockopt$auto_SO_TIMESTAMPNS_NEW(r1, 0x7, 0x40, &(0x7f00000000c0)='/dev/mtd0\x00', 0x0) io_uring_setup$auto(0x4, 0x0) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) io_uring_setup$auto(0x6, &(0x7f0000000040)={0x7, 0x5, 0x8, 0x4, 0x10000, 0x1, r0, [0x7, 0x9, 0x7], {0x1000, 0x58f, 0x36c2, 0xb, 0x3, 0x0, 0x8000, 0x1, 0x5d44320e}, {0x167d, 0xc0d5, 0x1000, 0x1, 0x3000, 0x1ff, 0x8a4, 0xfffffffc, 0x1}}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1e000000", @ANYRESDEC, @ANYBLOB="2f21b2bd7010ca705d845526cc00080003cd15367f954d80", @ANYRESDEC=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8810) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0xa, 0x9) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x28, r2, 0x13, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_WIPHY_NAME={0xc, 0x2, '\x00\x00\x00\x00\x00\x00\x00\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x14, r2, 0x400, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0xc8044) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) 1.27428832s ago: executing program 1 (id=1084): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r0 = openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/saved_cmdlines\x00', 0x60ce40, 0x0) mmap$auto(0x0, 0x2020009, 0x1, 0xeb1, r0, 0x100000008000) r1 = socket(0x29, 0x2, 0x0) sendmmsg$auto(r1, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x400, 0x0) r2 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x42001, 0x0) ioctl$auto(r2, 0xc05c5340, r2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/250:0/read_ahead_kb\x00', 0x5e30523b26a2a748, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x1ff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r5, &(0x7f0000000240)={0x0, 0x7}, 0x2) acct$auto(&(0x7f0000000040)='(^\x00') io_uring_setup$auto(0xa, 0x0) r6 = gettid() waitid$auto_P_PGID(0x2, r6, &(0x7f00000000c0)={@_si_pad}, 0x5, 0x0) sendmsg$auto_IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000004680)={&(0x7f0000003b00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000004640)={&(0x7f00000046c0)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB, @ANYBLOB], 0xa94}, 0x1, 0x0, 0x0, 0x1}, 0x8000) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), 0xffffffffffffffff) ioctl$auto_MON_IOCX_GET(0xffffffffffffffff, 0x40189206, 0x0) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000000180)={{0x3, 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x100, 0x82a}, 0x0, &(0x7f0000000140), 0x2, 0xffff, 0x9, 0x5b53, 0x9, 0x9, 0x9, 0x6, @inferred, @raw=0xeaf}) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, 0x0) ioctl$auto(0xffffffffffffffff, 0x9, 0xffffffffffffffff) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x9) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r3) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x20, r7, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x1}]}, 0x20}}, 0x40000) 1.046461662s ago: executing program 1 (id=1085): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) recvfrom$auto(r0, 0x0, 0x4, 0x10001, 0x0, &(0x7f0000000480)=0xc) ioctl$auto_TCSBRKP2(r1, 0x5425, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket(0xa, 0x1, 0x84) pwrite64$auto(0xc8, 0x0, 0xedef, 0x3) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0xe1, 0x1, 0x8003}]}) write$auto(r2, &(0x7f0000000080)='/dev/\x0e?^\xd8[\xa1~\xf5\xdfaudio1\x00\x11I\x9f\xabA\a\x1c\xc4\x06\xde@z\xe0\xf9\xc3R\"\x06a\xa7\xe5\x03\x00\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x4, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bbf, 0x7ff, 0x3, 0xff, 0x10001, 0x1, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0ef1, 0xffffdfffffffff81, 0x4]}, 0x0) pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) 473.972111ms ago: executing program 1 (id=1086): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643399f10dfdb0f4018b401be4db675d0acf8d348c26acf338cbe20fcb76439ca602a3c022f4463a8820f1c6f865d24e058af98f0c48bf552c3f6cc28c09d9054347db3c28701c67fa1e57d81b881638b518dd8e24969b7fd10406fcf6eb9bb66bf56ed7568510c72b380fa6efbca845bde90f7672708000000000000003513") mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek$auto(r0, 0x7ff, 0x1) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = socket(0x3, 0x1, 0x100) mmap$auto(0x0, 0x4, 0xe2, 0x13, 0xdd, 0x100008000) setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x101402, 0x0) write$auto(r3, &(0x7f0000000080)='/dev/audio\x00', 0x80000000) close_range$auto(r2, r2, 0x5) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) mmap$auto(0x0, 0x200, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(r4, 0x8, 0x100006) r5 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, r5, 0x0, 0x6c06, 0x8) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) execve$auto(0x0, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mknodat$auto(r1, &(0x7f0000000180)='./file1\x00', 0x5, 0x1) 27.104597ms ago: executing program 3 (id=1087): r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) lseek$auto(r0, 0x0, 0x2) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000000, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket(0x11, 0x5, 0x100) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x44eb2, 0xffffffffffffffff, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) r2 = socket(0x11, 0x80003, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r3, 0xa, 0x1) fcntl$auto(r3, 0x10, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x4}, 0x200800}, 0xe, 0x7, 0x0) mmap$auto(0x0, 0x8000000004020009, 0xdf, 0xeb1, 0x401, 0x18000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0x20000001005}, 0x1, &(0x7f0000000040)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x0, 0x2072c2, 0xc, 0x100000000}}) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) r7 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000340), r6) sendmsg$auto_VDPA_CMD_DEV_ATTR_SET(r2, &(0x7f0000000780)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[@ANYBLOB="00c6", @ANYRES16=r7, @ANYBLOB="010027bd7000fcdbdf2508000000060001005d0000001400020076657468305f6d616376746170000000140004007866726d3000000010000000000000000c001400cf83000000000000af000a001c457dc9ced228a54f57452872b022acfcca6f68f99df28fd76f0af0673664b938d3345b0b68a51fd56ecad27c5bbbb2c9aa4d627d9ed9a82a13aebaf6f7613163f55fc9a6a31ffb7c9f6614ef7909a47e0000f8ff070000008fdd86d97028e12982bf885d2c518b29a889de17bbd78110f4d7245d75063f7b7c523c0147188d42906825f50b567ac31e765d2282378bbbec3b12a75f6f5148e74236e25ea3ef02af410ee596226ac16fc909"], 0x100}, 0x1, 0x0, 0x0, 0x24008800}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) 0s ago: executing program 0 (id=1088): mmap$auto(0x0, 0x4, 0x2, 0x40eb2, 0x401, 0x6f) r0 = syz_clone(0x800b8900, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r1 = socket(0x1d, 0xa, 0x8) r2 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r5, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) write$auto(r4, &(0x7f00000002c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef`\xd8\x9c\xf7?:\x1a\xc62\x911e\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\b};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xff\x7f\xd0UV\x11\xcb\xdd\x81\xbe\xde\f/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7\x00\x85Z\x06?\x12\x98\x0f)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x82`\x00\x00\x00\x00\x00\x00w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1;\xe4pd$\xd7\x1b\v\x82\r\f\xd0Hq\xd9\r\x88#\x89\x8d\xcd\x1e\x87N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8HR+\a\xb7R\t\n+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb\xc8^\xa4\xe2\x05\x91|\x123\xc3:\xfd\xee\x04a\xc8\x12\xce\xa2\x12\xcb\x8c\x87f\xebGQ\xe9\x96\xd5E\x13a\xb7\x057<&\xe0\x94\xa7\xfb\x9d;\xfa\xb1\x1b4a,\'\xb2Ym\xe1:\xbf\xebs\x06\xa3u\x8d!\n\x80-\x9a\xbb;\xf4\xf3\xe1\x97\xfc8\xff\xa7\\\x8b\xf9\x95\x10$\xef\x1a #b\xfb\xfe\xe9\x06fK0\xdd\x84T,\xfa\xb5\x00\x83d\xbba\xd7\n\x92l\xdfAN\x9d\xcb\x96\xc7\xe8\xe6\x8bC\xeb\xc7EZ\xc8\x1a\x81nf\tZ-sZ\x13n\xec\xa9\xbf\xd0$\xb9\xd8\x00\x00\x00\x00\x00\x00\x00', 0x100000001) mlockall$auto(0x7) mprotect$auto(0x1ffffffff000, 0x100004, 0x6) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) mmap$auto(0x5, 0x5, 0xdf, 0x17, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x2) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x2, 0x87, 0x0, 0x2f42) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_ehash_entries\x00', 0x40100, 0x0) unshare$auto(0x40000080) fadvise64$auto_POSIX_FADV_RANDOM(r1, 0x8000, 0x9, 0x1) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): ull) [ 260.463669][ T8414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 260.463680][ T8414] Call Trace: [ 260.463685][ T8414] [ 260.463691][ T8414] dump_stack_lvl+0x100/0x190 [ 260.463714][ T8414] should_fail_ex.cold+0x5/0xa [ 260.463736][ T8414] should_failslab+0xc2/0x120 [ 260.463755][ T8414] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 260.463780][ T8414] ? alloc_empty_file+0x5b/0x1c0 [ 260.463806][ T8414] alloc_empty_file+0x5b/0x1c0 [ 260.463829][ T8414] alloc_file_pseudo+0x13a/0x230 [ 260.463853][ T8414] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 260.463876][ T8414] ? security_inode_init_security_anon+0x7b/0x230 [ 260.463899][ T8414] __anon_inode_getfile+0xe8/0x280 [ 260.463920][ T8414] ? _copy_to_user+0xaf/0xd0 [ 260.463938][ T8414] io_uring_setup.cold+0x1951/0x1c6e [ 260.463966][ T8414] ? __pfx_io_uring_setup+0x10/0x10 [ 260.463989][ T8414] ? __pfx_do_futex+0x10/0x10 [ 260.464015][ T8414] ? xfd_validate_state+0x129/0x190 [ 260.464037][ T8414] __x64_sys_io_uring_setup+0xc2/0x170 [ 260.464058][ T8414] do_syscall_64+0x10b/0xf80 [ 260.464088][ T8414] ? clear_bhb_loop+0x40/0x90 [ 260.464108][ T8414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.464125][ T8414] RIP: 0033:0x7fe4c7d9ce59 [ 260.464138][ T8414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.464154][ T8414] RSP: 002b:00007fe4c5ff6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 260.464169][ T8414] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 260.464180][ T8414] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 260.464188][ T8414] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 260.464198][ T8414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.464207][ T8414] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 260.464227][ T8414] [ 261.588003][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 263.668967][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 263.699819][ T50] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 263.724900][ T8468] FAULT_INJECTION: forcing a failure. [ 263.724900][ T8468] name failslab, interval 1, probability 0, space 0, times 0 [ 263.799829][ T8468] CPU: 0 UID: 0 PID: 8468 Comm: syz.2.622 Not tainted syzkaller #0 PREEMPT(full) [ 263.799853][ T8468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 263.799864][ T8468] Call Trace: [ 263.799869][ T8468] [ 263.799875][ T8468] dump_stack_lvl+0x100/0x190 [ 263.799898][ T8468] should_fail_ex.cold+0x5/0xa [ 263.799919][ T8468] should_failslab+0xc2/0x120 [ 263.799941][ T8468] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 263.799966][ T8468] ? alloc_empty_file+0x5b/0x1c0 [ 263.799994][ T8468] alloc_empty_file+0x5b/0x1c0 [ 263.800017][ T8468] alloc_file_pseudo+0x13a/0x230 [ 263.800041][ T8468] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 263.800064][ T8468] ? security_inode_init_security_anon+0x7b/0x230 [ 263.800103][ T8468] __anon_inode_getfile+0xe8/0x280 [ 263.800128][ T8468] ? _copy_to_user+0xaf/0xd0 [ 263.800146][ T8468] io_uring_setup.cold+0x1951/0x1c6e [ 263.800174][ T8468] ? __pfx_io_uring_setup+0x10/0x10 [ 263.800196][ T8468] ? __pfx_do_futex+0x10/0x10 [ 263.800223][ T8468] ? xfd_validate_state+0x129/0x190 [ 263.800253][ T8468] __x64_sys_io_uring_setup+0xc2/0x170 [ 263.800274][ T8468] do_syscall_64+0x10b/0xf80 [ 263.800298][ T8468] ? clear_bhb_loop+0x40/0x90 [ 263.800317][ T8468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.800333][ T8468] RIP: 0033:0x7f49b6d9ce59 [ 263.800348][ T8468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 263.800363][ T8468] RSP: 002b:00007f49b7c5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 263.800379][ T8468] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 263.800390][ T8468] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 263.800399][ T8468] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 263.800408][ T8468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 263.800416][ T8468] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 263.800436][ T8468] [ 265.749075][ T5643] Bluetooth: hci3: command 0x2016 tx timeout [ 265.755266][ T5643] Bluetooth: hci1: command 0x0c1a tx timeout [ 265.879117][ T8495] FAULT_INJECTION: forcing a failure. [ 265.879117][ T8495] name failslab, interval 1, probability 0, space 0, times 0 [ 265.944775][ T8495] CPU: 0 UID: 60928 PID: 8495 Comm: syz.2.629 Not tainted syzkaller #0 PREEMPT(full) [ 265.944800][ T8495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 265.944810][ T8495] Call Trace: [ 265.944816][ T8495] [ 265.944822][ T8495] dump_stack_lvl+0x100/0x190 [ 265.944846][ T8495] should_fail_ex.cold+0x5/0xa [ 265.944867][ T8495] should_failslab+0xc2/0x120 [ 265.944887][ T8495] __kvmalloc_node_noprof+0xfa/0xa00 [ 265.944903][ T8495] ? alloc_fdtable+0x17f/0x2d0 [ 265.944925][ T8495] alloc_fdtable+0x17f/0x2d0 [ 265.944944][ T8495] dup_fd+0x995/0xd10 [ 265.944969][ T8495] copy_process+0x2965/0x7ed0 [ 265.944990][ T8495] ? __futex_wait+0x256/0x300 [ 265.945020][ T8495] ? __pfx_copy_process+0x10/0x10 [ 265.945041][ T8495] ? find_held_lock+0x2b/0x80 [ 265.945076][ T8495] kernel_clone+0x12e/0x9c0 [ 265.945097][ T8495] ? __pfx_futex_wait+0x10/0x10 [ 265.945119][ T8495] ? __pfx_kernel_clone+0x10/0x10 [ 265.945151][ T8495] __do_sys_clone+0xd9/0x120 [ 265.945173][ T8495] ? __pfx___do_sys_clone+0x10/0x10 [ 265.945194][ T8495] ? map_id_range_down+0x2bc/0x3b0 [ 265.945225][ T8495] ? rcu_is_watching+0x12/0xc0 [ 265.945246][ T8495] do_syscall_64+0x10b/0xf80 [ 265.945270][ T8495] ? clear_bhb_loop+0x40/0x90 [ 265.945289][ T8495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.945306][ T8495] RIP: 0033:0x7f49b6d9ce59 [ 265.945320][ T8495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 265.945336][ T8495] RSP: 002b:00007f49b7c5dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 265.945352][ T8495] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 265.945362][ T8495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 265.945372][ T8495] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 265.945381][ T8495] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 265.945390][ T8495] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 265.945409][ T8495] [ 266.763243][ T8503] netlink: 330 bytes leftover after parsing attributes in process `syz.2.631'. [ 266.793734][ T5632] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 266.820720][ T8507] FAULT_INJECTION: forcing a failure. [ 266.820720][ T8507] name failslab, interval 1, probability 0, space 0, times 0 [ 266.893717][ T8507] CPU: 0 UID: 0 PID: 8507 Comm: syz.1.632 Not tainted syzkaller #0 PREEMPT(full) [ 266.893742][ T8507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 266.893753][ T8507] Call Trace: [ 266.893759][ T8507] [ 266.893766][ T8507] dump_stack_lvl+0x100/0x190 [ 266.893790][ T8507] should_fail_ex.cold+0x5/0xa [ 266.893813][ T8507] should_failslab+0xc2/0x120 [ 266.893833][ T8507] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 266.893859][ T8507] ? __d_alloc+0x34/0xa40 [ 266.893886][ T8507] __d_alloc+0x34/0xa40 [ 266.893906][ T8507] ? security_inode_alloc+0xcf/0x2c0 [ 266.893925][ T8507] d_alloc_pseudo+0x1c/0xc0 [ 266.893941][ T8507] alloc_file_pseudo+0xcf/0x230 [ 266.893967][ T8507] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 266.893992][ T8507] ? security_inode_init_security_anon+0x7b/0x230 [ 266.894015][ T8507] __anon_inode_getfile+0xe8/0x280 [ 266.894038][ T8507] ? _copy_to_user+0xaf/0xd0 [ 266.894057][ T8507] io_uring_setup.cold+0x1951/0x1c6e [ 266.894096][ T8507] ? __pfx_io_uring_setup+0x10/0x10 [ 266.894120][ T8507] ? __pfx_do_futex+0x10/0x10 [ 266.894148][ T8507] ? xfd_validate_state+0x129/0x190 [ 266.894172][ T8507] __x64_sys_io_uring_setup+0xc2/0x170 [ 266.894193][ T8507] do_syscall_64+0x10b/0xf80 [ 266.894217][ T8507] ? clear_bhb_loop+0x40/0x90 [ 266.894237][ T8507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.894254][ T8507] RIP: 0033:0x7f22be79ce59 [ 266.894270][ T8507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 266.894285][ T8507] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 266.894304][ T8507] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 266.894315][ T8507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 266.894324][ T8507] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 266.894334][ T8507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.894343][ T8507] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 266.894364][ T8507] [ 267.832873][ T5641] Bluetooth: hci3: command 0x2016 tx timeout [ 268.440986][ T8533] FAULT_INJECTION: forcing a failure. [ 268.440986][ T8533] name failslab, interval 1, probability 0, space 0, times 0 [ 268.457886][ T50] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 268.558991][ T8533] CPU: 0 UID: 60928 PID: 8533 Comm: syz.2.641 Not tainted syzkaller #0 PREEMPT(full) [ 268.559016][ T8533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 268.559026][ T8533] Call Trace: [ 268.559031][ T8533] [ 268.559037][ T8533] dump_stack_lvl+0x100/0x190 [ 268.559061][ T8533] should_fail_ex.cold+0x5/0xa [ 268.559082][ T8533] should_failslab+0xc2/0x120 [ 268.559102][ T8533] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 268.559127][ T8533] ? vm_area_dup+0x27/0x8e0 [ 268.559149][ T8533] ? __vma_start_write+0x17f/0x280 [ 268.559173][ T8533] vm_area_dup+0x27/0x8e0 [ 268.559196][ T8533] dup_mmap+0x6f6/0x2180 [ 268.559224][ T8533] ? __pfx_dup_mmap+0x10/0x10 [ 268.559241][ T8533] ? __hrtimer_rearm_deferred+0x24d/0x740 [ 268.559262][ T8533] ? __hrtimer_rearm_deferred+0x24d/0x740 [ 268.559285][ T8533] ? __lock_acquire+0x4a5/0x2630 [ 268.559301][ T8533] ? irqentry_exit+0x24d/0x7e0 [ 268.559323][ T8533] ? lockdep_hardirqs_on+0x78/0x100 [ 268.559360][ T8533] copy_process+0x6c78/0x7ed0 [ 268.559380][ T8533] ? __futex_wait+0x256/0x300 [ 268.559413][ T8533] ? __pfx_copy_process+0x10/0x10 [ 268.559437][ T8533] ? futex_hash+0x141/0x370 [ 268.559464][ T8533] kernel_clone+0x12e/0x9c0 [ 268.559484][ T8533] ? __pfx_futex_wait+0x10/0x10 [ 268.559506][ T8533] ? __pfx_kernel_clone+0x10/0x10 [ 268.559537][ T8533] __do_sys_clone+0xd9/0x120 [ 268.559563][ T8533] ? __pfx___do_sys_clone+0x10/0x10 [ 268.559584][ T8533] ? map_id_range_down+0x2bc/0x3b0 [ 268.559616][ T8533] ? rcu_is_watching+0x12/0xc0 [ 268.559636][ T8533] do_syscall_64+0x10b/0xf80 [ 268.559657][ T8533] ? clear_bhb_loop+0x40/0x90 [ 268.559680][ T8533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.559695][ T8533] RIP: 0033:0x7f49b6d9ce59 [ 268.559709][ T8533] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 268.559725][ T8533] RSP: 002b:00007f49b7c5dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 268.559739][ T8533] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 268.559764][ T8533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 268.559774][ T8533] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 268.559783][ T8533] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 268.559792][ T8533] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 268.559814][ T8533] [ 268.869292][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 269.101198][ T8554] FAULT_INJECTION: forcing a failure. [ 269.101198][ T8554] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.101226][ T8554] CPU: 0 UID: 0 PID: 8554 Comm: syz.2.647 Not tainted syzkaller #0 PREEMPT(full) [ 269.101244][ T8554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 269.101254][ T8554] Call Trace: [ 269.101259][ T8554] [ 269.101264][ T8554] dump_stack_lvl+0x100/0x190 [ 269.101286][ T8554] should_fail_ex.cold+0x5/0xa [ 269.101305][ T8554] _copy_from_iter+0x1f4/0x1690 [ 269.101325][ T8554] ? __asan_memset+0x23/0x50 [ 269.101349][ T8554] ? __pfx__copy_from_iter+0x10/0x10 [ 269.101365][ T8554] ? __pfx___alloc_skb+0x10/0x10 [ 269.101390][ T8554] netlink_sendmsg+0x808/0xda0 [ 269.101417][ T8554] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.101439][ T8554] ? __import_iovec+0x1d2/0x640 [ 269.101457][ T8554] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 269.101484][ T8554] ____sys_sendmsg+0x9e1/0xb70 [ 269.101506][ T8554] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.101531][ T8554] ? __pfx_____sys_sendmsg+0x10/0x10 [ 269.101561][ T8554] ___sys_sendmsg+0x190/0x1e0 [ 269.101586][ T8554] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.101631][ T8554] __sys_sendmsg+0x170/0x220 [ 269.101651][ T8554] ? __pfx___sys_sendmsg+0x10/0x10 [ 269.101677][ T8554] ? rcu_is_watching+0x12/0xc0 [ 269.101699][ T8554] do_syscall_64+0x10b/0xf80 [ 269.101723][ T8554] ? clear_bhb_loop+0x40/0x90 [ 269.101741][ T8554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.101757][ T8554] RIP: 0033:0x7f49b6d9ce59 [ 269.101770][ T8554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 269.101793][ T8554] RSP: 002b:00007f49b7c5e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 269.101808][ T8554] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 269.101818][ T8554] RDX: 0000000024048804 RSI: 00002000000015c0 RDI: 0000000000000003 [ 269.101828][ T8554] RBP: 00007f49b7c5e090 R08: 0000000000000000 R09: 0000000000000000 [ 269.101837][ T8554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.101846][ T8554] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 269.101865][ T8554] [ 269.702065][ T8566] zero sized request [ 269.703398][ T8564] can: request_module (can-proto-0) failed. [ 270.041445][ T8568] FAULT_INJECTION: forcing a failure. [ 270.041445][ T8568] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.041476][ T8568] CPU: 0 UID: 0 PID: 8568 Comm: syz.2.650 Not tainted syzkaller #0 PREEMPT(full) [ 270.041495][ T8568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 270.041505][ T8568] Call Trace: [ 270.041510][ T8568] [ 270.041516][ T8568] dump_stack_lvl+0x100/0x190 [ 270.041542][ T8568] should_fail_ex.cold+0x5/0xa [ 270.041563][ T8568] _copy_to_iter+0x1f3/0x1720 [ 270.041583][ T8568] ? __pfx___skb_try_recv_datagram+0x10/0x10 [ 270.041602][ T8568] ? __pfx__copy_to_iter+0x10/0x10 [ 270.041622][ T8568] ? __skb_recv_datagram+0x1b2/0x220 [ 270.041641][ T8568] simple_copy_to_iter+0x46/0x90 [ 270.041665][ T8568] __skb_datagram_iter+0x129/0x900 [ 270.041688][ T8568] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 270.041718][ T8568] skb_copy_datagram_iter+0xa5/0x270 [ 270.041741][ T8568] ? aa_sk_perm+0x309/0xaa0 [ 270.041769][ T8568] netlink_recvmsg+0x27e/0xa90 [ 270.041794][ T8568] ? __pfx_netlink_recvmsg+0x10/0x10 [ 270.041815][ T8568] ? __fget_files+0x215/0x3d0 [ 270.041833][ T8568] ? __fget_files+0x215/0x3d0 [ 270.041854][ T8568] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 270.041879][ T8568] ? __pfx_netlink_recvmsg+0x10/0x10 [ 270.041903][ T8568] sock_recvmsg+0x1a4/0x1f0 [ 270.041925][ T8568] __sys_recvfrom+0x200/0x300 [ 270.041944][ T8568] ? __pfx___sys_recvfrom+0x10/0x10 [ 270.041967][ T8568] ? fd_install+0x223/0x580 [ 270.041992][ T8568] ? __pfx___sys_socket+0x10/0x10 [ 270.042005][ T8568] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 270.042026][ T8568] __x64_sys_recvfrom+0xe0/0x1c0 [ 270.042042][ T8568] ? do_syscall_64+0x90/0xf80 [ 270.042065][ T8568] ? lockdep_hardirqs_on+0x78/0x100 [ 270.042088][ T8568] do_syscall_64+0x10b/0xf80 [ 270.042110][ T8568] ? clear_bhb_loop+0x40/0x90 [ 270.042130][ T8568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.042146][ T8568] RIP: 0033:0x7f49b6d5d68e [ 270.042159][ T8568] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 270.042174][ T8568] RSP: 002b:00007f49b7c5cee8 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 270.042189][ T8568] RAX: ffffffffffffffda RBX: 00007f49b7c5e6c0 RCX: 00007f49b6d5d68e [ 270.042200][ T8568] RDX: 0000000000001000 RSI: 00007f49b7c5d000 RDI: 0000000000000000 [ 270.042209][ T8568] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 270.042218][ T8568] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000020c0 [ 270.042227][ T8568] R13: 00007f49b7c5cfb0 R14: 0000000000000013 R15: 0000000000000000 [ 270.042247][ T8568] [ 270.450800][ T50] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 270.558413][ T8577] FAULT_INJECTION: forcing a failure. [ 270.558413][ T8577] name failslab, interval 1, probability 0, space 0, times 0 [ 270.558493][ T8577] CPU: 0 UID: 60928 PID: 8577 Comm: syz.2.653 Not tainted syzkaller #0 PREEMPT(full) [ 270.558514][ T8577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 270.558525][ T8577] Call Trace: [ 270.558530][ T8577] [ 270.558537][ T8577] dump_stack_lvl+0x100/0x190 [ 270.558560][ T8577] should_fail_ex.cold+0x5/0xa [ 270.558583][ T8577] should_failslab+0xc2/0x120 [ 270.558604][ T8577] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 270.558633][ T8577] ? vm_area_dup+0x27/0x8e0 [ 270.558656][ T8577] ? __vma_start_write+0x17f/0x280 [ 270.558683][ T8577] vm_area_dup+0x27/0x8e0 [ 270.558708][ T8577] dup_mmap+0x6f6/0x2180 [ 270.558745][ T8577] ? __pfx_dup_mmap+0x10/0x10 [ 270.558767][ T8577] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 270.558796][ T8577] ? __lock_acquire+0x4a5/0x2630 [ 270.558812][ T8577] ? find_held_lock+0x2b/0x80 [ 270.558832][ T8577] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 270.558867][ T8577] copy_process+0x6c78/0x7ed0 [ 270.558889][ T8577] ? __futex_wait+0x256/0x300 [ 270.558923][ T8577] ? __pfx_copy_process+0x10/0x10 [ 270.558946][ T8577] ? find_held_lock+0x2b/0x80 [ 270.558974][ T8577] kernel_clone+0x12e/0x9c0 [ 270.558995][ T8577] ? __pfx_futex_wait+0x10/0x10 [ 270.559017][ T8577] ? __pfx_kernel_clone+0x10/0x10 [ 270.559051][ T8577] __do_sys_clone+0xd9/0x120 [ 270.559073][ T8577] ? __pfx___do_sys_clone+0x10/0x10 [ 270.559095][ T8577] ? map_id_range_down+0x2bc/0x3b0 [ 270.559129][ T8577] ? rcu_is_watching+0x12/0xc0 [ 270.559151][ T8577] do_syscall_64+0x10b/0xf80 [ 270.559175][ T8577] ? clear_bhb_loop+0x40/0x90 [ 270.559195][ T8577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.559211][ T8577] RIP: 0033:0x7f49b6d9ce59 [ 270.559226][ T8577] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 270.559248][ T8577] RSP: 002b:00007f49b7c5dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 270.559264][ T8577] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 270.559275][ T8577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 270.559286][ T8577] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 270.559296][ T8577] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 270.559306][ T8577] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 270.559328][ T8577] [ 270.954642][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 271.279870][ T8584] FAULT_INJECTION: forcing a failure. [ 271.279870][ T8584] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 271.279898][ T8584] CPU: 0 UID: 0 PID: 8584 Comm: syz.2.656 Not tainted syzkaller #0 PREEMPT(full) [ 271.279916][ T8584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 271.279925][ T8584] Call Trace: [ 271.279930][ T8584] [ 271.279936][ T8584] dump_stack_lvl+0x100/0x190 [ 271.279957][ T8584] should_fail_ex.cold+0x5/0xa [ 271.279973][ T8584] ? prepare_alloc_pages+0x16d/0x5f0 [ 271.279995][ T8584] should_fail_alloc_page+0xeb/0x140 [ 271.280015][ T8584] prepare_alloc_pages+0x1f0/0x5f0 [ 271.280035][ T8584] ? kernel_text_address+0x8d/0x100 [ 271.280053][ T8584] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 271.280084][ T8584] ? copy_splice_read+0x1a3/0xb90 [ 271.280104][ T8584] ? stack_trace_save+0x8e/0xc0 [ 271.280125][ T8584] ? __pfx_stack_trace_save+0x10/0x10 [ 271.280147][ T8584] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 271.280174][ T8584] ? copy_splice_read+0x1a3/0xb90 [ 271.280192][ T8584] ? kasan_save_stack+0x3f/0x50 [ 271.280206][ T8584] ? kasan_save_stack+0x30/0x50 [ 271.280220][ T8584] ? kasan_save_track+0x14/0x30 [ 271.280234][ T8584] ? __kasan_kmalloc+0xaa/0xb0 [ 271.280248][ T8584] ? __kmalloc_noprof+0x301/0x850 [ 271.280261][ T8584] ? copy_splice_read+0x1a3/0xb90 [ 271.280281][ T8584] ? do_syscall_64+0x10b/0xf80 [ 271.280305][ T8584] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.280331][ T8584] alloc_pages_bulk_noprof+0x649/0x1360 [ 271.280354][ T8584] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 271.280375][ T8584] ? __kmalloc_noprof+0x320/0x850 [ 271.280396][ T8584] copy_splice_read+0x1e1/0xb90 [ 271.280419][ T8584] ? __pfx_copy_splice_read+0x10/0x10 [ 271.280440][ T8584] ? look_up_lock_class+0x55/0x120 [ 271.280466][ T8584] ? lockdep_init_map_type+0x5c/0x250 [ 271.280484][ T8584] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 271.280503][ T8584] ? __pfx_copy_splice_read+0x10/0x10 [ 271.280522][ T8584] do_splice_read+0x285/0x370 [ 271.280543][ T8584] splice_direct_to_actor+0x2a1/0xa30 [ 271.280564][ T8584] ? __pfx_direct_splice_actor+0x10/0x10 [ 271.280587][ T8584] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 271.280612][ T8584] do_splice_direct+0x174/0x240 [ 271.280632][ T8584] ? __pfx_do_splice_direct+0x10/0x10 [ 271.280652][ T8584] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 271.280680][ T8584] ? rw_verify_area+0xce/0x6d0 [ 271.280697][ T8584] do_sendfile+0xadc/0xe20 [ 271.280718][ T8584] ? __pfx_do_sendfile+0x10/0x10 [ 271.280735][ T8584] ? __fget_files+0x21f/0x3d0 [ 271.280758][ T8584] __x64_sys_sendfile64+0x1d8/0x220 [ 271.280778][ T8584] ? ksys_write+0x1ac/0x250 [ 271.280795][ T8584] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 271.280818][ T8584] ? rcu_is_watching+0x12/0xc0 [ 271.280839][ T8584] do_syscall_64+0x10b/0xf80 [ 271.280862][ T8584] ? clear_bhb_loop+0x40/0x90 [ 271.280880][ T8584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.280896][ T8584] RIP: 0033:0x7f49b6d9ce59 [ 271.280909][ T8584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 271.280924][ T8584] RSP: 002b:00007f49b7c5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 271.280942][ T8584] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 271.280955][ T8584] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 271.280963][ T8584] RBP: 00007f49b7c5e090 R08: 0000000000000000 R09: 0000000000000000 [ 271.280973][ T8584] R10: 00000000000000ea R11: 0000000000000246 R12: 0000000000000001 [ 271.280982][ T8584] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 271.281001][ T8584] [ 273.027715][ T8598] FAULT_INJECTION: forcing a failure. [ 273.027715][ T8598] name fail_futex, interval 1, probability 0, space 0, times 0 [ 273.043391][ T8598] CPU: 0 UID: 0 PID: 8598 Comm: syz.1.660 Not tainted syzkaller #0 PREEMPT(full) [ 273.043415][ T8598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 273.043425][ T8598] Call Trace: [ 273.043430][ T8598] [ 273.043439][ T8598] dump_stack_lvl+0x100/0x190 [ 273.043474][ T8598] should_fail_ex.cold+0x5/0xa [ 273.043496][ T8598] get_futex_key+0x1d2/0x1510 [ 273.043516][ T8598] ? __pfx_get_futex_key+0x10/0x10 [ 273.043541][ T8598] futex_wake+0xea/0x530 [ 273.043562][ T8598] ? __pfx_futex_wake+0x10/0x10 [ 273.043585][ T8598] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 273.043602][ T8598] ? lockdep_hardirqs_on+0x78/0x100 [ 273.043637][ T8598] do_futex+0x32b/0x350 [ 273.043654][ T8598] ? __pfx_do_futex+0x10/0x10 [ 273.043678][ T8598] __x64_sys_futex+0x34f/0x4d0 [ 273.043698][ T8598] ? __pfx___x64_sys_futex+0x10/0x10 [ 273.043720][ T8598] ? rcu_is_watching+0x12/0xc0 [ 273.043742][ T8598] do_syscall_64+0x10b/0xf80 [ 273.043765][ T8598] ? clear_bhb_loop+0x40/0x90 [ 273.043784][ T8598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.043800][ T8598] RIP: 0033:0x7f22be79ce59 [ 273.043814][ T8598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 273.043830][ T8598] RSP: 002b:00007f22bf62e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 273.043845][ T8598] RAX: ffffffffffffffda RBX: 00007f22bea15fa8 RCX: 00007f22be79ce59 [ 273.043855][ T8598] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f22bea15fac [ 273.043865][ T8598] RBP: 00007f22bea15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 273.043874][ T8598] R10: 000000000000002e R11: 0000000000000246 R12: 0000000000000000 [ 273.043883][ T8598] R13: 00007f22bea16038 R14: 00007ffe969820f0 R15: 00007ffe969821d8 [ 273.043903][ T8598] [ 273.222279][ T8607] FAULT_INJECTION: forcing a failure. [ 273.222279][ T8607] name failslab, interval 1, probability 0, space 0, times 0 [ 273.223489][ T8607] CPU: 0 UID: 60928 PID: 8607 Comm: syz.3.662 Not tainted syzkaller #0 PREEMPT(full) [ 273.223512][ T8607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 273.223522][ T8607] Call Trace: [ 273.223529][ T8607] [ 273.223536][ T8607] dump_stack_lvl+0x100/0x190 [ 273.223558][ T8607] should_fail_ex.cold+0x5/0xa [ 273.223579][ T8607] should_failslab+0xc2/0x120 [ 273.223599][ T8607] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 273.223623][ T8607] ? vm_area_dup+0x27/0x8e0 [ 273.223645][ T8607] ? __vma_start_write+0x17f/0x280 [ 273.223670][ T8607] vm_area_dup+0x27/0x8e0 [ 273.223694][ T8607] dup_mmap+0x6f6/0x2180 [ 273.223722][ T8607] ? __pfx_dup_mmap+0x10/0x10 [ 273.223741][ T8607] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 273.223768][ T8607] ? __lock_acquire+0x4a5/0x2630 [ 273.223785][ T8607] ? find_held_lock+0x2b/0x80 [ 273.223804][ T8607] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 273.223837][ T8607] copy_process+0x6c78/0x7ed0 [ 273.223858][ T8607] ? __futex_wait+0x256/0x300 [ 273.223889][ T8607] ? __pfx_copy_process+0x10/0x10 [ 273.223913][ T8607] ? futex_hash+0x141/0x370 [ 273.223933][ T8607] kernel_clone+0x12e/0x9c0 [ 273.223953][ T8607] ? __pfx_futex_wait+0x10/0x10 [ 273.223974][ T8607] ? __pfx_kernel_clone+0x10/0x10 [ 273.224006][ T8607] __do_sys_clone+0xd9/0x120 [ 273.224027][ T8607] ? __pfx___do_sys_clone+0x10/0x10 [ 273.224048][ T8607] ? map_id_range_down+0x2bc/0x3b0 [ 273.224080][ T8607] ? rcu_is_watching+0x12/0xc0 [ 273.224102][ T8607] do_syscall_64+0x10b/0xf80 [ 273.224124][ T8607] ? clear_bhb_loop+0x40/0x90 [ 273.224143][ T8607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.224159][ T8607] RIP: 0033:0x7fe4c7d9ce59 [ 273.224173][ T8607] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 273.224188][ T8607] RSP: 002b:00007fe4c5ff5fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 273.224203][ T8607] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 273.224213][ T8607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 273.224222][ T8607] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 273.224231][ T8607] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 273.224240][ T8607] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 273.224261][ T8607] [ 275.271126][ T8650] FAULT_INJECTION: forcing a failure. [ 275.271126][ T8650] name fail_futex, interval 1, probability 0, space 0, times 0 [ 275.271173][ T8650] CPU: 0 UID: 0 PID: 8650 Comm: syz.1.673 Not tainted syzkaller #0 PREEMPT(full) [ 275.271192][ T8650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 275.271202][ T8650] Call Trace: [ 275.271207][ T8650] [ 275.271213][ T8650] dump_stack_lvl+0x100/0x190 [ 275.271235][ T8650] should_fail_ex.cold+0x5/0xa [ 275.271255][ T8650] get_futex_key+0x1d2/0x1510 [ 275.271275][ T8650] ? __pfx_get_futex_key+0x10/0x10 [ 275.271299][ T8650] futex_wait_setup+0x83/0x510 [ 275.271325][ T8650] __futex_wait+0x19f/0x300 [ 275.271349][ T8650] ? __pfx___futex_wait+0x10/0x10 [ 275.271369][ T8650] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 275.271394][ T8650] ? __pfx_futex_wake_mark+0x10/0x10 [ 275.271425][ T8650] ? futex_hash+0x2ad/0x370 [ 275.271442][ T8650] ? futex_hash+0x141/0x370 [ 275.271460][ T8650] futex_wait+0xe6/0x370 [ 275.271482][ T8650] ? __pfx_futex_wait+0x10/0x10 [ 275.271508][ T8650] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 275.271525][ T8650] ? lockdep_hardirqs_on+0x78/0x100 [ 275.271552][ T8650] do_futex+0x1ef/0x350 [ 275.271569][ T8650] ? __pfx_do_futex+0x10/0x10 [ 275.271586][ T8650] ? cap_task_prctl+0x104/0xa50 [ 275.271609][ T8650] ? __pfx_sched_core_share_pid+0x10/0x10 [ 275.271636][ T8650] __x64_sys_futex+0x34f/0x4d0 [ 275.271656][ T8650] ? __pfx___x64_sys_futex+0x10/0x10 [ 275.271675][ T8650] ? __pfx___do_sys_prctl+0x10/0x10 [ 275.271694][ T8650] ? rcu_is_watching+0x12/0xc0 [ 275.271715][ T8650] do_syscall_64+0x10b/0xf80 [ 275.271737][ T8650] ? clear_bhb_loop+0x40/0x90 [ 275.271756][ T8650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.271772][ T8650] RIP: 0033:0x7f22be79ce59 [ 275.271786][ T8650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 275.271801][ T8650] RSP: 002b:00007f22bf62e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 275.271816][ T8650] RAX: ffffffffffffffda RBX: 00007f22bea15fa8 RCX: 00007f22be79ce59 [ 275.271827][ T8650] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f22bea15fa8 [ 275.271836][ T8650] RBP: 00007f22bea15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 275.271846][ T8650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.271855][ T8650] R13: 00007f22bea16038 R14: 00007ffe969820f0 R15: 00007ffe969821d8 [ 275.271876][ T8650] [ 276.155776][ T8670] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 276.546350][ T8671] netlink: 'syz.1.678': attribute type 11 has an invalid length. [ 276.831424][ T8684] tc_dump_action: action bad kind [ 279.532126][ T8717] FAULT_INJECTION: forcing a failure. [ 279.532126][ T8717] name failslab, interval 1, probability 0, space 0, times 0 [ 279.620519][ T8717] CPU: 0 UID: 60928 PID: 8717 Comm: syz.1.691 Not tainted syzkaller #0 PREEMPT(full) [ 279.620550][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 279.620560][ T8717] Call Trace: [ 279.620566][ T8717] [ 279.620573][ T8717] dump_stack_lvl+0x100/0x190 [ 279.620596][ T8717] should_fail_ex.cold+0x5/0xa [ 279.620618][ T8717] should_failslab+0xc2/0x120 [ 279.620638][ T8717] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 279.620661][ T8717] ? vm_area_dup+0x27/0x8e0 [ 279.620683][ T8717] ? rcu_is_watching+0x12/0xc0 [ 279.620701][ T8717] ? percpu_counter_add_batch+0xb9/0x230 [ 279.620722][ T8717] vm_area_dup+0x27/0x8e0 [ 279.620745][ T8717] dup_mmap+0x6f6/0x2180 [ 279.620774][ T8717] ? __pfx_dup_mmap+0x10/0x10 [ 279.620793][ T8717] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 279.620820][ T8717] ? __lock_acquire+0x4a5/0x2630 [ 279.620836][ T8717] ? find_held_lock+0x2b/0x80 [ 279.620855][ T8717] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 279.620888][ T8717] copy_process+0x6c78/0x7ed0 [ 279.620908][ T8717] ? __futex_wait+0x256/0x300 [ 279.620944][ T8717] ? __pfx_copy_process+0x10/0x10 [ 279.620966][ T8717] ? find_held_lock+0x2b/0x80 [ 279.620994][ T8717] kernel_clone+0x12e/0x9c0 [ 279.621014][ T8717] ? __pfx_futex_wait+0x10/0x10 [ 279.621035][ T8717] ? __pfx_kernel_clone+0x10/0x10 [ 279.621068][ T8717] __do_sys_clone+0xd9/0x120 [ 279.621091][ T8717] ? __pfx___do_sys_clone+0x10/0x10 [ 279.621112][ T8717] ? map_id_range_down+0x2bc/0x3b0 [ 279.621144][ T8717] ? rcu_is_watching+0x12/0xc0 [ 279.621165][ T8717] do_syscall_64+0x10b/0xf80 [ 279.621195][ T8717] ? clear_bhb_loop+0x40/0x90 [ 279.621215][ T8717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.621232][ T8717] RIP: 0033:0x7f22be79ce59 [ 279.621245][ T8717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.621261][ T8717] RSP: 002b:00007f22bf62dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 279.621276][ T8717] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 279.621287][ T8717] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 279.621298][ T8717] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 279.621308][ T8717] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 279.621317][ T8717] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 279.621338][ T8717] [ 282.380174][ T8761] busy [ 282.677497][ T5632] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 283.126911][ T8765] FAULT_INJECTION: forcing a failure. [ 283.126911][ T8765] name failslab, interval 1, probability 0, space 0, times 0 [ 283.255118][ T8765] CPU: 0 UID: 0 PID: 8765 Comm: syz.0.703 Not tainted syzkaller #0 PREEMPT(full) [ 283.255143][ T8765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 283.255153][ T8765] Call Trace: [ 283.255159][ T8765] [ 283.255165][ T8765] dump_stack_lvl+0x100/0x190 [ 283.255188][ T8765] should_fail_ex.cold+0x5/0xa [ 283.255210][ T8765] should_failslab+0xc2/0x120 [ 283.255229][ T8765] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 283.255255][ T8765] ? sock_alloc_inode+0x26/0x290 [ 283.255278][ T8765] ? __pfx_sock_alloc_inode+0x10/0x10 [ 283.255300][ T8765] sock_alloc_inode+0x26/0x290 [ 283.255320][ T8765] ? __pfx_sock_alloc_inode+0x10/0x10 [ 283.255346][ T8765] alloc_inode+0x68/0x250 [ 283.255371][ T8765] sock_alloc+0x44/0x280 [ 283.255390][ T8765] ? security_socket_create+0x7f/0x250 [ 283.255415][ T8765] __sock_create+0xc2/0x860 [ 283.255442][ T8765] __sys_socket+0x14d/0x260 [ 283.255457][ T8765] ? __pfx___sys_socket+0x10/0x10 [ 283.255491][ T8765] __x64_sys_socket+0x72/0xb0 [ 283.255506][ T8765] ? lockdep_hardirqs_on+0x78/0x100 [ 283.255530][ T8765] do_syscall_64+0x10b/0xf80 [ 283.255553][ T8765] ? clear_bhb_loop+0x40/0x90 [ 283.255572][ T8765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.255589][ T8765] RIP: 0033:0x7f19fff9e6c7 [ 283.255603][ T8765] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 283.255619][ T8765] RSP: 002b:00007f1a00f13f98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 283.255635][ T8765] RAX: ffffffffffffffda RBX: 00007f1a00215fa0 RCX: 00007f19fff9e6c7 [ 283.255646][ T8765] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 283.255655][ T8765] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 283.255665][ T8765] R10: 0000200000000040 R11: 0000000000000286 R12: 0000000000000000 [ 283.255674][ T8765] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 283.255714][ T8765] [ 283.255723][ T8765] socket: no more sockets [ 283.874144][ T8780] random: crng reseeded on system resumption [ 283.930899][ T8780] hub 1-0:1.0: USB hub found [ 283.947476][ T8780] hub 1-0:1.0: 1 port detected [ 285.194906][ T8800] busy [ 285.520162][ T5632] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 285.554724][ T8810] FAULT_INJECTION: forcing a failure. [ 285.554724][ T8810] name failslab, interval 1, probability 0, space 0, times 0 [ 285.683571][ T8810] CPU: 0 UID: 0 PID: 8810 Comm: syz.0.716 Not tainted syzkaller #0 PREEMPT(full) [ 285.683622][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 285.683632][ T8810] Call Trace: [ 285.683638][ T8810] [ 285.683644][ T8810] dump_stack_lvl+0x100/0x190 [ 285.683668][ T8810] should_fail_ex.cold+0x5/0xa [ 285.683690][ T8810] should_failslab+0xc2/0x120 [ 285.683709][ T8810] __kmalloc_cache_noprof+0x7a/0x6f0 [ 285.683731][ T8810] ? snd_virmidi_input_open+0xc8/0x4a0 [ 285.683753][ T8810] ? __kasan_kmalloc+0xaa/0xb0 [ 285.683772][ T8810] snd_virmidi_input_open+0xc8/0x4a0 [ 285.683797][ T8810] open_substream+0x480/0x9b0 [ 285.683816][ T8810] rawmidi_open_priv+0x55d/0x6f0 [ 285.683836][ T8810] snd_rawmidi_open+0x4c9/0xba0 [ 285.683857][ T8810] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 285.683876][ T8810] ? __pfx_default_wake_function+0x10/0x10 [ 285.683899][ T8810] ? kobject_get_unless_zero+0x156/0x200 [ 285.683919][ T8810] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 285.683937][ T8810] snd_open+0x201/0x450 [ 285.683960][ T8810] ? __pfx_snd_open+0x10/0x10 [ 285.683982][ T8810] chrdev_open+0x234/0x6a0 [ 285.684005][ T8810] ? __pfx_apparmor_file_open+0x10/0x10 [ 285.684022][ T8810] ? __pfx_chrdev_open+0x10/0x10 [ 285.684044][ T8810] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 285.684070][ T8810] do_dentry_open+0x6d8/0x1660 [ 285.684092][ T8810] ? __pfx_chrdev_open+0x10/0x10 [ 285.684116][ T8810] vfs_open+0x82/0x3f0 [ 285.684140][ T8810] path_openat+0x208c/0x31a0 [ 285.684167][ T8810] ? __pfx_path_openat+0x10/0x10 [ 285.684194][ T8810] do_file_open+0x20e/0x430 [ 285.684216][ T8810] ? __pfx_do_file_open+0x10/0x10 [ 285.684249][ T8810] ? alloc_fd+0x476/0x790 [ 285.684270][ T8810] ? do_getname+0x191/0x390 [ 285.684294][ T8810] do_sys_openat2+0x10d/0x1e0 [ 285.684317][ T8810] ? __pfx_do_sys_openat2+0x10/0x10 [ 285.684347][ T8810] __x64_sys_openat+0x12d/0x210 [ 285.684371][ T8810] ? __pfx___x64_sys_openat+0x10/0x10 [ 285.684394][ T8810] ? ksys_write+0x1ac/0x250 [ 285.684416][ T8810] ? rcu_is_watching+0x12/0xc0 [ 285.684438][ T8810] do_syscall_64+0x10b/0xf80 [ 285.684460][ T8810] ? clear_bhb_loop+0x40/0x90 [ 285.684479][ T8810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.684495][ T8810] RIP: 0033:0x7f19fff9ce59 [ 285.684509][ T8810] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.684524][ T8810] RSP: 002b:00007f1a00f15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 285.684540][ T8810] RAX: ffffffffffffffda RBX: 00007f1a00215fa0 RCX: 00007f19fff9ce59 [ 285.684551][ T8810] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 285.684561][ T8810] RBP: 00007f1a00032d6f R08: 0000000000000000 R09: 0000000000000000 [ 285.684570][ T8810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.684586][ T8810] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 285.684621][ T8810] [ 286.276396][ T8821] FAULT_INJECTION: forcing a failure. [ 286.276396][ T8821] name failslab, interval 1, probability 0, space 0, times 0 [ 286.315080][ T8821] CPU: 0 UID: 0 PID: 8821 Comm: syz.1.719 Not tainted syzkaller #0 PREEMPT(full) [ 286.315106][ T8821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 286.315116][ T8821] Call Trace: [ 286.315122][ T8821] [ 286.315130][ T8821] dump_stack_lvl+0x100/0x190 [ 286.315154][ T8821] should_fail_ex.cold+0x5/0xa [ 286.315174][ T8821] should_failslab+0xc2/0x120 [ 286.315193][ T8821] __kmalloc_cache_noprof+0x7a/0x6f0 [ 286.315216][ T8821] ? snd_virmidi_input_open+0xc8/0x4a0 [ 286.315238][ T8821] ? __kasan_kmalloc+0xaa/0xb0 [ 286.315257][ T8821] snd_virmidi_input_open+0xc8/0x4a0 [ 286.315283][ T8821] open_substream+0x480/0x9b0 [ 286.315301][ T8821] rawmidi_open_priv+0x55d/0x6f0 [ 286.315321][ T8821] snd_rawmidi_open+0x4c9/0xba0 [ 286.315342][ T8821] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 286.315360][ T8821] ? __pfx_default_wake_function+0x10/0x10 [ 286.315384][ T8821] ? kobject_get_unless_zero+0x156/0x200 [ 286.315404][ T8821] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 286.315421][ T8821] snd_open+0x201/0x450 [ 286.315444][ T8821] ? __pfx_snd_open+0x10/0x10 [ 286.315465][ T8821] chrdev_open+0x234/0x6a0 [ 286.315485][ T8821] ? __pfx_apparmor_file_open+0x10/0x10 [ 286.315500][ T8821] ? __pfx_chrdev_open+0x10/0x10 [ 286.315521][ T8821] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 286.315547][ T8821] do_dentry_open+0x6d8/0x1660 [ 286.315571][ T8821] ? __pfx_chrdev_open+0x10/0x10 [ 286.315595][ T8821] vfs_open+0x82/0x3f0 [ 286.315620][ T8821] path_openat+0x208c/0x31a0 [ 286.315646][ T8821] ? __pfx_path_openat+0x10/0x10 [ 286.315673][ T8821] do_file_open+0x20e/0x430 [ 286.315693][ T8821] ? __pfx_do_file_open+0x10/0x10 [ 286.315726][ T8821] ? alloc_fd+0x476/0x790 [ 286.315749][ T8821] ? do_getname+0x191/0x390 [ 286.315773][ T8821] do_sys_openat2+0x10d/0x1e0 [ 286.315796][ T8821] ? __pfx_do_sys_openat2+0x10/0x10 [ 286.315827][ T8821] __x64_sys_openat+0x12d/0x210 [ 286.315850][ T8821] ? __pfx___x64_sys_openat+0x10/0x10 [ 286.315873][ T8821] ? ksys_write+0x1ac/0x250 [ 286.315890][ T8821] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 286.315914][ T8821] ? syscall_user_dispatch+0x76/0x130 [ 286.315935][ T8821] do_syscall_64+0x10b/0xf80 [ 286.315957][ T8821] ? clear_bhb_loop+0x40/0x90 [ 286.315977][ T8821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.315993][ T8821] RIP: 0033:0x7f22be79ce59 [ 286.316007][ T8821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.316022][ T8821] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 286.316038][ T8821] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 286.316060][ T8821] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 286.316071][ T8821] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 286.316081][ T8821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.316090][ T8821] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 286.316112][ T8821] [ 287.466652][ T8845] busy [ 287.745827][ T8852] FAULT_INJECTION: forcing a failure. [ 287.745827][ T8852] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 287.856122][ T8852] CPU: 0 UID: 60928 PID: 8852 Comm: syz.2.727 Not tainted syzkaller #0 PREEMPT(full) [ 287.856147][ T8852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 287.856157][ T8852] Call Trace: [ 287.856163][ T8852] [ 287.856169][ T8852] dump_stack_lvl+0x100/0x190 [ 287.856192][ T8852] should_fail_ex.cold+0x5/0xa [ 287.856210][ T8852] ? prepare_alloc_pages+0x16d/0x5f0 [ 287.856232][ T8852] should_fail_alloc_page+0xeb/0x140 [ 287.856252][ T8852] prepare_alloc_pages+0x1f0/0x5f0 [ 287.856275][ T8852] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 287.856305][ T8852] ? rcu_is_watching+0x12/0xc0 [ 287.856324][ T8852] ? trace_mm_page_alloc+0x163/0x1d0 [ 287.856344][ T8852] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 287.856370][ T8852] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 287.856398][ T8852] ? find_held_lock+0x2b/0x80 [ 287.856417][ T8852] ? is_bpf_text_address+0x8a/0x1a0 [ 287.856449][ T8852] ? is_bpf_text_address+0x8a/0x1a0 [ 287.856472][ T8852] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 287.856497][ T8852] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 287.856521][ T8852] ? is_bpf_text_address+0x94/0x1a0 [ 287.856542][ T8852] ? kernel_text_address+0x8d/0x100 [ 287.856559][ T8852] ? __kernel_text_address+0xd/0x30 [ 287.856575][ T8852] ? unwind_get_return_address+0x59/0xa0 [ 287.856601][ T8852] alloc_pages_bulk_noprof+0x649/0x1360 [ 287.856621][ T8852] ? policy_nodemask+0xed/0x4f0 [ 287.856641][ T8852] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 287.856659][ T8852] ? kasan_save_stack+0x30/0x50 [ 287.856682][ T8852] __kasan_populate_vmalloc+0xf0/0x210 [ 287.856710][ T8852] alloc_vmap_area+0x95d/0x2b70 [ 287.856736][ T8852] ? __pfx_alloc_vmap_area+0x10/0x10 [ 287.856759][ T8852] __get_vm_area_node+0x1ca/0x330 [ 287.856782][ T8852] __vmalloc_node_range_noprof+0x228/0x1630 [ 287.856804][ T8852] ? kernel_clone+0x12e/0x9c0 [ 287.856827][ T8852] ? rcu_is_watching+0x12/0xc0 [ 287.856850][ T8852] ? kernel_clone+0x12e/0x9c0 [ 287.856876][ T8852] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 287.856901][ T8852] ? rcu_is_watching+0x12/0xc0 [ 287.856919][ T8852] ? trace_kmem_cache_alloc+0xd5/0x100 [ 287.856940][ T8852] ? kernel_clone+0x12e/0x9c0 [ 287.856960][ T8852] __vmalloc_node_noprof+0xad/0xf0 [ 287.856981][ T8852] ? kernel_clone+0x12e/0x9c0 [ 287.857003][ T8852] copy_process+0x7fb/0x7ed0 [ 287.857023][ T8852] ? __futex_wait+0x256/0x300 [ 287.857045][ T8852] ? __pfx___futex_wait+0x10/0x10 [ 287.857071][ T8852] ? __pfx_copy_process+0x10/0x10 [ 287.857095][ T8852] ? futex_hash+0x141/0x370 [ 287.857114][ T8852] kernel_clone+0x12e/0x9c0 [ 287.857134][ T8852] ? __pfx_futex_wait+0x10/0x10 [ 287.857155][ T8852] ? __pfx_kernel_clone+0x10/0x10 [ 287.857186][ T8852] __do_sys_clone+0xd9/0x120 [ 287.857208][ T8852] ? __pfx___do_sys_clone+0x10/0x10 [ 287.857229][ T8852] ? map_id_range_down+0x2bc/0x3b0 [ 287.857261][ T8852] ? rcu_is_watching+0x12/0xc0 [ 287.857281][ T8852] do_syscall_64+0x10b/0xf80 [ 287.857305][ T8852] ? clear_bhb_loop+0x40/0x90 [ 287.857325][ T8852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.857341][ T8852] RIP: 0033:0x7f49b6d9ce59 [ 287.857355][ T8852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.857371][ T8852] RSP: 002b:00007f49b7c5dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 287.857387][ T8852] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 287.857398][ T8852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 287.857407][ T8852] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 287.857417][ T8852] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 287.857426][ T8852] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 287.857454][ T8852] [ 288.627976][ T8852] syz.2.727: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 288.683285][ T8852] CPU: 0 UID: 60928 PID: 8852 Comm: syz.2.727 Not tainted syzkaller #0 PREEMPT(full) [ 288.683311][ T8852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 288.683322][ T8852] Call Trace: [ 288.683327][ T8852] [ 288.683343][ T8852] dump_stack_lvl+0x100/0x190 [ 288.683367][ T8852] warn_alloc.cold+0x95/0x1c1 [ 288.683388][ T8852] ? __pfx_warn_alloc+0x10/0x10 [ 288.683411][ T8852] ? lockdep_hardirqs_on+0x78/0x100 [ 288.683437][ T8852] ? __get_vm_area_node+0x2c5/0x330 [ 288.683461][ T8852] ? __get_vm_area_node+0x208/0x330 [ 288.683484][ T8852] __vmalloc_node_range_noprof+0xccd/0x1630 [ 288.683506][ T8852] ? rcu_is_watching+0x12/0xc0 [ 288.683529][ T8852] ? kernel_clone+0x12e/0x9c0 [ 288.683556][ T8852] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 288.683581][ T8852] ? rcu_is_watching+0x12/0xc0 [ 288.683599][ T8852] ? trace_kmem_cache_alloc+0xd5/0x100 [ 288.683620][ T8852] ? kernel_clone+0x12e/0x9c0 [ 288.683640][ T8852] __vmalloc_node_noprof+0xad/0xf0 [ 288.683660][ T8852] ? kernel_clone+0x12e/0x9c0 [ 288.683682][ T8852] copy_process+0x7fb/0x7ed0 [ 288.683702][ T8852] ? __futex_wait+0x256/0x300 [ 288.683724][ T8852] ? __pfx___futex_wait+0x10/0x10 [ 288.683750][ T8852] ? __pfx_copy_process+0x10/0x10 [ 288.683774][ T8852] ? futex_hash+0x141/0x370 [ 288.683793][ T8852] kernel_clone+0x12e/0x9c0 [ 288.683813][ T8852] ? __pfx_futex_wait+0x10/0x10 [ 288.683834][ T8852] ? __pfx_kernel_clone+0x10/0x10 [ 288.683875][ T8852] __do_sys_clone+0xd9/0x120 [ 288.683897][ T8852] ? __pfx___do_sys_clone+0x10/0x10 [ 288.683918][ T8852] ? map_id_range_down+0x2bc/0x3b0 [ 288.683950][ T8852] ? rcu_is_watching+0x12/0xc0 [ 288.683970][ T8852] do_syscall_64+0x10b/0xf80 [ 288.683993][ T8852] ? clear_bhb_loop+0x40/0x90 [ 288.684012][ T8852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.684027][ T8852] RIP: 0033:0x7f49b6d9ce59 [ 288.684042][ T8852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 288.684056][ T8852] RSP: 002b:00007f49b7c5dfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 288.684072][ T8852] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 288.684083][ T8852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 288.684093][ T8852] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 288.684102][ T8852] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 288.684112][ T8852] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 288.684132][ T8852] [ 288.687101][ T8852] Mem-Info: [ 289.439843][ T8852] active_anon:22123 inactive_anon:11 isolated_anon:0 [ 289.439843][ T8852] active_file:15156 inactive_file:42928 isolated_file:0 [ 289.439843][ T8852] unevictable:768 dirty:590 writeback:0 [ 289.439843][ T8852] slab_reclaimable:11013 slab_unreclaimable:93812 [ 289.439843][ T8852] mapped:25551 shmem:16442 pagetables:1124 [ 289.439843][ T8852] sec_pagetables:0 bounce:0 [ 289.439843][ T8852] kernel_misc_reclaimable:0 [ 289.439843][ T8852] free:1307991 free_pcp:5959 free_cma:0 [ 289.737292][ T8852] Node 0 active_anon:75336kB inactive_anon:44kB active_file:60624kB inactive_file:171512kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102204kB dirty:2356kB writeback:0kB shmem:50816kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11712kB pagetables:4476kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 289.979791][ T8852] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 290.160716][ T8852] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 290.251983][ T8870] netlink: 16 bytes leftover after parsing attributes in process `syz.0.731'. [ 290.278988][ T8870] netlink: 28 bytes leftover after parsing attributes in process `syz.0.731'. [ 290.315462][ T8852] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 290.327272][ T8870] veth0_macvtap: left promiscuous mode [ 290.361057][ T8852] Node 0 DMA32 free:1275656kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44448kB inactive_anon:44kB active_file:60728kB inactive_file:171512kB unevictable:1536kB writepending:2460kB zspages:44kB present:3129332kB managed:2537260kB mlocked:0kB bounce:0kB free_pcp:68840kB local_pcp:68840kB free_cma:0kB [ 290.523638][ T8852] lowmem_reserve[]: 0 0 1 1 1 [ 290.545151][ T8852] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1096kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 290.710405][ T8852] lowmem_reserve[]: 0 0 0 0 0 [ 290.756913][ T8852] Node 1 Normal free:3940948kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 290.940639][ T8852] lowmem_reserve[]: 0 0 0 0 0 [ 290.975805][ T8852] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 291.016349][ T8852] Node 0 DMA32: 1560*4kB (UME) 1474*8kB (UME) 744*16kB (UME) 184*32kB (UME) 34*64kB (UM) 366*128kB (UME) 197*256kB (UM) 78*512kB (UME) 70*1024kB (UME) 1*2048kB (E) 253*4096kB (M) = 1285232kB [ 291.097110][ T8852] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 291.142779][ T8852] Node 1 Normal: 7*4kB (UM) 13*8kB (UM) 11*16kB (UM) 11*32kB (UM) 9*64kB (UM) 5*128kB (UM) 3*256kB (UM) 2*512kB (UM) 3*1024kB (UM) 1*2048kB (U) 960*4096kB (UM) = 3940948kB [ 291.210772][ T8852] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 291.251068][ T8852] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 291.306088][ T8852] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 291.359195][ T8852] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 291.416235][ T8852] 58444 total pagecache pages [ 291.455530][ T8852] 0 pages in swap cache [ 291.474054][ T8852] Free swap = 124996kB [ 291.491294][ T8852] Total swap = 124996kB [ 291.509746][ T8852] 2097051 pages RAM [ 291.525427][ T8852] 0 pages HighMem/MovableOnly [ 291.541088][ T8852] 430847 pages reserved [ 291.556827][ T8852] 0 pages cma reserved [ 292.573448][ T8907] busy [ 292.805169][ T50] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 293.453653][ T8923] netlink: 342 bytes leftover after parsing attributes in process `syz.2.746'. [ 293.722117][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 293.763227][ T8929] FAULT_INJECTION: forcing a failure. [ 293.763227][ T8929] name failslab, interval 1, probability 0, space 0, times 0 [ 293.846769][ T8929] CPU: 0 UID: 0 PID: 8929 Comm: syz.0.748 Not tainted syzkaller #0 PREEMPT(full) [ 293.846812][ T8929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 293.846832][ T8929] Call Trace: [ 293.846843][ T8929] [ 293.846855][ T8929] dump_stack_lvl+0x100/0x190 [ 293.846889][ T8929] should_fail_ex.cold+0x5/0xa [ 293.846910][ T8929] should_failslab+0xc2/0x120 [ 293.846930][ T8929] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 293.846954][ T8929] ? alloc_empty_file+0x5b/0x1c0 [ 293.846981][ T8929] alloc_empty_file+0x5b/0x1c0 [ 293.847004][ T8929] alloc_file_pseudo+0x13a/0x230 [ 293.847028][ T8929] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 293.847051][ T8929] ? security_inode_init_security_anon+0x7b/0x230 [ 293.847073][ T8929] __anon_inode_getfile+0xe8/0x280 [ 293.847100][ T8929] ? _copy_to_user+0xaf/0xd0 [ 293.847117][ T8929] io_uring_setup.cold+0x1951/0x1c6e [ 293.847144][ T8929] ? __pfx_io_uring_setup+0x10/0x10 [ 293.847167][ T8929] ? __pfx_do_futex+0x10/0x10 [ 293.847194][ T8929] ? xfd_validate_state+0x129/0x190 [ 293.847217][ T8929] __x64_sys_io_uring_setup+0xc2/0x170 [ 293.847241][ T8929] do_syscall_64+0x10b/0xf80 [ 293.847264][ T8929] ? clear_bhb_loop+0x40/0x90 [ 293.847283][ T8929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.847299][ T8929] RIP: 0033:0x7f19fff9ce59 [ 293.847313][ T8929] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 293.847329][ T8929] RSP: 002b:00007f1a00f15028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 293.847344][ T8929] RAX: ffffffffffffffda RBX: 00007f1a00215fa0 RCX: 00007f19fff9ce59 [ 293.847354][ T8929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 293.847364][ T8929] RBP: 00007f1a00032d6f R08: 0000000000000000 R09: 0000000000000000 [ 293.847373][ T8929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.847383][ T8929] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 293.847404][ T8929] [ 294.072154][ T8938] FAULT_INJECTION: forcing a failure. [ 294.072154][ T8938] name failslab, interval 1, probability 0, space 0, times 0 [ 294.084872][ T8938] CPU: 0 UID: 0 PID: 8938 Comm: syz.1.751 Not tainted syzkaller #0 PREEMPT(full) [ 294.084897][ T8938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 294.084908][ T8938] Call Trace: [ 294.084914][ T8938] [ 294.084920][ T8938] dump_stack_lvl+0x100/0x190 [ 294.084943][ T8938] should_fail_ex.cold+0x5/0xa [ 294.084965][ T8938] should_failslab+0xc2/0x120 [ 294.084984][ T8938] __kmalloc_cache_noprof+0x7a/0x6f0 [ 294.085013][ T8938] ? snd_virmidi_input_open+0xc8/0x4a0 [ 294.085036][ T8938] ? __kasan_kmalloc+0xaa/0xb0 [ 294.085055][ T8938] snd_virmidi_input_open+0xc8/0x4a0 [ 294.085081][ T8938] open_substream+0x480/0x9b0 [ 294.085099][ T8938] rawmidi_open_priv+0x55d/0x6f0 [ 294.085120][ T8938] snd_rawmidi_open+0x4c9/0xba0 [ 294.085140][ T8938] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 294.085159][ T8938] ? __pfx_default_wake_function+0x10/0x10 [ 294.085183][ T8938] ? kobject_get_unless_zero+0x156/0x200 [ 294.085203][ T8938] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 294.085220][ T8938] snd_open+0x201/0x450 [ 294.085243][ T8938] ? __pfx_snd_open+0x10/0x10 [ 294.085264][ T8938] chrdev_open+0x234/0x6a0 [ 294.085283][ T8938] ? __pfx_apparmor_file_open+0x10/0x10 [ 294.085299][ T8938] ? __pfx_chrdev_open+0x10/0x10 [ 294.085320][ T8938] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 294.085344][ T8938] do_dentry_open+0x6d8/0x1660 [ 294.085363][ T8938] ? __pfx_chrdev_open+0x10/0x10 [ 294.085387][ T8938] vfs_open+0x82/0x3f0 [ 294.085411][ T8938] path_openat+0x208c/0x31a0 [ 294.085437][ T8938] ? __pfx_path_openat+0x10/0x10 [ 294.085464][ T8938] do_file_open+0x20e/0x430 [ 294.085485][ T8938] ? __pfx_do_file_open+0x10/0x10 [ 294.085518][ T8938] ? alloc_fd+0x476/0x790 [ 294.085539][ T8938] ? do_getname+0x191/0x390 [ 294.085563][ T8938] do_sys_openat2+0x10d/0x1e0 [ 294.085587][ T8938] ? __pfx_do_sys_openat2+0x10/0x10 [ 294.085617][ T8938] __x64_sys_openat+0x12d/0x210 [ 294.085640][ T8938] ? __pfx___x64_sys_openat+0x10/0x10 [ 294.085663][ T8938] ? ksys_write+0x1ac/0x250 [ 294.085681][ T8938] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 294.085705][ T8938] ? syscall_user_dispatch+0x76/0x130 [ 294.085726][ T8938] do_syscall_64+0x10b/0xf80 [ 294.085748][ T8938] ? clear_bhb_loop+0x40/0x90 [ 294.085767][ T8938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.085783][ T8938] RIP: 0033:0x7f22be79ce59 [ 294.085798][ T8938] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 294.085813][ T8938] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 294.085829][ T8938] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 294.085839][ T8938] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 294.085850][ T8938] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 294.085859][ T8938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 294.085869][ T8938] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 294.085890][ T8938] [ 294.827587][ T8947] busy [ 295.060706][ T5632] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 295.752485][ T5632] Bluetooth: hci0: command 0x2016 tx timeout [ 295.875544][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 295.922290][ T8973] FAULT_INJECTION: forcing a failure. [ 295.922290][ T8973] name failslab, interval 1, probability 0, space 0, times 0 [ 295.999419][ T8966] FAULT_INJECTION: forcing a failure. [ 295.999419][ T8966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.034785][ T8973] CPU: 0 UID: 0 PID: 8973 Comm: syz.3.762 Not tainted syzkaller #0 PREEMPT(full) [ 296.034810][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 296.034822][ T8973] Call Trace: [ 296.034829][ T8973] [ 296.034836][ T8973] dump_stack_lvl+0x100/0x190 [ 296.034867][ T8973] should_fail_ex.cold+0x5/0xa [ 296.034888][ T8973] should_failslab+0xc2/0x120 [ 296.034908][ T8973] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 296.034931][ T8973] ? alloc_empty_file+0x5b/0x1c0 [ 296.034958][ T8973] alloc_empty_file+0x5b/0x1c0 [ 296.034982][ T8973] alloc_file_pseudo+0x13a/0x230 [ 296.035006][ T8973] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 296.035029][ T8973] ? security_inode_init_security_anon+0x7b/0x230 [ 296.035051][ T8973] __anon_inode_getfile+0xe8/0x280 [ 296.035073][ T8973] ? _copy_to_user+0xaf/0xd0 [ 296.035090][ T8973] io_uring_setup.cold+0x1951/0x1c6e [ 296.035118][ T8973] ? __pfx_io_uring_setup+0x10/0x10 [ 296.035140][ T8973] ? __pfx_do_futex+0x10/0x10 [ 296.035166][ T8973] ? xfd_validate_state+0x129/0x190 [ 296.035189][ T8973] __x64_sys_io_uring_setup+0xc2/0x170 [ 296.035209][ T8973] do_syscall_64+0x10b/0xf80 [ 296.035233][ T8973] ? clear_bhb_loop+0x40/0x90 [ 296.035252][ T8973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.035269][ T8973] RIP: 0033:0x7fe4c7d9ce59 [ 296.035283][ T8973] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 296.035303][ T8973] RSP: 002b:00007fe4c5ff6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 296.035319][ T8973] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 296.035329][ T8973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 296.035338][ T8973] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 296.035347][ T8973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 296.035356][ T8973] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 296.035377][ T8973] [ 296.489348][ T8966] CPU: 0 UID: 0 PID: 8966 Comm: syz.0.759 Not tainted syzkaller #0 PREEMPT(full) [ 296.489373][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 296.489384][ T8966] Call Trace: [ 296.489390][ T8966] [ 296.489396][ T8966] dump_stack_lvl+0x100/0x190 [ 296.489419][ T8966] should_fail_ex.cold+0x5/0xa [ 296.489439][ T8966] _copy_to_iter+0x1f3/0x1720 [ 296.489459][ T8966] ? __pfx___skb_try_recv_datagram+0x10/0x10 [ 296.489483][ T8966] ? __pfx__copy_to_iter+0x10/0x10 [ 296.489503][ T8966] ? __skb_recv_datagram+0x1b2/0x220 [ 296.489524][ T8966] simple_copy_to_iter+0x46/0x90 [ 296.489549][ T8966] __skb_datagram_iter+0x129/0x900 [ 296.489573][ T8966] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 296.489603][ T8966] skb_copy_datagram_iter+0xa5/0x270 [ 296.489627][ T8966] ? aa_sk_perm+0x309/0xaa0 [ 296.489646][ T8966] netlink_recvmsg+0x27e/0xa90 [ 296.489670][ T8966] ? __pfx_netlink_recvmsg+0x10/0x10 [ 296.489690][ T8966] ? __fget_files+0x215/0x3d0 [ 296.489709][ T8966] ? __fget_files+0x215/0x3d0 [ 296.489729][ T8966] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 296.489754][ T8966] ? __pfx_netlink_recvmsg+0x10/0x10 [ 296.489777][ T8966] sock_recvmsg+0x1a4/0x1f0 [ 296.489801][ T8966] __sys_recvfrom+0x200/0x300 [ 296.489819][ T8966] ? __pfx___sys_recvfrom+0x10/0x10 [ 296.489851][ T8966] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 296.489871][ T8966] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 296.489903][ T8966] __x64_sys_recvfrom+0xe0/0x1c0 [ 296.489921][ T8966] ? do_syscall_64+0x90/0xf80 [ 296.489944][ T8966] ? lockdep_hardirqs_on+0x78/0x100 [ 296.489967][ T8966] do_syscall_64+0x10b/0xf80 [ 296.489990][ T8966] ? clear_bhb_loop+0x40/0x90 [ 296.490009][ T8966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.490025][ T8966] RIP: 0033:0x7f19fff5d68e [ 296.490039][ T8966] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 296.490054][ T8966] RSP: 002b:00007f1a00f13ee8 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 296.490070][ T8966] RAX: ffffffffffffffda RBX: 00007f1a00f156c0 RCX: 00007f19fff5d68e [ 296.490081][ T8966] RDX: 0000000000001000 RSI: 00007f1a00f14000 RDI: 0000000000000000 [ 296.490090][ T8966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 296.490102][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000020c0 [ 296.490112][ T8966] R13: 00007f1a00f13fb0 R14: 0000000000000013 R15: 0000000000000000 [ 296.490131][ T8966] [ 297.177003][ T8979] FAULT_INJECTION: forcing a failure. [ 297.177003][ T8979] name failslab, interval 1, probability 0, space 0, times 0 [ 297.229320][ T8979] CPU: 0 UID: 0 PID: 8979 Comm: syz.2.763 Not tainted syzkaller #0 PREEMPT(full) [ 297.229346][ T8979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 297.229356][ T8979] Call Trace: [ 297.229361][ T8979] [ 297.229368][ T8979] dump_stack_lvl+0x100/0x190 [ 297.229391][ T8979] should_fail_ex.cold+0x5/0xa [ 297.229412][ T8979] should_failslab+0xc2/0x120 [ 297.229431][ T8979] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 297.229456][ T8979] ? __d_alloc+0x34/0xa40 [ 297.229480][ T8979] __d_alloc+0x34/0xa40 [ 297.229500][ T8979] ? security_inode_alloc+0xcf/0x2c0 [ 297.229517][ T8979] d_alloc_pseudo+0x1c/0xc0 [ 297.229533][ T8979] alloc_file_pseudo+0xcf/0x230 [ 297.229558][ T8979] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 297.229581][ T8979] ? security_inode_init_security_anon+0x7b/0x230 [ 297.229602][ T8979] __anon_inode_getfile+0xe8/0x280 [ 297.229624][ T8979] ? _copy_to_user+0xaf/0xd0 [ 297.229642][ T8979] io_uring_setup.cold+0x1951/0x1c6e [ 297.229668][ T8979] ? __pfx_io_uring_setup+0x10/0x10 [ 297.229692][ T8979] ? __pfx_do_futex+0x10/0x10 [ 297.229719][ T8979] ? xfd_validate_state+0x129/0x190 [ 297.229742][ T8979] __x64_sys_io_uring_setup+0xc2/0x170 [ 297.229762][ T8979] do_syscall_64+0x10b/0xf80 [ 297.229787][ T8979] ? clear_bhb_loop+0x40/0x90 [ 297.229805][ T8979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.229822][ T8979] RIP: 0033:0x7f49b6d9ce59 [ 297.229836][ T8979] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 297.229852][ T8979] RSP: 002b:00007f49b7c5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 297.229867][ T8979] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 297.229878][ T8979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 297.229887][ T8979] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 297.229896][ T8979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.229905][ T8979] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 297.229934][ T8979] [ 297.463053][ T8981] busy [ 297.819895][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 297.830569][ T5641] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 297.837937][ T5643] Bluetooth: hci0: command 0x2016 tx timeout [ 297.963859][ T5629] Bluetooth: hci1: command 0x0c1a tx timeout [ 299.158634][ T9003] busy [ 299.456634][ T5632] Bluetooth: hci1: hcon ffff8880358d0000 sent 0 < count 256 [ 299.909546][ T5641] Bluetooth: hci3: command 0x2016 tx timeout [ 299.988662][ T5632] Bluetooth: hci1: command 0x0c1a tx timeout [ 300.997009][ T50] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 301.004648][ T50] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 301.241421][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 301.271775][ T9034] FAULT_INJECTION: forcing a failure. [ 301.271775][ T9034] name failslab, interval 1, probability 0, space 0, times 0 [ 301.346507][ T9034] CPU: 0 UID: 0 PID: 9034 Comm: syz.0.778 Not tainted syzkaller #0 PREEMPT(full) [ 301.346532][ T9034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 301.346543][ T9034] Call Trace: [ 301.346549][ T9034] [ 301.346555][ T9034] dump_stack_lvl+0x100/0x190 [ 301.346579][ T9034] should_fail_ex.cold+0x5/0xa [ 301.346599][ T9034] should_failslab+0xc2/0x120 [ 301.346619][ T9034] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 301.346643][ T9034] ? alloc_empty_file+0x5b/0x1c0 [ 301.346669][ T9034] alloc_empty_file+0x5b/0x1c0 [ 301.346693][ T9034] alloc_file_pseudo+0x13a/0x230 [ 301.346716][ T9034] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 301.346739][ T9034] ? security_inode_init_security_anon+0x7b/0x230 [ 301.346760][ T9034] __anon_inode_getfile+0xe8/0x280 [ 301.346783][ T9034] ? _copy_to_user+0xaf/0xd0 [ 301.346802][ T9034] io_uring_setup.cold+0x1951/0x1c6e [ 301.346830][ T9034] ? __pfx_io_uring_setup+0x10/0x10 [ 301.346853][ T9034] ? __pfx_do_futex+0x10/0x10 [ 301.346879][ T9034] ? xfd_validate_state+0x129/0x190 [ 301.346901][ T9034] __x64_sys_io_uring_setup+0xc2/0x170 [ 301.346923][ T9034] do_syscall_64+0x10b/0xf80 [ 301.346945][ T9034] ? clear_bhb_loop+0x40/0x90 [ 301.346964][ T9034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.346980][ T9034] RIP: 0033:0x7f19fff9ce59 [ 301.346993][ T9034] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 301.347008][ T9034] RSP: 002b:00007f1a00f15028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 301.347024][ T9034] RAX: ffffffffffffffda RBX: 00007f1a00215fa0 RCX: 00007f19fff9ce59 [ 301.347034][ T9034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 301.347043][ T9034] RBP: 00007f1a00032d6f R08: 0000000000000000 R09: 0000000000000000 [ 301.347052][ T9034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 301.347061][ T9034] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 301.347080][ T9034] [ 302.023655][ T50] Bluetooth: hci3: command 0x2016 tx timeout [ 302.240220][ T9044] futex_wake_op: syz.2.780 tries to shift op by -2048; fix this program [ 302.337966][ T9048] blktrace: Concurrent blktraces are not allowed on loop2 [ 302.592912][ T9059] netlink: zone id is out of range [ 302.668257][ T9064] busy [ 302.711770][ T9059] netlink: zone id is out of range [ 302.838035][ T9059] netlink: zone id is out of range [ 302.977824][ T9059] netlink: zone id is out of range [ 303.095576][ T9059] netlink: zone id is out of range [ 303.198926][ T9059] netlink: zone id is out of range [ 303.270761][ T5632] Bluetooth: hci0: command 0x2016 tx timeout [ 303.307605][ T9059] netlink: zone id is out of range [ 303.410816][ T9059] netlink: zone id is out of range [ 303.518789][ T9059] netlink: zone id is out of range [ 303.611280][ T9059] netlink: zone id is out of range [ 305.352842][ T5641] Bluetooth: hci0: command 0x2016 tx timeout [ 306.632592][ T9129] FAULT_INJECTION: forcing a failure. [ 306.632592][ T9129] name failslab, interval 1, probability 0, space 0, times 0 [ 306.693986][ T9129] CPU: 0 UID: 0 PID: 9129 Comm: syz.0.790 Not tainted syzkaller #0 PREEMPT(full) [ 306.694011][ T9129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 306.694021][ T9129] Call Trace: [ 306.694027][ T9129] [ 306.694034][ T9129] dump_stack_lvl+0x100/0x190 [ 306.694058][ T9129] should_fail_ex.cold+0x5/0xa [ 306.694079][ T9129] should_failslab+0xc2/0x120 [ 306.694098][ T9129] __kmalloc_cache_noprof+0x7a/0x6f0 [ 306.694120][ T9129] ? nfc_genl_rcv_nl_event+0xc1/0x300 [ 306.694150][ T9129] nfc_genl_rcv_nl_event+0xc1/0x300 [ 306.694168][ T9129] notifier_call_chain+0x99/0x400 [ 306.694197][ T9129] blocking_notifier_call_chain+0x69/0xa0 [ 306.694223][ T9129] netlink_release+0x167a/0x2030 [ 306.694250][ T9129] ? netlink_release+0x1e0/0x2030 [ 306.694275][ T9129] ? __pfx_netlink_release+0x10/0x10 [ 306.694300][ T9129] ? __pfx_locks_remove_file+0x10/0x10 [ 306.694326][ T9129] __sock_release+0xb3/0x260 [ 306.694346][ T9129] ? __pfx_sock_close+0x10/0x10 [ 306.694364][ T9129] sock_close+0x1c/0x30 [ 306.694381][ T9129] __fput+0x3ff/0xb50 [ 306.694408][ T9129] fput_close_sync+0x118/0x250 [ 306.694434][ T9129] ? __pfx_fput_close_sync+0x10/0x10 [ 306.694462][ T9129] __x64_sys_close+0x8b/0x120 [ 306.694476][ T9129] do_syscall_64+0x10b/0xf80 [ 306.694499][ T9129] ? clear_bhb_loop+0x40/0x90 [ 306.694518][ T9129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.694534][ T9129] RIP: 0033:0x7f19fff5d68e [ 306.694548][ T9129] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 306.694563][ T9129] RSP: 002b:00007f1a00f13f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 306.694579][ T9129] RAX: ffffffffffffffda RBX: 00007f1a00f156c0 RCX: 00007f19fff5d68e [ 306.694590][ T9129] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 306.694599][ T9129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 306.694608][ T9129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 306.694617][ T9129] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 306.694637][ T9129] [ 306.995176][ T5632] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 307.167010][ T9134] zswap: compressor not available [ 307.290476][ T9142] busy [ 307.407920][ T5641] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 309.028232][ T5632] Bluetooth: hci1: command 0x0c1a tx timeout [ 311.107979][ T5641] Bluetooth: hci1: command 0x0c1a tx timeout [ 311.426186][ T9204] netlink: 25 bytes leftover after parsing attributes in process `syz.2.807'. [ 311.513005][ T9206] FAULT_INJECTION: forcing a failure. [ 311.513005][ T9206] name failslab, interval 1, probability 0, space 0, times 0 [ 311.585253][ T9206] CPU: 0 UID: 0 PID: 9206 Comm: syz.1.808 Not tainted syzkaller #0 PREEMPT(full) [ 311.585276][ T9206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 311.585286][ T9206] Call Trace: [ 311.585292][ T9206] [ 311.585298][ T9206] dump_stack_lvl+0x100/0x190 [ 311.585320][ T9206] should_fail_ex.cold+0x5/0xa [ 311.585341][ T9206] should_failslab+0xc2/0x120 [ 311.585369][ T9206] __kmalloc_cache_noprof+0x7a/0x6f0 [ 311.585391][ T9206] ? snd_virmidi_input_open+0xc8/0x4a0 [ 311.585413][ T9206] ? __kasan_kmalloc+0xaa/0xb0 [ 311.585431][ T9206] snd_virmidi_input_open+0xc8/0x4a0 [ 311.585456][ T9206] open_substream+0x480/0x9b0 [ 311.585473][ T9206] rawmidi_open_priv+0x55d/0x6f0 [ 311.585494][ T9206] snd_rawmidi_open+0x4c9/0xba0 [ 311.585515][ T9206] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 311.585533][ T9206] ? __pfx_default_wake_function+0x10/0x10 [ 311.585556][ T9206] ? kobject_get_unless_zero+0x156/0x200 [ 311.585575][ T9206] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 311.585592][ T9206] snd_open+0x201/0x450 [ 311.585614][ T9206] ? __pfx_snd_open+0x10/0x10 [ 311.585636][ T9206] chrdev_open+0x234/0x6a0 [ 311.585655][ T9206] ? __pfx_apparmor_file_open+0x10/0x10 [ 311.585671][ T9206] ? __pfx_chrdev_open+0x10/0x10 [ 311.585690][ T9206] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 311.585714][ T9206] do_dentry_open+0x6d8/0x1660 [ 311.585732][ T9206] ? __pfx_chrdev_open+0x10/0x10 [ 311.585757][ T9206] vfs_open+0x82/0x3f0 [ 311.585780][ T9206] path_openat+0x208c/0x31a0 [ 311.585806][ T9206] ? __pfx_path_openat+0x10/0x10 [ 311.585831][ T9206] do_file_open+0x20e/0x430 [ 311.585852][ T9206] ? __pfx_do_file_open+0x10/0x10 [ 311.585884][ T9206] ? alloc_fd+0x476/0x790 [ 311.585903][ T9206] ? do_getname+0x191/0x390 [ 311.585927][ T9206] do_sys_openat2+0x10d/0x1e0 [ 311.585949][ T9206] ? __pfx_do_sys_openat2+0x10/0x10 [ 311.585979][ T9206] __x64_sys_openat+0x12d/0x210 [ 311.586002][ T9206] ? __pfx___x64_sys_openat+0x10/0x10 [ 311.586023][ T9206] ? ksys_write+0x1ac/0x250 [ 311.586041][ T9206] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 311.586064][ T9206] ? syscall_user_dispatch+0x76/0x130 [ 311.586084][ T9206] do_syscall_64+0x10b/0xf80 [ 311.586106][ T9206] ? clear_bhb_loop+0x40/0x90 [ 311.586124][ T9206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.586139][ T9206] RIP: 0033:0x7f22be79ce59 [ 311.586161][ T9206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 311.586176][ T9206] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 311.586191][ T9206] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 311.586202][ T9206] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 311.586212][ T9206] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 311.586221][ T9206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.586231][ T9206] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 311.586250][ T9206] [ 312.830830][ T9219] nbd: illegal input index 37139 [ 313.909307][ T9239] netlink: 25 bytes leftover after parsing attributes in process `syz.2.817'. [ 314.128552][ T9241] FAULT_INJECTION: forcing a failure. [ 314.128552][ T9241] name failslab, interval 1, probability 0, space 0, times 0 [ 314.193401][ T9241] CPU: 0 UID: 0 PID: 9241 Comm: syz.2.818 Not tainted syzkaller #0 PREEMPT(full) [ 314.193426][ T9241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 314.193437][ T9241] Call Trace: [ 314.193442][ T9241] [ 314.193449][ T9241] dump_stack_lvl+0x100/0x190 [ 314.193473][ T9241] should_fail_ex.cold+0x5/0xa [ 314.193494][ T9241] should_failslab+0xc2/0x120 [ 314.193514][ T9241] __kmalloc_cache_noprof+0x7a/0x6f0 [ 314.193537][ T9241] ? open_substream+0xec/0x9b0 [ 314.193553][ T9241] ? mark_held_locks+0x40/0x70 [ 314.193571][ T9241] open_substream+0xec/0x9b0 [ 314.193589][ T9241] rawmidi_open_priv+0x595/0x6f0 [ 314.193610][ T9241] snd_rawmidi_open+0x4c9/0xba0 [ 314.193633][ T9241] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 314.193651][ T9241] ? __pfx_default_wake_function+0x10/0x10 [ 314.193674][ T9241] ? kobject_get_unless_zero+0x156/0x200 [ 314.193695][ T9241] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 314.193713][ T9241] snd_open+0x201/0x450 [ 314.193736][ T9241] ? __pfx_snd_open+0x10/0x10 [ 314.193766][ T9241] chrdev_open+0x234/0x6a0 [ 314.193786][ T9241] ? __pfx_apparmor_file_open+0x10/0x10 [ 314.193803][ T9241] ? __pfx_chrdev_open+0x10/0x10 [ 314.193824][ T9241] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 314.193849][ T9241] do_dentry_open+0x6d8/0x1660 [ 314.193868][ T9241] ? __pfx_chrdev_open+0x10/0x10 [ 314.193892][ T9241] vfs_open+0x82/0x3f0 [ 314.193917][ T9241] path_openat+0x208c/0x31a0 [ 314.193943][ T9241] ? __pfx_path_openat+0x10/0x10 [ 314.193969][ T9241] do_file_open+0x20e/0x430 [ 314.193990][ T9241] ? __pfx_do_file_open+0x10/0x10 [ 314.194024][ T9241] ? alloc_fd+0x476/0x790 [ 314.194044][ T9241] ? do_getname+0x191/0x390 [ 314.194068][ T9241] do_sys_openat2+0x10d/0x1e0 [ 314.194091][ T9241] ? __pfx_do_sys_openat2+0x10/0x10 [ 314.194122][ T9241] __x64_sys_openat+0x12d/0x210 [ 314.194145][ T9241] ? __pfx___x64_sys_openat+0x10/0x10 [ 314.194168][ T9241] ? ksys_write+0x1ac/0x250 [ 314.194185][ T9241] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 314.194210][ T9241] ? syscall_user_dispatch+0x76/0x130 [ 314.194230][ T9241] do_syscall_64+0x10b/0xf80 [ 314.194253][ T9241] ? clear_bhb_loop+0x40/0x90 [ 314.194272][ T9241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.194288][ T9241] RIP: 0033:0x7f49b6d9ce59 [ 314.194302][ T9241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 314.194317][ T9241] RSP: 002b:00007f49b7c5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 314.194333][ T9241] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 314.194344][ T9241] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 314.194354][ T9241] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 314.194364][ T9241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 314.194373][ T9241] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 314.194394][ T9241] [ 314.899141][ T9249] FAULT_INJECTION: forcing a failure. [ 314.899141][ T9249] name failslab, interval 1, probability 0, space 0, times 0 [ 315.005035][ T9249] CPU: 0 UID: 0 PID: 9249 Comm: syz.1.819 Not tainted syzkaller #0 PREEMPT(full) [ 315.005061][ T9249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 315.005070][ T9249] Call Trace: [ 315.005076][ T9249] [ 315.005083][ T9249] dump_stack_lvl+0x100/0x190 [ 315.005106][ T9249] should_fail_ex.cold+0x5/0xa [ 315.005127][ T9249] should_failslab+0xc2/0x120 [ 315.005146][ T9249] __kmalloc_cache_noprof+0x7a/0x6f0 [ 315.005169][ T9249] ? alloc_tty_struct+0x96/0x8c0 [ 315.005189][ T9249] alloc_tty_struct+0x96/0x8c0 [ 315.005206][ T9249] ? __pfx_alloc_tty_struct+0x10/0x10 [ 315.005228][ T9249] pty_common_install+0x1c7/0xb30 [ 315.005252][ T9249] ? __pfx_pty_install+0x10/0x10 [ 315.005273][ T9249] tty_init_dev.part.0+0x9e/0x470 [ 315.005291][ T9249] tty_open+0xa63/0xfa0 [ 315.005310][ T9249] ? __pfx_tty_open+0x10/0x10 [ 315.005324][ T9249] ? chrdev_open+0x589/0x6a0 [ 315.005343][ T9249] ? chrdev_open+0x589/0x6a0 [ 315.005364][ T9249] ? __pfx_tty_open+0x10/0x10 [ 315.005379][ T9249] chrdev_open+0x234/0x6a0 [ 315.005399][ T9249] ? __pfx_chrdev_open+0x10/0x10 [ 315.005419][ T9249] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 315.005444][ T9249] do_dentry_open+0x6d8/0x1660 [ 315.005463][ T9249] ? __pfx_chrdev_open+0x10/0x10 [ 315.005487][ T9249] vfs_open+0x82/0x3f0 [ 315.005521][ T9249] path_openat+0x208c/0x31a0 [ 315.005549][ T9249] ? __pfx_path_openat+0x10/0x10 [ 315.005577][ T9249] do_file_open+0x20e/0x430 [ 315.005598][ T9249] ? __pfx_do_file_open+0x10/0x10 [ 315.005632][ T9249] ? alloc_fd+0x476/0x790 [ 315.005652][ T9249] ? do_getname+0x191/0x390 [ 315.005677][ T9249] do_sys_openat2+0x10d/0x1e0 [ 315.005700][ T9249] ? __pfx_do_sys_openat2+0x10/0x10 [ 315.005725][ T9249] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 315.005746][ T9249] __x64_sys_openat+0x12d/0x210 [ 315.005771][ T9249] ? __pfx___x64_sys_openat+0x10/0x10 [ 315.005798][ T9249] ? rcu_is_watching+0x12/0xc0 [ 315.005820][ T9249] do_syscall_64+0x10b/0xf80 [ 315.005843][ T9249] ? clear_bhb_loop+0x40/0x90 [ 315.005862][ T9249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.005878][ T9249] RIP: 0033:0x7f22be79ce59 [ 315.005893][ T9249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.005909][ T9249] RSP: 002b:00007f22bf5ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 315.005924][ T9249] RAX: ffffffffffffffda RBX: 00007f22bea16180 RCX: 00007f22be79ce59 [ 315.005935][ T9249] RDX: 0000000000004000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 315.005946][ T9249] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 315.005956][ T9249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.005966][ T9249] R13: 00007f22bea16218 R14: 00007f22bea16180 R15: 00007ffe969821d8 [ 315.005986][ T9249] [ 315.880238][ T5632] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 316.104407][ T9262] FAULT_INJECTION: forcing a failure. [ 316.104407][ T9262] name failslab, interval 1, probability 0, space 0, times 0 [ 316.215937][ T9262] CPU: 0 UID: 0 PID: 9262 Comm: syz.1.823 Not tainted syzkaller #0 PREEMPT(full) [ 316.215962][ T9262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 316.215972][ T9262] Call Trace: [ 316.215978][ T9262] [ 316.215985][ T9262] dump_stack_lvl+0x100/0x190 [ 316.216009][ T9262] should_fail_ex.cold+0x5/0xa [ 316.216040][ T9262] should_failslab+0xc2/0x120 [ 316.216060][ T9262] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 316.216086][ T9262] ? alloc_empty_file+0x5b/0x1c0 [ 316.216116][ T9262] alloc_empty_file+0x5b/0x1c0 [ 316.216139][ T9262] alloc_file_pseudo+0x13a/0x230 [ 316.216163][ T9262] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 316.216186][ T9262] ? security_inode_init_security_anon+0x7b/0x230 [ 316.216209][ T9262] __anon_inode_getfile+0xe8/0x280 [ 316.216232][ T9262] ? _copy_to_user+0xaf/0xd0 [ 316.216250][ T9262] io_uring_setup.cold+0x1951/0x1c6e [ 316.216277][ T9262] ? __pfx_io_uring_setup+0x10/0x10 [ 316.216300][ T9262] ? __pfx_do_futex+0x10/0x10 [ 316.216326][ T9262] ? xfd_validate_state+0x129/0x190 [ 316.216348][ T9262] __x64_sys_io_uring_setup+0xc2/0x170 [ 316.216369][ T9262] do_syscall_64+0x10b/0xf80 [ 316.216392][ T9262] ? clear_bhb_loop+0x40/0x90 [ 316.216430][ T9262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.216447][ T9262] RIP: 0033:0x7f22be79ce59 [ 316.216461][ T9262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 316.216478][ T9262] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 316.216494][ T9262] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 316.216505][ T9262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 316.216514][ T9262] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 316.216524][ T9262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.216533][ T9262] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 316.216553][ T9262] [ 317.123238][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.135414][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.908048][ T5641] Bluetooth: hci2: command 0x2016 tx timeout [ 319.988156][ T5641] Bluetooth: hci2: command 0x2016 tx timeout [ 322.894822][ T9391] FAULT_INJECTION: forcing a failure. [ 322.894822][ T9391] name failslab, interval 1, probability 0, space 0, times 0 [ 322.984202][ T9391] CPU: 0 UID: 60928 PID: 9391 Comm: syz.0.855 Not tainted syzkaller #0 PREEMPT(full) [ 322.984228][ T9391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 322.984238][ T9391] Call Trace: [ 322.984245][ T9391] [ 322.984251][ T9391] dump_stack_lvl+0x100/0x190 [ 322.984276][ T9391] should_fail_ex.cold+0x5/0xa [ 322.984297][ T9391] should_failslab+0xc2/0x120 [ 322.984317][ T9391] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 322.984342][ T9391] ? anon_vma_clone+0x2ba/0xcd0 [ 322.984367][ T9391] anon_vma_clone+0x2ba/0xcd0 [ 322.984395][ T9391] anon_vma_fork+0x1bb/0x6b0 [ 322.984435][ T9391] dup_mmap+0x141f/0x2180 [ 322.984463][ T9391] ? __pfx_dup_mmap+0x10/0x10 [ 322.984482][ T9391] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 322.984508][ T9391] ? __lock_acquire+0x4a5/0x2630 [ 322.984525][ T9391] ? find_held_lock+0x2b/0x80 [ 322.984544][ T9391] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 322.984584][ T9391] copy_process+0x6c78/0x7ed0 [ 322.984606][ T9391] ? __futex_wait+0x256/0x300 [ 322.984639][ T9391] ? __pfx_copy_process+0x10/0x10 [ 322.984664][ T9391] ? futex_hash+0x141/0x370 [ 322.984684][ T9391] kernel_clone+0x12e/0x9c0 [ 322.984705][ T9391] ? __pfx_futex_wait+0x10/0x10 [ 322.984726][ T9391] ? __pfx_kernel_clone+0x10/0x10 [ 322.984758][ T9391] __do_sys_clone+0xd9/0x120 [ 322.984799][ T9391] ? __pfx___do_sys_clone+0x10/0x10 [ 322.984823][ T9391] ? map_id_range_down+0x2bc/0x3b0 [ 322.984855][ T9391] ? rcu_is_watching+0x12/0xc0 [ 322.984876][ T9391] do_syscall_64+0x10b/0xf80 [ 322.984899][ T9391] ? clear_bhb_loop+0x40/0x90 [ 322.984918][ T9391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.984934][ T9391] RIP: 0033:0x7f19fff9ce59 [ 322.984948][ T9391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.984963][ T9391] RSP: 002b:00007f1a00f14fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 322.984979][ T9391] RAX: ffffffffffffffda RBX: 00007f1a00215fa0 RCX: 00007f19fff9ce59 [ 322.984989][ T9391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 322.984998][ T9391] RBP: 00007f1a00032d6f R08: 0000000000000000 R09: 0000000000000000 [ 322.985008][ T9391] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 322.985017][ T9391] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 322.985050][ T9391] [ 323.394726][ T9399] FAULT_INJECTION: forcing a failure. [ 323.394726][ T9399] name failslab, interval 1, probability 0, space 0, times 0 [ 323.407887][ T9399] CPU: 0 UID: 0 PID: 9399 Comm: syz.3.859 Not tainted syzkaller #0 PREEMPT(full) [ 323.407912][ T9399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 323.407923][ T9399] Call Trace: [ 323.407928][ T9399] [ 323.407934][ T9399] dump_stack_lvl+0x100/0x190 [ 323.407957][ T9399] should_fail_ex.cold+0x5/0xa [ 323.407988][ T9399] should_failslab+0xc2/0x120 [ 323.408007][ T9399] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 323.408032][ T9399] ? alloc_empty_file+0x5b/0x1c0 [ 323.408060][ T9399] alloc_empty_file+0x5b/0x1c0 [ 323.408084][ T9399] alloc_file_pseudo+0x13a/0x230 [ 323.408109][ T9399] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 323.408132][ T9399] ? security_inode_init_security_anon+0x7b/0x230 [ 323.408154][ T9399] __anon_inode_getfile+0xe8/0x280 [ 323.408176][ T9399] ? _copy_to_user+0xaf/0xd0 [ 323.408194][ T9399] io_uring_setup.cold+0x1951/0x1c6e [ 323.408221][ T9399] ? __pfx_io_uring_setup+0x10/0x10 [ 323.408244][ T9399] ? __pfx_do_futex+0x10/0x10 [ 323.408270][ T9399] ? xfd_validate_state+0x129/0x190 [ 323.408292][ T9399] __x64_sys_io_uring_setup+0xc2/0x170 [ 323.408312][ T9399] do_syscall_64+0x10b/0xf80 [ 323.408335][ T9399] ? clear_bhb_loop+0x40/0x90 [ 323.408354][ T9399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.408370][ T9399] RIP: 0033:0x7fe4c7d9ce59 [ 323.408384][ T9399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.408400][ T9399] RSP: 002b:00007fe4c5ff6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 323.408416][ T9399] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 323.408426][ T9399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 323.408436][ T9399] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 323.408445][ T9399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.408454][ T9399] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 323.408474][ T9399] [ 323.639505][ T5632] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 324.266977][ T9414] FAULT_INJECTION: forcing a failure. [ 324.266977][ T9414] name failslab, interval 1, probability 0, space 0, times 0 [ 324.321956][ T9414] CPU: 0 UID: 60928 PID: 9414 Comm: syz.3.863 Not tainted syzkaller #0 PREEMPT(full) [ 324.321991][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 324.322002][ T9414] Call Trace: [ 324.322009][ T9414] [ 324.322016][ T9414] dump_stack_lvl+0x100/0x190 [ 324.322040][ T9414] should_fail_ex.cold+0x5/0xa [ 324.322063][ T9414] should_failslab+0xc2/0x120 [ 324.322083][ T9414] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 324.322108][ T9414] ? vm_area_dup+0x27/0x8e0 [ 324.322130][ T9414] ? __vma_start_write+0x17f/0x280 [ 324.322156][ T9414] vm_area_dup+0x27/0x8e0 [ 324.322180][ T9414] dup_mmap+0x6f6/0x2180 [ 324.322209][ T9414] ? __pfx_dup_mmap+0x10/0x10 [ 324.322229][ T9414] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 324.322256][ T9414] ? __lock_acquire+0x4a5/0x2630 [ 324.322273][ T9414] ? find_held_lock+0x2b/0x80 [ 324.322293][ T9414] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 324.322328][ T9414] copy_process+0x6c78/0x7ed0 [ 324.322350][ T9414] ? __futex_wait+0x256/0x300 [ 324.322382][ T9414] ? __pfx_copy_process+0x10/0x10 [ 324.322407][ T9414] ? futex_hash+0x141/0x370 [ 324.322428][ T9414] kernel_clone+0x12e/0x9c0 [ 324.322448][ T9414] ? __pfx_futex_wait+0x10/0x10 [ 324.322471][ T9414] ? __pfx_kernel_clone+0x10/0x10 [ 324.322504][ T9414] __do_sys_clone+0xd9/0x120 [ 324.322526][ T9414] ? __pfx___do_sys_clone+0x10/0x10 [ 324.322548][ T9414] ? map_id_range_down+0x2bc/0x3b0 [ 324.322582][ T9414] ? rcu_is_watching+0x12/0xc0 [ 324.322604][ T9414] do_syscall_64+0x10b/0xf80 [ 324.322628][ T9414] ? clear_bhb_loop+0x40/0x90 [ 324.322648][ T9414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.322665][ T9414] RIP: 0033:0x7fe4c7d9ce59 [ 324.322679][ T9414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 324.322695][ T9414] RSP: 002b:00007fe4c5ff5fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 324.322711][ T9414] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 324.322723][ T9414] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 324.322732][ T9414] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 324.322742][ T9414] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 324.322752][ T9414] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 324.322775][ T9414] [ 325.669594][ T5632] Bluetooth: hci1: command 0x0c1a tx timeout [ 326.191654][ T9441] lo: entered allmulticast mode [ 326.234079][ T9441] binder: 9439:9441 ioctl 541b fffffffffffff4e0 returned -22 [ 326.946642][ T9453] random: crng reseeded on system resumption [ 327.180515][ T9439] lo: left allmulticast mode [ 327.748623][ T5641] Bluetooth: hci1: command 0x0c1a tx timeout [ 329.128995][ T5632] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 329.192486][ T9486] FAULT_INJECTION: forcing a failure. [ 329.192486][ T9486] name failslab, interval 1, probability 0, space 0, times 0 [ 329.284093][ T9486] CPU: 0 UID: 0 PID: 9486 Comm: syz.3.879 Not tainted syzkaller #0 PREEMPT(full) [ 329.284118][ T9486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 329.284128][ T9486] Call Trace: [ 329.284134][ T9486] [ 329.284141][ T9486] dump_stack_lvl+0x100/0x190 [ 329.284164][ T9486] should_fail_ex.cold+0x5/0xa [ 329.284185][ T9486] should_failslab+0xc2/0x120 [ 329.284204][ T9486] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 329.284228][ T9486] ? alloc_empty_file+0x5b/0x1c0 [ 329.284254][ T9486] alloc_empty_file+0x5b/0x1c0 [ 329.284277][ T9486] alloc_file_pseudo+0x13a/0x230 [ 329.284301][ T9486] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 329.284324][ T9486] ? security_inode_init_security_anon+0x7b/0x230 [ 329.284346][ T9486] __anon_inode_getfile+0xe8/0x280 [ 329.284369][ T9486] ? _copy_to_user+0xaf/0xd0 [ 329.284386][ T9486] io_uring_setup.cold+0x1951/0x1c6e [ 329.284413][ T9486] ? __pfx_io_uring_setup+0x10/0x10 [ 329.284435][ T9486] ? __pfx_do_futex+0x10/0x10 [ 329.284461][ T9486] ? xfd_validate_state+0x129/0x190 [ 329.284483][ T9486] __x64_sys_io_uring_setup+0xc2/0x170 [ 329.284516][ T9486] do_syscall_64+0x10b/0xf80 [ 329.284540][ T9486] ? clear_bhb_loop+0x40/0x90 [ 329.284560][ T9486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.284577][ T9486] RIP: 0033:0x7fe4c7d9ce59 [ 329.284591][ T9486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 329.284606][ T9486] RSP: 002b:00007fe4c5ff6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 329.284621][ T9486] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 329.284631][ T9486] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 329.284640][ T9486] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 329.284650][ T9486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.284659][ T9486] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 329.284680][ T9486] [ 329.842111][ T9501] busy [ 330.084169][ T5632] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 331.192662][ T5641] Bluetooth: hci1: command 0x0c1a tx timeout [ 333.268374][ T5632] Bluetooth: hci1: command 0x0c1a tx timeout [ 333.600634][ T9566] busy [ 333.814969][ T5641] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 334.004569][ T5641] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 334.038568][ T9571] FAULT_INJECTION: forcing a failure. [ 334.038568][ T9571] name failslab, interval 1, probability 0, space 0, times 0 [ 334.147014][ T9571] CPU: 0 UID: 0 PID: 9571 Comm: syz.1.900 Not tainted syzkaller #0 PREEMPT(full) [ 334.147038][ T9571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 334.147048][ T9571] Call Trace: [ 334.147054][ T9571] [ 334.147061][ T9571] dump_stack_lvl+0x100/0x190 [ 334.147083][ T9571] should_fail_ex.cold+0x5/0xa [ 334.147110][ T9571] should_failslab+0xc2/0x120 [ 334.147129][ T9571] __kmalloc_cache_noprof+0x7a/0x6f0 [ 334.147152][ T9571] ? io_uring_alloc_task_context+0xa7/0x51f [ 334.147181][ T9571] io_uring_alloc_task_context+0xa7/0x51f [ 334.147206][ T9571] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 334.147232][ T9571] ? alloc_file_pseudo+0x1a5/0x230 [ 334.147256][ T9571] __io_uring_add_tctx_node.cold+0x15/0x1a1 [ 334.147288][ T9571] ? security_inode_init_security_anon+0x7b/0x230 [ 334.147307][ T9571] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 334.147334][ T9571] ? __anon_inode_getfile+0x17c/0x280 [ 334.147359][ T9571] io_uring_setup.cold+0x1993/0x1c6e [ 334.147386][ T9571] ? __pfx_io_uring_setup+0x10/0x10 [ 334.147408][ T9571] ? __pfx_do_futex+0x10/0x10 [ 334.147436][ T9571] ? xfd_validate_state+0x129/0x190 [ 334.147457][ T9571] __x64_sys_io_uring_setup+0xc2/0x170 [ 334.147477][ T9571] do_syscall_64+0x10b/0xf80 [ 334.147500][ T9571] ? clear_bhb_loop+0x40/0x90 [ 334.147518][ T9571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.147533][ T9571] RIP: 0033:0x7f22be79ce59 [ 334.147546][ T9571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 334.147561][ T9571] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 334.147576][ T9571] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 334.147586][ T9571] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 334.147594][ T9571] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 334.147603][ T9571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.147611][ T9571] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 334.147630][ T9571] [ 335.556422][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 335.598639][ T9606] FAULT_INJECTION: forcing a failure. [ 335.598639][ T9606] name failslab, interval 1, probability 0, space 0, times 0 [ 335.667593][ T9602] net_ratelimit: 18 callbacks suppressed [ 335.667611][ T9602] netlink: zone id is out of range [ 335.706259][ T9606] CPU: 0 UID: 0 PID: 9606 Comm: syz.0.912 Not tainted syzkaller #0 PREEMPT(full) [ 335.706283][ T9606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 335.706293][ T9606] Call Trace: [ 335.706298][ T9606] [ 335.706304][ T9606] dump_stack_lvl+0x100/0x190 [ 335.706326][ T9606] should_fail_ex.cold+0x5/0xa [ 335.706347][ T9606] should_failslab+0xc2/0x120 [ 335.706365][ T9606] __kmalloc_cache_noprof+0x7a/0x6f0 [ 335.706386][ T9606] ? io_uring_alloc_task_context+0xa7/0x51f [ 335.706414][ T9606] io_uring_alloc_task_context+0xa7/0x51f [ 335.706442][ T9606] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 335.706468][ T9606] ? alloc_file_pseudo+0x1a5/0x230 [ 335.706492][ T9606] __io_uring_add_tctx_node.cold+0x15/0x1a1 [ 335.706515][ T9606] ? security_inode_init_security_anon+0x7b/0x230 [ 335.706533][ T9606] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 335.706559][ T9606] ? __anon_inode_getfile+0x17c/0x280 [ 335.706583][ T9606] io_uring_setup.cold+0x1993/0x1c6e [ 335.706608][ T9606] ? __pfx_io_uring_setup+0x10/0x10 [ 335.706629][ T9606] ? __pfx_do_futex+0x10/0x10 [ 335.706654][ T9606] ? xfd_validate_state+0x129/0x190 [ 335.706676][ T9606] __x64_sys_io_uring_setup+0xc2/0x170 [ 335.706695][ T9606] do_syscall_64+0x10b/0xf80 [ 335.706717][ T9606] ? clear_bhb_loop+0x40/0x90 [ 335.706735][ T9606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.706751][ T9606] RIP: 0033:0x7f19fff9ce59 [ 335.706764][ T9606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 335.706779][ T9606] RSP: 002b:00007f1a00f15028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 335.706794][ T9606] RAX: ffffffffffffffda RBX: 00007f1a00215fa0 RCX: 00007f19fff9ce59 [ 335.706804][ T9606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 335.706812][ T9606] RBP: 00007f1a00032d6f R08: 0000000000000000 R09: 0000000000000000 [ 335.706821][ T9606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.706830][ T9606] R13: 00007f1a00216038 R14: 00007f1a00215fa0 R15: 00007ffe6a8539e8 [ 335.706850][ T9606] [ 335.979619][ T9602] netlink: zone id is out of range [ 335.984790][ T9602] netlink: zone id is out of range [ 335.990257][ T9602] netlink: zone id is out of range [ 335.995373][ T9602] netlink: zone id is out of range [ 336.000560][ T9602] netlink: zone id is out of range [ 336.005650][ T9602] netlink: zone id is out of range [ 336.011597][ T9602] netlink: zone id is out of range [ 336.017441][ T9602] netlink: zone id is out of range [ 336.022656][ T9602] netlink: zone id is out of range [ 336.156070][ T5641] Bluetooth: hci2: command 0x2016 tx timeout [ 337.224003][ T5641] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 337.232362][ T5641] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 337.246348][ T5641] CPU: 0 UID: 0 PID: 5641 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) [ 337.246371][ T5641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 337.246384][ T5641] Workqueue: hci2 hci_rx_work [ 337.246412][ T5641] Call Trace: [ 337.246418][ T5641] [ 337.246424][ T5641] dump_stack_lvl+0x100/0x190 [ 337.246444][ T5641] sysfs_warn_dup.cold+0x1c/0x28 [ 337.246468][ T5641] sysfs_create_dir_ns+0x24b/0x2b0 [ 337.246487][ T5641] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 337.246503][ T5641] ? find_held_lock+0x2b/0x80 [ 337.246524][ T5641] ? kobject_add_internal+0x25f/0x930 [ 337.246542][ T5641] ? kobject_add_internal+0x25f/0x930 [ 337.246562][ T5641] ? do_raw_spin_unlock+0x145/0x1e0 [ 337.246581][ T5641] kobject_add_internal+0x2c8/0x930 [ 337.246603][ T5641] kobject_add+0x16a/0x1e0 [ 337.246620][ T5641] ? __pfx_kobject_add+0x10/0x10 [ 337.246637][ T5641] ? class_to_subsys+0x10f/0x150 [ 337.246662][ T5641] ? kobject_put+0xb9/0x640 [ 337.246677][ T5641] ? _raw_spin_unlock+0x28/0x50 [ 337.246703][ T5641] device_add+0x294/0x1950 [ 337.246724][ T5641] ? __pfx_dev_set_name+0x10/0x10 [ 337.246747][ T5641] ? __pfx_device_add+0x10/0x10 [ 337.246768][ T5641] ? mgmt_send_event_skb+0x2fb/0x460 [ 337.246796][ T5641] hci_conn_add_sysfs+0x1a3/0x260 [ 337.246813][ T5641] le_conn_complete_evt+0x11eb/0x1f60 [ 337.246841][ T5641] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 337.246861][ T5641] ? __pfx_bt_warn+0x10/0x10 [ 337.246890][ T5641] hci_le_conn_complete_evt+0x23c/0x3a0 [ 337.246913][ T5641] ? skb_pull_data+0x15f/0x1e0 [ 337.246938][ T5641] hci_le_meta_evt+0x34a/0x5f0 [ 337.246962][ T5641] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 337.246987][ T5641] hci_event_packet+0x51c/0xcd0 [ 337.247009][ T5641] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 337.247033][ T5641] ? __pfx_hci_event_packet+0x10/0x10 [ 337.247057][ T5641] ? kcov_remote_start+0x374/0x660 [ 337.247089][ T5641] ? lockdep_hardirqs_on+0x78/0x100 [ 337.247118][ T5641] hci_rx_work+0x451/0xfc0 [ 337.247144][ T5641] process_one_work+0xa0e/0x1980 [ 337.247169][ T5641] ? __pfx_process_one_work+0x10/0x10 [ 337.247192][ T5641] ? __pfx_hci_rx_work+0x10/0x10 [ 337.247215][ T5641] worker_thread+0x5ef/0xe50 [ 337.247236][ T5641] ? __pfx_worker_thread+0x10/0x10 [ 337.247253][ T5641] ? kthread+0x13a/0x450 [ 337.247266][ T5641] ? __pfx_worker_thread+0x10/0x10 [ 337.247280][ T5641] kthread+0x370/0x450 [ 337.247294][ T5641] ? __pfx_kthread+0x10/0x10 [ 337.247309][ T5641] ret_from_fork+0x72b/0xd50 [ 337.247328][ T5641] ? __pfx_ret_from_fork+0x10/0x10 [ 337.247346][ T5641] ? __switch_to+0x800/0x1100 [ 337.247366][ T5641] ? __switch_to_asm+0x39/0x70 [ 337.247386][ T5641] ? __pfx_kthread+0x10/0x10 [ 337.247401][ T5641] ret_from_fork_asm+0x1a/0x30 [ 337.247432][ T5641] [ 337.247451][ T5641] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 337.552260][ T5641] Bluetooth: hci2: failed to register connection device [ 337.592689][ T50] Bluetooth: hci0: command 0x2016 tx timeout [ 337.625648][ T9627] FAULT_INJECTION: forcing a failure. [ 337.625648][ T9627] name failslab, interval 1, probability 0, space 0, times 0 [ 337.671599][ T9629] netlink: 72 bytes leftover after parsing attributes in process `syz.0.915'. [ 337.695097][ T9627] CPU: 0 UID: 0 PID: 9627 Comm: syz.1.916 Not tainted syzkaller #0 PREEMPT(full) [ 337.695122][ T9627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 337.695133][ T9627] Call Trace: [ 337.695138][ T9627] [ 337.695145][ T9627] dump_stack_lvl+0x100/0x190 [ 337.695168][ T9627] should_fail_ex.cold+0x5/0xa [ 337.695190][ T9627] should_failslab+0xc2/0x120 [ 337.695209][ T9627] __kmalloc_cache_noprof+0x7a/0x6f0 [ 337.695231][ T9627] ? io_uring_alloc_task_context+0xa7/0x51f [ 337.695290][ T9627] io_uring_alloc_task_context+0xa7/0x51f [ 337.695320][ T9627] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 337.695348][ T9627] ? alloc_file_pseudo+0x1a5/0x230 [ 337.695374][ T9627] __io_uring_add_tctx_node.cold+0x15/0x1a1 [ 337.695398][ T9627] ? security_inode_init_security_anon+0x7b/0x230 [ 337.695417][ T9627] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 337.695443][ T9627] ? __anon_inode_getfile+0x17c/0x280 [ 337.695469][ T9627] io_uring_setup.cold+0x1993/0x1c6e [ 337.695496][ T9627] ? __pfx_io_uring_setup+0x10/0x10 [ 337.695526][ T9627] ? __pfx_do_futex+0x10/0x10 [ 337.695553][ T9627] ? xfd_validate_state+0x129/0x190 [ 337.695577][ T9627] __x64_sys_io_uring_setup+0xc2/0x170 [ 337.695599][ T9627] do_syscall_64+0x10b/0xf80 [ 337.695622][ T9627] ? clear_bhb_loop+0x40/0x90 [ 337.695641][ T9627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.695657][ T9627] RIP: 0033:0x7f22be79ce59 [ 337.695673][ T9627] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 337.695689][ T9627] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 337.695705][ T9627] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 337.695715][ T9627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 337.695724][ T9627] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 337.695734][ T9627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.695743][ T9627] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 337.695763][ T9627] [ 338.296902][ T5641] Bluetooth: hci2: command 0x2016 tx timeout [ 338.520609][ T9636] sysfs_service_op_store: Client not running :-5: [ 338.625335][ T9636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.676179][ T9636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.741372][ T30] audit: type=1800 audit(1843104619.210:10): pid=9639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.918" name="dbroot" dev="configfs" ino=31483 res=0 errno=0 [ 339.668467][ T5629] Bluetooth: hci0: command 0x2016 tx timeout [ 340.467923][ T5632] Bluetooth: hci2: command 0x2016 tx timeout [ 340.727614][ T9671] netlink: 16 bytes leftover after parsing attributes in process `syz.3.927'. [ 340.784393][ T30] audit: type=1806 audit(1843104621.280:11): xattr="" res=-22 [ 341.488610][ T9679] netlink: 25 bytes leftover after parsing attributes in process `syz.3.929'. [ 342.553680][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 343.055878][ T9694] sd 0:0:1:0: PR command failed: 1026 [ 343.101248][ T9694] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 343.187044][ T9694] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 345.094109][ T9718] netlink: 25 bytes leftover after parsing attributes in process `syz.0.938'. [ 345.157036][ T9720] FAULT_INJECTION: forcing a failure. [ 345.157036][ T9720] name failslab, interval 1, probability 0, space 0, times 0 [ 345.255327][ T9720] CPU: 0 UID: 60928 PID: 9720 Comm: syz.3.939 Not tainted syzkaller #0 PREEMPT(full) [ 345.255353][ T9720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 345.255364][ T9720] Call Trace: [ 345.255370][ T9720] [ 345.255377][ T9720] dump_stack_lvl+0x100/0x190 [ 345.255401][ T9720] should_fail_ex.cold+0x5/0xa [ 345.255423][ T9720] should_failslab+0xc2/0x120 [ 345.255443][ T9720] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 345.255475][ T9720] ? vm_area_dup+0x27/0x8e0 [ 345.255498][ T9720] ? __vma_start_write+0x17f/0x280 [ 345.255525][ T9720] vm_area_dup+0x27/0x8e0 [ 345.255551][ T9720] dup_mmap+0x6f6/0x2180 [ 345.255581][ T9720] ? __pfx_dup_mmap+0x10/0x10 [ 345.255601][ T9720] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 345.255629][ T9720] ? __lock_acquire+0x4a5/0x2630 [ 345.255645][ T9720] ? find_held_lock+0x2b/0x80 [ 345.255665][ T9720] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 345.255701][ T9720] copy_process+0x6c78/0x7ed0 [ 345.255722][ T9720] ? __futex_wait+0x256/0x300 [ 345.255756][ T9720] ? __pfx_copy_process+0x10/0x10 [ 345.255781][ T9720] ? futex_hash+0x141/0x370 [ 345.255802][ T9720] kernel_clone+0x12e/0x9c0 [ 345.255822][ T9720] ? __pfx_futex_wait+0x10/0x10 [ 345.255845][ T9720] ? __pfx_kernel_clone+0x10/0x10 [ 345.255878][ T9720] __do_sys_clone+0xd9/0x120 [ 345.255901][ T9720] ? __pfx___do_sys_clone+0x10/0x10 [ 345.255922][ T9720] ? map_id_range_down+0x2bc/0x3b0 [ 345.255956][ T9720] ? rcu_is_watching+0x12/0xc0 [ 345.255978][ T9720] do_syscall_64+0x10b/0xf80 [ 345.256016][ T9720] ? clear_bhb_loop+0x40/0x90 [ 345.256035][ T9720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.256051][ T9720] RIP: 0033:0x7fe4c7d9ce59 [ 345.256065][ T9720] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 345.256081][ T9720] RSP: 002b:00007fe4c5ff5fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 345.256096][ T9720] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 345.256106][ T9720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040000 [ 345.256115][ T9720] RBP: 00007fe4c7e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 345.256124][ T9720] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 345.256133][ T9720] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 345.256154][ T9720] [ 346.957951][ T9741] kvm: user requested TSC rate below hardware speed [ 347.859733][ T5632] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 347.916372][ T9753] FAULT_INJECTION: forcing a failure. [ 347.916372][ T9753] name failslab, interval 1, probability 0, space 0, times 0 [ 348.035893][ T9753] CPU: 0 UID: 0 PID: 9753 Comm: syz.1.949 Not tainted syzkaller #0 PREEMPT(full) [ 348.035915][ T9753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 348.035925][ T9753] Call Trace: [ 348.035931][ T9753] [ 348.035937][ T9753] dump_stack_lvl+0x100/0x190 [ 348.035960][ T9753] should_fail_ex.cold+0x5/0xa [ 348.035982][ T9753] should_failslab+0xc2/0x120 [ 348.036001][ T9753] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 348.036025][ T9753] ? security_file_alloc+0x34/0x2c0 [ 348.036044][ T9753] ? trace_kmem_cache_alloc+0xd5/0x100 [ 348.036067][ T9753] security_file_alloc+0x34/0x2c0 [ 348.036087][ T9753] init_file+0x95/0x480 [ 348.036109][ T9753] alloc_empty_file+0x79/0x1c0 [ 348.036132][ T9753] alloc_file_pseudo+0x13a/0x230 [ 348.036156][ T9753] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 348.036179][ T9753] ? security_inode_init_security_anon+0x7b/0x230 [ 348.036200][ T9753] __anon_inode_getfile+0xe8/0x280 [ 348.036223][ T9753] ? _copy_to_user+0xaf/0xd0 [ 348.036240][ T9753] io_uring_setup.cold+0x1951/0x1c6e [ 348.036268][ T9753] ? __pfx_io_uring_setup+0x10/0x10 [ 348.036302][ T9753] ? __pfx_do_futex+0x10/0x10 [ 348.036330][ T9753] ? xfd_validate_state+0x129/0x190 [ 348.036353][ T9753] __x64_sys_io_uring_setup+0xc2/0x170 [ 348.036381][ T9753] do_syscall_64+0x10b/0xf80 [ 348.036406][ T9753] ? clear_bhb_loop+0x40/0x90 [ 348.036424][ T9753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.036441][ T9753] RIP: 0033:0x7f22be79ce59 [ 348.036457][ T9753] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 348.036471][ T9753] RSP: 002b:00007f22bf62e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 348.036487][ T9753] RAX: ffffffffffffffda RBX: 00007f22bea15fa0 RCX: 00007f22be79ce59 [ 348.036497][ T9753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 348.036506][ T9753] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 348.036515][ T9753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.036524][ T9753] R13: 00007f22bea16038 R14: 00007f22bea15fa0 R15: 00007ffe969821d8 [ 348.036544][ T9753] [ 349.086116][ T9765] busy [ 349.215519][ T50] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 349.534834][ T50] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 349.617425][ T9776] bond0: option arp_validate: invalid value () [ 349.910074][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 349.974869][ T9775] netlink: 342 bytes leftover after parsing attributes in process `syz.3.955'. [ 350.564517][ T9791] netlink: 25 bytes leftover after parsing attributes in process `syz.3.959'. [ 351.987975][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 353.526177][ T9845] netlink: 264 bytes leftover after parsing attributes in process `syz.2.974'. [ 354.202101][ T9855] kvm: user requested TSC rate below hardware speed [ 354.842651][ T9873] netlink: 25 bytes leftover after parsing attributes in process `syz.1.979'. [ 356.576289][ T9900] netlink: 4975 bytes leftover after parsing attributes in process `syz.3.987'. [ 356.587668][ T9895] netlink: 28 bytes leftover after parsing attributes in process `syz.1.986'. [ 356.683567][ T9897] binder: 9894:9897 ioctl c0306201 200000000000 returned -14 [ 356.754472][ T9893] FAULT_INJECTION: forcing a failure. [ 356.754472][ T9893] name fail_futex, interval 1, probability 0, space 0, times 0 [ 356.860303][ T9893] CPU: 0 UID: 0 PID: 9893 Comm: syz.2.985 Not tainted syzkaller #0 PREEMPT(full) [ 356.860327][ T9893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 356.860343][ T9893] Call Trace: [ 356.860379][ T9893] [ 356.860385][ T9893] dump_stack_lvl+0x100/0x190 [ 356.860451][ T9893] should_fail_ex.cold+0x5/0xa [ 356.860484][ T9893] get_futex_key+0x1d2/0x1510 [ 356.860515][ T9893] ? __pfx_get_futex_key+0x10/0x10 [ 356.860542][ T9893] futex_wait_setup+0x83/0x510 [ 356.860575][ T9893] __futex_wait+0x19f/0x300 [ 356.860597][ T9893] ? __pfx___futex_wait+0x10/0x10 [ 356.860616][ T9893] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 356.860771][ T9893] ? __pfx_futex_wake_mark+0x10/0x10 [ 356.860793][ T9893] ? futex_hash+0x2ad/0x370 [ 356.860809][ T9893] ? futex_hash+0x141/0x370 [ 356.860826][ T9893] futex_wait+0xe6/0x370 [ 356.860846][ T9893] ? __pfx_futex_wait+0x10/0x10 [ 356.860871][ T9893] ? __might_fault+0xc5/0x140 [ 356.860899][ T9893] do_futex+0x1ef/0x350 [ 356.860917][ T9893] ? __pfx_do_futex+0x10/0x10 [ 356.860939][ T9893] ? __sys_connect+0xe4/0x170 [ 356.861010][ T9893] __x64_sys_futex+0x34f/0x4d0 [ 356.861029][ T9893] ? __pfx___x64_sys_futex+0x10/0x10 [ 356.861050][ T9893] ? rcu_is_watching+0x12/0xc0 [ 356.861083][ T9893] do_syscall_64+0x10b/0xf80 [ 356.861146][ T9893] ? clear_bhb_loop+0x40/0x90 [ 356.861173][ T9893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.861189][ T9893] RIP: 0033:0x7f49b6d9ce59 [ 356.861204][ T9893] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 356.861219][ T9893] RSP: 002b:00007f49b7c3d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 356.861239][ T9893] RAX: ffffffffffffffda RBX: 00007f49b7016098 RCX: 00007f49b6d9ce59 [ 356.861250][ T9893] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f49b7016098 [ 356.861259][ T9893] RBP: 00007f49b7016090 R08: 0000000000000000 R09: 0000000000000000 [ 356.861269][ T9893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.861278][ T9893] R13: 00007f49b7016128 R14: 00007ffe0da5c2c0 R15: 00007ffe0da5c3a8 [ 356.861298][ T9893] [ 358.445236][ T9931] capability: warning: `syz.0.996' uses deprecated v2 capabilities in a way that may be insecure [ 359.800240][ T5632] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 360.231973][ T9966] FAULT_INJECTION: forcing a failure. [ 360.231973][ T9966] name failslab, interval 1, probability 0, space 0, times 0 [ 360.288868][ T9966] CPU: 0 UID: 0 PID: 9966 Comm: syz.2.1004 Not tainted syzkaller #0 PREEMPT(full) [ 360.288893][ T9966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 360.288904][ T9966] Call Trace: [ 360.288910][ T9966] [ 360.288916][ T9966] dump_stack_lvl+0x100/0x190 [ 360.288938][ T9966] should_fail_ex.cold+0x5/0xa [ 360.288960][ T9966] should_failslab+0xc2/0x120 [ 360.289008][ T9966] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 360.289033][ T9966] ? alloc_empty_file+0x5b/0x1c0 [ 360.289073][ T9966] alloc_empty_file+0x5b/0x1c0 [ 360.289096][ T9966] alloc_file_pseudo+0x13a/0x230 [ 360.289120][ T9966] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 360.289143][ T9966] ? security_inode_init_security_anon+0x7b/0x230 [ 360.289249][ T9966] __anon_inode_getfile+0xe8/0x280 [ 360.289281][ T9966] ? _copy_to_user+0xaf/0xd0 [ 360.289338][ T9966] io_uring_setup.cold+0x1951/0x1c6e [ 360.289366][ T9966] ? __pfx_io_uring_setup+0x10/0x10 [ 360.289412][ T9966] ? __pfx_do_futex+0x10/0x10 [ 360.289439][ T9966] ? xfd_validate_state+0x129/0x190 [ 360.289478][ T9966] __x64_sys_io_uring_setup+0xc2/0x170 [ 360.289499][ T9966] do_syscall_64+0x10b/0xf80 [ 360.289522][ T9966] ? clear_bhb_loop+0x40/0x90 [ 360.289542][ T9966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.289560][ T9966] RIP: 0033:0x7f49b6d9ce59 [ 360.289575][ T9966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 360.289590][ T9966] RSP: 002b:00007f49b7c5e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 360.289608][ T9966] RAX: ffffffffffffffda RBX: 00007f49b7015fa0 RCX: 00007f49b6d9ce59 [ 360.289619][ T9966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 360.289629][ T9966] RBP: 00007f49b6e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 360.289639][ T9966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.289649][ T9966] R13: 00007f49b7016038 R14: 00007f49b7015fa0 R15: 00007ffe0da5c3a8 [ 360.289670][ T9966] [ 361.666704][ T50] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 361.831458][ T50] Bluetooth: hci0: command 0x2016 tx timeout [ 363.854177][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b975c00: rx timeout, send abort [ 363.864976][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b975c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 363.913936][ T50] Bluetooth: hci0: command 0x2016 tx timeout [ 365.315590][T10014] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1016'. [ 366.199038][ T5632] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 366.215962][T10026] busy [ 366.282644][ T5632] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 366.654724][T10035] busy [ 368.266562][ T5632] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 369.772529][ T5632] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 369.958872][T10096] busy [ 370.866582][ T5632] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 371.256082][T10121] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1041'. [ 371.347425][T10119] can: request_module (can-proto-5) failed. [ 371.828065][ T50] Bluetooth: hci2: command 0x2016 tx timeout syzkaller syzkaller login: [ 373.171050][ T5632] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 373.908560][ T5632] Bluetooth: hci2: command 0x2016 tx timeout [ 374.444148][T10179] FAULT_INJECTION: forcing a failure. [ 374.444148][T10179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 374.542850][T10179] CPU: 0 UID: 0 PID: 10179 Comm: syz.3.1054 Not tainted syzkaller #0 PREEMPT(full) [ 374.542873][T10179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 374.542882][T10179] Call Trace: [ 374.542888][T10179] [ 374.542894][T10179] dump_stack_lvl+0x100/0x190 [ 374.542917][T10179] should_fail_ex.cold+0x5/0xa [ 374.542937][T10179] _copy_from_iter+0x1f4/0x1690 [ 374.543036][T10179] ? __asan_memset+0x23/0x50 [ 374.543061][T10179] ? __pfx__copy_from_iter+0x10/0x10 [ 374.543078][T10179] ? __pfx___alloc_skb+0x10/0x10 [ 374.543137][T10179] netlink_sendmsg+0x808/0xda0 [ 374.543226][T10179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 374.543248][T10179] ? __import_iovec+0x1d2/0x640 [ 374.543266][T10179] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 374.543337][T10179] ____sys_sendmsg+0x9e1/0xb70 [ 374.543381][T10179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 374.543406][T10179] ? __pfx_____sys_sendmsg+0x10/0x10 [ 374.543431][T10179] ? __pfx__kstrtoull+0x10/0x10 [ 374.543455][T10179] ___sys_sendmsg+0x190/0x1e0 [ 374.543481][T10179] ? __pfx____sys_sendmsg+0x10/0x10 [ 374.543523][T10179] ? find_held_lock+0x2b/0x80 [ 374.543555][T10179] __sys_sendmmsg+0x205/0x430 [ 374.543599][T10179] ? __pfx___sys_sendmmsg+0x10/0x10 [ 374.543624][T10179] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 374.543649][T10179] ? fput+0x79/0x100 [ 374.543670][T10179] ? ksys_write+0x1ac/0x250 [ 374.543687][T10179] ? __pfx_ksys_write+0x10/0x10 [ 374.543708][T10179] __x64_sys_sendmmsg+0x9c/0x100 [ 374.543727][T10179] ? lockdep_hardirqs_on+0x78/0x100 [ 374.543750][T10179] do_syscall_64+0x10b/0xf80 [ 374.543773][T10179] ? clear_bhb_loop+0x40/0x90 [ 374.543792][T10179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.543808][T10179] RIP: 0033:0x7fe4c7d9ce59 [ 374.543822][T10179] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 374.543837][T10179] RSP: 002b:00007fe4c5ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 374.543852][T10179] RAX: ffffffffffffffda RBX: 00007fe4c8015fa0 RCX: 00007fe4c7d9ce59 [ 374.543863][T10179] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 374.543872][T10179] RBP: 00007fe4c5ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 374.543882][T10179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 374.543891][T10179] R13: 00007fe4c8016038 R14: 00007fe4c8015fa0 R15: 00007ffc4641e878 [ 374.543910][T10179] [ 375.084101][ T50] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 375.084176][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 376.140292][T10201] netlink: 'syz.2.1056': attribute type 2 has an invalid length. [ 377.107981][ T50] Bluetooth: hci0: command 0x2016 tx timeout [ 378.550544][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.557009][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.188027][ T5632] Bluetooth: hci0: command 0x2016 tx timeout [ 379.963033][T10247] busy [ 380.209539][T10254] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1074'. [ 380.294774][T10254] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 382.016097][ T50] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 382.533062][T10283] busy [ 382.780222][T10288] busy [ 383.298423][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 384.068581][ T5632] Bluetooth: hci3: command 0x2016 tx timeout [ 384.446697][T10310] ================================================================== [ 384.446738][T10310] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 384.446863][T10310] Write of size 8 at addr ffffc90004a494e0 by task syz.1.1086/10310 [ 384.446877][T10310] [ 384.446885][T10310] CPU: 0 UID: 0 PID: 10310 Comm: syz.1.1086 Not tainted syzkaller #0 PREEMPT(full) [ 384.446903][T10310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 384.446913][T10310] Call Trace: [ 384.446920][T10310] [ 384.446926][T10310] dump_stack_lvl+0x100/0x190 [ 384.446945][T10310] print_report+0x13d/0x4b0 [ 384.446974][T10310] ? _raw_spin_lock_irqsave+0x52/0x60 [ 384.446999][T10310] ? sys_imageblit+0x19fb/0x1d60 [ 384.447020][T10310] kasan_report+0xdf/0x1d0 [ 384.447038][T10310] ? sys_imageblit+0x19fb/0x1d60 [ 384.447063][T10310] sys_imageblit+0x19fb/0x1d60 [ 384.447089][T10310] ? __pfx_sys_imageblit+0x10/0x10 [ 384.447113][T10310] ? prb_read_valid+0x78/0xa0 [ 384.447130][T10310] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 384.447217][T10310] soft_cursor+0x524/0xa10 [ 384.447240][T10310] ? atomic_notifier_call_chain+0x80/0x1c0 [ 384.447273][T10310] ? fb_get_color_depth+0x120/0x250 [ 384.447292][T10310] bit_cursor+0xca1/0x1490 [ 384.447313][T10310] ? __pfx_bit_cursor+0x10/0x10 [ 384.447332][T10310] ? __lock_acquire+0x4a5/0x2630 [ 384.447348][T10310] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 384.447385][T10310] ? get_color+0x1da/0x450 [ 384.447400][T10310] ? __pfx_bit_cursor+0x10/0x10 [ 384.447418][T10310] fbcon_cursor+0x43c/0x5e0 [ 384.447434][T10310] ? add_softcursor+0x1c0/0x290 [ 384.447506][T10310] set_cursor+0x1db/0x250 [ 384.447527][T10310] con_write+0x89/0xb0 [ 384.447541][T10310] n_tty_write+0x431/0x11c0 [ 384.447588][T10310] ? __pfx_n_tty_write+0x10/0x10 [ 384.447606][T10310] ? __pfx_woken_wake_function+0x10/0x10 [ 384.447630][T10310] ? __pfx___might_resched+0x10/0x10 [ 384.447646][T10310] ? kfree+0x1dd/0x6c0 [ 384.447676][T10310] ? __pfx_n_tty_write+0x10/0x10 [ 384.447694][T10310] file_tty_write.isra.0+0x4d2/0x890 [ 384.447743][T10310] redirected_tty_write+0xd4/0x120 [ 384.447766][T10310] vfs_write+0x6ac/0x1070 [ 384.447783][T10310] ? __pfx_redirected_tty_write+0x10/0x10 [ 384.447807][T10310] ? __pfx_vfs_write+0x10/0x10 [ 384.447823][T10310] ? find_held_lock+0x2b/0x80 [ 384.447846][T10310] ksys_write+0x12a/0x250 [ 384.447863][T10310] ? __pfx_ksys_write+0x10/0x10 [ 384.447880][T10310] ? rcu_is_watching+0x12/0xc0 [ 384.447898][T10310] do_syscall_64+0x10b/0xf80 [ 384.447920][T10310] ? clear_bhb_loop+0x40/0x90 [ 384.447937][T10310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.447952][T10310] RIP: 0033:0x7f22be79ce59 [ 384.447966][T10310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.447981][T10310] RSP: 002b:00007f22bf60d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 384.447997][T10310] RAX: ffffffffffffffda RBX: 00007f22bea16090 RCX: 00007f22be79ce59 [ 384.448008][T10310] RDX: 0000000100000001 RSI: 0000000000000000 RDI: 0000000000000006 [ 384.448018][T10310] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 384.448028][T10310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.448037][T10310] R13: 00007f22bea16128 R14: 00007f22bea16090 R15: 00007ffe969821d8 [ 384.448052][T10310] [ 384.448058][T10310] [ 384.448062][T10310] The buggy address belongs to a vmalloc virtual mapping [ 384.448082][T10310] Memory state around the buggy address: [ 384.448090][T10310] ffffc90004a49380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 384.448106][T10310] ffffc90004a49400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 384.448118][T10310] >ffffc90004a49480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 384.448127][T10310] ^ [ 384.448136][T10310] ffffc90004a49500: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 384.448148][T10310] ffffc90004a49580: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 384.448157][T10310] ================================================================== [ 384.472231][T10310] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 384.472248][T10310] CPU: 0 UID: 0 PID: 10310 Comm: syz.1.1086 Not tainted syzkaller #0 PREEMPT(full) [ 384.472268][T10310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 384.472278][T10310] Call Trace: [ 384.472284][T10310] [ 384.472290][T10310] dump_stack_lvl+0x100/0x190 [ 384.472310][T10310] vpanic+0x552/0x970 [ 384.472329][T10310] ? __pfx_vpanic+0x10/0x10 [ 384.472344][T10310] ? mark_held_locks+0x40/0x70 [ 384.472359][T10310] ? sys_imageblit+0x19fb/0x1d60 [ 384.472382][T10310] panic+0xd1/0xe0 [ 384.472394][T10310] ? __pfx_panic+0x10/0x10 [ 384.472409][T10310] ? sys_imageblit+0x19fb/0x1d60 [ 384.472430][T10310] ? preempt_schedule_common+0x42/0xc0 [ 384.472455][T10310] check_panic_on_warn.cold+0x19/0x34 [ 384.472470][T10310] end_report.part.0+0x3a/0x90 [ 384.472491][T10310] kasan_report.cold+0xe/0x18 [ 384.472511][T10310] ? sys_imageblit+0x19fb/0x1d60 [ 384.472535][T10310] sys_imageblit+0x19fb/0x1d60 [ 384.472559][T10310] ? __pfx_sys_imageblit+0x10/0x10 [ 384.472582][T10310] ? prb_read_valid+0x78/0xa0 [ 384.472598][T10310] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 384.472618][T10310] soft_cursor+0x524/0xa10 [ 384.472638][T10310] ? atomic_notifier_call_chain+0x80/0x1c0 [ 384.472670][T10310] ? fb_get_color_depth+0x120/0x250 [ 384.472689][T10310] bit_cursor+0xca1/0x1490 [ 384.472712][T10310] ? __pfx_bit_cursor+0x10/0x10 [ 384.472732][T10310] ? __lock_acquire+0x4a5/0x2630 [ 384.472749][T10310] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 384.472771][T10310] ? get_color+0x1da/0x450 [ 384.472786][T10310] ? __pfx_bit_cursor+0x10/0x10 [ 384.472804][T10310] fbcon_cursor+0x43c/0x5e0 [ 384.472820][T10310] ? add_softcursor+0x1c0/0x290 [ 384.472841][T10310] set_cursor+0x1db/0x250 [ 384.472860][T10310] con_write+0x89/0xb0 [ 384.472874][T10310] n_tty_write+0x431/0x11c0 [ 384.472895][T10310] ? __pfx_n_tty_write+0x10/0x10 [ 384.472912][T10310] ? __pfx_woken_wake_function+0x10/0x10 [ 384.472931][T10310] ? __pfx___might_resched+0x10/0x10 [ 384.472947][T10310] ? kfree+0x1dd/0x6c0 [ 384.472967][T10310] ? __pfx_n_tty_write+0x10/0x10 [ 384.472985][T10310] file_tty_write.isra.0+0x4d2/0x890 [ 384.473011][T10310] redirected_tty_write+0xd4/0x120 [ 384.473035][T10310] vfs_write+0x6ac/0x1070 [ 384.473052][T10310] ? __pfx_redirected_tty_write+0x10/0x10 [ 384.473076][T10310] ? __pfx_vfs_write+0x10/0x10 [ 384.473092][T10310] ? find_held_lock+0x2b/0x80 [ 384.473116][T10310] ksys_write+0x12a/0x250 [ 384.473132][T10310] ? __pfx_ksys_write+0x10/0x10 [ 384.473150][T10310] ? rcu_is_watching+0x12/0xc0 [ 384.473183][T10310] do_syscall_64+0x10b/0xf80 [ 384.473207][T10310] ? clear_bhb_loop+0x40/0x90 [ 384.473224][T10310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.473240][T10310] RIP: 0033:0x7f22be79ce59 [ 384.473254][T10310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.473270][T10310] RSP: 002b:00007f22bf60d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 384.473287][T10310] RAX: ffffffffffffffda RBX: 00007f22bea16090 RCX: 00007f22be79ce59 [ 384.473297][T10310] RDX: 0000000100000001 RSI: 0000000000000000 RDI: 0000000000000006 [ 384.473307][T10310] RBP: 00007f22be832d6f R08: 0000000000000000 R09: 0000000000000000 [ 384.473317][T10310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 384.473327][T10310] R13: 00007f22bea16128 R14: 00007f22bea16090 R15: 00007ffe969821d8 [ 384.473342][T10310] [ 384.473407][T10310] Kernel Offset: disabled