last executing test programs: 7.142319931s ago: executing program 3 (id=1115): clock_gettime$auto(0x80000000, 0x0) unshare$auto(0x3) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x11, 0x3, 0x10) bind$auto(r1, &(0x7f0000000200)=@generic={0x11, "0000100000000000929e006300"}, 0x80) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r3 = socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) setsockopt$auto(r3, 0x1, 0x23, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x25009485}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="00022bbd7000fbdbdf251c000000050013010c000000040005010600f700fd93000008003501010000000800db00", @ANYRES32=r3, @ANYBLOB="05001901010000000500f600020072"], 0x48}, 0x1, 0x0, 0x0, 0x4058}, 0x4000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x2, 0x1, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000004c0)=""/206, 0xce) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x3, 0x5, 0x40000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) 6.716633954s ago: executing program 1 (id=1119): openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/revalidate\x00', 0x200840, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) (async) r0 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x17, &(0x7f0000000000), 0x1) (async) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) r2 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x29, 0x3b, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) (async) setsockopt$auto(0x400000000000003, 0x29, 0x37, 0xffffffffffffffff, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x2, 0x400008, 0x80, 0x9b70, r1, 0x8000) (async) listmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000024, 0x0, 0x2}, 0x0, 0xf4240, 0x0) (async) r3 = socket(0x1d, 0x3, 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x936355e497c8b7e3, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) (async) setsockopt$auto(r3, 0x65, 0x1, 0x0, 0x800) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) mlock2$auto(0x1, 0x8001, 0x0) 6.221976972s ago: executing program 3 (id=1120): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32) socket(0xa, 0x5, 0x0) (async, rerun: 32) socket(0xa, 0x3, 0xff) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (rerun: 32) close_range$auto(r0, r0, 0x0) (async) setns$auto(r0, 0x4080) ioctl$auto_PPPIOCATTACH(r0, 0x4004743d, &(0x7f0000000000)=0x35) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) pidfd_open$auto(0x1, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) socket(0x2b, 0x2, 0x0) (async, rerun: 32) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async, rerun: 32) connect$auto(0x3, &(0x7f0000000080)=@hci={0x1f, 0x2, 0x3}, 0x54) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) (async) write$auto(0xca, 0x0, 0x2d9) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) socket(0x2c, 0x1, 0x3) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendto$auto(0xffffffffffffffff, 0x0, 0x402, 0x0, 0x0, 0x19) (async, rerun: 32) mmap$auto(0x0, 0x40009, 0xdf, 0x9b76, 0x7, 0x28000) (async, rerun: 32) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ad00, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) 5.864446801s ago: executing program 1 (id=1122): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0xffffffffffffffff, 0x3) ioctl$auto_EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0xfffffffffffffffc, 0x8, 0x7, 0x9}) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x309381, 0x0) clone3$auto(&(0x7f00000002c0)={0x4, 0x9, 0x1, 0x2, 0x8000, 0xffffffffffffffff, 0x7, 0x1000, 0xffffffffffffffea, 0x8, 0x200}, 0x7) select$auto(0x85, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x2}) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snd/midiC2D3\x00', 0x4000, 0x0) prctl$auto(0x3b, 0x1, 0x0, 0x5, 0xfffffffffffffffd) write$auto(r1, &(0x7f00000003c0)='/|ev/Z\xef\x97\x85V\x1ei\x01bK\xbb\xe8\x89P\'\xc1\x9e\\\x0e\xd0\x9c{Tq\x85\x7f\xb9\xe8\xa7\xad\xfc\xae%\x99u\xc6\xfe\x1c\n\x8e\x18,\xc4\x93}M\x85E\xaf\xf1\xb5*\x1f9%\xb9\x85\xb9\xb8\xc5\x9dPM\x94\xff\x9b[\xdc\x91', 0x100008a3d9) io_setup$auto(0x7ffe, 0x0) io_setup$auto(0x7ffe, &(0x7f0000000000)=0xffffffff) syz_clone(0x4000000, &(0x7f0000000500)="19fc06b0647835355161473a7bd94db9b2b6856eb23508", 0x17, &(0x7f0000000540), &(0x7f0000000580), &(0x7f00000005c0)="0d00da4d7150ab90b2f5631bd09a510cc869c4caf60f3a1bb7c5964185a75a6be5c6947a3cea2b5c959d9114ba03618e3aa1c8d2716e3bf34cc5de0b137f00d56567e18bfa701b1a70d1a9d4be104b427095e2194b5c432cccc5843a56c1494e95c5bec1ab5d3868e1059f425e7b7e842758f3198c684389f1031644d129704abd2bb5f76055a30e26c473fca3fc6daf34a29cd31f0947a2246102d7d783affcf77b92bdf3a7976444a2ae865f348f3dafb37653235e443c804abc83cb9d1078db180939d47fc0d6c3") mmap$auto(0x0, 0x3, 0x3, 0x17, 0xfffffffffffffffa, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYRES64=r1, @ANYRESHEX=r0, @ANYRES32=r0, @ANYRESOCT], 0x1ac}, 0x1, 0x0, 0x0, 0x20000010}, 0x3f6f69b1b8a2b987) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000380)={&(0x7f0000000140)="767c9ad4256bd9010000000000000003ddaa2ee85bcfa722506781fc8792d55d12e029762a28ca9251588c4efcd720c0610c30a30b4406c98fe46baebcd0fadb0a280a00"/83, 0x101}, 0x3, 0x0, 0x80000000, 0x5}, 0x9}, 0x71e1b9b9, 0x6, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES8=r2, @ANYRES16=r3], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x404c814}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000440)={0x0, 0xc4}, 0x1, 0x0, 0x5, 0xb}, 0x7}, 0x3, 0x6ffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/lockdep\x00', 0x16bd00, 0x0) pread64$auto(r4, 0x0, 0x100000001, 0x400000000000100) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x0, 0x0) read$auto(r5, &(0x7f00000001c0)='\x80\b\xea\x01\xdeAk*\t\xb8\x01\x00', 0x461e) bpf$auto(0x6, &(0x7f00000006c0)=@enable_stats={0xe830}, 0xa) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x400, 0x0) 5.476619658s ago: executing program 3 (id=1126): r0 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) write$auto_safesetid_uid_file_fops_securityfs(r0, &(0x7f0000000b40)="33e06908f7cef2ef9652d5e3d0f91cdb9aa7fcd4f56b3ae50e2e7a3fce17ad39061182af048f047adfa552adf5a64941ae9a2564ce32560a", 0x38) r1 = socket(0x22, 0x0, 0x84) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) r2 = socket(0x10, 0x4, 0xffffffc0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000240), r1) sendmsg$auto_NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000005c0)={0x134, r4, 0x8, 0x70bd29, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010102}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x9}, @NLBL_UNLABEL_A_SECCTX={0x1a, 0x7, "ed18cf313b1810c2b14b272dfe8ecf0c8d2ffdb562b2"}, @NLBL_UNLABEL_A_SECCTX={0xa8, 0x7, "30d454413f2d0cc1d11b9a51a54166622d878f51e9949c318d1b489be87ce765034ac332c44689f384fabcef46f3786669591134d9d92c233df9c86d0f24aaceddc2d165ce4787661c70c48599567bf76a428c392c18869989a8e2966a66d1aa8b1e08e446b81fd71e44a92931e65165228fb1c3935c424466753ee9a9451dadca198ce620440fa6159b444abec30533229a1d354ceda470ee0262707e371aa20998beae"}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netdevsim0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}]}, 0x134}, 0x1, 0x0, 0x0, 0x24000010}, 0x4044111) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x0, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x4000000000005, 0x6, 0x62, 0x8, 0x7, 0x1, 0xb, 0x100, 0x18]}, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x101001, 0x1) r6 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r6, &(0x7f0000000000)={0x8, 0x2, 'u\x00\x00\x00\x00\x00\x00\x00'}, 0xffffffff) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r7, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_EVIOCGRAB(r5, 0x40044590, &(0x7f0000000080)=0x80000000) write$auto(r7, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r8 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) ioctl$auto_EVIOCGRAB(r8, 0x40044590, &(0x7f0000000000)=0x2) write$auto(r8, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) socket(0x10, 0x2, 0xffffffff) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0xffff) close_range$auto(0x2, 0x8, 0x0) gettid() syz_clone3(&(0x7f0000000380)={0x4081080, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0}, 0x58) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) 4.530863511s ago: executing program 1 (id=1129): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x0, 0x2c, 0x1000000, 0x2}) 4.356251923s ago: executing program 2 (id=1132): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x6, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev7\x00', 0x1600, 0x0) r1 = semctl$auto(0x10126, 0x3, 0x10000, 0xfffffffffffff9d3) ptrace$auto_ARCH_SHSTK_LOCK(0x9, r1, 0xa, 0x5003) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0xc0485619, 0x38) openat$auto_fops_x64_ro_(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/driver_buffered_tids\x00', 0x4429c1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu1/hotplug/fail\x00', 0x100, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x88001, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa19219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc0d621178012495837d6a220eeaaf498ccc01", 0xfe04) close_range$auto(0x2, 0x8, 0x27) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r0, 0x0, 0xfdef) socket(0xa, 0x2, 0x73) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) r4 = socket(0xa, 0x3, 0x2f) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r4], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 4.299949917s ago: executing program 0 (id=1133): clock_nanosleep$auto(0x8, 0x0, &(0x7f00000000c0)={0x3, 0x2}, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)={0x20, 0x0, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x7}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r2 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r2, 0x65, 0x1, 0x0, 0x800) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) close_range$auto(0x2, 0x8, 0x0) 3.774291932s ago: executing program 3 (id=1134): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,v\xf58\x83\xcf\xc5D\xcc', 0x100000a3d9) write$auto(0xffffffffffffffff, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000240)={0x2, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x9, 0xeb90, 0x2, @stream_id=0x100, 0x3ff, 0x476, 0x0}) bind$auto(0x3, &(0x7f0000000140)=@sco={0x1f, @none}, 0x7) connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x81) mmap$auto(0x0, 0x802000c, 0x8, 0x10, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r2, 0x0, 0x100000001, 0x100) readv$auto(0x3, 0x0, 0x4) unshare$auto(0x40000080) r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x1f40) r5 = socket(0x15, 0x5, 0x3) getsockopt$auto(r5, 0x114, 0x5, 0xfffffffffffffffc, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) ptrace$auto(0x11, 0x0, 0x4, 0x0) ptrace$auto(0x5, 0x0, 0xfffffffffffffffa, 0x8) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) writev$auto(0x3, &(0x7f0000004100)={0x0, 0x2000000b}, 0x3ff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x200042, 0x0) unshare$auto(0x40000080) 3.647543905s ago: executing program 1 (id=1135): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb4, 0xffffffffffffffff, 0x300000000000) (async) socket(0xa, 0x5, 0x84) (async) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f0, 0x15) (async) madvise$auto(0x0, 0x200007, 0x19) r0 = fsopen$auto(0x0, 0x3) ioctl$auto_EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r0, 0x800, 0x4, 0x9d0, 0x4}) ioctl$auto_VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f00000000c0)={0x80000001, r0}) (async) semctl$auto(0x402af7, 0x2, 0x4, 0x10002) (async) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0xc800) (async) r4 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x40482, 0x0) writev$auto(r4, &(0x7f0000000000)={&(0x7f0000000000), 0x4}, 0x2) (async) ioctl$auto(r2, 0x4b72, r3) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) (async) modify_ldt$auto(0xc, 0x0, 0x100000000) setsockopt$auto(0xffffffffffffffff, 0x2b, 0x43b696d3, 0x0, 0x56b) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) (async) mmap$auto(0xffffffff, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) (async) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) write$auto(0x3, 0x0, 0xffd8) (async) unshare$auto(0x40000080) 3.434642795s ago: executing program 2 (id=1136): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@l2={0x1f, 0x7f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xf}, 0x401}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @rand_addr=0x64010101}, 0x54) getsockopt$auto(r0, 0x84, 0x0, 0x0, &(0x7f0000000000)=0x84) 3.351037706s ago: executing program 1 (id=1137): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000001dc0), r0) mmap$auto(0x1, 0x20002, 0x4000000000e3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim2/hwstats/l3/enable_ifindex\x00', 0x81242, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0x100082) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r3, 0x0, 0x1f42) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/netdevsim/netdevsim3/hwstats/l3/disable_ifindex\x00', 0x81242, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/batadv0/mcast_solicit\x00', 0x2000, 0x0) read$auto(r4, 0x0, 0x1ff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000001e80)={&(0x7f0000001e00)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x5, 0x1, '\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x10) 3.349133944s ago: executing program 0 (id=1138): clock_gettime$auto(0x80000000, 0x0) unshare$auto(0x3) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x11, 0x3, 0x10) bind$auto(r1, &(0x7f0000000200)=@generic={0x11, "0000100000000000929e006300"}, 0x80) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r3 = socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) setsockopt$auto(r3, 0x1, 0x23, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x25009485}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="00022bbd7000fbdbdf251c000000050013010c000000040005010600f700fd93000008003501010000000800db00", @ANYRES32=r3, @ANYBLOB="05001901010000000500f600020072"], 0x48}, 0x1, 0x0, 0x0, 0x4058}, 0x4000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x2, 0x1, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/pcie_aspm/parameters/policy\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x3, 0x5, 0x40000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8) 2.540280473s ago: executing program 2 (id=1139): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x80000, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) r2 = prctl$auto(0x29, 0x0, 0x0, 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x800, 0x5) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x101780, 0x0) mmap$auto(0x0, 0x400008, 0x4, 0x40009b72, 0x2, 0x8000) r4 = io_uring_setup$auto(0x89, 0x0) socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="e5ffffff", @ANYRES16=r5, @ANYBLOB="010024bd700000dcdf250a000000030001801800018014000200766c616e3000000000000000000000000000020076657468315f6d6163767461700000000000020070696d7265670000000000000000000000000100", @ANYRES32=0x0, @ANYBLOB="180002801100d20082268ebc3596d047fc39296e852886ba546a10f9f9ec5be29e8a0099135e33ea731f0932cdf0592ccb7be790d82dae700ccbbc0dc1736dca3b8ca1785c9f556fe71290950d0d10da537024c35240dee84a6ed3688cc19bbfd1ad4b9fc991d9d4b399ae998a2e6b84249fc4a2ea7bb44b96db23cad2264b3ef7fc02b3cdee0330b17e738b4b3e0f36ce0f5a20578a1a6fc29c02e3ccab9e9b539ae192a856603ffd8cd8f6c5f56e3f43a77230f2db72c4f4df2d076f14f2a030db1e2bbd4844e2c93f05386cc67f7675d85e4e2141c9921434efa0f10aca55ff070000000000006c9a8b2d3d1cd3e885c6665f05bbfcb3ac60c02649ca94dd8466b3e2720500152855503db84c3475c633"], 0x48}, 0x1, 0x0, 0x0, 0x801}, 0x40) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) r6 = socket(0x1, 0x800, 0x1) r7 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r7, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000040)="b38fc65a6042f2dc99df8ce9af2a56fcfe744238519bceaee0") munmap$auto(0x7f, 0x800) ioctl$auto(r0, 0x4, r2) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, r1, 0x4, 0x8007ff}, 0x6f4) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) r8 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) ioctl$auto_VHOST_SET_VRING_CALL(r3, 0x4008af21, &(0x7f0000002600)={0x0, r8}) 2.499346724s ago: executing program 0 (id=1140): r0 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) r1 = socketpair$auto(0x895, 0x2, 0x8000000000000000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0x22240, 0x155) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) socket(0x10, 0x3, 0x6) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010b27bd7000fcdbdf2505000000080003000e4d71"], 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000084) (async, rerun: 32) socket(0x2, 0x800, 0x2) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) r4 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) (async) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$auto(r5, 0x4001af83, r4) (async) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) connect$auto(0x3, 0x0, 0x955) (async) ioctl$auto_PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000040)=0x7fffffff) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x226c}, 0x1, 0x0, 0x0, 0x40480c5}, 0x24001800) 2.36136724s ago: executing program 1 (id=1141): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), r0) (async) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="1b0026bd7000fddbdf25030009000000000000306d800c00148004000780040026800f0000006f76735f7061636b6502000012000100898724387699638b1ed0dd4c8d4e8f2b71f1c19f177904000400028093cde4d3b0da6e4d8a4937e433d31a3e1c063ad859350444d057b89a85f62eb782a7da8850fd7ec3793660b594f2caba1d1cb37e2f000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) (async) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) (async) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) (async) statmount$auto(0x0, &(0x7f0000000180)={0x100c, 0x8, 0x1, 0x8, 0xd, 0xe13, 0x81, 0xe, 0x2000000000000002, 0x2, 0x9, 0x1, 0x2, 0x80000001, 0x8627, 0x9, 0x20000800001, 0x3, 0x0, 0x7, 0x6, 0xa, 0x0, 0xdfffffee, 0x2a17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x18, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x100000000, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4729, 0x0, 0x2]}, 0x9, 0x81) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4040080}, 0x4008850) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ptrace$auto(0x10, r1, 0x4, 0x8000) (async) ptrace$auto_PTRACE_PEEKSIGINFO(0x4209, r1, 0xb4, 0x5) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x208000) r2 = io_uring_setup$auto(0x7, 0x0) (async) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) ioctl$auto(r3, 0xc1205531, r2) socket(0x10, 0x5, 0x0) (async) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) setitimer$auto(0x2, &(0x7f0000000040)={{}, {0x0, 0x8}}, 0x0) (async) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x2, 0x300, 0x100000, 0x7fffffffefff, 0x1, 0x5, 0x9, 0x50b3018, 0x2c, 0x6, 0x7e9f, 0xa}) mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) (async) writev$auto(0xffffffffffffffff, 0x0, 0x100) (async) unshare$auto(0x40000080) 1.421916807s ago: executing program 0 (id=1142): r0 = socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) statmount$auto(&(0x7f0000000000)={0x7e, @raw, 0x80000020, 0xd97, 0x2}, 0x0, 0x7ffffffff000, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, 0x0, 0x0) setsockopt$auto(r0, 0x0, 0x4, 0x0, 0x28) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000800), r1) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) r4 = setfsuid$auto(0xee00) r5 = setfsuid$auto(0xee01) setresuid$auto(r4, r5, r4) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={"cd88acfb9e850ce2dc69412d23191065c49996ba3e931ae0647607e5982768a9", 0x8000, 0xc, 0x4, 0x6, 0xc8, 0x0}) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000840)='/sys/devices/virtual/bluetooth/hci1/rfkill6/power\x00', 0x101200, 0x0) r7 = gettid() kill$auto(r7, 0x11) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000007c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000780)={&(0x7f0000000140)={0x63c, r3, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVICE={0x32e, 0x2e, 0x0, 0x1, [@generic="7d6d7ecd94c80d35d82011d30357e360516a71105ec5e37f19ce20a0124782764ef0587f5a28e817032eed02ba34d69f2a260977e856d29f4005608cbce7ae60dec76b527a54a17294612249a323dca77916755428e8d89f1da4916de3a3759dd59abe54c535d763469966db384b3bc909a66ff27976e772b88190f6fcdf64268f3fa0ddc7a7c62ab75a6a13b1d3f6a7f575fb", @nested={0x1d6, 0x12d, 0x0, 0x1, [@generic="6508a2d6e93e8a3240c2e5ac2246360fa474dfe05dfb5feafc77fc75fafda6d243847381500f96829dc976dd07ecbbcb83e794df81445fc1cc1fa791d00424c887e3f85b4e13710f7523a749bcfbbc92665b3fb4517b9f3d92543fed91bef49c36eab4ade223695a54039474e8d0ac04973de24242c4becd100b8376e293b87dc783ec26f5b6c6cd960cdefbecf59b47981a28b510341ac228c2c597909d1d222093ef62ab372ff985b17cd5fe17b5c22238247fa6fc4b2f17ea16477e031b18c23f4b2a09d0502e57b371f764cf104c8ee1382a98777cd1c9aef1cc7da5401a219a1f410e9d9edb22c9ee525700fcf6bc", @typed={0x10, 0x140, 0x0, 0x0, @str='/proc/kcore\x00'}, @generic="086059d943985d0f20721b214532ee13c18e377d40a5e50a6ff064ddca006a3b86ba5c2619b8146aca4b73a046bbe9a16f1ee250b4d613adf9a4a340500ae6d74e227f5313d8788978838a9eade8adfeb596b587803552129af55a587ad09c7f62f340950d4704e1a310de3df9d8749a3c2c3ee758a5d7cb7215d9dbf73fddf32eb3096f53907572e43e85bdfc869f7c4e165443a6", @typed={0x8, 0x5a, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @generic="0906c9c9923460533914ae17", @nested={0x4, 0x103}, @generic="4f29be199e61646c83334faaefec4f6afd7753843fe7455f3ce7619353818e7f00b7b1ac"]}, @typed={0xc, 0xdc, 0x0, 0x0, @u64=0xfffffffffffffff9}, @generic="243f7364b72ce25654465585e4c00f0b5c8942b2e2b601a08d55be96e20788d116536c55a4eb7e70", @nested={0x10, 0xa7, 0x0, 0x1, [@nested={0x4, 0x97}, @typed={0x8, 0x134, 0x0, 0x0, @uid=r5}]}, @typed={0x14, 0x9e, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="2777cefffc494e63790451dd20bb16e8af2034fea414320d4945e338fb86b1e027be323fdb22b27a1b584b1f19e7d5259617b193b6040614a1c089f0b47ac57376b028", @generic="3760ac7946d71ba1d107ac50f6a98a7a726e12e88343c01dd44223f9", @typed={0x8, 0x11b, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @NL802154_ATTR_SCAN_DONE_REASON={0x5, 0x25, 0x8}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x6}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0xcf}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x7f}, @NL802154_ATTR_PEER={0x2be, 0x28, 0x0, 0x1, [@generic="973553bf05356d0e55b95b872b406a317116f568b2a93bccd7c3145f860e3ae30399d54f82a592db459906674945ff3cf764d81026011d6324e7f14d1a6c66f57431f52c6e28e59960ab8476c65b09fd9023b375b94041abbc5bf5756435885672d00edf1f73e033028f2a9bb4e73334af940e580bbd84f91ca4ccc6b2e7b27e963f", @nested={0x14e, 0x100, 0x0, 0x1, [@generic="d46970886ee271793ed9911fc6671ffc3594685ddc3f6a25716964e10732ba6edd8f3a94dc878161df0091d8bccc34ba9d8c3d19cabf6f0138a6e2f52fcb273092df77963d896cb11992a784b7e87f613490b5d56274afa77f57211cab4dd2d9f8155d9e65b26eb271c49c33e5ba9441de", @nested={0x4, 0x7e}, @typed={0x8, 0x5b, 0x0, 0x0, @pid=r6}, @nested={0x4, 0xc9}, @nested={0x4, 0xfa}, @typed={0x8, 0x66, 0x0, 0x0, @pid=r7}, @generic="516eadc208cc12150d957f604cf28ae1b30ac3171a65c4ee53bfc29fc6f9d17caba7e80f95652fa1bc3ad50d80fd4ae507d69ab14cf3606fea31f8b9f4698fee4d4a72188de17721869df0d3284fc47723193042bf3b5a83992255bebfcf849f5cf1330accac0cae0ca065214b0d5a22d8b64cdac8cca6cf2c3a920de4d0556f9239a49ae5", @typed={0x1f, 0xac, 0x0, 0x0, @binary="df568cd7351e953fc71d5074508c7bfe90bfa6554c82f011a1a0f3"}, @nested={0x4, 0xcb}, @typed={0x14, 0xa6, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}]}, @typed={0xe8, 0x144, 0x0, 0x0, @binary="ec48cc8eb5ded32c243346c9d75e86d7be6fe31e8907521de58d34c3e39db8c89bcdb4543020af18c30792478cb548775cf2548e839d62206597a67efe4a2331478627acd5a44bf9be54f7c7397e1e670518bf02d0333cfc1f6b957022b097a944b8a951e80eb963d0562612a4179e63670d0111b0c45fc60d4afc7c488aa7a7a26d1098a895413772d54ca615a905d5a07b1c01db941b2c92052e6ae1358cbff9f68da679daf743792576d69616ceeead87de2bfaf55b7f1429de0b434bedf86101b4570299a0b9d377cdef7b59d4cd3574aa20fddf260cc6dbf68130c51c3c392ed7a2"}]}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x9}, @NL802154_ATTR_SEC_ENABLED={0x5}, @NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x4}]}, 0x63c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800) 1.411834179s ago: executing program 2 (id=1143): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) (async) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x40801, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) (async) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) ptrace$auto_ARCH_GET_GS(0x6fa, 0x0, 0xb, 0x1004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x5, 0x9, 0x0, 0x205, 0x181) (async) prctl$auto(0x5, 0x9, 0x0, 0x205, 0x181) madvise$auto(0x1, 0x4a6b, 0x1c) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x41000, 0x0) (async) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x41000, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f00000004c0)='nfsd\x00~T\x93Q\x92-|\x1ei=\'8&\x13~\xd9t\xec\v\xc3\xfd\x8b\x1a\xd0wWXfa\f\v_\x9e:\x88\x9ej\x1aYAW\xa5a\x13\x9c\xae\x17\x7fob\xde\xb3\\\x94\xfal\xf2Y\xfd+\xf2\xf8\x88\xc4\xb8fI\xde6#mP\xe7\x85\'\x1b\x04\xcd\x1fW\x88T\xe9\x1e\xb7\xa20\t\x17\xc16\f\x05?-\xb2\x91\x1f\x8b}\n\xd7~\xdd\xb6\xee\xf1 \x9d\xd8\xd2kt}\xe3\xe4Q\xc4\x81\x11\xc0,\x89\xa5)\xf0y4\xb6\x9e\xf0h\x7f\x04\x91\x92|b\xe9\xcd\x10\x92\xe2\x03Op\x14Fe\xb6\x11\x9c\xe5\xe4X+\x94\xe4rJ\xf1\xa6\x86\xf0\xbd\x04uin', 0x800, 0x0) (async) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f00000004c0)='nfsd\x00~T\x93Q\x92-|\x1ei=\'8&\x13~\xd9t\xec\v\xc3\xfd\x8b\x1a\xd0wWXfa\f\v_\x9e:\x88\x9ej\x1aYAW\xa5a\x13\x9c\xae\x17\x7fob\xde\xb3\\\x94\xfal\xf2Y\xfd+\xf2\xf8\x88\xc4\xb8fI\xde6#mP\xe7\x85\'\x1b\x04\xcd\x1fW\x88T\xe9\x1e\xb7\xa20\t\x17\xc16\f\x05?-\xb2\x91\x1f\x8b}\n\xd7~\xdd\xb6\xee\xf1 \x9d\xd8\xd2kt}\xe3\xe4Q\xc4\x81\x11\xc0,\x89\xa5)\xf0y4\xb6\x9e\xf0h\x7f\x04\x91\x92|b\xe9\xcd\x10\x92\xe2\x03Op\x14Fe\xb6\x11\x9c\xe5\xe4X+\x94\xe4rJ\xf1\xa6\x86\xf0\xbd\x04uin', 0x800, 0x0) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', 0x0, 0x3375, 0x0) (async) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', 0x0, 0x3375, 0x0) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) (async) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto(r3, 0x4008af24, 0xffffffffffffffff) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) mmap$auto(0x80, 0x2000c, 0x4000000000dc, 0xeb1, r0, 0x8000) socket(0x25, 0x2, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) (async) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) prctl$auto(0x2, 0x8000000000000001, 0x0, 0x2, 0xffffffff83bce4b0) read$auto_proc_iter_file_ops_compat_inode(r4, 0x0, 0xfdef) (async) read$auto_proc_iter_file_ops_compat_inode(r4, 0x0, 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_XFS_IOC_FSBULKSTAT(r2, 0xc0205865, &(0x7f00000002c0)={0x0, 0x105, 0x0, &(0x7f0000000280)=0x2}) 1.187746659s ago: executing program 0 (id=1144): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x3, 0x1, 0x6d2e99e8, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @integer64=@value_ptr=0x0, "72adda0cac2d45bdaacfc82245992af763188bf00ab57d5d73b094925a872857fd2f672f85343275f80841c6ca41e93023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8188ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c200"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r2, 0x8000) r3 = socket(0x2b, 0x1, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/key-users\x00', 0x100, 0x0) read$auto(r4, &(0x7f0000000000)='\x00', 0xea) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) write$auto(0xca, &(0x7f0000000040)='\x04>\x00\f\x00'/14, 0x7a) close_range$auto(0xffffffffffffffff, 0x8, 0x1) sendmmsg$auto(r3, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x502, 0x0) ioctl$auto_FS_IOC_FIEMAP(r3, 0xc020660b, 0x9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYRESOCT=r1, @ANYRESOCT=r0], 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) 772.895646ms ago: executing program 2 (id=1145): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(&(0x7f00000001c0)={0xe, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40400) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ram13\x00', 0x14fe02, 0x0) pwritev2$auto(r0, 0x0, 0x8000000000000004, 0xffffffffffffffff, 0x4, 0x8) (fail_nth: 4) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x280802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) 676.791431ms ago: executing program 3 (id=1146): write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x30401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x21) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) 184.994693ms ago: executing program 2 (id=1147): rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) ioctl$auto(0xc8, 0x400454cb, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r1, 0x0, 0xa0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) r4 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x101, 0x0) ioctl$auto_SNAPSHOT_GET_IMAGE_SIZE(r4, 0x8008330e, 0x0) accept$auto(r2, 0x0, 0x0) getsockopt$auto_SO_TIMESTAMP_NEW(r3, 0x9c8, 0x3f, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xca, 0x0, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x8000, 0x0) ioctl$auto_EVIOCSMASK(r5, 0x40104593, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x8, 0x0, 0x100, 0xee01, 0x0, 0x0, 0x4346, 0xfd3, 0x2, 0xffffffffffff3307, 0x4, 0x80000000081, 0x8, 0x2}) 140.743018ms ago: executing program 3 (id=1148): rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000028000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) ioctl$auto(0xc8, 0x400454cb, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r1, 0x0, 0xa0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) r4 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000180), 0x101, 0x0) ioctl$auto_SNAPSHOT_GET_IMAGE_SIZE(r4, 0x8008330e, 0x0) accept$auto(r2, 0x0, 0x0) getsockopt$auto_SO_TIMESTAMP_NEW(r3, 0x9c8, 0x3f, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xca, 0x0, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x8000, 0x0) ioctl$auto_EVIOCSMASK(r5, 0x40104593, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x8, 0x0, 0x100, 0xee01, 0x0, 0x0, 0x4346, 0xfd3, 0x2, 0xffffffffffff3307, 0x4, 0x80000000081, 0x8, 0x2}) 0s ago: executing program 0 (id=1149): mmap$auto(0xffffffffffffffff, 0x14020009, 0x5877fc9e, 0xeb2, 0xffffffffffffffff, 0x5) r0 = socket(0x11, 0x2, 0xffffff80) recvmmsg$auto(0x3, 0x0, 0x5, 0x4000, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x2c48c0, 0x0) setsockopt$auto_SO_TXREHASH(r0, 0x3, 0x4a, &(0x7f0000000000)='-\x00', 0x5) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r1, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x100000000, 0x71, 0x4000000000dd, 0x200000000eb9, r0, 0x7fff) socket(0x1d, 0x2, 0x6) r2 = io_uring_setup$auto(0x10000002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010027bd7000ffdbdf25100000000c00018008000100", @ANYRES32, @ANYBLOB="080006"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x6a) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='r'], 0x1ac}}, 0x20008041) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0x4188aec6, 0xffffffffffffffff) pread64$auto(0xffffffffffffffff, 0x0, 0x8100000041, 0x413e) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x26, 0x4909b6f5, 0x1ffde, 0x7, 0xe, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0x1, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x25, 0x4b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x80000, 0x0, 0xffff, 0x10, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x0, 0x6, 0xbdcc, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto_USBDEVFS_DISCSIGNAL32(r2, 0x8008550e, &(0x7f0000000140)={0x9, 0x3}) kernel console output (not intermixed with test programs): tomoyo_profile+0x47/0x60 [ 222.918996][ T8273] tomoyo_path_number_perm+0x245/0x580 [ 222.919012][ T8273] ? tomoyo_path_number_perm+0x237/0x580 [ 222.919030][ T8273] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 222.919047][ T8273] ? find_held_lock+0x2b/0x80 [ 222.919077][ T8273] ? find_held_lock+0x2b/0x80 [ 222.919090][ T8273] ? hook_file_ioctl_common+0x145/0x410 [ 222.919114][ T8273] ? __fget_files+0x20e/0x3c0 [ 222.919133][ T8273] security_file_ioctl+0x9b/0x240 [ 222.919154][ T8273] __x64_sys_ioctl+0xb7/0x210 [ 222.919187][ T8273] do_syscall_64+0xcd/0x490 [ 222.919217][ T8273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.919239][ T8273] RIP: 0033:0x7efce0f8ebe9 [ 222.919257][ T8273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.919279][ T8273] RSP: 002b:00007efce1d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.919296][ T8273] RAX: ffffffffffffffda RBX: 00007efce11b6090 RCX: 00007efce0f8ebe9 [ 222.919305][ T8273] RDX: 000020000000c380 RSI: 00000000c0606610 RDI: 0000000000000004 [ 222.919314][ T8273] RBP: 00007efce1d6a090 R08: 0000000000000000 R09: 0000000000000000 [ 222.919322][ T8273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.919329][ T8273] R13: 00007efce11b6128 R14: 00007efce11b6090 R15: 00007ffe4112a0c8 [ 222.919348][ T8273] [ 223.277673][ T8273] ERROR: Out of memory at tomoyo_realpath_from_path. [ 224.620530][ T8314] FAULT_INJECTION: forcing a failure. [ 224.620530][ T8314] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.695091][ T8314] CPU: 0 UID: 0 PID: 8314 Comm: syz.0.500 Not tainted syzkaller #0 PREEMPT(full) [ 224.695133][ T8314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 224.695146][ T8314] Call Trace: [ 224.695154][ T8314] [ 224.695163][ T8314] dump_stack_lvl+0x16c/0x1f0 [ 224.695198][ T8314] should_fail_ex+0x512/0x640 [ 224.695235][ T8314] _copy_from_user+0x2e/0xd0 [ 224.695272][ T8314] do_pagemap_scan+0xc3/0xcf0 [ 224.695304][ T8314] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 224.695339][ T8314] ? __pfx_do_pagemap_scan+0x10/0x10 [ 224.695364][ T8314] ? do_vfs_ioctl+0x128/0x14f0 [ 224.695399][ T8314] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 224.695459][ T8314] ? __fget_files+0x20e/0x3c0 [ 224.695492][ T8314] do_pagemap_cmd+0x58/0x80 [ 224.695518][ T8314] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 224.695545][ T8314] __x64_sys_ioctl+0x18b/0x210 [ 224.695584][ T8314] do_syscall_64+0xcd/0x490 [ 224.695619][ T8314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.695644][ T8314] RIP: 0033:0x7f62dd78ebe9 [ 224.695664][ T8314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.695686][ T8314] RSP: 002b:00007f62de593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 224.695710][ T8314] RAX: ffffffffffffffda RBX: 00007f62dd9b5fa0 RCX: 00007f62dd78ebe9 [ 224.695727][ T8314] RDX: 000020000000c380 RSI: 00000000c0606610 RDI: 0000000000000004 [ 224.695743][ T8314] RBP: 00007f62de593090 R08: 0000000000000000 R09: 0000000000000000 [ 224.695758][ T8314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.695772][ T8314] R13: 00007f62dd9b6038 R14: 00007f62dd9b5fa0 R15: 00007ffd8e9e1db8 [ 224.695806][ T8314] [ 225.138547][ T8328] FAULT_INJECTION: forcing a failure. [ 225.138547][ T8328] name failslab, interval 1, probability 0, space 0, times 0 [ 225.151902][ T8328] CPU: 1 UID: 0 PID: 8328 Comm: syz.2.506 Not tainted syzkaller #0 PREEMPT(full) [ 225.151938][ T8328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 225.151954][ T8328] Call Trace: [ 225.151964][ T8328] [ 225.151973][ T8328] dump_stack_lvl+0x16c/0x1f0 [ 225.152014][ T8328] should_fail_ex+0x512/0x640 [ 225.152050][ T8328] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 225.152102][ T8328] should_failslab+0xc2/0x120 [ 225.152138][ T8328] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 225.152172][ T8328] ? __d_alloc+0x32/0xae0 [ 225.152209][ T8328] __d_alloc+0x32/0xae0 [ 225.152246][ T8328] d_alloc_pseudo+0x1c/0xc0 [ 225.152284][ T8328] alloc_file_pseudo+0xcf/0x230 [ 225.152383][ T8328] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 225.152426][ T8328] __shmem_file_setup+0x1a3/0x330 [ 225.152450][ T8328] shmem_zero_setup+0x93/0x1a0 [ 225.152481][ T8328] __mmap_region+0x2081/0x27b0 [ 225.152513][ T8328] ? finish_task_switch.isra.0+0x21c/0xc10 [ 225.152540][ T8328] ? __pfx___mmap_region+0x10/0x10 [ 225.152566][ T8328] ? rcu_is_watching+0x12/0xc0 [ 225.152597][ T8328] ? rcu_is_watching+0x12/0xc0 [ 225.152622][ T8328] ? trace_sched_exit_tp+0xd1/0x120 [ 225.152658][ T8328] ? __schedule+0x11a3/0x5de0 [ 225.152687][ T8328] ? __lock_acquire+0x62e/0x1ce0 [ 225.152740][ T8328] ? __pfx___schedule+0x10/0x10 [ 225.152816][ T8328] ? trace_cap_capable+0x18d/0x200 [ 225.152858][ T8328] mmap_region+0x1ab/0x3f0 [ 225.152889][ T8328] ? __get_unmapped_area+0x267/0x440 [ 225.152932][ T8328] do_mmap+0xa3e/0x1210 [ 225.152975][ T8328] ? __pfx_do_mmap+0x10/0x10 [ 225.153012][ T8328] ? __pfx_down_write_killable+0x10/0x10 [ 225.153057][ T8328] vm_mmap_pgoff+0x29e/0x470 [ 225.153100][ T8328] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 225.153213][ T8328] ? __x64_sys_futex+0x1e0/0x4c0 [ 225.153248][ T8328] ? __x64_sys_futex+0x1e9/0x4c0 [ 225.153287][ T8328] ksys_mmap_pgoff+0x7d/0x5c0 [ 225.153322][ T8328] ? xfd_validate_state+0x61/0x180 [ 225.153357][ T8328] ? __pfx_ksys_write+0x10/0x10 [ 225.153392][ T8328] __x64_sys_mmap+0x125/0x190 [ 225.153435][ T8328] do_syscall_64+0xcd/0x490 [ 225.153473][ T8328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.153500][ T8328] RIP: 0033:0x7fa48398ebe9 [ 225.153523][ T8328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.153547][ T8328] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 225.153572][ T8328] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 225.153589][ T8328] RDX: 0000000000000007 RSI: 000000000002000d RDI: 0000000000000000 [ 225.153607][ T8328] RBP: 00007fa483a11e19 R08: 0000000000000404 R09: 0000000010008000 [ 225.153624][ T8328] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 225.153639][ T8328] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 225.153674][ T8328] [ 225.885379][ T7454] Bluetooth: hci3: unexpected event 0x03 length: 725 > 11 [ 227.499571][ T8362] ptrace attach of "./syz-executor exec"[5871] was attempted by "./syz-executor exec"[8362] [ 227.881943][ T8347] sd 0:0:1:0: PR command failed: 1026 [ 227.891255][ T8347] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 227.950143][ T8347] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 228.550666][ T8385] FAULT_INJECTION: forcing a failure. [ 228.550666][ T8385] name failslab, interval 1, probability 0, space 0, times 0 [ 228.617565][ T8385] CPU: 0 UID: 0 PID: 8385 Comm: syz.1.516 Not tainted syzkaller #0 PREEMPT(full) [ 228.617598][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 228.617610][ T8385] Call Trace: [ 228.617617][ T8385] [ 228.617626][ T8385] dump_stack_lvl+0x16c/0x1f0 [ 228.617660][ T8385] should_fail_ex+0x512/0x640 [ 228.617690][ T8385] ? __kmalloc_noprof+0xbf/0x510 [ 228.617719][ T8385] ? do_pagemap_scan+0x8cf/0xcf0 [ 228.617745][ T8385] should_failslab+0xc2/0x120 [ 228.617775][ T8385] __kmalloc_noprof+0xd2/0x510 [ 228.617811][ T8385] do_pagemap_scan+0x8cf/0xcf0 [ 228.617846][ T8385] ? __pfx_do_pagemap_scan+0x10/0x10 [ 228.617874][ T8385] ? do_vfs_ioctl+0x128/0x14f0 [ 228.617912][ T8385] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 228.617978][ T8385] ? __fget_files+0x20e/0x3c0 [ 228.618012][ T8385] do_pagemap_cmd+0x58/0x80 [ 228.618038][ T8385] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 228.618067][ T8385] __x64_sys_ioctl+0x18b/0x210 [ 228.618106][ T8385] do_syscall_64+0xcd/0x490 [ 228.618141][ T8385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.618166][ T8385] RIP: 0033:0x7efce0f8ebe9 [ 228.618186][ T8385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.618208][ T8385] RSP: 002b:00007efce1d8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.618232][ T8385] RAX: ffffffffffffffda RBX: 00007efce11b5fa0 RCX: 00007efce0f8ebe9 [ 228.618248][ T8385] RDX: 000020000000c380 RSI: 00000000c0606610 RDI: 0000000000000004 [ 228.618264][ T8385] RBP: 00007efce1d8b090 R08: 0000000000000000 R09: 0000000000000000 [ 228.618279][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.618294][ T8385] R13: 00007efce11b6038 R14: 00007efce11b5fa0 R15: 00007ffe4112a0c8 [ 228.618327][ T8385] [ 228.941116][ T8390] netlink: 'syz.2.518': attribute type 11 has an invalid length. [ 228.949186][ T8390] netlink: 'syz.2.518': attribute type 11 has an invalid length. [ 228.956916][ T8390] netlink: 'syz.2.518': attribute type 11 has an invalid length. [ 228.964874][ T8390] netlink: 'syz.2.518': attribute type 11 has an invalid length. [ 230.396795][ T8397] netlink: 334 bytes leftover after parsing attributes in process `syz.3.517'. [ 231.526425][ T30] audit: type=1800 audit(6138079718.276:8): pid=8432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.523" name="discovery_nqn" dev="configfs" ino=19866 res=0 errno=0 [ 235.022178][ T8490] FAULT_INJECTION: forcing a failure. [ 235.022178][ T8490] name failslab, interval 1, probability 0, space 0, times 0 [ 235.096274][ T8490] CPU: 1 UID: 0 PID: 8490 Comm: syz.3.539 Not tainted syzkaller #0 PREEMPT(full) [ 235.096315][ T8490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 235.096328][ T8490] Call Trace: [ 235.096336][ T8490] [ 235.096345][ T8490] dump_stack_lvl+0x16c/0x1f0 [ 235.096380][ T8490] should_fail_ex+0x512/0x640 [ 235.096412][ T8490] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 235.096444][ T8490] should_failslab+0xc2/0x120 [ 235.096475][ T8490] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 235.096502][ T8490] ? __pfx___might_resched+0x10/0x10 [ 235.096527][ T8490] ? __anon_vma_prepare+0xae/0x5e0 [ 235.096560][ T8490] __anon_vma_prepare+0xae/0x5e0 [ 235.096585][ T8490] ? __pfx___pte_alloc+0x10/0x10 [ 235.096622][ T8490] __vmf_anon_prepare+0x11c/0x240 [ 235.096660][ T8490] do_pte_missing+0x10bd/0x3ba0 [ 235.096689][ T8490] ? do_raw_spin_unlock+0x172/0x230 [ 235.096729][ T8490] ? __pmd_alloc+0x3fb/0x930 [ 235.096767][ T8490] __handle_mm_fault+0x152a/0x2a50 [ 235.096804][ T8490] ? __pfx___handle_mm_fault+0x10/0x10 [ 235.096863][ T8490] handle_mm_fault+0x589/0xd10 [ 235.096898][ T8490] __get_user_pages+0x551/0x34a0 [ 235.096950][ T8490] ? __pfx___get_user_pages+0x10/0x10 [ 235.096997][ T8490] populate_vma_page_range+0x267/0x3f0 [ 235.097037][ T8490] ? __pfx_populate_vma_page_range+0x10/0x10 [ 235.097079][ T8490] ? __pfx_find_vma_intersection+0x10/0x10 [ 235.097115][ T8490] ? do_mmap+0x69c/0x1210 [ 235.097152][ T8490] __mm_populate+0x1d8/0x380 [ 235.097190][ T8490] ? __pfx___mm_populate+0x10/0x10 [ 235.097229][ T8490] ? up_write+0x1b2/0x520 [ 235.097266][ T8490] vm_mmap_pgoff+0x37f/0x470 [ 235.097306][ T8490] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 235.097349][ T8490] ? __fget_files+0x20e/0x3c0 [ 235.097388][ T8490] ksys_mmap_pgoff+0x7d/0x5c0 [ 235.097421][ T8490] ? __pfx_ksys_write+0x10/0x10 [ 235.097455][ T8490] __x64_sys_mmap+0x125/0x190 [ 235.097497][ T8490] do_syscall_64+0xcd/0x490 [ 235.097531][ T8490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.097557][ T8490] RIP: 0033:0x7fdacd98ebe9 [ 235.097577][ T8490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.097602][ T8490] RSP: 002b:00007fdace886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 235.097627][ T8490] RAX: ffffffffffffffda RBX: 00007fdacdbb5fa0 RCX: 00007fdacd98ebe9 [ 235.097644][ T8490] RDX: 00000000000000df RSI: 0000000000400007 RDI: 0000000000000000 [ 235.097660][ T8490] RBP: 00007fdace886090 R08: 0000000000000002 R09: 0000000000008000 [ 235.097676][ T8490] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 235.097692][ T8490] R13: 00007fdacdbb6038 R14: 00007fdacdbb5fa0 R15: 00007ffcecab97c8 [ 235.097728][ T8490] [ 235.370901][ C1] vkms_vblank_simulate: vblank timer overrun [ 236.402809][ T8512] netlink: 'syz.3.546': attribute type 1 has an invalid length. [ 237.066890][ T8530] FAULT_INJECTION: forcing a failure. [ 237.066890][ T8530] name failslab, interval 1, probability 0, space 0, times 0 [ 237.086000][ T8530] CPU: 1 UID: 0 PID: 8530 Comm: syz.2.550 Not tainted syzkaller #0 PREEMPT(full) [ 237.086037][ T8530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 237.086052][ T8530] Call Trace: [ 237.086061][ T8530] [ 237.086071][ T8530] dump_stack_lvl+0x16c/0x1f0 [ 237.086109][ T8530] should_fail_ex+0x512/0x640 [ 237.086142][ T8530] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 237.086176][ T8530] should_failslab+0xc2/0x120 [ 237.086208][ T8530] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 237.086236][ T8530] ? __pfx___might_resched+0x10/0x10 [ 237.086262][ T8530] ? __anon_vma_prepare+0x344/0x5e0 [ 237.086294][ T8530] __anon_vma_prepare+0x344/0x5e0 [ 237.086319][ T8530] ? __pfx___pte_alloc+0x10/0x10 [ 237.086357][ T8530] __vmf_anon_prepare+0x11c/0x240 [ 237.086394][ T8530] do_pte_missing+0x10bd/0x3ba0 [ 237.086422][ T8530] ? do_raw_spin_unlock+0x172/0x230 [ 237.086461][ T8530] ? __pmd_alloc+0x3fb/0x930 [ 237.086500][ T8530] __handle_mm_fault+0x152a/0x2a50 [ 237.086537][ T8530] ? __pfx___handle_mm_fault+0x10/0x10 [ 237.086594][ T8530] handle_mm_fault+0x589/0xd10 [ 237.086629][ T8530] __get_user_pages+0x551/0x34a0 [ 237.086679][ T8530] ? __pfx___get_user_pages+0x10/0x10 [ 237.086726][ T8530] populate_vma_page_range+0x267/0x3f0 [ 237.086766][ T8530] ? __pfx_populate_vma_page_range+0x10/0x10 [ 237.086802][ T8530] ? __pfx_find_vma_intersection+0x10/0x10 [ 237.086845][ T8530] ? do_mmap+0x69c/0x1210 [ 237.086882][ T8530] __mm_populate+0x1d8/0x380 [ 237.086921][ T8530] ? __pfx___mm_populate+0x10/0x10 [ 237.086961][ T8530] ? up_write+0x1b2/0x520 [ 237.086998][ T8530] vm_mmap_pgoff+0x37f/0x470 [ 237.087037][ T8530] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 237.087075][ T8530] ? __fget_files+0x20e/0x3c0 [ 237.087112][ T8530] ksys_mmap_pgoff+0x7d/0x5c0 [ 237.087145][ T8530] ? __pfx_ksys_write+0x10/0x10 [ 237.087179][ T8530] __x64_sys_mmap+0x125/0x190 [ 237.087220][ T8530] do_syscall_64+0xcd/0x490 [ 237.087255][ T8530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.087281][ T8530] RIP: 0033:0x7fa48398ebe9 [ 237.087302][ T8530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.087326][ T8530] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 237.087350][ T8530] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 237.087367][ T8530] RDX: 00000000000000df RSI: 0000000000400007 RDI: 0000000000000000 [ 237.087382][ T8530] RBP: 00007fa4847ad090 R08: 0000000000000002 R09: 0000000000008000 [ 237.087397][ T8530] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 237.087412][ T8530] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 237.087444][ T8530] [ 238.873876][ T8565] FAULT_INJECTION: forcing a failure. [ 238.873876][ T8565] name fail_page_alloc, interval 1, probability 0, space 0, times 393214 [ 238.950634][ T8565] CPU: 0 UID: 0 PID: 8565 Comm: syz.0.560 Not tainted syzkaller #0 PREEMPT(full) [ 238.950675][ T8565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.950689][ T8565] Call Trace: [ 238.950695][ T8565] [ 238.950703][ T8565] dump_stack_lvl+0x16c/0x1f0 [ 238.950734][ T8565] should_fail_ex+0x512/0x640 [ 238.950763][ T8565] should_fail_alloc_page+0xe7/0x130 [ 238.950790][ T8565] prepare_alloc_pages+0x3c2/0x610 [ 238.950824][ T8565] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 238.950853][ T8565] ? __lock_acquire+0x62e/0x1ce0 [ 238.950889][ T8565] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 238.950918][ T8565] ? weighted_interleave_nid+0x3e6/0x5a0 [ 238.950957][ T8565] ? __pfx_weighted_interleave_nid+0x10/0x10 [ 238.950994][ T8565] ? policy_nodemask+0xea/0x4e0 [ 238.951025][ T8565] alloc_pages_mpol+0x1fb/0x550 [ 238.951056][ T8565] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 238.951089][ T8565] ? __anon_vma_prepare+0x2db/0x5e0 [ 238.951121][ T8565] folio_alloc_mpol_noprof+0x36/0x2f0 [ 238.951159][ T8565] vma_alloc_folio_noprof+0xed/0x1e0 [ 238.951195][ T8565] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 238.951229][ T8565] ? __anon_vma_prepare+0x2e2/0x5e0 [ 238.951264][ T8565] do_pte_missing+0x2230/0x3ba0 [ 238.951297][ T8565] ? __pmd_alloc+0x3fb/0x930 [ 238.951335][ T8565] __handle_mm_fault+0x152a/0x2a50 [ 238.951373][ T8565] ? __pfx___handle_mm_fault+0x10/0x10 [ 238.951429][ T8565] handle_mm_fault+0x589/0xd10 [ 238.951468][ T8565] __get_user_pages+0x551/0x34a0 [ 238.951519][ T8565] ? __pfx___get_user_pages+0x10/0x10 [ 238.951562][ T8565] populate_vma_page_range+0x267/0x3f0 [ 238.951602][ T8565] ? __pfx_populate_vma_page_range+0x10/0x10 [ 238.951635][ T8565] ? __pfx_find_vma_intersection+0x10/0x10 [ 238.951677][ T8565] ? do_mmap+0x69c/0x1210 [ 238.951713][ T8565] __mm_populate+0x1d8/0x380 [ 238.951752][ T8565] ? __pfx___mm_populate+0x10/0x10 [ 238.951791][ T8565] ? up_write+0x1b2/0x520 [ 238.951830][ T8565] vm_mmap_pgoff+0x37f/0x470 [ 238.951870][ T8565] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 238.951908][ T8565] ? __fget_files+0x20e/0x3c0 [ 238.951946][ T8565] ksys_mmap_pgoff+0x7d/0x5c0 [ 238.951979][ T8565] ? __pfx_ksys_write+0x10/0x10 [ 238.952013][ T8565] __x64_sys_mmap+0x125/0x190 [ 238.952054][ T8565] do_syscall_64+0xcd/0x490 [ 238.952090][ T8565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.952117][ T8565] RIP: 0033:0x7f62dd78ebe9 [ 238.952137][ T8565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.952162][ T8565] RSP: 002b:00007f62de593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 238.952186][ T8565] RAX: ffffffffffffffda RBX: 00007f62dd9b5fa0 RCX: 00007f62dd78ebe9 [ 238.952204][ T8565] RDX: 00000000000000df RSI: 0000000000400007 RDI: 0000000000000000 [ 238.952219][ T8565] RBP: 00007f62de593090 R08: 0000000000000002 R09: 0000000000008000 [ 238.952235][ T8565] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 238.952251][ T8565] R13: 00007f62dd9b6038 R14: 00007f62dd9b5fa0 R15: 00007ffd8e9e1db8 [ 238.952287][ T8565] [ 239.573979][ T8590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'. [ 239.625225][ T8574] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input21 [ 241.986583][ T8633] netlink: 186 bytes leftover after parsing attributes in process `syz.0.572'. [ 242.150797][ T8640] binder: 8639:8640 ioctl 40085112 200000000180 returned -22 [ 243.644185][ T8657] ptrace attach of "./syz-executor exec"[8666] was attempted by "./syz-executor exec"[8657] [ 244.031829][ T30] audit: type=1804 audit(6138079730.861:9): pid=8683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.586" name="/newroot/122/file0" dev="tmpfs" ino=649 res=1 errno=0 [ 244.064246][ T8679] netlink: 'syz.3.583': attribute type 2 has an invalid length. [ 244.119545][ T8681] FAULT_INJECTION: forcing a failure. [ 244.119545][ T8681] name failslab, interval 1, probability 0, space 0, times 0 [ 244.134001][ T30] audit: type=1804 audit(6138079730.861:10): pid=8684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.586" name="/newroot/122/file0" dev="tmpfs" ino=649 res=1 errno=0 [ 244.158909][ T8681] CPU: 0 UID: 0 PID: 8681 Comm: syz.0.585 Not tainted syzkaller #0 PREEMPT(full) [ 244.158947][ T8681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.158967][ T8681] Call Trace: [ 244.158980][ T8681] [ 244.158991][ T8681] dump_stack_lvl+0x16c/0x1f0 [ 244.159030][ T8681] should_fail_ex+0x512/0x640 [ 244.159066][ T8681] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 244.159102][ T8681] should_failslab+0xc2/0x120 [ 244.159137][ T8681] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 244.159244][ T8681] ? __d_alloc+0x32/0xae0 [ 244.159284][ T8681] __d_alloc+0x32/0xae0 [ 244.159316][ T8681] ? bpf_lsm_inode_permission+0x9/0x10 [ 244.159355][ T8681] d_alloc+0x4a/0x1e0 [ 244.159396][ T8681] vfs_tmpfile+0x148/0x890 [ 244.159433][ T8681] path_openat+0x1683/0x2cb0 [ 244.159461][ T8681] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.159500][ T8681] ? __pfx_path_openat+0x10/0x10 [ 244.159532][ T8681] ? __lock_acquire+0xb97/0x1ce0 [ 244.159572][ T8681] do_filp_open+0x20b/0x470 [ 244.159602][ T8681] ? __pfx_do_filp_open+0x10/0x10 [ 244.159658][ T8681] ? _raw_spin_unlock+0x28/0x50 [ 244.159686][ T8681] ? alloc_fd+0x471/0x7d0 [ 244.159719][ T8681] do_sys_openat2+0x11b/0x1d0 [ 244.159759][ T8681] ? __pfx_do_sys_openat2+0x10/0x10 [ 244.159805][ T8681] __x64_sys_open+0x153/0x1e0 [ 244.159843][ T8681] ? __pfx___x64_sys_open+0x10/0x10 [ 244.159889][ T8681] ? rcu_is_watching+0x12/0xc0 [ 244.159919][ T8681] do_syscall_64+0xcd/0x490 [ 244.159956][ T8681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.159982][ T8681] RIP: 0033:0x7f62dd78ebe9 [ 244.160005][ T8681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.160032][ T8681] RSP: 002b:00007f62de593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 244.160056][ T8681] RAX: ffffffffffffffda RBX: 00007f62dd9b5fa0 RCX: 00007f62dd78ebe9 [ 244.160075][ T8681] RDX: 0000000000000408 RSI: 0000000000591002 RDI: 0000200000000100 [ 244.160092][ T8681] RBP: 00007f62dd811e19 R08: 0000000000000000 R09: 0000000000000000 [ 244.160107][ T8681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.160122][ T8681] R13: 00007f62dd9b6038 R14: 00007f62dd9b5fa0 R15: 00007ffd8e9e1db8 [ 244.160159][ T8681] [ 244.557906][ T8691] netlink: 330 bytes leftover after parsing attributes in process `syz.1.587'. [ 244.703402][ T8698] netlink: 342 bytes leftover after parsing attributes in process `syz.2.590'. [ 245.552931][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.593'. [ 246.064898][ T8716] team_slave_0: entered allmulticast mode [ 246.750337][ T8733] futex_wake_op: syz.3.598 tries to shift op by -2048; fix this program [ 246.759344][ T8733] futex_wake_op: syz.3.598 tries to shift op by -2048; fix this program [ 246.804290][ T8727] can: request_module (can-proto-3) failed. [ 247.954716][ T8758] ubi0: attaching mtd0 [ 247.958829][ T8758] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 249.044640][ T8768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.602'. [ 249.640397][ T8777] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 249.646553][ T8777] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 249.686876][ T8777] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 249.699335][ T8777] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.715073][ T8777] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 250.741896][ T8805] blktrace: Concurrent blktraces are not allowed on ram7 [ 250.749813][ T8806] blktrace: Concurrent blktraces are not allowed on ram7 [ 251.265765][ T30] audit: type=1326 audit(6138079738.128:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8833 comm="syz.2.620" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa48398ebe9 code=0x0 [ 251.337683][ T8841] FAULT_INJECTION: forcing a failure. [ 251.337683][ T8841] name failslab, interval 1, probability 0, space 0, times 0 [ 251.354560][ T8841] CPU: 1 UID: 0 PID: 8841 Comm: syz.2.620 Not tainted syzkaller #0 PREEMPT(full) [ 251.354594][ T8841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 251.354610][ T8841] Call Trace: [ 251.354619][ T8841] [ 251.354629][ T8841] dump_stack_lvl+0x16c/0x1f0 [ 251.354668][ T8841] should_fail_ex+0x512/0x640 [ 251.354715][ T8841] ? fs_reclaim_acquire+0xae/0x150 [ 251.354759][ T8841] ? tomoyo_encode2+0x100/0x3e0 [ 251.354793][ T8841] should_failslab+0xc2/0x120 [ 251.354829][ T8841] __kmalloc_noprof+0xd2/0x510 [ 251.354859][ T8841] ? d_absolute_path+0x136/0x1a0 [ 251.354903][ T8841] tomoyo_encode2+0x100/0x3e0 [ 251.354945][ T8841] tomoyo_encode+0x29/0x50 [ 251.354979][ T8841] tomoyo_realpath_from_path+0x18f/0x6e0 [ 251.355029][ T8841] tomoyo_mkdev_perm+0x22b/0x570 [ 251.355059][ T8841] ? tomoyo_mkdev_perm+0x217/0x570 [ 251.355093][ T8841] ? __pfx_tomoyo_mkdev_perm+0x10/0x10 [ 251.355127][ T8841] ? __lock_acquire+0xb97/0x1ce0 [ 251.355170][ T8841] ? do_raw_spin_lock+0x12c/0x2b0 [ 251.355229][ T8841] ? __pfx_current_check_access_path+0x10/0x10 [ 251.355271][ T8841] ? simple_lookup+0x105/0x1d0 [ 251.355305][ T8841] tomoyo_path_mknod+0x12a/0x190 [ 251.355332][ T8841] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 251.355361][ T8841] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.355407][ T8841] security_path_mknod+0x161/0x310 [ 251.355442][ T8841] do_mknodat+0x239/0x5d0 [ 251.355477][ T8841] ? __pfx_do_mknodat+0x10/0x10 [ 251.355506][ T8841] ? getname_flags.part.0+0x1c5/0x550 [ 251.355555][ T8841] __x64_sys_mknod+0x87/0xb0 [ 251.355587][ T8841] do_syscall_64+0xcd/0x490 [ 251.355626][ T8841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.355653][ T8841] RIP: 0033:0x7fa48398ebe9 [ 251.355675][ T8841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.355706][ T8841] RSP: 002b:00007fa48478c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 251.355733][ T8841] RAX: ffffffffffffffda RBX: 00007fa483bb6090 RCX: 00007fa48398ebe9 [ 251.355752][ T8841] RDX: 0000000000000103 RSI: 00000000000020e9 RDI: 00002000000003c0 [ 251.355770][ T8841] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 251.355787][ T8841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.355803][ T8841] R13: 00007fa483bb6128 R14: 00007fa483bb6090 R15: 00007fff2bc20a68 [ 251.355841][ T8841] [ 251.355871][ T8841] ERROR: Out of memory at tomoyo_realpath_from_path. [ 251.676419][ T7276] Bluetooth: hci1: command 0x0c1a tx timeout [ 251.682593][ T7454] Bluetooth: hci0: command 0x0c1a tx timeout [ 251.750406][ T7454] Bluetooth: hci3: command 0x0c1a tx timeout [ 251.756492][ T7489] Bluetooth: hci2: command 0x0c1a tx timeout [ 252.709258][ T8880] blktrace: Concurrent blktraces are not allowed on ram7 [ 253.445791][ T8901] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 253.862241][ T7454] Bluetooth: hci3: command 0x0c1a tx timeout [ 254.670707][ T8935] openvswitch: netlink: Message has 16 unknown bytes. [ 254.987981][ T8905] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 255.100348][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.100390][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.740650][ T8964] ubi0: attaching mtd0 [ 255.747650][ T8964] ubi0: scanning is finished [ 255.836645][ T8964] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 255.846651][ T8964] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 255.854439][ T8964] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 255.861558][ T8964] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 255.874664][ T8964] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 255.882593][ T8964] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 255.892270][ T8964] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 255.905004][ T8964] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 255.922408][ T8966] ubi0: detaching mtd0 [ 256.048401][ T8966] ubi0: mtd0 is detached [ 256.139286][ T8975] MTRR 1 not used [ 256.146310][ T8972] sp0: Synchronizing with TNC [ 256.262037][ T8977] FAULT_INJECTION: forcing a failure. [ 256.262037][ T8977] name failslab, interval 1, probability 0, space 0, times 0 [ 256.294637][ T8977] CPU: 0 UID: 0 PID: 8977 Comm: syz.1.642 Not tainted syzkaller #0 PREEMPT(full) [ 256.294673][ T8977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.294689][ T8977] Call Trace: [ 256.294699][ T8977] [ 256.294710][ T8977] dump_stack_lvl+0x16c/0x1f0 [ 256.294751][ T8977] should_fail_ex+0x512/0x640 [ 256.294787][ T8977] ? fs_reclaim_acquire+0xae/0x150 [ 256.294831][ T8977] should_failslab+0xc2/0x120 [ 256.294866][ T8977] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 256.294899][ T8977] ? security_inode_alloc+0x3b/0x2b0 [ 256.294934][ T8977] security_inode_alloc+0x3b/0x2b0 [ 256.294966][ T8977] inode_init_always_gfp+0xce4/0x1030 [ 256.295004][ T8977] alloc_inode+0x86/0x240 [ 256.295041][ T8977] iget_locked+0x2e4/0x830 [ 256.295082][ T8977] ? __pfx_iget_locked+0x10/0x10 [ 256.295121][ T8977] ? find_held_lock+0x2b/0x80 [ 256.295150][ T8977] ? kernfs_root+0xee/0x2a0 [ 256.295201][ T8977] kernfs_get_inode+0x48/0x460 [ 256.295236][ T8977] kernfs_iop_lookup+0x1a7/0x2d0 [ 256.295276][ T8977] __lookup_slow+0x24e/0x460 [ 256.295319][ T8977] ? __pfx___lookup_slow+0x10/0x10 [ 256.295384][ T8977] ? lookup_fast+0x156/0x610 [ 256.295408][ T8977] ? __pfx_kernfs_iop_permission+0x10/0x10 [ 256.295446][ T8977] walk_component+0x353/0x5b0 [ 256.295478][ T8977] link_path_walk+0x627/0xe20 [ 256.295520][ T8977] path_openat+0x1b0/0x2cb0 [ 256.295549][ T8977] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.295586][ T8977] ? __pfx_path_openat+0x10/0x10 [ 256.295630][ T8977] do_filp_open+0x20b/0x470 [ 256.295663][ T8977] ? __pfx_do_filp_open+0x10/0x10 [ 256.295717][ T8977] ? alloc_fd+0x471/0x7d0 [ 256.295755][ T8977] do_sys_openat2+0x11b/0x1d0 [ 256.295791][ T8977] ? __pfx_do_sys_openat2+0x10/0x10 [ 256.295832][ T8977] ? __pfx___might_resched+0x10/0x10 [ 256.295868][ T8977] __x64_sys_openat+0x174/0x210 [ 256.295905][ T8977] ? __pfx___x64_sys_openat+0x10/0x10 [ 256.295957][ T8977] do_syscall_64+0xcd/0x490 [ 256.295994][ T8977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.296022][ T8977] RIP: 0033:0x7efce0f8ebe9 [ 256.296044][ T8977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.296069][ T8977] RSP: 002b:00007efce1d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 256.296095][ T8977] RAX: ffffffffffffffda RBX: 00007efce11b6090 RCX: 00007efce0f8ebe9 [ 256.296114][ T8977] RDX: 0000000000080840 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 256.296133][ T8977] RBP: 00007efce1011e19 R08: 0000000000000000 R09: 0000000000000000 [ 256.296150][ T8977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.296166][ T8977] R13: 00007efce11b6128 R14: 00007efce11b6090 R15: 00007ffe4112a0c8 [ 256.296210][ T8977] [ 257.454597][ T8995] netlink: 342 bytes leftover after parsing attributes in process `syz.1.646'. [ 259.518705][ T9031] ubi0: attaching mtd0 [ 259.525463][ T9031] ubi0: scanning is finished [ 260.043016][ T9031] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 260.052931][ T9031] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 260.063066][ T9031] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 260.073238][ T9031] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 260.084813][ T9031] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 260.105126][ T9031] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 260.120283][ T9031] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 260.320688][ T9031] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 260.562109][ T9046] ubi0: background thread "ubi_bgt0d" started, PID 9046 [ 260.571585][ T9034] ubi0: detaching mtd0 [ 260.629037][ T9034] ubi0: mtd0 is detached [ 263.593608][ T9130] bond0: no command found in slaves file - use +ifname or -ifname [ 263.792458][ T9134] random: crng reseeded on system resumption [ 265.117075][ T9167] binder: 9166:9167 ioctl c0306201 0 returned -14 [ 265.373823][ T9174] zram: Can't change algorithm for initialized device [ 265.609431][ T9181] usb usb36: usbfs: process 9181 (syz.2.689) did not claim interface 0 before use [ 266.847571][ T9211] netlink: 28 bytes leftover after parsing attributes in process `syz.0.697'. [ 267.744944][ T9234] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 268.133950][ T9241] FAULT_INJECTION: forcing a failure. [ 268.133950][ T9241] name failslab, interval 1, probability 0, space 0, times 0 [ 268.148484][ T9241] CPU: 0 UID: 0 PID: 9241 Comm: syz.2.706 Not tainted syzkaller #0 PREEMPT(full) [ 268.148526][ T9241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 268.148544][ T9241] Call Trace: [ 268.148553][ T9241] [ 268.148565][ T9241] dump_stack_lvl+0x16c/0x1f0 [ 268.148608][ T9241] should_fail_ex+0x512/0x640 [ 268.148647][ T9241] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 268.148687][ T9241] should_failslab+0xc2/0x120 [ 268.148726][ T9241] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 268.148761][ T9241] ? __d_alloc+0x32/0xae0 [ 268.148800][ T9241] __d_alloc+0x32/0xae0 [ 268.148839][ T9241] d_alloc_parallel+0x111/0x1480 [ 268.148891][ T9241] ? register_lock_class+0x41/0x4c0 [ 268.148929][ T9241] ? __lock_acquire+0xb97/0x1ce0 [ 268.148964][ T9241] ? __pfx_d_alloc_parallel+0x10/0x10 [ 268.149022][ T9241] ? lockdep_init_map_type+0x5c/0x280 [ 268.149061][ T9241] ? lockdep_init_map_type+0x5c/0x280 [ 268.149106][ T9241] __lookup_slow+0x193/0x460 [ 268.149148][ T9241] ? __pfx___lookup_slow+0x10/0x10 [ 268.149213][ T9241] ? lookup_fast+0x156/0x610 [ 268.149246][ T9241] walk_component+0x353/0x5b0 [ 268.149279][ T9241] link_path_walk+0x627/0xe20 [ 268.149322][ T9241] path_lookupat+0x15a/0x6d0 [ 268.149351][ T9241] ? __lock_acquire+0xb97/0x1ce0 [ 268.149391][ T9241] filename_lookup+0x224/0x5f0 [ 268.149427][ T9241] ? __pfx_filename_lookup+0x10/0x10 [ 268.149491][ T9241] ? getname_flags.part.0+0x1c5/0x550 [ 268.149540][ T9241] user_path_at+0x3a/0x60 [ 268.149573][ T9241] vfs_open_tree+0x2ca/0x910 [ 268.149605][ T9241] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 268.149647][ T9241] ? __pfx_vfs_open_tree+0x10/0x10 [ 268.149679][ T9241] ? __pfx_mem_cgroup_handle_over_high+0x10/0x10 [ 268.149716][ T9241] ? __sys_getsockopt+0x144/0x1b0 [ 268.149761][ T9241] __x64_sys_open_tree+0x84/0x130 [ 268.149800][ T9241] do_syscall_64+0xcd/0x490 [ 268.149840][ T9241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.149871][ T9241] RIP: 0033:0x7fa48398ebe9 [ 268.149895][ T9241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.149921][ T9241] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 268.149948][ T9241] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 268.149967][ T9241] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 268.149994][ T9241] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 268.150013][ T9241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 268.150031][ T9241] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 268.150069][ T9241] [ 268.424354][ T9221] kexec: Could not allocate control_code_buffer [ 268.663075][ T9251] FAULT_INJECTION: forcing a failure. [ 268.663075][ T9251] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 268.766961][ T9251] CPU: 0 UID: 0 PID: 9251 Comm: syz.1.710 Not tainted syzkaller #0 PREEMPT(full) [ 268.766999][ T9251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 268.767014][ T9251] Call Trace: [ 268.767024][ T9251] [ 268.767034][ T9251] dump_stack_lvl+0x16c/0x1f0 [ 268.767073][ T9251] should_fail_ex+0x512/0x640 [ 268.767115][ T9251] _copy_from_user+0x2e/0xd0 [ 268.767156][ T9251] get_timespec64+0x8b/0x1b0 [ 268.767188][ T9251] ? __pfx_get_timespec64+0x10/0x10 [ 268.767229][ T9251] __x64_sys_utimensat+0x17a/0x290 [ 268.767263][ T9251] ? __do_sys_openat2+0x1c8/0x2d0 [ 268.767301][ T9251] ? __pfx___x64_sys_utimensat+0x10/0x10 [ 268.767349][ T9251] do_syscall_64+0xcd/0x490 [ 268.767386][ T9251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.767414][ T9251] RIP: 0033:0x7efce0f8ebe9 [ 268.767434][ T9251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.767460][ T9251] RSP: 002b:00007efce1d8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000118 [ 268.767484][ T9251] RAX: ffffffffffffffda RBX: 00007efce11b5fa0 RCX: 00007efce0f8ebe9 [ 268.767503][ T9251] RDX: 0000200000001400 RSI: 0000000000000000 RDI: ffffffffffffffff [ 268.767520][ T9251] RBP: 00007efce1011e19 R08: 0000000000000000 R09: 0000000000000000 [ 268.767536][ T9251] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 268.767552][ T9251] R13: 00007efce11b6038 R14: 00007efce11b5fa0 R15: 00007ffe4112a0c8 [ 268.767588][ T9251] [ 268.956297][ T9251] FAULT_INJECTION: forcing a failure. [ 268.956297][ T9251] name fail_page_alloc, interval 1, probability 0, space 0, times 393212 [ 268.970132][ T9251] CPU: 0 UID: 0 PID: 9251 Comm: syz.1.710 Not tainted syzkaller #0 PREEMPT(full) [ 268.970171][ T9251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 268.970189][ T9251] Call Trace: [ 268.970198][ T9251] [ 268.970208][ T9251] dump_stack_lvl+0x16c/0x1f0 [ 268.970246][ T9251] should_fail_ex+0x512/0x640 [ 268.970287][ T9251] should_fail_alloc_page+0xe7/0x130 [ 268.970323][ T9251] prepare_alloc_pages+0x3c2/0x610 [ 268.970361][ T9251] ? rcu_is_watching+0x12/0xc0 [ 268.970391][ T9251] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 268.970440][ T9251] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 268.970489][ T9251] ? rcu_is_watching+0x12/0xc0 [ 268.970516][ T9251] ? trace_kmalloc+0x2b/0xd0 [ 268.970549][ T9251] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 268.970584][ T9251] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 268.970625][ T9251] ? policy_nodemask+0xea/0x4e0 [ 268.970671][ T9251] alloc_pages_mpol+0x1fb/0x550 [ 268.970708][ T9251] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 268.970742][ T9251] ? __pfx___alloc_skb+0x10/0x10 [ 268.970774][ T9251] ? find_held_lock+0x2b/0x80 [ 268.970801][ T9251] ? finish_task_switch.isra.0+0x21c/0xc10 [ 268.970834][ T9251] alloc_pages_noprof+0x131/0x390 [ 268.970869][ T9251] alloc_skb_with_frags+0x24a/0x860 [ 268.970917][ T9251] sock_alloc_send_pskb+0x7fb/0x990 [ 268.970959][ T9251] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 268.971008][ T9251] tun_get_user+0x7f6/0x3ce0 [ 268.971050][ T9251] ? __pfx_tun_get_user+0x10/0x10 [ 268.971079][ T9251] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 268.971128][ T9251] ? find_held_lock+0x2b/0x80 [ 268.971155][ T9251] ? tun_get+0x191/0x370 [ 268.971200][ T9251] tun_chr_write_iter+0xdc/0x210 [ 268.971230][ T9251] vfs_write+0x7d3/0x11d0 [ 268.971260][ T9251] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 268.971291][ T9251] ? __pfx_vfs_write+0x10/0x10 [ 268.971317][ T9251] ? find_held_lock+0x2b/0x80 [ 268.971361][ T9251] __x64_sys_pwrite64+0x1eb/0x250 [ 268.971393][ T9251] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 268.971434][ T9251] do_syscall_64+0xcd/0x490 [ 268.971472][ T9251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.971499][ T9251] RIP: 0033:0x7efce0f8ebe9 [ 268.971521][ T9251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.971547][ T9251] RSP: 002b:00007efce1d8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 268.971573][ T9251] RAX: ffffffffffffffda RBX: 00007efce11b5fa0 RCX: 00007efce0f8ebe9 [ 268.971592][ T9251] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 00000000000000c8 [ 268.971609][ T9251] RBP: 00007efce1011e19 R08: 0000000000000000 R09: 0000000000000000 [ 268.971625][ T9251] R10: 0000000000000039 R11: 0000000000000246 R12: 0000000000000000 [ 268.971642][ T9251] R13: 00007efce11b6038 R14: 00007efce11b5fa0 R15: 00007ffe4112a0c8 [ 268.971687][ T9251] [ 269.334148][ T9247] tipc: Started in network mode [ 269.340313][ T9247] tipc: Node identity ee00, cluster identity 4711 [ 269.348293][ T9247] tipc: Node number set to 60928 [ 269.455553][ T9259] phram: parameter too long [ 270.639924][ T9282] netlink: 8 bytes leftover after parsing attributes in process `syz.2.717'. [ 270.859774][ T9285] FAULT_INJECTION: forcing a failure. [ 270.859774][ T9285] name fail_futex, interval 1, probability 0, space 0, times 0 [ 270.900805][ T9285] CPU: 0 UID: 0 PID: 9285 Comm: syz.1.718 Not tainted syzkaller #0 PREEMPT(full) [ 270.900844][ T9285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 270.900862][ T9285] Call Trace: [ 270.900871][ T9285] [ 270.900882][ T9285] dump_stack_lvl+0x16c/0x1f0 [ 270.900925][ T9285] should_fail_ex+0x512/0x640 [ 270.900963][ T9285] ? putname+0x154/0x1a0 [ 270.901000][ T9285] get_futex_key+0x1d0/0x1560 [ 270.901037][ T9285] ? __pfx_get_futex_key+0x10/0x10 [ 270.901080][ T9285] futex_wake+0xea/0x530 [ 270.901120][ T9285] ? __pfx_futex_wake+0x10/0x10 [ 270.901160][ T9285] ? rcu_is_watching+0x12/0xc0 [ 270.901186][ T9285] ? kasan_quarantine_put+0x10a/0x240 [ 270.901217][ T9285] ? lockdep_hardirqs_on+0x7c/0x110 [ 270.901258][ T9285] do_futex+0x1e3/0x350 [ 270.901292][ T9285] ? __pfx_do_futex+0x10/0x10 [ 270.901321][ T9285] ? getname_flags.part.0+0x1c5/0x550 [ 270.901363][ T9285] ? putname+0x154/0x1a0 [ 270.901399][ T9285] __x64_sys_futex+0x1e0/0x4c0 [ 270.901436][ T9285] ? __pfx___x64_sys_futex+0x10/0x10 [ 270.901470][ T9285] ? xfd_validate_state+0x61/0x180 [ 270.901517][ T9285] do_syscall_64+0xcd/0x490 [ 270.901562][ T9285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.901594][ T9285] RIP: 0033:0x7efce0f8ebe9 [ 270.901620][ T9285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.901649][ T9285] RSP: 002b:00007efce1d8b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 270.901679][ T9285] RAX: ffffffffffffffda RBX: 00007efce11b5fa8 RCX: 00007efce0f8ebe9 [ 270.901697][ T9285] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007efce11b5fac [ 270.901716][ T9285] RBP: 00007efce11b5fa0 R08: 00007efce1d8c000 R09: 0000000000000000 [ 270.901753][ T9285] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 270.901774][ T9285] R13: 00007efce11b6038 R14: 00007ffe41129fe0 R15: 00007ffe4112a0c8 [ 270.901812][ T9285] [ 271.187195][ T9283] random: crng reseeded on system resumption [ 271.468300][ T9295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.721'. [ 272.054576][ T9291] can: request_module (can-proto-0) failed. [ 272.055098][ T9292] can: request_module (can-proto-0) failed. [ 273.159295][ T9323] ubi0: attaching mtd0 [ 273.190109][ T9323] ubi0: scanning is finished [ 273.597424][ T9323] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 273.614039][ T9323] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 273.621557][ T9323] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 273.629694][ T9323] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 273.637632][ T9323] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 273.644447][ T9323] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 273.654586][ T9323] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 273.665664][ T9323] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 273.677222][ T9329] ubi0: detaching mtd0 [ 273.680441][ T9337] ubi0: background thread "ubi_bgt0d" started, PID 9337 [ 273.739297][ T9329] ubi0: mtd0 is detached [ 274.593097][ T9364] vivid-007: ================= START STATUS ================= [ 274.690919][ T9364] vivid-007: Generate PTS: true [ 274.731867][ T9364] vivid-007: Generate SCR: true [ 274.736775][ T9364] tpg source WxH: 320x240 (Y'CbCr) [ 274.795743][ T9364] tpg field: 1 [ 274.799684][ T9364] tpg crop: (0,0)/320x240 [ 274.842551][ T9364] tpg compose: (0,0)/320x240 [ 274.847386][ T9364] tpg colorspace: 8 [ 274.851812][ T9364] tpg transfer function: 0/0 [ 274.856569][ T9364] tpg Y'CbCr encoding: 0/0 [ 274.939668][ T9364] tpg quantization: 0/0 [ 274.944005][ T9364] tpg RGB range: 0/2 [ 274.958286][ T9364] vivid-007: ================== END STATUS ================== [ 275.265233][ T9354] zswap: compressor not available [ 275.762547][ T9388] ubi0: attaching mtd0 [ 275.767840][ T9388] ubi0: scanning is finished [ 275.936757][ T9388] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 275.950285][ T9388] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 275.978171][ T9388] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 275.998244][ T9388] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 276.005817][ T9388] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 276.013517][ T9388] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 276.023169][ T9388] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 276.033352][ T9388] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 276.043579][ T9390] ubi0: detaching mtd0 [ 276.070445][ T9390] ubi0: mtd0 is detached [ 276.224424][ T9396] ubi0: attaching mtd0 [ 276.251597][ T9396] ubi0: scanning is finished [ 277.008235][ T9396] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 277.018182][ T9396] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 277.025541][ T9396] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 277.033143][ T9396] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 277.040662][ T9396] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 277.047557][ T9396] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 277.055683][ T9396] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 277.065910][ T9396] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 277.076077][ T9398] ubi0: detaching mtd0 [ 277.128244][ T9398] ubi0: mtd0 is detached [ 277.272364][ T9414] netlink: 25 bytes leftover after parsing attributes in process `syz.2.746'. [ 277.350125][ T30] audit: type=1800 audit(6138079764.344:12): pid=9410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.744" name="features" dev="configfs" ino=24993 res=0 errno=0 [ 278.176973][ T9433] FAULT_INJECTION: forcing a failure. [ 278.176973][ T9433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.190336][ T9433] CPU: 1 UID: 0 PID: 9433 Comm: syz.2.751 Not tainted syzkaller #0 PREEMPT(full) [ 278.190373][ T9433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 278.190390][ T9433] Call Trace: [ 278.190400][ T9433] [ 278.190410][ T9433] dump_stack_lvl+0x16c/0x1f0 [ 278.190452][ T9433] should_fail_ex+0x512/0x640 [ 278.190495][ T9433] _copy_from_iter+0x29f/0x1720 [ 278.190541][ T9433] ? __build_skb_around+0x278/0x3b0 [ 278.190571][ T9433] ? __pfx__copy_from_iter+0x10/0x10 [ 278.190611][ T9433] ? __pfx___alloc_skb+0x10/0x10 [ 278.190647][ T9433] ? common_file_perm+0x1a9/0x340 [ 278.190687][ T9433] vhci_write+0x150/0x480 [ 278.190725][ T9433] vfs_write+0x7d3/0x11d0 [ 278.190757][ T9433] ? __pfx_vhci_write+0x10/0x10 [ 278.190795][ T9433] ? __pfx_vfs_write+0x10/0x10 [ 278.190822][ T9433] ? find_held_lock+0x2b/0x80 [ 278.190881][ T9433] ksys_write+0x12a/0x250 [ 278.190912][ T9433] ? __pfx_ksys_write+0x10/0x10 [ 278.190954][ T9433] do_syscall_64+0xcd/0x490 [ 278.190993][ T9433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.191021][ T9433] RIP: 0033:0x7fa48398ebe9 [ 278.191043][ T9433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.191068][ T9433] RSP: 002b:00007fa48478c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 278.191093][ T9433] RAX: ffffffffffffffda RBX: 00007fa483bb6090 RCX: 00007fa48398ebe9 [ 278.191111][ T9433] RDX: 000000000000007f RSI: 00002000000004c0 RDI: 00000000000000ca [ 278.191128][ T9433] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 278.191144][ T9433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.191160][ T9433] R13: 00007fa483bb6128 R14: 00007fa483bb6090 R15: 00007fff2bc20a68 [ 278.191196][ T9433] [ 278.369424][ C1] vkms_vblank_simulate: vblank timer overrun [ 278.461742][ T9432] netlink: 338 bytes leftover after parsing attributes in process `syz.2.751'. [ 278.471413][ T9432] bridge0: entered promiscuous mode [ 280.548907][ T9493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.769'. [ 280.756263][ T9500] __vm_enough_memory: pid: 9500, comm: syz.2.772, bytes: 4398046511104 not enough memory for the allocation [ 281.173121][ T9512] sp0: Synchronizing with TNC [ 282.620968][ T30] audit: type=1326 audit(6138079769.652:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9528 comm="syz.2.778" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa48398ebe9 code=0x0 [ 284.161779][ T9542] vivid-003: ================= START STATUS ================= [ 284.213014][ T9542] vivid-003: Radio HW Seek Mode: Bounded [ 284.298803][ T9542] vivid-003: Radio Programmable HW Seek: false [ 284.305462][ T9542] vivid-003: RDS Rx I/O Mode: Block I/O [ 284.311744][ T9542] vivid-003: Generate RBDS Instead of RDS: false [ 284.318185][ T9542] vivid-003: RDS Reception: true [ 284.323367][ T9542] vivid-003: RDS Program Type: 0 inactive [ 284.332626][ T9542] vivid-003: RDS PS Name: inactive [ 284.342851][ T9542] vivid-003: RDS Radio Text: inactive [ 284.440233][ T9542] vivid-003: RDS Traffic Announcement: false inactive [ 284.447180][ T9542] vivid-003: RDS Traffic Program: false inactive [ 284.454073][ T9542] vivid-003: RDS Music: false inactive [ 284.459778][ T9542] vivid-003: ================== END STATUS ================== [ 285.083428][ T9571] usb usb36: usbfs: process 9571 (syz.1.789) did not claim interface 0 before use [ 285.268549][ T9576] can: request_module (can-proto-5) failed. [ 285.707444][ T9586] vivid-003: ================= START STATUS ================= [ 285.725384][ T9586] vivid-003: Radio HW Seek Mode: Bounded [ 285.731096][ T9586] vivid-003: Radio Programmable HW Seek: false [ 285.752470][ T9586] vivid-003: RDS Rx I/O Mode: Block I/O [ 285.762663][ T9586] vivid-003: Generate RBDS Instead of RDS: false [ 285.776772][ T9586] vivid-003: RDS Reception: true [ 285.791333][ T9586] vivid-003: RDS Program Type: 0 inactive [ 285.828956][ T9586] vivid-003: RDS PS Name: inactive [ 285.851920][ T9586] vivid-003: RDS Radio Text: inactive [ 285.857447][ T9586] vivid-003: RDS Traffic Announcement: false inactive [ 285.897997][ T9586] vivid-003: RDS Traffic Program: false inactive [ 285.921605][ T9586] vivid-003: RDS Music: false inactive [ 285.927140][ T9586] vivid-003: ================== END STATUS ================== [ 286.358948][ T9588] netlink: 350 bytes leftover after parsing attributes in process `syz.1.791'. [ 286.888772][ T30] audit: type=1806 audit(6138079773.934:14): xattr="" res=-22 [ 287.546009][ T9620] ubi0: attaching mtd0 [ 287.551627][ T9620] ubi0: scanning is finished [ 287.707183][ T9620] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 287.729825][ T9620] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 287.742973][ T9620] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 287.750036][ T9620] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 287.763395][ T9620] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 287.777699][ T9620] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 287.789109][ T9620] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 287.800026][ T9620] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 287.851684][ T9623] ubi0: detaching mtd0 [ 287.855842][ T9624] ubi0: background thread "ubi_bgt0d" started, PID 9624 [ 287.965445][ T9623] ubi0: mtd0 is detached [ 288.746406][ T9636] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 289.318986][ T9654] FAULT_INJECTION: forcing a failure. [ 289.318986][ T9654] name failslab, interval 1, probability 0, space 0, times 0 [ 289.332051][ T9654] CPU: 0 UID: 0 PID: 9654 Comm: syz.2.806 Not tainted syzkaller #0 PREEMPT(full) [ 289.332072][ T9654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 289.332081][ T9654] Call Trace: [ 289.332088][ T9654] [ 289.332095][ T9654] dump_stack_lvl+0x16c/0x1f0 [ 289.332119][ T9654] should_fail_ex+0x512/0x640 [ 289.332139][ T9654] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 289.332158][ T9654] should_failslab+0xc2/0x120 [ 289.332177][ T9654] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 289.332191][ T9654] ? __pfx___might_resched+0x10/0x10 [ 289.332206][ T9654] ? __anon_vma_prepare+0xae/0x5e0 [ 289.332224][ T9654] __anon_vma_prepare+0xae/0x5e0 [ 289.332238][ T9654] ? __filemap_get_folio+0x32b/0xc30 [ 289.332258][ T9654] __vmf_anon_prepare+0x11c/0x240 [ 289.332279][ T9654] hugetlb_fault+0x1ba4/0x2f40 [ 289.332297][ T9654] ? __pfx_hugetlb_fault+0x10/0x10 [ 289.332318][ T9654] ? find_vma+0xbf/0x140 [ 289.332335][ T9654] ? __pfx_find_vma+0x10/0x10 [ 289.332354][ T9654] handle_mm_fault+0xbfa/0xd10 [ 289.332369][ T9654] ? __bpf_trace_exceptions+0x1/0x40 [ 289.332391][ T9654] do_user_addr_fault+0x7a6/0x1370 [ 289.332413][ T9654] ? rcu_is_watching+0x12/0xc0 [ 289.332429][ T9654] exc_page_fault+0x5c/0xb0 [ 289.332447][ T9654] asm_exc_page_fault+0x26/0x30 [ 289.332461][ T9654] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 289.332476][ T9654] Code: e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 289.332489][ T9654] RSP: 0018:ffffc90004e1fdb0 EFLAGS: 00050206 [ 289.332500][ T9654] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 289.332509][ T9654] RDX: ffffed100fb54ec0 RSI: ffff88807daa75fb RDI: 0000000000000000 [ 289.332518][ T9654] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100fb54ebf [ 289.332526][ T9654] R10: ffff88807daa75ff R11: 0000000000000000 R12: ffff88807daa75fb [ 289.332534][ T9654] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 289.332553][ T9654] _copy_to_user+0xbb/0xd0 [ 289.332568][ T9654] __do_sys_getcwd+0x483/0x930 [ 289.332592][ T9654] ? __pfx___do_sys_getcwd+0x10/0x10 [ 289.332611][ T9654] ? __pfx_mem_cgroup_handle_over_high+0x10/0x10 [ 289.332629][ T9654] ? __pfx_ksys_write+0x10/0x10 [ 289.332651][ T9654] do_syscall_64+0xcd/0x490 [ 289.332669][ T9654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.332683][ T9654] RIP: 0033:0x7fa48398ebe9 [ 289.332695][ T9654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.332716][ T9654] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 289.332729][ T9654] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 289.332739][ T9654] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 289.332747][ T9654] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 289.332756][ T9654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 289.332765][ T9654] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 289.332784][ T9654] [ 292.619465][ T9734] __vm_enough_memory: pid: 9734, comm: syz.0.820, bytes: 4398046511104 not enough memory for the allocation [ 294.258450][ T30] audit: type=1326 audit(6138079781.341:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9762 comm="syz.2.826" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa48398ebe9 code=0x0 [ 294.312078][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 294.326885][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 294.339552][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 294.345837][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 294.523942][ T9759] nvme_fabrics: missing parameter 'transport=%s' [ 294.530689][ T9759] nvme_fabrics: missing parameter 'nqn=%s' [ 296.790899][ T9815] ptrace attach of "./syz-executor exec"[5867] was attempted by "./syz-executor exec"[9815] [ 297.483684][ T9823] block nbd9: NBD_DISCONNECT [ 297.628500][ T9825] ptrace attach of "./syz-executor exec"[5863] was attempted by "./syz-executor exec"[9825] [ 298.629554][ T9842] netlink: 28 bytes leftover after parsing attributes in process `syz.0.839'. [ 298.742726][ T9842] veth0_macvtap: left promiscuous mode [ 299.837104][ T9867] Invalid ELF header magic: != ELF [ 300.123701][ T9878] random: crng reseeded on system resumption [ 300.268799][ T9881] random: crng reseeded on system resumption [ 301.933015][ T9906] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 302.057965][ T9909] FAULT_INJECTION: forcing a failure. [ 302.057965][ T9909] name failslab, interval 1, probability 0, space 0, times 0 [ 302.088298][ T9909] CPU: 1 UID: 0 PID: 9909 Comm: syz.3.852 Not tainted syzkaller #0 PREEMPT(full) [ 302.088337][ T9909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 302.088353][ T9909] Call Trace: [ 302.088363][ T9909] [ 302.088375][ T9909] dump_stack_lvl+0x16c/0x1f0 [ 302.088417][ T9909] should_fail_ex+0x512/0x640 [ 302.088454][ T9909] ? fs_reclaim_acquire+0xae/0x150 [ 302.088497][ T9909] ? tomoyo_encode2+0x100/0x3e0 [ 302.088534][ T9909] should_failslab+0xc2/0x120 [ 302.088571][ T9909] __kmalloc_noprof+0xd2/0x510 [ 302.088604][ T9909] ? d_absolute_path+0x136/0x1a0 [ 302.088647][ T9909] tomoyo_encode2+0x100/0x3e0 [ 302.088687][ T9909] tomoyo_encode+0x29/0x50 [ 302.088718][ T9909] tomoyo_realpath_from_path+0x18f/0x6e0 [ 302.088766][ T9909] tomoyo_realpath_nofollow+0xdb/0xf0 [ 302.088802][ T9909] ? __pfx_tomoyo_realpath_nofollow+0x10/0x10 [ 302.088838][ T9909] ? tomoyo_domain+0xbb/0x150 [ 302.088864][ T9909] ? tomoyo_init_request_info+0x101/0x370 [ 302.088897][ T9909] tomoyo_find_next_domain+0x2a8/0x20b0 [ 302.088940][ T9909] ? __pfx_tomoyo_find_next_domain+0x10/0x10 [ 302.088985][ T9909] tomoyo_bprm_check_security+0x12e/0x1d0 [ 302.089012][ T9909] ? tomoyo_bprm_check_security+0x120/0x1d0 [ 302.089041][ T9909] security_bprm_check+0x1b9/0x1e0 [ 302.089069][ T9909] bprm_execve+0x81a/0x1640 [ 302.089106][ T9909] ? __pfx_bprm_execve+0x10/0x10 [ 302.089133][ T9909] ? copy_string_kernel+0x460/0x520 [ 302.089165][ T9909] do_execveat_common.isra.0+0x4a5/0x610 [ 302.089201][ T9909] __x64_sys_execve+0x8e/0xb0 [ 302.089231][ T9909] do_syscall_64+0xcd/0x490 [ 302.089268][ T9909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.089295][ T9909] RIP: 0033:0x7fdacd98ebe9 [ 302.089315][ T9909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.089337][ T9909] RSP: 002b:00007fdace865038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 302.089360][ T9909] RAX: ffffffffffffffda RBX: 00007fdacdbb6090 RCX: 00007fdacd98ebe9 [ 302.089378][ T9909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 302.089395][ T9909] RBP: 00007fdacda11e19 R08: 0000000000000000 R09: 0000000000000000 [ 302.089411][ T9909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.089427][ T9909] R13: 00007fdacdbb6128 R14: 00007fdacdbb6090 R15: 00007ffcecab97c8 [ 302.089464][ T9909] [ 302.089840][ T9909] ERROR: Out of memory at tomoyo_realpath_from_path. [ 303.332425][ T9919] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 303.669865][ T9956] FAULT_INJECTION: forcing a failure. [ 303.669865][ T9956] name failslab, interval 1, probability 0, space 0, times 0 [ 303.683660][ T9956] CPU: 0 UID: 0 PID: 9956 Comm: syz.2.861 Not tainted syzkaller #0 PREEMPT(full) [ 303.683682][ T9956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 303.683691][ T9956] Call Trace: [ 303.683696][ T9956] [ 303.683702][ T9956] dump_stack_lvl+0x16c/0x1f0 [ 303.683726][ T9956] should_fail_ex+0x512/0x640 [ 303.683745][ T9956] ? fs_reclaim_acquire+0xae/0x150 [ 303.683768][ T9956] should_failslab+0xc2/0x120 [ 303.683786][ T9956] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 303.683803][ T9956] ? security_inode_alloc+0x3b/0x2b0 [ 303.683822][ T9956] security_inode_alloc+0x3b/0x2b0 [ 303.683839][ T9956] inode_init_always_gfp+0xce4/0x1030 [ 303.683858][ T9956] alloc_inode+0x86/0x240 [ 303.683877][ T9956] new_inode+0x22/0x1c0 [ 303.683897][ T9956] mqueue_get_inode+0x2e/0xdd0 [ 303.683913][ T9956] mqueue_create_attr+0x261/0x440 [ 303.683930][ T9956] vfs_mkobj+0x3db/0x620 [ 303.683942][ T9956] ? __pfx_mqueue_create_attr+0x10/0x10 [ 303.683964][ T9956] do_mq_open+0x71e/0x8c0 [ 303.683981][ T9956] ? __pfx_do_mq_open+0x10/0x10 [ 303.684001][ T9956] __x64_sys_mq_open+0x155/0x1e0 [ 303.684015][ T9956] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 303.684039][ T9956] do_syscall_64+0xcd/0x490 [ 303.684060][ T9956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.684074][ T9956] RIP: 0033:0x7fa48398ebe9 [ 303.684086][ T9956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.684100][ T9956] RSP: 002b:00007fa48476b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 303.684114][ T9956] RAX: ffffffffffffffda RBX: 00007fa483bb6180 RCX: 00007fa48398ebe9 [ 303.684123][ T9956] RDX: 000000000000f7e0 RSI: 00000000000061e4 RDI: 0000200000000040 [ 303.684132][ T9956] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 303.684141][ T9956] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 303.684150][ T9956] R13: 00007fa483bb6218 R14: 00007fa483bb6180 R15: 00007fff2bc20a68 [ 303.684168][ T9956] [ 304.937992][ T9978] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 305.933744][ T9992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.873'. [ 306.271066][T10006] ubi0: attaching mtd0 [ 306.278800][T10006] ubi0: scanning is finished [ 306.482523][T10006] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 306.500379][T10006] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 306.507948][T10006] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 306.580430][T10006] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 306.627452][T10006] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 306.637198][T10006] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 306.646081][T10006] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 306.658114][T10006] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 306.671572][T10009] ubi0: background thread "ubi_bgt0d" started, PID 10009 [ 306.682905][T10007] ubi0: detaching mtd0 [ 306.714824][T10007] ubi0: mtd0 is detached [ 308.386459][T10028] ubi0: attaching mtd0 [ 308.392797][T10028] ubi0: scanning is finished [ 308.499283][T10028] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 308.509299][T10028] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 308.547665][T10027] FAULT_INJECTION: forcing a failure. [ 308.547665][T10027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.603166][T10027] CPU: 0 UID: 0 PID: 10027 Comm: syz.0.881 Not tainted syzkaller #0 PREEMPT(full) [ 308.603175][T10028] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 308.603199][T10027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 308.603213][T10027] Call Trace: [ 308.603221][T10027] [ 308.603228][T10027] dump_stack_lvl+0x16c/0x1f0 [ 308.603261][T10027] should_fail_ex+0x512/0x640 [ 308.603300][T10027] core_sys_select+0x4c5/0xc10 [ 308.603336][T10027] ? __pfx_core_sys_select+0x10/0x10 [ 308.603367][T10027] ? proc_fail_nth_write+0x9f/0x220 [ 308.603423][T10027] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 308.603464][T10027] kern_select+0x15d/0x1e0 [ 308.603490][T10027] ? __pfx_kern_select+0x10/0x10 [ 308.603520][T10027] ? __pfx_ksys_write+0x10/0x10 [ 308.603557][T10027] __x64_sys_select+0xbd/0x160 [ 308.603581][T10027] ? do_syscall_64+0x91/0x490 [ 308.603612][T10027] ? lockdep_hardirqs_on+0x7c/0x110 [ 308.603642][T10027] do_syscall_64+0xcd/0x490 [ 308.603676][T10027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.603701][T10027] RIP: 0033:0x7f62dd78ebe9 [ 308.603721][T10027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.603751][T10027] RSP: 002b:00007f62de572038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 308.603775][T10027] RAX: ffffffffffffffda RBX: 00007f62dd9b6090 RCX: 00007f62dd78ebe9 [ 308.603791][T10027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 308.603806][T10027] RBP: 00007f62de572090 R08: 0000000000000000 R09: 0000000000000000 [ 308.603822][T10027] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 308.603837][T10027] R13: 00007f62dd9b6128 R14: 00007f62dd9b6090 R15: 00007ffd8e9e1db8 [ 308.603871][T10027] [ 308.837669][T10028] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 308.903152][T10028] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 308.921531][T10028] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 309.010667][T10028] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 309.031716][T10028] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 309.052276][T10030] ubi0: background thread "ubi_bgt0d" started, PID 10030 [ 309.059410][T10029] ubi0: detaching mtd0 [ 309.074404][T10029] ubi0: mtd0 is detached [ 309.127312][T10033] ubi0: attaching mtd0 [ 309.137965][T10033] ubi0: scanning is finished [ 309.314506][T10033] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 309.336348][T10033] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 309.345639][T10033] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 309.360377][T10033] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 309.368055][T10033] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 309.380213][T10033] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 309.388510][T10033] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 309.403907][T10033] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 309.414096][T10036] ubi0: detaching mtd0 [ 309.471705][T10041] ubi0: background thread "ubi_bgt0d" started, PID 10041 [ 309.505419][T10036] ubi0: mtd0 is detached [ 309.529442][T10046] ubi0: attaching mtd0 [ 309.546113][T10046] ubi0: scanning is finished [ 309.916402][T10046] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 309.924436][T10046] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 310.003523][T10046] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 310.010855][T10046] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 310.019846][T10060] FAULT_INJECTION: forcing a failure. [ 310.019846][T10060] name failslab, interval 1, probability 0, space 0, times 0 [ 310.040411][T10060] CPU: 1 UID: 0 PID: 10060 Comm: syz.3.887 Not tainted syzkaller #0 PREEMPT(full) [ 310.040445][T10060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 310.040459][T10060] Call Trace: [ 310.040467][T10060] [ 310.040477][T10060] dump_stack_lvl+0x16c/0x1f0 [ 310.040516][T10060] should_fail_ex+0x512/0x640 [ 310.040552][T10060] ? __kmalloc_noprof+0xbf/0x510 [ 310.040583][T10060] ? lsm_blob_alloc+0x68/0x90 [ 310.040612][T10060] should_failslab+0xc2/0x120 [ 310.040645][T10060] __kmalloc_noprof+0xd2/0x510 [ 310.040684][T10060] lsm_blob_alloc+0x68/0x90 [ 310.040708][T10060] security_sk_alloc+0x30/0x270 [ 310.040739][T10060] sk_prot_alloc+0x1c7/0x2a0 [ 310.040780][T10060] sk_alloc+0x36/0xc20 [ 310.040814][T10060] mISDN_sock_create+0x275/0x410 [ 310.040849][T10060] __sock_create+0x338/0x8d0 [ 310.040880][T10060] __sys_socket+0x14d/0x260 [ 310.040904][T10060] ? __fget_files+0x20e/0x3c0 [ 310.040934][T10060] ? __pfx___sys_socket+0x10/0x10 [ 310.040959][T10060] ? xfd_validate_state+0x61/0x180 [ 310.041005][T10060] __x64_sys_socket+0x72/0xb0 [ 310.041031][T10060] ? lockdep_hardirqs_on+0x7c/0x110 [ 310.041063][T10060] do_syscall_64+0xcd/0x490 [ 310.041100][T10060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.041124][T10060] RIP: 0033:0x7fdacd98ebe9 [ 310.041145][T10060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.041170][T10060] RSP: 002b:00007fdace886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 310.041185][T10060] RAX: ffffffffffffffda RBX: 00007fdacdbb5fa0 RCX: 00007fdacd98ebe9 [ 310.041195][T10060] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000022 [ 310.041204][T10060] RBP: 00007fdacda11e19 R08: 0000000000000000 R09: 0000000000000000 [ 310.041213][T10060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 310.041222][T10060] R13: 00007fdacdbb6038 R14: 00007fdacdbb5fa0 R15: 00007ffcecab97c8 [ 310.041241][T10060] [ 310.090552][ C1] vkms_vblank_simulate: vblank timer overrun [ 310.095234][T10046] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 310.276254][T10046] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 310.306395][T10046] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 310.322510][T10046] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 310.332979][T10054] ubi0: background thread "ubi_bgt0d" started, PID 10054 [ 310.334976][T10050] ubi0: detaching mtd0 [ 310.367661][T10050] ubi0: mtd0 is detached [ 311.584966][T10101] FAULT_INJECTION: forcing a failure. [ 311.584966][T10101] name failslab, interval 1, probability 0, space 0, times 0 [ 311.614158][T10101] CPU: 0 UID: 0 PID: 10101 Comm: syz.1.898 Not tainted syzkaller #0 PREEMPT(full) [ 311.614181][T10101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 311.614190][T10101] Call Trace: [ 311.614195][T10101] [ 311.614202][T10101] dump_stack_lvl+0x16c/0x1f0 [ 311.614226][T10101] should_fail_ex+0x512/0x640 [ 311.614246][T10101] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 311.614266][T10101] should_failslab+0xc2/0x120 [ 311.614283][T10101] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 311.614301][T10101] ? __d_alloc+0x32/0xae0 [ 311.614320][T10101] __d_alloc+0x32/0xae0 [ 311.614338][T10101] d_alloc_parallel+0x111/0x1480 [ 311.614364][T10101] ? register_lock_class+0x41/0x4c0 [ 311.614383][T10101] ? __lock_acquire+0xb97/0x1ce0 [ 311.614399][T10101] ? __pfx_d_alloc_parallel+0x10/0x10 [ 311.614421][T10101] ? lockdep_init_map_type+0x5c/0x280 [ 311.614440][T10101] ? lockdep_init_map_type+0x5c/0x280 [ 311.614462][T10101] __lookup_slow+0x193/0x460 [ 311.614483][T10101] ? __pfx___lookup_slow+0x10/0x10 [ 311.614514][T10101] ? lookup_fast+0x156/0x610 [ 311.614531][T10101] walk_component+0x353/0x5b0 [ 311.614546][T10101] link_path_walk+0x627/0xe20 [ 311.614567][T10101] path_lookupat+0x15a/0x6d0 [ 311.614581][T10101] ? __lock_acquire+0xb97/0x1ce0 [ 311.614600][T10101] filename_lookup+0x224/0x5f0 [ 311.614617][T10101] ? __pfx_filename_lookup+0x10/0x10 [ 311.614654][T10101] ? getname_flags.part.0+0x1c5/0x550 [ 311.614679][T10101] user_path_at+0x3a/0x60 [ 311.614695][T10101] vfs_open_tree+0x2ca/0x910 [ 311.614711][T10101] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 311.614732][T10101] ? __pfx_vfs_open_tree+0x10/0x10 [ 311.614748][T10101] ? xfd_validate_state+0x61/0x180 [ 311.614772][T10101] __x64_sys_open_tree+0x84/0x130 [ 311.614790][T10101] do_syscall_64+0xcd/0x490 [ 311.614809][T10101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.614824][T10101] RIP: 0033:0x7efce0f8ebe9 [ 311.614836][T10101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.614850][T10101] RSP: 002b:00007efce1d8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 311.614863][T10101] RAX: ffffffffffffffda RBX: 00007efce11b5fa0 RCX: 00007efce0f8ebe9 [ 311.614873][T10101] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 311.614882][T10101] RBP: 00007efce1011e19 R08: 0000000000000000 R09: 0000000000000000 [ 311.614890][T10101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.614898][T10101] R13: 00007efce11b6038 R14: 00007efce11b5fa0 R15: 00007ffe4112a0c8 [ 311.614917][T10101] [ 312.195977][T10109] netlink: 334 bytes leftover after parsing attributes in process `syz.1.900'. [ 313.174376][T10144] FAULT_INJECTION: forcing a failure. [ 313.174376][T10144] name failslab, interval 1, probability 0, space 0, times 0 [ 313.187216][T10144] CPU: 0 UID: 0 PID: 10144 Comm: syz.2.908 Not tainted syzkaller #0 PREEMPT(full) [ 313.187249][T10144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 313.187264][T10144] Call Trace: [ 313.187272][T10144] [ 313.187283][T10144] dump_stack_lvl+0x16c/0x1f0 [ 313.187323][T10144] should_fail_ex+0x512/0x640 [ 313.187352][T10144] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 313.187383][T10144] should_failslab+0xc2/0x120 [ 313.187418][T10144] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 313.187447][T10144] ? d_instantiate+0x77/0x90 [ 313.187479][T10144] ? alloc_empty_file+0x55/0x1e0 [ 313.187528][T10144] alloc_empty_file+0x55/0x1e0 [ 313.187569][T10144] alloc_file_pseudo+0x13a/0x230 [ 313.187606][T10144] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 313.187644][T10144] ? alloc_fd+0x471/0x7d0 [ 313.187675][T10144] sock_alloc_file+0x50/0x210 [ 313.187712][T10144] __sys_socket+0x1c0/0x260 [ 313.187738][T10144] ? __pfx___sys_socket+0x10/0x10 [ 313.187764][T10144] ? xfd_validate_state+0x61/0x180 [ 313.187796][T10144] ? __pfx_do_writev+0x10/0x10 [ 313.187829][T10144] __x64_sys_socket+0x72/0xb0 [ 313.187854][T10144] ? lockdep_hardirqs_on+0x7c/0x110 [ 313.187885][T10144] do_syscall_64+0xcd/0x490 [ 313.187922][T10144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.187949][T10144] RIP: 0033:0x7fa48398ebe9 [ 313.187970][T10144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.187995][T10144] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 313.188020][T10144] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 313.188039][T10144] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 313.188056][T10144] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 313.188071][T10144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.188086][T10144] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 313.188117][T10144] [ 314.176014][T10126] vivid-007: ================= START STATUS ================= [ 314.226924][T10126] vivid-007: Generate PTS: true [ 314.256048][T10126] vivid-007: Generate SCR: true [ 314.275306][T10126] tpg source WxH: 320x240 (Y'CbCr) [ 314.314445][T10126] tpg field: 1 [ 314.323950][T10126] tpg crop: (0,0)/320x240 [ 314.344191][T10126] tpg compose: (0,0)/320x240 [ 314.358073][T10126] tpg colorspace: 8 [ 314.377710][T10126] tpg transfer function: 0/0 [ 314.431191][T10126] tpg Y'CbCr encoding: 0/0 [ 314.437152][T10126] tpg quantization: 0/0 [ 314.441426][T10126] tpg RGB range: 0/2 [ 314.458209][T10126] vivid-007: ================== END STATUS ================== [ 314.561112][T10168] HfR: entered promiscuous mode [ 314.836619][T10168] netlink: 32 bytes leftover after parsing attributes in process `syz.1.911'. [ 315.020979][T10168] program syz.1.911 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 316.133775][T10205] netlink: 16 bytes leftover after parsing attributes in process `syz.0.920'. [ 316.222152][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.228712][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.635839][T10215] random: crng reseeded on system resumption [ 320.939552][T10277] random: crng reseeded on system resumption [ 320.946279][T10277] FAULT_INJECTION: forcing a failure. [ 320.946279][T10277] name failslab, interval 1, probability 0, space 0, times 0 [ 320.959196][T10277] CPU: 1 UID: 0 PID: 10277 Comm: syz.3.931 Not tainted syzkaller #0 PREEMPT(full) [ 320.959229][T10277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 320.959243][T10277] Call Trace: [ 320.959255][T10277] [ 320.959265][T10277] dump_stack_lvl+0x116/0x1f0 [ 320.959304][T10277] should_fail_ex+0x512/0x640 [ 320.959342][T10277] should_failslab+0xc2/0x120 [ 320.959374][T10277] __kmalloc_cache_noprof+0x6a/0x3e0 [ 320.959400][T10277] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 320.959432][T10277] ? alloc_fw_cache_entry+0x3f/0xd0 [ 320.959471][T10277] ? __pfx_fw_name_devm_release+0x10/0x10 [ 320.959487][T10277] alloc_fw_cache_entry+0x3f/0xd0 [ 320.959504][T10277] dev_create_fw_entry+0x3d/0x150 [ 320.959521][T10277] ? __pfx_fw_name_devm_release+0x10/0x10 [ 320.959535][T10277] devres_for_each_res+0x170/0x1d0 [ 320.959557][T10277] ? __pfx_devm_name_match+0x10/0x10 [ 320.959570][T10277] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 320.959587][T10277] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 320.959603][T10277] dev_cache_fw_image+0xa2/0x490 [ 320.959620][T10277] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 320.959639][T10277] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 320.959656][T10277] dpm_for_each_dev+0x5a/0xb0 [ 320.959671][T10277] fw_pm_notify+0x81/0x150 [ 320.959685][T10277] notifier_call_chain+0xb9/0x410 [ 320.959702][T10277] ? __pfx_fw_pm_notify+0x10/0x10 [ 320.959721][T10277] blocking_notifier_call_chain_robust+0xc8/0x160 [ 320.959740][T10277] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 320.959765][T10277] pm_notifier_call_chain_robust+0x27/0x60 [ 320.959783][T10277] snapshot_open+0x218/0x2b0 [ 320.959845][T10277] ? __pfx_snapshot_open+0x10/0x10 [ 320.959862][T10277] misc_open+0x35a/0x420 [ 320.959879][T10277] ? __pfx_misc_open+0x10/0x10 [ 320.959894][T10277] chrdev_open+0x234/0x6a0 [ 320.959911][T10277] ? __pfx_apparmor_file_open+0x10/0x10 [ 320.959927][T10277] ? __pfx_chrdev_open+0x10/0x10 [ 320.959946][T10277] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 320.959965][T10277] do_dentry_open+0x982/0x1530 [ 320.959983][T10277] ? __pfx_chrdev_open+0x10/0x10 [ 320.960005][T10277] vfs_open+0x82/0x3f0 [ 320.960028][T10277] path_openat+0x1de4/0x2cb0 [ 320.960051][T10277] ? __pfx_path_openat+0x10/0x10 [ 320.960073][T10277] do_filp_open+0x20b/0x470 [ 320.960089][T10277] ? __pfx_do_filp_open+0x10/0x10 [ 320.960120][T10277] ? alloc_fd+0x471/0x7d0 [ 320.960141][T10277] do_sys_openat2+0x11b/0x1d0 [ 320.960160][T10277] ? __pfx_do_sys_openat2+0x10/0x10 [ 320.960182][T10277] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 320.960205][T10277] __x64_sys_openat+0x174/0x210 [ 320.960225][T10277] ? __pfx___x64_sys_openat+0x10/0x10 [ 320.960254][T10277] do_syscall_64+0xcd/0x490 [ 320.960274][T10277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.960289][T10277] RIP: 0033:0x7fdacd98ebe9 [ 320.960303][T10277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.960317][T10277] RSP: 002b:00007fdace886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 320.960332][T10277] RAX: ffffffffffffffda RBX: 00007fdacdbb5fa0 RCX: 00007fdacd98ebe9 [ 320.960341][T10277] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 320.960351][T10277] RBP: 00007fdacda11e19 R08: 0000000000000000 R09: 0000000000000000 [ 320.960359][T10277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.960368][T10277] R13: 00007fdacdbb6038 R14: 00007fdacdbb5fa0 R15: 00007ffcecab97c8 [ 320.960390][T10277] [ 324.662139][T10353] ubi0: attaching mtd0 [ 324.667710][T10353] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 324.681567][T10353] ubi0 error: validate_ec_hdr: bad EC header [ 324.687709][T10353] Erase counter header dump: [ 324.693936][T10353] magic 0x55424923 [ 324.704474][T10353] version 1 [ 324.708314][T10353] ec 1 [ 324.719231][T10353] vid_hdr_offset 64 [ 324.723266][T10353] data_offset 128 [ 324.727256][T10353] image_seq -1593496707 [ 324.739788][T10353] hdr_crc 0x403adfbc [ 324.744496][T10353] erase counter header hexdump: [ 324.749447][T10353] CPU: 1 UID: 0 PID: 10353 Comm: syz.2.955 Not tainted syzkaller #0 PREEMPT(full) [ 324.749479][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 324.749496][T10353] Call Trace: [ 324.749508][T10353] [ 324.749519][T10353] dump_stack_lvl+0x16c/0x1f0 [ 324.749562][T10353] validate_ec_hdr+0x28c/0x330 [ 324.749619][T10353] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 324.749658][T10353] ubi_attach+0x5e7/0x4bd0 [ 324.749711][T10353] ? __pfx_ubi_msg+0x10/0x10 [ 324.749738][T10353] ? __pfx_ubi_attach+0x10/0x10 [ 324.749773][T10353] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 324.749797][T10353] ? __vmalloc_node_noprof+0xad/0xf0 [ 324.749819][T10353] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 324.749846][T10353] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 324.749887][T10353] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 324.749911][T10353] ? __pfx_get_mtd_device+0x10/0x10 [ 324.749952][T10353] ctrl_cdev_ioctl+0x337/0x3d0 [ 324.749978][T10353] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 324.750013][T10353] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 324.750039][T10353] __x64_sys_ioctl+0x18b/0x210 [ 324.750078][T10353] do_syscall_64+0xcd/0x490 [ 324.750113][T10353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.750136][T10353] RIP: 0033:0x7fa48398ebe9 [ 324.750155][T10353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.750179][T10353] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 324.750202][T10353] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 324.750217][T10353] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000007 [ 324.750234][T10353] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 324.750248][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.750262][T10353] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 324.750290][T10353] [ 325.108879][T10353] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 325.201250][T10353] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 325.250645][T10363] ubi0: attaching mtd0 [ 325.254764][T10363] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 325.560880][T10376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.962'. [ 325.626896][T10378] __vm_enough_memory: pid: 10378, comm: syz.3.960, bytes: 4398046511104 not enough memory for the allocation [ 327.234828][T10402] zram: Can't change algorithm for initialized device [ 328.021333][T10415] ubi0: attaching mtd0 [ 328.026592][T10415] ubi0: scanning is finished [ 328.283540][T10422] __vm_enough_memory: pid: 10422, comm: syz.2.973, bytes: 4398046511104 not enough memory for the allocation [ 328.423571][T10416] vivid-003: ================= START STATUS ================= [ 328.432540][T10416] vivid-003: Radio HW Seek Mode: Bounded [ 328.438242][T10416] vivid-003: Radio Programmable HW Seek: false [ 328.444549][T10416] vivid-003: RDS Rx I/O Mode: Block I/O [ 328.450616][T10416] vivid-003: Generate RBDS Instead of RDS: false [ 328.457031][T10416] vivid-003: RDS Reception: true [ 328.462054][T10416] vivid-003: RDS Program Type: 0 inactive [ 328.467848][T10416] vivid-003: RDS PS Name: inactive [ 328.476066][T10416] vivid-003: RDS Radio Text: inactive [ 328.482386][T10416] vivid-003: RDS Traffic Announcement: false inactive [ 328.489787][T10416] vivid-003: RDS Traffic Program: false inactive [ 328.496493][T10416] vivid-003: RDS Music: false inactive [ 328.502169][T10416] vivid-003: ================== END STATUS ================== [ 328.803058][T10415] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 328.869351][T10415] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 328.888296][T10415] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 329.020439][T10415] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 329.150937][T10415] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 329.176788][T10415] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 329.225114][T10431] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.974' sets config #4 [ 329.284231][T10415] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 330.162649][T10439] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 330.267714][T10415] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 330.490105][T10421] ubi0: detaching mtd0 [ 330.499249][T10427] ubi0: background thread "ubi_bgt0d" started, PID 10427 [ 330.681621][T10421] ubi0: mtd0 is detached [ 331.231023][T10456] netlink: 12 bytes leftover after parsing attributes in process `syz.2.980'. [ 332.390501][T10471] netlink: 8 bytes leftover after parsing attributes in process `syz.2.984'. [ 332.993036][T10477] FAULT_INJECTION: forcing a failure. [ 332.993036][T10477] name failslab, interval 1, probability 0, space 0, times 0 [ 333.053026][T10477] CPU: 0 UID: 0 PID: 10477 Comm: syz.0.985 Not tainted syzkaller #0 PREEMPT(full) [ 333.053063][T10477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 333.053077][T10477] Call Trace: [ 333.053086][T10477] [ 333.053095][T10477] dump_stack_lvl+0x16c/0x1f0 [ 333.053134][T10477] should_fail_ex+0x512/0x640 [ 333.053168][T10477] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 333.053202][T10477] should_failslab+0xc2/0x120 [ 333.053232][T10477] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 333.053261][T10477] ? getname_flags.part.0+0x4c/0x550 [ 333.053303][T10477] getname_flags.part.0+0x4c/0x550 [ 333.053344][T10477] getname_uflags+0x98/0xf0 [ 333.053371][T10477] __x64_sys_execveat+0xc4/0x120 [ 333.053403][T10477] do_syscall_64+0xcd/0x490 [ 333.053439][T10477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.053465][T10477] RIP: 0033:0x7f62dd78ebe9 [ 333.053485][T10477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.053510][T10477] RSP: 002b:00007f62de593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 333.053535][T10477] RAX: ffffffffffffffda RBX: 00007f62dd9b5fa0 RCX: 00007f62dd78ebe9 [ 333.053553][T10477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 333.053568][T10477] RBP: 00007f62de593090 R08: 0000000000011000 R09: 0000000000000000 [ 333.053585][T10477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.053607][T10477] R13: 00007f62dd9b6038 R14: 00007f62dd9b5fa0 R15: 00007ffd8e9e1db8 [ 333.053642][T10477] [ 333.758424][T10483] netlink: 'syz.3.986': attribute type 1 has an invalid length. [ 334.205402][ T30] audit: type=1804 audit(6138079830.480:16): pid=10487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.990" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=14 res=1 errno=0 [ 334.220739][T10487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.990'. [ 335.803769][ T30] audit: type=1800 audit(6138079832.109:17): pid=10510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.994" name="dbroot" dev="configfs" ino=30911 res=0 errno=0 [ 335.910105][T10510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.994'. [ 337.572796][T10535] FAULT_INJECTION: forcing a failure. [ 337.572796][T10535] name failslab, interval 1, probability 0, space 0, times 0 [ 337.585939][T10535] CPU: 0 UID: 0 PID: 10535 Comm: syz.2.996 Not tainted syzkaller #0 PREEMPT(full) [ 337.585962][T10535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 337.585972][T10535] Call Trace: [ 337.585978][T10535] [ 337.585983][T10535] dump_stack_lvl+0x16c/0x1f0 [ 337.586008][T10535] should_fail_ex+0x512/0x640 [ 337.586028][T10535] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 337.586049][T10535] should_failslab+0xc2/0x120 [ 337.586068][T10535] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 337.586086][T10535] ? __d_alloc+0x32/0xae0 [ 337.586105][T10535] __d_alloc+0x32/0xae0 [ 337.586123][T10535] d_alloc_pseudo+0x1c/0xc0 [ 337.586143][T10535] alloc_file_pseudo+0xcf/0x230 [ 337.586165][T10535] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 337.586185][T10535] ? alloc_fd+0x471/0x7d0 [ 337.586202][T10535] sock_alloc_file+0x50/0x210 [ 337.586222][T10535] __sys_socket+0x1c0/0x260 [ 337.586236][T10535] ? __pfx___sys_socket+0x10/0x10 [ 337.586255][T10535] __x64_sys_socket+0x72/0xb0 [ 337.586268][T10535] ? lockdep_hardirqs_on+0x7c/0x110 [ 337.586285][T10535] do_syscall_64+0xcd/0x490 [ 337.586304][T10535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.586319][T10535] RIP: 0033:0x7fa48398ebe9 [ 337.586331][T10535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.586344][T10535] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 337.586358][T10535] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 337.586367][T10535] RDX: 0000000000000106 RSI: 0000000000000001 RDI: 0000000000000002 [ 337.586375][T10535] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 337.586384][T10535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.586392][T10535] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 337.586409][T10535] [ 337.982654][T10535] ptrace attach of "./syz-executor exec"[10537] was attempted by "./syz-executor exec"[10535] [ 338.169940][T10540] random: crng reseeded on system resumption [ 338.608200][T10543] can: request_module (can-proto-3) failed. [ 339.389174][T10559] FAULT_INJECTION: forcing a failure. [ 339.389174][T10559] name failslab, interval 1, probability 0, space 0, times 0 [ 339.443385][T10559] CPU: 0 UID: 0 PID: 10559 Comm: syz.0.1001 Not tainted syzkaller #0 PREEMPT(full) [ 339.443425][T10559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 339.443442][T10559] Call Trace: [ 339.443451][T10559] [ 339.443460][T10559] dump_stack_lvl+0x16c/0x1f0 [ 339.443500][T10559] should_fail_ex+0x512/0x640 [ 339.443538][T10559] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 339.443576][T10559] should_failslab+0xc2/0x120 [ 339.443621][T10559] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 339.443656][T10559] ? __alloc_skb+0x2b2/0x380 [ 339.443688][T10559] __alloc_skb+0x2b2/0x380 [ 339.443716][T10559] ? __pfx___alloc_skb+0x10/0x10 [ 339.443748][T10559] ? __pfx___register_sysctl_table+0x10/0x10 [ 339.443785][T10559] ? is_module_address+0x69/0xf0 [ 339.443825][T10559] inet_netconf_notify_devconf+0x8b/0x1f0 [ 339.443869][T10559] __devinet_sysctl_register+0x227/0x360 [ 339.443915][T10559] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 339.443964][T10559] ? devinet_init_net+0xeb/0x910 [ 339.444005][T10559] ? __asan_memcpy+0x3c/0x60 [ 339.444038][T10559] devinet_init_net+0x315/0x910 [ 339.444081][T10559] ? __pfx_devinet_init_net+0x10/0x10 [ 339.444120][T10559] ops_init+0x1e2/0x5f0 [ 339.444161][T10559] setup_net+0x10f/0x380 [ 339.444194][T10559] ? lockdep_init_map_type+0x5c/0x280 [ 339.444232][T10559] ? __pfx_setup_net+0x10/0x10 [ 339.444270][T10559] ? debug_mutex_init+0x37/0x70 [ 339.444302][T10559] copy_net_ns+0x2a6/0x5f0 [ 339.444345][T10559] create_new_namespaces+0x3ea/0xa90 [ 339.444385][T10559] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 339.444420][T10559] ksys_unshare+0x45b/0xa40 [ 339.444457][T10559] ? __pfx_ksys_unshare+0x10/0x10 [ 339.444493][T10559] ? xfd_validate_state+0x61/0x180 [ 339.444542][T10559] __x64_sys_unshare+0x31/0x40 [ 339.444577][T10559] do_syscall_64+0xcd/0x490 [ 339.444626][T10559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.444655][T10559] RIP: 0033:0x7f62dd78ebe9 [ 339.444679][T10559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.444706][T10559] RSP: 002b:00007f62de593038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 339.444733][T10559] RAX: ffffffffffffffda RBX: 00007f62dd9b5fa0 RCX: 00007f62dd78ebe9 [ 339.444752][T10559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 339.444769][T10559] RBP: 00007f62dd811e19 R08: 0000000000000000 R09: 0000000000000000 [ 339.444787][T10559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 339.444804][T10559] R13: 00007f62dd9b6038 R14: 00007f62dd9b5fa0 R15: 00007ffd8e9e1db8 [ 339.444841][T10559] [ 340.412219][T10572] random: crng reseeded on system resumption [ 341.276218][T10586] __vm_enough_memory: pid: 10586, comm: syz.2.1007, bytes: 4398046511104 not enough memory for the allocation [ 342.316953][T10600] mmap: syz.3.1011 (10600): VmData 37597184 exceed data ulimit 1025. Update limits or use boot option ignore_rlimit_data. [ 342.474572][T10602] random: crng reseeded on system resumption [ 342.948785][T10609] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1013'. [ 343.441720][T10612] could not allocate digest TFM handle binfmt_misc [ 345.171057][T10649] bond0: option all_slaves_active: invalid value () [ 345.184693][T10649] bond0: option all_slaves_active: invalid value () [ 347.416146][T10662] FAULT_INJECTION: forcing a failure. [ 347.416146][T10662] name fail_futex, interval 1, probability 0, space 0, times 0 [ 347.471623][T10662] CPU: 0 UID: 0 PID: 10662 Comm: syz.0.1027 Not tainted syzkaller #0 PREEMPT(full) [ 347.471665][T10662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 347.471681][T10662] Call Trace: [ 347.471691][T10662] [ 347.471700][T10662] dump_stack_lvl+0x16c/0x1f0 [ 347.471738][T10662] should_fail_ex+0x512/0x640 [ 347.471781][T10662] get_futex_key+0x1d0/0x1560 [ 347.471813][T10662] ? unwind_get_return_address+0x59/0xa0 [ 347.471840][T10662] ? __pfx_get_futex_key+0x10/0x10 [ 347.471883][T10662] futex_wait_setup+0x9d/0x550 [ 347.471930][T10662] __futex_wait+0x194/0x2f0 [ 347.471965][T10662] ? __pfx___futex_wait+0x10/0x10 [ 347.472025][T10662] ? __pfx_futex_wake_mark+0x10/0x10 [ 347.472233][T10662] ? futex_private_hash_put+0x176/0x300 [ 347.472276][T10662] ? futex_private_hash_put+0x18a/0x300 [ 347.472308][T10662] futex_wait+0xe8/0x380 [ 347.472344][T10662] ? __pfx_futex_wait+0x10/0x10 [ 347.472385][T10662] ? rcu_is_watching+0x12/0xc0 [ 347.472410][T10662] ? kasan_quarantine_put+0x10a/0x240 [ 347.472443][T10662] ? lockdep_hardirqs_on+0x7c/0x110 [ 347.472490][T10662] do_futex+0x229/0x350 [ 347.472523][T10662] ? __pfx_do_futex+0x10/0x10 [ 347.472552][T10662] ? getname_flags.part.0+0x1c5/0x550 [ 347.472597][T10662] ? putname+0x154/0x1a0 [ 347.472634][T10662] __x64_sys_futex+0x1e0/0x4c0 [ 347.472673][T10662] ? __pfx___x64_sys_futex+0x10/0x10 [ 347.472705][T10662] ? xfd_validate_state+0x61/0x180 [ 347.472751][T10662] do_syscall_64+0xcd/0x490 [ 347.472782][T10662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.472805][T10662] RIP: 0033:0x7f62dd78ebe9 [ 347.472826][T10662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.472848][T10662] RSP: 002b:00007f62de5930e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 347.472869][T10662] RAX: ffffffffffffffda RBX: 00007f62dd9b5fa8 RCX: 00007f62dd78ebe9 [ 347.472893][T10662] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f62dd9b5fa8 [ 347.472910][T10662] RBP: 00007f62dd9b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 347.472928][T10662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.472940][T10662] R13: 00007f62dd9b6038 R14: 00007ffd8e9e1cd0 R15: 00007ffd8e9e1db8 [ 347.472973][T10662] [ 348.283540][T10674] netlink: 346 bytes leftover after parsing attributes in process `syz.0.1031'. [ 349.700553][T10700] ecryptfs_miscdev_write: Invalid packet size [111] [ 349.930131][T10706] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 351.068162][T10733] netlink: 46 bytes leftover after parsing attributes in process `syz.3.1044'. [ 351.241703][T10738] FAULT_INJECTION: forcing a failure. [ 351.241703][T10738] name fail_futex, interval 1, probability 0, space 0, times 0 [ 351.256192][T10738] CPU: 0 UID: 0 PID: 10738 Comm: syz.2.1048 Not tainted syzkaller #0 PREEMPT(full) [ 351.256213][T10738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 351.256222][T10738] Call Trace: [ 351.256227][T10738] [ 351.256233][T10738] dump_stack_lvl+0x16c/0x1f0 [ 351.256258][T10738] should_fail_ex+0x512/0x640 [ 351.256280][T10738] get_futex_key+0x1d0/0x1560 [ 351.256300][T10738] ? __pfx_get_futex_key+0x10/0x10 [ 351.256316][T10738] ? futex_private_hash_put+0x176/0x300 [ 351.256337][T10738] futex_wake+0xea/0x530 [ 351.256358][T10738] ? __pfx_futex_wake+0x10/0x10 [ 351.256381][T10738] ? do_raw_spin_lock+0x12c/0x2b0 [ 351.256401][T10738] ? find_held_lock+0x2b/0x80 [ 351.256417][T10738] do_futex+0x1e3/0x350 [ 351.256434][T10738] ? __pfx_do_futex+0x10/0x10 [ 351.256449][T10738] ? _raw_spin_unlock_irq+0x2e/0x50 [ 351.256465][T10738] ? sigprocmask+0xef/0x330 [ 351.256486][T10738] ? __pfx_sigprocmask+0x10/0x10 [ 351.256515][T10738] __x64_sys_futex+0x1e0/0x4c0 [ 351.256533][T10738] ? __x64_sys_rt_sigprocmask+0x1fd/0x290 [ 351.256548][T10738] ? __pfx___x64_sys_futex+0x10/0x10 [ 351.256571][T10738] ? xfd_validate_state+0x61/0x180 [ 351.256598][T10738] do_syscall_64+0xcd/0x490 [ 351.256617][T10738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.256632][T10738] RIP: 0033:0x7fa48398ebe9 [ 351.256644][T10738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.256658][T10738] RSP: 002b:00007fff2bc20bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 351.256672][T10738] RAX: ffffffffffffffda RBX: 00007fa483bb5fa8 RCX: 00007fa48398ebe9 [ 351.256682][T10738] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa483bb5fa8 [ 351.256690][T10738] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000001d2bc20ebf [ 351.256698][T10738] R10: 00007fa483bb5fa0 R11: 0000000000000246 R12: 00007fa483bb5fac [ 351.256707][T10738] R13: 00007fa483bb5fa0 R14: 0000000000001f75 R15: 0000000000000003 [ 351.256724][T10738] [ 351.465718][ C0] vkms_vblank_simulate: vblank timer overrun [ 352.162118][T10766] random: crng reseeded on system resumption [ 352.415385][T10773] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 353.304225][T10767] zswap: compressor not available [ 353.459205][T10776] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 353.961937][T10779] kexec: Could not allocate control_code_buffer [ 355.291398][ T7454] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 355.611182][T10830] random: crng reseeded on system resumption [ 357.603580][T10869] lo: entered allmulticast mode [ 357.633263][T10869] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1070'. [ 357.714863][T10870] lo: left allmulticast mode [ 357.779151][T10869] blktrace: Concurrent blktraces are not allowed on loop2 [ 358.195088][T10883] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1073'. [ 359.844106][T10912] capability: warning: `syz.3.1079' uses 32-bit capabilities (legacy support in use) [ 360.382003][T10918] vivid-007: ================= START STATUS ================= [ 360.390576][T10918] vivid-007: Generate PTS: true [ 360.396769][T10918] vivid-007: Generate SCR: true [ 360.401998][T10918] tpg source WxH: 320x240 (Y'CbCr) [ 360.407548][T10918] tpg field: 1 [ 360.411042][T10918] tpg crop: (0,0)/320x240 [ 360.416678][T10918] tpg compose: (0,0)/320x240 [ 360.422478][T10918] tpg colorspace: 8 [ 360.429966][T10918] tpg transfer function: 0/0 [ 360.437320][T10918] tpg Y'CbCr encoding: 0/0 [ 360.442165][T10918] tpg quantization: 0/0 [ 360.457496][T10918] tpg RGB range: 0/2 [ 360.462213][T10918] vivid-007: ================== END STATUS ================== [ 360.735873][T10922] can: request_module (can-proto-3) failed. [ 360.944007][T10932] FAULT_INJECTION: forcing a failure. [ 360.944007][T10932] name failslab, interval 1, probability 0, space 0, times 0 [ 360.961417][T10932] CPU: 1 UID: 0 PID: 10932 Comm: syz.1.1085 Not tainted syzkaller #0 PREEMPT(full) [ 360.961457][T10932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 360.961474][T10932] Call Trace: [ 360.961482][T10932] [ 360.961493][T10932] dump_stack_lvl+0x16c/0x1f0 [ 360.961533][T10932] should_fail_ex+0x512/0x640 [ 360.961569][T10932] ? __kmalloc_noprof+0xbf/0x510 [ 360.961599][T10932] ? kstrdup_quotable+0xc2/0x190 [ 360.961626][T10932] should_failslab+0xc2/0x120 [ 360.961680][T10932] __kmalloc_noprof+0xd2/0x510 [ 360.961727][T10932] kstrdup_quotable+0xc2/0x190 [ 360.961759][T10932] ? __pfx_kstrdup_quotable+0x10/0x10 [ 360.961790][T10932] ? get_cmdline+0x86/0x380 [ 360.961832][T10932] kstrdup_quotable_cmdline+0x127/0x210 [ 360.961867][T10932] __report_access+0x77/0x370 [ 360.961903][T10932] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.961938][T10932] task_work_run+0x14d/0x240 [ 360.961980][T10932] ? __pfx_task_work_run+0x10/0x10 [ 360.962035][T10932] exit_to_user_mode_loop+0xeb/0x110 [ 360.962073][T10932] do_syscall_64+0x3f6/0x490 [ 360.962112][T10932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.962140][T10932] RIP: 0033:0x7efce0f8ebe9 [ 360.962162][T10932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 360.962189][T10932] RSP: 002b:00007efce1d8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 360.962215][T10932] RAX: ffffffffffffffff RBX: 00007efce11b5fa0 RCX: 00007efce0f8ebe9 [ 360.962234][T10932] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206 [ 360.962251][T10932] RBP: 00007efce1011e19 R08: 0000000000000000 R09: 0000000000000000 [ 360.962267][T10932] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000000 [ 360.962284][T10932] R13: 00007efce11b6038 R14: 00007efce11b5fa0 R15: 00007ffe4112a0c8 [ 360.962320][T10932] [ 360.962435][T10932] ptrace attach of "./syz-executor exec"[5863] was attempted by "(null)"[10932] [ 361.129567][T10926] aoe: invalid device specification [ 361.366120][T10941] ubi0: attaching mtd0 [ 361.372287][T10941] ubi0: scanning is finished [ 361.492567][T10941] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 361.502334][T10941] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 361.511004][T10941] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 361.517991][T10941] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 361.526654][T10941] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 361.533813][T10941] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 361.543237][T10941] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 361.556872][T10941] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 361.570528][T10944] ubi0: background thread "ubi_bgt0d" started, PID 10944 [ 361.584360][T10942] ubi0: detaching mtd0 [ 361.600410][T10942] ubi0: mtd0 is detached [ 361.625246][T10946] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1087'. [ 363.056300][T10966] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1092'. [ 363.074925][T10964] FAULT_INJECTION: forcing a failure. [ 363.074925][T10964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 363.090064][T10964] CPU: 1 UID: 0 PID: 10964 Comm: syz.0.1091 Not tainted syzkaller #0 PREEMPT(full) [ 363.090102][T10964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 363.090119][T10964] Call Trace: [ 363.090127][T10964] [ 363.090138][T10964] dump_stack_lvl+0x16c/0x1f0 [ 363.090179][T10964] should_fail_ex+0x512/0x640 [ 363.090228][T10964] _copy_to_user+0x32/0xd0 [ 363.090331][T10964] do_pages_stat+0x631/0x820 [ 363.090383][T10964] ? __pfx_do_pages_stat+0x10/0x10 [ 363.090453][T10964] ? do_raw_spin_unlock+0x172/0x230 [ 363.090502][T10964] kernel_move_pages+0xfa8/0x1380 [ 363.090549][T10964] ? do_futex+0x122/0x350 [ 363.090584][T10964] ? __pfx_do_futex+0x10/0x10 [ 363.090620][T10964] ? __pfx_kernel_move_pages+0x10/0x10 [ 363.090664][T10964] ? __x64_sys_futex+0x1e0/0x4c0 [ 363.090691][T10964] ? __x64_sys_futex+0x1e9/0x4c0 [ 363.090727][T10964] ? xfd_validate_state+0x61/0x180 [ 363.090773][T10964] ? __pfx_do_writev+0x10/0x10 [ 363.090808][T10964] __x64_sys_move_pages+0xe0/0x1c0 [ 363.090849][T10964] ? do_syscall_64+0x91/0x490 [ 363.090884][T10964] ? lockdep_hardirqs_on+0x7c/0x110 [ 363.090916][T10964] do_syscall_64+0xcd/0x490 [ 363.090950][T10964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.090978][T10964] RIP: 0033:0x7f62dd78ebe9 [ 363.091000][T10964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.091028][T10964] RSP: 002b:00007f62de572038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 363.091053][T10964] RAX: ffffffffffffffda RBX: 00007f62dd9b6090 RCX: 00007f62dd78ebe9 [ 363.091072][T10964] RDX: 0000000000000000 RSI: 0002000000000003 RDI: 0000000000000001 [ 363.091089][T10964] RBP: 00007f62dd811e19 R08: 0000000000000000 R09: 8000400000000000 [ 363.091107][T10964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 363.091124][T10964] R13: 00007f62dd9b6128 R14: 00007f62dd9b6090 R15: 00007ffd8e9e1db8 [ 363.091160][T10964] [ 363.287492][ C1] vkms_vblank_simulate: vblank timer overrun [ 363.334473][T10967] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1092'. [ 363.930417][T10985] random: crng reseeded on system resumption [ 363.939229][T10985] FAULT_INJECTION: forcing a failure. [ 363.939229][T10985] name failslab, interval 1, probability 0, space 0, times 0 [ 363.952048][T10985] CPU: 1 UID: 0 PID: 10985 Comm: syz.2.1098 Not tainted syzkaller #0 PREEMPT(full) [ 363.952086][T10985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 363.952104][T10985] Call Trace: [ 363.952115][T10985] [ 363.952126][T10985] dump_stack_lvl+0x116/0x1f0 [ 363.952167][T10985] should_fail_ex+0x512/0x640 [ 363.952210][T10985] should_failslab+0xc2/0x120 [ 363.952247][T10985] __kmalloc_cache_noprof+0x6a/0x3e0 [ 363.952277][T10985] ? alloc_fw_cache_entry+0x3f/0xd0 [ 363.952310][T10985] ? __pfx_fw_name_devm_release+0x10/0x10 [ 363.952341][T10985] alloc_fw_cache_entry+0x3f/0xd0 [ 363.952372][T10985] dev_create_fw_entry+0x3d/0x150 [ 363.952404][T10985] ? __pfx_fw_name_devm_release+0x10/0x10 [ 363.952439][T10985] devres_for_each_res+0x170/0x1d0 [ 363.952479][T10985] ? __pfx_devm_name_match+0x10/0x10 [ 363.952506][T10985] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 363.952540][T10985] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 363.952573][T10985] dev_cache_fw_image+0xa2/0x490 [ 363.952607][T10985] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 363.952645][T10985] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 363.952678][T10985] dpm_for_each_dev+0x5a/0xb0 [ 363.952708][T10985] fw_pm_notify+0x81/0x150 [ 363.952735][T10985] notifier_call_chain+0xb9/0x410 [ 363.952768][T10985] ? __pfx_fw_pm_notify+0x10/0x10 [ 363.952806][T10985] blocking_notifier_call_chain_robust+0xc8/0x160 [ 363.952844][T10985] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 363.952894][T10985] pm_notifier_call_chain_robust+0x27/0x60 [ 363.952932][T10985] snapshot_open+0x218/0x2b0 [ 363.952963][T10985] ? __pfx_snapshot_open+0x10/0x10 [ 363.952996][T10985] misc_open+0x35a/0x420 [ 363.953045][T10985] ? __pfx_misc_open+0x10/0x10 [ 363.953073][T10985] chrdev_open+0x234/0x6a0 [ 363.953108][T10985] ? __pfx_apparmor_file_open+0x10/0x10 [ 363.953138][T10985] ? __pfx_chrdev_open+0x10/0x10 [ 363.953174][T10985] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 363.953213][T10985] do_dentry_open+0x982/0x1530 [ 363.953247][T10985] ? __pfx_chrdev_open+0x10/0x10 [ 363.953289][T10985] vfs_open+0x82/0x3f0 [ 363.953332][T10985] path_openat+0x1de4/0x2cb0 [ 363.953378][T10985] ? __pfx_path_openat+0x10/0x10 [ 363.953427][T10985] do_filp_open+0x20b/0x470 [ 363.953460][T10985] ? __pfx_do_filp_open+0x10/0x10 [ 363.953523][T10985] ? alloc_fd+0x471/0x7d0 [ 363.953565][T10985] do_sys_openat2+0x11b/0x1d0 [ 363.953604][T10985] ? __pfx_do_sys_openat2+0x10/0x10 [ 363.953646][T10985] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 363.953694][T10985] __x64_sys_openat+0x174/0x210 [ 363.953734][T10985] ? __pfx___x64_sys_openat+0x10/0x10 [ 363.953791][T10985] do_syscall_64+0xcd/0x490 [ 363.953823][T10985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.953849][T10985] RIP: 0033:0x7fa48398ebe9 [ 363.953868][T10985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.953890][T10985] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 363.953912][T10985] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 363.953928][T10985] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 363.953942][T10985] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 363.953957][T10985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 363.953972][T10985] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 363.954005][T10985] [ 364.292251][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.492797][T10992] ubi0: attaching mtd0 [ 364.500995][T10992] ubi0: scanning is finished [ 364.671718][T10992] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 364.681323][T10992] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 364.689194][T10992] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 364.696293][T10992] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 364.705823][T10992] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 364.712694][T10992] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 364.720792][T10992] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 364.730870][T10992] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 364.741246][T10996] ubi0: background thread "ubi_bgt0d" started, PID 10996 [ 364.748629][T10993] ubi0: detaching mtd0 [ 364.831967][T10993] ubi0: mtd0 is detached [ 365.901062][T11023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1101'. [ 366.454026][T11033] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1108'. [ 366.472077][T11033] bridge_slave_1: left allmulticast mode [ 366.478911][T11033] bridge_slave_1: left promiscuous mode [ 366.486812][T11033] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.515395][T11033] bridge_slave_0: left allmulticast mode [ 366.521138][T11033] bridge_slave_0: left promiscuous mode [ 366.527739][T11033] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.843148][T11039] FAULT_INJECTION: forcing a failure. [ 366.843148][T11039] name failslab, interval 1, probability 0, space 0, times 0 [ 366.857229][T11039] CPU: 0 UID: 0 PID: 11039 Comm: syz.1.1107 Not tainted syzkaller #0 PREEMPT(full) [ 366.857266][T11039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 366.857282][T11039] Call Trace: [ 366.857291][T11039] [ 366.857312][T11039] dump_stack_lvl+0x16c/0x1f0 [ 366.857352][T11039] should_fail_ex+0x512/0x640 [ 366.857391][T11039] should_failslab+0xc2/0x120 [ 366.857418][T11039] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 366.857437][T11039] ? skb_clone+0x190/0x3f0 [ 366.857458][T11039] skb_clone+0x190/0x3f0 [ 366.857477][T11039] netlink_deliver_tap+0xabd/0xd30 [ 366.857501][T11039] netlink_unicast+0x71f/0x870 [ 366.857523][T11039] ? __pfx_netlink_unicast+0x10/0x10 [ 366.857541][T11039] ? idr_get_next+0xec/0x150 [ 366.857563][T11039] ctrl_getfamily+0x40a/0x540 [ 366.857577][T11039] ? __pfx_ctrl_getfamily+0x10/0x10 [ 366.857590][T11039] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 366.857611][T11039] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 366.857636][T11039] genl_family_rcv_msg_doit+0x206/0x2f0 [ 366.857659][T11039] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 366.857680][T11039] ? genl_get_cmd+0x194/0x580 [ 366.857705][T11039] ? __radix_tree_lookup+0x21f/0x2c0 [ 366.857724][T11039] genl_rcv_msg+0x55c/0x800 [ 366.857747][T11039] ? __pfx_genl_rcv_msg+0x10/0x10 [ 366.857767][T11039] ? __pfx_ctrl_getfamily+0x10/0x10 [ 366.857787][T11039] netlink_rcv_skb+0x155/0x420 [ 366.857805][T11039] ? __pfx_genl_rcv_msg+0x10/0x10 [ 366.857826][T11039] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 366.857852][T11039] ? netlink_deliver_tap+0x1ae/0xd30 [ 366.857876][T11039] genl_rcv+0x28/0x40 [ 366.857894][T11039] netlink_unicast+0x5aa/0x870 [ 366.857915][T11039] ? __pfx_netlink_unicast+0x10/0x10 [ 366.857933][T11039] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 366.857957][T11039] netlink_sendmsg+0x8d1/0xdd0 [ 366.857979][T11039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.858000][T11039] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 366.858019][T11039] __sys_sendto+0x4a3/0x520 [ 366.858036][T11039] ? __pfx___sys_sendto+0x10/0x10 [ 366.858058][T11039] ? fd_install+0x225/0x750 [ 366.858081][T11039] ? __pfx___sys_socket+0x10/0x10 [ 366.858095][T11039] ? xfd_validate_state+0x61/0x180 [ 366.858127][T11039] __x64_sys_sendto+0xe0/0x1c0 [ 366.858144][T11039] ? do_syscall_64+0x91/0x490 [ 366.858163][T11039] ? lockdep_hardirqs_on+0x7c/0x110 [ 366.858181][T11039] do_syscall_64+0xcd/0x490 [ 366.858200][T11039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.858215][T11039] RIP: 0033:0x7efce0f90a7c [ 366.858228][T11039] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 366.858242][T11039] RSP: 002b:00007efce1d89ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 366.858257][T11039] RAX: ffffffffffffffda RBX: 00007efce1d89fc0 RCX: 00007efce0f90a7c [ 366.858267][T11039] RDX: 0000000000000024 RSI: 00007efce1d8a010 RDI: 0000000000000004 [ 366.858277][T11039] RBP: 0000000000000000 R08: 00007efce1d89f14 R09: 000000000000000c [ 366.858286][T11039] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 366.858295][T11039] R13: 00007efce1d89f68 R14: 00007efce1d8a010 R15: 0000000000000000 [ 366.858314][T11039] [ 366.951571][T11041] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1107'. [ 367.128932][ C1] vkms_vblank_simulate: vblank timer overrun [ 367.389649][T11048] ubi0: attaching mtd0 [ 367.395916][T11048] ubi0: scanning is finished [ 367.905369][T11048] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 367.913072][T11048] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 367.921782][T11048] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 367.943725][T11048] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 367.957557][T11048] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 367.964453][T11048] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 368.003698][T11048] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2701470589 [ 368.015444][T11048] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 368.139005][T11053] ubi0: background thread "ubi_bgt0d" started, PID 11053 [ 370.368726][T11123] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 370.418762][T11122] zram0: detected capacity change from 8 to 0 [ 370.710288][T11124] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 371.921167][T11149] usb usb6: usbfs: process 11149 (syz.3.1134) did not claim interface 0 before use [ 374.616066][T11207] FAULT_INJECTION: forcing a failure. [ 374.616066][T11207] name failslab, interval 1, probability 0, space 0, times 0 [ 374.637443][T11207] CPU: 0 UID: 0 PID: 11207 Comm: syz.2.1145 Not tainted syzkaller #0 PREEMPT(full) [ 374.637480][T11207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 374.637495][T11207] Call Trace: [ 374.637504][T11207] [ 374.637513][T11207] dump_stack_lvl+0x16c/0x1f0 [ 374.637552][T11207] should_fail_ex+0x512/0x640 [ 374.637585][T11207] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 374.637620][T11207] should_failslab+0xc2/0x120 [ 374.637652][T11207] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 374.637683][T11207] ? ptlock_alloc+0x1f/0x70 [ 374.637713][T11207] ptlock_alloc+0x1f/0x70 [ 374.637737][T11207] pte_alloc_one+0x82/0x3a0 [ 374.637765][T11207] do_pte_missing+0x1afc/0x3ba0 [ 374.637795][T11207] ? do_raw_spin_unlock+0x172/0x230 [ 374.637842][T11207] ? __pmd_alloc+0x3fb/0x930 [ 374.637879][T11207] __handle_mm_fault+0x152a/0x2a50 [ 374.637911][T11207] ? mt_find+0x3ef/0xa30 [ 374.637946][T11207] ? __pfx___handle_mm_fault+0x10/0x10 [ 374.637970][T11207] ? __pfx_mt_find+0x10/0x10 [ 374.638025][T11207] ? find_vma+0xbf/0x140 [ 374.638056][T11207] ? __pfx_find_vma+0x10/0x10 [ 374.638093][T11207] handle_mm_fault+0x589/0xd10 [ 374.638122][T11207] ? __bpf_trace_exceptions+0x1/0x40 [ 374.638239][T11207] do_user_addr_fault+0x7a6/0x1370 [ 374.638291][T11207] ? rcu_is_watching+0x12/0xc0 [ 374.638320][T11207] exc_page_fault+0x5c/0xb0 [ 374.638347][T11207] asm_exc_page_fault+0x26/0x30 [ 374.638445][T11207] RIP: 0010:copy_iovec_from_user+0x84/0x170 [ 374.638485][T11207] Code: e8 71 a1 dc fc 4d 85 ff 0f 85 e5 00 00 00 e8 b3 a6 dc fc 0f 01 cb 0f ae e8 49 bf 00 00 00 00 00 fc ff df e8 9e a6 dc fc 31 db <48> 8b 45 08 31 ff 89 de 49 89 c6 e8 cc a1 dc fc 85 db 0f 85 aa 00 [ 374.638510][T11207] RSP: 0018:ffffc9000b897b08 EFLAGS: 00050246 [ 374.638531][T11207] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84de61cf [ 374.638547][T11207] RDX: ffff88801dba3c00 RSI: ffffffff84de61f2 RDI: 0000000000000006 [ 374.638563][T11207] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 [ 374.638578][T11207] R10: 0000000000000040 R11: 0000000000000000 R12: ffffc9000b897d40 [ 374.638594][T11207] R13: 0000000000000004 R14: 00007ffffffff000 R15: dffffc0000000000 [ 374.638621][T11207] ? copy_iovec_from_user+0x5f/0x170 [ 374.638657][T11207] ? copy_iovec_from_user+0x82/0x170 [ 374.638694][T11207] ? copy_iovec_from_user+0x82/0x170 [ 374.638733][T11207] iovec_from_user+0xa2/0x140 [ 374.638762][T11207] __import_iovec+0x88/0x650 [ 374.638794][T11207] import_iovec+0x86/0xb0 [ 374.638823][T11207] vfs_writev+0x19b/0xde0 [ 374.638861][T11207] ? __pfx_vfs_writev+0x10/0x10 [ 374.638916][T11207] ? __fget_files+0x20e/0x3c0 [ 374.638951][T11207] ? do_writev+0x132/0x340 [ 374.638975][T11207] do_writev+0x132/0x340 [ 374.639000][T11207] ? __pfx_do_writev+0x10/0x10 [ 374.639028][T11207] ? ksys_write+0x1ac/0x250 [ 374.639055][T11207] ? __pfx_ksys_write+0x10/0x10 [ 374.639089][T11207] __x64_sys_pwritev2+0x11f/0x160 [ 374.639126][T11207] do_syscall_64+0xcd/0x490 [ 374.639161][T11207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.639180][T11207] RIP: 0033:0x7fa48398ebe9 [ 374.639196][T11207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.639216][T11207] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 374.639240][T11207] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 374.639257][T11207] RDX: 8000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 374.639274][T11207] RBP: 00007fa4847ad090 R08: 0000000000000004 R09: 0000000000000008 [ 374.639290][T11207] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 374.639306][T11207] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 374.639342][T11207] [ 375.046432][ T7454] Bluetooth: hci0: unexpected subevent 0x0c length: 118 > 5 [ 375.349681][T11213] random: crng reseeded on system resumption [ 375.356095][T11213] FAULT_INJECTION: forcing a failure. [ 375.356095][T11213] name failslab, interval 1, probability 0, space 0, times 0 [ 375.369806][T11213] CPU: 1 UID: 0 PID: 11213 Comm: syz.2.1147 Not tainted syzkaller #0 PREEMPT(full) [ 375.369842][T11213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 375.369859][T11213] Call Trace: [ 375.369868][T11213] [ 375.369878][T11213] dump_stack_lvl+0x16c/0x1f0 [ 375.369919][T11213] should_fail_ex+0x512/0x640 [ 375.369961][T11213] should_failslab+0xc2/0x120 [ 375.369997][T11213] __kmalloc_cache_noprof+0x6a/0x3e0 [ 375.370022][T11213] ? do_raw_spin_lock+0x12c/0x2b0 [ 375.370059][T11213] ? find_held_lock+0x2b/0x80 [ 375.370083][T11213] ? async_schedule_node_domain+0x54/0x120 [ 375.370119][T11213] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 375.370152][T11213] async_schedule_node_domain+0x54/0x120 [ 375.370187][T11213] dev_cache_fw_image+0x38e/0x490 [ 375.370222][T11213] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 375.370259][T11213] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 375.370300][T11213] dpm_for_each_dev+0x5a/0xb0 [ 375.370331][T11213] fw_pm_notify+0x81/0x150 [ 375.370359][T11213] notifier_call_chain+0xb9/0x410 [ 375.370390][T11213] ? __pfx_fw_pm_notify+0x10/0x10 [ 375.370427][T11213] blocking_notifier_call_chain_robust+0xc8/0x160 [ 375.370464][T11213] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 375.370513][T11213] pm_notifier_call_chain_robust+0x27/0x60 [ 375.370550][T11213] snapshot_open+0x218/0x2b0 [ 375.370580][T11213] ? __pfx_snapshot_open+0x10/0x10 [ 375.370612][T11213] misc_open+0x35a/0x420 [ 375.370641][T11213] ? __pfx_misc_open+0x10/0x10 [ 375.370669][T11213] chrdev_open+0x234/0x6a0 [ 375.370701][T11213] ? __pfx_apparmor_file_open+0x10/0x10 [ 375.370733][T11213] ? __pfx_chrdev_open+0x10/0x10 [ 375.370769][T11213] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 375.370807][T11213] do_dentry_open+0x982/0x1530 [ 375.370840][T11213] ? __pfx_chrdev_open+0x10/0x10 [ 375.370881][T11213] vfs_open+0x82/0x3f0 [ 375.370923][T11213] path_openat+0x1de4/0x2cb0 [ 375.370967][T11213] ? __pfx_path_openat+0x10/0x10 [ 375.371009][T11213] do_filp_open+0x20b/0x470 [ 375.371041][T11213] ? __pfx_do_filp_open+0x10/0x10 [ 375.371103][T11213] ? alloc_fd+0x471/0x7d0 [ 375.371143][T11213] do_sys_openat2+0x11b/0x1d0 [ 375.371182][T11213] ? __pfx_do_sys_openat2+0x10/0x10 [ 375.371223][T11213] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 375.371276][T11213] __x64_sys_openat+0x174/0x210 [ 375.371317][T11213] ? __pfx___x64_sys_openat+0x10/0x10 [ 375.371374][T11213] do_syscall_64+0xcd/0x490 [ 375.371413][T11213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.371440][T11213] RIP: 0033:0x7fa48398ebe9 [ 375.371462][T11213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.371488][T11213] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 375.371514][T11213] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 375.371533][T11213] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 375.371552][T11213] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 375.371569][T11213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.371586][T11213] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 375.371624][T11213] [ 375.374481][T11213] [ 375.694924][T11213] ============================================ [ 375.701067][T11213] WARNING: possible recursive locking detected [ 375.707305][T11213] syzkaller #0 Not tainted [ 375.711812][T11213] -------------------------------------------- [ 375.717982][T11213] syz.2.1147/11213 is trying to acquire lock: [ 375.724048][T11213] ffffffff8f51c9c8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640 [ 375.731981][T11213] [ 375.731981][T11213] but task is already holding lock: [ 375.739489][T11213] ffffffff8f51c9c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 375.747780][T11213] [ 375.747780][T11213] other info that might help us debug this: [ 375.755837][T11213] Possible unsafe locking scenario: [ 375.755837][T11213] [ 375.763280][T11213] CPU0 [ 375.766548][T11213] ---- [ 375.769841][T11213] lock(fw_lock); [ 375.773557][T11213] lock(fw_lock); [ 375.777295][T11213] [ 375.777295][T11213] *** DEADLOCK *** [ 375.777295][T11213] [ 375.785462][T11213] May be due to missing lock nesting notation [ 375.785462][T11213] [ 375.793944][T11213] 5 locks held by syz.2.1147/11213: [ 375.799322][T11213] #0: ffffffff8f306f48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 375.807791][T11213] #1: ffffffff8e484808 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 375.818248][T11213] #2: ffffffff8e4c4c70 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 375.830185][T11213] #3: ffffffff8f51c9c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 375.838816][T11213] #4: ffffffff8f5173c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 375.848156][T11213] [ 375.848156][T11213] stack backtrace: [ 375.855104][T11213] CPU: 1 UID: 0 PID: 11213 Comm: syz.2.1147 Not tainted syzkaller #0 PREEMPT(full) [ 375.855136][T11213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 375.855150][T11213] Call Trace: [ 375.855160][T11213] [ 375.855169][T11213] dump_stack_lvl+0x116/0x1f0 [ 375.855202][T11213] print_deadlock_bug+0x1e9/0x240 [ 375.855231][T11213] __lock_acquire+0x1133/0x1ce0 [ 375.855260][T11213] ? kasan_save_track+0x14/0x30 [ 375.855288][T11213] lock_acquire+0x179/0x350 [ 375.855313][T11213] ? assign_fw+0x4e/0x640 [ 375.855352][T11213] ? __pfx___might_resched+0x10/0x10 [ 375.855378][T11213] ? path_openat+0x1de4/0x2cb0 [ 375.855402][T11213] ? do_filp_open+0x20b/0x470 [ 375.855424][T11213] ? do_sys_openat2+0x11b/0x1d0 [ 375.855456][T11213] ? assign_fw+0x4e/0x640 [ 375.855478][T11213] __mutex_lock+0x193/0x1060 [ 375.855506][T11213] ? assign_fw+0x4e/0x640 [ 375.855532][T11213] ? __pfx___mutex_lock+0x10/0x10 [ 375.855563][T11213] ? kasan_quarantine_put+0x10a/0x240 [ 375.855586][T11213] ? lockdep_hardirqs_on+0x7c/0x110 [ 375.855614][T11213] ? assign_fw+0x4e/0x640 [ 375.855636][T11213] assign_fw+0x4e/0x640 [ 375.855658][T11213] ? _request_firmware+0x957/0x1470 [ 375.855684][T11213] _request_firmware+0x988/0x1470 [ 375.855714][T11213] ? __pfx__request_firmware+0x10/0x10 [ 375.855739][T11213] ? dump_stack_lvl+0x185/0x1f0 [ 375.855764][T11213] ? lockdep_hardirqs_on+0x7c/0x110 [ 375.855792][T11213] __async_dev_cache_fw_image+0xb1/0x340 [ 375.855837][T11213] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 375.855864][T11213] ? mark_held_locks+0x49/0x80 [ 375.855889][T11213] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 375.855915][T11213] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 375.855942][T11213] async_schedule_node_domain+0xd4/0x120 [ 375.855978][T11213] dev_cache_fw_image+0x38e/0x490 [ 375.856002][T11213] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 375.856029][T11213] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 375.856053][T11213] dpm_for_each_dev+0x5a/0xb0 [ 375.856076][T11213] fw_pm_notify+0x81/0x150 [ 375.856097][T11213] notifier_call_chain+0xb9/0x410 [ 375.856123][T11213] ? __pfx_fw_pm_notify+0x10/0x10 [ 375.856148][T11213] blocking_notifier_call_chain_robust+0xc8/0x160 [ 375.856177][T11213] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 375.856210][T11213] pm_notifier_call_chain_robust+0x27/0x60 [ 375.856316][T11213] snapshot_open+0x218/0x2b0 [ 375.856354][T11213] ? __pfx_snapshot_open+0x10/0x10 [ 375.856380][T11213] misc_open+0x35a/0x420 [ 375.856402][T11213] ? __pfx_misc_open+0x10/0x10 [ 375.856424][T11213] chrdev_open+0x234/0x6a0 [ 375.856450][T11213] ? __pfx_apparmor_file_open+0x10/0x10 [ 375.856474][T11213] ? __pfx_chrdev_open+0x10/0x10 [ 375.856500][T11213] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 375.856527][T11213] do_dentry_open+0x982/0x1530 [ 375.856553][T11213] ? __pfx_chrdev_open+0x10/0x10 [ 375.856582][T11213] vfs_open+0x82/0x3f0 [ 375.856612][T11213] path_openat+0x1de4/0x2cb0 [ 375.856642][T11213] ? __pfx_path_openat+0x10/0x10 [ 375.856670][T11213] do_filp_open+0x20b/0x470 [ 375.856695][T11213] ? __pfx_do_filp_open+0x10/0x10 [ 375.856728][T11213] ? alloc_fd+0x471/0x7d0 [ 375.856755][T11213] do_sys_openat2+0x11b/0x1d0 [ 375.856785][T11213] ? __pfx_do_sys_openat2+0x10/0x10 [ 375.856816][T11213] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 375.856851][T11213] __x64_sys_openat+0x174/0x210 [ 375.856883][T11213] ? __pfx___x64_sys_openat+0x10/0x10 [ 375.856918][T11213] do_syscall_64+0xcd/0x490 [ 375.856975][T11213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.856998][T11213] RIP: 0033:0x7fa48398ebe9 [ 375.857017][T11213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.857039][T11213] RSP: 002b:00007fa4847ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 375.857060][T11213] RAX: ffffffffffffffda RBX: 00007fa483bb5fa0 RCX: 00007fa48398ebe9 [ 375.857076][T11213] RDX: 0000000000000101 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 375.857090][T11213] RBP: 00007fa483a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 375.857103][T11213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.857117][T11213] R13: 00007fa483bb6038 R14: 00007fa483bb5fa0 R15: 00007fff2bc20a68 [ 375.857140][T11213] [ 376.283217][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.543792][T11223] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1149'. [ 377.347962][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.354466][ T1304] ieee802154 phy1 wpan1: encryption failed: -22