last executing test programs: 18m9.274455046s ago: executing program 2 (id=3): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000100)='/proc/kpageflags\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0x88000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/nfsfs/volumes\x00', 0x200100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000240)=""/229, 0xe5) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3a8453d3, 0x80, 0x8, 0x4, 0x0, 0x1fc, 0x8, 0x401, 0xd9b1, 0x2, 0x2, 0xc28}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x40060) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r4, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x1, 0x40006, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) epoll_create$auto(0x5b) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x202003, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x8000000000, 0x9) io_uring_register$auto(0x2, 0xc, 0x0, 0x20) mmap$auto(0x834, 0x5, 0x2, 0x9b72, r3, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0) 18m6.525583802s ago: executing program 2 (id=5): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyr2\x00', 0x40c040, 0x0) ioctl$auto(r0, 0x540a, 0x0) unshare$auto(0x40000080) unshare$auto(0x6) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy5/statistics/dot11ACKFailureCount\x00', 0x105c00, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r1, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x5, 0x84) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91\vI\x1eRN8\x99\x88G\xd9\xec\x1epJ\"ds\x1cJr\xde:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18\x89\v\xea\x1b\x95\xaf\xee\xe69\x8d(<\xc7+\x83\xfcQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd3\x81Y\xa3Fp\v\xdc\xe2\xc3\xc3\xdbS\xdc', 0xfdef, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x640241, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4db) setreuid$auto(0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000000)={0x3, 0x1000, 0x6, 0x1, 0xffffffff, 0xa, 0xffffffffffffffff, [], {0x8, 0x1, 0x4, 0x8998d5c, 0x8000100, 0x7fff, 0x8000101, 0x1000006, 0xffffffffffffffff}, {0xbfc7, 0x1, 0x52, 0x8, 0x47302, 0x3d, 0x8, 0x7, 0x8001}}) r3 = open(&(0x7f0000000080)='./bus\x00', 0x64040, 0xc0) fcntl$auto(r3, 0x0, 0xa8) init_module$auto(0x0, 0xffff9, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000280), 0x480642, 0x0) init_module$auto(&(0x7f0000000180)="c46d827985b1e3907d50400cccf4c00ffe571ece9d92a447fec279060de494bceca3e54c132522f5ca4d720c678f22eaaff9a8f6c663c3a9cb176706090a96ba7238be9da6ad355f300e50b3d3d2f0a35a5f1637ec271546e5a4cccfdcea8efbdaeb171e3dea254b75828f3996fd5d41eb7cbea50f4d5422d186828598a5c8a485ad75cc8ed3f16fa878a0b7a18fb8a37e3f4c44e959252989b5f00431a04e08b2f891042db84cdcf43e02b664cc83d4de0baab7cd7c0dc8208e5784ae7c68a8f9720eaae3f8c364488eb47e478966aab2ea128e090ae499f5b770e1571692326ddfd4d2f011909a1a578b7b57161d421679f9ed9fd19f85f2b0", 0xd8d8, &(0x7f0000000040)='/dev/ptyr2\x00') 18m5.28263932s ago: executing program 2 (id=9): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) readv$auto(0x3, 0x0, 0x1) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x82a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000004000008000) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000881}, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) 18m3.899002845s ago: executing program 2 (id=15): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r0 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) mmap$auto(0xfffffffffffffffd, 0x810004, 0xbfb, 0x10, r0, 0x1000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x7, 0x1001, 0x40eb1, 0xff, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) write$auto(r1, 0x0, 0xfffffdef) 18m2.178446017s ago: executing program 2 (id=18): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x5, 0x80000000, 0x0, 0x78, 0x8) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) syz_clone(0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0) shmdt$auto(&(0x7f0000000000)='(\x00') mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x201, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x5}, 0xa) getsockopt$auto_SO_REUSEADDR(r0, 0x8000, 0x2, &(0x7f0000000040)='^\x92[\x00', &(0x7f00000000c0)=0x6) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/failslab/probability\x00', 0x22042, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) write$auto(0xffffffffffffffff, &(0x7f0000000100)='!}*[\\@:[\xd5\xe5\xc5/\xa5', 0xc) write$auto(0x3, 0x0, 0x100082) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x80000000, 0x7fffffffeffb, 0x5, 0x8e0, 0x2fe, 0x50b301a, 0xe4, 0x0, 0x1, 0x3}) getrlimit$auto(0x8, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)={0x3c, r5, 0x1, 0x70bd26, 0x25dfdbf7, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) ioctl$auto_BLKZEROOUT(r4, 0x127f, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 17m58.697009917s ago: executing program 2 (id=28): mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) sysinfo$auto(&(0x7f0000000080)={0x1, [0xa3e, 0x5, 0x101], 0xc50, 0xb36, 0x6, 0x3ff, 0x74, 0x5, 0x2, 0x0, 0x12000000, 0x3, 0x5}) socket(0xa, 0x2, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x42800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r2, 0xc040564b, r2) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, 0x0) getsockopt$auto(r0, 0x2000080, 0x3d, 0x0, 0x0) r3 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(r3, 0x400454ca, r3) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x1) msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x80000001, 0x9, 0x8, 0xffffffff, 0xfffffffffffffffe, 0x7fff, 0xfc2, 0x27f, @inferred=0xffffffffffffffff, @raw}) setresgid$auto(0xffffffffffffffff, 0xffffffffffffffff, r4) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x67}, 0x6a) 17m43.604862047s ago: executing program 32 (id=28): mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) sysinfo$auto(&(0x7f0000000080)={0x1, [0xa3e, 0x5, 0x101], 0xc50, 0xb36, 0x6, 0x3ff, 0x74, 0x5, 0x2, 0x0, 0x12000000, 0x3, 0x5}) socket(0xa, 0x2, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x42800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r2, 0xc040564b, r2) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, 0x0) getsockopt$auto(r0, 0x2000080, 0x3d, 0x0, 0x0) r3 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(r3, 0x400454ca, r3) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x1) msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x80000001, 0x9, 0x8, 0xffffffff, 0xfffffffffffffffe, 0x7fff, 0xfc2, 0x27f, @inferred=0xffffffffffffffff, @raw}) setresgid$auto(0xffffffffffffffff, 0xffffffffffffffff, r4) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x67}, 0x6a) 18.127648748s ago: executing program 3 (id=4759): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) madvise$auto(0x4, 0x7, 0x2) munlock$auto(0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_RTC_IRQP_READ(0xffffffffffffffff, 0x8008700b, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_LEAVE_IBSS(r0, 0x0, 0x4000001) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0xb, 0x2020005, 0x1, 0xfffffffffffff593, 0xffffffffffffffff, 0xffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4, 0x5, 0xeb1, r0, 0x8000) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x40002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto_SO_GET_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x1aa, 0x0, 0x6, 0x0, 0x0, 0x1002}, 0x5}, 0x2, 0x100) bpf$auto(0xf7fff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x4, 0xfaae, 0x468, 0x9, 0x2, 0x8, 0x3, 0x4, 0x1ff, 0x40000000005, 0xb5, 0x4, 0x806, 0xd9f1}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) fcntl$auto_F_GETOWN(r2, 0x9, 0xea6) 16.890201078s ago: executing program 3 (id=4766): socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) socket(0x2000000000000021, 0x2, 0x10000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x0, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/ptp/ptp0/max_adjustment\x00', 0x400, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) socketpair$auto(0xb, 0xc, 0x1000, 0x0) semctl$auto(0x1, 0xfffffffe, 0x3, 0x5) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0x15) 15.713664893s ago: executing program 3 (id=4771): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) r1 = socketpair$auto(0x1, 0x5, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) fstat$auto(r0, 0x0) ioctl$auto(r2, 0x5393, r1) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) mmap$auto(0x0, 0x1, 0xfffffffffffffff4, 0xeb1, 0xfffffffffffffffa, 0x4) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30988099a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r3, 0x5420, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000040), 0x4a0000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x1, 0xa0d6, 0x3, 0x8c8010, r4, 0x7ffe) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r6 = prctl$auto(0x3e, 0x7, 0x0, 0x9, 0x0) write$auto(r5, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2a, 0x7, 0x9b7e, r6, 0x28000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) 9.55168375s ago: executing program 0 (id=4786): socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) socket(0x2000000000000021, 0x2, 0x10000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/ptp/ptp0/max_adjustment\x00', 0x400, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) socketpair$auto(0xb, 0xc, 0x1000, 0x0) semctl$auto(0x1, 0xfffffffe, 0x3, 0x5) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0x15) 9.401902962s ago: executing program 3 (id=4787): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x20400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0xffffffff, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x54, 0x80, 0x104, 0x6, 0x4}, {0x200100, 0x1, 0x101, 0x85, 0x0, 0x24, 0xfe000000, 0x200008, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xb, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0xe4c3, 0x8000001f, 0x8, 0x653e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) getpid() r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/mcfilter\x00', 0x2980, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) openat$auto_ptdump_fops_(0xffffffffffffff9c, 0x0, 0x120441, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r4, 0x540a, 0x0) ioctl$auto_TIOCSTI2(r4, 0x5412, &(0x7f0000000080)) io_uring_setup$auto(0x59, &(0x7f0000000340)={0x7fffffff, 0xd, 0x2, 0x4, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x5, 0x6, 0x76c5, 0x5, 0x100000000}}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003480)=""/247, 0xf7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/memory.pressure\x00', 0x1, 0x0) 8.743786638s ago: executing program 0 (id=4788): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/dev/raw-gadget\x00', 0x5) r1 = prctl$auto_SECCOMP_MODE_STRICT(0xf, 0x1, 0x0, 0x9, 0x2) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0x1, 0x6, 0x1, 0x89, 0x7181, 0x3ffde, 0x4, 0x10, 0x2000000000000009, 0x6, 0x80003, 0x4, 0x400, 0x85, 0xfffffffffffffffb, 0x9, 0x50007, 0x2, 0xffffffffffffffff, 0x0, 0x80000001, 0x1, 0x202, 0x9, 0x8000, 0x0, 0x0, 0x2, 0xffffffff, 0x0, [0x1, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x400000004, 0x9, 0x2000000800000000, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000009, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x2000000]}, 0x1fe, 0xd) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r2 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/id/vendor\x00', 0x2000, 0x0) read$auto(r3, 0x0, 0x20) write$auto(r2, 0x0, 0x5) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'team_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r1, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0xdc, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_PHY_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7f}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}, @ETHTOOL_A_PHY_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}, @ETHTOOL_A_PHY_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x400c1}, 0x20000001) r5 = socket(0x2a, 0x5, 0x0) close_range$auto(0x0, r5, 0xfffff7fd) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) ppoll$auto(&(0x7f0000000200)={r6, 0x6, 0x6}, 0x8, 0x0, 0x0, 0x8) r7 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi3\x00', 0x400000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdb, 0x9b72, 0x2, 0x8000) sendfile$auto(0xffffffffffffffff, r7, 0x0, 0x10000) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) shmctl$auto_IPC_INFO(0x28, 0x3, 0x0) read$auto_proc_auxv_operations_base(0xffffffffffffffff, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfffffdef) fcntl$auto_F_ADD_SEALS(0xffffffffffffffff, 0x409, 0x0) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000540)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0x7, &(0x7f0000000180)='\xa1\x00\x16\x12\xf8\x98\x00\x00\x00\x00I}T\x99\xb4\xd8S]\xbb\f\xdaY\xae\xf1\xa2\x98s3\xfe@\v\xc2\x90X\x81\xa3r\xfdH\xb2\x0f\x01\xfb\xf4\x84\xbd\xf8\xe9+>e?&\x1c\xd2kj7\xba\xe6\xd3zkL\xa8s\x8ccT=\xac\'\x00\x00n\xf3\x8f\x1d9+\x04\x85\x9b\x8f\x1f\x0e\xeb%\xd4l\xfcfQ=\x10z%\x16Y\xc9\xe5+\x1e\xde\x0f\x9deB\xb3\xb2\xed\xa2:H\'\x00\x00\x00\x00', 0x4) sendfile$auto(r8, r8, 0x0, 0x2) msync$auto(0x7, 0x72, 0x81) 6.420450621s ago: executing program 0 (id=4792): r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x2c, r0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) 6.103826072s ago: executing program 0 (id=4794): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x29, 0x2, 0x0) r0 = socket(0x21, 0x2, 0x2) r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg/1:0:0:0\x00', 0x389041, 0x0) ioctl$auto_SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f0000000140)="46ba5fbf20dced9f5df5014641cfd286fcb6350e0bcf3c90b3b3bb6cfbb1a692578ae0a8ccdbeb55a881bc35124acd6886ed97f9190455d2a3b29e6875c91b9f89e617f07037de6f50510fef0fd218d412b8c44781284a6c11e094fbc407ee400a4388e43fecb0e650d9f4afaac76824a42475e153cd315ef226279473892e7cf270287c96bcdce2df68f8922088ed8c06c6c99ff29dc0af6dae462aff2eed9edc1fb07ee9faf90e5c5293675f1e05ad446a9036233a527cd740c330d20a8d26861fe17e99a0321d8aeed378045ff281b9f48464952362775b967927eb1b1f2852b87bc6eec9dc7f2808a9491237737cd614835aaf8cb4a8f2b1ff5b") sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) write$auto(0x3, 0x0, 0x100085) read$auto(0xffffffffffffffff, 0x0, 0x20) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x405, 0x8, 0x10001, 0x6fb3, 0x8a, 0x4, r0, [0x7783, 0x9, 0x7c], {0x913, 0x7, 0x3034, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0x2000000f08a2b6}, {0x4000, 0xfc, 0xb, 0x0, 0x0, 0xb89, 0xd5, 0x837, 0x8}}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0x2003f2, 0x15) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x800) 5.321142864s ago: executing program 1 (id=4797): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x111000, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x4008ae61, 0x38) r1 = getpid() prctl$auto(0x3e, 0x1, r1, 0x1, 0x0) rt_sigtimedwait$auto(&(0x7f0000000040)={0x7}, &(0x7f0000000080)={@siginfo_0_0={0x2, 0x5884, 0x80000001, @_timer={r1, 0x7, @sival_int=0x800, 0xda7}}}, &(0x7f0000000100)={0x3}, 0x8) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r2, &(0x7f00000020c0)=""/4093, 0xffd) 4.911723707s ago: executing program 4 (id=4798): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x4, &(0x7f0000000000), 0x1) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0x7}, 0x3) lsm_set_self_attr$auto(0x4, 0x0, 0x80, 0x4) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)=""/122, 0x7a) 4.03153449s ago: executing program 1 (id=4799): socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) socket(0x2000000000000021, 0x2, 0x10000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x0, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/ptp/ptp0/max_adjustment\x00', 0x400, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) socketpair$auto(0xb, 0xc, 0x1000, 0x0) semctl$auto(0x1, 0xfffffffe, 0x3, 0x5) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0x15) 4.006778997s ago: executing program 4 (id=4800): shmctl$auto(0x0, 0x1, 0x0) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram4\x00', 0x26040, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf810000000004e8ffffff000000aeed34830d00", 0x3ff, 0xfffffff7, 0xffc, 0x400004, 0x200000000040000d}) 3.422343207s ago: executing program 4 (id=4801): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video58/power/control\x00', 0x101000, 0x0) openat$auto_ptdump_curknl_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x610003, 0x0) close_range$auto(r0, r0, 0xffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0xa0801, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketcall$auto(0x8000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x560, 0x400, 0x100000000002}]}) 3.097616868s ago: executing program 1 (id=4802): r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x602, 0x0) mmap$auto(0x0, 0x2000000002020006, 0x3, 0xeb2, r0, 0x8000) mseal$auto(0x0, 0x7dda, 0x0) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x602, 0x0) (async) mmap$auto(0x0, 0x2000000002020006, 0x3, 0xeb2, r0, 0x8000) (async) mseal$auto(0x0, 0x7dda, 0x0) (async) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) (async) 2.740262115s ago: executing program 1 (id=4803): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x52bb42, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=0x0], 0x14c}, 0x1, 0x0, 0x0, 0x40000004}, 0x40000) (async) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) (async) close_range$auto(0x2, r0, 0x0) (async) ioctl$auto(0x3, 0x40086203, 0xffffffffffffffff) (async) r1 = set_tid_address$auto(0x0) syz_open_procfs$namespace(r1, &(0x7f0000000080)) r2 = syz_clone(0x124a000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) read$auto(0xffffffffffffffff, 0x0, 0xea) read$auto(0xffffffffffffffff, 0x0, 0x0) (async) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x20000003) madvise$auto(0xfffffffffffffffe, 0x100000, 0x17) (async) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) geteuid() socket(0xb877d7ae5150abdb, 0x3, 0x8000) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) prctl$auto(0x3e, 0x3, r2, 0x1, 0x4000) (async) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x804, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x6, 0x0, 0x2, 0xb}, 0x800008}, 0x1ff, 0x1ffffff8) (async) semget$auto(0x0, 0x13c, 0x1ff) (async) bpf$auto(0x7, &(0x7f00000000c0)=@raw_tracepoint={0x9, 0x0, 0x0, 0x6}, 0x3d) semtimedop$auto(0x0, &(0x7f00000000c0)={0x40, 0xedb5, 0xfffc}, 0x1f4, 0x0) (async) semtimedop$auto(0xffffffdb, &(0x7f0000000000)={0x14, 0x800, 0x36e8}, 0x6, 0x0) 2.634087747s ago: executing program 4 (id=4804): mlockall$auto(0x7) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r0) mkdir$auto(&(0x7f00000001c0)='./cgroup\x00', 0xa) r1 = waitid$auto_P_PGID(0x2, 0x0, &(0x7f00000004c0)={@siginfo_0_0={0x3, 0x1, 0x9, @_sigpoll={0x8, r0}}}, 0x4, &(0x7f0000000540)={{0x0, 0x6}, {0x8, 0x8}, 0x100, 0x1000, 0x4, 0x3c, 0x4, 0x101, 0xe, 0x5721, 0x1, 0x2, 0x10000, 0x3, 0xa615, 0x2}) prctl$auto(0x8e, 0x1, r1, 0x6, 0x9) r2 = socket(0x11, 0x80003, 0x0) r3 = getsockopt$auto(0x3, 0x200000000001, 0x2b, 0xfffffffffffffffe, 0x0) r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000040), r3) sendmsg$auto_NFC_CMD_DISABLE_SE(r2, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000080)={0x350, r4, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x50d5}, @NFC_ATTR_LLC_SDP={0x30b, 0x13, 0x0, 0x1, [@nested={0x1ef, 0x4, 0x0, 0x1, [@generic="37da88756d822c373a3885a7037881f0b005bce9d451029d67f93ea62f261f4eaa83527e46a794032bd2979cb85b8d17c930d930433e3a08e80341b8eb4ef166d01e7da63ad40f3d1968d939b913f1795e2085e42a74fd3b39fd13356efe5188cc8441bf53797c7a723481eaeb791c44bbad7699cef54c7f34c64cf1e37bc6302622a11e70ca3da1e8f6b152bacd30fa5fbb29494bd5ef9de881d890331092d2", @typed={0x8, 0x3a, 0x0, 0x0, @u32=0xfffffffa}, @typed={0x8, 0x124, 0x0, 0x0, @u32=0x9}, @typed={0x14, 0xcf, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @nested={0x4, 0xdb}, @generic="fe7a9554ae3620a4e99a1946594c49b8cda3f6a3640b7b3827792b44b66e00761730af5f7ac9da96c406f23d01c04c71f41570944baaaf2c1b8bcda0809ed572de93d1912990edd059c80b98423d308d79fa8d292053895cd4e23f7e8b896f7252ef46243749536deb5a42c130b81c08afd3068bb9ae3122877d9393af0e13fde991a17f5f2353070a3e0630415037fdc1306adf480ae819c3090bc91654372557d414c752e8e9be6bcc9167e393ea07d91cf748a35140c2503be040a2f978bf7cb2b0ff2c7d6e65fd3508d97850b85f115ebe4633b4fe8305c72001e8db54e317bfc86bfa3c61f85c55935df2ccae1f5d01e2e0ab", @generic="ce62e4505711fd11939cc28077ed7b4a74b3ef265e4019e865da", @typed={0x8, 0x149, 0x0, 0x0, @fd=r3}, @nested={0x4, 0x141}, @typed={0x8, 0x22, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @generic="6589c886e6b48c3c4dd446e310e29617be79b6f390a570fe87a30ebb5d18fe973897fe7ac1b57a33d82a1a2acd3ccd177d9fa1f47a8e600eeae3f80b40917532003ec5f233d926fffe8344b5cafcd13a943ee65861f937305d54dbc4a2b64468c46e0b1aa284d11f972392462e6868950f1cb0562aa1aababdf73801109142ad2c35620b2b7a7c642d5a9fc37e5ce9f1afeb392a91a4d3fb8790a6fd9178b28ada39b86736e86e7fe464bd9552eeb20c0b479fc08852dbd71bc383146ecd8f273f83c8a1bfffd59c92deaf123b465d688c5f68f9c50c7e8545c20a9e57b0eed8ae5899cd7e6f68a9facd1309b6ea02232ec13b87", @typed={0x8, 0xeb, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x22}}, @generic="f37df19097c30c4f5b02f0edfcac96a6d80e5d2b6c6cb0d698793f"]}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0xc3}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x74}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x80000000}, @NFC_ATTR_DEVICE_NAME={0x7, 0x2, '):['}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}]}, 0x350}, 0x1, 0x0, 0x0, 0x10}, 0x20000) sendmsg$auto_NFC_CMD_LLC_SDREQ(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r4, 0x10, 0x70bd28, 0x25dfdbff, {}, [@NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x3}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x5}, @NFC_ATTR_DEVICE_POWERED={0x5, 0xc, 0x6d}]}, 0x2c}}, 0x4011) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) rmdir$auto(&(0x7f0000000080)='./cgroup\x00') readv$auto(r5, &(0x7f0000000040)={0x0, 0x3ff}, 0x1) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x54c) chdir$auto(&(0x7f0000000180)='./file0\x00') rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') 2.354742814s ago: executing program 3 (id=4805): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b80ebd01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000002c0)="64fbec6a8318df02785c20", 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r1, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x14, r2, 0x1, 0x1, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc810}, 0x40) unshare$auto(0x40000080) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, r2, 0x200, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000440), 0x408000, 0x0) setsockopt$auto_SO_TIMESTAMP_NEW(r3, 0x81, 0x3f, &(0x7f0000000480)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x5) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio14\x00', 0x80000, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f0000000340)="89a2e185c3bf706c7da0df910d821a053fd2c8a47fe90980ea65db3fc5c0ee6da23f5279bb954c208630435a22ead374979efdeff941e5d010815fe66a8660b42db4a6e0755265cf721eb4b2687599b3391dd0c9f02c718000c0191a8cd78999df165072e2a40801ec4866b63195038be6d03a65dbd69c63ef794e2e1c44673b5d38574375573bf5ace387eeaec364b23c4cf91fcc3516947b2203e608a8e2942e793b79371479950a6d7da3870928ab1bd7ccb5296511365e4699c7a3eaff1570b5b000574175178a5e606f7234a10eac634e50b7c1ac1a61a3") ioctl$auto(r5, 0x80885659, r5) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), r4) r6 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7000f9dbdf250100000006000200000000000500070080000000080009000100000008000a000800000008001700", @ANYRES32], 0x3c}}, 0x4000000) 1.751454503s ago: executing program 4 (id=4806): syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101003, 0x0) r2 = clone3$auto(&(0x7f0000000040)={0x43, 0x4, 0xa5e7, 0x10000, 0x1, 0x8000000000000000, 0x10, 0x5, 0xf, 0x1ff, 0x5185}, 0x1) prctl$auto(0x3e, 0x1, r2, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x323042, 0x0) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r3, 0xc0045004, &(0x7f0000000000)) mmap$auto(0x0, 0x2020009, 0xfffffffffffffff8, 0xebf, 0xfffffffffffffffa, 0x80000001) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0xfffffffffffffffe, 0x240007, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) socket(0x2, 0x5, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000011c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_STATUS(r4, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)={0x1c, r5, 0x929, 0x70bd28, 0x25dfdbfb, {}, [@HSR_A_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x240008c5}, 0x48094) 1.607708764s ago: executing program 0 (id=4807): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) poll$auto(&(0x7f0000000000)={r0, 0xe7f1, 0x1723}, 0x8, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) (rerun: 32) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x44, r3, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0xe, 0x0, 0x1, [@typed={0xc, 0x94, 0x0, 0x0, @u64=0x6}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) (async) r6 = socket(0x10, 0x2, 0xf) r7 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r6, 0xffffffff}, 0xd) bpf$auto(0x1, &(0x7f0000000080)=@iter_create={r7, 0x98}, 0xf) unshare$auto(0x40000080) (async) r8 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x44402, 0x0) (async) r9 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40000, 0x0) (async) listen$auto(r5, 0x78) (async) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) r10 = openat$auto_fops_x16_ro_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/dormant_links\x00', 0x100, 0x0) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=@prog_bind_map={r4, r10}, 0x3) (async) r11 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r11, 0x40146f2c, 0x0) (async) r12 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80180, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r12, 0x40146f2c, 0x0) (async) read$auto_proc_iter_file_ops_compat_inode(r9, 0x0, 0x0) (async) ioctl$auto(r8, 0x6f2d, r8) (async, rerun: 32) sysfs$auto(0x5, 0xfffffffffffffff7, 0x5) (rerun: 32) 1.516194808s ago: executing program 1 (id=4808): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/khugepaged/defrag\x00', 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) getdents$auto(r1, &(0x7f00000004c0)={0x100, 0xa, 0x4}, 0x62d4) write$auto(0x3, 0x0, 0xffd8) getsockopt$auto_SO_BINDTODEVICE(r0, 0x5, 0x19, &(0x7f0000000000)='\x00', &(0x7f0000000080)=0x2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sda\x00', 0x84100, 0x0) r3 = getpgid$auto(0xffffffffffffffff) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={"939d33ba3a1af3fd20fae6c325f403392288c7f70c12c95d3a11e4d9f9104dc0", 0x2, 0x4, 0x8d25, 0x4, 0x7, r3}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r5, 0x0, 0x7) ioctl$auto_IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f00000000c0)={0x101, 0x21b}) 1.045848329s ago: executing program 1 (id=4809): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x800008000) sysfs$auto(0x2, 0x23, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8003) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/ipv6/parameters/autoconf\x00', 0x30883, 0x0) write$auto(r0, &(0x7f0000000000)='/sys/devices/virtual/sound/ctl-led/speaker/card2/detach\x00', 0x7fffffff) mmap$auto(0x1, 0x9, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) mmap$auto(0xc4f9, 0x4, 0xdf, 0x1f, 0xffffffffffffffff, 0x7ffd) socket(0x29, 0x800, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r3 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x7) ioctl$auto(0x3, 0x400454ca, 0x38) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r2) write$auto(r4, &(0x7f0000000000)='//\xf2\x00', 0x80000000) prctl$auto(0x1, 0xfffffffffffff8a9, r3, 0x4, 0x2) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_fragmentation_threshold_ops_(r2, &(0x7f00000000c0)=""/118, 0x76) msync$auto(0x0, 0xe0, 0x6) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x401, 0x15) openat$auto_ima_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000002c0), 0x480, 0x0) io_uring_setup$auto(0x1d4, 0x0) 958.014121ms ago: executing program 4 (id=4810): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r1, &(0x7f0000001080)="0df7f855710612e6db9a11191b8c62a727579dbcb7e5f5ccec6f01402aaa486606a56981c1e3f2c8598bf9f8ddfb264dfb694383db594bdf8ad338c9f9ca0b0f943e7c8df892f47388201f3334e2d9231726f58e37ff018df74b3bd694f00222715400"/109, 0xffffffffffffffb9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket(0x2, 0x801, 0x106) socketpair$auto(0xc, 0x7, 0xfffffff9, &(0x7f0000001040)=0x8ea) mmap$auto(0xffffffffffffffff, 0x90, 0x2b, 0x9b73, r1, 0x8000) mmap$auto(0x0, 0x1000, 0x4000000000df, 0xebe, 0x401, 0x803e) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000140)) pipe2$auto(0x0, 0x80) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002180)='/dev/tty1\x00', 0x101000, 0x0) r4 = epoll_create1$auto(0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r5) sendmsg$auto_OVS_VPORT_CMD_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="201ff5d9", @ANYRES16=r6, @ANYBLOB="010027b57100fedbdf250300000004000a800800010004000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$auto_XFS_IOC_FD_TO_HANDLE(r4, 0xc038586a, &(0x7f0000002140)={r5, 0x0, 0x7fff, 0x0, 0x1, &(0x7f00000020c0)="473fa849773c", &(0x7f0000002100)=0x7}) unshare$auto(0x40000080) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r3, r7, 0x0, 0x1) 345.167214ms ago: executing program 3 (id=4811): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x7fffffff, 0x9, 0x8, 0xffffffff, 0xfffffffffffffffe, 0x1, 0xfc2, 0x26f, @inferred, @raw=0x9}) setresgid$auto(0x0, 0xffffffffffffffff, r1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0xfffffff8, 0x3, 0x1004, 0x1, 0x9, 0x5, 0x6, 0x7, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x52, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x8044) r6 = ioctl$auto_TUNSETSNDBUF2(r2, 0x400454d4, &(0x7f0000000380)=0xfffffe2a) sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(r6, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x9}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0xfff7}]}, 0x28}}, 0x20000815) mmap$auto(0x0, 0xeb80, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iostats\x00', 0x80302, 0x0) sendfile$auto(r7, r7, 0x0, 0x2) r8 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_USB_RAW_IOCTL_INIT(r8, 0x41015500, &(0x7f0000000080)={"44cb9bf73ee4f7d17375d0a20200fc097204973ce5c568f45cf3a37f00073e797cd85f52c60300259f0f496b584d7480859a383753a492b262cd2e665fea37decc05000020000000001eee4def7500006344c1b5ba8cd74d78b58200000000001000000001000004000000004000", "780700e6cfac240fa640931102b4c630bc5601fb47fa67124586bd24165be85c89ed2955a83b4f3993c0f4f3a6e054fed14a933119c64d9d923ef32ce561acad10f499213cd61be3b68dcaf3e5f074ce961d6a33c481d540e5282df56757d500", 0x5}) ioctl$auto_USB_RAW_IOCTL_RUN(r8, 0x5501, 0x0) 0s ago: executing program 0 (id=4812): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/xfs/xqmstat\x00', 0x20000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4096, 0x1000) mmap$auto(0x0, 0x810002, 0xffb, 0x8000000008012, r0, 0x8000) mlock$auto(0x7, 0x4) mlockall$auto(0x7) kernel console output (not intermixed with test programs): me fail_futex, interval 1, probability 0, space 0, times 0 [ 962.083684][ T2606] CPU: 0 UID: 0 PID: 2606 Comm: syz.3.4077 Tainted: G U L syzkaller #0 PREEMPT(full) [ 962.083719][ T2606] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 962.083728][ T2606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 962.083740][ T2606] Call Trace: [ 962.083746][ T2606] [ 962.083754][ T2606] dump_stack_lvl+0x16c/0x1f0 [ 962.083793][ T2606] should_fail_ex+0x512/0x640 [ 962.083820][ T2606] get_futex_key+0x1d0/0x15f0 [ 962.083844][ T2606] ? __pfx_get_futex_key+0x10/0x10 [ 962.083872][ T2606] futex_wait_setup+0x9d/0x570 [ 962.083906][ T2606] __futex_wait+0x193/0x2f0 [ 962.083933][ T2606] ? __pfx___futex_wait+0x10/0x10 [ 962.083959][ T2606] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 962.083987][ T2606] ? lockdep_hardirqs_on+0x7c/0x110 [ 962.084018][ T2606] ? __pfx_futex_wake_mark+0x10/0x10 [ 962.084048][ T2606] ? find_held_lock+0x2b/0x80 [ 962.084076][ T2606] ? futex_private_hash_put+0x160/0x1b0 [ 962.084098][ T2606] futex_wait+0xe8/0x380 [ 962.084124][ T2606] ? __pfx_futex_wait+0x10/0x10 [ 962.084155][ T2606] ? __lock_acquire+0x436/0x2890 [ 962.084181][ T2606] do_futex+0x229/0x350 [ 962.084203][ T2606] ? __pfx_do_futex+0x10/0x10 [ 962.084226][ T2606] ? find_held_lock+0x2b/0x80 [ 962.084253][ T2606] __x64_sys_futex+0x1e0/0x4c0 [ 962.084277][ T2606] ? __fget_files+0x20e/0x3c0 [ 962.084304][ T2606] ? __pfx___x64_sys_futex+0x10/0x10 [ 962.084329][ T2606] ? fdget+0x187/0x210 [ 962.084359][ T2606] do_syscall_64+0xcd/0xf80 [ 962.084389][ T2606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 962.084409][ T2606] RIP: 0033:0x7f33b258f7c9 [ 962.084425][ T2606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 962.084444][ T2606] RSP: 002b:00007f33b33f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 962.084473][ T2606] RAX: ffffffffffffffda RBX: 00007f33b27e5fa8 RCX: 00007f33b258f7c9 [ 962.084486][ T2606] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f33b27e5fa8 [ 962.084498][ T2606] RBP: 00007f33b27e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 962.084510][ T2606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 962.084522][ T2606] R13: 00007f33b27e6038 R14: 00007ffc24d43620 R15: 00007ffc24d43708 [ 962.084552][ T2606] [ 963.445048][ T2657] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4083'. [ 963.485788][ T2657] bridge_slave_1: left allmulticast mode [ 963.535751][ T2657] bridge_slave_1: left promiscuous mode [ 963.598690][ T2657] bridge0: port 2(bridge_slave_1) entered disabled state [ 963.673866][ T2657] bridge_slave_0: left allmulticast mode [ 963.723468][ T2657] bridge_slave_0: left promiscuous mode [ 963.787488][ T2657] bridge0: port 1(bridge_slave_0) entered disabled state [ 965.529733][ T2734] FAULT_INJECTION: forcing a failure. [ 965.529733][ T2734] name failslab, interval 1, probability 393216, space 0, times 0 [ 965.578118][ T2727] bond0: invalid ARP target specified [ 965.605417][ T2734] CPU: 0 UID: 0 PID: 2734 Comm: syz.4.4087 Tainted: G U L syzkaller #0 PREEMPT(full) [ 965.605463][ T2734] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 965.605471][ T2734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 965.605482][ T2734] Call Trace: [ 965.605489][ T2734] [ 965.605496][ T2734] dump_stack_lvl+0x16c/0x1f0 [ 965.605530][ T2734] should_fail_ex+0x512/0x640 [ 965.605551][ T2734] ? __kmalloc_cache_noprof+0x5f/0x800 [ 965.605575][ T2734] should_failslab+0xc2/0x120 [ 965.605605][ T2734] __kmalloc_cache_noprof+0x80/0x800 [ 965.605627][ T2734] ? snd_seq_oss_readq_new+0x4a/0x2c0 [ 965.605655][ T2734] ? snd_seq_oss_readq_new+0x4a/0x2c0 [ 965.605677][ T2734] snd_seq_oss_readq_new+0x4a/0x2c0 [ 965.605701][ T2734] snd_seq_oss_open+0x54b/0xa40 [ 965.605735][ T2734] odev_open+0x79/0xc0 [ 965.605761][ T2734] ? __pfx_odev_open+0x10/0x10 [ 965.605787][ T2734] soundcore_open+0x40c/0x580 [ 965.605824][ T2734] ? __pfx_soundcore_open+0x10/0x10 [ 965.605851][ T2734] chrdev_open+0x234/0x6a0 [ 965.605881][ T2734] ? __pfx_apparmor_file_open+0x10/0x10 [ 965.605901][ T2734] ? __pfx_chrdev_open+0x10/0x10 [ 965.605931][ T2734] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 965.605966][ T2734] do_dentry_open+0x748/0x1590 [ 965.605999][ T2734] ? __pfx_chrdev_open+0x10/0x10 [ 965.606034][ T2734] vfs_open+0x82/0x3f0 [ 965.606057][ T2734] path_openat+0x2078/0x3140 [ 965.606093][ T2734] ? __pfx_path_openat+0x10/0x10 [ 965.606129][ T2734] do_filp_open+0x20b/0x470 [ 965.606158][ T2734] ? __pfx_do_filp_open+0x10/0x10 [ 965.606202][ T2734] ? alloc_fd+0x471/0x7d0 [ 965.606237][ T2734] do_sys_openat2+0x121/0x290 [ 965.606258][ T2734] ? __pfx_do_sys_openat2+0x10/0x10 [ 965.606288][ T2734] __x64_sys_openat+0x174/0x210 [ 965.606311][ T2734] ? __pfx___x64_sys_openat+0x10/0x10 [ 965.606342][ T2734] do_syscall_64+0xcd/0xf80 [ 965.606377][ T2734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.606397][ T2734] RIP: 0033:0x7fee8c18f7c9 [ 965.606413][ T2734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 965.606432][ T2734] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 965.606457][ T2734] RAX: ffffffffffffffda RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 965.606470][ T2734] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 965.606482][ T2734] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 965.606493][ T2734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 965.606504][ T2734] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 965.606528][ T2734] [ 966.726029][ T2774] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4088'. [ 966.867330][ T2774] team0: Port device team_slave_1 removed [ 968.382270][ T2873] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 968.470650][ T2874] FAULT_INJECTION: forcing a failure. [ 968.470650][ T2874] name fail_futex, interval 1, probability 0, space 0, times 0 [ 968.574230][ T2874] CPU: 0 UID: 0 PID: 2874 Comm: syz.1.4093 Tainted: G U L syzkaller #0 PREEMPT(full) [ 968.574270][ T2874] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 968.574278][ T2874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 968.574290][ T2874] Call Trace: [ 968.574296][ T2874] [ 968.574305][ T2874] dump_stack_lvl+0x16c/0x1f0 [ 968.574341][ T2874] should_fail_ex+0x512/0x640 [ 968.574363][ T2874] ? kasan_save_free_info+0x3b/0x60 [ 968.574388][ T2874] get_futex_key+0x1d0/0x15f0 [ 968.574412][ T2874] ? __pfx_get_futex_key+0x10/0x10 [ 968.574440][ T2874] futex_wake+0xea/0x530 [ 968.574468][ T2874] ? __pfx_futex_wake+0x10/0x10 [ 968.574507][ T2874] ? rcu_is_watching+0x12/0xc0 [ 968.574535][ T2874] ? kasan_quarantine_put+0x10a/0x240 [ 968.574564][ T2874] do_futex+0x1e3/0x350 [ 968.574587][ T2874] ? __pfx_do_futex+0x10/0x10 [ 968.574608][ T2874] ? __x64_sys_statmount+0x4c3/0x6c0 [ 968.574636][ T2874] __x64_sys_futex+0x1e0/0x4c0 [ 968.574661][ T2874] ? __pfx___x64_sys_futex+0x10/0x10 [ 968.574693][ T2874] do_syscall_64+0xcd/0xf80 [ 968.574725][ T2874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 968.574745][ T2874] RIP: 0033:0x7fa25078f7c9 [ 968.574761][ T2874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 968.574780][ T2874] RSP: 002b:00007fa2516d80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 968.574799][ T2874] RAX: ffffffffffffffda RBX: 00007fa2509e6098 RCX: 00007fa25078f7c9 [ 968.574812][ T2874] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa2509e609c [ 968.574824][ T2874] RBP: 00007fa2509e6090 R08: 00007fa2516fa000 R09: 0000000000000000 [ 968.574836][ T2874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 968.574847][ T2874] R13: 00007fa2509e6128 R14: 00007ffef2677a50 R15: 00007ffef2677b38 [ 968.574871][ T2874] [ 969.306320][ T2903] netlink: 'syz.3.4098': attribute type 10 has an invalid length. [ 969.364782][ T2903] netlink: 230 bytes leftover after parsing attributes in process `syz.3.4098'. [ 969.506783][ T30] audit: type=1804 audit(2147484953.363:89): pid=2883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4096" name="/newroot/161/file0" dev="tmpfs" ino=874 res=1 errno=0 [ 969.567154][ T2914] futex_wake_op: syz.4.4099 tries to shift op by -2048; fix this program [ 969.611707][ T30] audit: type=1804 audit(2147484953.393:90): pid=2894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4096" name="/newroot/161/file0" dev="tmpfs" ino=874 res=1 errno=0 [ 969.743745][ T2914] futex_wake_op: syz.4.4099 tries to shift op by -2048; fix this program [ 971.188299][ T2992] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4104'. [ 971.300244][ T2994] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4104'. [ 973.090065][ T3043] zswap: compressor not available [ 973.122811][ T3051] netlink: 130 bytes leftover after parsing attributes in process `syz.3.4112'. [ 973.708515][ T3072] futex_wake_op: syz.3.4113 tries to shift op by -2048; fix this program [ 973.807794][ T3072] futex_wake_op: syz.3.4113 tries to shift op by -2048; fix this program [ 974.120511][ T3094] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 976.370661][ T3197] random: crng reseeded on system resumption [ 977.625605][ T3284] netlink: 5 bytes leftover after parsing attributes in process `syz.3.4129'. [ 977.706093][ T3284] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4129'. [ 977.983608][ T3293] futex_wake_op: syz.0.4128 tries to shift op by -2048; fix this program [ 978.225796][ T3293] futex_wake_op: syz.0.4128 tries to shift op by -2048; fix this program [ 979.970594][ T3379] Process accounting paused [ 982.719016][ T3496] FAULT_INJECTION: forcing a failure. [ 982.719016][ T3496] name failslab, interval 1, probability 393216, space 0, times 0 [ 982.896361][ T3496] CPU: 0 UID: 0 PID: 3496 Comm: syz.1.4144 Tainted: G U L syzkaller #0 PREEMPT(full) [ 982.896405][ T3496] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 982.896413][ T3496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 982.896425][ T3496] Call Trace: [ 982.896432][ T3496] [ 982.896440][ T3496] dump_stack_lvl+0x16c/0x1f0 [ 982.896482][ T3496] should_fail_ex+0x512/0x640 [ 982.896505][ T3496] ? __kmalloc_noprof+0xca/0x910 [ 982.896530][ T3496] should_failslab+0xc2/0x120 [ 982.896565][ T3496] __kmalloc_noprof+0xeb/0x910 [ 982.896586][ T3496] ? lsm_blob_alloc+0x68/0x90 [ 982.896631][ T3496] ? lsm_blob_alloc+0x68/0x90 [ 982.896658][ T3496] lsm_blob_alloc+0x68/0x90 [ 982.896687][ T3496] security_sk_alloc+0x2f/0x270 [ 982.896714][ T3496] sk_prot_alloc+0x1c7/0x2a0 [ 982.896746][ T3496] sk_alloc+0x36/0xe30 [ 982.896769][ T3496] __netlink_create+0x5e/0x2c0 [ 982.896795][ T3496] __netlink_kernel_create+0xed/0x750 [ 982.896824][ T3496] ? __pfx___netlink_kernel_create+0x10/0x10 [ 982.896858][ T3496] ? __pfx_genl_pernet_init+0x10/0x10 [ 982.896890][ T3496] genl_pernet_init+0xbd/0x170 [ 982.896921][ T3496] ? __pfx_genl_pernet_init+0x10/0x10 [ 982.896950][ T3496] ? lockdep_init_map_type+0x5c/0x270 [ 982.896974][ T3496] ? __pfx_genl_rcv+0x10/0x10 [ 982.897001][ T3496] ? __pfx_genl_bind+0x10/0x10 [ 982.897029][ T3496] ? __pfx_genl_unbind+0x10/0x10 [ 982.897056][ T3496] ? __pfx_genl_release+0x10/0x10 [ 982.897073][ T3496] ? mutex_init_lockep+0x110/0x150 [ 982.897099][ T3496] ops_init+0x1e2/0x5f0 [ 982.897128][ T3496] setup_net+0x11d/0x3a0 [ 982.897154][ T3496] ? __pfx_setup_net+0x10/0x10 [ 982.897178][ T3496] ? lockdep_init_map_type+0x5c/0x270 [ 982.897198][ T3496] ? mutex_init_lockep+0x110/0x150 [ 982.897220][ T3496] copy_net_ns+0x351/0x7c0 [ 982.897251][ T3496] create_new_namespaces+0x3ea/0xab0 [ 982.897283][ T3496] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 982.897312][ T3496] ksys_unshare+0x45b/0xa40 [ 982.897343][ T3496] ? __pfx_ksys_unshare+0x10/0x10 [ 982.897374][ T3496] ? xfd_validate_state+0x61/0x180 [ 982.897408][ T3496] __x64_sys_unshare+0x31/0x40 [ 982.897438][ T3496] do_syscall_64+0xcd/0xf80 [ 982.897469][ T3496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 982.897489][ T3496] RIP: 0033:0x7fa25078f7c9 [ 982.897506][ T3496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 982.897528][ T3496] RSP: 002b:00007fa2516f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 982.897552][ T3496] RAX: ffffffffffffffda RBX: 00007fa2509e5fa0 RCX: 00007fa25078f7c9 [ 982.897565][ T3496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 982.897577][ T3496] RBP: 00007fa250813f91 R08: 0000000000000000 R09: 0000000000000000 [ 982.897588][ T3496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 982.897599][ T3496] R13: 00007fa2509e6038 R14: 00007fa2509e5fa0 R15: 00007ffef2677b38 [ 982.897623][ T3496] [ 985.331520][ T3520] zswap: compressor not available [ 986.661382][ T3670] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 987.873898][ T3636] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 987.963546][ T3636] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 988.092900][ T3636] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 988.212152][ T3636] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 988.262074][T22011] Bluetooth: hci2: command 0x0c1a tx timeout [ 990.013646][T22011] Bluetooth: hci3: command 0x0c1a tx timeout [ 990.048605][ T3748] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4167'. [ 990.094782][T12714] Bluetooth: hci1: command 0x0c1a tx timeout [ 990.100892][T22011] Bluetooth: hci4: command 0x0c1a tx timeout [ 990.110090][ T3755] netlink: 88 bytes leftover after parsing attributes in process `syz.4.4165'. [ 992.204609][ T3841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4170'. [ 994.989853][ T3943] zswap: compressor 000 not available [ 995.050326][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 995.058163][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.718178][ T3966] FAULT_INJECTION: forcing a failure. [ 995.718178][ T3966] name failslab, interval 1, probability 393216, space 0, times 0 [ 995.866194][ T3966] CPU: 0 UID: 0 PID: 3966 Comm: syz.3.4182 Tainted: G U L syzkaller #0 PREEMPT(full) [ 995.866231][ T3966] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 995.866238][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 995.866250][ T3966] Call Trace: [ 995.866318][ T3966] [ 995.866326][ T3966] dump_stack_lvl+0x16c/0x1f0 [ 995.866362][ T3966] should_fail_ex+0x512/0x640 [ 995.866384][ T3966] ? fs_reclaim_acquire+0xae/0x150 [ 995.866418][ T3966] should_failslab+0xc2/0x120 [ 995.866449][ T3966] kmem_cache_alloc_noprof+0x83/0x770 [ 995.866472][ T3966] ? __pfx_map_id_range_down+0x10/0x10 [ 995.866500][ T3966] ? security_inode_alloc+0x3b/0x2b0 [ 995.866526][ T3966] ? security_inode_alloc+0x3b/0x2b0 [ 995.866545][ T3966] security_inode_alloc+0x3b/0x2b0 [ 995.866567][ T3966] inode_init_always_gfp+0xced/0x1040 [ 995.866599][ T3966] alloc_inode+0x86/0x240 [ 995.866621][ T3966] new_inode+0x22/0x1c0 [ 995.866644][ T3966] shmem_get_inode+0x19a/0xfb0 [ 995.866675][ T3966] ? __vm_enough_memory+0x184/0x3f0 [ 995.866704][ T3966] __shmem_file_setup+0x290/0x350 [ 995.866737][ T3966] shmem_zero_setup+0x93/0x1b0 [ 995.866762][ T3966] __mmap_region+0x2271/0x2a00 [ 995.866788][ T3966] ? __pfx___mmap_region+0x10/0x10 [ 995.866816][ T3966] ? kvm_sched_clock_read+0x11/0x20 [ 995.866843][ T3966] ? sched_clock+0x38/0x60 [ 995.866881][ T3966] ? rcu_is_watching+0x12/0xc0 [ 995.866950][ T3966] ? rcu_is_watching+0x12/0xc0 [ 995.866982][ T3966] mmap_region+0x1ab/0x3f0 [ 995.867005][ T3966] ? __get_unmapped_area+0x267/0x3f0 [ 995.867035][ T3966] do_mmap+0xa3e/0x1210 [ 995.867067][ T3966] ? __pfx_do_mmap+0x10/0x10 [ 995.867096][ T3966] ? __pfx_down_write_killable+0x10/0x10 [ 995.867120][ T3966] vm_mmap_pgoff+0x29e/0x470 [ 995.867151][ T3966] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 995.867183][ T3966] ? __x64_sys_futex+0x1e0/0x4c0 [ 995.867204][ T3966] ? __x64_sys_futex+0x1e9/0x4c0 [ 995.867229][ T3966] ksys_mmap_pgoff+0x7d/0x5c0 [ 995.867261][ T3966] ? xfd_validate_state+0x61/0x180 [ 995.867282][ T3966] __x64_sys_mmap+0x125/0x190 [ 995.867304][ T3966] do_syscall_64+0xcd/0xf80 [ 995.867334][ T3966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 995.867354][ T3966] RIP: 0033:0x7f33b258f7c9 [ 995.867376][ T3966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 995.867395][ T3966] RSP: 002b:00007f33b33d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 995.867414][ T3966] RAX: ffffffffffffffda RBX: 00007f33b27e6090 RCX: 00007f33b258f7c9 [ 995.867427][ T3966] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 995.867438][ T3966] RBP: 00007f33b2613f91 R08: fffffffffffffffa R09: 0000000000008000 [ 995.867450][ T3966] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 995.867461][ T3966] R13: 00007f33b27e6128 R14: 00007f33b27e6090 R15: 00007ffc24d43708 [ 995.867486][ T3966] [ 996.685286][T22011] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 996.933692][ T3969] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4183'. [ 998.341217][ T4018] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 998.398917][ T4018] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 998.506557][ T4018] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 998.663828][ T4018] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 998.752765][ T4018] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 999.582676][ T4096] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.4186: iget: checksum invalid [ 999.729599][T12714] Bluetooth: hci2: command 0x0c1a tx timeout [ 999.774763][ T4096] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 999.918368][ T4096] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.4186: iget: checksum invalid [ 1000.023368][ T4096] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1000.095681][ T4096] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.4186: iget: checksum invalid [ 1000.180935][ T4096] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1000.336514][ T4096] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.4186: iget: checksum invalid [ 1000.436775][ T4096] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1000.451377][T12714] Bluetooth: hci3: command 0x0c1a tx timeout [ 1000.564635][ T4096] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1000.623994][ T4096] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1000.687849][T12714] Bluetooth: hci1: command 0x0c1a tx timeout [ 1000.766239][T12714] Bluetooth: hci4: command 0x0c1a tx timeout [ 1002.518887][T12714] Bluetooth: hci3: command 0x0c1a tx timeout [ 1004.344943][ T4195] FAULT_INJECTION: forcing a failure. [ 1004.344943][ T4195] name failslab, interval 1, probability 393216, space 0, times 0 [ 1004.408469][ T4195] CPU: 0 UID: 0 PID: 4195 Comm: syz.3.4199 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1004.408504][ T4195] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1004.408512][ T4195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1004.408524][ T4195] Call Trace: [ 1004.408531][ T4195] [ 1004.408539][ T4195] dump_stack_lvl+0x16c/0x1f0 [ 1004.408573][ T4195] should_fail_ex+0x512/0x640 [ 1004.408596][ T4195] ? __kmalloc_noprof+0xca/0x910 [ 1004.408620][ T4195] should_failslab+0xc2/0x120 [ 1004.408650][ T4195] __kmalloc_noprof+0xeb/0x910 [ 1004.408670][ T4195] ? process_preds+0x48b/0x1c50 [ 1004.408700][ T4195] ? process_preds+0x48b/0x1c50 [ 1004.408724][ T4195] process_preds+0x48b/0x1c50 [ 1004.408755][ T4195] ? create_filter_start.constprop.0+0x56/0x300 [ 1004.408784][ T4195] create_filter+0x140/0x210 [ 1004.408810][ T4195] ? __pfx_create_filter+0x10/0x10 [ 1004.408835][ T4195] ? __pfx___mutex_lock+0x10/0x10 [ 1004.408867][ T4195] ? find_held_lock+0x2b/0x80 [ 1004.408894][ T4195] apply_event_filter+0x220/0x500 [ 1004.408921][ T4195] ? __pfx_apply_event_filter+0x10/0x10 [ 1004.408954][ T4195] event_filter_write+0x16d/0x290 [ 1004.408975][ T4195] ? __pfx_event_filter_write+0x10/0x10 [ 1004.408992][ T4195] vfs_write+0x2a0/0x11d0 [ 1004.409037][ T4195] ? __pfx___mutex_lock+0x10/0x10 [ 1004.409070][ T4195] ? __pfx_vfs_write+0x10/0x10 [ 1004.409103][ T4195] ? __fget_files+0x20e/0x3c0 [ 1004.409138][ T4195] ksys_write+0x12a/0x250 [ 1004.409166][ T4195] ? __pfx_ksys_write+0x10/0x10 [ 1004.409200][ T4195] do_syscall_64+0xcd/0xf80 [ 1004.409237][ T4195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.409257][ T4195] RIP: 0033:0x7f33b258f7c9 [ 1004.409274][ T4195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1004.409293][ T4195] RSP: 002b:00007f33b33f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1004.409313][ T4195] RAX: ffffffffffffffda RBX: 00007f33b27e5fa0 RCX: 00007f33b258f7c9 [ 1004.409326][ T4195] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1004.409337][ T4195] RBP: 00007f33b2613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1004.409349][ T4195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1004.409362][ T4195] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1004.409387][ T4195] [ 1005.118422][ T4203] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4200'. [ 1005.173366][ T4203] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1005.869106][ T4215] netlink: 27 bytes leftover after parsing attributes in process `syz.3.4202'. [ 1006.173479][ T4218] netlink: 27 bytes leftover after parsing attributes in process `syz.3.4202'. [ 1007.355579][ T4253] FAULT_INJECTION: forcing a failure. [ 1007.355579][ T4253] name failslab, interval 1, probability 393216, space 0, times 0 [ 1007.416611][ T4253] CPU: 0 UID: 0 PID: 4253 Comm: syz.4.4207 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1007.416646][ T4253] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1007.416654][ T4253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1007.416665][ T4253] Call Trace: [ 1007.416672][ T4253] [ 1007.416680][ T4253] dump_stack_lvl+0x16c/0x1f0 [ 1007.416714][ T4253] should_fail_ex+0x512/0x640 [ 1007.416736][ T4253] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1007.416762][ T4253] should_failslab+0xc2/0x120 [ 1007.416792][ T4253] __kmalloc_cache_noprof+0x80/0x800 [ 1007.416815][ T4253] ? resv_map_alloc+0x7e/0x400 [ 1007.416844][ T4253] ? resv_map_alloc+0x7e/0x400 [ 1007.416871][ T4253] resv_map_alloc+0x7e/0x400 [ 1007.416897][ T4253] hugetlbfs_get_inode+0x33f/0x700 [ 1007.416920][ T4253] hugetlb_file_setup+0x15b/0x620 [ 1007.416942][ T4253] ksys_mmap_pgoff+0x189/0x5c0 [ 1007.416974][ T4253] __x64_sys_mmap+0x125/0x190 [ 1007.416996][ T4253] do_syscall_64+0xcd/0xf80 [ 1007.417027][ T4253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1007.417047][ T4253] RIP: 0033:0x7fee8c18f7c9 [ 1007.417063][ T4253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1007.417082][ T4253] RSP: 002b:00007fee8a3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1007.417101][ T4253] RAX: ffffffffffffffda RBX: 00007fee8c3e6090 RCX: 00007fee8c18f7c9 [ 1007.417114][ T4253] RDX: 00004000000000df RSI: 0000000000000003 RDI: 0000000000000000 [ 1007.417125][ T4253] RBP: 00007fee8c213f91 R08: 0000000000000401 R09: 0000300000000000 [ 1007.417137][ T4253] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1007.417148][ T4253] R13: 00007fee8c3e6128 R14: 00007fee8c3e6090 R15: 00007ffca701a4a8 [ 1007.417171][ T4253] [ 1007.854817][ T30] audit: type=1804 audit(2147484991.893:91): pid=4242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4205" name="/newroot/254/file0" dev="tmpfs" ino=1352 res=1 errno=0 [ 1008.014334][ T30] audit: type=1804 audit(2147484991.923:92): pid=4252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.4205" name="/newroot/254/file0" dev="tmpfs" ino=1352 res=1 errno=0 [ 1009.238984][ T4241] FAULT_INJECTION: forcing a failure. [ 1009.238984][ T4241] name failslab, interval 1, probability 393216, space 0, times 0 [ 1009.375423][ T4286] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 1009.375423][ T4286] program syz.3.4212 not setting count and/or reply_len properly [ 1009.440086][ T4241] CPU: 0 UID: 0 PID: 4241 Comm: syz.0.4204 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1009.440133][ T4241] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1009.440141][ T4241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1009.440153][ T4241] Call Trace: [ 1009.440160][ T4241] [ 1009.440168][ T4241] dump_stack_lvl+0x16c/0x1f0 [ 1009.440202][ T4241] should_fail_ex+0x512/0x640 [ 1009.440224][ T4241] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1009.440251][ T4241] should_failslab+0xc2/0x120 [ 1009.440280][ T4241] kmem_cache_alloc_noprof+0x83/0x770 [ 1009.440304][ T4241] ? __kernfs_new_node+0xd2/0x9b0 [ 1009.440331][ T4241] ? __kernfs_new_node+0xd2/0x9b0 [ 1009.440351][ T4241] __kernfs_new_node+0xd2/0x9b0 [ 1009.440376][ T4241] ? __pfx___kernfs_new_node+0x10/0x10 [ 1009.440405][ T4241] ? find_held_lock+0x2b/0x80 [ 1009.440431][ T4241] ? kernfs_root+0xee/0x2a0 [ 1009.440457][ T4241] kernfs_new_node+0x13c/0x1e0 [ 1009.440488][ T4241] __kernfs_create_file+0x53/0x350 [ 1009.440520][ T4241] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1009.440547][ T4241] internal_create_group+0x597/0xf70 [ 1009.440577][ T4241] ? __pfx_internal_create_group+0x10/0x10 [ 1009.440604][ T4241] ? kernfs_create_link+0x1bd/0x240 [ 1009.440638][ T4241] internal_create_groups+0x9d/0x150 [ 1009.440663][ T4241] device_add+0xf56/0x1980 [ 1009.440693][ T4241] ? __pfx_device_add+0x10/0x10 [ 1009.440720][ T4241] ? lockdep_init_map_type+0x5c/0x270 [ 1009.440739][ T4241] ? __init_waitqueue_head+0xca/0x150 [ 1009.440767][ T4241] netdev_register_kobject+0x1a9/0x3d0 [ 1009.440802][ T4241] register_netdevice+0x13ac/0x21d0 [ 1009.440835][ T4241] ? __pfx_register_netdevice+0x10/0x10 [ 1009.440870][ T4241] register_netdev+0x34/0x50 [ 1009.440897][ T4241] sixpack_open+0x64e/0x990 [ 1009.440921][ T4241] ? __pfx_sixpack_open+0x10/0x10 [ 1009.440943][ T4241] ? tty_set_ldisc+0x2b8/0x780 [ 1009.440966][ T4241] ? down_write+0x14d/0x200 [ 1009.440987][ T4241] ? __pfx_sixpack_open+0x10/0x10 [ 1009.441010][ T4241] tty_ldisc_open+0x9f/0x120 [ 1009.441034][ T4241] tty_set_ldisc+0x32b/0x780 [ 1009.441062][ T4241] tty_ioctl+0xc2d/0x1650 [ 1009.441090][ T4241] ? __pfx_tty_ioctl+0x10/0x10 [ 1009.441131][ T4241] ? find_held_lock+0x2b/0x80 [ 1009.441155][ T4241] ? hook_file_ioctl_common+0x144/0x410 [ 1009.441184][ T4241] ? __fget_files+0x20e/0x3c0 [ 1009.441215][ T4241] ? __pfx_tty_ioctl+0x10/0x10 [ 1009.441243][ T4241] __x64_sys_ioctl+0x18e/0x210 [ 1009.441279][ T4241] do_syscall_64+0xcd/0xf80 [ 1009.441310][ T4241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.441331][ T4241] RIP: 0033:0x7f2b0a18f7c9 [ 1009.441349][ T4241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1009.441368][ T4241] RSP: 002b:00007f2b0afd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1009.441388][ T4241] RAX: ffffffffffffffda RBX: 00007f2b0a3e5fa0 RCX: 00007f2b0a18f7c9 [ 1009.441400][ T4241] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000007 [ 1009.441412][ T4241] RBP: 00007f2b0a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1009.441423][ T4241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1009.441434][ T4241] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1009.441458][ T4241] [ 1010.112583][ T3905] Process accounting resumed [ 1010.226938][ T4292] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 1010.720219][ T4299] netlink: 130 bytes leftover after parsing attributes in process `syz.1.4215'. [ 1014.686741][T12714] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1017.468508][ T4464] ima: policy update failed [ 1017.512793][ T30] audit: type=1802 audit(2147485001.588:93): pid=4464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4228" res=0 errno=0 [ 1018.193992][ T4493] netlink: 'syz.0.4232': attribute type 1 has an invalid length. [ 1019.778775][ T4552] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4237'. [ 1019.940029][ T4553] FAULT_INJECTION: forcing a failure. [ 1019.940029][ T4553] name failslab, interval 1, probability 393216, space 0, times 0 [ 1020.125347][ T4553] CPU: 0 UID: 0 PID: 4553 Comm: syz.3.4239 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1020.125391][ T4553] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1020.125399][ T4553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1020.125411][ T4553] Call Trace: [ 1020.125419][ T4553] [ 1020.125427][ T4553] dump_stack_lvl+0x16c/0x1f0 [ 1020.125463][ T4553] should_fail_ex+0x512/0x640 [ 1020.125485][ T4553] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1020.125510][ T4553] should_failslab+0xc2/0x120 [ 1020.125541][ T4553] __kmalloc_cache_noprof+0x80/0x800 [ 1020.125561][ T4553] ? do_raw_spin_lock+0x12c/0x2b0 [ 1020.125584][ T4553] ? get_mountpoint+0x174/0x4f0 [ 1020.125609][ T4553] ? get_mountpoint+0x174/0x4f0 [ 1020.125630][ T4553] get_mountpoint+0x174/0x4f0 [ 1020.125652][ T4553] do_lock_mount.part.0+0x336/0xb70 [ 1020.125687][ T4553] path_mount+0x8e4/0x23a0 [ 1020.125705][ T4553] ? rcu_is_watching+0x12/0xc0 [ 1020.125735][ T4553] ? __pfx_path_mount+0x10/0x10 [ 1020.125753][ T4553] ? kmem_cache_free+0x2d8/0x770 [ 1020.125778][ T4553] ? putname+0xf5/0x1a0 [ 1020.125799][ T4553] ? putname+0xf5/0x1a0 [ 1020.125814][ T4553] ? putname+0xf5/0x1a0 [ 1020.125833][ T4553] ? __x64_sys_mount+0x293/0x310 [ 1020.125850][ T4553] __x64_sys_mount+0x293/0x310 [ 1020.125874][ T4553] ? __pfx___x64_sys_mount+0x10/0x10 [ 1020.125900][ T4553] do_syscall_64+0xcd/0xf80 [ 1020.125930][ T4553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.125950][ T4553] RIP: 0033:0x7f33b258f7c9 [ 1020.125966][ T4553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1020.125985][ T4553] RSP: 002b:00007f33b33f1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1020.126004][ T4553] RAX: ffffffffffffffda RBX: 00007f33b27e5fa0 RCX: 00007f33b258f7c9 [ 1020.126017][ T4553] RDX: 0000200000000580 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1020.126029][ T4553] RBP: 00007f33b2613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1020.126040][ T4553] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1020.126052][ T4553] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1020.126076][ T4553] [ 1020.690435][ T4534] kexec: Could not allocate control_code_buffer [ 1021.155949][ T4585] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(2690383929.3406003204.470356754), cmd(2) [ 1022.116349][ T4621] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4248'. [ 1022.128636][ T4619] could not allocate digest TFM handle  [ 1024.524752][ T4777] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4256'. [ 1024.768673][ T4777] netlink: 'syz.4.4256': attribute type 2 has an invalid length. [ 1024.847586][ T30] audit: type=1800 audit(2147485008.963:94): pid=4783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4258" name="lu_gp_id" dev="configfs" ino=100504 res=0 errno=0 [ 1025.976572][ T4815] FAULT_INJECTION: forcing a failure. [ 1025.976572][ T4815] name failslab, interval 1, probability 393216, space 0, times 0 [ 1026.054347][ T4815] CPU: 0 UID: 0 PID: 4815 Comm: syz.0.4266 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1026.054381][ T4815] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1026.054389][ T4815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1026.054401][ T4815] Call Trace: [ 1026.054407][ T4815] [ 1026.054415][ T4815] dump_stack_lvl+0x16c/0x1f0 [ 1026.054450][ T4815] should_fail_ex+0x512/0x640 [ 1026.054472][ T4815] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1026.054497][ T4815] should_failslab+0xc2/0x120 [ 1026.054527][ T4815] __kmalloc_cache_noprof+0x80/0x800 [ 1026.054550][ T4815] ? create_filter_start.constprop.0+0x103/0x300 [ 1026.054578][ T4815] ? __asan_memcpy+0x3c/0x60 [ 1026.054603][ T4815] ? create_filter_start.constprop.0+0x103/0x300 [ 1026.054631][ T4815] create_filter_start.constprop.0+0x103/0x300 [ 1026.054661][ T4815] create_filter+0xb5/0x210 [ 1026.054687][ T4815] ? __pfx_create_filter+0x10/0x10 [ 1026.054714][ T4815] ? find_held_lock+0x2b/0x80 [ 1026.054741][ T4815] apply_event_filter+0x220/0x500 [ 1026.054768][ T4815] ? __pfx_apply_event_filter+0x10/0x10 [ 1026.054801][ T4815] ? __pfx_event_filter_write+0x10/0x10 [ 1026.054819][ T4815] event_filter_write+0x16d/0x290 [ 1026.054839][ T4815] vfs_writev+0x5df/0xde0 [ 1026.054872][ T4815] ? __pfx_vfs_writev+0x10/0x10 [ 1026.054896][ T4815] ? fdget_pos+0x2a2/0x370 [ 1026.054941][ T4815] ? __fget_files+0x20e/0x3c0 [ 1026.054974][ T4815] ? do_writev+0x132/0x340 [ 1026.054997][ T4815] do_writev+0x132/0x340 [ 1026.055030][ T4815] ? __pfx_do_writev+0x10/0x10 [ 1026.055062][ T4815] do_syscall_64+0xcd/0xf80 [ 1026.055093][ T4815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.055114][ T4815] RIP: 0033:0x7f2b0a18f7c9 [ 1026.055131][ T4815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1026.055151][ T4815] RSP: 002b:00007f2b0afd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1026.055170][ T4815] RAX: ffffffffffffffda RBX: 00007f2b0a3e5fa0 RCX: 00007f2b0a18f7c9 [ 1026.055184][ T4815] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1026.055196][ T4815] RBP: 00007f2b0a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1026.055208][ T4815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1026.055219][ T4815] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1026.055243][ T4815] [ 1026.458401][ T4819] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4265'. [ 1027.966555][ T4847] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1028.264990][ T4854] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.4271: iget: checksum invalid [ 1028.454096][ T4864] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4274'. [ 1028.558182][ T4854] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1028.837609][ T4854] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.4271: iget: checksum invalid [ 1029.313940][ T4854] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1029.421669][ T4854] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.4271: iget: checksum invalid [ 1029.578039][ T4854] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1029.601191][ T4893] netlink: 86 bytes leftover after parsing attributes in process `syz.0.4278'. [ 1029.669584][ T5925] Process accounting resumed [ 1029.757649][ T4854] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.4271: iget: checksum invalid [ 1029.893999][ T4854] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1030.045546][ T4854] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1030.161882][ T4854] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1030.579756][ T4914] FAULT_INJECTION: forcing a failure. [ 1030.579756][ T4914] name failslab, interval 1, probability 393216, space 0, times 0 [ 1030.933793][ T4914] CPU: 0 UID: 0 PID: 4914 Comm: syz.4.4280 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1030.933829][ T4914] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1030.933836][ T4914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1030.933848][ T4914] Call Trace: [ 1030.933855][ T4914] [ 1030.933863][ T4914] dump_stack_lvl+0x16c/0x1f0 [ 1030.933898][ T4914] should_fail_ex+0x512/0x640 [ 1030.933921][ T4914] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 1030.933948][ T4914] should_failslab+0xc2/0x120 [ 1030.933979][ T4914] kmem_cache_alloc_node_noprof+0x86/0x800 [ 1030.934012][ T4914] ? mem_cgroup_css_alloc+0xad2/0x1e20 [ 1030.934043][ T4914] ? mem_cgroup_css_alloc+0xad2/0x1e20 [ 1030.934068][ T4914] mem_cgroup_css_alloc+0xad2/0x1e20 [ 1030.934102][ T4914] cgroup_apply_control_enable+0x4b0/0xbb0 [ 1030.934140][ T4914] cgroup_mkdir+0x5e0/0x12e0 [ 1030.934172][ T4914] ? __pfx_cgroup_mkdir+0x10/0x10 [ 1030.934201][ T4914] kernfs_iop_mkdir+0x111/0x190 [ 1030.934226][ T4914] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 1030.934248][ T4914] vfs_mkdir+0x731/0xb60 [ 1030.934274][ T4914] do_mkdirat+0x442/0x5e0 [ 1030.934305][ T4914] ? __pfx_do_mkdirat+0x10/0x10 [ 1030.934334][ T4914] ? strncpy_from_user+0x203/0x2e0 [ 1030.934356][ T4914] ? getname_flags.part.0+0x1c5/0x550 [ 1030.934380][ T4914] __x64_sys_mkdir+0xef/0x140 [ 1030.934410][ T4914] do_syscall_64+0xcd/0xf80 [ 1030.934441][ T4914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.934461][ T4914] RIP: 0033:0x7fee8c18f7c9 [ 1030.934477][ T4914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1030.934496][ T4914] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1030.934515][ T4914] RAX: ffffffffffffffda RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 1030.934527][ T4914] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 1030.934539][ T4914] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1030.934551][ T4914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1030.934562][ T4914] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 1030.934586][ T4914] [ 1031.414016][ T4952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1031.521293][ T4952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1032.084375][ T4963] zswap: compressor not available [ 1032.123435][ T4966] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 1032.204623][ T4976] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1039.850637][T12714] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 1040.717719][ T5133] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.4311: bg 4: bad block bitmap checksum [ 1040.972676][ T5133] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 1041.076024][ T5133] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1041.076024][ T5133] [ 1042.434582][ T5186] netlink: 'syz.1.4316': attribute type 11 has an invalid length. [ 1043.408843][ T5228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4322'. [ 1043.445579][ T5228] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4322'. [ 1046.154409][ T5283] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1046.491734][ T5283] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1046.491734][ T5283] [ 1046.769110][ T5310] batman_adv: Routing algorithm '7' is not supported [ 1046.948497][ T8996] netdevsim netdevsim511 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1047.146164][ T5337] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 1047.965195][ T5379] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1050.471406][ T5452] netlink: 'syz.1.4348': attribute type 1 has an invalid length. [ 1050.666997][ T5455] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1050.711190][ T5455] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1050.711190][ T5455] [ 1051.125882][ T5467] ptrace attach of "./syz-executor exec"[23326] was attempted by ""[5467] [ 1051.238853][ T5925] Process accounting resumed [ 1051.726637][ T5471] zswap: compressor û not available [ 1051.929619][ T30] audit: type=1326 audit(2147485036.170:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5431 comm="syz.4.4345" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fee8c18f7c9 code=0x0 [ 1052.274333][ T5518] bond0: invalid ARP target specified [ 1052.315552][ T5518] blktrace: Concurrent blktraces are not allowed on loop2 [ 1052.715722][ T30] audit: type=1800 audit(2147485036.944:96): pid=5527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4359" name="trace_pipe" dev="tracefs" ino=1183 res=0 errno=0 [ 1052.969122][ T30] audit: type=1326 audit(2147485037.225:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5528 comm="syz.0.4360" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2b0a18f7c9 code=0x0 [ 1056.203028][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1056.209393][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1057.258468][ T5620] FAULT_INJECTION: forcing a failure. [ 1057.258468][ T5620] name failslab, interval 1, probability 393216, space 0, times 0 [ 1057.567603][ T5620] CPU: 0 UID: 0 PID: 5620 Comm: syz.4.4368 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1057.567649][ T5620] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1057.567657][ T5620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1057.567668][ T5620] Call Trace: [ 1057.567676][ T5620] [ 1057.567684][ T5620] dump_stack_lvl+0x16c/0x1f0 [ 1057.567719][ T5620] should_fail_ex+0x512/0x640 [ 1057.567740][ T5620] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1057.567773][ T5620] should_failslab+0xc2/0x120 [ 1057.567803][ T5620] kmem_cache_alloc_noprof+0x83/0x770 [ 1057.567826][ T5620] ? alloc_empty_file+0x55/0x1e0 [ 1057.567850][ T5620] ? alloc_empty_file+0x55/0x1e0 [ 1057.567870][ T5620] alloc_empty_file+0x55/0x1e0 [ 1057.567891][ T5620] alloc_file_pseudo+0x13a/0x230 [ 1057.567914][ T5620] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1057.567939][ T5620] ? do_raw_spin_unlock+0x172/0x230 [ 1057.567965][ T5620] __anon_inode_getfile+0xe8/0x280 [ 1057.567988][ T5620] anon_inode_getfile_fmode+0x37/0xa0 [ 1057.568010][ T5620] __do_sys_timerfd_create+0x2fd/0x4e0 [ 1057.568034][ T5620] do_syscall_64+0xcd/0xf80 [ 1057.568065][ T5620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1057.568084][ T5620] RIP: 0033:0x7fee8c18f7c9 [ 1057.568101][ T5620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1057.568120][ T5620] RSP: 002b:00007fee8a3d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 1057.568140][ T5620] RAX: ffffffffffffffda RBX: 00007fee8c3e6180 RCX: 00007fee8c18f7c9 [ 1057.568153][ T5620] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 1057.568164][ T5620] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1057.568175][ T5620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1057.568187][ T5620] R13: 00007fee8c3e6218 R14: 00007fee8c3e6180 R15: 00007ffca701a4a8 [ 1057.568210][ T5620] [ 1058.651071][ T5612] netlink: 'syz.4.4368': attribute type 1 has an invalid length. [ 1059.414828][ T5659] random: crng reseeded on system resumption [ 1061.127374][ T5702] zswap: compressor not available [ 1061.579234][ T5728] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 1062.871461][ T5778] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1062.913044][ T5778] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1062.960222][ T5778] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1063.024090][ T5778] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1063.111199][ T5832] FAULT_INJECTION: forcing a failure. [ 1063.111199][ T5832] name failslab, interval 1, probability 393216, space 0, times 0 [ 1063.153866][ T5778] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1063.160446][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: syz.1.4381 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1063.160477][ T5832] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1063.160485][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1063.160495][ T5832] Call Trace: [ 1063.160502][ T5832] [ 1063.160509][ T5832] dump_stack_lvl+0x16c/0x1f0 [ 1063.160543][ T5832] should_fail_ex+0x512/0x640 [ 1063.160565][ T5832] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1063.160592][ T5832] should_failslab+0xc2/0x120 [ 1063.160622][ T5832] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1063.160645][ T5832] ? dquot_alloc_inode+0x51b/0xb90 [ 1063.160667][ T5832] ? __dquot_initialize+0x299/0xd50 [ 1063.160687][ T5832] ? __d_alloc+0x35/0xa80 [ 1063.160708][ T5832] ? __d_alloc+0x35/0xa80 [ 1063.160723][ T5832] __d_alloc+0x35/0xa80 [ 1063.160742][ T5832] d_alloc_pseudo+0x1c/0xc0 [ 1063.160766][ T5832] alloc_file_pseudo+0xcf/0x230 [ 1063.160797][ T5832] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1063.160824][ T5832] __shmem_file_setup+0x1a8/0x350 [ 1063.160858][ T5832] shmem_zero_setup+0x93/0x1b0 [ 1063.160882][ T5832] __mmap_region+0x2271/0x2a00 [ 1063.160907][ T5832] ? __lock_acquire+0x436/0x2890 [ 1063.160925][ T5832] ? __pfx___mmap_region+0x10/0x10 [ 1063.160954][ T5832] ? lock_acquire+0x179/0x330 [ 1063.160980][ T5832] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1063.161048][ T5832] ? rcu_is_watching+0x12/0xc0 [ 1063.161080][ T5832] mmap_region+0x1ab/0x3f0 [ 1063.161103][ T5832] ? __get_unmapped_area+0x267/0x3f0 [ 1063.161133][ T5832] do_mmap+0xa3e/0x1210 [ 1063.161165][ T5832] ? __pfx_do_mmap+0x10/0x10 [ 1063.161192][ T5832] ? __pfx_down_write_killable+0x10/0x10 [ 1063.161217][ T5832] vm_mmap_pgoff+0x29e/0x470 [ 1063.161248][ T5832] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1063.161279][ T5832] ? __x64_sys_futex+0x1e0/0x4c0 [ 1063.161300][ T5832] ? __x64_sys_futex+0x1e9/0x4c0 [ 1063.161324][ T5832] ksys_mmap_pgoff+0x7d/0x5c0 [ 1063.161350][ T5832] ? xfd_validate_state+0x61/0x180 [ 1063.161367][ T5832] ? __pfx_ksys_write+0x10/0x10 [ 1063.161396][ T5832] __x64_sys_mmap+0x125/0x190 [ 1063.161418][ T5832] do_syscall_64+0xcd/0xf80 [ 1063.161448][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1063.161468][ T5832] RIP: 0033:0x7fa25078f7c9 [ 1063.161483][ T5832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1063.161501][ T5832] RSP: 002b:00007fa2516f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1063.161520][ T5832] RAX: ffffffffffffffda RBX: 00007fa2509e5fa0 RCX: 00007fa25078f7c9 [ 1063.161533][ T5832] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 0000000000000000 [ 1063.161544][ T5832] RBP: 00007fa250813f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1063.161560][ T5832] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1063.161571][ T5832] R13: 00007fa2509e6038 R14: 00007fa2509e5fa0 R15: 00007ffef2677b38 [ 1063.161595][ T5832] [ 1064.463923][T12714] Bluetooth: hci2: command 0x0c1a tx timeout [ 1064.945809][T12714] Bluetooth: hci3: command 0x0c1a tx timeout [ 1065.024242][T22011] Bluetooth: hci1: command 0x0c1a tx timeout [ 1065.030300][T12714] Bluetooth: hci4: command 0x0c1a tx timeout [ 1067.091319][T12714] Bluetooth: hci4: command 0x0c1a tx timeout [ 1067.144857][ T5933] zswap: compressor not available [ 1068.860411][ T6027] EXT4-fs error (device sda1): ext4_discard_preallocations:5703: comm syz.3.4394: Error -117 reading block bitmap for 4 [ 1069.408667][ T6027] input: 00 [ 1069.408667][ T6027] as /devices/virtual/input/input45 [ 1069.472334][ T6027] FAULT_INJECTION: forcing a failure. [ 1069.472334][ T6027] name failslab, interval 1, probability 393216, space 0, times 0 [ 1069.591114][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.3.4394 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1069.591150][ T6027] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1069.591158][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1069.591169][ T6027] Call Trace: [ 1069.591176][ T6027] [ 1069.591184][ T6027] dump_stack_lvl+0x16c/0x1f0 [ 1069.591219][ T6027] should_fail_ex+0x512/0x640 [ 1069.591242][ T6027] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 1069.591275][ T6027] should_failslab+0xc2/0x120 [ 1069.591304][ T6027] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 1069.591333][ T6027] ? kasprintf+0xc7/0x100 [ 1069.591361][ T6027] ? kvasprintf+0xbc/0x150 [ 1069.591382][ T6027] kvasprintf+0xbc/0x150 [ 1069.591403][ T6027] ? __pfx_kvasprintf+0x10/0x10 [ 1069.591433][ T6027] kasprintf+0xc7/0x100 [ 1069.591454][ T6027] ? __pfx_kasprintf+0x10/0x10 [ 1069.591484][ T6027] ? __pfx_input_devnode+0x10/0x10 [ 1069.591504][ T6027] device_get_devnode+0x166/0x2c0 [ 1069.591534][ T6027] devtmpfs_create_node+0xf1/0x230 [ 1069.591562][ T6027] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 1069.591587][ T6027] ? up_write+0x282/0x4e0 [ 1069.591617][ T6027] ? kernfs_create_link+0x1bd/0x240 [ 1069.591649][ T6027] ? kernfs_put+0x35/0x60 [ 1069.591671][ T6027] ? sysfs_do_create_link_sd+0xbb/0x140 [ 1069.591707][ T6027] device_add+0x10e3/0x1980 [ 1069.591737][ T6027] ? __pfx_device_add+0x10/0x10 [ 1069.591763][ T6027] ? __pfx_exact_lock+0x10/0x10 [ 1069.591795][ T6027] ? kobject_get+0xbb/0x150 [ 1069.591829][ T6027] cdev_device_add+0x12b/0x270 [ 1069.591860][ T6027] evdev_connect+0x3a4/0x4c0 [ 1069.591889][ T6027] input_attach_handler.isra.0+0x176/0x250 [ 1069.591917][ T6027] input_register_device+0xab9/0x11b0 [ 1069.591946][ T6027] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 1069.591967][ T6027] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1069.591990][ T6027] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1069.592016][ T6027] ? find_held_lock+0x2b/0x80 [ 1069.592051][ T6027] ? __pfx_uinput_ioctl+0x10/0x10 [ 1069.592070][ T6027] __x64_sys_ioctl+0x18e/0x210 [ 1069.592096][ T6027] do_syscall_64+0xcd/0xf80 [ 1069.592126][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1069.592150][ T6027] RIP: 0033:0x7f33b258f7c9 [ 1069.592166][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1069.592185][ T6027] RSP: 002b:00007f33b33f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1069.592205][ T6027] RAX: ffffffffffffffda RBX: 00007f33b27e5fa0 RCX: 00007f33b258f7c9 [ 1069.592217][ T6027] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004 [ 1069.592229][ T6027] RBP: 00007f33b2613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1069.592241][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1069.592252][ T6027] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1069.592276][ T6027] [ 1070.450697][ T4874] syz.4.4273 (4874) used greatest stack depth: 18280 bytes left [ 1070.892034][ T6061] netlink: 346 bytes leftover after parsing attributes in process `syz.4.4397'. [ 1071.167874][ T6083] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4400'. [ 1071.215859][T12714] Bluetooth: hci4: unexpected event 0x23 length: 127 > 13 [ 1071.314448][ T6097] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4400'. [ 1071.561179][ T6101] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4400'. [ 1071.965231][ T6083] bond0: (slave bond_slave_1): Releasing backup interface [ 1072.141955][ T6097] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.383789][ T6097] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.532222][ T6097] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.679521][ T6097] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.496557][ T6181] zswap: compressor not available [ 1074.227855][ T6244] FAULT_INJECTION: forcing a failure. [ 1074.227855][ T6244] name failslab, interval 1, probability 393216, space 0, times 0 [ 1074.292344][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.1.4415 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1074.292378][ T6244] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1074.292385][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1074.292396][ T6244] Call Trace: [ 1074.292403][ T6244] [ 1074.292410][ T6244] dump_stack_lvl+0x16c/0x1f0 [ 1074.292443][ T6244] should_fail_ex+0x512/0x640 [ 1074.292464][ T6244] ? __kmalloc_noprof+0xca/0x910 [ 1074.292488][ T6244] should_failslab+0xc2/0x120 [ 1074.292517][ T6244] __kmalloc_noprof+0xeb/0x910 [ 1074.292538][ T6244] ? lsm_blob_alloc+0x68/0x90 [ 1074.292569][ T6244] ? lsm_blob_alloc+0x68/0x90 [ 1074.292596][ T6244] lsm_blob_alloc+0x68/0x90 [ 1074.292631][ T6244] security_sk_alloc+0x2f/0x270 [ 1074.292652][ T6244] sk_prot_alloc+0xfb/0x2a0 [ 1074.292683][ T6244] sk_alloc+0x36/0xe30 [ 1074.292706][ T6244] smc_create+0x114/0x2a0 [ 1074.292731][ T6244] __sock_create+0x339/0x8a0 [ 1074.292753][ T6244] __sys_socket+0x14d/0x260 [ 1074.292771][ T6244] ? __pfx___sys_socket+0x10/0x10 [ 1074.292788][ T6244] ? xfd_validate_state+0x61/0x180 [ 1074.292805][ T6244] ? __pfx___do_sys_close_range+0x10/0x10 [ 1074.292839][ T6244] __x64_sys_socket+0x72/0xb0 [ 1074.292857][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 1074.292885][ T6244] do_syscall_64+0xcd/0xf80 [ 1074.292915][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.292934][ T6244] RIP: 0033:0x7fa25078f7c9 [ 1074.292949][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1074.292968][ T6244] RSP: 002b:00007fa2516f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1074.292987][ T6244] RAX: ffffffffffffffda RBX: 00007fa2509e5fa0 RCX: 00007fa25078f7c9 [ 1074.292999][ T6244] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 1074.293010][ T6244] RBP: 00007fa250813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1074.293021][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1074.293032][ T6244] R13: 00007fa2509e6038 R14: 00007fa2509e5fa0 R15: 00007ffef2677b38 [ 1074.293055][ T6244] [ 1077.179904][ T6299] sp0: Synchronizing with TNC [ 1079.754517][ T6420] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4437'. [ 1079.796718][ T6420] bond_slave_0: entered allmulticast mode [ 1084.152476][ T6552] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4448'. [ 1084.831641][ T6561] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4450'. [ 1084.989709][ T6561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1085.122931][ T6561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1085.457525][ T6570] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4452'. [ 1085.468644][ T6561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1085.645865][ T6561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1085.964782][ T30] audit: type=1800 audit(2147485070.360:98): pid=6571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4451" name="members" dev="configfs" ino=105322 res=0 errno=0 [ 1086.054204][T12714] Bluetooth: hci3: unexpected event 0x33 length: 124 > 10 [ 1086.612509][ T6582] netlink: 504 bytes leftover after parsing attributes in process `syz.4.4455'. [ 1087.190563][ T6598] FAULT_INJECTION: forcing a failure. [ 1087.190563][ T6598] name failslab, interval 1, probability 393216, space 0, times 0 [ 1087.435813][ T6598] CPU: 0 UID: 0 PID: 6598 Comm: syz.4.4457 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1087.435848][ T6598] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1087.435855][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1087.435866][ T6598] Call Trace: [ 1087.435873][ T6598] [ 1087.435881][ T6598] dump_stack_lvl+0x16c/0x1f0 [ 1087.435916][ T6598] should_fail_ex+0x512/0x640 [ 1087.435938][ T6598] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1087.435970][ T6598] should_failslab+0xc2/0x120 [ 1087.436000][ T6598] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1087.436026][ T6598] ? shmem_alloc_inode+0x25/0x50 [ 1087.436057][ T6598] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1087.436082][ T6598] ? shmem_alloc_inode+0x25/0x50 [ 1087.436108][ T6598] shmem_alloc_inode+0x25/0x50 [ 1087.436135][ T6598] alloc_inode+0x64/0x240 [ 1087.436157][ T6598] new_inode+0x22/0x1c0 [ 1087.436180][ T6598] shmem_get_inode+0x19a/0xfb0 [ 1087.436213][ T6598] shmem_mknod+0x1a2/0x3b0 [ 1087.436246][ T6598] vfs_mknod+0x6f3/0xac0 [ 1087.436274][ T6598] do_mknodat+0x36a/0x6f0 [ 1087.436302][ T6598] ? __pfx_do_mknodat+0x10/0x10 [ 1087.436329][ T6598] ? getname_flags.part.0+0x1c5/0x550 [ 1087.436355][ T6598] __x64_sys_mknod+0x87/0xb0 [ 1087.436387][ T6598] do_syscall_64+0xcd/0xf80 [ 1087.436417][ T6598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.436437][ T6598] RIP: 0033:0x7fee8c18f7c9 [ 1087.436453][ T6598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1087.436472][ T6598] RSP: 002b:00007fee8a3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1087.436491][ T6598] RAX: ffffffffffffffda RBX: 00007fee8c3e6090 RCX: 00007fee8c18f7c9 [ 1087.436504][ T6598] RDX: 0000000000000103 RSI: 00000000000020e9 RDI: 00002000000003c0 [ 1087.436516][ T6598] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1087.436528][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.436539][ T6598] R13: 00007fee8c3e6128 R14: 00007fee8c3e6090 R15: 00007ffca701a4a8 [ 1087.436575][ T6598] [ 1089.616044][ T6618] kexec: Could not allocate control_code_buffer [ 1091.207029][ T6668] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4466'. [ 1092.030488][ T30] audit: type=1800 audit(2147485076.459:99): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4464" name="members" dev="configfs" ino=105591 res=0 errno=0 [ 1093.335714][ T6729] Invalid ELF header magic: != ELF [ 1094.424525][ T6755] FAULT_INJECTION: forcing a failure. [ 1094.424525][ T6755] name failslab, interval 1, probability 393216, space 0, times 0 [ 1094.700081][ T6755] CPU: 0 UID: 0 PID: 6755 Comm: syz.3.4476 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1094.700116][ T6755] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1094.700123][ T6755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1094.700134][ T6755] Call Trace: [ 1094.700140][ T6755] [ 1094.700147][ T6755] dump_stack_lvl+0x16c/0x1f0 [ 1094.700181][ T6755] should_fail_ex+0x512/0x640 [ 1094.700203][ T6755] ? fs_reclaim_acquire+0xae/0x150 [ 1094.700234][ T6755] should_failslab+0xc2/0x120 [ 1094.700263][ T6755] __kmalloc_noprof+0xeb/0x910 [ 1094.700285][ T6755] ? tomoyo_encode2+0x100/0x3e0 [ 1094.700315][ T6755] ? tomoyo_encode2+0x100/0x3e0 [ 1094.700339][ T6755] tomoyo_encode2+0x100/0x3e0 [ 1094.700368][ T6755] tomoyo_encode+0x29/0x50 [ 1094.700393][ T6755] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1094.700426][ T6755] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1094.700450][ T6755] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1094.700493][ T6755] ? lock_acquire+0x179/0x330 [ 1094.700512][ T6755] ? find_held_lock+0x2b/0x80 [ 1094.700543][ T6755] ? mnt_get_write_access+0x52/0x2f0 [ 1094.700568][ T6755] tomoyo_file_open+0x6b/0x90 [ 1094.700599][ T6755] security_file_open+0x84/0x1e0 [ 1094.700624][ T6755] do_dentry_open+0x597/0x1590 [ 1094.700654][ T6755] ? security_inode_permission+0xbf/0x260 [ 1094.700680][ T6755] vfs_open+0x82/0x3f0 [ 1094.700703][ T6755] path_openat+0x2078/0x3140 [ 1094.700739][ T6755] ? __pfx_path_openat+0x10/0x10 [ 1094.700776][ T6755] do_filp_open+0x20b/0x470 [ 1094.700805][ T6755] ? __pfx_do_filp_open+0x10/0x10 [ 1094.700842][ T6755] ? __pfx_kfree_link+0x10/0x10 [ 1094.700871][ T6755] ? alloc_fd+0x471/0x7d0 [ 1094.700905][ T6755] do_sys_openat2+0x121/0x290 [ 1094.700926][ T6755] ? __pfx_do_sys_openat2+0x10/0x10 [ 1094.700949][ T6755] ? count_memcg_events+0x122/0x290 [ 1094.700982][ T6755] __x64_sys_openat+0x174/0x210 [ 1094.701004][ T6755] ? __pfx___x64_sys_openat+0x10/0x10 [ 1094.701035][ T6755] do_syscall_64+0xcd/0xf80 [ 1094.701066][ T6755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1094.701086][ T6755] RIP: 0033:0x7f33b258f7c9 [ 1094.701102][ T6755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1094.701120][ T6755] RSP: 002b:00007f33b33d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1094.701138][ T6755] RAX: ffffffffffffffda RBX: 00007f33b27e6090 RCX: 00007f33b258f7c9 [ 1094.701151][ T6755] RDX: 0000000000000481 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 1094.701163][ T6755] RBP: 00007f33b2613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1094.701174][ T6755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1094.701185][ T6755] R13: 00007f33b27e6128 R14: 00007f33b27e6090 R15: 00007ffc24d43708 [ 1094.701209][ T6755] [ 1094.701229][ T6755] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1095.166937][ T6787] netlink: 314 bytes leftover after parsing attributes in process `syz.4.4480'. [ 1096.425357][ T6824] synth uevent: /bus/mei: unknown uevent action string [ 1097.060341][ T6833] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4485'. [ 1097.476341][ T6833] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1097.544265][ T6833] bond0 (unregistering): Released all slaves [ 1098.954874][ T6898] usb usb2: usbfs: process 6898 (syz.1.4493) did not claim interface 0 before use [ 1099.784776][ T6942] random: crng reseeded on system resumption [ 1100.064377][ T6942] FAULT_INJECTION: forcing a failure. [ 1100.064377][ T6942] name failslab, interval 1, probability 393216, space 0, times 0 [ 1100.175186][ T6934] zswap: compressor not available [ 1100.304964][ T6942] CPU: 0 UID: 0 PID: 6942 Comm: syz.4.4500 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1100.304999][ T6942] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1100.305007][ T6942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1100.305019][ T6942] Call Trace: [ 1100.305026][ T6942] [ 1100.305033][ T6942] dump_stack_lvl+0x16c/0x1f0 [ 1100.305069][ T6942] should_fail_ex+0x512/0x640 [ 1100.305091][ T6942] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1100.305122][ T6942] should_failslab+0xc2/0x120 [ 1100.305153][ T6942] kmem_cache_alloc_noprof+0x83/0x770 [ 1100.305175][ T6942] ? alloc_empty_file+0x55/0x1e0 [ 1100.305200][ T6942] ? alloc_empty_file+0x55/0x1e0 [ 1100.305218][ T6942] alloc_empty_file+0x55/0x1e0 [ 1100.305239][ T6942] alloc_file_pseudo+0x13a/0x230 [ 1100.305262][ T6942] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1100.305291][ T6942] __shmem_file_setup+0x1a8/0x350 [ 1100.305325][ T6942] shmem_zero_setup+0x93/0x1b0 [ 1100.305349][ T6942] __mmap_region+0x2271/0x2a00 [ 1100.305374][ T6942] ? __lock_acquire+0x436/0x2890 [ 1100.305392][ T6942] ? __pfx___mmap_region+0x10/0x10 [ 1100.305421][ T6942] ? lock_acquire+0x179/0x330 [ 1100.305447][ T6942] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1100.305516][ T6942] ? rcu_is_watching+0x12/0xc0 [ 1100.305556][ T6942] mmap_region+0x1ab/0x3f0 [ 1100.305579][ T6942] ? __get_unmapped_area+0x267/0x3f0 [ 1100.305610][ T6942] do_mmap+0xa3e/0x1210 [ 1100.305643][ T6942] ? __pfx_do_mmap+0x10/0x10 [ 1100.305671][ T6942] ? __pfx_down_write_killable+0x10/0x10 [ 1100.305697][ T6942] vm_mmap_pgoff+0x29e/0x470 [ 1100.305729][ T6942] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1100.305762][ T6942] ? __x64_sys_futex+0x1e0/0x4c0 [ 1100.305784][ T6942] ? __x64_sys_futex+0x1e9/0x4c0 [ 1100.305808][ T6942] ksys_mmap_pgoff+0x7d/0x5c0 [ 1100.305835][ T6942] ? xfd_validate_state+0x61/0x180 [ 1100.305852][ T6942] ? __pfx_do_writev+0x10/0x10 [ 1100.305880][ T6942] __x64_sys_mmap+0x125/0x190 [ 1100.305902][ T6942] do_syscall_64+0xcd/0xf80 [ 1100.305932][ T6942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.305952][ T6942] RIP: 0033:0x7fee8c18f7c9 [ 1100.305969][ T6942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1100.305988][ T6942] RSP: 002b:00007fee8a3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1100.306007][ T6942] RAX: ffffffffffffffda RBX: 00007fee8c3e6090 RCX: 00007fee8c18f7c9 [ 1100.306020][ T6942] RDX: 0000000000000040 RSI: 000000000202000d RDI: 0000000000000000 [ 1100.306032][ T6942] RBP: 00007fee8c213f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1100.306044][ T6942] R10: 0800000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1100.306055][ T6942] R13: 00007fee8c3e6128 R14: 00007fee8c3e6090 R15: 00007ffca701a4a8 [ 1100.306080][ T6942] [ 1104.498948][ T7068] FAULT_INJECTION: forcing a failure. [ 1104.498948][ T7068] name failslab, interval 1, probability 393216, space 0, times 0 [ 1104.597931][ T7068] CPU: 0 UID: 0 PID: 7068 Comm: syz.1.4512 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1104.597967][ T7068] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1104.597976][ T7068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1104.597987][ T7068] Call Trace: [ 1104.597994][ T7068] [ 1104.598001][ T7068] dump_stack_lvl+0x16c/0x1f0 [ 1104.598036][ T7068] should_fail_ex+0x512/0x640 [ 1104.598059][ T7068] ? __kmalloc_noprof+0xca/0x910 [ 1104.598083][ T7068] should_failslab+0xc2/0x120 [ 1104.598114][ T7068] __kmalloc_noprof+0xeb/0x910 [ 1104.598135][ T7068] ? lsm_blob_alloc+0x68/0x90 [ 1104.598166][ T7068] ? lsm_blob_alloc+0x68/0x90 [ 1104.598194][ T7068] lsm_blob_alloc+0x68/0x90 [ 1104.598223][ T7068] security_sk_alloc+0x2f/0x270 [ 1104.598245][ T7068] sk_prot_alloc+0xfb/0x2a0 [ 1104.598276][ T7068] sk_alloc+0x36/0xe30 [ 1104.598299][ T7068] inet_create+0x3a1/0x1040 [ 1104.598322][ T7068] ? inet_create+0x93/0x1040 [ 1104.598347][ T7068] __sock_create+0x339/0x8a0 [ 1104.598368][ T7068] smc_create_clcsk+0x37/0xd0 [ 1104.598394][ T7068] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 1104.598413][ T7068] inet_create+0x939/0x1040 [ 1104.598436][ T7068] ? inet_create+0x93/0x1040 [ 1104.598464][ T7068] __sock_create+0x339/0x8a0 [ 1104.598484][ T7068] __sys_socket+0x14d/0x260 [ 1104.598503][ T7068] ? __pfx___sys_socket+0x10/0x10 [ 1104.598522][ T7068] ? xfd_validate_state+0x61/0x180 [ 1104.598539][ T7068] ? __pfx_do_writev+0x10/0x10 [ 1104.598569][ T7068] __x64_sys_socket+0x72/0xb0 [ 1104.598586][ T7068] ? lockdep_hardirqs_on+0x7c/0x110 [ 1104.598615][ T7068] do_syscall_64+0xcd/0xf80 [ 1104.598645][ T7068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.598665][ T7068] RIP: 0033:0x7fa25078f7c9 [ 1104.598681][ T7068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1104.598708][ T7068] RSP: 002b:00007fa2516f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1104.598727][ T7068] RAX: ffffffffffffffda RBX: 00007fa2509e5fa0 RCX: 00007fa25078f7c9 [ 1104.598740][ T7068] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000002 [ 1104.598751][ T7068] RBP: 00007fa250813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1104.598763][ T7068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1104.598774][ T7068] R13: 00007fa2509e6038 R14: 00007fa2509e5fa0 R15: 00007ffef2677b38 [ 1104.598797][ T7068] [ 1106.816620][ T7150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4515'. [ 1107.611493][ T30] audit: type=1800 audit(2147485092.122:100): pid=7181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=106835 res=0 errno=0 [ 1107.926558][ T7181] could not allocate digest TFM handle [ 1112.607926][ T7422] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1112.629651][ T7422] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1112.663660][ T7422] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1112.697192][ T7422] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1112.896940][ T7457] nvme_fabrics: missing parameter 'transport=%s' [ 1112.966359][ T7457] nvme_fabrics: missing parameter 'nqn=%s' [ 1113.481307][ T7491] &#$@\]\-: entered promiscuous mode [ 1113.730867][T12714] Bluetooth: hci3: unexpected subevent 0x01 length: 3 < 18 [ 1113.803806][ T7515] FAULT_INJECTION: forcing a failure. [ 1113.803806][ T7515] name failslab, interval 1, probability 393216, space 0, times 0 [ 1113.983489][ T7532] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1114.058455][ T7515] CPU: 0 UID: 0 PID: 7515 Comm: syz.1.4540 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1114.058492][ T7515] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1114.058499][ T7515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1114.058510][ T7515] Call Trace: [ 1114.058517][ T7515] [ 1114.058525][ T7515] dump_stack_lvl+0x16c/0x1f0 [ 1114.058560][ T7515] should_fail_ex+0x512/0x640 [ 1114.058582][ T7515] ? __kmalloc_noprof+0xca/0x910 [ 1114.058606][ T7515] should_failslab+0xc2/0x120 [ 1114.058636][ T7515] __kmalloc_noprof+0xeb/0x910 [ 1114.058658][ T7515] ? vhost_dev_set_owner+0x287/0xa50 [ 1114.058691][ T7515] ? vhost_dev_set_owner+0x287/0xa50 [ 1114.058717][ T7515] vhost_dev_set_owner+0x287/0xa50 [ 1114.058751][ T7515] vhost_net_ioctl+0x87f/0x1850 [ 1114.058775][ T7515] ? do_vfs_ioctl+0x128/0x14f0 [ 1114.058799][ T7515] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1114.058822][ T7515] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1114.058851][ T7515] ? find_held_lock+0x2b/0x80 [ 1114.058879][ T7515] ? hook_file_ioctl_common+0x144/0x410 [ 1114.058907][ T7515] ? __fget_files+0x20e/0x3c0 [ 1114.058937][ T7515] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1114.058962][ T7515] __x64_sys_ioctl+0x18e/0x210 [ 1114.058987][ T7515] do_syscall_64+0xcd/0xf80 [ 1114.059018][ T7515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1114.059037][ T7515] RIP: 0033:0x7fa25078f7c9 [ 1114.059053][ T7515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1114.059073][ T7515] RSP: 002b:00007fa2516b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1114.059091][ T7515] RAX: ffffffffffffffda RBX: 00007fa2509e6180 RCX: 00007fa25078f7c9 [ 1114.059104][ T7515] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000006 [ 1114.059115][ T7515] RBP: 00007fa250813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1114.059127][ T7515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1114.059138][ T7515] R13: 00007fa2509e6218 R14: 00007fa2509e6180 R15: 00007ffef2677b38 [ 1114.059169][ T7515] [ 1114.577180][T12714] Bluetooth: hci2: command 0x0c1a tx timeout [ 1114.689950][T12714] Bluetooth: hci3: command 0x0c1a tx timeout [ 1114.757319][T22011] Bluetooth: hci1: command 0x0c1a tx timeout [ 1114.763426][T12714] Bluetooth: hci4: command 0x0c1a tx timeout [ 1114.915369][ T7551] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1114.985334][ T7549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4544'. [ 1115.266473][ T7549] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1115.331106][ T7549] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1115.351029][ T7567] FAULT_INJECTION: forcing a failure. [ 1115.351029][ T7567] name failslab, interval 1, probability 393216, space 0, times 0 [ 1115.382124][ T7567] CPU: 0 UID: 0 PID: 7567 Comm: syz.0.4546 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1115.382159][ T7567] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1115.382168][ T7567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1115.382180][ T7567] Call Trace: [ 1115.382186][ T7567] [ 1115.382195][ T7567] dump_stack_lvl+0x16c/0x1f0 [ 1115.382230][ T7567] should_fail_ex+0x512/0x640 [ 1115.382252][ T7567] ? fs_reclaim_acquire+0xae/0x150 [ 1115.382285][ T7567] should_failslab+0xc2/0x120 [ 1115.382315][ T7567] __kmalloc_noprof+0xeb/0x910 [ 1115.382338][ T7567] ? tomoyo_encode2+0x100/0x3e0 [ 1115.382368][ T7567] ? tomoyo_encode2+0x100/0x3e0 [ 1115.382394][ T7567] tomoyo_encode2+0x100/0x3e0 [ 1115.382458][ T7567] tomoyo_encode+0x29/0x50 [ 1115.382482][ T7567] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1115.382516][ T7567] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1115.382542][ T7567] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1115.382588][ T7567] ? do_raw_spin_lock+0x12c/0x2b0 [ 1115.382617][ T7567] tomoyo_file_open+0x6b/0x90 [ 1115.382663][ T7567] security_file_open+0x84/0x1e0 [ 1115.382694][ T7567] do_dentry_open+0x597/0x1590 [ 1115.382725][ T7567] ? security_inode_permission+0xbf/0x260 [ 1115.382763][ T7567] vfs_open+0x82/0x3f0 [ 1115.382786][ T7567] path_openat+0x2078/0x3140 [ 1115.382825][ T7567] ? __pfx_path_openat+0x10/0x10 [ 1115.382964][ T7567] do_filp_open+0x20b/0x470 [ 1115.383001][ T7567] ? __pfx_do_filp_open+0x10/0x10 [ 1115.383055][ T7567] ? alloc_fd+0x471/0x7d0 [ 1115.383090][ T7567] do_sys_openat2+0x121/0x290 [ 1115.383117][ T7567] ? __pfx_do_sys_openat2+0x10/0x10 [ 1115.383149][ T7567] __x64_sys_openat+0x174/0x210 [ 1115.383172][ T7567] ? __pfx___x64_sys_openat+0x10/0x10 [ 1115.383205][ T7567] do_syscall_64+0xcd/0xf80 [ 1115.383237][ T7567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1115.383257][ T7567] RIP: 0033:0x7f2b0a18f7c9 [ 1115.383274][ T7567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1115.383294][ T7567] RSP: 002b:00007f2b0afd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1115.383321][ T7567] RAX: ffffffffffffffda RBX: 00007f2b0a3e5fa0 RCX: 00007f2b0a18f7c9 [ 1115.383333][ T7567] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1115.383345][ T7567] RBP: 00007f2b0a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1115.383357][ T7567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1115.383368][ T7567] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1115.383393][ T7567] [ 1115.653179][ T7567] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1115.912931][ T7549] bond0 (unregistering): Released all slaves [ 1115.942869][ T7575] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1115.954154][ T7575] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1117.134708][ T7586] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1117.341030][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1117.353154][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.451734][ T7718] netlink: 27 bytes leftover after parsing attributes in process `syz.3.4552'. [ 1119.568374][ T7846] netlink: 'syz.0.4558': attribute type 11 has an invalid length. [ 1120.865240][ T7873] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input47 [ 1121.175344][ T7865] FAULT_INJECTION: forcing a failure. [ 1121.175344][ T7865] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1121.226442][ T7883] FAULT_INJECTION: forcing a failure. [ 1121.226442][ T7883] name failslab, interval 1, probability 393216, space 0, times 0 [ 1121.260729][ T7865] CPU: 0 UID: 0 PID: 7865 Comm: syz.3.4562 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1121.260765][ T7865] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1121.260773][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1121.260784][ T7865] Call Trace: [ 1121.260790][ T7865] [ 1121.260798][ T7865] dump_stack_lvl+0x16c/0x1f0 [ 1121.260832][ T7865] should_fail_ex+0x512/0x640 [ 1121.260858][ T7865] get_futex_key+0x1d0/0x15f0 [ 1121.260883][ T7865] ? __pfx_get_futex_key+0x10/0x10 [ 1121.260904][ T7865] ? __lock_acquire+0x436/0x2890 [ 1121.260927][ T7865] futex_wake+0xea/0x530 [ 1121.260950][ T7865] ? futex_wait+0x120/0x380 [ 1121.260978][ T7865] ? __pfx_futex_wake+0x10/0x10 [ 1121.261004][ T7865] ? find_held_lock+0x2b/0x80 [ 1121.261029][ T7865] ? __fget_files+0x204/0x3c0 [ 1121.261062][ T7865] do_futex+0x1e3/0x350 [ 1121.261083][ T7865] ? __pfx_do_futex+0x10/0x10 [ 1121.261105][ T7865] ? fdget+0x187/0x210 [ 1121.261130][ T7865] ? __sys_connect+0xe0/0x160 [ 1121.261154][ T7865] __x64_sys_futex+0x1e0/0x4c0 [ 1121.261179][ T7865] ? __pfx___x64_sys_futex+0x10/0x10 [ 1121.261201][ T7865] ? xfd_validate_state+0x61/0x180 [ 1121.261218][ T7865] ? __pfx___do_sys_close_range+0x10/0x10 [ 1121.261254][ T7865] do_syscall_64+0xcd/0xf80 [ 1121.261284][ T7865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.261304][ T7865] RIP: 0033:0x7f33b258f7c9 [ 1121.261320][ T7865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1121.261340][ T7865] RSP: 002b:00007f33b33f10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1121.261367][ T7865] RAX: ffffffffffffffda RBX: 00007f33b27e5fa8 RCX: 00007f33b258f7c9 [ 1121.261380][ T7865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f33b27e5fac [ 1121.261392][ T7865] RBP: 00007f33b27e5fa0 R08: 00007f33b33f2000 R09: 0000000000000000 [ 1121.261403][ T7865] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1121.261415][ T7865] R13: 00007f33b27e6038 R14: 00007ffc24d43620 R15: 00007ffc24d43708 [ 1121.261439][ T7865] [ 1121.699291][ T7883] CPU: 0 UID: 0 PID: 7883 Comm: syz.4.4565 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1121.699328][ T7883] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1121.699336][ T7883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1121.699347][ T7883] Call Trace: [ 1121.699366][ T7883] [ 1121.699374][ T7883] dump_stack_lvl+0x16c/0x1f0 [ 1121.699409][ T7883] should_fail_ex+0x512/0x640 [ 1121.699431][ T7883] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1121.699457][ T7883] should_failslab+0xc2/0x120 [ 1121.699487][ T7883] __kmalloc_cache_noprof+0x80/0x800 [ 1121.699509][ T7883] ? _raw_read_unlock_irqrestore+0x3b/0x80 [ 1121.699538][ T7883] ? snd_pcm_attach_substream+0x441/0xd60 [ 1121.699568][ T7883] ? snd_pcm_attach_substream+0x441/0xd60 [ 1121.699592][ T7883] snd_pcm_attach_substream+0x441/0xd60 [ 1121.699623][ T7883] snd_pcm_open_substream+0x8d/0x1820 [ 1121.699648][ T7883] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 1121.699678][ T7883] snd_pcm_oss_open+0x735/0x1400 [ 1121.699717][ T7883] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 1121.699749][ T7883] ? __lock_acquire+0x436/0x2890 [ 1121.699768][ T7883] ? __pfx_default_wake_function+0x10/0x10 [ 1121.699796][ T7883] ? __lock_acquire+0x436/0x2890 [ 1121.699818][ T7883] ? do_raw_spin_lock+0x12c/0x2b0 [ 1121.699842][ T7883] ? soundcore_open+0x35a/0x580 [ 1121.699871][ T7883] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 1121.699903][ T7883] soundcore_open+0x40c/0x580 [ 1121.699933][ T7883] ? __pfx_soundcore_open+0x10/0x10 [ 1121.699961][ T7883] chrdev_open+0x234/0x6a0 [ 1121.699991][ T7883] ? __pfx_apparmor_file_open+0x10/0x10 [ 1121.700011][ T7883] ? __pfx_chrdev_open+0x10/0x10 [ 1121.700041][ T7883] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1121.700077][ T7883] do_dentry_open+0x748/0x1590 [ 1121.700104][ T7883] ? __pfx_chrdev_open+0x10/0x10 [ 1121.700139][ T7883] vfs_open+0x82/0x3f0 [ 1121.700162][ T7883] path_openat+0x2078/0x3140 [ 1121.700198][ T7883] ? __pfx_path_openat+0x10/0x10 [ 1121.700235][ T7883] do_filp_open+0x20b/0x470 [ 1121.700264][ T7883] ? __pfx_do_filp_open+0x10/0x10 [ 1121.700308][ T7883] ? alloc_fd+0x471/0x7d0 [ 1121.700343][ T7883] do_sys_openat2+0x121/0x290 [ 1121.700371][ T7883] ? __pfx_do_sys_openat2+0x10/0x10 [ 1121.700401][ T7883] __x64_sys_openat+0x174/0x210 [ 1121.700423][ T7883] ? __pfx___x64_sys_openat+0x10/0x10 [ 1121.700455][ T7883] do_syscall_64+0xcd/0xf80 [ 1121.700485][ T7883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.700505][ T7883] RIP: 0033:0x7fee8c18f7c9 [ 1121.700522][ T7883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1121.700541][ T7883] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1121.700561][ T7883] RAX: ffffffffffffffda RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 1121.700573][ T7883] RDX: 0000000000020342 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1121.700585][ T7883] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1121.700597][ T7883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1121.700608][ T7883] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 1121.700632][ T7883] [ 1122.752520][ T30] audit: type=1800 audit(2147485107.313:101): pid=7901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4566" name="lu_gp_id" dev="configfs" ino=108254 res=0 errno=0 [ 1123.457671][ T7913] FAULT_INJECTION: forcing a failure. [ 1123.457671][ T7913] name failslab, interval 1, probability 393216, space 0, times 0 [ 1123.513303][ T7913] CPU: 0 UID: 0 PID: 7913 Comm: syz.3.4571 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1123.513348][ T7913] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1123.513357][ T7913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1123.513369][ T7913] Call Trace: [ 1123.513377][ T7913] [ 1123.513384][ T7913] dump_stack_lvl+0x16c/0x1f0 [ 1123.513421][ T7913] should_fail_ex+0x512/0x640 [ 1123.513444][ T7913] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1123.513474][ T7913] should_failslab+0xc2/0x120 [ 1123.513506][ T7913] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1123.513533][ T7913] ? __d_alloc+0x35/0xa80 [ 1123.513556][ T7913] ? __d_alloc+0x35/0xa80 [ 1123.513572][ T7913] __d_alloc+0x35/0xa80 [ 1123.513588][ T7913] ? __ns_ref_active_get+0x96/0x1b0 [ 1123.513620][ T7913] path_from_stashed+0x427/0x750 [ 1123.513650][ T7913] ? do_raw_spin_unlock+0x172/0x230 [ 1123.513676][ T7913] ns_get_path+0x60/0x80 [ 1123.513705][ T7913] proc_ns_get_link+0x121/0x230 [ 1123.513728][ T7913] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1123.513751][ T7913] ? atime_needs_update+0x8b/0x710 [ 1123.513777][ T7913] pick_link+0xc96/0x13b0 [ 1123.513801][ T7913] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1123.513825][ T7913] step_into_slowpath+0x6c6/0xf50 [ 1123.513853][ T7913] ? __pfx_step_into_slowpath+0x10/0x10 [ 1123.513877][ T7913] ? find_held_lock+0x2b/0x80 [ 1123.513908][ T7913] path_openat+0x10db/0x3140 [ 1123.513943][ T7913] ? __pfx_path_openat+0x10/0x10 [ 1123.513979][ T7913] do_filp_open+0x20b/0x470 [ 1123.514008][ T7913] ? __pfx_do_filp_open+0x10/0x10 [ 1123.514051][ T7913] ? alloc_fd+0x471/0x7d0 [ 1123.514085][ T7913] do_sys_openat2+0x121/0x290 [ 1123.514107][ T7913] ? __pfx_do_sys_openat2+0x10/0x10 [ 1123.514136][ T7913] __x64_sys_openat+0x174/0x210 [ 1123.514161][ T7913] ? __pfx___x64_sys_openat+0x10/0x10 [ 1123.514191][ T7913] do_syscall_64+0xcd/0xf80 [ 1123.514222][ T7913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1123.514241][ T7913] RIP: 0033:0x7f33b258e010 [ 1123.514257][ T7913] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 1123.514275][ T7913] RSP: 002b:00007f33b33f0f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1123.514294][ T7913] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f33b258e010 [ 1123.514307][ T7913] RDX: 0000000000000002 RSI: 00007f33b33f0fa0 RDI: 00000000ffffff9c [ 1123.514318][ T7913] RBP: 00007f33b33f0fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1123.514329][ T7913] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1123.514346][ T7913] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1123.514369][ T7913] [ 1124.282504][ T30] audit: type=1806 audit(2147485108.800:102): xattr="" res=-22 [ 1125.790231][ T8043] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1125.832691][ T8043] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1126.013265][ T8057] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4581'. [ 1126.967407][ T8104] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1127.240221][ T8112] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48 [ 1127.495043][ T8119] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49 [ 1127.639185][ T8123] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1127.683271][ T8123] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1127.735066][ T8123] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1127.775729][ T8123] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1128.270874][ T8183] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1128.351476][ T8186] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1128.558013][ T8197] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 1129.517951][T22011] Bluetooth: hci2: command 0x0c1a tx timeout [ 1129.677236][T22011] Bluetooth: hci3: command 0x0c1a tx timeout [ 1129.757002][T22011] Bluetooth: hci1: command 0x0c1a tx timeout [ 1129.838635][T22011] Bluetooth: hci4: command 0x0c1a tx timeout [ 1130.047157][ T8277] input: f¬ as /devices/virtual/input/input50 [ 1131.506019][ T8331] program syz.4.4607 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1131.516703][ T30] audit: type=1800 audit(2147485116.144:103): pid=8311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4606" name="lu_gp_id" dev="configfs" ino=109195 res=0 errno=0 [ 1131.578339][ T8330] program syz.4.4607 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1131.620765][ T8330] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4607'. [ 1131.842647][ T8330] hsr_slave_0 (unregistering): left promiscuous mode [ 1132.805134][ T8395] ubi31: attaching mtd0 [ 1132.820441][ T8395] ubi31 error: validate_ec_hdr: bad VID header offset 64, expected 514 [ 1132.863876][ T8395] ubi31 error: validate_ec_hdr: bad EC header [ 1132.922040][ T8395] Erase counter header dump: [ 1132.932809][ T8395] magic 0x55424923 [ 1132.961749][ T8395] version 1 [ 1132.987359][ T8395] ec 1 [ 1133.011510][ T8395] vid_hdr_offset 64 [ 1133.032589][ T8395] data_offset 128 [ 1133.061402][ T8395] image_seq -806782295 [ 1133.102838][ T8395] hdr_crc 0xc472f55a [ 1133.112899][ T8395] erase counter header hexdump: [ 1133.166624][ T8395] CPU: 0 UID: 0 PID: 8395 Comm: syz.0.4609 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1133.166653][ T8395] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1133.166661][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1133.166672][ T8395] Call Trace: [ 1133.166679][ T8395] [ 1133.166687][ T8395] dump_stack_lvl+0x16c/0x1f0 [ 1133.166722][ T8395] validate_ec_hdr+0x28c/0x330 [ 1133.166750][ T8395] ubi_io_read_ec_hdr+0x6d1/0x760 [ 1133.166778][ T8395] ubi_attach+0x61f/0x4fa0 [ 1133.166804][ T8395] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1133.166826][ T8395] ? ubi_msg+0x108/0x160 [ 1133.166842][ T8395] ? __pfx_ubi_msg+0x10/0x10 [ 1133.166860][ T8395] ? __pfx_ubi_attach+0x10/0x10 [ 1133.166881][ T8395] ? ubi_attach_mtd_dev+0x15ad/0x37f0 [ 1133.166901][ T8395] ? __vmalloc_node_noprof+0xad/0xf0 [ 1133.166919][ T8395] ? ubi_attach_mtd_dev+0x15ad/0x37f0 [ 1133.166941][ T8395] ubi_attach_mtd_dev+0x15f9/0x37f0 [ 1133.166972][ T8395] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 1133.166991][ T8395] ? __pfx_get_mtd_device+0x10/0x10 [ 1133.167023][ T8395] ctrl_cdev_ioctl+0x381/0x420 [ 1133.167043][ T8395] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 1133.167069][ T8395] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 1133.167090][ T8395] __x64_sys_ioctl+0x18e/0x210 [ 1133.167116][ T8395] do_syscall_64+0xcd/0xf80 [ 1133.167146][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1133.167167][ T8395] RIP: 0033:0x7f2b0a18f7c9 [ 1133.167182][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1133.167200][ T8395] RSP: 002b:00007f2b0afd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1133.167219][ T8395] RAX: ffffffffffffffda RBX: 00007f2b0a3e5fa0 RCX: 00007f2b0a18f7c9 [ 1133.167232][ T8395] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000006 [ 1133.167243][ T8395] RBP: 00007f2b0a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1133.167255][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1133.167266][ T8395] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1133.167291][ T8395] [ 1133.167298][ T8395] ubi31 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 1133.910736][ T8434] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4617'. [ 1134.115709][T22011] block nbd0: Receive control failed (result -32) [ 1134.326516][ T8395] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1134.957252][ T8499] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1135.752838][ T8542] zswap: compressor not available [ 1136.052996][ T8548] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4627'. [ 1136.250286][ T8561] zswap: compressor û not available [ 1138.070794][ T8674] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 1139.357832][ T8764] openvswitch: netlink: Message has 4 unknown bytes. [ 1139.890077][ T8776] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1140.142095][ T8790] vivid-007: ================= START STATUS ================= [ 1140.187829][ T8790] vivid-007: Generate PTS: true [ 1140.227710][ T8790] vivid-007: Generate SCR: true [ 1140.235522][ T8790] tpg source WxH: 320x240 (Y'CbCr) [ 1140.255023][ T8790] tpg field: 1 [ 1140.279865][ T8790] tpg crop: (0,0)/320x240 [ 1140.302692][ T8790] tpg compose: (0,0)/320x240 [ 1140.323781][ T8790] tpg colorspace: 8 [ 1140.343876][ T8790] tpg transfer function: 0/0 [ 1140.387464][ T8790] tpg Y'CbCr encoding: 0/0 [ 1140.429497][ T8790] tpg quantization: 0/0 [ 1140.462568][ T8790] tpg RGB range: 0/2 [ 1140.516384][ T8790] vivid-007: ================== END STATUS ================== [ 1144.289071][ T8963] tipc: Started in network mode [ 1144.358887][ T8963] tipc: Node identity ee00, cluster identity 4711 [ 1144.400503][ T8963] tipc: Node number set to 60928 [ 1148.218402][ T9199] zswap: compressor not available [ 1148.321530][ T9202] zswap: compressor not available [ 1148.988423][ T9244] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4668'. [ 1151.118446][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4677'. [ 1151.600316][ T9350] tipc: Started in network mode [ 1151.703716][ T9350] tipc: Node identity ee00, cluster identity 4711 [ 1151.803200][ T9350] tipc: Node number set to 60928 [ 1152.975543][ T9380] FAULT_INJECTION: forcing a failure. [ 1152.975543][ T9380] name failslab, interval 1, probability 393216, space 0, times 0 [ 1153.086710][ T9380] CPU: 0 UID: 0 PID: 9380 Comm: syz.3.4680 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1153.086745][ T9380] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1153.086752][ T9380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1153.086764][ T9380] Call Trace: [ 1153.086772][ T9380] [ 1153.086780][ T9380] dump_stack_lvl+0x16c/0x1f0 [ 1153.086813][ T9380] should_fail_ex+0x512/0x640 [ 1153.086835][ T9380] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1153.086862][ T9380] should_failslab+0xc2/0x120 [ 1153.086892][ T9380] kmem_cache_alloc_noprof+0x83/0x770 [ 1153.086916][ T9380] ? security_file_alloc+0x34/0x2b0 [ 1153.086945][ T9380] ? security_file_alloc+0x34/0x2b0 [ 1153.086972][ T9380] security_file_alloc+0x34/0x2b0 [ 1153.086997][ T9380] init_file+0x93/0x4c0 [ 1153.087017][ T9380] alloc_empty_file+0x73/0x1e0 [ 1153.087038][ T9380] path_openat+0xde/0x3140 [ 1153.087066][ T9380] ? do_syscall_64+0xcd/0xf80 [ 1153.087094][ T9380] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.087120][ T9380] ? __pfx_path_openat+0x10/0x10 [ 1153.087164][ T9380] do_filp_open+0x20b/0x470 [ 1153.087193][ T9380] ? __pfx_do_filp_open+0x10/0x10 [ 1153.087238][ T9380] ? alloc_fd+0x471/0x7d0 [ 1153.087272][ T9380] do_sys_openat2+0x121/0x290 [ 1153.087293][ T9380] ? __pfx_do_sys_openat2+0x10/0x10 [ 1153.087314][ T9380] ? __pfx___up_read+0x10/0x10 [ 1153.087336][ T9380] ? __do_sys_kcmp+0x36b/0xd70 [ 1153.087370][ T9380] __x64_sys_openat+0x174/0x210 [ 1153.087393][ T9380] ? __pfx___x64_sys_openat+0x10/0x10 [ 1153.087423][ T9380] do_syscall_64+0xcd/0xf80 [ 1153.087453][ T9380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.087472][ T9380] RIP: 0033:0x7f33b258e010 [ 1153.087489][ T9380] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 1153.087507][ T9380] RSP: 002b:00007f33b33f0f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1153.087525][ T9380] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f33b258e010 [ 1153.087538][ T9380] RDX: 0000000000000002 RSI: 00007f33b33f0fa0 RDI: 00000000ffffff9c [ 1153.087550][ T9380] RBP: 00007f33b33f0fa0 R08: 0000000000000000 R09: 00007f33b33f0cd4 [ 1153.087561][ T9380] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1153.087573][ T9380] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1153.087598][ T9380] [ 1154.505583][ T9394] zswap: compressor not available [ 1155.061556][ T9408] netlink: 4124 bytes leftover after parsing attributes in process `syz.1.4685'. [ 1155.837791][ T9437] FAULT_INJECTION: forcing a failure. [ 1155.837791][ T9437] name failslab, interval 1, probability 393216, space 0, times 0 [ 1155.876519][T22011] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 1155.996087][ T9437] CPU: 0 UID: 0 PID: 9437 Comm: syz.3.4687 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1155.996125][ T9437] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1155.996133][ T9437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1155.996144][ T9437] Call Trace: [ 1155.996151][ T9437] [ 1155.996159][ T9437] dump_stack_lvl+0x16c/0x1f0 [ 1155.996194][ T9437] should_fail_ex+0x512/0x640 [ 1155.996215][ T9437] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1155.996244][ T9437] should_failslab+0xc2/0x120 [ 1155.996274][ T9437] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1155.996308][ T9437] ? alloc_inode+0xc3/0x240 [ 1155.996333][ T9437] ? alloc_inode+0xc3/0x240 [ 1155.996354][ T9437] alloc_inode+0xc3/0x240 [ 1155.996375][ T9437] path_from_stashed+0x25b/0x750 [ 1155.996411][ T9437] ns_get_path+0x60/0x80 [ 1155.996441][ T9437] proc_ns_get_link+0x121/0x230 [ 1155.996464][ T9437] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1155.996487][ T9437] ? atime_needs_update+0x8b/0x710 [ 1155.996513][ T9437] pick_link+0xc96/0x13b0 [ 1155.996537][ T9437] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1155.996561][ T9437] step_into_slowpath+0x6c6/0xf50 [ 1155.996590][ T9437] ? __pfx_step_into_slowpath+0x10/0x10 [ 1155.996614][ T9437] ? find_held_lock+0x2b/0x80 [ 1155.996645][ T9437] path_openat+0x10db/0x3140 [ 1155.996680][ T9437] ? __pfx_path_openat+0x10/0x10 [ 1155.996716][ T9437] do_filp_open+0x20b/0x470 [ 1155.996746][ T9437] ? __pfx_do_filp_open+0x10/0x10 [ 1155.996790][ T9437] ? alloc_fd+0x471/0x7d0 [ 1155.996824][ T9437] do_sys_openat2+0x121/0x290 [ 1155.996845][ T9437] ? __pfx_do_sys_openat2+0x10/0x10 [ 1155.996874][ T9437] __x64_sys_openat+0x174/0x210 [ 1155.996896][ T9437] ? __pfx___x64_sys_openat+0x10/0x10 [ 1155.996927][ T9437] do_syscall_64+0xcd/0xf80 [ 1155.996957][ T9437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1155.996977][ T9437] RIP: 0033:0x7f33b258e010 [ 1155.996993][ T9437] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 1155.997012][ T9437] RSP: 002b:00007f33b33f0f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1155.997031][ T9437] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f33b258e010 [ 1155.997044][ T9437] RDX: 0000000000000002 RSI: 00007f33b33f0fa0 RDI: 00000000ffffff9c [ 1155.997055][ T9437] RBP: 00007f33b33f0fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1155.997066][ T9437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1155.997077][ T9437] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1155.997100][ T9437] [ 1156.734458][ T9456] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4690'. [ 1156.767109][ T9456] bridge0: entered promiscuous mode [ 1156.767135][ T9456] bridge0: entered allmulticast mode [ 1158.107257][ T9499] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4697'. [ 1158.471765][ T30] audit: type=1804 audit(2147485143.211:104): pid=9511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4699" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=1056 res=1 errno=0 [ 1159.151868][ T9541] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4702'. [ 1159.434368][ T9544] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4700'. [ 1160.654219][ T9616] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1161.670335][ T9636] netlink: 2 bytes leftover after parsing attributes in process `syz.1.4722'. [ 1161.744778][ T9637] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4714'. [ 1163.095179][T22011] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 1163.232473][ T9705] netlink: 'syz.1.4720': attribute type 1 has an invalid length. [ 1163.278085][ T9705] netlink: 314 bytes leftover after parsing attributes in process `syz.1.4720'. [ 1163.412939][ T9706] netlink: zone id is out of range [ 1163.483176][ T9706] netlink: del zone limit has 4 unknown bytes [ 1164.622317][ T9815] blktrace: Concurrent blktraces are not allowed on loop2 [ 1165.577933][ T30] audit: type=1806 audit(2147485150.354:105): res=-14 [ 1167.167474][ T9913] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4739'. [ 1169.137902][T10040] hub 1-0:1.0: USB hub found [ 1169.176208][T10040] hub 1-0:1.0: 1 port detected [ 1169.329290][T10048] FAULT_INJECTION: forcing a failure. [ 1169.329290][T10048] name failslab, interval 1, probability 393216, space 0, times 0 [ 1169.482454][T10048] CPU: 0 UID: 0 PID: 10048 Comm: syz.0.4746 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1169.482490][T10048] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1169.482497][T10048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1169.482509][T10048] Call Trace: [ 1169.482516][T10048] [ 1169.482523][T10048] dump_stack_lvl+0x16c/0x1f0 [ 1169.482558][T10048] should_fail_ex+0x512/0x640 [ 1169.482580][T10048] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1169.482612][T10048] should_failslab+0xc2/0x120 [ 1169.482641][T10048] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1169.482666][T10048] ? __d_alloc+0x35/0xa80 [ 1169.482687][T10048] ? __d_alloc+0x35/0xa80 [ 1169.482702][T10048] __d_alloc+0x35/0xa80 [ 1169.482718][T10048] ? __ns_ref_active_get+0x96/0x1b0 [ 1169.482750][T10048] path_from_stashed+0x427/0x750 [ 1169.482786][T10048] ns_get_path+0x60/0x80 [ 1169.482815][T10048] proc_ns_get_link+0x121/0x230 [ 1169.482836][T10048] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1169.482860][T10048] ? atime_needs_update+0x8b/0x710 [ 1169.482885][T10048] pick_link+0xc96/0x13b0 [ 1169.482909][T10048] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1169.482933][T10048] step_into_slowpath+0x6c6/0xf50 [ 1169.482969][T10048] ? __pfx_step_into_slowpath+0x10/0x10 [ 1169.482993][T10048] ? find_held_lock+0x2b/0x80 [ 1169.483025][T10048] path_openat+0x10db/0x3140 [ 1169.483061][T10048] ? __pfx_path_openat+0x10/0x10 [ 1169.483098][T10048] do_filp_open+0x20b/0x470 [ 1169.483127][T10048] ? __pfx_do_filp_open+0x10/0x10 [ 1169.483173][T10048] ? alloc_fd+0x471/0x7d0 [ 1169.483208][T10048] do_sys_openat2+0x121/0x290 [ 1169.483229][T10048] ? __pfx_do_sys_openat2+0x10/0x10 [ 1169.483259][T10048] __x64_sys_openat+0x174/0x210 [ 1169.483281][T10048] ? __pfx___x64_sys_openat+0x10/0x10 [ 1169.483312][T10048] do_syscall_64+0xcd/0xf80 [ 1169.483342][T10048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1169.483363][T10048] RIP: 0033:0x7f2b0a18e010 [ 1169.483379][T10048] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 1169.483398][T10048] RSP: 002b:00007f2b0afd5f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1169.483417][T10048] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2b0a18e010 [ 1169.483430][T10048] RDX: 0000000000000002 RSI: 00007f2b0afd5fa0 RDI: 00000000ffffff9c [ 1169.483442][T10048] RBP: 00007f2b0afd5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1169.483453][T10048] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1169.483465][T10048] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1169.483488][T10048] [ 1170.289177][T10085] FAULT_INJECTION: forcing a failure. [ 1170.289177][T10085] name failslab, interval 1, probability 393216, space 0, times 0 [ 1170.356205][T10085] CPU: 0 UID: 0 PID: 10085 Comm: syz.4.4749 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1170.356239][T10085] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1170.356247][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1170.356258][T10085] Call Trace: [ 1170.356265][T10085] [ 1170.356272][T10085] dump_stack_lvl+0x16c/0x1f0 [ 1170.356305][T10085] should_fail_ex+0x512/0x640 [ 1170.356327][T10085] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1170.356353][T10085] should_failslab+0xc2/0x120 [ 1170.356382][T10085] __kmalloc_cache_noprof+0x80/0x800 [ 1170.356404][T10085] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 1170.356434][T10085] ? add_uevent_var+0x1dc/0x3a0 [ 1170.356456][T10085] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 1170.356484][T10085] kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 1170.356514][T10085] ? __pfx_kvm_vm_release+0x10/0x10 [ 1170.356538][T10085] kvm_put_kvm+0xe3/0xb00 [ 1170.356561][T10085] ? lockdep_hardirqs_on+0x7c/0x110 [ 1170.356590][T10085] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1170.356618][T10085] ? __pfx_kvm_vm_release+0x10/0x10 [ 1170.356642][T10085] kvm_vm_release+0x3c/0x50 [ 1170.356665][T10085] __fput+0x402/0xb70 [ 1170.356690][T10085] task_work_run+0x150/0x240 [ 1170.356713][T10085] ? __pfx_task_work_run+0x10/0x10 [ 1170.356732][T10085] ? __do_sys_close_range+0x278/0x730 [ 1170.356768][T10085] exit_to_user_mode_loop+0xfb/0x540 [ 1170.356794][T10085] do_syscall_64+0x4ee/0xf80 [ 1170.356825][T10085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.356844][T10085] RIP: 0033:0x7fee8c18f7c9 [ 1170.356860][T10085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1170.356879][T10085] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1170.356897][T10085] RAX: 0000000000000000 RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 1170.356916][T10085] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 1170.356927][T10085] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1170.356938][T10085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1170.356949][T10085] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 1170.356973][T10085] [ 1171.245084][T10129] bond0: invalid ARP target specified [ 1171.483744][T10132] syz.0.4753 (10132): attempted to duplicate a private mapping with mremap. This is not supported. [ 1172.151881][T10159] FAULT_INJECTION: forcing a failure. [ 1172.151881][T10159] name failslab, interval 1, probability 393216, space 0, times 0 [ 1172.205895][T10159] CPU: 0 UID: 0 PID: 10159 Comm: syz.3.4757 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1172.205932][T10159] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1172.205941][T10159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1172.205952][T10159] Call Trace: [ 1172.205959][T10159] [ 1172.205967][T10159] dump_stack_lvl+0x16c/0x1f0 [ 1172.206002][T10159] should_fail_ex+0x512/0x640 [ 1172.206024][T10159] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1172.206050][T10159] should_failslab+0xc2/0x120 [ 1172.206079][T10159] __kmalloc_cache_noprof+0x80/0x800 [ 1172.206100][T10159] ? lockdep_init_map_type+0x5c/0x270 [ 1172.206119][T10159] ? do_inotify_init+0xa2/0x5f0 [ 1172.206146][T10159] ? do_inotify_init+0xa2/0x5f0 [ 1172.206168][T10159] do_inotify_init+0xa2/0x5f0 [ 1172.206189][T10159] ? rcu_is_watching+0x12/0xc0 [ 1172.206225][T10159] __x64_sys_inotify_init1+0x30/0x40 [ 1172.206248][T10159] do_syscall_64+0xcd/0xf80 [ 1172.206279][T10159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.206299][T10159] RIP: 0033:0x7f33b258f7c9 [ 1172.206314][T10159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.206335][T10159] RSP: 002b:00007f33b33f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 1172.206355][T10159] RAX: ffffffffffffffda RBX: 00007f33b27e5fa0 RCX: 00007f33b258f7c9 [ 1172.206368][T10159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1172.206380][T10159] RBP: 00007f33b2613f91 R08: 0000000000000000 R09: 0000000000000000 [ 1172.206392][T10159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.206403][T10159] R13: 00007f33b27e6038 R14: 00007f33b27e5fa0 R15: 00007ffc24d43708 [ 1172.206427][T10159] [ 1172.390740][T10159] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4757'. [ 1172.411248][T10164] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 1174.071835][T22011] Bluetooth: hci2: unexpected event 0x07 length: 435 > 255 [ 1174.388863][T10213] [U] ^@ [ 1174.779067][T10240] FAULT_INJECTION: forcing a failure. [ 1174.779067][T10240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1174.904691][T10240] CPU: 0 UID: 0 PID: 10240 Comm: syz.4.4767 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1174.904726][T10240] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1174.904733][T10240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1174.904744][T10240] Call Trace: [ 1174.904751][T10240] [ 1174.904758][T10240] dump_stack_lvl+0x16c/0x1f0 [ 1174.904792][T10240] should_fail_ex+0x512/0x640 [ 1174.904821][T10240] _copy_from_user+0x2e/0xd0 [ 1174.904844][T10240] ucma_write+0x128/0x330 [ 1174.904863][T10240] ? __pfx_ucma_write+0x10/0x10 [ 1174.904881][T10240] ? bpf_lsm_file_permission+0x9/0x10 [ 1174.904911][T10240] ? security_file_permission+0x71/0x210 [ 1174.904937][T10240] ? rw_verify_area+0xcf/0x6c0 [ 1174.904962][T10240] ? __pfx_ucma_write+0x10/0x10 [ 1174.904980][T10240] vfs_write+0x2a0/0x11d0 [ 1174.905011][T10240] ? __pfx_vfs_write+0x10/0x10 [ 1174.905036][T10240] ? find_held_lock+0x2b/0x80 [ 1174.905061][T10240] ? __fget_files+0x204/0x3c0 [ 1174.905091][T10240] ? __fget_files+0x20e/0x3c0 [ 1174.905123][T10240] ksys_write+0x1f8/0x250 [ 1174.905150][T10240] ? __pfx_ksys_write+0x10/0x10 [ 1174.905183][T10240] do_syscall_64+0xcd/0xf80 [ 1174.905214][T10240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.905233][T10240] RIP: 0033:0x7fee8c18f7c9 [ 1174.905250][T10240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1174.905269][T10240] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1174.905288][T10240] RAX: ffffffffffffffda RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 1174.905301][T10240] RDX: 0000000000000015 RSI: 0000000000000000 RDI: 000000000000000c [ 1174.905312][T10240] RBP: 00007fee8cf56090 R08: 0000000000000000 R09: 0000000000000000 [ 1174.905324][T10240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1174.905336][T10240] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 1174.905359][T10240] [ 1176.899598][ T30] audit: type=1326 audit(2147485161.738:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10309 comm="syz.0.4776" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2b0a18f7c9 code=0x0 [ 1177.017479][ T30] audit: type=1326 audit(2147485161.828:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10309 comm="syz.0.4776" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2b0a18f7c9 code=0x0 [ 1178.237460][T10357] FAULT_INJECTION: forcing a failure. [ 1178.237460][T10357] name failslab, interval 1, probability 393216, space 0, times 0 [ 1178.292091][T10357] CPU: 0 UID: 0 PID: 10357 Comm: syz.0.4779 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1178.292126][T10357] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1178.292133][T10357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1178.292144][T10357] Call Trace: [ 1178.292151][T10357] [ 1178.292159][T10357] dump_stack_lvl+0x16c/0x1f0 [ 1178.292192][T10357] should_fail_ex+0x512/0x640 [ 1178.292214][T10357] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1178.292239][T10357] should_failslab+0xc2/0x120 [ 1178.292268][T10357] __kmalloc_cache_noprof+0x80/0x800 [ 1178.292290][T10357] ? ieee80211_init_rate_ctrl_alg+0x175/0x680 [ 1178.292325][T10357] ? ieee80211_init_rate_ctrl_alg+0x175/0x680 [ 1178.292356][T10357] ieee80211_init_rate_ctrl_alg+0x175/0x680 [ 1178.292389][T10357] ieee80211_register_hw+0x21b5/0x4160 [ 1178.292412][T10357] ? lockdep_hardirqs_on+0x11/0x110 [ 1178.292440][T10357] ? _raw_spin_unlock+0x41/0x50 [ 1178.292469][T10357] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1178.292488][T10357] ? __pfx___debug_object_init+0x10/0x10 [ 1178.292522][T10357] ? find_held_lock+0x2b/0x80 [ 1178.292547][T10357] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1178.292578][T10357] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1178.292606][T10357] ? __hrtimer_setup+0x176/0x280 [ 1178.292632][T10357] mac80211_hwsim_new_radio+0x3323/0x5150 [ 1178.292667][T10357] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1178.292697][T10357] hwsim_new_radio_nl+0xba2/0x1330 [ 1178.292721][T10357] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1178.292750][T10357] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1178.292784][T10357] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1178.292822][T10357] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1178.292855][T10357] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1178.292887][T10357] ? genl_get_cmd+0x194/0x580 [ 1178.292920][T10357] ? bpf_lsm_capable+0x9/0x10 [ 1178.292952][T10357] ? security_capable+0x7e/0x260 [ 1178.292984][T10357] ? ns_capable+0xd7/0x110 [ 1178.293011][T10357] genl_rcv_msg+0x55c/0x800 [ 1178.293031][T10357] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1178.293050][T10357] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1178.293080][T10357] netlink_rcv_skb+0x158/0x420 [ 1178.293112][T10357] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1178.293132][T10357] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1178.293169][T10357] ? netlink_deliver_tap+0x1ae/0xd30 [ 1178.293199][T10357] genl_rcv+0x28/0x40 [ 1178.293227][T10357] netlink_unicast+0x5aa/0x870 [ 1178.293258][T10357] ? __pfx_netlink_unicast+0x10/0x10 [ 1178.293294][T10357] netlink_sendmsg+0x8c8/0xdd0 [ 1178.293326][T10357] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1178.293357][T10357] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 1178.293393][T10357] ____sys_sendmsg+0xa5d/0xc30 [ 1178.293425][T10357] ? copy_msghdr_from_user+0x10a/0x160 [ 1178.293449][T10357] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1178.293477][T10357] ? preempt_schedule_thunk+0x16/0x30 [ 1178.293500][T10357] ? try_to_wake_up+0xa67/0x1860 [ 1178.293530][T10357] ___sys_sendmsg+0x134/0x1d0 [ 1178.293556][T10357] ? __pfx____sys_sendmsg+0x10/0x10 [ 1178.293580][T10357] ? futex_private_hash_put+0x160/0x1b0 [ 1178.293628][T10357] __sys_sendmsg+0x16d/0x220 [ 1178.293652][T10357] ? __pfx___sys_sendmsg+0x10/0x10 [ 1178.293676][T10357] ? __x64_sys_futex+0x1e0/0x4c0 [ 1178.293712][T10357] do_syscall_64+0xcd/0xf80 [ 1178.293743][T10357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1178.293762][T10357] RIP: 0033:0x7f2b0a18f7c9 [ 1178.293779][T10357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1178.293798][T10357] RSP: 002b:00007f2b0afd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1178.293816][T10357] RAX: ffffffffffffffda RBX: 00007f2b0a3e5fa0 RCX: 00007f2b0a18f7c9 [ 1178.293828][T10357] RDX: 000000002004c880 RSI: 0000200000000200 RDI: 0000000000000005 [ 1178.293840][T10357] RBP: 00007f2b0a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1178.293851][T10357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1178.293862][T10357] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1178.293887][T10357] [ 1179.115369][T10357] ieee80211 phy70: Failed to select rate control algorithm [ 1179.268421][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1179.275445][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.374236][T10362] FAULT_INJECTION: forcing a failure. [ 1179.374236][T10362] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1179.424575][T10369] FAULT_INJECTION: forcing a failure. [ 1179.424575][T10369] name failslab, interval 1, probability 393216, space 0, times 0 [ 1179.437927][T10362] CPU: 0 UID: 0 PID: 10362 Comm: syz.0.4780 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1179.437960][T10362] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1179.437967][T10362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1179.437979][T10362] Call Trace: [ 1179.437986][T10362] [ 1179.437993][T10362] dump_stack_lvl+0x16c/0x1f0 [ 1179.438026][T10362] should_fail_ex+0x512/0x640 [ 1179.438051][T10362] _copy_from_user+0x2e/0xd0 [ 1179.438073][T10362] ucma_get_event+0xcb/0x730 [ 1179.438097][T10362] ? __pfx_ucma_get_event+0x10/0x10 [ 1179.438118][T10362] ? find_held_lock+0x2b/0x80 [ 1179.438150][T10362] ? __might_fault+0xe3/0x190 [ 1179.438171][T10362] ? __might_fault+0xe3/0x190 [ 1179.438191][T10362] ? __might_fault+0x13b/0x190 [ 1179.438218][T10362] ? __pfx_ucma_get_event+0x10/0x10 [ 1179.438239][T10362] ucma_write+0x1fb/0x330 [ 1179.438258][T10362] ? __pfx_ucma_write+0x10/0x10 [ 1179.438276][T10362] ? bpf_lsm_file_permission+0x9/0x10 [ 1179.438298][T10362] ? security_file_permission+0x71/0x210 [ 1179.438324][T10362] ? rw_verify_area+0xcf/0x6c0 [ 1179.438349][T10362] ? __pfx_ucma_write+0x10/0x10 [ 1179.438366][T10362] vfs_write+0x2a0/0x11d0 [ 1179.438398][T10362] ? __pfx_vfs_write+0x10/0x10 [ 1179.438423][T10362] ? find_held_lock+0x2b/0x80 [ 1179.438447][T10362] ? __fget_files+0x204/0x3c0 [ 1179.438478][T10362] ? __fget_files+0x20e/0x3c0 [ 1179.438646][T10362] ksys_write+0x1f8/0x250 [ 1179.438678][T10362] ? __pfx_ksys_write+0x10/0x10 [ 1179.438712][T10362] do_syscall_64+0xcd/0xf80 [ 1179.438742][T10362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.438763][T10362] RIP: 0033:0x7f2b0a18f7c9 [ 1179.438779][T10362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1179.438797][T10362] RSP: 002b:00007f2b0afd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1179.438817][T10362] RAX: ffffffffffffffda RBX: 00007f2b0a3e5fa0 RCX: 00007f2b0a18f7c9 [ 1179.438847][T10362] RDX: 0000000000000015 RSI: 0000000000000000 RDI: 000000000000000c [ 1179.438858][T10362] RBP: 00007f2b0afd6090 R08: 0000000000000000 R09: 0000000000000000 [ 1179.438869][T10362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1179.438880][T10362] R13: 00007f2b0a3e6038 R14: 00007f2b0a3e5fa0 R15: 00007ffe28909368 [ 1179.438903][T10362] [ 1179.933163][T10370] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4781'. [ 1179.959486][T10369] CPU: 0 UID: 0 PID: 10369 Comm: syz.4.4781 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1179.959524][T10369] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1179.959531][T10369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1179.959543][T10369] Call Trace: [ 1179.959550][T10369] [ 1179.959558][T10369] dump_stack_lvl+0x16c/0x1f0 [ 1179.959593][T10369] should_fail_ex+0x512/0x640 [ 1179.959615][T10369] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1179.959640][T10369] should_failslab+0xc2/0x120 [ 1179.959678][T10369] __kmalloc_cache_noprof+0x80/0x800 [ 1179.959699][T10369] ? lockdep_init_map_type+0x5c/0x270 [ 1179.959719][T10369] ? do_inotify_init+0xa2/0x5f0 [ 1179.959745][T10369] ? do_inotify_init+0xa2/0x5f0 [ 1179.959767][T10369] do_inotify_init+0xa2/0x5f0 [ 1179.959788][T10369] ? rcu_is_watching+0x12/0xc0 [ 1179.959817][T10369] __x64_sys_inotify_init1+0x30/0x40 [ 1179.959840][T10369] do_syscall_64+0xcd/0xf80 [ 1179.959872][T10369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.959898][T10369] RIP: 0033:0x7fee8c18f7c9 [ 1179.959916][T10369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1179.959936][T10369] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 1179.959955][T10369] RAX: ffffffffffffffda RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 1179.959968][T10369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1179.959979][T10369] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1179.959991][T10369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1179.960002][T10369] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 1179.960026][T10369] [ 1181.677907][T10383] FAULT_INJECTION: forcing a failure. [ 1181.677907][T10383] name failslab, interval 1, probability 393216, space 0, times 0 [ 1181.764993][T10383] CPU: 0 UID: 0 PID: 10383 Comm: syz.1.4784 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1181.765028][T10383] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1181.765036][T10383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1181.765047][T10383] Call Trace: [ 1181.765054][T10383] [ 1181.765061][T10383] dump_stack_lvl+0x16c/0x1f0 [ 1181.765103][T10383] should_fail_ex+0x512/0x640 [ 1181.765126][T10383] ? __kmalloc_noprof+0xca/0x910 [ 1181.765150][T10383] should_failslab+0xc2/0x120 [ 1181.765180][T10383] __kmalloc_noprof+0xeb/0x910 [ 1181.765201][T10383] ? __register_sysctl_table+0xb3/0x1900 [ 1181.765232][T10383] ? __register_sysctl_table+0xb3/0x1900 [ 1181.765257][T10383] __register_sysctl_table+0xb3/0x1900 [ 1181.765284][T10383] ? is_module_address+0x5f/0xf0 [ 1181.765310][T10383] ? __pfx___register_sysctl_table+0x10/0x10 [ 1181.765335][T10383] ? is_module_address+0x69/0xf0 [ 1181.765356][T10383] ? register_net_sysctl_sz+0x222/0x450 [ 1181.765378][T10383] ? __asan_memcpy+0x3c/0x60 [ 1181.765404][T10383] nf_conntrack_pernet_init+0x83e/0xb40 [ 1181.765428][T10383] ? __pfx_nf_conntrack_pernet_init+0x10/0x10 [ 1181.765449][T10383] ops_init+0x1e2/0x5f0 [ 1181.765477][T10383] setup_net+0x11d/0x3a0 [ 1181.765504][T10383] ? __pfx_setup_net+0x10/0x10 [ 1181.765528][T10383] ? lockdep_init_map_type+0x5c/0x270 [ 1181.765548][T10383] ? mutex_init_lockep+0x110/0x150 [ 1181.765570][T10383] copy_net_ns+0x351/0x7c0 [ 1181.765600][T10383] create_new_namespaces+0x3ea/0xab0 [ 1181.765632][T10383] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1181.765661][T10383] ksys_unshare+0x45b/0xa40 [ 1181.765691][T10383] ? __pfx_ksys_unshare+0x10/0x10 [ 1181.765722][T10383] ? xfd_validate_state+0x61/0x180 [ 1181.765746][T10383] __x64_sys_unshare+0x31/0x40 [ 1181.765776][T10383] do_syscall_64+0xcd/0xf80 [ 1181.765806][T10383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.765825][T10383] RIP: 0033:0x7fa25078f7c9 [ 1181.765842][T10383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1181.765861][T10383] RSP: 002b:00007fa2516f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1181.765880][T10383] RAX: ffffffffffffffda RBX: 00007fa2509e5fa0 RCX: 00007fa25078f7c9 [ 1181.765892][T10383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1181.765904][T10383] RBP: 00007fa250813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1181.765915][T10383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1181.765927][T10383] R13: 00007fa2509e6038 R14: 00007fa2509e5fa0 R15: 00007ffef2677b38 [ 1181.765951][T10383] [ 1183.237141][T10409] hub 1-0:1.0: USB hub found [ 1183.407975][T10409] hub 1-0:1.0: 1 port detected [ 1183.719620][T10431] FAULT_INJECTION: forcing a failure. [ 1183.719620][T10431] name failslab, interval 1, probability 393216, space 0, times 0 [ 1184.041588][T10431] CPU: 0 UID: 0 PID: 10431 Comm: syz.4.4791 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1184.041627][T10431] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1184.041634][T10431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1184.041645][T10431] Call Trace: [ 1184.041653][T10431] [ 1184.041661][T10431] dump_stack_lvl+0x16c/0x1f0 [ 1184.041696][T10431] should_fail_ex+0x512/0x640 [ 1184.041718][T10431] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1184.041745][T10431] should_failslab+0xc2/0x120 [ 1184.041777][T10431] kmem_cache_alloc_noprof+0x83/0x770 [ 1184.041799][T10431] ? mas_alloc_nodes+0x27b/0x380 [ 1184.041828][T10431] ? mas_alloc_nodes+0x27b/0x380 [ 1184.041851][T10431] mas_alloc_nodes+0x27b/0x380 [ 1184.041878][T10431] mas_preallocate+0x5e3/0xee0 [ 1184.041912][T10431] ? __pfx_mas_preallocate+0x10/0x10 [ 1184.041947][T10431] ? vm_area_alloc+0x1f/0x160 [ 1184.041968][T10431] ? lockdep_init_map_type+0x5c/0x270 [ 1184.041991][T10431] __mmap_region+0x1262/0x2a00 [ 1184.042017][T10431] ? __pfx___mmap_region+0x10/0x10 [ 1184.042055][T10431] ? kvm_sched_clock_read+0x11/0x20 [ 1184.042082][T10431] ? sched_clock+0x38/0x60 [ 1184.042119][T10431] ? rcu_is_watching+0x12/0xc0 [ 1184.042190][T10431] ? rcu_is_watching+0x12/0xc0 [ 1184.042222][T10431] mmap_region+0x1ab/0x3f0 [ 1184.042246][T10431] ? __get_unmapped_area+0x267/0x3f0 [ 1184.042278][T10431] do_mmap+0xa3e/0x1210 [ 1184.042310][T10431] ? __pfx_do_mmap+0x10/0x10 [ 1184.042339][T10431] ? __pfx_down_write_killable+0x10/0x10 [ 1184.042363][T10431] vm_mmap_pgoff+0x29e/0x470 [ 1184.042394][T10431] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1184.042427][T10431] ? __x64_sys_futex+0x1e0/0x4c0 [ 1184.042448][T10431] ? __x64_sys_futex+0x1e9/0x4c0 [ 1184.042472][T10431] ksys_mmap_pgoff+0x7d/0x5c0 [ 1184.042499][T10431] ? xfd_validate_state+0x61/0x180 [ 1184.042520][T10431] __x64_sys_mmap+0x125/0x190 [ 1184.042541][T10431] do_syscall_64+0xcd/0xf80 [ 1184.042572][T10431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1184.042591][T10431] RIP: 0033:0x7fee8c18f7c9 [ 1184.042608][T10431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1184.042627][T10431] RSP: 002b:00007fee8cf56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1184.042645][T10431] RAX: ffffffffffffffda RBX: 00007fee8c3e5fa0 RCX: 00007fee8c18f7c9 [ 1184.042658][T10431] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1184.042669][T10431] RBP: 00007fee8c213f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1184.042681][T10431] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1184.042693][T10431] R13: 00007fee8c3e6038 R14: 00007fee8c3e5fa0 R15: 00007ffca701a4a8 [ 1184.042717][T10431] [ 1186.228476][T10462] [U] € [ 1188.821393][T10597] snd_aloop snd_aloop.0: snd_timer_open (10,0,0) failed with -19 [ 1189.825465][T10631] sd 0:0:1:0: PR command failed: 1026 [ 1189.874943][T10631] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1189.937947][T10631] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1189.973315][T10640] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1190.630619][ T8982] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:28: bg 1: bad block bitmap checksum [ 1190.704608][ T8982] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 3521 with max blocks 63 with error 74 [ 1190.798978][ T8982] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1190.798978][ T8982] [ 1191.111624][T10677] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4811'. [ 1191.127559][T10670] ================================================================== [ 1191.127576][T10670] BUG: KASAN: use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 1191.127626][T10670] Read of size 28 at addr ffff8880316a78e2 by task syz.4.4810/10670 [ 1191.127644][T10670] [ 1191.127656][T10670] CPU: 0 UID: 0 PID: 10670 Comm: syz.4.4810 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1191.127685][T10670] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1191.127694][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1191.127706][T10670] Call Trace: [ 1191.127713][T10670] [ 1191.127721][T10670] dump_stack_lvl+0x116/0x1f0 [ 1191.127758][T10670] print_report+0xcd/0x630 [ 1191.127786][T10670] ? __virt_addr_valid+0x81/0x610 [ 1191.127816][T10670] ? __phys_addr+0xe8/0x180 [ 1191.127845][T10670] ? fbcon_prepare_logo+0xa03/0xc70 [ 1191.127865][T10670] kasan_report+0xe0/0x110 [ 1191.127894][T10670] ? fbcon_prepare_logo+0xa03/0xc70 [ 1191.127917][T10670] kasan_check_range+0x100/0x1b0 [ 1191.127936][T10670] __asan_memcpy+0x23/0x60 [ 1191.127958][T10670] fbcon_prepare_logo+0xa03/0xc70 [ 1191.127981][T10670] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1191.128012][T10670] fbcon_init+0xda0/0x1930 [ 1191.128033][T10670] visual_init+0x320/0x620 [ 1191.128055][T10670] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1191.128084][T10670] store_bind+0x61d/0x760 [ 1191.128109][T10670] ? sysfs_file_kobj+0xe4/0x290 [ 1191.128127][T10670] ? __pfx_store_bind+0x10/0x10 [ 1191.128152][T10670] dev_attr_store+0x58/0x80 [ 1191.128181][T10670] ? __pfx_dev_attr_store+0x10/0x10 [ 1191.128205][T10670] sysfs_kf_write+0xf2/0x150 [ 1191.128223][T10670] kernfs_fop_write_iter+0x3af/0x570 [ 1191.128251][T10670] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1191.128270][T10670] iter_file_splice_write+0xa24/0x12b0 [ 1191.128306][T10670] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1191.128336][T10670] ? __pfx_copy_splice_read+0x10/0x10 [ 1191.128368][T10670] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1191.128398][T10670] direct_splice_actor+0x192/0x6c0 [ 1191.128427][T10670] splice_direct_to_actor+0x345/0xa30 [ 1191.128456][T10670] ? __pfx_direct_splice_actor+0x10/0x10 [ 1191.128486][T10670] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1191.128517][T10670] do_splice_direct+0x174/0x240 [ 1191.128545][T10670] ? __pfx_do_splice_direct+0x10/0x10 [ 1191.128572][T10670] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1191.128600][T10670] ? rw_verify_area+0xcf/0x6c0 [ 1191.128625][T10670] do_sendfile+0xb06/0xe50 [ 1191.128651][T10670] ? __pfx_do_sendfile+0x10/0x10 [ 1191.128676][T10670] ? _raw_spin_unlock_irq+0x23/0x50 [ 1191.128706][T10670] ? __x64_sys_futex+0x1e0/0x4c0 [ 1191.128728][T10670] ? __x64_sys_futex+0x1e9/0x4c0 [ 1191.128755][T10670] __x64_sys_sendfile64+0x1d8/0x220 [ 1191.128773][T10670] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1191.128795][T10670] do_syscall_64+0xcd/0xf80 [ 1191.128823][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.128843][T10670] RIP: 0033:0x7fee8c18f7c9 [ 1191.128858][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.128877][T10670] RSP: 002b:00007fee8a3d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1191.128897][T10670] RAX: ffffffffffffffda RBX: 00007fee8c3e6180 RCX: 00007fee8c18f7c9 [ 1191.128909][T10670] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000007 [ 1191.128921][T10670] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1191.128932][T10670] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1191.128944][T10670] R13: 00007fee8c3e6218 R14: 00007fee8c3e6180 R15: 00007ffca701a4a8 [ 1191.128961][T10670] [ 1191.128968][T10670] [ 1191.128974][T10670] The buggy address belongs to the physical page: [ 1191.128982][T10670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x9a pfn:0x316a7 [ 1191.128999][T10670] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1191.129015][T10670] page_type: f0(buddy) [ 1191.129032][T10670] raw: 00fff00000000000 ffffea0001d77188 ffffea0001d76c08 0000000000000000 [ 1191.129049][T10670] raw: 000000000000009a 0000000000000000 00000000f0000000 0000000000000000 [ 1191.129060][T10670] page dumped because: kasan: bad access detected [ 1191.129069][T10670] page_owner tracks the page as freed [ 1191.129076][T10670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 9635, tgid 9633 (syz.3.4714), ts 1162196614914, free_ts 1162597147546 [ 1191.129107][T10670] post_alloc_hook+0x1af/0x220 [ 1191.129126][T10670] get_page_from_freelist+0xd0b/0x31a0 [ 1191.129148][T10670] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 1191.129170][T10670] __alloc_pages_noprof+0xb/0x1b0 [ 1191.129190][T10670] pcpu_populate_chunk+0x110/0xb10 [ 1191.129209][T10670] pcpu_alloc_noprof+0x86b/0x1470 [ 1191.129229][T10670] bpf_map_alloc_percpu+0x9a/0x4b0 [ 1191.129255][T10670] htab_map_alloc+0x10a9/0x1530 [ 1191.129277][T10670] map_create+0x65c/0x2a10 [ 1191.129301][T10670] __sys_bpf+0x3d9d/0x4980 [ 1191.129316][T10670] __x64_sys_bpf+0x78/0xc0 [ 1191.129332][T10670] do_syscall_64+0xcd/0xf80 [ 1191.129359][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.129378][T10670] page last free pid 17368 tgid 17368 stack trace: [ 1191.129389][T10670] __free_frozen_pages+0x7df/0x1170 [ 1191.129406][T10670] pcpu_free_pages.constprop.0+0x126/0x210 [ 1191.129425][T10670] pcpu_balance_workfn+0x26b/0xe00 [ 1191.129445][T10670] process_one_work+0x9ba/0x1b20 [ 1191.129464][T10670] worker_thread+0x6c8/0xf10 [ 1191.129483][T10670] kthread+0x3c5/0x780 [ 1191.129499][T10670] ret_from_fork+0x983/0xb10 [ 1191.129516][T10670] ret_from_fork_asm+0x1a/0x30 [ 1191.129543][T10670] [ 1191.129548][T10670] Memory state around the buggy address: [ 1191.129561][T10670] ffff8880316a7780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1191.129575][T10670] ffff8880316a7800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1191.129591][T10670] >ffff8880316a7880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1191.129602][T10670] ^ [ 1191.129613][T10670] ffff8880316a7900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1191.129626][T10670] ffff8880316a7980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1191.129636][T10670] ================================================================== [ 1191.222203][T10670] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1191.222227][T10670] CPU: 0 UID: 0 PID: 10670 Comm: syz.4.4810 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1191.222259][T10670] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1191.222268][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1191.222279][T10670] Call Trace: [ 1191.222287][T10670] [ 1191.222295][T10670] dump_stack_lvl+0x3d/0x1f0 [ 1191.222330][T10670] vpanic+0x640/0x6f0 [ 1191.222351][T10670] panic+0xca/0xd0 [ 1191.222369][T10670] ? __pfx_panic+0x10/0x10 [ 1191.222388][T10670] ? fbcon_prepare_logo+0xa03/0xc70 [ 1191.222415][T10670] ? preempt_schedule_common+0x44/0xc0 [ 1191.222444][T10670] ? preempt_schedule_thunk+0x16/0x30 [ 1191.222465][T10670] check_panic_on_warn+0xab/0xb0 [ 1191.222486][T10670] end_report+0x107/0x160 [ 1191.222515][T10670] kasan_report+0xee/0x110 [ 1191.222543][T10670] ? fbcon_prepare_logo+0xa03/0xc70 [ 1191.222567][T10670] kasan_check_range+0x100/0x1b0 [ 1191.222587][T10670] __asan_memcpy+0x23/0x60 [ 1191.222610][T10670] fbcon_prepare_logo+0xa03/0xc70 [ 1191.222632][T10670] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1191.222663][T10670] fbcon_init+0xda0/0x1930 [ 1191.222685][T10670] visual_init+0x320/0x620 [ 1191.222707][T10670] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1191.222810][T10670] store_bind+0x61d/0x760 [ 1191.222841][T10670] ? sysfs_file_kobj+0xe4/0x290 [ 1191.222861][T10670] ? __pfx_store_bind+0x10/0x10 [ 1191.222886][T10670] dev_attr_store+0x58/0x80 [ 1191.222912][T10670] ? __pfx_dev_attr_store+0x10/0x10 [ 1191.222937][T10670] sysfs_kf_write+0xf2/0x150 [ 1191.222956][T10670] kernfs_fop_write_iter+0x3af/0x570 [ 1191.222987][T10670] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1191.223007][T10670] iter_file_splice_write+0xa24/0x12b0 [ 1191.223042][T10670] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1191.223073][T10670] ? __pfx_copy_splice_read+0x10/0x10 [ 1191.223106][T10670] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1191.223136][T10670] direct_splice_actor+0x192/0x6c0 [ 1191.223166][T10670] splice_direct_to_actor+0x345/0xa30 [ 1191.223194][T10670] ? __pfx_direct_splice_actor+0x10/0x10 [ 1191.223225][T10670] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1191.223256][T10670] do_splice_direct+0x174/0x240 [ 1191.223285][T10670] ? __pfx_do_splice_direct+0x10/0x10 [ 1191.223313][T10670] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1191.223341][T10670] ? rw_verify_area+0xcf/0x6c0 [ 1191.223366][T10670] do_sendfile+0xb06/0xe50 [ 1191.223393][T10670] ? __pfx_do_sendfile+0x10/0x10 [ 1191.223418][T10670] ? _raw_spin_unlock_irq+0x23/0x50 [ 1191.223446][T10670] ? __x64_sys_futex+0x1e0/0x4c0 [ 1191.223467][T10670] ? __x64_sys_futex+0x1e9/0x4c0 [ 1191.223490][T10670] __x64_sys_sendfile64+0x1d8/0x220 [ 1191.223509][T10670] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1191.223531][T10670] do_syscall_64+0xcd/0xf80 [ 1191.223560][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.223580][T10670] RIP: 0033:0x7fee8c18f7c9 [ 1191.223596][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.223615][T10670] RSP: 002b:00007fee8a3d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1191.223635][T10670] RAX: ffffffffffffffda RBX: 00007fee8c3e6180 RCX: 00007fee8c18f7c9 [ 1191.223649][T10670] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000007 [ 1191.223660][T10670] RBP: 00007fee8c213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1191.223672][T10670] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1191.223684][T10670] R13: 00007fee8c3e6218 R14: 00007fee8c3e6180 R15: 00007ffca701a4a8 [ 1191.223701][T10670] [ 1191.223770][T10670] Kernel Offset: disabled