last executing test programs: 16m6.812509754s ago: executing program 3 (id=353): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) socketpair$auto(0x1a, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000004c0), 0x22000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_START(r0, 0x54a0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) 16m6.469425578s ago: executing program 3 (id=357): ioctl$auto_NVRAM_INIT(0xffffffffffffffff, 0x7040, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/sockstat\x00', 0xc0880, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_wait$auto(0xffffffffffffffff, 0x0, 0xe007, 0xe8a4e409) read$auto(r0, 0x0, 0x80000001) prctl$auto(0x43, 0x0, 0xffffffffffffffff, 0x0, 0x0) 16m5.974033548s ago: executing program 3 (id=362): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ubifs/chk_index\x00', 0x40aa2, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0xfffffffd, 0x101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0xfffffffffffeffff, 0xc, 0x1, 0x948d, 0x3, 0x15f4da0a, 0x3, 0x3, 0x60, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x4, 0x6]}, 0x0) write$auto(r0, &(0x7f0000000040)=',/*@\x00', 0xf2) 16m4.973105226s ago: executing program 3 (id=368): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 16m4.617518115s ago: executing program 3 (id=374): mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000d40)='/sys/devices/pci0000:00/0000:00:00.0/driver_override\x00', 0x4a401, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0) read$auto(0x3, 0x0, 0x7fffffff) write$auto(0x3, 0x0, 0xfffffdef) 16m4.152110279s ago: executing program 3 (id=381): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 16m3.63422463s ago: executing program 32 (id=381): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 10m10.907628576s ago: executing program 1 (id=2923): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x7, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x2a801, 0x0) socket(0x2, 0x801, 0x100) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x121000, 0x0) socket(0x25, 0x1, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) 10m10.751694528s ago: executing program 1 (id=2926): socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) r0 = socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) close_range$auto(r0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) 10m10.592245539s ago: executing program 1 (id=2927): close_range$auto(0x0, 0xfffffffffffff000, 0x0) socket(0x11, 0x3, 0x9) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x277, 0x5, 0xffff}]}) 10m10.218991165s ago: executing program 1 (id=2930): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/run_estimation\x00', 0x88042, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) timer_settime$auto(0x0, 0x519a, &(0x7f0000000100)={{0xa6, 0x7}, {0x0, 0x3}}, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000140)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x4, 0x3}}, 0x100) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 10m10.022968002s ago: executing program 1 (id=2932): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x2, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "0000ffffff3b4000"}, 0x55) 10m9.540190897s ago: executing program 1 (id=2934): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r1, 0x0, 0x20) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mbind$auto(0x800000000000, 0x800605, 0x3, &(0x7f0000000100)=0xfffe, 0x3, 0x3) timer_create$auto(0x8, 0x0, 0x0) 10m9.102473243s ago: executing program 33 (id=2934): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r1, 0x0, 0x20) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mbind$auto(0x800000000000, 0x800605, 0x3, &(0x7f0000000100)=0xfffe, 0x3, 0x3) timer_create$auto(0x8, 0x0, 0x0) 10m2.017266962s ago: executing program 5 (id=2955): mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) shutdown$auto(0x200000003, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 10m1.715294662s ago: executing program 5 (id=2957): openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) write$auto(0x3, 0x0, 0x800) 10m0.943530127s ago: executing program 5 (id=2963): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) pidfd_open$auto(0x1, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) setrlimit$auto(0x1000000007, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x60}, 0x3) 10m0.777634773s ago: executing program 5 (id=2964): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r0 = inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) chmod$auto(0x0, 0x10fe) readv$auto(r0, &(0x7f0000000240)={0x0, 0x5}, 0xf2) 10m0.495252557s ago: executing program 5 (id=2965): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 10m0.359824507s ago: executing program 5 (id=2967): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000000)=@can={0x1d, r2}, 0x6a) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 9m45.237490178s ago: executing program 34 (id=2967): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000000)=@can={0x1d, r2}, 0x6a) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 9.32161714s ago: executing program 6 (id=5389): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x401, r3, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9c, 0x7, 0x8}, 0x9) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x4}, 0xc) 9.000733963s ago: executing program 6 (id=5390): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/blkio.bfq.weight\x00', 0x321401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff038}}) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, 0x0, 0x8044) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x8000, 0x0) socketpair$auto(0x409, 0x5, 0xffffffff, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) 7.238935193s ago: executing program 0 (id=5395): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) socket(0x23, 0x5, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = socket(0x2b, 0x1, 0x1) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)="b38fc65a6042f2dc99df8ce9af2a56fcfe744238519bceaee0") munmap$auto(0x8000, 0xffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) getsockopt$auto_SO_ZEROCOPY(r0, 0x7, 0x3c, 0x0, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) 6.222097084s ago: executing program 6 (id=5397): socket(0x2, 0x3, 0x100) r0 = socket(0x18, 0x80002, 0x8000004) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, 0x0, 0x80) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0400, 0x0) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2082, 0x0) write$auto(r2, 0x0, 0x5) fsync$auto(0xffffffffffffffff) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x400, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0xc4428) socket(0x29, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x6) recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) 5.348752495s ago: executing program 0 (id=5399): mmap$auto(0x0, 0x400008, 0x4, 0x40009b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x89, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000000)={0x1c800000, 0x0, [{0x6, 0x3fd, 0x80000000}, {0x3, 0x10000, 0xba}]}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) socket(0x23, 0x5, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r1 = socket(0x2b, 0x1, 0x1) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) munmap$auto(0x8000, 0xffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) getsockopt$auto_SO_ZEROCOPY(r1, 0x7, 0x3c, &(0x7f00000000c0)='/dev/nullb0\x00', &(0x7f0000000100)=0x8efd) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) 3.890872271s ago: executing program 0 (id=5400): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x8, 0x5, 0x100000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) write$auto(0x3, 0x0, 0x3f00) 3.890750208s ago: executing program 4 (id=5401): socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x0, 0x0) socketpair$auto(0x1b, 0x9, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 3.663697125s ago: executing program 6 (id=5403): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket(0x10, 0x80002, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) bind$auto(r0, &(0x7f0000000000)=@l2tp={0x2, 0x0, @rand_addr=0x64010101}, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/freezer.state\x00', 0x10b342, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/arp\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000100)=""/92, 0x5c) pwrite64$auto(r1, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0x2, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100)='1', 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100253d7000fddbdf2501000000100007800c00018008000180000000000c00020006000000000000000be3a46afd0be8b30ae5a1888b29b6f09c487ade6458bf30b8df6643443fcf24e9c68feacb64552678037663ed6ab4029153d01062d4585b7381f9d59c065118d7f6"], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8880) madvise$auto(0x0, 0xffffffffffff0001, 0x15) futex$auto(0x0, 0x7, 0x9, 0x0, 0x0, 0x80000001) 3.632937805s ago: executing program 4 (id=5404): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) setsockopt$auto_SO_RCVLOWAT(r1, 0x0, 0x12, &(0x7f0000000340)='7\x00\x00\xec\x007\xfe(\xbd\xb0\x86\xe0K\xcf\xcf\x8d\xf2S6\x9e\x81\xcdc\xd7\x19-7\xc2\x89\x9d\x8cR`\xab6F\xd6O\x8b[\"\x80\xd0\xd2!\xc5\xdf\x8c&\xbd\x12\xb0\xa9v\vK\xfe+\xfb4\x02l\t5:a\xbf\xaf\xe3VX\x8d/l\f\xef\x1c\xc9\x13\xf6\x86\xb9N\xeeq\'\xb8\xb0\xa4\xd8\x94\xb8\xbc\b1\xc5\xb7\xca\x8e\x94\x0e\xc9\x99C\x97\xc2]\x80,\xaa\xf5\x17\xacnQ>\aH\xf6\xd6`/f\xcf\x8d\xaa\x00\xd5\x91\x9f\x96\xc6\xa4\'N\xebE\x8b', 0x1) unshare$auto(0x40000080) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ati_remote2/parameters/channel_mask\x00', 0x1e1842, 0x0) write$auto(r2, &(0x7f0000000180)='7\x00\x00\xec\x007\xfe(\xbd\xb0\x86\xe0K\xcf\xcf\x8d\xf2S6\x9e\x81\xcdc\xd7\x19-7\xc2\x89\x9d\x8cR`\xab6F\xd6O\x8b[\"\x80\xd0\xd2!\xc5\xdf\x8c&\xbd\x12\xb0\xa9v\vK\xfe+\xfb4\x02l\t5:a\xbf\xaf\xe3VX\x8d/l\f\xef\x1c\xc9\x13\xf6\x86\xb9N\xeeq\'\xb8\xb0\xa4\xd8\x94\xb8\xbc\b1\xc5\xb7\xca\x8e\x94\x0e\xc9\x99C\x97\xc2]\x80,\xaa\xf5\x17\xacnQ>\aH\xf6\xd6`/f\xcf\x8d\xaa\x00\xd5\x91\x9f\x96\xc6\xa4\'N\xebE\x8b', 0x400000000003) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000040)=0x5) read$auto(r3, 0x0, 0x800) socket$nl_generic(0x10, 0x3, 0x10) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @integer64={0x0, 0x401, 0x7}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f0000000080)={{@raw=0x2, 0x7ff, 0xa, 0x7, "26d718b7d3ee69350e4ede7079dcb0c24c8aa1e3c7ee2e00308b8a7d74b0a707f7045e6d035b196ca83379bb", @raw=0x4}, 0xfffffffc, 0x0, 0x2, @raw=0x31c7bc85, @integer={0x101, 0x3ff, 0xa39}, "18a817f26a5c7f8773b2dbc01ac4bd5359eeadc8357752b72fa176254d8797cdffd02539e383a07983eeddcd24b626f54ad9d763dcdc91a4af8b7c848ceb55a7"}) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) ioctl$auto_VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1}) 3.582792132s ago: executing program 2 (id=5405): socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) timerfd_create$auto(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=r0, 0x4, @old_map_fd=r1}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 3.411351642s ago: executing program 2 (id=5406): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x9, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 2.879789995s ago: executing program 4 (id=5407): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) 2.553937966s ago: executing program 4 (id=5408): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r3, 0x0, 0x20) writev$auto(r2, &(0x7f0000000200)={0x0, 0x3}, 0x3) writev$auto(0x3, &(0x7f0000000100)={0x0, 0xd24}, 0x8) bind$auto(0x3, 0x0, 0x9) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, 0x0, 0xc800) close_range$auto(0x2, 0x8, 0x0) 2.549936032s ago: executing program 0 (id=5416): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, 0x0, 0x4) rseq$auto(0x0, 0x8000, 0x0, 0x6) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 1.73752752s ago: executing program 6 (id=5409): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) bind$auto(r0, 0x0, 0x6f) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 1.683879524s ago: executing program 2 (id=5410): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/device_info\x00', 0x8002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000000)=@task_fd_query={0x0, 0xffffffffffffffff, 0xb0, 0x8bd, 0x8, 0x2, 0xffffffffffffffff, 0x6, 0x6}, 0xa3) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_map_fd=r1}, 0xa3) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000240)="22edd92f26639ec07e6e5d09f20c7c160a4dc5023a92446435820bd54b8004043262db0a8686bd579dcf16f50e9bfa20abfa3a", 0x33) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec2\x00', 0x20081, 0x0) ioctl$auto_CEC_TRANSMIT(r2, 0xc0386105, &(0x7f0000000080)={0x40000000001, 0x1, 0x7, 0x8, 0x2, 0xcb, "8a9750a07c00", 0x6, 0x6, 0x6, 0x9, 0x8, 0x5, 0x81}) r3 = socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r3, 0x84, 0x82, 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x20040894) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x4, 0x4008) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x06\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') 1.391145227s ago: executing program 0 (id=5411): select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0x0, 0x6, 0xf, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000240)="e3", 0x1}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0xc0481, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='%!\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fbdbdf250300000009000200cacd2dff11000000040012"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0xb06af94f6e038a6) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x3f, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001200c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) read$auto(0x3, 0x0, 0x7) 1.187633564s ago: executing program 2 (id=5412): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) read$auto(0xffffffffffffffff, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.8/usb26/descriptors\x00', 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 1.018906893s ago: executing program 2 (id=5413): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x4008004) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto(0x3, 0x541b, 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) futex$auto(0x0, 0x6, 0x100001f, 0x0, 0x0, 0x440a48d6) unshare$auto(0x40000080) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x1a1000, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop5\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca437c4d1316833843180bb151ed36e8ce6cb454168d6c", 0x3ff, 0x5, 0x1000, 0x11, 0x401, r0}) ioctl$auto_BLKTRACESTART(r1, 0x1274, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0xfb1, 0x400, 0x3ff, 0x19, 0xffffffffffffffff, 0xa4a) prctl$auto(0x3d, 0x40005, 0x0, 0x6, 0x3) 928.187179ms ago: executing program 4 (id=5414): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1e}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x8001) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) write$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000200), r0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'vlan0\x00', 0x0}) sendmsg$auto_WG_CMD_GET_DEVICE(r5, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r6, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'vlan0\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r7}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x8}, @WGDEVICE_A_PEERS={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008084}, 0xc019) ioctl$auto_KVM_GET_MSRS(r2, 0x4068aea3, &(0x7f0000000080)={0xa3}) 614.638551ms ago: executing program 6 (id=5415): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/usbcore/parameters/quirks\x00', 0x250200, 0x0) sendfile$auto(r0, 0xffffffffffffffff, 0x0, 0x400000005) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0) timer_create$auto(0x1, 0x0, 0x0) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x400000000f, 0x10007}, {0x9}}, 0x0) timer_gettime$auto(0x0, 0x0) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20804, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder1\x00', 0x189160, 0x0) ioctl$auto_BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r2, 0x40046210, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200008, 0x19) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) write$auto(r3, 0x0, 0x0) 562.152423ms ago: executing program 4 (id=5417): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x20009, 0x1000000000000df, 0x13, 0x401, 0x400) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0xe8) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0x1, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129a00, 0x0) r4 = socket(0x10, 0x2, 0x4) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_DEV_GET(r4, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000000440)={0x14, r5, 0x1, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x28044004) ioctl$auto(r3, 0x900064b5, 0xc14) socket(0x28, 0x5, 0x0) socket(0x28, 0x801, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) 5.885886ms ago: executing program 2 (id=5418): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 0s ago: executing program 0 (id=5426): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) getcwd$auto(0x0, 0x7) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/current_tracer\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000040)='%\x00', 0x81ff) writev$auto(r0, &(0x7f0000000200)={&(0x7f0000000140), 0x5}, 0x5) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000003b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c040}, 0x10000040) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) kernel console output (not intermixed with test programs): 0000000ffffffff 00000000ffffffff [ 648.393556][T17421] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 648.402708][T17421] page dumped because: unmovable page [ 648.408528][T17421] page_owner tracks the page as allocated [ 648.414272][T17421] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5838, tgid 5838 (syz-executor), ts 86376879123, free_ts 55313414390 [ 648.586918][T17421] post_alloc_hook+0x1af/0x220 [ 648.591759][T17421] get_page_from_freelist+0xd0b/0x31a0 [ 648.709110][T17421] __alloc_frozen_pages_noprof+0x25f/0x2440 [ 648.800983][T17421] alloc_pages_mpol+0x1fb/0x550 [ 648.825174][T17421] new_slab+0x2c3/0x430 [ 648.901478][T17421] ___slab_alloc+0xe18/0x1c90 [ 648.963956][T17421] __slab_alloc.constprop.0+0x63/0x110 [ 648.994712][T17421] __kmalloc_cache_noprof+0x477/0x800 [ 649.000138][T17421] batadv_hard_if_event+0xb13/0x14f0 [ 649.078886][T17421] notifier_call_chain+0xbc/0x3e0 [ 649.084082][T17421] call_netdevice_notifiers_info+0xbe/0x110 [ 649.265046][T17421] register_netdevice+0x1792/0x21d0 [ 649.323017][T17421] veth_newlink+0x44d/0xa00 [ 649.417937][T17421] rtnl_newlink+0xc19/0x1f50 [ 649.444180][T17421] rtnetlink_rcv_msg+0x95e/0xe90 [ 649.449341][T17421] netlink_rcv_skb+0x158/0x420 [ 649.604227][T17421] page last free pid 5558 tgid 5558 stack trace: [ 649.674037][T17421] __free_frozen_pages+0x7df/0x1160 [ 649.746191][T17421] __put_partials+0x130/0x170 [ 649.797674][T17421] qlist_free_all+0x4c/0xf0 [ 649.846603][T17421] kasan_quarantine_reduce+0x195/0x1e0 [ 649.910355][T17421] __kasan_slab_alloc+0x69/0x90 [ 649.990605][T17421] kmem_cache_alloc_noprof+0x250/0x760 [ 649.996147][T17421] getname_flags.part.0+0x4c/0x550 [ 650.083624][T17421] getname_flags+0x93/0xf0 [ 650.088098][T17421] vfs_fstatat+0xe1/0xf0 [ 650.189549][T17421] __do_sys_newfstatat+0x97/0x120 [ 650.194649][T17421] do_syscall_64+0xcd/0xf80 [ 650.300753][T17421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.019348][T17460] FAULT_INJECTION: forcing a failure. [ 651.019348][T17460] name failslab, interval 1, probability 393216, space 0, times 0 [ 651.033669][T17460] CPU: 0 UID: 0 PID: 17460 Comm: syz.4.3712 Tainted: G U syzkaller #0 PREEMPT(full) [ 651.033711][T17460] Tainted: [U]=USER [ 651.033719][T17460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 651.033742][T17460] Call Trace: [ 651.033751][T17460] [ 651.033762][T17460] dump_stack_lvl+0x16c/0x1f0 [ 651.033795][T17460] should_fail_ex+0x512/0x640 [ 651.033821][T17460] ? __kmalloc_cache_noprof+0x5f/0x800 [ 651.033859][T17460] should_failslab+0xc2/0x120 [ 651.033886][T17460] __kmalloc_cache_noprof+0x72/0x800 [ 651.033919][T17460] ? drm_atomic_helper_setup_commit+0x63a/0x15d0 [ 651.033967][T17460] ? drm_atomic_helper_setup_commit+0x63a/0x15d0 [ 651.034007][T17460] ? __pfx___drm_dev_dbg+0x10/0x10 [ 651.034033][T17460] drm_atomic_helper_setup_commit+0x63a/0x15d0 [ 651.034087][T17460] drm_atomic_helper_commit+0xa9/0x380 [ 651.034113][T17460] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 651.034154][T17460] drm_atomic_commit+0x234/0x300 [ 651.034179][T17460] ? __pfx_drm_atomic_commit+0x10/0x10 [ 651.034203][T17460] ? __pfx___drm_printfn_info+0x10/0x10 [ 651.034237][T17460] ? drm_client_rotation+0x4da/0x6a0 [ 651.034269][T17460] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 651.034306][T17460] ? __mutex_lock+0x27b/0x1b10 [ 651.034333][T17460] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 651.034358][T17460] ? trace_contention_end+0xdd/0x110 [ 651.034439][T17460] drm_client_modeset_commit_locked+0x14d/0x580 [ 651.034473][T17460] drm_client_modeset_commit+0x4f/0x80 [ 651.034500][T17460] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 651.034543][T17460] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 651.034579][T17460] drm_fbdev_client_restore+0x2c/0x40 [ 651.034612][T17460] drm_client_dev_restore+0x1f6/0x2a0 [ 651.034636][T17460] ? drm_close_helper.isra.0+0x186/0x1f0 [ 651.034681][T17460] drm_release+0x2c4/0x360 [ 651.034708][T17460] ? __pfx_drm_release+0x10/0x10 [ 651.034735][T17460] __fput+0x402/0xb70 [ 651.034776][T17460] task_work_run+0x150/0x240 [ 651.034809][T17460] ? __pfx_task_work_run+0x10/0x10 [ 651.034836][T17460] ? __do_sys_close_range+0x278/0x730 [ 651.034879][T17460] exit_to_user_mode_loop+0xfb/0x540 [ 651.034920][T17460] do_syscall_64+0x4ee/0xf80 [ 651.034949][T17460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.034975][T17460] RIP: 0033:0x7f8b3a18f7c9 [ 651.034996][T17460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 651.035019][T17460] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 651.035043][T17460] RAX: 0000000000000000 RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 651.035060][T17460] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 651.035075][T17460] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 651.035091][T17460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.035106][T17460] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 651.035148][T17460] [ 653.116120][T17480] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3720'. [ 653.281361][T17480] veth1_macvtap: left promiscuous mode [ 654.609332][T17498] futex_wake_op: syz.4.3723 tries to shift op by -2048; fix this program [ 657.428162][T17528] random: crng reseeded on system resumption [ 664.233882][T17614] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 664.514166][T17617] svc: failed to register nfsdv3 RPC service (errno 111). [ 664.623667][T17617] svc: failed to register nfsaclv3 RPC service (errno 111). [ 665.310712][T17635] netlink: 'syz.2.3765': attribute type 10 has an invalid length. [ 665.329919][T17635] netlink: 230 bytes leftover after parsing attributes in process `syz.2.3765'. [ 665.408173][T17635] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 666.580964][T17642] netlink: 226 bytes leftover after parsing attributes in process `syz.0.3768'. [ 666.609701][T17642] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3768'. [ 666.632780][T17642] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 666.913690][T17644] zswap: compressor not available [ 667.774905][T17667] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3773'. [ 667.809766][T17667] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3773'. [ 669.452108][T17678] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3776'. [ 669.597319][T17678] netlink: 354 bytes leftover after parsing attributes in process `syz.6.3776'. [ 670.568961][T17690] zswap: compressor not available [ 671.822207][T17708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3783'. [ 672.094901][T17708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3783'. [ 672.200777][T17695] kexec: Could not allocate control_code_buffer [ 672.712546][T17725] FAULT_INJECTION: forcing a failure. [ 672.712546][T17725] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 672.823748][T17725] CPU: 1 UID: 0 PID: 17725 Comm: syz.4.3787 Tainted: G U syzkaller #0 PREEMPT(full) [ 672.823792][T17725] Tainted: [U]=USER [ 672.823799][T17725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 672.823815][T17725] Call Trace: [ 672.823823][T17725] [ 672.823833][T17725] dump_stack_lvl+0x16c/0x1f0 [ 672.823862][T17725] should_fail_ex+0x512/0x640 [ 672.823894][T17725] _copy_to_iter+0x463/0x1710 [ 672.823926][T17725] ? __pfx__copy_to_iter+0x10/0x10 [ 672.823951][T17725] ? const_folio_flags+0x5b/0x100 [ 672.823982][T17725] ? folio_mark_accessed+0xc1/0xbf0 [ 672.824017][T17725] ? __pfx_folio_mark_accessed+0x10/0x10 [ 672.824058][T17725] copy_page_to_iter+0x12a/0x1e0 [ 672.824087][T17725] filemap_read+0x6b1/0xe40 [ 672.824133][T17725] ? __pfx_filemap_read+0x10/0x10 [ 672.824190][T17725] ? __pfx_down_read+0x10/0x10 [ 672.824219][T17725] ? __pfx_aa_file_perm+0x10/0x10 [ 672.824256][T17725] blkdev_read_iter+0x1ac/0x500 [ 672.824293][T17725] do_iter_readv_writev+0x743/0x9e0 [ 672.824329][T17725] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 672.824359][T17725] ? common_file_perm+0x1b1/0x500 [ 672.824382][T17725] ? bpf_lsm_file_permission+0x9/0x10 [ 672.824423][T17725] ? security_file_permission+0x71/0x210 [ 672.824451][T17725] ? rw_verify_area+0xcf/0x6c0 [ 672.824490][T17725] vfs_readv+0x4cb/0x8b0 [ 672.824529][T17725] ? __pfx_vfs_readv+0x10/0x10 [ 672.824592][T17725] ? __fget_files+0x20e/0x3c0 [ 672.824625][T17725] ? do_readv+0x132/0x340 [ 672.824656][T17725] do_readv+0x132/0x340 [ 672.824692][T17725] ? __pfx_do_readv+0x10/0x10 [ 672.824730][T17725] ? xfd_validate_state+0x61/0x180 [ 672.824775][T17725] __x64_sys_preadv2+0x11f/0x160 [ 672.824806][T17725] do_syscall_64+0xcd/0xf80 [ 672.824834][T17725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.824859][T17725] RIP: 0033:0x7f8b3a18f7c9 [ 672.824882][T17725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.824905][T17725] RSP: 002b:00007f8b383b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 672.824930][T17725] RAX: ffffffffffffffda RBX: 00007f8b3a3e6180 RCX: 00007f8b3a18f7c9 [ 672.824949][T17725] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000006 [ 672.824964][T17725] RBP: 00007f8b3a213f91 R08: 0000000000000004 R09: 000000000000002e [ 672.824981][T17725] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 672.825002][T17725] R13: 00007f8b3a3e6218 R14: 00007f8b3a3e6180 R15: 00007ffe1f047d38 [ 672.825040][T17725] [ 673.736612][T17726] random: crng reseeded on system resumption [ 675.954905][T17752] zswap: compressor not available [ 680.337497][T17808] futex_wake_op: syz.0.3812 tries to shift op by -2048; fix this program [ 681.378323][T17823] netlink: 50 bytes leftover after parsing attributes in process `syz.4.3816'. [ 682.906684][T17829] kexec: Could not allocate control_code_buffer [ 683.207932][T17850] zswap: compressor not available [ 683.617609][T17862] input: 00 [ 683.617609][T17862] as /devices/virtual/input/input21 [ 683.666621][T17862] FAULT_INJECTION: forcing a failure. [ 683.666621][T17862] name failslab, interval 1, probability 393216, space 0, times 0 [ 683.753900][T17862] CPU: 0 UID: 0 PID: 17862 Comm: syz.4.3825 Tainted: G U syzkaller #0 PREEMPT(full) [ 683.753940][T17862] Tainted: [U]=USER [ 683.753949][T17862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 683.753962][T17862] Call Trace: [ 683.753970][T17862] [ 683.753980][T17862] dump_stack_lvl+0x16c/0x1f0 [ 683.754000][T17862] should_fail_ex+0x512/0x640 [ 683.754015][T17862] ? __kmalloc_node_track_caller_noprof+0xcb/0x910 [ 683.754039][T17862] should_failslab+0xc2/0x120 [ 683.754055][T17862] __kmalloc_node_track_caller_noprof+0xde/0x910 [ 683.754075][T17862] ? kstrdup_const+0x63/0x80 [ 683.754095][T17862] ? kstrdup+0x53/0x100 [ 683.754109][T17862] kstrdup+0x53/0x100 [ 683.754126][T17862] kstrdup_const+0x63/0x80 [ 683.754142][T17862] __kernfs_new_node+0x9b/0x8d0 [ 683.754163][T17862] ? __pfx___kernfs_new_node+0x10/0x10 [ 683.754185][T17862] ? find_held_lock+0x2b/0x80 [ 683.754205][T17862] ? kernfs_root+0xee/0x2a0 [ 683.754236][T17862] kernfs_new_node+0x13c/0x1e0 [ 683.754276][T17862] kernfs_create_link+0xcc/0x240 [ 683.754304][T17862] sysfs_do_create_link_sd+0x90/0x140 [ 683.754336][T17862] sysfs_create_link+0x61/0xc0 [ 683.754357][T17862] device_add+0xb14/0x1950 [ 683.754373][T17862] ? __pfx_device_add+0x10/0x10 [ 683.754386][T17862] ? __pfx_exact_lock+0x10/0x10 [ 683.754402][T17862] ? kobject_get+0xbb/0x150 [ 683.754418][T17862] cdev_device_add+0xc2/0x1e0 [ 683.754433][T17862] evdev_connect+0x3a4/0x4c0 [ 683.754456][T17862] input_attach_handler.isra.0+0x176/0x250 [ 683.754477][T17862] input_register_device+0xab9/0x1180 [ 683.754498][T17862] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 683.754513][T17862] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 683.754531][T17862] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 683.754550][T17862] ? find_held_lock+0x2b/0x80 [ 683.754586][T17862] ? __pfx_uinput_ioctl+0x10/0x10 [ 683.754602][T17862] __x64_sys_ioctl+0x18e/0x210 [ 683.754623][T17862] do_syscall_64+0xcd/0xf80 [ 683.754639][T17862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.754653][T17862] RIP: 0033:0x7f8b3a18f7c9 [ 683.754665][T17862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 683.754679][T17862] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 683.754693][T17862] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 683.754702][T17862] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004 [ 683.754713][T17862] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 683.754721][T17862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 683.754729][T17862] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 683.754747][T17862] [ 684.411142][T17862] input: failed to attach handler evdev to device input21, error: -12 [ 684.798867][T17867] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 687.437593][T17903] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3835'. [ 687.620590][T17894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 687.761335][T17894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 687.822956][T17894] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 687.845705][T17894] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 687.973274][T17908] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3837'. [ 688.001491][T17908] netlink: 'syz.6.3837': attribute type 1 has an invalid length. [ 688.030346][T17908] netlink: 13 bytes leftover after parsing attributes in process `syz.6.3837'. [ 688.403476][T17914] FAULT_INJECTION: forcing a failure. [ 688.403476][T17914] name fail_futex, interval 1, probability 0, space 0, times 1 [ 688.416786][T17914] CPU: 0 UID: 0 PID: 17914 Comm: syz.6.3839 Tainted: G U syzkaller #0 PREEMPT(full) [ 688.416829][T17914] Tainted: [U]=USER [ 688.416838][T17914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 688.416854][T17914] Call Trace: [ 688.416862][T17914] [ 688.416872][T17914] dump_stack_lvl+0x16c/0x1f0 [ 688.416910][T17914] should_fail_ex+0x512/0x640 [ 688.416943][T17914] should_fail_futex+0x4c/0x60 [ 688.416973][T17914] futex_lock_pi_atomic+0x127/0xc50 [ 688.417016][T17914] futex_lock_pi+0x23f/0x7c0 [ 688.417058][T17914] ? __pfx_futex_lock_pi+0x10/0x10 [ 688.417092][T17914] ? __futex_wait+0x24b/0x2f0 [ 688.417156][T17914] ? futex_private_hash_put+0x160/0x1b0 [ 688.417192][T17914] ? __pfx_futex_wake_mark+0x10/0x10 [ 688.417239][T17914] ? ksys_write+0x190/0x250 [ 688.417270][T17914] do_futex+0x11a/0x350 [ 688.417301][T17914] ? __pfx_do_futex+0x10/0x10 [ 688.417343][T17914] __x64_sys_futex+0x1e0/0x4c0 [ 688.417377][T17914] ? fput+0x70/0xf0 [ 688.417404][T17914] ? __pfx___x64_sys_futex+0x10/0x10 [ 688.417435][T17914] ? ksys_write+0x1ac/0x250 [ 688.417458][T17914] ? __pfx_ksys_write+0x10/0x10 [ 688.417492][T17914] do_syscall_64+0xcd/0xf80 [ 688.417520][T17914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.417546][T17914] RIP: 0033:0x7f40d6d8f7c9 [ 688.417567][T17914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.417590][T17914] RSP: 002b:00007f40d7c07038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 688.417614][T17914] RAX: ffffffffffffffda RBX: 00007f40d6fe5fa0 RCX: 00007f40d6d8f7c9 [ 688.417631][T17914] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 688.417646][T17914] RBP: 00007f40d6e13f91 R08: 0000000000000000 R09: 000000008000fff5 [ 688.417662][T17914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 688.417678][T17914] R13: 00007f40d6fe6038 R14: 00007f40d6fe5fa0 R15: 00007fffd2c57a08 [ 688.417715][T17914] [ 688.745836][T17920] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3841'. [ 688.854526][T17923] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3842'. [ 689.378071][T17932] Unable to find swap-space signature [ 689.675171][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout [ 689.752772][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 689.834041][T13294] Bluetooth: hci2: command 0x0406 tx timeout [ 689.930388][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout [ 689.932941][T17939] netlink: 350 bytes leftover after parsing attributes in process `syz.0.3847'. [ 690.154770][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.161688][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.133346][T17963] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3852'. [ 693.011864][T17998] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3861'. [ 693.357135][T18005] Dead loop on virtual device ip6_vti0, fix it urgently! [ 693.374691][T18005] Dead loop on virtual device ip6_vti0, fix it urgently! [ 693.383376][T18005] Dead loop on virtual device ip6_vti0, fix it urgently! [ 693.415099][T18005] Dead loop on virtual device ip6_vti0, fix it urgently! [ 693.423711][T18005] Dead loop on virtual device ip6_vti0, fix it urgently! [ 693.453984][T18005] Dead loop on virtual device ip6_vti0, fix it urgently! [ 693.753089][T18009] ubi1: attaching mtd1 [ 693.769171][T18009] ubi1 error: ubi_attach_mtd_dev: bad VID header (266109) or data offsets (266173) [ 695.782869][T18024] netlink: 350 bytes leftover after parsing attributes in process `syz.4.3870'. [ 696.385539][T18049] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3878'. [ 697.047657][T18051] ubi1: attaching mtd1 [ 697.051778][T18051] ubi1 error: ubi_attach_mtd_dev: bad VID header (266109) or data offsets (266173) [ 699.118754][T18075] vhci_hcd: invalid port number 9 [ 699.262526][T18082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3888'. [ 699.301200][T18082] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3888'. [ 699.454531][T18079] FAULT_INJECTION: forcing a failure. [ 699.454531][T18079] name failslab, interval 1, probability 393216, space 0, times 0 [ 699.592591][T18079] CPU: 0 UID: 0 PID: 18079 Comm: syz.4.3887 Tainted: G U syzkaller #0 PREEMPT(full) [ 699.592634][T18079] Tainted: [U]=USER [ 699.592643][T18079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 699.592656][T18079] Call Trace: [ 699.592664][T18079] [ 699.592678][T18079] dump_stack_lvl+0x16c/0x1f0 [ 699.592705][T18079] should_fail_ex+0x512/0x640 [ 699.592727][T18079] ? kmem_cache_alloc_noprof+0x62/0x760 [ 699.592757][T18079] should_failslab+0xc2/0x120 [ 699.592778][T18079] kmem_cache_alloc_noprof+0x75/0x760 [ 699.592809][T18079] ? ptlock_alloc+0x1f/0x70 [ 699.592839][T18079] ? ptlock_alloc+0x1f/0x70 [ 699.592873][T18079] ptlock_alloc+0x1f/0x70 [ 699.592899][T18079] pte_alloc_one+0x84/0x350 [ 699.592933][T18079] do_pte_missing+0x1b47/0x4000 [ 699.592967][T18079] ? __pmd_alloc+0x64f/0x8b0 [ 699.592991][T18079] __handle_mm_fault+0x154b/0x2ad0 [ 699.593023][T18079] ? __pfx___handle_mm_fault+0x10/0x10 [ 699.593070][T18079] ? find_vma+0xbf/0x140 [ 699.593113][T18079] ? __pfx_find_vma+0x10/0x10 [ 699.593152][T18079] handle_mm_fault+0x3fe/0xad0 [ 699.593187][T18079] do_user_addr_fault+0x2e4/0xda0 [ 699.593217][T18079] ? rcu_is_watching+0x12/0xc0 [ 699.593256][T18079] exc_page_fault+0x64/0xc0 [ 699.593283][T18079] asm_exc_page_fault+0x26/0x30 [ 699.593309][T18079] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 699.593342][T18079] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 699.593365][T18079] RSP: 0018:ffffc90003b67da0 EFLAGS: 00050212 [ 699.593388][T18079] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000010 [ 699.593405][T18079] RDX: fffff5200076cfd2 RSI: 0000000000000000 RDI: ffffc90003b67e80 [ 699.593422][T18079] RBP: 0000000000000010 R08: 0000000000000001 R09: fffff5200076cfd1 [ 699.593437][T18079] R10: ffffc90003b67e8f R11: 00000000ffffffff R12: 0000000000000000 [ 699.593451][T18079] R13: ffffc90003b67e80 R14: 1ffff9200076cfc4 R15: ffffc90003b67e80 [ 699.593487][T18079] _copy_from_user+0x98/0xd0 [ 699.593515][T18079] write_ldt+0xfc/0xd20 [ 699.593551][T18079] ? __pfx_write_ldt+0x10/0x10 [ 699.593580][T18079] ? fput+0x70/0xf0 [ 699.593612][T18079] ? __pfx_ksys_write+0x10/0x10 [ 699.593643][T18079] __x64_sys_modify_ldt+0xb1/0x170 [ 699.593674][T18079] do_syscall_64+0xcd/0xf80 [ 699.593700][T18079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 699.593723][T18079] RIP: 0033:0x7f8b3a18f7c9 [ 699.593743][T18079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 699.593765][T18079] RSP: 002b:00007f8b383d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 699.593787][T18079] RAX: ffffffffffffffda RBX: 00007f8b3a3e6090 RCX: 00007f8b3a18f7c9 [ 699.593803][T18079] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000001 [ 699.593818][T18079] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 699.593833][T18079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 699.593847][T18079] R13: 00007f8b3a3e6128 R14: 00007f8b3a3e6090 R15: 00007ffe1f047d38 [ 699.593895][T18079] [ 702.716754][T18122] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3899'. [ 702.824976][T18122] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3899'. [ 705.178749][T18148] netlink: 'syz.6.3905': attribute type 27 has an invalid length. [ 705.202923][T18148] netlink: 'syz.6.3905': attribute type 28 has an invalid length. [ 705.230805][T18148] netlink: 'syz.6.3905': attribute type 29 has an invalid length. [ 705.255069][T18148] netlink: 'syz.6.3905': attribute type 30 has an invalid length. [ 705.292634][T18148] netlink: 'syz.6.3905': attribute type 31 has an invalid length. [ 705.314798][T18150] netlink: 46 bytes leftover after parsing attributes in process `syz.0.3906'. [ 705.324099][T18148] netlink: 'syz.6.3905': attribute type 32 has an invalid length. [ 705.344736][T18148] netlink: 'syz.6.3905': attribute type 33 has an invalid length. [ 705.372180][T18148] netlink: 'syz.6.3905': attribute type 35 has an invalid length. [ 705.389348][T18148] netlink: 'syz.6.3905': attribute type 37 has an invalid length. [ 705.491071][T18148] netlink: 'syz.6.3905': attribute type 39 has an invalid length. [ 705.519735][T18148] netlink: 14 bytes leftover after parsing attributes in process `syz.6.3905'. [ 706.194137][T18166] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3911'. [ 707.552202][T18186] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 708.743673][ T5852] Bluetooth: hci1: Malformed Event: 0x02 [ 709.233124][T18208] netlink: 306 bytes leftover after parsing attributes in process `syz.0.3923'. [ 709.685862][T18220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3928'. [ 710.785158][T18227] Unable to find swap-space signature [ 714.127626][T18263] random: crng reseeded on system resumption [ 715.799428][T18286] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3947'. [ 716.994389][ T30] audit: type=1800 audit(4295004170.636:20): pid=18298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3950" name="discovery_nqn" dev="configfs" ino=123672 res=0 errno=0 [ 717.713451][T18305] validate_nla: 1 callbacks suppressed [ 717.713472][T18305] netlink: 'syz.4.3953': attribute type 10 has an invalid length. [ 717.727385][T18305] netlink: 230 bytes leftover after parsing attributes in process `syz.4.3953'. [ 717.780540][T18305] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 720.483157][T18343] netlink: 'syz.0.3966': attribute type 5 has an invalid length. [ 720.503110][T18343] netlink: 'syz.0.3966': attribute type 1 has an invalid length. [ 720.510852][T18343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3966'. [ 720.604548][T18348] netlink: 'syz.0.3966': attribute type 5 has an invalid length. [ 720.682092][T18348] netlink: 'syz.0.3966': attribute type 1 has an invalid length. [ 720.744252][T18348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3966'. [ 724.194163][T18399] netlink: 98 bytes leftover after parsing attributes in process `syz.4.3984'. [ 731.252311][T18486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4014'. [ 731.349800][T18491] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4014'. [ 732.770126][T18496] sp0: Synchronizing with TNC [ 734.575445][T18518] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4024'. [ 735.460281][T18534] sp0: Synchronizing with TNC [ 737.664780][T18567] Unable to find swap-space signature [ 740.204621][T18604] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4042'. [ 742.947363][T18646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4053'. [ 743.688964][T18658] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4057'. [ 746.448206][T18666] input: jJǸ-9%vJ86 as /devices/virtual/input/input23 [ 750.350050][T18776] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4078'. [ 751.277434][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 751.283840][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.101026][T18809] netlink: 350 bytes leftover after parsing attributes in process `syz.2.4090'. [ 753.179455][T18824] netlink: 'syz.0.4101': attribute type 1 has an invalid length. [ 753.187636][T18824] netlink: 13 bytes leftover after parsing attributes in process `syz.0.4101'. [ 753.386286][T18826] netlink: 50 bytes leftover after parsing attributes in process `syz.6.4093'. [ 756.163922][T18879] zswap: compressor 000 not available [ 757.177255][T18902] zswap: compressor not available [ 757.273879][T18909] FAULT_INJECTION: forcing a failure. [ 757.273879][T18909] name failslab, interval 1, probability 393216, space 0, times 0 [ 757.482799][T18909] CPU: 1 UID: 0 PID: 18909 Comm: syz.6.4114 Tainted: G U syzkaller #0 PREEMPT(full) [ 757.482826][T18909] Tainted: [U]=USER [ 757.482831][T18909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 757.482840][T18909] Call Trace: [ 757.482844][T18909] [ 757.482850][T18909] dump_stack_lvl+0x16c/0x1f0 [ 757.482869][T18909] should_fail_ex+0x512/0x640 [ 757.482884][T18909] ? __kmalloc_cache_noprof+0x5f/0x800 [ 757.482904][T18909] should_failslab+0xc2/0x120 [ 757.482918][T18909] __kmalloc_cache_noprof+0x72/0x800 [ 757.482933][T18909] ? __might_fault+0xe3/0x190 [ 757.482950][T18909] ? __might_fault+0xe3/0x190 [ 757.482965][T18909] ? do_signalfd4+0x169/0x520 [ 757.482984][T18909] ? do_signalfd4+0x169/0x520 [ 757.483000][T18909] do_signalfd4+0x169/0x520 [ 757.483016][T18909] __x64_sys_signalfd+0x120/0x1a0 [ 757.483032][T18909] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 757.483054][T18909] do_syscall_64+0xcd/0xf80 [ 757.483069][T18909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.483082][T18909] RIP: 0033:0x7f40d6d8f7c9 [ 757.483094][T18909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.483107][T18909] RSP: 002b:00007f40d7c07038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 757.483120][T18909] RAX: ffffffffffffffda RBX: 00007f40d6fe5fa0 RCX: 00007f40d6d8f7c9 [ 757.483129][T18909] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 00000000ffffffff [ 757.483137][T18909] RBP: 00007f40d6e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 757.483145][T18909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 757.483152][T18909] R13: 00007f40d6fe6038 R14: 00007f40d6fe5fa0 R15: 00007fffd2c57a08 [ 757.483171][T18909] [ 758.722794][T18932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4120'. [ 759.319299][T18938] netlink: 50 bytes leftover after parsing attributes in process `syz.0.4122'. [ 759.865896][T18954] FAULT_INJECTION: forcing a failure. [ 759.865896][T18954] name failslab, interval 1, probability 393216, space 0, times 0 [ 759.880656][T18954] CPU: 0 UID: 0 PID: 18954 Comm: syz.4.4129 Tainted: G U syzkaller #0 PREEMPT(full) [ 759.880700][T18954] Tainted: [U]=USER [ 759.880708][T18954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 759.880725][T18954] Call Trace: [ 759.880733][T18954] [ 759.880743][T18954] dump_stack_lvl+0x16c/0x1f0 [ 759.880775][T18954] should_fail_ex+0x512/0x640 [ 759.880802][T18954] ? __kvmalloc_node_noprof+0x129/0xa50 [ 759.880843][T18954] should_failslab+0xc2/0x120 [ 759.880870][T18954] __kvmalloc_node_noprof+0x13c/0xa50 [ 759.880909][T18954] ? alloc_netdev_mqs+0xf8a/0x1550 [ 759.880949][T18954] ? alloc_netdev_mqs+0xf8a/0x1550 [ 759.880982][T18954] alloc_netdev_mqs+0xf8a/0x1550 [ 759.881025][T18954] slip_open+0x35c/0x1150 [ 759.881061][T18954] ? __pfx___might_resched+0x10/0x10 [ 759.881099][T18954] ? __pfx_n_tty_close+0x10/0x10 [ 759.881137][T18954] ? find_held_lock+0x2b/0x80 [ 759.881171][T18954] ? __pfx_slip_open+0x10/0x10 [ 759.881196][T18954] ? down_write+0x14d/0x200 [ 759.881227][T18954] ? __pfx_slip_open+0x10/0x10 [ 759.881254][T18954] tty_ldisc_open+0x9f/0x120 [ 759.881280][T18954] tty_set_ldisc+0x32b/0x780 [ 759.881312][T18954] tty_ioctl+0xc2d/0x1650 [ 759.881352][T18954] ? __pfx_tty_ioctl+0x10/0x10 [ 759.881396][T18954] ? find_held_lock+0x2b/0x80 [ 759.881430][T18954] ? hook_file_ioctl_common+0x144/0x410 [ 759.881463][T18954] ? __fget_files+0x20e/0x3c0 [ 759.881493][T18954] ? __pfx_tty_ioctl+0x10/0x10 [ 759.881525][T18954] __x64_sys_ioctl+0x18e/0x210 [ 759.881563][T18954] do_syscall_64+0xcd/0xf80 [ 759.881591][T18954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.881617][T18954] RIP: 0033:0x7f8b3a18f7c9 [ 759.881639][T18954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.881665][T18954] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 759.881688][T18954] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 759.881705][T18954] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000006 [ 759.881720][T18954] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 759.881735][T18954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.881749][T18954] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 759.881787][T18954] [ 760.515227][T18963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4131'. [ 760.542204][T18963] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4131'. [ 761.259781][T18979] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4136'. [ 761.322547][T18978] netlink: 'syz.6.4135': attribute type 16 has an invalid length. [ 761.406609][T18978] netlink: 226 bytes leftover after parsing attributes in process `syz.6.4135'. [ 761.561666][T18978] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4135'. [ 762.149797][ T30] audit: type=1800 audit(4295004216.030:21): pid=18988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.4140" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 762.734380][T19001] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4146'. [ 762.751148][T19001] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4146'. [ 762.806750][T19001] netlink: 290 bytes leftover after parsing attributes in process `syz.0.4146'. [ 765.320431][ T5852] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 766.091913][T19057] FAULT_INJECTION: forcing a failure. [ 766.091913][T19057] name fail_futex, interval 1, probability 0, space 0, times 0 [ 766.104794][T19057] CPU: 0 UID: 0 PID: 19057 Comm: syz.6.4162 Tainted: G U syzkaller #0 PREEMPT(full) [ 766.104835][T19057] Tainted: [U]=USER [ 766.104843][T19057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 766.104858][T19057] Call Trace: [ 766.104868][T19057] [ 766.104877][T19057] dump_stack_lvl+0x16c/0x1f0 [ 766.104907][T19057] should_fail_ex+0x512/0x640 [ 766.104940][T19057] should_fail_futex+0x4c/0x60 [ 766.104971][T19057] futex_lock_pi_atomic+0x127/0xc50 [ 766.105016][T19057] futex_lock_pi+0x23f/0x7c0 [ 766.105067][T19057] ? __pfx_futex_lock_pi+0x10/0x10 [ 766.105102][T19057] ? __futex_wait+0x24b/0x2f0 [ 766.105171][T19057] ? futex_private_hash_put+0x160/0x1b0 [ 766.105208][T19057] ? __pfx_futex_wake_mark+0x10/0x10 [ 766.105259][T19057] ? ksys_write+0x190/0x250 [ 766.105290][T19057] do_futex+0x11a/0x350 [ 766.105320][T19057] ? __pfx_do_futex+0x10/0x10 [ 766.105359][T19057] __x64_sys_futex+0x1e0/0x4c0 [ 766.105392][T19057] ? fput+0x70/0xf0 [ 766.105435][T19057] ? __pfx___x64_sys_futex+0x10/0x10 [ 766.105468][T19057] ? xfd_validate_state+0x61/0x180 [ 766.105506][T19057] ? __pfx_ksys_write+0x10/0x10 [ 766.105540][T19057] do_syscall_64+0xcd/0xf80 [ 766.105573][T19057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.105596][T19057] RIP: 0033:0x7f40d6d8f7c9 [ 766.105615][T19057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 766.105638][T19057] RSP: 002b:00007f40d7c07038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 766.105660][T19057] RAX: ffffffffffffffda RBX: 00007f40d6fe5fa0 RCX: 00007f40d6d8f7c9 [ 766.105674][T19057] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 766.105688][T19057] RBP: 00007f40d6e13f91 R08: 0000000000000000 R09: 000000008000fff5 [ 766.105701][T19057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 766.105715][T19057] R13: 00007f40d6fe6038 R14: 00007f40d6fe5fa0 R15: 00007fffd2c57a08 [ 766.105745][T19057] [ 767.507143][T19072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4167'. [ 767.550392][T19072] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4167'. [ 768.031131][T19074] sp0: Synchronizing with TNC [ 768.463730][ T5852] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 769.281191][T19103] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4174'. [ 770.879579][T19117] zswap: compressor not available [ 770.920907][T19122] FAULT_INJECTION: forcing a failure. [ 770.920907][T19122] name failslab, interval 1, probability 393216, space 0, times 0 [ 771.001042][T19122] CPU: 0 UID: 0 PID: 19122 Comm: syz.4.4179 Tainted: G U syzkaller #0 PREEMPT(full) [ 771.001088][T19122] Tainted: [U]=USER [ 771.001099][T19122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 771.001115][T19122] Call Trace: [ 771.001124][T19122] [ 771.001135][T19122] dump_stack_lvl+0x16c/0x1f0 [ 771.001167][T19122] should_fail_ex+0x512/0x640 [ 771.001194][T19122] ? __kmalloc_cache_node_noprof+0x62/0x820 [ 771.001238][T19122] should_failslab+0xc2/0x120 [ 771.001265][T19122] __kmalloc_cache_node_noprof+0x75/0x820 [ 771.001300][T19122] ? __alloc_workqueue+0xcda/0x1810 [ 771.001323][T19122] ? init_rescuer+0x19d/0x590 [ 771.001358][T19122] ? init_rescuer+0x19d/0x590 [ 771.001384][T19122] init_rescuer+0x19d/0x590 [ 771.001412][T19122] ? __pfx_init_rescuer+0x10/0x10 [ 771.001450][T19122] ? wq_adjust_max_active+0x39d/0x4a0 [ 771.001482][T19122] __alloc_workqueue+0xda1/0x1810 [ 771.001518][T19122] alloc_workqueue_noprof+0xd2/0x200 [ 771.001543][T19122] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 771.001589][T19122] nci_register_device+0x394/0xb80 [ 771.001625][T19122] ? __pfx_nci_register_device+0x10/0x10 [ 771.001664][T19122] ? lockdep_init_map_type+0x5c/0x270 [ 771.001701][T19122] virtual_ncidev_open+0x141/0x220 [ 771.001732][T19122] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 771.001761][T19122] misc_open+0x26d/0x450 [ 771.001789][T19122] ? __pfx_misc_open+0x10/0x10 [ 771.001815][T19122] chrdev_open+0x234/0x6a0 [ 771.001841][T19122] ? __pfx_apparmor_file_open+0x10/0x10 [ 771.001886][T19122] ? __pfx_chrdev_open+0x10/0x10 [ 771.001916][T19122] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 771.001954][T19122] do_dentry_open+0x748/0x1590 [ 771.001978][T19122] ? __pfx_chrdev_open+0x10/0x10 [ 771.002016][T19122] vfs_open+0x82/0x3f0 [ 771.002061][T19122] path_openat+0x2078/0x3140 [ 771.002102][T19122] ? __pfx_path_openat+0x10/0x10 [ 771.002142][T19122] do_filp_open+0x20b/0x470 [ 771.002169][T19122] ? __pfx_do_filp_open+0x10/0x10 [ 771.002224][T19122] ? alloc_fd+0x471/0x7d0 [ 771.002258][T19122] do_sys_openat2+0x11f/0x280 [ 771.002289][T19122] ? __pfx_do_sys_openat2+0x10/0x10 [ 771.002323][T19122] ? __fput+0x68d/0xb70 [ 771.002360][T19122] __x64_sys_openat+0x174/0x210 [ 771.002393][T19122] ? __pfx___x64_sys_openat+0x10/0x10 [ 771.002441][T19122] do_syscall_64+0xcd/0xf80 [ 771.002469][T19122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.002494][T19122] RIP: 0033:0x7f8b3a18f7c9 [ 771.002516][T19122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.002540][T19122] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 771.002565][T19122] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 771.002583][T19122] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 771.002600][T19122] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 771.002617][T19122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.002633][T19122] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 771.002671][T19122] [ 771.002972][T19122] workqueue: Failed to allocate a rescuer for wq "nfc2_nci_rx_wq" [ 771.413608][T19129] ICMPv6: process `syz.4.4179' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 771.470633][T19130] [U] [ 771.473486][T19130] [U] [ 771.476201][T19130] [U] [ 771.478934][T19130] [U] [ 771.482675][T19130] [U] [ 771.485433][T19130] [U] [ 771.488197][T19130] [U] [ 771.490919][T19130] [U] [ 771.536404][T19130] [U] [ 771.539168][T19130] [U] [ 771.541906][T19130] [U] [ 771.544615][T19130] [U] [ 771.695760][T19130] [U] [ 771.698605][T19130] [U] [ 771.701327][T19130] [U] [ 771.704049][T19130] [U] [ 771.717881][T19130] [U] [ 771.720636][T19130] [U] [ 771.723342][T19130] [U] [ 771.726052][T19130] [U] [ 771.844755][T19124] [U] [ 772.215543][T19139] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4182'. [ 772.231327][T19139] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4182'. [ 772.547256][T19149] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4185'. [ 772.690782][T19153] binder: 19152:19153 ioctl c0306201 0 returned -14 [ 772.940393][T19160] random: crng reseeded on system resumption [ 773.718648][T19172] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4192'. [ 773.773167][T19172] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4192'. [ 775.321698][T19197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4201'. [ 775.369721][T19197] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4201'. [ 776.156592][T19211] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4207'. [ 776.463144][T19220] netlink: 'syz.6.4206': attribute type 1 has an invalid length. [ 777.226059][T19232] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4211'. [ 777.246321][T19230] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4212'. [ 781.194111][ T5852] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 782.125862][T19311] netlink: 'syz.2.4234': attribute type 10 has an invalid length. [ 782.157478][T19311] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4234'. [ 782.443627][T19319] FAULT_INJECTION: forcing a failure. [ 782.443627][T19319] name failslab, interval 1, probability 393216, space 0, times 0 [ 782.566711][T19319] CPU: 1 UID: 0 PID: 19319 Comm: syz.6.4244 Tainted: G U syzkaller #0 PREEMPT(full) [ 782.566753][T19319] Tainted: [U]=USER [ 782.566762][T19319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 782.566777][T19319] Call Trace: [ 782.566786][T19319] [ 782.566796][T19319] dump_stack_lvl+0x16c/0x1f0 [ 782.566827][T19319] should_fail_ex+0x512/0x640 [ 782.566850][T19319] ? __kvmalloc_node_noprof+0x129/0xa50 [ 782.566892][T19319] should_failslab+0xc2/0x120 [ 782.566920][T19319] __kvmalloc_node_noprof+0x13c/0xa50 [ 782.566968][T19319] ? io_alloc_cache_init+0x38/0x170 [ 782.567009][T19319] ? io_alloc_cache_init+0x38/0x170 [ 782.567042][T19319] ? __init_waitqueue_head+0xca/0x150 [ 782.567070][T19319] io_alloc_cache_init+0x38/0x170 [ 782.567105][T19319] io_uring_setup+0x578/0x1f60 [ 782.567137][T19319] ? __pfx_io_uring_setup+0x10/0x10 [ 782.567167][T19319] ? do_futex+0x122/0x350 [ 782.567197][T19319] ? __pfx_do_futex+0x10/0x10 [ 782.567245][T19319] ? xfd_validate_state+0x61/0x180 [ 782.567280][T19319] ? __pfx_do_writev+0x10/0x10 [ 782.567323][T19319] __x64_sys_io_uring_setup+0xc2/0x170 [ 782.567356][T19319] do_syscall_64+0xcd/0xf80 [ 782.567383][T19319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.567407][T19319] RIP: 0033:0x7f40d6d8f7c9 [ 782.567428][T19319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 782.567451][T19319] RSP: 002b:00007f40d7be6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 782.567473][T19319] RAX: ffffffffffffffda RBX: 00007f40d6fe6090 RCX: 00007f40d6d8f7c9 [ 782.567491][T19319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 782.567505][T19319] RBP: 00007f40d6e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 782.567519][T19319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 782.567534][T19319] R13: 00007f40d6fe6128 R14: 00007f40d6fe6090 R15: 00007fffd2c57a08 [ 782.567570][T19319] [ 783.086640][T19326] ICMPv6: process `syz.4.4238' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 783.266524][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 783.829204][T19330] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4239'. [ 784.089051][T19337] FAULT_INJECTION: forcing a failure. [ 784.089051][T19337] name fail_futex, interval 1, probability 0, space 0, times 0 [ 784.199332][T19337] CPU: 0 UID: 0 PID: 19337 Comm: syz.4.4241 Tainted: G U syzkaller #0 PREEMPT(full) [ 784.199374][T19337] Tainted: [U]=USER [ 784.199385][T19337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 784.199400][T19337] Call Trace: [ 784.199408][T19337] [ 784.199418][T19337] dump_stack_lvl+0x16c/0x1f0 [ 784.199449][T19337] should_fail_ex+0x512/0x640 [ 784.199481][T19337] get_futex_key+0x1d0/0x15f0 [ 784.199516][T19337] ? look_up_user_keyrings+0x351/0x790 [ 784.199540][T19337] ? __pfx_get_futex_key+0x10/0x10 [ 784.199570][T19337] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 784.199606][T19337] futex_wake+0xea/0x530 [ 784.199645][T19337] ? lookup_user_key+0x2ce/0x1300 [ 784.199670][T19337] ? __pfx_futex_wake+0x10/0x10 [ 784.199729][T19337] do_futex+0x1e3/0x350 [ 784.199761][T19337] ? __pfx_do_futex+0x10/0x10 [ 784.199795][T19337] ? _copy_to_user+0x48/0xd0 [ 784.199823][T19337] __x64_sys_futex+0x1e0/0x4c0 [ 784.199858][T19337] ? __pfx___x64_sys_futex+0x10/0x10 [ 784.199888][T19337] ? xfd_validate_state+0x61/0x180 [ 784.199938][T19337] do_syscall_64+0xcd/0xf80 [ 784.199963][T19337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.199987][T19337] RIP: 0033:0x7f8b3a18f7c9 [ 784.200008][T19337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.200032][T19337] RSP: 002b:00007f8b383d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 784.200056][T19337] RAX: ffffffffffffffda RBX: 00007f8b3a3e6098 RCX: 00007f8b3a18f7c9 [ 784.200073][T19337] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8b3a3e609c [ 784.200088][T19337] RBP: 00007f8b3a3e6090 R08: 00007f8b3af2e000 R09: 0000000000000000 [ 784.200103][T19337] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 784.200118][T19337] R13: 00007f8b3a3e6128 R14: 00007ffe1f047c50 R15: 00007ffe1f047d38 [ 784.200153][T19337] [ 784.885945][T19355] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(7) [ 784.944459][T19355] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 785.346869][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 786.720737][T19379] netlink: 246 bytes leftover after parsing attributes in process `syz.0.4255'. [ 786.968597][T19383] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4256'. [ 787.855703][T19395] ubi1: attaching mtd1 [ 787.867399][T19395] ubi1: scanning is finished [ 787.903559][T19395] ubi1 error: ubi_read_volume_table: LEB size too small for a volume record [ 788.224652][T19395] ubi1 error: ubi_attach_mtd_dev: failed to attach mtd1, error -22 [ 788.512273][T19402] zswap: compressor not available [ 788.859356][T13294] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 788.859391][T13294] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 788.875070][T13294] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 788.875141][T13294] Bluetooth: hci4: adv larger than maximum supported [ 788.883105][T13294] Bluetooth: hci4: adv larger than maximum supported [ 788.890039][T13294] Bluetooth: hci4: Malformed LE Event: 0x0d [ 789.044038][T19416] netlink: 'syz.0.4266': attribute type 1 has an invalid length. [ 790.407818][T19430] FAULT_INJECTION: forcing a failure. [ 790.407818][T19430] name failslab, interval 1, probability 393216, space 0, times 0 [ 790.428684][T19430] CPU: 0 UID: 0 PID: 19430 Comm: syz.6.4270 Tainted: G U syzkaller #0 PREEMPT(full) [ 790.428726][T19430] Tainted: [U]=USER [ 790.428734][T19430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 790.428750][T19430] Call Trace: [ 790.428759][T19430] [ 790.428768][T19430] dump_stack_lvl+0x16c/0x1f0 [ 790.428799][T19430] should_fail_ex+0x512/0x640 [ 790.428824][T19430] ? __kmalloc_cache_noprof+0x5f/0x800 [ 790.428861][T19430] should_failslab+0xc2/0x120 [ 790.428887][T19430] __kmalloc_cache_noprof+0x72/0x800 [ 790.428915][T19430] ? rcu_is_watching+0x12/0xc0 [ 790.428950][T19430] ? single_open+0x4d/0x1f0 [ 790.428987][T19430] ? __pfx_proc_dma_show+0x10/0x10 [ 790.429021][T19430] ? single_open+0x4d/0x1f0 [ 790.429051][T19430] single_open+0x4d/0x1f0 [ 790.429082][T19430] ? __pfx_proc_single_open+0x10/0x10 [ 790.429117][T19430] proc_reg_open+0x2ab/0x5f0 [ 790.429150][T19430] do_dentry_open+0x748/0x1590 [ 790.429171][T19430] ? __pfx_proc_reg_open+0x10/0x10 [ 790.429214][T19430] vfs_open+0x82/0x3f0 [ 790.429249][T19430] path_openat+0x2078/0x3140 [ 790.429286][T19430] ? __pfx_path_openat+0x10/0x10 [ 790.429326][T19430] do_filp_open+0x20b/0x470 [ 790.429362][T19430] ? __pfx_do_filp_open+0x10/0x10 [ 790.429423][T19430] ? alloc_fd+0x471/0x7d0 [ 790.429457][T19430] do_sys_openat2+0x11f/0x280 [ 790.429490][T19430] ? __pfx_do_sys_openat2+0x10/0x10 [ 790.429537][T19430] __x64_sys_openat+0x174/0x210 [ 790.429575][T19430] ? __pfx___x64_sys_openat+0x10/0x10 [ 790.429610][T19430] ? syscall_user_dispatch+0x78/0x140 [ 790.429655][T19430] do_syscall_64+0xcd/0xf80 [ 790.429681][T19430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.429705][T19430] RIP: 0033:0x7f40d6d8f7c9 [ 790.429725][T19430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 790.429746][T19430] RSP: 002b:00007f40d7c07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 790.429770][T19430] RAX: ffffffffffffffda RBX: 00007f40d6fe5fa0 RCX: 00007f40d6d8f7c9 [ 790.429787][T19430] RDX: 0000000000008340 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 790.429804][T19430] RBP: 00007f40d6e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 790.429820][T19430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.429834][T19430] R13: 00007f40d6fe6038 R14: 00007f40d6fe5fa0 R15: 00007fffd2c57a08 [ 790.429871][T19430] [ 792.228314][T19438] zswap: compressor not available [ 792.313148][T19447] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4275'. [ 792.346972][T19447] ipvlan1: entered allmulticast mode [ 792.369193][T19447] veth0_vlan: entered allmulticast mode [ 794.731314][T19478] ICMPv6: process `syz.6.4283' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 795.244805][T19483] mkiss: ax0: crc mode is auto. [ 796.023100][T19498] FAULT_INJECTION: forcing a failure. [ 796.023100][T19498] name failslab, interval 1, probability 393216, space 0, times 0 [ 796.093171][T19498] CPU: 1 UID: 0 PID: 19498 Comm: syz.4.4291 Tainted: G U syzkaller #0 PREEMPT(full) [ 796.093209][T19498] Tainted: [U]=USER [ 796.093217][T19498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 796.093231][T19498] Call Trace: [ 796.093238][T19498] [ 796.093249][T19498] dump_stack_lvl+0x16c/0x1f0 [ 796.093279][T19498] should_fail_ex+0x512/0x640 [ 796.093304][T19498] ? kmem_cache_alloc_node_noprof+0x65/0x7f0 [ 796.093341][T19498] should_failslab+0xc2/0x120 [ 796.093365][T19498] kmem_cache_alloc_node_noprof+0x78/0x7f0 [ 796.093396][T19498] ? __alloc_skb+0x156/0x410 [ 796.093429][T19498] ? __alloc_skb+0x156/0x410 [ 796.093451][T19498] __alloc_skb+0x156/0x410 [ 796.093474][T19498] ? __alloc_skb+0x35d/0x410 [ 796.093500][T19498] ? __pfx___alloc_skb+0x10/0x10 [ 796.093525][T19498] ? skb_page_frag_refill+0x11b/0x350 [ 796.093564][T19498] ? sk_page_frag_refill+0x6c/0x340 [ 796.093599][T19498] kcm_sendmsg+0x611/0x2ca0 [ 796.093654][T19498] ? __pfx_kcm_sendmsg+0x10/0x10 [ 796.093691][T19498] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 796.093736][T19498] sock_sendmsg+0x3cc/0x470 [ 796.093771][T19498] ? ktime_get_coarse_real_ts64_mg+0x240/0x300 [ 796.093805][T19498] ? __pfx_sock_sendmsg+0x10/0x10 [ 796.093864][T19498] splice_to_socket+0xaf4/0x1110 [ 796.093908][T19498] ? __pfx_splice_to_socket+0x10/0x10 [ 796.093979][T19498] ? lockdep_init_map_type+0x5c/0x270 [ 796.094009][T19498] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 796.094046][T19498] ? __pfx_splice_to_socket+0x10/0x10 [ 796.094073][T19498] direct_splice_actor+0x192/0x6c0 [ 796.094100][T19498] splice_direct_to_actor+0x345/0xa30 [ 796.094127][T19498] ? __pfx_direct_splice_actor+0x10/0x10 [ 796.094159][T19498] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 796.094187][T19498] ? futex_private_hash_put+0x160/0x1b0 [ 796.094221][T19498] do_splice_direct+0x174/0x240 [ 796.094246][T19498] ? __pfx_do_splice_direct+0x10/0x10 [ 796.094270][T19498] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 796.094311][T19498] ? bpf_lsm_file_permission+0x9/0x10 [ 796.094343][T19498] ? security_file_permission+0x71/0x210 [ 796.094370][T19498] ? rw_verify_area+0xcf/0x6c0 [ 796.094409][T19498] do_sendfile+0xb06/0xe50 [ 796.094453][T19498] ? __pfx_do_sendfile+0x10/0x10 [ 796.094494][T19498] ? __x64_sys_futex+0x1e0/0x4c0 [ 796.094521][T19498] ? __x64_sys_futex+0x1e9/0x4c0 [ 796.094556][T19498] __x64_sys_sendfile64+0x1d8/0x220 [ 796.094593][T19498] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 796.094633][T19498] do_syscall_64+0xcd/0xf80 [ 796.094661][T19498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.094685][T19498] RIP: 0033:0x7f8b3a18f7c9 [ 796.094704][T19498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.094726][T19498] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 796.094750][T19498] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 796.094766][T19498] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 796.094780][T19498] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 796.094795][T19498] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 796.094810][T19498] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 796.094847][T19498] [ 797.273135][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802a591000: rx timeout, send abort [ 797.780375][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802a591000: abort rx timeout. Force session deactivation [ 798.345396][T19527] input: jJǸ-9%vJ86 as /devices/virtual/input/input25 [ 798.351456][T19527] usb usb24: usbfs: process 19527 (syz.4.4299) did not claim interface 0 before use [ 799.848470][T19536] dyndbg: expected <4096 bytes into control [ 799.945640][T19541] dyndbg: bad flag-op /, at start of /%*^[ [ 800.039235][T19541] dyndbg: flags parse failed [ 800.610081][T19558] sd 0:0:1:0: PR command failed: 1026 [ 800.615569][T19558] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 800.629001][T19550] ubi: mtd0 is already attached to ubi0 [ 800.636996][T19551] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 800.649426][T19558] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 800.831335][T19551] File: /dev/nullb0 PID: 19551 Comm: syz.0.4305 [ 801.007706][T13294] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 801.007748][T13294] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 801.030775][T13294] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 801.030848][T13294] Bluetooth: hci2: adv larger than maximum supported [ 801.041847][T13294] Bluetooth: hci2: adv larger than maximum supported [ 801.048675][T13294] Bluetooth: hci2: Malformed LE Event: 0x0d [ 802.516952][T19572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4313'. [ 802.535876][T19572] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4313'. [ 804.406698][T19602] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4322'. [ 804.916768][T19609] netlink: 'syz.6.4324': attribute type 4 has an invalid length. [ 805.003525][T19609] netlink: 'syz.6.4324': attribute type 5 has an invalid length. [ 805.025558][T19609] netlink: 10 bytes leftover after parsing attributes in process `syz.6.4324'. [ 808.177650][T19645] FAULT_INJECTION: forcing a failure. [ 808.177650][T19645] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 808.197874][T19645] CPU: 1 UID: 0 PID: 19645 Comm: syz.4.4335 Tainted: G U syzkaller #0 PREEMPT(full) [ 808.197919][T19645] Tainted: [U]=USER [ 808.197929][T19645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 808.197945][T19645] Call Trace: [ 808.197954][T19645] [ 808.197964][T19645] dump_stack_lvl+0x16c/0x1f0 [ 808.197996][T19645] should_fail_ex+0x512/0x640 [ 808.198030][T19645] should_fail_alloc_page+0xe7/0x130 [ 808.198062][T19645] prepare_alloc_pages+0x3c2/0x610 [ 808.198096][T19645] __alloc_frozen_pages_noprof+0x18b/0x2440 [ 808.198151][T19645] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 808.198190][T19645] ? validate_mm+0x403/0x560 [ 808.198226][T19645] ? __pfx_validate_mm+0x10/0x10 [ 808.198265][T19645] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 808.198308][T19645] ? policy_nodemask+0xea/0x4e0 [ 808.198338][T19645] alloc_pages_mpol+0x1fb/0x550 [ 808.198366][T19645] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 808.198396][T19645] ? pgd_none+0x9f/0xe0 [ 808.198429][T19645] alloc_pages_noprof+0x12d/0x180 [ 808.198457][T19645] __pmd_alloc+0x3b/0x8b0 [ 808.198501][T19645] move_page_tables+0x30b7/0x4230 [ 808.198543][T19645] ? __pfx_copy_vma+0x10/0x10 [ 808.198575][T19645] ? __lock_acquire+0x433/0x22f0 [ 808.198612][T19645] ? __pfx_move_page_tables+0x10/0x10 [ 808.198646][T19645] ? register_lock_class+0x41/0x4b0 [ 808.198694][T19645] ? lock_acquire+0x179/0x330 [ 808.198723][T19645] ? find_held_lock+0x2b/0x80 [ 808.198765][T19645] copy_vma_and_data+0x24e/0x790 [ 808.198803][T19645] ? __pfx_copy_vma_and_data+0x10/0x10 [ 808.198844][T19645] ? __vma_enter_locked+0x163/0x3f0 [ 808.198876][T19645] ? find_held_lock+0x2b/0x80 [ 808.198914][T19645] ? move_vma+0x52e/0x1770 [ 808.198953][T19645] move_vma+0x540/0x1770 [ 808.198993][T19645] ? __pfx_move_vma+0x10/0x10 [ 808.199029][T19645] ? shmem_get_unmapped_area+0x170/0xa00 [ 808.199059][T19645] ? cap_mmap_addr+0x4b/0x120 [ 808.199095][T19645] ? bpf_lsm_mmap_addr+0x9/0x10 [ 808.199127][T19645] ? security_mmap_addr+0x6c/0x1e0 [ 808.199155][T19645] ? __get_unmapped_area+0x267/0x440 [ 808.199198][T19645] ? vrm_set_new_addr+0x208/0x290 [ 808.199233][T19645] mremap_to+0x1b7/0x450 [ 808.199267][T19645] do_mremap+0xd89/0x2020 [ 808.199301][T19645] ? futex_private_hash_put+0x160/0x1b0 [ 808.199336][T19645] ? futex_wait+0x120/0x380 [ 808.199372][T19645] ? __pfx_futex_wait+0x10/0x10 [ 808.199409][T19645] ? __pfx_do_mremap+0x10/0x10 [ 808.199446][T19645] ? percpu_counter_add_batch+0xca/0x200 [ 808.199494][T19645] ? errseq_sample+0x53/0x70 [ 808.199534][T19645] __do_sys_mremap+0x119/0x170 [ 808.199567][T19645] ? __pfx___do_sys_mremap+0x10/0x10 [ 808.199600][T19645] ? __x64_sys_setitimer+0x254/0x370 [ 808.199639][T19645] ? __x64_sys_futex+0x1e0/0x4c0 [ 808.199695][T19645] do_syscall_64+0xcd/0xf80 [ 808.199724][T19645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.199751][T19645] RIP: 0033:0x7f8b3a18f7c9 [ 808.199772][T19645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 808.199797][T19645] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 808.199823][T19645] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 808.199841][T19645] RDX: 0000000000013fd7 RSI: 0000000000000004 RDI: 0000000000004000 [ 808.199857][T19645] RBP: 00007f8b3a213f91 R08: 00000000fffff000 R09: 0000000000000000 [ 808.199874][T19645] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 808.199890][T19645] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 808.199929][T19645] [ 808.706747][T19649] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4336'. [ 808.957632][T19647] random: crng reseeded on system resumption [ 808.973924][T19649] vxcan1: entered promiscuous mode [ 809.039242][T13294] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 809.200136][T19597] delete_channel: no stack [ 810.428814][T19665] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4349'. [ 810.899305][T19669] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4343'. [ 811.721362][T19685] capability: warning: `syz.4.4346' uses deprecated v2 capabilities in a way that may be insecure [ 812.107314][T19688] netlink: 'syz.0.4348': attribute type 29 has an invalid length. [ 812.115741][T19688] netlink: 'syz.0.4348': attribute type 30 has an invalid length. [ 812.156250][T19688] netlink: 'syz.0.4348': attribute type 31 has an invalid length. [ 812.206082][T19688] netlink: 'syz.0.4348': attribute type 32 has an invalid length. [ 812.240831][T19688] netlink: 'syz.0.4348': attribute type 33 has an invalid length. [ 812.324018][T19688] netlink: 'syz.0.4348': attribute type 35 has an invalid length. [ 812.405605][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 812.411983][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.437115][T19688] netlink: 'syz.0.4348': attribute type 37 has an invalid length. [ 812.517080][T19688] netlink: 18 bytes leftover after parsing attributes in process `syz.0.4348'. [ 813.184832][T19702] netlink: 29 bytes leftover after parsing attributes in process `syz.4.4355'. [ 813.349578][T13294] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 814.714996][T19722] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 815.695149][T19729] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 817.506313][T19745] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4368'. [ 820.261191][T19789] netlink: 25 bytes leftover after parsing attributes in process `syz.6.4380'. [ 820.511295][T19798] netlink: 326 bytes leftover after parsing attributes in process `syz.6.4383'. [ 821.280721][T19814] bond0: option all_slaves_active: invalid value () [ 821.520053][T19802] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 821.526269][T19802] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 821.545692][T19802] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 821.564073][T19802] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 822.350194][T19836] hub 1-0:1.0: USB hub found [ 822.357260][T19836] hub 1-0:1.0: 1 port detected [ 823.139222][T13294] Bluetooth: hci0: command 0x0c1a tx timeout [ 823.537055][T13294] Bluetooth: hci2: command 0x0406 tx timeout [ 823.543102][T13294] Bluetooth: hci1: command 0x0c1a tx timeout [ 823.616661][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout [ 823.790955][T19856] FAULT_INJECTION: forcing a failure. [ 823.790955][T19856] name failslab, interval 1, probability 393216, space 0, times 0 [ 823.847704][T19856] CPU: 1 UID: 0 PID: 19856 Comm: syz.6.4398 Tainted: G U syzkaller #0 PREEMPT(full) [ 823.847749][T19856] Tainted: [U]=USER [ 823.847758][T19856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 823.847774][T19856] Call Trace: [ 823.847783][T19856] [ 823.847793][T19856] dump_stack_lvl+0x16c/0x1f0 [ 823.847824][T19856] should_fail_ex+0x512/0x640 [ 823.847852][T19856] ? kmem_cache_alloc_lru_noprof+0x66/0x760 [ 823.847890][T19856] should_failslab+0xc2/0x120 [ 823.847917][T19856] kmem_cache_alloc_lru_noprof+0x79/0x760 [ 823.847965][T19856] ? __d_alloc+0x35/0xa80 [ 823.847998][T19856] ? __pfx_proc_fill_super+0x10/0x10 [ 823.848035][T19856] ? __d_alloc+0x35/0xa80 [ 823.848058][T19856] __d_alloc+0x35/0xa80 [ 823.848087][T19856] ? __pfx_proc_fill_super+0x10/0x10 [ 823.848124][T19856] d_alloc+0x4a/0x1e0 [ 823.848151][T19856] ? __pfx_proc_fill_super+0x10/0x10 [ 823.848186][T19856] d_alloc_name+0x83/0xb0 [ 823.848211][T19856] ? __pfx_d_alloc_name+0x10/0x10 [ 823.848241][T19856] ? do_raw_spin_unlock+0x172/0x230 [ 823.848276][T19856] proc_setup_self+0xbf/0x2e0 [ 823.848310][T19856] ? __pfx_proc_fill_super+0x10/0x10 [ 823.848346][T19856] proc_fill_super+0x3cc/0x540 [ 823.848384][T19856] get_tree_nodev+0xdd/0x190 [ 823.848426][T19856] vfs_get_tree+0x8e/0x330 [ 823.848459][T19856] vfs_cmd_create+0xd7/0x2a0 [ 823.848493][T19856] __do_sys_fsconfig+0x7b8/0xbe0 [ 823.848530][T19856] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 823.848580][T19856] do_syscall_64+0xcd/0xf80 [ 823.848609][T19856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.848635][T19856] RIP: 0033:0x7f40d6d8f7c9 [ 823.848662][T19856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.848686][T19856] RSP: 002b:00007f40d7c07038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 823.848711][T19856] RAX: ffffffffffffffda RBX: 00007f40d6fe5fa0 RCX: 00007f40d6d8f7c9 [ 823.848729][T19856] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 823.848744][T19856] RBP: 00007f40d6e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 823.848759][T19856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 823.848774][T19856] R13: 00007f40d6fe6038 R14: 00007f40d6fe5fa0 R15: 00007fffd2c57a08 [ 823.848811][T19856] [ 824.083695][ C1] vkms_vblank_simulate: vblank timer overrun [ 824.131016][T19856] proc_fill_super: can't allocate /proc/self [ 825.313416][T19869] bond0: option all_slaves_active: invalid value () [ 825.491632][T19873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4402'. [ 826.556304][T19888] netlink: 252 bytes leftover after parsing attributes in process `syz.6.4407'. [ 826.623712][T19888] netlink: 252 bytes leftover after parsing attributes in process `syz.6.4407'. [ 827.032861][ T5852] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 827.895886][T19922] hub 1-0:1.0: USB hub found [ 827.937230][T19922] hub 1-0:1.0: 1 port detected [ 828.147866][T19923] bond0: option all_slaves_active: invalid value () [ 831.763401][T19992] hub 1-0:1.0: USB hub found [ 831.815280][T19992] hub 1-0:1.0: 1 port detected [ 833.162311][T20014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4440'. [ 834.675231][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 834.720582][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 834.749532][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 834.789816][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 834.793402][T20035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4447'. [ 834.828111][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 834.828518][T20035] netlink: 'syz.4.4447': attribute type 1 has an invalid length. [ 834.868241][T20035] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4447'. [ 834.869781][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 834.980067][T20030] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4445'. [ 835.111079][T20041] hub 1-0:1.0: USB hub found [ 835.130857][T20041] hub 1-0:1.0: 1 port detected [ 835.584997][ T5852] Bluetooth: hci4: unexpected event 0x20 length: 123 > 7 [ 835.880914][T20052] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 838.586671][T20101] __nla_validate_parse: 31 callbacks suppressed [ 838.586687][T20101] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4465'. [ 840.172768][T20142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4473'. [ 840.262809][T20142] netlink: 354 bytes leftover after parsing attributes in process `syz.4.4473'. [ 840.623162][T20154] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4476'. [ 846.562896][T20237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4497'. [ 846.582777][T20237] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4497'. [ 847.526427][T20251] FAULT_INJECTION: forcing a failure. [ 847.526427][T20251] name failslab, interval 1, probability 393216, space 0, times 0 [ 847.552424][T20251] CPU: 1 UID: 0 PID: 20251 Comm: syz.4.4500 Tainted: G U syzkaller #0 PREEMPT(full) [ 847.552451][T20251] Tainted: [U]=USER [ 847.552455][T20251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 847.552464][T20251] Call Trace: [ 847.552470][T20251] [ 847.552476][T20251] dump_stack_lvl+0x16c/0x1f0 [ 847.552496][T20251] should_fail_ex+0x512/0x640 [ 847.552511][T20251] ? __kmalloc_cache_noprof+0x5f/0x800 [ 847.552531][T20251] should_failslab+0xc2/0x120 [ 847.552547][T20251] __kmalloc_cache_noprof+0x72/0x800 [ 847.552564][T20251] ? kvm_set_irq_routing+0x24f/0x970 [ 847.552580][T20251] ? kvm_set_irq_routing+0x24f/0x970 [ 847.552592][T20251] kvm_set_irq_routing+0x24f/0x970 [ 847.552609][T20251] kvm_arch_vm_ioctl+0x934/0x18b0 [ 847.552627][T20251] ? find_held_lock+0x2b/0x80 [ 847.552647][T20251] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 847.552667][T20251] ? __lock_acquire+0x433/0x22f0 [ 847.552683][T20251] ? __lock_acquire+0x433/0x22f0 [ 847.552706][T20251] ? __lock_acquire+0x433/0x22f0 [ 847.552723][T20251] ? __lock_acquire+0x433/0x22f0 [ 847.552751][T20251] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 847.552766][T20251] ? is_bpf_text_address+0x94/0x1a0 [ 847.552786][T20251] ? kernel_text_address+0x8d/0x100 [ 847.552803][T20251] ? __kernel_text_address+0xd/0x40 [ 847.552818][T20251] ? unwind_get_return_address+0x59/0xa0 [ 847.552835][T20251] ? arch_stack_walk+0xa6/0x100 [ 847.552858][T20251] ? stack_trace_save+0x8e/0xc0 [ 847.552879][T20251] ? __pfx_stack_trace_save+0x10/0x10 [ 847.552899][T20251] ? kasan_save_track+0x14/0x30 [ 847.552921][T20251] ? stack_depot_save_flags+0x29/0x9b0 [ 847.552939][T20251] ? kasan_save_stack+0x42/0x60 [ 847.552959][T20251] ? kasan_save_stack+0x33/0x60 [ 847.552978][T20251] ? kasan_save_track+0x14/0x30 [ 847.552995][T20251] ? __kasan_save_free_info+0x3b/0x60 [ 847.553012][T20251] ? __kasan_slab_free+0x5f/0x80 [ 847.553023][T20251] ? kfree+0x2f8/0x6e0 [ 847.553036][T20251] ? tomoyo_path_number_perm+0x470/0x580 [ 847.553049][T20251] ? security_file_ioctl+0x9b/0x240 [ 847.553062][T20251] ? __x64_sys_ioctl+0xb7/0x210 [ 847.553082][T20251] kvm_vm_ioctl+0x1a91/0x3fa0 [ 847.553105][T20251] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 847.553131][T20251] ? kasan_quarantine_put+0x10a/0x240 [ 847.553150][T20251] ? lockdep_hardirqs_on+0x7c/0x110 [ 847.553167][T20251] ? find_held_lock+0x2b/0x80 [ 847.553186][T20251] ? tomoyo_path_number_perm+0x295/0x580 [ 847.553202][T20251] ? tomoyo_path_number_perm+0x18d/0x580 [ 847.553217][T20251] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 847.553236][T20251] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 847.553260][T20251] ? do_vfs_ioctl+0x128/0x14f0 [ 847.553279][T20251] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 847.553302][T20251] ? find_held_lock+0x2b/0x80 [ 847.553319][T20251] ? hook_file_ioctl_common+0x144/0x410 [ 847.553337][T20251] ? __fget_files+0x20e/0x3c0 [ 847.553352][T20251] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 847.553368][T20251] __x64_sys_ioctl+0x18e/0x210 [ 847.553387][T20251] do_syscall_64+0xcd/0xf80 [ 847.553402][T20251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.553416][T20251] RIP: 0033:0x7f8b3a18f7c9 [ 847.553428][T20251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 847.553441][T20251] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 847.553455][T20251] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 847.553465][T20251] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 847.553474][T20251] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 847.553482][T20251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 847.553490][T20251] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 847.553510][T20251] [ 849.552370][T20274] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4507'. [ 850.777966][ T921] Process accounting resumed [ 850.924582][T20283] cougar: G6 mapped to space [ 851.732494][T20300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4515'. [ 851.785230][T20300] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4515'. [ 852.817486][T20322] netlink: 246 bytes leftover after parsing attributes in process `syz.0.4521'. [ 853.076622][T20331] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4524'. [ 856.558384][T20382] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.4540'. [ 857.482726][ C1] sd 0:0:1:0: [sda] tag#3755 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 857.493286][ C1] sd 0:0:1:0: [sda] tag#3755 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 859.533228][ T30] audit: type=1800 audit(4295004313.916:22): pid=20412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4549" name="dbroot" dev="configfs" ino=180537 res=0 errno=0 [ 862.382172][T20446] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4557'. [ 864.020645][T20475] random: crng reseeded on system resumption [ 866.017107][T20508] netlink: 206 bytes leftover after parsing attributes in process `syz.4.4572'. [ 866.261023][T20356] delete_channel: no stack [ 871.101511][T20554] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4582'. [ 873.523885][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 873.531171][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.607960][T20584] netlink: 'syz.0.4590': attribute type 1 has an invalid length. [ 873.615726][T20584] netlink: 17 bytes leftover after parsing attributes in process `syz.0.4590'. [ 875.100354][T20610] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4596'. [ 875.169899][T20614] netlink: 'syz.6.4596': attribute type 1 has an invalid length. [ 875.233691][T20614] netlink: 13 bytes leftover after parsing attributes in process `syz.6.4596'. [ 875.318168][T20614] netlink: 'syz.6.4596': attribute type 1 has an invalid length. [ 876.719988][T20625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4598'. [ 877.426856][T20633] sp0: Synchronizing with TNC [ 880.819191][ T30] audit: type=1326 audit(4295004335.287:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20680 comm="syz.6.4612" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f40d6d8f7c9 code=0x0 [ 880.970891][T20686] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4613'. [ 881.045281][T20686] veth1_macvtap: entered allmulticast mode [ 883.044683][T20720] netlink: set zone limit has 8 unknown bytes [ 883.150477][T20720] netlink: zone id is out of range [ 883.155671][T20720] netlink: del zone limit has 4 unknown bytes [ 883.220757][T20720] HfR: entered promiscuous mode [ 884.116254][T20727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4622'. [ 885.308566][T20739] zswap: compressor not available [ 887.432277][T20776] FAULT_INJECTION: forcing a failure. [ 887.432277][T20776] name failslab, interval 1, probability 393216, space 0, times 0 [ 887.445790][T20776] CPU: 1 UID: 0 PID: 20776 Comm: syz.4.4634 Tainted: G U syzkaller #0 PREEMPT(full) [ 887.445831][T20776] Tainted: [U]=USER [ 887.445839][T20776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 887.445853][T20776] Call Trace: [ 887.445861][T20776] [ 887.445871][T20776] dump_stack_lvl+0x16c/0x1f0 [ 887.445903][T20776] should_fail_ex+0x512/0x640 [ 887.445929][T20776] ? kmem_cache_alloc_noprof+0x62/0x760 [ 887.445967][T20776] should_failslab+0xc2/0x120 [ 887.445993][T20776] kmem_cache_alloc_noprof+0x75/0x760 [ 887.446025][T20776] ? acpi_ps_alloc_op+0xf4/0x360 [ 887.446068][T20776] ? acpi_ps_alloc_op+0xf4/0x360 [ 887.446095][T20776] acpi_ps_alloc_op+0xf4/0x360 [ 887.446127][T20776] acpi_ps_create_scope_op+0x1a/0x70 [ 887.446154][T20776] acpi_ps_execute_method+0x223/0xe90 [ 887.446191][T20776] acpi_ns_evaluate+0x98c/0x16d0 [ 887.446231][T20776] acpi_evaluate_object+0x4ca/0xdf0 [ 887.446268][T20776] ? ksys_read+0x12a/0x250 [ 887.446297][T20776] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 887.446340][T20776] ? __pfx___might_resched+0x10/0x10 [ 887.446380][T20776] acpi_evaluate_integer+0xdd/0x200 [ 887.446413][T20776] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 887.446462][T20776] ? __pfx_status_show+0x10/0x10 [ 887.446484][T20776] status_show+0xa0/0x120 [ 887.446507][T20776] ? __pfx_status_show+0x10/0x10 [ 887.446539][T20776] dev_attr_show+0x56/0xe0 [ 887.446577][T20776] ? __pfx_dev_attr_show+0x10/0x10 [ 887.446611][T20776] sysfs_kf_seq_show+0x216/0x3e0 [ 887.446649][T20776] seq_read_iter+0x50e/0x12d0 [ 887.446702][T20776] kernfs_fop_read_iter+0x46c/0x610 [ 887.446729][T20776] ? rw_verify_area+0xcf/0x6c0 [ 887.446767][T20776] vfs_read+0x8bf/0xcf0 [ 887.446798][T20776] ? __pfx_vfs_read+0x10/0x10 [ 887.446847][T20776] ksys_read+0x12a/0x250 [ 887.446870][T20776] ? __pfx_ksys_read+0x10/0x10 [ 887.446903][T20776] do_syscall_64+0xcd/0xf80 [ 887.446931][T20776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.446957][T20776] RIP: 0033:0x7f8b3a18f7c9 [ 887.446978][T20776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 887.447002][T20776] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 887.447027][T20776] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 887.447052][T20776] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 887.447068][T20776] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 887.447084][T20776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 887.447099][T20776] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 887.447137][T20776] [ 892.482920][T20826] netlink: 25 bytes leftover after parsing attributes in process `syz.6.4648'. [ 892.556966][T20828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4649'. [ 892.673653][T20828] netlink: 'syz.2.4649': attribute type 1 has an invalid length. [ 892.747727][T20828] netlink: 'syz.2.4649': attribute type 6 has an invalid length. [ 893.812204][T20839] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 893.913034][T20841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4653'. [ 894.308240][T20853] netlink: 186 bytes leftover after parsing attributes in process `syz.6.4655'. [ 895.844792][T20877] zswap: compressor not available [ 898.714411][T20919] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4671'. [ 898.758271][T20919] veth1_macvtap: entered promiscuous mode [ 898.805939][T20919] veth1_macvtap: entered allmulticast mode [ 899.607581][T20933] random: crng reseeded on system resumption [ 899.935480][T20943] wlan1: mtu less than device minimum [ 900.175853][T20948] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 900.842006][T20955] mkiss: ax0: crc mode is auto. [ 901.840477][T20976] Invalid ELF header magic: != ELF [ 902.113960][T20980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4687'. [ 902.145131][T20980] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4687'. [ 903.382413][ T4886] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.407467][T21036] can: request_module (can-proto-5) failed. [ 905.444331][T21038] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4702'. [ 906.192168][T21046] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4706'. [ 906.209003][T21046] netlink: 'syz.6.4706': attribute type 2 has an invalid length. [ 907.124887][T21068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4710'. [ 907.181158][T21068] netlink: 354 bytes leftover after parsing attributes in process `syz.4.4710'. [ 907.633767][T21071] netlink: 350 bytes leftover after parsing attributes in process `syz.2.4712'. [ 909.312330][T21098] blktrace: Concurrent blktraces are not allowed on loop5 [ 909.865336][T21106] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.4.4722: bg 1: bad block bitmap checksum [ 909.881006][T21106] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 938 with max blocks 37 with error 74 [ 909.895611][T21106] EXT4-fs (sda1): This should not happen!! Data will be lost [ 909.895611][T21106] [ 910.937446][T21130] zram0: detected capacity change from 0 to 8 [ 911.795697][T21147] netlink: 354 bytes leftover after parsing attributes in process `syz.6.4729'. [ 912.760882][T21161] could not allocate digest TFM handle [ 915.596499][T21210] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4748'. [ 915.920229][T21215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4749'. [ 915.934051][T21215] netlink: 354 bytes leftover after parsing attributes in process `syz.4.4749'. [ 916.350883][T21217] zswap: compressor not available [ 916.774695][T21235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4754'. [ 916.815965][T21235] netlink: 'syz.0.4754': attribute type 1 has an invalid length. [ 916.853447][T21235] netlink: 5 bytes leftover after parsing attributes in process `syz.0.4754'. [ 920.176615][T21274] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4763'. [ 920.235473][T21274] netlink: 'syz.0.4763': attribute type 2 has an invalid length. [ 920.342792][T21283] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4766'. [ 920.632736][T21289] kAFS: unparsable volume name [ 921.408566][T21299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078007800 pfn:0x78000 [ 921.473296][T21299] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 921.592037][T21299] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 921.637094][T21299] page_type: f5(slab) [ 921.739440][T21299] raw: 00fff00000000240 ffff88813ff26dc0 ffffea0001598a10 ffff88813ff25888 [ 921.801116][T21299] raw: ffff888078007800 0000000000100007 00000000f5000000 0000000000000000 [ 921.851936][T21299] head: 00fff00000000240 ffff88813ff26dc0 ffffea0001598a10 ffff88813ff25888 [ 921.913747][T21299] head: ffff888078007800 0000000000100007 00000000f5000000 0000000000000000 [ 921.937015][T21299] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 921.945922][T21299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 922.056500][T21299] page dumped because: unmovable page [ 922.107945][T21299] page_owner tracks the page as allocated [ 922.343217][T21299] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5838, tgid 5838 (syz-executor), ts 86376879123, free_ts 55313414390 [ 922.511289][T21299] post_alloc_hook+0x1af/0x220 [ 922.532871][T21299] get_page_from_freelist+0xd0b/0x31a0 [ 922.728829][T21299] __alloc_frozen_pages_noprof+0x25f/0x2440 [ 922.781160][T21299] alloc_pages_mpol+0x1fb/0x550 [ 922.833445][T21299] new_slab+0x2c3/0x430 [ 922.859108][T21299] ___slab_alloc+0xe18/0x1c90 [ 922.885386][T21299] __slab_alloc.constprop.0+0x63/0x110 [ 922.950461][T21299] __kmalloc_cache_noprof+0x477/0x800 [ 923.043026][T21299] batadv_hard_if_event+0xb13/0x14f0 [ 923.079541][T21299] notifier_call_chain+0xbc/0x3e0 [ 923.084682][T21299] call_netdevice_notifiers_info+0xbe/0x110 [ 923.148966][T21299] register_netdevice+0x1792/0x21d0 [ 923.198973][T21299] veth_newlink+0x44d/0xa00 [ 923.218762][T21299] rtnl_newlink+0xc19/0x1f50 [ 923.258432][T21299] rtnetlink_rcv_msg+0x95e/0xe90 [ 923.288378][T21299] netlink_rcv_skb+0x158/0x420 [ 923.328184][T21299] page last free pid 5558 tgid 5558 stack trace: [ 923.378014][T21299] __free_frozen_pages+0x7df/0x1160 [ 923.417835][T21299] __put_partials+0x130/0x170 [ 923.437873][T21299] qlist_free_all+0x4c/0xf0 [ 923.452953][T21299] kasan_quarantine_reduce+0x195/0x1e0 [ 923.489286][T21299] __kasan_slab_alloc+0x69/0x90 [ 923.527135][T21299] kmem_cache_alloc_noprof+0x250/0x760 [ 923.532674][T21299] getname_flags.part.0+0x4c/0x550 [ 923.569126][T21324] blktrace: Concurrent blktraces are not allowed on loop5 [ 923.598694][T21299] getname_flags+0x93/0xf0 [ 923.603180][T21299] vfs_fstatat+0xe1/0xf0 [ 923.666270][T21299] __do_sys_newfstatat+0x97/0x120 [ 923.708986][T21299] do_syscall_64+0xcd/0xf80 [ 923.739277][T21299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.253596][T21327] FAULT_INJECTION: forcing a failure. [ 924.253596][T21327] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 924.317559][T21327] CPU: 0 UID: 0 PID: 21327 Comm: syz.4.4779 Tainted: G U syzkaller #0 PREEMPT(full) [ 924.317602][T21327] Tainted: [U]=USER [ 924.317611][T21327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 924.317626][T21327] Call Trace: [ 924.317635][T21327] [ 924.317645][T21327] dump_stack_lvl+0x16c/0x1f0 [ 924.317675][T21327] should_fail_ex+0x512/0x640 [ 924.317707][T21327] should_fail_alloc_page+0xe7/0x130 [ 924.317738][T21327] prepare_alloc_pages+0x3c2/0x610 [ 924.317763][T21327] ? arch_stack_walk+0xa6/0x100 [ 924.317797][T21327] __alloc_frozen_pages_noprof+0x18b/0x2440 [ 924.317839][T21327] ? stack_trace_save+0x8e/0xc0 [ 924.317865][T21327] ? __pfx_stack_trace_save+0x10/0x10 [ 924.317893][T21327] ? stack_depot_save_flags+0x29/0x9b0 [ 924.317917][T21327] ? trace_mm_page_alloc+0x11b/0x180 [ 924.317943][T21327] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 924.317978][T21327] ? kasan_save_stack+0x33/0x60 [ 924.318013][T21327] ? kasan_save_track+0x14/0x30 [ 924.318047][T21327] ? __kasan_slab_alloc+0x89/0x90 [ 924.318069][T21327] ? kmem_cache_alloc_noprof+0x250/0x760 [ 924.318099][T21327] ? __pmd_alloc+0xbf/0x8b0 [ 924.318120][T21327] ? __handle_mm_fault+0xa77/0x2ad0 [ 924.318146][T21327] ? handle_mm_fault+0x3fe/0xad0 [ 924.318175][T21327] ? futex_lock_pi+0x1cc/0x7c0 [ 924.318208][T21327] ? do_futex+0x11a/0x350 [ 924.318235][T21327] ? __x64_sys_futex+0x1e0/0x4c0 [ 924.318272][T21327] ? do_syscall_64+0xcd/0xf80 [ 924.318296][T21327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.318328][T21327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 924.318372][T21327] ? policy_nodemask+0xea/0x4e0 [ 924.318400][T21327] alloc_pages_mpol+0x1fb/0x550 [ 924.318427][T21327] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 924.318452][T21327] ? __lock_acquire+0x433/0x22f0 [ 924.318485][T21327] ? __pfx_filemap_map_pages+0x10/0x10 [ 924.318513][T21327] alloc_pages_noprof+0x12d/0x180 [ 924.318539][T21327] pte_alloc_one+0x1e/0x350 [ 924.318574][T21327] __do_fault+0x320/0x490 [ 924.318610][T21327] ? __pfx_filemap_map_pages+0x10/0x10 [ 924.318644][T21327] do_pte_missing+0x1a6/0x4000 [ 924.318679][T21327] ? __pmd_alloc+0x64f/0x8b0 [ 924.318706][T21327] __handle_mm_fault+0x154b/0x2ad0 [ 924.318746][T21327] ? __pfx___handle_mm_fault+0x10/0x10 [ 924.318807][T21327] handle_mm_fault+0x3fe/0xad0 [ 924.318843][T21327] __get_user_pages+0x605/0x33c0 [ 924.318879][T21327] ? down_read_killable+0x313/0x4c0 [ 924.318911][T21327] ? __pfx___get_user_pages+0x10/0x10 [ 924.318947][T21327] __gup_longterm_locked+0xa92/0x17e0 [ 924.318970][T21327] ? __lock_acquire+0x351/0x22f0 [ 924.318997][T21327] ? bpf_ksym_find+0x124/0x1c0 [ 924.319027][T21327] ? __pfx___gup_longterm_locked+0x10/0x10 [ 924.319058][T21327] ? pgd_none+0x9f/0xe0 [ 924.319089][T21327] ? __pfx_pgd_none+0x10/0x10 [ 924.319130][T21327] gup_fast_fallback+0xe91/0x2320 [ 924.319159][T21327] ? stack_trace_save+0x8e/0xc0 [ 924.319185][T21327] ? __pfx_stack_trace_save+0x10/0x10 [ 924.319211][T21327] ? stack_depot_save_flags+0x29/0x9b0 [ 924.319244][T21327] ? __pfx_gup_fast_fallback+0x10/0x10 [ 924.319273][T21327] ? __x64_sys_futex+0x1e0/0x4c0 [ 924.319304][T21327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.319345][T21327] get_user_pages_fast+0xa7/0xf0 [ 924.319370][T21327] ? __pfx_get_user_pages_fast+0x10/0x10 [ 924.319406][T21327] get_futex_key+0x2c6/0x15f0 [ 924.319440][T21327] ? __pfx_get_futex_key+0x10/0x10 [ 924.319475][T21327] ? kasan_save_track+0x14/0x30 [ 924.319510][T21327] ? __kasan_kmalloc+0xaa/0xb0 [ 924.319551][T21327] futex_lock_pi+0x1cc/0x7c0 [ 924.319589][T21327] ? preempt_schedule_thunk+0x16/0x30 [ 924.319628][T21327] ? __pfx_futex_lock_pi+0x10/0x10 [ 924.319661][T21327] ? preempt_schedule_common+0x44/0xc0 [ 924.319702][T21327] ? preempt_schedule_thunk+0x16/0x30 [ 924.319755][T21327] ? __pfx_try_to_wake_up+0x10/0x10 [ 924.319803][T21327] ? futex_private_hash_put+0x160/0x1b0 [ 924.319840][T21327] ? __pfx_futex_wake_mark+0x10/0x10 [ 924.319887][T21327] ? ksys_write+0x190/0x250 [ 924.319918][T21327] do_futex+0x11a/0x350 [ 924.319950][T21327] ? __pfx_do_futex+0x10/0x10 [ 924.319993][T21327] __x64_sys_futex+0x1e0/0x4c0 [ 924.320028][T21327] ? fput+0x70/0xf0 [ 924.320056][T21327] ? __pfx___x64_sys_futex+0x10/0x10 [ 924.320088][T21327] ? xfd_validate_state+0x61/0x180 [ 924.320124][T21327] ? __pfx_ksys_write+0x10/0x10 [ 924.320159][T21327] do_syscall_64+0xcd/0xf80 [ 924.320187][T21327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 924.320213][T21327] RIP: 0033:0x7f8b3a18f7c9 [ 924.320234][T21327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 924.320260][T21327] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 924.320329][T21327] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 924.320347][T21327] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 924.320364][T21327] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 000000008000fff5 [ 924.320382][T21327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 924.320398][T21327] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 924.320437][T21327] [ 924.822562][ C0] vkms_vblank_simulate: vblank timer overrun [ 926.844995][T21359] netlink: 98 bytes leftover after parsing attributes in process `syz.6.4787'. [ 927.766771][T21371] blktrace: Concurrent blktraces are not allowed on loop5 [ 928.923773][T21389] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3930829162 (15723316648 ns) > initial count (10539976056 ns). Using initial count to start timer. [ 929.861900][T21398] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4799'. [ 932.302993][T21419] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4805'. [ 932.378383][T21423] input: f as /devices/virtual/input/input27 [ 934.643750][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 934.659172][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 935.403768][T21463] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4815'. [ 935.677261][T21467] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4816'. [ 935.844603][T21461] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 935.858986][T21461] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 935.871384][T21461] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 935.886868][T21461] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 937.346379][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout [ 937.919132][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout [ 937.925350][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 937.931415][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 940.470278][T21530] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4831'. [ 941.186424][T21539] kernel read not supported for file /set_event_pid (pid: 21539 comm: syz.2.4833) [ 941.196293][ T30] audit: type=1800 audit(4295004396.011:24): pid=21539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4833" name="set_event_pid" dev="tracefs" ino=43 res=0 errno=0 [ 943.871071][T13294] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 945.372725][T21582] [U]  [ 945.382990][T21582] [U] [ 945.385669][T21582] [U] [ 945.388383][T21582] [U] [ 945.423444][T21589] netlink: 'syz.6.4848': attribute type 1 has an invalid length. [ 945.510988][T21582] [U] [ 945.513750][T21582] [U] [ 945.516482][T21582] [U] [ 945.519211][T21582] [U] [ 945.606091][T21582] [U] [ 945.608861][T21582] [U] [ 945.611681][T21582] [U] [ 945.614403][T21582] [U] [ 945.665152][T21582] [U] [ 945.667916][T21582] [U] [ 945.670641][T21582] [U] [ 945.673407][T21582] [U] [ 945.734097][T21582] [U] [ 945.736817][T21582] [U] [ 945.739563][T21582] [U] [ 945.742297][T21582] [U] [ 945.825863][T21582] [U] [ 945.828587][T21582] [U] [ 945.831301][T21582] [U] [ 945.833977][T21582] [U] [ 945.946760][T21582] [U] [ 945.949518][T21582] [U] [ 945.952227][T21582] [U] [ 945.954917][T21582] [U] [ 946.040171][T21582] [U] [ 946.042975][T21582] [U] [ 946.045669][T21582] [U] [ 946.048344][T21582] [U] [ 946.146366][T21582] [U] [ 946.149097][T21582] [U] [ 946.151788][T21582] [U] [ 946.154474][T21582] [U] [ 946.189026][T21582] [U] [ 946.191857][T21582] [U] [ 946.194545][T21582] [U] [ 946.197249][T21582] [U] [ 946.239283][T21582] [U] [ 946.242042][T21582] [U] [ 946.244761][T21582] [U] [ 946.247502][T21582] [U] [ 946.324476][T21582] [U] [ 946.327247][T21582] [U] [ 946.329964][T21582] [U] [ 946.332695][T21582] [U] [ 946.380792][T21582] [U] [ 946.383514][T21582] [U] [ 946.386193][T21582] [U] [ 946.388874][T21582] [U] [ 946.439123][T21582] [U] [ 946.441903][T21582] [U] [ 946.444629][T21582] [U] [ 946.447352][T21582] [U] [ 946.498771][T21582] [U] [ 946.501518][T21582] [U] [ 946.504234][T21582] [U] [ 946.507033][T21582] [U] [ 946.567445][T21582] [U] [ 946.948498][T21608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4853'. [ 946.979218][T21608] netlink: 'syz.0.4853': attribute type 1 has an invalid length. [ 947.044720][T21608] netlink: 5 bytes leftover after parsing attributes in process `syz.0.4853'. [ 949.306242][ T1113] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:8: bg 2: bad block bitmap checksum [ 949.363888][ T1113] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 967 with max blocks 8 with error 74 [ 949.377535][ T1113] EXT4-fs (sda1): This should not happen!! Data will be lost [ 949.377535][ T1113] [ 949.628775][T21659] input: f as /devices/virtual/input/input28 [ 952.462223][T21701] random: crng reseeded on system resumption [ 952.934348][T21708] bond0: invalid ARP target specified [ 952.957038][T21704] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 952.965650][T21704] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 952.974156][T21704] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 952.982250][T21704] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 953.733880][T21695] kexec: Could not allocate control_code_buffer [ 953.905392][T21719] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 955.014381][T21709] Bluetooth: hci4: command 0x0c1a tx timeout [ 955.015037][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 955.020470][T21709] Bluetooth: hci1: command 0x0c1a tx timeout [ 955.020505][T21709] Bluetooth: hci0: command 0x0c1a tx timeout [ 955.775705][T21717] kexec: Could not allocate control_code_buffer [ 956.001215][T21735] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 956.267252][T21742] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4886'. [ 956.591810][ T3880] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 956.928858][T21757] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4889'. [ 957.955479][T21769] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4892'. [ 958.020034][T21769] netlink: 354 bytes leftover after parsing attributes in process `syz.6.4892'. [ 958.555031][ T5935] smpboot: CPU 1 is now offline [ 960.053723][T21789] zswap: compressor not available [ 964.512099][T21826] Process accounting resumed [ 964.782812][T21840] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 966.536902][T21867] nfs: Unknown parameter 'w`_I+; HY Lu>>uh*C<+ ' [ 967.150528][T21879] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 967.920812][T21894] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4928'. [ 968.362826][T21894] hsr_slave_0 (unregistering): left promiscuous mode [ 969.025273][T21903] netlink: 'syz.4.4932': attribute type 1 has an invalid length. [ 969.090723][T21903] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4932'. [ 970.035825][T21914] random: crng reseeded on system resumption [ 970.146095][T21914] hub 1-0:1.0: USB hub found [ 970.205392][T21914] hub 1-0:1.0: 1 port detected [ 970.908305][T21926] netlink: 'syz.0.4939': attribute type 2 has an invalid length. [ 971.011368][T21926] netlink: 'syz.0.4939': attribute type 3 has an invalid length. [ 971.129567][T21926] netlink: 158 bytes leftover after parsing attributes in process `syz.0.4939'. [ 971.240529][T21926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4939'. [ 972.105785][T21943] netlink: 158 bytes leftover after parsing attributes in process `syz.4.4945'. [ 972.144296][T21943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4945'. [ 973.180489][T21960] random: crng reseeded on system resumption [ 974.849284][T21977] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4955'. [ 975.065748][T21979] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 976.193447][T21995] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4959'. [ 976.428059][T21995] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 976.969681][T21995] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 977.316174][T22006] netlink: 62 bytes leftover after parsing attributes in process `syz.6.4964'. [ 978.031588][T22011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4966'. [ 978.054245][T22015] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4968'. [ 978.145278][T22011] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4966'. [ 979.661093][T22043] HSR: entered promiscuous mode [ 980.307050][ T30] audit: type=1804 audit(4294967311.806:25): pid=22056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4977" name=2F6E6577726F6F742F3436302F3531310A dev="tmpfs" ino=2433 res=1 errno=0 [ 980.491913][ T30] audit: type=1800 audit(4294967311.876:26): pid=22056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4977" name=3531310A dev="tmpfs" ino=2433 res=0 errno=0 [ 981.287266][T22067] netlink: 'syz.4.4979': attribute type 4 has an invalid length. [ 981.295017][T22067] netlink: 314 bytes leftover after parsing attributes in process `syz.4.4979'. [ 981.526037][T22067] IPv6: NLM_F_CREATE should be specified when creating new route [ 984.742374][T22140] random: crng reseeded on system resumption [ 984.877763][T22140] hub 1-0:1.0: USB hub found [ 984.930291][T22140] hub 1-0:1.0: 1 port detected [ 985.254191][T22148] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4995'. [ 985.314070][T22150] netlink: 354 bytes leftover after parsing attributes in process `syz.6.4995'. [ 987.537813][T22178] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5003'. [ 988.619609][T22188] serio: Serial port ttyS2 [ 989.590601][T22198] random: crng reseeded on system resumption [ 991.564460][ T30] audit: type=1800 audit(4294967323.125:27): pid=22218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5014" name="features" dev="configfs" ino=233641 res=0 errno=0 [ 992.191708][T22233] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5020'. [ 993.768507][T22253] netlink: 'syz.0.5025': attribute type 1 has an invalid length. [ 993.834037][T22253] netlink: 13 bytes leftover after parsing attributes in process `syz.0.5025'. [ 994.493436][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 994.501331][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.146247][T22268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5030'. [ 995.225976][T22268] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5030'. [ 995.375973][T22242] Process accounting paused [ 996.690150][T22286] FAULT_INJECTION: forcing a failure. [ 996.690150][T22286] name failslab, interval 1, probability 393216, space 0, times 0 [ 996.836043][T22286] CPU: 0 UID: 0 PID: 22286 Comm: syz.4.5035 Tainted: G U syzkaller #0 PREEMPT(full) [ 996.836069][T22286] Tainted: [U]=USER [ 996.836075][T22286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 996.836085][T22286] Call Trace: [ 996.836090][T22286] [ 996.836097][T22286] dump_stack_lvl+0x16c/0x1f0 [ 996.836117][T22286] should_fail_ex+0x512/0x640 [ 996.836133][T22286] ? __kmalloc_noprof+0xca/0x8f0 [ 996.836153][T22286] should_failslab+0xc2/0x120 [ 996.836169][T22286] __kmalloc_noprof+0xdd/0x8f0 [ 996.836186][T22286] ? unregister_netdevice_many_notify+0x60c/0x2570 [ 996.836210][T22286] ? unregister_netdevice_many_notify+0x60c/0x2570 [ 996.836228][T22286] unregister_netdevice_many_notify+0x60c/0x2570 [ 996.836247][T22286] ? rcu_is_watching+0x12/0xc0 [ 996.836270][T22286] ? __mutex_lock+0x27b/0x1b10 [ 996.836287][T22286] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 996.836306][T22286] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 996.836329][T22286] ? __pfx___mutex_lock+0x10/0x10 [ 996.836347][T22286] unregister_netdevice_queue+0x305/0x3c0 [ 996.836367][T22286] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 996.836387][T22286] ? __pfx_locks_remove_file+0x10/0x10 [ 996.836400][T22286] ? kmem_cache_free+0x171/0x770 [ 996.836420][T22286] ? __pfx_ppp_release+0x10/0x10 [ 996.836434][T22286] ppp_release+0x209/0x230 [ 996.836447][T22286] __fput+0x402/0xb70 [ 996.836467][T22286] task_work_run+0x150/0x240 [ 996.836484][T22286] ? __pfx_task_work_run+0x10/0x10 [ 996.836498][T22286] ? __do_sys_close_range+0x278/0x730 [ 996.836518][T22286] exit_to_user_mode_loop+0xfb/0x540 [ 996.836539][T22286] do_syscall_64+0x4ee/0xf80 [ 996.836554][T22286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 996.836569][T22286] RIP: 0033:0x7f8b3a18f7c9 [ 996.836589][T22286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 996.836603][T22286] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 996.836618][T22286] RAX: 0000000000000000 RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 996.836627][T22286] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 996.836635][T22286] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 996.836644][T22286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 996.836653][T22286] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 996.836673][T22286] [ 999.794526][T22298] zswap: compressor not available [ 999.824658][T22301] Setting dangerous option i915.mitigations - tainting kernel [ 1000.237890][T22314] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5044'. [ 1001.424020][T22340] netlink: 9 bytes leftover after parsing attributes in process `syz.4.5052'. [ 1002.418073][T22361] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5058'. [ 1002.984079][T22352] netlink: 6 bytes leftover after parsing attributes in process `syz.4.5056'. [ 1003.138515][T22364] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5059'. [ 1003.447805][T22367] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1003.891086][T22376] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5064'. [ 1005.675186][T22405] blktrace: Concurrent blktraces are not allowed on loop2 [ 1006.680414][T13294] Bluetooth: hci1: unexpected event 0x0f length: 440 > 4 [ 1006.681584][T13294] Bluetooth: hci1: unexpected event for opcode 0x0010 [ 1009.543656][T22420] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 975 with max blocks 1 with error 117 [ 1009.711773][T22420] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1009.711773][T22420] [ 1010.726815][T13294] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1010.736732][T13294] Bluetooth: hci1: Injecting HCI hardware error event [ 1010.746544][T13294] Bluetooth: hci1: hardware error 0x00 [ 1012.794767][T13294] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1014.306956][T22475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1014.368387][T22475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1014.550616][T22477] tipc: Started in network mode [ 1014.649879][T22477] tipc: Node identity ffffffff, cluster identity 4711 [ 1014.773650][T22477] tipc: Node number set to 4294967295 [ 1015.424267][T22485] zram0: detected capacity change from 8 to 0 [ 1017.183463][T22513] netlink: 504 bytes leftover after parsing attributes in process `syz.4.5099'. [ 1017.887807][T13294] Bluetooth: hci2: unexpected event 0x0e length: 440 > 260 [ 1017.888934][T13294] Bluetooth: hci2: unexpected event for opcode 0x0f00 [ 1018.031418][T22518] netlink: 25 bytes leftover after parsing attributes in process `syz.6.5102'. [ 1021.520870][T22571] vivid-007: ================= START STATUS ================= [ 1021.564720][T22571] vivid-007: Generate PTS: true [ 1021.574483][T22569] Invalid ELF header magic: != ELF [ 1021.590513][T22571] vivid-007: Generate SCR: true [ 1021.613123][T22571] tpg source WxH: 320x240 (Y'CbCr) [ 1021.644037][T22571] tpg field: 1 [ 1021.661392][T22571] tpg crop: (0,0)/320x240 [ 1021.665748][T22571] tpg compose: (0,0)/320x240 [ 1021.708855][T22571] tpg colorspace: 8 [ 1021.723426][T22571] tpg transfer function: 0/0 [ 1021.747260][T22571] tpg Y'CbCr encoding: 0/0 [ 1021.776199][T22571] tpg quantization: 0/0 [ 1021.791216][T22571] tpg RGB range: 0/2 [ 1021.801315][T22571] vivid-007: ================== END STATUS ================== [ 1021.945732][T13294] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1021.954947][T13294] Bluetooth: hci2: Injecting HCI hardware error event [ 1021.966034][T21725] Bluetooth: hci2: hardware error 0x00 [ 1022.668596][T22590] binder: 22589:22590 ioctl c0306201 200000000000 returned -11 [ 1022.930185][T22594] netlink: 'syz.6.5122': attribute type 10 has an invalid length. [ 1023.041017][T22594] netlink: 230 bytes leftover after parsing attributes in process `syz.6.5122'. [ 1023.124067][T22594] : renamed from bridge_slave_1 (while UP) [ 1023.222233][T22597] Invalid ELF header magic: != ELF [ 1023.239475][T22594] bridge0: port 2() entered disabled state [ 1023.264065][T22592] delete_channel: no stack [ 1023.286485][T22594] : left promiscuous mode [ 1023.295372][T22605] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5125'. [ 1023.331159][T22594] bridge0: port 2() entered disabled state [ 1023.364008][T22594] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 1023.585618][T22610] netlink: 'syz.4.5126': attribute type 2 has an invalid length. [ 1023.629148][T22610] netlink: 'syz.4.5126': attribute type 3 has an invalid length. [ 1023.674591][T22610] netlink: 'syz.4.5126': attribute type 2 has an invalid length. [ 1023.713152][T22610] netlink: 'syz.4.5126': attribute type 3 has an invalid length. [ 1023.745785][T22610] netlink: 30 bytes leftover after parsing attributes in process `syz.4.5126'. [ 1024.014538][T21725] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1024.355209][T22612] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1024.415649][T22612] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1024.931281][T22650] netlink: 338 bytes leftover after parsing attributes in process `syz.6.5135'. [ 1024.989635][T22650] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 1025.017182][T22650] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 1025.255438][T22623] Process accounting resumed [ 1025.309358][T22657] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1025.846553][T21725] Bluetooth: hci0: command 0x0c1a tx timeout [ 1026.402191][T21725] Bluetooth: hci4: command 0x0c1a tx timeout [ 1026.820404][T22699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5144'. [ 1026.868911][T22699] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5144'. [ 1030.602347][T22777] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5157'. [ 1030.924694][T22786] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1031.248343][T22790] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5159'. [ 1031.433568][T22786] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1033.969095][T22808] kexec: Could not allocate control_code_buffer [ 1035.386015][T22860] Invalid ELF header magic: != ELF [ 1036.689393][ T50] Bluetooth: hci3: Frame reassembly failed (-84) [ 1037.558292][T22882] input: f as /devices/virtual/input/input31 [ 1038.737999][T13294] Bluetooth: hci3: command 0xfc11 tx timeout [ 1038.746209][T21725] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1041.205738][T21725] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1041.870642][T22954] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1042.995954][T22975] HSR: entered promiscuous mode [ 1043.279292][T22984] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5207'. [ 1043.842033][T22994] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5211'. [ 1045.613519][T23038] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5220'. [ 1045.981556][T23046] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5223'. [ 1046.098221][T23048] hub 1-0:1.0: USB hub found [ 1046.150097][T23048] hub 1-0:1.0: 1 port detected [ 1047.115684][T23041] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1047.137979][T23041] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1047.356712][ T30] audit: type=1800 audit(4294967338.479:28): pid=23060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5226" name="dbroot" dev="configfs" ino=240635 res=0 errno=0 [ 1047.511292][T23063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5227'. [ 1047.875207][T23074] ima: policy update failed [ 1047.887601][ T30] audit: type=1802 audit(4294967339.011:29): pid=23074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.5230" res=0 errno=0 [ 1047.916053][T23074] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5230'. [ 1048.052141][T21725] Bluetooth: hci0: command 0x0c1a tx timeout [ 1048.407912][T23078] binder: BINDER_SET_CONTEXT_MGR already set [ 1048.447526][T23078] binder: 23077:23078 ioctl 4018620d 9 returned -16 [ 1048.480714][T23089] ubi: mtd0 is already attached to ubi0 [ 1049.166475][T21725] Bluetooth: hci4: command 0x0c1a tx timeout [ 1050.703604][T23129] binder: BINDER_SET_CONTEXT_MGR already set [ 1050.750438][T23129] binder: 23127:23129 ioctl 4018620d 9 returned -16 [ 1050.932616][T23136] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input32 [ 1051.039481][T23139] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5251'. [ 1051.505968][T23145] random: crng reseeded on system resumption [ 1051.934512][T23153] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5256'. [ 1052.003479][T23153] vlan1: entered promiscuous mode [ 1052.059823][T23153] vlan1: entered allmulticast mode [ 1052.121658][T23153] veth0_vlan: entered allmulticast mode [ 1052.436813][ T30] audit: type=1800 audit(4294967343.575:30): pid=23163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5259" name="dbroot" dev="configfs" ino=241077 res=0 errno=0 [ 1055.290723][T23192] Process accounting paused [ 1055.891462][T23218] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5273'. [ 1056.249308][T23225] mmap: syz.4.5285 (23225): VmData 45883392 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 1056.887298][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1056.897769][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1057.757378][T23252] zswap: compressor not available [ 1058.285284][T23263] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5286'. [ 1058.608775][T23267] ptrace attach of "./syz-executor exec"[6969] was attempted by "R\x0d%@=gy0saV\x0c\x5cvF\x220Ă=of4KP[EƂtzZu.;;\x07ˆd1uGWרJghBN휗[V>bˁ8$\x07o\x09&B`Qg?#\x0bT#o7ҵ'do\x09qbW]j\x5c(D=n[yjɻ$\x07Tx뙾xRw\x0c̓{\x22.:-PNw%jDHǒAxl e!\x0bIǭ#V\x0c.G,ڙ%,sءK397l0~\x0d3\x1bĬc&mI\x22?hX,I\x0dozc2ڀAcƟM&V4?o`\x0a]8 \x22]#gJ8I\x22o\x0bs6EG-\x1bȯc\x09_`+H8o'\x0a\x07&3N.]=\x0cޙ4l\x1b)Q='pg`p4eUڧ-VD\x07,\x0bRwYñfԧm8gO5*s'#lά:KSI);,^+Wvl]*OWӴ Ӕ]#Q\x1bAtt,zzU ՘2Eq\x0d1Sh(6Ta̕Z)hjAjC4?fd+!lTUMd_C\x0cMoSp\x1b5wNjriƥqhΟdL+ZUc&3\x0a+E\x0d@Plrކ6_ړG4\x09l./: h`A̚A̹s=׃\x09R7tOt.H% _kAn )LNq [ 1062.704766][T23329] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 1062.939628][T23329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5303'. [ 1063.600977][T23307] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1063.641306][T23307] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1063.648837][T21725] Bluetooth: hci0: command 0x0c1a tx timeout [ 1065.470012][T23366] Falling back ldisc for pty66. [ 1065.638185][T21725] Bluetooth: hci4: command 0x0c1a tx timeout [ 1068.654167][T23405] kvm: kvm [23404]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 1072.539880][T23462] zswap: compressor not available [ 1072.789795][T23473] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5336'. [ 1072.838579][T23473] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5336'. [ 1073.711281][T23484] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5338'. [ 1076.140942][T23511] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input34 [ 1077.840205][T23548] program syz.2.5360 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1082.305670][ C0] vcan0: j1939_tp_rxtimer: 0xffff888033579400: rx timeout, send abort [ 1082.325980][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888033579400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 1082.903567][T23608] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 1083.034080][T23611] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5370'. [ 1083.131688][T23610] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 1083.625375][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801e2c9c00: rx timeout, send abort [ 1084.131059][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801e2c9c00: abort rx timeout. Force session deactivation [ 1085.548279][T23632] Process accounting resumed [ 1087.135491][T23650] binder: 23649:23650 ioctl c0306201 200000000000 returned -11 [ 1087.151952][T23651] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1087.178653][T23651] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1088.003783][ T3880] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 959 with max blocks 7 with error 117 [ 1088.051501][ T3880] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1088.051501][ T3880] [ 1088.558899][T21725] Bluetooth: hci0: command 0x0c1a tx timeout [ 1089.196657][T21725] Bluetooth: hci4: command 0x0c1a tx timeout [ 1089.676726][T23685] FAULT_INJECTION: forcing a failure. [ 1089.676726][T23685] name failslab, interval 1, probability 393216, space 0, times 0 [ 1089.793523][T23685] CPU: 0 UID: 0 PID: 23685 Comm: syz.4.5393 Tainted: G U syzkaller #0 PREEMPT(full) [ 1089.793553][T23685] Tainted: [U]=USER [ 1089.793558][T23685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1089.793568][T23685] Call Trace: [ 1089.793573][T23685] [ 1089.793579][T23685] dump_stack_lvl+0x16c/0x1f0 [ 1089.793599][T23685] should_fail_ex+0x512/0x640 [ 1089.793615][T23685] ? __kmalloc_noprof+0xca/0x8f0 [ 1089.793634][T23685] should_failslab+0xc2/0x120 [ 1089.793650][T23685] __kmalloc_noprof+0xdd/0x8f0 [ 1089.793667][T23685] ? __register_sysctl_table+0xe8e/0x1900 [ 1089.793687][T23685] ? __register_sysctl_table+0xea2/0x1900 [ 1089.793710][T23685] ? __register_sysctl_table+0xea2/0x1900 [ 1089.793729][T23685] __register_sysctl_table+0xea2/0x1900 [ 1089.793753][T23685] ? __pfx___register_sysctl_table+0x10/0x10 [ 1089.793775][T23685] ? __asan_memcpy+0x3c/0x60 [ 1089.793795][T23685] setup_mq_sysctls+0x13d/0x230 [ 1089.793812][T23685] copy_ipcs+0x51a/0x790 [ 1089.793826][T23685] create_new_namespaces+0x20a/0xab0 [ 1089.793846][T23685] ? security_capable+0x7e/0x260 [ 1089.793867][T23685] copy_namespaces+0x468/0x570 [ 1089.793888][T23685] copy_process+0x27c6/0x74e0 [ 1089.793917][T23685] ? __pfx_copy_process+0x10/0x10 [ 1089.793941][T23685] ? _copy_from_user+0x59/0xd0 [ 1089.793957][T23685] kernel_clone+0xfc/0x910 [ 1089.793977][T23685] ? __pfx_kernel_clone+0x10/0x10 [ 1089.793995][T23685] ? futex_private_hash_put+0x160/0x1b0 [ 1089.794015][T23685] ? __pfx_futex_wait+0x10/0x10 [ 1089.794038][T23685] __do_sys_clone3+0x212/0x290 [ 1089.794058][T23685] ? __pfx___do_sys_clone3+0x10/0x10 [ 1089.794085][T23685] ? find_held_lock+0x2b/0x80 [ 1089.794118][T23685] do_syscall_64+0xcd/0xf80 [ 1089.794133][T23685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1089.794148][T23685] RIP: 0033:0x7f8b3a18f7c9 [ 1089.794160][T23685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1089.794173][T23685] RSP: 002b:00007f8b383f5f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1089.794187][T23685] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f8b3a18f7c9 [ 1089.794196][T23685] RDX: 00007f8b383f5f20 RSI: 0000000000000058 RDI: 00007f8b383f5f20 [ 1089.794205][T23685] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000058 [ 1089.794213][T23685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1089.794221][T23685] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 1089.794239][T23685] [ 1090.049673][T23685] sysctl could not get directory: /fs/mqueue -12 [ 1094.656526][T23729] block nbd0: Unsupported socket: should be TCP or UNIX. [ 1095.404010][T23749] FAULT_INJECTION: forcing a failure. [ 1095.404010][T23749] name failslab, interval 1, probability 393216, space 0, times 0 [ 1095.455359][T23749] CPU: 0 UID: 0 PID: 23749 Comm: syz.4.5408 Tainted: G U syzkaller #0 PREEMPT(full) [ 1095.455386][T23749] Tainted: [U]=USER [ 1095.455391][T23749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1095.455400][T23749] Call Trace: [ 1095.455406][T23749] [ 1095.455414][T23749] dump_stack_lvl+0x16c/0x1f0 [ 1095.455433][T23749] should_fail_ex+0x512/0x640 [ 1095.455451][T23749] should_failslab+0xc2/0x120 [ 1095.455467][T23749] kmem_cache_alloc_node_noprof+0x78/0x7f0 [ 1095.455487][T23749] ? __alloc_skb+0x156/0x410 [ 1095.455506][T23749] ? __alloc_skb+0x156/0x410 [ 1095.455518][T23749] __alloc_skb+0x156/0x410 [ 1095.455530][T23749] ? __alloc_skb+0x35d/0x410 [ 1095.455544][T23749] ? __pfx___alloc_skb+0x10/0x10 [ 1095.455557][T23749] ? kasan_quarantine_put+0x10a/0x240 [ 1095.455576][T23749] ? warn_bogus_irq_restore+0x20/0x20 [ 1095.455596][T23749] __pskb_copy_fclone+0xef/0xb50 [ 1095.455619][T23749] tipc_sk_mcast_rcv+0x52d/0xfa0 [ 1095.455642][T23749] ? __pfx_tipc_sk_mcast_rcv+0x10/0x10 [ 1095.455659][T23749] ? __lock_acquire+0x433/0x22f0 [ 1095.455682][T23749] ? find_held_lock+0x2b/0x80 [ 1095.455702][T23749] ? tipc_mcast_xmit+0x6d5/0xfe0 [ 1095.455720][T23749] tipc_mcast_xmit+0x711/0xfe0 [ 1095.455735][T23749] ? __pfx__copy_from_iter+0x10/0x10 [ 1095.455748][T23749] ? __pfx___alloc_skb+0x10/0x10 [ 1095.455764][T23749] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 1095.455800][T23749] ? tipc_send_group_bcast+0x803/0xa50 [ 1095.455812][T23749] tipc_send_group_bcast+0x803/0xa50 [ 1095.455833][T23749] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 1095.455850][T23749] ? __pfx_woken_wake_function+0x10/0x10 [ 1095.455868][T23749] ? css_rstat_updated+0x1c2/0x510 [ 1095.455888][T23749] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1095.455908][T23749] __tipc_sendmsg+0x4ab/0x1970 [ 1095.455937][T23749] ? __pfx___tipc_sendmsg+0x10/0x10 [ 1095.455955][T23749] ? __lock_acquire+0x433/0x22f0 [ 1095.455970][T23749] ? __lock_acquire+0x433/0x22f0 [ 1095.455998][T23749] ? __local_bh_enable_ip+0xa4/0x120 [ 1095.456023][T23749] tipc_sendmsg+0x4f/0x70 [ 1095.456041][T23749] sock_write_iter+0x566/0x610 [ 1095.456061][T23749] ? __pfx_sock_write_iter+0x10/0x10 [ 1095.456087][T23749] ? __futex_wait+0x24b/0x2f0 [ 1095.456106][T23749] ? copy_iovec_from_user+0x131/0x170 [ 1095.456128][T23749] do_iter_readv_writev+0x662/0x9e0 [ 1095.456150][T23749] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1095.456169][T23749] ? common_file_perm+0x1b1/0x500 [ 1095.456184][T23749] ? bpf_lsm_file_permission+0x9/0x10 [ 1095.456201][T23749] ? security_file_permission+0x71/0x210 [ 1095.456217][T23749] ? rw_verify_area+0xcf/0x6c0 [ 1095.456237][T23749] vfs_writev+0x35f/0xde0 [ 1095.456256][T23749] ? futex_wait+0x120/0x380 [ 1095.456278][T23749] ? __pfx_vfs_writev+0x10/0x10 [ 1095.456310][T23749] ? __fget_files+0x20e/0x3c0 [ 1095.456328][T23749] ? do_writev+0x28c/0x340 [ 1095.456345][T23749] do_writev+0x28c/0x340 [ 1095.456364][T23749] ? __pfx_do_writev+0x10/0x10 [ 1095.456388][T23749] do_syscall_64+0xcd/0xf80 [ 1095.456403][T23749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1095.456418][T23749] RIP: 0033:0x7f8b3a18f7c9 [ 1095.456430][T23749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1095.456443][T23749] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1095.456456][T23749] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 1095.456466][T23749] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1095.456474][T23749] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1095.456483][T23749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1095.456492][T23749] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 1095.456512][T23749] [ 1095.456520][T23749] tipc: Failed to clone mcast rcv buffer [ 1096.733058][T23768] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5412'. [ 1097.236886][T23776] blktrace: Concurrent blktraces are not allowed on loop5 [ 1097.271725][T23761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5411'. [ 1097.416985][T23779] FAULT_INJECTION: forcing a failure. [ 1097.416985][T23779] name failslab, interval 1, probability 393216, space 0, times 0 [ 1097.460627][T23779] CPU: 0 UID: 0 PID: 23779 Comm: syz.4.5417 Tainted: G U syzkaller #0 PREEMPT(full) [ 1097.460652][T23779] Tainted: [U]=USER [ 1097.460658][T23779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1097.460668][T23779] Call Trace: [ 1097.460673][T23779] [ 1097.460679][T23779] dump_stack_lvl+0x16c/0x1f0 [ 1097.460705][T23779] should_fail_ex+0x512/0x640 [ 1097.460721][T23779] ? kmem_cache_alloc_noprof+0x62/0x760 [ 1097.460743][T23779] should_failslab+0xc2/0x120 [ 1097.460759][T23779] kmem_cache_alloc_noprof+0x75/0x760 [ 1097.460778][T23779] ? security_file_alloc+0x34/0x2b0 [ 1097.460797][T23779] ? security_file_alloc+0x34/0x2b0 [ 1097.460811][T23779] security_file_alloc+0x34/0x2b0 [ 1097.460826][T23779] init_file+0x93/0x4c0 [ 1097.460842][T23779] alloc_empty_file+0x73/0x1e0 [ 1097.460859][T23779] alloc_file_pseudo+0x13a/0x230 [ 1097.460877][T23779] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1097.460893][T23779] ? alloc_fd+0x471/0x7d0 [ 1097.460910][T23779] sock_alloc_file+0x50/0x210 [ 1097.460928][T23779] __sys_socket+0x1c6/0x2d0 [ 1097.460941][T23779] ? __pfx___sys_socket+0x10/0x10 [ 1097.460953][T23779] ? xfd_validate_state+0x61/0x180 [ 1097.460978][T23779] __x64_sys_socket+0x72/0xb0 [ 1097.460990][T23779] ? lockdep_hardirqs_on+0x7c/0x110 [ 1097.461003][T23779] do_syscall_64+0xcd/0xf80 [ 1097.461018][T23779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.461032][T23779] RIP: 0033:0x7f8b3a18f7c9 [ 1097.461048][T23779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1097.461061][T23779] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1097.461075][T23779] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 1097.461085][T23779] RDX: 0000000000000000 RSI: 0000000000000801 RDI: 0000000000000028 [ 1097.461095][T23779] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1097.461104][T23779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1097.461113][T23779] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 1097.461132][T23779] [ 1097.461278][T23779] VFS_BUG_ON_INODE(inode_state_read_once(inode) & I_CLEAR) encountered for inode ffff88803940aec0 [ 1097.461278][T23779] fs sockfs mode 140777 opflags 0xc flags 0x0 state 0x300 count 0 [ 1098.451618][T23779] ------------[ cut here ]------------ [ 1098.457276][T23779] kernel BUG at fs/inode.c:1971! [ 1098.503439][T23779] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 1098.509706][T23779] CPU: 0 UID: 0 PID: 23779 Comm: syz.4.5417 Tainted: G U syzkaller #0 PREEMPT(full) [ 1098.520641][T23779] Tainted: [U]=USER [ 1098.524460][T23779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1098.534505][T23779] RIP: 0010:iput.part.0+0xb3b/0x1190 [ 1098.539783][T23779] Code: 4b 68 ff ff 90 0f 0b e8 73 fa 7c ff 90 0f 0b 90 e9 d3 f8 ff ff e8 65 fa 7c ff 48 c7 c6 e0 78 a0 8b 48 89 df e8 26 68 ff ff 90 <0f> 0b e8 4e fa 7c ff 48 c7 c6 40 79 a0 8b 48 89 df e8 0f 68 ff ff [ 1098.559378][T23779] RSP: 0018:ffffc9000b9e7dc8 EFLAGS: 00010296 [ 1098.565438][T23779] RAX: 000000000000009f RBX: ffff88803940aec0 RCX: ffffc9001815e000 [ 1098.573391][T23779] RDX: 0000000000000000 RSI: ffffffff819bd739 RDI: 0000000000000005 [ 1098.581356][T23779] RBP: 0000000000000200 R08: 0000000000000005 R09: 0000000000000000 [ 1098.589318][T23779] R10: 0000000080000000 R11: fffffffffffca170 R12: 0000000000000000 [ 1098.597275][T23779] R13: ffffffff9086aa34 R14: ffff88803940af90 R15: dffffc0000000000 [ 1098.605230][T23779] FS: 00007f8b383f66c0(0000) GS:ffff888124985000(0000) knlGS:0000000000000000 [ 1098.614145][T23779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1098.620821][T23779] CR2: 00002000000ca000 CR3: 0000000029892000 CR4: 00000000003526f0 [ 1098.628782][T23779] Call Trace: [ 1098.632049][T23779] [ 1098.634965][T23779] iput+0x35/0x40 [ 1098.638608][T23779] __sock_release+0x20b/0x270 [ 1098.643273][T23779] __sys_socket+0x23a/0x2d0 [ 1098.647757][T23779] ? __pfx___sys_socket+0x10/0x10 [ 1098.652761][T23779] ? xfd_validate_state+0x61/0x180 [ 1098.657864][T23779] __x64_sys_socket+0x72/0xb0 [ 1098.662523][T23779] ? lockdep_hardirqs_on+0x7c/0x110 [ 1098.667716][T23779] do_syscall_64+0xcd/0xf80 [ 1098.672214][T23779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.678103][T23779] RIP: 0033:0x7f8b3a18f7c9 [ 1098.682591][T23779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1098.702186][T23779] RSP: 002b:00007f8b383f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1098.710591][T23779] RAX: ffffffffffffffda RBX: 00007f8b3a3e5fa0 RCX: 00007f8b3a18f7c9 [ 1098.718556][T23779] RDX: 0000000000000000 RSI: 0000000000000801 RDI: 0000000000000028 [ 1098.726509][T23779] RBP: 00007f8b3a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1098.734471][T23779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.742451][T23779] R13: 00007f8b3a3e6038 R14: 00007f8b3a3e5fa0 R15: 00007ffe1f047d38 [ 1098.750417][T23779] [ 1098.753427][T23779] Modules linked in: [ 1098.757823][T23779] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1099.157373][T23789] kexec: Could not allocate control_code_buffer [ 1099.459507][T23781] binder: 23780:23781 ioctl c018620c 0 returned -22 [ 1099.794316][T23779] RIP: 0010:iput.part.0+0xb3b/0x1190 [ 1099.799639][T23779] Code: 4b 68 ff ff 90 0f 0b e8 73 fa 7c ff 90 0f 0b 90 e9 d3 f8 ff ff e8 65 fa 7c ff 48 c7 c6 e0 78 a0 8b 48 89 df e8 26 68 ff ff 90 <0f> 0b e8 4e fa 7c ff 48 c7 c6 40 79 a0 8b 48 89 df e8 0f 68 ff ff [ 1099.861181][T18783] EXT4-fs error (device sda1): ext4_discard_preallocations:5703: comm syz.0.4077: Error -117 reading block bitmap for 2 [ 1099.887968][ T3880] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.911918][T23779] RSP: 0018:ffffc9000b9e7dc8 EFLAGS: 00010296 [ 1099.918002][T23779] RAX: 000000000000009f RBX: ffff88803940aec0 RCX: ffffc9001815e000 [ 1099.974750][T23779] RDX: 0000000000000000 RSI: ffffffff819bd739 RDI: 0000000000000005 [ 1099.994470][T23779] RBP: 0000000000000200 R08: 0000000000000005 R09: 0000000000000000 [ 1100.005531][T18783] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz.0.4077: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 1100.025272][ T3880] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1100.036152][T23779] R10: 0000000080000000 R11: fffffffffffca170 R12: 0000000000000000 [ 1100.046041][T18783] EXT4-fs error (device sda1) in ext4_free_inode:361: Filesystem failed CRC [ 1100.055135][T23779] R13: ffffffff9086aa34 R14: ffff88803940af90 R15: dffffc0000000000 [ 1100.063978][T18783] EXT4-fs error (device sda1): ext4_discard_preallocations:5703: comm syz.0.4077: Error -117 reading block bitmap for 2 [ 1100.077147][T23779] FS: 00007f8b383f66c0(0000) GS:ffff888124985000(0000) knlGS:0000000000000000 [ 1100.089393][ T3880] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1100.101182][T23779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1100.107766][T23779] CR2: 0000001b2fadeff8 CR3: 0000000029892000 CR4: 00000000003526f0 [ 1100.136588][T18783] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1100.146074][T23786] EXT4-fs error (device sda1): ext4_discard_preallocations:5703: comm syz.2.5418: Error -117 reading block bitmap for 2 [ 1100.168976][T23779] Kernel panic - not syncing: Fatal exception [ 1100.175105][T23779] Kernel Offset: disabled [ 1100.179418][T23779] Rebooting in 86400 seconds..