last executing test programs: 8.615461937s ago: executing program 2 (id=1167): io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0x6) unshare$auto(0x40000080) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0) pread64$auto(r0, 0x0, 0x4, 0xc9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MEDIA_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x20, r2, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x2000000, 0x0, 0x20010}, 0x20040880) 7.936419145s ago: executing program 2 (id=1168): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/arp\x00', 0x2a8f83, 0x0) mmap$auto(0xffffffffffffffff, 0x80af, 0xffffffffffffffff, 0x16, 0x401, 0x2ffffffffffe) close_range$auto(0x2, 0x8, 0x9ed) close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x701480, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0xa, 0x0, 0x10000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x20342, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x1df4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x8, 0x2, 0x8]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0xfffffffffffffffd, 0x1, 0xbc0, 0x80000000000800, 0x3, 0xf000000000000000, 0xc, 0x8, 0x3, 0x0, 0x2, 0x6, 0x9, 0x1c0000000000, 0xfe]}, 0x0) pwrite64$auto(r0, 0x0, 0x4, 0x100000001) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(r2, 0x8, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_CREATE_VM(r3, 0x5000aea5, 0x20) bind$auto(0xffffffffffffffff, 0x0, 0x80) 7.74005257s ago: executing program 1 (id=1169): r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x7, 0x6}, 0x7, 0x3) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r0) ioctl$auto_XFS_IOC_COMMIT_RANGE(r1, 0x40585883, &(0x7f0000000140)={r1, 0x0, 0xa0, 0x14, 0x81, 0x5, [0xfffffffffffffff7, 0x67af, 0x0, 0x9, 0x7, 0x95b]}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bond\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000080)=ANY=[@ANYBLOB="167a1770fed475ae9abc3bff19cd50583b19d693e8217042279d67e3ef27b126b0065f403428e9d92c9515ef636bcadb336d68342ca2a9000001000000000067b57835e52268eed3aa7539e59dc7e24714f02b3ec938d510fae6b1623c13ca1dfa098ef2f2223325c44b27431f1538b950e162c8da7f92507ecbfe09915f08826375d864792cd2cb9aebc4cad2270d3ead", @ANYRES16=r2, @ANYBLOB="01032ebd7000fddbdf250a00000008000200", @ANYRES32=r3, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc4) ioctl$auto_XFS_IOC_ERROR_CLEARALL(r1, 0x40085875, &(0x7f0000000000)={r0, 0x723f}) pread64$auto(r4, &(0x7f0000000040)='netdev\x00', 0x0, 0x6) 7.725125225s ago: executing program 3 (id=1170): mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) (async, rerun: 64) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20000, 0x0) (async, rerun: 64) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x30, r3, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x3}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x15}, @SMC_PNETID_NAME={0xa, 0x1, '$@#{/\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x840) (async) r4 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000100), r4) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="080029bd7000fedbdf25020000000800030005006cea0d762f6b766d0000000008000100620600000a0004002406a88a5f000000f2a82625c503154aa5bd8e84f744cc775246e531373a0a069e1c01fa5a7dad040fedcd000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000) (async, rerun: 64) ioctl$auto(0x3, 0xae41, r1) (async, rerun: 64) ioctl$auto_KVM_GET_MSRS(r0, 0x4004ae8b, 0x0) (async, rerun: 32) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async, rerun: 32) r6 = socket(0xa, 0x2, 0x73) fcntl$auto_F_GETOWNER_UIDS(r6, 0x11, 0xffffffffffff0001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) read$auto_fops_atomic_t_ro_(r4, &(0x7f00000003c0)=""/230, 0xe6) (async, rerun: 64) socketpair$auto(0x8, 0x5, 0xffff0054, 0x0) (async) r7 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000380), 0x88403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r7, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r7, 0x7af, 0x0) io_uring_setup$auto(0x6, 0x0) (async) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r7, 0x7af, 0x0) close_range$auto(0x2, 0x8, 0x0) symlinkat$auto(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') 7.485617685s ago: executing program 1 (id=1171): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x8) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x3e00, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0x18, 0xfffffffffffffffa, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x800, 0x0) syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000000180), 0xffffffffffffffff) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40146f2c, 0x0) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21022cbc7000ebdbdf2501"], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) kexec_load$auto(0x4, 0x4, &(0x7f00000001c0)={@kbuf=&(0x7f00000003c0)="93994f855aee3b6ac555a223ce397f167a754e3af5c6b38dfc616619cad0665a00afdb6fe5b04d8194785ad616f0b6f73bebaf8246d0fccfd009b154fdb1bd3730e064321866c0166a593a7a74dac49d1546fe0e925cbd528b9b9ad938e0b26ad4b3f024db0983f7886755372e86a2dce28fc03ef786756ac07900ff6478def427dff80de51e7db9e74d68bee49d849aabe4a049a69d6f9b144185c9b994ebb25145637bfcb0e6a8d6916fc2b0d14db985d2bdab11287c00f51ecd21d03620da547c0722028750357955d1766f97917bfc597d668d6a433eb287e3f32bdd99dfae1d1630979bbda2fba5f1cce0", 0x0, 0x6, 0x3}, 0x7) getpriority$auto_PRIO_USER(0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) read$auto(r0, 0x0, 0x1f40) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_SOUND_MIXER_READ_RECSRC2(0xffffffffffffffff, 0x80044dff, &(0x7f00000002c0)="eccee3cb4151f15814dd8d9b731f009011f6e77b49087c9ea5b07a1d12bc14494e3d0b5d6c21b9cf68781ce96291b2997d994b678ca6f191cb3de843846be5c1ced2cd55a5a94bbc8d2eab57a528c25ba02db98c6e14f6a747421f32645b02721ee3d6966cceafb513ba02e3857d424f0937724417c2309709d2f9b62079647db57ee6e0514a65f56468debc8383d6498ac4fb4a199ca4f95c3bc3367017584cbe9cb882dc863ab992ad979b993dc893407b570373d68d0af1a2d3bf3e8e97e4eabd93c445") ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'pim6reg1\x00'}) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x109000, 0x0) 7.060125394s ago: executing program 3 (id=1172): r0 = openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/make-it-fail\x00', 0x0, 0x0) r1 = ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000000)=0x95) r2 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bdi/43:0/stats\x00', 0x200, 0x0) bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000000100)=@task_fd_query={r1, r2, 0xa5, 0x77ad, 0x1, 0x7, r0, 0x7, 0x3}, 0x7) write$auto_proc_fault_inject_operations_base(r0, 0x0, 0x0) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x387040, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x10041, 0x0) 6.6945634s ago: executing program 2 (id=1173): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv6/conf/gretap0/mldv2_unsolicited_report_interval\x00', 0x4e600, 0x0) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) r1 = socket(0x2, 0x5, 0x0) bind$auto(0x3, 0x0, 0x6a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'bond_slave_1\x00'}) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000240)={0x30, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_OURS={0x4}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x2400c802) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) sendmsg$auto_NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r3, @ANYBLOB="000029bd7000fedbdf251a0000007300c800b4b81aedeb6f3d146dfaecfe12926c87b8ae7b2d945f2fc4cdc1c88b3a9ade74c4f3363b4ecf6b469971146a2e6a220c502d81bff775204d1933f58ac4c1733e6f142f618b0cd736e3a1c7001103ac98490da931f315c6b478f324eefed0a4ee92aa1aa5828b9265e96377e3a0e9ce0004000b00"], 0x8c}, 0x1, 0x0, 0x0, 0x24044005}, 0x20040051) r4 = io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x88042, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x1cd) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0) r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/oom_adj\x00', 0x48482, 0x0) read$auto(r5, 0x0, 0x1f40) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci3/force_devcoredump\x00', 0x0, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x9}, 0x7) 6.477678104s ago: executing program 3 (id=1174): capget$auto(0x0, 0xfffffffffffffffe) write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) (async) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) ioctl$auto_SNAPSHOT_FREE(r0, 0x3314, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition\x00', 0x2000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000002bc0)=""/82, 0x52) (async) mmap$auto(0x0, 0x4, 0x0, 0x17, r0, 0x300000000000) (async) get_robust_list$auto(0x1, 0x0, 0x0) (async) socket(0x1d, 0x3, 0x1) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) (async) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xb) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r4 = epoll_create$auto(0x3e) epoll_ctl$auto(r4, 0x1, r3, 0x0) ioctl$auto_TCSBRKP2(0xffffffffffffffff, 0x5425, 0x0) (async) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) (async) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) (async) mlock$auto(0x10fbe8, 0x4) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:01/status\x00', 0x80840, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000240)=""/41, 0x29) (async) r6 = open(&(0x7f0000000280)='./file0\x00', 0x148640, 0x78e22799f4a46f8e) flock$auto(r6, 0x1) (async) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r0, 0xc0085504, &(0x7f0000000200)={0x5, 0x1, 0x4bb, "512ee645345a4e7c14"}) (async) openat$auto_autofs_root_operations_autofs_i(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy6/netdev:wlan1/stations\x00', 0x402442, 0x0) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0) (async) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x702300, 0x0) 6.304588023s ago: executing program 1 (id=1176): close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0x18, 0x3, 0x0) accept$auto(0x3, 0x0, 0x0) r0 = socket(0x1d, 0x6, 0xfffffff8) ioctl$auto(r0, 0x4acd000, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "2edf28b75f95efc9d0187ab1"}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000080) 6.051454343s ago: executing program 1 (id=1177): socket(0x2, 0x3, 0xa) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x5}, 0x2, 0x0, 0x4000000000007, 0x1e78}, 0x800}, 0x4, 0x4008) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x0, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) setsockopt$auto(0x3, 0x0, 0xa, 0x0, 0x10000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x420100, 0x0) mmap$auto(0x0, 0x3, 0x400000000ffb, 0x8000000008011, r1, 0x8) rseq$auto(&(0x7f0000000200)={0xe, 0x402, 0xfb82, 0x3, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) gettid() mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="f4ffffff", @ANYBLOB="01002bbd"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0x7b2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/008/001\x00', 0x204080, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0xc0802, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/default_smp_affinity\x00', 0x40000, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/031/001\x00', 0x2001, 0x0) ioctl$auto(r4, 0x4008550c, r4) clock_nanosleep$auto(0xa, 0x9, 0x0, 0x0) 5.956812338s ago: executing program 2 (id=1178): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) (async) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) (async) socket(0x1d, 0x1, 0x7fff) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) (async) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) (async) r3 = socket(0x18, 0x5, 0x1) connect$auto(r3, 0x0, 0x3a) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/queue/discard_max_bytes\x00', 0x181842, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/geneve0/ra_honor_pio_pflag\x00', 0x80202, 0x0) sendfile$auto(r4, 0x3, 0x0, 0x400000000008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) (async) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff01c}}) (async) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r3) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r3, 0x0, 0x30004850) (async) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) (async) close_range$auto(0x2, 0x8, 0x0) read$auto_stat_fops_per_vm_kvm_main(r1, &(0x7f0000000180)=""/108, 0x6c) (async) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r6, 0x4b47, 0x1) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0) (async) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) 5.75107424s ago: executing program 3 (id=1180): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100cda4429629bd7100f9db5f2502"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x10, &(0x7f0000000000)={0x0, 0xd6c6}, 0x2, 0x0, 0xe, 0x4}, 0x3}, 0x200, 0xb07e) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r2 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000480)={&(0x7f0000000240)="4c0c580000000000090000000000000007a4bac08307", 0x49}, 0x4, &(0x7f0000000180), 0x5, 0x11}, 0x5}, 0x2, 0x100) socket(0x2c, 0x80003, 0x0) setsockopt$auto(r2, 0x11b, 0x9, 0xffffffffffffffff, 0x18) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x3, 0x2) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0x8) 4.386653649s ago: executing program 2 (id=1183): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setitimer$auto_ITIMER_VIRTUAL(0x1, &(0x7f0000000080)={{0x7, 0x3076000000000000}, {0x10, 0x401}}, &(0x7f00000000c0)={{0xd1f3, 0x100000000}, {0xf33, 0x8}}) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r1 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) msync$auto(0x0, 0xe0, 0x6) r3 = socket(0x2c, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/oss/sndstat\x00', 0xa0880, 0x0) bind$auto(r3, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r4, 0x110, 0x1, 0x0, 0x8) read$auto(0xffffffffffffffff, 0x0, 0x1f42) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) io_uring_register$auto_IORING_UNREGISTER_NAPI(0xffffffffffffffff, 0x1c, 0x0, 0x8) 4.383627491s ago: executing program 3 (id=1184): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_severities_coverage_fops_severity(r0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munlock$auto(0xf, 0x6) gettid() r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSMRRU(r1, 0x4004743b, 0x0) ioperm$auto(0x3, 0x5, 0x149) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, 0x0, 0x7, 0x4008) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x7fffffff, 0x3ef) 3.825729534s ago: executing program 1 (id=1185): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x8000, 0x0) ioctl$auto_EVIOCGEFFECTS(r0, 0x80044584, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) readv$auto(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x10003}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x4, 0x4) mbind$auto(0x0, 0x2091d2, 0xeef, 0x0, 0x88000000000002, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) fanotify_init$auto(0x82, 0x3) setsockopt$auto(r1, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_map_fd, 0xb7f}, 0xc) openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ubifs/tst_recovery\x00', 0x4c00, 0x0) 2.563638123s ago: executing program 0 (id=1186): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv6/conf/gretap0/mldv2_unsolicited_report_interval\x00', 0x4e600, 0x0) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) r1 = socket(0x2, 0x5, 0x0) bind$auto(0x3, 0x0, 0x6a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'bond_slave_1\x00'}) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000240)={0x30, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_OURS={0x4}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x2400c802) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) sendmsg$auto_NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r3, @ANYBLOB="000029bd7000fedbdf251a0000007300c800b4b81aedeb6f3d146dfaecfe12926c87b8ae7b2d945f2fc4cdc1c88b3a9ade74c4f3363b4ecf6b469971146a2e6a220c502d81bff775204d1933f58ac4c1733e6f142f618b0cd736e3a1c7001103ac98490da931f315c6b478f324eefed0a4ee92aa1aa5828b9265e96377e3a0e9ce0004000b00"], 0x8c}, 0x1, 0x0, 0x0, 0x24044005}, 0x20040051) r4 = io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x88042, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x1cd) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0) r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/oom_adj\x00', 0x48482, 0x0) read$auto(r5, 0x0, 0x1f40) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci3/force_devcoredump\x00', 0x0, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x9}, 0x7) 2.519659969s ago: executing program 1 (id=1187): r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd14/rqos/wbt/wb_background\x00', 0x189e42, 0x0) write$auto(r0, 0x0, 0xf) (async) write$auto(r0, 0x0, 0xf) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) (async) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x400, 0x80000001, 0x3, 0xeb1, 0xfffffffffffffffa, 0x18000) (async) mmap$auto(0x400, 0x80000001, 0x3, 0xeb1, 0xfffffffffffffffa, 0x18000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) (async) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r3, 0x540a, 0x0) (async) ioctl$auto(r3, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x200) write$auto_hwsim_fops_rx_rssi_(r2, &(0x7f00000002c0)="3de553aa0d199154986ec0c0c4b4a62345d6ef1b82726c97bb27f09feca2ebf8816174ae3cfe0fd9a9645c7d6549222cba952a6e052ba3043be2c48ffb76b82f1ca0903d7f24d6876b426f470d323223219e", 0x52) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x80000000000000a, 0x2, 0x0) socket(0x1d, 0x4, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/admmidi2\x00', 0x4000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0xd, 0x0) futex_waitv$auto(0x0, 0x4, 0x5, &(0x7f0000000100)={0x98bf, 0x4}, 0x4) (async) futex_waitv$auto(0x0, 0x4, 0x5, &(0x7f0000000100)={0x98bf, 0x4}, 0x4) sendfile$auto(0x1, 0x3, 0x0, 0xc01) (async) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 1.684841147s ago: executing program 0 (id=1188): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x100000011, 0xffffffffffffffff, 0xffffffffffffff7f) sysfs$auto(0x2, 0x11, 0x0) r0 = fsopen$auto(0x0, 0x1) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) (async) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) (async) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) close_range$auto(0x2, 0x8, 0x0) 1.444081126s ago: executing program 0 (id=1189): mmap$auto(0x0, 0x2020009, 0x4, 0xeb1, 0xffffffffffffffff, 0x8000) landlock_create_ruleset$auto(&(0x7f00000008c0)={0x3, 0x3, 0x200000000000003}, 0xa2b, 0x1) socket(0xa, 0x1, 0x2000084) symlinkat$auto(&(0x7f0000000200)='./cgroup.cpu/cpuset.cpus\x00', 0xffffffffffffffff, &(0x7f0000000280)='./cgroup.cpu/cpuset.cpus\x00') setsockopt$auto(0x3, 0x10000000084, 0x9, 0x0, 0xe) 1.251257261s ago: executing program 0 (id=1190): syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec13\x00', 0x101001, 0x0) socket(0x2, 0x2, 0x88) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfdf3) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) pipe$auto(0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mlock$auto(0xfbe8, 0x4) munlock$auto(0xffff, 0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFRASET(r0, 0x1264, 0x0) keyctl$auto(0x2000001f, 0x1, 0x6, 0x3, 0x8000) madvise$auto(0x0, 0x240007, 0x1d) ioctl$auto_BLKROSET(r0, 0x125d, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0x4000000e987, 0xe2, 0xebf, 0x401, 0x8000) r1 = socket(0x1e, 0x3, 0xa6) signalfd$auto(0xffffffffffffffff, 0x0, 0x3cb) ioprio_set$auto(0x81b, 0xff, 0xffffffff) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @loopback}, 0x7fff) sendmmsg$auto(r1, 0x0, 0x5, 0x20000000) ioctl$auto(0x3, 0x80000541b, 0x38) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 1.20078387s ago: executing program 3 (id=1191): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffffd, 0x80040000d, 0x5, 0x9b72, r0, 0x8000) dup$auto(0xffffffffffffffff) socket(0x2, 0x1, 0x106) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x4, 0xda, 0x948b, 0x0, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000005, 0x7, 0x4, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x958b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x40008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x10000]}, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume_offset\x00', 0x828100, 0x0) read$auto(r3, 0x0, 0x20) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)="42bf466a98f4921b6c0a", 0xa) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r4 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r4, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) execve$auto(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f0000000180)=""/250, 0xfa) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={"fda256c4", 0x1, 0x6, 0x4, 0x9b4, 0x9, "0810c7543bfbcb0500", "0200", '\x00\x00 \x00', "2ff43123", ["00000100", "f8ff0b00fbf2ffff00002701", "0004154db00b0004000400", "5fe10eedab2c4b353c392a92"]}) r6 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) r7 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="34d3f3bf", @ANYRES16=r7, @ANYBLOB="000128bd7000fcdbdf25030000000c000b000100000000000000120001009265cd95cbed166941180c3a50ae0000"], 0x34}, 0x1, 0x0, 0x0, 0x840}, 0x40000) write$auto(r6, 0x0, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 416.646997ms ago: executing program 0 (id=1192): sigaltstack$auto(0x0, 0x0) (async) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2) (async) getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r3, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000dc0)={0x2c, r2, 0xb77b02080cac5bcb, 0x70bd2c, 0x259fdbff, {}, [@ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0xbd}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0xf7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x82) read$auto(0x3, 0x0, 0x7fffffff) (async) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) write$auto(0x3, 0x0, 0xfffffdef) (async) r4 = seccomp$auto_SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f0000000080)="b46abc3d668aa13da0c11d5af6be49a1be1f7f2c5324952b0fb38be4c0fc73b274907ad148f1fd49bbfe982a4c9f46486dc4859c83cc6ec3bbb4dbc43e7b6f0d338456aaff779ce883b92ac5da8c4f0f92e98b") ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x2272, &(0x7f0000000100)="183a26c94b5a361ec21c42") ioctl$auto(0x3, 0x402c542b, 0x38) (async) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) (async) write$auto(0xffffffffffffffff, 0x0, 0x4) 322.31499ms ago: executing program 2 (id=1193): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) r2 = open(0x0, 0x0, 0x10a) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) statmount$auto(0x0, 0x0, 0x6, 0x1000000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80980, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000480), 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r0, r3, 0x0, 0x1) r4 = socketcall$auto(0x8000, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r4) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r6) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x3) ioctl$auto(0x3, 0xae41, r7) 0s ago: executing program 0 (id=1194): timer_create$auto(0x80, 0x0, &(0x7f0000000180)=0xfffffc01) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), r0) (async) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0xffffffffffffffff, 0x400454ca, 0xffffffffffffffff) (async) ioctl$auto(0xffffffffffffffff, 0x400454ca, 0xffffffffffffffff) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x40) mmap$auto(0x0, 0x3020009, 0x3, 0x736, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) (async) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) connect$auto(0x3, 0x0, 0x54) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/set_event\x00', 0x0, 0x0) (async) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/set_event\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8000ffff}, 0x3) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) (async) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x1, 0x0) write$auto(r4, &(0x7f00000002c0)='/dev/audio1\x00\x1b[\xdc\\7:\xff\xc0% n%R|\xcc\t.mp\x99\x92\x84w\x91\xc4;|\x06\xb3\x03\xe1[\xd3\xef\xcb\x11\xcbL\x85m\x0f\xca\xd6a\nJ\x02\x01\x00\x00\x00\x85\x97\xea\x9b\x0e\xcfGs\xa7I\xd2\aN|\x82\xc1\xd7!\b\x01M', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x800000009, 0xd, 0x8000000000003, 0x948b, 0x3, 0x15f4da07, 0x3, 0x7, 0x65, 0x8000001f, 0x1000, 0x6d41, 0x9, 0x2]}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r5, 0x0, 0xc840) statmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000007, 0x1ff, 0x6}, 0x0, 0x2, 0x0) sendmsg$auto_NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000180), 0xc, &(0x7f00000004c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="02002abd7000fbdbdf251e00000028121e8008007500ff01000014006500ff020000000000000000000000000001ff00228087847934a526f54167abe5c8997ce95e06150c02dd51d84105285acf039c0a71cc8f8f583b7a5a3abfae225d9c4d6aade53e042c6664703d4e365e0ad0e96b7f87aebaad8f08003900000600000800", @ANYRES32=r2, @ANYBLOB="9b703728df5229b5fdaeca362ca197237a6ea92b557559f3296f1f7ecf62f578bf4f0b46394510c8635e421308f06c48692df31abf9ad05f095d9b3ffb9db3fb2933e30633e2722014502120c823931f0e7ac367960190700524bc21048a97d7a3888c885a7c697eb3e8e4ff49a141d740d81707f7a4c8c4667ba90365e76ab97549b6b0b84c55ad5ef4d388b302f7a9d9075b08f24af53d6e14579bfb2f6312fb2b5203a124008000f4800400088060fea4d99afa1b665f4815def876a100b1e1ac637696228265db8ad3b46db6aaaae47ca275f6fce72703f60ee0af31ee7798a6cd98245a0ce1e9c6a00a59669109259c5b4cdd61332a3f1a79d0173d6db63d40a139695f6314e4e0a36a6ca847edd4d05a1a2cdd937ad9ee1df8a18ccc06004a002d000000ecf446c1d0deb3d6d0537e99828ddb6c0a537d3e1e76779d17b2f35ee594577ed41817b92503d2ca40243ed8bee75e2ba0ab80cf652bb6e50c721ef03b7e4dc7f55f302dc0b5be87da6962b07cbbd2359b0bfa15005b91f08cb01dec0fa0130eda4de1ff8adf4b05ad35a086cd79832969a4c48ca01c3262e2676956130570487e7c5c63bdc3e08602523aa062732f83fe93e76d577ff00d18adc1b3fe418f2ca581f588650a504001af0a89e23c846ca1389c34d6f199995c61404981826022eeeca4f2e29b6bba63f59ff8564f2ec3ba9756f32b51fd1bd89bddeea31644a119104608dba9f67e4cdea04485ac654134867d1366ca2d64161066983987f2daefa671f07583daaff43ddd9dc1a19c4de01471b4676c4febffb0a6a84e803ba6a236f5156199e521c86c284c510e0376fda47a0d31e552de107a6a4fa02245a13ea99cec17cf59a900cc0cef4f45dce906f0fde329eae9a18d0d4cd4d0900bf456642f8e340ed6555822b2ad5c14c4d030ded878d72e68d88d07b10a0480616828b2460664e1f4496ada0c321b7a81194ce464c61c320c9737bb9e904dc068030cb196de1730864b150af8b6f06c55e6c8a0b0589a6036a244a3d442eb746cf83457fb450d21713b66720cb0bb0d61dfda78ff04f0877406b47f5bfe406b2d273a5b9808d5d7c33c783c117311267b1f2becc5b3be8554dbfaef5496416dd3693842672d455441c60be3a88bf34669dca090b0cb56078cff4b5089bbfff5ccdc685ae588f2d5238c2ba0e90f07b195208646a161bda986b9f12386552ae588dc641a9c1c99fd9f6bd391358c591e454433dbc48e886c3d199851842a13f475c8dd4db1cdc2ddc0b9f50ca6cf62acfd1548d3a24d04acaced084b809741b39399e84897fe7ba9f8a8fdccdf70f162ab0214a982ab321ac701bb89ca48b0684176797d11247cdab9e700996b1b4b20f6030e06c69639a92112fc33f60857047b2f34a9a03b37e566e3d8e529a2bb6f9dd59df9e49c62408454a2cfc820b62b56df5c36dbbcc7d00d7758ee20bd7270ef2cba21c9ef87c5e4dbea3af010b4a15321a021742abe0fc6568b047937d2c6d975a1d4773d1fdeee9e284c2d2a0d546858c845829366c2c1f0f5eb48e00a2db98673be4d10d9eff0fc27088f8d264b53ae31cd4e7c0ab427d39891680c018f27bd63e22e02e6c762b57c3a2a6f144cf835eba4cc3a12621c325776ef46cbb04156dd4f01193a11c8bf699cb4f54f9d52a04b3de904e6eacd75593098d2a5442a903d6355c9e3ce870822671b80923703eaacb1969a7a8bc3c7cec8781a8d8d51486776613b0f657c47f54c6e3cab56144c673d94fba50ffe7935aee0521d1bd4ac0d0c2277699fbef3ea89ef2e221cd8c688e3ff497d5789ee2eaf01e39a3745a3c3c1fdf8eed3684433f77f6e7eda73fbde51ffe01f0d10fae6e2f1e07d09881bc251790e8bf4b10af95f4765ab3ebf0dcd9d1a855f901a551035fce8376f3342d0c849731adbc8757050e9884c3854f3e10bc622e79d2c6938397ca1b3a26b7f9bf6800d015f8f22c3ed27aa79d5f85f00ca107457288e6e9824c51db57e2899c69c6f22419f626883e031ee3b978ca9b0c2d7f4ee5d9df45f53abbca7e5bed9e6ed9ea7ad6da3be99df85c2b72e218fabda7fefc682395b9a58f3749fd87c36c670401f07b8a55c1852f28c0e03562f9519442318cf1e71549c1bd0e8a96c5c200a8b99a751fc06c5b6462106b0b4bdf4a50a9d206148bbc0cafae190ce1eed700b8f316344594478f8f7b24cdbaebf20d5e579d3a8ba68de9e12ca8e74de8101a5e7388a40200d2ddcea48e5f938bcc5628cb1f4f1d789ef230202d549145c06b2397cc5e3e5bd25d955b2148e4e9079ac85114327532064900e5cf83b640f14aafb4ee8cc7816a4284a304206c40ca00f213f1cc8b51b273c24fa70524a9a3377082f5245c7b6bac54ed3721dd6f1de482fd6e402905753ccc13c1cf51e0068fed3b1e4df59c5fdefe1d207fb93efa63569a95bd5413b4f02eb8651deec8572dadd66b72937b595c5c708c1970d67db92aa528223ebfcd20898be3d4f5a337e97337f34e18f880d09916b6e3b49b79a0a0e728375c755375d88eb663041f2204a6eee6ca86a6b23db4b8c1894b9cb9e07a509bd260b270df01384409e2415368110f5df4ff0b0b54cdabe21a3c145bf96a08d4889ba56bb0e2f0764b9a546c8e7daf550b3e5c213df51251ead109d4006fbb6d44ed2146c26bcefea5a31125177a474e4ac6c8617e4fe8c366c364260138b1a5cf8c75ef89509c73acb22865d1a1eac33ced2af7b6ea1cf382f5f17374dfc67c06d9bd7ebb7ae8642a560a7ba27bb49b2ac7801a83d550d7470e8ff0c2f21bb4e104992ff79909475737a2fe626426b08ebf7042977ac645b4a3dec50824e348f4597d0da5ae37d86ea31d3034ab4ecf2e48b6edd04f7d456caf90af6568b21dcd2d5eedcb9c538502c1430a539b1bbdf27336035bc1f401a88c0edcca0393571a50304c31750eb6494cb7f3bde26acc262832479007d218896ceb92f7aa429c4fec0444cd11cc3678d00e24f4a3048de458f7f0c013036b8197699ecd385fb57996fa58d0dc0e2f33d9b80a8cf375efb2d934a0d63d909cb981951e837f1771c9f144a242aae8d0114ed38e7484c155b7c06f53be3ddeec17287e7e9eacb129e0b58c2d27d7076194d8c66c970cac24ba62ac0b1406ac2159035da533f38ff7105cddd91b6994d48d87ffcaa077d0987c726edba4aa9d39b397f1b3e07655f33be061e404d711db7a6e5716458b2a17a56fb5296292d559a5ddb0f1c322199ee823cde3a9e4013c974ca6209c9076f013698d2debd8ccd33e41cba650ee30d90216383622143711e060e32c8a907f15fa95a99c98b1f118372fba711e631a8cfad5e562d12bfba71e2ca4d5162fad90a5387ce4edd3c8bfeb0459aec5ebdb3bda59bc7dc95ed9667fa0b97e35bc2f1a3c1049281d99ad877ad0839874ed9f4850654a03b20e71aa7efae4fd3f92cd0c60d4fca97ffe8d030c25aadce87d5959e16d3c1036beb42a866b950cec3e01cc683cd6ca124a28f2429eacc6cc4279e101dba96e66e2f541c46a38752f8b31dabdd8be5c19042cfba7f1ae0103522d9024f261f82c412e39ebdc0dd355db4992d066d818ce21daa4d16be1cbf61c0730e152ee70944af70fbfb049537d77cd3466683e41b8fabb584b274d7912b8555804ac8974c6f520140ae1302e1a87aecf887258cfa0e869fbc5cf35eb516de9636f77a35f3ad09a6fbb445fff2c6d2238d5b1c3b5a24e615846bedc0a3dd84d6abe042638713158db713e0ead49d199ddbf106d083fcd5071f27e7d7371d913396a7c6c8a9d1c4ff6d432c4418aefa9b56082bcea0b84170b076a9ddca7722f1ce87529b9bb3c34f5e30a5aaf8ffd0b3da2e95dfc333a1a35b1fffa62354be37b535295b79610795cdbfaa939ca32322cca468c8f9c077faec36988bbe436fd0bdc028b00f6f1e43e4a7b702285d4b7e560844620360b3d35626a5a9c7017052a486c840fefd5836f7d97c878d89230b1938d5df277306c50131d558d470d7edd81444159ab4ddf48d03af1edf0e340c1da73783e1f543ee3bc0c9520a4707adaaffa665d96b2c3d46a1ce57b767b758ec3249105e2102a303d7c36131135fc1a5ca3957da9b38b08a4fcdf68aaa4d850d43b2212114e14971d3ce45f9b7abaabe3e7568f2c76ef40d2d59af813f0ff0ddf1409054c8e2477168ea3d2b4957ca49b55e58e05f73b2527ac3fb40c4502c445556a079d73fc200a3ca9108b5b28e5975f57274b1ca089e66b6e301e64562f9bac7aa34143a7f43d6f932e27598a8292045a4e8e1da1fea9b856b84ea1436dd0d8abfb0f7404e063f55868afdf2ea9429ca47cdeea25b391076746da81d36d672f26a65a08c7d60e2a6e84cb5283429d4cebc4d57c7230ba4b82750888d83cb64fa05a6dd849773a8e4bf5402e8375c43c6ba48f3d9e1abfb9effb0bee135b417813347f715795404be8db977dac66d1a1953550d92fd9f086dfa39aee6a62829ae55e78651bc62ff275e220f00cdd0d5dbfe90731622f785d6afee73a3a332e3cb6f7779672a51018c0fc65fd545e85726343d5d6fdefbb667dc04fe6de42566f0b97cc775f71d3f3b67d8c59bfc0d87b9deb48f65f6d6e08e9f2f22528e7f5f46796f4ab8e930863eee01921adc0abf82707bf813a7c26f1a12e0dc11efb154eee55c2a518b95947950e3a7dbe3be2fa9257374479e7eabe94d855ab1cc182a098e7a6f91fe7b39b69ac82be0d36bffcd6ccb6c36593d0b76428c70d7f4d8919cc87cc551b459a430766bc0584b43f3140975c420693f2bab0c1d9f803e40a0a5c91bfbc7300851a56601201185bb7c588030a02e0d53d18c4b17dd82f4ff43fa40c65cd3932f7461426a119bbfba6c3e490ac57adfc0111e066d561c1d740759bdf4d36151e2c1d8e0f7f5214da3d848a5dba3b7adcc1f5843767eb7c17831688556400172b6bf1899f064bf13af5fbdca55b5770047eb36c611254aa840bfa8daf295d8d7caa4268756dacc10ccf4c83941dd3fc6178a35bf2d1183f7ce4a50d7395e408410adad465c38a75aa410acce45cfdca406598fba1534d4203915d022fdb2364741493df20238e80a420e9c7d3f44772f64311db8800e8dd98d32aa028006ec7a2f373d58b8251900151d3584a957e43c50df0fb5607ff73558ceb2c501b51227a895b135090f8a15670ae773b8be5700417ec5120e1e56e7f8aee6bd21bc1d8feff9bad8004011acc8cdff47978e7fde37e79cb2caf8946723b471e5268f5dee87a4d17208558e79613bc2a1b1ceb50d4d80c1889ed82ad565240b909cf11d0bb18aad12bb514425dc9184bd93e83da07b23ba5247d60ae73c5db5a550a671daff6e4958d612f31a7e1bbe394d08b7d05ca05314fbf97efff398643fb2a80890c7a399fc1e02566b4ff57f8d34a83d3b3b788ab144c91ccdc194c92996bbc7fae341c0677fb030e1a7f2f384b162a90c28d0e86d1454c6686a88880bc8f72ea8b5a2201e4b9aeb979910a325fb93adaee94a491e35c914ca54030392aefae27ad0c930f35c3c63b66501f32539495391d292e2378fbadca23f709862e249bcd239f8198d3eeef1c2e7c51ab22958165b9a663c4649d835ea3d65967c0ce943d983685d08732244d75a38bee6a947f89d1932b0ee128893ce190705dd9d78febd5ef2e6c2a8af5ee652bda43b31cbff70dd3dd5c5ef3d464368d6d24b19667b6d15dc652563e395c5537ba7bf6acb8531ec1e74b6aff3306822d7d8b30caf599a9234804b0a1d4721d73c3d40e36955d4b020e7107ad5c4cf9db87ad6cd361bf3fb53117a1603ddcc2d7e5f1ede0dbc0ee51a08d28dca5971a150cce51a8a3a73b04e573f47e164935c32c1c9e907be4532eb614d30cf92bae2e9e7dc843b17bd5c9791a556dc24b8da01d249628b9ee8d35f834527315c9ccb3524f1d86f9095db1084e46f78c51fb1dbeed7a75a79200456b0999ccbc77ff491c89ab815d24592d8bef46b62d84a0773ea3fd4f12693b8921dbe876a589ca50dfdc09bbb6ea132cb68bafe9c9efbd8017abd9cf579403c2305f5e1ff975694387ac5f84e5aef699716d60600e90f11681e6ad99944b354b18e301ef74bb97ac560cd4ec7b90dd6bd907d0c3d6c91a4e5798a81c1bca71a53bd1f2334f2ac46e3ccd9320075075e5e32a208007900", @ANYBLOB="a515b83c30b361a09841d4ee05b17d64", @ANYBLOB, @ANYRES32=r3, @ANYBLOB, @ANYRES32, @ANYRES64=r1], 0x1258}, 0x1, 0x0, 0x0, 0x2400c841}, 0x44000) r6 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_RTC_SET_TIME(r6, 0x4024700a, &(0x7f00000001c0)={0x4, 0x4, 0x17, 0x8, 0x1, 0x63, 0x10, 0x3, 0x3}) (async) ioctl$auto_RTC_SET_TIME(r6, 0x4024700a, &(0x7f00000001c0)={0x4, 0x4, 0x17, 0x8, 0x1, 0x63, 0x10, 0x3, 0x3}) kernel console output (not intermixed with test programs): T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.834031][ T5939] zswap: compressor not available [ 111.321554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.401046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.410608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.481898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 111.782798][ T5845] Bluetooth: hci0: command tx timeout [ 111.852202][ T5845] Bluetooth: hci2: command tx timeout [ 111.931209][ T5845] Bluetooth: hci3: command tx timeout [ 111.931227][ T5837] Bluetooth: hci1: command tx timeout [ 112.594901][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.608368][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 112.671443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.352482][ T5991] zswap: compressor not available [ 114.709899][ T5991] Zero length message leads to an empty skb [ 114.835854][ T5996] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.352532][ T6022] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 117.568547][ T6058] FAULT_INJECTION: forcing a failure. [ 117.568547][ T6058] name fail_futex, interval 1, probability 0, space 0, times 1 [ 117.626172][ T6058] CPU: 0 UID: 0 PID: 6058 Comm: syz.2.21 Not tainted syzkaller #0 PREEMPT(full) [ 117.626241][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 117.626263][ T6058] Call Trace: [ 117.626274][ T6058] [ 117.626285][ T6058] dump_stack_lvl+0x16c/0x1f0 [ 117.626330][ T6058] should_fail_ex+0x512/0x640 [ 117.626384][ T6058] get_futex_key+0x1d0/0x1560 [ 117.626431][ T6058] ? __pfx_get_futex_key+0x10/0x10 [ 117.626472][ T6058] ? __mutex_trylock_common+0xe9/0x250 [ 117.626527][ T6058] futex_wake+0xea/0x530 [ 117.626579][ T6058] ? __pfx_futex_wake+0x10/0x10 [ 117.626624][ T6058] ? __lock_acquire+0xb8a/0x1c90 [ 117.626686][ T6058] do_futex+0x1e3/0x350 [ 117.626730][ T6058] ? __pfx_do_futex+0x10/0x10 [ 117.626770][ T6058] ? __might_fault+0xe3/0x190 [ 117.626812][ T6058] mm_release+0x24e/0x300 [ 117.626848][ T6058] do_exit+0x68e/0x2bf0 [ 117.626900][ T6058] ? __pfx_do_exit+0x10/0x10 [ 117.626944][ T6058] ? do_raw_spin_lock+0x12c/0x2b0 [ 117.626987][ T6058] ? find_held_lock+0x2b/0x80 [ 117.627028][ T6058] do_group_exit+0xd3/0x2a0 [ 117.627076][ T6058] get_signal+0x2671/0x26d0 [ 117.627129][ T6058] ? do_raw_spin_lock+0x12c/0x2b0 [ 117.627180][ T6058] ? __pfx_get_signal+0x10/0x10 [ 117.627223][ T6058] ? do_futex+0x122/0x350 [ 117.627266][ T6058] ? __pfx_do_futex+0x10/0x10 [ 117.627314][ T6058] arch_do_signal_or_restart+0x8f/0x790 [ 117.627357][ T6058] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.627418][ T6058] exit_to_user_mode_loop+0x85/0x130 [ 117.627469][ T6058] do_syscall_64+0x426/0xfa0 [ 117.627515][ T6058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.627547][ T6058] RIP: 0033:0x7fe7e5b8efc9 [ 117.627577][ T6058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.627607][ T6058] RSP: 002b:00007fe7e69f40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.627637][ T6058] RAX: fffffffffffffe00 RBX: 00007fe7e5de6188 RCX: 00007fe7e5b8efc9 [ 117.627659][ T6058] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe7e5de6188 [ 117.627678][ T6058] RBP: 00007fe7e5de6180 R08: 0000000000000000 R09: 0000000000000000 [ 117.627703][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.627722][ T6058] R13: 00007fe7e5de6218 R14: 00007ffc217b0e50 R15: 00007ffc217b0f38 [ 117.627766][ T6058] [ 118.052203][ T6064] usb usb15: usbfs: process 6064 (syz.0.20) did not claim interface 4 before use [ 118.195930][ T6043] netlink: zone id is out of range [ 118.281797][ T6043] netlink: zone id is out of range [ 118.291493][ T6043] netlink: zone id is out of range [ 118.296746][ T6043] netlink: zone id is out of range [ 118.302000][ T6043] netlink: zone id is out of range [ 118.307174][ T6043] netlink: zone id is out of range [ 118.312666][ T6043] netlink: zone id is out of range [ 118.317957][ T6043] netlink: del zone limit has 4 unknown bytes [ 118.582310][ T6069] random: crng reseeded on system resumption [ 120.326847][ T6105] zswap: compressor not available [ 120.339081][ T6110] Setting dangerous option i915.mitigations - tainting kernel [ 120.656666][ T6104] zswap: compressor not available [ 122.714764][ T6174] process 'syz.2.45' launched ':,' with NULL argv: empty string added [ 123.420224][ T6194] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 123.653238][ T6196] FAULT_INJECTION: forcing a failure. [ 123.653238][ T6196] name failslab, interval 1, probability 0, space 0, times 1 [ 123.675535][ T6196] CPU: 1 UID: 0 PID: 6196 Comm: syz.1.50 Tainted: G U syzkaller #0 PREEMPT(full) [ 123.675581][ T6196] Tainted: [U]=USER [ 123.675590][ T6196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 123.675607][ T6196] Call Trace: [ 123.675616][ T6196] [ 123.675626][ T6196] dump_stack_lvl+0x16c/0x1f0 [ 123.675664][ T6196] should_fail_ex+0x512/0x640 [ 123.675709][ T6196] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 123.675744][ T6196] should_failslab+0xc2/0x120 [ 123.675784][ T6196] kmem_cache_alloc_noprof+0x75/0x6e0 [ 123.675813][ T6196] ? alloc_empty_file+0x55/0x1e0 [ 123.675861][ T6196] ? alloc_empty_file+0x55/0x1e0 [ 123.675900][ T6196] alloc_empty_file+0x55/0x1e0 [ 123.675942][ T6196] alloc_file_pseudo+0x13a/0x230 [ 123.675989][ T6196] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 123.676035][ T6196] ? alloc_fd+0x471/0x7d0 [ 123.676072][ T6196] sock_alloc_file+0x50/0x210 [ 123.676106][ T6196] __sys_socket+0x1c0/0x260 [ 123.676147][ T6196] ? __pfx___sys_socket+0x10/0x10 [ 123.676188][ T6196] ? xfd_validate_state+0x61/0x180 [ 123.676229][ T6196] ? __pfx_do_writev+0x10/0x10 [ 123.676268][ T6196] __x64_sys_socket+0x72/0xb0 [ 123.676318][ T6196] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.676353][ T6196] do_syscall_64+0xcd/0xfa0 [ 123.676390][ T6196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.676422][ T6196] RIP: 0033:0x7f44b8d8efc9 [ 123.676453][ T6196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.676486][ T6196] RSP: 002b:00007f44b9c10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 123.676512][ T6196] RAX: ffffffffffffffda RBX: 00007f44b8fe6180 RCX: 00007f44b8d8efc9 [ 123.676530][ T6196] RDX: 0000000000000006 RSI: 0000000000000801 RDI: 0000000000000002 [ 123.676551][ T6196] RBP: 00007f44b8e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 123.676567][ T6196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.676583][ T6196] R13: 00007f44b8fe6218 R14: 00007f44b8fe6180 R15: 00007ffc0838b148 [ 123.676620][ T6196] [ 124.337421][ T6202] mmap: syz.2.51 (6202) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.367990][ T6224] openvswitch: netlink: Message has 4 unknown bytes. [ 126.096223][ T30] audit: type=1400 audit(1547301560.520:2): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=6237 comm="syz.2.58" [ 126.355855][ T30] audit: type=1800 audit(1547301560.790:3): pid=6239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.57" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 127.773045][ T6294] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 127.793246][ T6294] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 127.936751][ T6294] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 128.067405][ T6294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 128.074558][ T6294] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 128.098859][ T6294] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 128.111430][ T6294] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 128.118273][ T6294] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 128.127793][ T6294] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 128.188974][ T6294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 128.202561][ T6294] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 128.278775][ T6294] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 129.006057][ T6312] block nbd0: Unsupported socket: should be TCP or UNIX. [ 129.765486][ T6317] netlink: 28 bytes leftover after parsing attributes in process `syz.2.66'. [ 129.808782][ T6333] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 129.852825][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.921894][ T5878] Process accounting resumed [ 130.090893][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 130.170741][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 130.250748][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 130.740604][ T6344] netlink: 'syz.1.74': attribute type 1 has an invalid length. [ 130.762432][ T6344] netlink: 318 bytes leftover after parsing attributes in process `syz.1.74'. [ 131.467736][ T6354] HfR: entered promiscuous mode [ 131.930770][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 132.171516][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.250893][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.330764][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 134.021074][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 134.251036][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 134.333433][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 134.426738][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 134.462291][ T6398] openvswitch: HfR: Dropping previously announced user features [ 135.268484][ T6420] netlink: 'syz.1.91': attribute type 1 has an invalid length. [ 135.876343][ T30] audit: type=1800 audit(1547301570.290:4): pid=6432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.94" name="lu_gp_id" dev="configfs" ino=10598 res=0 errno=0 [ 136.952394][ T6468] syz.1.100 uses obsolete (PF_INET,SOCK_PACKET) [ 137.460452][ T6472] usb usb23: usbfs: interface 0 claimed by hub while 'syz.3.101' sets config #0 [ 137.873789][ T6480] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8164fe6a (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 137.889611][ T6480] Call Trace: [ 137.892938][ T6480] [ 137.895918][ T6480] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 137.902668][ T6480] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 137.908551][ T6480] ? __pfx_call_function_single_prep_ipi+0x10/0x10 [ 137.915132][ T6480] mce_cpu_restart+0xd9/0x1f0 [ 137.919964][ T6480] ? __pfx_mce_cpu_restart+0x10/0x10 [ 137.925326][ T6480] smp_call_function_many_cond+0x122a/0x1600 [ 137.931366][ T6480] ? __pfx_mce_cpu_restart+0x10/0x10 [ 137.936799][ T6480] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 137.942635][ T6480] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 137.949009][ T6480] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 137.955064][ T6480] ? __pfx_mce_cpu_restart+0x10/0x10 [ 137.960390][ T6480] on_each_cpu_cond_mask+0x40/0x90 [ 137.965559][ T6480] set_bank+0x240/0x3a0 [ 137.969749][ T6480] ? __pfx_set_bank+0x10/0x10 [ 137.974471][ T6480] ? find_held_lock+0x2b/0x80 [ 137.979182][ T6480] ? __pfx_set_bank+0x10/0x10 [ 137.983982][ T6480] dev_attr_store+0x58/0x80 [ 137.988528][ T6480] ? __pfx_dev_attr_store+0x10/0x10 [ 137.993766][ T6480] sysfs_kf_write+0xf2/0x150 [ 137.998395][ T6480] kernfs_fop_write_iter+0x3af/0x570 [ 138.003747][ T6480] ? __pfx_sysfs_kf_write+0x10/0x10 [ 138.008979][ T6480] vfs_write+0x7d3/0x11d0 [ 138.013345][ T6480] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 138.019283][ T6480] ? __pfx___mutex_lock+0x10/0x10 [ 138.024346][ T6480] ? __pfx_vfs_write+0x10/0x10 [ 138.029161][ T6480] ksys_write+0x12a/0x250 [ 138.033521][ T6480] ? __pfx_ksys_write+0x10/0x10 [ 138.038463][ T6480] do_syscall_64+0xcd/0xfa0 [ 138.043115][ T6480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.049053][ T6480] RIP: 0033:0x7fe54098efc9 [ 138.053497][ T6480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.073160][ T6480] RSP: 002b:00007fe5418bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.081733][ T6480] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe54098efc9 [ 138.089753][ T6480] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000005 [ 138.097759][ T6480] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 138.105763][ T6480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.113788][ T6480] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 138.121819][ T6480] [ 138.702184][ T6494] block nbd7: not configured, cannot reconfigure [ 139.728405][ T6521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.111'. [ 140.379179][ T6536] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 141.427130][ T6544] zswap: compressor not available [ 143.302039][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.309274][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.576720][ T6581] netlink: 28 bytes leftover after parsing attributes in process `syz.0.124'. [ 143.611419][ T6592] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 144.112457][ T6584] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 144.123789][ T6584] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 144.133418][ T6584] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 144.162016][ T6584] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 144.586836][ T6619] netlink: 330 bytes leftover after parsing attributes in process `syz.0.131'. [ 144.596129][ T6619] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 144.795504][ T6621] zswap: compressor not available [ 145.440012][ T6631] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 145.770770][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.904264][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.141'. [ 146.176876][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.183160][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.183186][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.685200][ T6665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.142'. [ 146.694215][ T6665] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.701839][ T6665] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.714652][ T6665] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.744444][ T6665] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 147.183806][ T52] Bluetooth: hci0: Malformed LE Event: 0x0b [ 147.607916][ T6668] netlink: 28 bytes leftover after parsing attributes in process `syz.0.139'. [ 148.441945][ T6703] FAULT_INJECTION: forcing a failure. [ 148.441945][ T6703] name failslab, interval 1, probability 0, space 0, times 0 [ 148.500900][ T6703] CPU: 1 UID: 0 PID: 6703 Comm: syz.2.153 Tainted: G U syzkaller #0 PREEMPT(full) [ 148.500947][ T6703] Tainted: [U]=USER [ 148.500955][ T6703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 148.500968][ T6703] Call Trace: [ 148.500975][ T6703] [ 148.500984][ T6703] dump_stack_lvl+0x16c/0x1f0 [ 148.501014][ T6703] should_fail_ex+0x512/0x640 [ 148.501050][ T6703] ? __kmalloc_cache_noprof+0x5f/0x780 [ 148.501094][ T6703] should_failslab+0xc2/0x120 [ 148.501127][ T6703] __kmalloc_cache_noprof+0x72/0x780 [ 148.501166][ T6703] ? alloc_super+0x52/0xb60 [ 148.501193][ T6703] ? alloc_super+0x52/0xb60 [ 148.501215][ T6703] alloc_super+0x52/0xb60 [ 148.501235][ T6703] ? sget_fc+0xd3/0xc20 [ 148.501263][ T6703] sget_fc+0x116/0xc20 [ 148.501286][ T6703] ? __pfx_set_anon_super_fc+0x10/0x10 [ 148.501326][ T6703] ? __pfx_mqueue_fill_super+0x10/0x10 [ 148.501357][ T6703] get_tree_nodev+0x28/0x190 [ 148.501382][ T6703] mqueue_get_tree+0xf1/0x130 [ 148.501413][ T6703] vfs_get_tree+0x8e/0x340 [ 148.501449][ T6703] fc_mount_longterm+0x1a/0x270 [ 148.501485][ T6703] mq_init_ns+0x426/0x620 [ 148.501523][ T6703] copy_ipcs+0x2d6/0x550 [ 148.501562][ T6703] create_new_namespaces+0x20a/0xa90 [ 148.501589][ T6703] ? security_capable+0x7e/0x260 [ 148.501627][ T6703] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 148.501657][ T6703] ksys_unshare+0x45b/0xa40 [ 148.501689][ T6703] ? __pfx_ksys_unshare+0x10/0x10 [ 148.501721][ T6703] ? xfd_validate_state+0x61/0x180 [ 148.501763][ T6703] __x64_sys_unshare+0x31/0x40 [ 148.501794][ T6703] do_syscall_64+0xcd/0xfa0 [ 148.501822][ T6703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.501852][ T6703] RIP: 0033:0x7fe7e5b8efc9 [ 148.501870][ T6703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.501901][ T6703] RSP: 002b:00007fe7e6a36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 148.501931][ T6703] RAX: ffffffffffffffda RBX: 00007fe7e5de5fa0 RCX: 00007fe7e5b8efc9 [ 148.501951][ T6703] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 148.501967][ T6703] RBP: 00007fe7e5c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 148.501981][ T6703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.501995][ T6703] R13: 00007fe7e5de6038 R14: 00007fe7e5de5fa0 R15: 00007ffc217b0f38 [ 148.502026][ T6703] [ 149.343317][ T6712] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 149.442528][ T6720] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 149.498796][ T6722] netlink: 28 bytes leftover after parsing attributes in process `syz.1.155'. [ 149.540291][ T6725] netlink: 28 bytes leftover after parsing attributes in process `syz.1.155'. [ 149.567571][ T6729] FAULT_INJECTION: forcing a failure. [ 149.567571][ T6729] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 149.583531][ T6722] ipvlan0: entered allmulticast mode [ 149.588897][ T6722] veth0_vlan: entered allmulticast mode [ 149.649008][ T6728] netlink: 28 bytes leftover after parsing attributes in process `syz.3.157'. [ 149.673795][ T6728] macvtap0: entered promiscuous mode [ 149.692118][ T6724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 149.700018][ T6729] CPU: 0 UID: 0 PID: 6729 Comm: syz.0.158 Tainted: G U syzkaller #0 PREEMPT(full) [ 149.700068][ T6729] Tainted: [U]=USER [ 149.700078][ T6729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 149.700095][ T6729] Call Trace: [ 149.700105][ T6729] [ 149.700117][ T6729] dump_stack_lvl+0x16c/0x1f0 [ 149.700159][ T6729] should_fail_ex+0x512/0x640 [ 149.700211][ T6729] ? page_copy_sane+0xcd/0x2d0 [ 149.700265][ T6729] copy_folio_from_iter_atomic+0x36f/0x1ac0 [ 149.700311][ T6729] ? simple_xattr_get+0x179/0x1d0 [ 149.700357][ T6729] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 149.700390][ T6729] ? shmem_write_begin+0x176/0x300 [ 149.700428][ T6729] ? __pfx_shmem_write_begin+0x10/0x10 [ 149.700466][ T6729] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 149.700530][ T6729] generic_perform_write+0x221/0x900 [ 149.700597][ T6729] ? __pfx_generic_perform_write+0x10/0x10 [ 149.700654][ T6729] ? inode_needs_update_time.part.0+0x191/0x270 [ 149.700706][ T6729] shmem_file_write_iter+0x10e/0x140 [ 149.700753][ T6729] vfs_write+0x7d3/0x11d0 [ 149.700790][ T6729] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 149.700834][ T6729] ? __pfx___mutex_lock+0x10/0x10 [ 149.700873][ T6729] ? __pfx_vfs_write+0x10/0x10 [ 149.700935][ T6729] ksys_write+0x12a/0x250 [ 149.700969][ T6729] ? __pfx_ksys_write+0x10/0x10 [ 149.701018][ T6729] do_syscall_64+0xcd/0xfa0 [ 149.701058][ T6729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.701092][ T6729] RIP: 0033:0x7fe54098efc9 [ 149.701118][ T6729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.701149][ T6729] RSP: 002b:00007fe5418bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.701180][ T6729] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe54098efc9 [ 149.701202][ T6729] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 149.701222][ T6729] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 149.701242][ T6729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.701261][ T6729] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 149.701307][ T6729] [ 149.705799][ T6724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 149.936348][ T6724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 149.942808][ T6724] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 151.772482][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 151.772493][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 152.021228][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 152.027309][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 152.834968][ T6792] sd 0:0:1:0: PR command failed: 1026 [ 152.840565][ T6792] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 152.851432][ T6792] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 153.020596][ T6795] netlink: 268 bytes leftover after parsing attributes in process `syz.3.173'. [ 153.300250][ T6796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.175'. [ 153.475954][ T6795] syz.3.173 (6795) used greatest stack depth: 19192 bytes left [ 154.407623][ T6808] netlink: 8 bytes leftover after parsing attributes in process `syz.3.178'. [ 155.517469][ T6822] random: crng reseeded on system resumption [ 155.731222][ T6819] warning: `syz.2.179' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 157.362184][ T6833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.182'. [ 157.870336][ T52] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5 [ 158.469287][ T6869] netlink: 28 bytes leftover after parsing attributes in process `syz.3.185'. [ 158.581697][ T6875] netlink: 28 bytes leftover after parsing attributes in process `syz.3.185'. [ 160.051779][ T6895] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 166.096067][ T6991] Falling back ldisc for ttyS2. [ 167.069326][ T7028] netlink: 20 bytes leftover after parsing attributes in process `syz.3.218'. [ 167.099438][ T7028] netlink: 28 bytes leftover after parsing attributes in process `syz.3.218'. [ 167.108563][ T7028] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.248897][ T7028] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 169.419477][ T7081] FAULT_INJECTION: forcing a failure. [ 169.419477][ T7081] name failslab, interval 1, probability 0, space 0, times 0 [ 169.440830][ T7081] CPU: 1 UID: 0 PID: 7081 Comm: syz.1.228 Tainted: G U syzkaller #0 PREEMPT(full) [ 169.440878][ T7081] Tainted: [U]=USER [ 169.440885][ T7081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.440898][ T7081] Call Trace: [ 169.440905][ T7081] [ 169.440914][ T7081] dump_stack_lvl+0x16c/0x1f0 [ 169.440945][ T7081] should_fail_ex+0x512/0x640 [ 169.440980][ T7081] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 169.441007][ T7081] should_failslab+0xc2/0x120 [ 169.441039][ T7081] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 169.441065][ T7081] ? shmem_alloc_inode+0x25/0x50 [ 169.441109][ T7081] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 169.441137][ T7081] ? shmem_alloc_inode+0x25/0x50 [ 169.441165][ T7081] shmem_alloc_inode+0x25/0x50 [ 169.441193][ T7081] alloc_inode+0x64/0x240 [ 169.441226][ T7081] new_inode+0x22/0x1c0 [ 169.441254][ T7081] ? trace_cap_capable+0x18d/0x200 [ 169.441290][ T7081] shmem_get_inode+0x19a/0xfb0 [ 169.441323][ T7081] ? __vm_enough_memory+0x184/0x3f0 [ 169.441357][ T7081] __shmem_file_setup+0x279/0x330 [ 169.441396][ T7081] shmem_zero_setup+0x93/0x1a0 [ 169.441422][ T7081] __mmap_region+0x2076/0x27a0 [ 169.441449][ T7081] ? __pfx___mmap_region+0x10/0x10 [ 169.441470][ T7081] ? lock_acquire+0x179/0x350 [ 169.441502][ T7081] ? find_held_lock+0x2b/0x80 [ 169.441526][ T7081] ? finish_task_switch.isra.0+0x21c/0xc10 [ 169.441552][ T7081] ? rcu_is_watching+0x12/0xc0 [ 169.441576][ T7081] ? finish_task_switch.isra.0+0x221/0xc10 [ 169.441607][ T7081] ? trace_sched_exit_tp+0xd1/0x120 [ 169.441644][ T7081] ? __schedule+0x11a3/0x5de0 [ 169.441715][ T7081] ? trace_cap_capable+0x18d/0x200 [ 169.441757][ T7081] mmap_region+0x1ab/0x3f0 [ 169.441780][ T7081] ? __get_unmapped_area+0x267/0x440 [ 169.441814][ T7081] do_mmap+0xa3e/0x1210 [ 169.441849][ T7081] ? __pfx_do_mmap+0x10/0x10 [ 169.441879][ T7081] ? __pfx_down_write_killable+0x10/0x10 [ 169.441909][ T7081] ? kmem_cache_free+0x2d4/0x6c0 [ 169.441938][ T7081] vm_mmap_pgoff+0x29e/0x470 [ 169.441973][ T7081] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 169.442010][ T7081] ? __x64_sys_futex+0x1e0/0x4c0 [ 169.442040][ T7081] ? __x64_sys_futex+0x1e9/0x4c0 [ 169.442076][ T7081] ksys_mmap_pgoff+0x7d/0x5c0 [ 169.442109][ T7081] ? xfd_validate_state+0x61/0x180 [ 169.442147][ T7081] __x64_sys_mmap+0x125/0x190 [ 169.442186][ T7081] do_syscall_64+0xcd/0xfa0 [ 169.442213][ T7081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.442236][ T7081] RIP: 0033:0x7f44b8d8efc9 [ 169.442254][ T7081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.442275][ T7081] RSP: 002b:00007f44b9c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 169.442296][ T7081] RAX: ffffffffffffffda RBX: 00007f44b8fe5fa0 RCX: 00007f44b8d8efc9 [ 169.442311][ T7081] RDX: 0000000000000007 RSI: 0000000002020009 RDI: 0000000000000000 [ 169.442324][ T7081] RBP: 00007f44b8e11f91 R08: fffffffffffffffa R09: 0000000000008000 [ 169.442339][ T7081] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 169.442352][ T7081] R13: 00007f44b8fe6038 R14: 00007f44b8fe5fa0 R15: 00007ffc0838b148 [ 169.442382][ T7081] [ 169.760533][ C1] vkms_vblank_simulate: vblank timer overrun [ 170.086589][ T7088] can: request_module (can-proto-0) failed. [ 170.097486][ T7095] blktrace: Concurrent blktraces are not allowed on sg0 [ 170.278827][ T7083] netlink: 28 bytes leftover after parsing attributes in process `syz.2.225'. [ 172.346399][ T7143] HfR: entered promiscuous mode [ 172.685230][ T7155] openvswitch: netlink: Duplicate or invalid key (type 0). [ 173.316154][ C1] vkms_vblank_simulate: vblank timer overrun [ 174.117272][ T7185] random: crng reseeded on system resumption [ 174.158047][ T7150] kexec: Could not allocate control_code_buffer [ 175.620139][ T7226] random: crng reseeded on system resumption [ 176.175266][ T7232] openvswitch: HfR: Dropping previously announced user features [ 176.646021][ T7249] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 176.981257][ T7254] openvswitch: HfR: Dropping previously announced user features [ 177.337438][ T30] audit: type=1326 audit(1547301611.770:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7261 comm="syz.1.254" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f44b8d8efc9 code=0x0 [ 178.988621][ T7294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.260'. [ 179.061138][ T7300] netlink: 146 bytes leftover after parsing attributes in process `syz.3.262'. [ 180.028890][ T7311] FAULT_INJECTION: forcing a failure. [ 180.028890][ T7311] name fail_futex, interval 1, probability 0, space 0, times 0 [ 180.073211][ T7311] CPU: 0 UID: 0 PID: 7311 Comm: syz.2.265 Tainted: G U syzkaller #0 PREEMPT(full) [ 180.073259][ T7311] Tainted: [U]=USER [ 180.073270][ T7311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 180.073287][ T7311] Call Trace: [ 180.073296][ T7311] [ 180.073308][ T7311] dump_stack_lvl+0x16c/0x1f0 [ 180.073348][ T7311] should_fail_ex+0x512/0x640 [ 180.073396][ T7311] ? kasan_save_stack+0x42/0x60 [ 180.073450][ T7311] get_futex_key+0x1d0/0x1560 [ 180.073490][ T7311] ? __pfx_get_futex_key+0x10/0x10 [ 180.073530][ T7311] futex_wait_setup+0x9d/0x550 [ 180.073577][ T7311] __futex_wait+0x193/0x2f0 [ 180.073616][ T7311] ? __pfx___futex_wait+0x10/0x10 [ 180.073659][ T7311] ? __pfx_futex_wake_mark+0x10/0x10 [ 180.073701][ T7311] ? futex_private_hash_put+0x176/0x300 [ 180.073734][ T7311] ? futex_private_hash_put+0x18a/0x300 [ 180.073767][ T7311] futex_wait+0xe8/0x380 [ 180.073787][ T7311] ? __pfx_futex_wait+0x10/0x10 [ 180.073834][ T7311] ? do_vfs_ioctl+0x128/0x14f0 [ 180.073873][ T7311] do_futex+0x229/0x350 [ 180.073905][ T7311] ? __pfx_do_futex+0x10/0x10 [ 180.073939][ T7311] ? find_held_lock+0x2b/0x80 [ 180.073966][ T7311] __x64_sys_futex+0x1e0/0x4c0 [ 180.074000][ T7311] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 180.074040][ T7311] ? __pfx___x64_sys_futex+0x10/0x10 [ 180.074073][ T7311] ? pipe_ioctl+0x7a/0x2b0 [ 180.074098][ T7311] ? fput+0x9b/0xd0 [ 180.074133][ T7311] do_syscall_64+0xcd/0xfa0 [ 180.074161][ T7311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.074188][ T7311] RIP: 0033:0x7fe7e5b8efc9 [ 180.074206][ T7311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.074228][ T7311] RSP: 002b:00007fe7e6a360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 180.074255][ T7311] RAX: ffffffffffffffda RBX: 00007fe7e5de5fa8 RCX: 00007fe7e5b8efc9 [ 180.074271][ T7311] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe7e5de5fa8 [ 180.074285][ T7311] RBP: 00007fe7e5de5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 180.074300][ T7311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.074314][ T7311] R13: 00007fe7e5de6038 R14: 00007ffc217b0e50 R15: 00007ffc217b0f38 [ 180.074345][ T7311] [ 180.304401][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.693651][ T7333] netlink: 334 bytes leftover after parsing attributes in process `syz.0.268'. [ 180.738923][ T30] audit: type=1800 audit(1547301615.170:6): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.269" name="version" dev="configfs" ino=15451 res=0 errno=0 [ 182.410164][ T7356] netlink: 130 bytes leftover after parsing attributes in process `syz.3.275'. [ 183.094486][ T30] audit: type=1804 audit(1547301617.530:7): pid=7380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.278" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 183.226466][ T30] audit: type=1804 audit(1547301617.660:8): pid=7386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.279" name="/newroot/66/file0" dev="tmpfs" ino=369 res=1 errno=0 [ 183.364700][ T7360] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 183.373860][ T7360] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 183.380309][ T7360] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 183.391474][ T7360] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 183.569318][ T7391] bond0: invalid ARP target specified [ 183.814241][ T7398] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 184.662616][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 185.453328][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 185.453364][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 185.459412][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 185.508556][ T7416] ACPI: button: Initial lid state set to 'ignore' [ 185.801878][ T7419] Console: switching to colour VGA+ 80x25 [ 189.413136][ T7498] netlink: 'syz.3.303': attribute type 1 has an invalid length. [ 190.204760][ T7514] zswap: compressor not available [ 192.954066][ T7599] MTRR 1 not used [ 193.061626][ T7599] FAULT_INJECTION: forcing a failure. [ 193.061626][ T7599] name fail_futex, interval 1, probability 0, space 0, times 0 [ 193.089968][ T7599] CPU: 1 UID: 0 PID: 7599 Comm: syz.2.319 Tainted: G U syzkaller #0 PREEMPT(full) [ 193.090017][ T7599] Tainted: [U]=USER [ 193.090029][ T7599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 193.090048][ T7599] Call Trace: [ 193.090058][ T7599] [ 193.090070][ T7599] dump_stack_lvl+0x16c/0x1f0 [ 193.090111][ T7599] should_fail_ex+0x512/0x640 [ 193.090170][ T7599] get_futex_key+0x1d0/0x1560 [ 193.090217][ T7599] ? __pfx_get_futex_key+0x10/0x10 [ 193.090273][ T7599] futex_wake+0xea/0x530 [ 193.090324][ T7599] ? rcu_is_watching+0x12/0xc0 [ 193.090359][ T7599] ? __pfx_futex_wake+0x10/0x10 [ 193.090414][ T7599] ? kmem_cache_free+0x2d4/0x6c0 [ 193.090447][ T7599] ? putname+0x154/0x1a0 [ 193.090495][ T7599] do_futex+0x1e3/0x350 [ 193.090550][ T7599] ? __pfx_do_futex+0x10/0x10 [ 193.090607][ T7599] __x64_sys_futex+0x1e0/0x4c0 [ 193.090653][ T7599] ? __x64_sys_openat+0x174/0x210 [ 193.090701][ T7599] ? __pfx___x64_sys_futex+0x10/0x10 [ 193.090762][ T7599] do_syscall_64+0xcd/0xfa0 [ 193.090801][ T7599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.090833][ T7599] RIP: 0033:0x7fe7e5b8efc9 [ 193.090858][ T7599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.090889][ T7599] RSP: 002b:00007fe7e6a360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 193.090921][ T7599] RAX: ffffffffffffffda RBX: 00007fe7e5de5fa8 RCX: 00007fe7e5b8efc9 [ 193.090942][ T7599] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe7e5de5fac [ 193.090963][ T7599] RBP: 00007fe7e5de5fa0 R08: 00007fe7e6a37000 R09: 0000000000000000 [ 193.090984][ T7599] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 193.091003][ T7599] R13: 00007fe7e5de6038 R14: 00007ffc217b0e50 R15: 00007ffc217b0f38 [ 193.091047][ T7599] [ 197.193166][ T7687] netlink: 25 bytes leftover after parsing attributes in process `syz.2.339'. [ 198.100389][ T7706] i2c i2c-0: delete_device: Can't find device in list [ 198.132935][ T7690] ubi0: attaching mtd0 [ 198.164219][ T7690] ubi0: scanning is finished [ 198.189331][ T7690] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 198.434647][ T7690] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 198.686934][ T7722] FAULT_INJECTION: forcing a failure. [ 198.686934][ T7722] name failslab, interval 1, probability 0, space 0, times 0 [ 198.709515][ T7722] CPU: 0 UID: 0 PID: 7722 Comm: syz.1.349 Tainted: G U syzkaller #0 PREEMPT(full) [ 198.709569][ T7722] Tainted: [U]=USER [ 198.709581][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 198.709599][ T7722] Call Trace: [ 198.709609][ T7722] [ 198.709621][ T7722] dump_stack_lvl+0x16c/0x1f0 [ 198.709664][ T7722] should_fail_ex+0x512/0x640 [ 198.709712][ T7722] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 198.709750][ T7722] should_failslab+0xc2/0x120 [ 198.709800][ T7722] kmem_cache_alloc_noprof+0x75/0x6e0 [ 198.709843][ T7722] ? __kernfs_new_node+0xd2/0x8e0 [ 198.709893][ T7722] ? __kernfs_new_node+0xd2/0x8e0 [ 198.709930][ T7722] __kernfs_new_node+0xd2/0x8e0 [ 198.709976][ T7722] ? __pfx___kernfs_new_node+0x10/0x10 [ 198.710029][ T7722] ? find_held_lock+0x2b/0x80 [ 198.710064][ T7722] ? kernfs_root+0xee/0x2a0 [ 198.710114][ T7722] kernfs_new_node+0x13c/0x1e0 [ 198.710169][ T7722] __kernfs_create_file+0x53/0x350 [ 198.710207][ T7722] sysfs_add_file_mode_ns+0x207/0x3c0 [ 198.710258][ T7722] internal_create_group+0x578/0xf30 [ 198.710312][ T7722] ? __pfx_internal_create_group+0x10/0x10 [ 198.710362][ T7722] ? kernfs_create_link+0x1bd/0x240 [ 198.710402][ T7722] internal_create_groups+0x9d/0x150 [ 198.710449][ T7722] device_add+0xf30/0x1aa0 [ 198.710505][ T7722] ? __pfx_device_add+0x10/0x10 [ 198.710553][ T7722] ? lockdep_init_map_type+0x5c/0x280 [ 198.710600][ T7722] ? __init_waitqueue_head+0xca/0x150 [ 198.710659][ T7722] netdev_register_kobject+0x1a9/0x3d0 [ 198.710706][ T7722] register_netdevice+0x13dc/0x2270 [ 198.710752][ T7722] ? __pfx_register_netdevice+0x10/0x10 [ 198.710801][ T7722] __ip_tunnel_create+0x540/0x6e0 [ 198.710905][ T7722] ? __pfx___ip_tunnel_create+0x10/0x10 [ 198.710967][ T7722] ip_tunnel_init_net+0x22f/0x7d0 [ 198.711019][ T7722] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 198.711071][ T7722] ? ops_init+0x77/0x5f0 [ 198.711110][ T7722] ? __pfx_ipgre_init_net+0x10/0x10 [ 198.711142][ T7722] ops_init+0x1e2/0x5f0 [ 198.711178][ T7722] setup_net+0x100/0x390 [ 198.711212][ T7722] ? __pfx_setup_net+0x10/0x10 [ 198.711247][ T7722] ? debug_mutex_init+0x37/0x70 [ 198.711285][ T7722] copy_net_ns+0x2f8/0x690 [ 198.711326][ T7722] create_new_namespaces+0x3ea/0xa90 [ 198.711372][ T7722] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 198.711415][ T7722] ksys_unshare+0x45b/0xa40 [ 198.711459][ T7722] ? __pfx_ksys_unshare+0x10/0x10 [ 198.711504][ T7722] ? xfd_validate_state+0x61/0x180 [ 198.711564][ T7722] __x64_sys_unshare+0x31/0x40 [ 198.711606][ T7722] do_syscall_64+0xcd/0xfa0 [ 198.711646][ T7722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.711678][ T7722] RIP: 0033:0x7f44b8d8efc9 [ 198.711704][ T7722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.711737][ T7722] RSP: 002b:00007f44b9c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 198.711768][ T7722] RAX: ffffffffffffffda RBX: 00007f44b8fe5fa0 RCX: 00007f44b8d8efc9 [ 198.711789][ T7722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 198.711809][ T7722] RBP: 00007f44b8e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 198.711835][ T7722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.711854][ T7722] R13: 00007f44b8fe6038 R14: 00007f44b8fe5fa0 R15: 00007ffc0838b148 [ 198.711899][ T7722] [ 199.711955][ T7746] netlink: 330 bytes leftover after parsing attributes in process `syz.2.352'. [ 199.730778][ T7746] mac80211_hwsim hwsim6 : renamed from wlan0 (while UP) [ 199.797829][ T7750] random: crng reseeded on system resumption [ 200.915970][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'. [ 201.060043][ T7784] Invalid ELF header magic: != ELF [ 201.091878][ T7783] Invalid ELF header magic: != ELF [ 201.348863][ T7792] vivid-003: ================= START STATUS ================= [ 201.375854][ T7792] vivid-003: Radio HW Seek Mode: Bounded [ 201.383012][ T7792] vivid-003: Radio Programmable HW Seek: false [ 201.389464][ T7792] vivid-003: RDS Rx I/O Mode: Block I/O [ 201.395641][ T7792] vivid-003: Generate RBDS Instead of RDS: false [ 201.402410][ T7792] vivid-003: RDS Reception: true [ 201.409068][ T7792] vivid-003: RDS Program Type: 0 inactive [ 201.416278][ T7792] vivid-003: RDS PS Name: inactive [ 201.421705][ T7792] vivid-003: RDS Radio Text: inactive [ 201.427515][ T7792] vivid-003: RDS Traffic Announcement: false inactive [ 201.434474][ T7792] vivid-003: RDS Traffic Program: false inactive [ 201.441326][ T7792] vivid-003: RDS Music: false inactive [ 201.446987][ T7792] vivid-003: ================== END STATUS ================== [ 201.810390][ T7806] random: crng reseeded on system resumption [ 202.162087][ T7817] block nbd0: not configured, cannot reconfigure [ 203.379947][ T7841] netlink: 5 bytes leftover after parsing attributes in process `syz.1.375'. [ 204.736960][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.743573][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.825723][ T7930] netlink: 28 bytes leftover after parsing attributes in process `syz.0.395'. [ 206.888597][ T7930] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 206.935937][ T7930] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.991842][ T7930] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 207.020782][ T7930] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 207.063133][ T7941] input: jJǸ-9%vJ86 as /devices/virtual/input/input12 [ 207.231914][ T7944] usb usb24: usbfs: process 7944 (syz.2.397) did not claim interface 0 before use [ 207.682681][ T7951] CIFS: VFS: Invalid SecurityFlags: [ 207.689406][ T7954] syz.3.402 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 208.545879][ T7969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.405'. [ 208.982697][ T30] audit: type=1800 audit(1547301643.340:9): pid=7981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.407" name="dummy_udc" dev="gadgetfs" ino=7585 res=0 errno=0 [ 209.721150][ T7983] FAULT_INJECTION: forcing a failure. [ 209.721150][ T7983] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.811006][ T7983] CPU: 0 UID: 0 PID: 7983 Comm: syz.0.408 Tainted: G U syzkaller #0 PREEMPT(full) [ 209.811051][ T7983] Tainted: [U]=USER [ 209.811061][ T7983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 209.811078][ T7983] Call Trace: [ 209.811088][ T7983] [ 209.811099][ T7983] dump_stack_lvl+0x16c/0x1f0 [ 209.811162][ T7983] should_fail_ex+0x512/0x640 [ 209.811221][ T7983] _copy_from_user+0x2e/0xd0 [ 209.811274][ T7983] get_timespec64+0x8b/0x1b0 [ 209.811316][ T7983] ? __pfx_get_timespec64+0x10/0x10 [ 209.811361][ T7983] ? common_nsleep+0xa1/0xd0 [ 209.811406][ T7983] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 209.811445][ T7983] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 209.811492][ T7983] do_syscall_64+0xcd/0xfa0 [ 209.811530][ T7983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.811562][ T7983] RIP: 0033:0x7fe5409c1885 [ 209.811587][ T7983] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 209.811618][ T7983] RSP: 002b:00007ffc866b3dd0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 209.811648][ T7983] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe5409c1885 [ 209.811669][ T7983] RDX: 00007ffc866b3e10 RSI: 0000000000000000 RDI: 0000000000000000 [ 209.811689][ T7983] RBP: 00007fe540be7da0 R08: 0000000000000000 R09: 00007fe5418bd000 [ 209.811709][ T7983] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000033367 [ 209.811728][ T7983] R13: 00007fe540be6270 R14: ffffffffffffffff R15: 00007ffc866b3f50 [ 209.811772][ T7983] [ 210.962465][ T8020] ptrace attach of "./syz-executor exec"[5836] was attempted by "Җ]ƃC?U.j' d1?vxZnQ/A@$Id՛N&tV\x098yU蘒\x1bQnԻi\x0aB\x0csJl\x1bɷP{r5iV_\x09y|BzQ\x0dr;\x0a[CZ.􇍪ձ3\x092ʭI:G\x09{#\x094C\x1bp0XqE)n{]k|#+EsLn׎0H6/5B\x5cqYtqād\x07*u^>wj09K>N8(si \x0aY$)r\x09cf(O Tj\x1bJԆ+txM4&2!QNI0TFcZt7\x5cӆWGYƺ\x0dBLC^n!,'+3n%J\x0cdTGBq*ɴ-& \x1bR]4N>LyŤZsd\x07\x0cY!iq~q_XeʴbmgJpmo8`35g`ɟ\x0d$F3tӨ)?PwGG`^l6n\x0cA\x0bhM\x5cha4F,ޕ$˩}$#9_JǤF7\x0c8o;G{$?%C\x0bgH$6ImrxóbS:3\x5c_NϬ EepeD^@$t:F өJ=c[OO'%p r_s>(zw\x09:HLʩ (ޅsni~ߏ/XEb\x0czKdeoќ |T,\x0b15\x224HyrO [ 214.652827][ T8078] Process accounting resumed [ 217.941706][ T8138] nbd: socks must be embedded in a SOCK_ITEM attr [ 218.275675][ T8146] netlink: 16 bytes leftover after parsing attributes in process `syz.1.446'. [ 220.168896][ T8201] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 220.378817][ T8198] FAULT_INJECTION: forcing a failure. [ 220.378817][ T8198] name failslab, interval 1, probability 0, space 0, times 0 [ 220.392450][ T8198] CPU: 0 UID: 0 PID: 8198 Comm: syz.0.457 Tainted: G U syzkaller #0 PREEMPT(full) [ 220.392503][ T8198] Tainted: [U]=USER [ 220.392514][ T8198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 220.392533][ T8198] Call Trace: [ 220.392544][ T8198] [ 220.392557][ T8198] dump_stack_lvl+0x16c/0x1f0 [ 220.392601][ T8198] should_fail_ex+0x512/0x640 [ 220.392652][ T8198] ? __kmalloc_cache_noprof+0x5f/0x780 [ 220.392712][ T8198] should_failslab+0xc2/0x120 [ 220.392757][ T8198] __kmalloc_cache_noprof+0x72/0x780 [ 220.392825][ T8198] ? __pfx_sl_outfill+0x10/0x10 [ 220.392871][ T8198] ? slip_open+0x846/0x1150 [ 220.392923][ T8198] ? slip_open+0x846/0x1150 [ 220.392969][ T8198] slip_open+0x846/0x1150 [ 220.393021][ T8198] ? __pfx_n_tty_close+0x10/0x10 [ 220.393065][ T8198] ? find_held_lock+0x2b/0x80 [ 220.393099][ T8198] ? __pfx_slip_open+0x10/0x10 [ 220.393154][ T8198] ? down_write+0x14d/0x200 [ 220.393201][ T8198] ? __pfx_slip_open+0x10/0x10 [ 220.393250][ T8198] tty_ldisc_open+0x9f/0x120 [ 220.393311][ T8198] tty_set_ldisc+0x32b/0x780 [ 220.393348][ T8198] tty_ioctl+0xc2d/0x1680 [ 220.393386][ T8198] ? __pfx_tty_ioctl+0x10/0x10 [ 220.393435][ T8198] ? find_held_lock+0x2b/0x80 [ 220.393469][ T8198] ? hook_file_ioctl_common+0x145/0x410 [ 220.393514][ T8198] ? __fget_files+0x20e/0x3c0 [ 220.393553][ T8198] ? __pfx_tty_ioctl+0x10/0x10 [ 220.393591][ T8198] __x64_sys_ioctl+0x18e/0x210 [ 220.393645][ T8198] do_syscall_64+0xcd/0xfa0 [ 220.393685][ T8198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.393718][ T8198] RIP: 0033:0x7fe54098efc9 [ 220.393744][ T8198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.393776][ T8198] RSP: 002b:00007fe5418bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.393807][ T8198] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe54098efc9 [ 220.393829][ T8198] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000a [ 220.393849][ T8198] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 220.393869][ T8198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.393888][ T8198] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 220.393934][ T8198] [ 222.221191][ T8243] netlink: 334 bytes leftover after parsing attributes in process `syz.3.466'. [ 223.107252][ T8271] netlink: 28 bytes leftover after parsing attributes in process `syz.0.474'. [ 223.181654][ T8273] ======================================================= [ 223.181654][ T8273] WARNING: The mand mount option has been deprecated and [ 223.181654][ T8273] and is ignored by this kernel. Remove the mand [ 223.181654][ T8273] option from the mount to silence this warning. [ 223.181654][ T8273] ======================================================= [ 223.301052][ T8268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.472'. [ 223.518793][ T8291] FAULT_INJECTION: forcing a failure. [ 223.518793][ T8291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.566340][ T8291] CPU: 0 UID: 0 PID: 8291 Comm: syz.0.478 Tainted: G U syzkaller #0 PREEMPT(full) [ 223.566391][ T8291] Tainted: [U]=USER [ 223.566402][ T8291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 223.566420][ T8291] Call Trace: [ 223.566430][ T8291] [ 223.566442][ T8291] dump_stack_lvl+0x16c/0x1f0 [ 223.566483][ T8291] should_fail_ex+0x512/0x640 [ 223.566539][ T8291] _copy_from_user+0x2e/0xd0 [ 223.566590][ T8291] snd_seq_oss_write+0x397/0x7d0 [ 223.566645][ T8291] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 223.566697][ T8291] ? common_file_perm+0x1a9/0x340 [ 223.566731][ T8291] ? bpf_lsm_file_permission+0x9/0x10 [ 223.566779][ T8291] ? __pfx_odev_write+0x10/0x10 [ 223.566814][ T8291] odev_write+0x51/0xa0 [ 223.566852][ T8291] vfs_write+0x2a0/0x11d0 [ 223.566898][ T8291] ? __pfx_vfs_write+0x10/0x10 [ 223.566930][ T8291] ? find_held_lock+0x2b/0x80 [ 223.566962][ T8291] ? __fget_files+0x204/0x3c0 [ 223.566998][ T8291] ? __fget_files+0x20e/0x3c0 [ 223.567050][ T8291] ksys_write+0x12a/0x250 [ 223.567085][ T8291] ? __pfx_ksys_write+0x10/0x10 [ 223.567132][ T8291] do_syscall_64+0xcd/0xfa0 [ 223.567172][ T8291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.567206][ T8291] RIP: 0033:0x7fe54098efc9 [ 223.567231][ T8291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.567261][ T8291] RSP: 002b:00007fe5418bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 223.567292][ T8291] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe54098efc9 [ 223.567313][ T8291] RDX: 00000000000002f8 RSI: 0000200000000040 RDI: 0000000000000002 [ 223.567333][ T8291] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 223.567353][ T8291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.567372][ T8291] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 223.567417][ T8291] [ 224.135966][ T8301] netlink: 28 bytes leftover after parsing attributes in process `syz.1.479'. [ 224.360140][ T8307] overlayfs: "check_copy_up" module option is obsolete [ 225.963228][ T8353] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 226.295265][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.341205][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.395736][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.405481][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.419320][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.431262][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.495329][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 226.558186][ T8355] netlink: 330 bytes leftover after parsing attributes in process `syz.0.494'. [ 229.224175][ T8399] type: 4278190080 invalid [ 229.569306][ T8408] __nla_validate_parse: 25 callbacks suppressed [ 229.569333][ T8408] netlink: 266 bytes leftover after parsing attributes in process `syz.1.506'. [ 229.621022][ T8408] IPv6: NLM_F_CREATE should be specified when creating new route [ 232.807770][ T8469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.516'. [ 233.157981][ T8464] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 233.287210][ T8464] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 233.363722][ T8464] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 233.748803][ T8474] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 234.040507][ T8480] netlink: 28 bytes leftover after parsing attributes in process `syz.1.519'. [ 235.295164][ T8492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.219748][ T8524] FAULT_INJECTION: forcing a failure. [ 236.219748][ T8524] name failslab, interval 1, probability 0, space 0, times 0 [ 236.321023][ T8524] CPU: 0 UID: 0 PID: 8524 Comm: syz.1.529 Tainted: G U syzkaller #0 PREEMPT(full) [ 236.321072][ T8524] Tainted: [U]=USER [ 236.321081][ T8524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 236.321098][ T8524] Call Trace: [ 236.321107][ T8524] [ 236.321123][ T8524] dump_stack_lvl+0x16c/0x1f0 [ 236.321161][ T8524] should_fail_ex+0x512/0x640 [ 236.321206][ T8524] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 236.321243][ T8524] should_failslab+0xc2/0x120 [ 236.321284][ T8524] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 236.321319][ T8524] ? __d_alloc+0x32/0xae0 [ 236.321360][ T8524] ? __d_alloc+0x32/0xae0 [ 236.321400][ T8524] __d_alloc+0x32/0xae0 [ 236.321441][ T8524] d_alloc_pseudo+0x1c/0xc0 [ 236.321483][ T8524] alloc_file_pseudo+0xcf/0x230 [ 236.321530][ T8524] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 236.321574][ T8524] ? alloc_fd+0x471/0x7d0 [ 236.321610][ T8524] sock_alloc_file+0x50/0x210 [ 236.321645][ T8524] __sys_socket+0x1c0/0x260 [ 236.321684][ T8524] ? __pfx___sys_socket+0x10/0x10 [ 236.321727][ T8524] ? do_user_addr_fault+0x843/0x1370 [ 236.321763][ T8524] __x64_sys_socket+0x72/0xb0 [ 236.321801][ T8524] ? lockdep_hardirqs_on+0x7c/0x110 [ 236.321834][ T8524] do_syscall_64+0xcd/0xfa0 [ 236.321871][ T8524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.321901][ T8524] RIP: 0033:0x7f44b8d90ee7 [ 236.321925][ T8524] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.321963][ T8524] RSP: 002b:00007f44b9c0efa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 236.321991][ T8524] RAX: ffffffffffffffda RBX: 00007f44b8fe6180 RCX: 00007f44b8d90ee7 [ 236.322010][ T8524] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 236.322028][ T8524] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 236.322046][ T8524] R10: 0000200000000140 R11: 0000000000000286 R12: 0000000000000000 [ 236.322064][ T8524] R13: 00007f44b8fe6218 R14: 00007f44b8fe6180 R15: 00007ffc0838b148 [ 236.322105][ T8524] [ 240.698243][ T8588] Process accounting resumed [ 241.071474][ T8597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.546'. [ 242.393049][ T8618] FAULT_INJECTION: forcing a failure. [ 242.393049][ T8618] name failslab, interval 1, probability 0, space 0, times 0 [ 242.458194][ T8618] CPU: 0 UID: 0 PID: 8618 Comm: syz.1.551 Tainted: G U syzkaller #0 PREEMPT(full) [ 242.458252][ T8618] Tainted: [U]=USER [ 242.458262][ T8618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 242.458281][ T8618] Call Trace: [ 242.458295][ T8618] [ 242.458309][ T8618] dump_stack_lvl+0x16c/0x1f0 [ 242.458351][ T8618] should_fail_ex+0x512/0x640 [ 242.458406][ T8618] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 242.458447][ T8618] should_failslab+0xc2/0x120 [ 242.458491][ T8618] kmem_cache_alloc_noprof+0x75/0x6e0 [ 242.458525][ T8618] ? alloc_empty_file+0x55/0x1e0 [ 242.458578][ T8618] ? alloc_empty_file+0x55/0x1e0 [ 242.458624][ T8618] alloc_empty_file+0x55/0x1e0 [ 242.458672][ T8618] alloc_file_pseudo+0x13a/0x230 [ 242.458726][ T8618] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 242.458788][ T8618] ? do_raw_spin_unlock+0x172/0x230 [ 242.458847][ T8618] __anon_inode_getfile+0xe8/0x280 [ 242.458897][ T8618] anon_inode_getfile_fmode+0x37/0xa0 [ 242.458940][ T8618] __do_sys_timerfd_create+0x216/0x3e0 [ 242.458986][ T8618] ? do_syscall_64+0x91/0xfa0 [ 242.459023][ T8618] do_syscall_64+0xcd/0xfa0 [ 242.459066][ T8618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.459098][ T8618] RIP: 0033:0x7f44b8d8efc9 [ 242.459124][ T8618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.459161][ T8618] RSP: 002b:00007f44b9c52038 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 242.459197][ T8618] RAX: ffffffffffffffda RBX: 00007f44b8fe5fa0 RCX: 00007f44b8d8efc9 [ 242.459219][ T8618] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000008 [ 242.459242][ T8618] RBP: 00007f44b8e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 242.459262][ T8618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 242.459281][ T8618] R13: 00007f44b8fe6038 R14: 00007f44b8fe5fa0 R15: 00007ffc0838b148 [ 242.459330][ T8618] [ 243.147019][ T8576] syz.2.538: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0x400cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 243.188735][ T8576] CPU: 1 UID: 0 PID: 8576 Comm: syz.2.538 Tainted: G U syzkaller #0 PREEMPT(full) [ 243.188785][ T8576] Tainted: [U]=USER [ 243.188795][ T8576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 243.188813][ T8576] Call Trace: [ 243.188824][ T8576] [ 243.188836][ T8576] dump_stack_lvl+0x16c/0x1f0 [ 243.188877][ T8576] warn_alloc+0x248/0x3a0 [ 243.188913][ T8576] ? __pfx_warn_alloc+0x10/0x10 [ 243.188961][ T8576] ? xt_alloc_table_info+0x43/0xa0 [ 243.188999][ T8576] ? __vmalloc_node_noprof+0xad/0xf0 [ 243.189055][ T8576] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 243.189117][ T8576] ? xt_alloc_table_info+0x43/0xa0 [ 243.189167][ T8576] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 243.189223][ T8576] ? ___kmalloc_large_node+0xed/0x160 [ 243.189278][ T8576] __kvmalloc_node_noprof+0x431/0x9c0 [ 243.189318][ T8576] ? xt_alloc_table_info+0x43/0xa0 [ 243.189355][ T8576] ? copy_from_sockptr_offset+0xed/0x1b0 [ 243.189403][ T8576] ? xt_alloc_table_info+0x43/0xa0 [ 243.189450][ T8576] ? xt_alloc_table_info+0x43/0xa0 [ 243.189487][ T8576] xt_alloc_table_info+0x43/0xa0 [ 243.189525][ T8576] do_ip6t_set_ctl+0x498/0xa70 [ 243.189573][ T8576] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 243.189620][ T8576] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 243.189680][ T8576] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 243.189741][ T8576] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 243.189784][ T8576] nf_setsockopt+0x8d/0xf0 [ 243.189826][ T8576] ipv6_setsockopt+0x135/0x170 [ 243.189871][ T8576] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 243.189915][ T8576] do_sock_setsockopt+0xf3/0x1d0 [ 243.189959][ T8576] __sys_setsockopt+0x120/0x1a0 [ 243.190015][ T8576] __x64_sys_setsockopt+0xbd/0x160 [ 243.190066][ T8576] ? do_syscall_64+0x91/0xfa0 [ 243.190100][ T8576] ? lockdep_hardirqs_on+0x7c/0x110 [ 243.190135][ T8576] do_syscall_64+0xcd/0xfa0 [ 243.190173][ T8576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.190206][ T8576] RIP: 0033:0x7fe7e5b8efc9 [ 243.190231][ T8576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.190262][ T8576] RSP: 002b:00007fe7e69f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 243.190292][ T8576] RAX: ffffffffffffffda RBX: 00007fe7e5de6180 RCX: 00007fe7e5b8efc9 [ 243.190314][ T8576] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 243.190333][ T8576] RBP: 00007fe7e5c11f91 R08: 00000000420b5bf1 R09: 0000000000000000 [ 243.190353][ T8576] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 243.190374][ T8576] R13: 00007fe7e5de6218 R14: 00007fe7e5de6180 R15: 00007ffc217b0f38 [ 243.190418][ T8576] [ 243.190429][ T8576] Mem-Info: [ 243.473874][ T8576] active_anon:4348 inactive_anon:12098 isolated_anon:0 [ 243.473874][ T8576] active_file:16966 inactive_file:39628 isolated_file:0 [ 243.473874][ T8576] unevictable:768 dirty:13 writeback:0 [ 243.473874][ T8576] slab_reclaimable:11038 slab_unreclaimable:93247 [ 243.473874][ T8576] mapped:31205 shmem:5976 pagetables:1285 [ 243.473874][ T8576] sec_pagetables:0 bounce:0 [ 243.473874][ T8576] kernel_misc_reclaimable:0 [ 243.473874][ T8576] free:1299803 free_pcp:18665 free_cma:0 [ 243.526711][ T8576] Node 0 active_anon:17392kB inactive_anon:48592kB active_file:67864kB inactive_file:158376kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:125020kB dirty:52kB writeback:0kB shmem:22668kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:20480kB kernel_stack:12320kB pagetables:5108kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 243.559841][ T8576] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 243.690742][ T8576] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 243.728214][ T8576] lowmem_reserve[]: 0 2485 2487 2487 2487 [ 243.737966][ T8576] Node 0 DMA32 free:1287464kB boost:0kB min:34364kB low:42952kB high:51540kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17392kB inactive_anon:58696kB active_file:67864kB inactive_file:159908kB unevictable:1536kB writepending:52kB zspages:328kB present:3129332kB managed:2545108kB mlocked:0kB bounce:0kB free_pcp:53044kB local_pcp:8828kB free_cma:0kB [ 243.865284][ T8576] lowmem_reserve[]: 0 0 1 1 1 [ 243.875807][ T8576] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 243.906262][ T8576] lowmem_reserve[]: 0 0 0 0 0 [ 243.912568][ T8576] Node 1 Normal free:3892096kB boost:0kB min:55512kB low:69388kB high:83264kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15076kB local_pcp:6852kB free_cma:0kB [ 244.033067][ T8576] lowmem_reserve[]: 0 0 0 0 0 [ 244.046171][ T8576] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 244.104315][ T8576] Node 0 DMA32: 2*4kB (UM) 55*8kB (UME) 611*16kB (UM) 508*32kB (UME) 312*64kB (UM) 272*128kB (UM) 168*256kB (UME) 91*512kB (UME) 49*1024kB (UM) 11*2048kB (UME) 251*4096kB (UM) = 1271664kB [ 244.131462][ T8576] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 244.144818][ T8576] Node 1 Normal: 149*4kB (UME) 50*8kB (UME) 34*16kB (UME) 156*32kB (UME) 66*64kB (UME) 7*128kB (UME) 3*256kB (ME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 946*4096kB (M) = 3892356kB [ 244.183447][ T8576] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 244.239601][ T8576] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 244.270887][ T8576] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 244.311189][ T8576] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 244.360696][ T8576] 67517 total pagecache pages [ 244.370802][ T8576] 31 pages in swap cache [ 244.375794][ T8576] Free swap = 124784kB [ 244.380005][ T8576] Total swap = 124996kB [ 244.419077][ T8576] 2097051 pages RAM [ 244.452328][ T8576] 0 pages HighMem/MovableOnly [ 244.513677][ T8576] 428684 pages reserved [ 244.531859][ T8576] 0 pages cma reserved [ 246.182551][ T8675] Invalid ELF header len 5 [ 246.674120][ T8685] delete_channel: no stack [ 247.403676][ T8686] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 247.437713][ T8686] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 247.470146][ T8686] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 247.481063][ T8686] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 248.626847][ T8725] bond0: invalid ARP target specified [ 249.131236][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 249.470228][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 249.530762][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 249.532196][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 249.785502][ T8743] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 251.607724][ T8788] openvswitch: netlink: IP tunnel attribute has 91 unknown bytes. [ 251.644412][ T8787] openvswitch: netlink: IP tunnel attribute has 91 unknown bytes. [ 251.917872][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 251.930927][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 251.940940][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 251.948862][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 251.957105][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 251.963406][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 251.971031][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 251.977980][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.005152][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.015199][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.025324][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.035448][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.049118][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.056058][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.098356][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.105158][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.119670][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.126805][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.146600][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.152844][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.161170][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.171483][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.178781][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.196316][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.222858][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.230679][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.256279][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.263452][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.301499][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.308015][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.329822][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.336159][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.352300][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.365379][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.373374][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.382287][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.391634][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.397826][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.413186][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.419335][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.427545][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.437118][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.454549][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.467781][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.481894][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.488976][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.496100][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.504857][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 252.571021][ T8782] binder: BINDER_SET_CONTEXT_MGR already set [ 252.577190][ T8782] binder: 8781:8782 ioctl 40046207 0 returned -16 [ 253.171597][ T8832] netlink: 206 bytes leftover after parsing attributes in process `syz.3.595'. [ 253.728643][ T8837] openvswitch: HfR: Dropping previously announced user features [ 253.829237][ T43] smpboot: CPU 0 is now offline [ 254.707395][ T8867] vhci_hcd: invalid port number 16 [ 254.769456][ T8867] vhci_hcd: invalid port number 16 [ 257.363610][ T8931] ptrace attach of "./syz-executor exec"[5836] was attempted by "./syz-executor exec"[8931] [ 257.741712][ T8938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078001800 pfn:0x78001 [ 257.826179][ T8938] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 257.887156][ T8938] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 257.951210][ T8938] raw: ffff888078001800 0000000000000000 00000001ffffffff 0000000000000000 [ 258.065705][ T8938] page dumped because: unmovable page [ 258.109962][ T8938] page_owner tracks the page as allocated [ 258.153305][ T8938] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 7979, tgid 7961 (syz.1.403), ts 209189492013, free_ts 209029111856 [ 258.219874][ T8938] post_alloc_hook+0x1c0/0x230 [ 258.237703][ T8938] get_page_from_freelist+0x10a3/0x3a30 [ 258.261830][ T8938] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 258.282860][ T8938] alloc_pages_mpol+0x1fb/0x550 [ 258.298650][ T8938] alloc_pages_noprof+0x131/0x390 [ 258.324751][ T8938] brd_submit_bio+0x11ce/0x2490 [ 258.338621][ T8938] __submit_bio+0x304/0x690 [ 258.353737][ T8938] submit_bio_noacct_nocheck+0x75c/0xc10 [ 258.365319][ T8938] submit_bio_noacct+0xbbb/0x1f60 [ 258.370397][ T8938] __block_write_full_folio+0x735/0xe00 [ 258.433885][ T8938] block_write_full_folio+0x341/0x400 [ 258.449005][ T8938] blkdev_writepages+0xb8/0x140 [ 258.464340][ T8938] do_writepages+0x27a/0x600 [ 258.473799][ T8938] filemap_fdatawrite_wbc+0x104/0x160 [ 258.486702][ T8938] __filemap_fdatawrite_range+0xb9/0x100 [ 258.505415][ T8938] filemap_write_and_wait_range+0xa3/0x130 [ 258.522268][ T8938] page last free pid 7974 tgid 7973 stack trace: [ 258.540168][ T8938] __free_frozen_pages+0x7df/0x1160 [ 258.550285][ T8938] vfree+0x1fd/0xb50 [ 258.558091][ T8938] snd_dma_free_pages+0x54/0x70 [ 258.570793][ T8938] snd_pcm_lib_free_pages+0x172/0x390 [ 258.583748][ T8938] snd_pcm_release_substream.part.0+0x2a8/0x340 [ 258.600403][ T8938] snd_pcm_release_substream+0x5b/0x70 [ 258.610822][ T8938] snd_pcm_oss_release+0x16f/0x310 [ 258.615986][ T8938] __fput+0x402/0xb70 [ 258.632341][ T8938] task_work_run+0x150/0x240 [ 258.637024][ T8938] exit_to_user_mode_loop+0xec/0x130 [ 258.654574][ T8938] do_syscall_64+0x426/0xfa0 [ 258.659221][ T8938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.926008][ T8962] HfR: entered promiscuous mode [ 263.028541][ T9034] openvswitch: HfR: Dropping previously announced user features [ 263.498374][ T9043] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 264.176758][ T9057] __vm_enough_memory: pid: 9057, comm: syz.2.642, bytes: 4398046511104 not enough memory for the allocation [ 264.307160][ T9061] openvswitch: HfR: Dropping previously announced user features [ 265.079916][ T9077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.647'. [ 265.127457][ T9077] netlink: 'syz.2.647': attribute type 1 has an invalid length. [ 265.164142][ T9077] netlink: 78 bytes leftover after parsing attributes in process `syz.2.647'. [ 265.574243][ T9080] zswap: compressor not available [ 266.179555][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.188936][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.562230][ T9108] openvswitch: HfR: Dropping previously announced user features [ 266.868923][ T9113] openvswitch: netlink: Flow actions attr not present in new flow. [ 267.478281][ C1] vcan0: j1939_tp_rxtimer: 0xffff888032527c00: rx timeout, send abort [ 267.488358][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888032527c00: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 267.640674][ T9132] netlink: 28 bytes leftover after parsing attributes in process `syz.3.660'. [ 267.796696][ T9132] hsr_slave_0: left promiscuous mode [ 267.859383][ T9132] hsr_slave_1: left promiscuous mode [ 268.257149][ T9146] openvswitch: HfR: Dropping previously announced user features [ 270.158048][ T9191] bridge0: port 3(veth1_macvtap) entered blocking state [ 270.294616][ T9193] FAULT_INJECTION: forcing a failure. [ 270.294616][ T9193] name failslab, interval 1, probability 0, space 0, times 0 [ 270.343480][ T9191] bridge0: port 3(veth1_macvtap) entered disabled state [ 270.497116][ T9191] veth1_macvtap: entered allmulticast mode [ 270.581632][ T9193] CPU: 1 UID: 0 PID: 9193 Comm: syz.0.672 Tainted: G U syzkaller #0 PREEMPT(full) [ 270.581677][ T9193] Tainted: [U]=USER [ 270.581685][ T9193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 270.581701][ T9193] Call Trace: [ 270.581709][ T9193] [ 270.581718][ T9193] dump_stack_lvl+0x16c/0x1f0 [ 270.581748][ T9193] should_fail_ex+0x512/0x640 [ 270.581784][ T9193] ? fs_reclaim_acquire+0xae/0x150 [ 270.581818][ T9193] should_failslab+0xc2/0x120 [ 270.581850][ T9193] kmem_cache_alloc_noprof+0x75/0x6e0 [ 270.581874][ T9193] ? __pfx_map_id_range_down+0x10/0x10 [ 270.581911][ T9193] ? security_inode_alloc+0x3b/0x2b0 [ 270.581953][ T9193] ? security_inode_alloc+0x3b/0x2b0 [ 270.581988][ T9193] security_inode_alloc+0x3b/0x2b0 [ 270.582025][ T9193] inode_init_always_gfp+0xce4/0x1030 [ 270.582055][ T9193] alloc_inode+0x86/0x240 [ 270.582086][ T9193] new_inode+0x22/0x1c0 [ 270.582121][ T9193] proc_pid_make_inode+0x22/0x160 [ 270.582152][ T9193] proc_ns_dir_lookup+0x25b/0x390 [ 270.582186][ T9193] ? __pfx_proc_ns_dir_lookup+0x10/0x10 [ 270.582216][ T9193] lookup_open.isra.0+0x4da/0x1580 [ 270.582261][ T9193] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 270.582317][ T9193] ? mnt_get_write_access+0x1e9/0x2f0 [ 270.582354][ T9193] path_openat+0x893/0x2cb0 [ 270.582397][ T9193] ? __pfx_path_openat+0x10/0x10 [ 270.582425][ T9193] ? __lock_acquire+0xb8a/0x1c90 [ 270.582462][ T9193] do_filp_open+0x20b/0x470 [ 270.582489][ T9193] ? __pfx_do_filp_open+0x10/0x10 [ 270.582526][ T9193] ? __pfx_kfree_link+0x10/0x10 [ 270.582569][ T9193] ? alloc_fd+0x471/0x7d0 [ 270.582600][ T9193] do_sys_openat2+0x11b/0x1d0 [ 270.582635][ T9193] ? __pfx_do_sys_openat2+0x10/0x10 [ 270.582682][ T9193] __x64_sys_openat+0x174/0x210 [ 270.582718][ T9193] ? __pfx___x64_sys_openat+0x10/0x10 [ 270.582766][ T9193] do_syscall_64+0xcd/0xfa0 [ 270.582794][ T9193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.582818][ T9193] RIP: 0033:0x7fe54098d810 [ 270.582837][ T9193] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 270.582860][ T9193] RSP: 002b:00007fe541879f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 270.582881][ T9193] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe54098d810 [ 270.582896][ T9193] RDX: 0000000000000002 RSI: 00007fe541879fa0 RDI: 00000000ffffff9c [ 270.582909][ T9193] RBP: 00007fe541879fa0 R08: 0000000000000000 R09: 0000000000000000 [ 270.582923][ T9193] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 270.582936][ T9193] R13: 00007fe540be6218 R14: 00007fe540be6180 R15: 00007ffc866b3cd8 [ 270.582966][ T9193] [ 270.851817][ C1] vkms_vblank_simulate: vblank timer overrun [ 270.903756][ T9198] Process accounting paused [ 271.190094][ T9191] veth1_macvtap: left allmulticast mode [ 271.237335][ T9190] openvswitch: HfR: Dropping previously announced user features [ 271.472220][ T9208] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 271.502690][ T9209] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 272.431384][ T9226] netlink: 330 bytes leftover after parsing attributes in process `syz.1.685'. [ 272.770518][ T9229] sd 0:0:1:0: device reset [ 273.761986][ T9256] netlink: 342 bytes leftover after parsing attributes in process `syz.1.693'. [ 273.812198][ T9256] netlink: 342 bytes leftover after parsing attributes in process `syz.1.693'. [ 274.049662][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.3.695'. [ 274.372039][ T9247] kexec: Could not allocate control_code_buffer [ 275.186975][ T9290] capability: warning: `syz.1.701' uses 32-bit capabilities (legacy support in use) [ 275.664433][ T9298] FAULT_INJECTION: forcing a failure. [ 275.664433][ T9298] name failslab, interval 1, probability 0, space 0, times 0 [ 275.730237][ T9298] CPU: 1 UID: 0 PID: 9298 Comm: syz.2.704 Tainted: G U syzkaller #0 PREEMPT(full) [ 275.730274][ T9298] Tainted: [U]=USER [ 275.730281][ T9298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 275.730294][ T9298] Call Trace: [ 275.730301][ T9298] [ 275.730315][ T9298] dump_stack_lvl+0x16c/0x1f0 [ 275.730345][ T9298] should_fail_ex+0x512/0x640 [ 275.730380][ T9298] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 275.730407][ T9298] should_failslab+0xc2/0x120 [ 275.730438][ T9298] kmem_cache_alloc_noprof+0x75/0x6e0 [ 275.730461][ T9298] ? kcm_create+0x11e/0x690 [ 275.730502][ T9298] ? kcm_create+0x11e/0x690 [ 275.730535][ T9298] kcm_create+0x11e/0x690 [ 275.730574][ T9298] __sock_create+0x338/0x8d0 [ 275.730609][ T9298] __sys_socket+0x14d/0x260 [ 275.730640][ T9298] ? __pfx___sys_socket+0x10/0x10 [ 275.730670][ T9298] ? xfd_validate_state+0x61/0x180 [ 275.730702][ T9298] ? __pfx_ksys_write+0x10/0x10 [ 275.730733][ T9298] __x64_sys_socket+0x72/0xb0 [ 275.730762][ T9298] ? lockdep_hardirqs_on+0x7c/0x110 [ 275.730787][ T9298] do_syscall_64+0xcd/0xfa0 [ 275.730814][ T9298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.730837][ T9298] RIP: 0033:0x7fe7e5b8efc9 [ 275.730854][ T9298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.730876][ T9298] RSP: 002b:00007fe7e6a36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 275.730897][ T9298] RAX: ffffffffffffffda RBX: 00007fe7e5de5fa0 RCX: 00007fe7e5b8efc9 [ 275.730911][ T9298] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000029 [ 275.730924][ T9298] RBP: 00007fe7e5c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 275.730943][ T9298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.730957][ T9298] R13: 00007fe7e5de6038 R14: 00007fe7e5de5fa0 R15: 00007ffc217b0f38 [ 275.730987][ T9298] [ 277.776268][ T9337] netlink: 302 bytes leftover after parsing attributes in process `syz.1.714'. [ 278.669341][ T9356] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(6.7.0), cmd(2) [ 278.718266][ T9355] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 278.778282][ T9340] netlink: 28 bytes leftover after parsing attributes in process `syz.0.710'. [ 280.554363][ T9404] FAULT_INJECTION: forcing a failure. [ 280.554363][ T9404] name fail_futex, interval 1, probability 0, space 0, times 0 [ 280.648463][ T9404] CPU: 1 UID: 0 PID: 9404 Comm: syz.1.731 Tainted: G U syzkaller #0 PREEMPT(full) [ 280.648501][ T9404] Tainted: [U]=USER [ 280.648508][ T9404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 280.648522][ T9404] Call Trace: [ 280.648529][ T9404] [ 280.648538][ T9404] dump_stack_lvl+0x16c/0x1f0 [ 280.648567][ T9404] should_fail_ex+0x512/0x640 [ 280.648615][ T9404] get_futex_key+0x1d0/0x1560 [ 280.648650][ T9404] ? __pfx_get_futex_key+0x10/0x10 [ 280.648678][ T9404] ? futex_private_hash_put+0x176/0x300 [ 280.648716][ T9404] futex_wake+0xea/0x530 [ 280.648749][ T9404] ? futex_wait+0x120/0x380 [ 280.648769][ T9404] ? __pfx_futex_wait+0x10/0x10 [ 280.648806][ T9404] ? __pfx_futex_wake+0x10/0x10 [ 280.648846][ T9404] ? __fget_files+0x204/0x3c0 [ 280.648876][ T9404] do_futex+0x1e3/0x350 [ 280.648907][ T9404] ? __pfx_do_futex+0x10/0x10 [ 280.648940][ T9404] ? __pfx_kernel_move_pages+0x10/0x10 [ 280.648976][ T9404] ? __sys_sendmsg+0x18c/0x220 [ 280.649001][ T9404] __x64_sys_futex+0x1e0/0x4c0 [ 280.649037][ T9404] ? __pfx___x64_sys_futex+0x10/0x10 [ 280.649069][ T9404] ? xfd_validate_state+0x61/0x180 [ 280.649112][ T9404] do_syscall_64+0xcd/0xfa0 [ 280.649139][ T9404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.649163][ T9404] RIP: 0033:0x7f44b8d8efc9 [ 280.649180][ T9404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.649202][ T9404] RSP: 002b:00007f44b9c520e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 280.649223][ T9404] RAX: ffffffffffffffda RBX: 00007f44b8fe5fa8 RCX: 00007f44b8d8efc9 [ 280.649238][ T9404] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f44b8fe5fac [ 280.649251][ T9404] RBP: 00007f44b8fe5fa0 R08: 00007f44b9c53000 R09: 0000000000000000 [ 280.649265][ T9404] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 280.649279][ T9404] R13: 00007f44b8fe6038 R14: 00007ffc0838b060 R15: 00007ffc0838b148 [ 280.649308][ T9404] [ 282.709873][ T9446] FAULT_INJECTION: forcing a failure. [ 282.709873][ T9446] name failslab, interval 1, probability 0, space 0, times 0 [ 282.774412][ T9446] CPU: 1 UID: 0 PID: 9446 Comm: syz.1.745 Tainted: G U syzkaller #0 PREEMPT(full) [ 282.774457][ T9446] Tainted: [U]=USER [ 282.774464][ T9446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 282.774478][ T9446] Call Trace: [ 282.774486][ T9446] [ 282.774494][ T9446] dump_stack_lvl+0x16c/0x1f0 [ 282.774524][ T9446] should_fail_ex+0x512/0x640 [ 282.774560][ T9446] ? fs_reclaim_acquire+0xae/0x150 [ 282.774594][ T9446] should_failslab+0xc2/0x120 [ 282.774626][ T9446] kmem_cache_alloc_noprof+0x75/0x6e0 [ 282.774649][ T9446] ? __pfx_map_id_range_down+0x10/0x10 [ 282.774687][ T9446] ? security_inode_alloc+0x3b/0x2b0 [ 282.774728][ T9446] ? security_inode_alloc+0x3b/0x2b0 [ 282.774762][ T9446] security_inode_alloc+0x3b/0x2b0 [ 282.774799][ T9446] inode_init_always_gfp+0xce4/0x1030 [ 282.774828][ T9446] alloc_inode+0x86/0x240 [ 282.774860][ T9446] new_inode+0x22/0x1c0 [ 282.774894][ T9446] bdev_alloc+0x2b/0x420 [ 282.774919][ T9446] __alloc_disk_node+0x116/0x640 [ 282.774955][ T9446] __blk_mq_alloc_disk+0x89/0x120 [ 282.774986][ T9446] loop_add+0x490/0xb70 [ 282.775011][ T9446] ? __pfx_loop_add+0x10/0x10 [ 282.775054][ T9446] ? find_held_lock+0x2b/0x80 [ 282.775082][ T9446] loop_control_ioctl+0x13e/0x630 [ 282.775107][ T9446] ? __pfx_loop_control_ioctl+0x10/0x10 [ 282.775136][ T9446] ? __pfx_loop_control_ioctl+0x10/0x10 [ 282.775163][ T9446] __x64_sys_ioctl+0x18e/0x210 [ 282.775200][ T9446] do_syscall_64+0xcd/0xfa0 [ 282.775228][ T9446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.775252][ T9446] RIP: 0033:0x7f44b8d8efc9 [ 282.775271][ T9446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.775294][ T9446] RSP: 002b:00007f44b9c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.775316][ T9446] RAX: ffffffffffffffda RBX: 00007f44b8fe5fa0 RCX: 00007f44b8d8efc9 [ 282.775331][ T9446] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007 [ 282.775345][ T9446] RBP: 00007f44b8e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 282.775358][ T9446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 282.775371][ T9446] R13: 00007f44b8fe6038 R14: 00007f44b8fe5fa0 R15: 00007ffc0838b148 [ 282.775401][ T9446] [ 283.104396][ T9450] device-mapper: ioctl: Invalid ioctl structure: name , dev 4 [ 284.534150][ T9476] openvswitch: HfR: Dropping previously announced user features [ 284.867630][ T9481] netlink: 28 bytes leftover after parsing attributes in process `syz.2.756'. [ 284.953843][ T9486] netlink: 86 bytes leftover after parsing attributes in process `syz.1.757'. [ 284.999434][ T9490] netlink: 86 bytes leftover after parsing attributes in process `syz.1.757'. [ 285.082020][ T9481] hsr_slave_0 (unregistering): left promiscuous mode [ 285.845525][ T9506] vivid-007: ================= START STATUS ================= [ 285.923429][ T9506] vivid-007: Enable Output Cropping: true [ 285.999604][ T9506] vivid-007: Enable Output Composing: true [ 286.005525][ T9506] vivid-007: Enable Output Scaler: true [ 286.114263][ T9506] vivid-007: Tx RGB Quantization Range: Automatic [ 286.171238][ T9506] vivid-007: Transmit Mode: HDMI [ 286.218348][ T9506] vivid-007: Hotplug Present: 0x00000000 [ 286.284761][ T9506] vivid-007: RxSense Present: 0x00000000 [ 286.339995][ T9506] vivid-007: EDID Present: 0x00000000 [ 286.379273][ T9506] vivid-007: ================== END STATUS ================== [ 289.583506][ T9555] netlink: 346 bytes leftover after parsing attributes in process `syz.2.776'. [ 292.673577][ T9587] netlink: 28 bytes leftover after parsing attributes in process `syz.3.781'. [ 295.003102][ T9616] FAULT_INJECTION: forcing a failure. [ 295.003102][ T9616] name failslab, interval 1, probability 0, space 0, times 0 [ 295.232299][ T9623] Unable to find swap-space signature [ 295.274681][ T9616] CPU: 1 UID: 0 PID: 9616 Comm: syz.0.788 Tainted: G U syzkaller #0 PREEMPT(full) [ 295.274718][ T9616] Tainted: [U]=USER [ 295.274725][ T9616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 295.274738][ T9616] Call Trace: [ 295.274746][ T9616] [ 295.274755][ T9616] dump_stack_lvl+0x16c/0x1f0 [ 295.274784][ T9616] should_fail_ex+0x512/0x640 [ 295.274820][ T9616] ? fs_reclaim_acquire+0xae/0x150 [ 295.274853][ T9616] should_failslab+0xc2/0x120 [ 295.274885][ T9616] kmem_cache_alloc_noprof+0x75/0x6e0 [ 295.274908][ T9616] ? __pfx_map_id_range_down+0x10/0x10 [ 295.274945][ T9616] ? security_inode_alloc+0x3b/0x2b0 [ 295.274987][ T9616] ? security_inode_alloc+0x3b/0x2b0 [ 295.275020][ T9616] security_inode_alloc+0x3b/0x2b0 [ 295.275056][ T9616] inode_init_always_gfp+0xce4/0x1030 [ 295.275085][ T9616] alloc_inode+0x86/0x240 [ 295.275117][ T9616] new_inode+0x22/0x1c0 [ 295.275151][ T9616] shmem_get_inode+0x19a/0xfb0 [ 295.275190][ T9616] shmem_mknod+0x1a8/0x450 [ 295.275227][ T9616] vfs_mknod+0x5da/0x8e0 [ 295.275269][ T9616] do_mknodat+0x30f/0x5d0 [ 295.275296][ T9616] ? __pfx_do_mknodat+0x10/0x10 [ 295.275318][ T9616] ? getname_flags.part.0+0x1c5/0x550 [ 295.275359][ T9616] __x64_sys_mknod+0x87/0xb0 [ 295.275385][ T9616] do_syscall_64+0xcd/0xfa0 [ 295.275412][ T9616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.275435][ T9616] RIP: 0033:0x7fe54098efc9 [ 295.275452][ T9616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.275474][ T9616] RSP: 002b:00007fe541859038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 295.275495][ T9616] RAX: ffffffffffffffda RBX: 00007fe540be6270 RCX: 00007fe54098efc9 [ 295.275510][ T9616] RDX: 0000000000000103 RSI: 00000000000020e9 RDI: 00002000000003c0 [ 295.275524][ T9616] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 295.275537][ T9616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.275550][ T9616] R13: 00007fe540be6308 R14: 00007fe540be6270 R15: 00007ffc866b3cd8 [ 295.275586][ T9616] [ 296.054021][ T9626] zswap: compressor not available [ 296.382369][ T9635] random: crng reseeded on system resumption [ 296.471538][ T52] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 296.471571][ T52] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 296.491486][ T52] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 296.491551][ T52] Bluetooth: hci2: adv larger than maximum supported [ 296.505270][ T52] Bluetooth: hci2: adv larger than maximum supported [ 296.513321][ T52] Bluetooth: hci2: adv larger than maximum supported [ 296.520024][ T52] Bluetooth: hci2: adv larger than maximum supported [ 296.530977][ T52] Bluetooth: hci2: Malformed LE Event: 0x0d [ 297.626432][ T9671] binder: 9663:9671 ioctl c018620c 0 returned -1 [ 297.670094][ T9671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.802'. [ 297.805275][ T9673] netlink: zone id is out of range [ 297.854254][ T9673] netlink: zone id is out of range [ 297.938857][ T9677] netlink: zone id is out of range [ 297.964094][ T9677] netlink: zone id is out of range [ 298.052174][ T9679] usb usb36: usbfs: process 9679 (syz.0.805) did not claim interface 0 before use [ 298.272078][ T52] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 298.488455][ T9690] netlink: 342 bytes leftover after parsing attributes in process `syz.3.809'. [ 299.683999][ T9712] netlink: 28 bytes leftover after parsing attributes in process `syz.0.814'. [ 299.810474][ T9690] kexec: Could not allocate control_code_buffer [ 300.457398][ T9727] syz.0.818 (9727) used obsolete PPPIOCDETACH ioctl [ 301.153442][ T9744] FAULT_INJECTION: forcing a failure. [ 301.153442][ T9744] name failslab, interval 1, probability 0, space 0, times 0 [ 301.193988][ T9744] CPU: 1 UID: 0 PID: 9744 Comm: syz.0.822 Tainted: G U syzkaller #0 PREEMPT(full) [ 301.194025][ T9744] Tainted: [U]=USER [ 301.194033][ T9744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 301.194046][ T9744] Call Trace: [ 301.194054][ T9744] [ 301.194063][ T9744] dump_stack_lvl+0x16c/0x1f0 [ 301.194093][ T9744] should_fail_ex+0x512/0x640 [ 301.194129][ T9744] ? fs_reclaim_acquire+0xae/0x150 [ 301.194163][ T9744] should_failslab+0xc2/0x120 [ 301.194195][ T9744] kmem_cache_alloc_noprof+0x75/0x6e0 [ 301.194220][ T9744] ? jbd2__journal_start+0x193/0x6a0 [ 301.194249][ T9744] ? jbd2__journal_start+0x193/0x6a0 [ 301.194269][ T9744] jbd2__journal_start+0x193/0x6a0 [ 301.194304][ T9744] __ext4_journal_start_sb+0x195/0x690 [ 301.194336][ T9744] ? ext4_dirty_inode+0xa1/0x130 [ 301.194371][ T9744] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 301.194405][ T9744] ext4_dirty_inode+0xa1/0x130 [ 301.194438][ T9744] ? rcu_is_watching+0x12/0xc0 [ 301.194464][ T9744] __mark_inode_dirty+0x1ee/0xe40 [ 301.194501][ T9744] generic_update_time+0xcf/0xf0 [ 301.194532][ T9744] file_modified+0x207/0x240 [ 301.194562][ T9744] ext4_fallocate+0x24a/0x37a0 [ 301.194609][ T9744] ? __pfx_ext4_fallocate+0x10/0x10 [ 301.194644][ T9744] vfs_fallocate+0x5b4/0x10e0 [ 301.194675][ T9744] ? __pfx_vfs_fallocate+0x10/0x10 [ 301.194702][ T9744] ? madvise_vma_behavior+0x2b12/0x2d50 [ 301.194743][ T9744] madvise_vma_behavior+0x2ac9/0x2d50 [ 301.194782][ T9744] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 301.194808][ T9744] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 301.194844][ T9744] ? mas_prev+0x9b/0xf0 [ 301.194870][ T9744] ? __pfx_mas_prev+0x10/0x10 [ 301.194905][ T9744] ? find_vma_prev+0xd3/0x150 [ 301.194934][ T9744] ? find_held_lock+0x2b/0x80 [ 301.194958][ T9744] ? __pfx_find_vma_prev+0x10/0x10 [ 301.194998][ T9744] ? __futex_wait+0x24b/0x2f0 [ 301.195041][ T9744] madvise_walk_vmas+0x31f/0x9c0 [ 301.195080][ T9744] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 301.195123][ T9744] madvise_do_behavior+0x1e2/0x530 [ 301.195157][ T9744] ? futex_private_hash_put+0x18a/0x300 [ 301.195188][ T9744] ? __pfx_madvise_do_behavior+0x10/0x10 [ 301.195225][ T9744] ? down_read+0x13d/0x480 [ 301.195269][ T9744] do_madvise+0x176/0x240 [ 301.195307][ T9744] ? __pfx_do_madvise+0x10/0x10 [ 301.195340][ T9744] ? do_futex+0x122/0x350 [ 301.195394][ T9744] ? xfd_validate_state+0x61/0x180 [ 301.195427][ T9744] ? __pfx_ksys_write+0x10/0x10 [ 301.195458][ T9744] __x64_sys_madvise+0xa9/0x110 [ 301.195492][ T9744] ? lockdep_hardirqs_on+0x7c/0x110 [ 301.195517][ T9744] do_syscall_64+0xcd/0xfa0 [ 301.195545][ T9744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.195569][ T9744] RIP: 0033:0x7fe54098efc9 [ 301.195587][ T9744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.195610][ T9744] RSP: 002b:00007fe5418bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 301.195632][ T9744] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe54098efc9 [ 301.195646][ T9744] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 000000110c230000 [ 301.195660][ T9744] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 301.195673][ T9744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 301.195687][ T9744] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 301.195718][ T9744] [ 301.646779][ T9747] netlink: 330 bytes leftover after parsing attributes in process `syz.3.824'. [ 301.779268][ T9751] netlink: zone id is out of range [ 301.789435][ T9751] netlink: zone id is out of range [ 301.822131][ T9751] netlink: set zone limit has 8 unknown bytes [ 302.934047][ T9774] openvswitch: HfR: Dropping previously announced user features [ 303.070607][ T9713] Process accounting resumed [ 304.302212][ T9805] nfs: Unknown parameter 'w`_I+; HY Lu>>uh*C<+ ' [ 305.191309][ T9819] openvswitch: HfR: Dropping previously announced user features [ 306.010262][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.844'. [ 307.539061][ T9853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.846'. [ 307.549097][ T9849] netlink: 28 bytes leftover after parsing attributes in process `syz.1.845'. [ 310.941781][ T30] audit: type=1804 audit(4294967300.864:10): pid=9918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.861" name="file0" dev="tmpfs" ino=1280 res=1 errno=0 [ 311.064924][ T30] audit: type=1804 audit(4294967300.925:11): pid=9918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.861" name="file0" dev="tmpfs" ino=1280 res=1 errno=0 [ 312.019781][ T9950] serio: Serial port ttyS2 [ 319.462815][T10013] random: crng reseeded on system resumption [ 322.182392][T10028] netlink: zone id is out of range [ 322.608828][T10028] netlink: zone id is out of range [ 322.635300][T10037] __vm_enough_memory: pid: 10037, comm: syz.3.885, bytes: 4398046511104 not enough memory for the allocation [ 322.877662][T10028] netlink: zone id is out of range [ 322.882936][T10028] netlink: zone id is out of range [ 323.113002][T10028] netlink: zone id is out of range [ 323.218039][T10028] netlink: zone id is out of range [ 323.223196][T10028] netlink: zone id is out of range [ 323.305218][T10028] netlink: zone id is out of range [ 323.630040][T10028] netlink: zone id is out of range [ 323.906352][T10028] netlink: zone id is out of range [ 324.702750][T10057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.889'. [ 324.872775][T10062] netlink: 'syz.3.889': attribute type 1 has an invalid length. [ 324.979163][T10062] netlink: 'syz.3.889': attribute type 6 has an invalid length. [ 327.389035][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.397244][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.269724][T10098] openvswitch: HfR: Dropping previously announced user features [ 329.362670][T10115] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 329.550403][T10120] netlink: 25 bytes leftover after parsing attributes in process `syz.3.903'. [ 333.308892][T10131] netlink: 186 bytes leftover after parsing attributes in process `syz.0.904'. [ 335.588447][T10138] Process accounting paused [ 336.698426][T10161] netlink: 186 bytes leftover after parsing attributes in process `syz.3.914'. [ 336.755058][ T52] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 338.966270][ T52] Bluetooth: hci3: Malformed Event: 0x13 [ 341.037502][T10215] FAULT_INJECTION: forcing a failure. [ 341.037502][T10215] name fail_futex, interval 1, probability 0, space 0, times 0 [ 341.183346][T10215] CPU: 1 UID: 0 PID: 10215 Comm: syz.1.926 Tainted: G U syzkaller #0 PREEMPT(full) [ 341.183382][T10215] Tainted: [U]=USER [ 341.183390][T10215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 341.183403][T10215] Call Trace: [ 341.183410][T10215] [ 341.183418][T10215] dump_stack_lvl+0x16c/0x1f0 [ 341.183448][T10215] should_fail_ex+0x512/0x640 [ 341.183488][T10215] get_futex_key+0x1d0/0x1560 [ 341.183522][T10215] ? __pfx_get_futex_key+0x10/0x10 [ 341.183562][T10215] futex_wake+0xea/0x530 [ 341.183595][T10215] ? trace_kmem_cache_alloc+0x28/0xc0 [ 341.183633][T10215] ? __pfx_futex_wake+0x10/0x10 [ 341.183672][T10215] ? errseq_sample+0x53/0x70 [ 341.183708][T10215] ? file_init_path+0x4fe/0x760 [ 341.183745][T10215] do_futex+0x1e3/0x350 [ 341.183777][T10215] ? __pfx_do_futex+0x10/0x10 [ 341.183808][T10215] ? fd_install+0x225/0x750 [ 341.183835][T10215] __x64_sys_futex+0x1e0/0x4c0 [ 341.183868][T10215] ? __sys_socket+0xac/0x260 [ 341.183900][T10215] ? __pfx___x64_sys_futex+0x10/0x10 [ 341.183932][T10215] ? xfd_validate_state+0x61/0x180 [ 341.183964][T10215] ? __pfx_do_writev+0x10/0x10 [ 341.183995][T10215] do_syscall_64+0xcd/0xfa0 [ 341.184022][T10215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.184045][T10215] RIP: 0033:0x7f44b8d8efc9 [ 341.184063][T10215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.184085][T10215] RSP: 002b:00007f44b9c310e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 341.184106][T10215] RAX: ffffffffffffffda RBX: 00007f44b8fe6098 RCX: 00007f44b8d8efc9 [ 341.184121][T10215] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f44b8fe609c [ 341.184135][T10215] RBP: 00007f44b8fe6090 R08: 00007f44b9c53000 R09: 0000000000000000 [ 341.184149][T10215] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 341.184162][T10215] R13: 00007f44b8fe6128 R14: 00007ffc0838b060 R15: 00007ffc0838b148 [ 341.184191][T10215] [ 341.690877][T10225] netlink: 28 bytes leftover after parsing attributes in process `syz.3.927'. [ 342.481274][T10225] bridge_slave_1: left allmulticast mode [ 342.496045][T10225] bridge_slave_1: left promiscuous mode [ 342.503873][T10225] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.606563][T10225] bridge_slave_0: left allmulticast mode [ 342.617126][T10225] bridge_slave_0: left promiscuous mode [ 342.622924][T10225] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.674788][ T52] Bluetooth: hci1: unexpected subevent 0x06 length: 123 > 10 .[ 344.197043][T10250] ptrace attach of "./syz-executor exec"[5838] was attempted by ""[10250] [ 344.336517][T10254] random: crng reseeded on system resumption [ 344.562013][T10260] netlink: 28 bytes leftover after parsing attributes in process `syz.1.935'. [ 344.724918][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 346.131600][T10296] netlink: 'syz.3.941': attribute type 1 has an invalid length. [ 348.598300][T10328] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 349.668536][T10353] syz.3.955(10353): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 350.593930][T10360] kafs: addr_prefs: Invalid Command [ 350.656316][T10363] netlink: 28 bytes leftover after parsing attributes in process `syz.0.959'. [ 350.677578][T10361] netlink: 'syz.1.956': attribute type 1 has an invalid length. [ 350.724952][T10363] deleting an unspecified loop device is not supported. [ 350.913724][T10363] can: request_module (can-proto-0) failed. [ 351.453261][T10373] FAULT_INJECTION: forcing a failure. [ 351.453261][T10373] name failslab, interval 1, probability 0, space 0, times 0 [ 351.529801][T10373] CPU: 1 UID: 0 PID: 10373 Comm: syz.0.961 Tainted: G U syzkaller #0 PREEMPT(full) [ 351.529837][T10373] Tainted: [U]=USER [ 351.529845][T10373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 351.529858][T10373] Call Trace: [ 351.529865][T10373] [ 351.529874][T10373] dump_stack_lvl+0x16c/0x1f0 [ 351.529903][T10373] should_fail_ex+0x512/0x640 [ 351.529940][T10373] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 351.529975][T10373] should_failslab+0xc2/0x120 [ 351.530007][T10373] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 351.530038][T10373] ? nf_ct_net_init+0x11c/0x370 [ 351.530059][T10373] ? rhashtable_init_noprof+0x4ed/0x7e0 [ 351.530098][T10373] ? kmemdup_noprof+0x29/0x60 [ 351.530121][T10373] kmemdup_noprof+0x29/0x60 [ 351.530146][T10373] nf_ct_net_init+0x11c/0x370 [ 351.530169][T10373] ? __pfx_nf_ct_net_init+0x10/0x10 [ 351.530192][T10373] ops_init+0x1e2/0x5f0 [ 351.530219][T10373] setup_net+0x100/0x390 [ 351.530251][T10373] ? __pfx_setup_net+0x10/0x10 [ 351.530276][T10373] ? debug_mutex_init+0x37/0x70 [ 351.530304][T10373] copy_net_ns+0x2f8/0x690 [ 351.530334][T10373] create_new_namespaces+0x3ea/0xa90 [ 351.530368][T10373] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 351.530399][T10373] ksys_unshare+0x45b/0xa40 [ 351.530430][T10373] ? __pfx_ksys_unshare+0x10/0x10 [ 351.530463][T10373] ? xfd_validate_state+0x61/0x180 [ 351.530505][T10373] __x64_sys_unshare+0x31/0x40 [ 351.530542][T10373] do_syscall_64+0xcd/0xfa0 [ 351.530571][T10373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.530595][T10373] RIP: 0033:0x7fe54098efc9 [ 351.530612][T10373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.530635][T10373] RSP: 002b:00007fe54189b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 351.530656][T10373] RAX: ffffffffffffffda RBX: 00007fe540be6090 RCX: 00007fe54098efc9 [ 351.530671][T10373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 351.530684][T10373] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 351.530697][T10373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.530710][T10373] R13: 00007fe540be6128 R14: 00007fe540be6090 R15: 00007ffc866b3cd8 [ 351.530741][T10373] [ 352.461789][T10391] kexec: Could not allocate control_code_buffer [ 353.823449][T10433] netlink: 20 bytes leftover after parsing attributes in process `syz.1.972'. [ 355.351694][T10472] zswap: compressor not available [ 355.872448][ T52] Bluetooth: hci2: SCO packet too small [ 356.212994][T10500] netlink: 3 bytes leftover after parsing attributes in process `syz.3.982'. [ 356.680483][T10507] FAULT_INJECTION: forcing a failure. [ 356.680483][T10507] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 356.809422][T10507] CPU: 1 UID: 0 PID: 10507 Comm: syz.1.983 Tainted: G U syzkaller #0 PREEMPT(full) [ 356.809461][T10507] Tainted: [U]=USER [ 356.809468][T10507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 356.809481][T10507] Call Trace: [ 356.809488][T10507] [ 356.809497][T10507] dump_stack_lvl+0x16c/0x1f0 [ 356.809526][T10507] should_fail_ex+0x512/0x640 [ 356.809568][T10507] should_fail_alloc_page+0xe7/0x130 [ 356.809603][T10507] prepare_alloc_pages+0x3c2/0x610 [ 356.809639][T10507] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 356.809666][T10507] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 356.809693][T10507] ? look_up_lock_class+0x6b/0x150 [ 356.809723][T10507] ? __lock_acquire+0x622/0x1c90 [ 356.809757][T10507] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 356.809793][T10507] ? __lock_acquire+0x622/0x1c90 [ 356.809830][T10507] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 356.809872][T10507] ? policy_nodemask+0xea/0x4e0 [ 356.809912][T10507] alloc_pages_mpol+0x1fb/0x550 [ 356.809946][T10507] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 356.809982][T10507] ? blk_cgroup_congested+0x140/0x270 [ 356.810011][T10507] alloc_pages_noprof+0x131/0x390 [ 356.810044][T10507] pte_alloc_one+0x1e/0x350 [ 356.810072][T10507] do_huge_pmd_anonymous_page+0x2bb/0x1f50 [ 356.810098][T10507] ? __pmd_alloc+0x64f/0x8b0 [ 356.810133][T10507] __handle_mm_fault+0x1cff/0x2aa0 [ 356.810179][T10507] ? __pfx___handle_mm_fault+0x10/0x10 [ 356.810241][T10507] handle_mm_fault+0x589/0xd10 [ 356.810284][T10507] __get_user_pages+0x54e/0x3530 [ 356.810329][T10507] ? __pfx___get_user_pages+0x10/0x10 [ 356.810370][T10507] populate_vma_page_range+0x267/0x3f0 [ 356.810406][T10507] ? __pfx_populate_vma_page_range+0x10/0x10 [ 356.810440][T10507] ? __pfx_find_vma_intersection+0x10/0x10 [ 356.810478][T10507] ? do_mmap+0x69c/0x1210 [ 356.810511][T10507] __mm_populate+0x1d8/0x380 [ 356.810546][T10507] ? __pfx___mm_populate+0x10/0x10 [ 356.810582][T10507] ? up_write+0x1b2/0x520 [ 356.810621][T10507] vm_mmap_pgoff+0x37f/0x470 [ 356.810655][T10507] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 356.810684][T10507] ? __pfx___do_sys_init_module+0x10/0x10 [ 356.810717][T10507] ? find_held_lock+0x2b/0x80 [ 356.810746][T10507] ? __x64_sys_futex+0x1e0/0x4c0 [ 356.810777][T10507] ? __x64_sys_futex+0x1e9/0x4c0 [ 356.810813][T10507] ksys_mmap_pgoff+0x7d/0x5c0 [ 356.810841][T10507] ? xfd_validate_state+0x61/0x180 [ 356.810892][T10507] __x64_sys_mmap+0x125/0x190 [ 356.810953][T10507] do_syscall_64+0xcd/0xfa0 [ 356.810981][T10507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.811006][T10507] RIP: 0033:0x7f44b8d8efc9 [ 356.811025][T10507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.811048][T10507] RSP: 002b:00007f44b9c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 356.811070][T10507] RAX: ffffffffffffffda RBX: 00007f44b8fe5fa0 RCX: 00007f44b8d8efc9 [ 356.811086][T10507] RDX: fffffffffffffffe RSI: 0000000000400005 RDI: 0000000000000000 [ 356.811100][T10507] RBP: 00007f44b8e11f91 R08: 0000000000000002 R09: 0000000000008000 [ 356.811115][T10507] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 356.811129][T10507] R13: 00007f44b8fe6038 R14: 00007f44b8fe5fa0 R15: 00007ffc0838b148 [ 356.811160][T10507] [ 358.900030][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.988'. [ 359.171238][T10544] random: crng reseeded on system resumption [ 361.089001][T10584] queue_state_write: operation too long [ 361.118276][T10584] queue_state_write: use 'run', 'start' or 'kick' [ 361.267143][ T30] audit: type=1806 audit(4294967351.481:12): xattr="." res=0 [ 362.240264][T10601] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1003'. [ 362.313833][T10601] IPv6: Can't replace route, no match found [ 364.247243][T10660] openvswitch: HfR: Dropping previously announced user features [ 366.660718][T10638] Process accounting resumed [ 367.195773][T10705] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1025'. [ 368.008934][T10726] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1023'. [ 368.375916][T10739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1033'. [ 368.474368][T10739] openvswitch: HfR: Dropping previously announced user features [ 369.442201][T10764] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 369.492150][T10764] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 369.563786][T10764] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 369.631818][T10764] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 369.776585][T10764] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 369.817508][T10764] CPU0 is offline. [ 370.900541][T10785] netlink: 'syz.3.1044': attribute type 19 has an invalid length. [ 370.947074][T10785] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1044'. [ 371.451288][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 371.530260][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 371.610392][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 371.769352][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 373.678053][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 373.958127][T10837] could not allocate digest TFM handle [ 374.717493][T10857] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1060'. [ 375.140079][T10863] net_ratelimit: 35 callbacks suppressed [ 375.140098][T10863] netlink: zone id is out of range [ 375.200840][T10863] netlink: zone id is out of range [ 375.232829][T10863] netlink: zone id is out of range [ 375.249118][T10863] netlink: zone id is out of range [ 375.278913][T10863] netlink: zone id is out of range [ 375.330274][T10863] netlink: zone id is out of range [ 375.347912][T10863] netlink: zone id is out of range [ 375.379305][T10863] netlink: zone id is out of range [ 375.409355][T10863] netlink: zone id is out of range [ 375.427150][T10863] netlink: zone id is out of range [ 375.647742][T10876] random: crng reseeded on system resumption [ 376.580019][T10907] ima: policy update failed [ 376.621526][ T30] audit: type=1802 audit(4294967366.929:13): pid=10907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1067" res=0 errno=0 [ 377.524402][ T30] audit: type=1800 audit(4294967367.834:14): pid=10925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1070" name="lu_gp_id" dev="configfs" ino=34416 res=0 errno=0 [ 378.126105][T10931] zswap: compressor not available [ 380.181671][T10964] dyndbg: expected <4096 bytes into control [ 380.248392][T10961] dyndbg: bad flag-op /, at start of /%*^[ [ 380.278885][T10961] dyndbg: flags parse failed [ 380.291880][T10962] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078001800 pfn:0x78001 [ 380.551315][T10962] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 380.558564][T10962] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 380.783140][T10962] raw: ffff888078001800 0000000000000000 00000001ffffffff 0000000000000000 [ 380.946554][T10962] page dumped because: unmovable page [ 381.037072][T10962] page_owner tracks the page as allocated [ 381.101672][T10962] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 7979, tgid 7961 (syz.1.403), ts 209189492013, free_ts 209029111856 [ 381.270276][T10962] post_alloc_hook+0x1c0/0x230 [ 381.309528][T10962] get_page_from_freelist+0x10a3/0x3a30 [ 381.368522][T10962] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 381.446952][T10962] alloc_pages_mpol+0x1fb/0x550 [ 381.451991][T10962] alloc_pages_noprof+0x131/0x390 [ 381.563789][T10962] brd_submit_bio+0x11ce/0x2490 [ 381.580495][ T30] audit: type=1804 audit(4294967371.907:15): pid=10989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1086" name="/newroot/267/file0" dev="tmpfs" ino=1405 res=1 errno=0 [ 381.612609][T10962] __submit_bio+0x304/0x690 [ 381.617241][T10962] submit_bio_noacct_nocheck+0x75c/0xc10 [ 381.712276][ T30] audit: type=1800 audit(4294967371.907:16): pid=10989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1086" name="file0" dev="tmpfs" ino=1405 res=0 errno=0 [ 381.756050][T10962] submit_bio_noacct+0xbbb/0x1f60 [ 381.761131][T10962] __block_write_full_folio+0x735/0xe00 [ 381.903095][T10962] block_write_full_folio+0x341/0x400 [ 381.908543][T10962] blkdev_writepages+0xb8/0x140 [ 381.970737][T10962] do_writepages+0x27a/0x600 [ 382.000532][T10962] filemap_fdatawrite_wbc+0x104/0x160 [ 382.062494][T10962] __filemap_fdatawrite_range+0xb9/0x100 [ 382.091311][T11001] futex_wake_op: syz.0.1089 tries to shift op by -2048; fix this program [ 382.100832][T10962] filemap_write_and_wait_range+0xa3/0x130 [ 382.106709][T10962] page last free pid 7974 tgid 7973 stack trace: [ 382.132962][T10998] futex_wake_op: syz.0.1089 tries to shift op by -2048; fix this program [ 382.214142][T10962] __free_frozen_pages+0x7df/0x1160 [ 382.240772][T10962] vfree+0x1fd/0xb50 [ 382.268545][T10962] snd_dma_free_pages+0x54/0x70 [ 382.310066][T10962] snd_pcm_lib_free_pages+0x172/0x390 [ 382.356728][T10962] snd_pcm_release_substream.part.0+0x2a8/0x340 [ 382.399376][T10962] snd_pcm_release_substream+0x5b/0x70 [ 382.468735][T10962] snd_pcm_oss_release+0x16f/0x310 [ 382.519171][T10962] __fput+0x402/0xb70 [ 382.562227][T10962] task_work_run+0x150/0x240 [ 382.610241][T10962] exit_to_user_mode_loop+0xec/0x130 [ 382.656803][T10962] do_syscall_64+0x426/0xfa0 [ 382.696653][T10962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.932315][T11021] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 383.977928][T11021] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 384.001254][T11021] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 384.025653][T11021] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 384.059907][T11021] CPU0 is offline. [ 384.338065][T11035] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1098'. [ 384.409742][T11035] hsr_slave_1: left promiscuous mode [ 385.042751][T11032] Invalid ELF header magic: != ELF [ 385.526294][T11062] net_ratelimit: 360 callbacks suppressed [ 385.526313][T11062] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 385.541258][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 385.930746][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 386.008316][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 386.014397][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 386.439142][T11066] can: request_module (can-proto-5) failed. [ 386.456740][T11070] could not allocate digest TFM handle [ 386.592801][T11077] size and base must be multiples of 4 kiB [ 386.648683][T11077] CPU: 1 UID: 0 PID: 11077 Comm: syz.0.1108 Tainted: G U syzkaller #0 PREEMPT(full) [ 386.648724][T11077] Tainted: [U]=USER [ 386.648731][T11077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 386.648745][T11077] Call Trace: [ 386.648752][T11077] [ 386.648762][T11077] dump_stack_lvl+0x16c/0x1f0 [ 386.648792][T11077] mtrr_del+0xd1/0x110 [ 386.648828][T11077] mtrr_ioctl+0x922/0xcf0 [ 386.648862][T11077] ? __pfx_mtrr_ioctl+0x10/0x10 [ 386.648901][T11077] ? find_held_lock+0x2b/0x80 [ 386.648933][T11077] ? __fget_files+0x20e/0x3c0 [ 386.648958][T11077] ? __pfx_mtrr_ioctl+0x10/0x10 [ 386.648991][T11077] proc_reg_unlocked_ioctl+0x229/0x320 [ 386.649023][T11077] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 386.649060][T11077] __x64_sys_ioctl+0x18e/0x210 [ 386.649097][T11077] do_syscall_64+0xcd/0xfa0 [ 386.649125][T11077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.649149][T11077] RIP: 0033:0x7fe54098efc9 [ 386.649168][T11077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.649190][T11077] RSP: 002b:00007fe54189b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 386.649212][T11077] RAX: ffffffffffffffda RBX: 00007fe540be6090 RCX: 00007fe54098efc9 [ 386.649228][T11077] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 386.649242][T11077] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 386.649256][T11077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.649269][T11077] R13: 00007fe540be6128 R14: 00007fe540be6090 R15: 00007ffc866b3cd8 [ 386.649300][T11077] [ 387.479642][T11089] netlink: 'syz.1.1109': attribute type 10 has an invalid length. [ 387.487505][T11089] netlink: 'syz.1.1109': attribute type 13 has an invalid length. [ 388.003465][T11100] FAULT_INJECTION: forcing a failure. [ 388.003465][T11100] name failslab, interval 1, probability 0, space 0, times 0 [ 388.066823][T11100] CPU: 1 UID: 0 PID: 11100 Comm: syz.0.1114 Tainted: G U syzkaller #0 PREEMPT(full) [ 388.066863][T11100] Tainted: [U]=USER [ 388.066870][T11100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 388.066884][T11100] Call Trace: [ 388.066892][T11100] [ 388.066901][T11100] dump_stack_lvl+0x16c/0x1f0 [ 388.066931][T11100] should_fail_ex+0x512/0x640 [ 388.066968][T11100] ? __kmalloc_cache_noprof+0x5f/0x780 [ 388.067011][T11100] should_failslab+0xc2/0x120 [ 388.067043][T11100] __kmalloc_cache_noprof+0x72/0x780 [ 388.067083][T11100] ? nexthop_net_init+0x73/0x140 [ 388.067126][T11100] ? nexthop_net_init+0x73/0x140 [ 388.067162][T11100] ? __pfx_nexthop_net_init+0x10/0x10 [ 388.067199][T11100] nexthop_net_init+0x73/0x140 [ 388.067235][T11100] ? tcf_net_init+0x55/0x150 [ 388.067276][T11100] ops_init+0x1e2/0x5f0 [ 388.067303][T11100] setup_net+0x100/0x390 [ 388.067327][T11100] ? __pfx_setup_net+0x10/0x10 [ 388.067353][T11100] ? debug_mutex_init+0x37/0x70 [ 388.067381][T11100] copy_net_ns+0x2f8/0x690 [ 388.067411][T11100] create_new_namespaces+0x3ea/0xa90 [ 388.067445][T11100] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 388.067475][T11100] ksys_unshare+0x45b/0xa40 [ 388.067516][T11100] ? __pfx_ksys_unshare+0x10/0x10 [ 388.067549][T11100] ? xfd_validate_state+0x61/0x180 [ 388.067592][T11100] __x64_sys_unshare+0x31/0x40 [ 388.067624][T11100] do_syscall_64+0xcd/0xfa0 [ 388.067653][T11100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.067677][T11100] RIP: 0033:0x7fe54098efc9 [ 388.067695][T11100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.067718][T11100] RSP: 002b:00007fe5418bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 388.067741][T11100] RAX: ffffffffffffffda RBX: 00007fe540be5fa0 RCX: 00007fe54098efc9 [ 388.067757][T11100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 388.067770][T11100] RBP: 00007fe540a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 388.067793][T11100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.067807][T11100] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 388.067839][T11100] [ 388.608247][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 388.615279][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 391.253029][T11157] FAULT_INJECTION: forcing a failure. [ 391.253029][T11157] name fail_futex, interval 1, probability 0, space 0, times 0 [ 391.324573][T11157] CPU: 1 UID: 0 PID: 11157 Comm: syz.0.1125 Tainted: G U syzkaller #0 PREEMPT(full) [ 391.324611][T11157] Tainted: [U]=USER [ 391.324619][T11157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 391.324633][T11157] Call Trace: [ 391.324640][T11157] [ 391.324649][T11157] dump_stack_lvl+0x16c/0x1f0 [ 391.324680][T11157] should_fail_ex+0x512/0x640 [ 391.324720][T11157] get_futex_key+0x1d0/0x1560 [ 391.324754][T11157] ? __pfx_get_futex_key+0x10/0x10 [ 391.324783][T11157] ? futex_private_hash_put+0x176/0x300 [ 391.324814][T11157] ? __pfx____sys_sendmsg+0x10/0x10 [ 391.324834][T11157] ? __lock_acquire+0x622/0x1c90 [ 391.324870][T11157] futex_wake+0xea/0x530 [ 391.324909][T11157] ? __pfx_futex_wake+0x10/0x10 [ 391.324958][T11157] do_futex+0x1e3/0x350 [ 391.324990][T11157] ? __pfx_do_futex+0x10/0x10 [ 391.325021][T11157] ? fput+0x9b/0xd0 [ 391.325053][T11157] ? __sys_sendmsg+0x18c/0x220 [ 391.325076][T11157] __x64_sys_futex+0x1e0/0x4c0 [ 391.325112][T11157] ? __pfx___x64_sys_futex+0x10/0x10 [ 391.325156][T11157] do_syscall_64+0xcd/0xfa0 [ 391.325184][T11157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.325213][T11157] RIP: 0033:0x7fe54098efc9 [ 391.325231][T11157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.325254][T11157] RSP: 002b:00007fe5418bc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 391.325276][T11157] RAX: ffffffffffffffda RBX: 00007fe540be5fa8 RCX: 00007fe54098efc9 [ 391.325291][T11157] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe540be5fac [ 391.325305][T11157] RBP: 00007fe540be5fa0 R08: 00007fe5418bd000 R09: 0000000000000000 [ 391.325320][T11157] R10: 00000000000000d4 R11: 0000000000000246 R12: 0000000000000000 [ 391.325334][T11157] R13: 00007fe540be6038 R14: 00007ffc866b3bf0 R15: 00007ffc866b3cd8 [ 391.325364][T11157] [ 392.044716][T11172] erspan0: entered allmulticast mode [ 392.699894][ T52] Bluetooth: hci3: ACL packet too small [ 396.541293][T11276] Process accounting paused [ 396.861384][ T30] audit: type=1800 audit(4294967387.284:17): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1153" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 400.275324][T11345] FAULT_INJECTION: forcing a failure. [ 400.275324][T11345] name failslab, interval 1, probability 0, space 0, times 0 [ 400.355907][T11345] CPU: 1 UID: 0 PID: 11345 Comm: syz.1.1171 Tainted: G U syzkaller #0 PREEMPT(full) [ 400.355946][T11345] Tainted: [U]=USER [ 400.355953][T11345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 400.355967][T11345] Call Trace: [ 400.355974][T11345] [ 400.355984][T11345] dump_stack_lvl+0x16c/0x1f0 [ 400.356013][T11345] should_fail_ex+0x512/0x640 [ 400.356049][T11345] ? __kmalloc_cache_noprof+0x5f/0x780 [ 400.356091][T11345] should_failslab+0xc2/0x120 [ 400.356123][T11345] __kmalloc_cache_noprof+0x72/0x780 [ 400.356162][T11345] ? __debugfs_file_get+0x1fe/0x840 [ 400.356192][T11345] ? single_open+0x4d/0x1f0 [ 400.356227][T11345] ? __pfx_edid_open+0x10/0x10 [ 400.356253][T11345] ? __pfx_edid_show+0x10/0x10 [ 400.356277][T11345] ? single_open+0x4d/0x1f0 [ 400.356308][T11345] single_open+0x4d/0x1f0 [ 400.356341][T11345] full_proxy_open_regular+0x1b9/0x360 [ 400.356383][T11345] do_dentry_open+0x982/0x1530 [ 400.356411][T11345] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 400.356453][T11345] vfs_open+0x82/0x3f0 [ 400.356490][T11345] path_openat+0x1de4/0x2cb0 [ 400.356525][T11345] ? __pfx_path_openat+0x10/0x10 [ 400.356561][T11345] ? __lock_acquire+0xb8a/0x1c90 [ 400.356597][T11345] do_filp_open+0x20b/0x470 [ 400.356624][T11345] ? __pfx_do_filp_open+0x10/0x10 [ 400.356671][T11345] ? alloc_fd+0x471/0x7d0 [ 400.356702][T11345] do_sys_openat2+0x11b/0x1d0 [ 400.356737][T11345] ? __pfx_do_sys_openat2+0x10/0x10 [ 400.356773][T11345] ? find_held_lock+0x2b/0x80 [ 400.356805][T11345] __x64_sys_openat+0x174/0x210 [ 400.356841][T11345] ? __pfx___x64_sys_openat+0x10/0x10 [ 400.356888][T11345] do_syscall_64+0xcd/0xfa0 [ 400.356917][T11345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.356940][T11345] RIP: 0033:0x7f44b8d8efc9 [ 400.356959][T11345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.356982][T11345] RSP: 002b:00007f44b9c31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 400.357004][T11345] RAX: ffffffffffffffda RBX: 00007f44b8fe6090 RCX: 00007f44b8d8efc9 [ 400.357020][T11345] RDX: 0000000000109000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 400.357036][T11345] RBP: 00007f44b8e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 400.357050][T11345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.357064][T11345] R13: 00007f44b8fe6128 R14: 00007f44b8fe6090 R15: 00007ffc0838b148 [ 400.357094][T11345] [ 400.608704][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.770672][T11385] netlink: 346 bytes leftover after parsing attributes in process `syz.0.1179'. [ 402.298435][T11390] FAULT_INJECTION: forcing a failure. [ 402.298435][T11390] name failslab, interval 1, probability 0, space 0, times 0 [ 402.369310][T11390] CPU: 1 UID: 0 PID: 11390 Comm: syz.0.1181 Tainted: G U syzkaller #0 PREEMPT(full) [ 402.369350][T11390] Tainted: [U]=USER [ 402.369357][T11390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 402.369371][T11390] Call Trace: [ 402.369378][T11390] [ 402.369398][T11390] dump_stack_lvl+0x16c/0x1f0 [ 402.369428][T11390] should_fail_ex+0x512/0x640 [ 402.369464][T11390] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 402.369493][T11390] should_failslab+0xc2/0x120 [ 402.369525][T11390] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 402.369551][T11390] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 402.369581][T11390] ? __d_alloc+0x32/0xae0 [ 402.369612][T11390] ? __d_alloc+0x32/0xae0 [ 402.369637][T11390] __d_alloc+0x32/0xae0 [ 402.369667][T11390] path_from_stashed+0x427/0x750 [ 402.369693][T11390] ? do_raw_read_unlock+0x44/0xe0 [ 402.369719][T11390] ns_get_path+0x60/0x80 [ 402.369743][T11390] proc_ns_get_link+0x121/0x230 [ 402.369773][T11390] ? __pfx_proc_ns_get_link+0x10/0x10 [ 402.369805][T11390] ? atime_needs_update+0x8b/0x710 [ 402.369841][T11390] ? __pfx_proc_ns_get_link+0x10/0x10 [ 402.369870][T11390] step_into+0x196c/0x21a0 [ 402.369897][T11390] ? __pfx_step_into+0x10/0x10 [ 402.369918][T11390] ? find_held_lock+0x2b/0x80 [ 402.369951][T11390] path_openat+0x6db/0x2cb0 [ 402.369986][T11390] ? __pfx_path_openat+0x10/0x10 [ 402.370013][T11390] ? __lock_acquire+0xb8a/0x1c90 [ 402.370049][T11390] do_filp_open+0x20b/0x470 [ 402.370075][T11390] ? __pfx_do_filp_open+0x10/0x10 [ 402.370121][T11390] ? alloc_fd+0x471/0x7d0 [ 402.370153][T11390] do_sys_openat2+0x11b/0x1d0 [ 402.370188][T11390] ? __pfx_do_sys_openat2+0x10/0x10 [ 402.370234][T11390] __x64_sys_openat+0x174/0x210 [ 402.370270][T11390] ? __pfx___x64_sys_openat+0x10/0x10 [ 402.370318][T11390] do_syscall_64+0xcd/0xfa0 [ 402.370346][T11390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.370370][T11390] RIP: 0033:0x7fe54098d810 [ 402.370394][T11390] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 402.370418][T11390] RSP: 002b:00007fe5418bbf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 402.370440][T11390] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe54098d810 [ 402.370456][T11390] RDX: 0000000000000002 RSI: 00007fe5418bbfa0 RDI: 00000000ffffff9c [ 402.370471][T11390] RBP: 00007fe5418bbfa0 R08: 0000000000000000 R09: 0000000000000000 [ 402.370485][T11390] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 402.370499][T11390] R13: 00007fe540be6038 R14: 00007fe540be5fa0 R15: 00007ffc866b3cd8 [ 402.370530][T11390] [ 406.791885][ T5161] Trying to write to read-only block-device sda1 [ 407.474348][T11452] ================================================================== [ 407.474366][T11452] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 407.474408][T11452] Read of size 256 at addr ffff888028cd63f8 by task syz.2.1193/11452 [ 407.474427][T11452] [ 407.474441][T11452] CPU: 1 UID: 0 PID: 11452 Comm: syz.2.1193 Tainted: G U syzkaller #0 PREEMPT(full) [ 407.474474][T11452] Tainted: [U]=USER [ 407.474482][T11452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 407.474496][T11452] Call Trace: [ 407.474503][T11452] [ 407.474512][T11452] dump_stack_lvl+0x116/0x1f0 [ 407.474538][T11452] print_report+0xcd/0x630 [ 407.474569][T11452] ? __virt_addr_valid+0x81/0x610 [ 407.474599][T11452] ? __phys_addr+0xe8/0x180 [ 407.474629][T11452] ? fbcon_prepare_logo+0xa03/0xc70 [ 407.474662][T11452] kasan_report+0xe0/0x110 [ 407.474692][T11452] ? fbcon_prepare_logo+0xa03/0xc70 [ 407.474730][T11452] kasan_check_range+0x100/0x1b0 [ 407.474765][T11452] __asan_memcpy+0x23/0x60 [ 407.474789][T11452] fbcon_prepare_logo+0xa03/0xc70 [ 407.474828][T11452] fbcon_init+0xd77/0x1900 [ 407.474862][T11452] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 407.474898][T11452] visual_init+0x320/0x620 [ 407.474933][T11452] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 407.474961][T11452] store_bind+0x61d/0x760 [ 407.474984][T11452] ? sysfs_file_kobj+0xe4/0x290 [ 407.475019][T11452] ? __pfx_store_bind+0x10/0x10 [ 407.475041][T11452] dev_attr_store+0x58/0x80 [ 407.475075][T11452] ? __pfx_dev_attr_store+0x10/0x10 [ 407.475109][T11452] sysfs_kf_write+0xf2/0x150 [ 407.475135][T11452] kernfs_fop_write_iter+0x3af/0x570 [ 407.475173][T11452] ? __pfx_sysfs_kf_write+0x10/0x10 [ 407.475200][T11452] iter_file_splice_write+0xa24/0x12e0 [ 407.475237][T11452] ? __pfx_iter_file_splice_write+0x10/0x10 [ 407.475265][T11452] ? __pfx_copy_splice_read+0x10/0x10 [ 407.475311][T11452] ? __pfx_iter_file_splice_write+0x10/0x10 [ 407.475337][T11452] direct_splice_actor+0x192/0x6c0 [ 407.475361][T11452] splice_direct_to_actor+0x345/0xa30 [ 407.475385][T11452] ? __pfx_direct_splice_actor+0x10/0x10 [ 407.475411][T11452] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 407.475439][T11452] do_splice_direct+0x174/0x240 [ 407.475461][T11452] ? __pfx_do_splice_direct+0x10/0x10 [ 407.475484][T11452] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 407.475525][T11452] ? rw_verify_area+0xcf/0x6c0 [ 407.475548][T11452] do_sendfile+0xb06/0xe50 [ 407.475574][T11452] ? __pfx_do_sendfile+0x10/0x10 [ 407.475600][T11452] ? __x64_sys_futex+0x1e0/0x4c0 [ 407.475632][T11452] ? __x64_sys_futex+0x1e9/0x4c0 [ 407.475665][T11452] __x64_sys_sendfile64+0x1d8/0x220 [ 407.475697][T11452] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 407.475733][T11452] do_syscall_64+0xcd/0xfa0 [ 407.475760][T11452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.475784][T11452] RIP: 0033:0x7fe7e5b8efc9 [ 407.475802][T11452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.475826][T11452] RSP: 002b:00007fe7e6a15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 407.475848][T11452] RAX: ffffffffffffffda RBX: 00007fe7e5de6090 RCX: 00007fe7e5b8efc9 [ 407.475865][T11452] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000002 [ 407.475879][T11452] RBP: 00007fe7e5c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 407.475894][T11452] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 407.475909][T11452] R13: 00007fe7e5de6128 R14: 00007fe7e5de6090 R15: 00007ffc217b0f38 [ 407.475933][T11452] [ 407.475941][T11452] [ 407.475946][T11452] Allocated by task 10064: [ 407.475958][T11452] kasan_save_stack+0x33/0x60 [ 407.475983][T11452] kasan_save_track+0x14/0x30 [ 407.476017][T11452] __kasan_slab_alloc+0x89/0x90 [ 407.476044][T11452] kmem_cache_alloc_node_noprof+0x28a/0x770 [ 407.476067][T11452] kmalloc_reserve+0x18b/0x2c0 [ 407.476093][T11452] __alloc_skb+0x166/0x380 [ 407.476125][T11452] netlink_alloc_large_skb+0x69/0x140 [ 407.476148][T11452] netlink_sendmsg+0x698/0xdd0 [ 407.476169][T11452] ____sys_sendmsg+0xa98/0xc70 [ 407.476194][T11452] ___sys_sendmsg+0x134/0x1d0 [ 407.476212][T11452] __sys_sendmsg+0x16d/0x220 [ 407.476230][T11452] do_syscall_64+0xcd/0xfa0 [ 407.476253][T11452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.476275][T11452] [ 407.476280][T11452] Freed by task 10064: [ 407.476290][T11452] kasan_save_stack+0x33/0x60 [ 407.476317][T11452] kasan_save_track+0x14/0x30 [ 407.476346][T11452] __kasan_save_free_info+0x3b/0x60 [ 407.476368][T11452] __kasan_slab_free+0x5f/0x80 [ 407.476396][T11452] kmem_cache_free+0x2d4/0x6c0 [ 407.476419][T11452] skb_free_head+0x1b7/0x210 [ 407.476449][T11452] skb_release_data+0x795/0x9e0 [ 407.476468][T11452] consume_skb+0xbf/0x100 [ 407.476490][T11452] netlink_unicast+0x5b2/0x870 [ 407.476511][T11452] netlink_sendmsg+0x8c8/0xdd0 [ 407.476532][T11452] ____sys_sendmsg+0xa98/0xc70 [ 407.476558][T11452] ___sys_sendmsg+0x134/0x1d0 [ 407.476576][T11452] __sys_sendmsg+0x16d/0x220 [ 407.476594][T11452] do_syscall_64+0xcd/0xfa0 [ 407.476617][T11452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.476639][T11452] [ 407.476644][T11452] The buggy address belongs to the object at ffff888028cd63c0 [ 407.476644][T11452] which belongs to the cache skbuff_small_head of size 704 [ 407.476663][T11452] The buggy address is located 56 bytes inside of [ 407.476663][T11452] freed 704-byte region [ffff888028cd63c0, ffff888028cd6680) [ 407.476686][T11452] [ 407.476692][T11452] The buggy address belongs to the physical page: [ 407.476702][T11452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28cd4 [ 407.476722][T11452] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 407.476741][T11452] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 407.476761][T11452] page_type: f5(slab) [ 407.476781][T11452] raw: 00fff00000000040 ffff888141ae8b40 ffffea0001789200 dead000000000006 [ 407.476803][T11452] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 407.476826][T11452] head: 00fff00000000040 ffff888141ae8b40 ffffea0001789200 dead000000000006 [ 407.476847][T11452] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 407.476869][T11452] head: 00fff00000000002 ffffea0000a33501 00000000ffffffff 00000000ffffffff [ 407.476890][T11452] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 407.476903][T11452] page dumped because: kasan: bad access detected [ 407.476914][T11452] page_owner tracks the page as allocated [ 407.476921][T11452] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10142, tgid 10139 (syz.0.907), ts 335504082892, free_ts 333209326980 [ 407.476961][T11452] post_alloc_hook+0x1c0/0x230 [ 407.477003][T11452] get_page_from_freelist+0x10a3/0x3a30 [ 407.477024][T11452] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 407.477046][T11452] alloc_pages_mpol+0x1fb/0x550 [ 407.477075][T11452] new_slab+0x24a/0x360 [ 407.477108][T11452] ___slab_alloc+0xdae/0x1a60 [ 407.477142][T11452] __slab_alloc.constprop.0+0x63/0x110 [ 407.477178][T11452] kmem_cache_alloc_node_noprof+0x43c/0x770 [ 407.477201][T11452] kmalloc_reserve+0x18b/0x2c0 [ 407.477225][T11452] __alloc_skb+0x166/0x380 [ 407.477257][T11452] __ip6_append_data+0x2b74/0x4740 [ 407.477287][T11452] ip6_append_data+0x1ba/0x4c0 [ 407.477317][T11452] rawv6_sendmsg+0x163e/0x4860 [ 407.477343][T11452] inet_sendmsg+0x11c/0x140 [ 407.477374][T11452] ____sys_sendmsg+0x973/0xc70 [ 407.477400][T11452] ___sys_sendmsg+0x134/0x1d0 [ 407.477418][T11452] page last free pid 10128 tgid 10128 stack trace: [ 407.477430][T11452] __free_frozen_pages+0x7df/0x1160 [ 407.477462][T11452] __put_partials+0x130/0x170 [ 407.477482][T11452] qlist_free_all+0x4d/0x120 [ 407.477505][T11452] kasan_quarantine_reduce+0x195/0x1e0 [ 407.477531][T11452] __kasan_slab_alloc+0x69/0x90 [ 407.477558][T11452] kmem_cache_alloc_noprof+0x250/0x6e0 [ 407.477580][T11452] jbd2__journal_start+0x193/0x6a0 [ 407.477600][T11452] __ext4_journal_start_sb+0x195/0x690 [ 407.477628][T11452] ext4_dirty_inode+0xa1/0x130 [ 407.477660][T11452] __mark_inode_dirty+0x1ee/0xe40 [ 407.477691][T11452] generic_update_time+0xcf/0xf0 [ 407.477718][T11452] file_update_time+0x17d/0x1c0 [ 407.477744][T11452] ext4_page_mkwrite+0x33d/0x1880 [ 407.477776][T11452] do_page_mkwrite+0x174/0x380 [ 407.477798][T11452] do_pte_missing+0x29d/0x3ba0 [ 407.477832][T11452] __handle_mm_fault+0x1556/0x2aa0 [ 407.477866][T11452] [ 407.477871][T11452] Memory state around the buggy address: [ 407.477883][T11452] ffff888028cd6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 407.477899][T11452] ffff888028cd6300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 407.477916][T11452] >ffff888028cd6380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 407.477929][T11452] ^ [ 407.477942][T11452] ffff888028cd6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 407.477959][T11452] ffff888028cd6480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 407.477972][T11452] ================================================================== [ 407.502676][T11452] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 407.502700][T11452] CPU: 1 UID: 0 PID: 11452 Comm: syz.2.1193 Tainted: G U syzkaller #0 PREEMPT(full) [ 407.502733][T11452] Tainted: [U]=USER [ 407.502741][T11452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 407.502756][T11452] Call Trace: [ 407.502764][T11452] [ 407.502772][T11452] dump_stack_lvl+0x3d/0x1f0 [ 407.502821][T11452] vpanic+0x640/0x6f0 [ 407.502857][T11452] panic+0xca/0xd0 [ 407.502889][T11452] ? __pfx_panic+0x10/0x10 [ 407.502922][T11452] ? fbcon_prepare_logo+0xa03/0xc70 [ 407.502958][T11452] ? preempt_schedule_common+0x44/0xc0 [ 407.502996][T11452] ? preempt_schedule_thunk+0x16/0x30 [ 407.503037][T11452] check_panic_on_warn+0xab/0xb0 [ 407.503073][T11452] end_report+0x107/0x170 [ 407.503104][T11452] kasan_report+0xee/0x110 [ 407.503135][T11452] ? fbcon_prepare_logo+0xa03/0xc70 [ 407.503173][T11452] kasan_check_range+0x100/0x1b0 [ 407.503210][T11452] __asan_memcpy+0x23/0x60 [ 407.503233][T11452] fbcon_prepare_logo+0xa03/0xc70 [ 407.503274][T11452] fbcon_init+0xd77/0x1900 [ 407.503308][T11452] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 407.503344][T11452] visual_init+0x320/0x620 [ 407.503381][T11452] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 407.503410][T11452] store_bind+0x61d/0x760 [ 407.503434][T11452] ? sysfs_file_kobj+0xe4/0x290 [ 407.503460][T11452] ? __pfx_store_bind+0x10/0x10 [ 407.503482][T11452] dev_attr_store+0x58/0x80 [ 407.503515][T11452] ? __pfx_dev_attr_store+0x10/0x10 [ 407.503549][T11452] sysfs_kf_write+0xf2/0x150 [ 407.503575][T11452] kernfs_fop_write_iter+0x3af/0x570 [ 407.503613][T11452] ? __pfx_sysfs_kf_write+0x10/0x10 [ 407.503640][T11452] iter_file_splice_write+0xa24/0x12e0 [ 407.503674][T11452] ? __pfx_iter_file_splice_write+0x10/0x10 [ 407.503706][T11452] ? __pfx_copy_splice_read+0x10/0x10 [ 407.503753][T11452] ? __pfx_iter_file_splice_write+0x10/0x10 [ 407.503779][T11452] direct_splice_actor+0x192/0x6c0 [ 407.503804][T11452] splice_direct_to_actor+0x345/0xa30 [ 407.503828][T11452] ? __pfx_direct_splice_actor+0x10/0x10 [ 407.503854][T11452] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 407.503881][T11452] do_splice_direct+0x174/0x240 [ 407.503904][T11452] ? __pfx_do_splice_direct+0x10/0x10 [ 407.503926][T11452] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 407.503968][T11452] ? rw_verify_area+0xcf/0x6c0 [ 407.504002][T11452] do_sendfile+0xb06/0xe50 [ 407.504028][T11452] ? __pfx_do_sendfile+0x10/0x10 [ 407.504054][T11452] ? __x64_sys_futex+0x1e0/0x4c0 [ 407.504087][T11452] ? __x64_sys_futex+0x1e9/0x4c0 [ 407.504121][T11452] __x64_sys_sendfile64+0x1d8/0x220 [ 407.504153][T11452] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 407.504189][T11452] do_syscall_64+0xcd/0xfa0 [ 407.504216][T11452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.504241][T11452] RIP: 0033:0x7fe7e5b8efc9 [ 407.504258][T11452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.504282][T11452] RSP: 002b:00007fe7e6a15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 407.504305][T11452] RAX: ffffffffffffffda RBX: 00007fe7e5de6090 RCX: 00007fe7e5b8efc9 [ 407.504321][T11452] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000002 [ 407.504336][T11452] RBP: 00007fe7e5c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 407.504350][T11452] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 407.504365][T11452] R13: 00007fe7e5de6128 R14: 00007fe7e5de6090 R15: 00007ffc217b0f38 [ 407.504389][T11452] [ 407.504457][T11452] Kernel Offset: disabled