last executing test programs: 7.658832434s ago: executing program 3 (id=1396): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/geneve0/drop_unicast_in_l2_multicast\x00', 0xc1e13b61f74943c7, 0x0) sendfile$auto(r0, r0, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x21, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x23, 0x5, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x309801, 0x0) r1 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000006400)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x2001, 0x0) write$auto(r1, &(0x7f000000ac80)='\x00', 0xd) getpid() statmount$auto(0x0, 0x0, 0x6, 0x1000000) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) lseek$auto(0x3, 0x20000, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/rose12/operstate\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000002140)=""/64, 0x40) faccessat2$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2, 0x7ff) 7.396603581s ago: executing program 0 (id=1398): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) write$auto(0x3, 0x0, 0x1) lseek$auto(r0, 0x100, 0x6) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x20002, 0x0) unshare$auto(0x2) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) shmctl$auto_SHM_STAT(0x9, 0xd, 0x0) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x49e, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 6.296270712s ago: executing program 3 (id=1400): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/geneve0/drop_unicast_in_l2_multicast\x00', 0xc1e13b61f74943c7, 0x0) sendfile$auto(r0, r0, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x21, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x23, 0x5, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x309801, 0x0) r1 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000006400)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x2001, 0x0) write$auto(r1, &(0x7f000000ac80)='\x00', 0xd) getpid() statmount$auto(0x0, 0x0, 0x6, 0x1000000) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) lseek$auto(0x3, 0x20000, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/rose12/operstate\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000002140)=""/64, 0x40) faccessat2$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2, 0x7ff) 6.213924182s ago: executing program 0 (id=1401): write$auto(0xffffffffffffffff, 0x0, 0x5) r0 = open(0x0, 0x22240, 0x147) ppoll$auto(&(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3}, 0x3, 0x0, 0x0, 0x8) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop0\x00', 0x15b646, 0x0) select$auto(0x8059, 0x0, 0x0, &(0x7f0000000340)={[0x1fc, 0x37, 0xa, 0x1, 0x2000000000005, 0x80000001, 0x8000005, 0x4, 0x400000000003, 0x800, 0x80000023, 0x20000000000000a, 0x6d42, 0x6, 0x2495dae0, 0x52]}, 0x0) openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000140), 0x40042, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000300), r0) unshare$auto(0x40000080) io_uring_setup$auto(0x40000002c55, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) r3 = socket(0x2, 0x3, 0x100) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0xc2b80, 0x0) syz_open_procfs$namespace(0x0, 0x0) syz_genetlink_get_family_id$auto_thermal(0x0, r3) r4 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_LOOP_CTL_ADD(r4, 0x4c80, 0xfffffffffffffffd) execve$auto(0x0, 0x0, 0x0) 4.782207213s ago: executing program 3 (id=1406): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) write$auto(0x3, 0x0, 0x1) lseek$auto(r0, 0x100, 0x6) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x20002, 0x0) unshare$auto(0x2) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) shmctl$auto_SHM_STAT(0x9, 0xd, 0x0) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x49e, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 4.269910635s ago: executing program 3 (id=1408): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x114, 0x1d, 0xffffffffffffffff, 0x4) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000040001, 0x384, 0xfffffffffffffffa, 0x9, 0x0, 0x10, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x80000000, 0x0, 0x9, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9, 0x900f]}, 0x9, 0xd) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x10bc02, 0x0) socket(0x15, 0x5, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) socket(0x1, 0x5, 0x0) socket(0x2c, 0x3, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002d40)='/sys/kernel/tracing/set_event\x00', 0x408800, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x14, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x4) r2 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x40, 0x0) read$auto_media_devnode_fops_mc_devnode(r2, 0x0, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x8001) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_GET_FBACK_STATS(r3, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x10000080) setsockopt$auto(0x3, 0x10000000084, 0x17, 0x0, 0x3ff) 4.051573897s ago: executing program 0 (id=1410): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x2, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101c81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x800, 0x85fc) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xc01, 0x1, 0x6d, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x40000023, 0x2, 0x6}]}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000040), r4) sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd700003dcdf25010000000800050001000000140002007767300000000000000000000000000022cda33a8c785d168923573f"], 0x30}}, 0xc0) 3.550818257s ago: executing program 0 (id=1412): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sr0\x00', 0x60742, 0x0) fallocate$auto(r0, 0x3, 0x4e88, 0x4cbd5d) memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ftruncate$auto(0x3, 0x700) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x10c, 0x0, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_PMSR_SUPPORT={0xf8, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x2c, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0xdd2}, @NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8, 0x6, 0x7ff}, @NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT={0x5, 0x7, 0x7d}, @NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0x5}]}]}, @NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x81}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x28, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}]}]}, @NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x5}, @NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR={0x4}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x80, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST={0x5, 0x8, 0x2}, @NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8, 0x6, 0x59}, @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0xffffffc1}, @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0xd}]}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae8a, &(0x7f00000000c0)={0xfc}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x1c, r4, 0xb3eaee9e9ed11725, 0x70bd29, 0x25c7dbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x64810) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) lseek$auto(0x3, 0x10000000002, 0x20000005) 2.972351872s ago: executing program 0 (id=1414): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r1) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) write$auto(0xffffffffffffffff, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r6 = socket(0x2, 0x801, 0x106) setsockopt$auto(r6, 0x6, 0x12, 0x0, 0xa1) sendmsg$auto_IPVS_CMD_SET_SERVICE(r3, &(0x7f0000000ac0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x28014044}, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x8203, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000100), 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) syslog$auto(0x3, &(0x7f0000000180)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9bd\b\xff.\x1a\xbe6+\xd6Vy\x99', 0x5) 2.879763817s ago: executing program 1 (id=1415): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) write$auto(0x3, 0x0, 0x1) lseek$auto(r0, 0x100, 0x6) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x20002, 0x0) unshare$auto(0x2) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) shmctl$auto_SHM_STAT(0x9, 0xd, &(0x7f00000002c0)={{0x2, 0xffffffffffffffff, 0xee00, 0x5, 0x3, 0x925c, 0x8000}, 0x7, 0x2, 0x0, 0xffffffffffff8001, @raw=0x4, @inferred, 0xfff8, 0x0, 0x0, &(0x7f0000000240)="f6e208541e5bed21fe9cd31f56529d9afac2e53a91549e51d648c5fedb1b08759300b4d7383921f9cb3cf930d17b2d5a123da1bb3dc0a1ad02f338623a1e2682469c4be8a2cdc58b54055fc880cc8d1407f62afde7fab15cdb308b3fe673ffdd"}) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x49e, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 2.669742586s ago: executing program 2 (id=1416): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sr0\x00', 0x60742, 0x0) fallocate$auto(r0, 0x3, 0x4e88, 0x4cbd5d) memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ftruncate$auto(0x3, 0x700) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x10c, 0x0, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_PMSR_SUPPORT={0xf8, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x2c, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0xdd2}, @NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8, 0x6, 0x7ff}, @NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT={0x5, 0x7, 0x7d}, @NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0x5}]}]}, @NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x81}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x28, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}]}]}, @NL80211_PMSR_ATTR_MAX_PEERS={0x8, 0x1, 0x5}, @NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR={0x4}, @NL80211_PMSR_ATTR_REPORT_AP_TSF={0x4}, @NL80211_PMSR_ATTR_TYPE_CAPA={0x80, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC={0x4}, @NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST={0x5, 0x8, 0x2}, @NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS={0x8, 0x6, 0x59}, @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0xffffffc1}, @NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES={0x8, 0x5, 0xd}]}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae8a, &(0x7f00000000c0)={0xfc}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x1c, r4, 0xb3eaee9e9ed11725, 0x70bd29, 0x25c7dbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x64810) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) lseek$auto(0x3, 0x10000000002, 0x20000005) 2.373719779s ago: executing program 1 (id=1417): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) write$auto(0x3, 0x0, 0x1) lseek$auto(r0, 0x100, 0x6) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x20002, 0x0) unshare$auto(0x2) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) shmctl$auto_SHM_STAT(0x9, 0xd, 0x0) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x49e, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 2.263853444s ago: executing program 2 (id=1418): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) rmdir$auto(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00') io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x2, 0xa, 0xfffffffe) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f00000009c0)="8939cc4d36227fdb35e4a7779345a4d999cb1552f41b34b4003355454e96e6647b34e58345a013e46d9380cd77dcd9b5804ab378df5b19fd93b23d547b6a39e0563f1da27d880a0c7a41ada96f5899128a2f138a38855f3a0e5090cfcb022a807fd8d8410e21962aea3354ff7d28917ad17443189afcba863b21eedff9ef8944e15848033f30ec1ce206287db0755992c3d95fa6c7a2ecb44696ce661038bdc304c775605215501e237d8713947274ff5249f4fefe090d0581a07ac675fdc5da272124ae5975977941ead35326b8dd9ef2562c730a1df3116a5e25f19463fb391d3ba275758c4dd50d5bb8ecd6b3b07ebadfc8c978bb7e15a95c5bd06356d6d9d9e89db59312c4f8452f55ba7013b2691ca80c7db06df2026b190ae22bd233128b0459f8e22f77579ee7f7c6054e4eb33480be2d6e034dd96379f65937a7edf67a2d6b9fc5bb4253bb95d4bedd94da5d5cd944ccfa98c65c25dc3ab8fda6e68d77806b21e624aae3a6435c313b15894332942eb58e2bc6a0582aceaeb594578a2908b49a6f2ce66aac2e2ee4cadfc452cb953a51449039dbb5c7e84405d9cb335afbed3384ffc695b954cc51531bb083df05e2af461c2a7a0a697d0d59c565f5cfd3b354f051d5637fd1f72aeb79be3567215c648ae85541c9f3c4856229247b1225d327ed57fa7981424b39ebbb77a0f6ca5778ed0c9713d68aedd19627de8edf485f9155261ede5c803da5ce248f4c93a1b9925ee07d3f42c8f999252655c582ff47da1e6d010449345c4f3a43336547112ef4e8e0bd0829027b6dcb8fb127171eeb7a38470592c8422bc5c9bb784c281d20847eb79fef43fd38aa88f1a8639728267aef7a74fc40cc54cefea2807f598cd25f3c1bd8ab17fc88aac82179057717177355a1103433d8f7468a8f49d7d5dd8093f6882a791ce983aa4e03bf1a91e938b8da4f9cb41d6371579d9feb55636d8626b9e339d5e54a2397537e9b2f5bb846f1d0dd4614ad5f68fa35ea3f366a12eb4d51aad810856db0f11974bda08daf259c9477053847f17074fbbcbce75472cb9acada0b400f4fa85b71a97e7c686b2ba98e3d2bbb905d9e82430a2730d8d3465d9b632ba07fd746b2a394feb76db7501208f559be2a151c205103c4481cae7352f7117e6c626f25f0b3367d50a1ea87a38136b6ca64e1ef51207c0d6c06dfe86336b65caeee24138f1ca0955135c5d2b49743b0e51f98b7a8bd3a5ac50ca3a5d6e8e17cdf154bae7fa031b40b83b285b58eb47277920fc28ef916d5ae8536458577a37b73ae29312fee7885c405417d454e38dbe50ef1a8603e28611bf4d6b63251a1abc190581c6efe832d62d6ce8f6c4a64c7e018427b5fadddc1cec3896ed51c977d9e3f7c0d1e8f8d75693e1ead5a7a3714843fb3517bd0ddc68936c801692cce52ba003036764dc7f016e342a54f99916fc595dba1fc76222c5e814a1b71c6b9b735240e6bf747a900f6048b2836af70c6aa717701312c61c965d8ca1bdafb5d3623b2ee9b7e4a767ed76defd661a9f18bffaeada811ac2ad6731bf96274b019498c5552b38678ff0aedb465713d895595b92e2bc9e1b3acec28f3ee5831951582f2ad1831ddce1300dcc4547ec444eae5c614719be9c3d397fc1db1a76d954cbc9b7a0d7c8d1eab3eeccd70b17dcd7c3543b6d9effbea67c4ade126c6fbfdee281fe3479c3052e68cf8441a50a6adc59dec8de4261a117e0286eea92ecc88230fdfdca1ed438026e238e6dbfdc4772dccb17737c398add9644b47bfb1a3e3a4b1316ec25ea07f90f858736e80dbb9c882701e7188d315391c538469695f33d266550fb873f47a12518717c83bec4e0cce65958d08a0e287df6a08efd979e087814b1822681ba6ea015714fd66af5100967e152262973b065ed349398aa13bb4329b4f56081aba2ba73ede47a2f1b2dbd5daeaf4d4f790a030e3c1fac30da1b5f6149074de6d76b1635adf44016027efd4ac08c93983e0935c1c8b38a675d5c356483539624e1f402439e6a55529a44c17207d6a5f9d0a2b1745ccb5d4e7332a2b2467c9690c9b7fb9fa73b4da5d3eadd347b89bf05a6aacac989ce9f1398729a4b3383c64c64cc68a8638735ebd80fb9ba2ee9e30e65a56d5676f2b607567f2a07adba966b210339d6a8cc404ffdcbf8ac02216239cc9e0abec2e2aa1d27d658913c83ae08657439bf32213d6b3c3fbb37f978a1820d23be11511869e5884ccab0de2a2ac982d58f01e88b54a54b0f50cc0ff699e39f86d74371f1667927ea4ba96af4c98b05e2b1d4115ef892332ab7ac777f1537f3ce78a2889fab969aa6a11f9e855ec1ba09096346fe930737e6760688c91a60bce3f173c24fa1efcbe5d12869ba34883f95e6bc90c61994f6761c305f5de4a0f79f6b3403249190542edd86d7231f0d89d1519ccab3ef35e3dc9e35a5031ab1cb888a8ace8cbe67073c19f8060ea78bf6d6a8970ed1aae35246df0b825d325279ae4c2a838e0e1f40a3c9615b06b2c4e929942a2d820a82ef19d355754caa45119d5e07f9052bf02ed05de6e07bf46758255d8ef077fd04e971b5117f8ef54f20559c98a9c51df5ed7d2db8f2085ce9947b474c7f00f4a1585507e2344a53a597292a338dd39592df962267a835d091dc9f1c5e7a6a0f1215a0015d9083720aee97b7fa1aa7f4fbcf698018980ebe5cd928e6ea1f1c4e6087678cfa687f1f6cea280fb9f24496211fb00b3788bf4ac4cf5d0972c398baa70fc54dc28a9fd3b838a5732b5039602d5049afc135cfef8053a20359287d53bcce117c7c36147288178cef8dac66f4b941333dd74cf2e9e22ce1be287f1ea2c0d5f476ea74a996d5952c98714a9939084f87bb525f287214567bf1da94d8d098640215d14800f09367aaade0f57ad08dc581dc19d21bdd640d1d3cf54336bb0feafc14d9709f719b1212eee75d9f8b958783cce8a535cb6a1b890e002fefa0e60597275ca2d516b28ef1d1ce3f25184b20726cb59ccab574b8d0ffd30fce23936ec84224991a6f9d2fd74def41248726f86e413dd13e9be77f1856fa1b5803312b8a9179914980bb70873a380278f1c6ad42186b14933892427939f83556e9d130607c1b3e1292da5ba6908b642a11d2814b7ea8b7442ae9aaea89948a58cba34807e617404af7e34ecc449be8c403ee536f311af194d63c9120e0268c3f7e2cafc739b6a0575396d61e55707820fe6eb6a71ce094b931d67b8be93937542e3f7e5bb80ab033d979b3c1bff4ff367934c73198fd04571e7a74b9376894d4b0c45a53b7711cecdd98fc87980b82019db23bf4f41ad8182b6861cab9fdb8f882eddc568f5f35e798350857b3818e2e0ef189cf08825355a9ffec231c0f5039b80764f3c7d1f2371fc71216e8f8d83bce4273bcbf22908d81b7c28d664e574e396098ad8fb0bcd68dbc3d1bb0f0bf295df0ae59339381ee231536c7d3b949072a5a2ba5245cb57848dfbb7cbcb7cbdae9b96752c824410eb46f6978051ae5734c278292a90f3c395f098162d4a43c7f449b1cd8208e15fe97c11c25b663a837348b45e059998a10f1c05490dae27b12508decaafec265eb2c22f3df91291922c80e33f479a77078717a7beea74972a7817e791e2cedcaafb43d1bb71ae86242f3375633bdcf0176ef26075446d3cf999df207983af46406defa8aaab0071a24c273a6b2ef78c47efdc0950a3bf486e1f0c26587b8de77a7fbfeb10a22485a6ec662f3afa0508343f9019a8a04118a30c78d89311da9fddfab1cd44f0c2c2f934ba94e88862fb2121893dab164b3edd2d3b0f4658624f6883099353b1bd0e0601f5397c5a5d6689890b207189602ee61524acc886ab1276aecf1a0bb4fbc85ff7e4881a977513ea0abd446b757464f6caa3485c3d08a4dc810ce21d85cfffc4fa07015ae41b1c7a6ba1858566db8ecaa0dd1cd6e5b7e3cc2a344399e89103954e380ee58b62cd508c587c9946b05433af55959a2ad30fb9b521c64f57321a23e4ac9866f356d28b29302f9604303bc66215696874eaf63e7a37056f78ac3034dc63db9315edb5bc7ada518e02b28281893792ac39374220645694c8e437358b5117f1e2d8269125111afc070ff118ec3a38d949c9ca4a7a1ce6dcac1e2a8e63af511d140b23a86cb78a7a47c4a9e2dcd4587ae32a36e47ed7a7a6e84bf1dbc60b0b00773b4bc0c9ebd38f0e8ccaa0eef5199229057f93c12988cd52317e64c9668b74e946a5cf837320f0889a427f84431f20540dc17eeb0587e51bd05ae9478dd42d215849d50cb745dd9d2d90c294a404ec95941d39ffacbe0e02c0fb6b017042986f1bb00e675a26eb0e65654eb130e5ad3b67cf73b89783effdebf50788f5287ebf2b1d96a4a94e37f39a9bfa0e6c95791a6fd5b5bc083af38afd3fb3ae0f17736f020d8b055a8081121d9f5d563cba2d8b803c4c687ea9184aa09445af016c77d946b03fca370c157f3c7b61ada339a9d3b1b5d18d68e3d66db596164720b09b1426bae1b96c7c5c201a5b232742cfcba1c45164165b5f342548354c2e040fc3a9dbb77dd35ae1f84aa89360fbd232637c0522c64088d7e4313311708c5525538c2e0db4d25143306e93492170413f1f85c3e582ca354164e14b5d3bb33fd808a8b608e29f744333fc670f3816829c1a8583a7b158154a988f5b3b97c38add8146f2faa7c30acc309763eee280251c0a1e1b2d26bd377531a00a2dc54696b90045b17bba7e76dcef64714fecd12c3e84bcc7cffa17b18c6bbcc39960f4156ef05e368c4f205e8dc05a668b09548c2ced5927e6dab63a9e196aa42034ac8f4b9fb9ee4d8cd9c0fb435e", 0xd6d) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000b00), r3) ioctl$auto_BLKSSZGET(0xffffffffffffffff, 0x1268, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000380)=""/11, 0xb) sendmsg$auto_GTP_CMD_ECHOREQ(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4091}, 0x80) ioctl$auto_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) 2.044289871s ago: executing program 3 (id=1419): socket(0x5, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f00000011c0)={"8ea04fb36df5554bed21642e5fb6d0061e4aedbc2a1a536dae8b259ab9b62cdc", 0x0, 0x5, 0xffffffce, 0x3, 0x8, 0x0}) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f00000010c0)={"c6f0e7200d89a5b21b80b919cb5599dd0b8c3c4c42c16065b807aa63f5167307", 0x424, 0x80000001, 0xffff8001, 0xf, 0x6, r0}) r2 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x40001, 0x0) writev$auto(r2, &(0x7f0000000080)={0x0, 0x1}, 0x200) syz_open_procfs$namespace(r1, &(0x7f0000001140)='ns/uts\x00') mknod$auto(&(0x7f0000001040)=':,\x00', 0xca, 0xfffffffa) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/bus/usb/028/001\x00', 0xa801, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) setsockopt$auto(0x3, 0x2, 0x2a, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) r3 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r3, &(0x7f0000000040)=""/4096, 0xfffffe82) madvise$auto(0x0, 0xffffffffffff0001, 0x15) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f0000001300)=&(0x7f0000001080)='\x8c\x82\xa5') 1.85316353s ago: executing program 1 (id=1420): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) write$auto(0x3, 0x0, 0x1) lseek$auto(r0, 0x100, 0x6) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x20002, 0x0) unshare$auto(0x2) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) shmctl$auto_SHM_STAT(0x9, 0xd, &(0x7f00000002c0)={{0x2, 0xffffffffffffffff, 0xee00, 0x5, 0x3, 0x925c, 0x8000}, 0x7, 0x2, 0x0, 0xffffffffffff8001, @raw=0x4, @inferred, 0xfff8, 0x0, 0x0, &(0x7f0000000240)="f6e208541e5bed21fe9cd31f56529d9afac2e53a91549e51d648c5fedb1b08759300b4d7383921f9cb3cf930d17b2d5a123da1bb3dc0a1ad02f338623a1e2682469c4be8a2cdc58b54055fc880cc8d1407f62afde7fab15cdb308b3fe673ffdd"}) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x49e, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 1.713770012s ago: executing program 2 (id=1421): openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x40, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2800, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x883, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x18bd01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x20582, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 1.494073096s ago: executing program 2 (id=1422): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) write$auto(0x3, 0x0, 0x1) lseek$auto(r0, 0x100, 0x6) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x20002, 0x0) unshare$auto(0x2) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) shmctl$auto_SHM_STAT(0x9, 0xd, 0x0) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x49e, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 1.37099409s ago: executing program 1 (id=1423): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1001, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/event1\x00', 0x40000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x201, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pidfd_open$auto(0xffffffffffffffff, 0x800) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0xffffffff, 0x9, 0x100000000000000c, 0x8, 0xfffffffffffffffe, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r0, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/nilfs2/features/revision\x00', 0x400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) sigaltstack$auto(0x0, 0x0) getpid() timer_settime$auto(0x2, 0x2, &(0x7f0000000040)={{0x10000}, {0x100, 0x100000000}}, &(0x7f0000000180)={{0x5, 0x3}, {0x7fffffff, 0x7}}) close_range$auto(0x2, 0x8000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/crash_elfcorehdr_size\x00', 0x688140, 0x0) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x100, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, "9fd2047d08e3c87837785e2d1bae11bad8ddf076f192d01b18a3fa2788a247b926647f3a77af92462dbf78325849cc93ce755aed1eab529ad357ba01b8b469a17a2f595b5773ac89dd510b858a09bb52520418ceb4deb249753e5b643d28bfaaef114ca885e7ea35a41086f059f564740fa765ef33218d2c8c3a37c5e70cbb6464434a245f9dbe3c87058ddb7ef3b3c4c416102f5bf127f6b3de512dfb9c5608e1d5e9a4671a6beaf14830ccaaca9c4b993a79f6d2980bedacceef8439897f7875f55ebb2b5cf323afaeb8964be359c2cd3866da6d41042ed7bdb341afdb89b5bb5b1869df0994f24b"}, 0x100}, 0x1, 0x0, 0x0, 0x20008040}, 0x20040000) 689.190837ms ago: executing program 2 (id=1424): socket(0x10, 0x2, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77eeb07c, 0x0) fanotify_init$auto(0x65, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty26\x00', 0xa0e00, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 307.638811ms ago: executing program 1 (id=1425): socket(0x10, 0x2, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0xda25b84c77eeb07c, 0x0) fanotify_init$auto(0x65, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty26\x00', 0xa0e00, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 273.104657ms ago: executing program 0 (id=1426): mmap$auto(0x0, 0x4020009, 0xdb, 0xebe, 0x401, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x83, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/arp\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000100)=""/92, 0x5c) write$auto(0x3, 0x0, 0x1) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) sendfile$auto(0x1, 0x3, 0x0, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x80161, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000040)=0x5) read$auto(0x3, 0x0, 0x80) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) 182.032036ms ago: executing program 2 (id=1427): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x3) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x1, 0x40, &(0x7f0000000200)='\x00\x89e\xad\x97\xc5E\xea=\x0f\xf4\xba4\x05>y/21\xfd\'\xc7\x1c\xaeV`\xc7^\x05\"H\xb8\x12\x99\x1fF\xdc\xc4\x02FV\x04D&9?\xa8d\xc97B\x9f)\xc6\xbb\x15_\xfd\xa5\xaf\xf8\xb8\x8a\x186\xa9\x0eY;\x9a\xe32T\xddn\xa6zK\xef\xf7\x04\x81\xb4\xb7;\x12\x1ch$\xbd\xd1x\x15\xa8\x9c\xba\x83\xa7\xbdwf8\xc03z|\xcd\xbc\xa1+8\xcet\x960\a\x80\x88!\x9e\x96\xcd\xb5dB\xc1L\xb2\xb1\xe6\xf9\x92\xd4\xcd\v0|G\xb7\xc3+\xb5\xa9\xb4E>ry\x8d(\xcb\xadaH<-h\xef8\x0678]`\x1f\xe5\\\x9c\xb4\xbd 6\x9fP\x16\xb5\xa1.;d\xf5F7TgT\x908=l\x89\x05\x03\xcb\x04\x9c\x0e\x04\xb5a\xe6\xa6\x13\xf8\xb2\xe1\xab\vI;\x10\xa7\xcc\x84\x1d\xff(\x1c\x99\x90M\xba\xfe\xaa\x8e\x83\x98\xbb8\xc3\x02\x8d(\xb0\x9c@n\xb7\xd3TF\xc7\x7f\x11\x9e\x00\x00\x00\x00\x00', 0xbb) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) landlock_restrict_self$auto(r1, 0x0) prctl$auto_PR_SET_MM_ENV_START(0x1000, 0xa, 0x0, 0x401, 0xfff) clone$auto(0x10000, 0x2, &(0x7f00000001c0)=0x9, &(0x7f0000000300)=0xfffffffe, 0x7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x5, 0xa, 0x0) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x22, 0xc4633ac14d4adfed, 0xb) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, 0x0, 0x2) r3 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0x40a000, 0x0) ioctl$auto_XFS_IOC_RTGROUP_GEOMETRY(r3, 0xc0805841, &(0x7f0000000140)={0x8, 0x3, 0x0, 0x9, 0x8}) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a) io_uring_register$auto(r2, 0x52a, &(0x7f00000000c0)="1bb2d1bb89671f477fb81c5cce632678544d284013a2d633cbfb4f11e1b269ba68e173e0ce785027d1f093ea2e51f652d3cdd5e99f02221c73e72efa989535ddf83eb444b9aff1d7ac3cec1a1da5d97bbe17e53a5567c3fc2ed38d33fce04113e1ff", 0x1) socket(0x18, 0x5, 0x1) sendto$auto(0x3, 0x0, 0x8, 0x101, 0x0, 0x1c) 175.508561ms ago: executing program 3 (id=1428): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001100)='/sys/power/suspend_stats/failed_suspend_noirq\x00', 0x141500, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/013/001\x00', 0xea02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcsa1\x00', 0x100, 0x0) preadv$auto(r0, &(0x7f0000000240)={0x0, 0x8000}, 0x4, 0x1000000000009, 0x6) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000005e00)={0x8, 0xf1, "82a0d48cb31f0af6"}, 0x80000001) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x80000000}, 0x4) sysfs$auto(0x2, 0x23, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/fs/cifs/DebugData\x00', 0x2000, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000001080)='/dev/audio1\x00', 0x121302, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0) unshare$auto(0x40000080) ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0) read$auto(0x3, 0x0, 0x8080) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) socket(0x1d, 0x2, 0x6) write$auto(0x3, 0x0, 0x81) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) socket(0x8, 0x1, 0x33) socket(0x10, 0x2, 0x0) 0s ago: executing program 1 (id=1429): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fe02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x883, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x69) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x6, 0x0, 0x7, 0x1}, 0x3}, 0x4, 0x20000000) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(0xffffffffffffffff, 0xc004ae0a, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) shutdown$auto(0x200000003, 0x2) mmap$auto(0x5, 0x20006, 0x16, 0x440000000000eb1, 0xffffffffffffffff, 0xc93) kernel console output (not intermixed with test programs): m_cache_alloc_lru_noprof+0x592/0x6e0 [ 81.496965][ T5774] ? __d_alloc+0x34/0xa40 [ 81.497009][ T5774] __d_alloc+0x34/0xa40 [ 81.497049][ T5774] d_alloc_pseudo+0x1c/0xc0 [ 81.497076][ T5774] alloc_file_pseudo+0xcf/0x230 [ 81.497117][ T5774] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 81.497157][ T5774] ? _raw_spin_unlock+0x28/0x50 [ 81.497186][ T5774] ? alloc_fd+0x476/0x790 [ 81.497222][ T5774] __anon_inode_getfile+0xe8/0x280 [ 81.497268][ T5774] do_epoll_create+0x329/0x4b0 [ 81.497320][ T5774] __x64_sys_epoll_create+0x45/0x70 [ 81.497356][ T5774] do_syscall_64+0x10b/0xf80 [ 81.497389][ T5774] ? clear_bhb_loop+0x40/0x90 [ 81.497423][ T5774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.497451][ T5774] RIP: 0033:0x7f747679cdd9 [ 81.497473][ T5774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 81.497499][ T5774] RSP: 002b:00007f747763a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 81.497523][ T5774] RAX: ffffffffffffffda RBX: 00007f7476a15fa0 RCX: 00007f747679cdd9 [ 81.497541][ T5774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000003e [ 81.497557][ T5774] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 81.497573][ T5774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.497590][ T5774] R13: 00007f7476a16038 R14: 00007f7476a15fa0 R15: 00007ffe9c0761c8 [ 81.497633][ T5774] [ 81.775722][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.785452][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.808893][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.860737][ T258] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.886011][ T258] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.962599][ T258] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.980862][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.996889][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.011943][ T258] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.099521][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.133213][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.165421][ T258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.176579][ T258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.304483][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.331031][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.439376][ T258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.452658][ T258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.645755][ T5783] FAULT_INJECTION: forcing a failure. [ 82.645755][ T5783] name failslab, interval 1, probability 0, space 0, times 0 [ 82.661774][ T5783] CPU: 0 UID: 0 PID: 5783 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 82.661809][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 82.661823][ T5783] Call Trace: [ 82.661831][ T5783] [ 82.661845][ T5783] dump_stack_lvl+0x100/0x190 [ 82.661880][ T5783] should_fail_ex.cold+0x5/0xa [ 82.661916][ T5783] should_failslab+0xc2/0x120 [ 82.661947][ T5783] __kvmalloc_node_noprof+0xfa/0xa00 [ 82.661975][ T5783] ? ip_set_net_init+0x8e/0x200 [ 82.662023][ T5783] ? __pfx_ip_set_net_init+0x10/0x10 [ 82.662064][ T5783] ip_set_net_init+0x8e/0x200 [ 82.662103][ T5783] ops_init+0x1e2/0x5f0 [ 82.662137][ T5783] setup_net+0x118/0x3a0 [ 82.662169][ T5783] ? __pfx_setup_net+0x10/0x10 [ 82.662196][ T5783] ? mutex_init_lockdep+0xf1/0x120 [ 82.662241][ T5783] copy_net_ns+0x46f/0x7c0 [ 82.662276][ T5783] create_new_namespaces+0x3ea/0xac0 [ 82.662324][ T5783] unshare_nsproxy_namespaces+0xf2/0x220 [ 82.662369][ T5783] ksys_unshare+0x438/0xab0 [ 82.662415][ T5783] ? __pfx_ksys_unshare+0x10/0x10 [ 82.662453][ T5783] ? xfd_validate_state+0x129/0x190 [ 82.662492][ T5783] __x64_sys_unshare+0x31/0x40 [ 82.662536][ T5783] do_syscall_64+0x10b/0xf80 [ 82.662572][ T5783] ? clear_bhb_loop+0x40/0x90 [ 82.662606][ T5783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.662633][ T5783] RIP: 0033:0x7fcff899cdd9 [ 82.662657][ T5783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 82.662682][ T5783] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 82.662707][ T5783] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 82.662725][ T5783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 82.662743][ T5783] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 82.662760][ T5783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.662776][ T5783] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 82.662806][ T5783] [ 82.715854][ T5788] FAULT_INJECTION: forcing a failure. [ 82.715854][ T5788] name failslab, interval 1, probability 0, space 0, times 0 [ 82.716098][ T5788] CPU: 1 UID: 8 PID: 5788 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 82.716117][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 82.716126][ T5788] Call Trace: [ 82.716130][ T5788] [ 82.716136][ T5788] dump_stack_lvl+0x100/0x190 [ 82.716157][ T5788] should_fail_ex.cold+0x5/0xa [ 82.716176][ T5788] should_failslab+0xc2/0x120 [ 82.716194][ T5788] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 82.716222][ T5788] ? key_alloc+0x3c5/0x1310 [ 82.716237][ T5788] ? mark_held_locks+0x40/0x70 [ 82.716254][ T5788] key_alloc+0x3c5/0x1310 [ 82.716276][ T5788] ? __pfx_key_alloc+0x10/0x10 [ 82.716291][ T5788] ? __pfx_key_default_cmp+0x10/0x10 [ 82.716310][ T5788] ? __pfx_keyring_search_iterator+0x10/0x10 [ 82.716331][ T5788] keyring_alloc+0x44/0xc0 [ 82.716351][ T5788] look_up_user_keyrings+0x508/0x790 [ 82.716377][ T5788] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 82.716407][ T5788] lookup_user_key+0xbb1/0x1300 [ 82.716423][ T5788] ? __pfx_lookup_user_key+0x10/0x10 [ 82.716438][ T5788] ? __pfx_do_futex+0x10/0x10 [ 82.716463][ T5788] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 82.716492][ T5788] ? xfd_validate_state+0x129/0x190 [ 82.716507][ T5788] ? ksys_write+0x1ac/0x250 [ 82.716527][ T5788] keyctl_keyring_unlink+0x1f/0x1b0 [ 82.716549][ T5788] __do_sys_keyctl+0x3dd/0x5a0 [ 82.716572][ T5788] do_syscall_64+0x10b/0xf80 [ 82.716590][ T5788] ? clear_bhb_loop+0x40/0x90 [ 82.716608][ T5788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.716624][ T5788] RIP: 0033:0x7fcff899cdd9 [ 82.716637][ T5788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 82.716650][ T5788] RSP: 002b:00007fcff9866028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 82.716664][ T5788] RAX: ffffffffffffffda RBX: 00007fcff8c16090 RCX: 00007fcff899cdd9 [ 82.716674][ T5788] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000009 [ 82.716683][ T5788] RBP: 00007fcff8a32d69 R08: 0000000000000008 R09: 0000000000000000 [ 82.716692][ T5788] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 82.716701][ T5788] R13: 00007fcff8c16128 R14: 00007fcff8c16090 R15: 00007ffeca87b4e8 [ 82.716720][ T5788] [ 82.747473][ T5789] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2'. [ 82.879165][ T5791] Zero length message leads to an empty skb [ 83.192017][ T5622] Bluetooth: hci1: command tx timeout [ 83.192052][ T5622] Bluetooth: hci2: command tx timeout [ 83.192069][ T5622] Bluetooth: hci0: command tx timeout [ 83.192084][ T5622] Bluetooth: hci3: command tx timeout [ 83.212856][ T5796] smpboot: CPU 1 is now offline [ 83.602825][ T29] audit: type=1800 audit(1778061418.708:2): pid=5799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7" name="lu_gp_id" dev="configfs" ino=8179 res=0 errno=0 [ 84.018753][ T42] cfg80211: failed to load regulatory.db [ 85.360825][ T5823] MTRR 1 not used [ 86.193522][ T5844] mmap: syz.2.16 (5844) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 87.377024][ T5867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23'. [ 87.467218][ T5869] netlink: 354 bytes leftover after parsing attributes in process `syz.2.23'. [ 88.932998][ T5888] block2mtd: illegal erase size [ 90.082193][ T5896] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 91.751282][ T29] audit: type=1800 audit(1778061426.858:3): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.36" name="lu_gp_id" dev="configfs" ino=8981 res=0 errno=0 [ 91.811013][ T5918] kstrtoul() returned -22 for lu_gp_id [ 91.840110][ T5929] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 93.309103][ T5965] netlink: 'syz.0.45': attribute type 1 has an invalid length. [ 93.345512][ T5965] netlink: 9 bytes leftover after parsing attributes in process `syz.0.45'. [ 94.651969][ T5988] random: crng reseeded on system resumption [ 94.831905][ T5994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.52'. [ 94.860876][ T5993] hub 1-0:1.0: USB hub found [ 94.925867][ T5993] hub 1-0:1.0: 1 port detected [ 94.940475][ T5996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.52'. [ 95.265171][ T6002] bridge0: port 3(gretap0) entered blocking state [ 95.322831][ T6002] bridge0: port 3(gretap0) entered disabled state [ 95.383785][ T6006] FAULT_INJECTION: forcing a failure. [ 95.383785][ T6006] name fail_futex, interval 1, probability 0, space 0, times 1 [ 95.409701][ T6002] gretap0: entered allmulticast mode [ 95.446919][ T6002] gretap0: entered promiscuous mode [ 95.479450][ T6002] FAULT_INJECTION: forcing a failure. [ 95.479450][ T6002] name failslab, interval 1, probability 0, space 0, times 0 [ 95.533835][ T6002] CPU: 0 UID: 0 PID: 6002 Comm: syz.3.53 Not tainted syzkaller #0 PREEMPT(full) [ 95.533857][ T6002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 95.533866][ T6002] Call Trace: [ 95.533871][ T6002] [ 95.533877][ T6002] dump_stack_lvl+0x100/0x190 [ 95.533899][ T6002] should_fail_ex.cold+0x5/0xa [ 95.533919][ T6002] should_failslab+0xc2/0x120 [ 95.533937][ T6002] __kmalloc_cache_noprof+0x7a/0x6f0 [ 95.533964][ T6002] ? nbp_vlan_init+0x163/0x500 [ 95.533990][ T6002] nbp_vlan_init+0x163/0x500 [ 95.534012][ T6002] ? __pfx_nbp_vlan_init+0x10/0x10 [ 95.534038][ T6002] ? __local_bh_enable_ip+0x9e/0x120 [ 95.534057][ T6002] ? lockdep_hardirqs_on+0x78/0x100 [ 95.534079][ T6002] ? br_fdb_add_local+0x43/0x60 [ 95.534098][ T6002] ? __local_bh_enable_ip+0x9e/0x120 [ 95.534119][ T6002] br_add_if+0xf79/0x1b40 [ 95.534141][ T6002] ? veth_get_iflink+0x253/0x2c0 [ 95.534163][ T6002] add_del_if+0x114/0x160 [ 95.534178][ T6002] br_dev_siocdevprivate+0x8ac/0x1650 [ 95.534194][ T6002] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 95.534213][ T6002] ? do_raw_spin_lock+0x128/0x260 [ 95.534231][ T6002] ? find_held_lock+0x2b/0x80 [ 95.534249][ T6002] ? debug_mutex_remove_waiter+0xa8/0x320 [ 95.534267][ T6002] ? debug_mutex_remove_waiter+0xa8/0x320 [ 95.534292][ T6002] ? netdev_name_node_lookup+0x107/0x150 [ 95.534313][ T6002] ? __mutex_lock+0x838/0x1b10 [ 95.534335][ T6002] dev_ifsioc+0xc2f/0x1f10 [ 95.534351][ T6002] ? __pfx_dev_ifsioc+0x10/0x10 [ 95.534363][ T6002] ? __pfx___mutex_lock+0x10/0x10 [ 95.534389][ T6002] ? dev_load+0x8e/0x240 [ 95.534400][ T6002] ? dev_load+0x8e/0x240 [ 95.534417][ T6002] dev_ioctl+0x70e/0x1070 [ 95.534433][ T6002] sock_ioctl+0x494/0x6b0 [ 95.534454][ T6002] ? __pfx_sock_ioctl+0x10/0x10 [ 95.534472][ T6002] ? hook_file_ioctl_common+0x149/0x410 [ 95.534492][ T6002] ? __fget_files+0x21f/0x3d0 [ 95.534511][ T6002] ? __pfx_sock_ioctl+0x10/0x10 [ 95.534532][ T6002] __x64_sys_ioctl+0x18e/0x210 [ 95.534548][ T6002] do_syscall_64+0x10b/0xf80 [ 95.534566][ T6002] ? clear_bhb_loop+0x40/0x90 [ 95.534584][ T6002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.534598][ T6002] RIP: 0033:0x7fcb9719cdd9 [ 95.534612][ T6002] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.534625][ T6002] RSP: 002b:00007fcb9803d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.534639][ T6002] RAX: ffffffffffffffda RBX: 00007fcb97416090 RCX: 00007fcb9719cdd9 [ 95.534649][ T6002] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000008 [ 95.534658][ T6002] RBP: 00007fcb97232d69 R08: 0000000000000000 R09: 0000000000000000 [ 95.534667][ T6002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.534675][ T6002] R13: 00007fcb97416128 R14: 00007fcb97416090 R15: 00007ffc832ceed8 [ 95.534695][ T6002] [ 95.536252][ T6002] gretap0: failed to initialize vlan filtering on this port [ 95.848831][ T6006] CPU: 0 UID: 0 PID: 6006 Comm: syz.2.54 Not tainted syzkaller #0 PREEMPT(full) [ 95.848855][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 95.848864][ T6006] Call Trace: [ 95.848869][ T6006] [ 95.848875][ T6006] dump_stack_lvl+0x100/0x190 [ 95.848896][ T6006] should_fail_ex.cold+0x5/0xa [ 95.848922][ T6006] get_futex_key+0x1d2/0x1510 [ 95.848940][ T6006] ? __pfx_get_futex_key+0x10/0x10 [ 95.848955][ T6006] ? pick_eevdf+0x4a9/0x7d0 [ 95.848982][ T6006] futex_wait_setup+0x83/0x510 [ 95.849006][ T6006] __futex_wait+0x19f/0x300 [ 95.849026][ T6006] ? __pfx___futex_wait+0x10/0x10 [ 95.849044][ T6006] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 95.849065][ T6006] ? __pfx_futex_wake_mark+0x10/0x10 [ 95.849087][ T6006] ? find_held_lock+0x2b/0x80 [ 95.849104][ T6006] ? futex_wake+0x456/0x530 [ 95.849126][ T6006] futex_wait+0xe6/0x370 [ 95.849145][ T6006] ? __pfx_futex_wait+0x10/0x10 [ 95.849168][ T6006] ? rcu_is_watching+0x12/0xc0 [ 95.849185][ T6006] ? irqentry_exit+0x246/0x790 [ 95.849203][ T6006] ? lockdep_hardirqs_on+0x78/0x100 [ 95.849222][ T6006] do_futex+0x1ef/0x350 [ 95.849238][ T6006] ? __pfx_do_futex+0x10/0x10 [ 95.849254][ T6006] ? do_set_mempolicy+0x217/0x3d0 [ 95.849270][ T6006] ? __pfx_do_set_mempolicy+0x10/0x10 [ 95.849288][ T6006] __x64_sys_futex+0x34f/0x4d0 [ 95.849307][ T6006] ? __pfx___x64_sys_futex+0x10/0x10 [ 95.849323][ T6006] ? __pfx_kernel_set_mempolicy+0x10/0x10 [ 95.849341][ T6006] ? rcu_is_watching+0x12/0xc0 [ 95.849360][ T6006] do_syscall_64+0x10b/0xf80 [ 95.849378][ T6006] ? clear_bhb_loop+0x40/0x90 [ 95.849395][ T6006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.849410][ T6006] RIP: 0033:0x7fcff899cdd9 [ 95.849422][ T6006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.849436][ T6006] RSP: 002b:00007fcff98660e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 95.849451][ T6006] RAX: ffffffffffffffda RBX: 00007fcff8c16098 RCX: 00007fcff899cdd9 [ 95.849460][ T6006] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcff8c16098 [ 95.849469][ T6006] RBP: 00007fcff8c16090 R08: 0000000000000000 R09: 0000000000000000 [ 95.849477][ T6006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.849485][ T6006] R13: 00007fcff8c16128 R14: 00007ffeca87b400 R15: 00007ffeca87b4e8 [ 95.849503][ T6006] [ 96.833861][ T6002] gretap0: left allmulticast mode [ 97.862357][ T5627] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 98.744471][ T29] audit: type=1800 audit(1778061433.848:4): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.64" name="lu_gp_id" dev="configfs" ino=9573 res=0 errno=0 [ 98.787485][ T6061] kstrtoul() returned -22 for lu_gp_id [ 99.373689][ T6069] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 99.909008][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 101.594547][ T5627] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 101.988866][ T5627] Bluetooth: hci1: command 0x2016 tx timeout [ 102.366459][ T6107] random: crng reseeded on system resumption [ 103.668515][ T4941] Bluetooth: hci3: command 0x2016 tx timeout [ 104.507769][ T6162] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 105.748395][ T4941] Bluetooth: hci3: command 0x2016 tx timeout [ 106.265363][ T29] audit: type=1800 audit(1778061441.368:5): pid=6189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.89" name="lu_gp_id" dev="configfs" ino=10318 res=0 errno=0 [ 108.558152][ T6221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.95'. [ 108.594412][ T5622] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 108.605684][ T6224] vivid-008: ================= START STATUS ================= [ 108.634924][ T6224] vivid-008: ================== END STATUS ================== [ 110.267654][ T6249] netlink: 350 bytes leftover after parsing attributes in process `syz.2.99'. [ 110.705302][ T6222] random: crng reseeded on system resumption [ 110.711971][ T4941] Bluetooth: hci3: command 0x2016 tx timeout [ 112.614687][ T6293] FAULT_INJECTION: forcing a failure. [ 112.614687][ T6293] name failslab, interval 1, probability 0, space 0, times 0 [ 112.673116][ T6293] CPU: 0 UID: 0 PID: 6293 Comm: syz.3.108 Not tainted syzkaller #0 PREEMPT(full) [ 112.673140][ T6293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 112.673149][ T6293] Call Trace: [ 112.673154][ T6293] [ 112.673160][ T6293] dump_stack_lvl+0x100/0x190 [ 112.673181][ T6293] should_fail_ex.cold+0x5/0xa [ 112.673200][ T6293] should_failslab+0xc2/0x120 [ 112.673218][ T6293] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 112.673240][ T6293] ? alloc_vfsmnt+0x23/0x6a0 [ 112.673265][ T6293] alloc_vfsmnt+0x23/0x6a0 [ 112.673288][ T6293] fc_mount_longterm+0x154/0x270 [ 112.673313][ T6293] mq_init_ns+0x482/0x820 [ 112.673338][ T6293] copy_ipcs+0x3dd/0x7e0 [ 112.673352][ T6293] create_new_namespaces+0x20a/0xac0 [ 112.673373][ T6293] ? security_capable+0x80/0x260 [ 112.673395][ T6293] copy_namespaces+0x468/0x5e0 [ 112.673414][ T6293] copy_process+0x3531/0x7e00 [ 112.673433][ T6293] ? futex_unqueue+0x133/0x2c0 [ 112.673457][ T6293] ? __pfx_copy_process+0x10/0x10 [ 112.673481][ T6293] ? _copy_from_user+0x59/0xd0 [ 112.673507][ T6293] kernel_clone+0x12e/0x9c0 [ 112.673527][ T6293] ? futex_hash+0x141/0x370 [ 112.673539][ T6293] ? __pfx_kernel_clone+0x10/0x10 [ 112.673562][ T6293] ? __pfx_futex_wait+0x10/0x10 [ 112.673585][ T6293] __do_sys_clone3+0x214/0x290 [ 112.673605][ T6293] ? __pfx___do_sys_clone3+0x10/0x10 [ 112.673644][ T6293] ? rcu_is_watching+0x12/0xc0 [ 112.673663][ T6293] do_syscall_64+0x10b/0xf80 [ 112.673681][ T6293] ? clear_bhb_loop+0x40/0x90 [ 112.673699][ T6293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.673714][ T6293] RIP: 0033:0x7fcb9719cdd9 [ 112.673726][ T6293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.673740][ T6293] RSP: 002b:00007fcb9805def8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 112.673754][ T6293] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fcb9719cdd9 [ 112.673763][ T6293] RDX: 00007fcb9805df10 RSI: 0000000000000058 RDI: 00007fcb9805df10 [ 112.673772][ T6293] RBP: 00007fcb97232d69 R08: 0000000000000000 R09: 0000000000000058 [ 112.673780][ T6293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.673788][ T6293] R13: 00007fcb97416038 R14: 00007fcb97415fa0 R15: 00007ffc832ceed8 [ 112.673807][ T6293] [ 112.952756][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 113.010150][ T6302] netlink: 29 bytes leftover after parsing attributes in process `syz.0.111'. [ 113.719634][ T6324] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 114.209801][ T6332] vivid-008: ================= START STATUS ================= [ 114.217611][ T4941] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 114.250402][ T6332] vivid-008: ================== END STATUS ================== [ 114.262255][ T6329] process 'syz.1.115' launched ':,' with NULL argv: empty string added [ 116.229092][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 116.248124][ T6328] random: crng reseeded on system resumption [ 117.025043][ T6378] block2mtd: illegal erase size [ 118.064937][ T6391] FAULT_INJECTION: forcing a failure. [ 118.064937][ T6391] name failslab, interval 1, probability 0, space 0, times 0 [ 118.123558][ T6391] CPU: 0 UID: 0 PID: 6391 Comm: syz.0.127 Not tainted syzkaller #0 PREEMPT(full) [ 118.123581][ T6391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 118.123590][ T6391] Call Trace: [ 118.123596][ T6391] [ 118.123602][ T6391] dump_stack_lvl+0x100/0x190 [ 118.123633][ T6391] should_fail_ex.cold+0x5/0xa [ 118.123653][ T6391] should_failslab+0xc2/0x120 [ 118.123671][ T6391] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 118.123692][ T6391] ? alloc_empty_file+0x5b/0x1c0 [ 118.123715][ T6391] ? __pfx_stack_trace_save+0x10/0x10 [ 118.123737][ T6391] alloc_empty_file+0x5b/0x1c0 [ 118.123759][ T6391] path_openat+0xe8/0x31a0 [ 118.123776][ T6391] ? kasan_save_stack+0x3f/0x50 [ 118.123790][ T6391] ? kasan_save_stack+0x30/0x50 [ 118.123803][ T6391] ? kasan_save_track+0x14/0x30 [ 118.123822][ T6391] ? __kasan_slab_alloc+0x89/0x90 [ 118.123836][ T6391] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 118.123858][ T6391] ? do_getname+0x35/0x390 [ 118.123878][ T6391] ? do_sys_openat2+0xc5/0x1e0 [ 118.123900][ T6391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.123918][ T6391] ? __pfx_path_openat+0x10/0x10 [ 118.123942][ T6391] do_file_open+0x20e/0x430 [ 118.123961][ T6391] ? __pfx_do_file_open+0x10/0x10 [ 118.123992][ T6391] ? alloc_fd+0x476/0x790 [ 118.124011][ T6391] ? do_getname+0x191/0x390 [ 118.124033][ T6391] do_sys_openat2+0x10d/0x1e0 [ 118.124054][ T6391] ? __pfx_do_sys_openat2+0x10/0x10 [ 118.124082][ T6391] __x64_sys_openat+0x12d/0x210 [ 118.124105][ T6391] ? __pfx___x64_sys_openat+0x10/0x10 [ 118.124126][ T6391] ? ksys_write+0x1ac/0x250 [ 118.124144][ T6391] ? rcu_is_watching+0x12/0xc0 [ 118.124164][ T6391] do_syscall_64+0x10b/0xf80 [ 118.124182][ T6391] ? clear_bhb_loop+0x40/0x90 [ 118.124200][ T6391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.124214][ T6391] RIP: 0033:0x7f747679cdd9 [ 118.124231][ T6391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.124249][ T6391] RSP: 002b:00007f7477619028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 118.124264][ T6391] RAX: ffffffffffffffda RBX: 00007f7476a16090 RCX: 00007f747679cdd9 [ 118.124273][ T6391] RDX: 0000000000000e01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 118.124282][ T6391] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 118.124291][ T6391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.124299][ T6391] R13: 00007f7476a16128 R14: 00007f7476a16090 R15: 00007ffe9c0761c8 [ 118.124319][ T6391] [ 118.463746][ T5622] Bluetooth: hci0: command 0x2016 tx timeout [ 118.725496][ T6402] netlink: zone id is out of range [ 118.744950][ T6402] netlink: zone id is out of range [ 118.762507][ T6402] netlink: zone id is out of range [ 118.772720][ T6402] netlink: zone id is out of range [ 118.788014][ T6402] netlink: zone id is out of range [ 118.802051][ T6402] netlink: zone id is out of range [ 118.818624][ T6402] netlink: zone id is out of range [ 118.830673][ T6402] netlink: zone id is out of range [ 118.842583][ T6402] netlink: zone id is out of range [ 118.867253][ T6402] netlink: zone id is out of range [ 119.667756][ T6409] netlink: 342 bytes leftover after parsing attributes in process `syz.1.131'. [ 120.810882][ T6432] FAULT_INJECTION: forcing a failure. [ 120.810882][ T6432] name failslab, interval 1, probability 0, space 0, times 0 [ 120.904386][ T6432] CPU: 0 UID: 0 PID: 6432 Comm: syz.3.136 Not tainted syzkaller #0 PREEMPT(full) [ 120.904408][ T6432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 120.904418][ T6432] Call Trace: [ 120.904423][ T6432] [ 120.904429][ T6432] dump_stack_lvl+0x100/0x190 [ 120.904451][ T6432] should_fail_ex.cold+0x5/0xa [ 120.904471][ T6432] should_failslab+0xc2/0x120 [ 120.904488][ T6432] __kmalloc_node_noprof+0xe6/0x850 [ 120.904518][ T6432] ? alloc_slab_obj_exts+0xae/0x270 [ 120.904543][ T6432] alloc_slab_obj_exts+0xae/0x270 [ 120.904565][ T6432] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 120.904591][ T6432] ? kasan_save_track+0x14/0x30 [ 120.904606][ T6432] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 120.904629][ T6432] ? alloc_inode+0x183/0x250 [ 120.904655][ T6432] alloc_inode+0x183/0x250 [ 120.904676][ T6432] path_from_stashed+0x25b/0x750 [ 120.904695][ T6432] ? do_raw_spin_unlock+0x145/0x1e0 [ 120.904718][ T6432] ns_get_path+0x60/0x80 [ 120.904737][ T6432] proc_ns_get_link+0x121/0x230 [ 120.904754][ T6432] ? __pfx_proc_ns_get_link+0x10/0x10 [ 120.904771][ T6432] ? atime_needs_update+0x8b/0x6b0 [ 120.904787][ T6432] pick_link+0xd17/0x13c0 [ 120.904801][ T6432] ? __pfx_proc_ns_get_link+0x10/0x10 [ 120.904818][ T6432] step_into_slowpath+0x9ba/0xf90 [ 120.904837][ T6432] ? __pfx_step_into_slowpath+0x10/0x10 [ 120.904852][ T6432] ? find_held_lock+0x2b/0x80 [ 120.904876][ T6432] path_openat+0xf95/0x31a0 [ 120.904899][ T6432] ? __pfx_path_openat+0x10/0x10 [ 120.904924][ T6432] do_file_open+0x20e/0x430 [ 120.904943][ T6432] ? __pfx_do_file_open+0x10/0x10 [ 120.904973][ T6432] ? alloc_fd+0x476/0x790 [ 120.904991][ T6432] ? do_getname+0x191/0x390 [ 120.905013][ T6432] do_sys_openat2+0x10d/0x1e0 [ 120.905035][ T6432] ? __pfx_do_sys_openat2+0x10/0x10 [ 120.905058][ T6432] ? __fget_files+0x21f/0x3d0 [ 120.905078][ T6432] __x64_sys_openat+0x12d/0x210 [ 120.905100][ T6432] ? __pfx___x64_sys_openat+0x10/0x10 [ 120.905125][ T6432] ? rcu_is_watching+0x12/0xc0 [ 120.905145][ T6432] do_syscall_64+0x10b/0xf80 [ 120.905163][ T6432] ? clear_bhb_loop+0x40/0x90 [ 120.905180][ T6432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.905196][ T6432] RIP: 0033:0x7fcb9715d60e [ 120.905208][ T6432] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 120.905222][ T6432] RSP: 002b:00007fcb9805dec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 120.905236][ T6432] RAX: ffffffffffffffda RBX: 00007fcb9805e6c0 RCX: 00007fcb9715d60e [ 120.905246][ T6432] RDX: 0000000000000002 RSI: 00007fcb9805df90 RDI: ffffffffffffff9c [ 120.905255][ T6432] RBP: 00007fcb97232d69 R08: 0000000000000000 R09: 0000000000000000 [ 120.905264][ T6432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.905272][ T6432] R13: 00007fcb97416038 R14: 00007fcb97415fa0 R15: 00007ffc832ceed8 [ 120.905291][ T6432] [ 124.083455][ T6527] WARNING! power/level is deprecated; use power/control instead [ 124.865052][ T6545] block2mtd: illegal erase size [ 127.251994][ T6587] random: crng reseeded on system resumption [ 127.394859][ T6587] hub 1-0:1.0: USB hub found [ 127.448258][ T6587] hub 1-0:1.0: 1 port detected [ 128.203534][ T6601] FAULT_INJECTION: forcing a failure. [ 128.203534][ T6601] name failslab, interval 1, probability 0, space 0, times 0 [ 128.267671][ T6601] CPU: 0 UID: 0 PID: 6601 Comm: syz.0.173 Not tainted syzkaller #0 PREEMPT(full) [ 128.267693][ T6601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 128.267703][ T6601] Call Trace: [ 128.267708][ T6601] [ 128.267713][ T6601] dump_stack_lvl+0x100/0x190 [ 128.267735][ T6601] should_fail_ex.cold+0x5/0xa [ 128.267754][ T6601] should_failslab+0xc2/0x120 [ 128.267772][ T6601] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 128.267802][ T6601] ? alloc_empty_file+0x5b/0x1c0 [ 128.267827][ T6601] ? __pfx_stack_trace_save+0x10/0x10 [ 128.267851][ T6601] alloc_empty_file+0x5b/0x1c0 [ 128.267873][ T6601] path_openat+0xe8/0x31a0 [ 128.267889][ T6601] ? kasan_save_stack+0x3f/0x50 [ 128.267903][ T6601] ? kasan_save_stack+0x30/0x50 [ 128.267915][ T6601] ? kasan_save_track+0x14/0x30 [ 128.267928][ T6601] ? __kasan_slab_alloc+0x89/0x90 [ 128.267942][ T6601] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 128.267963][ T6601] ? do_getname+0x35/0x390 [ 128.267982][ T6601] ? do_sys_openat2+0xc5/0x1e0 [ 128.268003][ T6601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.268020][ T6601] ? __pfx_path_openat+0x10/0x10 [ 128.268044][ T6601] do_file_open+0x20e/0x430 [ 128.268063][ T6601] ? __pfx_do_file_open+0x10/0x10 [ 128.268094][ T6601] ? alloc_fd+0x476/0x790 [ 128.268112][ T6601] ? do_getname+0x191/0x390 [ 128.268134][ T6601] do_sys_openat2+0x10d/0x1e0 [ 128.268155][ T6601] ? __pfx_do_sys_openat2+0x10/0x10 [ 128.268183][ T6601] __x64_sys_openat+0x12d/0x210 [ 128.268205][ T6601] ? __pfx___x64_sys_openat+0x10/0x10 [ 128.268226][ T6601] ? ksys_write+0x1ac/0x250 [ 128.268245][ T6601] ? rcu_is_watching+0x12/0xc0 [ 128.268265][ T6601] do_syscall_64+0x10b/0xf80 [ 128.268283][ T6601] ? clear_bhb_loop+0x40/0x90 [ 128.268300][ T6601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.268315][ T6601] RIP: 0033:0x7f747679cdd9 [ 128.268328][ T6601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.268341][ T6601] RSP: 002b:00007f747763a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.268356][ T6601] RAX: ffffffffffffffda RBX: 00007f7476a15fa0 RCX: 00007f747679cdd9 [ 128.268366][ T6601] RDX: 0000000000038000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 128.268375][ T6601] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 128.268383][ T6601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.268392][ T6601] R13: 00007f7476a16038 R14: 00007f7476a15fa0 R15: 00007ffe9c0761c8 [ 128.268411][ T6601] [ 130.940250][ T6635] block2mtd: illegal erase size [ 131.009681][ T6629] MTRR 1 not used [ 132.598561][ T6648] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 132.791643][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.800743][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.111390][ T6672] netlink: 342 bytes leftover after parsing attributes in process `syz.0.179'. [ 137.216431][ T6729] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.977006][ T6751] Ɖ [ 142.206746][ T6816] binder: 6813:6816 ioctl 400c620e 2000000003c0 returned -22 [ 145.549350][ T6869] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 146.635438][ T6882] netlink: 28 bytes leftover after parsing attributes in process `syz.3.219'. [ 151.602051][ T6977] block2mtd: illegal erase size [ 152.434141][ T6985] binder: 6981:6985 ioctl c00c620f 2000000001c0 returned -22 [ 154.614337][ T7016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'. [ 161.227448][ T7135] block2mtd: illegal erase size [ 161.925341][ T7143] netlink: 'syz.0.277': attribute type 11 has an invalid length. [ 161.990949][ T7143] netlink: 'syz.0.277': attribute type 11 has an invalid length. [ 162.076217][ T7143] netlink: 'syz.0.277': attribute type 11 has an invalid length. [ 162.923587][ T7143] netlink: 504 bytes leftover after parsing attributes in process `syz.0.277'. [ 163.272192][ T7159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'. [ 163.481356][ T7167] zram: Removed device: zram0 [ 164.426375][ T7185] zswap: compressor not available [ 165.876375][ T7211] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 166.276242][ T7225] FAULT_INJECTION: forcing a failure. [ 166.276242][ T7225] name failslab, interval 1, probability 0, space 0, times 0 [ 166.374199][ T7225] CPU: 0 UID: 0 PID: 7225 Comm: syz.2.298 Not tainted syzkaller #0 PREEMPT(full) [ 166.374220][ T7225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 166.374230][ T7225] Call Trace: [ 166.374235][ T7225] [ 166.374241][ T7225] dump_stack_lvl+0x100/0x190 [ 166.374262][ T7225] should_fail_ex.cold+0x5/0xa [ 166.374283][ T7225] should_failslab+0xc2/0x120 [ 166.374302][ T7225] __kvmalloc_node_noprof+0xfa/0xa00 [ 166.374317][ T7225] ? alloc_netdev_mqs+0xb4a/0x1560 [ 166.374333][ T7225] ? lockdep_init_map_type+0x5c/0x250 [ 166.374351][ T7225] ? __pfx_ppp_setup+0x10/0x10 [ 166.374369][ T7225] alloc_netdev_mqs+0xb4a/0x1560 [ 166.374388][ T7225] ppp_ioctl+0x954/0x27c0 [ 166.374412][ T7225] ? find_held_lock+0x2b/0x80 [ 166.374431][ T7225] ? __pfx_ppp_ioctl+0x10/0x10 [ 166.374455][ T7225] ? __fget_files+0x21f/0x3d0 [ 166.374475][ T7225] ? __pfx_ppp_ioctl+0x10/0x10 [ 166.374496][ T7225] __x64_sys_ioctl+0x18e/0x210 [ 166.374516][ T7225] do_syscall_64+0x10b/0xf80 [ 166.374534][ T7225] ? clear_bhb_loop+0x40/0x90 [ 166.374553][ T7225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.374568][ T7225] RIP: 0033:0x7fcff899cdd9 [ 166.374581][ T7225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.374594][ T7225] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.374609][ T7225] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 166.374618][ T7225] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 000000000000000a [ 166.374626][ T7225] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 166.374635][ T7225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.374643][ T7225] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 166.374662][ T7225] [ 168.357134][ T4941] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 170.049735][ T7300] FAULT_INJECTION: forcing a failure. [ 170.049735][ T7300] name failslab, interval 1, probability 0, space 0, times 0 [ 170.355184][ T7300] CPU: 0 UID: 0 PID: 7300 Comm: syz.2.315 Not tainted syzkaller #0 PREEMPT(full) [ 170.355207][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 170.355216][ T7300] Call Trace: [ 170.355221][ T7300] [ 170.355227][ T7300] dump_stack_lvl+0x100/0x190 [ 170.355249][ T7300] should_fail_ex.cold+0x5/0xa [ 170.355268][ T7300] ? tomoyo_encode2+0xfb/0x3c0 [ 170.355286][ T7300] should_failslab+0xc2/0x120 [ 170.355306][ T7300] __kmalloc_noprof+0xe0/0x850 [ 170.355333][ T7300] tomoyo_encode2+0xfb/0x3c0 [ 170.355352][ T7300] tomoyo_encode+0x29/0x50 [ 170.355368][ T7300] tomoyo_mount_acl+0x14c/0x8b0 [ 170.355384][ T7300] ? is_bpf_text_address+0x8a/0x1a0 [ 170.355404][ T7300] ? bpf_ksym_find+0x124/0x1c0 [ 170.355419][ T7300] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 170.355441][ T7300] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 170.355456][ T7300] ? kernel_text_address+0x8d/0x100 [ 170.355470][ T7300] ? make_vfsuid+0xec/0x140 [ 170.355484][ T7300] ? unwind_get_return_address+0x59/0xa0 [ 170.355524][ T7300] ? tomoyo_domain+0xb2/0x150 [ 170.355543][ T7300] ? tomoyo_profile+0x47/0x60 [ 170.355564][ T7300] tomoyo_mount_permission+0x214/0x460 [ 170.355579][ T7300] ? tomoyo_mount_permission+0x1f6/0x460 [ 170.355597][ T7300] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 170.355624][ T7300] security_sb_mount+0xdd/0x270 [ 170.355647][ T7300] path_mount+0x158/0x23d0 [ 170.355670][ T7300] ? __pfx_path_mount+0x10/0x10 [ 170.355688][ T7300] ? lockdep_hardirqs_on+0x78/0x100 [ 170.355709][ T7300] ? putname+0xb1/0x110 [ 170.355726][ T7300] ? kmem_cache_free+0x127/0x6c0 [ 170.355753][ T7300] ? __x64_sys_mount+0x293/0x310 [ 170.355772][ T7300] __x64_sys_mount+0x293/0x310 [ 170.355792][ T7300] ? __pfx___x64_sys_mount+0x10/0x10 [ 170.355815][ T7300] ? rcu_is_watching+0x12/0xc0 [ 170.355834][ T7300] do_syscall_64+0x10b/0xf80 [ 170.355852][ T7300] ? clear_bhb_loop+0x40/0x90 [ 170.355869][ T7300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.355884][ T7300] RIP: 0033:0x7fcff899cdd9 [ 170.355897][ T7300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 170.355910][ T7300] RSP: 002b:00007fcff9824028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 170.355925][ T7300] RAX: ffffffffffffffda RBX: 00007fcff8c16270 RCX: 00007fcff899cdd9 [ 170.355934][ T7300] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000000000000000 [ 170.355943][ T7300] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 170.355952][ T7300] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 170.355960][ T7300] R13: 00007fcff8c16308 R14: 00007fcff8c16270 R15: 00007ffeca87b4e8 [ 170.355978][ T7300] [ 170.994023][ T4941] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 172.266319][ T7353] FAULT_INJECTION: forcing a failure. [ 172.266319][ T7353] name failslab, interval 1, probability 0, space 0, times 0 [ 172.315710][ T7353] CPU: 0 UID: 0 PID: 7353 Comm: syz.3.327 Not tainted syzkaller #0 PREEMPT(full) [ 172.315732][ T7353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 172.315741][ T7353] Call Trace: [ 172.315747][ T7353] [ 172.315753][ T7353] dump_stack_lvl+0x100/0x190 [ 172.315775][ T7353] should_fail_ex.cold+0x5/0xa [ 172.315795][ T7353] should_failslab+0xc2/0x120 [ 172.315813][ T7353] __kmalloc_cache_noprof+0x7a/0x6f0 [ 172.315834][ T7353] ? wakeup_source_register+0x4c/0x3e0 [ 172.315853][ T7353] wakeup_source_register+0x4c/0x3e0 [ 172.315870][ T7353] ep_create_wakeup_source+0x1df/0x2e0 [ 172.315890][ T7353] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 172.315910][ T7353] ? do_epoll_ctl+0x1012/0x36a0 [ 172.315929][ T7353] ? do_epoll_ctl+0x1012/0x36a0 [ 172.315951][ T7353] do_epoll_ctl+0x1eee/0x36a0 [ 172.315978][ T7353] ? __pfx_do_epoll_ctl+0x10/0x10 [ 172.315996][ T7353] ? find_held_lock+0x2b/0x80 [ 172.316014][ T7353] ? __might_fault+0xc5/0x140 [ 172.316034][ T7353] ? __might_fault+0xc5/0x140 [ 172.316062][ T7353] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 172.316081][ T7353] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 172.316100][ T7353] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 172.316121][ T7353] ? rcu_is_watching+0x12/0xc0 [ 172.316141][ T7353] do_syscall_64+0x10b/0xf80 [ 172.316159][ T7353] ? clear_bhb_loop+0x40/0x90 [ 172.316176][ T7353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.316191][ T7353] RIP: 0033:0x7fcb9719cdd9 [ 172.316205][ T7353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 172.316220][ T7353] RSP: 002b:00007fcb9805e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 172.316235][ T7353] RAX: ffffffffffffffda RBX: 00007fcb97415fa0 RCX: 00007fcb9719cdd9 [ 172.316244][ T7353] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000008 [ 172.316252][ T7353] RBP: 00007fcb97232d69 R08: 0000000000000000 R09: 0000000000000000 [ 172.316261][ T7353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.316269][ T7353] R13: 00007fcb97416038 R14: 00007fcb97415fa0 R15: 00007ffc832ceed8 [ 172.316288][ T7353] [ 172.991661][ T7361] FAULT_INJECTION: forcing a failure. [ 172.991661][ T7361] name failslab, interval 1, probability 0, space 0, times 0 [ 173.059994][ T7361] CPU: 0 UID: 0 PID: 7361 Comm: syz.1.328 Not tainted syzkaller #0 PREEMPT(full) [ 173.060017][ T7361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 173.060026][ T7361] Call Trace: [ 173.060031][ T7361] [ 173.060037][ T7361] dump_stack_lvl+0x100/0x190 [ 173.060058][ T7361] should_fail_ex.cold+0x5/0xa [ 173.060078][ T7361] ? tomoyo_encode2+0xfb/0x3c0 [ 173.060096][ T7361] should_failslab+0xc2/0x120 [ 173.060113][ T7361] __kmalloc_noprof+0xe0/0x850 [ 173.060141][ T7361] tomoyo_encode2+0xfb/0x3c0 [ 173.060161][ T7361] tomoyo_encode+0x29/0x50 [ 173.060180][ T7361] tomoyo_mount_acl+0x14c/0x8b0 [ 173.060196][ T7361] ? is_bpf_text_address+0x8a/0x1a0 [ 173.060216][ T7361] ? bpf_ksym_find+0x124/0x1c0 [ 173.060231][ T7361] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 173.060253][ T7361] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 173.060268][ T7361] ? kernel_text_address+0x8d/0x100 [ 173.060283][ T7361] ? make_vfsuid+0xec/0x140 [ 173.060296][ T7361] ? unwind_get_return_address+0x59/0xa0 [ 173.060333][ T7361] ? tomoyo_domain+0xb2/0x150 [ 173.060352][ T7361] ? tomoyo_profile+0x47/0x60 [ 173.060373][ T7361] tomoyo_mount_permission+0x214/0x460 [ 173.060389][ T7361] ? tomoyo_mount_permission+0x1f6/0x460 [ 173.060406][ T7361] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 173.060433][ T7361] security_sb_mount+0xdd/0x270 [ 173.060457][ T7361] path_mount+0x158/0x23d0 [ 173.060488][ T7361] ? __pfx_path_mount+0x10/0x10 [ 173.060507][ T7361] ? lockdep_hardirqs_on+0x78/0x100 [ 173.060529][ T7361] ? putname+0xb1/0x110 [ 173.060546][ T7361] ? kmem_cache_free+0x127/0x6c0 [ 173.060574][ T7361] ? __x64_sys_mount+0x293/0x310 [ 173.060593][ T7361] __x64_sys_mount+0x293/0x310 [ 173.060614][ T7361] ? __pfx___x64_sys_mount+0x10/0x10 [ 173.060635][ T7361] ? rcu_is_watching+0x12/0xc0 [ 173.060655][ T7361] do_syscall_64+0x10b/0xf80 [ 173.060673][ T7361] ? clear_bhb_loop+0x40/0x90 [ 173.060690][ T7361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.060705][ T7361] RIP: 0033:0x7f561cd9cdd9 [ 173.060718][ T7361] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.060731][ T7361] RSP: 002b:00007f561abb2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 173.060746][ T7361] RAX: ffffffffffffffda RBX: 00007f561d016270 RCX: 00007f561cd9cdd9 [ 173.060755][ T7361] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000000000000000 [ 173.060764][ T7361] RBP: 00007f561ce32d69 R08: 0000000000000000 R09: 0000000000000000 [ 173.060772][ T7361] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 173.060780][ T7361] R13: 00007f561d016308 R14: 00007f561d016270 R15: 00007fff57405018 [ 173.060800][ T7361] [ 175.902492][ T7401] block2mtd: illegal erase size [ 176.686972][ T5622] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 176.766538][ T7416] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(1768304430.3171692.0), cmd(2) [ 177.800143][ T7421] syz.0.341 (7421) used greatest stack depth: 19720 bytes left [ 179.117502][ T7463] block2mtd: illegal erase size [ 180.633310][ T7479] netlink: 'syz.1.356': attribute type 11 has an invalid length. [ 180.753598][ T7479] netlink: 'syz.1.356': attribute type 11 has an invalid length. [ 181.142371][ T7479] netlink: 'syz.1.356': attribute type 11 has an invalid length. [ 182.215339][ T7479] netlink: 504 bytes leftover after parsing attributes in process `syz.1.356'. [ 182.531648][ T7497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.361'. [ 182.585054][ T7497] netlink: 13 bytes leftover after parsing attributes in process `syz.3.361'. [ 183.485400][ T5622] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 183.962522][ T7520] block2mtd: illegal erase size [ 186.170866][ T5622] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 186.178861][ T5622] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 187.206228][ T7570] netlink: 28 bytes leftover after parsing attributes in process `syz.0.378'. [ 188.360624][ T7598] netlink: 25 bytes leftover after parsing attributes in process `syz.0.385'. [ 191.290350][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.398'. [ 191.332966][ T7639] netlink: 13 bytes leftover after parsing attributes in process `syz.2.398'. [ 192.225047][ T7643] netlink: 28 bytes leftover after parsing attributes in process `syz.1.394'. [ 193.292231][ T7654] netlink: 342 bytes leftover after parsing attributes in process `syz.3.400'. [ 193.559092][ T7684] can0: slcan on pty238. [ 193.759551][ T7683] can0 (unregistered): slcan off pty238. [ 194.237053][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.246718][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.676809][ T7732] sd 0:0:1:0: PR command failed: 1026 [ 195.728196][ T7732] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 195.793967][ T7732] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 198.008457][ T7748] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 198.095655][ T7748] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 198.316679][ T7748] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 198.458832][ T7748] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 198.543295][ T7748] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 198.565635][ T7748] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 198.595542][ T7748] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 198.632565][ T7748] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 198.667354][ T7748] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 198.685825][ T7748] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 198.721919][ T7748] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 198.758585][ T7748] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 198.781604][ T7748] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 198.803609][ T7748] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 198.846543][ T7748] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 198.873665][ T7748] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 199.908797][ T5622] Bluetooth: hci0: command 0x2016 tx timeout [ 200.552733][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 200.707874][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 200.788069][ T5622] Bluetooth: hci2: command 0x0c1a tx timeout [ 201.988129][ T5622] Bluetooth: hci0: command 0x2016 tx timeout [ 202.628536][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 202.790157][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 202.868029][ T5622] Bluetooth: hci2: command 0x0c1a tx timeout [ 203.438826][ T7835] netlink: 28 bytes leftover after parsing attributes in process `syz.3.435'. [ 203.692629][ T7835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 203.778523][ T7835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 203.820909][ T7835] bond0 (unregistering): Released all slaves [ 203.926424][ T7840] netlink: 342 bytes leftover after parsing attributes in process `syz.0.437'. [ 204.068037][ T5622] Bluetooth: hci0: command 0x2016 tx timeout [ 204.285287][ T7844] input input6: cannot allocate more than FF_MAX_EFFECTS effects [ 204.708013][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 204.874620][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 204.947911][ T5622] Bluetooth: hci2: command 0x0c1a tx timeout [ 204.989466][ T29] audit: type=1800 audit(1778061540.098:6): pid=7861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.442" name="dummy_udc" dev="gadgetfs" ino=6557 res=0 errno=0 [ 205.543504][ T7866] FAULT_INJECTION: forcing a failure. [ 205.543504][ T7866] name failslab, interval 1, probability 0, space 0, times 0 [ 205.627024][ T7866] CPU: 0 UID: 0 PID: 7866 Comm: syz.0.444 Not tainted syzkaller #0 PREEMPT(full) [ 205.627046][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 205.627067][ T7866] Call Trace: [ 205.627072][ T7866] [ 205.627078][ T7866] dump_stack_lvl+0x100/0x190 [ 205.627100][ T7866] should_fail_ex.cold+0x5/0xa [ 205.627120][ T7866] should_failslab+0xc2/0x120 [ 205.627138][ T7866] __kmalloc_cache_noprof+0x7a/0x6f0 [ 205.627158][ T7866] ? trace_pid_list_alloc+0x9d/0x480 [ 205.627182][ T7866] trace_pid_list_alloc+0x9d/0x480 [ 205.627204][ T7866] trace_pid_write+0x110/0x460 [ 205.627225][ T7866] ? __pfx_trace_pid_write+0x10/0x10 [ 205.627257][ T7866] event_pid_write.isra.0+0x1e4/0x7d0 [ 205.627279][ T7866] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 205.627306][ T7866] vfs_write+0x2aa/0x1070 [ 205.627323][ T7866] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 205.627346][ T7866] ? __pfx_vfs_write+0x10/0x10 [ 205.627362][ T7866] ? __fget_files+0x215/0x3d0 [ 205.627390][ T7866] ? __fget_files+0x21f/0x3d0 [ 205.627412][ T7866] ksys_write+0x12a/0x250 [ 205.627429][ T7866] ? __pfx_ksys_write+0x10/0x10 [ 205.627448][ T7866] ? rcu_is_watching+0x12/0xc0 [ 205.627469][ T7866] do_syscall_64+0x10b/0xf80 [ 205.627487][ T7866] ? clear_bhb_loop+0x40/0x90 [ 205.627505][ T7866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.627519][ T7866] RIP: 0033:0x7f747679cdd9 [ 205.627532][ T7866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.627546][ T7866] RSP: 002b:00007f747763a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.627560][ T7866] RAX: ffffffffffffffda RBX: 00007f7476a15fa0 RCX: 00007f747679cdd9 [ 205.627570][ T7866] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 205.627578][ T7866] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 205.627587][ T7866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.627595][ T7866] R13: 00007f7476a16038 R14: 00007f7476a15fa0 R15: 00007ffe9c0761c8 [ 205.627614][ T7866] [ 206.187426][ T5622] Bluetooth: hci0: command 0x2016 tx timeout [ 206.787868][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 206.950593][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 207.028117][ T5622] Bluetooth: hci2: command 0x0c1a tx timeout [ 207.039540][ T7882] bridge0: port 3(gretap0) entered blocking state [ 207.111705][ T7882] bridge0: port 3(gretap0) entered disabled state [ 207.233598][ T7882] gretap0: entered allmulticast mode [ 207.312277][ T7882] gretap0: entered promiscuous mode [ 207.355461][ T7882] FAULT_INJECTION: forcing a failure. [ 207.355461][ T7882] name failslab, interval 1, probability 0, space 0, times 0 [ 207.462692][ T7882] CPU: 0 UID: 0 PID: 7882 Comm: syz.2.446 Not tainted syzkaller #0 PREEMPT(full) [ 207.462714][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 207.462723][ T7882] Call Trace: [ 207.462728][ T7882] [ 207.462735][ T7882] dump_stack_lvl+0x100/0x190 [ 207.462756][ T7882] should_fail_ex.cold+0x5/0xa [ 207.462776][ T7882] should_failslab+0xc2/0x120 [ 207.462794][ T7882] __kmalloc_cache_noprof+0x7a/0x6f0 [ 207.462814][ T7882] ? nbp_vlan_add+0x1eb/0x3e0 [ 207.462839][ T7882] nbp_vlan_add+0x1eb/0x3e0 [ 207.462862][ T7882] nbp_vlan_init+0x373/0x500 [ 207.462884][ T7882] ? __pfx_nbp_vlan_init+0x10/0x10 [ 207.462909][ T7882] ? __local_bh_enable_ip+0x9e/0x120 [ 207.462928][ T7882] ? lockdep_hardirqs_on+0x78/0x100 [ 207.462946][ T7882] ? br_fdb_add_local+0x43/0x60 [ 207.462965][ T7882] ? __local_bh_enable_ip+0x9e/0x120 [ 207.462985][ T7882] br_add_if+0xf79/0x1b40 [ 207.463007][ T7882] ? veth_get_iflink+0x253/0x2c0 [ 207.463029][ T7882] add_del_if+0x114/0x160 [ 207.463043][ T7882] br_dev_siocdevprivate+0x8ac/0x1650 [ 207.463060][ T7882] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 207.463079][ T7882] ? do_raw_spin_lock+0x128/0x260 [ 207.463097][ T7882] ? find_held_lock+0x2b/0x80 [ 207.463124][ T7882] ? debug_mutex_remove_waiter+0xa8/0x320 [ 207.463143][ T7882] ? debug_mutex_remove_waiter+0xa8/0x320 [ 207.463169][ T7882] ? netdev_name_node_lookup+0x107/0x150 [ 207.463192][ T7882] ? __mutex_lock+0x838/0x1b10 [ 207.463214][ T7882] dev_ifsioc+0xc2f/0x1f10 [ 207.463230][ T7882] ? __pfx_dev_ifsioc+0x10/0x10 [ 207.463243][ T7882] ? __pfx___mutex_lock+0x10/0x10 [ 207.463268][ T7882] ? dev_load+0x8e/0x240 [ 207.463280][ T7882] ? dev_load+0x8e/0x240 [ 207.463297][ T7882] dev_ioctl+0x70e/0x1070 [ 207.463312][ T7882] sock_ioctl+0x494/0x6b0 [ 207.463333][ T7882] ? __pfx_sock_ioctl+0x10/0x10 [ 207.463352][ T7882] ? hook_file_ioctl_common+0x149/0x410 [ 207.463371][ T7882] ? __fget_files+0x21f/0x3d0 [ 207.463391][ T7882] ? __pfx_sock_ioctl+0x10/0x10 [ 207.463411][ T7882] __x64_sys_ioctl+0x18e/0x210 [ 207.463428][ T7882] do_syscall_64+0x10b/0xf80 [ 207.463445][ T7882] ? clear_bhb_loop+0x40/0x90 [ 207.463463][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.463478][ T7882] RIP: 0033:0x7fcff899cdd9 [ 207.463490][ T7882] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.463504][ T7882] RSP: 002b:00007fcff9866028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.463518][ T7882] RAX: ffffffffffffffda RBX: 00007fcff8c16090 RCX: 00007fcff899cdd9 [ 207.463528][ T7882] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 207.463537][ T7882] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 207.463546][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 207.463554][ T7882] R13: 00007fcff8c16128 R14: 00007fcff8c16090 R15: 00007ffeca87b4e8 [ 207.463574][ T7882] [ 208.685584][ T7882] gretap0: failed to initialize vlan filtering on this port [ 208.713977][ T7882] gretap0: left allmulticast mode [ 209.194003][ T7902] random: crng reseeded on system resumption [ 210.517782][ T7930] netlink: 'syz.3.458': attribute type 1 has an invalid length. [ 210.560629][ T7930] netlink: 9 bytes leftover after parsing attributes in process `syz.3.458'. [ 211.223825][ T7944] netlink: 20 bytes leftover after parsing attributes in process `syz.3.462'. [ 213.553804][ T7994] vhci_hcd vhci_hcd.2: invalid port number 111 [ 213.574386][ T7994] vhci_hcd vhci_hcd.2: default hub control req: a356 va1b7 i006f l5094 [ 213.771918][ T8006] netlink: 25 bytes leftover after parsing attributes in process `syz.0.476'. [ 213.946289][ T8009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.477'. [ 214.061254][ T8009] bond0: (slave bond_slave_0): Releasing backup interface [ 214.201824][ T8015] netlink: 'syz.0.479': attribute type 1 has an invalid length. [ 214.250250][ T8015] netlink: 9 bytes leftover after parsing attributes in process `syz.0.479'. [ 214.783667][ T8030] netlink: 342 bytes leftover after parsing attributes in process `syz.3.484'. [ 215.116868][ T8036] input input7: cannot allocate more than FF_MAX_EFFECTS effects [ 217.292545][ T8093] kAFS: Invalid Command on /proc/fs/afs/cells file [ 217.304609][ T8091] netlink: 342 bytes leftover after parsing attributes in process `syz.2.499'. [ 217.986148][ T8108] kernel profiling enabled (shift: 0) [ 221.047584][ T8166] binder: 8153:8166 ioctl 40086602 e20 returned -22 [ 221.877275][ T8178] netlink: 342 bytes leftover after parsing attributes in process `syz.1.519'. [ 223.595735][ T8210] vhci_hcd vhci_hcd.2: invalid port number 111 [ 223.659780][ T8210] vhci_hcd vhci_hcd.2: default hub control req: a356 va1b7 i006f l5094 [ 224.652835][ T8234] netlink: 354 bytes leftover after parsing attributes in process `syz.2.533'. [ 225.151362][ T8245] random: crng reseeded on system resumption [ 226.232216][ T29] audit: type=1800 audit(1778061561.328:7): pid=8271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.542" name="dummy_udc" dev="gadgetfs" ino=6557 res=0 errno=0 [ 226.819712][ T8279] sd 0:0:1:0: PR command failed: 1026 [ 226.856799][ T8279] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 226.886584][ T8279] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 227.304067][ T8283] netlink: 28 bytes leftover after parsing attributes in process `syz.0.545'. [ 227.489696][ T8283] bond0: (slave bond_slave_0): Releasing backup interface [ 228.629937][ T5622] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 228.629963][ T5622] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 228.644839][ T5622] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 228.644856][ T5622] Bluetooth: hci0: Unknown advertising packet type: 0x57 [ 228.652615][ T5622] Bluetooth: hci0: Unknown advertising packet type: 0x51 [ 228.659705][ T5622] Bluetooth: hci0: Malformed LE Event: 0x0d [ 228.808107][ T8294] netlink: 342 bytes leftover after parsing attributes in process `syz.0.548'. [ 229.631192][ T8324] bridge0: port 3(gretap0) entered blocking state [ 229.658899][ T8324] bridge0: port 3(gretap0) entered disabled state [ 229.691082][ T8324] gretap0: entered allmulticast mode [ 229.721410][ T8324] gretap0: entered promiscuous mode [ 229.754892][ T8324] FAULT_INJECTION: forcing a failure. [ 229.754892][ T8324] name failslab, interval 1, probability 0, space 0, times 0 [ 229.826266][ T8324] CPU: 0 UID: 0 PID: 8324 Comm: syz.0.555 Not tainted syzkaller #0 PREEMPT(full) [ 229.826288][ T8324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 229.826298][ T8324] Call Trace: [ 229.826304][ T8324] [ 229.826310][ T8324] dump_stack_lvl+0x100/0x190 [ 229.826331][ T8324] should_fail_ex.cold+0x5/0xa [ 229.826352][ T8324] should_failslab+0xc2/0x120 [ 229.826369][ T8324] __kmalloc_cache_noprof+0x7a/0x6f0 [ 229.826390][ T8324] ? nbp_vlan_add+0x1eb/0x3e0 [ 229.826414][ T8324] nbp_vlan_add+0x1eb/0x3e0 [ 229.826438][ T8324] nbp_vlan_init+0x373/0x500 [ 229.826460][ T8324] ? __pfx_nbp_vlan_init+0x10/0x10 [ 229.826485][ T8324] ? __local_bh_enable_ip+0x9e/0x120 [ 229.826504][ T8324] ? lockdep_hardirqs_on+0x78/0x100 [ 229.826523][ T8324] ? br_fdb_add_local+0x43/0x60 [ 229.826541][ T8324] ? __local_bh_enable_ip+0x9e/0x120 [ 229.826562][ T8324] br_add_if+0xf79/0x1b40 [ 229.826584][ T8324] ? veth_get_iflink+0x253/0x2c0 [ 229.826605][ T8324] add_del_if+0x114/0x160 [ 229.826620][ T8324] br_dev_siocdevprivate+0x8ac/0x1650 [ 229.826637][ T8324] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 229.826657][ T8324] ? do_raw_spin_lock+0x128/0x260 [ 229.826675][ T8324] ? find_held_lock+0x2b/0x80 [ 229.826694][ T8324] ? debug_mutex_remove_waiter+0xa8/0x320 [ 229.826713][ T8324] ? debug_mutex_remove_waiter+0xa8/0x320 [ 229.826737][ T8324] ? netdev_name_node_lookup+0x107/0x150 [ 229.826759][ T8324] ? __mutex_lock+0x838/0x1b10 [ 229.826780][ T8324] dev_ifsioc+0xc2f/0x1f10 [ 229.826796][ T8324] ? __pfx_dev_ifsioc+0x10/0x10 [ 229.826809][ T8324] ? __pfx___mutex_lock+0x10/0x10 [ 229.826834][ T8324] ? dev_load+0x8e/0x240 [ 229.826846][ T8324] ? dev_load+0x8e/0x240 [ 229.826863][ T8324] dev_ioctl+0x70e/0x1070 [ 229.826878][ T8324] sock_ioctl+0x494/0x6b0 [ 229.826899][ T8324] ? __pfx_sock_ioctl+0x10/0x10 [ 229.826918][ T8324] ? hook_file_ioctl_common+0x149/0x410 [ 229.826937][ T8324] ? __fget_files+0x21f/0x3d0 [ 229.826965][ T8324] ? __pfx_sock_ioctl+0x10/0x10 [ 229.826986][ T8324] __x64_sys_ioctl+0x18e/0x210 [ 229.827003][ T8324] do_syscall_64+0x10b/0xf80 [ 229.827022][ T8324] ? clear_bhb_loop+0x40/0x90 [ 229.827039][ T8324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.827054][ T8324] RIP: 0033:0x7f747679cdd9 [ 229.827067][ T8324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.827080][ T8324] RSP: 002b:00007f7477619028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.827095][ T8324] RAX: ffffffffffffffda RBX: 00007f7476a16090 RCX: 00007f747679cdd9 [ 229.827105][ T8324] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 229.827114][ T8324] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 229.827122][ T8324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.827131][ T8324] R13: 00007f7476a16128 R14: 00007f7476a16090 R15: 00007ffe9c0761c8 [ 229.827150][ T8324] [ 230.116440][ T8324] gretap0: failed to initialize vlan filtering on this port [ 230.430937][ T8324] gretap0: left allmulticast mode [ 232.040290][ T8366] binder: 8365:8366 ioctl 40046210 0 returned -14 [ 232.280121][ T8364] netlink: 20 bytes leftover after parsing attributes in process `syz.0.566'. [ 233.808288][ T8406] sd 0:0:1:0: PR command failed: 1026 [ 233.855962][ T8406] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 233.932870][ T8406] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 235.236777][ T8427] tipc: Started in network mode [ 235.282504][ T8427] tipc: Node identity ffffffff, cluster identity 4711 [ 235.354499][ T8427] tipc: Node number set to 4294967295 [ 236.093712][ T8446] bond0: invalid ARP target specified [ 236.177668][ T8449] nbd: socks must be embedded in a SOCK_ITEM attr [ 236.243646][ T8449] block nbd0: shutting down sockets [ 236.266175][ T8446] netlink: 28 bytes leftover after parsing attributes in process `syz.1.587'. [ 236.839897][ T8459] netlink: 20 bytes leftover after parsing attributes in process `syz.1.590'. [ 239.002016][ T8495] random: crng reseeded on system resumption [ 239.184527][ T8495] FAULT_INJECTION: forcing a failure. [ 239.184527][ T8495] name failslab, interval 1, probability 0, space 0, times 0 [ 239.335483][ T8495] CPU: 0 UID: 0 PID: 8495 Comm: syz.2.600 Not tainted syzkaller #0 PREEMPT(full) [ 239.335506][ T8495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 239.335518][ T8495] Call Trace: [ 239.335523][ T8495] [ 239.335530][ T8495] dump_stack_lvl+0x100/0x190 [ 239.335552][ T8495] should_fail_ex.cold+0x5/0xa [ 239.335572][ T8495] should_failslab+0xc2/0x120 [ 239.335590][ T8495] __kmalloc_cache_noprof+0x7a/0x6f0 [ 239.335610][ T8495] ? create_basic_memory_bitmaps+0xeb/0x350 [ 239.335634][ T8495] create_basic_memory_bitmaps+0xeb/0x350 [ 239.335657][ T8495] snapshot_open+0x230/0x2a0 [ 239.335677][ T8495] ? __pfx_snapshot_open+0x10/0x10 [ 239.335699][ T8495] misc_open+0x26d/0x450 [ 239.335717][ T8495] ? __pfx_misc_open+0x10/0x10 [ 239.335734][ T8495] chrdev_open+0x234/0x6a0 [ 239.335752][ T8495] ? __pfx_apparmor_file_open+0x10/0x10 [ 239.335775][ T8495] ? __pfx_chrdev_open+0x10/0x10 [ 239.335794][ T8495] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 239.335817][ T8495] do_dentry_open+0x6d8/0x1660 [ 239.335835][ T8495] ? __pfx_chrdev_open+0x10/0x10 [ 239.335857][ T8495] vfs_open+0x82/0x3f0 [ 239.335881][ T8495] path_openat+0x208c/0x31a0 [ 239.335905][ T8495] ? __pfx_path_openat+0x10/0x10 [ 239.335930][ T8495] do_file_open+0x20e/0x430 [ 239.335949][ T8495] ? __pfx_do_file_open+0x10/0x10 [ 239.335981][ T8495] ? alloc_fd+0x476/0x790 [ 239.336000][ T8495] ? do_getname+0x191/0x390 [ 239.336022][ T8495] do_sys_openat2+0x10d/0x1e0 [ 239.336044][ T8495] ? __pfx_do_sys_openat2+0x10/0x10 [ 239.336072][ T8495] __x64_sys_openat+0x12d/0x210 [ 239.336095][ T8495] ? __pfx___x64_sys_openat+0x10/0x10 [ 239.336120][ T8495] ? rcu_is_watching+0x12/0xc0 [ 239.336140][ T8495] do_syscall_64+0x10b/0xf80 [ 239.336159][ T8495] ? clear_bhb_loop+0x40/0x90 [ 239.336176][ T8495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.336191][ T8495] RIP: 0033:0x7fcff899cdd9 [ 239.336204][ T8495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 239.336218][ T8495] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 239.336236][ T8495] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 239.336245][ T8495] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 239.336255][ T8495] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 239.336269][ T8495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.336278][ T8495] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 239.336298][ T8495] [ 240.326553][ T8518] netlink: 354 bytes leftover after parsing attributes in process `syz.1.607'. [ 240.775797][ T8528] sd 0:0:1:0: PR command failed: 1026 [ 240.875894][ T8528] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 240.953257][ T8528] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 241.632374][ T8544] kAFS: No cell specified [ 242.943902][ T8574] tipc: Started in network mode [ 242.967746][ T8574] tipc: Node identity ffffffff, cluster identity 4711 [ 243.006355][ T8574] tipc: Node number set to 4294967295 [ 243.474753][ T8575] ima: policy update failed [ 243.525051][ T29] audit: type=1802 audit(1778061578.628:8): pid=8575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.621" res=0 errno=0 [ 243.549179][ T8590] sd 0:0:1:0: PR command failed: 1026 [ 243.599024][ T8590] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 243.671854][ T8590] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 244.430854][ T8615] tipc: Started in network mode [ 244.468139][ T8615] tipc: Node identity ffffffff, cluster identity 4711 [ 244.506717][ T8615] tipc: Node number set to 4294967295 [ 245.511969][ T8636] netlink: 354 bytes leftover after parsing attributes in process `syz.3.637'. [ 245.592583][ T8625] bridge0: port 3(gretap0) entered blocking state [ 245.658017][ T8625] bridge0: port 3(gretap0) entered disabled state [ 245.715518][ T8625] gretap0: entered allmulticast mode [ 245.796664][ T8625] gretap0: entered promiscuous mode [ 245.863168][ T8625] FAULT_INJECTION: forcing a failure. [ 245.863168][ T8625] name failslab, interval 1, probability 0, space 0, times 0 [ 245.876942][ T8625] CPU: 0 UID: 0 PID: 8625 Comm: syz.1.633 Not tainted syzkaller #0 PREEMPT(full) [ 245.876962][ T8625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 245.876972][ T8625] Call Trace: [ 245.876978][ T8625] [ 245.876984][ T8625] dump_stack_lvl+0x100/0x190 [ 245.877004][ T8625] should_fail_ex.cold+0x5/0xa [ 245.877024][ T8625] should_failslab+0xc2/0x120 [ 245.877041][ T8625] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 245.877065][ T8625] ? __alloc_skb+0x140/0x710 [ 245.877083][ T8625] __alloc_skb+0x140/0x710 [ 245.877095][ T8625] ? __alloc_skb+0x5b7/0x710 [ 245.877108][ T8625] ? __pfx___alloc_skb+0x10/0x10 [ 245.877123][ T8625] ? __pfx_fdb_create+0x10/0x10 [ 245.877144][ T8625] fdb_notify+0xa2/0x190 [ 245.877162][ T8625] fdb_add_local+0x184/0x1c0 [ 245.877182][ T8625] br_fdb_add_local+0x39/0x60 [ 245.877202][ T8625] __vlan_add+0x17f3/0x2e10 [ 245.877231][ T8625] ? __pfx___vlan_add+0x10/0x10 [ 245.877257][ T8625] nbp_vlan_add+0x258/0x3e0 [ 245.877279][ T8625] nbp_vlan_init+0x373/0x500 [ 245.877301][ T8625] ? __pfx_nbp_vlan_init+0x10/0x10 [ 245.877325][ T8625] ? __local_bh_enable_ip+0x9e/0x120 [ 245.877344][ T8625] ? lockdep_hardirqs_on+0x78/0x100 [ 245.877363][ T8625] ? br_fdb_add_local+0x43/0x60 [ 245.877387][ T8625] ? __local_bh_enable_ip+0x9e/0x120 [ 245.877408][ T8625] br_add_if+0xf79/0x1b40 [ 245.877435][ T8625] ? veth_get_iflink+0x253/0x2c0 [ 245.877457][ T8625] add_del_if+0x114/0x160 [ 245.877472][ T8625] br_dev_siocdevprivate+0x8ac/0x1650 [ 245.877489][ T8625] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 245.877508][ T8625] ? do_raw_spin_lock+0x128/0x260 [ 245.877525][ T8625] ? find_held_lock+0x2b/0x80 [ 245.877543][ T8625] ? debug_mutex_remove_waiter+0xa8/0x320 [ 245.877561][ T8625] ? debug_mutex_remove_waiter+0xa8/0x320 [ 245.877586][ T8625] ? netdev_name_node_lookup+0x107/0x150 [ 245.877606][ T8625] ? __mutex_lock+0x838/0x1b10 [ 245.877628][ T8625] dev_ifsioc+0xc2f/0x1f10 [ 245.877644][ T8625] ? __pfx_dev_ifsioc+0x10/0x10 [ 245.877656][ T8625] ? __pfx___mutex_lock+0x10/0x10 [ 245.877681][ T8625] ? dev_load+0x8e/0x240 [ 245.877693][ T8625] ? dev_load+0x8e/0x240 [ 245.877710][ T8625] dev_ioctl+0x70e/0x1070 [ 245.877725][ T8625] sock_ioctl+0x494/0x6b0 [ 245.877746][ T8625] ? __pfx_sock_ioctl+0x10/0x10 [ 245.877764][ T8625] ? hook_file_ioctl_common+0x149/0x410 [ 245.877784][ T8625] ? __fget_files+0x21f/0x3d0 [ 245.877803][ T8625] ? __pfx_sock_ioctl+0x10/0x10 [ 245.877824][ T8625] __x64_sys_ioctl+0x18e/0x210 [ 245.877839][ T8625] do_syscall_64+0x10b/0xf80 [ 245.877857][ T8625] ? clear_bhb_loop+0x40/0x90 [ 245.877875][ T8625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.877889][ T8625] RIP: 0033:0x7f561cd9cdd9 [ 245.877903][ T8625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 245.877916][ T8625] RSP: 002b:00007f561aff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.877931][ T8625] RAX: ffffffffffffffda RBX: 00007f561d016090 RCX: 00007f561cd9cdd9 [ 245.877940][ T8625] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 245.877949][ T8625] RBP: 00007f561ce32d69 R08: 0000000000000000 R09: 0000000000000000 [ 245.877958][ T8625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.877966][ T8625] R13: 00007f561d016128 R14: 00007f561d016090 R15: 00007fff57405018 [ 245.877986][ T8625] [ 246.928589][ T8625] bridge0: port 3(gretap0) entered blocking state [ 246.936210][ T8625] bridge0: port 3(gretap0) entered forwarding state [ 247.294729][ T8646] FAULT_INJECTION: forcing a failure. [ 247.294729][ T8646] name failslab, interval 1, probability 0, space 0, times 0 [ 247.372259][ T8646] CPU: 0 UID: 0 PID: 8646 Comm: syz.1.640 Not tainted syzkaller #0 PREEMPT(full) [ 247.372281][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 247.372291][ T8646] Call Trace: [ 247.372296][ T8646] [ 247.372302][ T8646] dump_stack_lvl+0x100/0x190 [ 247.372323][ T8646] should_fail_ex.cold+0x5/0xa [ 247.372344][ T8646] should_failslab+0xc2/0x120 [ 247.372362][ T8646] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 247.372385][ T8646] ? __alloc_skb+0x140/0x710 [ 247.372403][ T8646] __alloc_skb+0x140/0x710 [ 247.372416][ T8646] ? __pfx___alloc_skb+0x10/0x10 [ 247.372436][ T8646] tcp_stream_alloc_skb+0x34/0x660 [ 247.372460][ T8646] tcp_write_xmit+0x732/0x83d0 [ 247.372486][ T8646] ? __sk_mem_schedule+0xd0/0x100 [ 247.372505][ T8646] tcp_sendmsg_locked+0x2cd0/0x4500 [ 247.372538][ T8646] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 247.372562][ T8646] ? do_raw_spin_lock+0x128/0x260 [ 247.372579][ T8646] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 247.372600][ T8646] ? __local_bh_enable_ip+0x9e/0x120 [ 247.372620][ T8646] tcp_sendmsg+0x2e/0x50 [ 247.372640][ T8646] ? __pfx_tcp_sendmsg+0x10/0x10 [ 247.372661][ T8646] inet_sendmsg+0xb9/0x140 [ 247.372683][ T8646] sock_write_iter+0x4ea/0x5a0 [ 247.372701][ T8646] ? __pfx_inet_sendmsg+0x10/0x10 [ 247.372722][ T8646] ? __pfx_sock_write_iter+0x10/0x10 [ 247.372748][ T8646] ? bpf_lsm_file_permission+0x9/0x10 [ 247.372762][ T8646] ? security_file_permission+0x76/0x210 [ 247.372779][ T8646] ? rw_verify_area+0xce/0x6d0 [ 247.372795][ T8646] vfs_write+0x6ac/0x1070 [ 247.372812][ T8646] ? __pfx_sock_write_iter+0x10/0x10 [ 247.372832][ T8646] ? __pfx_vfs_write+0x10/0x10 [ 247.372847][ T8646] ? find_held_lock+0x2b/0x80 [ 247.372878][ T8646] ksys_write+0x1f8/0x250 [ 247.372894][ T8646] ? __pfx_ksys_write+0x10/0x10 [ 247.372912][ T8646] ? rcu_is_watching+0x12/0xc0 [ 247.372932][ T8646] do_syscall_64+0x10b/0xf80 [ 247.372950][ T8646] ? clear_bhb_loop+0x40/0x90 [ 247.372967][ T8646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.372982][ T8646] RIP: 0033:0x7f561cd9cdd9 [ 247.372995][ T8646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 247.373009][ T8646] RSP: 002b:00007f561db88028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.373023][ T8646] RAX: ffffffffffffffda RBX: 00007f561d015fa0 RCX: 00007f561cd9cdd9 [ 247.373033][ T8646] RDX: 0000000000100085 RSI: 0000000000000000 RDI: 0000000000000003 [ 247.373041][ T8646] RBP: 00007f561ce32d69 R08: 0000000000000000 R09: 0000000000000000 [ 247.373050][ T8646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.373059][ T8646] R13: 00007f561d016038 R14: 00007f561d015fa0 R15: 00007fff57405018 [ 247.373078][ T8646] [ 247.792089][ T8659] sd 0:0:1:0: PR command failed: 1026 [ 247.797530][ T8659] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 247.804277][ T8659] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 249.193396][ T8673] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.647: bg 1: bad block bitmap checksum [ 249.209894][ T8673] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6679: Filesystem failed CRC [ 249.655578][ T8689] bridge0: port 3(gretap0) entered blocking state [ 249.685981][ T8689] bridge0: port 3(gretap0) entered disabled state [ 249.709098][ T8689] gretap0: entered allmulticast mode [ 249.734771][ T8689] bridge0: port 3(gretap0) entered blocking state [ 249.741316][ T8689] bridge0: port 3(gretap0) entered forwarding state [ 250.930923][ T5622] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 250.930948][ T5622] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 250.946364][ T5622] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 250.946394][ T5622] Bluetooth: hci3: adv larger than maximum supported [ 250.953559][ T5622] Bluetooth: hci3: adv larger than maximum supported [ 250.961517][ T5622] Bluetooth: hci3: adv larger than maximum supported [ 250.968255][ T5622] Bluetooth: hci3: Malformed LE Event: 0x0d [ 251.067213][ T8702] netlink: 342 bytes leftover after parsing attributes in process `syz.3.653'. [ 251.887645][ T8708] kexec: Could not allocate control_code_buffer [ 255.187313][ T8806] netlink: 28 bytes leftover after parsing attributes in process `syz.3.684'. [ 255.670322][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.679791][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.036397][ T29] audit: type=1800 audit(1778061592.138:9): pid=8835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.692" name="dummy_udc" dev="gadgetfs" ino=6557 res=0 errno=0 [ 259.839602][ T8900] FAULT_INJECTION: forcing a failure. [ 259.839602][ T8900] name failslab, interval 1, probability 0, space 0, times 0 [ 259.897143][ T8900] CPU: 0 UID: 0 PID: 8900 Comm: syz.2.708 Not tainted syzkaller #0 PREEMPT(full) [ 259.897168][ T8900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 259.897177][ T8900] Call Trace: [ 259.897182][ T8900] [ 259.897188][ T8900] dump_stack_lvl+0x100/0x190 [ 259.897209][ T8900] should_fail_ex.cold+0x5/0xa [ 259.897229][ T8900] should_failslab+0xc2/0x120 [ 259.897246][ T8900] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 259.897269][ T8900] ? __alloc_skb+0x140/0x710 [ 259.897287][ T8900] __alloc_skb+0x140/0x710 [ 259.897301][ T8900] ? __pfx___alloc_skb+0x10/0x10 [ 259.897320][ T8900] tcp_stream_alloc_skb+0x34/0x660 [ 259.897345][ T8900] tcp_write_xmit+0x732/0x83d0 [ 259.897371][ T8900] ? __sk_mem_schedule+0xd0/0x100 [ 259.897390][ T8900] tcp_sendmsg_locked+0x2cd0/0x4500 [ 259.897423][ T8900] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 259.897447][ T8900] ? do_raw_spin_lock+0x128/0x260 [ 259.897464][ T8900] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 259.897485][ T8900] ? __local_bh_enable_ip+0x9e/0x120 [ 259.897505][ T8900] tcp_sendmsg+0x2e/0x50 [ 259.897525][ T8900] ? __pfx_tcp_sendmsg+0x10/0x10 [ 259.897546][ T8900] inet_sendmsg+0xb9/0x140 [ 259.897568][ T8900] sock_write_iter+0x4ea/0x5a0 [ 259.897587][ T8900] ? __pfx_inet_sendmsg+0x10/0x10 [ 259.897608][ T8900] ? __pfx_sock_write_iter+0x10/0x10 [ 259.897633][ T8900] ? bpf_lsm_file_permission+0x9/0x10 [ 259.897647][ T8900] ? security_file_permission+0x76/0x210 [ 259.897664][ T8900] ? rw_verify_area+0xce/0x6d0 [ 259.897681][ T8900] vfs_write+0x6ac/0x1070 [ 259.897698][ T8900] ? __pfx_sock_write_iter+0x10/0x10 [ 259.897718][ T8900] ? __pfx_vfs_write+0x10/0x10 [ 259.897733][ T8900] ? find_held_lock+0x2b/0x80 [ 259.897763][ T8900] ksys_write+0x1f8/0x250 [ 259.897779][ T8900] ? __pfx_ksys_write+0x10/0x10 [ 259.897797][ T8900] ? rcu_is_watching+0x12/0xc0 [ 259.897816][ T8900] do_syscall_64+0x10b/0xf80 [ 259.897835][ T8900] ? clear_bhb_loop+0x40/0x90 [ 259.897852][ T8900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.897867][ T8900] RIP: 0033:0x7fcff899cdd9 [ 259.897879][ T8900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.897894][ T8900] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 259.897908][ T8900] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 259.897917][ T8900] RDX: 0000000000100085 RSI: 0000000000000000 RDI: 0000000000000003 [ 259.897926][ T8900] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 259.897935][ T8900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.897943][ T8900] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 259.897963][ T8900] [ 260.291234][ T8907] netlink: 330 bytes leftover after parsing attributes in process `syz.3.710'. [ 260.300550][ T8907] mac80211_hwsim hwsim5 : renamed from wlan0 (while UP) [ 261.185359][ T8927] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.1.715: 7 [ 261.941650][ T8949] netlink: 4 bytes leftover after parsing attributes in process `syz.1.728'. [ 262.001193][ T8954] netlink: 354 bytes leftover after parsing attributes in process `syz.1.728'. [ 262.284807][ T8963] block2mtd: illegal erase size [ 263.584523][ T8987] futex_wake_op: syz.2.727 tries to shift op by -2048; fix this program [ 263.757918][ T8981] 0x000000000001-0x000000020000 : "" [ 263.845173][ T8990] binder: 8989:8990 ioctl c00c620f 0 returned -22 [ 263.864281][ T8981] ftl_cs: FTL header corrupt! [ 265.294028][ T9004] &#$@\]\-: entered promiscuous mode [ 267.230399][ T9017] kexec: Could not allocate control_code_buffer [ 267.319597][ T5622] Bluetooth: hci0: unexpected event 0x31 length: 19 > 6 [ 268.018275][ T29] audit: type=1804 audit(1778061603.118:10): pid=9040 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.742" name="/newroot/201/file0" dev="tmpfs" ino=1050 res=1 errno=0 [ 268.171398][ T29] audit: type=1804 audit(1778061603.168:11): pid=9048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.742" name="/newroot/201/file0" dev="tmpfs" ino=1050 res=1 errno=0 [ 270.385564][ T9093] nvme_fcloop: unknown parameter or missing value '7=";&L=j"Yq'R"' [ 270.783031][ T9094] FAULT_INJECTION: forcing a failure. [ 270.783031][ T9094] name failslab, interval 1, probability 0, space 0, times 0 [ 270.834369][ T9094] CPU: 0 UID: 0 PID: 9094 Comm: syz.2.753 Not tainted syzkaller #0 PREEMPT(full) [ 270.834391][ T9094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 270.834401][ T9094] Call Trace: [ 270.834406][ T9094] [ 270.834411][ T9094] dump_stack_lvl+0x100/0x190 [ 270.834433][ T9094] should_fail_ex.cold+0x5/0xa [ 270.834452][ T9094] should_failslab+0xc2/0x120 [ 270.834469][ T9094] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 270.834491][ T9094] ? __mpol_dup+0x74/0x390 [ 270.834514][ T9094] __mpol_dup+0x74/0x390 [ 270.834532][ T9094] ? __pfx___mpol_dup+0x10/0x10 [ 270.834555][ T9094] mbind_range+0x2ad/0x550 [ 270.834576][ T9094] do_mbind+0x7dc/0xfd0 [ 270.834601][ T9094] ? __pfx_do_mbind+0x10/0x10 [ 270.834620][ T9094] ? ksys_write+0x190/0x250 [ 270.834645][ T9094] ? __pfx_get_nodes+0x10/0x10 [ 270.834664][ T9094] kernel_mbind+0x1b7/0x200 [ 270.834685][ T9094] ? __pfx_kernel_mbind+0x10/0x10 [ 270.834706][ T9094] ? rcu_is_watching+0x12/0xc0 [ 270.834726][ T9094] do_syscall_64+0x10b/0xf80 [ 270.834744][ T9094] ? clear_bhb_loop+0x40/0x90 [ 270.834761][ T9094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.834776][ T9094] RIP: 0033:0x7fcff899cdd9 [ 270.834789][ T9094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 270.834803][ T9094] RSP: 002b:00007fcff9824028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 270.834817][ T9094] RAX: ffffffffffffffda RBX: 00007fcff8c16270 RCX: 00007fcff899cdd9 [ 270.834827][ T9094] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 270.834835][ T9094] RBP: 00007fcff8a32d69 R08: 0000002000000006 R09: 0000000000000002 [ 270.834844][ T9094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 270.834852][ T9094] R13: 00007fcff8c16308 R14: 00007fcff8c16270 R15: 00007ffeca87b4e8 [ 270.834871][ T9094] [ 272.894122][ T9136] netlink: 326 bytes leftover after parsing attributes in process `syz.2.761'. [ 272.999043][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.006945][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.390034][ T9165] FAULT_INJECTION: forcing a failure. [ 274.390034][ T9165] name failslab, interval 1, probability 0, space 0, times 0 [ 274.486006][ T9165] CPU: 0 UID: 0 PID: 9165 Comm: syz.2.768 Not tainted syzkaller #0 PREEMPT(full) [ 274.486027][ T9165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 274.486036][ T9165] Call Trace: [ 274.486041][ T9165] [ 274.486048][ T9165] dump_stack_lvl+0x100/0x190 [ 274.486069][ T9165] should_fail_ex.cold+0x5/0xa [ 274.486089][ T9165] should_failslab+0xc2/0x120 [ 274.486107][ T9165] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 274.486129][ T9165] ? acpi_ps_alloc_op+0xf4/0x360 [ 274.486146][ T9165] ? acpi_ut_allocate_owner_id+0x2aa/0x550 [ 274.486165][ T9165] acpi_ps_alloc_op+0xf4/0x360 [ 274.486185][ T9165] acpi_ps_create_scope_op+0x1a/0x70 [ 274.486203][ T9165] acpi_ps_execute_method+0x223/0xe90 [ 274.486225][ T9165] acpi_ns_evaluate+0x640/0x1670 [ 274.486250][ T9165] acpi_evaluate_object+0x420/0xe00 [ 274.486264][ T9165] ? kasan_save_stack+0x30/0x50 [ 274.486280][ T9165] ? kasan_save_track+0x14/0x30 [ 274.486293][ T9165] ? __kasan_kmalloc+0xaa/0xb0 [ 274.486305][ T9165] ? __kvmalloc_node_noprof+0x360/0xa00 [ 274.486322][ T9165] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 274.486336][ T9165] ? lock_acquire+0x1b1/0x370 [ 274.486356][ T9165] acpi_evaluate_integer+0xdf/0x220 [ 274.486378][ T9165] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 274.486407][ T9165] ? __pfx_status_show+0x10/0x10 [ 274.486421][ T9165] status_show+0xa0/0x120 [ 274.486435][ T9165] ? __pfx_status_show+0x10/0x10 [ 274.486454][ T9165] dev_attr_show+0x52/0xa0 [ 274.486473][ T9165] ? __pfx_dev_attr_show+0x10/0x10 [ 274.486490][ T9165] sysfs_kf_seq_show+0x217/0x3a0 [ 274.486508][ T9165] seq_read_iter+0x32f/0x1270 [ 274.486523][ T9165] ? lock_acquire+0x1b1/0x370 [ 274.486544][ T9165] kernfs_fop_read_iter+0x46c/0x610 [ 274.486565][ T9165] ? rw_verify_area+0xce/0x6d0 [ 274.486579][ T9165] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 274.486608][ T9165] vfs_read+0x825/0xb30 [ 274.486627][ T9165] ? __pfx_vfs_read+0x10/0x10 [ 274.486656][ T9165] ksys_read+0x12a/0x250 [ 274.486672][ T9165] ? __pfx_ksys_read+0x10/0x10 [ 274.486690][ T9165] ? rcu_is_watching+0x12/0xc0 [ 274.486710][ T9165] do_syscall_64+0x10b/0xf80 [ 274.486729][ T9165] ? clear_bhb_loop+0x40/0x90 [ 274.486747][ T9165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.486762][ T9165] RIP: 0033:0x7fcff899cdd9 [ 274.486775][ T9165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 274.486789][ T9165] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 274.486803][ T9165] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 274.486813][ T9165] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000007 [ 274.486823][ T9165] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 274.486831][ T9165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 274.486840][ T9165] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 274.486860][ T9165] [ 275.822819][ T9202] netlink: 326 bytes leftover after parsing attributes in process `syz.0.773'. [ 275.875114][ T9202] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.882602][ T9202] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.472108][ T9220] sd 0:0:1:0: PR command failed: 1026 [ 276.534121][ T9220] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 276.663012][ T9220] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 278.653287][ T9238] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 279.359297][ T9267] futex_wake_op: syz.1.788 tries to shift op by -2048; fix this program [ 279.421234][ T9267] 0x000000000001-0x000000020000 : "" [ 279.460529][ T9267] ftl_cs: FTL header corrupt! [ 279.990338][ T9253] kexec: Could not allocate control_code_buffer [ 283.194232][ T9348] netlink: 16 bytes leftover after parsing attributes in process `syz.3.806'. [ 283.250604][ T9348] binder: 9347:9348 ioctl c018620c 200000000300 returned -22 [ 284.106127][ T9362] sd 0:0:1:0: PR command failed: 1026 [ 284.173012][ T9362] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 284.271919][ T9362] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 284.408580][ T9333] kexec: Could not allocate control_code_buffer [ 286.755679][ T9401] vivid-008: ================= START STATUS ================= [ 286.787964][ T9401] vivid-008: ================== END STATUS ================== [ 287.744898][ T9406] Console: switching to colour VGA+ 80x25 [ 288.235880][ T9424] sd 0:0:1:0: PR command failed: 1026 [ 288.305705][ T9424] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 288.425512][ T9424] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 288.724140][ T9432] net_ratelimit: 52 callbacks suppressed [ 288.724157][ T9432] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 288.830663][ T9430] FAULT_INJECTION: forcing a failure. [ 288.830663][ T9430] name failslab, interval 1, probability 0, space 0, times 0 [ 288.901133][ T9430] CPU: 0 UID: 0 PID: 9430 Comm: syz.1.823 Not tainted syzkaller #0 PREEMPT(full) [ 288.901156][ T9430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 288.901165][ T9430] Call Trace: [ 288.901170][ T9430] [ 288.901176][ T9430] dump_stack_lvl+0x100/0x190 [ 288.901197][ T9430] should_fail_ex.cold+0x5/0xa [ 288.901224][ T9430] should_failslab+0xc2/0x120 [ 288.901243][ T9430] __kmalloc_cache_node_noprof+0x7d/0x770 [ 288.901259][ T9430] ? __alloc_workqueue+0xf73/0x19f0 [ 288.901279][ T9430] ? lockdep_init_map_type+0x5c/0x250 [ 288.901297][ T9430] __alloc_workqueue+0xf73/0x19f0 [ 288.901324][ T9430] alloc_workqueue_noprof+0xc7/0x130 [ 288.901346][ T9430] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 288.901371][ T9430] ? __pfx___debug_object_init+0x10/0x10 [ 288.901398][ T9430] nci_register_device+0x394/0xb80 [ 288.901414][ T9430] ? __pfx_nci_register_device+0x10/0x10 [ 288.901432][ T9430] ? lockdep_init_map_type+0x5c/0x250 [ 288.901450][ T9430] virtual_ncidev_open+0x141/0x220 [ 288.901473][ T9430] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 288.901496][ T9430] misc_open+0x26d/0x450 [ 288.901514][ T9430] ? __pfx_misc_open+0x10/0x10 [ 288.901531][ T9430] chrdev_open+0x234/0x6a0 [ 288.901548][ T9430] ? __pfx_apparmor_file_open+0x10/0x10 [ 288.901571][ T9430] ? __pfx_chrdev_open+0x10/0x10 [ 288.901590][ T9430] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 288.901612][ T9430] do_dentry_open+0x6d8/0x1660 [ 288.901629][ T9430] ? __pfx_chrdev_open+0x10/0x10 [ 288.901651][ T9430] vfs_open+0x82/0x3f0 [ 288.901674][ T9430] path_openat+0x208c/0x31a0 [ 288.901699][ T9430] ? __pfx_path_openat+0x10/0x10 [ 288.901723][ T9430] do_file_open+0x20e/0x430 [ 288.901742][ T9430] ? __pfx_do_file_open+0x10/0x10 [ 288.901774][ T9430] ? alloc_fd+0x476/0x790 [ 288.901793][ T9430] ? do_getname+0x191/0x390 [ 288.901815][ T9430] do_sys_openat2+0x10d/0x1e0 [ 288.901836][ T9430] ? __pfx_do_sys_openat2+0x10/0x10 [ 288.901859][ T9430] ? __sys_sendmsg+0x18f/0x220 [ 288.901879][ T9430] __x64_sys_openat+0x12d/0x210 [ 288.901901][ T9430] ? __pfx___x64_sys_openat+0x10/0x10 [ 288.901926][ T9430] ? rcu_is_watching+0x12/0xc0 [ 288.901946][ T9430] do_syscall_64+0x10b/0xf80 [ 288.901964][ T9430] ? clear_bhb_loop+0x40/0x90 [ 288.901982][ T9430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.901996][ T9430] RIP: 0033:0x7f561cd9cdd9 [ 288.902009][ T9430] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 288.902023][ T9430] RSP: 002b:00007f561db88028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 288.902037][ T9430] RAX: ffffffffffffffda RBX: 00007f561d015fa0 RCX: 00007f561cd9cdd9 [ 288.902047][ T9430] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 288.902055][ T9430] RBP: 00007f561ce32d69 R08: 0000000000000000 R09: 0000000000000000 [ 288.902064][ T9430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 288.902072][ T9430] R13: 00007f561d016038 R14: 00007f561d015fa0 R15: 00007fff57405018 [ 288.902092][ T9430] [ 289.757151][ T9439] FAULT_INJECTION: forcing a failure. [ 289.757151][ T9439] name failslab, interval 1, probability 0, space 0, times 0 [ 289.757194][ T9439] CPU: 0 UID: 0 PID: 9439 Comm: syz.1.824 Not tainted syzkaller #0 PREEMPT(full) [ 289.757212][ T9439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 289.757220][ T9439] Call Trace: [ 289.757226][ T9439] [ 289.757231][ T9439] dump_stack_lvl+0x100/0x190 [ 289.757253][ T9439] should_fail_ex.cold+0x5/0xa [ 289.757273][ T9439] should_failslab+0xc2/0x120 [ 289.757290][ T9439] __kmalloc_cache_noprof+0x7a/0x6f0 [ 289.757310][ T9439] ? con_set_default_unimap+0x549/0x700 [ 289.757330][ T9439] con_set_default_unimap+0x549/0x700 [ 289.757349][ T9439] vc_allocate+0x6a8/0x880 [ 289.757370][ T9439] ? __pfx_vc_allocate+0x10/0x10 [ 289.757395][ T9439] con_install+0xa1/0x620 [ 289.757417][ T9439] ? __pfx_con_install+0x10/0x10 [ 289.757440][ T9439] ? __pfx_con_install+0x10/0x10 [ 289.757461][ T9439] tty_init_dev.part.0+0x9e/0x470 [ 289.757485][ T9439] tty_open+0xa63/0xfa0 [ 289.757510][ T9439] ? __pfx_tty_open+0x10/0x10 [ 289.757530][ T9439] ? chrdev_open+0x589/0x6a0 [ 289.757547][ T9439] ? chrdev_open+0x589/0x6a0 [ 289.757567][ T9439] ? __pfx_tty_open+0x10/0x10 [ 289.757589][ T9439] chrdev_open+0x234/0x6a0 [ 289.757607][ T9439] ? __pfx_chrdev_open+0x10/0x10 [ 289.757626][ T9439] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 289.757649][ T9439] do_dentry_open+0x6d8/0x1660 [ 289.757666][ T9439] ? __pfx_chrdev_open+0x10/0x10 [ 289.757688][ T9439] vfs_open+0x82/0x3f0 [ 289.757711][ T9439] path_openat+0x208c/0x31a0 [ 289.757736][ T9439] ? __pfx_path_openat+0x10/0x10 [ 289.757761][ T9439] do_file_open+0x20e/0x430 [ 289.757780][ T9439] ? __pfx_do_file_open+0x10/0x10 [ 289.757815][ T9439] ? alloc_fd+0x476/0x790 [ 289.757834][ T9439] ? do_getname+0x191/0x390 [ 289.757857][ T9439] do_sys_openat2+0x10d/0x1e0 [ 289.757878][ T9439] ? __pfx_do_sys_openat2+0x10/0x10 [ 289.757901][ T9439] ? __x64_sys_close_range+0x2d9/0x5d0 [ 289.757924][ T9439] __x64_sys_openat+0x12d/0x210 [ 289.757946][ T9439] ? __pfx___x64_sys_openat+0x10/0x10 [ 289.757972][ T9439] ? rcu_is_watching+0x12/0xc0 [ 289.757992][ T9439] do_syscall_64+0x10b/0xf80 [ 289.758010][ T9439] ? clear_bhb_loop+0x40/0x90 [ 289.758028][ T9439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.758043][ T9439] RIP: 0033:0x7f561cd9cdd9 [ 289.758056][ T9439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 289.758069][ T9439] RSP: 002b:00007f561aff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 289.758083][ T9439] RAX: ffffffffffffffda RBX: 00007f561d016090 RCX: 00007f561cd9cdd9 [ 289.758093][ T9439] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 289.758102][ T9439] RBP: 00007f561ce32d69 R08: 0000000000000000 R09: 0000000000000000 [ 289.758111][ T9439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 289.758119][ T9439] R13: 00007f561d016128 R14: 00007f561d016090 R15: 00007fff57405018 [ 289.758139][ T9439] [ 292.623854][ T5622] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 292.882831][ T9465] FAULT_INJECTION: forcing a failure. [ 292.882831][ T9465] name failslab, interval 1, probability 0, space 0, times 0 [ 293.038485][ T9465] CPU: 0 UID: 0 PID: 9465 Comm: syz.2.833 Not tainted syzkaller #0 PREEMPT(full) [ 293.038507][ T9465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 293.038516][ T9465] Call Trace: [ 293.038521][ T9465] [ 293.038527][ T9465] dump_stack_lvl+0x100/0x190 [ 293.038549][ T9465] should_fail_ex.cold+0x5/0xa [ 293.038568][ T9465] should_failslab+0xc2/0x120 [ 293.038587][ T9465] __kmalloc_cache_noprof+0x7a/0x6f0 [ 293.038607][ T9465] ? single_open+0x4d/0x1d0 [ 293.038620][ T9465] ? __pfx___debugfs_file_get+0x10/0x10 [ 293.038638][ T9465] ? __pfx_edid_show+0x10/0x10 [ 293.038658][ T9465] ? __pfx_edid_open+0x10/0x10 [ 293.038674][ T9465] single_open+0x4d/0x1d0 [ 293.038687][ T9465] full_proxy_open_regular+0x1b6/0x370 [ 293.038708][ T9465] do_dentry_open+0x6d8/0x1660 [ 293.038726][ T9465] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 293.038749][ T9465] vfs_open+0x82/0x3f0 [ 293.038772][ T9465] path_openat+0x208c/0x31a0 [ 293.038796][ T9465] ? __pfx_path_openat+0x10/0x10 [ 293.038828][ T9465] do_file_open+0x20e/0x430 [ 293.038848][ T9465] ? __pfx_do_file_open+0x10/0x10 [ 293.038879][ T9465] ? alloc_fd+0x476/0x790 [ 293.038899][ T9465] ? do_getname+0x191/0x390 [ 293.038922][ T9465] do_sys_openat2+0x10d/0x1e0 [ 293.038944][ T9465] ? __pfx_do_sys_openat2+0x10/0x10 [ 293.038967][ T9465] ? __fget_files+0x21f/0x3d0 [ 293.038987][ T9465] __x64_sys_openat+0x12d/0x210 [ 293.039009][ T9465] ? __pfx___x64_sys_openat+0x10/0x10 [ 293.039034][ T9465] ? rcu_is_watching+0x12/0xc0 [ 293.039054][ T9465] do_syscall_64+0x10b/0xf80 [ 293.039072][ T9465] ? clear_bhb_loop+0x40/0x90 [ 293.039089][ T9465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.039104][ T9465] RIP: 0033:0x7fcff899cdd9 [ 293.039116][ T9465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 293.039130][ T9465] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 293.039144][ T9465] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 293.039153][ T9465] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 293.039162][ T9465] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 293.039170][ T9465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.039178][ T9465] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 293.039197][ T9465] [ 293.763684][ T9477] random: crng reseeded on system resumption [ 294.715729][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 296.792220][ T5622] Bluetooth: hci0: command 0x2016 tx timeout [ 301.114693][ T9635] block2mtd: illegal erase size [ 307.089153][ T9746] futex_wake_op: syz.1.901 tries to shift op by -2048; fix this program [ 307.154066][ T9716] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.893'. [ 312.914395][ T9852] netlink: 330 bytes leftover after parsing attributes in process `syz.1.935'. [ 315.456253][ T9908] FAULT_INJECTION: forcing a failure. [ 315.456253][ T9908] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 315.515982][ T9908] CPU: 0 UID: 0 PID: 9908 Comm: syz.0.951 Not tainted syzkaller #0 PREEMPT(full) [ 315.516006][ T9908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 315.516015][ T9908] Call Trace: [ 315.516020][ T9908] [ 315.516026][ T9908] dump_stack_lvl+0x100/0x190 [ 315.516049][ T9908] should_fail_ex.cold+0x5/0xa [ 315.516069][ T9908] _copy_from_user+0x2e/0xd0 [ 315.516094][ T9908] snd_rawmidi_kernel_write1+0x390/0x7c0 [ 315.516124][ T9908] snd_rawmidi_write+0x2dc/0xc60 [ 315.516152][ T9908] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 315.516175][ T9908] ? __pfx_default_wake_function+0x10/0x10 [ 315.516196][ T9908] ? bpf_lsm_file_permission+0x9/0x10 [ 315.516211][ T9908] ? security_file_permission+0x76/0x210 [ 315.516229][ T9908] ? rw_verify_area+0xce/0x6d0 [ 315.516246][ T9908] vfs_write+0x2aa/0x1070 [ 315.516262][ T9908] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 315.516286][ T9908] ? __pfx_vfs_write+0x10/0x10 [ 315.516301][ T9908] ? find_held_lock+0x2b/0x80 [ 315.516319][ T9908] ? __fget_files+0x215/0x3d0 [ 315.516335][ T9908] ? __fget_files+0x215/0x3d0 [ 315.516354][ T9908] ? __fget_files+0x21f/0x3d0 [ 315.516375][ T9908] ksys_write+0x1f8/0x250 [ 315.516391][ T9908] ? __pfx_ksys_write+0x10/0x10 [ 315.516408][ T9908] ? rcu_is_watching+0x12/0xc0 [ 315.516428][ T9908] do_syscall_64+0x10b/0xf80 [ 315.516446][ T9908] ? clear_bhb_loop+0x40/0x90 [ 315.516463][ T9908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.516478][ T9908] RIP: 0033:0x7f747679cdd9 [ 315.516491][ T9908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.516505][ T9908] RSP: 002b:00007f747763a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 315.516520][ T9908] RAX: ffffffffffffffda RBX: 00007f7476a15fa0 RCX: 00007f747679cdd9 [ 315.516529][ T9908] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000009 [ 315.516538][ T9908] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 315.516546][ T9908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.516561][ T9908] R13: 00007f7476a16038 R14: 00007f7476a15fa0 R15: 00007ffe9c0761c8 [ 315.516580][ T9908] [ 317.113203][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.122442][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.261853][T10018] __vm_enough_memory: pid: 10018, comm: syz.2.978, bytes: 4398046511104 not enough memory for the allocation [ 321.973587][T10035] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.984: iget: checksum invalid [ 322.056130][T10035] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 322.152319][T10035] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.984: iget: checksum invalid [ 322.272205][T10035] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 322.356714][T10035] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.984: iget: checksum invalid [ 322.503733][T10035] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 322.556634][T10049] syz.1.989 uses obsolete (PF_INET,SOCK_PACKET) [ 322.569353][T10035] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.984: iget: checksum invalid [ 322.629214][T10035] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 322.673984][T10035] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 322.763163][T10035] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 325.847047][T10085] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.999'. [ 326.516101][T10108] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1006'. [ 328.691855][T10144] FAULT_INJECTION: forcing a failure. [ 328.691855][T10144] name fail_futex, interval 1, probability 0, space 0, times 0 [ 328.752872][T10144] CPU: 0 UID: 0 PID: 10144 Comm: syz.0.1018 Not tainted syzkaller #0 PREEMPT(full) [ 328.752894][T10144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 328.752903][T10144] Call Trace: [ 328.752908][T10144] [ 328.752914][T10144] dump_stack_lvl+0x100/0x190 [ 328.752936][T10144] should_fail_ex.cold+0x5/0xa [ 328.752955][T10144] get_futex_key+0x1d2/0x1510 [ 328.752972][T10144] ? __pfx_get_futex_key+0x10/0x10 [ 328.752994][T10144] futex_wake+0xea/0x530 [ 328.753012][T10144] ? rcu_is_watching+0x12/0xc0 [ 328.753030][T10144] ? __pfx_futex_wake+0x10/0x10 [ 328.753054][T10144] ? putname+0xb1/0x110 [ 328.753071][T10144] ? kmem_cache_free+0x127/0x6c0 [ 328.753096][T10144] do_futex+0x32b/0x350 [ 328.753111][T10144] ? __pfx_do_futex+0x10/0x10 [ 328.753126][T10144] ? __pfx_do_sys_openat2+0x10/0x10 [ 328.753149][T10144] ? blkcg_maybe_throttle_current+0x5e7/0xeb0 [ 328.753169][T10144] __x64_sys_futex+0x34f/0x4d0 [ 328.753185][T10144] ? __x64_sys_openat+0x12d/0x210 [ 328.753207][T10144] ? __pfx___x64_sys_futex+0x10/0x10 [ 328.753226][T10144] ? rcu_is_watching+0x12/0xc0 [ 328.753245][T10144] do_syscall_64+0x10b/0xf80 [ 328.753263][T10144] ? clear_bhb_loop+0x40/0x90 [ 328.753280][T10144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.753295][T10144] RIP: 0033:0x7f747679cdd9 [ 328.753309][T10144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.753322][T10144] RSP: 002b:00007f747763a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 328.753350][T10144] RAX: ffffffffffffffda RBX: 00007f7476a15fa8 RCX: 00007f747679cdd9 [ 328.753360][T10144] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7476a15fac [ 328.753377][T10144] RBP: 00007f7476a15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 328.753386][T10144] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 328.753394][T10144] R13: 00007f7476a16038 R14: 00007ffe9c0760e0 R15: 00007ffe9c0761c8 [ 328.753414][T10144] [ 328.961774][T10145] FAULT_INJECTION: forcing a failure. [ 328.961774][T10145] name failslab, interval 1, probability 0, space 0, times 0 [ 328.974510][T10145] CPU: 0 UID: 0 PID: 10145 Comm: syz.0.1018 Not tainted syzkaller #0 PREEMPT(full) [ 328.974529][T10145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 328.974538][T10145] Call Trace: [ 328.974544][T10145] [ 328.974550][T10145] dump_stack_lvl+0x100/0x190 [ 328.974570][T10145] should_fail_ex.cold+0x5/0xa [ 328.974589][T10145] should_failslab+0xc2/0x120 [ 328.974607][T10145] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 328.974629][T10145] ? do_timer_create+0x209/0x1480 [ 328.974650][T10145] do_timer_create+0x209/0x1480 [ 328.974668][T10145] ? __might_fault+0xc5/0x140 [ 328.974691][T10145] ? __pfx_do_timer_create+0x10/0x10 [ 328.974715][T10145] __x64_sys_timer_create+0x182/0x1d0 [ 328.974733][T10145] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 328.974756][T10145] ? rcu_is_watching+0x12/0xc0 [ 328.974776][T10145] do_syscall_64+0x10b/0xf80 [ 328.974794][T10145] ? clear_bhb_loop+0x40/0x90 [ 328.974811][T10145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.974826][T10145] RIP: 0033:0x7f747679cdd9 [ 328.974839][T10145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.974858][T10145] RSP: 002b:00007f7477619028 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 328.974873][T10145] RAX: ffffffffffffffda RBX: 00007f7476a16090 RCX: 00007f747679cdd9 [ 328.974883][T10145] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000000000000007 [ 328.974892][T10145] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 328.974901][T10145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.974910][T10145] R13: 00007f7476a16128 R14: 00007f7476a16090 R15: 00007ffe9c0761c8 [ 328.974932][T10145] [ 330.690934][T10142] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 330.710958][T10142] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 330.728656][T10142] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 330.745621][T10142] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 332.045602][T10208] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1036'. [ 332.548244][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 332.734623][T10217] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1040: iget: checksum invalid [ 332.782313][T10217] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 332.793399][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 332.799458][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 332.805464][ T4941] Bluetooth: hci2: command 0x0c1a tx timeout [ 332.892633][T10217] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1040: iget: checksum invalid [ 333.003325][T10217] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 333.079112][T10226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'. [ 333.090248][T10228] random: crng reseeded on system resumption [ 333.114770][T10217] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1040: iget: checksum invalid [ 333.131235][T10230] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1043'. [ 333.230370][T10217] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 333.332275][T10217] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.1.1040: iget: checksum invalid [ 333.461712][T10217] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 333.510831][T10217] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 333.585589][T10217] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 335.317757][T10273] block2mtd: illegal erase size [ 337.055930][T10304] __vm_enough_memory: pid: 10304, comm: syz.1.1059, bytes: 4398046511104 not enough memory for the allocation [ 342.196593][T10404] netlink: 'syz.2.1092': attribute type 1 has an invalid length. [ 342.239252][T10404] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1092'. [ 344.936659][T10438] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.1100'. [ 348.403979][T10511] netlink: 'syz.1.1127': attribute type 1 has an invalid length. [ 348.438285][T10511] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1127'. [ 349.052452][T10516] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 349.193786][T10516] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 349.332434][T10516] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 349.459441][T10516] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 350.948073][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 351.268125][ T4941] Bluetooth: hci1: command 0x2016 tx timeout [ 351.347886][ T4941] Bluetooth: hci3: command 0x2016 tx timeout [ 351.507846][ T4941] Bluetooth: hci2: command 0x0c1a tx timeout [ 352.535778][T10560] FAULT_INJECTION: forcing a failure. [ 352.535778][T10560] name fail_futex, interval 1, probability 0, space 0, times 0 [ 352.598134][T10560] CPU: 0 UID: 0 PID: 10560 Comm: syz.2.1130 Not tainted syzkaller #0 PREEMPT(full) [ 352.598157][T10560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 352.598169][T10560] Call Trace: [ 352.598174][T10560] [ 352.598180][T10560] dump_stack_lvl+0x100/0x190 [ 352.598202][T10560] should_fail_ex.cold+0x5/0xa [ 352.598221][T10560] get_futex_key+0x1d2/0x1510 [ 352.598239][T10560] ? __pfx_get_futex_key+0x10/0x10 [ 352.598254][T10560] ? __pfx_core_sys_select+0x10/0x10 [ 352.598276][T10560] futex_wake+0xea/0x530 [ 352.598298][T10560] ? __pfx_futex_wake+0x10/0x10 [ 352.598319][T10560] ? poll_select_finish+0x36e/0x670 [ 352.598336][T10560] ? __pfx_poll_select_finish+0x10/0x10 [ 352.598356][T10560] do_futex+0x32b/0x350 [ 352.598372][T10560] ? __pfx_do_futex+0x10/0x10 [ 352.598392][T10560] __x64_sys_futex+0x34f/0x4d0 [ 352.598410][T10560] ? __pfx___x64_sys_futex+0x10/0x10 [ 352.598429][T10560] ? rcu_is_watching+0x12/0xc0 [ 352.598449][T10560] do_syscall_64+0x10b/0xf80 [ 352.598468][T10560] ? clear_bhb_loop+0x40/0x90 [ 352.598485][T10560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.598500][T10560] RIP: 0033:0x7fcff899cdd9 [ 352.598513][T10560] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 352.598527][T10560] RSP: 002b:00007fcff98870e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 352.598541][T10560] RAX: ffffffffffffffda RBX: 00007fcff8c15fa8 RCX: 00007fcff899cdd9 [ 352.598551][T10560] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fcff8c15fac [ 352.598559][T10560] RBP: 00007fcff8c15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 352.598568][T10560] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 352.598576][T10560] R13: 00007fcff8c16038 R14: 00007ffeca87b400 R15: 00007ffeca87b4e8 [ 352.598595][T10560] [ 355.110324][T10595] blktrace: Concurrent blktraces are not allowed on sda1 [ 357.167254][T10628] FAULT_INJECTION: forcing a failure. [ 357.167254][T10628] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 357.235245][T10628] CPU: 0 UID: 0 PID: 10628 Comm: syz.1.1146 Not tainted syzkaller #0 PREEMPT(full) [ 357.235268][T10628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 357.235277][T10628] Call Trace: [ 357.235282][T10628] [ 357.235288][T10628] dump_stack_lvl+0x100/0x190 [ 357.235310][T10628] should_fail_ex.cold+0x5/0xa [ 357.235327][T10628] ? prepare_alloc_pages+0x16d/0x5f0 [ 357.235348][T10628] should_fail_alloc_page+0xeb/0x140 [ 357.235366][T10628] prepare_alloc_pages+0x1f0/0x5f0 [ 357.235384][T10628] ? __kernel_text_address+0xd/0x30 [ 357.235402][T10628] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 357.235426][T10628] ? __lock_acquire+0x4a5/0x2630 [ 357.235442][T10628] ? __lock_acquire+0x4a5/0x2630 [ 357.235456][T10628] ? stack_trace_save+0x8e/0xc0 [ 357.235478][T10628] ? lock_acquire+0x1b1/0x370 [ 357.235491][T10628] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 357.235517][T10628] ? css_rstat_updated+0x1ce/0x5a0 [ 357.235547][T10628] ? rcu_is_watching+0x12/0xc0 [ 357.235565][T10628] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 357.235587][T10628] ? policy_nodemask+0xed/0x4f0 [ 357.235615][T10628] alloc_pages_mpol+0x1fb/0x540 [ 357.235633][T10628] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 357.235651][T10628] ? __memcg_slab_post_alloc_hook+0x734/0xff0 [ 357.235675][T10628] alloc_pages_noprof+0x1a/0x160 [ 357.235695][T10628] pgd_alloc+0x4d/0x630 [ 357.235714][T10628] ? mutex_init_lockdep+0xf1/0x120 [ 357.235731][T10628] mm_init+0x6da/0x10d0 [ 357.235751][T10628] mm_alloc+0x97/0xd0 [ 357.235769][T10628] alloc_bprm+0x2af/0x710 [ 357.235786][T10628] do_execveat_common.isra.0+0x19c/0x580 [ 357.235803][T10628] ? do_getname+0x191/0x390 [ 357.235825][T10628] __x64_sys_execveat+0xdf/0x130 [ 357.235843][T10628] do_syscall_64+0x10b/0xf80 [ 357.235860][T10628] ? clear_bhb_loop+0x40/0x90 [ 357.235881][T10628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.235896][T10628] RIP: 0033:0x7f561cd9cdd9 [ 357.235909][T10628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 357.235924][T10628] RSP: 002b:00007f561db88028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 357.235939][T10628] RAX: ffffffffffffffda RBX: 00007f561d015fa0 RCX: 00007f561cd9cdd9 [ 357.235948][T10628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 357.235957][T10628] RBP: 00007f561ce32d69 R08: 0000000000001000 R09: 0000000000000000 [ 357.235967][T10628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.235976][T10628] R13: 00007f561d016038 R14: 00007f561d015fa0 R15: 00007fff57405018 [ 357.235995][T10628] [ 357.954554][T10641] can: request_module (can-proto-5) failed. [ 360.371795][T10695] binder: 10681:10695 ioctl c00c620f 200000000080 returned -22 [ 362.198204][T10701] kexec: Could not allocate control_code_buffer [ 366.826870][T10822] nvme_fabrics: missing parameter 'transport=%s' [ 366.959279][T10822] nvme_fabrics: missing parameter 'nqn=%s' [ 370.839182][T10892] FAULT_INJECTION: forcing a failure. [ 370.839182][T10892] name failslab, interval 1, probability 0, space 0, times 0 [ 370.903312][T10909] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1217'. [ 370.931963][T10892] CPU: 0 UID: 0 PID: 10892 Comm: syz.1.1212 Not tainted syzkaller #0 PREEMPT(full) [ 370.931986][T10892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 370.931995][T10892] Call Trace: [ 370.932001][T10892] [ 370.932007][T10892] dump_stack_lvl+0x100/0x190 [ 370.932029][T10892] should_fail_ex.cold+0x5/0xa [ 370.932050][T10892] should_failslab+0xc2/0x120 [ 370.932067][T10892] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 370.932089][T10892] ? vm_area_dup+0x27/0x8e0 [ 370.932113][T10892] vm_area_dup+0x27/0x8e0 [ 370.932134][T10892] __split_vma+0x18c/0xd90 [ 370.932157][T10892] ? __mpol_equal+0xaf/0x340 [ 370.932175][T10892] ? __pfx___split_vma+0x10/0x10 [ 370.932206][T10892] vma_modify+0x12ad/0x25c0 [ 370.932231][T10892] ? __lock_acquire+0x440/0x2630 [ 370.932247][T10892] ? __pfx_vma_modify+0x10/0x10 [ 370.932275][T10892] ? register_lock_class+0x40/0x560 [ 370.932300][T10892] vma_modify_policy+0x238/0x300 [ 370.932326][T10892] ? __pfx_vma_modify_policy+0x10/0x10 [ 370.932364][T10892] mbind_range+0x175/0x550 [ 370.932386][T10892] do_mbind+0x7dc/0xfd0 [ 370.932409][T10892] ? __might_fault+0xc5/0x140 [ 370.932431][T10892] ? __pfx_do_mbind+0x10/0x10 [ 370.932454][T10892] ? _copy_from_user+0x59/0xd0 [ 370.932481][T10892] ? __pfx_get_nodes+0x10/0x10 [ 370.932501][T10892] kernel_mbind+0x1b7/0x200 [ 370.932522][T10892] ? __pfx_kernel_mbind+0x10/0x10 [ 370.932543][T10892] ? rcu_is_watching+0x12/0xc0 [ 370.932563][T10892] do_syscall_64+0x10b/0xf80 [ 370.932582][T10892] ? clear_bhb_loop+0x40/0x90 [ 370.932600][T10892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.932614][T10892] RIP: 0033:0x7f561cd9cdd9 [ 370.932628][T10892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 370.932642][T10892] RSP: 002b:00007f561db88028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 370.932656][T10892] RAX: ffffffffffffffda RBX: 00007f561d015fa0 RCX: 00007f561cd9cdd9 [ 370.932667][T10892] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 370.932676][T10892] RBP: 00007f561ce32d69 R08: 0000000000000003 R09: 0000000000000003 [ 370.932685][T10892] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 370.932694][T10892] R13: 00007f561d016038 R14: 00007f561d015fa0 R15: 00007fff57405018 [ 370.932714][T10892] [ 371.384133][T10931] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 371.384133][T10931] The task syz.1.1218 (10931) triggered the difference, watch for misbehavior. [ 373.027526][T10965] usb usb26: usbfs: process 10965 (syz.3.1226) did not claim interface 0 before use [ 377.454146][T11001] kexec: Could not allocate control_code_buffer [ 378.014067][T11051] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 378.555482][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.571718][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.323840][T11042] kexec: Could not allocate control_code_buffer [ 385.215692][T11198] ICMPv6: process `syz.2.1280' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 387.175994][T11247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1289'. [ 387.203601][T11248] FAULT_INJECTION: forcing a failure. [ 387.203601][T11248] name failslab, interval 1, probability 0, space 0, times 0 [ 387.265791][T11248] CPU: 0 UID: 0 PID: 11248 Comm: syz.2.1290 Not tainted syzkaller #0 PREEMPT(full) [ 387.265814][T11248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 387.265824][T11248] Call Trace: [ 387.265830][T11248] [ 387.265835][T11248] dump_stack_lvl+0x100/0x190 [ 387.265857][T11248] should_fail_ex.cold+0x5/0xa [ 387.265878][T11248] should_failslab+0xc2/0x120 [ 387.265896][T11248] __kmalloc_cache_noprof+0x7a/0x6f0 [ 387.265916][T11248] ? rfkill_fop_open+0x1cc/0x480 [ 387.265937][T11248] rfkill_fop_open+0x1cc/0x480 [ 387.265954][T11248] ? __pfx_rfkill_fop_open+0x10/0x10 [ 387.265971][T11248] misc_open+0x26d/0x450 [ 387.265990][T11248] ? __pfx_misc_open+0x10/0x10 [ 387.266006][T11248] chrdev_open+0x234/0x6a0 [ 387.266025][T11248] ? __pfx_apparmor_file_open+0x10/0x10 [ 387.266048][T11248] ? __pfx_chrdev_open+0x10/0x10 [ 387.266071][T11248] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 387.266095][T11248] do_dentry_open+0x6d8/0x1660 [ 387.266112][T11248] ? __pfx_chrdev_open+0x10/0x10 [ 387.266135][T11248] vfs_open+0x82/0x3f0 [ 387.266159][T11248] path_openat+0x208c/0x31a0 [ 387.266184][T11248] ? __pfx_path_openat+0x10/0x10 [ 387.266209][T11248] do_file_open+0x20e/0x430 [ 387.266229][T11248] ? __pfx_do_file_open+0x10/0x10 [ 387.266261][T11248] ? alloc_fd+0x476/0x790 [ 387.266280][T11248] ? do_getname+0x191/0x390 [ 387.266303][T11248] do_sys_openat2+0x10d/0x1e0 [ 387.266324][T11248] ? __pfx_do_sys_openat2+0x10/0x10 [ 387.266353][T11248] __x64_sys_openat+0x12d/0x210 [ 387.266375][T11248] ? __pfx___x64_sys_openat+0x10/0x10 [ 387.266400][T11248] ? rcu_is_watching+0x12/0xc0 [ 387.266421][T11248] do_syscall_64+0x10b/0xf80 [ 387.266439][T11248] ? clear_bhb_loop+0x40/0x90 [ 387.266457][T11248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.266471][T11248] RIP: 0033:0x7fcff899cdd9 [ 387.266484][T11248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 387.266500][T11248] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 387.266515][T11248] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 387.266524][T11248] RDX: 0000000000000000 RSI: 0000200000002200 RDI: ffffffffffffff9c [ 387.266534][T11248] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 387.266543][T11248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.266551][T11248] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 387.266571][T11248] [ 393.528146][T11368] ubi0: attaching mtd0 [ 393.663315][T11368] ubi0: scanning is finished [ 393.712767][T11368] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 394.112443][T11368] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 394.754216][T11382] ICMPv6: process `syz.0.1326' is using deprecated sysctl (syscall) net.ipv6.neigh.veth0_to_bridge.base_reachable_time - use net.ipv6.neigh.veth0_to_bridge.base_reachable_time_ms instead [ 395.099810][T11375] FAULT_INJECTION: forcing a failure. [ 395.099810][T11375] name failslab, interval 1, probability 0, space 0, times 0 [ 395.114989][T11382] loop13: detected capacity change from 0 to 8 [ 395.171935][T11375] CPU: 0 UID: 0 PID: 11375 Comm: syz.2.1324 Not tainted syzkaller #0 PREEMPT(full) [ 395.171965][T11375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 395.171974][T11375] Call Trace: [ 395.171980][T11375] [ 395.171987][T11375] dump_stack_lvl+0x100/0x190 [ 395.172008][T11375] should_fail_ex.cold+0x5/0xa [ 395.172028][T11375] should_failslab+0xc2/0x120 [ 395.172047][T11375] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 395.172069][T11375] ? __mpol_dup+0x74/0x390 [ 395.172092][T11375] __mpol_dup+0x74/0x390 [ 395.172111][T11375] ? __pfx___mpol_dup+0x10/0x10 [ 395.172129][T11375] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 395.172150][T11375] ? sp_alloc+0x27/0x160 [ 395.172171][T11375] sp_alloc+0x4d/0x160 [ 395.172190][T11375] mpol_set_shared_policy+0xa5/0x890 [ 395.172214][T11375] ? __pfx_shmem_set_policy+0x10/0x10 [ 395.172231][T11375] mbind_range+0x339/0x550 [ 395.172253][T11375] do_mbind+0x7dc/0xfd0 [ 395.172276][T11375] ? __might_fault+0xc5/0x140 [ 395.172297][T11375] ? __pfx_do_mbind+0x10/0x10 [ 395.172320][T11375] ? _copy_from_user+0x59/0xd0 [ 395.172347][T11375] ? __pfx_get_nodes+0x10/0x10 [ 395.172367][T11375] kernel_mbind+0x1b7/0x200 [ 395.172388][T11375] ? __pfx_kernel_mbind+0x10/0x10 [ 395.172409][T11375] ? rcu_is_watching+0x12/0xc0 [ 395.172429][T11375] do_syscall_64+0x10b/0xf80 [ 395.172447][T11375] ? clear_bhb_loop+0x40/0x90 [ 395.172465][T11375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.172480][T11375] RIP: 0033:0x7fcff899cdd9 [ 395.172493][T11375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.172507][T11375] RSP: 002b:00007fcff9887028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 395.172522][T11375] RAX: ffffffffffffffda RBX: 00007fcff8c15fa0 RCX: 00007fcff899cdd9 [ 395.172532][T11375] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 395.172541][T11375] RBP: 00007fcff8a32d69 R08: 0000000000000003 R09: 0000000000000003 [ 395.172550][T11375] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 395.172559][T11375] R13: 00007fcff8c16038 R14: 00007fcff8c15fa0 R15: 00007ffeca87b4e8 [ 395.172579][T11375] [ 395.812229][T11391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1328'. [ 405.648389][T11546] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1364'. [ 405.791613][T11546] team0: Port device team_slave_0 removed [ 405.878144][T11549] can: request_module (can-proto-0) failed. [ 406.833848][T11571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1371'. [ 409.666150][T11604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 409.696921][T11604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 409.730684][T11604] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 409.767018][T11604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 410.209655][T11631] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1383'. [ 410.225579][T11622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1381'. [ 410.734312][ T29] audit: type=1800 audit(1843106643.709:12): pid=11633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1384" name="members" dev="configfs" ino=44621 res=0 errno=0 [ 411.282837][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 411.762855][ T5622] Bluetooth: hci1: command 0x2016 tx timeout [ 411.768977][ T4941] Bluetooth: hci3: command 0x2016 tx timeout [ 411.843036][ T5622] Bluetooth: hci2: command 0x0c1a tx timeout [ 414.789321][T11710] FAULT_INJECTION: forcing a failure. [ 414.789321][T11710] name failslab, interval 1, probability 0, space 0, times 0 [ 414.946122][T11710] CPU: 0 UID: 0 PID: 11710 Comm: syz.0.1401 Not tainted syzkaller #0 PREEMPT(full) [ 414.946145][T11710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 414.946154][T11710] Call Trace: [ 414.946160][T11710] [ 414.946166][T11710] dump_stack_lvl+0x100/0x190 [ 414.946189][T11710] should_fail_ex.cold+0x5/0xa [ 414.946208][T11710] should_failslab+0xc2/0x120 [ 414.946227][T11710] __kmalloc_cache_noprof+0x7a/0x6f0 [ 414.946247][T11710] ? percpu_ref_init+0xec/0x3f0 [ 414.946269][T11710] ? __pfx_blk_queue_usage_counter_release+0x10/0x10 [ 414.946292][T11710] percpu_ref_init+0xec/0x3f0 [ 414.946313][T11710] blk_alloc_queue+0x574/0x790 [ 414.946329][T11710] blk_mq_alloc_queue+0x174/0x290 [ 414.946348][T11710] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 414.946376][T11710] ? blk_mq_alloc_tag_set+0xe2c/0x1330 [ 414.946399][T11710] __blk_mq_alloc_disk+0x29/0x120 [ 414.946418][T11710] loop_add+0x498/0xb60 [ 414.946440][T11710] ? __pfx_loop_add+0x10/0x10 [ 414.946472][T11710] ? find_held_lock+0x2b/0x80 [ 414.946491][T11710] ? __fget_files+0x215/0x3d0 [ 414.946510][T11710] loop_control_ioctl+0xae/0x620 [ 414.946533][T11710] ? __pfx_loop_control_ioctl+0x10/0x10 [ 414.946557][T11710] ? __pfx_loop_control_ioctl+0x10/0x10 [ 414.946579][T11710] __x64_sys_ioctl+0x18e/0x210 [ 414.946596][T11710] do_syscall_64+0x10b/0xf80 [ 414.946614][T11710] ? clear_bhb_loop+0x40/0x90 [ 414.946632][T11710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.946647][T11710] RIP: 0033:0x7f747679cdd9 [ 414.946660][T11710] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.946674][T11710] RSP: 002b:00007f74775f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 414.946689][T11710] RAX: ffffffffffffffda RBX: 00007f7476a16180 RCX: 00007f747679cdd9 [ 414.946698][T11710] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 414.946707][T11710] RBP: 00007f7476832d69 R08: 0000000000000000 R09: 0000000000000000 [ 414.946716][T11710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.946724][T11710] R13: 00007f7476a16218 R14: 00007f7476a16180 R15: 00007ffe9c0761c8 [ 414.946743][T11710] [ 416.059720][T11720] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 416.069709][T11720] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 416.096720][T11720] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 416.127083][T11720] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 417.687361][ T4941] Bluetooth: hci0: command 0x2016 tx timeout [ 418.086017][ T4941] Bluetooth: hci1: command 0x2016 tx timeout [ 418.166226][ T4941] Bluetooth: hci2: command 0x0c1a tx timeout [ 418.172473][ T5622] Bluetooth: hci3: command 0x2016 tx timeout [ 420.723462][T11821] ================================================================== [ 420.723479][T11821] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 420.723504][T11821] Read of size 26 at addr ffff888034525ee8 by task syz.2.1427/11821 [ 420.723517][T11821] [ 420.723525][T11821] CPU: 0 UID: 0 PID: 11821 Comm: syz.2.1427 Not tainted syzkaller #0 PREEMPT(full) [ 420.723542][T11821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 420.723554][T11821] Call Trace: [ 420.723559][T11821] [ 420.723565][T11821] dump_stack_lvl+0x100/0x190 [ 420.723581][T11821] print_report+0x13d/0x4b0 [ 420.723603][T11821] ? __virt_addr_valid+0x239/0x430 [ 420.723626][T11821] ? fbcon_prepare_logo+0x94e/0xc60 [ 420.723641][T11821] kasan_report+0xdf/0x1d0 [ 420.723658][T11821] ? fbcon_prepare_logo+0x94e/0xc60 [ 420.723676][T11821] kasan_check_range+0x10f/0x1e0 [ 420.723695][T11821] __asan_memcpy+0x23/0x60 [ 420.723716][T11821] fbcon_prepare_logo+0x94e/0xc60 [ 420.723734][T11821] fbcon_init+0x1065/0x1830 [ 420.723751][T11821] visual_init+0x320/0x620 [ 420.723769][T11821] do_bind_con_driver.isra.0+0x636/0x9c0 [ 420.723790][T11821] store_bind+0x609/0x730 [ 420.723811][T11821] ? __pfx_store_bind+0x10/0x10 [ 420.723829][T11821] dev_attr_store+0x58/0x80 [ 420.723846][T11821] ? __pfx_dev_attr_store+0x10/0x10 [ 420.723862][T11821] sysfs_kf_write+0xf2/0x150 [ 420.723885][T11821] kernfs_fop_write_iter+0x3e0/0x5f0 [ 420.723904][T11821] ? __pfx_sysfs_kf_write+0x10/0x10 [ 420.723926][T11821] vfs_write+0x6ac/0x1070 [ 420.723943][T11821] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 420.723963][T11821] ? __pfx_vfs_write+0x10/0x10 [ 420.723984][T11821] ksys_write+0x12a/0x250 [ 420.723999][T11821] ? __pfx_ksys_write+0x10/0x10 [ 420.724016][T11821] ? rcu_is_watching+0x12/0xc0 [ 420.724034][T11821] do_syscall_64+0x10b/0xf80 [ 420.724052][T11821] ? clear_bhb_loop+0x40/0x90 [ 420.724069][T11821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.724084][T11821] RIP: 0033:0x7fcff899cdd9 [ 420.724095][T11821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 420.724110][T11821] RSP: 002b:00007fcff9866028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 420.724124][T11821] RAX: ffffffffffffffda RBX: 00007fcff8c16090 RCX: 00007fcff899cdd9 [ 420.724134][T11821] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000007 [ 420.724143][T11821] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 420.724152][T11821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.724161][T11821] R13: 00007fcff8c16128 R14: 00007fcff8c16090 R15: 00007ffeca87b4e8 [ 420.724175][T11821] [ 420.724180][T11821] [ 420.724183][T11821] Allocated by task 992: [ 420.724194][T11821] kasan_save_stack+0x30/0x50 [ 420.724209][T11821] kasan_save_track+0x14/0x30 [ 420.724222][T11821] __kasan_kmalloc+0xaa/0xb0 [ 420.724234][T11821] __kvmalloc_node_noprof+0x360/0xa00 [ 420.724249][T11821] bucket_table_alloc.isra.0+0x88/0x460 [ 420.724269][T11821] rhashtable_rehash_alloc+0x68/0x110 [ 420.724289][T11821] rht_deferred_worker+0x1872/0x1fd0 [ 420.724309][T11821] process_one_work+0xa0e/0x1980 [ 420.724322][T11821] worker_thread+0x5ef/0xe50 [ 420.724335][T11821] kthread+0x370/0x450 [ 420.724346][T11821] ret_from_fork+0x72b/0xd50 [ 420.724360][T11821] ret_from_fork_asm+0x1a/0x30 [ 420.724378][T11821] [ 420.724381][T11821] The buggy address belongs to the object at ffff888034525e00 [ 420.724381][T11821] which belongs to the cache kmalloc-192 of size 192 [ 420.724393][T11821] The buggy address is located 72 bytes to the right of [ 420.724393][T11821] allocated 160-byte region [ffff888034525e00, ffff888034525ea0) [ 420.724408][T11821] [ 420.724414][T11821] The buggy address belongs to the physical page: [ 420.724435][T11821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34525 [ 420.724456][T11821] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 420.724472][T11821] page_type: f5(slab) [ 420.724489][T11821] raw: 00fff00000000000 ffff88813fe2e3c0 dead000000000100 dead000000000122 [ 420.724505][T11821] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 420.724515][T11821] page dumped because: kasan: bad access detected [ 420.724524][T11821] page_owner tracks the page as allocated [ 420.724529][T11821] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5871, tgid 5870 (syz.3.25), ts 88462419816, free_ts 87912453340 [ 420.724555][T11821] post_alloc_hook+0x153/0x170 [ 420.724575][T11821] get_page_from_freelist+0x11a6/0x33b0 [ 420.724597][T11821] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 420.724620][T11821] new_slab+0xa6/0x6c0 [ 420.724637][T11821] refill_objects+0x277/0x420 [ 420.724657][T11821] __pcs_replace_empty_main+0x375/0x650 [ 420.724678][T11821] __kmalloc_noprof+0x688/0x850 [ 420.724698][T11821] __register_sysctl_table+0xbe4/0x1650 [ 420.724716][T11821] neigh_sysctl_register+0x326/0x660 [ 420.724730][T11821] devinet_sysctl_register+0xb6/0x210 [ 420.724748][T11821] inetdev_init+0x2b8/0x570 [ 420.724764][T11821] inetdev_event+0x7fa/0x17f0 [ 420.724781][T11821] notifier_call_chain+0x99/0x400 [ 420.724802][T11821] call_netdevice_notifiers_info+0xbe/0x110 [ 420.724820][T11821] register_netdevice+0x18fe/0x24b0 [ 420.724834][T11821] register_netdev+0x34/0x50 [ 420.724848][T11821] page last free pid 97 tgid 97 stack trace: [ 420.724856][T11821] __free_frozen_pages+0x747/0x1040 [ 420.724873][T11821] qlist_free_all+0x47/0xf0 [ 420.724894][T11821] kasan_quarantine_reduce+0x1a0/0x1f0 [ 420.724906][T11821] __kasan_slab_alloc+0x69/0x90 [ 420.724920][T11821] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 420.724942][T11821] __alloc_skb+0x140/0x710 [ 420.724954][T11821] inet_netconf_notify_devconf+0x9d/0x170 [ 420.724971][T11821] inetdev_event+0xa70/0x17f0 [ 420.724988][T11821] notifier_call_chain+0x99/0x400 [ 420.725007][T11821] call_netdevice_notifiers_info+0xbe/0x110 [ 420.725024][T11821] unregister_netdevice_many_notify+0x118f/0x24f0 [ 420.725041][T11821] default_device_exit_batch+0x946/0xc60 [ 420.725056][T11821] ops_undo_list+0x363/0xab0 [ 420.725071][T11821] cleanup_net+0x499/0x920 [ 420.725086][T11821] process_one_work+0xa0e/0x1980 [ 420.725099][T11821] worker_thread+0x5ef/0xe50 [ 420.725112][T11821] [ 420.725115][T11821] Memory state around the buggy address: [ 420.725122][T11821] ffff888034525d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 420.725132][T11821] ffff888034525e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 420.725142][T11821] >ffff888034525e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 420.725150][T11821] ^ [ 420.725158][T11821] ffff888034525f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 420.725168][T11821] ffff888034525f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 420.725176][T11821] ================================================================== [ 420.751263][T11821] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 420.751278][T11821] CPU: 0 UID: 0 PID: 11821 Comm: syz.2.1427 Not tainted syzkaller #0 PREEMPT(full) [ 420.751298][T11821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 420.751307][T11821] Call Trace: [ 420.751313][T11821] [ 420.751319][T11821] dump_stack_lvl+0x100/0x190 [ 420.751339][T11821] vpanic+0x552/0x970 [ 420.751353][T11821] ? __pfx_vpanic+0x10/0x10 [ 420.751370][T11821] ? fbcon_prepare_logo+0x94e/0xc60 [ 420.751386][T11821] panic+0xd1/0xe0 [ 420.751399][T11821] ? __pfx_panic+0x10/0x10 [ 420.751414][T11821] ? fbcon_prepare_logo+0x94e/0xc60 [ 420.751429][T11821] ? preempt_schedule_common+0x42/0xc0 [ 420.751457][T11821] check_panic_on_warn.cold+0x19/0x34 [ 420.751472][T11821] end_report.part.0+0x3a/0x90 [ 420.751494][T11821] kasan_report.cold+0xe/0x18 [ 420.751515][T11821] ? fbcon_prepare_logo+0x94e/0xc60 [ 420.751533][T11821] kasan_check_range+0x10f/0x1e0 [ 420.751552][T11821] __asan_memcpy+0x23/0x60 [ 420.751573][T11821] fbcon_prepare_logo+0x94e/0xc60 [ 420.751592][T11821] fbcon_init+0x1065/0x1830 [ 420.751609][T11821] visual_init+0x320/0x620 [ 420.751627][T11821] do_bind_con_driver.isra.0+0x636/0x9c0 [ 420.751650][T11821] store_bind+0x609/0x730 [ 420.751671][T11821] ? __pfx_store_bind+0x10/0x10 [ 420.751690][T11821] dev_attr_store+0x58/0x80 [ 420.751707][T11821] ? __pfx_dev_attr_store+0x10/0x10 [ 420.751724][T11821] sysfs_kf_write+0xf2/0x150 [ 420.751747][T11821] kernfs_fop_write_iter+0x3e0/0x5f0 [ 420.751767][T11821] ? __pfx_sysfs_kf_write+0x10/0x10 [ 420.751789][T11821] vfs_write+0x6ac/0x1070 [ 420.751805][T11821] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 420.751829][T11821] ? __pfx_vfs_write+0x10/0x10 [ 420.751850][T11821] ksys_write+0x12a/0x250 [ 420.751866][T11821] ? __pfx_ksys_write+0x10/0x10 [ 420.751883][T11821] ? rcu_is_watching+0x12/0xc0 [ 420.751901][T11821] do_syscall_64+0x10b/0xf80 [ 420.751919][T11821] ? clear_bhb_loop+0x40/0x90 [ 420.751936][T11821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.751951][T11821] RIP: 0033:0x7fcff899cdd9 [ 420.751963][T11821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 420.751978][T11821] RSP: 002b:00007fcff9866028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 420.751993][T11821] RAX: ffffffffffffffda RBX: 00007fcff8c16090 RCX: 00007fcff899cdd9 [ 420.752003][T11821] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000007 [ 420.752013][T11821] RBP: 00007fcff8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 420.752023][T11821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.752032][T11821] R13: 00007fcff8c16128 R14: 00007fcff8c16090 R15: 00007ffeca87b4e8 [ 420.752047][T11821] [ 420.752111][T11821] Kernel Offset: disabled