last executing test programs: 9.532145808s ago: executing program 1 (id=3126): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyb8\x00', 0x80e42, 0x0) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x35dc80000000) r1 = epoll_create$auto(0x3e) unshare$auto(0x40000080) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r2, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x0) epoll_ctl$auto(r1, 0x1, 0xffffffffffffffff, 0x0) setreuid$auto(0x15, 0x5) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20006, 0x4, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = socket(0xa, 0x1, 0x84) getsockopt$auto(r4, 0x0, 0x480, 0x0, &(0x7f0000000040)=0x83) ioctl$auto(r0, 0x4b46, r3) 9.120333086s ago: executing program 3 (id=3130): mmap$auto(0xffffffffffffffff, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) socket(0x10, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x101400, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x2440, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [0x100000], {0x80d74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0xfe, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmsg$auto_NL80211_CMD_SET_STATION(r0, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x110000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="100026bd"], 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x40080c0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) timerfd_create$auto_CLOCK_REALTIME(0x0, 0x0) clock_nanosleep$auto(0xb, 0xa000001c, 0x0, 0xffffffffffffffff) 7.334942194s ago: executing program 1 (id=3133): unshare$auto(0x40000080) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xfffe0000) write$auto(0xffffffffffffffff, 0x0, 0xd) io_uring_setup$auto(0x6, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x81400, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x1c1400, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) syz_clone3(&(0x7f0000000380)={0x100800000, 0x0, 0x0, 0x0, {0xb}, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x58) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4138ae84, &(0x7f0000000180)={0x7, 0x20000000}) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) rt_sigprocmask$auto(0xffffffff, 0x0, 0x0, 0x8) r3 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) setns(r0, 0x20000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) lseek$auto(r3, 0x5, 0x4) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 6.88990888s ago: executing program 0 (id=3134): close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) socket(0xa, 0x2, 0x3a) r0 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/net/nr5/statistics/rx_nohandler\x00', 0xa880, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 6.556928203s ago: executing program 0 (id=3135): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x7fff}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0x2003f2, 0x15) 6.301782115s ago: executing program 3 (id=3136): recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0xa6c3, 0x0, 0xfffffffffffffffd, &(0x7f0000000300)="46f141e3d7c73f06e40bcf7fcf0a085a2900c3b8c746bd14f2572d82f365caf9c5abae36642f2769b011020c4a670c4da9bd9f1d8e8bd46a58f32983423c7b0dffb4e1a2dcc138e09e1599e0f360ef1f3ffd2cc30756f839a754ee33319c77ad66a6ad93c9a30ed5c54ec91b7deb194be780b3958d80be3c05b3795bd84ad810dd7e82de56403135cec281a27e4e425b2efa961c7f98d791110bb3db2d328e8784c9f5be21dbb5922d5586c45244dea18088baaddabfdcd30ab5119e90a818dbc3e0744a73048a7263c34584129a46ceac815f56a05b69b79d168a792c53c06055bd66eca722265a0268f681588c7283bb8a2deab6996396768973e20640e1455362277ca4e58fa5bd58edf0066d53a40fbfc1cd553387441d2cdc236fcaa1343c8ded93f4282370643f3d2da175238b9b5ed238a2e1b38c5b24a99b077ed16d4ae0e2fd799bbb6ab5e149588c7f709a3065c407caab5b8391c8607ad1f2eb2d5f06219edaf3e9bd894059b0184c11c37ee63d60642c2366edcc8e5b8d78a3a8c528e9daad734a7e17919af28544308a7788c1b160d717c65d822864a095f4eacfd2dc6579e2fb00351ab236b1a675d52e8058707e0fd7c850c301be0227c548bf39ea72ef973532887e633e81cca7e39761aecc71147e5a3ab9d94ef3e8b1c69db5af48cc69d1dae449e44fcb03065abfd10a17b7d0d034f993a866db0e", 0x5, 0x8001}, 0x4}, 0xfffffffb, 0x1000, &(0x7f0000000180)={0x8000, 0x7}) r0 = socket(0x23, 0x5, 0x0) bind$auto(r0, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x3, 0xa3}, 0x80) r1 = socket(0x23, 0x5, 0x0) bind$auto(r1, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b41", 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x5584b20c5a76eea7}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0x240, 0x0, 0x4, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_HE_6GHZ_CAPABILITY={0x31, 0x125, "99aecb17372f69c24583d174ca897b4e9992c27af5c5cc037fa9cb30126ae29d44f7a8145833c2ad33a305f5af"}, @NL80211_ATTR_MLO_LINKS={0x100, 0x138, 0x0, 0x1, [{0xfc, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x4}, @NL80211_ATTR_MAC_MASK={0xef, 0xd7, "337fcce3e94a37265e705b610c1093d8affc14ef4b410ab9fb41b2b43dea5c1e83271380aac7ecce87368345146ddb04d4cd02395d63b53e7db325718e7d337c595b2186cb3f2bff607428aa572696d69442f851faaee82449266fad79de5a63b364a29ae58925c86fb5e7a8820360670a170274bbfebb5bc345bb5be68750f0e6eb0e6cd64044450ba43fd6a1c008281ea75ba68288bfff765dd8e220a5b5b837af894de5770d5aa7bb1a0e870d4674a881c080316d79a9b7636cf4e31e3061abc98543cb53771e246fedbb7fbd12e4e85a61746c2559a95b3cbad9bc5ca7ef1b292aaa365834a17f9d1e"}]}]}, @NL80211_ATTR_BSS_BASIC_RATES={0xd, 0x24, "91a88bfc90bc3fedbe"}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x8}, @NL80211_ATTR_SCAN_SSIDS={0x4b, 0x2d, 0x0, 0x1, [@generic="6eb0bfc6ef6fcb6a9bbf93065765592b834302a354ddecb59eb4e120d5eff2ce1abe7de6179bdb912b160a3afd5c", @typed={0xc, 0x144, 0x0, 0x0, @u64=0xf}, @generic="1d641ba3e8", @typed={0x8, 0x3b, 0x0, 0x0, @fd=r2}]}, @NL80211_ATTR_FILS_NONCES={0x8d, 0xf3, "297a5b65baa8c055827a1f0594ccce219ea8030abe0c16ab03597f1659edfbb76e2f08b4f54a36302cc020f824552edd872efcfa386aaba6802a73f84c0083d7c2bf07eac10c12359f257cf9a491d04daf71a2dc127451ccc3667467c376925a3ffabc07f2845bb64391d410d9c43dee2eea6663eb6a04d77ed402170691b469612860e76a99a9b878"}]}, 0x240}, 0x1, 0x0, 0x0, 0x1}, 0x0) madvise$auto(0x40000800000, 0x7, 0x54) getsockopt$auto_SO_BSDCOMPAT(r2, 0x1ff, 0xe, &(0x7f0000000080)='^-', &(0x7f00000000c0)=0x4) 5.794352369s ago: executing program 3 (id=3138): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/rxrpc/calls\x00', 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00') r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/net/ip6_tables_matches\x00', 0x2000, 0x0) preadv$auto(r2, &(0x7f00000002c0)={0x0, 0xbe78}, 0x5, 0x800000fb, 0x8100000001) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/rxrpc/calls\x00', 0x2, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) (async) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) (async) read$auto(r0, 0x0, 0x1f40) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) (async) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00') (async) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/net/ip6_tables_matches\x00', 0x2000, 0x0) (async) preadv$auto(r2, &(0x7f00000002c0)={0x0, 0xbe78}, 0x5, 0x800000fb, 0x8100000001) (async) 5.675162177s ago: executing program 2 (id=3139): mmap$auto(0x0, 0x61, 0x100001000000004, 0x1ff, 0x400, 0x8002) r0 = eventfd$auto(0xdd8) ioctl$auto_XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000480)={r0, &(0x7f0000000380)="a2adfc6349f749b74d26dcb8fec9ccad28efc5790c7c617db72b014785ffd40e1fa4f6e885180ce2ecfea5eab391677724e2138df236f6c3cfc65dc29e50cd14fb188478bd413d422ecfd9b9309d3eebf9f847ad2d4e7f9eed45f733c677c8007239b6b3bf9e6b0f65bbfd848ab3a7c2cdb1bc9c5e8567dd3d17210bded0518c505e494bf5a28a6dedd5ba3ae7a2dd2645105e8ba77880d38ca7a65629dbfa00742b6ebbe4a930f96b47f278cbd483c5c35f8a61a577bfe4770b7f2397cd78da5c24d2fc83d1cbeaa366a9b21559c527902f39cec22ea269389f5bde8104975ad5be9f66989ff47e75c5358aa663", 0x3, &(0x7f0000000280)="d225cb0b541cb1bc48c14ed2e9cc130c5a50ac4bf7fc7821c0d98857731d9bb30d2112b070581b6dceaa5614bebb2ecfc70cad87b1d6c845eea456657f56c89923014b1753fdcfc69c4ae5", 0x2, &(0x7f00000001c0)="3278cfce384e1019aeba632b1f5e612284bf5589644334e21df4698bd423b1f7aa6e55ba50f4ddce", &(0x7f0000000300)=0x509381d1}) r2 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000180), r1) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r3, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r4, &(0x7f00000110c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003ac0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fedbdf25140000001800078014000200"], 0x2c}, 0x1, 0x0, 0x0, 0x20008105}, 0x4004840) unshare$auto(0xffffffffffffffff) socket(0x28, 0x5, 0x0) sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r2, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x20, 0x70bd29, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/nvme/parameters/io_queue_depth\x00', 0x20001, 0x0) write$auto(r6, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x200000000007d) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) 5.560544011s ago: executing program 0 (id=3140): r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xf, 0xfffffffd, 0x44b, 0x3, 0x5, 0x1007181, 0xd1, 0x400007, 0x3, 0x2, 0x800c, 0x80000001, 0x4, 0x80200000000001, 0x200000004, 0xde3, 0x9809588, 0xfffffffd, 0x2, 0x1, 0x864, 0x6, 0x22000, 0x201, 0x4, 0xc3f, 0x2000000, 0x0, 0x0, 0x0, 0x39, [0x0, 0x0, 0x0, 0x7fdf, 0x47, 0x4000000000000, 0x9, 0x0, 0x7, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7cd, 0x7, 0x2, 0x8000000000000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3ffffffffffffffe, 0x0, 0x0, 0x6, 0x7ff, 0x0, 0x1, 0x1, 0x0, 0xfff]}, 0xa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1441, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) socket(0x2, 0x80002, 0x73) socket(0xf, 0xa, 0x1) socket$nl_generic(0x10, 0x3, 0x10) open_tree$auto(0xffffffffffffff9c, &(0x7f0000001100)='./cgroup\x00', 0x1) r2 = open$auto(&(0x7f0000000080)='./cgroup\x00', 0x8, 0x4) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), r0) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)={0x50, r3, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x9}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0xfe}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'dvmrp0\x00'}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x1}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x2}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x2000c054}, 0x8000805) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x142000, 0x0) select$auto(0xd, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xbd, 0x9, 0x3, 0xfffffffffffff958, 0xfffffffffffffff8, 0xfff]}, 0x0, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffffffffffd0c, &(0x7f00000001c0)) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000bc30d24146030000d9f125040000000a00160091"], 0x20}}, 0x4044820) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r6 = getpgid(0x0) r7 = pidfd_open$auto(r6, 0x0) clone3$auto(&(0x7f00000004c0)={0x6, 0x2, 0x0, 0x63ec, 0x8, 0x2, 0x8, 0x0, 0x80000001, 0xffffffffffff8001, 0xf}, 0x1) process_madvise$auto(r7, 0x0, 0x3, 0x0, 0x8000000000000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 4.785426816s ago: executing program 2 (id=3141): mmap$auto(0x0, 0xb, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/options/event-fork\x00', 0x2000, 0x0) read$auto_trace_options_core_fops_trace(r0, 0x0, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) arch_prctl$auto_ARCH_SHSTK_STATUS(0x5005, 0xfffffffffffffffb) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001980), r3) read$auto(r2, 0x0, 0x20) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D2\x00', 0x8100, 0x0) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r3) r5 = ioctl$auto_NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000180)={"5a96e38dc9a9c0808ca98f927343bd14b3bac7cf85f1c96e43cd9d400d1f9d36", 0x8, 0x7ff, 0x8, 0x5, 0x8, 0x0}) r7 = ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000240)=0x7) sendmsg$auto_NL802154_CMD_SET_LBT_MODE(r3, &(0x7f0000000800)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000280)={0x508, r4, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xee}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}, @NL802154_ATTR_WPAN_PHY_CAPS={0x113, 0x18, 0x0, 0x1, [@nested={0xe5, 0x13d, 0x0, 0x1, [@nested={0x4, 0x113}, @typed={0xb7, 0xe3, 0x0, 0x0, @binary="71d956c11dc76ba7dc3a86389e5dfbe23f2e546204262e135825e48c132f1b9fa112da2654ff59d182ed6f4f6fbf2cb6a2821a6051f9bd099dc11ba65c32068fb3a5ee58e26f356c47a48ffe6003e39452404c127f432ef47e6f586616461ad245b8231fb637ff16ecd6b7d3f3f950dc7785d9aef55081e98391859e7a72de3d7668d85bbb4a7a198aff4f6703581e6bd573c3e459f8125262f0d9a45a317ea249dfdee4e49c2642a74fa743bff726eb3cd674"}, @typed={0x8, 0x35, 0x0, 0x0, @pid=r6}, @generic="32a2695b9ef10f64e2f88116304f4302ffa09acfaf7fc8e431058fde5f"]}, @typed={0x8, 0xfb, 0x0, 0x0, @ipv4=@multicast1}, @nested={0xc, 0x141, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x15}}]}, @generic="5399cae0b49d30021048066352453232bdc662"]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x162, 0x2b, 0x0, 0x1, [@nested={0x78, 0x88, 0x0, 0x1, [@generic="2f27b057c76ba7dd9ae35c6be32ccbc7f0f088f81d072dde27db9d0980509b774d384643d1fa567c40654d2422f6fa3ecff5c4f2afff836a4ab9f6b195a88d3310b4091d634e02d5f0c737a111f4100693cc0b12ea36c4b2eccc6ce432d6442818a86796b6cf5fe5620c4d71020a1f228f77204e"]}, @typed={0x8, 0x13e, 0x0, 0x0, @u32}, @generic="39ae520e2aec8a2807895868644ac83b29abd5a15d1229252c6c4557fe2b0fd4d6e9c9d0d2ab94dad0bf5739c074583e45373d9e3e91b3d47ab24cab17d611ff2c07a334767ef1e5d2771bd8dfc66f886e6e7658c0f8f30dc3148e23772203f4580d5811c5bca8b16d04d15ef090d6ed8775daa49962f551da6ba81e22b2b7330bb21c569e5c1d9f6bfaa63d9ec6f1bd2478dd46341e7c768d6094f46df5704f3974ba2d85375d30a7b12a703ab62a9ba7d0a9341f76ad75418422e4bc973327fd81e9ee5a2e23a7639e6ad948e6a37785b7f45f8cdf5e75db10680d1d4b"]}, @NL802154_ATTR_SEC_KEY={0x264, 0x30, 0x0, 0x1, [@generic="a93d0676a2a5593339aed87f9a735a63777136d009535851f8e00f09f9caae4c8b58695e01b91f64f9a338cf92e0d7d3ad0ab5b019eadba708ddefe473a4274fdc9769f90986651dc8453b4b4523da23c26f9217f9214dca3466fd6c09634f6be58a45fd425c1792932106c7040651a9215b4070692b3cc2bef19f9fbdb95bbf988edc72935607a92893d3b7a09abc7562fd9294112093404d9201679b3d01df93b0bee538e87cb005681522612fa0a7f50d83a47d71cbe7060bd17812a727e9bcac789da89a58c03ba382f63a1d05", @generic="b196e38e9084bb8515fa714e20d48ffd770275ce0c3dfdf6ec72b0119eb2f58e4f40384d35b4c9cf424ca8e5e784fc65a2b93743aa27cb60c988026153f8a0a39483b708f27e5530a8174f8f384c1376f5a11ac2490ae6a16e4219add4ccb0d95b3f4ec9f1c176eeb33e635febeabee3ce689de557bfd9df2118fd1b0bbe06abf74e5c16d3d71fd3655ddbbc4329261674e2732b7d967b6cd84a39b5255d4c281dff9ece868170cdd058d62ff2dbd228e598d8cd7605fee89d74411bcb85e4c5fb22ca9282177efe7c9c877246515033bdeacdd295ec7f93ca3f06d9cfb4b30d630a914fbe8db03170b856d7ad928cc785", @nested={0x9d, 0xaf, 0x0, 0x1, [@typed={0x8, 0x1f, 0x0, 0x0, @pid=r7}, @generic="c37009a808c84f6ebb526189f57ed7142772ed482093dd0464fb89c536aea5391b7704d484b68799b0284855bff3f2be1c1afd01514b6e06e6c254fb1785d7597c31e422573074dbf7731377c51897af9438fba5a79df03e49609af43675bb3066edeb944a25b1ebb5fc0c229af3b5490d85f85300d1351fba9a5de77d35cc7d76", @typed={0xc, 0x13d, 0x0, 0x0, @u64=0x4}, @nested={0x4, 0x10a}]}]}]}, 0x508}, 0x1, 0x0, 0x0, 0x4040}, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x100, 0x0) 4.785279615s ago: executing program 3 (id=3142): socket(0x18, 0xa, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x402000, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x8001, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) openat$auto_fake_panic_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) close_range$auto(r0, 0xfffffffffffff000, 0x0) r2 = fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) socket(0x11, 0x80003, 0x300) r3 = socket(0xa, 0x3, 0x6) r4 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r3, 0xd}, 0x92) ioctl$auto_BLKTRACESETUP32(r2, 0xc0401273, &(0x7f0000000140)={"8e016f93827542e7de86291dbafb88b28f1130744862d0841f815b51434ce319", 0x473, 0x401, 0xb, 0x40, 0xcce, r4}) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r5 = open(0x0, 0x261c2, 0x84) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r5, 0x0, 0x3}, 0xc) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r6, r6, 0x0, 0x2) 3.779398432s ago: executing program 2 (id=3143): r0 = openat$auto_ima_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000240), 0xace400, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000040)={0x0, 0x8d05}, 0x6, 0xe27a, 0x8) socket(0xa, 0x3, 0x3b) sendto$auto(r0, 0x0, 0x2000f, 0xff06, 0x0, 0x9) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, 0x0, 0x880, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bus/usb/005/001\x00', 0x400, 0x0) r1 = socket(0x9, 0x80000, 0x9) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x6, 0x48}) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x83, &(0x7f0000000480)={0x0, 0x4d}, 0x2000000000000004, 0x0, 0x5, 0x4001014}, 0x5}, 0x2, 0x100) io_uring_setup$auto(0x3, 0x0) read$auto(0x3, 0x0, 0x80) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty36\x00', 0x0, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20100, 0x0) socket(0x2, 0x801, 0x106) socketpair$auto(0x1a, 0x8, 0x8000000000000000, 0x0) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtd0ro\x00', 0x0, 0x0) ioctl$auto_BLKPG2(r2, 0x1269, 0x0) 3.094484988s ago: executing program 0 (id=3144): socket$nl_generic(0x10, 0x3, 0x10) socket(0x5, 0x801, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0xffffff39) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r1 = syz_clone(0x800000, &(0x7f0000000180)="5547ea7057c5d077036c5a283c31e3e66f131fe0860981124d16b13f25e0ea3593e25333c0bc9bbe96001ff2eb8fe28808c005415dd3b3a68576e842dcda40deb0859b716afea78cdaabe48dcd796b316197152ad9bc8a6904e078cea2a5367e923c1460064aac1abcd736daeed31bf66add385f1046626ecbf558857c311dafc71e57c7553e53586300a854dee735eb540071bd04fe0eedc2c726ac4ba425a4078e79fc526289934c4e3606fefa9c", 0xaf, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000300)="804f077a49944a97df6a71400e5a4d0eae1245244a7a3f594d1a1463228eda1ed4c8dbc25ac491dafaefeae686c8dc35233ecb47366fb2f92cbfec88b11091a3f602514dd83d0d9c742812ab2965c475a730bc3bc2360026b789e950152cc41cedf27f06b8c131b1bc8548c841894c2d0f99fc46bea8f7e6480f") prctl$auto(0x4, 0x3, r1, 0x4, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r2 = socket(0x23, 0x2, 0x0) sendto$auto(r2, 0x0, 0x8000000008000, 0x0, 0x0, 0x80) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/irq/7/affinity_hint\x00', 0x28000, 0x0) dup3$auto(r4, r4, 0x400) pread64$auto(r4, 0x0, 0x800003, 0x80) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_max_cpu\x00', 0x103001, 0x0) open(0x0, 0x22040, 0x75) socket(0xa, 0x3, 0x87) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f4) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x4, 0x4, 0x5, 0x7) 2.979895212s ago: executing program 1 (id=3145): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000000140)={0x0, 0x3e00, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x1, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xeda47ee5ad473e74}, 0x20000000) 2.786011567s ago: executing program 2 (id=3146): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.2/usb14/rx_lanes\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000040)="03", 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r1) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000005c0), r1) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r1, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008090}, 0x4000) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB=' .\x00\x00', @ANYRES16=r2, @ANYBLOB="01002ebd5100fbcbdf25010012ea03000180072e01805a848d4efe0a6e3148821026af4e"], 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r4 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000240), r3) sendmsg$auto_NLBL_CIPSOV4_C_LIST(r3, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x9714bc159c570cc}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r4, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1000}]}, 0x24}, 0x1, 0x0, 0x0, 0x8180}, 0x48040) mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.624475899s ago: executing program 1 (id=3147): mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000000000008000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) wait4$auto(0x0, &(0x7f0000000040)=0x8, 0x6, &(0x7f0000000080)={{0x9, 0x6}, {0x7f, 0x5}, 0x100000000, 0xcef4, 0x2, 0x2, 0x5, 0x9, 0x3, 0xffffffff, 0x10, 0x7fff, 0x4, 0x65, 0x8000000000000001, 0x3}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0241, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x0, 0x2072c2, 0xc, 0x100000000}}) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mseal$auto(0x0, 0x7dda, 0x0) madvise$auto(0x0, 0x3, 0x3) writev$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xf, 0xfffffffd, 0x44b, 0x3, 0x5, 0x1007181, 0xd1, 0x40000b, 0x3, 0x4, 0x800c, 0x80000001, 0x4, 0x80200000000001, 0x200000004, 0xde3, 0x9809588, 0xfffffffd, 0x2, 0x1, 0x864, 0x6, 0x22000, 0x201, 0x4, 0xc3f, 0x2000000, 0x0, 0x0, 0x0, 0x39, [0x0, 0x0, 0x0, 0x7fdf, 0x47, 0x4000000000000, 0x100, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7cd, 0x7, 0x2, 0x8000000000000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x6, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0xfff]}, 0xa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1441, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd02, &(0x7f00000001c0)) connect$auto(0x3, 0x0, 0x54) adjtimex$auto(&(0x7f00000005c0)={0xffff, 0x0, 0x6, 0x9, 0x7, 0x1, 0x1, 0x0, 0x7, 0x7, 0x592efafe, {0x0, 0xffffffffffffff57}, 0x100000001, 0x8, 0x857e, 0x5, 0x0, 0xe, 0x9, 0x23fffffffffe, 0x8000000000000001, 0x10000, 0x8}) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim5/health/break_health\x00', 0x101040, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/loop3/queue/write_same_max_bytes\x00', 0x800, 0x0) sendmsg$auto_OVS_VPORT_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4100}, 0x20000000) setsockopt$auto(0xffffffffffffffff, 0x6, 0x6, &(0x7f0000000080)='*\x00', 0xe6) setsockopt$auto_SO_BUSY_POLL_BUDGET(r1, 0x9, 0x46, &(0x7f0000000040)='/proc/sys/net/ipv4/neigh/veth1_to_bridge/base_reachable_time\x00', 0x9) close_range$auto(0x2, 0x8, 0x0) 2.414394659s ago: executing program 3 (id=3148): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x7fff}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0x2003f2, 0x15) 2.062932169s ago: executing program 1 (id=3149): io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x400, 0x10, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0x6, 0x88, 0x1, 0x80000000, 0x3, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x10000052, 0x5, 0x11, 0x101, 0x876c5, 0x800000c9, 0x3}}) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4000) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) mmap$auto(0x6, 0x4, 0x4000000000dd, 0x40eb1, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) mmap$auto(0xfffffffffffffffb, 0x400008, 0x400df, 0x19, r2, 0x2a7d) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') acct$auto(0x0) 2.024404165s ago: executing program 2 (id=3150): mmap$auto(0xe4, 0x7, 0x4000000000df, 0x40eb3, 0xffffffffffffffff, 0xb) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = prctl$auto(0x3a, 0x1, 0x0, 0x2000000001, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000500)={0x408, 0x7, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x8, 0x4, 0x9, 0x2, 0x0, 0x40000a5, 0x1, 0x4, 0x0, 0xf, 0xff}}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$auto(0x3, 0x0, 0xfffffdef) keyctl$auto(0x1d, 0xffffffffffffffff, 0x8, 0x5, 0x8) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRESHEX=r2, @ANYBLOB="1b0026bd2503c19af2"], 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x1c804) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0xffffffffffffffff, 0x5, 0x900000000, 0xeb1, 0xfffffffffffffffa, 0x7fff) mmap$auto(0xffffffffffffffff, 0x1000000000, 0x6, 0xeb4, r1, 0x0) pipe$auto(0x0) close_range$auto(0x2, r0, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x8000) socket(0xa, 0x3, 0x73) mmap$auto(0x3, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x7, 0x0, 0x401) socket(0x8, 0x800, 0x0) mmap$auto(0x0, 0x400, 0x3, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFC_CMD_GET_DEVICE(r3, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRES64=0x0, @ANYRESDEC=r2, @ANYBLOB="00042bbd7000fddbdf250100000005000f0094000000050010005000000008001e000500000008000d0003000000fa001900490d9d4c6dbb58da9d1c9101c3a2b75b30821eec94db7633408c60dae46ad0a39e7bc311605cb1e504f5426e0c5a21cc1289c33cf6056c7f25085a2dade5a28001290c3fb4f2a7870d759c869150d37238f9f728224214a8f59c4399b64abf972d859f15875d7d240efa809cae70135213b304fbb2f2741ddb8cfe7ce82d88fe53bd0ea66fee163ba82717b74a0042e75d4c640d4262c42af511ccb6be31fe64cf843097013a5979c33b809e80b5089592f1de0ea6047f1d2b0e88516899b839964c10f277cf4f0611bf407243a0212450b07ef71800b295d6af882978187258176b1a3932c4de7ef4050b00"/298], 0x130}, 0x1, 0x0, 0x0, 0xe58367e16125ab79}, 0x40800) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) 1.28492313s ago: executing program 3 (id=3151): socket(0x10, 0x2, 0x0) (async) r0 = socket(0x10, 0x2, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000280)={{0x0, 0x8, 0x0, 0x2, 0x0, 0x40009, 0xb52}, 0x6}, 0x40, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$auto(0x9, &(0x7f00000000c0)=@batch={0xcc9d1c0, 0x37, 0xa, 0x7, 0x9, 0x1, 0x6, 0x5851}, 0x17) socket(0xa, 0x801, 0x84) (async) r1 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(r1, 0x10000000084, 0x7b, 0x0, 0x10) getsockopt$auto_SO_WIFI_STATUS(r0, 0xfffffffb, 0x29, &(0x7f0000000380)='%,&\xb8{\x00', &(0x7f00000003c0)=0x9) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) setpriority$auto_PRIO_PGRP(0x1, 0x0, 0x401) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) (async) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) pread64$auto(r1, &(0x7f0000000400)='+[\x00', 0x7, 0x10000) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="48000100", @ANYRES16=r5, @ANYBLOB="1b0026bd7000fddbdf25030000002c00038028000180240006801d0074804cfe4d8088a8d00088a80000040003002a9d272f66040033800000000400038004000280"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="48000100", @ANYRES16=r5, @ANYBLOB="1b0026bd7000fddbdf25030000002c00038028000180240006801d0074804cfe4d8088a8d00088a80000040003002a9d272f66040033800000000400038004000280"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYRESOCT=r0, @ANYRESOCT, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYRESOCT=r2, @ANYRESOCT=r3, @ANYBLOB="0890f15da957be774234b1ac27a311f6c72dfe85ffffffff4a67e186eba501"], 0x68}, 0x1, 0x0, 0x0, 0x2004044}, 0x40090) poll$auto(&(0x7f0000000000)={r0, 0x9, 0x6a4}, 0x10001, 0xd) fcntl$auto_F_OFD_SETLKW(r0, 0x26, 0x9) (async) fcntl$auto_F_OFD_SETLKW(r0, 0x26, 0x9) ioctl$auto_TIOCSETD2(r6, 0x5423, &(0x7f0000000040)="d8fcd4c3354429a6eaa26e3b0da678cdfffd8fd46b880c646be722eaf8da8603857001ef5932e8bc4db7b0534dbc674615b100f4a9fedca3ad87b572f042f87da6e96aba824aba84c8d000891761bb880afee700b82367c0235213") sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) (async) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r7 = ioctl$auto_TIOCGPTPEER(r6, 0x5441, 0x0) setsockopt$auto_SO_TXREHASH(r7, 0x8, 0x4a, &(0x7f00000000c0)='\x00', 0x2) 985.542569ms ago: executing program 0 (id=3152): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd13\x00', 0x111002, 0x0) write$auto_def_blk_fops_fs(r0, &(0x7f0000000040)="90b1ca8868e3ba6348d431daa5cd082115b088449ddc72cbfd72de29ae5dfbb5f7516e1226d5fd900560661452888f9088ff6f8097df1f9307452754bf00cf33c56ed99584e8430250309785339464dd9c96bfb75dc10075b25b4be9c9584f1035d91e69cacba9", 0x67) r1 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@HSR_A_IF1_SEQ={0x6, 0x6, 0x6}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @random="51a2e0357e9a"}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040004}, 0x0) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/mem\x00', 0x201, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000000240)="3c18c9bc5b0d2a9efdd83929640654e18be1f6e0ea7bce72", 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000002c0), r3) sendmsg$auto_NL80211_CMD_SET_MCAST_RATE(r3, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xdc, r4, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_TIMED_OUT={0x4}, @NL80211_ATTR_STA_FLAGS2={0xbe, 0x43, "f73ab425b0671a5ac2b3681bbda6be6db5b78a8846eb478f1ed7a2ab22db72b63a7982f859cc4c3d0f5346e84874fcc456f8d7509909a2bc523489a3367972283be253eb4796625812128a56a43ca0f9307d3d2e9d0b3e07389e476a87d4fba7b0036e6583eb31ec50f97f94074cb0263a4c671d252f0237b0015d515012e398e2790b17dcda73f1d9d292e2108bc7eb9be93c6bc32a364e24421c85b269cb72976a78196a2deaed055b3cddc9778d3e24423fc24a1662855530"}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4014}, 0x4000) epoll_ctl$auto_EPOLL_CTL_ADD(r3, 0x1, r3, &(0x7f0000000480)={0x0, 0x7}) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000500), r3) r6 = fcntl$auto_F_GETOWN(r0, 0x9, 0x8000000000000000) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r3, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x50, r5, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0xc0}, @NL802154_ATTR_PEER={0x20, 0x28, 0x0, 0x1, [@typed={0x8, 0x129, 0x0, 0x0, @fd=r0}, @nested={0x14, 0x4f, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @pid=r6}, @nested={0x4, 0x78}, @nested={0x4, 0xca}]}]}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0xff}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0xb}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x40000) r7 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000640), 0x13100, 0x0) mmap$auto(0x1, 0x761, 0x1, 0x59cddafc, r7, 0x8) ioctl$auto(r2, 0xffffffae, r2) ioctl$auto_SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000680)="22251b35313b1b370218f78f2459c653b5297af0ba606b9ca62d6d8634") r8 = landlock_create_ruleset$auto(&(0x7f00000006c0)={0x3, 0x1, 0x10000}, 0x7f, 0x2) close_range$auto(r8, r7, 0x5) write$auto_tty_fops_tty_io(r8, &(0x7f0000000700)="13494c29e5adc1f6c877c8690492cf74f9dc22a98b557f6d763a92242851d63d626883077f99dff8c0c9ea320f62171e3bdef57c989eb751249b68d84215624924874fee6b17765378c5691c1710d124d5b29d1a268e5b324d81b24019de1f9dfbf00ed4440c726b6b775d3f4049e1bc0bba3c489476e006eca542fb3cacff76cbc7fca69dc94d605e8f9c7c259b06522b432800185601fbc1c58a503f3f9b932553dafec53a159641ee35ddd6d70ffffbd0d156ab84291914ff4b649e57d37e89f2957f1eef89f7b35278d5296c2a14de221828d0e5c7b72c376418793cf260", 0xe0) mknod$auto(&(0x7f0000000800)='./file0\x00', 0xa, 0xe) sendmsg$auto_NL80211_CMD_DEL_STATION(r3, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x20, r4, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xff}]}, 0x20}, 0x1, 0x0, 0x0, 0x1800}, 0xd7815ff48d78d78d) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000940), r3) sendmsg$auto_NL80211_CMD_SET_BEACON(r8, &(0x7f0000000b00)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000ac0)={&(0x7f00000009c0)={0xdc, r4, 0x400, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "5f2d08935928adf40ce452fa"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa1, 0xe8, "4702536c5a38ca0c5125eda6b62e433590d46e7cca94b0c030483ba46e4be6dc19d7b25f69f1565cdfdeec4b84750cc82ce62fb7055910a83c3193e1c7aca244111f53d2b15081246f6aaf7904e9658eca2282f0f131508990a3364fed05dc281428012fe3bccb315e1443bf8963fe6fd1de11271df3460c2468f2d78c00d65b743f30f4424b78205d2236bfa04d3d2e72082e003e0b42f9683c9b5ca7"}, @NL80211_ATTR_MBSSID_CONFIG={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x5}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x4}]}, 0xdc}, 0x1, 0x0, 0x0, 0xae19adbd3820a0}, 0x80) ioctl$auto_MEMSETBADBLOCK(r8, 0x40084d0c, &(0x7f0000000b40)=0x8) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000bc0), r8) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x2c, r9, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x727f921f}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008011}, 0x2000c810) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000cc0)={'veth0_to_batadv\x00', 0x0}) getpeername$auto(r7, &(0x7f0000000d00)=@xdp={0x2c, 0x1, r10, 0x9}, &(0x7f0000000d40)=0x200) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000d80), r3) 817.223676ms ago: executing program 2 (id=3153): openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/msg\x00', 0x410e01, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0xe2c41, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/fail-nth\x00', 0x0, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x8400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/027/001\x00', 0x4a901, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x5, 0x0) connect$auto(0x3, 0x0, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x280, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000480)={0x20, r2, 0x159198c6007aa95d, 0x70bd29, 0x25dfdbfc, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0xc0}, 0x40) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x208840, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x1, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x277, 0xe3, 0xe}]}) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r6, 0x4b32, 0x9) shutdown$auto(0x200000003, 0x2) 4.254707ms ago: executing program 0 (id=3154): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource\x00', 0xa00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000180)=""/187, 0xd6) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) (async) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 0s ago: executing program 1 (id=3155): recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0xd52d, 0x0, 0xfffffffffffffffd, &(0x7f0000000300)="46f141e3d7c73f06e40bcf7fcf0a085a2900c3b8c746bd14f2572d82f365caf9c5abae36642f2769b011020c4a670c4da9bd9f1d8e8bd46a58f32983423c7b0dffb4e1a2dcc138e09e1599e0f360ef1f3ffd2cc30756f839a754ee33319c77ad66a6ad93c9a30ed5c54ec91b7deb194be780b3958d80be3c05b3795bd84ad810dd7e82de56403135cec281a27e4e425b2efa961c7f98d791110bb3db2d328e8784c9f5be21dbb5922d5586c45244dea18088baaddabfdcd30ab5119e90a818dbc3e0744a73048a7263c34584129a46ceac815f56a05b69b79d168a792c53c06055bd66eca722265a0268f681588c7283bb8a2deab6996396768973e20640e1455362277ca4e58fa5bd58edf0066d53a40fbfc1cd553387441d2cdc236fcaa1343c8ded93f4282370643f3d2da175238b9b5ed238a2e1b38c5b24a99b077ed16d4ae0e2fd799bbb6ab5e149588c7f709a3065c407caab5b8391c8607ad1f2eb2d5f06219edaf3e9bd894059b0184c11c37ee63d60642c2366edcc8e5b8d78a3a8c528e9daad734a7e17919af28544308a7788c1b160d717c65d822864a095f4eacfd2dc6579e2fb00351ab236b1a675d52e8058707e0fd7c850c301be0227c548bf39ea72ef973532887e633e81cca7e39761aecc71147e5a3ab9d94ef3e8b1c69db5af48cc69d1dae449e44fcb03065abfd10a17b7d0d034f993a866db0e", 0x5, 0x8001}, 0x4}, 0xfffffffb, 0x1000, &(0x7f0000000180)={0x8000, 0x7}) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b4d", 0xfdef) kernel console output (not intermixed with test programs): .647166][T19394] tpg compose: (0,0)/320x240 [ 794.651730][T19394] tpg colorspace: 8 [ 794.655987][T19394] tpg transfer function: 0/0 [ 794.660554][T19394] tpg Y'CbCr encoding: 0/0 [ 794.665176][T19394] tpg quantization: 0/0 [ 794.669547][T19394] tpg RGB range: 0/2 [ 794.677175][T19394] vivid-007: ================== END STATUS ================== [ 794.924524][T19410] ptp ptp0: only physical clock in use now [ 795.580199][T19432] FAULT_INJECTION: forcing a failure. [ 795.580199][T19432] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 795.683731][T19432] CPU: 0 UID: 0 PID: 19432 Comm: syz.0.2640 Tainted: G L syzkaller #0 PREEMPT(full) [ 795.683758][T19432] Tainted: [L]=SOFTLOCKUP [ 795.683764][T19432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.683774][T19432] Call Trace: [ 795.683780][T19432] [ 795.683786][T19432] dump_stack_lvl+0x100/0x190 [ 795.683815][T19432] should_fail_ex.cold+0x5/0xa [ 795.683830][T19432] ? prepare_alloc_pages+0x16d/0x5f0 [ 795.683849][T19432] should_fail_alloc_page+0xeb/0x140 [ 795.683867][T19432] prepare_alloc_pages+0x1f0/0x5f0 [ 795.683887][T19432] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 795.683917][T19432] ? lock_acquire+0x1cf/0x380 [ 795.683938][T19432] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 795.683959][T19432] ? __lock_acquire+0x4a5/0x2630 [ 795.683978][T19432] ? finish_task_switch.isra.0+0x205/0xb80 [ 795.683993][T19432] ? look_up_lock_class+0x55/0x120 [ 795.684013][T19432] ? lockdep_hardirqs_on+0x78/0x100 [ 795.684033][T19432] ? register_lock_class+0x40/0x560 [ 795.684057][T19432] ? __lock_acquire+0x4a5/0x2630 [ 795.684076][T19432] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 795.684102][T19432] ? policy_nodemask+0xed/0x4f0 [ 795.684120][T19432] alloc_pages_mpol+0x1fb/0x550 [ 795.684137][T19432] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 795.684152][T19432] ? __pfx___might_resched+0x10/0x10 [ 795.684173][T19432] ? __pfx___mutex_lock+0x10/0x10 [ 795.684197][T19432] alloc_pages_noprof+0x131/0x390 [ 795.684214][T19432] __pmd_alloc+0x3b/0x950 [ 795.684231][T19432] ? mt_find+0x687/0x8e0 [ 795.684255][T19432] huge_pte_alloc+0x5ee/0x730 [ 795.684276][T19432] hugetlb_fault+0x363/0x1450 [ 795.684297][T19432] ? __pfx_hugetlb_fault+0x10/0x10 [ 795.684322][T19432] ? find_vma+0xbf/0x140 [ 795.684346][T19432] ? __pfx_find_vma+0x10/0x10 [ 795.684363][T19432] handle_mm_fault+0x5f1/0xa20 [ 795.684387][T19432] do_user_addr_fault+0x74c/0x12f0 [ 795.684417][T19432] exc_page_fault+0x6f/0xd0 [ 795.684438][T19432] asm_exc_page_fault+0x26/0x30 [ 795.684453][T19432] RIP: 0010:strncpy_from_user+0xfd/0x2d0 [ 795.684471][T19432] Code: 00 4d 89 64 1d 00 48 83 ed 08 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 72 cb df fc 48 83 fd 07 0f 86 bb 00 00 00 e8 83 d0 df fc <4d> 8b 24 1e e8 7a d0 df fc 4c 89 e2 31 ff 4d 8d 7c 1d 00 48 b8 ff [ 795.684486][T19432] RSP: 0018:ffffc900034f7e88 EFLAGS: 00050283 [ 795.684499][T19432] RAX: 0000000000000025 RBX: 0000000000000000 RCX: ffffc90014ab2000 [ 795.684509][T19432] RDX: 0000000000080000 RSI: ffffffff852847dd RDI: ffff888020773d00 [ 795.684519][T19432] RBP: 00000000000000fa R08: 0000000000000007 R09: 0000000000000007 [ 795.684528][T19432] R10: 00000000000000fa R11: 0000000000000000 R12: ffff88805d14f000 [ 795.684537][T19432] R13: ffff88805d14f006 R14: 0000000000000000 R15: 00000000000000fa [ 795.684552][T19432] ? strncpy_from_user+0xfd/0x2d0 [ 795.684571][T19432] ? strncpy_from_user+0xfd/0x2d0 [ 795.684589][T19432] __do_sys_memfd_create+0x1a7/0x3d0 [ 795.684612][T19432] do_syscall_64+0x106/0xf80 [ 795.684631][T19432] ? clear_bhb_loop+0x40/0x90 [ 795.684649][T19432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.684664][T19432] RIP: 0033:0x7f79d919c799 [ 795.684676][T19432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.684690][T19432] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 795.684704][T19432] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 795.684716][T19432] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 795.684725][T19432] RBP: 00007f79d9232c99 R08: 0000000000000000 R09: 0000000000000000 [ 795.684735][T19432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.684744][T19432] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 795.684765][T19432] [ 796.512022][T18507] Bluetooth: hci3: command 0x0c1a tx timeout [ 796.519690][T18507] Bluetooth: hci0: command 0x0c1a tx timeout [ 796.529484][T18507] Bluetooth: hci2: command 0x0c1a tx timeout [ 796.535651][T18507] Bluetooth: hci4: command 0x0c1a tx timeout [ 796.761007][T19457] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2647'. [ 797.531507][T19468] random: crng reseeded on system resumption [ 798.484584][T19492] net_ratelimit: 12 callbacks suppressed [ 798.484599][T19492] netlink: zone id is out of range [ 798.533526][T19492] netlink: zone id is out of range [ 798.549078][T19492] netlink: zone id is out of range [ 798.582669][T19492] netlink: zone id is out of range [ 798.619605][T19492] netlink: zone id is out of range [ 798.636159][T19492] netlink: zone id is out of range [ 798.658003][T19492] netlink: zone id is out of range [ 798.679060][T19492] netlink: zone id is out of range [ 798.708477][T19492] netlink: zone id is out of range [ 798.744319][T19492] netlink: zone id is out of range [ 798.986943][T19504] FAULT_INJECTION: forcing a failure. [ 798.986943][T19504] name failslab, interval 1, probability 0, space 0, times 0 [ 799.031588][T19504] CPU: 0 UID: 0 PID: 19504 Comm: syz.0.2659 Tainted: G L syzkaller #0 PREEMPT(full) [ 799.031613][T19504] Tainted: [L]=SOFTLOCKUP [ 799.031618][T19504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 799.031627][T19504] Call Trace: [ 799.031632][T19504] [ 799.031638][T19504] dump_stack_lvl+0x100/0x190 [ 799.031665][T19504] should_fail_ex.cold+0x5/0xa [ 799.031683][T19504] should_failslab+0xc2/0x120 [ 799.031698][T19504] __kvmalloc_node_noprof+0xfa/0xa00 [ 799.031719][T19504] ? seq_read_iter+0x819/0x1270 [ 799.031744][T19504] seq_read_iter+0x819/0x1270 [ 799.031765][T19504] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 799.031793][T19504] kernfs_fop_read_iter+0x46c/0x610 [ 799.031813][T19504] copy_splice_read+0x4ba/0xb90 [ 799.031832][T19504] ? __pfx_copy_splice_read+0x10/0x10 [ 799.031847][T19504] ? look_up_lock_class+0x55/0x120 [ 799.031871][T19504] ? lockdep_init_map_type+0x5c/0x250 [ 799.031890][T19504] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 799.031912][T19504] ? __pfx_copy_splice_read+0x10/0x10 [ 799.031926][T19504] do_splice_read+0x285/0x370 [ 799.031941][T19504] splice_direct_to_actor+0x2a1/0xa30 [ 799.031957][T19504] ? __pfx_direct_splice_actor+0x10/0x10 [ 799.031983][T19504] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 799.032003][T19504] do_splice_direct+0x174/0x240 [ 799.032017][T19504] ? __pfx_do_splice_direct+0x10/0x10 [ 799.032032][T19504] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 799.032063][T19504] ? rw_verify_area+0xce/0x6d0 [ 799.032085][T19504] do_sendfile+0xadc/0xe20 [ 799.032109][T19504] ? __pfx_do_sendfile+0x10/0x10 [ 799.032129][T19504] ? __fget_files+0x21f/0x3d0 [ 799.032148][T19504] __x64_sys_sendfile64+0x1d8/0x220 [ 799.032164][T19504] ? ksys_write+0x1ac/0x250 [ 799.032177][T19504] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 799.032199][T19504] do_syscall_64+0x106/0xf80 [ 799.032218][T19504] ? clear_bhb_loop+0x40/0x90 [ 799.032235][T19504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.032250][T19504] RIP: 0033:0x7f79d919c799 [ 799.032262][T19504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 799.032277][T19504] RSP: 002b:00007f79da0e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 799.032291][T19504] RAX: ffffffffffffffda RBX: 00007f79d9416090 RCX: 00007f79d919c799 [ 799.032301][T19504] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 799.032309][T19504] RBP: 00007f79da0e7090 R08: 0000000000000000 R09: 0000000000000000 [ 799.032317][T19504] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 799.032326][T19504] R13: 00007f79d9416128 R14: 00007f79d9416090 R15: 00007ffdf96d3ec8 [ 799.032345][T19504] [ 799.942547][T19502] zswap: compressor not available [ 800.343191][T19524] FAULT_INJECTION: forcing a failure. [ 800.343191][T19524] name failslab, interval 1, probability 0, space 0, times 0 [ 800.392529][ T7566] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 800.420614][T19524] CPU: 0 UID: 0 PID: 19524 Comm: syz.0.2665 Tainted: G L syzkaller #0 PREEMPT(full) [ 800.420638][T19524] Tainted: [L]=SOFTLOCKUP [ 800.420644][T19524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 800.420652][T19524] Call Trace: [ 800.420658][T19524] [ 800.420664][T19524] dump_stack_lvl+0x100/0x190 [ 800.420690][T19524] should_fail_ex.cold+0x5/0xa [ 800.420707][T19524] should_failslab+0xc2/0x120 [ 800.420722][T19524] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 800.420742][T19524] ? do_getname+0x35/0x390 [ 800.420759][T19524] ? find_held_lock+0x2b/0x80 [ 800.420776][T19524] do_getname+0x35/0x390 [ 800.420794][T19524] do_sys_openat2+0xc5/0x1e0 [ 800.420813][T19524] ? __pfx_do_sys_openat2+0x10/0x10 [ 800.420829][T19524] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 800.420853][T19524] ? __fget_files+0x21f/0x3d0 [ 800.420870][T19524] __x64_sys_openat+0x12d/0x210 [ 800.420888][T19524] ? __pfx___x64_sys_openat+0x10/0x10 [ 800.420914][T19524] ? ksys_write+0x1ac/0x250 [ 800.420933][T19524] do_syscall_64+0x106/0xf80 [ 800.420951][T19524] ? clear_bhb_loop+0x40/0x90 [ 800.420969][T19524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.420984][T19524] RIP: 0033:0x7f79d919c799 [ 800.420996][T19524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.421010][T19524] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 800.421024][T19524] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 800.421034][T19524] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 800.421043][T19524] RBP: 00007f79da108090 R08: 0000000000000000 R09: 0000000000000000 [ 800.421051][T19524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 800.421060][T19524] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 800.421079][T19524] [ 801.234592][T19543] netlink: 'syz.0.2671': attribute type 1 has an invalid length. [ 801.257235][T19543] netlink: 198 bytes leftover after parsing attributes in process `syz.0.2671'. [ 801.505039][T19549] sp0: Synchronizing with TNC [ 801.648133][ T29] audit: type=1800 audit(4295059386.769:55): pid=19553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2672" name="lu_gp_id" dev="configfs" ino=225269 res=0 errno=0 [ 802.110007][T19570] random: crng reseeded on system resumption [ 802.141774][T19558] zswap: compressor not available [ 802.862094][T19598] vivid-007: ================= START STATUS ================= [ 802.925160][T19598] vivid-007: Generate PTS: true [ 802.930042][T19598] vivid-007: Generate SCR: true [ 802.977657][T19605] FAULT_INJECTION: forcing a failure. [ 802.977657][T19605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 803.004630][T19604] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2683'. [ 803.016844][T19595] can: request_module (can-proto-0) failed. [ 803.035339][T19598] tpg source WxH: 320x240 (Y'CbCr) [ 803.040447][T19598] tpg field: 1 [ 803.064213][T19605] CPU: 0 UID: 0 PID: 19605 Comm: syz.2.2682 Tainted: G L syzkaller #0 PREEMPT(full) [ 803.064235][T19605] Tainted: [L]=SOFTLOCKUP [ 803.064241][T19605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 803.064250][T19605] Call Trace: [ 803.064256][T19605] [ 803.064261][T19605] dump_stack_lvl+0x100/0x190 [ 803.064287][T19605] should_fail_ex.cold+0x5/0xa [ 803.064305][T19605] _copy_to_user+0x32/0xd0 [ 803.064324][T19605] simple_read_from_buffer+0xcb/0x170 [ 803.064347][T19605] proc_fail_nth_read+0x1af/0x230 [ 803.064366][T19605] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 803.064384][T19605] ? rw_verify_area+0xce/0x6d0 [ 803.064404][T19605] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 803.064421][T19605] vfs_read+0x1e4/0xb30 [ 803.064444][T19605] ? __pfx_vfs_read+0x10/0x10 [ 803.064464][T19605] ? __fget_files+0x215/0x3d0 [ 803.064482][T19605] ? __fget_files+0x21f/0x3d0 [ 803.064500][T19605] ksys_read+0x12a/0x250 [ 803.064513][T19605] ? __pfx_ksys_read+0x10/0x10 [ 803.064531][T19605] do_syscall_64+0x106/0xf80 [ 803.064550][T19605] ? clear_bhb_loop+0x40/0x90 [ 803.064568][T19605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.064583][T19605] RIP: 0033:0x7f003a55cfce [ 803.064595][T19605] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 803.064610][T19605] RSP: 002b:00007f003b459fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 803.064624][T19605] RAX: ffffffffffffffda RBX: 00007f003b45a6c0 RCX: 00007f003a55cfce [ 803.064642][T19605] RDX: 000000000000000f RSI: 00007f003b45a0a0 RDI: 0000000000000004 [ 803.064651][T19605] RBP: 00007f003b45a090 R08: 0000000000000000 R09: 0000000000000000 [ 803.064660][T19605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 803.064668][T19605] R13: 00007f003a816128 R14: 00007f003a816090 R15: 00007ffe6deeb3b8 [ 803.064688][T19605] [ 803.466687][T19598] tpg crop: (0,0)/320x240 [ 803.482461][T19598] tpg compose: (0,0)/320x240 [ 803.487821][T19598] tpg colorspace: 8 [ 803.502443][T19598] tpg transfer function: 0/0 [ 803.512535][T19598] tpg Y'CbCr encoding: 0/0 [ 803.517017][T19598] tpg quantization: 0/0 [ 803.543261][T19598] tpg RGB range: 0/2 [ 803.558410][T19598] vivid-007: ================== END STATUS ================== [ 803.605151][T19602] vivid-007: kernel_thread() failed [ 804.336853][T19632] net_ratelimit: 1 callbacks suppressed [ 804.336868][T19632] netlink: zone id is out of range [ 804.444521][T19632] netlink: zone id is out of range [ 804.463732][T19632] netlink: zone id is out of range [ 804.495273][T19632] netlink: zone id is out of range [ 804.534201][T19632] netlink: zone id is out of range [ 804.562585][T19632] netlink: zone id is out of range [ 804.585894][T19632] netlink: zone id is out of range [ 804.616930][T19632] netlink: zone id is out of range [ 804.637067][T19632] netlink: zone id is out of range [ 804.684379][T19632] netlink: zone id is out of range [ 805.456348][T19657] sp0: Synchronizing with TNC [ 805.473156][T19658] random: crng reseeded on system resumption [ 805.571029][ T29] audit: type=1800 audit(4295059390.689:56): pid=19659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2693" name="lu_gp_id" dev="configfs" ino=225809 res=0 errno=0 [ 805.796303][T19617] kexec: Could not allocate control_code_buffer [ 806.682966][T19688] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2701'. [ 806.942443][T19693] FAULT_INJECTION: forcing a failure. [ 806.942443][T19693] name failslab, interval 1, probability 0, space 0, times 0 [ 807.018147][T19693] CPU: 0 UID: 0 PID: 19693 Comm: syz.0.2704 Tainted: G L syzkaller #0 PREEMPT(full) [ 807.018173][T19693] Tainted: [L]=SOFTLOCKUP [ 807.018180][T19693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 807.018189][T19693] Call Trace: [ 807.018195][T19693] [ 807.018202][T19693] dump_stack_lvl+0x100/0x190 [ 807.018229][T19693] should_fail_ex.cold+0x5/0xa [ 807.018247][T19693] should_failslab+0xc2/0x120 [ 807.018264][T19693] __kmalloc_cache_noprof+0x7a/0x6f0 [ 807.018283][T19693] ? snd_timer_instance_new+0x47/0x2e0 [ 807.018305][T19693] snd_timer_instance_new+0x47/0x2e0 [ 807.018322][T19693] snd_seq_timer_open+0x1d4/0x600 [ 807.018346][T19693] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 807.018373][T19693] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 807.018393][T19693] ? lockdep_hardirqs_on+0x78/0x100 [ 807.018413][T19693] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 807.018433][T19693] queue_use+0xdc/0x1f0 [ 807.018451][T19693] snd_seq_queue_alloc+0x2e5/0x590 [ 807.018473][T19693] snd_seq_ioctl_create_queue+0xa9/0x370 [ 807.018497][T19693] call_seq_client_ctl+0xa3/0x130 [ 807.018521][T19693] snd_seq_kernel_client_ctl+0x77/0xd0 [ 807.018545][T19693] alloc_seq_queue+0xdb/0x180 [ 807.018560][T19693] ? __pfx_alloc_seq_queue+0x10/0x10 [ 807.018585][T19693] ? mark_held_locks+0x40/0x70 [ 807.018603][T19693] ? _raw_spin_unlock_irq+0x23/0x50 [ 807.018620][T19693] ? lockdep_hardirqs_on+0x78/0x100 [ 807.018642][T19693] snd_seq_oss_open+0x2b2/0xa10 [ 807.018661][T19693] odev_open+0x79/0xc0 [ 807.018673][T19693] ? __pfx_odev_open+0x10/0x10 [ 807.018686][T19693] soundcore_open+0x2e3/0x5a0 [ 807.018703][T19693] ? __pfx_soundcore_open+0x10/0x10 [ 807.018717][T19693] chrdev_open+0x234/0x6a0 [ 807.018732][T19693] ? __pfx_apparmor_file_open+0x10/0x10 [ 807.018756][T19693] ? __pfx_chrdev_open+0x10/0x10 [ 807.018773][T19693] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 807.018793][T19693] do_dentry_open+0x6d8/0x1660 [ 807.018807][T19693] ? __pfx_chrdev_open+0x10/0x10 [ 807.018827][T19693] vfs_open+0x82/0x3f0 [ 807.018860][T19693] path_openat+0x208c/0x31a0 [ 807.018882][T19693] ? __pfx_path_openat+0x10/0x10 [ 807.018905][T19693] do_file_open+0x20e/0x430 [ 807.018922][T19693] ? __pfx_do_file_open+0x10/0x10 [ 807.018952][T19693] ? alloc_fd+0x476/0x790 [ 807.018969][T19693] ? do_getname+0x191/0x390 [ 807.018988][T19693] do_sys_openat2+0x10d/0x1e0 [ 807.019007][T19693] ? __pfx_do_sys_openat2+0x10/0x10 [ 807.019027][T19693] ? __fget_files+0x21f/0x3d0 [ 807.019045][T19693] __x64_sys_openat+0x12d/0x210 [ 807.019065][T19693] ? __pfx___x64_sys_openat+0x10/0x10 [ 807.019091][T19693] do_syscall_64+0x106/0xf80 [ 807.019110][T19693] ? clear_bhb_loop+0x40/0x90 [ 807.019128][T19693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.019143][T19693] RIP: 0033:0x7f79d919c799 [ 807.019156][T19693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 807.019171][T19693] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 807.019185][T19693] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 807.019196][T19693] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 807.019206][T19693] RBP: 00007f79d9232c99 R08: 0000000000000000 R09: 0000000000000000 [ 807.019215][T19693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 807.019224][T19693] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 807.019244][T19693] [ 807.856647][T19705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2707'. [ 808.716069][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.722572][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.774065][T19708] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 808.807207][T19708] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 808.832605][T19708] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 808.855994][T19708] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 809.592581][T19751] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input35 [ 810.074724][ T7566] Bluetooth: hci4: command 0x0c1a tx timeout [ 810.593053][T19766] zswap: compressor  not available [ 810.796048][T19773] net_ratelimit: 12 callbacks suppressed [ 810.796065][T19773] netlink: zone id is out of range [ 810.850488][T19773] netlink: zone id is out of range [ 810.874684][T18507] Bluetooth: hci3: command 0x0c1a tx timeout [ 810.880702][ T6657] Bluetooth: hci0: command 0x0c1a tx timeout [ 810.886909][ T6657] Bluetooth: hci2: command 0x0c1a tx timeout [ 810.902771][T19773] netlink: zone id is out of range [ 810.918275][T19773] netlink: zone id is out of range [ 810.944705][T19773] netlink: zone id is out of range [ 810.972197][T19773] netlink: zone id is out of range [ 810.981789][T19773] netlink: zone id is out of range [ 811.014162][T19773] netlink: zone id is out of range [ 811.038164][T19773] netlink: zone id is out of range [ 811.071330][T19773] netlink: zone id is out of range [ 811.208829][T19779] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 811.385464][ T29] audit: type=1800 audit(4295059396.509:57): pid=19785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2724" name="features" dev="configfs" ino=226601 res=0 errno=0 [ 812.392613][ T7566] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 812.440461][T19802] Console: switching to colour frame buffer device 4x6 [ 812.603059][T19807] : Can't lookup blockdev [ 812.683671][T19811] FAULT_INJECTION: forcing a failure. [ 812.683671][T19811] name failslab, interval 1, probability 0, space 0, times 0 [ 812.683717][T19811] CPU: 0 UID: 0 PID: 19811 Comm: syz.1.2729 Tainted: G L syzkaller #0 PREEMPT(full) [ 812.683739][T19811] Tainted: [L]=SOFTLOCKUP [ 812.683744][T19811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 812.683753][T19811] Call Trace: [ 812.683758][T19811] [ 812.683764][T19811] dump_stack_lvl+0x100/0x190 [ 812.683789][T19811] should_fail_ex.cold+0x5/0xa [ 812.683806][T19811] ? tomoyo_realpath_from_path+0xb6/0x690 [ 812.683826][T19811] should_failslab+0xc2/0x120 [ 812.683842][T19811] __kmalloc_noprof+0xe0/0x850 [ 812.683866][T19811] tomoyo_realpath_from_path+0xb6/0x690 [ 812.683889][T19811] tomoyo_check_open_permission+0x2af/0x3c0 [ 812.683905][T19811] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 812.683939][T19811] ? do_raw_spin_lock+0x128/0x260 [ 812.683962][T19811] ? path_get+0x61/0x80 [ 812.683979][T19811] tomoyo_file_open+0x6b/0x90 [ 812.684000][T19811] security_file_open+0xb5/0x1e0 [ 812.684018][T19811] do_dentry_open+0x5aa/0x1660 [ 812.684033][T19811] ? security_inode_permission+0xbf/0x250 [ 812.684052][T19811] vfs_open+0x82/0x3f0 [ 812.684072][T19811] path_openat+0x208c/0x31a0 [ 812.684093][T19811] ? __pfx_path_openat+0x10/0x10 [ 812.684114][T19811] do_file_open+0x20e/0x430 [ 812.684130][T19811] ? __pfx_do_file_open+0x10/0x10 [ 812.684158][T19811] ? alloc_fd+0x476/0x790 [ 812.684175][T19811] ? do_getname+0x191/0x390 [ 812.684193][T19811] do_sys_openat2+0x10d/0x1e0 [ 812.684211][T19811] ? __pfx_do_sys_openat2+0x10/0x10 [ 812.684228][T19811] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 812.684251][T19811] ? __fget_files+0x21f/0x3d0 [ 812.684267][T19811] __x64_sys_openat+0x12d/0x210 [ 812.684285][T19811] ? __pfx___x64_sys_openat+0x10/0x10 [ 812.684303][T19811] ? ksys_write+0x1ac/0x250 [ 812.684322][T19811] do_syscall_64+0x106/0xf80 [ 812.684340][T19811] ? clear_bhb_loop+0x40/0x90 [ 812.684357][T19811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.684372][T19811] RIP: 0033:0x7f795699c799 [ 812.684385][T19811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 812.684399][T19811] RSP: 002b:00007f795777b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 812.684413][T19811] RAX: ffffffffffffffda RBX: 00007f7956c16090 RCX: 00007f795699c799 [ 812.684422][T19811] RDX: 00000000000a0100 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 812.684432][T19811] RBP: 00007f795777b090 R08: 0000000000000000 R09: 0000000000000000 [ 812.684440][T19811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 812.684448][T19811] R13: 00007f7956c16128 R14: 00007f7956c16090 R15: 00007ffcb7e5bea8 [ 812.684467][T19811] [ 812.684473][T19811] ERROR: Out of memory at tomoyo_realpath_from_path. [ 813.206940][T19827] mkiss: ax0: crc mode is auto. [ 814.790039][T19845] FAULT_INJECTION: forcing a failure. [ 814.790039][T19845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 814.855817][T19845] CPU: 0 UID: 0 PID: 19845 Comm: syz.0.2737 Tainted: G L syzkaller #0 PREEMPT(full) [ 814.855841][T19845] Tainted: [L]=SOFTLOCKUP [ 814.855846][T19845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 814.855855][T19845] Call Trace: [ 814.855860][T19845] [ 814.855866][T19845] dump_stack_lvl+0x100/0x190 [ 814.855891][T19845] should_fail_ex.cold+0x5/0xa [ 814.855908][T19845] _copy_to_user+0x32/0xd0 [ 814.855927][T19845] simple_read_from_buffer+0xcb/0x170 [ 814.855949][T19845] proc_fail_nth_read+0x1af/0x230 [ 814.855968][T19845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 814.855986][T19845] ? rw_verify_area+0xce/0x6d0 [ 814.856015][T19845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 814.856032][T19845] vfs_read+0x1e4/0xb30 [ 814.856056][T19845] ? __pfx_vfs_read+0x10/0x10 [ 814.856076][T19845] ? __fget_files+0x215/0x3d0 [ 814.856094][T19845] ? __fget_files+0x21f/0x3d0 [ 814.856113][T19845] ksys_read+0x12a/0x250 [ 814.856125][T19845] ? __pfx_ksys_read+0x10/0x10 [ 814.856144][T19845] do_syscall_64+0x106/0xf80 [ 814.856163][T19845] ? clear_bhb_loop+0x40/0x90 [ 814.856180][T19845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.856195][T19845] RIP: 0033:0x7f79d915cfce [ 814.856207][T19845] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 814.856222][T19845] RSP: 002b:00007f79da107fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 814.856236][T19845] RAX: ffffffffffffffda RBX: 00007f79da1086c0 RCX: 00007f79d915cfce [ 814.856246][T19845] RDX: 000000000000000f RSI: 00007f79da1080a0 RDI: 0000000000000004 [ 814.856254][T19845] RBP: 00007f79da108090 R08: 0000000000000000 R09: 0000000000000000 [ 814.856263][T19845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 814.856272][T19845] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 814.856291][T19845] [ 817.837671][T19928] net_ratelimit: 12 callbacks suppressed [ 817.837686][T19928] netlink: zone id is out of range [ 817.928979][T19928] netlink: zone id is out of range [ 818.001533][T19928] netlink: zone id is out of range [ 818.088855][T19928] netlink: zone id is out of range [ 818.188138][T19928] netlink: zone id is out of range [ 818.225992][T19928] netlink: zone id is out of range [ 818.244433][T19940] sp0: Synchronizing with TNC [ 818.330094][T19928] netlink: zone id is out of range [ 818.413097][T19928] netlink: zone id is out of range [ 818.420329][T19945] random: crng reseeded on system resumption [ 818.493565][T19928] netlink: zone id is out of range [ 818.584709][T19928] netlink: zone id is out of range [ 818.699759][T19948] random: crng reseeded on system resumption [ 819.186780][T19968] random: crng reseeded on system resumption [ 819.743494][T19985] rnbd_client L213: map_device: Parameters missing [ 820.628446][T19976] kexec: Could not allocate control_code_buffer [ 821.080551][T20011] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 821.206652][T20013] smpboot: CPU 1 is now offline [ 821.632107][T20025] FAULT_INJECTION: forcing a failure. [ 821.632107][T20025] name failslab, interval 1, probability 0, space 0, times 0 [ 821.717663][T20025] CPU: 0 UID: 0 PID: 20025 Comm: syz.2.2777 Tainted: G L syzkaller #0 PREEMPT(full) [ 821.717690][T20025] Tainted: [L]=SOFTLOCKUP [ 821.717696][T20025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 821.717706][T20025] Call Trace: [ 821.717711][T20025] [ 821.717718][T20025] dump_stack_lvl+0x100/0x190 [ 821.717746][T20025] should_fail_ex.cold+0x5/0xa [ 821.717764][T20025] should_failslab+0xc2/0x120 [ 821.717781][T20025] __kmalloc_cache_noprof+0x7a/0x6f0 [ 821.717800][T20025] ? snd_seq_prioq_new+0x3f/0x110 [ 821.717824][T20025] snd_seq_prioq_new+0x3f/0x110 [ 821.717851][T20025] snd_seq_queue_alloc+0x12b/0x590 [ 821.717873][T20025] snd_seq_ioctl_create_queue+0xa9/0x370 [ 821.717898][T20025] call_seq_client_ctl+0xa3/0x130 [ 821.717922][T20025] snd_seq_kernel_client_ctl+0x77/0xd0 [ 821.717946][T20025] alloc_seq_queue+0xdb/0x180 [ 821.717962][T20025] ? __pfx_alloc_seq_queue+0x10/0x10 [ 821.717987][T20025] ? mark_held_locks+0x40/0x70 [ 821.718005][T20025] ? _raw_spin_unlock_irq+0x23/0x50 [ 821.718024][T20025] ? lockdep_hardirqs_on+0x78/0x100 [ 821.718046][T20025] snd_seq_oss_open+0x2b2/0xa10 [ 821.718065][T20025] odev_open+0x79/0xc0 [ 821.718078][T20025] ? __pfx_odev_open+0x10/0x10 [ 821.718091][T20025] soundcore_open+0x2e3/0x5a0 [ 821.718108][T20025] ? __pfx_soundcore_open+0x10/0x10 [ 821.718122][T20025] chrdev_open+0x234/0x6a0 [ 821.718137][T20025] ? __pfx_apparmor_file_open+0x10/0x10 [ 821.718161][T20025] ? __pfx_chrdev_open+0x10/0x10 [ 821.718177][T20025] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 821.718197][T20025] do_dentry_open+0x6d8/0x1660 [ 821.718212][T20025] ? __pfx_chrdev_open+0x10/0x10 [ 821.718232][T20025] vfs_open+0x82/0x3f0 [ 821.718253][T20025] path_openat+0x208c/0x31a0 [ 821.718274][T20025] ? __pfx_path_openat+0x10/0x10 [ 821.718296][T20025] do_file_open+0x20e/0x430 [ 821.718313][T20025] ? __pfx_do_file_open+0x10/0x10 [ 821.718342][T20025] ? alloc_fd+0x476/0x790 [ 821.718358][T20025] ? do_getname+0x191/0x390 [ 821.718378][T20025] do_sys_openat2+0x10d/0x1e0 [ 821.718396][T20025] ? __pfx_do_sys_openat2+0x10/0x10 [ 821.718416][T20025] ? find_held_lock+0x2b/0x80 [ 821.718435][T20025] __x64_sys_openat+0x12d/0x210 [ 821.718455][T20025] ? __pfx___x64_sys_openat+0x10/0x10 [ 821.718482][T20025] do_syscall_64+0x106/0xf80 [ 821.718501][T20025] ? clear_bhb_loop+0x40/0x90 [ 821.718520][T20025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.718536][T20025] RIP: 0033:0x7f003a59c799 [ 821.718550][T20025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 821.718564][T20025] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 821.718579][T20025] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 821.718589][T20025] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 821.718599][T20025] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 821.718608][T20025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.718618][T20025] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 821.718638][T20025] [ 822.549685][ T5823] Process accounting resumed [ 825.204989][T20098] random: crng reseeded on system resumption [ 825.506726][T20106] syz.3.2796 (20106): attempted to duplicate a private mapping with mremap. This is not supported. [ 825.725267][T20114] futex_wake_op: syz.2.2797 tries to shift op by -2048; fix this program [ 825.802667][T20114] futex_wake_op: syz.2.2797 tries to shift op by -2048; fix this program [ 825.873804][T20117] 0x000000000001-0x000000020000 : "" [ 825.944072][T20114] misc userio: No port type given on /dev/userio [ 825.988804][T20117] ftl_cs: FTL header corrupt! [ 826.758207][ T7566] Bluetooth: hci4: unexpected event 0x14 length: 16 > 6 [ 826.999170][T20142] can0: slcan on ttyS2. [ 827.114970][T20142] can0 (unregistered): slcan off ttyS2. [ 827.225601][T20148] ubi31: attaching mtd0 [ 827.277894][T20148] ubi31: scanning is finished [ 827.302542][T20148] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 827.538897][T20159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2808'. [ 827.558300][T20148] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 827.792845][ T7566] Bluetooth: hci2: unexpected event 0x03 length: 123 > 11 [ 828.496496][T20189] random: crng reseeded on system resumption [ 829.097408][T20217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2818'. [ 829.554783][T20232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2821'. [ 829.619288][T20232] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2821'. [ 829.943148][T20248] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2825'. [ 829.997707][ T7566] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 830.513161][T20265] random: crng reseeded on system resumption [ 831.237313][T20280] sp0: Synchronizing with TNC [ 831.385867][ T29] audit: type=1800 audit(4295077760.518:58): pid=20280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2830" name="lu_gp_id" dev="configfs" ino=228880 res=0 errno=0 [ 831.598019][ T29] audit: type=1800 audit(4295077760.728:59): pid=20299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2834" name="lu_gp_id" dev="configfs" ino=228963 res=0 errno=0 [ 832.091956][T20310] FAULT_INJECTION: forcing a failure. [ 832.091956][T20310] name failslab, interval 1, probability 0, space 0, times 0 [ 832.152105][T20312] FAULT_INJECTION: forcing a failure. [ 832.152105][T20312] name failslab, interval 1, probability 0, space 0, times 0 [ 832.210394][T20310] CPU: 0 UID: 0 PID: 20310 Comm: syz.1.2836 Tainted: G L syzkaller #0 PREEMPT(full) [ 832.210420][T20310] Tainted: [L]=SOFTLOCKUP [ 832.210426][T20310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 832.210436][T20310] Call Trace: [ 832.210441][T20310] [ 832.210448][T20310] dump_stack_lvl+0x100/0x190 [ 832.210483][T20310] should_fail_ex.cold+0x5/0xa [ 832.210501][T20310] should_failslab+0xc2/0x120 [ 832.210518][T20310] __kmalloc_cache_noprof+0x7a/0x6f0 [ 832.210537][T20310] ? key_user_lookup+0x1a3/0x5a0 [ 832.210560][T20310] key_user_lookup+0x1a3/0x5a0 [ 832.210577][T20310] ? __pfx_key_user_lookup+0x10/0x10 [ 832.210595][T20310] ? bpf_lsm_capable+0x9/0x10 [ 832.210612][T20310] ? security_capable+0x80/0x260 [ 832.210636][T20310] keyctl_chown_key+0x358/0x1010 [ 832.210660][T20310] ? __x64_sys_futex+0x34f/0x4d0 [ 832.210678][T20310] ? __x64_sys_futex+0x358/0x4d0 [ 832.210698][T20310] ? __pfx_keyctl_chown_key+0x10/0x10 [ 832.210720][T20310] ? xfd_validate_state+0x129/0x190 [ 832.210746][T20310] __do_sys_keyctl+0x1e8/0x5a0 [ 832.210762][T20310] do_syscall_64+0x106/0xf80 [ 832.210783][T20310] ? clear_bhb_loop+0x40/0x90 [ 832.210801][T20310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.210817][T20310] RIP: 0033:0x7f795699c799 [ 832.210830][T20310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.210845][T20310] RSP: 002b:00007f795777b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 832.210859][T20310] RAX: ffffffffffffffda RBX: 00007f7956c16090 RCX: 00007f795699c799 [ 832.210869][T20310] RDX: 0000000000000006 RSI: 00000000fffffffe RDI: 0000000000000004 [ 832.210878][T20310] RBP: 00007f7956a32c99 R08: 000000000000000e R09: 0000000000000000 [ 832.210887][T20310] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 832.210897][T20310] R13: 00007f7956c16128 R14: 00007f7956c16090 R15: 00007ffcb7e5bea8 [ 832.210917][T20310] [ 832.625436][T20312] CPU: 0 UID: 0 PID: 20312 Comm: syz.2.2837 Tainted: G L syzkaller #0 PREEMPT(full) [ 832.625464][T20312] Tainted: [L]=SOFTLOCKUP [ 832.625470][T20312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 832.625479][T20312] Call Trace: [ 832.625485][T20312] [ 832.625492][T20312] dump_stack_lvl+0x100/0x190 [ 832.625519][T20312] should_fail_ex.cold+0x5/0xa [ 832.625538][T20312] ? tomoyo_realpath_from_path+0xb6/0x690 [ 832.625558][T20312] should_failslab+0xc2/0x120 [ 832.625574][T20312] __kmalloc_noprof+0xe0/0x850 [ 832.625600][T20312] tomoyo_realpath_from_path+0xb6/0x690 [ 832.625624][T20312] tomoyo_check_open_permission+0x2af/0x3c0 [ 832.625641][T20312] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 832.625675][T20312] ? lock_acquire+0x1cf/0x380 [ 832.625694][T20312] ? find_held_lock+0x2b/0x80 [ 832.625712][T20312] tomoyo_file_open+0x6b/0x90 [ 832.625734][T20312] security_file_open+0xb5/0x1e0 [ 832.625752][T20312] do_dentry_open+0x5aa/0x1660 [ 832.625773][T20312] vfs_open+0x82/0x3f0 [ 832.625793][T20312] path_openat+0x208c/0x31a0 [ 832.625815][T20312] ? __pfx_path_openat+0x10/0x10 [ 832.625837][T20312] do_file_open+0x20e/0x430 [ 832.625854][T20312] ? __pfx_do_file_open+0x10/0x10 [ 832.625883][T20312] ? alloc_fd+0x476/0x790 [ 832.625900][T20312] ? do_getname+0x191/0x390 [ 832.625920][T20312] do_sys_openat2+0x10d/0x1e0 [ 832.625938][T20312] ? __pfx_do_sys_openat2+0x10/0x10 [ 832.625965][T20312] __x64_sys_openat+0x12d/0x210 [ 832.625984][T20312] ? __pfx___x64_sys_openat+0x10/0x10 [ 832.626011][T20312] do_syscall_64+0x106/0xf80 [ 832.626031][T20312] ? clear_bhb_loop+0x40/0x90 [ 832.626049][T20312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.626064][T20312] RIP: 0033:0x7f003a59c799 [ 832.626078][T20312] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.626093][T20312] RSP: 002b:00007f003b45a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 832.626109][T20312] RAX: ffffffffffffffda RBX: 00007f003a816090 RCX: 00007f003a59c799 [ 832.626119][T20312] RDX: 0000000000000841 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 832.626128][T20312] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 832.626138][T20312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.626147][T20312] R13: 00007f003a816128 R14: 00007f003a816090 R15: 00007ffe6deeb3b8 [ 832.626166][T20312] [ 832.626173][T20312] ERROR: Out of memory at tomoyo_realpath_from_path. [ 832.913398][T20306] zswap: compressor  not available [ 833.901700][T20330] mkiss: ax0: crc mode is auto. [ 834.158387][T20334] FAULT_INJECTION: forcing a failure. [ 834.158387][T20334] name failslab, interval 1, probability 0, space 0, times 0 [ 834.210612][T20336] FAULT_INJECTION: forcing a failure. [ 834.210612][T20336] name fail_futex, interval 1, probability 0, space 0, times 0 [ 834.315885][T20336] CPU: 0 UID: 0 PID: 20336 Comm: syz.1.2845 Tainted: G L syzkaller #0 PREEMPT(full) [ 834.315910][T20336] Tainted: [L]=SOFTLOCKUP [ 834.315915][T20336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 834.315924][T20336] Call Trace: [ 834.315929][T20336] [ 834.315936][T20336] dump_stack_lvl+0x100/0x190 [ 834.315961][T20336] should_fail_ex.cold+0x5/0xa [ 834.315978][T20336] get_futex_key+0x107c/0x1620 [ 834.315998][T20336] ? __pfx_get_futex_key+0x10/0x10 [ 834.316013][T20336] ? lock_acquire+0x1cf/0x380 [ 834.316037][T20336] futex_wake+0xea/0x530 [ 834.316059][T20336] ? __pfx_futex_wake+0x10/0x10 [ 834.316079][T20336] ? exit_mm_release+0x19/0x30 [ 834.316102][T20336] do_futex+0x32b/0x350 [ 834.316120][T20336] ? __pfx_do_futex+0x10/0x10 [ 834.316136][T20336] ? __might_fault+0xc5/0x140 [ 834.316160][T20336] mm_release+0x24a/0x2f0 [ 834.316175][T20336] do_exit+0x704/0x2b60 [ 834.316196][T20336] ? __pfx_do_exit+0x10/0x10 [ 834.316214][T20336] ? do_raw_spin_lock+0x128/0x260 [ 834.316232][T20336] ? find_held_lock+0x2b/0x80 [ 834.316245][T20336] ? get_signal+0x7e0/0x21e0 [ 834.316262][T20336] do_group_exit+0xd5/0x2a0 [ 834.316281][T20336] get_signal+0x1ec7/0x21e0 [ 834.316302][T20336] ? __pfx_get_signal+0x10/0x10 [ 834.316318][T20336] ? do_futex+0x192/0x350 [ 834.316337][T20336] arch_do_signal_or_restart+0x91/0x770 [ 834.316355][T20336] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 834.316377][T20336] ? __pfx___x64_sys_futex+0x10/0x10 [ 834.316399][T20336] exit_to_user_mode_loop+0x86/0x4a0 [ 834.316419][T20336] do_syscall_64+0x668/0xf80 [ 834.316438][T20336] ? clear_bhb_loop+0x40/0x90 [ 834.316456][T20336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.316470][T20336] RIP: 0033:0x7f795699c799 [ 834.316483][T20336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 834.316497][T20336] RSP: 002b:00007f795779c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 834.316511][T20336] RAX: fffffffffffffe00 RBX: 00007f7956c15fa8 RCX: 00007f795699c799 [ 834.316520][T20336] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7956c15fa8 [ 834.316529][T20336] RBP: 00007f7956c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 834.316538][T20336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 834.316546][T20336] R13: 00007f7956c16038 R14: 00007ffcb7e5bdc0 R15: 00007ffcb7e5bea8 [ 834.316565][T20336] [ 834.569197][T20338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2846'. [ 834.812511][T20334] CPU: 0 UID: 0 PID: 20334 Comm: syz.0.2844 Tainted: G L syzkaller #0 PREEMPT(full) [ 834.812540][T20334] Tainted: [L]=SOFTLOCKUP [ 834.812547][T20334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 834.812556][T20334] Call Trace: [ 834.812562][T20334] [ 834.812569][T20334] dump_stack_lvl+0x100/0x190 [ 834.812597][T20334] should_fail_ex.cold+0x5/0xa [ 834.812617][T20334] should_failslab+0xc2/0x120 [ 834.812640][T20334] __kmalloc_cache_noprof+0x7a/0x6f0 [ 834.812660][T20334] ? snd_seq_timer_new+0x44/0x1b0 [ 834.812686][T20334] snd_seq_timer_new+0x44/0x1b0 [ 834.812708][T20334] snd_seq_queue_alloc+0x177/0x590 [ 834.812729][T20334] snd_seq_ioctl_create_queue+0xa9/0x370 [ 834.812755][T20334] call_seq_client_ctl+0xa3/0x130 [ 834.812779][T20334] snd_seq_kernel_client_ctl+0x77/0xd0 [ 834.812803][T20334] alloc_seq_queue+0xdb/0x180 [ 834.812818][T20334] ? __pfx_alloc_seq_queue+0x10/0x10 [ 834.812843][T20334] ? mark_held_locks+0x40/0x70 [ 834.812862][T20334] ? _raw_spin_unlock_irq+0x23/0x50 [ 834.812881][T20334] ? lockdep_hardirqs_on+0x78/0x100 [ 834.812903][T20334] snd_seq_oss_open+0x2b2/0xa10 [ 834.812922][T20334] odev_open+0x79/0xc0 [ 834.812934][T20334] ? __pfx_odev_open+0x10/0x10 [ 834.812947][T20334] soundcore_open+0x2e3/0x5a0 [ 834.812967][T20334] ? __pfx_soundcore_open+0x10/0x10 [ 834.812981][T20334] chrdev_open+0x234/0x6a0 [ 834.812996][T20334] ? __pfx_apparmor_file_open+0x10/0x10 [ 834.813019][T20334] ? __pfx_chrdev_open+0x10/0x10 [ 834.813035][T20334] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 834.813056][T20334] do_dentry_open+0x6d8/0x1660 [ 834.813071][T20334] ? __pfx_chrdev_open+0x10/0x10 [ 834.813091][T20334] vfs_open+0x82/0x3f0 [ 834.813112][T20334] path_openat+0x208c/0x31a0 [ 834.813133][T20334] ? __pfx_path_openat+0x10/0x10 [ 834.813156][T20334] do_file_open+0x20e/0x430 [ 834.813173][T20334] ? __pfx_do_file_open+0x10/0x10 [ 834.813201][T20334] ? alloc_fd+0x476/0x790 [ 834.813218][T20334] ? do_getname+0x191/0x390 [ 834.813238][T20334] do_sys_openat2+0x10d/0x1e0 [ 834.813257][T20334] ? __pfx_do_sys_openat2+0x10/0x10 [ 834.813277][T20334] ? __fget_files+0x21f/0x3d0 [ 834.813295][T20334] __x64_sys_openat+0x12d/0x210 [ 834.813315][T20334] ? __pfx___x64_sys_openat+0x10/0x10 [ 834.813342][T20334] do_syscall_64+0x106/0xf80 [ 834.813361][T20334] ? clear_bhb_loop+0x40/0x90 [ 834.813380][T20334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.813395][T20334] RIP: 0033:0x7f79d919c799 [ 834.813409][T20334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 834.813423][T20334] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 834.813439][T20334] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 834.813449][T20334] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 834.813458][T20334] RBP: 00007f79d9232c99 R08: 0000000000000000 R09: 0000000000000000 [ 834.813469][T20334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 834.813478][T20334] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 834.813498][T20334] [ 835.301514][T20346] FAULT_INJECTION: forcing a failure. [ 835.301514][T20346] name failslab, interval 1, probability 0, space 0, times 0 [ 835.314185][T20346] CPU: 0 UID: 0 PID: 20346 Comm: syz.2.2848 Tainted: G L syzkaller #0 PREEMPT(full) [ 835.314209][T20346] Tainted: [L]=SOFTLOCKUP [ 835.314215][T20346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 835.314224][T20346] Call Trace: [ 835.314230][T20346] [ 835.314236][T20346] dump_stack_lvl+0x100/0x190 [ 835.314263][T20346] should_fail_ex.cold+0x5/0xa [ 835.314281][T20346] should_failslab+0xc2/0x120 [ 835.314297][T20346] __kmalloc_cache_noprof+0x7a/0x6f0 [ 835.314317][T20346] ? key_user_lookup+0x1a3/0x5a0 [ 835.314339][T20346] key_user_lookup+0x1a3/0x5a0 [ 835.314356][T20346] ? __pfx_key_user_lookup+0x10/0x10 [ 835.314375][T20346] ? bpf_lsm_capable+0x9/0x10 [ 835.314390][T20346] ? security_capable+0x80/0x260 [ 835.314414][T20346] keyctl_chown_key+0x358/0x1010 [ 835.314438][T20346] ? __x64_sys_futex+0x34f/0x4d0 [ 835.314457][T20346] ? __x64_sys_futex+0x358/0x4d0 [ 835.314477][T20346] ? __pfx_keyctl_chown_key+0x10/0x10 [ 835.314498][T20346] ? xfd_validate_state+0x129/0x190 [ 835.314523][T20346] __do_sys_keyctl+0x1e8/0x5a0 [ 835.314539][T20346] do_syscall_64+0x106/0xf80 [ 835.314565][T20346] ? clear_bhb_loop+0x40/0x90 [ 835.314585][T20346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 835.314600][T20346] RIP: 0033:0x7f003a59c799 [ 835.314614][T20346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 835.314628][T20346] RSP: 002b:00007f003b45a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 835.314643][T20346] RAX: ffffffffffffffda RBX: 00007f003a816090 RCX: 00007f003a59c799 [ 835.314653][T20346] RDX: 0000000000000006 RSI: 00000000fffffffe RDI: 0000000000000004 [ 835.314662][T20346] RBP: 00007f003a632c99 R08: 000000000000000e R09: 0000000000000000 [ 835.314671][T20346] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 835.314680][T20346] R13: 00007f003a816128 R14: 00007f003a816090 R15: 00007ffe6deeb3b8 [ 835.314701][T20346] [ 836.033322][T20344] zswap: compressor  not available [ 840.397841][T20425] random: crng reseeded on system resumption [ 841.052486][T20434] FAULT_INJECTION: forcing a failure. [ 841.052486][T20434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 841.165297][T20434] CPU: 0 UID: 0 PID: 20434 Comm: syz.1.2872 Tainted: G L syzkaller #0 PREEMPT(full) [ 841.165324][T20434] Tainted: [L]=SOFTLOCKUP [ 841.165330][T20434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 841.165339][T20434] Call Trace: [ 841.165345][T20434] [ 841.165352][T20434] dump_stack_lvl+0x100/0x190 [ 841.165378][T20434] should_fail_ex.cold+0x5/0xa [ 841.165398][T20434] _copy_from_user+0x2e/0xd0 [ 841.165416][T20434] do_ip_getsockopt+0x43a/0x2400 [ 841.165510][T20434] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 841.165526][T20434] ? __pfx_do_swap_page+0x10/0x10 [ 841.165550][T20434] ? look_up_lock_class+0x55/0x120 [ 841.165572][T20434] ? register_lock_class+0x40/0x560 [ 841.165592][T20434] ? __pte_offset_map+0x179/0x310 [ 841.165612][T20434] ? __lock_acquire+0x4a5/0x2630 [ 841.165631][T20434] ? cmp_ex_search+0x8b/0xb0 [ 841.165700][T20434] ? bsearch+0x9e/0xc0 [ 841.165720][T20434] ? lock_acquire+0x1cf/0x380 [ 841.165744][T20434] ip_getsockopt+0xa1/0x1e0 [ 841.165762][T20434] ? __pfx_ip_getsockopt+0x10/0x10 [ 841.165779][T20434] ? smc_getsockopt+0xbc/0x390 [ 841.165829][T20434] ? kernelmode_fixup_or_oops.isra.0+0x80/0xf0 [ 841.165859][T20434] ipv6_getsockopt+0x243/0x2a0 [ 841.165884][T20434] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 841.165913][T20434] tcp_getsockopt+0xa1/0x110 [ 841.165935][T20434] smc_getsockopt+0x165/0x390 [ 841.165950][T20434] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 841.165974][T20434] ? __pfx_smc_getsockopt+0x10/0x10 [ 841.165992][T20434] ? __asan_memset+0x23/0x50 [ 841.166013][T20434] ? __pfx_smc_getsockopt+0x10/0x10 [ 841.166036][T20434] do_sock_getsockopt+0x259/0x3d0 [ 841.166053][T20434] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 841.166079][T20434] __sys_getsockopt+0x133/0x1d0 [ 841.166104][T20434] ? __x64_sys_getsockopt+0xbd/0x160 [ 841.166124][T20434] __x64_sys_getsockopt+0xbd/0x160 [ 841.166143][T20434] ? do_syscall_64+0x95/0xf80 [ 841.166163][T20434] ? lockdep_hardirqs_on+0x78/0x100 [ 841.166182][T20434] do_syscall_64+0x106/0xf80 [ 841.166201][T20434] ? clear_bhb_loop+0x40/0x90 [ 841.166219][T20434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.166235][T20434] RIP: 0033:0x7f795699c799 [ 841.166248][T20434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 841.166263][T20434] RSP: 002b:00007f795779c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 841.166278][T20434] RAX: ffffffffffffffda RBX: 00007f7956c15fa0 RCX: 00007f795699c799 [ 841.166288][T20434] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000004 [ 841.166297][T20434] RBP: 00007f7956a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 841.166307][T20434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 841.166316][T20434] R13: 00007f7956c16038 R14: 00007f7956c15fa0 R15: 00007ffcb7e5bea8 [ 841.166339][T20434] [ 842.203109][T20442] zswap: compressor  not available [ 842.454210][T20443] hub 1-0:1.0: USB hub found [ 842.469714][T20443] hub 1-0:1.0: 1 port detected [ 842.791252][T20452] FAULT_INJECTION: forcing a failure. [ 842.791252][T20452] name failslab, interval 1, probability 0, space 0, times 0 [ 842.896443][T20452] CPU: 0 UID: 0 PID: 20452 Comm: syz.1.2877 Tainted: G L syzkaller #0 PREEMPT(full) [ 842.896468][T20452] Tainted: [L]=SOFTLOCKUP [ 842.896474][T20452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 842.896483][T20452] Call Trace: [ 842.896488][T20452] [ 842.896494][T20452] dump_stack_lvl+0x100/0x190 [ 842.896521][T20452] should_fail_ex.cold+0x5/0xa [ 842.896538][T20452] ? alloc_pipe_info+0x1ec/0x590 [ 842.896553][T20452] should_failslab+0xc2/0x120 [ 842.896568][T20452] __kmalloc_noprof+0xe0/0x850 [ 842.896592][T20452] alloc_pipe_info+0x1ec/0x590 [ 842.896609][T20452] splice_direct_to_actor+0x78f/0xa30 [ 842.896625][T20452] ? __lock_acquire+0x4a5/0x2630 [ 842.896641][T20452] ? __pfx_direct_splice_actor+0x10/0x10 [ 842.896664][T20452] ? __pfx_aa_file_perm+0x10/0x10 [ 842.896684][T20452] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 842.896704][T20452] do_splice_direct+0x174/0x240 [ 842.896718][T20452] ? __pfx_do_splice_direct+0x10/0x10 [ 842.896733][T20452] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 842.896758][T20452] ? rw_verify_area+0xce/0x6d0 [ 842.896779][T20452] do_sendfile+0xadc/0xe20 [ 842.896803][T20452] ? __pfx_do_sendfile+0x10/0x10 [ 842.896823][T20452] ? __fget_files+0x21f/0x3d0 [ 842.896849][T20452] __x64_sys_sendfile64+0x1d8/0x220 [ 842.896865][T20452] ? ksys_write+0x1ac/0x250 [ 842.896877][T20452] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 842.896899][T20452] do_syscall_64+0x106/0xf80 [ 842.896918][T20452] ? clear_bhb_loop+0x40/0x90 [ 842.896935][T20452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 842.896950][T20452] RIP: 0033:0x7f795699c799 [ 842.896963][T20452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 842.896977][T20452] RSP: 002b:00007f795779c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 842.896991][T20452] RAX: ffffffffffffffda RBX: 00007f7956c15fa0 RCX: 00007f795699c799 [ 842.897001][T20452] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 842.897010][T20452] RBP: 00007f795779c090 R08: 0000000000000000 R09: 0000000000000000 [ 842.897018][T20452] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 842.897027][T20452] R13: 00007f7956c16038 R14: 00007f7956c15fa0 R15: 00007ffcb7e5bea8 [ 842.897046][T20452] [ 843.648644][T20461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2879'. [ 843.872887][T20466] sctp: [Deprecated]: syz.3.2880 (pid 20466) Use of int in maxseg socket option. [ 843.872887][T20466] Use struct sctp_assoc_value instead [ 843.963431][T20469] random: crng reseeded on system resumption [ 844.899234][T20480] zswap: compressor not available [ 844.904655][T20483] FAULT_INJECTION: forcing a failure. [ 844.904655][T20483] name failslab, interval 1, probability 0, space 0, times 0 [ 844.972496][T20483] CPU: 0 UID: 0 PID: 20483 Comm: syz.0.2886 Tainted: G L syzkaller #0 PREEMPT(full) [ 844.972520][T20483] Tainted: [L]=SOFTLOCKUP [ 844.972526][T20483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 844.972535][T20483] Call Trace: [ 844.972540][T20483] [ 844.972547][T20483] dump_stack_lvl+0x100/0x190 [ 844.972573][T20483] should_fail_ex.cold+0x5/0xa [ 844.972589][T20483] ? copy_splice_read+0x1a3/0xb90 [ 844.972603][T20483] should_failslab+0xc2/0x120 [ 844.972618][T20483] __kmalloc_noprof+0xe0/0x850 [ 844.972650][T20483] copy_splice_read+0x1a3/0xb90 [ 844.972663][T20483] ? __pfx_iter_file_splice_write+0x10/0x10 [ 844.972681][T20483] ? __pfx_copy_splice_read+0x10/0x10 [ 844.972700][T20483] ? find_held_lock+0x2b/0x80 [ 844.972721][T20483] ? __pfx_copy_splice_read+0x10/0x10 [ 844.972734][T20483] do_splice_read+0x285/0x370 [ 844.972750][T20483] splice_direct_to_actor+0x2a1/0xa30 [ 844.972765][T20483] ? __pfx_direct_splice_actor+0x10/0x10 [ 844.972792][T20483] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 844.972811][T20483] do_splice_direct+0x174/0x240 [ 844.972826][T20483] ? __pfx_do_splice_direct+0x10/0x10 [ 844.972841][T20483] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 844.972865][T20483] ? rw_verify_area+0xce/0x6d0 [ 844.972887][T20483] do_sendfile+0xadc/0xe20 [ 844.972912][T20483] ? __pfx_do_sendfile+0x10/0x10 [ 844.972932][T20483] ? __fget_files+0x21f/0x3d0 [ 844.972950][T20483] __x64_sys_sendfile64+0x1d8/0x220 [ 844.972966][T20483] ? ksys_write+0x1ac/0x250 [ 844.972978][T20483] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 844.973000][T20483] do_syscall_64+0x106/0xf80 [ 844.973020][T20483] ? clear_bhb_loop+0x40/0x90 [ 844.973037][T20483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.973052][T20483] RIP: 0033:0x7f79d919c799 [ 844.973064][T20483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 844.973078][T20483] RSP: 002b:00007f79da0e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 844.973093][T20483] RAX: ffffffffffffffda RBX: 00007f79d9416090 RCX: 00007f79d919c799 [ 844.973103][T20483] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 844.973111][T20483] RBP: 00007f79da0e7090 R08: 0000000000000000 R09: 0000000000000000 [ 844.973120][T20483] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 844.973128][T20483] R13: 00007f79d9416128 R14: 00007f79d9416090 R15: 00007ffdf96d3ec8 [ 844.973147][T20483] [ 845.287152][T20492] mkiss: ax0: crc mode is auto. [ 846.132616][T20497] random: crng reseeded on system resumption [ 846.992852][T20510] vivid-007: ================= START STATUS ================= [ 847.000513][T20510] vivid-007: Generate PTS: true [ 847.242561][T20510] vivid-007: Generate SCR: true [ 847.384978][T20510] tpg source WxH: 320x240 (Y'CbCr) [ 847.573213][T20510] tpg field: 1 [ 847.576603][T20510] tpg crop: (0,0)/320x240 [ 847.580929][T20510] tpg compose: (0,0)/320x240 [ 847.629586][ T29] audit: type=1800 audit(4295077776.758:60): pid=20529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2896" name="lu_gp_id" dev="configfs" ino=241304 res=0 errno=0 [ 847.714483][T20524] sp0: Synchronizing with TNC [ 847.781644][T20510] tpg colorspace: 8 [ 847.831514][T20510] tpg transfer function: 0/0 [ 847.880111][T20510] tpg Y'CbCr encoding: 0/0 [ 847.913392][T20510] tpg quantization: 0/0 [ 847.945202][T20510] tpg RGB range: 0/2 [ 847.960766][T20510] vivid-007: ================== END STATUS ================== [ 849.653585][T20546] mkiss: ax0: crc mode is auto. [ 850.703851][T20586] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 850.864505][T20593] hub 27-0:1.0: USB hub found [ 850.919498][T20593] hub 27-0:1.0: 1 port detected [ 853.336117][T20665] FAULT_INJECTION: forcing a failure. [ 853.336117][T20665] name fail_futex, interval 1, probability 0, space 0, times 0 [ 853.405430][T20665] CPU: 0 UID: 0 PID: 20665 Comm: syz.2.2913 Tainted: G L syzkaller #0 PREEMPT(full) [ 853.405456][T20665] Tainted: [L]=SOFTLOCKUP [ 853.405462][T20665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 853.405472][T20665] Call Trace: [ 853.405477][T20665] [ 853.405484][T20665] dump_stack_lvl+0x100/0x190 [ 853.405511][T20665] should_fail_ex.cold+0x5/0xa [ 853.405528][T20665] get_futex_key+0x1d2/0x1620 [ 853.405549][T20665] ? __pfx_get_futex_key+0x10/0x10 [ 853.405567][T20665] ? look_up_lock_class+0x55/0x120 [ 853.405589][T20665] ? register_lock_class+0x40/0x560 [ 853.405611][T20665] futex_wake+0xea/0x530 [ 853.405634][T20665] ? __pfx_futex_wake+0x10/0x10 [ 853.405654][T20665] ? do_raw_spin_lock+0x128/0x260 [ 853.405675][T20665] ? key_user_lookup+0x443/0x5a0 [ 853.405695][T20665] ? refcount_dec_not_one+0x136/0x1c0 [ 853.405715][T20665] do_futex+0x32b/0x350 [ 853.405734][T20665] ? __pfx_do_futex+0x10/0x10 [ 853.405752][T20665] ? refcount_dec_and_lock+0x32/0x100 [ 853.405769][T20665] ? key_user_put+0x35/0x70 [ 853.405788][T20665] __x64_sys_futex+0x34f/0x4d0 [ 853.405818][T20665] ? __pfx___x64_sys_futex+0x10/0x10 [ 853.405845][T20665] do_syscall_64+0x106/0xf80 [ 853.405866][T20665] ? clear_bhb_loop+0x40/0x90 [ 853.405885][T20665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.405901][T20665] RIP: 0033:0x7f003a59c799 [ 853.405915][T20665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 853.405930][T20665] RSP: 002b:00007f003b45a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 853.405945][T20665] RAX: ffffffffffffffda RBX: 00007f003a816098 RCX: 00007f003a59c799 [ 853.405955][T20665] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f003a81609c [ 853.405964][T20665] RBP: 00007f003a816090 R08: 0000000000000000 R09: 0000000000000000 [ 853.405973][T20665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.405983][T20665] R13: 00007f003a816128 R14: 00007ffe6deeb2d0 R15: 00007ffe6deeb3b8 [ 853.406003][T20665] [ 853.857973][T20556] kexec: Could not allocate control_code_buffer [ 854.025462][T20661] zswap: compressor  not available [ 854.268570][T20673] net_ratelimit: 1 callbacks suppressed [ 854.268585][T20673] netlink: zone id is out of range [ 854.393134][T20673] netlink: zone id is out of range [ 854.432774][T20673] netlink: zone id is out of range [ 854.465394][T20673] netlink: zone id is out of range [ 854.504394][T20673] netlink: zone id is out of range [ 854.528518][T20667] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2909'. [ 854.547363][T20673] netlink: zone id is out of range [ 854.588557][T20673] netlink: zone id is out of range [ 854.627750][T20673] netlink: zone id is out of range [ 854.649012][T20673] netlink: zone id is out of range [ 854.722466][T20673] netlink: zone id is out of range [ 854.867054][T20684] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2919'. [ 855.383660][T20668] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2909'. [ 855.503464][T20698] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 855.885747][ T5823] usb usb40-port2: attempt power cycle [ 856.486488][T20721] FAULT_INJECTION: forcing a failure. [ 856.486488][T20721] name fail_futex, interval 1, probability 0, space 0, times 0 [ 856.500076][ T5823] usb usb40-port2: unable to enumerate USB device [ 856.591049][T20721] CPU: 0 UID: 0 PID: 20721 Comm: syz.0.2925 Tainted: G L syzkaller #0 PREEMPT(full) [ 856.591076][T20721] Tainted: [L]=SOFTLOCKUP [ 856.591082][T20721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 856.591092][T20721] Call Trace: [ 856.591097][T20721] [ 856.591104][T20721] dump_stack_lvl+0x100/0x190 [ 856.591131][T20721] should_fail_ex.cold+0x5/0xa [ 856.591149][T20721] get_futex_key+0x1d2/0x1620 [ 856.591170][T20721] ? __pfx_get_futex_key+0x10/0x10 [ 856.591194][T20721] futex_wait_setup+0x83/0x510 [ 856.591222][T20721] __futex_wait+0x19f/0x300 [ 856.591245][T20721] ? __pfx___futex_wait+0x10/0x10 [ 856.591271][T20721] ? __pfx_futex_wake_mark+0x10/0x10 [ 856.591295][T20721] ? find_held_lock+0x2b/0x80 [ 856.591310][T20721] ? futex_wake+0x456/0x530 [ 856.591335][T20721] futex_wait+0xed/0x380 [ 856.591356][T20721] ? __pfx_futex_wait+0x10/0x10 [ 856.591383][T20721] ? refcount_dec_not_one+0x136/0x1c0 [ 856.591404][T20721] do_futex+0x1ef/0x350 [ 856.591423][T20721] ? __pfx_do_futex+0x10/0x10 [ 856.591441][T20721] ? refcount_dec_and_lock+0x32/0x100 [ 856.591458][T20721] ? key_user_put+0x35/0x70 [ 856.591478][T20721] __x64_sys_futex+0x34f/0x4d0 [ 856.591500][T20721] ? __pfx___x64_sys_futex+0x10/0x10 [ 856.591533][T20721] do_syscall_64+0x106/0xf80 [ 856.591554][T20721] ? clear_bhb_loop+0x40/0x90 [ 856.591571][T20721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.591587][T20721] RIP: 0033:0x7f79d919c799 [ 856.591601][T20721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 856.591616][T20721] RSP: 002b:00007f79da0e70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 856.591631][T20721] RAX: ffffffffffffffda RBX: 00007f79d9416098 RCX: 00007f79d919c799 [ 856.591641][T20721] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f79d9416098 [ 856.591651][T20721] RBP: 00007f79d9416090 R08: 0000000000000000 R09: 0000000000000000 [ 856.591660][T20721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.591670][T20721] R13: 00007f79d9416128 R14: 00007ffdf96d3de0 R15: 00007ffdf96d3ec8 [ 856.591689][T20721] [ 857.207151][T20718] zswap: compressor  not available [ 859.349912][T20742] FAULT_INJECTION: forcing a failure. [ 859.349912][T20742] name failslab, interval 1, probability 0, space 0, times 0 [ 859.414344][T20742] CPU: 0 UID: 0 PID: 20742 Comm: syz.2.2931 Tainted: G L syzkaller #0 PREEMPT(full) [ 859.414373][T20742] Tainted: [L]=SOFTLOCKUP [ 859.414379][T20742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 859.414389][T20742] Call Trace: [ 859.414395][T20742] [ 859.414402][T20742] dump_stack_lvl+0x100/0x190 [ 859.414431][T20742] should_fail_ex.cold+0x5/0xa [ 859.414450][T20742] should_failslab+0xc2/0x120 [ 859.414467][T20742] __kmalloc_cache_noprof+0x7a/0x6f0 [ 859.414486][T20742] ? snd_seq_timer_new+0x44/0x1b0 [ 859.414513][T20742] snd_seq_timer_new+0x44/0x1b0 [ 859.414537][T20742] snd_seq_queue_alloc+0x177/0x590 [ 859.414559][T20742] snd_seq_ioctl_create_queue+0xa9/0x370 [ 859.414585][T20742] call_seq_client_ctl+0xa3/0x130 [ 859.414610][T20742] snd_seq_kernel_client_ctl+0x77/0xd0 [ 859.414635][T20742] alloc_seq_queue+0xdb/0x180 [ 859.414651][T20742] ? __pfx_alloc_seq_queue+0x10/0x10 [ 859.414677][T20742] ? mark_held_locks+0x40/0x70 [ 859.414696][T20742] ? _raw_spin_unlock_irq+0x23/0x50 [ 859.414716][T20742] ? lockdep_hardirqs_on+0x78/0x100 [ 859.414739][T20742] snd_seq_oss_open+0x2b2/0xa10 [ 859.414760][T20742] odev_open+0x79/0xc0 [ 859.414773][T20742] ? __pfx_odev_open+0x10/0x10 [ 859.414787][T20742] soundcore_open+0x2e3/0x5a0 [ 859.414804][T20742] ? __pfx_soundcore_open+0x10/0x10 [ 859.414820][T20742] chrdev_open+0x234/0x6a0 [ 859.414836][T20742] ? __pfx_apparmor_file_open+0x10/0x10 [ 859.414861][T20742] ? __pfx_chrdev_open+0x10/0x10 [ 859.414878][T20742] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 859.414899][T20742] do_dentry_open+0x6d8/0x1660 [ 859.414915][T20742] ? __pfx_chrdev_open+0x10/0x10 [ 859.414935][T20742] vfs_open+0x82/0x3f0 [ 859.414956][T20742] path_openat+0x208c/0x31a0 [ 859.414979][T20742] ? __pfx_path_openat+0x10/0x10 [ 859.415002][T20742] do_file_open+0x20e/0x430 [ 859.415019][T20742] ? __pfx_do_file_open+0x10/0x10 [ 859.415049][T20742] ? alloc_fd+0x476/0x790 [ 859.415066][T20742] ? do_getname+0x191/0x390 [ 859.415087][T20742] do_sys_openat2+0x10d/0x1e0 [ 859.415107][T20742] ? __pfx_do_sys_openat2+0x10/0x10 [ 859.415128][T20742] ? __fget_files+0x21f/0x3d0 [ 859.415148][T20742] __x64_sys_openat+0x12d/0x210 [ 859.415168][T20742] ? __pfx___x64_sys_openat+0x10/0x10 [ 859.415196][T20742] do_syscall_64+0x106/0xf80 [ 859.415228][T20742] ? clear_bhb_loop+0x40/0x90 [ 859.415251][T20742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.415269][T20742] RIP: 0033:0x7f003a59c799 [ 859.415283][T20742] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 859.415299][T20742] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 859.415315][T20742] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 859.415326][T20742] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 859.415337][T20742] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 859.415347][T20742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 859.415357][T20742] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 859.415377][T20742] [ 860.052783][T20744] phram: not enough arguments [ 860.221258][T20749] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2934'. [ 860.274452][ T7566] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 861.170137][T20759] net_ratelimit: 29 callbacks suppressed [ 861.170154][T20759] netlink: zone id is out of range [ 861.264188][T20759] netlink: zone id is out of range [ 861.337067][T20759] netlink: zone id is out of range [ 861.357230][T20759] netlink: zone id is out of range [ 861.389169][T20759] netlink: zone id is out of range [ 861.418865][T20759] netlink: zone id is out of range [ 861.450409][T20759] netlink: zone id is out of range [ 861.477224][T20759] netlink: zone id is out of range [ 861.492830][T20757] netlink: zone id is out of range [ 861.497932][T20757] netlink: zone id is out of range [ 861.679691][T20761] FAULT_INJECTION: forcing a failure. [ 861.679691][T20761] name failslab, interval 1, probability 0, space 0, times 0 [ 861.751936][T20761] CPU: 0 UID: 0 PID: 20761 Comm: syz.0.2937 Tainted: G L syzkaller #0 PREEMPT(full) [ 861.751960][T20761] Tainted: [L]=SOFTLOCKUP [ 861.751966][T20761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 861.751975][T20761] Call Trace: [ 861.751980][T20761] [ 861.751986][T20761] dump_stack_lvl+0x100/0x190 [ 861.752020][T20761] should_fail_ex.cold+0x5/0xa [ 861.752038][T20761] should_failslab+0xc2/0x120 [ 861.752054][T20761] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 861.752074][T20761] ? taskstats_exit+0x650/0xbd0 [ 861.752100][T20761] taskstats_exit+0x650/0xbd0 [ 861.752121][T20761] ? __pfx_acct_update_integrals+0x10/0x10 [ 861.752135][T20761] ? __pfx_taskstats_exit+0x10/0x10 [ 861.752157][T20761] ? rcu_read_lock_any_held+0x6a/0xa0 [ 861.752171][T20761] ? exit_signals+0x395/0xaf0 [ 861.752188][T20761] do_exit+0x659/0x2b60 [ 861.752209][T20761] ? __pfx_do_exit+0x10/0x10 [ 861.752227][T20761] ? do_raw_spin_lock+0x128/0x260 [ 861.752246][T20761] ? find_held_lock+0x2b/0x80 [ 861.752259][T20761] ? get_signal+0x7e0/0x21e0 [ 861.752275][T20761] do_group_exit+0xd5/0x2a0 [ 861.752294][T20761] get_signal+0x1ec7/0x21e0 [ 861.752316][T20761] ? __pfx_get_signal+0x10/0x10 [ 861.752331][T20761] ? do_futex+0x192/0x350 [ 861.752351][T20761] arch_do_signal_or_restart+0x91/0x770 [ 861.752370][T20761] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 861.752392][T20761] ? __pfx___x64_sys_futex+0x10/0x10 [ 861.752413][T20761] exit_to_user_mode_loop+0x86/0x4a0 [ 861.752433][T20761] do_syscall_64+0x668/0xf80 [ 861.752452][T20761] ? clear_bhb_loop+0x40/0x90 [ 861.752470][T20761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 861.752485][T20761] RIP: 0033:0x7f79d919c799 [ 861.752497][T20761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 861.752512][T20761] RSP: 002b:00007f79da1080e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 861.752526][T20761] RAX: fffffffffffffe00 RBX: 00007f79d9415fa8 RCX: 00007f79d919c799 [ 861.752536][T20761] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f79d9415fa8 [ 861.752544][T20761] RBP: 00007f79d9415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 861.752553][T20761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 861.752562][T20761] R13: 00007f79d9416038 R14: 00007ffdf96d3de0 R15: 00007ffdf96d3ec8 [ 861.752580][T20761] [ 863.657404][T20775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2943'. [ 864.571003][T20786] FAULT_INJECTION: forcing a failure. [ 864.571003][T20786] name failslab, interval 1, probability 0, space 0, times 0 [ 864.639748][T20786] CPU: 0 UID: 0 PID: 20786 Comm: syz.0.2945 Tainted: G L syzkaller #0 PREEMPT(full) [ 864.639772][T20786] Tainted: [L]=SOFTLOCKUP [ 864.639777][T20786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 864.639786][T20786] Call Trace: [ 864.639792][T20786] [ 864.639797][T20786] dump_stack_lvl+0x100/0x190 [ 864.639824][T20786] should_fail_ex.cold+0x5/0xa [ 864.639841][T20786] should_failslab+0xc2/0x120 [ 864.639856][T20786] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 864.639876][T20786] ? vm_area_alloc+0x1f/0x160 [ 864.639893][T20786] ? vma_merge_new_range+0x38b/0xa30 [ 864.639916][T20786] vm_area_alloc+0x1f/0x160 [ 864.639933][T20786] __mmap_region+0x10cc/0x29e0 [ 864.639956][T20786] ? __pfx___mmap_region+0x10/0x10 [ 864.639974][T20786] ? process_measurement+0x1f4/0x2350 [ 864.640027][T20786] ? is_bpf_text_address+0x94/0x1a0 [ 864.640049][T20786] ? kernel_text_address+0x8d/0x100 [ 864.640069][T20786] ? __kernel_text_address+0xd/0x30 [ 864.640111][T20786] ? rcu_is_watching+0x12/0xc0 [ 864.640132][T20786] ? cap_capable+0x107/0x460 [ 864.640156][T20786] mmap_region+0x180/0x3e0 [ 864.640179][T20786] do_mmap+0xc63/0x12f0 [ 864.640198][T20786] ? __pfx_do_mmap+0x10/0x10 [ 864.640217][T20786] ? __pfx_down_write_killable+0x10/0x10 [ 864.640243][T20786] vm_mmap_pgoff+0x29e/0x470 [ 864.640262][T20786] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 864.640280][T20786] ? __fget_files+0x215/0x3d0 [ 864.640295][T20786] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 864.640318][T20786] ksys_mmap_pgoff+0xe1/0x650 [ 864.640335][T20786] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 864.640349][T20786] ? fput+0x79/0x100 [ 864.640364][T20786] ? ksys_write+0x1ac/0x250 [ 864.640377][T20786] ? __pfx_ksys_write+0x10/0x10 [ 864.640393][T20786] __x64_sys_mmap+0x125/0x190 [ 864.640415][T20786] do_syscall_64+0x106/0xf80 [ 864.640433][T20786] ? clear_bhb_loop+0x40/0x90 [ 864.640451][T20786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.640465][T20786] RIP: 0033:0x7f79d919c799 [ 864.640478][T20786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.640492][T20786] RSP: 002b:00007f79da0c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 864.640506][T20786] RAX: ffffffffffffffda RBX: 00007f79d9416180 RCX: 00007f79d919c799 [ 864.640516][T20786] RDX: 0000000000000007 RSI: 0000000002020009 RDI: 0000000000000000 [ 864.640525][T20786] RBP: 00007f79da0c6090 R08: fffffffffffffffa R09: 0000000000008000 [ 864.640534][T20786] R10: 0000000000000eb2 R11: 0000000000000246 R12: 0000000000000001 [ 864.640543][T20786] R13: 00007f79d9416218 R14: 00007f79d9416180 R15: 00007ffdf96d3ec8 [ 864.640561][T20786] [ 866.042172][T20783] sp0: Synchronizing with TNC [ 867.530253][T20803] FAULT_INJECTION: forcing a failure. [ 867.530253][T20803] name failslab, interval 1, probability 0, space 0, times 0 [ 867.585791][T20803] CPU: 0 UID: 0 PID: 20803 Comm: syz.1.2952 Tainted: G L syzkaller #0 PREEMPT(full) [ 867.585816][T20803] Tainted: [L]=SOFTLOCKUP [ 867.585822][T20803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 867.585832][T20803] Call Trace: [ 867.585837][T20803] [ 867.585844][T20803] dump_stack_lvl+0x100/0x190 [ 867.585871][T20803] should_fail_ex.cold+0x5/0xa [ 867.585889][T20803] should_failslab+0xc2/0x120 [ 867.585906][T20803] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 867.585928][T20803] ? __d_alloc+0x34/0xa80 [ 867.585944][T20803] ? lockdep_init_map_type+0x5c/0x250 [ 867.585967][T20803] __d_alloc+0x34/0xa80 [ 867.585985][T20803] d_alloc_pseudo+0x1c/0xc0 [ 867.586005][T20803] alloc_file_pseudo+0xcf/0x230 [ 867.586025][T20803] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 867.586048][T20803] ? alloc_fd+0x476/0x790 [ 867.586066][T20803] sock_alloc_file+0x50/0x210 [ 867.586091][T20803] __sys_socket+0x1c0/0x260 [ 867.586107][T20803] ? __pfx___sys_socket+0x10/0x10 [ 867.586129][T20803] __x64_sys_socket+0x72/0xb0 [ 867.586145][T20803] ? lockdep_hardirqs_on+0x78/0x100 [ 867.586166][T20803] do_syscall_64+0x106/0xf80 [ 867.586186][T20803] ? clear_bhb_loop+0x40/0x90 [ 867.586204][T20803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 867.586219][T20803] RIP: 0033:0x7f795699c799 [ 867.586233][T20803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 867.586248][T20803] RSP: 002b:00007f795779c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 867.586263][T20803] RAX: ffffffffffffffda RBX: 00007f7956c15fa0 RCX: 00007f795699c799 [ 867.586273][T20803] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 867.586282][T20803] RBP: 00007f7956a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 867.586290][T20803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 867.586299][T20803] R13: 00007f7956c16038 R14: 00007f7956c15fa0 R15: 00007ffcb7e5bea8 [ 867.586319][T20803] [ 868.615531][T20809] ptp ptp0: new virtual clock ptp1 [ 868.702043][T20809] ptp ptp0: guarantee physical clock free running [ 868.716324][T20818] ptp ptp0: guarantee physical clock free running [ 869.224315][T20825] FAULT_INJECTION: forcing a failure. [ 869.224315][T20825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 869.353631][T20825] CPU: 0 UID: 0 PID: 20825 Comm: syz.0.2957 Tainted: G L syzkaller #0 PREEMPT(full) [ 869.353659][T20825] Tainted: [L]=SOFTLOCKUP [ 869.353665][T20825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 869.353675][T20825] Call Trace: [ 869.353681][T20825] [ 869.353687][T20825] dump_stack_lvl+0x100/0x190 [ 869.353716][T20825] should_fail_ex.cold+0x5/0xa [ 869.353734][T20825] _copy_from_user+0x2e/0xd0 [ 869.353754][T20825] do_pages_stat+0x194/0x7f0 [ 869.353777][T20825] ? __pfx_do_pages_stat+0x10/0x10 [ 869.353798][T20825] ? find_held_lock+0x2b/0x80 [ 869.353824][T20825] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 869.353844][T20825] ? lockdep_hardirqs_on+0x78/0x100 [ 869.353864][T20825] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 869.353885][T20825] kernel_move_pages+0xecf/0x13f0 [ 869.353905][T20825] ? do_futex+0x192/0x350 [ 869.353924][T20825] ? __pfx_do_futex+0x10/0x10 [ 869.353944][T20825] ? __pfx_kernel_move_pages+0x10/0x10 [ 869.353960][T20825] ? find_held_lock+0x2b/0x80 [ 869.353977][T20825] ? __x64_sys_futex+0x34f/0x4d0 [ 869.353994][T20825] ? __x64_sys_futex+0x358/0x4d0 [ 869.354015][T20825] ? xfd_validate_state+0x129/0x190 [ 869.354039][T20825] __x64_sys_move_pages+0xe0/0x1c0 [ 869.354057][T20825] ? do_syscall_64+0x95/0xf80 [ 869.354086][T20825] ? lockdep_hardirqs_on+0x78/0x100 [ 869.354107][T20825] do_syscall_64+0x106/0xf80 [ 869.354126][T20825] ? clear_bhb_loop+0x40/0x90 [ 869.354144][T20825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.354159][T20825] RIP: 0033:0x7f79d919c799 [ 869.354172][T20825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 869.354188][T20825] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 869.354203][T20825] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 869.354213][T20825] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 869.354223][T20825] RBP: 00007f79d9232c99 R08: 0000000000000000 R09: 0000000000000002 [ 869.354232][T20825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.354241][T20825] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 869.354268][T20825] [ 869.844281][ T10] Process accounting resumed [ 870.006861][T20827] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR [ 870.239229][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.274830][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.221947][T20829] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 871.745434][T20826] smpboot: CPU 1 is now offline [ 872.749375][T20865] FAULT_INJECTION: forcing a failure. [ 872.749375][T20865] name fail_futex, interval 1, probability 0, space 0, times 0 [ 872.954529][T20865] CPU: 0 UID: 0 PID: 20865 Comm: syz.1.2965 Tainted: G L syzkaller #0 PREEMPT(full) [ 872.954556][T20865] Tainted: [L]=SOFTLOCKUP [ 872.954563][T20865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 872.954573][T20865] Call Trace: [ 872.954579][T20865] [ 872.954585][T20865] dump_stack_lvl+0x100/0x190 [ 872.954612][T20865] should_fail_ex.cold+0x5/0xa [ 872.954633][T20865] get_futex_key+0x1d2/0x1620 [ 872.954654][T20865] ? __pfx_get_futex_key+0x10/0x10 [ 872.954673][T20865] ? __do_sys_memfd_create+0x283/0x3d0 [ 872.954694][T20865] ? kasan_save_stack+0x3f/0x50 [ 872.954715][T20865] ? kasan_save_stack+0x30/0x50 [ 872.954735][T20865] ? kasan_save_track+0x14/0x30 [ 872.954756][T20865] ? kasan_save_free_info+0x3b/0x70 [ 872.954773][T20865] ? __kasan_slab_free+0x5f/0x80 [ 872.954789][T20865] futex_wake+0xea/0x530 [ 872.954811][T20865] ? __pfx_futex_wake+0x10/0x10 [ 872.954840][T20865] do_futex+0x32b/0x350 [ 872.954859][T20865] ? __pfx_do_futex+0x10/0x10 [ 872.954883][T20865] __x64_sys_futex+0x34f/0x4d0 [ 872.954904][T20865] ? __pfx___x64_sys_futex+0x10/0x10 [ 872.954922][T20865] ? kfree+0x1f6/0x6b0 [ 872.954947][T20865] ? strncpy_from_user+0x19d/0x2d0 [ 872.954970][T20865] do_syscall_64+0x106/0xf80 [ 872.954991][T20865] ? clear_bhb_loop+0x40/0x90 [ 872.955009][T20865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.955024][T20865] RIP: 0033:0x7f795699c799 [ 872.955038][T20865] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 872.955053][T20865] RSP: 002b:00007f795779c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 872.955069][T20865] RAX: ffffffffffffffda RBX: 00007f7956c15fa8 RCX: 00007f795699c799 [ 872.955079][T20865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7956c15fac [ 872.955089][T20865] RBP: 00007f7956c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 872.955098][T20865] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 872.955108][T20865] R13: 00007f7956c16038 R14: 00007ffcb7e5bdc0 R15: 00007ffcb7e5bea8 [ 872.955127][T20865] [ 875.117955][T20881] kexec: Could not allocate control_code_buffer [ 877.638056][ T7566] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 878.172350][T20950] mmap: syz.0.2985 (20950): VmData 41656320 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 878.277194][T20952] Setting dangerous option i915.mitigations - tainting kernel [ 879.477771][T20971] FAULT_INJECTION: forcing a failure. [ 879.477771][T20971] name failslab, interval 1, probability 0, space 0, times 0 [ 879.780138][T20971] CPU: 0 UID: 0 PID: 20971 Comm: syz.2.2991 Tainted: G U L syzkaller #0 PREEMPT(full) [ 879.780164][T20971] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 879.780170][T20971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 879.780179][T20971] Call Trace: [ 879.780184][T20971] [ 879.780191][T20971] dump_stack_lvl+0x100/0x190 [ 879.780217][T20971] should_fail_ex.cold+0x5/0xa [ 879.780233][T20971] should_failslab+0xc2/0x120 [ 879.780249][T20971] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 879.780269][T20971] ? do_getname+0x35/0x390 [ 879.780295][T20971] do_getname+0x35/0x390 [ 879.780314][T20971] do_sys_openat2+0xc5/0x1e0 [ 879.780332][T20971] ? __pfx_do_sys_openat2+0x10/0x10 [ 879.780351][T20971] ? find_held_lock+0x2b/0x80 [ 879.780369][T20971] __x64_sys_openat+0x12d/0x210 [ 879.780388][T20971] ? __pfx___x64_sys_openat+0x10/0x10 [ 879.780413][T20971] do_syscall_64+0x106/0xf80 [ 879.780433][T20971] ? clear_bhb_loop+0x40/0x90 [ 879.780450][T20971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 879.780465][T20971] RIP: 0033:0x7f003a59c799 [ 879.780477][T20971] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 879.780491][T20971] RSP: 002b:00007f003b418028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 879.780505][T20971] RAX: ffffffffffffffda RBX: 00007f003a816270 RCX: 00007f003a59c799 [ 879.780515][T20971] RDX: 0000000000202a00 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 879.780524][T20971] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 879.780533][T20971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 879.780541][T20971] R13: 00007f003a816308 R14: 00007f003a816270 R15: 00007ffe6deeb3b8 [ 879.780560][T20971] [ 882.329153][ T7566] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 886.703638][T21038] rnbd_client L213: map_device: Parameters missing [ 886.977284][T21042] hub 1-0:1.0: USB hub found [ 887.033524][T21042] hub 1-0:1.0: 1 port detected [ 887.071016][T21040] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3000'. [ 887.180467][T21048] : Can't lookup blockdev [ 887.332154][T21049] netlink: 'syz.3.3000': attribute type 7 has an invalid length. [ 888.272159][ T5872] Process accounting resumed [ 888.283932][T21073] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3007'. [ 888.822013][T21081] FAULT_INJECTION: forcing a failure. [ 888.822013][T21081] name failslab, interval 1, probability 0, space 0, times 0 [ 888.892671][T21081] CPU: 0 UID: 0 PID: 21081 Comm: syz.0.3010 Tainted: G U L syzkaller #0 PREEMPT(full) [ 888.892698][T21081] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 888.892704][T21081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 888.892717][T21081] Call Trace: [ 888.892723][T21081] [ 888.892729][T21081] dump_stack_lvl+0x100/0x190 [ 888.892754][T21081] should_fail_ex.cold+0x5/0xa [ 888.892772][T21081] should_failslab+0xc2/0x120 [ 888.892787][T21081] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 888.892807][T21081] ? alloc_empty_file+0x55/0x1c0 [ 888.892824][T21081] ? __pfx_stack_trace_save+0x10/0x10 [ 888.892841][T21081] alloc_empty_file+0x55/0x1c0 [ 888.892859][T21081] path_openat+0xe8/0x31a0 [ 888.892872][T21081] ? kasan_save_stack+0x3f/0x50 [ 888.892892][T21081] ? kasan_save_stack+0x30/0x50 [ 888.892911][T21081] ? kasan_save_track+0x14/0x30 [ 888.892930][T21081] ? __kasan_slab_alloc+0x89/0x90 [ 888.892942][T21081] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 888.892961][T21081] ? do_getname+0x35/0x390 [ 888.892977][T21081] ? do_sys_openat2+0xc5/0x1e0 [ 888.892995][T21081] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.893012][T21081] ? __pfx_path_openat+0x10/0x10 [ 888.893033][T21081] do_file_open+0x20e/0x430 [ 888.893049][T21081] ? __pfx_do_file_open+0x10/0x10 [ 888.893076][T21081] ? alloc_fd+0x476/0x790 [ 888.893093][T21081] ? do_getname+0x191/0x390 [ 888.893111][T21081] do_sys_openat2+0x10d/0x1e0 [ 888.893129][T21081] ? __pfx_do_sys_openat2+0x10/0x10 [ 888.893145][T21081] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 888.893168][T21081] ? __fget_files+0x21f/0x3d0 [ 888.893187][T21081] __x64_sys_openat+0x12d/0x210 [ 888.893206][T21081] ? __pfx___x64_sys_openat+0x10/0x10 [ 888.893223][T21081] ? ksys_write+0x1ac/0x250 [ 888.893242][T21081] do_syscall_64+0x106/0xf80 [ 888.893261][T21081] ? clear_bhb_loop+0x40/0x90 [ 888.893278][T21081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.893293][T21081] RIP: 0033:0x7f79d919c799 [ 888.893305][T21081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.893319][T21081] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 888.893334][T21081] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 888.893344][T21081] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 888.893353][T21081] RBP: 00007f79da108090 R08: 0000000000000000 R09: 0000000000000000 [ 888.893361][T21081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 888.893370][T21081] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 888.893388][T21081] [ 890.273340][T21084] zswap: compressor  not available [ 891.564462][T20620] syz.3.2904 (20620) used greatest stack depth: 19032 bytes left [ 891.649301][T21101] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3013'. [ 891.705237][T21101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 891.901517][T21101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 892.015202][T21104] random: crng reseeded on system resumption [ 892.747510][T21116] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3017'. [ 894.464300][ T7566] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 894.786345][T21148] random: crng reseeded on system resumption [ 898.018492][T21200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3035'. [ 898.102376][T21200] netlink: 'syz.1.3035': attribute type 7 has an invalid length. [ 898.905496][T21221] vivid-007: ================= START STATUS ================= [ 899.039560][T21221] vivid-007: Generate PTS: true [ 899.044439][T21221] vivid-007: Generate SCR: true [ 899.326979][T21221] tpg source WxH: 320x240 (Y'CbCr) [ 899.409273][T21221] tpg field: 1 [ 899.557775][T21221] tpg crop: (0,0)/320x240 [ 899.671938][T21221] tpg compose: (0,0)/320x240 [ 899.718730][T21221] tpg colorspace: 8 [ 899.722535][T21221] tpg transfer function: 0/0 [ 899.727104][T21221] tpg Y'CbCr encoding: 0/0 [ 899.907954][T21221] tpg quantization: 0/0 [ 899.912127][T21221] tpg RGB range: 0/2 [ 899.916026][T21221] vivid-007: ================== END STATUS ================== [ 900.404279][T21235] Invalid ELF header magic: != ELF [ 901.383093][ T7566] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 902.674436][T20616] syz.3.2904 (20616) used greatest stack depth: 19008 bytes left [ 903.216956][T21257] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3044'. [ 903.547246][T21257] tc_dump_action: action bad kind [ 904.600743][T21282] FAULT_INJECTION: forcing a failure. [ 904.600743][T21282] name failslab, interval 1, probability 0, space 0, times 0 [ 904.670358][T21282] CPU: 0 UID: 0 PID: 21282 Comm: syz.0.3047 Tainted: G U L syzkaller #0 PREEMPT(full) [ 904.670387][T21282] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 904.670393][T21282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 904.670403][T21282] Call Trace: [ 904.670409][T21282] [ 904.670416][T21282] dump_stack_lvl+0x100/0x190 [ 904.670449][T21282] should_fail_ex.cold+0x5/0xa [ 904.670468][T21282] should_failslab+0xc2/0x120 [ 904.670485][T21282] __kmalloc_cache_noprof+0x7a/0x6f0 [ 904.670505][T21282] ? snd_seq_timer_new+0x44/0x1b0 [ 904.670531][T21282] snd_seq_timer_new+0x44/0x1b0 [ 904.670552][T21282] snd_seq_queue_alloc+0x177/0x590 [ 904.670573][T21282] snd_seq_ioctl_create_queue+0xa9/0x370 [ 904.670598][T21282] call_seq_client_ctl+0xa3/0x130 [ 904.670623][T21282] snd_seq_kernel_client_ctl+0x77/0xd0 [ 904.670647][T21282] alloc_seq_queue+0xdb/0x180 [ 904.670662][T21282] ? __pfx_alloc_seq_queue+0x10/0x10 [ 904.670687][T21282] ? mark_held_locks+0x40/0x70 [ 904.670705][T21282] ? _raw_spin_unlock_irq+0x23/0x50 [ 904.670723][T21282] ? lockdep_hardirqs_on+0x78/0x100 [ 904.670745][T21282] snd_seq_oss_open+0x2b2/0xa10 [ 904.670764][T21282] odev_open+0x79/0xc0 [ 904.670776][T21282] ? __pfx_odev_open+0x10/0x10 [ 904.670789][T21282] soundcore_open+0x2e3/0x5a0 [ 904.670807][T21282] ? __pfx_soundcore_open+0x10/0x10 [ 904.670821][T21282] chrdev_open+0x234/0x6a0 [ 904.670836][T21282] ? __pfx_apparmor_file_open+0x10/0x10 [ 904.670859][T21282] ? __pfx_chrdev_open+0x10/0x10 [ 904.670875][T21282] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 904.670895][T21282] do_dentry_open+0x6d8/0x1660 [ 904.670919][T21282] ? __pfx_chrdev_open+0x10/0x10 [ 904.670939][T21282] vfs_open+0x82/0x3f0 [ 904.670960][T21282] path_openat+0x208c/0x31a0 [ 904.670983][T21282] ? __pfx_path_openat+0x10/0x10 [ 904.671006][T21282] do_file_open+0x20e/0x430 [ 904.671022][T21282] ? __pfx_do_file_open+0x10/0x10 [ 904.671051][T21282] ? alloc_fd+0x476/0x790 [ 904.671067][T21282] ? do_getname+0x191/0x390 [ 904.671087][T21282] do_sys_openat2+0x10d/0x1e0 [ 904.671106][T21282] ? __pfx_do_sys_openat2+0x10/0x10 [ 904.671126][T21282] ? __fget_files+0x21f/0x3d0 [ 904.671144][T21282] __x64_sys_openat+0x12d/0x210 [ 904.671164][T21282] ? __pfx___x64_sys_openat+0x10/0x10 [ 904.671190][T21282] do_syscall_64+0x106/0xf80 [ 904.671209][T21282] ? clear_bhb_loop+0x40/0x90 [ 904.671228][T21282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 904.671243][T21282] RIP: 0033:0x7f79d919c799 [ 904.671257][T21282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 904.671272][T21282] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 904.671287][T21282] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 904.671297][T21282] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 904.671307][T21282] RBP: 00007f79d9232c99 R08: 0000000000000000 R09: 0000000000000000 [ 904.671317][T21282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 904.671326][T21282] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 904.671346][T21282] [ 905.652939][T21285] netlink: 'syz.0.3048': attribute type 4 has an invalid length. [ 905.730909][T21285] netlink: 226 bytes leftover after parsing attributes in process `syz.0.3048'. [ 906.372937][T20621] syz.3.2904 (20621) used greatest stack depth: 17880 bytes left [ 906.718965][T21283] [U] ^Z [ 907.243558][T21289] : Can't lookup blockdev [ 908.213751][ T10] Process accounting resumed [ 909.485744][T21320] vivid-007: ================= START STATUS ================= [ 909.500387][T21320] vivid-007: Generate PTS: true [ 909.523594][T21320] vivid-007: Generate SCR: true [ 909.553416][T21320] tpg source WxH: 320x240 (Y'CbCr) [ 909.558530][T21320] tpg field: 1 [ 909.603250][T21320] tpg crop: (0,0)/320x240 [ 909.652826][T21320] tpg compose: (0,0)/320x240 [ 909.663075][T21320] tpg colorspace: 8 [ 909.666888][T21320] tpg transfer function: 0/0 [ 909.705431][T21320] tpg Y'CbCr encoding: 0/0 [ 909.709840][T21320] tpg quantization: 0/0 [ 909.763559][T21320] tpg RGB range: 0/2 [ 909.784175][T21320] vivid-007: ================== END STATUS ================== [ 911.926342][T21343] FAULT_INJECTION: forcing a failure. [ 911.926342][T21343] name failslab, interval 1, probability 0, space 0, times 0 [ 912.008562][T21342] sp0: Synchronizing with TNC [ 912.054873][T21343] CPU: 0 UID: 0 PID: 21343 Comm: syz.3.3063 Tainted: G U L syzkaller #0 PREEMPT(full) [ 912.054901][T21343] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 912.054907][T21343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 912.054917][T21343] Call Trace: [ 912.054923][T21343] [ 912.054930][T21343] dump_stack_lvl+0x100/0x190 [ 912.054960][T21343] should_fail_ex.cold+0x5/0xa [ 912.054979][T21343] should_failslab+0xc2/0x120 [ 912.054997][T21343] __kmalloc_cache_noprof+0x7a/0x6f0 [ 912.055017][T21343] ? drm_file_alloc+0x74/0xb40 [ 912.055040][T21343] drm_file_alloc+0x74/0xb40 [ 912.055061][T21343] drm_open_helper+0x1fc/0x540 [ 912.055082][T21343] drm_open+0x1a0/0x3e0 [ 912.055100][T21343] ? __pfx_drm_open+0x10/0x10 [ 912.055118][T21343] drm_stub_open+0x20f/0x380 [ 912.055137][T21343] ? __pfx_drm_stub_open+0x10/0x10 [ 912.055155][T21343] chrdev_open+0x234/0x6a0 [ 912.055170][T21343] ? __pfx_apparmor_file_open+0x10/0x10 [ 912.055206][T21343] ? __pfx_chrdev_open+0x10/0x10 [ 912.055223][T21343] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 912.055245][T21343] do_dentry_open+0x6d8/0x1660 [ 912.055261][T21343] ? __pfx_chrdev_open+0x10/0x10 [ 912.055281][T21343] vfs_open+0x82/0x3f0 [ 912.055301][T21343] path_openat+0x208c/0x31a0 [ 912.055322][T21343] ? __pfx_path_openat+0x10/0x10 [ 912.055344][T21343] do_file_open+0x20e/0x430 [ 912.055360][T21343] ? __pfx_do_file_open+0x10/0x10 [ 912.055389][T21343] ? alloc_fd+0x476/0x790 [ 912.055405][T21343] ? do_getname+0x191/0x390 [ 912.055425][T21343] do_sys_openat2+0x10d/0x1e0 [ 912.055444][T21343] ? __pfx_do_sys_openat2+0x10/0x10 [ 912.055464][T21343] ? __fget_files+0x21f/0x3d0 [ 912.055482][T21343] __x64_sys_openat+0x12d/0x210 [ 912.055501][T21343] ? __pfx___x64_sys_openat+0x10/0x10 [ 912.055521][T21343] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 912.055540][T21343] ? syscall_user_dispatch+0x76/0x130 [ 912.055564][T21343] do_syscall_64+0x106/0xf80 [ 912.055586][T21343] ? clear_bhb_loop+0x40/0x90 [ 912.055605][T21343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.055620][T21343] RIP: 0033:0x7f1c4b19c799 [ 912.055633][T21343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 912.055648][T21343] RSP: 002b:00007f1c4c054028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 912.055663][T21343] RAX: ffffffffffffffda RBX: 00007f1c4b415fa0 RCX: 00007f1c4b19c799 [ 912.055673][T21343] RDX: 0000000000129800 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 912.055683][T21343] RBP: 00007f1c4b232c99 R08: 0000000000000000 R09: 0000000000000000 [ 912.055693][T21343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 912.055703][T21343] R13: 00007f1c4b416038 R14: 00007f1c4b415fa0 R15: 00007fff69afa088 [ 912.055722][T21343] [ 912.717805][ T29] audit: type=1800 audit(4295115552.792:61): pid=21342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3062" name="lu_gp_id" dev="configfs" ino=284376 res=0 errno=0 [ 912.914988][T21356] random: crng reseeded on system resumption [ 914.787273][ T7566] block nbd0: Receive control failed (result -32) [ 915.798843][ T5872] Process accounting resumed [ 916.477577][T21413] rnbd_client L213: map_device: Parameters missing [ 916.826487][T19777] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 917.640581][T21425] FAULT_INJECTION: forcing a failure. [ 917.640581][T21425] name failslab, interval 1, probability 0, space 0, times 0 [ 917.777507][T21425] CPU: 0 UID: 0 PID: 21425 Comm: syz.2.3079 Tainted: G U L syzkaller #0 PREEMPT(full) [ 917.777535][T21425] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 917.777541][T21425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 917.777551][T21425] Call Trace: [ 917.777557][T21425] [ 917.777563][T21425] dump_stack_lvl+0x100/0x190 [ 917.777591][T21425] should_fail_ex.cold+0x5/0xa [ 917.777611][T21425] should_failslab+0xc2/0x120 [ 917.777636][T21425] __kmalloc_cache_noprof+0x7a/0x6f0 [ 917.777656][T21425] ? snd_seq_prioq_new+0x3f/0x110 [ 917.777678][T21425] ? lockdep_init_map_type+0x5c/0x250 [ 917.777702][T21425] snd_seq_prioq_new+0x3f/0x110 [ 917.777721][T21425] snd_seq_queue_alloc+0x153/0x590 [ 917.777742][T21425] snd_seq_ioctl_create_queue+0xa9/0x370 [ 917.777767][T21425] call_seq_client_ctl+0xa3/0x130 [ 917.777790][T21425] snd_seq_kernel_client_ctl+0x77/0xd0 [ 917.777814][T21425] alloc_seq_queue+0xdb/0x180 [ 917.777829][T21425] ? __pfx_alloc_seq_queue+0x10/0x10 [ 917.777854][T21425] ? mark_held_locks+0x40/0x70 [ 917.777872][T21425] ? _raw_spin_unlock_irq+0x23/0x50 [ 917.777890][T21425] ? lockdep_hardirqs_on+0x78/0x100 [ 917.777912][T21425] snd_seq_oss_open+0x2b2/0xa10 [ 917.777931][T21425] odev_open+0x79/0xc0 [ 917.777943][T21425] ? __pfx_odev_open+0x10/0x10 [ 917.777956][T21425] soundcore_open+0x2e3/0x5a0 [ 917.777973][T21425] ? __pfx_soundcore_open+0x10/0x10 [ 917.777987][T21425] chrdev_open+0x234/0x6a0 [ 917.778002][T21425] ? __pfx_apparmor_file_open+0x10/0x10 [ 917.778026][T21425] ? __pfx_chrdev_open+0x10/0x10 [ 917.778042][T21425] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 917.778062][T21425] do_dentry_open+0x6d8/0x1660 [ 917.778076][T21425] ? __pfx_chrdev_open+0x10/0x10 [ 917.778096][T21425] vfs_open+0x82/0x3f0 [ 917.778116][T21425] path_openat+0x208c/0x31a0 [ 917.778138][T21425] ? __pfx_path_openat+0x10/0x10 [ 917.778160][T21425] do_file_open+0x20e/0x430 [ 917.778177][T21425] ? __pfx_do_file_open+0x10/0x10 [ 917.778206][T21425] ? alloc_fd+0x476/0x790 [ 917.778222][T21425] ? do_getname+0x191/0x390 [ 917.778242][T21425] do_sys_openat2+0x10d/0x1e0 [ 917.778261][T21425] ? __pfx_do_sys_openat2+0x10/0x10 [ 917.778281][T21425] ? find_held_lock+0x2b/0x80 [ 917.778300][T21425] __x64_sys_openat+0x12d/0x210 [ 917.778319][T21425] ? __pfx___x64_sys_openat+0x10/0x10 [ 917.778345][T21425] do_syscall_64+0x106/0xf80 [ 917.778364][T21425] ? clear_bhb_loop+0x40/0x90 [ 917.778382][T21425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.778397][T21425] RIP: 0033:0x7f003a59c799 [ 917.778411][T21425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 917.778426][T21425] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 917.778441][T21425] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 917.778451][T21425] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 917.778461][T21425] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 917.778470][T21425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 917.778480][T21425] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 917.778500][T21425] [ 919.878946][T21459] sp0: Synchronizing with TNC [ 920.067366][ T29] audit: type=1800 audit(4295115560.148:62): pid=21459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3088" name="lu_gp_id" dev="configfs" ino=289344 res=0 errno=0 [ 920.190699][T21481] FAULT_INJECTION: forcing a failure. [ 920.190699][T21481] name failslab, interval 1, probability 0, space 0, times 0 [ 920.295317][T21481] CPU: 0 UID: 0 PID: 21481 Comm: syz.0.3090 Tainted: G U L syzkaller #0 PREEMPT(full) [ 920.295346][T21481] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 920.295353][T21481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 920.295362][T21481] Call Trace: [ 920.295368][T21481] [ 920.295374][T21481] dump_stack_lvl+0x100/0x190 [ 920.295402][T21481] should_fail_ex.cold+0x5/0xa [ 920.295426][T21481] should_failslab+0xc2/0x120 [ 920.295443][T21481] __kmalloc_cache_noprof+0x7a/0x6f0 [ 920.295462][T21481] ? snd_seq_prioq_new+0x3f/0x110 [ 920.295483][T21481] ? lockdep_init_map_type+0x5c/0x250 [ 920.295506][T21481] snd_seq_prioq_new+0x3f/0x110 [ 920.295526][T21481] snd_seq_queue_alloc+0x153/0x590 [ 920.295549][T21481] snd_seq_ioctl_create_queue+0xa9/0x370 [ 920.295573][T21481] call_seq_client_ctl+0xa3/0x130 [ 920.295597][T21481] snd_seq_kernel_client_ctl+0x77/0xd0 [ 920.295621][T21481] alloc_seq_queue+0xdb/0x180 [ 920.295636][T21481] ? __pfx_alloc_seq_queue+0x10/0x10 [ 920.295661][T21481] ? mark_held_locks+0x40/0x70 [ 920.295679][T21481] ? _raw_spin_unlock_irq+0x23/0x50 [ 920.295697][T21481] ? lockdep_hardirqs_on+0x78/0x100 [ 920.295720][T21481] snd_seq_oss_open+0x2b2/0xa10 [ 920.295738][T21481] odev_open+0x79/0xc0 [ 920.295756][T21481] ? __pfx_odev_open+0x10/0x10 [ 920.295770][T21481] soundcore_open+0x2e3/0x5a0 [ 920.295787][T21481] ? __pfx_soundcore_open+0x10/0x10 [ 920.295802][T21481] chrdev_open+0x234/0x6a0 [ 920.295818][T21481] ? __pfx_apparmor_file_open+0x10/0x10 [ 920.295842][T21481] ? __pfx_chrdev_open+0x10/0x10 [ 920.295858][T21481] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 920.295878][T21481] do_dentry_open+0x6d8/0x1660 [ 920.295893][T21481] ? __pfx_chrdev_open+0x10/0x10 [ 920.295913][T21481] vfs_open+0x82/0x3f0 [ 920.295933][T21481] path_openat+0x208c/0x31a0 [ 920.295956][T21481] ? __pfx_path_openat+0x10/0x10 [ 920.295978][T21481] do_file_open+0x20e/0x430 [ 920.295995][T21481] ? __pfx_do_file_open+0x10/0x10 [ 920.296024][T21481] ? alloc_fd+0x476/0x790 [ 920.296040][T21481] ? do_getname+0x191/0x390 [ 920.296060][T21481] do_sys_openat2+0x10d/0x1e0 [ 920.296079][T21481] ? __pfx_do_sys_openat2+0x10/0x10 [ 920.296099][T21481] ? find_held_lock+0x2b/0x80 [ 920.296118][T21481] __x64_sys_openat+0x12d/0x210 [ 920.296151][T21481] ? __pfx___x64_sys_openat+0x10/0x10 [ 920.296179][T21481] do_syscall_64+0x106/0xf80 [ 920.296199][T21481] ? clear_bhb_loop+0x40/0x90 [ 920.296217][T21481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 920.296233][T21481] RIP: 0033:0x7f79d919c799 [ 920.296246][T21481] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 920.296261][T21481] RSP: 002b:00007f79da108028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 920.296277][T21481] RAX: ffffffffffffffda RBX: 00007f79d9415fa0 RCX: 00007f79d919c799 [ 920.296288][T21481] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 920.296298][T21481] RBP: 00007f79d9232c99 R08: 0000000000000000 R09: 0000000000000000 [ 920.296307][T21481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 920.296316][T21481] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 920.296337][T21481] [ 920.907194][T21488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3092'. [ 920.916744][T21488] netlink: 'syz.0.3092': attribute type 7 has an invalid length. [ 922.436210][T21523] FAULT_INJECTION: forcing a failure. [ 922.436210][T21523] name failslab, interval 1, probability 0, space 0, times 0 [ 922.531682][T21523] CPU: 0 UID: 0 PID: 21523 Comm: syz.2.3101 Tainted: G U L syzkaller #0 PREEMPT(full) [ 922.531710][T21523] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 922.531717][T21523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 922.531727][T21523] Call Trace: [ 922.531732][T21523] [ 922.531738][T21523] dump_stack_lvl+0x100/0x190 [ 922.531766][T21523] should_fail_ex.cold+0x5/0xa [ 922.531785][T21523] should_failslab+0xc2/0x120 [ 922.531802][T21523] __kmalloc_cache_noprof+0x7a/0x6f0 [ 922.531822][T21523] ? snd_seq_prioq_new+0x3f/0x110 [ 922.531843][T21523] ? lockdep_init_map_type+0x5c/0x250 [ 922.531866][T21523] snd_seq_prioq_new+0x3f/0x110 [ 922.531885][T21523] snd_seq_queue_alloc+0x153/0x590 [ 922.531907][T21523] snd_seq_ioctl_create_queue+0xa9/0x370 [ 922.531931][T21523] call_seq_client_ctl+0xa3/0x130 [ 922.531955][T21523] snd_seq_kernel_client_ctl+0x77/0xd0 [ 922.531978][T21523] alloc_seq_queue+0xdb/0x180 [ 922.531994][T21523] ? __pfx_alloc_seq_queue+0x10/0x10 [ 922.532019][T21523] ? mark_held_locks+0x40/0x70 [ 922.532036][T21523] ? _raw_spin_unlock_irq+0x23/0x50 [ 922.532055][T21523] ? lockdep_hardirqs_on+0x78/0x100 [ 922.532077][T21523] snd_seq_oss_open+0x2b2/0xa10 [ 922.532096][T21523] odev_open+0x79/0xc0 [ 922.532108][T21523] ? __pfx_odev_open+0x10/0x10 [ 922.532122][T21523] soundcore_open+0x2e3/0x5a0 [ 922.532139][T21523] ? __pfx_soundcore_open+0x10/0x10 [ 922.532154][T21523] chrdev_open+0x234/0x6a0 [ 922.532168][T21523] ? __pfx_apparmor_file_open+0x10/0x10 [ 922.532200][T21523] ? __pfx_chrdev_open+0x10/0x10 [ 922.532217][T21523] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 922.532238][T21523] do_dentry_open+0x6d8/0x1660 [ 922.532253][T21523] ? __pfx_chrdev_open+0x10/0x10 [ 922.532277][T21523] vfs_open+0x82/0x3f0 [ 922.532297][T21523] path_openat+0x208c/0x31a0 [ 922.532319][T21523] ? __pfx_path_openat+0x10/0x10 [ 922.532341][T21523] do_file_open+0x20e/0x430 [ 922.532358][T21523] ? __pfx_do_file_open+0x10/0x10 [ 922.532387][T21523] ? alloc_fd+0x476/0x790 [ 922.532404][T21523] ? do_getname+0x191/0x390 [ 922.532423][T21523] do_sys_openat2+0x10d/0x1e0 [ 922.532442][T21523] ? __pfx_do_sys_openat2+0x10/0x10 [ 922.532462][T21523] ? find_held_lock+0x2b/0x80 [ 922.532480][T21523] __x64_sys_openat+0x12d/0x210 [ 922.532500][T21523] ? __pfx___x64_sys_openat+0x10/0x10 [ 922.532526][T21523] do_syscall_64+0x106/0xf80 [ 922.532545][T21523] ? clear_bhb_loop+0x40/0x90 [ 922.532564][T21523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.532579][T21523] RIP: 0033:0x7f003a59c799 [ 922.532593][T21523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 922.532608][T21523] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 922.532623][T21523] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 922.532633][T21523] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 922.532643][T21523] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 922.532652][T21523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 922.532662][T21523] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 922.532682][T21523] [ 923.248741][ T5872] Process accounting resumed [ 923.606229][T21535] FAULT_INJECTION: forcing a failure. [ 923.606229][T21535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 923.685587][T21535] CPU: 0 UID: 0 PID: 21535 Comm: syz.0.3105 Tainted: G U L syzkaller #0 PREEMPT(full) [ 923.685612][T21535] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 923.685618][T21535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 923.685627][T21535] Call Trace: [ 923.685632][T21535] [ 923.685638][T21535] dump_stack_lvl+0x100/0x190 [ 923.685663][T21535] should_fail_ex.cold+0x5/0xa [ 923.685680][T21535] _copy_to_user+0x32/0xd0 [ 923.685699][T21535] simple_read_from_buffer+0xcb/0x170 [ 923.685722][T21535] proc_fail_nth_read+0x1af/0x230 [ 923.685742][T21535] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 923.685760][T21535] ? rw_verify_area+0xce/0x6d0 [ 923.685779][T21535] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 923.685796][T21535] vfs_read+0x1e4/0xb30 [ 923.685819][T21535] ? __pfx_vfs_read+0x10/0x10 [ 923.685839][T21535] ? __fget_files+0x215/0x3d0 [ 923.685861][T21535] ? __fget_files+0x21f/0x3d0 [ 923.685880][T21535] ksys_read+0x12a/0x250 [ 923.685892][T21535] ? __pfx_ksys_read+0x10/0x10 [ 923.685915][T21535] do_syscall_64+0x106/0xf80 [ 923.685935][T21535] ? clear_bhb_loop+0x40/0x90 [ 923.685952][T21535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.685966][T21535] RIP: 0033:0x7f79d915cfce [ 923.685979][T21535] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 923.685993][T21535] RSP: 002b:00007f79da107fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 923.686007][T21535] RAX: ffffffffffffffda RBX: 00007f79da1086c0 RCX: 00007f79d915cfce [ 923.686016][T21535] RDX: 000000000000000f RSI: 00007f79da1080a0 RDI: 0000000000000003 [ 923.686025][T21535] RBP: 00007f79da108090 R08: 0000000000000000 R09: 0000000000000000 [ 923.686034][T21535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 923.686042][T21535] R13: 00007f79d9416038 R14: 00007f79d9415fa0 R15: 00007ffdf96d3ec8 [ 923.686061][T21535] [ 926.383440][T21569] net_ratelimit: 10 callbacks suppressed [ 926.383456][T21569] netlink: zone id is out of range [ 926.461457][T21569] netlink: zone id is out of range [ 926.510016][T21569] netlink: zone id is out of range [ 926.550901][T21569] netlink: zone id is out of range [ 926.587466][T21569] netlink: zone id is out of range [ 926.637817][T21569] netlink: zone id is out of range [ 926.697440][T21569] netlink: zone id is out of range [ 926.796545][T21569] netlink: set zone limit has 8 unknown bytes [ 927.164505][T21579] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3118'. [ 928.444971][ T29] audit: type=1800 audit(4295115568.534:63): pid=21614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3123" name="lu_gp_id" dev="configfs" ino=294986 res=0 errno=0 [ 928.818415][T21617] random: crng reseeded on system resumption [ 929.005311][T21622] netlink: zone id is out of range [ 929.010652][T21622] netlink: zone id is out of range [ 929.181336][T21631] FAULT_INJECTION: forcing a failure. [ 929.181336][T21631] name failslab, interval 1, probability 0, space 0, times 0 [ 929.265897][T21631] CPU: 0 UID: 0 PID: 21631 Comm: syz.2.3129 Tainted: G U L syzkaller #0 PREEMPT(full) [ 929.265925][T21631] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 929.265931][T21631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 929.265942][T21631] Call Trace: [ 929.265947][T21631] [ 929.265954][T21631] dump_stack_lvl+0x100/0x190 [ 929.265981][T21631] should_fail_ex.cold+0x5/0xa [ 929.266000][T21631] should_failslab+0xc2/0x120 [ 929.266016][T21631] __kmalloc_cache_noprof+0x7a/0x6f0 [ 929.266037][T21631] ? snd_seq_timer_new+0x44/0x1b0 [ 929.266063][T21631] snd_seq_timer_new+0x44/0x1b0 [ 929.266084][T21631] snd_seq_queue_alloc+0x177/0x590 [ 929.266106][T21631] snd_seq_ioctl_create_queue+0xa9/0x370 [ 929.266131][T21631] call_seq_client_ctl+0xa3/0x130 [ 929.266154][T21631] snd_seq_kernel_client_ctl+0x77/0xd0 [ 929.266178][T21631] alloc_seq_queue+0xdb/0x180 [ 929.266193][T21631] ? __pfx_alloc_seq_queue+0x10/0x10 [ 929.266218][T21631] ? mark_held_locks+0x40/0x70 [ 929.266237][T21631] ? _raw_spin_unlock_irq+0x23/0x50 [ 929.266255][T21631] ? lockdep_hardirqs_on+0x78/0x100 [ 929.266277][T21631] snd_seq_oss_open+0x2b2/0xa10 [ 929.266296][T21631] odev_open+0x79/0xc0 [ 929.266308][T21631] ? __pfx_odev_open+0x10/0x10 [ 929.266321][T21631] soundcore_open+0x2e3/0x5a0 [ 929.266338][T21631] ? __pfx_soundcore_open+0x10/0x10 [ 929.266352][T21631] chrdev_open+0x234/0x6a0 [ 929.266368][T21631] ? __pfx_apparmor_file_open+0x10/0x10 [ 929.266392][T21631] ? __pfx_chrdev_open+0x10/0x10 [ 929.266408][T21631] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 929.266428][T21631] do_dentry_open+0x6d8/0x1660 [ 929.266443][T21631] ? __pfx_chrdev_open+0x10/0x10 [ 929.266464][T21631] vfs_open+0x82/0x3f0 [ 929.266484][T21631] path_openat+0x208c/0x31a0 [ 929.266506][T21631] ? __pfx_path_openat+0x10/0x10 [ 929.266528][T21631] do_file_open+0x20e/0x430 [ 929.266555][T21631] ? __pfx_do_file_open+0x10/0x10 [ 929.266585][T21631] ? alloc_fd+0x476/0x790 [ 929.266602][T21631] ? do_getname+0x191/0x390 [ 929.266623][T21631] do_sys_openat2+0x10d/0x1e0 [ 929.266642][T21631] ? __pfx_do_sys_openat2+0x10/0x10 [ 929.266663][T21631] ? __fget_files+0x21f/0x3d0 [ 929.266681][T21631] __x64_sys_openat+0x12d/0x210 [ 929.266700][T21631] ? __pfx___x64_sys_openat+0x10/0x10 [ 929.266727][T21631] do_syscall_64+0x106/0xf80 [ 929.266747][T21631] ? clear_bhb_loop+0x40/0x90 [ 929.266765][T21631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.266780][T21631] RIP: 0033:0x7f003a59c799 [ 929.266794][T21631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 929.266808][T21631] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 929.266823][T21631] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 929.266833][T21631] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 929.266842][T21631] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 929.266852][T21631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.266862][T21631] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 929.266882][T21631] [ 929.631853][T21636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3128'. [ 929.780561][T21634] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3128'. [ 929.790939][T21628] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3128'. [ 930.600080][T21639] Invalid ELF header magic: != ELF [ 931.637296][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.643629][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.598617][T21665] zswap: compressor not available [ 932.694590][T21672] FAULT_INJECTION: forcing a failure. [ 932.694590][T21672] name failslab, interval 1, probability 0, space 0, times 0 [ 932.795011][T21672] CPU: 0 UID: 0 PID: 21672 Comm: syz.3.3138 Tainted: G U L syzkaller #0 PREEMPT(full) [ 932.795038][T21672] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 932.795043][T21672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 932.795053][T21672] Call Trace: [ 932.795058][T21672] [ 932.795064][T21672] dump_stack_lvl+0x100/0x190 [ 932.795090][T21672] should_fail_ex.cold+0x5/0xa [ 932.795107][T21672] should_failslab+0xc2/0x120 [ 932.795122][T21672] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 932.795143][T21672] ? __d_alloc+0x34/0xa80 [ 932.795159][T21672] ? security_inode_alloc+0xcf/0x2c0 [ 932.795184][T21672] __d_alloc+0x34/0xa80 [ 932.795199][T21672] ? __ns_ref_active_get+0x9f/0x1b0 [ 932.795219][T21672] path_from_stashed+0x427/0x750 [ 932.795239][T21672] ns_get_path+0x60/0x80 [ 932.795254][T21672] proc_ns_get_link+0x121/0x230 [ 932.795273][T21672] ? __pfx_proc_ns_get_link+0x10/0x10 [ 932.795293][T21672] ? atime_needs_update+0x8b/0x6b0 [ 932.795314][T21672] pick_link+0xd17/0x13c0 [ 932.795334][T21672] ? __pfx_proc_ns_get_link+0x10/0x10 [ 932.795355][T21672] step_into_slowpath+0x9ba/0xf90 [ 932.795379][T21672] ? __pfx_step_into_slowpath+0x10/0x10 [ 932.795398][T21672] ? find_held_lock+0x2b/0x80 [ 932.795418][T21672] path_openat+0xf95/0x31a0 [ 932.795438][T21672] ? __pfx_path_openat+0x10/0x10 [ 932.795460][T21672] do_file_open+0x20e/0x430 [ 932.795475][T21672] ? __pfx_do_file_open+0x10/0x10 [ 932.795502][T21672] ? alloc_fd+0x476/0x790 [ 932.795518][T21672] ? do_getname+0x191/0x390 [ 932.795536][T21672] do_sys_openat2+0x10d/0x1e0 [ 932.795554][T21672] ? __pfx_do_sys_openat2+0x10/0x10 [ 932.795573][T21672] ? __fget_files+0x21f/0x3d0 [ 932.795590][T21672] __x64_sys_openat+0x12d/0x210 [ 932.795608][T21672] ? __pfx___x64_sys_openat+0x10/0x10 [ 932.795633][T21672] do_syscall_64+0x106/0xf80 [ 932.795652][T21672] ? clear_bhb_loop+0x40/0x90 [ 932.795669][T21672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 932.795684][T21672] RIP: 0033:0x7f1c4b15cfce [ 932.795696][T21672] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 932.795710][T21672] RSP: 002b:00007f1c4c053ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 932.795724][T21672] RAX: ffffffffffffffda RBX: 00007f1c4c0546c0 RCX: 00007f1c4b15cfce [ 932.795734][T21672] RDX: 0000000000000002 RSI: 00007f1c4c053f90 RDI: ffffffffffffff9c [ 932.795743][T21672] RBP: 00007f1c4b232c99 R08: 0000000000000000 R09: 0000000000000000 [ 932.795751][T21672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 932.795760][T21672] R13: 00007f1c4b416038 R14: 00007f1c4b415fa0 R15: 00007fff69afa088 [ 932.795779][T21672] [ 933.075220][T21674] FAULT_INJECTION: forcing a failure. [ 933.075220][T21674] name failslab, interval 1, probability 0, space 0, times 0 [ 933.087903][T21674] CPU: 0 UID: 0 PID: 21674 Comm: syz.2.3139 Tainted: G U L syzkaller #0 PREEMPT(full) [ 933.087930][T21674] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 933.087936][T21674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 933.087946][T21674] Call Trace: [ 933.087952][T21674] [ 933.087958][T21674] dump_stack_lvl+0x100/0x190 [ 933.087984][T21674] should_fail_ex.cold+0x5/0xa [ 933.088003][T21674] should_failslab+0xc2/0x120 [ 933.088018][T21674] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 933.088040][T21674] ? __d_alloc+0x34/0xa80 [ 933.088057][T21674] ? lockdep_init_map_type+0x5c/0x250 [ 933.088080][T21674] __d_alloc+0x34/0xa80 [ 933.088097][T21674] d_alloc_pseudo+0x1c/0xc0 [ 933.088118][T21674] alloc_file_pseudo+0xcf/0x230 [ 933.088138][T21674] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 933.088156][T21674] ? alloc_fd+0x476/0x790 [ 933.088174][T21674] sock_alloc_file+0x50/0x210 [ 933.088199][T21674] __sys_socket+0x1c0/0x260 [ 933.088224][T21674] ? __pfx___sys_socket+0x10/0x10 [ 933.088246][T21674] __x64_sys_socket+0x72/0xb0 [ 933.088262][T21674] ? lockdep_hardirqs_on+0x78/0x100 [ 933.088283][T21674] do_syscall_64+0x106/0xf80 [ 933.088303][T21674] ? clear_bhb_loop+0x40/0x90 [ 933.088321][T21674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.088337][T21674] RIP: 0033:0x7f003a59c799 [ 933.088351][T21674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 933.088366][T21674] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 933.088381][T21674] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 933.088391][T21674] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 933.088400][T21674] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 933.088409][T21674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.088418][T21674] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 933.088437][T21674] [ 933.708258][T21682] FAULT_INJECTION: forcing a failure. [ 933.708258][T21682] name failslab, interval 1, probability 0, space 0, times 0 [ 933.764918][T21682] CPU: 0 UID: 0 PID: 21682 Comm: syz.2.3141 Tainted: G U L syzkaller #0 PREEMPT(full) [ 933.764946][T21682] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 933.764953][T21682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 933.764962][T21682] Call Trace: [ 933.764969][T21682] [ 933.764975][T21682] dump_stack_lvl+0x100/0x190 [ 933.765003][T21682] should_fail_ex.cold+0x5/0xa [ 933.765021][T21682] should_failslab+0xc2/0x120 [ 933.765038][T21682] __kmalloc_cache_noprof+0x7a/0x6f0 [ 933.765058][T21682] ? drm_file_alloc+0x74/0xb40 [ 933.765080][T21682] drm_file_alloc+0x74/0xb40 [ 933.765101][T21682] drm_open_helper+0x1fc/0x540 [ 933.765121][T21682] drm_open+0x1a0/0x3e0 [ 933.765146][T21682] ? __pfx_drm_open+0x10/0x10 [ 933.765165][T21682] drm_stub_open+0x20f/0x380 [ 933.765184][T21682] ? __pfx_drm_stub_open+0x10/0x10 [ 933.765203][T21682] chrdev_open+0x234/0x6a0 [ 933.765219][T21682] ? __pfx_apparmor_file_open+0x10/0x10 [ 933.765242][T21682] ? __pfx_chrdev_open+0x10/0x10 [ 933.765258][T21682] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 933.765279][T21682] do_dentry_open+0x6d8/0x1660 [ 933.765294][T21682] ? __pfx_chrdev_open+0x10/0x10 [ 933.765313][T21682] vfs_open+0x82/0x3f0 [ 933.765334][T21682] path_openat+0x208c/0x31a0 [ 933.765356][T21682] ? __pfx_path_openat+0x10/0x10 [ 933.765378][T21682] do_file_open+0x20e/0x430 [ 933.765395][T21682] ? __pfx_do_file_open+0x10/0x10 [ 933.765423][T21682] ? alloc_fd+0x476/0x790 [ 933.765439][T21682] ? do_getname+0x191/0x390 [ 933.765459][T21682] do_sys_openat2+0x10d/0x1e0 [ 933.765478][T21682] ? __pfx_do_sys_openat2+0x10/0x10 [ 933.765498][T21682] ? __fget_files+0x21f/0x3d0 [ 933.765516][T21682] __x64_sys_openat+0x12d/0x210 [ 933.765535][T21682] ? __pfx___x64_sys_openat+0x10/0x10 [ 933.765561][T21682] do_syscall_64+0x106/0xf80 [ 933.765582][T21682] ? clear_bhb_loop+0x40/0x90 [ 933.765600][T21682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.765615][T21682] RIP: 0033:0x7f003a59c799 [ 933.765628][T21682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 933.765643][T21682] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 933.765658][T21682] RAX: ffffffffffffffda RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 933.765667][T21682] RDX: 0000000000000100 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 933.765677][T21682] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 933.765686][T21682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.765694][T21682] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 933.765715][T21682] [ 934.699009][T19777] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 935.719223][T21683] hub 1-0:1.0: USB hub found [ 935.782597][T21683] hub 1-0:1.0: 1 port detected [ 935.790157][T21701] net_ratelimit: 6 callbacks suppressed [ 935.790170][T21701] netlink: zone id is out of range [ 935.859781][T21701] netlink: zone id is out of range [ 935.865119][T21701] netlink: zone id is out of range [ 935.935527][T21701] netlink: zone id is out of range [ 935.973609][T21701] netlink: zone id is out of range [ 936.000751][T21701] netlink: zone id is out of range [ 936.032391][T21701] netlink: zone id is out of range [ 936.073529][T21701] netlink: zone id is out of range [ 936.177883][T21701] netlink: set zone limit has 8 unknown bytes [ 937.154066][ T9] Process accounting resumed [ 937.289928][T21718] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 937.326830][T21718] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 937.356382][T21718] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 937.416909][T21718] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 937.696109][T21732] FAULT_INJECTION: forcing a failure. [ 937.696109][T21732] name failslab, interval 1, probability 0, space 0, times 0 [ 937.797456][T21732] CPU: 0 UID: 0 PID: 21732 Comm: syz.2.3153 Tainted: G U L syzkaller #0 PREEMPT(full) [ 937.797485][T21732] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 937.797491][T21732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 937.797501][T21732] Call Trace: [ 937.797507][T21732] [ 937.797513][T21732] dump_stack_lvl+0x100/0x190 [ 937.797541][T21732] should_fail_ex.cold+0x5/0xa [ 937.797560][T21732] should_failslab+0xc2/0x120 [ 937.797576][T21732] __kmalloc_cache_noprof+0x7a/0x6f0 [ 937.797595][T21732] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 937.797619][T21732] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 937.797642][T21732] ? __mutex_lock+0x26a/0x1b90 [ 937.797665][T21732] ? snd_pcm_oss_sync+0x243/0x840 [ 937.797681][T21732] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 937.797728][T21732] ? __pfx___mutex_lock+0x10/0x10 [ 937.797752][T21732] ? __fsnotify_parent+0x2b4/0xca0 [ 937.797773][T21732] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 937.797793][T21732] snd_pcm_oss_sync+0x265/0x840 [ 937.797814][T21732] snd_pcm_oss_release+0x238/0x300 [ 937.797832][T21732] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 937.797849][T21732] __fput+0x3ff/0xb40 [ 937.797870][T21732] task_work_run+0x150/0x240 [ 937.797892][T21732] ? __pfx_task_work_run+0x10/0x10 [ 937.797918][T21732] exit_to_user_mode_loop+0x100/0x4a0 [ 937.797939][T21732] do_syscall_64+0x668/0xf80 [ 937.797959][T21732] ? clear_bhb_loop+0x40/0x90 [ 937.797977][T21732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.797992][T21732] RIP: 0033:0x7f003a59c799 [ 937.798005][T21732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 937.798020][T21732] RSP: 002b:00007f003b47b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 937.798035][T21732] RAX: 0000000000000000 RBX: 00007f003a815fa0 RCX: 00007f003a59c799 [ 937.798045][T21732] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 937.798054][T21732] RBP: 00007f003a632c99 R08: 0000000000000000 R09: 0000000000000000 [ 937.798063][T21732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.798072][T21732] R13: 00007f003a816038 R14: 00007f003a815fa0 R15: 00007ffe6deeb3b8 [ 937.798092][T21732] [ 938.432352][T21735] ================================================================== [ 938.432367][T21735] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 938.432469][T21735] Write of size 8 at addr ffffc90004251000 by task syz.1.3155/21735 [ 938.432482][T21735] [ 938.432493][T21735] CPU: 0 UID: 0 PID: 21735 Comm: syz.1.3155 Tainted: G U L syzkaller #0 PREEMPT(full) [ 938.432516][T21735] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 938.432522][T21735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 938.432532][T21735] Call Trace: [ 938.432538][T21735] [ 938.432544][T21735] dump_stack_lvl+0x100/0x190 [ 938.432565][T21735] print_report+0x156/0x4c9 [ 938.432591][T21735] ? _raw_spin_lock_irqsave+0x52/0x60 [ 938.432611][T21735] ? __virt_addr_valid+0x81/0x620 [ 938.432632][T21735] ? sys_fillrect+0x174a/0x1910 [ 938.432652][T21735] kasan_report+0xdf/0x1e0 [ 938.432675][T21735] ? sys_fillrect+0x174a/0x1910 [ 938.432698][T21735] sys_fillrect+0x174a/0x1910 [ 938.432725][T21735] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 938.432777][T21735] bit_clear+0x17d/0x220 [ 938.432794][T21735] ? __pfx_bit_clear+0x10/0x10 [ 938.432811][T21735] ? fb_get_color_depth+0x120/0x250 [ 938.432847][T21735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 938.432875][T21735] __fbcon_clear+0x633/0x760 [ 938.432890][T21735] ? __pfx_bit_clear+0x10/0x10 [ 938.432907][T21735] fbcon_scroll+0x48b/0x650 [ 938.432923][T21735] con_scroll+0x464/0x690 [ 938.432972][T21735] do_con_write+0x6883/0x8540 [ 938.432999][T21735] ? __pfx_do_con_write+0x10/0x10 [ 938.433024][T21735] con_write+0x23/0xb0 [ 938.433043][T21735] n_tty_write+0x44f/0x12d0 [ 938.433062][T21735] ? __pfx_n_tty_write+0x10/0x10 [ 938.433076][T21735] ? trace_kmalloc+0x101/0x130 [ 938.433091][T21735] ? __pfx_woken_wake_function+0x10/0x10 [ 938.433113][T21735] ? rcu_is_watching+0x12/0xc0 [ 938.433133][T21735] ? file_tty_write.isra.0+0x694/0x890 [ 938.433153][T21735] ? kfree+0x2ec/0x6b0 [ 938.433171][T21735] ? __pfx_n_tty_write+0x10/0x10 [ 938.433186][T21735] file_tty_write.isra.0+0x4d2/0x890 [ 938.433208][T21735] redirected_tty_write+0xd4/0x120 [ 938.433228][T21735] vfs_write+0x6ac/0x1070 [ 938.433242][T21735] ? __pfx_redirected_tty_write+0x10/0x10 [ 938.433263][T21735] ? __pfx_vfs_write+0x10/0x10 [ 938.433284][T21735] ? find_held_lock+0x2b/0x80 [ 938.433303][T21735] ksys_write+0x12a/0x250 [ 938.433316][T21735] ? __pfx_ksys_write+0x10/0x10 [ 938.433332][T21735] do_syscall_64+0x106/0xf80 [ 938.433351][T21735] ? clear_bhb_loop+0x40/0x90 [ 938.433368][T21735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.433384][T21735] RIP: 0033:0x7f795699c799 [ 938.433397][T21735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 938.433413][T21735] RSP: 002b:00007f795779c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 938.433428][T21735] RAX: ffffffffffffffda RBX: 00007f7956c15fa0 RCX: 00007f795699c799 [ 938.433439][T21735] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 938.433450][T21735] RBP: 00007f7956a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 938.433459][T21735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.433469][T21735] R13: 00007f7956c16038 R14: 00007f7956c15fa0 R15: 00007ffcb7e5bea8 [ 938.433484][T21735] [ 938.433491][T21735] [ 938.433496][T21735] The buggy address belongs to a vmalloc virtual mapping [ 938.433507][T21735] Memory state around the buggy address: [ 938.433515][T21735] ffffc90004250f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 938.433526][T21735] ffffc90004250f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 938.433537][T21735] >ffffc90004251000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 938.433545][T21735] ^ [ 938.433553][T21735] ffffc90004251080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 938.433563][T21735] ffffc90004251100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 938.433572][T21735] ================================================================== [ 938.433587][T21735] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 938.433599][T21735] CPU: 0 UID: 0 PID: 21735 Comm: syz.1.3155 Tainted: G U L syzkaller #0 PREEMPT(full) [ 938.433623][T21735] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 938.433629][T21735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 938.433638][T21735] Call Trace: [ 938.433643][T21735] [ 938.433649][T21735] dump_stack_lvl+0x100/0x190 [ 938.433678][T21735] vpanic+0x552/0x970 [ 938.433693][T21735] ? __pfx_vpanic+0x10/0x10 [ 938.433707][T21735] ? __pfx_vprintk_emit+0x10/0x10 [ 938.433723][T21735] ? sys_fillrect+0x174a/0x1910 [ 938.433743][T21735] panic+0xd1/0xe0 [ 938.433756][T21735] ? __pfx_panic+0x10/0x10 [ 938.433772][T21735] ? sys_fillrect+0x174a/0x1910 [ 938.433792][T21735] check_panic_on_warn.cold+0x19/0x34 [ 938.433808][T21735] end_report.part.0+0x3a/0x90 [ 938.433828][T21735] kasan_report.cold+0xe/0x18 [ 938.433848][T21735] ? sys_fillrect+0x174a/0x1910 [ 938.433869][T21735] sys_fillrect+0x174a/0x1910 [ 938.433892][T21735] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 938.433917][T21735] bit_clear+0x17d/0x220 [ 938.433933][T21735] ? __pfx_bit_clear+0x10/0x10 [ 938.433949][T21735] ? fb_get_color_depth+0x120/0x250 [ 938.433965][T21735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 938.433990][T21735] __fbcon_clear+0x633/0x760 [ 938.434004][T21735] ? __pfx_bit_clear+0x10/0x10 [ 938.434022][T21735] fbcon_scroll+0x48b/0x650 [ 938.434037][T21735] con_scroll+0x464/0x690 [ 938.434058][T21735] do_con_write+0x6883/0x8540 [ 938.434083][T21735] ? __pfx_do_con_write+0x10/0x10 [ 938.434107][T21735] con_write+0x23/0xb0 [ 938.434127][T21735] n_tty_write+0x44f/0x12d0 [ 938.434145][T21735] ? __pfx_n_tty_write+0x10/0x10 [ 938.434159][T21735] ? trace_kmalloc+0x101/0x130 [ 938.434175][T21735] ? __pfx_woken_wake_function+0x10/0x10 [ 938.434196][T21735] ? rcu_is_watching+0x12/0xc0 [ 938.434217][T21735] ? file_tty_write.isra.0+0x694/0x890 [ 938.434237][T21735] ? kfree+0x2ec/0x6b0 [ 938.434254][T21735] ? __pfx_n_tty_write+0x10/0x10 [ 938.434269][T21735] file_tty_write.isra.0+0x4d2/0x890 [ 938.434291][T21735] redirected_tty_write+0xd4/0x120 [ 938.434311][T21735] vfs_write+0x6ac/0x1070 [ 938.434325][T21735] ? __pfx_redirected_tty_write+0x10/0x10 [ 938.434346][T21735] ? __pfx_vfs_write+0x10/0x10 [ 938.434367][T21735] ? find_held_lock+0x2b/0x80 [ 938.434397][T21735] ksys_write+0x12a/0x250 [ 938.434412][T21735] ? __pfx_ksys_write+0x10/0x10 [ 938.434428][T21735] do_syscall_64+0x106/0xf80 [ 938.434448][T21735] ? clear_bhb_loop+0x40/0x90 [ 938.434464][T21735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.434479][T21735] RIP: 0033:0x7f795699c799 [ 938.434490][T21735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 938.434505][T21735] RSP: 002b:00007f795779c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 938.434519][T21735] RAX: ffffffffffffffda RBX: 00007f7956c15fa0 RCX: 00007f795699c799 [ 938.434529][T21735] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 938.434539][T21735] RBP: 00007f7956a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 938.434548][T21735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.434558][T21735] R13: 00007f7956c16038 R14: 00007f7956c15fa0 R15: 00007ffcb7e5bea8 [ 938.434573][T21735] [ 938.434629][T21735] Kernel Offset: disabled