last executing test programs: 14.652838433s ago: executing program 1 (id=3800): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) read$auto_debug_help_fops_orangefs_debugfs(r1, &(0x7f0000000340)=""/231, 0xe7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/\xffev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffWP\x97)\xcf\xff\x96\x89\x8e\x01\x15\xa5\x18]\xfa\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14\x0efm\xb6w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@5\x1a\"\x9em\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xba\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\x00\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x84k8\x83\xe5\xd7\xb4\xf1\x01\xa2\xf1\xf9B\xd8\x1c\xb7T\xbbl\xd5\xd3\xebf\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x80203, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x121081, 0x0) statx$auto(r1, 0x0, 0x6d7, 0x80000008, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x5, 0x4380, 0x1) mlock$auto(0x112, 0x80006) mmap$auto(0x4000000000009, 0x400008, 0xdf, 0x9b75, 0x2, 0x7fff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80000, 0x6) r2 = socket(0x2, 0x1, 0x0) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x15) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mlockall$auto(0x800000000000005) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x5, 0x73) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) 8.936073188s ago: executing program 1 (id=3808): sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002d0008000700"/18, @ANYRES32, @ANYBLOB="0800080004"], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) r2 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) socket(0x2, 0x1, 0x106) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r4 = openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x70) renameat2$auto(r4, 0x0, r4, 0x0, 0x5) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_SET_HALT(r2, 0x4004550d, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x2, 0x0, 0x0, 0x1}, 0xf}, 0x3, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0x4]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000440)={[0x10000000001ff, 0x4, 0xd, 0xffffffffffffffff, 0x3, 0x10, 0x2, 0x2, 0x4, 0x62, 0x80000026, 0x7, 0x6d3e, 0x8, 0xd, 0x40000000001]}, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x1a5d80, 0x0) r6 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) select$auto(0xf, 0x0, 0x0, 0x0, 0x0) wait4$auto(r6, 0x0, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0x180}, 0x2, &(0x7f0000000340), 0x7, 0xa505}, 0x800}, 0x7, 0x6) 7.124835696s ago: executing program 2 (id=3812): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xca, 0x2, @_sigchld={r0, 0x0, 0x401, 0x5, 0x3}}}) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) getsockopt$auto_SO_PASSCRED(r1, 0x3, 0x10, &(0x7f0000000280)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', &(0x7f0000000000)=0xffffffff) write$auto(r2, 0x0, 0xfffffdf1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/afs/cells\x00', 0x80000, 0x0) pwrite64$auto(0xc8, 0x0, 0x10, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) chdir$auto(0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x2004c0c4) socket(0x11, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r3, 0x8038550a, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8000ffff}, 0x3) fsetxattr$auto(r2, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) ioctl$auto_FS_IOC_SETFLAGS2(r2, 0x40086602, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) mmap$auto(0x0, 0x202000c, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r4, 0x127a, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sda\x00', 0x60742, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) 7.110777051s ago: executing program 0 (id=3820): sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002d0008000700"/18, @ANYRES32, @ANYBLOB="0800080004"], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) r2 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) socket(0x2, 0x1, 0x106) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r4 = openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x70) renameat2$auto(r4, 0x0, r4, 0x0, 0x5) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_SET_HALT(r2, 0x4004550d, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x2, 0x0, 0x0, 0x1}, 0xf}, 0x3, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0x4]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000440)={[0x10000000001ff, 0x4, 0xd, 0xffffffffffffffff, 0x3, 0x10, 0x2, 0x2, 0x4, 0x62, 0x80000026, 0x7, 0x6d3e, 0x8, 0xd, 0x40000000001]}, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x1a5d80, 0x0) r6 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) select$auto(0xf, 0x0, 0x0, 0x0, 0x0) wait4$auto(r6, 0x0, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0x180}, 0x2, &(0x7f0000000340), 0x7, 0xa505}, 0x800}, 0x7, 0x6) 7.10994251s ago: executing program 1 (id=3814): mmap$auto(0x80000, 0x401, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000000080) socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x204900, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyyc\x00', 0x800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0x1000000000c4) 6.4002899s ago: executing program 1 (id=3815): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = epoll_create$auto(0x1) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0xc3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0xa, 0x5, 0x0) getsockopt$auto(r2, 0x84, 0x2, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r3, 0x1, 0x7ff) ptrace$auto(0x2, r3, 0xa1d, 0x887) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/dynamic_events\x00', 0x201, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001100)=ANY=[@ANYRES64=r1, @ANYRES16=r4, @ANYBLOB="010b0bbd7000fcdbff7f05"], 0x14}, 0x1, 0x0, 0x0, 0x4008010}, 0x4040084) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f00000010c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4090021}, 0xc, &(0x7f0000001080)={&(0x7f0000000040)={0x1020, r4, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x2}, @NL80211_ATTR_STA_FLAGS={0x1004, 0x11, 0x0, 0x1, [@generic="390fe4fce3a6e3cb19f30a9925ab8477e8c091948f57b9a42981dfd86081db956d0bafa39ba8424895505de3e320e23ed86a826e5493a2145c1a9c173e99e26390a891bcf821f8cd8bf29120bf15de23378a3acfbb59a2f64014d3a8fd2a9f478a7c9e2acfb95de33a1e96e15c90f7449a9462300287714fe0c47b59920be61f6413e093efd199193d26888dd84951889f945f975cb3b6d0fb53240d45249d1fe952522844757ba6ba0174ab9caeb3ff90ec7351c3cad6502de61a413e37f1ec5020d1e38c255aacaec63fe3ea115d3d4462c521903ed2c95a9246adf01863f89db743180dfd0dd7e44d6aca228525d115b06319e35c30796eb50068c84427872e2a34d51e8c623f8428ff51ae91517cc199ccc20aa513b28857e15d987f63d6a51e6ef0551cfda53441ca2b947e3122249da984d6118ce4dd563b5e47781797b446c4d2752711844d2ed3d5cb56c2dabd896169a873fae49468ec9f3244c244ec23acb48279e5f1f8d6c59b3aa143abe7b17ca4e68f1837791a54f8fb8a671f8a4896afe98844a64a5c0b34498f3df06a41e0af1f80a16121b7cb0d50047faff0082d18f269ad88f4d17c611384ac5cf6402502bb2967c1875ad1a9f0edae0e7e08fa52b25986b517b894ce5232d72afcace05d939ec7f4e36bdc1d3873aa8b15cee4f185b4e4b3eb9d35459fb6b367b5bf4c0d2ca7344b0061c69fc3ca555502008abbd8fa26cdddd633183b614041e125fe88ef40280ec16be4fbbe70fa95e4dd7e923fcfa1749581cf9e9e5bafa8ba9fa17fc91b18b747893c0ade27a3825cf85a268b0a472507ff4dfa3464c40b47193fdc9ffd6a11a4bf9b5ebd550efbeaa285450f8c3e14d89f01124bb7bcab057db73b0b3b1e0f73d8ae261c1537b1b69754184c28d7ae88d6fe3819ddc9408a0db7ea428b9ca1c1e7734acd2bf3cd99fcfdd8d1174e2c53b3d88a232f28b6392bd7e8729560ee9cc77a7a8bb3cc36d8946bf4bb180ca1e01d3c2d3ae83249a3e038fdd924a8677a921127d939523b3edc3fd02f2db7051a6bf9b5678afc4920756540a53c84df0610aa7a693dd69cba08e89083a84dee4d750c634e76cae54276524d85ae4a54b4f71771502c4e9161b2088bae4aedd7d4014fce0d1bae3ff7a9fe0fd01299fb07dc2ebfb601534d5ffeb8ae7dd6f3fd04b2535f8f04f9b832bf113d83bb83b6da0767163e5becf2357bef5d69023def3aa3104af00ed2d095b66490ea223ec76bbafd9a91af8d61c9736d0c5708e052513d0343a44e385b4f601c2a29d90db404c33545b030757e864edf2d125310eacf94bc3fa08f06b057fa65a64ccbfce39440530bcfe57414dae5df5961578759c46162b41bcf5eb4e755385183d45086bb341637b8a207bc923a8f22851ecaf3c385c65ab6162abc7c1f8c5f51d08ed8bce6794ab9e639ec524d8d58aa52c478b08371beff1699ccdddf0aa3baea69d5491f1efd51fd8448ee3dc804a60c64620c48c569a427574a3d420f9c29763ed043b11f8842b7a7c40edb9b83c3b4c584993c21ce766a69090dab0ce456b122f45ecb52162ae55afcb9bc7be937a988608c0e20a2777f9dcd173404de9e9211fe5b1f9fcfbbeaa3b6ad1448a45f8c97d3483a589bf6415748006bf3372870c028db8d47e26a47d09454aa86a73571fe14b352bd69a9753cbc98c52b7f2b7d65b5aa6af37a94ae8bf052dc4074328adfd58296529ec28b9079929121eb957f67fa3173887fca5280154c3c6d857a5b82d85db96c2f1581e292c94925d2ad22bf8cdb36d09486aae4c3b97af75d769ffce28c95719c79e29d72182935ffee0b4160402bfdfc71cc4d726048d4c6bbc68c4af3854c58e583462829273aa2284f73def51e709fa3f66296277d133fc9e07b593c3d6686123e01c739731c40c04894cb9443b78b0b4c062412f53c8f8ca4a070696b2fa08df4cb9d720c0a019882fe3c58a47f71cfc610ff7f20c0b2288c6ae500aaedacea692a9b60ab2318b6f9889fb076fa0f9d4a8fb647b91a700d1b6dc5da2eedd7e76400035465e80962b827d81c1a69fbc59668713887239582686c9f58bbb4e389677e20a6b76c2a9771514a908031e44d50ed5aec009e79f476d1b83734b62cce02aed0756866975e870f879b92fe1d608a0068e1a8773725be0d8e21987570248c5a3bbd1e21432873839123e0a04181edf67758f8839757756406c2a2df18ccd08034c89999589a0c4c477e0abd04faed3fd862b949c0c0f3433763bc7827b5cdb3dfb5b3dc640f58b93840b587206d4b2b5314c6ccc79384c0454e0502b6a1a519e3041c98f67af679e98f8768809e123db9da3a10b10efce50a851d0e249827104d428fbdea28675dae971f323063912e3877fb2fe7cd7b7d21dbd144707907539c62539e7022300fcc912c4417bc4160b9c0d04f20b3eb19b4e63dbde07b636380a63c65c1279367c7bef88a6fce2d1e2c34ef5bccb72f459a84e81b2726a599eec5e037c7e9b49fad457f1721749f96027afc109c085c9cc3da58fca8939d47982e0c28a2b48b73b8f915120a1faf7dad18fd9354ce07480527767e63cd116689097ae31817be6f95794a22a96b4ce5cd71361e14b31de4aa01eb3ad386dd7f0922878bf7e37f801e6e3450ffd19a906c5aac1153040c3b46cdb25101020abe447c4ac6bad3d4e500704b027482ee187a2cd8e254bd07416c6fdce04d03e43a66e114dd390182dada29f5bcb11afbbd38cb55cf87cba3c199ebfda6446f645867ac943cef2f61471265935c50bd802b65929ee32b15c2a17837c0cdd20c88ded3c5cad2e8a2b128715966ae8da68b62e3a066ef8e4d91786772aca475d9f9c87ed7570712c53fcef5107ef8b971b55be0a7e05045e2577a7adb3256fe8674a2eb68620573553035b8de4354c13efb0e7f1f51a2aa0a212bcc73aef99c719dcf246484282bc52052d985595accb4ba6b5389a8f3d78fe976a7ca3077f1ab191d5a36d7ce7d9bc3a57f3c00099b5e864560b29abeb1b5f10da2b6e3a4748c2cd64e8a7bf03ac6879d5f266ef3d3eef981173c00e21d2f37daa8a34f64ce440323e113c6307d600a4fc0772ce0db3b43bd9c202ad59d2d44b93e96a21d727ecdda73eba7b9dee085db024f731e13909bb86d2e785bcf73efa696186749fef5d7642f822a945e228eac30009f406be44941b90ed67ce0e587bcad8f678a46b5b7d9a4735e5117f6aa3f1087a5dd070608313f79063fd58e4260aac655ef72c0c552bd3345517375f2230ba7204a133fe62e62bbb782b95e6ee51cf59c24cf25a27bb5bc8513c93d72e8eac4fd1ec8c98fca0413c050df5a0bbad7c1a18081714da83134c16fdd8c2e96bc26e152eb90421c97574674d6da38867fd838a89c38a51e736dda3c733d29a906b7c8eec32409daee4c1ed0bf420f8dc5d5a5d1c0e455828b912018f9dc9fcd54f3c6f8d01b29d0941732dae49a44b450abb10067b8ba4ce023ab21b81cad622772e7a1ee0d0f39351ffdfbbdeb1bcba9b4a174201d4edf35b7f4332ea458f016e21adbccec0e519008657f526563fb1b0de1ed43501eb022cdeb107d63c062e6a34c18a54172efa4f942e51cbbb8442b0d2eea4d6c5f6fded4b6f56e36d555c53d23a6acf2ec2ae45c16706635166a5acb74f2569b1ebaf42c8da0256b87e03e83a429cb5b87851c1cab14605bb6d95b976873f7c1920da15c1bd2151f2800cb55ba5bf236cd2e4f118506523406a872ef7cdfd860322d84fa5cbac90710f064c32dfae79847243ec50f85479468f61cb5b1645f61f42d3f72744996df94e8131e3072857a50a90c3384f7a8e3534697856ab7a4ea3984066ce5b076a73fc4f050b54c5eedfe1bff7ae25dd7a92a4f180b175c2d1be45dc4b11037c145897af217a874621a9f661c35991263667e00946546e91fd010ef655638e2df5cb4237248eebc28860dbad04da3883dc11cfff988c0bf97721ce5db4cb320c5a197ba939e2b417ae825cc9d573085695edd6b6d2d87229b83561bad0ff17492f5e2476bf90be0d69fddd7c8cba86e85ad283470a50deade82342cf97b6dc30a0b9bc6610074707900f3d187a89bf061587fd3c720452c1cb7888b629463f87c4457114f923a901fbf8f94e93c7d161937ec2ce600e7fc1f8a14fce1c3d8d9c2b97d53ba1ad3792eef2bf841ffc354a4a1996baab49fb1e4d32382ddcda36183d77a106c79d75648e606d1db4de0bc8bae2ebf9d28f95184030c7189dab7559a00533107e1f9da8037f5d2a9e281cf79d1d24e5097e96959b89c2bf73d4e93ef0233d3f35a5e170549a0a40798311d7d241005cf23495575e2d3eede7c6f5ca5ea234472e029afcca6ac5105d947710ce16d406f35124c5fc9c85a84918b5e29c24ef34d8708540eaad5e723128e43daf5f0fe554ce64f30f54f00a5b3db26d1450f0ed8bcbeb22c5172d8253b618a7ec350c6d48feac1ddd96fd2a63e9e092736ad4510eac6f21e08e26de77805c92e93aeb2dcc485902b3d7983c176dca281a0182baf8a2ab257a61031188cd839347893d8ea238dcb3bc0fdcd555dd2d973cda165c1641091e7b101729462d3f596897fec00e959afb77a138bcb3807a9c39b9f9282ca23e1eacb284a37995ffeea02f670e6b946593c756534451e2c17af0eb9e56d80096fe4aa61a95e7b34f6764248cb585e1202013fcea710ed48a8c4bce901568470a74373fed268c0d94606d03a3c50893d57cab0047002161008b6955c5f5817a97566ff2fe58f1ea4eec5a8c3e259947128241e993a3e5cf46d9f8e19634743090ed53eaf204d483b18e7ee450996997b552549374e25d95c272b167de46500d165aa03a60c29d6c3086704a21a72970c627575248f7cd9ed98be10da1aabe8a45b300914414e6ae4624fa9d588d0bd7509358cd209ac864fe345cf3ff4d95f9407cb2e928475f04e3331f3a0688606912c49703c6307f75b5039ed9bcf7e3a79786e460ffcc7484f20e1b0c8869369c7426bfec8090e0f7221b86756b18ab9337448676ea6340873d0b94979649a0d31ed42072c3f7601ddb8cdf153b5452fb55ae80810aaf4f1a9d356f27c86294fd5f4ab4fe587ac201673475901421d4a64be8ec083ae5384e58ada88e4acf74181022e032a2722deb193f0f97cb73cb8ac7772c4c3a0d26f797192b094e88790987ef1a92c8e9cbca4e1030b33b7e9c04848fcd19a3d276c4a68089956ec19784c312f735d2a9eb435edcab6f8f0a27beb1b0d4b5d47a20a1cc88daf0f30679237d4508009baf42a90b6a85fb8ad448f70a25aa865f8440d10cea695961384c32172e13a0138c314fa756adf39b0534cf8b0342cde24dc0cc189e3e89f779304caa5b6e8c9d173a4ead0c0f9db7710be1c1fe97b2fe196e648a69a4b4040d518846e344535c30307e2e79d5aae3ac9aa9f199f447ac0a24af773424ddd539e9edf6cd4fc93dbe3fc9a6d6ef685fe514d31c0c0d39a1c200c1e00763ec9e8fb63a3a033f3f4c9cc7f9b9599946d512d01b066ad90ac89a357d428d639c4d4164fbaaeb6406cd48e1a173e2e7bb1ea6cf737dbf1f07c954e7603abb13e478340271713f800419d53387500fd65f8ae04c2eeb3315f58ed4943a2fa968e98528514a30f3aa6859ba49678bc57a712567370a10d1300a05702304378a4ed684f46c0e495eb92f68ad1a0343ce42379fc135629cb7587472a0e861c627a0dfaac4860af6e2558bb5afdcaa47f9abe024b5f385ffaaecb29183c"]}]}, 0x1020}, 0x1, 0x0, 0x0, 0x4008024}, 0x20018840) 5.587687859s ago: executing program 1 (id=3816): mmap$auto(0x80000, 0x401, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000000080) socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x204900, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyyc\x00', 0x800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto_IPC_INFO(0x6, 0x3, 0x0) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0x1000000000c4) 3.791443421s ago: executing program 0 (id=3818): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) read$auto_debug_help_fops_orangefs_debugfs(r1, &(0x7f0000000340)=""/231, 0xe7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/\xffev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffWP\x97)\xcf\xff\x96\x89\x8e\x01\x15\xa5\x18]\xfa\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14\x0efm\xb6w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@5\x1a\"\x9em\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xba\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\x00\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x84k8\x83\xe5\xd7\xb4\xf1\x01\xa2\xf1\xf9B\xd8\x1c\xb7T\xbbl\xd5\xd3\xebf\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mbind$auto(0x8000000000002004, 0x0, 0x7, 0x0, 0x6, 0x2) mmap$auto(0xbaef, 0x2020009, 0x81, 0xeb1, 0xfffffffffffffffa, 0x200000000008002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/mq/0/nr_tags\x00', 0x20000, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0x18, 0xa, 0x1) socket(0x2c, 0x2, 0x3) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x2, 0x3}}, 0x55) prctl$auto(0x5, 0x1, 0x0, 0x0, 0x4) mmap$auto(0x3, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = socket(0x1, 0x2, 0x3a) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x2404c800) mmap$auto(0x0, 0x8000000000000400, 0xe2, 0xeb1, r1, 0x4) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x3, 0x400008, 0xde, 0x8000009b72, 0x2, 0x40000008000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop6\x00', 0x70642, 0x0) fcntl$auto_F_SET_RW_HINT(r3, 0x40c, 0x0) io_uring_register$auto(r2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) kexec_load$auto(0x5, 0x2, 0x0, 0x4) shmctl$auto_SHM_LOCK(0xff, 0xb, 0x0) 3.791115446s ago: executing program 2 (id=3821): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xca, 0x2, @_sigchld={r0, 0x0, 0x401, 0x5, 0x3}}}) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) write$auto(r1, 0x0, 0xfffffdf1) fsetxattr$auto(r1, &(0x7f0000000180)=':\xbf+<\x8a}\x00\xeb\xfa\xe6\x8d\x02\\VD\x04\x00\x00\x00*\x80\xa4\xf4vql\xa9\x05o\xf7\x9e\xfd\xf7\x00\x00\x00\x00H_/Z>n\xf5F\xbf\xd3\xefi\x91\x88\x1daIu7\xef!\xd0\x04\xdes\xfe`\xf5e;4\xbek\xf9\xec%\xbc\xd4\xfc`\xb9\n\xb5\xa5V\x98\x14]\x8a\x03\xd9', 0x0, 0x7bd, 0x1) ioctl$auto_FS_IOC_SETFLAGS2(r1, 0x40086602, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) mmap$auto(0x7, 0x8, 0x4cd, 0xeb4, 0xfffffffffffffffa, 0x200aeb) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r2, 0x127a, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sda\x00', 0x60742, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mremap$auto(0x3, 0x8, 0x1f449f79, 0x23, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x50) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0x1003}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0x2}, 0x2, 0x0) process_vm_readv$auto(r4, 0x0, 0xfffffff7fffffd, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) write$auto(0x1, 0x0, 0x80000000) 3.790849604s ago: executing program 3 (id=3822): close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) stat$auto(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000004c0)={0x10, 0x51, 0xe44e, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x8, 0x8, 0x8, 0x8000000000000000, 0x4, 0x3, 0x1, 0x6d, 0xb89}) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x20100, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40802, 0x0) read$auto(r0, 0x0, 0xb4d3) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001540), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_KEY_SET(r1, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f0000000240)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x42000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) 2.792877715s ago: executing program 3 (id=3823): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/amidi2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x7) mmap$auto(0xc, 0x60009, 0x4000000000df, 0xfb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x5, 0x84) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/vm/dirty_bytes\x00', 0x8a042, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) setsockopt$auto(0x3, 0x10000000084, 0x72, 0x0, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WOWLAN(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf254a000000abb485c272e156200bc66696ea9b05d53fcb46cdea5e227f20ea27846eae49192bbbee7c3b059ee673eb196cbf758915ad0d32383f2cb95f300e5a298c4f34b0e98cd68af9d349f9047f"], 0x58}}, 0x4004010) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x1c9082, 0x0) sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0x400000000808) getsockopt$auto(0xffffffffffffffff, 0x6, 0x22, 0x0, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) clock_getres$auto(0x8, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/bus/pci/00/03.0\x00', 0x1, 0x0) write$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f00000001c0)="92875baa63a4f65710fc2b1ecabfbf882056254085f6accd8bd8e9e46f2a004b0da598e2367298d06888e1802f9be312c6fc17e9953f877b0c431709408649bead93980fbfe29395bed4604aed3b53f7423483c5daec42f30ead69332a94aac0e9edb6b75fd0858683afc02723a75d7ede8bc3a51875191dfb1df0d66dc50e94b403972dfd0672ae7d02b36ab4125efb0c5489cff529922118281dd0d5a683b892a7b54ee6a5e58db6588510c2e181e668ab6d7937d026ee35d992ac282205086f70ba1f3afeb508dc868a95c753d00848e6fbf2589bf62b3c3c1a423a6a0654", 0xe0) read$auto(0xffffffffffffffff, 0x0, 0x100000001) writev$auto(r0, 0x0, 0x3) socket(0x28, 0x5, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x60000, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) setsockopt$auto_SO_TIMESTAMPING_OLD(r1, 0x20000000, 0x25, &(0x7f0000000140)='/dev/binderfs/binder1\x00', 0x4) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xffffffffffffffff, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) 2.665822278s ago: executing program 2 (id=3824): mmap$auto(0x80000, 0x401, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000000080) socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x204900, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyyc\x00', 0x800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0x1000000000c4) 2.338190237s ago: executing program 2 (id=3825): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$auto_RTC_IRQP_READ(r1, 0x8008700b, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0xffffffff, 0x14, &(0x7f00000003c0)='\x00\x00+\xa2\xc7\x92\x00\x00\x00\x00\x00\x00\x03\x90\xf9\xe8\x11\x80\a :w\xac[\xbb\xac\xe3\xe0\xff8g:\x04\x00\x00\x00\x00\x00\x00\x00=r\x03\x95\x87\xbaM\xd80=\x81\x8ez\xab\xc3^\xb0\x03Ijj\xc4\xf9\xe6\x84P\x15q\xaa\xc8\x03\xba\x8c\xe3\xc3r\xb8\x1b\x98\xe8\xbc\x11.\xd9A\xb3P\xfa\x04\x95\xfc*\v\xb8\xc5\x16Z\xb7\x82\xbc\x96o\xd2G\xf8\x0f`\xa1\x1f\xc6\xd6\xc5\xdcM\x17\x11\xd2\x12\x988\xa3`\xad[UI\xf7\xc7\xcc\x13XH\xc1\x02\x84$\x97;\xebM`\x7f\xe4\x8dbe\xd8\x901\x8e\'\x10\xf6`^\xd28Xk\x03\x8d\b\xbd\xe2d\\\x11w(\xc7D!,6\x01\x00\x9f\x8bxg\xe2\xfc~\x006\x17\x9b9?,\xd8\n\x82r\x12\xa9\xfd@\x90&\xd3l\xa7[\x9bx\xf7\xb9[m\x9a\xee\"\x9e\x81|\xa4\x8f5\xea\t\x02Axu\xe9io`\x81\xb5\x89\x01\xa0\xa8~]\xd8]\x14}\x8c\xacRc\r\xb7.\x7f\xb3\x85\xff\xf5\xb0\x11/\x80{\xab)\x05\xb3HHU\xcb\x00', 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0x5, 0x2000000013, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0xd278, 0x20020003) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) socket(0x25, 0x1, 0x106) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0xa901, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0xa040, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) shutdown$auto(0x200000003, 0x2) r2 = socket(0x2, 0x1, 0x0) r3 = getpgrp(0xffffffffffffffff) fcntl$auto_F_SETOWN(r2, 0x8, r3) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r0, &(0x7f0000003600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000035c0)={&(0x7f0000000500)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf2502000000a6000180a01756fe85487dc1947a05f6c142f0e1ad18472254939fc6192e8f930cb6201858f172b0cb9df09c4d24f1ddf5d978c30ea0ec6e0aa87dae644e66a6c08188dee62c40f2dbe2b1797df27ab321aa1d64d4a32d5b0754f2d9dee8fdb569dcf13029314e69df1094334d58fadb54f1f978ca366b96243991e3519d2edb9d41cd431687d2be096294e313f6c7a3f08401effb80a044aae7c575f94708002c800400d2800000f40001801800068014001600fe8000000000000000000000000000aad50032804500bf00bc78263681383c84f7b1da2a56767fa88f8fc093d89e7947f8a6fddf819fcf7cd1c7152fd3d9280d0241c949017cceb5c6b16c2077db139a260daa38dd0dde6edd0000000400438008007200", @ANYRES32=0x0, @ANYBLOB="0400ca8004001c8004005e80da96dadc0f1785d2e9f0753386791e881ec8269e42f24c9448c6715ce6231b5556c627f042f462f6ab3c561ba99bb53162049abbc12487b1a373c40540d1a02755f7da8aca238aee2d1fb39b469318b4caf79e81d19c3e1141ac9c6ba87e7f45abaa7c1e807266e98ae37319c54a10504c000000ff02018008005f00010000007f01538008005b00e000000208008c00", @ANYRES32=0x0, @ANYBLOB="0400838004002680772d9218ce207790d42ee5eb210fcc043f444b9b9d2297f64ae2d8da9a942d2b963d448091294f4d42abc07fa40e6c85d4df3afaaf90b31e63e4db20fa450bb0ef8a32884c8ddbb5756f371567107b53964c2d69120d4c9ac943ad15d703a7a4a3343cf267e21ed71370282ed1cfca45d39536a7c716c8787a8a825bc1baa9ae91577f2829f3aa341f227a78ae769a85112c942e0a18f6d5d0f49249cb4745bf4d89c1314edc89d4fbcd9ed93abdb6cf12404886ad313b098f8374e1c70400048092b1755512741faaea9d5a165da0ff501e860006d87ada5aec0b0aa7ad7790c9cda9ac412b0d34d528e0c34708553c8911bc369b19450953835e765aeaa37e881e793b2d2f5797a184099777af065167078464690873021ec6eb6a1af45f0c7ab5b103a8976ff5e03ec04f47f000ba63229b933e34792f0dbc47d81d6d26df18624715e1aea6aec8ad9f06c4f87d357b117880832bed12df07c708000200", @ANYRES32=0xee01, @ANYBLOB="00140115800400118008006e00", @ANYRESOCT, @ANYBLOB="00014600755e47709f90c1a99d522cb52153b8c41259d9f9c3380c3c82164e434d67d307fb5e25ef505f284a9daf5fd6750375bfc320170b7fba9e25d341e07cbf7d54ccab1b6633884c886a325e7ba5eacb5f3338521d3c59fcc08b878d8e01910bbaeab4c398b44f459987a80db0ad34ba723ecb168df0796500000000b07de913f5edec5524febf7a7c2c6fd1436540bd972ecdccac3df2d79306cf52061894911951f1a91e57894d1b477d68bea21a104932782f5e0934ca471845d3c396aa7fad2a141d86fda4928e7ff3d345538466cd256374f5b7d1743ed3a6e7b524e714510964a04d77a425c663bca2c18f46adefa29a43b711a47bff040038808bbbe770efaf48aaa42aa78f7b40c3ceba07508a8d06b6e802f2278197bc62da954ca3a45d0c1b5c8b69a4329d210dd5315fa7f348e2995339ae1136c7584a77f36f83a634b29fcb9c91bf8a89f94ae6bfde2a6caded0408003a00000000000000", @ANYRES32=0x0, @ANYBLOB="00370301802695d140885bd04d180df77a97a60a60ff9b9ca5e2bdd9aa2c69535e9390ba337c3884e48d49cfc86070689bd6f5884ee02ac91cdc3977282a48cc14514b4f4bc89e52fecaed25df536e81bb79d2d3c0a863727aa6c9d05caafd510c0110504219032f18928031b0b0c3cea8bf630e1468dd50f1f851b213434d0ba4bfb9a26278e9aecc3b31b100388214922caf5507d374c7af8b1bce5c78f43aca8c4061a3726f3add5d704edf5c22cf193396ae3c46d03056f10a549bee861c83422c5c4b648fabea789372a869a2404ccd40274fe002b53985a2c4bdfbac29417e6733c29b2c5ede1e32378b89f1f5190ecb10e8205faa8a00a166264774e716beb8680656fd3a3be0a7ed702eba8078867ba77ce41d695f8b60383ac01baa3213cc04ecf1a4f145af2722293a39e1a74ca16a8aed6156e0633be12a7aee1b058e3d12940aec67feefb4c97633649cd102f34b42924ba5b72b247d091981af4afeb632b76d4b5c6e242bf1ba819723f0434aef5173db33241e3ac91a5964a7d4fdc4b088f41c9fe12e54061cc6ab104430692fd1b0bf62b249bc9a5daadecf53b213efd052190400200038a69ac388b73de2efe59ccde7b194dd94386cdc6176012380ced9b576263f2ea8bd446b59224f35f4e35eb98bf0f9ce2f06294d79dfe3a737fb9ff779e6ee032d746831719d9d13787187f8872e48e4d93e1e164f1f62aff66b559de28765e7852133575c076dfd30b6122fd18130bcb2af8ac18526571d005d35ade1f86cefb027188939a942987a62df07c257a1383a3ffdbbe5474ef2dd59f96e128a4e1c9032c3ca8769181d4bf0e0740c6199b5b0ccb8bcabeefed0a7d4d094be1ad44b9cbff43051693a8f70f0dafd27b01e646cf67fa056678e496342fb5755b1042de46ec28e6e1d524141ce58ddbf2cfd1781596d8ed60c852d634d3d063ccc121e1f57d8064f592796cca5c03fd7941f9ac4d82ba0dc2c9604cf11f3e735ebc18ce58161824aac3823e089eaedefb9c38ba1e34d5d1ac13545022bfa2ad72baa9baefcdbcea9db3df537c9041ff8b92056a5ced35d17d9325c6db0c67ff260ae7c3693a47ee43c9f6d27e5f1520930ae7b98ead4cafddf0fdae4e7164a771b712ccc6d1ecd40a2f6ef518e3e0000007e110180f835747bdd62d3b77dad5ed180e9b9073339f90ae5fd6bfd8aa2144a3018f4cd65b053de65d7eee1f6e4cfa51d493f5b812071b4afd8a11faa3f84401dae036e0814171d5421c0f6d3ba045f4c568e3ee9a056bb5908ebcba8f0cc9d3ff808008000", @ANYRES32, @ANYBLOB="1721855a7512f3b7fc8fb294575cf4ae476b3bc610a6d9c8ad1adffb2d8cfa31637b56245b47cc0d198bdae8d8913dcff1f6db7a887f9602724baf96bf05a6a1e136aa5aa0251b4ca37da151d02e3d913e1f02e8b421c4a8092b10676ec9690baf8bca711148de85e7025fda4c33179bd2122664f6bb0b7cc03316b7be3230961d118c33645c54a2f0e569f6a5d1802110c101af43ea5c8c12f07307cd8c7e0360d2d94caac0c1a75a2713bd1c74ebb8651b6e60212cbedbebb4647432faf2256843a5eee4a7208b9bc99faebc6d0e8258f66f23c61a0112809d3b5f81808a46625ae836cc03d9c5b9045c1c98a7858c07fa73f7957fb601f59b94457a07e746ca830ab572a6dc33865d14932c3e0957f91e613150a9de0c5ac43e6bfed659611d59eff98c09c41e708b963a14a7fbf57ba2bd5b7f44fc1ce7861f6606d897e4a521072e5bf2c502ecd92d1cd2838985c956d233eaec2bedaa79cd5e8d3cadae05bc227a9accfe2b0c81ed9e64f4a35e26131f7bf76a791efae04ae49821609fd234ba5bcf9f42d7acd9f2344bc24351e3a46d2d4919b3bbf5e0df870366888494e877cacf6f8fcb9f296d33725794b01eef903218698d3a0c579a8b7cc2a9b8f99ba687e3816d4451332a6c57de8217a1f91950487243ce75a0527a2c0430d9006c1c39f6cdc1bd188aafced34e72c6c4fcd8f4683aff655cbd0ed8feaa8defa9f770821bf30529bd79a9c611e3f5b8ae86cc9c1feee92d55279c2544cae7e31622256b902b9dc7c625aacc53ee77f3d55d8e1cf02cb61fa2ac25198ad28936c7ac0fc57d01410810d1a321fa005853f08dceb037c0ae640ed1dc77f91524a0a64fb04746dea4277d5d0d24bb82ebf51a408332207494ab45eb7c1a2b5e2606da7d377ac2c47893aad4c82276d6f15295aeae42db65a2b4235b6fb23af16425888dfe0d53646557389732b0b540f8c6a397d02beb931899f6af90dbfddb63443ce960a27bf6ee753c6c31e7bf935d7bcb1f009d42eefd2d7867ebe89e87759f292d2d7dad9d1433b4de97f74bad25409b021c5f23535ad4ae8b917c5a5152d3999e4883b42ae1598d707b2a4dea62f30b185891aedacff1dd21eedcc104095efc5474b0433f7984f6f5d55992534d3fda8645eb86923d1d6401852c4cdd34d94ebd945b1fcaf16f23fec9bdc10f5f91313ba4a445340237a3a4171e28e24623d6fa43415714f435c1236409b6036c1ebf078001f025eafeebbcc80cfb15e4084e0a3a0f3ce4920536dc2691c22654a1a998d8b7bebfe05f1aca3bcefb0dba96749cdd0a35a0688f8e50784236c3772e7c5ac1e9f97e5210d005f5c0ed63effe83c5116bf8e9be241ae34ef5cfa03a8a575b64570cf515e9558650c909203230af857bcf3d85c5a9076a9c36abe2d85844965b76966058091494669a5ed331b92913ccebceb21ff9fe1cbf04d4ee0270c22ad061ed4264eeb128fcf7edf6a25b8eb1a03b131c1e2024078e45ba441baa5715a4bd22860eee25496f025dc22d4eabf6bf3cb9475056a713cf597abfa3f9d626b1fc951e2f4e2d32d7c8674fff0988a1bdbf984a5dbfb04d6b29011d9af4a9a297632f4142495c5e48a9d49de68340e573112d8decb02496891bfa7209b966dd262a3cf20334b15cf6b0644c5c1c4db85d56b800c7f030bdeb36cf5360ab24434d15cae40576606bc872585a641d7d2da108c79ea6d06dde2ab142d858093f06f831df8d95041097fe7954f6a614078ed6271c8488bfbe1da9c69ffa72c8df5ec85635df3ae805771dd6280f0860e643a3aedbfcb891a046441cda5699d550f93fb87fe74b15a98ef7bce037323e5a22cc4c57dbb7a15ae20fbb8a4a726e7b8e4fe229114a978810f02dcd30e345d88592525b36bac3cdbc40bab08203c950c855e38f141cffe239902aabcd923c971eaa66277778bdbea85c24b2c9420a22e1336c99683b3ae19e292c2d0b7b96491e52daa2a9c5393f32b7dafc21ddc00a85d1f9a36aab50b1aac2d6f82f4c5777fa3945f52e6227337b19b7c0c3dd8e57f25da28aba376b9548db1318157637a66884a529be19c799c5747f75c5782425fe2e922db19c918c36ea25c627e1a713791634157292cce13629c0a0a89850addf4695e6fce3a28af9eca5d45a90e664bc68fdf79d6fc8397dba539a9f3d84baa72c9d2c2e0c88979606327fc9551c9a616537a23e0b66f9f884c75d1ac28a9abe7ad8416dc50c28abac18dbbc7b22f3f65d8c68efbb510224469b10a58928db33fc29b3b340ce5734569f8de23c2cdc1db32495ae0e1a1ba13e6419ad3d5566687f97a88b6529e5baa0491a5525d0bcc21c4689b888604270e3e47049b6d2aceedb7561b198ea82af34149d2a6f89b7c9c28a40f4c1536481033d959c29227e28f7cf64247c90590a438007bfcc662f15b1f6ede87ae8b90071dd30b30a20da3dcbb3e66c087525e16e481d5c49b809980f5c201962c1281552e598cfe1478439a4522719a64428d7e68d0cfdc4e6090a35fe95aeed14607530bbf83405b529b2d233e2fd14d03401ef12aeffbdbab15caff43bd2fe7a67c148490ad8d39423929345c537421bfdf771d8bd042fc91870e6965dc92d832ad1714c124e845b81bb4d926ca2d8c0c81ffb6faa18066f6b7ee1d7256b45e1149c5031f527b78c261bd5330be1c4b8a9125e1e9c4cec987833b4d7735f2dc00cf4762a948dc3a05f0ba54657d34f1070329eb115548e8e583e4036ab1b7465a7c369e597a0f4c0510dac519e5df3a38cf4abae0a28d9c041288f1e46dde23a39b62ef54a4ac9ee4762824a5e29225b86e22d9fe9ab49533e2d186e5daca547a8ddbc6b6afa1c533eda91b3c7cb6a136beaeb4b14e5265841bd7f99818a40dac0428fa651ea8b1cd866adc0b8cd1a835c3c8849d06f6cab1eae58fcf2fbc4ad95a88164d72623e2b9e0eedda6d7648bb052e70e70eb7fe60e39c7a8b75804245227b812815554dca85f05cd93406cb77d167745a7a334e918eab94430db6a113e8273950ee89dc117981b0e0532f3dc771bced0fb4b4451ee8b5378711748beb02ddabb395ed68657f20bf545386c556bb90d51e710afb797bc980d3612245135b7ceae569e7c69c15468f3eaebe9cc9afd62f7c7d3cdd0dd05314200ac770e45ca58c45b487d4029c1c037aaac06c7f5d900494a701a86b164a90b02e68a65cc6ac79ee89f7ef6411aa27920f59727f6dcf25a95da83d41c0065d2a7881ecf956e2781e73e07a481398ce3befd1a99e403c397651e50bb31895c9aa832b5d383ce1ab8fcda8f46e8ea623e68fa71ea8f03f19ec020df2c7ac83c0ff708988ca002377fdd52320320b28ceec15e9d2dfc38b4c40f453b5de7de5d9b7b8155cc2cadd16f7aac595e9cea1d9c4244ab9e132d952195cba34f1dc68c56e004ac5b9ebf64d8a8cedf67e481d119afb43345b5220597bf6827eff63d8968bf72bc9627dd061f9f6c6c3072e44f05af0ed3ed71302679c75d0de8e7a32c8e5e2fccfe69eb2f581e7e60f4ecb3383d24c5642021a3e9f51047e0f573dd993397d76c13bc6b0495d60d107a9256aa00df51f7fa986a1bdcf3762ed73482514d95955b3eea60c289fa899ad5e1c952032f9a2babc3401d32a9c1fe49cd1057d3c0a038545012f90de12f0d981eb4d3bac3cb8e3cb6b16d0364462ece730158bfeb0d4219c74c6e5b99dd731d070c7b03da611c04778c4e4c6504aa74c19f4c0d7902385d6f8bdf05af9a6213c4949e15699504b208b5f7a2dfe758770cf4e6109706f2404795926c48b8ae5c2f0ca3322e458f5dad85ced5c427b4eda0ac2a8872b4d8856c6e3487ed1445cf4efc0a1da92b2a39ac9e22adc3d456841b2c2980e01a201170e4c63561641e248003b131c0520b441a37bb2aa362d04f80402ba9556c83154dfb5f2253e6ce37e87fd3de6c032cd7cccabceca686c4a8362a64e01303a32cb26618727a6fe0f02b9d753b387f61f53c4d58895dc85a78da120b53b0a6a970761c05797a2701280a8d48027fc7682d2e505c437dfcb5befcc7bfd6a14d305aa67d4f56a3e33c70e8157a78b4823539f6b9a604361cb1901e6cde228cf931b1739e0d368a6ca82cae4d820b0a949c1c61322344240056939d202e46481e698881236ef37d6f2d41616f334e0b09f081443933538c27e528246c1b9a3bc7d13060e505ab27f62bd5a02c9bece60fe1d4be213343cd28712caeab98869ffff756e77e0e9d5a1c33f26e38c96bc48cb9343f05065b0104b33ceb0d5a92356dada9047e1064f882cab5d15159db5e89b1393753931e8b7ad5c57572e89251289a54b4d3ea5c5812b7378d862f13efe7f1145dd8e0e0cf8858c893572bd46b057dcae06ba57707bdbc462c1250301815c7cb145f1116c15a1d7505a4c1e0d9ebda259832e532518e764715a7c89e289948c9c5c15942cdd1ba71f23a630f0e0fc0209ab843a18dd0f2925a70700ebdb7a5f4f290d1b7f789b6763d052143ac43e8ec2f5a4004743198744870dbf211d75a1f3aef26d239ab3da142ba2e1e5c4e23b7ceb294cc310044ec35a070f6fc57cc48bcae326ab0d26bec74ec3a14ef1e6d51609d27e2de2f3c35c14cc0011ca3b2000cde20ed84b39440e755496172b6cd01c9d2714e13af61e3488f4089d7c5ca5b2fd254d58cad706a61fcd9cb90360f1ea76bda8032d04a24c27f8f91bd7b6247f2d780ad31af96d264b706102e0ff861f9230d4245eeacd8cb4589eb26774997029c9548dad70d3c8658bca69c9b2b14c7738264fd8f9205f4d8832ee406c3a7f0551f8bb81636ad727987dca2cbc6fb30de34d4b2adc1e50e68769c8e6f05fc6df242a069e849cca566c320b566281b11f7094bdef9b1c0048508a00a1570173c8b9ebe002aef953b07477d404231019c8945c9b6751b26b7bd33e2a09287197174b6cae9e391635813c2fcef2e083fe7cae4bdd758fe193af7f845a88b3bce8483e24be234c3d956f093091f852c33237ad19d5db2f4f6af1aa4546a6238123afc25fe75f8d78650642a7b50a8f52b41347e7cccb7821097fce8c0db720bcd40daafa7a9a4fdf8cf5a062f91b5d249c50075dbca64a2050b2e22cb9de7433866ff7e0e47f92a98e525d7bf59d4214e1613008ecaa48cde8ee0341a2f4ed562685a920ddfd3540778dc6bd4567e5a787bdab1779e704ec434a28d76c393e023d310be035c0a75553d393ce1a10c3ae5671269495e262e75def696dc367c323d7b220ecba6fb6eb765c565e18be53a094922beef4d7672043d03a66f16880bf6c2f6cc129b70e60e601bcd41f261b221d2b416449bdb76ebd3c8227fb39522facfb881dc478dcf3c1f5b3aa48890776b29c587577c7aa80b4a32e2a4e07aa466224a4d0b499b5437b1dd3900a28d1a07c5cfc957ffbae50d26c05a27d21cf1b1d9749f2e4e37a4f7fdd110d7df48c36b6b68bc8dd6e6dabe45905b22d343b6de27e6eefa8e5fa5895a548f95826be90d0ad84e92bea8dc722725aeae84233051206be88c3b3a0eeeda67abc4513e6c7ccd42dac5dd2af71687076e2850b9c54c50fb88e3273442b37b3bb3bb86bcf5da47e15203f109e3409ac7256359eba43d82fd5a43216b63b5ce9b9c32786191f9b0fe870b5a38016390e8f34ae84f8d2b5e69ae77068424e57ec4df493bdc833bd5f7ca7fbf5c56f576d7b75cb1f75d201414547f2de5a81c5197e9d8e6dcb133f2d90460d5f94ed3c227fc45b9f8a7b3f7c78488816c10e35000f28008003000", @ANYRES32=0x0, @ANYBLOB="be4ba6eac32787365c0cad577dea8469db23c6718d3600de23028b4dc6d75247c93a4de19e0650a3caf45cdac5f099fc1ba1c96671867f387b39bb51828b25e7ae49f195f953420b66dfaf407940fbbd4ac843c7080510e04ce7544858870b3ba3dc1b00574c93fa278a34b1932fb3b85968ebddc5337d5eb2a65b5b8612e774205418192d5600a5aa5c44b0b3992809882af402f1d6b6b7d1fff4714de7b901c5abf2093e37bd7aaf7368732327c126b33a454c7a4091c0358fb17bf106436870df78d52b92fe9a79035689713b29999f49d986400d77a530196aa50a63907d79f64b669924a605cde601ba0632ddff4b8712c242f2d387d67f70a354ed3179731c492b28e525cd0000640101804300548004005080c065b1ec5295a1703389bc8cd7fe352857ae41d98ec8ef15200aa268cc59263a0fc760f69c235941c7060aedca923c2e07e991d6c6c781ae240d030014002c00fe80000000000000000000000000004404002a00fa00db8004001980d7b81f605a852dbd5523d9ef12c7023ca22f2ede35013c3a0bc95de9fadf1dd7ab9866608e9511ed1a37cdcc89f01b4f4c90acc805975e7072512a4c98376e5398f18d7e0891ff269d2a4eb89c12b3648c718c570138a98632a80eaeebf3b792752e9d3ebe8c87c3669daec43da97bce4f7823a7e7179c54833dc8a43e8fb3fd21e742b8c5c9b2cd5b2a754740f0485709ba6e5a24f6866de90741f6934a692a4439afe12e0cede2447006651a90147784f2da52f80eee5485ab9d87e681c8fd63179a210f26b271c4b49d3855b8ae03300619dddedbe03bd1bc77e9619a8a6a8c532fd00d2a389408d136dcbde1d44e8d7e000008005700e9000000e0020180850041800400be800400548004005080bee0b3fd11706766bd02c8aa41bab42305c374a2bf99479ae36434bf63ff1b0e7736719dd85f5795b0c3147be71ceea5cb357011a7f1d8c2a8ded07fc21674e28eb407a51a5a4624a3b6a68290a0ab0daf03cdd82efcd7a828502f6afacb370035d9d8be6a3fa27053930029c36d6fa30d73d49395000000b6e26c53e8c4f396930431c1af1bc077c644db3d3bf31581818798f82b8eb0341ae81db65d1cf30504c2f29832318b189e41912823511859952346f7635264f965d97a6d969a25f1ddeb77b759d8f0b4f314139fca8b55e9f2dd858604d81c931420d5c176eb58966266dbc8c5b7c4b26444533f1a620f9ac210cab24eeac019091c5934e408b8e2b3c57c94ece91f27a06c65c25b9fe08fcdea93567931e9e0d5aa24185c64a050e695965167fb3ee9627cb923fe74d97a8e8573e5c551b5f2e64c8fc5148ee8528a3e223773e26ddc4e42ae17a523f567ebf3eda94d04f203f2d559483a3c2bc7ed652630e12f9198f586b9d1eb8c22f6b02fc754cbaaaff6157e52f9678b250b1fda453b2e3c79490901ac029d116253a9e45702d7141ac81906e031a4357fa9803be3547ae7e743482ba55de44e5bccac078d55819f0800a400", @ANYRES32, @ANYBLOB="6fa2f6ba04e8d376eee3c6864f435f4f82aa817ec196fcf6c445b8007bd367340bd15d05c7c140e61ac24152043f891bbccd4431028912a00666f5ec6c53b3ab1c10d04c0a956e4df225b2300838da0549a5089e7f551ddf805edc6a5f0636ed58093ecbd2f626dc97cd6227584b3d94dc2d9679cd0f22514c56f1d8d88691432e256d2a4fe3eadd02ed82bd8989540c0fc2070d7b6d3bb27f4d9182e7cbb9ce335d69728abfb4ddc4e6a21696dcd9c497c9816c3002ca0c54bda35395e3138e815f74ab3730dc09baf72be2492ef7ade9fee011ce378b7d8288ab4c74ade0cfd346624e22f2e3aad4e77af26652fd043172d53effaaaf52d0c1b9b5a76575b1e7bf1ea9bb3a4dd6c7f686d36e81"], 0x1dac}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcd, 0x0, 0x567) sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf25010000004f0004008d543bcbae3f42736046a636dc5f0f022c493bf4a74de24c81e3630f4a5dd86992e2f46a45919f6f50a256e565a8abe96ea490217d20be5810017028ee8e13f743fbf02244e8310bbe62b200"], 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x40000000) 1.748720947s ago: executing program 3 (id=3826): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x20000, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/uid_map\x00', 0x109800, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x2a801, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008084}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0x84) r4 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002340), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f0000000000)={0x28, r4, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x46e}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x762}]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0x3) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x2, 0x5, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/rt_cache\x00', 0x1, 0x0) 1.727017004s ago: executing program 2 (id=3827): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x16, 0x0, 0x0, @uid}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000080}, 0x800) pwrite64$auto(r0, &(0x7f00000001c0)='-%+)!\\\x00', 0x2, 0xf6d) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x200, 0x0) r4 = epoll_create$auto(0x200004) epoll_ctl$auto(r4, 0x1, r3, 0x0) ioctl$auto_BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) prctl$auto(0x3e, 0x0, 0x0, 0x4, 0xffff) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto_TIOCVHANGUP2(r4, 0x5437, &(0x7f0000000200)="bf11573002207bfd1bb7a3a1c3b460fe358b8a95f0ceec1c7c3e2636a8a3af83f3ace88a24b006b7a1a1fbeeeb79") openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) signalfd4$auto(0xffffffffffffffff, 0x0, 0x8, 0x800) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/036/001\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r6, 0x5423, 0x0) ioctl$auto_TCFLSH2(r5, 0x800455cc, 0x0) 853.144616ms ago: executing program 3 (id=3828): mmap$auto(0x80000, 0x401, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000000080) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) r2 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r2, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0xf000, 0x0, 0x4}, 0x0) setsockopt$auto(r0, 0x107, 0x5, 0x0, 0x8004) r4 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2082, 0x0) write$auto_drm_edid_fops_drm_debugfs(r4, 0x0, 0x0) syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x200000000000404, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000600)='/dev/v4l-subdev1\x00', 0x282300, 0x0) socket(0x2, 0x5, 0x9) madvise$auto(0x1, 0x9, 0x8) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000100)={{@raw=0xfffffffe, 0x85, 0x20e, 0x9, "669cbbd9e9756f22fdffa188e0f106000000000000000b2f4ab8633824f2d2252ca5f200", @raw=0x6}, 0x0, @integer=@value=[0x42, 0x3, 0x4, 0x6, 0x9, 0xfffffffffffffffb, 0x9, 0x3, 0x101, 0xff, 0x25, 0x4, 0x6, 0x4, 0x7, 0xfffffffffffffffa, 0x1ff, 0x1, 0x400, 0x5, 0x5, 0x2, 0xe294, 0xa2, 0x8, 0x100000000, 0x2, 0x8, 0xae, 0xaeb, 0x3, 0xfffffffffffffffe, 0x5, 0x8, 0xfffffffffffffffe, 0x10000, 0x55e2, 0x7, 0x8000, 0xe, 0xffffffffffffffff, 0x6, 0x9, 0xffffffff, 0x1ff, 0x1, 0x6e7, 0x3, 0x8, 0x9, 0x0, 0x2, 0x7fffffff, 0x7, 0x9, 0x0, 0x401, 0x9, 0x6, 0x100000004, 0xffffffff, 0x800, 0x8001, 0x5, 0x5ed4, 0x1, 0x7, 0x80000003, 0x962, 0x5, 0xfffffffffffffffe, 0x100000001, 0xfffffffffffffff7, 0x401, 0x1, 0x3e44, 0x8, 0x4, 0x9, 0x1, 0xc98c, 0x80068, 0x2, 0x7fff, 0x1, 0x3, 0xfffffffffffffffe, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff, 0x55, 0x8, 0x30, 0x2d, 0x0, 0x3, 0x2, 0x0, 0x726, 0x7fffffff, 0x1000, 0x10000, 0x0, 0x4, 0x1, 0xbf, 0x2, 0x4, 0x0, 0x5, 0x1, 0x0, 0x6, 0x9, 0x8000, 0xffff, 0x7, 0x140, 0x0, 0xc7df, 0xfc05, 0x0, 0x4, 0x6, 0x8, 0x0, 0x0, 0x4], "282f77b07e718ed4d99a34617774e3a82f982e0f05e516c299a28a585e87e0d908e2c8e50de5016f1de5d432da2cc20e951d8fcdc4f791a11996aad5af504c0d9927e62ef70b23a13735a4fe805c1ce1b6b1d83d21bb42794ec925b4547a3d52d4b5210392111e181719fef9d685b6534b171d76ad633f94a608b818600a6c85"}) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 432.043023ms ago: executing program 2 (id=3829): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2b, 0x1, 0x0) sysfs$auto(0x2, 0xd, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0x200003) openat$auto_output_bpc_fops_(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/debug/dri/vkms/Virtual-1/output_bpc\x00', 0x2, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) ioctl$auto_BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000100)=0x1) syz_clone3(&(0x7f0000000180)={0xa7102000, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x2}, 0x58) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x4, 0x4008) statmount$auto(0x0, 0x0, 0x7, 0x281) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x40002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x2, 0x4) r1 = prctl$auto_SECCOMP_MODE_STRICT(0x6, 0x1, 0x0, 0x4, 0xfffffffffffff000) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r1, 0x7, 0xd, 0x2) ioctl$auto(0x3, 0x80044944, 0x10000000000402) open(0x0, 0x22240, 0x155) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/thread-self/net/stat/rt_cache\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f0000000180)=""/250, 0xfa) write$auto(r2, 0x0, 0x100000a3d9) 189.644085ms ago: executing program 3 (id=3830): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto_RTC_SET_TIME(r0, 0x4024700a, &(0x7f00000001c0)={0x1, 0x7, 0x17, 0x8, 0x1, 0x63, 0x10, 0x3, 0x3}) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttysb\x00', 0x4080, 0x0) ioctl$auto_TIOCVHANGUP(r1, 0x5437, &(0x7f0000000080)="40743826b58a14d7e272a4a9de4949ba911a0545f742e38a28c4c56a1003bf9baa47c2fd76e160574317248f4941c02c77cfbee8b4") r2 = ioctl$auto_TUNGETVNETBE2(0xffffffffffffffff, 0x800454df, &(0x7f0000000000)=0xce) read$auto_tracing_stats_fops_trace(r2, &(0x7f0000000200)=""/4096, 0x1000) 0s ago: executing program 3 (id=3831): sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002d0008000700"/18, @ANYRES32, @ANYBLOB="0800080004"], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) r2 = epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) socket(0x2, 0x1, 0x106) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r4 = openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x70) renameat2$auto(r4, 0x0, r4, 0x0, 0x5) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_SET_HALT(r2, 0x4004550d, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x2, 0x0, 0x0, 0x1}, 0xf}, 0x3, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0xe07, 0x8000000000000001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0x4]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000440)={[0x10000000001ff, 0x4, 0xd, 0xffffffffffffffff, 0x3, 0x10, 0x2, 0x2, 0x4, 0x62, 0x80000026, 0x7, 0x6d3e, 0x8, 0xd, 0x40000000001]}, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x1a5d80, 0x0) r6 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) select$auto(0xf, 0x0, 0x0, 0x0, 0x0) wait4$auto(r6, 0x0, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0x180}, 0x2, &(0x7f0000000340), 0x7, 0xa505}, 0x800}, 0x7, 0x6) kernel console output (not intermixed with test programs): mage sequence number: 2636347628 [ 1015.925028][T20807] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1015.991289][T20808] ubi0: detaching mtd0 [ 1015.993422][T20815] ubi0: background thread "ubi_bgt0d" started, PID 20815 [ 1016.056488][T20808] ubi0: mtd0 is detached [ 1016.074832][T20803] ubi0: attaching mtd0 [ 1016.084350][T20803] ubi0: scanning is finished [ 1016.255126][T20803] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1016.295319][T20820] ubi0: attaching mtd0 [ 1016.310889][T20820] ubi0: scanning is finished [ 1016.574017][T20820] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1016.621034][T20820] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1016.644553][T20820] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1016.690966][T20820] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1016.724568][T20820] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1016.752797][T20820] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1016.760881][T20820] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1016.823598][T20820] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1016.851670][T20822] ubi0: detaching mtd0 [ 1016.856014][T20836] ubi0: background thread "ubi_bgt0d" started, PID 20836 [ 1016.884447][T20822] ubi0: mtd0 is detached [ 1017.187847][T20837] ubi0: attaching mtd0 [ 1017.195026][T20837] ubi0: scanning is finished [ 1017.524724][T20837] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1017.546452][T20837] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1017.554083][T20837] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1017.561208][T20837] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1017.568843][T20837] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1017.576086][T20837] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1017.610852][T20837] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1017.686704][T20837] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1017.731002][T20844] ubi: mtd0 is already attached to ubi0 [ 1017.740994][T20851] ubi0: background thread "ubi_bgt0d" started, PID 20851 [ 1017.750392][T20845] ubi0: detaching mtd0 [ 1017.782390][T20845] ubi0: mtd0 is detached [ 1019.341594][T20870] ubi0: attaching mtd0 [ 1019.413842][T20870] ubi0: scanning is finished [ 1019.639985][T20870] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1019.651793][T20870] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1019.661318][T20870] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1019.691358][T20870] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1019.722331][T20870] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1019.729278][T20870] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1019.739368][T20870] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1019.775140][T20870] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1019.788935][T20877] ubi0: detaching mtd0 [ 1019.790440][T20888] ubi0: background thread "ubi_bgt0d" started, PID 20888 [ 1019.868827][T20877] ubi0: mtd0 is detached [ 1019.900437][T20872] ubi0: attaching mtd0 [ 1019.907768][T20872] ubi0: scanning is finished [ 1020.445200][T20872] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1021.765850][T20910] ubi0: attaching mtd0 [ 1021.823536][T20910] ubi0: scanning is finished [ 1022.148073][T20910] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1022.173937][T20910] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1022.203029][T20910] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1022.270646][T20910] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1022.293151][T20930] FAULT_INJECTION: forcing a failure. [ 1022.293151][T20930] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1022.372567][T20910] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1022.385582][T20930] CPU: 0 UID: 0 PID: 20930 Comm: syz.3.3029 Not tainted syzkaller #0 PREEMPT(full) [ 1022.385626][T20930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1022.385646][T20930] Call Trace: [ 1022.385661][T20930] [ 1022.385674][T20930] dump_stack_lvl+0x100/0x190 [ 1022.385729][T20930] should_fail_ex.cold+0x5/0xa [ 1022.385767][T20930] _copy_from_user+0x2e/0xd0 [ 1022.385832][T20930] copy_msghdr_from_user+0x9f/0x4f0 [ 1022.385884][T20930] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1022.385934][T20930] ___sys_sendmsg+0x106/0x1e0 [ 1022.385972][T20930] ? __pfx____sys_sendmsg+0x10/0x10 [ 1022.386043][T20930] __sys_sendmsg+0x170/0x220 [ 1022.386072][T20930] ? __pfx___sys_sendmsg+0x10/0x10 [ 1022.386118][T20930] do_syscall_64+0x106/0xf80 [ 1022.386146][T20930] ? clear_bhb_loop+0x40/0x90 [ 1022.386176][T20930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1022.386200][T20930] RIP: 0033:0x7f445919c799 [ 1022.386220][T20930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1022.386243][T20930] RSP: 002b:00007f44573f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1022.386266][T20930] RAX: ffffffffffffffda RBX: 00007f4459415fa0 RCX: 00007f445919c799 [ 1022.386284][T20930] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000006 [ 1022.386299][T20930] RBP: 00007f44573f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1022.386314][T20930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1022.386329][T20930] R13: 00007f4459416038 R14: 00007f4459415fa0 R15: 00007fff3f561fe8 [ 1022.386359][T20930] [ 1022.689273][T20910] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1022.697439][T20910] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1022.707577][T20910] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1022.731492][T20928] ubi0: background thread "ubi_bgt0d" started, PID 20928 [ 1022.786569][T20915] ubi0: detaching mtd0 [ 1022.842110][T20915] ubi0: mtd0 is detached [ 1024.765013][T20957] ubi0: attaching mtd0 [ 1024.788557][T20957] ubi0: scanning is finished [ 1025.133052][T20957] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1025.140611][T20957] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1025.164659][T20957] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1025.182069][T20957] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1025.189752][T20957] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1025.219951][T20957] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1025.232752][T20957] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1025.243277][T20957] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1025.253778][T20972] ubi0: background thread "ubi_bgt0d" started, PID 20972 [ 1025.260986][T20961] ubi0: detaching mtd0 [ 1025.282433][T20961] ubi0: mtd0 is detached [ 1025.344924][T20967] ubi0: attaching mtd0 [ 1025.381286][T20967] ubi0: scanning is finished [ 1025.616175][T20967] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1025.653012][T20967] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1025.731258][T20967] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1025.741010][T20967] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1025.771734][T20967] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1025.795370][T20967] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1025.841045][T20967] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1025.873529][T20967] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1025.907681][T20984] ubi0: background thread "ubi_bgt0d" started, PID 20984 [ 1025.916604][T20964] ubi: mtd0 is already attached to ubi0 [ 1025.928154][T20962] ubi0: detaching mtd0 [ 1025.969919][T20962] ubi0: mtd0 is detached [ 1026.862619][T20991] ubi0: attaching mtd0 [ 1026.873385][T20991] ubi0: scanning is finished [ 1027.102752][T20991] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1027.126887][T20991] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1027.160631][T20991] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1027.280545][T20991] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1027.344868][T20991] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1027.398098][T20991] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1027.449347][T20991] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1027.503764][T20991] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1027.565916][T21003] ubi0: background thread "ubi_bgt0d" started, PID 21003 [ 1027.580136][T20993] ubi0: detaching mtd0 [ 1027.644888][T20993] ubi0: mtd0 is detached [ 1029.443423][T21026] ubi0: attaching mtd0 [ 1029.449941][T21026] ubi0: scanning is finished [ 1029.726119][T21026] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1029.779301][T21026] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1029.863914][T21026] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1029.916361][T21026] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1029.971295][T21026] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1030.004895][T21026] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1030.045039][T21026] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1030.119131][T21026] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1030.188154][T21029] ubi0: detaching mtd0 [ 1030.190530][T21038] ubi0: background thread "ubi_bgt0d" started, PID 21038 [ 1030.245830][T21029] ubi0: mtd0 is detached [ 1030.254996][T21033] ubi0: attaching mtd0 [ 1030.333494][T21033] ubi0: scanning is finished [ 1030.768293][T21033] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1031.101045][T21047] ubi0: attaching mtd0 [ 1031.111574][T21047] ubi0: scanning is finished [ 1031.227076][T21047] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1031.237019][T21047] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1031.247790][T21047] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1031.265879][T21047] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1031.286300][T21047] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1031.302869][T21047] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1031.320547][T21047] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1031.357547][T21047] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1031.388378][T21052] ubi0: background thread "ubi_bgt0d" started, PID 21052 [ 1031.396229][T21050] ubi0: detaching mtd0 [ 1031.416186][T21050] ubi0: mtd0 is detached [ 1032.667075][T21056] ubi0: attaching mtd0 [ 1032.722408][T21056] ubi0: scanning is finished [ 1033.045365][T21056] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1033.053328][T21056] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1033.075991][T21056] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1033.090965][T21056] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1033.123077][T21056] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1033.160085][T21056] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1033.206101][T21056] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1033.331265][T21056] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1033.392515][T21059] ubi0: detaching mtd0 [ 1033.417893][T21059] ubi0: mtd0 is detached [ 1034.050690][T21087] ubi0: attaching mtd0 [ 1034.075389][T21087] ubi0: scanning is finished [ 1034.235415][T21087] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1034.267255][T21087] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1034.279301][T21087] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1034.308060][T21087] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1034.359667][T21087] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1034.431845][T21087] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1034.476392][T21087] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1034.544120][T21087] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1034.586584][T21094] ubi0: background thread "ubi_bgt0d" started, PID 21094 [ 1034.593842][T21089] ubi0: detaching mtd0 [ 1034.628807][T21089] ubi0: mtd0 is detached [ 1034.681769][T21084] ubi0: attaching mtd0 [ 1034.779081][T21084] ubi0: scanning is finished [ 1035.545968][T21084] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1035.627244][T21084] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1035.737401][T21084] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1035.744988][T21084] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1035.752869][T21084] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1035.759932][T21084] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1035.772026][T21084] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1035.793673][T21084] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1035.815402][T21110] ubi0: background thread "ubi_bgt0d" started, PID 21110 [ 1035.854510][T21117] ubi0: detaching mtd0 [ 1035.870480][T21117] ubi0: mtd0 is detached [ 1035.884094][T21109] ubi0: attaching mtd0 [ 1035.897033][T21109] ubi0: scanning is finished [ 1036.062605][T21109] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1036.082357][T21109] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1036.131036][T21109] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1036.141307][T21109] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1036.169239][T21109] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1036.182287][T21109] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1036.209077][T21109] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1036.240038][T21109] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1036.272205][T21116] ubi0: detaching mtd0 [ 1036.277746][T21121] ubi0: background thread "ubi_bgt0d" started, PID 21121 [ 1036.328025][T21116] ubi0: mtd0 is detached [ 1037.378032][T21133] ubi0: attaching mtd0 [ 1037.453140][T21133] ubi0: scanning is finished [ 1037.778551][T21133] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1037.810955][T21133] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1037.829655][T21133] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1037.839792][T21133] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1037.860082][T21133] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1037.877800][T21133] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1037.896190][T21133] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1037.909748][T21133] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1037.941178][T21146] ubi0: background thread "ubi_bgt0d" started, PID 21146 [ 1037.948335][T21139] ubi0: detaching mtd0 [ 1037.971812][T21139] ubi0: mtd0 is detached [ 1037.976296][T21143] ubi0: attaching mtd0 [ 1037.983225][T21143] ubi0: scanning is finished [ 1038.178629][T21143] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1038.202122][T21143] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1038.230027][T21143] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1038.259657][T21143] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1038.289774][T21143] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1038.356097][T21143] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1038.401106][T21143] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1038.482083][T21143] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1038.550386][T21151] ubi0: background thread "ubi_bgt0d" started, PID 21151 [ 1038.560855][T21144] ubi0: detaching mtd0 [ 1038.609273][T21144] ubi0: mtd0 is detached [ 1039.874031][T21169] ubi0: attaching mtd0 [ 1039.886872][T21169] ubi0: scanning is finished [ 1040.128658][T21169] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1040.174670][T21169] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1040.191021][T21169] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1040.198055][T21169] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1040.218425][T21169] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1040.225965][T21169] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1040.235095][T21169] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1040.245536][T21169] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1040.256650][T21174] ubi0: detaching mtd0 [ 1040.260813][T21182] ubi0: background thread "ubi_bgt0d" started, PID 21182 [ 1040.422493][T21174] ubi0: mtd0 is detached [ 1041.275111][T21192] ubi0: attaching mtd0 [ 1041.307501][T21192] ubi0: scanning is finished [ 1041.489341][T21192] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1041.557929][T21192] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1041.628565][T21192] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1041.688550][T21192] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1041.730570][T21192] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1041.767575][T21192] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1041.797682][T21192] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1041.931890][T21192] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1041.971779][T21203] ubi0: background thread "ubi_bgt0d" started, PID 21203 [ 1041.981042][T21199] ubi0: detaching mtd0 [ 1041.999905][T21199] ubi0: mtd0 is detached [ 1042.021391][T21194] ubi0: attaching mtd0 [ 1042.027825][T21194] ubi0: scanning is finished [ 1042.268361][T21194] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1042.840995][T21216] mkiss: ax0: crc mode is auto. [ 1043.312039][T21217] zswap: compressor û not available [ 1043.747329][T21235] netlink: 29 bytes leftover after parsing attributes in process `syz.1.3095'. [ 1043.801254][ T5146] Bluetooth: hci0: unexpected event 0x02 length: 726 > 260 [ 1044.079732][T21238] ubi0: attaching mtd0 [ 1044.172944][T21238] ubi0: scanning is finished [ 1044.445016][T21238] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1044.463029][T21238] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1044.483196][T21238] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1044.500654][T21238] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1044.523295][T21238] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1044.540199][T21238] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1044.566653][T21238] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1044.598606][T21238] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1044.671107][T21253] ubi0: background thread "ubi_bgt0d" started, PID 21253 [ 1044.705835][T21243] ubi0: detaching mtd0 [ 1044.724043][T21243] ubi0: mtd0 is detached [ 1044.728767][T21248] ubi0: attaching mtd0 [ 1044.736876][T21248] ubi0: scanning is finished [ 1044.955578][T21248] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1044.984218][T21248] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1045.001204][T21248] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1045.020306][T21248] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1045.049924][T21248] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1045.070164][T21248] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1045.100825][T21248] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1045.132328][T21248] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1045.179526][T21259] ubi0: background thread "ubi_bgt0d" started, PID 21259 [ 1045.180108][T21245] ubi0: detaching mtd0 [ 1045.245122][T21245] ubi0: mtd0 is detached [ 1045.254633][T21250] ubi0: attaching mtd0 [ 1045.260310][T21250] ubi0: scanning is finished [ 1045.429239][T21250] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1045.464450][T21265] ubi0: attaching mtd0 [ 1045.511404][T21265] ubi0: scanning is finished [ 1045.573651][T21270] FAULT_INJECTION: forcing a failure. [ 1045.573651][T21270] name failslab, interval 1, probability 0, space 0, times 0 [ 1045.642833][T21270] CPU: 1 UID: 0 PID: 21270 Comm: syz.1.3103 Not tainted syzkaller #0 PREEMPT(full) [ 1045.642879][T21270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1045.642899][T21270] Call Trace: [ 1045.642911][T21270] [ 1045.642924][T21270] dump_stack_lvl+0x100/0x190 [ 1045.642977][T21270] should_fail_ex.cold+0x5/0xa [ 1045.643014][T21270] should_failslab+0xc2/0x120 [ 1045.643045][T21270] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1045.643088][T21270] ? alloc_empty_file+0x55/0x1c0 [ 1045.643133][T21270] alloc_empty_file+0x55/0x1c0 [ 1045.643171][T21270] alloc_file_pseudo+0x13a/0x230 [ 1045.643222][T21270] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1045.643270][T21270] __shmem_file_setup+0x221/0x490 [ 1045.643312][T21270] ? __pfx___shmem_file_setup+0x10/0x10 [ 1045.643358][T21270] ? vm_area_alloc+0x1f/0x160 [ 1045.643401][T21270] shmem_zero_setup+0x96/0x1b0 [ 1045.643449][T21270] __mmap_region+0x2198/0x29e0 [ 1045.643498][T21270] ? __pfx___mmap_region+0x10/0x10 [ 1045.643539][T21270] ? update_cfs_rq_load_avg+0x51/0x550 [ 1045.643609][T21270] ? sched_clock+0x38/0x60 [ 1045.643666][T21270] ? lockdep_hardirqs_on+0x78/0x100 [ 1045.643704][T21270] ? finish_task_switch.isra.0+0x205/0xb80 [ 1045.643739][T21270] ? rcu_is_watching+0x12/0xc0 [ 1045.643829][T21270] ? rcu_is_watching+0x12/0xc0 [ 1045.643873][T21270] ? cap_capable+0x107/0x460 [ 1045.643921][T21270] mmap_region+0x180/0x3e0 [ 1045.643970][T21270] do_mmap+0xc63/0x12f0 [ 1045.644009][T21270] ? __pfx_do_mmap+0x10/0x10 [ 1045.644041][T21270] ? __pfx_down_write_killable+0x10/0x10 [ 1045.644088][T21270] vm_mmap_pgoff+0x29e/0x470 [ 1045.644127][T21270] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1045.644162][T21270] ? do_futex+0x192/0x350 [ 1045.644212][T21270] ? __pfx_do_futex+0x10/0x10 [ 1045.644257][T21270] ksys_mmap_pgoff+0xe1/0x650 [ 1045.644289][T21270] ? __x64_sys_futex+0x34f/0x4d0 [ 1045.644325][T21270] ? __x64_sys_futex+0x358/0x4d0 [ 1045.644364][T21270] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1045.644394][T21270] ? xfd_validate_state+0x129/0x190 [ 1045.644443][T21270] __x64_sys_mmap+0x125/0x190 [ 1045.644490][T21270] do_syscall_64+0x106/0xf80 [ 1045.644524][T21270] ? clear_bhb_loop+0x40/0x90 [ 1045.644561][T21270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.644592][T21270] RIP: 0033:0x7fe30079c799 [ 1045.644617][T21270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1045.644648][T21270] RSP: 002b:00007fe3016f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1045.644678][T21270] RAX: ffffffffffffffda RBX: 00007fe300a15fa0 RCX: 00007fe30079c799 [ 1045.644699][T21270] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1045.644717][T21270] RBP: 00007fe300832bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 1045.644737][T21270] R10: 0000009000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1045.644755][T21270] R13: 00007fe300a16038 R14: 00007fe300a15fa0 R15: 00007ffe3fc2cf98 [ 1045.644794][T21270] [ 1046.211641][T21265] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1046.219206][T21265] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1046.241340][T21265] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1046.248373][T21265] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1046.261022][T21265] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1046.267878][T21265] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1046.276135][T21265] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1046.286264][T21265] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1046.305300][T21279] ubi0: background thread "ubi_bgt0d" started, PID 21279 [ 1046.315672][T21262] ubi0: detaching mtd0 [ 1046.361660][T21262] ubi0: mtd0 is detached [ 1046.605106][T21283] ubi0: attaching mtd0 [ 1046.614776][T21283] ubi0: scanning is finished [ 1046.881115][T21283] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1046.951992][T21285] mkiss: ax0: crc mode is auto. [ 1047.011162][T21283] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1047.175191][T21283] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1047.192074][T21283] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1047.222193][T21283] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1047.243664][T21283] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1047.313098][T21283] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1047.491024][T21283] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1047.504838][T21298] ubi0: background thread "ubi_bgt0d" started, PID 21298 [ 1047.532965][T21287] ubi0: detaching mtd0 [ 1047.574483][T21287] ubi0: mtd0 is detached [ 1047.842321][T21285] zswap: compressor û not available [ 1047.902307][T21314] zswap: compressor not available [ 1047.923014][T21315] zswap: compressor not available [ 1048.310407][T21311] ubi0: attaching mtd0 [ 1048.333410][T21311] ubi0: scanning is finished [ 1048.465944][T21311] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1048.501887][T21311] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1048.522979][T21311] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1048.530149][T21311] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1048.537861][T21311] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1048.546174][T21311] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1048.571151][T21311] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1048.601161][T21311] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1048.648504][T21324] ubi0: detaching mtd0 [ 1048.650216][T21336] ubi0: background thread "ubi_bgt0d" started, PID 21336 [ 1048.712810][T21324] ubi0: mtd0 is detached [ 1048.761951][T21328] ubi0: attaching mtd0 [ 1048.786339][T21328] ubi0: scanning is finished [ 1049.085333][T21328] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1050.587440][T21372] ubi0: attaching mtd0 [ 1050.593625][T21372] ubi0: scanning is finished [ 1050.865618][T21372] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1050.886505][T21372] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1050.941132][T21374] mkiss: ax0: crc mode is auto. [ 1050.947672][T21372] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1051.031256][T21372] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1051.082791][T21372] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1051.135069][T21372] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1051.253637][T21372] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1051.391053][T21372] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1051.411282][T21366] ubi0: detaching mtd0 [ 1051.440246][T21366] ubi0: mtd0 is detached [ 1051.659064][T21368] zswap: compressor û not available [ 1052.135630][T21397] ubi0: attaching mtd0 [ 1052.142694][T21397] ubi0: scanning is finished [ 1052.386245][T21397] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1052.408723][T21397] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1052.421676][T21397] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1052.433519][T21397] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1052.497775][T21397] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1052.535194][T21397] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1052.578899][T21397] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1052.610047][T21397] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1052.704879][T21414] ubi0: background thread "ubi_bgt0d" started, PID 21414 [ 1052.724383][T21406] ubi0: detaching mtd0 [ 1052.746560][T21406] ubi0: mtd0 is detached [ 1052.774361][T21404] ubi0: attaching mtd0 [ 1052.790295][T21404] ubi0: scanning is finished [ 1053.074519][T21404] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1054.147482][T21436] ubi0: attaching mtd0 [ 1054.163464][T21436] ubi0: scanning is finished [ 1054.255613][T21436] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1054.300100][T21436] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1054.333501][T21436] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1054.390706][T21436] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1054.445698][T21436] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1054.462872][T21436] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1054.481188][T21436] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1054.531091][T21436] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1054.553105][T21443] ubi0: background thread "ubi_bgt0d" started, PID 21443 [ 1054.586804][T21439] ubi0: detaching mtd0 [ 1054.617941][T21439] ubi0: mtd0 is detached [ 1054.657426][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.664050][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.434538][T21455] mkiss: ax0: crc mode is auto. [ 1055.954144][T21466] zswap: compressor û not available [ 1056.015361][T21460] ubi0: attaching mtd0 [ 1056.034417][T21460] ubi0: scanning is finished [ 1056.199508][T21460] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1056.253231][T21460] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1056.272291][T21460] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1056.345225][T21460] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1056.424289][T21460] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1056.456935][T21460] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1056.469281][T21460] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1056.479781][T21460] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1056.533222][T21479] ubi0: background thread "ubi_bgt0d" started, PID 21479 [ 1056.542744][T21470] ubi0: detaching mtd0 [ 1056.573100][T21470] ubi0: mtd0 is detached [ 1056.579686][T21469] ubi0: attaching mtd0 [ 1056.585797][T21469] ubi0: scanning is finished [ 1056.714569][T21469] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1057.800483][T21506] ubi0: attaching mtd0 [ 1057.818317][T21506] ubi0: scanning is finished [ 1058.138865][T21506] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1058.211298][T21506] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1058.266269][T21506] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1058.277147][T21506] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1058.343862][T21506] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1058.371620][T21506] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1058.379686][T21506] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1058.441038][T21506] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1058.471092][T21507] ubi0: detaching mtd0 [ 1058.526263][T21507] ubi0: mtd0 is detached [ 1060.997361][T21563] FAULT_INJECTION: forcing a failure. [ 1060.997361][T21563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1061.010837][T21563] CPU: 1 UID: 0 PID: 21563 Comm: syz.2.3160 Not tainted syzkaller #0 PREEMPT(full) [ 1061.010883][T21563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1061.010903][T21563] Call Trace: [ 1061.010914][T21563] [ 1061.010927][T21563] dump_stack_lvl+0x100/0x190 [ 1061.010985][T21563] should_fail_ex.cold+0x5/0xa [ 1061.011025][T21563] _copy_from_iter+0x1f4/0x1690 [ 1061.011084][T21563] ? __asan_memset+0x23/0x50 [ 1061.011149][T21563] ? __pfx__copy_from_iter+0x10/0x10 [ 1061.011201][T21563] ? __pfx___alloc_skb+0x10/0x10 [ 1061.011254][T21563] netlink_sendmsg+0x808/0xda0 [ 1061.011313][T21563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1061.011354][T21563] ? __import_iovec+0x1d2/0x640 [ 1061.011389][T21563] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1061.011442][T21563] ____sys_sendmsg+0xa54/0xc30 [ 1061.011495][T21563] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1061.011563][T21563] ___sys_sendmsg+0x190/0x1e0 [ 1061.011615][T21563] ? __pfx____sys_sendmsg+0x10/0x10 [ 1061.011714][T21563] __sys_sendmsg+0x170/0x220 [ 1061.011755][T21563] ? __pfx___sys_sendmsg+0x10/0x10 [ 1061.011821][T21563] do_syscall_64+0x106/0xf80 [ 1061.011861][T21563] ? clear_bhb_loop+0x40/0x90 [ 1061.011904][T21563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.011938][T21563] RIP: 0033:0x7ff23fb9c799 [ 1061.011966][T21563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1061.011996][T21563] RSP: 002b:00007ff240a1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1061.012030][T21563] RAX: ffffffffffffffda RBX: 00007ff23fe15fa0 RCX: 00007ff23fb9c799 [ 1061.012052][T21563] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000006 [ 1061.012072][T21563] RBP: 00007ff240a1e090 R08: 0000000000000000 R09: 0000000000000000 [ 1061.012092][T21563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1061.012112][T21563] R13: 00007ff23fe16038 R14: 00007ff23fe15fa0 R15: 00007ffc653aa808 [ 1061.012154][T21563] [ 1064.712820][T21613] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3173'. [ 1066.928553][T21633] ubi0: attaching mtd0 [ 1066.991791][T21633] ubi0: scanning is finished [ 1067.426326][T21633] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1067.460937][T21633] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1067.468273][T21633] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1067.591615][T21633] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1067.599088][T21633] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1067.655446][T21633] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1067.711109][T21633] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1067.747894][T21633] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1067.771264][T21640] ubi0: detaching mtd0 [ 1067.783747][T21640] ubi0: mtd0 is detached [ 1071.106940][T21704] ubi0: attaching mtd0 [ 1071.112929][T21704] ubi0: scanning is finished [ 1071.408071][T21704] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1071.415799][T21704] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1071.423577][T21704] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1071.430619][T21704] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1071.438589][T21704] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1071.445991][T21704] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1071.471272][T21704] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1071.491567][T21704] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1071.540981][T21707] ubi0: background thread "ubi_bgt0d" started, PID 21707 [ 1071.548115][T21699] ubi: mtd0 is already attached to ubi0 [ 1071.554382][T21696] ubi0: detaching mtd0 [ 1071.573868][T21696] ubi0: mtd0 is detached [ 1071.927583][T21718] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3197'. [ 1072.842865][T21744] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3202'. [ 1072.898736][T21746] FAULT_INJECTION: forcing a failure. [ 1072.898736][T21746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1073.003645][T21746] CPU: 0 UID: 0 PID: 21746 Comm: syz.3.3208 Not tainted syzkaller #0 PREEMPT(full) [ 1073.003691][T21746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1073.003712][T21746] Call Trace: [ 1073.003723][T21746] [ 1073.003737][T21746] dump_stack_lvl+0x100/0x190 [ 1073.003794][T21746] should_fail_ex.cold+0x5/0xa [ 1073.003834][T21746] _copy_to_user+0x32/0xd0 [ 1073.003892][T21746] simple_read_from_buffer+0xcb/0x170 [ 1073.003946][T21746] proc_fail_nth_read+0x1af/0x230 [ 1073.003989][T21746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1073.004041][T21746] ? rw_verify_area+0xce/0x6d0 [ 1073.004087][T21746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1073.004127][T21746] vfs_read+0x1e4/0xb30 [ 1073.004184][T21746] ? __pfx_vfs_read+0x10/0x10 [ 1073.004236][T21746] ? __fget_files+0x215/0x3d0 [ 1073.004298][T21746] ? __fget_files+0x21f/0x3d0 [ 1073.004363][T21746] ksys_read+0x12a/0x250 [ 1073.004414][T21746] ? __pfx_ksys_read+0x10/0x10 [ 1073.004475][T21746] do_syscall_64+0x106/0xf80 [ 1073.004513][T21746] ? clear_bhb_loop+0x40/0x90 [ 1073.004557][T21746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.004591][T21746] RIP: 0033:0x7f445915cfce [ 1073.004619][T21746] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1073.004652][T21746] RSP: 002b:00007f44573b3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1073.004683][T21746] RAX: ffffffffffffffda RBX: 00007f44573b46c0 RCX: 00007f445915cfce [ 1073.004706][T21746] RDX: 000000000000000f RSI: 00007f44573b40a0 RDI: 0000000000000006 [ 1073.004727][T21746] RBP: 00007f44573b4090 R08: 0000000000000000 R09: 0000000000000000 [ 1073.004748][T21746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1073.004768][T21746] R13: 00007f4459416218 R14: 00007f4459416180 R15: 00007fff3f561fe8 [ 1073.004814][T21746] [ 1074.025973][T21753] ubi0: attaching mtd0 [ 1074.054322][T21753] ubi0: scanning is finished [ 1074.215349][T21753] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1074.243366][T21753] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1074.284686][T21753] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1074.455516][T21753] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1074.518332][T21753] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1074.701890][T21753] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1074.780992][T21753] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1074.853057][T21753] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1074.914418][T21761] ubi: mtd0 is already attached to ubi0 [ 1074.921340][T21770] ubi0: background thread "ubi_bgt0d" started, PID 21770 [ 1074.928585][T21757] ubi0: detaching mtd0 [ 1075.013771][T21757] ubi0: mtd0 is detached [ 1075.833655][T21794] FAULT_INJECTION: forcing a failure. [ 1075.833655][T21794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1075.874051][T21794] CPU: 0 UID: 0 PID: 21794 Comm: syz.2.3213 Not tainted syzkaller #0 PREEMPT(full) [ 1075.874095][T21794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1075.874116][T21794] Call Trace: [ 1075.874127][T21794] [ 1075.874139][T21794] dump_stack_lvl+0x100/0x190 [ 1075.874197][T21794] should_fail_ex.cold+0x5/0xa [ 1075.874237][T21794] _copy_from_iter+0x1f4/0x1690 [ 1075.874299][T21794] ? __asan_memset+0x23/0x50 [ 1075.874347][T21794] ? __pfx__copy_from_iter+0x10/0x10 [ 1075.874402][T21794] ? __pfx___alloc_skb+0x10/0x10 [ 1075.874458][T21794] netlink_sendmsg+0x808/0xda0 [ 1075.874512][T21794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1075.874555][T21794] ? __import_iovec+0x1d2/0x640 [ 1075.874592][T21794] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1075.874646][T21794] ____sys_sendmsg+0xa54/0xc30 [ 1075.874701][T21794] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1075.874777][T21794] ___sys_sendmsg+0x190/0x1e0 [ 1075.874825][T21794] ? __pfx____sys_sendmsg+0x10/0x10 [ 1075.874917][T21794] __sys_sendmsg+0x170/0x220 [ 1075.874956][T21794] ? __pfx___sys_sendmsg+0x10/0x10 [ 1075.875018][T21794] do_syscall_64+0x106/0xf80 [ 1075.875055][T21794] ? clear_bhb_loop+0x40/0x90 [ 1075.875098][T21794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.875133][T21794] RIP: 0033:0x7ff23fb9c799 [ 1075.875161][T21794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1075.875193][T21794] RSP: 002b:00007ff240a1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1075.875226][T21794] RAX: ffffffffffffffda RBX: 00007ff23fe15fa0 RCX: 00007ff23fb9c799 [ 1075.875249][T21794] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000006 [ 1075.875271][T21794] RBP: 00007ff240a1e090 R08: 0000000000000000 R09: 0000000000000000 [ 1075.875292][T21794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1075.875312][T21794] R13: 00007ff23fe16038 R14: 00007ff23fe15fa0 R15: 00007ffc653aa808 [ 1075.875355][T21794] [ 1077.815592][T21819] ubi0: attaching mtd0 [ 1077.832307][T21819] ubi0: scanning is finished [ 1078.264478][T21819] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1078.298534][T21819] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1078.329006][T21819] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1078.348188][T21819] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1078.381174][T21819] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1078.408424][T21819] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1078.475929][T21819] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1078.556465][T21819] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1078.597949][T21830] ubi0: background thread "ubi_bgt0d" started, PID 21830 [ 1078.700060][T21821] ubi0: detaching mtd0 [ 1078.849374][T21821] ubi0: mtd0 is detached [ 1079.228197][T21844] ksmbd: Unknown IPC event: 1, ignore. [ 1079.235489][T21829] ubi0: attaching mtd0 [ 1079.242177][T21829] ubi0: scanning is finished [ 1079.488640][T21829] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1079.496920][T21829] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1079.505261][T21829] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1079.525192][T21829] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1079.573695][T21829] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1079.631522][T21829] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1079.639602][T21829] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1079.744006][T21829] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1079.781000][T21838] ubi0: detaching mtd0 [ 1079.784205][T21851] ubi0: background thread "ubi_bgt0d" started, PID 21851 [ 1079.842390][T21838] ubi0: mtd0 is detached [ 1079.971818][T21848] ubi0: attaching mtd0 [ 1079.998711][T21848] ubi0: scanning is finished [ 1080.395747][T21848] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1080.559011][T21848] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1080.645472][T21848] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1080.727644][T21848] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1080.774352][T21848] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1080.860426][T21848] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1080.957498][T21848] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1081.004002][T21848] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1081.094367][T21862] ubi0: background thread "ubi_bgt0d" started, PID 21862 [ 1081.126130][T21855] ubi0: detaching mtd0 [ 1081.162017][T21871] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3231'. [ 1081.206471][T21855] ubi0: mtd0 is detached [ 1081.671566][T21878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3232'. [ 1083.871648][T21901] ubi0: attaching mtd0 [ 1083.883273][T21901] ubi0: scanning is finished [ 1084.025202][T21901] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1084.032817][T21901] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1084.046073][T21901] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1084.108686][T21901] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1084.141168][T21901] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1084.178662][T21901] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1084.271260][T21901] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1084.311043][T21901] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1084.369008][T21912] ubi0: background thread "ubi_bgt0d" started, PID 21912 [ 1084.395326][T21904] ubi0: detaching mtd0 [ 1084.434521][T21904] ubi0: mtd0 is detached [ 1084.929975][T21929] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3244'. [ 1085.391661][T21909] ubi0: attaching mtd0 [ 1085.398187][T21909] ubi0: scanning is finished [ 1086.118409][T21909] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1086.201006][T21909] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1086.274428][T21909] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1086.314036][T21909] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1086.365192][T21909] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1086.453470][T21909] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1086.496399][T21909] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1086.559096][T21909] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1086.589220][T21956] ubi: mtd0 is already attached to ubi0 [ 1086.591156][T21950] ubi0: background thread "ubi_bgt0d" started, PID 21950 [ 1086.612784][T21956] ubi0: detaching mtd0 [ 1086.651301][T21956] ubi0: mtd0 is detached [ 1087.428142][T21963] ubi0: attaching mtd0 [ 1087.435392][T21963] ubi0: scanning is finished [ 1088.251865][T21963] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1088.757934][T21974] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3256'. [ 1088.793628][T21990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3258'. [ 1088.841524][T21976] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3256'. [ 1089.405308][T22007] FAULT_INJECTION: forcing a failure. [ 1089.405308][T22007] name failslab, interval 1, probability 0, space 0, times 0 [ 1089.418360][T22007] CPU: 0 UID: 0 PID: 22007 Comm: syz.1.3262 Not tainted syzkaller #0 PREEMPT(full) [ 1089.418401][T22007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1089.418421][T22007] Call Trace: [ 1089.418432][T22007] [ 1089.418445][T22007] dump_stack_lvl+0x100/0x190 [ 1089.418501][T22007] should_fail_ex.cold+0x5/0xa [ 1089.418541][T22007] should_failslab+0xc2/0x120 [ 1089.418575][T22007] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1089.418626][T22007] ? skb_clone+0x190/0x400 [ 1089.418673][T22007] skb_clone+0x190/0x400 [ 1089.418713][T22007] dev_queue_xmit_nit+0x255/0xa60 [ 1089.418856][T22007] dev_hard_start_xmit+0x2f5/0x7d0 [ 1089.418946][T22007] __dev_queue_xmit+0x32c1/0x4800 [ 1089.419017][T22007] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1089.419094][T22007] ? rcu_is_watching+0x12/0xc0 [ 1089.419149][T22007] ? __asan_memcpy+0x3c/0x60 [ 1089.419196][T22007] ? __asan_memcpy+0x3c/0x60 [ 1089.419241][T22007] ? __skb_clone+0x570/0x760 [ 1089.419284][T22007] netlink_deliver_tap+0xa4d/0xcc0 [ 1089.419329][T22007] netlink_unicast+0x650/0x870 [ 1089.419380][T22007] ? __pfx_netlink_unicast+0x10/0x10 [ 1089.419439][T22007] netlink_sendmsg+0x8b0/0xda0 [ 1089.419491][T22007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1089.419532][T22007] ? __import_iovec+0x1d2/0x640 [ 1089.419566][T22007] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1089.419613][T22007] ____sys_sendmsg+0xa54/0xc30 [ 1089.419663][T22007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1089.419729][T22007] ___sys_sendmsg+0x190/0x1e0 [ 1089.419783][T22007] ? __pfx____sys_sendmsg+0x10/0x10 [ 1089.419897][T22007] __sys_sendmsg+0x170/0x220 [ 1089.419939][T22007] ? __pfx___sys_sendmsg+0x10/0x10 [ 1089.420007][T22007] do_syscall_64+0x106/0xf80 [ 1089.420047][T22007] ? clear_bhb_loop+0x40/0x90 [ 1089.420090][T22007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1089.420125][T22007] RIP: 0033:0x7fe30079c799 [ 1089.420154][T22007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1089.420186][T22007] RSP: 002b:00007fe3016f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1089.420219][T22007] RAX: ffffffffffffffda RBX: 00007fe300a15fa0 RCX: 00007fe30079c799 [ 1089.420243][T22007] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000006 [ 1089.420263][T22007] RBP: 00007fe3016f9090 R08: 0000000000000000 R09: 0000000000000000 [ 1089.420284][T22007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1089.420309][T22007] R13: 00007fe300a16038 R14: 00007fe300a15fa0 R15: 00007ffe3fc2cf98 [ 1089.420355][T22007] [ 1089.748917][T22011] blktrace: Concurrent blktraces are not allowed on loop2 [ 1090.637334][ T5146] Bluetooth: hci4: unexpected event 0x32 length: 727 > 9 [ 1090.673519][T22037] netlink: set zone limit has 8 unknown bytes [ 1090.807425][T22028] ubi0: attaching mtd0 [ 1090.814219][T22028] ubi0: scanning is finished [ 1091.093876][T22028] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1091.121209][T22028] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1091.128646][T22028] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1091.211077][T22028] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1091.218548][T22028] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1091.290505][T22028] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1091.340941][T22028] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1091.391291][T22028] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1091.429247][T22044] ubi0: background thread "ubi_bgt0d" started, PID 22044 [ 1091.429260][T22031] ubi0: detaching mtd0 [ 1091.481125][T22031] ubi0: mtd0 is detached [ 1091.531388][T22041] ubi0: attaching mtd0 [ 1091.537919][T22041] ubi0: scanning is finished [ 1092.406247][T22041] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1092.483379][T22041] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1092.550564][T22041] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1092.659411][T22041] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1092.735176][T22041] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1092.809318][T22041] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1092.930796][T22041] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1092.969286][T22041] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1093.031515][T22045] ubi0: detaching mtd0 [ 1093.078163][T22045] ubi0: mtd0 is detached [ 1093.125000][T22036] ubi0: attaching mtd0 [ 1093.132403][T22036] ubi0: scanning is finished [ 1093.138686][T22062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3270'. [ 1093.397276][T22036] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1093.712712][T22076] __vm_enough_memory: pid: 22076, comm: syz.3.3272, bytes: 4398046511104 not enough memory for the allocation [ 1094.193461][T22086] bridge0: port 3(gretap0) entered blocking state [ 1094.200768][T22086] bridge0: port 3(gretap0) entered disabled state [ 1094.207910][T22086] gretap0: entered allmulticast mode [ 1094.215119][T22086] gretap0: entered promiscuous mode [ 1094.221509][T22086] bridge0: port 3(gretap0) entered blocking state [ 1094.228251][T22086] bridge0: port 3(gretap0) entered forwarding state [ 1095.203213][T22105] FAULT_INJECTION: forcing a failure. [ 1095.203213][T22105] name failslab, interval 1, probability 0, space 0, times 0 [ 1095.273654][T22105] CPU: 0 UID: 0 PID: 22105 Comm: syz.1.3281 Not tainted syzkaller #0 PREEMPT(full) [ 1095.273695][T22105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1095.273711][T22105] Call Trace: [ 1095.273720][T22105] [ 1095.273730][T22105] dump_stack_lvl+0x100/0x190 [ 1095.273773][T22105] should_fail_ex.cold+0x5/0xa [ 1095.273802][T22105] should_failslab+0xc2/0x120 [ 1095.273827][T22105] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1095.273865][T22105] ? __d_alloc+0x34/0xa80 [ 1095.273897][T22105] __d_alloc+0x34/0xa80 [ 1095.273927][T22105] d_alloc_pseudo+0x1c/0xc0 [ 1095.273962][T22105] alloc_file_pseudo+0xcf/0x230 [ 1095.273993][T22105] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1095.274022][T22105] ? alloc_fd+0x476/0x790 [ 1095.274047][T22105] ? do_raw_spin_unlock+0x145/0x1e0 [ 1095.274088][T22105] __anon_inode_getfile+0xe8/0x280 [ 1095.274120][T22105] anon_inode_getfile_fmode+0x37/0xa0 [ 1095.274151][T22105] do_signalfd4+0x1ed/0x480 [ 1095.274182][T22105] __x64_sys_signalfd+0x120/0x1a0 [ 1095.274212][T22105] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 1095.274251][T22105] do_syscall_64+0x106/0xf80 [ 1095.274279][T22105] ? clear_bhb_loop+0x40/0x90 [ 1095.274309][T22105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1095.274336][T22105] RIP: 0033:0x7fe30079c799 [ 1095.274356][T22105] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1095.274380][T22105] RSP: 002b:00007fe3016f9028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 1095.274403][T22105] RAX: ffffffffffffffda RBX: 00007fe300a15fa0 RCX: 00007fe30079c799 [ 1095.274421][T22105] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 1095.274437][T22105] RBP: 00007fe300832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1095.274453][T22105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1095.274468][T22105] R13: 00007fe300a16038 R14: 00007fe300a15fa0 R15: 00007ffe3fc2cf98 [ 1095.274500][T22105] [ 1096.043821][T22111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3282'. [ 1096.128697][T22108] ubi0: attaching mtd0 [ 1096.163446][T22108] ubi0: scanning is finished [ 1096.359015][T22108] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1096.381248][T22108] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1096.389382][T22108] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1096.438335][T22108] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1096.453171][T22108] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1096.460354][T22108] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1096.473318][T22108] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1096.483553][T22108] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1096.497280][T22119] ubi0: background thread "ubi_bgt0d" started, PID 22119 [ 1096.504635][T22112] ubi0: detaching mtd0 [ 1096.543965][T22112] ubi0: mtd0 is detached [ 1097.057823][T22131] __vm_enough_memory: pid: 22131, comm: syz.2.3286, bytes: 4398046511104 not enough memory for the allocation [ 1097.439869][T22130] [U] [ 1097.443008][T22130] [U] [ 1097.445866][T22130] [U] [ 1097.448591][T22130] [U] [ 1097.454899][T22130] [U] [ 1097.457641][T22130] [U] [ 1097.460356][T22130] [U] [ 1097.463069][T22130] [U] [ 1097.496412][T22130] [U] [ 1097.499172][T22130] [U] [ 1097.501887][T22130] [U] [ 1097.504602][T22130] [U] [ 1097.568283][T22130] [U] [ 1097.571055][T22130] [U] [ 1097.573793][T22130] [U] [ 1097.576503][T22130] [U] [ 1097.610123][T22130] [U] [ 1097.897931][T22135] ubi0: attaching mtd0 [ 1097.926179][T22135] ubi0: scanning is finished [ 1098.645549][T22135] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1098.691568][T22135] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1098.844659][T22135] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1098.927977][T22135] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1098.984675][T22135] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1099.030832][T22135] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1099.131667][T22135] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1099.320994][T22135] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1099.341332][T22151] ubi0: background thread "ubi_bgt0d" started, PID 22151 [ 1099.348485][T22138] ubi0: detaching mtd0 [ 1099.406908][T22155] FAULT_INJECTION: forcing a failure. [ 1099.406908][T22155] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.462572][T22155] CPU: 1 UID: 0 PID: 22155 Comm: syz.3.3293 Not tainted syzkaller #0 PREEMPT(full) [ 1099.462619][T22155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1099.462641][T22155] Call Trace: [ 1099.462653][T22155] [ 1099.462666][T22155] dump_stack_lvl+0x100/0x190 [ 1099.462734][T22155] should_fail_ex.cold+0x5/0xa [ 1099.462776][T22155] should_failslab+0xc2/0x120 [ 1099.462813][T22155] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1099.462858][T22155] ? do_signalfd4+0x14e/0x480 [ 1099.462908][T22155] do_signalfd4+0x14e/0x480 [ 1099.462953][T22155] __x64_sys_signalfd+0x120/0x1a0 [ 1099.462996][T22155] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 1099.463052][T22155] do_syscall_64+0x106/0xf80 [ 1099.463092][T22155] ? clear_bhb_loop+0x40/0x90 [ 1099.463135][T22155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.463172][T22155] RIP: 0033:0x7f445919c799 [ 1099.463201][T22155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1099.463234][T22155] RSP: 002b:00007f44573f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 1099.463266][T22155] RAX: ffffffffffffffda RBX: 00007f4459415fa0 RCX: 00007f445919c799 [ 1099.463290][T22155] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 1099.463313][T22155] RBP: 00007f4459232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1099.463335][T22155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1099.463357][T22155] R13: 00007f4459416038 R14: 00007f4459415fa0 R15: 00007fff3f561fe8 [ 1099.463402][T22155] [ 1099.629282][T22138] ubi0: mtd0 is detached [ 1100.105956][T22158] ubi0: attaching mtd0 [ 1100.128972][T22158] ubi0: scanning is finished [ 1100.385970][T22158] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1100.411678][T22158] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1100.418973][T22158] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1100.441167][T22158] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1100.448726][T22158] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1100.455745][T22158] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1100.463928][T22158] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1100.474128][T22158] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1100.487718][T22160] ubi0: detaching mtd0 [ 1100.502542][T22160] ubi0: mtd0 is detached [ 1100.699645][ T29] audit: type=1800 audit(2147484541.850:12): pid=22170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3296" name="members" dev="configfs" ino=67372 res=0 errno=0 [ 1102.187344][T22199] __vm_enough_memory: pid: 22199, comm: syz.1.3299, bytes: 4398046511104 not enough memory for the allocation [ 1102.582863][T22210] FAULT_INJECTION: forcing a failure. [ 1102.582863][T22210] name failslab, interval 1, probability 0, space 0, times 0 [ 1102.628496][T22210] CPU: 1 UID: 0 PID: 22210 Comm: syz.0.3305 Not tainted syzkaller #0 PREEMPT(full) [ 1102.628530][T22210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1102.628546][T22210] Call Trace: [ 1102.628554][T22210] [ 1102.628564][T22210] dump_stack_lvl+0x100/0x190 [ 1102.628606][T22210] should_fail_ex.cold+0x5/0xa [ 1102.628635][T22210] should_failslab+0xc2/0x120 [ 1102.628661][T22210] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1102.628693][T22210] ? do_signalfd4+0x14e/0x480 [ 1102.628727][T22210] do_signalfd4+0x14e/0x480 [ 1102.628765][T22210] __x64_sys_signalfd+0x120/0x1a0 [ 1102.628796][T22210] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 1102.628835][T22210] do_syscall_64+0x106/0xf80 [ 1102.628863][T22210] ? clear_bhb_loop+0x40/0x90 [ 1102.628894][T22210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1102.628920][T22210] RIP: 0033:0x7f82cbd9c799 [ 1102.628940][T22210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1102.628965][T22210] RSP: 002b:00007f82cccb9028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 1102.628989][T22210] RAX: ffffffffffffffda RBX: 00007f82cc015fa0 RCX: 00007f82cbd9c799 [ 1102.629005][T22210] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 1102.629022][T22210] RBP: 00007f82cbe32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1102.629037][T22210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1102.629052][T22210] R13: 00007f82cc016038 R14: 00007f82cc015fa0 R15: 00007fff8bf9c028 [ 1102.629083][T22210] [ 1103.663876][T22206] ubi0: attaching mtd0 [ 1103.670419][T22206] ubi0: scanning is finished [ 1103.675206][ T29] audit: type=1800 audit(2147484544.820:13): pid=22225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3308" name="members" dev="configfs" ino=67444 res=0 errno=0 [ 1103.847482][T22206] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1103.861364][T22206] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1103.868662][T22206] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1103.909655][T22206] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1103.917163][T22206] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1103.924796][T22206] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1103.933262][T22206] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1103.943701][T22206] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1103.956046][T22231] ubi0: background thread "ubi_bgt0d" started, PID 22231 [ 1103.971696][T22211] ubi0: detaching mtd0 [ 1104.498308][T22211] ubi0: mtd0 is detached [ 1106.203328][T22257] __vm_enough_memory: pid: 22257, comm: syz.0.3315, bytes: 4398046511104 not enough memory for the allocation [ 1106.695352][T22276] FAULT_INJECTION: forcing a failure. [ 1106.695352][T22276] name failslab, interval 1, probability 0, space 0, times 0 [ 1106.724190][T22276] CPU: 0 UID: 0 PID: 22276 Comm: syz.2.3319 Not tainted syzkaller #0 PREEMPT(full) [ 1106.724236][T22276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1106.724257][T22276] Call Trace: [ 1106.724270][T22276] [ 1106.724284][T22276] dump_stack_lvl+0x100/0x190 [ 1106.724345][T22276] should_fail_ex.cold+0x5/0xa [ 1106.724386][T22276] should_failslab+0xc2/0x120 [ 1106.724434][T22276] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1106.724501][T22276] ? do_signalfd4+0x14e/0x480 [ 1106.724561][T22276] do_signalfd4+0x14e/0x480 [ 1106.724614][T22276] __x64_sys_signalfd+0x120/0x1a0 [ 1106.724657][T22276] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 1106.724718][T22276] do_syscall_64+0x106/0xf80 [ 1106.724759][T22276] ? clear_bhb_loop+0x40/0x90 [ 1106.724807][T22276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.724840][T22276] RIP: 0033:0x7ff23fb9c799 [ 1106.724864][T22276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1106.724894][T22276] RSP: 002b:00007ff240a1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 1106.724922][T22276] RAX: ffffffffffffffda RBX: 00007ff23fe15fa0 RCX: 00007ff23fb9c799 [ 1106.724942][T22276] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: ffffffffffffffff [ 1106.724961][T22276] RBP: 00007ff23fc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1106.724979][T22276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1106.724997][T22276] R13: 00007ff23fe16038 R14: 00007ff23fe15fa0 R15: 00007ffc653aa808 [ 1106.725033][T22276] [ 1107.817857][T22284] ubi0: attaching mtd0 [ 1107.828897][T22284] ubi0: scanning is finished [ 1107.900434][ T29] audit: type=1800 audit(2147484549.050:14): pid=22288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3322" name="members" dev="configfs" ino=67535 res=0 errno=0 [ 1108.179006][T22284] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1108.196866][T22284] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1108.212225][T22284] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1108.319035][T22284] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1108.391146][T22284] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1108.454198][T22284] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1108.519374][T22284] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1108.580043][T22284] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1108.648009][T22298] ubi0: background thread "ubi_bgt0d" started, PID 22298 [ 1108.648654][T22286] ubi0: detaching mtd0 [ 1108.723937][T22286] ubi0: mtd0 is detached [ 1109.943693][T22324] __vm_enough_memory: pid: 22324, comm: syz.2.3331, bytes: 4398046511104 not enough memory for the allocation [ 1112.525181][ T29] audit: type=1800 audit(2147484553.680:15): pid=22354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3338" name="members" dev="configfs" ino=68657 res=0 errno=0 [ 1112.796386][T22357] ubi0: attaching mtd0 [ 1112.815244][T22357] ubi0: scanning is finished [ 1113.136519][T22357] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1113.219184][T22357] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1113.251212][T22357] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1113.271376][T22357] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1113.299737][T22357] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1113.341030][T22357] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1113.369717][T22357] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1113.461077][T22357] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1113.507155][T22370] ubi0: background thread "ubi_bgt0d" started, PID 22370 [ 1113.514426][T22362] ubi0: detaching mtd0 [ 1113.523272][T22362] ubi0: mtd0 is detached [ 1113.741624][T22381] ubi0: attaching mtd0 [ 1113.755055][T22381] ubi0: scanning is finished [ 1113.813422][T22374] FAULT_INJECTION: forcing a failure. [ 1113.813422][T22374] name failslab, interval 1, probability 0, space 0, times 0 [ 1113.894427][T22374] CPU: 0 UID: 0 PID: 22374 Comm: syz.1.3344 Not tainted syzkaller #0 PREEMPT(full) [ 1113.894472][T22374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1113.894492][T22374] Call Trace: [ 1113.894503][T22374] [ 1113.894516][T22374] dump_stack_lvl+0x100/0x190 [ 1113.894573][T22374] should_fail_ex.cold+0x5/0xa [ 1113.894612][T22374] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1113.894651][T22374] should_failslab+0xc2/0x120 [ 1113.894686][T22374] __kmalloc_noprof+0xe0/0x850 [ 1113.894744][T22374] tomoyo_realpath_from_path+0xb6/0x690 [ 1113.894793][T22374] tomoyo_path_number_perm+0x23c/0x580 [ 1113.894841][T22374] ? tomoyo_path_number_perm+0x22e/0x580 [ 1113.894896][T22374] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1113.894993][T22374] ? find_held_lock+0x2b/0x80 [ 1113.895024][T22374] ? __fget_files+0x215/0x3d0 [ 1113.895082][T22374] ? hook_file_ioctl_common+0x146/0x410 [ 1113.895148][T22374] ? __fget_files+0x21f/0x3d0 [ 1113.895225][T22374] security_file_ioctl+0xd3/0x230 [ 1113.895282][T22374] __x64_sys_ioctl+0xb7/0x210 [ 1113.895331][T22374] do_syscall_64+0x106/0xf80 [ 1113.895369][T22374] ? clear_bhb_loop+0x40/0x90 [ 1113.895411][T22374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.895445][T22374] RIP: 0033:0x7fe30079c799 [ 1113.895473][T22374] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1113.895506][T22374] RSP: 002b:00007fe3016f9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1113.895538][T22374] RAX: ffffffffffffffda RBX: 00007fe300a15fa0 RCX: 00007fe30079c799 [ 1113.895560][T22374] RDX: 0000000000000000 RSI: 0000000040046f41 RDI: 0000000000000005 [ 1113.895581][T22374] RBP: 00007fe3016f9090 R08: 0000000000000000 R09: 0000000000000000 [ 1113.895602][T22374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1113.895623][T22374] R13: 00007fe300a16038 R14: 00007fe300a15fa0 R15: 00007ffe3fc2cf98 [ 1113.895668][T22374] [ 1114.099013][T22374] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1114.453566][T22381] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1115.192076][T22401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3350'. [ 1115.247499][T22401] netlink: ct_mark mask cannot be 0 [ 1116.096987][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.103624][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.255662][T22411] ubi0: attaching mtd0 [ 1116.264900][T22411] ubi0: scanning is finished [ 1116.395148][T22411] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1116.441081][T22411] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1116.450504][T22411] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1116.503276][T22411] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1116.527860][T22411] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1116.591076][T22411] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1116.599174][T22411] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1116.664426][T22411] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1116.711961][T22414] ubi0: background thread "ubi_bgt0d" started, PID 22414 [ 1116.731875][T22403] ubi0: detaching mtd0 [ 1116.788108][T22403] ubi0: mtd0 is detached [ 1123.513570][T22533] usb usb24: usbfs: process 22533 (syz.2.3386) did not claim interface 0 before use [ 1129.982061][T22635] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3411'. [ 1133.638499][T22681] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3423'. [ 1133.834779][T22687] [U] ^\ [ 1136.281955][T22722] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3433'. [ 1137.472411][T22738] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3443'. [ 1137.626164][T22744] netlink: 'syz.3.3437': attribute type 14 has an invalid length. [ 1137.655022][T22744] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3437'. [ 1137.759116][T22739] ubi0: attaching mtd0 [ 1137.775234][T22739] ubi0: scanning is finished [ 1137.979525][T22739] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1138.109578][T22739] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1138.143582][T22739] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1138.170602][T22739] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1138.191232][T22739] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1138.208952][T22739] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1138.220135][T22739] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1138.268888][T22739] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1138.308951][T22751] ubi0: background thread "ubi_bgt0d" started, PID 22751 [ 1138.319290][T22748] ubi0: detaching mtd0 [ 1138.345579][T22748] ubi0: mtd0 is detached [ 1138.612120][T22758] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3447'. [ 1141.566509][T22803] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3452'. [ 1141.737461][T22798] ubi0: attaching mtd0 [ 1141.766292][T22798] ubi0: scanning is finished [ 1142.175443][T22798] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1142.237868][T22798] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1142.271059][T22798] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1142.278216][T22798] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1142.285909][T22798] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1142.292897][T22798] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1142.382247][T22798] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1142.396185][T22798] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1142.407094][T22820] ubi0: background thread "ubi_bgt0d" started, PID 22820 [ 1142.407126][T22799] ubi0: detaching mtd0 [ 1142.492174][T22799] ubi0: mtd0 is detached getty: ttyS0: read error: Resource temporarily unavailable [ 1147.148920][T22889] ubi0: attaching mtd0 [ 1147.181696][T22889] ubi0: scanning is finished [ 1147.590827][T22889] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1147.715635][T22889] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1147.912044][T22889] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1148.021066][T22889] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1148.072028][T22889] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1148.128172][T22889] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1148.211367][T22889] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1148.241502][T22889] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1148.314471][T22906] ubi0: background thread "ubi_bgt0d" started, PID 22906 [ 1148.315111][T22894] ubi0: detaching mtd0 [ 1148.402722][T22894] ubi0: mtd0 is detached [ 1151.681679][T22968] ubi0: attaching mtd0 [ 1151.687962][T22968] ubi0: scanning is finished [ 1152.171035][T22968] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1152.222890][T22968] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1152.230180][T22968] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1152.395505][T22968] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1152.464935][T22968] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1152.503219][T22968] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1152.548067][T22968] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1152.613240][T22968] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1152.654946][T22974] ubi0: detaching mtd0 [ 1152.659235][T22985] ubi0: background thread "ubi_bgt0d" started, PID 22985 [ 1152.688852][T22974] ubi0: mtd0 is detached [ 1153.028452][T22988] ubi0: attaching mtd0 [ 1153.063291][T22988] ubi0: scanning is finished [ 1153.388387][T22988] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1153.431705][T22988] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1153.507092][T22988] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1153.554015][T22988] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1153.621678][T22988] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1153.678538][T22988] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1153.761484][T22988] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1153.829211][T22988] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1153.871056][T23004] ubi0: background thread "ubi_bgt0d" started, PID 23004 [ 1153.908822][T22992] ubi0: detaching mtd0 [ 1153.937813][T22992] ubi0: mtd0 is detached [ 1154.418489][T23019] ubi0: attaching mtd0 [ 1154.455464][T23019] ubi0: scanning is finished [ 1154.800952][T23019] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1154.831210][T23019] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1154.858518][T23019] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1154.981592][T23019] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1154.989101][T23019] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1155.051269][T23019] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1155.059354][T23019] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1155.141043][T23019] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1155.189698][T23025] ubi0: detaching mtd0 [ 1155.198149][T23031] ubi0: background thread "ubi_bgt0d" started, PID 23031 [ 1155.272489][T23025] ubi0: mtd0 is detached [ 1155.717842][T23036] random: crng reseeded on system resumption [ 1156.146226][ T29] audit: type=1800 audit(2147484957.298:16): pid=23047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3500" name="dbroot" dev="configfs" ino=71925 res=0 errno=0 [ 1156.182918][T23047] db_root: cannot open: 0 [ 1157.792960][T23087] FAULT_INJECTION: forcing a failure. [ 1157.792960][T23087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1157.838496][T23087] CPU: 1 UID: 0 PID: 23087 Comm: syz.0.3508 Not tainted syzkaller #0 PREEMPT(full) [ 1157.838541][T23087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1157.838562][T23087] Call Trace: [ 1157.838573][T23087] [ 1157.838585][T23087] dump_stack_lvl+0x100/0x190 [ 1157.838640][T23087] should_fail_ex.cold+0x5/0xa [ 1157.838669][T23087] _copy_from_user+0x2e/0xd0 [ 1157.838708][T23087] core_sys_select+0x472/0xbb0 [ 1157.838757][T23087] ? __pfx_core_sys_select+0x10/0x10 [ 1157.838794][T23087] ? get_pid_task+0xfc/0x250 [ 1157.838830][T23087] ? get_pid_task+0x106/0x250 [ 1157.838878][T23087] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1157.838910][T23087] ? __fget_files+0x215/0x3d0 [ 1157.838949][T23087] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1157.838982][T23087] kern_select+0x20c/0x270 [ 1157.839022][T23087] ? __pfx_kern_select+0x10/0x10 [ 1157.839062][T23087] ? __pfx_ksys_write+0x10/0x10 [ 1157.839104][T23087] __x64_sys_select+0xbd/0x160 [ 1157.839139][T23087] ? do_syscall_64+0x95/0xf80 [ 1157.839165][T23087] ? lockdep_hardirqs_on+0x78/0x100 [ 1157.839193][T23087] do_syscall_64+0x106/0xf80 [ 1157.839219][T23087] ? clear_bhb_loop+0x40/0x90 [ 1157.839251][T23087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1157.839275][T23087] RIP: 0033:0x7f82cbd9c799 [ 1157.839295][T23087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1157.839318][T23087] RSP: 002b:00007f82ccc98028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1157.839341][T23087] RAX: ffffffffffffffda RBX: 00007f82cc016090 RCX: 00007f82cbd9c799 [ 1157.839357][T23087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1157.839372][T23087] RBP: 00007f82ccc98090 R08: 0000000000000000 R09: 0000000000000000 [ 1157.839386][T23087] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1157.839401][T23087] R13: 00007f82cc016128 R14: 00007f82cc016090 R15: 00007fff8bf9c028 [ 1157.839431][T23087] [ 1158.864511][ T5146] Bluetooth: hci0: unexpected subevent 0x0c length: 118 > 5 [ 1159.555210][T23092] ubi0: attaching mtd0 [ 1159.603279][T23092] ubi0: scanning is finished [ 1160.053131][T23092] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1160.060694][T23092] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1160.130961][T23092] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1160.143278][T23092] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1160.197730][T23092] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1160.224528][T23092] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1160.273178][T23092] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1160.320904][T23092] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1160.388802][T23093] ubi0: detaching mtd0 [ 1160.393126][T23119] ubi0: background thread "ubi_bgt0d" started, PID 23119 [ 1160.466077][T23093] ubi0: mtd0 is detached [ 1160.470519][T23121] ubi0: attaching mtd0 [ 1160.488429][T23121] ubi0: scanning is finished [ 1160.997667][T23121] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1161.118016][T23121] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1161.157812][T23121] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1161.230987][T23121] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1161.238456][T23121] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1161.361055][T23121] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1161.420954][T23121] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1161.484955][T23121] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1161.519602][T23131] ubi0: background thread "ubi_bgt0d" started, PID 23131 [ 1161.529686][T23110] ubi0: detaching mtd0 [ 1161.653707][T23110] ubi0: mtd0 is detached [ 1165.949642][T23206] syz.3.3527 (23206): /proc/23201/oom_adj is deprecated, please use /proc/23201/oom_score_adj instead. [ 1167.214316][T23230] ubi0: attaching mtd0 [ 1167.220033][T23230] ubi0: scanning is finished [ 1167.907433][T23230] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1168.037853][T23230] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1168.053141][T23230] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1168.060317][T23230] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1168.084974][T23230] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1168.100989][T23230] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1168.130017][T23230] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1168.181135][T23230] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1168.296344][T23234] ubi0: detaching mtd0 [ 1168.300623][T23247] ubi0: background thread "ubi_bgt0d" started, PID 23247 [ 1168.357027][T23234] ubi0: mtd0 is detached [ 1170.683276][ T5146] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1171.335850][T23296] FAULT_INJECTION: forcing a failure. [ 1171.335850][T23296] name failslab, interval 1, probability 0, space 0, times 0 [ 1171.353870][T23296] CPU: 1 UID: 0 PID: 23296 Comm: syz.1.3547 Not tainted syzkaller #0 PREEMPT(full) [ 1171.353915][T23296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1171.353934][T23296] Call Trace: [ 1171.353946][T23296] [ 1171.353958][T23296] dump_stack_lvl+0x100/0x190 [ 1171.354015][T23296] should_fail_ex.cold+0x5/0xa [ 1171.354055][T23296] should_failslab+0xc2/0x120 [ 1171.354091][T23296] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1171.354134][T23296] ? binder_get_thread+0x201/0x850 [ 1171.354179][T23296] binder_get_thread+0x201/0x850 [ 1171.354212][T23296] binder_poll+0x3f/0x430 [ 1171.354246][T23296] ? __pfx_binder_poll+0x10/0x10 [ 1171.354274][T23296] do_select+0xd54/0x1850 [ 1171.354331][T23296] ? __pfx_do_select+0x10/0x10 [ 1171.354369][T23296] ? __pfx___pollwait+0x10/0x10 [ 1171.354407][T23296] ? __pfx_pollwake+0x10/0x10 [ 1171.354444][T23296] ? __pfx_pollwake+0x10/0x10 [ 1171.354480][T23296] ? __pfx_pollwake+0x10/0x10 [ 1171.354517][T23296] ? __pfx_pollwake+0x10/0x10 [ 1171.354554][T23296] ? __pfx_pollwake+0x10/0x10 [ 1171.354611][T23296] ? find_held_lock+0x2b/0x80 [ 1171.354633][T23296] ? __might_fault+0xc5/0x140 [ 1171.354665][T23296] ? __might_fault+0xc5/0x140 [ 1171.354707][T23296] ? core_sys_select+0x55b/0xbb0 [ 1171.354742][T23296] core_sys_select+0x55b/0xbb0 [ 1171.354785][T23296] ? __pfx_core_sys_select+0x10/0x10 [ 1171.354821][T23296] ? get_pid_task+0xfc/0x250 [ 1171.354854][T23296] ? get_pid_task+0x106/0x250 [ 1171.354902][T23296] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1171.354932][T23296] ? __fget_files+0x215/0x3d0 [ 1171.354971][T23296] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1171.355005][T23296] kern_select+0x20c/0x270 [ 1171.355043][T23296] ? __pfx_kern_select+0x10/0x10 [ 1171.355084][T23296] ? __pfx_ksys_write+0x10/0x10 [ 1171.355125][T23296] __x64_sys_select+0xbd/0x160 [ 1171.355159][T23296] ? do_syscall_64+0x95/0xf80 [ 1171.355186][T23296] ? lockdep_hardirqs_on+0x78/0x100 [ 1171.355213][T23296] do_syscall_64+0x106/0xf80 [ 1171.355245][T23296] ? clear_bhb_loop+0x40/0x90 [ 1171.355274][T23296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.355298][T23296] RIP: 0033:0x7fe30079c799 [ 1171.355318][T23296] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1171.355342][T23296] RSP: 002b:00007fe3016d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1171.355366][T23296] RAX: ffffffffffffffda RBX: 00007fe300a16090 RCX: 00007fe30079c799 [ 1171.355382][T23296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1171.355396][T23296] RBP: 00007fe3016d8090 R08: 0000000000000000 R09: 0000000000000000 [ 1171.355410][T23296] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1171.355425][T23296] R13: 00007fe300a16128 R14: 00007fe300a16090 R15: 00007ffe3fc2cf98 [ 1171.355455][T23296] [ 1172.741970][T23288] Bluetooth: hci0: command 0x0c1a tx timeout [ 1174.715918][T23347] zram0: detected capacity change from 0 to 16 [ 1174.822130][ T5146] Bluetooth: hci0: command 0x0c1a tx timeout [ 1175.769459][T23353] ubi0: attaching mtd0 [ 1175.783381][T23353] ubi0: scanning is finished [ 1176.259024][T23353] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1177.552533][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.562304][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1183.985191][T23468] Invalid ELF header magic: != ELF [ 1188.147633][T23516] ubi0: attaching mtd0 [ 1188.233700][T23516] ubi0: scanning is finished [ 1189.780428][T23516] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1189.812937][T23554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3601'. [ 1208.164283][T23721] ubi0: attaching mtd0 [ 1208.183587][T23721] ubi0: scanning is finished [ 1208.781293][T23737] FAULT_INJECTION: forcing a failure. [ 1208.781293][T23737] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.794496][T23737] CPU: 0 UID: 0 PID: 23737 Comm: syz.3.3642 Not tainted syzkaller #0 PREEMPT(full) [ 1208.794541][T23737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1208.794562][T23737] Call Trace: [ 1208.794574][T23737] [ 1208.794587][T23737] dump_stack_lvl+0x100/0x190 [ 1208.794651][T23737] should_fail_ex.cold+0x5/0xa [ 1208.794692][T23737] should_failslab+0xc2/0x120 [ 1208.794730][T23737] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1208.794779][T23737] ? open_substream+0xec/0x9e0 [ 1208.794932][T23737] open_substream+0xec/0x9e0 [ 1208.794971][T23737] ? lockdep_hardirqs_on+0x78/0x100 [ 1208.795006][T23737] rawmidi_open_priv+0x524/0x6f0 [ 1208.795081][T23737] snd_rawmidi_open+0x4c9/0xba0 [ 1208.795113][T23737] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1208.795142][T23737] ? __pfx_default_wake_function+0x10/0x10 [ 1208.795169][T23737] ? soundcore_open+0x231/0x5a0 [ 1208.795235][T23737] ? soundcore_open+0x231/0x5a0 [ 1208.795271][T23737] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1208.795300][T23737] soundcore_open+0x2e3/0x5a0 [ 1208.795357][T23737] ? __pfx_soundcore_open+0x10/0x10 [ 1208.795391][T23737] chrdev_open+0x234/0x6a0 [ 1208.795415][T23737] ? __pfx_apparmor_file_open+0x10/0x10 [ 1208.795454][T23737] ? __pfx_chrdev_open+0x10/0x10 [ 1208.795480][T23737] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1208.795513][T23737] do_dentry_open+0x6d8/0x1660 [ 1208.795539][T23737] ? __pfx_chrdev_open+0x10/0x10 [ 1208.795570][T23737] vfs_open+0x82/0x3f0 [ 1208.795603][T23737] path_openat+0x208c/0x31a0 [ 1208.795638][T23737] ? __pfx_path_openat+0x10/0x10 [ 1208.795673][T23737] do_file_open+0x20e/0x430 [ 1208.795699][T23737] ? __pfx_do_file_open+0x10/0x10 [ 1208.795745][T23737] ? alloc_fd+0x476/0x790 [ 1208.795771][T23737] ? do_getname+0x191/0x390 [ 1208.795804][T23737] do_sys_openat2+0x10d/0x1e0 [ 1208.795864][T23737] ? __pfx_do_sys_openat2+0x10/0x10 [ 1208.795924][T23737] __x64_sys_openat+0x12d/0x210 [ 1208.795970][T23737] ? __pfx___x64_sys_openat+0x10/0x10 [ 1208.796015][T23737] do_syscall_64+0x106/0xf80 [ 1208.796051][T23737] ? clear_bhb_loop+0x40/0x90 [ 1208.796082][T23737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.796108][T23737] RIP: 0033:0x7f445919c799 [ 1208.796130][T23737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1208.796154][T23737] RSP: 002b:00007f44573d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1208.796178][T23737] RAX: ffffffffffffffda RBX: 00007f4459416090 RCX: 00007f445919c799 [ 1208.796195][T23737] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1208.796211][T23737] RBP: 00007f4459232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1208.796227][T23737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1208.796242][T23737] R13: 00007f4459416128 R14: 00007f4459416090 R15: 00007fff3f561fe8 [ 1208.796273][T23737] [ 1209.812129][T23721] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1209.992993][T23745] FAULT_INJECTION: forcing a failure. [ 1209.992993][T23745] name failslab, interval 1, probability 0, space 0, times 0 [ 1210.054710][T23745] CPU: 0 UID: 0 PID: 23745 Comm: syz.0.3643 Not tainted syzkaller #0 PREEMPT(full) [ 1210.054759][T23745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1210.054780][T23745] Call Trace: [ 1210.054791][T23745] [ 1210.054804][T23745] dump_stack_lvl+0x100/0x190 [ 1210.054863][T23745] should_fail_ex.cold+0x5/0xa [ 1210.054905][T23745] should_failslab+0xc2/0x120 [ 1210.054942][T23745] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1210.054998][T23745] ? __d_alloc+0x34/0xa80 [ 1210.055047][T23745] __d_alloc+0x34/0xa80 [ 1210.055090][T23745] d_alloc+0x4a/0x1e0 [ 1210.055130][T23745] lookup_one_qstr_excl+0x175/0x250 [ 1210.055181][T23745] start_dirop+0x59/0xb0 [ 1210.055238][T23745] simple_start_creating+0xf9/0x110 [ 1210.055302][T23745] ? __pfx_simple_start_creating+0x10/0x10 [ 1210.055359][T23745] ? mntput+0x70/0xa0 [ 1210.055411][T23745] ? simple_pin_fs+0xa3/0x190 [ 1210.055464][T23745] debugfs_start_creating.part.0+0x82/0x170 [ 1210.055533][T23745] __debugfs_create_file+0xb3/0x4f0 [ 1210.055596][T23745] debugfs_create_file_full+0x41/0x60 [ 1210.055654][T23745] kvm_dev_ioctl+0x16c7/0x1a50 [ 1210.055750][T23745] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1210.055807][T23745] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1210.055851][T23745] __x64_sys_ioctl+0x18e/0x210 [ 1210.055904][T23745] do_syscall_64+0x106/0xf80 [ 1210.055945][T23745] ? clear_bhb_loop+0x40/0x90 [ 1210.055988][T23745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1210.056024][T23745] RIP: 0033:0x7f82cbd9c799 [ 1210.056060][T23745] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1210.056098][T23745] RSP: 002b:00007f82ccc98028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1210.056133][T23745] RAX: ffffffffffffffda RBX: 00007f82cc016090 RCX: 00007f82cbd9c799 [ 1210.056156][T23745] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000007 [ 1210.056178][T23745] RBP: 00007f82cbe32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1210.056201][T23745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1210.056222][T23745] R13: 00007f82cc016128 R14: 00007f82cc016090 R15: 00007fff8bf9c028 [ 1210.056274][T23745] [ 1213.484802][T23790] vivid-007: ================= START STATUS ================= [ 1213.493005][T23790] vivid-007: Enable Output Cropping: true [ 1213.499013][T23790] vivid-007: Enable Output Composing: true [ 1213.515307][T23790] vivid-007: Enable Output Scaler: true [ 1213.548216][T23790] vivid-007: Tx RGB Quantization Range: Automatic [ 1213.917594][T23790] vivid-007: Transmit Mode: HDMI [ 1213.934530][T23791] FAULT_INJECTION: forcing a failure. [ 1213.934530][T23791] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.948625][T23790] vivid-007: Hotplug Present: 0x00000000 [ 1213.955205][T23790] vivid-007: RxSense Present: 0x00000000 [ 1213.961192][T23790] vivid-007: EDID Present: 0x00000000 [ 1213.966861][T23791] CPU: 1 UID: 0 PID: 23791 Comm: syz.0.3653 Not tainted syzkaller #0 PREEMPT(full) [ 1213.966904][T23791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1213.966932][T23791] Call Trace: [ 1213.966951][T23791] [ 1213.966964][T23791] dump_stack_lvl+0x100/0x190 [ 1213.967028][T23791] should_fail_ex.cold+0x5/0xa [ 1213.967058][T23791] should_failslab+0xc2/0x120 [ 1213.967084][T23791] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1213.967117][T23791] ? open_substream+0xec/0x9e0 [ 1213.967163][T23791] open_substream+0xec/0x9e0 [ 1213.967201][T23791] ? lockdep_hardirqs_on+0x78/0x100 [ 1213.967233][T23791] rawmidi_open_priv+0x524/0x6f0 [ 1213.967265][T23791] snd_rawmidi_open+0x4c9/0xba0 [ 1213.967296][T23791] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1213.967325][T23791] ? __pfx_default_wake_function+0x10/0x10 [ 1213.967351][T23791] ? soundcore_open+0x231/0x5a0 [ 1213.967385][T23791] ? soundcore_open+0x231/0x5a0 [ 1213.967421][T23791] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1213.967455][T23791] soundcore_open+0x2e3/0x5a0 [ 1213.967493][T23791] ? __pfx_soundcore_open+0x10/0x10 [ 1213.967527][T23791] chrdev_open+0x234/0x6a0 [ 1213.967551][T23791] ? __pfx_apparmor_file_open+0x10/0x10 [ 1213.967587][T23791] ? __pfx_chrdev_open+0x10/0x10 [ 1213.967613][T23791] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1213.967646][T23791] do_dentry_open+0x6d8/0x1660 [ 1213.967669][T23791] ? __pfx_chrdev_open+0x10/0x10 [ 1213.967700][T23791] vfs_open+0x82/0x3f0 [ 1213.967734][T23791] path_openat+0x208c/0x31a0 [ 1213.967768][T23791] ? __pfx_path_openat+0x10/0x10 [ 1213.967803][T23791] do_file_open+0x20e/0x430 [ 1213.967830][T23791] ? __pfx_do_file_open+0x10/0x10 [ 1213.967876][T23791] ? alloc_fd+0x476/0x790 [ 1213.967902][T23791] ? do_getname+0x191/0x390 [ 1213.967934][T23791] do_sys_openat2+0x10d/0x1e0 [ 1213.967968][T23791] ? __pfx_do_sys_openat2+0x10/0x10 [ 1213.968011][T23791] __x64_sys_openat+0x12d/0x210 [ 1213.968043][T23791] ? __pfx___x64_sys_openat+0x10/0x10 [ 1213.968087][T23791] do_syscall_64+0x106/0xf80 [ 1213.968141][T23791] ? clear_bhb_loop+0x40/0x90 [ 1213.968172][T23791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.968197][T23791] RIP: 0033:0x7f82cbd9c799 [ 1213.968218][T23791] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.968244][T23791] RSP: 002b:00007f82ccc98028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1213.968267][T23791] RAX: ffffffffffffffda RBX: 00007f82cc016090 RCX: 00007f82cbd9c799 [ 1213.968285][T23791] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1213.968301][T23791] RBP: 00007f82cbe32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1213.968316][T23791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.968331][T23791] R13: 00007f82cc016128 R14: 00007f82cc016090 R15: 00007fff8bf9c028 [ 1213.968363][T23791] [ 1213.971563][T23790] vivid-007: ================== END STATUS ================== [ 1214.987689][T23796] sp0: Synchronizing with TNC [ 1215.839041][T23812] Â: entered promiscuous mode [ 1218.353166][T23850] FAULT_INJECTION: forcing a failure. [ 1218.353166][T23850] name failslab, interval 1, probability 0, space 0, times 0 [ 1218.452067][T23850] CPU: 1 UID: 0 PID: 23850 Comm: syz.1.3665 Not tainted syzkaller #0 PREEMPT(full) [ 1218.452119][T23850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1218.452136][T23850] Call Trace: [ 1218.452144][T23850] [ 1218.452155][T23850] dump_stack_lvl+0x100/0x190 [ 1218.452197][T23850] should_fail_ex.cold+0x5/0xa [ 1218.452226][T23850] should_failslab+0xc2/0x120 [ 1218.452251][T23850] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1218.452283][T23850] ? open_substream+0xec/0x9e0 [ 1218.452329][T23850] open_substream+0xec/0x9e0 [ 1218.452367][T23850] ? lockdep_hardirqs_on+0x78/0x100 [ 1218.452399][T23850] rawmidi_open_priv+0x524/0x6f0 [ 1218.452430][T23850] snd_rawmidi_open+0x4c9/0xba0 [ 1218.452462][T23850] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1218.452491][T23850] ? __pfx_default_wake_function+0x10/0x10 [ 1218.452517][T23850] ? soundcore_open+0x231/0x5a0 [ 1218.452556][T23850] ? soundcore_open+0x231/0x5a0 [ 1218.452593][T23850] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1218.452621][T23850] soundcore_open+0x2e3/0x5a0 [ 1218.452658][T23850] ? __pfx_soundcore_open+0x10/0x10 [ 1218.452693][T23850] chrdev_open+0x234/0x6a0 [ 1218.452717][T23850] ? __pfx_apparmor_file_open+0x10/0x10 [ 1218.452753][T23850] ? __pfx_chrdev_open+0x10/0x10 [ 1218.452779][T23850] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1218.452811][T23850] do_dentry_open+0x6d8/0x1660 [ 1218.452834][T23850] ? __pfx_chrdev_open+0x10/0x10 [ 1218.452866][T23850] vfs_open+0x82/0x3f0 [ 1218.452899][T23850] path_openat+0x208c/0x31a0 [ 1218.452933][T23850] ? __pfx_path_openat+0x10/0x10 [ 1218.452969][T23850] do_file_open+0x20e/0x430 [ 1218.452995][T23850] ? __pfx_do_file_open+0x10/0x10 [ 1218.453043][T23850] ? alloc_fd+0x476/0x790 [ 1218.453070][T23850] ? do_getname+0x191/0x390 [ 1218.453102][T23850] do_sys_openat2+0x10d/0x1e0 [ 1218.453134][T23850] ? __pfx_do_sys_openat2+0x10/0x10 [ 1218.453176][T23850] __x64_sys_openat+0x12d/0x210 [ 1218.453208][T23850] ? __pfx___x64_sys_openat+0x10/0x10 [ 1218.453252][T23850] do_syscall_64+0x106/0xf80 [ 1218.453280][T23850] ? clear_bhb_loop+0x40/0x90 [ 1218.453310][T23850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.453335][T23850] RIP: 0033:0x7fe30079c799 [ 1218.453355][T23850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1218.453380][T23850] RSP: 002b:00007fe3016d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1218.453404][T23850] RAX: ffffffffffffffda RBX: 00007fe300a16090 RCX: 00007fe30079c799 [ 1218.453420][T23850] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1218.453436][T23850] RBP: 00007fe300832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1218.453452][T23850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1218.453467][T23850] R13: 00007fe300a16128 R14: 00007fe300a16090 R15: 00007ffe3fc2cf98 [ 1218.453508][T23850] [ 1222.023572][T23886] Â: entered promiscuous mode [ 1225.084030][T23926] FAULT_INJECTION: forcing a failure. [ 1225.084030][T23926] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.132078][T23926] CPU: 1 UID: 0 PID: 23926 Comm: syz.2.3678 Not tainted syzkaller #0 PREEMPT(full) [ 1225.132125][T23926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1225.132147][T23926] Call Trace: [ 1225.132160][T23926] [ 1225.132173][T23926] dump_stack_lvl+0x100/0x190 [ 1225.132235][T23926] should_fail_ex.cold+0x5/0xa [ 1225.132277][T23926] should_failslab+0xc2/0x120 [ 1225.132314][T23926] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1225.132359][T23926] ? open_substream+0xec/0x9e0 [ 1225.132424][T23926] ? preempt_schedule_common+0x42/0xc0 [ 1225.132471][T23926] open_substream+0xec/0x9e0 [ 1225.132533][T23926] rawmidi_open_priv+0x524/0x6f0 [ 1225.132580][T23926] snd_rawmidi_open+0x4c9/0xba0 [ 1225.132627][T23926] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1225.132669][T23926] ? __pfx_default_wake_function+0x10/0x10 [ 1225.132708][T23926] ? soundcore_open+0x231/0x5a0 [ 1225.132755][T23926] ? soundcore_open+0x231/0x5a0 [ 1225.132804][T23926] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1225.132834][T23926] soundcore_open+0x2e3/0x5a0 [ 1225.132871][T23926] ? __pfx_soundcore_open+0x10/0x10 [ 1225.132906][T23926] chrdev_open+0x234/0x6a0 [ 1225.132929][T23926] ? __pfx_apparmor_file_open+0x10/0x10 [ 1225.132965][T23926] ? __pfx_chrdev_open+0x10/0x10 [ 1225.132991][T23926] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1225.133024][T23926] do_dentry_open+0x6d8/0x1660 [ 1225.133047][T23926] ? __pfx_chrdev_open+0x10/0x10 [ 1225.133078][T23926] vfs_open+0x82/0x3f0 [ 1225.133111][T23926] path_openat+0x208c/0x31a0 [ 1225.133145][T23926] ? __pfx_path_openat+0x10/0x10 [ 1225.133180][T23926] do_file_open+0x20e/0x430 [ 1225.133207][T23926] ? __pfx_do_file_open+0x10/0x10 [ 1225.133252][T23926] ? alloc_fd+0x476/0x790 [ 1225.133278][T23926] ? do_getname+0x191/0x390 [ 1225.133310][T23926] do_sys_openat2+0x10d/0x1e0 [ 1225.133341][T23926] ? __pfx_do_sys_openat2+0x10/0x10 [ 1225.133390][T23926] __x64_sys_openat+0x12d/0x210 [ 1225.133423][T23926] ? __pfx___x64_sys_openat+0x10/0x10 [ 1225.133467][T23926] do_syscall_64+0x106/0xf80 [ 1225.133496][T23926] ? clear_bhb_loop+0x40/0x90 [ 1225.133526][T23926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.133551][T23926] RIP: 0033:0x7ff23fb9c799 [ 1225.133571][T23926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1225.133596][T23926] RSP: 002b:00007ff2409dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1225.133620][T23926] RAX: ffffffffffffffda RBX: 00007ff23fe16180 RCX: 00007ff23fb9c799 [ 1225.133637][T23926] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1225.133652][T23926] RBP: 00007ff23fc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1225.133668][T23926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1225.133683][T23926] R13: 00007ff23fe16218 R14: 00007ff23fe16180 R15: 00007ffc653aa808 [ 1225.133714][T23926] [ 1227.119516][T23933] FAULT_INJECTION: forcing a failure. [ 1227.119516][T23933] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1227.232393][T23933] CPU: 0 UID: 0 PID: 23933 Comm: syz.3.3684 Not tainted syzkaller #0 PREEMPT(full) [ 1227.232427][T23933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1227.232443][T23933] Call Trace: [ 1227.232451][T23933] [ 1227.232460][T23933] dump_stack_lvl+0x100/0x190 [ 1227.232501][T23933] should_fail_ex.cold+0x5/0xa [ 1227.232529][T23933] _copy_from_user+0x2e/0xd0 [ 1227.232570][T23933] copy_msghdr_from_user+0x9f/0x4f0 [ 1227.232611][T23933] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1227.232662][T23933] ___sys_sendmsg+0x106/0x1e0 [ 1227.232700][T23933] ? __pfx____sys_sendmsg+0x10/0x10 [ 1227.232770][T23933] __sys_sendmsg+0x170/0x220 [ 1227.232798][T23933] ? __pfx___sys_sendmsg+0x10/0x10 [ 1227.232844][T23933] do_syscall_64+0x106/0xf80 [ 1227.232872][T23933] ? clear_bhb_loop+0x40/0x90 [ 1227.232901][T23933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1227.232926][T23933] RIP: 0033:0x7f445919c799 [ 1227.232946][T23933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1227.232970][T23933] RSP: 002b:00007f44573f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1227.232992][T23933] RAX: ffffffffffffffda RBX: 00007f4459415fa0 RCX: 00007f445919c799 [ 1227.233008][T23933] RDX: 0000000000000000 RSI: 0000200000002cc0 RDI: 0000000000000003 [ 1227.233023][T23933] RBP: 00007f44573f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1227.233038][T23933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1227.233052][T23933] R13: 00007f4459416038 R14: 00007f4459415fa0 R15: 00007fff3f561fe8 [ 1227.233082][T23933] [ 1228.929581][T23947] FAULT_INJECTION: forcing a failure. [ 1228.929581][T23947] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.942546][T23947] CPU: 1 UID: 0 PID: 23947 Comm: syz.3.3697 Not tainted syzkaller #0 PREEMPT(full) [ 1228.942589][T23947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1228.942610][T23947] Call Trace: [ 1228.942621][T23947] [ 1228.942635][T23947] dump_stack_lvl+0x100/0x190 [ 1228.942696][T23947] should_fail_ex.cold+0x5/0xa [ 1228.942725][T23947] should_failslab+0xc2/0x120 [ 1228.942751][T23947] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1228.942784][T23947] ? open_substream+0xec/0x9e0 [ 1228.942879][T23947] open_substream+0xec/0x9e0 [ 1228.942918][T23947] ? lockdep_hardirqs_on+0x78/0x100 [ 1228.942951][T23947] rawmidi_open_priv+0x524/0x6f0 [ 1228.942984][T23947] snd_rawmidi_open+0x4c9/0xba0 [ 1228.943016][T23947] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1228.943048][T23947] ? __pfx_default_wake_function+0x10/0x10 [ 1228.943075][T23947] ? soundcore_open+0x231/0x5a0 [ 1228.943108][T23947] ? soundcore_open+0x231/0x5a0 [ 1228.943144][T23947] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1228.943173][T23947] soundcore_open+0x2e3/0x5a0 [ 1228.943210][T23947] ? __pfx_soundcore_open+0x10/0x10 [ 1228.943244][T23947] chrdev_open+0x234/0x6a0 [ 1228.943268][T23947] ? __pfx_apparmor_file_open+0x10/0x10 [ 1228.943304][T23947] ? __pfx_chrdev_open+0x10/0x10 [ 1228.943330][T23947] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1228.943363][T23947] do_dentry_open+0x6d8/0x1660 [ 1228.943386][T23947] ? __pfx_chrdev_open+0x10/0x10 [ 1228.943418][T23947] vfs_open+0x82/0x3f0 [ 1228.943453][T23947] path_openat+0x208c/0x31a0 [ 1228.943488][T23947] ? __pfx_path_openat+0x10/0x10 [ 1228.943523][T23947] do_file_open+0x20e/0x430 [ 1228.943550][T23947] ? __pfx_do_file_open+0x10/0x10 [ 1228.943595][T23947] ? alloc_fd+0x476/0x790 [ 1228.943621][T23947] ? do_getname+0x191/0x390 [ 1228.943653][T23947] do_sys_openat2+0x10d/0x1e0 [ 1228.943685][T23947] ? __pfx_do_sys_openat2+0x10/0x10 [ 1228.943727][T23947] __x64_sys_openat+0x12d/0x210 [ 1228.943760][T23947] ? __pfx___x64_sys_openat+0x10/0x10 [ 1228.943811][T23947] do_syscall_64+0x106/0xf80 [ 1228.943839][T23947] ? clear_bhb_loop+0x40/0x90 [ 1228.943870][T23947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1228.943896][T23947] RIP: 0033:0x7f445919c799 [ 1228.943917][T23947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1228.943941][T23947] RSP: 002b:00007f44573d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1228.943965][T23947] RAX: ffffffffffffffda RBX: 00007f4459416090 RCX: 00007f445919c799 [ 1228.943982][T23947] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1228.943998][T23947] RBP: 00007f4459232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1228.944013][T23947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1228.944028][T23947] R13: 00007f4459416128 R14: 00007f4459416090 R15: 00007fff3f561fe8 [ 1228.944060][T23947] [ 1229.317609][T23946] Â: entered promiscuous mode [ 1235.143940][T23680] syz.2.3629 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1235.171658][T23680] CPU: 1 UID: 0 PID: 23680 Comm: syz.2.3629 Not tainted syzkaller #0 PREEMPT(full) [ 1235.171709][T23680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1235.171726][T23680] Call Trace: [ 1235.171735][T23680] [ 1235.171745][T23680] dump_stack_lvl+0x100/0x190 [ 1235.171785][T23680] dump_header+0xfb/0x606 [ 1235.171813][T23680] oom_kill_process.cold+0xd/0x330 [ 1235.171841][T23680] out_of_memory+0x340/0x14f0 [ 1235.171882][T23680] ? __pfx_out_of_memory+0x10/0x10 [ 1235.171924][T23680] mem_cgroup_out_of_memory+0xc6/0x130 [ 1235.171957][T23680] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 1235.171987][T23680] ? find_held_lock+0x2b/0x80 [ 1235.172014][T23680] ? do_raw_spin_unlock+0x145/0x1e0 [ 1235.172050][T23680] ? _raw_spin_unlock+0x28/0x50 [ 1235.172077][T23680] try_charge_memcg+0x652/0xc90 [ 1235.172109][T23680] ? __pfx_try_charge_memcg+0x10/0x10 [ 1235.172133][T23680] ? find_held_lock+0x2b/0x80 [ 1235.172154][T23680] ? rcu_read_unlock+0x17/0x60 [ 1235.172178][T23680] ? rcu_read_unlock+0x17/0x60 [ 1235.172212][T23680] charge_memcg+0xa6/0x280 [ 1235.172236][T23680] __mem_cgroup_charge+0x2b/0x1e0 [ 1235.172266][T23680] shmem_alloc_and_add_folio+0x451/0xd40 [ 1235.172310][T23680] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1235.172348][T23680] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1235.172392][T23680] shmem_get_folio_gfp+0x6ab/0x1900 [ 1235.172435][T23680] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1235.172479][T23680] shmem_write_begin+0x1a4/0x420 [ 1235.172518][T23680] ? __pfx_shmem_write_begin+0x10/0x10 [ 1235.172556][T23680] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1235.172589][T23680] ? lockdep_hardirqs_on+0x78/0x100 [ 1235.172620][T23680] generic_perform_write+0x292/0xa40 [ 1235.172665][T23680] ? __pfx_generic_perform_write+0x10/0x10 [ 1235.172704][T23680] ? file_update_time_flags+0x373/0x500 [ 1235.172737][T23680] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1235.172761][T23680] shmem_file_write_iter+0x10e/0x140 [ 1235.172788][T23680] __kernel_write_iter+0x2ac/0x920 [ 1235.172828][T23680] ? __pfx___kernel_write_iter+0x10/0x10 [ 1235.172866][T23680] ? __up_read+0x2c5/0x700 [ 1235.172902][T23680] ? dump_user_range+0x73b/0xb50 [ 1235.172962][T23680] dump_user_range+0x3f9/0xb50 [ 1235.172993][T23680] ? __pfx_dump_user_range+0x10/0x10 [ 1235.173029][T23680] ? __pfx_writenote+0x10/0x10 [ 1235.173064][T23680] elf_core_dump+0x2d5f/0x3d10 [ 1235.173108][T23680] ? __pfx_elf_core_dump+0x10/0x10 [ 1235.173136][T23680] ? kasan_save_stack+0x3f/0x50 [ 1235.173171][T23680] ? kasan_save_stack+0x30/0x50 [ 1235.173206][T23680] ? __kasan_kmalloc+0xaa/0xb0 [ 1235.173238][T23680] ? __kvmalloc_node_noprof+0x360/0xa00 [ 1235.173274][T23680] ? vfs_coredump+0x2105/0x5570 [ 1235.173298][T23680] ? asm_exc_page_fault+0x26/0x30 [ 1235.173326][T23680] ? 0xffffffffff600000 [ 1235.173391][T23680] ? vfs_coredump+0x27bc/0x5570 [ 1235.173413][T23680] vfs_coredump+0x27bc/0x5570 [ 1235.173450][T23680] ? __pfx_vfs_coredump+0x10/0x10 [ 1235.173476][T23680] ? __lock_acquire+0x4a5/0x2630 [ 1235.173517][T23680] ? lock_acquire+0x1cf/0x380 [ 1235.173558][T23680] ? is_bpf_text_address+0x8a/0x1a0 [ 1235.173599][T23680] ? bpf_ksym_find+0x124/0x1c0 [ 1235.173633][T23680] ? __kernel_text_address+0xd/0x30 [ 1235.173669][T23680] ? unwind_get_return_address+0x59/0xa0 [ 1235.173701][T23680] ? arch_stack_walk+0xa6/0xf0 [ 1235.173733][T23680] ? __sigqueue_free+0xbe/0x2a0 [ 1235.173765][T23680] ? stack_trace_save+0x8e/0xc0 [ 1235.173788][T23680] ? __pfx_stack_trace_save+0x10/0x10 [ 1235.173811][T23680] ? stack_depot_save_flags+0x27/0x9d0 [ 1235.173838][T23680] ? __lock_acquire+0x4a5/0x2630 [ 1235.173914][T23680] ? proc_coredump_connector+0x2d3/0x4f0 [ 1235.174010][T23680] ? __pfx_proc_coredump_connector+0x10/0x10 [ 1235.174045][T23680] ? rcu_is_watching+0x12/0xc0 [ 1235.174086][T23680] get_signal+0x1f2a/0x21e0 [ 1235.174122][T23680] ? __pfx_get_signal+0x10/0x10 [ 1235.174154][T23680] arch_do_signal_or_restart+0x91/0x770 [ 1235.174186][T23680] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1235.174224][T23680] ? do_user_addr_fault+0x8d6/0x12f0 [ 1235.174268][T23680] irqentry_exit+0x1f8/0x670 [ 1235.174299][T23680] asm_exc_page_fault+0x26/0x30 [ 1235.174321][T23680] RIP: 0033:0x7ff23fb9c7a1 [ 1235.174342][T23680] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 1235.174365][T23680] RSP: 002b:0000000000000bc2 EFLAGS: 00010217 [ 1235.174383][T23680] RAX: 0000000000000000 RBX: 00007ff23fe15fa0 RCX: 00007ff23fb9c799 [ 1235.174398][T23680] RDX: ffffffffffffffff RSI: 0000000000000bc2 RDI: 0000000000008ffe [ 1235.174414][T23680] RBP: 00007ff23fc32bd9 R08: 0000000000000006 R09: 0000000000000000 [ 1235.174428][T23680] R10: ffffffffff600000 R11: 0000000000000246 R12: 0000000000000000 [ 1235.174442][T23680] R13: 00007ff23fe16038 R14: 00007ff23fe15fa0 R15: 00007ffc653aa808 [ 1235.174463][T23680] ? 0xffffffffff600000 [ 1235.174489][T23680] [ 1235.174498][T23680] memory: usage 307200kB, limit 307200kB, failcnt 34854 [ 1235.759278][T23680] memory+swap: usage 432048kB, limit 9007199254740988kB, failcnt 0 [ 1235.800992][T23680] kmem: usage 4464kB, limit 9007199254740988kB, failcnt 0 [ 1235.831239][T23680] Memory cgroup stats for /syz2: [ 1235.831877][T23680] cache 307470336 [ 1235.840506][T23680] rss 2469888 [ 1235.861098][T23680] rss_huge 0 [ 1235.864362][T23680] shmem 297345024 [ 1235.891045][T23680] mapped_file 24670208 [ 1235.895440][T23680] dirty 634880 [ 1235.898841][T23680] writeback 0 [ 1235.915768][T23680] workingset_refault_anon 2520 [ 1235.920588][T23680] workingset_refault_file 3314 [ 1235.940934][T23680] swap 127844352 [ 1235.944551][T23680] swapcached 149360640 [ 1235.948627][T23680] pgpgin 1219710 [ 1235.971050][T23680] pgpgout 1156747 [ 1235.974739][T23680] pgfault 1289360 [ 1235.978386][T23680] pgmajfault 270 [ 1235.991187][T23680] inactive_anon 39895040 [ 1236.020998][T23680] active_anon 259588096 [ 1236.052546][T23680] inactive_file 106496 [ 1236.056679][T23680] active_file 0 [ 1236.097057][T23680] unevictable 10412032 [ 1236.117318][T23680] hierarchical_memory_limit 314572800 [ 1236.141020][T23680] hierarchical_memsw_limit 9223372036854771712 [ 1236.283537][T23680] total_cache 307470336 [ 1236.332858][T23680] total_rss 2469888 [ 1236.383947][T23680] total_rss_huge 0 [ 1236.455146][T23680] total_shmem 297345024 [ 1236.474767][T23680] total_mapped_file 24670208 [ 1236.569026][T23680] total_dirty 634880 [ 1236.628701][T23680] total_writeback 0 [ 1236.683253][T23680] total_workingset_refault_anon 2520 [ 1236.700070][T23680] total_workingset_refault_file 3314 [ 1236.747694][T23680] total_swap 127844352 [ 1236.805385][T23680] total_swapcached 149360640 [ 1236.917151][T23680] total_pgpgin 1219710 [ 1236.971007][T23680] total_pgpgout 1156747 [ 1237.044109][T23680] total_pgfault 1289360 [ 1237.111054][T23680] total_pgmajfault 270 [ 1237.115228][T23680] total_inactive_anon 39895040 [ 1237.172157][T23680] total_active_anon 259588096 [ 1237.176908][T23680] total_inactive_file 106496 [ 1237.200774][T23680] total_active_file 0 [ 1237.242583][T23680] total_unevictable 10412032 [ 1237.288866][T23680] anon_cost 0 [ 1237.381008][T23680] file_cost 0 [ 1237.451384][T23680] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3629,pid=23680,uid=0 [ 1237.561382][T23680] Memory cgroup out of memory: Killed process 23680 (syz.2.3629) total-vm:108772kB, anon-rss:1256kB, file-rss:68760kB, shmem-rss:0kB, UID:0 pgtables:232kB oom_score_adj:1000 [ 1238.991835][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.998240][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.080220][T24051] Â: entered promiscuous mode [ 1241.532775][T22973] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 1242.273004][T24061] Invalid ELF header magic: != ELF [ 1246.271142][T23666] syz.2.3624 (23666) used greatest stack depth: 17576 bytes left [ 1247.072342][T24105] ptrace attach of "./syz-executor exec"[17071] was attempted by ""[24105] [ 1247.161284][T24095] ubi0: attaching mtd0 [ 1247.213525][T24095] ubi0: scanning is finished [ 1248.339762][T24095] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1249.834959][T24137] Invalid ELF header magic: != ELF [ 1249.904126][T24141] vivid-007: ================= START STATUS ================= [ 1249.940947][T24141] vivid-007: Enable Output Cropping: true [ 1249.946943][T24141] vivid-007: Enable Output Composing: true [ 1249.967249][T24141] vivid-007: Enable Output Scaler: true [ 1250.019522][T24141] vivid-007: Tx RGB Quantization Range: Automatic [ 1250.103209][T24141] vivid-007: Transmit Mode: HDMI [ 1250.108277][T24141] vivid-007: Hotplug Present: 0x00000000 [ 1250.176455][T24141] vivid-007: RxSense Present: 0x00000000 [ 1250.221074][T24141] vivid-007: EDID Present: 0x00000000 [ 1250.228605][T24141] vivid-007: ================== END STATUS ================== [ 1251.592352][T24158] openvswitch: Â: Dropping previously announced user features [ 1252.851635][T24166] ptrace attach of "./syz-executor exec"[17856] was attempted by ""[24166] [ 1254.235731][T24204] vivid-007: ================= START STATUS ================= [ 1254.261292][T24204] vivid-007: Enable Output Cropping: true [ 1254.273542][T24204] vivid-007: Enable Output Composing: true [ 1254.310914][T24204] vivid-007: Enable Output Scaler: true [ 1254.316582][T24204] vivid-007: Tx RGB Quantization Range: Automatic [ 1254.373474][T24204] vivid-007: Transmit Mode: [ 1254.472423][T24200] Invalid ELF header magic: != ELF [ 1254.482562][T24204] HDMI [ 1254.485309][T24204] vivid-007: Hotplug Present: 0x00000000 [ 1254.492210][T24204] vivid-007: RxSense Present: 0x00000000 [ 1254.497937][T24204] vivid-007: EDID Present: 0x00000000 [ 1254.507327][T24204] vivid-007: ================== END STATUS ================== [ 1255.843030][T24214] ubi0: attaching mtd0 [ 1255.848770][T24214] ubi0: scanning is finished [ 1256.309090][T24214] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1256.336039][T24214] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1256.387155][T24214] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1256.433553][T24214] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1256.542264][T24214] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1256.549138][T24214] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1256.628884][T24214] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1256.680991][T24214] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1256.721115][T24221] ubi0: detaching mtd0 [ 1256.722192][T24227] ubi0: background thread "ubi_bgt0d" started, PID 24227 [ 1256.778751][T24221] ubi0: mtd0 is detached [ 1258.054464][T24251] Invalid ELF header magic: != ELF [ 1258.269798][T24251] vivid-007: ================= START STATUS ================= [ 1258.277648][T24251] vivid-007: Enable Output Cropping: true [ 1258.325026][T24251] vivid-007: Enable Output Composing: true [ 1258.359197][T24251] vivid-007: Enable Output Scaler: true [ 1258.370470][T24251] vivid-007: Tx RGB Quantization Range: Automatic [ 1258.389340][T24251] vivid-007: Transmit Mode: HDMI [ 1258.395350][T24251] vivid-007: Hotplug Present: 0x00000000 [ 1258.401577][T24251] vivid-007: RxSense Present: 0x00000000 [ 1258.407417][T24251] vivid-007: EDID Present: 0x00000000 [ 1258.417659][T24251] vivid-007: ================== END STATUS ================== [ 1258.979075][T24260] FAULT_INJECTION: forcing a failure. [ 1258.979075][T24260] name failslab, interval 1, probability 0, space 0, times 0 [ 1259.013308][T24260] CPU: 1 UID: 0 PID: 24260 Comm: syz.3.3749 Not tainted syzkaller #0 PREEMPT(full) [ 1259.013353][T24260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1259.013374][T24260] Call Trace: [ 1259.013385][T24260] [ 1259.013398][T24260] dump_stack_lvl+0x100/0x190 [ 1259.013456][T24260] should_fail_ex.cold+0x5/0xa [ 1259.013496][T24260] should_failslab+0xc2/0x120 [ 1259.013541][T24260] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1259.013594][T24260] ? __alloc_skb+0x140/0x710 [ 1259.013639][T24260] __alloc_skb+0x140/0x710 [ 1259.013673][T24260] ? __alloc_skb+0x5b7/0x710 [ 1259.013709][T24260] ? __pfx___alloc_skb+0x10/0x10 [ 1259.013757][T24260] netlink_alloc_large_skb+0x69/0x150 [ 1259.013807][T24260] netlink_sendmsg+0x680/0xda0 [ 1259.013859][T24260] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1259.013902][T24260] ? __import_iovec+0x1d2/0x640 [ 1259.013939][T24260] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1259.013993][T24260] ____sys_sendmsg+0xa54/0xc30 [ 1259.014046][T24260] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1259.014113][T24260] ___sys_sendmsg+0x190/0x1e0 [ 1259.014169][T24260] ? __pfx____sys_sendmsg+0x10/0x10 [ 1259.014271][T24260] __sys_sendmsg+0x170/0x220 [ 1259.014313][T24260] ? __pfx___sys_sendmsg+0x10/0x10 [ 1259.014380][T24260] do_syscall_64+0x106/0xf80 [ 1259.014420][T24260] ? clear_bhb_loop+0x40/0x90 [ 1259.014463][T24260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.014498][T24260] RIP: 0033:0x7f445919c799 [ 1259.014533][T24260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1259.014565][T24260] RSP: 002b:00007f44573f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1259.014598][T24260] RAX: ffffffffffffffda RBX: 00007f4459415fa0 RCX: 00007f445919c799 [ 1259.014621][T24260] RDX: 0000000000000000 RSI: 0000200000002cc0 RDI: 0000000000000003 [ 1259.014641][T24260] RBP: 00007f44573f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1259.014662][T24260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1259.014682][T24260] R13: 00007f4459416038 R14: 00007f4459415fa0 R15: 00007fff3f561fe8 [ 1259.014727][T24260] [ 1260.208134][T24272] ptrace attach of "./syz-executor exec"[17609] was attempted by ""[24272] [ 1262.223939][T24323] vivid-007: ================= START STATUS ================= [ 1262.236200][T24323] vivid-007: Enable Output Cropping: true [ 1262.236897][T24319] Invalid ELF header magic: != ELF [ 1262.282921][T24323] vivid-007: Enable Output Composing: true [ 1262.300220][T24323] vivid-007: Enable Output Scaler: true [ 1262.341179][T24323] vivid-007: Tx RGB Quantization Range: Automatic [ 1262.358936][T24323] vivid-007: Transmit Mode: HDMI [ 1262.366810][T24323] vivid-007: Hotplug Present: 0x00000000 [ 1262.373162][T24323] vivid-007: RxSense Present: 0x00000000 [ 1262.395026][T24323] vivid-007: EDID Present: 0x00000000 [ 1262.400524][T24323] vivid-007: ================== END STATUS ================== [ 1266.767559][T24398] ptrace attach of "./syz-executor exec"[17933] was attempted by ""[24398] [ 1268.615947][T24413] kexec: Could not allocate control_code_buffer [ 1270.126892][T24448] ptrace attach of "./syz-executor exec"[17933] was attempted by ""[24448] [ 1273.995904][T24486] kexec: Could not allocate control_code_buffer [ 1276.895278][T24511] ubi0: attaching mtd0 [ 1276.931907][T24511] ubi0: scanning is finished [ 1277.455694][T24511] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1277.583593][T24511] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1277.807901][T24511] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1278.075398][T24511] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1278.111023][T24511] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1278.281111][T24511] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1278.402315][T24511] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2636347628 [ 1278.453144][T24511] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1278.559649][T24534] ubi0: background thread "ubi_bgt0d" started, PID 24534 [ 1278.559679][T24522] ubi0: detaching mtd0 [ 1278.613427][T24522] ubi0: mtd0 is detached [ 1282.811061][T24555] kexec: Could not allocate control_code_buffer [ 1283.187519][T24586] Invalid ELF header magic: != ELF [ 1285.504210][T24608] Invalid ELF header magic: != ELF [ 1289.403890][T24664] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3823'. [ 1290.470543][T24681] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1290.482288][T24682] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3826'. [ 1290.503668][T24682] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3826'. [ 1292.107407][T24703] Invalid ELF header magic: != ELF [ 1293.628970][T24661] kexec: Could not allocate control_code_buffer [ 1300.417481][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.424010][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1351.465821][ T5195] udevd[5195]: worker [24659] /devices/pci0000:00/0000:00:03.0/virtio0/host0/target0:0:1/0:0:1:0/block/sda is taking a long time [ 1361.859064][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.865540][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.297571][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.304226][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1441.211170][ T30] INFO: task syz-executor:5811 blocked for more than 143 seconds. [ 1441.219417][ T30] Tainted: G L syzkaller #0 [ 1441.226187][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1441.235013][ T30] task:syz-executor state:D stack:22360 pid:5811 tgid:5811 ppid:5810 task_flags:0x440100 flags:0x00080000 [ 1441.247269][ T30] Call Trace: [ 1441.250596][ T30] [ 1441.253828][ T30] __schedule+0xfee/0x6120 [ 1441.258341][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1441.263425][ T30] ? __pfx___schedule+0x10/0x10 [ 1441.270208][ T30] ? find_held_lock+0x2b/0x80 [ 1441.275018][ T30] ? schedule+0x2bf/0x390 [ 1441.279406][ T30] schedule+0xdd/0x390 [ 1441.283840][ T30] io_schedule+0x8a/0xf0 [ 1441.288142][ T30] bit_wait_io+0xd/0xe0 [ 1441.292421][ T30] __wait_on_bit+0x65/0x180 [ 1441.296992][ T30] ? __pfx_bit_wait_io+0x10/0x10 [ 1441.302097][ T30] out_of_line_wait_on_bit+0xdc/0x110 [ 1441.307539][ T30] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 1441.313671][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 1441.319182][ T30] do_get_write_access+0x880/0x1210 [ 1441.324555][ T30] ? jbd2_write_access_granted+0x61/0x3d0 [ 1441.330354][ T30] jbd2_journal_get_write_access+0x1d6/0x280 [ 1441.336474][ T30] __ext4_journal_get_write_access+0x6a/0x340 [ 1441.342720][ T30] ext4_reserve_inode_write+0x1b7/0x330 [ 1441.348336][ T30] __ext4_mark_inode_dirty+0x18f/0x8b0 [ 1441.353906][ T30] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 1441.359965][ T30] ? trace_jbd2_handle_start+0x83/0x270 [ 1441.365737][ T30] ? jbd2__journal_start+0xf7/0x6a0 [ 1441.374027][ T30] ? __ext4_journal_start_sb+0x382/0x6a0 [ 1441.379712][ T30] ? __ext4_journal_start_sb+0x1ce/0x6a0 [ 1441.385708][ T30] ? ext4_dirty_inode+0xa1/0x130 [ 1441.390808][ T30] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 1441.396230][ T30] ext4_dirty_inode+0xd9/0x130 [ 1441.401127][ T30] ? rcu_is_watching+0x12/0xc0 [ 1441.405962][ T30] __mark_inode_dirty+0x1f3/0x1790 [ 1441.411217][ T30] file_update_time_flags+0x46b/0x500 [ 1441.416651][ T30] ext4_page_mkwrite+0x35b/0x1980 [ 1441.421808][ T30] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 1441.427330][ T30] ? vm_normal_page+0x1b6/0x330 [ 1441.432275][ T30] ? find_held_lock+0x2b/0x80 [ 1441.437009][ T30] ? rcu_read_unlock+0x2d/0xb0 [ 1441.441902][ T30] do_page_mkwrite+0x17a/0x440 [ 1441.446743][ T30] do_wp_page+0x4aa/0x4f00 [ 1441.451308][ T30] ? __pfx_do_wp_page+0x10/0x10 [ 1441.456216][ T30] ? do_raw_spin_lock+0x128/0x260 [ 1441.461387][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1441.466839][ T30] __handle_mm_fault+0x1ac8/0x2b60 [ 1441.472071][ T30] ? reacquire_held_locks+0xce/0x1e0 [ 1441.478630][ T30] ? __pfx___handle_mm_fault+0x10/0x10 [ 1441.484268][ T30] ? lock_vma_under_rcu+0x17c/0x590 [ 1441.489585][ T30] handle_mm_fault+0x36d/0xa20 [ 1441.494512][ T30] do_user_addr_fault+0x5a3/0x12f0 [ 1441.499734][ T30] exc_page_fault+0x6f/0xd0 [ 1441.504388][ T30] asm_exc_page_fault+0x26/0x30 [ 1441.509307][ T30] RIP: 0033:0x7f8fd2e6e903 [ 1441.513815][ T30] RSP: 002b:00007fff0db4a5a0 EFLAGS: 00010206 [ 1441.519901][ T30] RAX: 00007f8fcdbdf1f0 RBX: 00007fff0db4a6d0 RCX: 0000000000000000 [ 1441.528005][ T30] RDX: 00007f8fcdbdf1ec RSI: 0000000000000008 RDI: 00007fff0db4a6d0 [ 1441.536177][ T30] RBP: 00000000000003e6 R08: 0000000000000000 R09: 0000000000000000 [ 1441.544292][ T30] R10: 00007fff0db4a6b0 R11: 0000000000000000 R12: 0000000000000000 [ 1441.552376][ T30] R13: 0000000000020e10 R14: fffffffffffdf1f0 R15: 0000000000000000 [ 1441.560399][ T30] [ 1441.563589][ T30] INFO: task syz.0.3818:24645 blocked for more than 143 seconds. [ 1441.571996][ T30] Tainted: G L syzkaller #0 [ 1441.579632][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1441.588464][ T30] task:syz.0.3818 state:D stack:26536 pid:24645 tgid:24645 ppid:17933 task_flags:0x440040 flags:0x00080002 [ 1441.600571][ T30] Call Trace: [ 1441.603988][ T30] [ 1441.606965][ T30] __schedule+0xfee/0x6120 [ 1441.611555][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1441.616601][ T30] ? __pfx___schedule+0x10/0x10 [ 1441.621644][ T30] ? find_held_lock+0x2b/0x80 [ 1441.626386][ T30] ? schedule+0x2bf/0x390 [ 1441.630839][ T30] schedule+0xdd/0x390 [ 1441.634977][ T30] io_schedule+0x8a/0xf0 [ 1441.639274][ T30] bit_wait_io+0xd/0xe0 [ 1441.643587][ T30] __wait_on_bit+0x65/0x180 [ 1441.648146][ T30] ? __pfx_bit_wait_io+0x10/0x10 [ 1441.653220][ T30] out_of_line_wait_on_bit+0xdc/0x110 [ 1441.658653][ T30] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 1441.664773][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 1441.670297][ T30] do_get_write_access+0x880/0x1210 [ 1441.675605][ T30] ? jbd2_write_access_granted+0x61/0x3d0 [ 1441.682608][ T30] jbd2_journal_get_write_access+0x1d6/0x280 [ 1441.688665][ T30] __ext4_journal_get_write_access+0x6a/0x340 [ 1441.698940][ T30] ext4_reserve_inode_write+0x1b7/0x330 [ 1441.704681][ T30] __ext4_mark_inode_dirty+0x18f/0x8b0 [ 1441.710233][ T30] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 1441.716365][ T30] ? trace_jbd2_handle_start+0x83/0x270 [ 1441.722044][ T30] ? jbd2__journal_start+0xf7/0x6a0 [ 1441.727287][ T30] ? __ext4_journal_start_sb+0x382/0x6a0 [ 1441.733023][ T30] ? __ext4_journal_start_sb+0x1ce/0x6a0 [ 1441.738721][ T30] ? ext4_dirty_inode+0xa1/0x130 [ 1441.743786][ T30] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 1441.749220][ T30] ext4_dirty_inode+0xd9/0x130 [ 1441.754124][ T30] ? rcu_is_watching+0x12/0xc0 [ 1441.758967][ T30] __mark_inode_dirty+0x1f3/0x1790 [ 1441.764248][ T30] file_update_time_flags+0x46b/0x500 [ 1441.769706][ T30] ext4_page_mkwrite+0x35b/0x1980 [ 1441.774900][ T30] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 1441.781847][ T30] do_page_mkwrite+0x17a/0x440 [ 1441.786710][ T30] do_fault+0x3d7/0x1950 [ 1441.791120][ T30] __handle_mm_fault+0x180f/0x2b60 [ 1441.796307][ T30] ? reacquire_held_locks+0xce/0x1e0 [ 1441.801717][ T30] ? __pfx___handle_mm_fault+0x10/0x10 [ 1441.807244][ T30] ? lock_vma_under_rcu+0x17c/0x590 [ 1441.812603][ T30] handle_mm_fault+0x36d/0xa20 [ 1441.817435][ T30] do_user_addr_fault+0x5a3/0x12f0 [ 1441.822713][ T30] exc_page_fault+0x6f/0xd0 [ 1441.827276][ T30] asm_exc_page_fault+0x26/0x30 [ 1441.832226][ T30] RIP: 0033:0x7f82cbc71632 [ 1441.836684][ T30] RSP: 002b:00007fff8bf9c080 EFLAGS: 00010202 [ 1441.842854][ T30] RAX: 000000000005b008 RBX: 00007f82ccb45720 RCX: 0000000000000000 [ 1441.851056][ T30] RDX: 0000001b2dbc9000 RSI: 0000000000000008 RDI: 00007f82ccb45720 [ 1441.859286][ T30] RBP: 0000000000000c00 R08: 00007f82cc000000 R09: 00007f82cc0163f8 [ 1441.867387][ T30] R10: 0000000000000007 R11: 0000000000000014 R12: ffffffff8b8589a2 [ 1441.875450][ T30] R13: 00007f82cc0163f8 R14: 00000000000001fd R15: fffffffffffa5000 [ 1441.884995][ T30] ? mt_validate_nulls+0x222/0x9c0 [ 1441.890205][ T30] [ 1441.893428][ T30] INFO: task syz.3.3831:24702 blocked for more than 144 seconds. [ 1441.901244][ T30] Tainted: G L syzkaller #0 [ 1441.907759][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1441.916499][ T30] task:syz.3.3831 state:D stack:26536 pid:24702 tgid:24702 ppid:17071 task_flags:0x440040 flags:0x00080002 [ 1441.928597][ T30] Call Trace: [ 1441.932079][ T30] [ 1441.935057][ T30] __schedule+0xfee/0x6120 [ 1441.939499][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1441.944622][ T30] ? __pfx___schedule+0x10/0x10 [ 1441.949526][ T30] ? find_held_lock+0x2b/0x80 [ 1441.954307][ T30] ? schedule+0x2bf/0x390 [ 1441.958691][ T30] schedule+0xdd/0x390 [ 1441.962935][ T30] io_schedule+0x8a/0xf0 [ 1441.967234][ T30] bit_wait_io+0xd/0xe0 [ 1441.971482][ T30] __wait_on_bit+0x65/0x180 [ 1441.976047][ T30] ? __pfx_bit_wait_io+0x10/0x10 [ 1441.981153][ T30] out_of_line_wait_on_bit+0xdc/0x110 [ 1441.987959][ T30] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 1441.994095][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 1441.999619][ T30] do_get_write_access+0x880/0x1210 [ 1442.004979][ T30] ? jbd2_write_access_granted+0x61/0x3d0 [ 1442.011121][ T30] jbd2_journal_get_write_access+0x1d6/0x280 [ 1442.017224][ T30] __ext4_journal_get_write_access+0x6a/0x340 [ 1442.023464][ T30] ext4_reserve_inode_write+0x1b7/0x330 [ 1442.029078][ T30] __ext4_mark_inode_dirty+0x18f/0x8b0 [ 1442.034655][ T30] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 1442.040701][ T30] ? trace_jbd2_handle_start+0x83/0x270 [ 1442.046427][ T30] ? jbd2__journal_start+0xf7/0x6a0 [ 1442.051734][ T30] ? __ext4_journal_start_sb+0x382/0x6a0 [ 1442.057399][ T30] ? __ext4_journal_start_sb+0x1ce/0x6a0 [ 1442.063160][ T30] ? ext4_dirty_inode+0xa1/0x130 [ 1442.068167][ T30] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 1442.073645][ T30] ext4_dirty_inode+0xd9/0x130 [ 1442.078471][ T30] ? rcu_is_watching+0x12/0xc0 [ 1442.083368][ T30] __mark_inode_dirty+0x1f3/0x1790 [ 1442.089983][ T30] file_update_time_flags+0x46b/0x500 [ 1442.095618][ T30] ext4_page_mkwrite+0x35b/0x1980 [ 1442.100816][ T30] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 1442.106344][ T30] do_page_mkwrite+0x17a/0x440 [ 1442.111270][ T30] do_fault+0x3d7/0x1950 [ 1442.115574][ T30] __handle_mm_fault+0x180f/0x2b60 [ 1442.120864][ T30] ? reacquire_held_locks+0xce/0x1e0 [ 1442.126247][ T30] ? __pfx___handle_mm_fault+0x10/0x10 [ 1442.131891][ T30] ? lock_vma_under_rcu+0x17c/0x590 [ 1442.137189][ T30] handle_mm_fault+0x36d/0xa20 [ 1442.142153][ T30] do_user_addr_fault+0x5a3/0x12f0 [ 1442.147348][ T30] exc_page_fault+0x6f/0xd0 [ 1442.151950][ T30] asm_exc_page_fault+0x26/0x30 [ 1442.156857][ T30] RIP: 0033:0x7f4459070ec0 [ 1442.161395][ T30] RSP: 002b:00007fff3f562030 EFLAGS: 00010202 [ 1442.167509][ T30] RAX: 0000001b2f2ef000 RBX: ffffffff828c25eb RCX: 0000001b2f2eeff8 [ 1442.175635][ T30] RDX: 0000001b2ed24220 RSI: 0000000000000008 RDI: 00007f4459f45720 [ 1442.183702][ T30] RBP: 0000000000000117 R08: 00007f4459400000 R09: 00007f4459402000 [ 1442.193195][ T30] R10: 00000000828c25ef R11: 0000000000000016 R12: 00007f4459416308 [ 1442.201333][ T30] R13: 0000000000000142 R14: ffffffff828c2549 R15: 00007f4459f45720 [ 1442.209359][ T30] ? path_openat+0x8d9/0x31a0 [ 1442.214141][ T30] ? path_openat+0x97b/0x31a0 [ 1442.218876][ T30] [ 1442.222029][ T30] [ 1442.222029][ T30] Showing all locks held in the system: [ 1442.229894][ T30] 1 lock held by khungtaskd/30: [ 1442.234841][ T30] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1442.245027][ T30] 3 locks held by syz-executor/5811: [ 1442.250332][ T30] #0: ffff888073860bc8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11d/0x590 [ 1442.259868][ T30] #1: ffff88803604e518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x440 [ 1442.269558][ T30] #2: ffff88803604a950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfaa/0x13a0 [ 1442.279311][ T30] 3 locks held by syz.0.3818/24645: [ 1442.284613][ T30] #0: ffff88802336de48 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11d/0x590 [ 1442.295450][ T30] #1: ffff88803604e518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x440 [ 1442.305198][ T30] #2: ffff88803604a950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfaa/0x13a0 [ 1442.314952][ T30] 3 locks held by syz.3.3831/24702: [ 1442.320199][ T30] #0: ffff88802f0116c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11d/0x590 [ 1442.329562][ T30] #1: ffff88803604e518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x440 [ 1442.339223][ T30] #2: ffff88803604a950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfaa/0x13a0 [ 1442.348982][ T30] [ 1442.351401][ T30] ============================================= [ 1442.351401][ T30] [ 1442.359858][ T30] NMI backtrace for cpu 0 [ 1442.359890][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1442.359923][ T30] Tainted: [L]=SOFTLOCKUP [ 1442.359931][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1442.359945][ T30] Call Trace: [ 1442.359955][ T30] [ 1442.359965][ T30] dump_stack_lvl+0x100/0x190 [ 1442.360007][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1442.360047][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1442.360084][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1442.360126][ T30] sys_info+0x141/0x190 [ 1442.360158][ T30] watchdog+0xd25/0x1050 [ 1442.360189][ T30] ? __pfx_watchdog+0x10/0x10 [ 1442.360212][ T30] ? __kthread_parkme+0x18c/0x230 [ 1442.360243][ T30] ? kthread+0x13a/0x450 [ 1442.360272][ T30] ? __pfx_watchdog+0x10/0x10 [ 1442.360292][ T30] kthread+0x370/0x450 [ 1442.360322][ T30] ? __pfx_kthread+0x10/0x10 [ 1442.360355][ T30] ret_from_fork+0x754/0xd80 [ 1442.360401][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1442.360438][ T30] ? __switch_to+0x7b4/0x1120 [ 1442.360467][ T30] ? __pfx_kthread+0x10/0x10 [ 1442.360499][ T30] ret_from_fork_asm+0x1a/0x30 [ 1442.360539][ T30] [ 1442.360547][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1442.488290][ C1] NMI backtrace for cpu 1 [ 1442.488315][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 1442.488352][ C1] Tainted: [L]=SOFTLOCKUP [ 1442.488363][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1442.488379][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1442.488416][ C1] Code: 68 85 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 3e 1e 00 fb f4 fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 1442.488442][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246 [ 1442.488463][ C1] RAX: 0000000000a984c5 RBX: ffff88801e6e8000 RCX: ffffffff8b8d4c75 [ 1442.488481][ C1] RDX: 0000000000000000 RSI: ffffffff8de7b8e8 RDI: ffffffff8c1af520 [ 1442.488497][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10170a6795 [ 1442.488514][ C1] R10: ffff8880b8533cab R11: 0000000000000000 R12: ffffed1003cdd000 [ 1442.488531][ C1] R13: 0000000000000001 R14: ffffffff90d9b010 R15: 0000000000000000 [ 1442.488547][ C1] FS: 0000000000000000(0000) GS:ffff88812444c000(0000) knlGS:0000000000000000 [ 1442.488572][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1442.488589][ C1] CR2: 00005630a0af8000 CR3: 000000000e598000 CR4: 00000000003526f0 [ 1442.488606][ C1] Call Trace: [ 1442.488617][ C1] [ 1442.488626][ C1] default_idle+0x9/0x10 [ 1442.488660][ C1] default_idle_call+0x6c/0xb0 [ 1442.488695][ C1] do_idle+0x35b/0x4b0 [ 1442.488721][ C1] ? __pfx_do_idle+0x10/0x10 [ 1442.488749][ C1] cpu_startup_entry+0x4f/0x60 [ 1442.488775][ C1] start_secondary+0x21d/0x2d0 [ 1442.488811][ C1] ? __pfx_start_secondary+0x10/0x10 [ 1442.488858][ C1] common_startup_64+0x13e/0x148 [ 1442.488896][ C1] [ 1442.665400][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1442.672302][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1442.683036][ T30] Tainted: [L]=SOFTLOCKUP [ 1442.687392][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1442.697467][ T30] Call Trace: [ 1442.700773][ T30] [ 1442.703743][ T30] dump_stack_lvl+0x100/0x190 [ 1442.708489][ T30] vpanic+0x552/0x970 [ 1442.712492][ T30] ? __pfx_vpanic+0x10/0x10 [ 1442.717014][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1442.723216][ T30] panic+0xd1/0xe0 [ 1442.726980][ T30] ? __pfx_panic+0x10/0x10 [ 1442.731435][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1442.737648][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1442.743858][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1442.750068][ T30] ? watchdog.cold+0x198/0x1ca [ 1442.754877][ T30] ? watchdog+0xd35/0x1050 [ 1442.759336][ T30] watchdog.cold+0x1a9/0x1ca [ 1442.763980][ T30] ? __pfx_watchdog+0x10/0x10 [ 1442.768699][ T30] ? __kthread_parkme+0x18c/0x230 [ 1442.773768][ T30] ? kthread+0x13a/0x450 [ 1442.778065][ T30] ? __pfx_watchdog+0x10/0x10 [ 1442.782783][ T30] kthread+0x370/0x450 [ 1442.786900][ T30] ? __pfx_kthread+0x10/0x10 [ 1442.791538][ T30] ret_from_fork+0x754/0xd80 [ 1442.796184][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1442.801456][ T30] ? __switch_to+0x7b4/0x1120 [ 1442.806200][ T30] ? __pfx_kthread+0x10/0x10 [ 1442.810863][ T30] ret_from_fork_asm+0x1a/0x30 [ 1442.815694][ T30] [ 1442.819376][ T30] Kernel Offset: disabled [ 1442.823730][ T30] Rebooting in 86400 seconds..