last executing test programs: 9m53.624383195s ago: executing program 0 (id=145): open(&(0x7f0000000140)='./file0\x00', 0xfe123a878013122a, 0x0) socket(0x2, 0x3, 0x1) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x8000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) pipe$auto(0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x22082, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) mmap$auto(0x0, 0x2020009, 0x4, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0xaa0, 0x0, 0x17) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) readlink$auto(0x0, 0x0, 0x9) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000001d40), 0x101000, 0x0) set_mempolicy$auto(0x3, 0x0, 0x9) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0xc, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x5}, 0x3) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) listmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000024, 0x0, 0x2}, 0x0, 0x0, 0x1) madvise$auto(0x0, 0x1010001, 0x100000003) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2408c810}, 0x40418c0) socket(0x2c, 0x3, 0x0) 9m51.819329348s ago: executing program 0 (id=149): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) 9m51.613766503s ago: executing program 0 (id=150): write$auto(0xffffffffffffffff, 0x0, 0xd) io_uring_setup$auto(0x6, 0x0) ioctl$auto(0x20000000000003, 0x8936, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x80440, 0x0) ioctl$auto_I2C_TIMEOUT(r1, 0x702, 0x0) syz_genetlink_get_family_id$auto_cifs(0x0, r0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0xe0, 0x8, 0x9) madvise$auto(0x0, 0x2c, 0x17) rt_tgsigqueueinfo$auto(0x0, 0x0, 0x21, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000240)={0x0, 0x7}, 0x3) shmctl$auto_SHM_UNLOCK(0x2, 0xc, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x491, 0x400, 0x9}]}) sendmsg$auto_CIFS_GENL_CMD_SWN_NOTIFY(0xffffffffffffffff, 0x0, 0x44) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) ioctl$auto_MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x0) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0) 9m50.417706454s ago: executing program 0 (id=153): select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb1\x00', 0xa8200, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) connect$auto(0x3, &(0x7f00000000c0)=@can, 0x18) close_range$auto(0x2, 0x8, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=&(0x7f0000000040)=':\x00', &(0x7f0000000140)=&(0x7f0000000100)='/dev/fb1\x00') socket(0x10, 0x2, 0x4) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0x2b, 0x1, 0x4) socketpair$auto(0x7, 0x0, 0x4, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) close_range$auto(r1, r0, 0x0) ioctl$auto(r1, 0x89a1, 0x4) 9m49.259509093s ago: executing program 0 (id=158): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x90203, 0x0) write$auto_nvmf_dev_fops_fabrics(r0, 0x0, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fb0\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x6, 0x800, 0x8) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2, 0x0) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r2, &(0x7f0000000040)='nbd\x00', 0x4) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/cpu/vulnerabilities/mmio_stale_data\x00', 0x0, 0x0) mmap$auto(0x0, 0x7, 0x3, 0x8012, 0x3, 0x8000) io_uring_register$auto(0x2, 0xe, 0x0, 0x20) write$auto(r3, &(0x7f00000002c0)='/d-:\xe7J\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xea>=\xe8hUs\xf3N\x10$#_\x01\xdc\x16<\xda>ui\x9eS;\n\xeaG@\xf9\\r\xbc\x06\xfa\x1b\x8d \x9ebd\x10\xea#\xcb(o\x9ei\x89\x84\xa7\x85\xad\xe1\xe0\xf19\xfa4\xb5\ad\x84\f\xc9\x12a3\xb9~\x87\x1c\xd1\xf4V\x06\xa7\x00\x01D\x1eo\xfd\x03\xbe\xd8\x05H|+wsSs\xf9\x11\xc9\x13x\xe0\x8e\x109J\xe7\x9f\x99\x82G(\xabH\xee\xaaPs_\xc3\x00'/157, 0x1eb0800) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x10, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x850}, 0x20008004) prctl$auto_PR_PPC_SET_DEXCR(0x49, 0x8, 0x0, 0x3, 0x4) unshare$auto(0x40000080) socket(0xb, 0x80000, 0x5) mmap$auto(0x0, 0xdb81, 0x2, 0x40eb1, 0xffffffffffffffff, 0x300000000000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/vm/nr_overcommit_hugepages\x00', 0x80001, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) write$auto(r5, 0x0, 0x1) setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4) 9m46.632679524s ago: executing program 0 (id=165): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x7ff, 0x2, 0x13, 0x3) mbind$auto(0x0, 0x40, 0x4, 0x0, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x8000002, 0x20009, 0x8000000400000003, 0xeb1, 0x401, 0x8001) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0x8905, 0xfffffffffffff4e0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000080), 0xffffffffffffffff) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x18, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) r2 = geteuid() fstat$auto(0xffffffffffffffff, &(0x7f0000000040)={0x6, 0xc, 0x200, 0x3, 0xee01, 0x0, 0x0, 0x3, 0x8, 0xfffffffffffffff8, 0x5, 0xb, 0xfffffffffffffffc, 0x80000001, 0x9, 0x8, 0x2}) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xa, 0x2, r2, r3, 0x42) msgctl$auto_IPC_RMID(0xffffff4b, 0x0, &(0x7f00000001c0)={{0x7f28, 0xee01, 0x0, 0xb024, 0x9, 0x6, 0x2}, &(0x7f0000000140)=0x5f, &(0x7f0000000180)=0x80, 0xffffffffffffffff, 0x30ba, 0x2, 0x4, 0x4, 0xc, 0x2, 0x6, @raw=0x4, @inferred=0xffffffffffffffff}) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000240)="8371e68d59c71d1e9df14860bb91ac70c0607c5369c6190e70d5af76859ca3f12d9c3f29c515a4e37e0d107ab3ec3a3b94c390f84a9d92aa73d868ac3c33e82dff0fd6779dca717b48b82e5f1cfbf5a57daa0b77d92f90b300e688882328e2b4acc90a6360ef57b6c3258d63389f4da730634e000d366cc6253dd89122b8e8ac939638c032f1aad4050bcdd4cef7320357b13f9aab3753dc7ef2119f15a133cbf044c74d3c55621c0100dd67db007bd468af7f101548ce574d3961b98833ebf0fe95", 0xc2) sendmsg$auto_IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000700)={&(0x7f0000000780)=ANY=[@ANYBLOB="e4010000", @ANYRES16=r1, @ANYBLOB="000227bd7000fbdbdf25100000009c0001809400c080cba892f8fb57efe536bf1fb2a95dbfad1692659db2f37611fd7630faecc79fc13bddd78cc8ea346f600562de026f67db73b21dfbaaba160d21b641ec29a81867a82e61527ec1783aad77f3a974cc87d7cc4255a2b9cf35784146d58d67b089a27497b9b08c74414d1d6f3f8ea5eeabdc7e55ac5bb0439102fb84c90e7dc5ec1708004000ff0700000800440003000000040099000d0102800500fe000000000014001600fc02000000000000000000000000000020b57827bf307625008836ebb3ac0dab97fa02a4aa99d9fbe9bbf807d278f067c7e8bb26412ad8df64245fba536339333773219403f4f503252d67b4befa162b5eedd0f2f156b323f4c9269ba69431364921d29bcaaadf9bc9b2cecabfdebefb38bbf09c0a0d7b2701a00d08284eb3b325f94346964c29d6421221f890cf4bd745ee04bab633adb0b55886575f5adcf1aec7ff5494edf248a3c9229540529c00a475ad18de8cf4b79be73a3a4903205eecdeb912743b8e6a0fa471a19fa5268887cfc370504879b0919472551c5df6f5f18e0fa34e12e838a022c602229bfe3c2cc4f2ea890800f600", @ANYRES32=r2, @ANYBLOB="000000040003800800e9ce040000000800060003000000080005007f00b90008000500de86000076cf33c09a4befab2b43ea5e80538d44f5eeec86d1a5056469ea0fd8245262b5a0fb1ac991d5a106e80300dbc05e416a96dcd4859669b497dde9d7e17dcb257c6af09325e9d7af131350655deaffc628dbdc29d40adc60d491c5cedc4c9e3b5e571a61f4b4d426c6c2a5f30800000070b5fc74b05188b31cea30baddfdcd7997bf72bbe4a8761bd4b49b89af299f6e20ad9092363000da160d36544dcff94d5354eede0002000087b89b6238db49bc21333527a8f72a9f664a8b920732fe18f83c48b2d67cf9f02373f5f5b46bcd00"/255], 0x1e4}, 0x1, 0x0, 0x0, 0x20000040}, 0x4) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) 9m31.368087437s ago: executing program 32 (id=165): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x7ff, 0x2, 0x13, 0x3) mbind$auto(0x0, 0x40, 0x4, 0x0, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x8000002, 0x20009, 0x8000000400000003, 0xeb1, 0x401, 0x8001) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0x8905, 0xfffffffffffff4e0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000080), 0xffffffffffffffff) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0x18, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) r2 = geteuid() fstat$auto(0xffffffffffffffff, &(0x7f0000000040)={0x6, 0xc, 0x200, 0x3, 0xee01, 0x0, 0x0, 0x3, 0x8, 0xfffffffffffffff8, 0x5, 0xb, 0xfffffffffffffffc, 0x80000001, 0x9, 0x8, 0x2}) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xa, 0x2, r2, r3, 0x42) msgctl$auto_IPC_RMID(0xffffff4b, 0x0, &(0x7f00000001c0)={{0x7f28, 0xee01, 0x0, 0xb024, 0x9, 0x6, 0x2}, &(0x7f0000000140)=0x5f, &(0x7f0000000180)=0x80, 0xffffffffffffffff, 0x30ba, 0x2, 0x4, 0x4, 0xc, 0x2, 0x6, @raw=0x4, @inferred=0xffffffffffffffff}) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000240)="8371e68d59c71d1e9df14860bb91ac70c0607c5369c6190e70d5af76859ca3f12d9c3f29c515a4e37e0d107ab3ec3a3b94c390f84a9d92aa73d868ac3c33e82dff0fd6779dca717b48b82e5f1cfbf5a57daa0b77d92f90b300e688882328e2b4acc90a6360ef57b6c3258d63389f4da730634e000d366cc6253dd89122b8e8ac939638c032f1aad4050bcdd4cef7320357b13f9aab3753dc7ef2119f15a133cbf044c74d3c55621c0100dd67db007bd468af7f101548ce574d3961b98833ebf0fe95", 0xc2) sendmsg$auto_IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000700)={&(0x7f0000000780)=ANY=[@ANYBLOB="e4010000", @ANYRES16=r1, @ANYBLOB="000227bd7000fbdbdf25100000009c0001809400c080cba892f8fb57efe536bf1fb2a95dbfad1692659db2f37611fd7630faecc79fc13bddd78cc8ea346f600562de026f67db73b21dfbaaba160d21b641ec29a81867a82e61527ec1783aad77f3a974cc87d7cc4255a2b9cf35784146d58d67b089a27497b9b08c74414d1d6f3f8ea5eeabdc7e55ac5bb0439102fb84c90e7dc5ec1708004000ff0700000800440003000000040099000d0102800500fe000000000014001600fc02000000000000000000000000000020b57827bf307625008836ebb3ac0dab97fa02a4aa99d9fbe9bbf807d278f067c7e8bb26412ad8df64245fba536339333773219403f4f503252d67b4befa162b5eedd0f2f156b323f4c9269ba69431364921d29bcaaadf9bc9b2cecabfdebefb38bbf09c0a0d7b2701a00d08284eb3b325f94346964c29d6421221f890cf4bd745ee04bab633adb0b55886575f5adcf1aec7ff5494edf248a3c9229540529c00a475ad18de8cf4b79be73a3a4903205eecdeb912743b8e6a0fa471a19fa5268887cfc370504879b0919472551c5df6f5f18e0fa34e12e838a022c602229bfe3c2cc4f2ea890800f600", @ANYRES32=r2, @ANYBLOB="000000040003800800e9ce040000000800060003000000080005007f00b90008000500de86000076cf33c09a4befab2b43ea5e80538d44f5eeec86d1a5056469ea0fd8245262b5a0fb1ac991d5a106e80300dbc05e416a96dcd4859669b497dde9d7e17dcb257c6af09325e9d7af131350655deaffc628dbdc29d40adc60d491c5cedc4c9e3b5e571a61f4b4d426c6c2a5f30800000070b5fc74b05188b31cea30baddfdcd7997bf72bbe4a8761bd4b49b89af299f6e20ad9092363000da160d36544dcff94d5354eede0002000087b89b6238db49bc21333527a8f72a9f664a8b920732fe18f83c48b2d67cf9f02373f5f5b46bcd00"/255], 0x1e4}, 0x1, 0x0, 0x0, 0x20000040}, 0x4) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) 7.811675316s ago: executing program 3 (id=2028): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x0, 0x154) execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x11000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0x8, 0xeb0, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x9) 6.376696719s ago: executing program 1 (id=2034): readlink$auto(&(0x7f0000000040)='./file2/file0\x00', 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/pwc/parameters/power_save\x00', 0x800, 0x0) mlockall$auto(0x7) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) socketpair$auto(0x1, 0x3, 0x5, 0x0) ioctl$auto(0x3, 0xc048aec8, r0) r2 = io_uring_setup$auto(0x1, 0x0) symlink$auto(&(0x7f0000000300)='\\\':.\x00', 0x0) readlink$auto(0x0, 0x0, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/lockdep_chains\x00', 0x10b402, 0x0) pread64$auto(r3, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/bonding/bond0\x00', 0xc0000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000100), 0x204080, 0x0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r7], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r2, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="78050000", @ANYRES16=r5, @ANYBLOB="01002bbd7000fedbdf257f000000a304b20032626b3c19381d83b3fab0912ed18c72d64c6e8c6a190b72336cd46eb7cf9db95ebd9999d319437faf8dc5809fd95b1ae6077301d20d6750a9b7a7415399c03fb1f79b9b2038095f6c5c34c904f08a30c8119ce124226dfdff3414499874ab6744bff539a80ed69e4c572d672816540783fa9f6fac6aec3c9dba74ca5b8923f19a2660ab0c4a980b862564881a6735f7cc5e924490380b28129c70494899e6870d735138c1ccb110e29dcdc67ebc4032a2f3dfb916da9ad86f7ffe7cc48df626bbd1addc5389d101c8a2d6197bb2e3cd425ab37016de50505ddc27cbe6c977b88ab01017d2c15650cb6d776b15ddbd37c54e6ca6ae397e96a2e0aee8f718731e1eeb9857ac576fd66175d80a220f1465368000a4fb6703e8b5519d6bc734111e3ca619ed466901d4523c141084096d0c6741218badfdb421110cbb3097fc0114882bd64730c91f29b59913e3c8525a945e236e2348ff70f8cead951ba4d30af6ad5025fd8a9717e0ba1c12b96daecf8b331c39d84a71e6715b70835dafbe62fcb6adff4c8a0e7892f9199cb8ab78fc81224b13f8e803ca042571a97675e0de34219ccece3d1cbd86e48b5fe1efaf3533838962292a060941cc254140900722bf684fc8e6b10c1b01af3b4e3a9a4047c7bf00df3bb55677fa4517111366b941ae7121f25e6a76938fc676b74cce563578dc9bf623afa13cc1d7eda8911bc61f86ef94848bd8178bf584cb59490b9f82a60e4f44a8057051531cfa4b0c53c7c6ba33952ba9149b9cb263c8922032464ea499f55b2263efe2edbfc1d9ac5e3d1c97865b1651392361f78321e0a87620c4d311aa361cf13a5bd9392c08d94272d18cf7c95f875b668224f27e3fc4ec3145e1421bdd901695094b4c8e8bca880a682d49cdb60cf18ef196fe21f022370bd9490429aed16af15e2249a15aef526bb8ad79bee73330f26237605a3bae660010a746be7ef3f1ab1abdbaf9d5f8559b167af379c20b3801a45598f98c6956e50ea5ba08bf74519d49b9bb2405aac4be32e1ed1faceb864e62fe1fa9a02b7b9cb10e0d03658296769ea62b37c000e6b5de42eb2dd3b8ef61b11e5fa5b3274e5bf9c27ace4e9b6673effb7483471ed601c63e77bb2c9831d77119f5f213c6bf36950815e606418865ecfa8e8b9479eaa9fed854aa0c2ee4b940ad5b362cef891c74e2e6f201c48bb7b904d73109d7c1e93ee2beaa02e3736010bc4e11362be956d7070df76e5bee5f4e377590ea07f8fd5082875c0924fa18695c87619f0fd3f516cf6e6a58630aa6af02a2ba52881e381f6174da70df9b8a1a13bb5d852341ac0016d0e7e23033a1ea31e5f675df8171f6bef86bbb098a098bd4d9cdb242a624264a962c510d7c1e7200c51b573b27b9e2c452ba554983c92f43d358ddb122c040552d001794ee51528870c91f160c5ad0d2aadcd1a39f54fc83328b18afaf1be861cb4e57fdbff8a37e43a0e5442e701b611142b5ffa782759f36c3bde25f1ec8863e56f7e2efa9d1b6300706798001e5062a074470b71bf4b37046d863d01f22db744bcdbccf207b179b04c848b6a9a264776b7edadc16ac3ecf317b147743904c3203520854c5b42cb69a1e8af3af110a9c38a083f78b12b20008b11c4d46a2e977e37f6c13dc06291d610dfd4def8d000800a50003000000ac009c00e20c310cabf76119f664543fc436c7951339f7e0306e3e96b5c6ddaf24bb6210c75339dad5fcd29e9454d76264973b4c0e5170174d39439c6eb47021b63e8e470102e6ee008cbf3ae1ec79e42e472f1cda6eb913153448875188b3e2ab7786161c02169129cfc24eb911b77d07836d4ac695dcda8e5a8ffe644e3b77d0093c293c15d66ad0b7069df03b30c33c6d82a09100b5a5eb427d3051a7f060d0338215310ff3098f8adbe60600fb005302000004006c00"], 0x578}}, 0x0) mmap$auto(0x2, 0x20009, 0x7, 0x11, r6, 0x7ffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 5.768298115s ago: executing program 1 (id=2035): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) close_range$auto(0x2, 0x8, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x0, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0xc, 0x0, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd39, 0xfff, 0x948b, 0x8, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x1, 0x7fffffff, 0x4, 0x6d3f, 0x9, 0x2, 0xffffffffffffffff]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x80000003, 0x3, 0x62, 0x8000001f, 0x2007, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) syslog$auto(0x4, &(0x7f0000007980)='\n)&*%#.+&%\r\x00', 0x0) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r1) r2 = socket(0xa, 0x5, 0x94) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) splice$auto(r2, &(0x7f0000000040)=0xc52, r2, &(0x7f00000000c0)=0x7, 0x800, 0x5) io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/i8042/serio1/firmware_id\x00', 0x800, 0x0) read$auto(r3, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.11/usb31/31-0:1.0/bInterfaceNumber\x00', 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) pipe2$auto(&(0x7f0000000080)=r2, 0x8000) 4.775513598s ago: executing program 3 (id=2036): keyctl$auto(0xe, 0x2, 0x76f, 0x9, 0xf13) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) pread64$auto(r0, 0x0, 0x4, 0x10) r1 = fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) getsockopt$auto(0x2, 0x114, 0x2711, 0xfffffffffffffffc, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/devicetree/base/name\x00', 0x8000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r2, 0x0, 0x9) ioctl$auto_SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000240)="ddc4c1eda78948a921e035d4f48bb1bb517f8bde5718689630e40081cbba278a84104225c4c72932b6cff60cf5222fc046fb1f73598c3225f359fca4546c44e05338caafd4e0a386fb80cb") openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x1, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x800000404, 0x8000) setrlimit$auto(0x1000000007, 0x0) fsmount$auto(0x4, 0x0, 0x200003) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb%\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xecWw\xe2\x9cK\fE\a\xca\xbe6\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xc0\x1e\x17\xa2\x99\x87\x91!\t\xe3\xdb\t\xf5iw\x85z\x00\xc5L\xf1=\x15Lb=1C\xae\xdc\xd5\xb6\x8f(\xd1\xaen\xfd#(\x91\x86ne\x8c\xe2=\xb1\xadr8\xd0\xc1\xe6\f\xd6\xba!6\xed\x87%\xf7\x1dj\x89)\x84_\xff_\xd2T\xa8\xcb\xd5\x88\xbe|\xfb\xe2SEa\xec.\xf5\xd7\x17P\xd8\'\xca7\x01f\x8c9\xccw5\xac\xd1\x02V%\x98\xa2\x16\xfb\xba\x9ewB\x9f\xb9\x04\x97\\\xf5\xebF\xcc\x04N\x19N\x14\v\xaa\xfaF\x05\xbd\xed(M\xef\xd5\xfd\xefl\x84\x0f/\xeb\xff1-o\xd7\x8f$\xac\xfc\xa2\xccm\x0e \xfb\xe5\xe9\x92\xaa\xef\x84$\x84Ia>6pV;{\'\xaa\xbeS\x14\xb6\xd2\xf6\xb7\xcd\xf6P\x05X\x1dK\x18\x99\x02\xb3\x0fY0\x80\x99\xe3\x0e\xa2D\xc0\xecE\x86\xd9J\x9c\xa8\x98\x02\xdb\xf1\x81TMpS\xc5\xab\xa1\x1bG\v>\x03\xf7\xe1\xaf\xe3\x04\xc3 ffF\x0f\xa6}\xa3\xa8\xd1\xe2\xd0QG\xa6\xa6\x8e7\x80\xd9\xd0\xdf\xad\xb1\x15\xca\xbb\xd5j\x94\xc6<\x18\x15\xcc\x8d\x14\xd8\xb8L\x03\xdd~\xe7%\xcb\xdd\xda!\xd45Z\xd0\xfc\x1b\xf0\xe1\xd6:\xd7\xe9N\xc1W\xe3\xae\xe9\xb27>k\xf8\xdf\xe1\xf9\xcc\xcb\v\x01D\xc3\xa9T\xb9UY\xaf\xa4\xe4\xfec\xa3\x9bI@\xb7w\xf8\x14\xc0\xd5\xd5\x95', 0x8) r1 = socket(0x10, 0x2, 0x0) capget$auto(0x0, 0xfffffffffffffffe) r2 = openat$auto_urandom_fops_random(0xffffffffffffff9c, 0x0, 0x181c00, 0x0) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/query\x00', 0x20080, 0x0) read$auto_tomoyo_operations_securityfs_if(r3, 0x0, 0x0) ioctl$auto_RNDADDTOENTCNT2(r2, 0x40045201, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x807}, 0x4, 0x8) socket(0x2, 0x1, 0x106) setsockopt$auto(0x3, 0x1, 0x7, 0xffffffffffffffff, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/acpi/interrupts/gpe02\x00', 0x2, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/kernel/timer_migration\x00', 0x242, 0x0) sendfile$auto(r5, r4, 0x0, 0x7fffe000) fcntl$auto(0x3, 0x4, 0xa553) r6 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/nbd3/hctx0/sched_tags_bitmap\x00', 0x0, 0x0) pread64$auto(r6, 0x0, 0x6c, 0xfc) mmap$auto(0xd, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2b, 0x1, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xfffffdef}, 0x1) 4.15855004s ago: executing program 2 (id=2040): socket(0x2, 0x3, 0xa) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x608100, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) adjtimex$auto(&(0x7f00000005c0)={0xffff, 0x0, 0x6, 0x9, 0x7, 0x7f, 0xfff, 0x0, 0xc15, 0x7, 0x592efafe, {0x3, 0xffffffffffffff57}, 0x100000001, 0x3, 0x857e, 0x5, 0x0, 0x3, 0x9, 0x240000000000, 0x400000, 0x10000, 0x7ff}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/handlers\x00', 0xc00, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/timer_list\x00', 0x10bc02, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/udp_hash_entries\x00', 0x8000, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x5) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000100), 0xffffffffffffffff) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() open(0x0, 0x600000, 0xb7) rseq$auto(&(0x7f0000000040)={0x20006, 0x200000, 0x1, 0x7, 0x88, 0x80000001, "9d50e5feffd99a7484ffee9cc32e00"/28}, 0x1, 0xa, 0xa) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendmsg$auto_NETDEV_CMD_QSTATS_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x18, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) close_range$auto(0x2, 0x8, 0x0) socket(0x1d, 0xa, 0x7) mmap$auto(0x8, 0x7, 0x5, 0x40df, r0, 0x5) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r2, 0x0, 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000040)) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x200dc0, 0x0) io_setup$auto(0x10000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) 3.768321639s ago: executing program 3 (id=2041): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x1, 0x0) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000180)="dc5662704c29ead37c2b374c01f47203da561f0572045fe9be3de200aa66fd0dcad4ae8b94d5605d4e7a3e7851c8389ef656667201af0f4a9eace58076384c2dfd9fddaff47b6dbaeadb4618648b94f0060060c9b2d638cf40b0fa92ebd0654f3a305982559606a22a1c01470a11f3c0529600669da6696f53722c79accda97368c0239b0eac14665fde029f737590c1528065ef5bb43c0e37861738c39db1769dfeb0f6974a2bc67ff79cc7490d14a77bb42dbbe6af9e883b85d7aa6e819c3f331415a6ec9090c65cf13519d68359cdadbfcb", 0x12, 0x0, 0x200000009, 0x0, 0x1f, 0x101}, 0x8}, 0x4, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket(0x1d, 0x2, 0x6) mmap$auto(0x2973b046, 0xffffffe, 0x6, 0x10000000009b7f, r1, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x41) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x11, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r5 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0xad00, 0x0) readv$auto(r5, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r4, 0x40}, 0x8000002, 0x0, 0x0, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) 3.761792401s ago: executing program 1 (id=2042): fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0x18, 0xfffffffffffffffa, 0x109000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop8/integrity/device_is_integrity_capable\x00', 0x4941, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x101001, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x8000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x6a742, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/nbd3/state\x00', 0x301802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0) read$auto(r2, 0x0, 0x20) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x24008804) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x40080, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0xffffffffffffffff]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/user\x00') sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) sysfs$auto(0xfffffffe, 0x60000, 0x0) execveat$auto(r3, &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000880)=0x0, 0x39) keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) r4 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nfsd(0x0, r4) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x0) chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) 3.204869316s ago: executing program 1 (id=2043): bpf$auto(0x23, 0x0, 0xe000000000000) r0 = socket(0x2c, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto(r2, 0x80045430, 0xffffffffffffffff) bind$auto(r0, &(0x7f0000000080)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x69) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x29c201, 0x0) r3 = socket(0x2c, 0x3, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r3) write$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) socket(0x2, 0x2, 0x88) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfdf3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/igmp\x00', 0x0, 0x0) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) symlink$auto(0x0, 0x0) 3.172724427s ago: executing program 4 (id=2044): mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async, rerun: 64) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async, rerun: 64) socket(0x2, 0x3, 0x100) socket(0x2, 0x2, 0x1) (async) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000040)={0x0, 0x1}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x5) openat$auto_fake_panic_fops_(0xffffffffffffff9c, 0x0, 0x1a1000, 0x0) openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd6/discard_alignment\x00', 0xc2581, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi26\x00', 0x0, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyaa\x00', 0x109401, 0x0) ioctl$auto(r0, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x0) (async) socket(0x80000000000000a, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@isdn={0x22, 0xc, 0x4, 0x81, 0xe}, 0x8) (async, rerun: 32) write$auto(r0, 0x0, 0x1) (rerun: 32) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) (async) r1 = io_uring_setup$auto(0x86, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x101000, 0x0) ioctl$auto(r2, 0xc0205647, r1) 3.008990679s ago: executing program 4 (id=2045): close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x6, 0x40000000029, 0x1d, 0xfffffffffffffffe, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$auto(r2, &(0x7f0000000c40)='gthtool\x00', 0x5) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x40000001, 0xad1, 0x5}]}) 2.80487987s ago: executing program 1 (id=2046): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x0, 0x154) execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x11000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x8, 0xeb0, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x9) 2.74350892s ago: executing program 4 (id=2047): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) getsockopt$auto(r0, 0x11c, 0x1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) socket(0x10, 0x3, 0x6) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto_NS_GET_MNTNS_ID(r1, 0x8008b705, &(0x7f0000000200)=0x8) r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r7, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e07251de39066555baed365ef307143959554d"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r7) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000426bd7000fddbdf251f00000008009a00040008003500e01b00000000"], 0x24}, 0x1, 0x0, 0x0, 0x20080040}, 0x4c810) sendmsg$auto_NL80211_CMD_GET_WOWLAN(r5, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r9, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0x80}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40480c1}, 0x80) write$auto(r6, 0x0, 0xe) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'pimreg\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000240)={0xa4, r2, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_TSINFO_HEADER={0x4, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffffb2f1}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x0, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x802}, 0x4008000) 2.719703742s ago: executing program 2 (id=2048): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x200000, 0x0) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/gid_map\x00', 0x8000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x20000000000eb1, 0x401, 0x8000) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91\vI\x1eRN8\x99\x88G\xd9\xec\x1epJ\"ds\x1cJr\xde:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18\x89\v\xea\x1b\x95\xaf\xee\xe69\x8d(<\xc7+\x83\xfcQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd3\x81Y\xa3Fp\v\xdc\xe2\xc3\xc3\xdbS\xdc', 0xfdef, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x1f40) writev$auto(r1, &(0x7f0000000200)={0x0, 0x800000879}, 0x4) write$auto(r0, &(0x7f00000000c0)='/dev/dsp\x00', 0x5) close_range$auto(0x0, r1, 0x0) 2.638462054s ago: executing program 3 (id=2049): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) close_range$auto(0x2, 0x8, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x0, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0xc, 0x0, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd39, 0xfff, 0x948b, 0x8, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x1, 0x7fffffff, 0x4, 0x6d3f, 0x9, 0x2, 0xffffffffffffffff]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x80000003, 0x3, 0x62, 0x8000001f, 0x2007, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) syslog$auto(0x4, &(0x7f0000007980)='\n)&*%#.+&%\r\x00', 0x0) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r1) r2 = socket(0xa, 0x5, 0x94) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) splice$auto(r2, &(0x7f0000000040)=0xc52, r2, &(0x7f00000000c0)=0x7, 0x800, 0x5) io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/i8042/serio1/firmware_id\x00', 0x800, 0x0) read$auto(r3, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.11/usb31/31-0:1.0/bInterfaceNumber\x00', 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) pipe2$auto(&(0x7f0000000080)=r2, 0x8000) 2.477045663s ago: executing program 2 (id=2050): keyctl$auto(0xe, 0x2, 0x76f, 0x9, 0xf13) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) pread64$auto(r0, 0x0, 0x4, 0x10) r1 = fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) getsockopt$auto(0x2, 0x114, 0x2711, 0xfffffffffffffffc, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/devicetree/base/name\x00', 0x8000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r2, 0x0, 0x9) ioctl$auto_SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000240)="ddc4c1eda78948a921e035d4f48bb1bb517f8bde5718689630e40081cbba278a84104225c4c72932b6cff60cf5222fc046fb1f73598c3225f359fca4546c44e05338caafd4e0a386fb80cb") openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x1, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x800000404, 0x8000) setrlimit$auto(0x1000000007, 0x0) fsmount$auto(0x4, 0x0, 0x200003) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb%\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xecWw\xe2\x9cK\fE\a\xca\xbe6\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xc0\x1e\x17\xa2\x99\x87\x91!\t\xe3\xdb\t\xf5iw\x85z\x00\xc5L\xf1=\x15Lb=1C\xae\xdc\xd5\xb6\x8f(\xd1\xaen\xfd#(\x91\x86ne\x8c\xe2=\xb1\xadr8\xd0\xc1\xe6\f\xd6\xba!6\xed\x87%\xf7\x1dj\x89)\x84_\xff_\xd2T\xa8\xcb\xd5\x88\xbe|\xfb\xe2SEa\xec.\xf5\xd7\x17P\xd8\'\xca7\x01f\x8c9\xccw5\xac\xd1\x02V%\x98\xa2\x16\xfb\xba\x9ewB\x9f\xb9\x04\x97\\\xf5\xebF\xcc\x04N\x19N\x14\v\xaa\xfaF\x05\xbd\xed(M\xef\xd5\xfd\xefl\x84\x0f/\xeb\xff1f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) (async) process_mrelease$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r2 = memfd_create$auto(0x0, 0x4) r3 = socket(0xa, 0x2, 0x3a) statx$auto(r2, 0x0, 0x1000, 0xbdfc, 0x0) (async) setsockopt$auto(r3, 0x29, 0x14, 0x0, 0x56b) (async) setsockopt$auto(r3, 0x29, 0x14, 0x0, 0x10052b) (async) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) inotify_init1$auto(0x403) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) (async) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) (async) mincore$auto(0x1000, 0x8001, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) 93.25608ms ago: executing program 1 (id=2057): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) unshare$auto(0x400) select$auto(0xd, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x2, 0xc, 0x5, 0x3, 0xff, 0x2000000000000002, 0x9, 0xfffffffffffff761, 0x103, 0x80000000, 0x2, 0x7fff, 0x5, 0x4006]}, 0x0, 0x0) ioctl$auto(0x3, 0xae41, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(0x3, 0x2, 0x0) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r1, r1, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) ioctl$auto(r2, 0xc0585611, r2) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x80002, 0x73) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x80805, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) timer_create$auto(0x0, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) 0s ago: executing program 2 (id=2058): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x1, 0x0) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000180)="dc5662704c29ead37c2b374c01f47203da561f0572045fe9be3de200aa66fd0dcad4ae8b94d5605d4e7a3e7851c8389ef656667201af0f4a9eace58076384c2dfd9fddaff47b6dbaeadb4618648b94f0060060c9b2d638cf40b0fa92ebd0654f3a305982559606a22a1c01470a11f3c0529600669da6696f53722c79accda97368c0239b0eac14665fde029f737590c1528065ef5bb43c0e37861738c39db1769dfeb0f6974a2bc67ff79cc7490d14a77bb42dbbe6af9e883b85d7aa6e819c3f331415a6ec9090c65cf13519d68359cdadbfcb", 0x12, 0x0, 0x200000009, 0x0, 0x1f, 0x101}, 0x8}, 0x4, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket(0x1d, 0x2, 0x6) mmap$auto(0x2973b046, 0xffffffe, 0x6, 0x10000000009b7f, r1, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x41) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x11, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r5 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0xad00, 0x0) readv$auto(r5, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r4, 0x40}, 0x8000002, 0x0, 0x0, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) kernel console output (not intermixed with test programs): 506.618007][T12788] ? rw_verify_area+0xcf/0x680 [ 506.618043][T12788] ? __pfx_seq_read+0x10/0x10 [ 506.618075][T12788] vfs_readv+0x6bf/0x8a0 [ 506.618108][T12788] ? get_pid_task+0x106/0x250 [ 506.618145][T12788] ? __pfx_vfs_readv+0x10/0x10 [ 506.618182][T12788] ? find_held_lock+0x2b/0x80 [ 506.618258][T12788] ? __fget_files+0x20e/0x3c0 [ 506.618285][T12788] ? do_preadv+0x1a6/0x270 [ 506.618300][T12788] do_preadv+0x1a6/0x270 [ 506.618320][T12788] ? __pfx_do_preadv+0x10/0x10 [ 506.618349][T12788] do_syscall_64+0xcd/0x490 [ 506.618376][T12788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.618397][T12788] RIP: 0033:0x7fb15d98e969 [ 506.618415][T12788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.618437][T12788] RSP: 002b:00007fb15b793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 506.618458][T12788] RAX: ffffffffffffffda RBX: 00007fb15dbb6240 RCX: 00007fb15d98e969 [ 506.618470][T12788] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000006 [ 506.618482][T12788] RBP: 00007fb15b793090 R08: 0000000000000006 R09: 0000000000000000 [ 506.618494][T12788] R10: 000000000000e637 R11: 0000000000000246 R12: 0000000000000001 [ 506.618507][T12788] R13: 0000000000000000 R14: 00007fb15dbb6240 R15: 00007ffd0b9fbec8 [ 506.618540][T12788] [ 507.784735][T12790] can: request_module (can-proto-0) failed. [ 508.678433][T12810] can: request_module (can-proto-0) failed. [ 509.050185][T12815] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 510.835796][T12858] Process accounting resumed [ 512.485221][T12868] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 513.121920][T12882] can: request_module (can-proto-0) failed. [ 513.495365][T12891] sd 0:0:1:0: PR command failed: 1026 [ 513.537032][T12891] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 513.558632][T12891] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 514.533488][T12905] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1210'. [ 514.669532][T12912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1210'. [ 514.700188][T12905] ipvlan1: entered allmulticast mode [ 514.705546][T12905] veth0_vlan: entered allmulticast mode [ 514.751280][T12908] bridge0: port 3(bond0) entered blocking state [ 514.764363][T12908] bridge0: port 3(bond0) entered disabled state [ 514.786661][T12908] bond0: entered allmulticast mode [ 514.792004][T12908] bond_slave_0: entered allmulticast mode [ 514.798089][T12908] bond_slave_1: entered allmulticast mode [ 514.810792][T12908] bond0: entered promiscuous mode [ 514.829994][T12908] bond_slave_0: entered promiscuous mode [ 514.841413][T12908] bond_slave_1: entered promiscuous mode [ 514.857917][T12908] bridge0: port 3(bond0) entered blocking state [ 514.864401][T12908] bridge0: port 3(bond0) entered forwarding state [ 515.735398][T12928] can: request_module (can-proto-0) failed. [ 517.049913][T12943] sd 0:0:1:0: PR command failed: 1026 [ 517.136539][T12943] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 517.306453][T12943] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 517.956689][T12962] FAULT_INJECTION: forcing a failure. [ 517.956689][T12962] name fail_futex, interval 1, probability 0, space 0, times 0 [ 518.003068][T12962] CPU: 0 UID: 0 PID: 12962 Comm: syz.4.1221 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 518.003110][T12962] Tainted: [U]=USER [ 518.003118][T12962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.003131][T12962] Call Trace: [ 518.003140][T12962] [ 518.003149][T12962] dump_stack_lvl+0x16c/0x1f0 [ 518.003181][T12962] should_fail_ex+0x512/0x640 [ 518.003206][T12962] ? unwind_get_return_address+0x59/0xa0 [ 518.003243][T12962] get_futex_key+0x1d0/0x1540 [ 518.003287][T12962] ? __pfx_get_futex_key+0x10/0x10 [ 518.003324][T12962] ? stack_trace_save+0x8e/0xc0 [ 518.003360][T12962] ? __pfx_stack_trace_save+0x10/0x10 [ 518.003395][T12962] ? stack_depot_save_flags+0x28/0xa40 [ 518.003427][T12962] futex_wait_setup+0x9d/0x550 [ 518.003467][T12962] __futex_wait+0x194/0x2f0 [ 518.003498][T12962] ? __pfx___futex_wait+0x10/0x10 [ 518.003533][T12962] ? __pfx_futex_wake_mark+0x10/0x10 [ 518.003583][T12962] futex_wait+0xe8/0x380 [ 518.003612][T12962] ? __pfx_futex_wait+0x10/0x10 [ 518.003649][T12962] ? kmem_cache_free+0x2d1/0x4d0 [ 518.003674][T12962] ? fd_install+0x225/0x750 [ 518.003694][T12962] ? putname+0x154/0x1a0 [ 518.003728][T12962] do_futex+0x229/0x350 [ 518.003753][T12962] ? __pfx_do_futex+0x10/0x10 [ 518.003789][T12962] __x64_sys_futex+0x1e0/0x4c0 [ 518.003816][T12962] ? __x64_sys_openat+0x174/0x210 [ 518.003849][T12962] ? __pfx___x64_sys_futex+0x10/0x10 [ 518.003888][T12962] do_syscall_64+0xcd/0x490 [ 518.003928][T12962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.003953][T12962] RIP: 0033:0x7fb76958e969 [ 518.003972][T12962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.003995][T12962] RSP: 002b:00007fb76a3b10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 518.004018][T12962] RAX: ffffffffffffffda RBX: 00007fb7697b6088 RCX: 00007fb76958e969 [ 518.004035][T12962] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb7697b6088 [ 518.004049][T12962] RBP: 00007fb7697b6080 R08: 0000000000000000 R09: 0000000000000000 [ 518.004064][T12962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb7697b608c [ 518.004079][T12962] R13: 0000000000000000 R14: 00007fff6a0c2990 R15: 00007fff6a0c2a78 [ 518.004116][T12962] [ 518.549556][T11962] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 518.557444][T11962] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 518.566860][T11962] CPU: 1 UID: 0 PID: 11962 Comm: kworker/u9:0 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 518.566884][T11962] Tainted: [U]=USER [ 518.566889][T11962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.566906][T11962] Workqueue: hci0 hci_rx_work [ 518.566927][T11962] Call Trace: [ 518.566932][T11962] [ 518.566939][T11962] dump_stack_lvl+0x16c/0x1f0 [ 518.566956][T11962] sysfs_warn_dup+0x7f/0xa0 [ 518.566971][T11962] sysfs_create_dir_ns+0x24b/0x2b0 [ 518.566985][T11962] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 518.566998][T11962] ? find_held_lock+0x2b/0x80 [ 518.567023][T11962] ? do_raw_spin_unlock+0x172/0x230 [ 518.567043][T11962] kobject_add_internal+0x2c4/0x9b0 [ 518.567063][T11962] kobject_add+0x16e/0x240 [ 518.567078][T11962] ? __pfx_kobject_add+0x10/0x10 [ 518.567095][T11962] ? do_raw_spin_unlock+0x172/0x230 [ 518.567113][T11962] ? kobject_put+0xab/0x5a0 [ 518.567134][T11962] device_add+0x288/0x1a70 [ 518.567153][T11962] ? __pfx_dev_set_name+0x10/0x10 [ 518.567172][T11962] ? __pfx_device_add+0x10/0x10 [ 518.567190][T11962] ? mgmt_send_event_skb+0x2fb/0x460 [ 518.567275][T11962] hci_conn_add_sysfs+0x17e/0x230 [ 518.567356][T11962] le_conn_complete_evt+0x1075/0x1d70 [ 518.567414][T11962] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 518.567484][T11962] ? bt_warn+0xe4/0x120 [ 518.567537][T11962] ? __pfx_bt_warn+0x10/0x10 [ 518.567591][T11962] hci_le_conn_complete_evt+0x23c/0x370 [ 518.567660][T11962] hci_le_meta_evt+0x2f6/0x5e0 [ 518.567725][T11962] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 518.567793][T11962] hci_event_packet+0x669/0x1190 [ 518.567846][T11962] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 518.567916][T11962] ? __pfx_hci_event_packet+0x10/0x10 [ 518.567984][T11962] ? kcov_remote_start+0x3c9/0x6d0 [ 518.568051][T11962] ? lockdep_hardirqs_on+0x7c/0x110 [ 518.568106][T11962] hci_rx_work+0x2c5/0x16b0 [ 518.568172][T11962] ? rcu_is_watching+0x12/0xc0 [ 518.568253][T11962] process_one_work+0x9cc/0x1b70 [ 518.568339][T11962] ? __pfx_process_one_work+0x10/0x10 [ 518.568422][T11962] ? assign_work+0x1a0/0x250 [ 518.568501][T11962] worker_thread+0x6c8/0xf10 [ 518.568582][T11962] ? __kthread_parkme+0x19e/0x250 [ 518.568649][T11962] ? __pfx_worker_thread+0x10/0x10 [ 518.568716][T11962] kthread+0x3c5/0x780 [ 518.568783][T11962] ? __pfx_kthread+0x10/0x10 [ 518.568849][T11962] ? rcu_is_watching+0x12/0xc0 [ 518.569046][T11962] ? __pfx_kthread+0x10/0x10 [ 518.569121][T11962] ret_from_fork+0x5d7/0x6f0 [ 518.569183][T11962] ? __pfx_kthread+0x10/0x10 [ 518.569258][T11962] ret_from_fork_asm+0x1a/0x30 [ 518.569321][T11962] [ 518.569374][T11962] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 518.857453][T11962] Bluetooth: hci0: failed to register connection device [ 520.264587][T13002] i2c i2c-0: Failed to register i2c client card: at 0x01 (-16) [ 520.350423][T13003] can: request_module (can-proto-0) failed. [ 520.715170][T13010] sd 0:0:1:0: PR command failed: 1026 [ 520.776648][T13010] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 520.796784][T13010] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 525.865404][T13118] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 527.149314][T13130] zswap: compressor 00 not available [ 527.154931][T13133] FAULT_INJECTION: forcing a failure. [ 527.154931][T13133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 527.248696][T13133] CPU: 1 UID: 0 PID: 13133 Comm: syz.2.1255 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 527.248736][T13133] Tainted: [U]=USER [ 527.248744][T13133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 527.248758][T13133] Call Trace: [ 527.248766][T13133] [ 527.248775][T13133] dump_stack_lvl+0x16c/0x1f0 [ 527.248806][T13133] should_fail_ex+0x512/0x640 [ 527.248838][T13133] _copy_to_iter+0x29f/0x16f0 [ 527.248868][T13133] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 527.248898][T13133] ? __pfx__copy_to_iter+0x10/0x10 [ 527.248927][T13133] ? kernfs_seq_stop+0xcd/0x120 [ 527.248965][T13133] ? kernfs_put_active+0x86/0xe0 [ 527.248997][T13133] seq_read_iter+0xcf8/0x12c0 [ 527.249049][T13133] kernfs_fop_read_iter+0x40f/0x5a0 [ 527.249080][T13133] ? rw_verify_area+0xcf/0x680 [ 527.249118][T13133] vfs_read+0x8bf/0xc60 [ 527.249147][T13133] ? __pfx___mutex_lock+0x10/0x10 [ 527.249171][T13133] ? __pfx_vfs_read+0x10/0x10 [ 527.249218][T13133] ksys_read+0x12a/0x250 [ 527.249241][T13133] ? __pfx_ksys_read+0x10/0x10 [ 527.249276][T13133] do_syscall_64+0xcd/0x490 [ 527.249311][T13133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.249336][T13133] RIP: 0033:0x7f9447f8e969 [ 527.249354][T13133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.249374][T13133] RSP: 002b:00007f9445df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 527.249394][T13133] RAX: ffffffffffffffda RBX: 00007f94481b6080 RCX: 00007f9447f8e969 [ 527.249409][T13133] RDX: 0000000000000fec RSI: 0000200000001080 RDI: 0000000000000007 [ 527.249422][T13133] RBP: 00007f9445df6090 R08: 0000000000000000 R09: 0000000000000000 [ 527.249435][T13133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.249448][T13133] R13: 0000000000000000 R14: 00007f94481b6080 R15: 00007ffcfa86f618 [ 527.249479][T13133] [ 528.000776][T13151] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1261'. [ 528.190698][T13153] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1261'. [ 528.247731][T13142] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1259'. [ 528.287505][T13151] veth0_macvtap: left promiscuous mode [ 528.349039][T13157] Invalid ELF header magic: != ELF [ 529.748449][T13171] zswap: compressor 00 not available [ 530.096575][T13184] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1266'. [ 530.700222][T13189] zswap: compressor 00 not available [ 531.228136][T13199] can: request_module (can-proto-0) failed. [ 533.655197][T13248] FAULT_INJECTION: forcing a failure. [ 533.655197][T13248] name failslab, interval 1, probability 0, space 0, times 0 [ 533.722529][T13248] CPU: 1 UID: 0 PID: 13248 Comm: syz.4.1281 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 533.722580][T13248] Tainted: [U]=USER [ 533.722590][T13248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 533.722605][T13248] Call Trace: [ 533.722615][T13248] [ 533.722625][T13248] dump_stack_lvl+0x16c/0x1f0 [ 533.722658][T13248] should_fail_ex+0x512/0x640 [ 533.722686][T13248] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 533.722722][T13248] should_failslab+0xc2/0x120 [ 533.722755][T13248] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 533.722790][T13248] ? kstrdup_const+0x63/0x80 [ 533.722824][T13248] kstrdup+0x53/0x100 [ 533.722851][T13248] kstrdup_const+0x63/0x80 [ 533.722878][T13248] alloc_vfsmnt+0xea/0x730 [ 533.722908][T13248] clone_mnt+0x6d/0xff0 [ 533.722938][T13248] ? copy_tree+0x50d/0xa20 [ 533.722958][T13248] ? copy_mnt_ns+0x1ac/0xac0 [ 533.722986][T13248] copy_tree+0x38d/0xa20 [ 533.723019][T13248] copy_mnt_ns+0x1ac/0xac0 [ 533.723042][T13248] ? trace_kmem_cache_alloc+0x28/0xc0 [ 533.723075][T13248] ? trace_cap_capable+0x18d/0x200 [ 533.723104][T13248] ? create_new_namespaces+0x30/0xa90 [ 533.723149][T13248] create_new_namespaces+0xd3/0xa90 [ 533.723185][T13248] ? bpf_lsm_capable+0x9/0x10 [ 533.723210][T13248] ? security_capable+0x7e/0x260 [ 533.723245][T13248] copy_namespaces+0x468/0x560 [ 533.723287][T13248] copy_process+0x2a55/0x9170 [ 533.723342][T13248] ? __pfx_copy_process+0x10/0x10 [ 533.723376][T13248] ? try_to_wake_up+0xa2f/0x1680 [ 533.723418][T13248] ? plist_check_head+0xa3/0x150 [ 533.723461][T13248] ? futex_private_hash_put+0xc7/0x240 [ 533.723520][T13248] kernel_clone+0xfc/0x960 [ 533.723549][T13248] ? __pfx_futex_wake+0x10/0x10 [ 533.723579][T13248] ? __pfx_kernel_clone+0x10/0x10 [ 533.723630][T13248] __do_sys_clone+0xce/0x120 [ 533.723658][T13248] ? __pfx___do_sys_clone+0x10/0x10 [ 533.723685][T13248] ? ksys_unshare+0x687/0xa40 [ 533.723727][T13248] ? xfd_validate_state+0x61/0x180 [ 533.723770][T13248] do_syscall_64+0xcd/0x490 [ 533.723799][T13248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.723825][T13248] RIP: 0033:0x7fb76958e969 [ 533.723847][T13248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.723872][T13248] RSP: 002b:00007fb76a3b0fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 533.723897][T13248] RAX: ffffffffffffffda RBX: 00007fb7697b6080 RCX: 00007fb76958e969 [ 533.723914][T13248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 533.723930][T13248] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 533.723946][T13248] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 533.723962][T13248] R13: 0000000000000000 R14: 00007fb7697b6080 R15: 00007fff6a0c2a78 [ 533.723998][T13248] [ 534.391825][T13254] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 534.871503][T13266] Invalid ELF header magic: != ELF [ 536.072894][T13287] zswap: compressor 00 not available syzkaller syzkaller login: [ 538.471941][T13350] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 539.045770][T13355] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 540.220472][T13373] FAULT_INJECTION: forcing a failure. [ 540.220472][T13373] name failslab, interval 1, probability 0, space 0, times 0 [ 540.250643][T13373] CPU: 1 UID: 0 PID: 13373 Comm: syz.4.1300 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 540.250684][T13373] Tainted: [U]=USER [ 540.250693][T13373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 540.250708][T13373] Call Trace: [ 540.250716][T13373] [ 540.250727][T13373] dump_stack_lvl+0x16c/0x1f0 [ 540.250759][T13373] should_fail_ex+0x512/0x640 [ 540.250786][T13373] ? fs_reclaim_acquire+0xae/0x150 [ 540.250825][T13373] should_failslab+0xc2/0x120 [ 540.250858][T13373] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 540.250886][T13373] ? security_inode_alloc+0x3b/0x2b0 [ 540.250923][T13373] security_inode_alloc+0x3b/0x2b0 [ 540.250955][T13373] inode_init_always_gfp+0xce4/0x1030 [ 540.250985][T13373] alloc_inode+0x86/0x240 [ 540.251017][T13373] sock_alloc+0x40/0x280 [ 540.251056][T13373] __sock_create+0xc1/0x8d0 [ 540.251086][T13373] __sys_socket+0x14d/0x260 [ 540.251119][T13373] ? __pfx___sys_socket+0x10/0x10 [ 540.251144][T13373] ? xfd_validate_state+0x61/0x180 [ 540.251167][T13373] ? __pfx___do_sys_close_range+0x10/0x10 [ 540.251200][T13373] __x64_sys_socket+0x72/0xb0 [ 540.251223][T13373] ? lockdep_hardirqs_on+0x7c/0x110 [ 540.251244][T13373] do_syscall_64+0xcd/0x490 [ 540.251269][T13373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.251292][T13373] RIP: 0033:0x7fb76958e969 [ 540.251312][T13373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 540.251336][T13373] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 540.251360][T13373] RAX: ffffffffffffffda RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 540.251377][T13373] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002d [ 540.251392][T13373] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 540.251406][T13373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 540.251421][T13373] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 540.251452][T13373] [ 540.251481][T13373] socket: no more sockets [ 540.524151][T13374] ima: policy update failed [ 540.536632][ T30] audit: type=1802 audit(4294967364.989:14): pid=13374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.1300" res=0 errno=0 [ 540.579323][T13383] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1303'. [ 541.374891][T13397] can: request_module (can-proto-0) failed. [ 542.500128][T13392] Process accounting paused [ 543.150917][T13407] netlink: zone id is out of range [ 543.200546][T13407] netlink: zone id is out of range [ 543.210684][T13407] netlink: zone id is out of range [ 543.215936][T13407] netlink: zone id is out of range [ 543.395262][T13407] netlink: zone id is out of range [ 543.622097][T13407] netlink: zone id is out of range [ 543.710703][T13407] netlink: zone id is out of range [ 543.743407][T13407] netlink: zone id is out of range [ 543.810996][T13407] netlink: zone id is out of range [ 544.469175][T13432] zswap: compressor 00 not available [ 545.688210][T13450] sd 0:0:1:0: PR command failed: 1026 [ 545.693997][T13450] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 545.701074][T13450] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 547.298011][T13479] netlink: 'syz.2.1319': attribute type 11 has an invalid length. [ 547.306044][T13479] netlink: 'syz.2.1319': attribute type 11 has an invalid length. [ 547.314145][T13479] netlink: 'syz.2.1319': attribute type 11 has an invalid length. [ 547.322111][T13479] netlink: 'syz.2.1319': attribute type 11 has an invalid length. [ 547.330820][T13479] netlink: 'syz.2.1319': attribute type 11 has an invalid length. [ 549.402872][T13497] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 549.411436][T13497] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 549.437660][T13497] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 549.455276][T13497] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 549.472097][T13497] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 549.486953][T13497] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 550.093521][T13530] can: request_module (can-proto-0) failed. [ 550.786608][T11962] Bluetooth: hci1: command 0x0406 tx timeout [ 551.426523][T11962] Bluetooth: hci3: command 0x0406 tx timeout [ 551.506586][T11962] Bluetooth: hci4: command 0x0c1a tx timeout [ 551.516804][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 553.589537][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 554.466551][T13615] can: request_module (can-proto-0) failed. [ 555.673901][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 555.767567][T13651] sctp: [Deprecated]: syz.1.1348 (pid 13651) Use of int in max_burst socket option deprecated. [ 555.767567][T13651] Use struct sctp_assoc_value instead [ 555.853878][T13653] sctp: [Deprecated]: syz.1.1348 (pid 13653) Use of int in max_burst socket option deprecated. [ 555.853878][T13653] Use struct sctp_assoc_value instead [ 556.209559][T13665] sd 0:0:1:0: PR command failed: 1026 [ 556.215434][T13665] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 556.222469][T13665] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 556.831416][T13669] sd 0:0:1:0: PR command failed: 1026 [ 556.837391][T13669] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 556.844229][T13669] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 557.312829][T13661] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 557.362678][T13661] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 557.429512][T13661] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 557.435667][T13661] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 557.546423][T13675] can: request_module (can-proto-0) failed. [ 557.862713][T13682] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1353'. [ 558.203469][T13684] FAULT_INJECTION: forcing a failure. [ 558.203469][T13684] name fail_futex, interval 1, probability 0, space 0, times 0 [ 558.260323][T13684] CPU: 0 UID: 0 PID: 13684 Comm: syz.3.1353 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 558.260350][T13684] Tainted: [U]=USER [ 558.260355][T13684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 558.260364][T13684] Call Trace: [ 558.260369][T13684] [ 558.260374][T13684] dump_stack_lvl+0x16c/0x1f0 [ 558.260394][T13684] should_fail_ex+0x512/0x640 [ 558.260413][T13684] get_futex_key+0xf3e/0x1540 [ 558.260439][T13684] ? __pfx_get_futex_key+0x10/0x10 [ 558.260463][T13684] ? __mutex_trylock_common+0xe9/0x250 [ 558.260484][T13684] futex_wake+0xea/0x530 [ 558.260503][T13684] ? __pfx_futex_wake+0x10/0x10 [ 558.260518][T13684] ? __lock_acquire+0xb8a/0x1c90 [ 558.260542][T13684] do_futex+0x1e3/0x350 [ 558.260556][T13684] ? __pfx_do_futex+0x10/0x10 [ 558.260569][T13684] ? __might_fault+0xe3/0x190 [ 558.260590][T13684] mm_release+0x24e/0x300 [ 558.260612][T13684] do_exit+0x901/0x2c70 [ 558.260633][T13684] ? __pfx_do_exit+0x10/0x10 [ 558.260649][T13684] ? do_raw_spin_lock+0x12c/0x2b0 [ 558.260666][T13684] ? find_held_lock+0x2b/0x80 [ 558.260689][T13684] do_group_exit+0xd3/0x2a0 [ 558.260707][T13684] get_signal+0x2673/0x26d0 [ 558.260727][T13684] ? __pfx_get_signal+0x10/0x10 [ 558.260739][T13684] ? do_futex+0x122/0x350 [ 558.260753][T13684] ? __pfx_do_futex+0x10/0x10 [ 558.260769][T13684] arch_do_signal_or_restart+0x8f/0x790 [ 558.260793][T13684] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 558.260820][T13684] ? xfd_validate_state+0x61/0x180 [ 558.260836][T13684] ? __pfx_ksys_write+0x10/0x10 [ 558.260854][T13684] exit_to_user_mode_loop+0x84/0x110 [ 558.260874][T13684] do_syscall_64+0x3f6/0x490 [ 558.260890][T13684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.260904][T13684] RIP: 0033:0x7f45ae78e969 [ 558.260916][T13684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.260930][T13684] RSP: 002b:00007f45af58e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 558.260944][T13684] RAX: fffffffffffffe00 RBX: 00007f45ae9b6168 RCX: 00007f45ae78e969 [ 558.260954][T13684] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f45ae9b6168 [ 558.260962][T13684] RBP: 00007f45ae9b6160 R08: 0000000000000000 R09: 0000000000000000 [ 558.260971][T13684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45ae9b616c [ 558.260980][T13684] R13: 0000000000000000 R14: 00007ffc93d7be00 R15: 00007ffc93d7bee8 [ 558.260998][T13684] [ 558.592197][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 559.427527][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 559.506580][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout [ 559.512661][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 559.518133][T13701] FAULT_INJECTION: forcing a failure. [ 559.518133][T13701] name failslab, interval 1, probability 0, space 0, times 0 [ 559.541285][T13701] CPU: 1 UID: 0 PID: 13701 Comm: syz.1.1357 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 559.541328][T13701] Tainted: [U]=USER [ 559.541337][T13701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 559.541352][T13701] Call Trace: [ 559.541361][T13701] [ 559.541371][T13701] dump_stack_lvl+0x16c/0x1f0 [ 559.541404][T13701] should_fail_ex+0x512/0x640 [ 559.541432][T13701] ? __kmalloc_noprof+0xbf/0x510 [ 559.541466][T13701] ? constrain_params_by_rules+0x175/0xca0 [ 559.541494][T13701] should_failslab+0xc2/0x120 [ 559.541527][T13701] __kmalloc_noprof+0xd2/0x510 [ 559.541554][T13701] ? unwind_get_return_address+0x59/0xa0 [ 559.541592][T13701] ? arch_stack_walk+0xa6/0x100 [ 559.541632][T13701] constrain_params_by_rules+0x175/0xca0 [ 559.541667][T13701] ? stack_trace_save+0x8e/0xc0 [ 559.541707][T13701] ? stack_depot_save_flags+0x28/0xa40 [ 559.541734][T13701] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 559.541760][T13701] ? kfree+0x2b4/0x4d0 [ 559.541779][T13701] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 559.541813][T13701] ? __kasan_kmalloc+0xaa/0xb0 [ 559.541839][T13701] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 559.541863][T13701] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 559.541887][T13701] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 559.541936][T13701] ? snd_interval_refine+0x2fa/0x580 [ 559.541978][T13701] snd_pcm_hw_refine+0x7de/0xad0 [ 559.542011][T13701] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 559.542056][T13701] ? _snd_pcm_hw_param_min+0x259/0x630 [ 559.542090][T13701] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 559.542124][T13701] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 559.542154][T13701] ? __asan_memset+0x23/0x50 [ 559.542177][T13701] ? calc_src_frames.isra.0+0x187/0x1d0 [ 559.542205][T13701] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 559.542243][T13701] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 559.542291][T13701] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 559.542324][T13701] ? snd_pcm_oss_sync+0x30c/0x840 [ 559.542372][T13701] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 559.542402][T13701] snd_pcm_oss_sync+0x32e/0x840 [ 559.542433][T13701] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 559.542459][T13701] snd_pcm_oss_release+0x28b/0x310 [ 559.542489][T13701] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 559.542513][T13701] __fput+0x402/0xb70 [ 559.542554][T13701] task_work_run+0x14d/0x240 [ 559.542590][T13701] ? __pfx_task_work_run+0x10/0x10 [ 559.542625][T13701] ? __pfx___do_sys_close_range+0x10/0x10 [ 559.542662][T13701] exit_to_user_mode_loop+0xeb/0x110 [ 559.542697][T13701] do_syscall_64+0x3f6/0x490 [ 559.542730][T13701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.542758][T13701] RIP: 0033:0x7fb15d98e969 [ 559.542782][T13701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.542810][T13701] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 559.542836][T13701] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 559.542853][T13701] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 559.542868][T13701] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 559.542885][T13701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.542901][T13701] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 559.542950][T13701] [ 560.136911][T13698] can: request_module (can-proto-0) failed. [ 560.146032][T13708] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input28 [ 561.626911][T13734] warning: `syz.3.1365' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 562.860526][T13739] zswap: compressor 00 not available [ 563.100485][T13755] FAULT_INJECTION: forcing a failure. [ 563.100485][T13755] name failslab, interval 1, probability 0, space 0, times 0 [ 563.130611][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.139154][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.155781][T13755] CPU: 0 UID: 0 PID: 13755 Comm: syz.4.1370 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 563.155823][T13755] Tainted: [U]=USER [ 563.155831][T13755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 563.155845][T13755] Call Trace: [ 563.155853][T13755] [ 563.155863][T13755] dump_stack_lvl+0x16c/0x1f0 [ 563.155896][T13755] should_fail_ex+0x512/0x640 [ 563.155921][T13755] ? __kmalloc_noprof+0xbf/0x510 [ 563.155950][T13755] ? constrain_params_by_rules+0x175/0xca0 [ 563.155976][T13755] should_failslab+0xc2/0x120 [ 563.156006][T13755] __kmalloc_noprof+0xd2/0x510 [ 563.156035][T13755] ? unwind_get_return_address+0x59/0xa0 [ 563.156073][T13755] ? arch_stack_walk+0xa6/0x100 [ 563.156109][T13755] constrain_params_by_rules+0x175/0xca0 [ 563.156144][T13755] ? stack_trace_save+0x8e/0xc0 [ 563.156183][T13755] ? stack_depot_save_flags+0x28/0xa40 [ 563.156213][T13755] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 563.156238][T13755] ? kfree+0x2b4/0x4d0 [ 563.156258][T13755] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 563.156296][T13755] ? __kasan_kmalloc+0xaa/0xb0 [ 563.156321][T13755] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 563.156345][T13755] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 563.156370][T13755] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 563.156410][T13755] ? snd_interval_refine+0x2fa/0x580 [ 563.156447][T13755] snd_pcm_hw_refine+0x7de/0xad0 [ 563.156482][T13755] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 563.156526][T13755] ? _snd_pcm_hw_param_min+0x259/0x630 [ 563.156557][T13755] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 563.156590][T13755] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 563.156618][T13755] ? __asan_memset+0x23/0x50 [ 563.156640][T13755] ? calc_src_frames.isra.0+0x187/0x1d0 [ 563.156674][T13755] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 563.156711][T13755] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 563.156755][T13755] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 563.156783][T13755] ? snd_pcm_oss_sync+0x30c/0x840 [ 563.156829][T13755] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 563.156858][T13755] snd_pcm_oss_sync+0x32e/0x840 [ 563.156888][T13755] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 563.156912][T13755] snd_pcm_oss_release+0x28b/0x310 [ 563.156942][T13755] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 563.156966][T13755] __fput+0x402/0xb70 [ 563.157005][T13755] task_work_run+0x14d/0x240 [ 563.157040][T13755] ? __pfx_task_work_run+0x10/0x10 [ 563.157073][T13755] ? __pfx___do_sys_close_range+0x10/0x10 [ 563.157106][T13755] exit_to_user_mode_loop+0xeb/0x110 [ 563.157140][T13755] do_syscall_64+0x3f6/0x490 [ 563.157169][T13755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.157195][T13755] RIP: 0033:0x7fb76958e969 [ 563.157216][T13755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.157242][T13755] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 563.157265][T13755] RAX: 0000000000000000 RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 563.157281][T13755] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 563.157296][T13755] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 563.157311][T13755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 563.157325][T13755] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 563.157361][T13755] [ 564.593599][T13785] sd 0:0:1:0: PR command failed: 1026 [ 564.629965][T13785] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 564.659737][T13785] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 565.521781][T13801] FAULT_INJECTION: forcing a failure. [ 565.521781][T13801] name failslab, interval 1, probability 0, space 0, times 0 [ 565.581929][T13801] CPU: 1 UID: 0 PID: 13801 Comm: syz.3.1381 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 565.581975][T13801] Tainted: [U]=USER [ 565.581984][T13801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 565.581999][T13801] Call Trace: [ 565.582008][T13801] [ 565.582019][T13801] dump_stack_lvl+0x16c/0x1f0 [ 565.582052][T13801] should_fail_ex+0x512/0x640 [ 565.582079][T13801] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 565.582113][T13801] should_failslab+0xc2/0x120 [ 565.582145][T13801] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 565.582174][T13801] ? security_file_alloc+0x34/0x2b0 [ 565.582217][T13801] security_file_alloc+0x34/0x2b0 [ 565.582253][T13801] init_file+0x93/0x4c0 [ 565.582285][T13801] alloc_empty_file+0x73/0x1e0 [ 565.582319][T13801] alloc_file_pseudo+0x13a/0x230 [ 565.582353][T13801] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 565.582392][T13801] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 565.582426][T13801] create_pipe_files+0x364/0x930 [ 565.582460][T13801] do_pipe2+0xaf/0x1c0 [ 565.582493][T13801] ? __pfx_do_pipe2+0x10/0x10 [ 565.582522][T13801] ? xfd_validate_state+0x61/0x180 [ 565.582551][T13801] ? __pfx_ksys_write+0x10/0x10 [ 565.582586][T13801] __x64_sys_pipe+0x33/0x50 [ 565.582610][T13801] do_syscall_64+0xcd/0x490 [ 565.582639][T13801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.582664][T13801] RIP: 0033:0x7f45ae78e969 [ 565.582685][T13801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.582711][T13801] RSP: 002b:00007f45af5af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 565.582736][T13801] RAX: ffffffffffffffda RBX: 00007f45ae9b6080 RCX: 00007f45ae78e969 [ 565.582753][T13801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 565.582768][T13801] RBP: 00007f45ae810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 565.582784][T13801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 565.582799][T13801] R13: 0000000000000000 R14: 00007f45ae9b6080 R15: 00007ffc93d7bee8 [ 565.582833][T13801] [ 568.952245][T13843] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1392'. [ 569.918849][T13866] zswap: compressor 00 not available [ 570.211468][T13883] sd 0:0:1:0: PR command failed: 1026 [ 570.356663][T13883] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 570.363461][T13883] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 573.405567][T13920] Process accounting resumed [ 574.277703][T13943] blktrace: Concurrent blktraces are not allowed on loop7 [ 575.134619][T13973] net_ratelimit: 436 callbacks suppressed [ 575.134642][T13973] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 575.802290][T13983] ubi: mtd0 is already attached to ubi0 [ 576.639379][ T30] audit: type=1800 audit(4294967405.102:15): pid=14007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1424" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 579.654378][T14075] can: request_module (can-proto-0) failed. [ 580.479490][T14096] FAULT_INJECTION: forcing a failure. [ 580.479490][T14096] name failslab, interval 1, probability 0, space 0, times 0 [ 580.519143][T14096] CPU: 1 UID: 0 PID: 14096 Comm: syz.4.1438 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 580.519191][T14096] Tainted: [U]=USER [ 580.519200][T14096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 580.519214][T14096] Call Trace: [ 580.519222][T14096] [ 580.519232][T14096] dump_stack_lvl+0x16c/0x1f0 [ 580.519262][T14096] should_fail_ex+0x512/0x640 [ 580.519299][T14096] ? __kmalloc_noprof+0xbf/0x510 [ 580.519330][T14096] ? constrain_params_by_rules+0x175/0xca0 [ 580.519355][T14096] should_failslab+0xc2/0x120 [ 580.519385][T14096] __kmalloc_noprof+0xd2/0x510 [ 580.519408][T14096] ? unwind_get_return_address+0x59/0xa0 [ 580.519442][T14096] ? arch_stack_walk+0xa6/0x100 [ 580.519477][T14096] constrain_params_by_rules+0x175/0xca0 [ 580.519511][T14096] ? stack_trace_save+0x8e/0xc0 [ 580.519550][T14096] ? stack_depot_save_flags+0x28/0xa40 [ 580.519577][T14096] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 580.519601][T14096] ? kfree+0x2b4/0x4d0 [ 580.519618][T14096] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 580.519650][T14096] ? __kasan_kmalloc+0xaa/0xb0 [ 580.519671][T14096] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 580.519695][T14096] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 580.519718][T14096] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 580.519747][T14096] ? snd_interval_refine+0x2fa/0x580 [ 580.519780][T14096] snd_pcm_hw_refine+0x7de/0xad0 [ 580.519811][T14096] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 580.519848][T14096] ? _snd_pcm_hw_param_min+0x259/0x630 [ 580.519877][T14096] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 580.519908][T14096] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 580.519949][T14096] ? __asan_memset+0x23/0x50 [ 580.519972][T14096] ? calc_src_frames.isra.0+0x187/0x1d0 [ 580.520000][T14096] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 580.520040][T14096] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 580.520086][T14096] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 580.520117][T14096] ? snd_pcm_oss_sync+0x30c/0x840 [ 580.520169][T14096] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 580.520199][T14096] snd_pcm_oss_sync+0x32e/0x840 [ 580.520231][T14096] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 580.520259][T14096] snd_pcm_oss_release+0x28b/0x310 [ 580.520288][T14096] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 580.520315][T14096] __fput+0x402/0xb70 [ 580.520349][T14096] task_work_run+0x14d/0x240 [ 580.520383][T14096] ? __pfx_task_work_run+0x10/0x10 [ 580.520416][T14096] ? __pfx___do_sys_close_range+0x10/0x10 [ 580.520452][T14096] exit_to_user_mode_loop+0xeb/0x110 [ 580.520488][T14096] do_syscall_64+0x3f6/0x490 [ 580.520518][T14096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.520544][T14096] RIP: 0033:0x7fb76958e969 [ 580.520566][T14096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.520591][T14096] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 580.520615][T14096] RAX: 0000000000000000 RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 580.520632][T14096] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 580.520648][T14096] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 580.520664][T14096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 580.520680][T14096] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 580.520713][T14096] [ 580.862634][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.274816][T14105] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1440'. [ 582.277772][ T5839] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 582.774875][T14151] FAULT_INJECTION: forcing a failure. [ 582.774875][T14151] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 582.823947][T14151] CPU: 1 UID: 0 PID: 14151 Comm: syz.4.1447 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 582.823992][T14151] Tainted: [U]=USER [ 582.824002][T14151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 582.824016][T14151] Call Trace: [ 582.824025][T14151] [ 582.824035][T14151] dump_stack_lvl+0x16c/0x1f0 [ 582.824068][T14151] should_fail_ex+0x512/0x640 [ 582.824102][T14151] should_fail_alloc_page+0xe7/0x130 [ 582.824138][T14151] prepare_alloc_pages+0x3c2/0x610 [ 582.824176][T14151] ? rcu_is_watching+0x12/0xc0 [ 582.824217][T14151] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 582.824249][T14151] ? kasan_save_stack+0x33/0x60 [ 582.824275][T14151] ? kasan_save_track+0x14/0x30 [ 582.824299][T14151] ? __kasan_slab_alloc+0x89/0x90 [ 582.824331][T14151] ? css_rstat_updated+0x9d/0xd30 [ 582.824376][T14151] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 582.824421][T14151] ? __lock_acquire+0x622/0x1c90 [ 582.824453][T14151] ? __lock_acquire+0x622/0x1c90 [ 582.824480][T14151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 582.824515][T14151] ? policy_nodemask+0xea/0x4e0 [ 582.824550][T14151] alloc_pages_mpol+0x1fb/0x550 [ 582.824583][T14151] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 582.824626][T14151] folio_alloc_mpol_noprof+0x36/0x2f0 [ 582.824664][T14151] vma_alloc_folio_noprof+0xed/0x1e0 [ 582.824707][T14151] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 582.824743][T14151] ? find_held_lock+0x2b/0x80 [ 582.824779][T14151] ? __handle_mm_fault+0x1092/0x5450 [ 582.824811][T14151] __handle_mm_fault+0x2fac/0x5450 [ 582.824847][T14151] ? __pfx___handle_mm_fault+0x10/0x10 [ 582.824872][T14151] ? __pte_offset_map_lock+0x174/0x310 [ 582.824907][T14151] ? find_held_lock+0x2b/0x80 [ 582.824940][T14151] ? find_held_lock+0x2b/0x80 [ 582.825004][T14151] handle_mm_fault+0x3fe/0xad0 [ 582.825037][T14151] __get_user_pages+0x570/0x3bb0 [ 582.825088][T14151] ? __pfx_mt_find+0x10/0x10 [ 582.825118][T14151] ? __pfx___get_user_pages+0x10/0x10 [ 582.825169][T14151] populate_vma_page_range+0x278/0x3a0 [ 582.825211][T14151] ? __pfx_populate_vma_page_range+0x10/0x10 [ 582.825248][T14151] ? __pfx_find_vma_intersection+0x10/0x10 [ 582.825284][T14151] ? do_mmap+0x69c/0x11b0 [ 582.825321][T14151] __mm_populate+0x1d8/0x380 [ 582.825356][T14151] ? __pfx___mm_populate+0x10/0x10 [ 582.825393][T14151] ? up_write+0x1b2/0x520 [ 582.825425][T14151] vm_mmap_pgoff+0x362/0x450 [ 582.825460][T14151] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 582.825491][T14151] ? 0xffffffffff600000 [ 582.825517][T14151] ? __x64_sys_futex+0x1e0/0x4c0 [ 582.825540][T14151] ? __x64_sys_futex+0x1e9/0x4c0 [ 582.825570][T14151] ksys_mmap_pgoff+0x7d/0x5c0 [ 582.825602][T14151] ? xfd_validate_state+0x61/0x180 [ 582.825636][T14151] __x64_sys_mmap+0x125/0x190 [ 582.825670][T14151] do_syscall_64+0xcd/0x490 [ 582.825707][T14151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.825732][T14151] RIP: 0033:0x7fb76958e969 [ 582.825753][T14151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 582.825776][T14151] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 582.825800][T14151] RAX: ffffffffffffffda RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 582.825817][T14151] RDX: 000000000000000b RSI: 000000000040000b RDI: 0000000000000000 [ 582.825830][T14151] RBP: 00007fb769610ab1 R08: 0000000000000002 R09: 0000000000008000 [ 582.825845][T14151] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 582.825859][T14151] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 582.825891][T14151] [ 584.887075][ T5839] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 585.488453][T14221] synth uevent: /devices/virtual/tty/ptyw2: unknown uevent action string [ 585.497181][T14221] tty ptyw2: uevent: failed to send synthetic uevent: -22 [ 585.844057][T14232] FAULT_INJECTION: forcing a failure. [ 585.844057][T14232] name failslab, interval 1, probability 0, space 0, times 0 [ 585.880515][T14232] CPU: 1 UID: 0 PID: 14232 Comm: syz.2.1461 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 585.880556][T14232] Tainted: [U]=USER [ 585.880565][T14232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 585.880580][T14232] Call Trace: [ 585.880588][T14232] [ 585.880598][T14232] dump_stack_lvl+0x16c/0x1f0 [ 585.880629][T14232] should_fail_ex+0x512/0x640 [ 585.880656][T14232] ? __kmalloc_noprof+0xbf/0x510 [ 585.880688][T14232] ? constrain_params_by_rules+0x175/0xca0 [ 585.880716][T14232] should_failslab+0xc2/0x120 [ 585.880746][T14232] __kmalloc_noprof+0xd2/0x510 [ 585.880771][T14232] ? unwind_get_return_address+0x59/0xa0 [ 585.880807][T14232] ? arch_stack_walk+0xa6/0x100 [ 585.880844][T14232] constrain_params_by_rules+0x175/0xca0 [ 585.880873][T14232] ? stack_trace_save+0x8e/0xc0 [ 585.880910][T14232] ? stack_depot_save_flags+0x28/0xa40 [ 585.880936][T14232] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 585.880962][T14232] ? kfree+0x2b4/0x4d0 [ 585.880982][T14232] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 585.881018][T14232] ? __kasan_kmalloc+0xaa/0xb0 [ 585.881043][T14232] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 585.881069][T14232] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 585.881096][T14232] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 585.881137][T14232] ? snd_interval_refine+0x2fa/0x580 [ 585.881176][T14232] snd_pcm_hw_refine+0x7de/0xad0 [ 585.881211][T14232] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 585.881253][T14232] ? _snd_pcm_hw_param_min+0x259/0x630 [ 585.881286][T14232] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 585.881320][T14232] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 585.881350][T14232] ? __asan_memset+0x23/0x50 [ 585.881372][T14232] ? calc_src_frames.isra.0+0x187/0x1d0 [ 585.881400][T14232] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 585.881448][T14232] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 585.881496][T14232] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 585.881528][T14232] ? snd_pcm_oss_sync+0x30c/0x840 [ 585.881580][T14232] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 585.881611][T14232] snd_pcm_oss_sync+0x32e/0x840 [ 585.881642][T14232] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 585.881669][T14232] snd_pcm_oss_release+0x28b/0x310 [ 585.881698][T14232] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 585.881724][T14232] __fput+0x402/0xb70 [ 585.881764][T14232] task_work_run+0x14d/0x240 [ 585.881800][T14232] ? __pfx_task_work_run+0x10/0x10 [ 585.881834][T14232] ? __pfx___do_sys_close_range+0x10/0x10 [ 585.881869][T14232] exit_to_user_mode_loop+0xeb/0x110 [ 585.881905][T14232] do_syscall_64+0x3f6/0x490 [ 585.881935][T14232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.881961][T14232] RIP: 0033:0x7f9447f8e969 [ 585.881984][T14232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.882008][T14232] RSP: 002b:00007f9448d22038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 585.882033][T14232] RAX: 0000000000000000 RBX: 00007f94481b5fa0 RCX: 00007f9447f8e969 [ 585.882050][T14232] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 585.882066][T14232] RBP: 00007f9448010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 585.882082][T14232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.882097][T14232] R13: 0000000000000000 R14: 00007f94481b5fa0 R15: 00007ffcfa86f618 [ 585.882134][T14232] [ 586.691801][T14250] FAULT_INJECTION: forcing a failure. [ 586.691801][T14250] name failslab, interval 1, probability 0, space 0, times 0 [ 586.730535][T14251] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1466'. [ 586.785806][T14250] CPU: 0 UID: 0 PID: 14250 Comm: syz.4.1465 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 586.785852][T14250] Tainted: [U]=USER [ 586.785861][T14250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.785875][T14250] Call Trace: [ 586.785883][T14250] [ 586.785893][T14250] dump_stack_lvl+0x16c/0x1f0 [ 586.785925][T14250] should_fail_ex+0x512/0x640 [ 586.785952][T14250] ? __kmalloc_noprof+0xbf/0x510 [ 586.785984][T14250] ? ima_write_template_field_data+0x5d/0x1f0 [ 586.786021][T14250] should_failslab+0xc2/0x120 [ 586.786052][T14250] __kmalloc_noprof+0xd2/0x510 [ 586.786089][T14250] ima_write_template_field_data+0x5d/0x1f0 [ 586.786131][T14250] ima_eventname_init_common+0x1b8/0x260 [ 586.786170][T14250] ? __pfx_ima_eventname_init_common+0x10/0x10 [ 586.786213][T14250] ? trace_kmalloc+0x2b/0xd0 [ 586.786244][T14250] ? __kmalloc_noprof+0x242/0x510 [ 586.786272][T14250] ? __print_lock_name+0x51/0xe0 [ 586.786314][T14250] ima_alloc_init_template+0x39d/0x720 [ 586.786352][T14250] ima_store_measurement+0x1eb/0x5c0 [ 586.786384][T14250] ? __pfx_ima_store_measurement+0x10/0x10 [ 586.786413][T14250] ? vfs_getxattr_alloc+0xec/0x340 [ 586.786447][T14250] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 586.786478][T14250] process_measurement+0x1ddb/0x23e0 [ 586.786516][T14250] ? __pfx_process_measurement+0x10/0x10 [ 586.786549][T14250] ? alloc_empty_file+0x73/0x1e0 [ 586.786596][T14250] ? hugetlb_file_setup+0x4cd/0x620 [ 586.786638][T14250] ? ksys_mmap_pgoff+0x189/0x5c0 [ 586.786679][T14250] ? __x64_sys_mmap+0x125/0x190 [ 586.786752][T14250] ima_file_mmap+0x1b1/0x1d0 [ 586.786776][T14250] ? __pfx_ima_file_mmap+0x10/0x10 [ 586.786812][T14250] security_mmap_file+0x88c/0x990 [ 586.786850][T14250] vm_mmap_pgoff+0xec/0x450 [ 586.786887][T14250] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 586.786916][T14250] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 586.786950][T14250] ? hugetlbfs_get_inode+0x31f/0x730 [ 586.786992][T14250] ksys_mmap_pgoff+0x1c8/0x5c0 [ 586.787030][T14250] __x64_sys_mmap+0x125/0x190 [ 586.787062][T14250] do_syscall_64+0xcd/0x490 [ 586.787090][T14250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.787113][T14250] RIP: 0033:0x7fb76958e969 [ 586.787133][T14250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.787156][T14250] RSP: 002b:00007fb76a3b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 586.787198][T14250] RAX: ffffffffffffffda RBX: 00007fb7697b6080 RCX: 00007fb76958e969 [ 586.787216][T14250] RDX: 00004000000000df RSI: 0000000000000003 RDI: 0000000000000000 [ 586.787231][T14250] RBP: 00007fb769610ab1 R08: 0000000000000401 R09: 0000300000000000 [ 586.787248][T14250] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 586.787263][T14250] R13: 0000000000000000 R14: 00007fb7697b6080 R15: 00007fff6a0c2a78 [ 586.787298][T14250] [ 587.138858][ T30] audit: type=1804 audit(4294967415.602:16): pid=14250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.1465" name="anon_hugepage" dev="hugetlbfs" ino=48442 res=0 errno=0 [ 587.457539][T14265] netlink: 'syz.3.1469': attribute type 2 has an invalid length. [ 588.156891][T14274] netlink: 'syz.4.1470': attribute type 2 has an invalid length. [ 588.657201][T14300] FAULT_INJECTION: forcing a failure. [ 588.657201][T14300] name failslab, interval 1, probability 0, space 0, times 0 [ 588.749260][T14300] CPU: 0 UID: 0 PID: 14300 Comm: syz.4.1474 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 588.749303][T14300] Tainted: [U]=USER [ 588.749312][T14300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 588.749325][T14300] Call Trace: [ 588.749334][T14300] [ 588.749344][T14300] dump_stack_lvl+0x16c/0x1f0 [ 588.749379][T14300] should_fail_ex+0x512/0x640 [ 588.749404][T14300] ? __kmalloc_noprof+0xbf/0x510 [ 588.749432][T14300] ? constrain_params_by_rules+0x175/0xca0 [ 588.749467][T14300] should_failslab+0xc2/0x120 [ 588.749497][T14300] __kmalloc_noprof+0xd2/0x510 [ 588.749520][T14300] ? unwind_get_return_address+0x59/0xa0 [ 588.749554][T14300] ? arch_stack_walk+0xa6/0x100 [ 588.749595][T14300] constrain_params_by_rules+0x175/0xca0 [ 588.749629][T14300] ? stack_trace_save+0x8e/0xc0 [ 588.749667][T14300] ? stack_depot_save_flags+0x28/0xa40 [ 588.749693][T14300] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 588.749717][T14300] ? kfree+0x2b4/0x4d0 [ 588.749736][T14300] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 588.749771][T14300] ? __kasan_kmalloc+0xaa/0xb0 [ 588.749796][T14300] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 588.749822][T14300] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 588.749848][T14300] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 588.749886][T14300] ? snd_interval_refine+0x2fa/0x580 [ 588.749922][T14300] snd_pcm_hw_refine+0x7de/0xad0 [ 588.749958][T14300] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 588.750001][T14300] ? _snd_pcm_hw_param_min+0x259/0x630 [ 588.750033][T14300] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 588.750066][T14300] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 588.750094][T14300] ? __asan_memset+0x23/0x50 [ 588.750115][T14300] ? calc_src_frames.isra.0+0x187/0x1d0 [ 588.750141][T14300] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 588.750175][T14300] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 588.750217][T14300] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 588.750249][T14300] ? snd_pcm_oss_sync+0x30c/0x840 [ 588.750301][T14300] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 588.750331][T14300] snd_pcm_oss_sync+0x32e/0x840 [ 588.750360][T14300] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 588.750385][T14300] snd_pcm_oss_release+0x28b/0x310 [ 588.750414][T14300] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 588.750449][T14300] __fput+0x402/0xb70 [ 588.750490][T14300] task_work_run+0x14d/0x240 [ 588.750523][T14300] ? __pfx_task_work_run+0x10/0x10 [ 588.750556][T14300] ? __pfx___do_sys_close_range+0x10/0x10 [ 588.750587][T14300] exit_to_user_mode_loop+0xeb/0x110 [ 588.750622][T14300] do_syscall_64+0x3f6/0x490 [ 588.750652][T14300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.750678][T14300] RIP: 0033:0x7fb76958e969 [ 588.750698][T14300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 588.750723][T14300] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 588.750749][T14300] RAX: 0000000000000000 RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 588.750766][T14300] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 588.750779][T14300] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 588.750792][T14300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 588.750806][T14300] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 588.750838][T14300] [ 591.472838][T14355] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 591.877105][T14364] FAULT_INJECTION: forcing a failure. [ 591.877105][T14364] name failslab, interval 1, probability 0, space 0, times 0 [ 591.913844][T14364] CPU: 1 UID: 0 PID: 14364 Comm: syz.1.1485 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 591.913961][T14364] Tainted: [U]=USER [ 591.913971][T14364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 591.913984][T14364] Call Trace: [ 591.913993][T14364] [ 591.914005][T14364] dump_stack_lvl+0x16c/0x1f0 [ 591.914037][T14364] should_fail_ex+0x512/0x640 [ 591.914063][T14364] ? __kmalloc_noprof+0xbf/0x510 [ 591.914094][T14364] ? constrain_params_by_rules+0x175/0xca0 [ 591.914122][T14364] should_failslab+0xc2/0x120 [ 591.914154][T14364] __kmalloc_noprof+0xd2/0x510 [ 591.914193][T14364] ? unwind_get_return_address+0x59/0xa0 [ 591.914229][T14364] ? arch_stack_walk+0xa6/0x100 [ 591.914271][T14364] constrain_params_by_rules+0x175/0xca0 [ 591.914306][T14364] ? stack_trace_save+0x8e/0xc0 [ 591.914343][T14364] ? stack_depot_save_flags+0x28/0xa40 [ 591.914370][T14364] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 591.914391][T14364] ? kfree+0x2b4/0x4d0 [ 591.914409][T14364] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 591.914437][T14364] ? __kasan_kmalloc+0xaa/0xb0 [ 591.914458][T14364] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 591.914480][T14364] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 591.914503][T14364] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 591.914538][T14364] ? snd_interval_refine+0x2fa/0x580 [ 591.914572][T14364] snd_pcm_hw_refine+0x7de/0xad0 [ 591.914607][T14364] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 591.914651][T14364] ? _snd_pcm_hw_param_min+0x259/0x630 [ 591.914684][T14364] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 591.914718][T14364] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 591.914748][T14364] ? __asan_memset+0x23/0x50 [ 591.914771][T14364] ? calc_src_frames.isra.0+0x187/0x1d0 [ 591.914799][T14364] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 591.914837][T14364] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 591.914883][T14364] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 591.914914][T14364] ? snd_pcm_oss_sync+0x30c/0x840 [ 591.914964][T14364] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 591.914994][T14364] snd_pcm_oss_sync+0x32e/0x840 [ 591.915026][T14364] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 591.915052][T14364] snd_pcm_oss_release+0x28b/0x310 [ 591.915080][T14364] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 591.915106][T14364] __fput+0x402/0xb70 [ 591.915145][T14364] task_work_run+0x14d/0x240 [ 591.915192][T14364] ? __pfx_task_work_run+0x10/0x10 [ 591.915228][T14364] ? __pfx___do_sys_close_range+0x10/0x10 [ 591.915264][T14364] exit_to_user_mode_loop+0xeb/0x110 [ 591.915300][T14364] do_syscall_64+0x3f6/0x490 [ 591.915329][T14364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.915356][T14364] RIP: 0033:0x7fb15d98e969 [ 591.915378][T14364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.915404][T14364] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 591.915430][T14364] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 591.915447][T14364] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 591.915462][T14364] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 591.915478][T14364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.915494][T14364] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 591.915531][T14364] [ 592.602888][T14368] can: request_module (can-proto-0) failed. [ 594.216646][T14408] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1497'. [ 594.989393][T14430] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 596.663318][T14468] FAULT_INJECTION: forcing a failure. [ 596.663318][T14468] name failslab, interval 1, probability 0, space 0, times 0 [ 596.684794][T14468] CPU: 1 UID: 0 PID: 14468 Comm: syz.3.1512 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 596.684841][T14468] Tainted: [U]=USER [ 596.684849][T14468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.684864][T14468] Call Trace: [ 596.684873][T14468] [ 596.684883][T14468] dump_stack_lvl+0x16c/0x1f0 [ 596.684915][T14468] should_fail_ex+0x512/0x640 [ 596.684942][T14468] ? __kmalloc_noprof+0xbf/0x510 [ 596.684975][T14468] ? constrain_params_by_rules+0x175/0xca0 [ 596.685002][T14468] should_failslab+0xc2/0x120 [ 596.685033][T14468] __kmalloc_noprof+0xd2/0x510 [ 596.685061][T14468] ? kasan_quarantine_put+0x10a/0x240 [ 596.685087][T14468] ? lockdep_hardirqs_on+0x7c/0x110 [ 596.685117][T14468] constrain_params_by_rules+0x175/0xca0 [ 596.685145][T14468] ? constrain_params_by_rules+0xa09/0xca0 [ 596.685179][T14468] ? constrain_params_by_rules+0xa0e/0xca0 [ 596.685216][T14468] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 596.685254][T14468] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 596.685293][T14468] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 596.685322][T14468] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 596.685352][T14468] ? snd_interval_refine+0x2fa/0x580 [ 596.685398][T14468] snd_pcm_hw_refine+0x7de/0xad0 [ 596.685434][T14468] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 596.685469][T14468] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 596.685513][T14468] snd_pcm_hw_param_first+0x334/0x6f0 [ 596.685549][T14468] snd_pcm_hw_param_near.constprop.0+0x702/0x8e0 [ 596.685583][T14468] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 596.685611][T14468] ? __asan_memset+0x23/0x50 [ 596.685633][T14468] ? calc_src_frames.isra.0+0x187/0x1d0 [ 596.685660][T14468] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 596.685697][T14468] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 596.685743][T14468] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 596.685774][T14468] ? snd_pcm_oss_sync+0x30c/0x840 [ 596.685825][T14468] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 596.685855][T14468] snd_pcm_oss_sync+0x32e/0x840 [ 596.685887][T14468] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 596.685914][T14468] snd_pcm_oss_release+0x28b/0x310 [ 596.685942][T14468] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 596.685966][T14468] __fput+0x402/0xb70 [ 596.686006][T14468] task_work_run+0x14d/0x240 [ 596.686041][T14468] ? __pfx_task_work_run+0x10/0x10 [ 596.686076][T14468] ? __pfx___do_sys_close_range+0x10/0x10 [ 596.686111][T14468] exit_to_user_mode_loop+0xeb/0x110 [ 596.686143][T14468] do_syscall_64+0x3f6/0x490 [ 596.686171][T14468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.686196][T14468] RIP: 0033:0x7f45ae78e969 [ 596.686214][T14468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.686260][T14468] RSP: 002b:00007f45af5d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 596.686281][T14468] RAX: 0000000000000000 RBX: 00007f45ae9b5fa0 RCX: 00007f45ae78e969 [ 596.686299][T14468] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 596.686312][T14468] RBP: 00007f45ae810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 596.686325][T14468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.686339][T14468] R13: 0000000000000000 R14: 00007f45ae9b5fa0 R15: 00007ffc93d7bee8 [ 596.686371][T14468] [ 597.645674][T14481] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1514'. [ 598.590735][T14483] random: crng reseeded on system resumption [ 599.445724][T14499] can: request_module (can-proto-0) failed. [ 601.620368][T14532] FAULT_INJECTION: forcing a failure. [ 601.620368][T14532] name failslab, interval 1, probability 0, space 0, times 0 [ 601.669199][T14532] CPU: 1 UID: 0 PID: 14532 Comm: syz.1.1524 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 601.669227][T14532] Tainted: [U]=USER [ 601.669232][T14532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 601.669240][T14532] Call Trace: [ 601.669245][T14532] [ 601.669252][T14532] dump_stack_lvl+0x16c/0x1f0 [ 601.669273][T14532] should_fail_ex+0x512/0x640 [ 601.669288][T14532] ? __kmalloc_noprof+0xbf/0x510 [ 601.669306][T14532] ? constrain_params_by_rules+0x175/0xca0 [ 601.669321][T14532] should_failslab+0xc2/0x120 [ 601.669339][T14532] __kmalloc_noprof+0xd2/0x510 [ 601.669353][T14532] ? unwind_get_return_address+0x59/0xa0 [ 601.669373][T14532] ? arch_stack_walk+0xa6/0x100 [ 601.669394][T14532] constrain_params_by_rules+0x175/0xca0 [ 601.669413][T14532] ? stack_trace_save+0x8e/0xc0 [ 601.669435][T14532] ? stack_depot_save_flags+0x28/0xa40 [ 601.669450][T14532] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 601.669464][T14532] ? kfree+0x2b4/0x4d0 [ 601.669474][T14532] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 601.669493][T14532] ? __kasan_kmalloc+0xaa/0xb0 [ 601.669507][T14532] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 601.669520][T14532] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 601.669534][T14532] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 601.669555][T14532] ? snd_interval_refine+0x2fa/0x580 [ 601.669575][T14532] snd_pcm_hw_refine+0x7de/0xad0 [ 601.669593][T14532] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 601.669616][T14532] ? _snd_pcm_hw_param_min+0x259/0x630 [ 601.669633][T14532] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 601.669651][T14532] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 601.669666][T14532] ? __asan_memset+0x23/0x50 [ 601.669678][T14532] ? calc_src_frames.isra.0+0x187/0x1d0 [ 601.669693][T14532] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 601.669712][T14532] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 601.669737][T14532] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 601.669753][T14532] ? snd_pcm_oss_sync+0x30c/0x840 [ 601.669780][T14532] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 601.669796][T14532] snd_pcm_oss_sync+0x32e/0x840 [ 601.669813][T14532] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 601.669827][T14532] snd_pcm_oss_release+0x28b/0x310 [ 601.669843][T14532] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 601.669856][T14532] __fput+0x402/0xb70 [ 601.669878][T14532] task_work_run+0x14d/0x240 [ 601.669897][T14532] ? __pfx_task_work_run+0x10/0x10 [ 601.669916][T14532] ? __pfx___do_sys_close_range+0x10/0x10 [ 601.669935][T14532] exit_to_user_mode_loop+0xeb/0x110 [ 601.669954][T14532] do_syscall_64+0x3f6/0x490 [ 601.669971][T14532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.669993][T14532] RIP: 0033:0x7fb15d98e969 [ 601.670006][T14532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 601.670021][T14532] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 601.670035][T14532] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 601.670045][T14532] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 601.670054][T14532] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 601.670064][T14532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.670072][T14532] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 601.670091][T14532] [ 602.012581][ C1] vkms_vblank_simulate: vblank timer overrun [ 602.726272][T14540] can: request_module (can-proto-0) failed. [ 602.756058][T14539] FAULT_INJECTION: forcing a failure. [ 602.756058][T14539] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 602.826614][T14539] CPU: 1 UID: 0 PID: 14539 Comm: syz.1.1526 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 602.826656][T14539] Tainted: [U]=USER [ 602.826664][T14539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 602.826678][T14539] Call Trace: [ 602.826686][T14539] [ 602.826696][T14539] dump_stack_lvl+0x16c/0x1f0 [ 602.826727][T14539] should_fail_ex+0x512/0x640 [ 602.826758][T14539] _copy_from_user+0x2e/0xd0 [ 602.826787][T14539] copy_msghdr_from_user+0x98/0x160 [ 602.826829][T14539] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 602.826879][T14539] ___sys_sendmsg+0xfe/0x1d0 [ 602.826913][T14539] ? __pfx____sys_sendmsg+0x10/0x10 [ 602.826942][T14539] ? __lock_acquire+0x622/0x1c90 [ 602.827013][T14539] __sys_sendmsg+0x16d/0x220 [ 602.827045][T14539] ? __pfx___sys_sendmsg+0x10/0x10 [ 602.827102][T14539] do_syscall_64+0xcd/0x490 [ 602.827127][T14539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.827149][T14539] RIP: 0033:0x7fb15d98e969 [ 602.827167][T14539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.827189][T14539] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 602.827212][T14539] RAX: ffffffffffffffda RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 602.827229][T14539] RDX: 0000000000000040 RSI: 0000200000002cc0 RDI: 0000000000000003 [ 602.827244][T14539] RBP: 00007fb15b7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 602.827259][T14539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 602.827273][T14539] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 602.827305][T14539] [ 603.004719][ C1] vkms_vblank_simulate: vblank timer overrun [ 603.575183][T14548] can: request_module (can-proto-0) failed. [ 603.784563][T14545] Process accounting paused [ 604.138848][T14561] netlink: 11440 bytes leftover after parsing attributes in process `syz.3.1531'. [ 604.538857][T14570] FAULT_INJECTION: forcing a failure. [ 604.538857][T14570] name failslab, interval 1, probability 0, space 0, times 0 [ 604.582914][T14570] CPU: 0 UID: 0 PID: 14570 Comm: syz.3.1534 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 604.582959][T14570] Tainted: [U]=USER [ 604.582968][T14570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 604.582985][T14570] Call Trace: [ 604.582994][T14570] [ 604.583005][T14570] dump_stack_lvl+0x16c/0x1f0 [ 604.583035][T14570] should_fail_ex+0x512/0x640 [ 604.583063][T14570] ? __kmalloc_noprof+0xbf/0x510 [ 604.583095][T14570] ? constrain_params_by_rules+0x175/0xca0 [ 604.583120][T14570] should_failslab+0xc2/0x120 [ 604.583148][T14570] __kmalloc_noprof+0xd2/0x510 [ 604.583173][T14570] ? unwind_get_return_address+0x59/0xa0 [ 604.583210][T14570] constrain_params_by_rules+0x175/0xca0 [ 604.583246][T14570] ? stack_trace_save+0x8e/0xc0 [ 604.583286][T14570] ? stack_depot_save_flags+0x28/0xa40 [ 604.583314][T14570] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 604.583350][T14570] ? __kasan_kmalloc+0xaa/0xb0 [ 604.583375][T14570] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 604.583402][T14570] ? snd_pcm_oss_make_ready+0xe6/0x1b0 [ 604.583427][T14570] ? snd_pcm_oss_sync+0x1de/0x840 [ 604.583461][T14570] ? rcu_is_watching+0x12/0xc0 [ 604.583494][T14570] ? snd_interval_refine+0x2fa/0x580 [ 604.583528][T14570] snd_pcm_hw_refine+0x7de/0xad0 [ 604.583560][T14570] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 604.583599][T14570] ? __asan_memset+0x23/0x50 [ 604.583622][T14570] ? _snd_pcm_hw_param_min+0x259/0x630 [ 604.583653][T14570] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 604.583684][T14570] ? rcu_is_watching+0x12/0xc0 [ 604.583739][T14570] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 604.583768][T14570] ? __pfx___mutex_lock+0x10/0x10 [ 604.583820][T14570] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 604.583849][T14570] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 604.583873][T14570] snd_pcm_oss_sync+0x1de/0x840 [ 604.583903][T14570] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 604.583930][T14570] snd_pcm_oss_release+0x28b/0x310 [ 604.583958][T14570] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 604.583982][T14570] __fput+0x402/0xb70 [ 604.584021][T14570] task_work_run+0x14d/0x240 [ 604.584055][T14570] ? __pfx_task_work_run+0x10/0x10 [ 604.584088][T14570] ? __pfx___do_sys_close_range+0x10/0x10 [ 604.584123][T14570] exit_to_user_mode_loop+0xeb/0x110 [ 604.584157][T14570] do_syscall_64+0x3f6/0x490 [ 604.584185][T14570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.584211][T14570] RIP: 0033:0x7f45ae78e969 [ 604.584232][T14570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.584257][T14570] RSP: 002b:00007f45af5d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 604.584281][T14570] RAX: 0000000000000000 RBX: 00007f45ae9b5fa0 RCX: 00007f45ae78e969 [ 604.584298][T14570] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 604.584314][T14570] RBP: 00007f45ae810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 604.584329][T14570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.584344][T14570] R13: 0000000000000000 R14: 00007f45ae9b5fa0 R15: 00007ffc93d7bee8 [ 604.584379][T14570] [ 604.915291][T14566] binder: 14565:14566 unknown command 0 [ 604.921061][T14566] binder: 14565:14566 ioctl c0306201 2000000000c0 returned -22 [ 605.299778][T14574] FAULT_INJECTION: forcing a failure. [ 605.299778][T14574] name failslab, interval 1, probability 0, space 0, times 0 [ 605.350336][T14574] CPU: 0 UID: 0 PID: 14574 Comm: syz.1.1535 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 605.350381][T14574] Tainted: [U]=USER [ 605.350390][T14574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.350406][T14574] Call Trace: [ 605.350414][T14574] [ 605.350424][T14574] dump_stack_lvl+0x16c/0x1f0 [ 605.350456][T14574] should_fail_ex+0x512/0x640 [ 605.350483][T14574] ? __kmalloc_noprof+0xbf/0x510 [ 605.350516][T14574] ? constrain_params_by_rules+0x175/0xca0 [ 605.350554][T14574] should_failslab+0xc2/0x120 [ 605.350586][T14574] __kmalloc_noprof+0xd2/0x510 [ 605.350612][T14574] ? unwind_get_return_address+0x59/0xa0 [ 605.350649][T14574] ? arch_stack_walk+0xa6/0x100 [ 605.350689][T14574] constrain_params_by_rules+0x175/0xca0 [ 605.350724][T14574] ? stack_trace_save+0x8e/0xc0 [ 605.350763][T14574] ? stack_depot_save_flags+0x28/0xa40 [ 605.350791][T14574] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 605.350817][T14574] ? kfree+0x2b4/0x4d0 [ 605.350836][T14574] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 605.350871][T14574] ? __kasan_kmalloc+0xaa/0xb0 [ 605.350896][T14574] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 605.350921][T14574] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 605.350948][T14574] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 605.350988][T14574] ? snd_interval_refine+0x2fa/0x580 [ 605.351024][T14574] snd_pcm_hw_refine+0x7de/0xad0 [ 605.351056][T14574] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 605.351098][T14574] ? _snd_pcm_hw_param_min+0x259/0x630 [ 605.351128][T14574] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 605.351160][T14574] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 605.351188][T14574] ? __asan_memset+0x23/0x50 [ 605.351210][T14574] ? calc_src_frames.isra.0+0x187/0x1d0 [ 605.351237][T14574] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 605.351275][T14574] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 605.351321][T14574] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 605.351352][T14574] ? snd_pcm_oss_sync+0x30c/0x840 [ 605.351405][T14574] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 605.351436][T14574] snd_pcm_oss_sync+0x32e/0x840 [ 605.351467][T14574] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 605.351494][T14574] snd_pcm_oss_release+0x28b/0x310 [ 605.351522][T14574] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 605.351557][T14574] __fput+0x402/0xb70 [ 605.351598][T14574] task_work_run+0x14d/0x240 [ 605.351633][T14574] ? __pfx_task_work_run+0x10/0x10 [ 605.351665][T14574] ? __pfx___do_sys_close_range+0x10/0x10 [ 605.351698][T14574] exit_to_user_mode_loop+0xeb/0x110 [ 605.351732][T14574] do_syscall_64+0x3f6/0x490 [ 605.351762][T14574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.351787][T14574] RIP: 0033:0x7fb15d98e969 [ 605.351807][T14574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.351832][T14574] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 605.351855][T14574] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 605.351872][T14574] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 605.351888][T14574] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 605.351903][T14574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.351918][T14574] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 605.351954][T14574] [ 607.143332][T14603] program syz.3.1541 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 607.701929][T14620] can: request_module (can-proto-0) failed. [ 607.999754][T14622] sd 0:0:1:0: PR command failed: 1026 [ 608.024571][T14622] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 608.146977][T14622] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 609.288202][T14654] FAULT_INJECTION: forcing a failure. [ 609.288202][T14654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 609.288244][T14654] CPU: 1 UID: 0 PID: 14654 Comm: syz.2.1552 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 609.288281][T14654] Tainted: [U]=USER [ 609.288290][T14654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 609.288303][T14654] Call Trace: [ 609.288311][T14654] [ 609.288321][T14654] dump_stack_lvl+0x16c/0x1f0 [ 609.288351][T14654] should_fail_ex+0x512/0x640 [ 609.288383][T14654] _copy_from_iter+0x29f/0x16f0 [ 609.288425][T14654] ? __alloc_skb+0x200/0x380 [ 609.288459][T14654] ? __pfx__copy_from_iter+0x10/0x10 [ 609.288490][T14654] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 609.288538][T14654] netlink_sendmsg+0x829/0xdd0 [ 609.288580][T14654] ? __pfx_netlink_sendmsg+0x10/0x10 [ 609.288630][T14654] ____sys_sendmsg+0xa95/0xc70 [ 609.288657][T14654] ? copy_msghdr_from_user+0x10a/0x160 [ 609.288692][T14654] ? __pfx_____sys_sendmsg+0x10/0x10 [ 609.288735][T14654] ___sys_sendmsg+0x134/0x1d0 [ 609.288771][T14654] ? __pfx____sys_sendmsg+0x10/0x10 [ 609.288802][T14654] ? __lock_acquire+0x622/0x1c90 [ 609.288873][T14654] __sys_sendmsg+0x16d/0x220 [ 609.288907][T14654] ? __pfx___sys_sendmsg+0x10/0x10 [ 609.288965][T14654] do_syscall_64+0xcd/0x490 [ 609.288993][T14654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.289019][T14654] RIP: 0033:0x7f9447f8e969 [ 609.289038][T14654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.289062][T14654] RSP: 002b:00007f9448d22038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 609.289085][T14654] RAX: ffffffffffffffda RBX: 00007f94481b5fa0 RCX: 00007f9447f8e969 [ 609.289102][T14654] RDX: 0000000004000000 RSI: 0000200000000900 RDI: 0000000000000003 [ 609.289116][T14654] RBP: 00007f9448d22090 R08: 0000000000000000 R09: 0000000000000000 [ 609.289130][T14654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 609.289143][T14654] R13: 0000000000000000 R14: 00007f94481b5fa0 R15: 00007ffcfa86f618 [ 609.289174][T14654] [ 609.320767][T14655] program syz.3.1551 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 609.799560][T14665] device-mapper: ioctl: only supply one of name or uuid, cmd(12) [ 609.830900][T14665] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input32 [ 609.997859][T14666] ubi: mtd0 is already attached to ubi0 [ 610.203612][T14662] tipc: Started in network mode [ 610.203641][T14662] tipc: Node identity b, cluster identity 4711 [ 610.203659][T14662] tipc: Node number set to 11 [ 611.844308][T14705] cgroup: fork rejected by pids controller in /syz1 [ 617.404223][T15056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1582'. [ 618.090645][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 618.847212][ C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff888033bebc00: rx timeout, send abort [ 619.356848][ C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff888033bebc00: abort rx timeout. Force session deactivation [ 620.259332][T15078] can: request_module (can-proto-0) failed. [ 621.417814][T15097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1593'. [ 621.444588][T15097] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1593'. [ 621.477995][T15097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1593'. [ 623.430580][T15132] can: request_module (can-proto-0) failed. [ 624.397368][T15150] can: request_module (can-proto-0) failed. [ 624.552933][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.559522][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.325213][T15213] can: request_module (can-proto-0) failed. [ 628.638392][T15217] FAULT_INJECTION: forcing a failure. [ 628.638392][T15217] name failslab, interval 1, probability 0, space 0, times 0 [ 628.806473][T15217] CPU: 1 UID: 0 PID: 15217 Comm: syz.1.1620 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 628.806515][T15217] Tainted: [U]=USER [ 628.806523][T15217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 628.806536][T15217] Call Trace: [ 628.806544][T15217] [ 628.806553][T15217] dump_stack_lvl+0x16c/0x1f0 [ 628.806575][T15217] should_fail_ex+0x512/0x640 [ 628.806590][T15217] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 628.806607][T15217] should_failslab+0xc2/0x120 [ 628.806626][T15217] __kmalloc_cache_noprof+0x6a/0x3e0 [ 628.806640][T15217] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 628.806660][T15217] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 628.806677][T15217] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 628.806693][T15217] ? snd_pcm_oss_change_params_locked+0x958/0x3a30 [ 628.806712][T15217] snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 628.806736][T15217] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 628.806753][T15217] ? snd_pcm_oss_sync+0x30c/0x840 [ 628.806779][T15217] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 628.806795][T15217] snd_pcm_oss_sync+0x32e/0x840 [ 628.806812][T15217] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 628.806826][T15217] snd_pcm_oss_release+0x28b/0x310 [ 628.806842][T15217] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 628.806856][T15217] __fput+0x402/0xb70 [ 628.806877][T15217] task_work_run+0x14d/0x240 [ 628.806896][T15217] ? __pfx_task_work_run+0x10/0x10 [ 628.806914][T15217] ? __pfx___do_sys_close_range+0x10/0x10 [ 628.806933][T15217] exit_to_user_mode_loop+0xeb/0x110 [ 628.806953][T15217] do_syscall_64+0x3f6/0x490 [ 628.806969][T15217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.806983][T15217] RIP: 0033:0x7fb15d98e969 [ 628.806995][T15217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.807009][T15217] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 628.807022][T15217] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 628.807031][T15217] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 628.807039][T15217] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 628.807047][T15217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.807055][T15217] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 628.807073][T15217] [ 630.019632][T15239] can: request_module (can-proto-0) failed. [ 630.189045][T15250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1628'. [ 630.527045][T15254] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1628'. [ 631.425649][T15269] FAULT_INJECTION: forcing a failure. [ 631.425649][T15269] name failslab, interval 1, probability 0, space 0, times 0 [ 631.626575][T15269] CPU: 0 UID: 0 PID: 15269 Comm: syz.2.1632 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 631.626622][T15269] Tainted: [U]=USER [ 631.626632][T15269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 631.626647][T15269] Call Trace: [ 631.626657][T15269] [ 631.626669][T15269] dump_stack_lvl+0x16c/0x1f0 [ 631.626704][T15269] should_fail_ex+0x512/0x640 [ 631.626732][T15269] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 631.626764][T15269] should_failslab+0xc2/0x120 [ 631.626797][T15269] __kmalloc_cache_noprof+0x6a/0x3e0 [ 631.626822][T15269] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 631.626849][T15269] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 631.626876][T15269] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 631.626909][T15269] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 631.626944][T15269] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 631.626975][T15269] ? __asan_memset+0x23/0x50 [ 631.626997][T15269] ? calc_src_frames.isra.0+0x187/0x1d0 [ 631.627066][T15269] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 631.627107][T15269] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 631.627155][T15269] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 631.627187][T15269] ? snd_pcm_oss_sync+0x30c/0x840 [ 631.627241][T15269] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 631.627272][T15269] snd_pcm_oss_sync+0x32e/0x840 [ 631.627303][T15269] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 631.627331][T15269] snd_pcm_oss_release+0x28b/0x310 [ 631.627361][T15269] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 631.627387][T15269] __fput+0x402/0xb70 [ 631.627428][T15269] task_work_run+0x14d/0x240 [ 631.627464][T15269] ? __pfx_task_work_run+0x10/0x10 [ 631.627499][T15269] ? __pfx___do_sys_close_range+0x10/0x10 [ 631.627536][T15269] exit_to_user_mode_loop+0xeb/0x110 [ 631.627572][T15269] do_syscall_64+0x3f6/0x490 [ 631.627604][T15269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.627631][T15269] RIP: 0033:0x7f9447f8e969 [ 631.627654][T15269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.627682][T15269] RSP: 002b:00007f9448d22038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 631.627709][T15269] RAX: 0000000000000000 RBX: 00007f94481b5fa0 RCX: 00007f9447f8e969 [ 631.627727][T15269] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 631.627744][T15269] RBP: 00007f9448010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 631.627761][T15269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.627777][T15269] R13: 0000000000000000 R14: 00007f94481b5fa0 R15: 00007ffcfa86f618 [ 631.627813][T15269] [ 632.018575][T15274] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 632.138388][T14709] syz.1.1559 (14709) used greatest stack depth: 18056 bytes left [ 632.194225][T15273] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input34 [ 633.078487][T15295] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1639'. [ 633.533035][T15306] can: request_module (can-proto-0) failed. [ 633.549053][T15312] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1642'. [ 634.176013][T15305] Process accounting resumed [ 635.639367][T15335] FAULT_INJECTION: forcing a failure. [ 635.639367][T15335] name failslab, interval 1, probability 0, space 0, times 0 [ 635.657174][T15335] CPU: 1 UID: 0 PID: 15335 Comm: syz.3.1647 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 635.657219][T15335] Tainted: [U]=USER [ 635.657229][T15335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 635.657246][T15335] Call Trace: [ 635.657255][T15335] [ 635.657266][T15335] dump_stack_lvl+0x16c/0x1f0 [ 635.657298][T15335] should_fail_ex+0x512/0x640 [ 635.657326][T15335] ? __kmalloc_noprof+0xbf/0x510 [ 635.657358][T15335] ? constrain_params_by_rules+0x175/0xca0 [ 635.657386][T15335] should_failslab+0xc2/0x120 [ 635.657419][T15335] __kmalloc_noprof+0xd2/0x510 [ 635.657446][T15335] ? unwind_get_return_address+0x59/0xa0 [ 635.657482][T15335] ? arch_stack_walk+0xa6/0x100 [ 635.657522][T15335] constrain_params_by_rules+0x175/0xca0 [ 635.657558][T15335] ? stack_trace_save+0x8e/0xc0 [ 635.657598][T15335] ? stack_depot_save_flags+0x28/0xa40 [ 635.657628][T15335] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 635.657654][T15335] ? kfree+0x2b4/0x4d0 [ 635.657673][T15335] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 635.657707][T15335] ? __kasan_kmalloc+0xaa/0xb0 [ 635.657730][T15335] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 635.657757][T15335] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 635.657784][T15335] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 635.657824][T15335] ? snd_interval_refine+0x2fa/0x580 [ 635.657861][T15335] snd_pcm_hw_refine+0x7de/0xad0 [ 635.657896][T15335] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 635.657941][T15335] ? _snd_pcm_hw_param_min+0x259/0x630 [ 635.657985][T15335] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 635.658022][T15335] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 635.658053][T15335] ? __asan_memset+0x23/0x50 [ 635.658076][T15335] ? calc_src_frames.isra.0+0x187/0x1d0 [ 635.658104][T15335] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 635.658142][T15335] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 635.658190][T15335] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 635.658221][T15335] ? snd_pcm_oss_sync+0x30c/0x840 [ 635.658274][T15335] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 635.658305][T15335] snd_pcm_oss_sync+0x32e/0x840 [ 635.658337][T15335] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 635.658364][T15335] snd_pcm_oss_release+0x28b/0x310 [ 635.658394][T15335] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 635.658420][T15335] __fput+0x402/0xb70 [ 635.658462][T15335] task_work_run+0x14d/0x240 [ 635.658498][T15335] ? __pfx_task_work_run+0x10/0x10 [ 635.658531][T15335] ? __pfx___do_sys_close_range+0x10/0x10 [ 635.658566][T15335] exit_to_user_mode_loop+0xeb/0x110 [ 635.658603][T15335] do_syscall_64+0x3f6/0x490 [ 635.658635][T15335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.658663][T15335] RIP: 0033:0x7f45ae78e969 [ 635.658686][T15335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.658711][T15335] RSP: 002b:00007f45af5d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 635.658736][T15335] RAX: 0000000000000000 RBX: 00007f45ae9b5fa0 RCX: 00007f45ae78e969 [ 635.658752][T15335] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 635.658768][T15335] RBP: 00007f45ae810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 635.658784][T15335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 635.658799][T15335] R13: 0000000000000000 R14: 00007f45ae9b5fa0 R15: 00007ffc93d7bee8 [ 635.658835][T15335] [ 636.384287][T15345] bond0: option packets_per_slave: invalid value ( Xnp) [ 636.391946][T15345] bond0: option packets_per_slave: allowed values 0 - 65535 [ 636.789558][T15353] Invalid ELF header magic: != ELF [ 636.972407][T15365] FAULT_INJECTION: forcing a failure. [ 636.972407][T15365] name failslab, interval 1, probability 0, space 0, times 0 [ 636.984352][T15353] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(1.0.1), cmd(5) [ 637.006411][T15365] CPU: 0 UID: 0 PID: 15365 Comm: syz.1.1657 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 637.006453][T15365] Tainted: [U]=USER [ 637.006461][T15365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 637.006474][T15365] Call Trace: [ 637.006482][T15365] [ 637.006492][T15365] dump_stack_lvl+0x16c/0x1f0 [ 637.006522][T15365] should_fail_ex+0x512/0x640 [ 637.006547][T15365] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 637.006575][T15365] should_failslab+0xc2/0x120 [ 637.006604][T15365] __kmalloc_cache_noprof+0x6a/0x3e0 [ 637.006625][T15365] ? kasan_record_aux_stack+0xa7/0xc0 [ 637.006657][T15365] ? __call_rcu_common.constprop.0+0x9a/0x9f0 [ 637.006687][T15365] ? kmem_cache_free+0x16d/0x4d0 [ 637.006709][T15365] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 637.006742][T15365] snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 637.006769][T15365] ? __mutex_init+0xc5/0x120 [ 637.006810][T15365] ? __pfx___might_resched+0x10/0x10 [ 637.006853][T15365] ? rcu_is_watching+0x12/0xc0 [ 637.006888][T15365] ? trace_contention_end+0xdd/0x130 [ 637.006916][T15365] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 637.006944][T15365] ? snd_pcm_oss_sync+0x30c/0x840 [ 637.006973][T15365] ? __fsnotify_parent+0x24b/0xc40 [ 637.007016][T15365] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 637.007040][T15365] snd_pcm_oss_sync+0x32e/0x840 [ 637.007069][T15365] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 637.007091][T15365] snd_pcm_oss_release+0x28b/0x310 [ 637.007116][T15365] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 637.007139][T15365] __fput+0x402/0xb70 [ 637.007177][T15365] task_work_run+0x14d/0x240 [ 637.007209][T15365] ? __pfx_task_work_run+0x10/0x10 [ 637.007240][T15365] ? __pfx___do_sys_close_range+0x10/0x10 [ 637.007270][T15365] exit_to_user_mode_loop+0xeb/0x110 [ 637.007301][T15365] do_syscall_64+0x3f6/0x490 [ 637.007326][T15365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.007349][T15365] RIP: 0033:0x7fb15d98e969 [ 637.007369][T15365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.007392][T15365] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 637.007416][T15365] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 637.007432][T15365] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 637.007447][T15365] RBP: 00007fb15b7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 637.007462][T15365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.007477][T15365] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 637.007511][T15365] [ 638.745448][T15392] netlink: ct family unspecified [ 638.763682][T15394] netlink: ct family unspecified [ 639.325500][T15413] can: request_module (can-proto-0) failed. [ 640.641903][T15431] block nbd7: not configured, cannot reconfigure [ 642.615439][T15461] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1683'. [ 642.771811][T15468] ima: policy update failed [ 642.776544][ T30] audit: type=1802 audit(4295032506.355:17): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1685" res=0 errno=0 [ 642.964622][T15457] raw_sendmsg: syz.3.1682 forgot to set AF_INET. Fix it! [ 643.032232][T15476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1686'. [ 643.235678][T15485] sd 0:0:1:0: PR command failed: 1026 [ 643.278824][T15485] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 643.315570][T15485] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 644.213067][T15511] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 644.712321][T15519] can: request_module (can-proto-0) failed. [ 644.773683][T15513] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 644.773683][T15513] The task syz.3.1695 (15513) triggered the difference, watch for misbehavior. [ 644.813455][T15513] snd_aloop snd_aloop.0: control 16781581:65535:6:'x?F/zF˷fC:8 is already present [ 645.106597][T15532] netlink: 'syz.3.1700': attribute type 1 has an invalid length. [ 646.660109][T15556] futex_wake_op: syz.4.1706 tries to shift op by 64; fix this program [ 649.143216][T15585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1714'. [ 649.154136][T15585] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1714'. [ 650.135794][T15602] rtc_cmos 00:00: Alarms can be up to one day in the future [ 650.146322][T15603] rtc_cmos 00:00: Alarms can be up to one day in the future [ 653.205963][T15656] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 653.316972][T15658] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1730'. [ 653.501811][T15660] can: request_module (can-proto-0) failed. [ 653.584172][T15662] nvme_fabrics: missing parameter 'transport=%s' [ 653.644390][T15662] nvme_fabrics: missing parameter 'nqn=%s' [ 653.677650][ T5839] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 653.677697][ T5839] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 653.692863][ T5839] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 653.692925][ T5839] Bluetooth: hci4: adv larger than maximum supported [ 653.700273][ T5839] Bluetooth: hci4: Malformed LE Event: 0x0d [ 654.570730][T15680] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1734'. [ 657.227245][T15722] can: request_module (can-proto-0) failed. [ 658.301223][T15761] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 659.724788][T15787] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 660.664779][T15802] block nbd7: not configured, cannot reconfigure [ 664.187801][T15809] Process accounting paused [ 666.993594][T15875] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1775'. [ 667.708537][T15892] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 667.842661][T15901] can: request_module (can-proto-0) failed. [ 667.862561][T15892] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 667.918429][T15892] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 667.991066][T15892] page_type: f5(slab) [ 668.050179][T15892] raw: 00fff00000000040 ffff88801d7f6640 dead000000000122 0000000000000000 [ 668.066178][T15892] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 668.174968][T15892] head: 00fff00000000040 ffff88801d7f6640 dead000000000122 0000000000000000 [ 668.330806][T15892] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 668.633944][T15892] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 668.718911][T15892] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 668.727778][T15892] page dumped because: unmovable page [ 668.762915][T15892] page_owner tracks the page as allocated [ 668.772595][T15892] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5485, tgid 5485 (ifup), ts 55113644218, free_ts 29358198803 [ 668.870747][T15892] post_alloc_hook+0x1c0/0x230 [ 668.875595][T15892] get_page_from_freelist+0x135c/0x3950 [ 668.953066][T15892] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 668.977065][T15892] alloc_pages_mpol+0x1fb/0x550 [ 669.013311][T15892] new_slab+0x23b/0x330 [ 669.017595][T15892] ___slab_alloc+0xd9c/0x1940 [ 669.052436][T15892] __slab_alloc.constprop.0+0x56/0xb0 [ 669.058100][T15892] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 669.063874][T15892] ext4_alloc_inode+0x28/0x610 [ 669.068958][T15892] alloc_inode+0x64/0x240 [ 669.073346][T15892] iget_locked+0x2e4/0x830 [ 669.077903][T15892] __ext4_iget+0x3ca/0x44e0 [ 669.082590][T15892] ext4_lookup+0x37c/0x730 [ 669.087064][T15892] __lookup_slow+0x24e/0x460 [ 669.092201][T15892] walk_component+0x353/0x5b0 [ 669.097110][T15892] link_path_walk+0x627/0xe20 [ 669.127886][T15892] page last free pid 1 tgid 1 stack trace: [ 669.144035][T15892] __free_frozen_pages+0x7f8/0x1180 [ 669.160232][T15892] free_contig_range+0x183/0x4b0 [ 669.179793][T15892] destroy_args+0x7f6/0xa60 [ 669.184381][T15892] debug_vm_pgtable+0x13c4/0x2d90 [ 669.227872][T15892] do_one_initcall+0x120/0x6e0 [ 669.243033][T15892] kernel_init_freeable+0x5c2/0x900 [ 669.251973][T15892] kernel_init+0x1c/0x2b0 [ 669.266774][T15892] ret_from_fork+0x5d7/0x6f0 [ 669.274116][T15892] ret_from_fork_asm+0x1a/0x30 [ 670.527296][T15951] can: request_module (can-proto-0) failed. [ 670.663214][T15953] can: request_module (can-proto-0) failed. [ 672.128127][T15966] Invalid ELF header magic: != ELF [ 672.446247][T15982] vivid-007: ================= START STATUS ================= [ 672.473956][T15978] Invalid ELF header magic: != ELF [ 672.505919][T15982] vivid-007: Generate PTS: true [ 672.516929][T15982] vivid-007: Generate SCR: true [ 672.552265][T15982] tpg source WxH: 640x360 (Y'CbCr) [ 672.614100][T15982] tpg field: 1 [ 672.696372][T15982] tpg crop: (0,0)/640x360 [ 672.700779][T15982] tpg compose: (0,0)/640x360 [ 672.706225][T15982] tpg colorspace: 8 [ 672.710097][T15982] tpg transfer function: 0/0 [ 672.714883][T15982] tpg Y'CbCr encoding: 0/0 [ 672.719817][T15982] tpg quantization: 0/0 [ 672.724014][T15982] tpg RGB range: 0/2 [ 672.727987][T15982] vivid-007: ================== END STATUS ================== [ 673.330608][T15997] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1803'. [ 674.361272][T16010] netlink: 'syz.2.1807': attribute type 5 has an invalid length. [ 674.394592][T16010] netlink: 'syz.2.1807': attribute type 1 has an invalid length. [ 674.423610][T16010] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1807'. [ 674.461885][T16012] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1807'. [ 674.513250][T16012] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.642069][T16012] bridge_slave_1 (unregistering): left allmulticast mode [ 674.665866][T16012] bridge_slave_1 (unregistering): left promiscuous mode [ 674.695378][T16012] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.002887][T16042] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 678.444187][T16105] delete_channel: no stack [ 678.552375][T16107] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1822'. [ 678.823532][T16115] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input39 [ 680.390447][ T30] audit: type=1800 audit(4295032543.984:18): pid=16146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1830" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 681.328193][T16178] can: request_module (can-proto-0) failed. [ 683.298714][T16207] ima: policy update failed [ 683.314590][ T30] audit: type=1802 audit(4295032546.915:19): pid=16207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1841" res=0 errno=0 [ 683.363558][T16211] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1842'. [ 683.422157][T16209] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1842'. [ 684.624747][T16232] can: request_module (can-proto-0) failed. [ 684.685812][T16238] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input40 [ 685.461391][T16250] zram: Removed device: zram0 [ 685.588236][T16250] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(297381900.3045107965.2173060254), cmd(12) [ 685.965130][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.971955][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.041334][T16255] Invalid ELF header magic: != ELF [ 686.286159][T16263] FAULT_INJECTION: forcing a failure. [ 686.286159][T16263] name failslab, interval 1, probability 0, space 0, times 0 [ 686.329203][T16263] CPU: 0 UID: 0 PID: 16263 Comm: syz.1.1854 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 686.329244][T16263] Tainted: [U]=USER [ 686.329253][T16263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 686.329267][T16263] Call Trace: [ 686.329274][T16263] [ 686.329283][T16263] dump_stack_lvl+0x16c/0x1f0 [ 686.329314][T16263] should_fail_ex+0x512/0x640 [ 686.329340][T16263] ? fs_reclaim_acquire+0xae/0x150 [ 686.329376][T16263] ? tomoyo_encode2+0x100/0x3e0 [ 686.329408][T16263] should_failslab+0xc2/0x120 [ 686.329434][T16263] __kmalloc_noprof+0xd2/0x510 [ 686.329462][T16263] tomoyo_encode2+0x100/0x3e0 [ 686.329494][T16263] tomoyo_encode+0x29/0x50 [ 686.329522][T16263] tomoyo_realpath_from_path+0x18f/0x6e0 [ 686.329548][T16263] tomoyo_check_open_permission+0x2ab/0x3c0 [ 686.329576][T16263] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 686.329630][T16263] ? do_raw_spin_lock+0x12c/0x2b0 [ 686.329662][T16263] tomoyo_file_open+0x6b/0x90 [ 686.329684][T16263] security_file_open+0x84/0x1e0 [ 686.329713][T16263] do_dentry_open+0x596/0x1c10 [ 686.329742][T16263] vfs_open+0x82/0x3f0 [ 686.329770][T16263] path_openat+0x1de4/0x2cb0 [ 686.329800][T16263] ? __pfx_path_openat+0x10/0x10 [ 686.329823][T16263] ? __lock_acquire+0xb8a/0x1c90 [ 686.329848][T16263] do_filp_open+0x20b/0x470 [ 686.329869][T16263] ? __pfx_do_filp_open+0x10/0x10 [ 686.329899][T16263] ? __pfx_kfree_link+0x10/0x10 [ 686.329933][T16263] ? alloc_fd+0x471/0x7d0 [ 686.329959][T16263] do_sys_openat2+0x11b/0x1d0 [ 686.329984][T16263] ? __pfx_do_sys_openat2+0x10/0x10 [ 686.330020][T16263] __x64_sys_openat+0x174/0x210 [ 686.330046][T16263] ? __pfx___x64_sys_openat+0x10/0x10 [ 686.330092][T16263] do_syscall_64+0xcd/0x490 [ 686.330116][T16263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.330137][T16263] RIP: 0033:0x7fb15d98e969 [ 686.330155][T16263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.330174][T16263] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 686.330193][T16263] RAX: ffffffffffffffda RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 686.330206][T16263] RDX: 0000000000002000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 686.330219][T16263] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 686.330231][T16263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.330243][T16263] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 686.330271][T16263] [ 686.330300][T16263] ERROR: Out of memory at tomoyo_realpath_from_path. [ 688.321008][T16305] usb usb36: usbfs: process 16305 (syz.4.1863) did not claim interface 0 before use [ 689.386523][T16323] FAULT_INJECTION: forcing a failure. [ 689.386523][T16323] name failslab, interval 1, probability 0, space 0, times 0 [ 689.428338][T16323] CPU: 0 UID: 0 PID: 16323 Comm: syz.1.1867 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 689.428383][T16323] Tainted: [U]=USER [ 689.428391][T16323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 689.428404][T16323] Call Trace: [ 689.428413][T16323] [ 689.428422][T16323] dump_stack_lvl+0x16c/0x1f0 [ 689.428453][T16323] should_fail_ex+0x512/0x640 [ 689.428478][T16323] ? __kmalloc_noprof+0xbf/0x510 [ 689.428511][T16323] ? constrain_params_by_rules+0x175/0xca0 [ 689.428537][T16323] should_failslab+0xc2/0x120 [ 689.428578][T16323] __kmalloc_noprof+0xd2/0x510 [ 689.428606][T16323] ? unwind_get_return_address+0x59/0xa0 [ 689.428651][T16323] constrain_params_by_rules+0x175/0xca0 [ 689.428684][T16323] ? stack_trace_save+0x8e/0xc0 [ 689.428724][T16323] ? stack_depot_save_flags+0x28/0xa40 [ 689.428753][T16323] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 689.428789][T16323] ? __kasan_kmalloc+0xaa/0xb0 [ 689.428814][T16323] ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 689.428840][T16323] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 689.428866][T16323] ? snd_pcm_oss_sync+0x32e/0x840 [ 689.428905][T16323] ? snd_interval_refine+0x2fa/0x580 [ 689.428944][T16323] snd_pcm_hw_refine+0x7de/0xad0 [ 689.428978][T16323] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 689.429024][T16323] ? snd_interval_refine+0x2fa/0x580 [ 689.429062][T16323] snd_pcm_oss_change_params_locked+0x208e/0x3a30 [ 689.429108][T16323] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 689.429138][T16323] ? snd_pcm_oss_sync+0x30c/0x840 [ 689.429189][T16323] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 689.429219][T16323] snd_pcm_oss_sync+0x32e/0x840 [ 689.429251][T16323] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 689.429278][T16323] snd_pcm_oss_release+0x28b/0x310 [ 689.429307][T16323] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 689.429333][T16323] __fput+0x402/0xb70 [ 689.429373][T16323] task_work_run+0x14d/0x240 [ 689.429406][T16323] ? __pfx_task_work_run+0x10/0x10 [ 689.429439][T16323] ? __pfx___do_sys_close_range+0x10/0x10 [ 689.429475][T16323] exit_to_user_mode_loop+0xeb/0x110 [ 689.429509][T16323] do_syscall_64+0x3f6/0x490 [ 689.429540][T16323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.429573][T16323] RIP: 0033:0x7fb15d98e969 [ 689.429595][T16323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 689.429621][T16323] RSP: 002b:00007fb15b7f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 689.429646][T16323] RAX: 0000000000000000 RBX: 00007fb15dbb5fa0 RCX: 00007fb15d98e969 [ 689.429663][T16323] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 689.429679][T16323] RBP: 00007fb15da10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 689.429695][T16323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 689.429711][T16323] R13: 0000000000000000 R14: 00007fb15dbb5fa0 R15: 00007ffd0b9fbec8 [ 689.429747][T16323] [ 690.798591][T16342] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1872'. [ 694.225712][T16395] can: request_module (can-proto-0) failed. [ 694.292729][T16393] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1883'. [ 694.378657][T16392] Process accounting resumed [ 694.526841][T16389] kexec: Could not allocate control_code_buffer [ 694.803525][ T5839] Bluetooth: hci1: unexpected event 0x35 length: 13 > 6 [ 694.872523][T16414] netlink: 'syz.4.1885': attribute type 11 has an invalid length. [ 694.903363][T16414] netlink: 'syz.4.1885': attribute type 11 has an invalid length. [ 695.453605][T16404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 695.464385][T16404] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 695.546513][T16404] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 695.597960][T16404] page_type: f5(slab) [ 695.603467][T16404] raw: 00fff00000000040 ffff88801d7f6640 dead000000000122 0000000000000000 [ 695.614157][T16404] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 695.626040][T16404] head: 00fff00000000040 ffff88801d7f6640 dead000000000122 0000000000000000 [ 695.635116][T16404] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 695.660742][T16404] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 695.797453][T16404] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 695.899408][T16404] page dumped because: unmovable page [ 695.905066][T16404] page_owner tracks the page as allocated [ 695.911695][T16404] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5485, tgid 5485 (ifup), ts 55113644218, free_ts 29358198803 [ 695.934353][T16404] post_alloc_hook+0x1c0/0x230 [ 695.940848][T16404] get_page_from_freelist+0x135c/0x3950 [ 695.950626][T16404] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 696.029914][T16404] alloc_pages_mpol+0x1fb/0x550 [ 696.034828][T16404] new_slab+0x23b/0x330 [ 696.041835][T16404] ___slab_alloc+0xd9c/0x1940 [ 696.049622][T16404] __slab_alloc.constprop.0+0x56/0xb0 [ 696.055135][T16404] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 696.061465][T16404] ext4_alloc_inode+0x28/0x610 [ 696.069196][T16404] alloc_inode+0x64/0x240 [ 696.073561][T16404] iget_locked+0x2e4/0x830 [ 696.078450][T16404] __ext4_iget+0x3ca/0x44e0 [ 696.083140][T16404] ext4_lookup+0x37c/0x730 [ 696.088791][T16404] __lookup_slow+0x24e/0x460 [ 696.093516][T16404] walk_component+0x353/0x5b0 [ 696.101663][T16404] link_path_walk+0x627/0xe20 [ 696.111209][T16404] page last free pid 1 tgid 1 stack trace: [ 696.117944][T16404] __free_frozen_pages+0x7f8/0x1180 [ 696.138091][T16404] free_contig_range+0x183/0x4b0 [ 696.143109][T16404] destroy_args+0x7f6/0xa60 [ 696.166549][T16404] debug_vm_pgtable+0x13c4/0x2d90 [ 696.176511][T16404] do_one_initcall+0x120/0x6e0 [ 696.186514][T16404] kernel_init_freeable+0x5c2/0x900 [ 696.191831][T16404] kernel_init+0x1c/0x2b0 [ 696.199916][T16404] ret_from_fork+0x5d7/0x6f0 [ 696.204548][T16404] ret_from_fork_asm+0x1a/0x30 [ 697.159922][ T30] audit: type=1326 audit(4295032568.764:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16455 comm="syz.4.1895" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb76958e969 code=0x0 [ 699.634012][ T5839] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 701.031157][T16530] can: request_module (can-proto-0) failed. [ 702.739064][T16552] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 704.066636][T16548] netlink: Conntrack attr has 4 unknown bytes [ 706.006490][T16598] netlink: 'syz.3.1923': attribute type 15 has an invalid length. [ 706.014375][T16598] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1923'. [ 708.477985][T16633] blktrace: Concurrent blktraces are not allowed on loop2 [ 708.708182][T16636] netlink: 74 bytes leftover after parsing attributes in process `syz.1.1931'. [ 708.823572][T16648] FAULT_INJECTION: forcing a failure. [ 708.823572][T16648] name failslab, interval 1, probability 0, space 0, times 0 [ 708.873179][T16648] CPU: 1 UID: 0 PID: 16648 Comm: syz.3.1933 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 708.873225][T16648] Tainted: [U]=USER [ 708.873234][T16648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 708.873250][T16648] Call Trace: [ 708.873259][T16648] [ 708.873269][T16648] dump_stack_lvl+0x16c/0x1f0 [ 708.873302][T16648] should_fail_ex+0x512/0x640 [ 708.873329][T16648] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 708.873360][T16648] should_failslab+0xc2/0x120 [ 708.873392][T16648] __kmalloc_cache_noprof+0x6a/0x3e0 [ 708.873416][T16648] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 708.873442][T16648] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 708.873468][T16648] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 708.873502][T16648] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 708.873537][T16648] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 708.873566][T16648] ? __asan_memset+0x23/0x50 [ 708.873589][T16648] ? calc_src_frames.isra.0+0x187/0x1d0 [ 708.873616][T16648] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 708.873653][T16648] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 708.873710][T16648] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 708.873741][T16648] ? snd_pcm_oss_sync+0x30c/0x840 [ 708.873794][T16648] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 708.873825][T16648] snd_pcm_oss_sync+0x32e/0x840 [ 708.873857][T16648] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 708.873885][T16648] snd_pcm_oss_release+0x28b/0x310 [ 708.873915][T16648] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 708.873940][T16648] __fput+0x402/0xb70 [ 708.873980][T16648] task_work_run+0x14d/0x240 [ 708.874015][T16648] ? __pfx_task_work_run+0x10/0x10 [ 708.874049][T16648] ? __pfx___do_sys_close_range+0x10/0x10 [ 708.874085][T16648] exit_to_user_mode_loop+0xeb/0x110 [ 708.874119][T16648] do_syscall_64+0x3f6/0x490 [ 708.874150][T16648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.874176][T16648] RIP: 0033:0x7f45ae78e969 [ 708.874197][T16648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.874222][T16648] RSP: 002b:00007f45af5d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 708.874246][T16648] RAX: 0000000000000000 RBX: 00007f45ae9b5fa0 RCX: 00007f45ae78e969 [ 708.874262][T16648] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 708.874277][T16648] RBP: 00007f45ae810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 708.874293][T16648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 708.874310][T16648] R13: 0000000000000000 R14: 00007f45ae9b5fa0 R15: 00007ffc93d7bee8 [ 708.874345][T16648] [ 709.173185][T16646] tipc: Started in network mode [ 709.219249][T16646] tipc: Node identity ee00, cluster identity 4711 [ 709.230638][T16646] tipc: Node number set to 60928 [ 709.297701][T16645] Process accounting resumed [ 711.331604][T16696] FAULT_INJECTION: forcing a failure. [ 711.331604][T16696] name failslab, interval 1, probability 0, space 0, times 0 [ 711.358837][T16693] can: request_module (can-proto-0) failed. [ 711.364940][T16696] CPU: 0 UID: 0 PID: 16696 Comm: syz.4.1945 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 711.364982][T16696] Tainted: [U]=USER [ 711.364991][T16696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 711.365006][T16696] Call Trace: [ 711.365015][T16696] [ 711.365025][T16696] dump_stack_lvl+0x16c/0x1f0 [ 711.365058][T16696] should_fail_ex+0x512/0x640 [ 711.365085][T16696] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 711.365115][T16696] should_failslab+0xc2/0x120 [ 711.365147][T16696] __kmalloc_cache_noprof+0x6a/0x3e0 [ 711.365170][T16696] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 711.365196][T16696] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 711.365231][T16696] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 711.365265][T16696] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 711.365300][T16696] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 711.365331][T16696] ? __asan_memset+0x23/0x50 [ 711.365354][T16696] ? calc_src_frames.isra.0+0x187/0x1d0 [ 711.365382][T16696] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 711.365428][T16696] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 711.365476][T16696] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 711.365507][T16696] ? snd_pcm_oss_sync+0x30c/0x840 [ 711.365560][T16696] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 711.365591][T16696] snd_pcm_oss_sync+0x32e/0x840 [ 711.365623][T16696] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 711.365648][T16696] snd_pcm_oss_release+0x28b/0x310 [ 711.365676][T16696] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 711.365703][T16696] __fput+0x402/0xb70 [ 711.365743][T16696] task_work_run+0x14d/0x240 [ 711.365779][T16696] ? __pfx_task_work_run+0x10/0x10 [ 711.365813][T16696] ? __pfx___do_sys_close_range+0x10/0x10 [ 711.365849][T16696] exit_to_user_mode_loop+0xeb/0x110 [ 711.365885][T16696] do_syscall_64+0x3f6/0x490 [ 711.365915][T16696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.365942][T16696] RIP: 0033:0x7fb76958e969 [ 711.365964][T16696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.365988][T16696] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 711.366013][T16696] RAX: 0000000000000000 RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 711.366029][T16696] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 711.366043][T16696] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 711.366060][T16696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.366076][T16696] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 711.366112][T16696] [ 712.450420][T16707] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1947'. [ 712.450953][T16709] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1947'. [ 712.475736][T16707] netlink: 290 bytes leftover after parsing attributes in process `syz.2.1947'. [ 712.853387][T16714] random: crng reseeded on system resumption [ 714.512252][T16750] can: request_module (can-proto-0) failed. [ 716.938905][T16788] netlink: 'syz.4.1963': attribute type 1 has an invalid length. [ 717.450757][T16812] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1966'. [ 717.522175][T16812] hsr_slave_0: left promiscuous mode [ 717.610892][T16812] hsr_slave_1: left promiscuous mode [ 718.420583][T16831] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1971'. [ 720.299414][ T5839] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 720.299456][ T5839] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 720.316375][ T5839] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 720.316433][ T5839] Bluetooth: hci4: Malformed LE Event: 0x0d [ 720.429089][T16874] can: request_module (can-proto-3) failed. [ 720.671922][T16876] can: request_module (can-proto-0) failed. [ 721.399859][T16886] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1983'. [ 721.428951][T16886] veth1_macvtap: left promiscuous mode [ 721.469134][T16888] mkiss: ax0: crc mode is auto. [ 723.184774][T16930] program syz.4.1992 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 724.293404][T16935] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 724.300182][T16935] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 724.310031][T16935] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 724.325958][T16935] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 724.905384][T16949] Process accounting paused [ 724.957428][T16979] hugetlbfs: syz.4.2003 (16979): Using mlock ulimits for SHM_HUGETLB is obsolete [ 725.667466][T16992] Invalid ELF header magic: != ELF [ 725.796315][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 726.356555][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout [ 726.360191][T11962] Bluetooth: hci0: command 0x0406 tx timeout [ 726.362612][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 727.778155][T17061] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 727.808679][T17056] FAULT_INJECTION: forcing a failure. [ 727.808679][T17056] name failslab, interval 1, probability 0, space 0, times 0 [ 727.808730][T17056] CPU: 1 UID: 0 PID: 17056 Comm: syz.4.2022 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 727.808753][T17056] Tainted: [U]=USER [ 727.808758][T17056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 727.808766][T17056] Call Trace: [ 727.808771][T17056] [ 727.808777][T17056] dump_stack_lvl+0x16c/0x1f0 [ 727.808796][T17056] should_fail_ex+0x512/0x640 [ 727.808812][T17056] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 727.808830][T17056] should_failslab+0xc2/0x120 [ 727.808848][T17056] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 727.808863][T17056] ? __proc_create+0xc3/0x8c0 [ 727.808882][T17056] ? __proc_create+0x2ce/0x8c0 [ 727.808900][T17056] __proc_create+0x2ce/0x8c0 [ 727.808917][T17056] ? __pfx___proc_create+0x10/0x10 [ 727.808932][T17056] ? __register_sysctl_table+0x736/0x1900 [ 727.808952][T17056] ? _raw_spin_unlock+0x28/0x50 [ 727.808975][T17056] proc_create_reg+0x7d/0x180 [ 727.808993][T17056] proc_create_net_data+0x8e/0x1b0 [ 727.809011][T17056] ? __pfx_proc_create_net_data+0x10/0x10 [ 727.809032][T17056] ? __pfx_arp_net_init+0x10/0x10 [ 727.809047][T17056] arp_net_init+0x53/0x70 [ 727.809060][T17056] ops_init+0x1df/0x5f0 [ 727.809083][T17056] setup_net+0x21e/0x850 [ 727.809104][T17056] ? __pfx_setup_net+0x10/0x10 [ 727.809123][T17056] ? lockdep_init_map_type+0x5c/0x280 [ 727.809140][T17056] ? __pfx_down_read_killable+0x10/0x10 [ 727.809167][T17056] ? debug_mutex_init+0x37/0x70 [ 727.809189][T17056] copy_net_ns+0x2a6/0x5f0 [ 727.809206][T17056] create_new_namespaces+0x3ea/0xa90 [ 727.809233][T17056] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 727.809257][T17056] ksys_unshare+0x45b/0xa40 [ 727.809274][T17056] ? __pfx_ksys_unshare+0x10/0x10 [ 727.809290][T17056] ? xfd_validate_state+0x61/0x180 [ 727.809312][T17056] __x64_sys_unshare+0x31/0x40 [ 727.809327][T17056] do_syscall_64+0xcd/0x490 [ 727.809343][T17056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.809357][T17056] RIP: 0033:0x7fb76958e969 [ 727.809370][T17056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 727.809383][T17056] RSP: 002b:00007fb76a3d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 727.809397][T17056] RAX: ffffffffffffffda RBX: 00007fb7697b5fa0 RCX: 00007fb76958e969 [ 727.809406][T17056] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 727.809415][T17056] RBP: 00007fb769610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 727.809424][T17056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.809433][T17056] R13: 0000000000000000 R14: 00007fb7697b5fa0 R15: 00007fff6a0c2a78 [ 727.809451][T17056] [ 729.278621][T17078] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2026'. [ 729.359702][T17078] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 729.434775][T17078] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 729.491418][T17078] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 729.552791][T17078] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 730.509344][T17097] can: request_module (can-proto-0) failed. [ 730.680775][T17103] can: request_module (can-proto-0) failed. [ 731.782934][T17115] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2034'. [ 733.559679][T17142] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2037'. [ 733.662030][T17142] hsr_slave_0: left promiscuous mode [ 733.678097][T17142] hsr_slave_1: left promiscuous mode [ 734.374050][T17156] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2042'. [ 734.486391][T17157] can: request_module (can-proto-0) failed. [ 735.103412][T17174] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 736.921594][T17207] Console: switching to colour VGA+ 80x25 [ 738.584614][T17236] can: request_module (can-proto-0) failed. [ 738.596631][T17025] ================================================================== [ 738.604737][T17025] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 738.612604][T17025] Read of size 140 at addr ffffc900030a6000 by task kworker/u9:1/17025 [ 738.620887][T17025] [ 738.623232][T17025] CPU: 0 UID: 0 PID: 17025 Comm: kworker/u9:1 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 738.623268][T17025] Tainted: [U]=USER [ 738.623276][T17025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 738.623292][T17025] Workqueue: hci0 hci_devcd_timeout [ 738.623316][T17025] Call Trace: [ 738.623325][T17025] [ 738.623334][T17025] dump_stack_lvl+0x116/0x1f0 [ 738.623359][T17025] print_report+0xcd/0x680 [ 738.623387][T17025] ? __virt_addr_valid+0x81/0x610 [ 738.623426][T17025] ? hci_devcd_dump+0x142/0x240 [ 738.623446][T17025] kasan_report+0xe0/0x110 [ 738.623474][T17025] ? hci_devcd_dump+0x142/0x240 [ 738.623498][T17025] kasan_check_range+0x100/0x1b0 [ 738.623530][T17025] __asan_memcpy+0x23/0x60 [ 738.623551][T17025] hci_devcd_dump+0x142/0x240 [ 738.623574][T17025] hci_devcd_timeout+0xb5/0x2e0 [ 738.623595][T17025] ? rcu_is_watching+0x12/0xc0 [ 738.623631][T17025] process_one_work+0x9cc/0x1b70 [ 738.623670][T17025] ? __pfx_process_one_work+0x10/0x10 [ 738.623705][T17025] ? assign_work+0x1a0/0x250 [ 738.623734][T17025] worker_thread+0x6c8/0xf10 [ 738.623770][T17025] ? __kthread_parkme+0x19e/0x250 [ 738.623795][T17025] ? __pfx_worker_thread+0x10/0x10 [ 738.623833][T17025] kthread+0x3c5/0x780 [ 738.623861][T17025] ? __pfx_kthread+0x10/0x10 [ 738.623889][T17025] ? rcu_is_watching+0x12/0xc0 [ 738.623922][T17025] ? __pfx_kthread+0x10/0x10 [ 738.623950][T17025] ret_from_fork+0x5d7/0x6f0 [ 738.623977][T17025] ? __pfx_kthread+0x10/0x10 [ 738.624005][T17025] ret_from_fork_asm+0x1a/0x30 [ 738.624035][T17025] [ 738.624043][T17025] [ 738.781279][T17025] The buggy address ffffc900030a6000 belongs to a vmalloc virtual mapping [ 738.789771][T17025] Memory state around the buggy address: [ 738.795393][T17025] ffffc900030a5f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 738.803462][T17025] ffffc900030a5f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 738.811530][T17025] >ffffc900030a6000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 738.819591][T17025] ^ [ 738.823652][T17025] ffffc900030a6080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 738.831728][T17025] ffffc900030a6100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 738.839785][T17025] ================================================================== [ 738.848952][T17025] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 738.856265][T17025] CPU: 0 UID: 0 PID: 17025 Comm: kworker/u9:1 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 738.870170][T17025] Tainted: [U]=USER [ 738.873957][T17025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 738.884005][T17025] Workqueue: hci0 hci_devcd_timeout [ 738.889202][T17025] Call Trace: [ 738.892465][T17025] [ 738.895467][T17025] dump_stack_lvl+0x3d/0x1f0 [ 738.900098][T17025] panic+0x71c/0x800 [ 738.903983][T17025] ? __pfx_panic+0x10/0x10 [ 738.908398][T17025] ? mark_held_locks+0x49/0x80 [ 738.913151][T17025] ? preempt_schedule_thunk+0x16/0x30 [ 738.918513][T17025] ? hci_devcd_dump+0x142/0x240 [ 738.923354][T17025] ? preempt_schedule_common+0x44/0xc0 [ 738.928832][T17025] ? check_panic_on_warn+0x1f/0xb0 [ 738.933932][T17025] ? hci_devcd_dump+0x142/0x240 [ 738.938766][T17025] check_panic_on_warn+0xab/0xb0 [ 738.943706][T17025] end_report+0x107/0x170 [ 738.948026][T17025] kasan_report+0xee/0x110 [ 738.952427][T17025] ? hci_devcd_dump+0x142/0x240 [ 738.957267][T17025] kasan_check_range+0x100/0x1b0 [ 738.962369][T17025] __asan_memcpy+0x23/0x60 [ 738.966771][T17025] hci_devcd_dump+0x142/0x240 [ 738.971438][T17025] hci_devcd_timeout+0xb5/0x2e0 [ 738.976279][T17025] ? rcu_is_watching+0x12/0xc0 [ 738.981123][T17025] process_one_work+0x9cc/0x1b70 [ 738.986314][T17025] ? __pfx_process_one_work+0x10/0x10 [ 738.991680][T17025] ? assign_work+0x1a0/0x250 [ 738.996263][T17025] worker_thread+0x6c8/0xf10 [ 739.000843][T17025] ? __kthread_parkme+0x19e/0x250 [ 739.005903][T17025] ? __pfx_worker_thread+0x10/0x10 [ 739.011027][T17025] kthread+0x3c5/0x780 [ 739.015121][T17025] ? __pfx_kthread+0x10/0x10 [ 739.019707][T17025] ? rcu_is_watching+0x12/0xc0 [ 739.024469][T17025] ? __pfx_kthread+0x10/0x10 [ 739.029143][T17025] ret_from_fork+0x5d7/0x6f0 [ 739.033722][T17025] ? __pfx_kthread+0x10/0x10 [ 739.038299][T17025] ret_from_fork_asm+0x1a/0x30 [ 739.043052][T17025] [ 739.046329][T17025] Kernel Offset: disabled [ 739.050647][T17025] Rebooting in 86400 seconds..