last executing test programs: 4.686793112s ago: executing program 2 (id=1466): r0 = socket(0x2, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0xd, 0x0, &(0x7f0000000140)=0x4) 4.556891869s ago: executing program 1 (id=1467): r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="01032abd7000fedbdf25080000000800048004000480"], 0x1c}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) mknod$auto(0x0, 0x100, 0xf203) r2 = landlock_create_ruleset$auto(0x0, 0xf7, 0x0) ioperm$auto(0x7, 0x6, 0x2) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', &(0x7f0000000300)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)') rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r2) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00010000", @ANYRES16=r3, @ANYBLOB="100028bd7000fbdbdf25010000000b004300547b286fa1ceb6002800430031cdaf167cac15eb95b1206c389a6fddbbe3c7b136dcfb706585ba2bacf6fd4b61fb7c1904003401060066004e20000004001e019b00fa00be37d1e8a183aa7eeb03779fabe17337ec8799112e67fab2b7422e115a24990b01206ea56bb37acea6b0ad8294a22031eb72666188c4d53436f5b3e50267ffa0720dd0bc0cd702d3ef359cf74eb9e31633682305244bb418afaeb0e0cd79b288a9533c78d1881c6b1d08ea78db818d66759e7a590c02d8ad5222de06deace64f2cc4d452bfbf6aceb153d06e9c625b7bdf5a50d4adb20c0004004a01040067000400d100"], 0x100}, 0x1, 0x0, 0x0, 0x884}, 0x40090) nanosleep$auto(0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = socket(0x2, 0x5, 0x0) getsockopt$auto(r4, 0x84, 0xd, 0x0, &(0x7f0000000140)=0x4) r5 = fsopen$auto(0x0, 0x1) io_uring_setup$auto(0x1, 0x0) openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f00000002c0), 0x400, 0x0) ioctl$auto_BTRFS_IOC_SET_RECEIVED_SUBVOL_32(r5, 0xc0c09425, &(0x7f0000000000)={"886c7481a6b9bb2a68b7aa55224c9879", 0x3, 0x0, {0x0, 0xffff}, {0x5, 0xfffffffc}, 0x2, [0x1, 0x2, 0x9, 0x0, 0xffffffff, 0x0, 0x5, 0xffffffffffffffff, 0x3911, 0x7ff, 0x6, 0x8000000000000001, 0x3, 0x7, 0x2, 0x98000]}) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x40000, 0x0) r6 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mmap$auto(0x10000, 0x3020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) kill$auto(r6, 0x11) 4.401625658s ago: executing program 2 (id=1468): openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000200)=""/114, 0x72) r0 = socket(0x9, 0x1, 0x4) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x5, 0x8000000000000004, 0x5) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x0, 0x2000000005, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r2 = syz_clone(0x40040000, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x5) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0xa0, r4, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r5}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x8}, @NL802154_ATTR_SEC_DEVICE={0xc, 0x2e, 0x0, 0x1, [@typed={0x8, 0xae, 0x0, 0x0, @u32=0xffffffff}]}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'veth0_to_hsr\x00'}, @NL802154_ATTR_SEC_LEVEL={0x44, 0x2d, 0x0, 0x1, [@nested={0x3d, 0x12a, 0x0, 0x1, [@nested={0x4, 0xae}, @generic="2ae72cd7329eba8fbb6c658a945a230f9cd393bb4af723de609699aed3db5cce32d71b41d3a195394f6056bb71", @typed={0x8, 0xb9, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}]}]}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x6}]}, 0xa0}, 0x1, 0x0, 0x0, 0x800}, 0x40800) ioctl$auto(r3, 0x5646, r3) read$auto_v4l2_fops_v4l2_dev(r3, &(0x7f0000000080)=""/27, 0x1b) 4.187789612s ago: executing program 0 (id=1470): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) signalfd4$auto(r0, &(0x7f0000000000)={0xfffffffffffffffa}, 0x0, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="1b0026bd7000fedbdf2503000000040008000400038012"], 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r3 = socket(0x1d, 0x2, 0x7) r4 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r5}, 0x6a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r6}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x3, 0x8, 0x5, 0x2, 0x7, 0x1, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3bc, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, 0x8000000000000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x1fe, 0x5) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x68a200, 0x0) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 3.502579928s ago: executing program 1 (id=1471): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0xa, 0x1, 0x84) ioctl$auto_XFS_IOC_COMMIT_RANGE(0xffffffffffffffff, 0x40585883, &(0x7f0000000000)={r0, 0x0, 0x80000001, 0xfffffffffffffffd, 0x8, 0x60000000, [0x280081f4, 0x1, 0x100000000, 0x8, 0x5, 0x2]}) mmap$auto(0x0, 0x5, 0x5, 0x1e, r0, 0x8403) r1 = socket(0x2, 0x3, 0xa) connect$auto(r1, &(0x7f00000000c0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xde}, 0x55) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x6, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, 0x0, 0x68200, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x14, 0xffffffffffffffff, 0x62) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = socket(0xa, 0x5, 0x84) shutdown$auto(0x200000003, 0x2) sendto$auto(r2, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x80000000000000d, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x5, 0x8, 0x1000000, 0x9, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) 3.299634244s ago: executing program 0 (id=1472): ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/vlan/config\x00', 0x2800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/244, 0xf4) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r1, 0x7fffffff, 0x4, 0x0, 0x4) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0x40000080) socket(0x2a, 0x3, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) select$auto(0xffffffff, 0x0, &(0x7f0000000100)={[0xb, 0x4, 0x0, 0x8000000000000000, 0x1, 0x6, 0x9, 0x3, 0x83, 0x6, 0x1e, 0xa, 0x7ff, 0x7, 0x20000000008, 0x7]}, 0x0, 0x0) unshare$auto(0x40000080) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x40044620, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='}\x00') openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0) acct$auto(&(0x7f0000000140)='@\x00') read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/89, 0x59) 3.197800722s ago: executing program 3 (id=1473): bind$auto(0x3, 0x0, 0x6a) mbind$auto(0x9, 0x84, 0x4, 0x0, 0x80000000, 0x7f) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x6879cbd, 0xe6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r1, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_SW_PARAMS2(r2, 0xc0884113, 0x0) shutdown$auto(0x200000003, 0x2) sysfs$auto(0x2, 0x1b, 0x0) openat$auto_bsg_fops_bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000003c0), 0x80303, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x7d1, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x200, 0x8, 0x400000000ff, 0xa, 0x101, 0x5, 0x5, 0xb]}, 0x0, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, 0x0, 0x2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x2, 0x88) capget$auto(&(0x7f0000000000)={0x7, r0}, &(0x7f0000000080)={0x2, 0x1, 0x4}) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 3.061142761s ago: executing program 3 (id=1474): r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x4000, 0x0, 0x6, 0x0, 0xfffffffffffbfffd, 0x4, 0x1, 0x10000000000, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400000000005b8, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x4]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x840}, 0x7, 0x88) mknod$auto(0x0, 0xcb, 0xfffffffa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fcntl$auto_F_UNLCK(r1, 0xb3a, 0x2) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x210, 0xb99, 0xa, 0x10, r1, 0x2) r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0) write$auto(r3, &(0x7f0000000000), 0xef) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mknod$auto(0x0, 0x1, 0x4) 2.689042163s ago: executing program 2 (id=1475): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0xa, 0x1, 0x84) ioctl$auto_XFS_IOC_COMMIT_RANGE(0xffffffffffffffff, 0x40585883, &(0x7f0000000000)={r0, 0x0, 0x80000001, 0xfffffffffffffffd, 0x8, 0x60000000, [0x280081f4, 0x1, 0x100000000, 0x8, 0x5, 0x2]}) mmap$auto(0x0, 0x5, 0x5, 0x1e, r0, 0x8403) r1 = socket(0x2, 0x3, 0xa) connect$auto(r1, &(0x7f00000000c0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xde}, 0x55) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x6, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe\x00', 0x68200, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x14, 0xffffffffffffffff, 0x62) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = socket(0xa, 0x5, 0x84) sendto$auto(r2, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x80000000000000d, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x5, 0x8, 0x1000000, 0x9, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) 2.586696414s ago: executing program 0 (id=1476): ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/vlan/config\x00', 0x2800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/244, 0xf4) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r1, 0x7fffffff, 0x4, 0x0, 0x4) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0x40000080) socket(0x2a, 0x3, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) select$auto(0xffffffff, 0x0, &(0x7f0000000100)={[0xb, 0x4, 0x0, 0x8000000000000000, 0x1, 0x6, 0x9, 0x3, 0x83, 0x6, 0x1e, 0xa, 0x7ff, 0x7, 0x20000000008, 0x7]}, 0x0, 0x0) unshare$auto(0x40000080) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x40044620, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='}\x00') openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0) acct$auto(&(0x7f0000000140)='@\x00') read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/89, 0x59) 2.55423796s ago: executing program 3 (id=1477): r0 = socket(0x2, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0xd, 0x0, &(0x7f0000000140)=0x4) 2.48715818s ago: executing program 1 (id=1478): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x60009, 0x7f, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f000000a500), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000a580)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008040}, 0x20008000) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r2, 0x200, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40010) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_VENDOR(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000000c0)={0x1c, r5, 0x323, 0x70bda5, 0x25dfdbfb, {}, [@NL80211_ATTR_IE_PROBE_RESP={0x5, 0x7f, 'S'}]}, 0x1c}}, 0x40088d4) arch_prctl$auto(0x1024, 0x0) ioctl$auto(r3, 0xc0045540, r3) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) getrandom$auto(0x0, 0x6000000, 0x3) getrandom$auto(&(0x7f0000000180)='\xcc\x00', 0x7, 0x8) socket(0xa, 0x3, 0x3a) ioctl$auto(0x3, 0x5404, 0x38) 2.344606681s ago: executing program 3 (id=1479): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) signalfd4$auto(r0, &(0x7f0000000000)={0xfffffffffffffffa}, 0x0, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="1b0026bd7000fedbdf2503000000040008000400038012000100898771f1c19f1779048590822ad900"], 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r3 = socket(0x1d, 0x2, 0x7) r4 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r5}, 0x6a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r6}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x3, 0x8, 0x5, 0x2, 0x7, 0x1, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3bc, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, 0x8000000000000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x1fe, 0x5) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x68a200, 0x0) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 1.977333161s ago: executing program 0 (id=1480): r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="01032abd7000fedbdf25080000000800048004000480"], 0x1c}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) mknod$auto(0x0, 0x100, 0xf203) r2 = landlock_create_ruleset$auto(0x0, 0xf7, 0x0) ioperm$auto(0x7, 0x6, 0x2) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', &(0x7f0000000300)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)') rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r2) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00010000", @ANYRES16=r3, @ANYBLOB="100028bd7000fbdbdf25010000000b004300547b286fa1ceb6002800430031cdaf167cac15eb95b1206c389a6fddbbe3c7b136dcfb706585ba2bacf6fd4b61fb7c1904003401060066004e20000004001e019b00fa00be37d1e8a183aa7eeb03779fabe17337ec8799112e67fab2b7422e115a24990b01206ea56bb37acea6b0ad8294a22031eb72666188c4d53436f5b3e50267ffa0720dd0bc0cd702d3ef359cf74eb9e31633682305244bb418afaeb0e0cd79b288a9533c78d1881c6b1d08ea78db818d66759e7a590c02d8ad5222de06deace64f2cc4d452bfbf6aceb153d06e9c625b7bdf5a50d4adb20c0004004a01040067000400d100"], 0x100}, 0x1, 0x0, 0x0, 0x884}, 0x40090) nanosleep$auto(0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = socket(0x2, 0x5, 0x0) getsockopt$auto(r4, 0x84, 0xd, 0x0, &(0x7f0000000140)=0x4) r5 = fsopen$auto(0x0, 0x1) io_uring_setup$auto(0x1, 0x0) openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f00000002c0), 0x400, 0x0) ioctl$auto_BTRFS_IOC_SET_RECEIVED_SUBVOL_32(r5, 0xc0c09425, &(0x7f0000000000)={"886c7481a6b9bb2a68b7aa55224c9879", 0x3, 0x0, {0x0, 0xffff}, {0x5, 0xfffffffc}, 0x2, [0x1, 0x2, 0x9, 0x0, 0xffffffff, 0x0, 0x5, 0xffffffffffffffff, 0x3911, 0x7ff, 0x6, 0x8000000000000001, 0x3, 0x7, 0x2, 0x98000]}) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x40000, 0x0) r6 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mmap$auto(0x10000, 0x3020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) kill$auto(r6, 0x11) 1.972887039s ago: executing program 1 (id=1481): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) signalfd4$auto(r0, &(0x7f0000000000)={0xfffffffffffffffa}, 0x0, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="1b0026bd7000fedbdf2503000000040008000400038012"], 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r3 = socket(0x1d, 0x2, 0x7) r4 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r5}, 0x6a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r6}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x3, 0x8, 0x5, 0x2, 0x7, 0x1, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3bc, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, 0x8000000000000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}, 0x1fe, 0x5) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x68a200, 0x0) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 1.733042289s ago: executing program 3 (id=1482): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x400008, 0xe2, 0x9b7f, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x39b8) capget$auto(0x0, &(0x7f0000000180)={0x2000ea6a, 0xf, 0x6}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/dev_mcast\x00', 0x101000, 0x0) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, 0x0, 0x40001, 0x0) io_uring_setup$auto(0x5, &(0x7f0000000240)={0x8f0, 0x5d79, 0x0, 0x4, 0x825, 0xcd29, 0xffffffffffffffff, [0xb4b4, 0x5, 0x8], {0x5, 0x4, 0x8, 0x9, 0x6, 0x2, 0x479f337d, 0x2a5, 0x6}, {0xeca, 0x3ff, 0x7ff, 0x5, 0xf692516, 0x3430, 0xfffffffb, 0x5, 0xc}}) socket(0x15, 0x5, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x40000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c01, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendfile$auto(0x1, 0x3, 0x0, 0xc01) socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0xffff) rseq$auto(0x0, 0x0, 0x0, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) 1.66898594s ago: executing program 1 (id=1483): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) ioctl$auto_TIOCCONS2(0xffffffffffffffff, 0x541d, 0x0) mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x24) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x261c2, 0x84) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) uname$auto(0x0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyqb\x00', 0x0, 0x0) openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x123180, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video44\x00', 0x8a240, 0x0) pidfd_open$auto(0x1, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_TIOCGDEV2(r2, 0x80045438, 0x0) 1.628289075s ago: executing program 2 (id=1484): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x400008, 0xe2, 0x9b7f, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x39b8) capget$auto(0x0, &(0x7f0000000180)={0x2000ea6a, 0xf, 0x6}) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, 0x0, 0x40001, 0x0) io_uring_setup$auto(0x5, &(0x7f0000000240)={0x8f0, 0x5d79, 0x0, 0x4, 0x825, 0xcd29, 0xffffffffffffffff, [0xb4b4, 0x5, 0x8], {0x5, 0x4, 0x8, 0x9, 0x6, 0x2, 0x479f337d, 0x2a5, 0x6}, {0xeca, 0x3ff, 0x7ff, 0x5, 0xf692516, 0x3430, 0xfffffffb, 0x5, 0xc}}) socket(0x15, 0x5, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x40000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c01, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendfile$auto(0x1, 0x3, 0x0, 0xc01) socket(0x10, 0x2, 0x6) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0xffff) rseq$auto(0x0, 0x0, 0x0, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) 907.53974ms ago: executing program 1 (id=1485): ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/vlan/config\x00', 0x2800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/244, 0xf4) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r1, 0x7fffffff, 0x4, 0x0, 0x4) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0x40000080) socket(0x2a, 0x3, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) select$auto(0xffffffff, 0x0, &(0x7f0000000100)={[0xb, 0x4, 0x0, 0x8000000000000000, 0x1, 0x6, 0x9, 0x3, 0x83, 0x6, 0x1e, 0xa, 0x7ff, 0x7, 0x20000000008, 0x7]}, 0x0, 0x0) unshare$auto(0x40000080) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x40044620, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='}\x00') openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0) acct$auto(&(0x7f0000000140)='@\x00') read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/89, 0x59) 726.305876ms ago: executing program 0 (id=1486): r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x4000, 0x0, 0x6, 0x0, 0xfffffffffffbfffd, 0x4, 0x1, 0x10000000000, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400000000005b8, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x4]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x840}, 0x7, 0x88) mknod$auto(0x0, 0xcb, 0xfffffffa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fcntl$auto_F_UNLCK(r1, 0xb3a, 0x2) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x210, 0xb99, 0xa, 0x10, r1, 0x2) r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0) write$auto(r3, &(0x7f0000000000), 0xef) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mknod$auto(0x0, 0x1, 0x4) 386.006547ms ago: executing program 2 (id=1487): futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) 301.742597ms ago: executing program 2 (id=1488): ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/vlan/config\x00', 0x2800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/244, 0xf4) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r1, 0x7fffffff, 0x4, 0x0, 0x4) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0x40000080) socket(0x2a, 0x3, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) select$auto(0xffffffff, 0x0, &(0x7f0000000100)={[0xb, 0x4, 0x0, 0x8000000000000000, 0x1, 0x6, 0x9, 0x3, 0x83, 0x6, 0x1e, 0xa, 0x7ff, 0x7, 0x20000000008, 0x7]}, 0x0, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x40044620, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='}\x00') openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0) acct$auto(&(0x7f0000000140)='@\x00') read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/89, 0x59) 252.245945ms ago: executing program 3 (id=1489): ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/vlan/config\x00', 0x2800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/244, 0xf4) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r1, 0x7fffffff, 0x4, 0x0, 0x4) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0x40000080) socket(0x2a, 0x3, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) select$auto(0xffffffff, 0x0, &(0x7f0000000100)={[0xb, 0x4, 0x0, 0x8000000000000000, 0x1, 0x6, 0x9, 0x3, 0x83, 0x6, 0x1e, 0xa, 0x7ff, 0x7, 0x20000000008, 0x7]}, 0x0, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x40044620, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='}\x00') openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x8000, 0x0) acct$auto(&(0x7f0000000140)='@\x00') read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/89, 0x59) 0s ago: executing program 0 (id=1490): openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x10b040, 0x0) socket(0x2, 0x1, 0x0) sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_proc_mountstats_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) mmap$auto(0x3, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0xa, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)=""/226, 0xe2) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe$auto(&(0x7f00000001c0)) close_range$auto(0x2, 0xa, 0x0) statmount$auto(&(0x7f0000000140)={0x9, @inferred=r0, 0x6, 0x5, 0xfffffffffffffff8}, &(0x7f0000000240)={0x1, 0xc0e, 0x0, 0x5, 0x7, 0x0, 0x1, 0xb32d, 0x0, 0x100000000, 0xfffffffd, 0x299f, 0x4, 0xfffffffffffffff7, 0xdaf, 0xb, 0x100000001, 0x0, 0x1, 0xffffffffffffffc0, 0x40, 0x5, 0x7f, 0x9de, 0x7fffffff, 0x2, [0xa84, 0x3, 0x5b1, 0x0, 0x8, 0x7, 0xfff, 0x401, 0x2, 0x67, 0x67, 0xb8, 0x2, 0x5, 0xe16, 0x3, 0x5, 0xf, 0x4, 0x5, 0x3e1, 0x90, 0x3, 0x7fffffff, 0x9, 0x100000001, 0x5aa, 0x4, 0xa60f, 0x2, 0x2, 0x3, 0xfffffffffffffffe, 0x5, 0xffff, 0x2, 0x2d, 0x6, 0x5f8, 0x4, 0x5, 0x9, 0x8000000000000000, 0x4d6, 0x7, 0x7fffffff], "a918d164dab2238b07fd640eb380f91c9e40ee0395f87673fbe955ba69da0697863630fe3fba1c758e8b87ab7d4d725fab16d52f0e4a7972eea3135c6a8aa2eb99a987d1efa9b317f906cdb2d954d9acc75460905b852763b71578e1fdc919656c6bb8fd03a1fcbb4948e8e47a494eb93d4f38a7be1b3c0f7cb1aae2b5daa8921fad967f2bdf5ce3d35ce24a9b99c72fc1ea5d5770c8a6d351e2b2a5f1"}, 0x1, 0x3) madvise$auto(0x0, 0x9, 0x19) madvise$auto(0x0, 0x53, 0x9) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) getpgrp(0xffffffffffffffff) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000200)='5', 0x1) msync$auto(0x0, 0x2000000005, 0x6) kernel console output (not intermixed with test programs): exec"[5835] was attempted by "./syz-executor exec"[11194] [ 463.486942][T11199] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 463.501558][T11194] netlink: 126 bytes leftover after parsing attributes in process `syz.2.1039'. [ 463.517995][T11201] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 463.562053][T11202] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 463.584834][T11205] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 463.607330][T11206] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 463.703605][T11184] vivid-003: ================= START STATUS ================= [ 463.720737][T11184] vivid-003: Radio HW Seek Mode: Bounded [ 463.757130][T11184] vivid-003: Radio Programmable HW Seek: false [ 463.940024][T11184] vivid-003: RDS Rx I/O Mode: Block I/O [ 463.946175][T11184] vivid-003: Generate RBDS Instead of RDS: false [ 463.971632][T11184] vivid-003: RDS Reception: true [ 463.984803][T11198] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[11198] [ 464.000139][T11184] vivid-003: RDS Program Type: 0 inactive [ 464.016240][T11184] vivid-003: RDS PS Name: inactive [ 464.032469][T11184] vivid-003: RDS Radio Text: inactive [ 464.063246][T11184] vivid-003: RDS Traffic Announcement: false inactive [ 464.105186][T11184] vivid-003: RDS Traffic Program: false inactive [ 464.154112][T11184] vivid-003: RDS Music: false inactive [ 464.163248][T11184] vivid-003: ================== END STATUS ================== [ 464.583318][T11191] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 464.746093][T11221] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 465.854675][T11239] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 466.157253][ T5843] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 466.165115][ T5842] Bluetooth: hci4: command 0xfc11 tx timeout [ 466.384324][T11228] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 466.400096][T11248] Invalid ELF header magic: != ELF [ 466.898558][T11253] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 467.725202][T11264] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 468.012687][T11268] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 468.227670][T11248] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1046'. [ 468.552526][T11248] geneve1: entered allmulticast mode [ 468.563649][T11276] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1051'. [ 468.594583][T11250] vivid-003: ================= START STATUS ================= [ 468.633355][T11250] vivid-003: Radio HW Seek Mode: Bounded [ 468.652874][T11250] vivid-003: Radio Programmable HW Seek: false [ 468.673490][T11250] vivid-003: RDS Rx I/O Mode: Block I/O [ 468.679128][T11250] vivid-003: Generate RBDS Instead of RDS: false [ 468.703268][T11250] vivid-003: RDS Reception: true [ 468.725602][T11276] syz.0.1051 (11276) used greatest stack depth: 20288 bytes left [ 468.736904][T11250] vivid-003: RDS Program Type: 0 inactive [ 468.767031][T11250] vivid-003: RDS PS Name: inactive [ 468.772332][T11250] vivid-003: RDS Radio Text: inactive [ 468.815268][T11250] vivid-003: RDS Traffic Announcement: false inactive [ 468.822134][T11250] vivid-003: RDS Traffic Program: false inactive [ 468.884849][T11250] vivid-003: RDS Music: false inactive [ 468.903540][T11250] vivid-003: ================== END STATUS ================== [ 469.156024][T11283] EXT4-fs error: 1 callbacks suppressed [ 469.156045][T11283] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 469.192256][T11284] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 469.228048][T11286] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 469.245830][T11288] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 469.284864][T11290] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 469.302100][T11292] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1055'. [ 470.233046][T11311] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 471.319636][T11324] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 471.887151][T11310] kexec: Could not allocate control_code_buffer [ 471.966985][T11327] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 472.496328][T11341] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 473.052973][T11348] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 473.145790][T11349] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 473.220370][T11350] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1065'. [ 473.700446][T11335] vivid-003: ================= START STATUS ================= [ 473.708273][T11335] vivid-003: Radio HW Seek Mode: Bounded [ 473.714464][T11335] vivid-003: Radio Programmable HW Seek: false [ 473.720706][T11335] vivid-003: RDS Rx I/O Mode: Block I/O [ 473.726871][T11335] vivid-003: Generate RBDS Instead of RDS: false [ 473.733867][T11335] vivid-003: RDS Reception: true [ 473.738861][T11335] vivid-003: RDS Program Type: 0 inactive [ 473.745162][T11335] vivid-003: RDS PS Name: inactive [ 473.750485][T11335] vivid-003: RDS Radio Text: inactive [ 473.907772][T11335] vivid-003: RDS Traffic Announcement: false inactive [ 473.928316][T11335] vivid-003: RDS Traffic Program: false inactive [ 473.948780][T11335] vivid-003: RDS Music: false inactive [ 474.008394][T11335] vivid-003: ================== END STATUS ================== [ 474.115195][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1065'. [ 474.634856][T11375] EXT4-fs error: 1 callbacks suppressed [ 474.634876][T11375] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 474.974132][T11382] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 475.001196][T11383] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 475.237482][T11388] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1074'. [ 475.256277][T11388] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1074'. [ 475.274037][T11388] netlink: 126 bytes leftover after parsing attributes in process `syz.3.1074'. [ 475.741893][T11404] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 475.905838][ T5842] Bluetooth: hci4: sending frame failed (-49) [ 475.914986][ T5843] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 476.116460][T11414] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 476.158195][T11418] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 476.816731][T11426] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 477.528165][T11435] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 477.665188][T11439] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1084'. [ 477.993872][T11443] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 478.014514][T11444] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 480.076140][T11487] EXT4-fs error: 4 callbacks suppressed [ 480.076159][T11487] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 480.420062][T11469] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 481.008924][T11501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 481.054263][T11501] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 481.103693][T11501] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 481.130650][T11504] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 481.156227][T11501] page_type: f5(slab) [ 481.161349][T11505] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 481.231029][T11501] raw: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 481.309139][T11507] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 481.453478][T11501] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 481.507914][T11510] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 481.582929][T11501] head: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 481.591795][T11501] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 481.600854][T11501] head: 00fff00000000003 ffffea0001e00001 ffffffffffffffff 0000000000000000 [ 481.609643][T11501] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 481.618833][T11501] page dumped because: unmovable page [ 481.624362][T11501] page_owner tracks the page as allocated [ 481.630342][T11501] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 29, tgid 29 (kworker/u8:2), ts 357485345410, free_ts 357365760713 [ 481.651136][T11501] post_alloc_hook+0x181/0x1b0 [ 481.656158][T11501] get_page_from_freelist+0xfce/0x2f80 [ 481.661765][T11501] __alloc_frozen_pages_noprof+0x221/0x2470 [ 481.667831][T11501] alloc_pages_mpol+0x1fc/0x540 [ 481.673634][T11512] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 481.674739][T11513] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 481.713285][T11501] new_slab+0x23d/0x330 [ 481.736777][T11501] ___slab_alloc+0xc5d/0x1720 [ 481.741541][T11501] __slab_alloc.constprop.0+0x56/0xb0 [ 481.743244][T11503] could not allocate digest TFM handle binfmt_misc [ 481.798691][T11501] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 481.833566][T11501] kmalloc_reserve+0xef/0x2c0 [ 481.838299][T11501] __alloc_skb+0x164/0x380 [ 481.846862][T11501] nsim_dev_trap_report_work+0x2af/0xd00 [ 481.852570][T11501] process_one_work+0x9c5/0x1ba0 [ 481.863241][T11501] worker_thread+0x6c8/0xf00 [ 481.867897][T11501] kthread+0x3af/0x750 [ 481.873412][T11501] ret_from_fork+0x45/0x80 [ 481.878207][T11501] ret_from_fork_asm+0x1a/0x30 [ 481.887277][T11490] vivid-003: ================= START STATUS ================= [ 481.893177][T11501] page last free pid 9549 tgid 9548 stack trace: [ 481.901317][T11501] free_frozen_pages+0x6db/0xfb0 [ 481.903285][T11490] vivid-003: Radio HW Seek Mode: Bounded [ 481.919396][T11490] vivid-003: Radio Programmable HW Seek: false [ 481.926826][T11490] vivid-003: RDS Rx I/O Mode: Block I/O [ 481.932455][T11490] vivid-003: Generate RBDS Instead of RDS: false [ 481.937007][T11501] __put_partials+0x14c/0x170 [ 481.946244][T11501] qlist_free_all+0x4e/0x120 [ 481.946685][T11490] vivid-003: RDS Reception: true [ 481.950917][T11501] kasan_quarantine_reduce+0x195/0x1e0 [ 481.958087][T11490] vivid-003: RDS Program Type: 0 inactive [ 481.969902][T11490] vivid-003: RDS PS Name: inactive [ 481.976827][T11490] vivid-003: RDS Radio Text: inactive [ 481.982450][T11490] vivid-003: RDS Traffic Announcement: false inactive [ 481.992137][T11490] vivid-003: RDS Traffic Program: false inactive [ 481.993233][T11501] __kasan_slab_alloc+0x69/0x90 [ 482.007674][T11490] vivid-003: RDS Music: false inactive [ 482.013160][T11501] kmem_cache_alloc_noprof+0x226/0x3d0 [ 482.018734][T11501] alloc_buffer_head+0x21/0x160 [ 482.027486][T11490] vivid-003: ================== END STATUS ================== [ 482.035789][T11501] folio_alloc_buffers+0x2bd/0x830 [ 482.041041][T11501] create_empty_buffers+0x36/0x480 [ 482.053267][T11501] folio_create_buffers+0x109/0x150 [ 482.058567][T11501] __block_write_begin_int+0x321/0x16e0 [ 482.068428][T11501] iomap_write_begin+0x5df/0x1660 [ 482.073850][T11501] iomap_file_buffered_write+0x419/0xc70 [ 482.079603][T11501] blkdev_write_iter+0x574/0xdd0 [ 482.088734][T11501] vfs_write+0x5ae/0x1150 [ 482.093524][T11501] ksys_write+0x12b/0x250 [ 482.429168][T11527] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 482.478097][T11529] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1102'. [ 482.566612][T11530] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1102'. [ 482.739813][T11529] netlink: 210 bytes leftover after parsing attributes in process `syz.1.1102'. [ 482.773181][T11533] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 482.858637][T11535] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 482.957524][T11524] vivid-003: ================= START STATUS ================= [ 482.973155][T11524] vivid-003: Radio HW Seek Mode: Bounded [ 482.981389][T11524] vivid-003: Radio Programmable HW Seek: false [ 482.989619][T11524] vivid-003: RDS Rx I/O Mode: Block I/O [ 483.008906][T11524] vivid-003: Generate RBDS Instead of RDS: false [ 483.015447][T11524] vivid-003: RDS Reception: true [ 483.020550][T11524] vivid-003: RDS Program Type: 0 inactive [ 483.026577][T11524] vivid-003: RDS PS Name: inactive [ 483.035407][T11524] vivid-003: RDS Radio Text: inactive [ 483.040946][T11524] vivid-003: RDS Traffic Announcement: false inactive [ 483.083152][T11524] vivid-003: RDS Traffic Program: false inactive [ 483.089576][T11524] vivid-003: RDS Music: false inactive [ 483.116625][T11524] vivid-003: ================== END STATUS ================== [ 485.664920][T11574] EXT4-fs error: 2 callbacks suppressed [ 485.664940][T11574] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 486.695175][T11585] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 486.751860][T11586] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 486.772251][T11580] ima: policy update failed [ 486.777125][ T30] audit: type=1802 audit(4294967464.372:11): pid=11580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1112" res=0 errno=0 [ 486.880935][T11589] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 487.089360][T11595] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1113'. [ 487.112182][T11597] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1113'. [ 487.166237][T11595] netlink: 210 bytes leftover after parsing attributes in process `syz.1.1113'. [ 487.213450][T11595] FAULT_INJECTION: forcing a failure. [ 487.213450][T11595] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 487.247689][T11595] CPU: 0 UID: 0 PID: 11595 Comm: syz.1.1113 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 487.247727][T11595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 487.247745][T11595] Call Trace: [ 487.247754][T11595] [ 487.247765][T11595] dump_stack_lvl+0x16c/0x1f0 [ 487.247808][T11595] should_fail_ex+0x50a/0x650 [ 487.247860][T11595] strncpy_from_user+0x3b/0x2d0 [ 487.247906][T11595] getname_flags.part.0+0x8f/0x550 [ 487.247945][T11595] getname_flags+0x93/0xf0 [ 487.247984][T11595] __x64_sys_mknod+0x74/0xb0 [ 487.248029][T11595] do_syscall_64+0xcd/0x250 [ 487.248074][T11595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.248117][T11595] RIP: 0033:0x7f697458d169 [ 487.248141][T11595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.248170][T11595] RSP: 002b:00007f6975370038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 487.248198][T11595] RAX: ffffffffffffffda RBX: 00007f69747a5fa0 RCX: 00007f697458d169 [ 487.248217][T11595] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000000 [ 487.248233][T11595] RBP: 00007f697460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 487.248250][T11595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.248266][T11595] R13: 0000000000000000 R14: 00007f69747a5fa0 R15: 00007ffe9f3a7838 [ 487.248301][T11595] [ 487.303275][T11567] vivid-003: ================= START STATUS ================= [ 487.433893][T11567] vivid-003: Radio HW Seek Mode: Bounded [ 487.439600][T11567] vivid-003: Radio Programmable HW Seek: false [ 487.513751][T11567] vivid-003: RDS Rx I/O Mode: Block I/O [ 487.563195][T11567] vivid-003: Generate RBDS Instead of RDS: false [ 487.593338][T11567] vivid-003: RDS Reception: true [ 487.598517][T11567] vivid-003: RDS Program Type: 0 inactive [ 487.604488][T11567] vivid-003: RDS PS Name: inactive [ 487.609829][T11567] vivid-003: RDS Radio Text: inactive [ 487.615534][T11567] vivid-003: RDS Traffic Announcement: false inactive [ 487.622459][T11567] vivid-003: RDS Traffic Program: false inactive [ 487.629066][T11567] vivid-003: RDS Music: false inactive [ 487.637185][T11567] vivid-003: ================== END STATUS ================== [ 487.917474][T11612] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 488.092831][T11616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 488.117714][T11616] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 488.160827][T11616] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 488.176939][T11619] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 488.193277][T11616] page_type: f5(slab) [ 488.197414][T11616] raw: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 488.241407][T11616] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 488.254797][T11621] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 488.291419][T11616] head: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 488.340026][T11616] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 488.351104][T11616] head: 00fff00000000003 ffffea0001e00001 ffffffffffffffff 0000000000000000 [ 488.359958][T11616] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 488.368769][T11616] page dumped because: unmovable page [ 488.374653][T11616] page_owner tracks the page as allocated [ 488.380436][T11616] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 29, tgid 29 (kworker/u8:2), ts 357485345410, free_ts 357365760713 [ 488.401422][T11616] post_alloc_hook+0x181/0x1b0 [ 488.406500][T11616] get_page_from_freelist+0xfce/0x2f80 [ 488.412123][T11616] __alloc_frozen_pages_noprof+0x221/0x2470 [ 488.423314][T11616] alloc_pages_mpol+0x1fc/0x540 [ 488.428237][T11616] new_slab+0x23d/0x330 [ 488.442969][T11616] ___slab_alloc+0xc5d/0x1720 [ 488.453589][T11625] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 488.471404][T11616] __slab_alloc.constprop.0+0x56/0xb0 [ 488.482299][T11616] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 488.489106][T11616] kmalloc_reserve+0xef/0x2c0 [ 488.502549][T11616] __alloc_skb+0x164/0x380 [ 488.512670][T11616] nsim_dev_trap_report_work+0x2af/0xd00 [ 488.522842][T11618] could not allocate digest TFM handle binfmt_misc [ 488.539721][T11616] process_one_work+0x9c5/0x1ba0 [ 488.559951][T11616] worker_thread+0x6c8/0xf00 [ 488.794564][T11616] kthread+0x3af/0x750 [ 488.833442][T11616] ret_from_fork+0x45/0x80 [ 488.857780][T11616] ret_from_fork_asm+0x1a/0x30 [ 488.908053][T11616] page last free pid 9549 tgid 9548 stack trace: [ 488.914517][T11616] free_frozen_pages+0x6db/0xfb0 [ 488.919604][T11616] __put_partials+0x14c/0x170 [ 488.924449][T11616] qlist_free_all+0x4e/0x120 [ 488.935254][T11616] kasan_quarantine_reduce+0x195/0x1e0 [ 488.940782][T11616] __kasan_slab_alloc+0x69/0x90 [ 488.945765][T11616] kmem_cache_alloc_noprof+0x226/0x3d0 [ 488.951305][T11616] alloc_buffer_head+0x21/0x160 [ 488.956401][T11616] folio_alloc_buffers+0x2bd/0x830 [ 488.961596][T11616] create_empty_buffers+0x36/0x480 [ 488.970139][T11629] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1115'. [ 488.979509][T11616] folio_create_buffers+0x109/0x150 [ 489.003147][T11616] __block_write_begin_int+0x321/0x16e0 [ 489.021081][T11616] iomap_write_begin+0x5df/0x1660 [ 489.044895][T11616] iomap_file_buffered_write+0x419/0xc70 [ 489.050608][T11616] blkdev_write_iter+0x574/0xdd0 [ 489.097028][T11616] vfs_write+0x5ae/0x1150 [ 489.097671][T11630] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 489.101427][T11616] ksys_write+0x12b/0x250 [ 489.445220][T11617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1115'. [ 490.243735][T11636] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 490.678531][ T5843] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 491.373672][T11657] EXT4-fs error: 2 callbacks suppressed [ 491.373692][T11657] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 491.533351][T11628] vivid-003: ================= START STATUS ================= [ 491.541085][T11628] vivid-003: Radio HW Seek Mode: Bounded [ 491.573157][T11628] vivid-003: Radio Programmable HW Seek: false [ 491.599840][T11628] vivid-003: RDS Rx I/O Mode: Block I/O [ 491.627845][T11628] vivid-003: Generate RBDS Instead of RDS: false [ 491.651368][T11628] vivid-003: RDS Reception: true [ 491.671283][T11628] vivid-003: RDS Program Type: 0 inactive [ 491.689010][T11628] vivid-003: RDS PS Name: inactive [ 491.696142][T11628] vivid-003: RDS Radio Text: inactive [ 491.724126][T11628] vivid-003: RDS Traffic Announcement: false inactive [ 491.730991][T11628] vivid-003: RDS Traffic Program: false inactive [ 491.773221][T11628] vivid-003: RDS Music: false inactive [ 491.783582][T11628] vivid-003: ================== END STATUS ================== [ 492.200239][T11642] kexec: Could not allocate control_code_buffer [ 492.451413][T11667] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 493.459748][T11683] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 493.611825][T11685] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 493.643941][T11682] can: request_module (can-proto-0) failed. [ 493.693458][T11689] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 493.742719][T11682] warning: `syz.2.1127' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 494.399542][T11695] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1131'. [ 494.421843][T11695] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1131'. [ 494.575150][T11700] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.612928][T11702] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.654417][T11704] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.694035][T11705] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.713445][T11706] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.743230][T11697] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1132'. [ 494.764052][T11703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 494.822346][T11703] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 494.924826][T11703] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 494.981022][T11680] vivid-003: ================= START STATUS ================= [ 494.983321][T11703] page_type: f5(slab) [ 494.988936][T11680] vivid-003: Radio HW Seek Mode: Bounded [ 495.000735][T11680] vivid-003: Radio Programmable HW Seek: false [ 495.019736][T11680] vivid-003: RDS Rx I/O Mode: Block I/O [ 495.029841][T11680] vivid-003: Generate RBDS Instead of RDS: false [ 495.053765][T11703] raw: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 495.062412][T11703] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 495.084141][T11703] head: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 495.093259][T11703] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 495.114710][T11703] head: 00fff00000000003 ffffea0001e00001 ffffffffffffffff 0000000000000000 [ 495.143749][T11680] vivid-003: RDS Reception: true [ 495.148793][T11680] vivid-003: RDS Program Type: 0 inactive [ 495.170383][T11703] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 495.189540][T11703] page dumped because: unmovable page [ 495.197722][T11680] vivid-003: RDS PS Name: inactive [ 495.263430][T11680] vivid-003: RDS Radio Text: inactive [ 495.301919][T11703] page_owner tracks the page as allocated [ 495.309605][T11680] vivid-003: RDS Traffic Announcement: false inactive [ 495.340910][T11703] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 29, tgid 29 (kworker/u8:2), ts 357485345410, free_ts 357365760713 [ 495.342476][T11680] vivid-003: RDS Traffic Program: false inactive [ 495.368492][T11680] vivid-003: RDS Music: false inactive [ 495.396904][T11680] vivid-003: ================== END STATUS ================== [ 495.694498][T11703] post_alloc_hook+0x181/0x1b0 [ 495.704151][T11703] get_page_from_freelist+0xfce/0x2f80 [ 495.722055][T11703] __alloc_frozen_pages_noprof+0x221/0x2470 [ 495.747321][T11703] alloc_pages_mpol+0x1fc/0x540 [ 495.752243][T11703] new_slab+0x23d/0x330 [ 495.784181][T11703] ___slab_alloc+0xc5d/0x1720 [ 495.803164][T11703] __slab_alloc.constprop.0+0x56/0xb0 [ 495.808625][T11703] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 495.843011][T11703] kmalloc_reserve+0xef/0x2c0 [ 495.848269][T11703] __alloc_skb+0x164/0x380 [ 495.852747][T11703] nsim_dev_trap_report_work+0x2af/0xd00 [ 495.858475][T11703] process_one_work+0x9c5/0x1ba0 [ 495.863532][T11703] worker_thread+0x6c8/0xf00 [ 495.868184][T11703] kthread+0x3af/0x750 [ 495.873627][T11703] ret_from_fork+0x45/0x80 [ 495.878128][T11703] ret_from_fork_asm+0x1a/0x30 [ 495.882961][T11703] page last free pid 9549 tgid 9548 stack trace: [ 495.894794][T11703] free_frozen_pages+0x6db/0xfb0 [ 495.899816][T11703] __put_partials+0x14c/0x170 [ 495.910020][T11703] qlist_free_all+0x4e/0x120 [ 495.915002][T11703] kasan_quarantine_reduce+0x195/0x1e0 [ 495.920540][T11703] __kasan_slab_alloc+0x69/0x90 [ 495.925554][T11703] kmem_cache_alloc_noprof+0x226/0x3d0 [ 495.931110][T11703] alloc_buffer_head+0x21/0x160 [ 495.936061][T11703] folio_alloc_buffers+0x2bd/0x830 [ 495.941233][T11703] create_empty_buffers+0x36/0x480 [ 495.946524][T11703] folio_create_buffers+0x109/0x150 [ 495.952197][T11703] __block_write_begin_int+0x321/0x16e0 [ 495.957922][T11703] iomap_write_begin+0x5df/0x1660 [ 495.963341][T11703] iomap_file_buffered_write+0x419/0xc70 [ 495.969047][T11703] blkdev_write_iter+0x574/0xdd0 [ 495.974170][T11703] vfs_write+0x5ae/0x1150 [ 495.978575][T11703] ksys_write+0x12b/0x250 [ 496.782292][T11742] EXT4-fs error: 4 callbacks suppressed [ 496.782312][T11742] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 497.231152][T11718] kexec: Could not allocate control_code_buffer [ 497.320666][T11746] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 497.959777][T11761] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 498.463215][T11766] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1142'. [ 498.808639][T11774] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 498.838987][T11776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1145'. [ 498.860315][T11762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1142'. [ 498.885124][T11777] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.082140][T11778] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.495952][T11790] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.527492][T11791] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.550156][T11792] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.571797][T11794] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.619200][T11783] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1148'. [ 500.367111][T11804] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1152'. [ 500.770419][ T5843] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 500.780538][T11821] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1162'. [ 500.805252][T11821] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1162'. [ 501.132442][T11829] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1155'. [ 501.170610][T11829] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1155'. [ 501.205017][T11829] netlink: 126 bytes leftover after parsing attributes in process `syz.0.1155'. [ 501.246813][T11829] FAULT_INJECTION: forcing a failure. [ 501.246813][T11829] name fail_futex, interval 1, probability 0, space 0, times 0 [ 501.283249][T11829] CPU: 1 UID: 0 PID: 11829 Comm: syz.0.1155 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 501.283294][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 501.283310][T11829] Call Trace: [ 501.283319][T11829] [ 501.283329][T11829] dump_stack_lvl+0x16c/0x1f0 [ 501.283375][T11829] should_fail_ex+0x50a/0x650 [ 501.283418][T11829] ? __pfx_stack_trace_save+0x10/0x10 [ 501.283454][T11829] get_futex_key+0x4a3/0x1000 [ 501.283486][T11829] ? __pfx___filename_parentat+0x10/0x10 [ 501.283525][T11829] ? __pfx_get_futex_key+0x10/0x10 [ 501.283565][T11829] futex_wake+0xe8/0x4e0 [ 501.283605][T11829] ? __pfx_futex_wake+0x10/0x10 [ 501.283654][T11829] do_futex+0x1e5/0x350 [ 501.283707][T11829] ? __pfx_do_futex+0x10/0x10 [ 501.283743][T11829] ? kasan_quarantine_put+0x10a/0x240 [ 501.283789][T11829] __x64_sys_futex+0x1e1/0x4c0 [ 501.283829][T11829] ? __pfx___x64_sys_futex+0x10/0x10 [ 501.283867][T11829] ? getname_flags.part.0+0x1c5/0x550 [ 501.283911][T11829] do_syscall_64+0xcd/0x250 [ 501.283983][T11829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.284028][T11829] RIP: 0033:0x7fa299b8d169 [ 501.284052][T11829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.284089][T11829] RSP: 002b:00007fa29aa0d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 501.284115][T11829] RAX: ffffffffffffffda RBX: 00007fa299da5fa8 RCX: 00007fa299b8d169 [ 501.284134][T11829] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa299da5fac [ 501.284151][T11829] RBP: 00007fa299da5fa0 R08: 00007fa29aa0e000 R09: 0000000000000000 [ 501.284168][T11829] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fa299da5fac [ 501.284186][T11829] R13: 0000000000000000 R14: 00007fff2abc9ab0 R15: 00007fff2abc9b98 [ 501.284218][T11829] [ 501.474547][ C1] vkms_vblank_simulate: vblank timer overrun [ 501.716154][T11808] kexec: Could not allocate control_code_buffer [ 502.313823][T11841] EXT4-fs error: 8 callbacks suppressed [ 502.313843][T11841] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.260029][T11860] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.299254][T11861] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.352283][T11849] ima: policy update failed [ 503.375925][ T30] audit: type=1802 audit(4294967480.972:12): pid=11849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1161" res=0 errno=0 [ 503.473617][T11864] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.721736][T11868] FAULT_INJECTION: forcing a failure. [ 503.721736][T11868] name failslab, interval 1, probability 0, space 0, times 0 [ 503.742793][T11870] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.762000][T11868] CPU: 1 UID: 0 PID: 11868 Comm: syz.3.1164 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 503.762042][T11868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 503.762062][T11868] Call Trace: [ 503.762071][T11868] [ 503.762082][T11868] dump_stack_lvl+0x16c/0x1f0 [ 503.762128][T11868] should_fail_ex+0x50a/0x650 [ 503.762184][T11868] ? fs_reclaim_acquire+0xae/0x150 [ 503.762224][T11868] should_failslab+0xc2/0x120 [ 503.762263][T11868] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 503.762305][T11868] ? alloc_inode+0xbf/0x230 [ 503.762333][T11868] alloc_inode+0xbf/0x230 [ 503.762358][T11868] path_from_stashed+0x560/0xec0 [ 503.762399][T11868] ? do_raw_spin_lock+0x12d/0x2c0 [ 503.762429][T11868] ? __pfx_path_from_stashed+0x10/0x10 [ 503.762467][T11868] ? mntns_get+0x21/0x120 [ 503.762501][T11868] ? do_raw_spin_unlock+0x172/0x230 [ 503.762532][T11868] ns_get_path+0x5f/0x80 [ 503.762570][T11868] proc_ns_get_link+0x122/0x260 [ 503.762609][T11868] ? __pfx_proc_ns_get_link+0x10/0x10 [ 503.762650][T11868] ? __pfx___might_resched+0x10/0x10 [ 503.762703][T11868] ? __pfx_proc_ns_get_link+0x10/0x10 [ 503.762745][T11868] step_into+0x1aba/0x2220 [ 503.762790][T11868] ? __pfx_step_into+0x10/0x10 [ 503.762827][T11868] ? __pfx___up_read+0x10/0x10 [ 503.762882][T11868] path_openat+0x74c/0x2d80 [ 503.762937][T11868] ? __pfx_path_openat+0x10/0x10 [ 503.762981][T11868] ? __pfx___lock_acquire+0x10/0x10 [ 503.763019][T11868] ? lock_acquire.part.0+0x11b/0x380 [ 503.763060][T11868] ? find_held_lock+0x2d/0x110 [ 503.763099][T11868] do_filp_open+0x20c/0x470 [ 503.763151][T11868] ? __pfx_do_filp_open+0x10/0x10 [ 503.763194][T11868] ? find_held_lock+0x2d/0x110 [ 503.763248][T11868] ? alloc_fd+0x41f/0x760 [ 503.763300][T11868] do_sys_openat2+0x17a/0x1e0 [ 503.763332][T11868] ? __pfx_do_sys_openat2+0x10/0x10 [ 503.763361][T11868] ? trace_lock_acquire+0x14e/0x1f0 [ 503.763406][T11868] __x64_sys_openat+0x175/0x210 [ 503.763438][T11868] ? __pfx___x64_sys_openat+0x10/0x10 [ 503.763483][T11868] do_syscall_64+0xcd/0x250 [ 503.763525][T11868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.763567][T11868] RIP: 0033:0x7fdbd238bad0 [ 503.763590][T11868] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 503.763617][T11868] RSP: 002b:00007fdbd3254f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 503.763644][T11868] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdbd238bad0 [ 503.763663][T11868] RDX: 0000000000000002 RSI: 00007fdbd3254fa0 RDI: 00000000ffffff9c [ 503.763693][T11868] RBP: 00007fdbd3254fa0 R08: 0000000000000000 R09: 0000000000000000 [ 503.763712][T11868] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 503.763748][T11868] R13: 0000000000000000 R14: 00007fdbd25a5fa0 R15: 00007ffc4ff97818 [ 503.763790][T11868] [ 503.862529][T11872] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 504.070006][T11873] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 504.071192][T11868] sd 0:0:1:0: PR command failed: 1026 [ 504.087060][T11874] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1163'. [ 504.102564][T11868] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 504.108324][T11875] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 504.129336][T11868] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 504.222032][T11877] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1165'. [ 504.247531][T11879] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1198: comm udevd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 504.276782][T11877] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1165'. [ 504.324655][T11879] udevd[11879]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 504.455097][T11883] FAULT_INJECTION: forcing a failure. [ 504.455097][T11883] name fail_futex, interval 1, probability 0, space 0, times 0 [ 504.479366][T11883] CPU: 0 UID: 0 PID: 11883 Comm: syz.3.1167 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 504.479422][T11883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 504.479439][T11883] Call Trace: [ 504.479447][T11883] [ 504.479459][T11883] dump_stack_lvl+0x16c/0x1f0 [ 504.479502][T11883] should_fail_ex+0x50a/0x650 [ 504.479564][T11883] get_futex_key+0x4a3/0x1000 [ 504.479600][T11883] ? __pfx_get_futex_key+0x10/0x10 [ 504.479644][T11883] futex_wake+0xe8/0x4e0 [ 504.479685][T11883] ? __pfx_futex_wake+0x10/0x10 [ 504.479739][T11883] do_futex+0x1e5/0x350 [ 504.479782][T11883] ? __pfx_do_futex+0x10/0x10 [ 504.479820][T11883] ? __pfx___might_resched+0x10/0x10 [ 504.479868][T11883] __x64_sys_futex+0x1e1/0x4c0 [ 504.479907][T11883] ? __pfx___x64_sys_futex+0x10/0x10 [ 504.479942][T11883] ? rcu_is_watching+0x12/0xc0 [ 504.479979][T11883] do_syscall_64+0xcd/0x250 [ 504.480037][T11883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.480076][T11883] RIP: 0033:0x7fdbd238d169 [ 504.480099][T11883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.480127][T11883] RSP: 002b:00007fdbd32550e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 504.480164][T11883] RAX: ffffffffffffffda RBX: 00007fdbd25a5fa8 RCX: 00007fdbd238d169 [ 504.480182][T11883] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdbd25a5fac [ 504.480198][T11883] RBP: 00007fdbd25a5fa0 R08: 00007fdbd3256000 R09: 0000000000000000 [ 504.480215][T11883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbd25a5fac [ 504.480230][T11883] R13: 0000000000000000 R14: 00007ffc4ff97730 R15: 00007ffc4ff97818 [ 504.480263][T11883] [ 504.679792][T11887] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 505.438468][T11902] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x208 pfn:0x7800c [ 505.510443][T11880] vivid-003: ================= START STATUS ================= [ 505.567543][T11880] vivid-003: Radio HW Seek Mode: Bounded [ 505.573581][T11902] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 505.648439][T11880] vivid-003: Radio Programmable HW Seek: false [ 505.709041][T11902] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 505.717797][T11902] raw: 0000000000000208 ffff888030648800 00000001ffffffff 0000000000000000 [ 505.726537][T11902] page dumped because: unmovable page [ 505.731951][T11902] page_owner tracks the page as allocated [ 505.737778][T11902] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 11508, tgid 11500 (syz.1.1097), ts 481339205246, free_ts 479121791586 [ 505.756405][T11902] post_alloc_hook+0x181/0x1b0 [ 505.761409][T11902] get_page_from_freelist+0xfce/0x2f80 [ 505.767045][T11902] __alloc_frozen_pages_noprof+0x221/0x2470 [ 505.774733][T11902] __alloc_pages_noprof+0xb/0x1b0 [ 505.780058][T11902] pcpu_populate_chunk+0x10c/0xab0 [ 505.784826][T11880] vivid-003: RDS Rx I/O Mode: Block I/O [ 505.791407][T11902] pcpu_alloc_noprof+0xd73/0x1680 [ 505.796595][T11902] bpf_map_alloc_percpu+0x9a/0x4b0 [ 505.801789][T11902] htab_map_alloc+0x1231/0x17b0 [ 505.806809][T11902] map_create+0x5c5/0x1d20 [ 505.811304][T11902] __sys_bpf+0x4391/0x49c0 [ 505.815879][T11902] __x64_sys_bpf+0x78/0xc0 [ 505.820356][T11902] do_syscall_64+0xcd/0x250 [ 505.824968][T11902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.830935][T11902] page last free pid 1144 tgid 1144 stack trace: [ 505.841920][T11902] free_frozen_pages+0x6db/0xfb0 [ 505.847115][T11902] __folio_put+0x32a/0x450 [ 505.852892][T11902] gup_put_folio+0x21a/0x2a0 [ 505.859062][T11880] vivid-003: Generate RBDS Instead of RDS: false [ 505.883116][T11902] unpin_user_page+0xcf/0x1e0 [ 505.887896][T11902] io_free_rsrc_node+0x1f7/0x420 [ 505.892912][T11902] io_sqe_buffers_unregister+0x260/0x360 [ 505.893198][T11880] vivid-003: RDS Reception: true [ 505.928185][T11880] vivid-003: RDS Program Type: 0 inactive [ 505.946410][T11880] vivid-003: RDS PS Name: inactive [ 505.951700][T11880] vivid-003: RDS Radio Text: inactive [ 505.967587][T11880] vivid-003: RDS Traffic Announcement: false inactive [ 505.983228][T11880] vivid-003: RDS Traffic Program: false inactive [ 505.999912][T11880] vivid-003: RDS Music: false inactive [ 506.013356][T11880] vivid-003: ================== END STATUS ================== [ 506.036792][T11902] io_ring_exit_work+0x6fe/0xf70 [ 506.041823][T11902] process_one_work+0x9c5/0x1ba0 [ 506.046917][T11902] worker_thread+0x6c8/0xf00 [ 506.051586][T11902] kthread+0x3af/0x750 [ 506.055804][T11902] ret_from_fork+0x45/0x80 [ 506.060276][T11902] ret_from_fork_asm+0x1a/0x30 [ 506.643683][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.650295][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.351590][T11934] EXT4-fs error: 4 callbacks suppressed [ 507.351610][T11934] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 507.372682][T11933] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 507.395599][T11935] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 507.474498][T11936] __nla_validate_parse: 3 callbacks suppressed [ 507.474519][T11936] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1175'. [ 507.529605][T11938] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 507.550861][T11939] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 507.810448][T11948] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 508.025548][T11947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1180'. [ 508.089143][T11950] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1180'. [ 508.593044][T11962] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1183'. [ 508.829965][T11971] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 509.336117][T11977] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 509.406591][T11978] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 509.483679][T11969] vivid-003: ================= START STATUS ================= [ 509.500389][T11969] vivid-003: Radio HW Seek Mode: Bounded [ 509.531719][T11969] vivid-003: Radio Programmable HW Seek: false [ 509.538463][T11969] vivid-003: RDS Rx I/O Mode: Block I/O [ 509.565580][T11969] vivid-003: Generate RBDS Instead of RDS: false [ 509.588164][T11969] vivid-003: RDS Reception: true [ 509.603529][T11969] vivid-003: RDS Program Type: 0 inactive [ 509.609463][T11969] vivid-003: RDS PS Name: inactive [ 509.616295][T11969] vivid-003: RDS Radio Text: inactive [ 509.621958][T11969] vivid-003: RDS Traffic Announcement: false inactive [ 509.630772][T11969] vivid-003: RDS Traffic Program: false inactive [ 509.637666][T11969] vivid-003: RDS Music: false inactive [ 509.643671][T11969] vivid-003: ================== END STATUS ================== [ 509.866758][T11986] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 512.618374][T12028] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1194'. [ 512.691421][T12029] FAULT_INJECTION: forcing a failure. [ 512.691421][T12029] name fail_futex, interval 1, probability 0, space 0, times 0 [ 512.724686][T12029] CPU: 1 UID: 0 PID: 12029 Comm: syz.0.1194 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 512.724723][T12029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 512.724738][T12029] Call Trace: [ 512.724746][T12029] [ 512.724756][T12029] dump_stack_lvl+0x16c/0x1f0 [ 512.724795][T12029] should_fail_ex+0x50a/0x650 [ 512.724839][T12029] ? unwind_get_return_address+0x59/0xa0 [ 512.724886][T12029] get_futex_key+0x4a3/0x1000 [ 512.724921][T12029] ? __pfx_get_futex_key+0x10/0x10 [ 512.724955][T12029] ? stack_trace_save+0x95/0xd0 [ 512.724987][T12029] ? __pfx_stack_trace_save+0x10/0x10 [ 512.725024][T12029] futex_wait_setup+0x78/0x290 [ 512.725067][T12029] ? kasan_record_aux_stack+0xb8/0xd0 [ 512.725105][T12029] __futex_wait+0x267/0x3c0 [ 512.725147][T12029] ? __pfx___futex_wait+0x10/0x10 [ 512.725195][T12029] ? __pfx_futex_wake_mark+0x10/0x10 [ 512.725277][T12029] futex_wait+0xe9/0x380 [ 512.725319][T12029] ? __pfx_futex_wait+0x10/0x10 [ 512.725379][T12029] do_futex+0x22b/0x350 [ 512.725415][T12029] ? __pfx_do_futex+0x10/0x10 [ 512.725453][T12029] ? __pfx___might_resched+0x10/0x10 [ 512.725504][T12029] __x64_sys_futex+0x1e1/0x4c0 [ 512.725542][T12029] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 512.725586][T12029] ? __pfx___x64_sys_futex+0x10/0x10 [ 512.725619][T12029] ? ksys_mmap_pgoff+0x85/0x5c0 [ 512.725653][T12029] ? rcu_is_watching+0x12/0xc0 [ 512.725688][T12029] do_syscall_64+0xcd/0x250 [ 512.725726][T12029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.725763][T12029] RIP: 0033:0x7fa299b8d169 [ 512.725784][T12029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.725812][T12029] RSP: 002b:00007fa29a9ec0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 512.725838][T12029] RAX: ffffffffffffffda RBX: 00007fa299da6088 RCX: 00007fa299b8d169 [ 512.725856][T12029] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa299da6088 [ 512.725872][T12029] RBP: 00007fa299da6080 R08: 0000000000000000 R09: 0000000000000000 [ 512.725888][T12029] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa299da608c [ 512.725905][T12029] R13: 0000000000000000 R14: 00007fff2abc9ab0 R15: 00007fff2abc9b98 [ 512.725938][T12029] [ 512.955179][ C1] vkms_vblank_simulate: vblank timer overrun [ 513.065604][T12028] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1194'. [ 513.148276][T12032] FAULT_INJECTION: forcing a failure. [ 513.148276][T12032] name failslab, interval 1, probability 0, space 0, times 0 [ 513.195241][T12035] EXT4-fs error: 2 callbacks suppressed [ 513.195261][T12035] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 513.215879][T12032] CPU: 0 UID: 0 PID: 12032 Comm: syz.1.1197 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 513.215925][T12032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 513.215943][T12032] Call Trace: [ 513.215950][T12032] [ 513.215960][T12032] dump_stack_lvl+0x16c/0x1f0 [ 513.216004][T12032] should_fail_ex+0x50a/0x650 [ 513.216050][T12032] ? fs_reclaim_acquire+0xae/0x150 [ 513.216091][T12032] should_failslab+0xc2/0x120 [ 513.216119][T12032] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 513.216167][T12032] ? __kernfs_new_node+0xd3/0x890 [ 513.216214][T12032] __kernfs_new_node+0xd3/0x890 [ 513.216257][T12032] ? __pfx___kernfs_new_node+0x10/0x10 [ 513.216295][T12032] ? __pfx_lock_release+0x10/0x10 [ 513.216337][T12032] ? kernfs_add_one+0x39d/0x520 [ 513.216393][T12032] ? up_write+0x1b2/0x520 [ 513.216448][T12032] kernfs_new_node+0x186/0x240 [ 513.216499][T12032] __kernfs_create_file+0x53/0x350 [ 513.216558][T12032] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 513.216609][T12032] sysfs_merge_group+0x1b1/0x340 [ 513.216655][T12032] ? __pfx_sysfs_merge_group+0x10/0x10 [ 513.216706][T12032] ? __pfx_dev_add_physical_location+0x10/0x10 [ 513.216748][T12032] ? bus_to_subsys+0x12d/0x160 [ 513.216803][T12032] dpm_sysfs_add+0x237/0x280 [ 513.216846][T12032] device_add+0x9a8/0x1a70 [ 513.216893][T12032] ? __pfx_device_add+0x10/0x10 [ 513.216948][T12032] ? lockdep_init_map_type+0x16d/0x7d0 [ 513.217001][T12032] ? lockdep_init_map_type+0x16d/0x7d0 [ 513.217048][T12032] ? __raw_spin_lock_init+0x3a/0x110 [ 513.217105][T12032] input_register_device+0x7e8/0x1130 [ 513.217140][T12032] ? input_ff_create+0x256/0x350 [ 513.217189][T12032] uinput_ioctl_handler.isra.0+0x130c/0x1d70 [ 513.217241][T12032] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 513.217291][T12032] ? __pfx_lock_release+0x10/0x10 [ 513.217335][T12032] ? trace_lock_acquire+0x14e/0x1f0 [ 513.217384][T12032] ? __fget_files+0x206/0x3a0 [ 513.217434][T12032] ? __pfx_uinput_ioctl+0x10/0x10 [ 513.217482][T12032] __x64_sys_ioctl+0x190/0x200 [ 513.217524][T12032] do_syscall_64+0xcd/0x250 [ 513.217571][T12032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.217616][T12032] RIP: 0033:0x7f697458d169 [ 513.217642][T12032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.217673][T12032] RSP: 002b:00007f6975370038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.217716][T12032] RAX: ffffffffffffffda RBX: 00007f69747a5fa0 RCX: 00007f697458d169 [ 513.217747][T12032] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004 [ 513.217764][T12032] RBP: 00007f697460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 513.217780][T12032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.217797][T12032] R13: 0000000000000000 R14: 00007f69747a5fa0 R15: 00007ffe9f3a7838 [ 513.217833][T12032] [ 513.782065][T12045] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1199'. [ 513.803670][T12045] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.871041][T12045] bridge_slave_1 (unregistering): left allmulticast mode [ 513.878504][T12045] bridge_slave_1 (unregistering): left promiscuous mode [ 513.887629][T12045] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.941191][T12050] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 513.976326][T12046] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1200'. [ 514.043610][T12051] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 514.235481][T12052] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 514.787566][T12034] vivid-003: ================= START STATUS ================= [ 514.803371][T12034] vivid-003: Radio HW Seek Mode: Bounded [ 514.809098][T12034] vivid-003: Radio Programmable HW Seek: false [ 514.823319][T12034] vivid-003: RDS Rx I/O Mode: Block I/O [ 514.829051][T12034] vivid-003: Generate RBDS Instead of RDS: false [ 514.848619][T12034] vivid-003: RDS Reception: true [ 514.854625][T12034] vivid-003: RDS Program Type: 0 inactive [ 514.860523][T12034] vivid-003: RDS PS Name: inactive [ 514.866295][T12034] vivid-003: RDS Radio Text: inactive [ 514.871906][T12034] vivid-003: RDS Traffic Announcement: false inactive [ 514.879139][T12034] vivid-003: RDS Traffic Program: false inactive [ 514.887035][T12034] vivid-003: RDS Music: false inactive [ 514.897305][T12034] vivid-003: ================== END STATUS ================== [ 515.393454][T12070] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.416719][T12082] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.437423][T12083] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.615347][T12084] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.979719][T12085] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1198: comm udevd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.998300][T12064] kexec: Could not allocate control_code_buffer [ 517.296233][T12085] udevd[12085]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 517.559833][T12087] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 518.514761][T12093] Invalid ELF header magic: != ELF [ 518.571830][T12104] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 518.897151][T12112] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.054739][T12116] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.060490][T12117] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.098925][T12118] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.133992][T12110] could not allocate digest TFM handle [ 519.158682][T12120] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.220650][T12122] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.256803][T12114] could not allocate digest TFM handle [ 519.372475][T12124] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.418560][T12128] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.420272][T12129] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 519.472243][T12133] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1212'. [ 519.769905][T12141] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1215'. [ 520.873858][T12147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'. [ 522.389048][T12173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7b pfn:0x7800a [ 522.413211][T12173] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 522.445181][T12173] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 522.473368][T12173] raw: 000000000000007b 0000000000000000 00000001ffffffff 0000000000000000 [ 522.482105][T12173] page dumped because: unmovable page [ 522.553308][T12173] page_owner tracks the page as allocated [ 522.559075][T12173] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 11903, tgid 11899 (syz.0.1171), ts 505757465797, free_ts 503174965917 [ 522.634385][T12174] could not allocate digest TFM handle binfmt_misc [ 522.653395][T12173] post_alloc_hook+0x181/0x1b0 [ 522.663490][T12173] get_page_from_freelist+0xfce/0x2f80 [ 522.718378][T12173] __alloc_frozen_pages_noprof+0x221/0x2470 [ 522.745747][T12181] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1222'. [ 522.765034][T12173] alloc_pages_mpol+0x1fc/0x540 [ 522.778640][T12173] alloc_pages_noprof+0x131/0x390 [ 522.819334][T12173] __vmalloc_node_range_noprof+0x721/0x1530 [ 522.829463][T12173] __vmalloc_noprof+0x6d/0x90 [ 522.841184][T12173] pcpu_mem_zalloc+0x54/0xb0 [ 522.860050][T12173] pcpu_create_chunk+0x432/0x730 [ 522.860093][T12173] pcpu_alloc_noprof+0x1304/0x1680 [ 522.860128][T12173] bpf_map_alloc_percpu+0x9a/0x4b0 [ 522.860171][T12173] htab_map_alloc+0x1231/0x17b0 [ 522.860212][T12173] map_create+0x5c5/0x1d20 [ 522.860254][T12173] __sys_bpf+0x4391/0x49c0 [ 522.860318][T12173] __x64_sys_bpf+0x78/0xc0 [ 522.860347][T12173] do_syscall_64+0xcd/0x250 [ 522.860389][T12173] page last free pid 12 tgid 12 stack trace: [ 522.860410][T12173] free_frozen_pages+0x6db/0xfb0 [ 522.860456][T12173] vfree+0x174/0x950 [ 522.860496][T12173] kvfree+0x33/0x50 [ 522.860533][T12173] htab_map_free+0x8b5/0xb30 [ 522.860576][T12173] bpf_map_free_deferred+0x1c7/0x410 [ 522.860627][T12173] process_one_work+0x9c5/0x1ba0 [ 522.860686][T12173] worker_thread+0x6c8/0xf00 [ 522.860738][T12173] kthread+0x3af/0x750 [ 522.860773][T12173] ret_from_fork+0x45/0x80 [ 522.863182][T12173] ret_from_fork_asm+0x1a/0x30 [ 523.478714][T12193] nvme_fabrics: missing parameter 'transport=%s' [ 523.485325][T12193] nvme_fabrics: missing parameter 'nqn=%s' [ 523.614736][T12193] svc: failed to register nfsdv3 RPC service (errno 111). [ 523.616658][T12197] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1226'. [ 523.683360][T12193] svc: failed to register nfsaclv3 RPC service (errno 111). [ 523.730854][T12202] EXT4-fs error: 11 callbacks suppressed [ 523.730874][T12202] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 523.776200][T12207] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 523.795315][T12208] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 523.812095][T12199] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1227'. [ 523.827005][T12201] zswap: compressor not available [ 523.832446][T12204] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1227'. [ 523.935104][T12210] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 523.975073][T12212] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 524.013820][T12212] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 524.193020][T12218] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.204494][T12219] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.206552][T12220] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.208577][T12221] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.210221][T12214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1230'. [ 524.258057][T12216] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7b pfn:0x7800a [ 524.258095][T12216] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 524.258134][T12216] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 524.258164][T12216] raw: 000000000000007b 0000000000000000 00000001ffffffff 0000000000000000 [ 524.258185][T12216] page dumped because: unmovable page [ 524.258202][T12216] page_owner tracks the page as allocated [ 524.258216][T12216] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 11903, tgid 11899 (syz.0.1171), ts 505757465797, free_ts 503174965917 [ 524.258295][T12216] post_alloc_hook+0x181/0x1b0 [ 524.258342][T12216] get_page_from_freelist+0xfce/0x2f80 [ 524.258390][T12216] __alloc_frozen_pages_noprof+0x221/0x2470 [ 524.258440][T12216] alloc_pages_mpol+0x1fc/0x540 [ 524.258468][T12216] alloc_pages_noprof+0x131/0x390 [ 524.258497][T12216] __vmalloc_node_range_noprof+0x721/0x1530 [ 524.258540][T12216] __vmalloc_noprof+0x6d/0x90 [ 524.258580][T12216] pcpu_mem_zalloc+0x54/0xb0 [ 524.258608][T12216] pcpu_create_chunk+0x432/0x730 [ 524.258640][T12216] pcpu_alloc_noprof+0x1304/0x1680 [ 524.258673][T12216] bpf_map_alloc_percpu+0x9a/0x4b0 [ 524.258715][T12216] htab_map_alloc+0x1231/0x17b0 [ 524.258757][T12216] map_create+0x5c5/0x1d20 [ 524.258798][T12216] __sys_bpf+0x4391/0x49c0 [ 524.258843][T12216] __x64_sys_bpf+0x78/0xc0 [ 524.258870][T12216] do_syscall_64+0xcd/0x250 [ 524.258915][T12216] page last free pid 12 tgid 12 stack trace: [ 524.258935][T12216] free_frozen_pages+0x6db/0xfb0 [ 524.258978][T12216] vfree+0x174/0x950 [ 524.259016][T12216] kvfree+0x33/0x50 [ 524.259052][T12216] htab_map_free+0x8b5/0xb30 [ 524.259093][T12216] bpf_map_free_deferred+0x1c7/0x410 [ 524.259135][T12216] process_one_work+0x9c5/0x1ba0 [ 524.259176][T12216] worker_thread+0x6c8/0xf00 [ 524.259214][T12216] kthread+0x3af/0x750 [ 524.259249][T12216] ret_from_fork+0x45/0x80 [ 524.259289][T12216] ret_from_fork_asm+0x1a/0x30 [ 524.280025][T12224] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.299578][T12225] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.306001][T12216] could not allocate digest TFM handle binfmt_misc [ 526.495499][T12255] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1237'. [ 526.710011][T12260] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1238'. [ 526.905276][T12260] bridge_slave_1 (unregistering): left allmulticast mode [ 526.930782][T12260] bridge_slave_1 (unregistering): left promiscuous mode [ 526.941932][T12260] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.415818][T12275] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7b pfn:0x7800a [ 527.437244][T12275] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 527.453288][T12275] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 527.473155][T12275] raw: 000000000000007b 0000000000000000 00000001ffffffff 0000000000000000 [ 527.481874][T12275] page dumped because: unmovable page [ 527.514010][T12275] page_owner tracks the page as allocated [ 527.519782][T12275] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 11903, tgid 11899 (syz.0.1171), ts 505757465797, free_ts 503174965917 [ 527.552803][T12275] post_alloc_hook+0x181/0x1b0 [ 527.558146][T12275] get_page_from_freelist+0xfce/0x2f80 [ 527.565123][T12275] __alloc_frozen_pages_noprof+0x221/0x2470 [ 527.571088][T12275] alloc_pages_mpol+0x1fc/0x540 [ 527.580747][T12276] could not allocate digest TFM handle binfmt_misc [ 527.583168][T12275] alloc_pages_noprof+0x131/0x390 [ 527.592670][T12275] __vmalloc_node_range_noprof+0x721/0x1530 [ 527.612953][T12275] __vmalloc_noprof+0x6d/0x90 [ 527.618114][T12275] pcpu_mem_zalloc+0x54/0xb0 [ 527.622763][T12275] pcpu_create_chunk+0x432/0x730 [ 527.651477][T12275] pcpu_alloc_noprof+0x1304/0x1680 [ 527.663150][T12275] bpf_map_alloc_percpu+0x9a/0x4b0 [ 527.668446][T12275] htab_map_alloc+0x1231/0x17b0 [ 527.703480][T12275] map_create+0x5c5/0x1d20 [ 527.745501][T12275] __sys_bpf+0x4391/0x49c0 [ 527.793199][T12275] __x64_sys_bpf+0x78/0xc0 [ 527.800438][T12275] do_syscall_64+0xcd/0x250 [ 527.820671][T12275] page last free pid 12 tgid 12 stack trace: [ 527.844491][T12275] free_frozen_pages+0x6db/0xfb0 [ 527.849578][T12275] vfree+0x174/0x950 [ 527.908107][T12275] kvfree+0x33/0x50 [ 527.912022][T12275] htab_map_free+0x8b5/0xb30 [ 527.993263][T12275] bpf_map_free_deferred+0x1c7/0x410 [ 528.027692][T12275] process_one_work+0x9c5/0x1ba0 [ 528.032740][T12275] worker_thread+0x6c8/0xf00 [ 528.082464][T12275] kthread+0x3af/0x750 [ 528.103128][T12275] ret_from_fork+0x45/0x80 [ 528.107653][T12275] ret_from_fork_asm+0x1a/0x30 [ 528.804295][T12302] EXT4-fs error: 8 callbacks suppressed [ 528.804315][T12302] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 528.831393][T12304] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 528.858640][T12306] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 528.899095][T12307] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 528.926821][T12308] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 528.950877][T12310] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 528.966740][T12300] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1248'. [ 529.255617][T12315] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 529.327766][T12317] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 529.418882][T12320] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 529.439722][T12319] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1250'. [ 529.487060][T12319] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.589521][T12319] bridge_slave_1 (unregistering): left allmulticast mode [ 529.626697][T12319] bridge_slave_1 (unregistering): left promiscuous mode [ 529.634859][T12292] vivid-003: ================= START STATUS ================= [ 529.642628][T12292] vivid-003: Radio HW Seek Mode: Bounded [ 529.648415][T12319] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.664822][T12292] vivid-003: Radio Programmable HW Seek: false [ 529.671243][T12292] vivid-003: RDS Rx I/O Mode: Block I/O [ 529.677171][T12292] vivid-003: Generate RBDS Instead of RDS: false [ 529.683976][T12292] vivid-003: RDS Reception: true [ 529.689957][T12292] vivid-003: RDS Program Type: 0 inactive [ 529.697625][T12292] vivid-003: RDS PS Name: inactive [ 529.703017][T12292] vivid-003: RDS Radio Text: inactive [ 529.750895][T12292] vivid-003: RDS Traffic Announcement: false inactive [ 529.768316][T12292] vivid-003: RDS Traffic Program: false inactive [ 529.789923][T12292] vivid-003: RDS Music: false inactive [ 529.857385][T12292] vivid-003: ================== END STATUS ================== [ 530.002441][T12335] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 530.033688][T12334] could not allocate digest TFM handle binfmt_misc [ 530.086229][T12339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1253'. [ 530.322113][T12344] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1254'. [ 531.569455][T12367] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 531.637915][T12367] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 532.674674][T12383] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1262'. [ 532.788606][T12394] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 534.555548][T12427] EXT4-fs error: 14 callbacks suppressed [ 534.555569][T12427] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 534.850450][T12434] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 534.904123][T12437] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 534.944038][T12439] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 534.948343][T12433] could not allocate digest TFM handle binfmt_misc [ 535.606595][T12446] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 536.693516][T12471] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 537.853490][T12478] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 537.962063][T12480] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 538.234834][T12488] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 538.651964][T12470] vivid-003: ================= START STATUS ================= [ 538.659850][T12470] vivid-003: Radio HW Seek Mode: Bounded [ 538.666403][T12470] vivid-003: Radio Programmable HW Seek: false [ 538.672695][T12470] vivid-003: RDS Rx I/O Mode: Block I/O [ 538.693273][T12470] vivid-003: Generate RBDS Instead of RDS: false [ 538.699682][T12470] vivid-003: RDS Reception: true [ 538.714956][T12470] vivid-003: RDS Program Type: 0 inactive [ 538.722886][T12470] vivid-003: RDS PS Name: inactive [ 538.793328][T12470] vivid-003: RDS Radio Text: inactive [ 538.823199][T12470] vivid-003: RDS Traffic Announcement: false inactive [ 538.830137][T12470] vivid-003: RDS Traffic Program: false inactive [ 538.837572][T12470] vivid-003: RDS Music: false inactive [ 538.843498][T12470] vivid-003: ================== END STATUS ================== [ 539.252898][T12510] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 539.278838][T12506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7800a [ 539.293534][T12506] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 539.328059][T12506] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 539.349998][T12506] page_type: f5(slab) [ 539.360127][T12506] raw: 00fff00000000040 ffff888141ee0a00 dead000000000122 0000000000000000 [ 539.372251][T12506] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 539.381949][T12506] head: 00fff00000000040 ffff888141ee0a00 dead000000000122 0000000000000000 [ 539.391117][T12506] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 539.433129][T12506] head: 00fff00000000001 ffffea0001e00281 ffffffffffffffff 0000000000000000 [ 539.452941][T12507] could not allocate digest TFM handle [ 539.476850][T12506] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 539.512320][T12506] page dumped because: unmovable page [ 539.531417][T12506] page_owner tracks the page as allocated [ 539.542483][T12509] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1286'. [ 539.577023][T12506] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12418, tgid 12403 (syz.0.1266), ts 534749042113, free_ts 528392956576 [ 539.646177][T12506] post_alloc_hook+0x181/0x1b0 [ 539.656888][T12506] get_page_from_freelist+0xfce/0x2f80 [ 539.669345][T12506] __alloc_frozen_pages_noprof+0x221/0x2470 [ 539.689385][T12506] alloc_pages_mpol+0x1fc/0x540 [ 539.705388][T12506] new_slab+0x23d/0x330 [ 539.709780][T12506] ___slab_alloc+0xc5d/0x1720 [ 539.737025][T12506] __slab_alloc.constprop.0+0x56/0xb0 [ 539.747236][T12506] kmem_cache_alloc_node_noprof+0xfc/0x3c0 [ 539.764545][T12506] __alloc_skb+0x2b1/0x380 [ 539.773621][T12506] tcp_stream_alloc_skb+0x34/0x570 [ 539.790040][T12506] tcp_sendmsg_locked+0xf13/0x37c0 [ 539.798095][T12506] tcp_sendmsg+0x2e/0x50 [ 539.802572][T12506] inet_sendmsg+0xb9/0x140 [ 539.811365][T12506] sock_write_iter+0x4ac/0x5b0 [ 539.816780][T12506] vfs_write+0x5ae/0x1150 [ 539.821358][T12506] ksys_write+0x207/0x250 [ 539.830528][T12506] page last free pid 5896 tgid 5896 stack trace: [ 539.838818][T12506] free_frozen_pages+0x6db/0xfb0 [ 539.848953][T12506] vfree+0x174/0x950 [ 539.858407][T12506] kvfree+0x33/0x50 [ 539.869801][T12506] pcpu_balance_free+0x60d/0xb20 [ 539.891404][T12506] pcpu_balance_workfn+0x9d4/0xd00 [ 539.908400][T12506] process_one_work+0x9c5/0x1ba0 [ 539.953400][T12506] worker_thread+0x6c8/0xf00 [ 539.980931][T12506] kthread+0x3af/0x750 [ 540.013140][T12506] ret_from_fork+0x45/0x80 [ 540.017660][T12506] ret_from_fork_asm+0x1a/0x30 [ 540.381043][T12534] EXT4-fs error: 7 callbacks suppressed [ 540.381064][T12534] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 540.630040][T12540] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 540.653044][T12539] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 540.677236][T12541] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 540.746292][T12539] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 540.789236][T12526] vivid-003: ================= START STATUS ================= [ 540.849054][T12526] vivid-003: Radio HW Seek Mode: Bounded [ 540.859227][T12526] vivid-003: Radio Programmable HW Seek: false [ 540.877375][T12526] vivid-003: RDS Rx I/O Mode: Block I/O [ 540.888281][T12526] vivid-003: Generate RBDS Instead of RDS: false [ 540.898053][T12547] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 540.917428][T12526] vivid-003: RDS Reception: true [ 540.922487][T12526] vivid-003: RDS Program Type: 0 inactive [ 540.931198][T12526] vivid-003: RDS PS Name: inactive [ 540.938506][T12548] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 540.942085][T12526] vivid-003: RDS Radio Text: inactive [ 540.969254][T12526] vivid-003: RDS Traffic Announcement: false inactive [ 540.976488][T12526] vivid-003: RDS Traffic Program: false inactive [ 540.982909][T12526] vivid-003: RDS Music: false inactive [ 540.988635][T12526] vivid-003: ================== END STATUS ================== [ 541.057498][T12550] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 541.058351][T12546] could not allocate digest TFM handle binfmt_misc [ 541.488660][T12556] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 541.494705][T12557] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 541.744805][T12552] vivid-003: ================= START STATUS ================= [ 541.782731][T12552] vivid-003: Radio HW Seek Mode: Bounded [ 541.800373][T12552] vivid-003: Radio Programmable HW Seek: false [ 541.803922][T12562] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 541.817045][T12552] vivid-003: RDS Rx I/O Mode: Block I/O [ 541.871118][T12552] vivid-003: Generate RBDS Instead of RDS: false [ 541.890226][T12552] vivid-003: RDS Reception: true [ 541.896039][T12552] vivid-003: RDS Program Type: 0 inactive [ 541.906928][T12552] vivid-003: RDS PS Name: inactive [ 541.921210][T12552] vivid-003: RDS Radio Text: inactive [ 541.927722][T12552] vivid-003: RDS Traffic Announcement: false inactive [ 541.934880][T12552] vivid-003: RDS Traffic Program: false inactive [ 541.941784][T12552] vivid-003: RDS Music: false inactive [ 541.947773][T12552] vivid-003: ================== END STATUS ================== [ 542.558102][T12576] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 542.682300][T12575] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1295'. [ 544.404603][T12607] could not allocate digest TFM handle binfmt_misc [ 545.389010][T12631] EXT4-fs error: 11 callbacks suppressed [ 545.389030][T12631] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 545.438611][T12632] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 545.471732][T12633] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1305'. [ 545.568817][T12635] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 545.691072][T12637] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 546.720389][T12656] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 546.736225][T12655] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 546.800094][T12657] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 546.864487][T12661] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 546.979465][T12664] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1198: comm udevd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 547.010540][T12664] udevd[12664]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 547.032643][T12667] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 547.089629][T12665] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1311'. [ 547.164413][T12663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'. [ 548.081327][T12687] vivid-003: ================= START STATUS ================= [ 548.134605][T12687] vivid-003: Radio HW Seek Mode: Bounded [ 548.167133][T12687] vivid-003: Radio Programmable HW Seek: false [ 548.183100][T12687] vivid-003: RDS Rx I/O Mode: Block I/O [ 548.193221][T12687] vivid-003: Generate RBDS Instead of RDS: false [ 548.209921][T12687] vivid-003: RDS Reception: true [ 548.236519][T12687] vivid-003: RDS Program Type: 0 inactive [ 548.256000][T12687] vivid-003: RDS PS Name: inactive [ 548.278820][T12687] vivid-003: RDS Radio Text: inactive [ 548.317127][T12687] vivid-003: RDS Traffic Announcement: false inactive [ 548.385551][T12687] vivid-003: RDS Traffic Program: false inactive [ 548.392112][T12687] vivid-003: RDS Music: false inactive [ 548.407946][T12687] vivid-003: ================== END STATUS ================== [ 550.918637][T12741] EXT4-fs error: 9 callbacks suppressed [ 550.918653][T12741] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 550.997232][T12744] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 551.103795][T12743] HfR: entered promiscuous mode [ 552.024451][T12760] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.058877][T12761] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.082460][T12762] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.100543][T12763] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.124831][T12764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1329'. [ 552.144134][T12765] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.180724][T12766] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.214250][T12767] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.333209][T12769] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1330'. [ 552.620144][T12751] vivid-003: ================= START STATUS ================= [ 552.643445][T12751] vivid-003: Radio HW Seek Mode: Bounded [ 552.649174][T12751] vivid-003: Radio Programmable HW Seek: false [ 552.669964][T12777] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1332'. [ 552.680180][T12777] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1332'. [ 552.683414][T12780] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.709266][T12751] vivid-003: RDS Rx I/O Mode: Block I/O [ 552.727826][T12751] vivid-003: Generate RBDS Instead of RDS: false [ 552.789332][T12779] could not allocate digest TFM handle binfmt_misc [ 552.796234][T12751] vivid-003: RDS Reception: true [ 552.802157][T12785] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1333'. [ 552.811864][T12751] vivid-003: RDS Program Type: 0 inactive [ 552.844369][T12751] vivid-003: RDS PS Name: inactive [ 552.883225][T12751] vivid-003: RDS Radio Text: inactive [ 552.888898][T12751] vivid-003: RDS Traffic Announcement: false inactive [ 552.916361][T12751] vivid-003: RDS Traffic Program: false inactive [ 552.922875][T12751] vivid-003: RDS Music: false inactive [ 552.935367][T12751] vivid-003: ================== END STATUS ================== [ 554.130491][T12791] vivid-003: ================= START STATUS ================= [ 554.251237][T12791] vivid-003: Radio HW Seek Mode: Bounded [ 554.331397][T12791] vivid-003: Radio Programmable HW Seek: false [ 554.397459][T12791] vivid-003: RDS Rx I/O Mode: Block I/O [ 554.431171][T12791] vivid-003: Generate RBDS Instead of RDS: false [ 554.437874][T12791] vivid-003: RDS Reception: true [ 554.442945][T12791] vivid-003: RDS Program Type: 0 inactive [ 554.448918][T12791] vivid-003: RDS PS Name: inactive [ 554.454334][T12791] vivid-003: RDS Radio Text: inactive [ 554.459870][T12791] vivid-003: RDS Traffic Announcement: false inactive [ 554.466776][T12791] vivid-003: RDS Traffic Program: false inactive [ 554.473512][T12791] vivid-003: RDS Music: false inactive [ 554.479390][T12791] vivid-003: ================== END STATUS ================== [ 554.648950][T12815] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1339'. [ 554.759190][T12802] vivid-003: ================= START STATUS ================= [ 554.776731][T12815] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.789204][T12802] vivid-003: Radio HW Seek Mode: Bounded [ 554.795364][T12815] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.804574][T12815] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.825689][T12815] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.827360][T12802] vivid-003: Radio Programmable HW Seek: false [ 554.925647][T12817] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1340'. [ 554.958436][T12802] vivid-003: RDS Rx I/O Mode: Block I/O [ 555.013237][T12802] vivid-003: Generate RBDS Instead of RDS: false [ 555.019864][T12802] vivid-003: RDS Reception: true [ 555.095603][T12802] vivid-003: RDS Program Type: 0 inactive [ 555.101429][T12802] vivid-003: RDS PS Name: inactive [ 555.158610][T12802] vivid-003: RDS Radio Text: inactive [ 555.168577][T12802] vivid-003: RDS Traffic Announcement: false inactive [ 555.176017][T12802] vivid-003: RDS Traffic Program: false inactive [ 555.182425][T12802] vivid-003: RDS Music: false inactive [ 555.189468][T12802] vivid-003: ================== END STATUS ================== [ 555.206833][T12832] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1342'. [ 555.328524][T12842] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1345'. [ 555.338968][T12842] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1345'. [ 555.850449][T12853] sctp: [Deprecated]: syz.0.1349 (pid 12853) Use of int in maxseg socket option. [ 555.850449][T12853] Use struct sctp_assoc_value instead [ 555.958903][T12860] EXT4-fs error: 13 callbacks suppressed [ 555.958925][T12860] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 556.251535][T12863] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 556.638884][T12873] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 556.667196][T12875] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 556.698311][T12876] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 556.719953][T12878] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 556.742799][T12867] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 557.301781][T12887] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 557.577530][T12889] __nla_validate_parse: 1 callbacks suppressed [ 557.577556][T12889] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1355'. [ 557.662965][T12889] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1355'. [ 558.339396][T12900] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 558.339839][T12901] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 558.375359][T12903] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 558.455679][T12906] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1358'. [ 558.509190][T12890] vivid-003: ================= START STATUS ================= [ 558.704982][T12890] vivid-003: Radio HW Seek Mode: Bounded [ 558.770805][T12890] vivid-003: Radio Programmable HW Seek: false [ 558.839525][T12890] vivid-003: RDS Rx I/O Mode: Block I/O [ 558.915641][T12890] vivid-003: Generate RBDS Instead of RDS: false [ 559.011413][T12890] vivid-003: RDS Reception: true [ 559.048688][T12890] vivid-003: RDS Program Type: 0 inactive [ 559.109314][T12890] vivid-003: RDS PS Name: inactive [ 559.158341][T12890] vivid-003: RDS Radio Text: inactive [ 559.233931][T12890] vivid-003: RDS Traffic Announcement: false inactive [ 559.240954][T12890] vivid-003: RDS Traffic Program: false inactive [ 559.247436][T12890] vivid-003: RDS Music: false inactive [ 559.252995][T12890] vivid-003: ================== END STATUS ================== [ 559.646370][T12926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1362'. [ 561.198158][T12959] Invalid ELF header magic: != ELF [ 561.484915][T12967] EXT4-fs error: 10 callbacks suppressed [ 561.484937][T12967] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 561.536374][T12968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 561.609359][T12968] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 561.664315][T12968] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 561.672364][T12968] page_type: f5(slab) [ 561.731282][T12968] raw: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 561.762065][T12968] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 561.781310][T12968] head: 00fff00000000040 ffff88801b042140 0000000000000000 dead000000000001 [ 561.844477][T12968] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 561.876592][T12968] head: 00fff00000000003 ffffea0001e00001 ffffffffffffffff 0000000000000000 [ 561.907052][T12968] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 561.920543][T12968] page dumped because: unmovable page [ 561.926265][T12968] page_owner tracks the page as allocated [ 561.932189][T12968] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 29, tgid 29 (kworker/u8:2), ts 357485345410, free_ts 357365760713 [ 561.959466][T12968] post_alloc_hook+0x181/0x1b0 [ 561.984771][T12968] get_page_from_freelist+0xfce/0x2f80 [ 561.996058][T12968] __alloc_frozen_pages_noprof+0x221/0x2470 [ 562.021522][T12968] alloc_pages_mpol+0x1fc/0x540 [ 562.033172][T12968] new_slab+0x23d/0x330 [ 562.043254][T12968] ___slab_alloc+0xc5d/0x1720 [ 562.055260][T12968] __slab_alloc.constprop.0+0x56/0xb0 [ 562.068343][T12968] __kmalloc_node_track_caller_noprof+0x2f1/0x510 [ 562.078308][T12968] kmalloc_reserve+0xef/0x2c0 [ 562.086728][T12968] __alloc_skb+0x164/0x380 [ 562.091232][T12968] nsim_dev_trap_report_work+0x2af/0xd00 [ 562.099037][T12968] process_one_work+0x9c5/0x1ba0 [ 562.119323][T12968] worker_thread+0x6c8/0xf00 [ 562.143192][T12968] kthread+0x3af/0x750 [ 562.156623][T12968] ret_from_fork+0x45/0x80 [ 562.189071][T12968] ret_from_fork_asm+0x1a/0x30 [ 562.206424][T12968] page last free pid 9549 tgid 9548 stack trace: [ 562.225785][T12968] free_frozen_pages+0x6db/0xfb0 [ 562.241064][T12968] __put_partials+0x14c/0x170 [ 562.270694][T12968] qlist_free_all+0x4e/0x120 [ 562.295084][T12968] kasan_quarantine_reduce+0x195/0x1e0 [ 562.316615][T12968] __kasan_slab_alloc+0x69/0x90 [ 562.330731][T12968] kmem_cache_alloc_noprof+0x226/0x3d0 [ 562.384007][T12968] alloc_buffer_head+0x21/0x160 [ 562.390233][T12968] folio_alloc_buffers+0x2bd/0x830 [ 562.395697][T12968] create_empty_buffers+0x36/0x480 [ 562.400984][T12968] folio_create_buffers+0x109/0x150 [ 562.406397][T12968] __block_write_begin_int+0x321/0x16e0 [ 562.412094][T12968] iomap_write_begin+0x5df/0x1660 [ 562.417272][T12968] iomap_file_buffered_write+0x419/0xc70 [ 562.423129][T12968] blkdev_write_iter+0x574/0xdd0 [ 562.428127][T12968] vfs_write+0x5ae/0x1150 [ 562.432528][T12968] ksys_write+0x12b/0x250 [ 562.490991][T12981] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 562.515161][T12984] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 562.587276][T12985] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 562.693688][T12989] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 562.786334][T12993] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 562.793256][T12972] vivid-003: ================= START STATUS ================= [ 562.843183][T12972] vivid-003: Radio HW Seek Mode: Bounded [ 562.848931][T12972] vivid-003: Radio Programmable HW Seek: false [ 562.859859][T12972] vivid-003: RDS Rx I/O Mode: Block I/O [ 562.878133][T12995] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 562.907984][T12972] vivid-003: Generate RBDS Instead of RDS: false [ 562.925759][T12972] vivid-003: RDS Reception: true [ 562.945027][T12988] could not allocate digest TFM handle binfmt_misc [ 562.947141][T12972] vivid-003: RDS Program Type: 0 inactive [ 562.964854][T12972] vivid-003: RDS PS Name: inactive [ 562.970354][T12972] vivid-003: RDS Radio Text: inactive [ 562.976060][T12972] vivid-003: RDS Traffic Announcement: false inactive [ 562.986264][T12972] vivid-003: RDS Traffic Program: false inactive [ 562.994561][T12972] vivid-003: RDS Music: false inactive [ 563.000222][T12972] vivid-003: ================== END STATUS ================== [ 563.654867][T12998] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 564.065536][T13004] ima: policy update failed [ 564.095964][ T30] audit: type=1802 audit(4294967549.687:13): pid=13004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1377" res=0 errno=0 [ 564.104334][T13008] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 564.702487][T13021] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.444948][T13037] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.473979][T13036] FAULT_INJECTION: forcing a failure. [ 565.473979][T13036] name failslab, interval 1, probability 0, space 0, times 0 [ 565.494230][T13036] CPU: 0 UID: 0 PID: 13036 Comm: syz.2.1384 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 565.494268][T13036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 565.494286][T13036] Call Trace: [ 565.494295][T13036] [ 565.494307][T13036] dump_stack_lvl+0x16c/0x1f0 [ 565.494348][T13036] should_fail_ex+0x50a/0x650 [ 565.494396][T13036] ? fs_reclaim_acquire+0xae/0x150 [ 565.494437][T13036] should_failslab+0xc2/0x120 [ 565.494467][T13036] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 565.494510][T13036] ? do_raw_read_unlock+0x44/0xe0 [ 565.494539][T13036] ? ima_d_path+0xbe/0x2a0 [ 565.494569][T13036] ima_d_path+0xbe/0x2a0 [ 565.494595][T13036] ? __pfx_ima_d_path+0x10/0x10 [ 565.494625][T13036] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 565.494674][T13036] process_measurement+0x1b76/0x2370 [ 565.494727][T13036] ? __pfx_process_measurement+0x10/0x10 [ 565.494784][T13036] ? mark_held_locks+0x9f/0xe0 [ 565.494835][T13036] ? kasan_quarantine_put+0x10a/0x240 [ 565.494900][T13036] ? find_held_lock+0x2d/0x110 [ 565.494945][T13036] ? tomoyo_bprm_check_security+0x168/0x1d0 [ 565.494998][T13036] ima_bprm_check+0xe8/0x210 [ 565.495043][T13036] ? __pfx_ima_bprm_check+0x10/0x10 [ 565.495095][T13036] security_bprm_check+0xa5/0x1e0 [ 565.495125][T13036] bprm_execve+0x832/0x16d0 [ 565.495171][T13036] ? __pfx_bprm_execve+0x10/0x10 [ 565.495212][T13036] ? copy_string_kernel+0x210/0x250 [ 565.495257][T13036] do_execveat_common.isra.0+0x4a2/0x610 [ 565.495304][T13036] __x64_sys_execve+0x8c/0xb0 [ 565.495345][T13036] do_syscall_64+0xcd/0x250 [ 565.495386][T13036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.495426][T13036] RIP: 0033:0x7fe50c98d169 [ 565.495449][T13036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.495477][T13036] RSP: 002b:00007fe50a7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 565.495503][T13036] RAX: ffffffffffffffda RBX: 00007fe50cba5fa0 RCX: 00007fe50c98d169 [ 565.495523][T13036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000000 [ 565.495541][T13036] RBP: 00007fe50ca0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 565.495557][T13036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 565.495574][T13036] R13: 0000000000000000 R14: 00007fe50cba5fa0 R15: 00007ffd40305828 [ 565.495609][T13036] [ 565.736910][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.785569][T13043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1383'. [ 566.580521][T13040] vivid-003: ================= START STATUS ================= [ 566.633874][T13040] vivid-003: Radio HW Seek Mode: Bounded [ 566.639601][T13040] vivid-003: Radio Programmable HW Seek: false [ 566.731903][T13040] vivid-003: RDS Rx I/O Mode: Block I/O [ 566.741224][T13040] vivid-003: Generate RBDS Instead of RDS: false [ 566.749916][T13071] EXT4-fs error: 8 callbacks suppressed [ 566.749935][T13071] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 566.780605][T13040] vivid-003: RDS Reception: true [ 566.790735][T13040] vivid-003: RDS Program Type: 0 inactive [ 566.796694][T13040] vivid-003: RDS PS Name: inactive [ 566.805778][T13040] vivid-003: RDS Radio Text: inactive [ 566.811410][T13040] vivid-003: RDS Traffic Announcement: false inactive [ 566.822223][T13040] vivid-003: RDS Traffic Program: false inactive [ 566.829695][T13040] vivid-003: RDS Music: false inactive [ 566.835662][T13040] vivid-003: ================== END STATUS ================== [ 567.529381][T13089] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 567.604147][T13092] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 567.676379][T13064] vivid-003: ================= START STATUS ================= [ 567.806198][T13064] vivid-003: Radio HW Seek Mode: Bounded [ 567.931842][T13094] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 567.966955][T13064] vivid-003: Radio Programmable HW Seek: false [ 568.069056][T13064] vivid-003: RDS Rx I/O Mode: Block I/O [ 568.078298][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.078551][T13064] vivid-003: Generate RBDS Instead of RDS: [ 568.086093][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.086100][T13064] false [ 568.092015][T13064] vivid-003: RDS Reception: true [ 568.106397][T13064] vivid-003: RDS Program Type: 0 inactive [ 568.112216][T13064] vivid-003: RDS PS Name: inactive [ 568.117589][T13064] vivid-003: RDS Radio Text: inactive [ 568.123173][T13064] vivid-003: RDS Traffic Announcement: false inactive [ 568.130042][T13064] vivid-003: RDS Traffic Program: false inactive [ 568.136544][T13064] vivid-003: RDS Music: false inactive [ 568.142168][T13064] vivid-003: ================== END STATUS ================== [ 568.329648][T13103] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1395'. [ 568.569849][T13103] netlink: 142 bytes leftover after parsing attributes in process `syz.0.1395'. [ 568.877027][T13118] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.035823][T13121] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.077102][T13124] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.165440][T13127] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.234646][T13112] could not allocate digest TFM handle binfmt_misc [ 570.201664][T13143] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 571.312653][T13164] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 571.629994][T13170] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1407'. [ 572.093466][T13178] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 572.393900][T13184] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 573.599291][T13204] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.654459][T13224] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.674209][T13227] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.709578][T13229] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.747810][T13231] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.788204][T13219] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1418'. [ 574.788206][T13233] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.928993][T13236] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.971972][T13237] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 575.292660][T13235] could not allocate digest TFM handle binfmt_misc [ 576.406056][T13255] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1425'. [ 576.438091][T13255] FAULT_INJECTION: forcing a failure. [ 576.438091][T13255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 576.470588][T13255] CPU: 1 UID: 0 PID: 13255 Comm: syz.1.1425 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 576.470629][T13255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 576.470648][T13255] Call Trace: [ 576.470656][T13255] [ 576.470667][T13255] dump_stack_lvl+0x16c/0x1f0 [ 576.470710][T13255] should_fail_ex+0x50a/0x650 [ 576.470763][T13255] strncpy_from_user+0x3b/0x2d0 [ 576.470808][T13255] getname_flags.part.0+0x8f/0x550 [ 576.470853][T13255] getname_flags+0x93/0xf0 [ 576.470902][T13255] __x64_sys_mknod+0x74/0xb0 [ 576.470984][T13255] do_syscall_64+0xcd/0x250 [ 576.471032][T13255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.471079][T13255] RIP: 0033:0x7f697458d169 [ 576.471107][T13255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.471148][T13255] RSP: 002b:00007f697534f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 576.471177][T13255] RAX: ffffffffffffffda RBX: 00007f69747a6080 RCX: 00007f697458d169 [ 576.471199][T13255] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000000 [ 576.471217][T13255] RBP: 00007f697460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 576.471237][T13255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 576.471255][T13255] R13: 0000000000000000 R14: 00007f69747a6080 R15: 00007ffe9f3a7838 [ 576.471292][T13255] [ 577.129820][T13271] EXT4-fs error: 3 callbacks suppressed [ 577.129847][T13271] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 577.170387][T13276] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 577.287795][T13268] vivid-003: ================= START STATUS ================= [ 577.313007][T13268] vivid-003: Radio HW Seek Mode: Bounded [ 577.319020][T13268] vivid-003: Radio Programmable HW Seek: false [ 577.332566][T13268] vivid-003: RDS Rx I/O Mode: Block I/O [ 577.346000][T13268] vivid-003: Generate RBDS Instead of RDS: false [ 577.352614][T13268] vivid-003: RDS Reception: true [ 577.358460][T13268] vivid-003: RDS Program Type: 0 inactive [ 577.377902][T13268] vivid-003: RDS PS Name: inactive [ 577.398065][T13268] vivid-003: RDS Radio Text: inactive [ 577.409947][T13268] vivid-003: RDS Traffic Announcement: false inactive [ 577.420341][T13268] vivid-003: RDS Traffic Program: false inactive [ 577.428532][T13268] vivid-003: RDS Music: false inactive [ 577.437862][T13268] vivid-003: ================== END STATUS ================== [ 577.681345][T13281] sctp: [Deprecated]: syz.3.1432 (pid 13281) Use of int in maxseg socket option. [ 577.681345][T13281] Use struct sctp_assoc_value instead [ 577.924256][T13287] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.171493][T13290] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.486935][T13296] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.574889][T13298] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:2: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.977050][T13278] vivid-003: ================= START STATUS ================= [ 579.007233][T13310] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 579.033503][T13278] vivid-003: Radio HW Seek Mode: Bounded [ 579.039222][T13278] vivid-003: Radio Programmable HW Seek: false [ 579.063130][T13278] vivid-003: RDS Rx I/O Mode: Block I/O [ 579.068769][T13278] vivid-003: Generate RBDS Instead of RDS: false [ 579.077386][T13311] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 579.150609][T13278] vivid-003: RDS Reception: true [ 579.157841][T13278] vivid-003: RDS Program Type: 0 inactive [ 579.166393][T13278] vivid-003: RDS PS Name: inactive [ 579.211709][T13278] vivid-003: RDS Radio Text: inactive [ 579.233147][T13278] vivid-003: RDS Traffic Announcement: false inactive [ 579.255411][T13278] vivid-003: RDS Traffic Program: false inactive [ 579.261834][T13278] vivid-003: RDS Music: false inactive [ 579.305726][T13278] vivid-003: ================== END STATUS ================== [ 579.694934][T13322] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 579.724673][T13324] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 580.224750][T13302] vivid-003: ================= START STATUS ================= [ 580.232480][T13302] vivid-003: Radio HW Seek Mode: Bounded [ 580.283220][T13302] vivid-003: Radio Programmable HW Seek: false [ 580.300825][T13302] vivid-003: RDS Rx I/O Mode: Block I/O [ 580.314635][T13302] vivid-003: Generate RBDS Instead of RDS: false [ 580.321195][T13302] vivid-003: RDS Reception: true [ 580.343221][T13302] vivid-003: RDS Program Type: 0 inactive [ 580.349059][T13302] vivid-003: RDS PS Name: inactive [ 580.354415][T13302] vivid-003: RDS Radio Text: inactive [ 580.359950][T13302] vivid-003: RDS Traffic Announcement: false inactive [ 580.373278][T13302] vivid-003: RDS Traffic Program: false inactive [ 580.379740][T13302] vivid-003: RDS Music: false inactive [ 580.433330][T13302] vivid-003: ================== END STATUS ================== [ 582.025128][T13362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1447'. [ 582.184977][T13368] EXT4-fs error: 2 callbacks suppressed [ 582.184998][T13368] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 583.222248][T13376] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 583.934105][T13391] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 584.322978][T13396] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 584.351260][T13395] sctp: [Deprecated]: syz.0.1454 (pid 13395) Use of int in maxseg socket option. [ 584.351260][T13395] Use struct sctp_assoc_value instead [ 584.775167][T13407] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 584.854126][T13409] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 584.901400][T13412] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1455'. [ 584.911552][T13410] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 584.939382][T13413] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 584.997975][T13416] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 585.428984][T13421] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 587.117320][T13446] sctp: [Deprecated]: syz.2.1466 (pid 13446) Use of int in maxseg socket option. [ 587.117320][T13446] Use struct sctp_assoc_value instead [ 587.262477][T13449] sctp: [Deprecated]: syz.1.1467 (pid 13449) Use of int in maxseg socket option. [ 587.262477][T13449] Use struct sctp_assoc_value instead [ 587.328068][T13451] EXT4-fs error: 1 callbacks suppressed [ 587.328088][T13451] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 587.620232][T13458] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 587.965792][T13466] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.043564][T13467] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.064964][T13468] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1470'. [ 588.105440][T13469] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.125870][T13470] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.130830][T13471] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.184763][T13472] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.222824][T13465] vivid-003: ================= START STATUS ================= [ 588.276979][T13465] vivid-003: Radio HW Seek Mode: Bounded [ 588.294721][T13465] vivid-003: Radio Programmable HW Seek: false [ 588.341676][T13465] vivid-003: RDS Rx I/O Mode: Block I/O [ 588.380613][T13465] vivid-003: Generate RBDS Instead of RDS: false [ 588.413092][T13465] vivid-003: RDS Reception: true [ 588.449470][T13465] vivid-003: RDS Program Type: 0 inactive [ 588.481766][T13465] vivid-003: RDS PS Name: inactive [ 588.487412][T13465] vivid-003: RDS Radio Text: inactive [ 588.493186][T13465] vivid-003: RDS Traffic Announcement: false inactive [ 588.500198][T13465] vivid-003: RDS Traffic Program: false inactive [ 588.506803][T13465] vivid-003: RDS Music: false inactive [ 588.513765][T13465] vivid-003: ================== END STATUS ================== [ 588.596637][T13485] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 588.727643][T13491] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1474'. [ 588.738314][T13492] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1217: comm init: corrupted in-inode xattr: bad magic number in in-inode xattr [ 589.288305][T13503] sctp: [Deprecated]: syz.3.1477 (pid 13503) Use of int in maxseg socket option. [ 589.288305][T13503] Use struct sctp_assoc_value instead [ 589.651779][T13512] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 589.740118][T13510] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1479'. [ 589.890465][T13521] sctp: [Deprecated]: syz.0.1480 (pid 13521) Use of int in maxseg socket option. [ 589.890465][T13521] Use struct sctp_assoc_value instead [ 589.969847][T13519] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1481'. [ 590.173946][T13531] FAULT_INJECTION: forcing a failure. [ 590.173946][T13531] name failslab, interval 1, probability 0, space 0, times 0 [ 590.216530][T13531] CPU: 0 UID: 0 PID: 13531 Comm: syz.1.1483 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 590.216581][T13531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 590.216602][T13531] Call Trace: [ 590.216613][T13531] [ 590.216627][T13531] dump_stack_lvl+0x16c/0x1f0 [ 590.216680][T13531] should_fail_ex+0x50a/0x650 [ 590.216734][T13531] ? fs_reclaim_acquire+0xae/0x150 [ 590.216782][T13531] ? open_substream+0xec/0x9b0 [ 590.216819][T13531] should_failslab+0xc2/0x120 [ 590.216854][T13531] __kmalloc_cache_noprof+0x68/0x410 [ 590.216900][T13531] ? mark_held_locks+0x9f/0xe0 [ 590.216950][T13531] ? _raw_spin_unlock_irq+0x23/0x50 [ 590.216992][T13531] open_substream+0xec/0x9b0 [ 590.217037][T13531] rawmidi_open_priv+0x542/0x6e0 [ 590.217089][T13531] snd_rawmidi_open+0x4bf/0xbd0 [ 590.217141][T13531] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 590.217189][T13531] ? __pfx_default_wake_function+0x10/0x10 [ 590.217246][T13531] ? kobject_get_unless_zero+0x157/0x1e0 [ 590.217299][T13531] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 590.217343][T13531] snd_open+0x1fe/0x450 [ 590.217378][T13531] ? __pfx_snd_open+0x10/0x10 [ 590.217411][T13531] chrdev_open+0x237/0x6a0 [ 590.217463][T13531] ? __pfx_apparmor_file_open+0x10/0x10 [ 590.217505][T13531] ? __pfx_chrdev_open+0x10/0x10 [ 590.217562][T13531] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 590.217623][T13531] do_dentry_open+0x735/0x1c40 [ 590.217676][T13531] ? __pfx_chrdev_open+0x10/0x10 [ 590.217723][T13531] ? inode_permission+0xdd/0x5f0 [ 590.217758][T13531] vfs_open+0x82/0x3f0 [ 590.217785][T13531] ? may_open+0x1f2/0x400 [ 590.217821][T13531] path_openat+0x1e88/0x2d80 [ 590.217875][T13531] ? __pfx_path_openat+0x10/0x10 [ 590.217917][T13531] ? __pfx___lock_acquire+0x10/0x10 [ 590.217956][T13531] ? lock_acquire.part.0+0x11b/0x380 [ 590.217997][T13531] ? find_held_lock+0x2d/0x110 [ 590.218032][T13531] do_filp_open+0x20c/0x470 [ 590.218075][T13531] ? __pfx_do_filp_open+0x10/0x10 [ 590.218116][T13531] ? find_held_lock+0x2d/0x110 [ 590.218171][T13531] ? alloc_fd+0x41f/0x760 [ 590.218223][T13531] do_sys_openat2+0x17a/0x1e0 [ 590.218253][T13531] ? __pfx_do_sys_openat2+0x10/0x10 [ 590.218286][T13531] ? __sys_connect+0xf2/0x170 [ 590.218331][T13531] __x64_sys_openat+0x175/0x210 [ 590.218362][T13531] ? __pfx___x64_sys_openat+0x10/0x10 [ 590.218409][T13531] do_syscall_64+0xcd/0x250 [ 590.218449][T13531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.218490][T13531] RIP: 0033:0x7f697458d169 [ 590.218514][T13531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.218542][T13531] RSP: 002b:00007f6975370038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 590.218570][T13531] RAX: ffffffffffffffda RBX: 00007f69747a5fa0 RCX: 00007f697458d169 [ 590.218600][T13531] RDX: 0000000000080102 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 590.218619][T13531] RBP: 00007f697460e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 590.218636][T13531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.218653][T13531] R13: 0000000000000000 R14: 00007f69747a5fa0 R15: 00007ffe9f3a7838 [ 590.218689][T13531] [ 590.533101][ C0] vkms_vblank_simulate: vblank timer overrun [ 591.272278][T13547] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1486'. [ 591.406227][T13547] FAULT_INJECTION: forcing a failure. [ 591.406227][T13547] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 591.455721][T13547] CPU: 0 UID: 0 PID: 13547 Comm: syz.0.1486 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 591.455763][T13547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 591.455783][T13547] Call Trace: [ 591.455794][T13547] [ 591.455807][T13547] dump_stack_lvl+0x16c/0x1f0 [ 591.455853][T13547] should_fail_ex+0x50a/0x650 [ 591.455912][T13547] strncpy_from_user+0x3b/0x2d0 [ 591.455967][T13547] getname_flags.part.0+0x8f/0x550 [ 591.456010][T13547] getname_flags+0x93/0xf0 [ 591.456056][T13547] __x64_sys_mknod+0x74/0xb0 [ 591.456107][T13547] do_syscall_64+0xcd/0x250 [ 591.456152][T13547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.456197][T13547] RIP: 0033:0x7fa299b8d169 [ 591.456222][T13547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.456254][T13547] RSP: 002b:00007fa29aa0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 591.456285][T13547] RAX: ffffffffffffffda RBX: 00007fa299da5fa0 RCX: 00007fa299b8d169 [ 591.456307][T13547] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000000 [ 591.456326][T13547] RBP: 00007fa299c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 591.456345][T13547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.456365][T13547] R13: 0000000000000000 R14: 00007fa299da5fa0 R15: 00007fff2abc9b98 [ 591.456408][T13547] [ 591.574416][T13553] ------------[ cut here ]------------ [ 591.577285][ C0] vkms_vblank_simulate: vblank timer overrun [ 591.585578][T13553] platform vkms: [drm] vblank wait timed out on crtc 0 [ 591.749107][T13553] WARNING: CPU: 0 PID: 13553 at drivers/gpu/drm/drm_vblank.c:1307 drm_wait_one_vblank+0x334/0x550 [ 591.760389][T13553] Modules linked in: [ 591.764470][T13553] CPU: 0 UID: 0 PID: 13553 Comm: syz.2.1488 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 591.775495][T13553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 591.785771][T13553] RIP: 0010:drm_wait_one_vblank+0x334/0x550 [ 591.791768][T13553] Code: 85 ed 0f 84 54 01 00 00 e8 79 12 5b fc 4c 89 e7 e8 01 3d 8b 00 89 e9 4c 89 ea 48 c7 c7 40 ca e8 8b 48 89 c6 e8 9d 43 1b fc 90 <0f> 0b 90 90 e9 0d fe ff ff e8 4e 12 5b fc 90 48 8d 7b 08 48 b8 00 [ 591.811623][T13553] RSP: 0018:ffffc90004c5fb28 EFLAGS: 00010286 [ 591.817829][T13553] RAX: 0000000000000000 RBX: ffff888024e30000 RCX: ffffc9000d37d000 [ 591.825905][T13553] RDX: 0000000000080000 RSI: ffffffff817a1236 RDI: 0000000000000001 [ 591.833968][T13553] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 591.842007][T13553] R10: 0000000000000001 R11: fffffffffffc84a8 R12: ffff888142b8a010 [ 591.850083][T13553] R13: ffff888020724a80 R14: 1ffff9200098bf67 R15: 00000000000087c5 [ 591.858180][T13553] FS: 00007fe50a7d56c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 591.867251][T13553] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 591.873945][T13553] CR2: 00007fe50a391d58 CR3: 000000007b1b2000 CR4: 00000000003526f0 [ 591.881970][T13553] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 591.890071][T13553] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 591.898245][T13553] Call Trace: [ 591.901554][T13553] [ 591.904546][T13553] ? __warn+0xea/0x3c0 [ 591.908693][T13553] ? preempt_schedule_notrace+0x62/0xe0 [ 591.914398][T13553] ? drm_wait_one_vblank+0x334/0x550 [ 591.919781][T13553] ? report_bug+0x3c0/0x580 [ 591.924447][T13553] ? handle_bug+0x54/0xa0 [ 591.928856][T13553] ? exc_invalid_op+0x17/0x50 [ 591.933719][T13553] ? asm_exc_invalid_op+0x1a/0x20 [ 591.938849][T13553] ? __warn_printk+0x1a6/0x350 [ 591.943774][T13553] ? drm_wait_one_vblank+0x334/0x550 [ 591.949142][T13553] ? drm_wait_one_vblank+0x333/0x550 [ 591.954604][T13553] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 591.960356][T13553] ? mark_held_locks+0x9f/0xe0 [ 591.965277][T13553] ? __pfx_autoremove_wake_function+0x10/0x10 [ 591.971398][T13553] ? lockdep_hardirqs_on+0x7c/0x110 [ 591.976760][T13553] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 591.982635][T13553] ? drm_vblank_get+0x150/0x280 [ 591.987637][T13553] drm_fb_helper_ioctl+0x156/0x1a0 [ 591.992883][T13553] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 591.998777][T13553] do_fb_ioctl+0x3d4/0x7d0 [ 592.003470][T13553] ? __pfx_do_fb_ioctl+0x10/0x10 [ 592.008539][T13553] ? do_vfs_ioctl+0x513/0x1990 [ 592.013447][T13553] ? kmem_cache_free+0x2e2/0x4d0 [ 592.018529][T13553] ? __fget_files+0x206/0x3a0 [ 592.023428][T13553] fb_ioctl+0xe5/0x150 [ 592.027568][T13553] ? __pfx_fb_ioctl+0x10/0x10 [ 592.032335][T13553] __x64_sys_ioctl+0x190/0x200 [ 592.037318][T13553] do_syscall_64+0xcd/0x250 [ 592.041940][T13553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.047999][T13553] RIP: 0033:0x7fe50c98d169 [ 592.052470][T13553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.072676][T13553] RSP: 002b:00007fe50a7d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 592.081312][T13553] RAX: ffffffffffffffda RBX: 00007fe50cba6080 RCX: 00007fe50c98d169 [ 592.089455][T13553] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000007 [ 592.097544][T13553] RBP: 00007fe50ca0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 592.105735][T13553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.113835][T13553] R13: 0000000000000000 R14: 00007fe50cba6080 R15: 00007ffd40305828 [ 592.121901][T13553] [ 592.125057][T13553] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 592.132383][T13553] CPU: 0 UID: 0 PID: 13553 Comm: syz.2.1488 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0 [ 592.143211][T13553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 592.153312][T13553] Call Trace: [ 592.156634][T13553] [ 592.159608][T13553] dump_stack_lvl+0x3d/0x1f0 [ 592.164258][T13553] panic+0x71d/0x800 [ 592.168205][T13553] ? __pfx_panic+0x10/0x10 [ 592.172669][T13553] ? show_trace_log_lvl+0x29d/0x3d0 [ 592.177938][T13553] ? drm_wait_one_vblank+0x334/0x550 [ 592.183287][T13553] check_panic_on_warn+0xab/0xb0 [ 592.188272][T13553] __warn+0xf6/0x3c0 [ 592.192202][T13553] ? preempt_schedule_notrace+0x62/0xe0 [ 592.197776][T13553] ? drm_wait_one_vblank+0x334/0x550 [ 592.203094][T13553] report_bug+0x3c0/0x580 [ 592.207464][T13553] handle_bug+0x54/0xa0 [ 592.211665][T13553] exc_invalid_op+0x17/0x50 [ 592.216200][T13553] asm_exc_invalid_op+0x1a/0x20 [ 592.221087][T13553] RIP: 0010:drm_wait_one_vblank+0x334/0x550 [ 592.227013][T13553] Code: 85 ed 0f 84 54 01 00 00 e8 79 12 5b fc 4c 89 e7 e8 01 3d 8b 00 89 e9 4c 89 ea 48 c7 c7 40 ca e8 8b 48 89 c6 e8 9d 43 1b fc 90 <0f> 0b 90 90 e9 0d fe ff ff e8 4e 12 5b fc 90 48 8d 7b 08 48 b8 00 [ 592.246657][T13553] RSP: 0018:ffffc90004c5fb28 EFLAGS: 00010286 [ 592.252755][T13553] RAX: 0000000000000000 RBX: ffff888024e30000 RCX: ffffc9000d37d000 [ 592.260741][T13553] RDX: 0000000000080000 RSI: ffffffff817a1236 RDI: 0000000000000001 [ 592.268724][T13553] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 592.276712][T13553] R10: 0000000000000001 R11: fffffffffffc84a8 R12: ffff888142b8a010 [ 592.284703][T13553] R13: ffff888020724a80 R14: 1ffff9200098bf67 R15: 00000000000087c5 [ 592.292695][T13553] ? __warn_printk+0x1a6/0x350 [ 592.297486][T13553] ? drm_wait_one_vblank+0x333/0x550 [ 592.302825][T13553] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 592.308499][T13553] ? mark_held_locks+0x9f/0xe0 [ 592.313287][T13553] ? __pfx_autoremove_wake_function+0x10/0x10 [ 592.319413][T13553] ? lockdep_hardirqs_on+0x7c/0x110 [ 592.324645][T13553] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 592.330489][T13553] ? drm_vblank_get+0x150/0x280 [ 592.335426][T13553] drm_fb_helper_ioctl+0x156/0x1a0 [ 592.340583][T13553] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 592.346273][T13553] do_fb_ioctl+0x3d4/0x7d0 [ 592.350844][T13553] ? __pfx_do_fb_ioctl+0x10/0x10 [ 592.355823][T13553] ? do_vfs_ioctl+0x513/0x1990 [ 592.360628][T13553] ? kmem_cache_free+0x2e2/0x4d0 [ 592.365625][T13553] ? __fget_files+0x206/0x3a0 [ 592.370337][T13553] fb_ioctl+0xe5/0x150 [ 592.374435][T13553] ? __pfx_fb_ioctl+0x10/0x10 [ 592.379175][T13553] __x64_sys_ioctl+0x190/0x200 [ 592.383978][T13553] do_syscall_64+0xcd/0x250 [ 592.388522][T13553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.394467][T13553] RIP: 0033:0x7fe50c98d169 [ 592.398896][T13553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.418527][T13553] RSP: 002b:00007fe50a7d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 592.426960][T13553] RAX: ffffffffffffffda RBX: 00007fe50cba6080 RCX: 00007fe50c98d169 [ 592.434951][T13553] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000007 [ 592.442939][T13553] RBP: 00007fe50ca0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 592.450930][T13553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.458920][T13553] R13: 0000000000000000 R14: 00007fe50cba6080 R15: 00007ffd40305828 [ 592.466937][T13553] [ 592.470310][T13553] Kernel Offset: disabled [ 592.474733][T13553] Rebooting in 86400 seconds..