last executing test programs: 11m50.350148162s ago: executing program 2 (id=3): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'erspan0\x00'}) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, &(0x7f0000000280)={0x40000000000800, 0x9}, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0006, 0x17) 11m49.133328612s ago: executing program 2 (id=9): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/cec/cec6/status\x00', 0x100, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 11m48.784019771s ago: executing program 2 (id=13): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 11m48.344087654s ago: executing program 2 (id=19): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x3b, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) setsockopt$auto(r0, 0x29, 0x36, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) 11m47.683450649s ago: executing program 2 (id=24): shmctl$auto_IPC_RMID(0x5, 0x0, &(0x7f0000000200)={{0x6, 0x0, 0x0, 0x6, 0x9, 0xf0, 0x1}, 0xbb1, 0x9, 0xa53, 0x3ff, @raw=0x4, @raw=0x5760, 0xfffe, 0x0, &(0x7f0000000000)="12b1e86936717f9a59c2080fb32e676a04", 0x0}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_ext4_dir_operations_ext4(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4\x00', 0x400, 0x0) mmap$auto(0x4, 0x25, 0x9, 0xeb1, r1, 0x8000) sysfs$auto(0x2, 0x3, 0x0) fsopen$auto(0x0, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002040)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r0, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 11m47.194979967s ago: executing program 32 (id=24): shmctl$auto_IPC_RMID(0x5, 0x0, &(0x7f0000000200)={{0x6, 0x0, 0x0, 0x6, 0x9, 0xf0, 0x1}, 0xbb1, 0x9, 0xa53, 0x3ff, @raw=0x4, @raw=0x5760, 0xfffe, 0x0, &(0x7f0000000000)="12b1e86936717f9a59c2080fb32e676a04", 0x0}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_ext4_dir_operations_ext4(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4\x00', 0x400, 0x0) mmap$auto(0x4, 0x25, 0x9, 0xeb1, r1, 0x8000) sysfs$auto(0x2, 0x3, 0x0) fsopen$auto(0x0, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002040)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r0, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 10m12.837311921s ago: executing program 3 (id=757): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) read$auto(0x3, 0x0, 0x10) write$auto(0x3, 0x0, 0xffd8) 10m10.675659741s ago: executing program 3 (id=759): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) socket(0xa, 0x3, 0x3a) socketpair$auto(0x7, 0x8, 0xfffefffa, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x565) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) 10m8.426529703s ago: executing program 3 (id=760): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/pci/drivers/vmwgfx/new_id\x00', 0xa001, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x5) r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x41180, 0x0) read$auto(r0, 0x0, 0x58b22256) write$auto(0x3, 0x0, 0xfdef) 10m8.013782783s ago: executing program 3 (id=762): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0x2, 0xa, 0x106) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) socket(0xa, 0x1, 0x6) setsockopt$auto(r0, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4) 10m6.720338352s ago: executing program 3 (id=765): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 10m3.948181992s ago: executing program 3 (id=769): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0xa2201, 0xa20f1eddffe5871e) 10m3.446094271s ago: executing program 33 (id=769): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0xa2201, 0xa20f1eddffe5871e) 8m10.46844618s ago: executing program 0 (id=1653): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x28, 0x805, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) r3 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) 8m10.26589537s ago: executing program 0 (id=1655): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x106) sendmsg$auto_NL80211_CMD_COLOR_CHANGE_REQUEST(r0, 0x0, 0x2000c004) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x1ad240, 0x1b1) socket(0xa, 0x3, 0x3b) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 8m9.914832843s ago: executing program 0 (id=1660): rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) ioperm$auto(0x3, 0xe, 0x2000000000000149) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000380), 0x101100, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000088}, 0x20000000) kcmp$auto(0x1, 0x100000001, 0x5, 0x8f0, 0x24000) unshare$auto(0x40000080) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x936355e497c8b7e3, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) 8m9.578172817s ago: executing program 0 (id=1662): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x184) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) 8m8.438542397s ago: executing program 0 (id=1670): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 8m8.237740387s ago: executing program 0 (id=1672): mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyr3/dev\x00', 0x40200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x8000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/pcm0c/sub6/info\x00', 0xa0000, 0x0) pread64$auto(r1, 0x0, 0x200000000004, 0x4) ioctl$auto(0x3, 0x402c542b, 0x38) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) sendfile$auto(r2, r0, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) 7m53.186515735s ago: executing program 34 (id=1672): mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyr3/dev\x00', 0x40200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x8000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/pcm0c/sub6/info\x00', 0xa0000, 0x0) pread64$auto(r1, 0x0, 0x200000000004, 0x4) ioctl$auto(0x3, 0x402c542b, 0x38) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) sendfile$auto(r2, r0, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) 8.091047971s ago: executing program 1 (id=3753): unshare$auto(0x8000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r0 = socket(0x11, 0x2, 0x9) capset$auto(0x0, 0x0) sendmmsg$auto(r0, 0x0, 0x2, 0x100) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40001, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r1, 0xab02, r1) socket(0x10, 0x4, 0x100) io_uring_register$auto_IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f00000002c0), 0x5) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/machinecheck/machinecheck1/check_interval\x00', 0x2062, 0x0) write$auto(r2, 0x0, 0x9bd) 7.668681736s ago: executing program 6 (id=3755): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2e00, 0x0) prctl$auto(0xc, 0x1, 0x4, 0x5, 0x7) close_range$auto(0x2, 0x8, 0x0) socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x1ff, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x2, 0x73) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 7.450395267s ago: executing program 5 (id=3756): unshare$auto(0x40000080) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.0/usb9/9-0:1.0/usb9-port1/connect_type\x00', 0x12c03, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x20c701, 0x0) fanotify_init$auto(0x8, 0x40000005) mmap$auto(0x20008, 0x18, 0x7, 0xeb1, 0x401, 0x7ffd) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x2c201, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x48002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x1f40) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0x8208ae63, 0x38) 7.400390042s ago: executing program 1 (id=3757): openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) io_setup$auto(0x7ffe, 0x0) io_setup$auto(0x7ffe, &(0x7f0000000000)) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x89e0, 0x91) ioctl$auto(0x3, 0x89e1, 0x91) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.16232434s ago: executing program 1 (id=3758): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, 0x0, 0x8044) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x36d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000001180), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x179, [{0xfe, 0x400, 0x9}]}) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.498066612s ago: executing program 6 (id=3760): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80002, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_l2tp(0x0, r0) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, 0x0, 0x8000) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0xf4) socket(0x2, 0x2, 0x73) socket(0xa, 0x1, 0x84) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x20001, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kmsg\x00', 0x80900, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/net/rt_cache\x00', 0x2000, 0x0) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0xd, 0x1, 0x948f, 0x1005, 0x206, 0x7, 0xfffffffffffffff6, 0x7, 0x9, 0x79d, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0) 5.497926946s ago: executing program 5 (id=3761): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x406a) sendmmsg$auto(r0, 0x0, 0x5, 0x311) readv$auto(0x3, 0x0, 0x1) setfsuid$auto(0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, 0x0) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, 0x0, &(0x7f0000000200)=0x1, 0x1, 0xfff, 0x0, 0x4000000000000007, 0x9, 0x4, 0x9, 0xf, @inferred, @raw=0x80000410}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/netfilter/nf_hooks_lwtunnel\x00', 0x40000, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) 4.672017524s ago: executing program 1 (id=3762): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) setrlimit$auto(0xb, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D0\x00', 0x6800c1, 0x0) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x100082) socket(0xf, 0x3, 0x2) ioctl$auto_SNDCTL_SEQ_NRSYNTHS(0xffffffffffffffff, 0x8004510a, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x9, 0x6, 0xfffffffffffffffe]}, 0x0) timerfd_settime$auto(0xffffffffffffffff, 0x3, 0x0, 0x0) 4.142450591s ago: executing program 5 (id=3763): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0x3) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x200000000001, 0x10, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) 4.014413078s ago: executing program 6 (id=3764): mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/vm/nr_hugepages_mempolicy\x00', 0x141241, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/queues/tx-0/byte_queue_limits/stall_cnt\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/sleep_millisecs\x00', 0x181482, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r2 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r2, 0x11, 0x67, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0) io_cancel$auto(0x3, 0x0, 0x0) bpf$auto_BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)=@token_create={0x3, r0}, 0x3) 3.265936523s ago: executing program 4 (id=3765): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000000000008000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/reboot/mode\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, 0x0, 0x0) r4 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000100), 0xffffffffffffffff) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/device_strs\x00', 0x1c9802, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_LOOP_CTL_ADD(r4, 0x4c80, 0xfffffffffffffffd) 3.265768684s ago: executing program 6 (id=3766): ioctl$auto_BCH_IOCTL_QUERY_UUID(0xffffffffffffffff, 0x8010bc01, 0x0) unshare$auto(0x40000080) fanotify_init$auto(0x8, 0x40000005) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20006, 0xdd, 0xeb1, 0x40000000000a5, 0x8000) socket(0x2, 0x80000, 0x6f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004000)='/dev/audio\x00', 0x102, 0x0) socket(0x15, 0x5, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x2aa82, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) 2.949781201s ago: executing program 1 (id=3767): io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x405, 0x8, 0x20000006, 0x9, 0x8a, 0xfffffff7, 0xffffffffffffffff, [0x104, 0x9, 0x7f], {0x2, 0xb, 0x3034, 0xe, 0x4, 0x5, 0x2, 0xfffffff9, 0xf08a2b5}, {0x4000, 0x8, 0x9, 0x0, 0x0, 0xeca8, 0xd5, 0x836, 0x8}}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c082) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 2.421359425s ago: executing program 4 (id=3768): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x3, 0x100) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4) r2 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@link_update={r0, @new_map_fd=r1, 0xa, @old_map_fd=r3}, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x4}, 0x103) 2.353338235s ago: executing program 5 (id=3769): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x8, 0x4, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x1a6b75d638a2a513, 0x0) mmap$auto(0x0, 0x2000c, 0xe3, 0x100000eb1, r0, 0x8003) unshare$auto(0x40000080) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) pwrite64$auto(r1, 0x0, 0x7, 0x7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, 0x0, 0x14) sendmsg$auto_NET_SHAPER_CMD_DELETE(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000011}, 0x10) ioctl$auto_MEMWRITE(0xffffffffffffffff, 0xc0304d18, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0x1a1382, 0x0) read$auto_mousedev_fops_mousedev(r2, 0x0, 0x0) write$auto_mousedev_fops_mousedev(r2, &(0x7f0000001380)="22d2", 0x2) 1.72588872s ago: executing program 4 (id=3770): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) read$auto(r1, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1800"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) 1.595465513s ago: executing program 6 (id=3771): openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) mq_open$auto(0x0, 0x83, 0x2b, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0xa0280, 0x0) ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x5) ioctl$auto(0x3, 0x4008af03, 0x0) setresuid$auto(0x2, 0x7, 0x8080) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, 0x0, 0x1) io_uring_register$auto(0x2, 0x17, &(0x7f00000000c0), 0x1) 1.539477167s ago: executing program 1 (id=3772): unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x2, 0x800000000, 0x8) socket(0xa, 0x5, 0x0) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:04.0/numa_node\x00', 0x1a3b02, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, 0x0) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x20000008000) socket(0x21, 0x2, 0x2) write$auto(0x3, 0x0, 0xffd8) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) 1.466443347s ago: executing program 5 (id=3773): r0 = socket(0x2, 0x3, 0xa) connect$auto(r0, &(0x7f0000000080)=@l2tp={0x2, 0x0, @loopback}, 0x54) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(r0, 0x0, 0x400fffd, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioperm$auto(0x400, 0x7f, 0xd) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x5) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r1, 0x8000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@generic={0xa, "2c551d000000ff00"}, 0x66) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop12\x00', 0x60742, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x1c, 0x10, 0x4, 0x7fb, 0x0}) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_tw_reuse\x00', 0x80400, 0x0) 1.013476738s ago: executing program 4 (id=3774): io_uring_setup$auto(0x6, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/mem\x00', 0x100, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) open(0x0, 0x0, 0xb5d1af1605322df2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) timer_settime$auto(0x0, 0x4b, &(0x7f0000000040)={{0x3, 0x1}, {0xc, 0x4c}}, 0x0) timer_gettime$auto(0x0, 0x0) setreuid$auto(0x2, 0x87) r2 = timerfd_create$auto(0x9, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000000c0), r2) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f000000bdc0)=ANY=[@ANYBLOB="048e0000", @ANYRES16=r3, @ANYBLOB="01002dbd7000ffdbdf2503", @ANYBLOB], 0x8e04}, 0x1, 0x0, 0x0, 0x800}, 0x20000880) 627.011249ms ago: executing program 4 (id=3775): socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48090}, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0x100000eb1, 0x40000000000a1, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/i8042/serio1/power/wakeup_abort_count\x00', 0x60204, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) r2 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r2) ioctl$auto_TIOCGPTPEER(r2, 0x5441, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) statx$auto(r1, 0x0, 0x5, 0x3ff, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0x2, 0x3, 0xd8, 0x8, 0x5, 0xd3, &(0x7f0000000140)="5c81f3a2cc484efd7f6f"}) 347.984633ms ago: executing program 6 (id=3776): socket(0x9, 0x4, 0xff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) prctl$auto(0x23, 0x7, 0x0, 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/vrf/strict_mode\x00', 0x80202, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x4d}) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000340), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r2], 0x1ac}}, 0x40000) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x30, 0xff, 0x0, @raw=0xfffff030}}) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) flistxattr$auto(r0, &(0x7f0000000380)='\\#$\'\'$O+&$[+#%]:,\x8b\x00', 0x8) readv$auto(0x3, &(0x7f0000000280)={0x0, 0xf7}, 0x87) sendfile$auto(r0, 0x3, 0x0, 0x100000000000009) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x1c0a42, 0x0) ioctl$auto(r3, 0x40084d02, r3) 197.9589ms ago: executing program 5 (id=3777): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) getsockopt$auto_SO_SNDTIMEO_OLD(r0, 0x2, 0x15, &(0x7f0000000480)='/dev/sda1\x00', 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) kcmp$auto_KCMP_FILE(0x0, 0xffffffffffffffff, 0x0, r1, r0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) unshare$auto(0x40000080) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) statmount$auto(0x0, 0x0, 0x6, 0x1000000) bpf$auto(0x12, 0x0, 0x26) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000), 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r0, r3, 0x0, 0x1) 0s ago: executing program 4 (id=3778): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x2, 0x0) fadvise64$auto_POSIX_FADV_WILLNEED(0xffffffffffffffff, 0x7, 0x9d, 0x3) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, 0x0, 0x189000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) setresuid$auto(0x0, 0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/bonding/bond0\x00', 0x18b000, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x880, 0x0) ioctl$auto(0x3, 0x40086200, 0xffffffffffffffff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/lockd/parameters/nlm_timeout\x00', 0x68041, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) kernel console output (not intermixed with test programs): re: name , dev 8000010007 [ 627.678651][T15683] Unable to find swap-space signature [ 627.774569][T15685] 0x000200000001-0xa29656a63616329 : "" [ 627.790367][T15687] FAULT_INJECTION: forcing a failure. [ 627.790367][T15687] name failslab, interval 1, probability 0, space 0, times 0 [ 627.818581][T15685] mtd: partition "" is out of reach -- disabled [ 627.869571][T15685] ftl_cs: FTL header not found. [ 627.879685][T15687] CPU: 1 UID: 0 PID: 15687 Comm: syz.4.3161 Not tainted syzkaller #0 PREEMPT(full) [ 627.879722][T15687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 627.879739][T15687] Call Trace: [ 627.879749][T15687] [ 627.879760][T15687] dump_stack_lvl+0x16c/0x1f0 [ 627.879804][T15687] should_fail_ex+0x512/0x640 [ 627.879829][T15687] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 627.879870][T15687] should_failslab+0xc2/0x120 [ 627.879896][T15687] kmem_cache_alloc_noprof+0x75/0x6e0 [ 627.879932][T15687] ? __kernfs_new_node+0xd2/0x8e0 [ 627.879963][T15687] ? __kernfs_new_node+0xd2/0x8e0 [ 627.879984][T15687] __kernfs_new_node+0xd2/0x8e0 [ 627.880011][T15687] ? kernfs_add_one+0x37d/0x840 [ 627.880039][T15687] ? __pfx___kernfs_new_node+0x10/0x10 [ 627.880088][T15687] ? find_held_lock+0x2b/0x80 [ 627.880124][T15687] ? kernfs_root+0xee/0x2a0 [ 627.880154][T15687] kernfs_new_node+0x13c/0x1e0 [ 627.880190][T15687] __kernfs_create_file+0x53/0x350 [ 627.880228][T15687] sysfs_add_file_mode_ns+0x207/0x3c0 [ 627.880277][T15687] sysfs_create_file_ns+0x13d/0x1d0 [ 627.880316][T15687] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 627.880352][T15687] ? down_read+0x13d/0x480 [ 627.880380][T15687] ? __pfx___up_read+0x10/0x10 [ 627.880420][T15687] ? acpi_device_notify+0x351/0x480 [ 627.880473][T15687] device_create_file+0xf2/0x1e0 [ 627.880521][T15687] device_add+0x2bf/0x1aa0 [ 627.880548][T15687] ? __pfx_dev_set_name+0x10/0x10 [ 627.880582][T15687] ? __pfx_device_add+0x10/0x10 [ 627.880606][T15687] ? lockdep_init_map_type+0x5c/0x280 [ 627.880637][T15687] ? __init_waitqueue_head+0xca/0x150 [ 627.880678][T15687] rfkill_register+0x1ad/0xb40 [ 627.880714][T15687] nfc_register_device+0x11f/0x3c0 [ 627.880757][T15687] nci_register_device+0x7f1/0xb80 [ 627.880792][T15687] ? __pfx_nci_register_device+0x10/0x10 [ 627.880829][T15687] ? lockdep_init_map_type+0x5c/0x280 [ 627.880863][T15687] virtual_ncidev_open+0x141/0x220 [ 627.880895][T15687] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 627.880925][T15687] misc_open+0x26d/0x450 [ 627.880949][T15687] ? __pfx_misc_open+0x10/0x10 [ 627.880991][T15687] chrdev_open+0x234/0x6a0 [ 627.881038][T15687] ? __pfx_apparmor_file_open+0x10/0x10 [ 627.881069][T15687] ? __pfx_chrdev_open+0x10/0x10 [ 627.881116][T15687] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 627.881166][T15687] do_dentry_open+0x982/0x1530 [ 627.881216][T15687] ? __pfx_chrdev_open+0x10/0x10 [ 627.881292][T15687] vfs_open+0x82/0x3f0 [ 627.881340][T15687] path_openat+0x1de4/0x2cb0 [ 627.881402][T15687] ? __pfx_path_openat+0x10/0x10 [ 627.881443][T15687] ? __lock_acquire+0xb8a/0x1c90 [ 627.881481][T15687] do_filp_open+0x20b/0x470 [ 627.881524][T15687] ? __pfx_do_filp_open+0x10/0x10 [ 627.881597][T15687] ? alloc_fd+0x471/0x7d0 [ 627.881647][T15687] do_sys_openat2+0x11b/0x1d0 [ 627.881677][T15687] ? __pfx_do_sys_openat2+0x10/0x10 [ 627.881721][T15687] __x64_sys_openat+0x174/0x210 [ 627.881770][T15687] ? __pfx___x64_sys_openat+0x10/0x10 [ 627.881817][T15687] do_syscall_64+0xcd/0xfa0 [ 627.881864][T15687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.881893][T15687] RIP: 0033:0x7fc98458efc9 [ 627.881920][T15687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 627.881948][T15687] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 627.881978][T15687] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 627.881997][T15687] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 627.882015][T15687] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 627.882030][T15687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 627.882046][T15687] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 627.882085][T15687] [ 628.294330][T15692] netlink: 330 bytes leftover after parsing attributes in process `syz.5.3162'. [ 628.798995][T15699] ERROR: Out of memory at tomoyo_memory_ok. [ 629.298102][T14951] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 629.437742][T15712] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3168'. [ 629.778060][T15704] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3164'. [ 629.805024][T15704] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode [ 629.832475][T15704] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 631.420962][T15742] capability: warning: `syz.6.3173' uses deprecated v2 capabilities in a way that may be insecure [ 631.882814][T15747] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3177'. [ 631.970053][T15747] vxcan1: entered promiscuous mode [ 632.476694][T15754] FAULT_INJECTION: forcing a failure. [ 632.476694][T15754] name failslab, interval 1, probability 0, space 0, times 0 [ 632.554249][T15754] CPU: 0 UID: 0 PID: 15754 Comm: syz.6.3178 Not tainted syzkaller #0 PREEMPT(full) [ 632.554286][T15754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 632.554302][T15754] Call Trace: [ 632.554311][T15754] [ 632.554328][T15754] dump_stack_lvl+0x16c/0x1f0 [ 632.554379][T15754] should_fail_ex+0x512/0x640 [ 632.554422][T15754] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 632.554466][T15754] should_failslab+0xc2/0x120 [ 632.554500][T15754] kmem_cache_alloc_noprof+0x75/0x6e0 [ 632.554534][T15754] ? vm_area_alloc+0x1f/0x160 [ 632.554574][T15754] ? vm_area_alloc+0x1f/0x160 [ 632.554604][T15754] vm_area_alloc+0x1f/0x160 [ 632.554631][T15754] __mmap_region+0xf85/0x27a0 [ 632.554676][T15754] ? find_held_lock+0x2b/0x80 [ 632.554710][T15754] ? __pfx___mmap_region+0x10/0x10 [ 632.554743][T15754] ? finish_task_switch.isra.0+0x21c/0xc10 [ 632.554781][T15754] ? rcu_is_watching+0x12/0xc0 [ 632.554850][T15754] ? finish_task_switch.isra.0+0x221/0xc10 [ 632.554895][T15754] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 632.554971][T15754] ? __pfx___schedule+0x10/0x10 [ 632.555062][T15754] ? trace_cap_capable+0x18d/0x200 [ 632.555104][T15754] mmap_region+0x1ab/0x3f0 [ 632.555145][T15754] ? __get_unmapped_area+0x267/0x440 [ 632.555183][T15754] do_mmap+0xa3e/0x1210 [ 632.555220][T15754] ? __pfx_do_mmap+0x10/0x10 [ 632.555257][T15754] ? __pfx_down_write_killable+0x10/0x10 [ 632.555304][T15754] vm_mmap_pgoff+0x29e/0x470 [ 632.555336][T15754] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 632.555359][T15754] ? do_sigaltstack.constprop.0+0x547/0x800 [ 632.555400][T15754] ? __x64_sys_futex+0x1e0/0x4c0 [ 632.555429][T15754] ? __x64_sys_futex+0x1e9/0x4c0 [ 632.555465][T15754] ksys_mmap_pgoff+0x7d/0x5c0 [ 632.555497][T15754] __x64_sys_mmap+0x125/0x190 [ 632.555530][T15754] do_syscall_64+0xcd/0xfa0 [ 632.555570][T15754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.555603][T15754] RIP: 0033:0x7f5603f8efc9 [ 632.555630][T15754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.555657][T15754] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 632.555683][T15754] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 632.555702][T15754] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 632.555719][T15754] RBP: 00007f5604011f91 R08: fffffffffffffffa R09: 0000000000008000 [ 632.555737][T15754] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 632.555753][T15754] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 632.555792][T15754] [ 632.903933][T15761] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3183'. [ 633.359643][T15773] netlink: 'syz.1.3181': attribute type 10 has an invalid length. [ 633.531430][T15773] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3181'. [ 633.564899][T15772] FAULT_INJECTION: forcing a failure. [ 633.564899][T15772] name failslab, interval 1, probability 0, space 0, times 0 [ 633.588683][T15770] cougar: G6 mapped to space [ 633.726485][T15772] CPU: 0 UID: 0 PID: 15772 Comm: syz.4.3184 Not tainted syzkaller #0 PREEMPT(full) [ 633.726524][T15772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 633.726539][T15772] Call Trace: [ 633.726548][T15772] [ 633.726559][T15772] dump_stack_lvl+0x16c/0x1f0 [ 633.726603][T15772] should_fail_ex+0x512/0x640 [ 633.726626][T15772] ? __kmalloc_noprof+0xca/0x880 [ 633.726660][T15772] should_failslab+0xc2/0x120 [ 633.726684][T15772] __kmalloc_noprof+0xdd/0x880 [ 633.726712][T15772] ? __pfx_acpi_ut_trace_ptr+0x10/0x10 [ 633.726737][T15772] ? acpi_ns_get_normalized_pathname+0x95/0x250 [ 633.726781][T15772] ? acpi_ns_get_normalized_pathname+0x95/0x250 [ 633.726811][T15772] acpi_ns_get_normalized_pathname+0x95/0x250 [ 633.726845][T15772] acpi_ns_evaluate+0x251/0x16d0 [ 633.726881][T15772] acpi_evaluate_object+0x4ca/0xdf0 [ 633.726924][T15772] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 633.726959][T15772] ? __mutex_trylock_common+0xe9/0x250 [ 633.726998][T15772] acpi_evaluate_integer+0xdd/0x200 [ 633.727029][T15772] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 633.727077][T15772] ? __pfx_status_show+0x10/0x10 [ 633.727111][T15772] status_show+0xa0/0x120 [ 633.727144][T15772] ? __pfx_status_show+0x10/0x10 [ 633.727187][T15772] dev_attr_show+0x56/0xe0 [ 633.727228][T15772] ? __pfx_dev_attr_show+0x10/0x10 [ 633.727261][T15772] sysfs_kf_seq_show+0x216/0x3e0 [ 633.727302][T15772] seq_read_iter+0x50e/0x12d0 [ 633.727356][T15772] kernfs_fop_read_iter+0x46c/0x610 [ 633.727389][T15772] ? rw_verify_area+0xcf/0x6c0 [ 633.727427][T15772] vfs_read+0x8bf/0xcf0 [ 633.727472][T15772] ? __pfx___mutex_lock+0x10/0x10 [ 633.727499][T15772] ? __pfx_vfs_read+0x10/0x10 [ 633.727553][T15772] ksys_read+0x12a/0x250 [ 633.727585][T15772] ? __pfx_ksys_read+0x10/0x10 [ 633.727626][T15772] do_syscall_64+0xcd/0xfa0 [ 633.727666][T15772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.727690][T15772] RIP: 0033:0x7fc98458efc9 [ 633.727711][T15772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.727736][T15772] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 633.727760][T15772] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 633.727777][T15772] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004 [ 633.727792][T15772] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 633.727806][T15772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 633.727821][T15772] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 633.727860][T15772] [ 633.727874][T15772] ACPI Error: [ 634.321143][ T5900] Process accounting resumed [ 634.385290][T15772] Could not allocate 15 bytes (20250807/nsnames-308) [ 634.856019][T15785] netlink: 338 bytes leftover after parsing attributes in process `syz.6.3187'. [ 634.986544][T15785] netlink: 314 bytes leftover after parsing attributes in process `syz.6.3187'. [ 635.942111][T15803] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3195'. [ 636.725082][T15812] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3197'. [ 638.161081][T15823] FAULT_INJECTION: forcing a failure. [ 638.161081][T15823] name failslab, interval 1, probability 0, space 0, times 0 [ 638.199862][T15823] CPU: 0 UID: 0 PID: 15823 Comm: syz.6.3202 Not tainted syzkaller #0 PREEMPT(full) [ 638.199901][T15823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 638.199917][T15823] Call Trace: [ 638.199926][T15823] [ 638.199938][T15823] dump_stack_lvl+0x16c/0x1f0 [ 638.199983][T15823] should_fail_ex+0x512/0x640 [ 638.200007][T15823] ? __kmalloc_cache_noprof+0x5f/0x780 [ 638.200042][T15823] should_failslab+0xc2/0x120 [ 638.200069][T15823] __kmalloc_cache_noprof+0x72/0x780 [ 638.200101][T15823] ? kvm_pic_init+0x4f/0x380 [ 638.200137][T15823] ? kvm_pic_init+0x4f/0x380 [ 638.200165][T15823] kvm_pic_init+0x4f/0x380 [ 638.200197][T15823] kvm_arch_vm_ioctl+0x8f0/0x18b0 [ 638.200239][T15823] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 638.200280][T15823] ? is_bpf_text_address+0x8a/0x1a0 [ 638.200307][T15823] ? bpf_ksym_find+0x124/0x1c0 [ 638.200353][T15823] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 638.200392][T15823] ? is_bpf_text_address+0x94/0x1a0 [ 638.200419][T15823] ? kernel_text_address+0x8d/0x100 [ 638.200450][T15823] ? __kernel_text_address+0xd/0x40 [ 638.200483][T15823] ? unwind_get_return_address+0x59/0xa0 [ 638.200518][T15823] ? arch_stack_walk+0xa6/0x100 [ 638.200557][T15823] ? __lock_acquire+0x622/0x1c90 [ 638.200589][T15823] ? __lock_acquire+0x622/0x1c90 [ 638.200638][T15823] ? bpf_ksym_find+0x124/0x1c0 [ 638.200674][T15823] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 638.200713][T15823] ? is_bpf_text_address+0x94/0x1a0 [ 638.200740][T15823] ? kernel_text_address+0x8d/0x100 [ 638.200770][T15823] ? __kernel_text_address+0xd/0x40 [ 638.200801][T15823] ? unwind_get_return_address+0x59/0xa0 [ 638.200834][T15823] ? arch_stack_walk+0xa6/0x100 [ 638.200880][T15823] ? stack_trace_save+0x8e/0xc0 [ 638.200915][T15823] ? __pfx_stack_trace_save+0x10/0x10 [ 638.200954][T15823] ? stack_depot_save_flags+0x29/0x9c0 [ 638.200980][T15823] ? __lock_acquire+0xb8a/0x1c90 [ 638.201008][T15823] ? kasan_save_stack+0x42/0x60 [ 638.201044][T15823] ? kasan_save_stack+0x33/0x60 [ 638.201079][T15823] ? kasan_save_track+0x14/0x30 [ 638.201111][T15823] ? __kasan_save_free_info+0x3b/0x60 [ 638.201140][T15823] ? __kasan_slab_free+0x5f/0x80 [ 638.201176][T15823] ? kfree+0x2b8/0x6d0 [ 638.201202][T15823] ? tomoyo_path_number_perm+0x470/0x580 [ 638.201239][T15823] kvm_vm_ioctl+0x1a91/0x3fd0 [ 638.201290][T15823] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 638.201355][T15823] ? kasan_quarantine_put+0x10a/0x240 [ 638.201394][T15823] ? lockdep_hardirqs_on+0x7c/0x110 [ 638.201434][T15823] ? find_held_lock+0x2b/0x80 [ 638.201469][T15823] ? tomoyo_path_number_perm+0x295/0x580 [ 638.201503][T15823] ? tomoyo_path_number_perm+0x18d/0x580 [ 638.201538][T15823] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 638.201583][T15823] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 638.201620][T15823] ? do_vfs_ioctl+0x128/0x14f0 [ 638.201650][T15823] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 638.201688][T15823] ? find_held_lock+0x2b/0x80 [ 638.201720][T15823] ? hook_file_ioctl_common+0x145/0x410 [ 638.201761][T15823] ? __fget_files+0x20e/0x3c0 [ 638.201797][T15823] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 638.201835][T15823] __x64_sys_ioctl+0x18e/0x210 [ 638.201864][T15823] do_syscall_64+0xcd/0xfa0 [ 638.201902][T15823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.201930][T15823] RIP: 0033:0x7f5603f8efc9 [ 638.201952][T15823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.201978][T15823] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 638.202004][T15823] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 638.202020][T15823] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 638.202037][T15823] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 638.202052][T15823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.202067][T15823] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 638.202102][T15823] [ 639.378441][T15836] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3206'. [ 639.410286][T15837] netlink: 93 bytes leftover after parsing attributes in process `syz.4.3205'. [ 639.765354][T15759] delete_channel: no stack [ 640.340310][T15854] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3211'. [ 640.751460][T15856] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3212'. [ 641.338210][T15866] vmstat_refresh: nr_hugetlb -7680 [ 642.572514][T15886] ERROR: Out of memory at tomoyo_memory_ok. [ 642.630932][T15886] FAULT_INJECTION: forcing a failure. [ 642.630932][T15886] name failslab, interval 1, probability 0, space 0, times 0 [ 642.784345][T15886] CPU: 0 UID: 0 PID: 15886 Comm: syz.6.3219 Not tainted syzkaller #0 PREEMPT(full) [ 642.784388][T15886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 642.784404][T15886] Call Trace: [ 642.784415][T15886] [ 642.784427][T15886] dump_stack_lvl+0x16c/0x1f0 [ 642.784488][T15886] should_fail_ex+0x512/0x640 [ 642.784515][T15886] ? fs_reclaim_acquire+0xae/0x150 [ 642.784545][T15886] should_failslab+0xc2/0x120 [ 642.784573][T15886] __kmalloc_cache_noprof+0x72/0x780 [ 642.784605][T15886] ? __pfx_tomoyo_init_log+0x10/0x10 [ 642.784641][T15886] ? tomoyo_write_log2+0x33d/0xc10 [ 642.784682][T15886] ? tomoyo_write_log2+0x33d/0xc10 [ 642.784717][T15886] tomoyo_write_log2+0x33d/0xc10 [ 642.784760][T15886] tomoyo_supervisor+0x15e/0x13b0 [ 642.784807][T15886] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 642.784881][T15886] ? __pfx_vsnprintf+0x10/0x10 [ 642.784944][T15886] ? tomoyo_check_path_number_acl+0xa6/0x2f0 [ 642.784990][T15886] tomoyo_path_number_perm+0x448/0x580 [ 642.785026][T15886] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 642.785057][T15886] ? futex_wake+0x1ad/0x530 [ 642.785125][T15886] ? find_held_lock+0x2b/0x80 [ 642.785160][T15886] ? hook_file_ioctl_common+0x145/0x410 [ 642.785203][T15886] ? __fget_files+0x20e/0x3c0 [ 642.785237][T15886] security_file_ioctl+0x9b/0x240 [ 642.785273][T15886] __x64_sys_ioctl+0xb7/0x210 [ 642.785306][T15886] do_syscall_64+0xcd/0xfa0 [ 642.785347][T15886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.785374][T15886] RIP: 0033:0x7f5603f8efc9 [ 642.785396][T15886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.785423][T15886] RSP: 002b:00007f5604e09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.785448][T15886] RAX: ffffffffffffffda RBX: 00007f56041e6090 RCX: 00007f5603f8efc9 [ 642.785466][T15886] RDX: 0000000000000006 RSI: 00000000000007a0 RDI: 0000000000000007 [ 642.785482][T15886] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 642.785499][T15886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.785516][T15886] R13: 00007f56041e6128 R14: 00007f56041e6090 R15: 00007ffc2110f7b8 [ 642.785552][T15886] [ 643.920555][T15894] netlink: 186 bytes leftover after parsing attributes in process `syz.6.3224'. [ 645.617077][T15916] netlink: 246 bytes leftover after parsing attributes in process `syz.6.3231'. [ 647.697568][T15950] kAFS: unparsable volume name [ 648.715841][T15966] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3244: iget: checksum invalid [ 648.733914][T15966] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 648.771963][T15971] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3248'. [ 648.866448][T15966] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3244: iget: checksum invalid [ 648.880642][T15966] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 648.893121][T15966] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3244: iget: checksum invalid [ 648.912302][T15966] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 648.925838][T15966] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3244: iget: checksum invalid [ 648.938770][T15966] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 648.949272][T15966] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 648.959545][T15966] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 649.776875][T15983] random: crng reseeded on system resumption [ 649.797224][T15983] Restarting kernel threads ... [ 649.806631][T15983] Done restarting kernel threads. [ 654.379725][T16039] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3266'. [ 657.870668][T16085] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3278'. [ 658.389017][T16100] netlink: 338 bytes leftover after parsing attributes in process `syz.6.3281'. [ 658.402711][T16100] bridge0: port 2(team0) entered disabled state [ 658.409628][T16100] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.950728][T16115] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3287'. [ 659.037675][T16116] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3287'. [ 659.963092][T16131] random: crng reseeded on system resumption [ 660.049233][T14951] Bluetooth: hci1: unexpected event 0x3d length: 726 > 14 [ 660.075582][T16128] [U]  [ 660.085534][T16128] [U] [ 660.088248][T16128] [U] [ 660.091043][T16128] [U] [ 660.338612][T16128] [U] [ 660.341371][T16128] [U] [ 660.344090][T16128] [U] [ 660.346811][T16128] [U] [ 660.396972][T16128] [U] [ 660.399678][T16128] [U] [ 660.402366][T16128] [U] [ 660.405041][T16128] [U] [ 660.408239][T16128] [U] [ 660.410971][T16128] [U] [ 660.413689][T16128] [U] [ 660.416398][T16128] [U] [ 660.419515][T16128] [U] [ 660.422236][T16128] [U] [ 660.425040][T16128] [U] [ 660.427759][T16128] [U] [ 660.431161][T16128] [U] [ 660.433973][T16128] [U] [ 660.436682][T16128] [U] [ 660.439393][T16128] [U] [ 660.442489][T16128] [U] [ 660.445206][T16128] [U] [ 660.447919][T16128] [U] [ 660.450634][T16128] [U] [ 660.454712][T16128] [U] [ 660.457402][T16128] [U] [ 660.460077][T16128] [U] [ 660.462766][T16128] [U] [ 660.528212][T16128] [U] [ 660.530962][T16128] [U] [ 660.533670][T16128] [U] [ 660.536380][T16128] [U] [ 660.650419][T16128] [U] [ 660.653183][T16128] [U] [ 660.655919][T16128] [U] [ 660.658643][T16128] [U] [ 660.880489][T16128] [U] [ 660.883243][T16128] [U] [ 660.885961][T16128] [U] [ 660.888679][T16128] [U] [ 660.891762][T16128] [U] [ 660.894488][T16128] [U] [ 660.897198][T16128] [U] [ 660.899893][T16128] [U] [ 660.903452][T16128] [U] [ 660.906179][T16128] [U] [ 660.908902][T16128] [U] [ 660.911699][T16128] [U] [ 660.914708][T16128] [U] [ 660.917424][T16128] [U] [ 660.920132][T16128] [U] [ 660.922846][T16128] [U] [ 660.926536][T16128] [U] [ 660.929257][T16128] [U] [ 660.931971][T16128] [U] [ 660.934681][T16128] [U] [ 660.937649][T16128] [U] [ 660.940365][T16128] [U] [ 660.943081][T16128] [U] [ 660.945795][T16128] [U] [ 660.948909][T16128] [U] [ 660.951622][T16128] [U] [ 660.954333][T16128] [U] [ 660.957041][T16128] [U] [ 660.960052][T16128] [U] [ 660.962763][T16128] [U] [ 660.965478][T16128] [U] [ 660.968190][T16128] [U] [ 660.971508][T16128] [U] [ 660.974211][T16128] [U] [ 660.976887][T16128] [U] [ 660.979566][T16128] [U] [ 660.982608][T16128] [U] [ 660.985332][T16128] [U] [ 660.988042][T16128] [U] [ 660.990758][T16128] [U] [ 660.993698][T16128] [U] [ 660.996410][T16128] [U] [ 660.999126][T16128] [U] [ 661.001834][T16128] [U] [ 661.012725][T16128] [U] [ 661.015482][T16128] [U] [ 661.018190][T16128] [U] [ 661.020902][T16128] [U] [ 661.192186][T16128] [U] [ 661.194944][T16128] [U] [ 661.197659][T16128] [U] [ 661.200414][T16128] [U] [ 661.287850][T16128] [U] [ 661.290601][T16128] [U] [ 661.293309][T16128] [U] [ 661.296013][T16128] [U] [ 661.397949][T16128] [U] [ 661.400709][T16128] [U] [ 661.403436][T16128] [U] [ 661.406149][T16128] [U] [ 661.463797][T16128] [U] [ 661.466510][T16128] [U] [ 661.469184][T16128] [U] [ 661.471860][T16128] [U] [ 661.516843][T16128] [U] [ 661.519598][T16128] [U] [ 661.522304][T16128] [U] [ 661.525013][T16128] [U] [ 661.644359][T16128] [U] [ 663.968579][T16168] netlink: zone id is out of range [ 664.097805][T16168] netlink: del zone limit has 4 unknown bytes [ 664.599560][T16172] HfR: entered promiscuous mode [ 664.736308][T16167] netlink: set zone limit has 8 unknown bytes [ 666.183118][T16198] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3307'. [ 666.298546][T16198] mac80211_hwsim hwsim13 wlan1: left promiscuous mode [ 666.775612][T16206] FAULT_INJECTION: forcing a failure. [ 666.775612][T16206] name failslab, interval 1, probability 0, space 0, times 0 [ 666.870772][T16206] CPU: 1 UID: 0 PID: 16206 Comm: syz.6.3309 Not tainted syzkaller #0 PREEMPT(full) [ 666.870835][T16206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 666.870853][T16206] Call Trace: [ 666.870862][T16206] [ 666.870873][T16206] dump_stack_lvl+0x16c/0x1f0 [ 666.870922][T16206] should_fail_ex+0x512/0x640 [ 666.870946][T16206] ? __kmalloc_cache_noprof+0x5f/0x780 [ 666.870988][T16206] should_failslab+0xc2/0x120 [ 666.871017][T16206] __kmalloc_cache_noprof+0x72/0x780 [ 666.871050][T16206] ? lockdep_hardirqs_on+0x7c/0x110 [ 666.871090][T16206] ? sctp_endpoint_new+0xfc/0xb20 [ 666.871125][T16206] ? sctp_endpoint_new+0xfc/0xb20 [ 666.871150][T16206] sctp_endpoint_new+0xfc/0xb20 [ 666.871182][T16206] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 666.871209][T16206] ? lockdep_init_map_type+0x5c/0x280 [ 666.871240][T16206] ? lockdep_init_map_type+0x5c/0x280 [ 666.871277][T16206] sctp_init_sock+0xe2b/0x12f0 [ 666.871354][T16206] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 666.871399][T16206] sctp_v6_init_sock+0x16/0x70 [ 666.871436][T16206] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 666.871477][T16206] inet6_create+0xb30/0x12b0 [ 666.871504][T16206] ? inet6_create+0x7f/0x12b0 [ 666.871535][T16206] __sock_create+0x338/0x8d0 [ 666.871573][T16206] __sys_socket+0x14d/0x260 [ 666.871607][T16206] ? __pfx___sys_socket+0x10/0x10 [ 666.871639][T16206] ? xfd_validate_state+0x61/0x180 [ 666.871670][T16206] ? __pfx_ksys_write+0x10/0x10 [ 666.871712][T16206] __x64_sys_socket+0x72/0xb0 [ 666.871745][T16206] ? lockdep_hardirqs_on+0x7c/0x110 [ 666.871783][T16206] do_syscall_64+0xcd/0xfa0 [ 666.871826][T16206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.871853][T16206] RIP: 0033:0x7f5603f8efc9 [ 666.871875][T16206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.871905][T16206] RSP: 002b:00007f5604e09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 666.871932][T16206] RAX: ffffffffffffffda RBX: 00007f56041e6090 RCX: 00007f5603f8efc9 [ 666.871950][T16206] RDX: 0000000000000084 RSI: 0000000000000005 RDI: 000000000000000a [ 666.871967][T16206] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 666.871986][T16206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.872003][T16206] R13: 00007f56041e6128 R14: 00007f56041e6090 R15: 00007ffc2110f7b8 [ 666.872039][T16206] [ 667.245460][T16208] ubi31: attaching mtd0 [ 667.255051][T16208] ubi31: scanning is finished [ 667.317386][T16208] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 667.747449][T16208] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 668.284219][T16218] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3313'. [ 670.338906][T16242] FAULT_INJECTION: forcing a failure. [ 670.338906][T16242] name fail_futex, interval 1, probability 0, space 0, times 0 [ 670.408744][T16242] CPU: 1 UID: 0 PID: 16242 Comm: syz.6.3319 Not tainted syzkaller #0 PREEMPT(full) [ 670.408781][T16242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 670.408797][T16242] Call Trace: [ 670.408807][T16242] [ 670.408817][T16242] dump_stack_lvl+0x16c/0x1f0 [ 670.408861][T16242] should_fail_ex+0x512/0x640 [ 670.408891][T16242] get_futex_key+0x1d0/0x1560 [ 670.408950][T16242] ? __pfx_get_futex_key+0x10/0x10 [ 670.408992][T16242] ? stack_trace_save+0x8e/0xc0 [ 670.409031][T16242] ? __pfx_stack_trace_save+0x10/0x10 [ 670.409069][T16242] ? stack_depot_save_flags+0x29/0x9c0 [ 670.409098][T16242] futex_wait_setup+0x9d/0x550 [ 670.409140][T16242] __futex_wait+0x193/0x2f0 [ 670.409173][T16242] ? __pfx___futex_wait+0x10/0x10 [ 670.409208][T16242] ? __pfx_futex_wake_mark+0x10/0x10 [ 670.409250][T16242] ? futex_private_hash_put+0x176/0x300 [ 670.409294][T16242] ? futex_private_hash_put+0x18a/0x300 [ 670.409338][T16242] futex_wait+0xe8/0x380 [ 670.409369][T16242] ? __pfx_futex_wait+0x10/0x10 [ 670.409409][T16242] ? kmem_cache_free+0x2d4/0x6c0 [ 670.409440][T16242] ? putname+0x154/0x1a0 [ 670.409473][T16242] do_futex+0x229/0x350 [ 670.409499][T16242] ? __pfx_do_futex+0x10/0x10 [ 670.409528][T16242] ? __fput+0x68d/0xb70 [ 670.409556][T16242] __x64_sys_futex+0x1e0/0x4c0 [ 670.409585][T16242] ? __x64_sys_openat+0x174/0x210 [ 670.409615][T16242] ? __pfx___x64_sys_futex+0x10/0x10 [ 670.409657][T16242] do_syscall_64+0xcd/0xfa0 [ 670.409697][T16242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.409726][T16242] RIP: 0033:0x7f5603f8efc9 [ 670.409747][T16242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.409772][T16242] RSP: 002b:00007f5604e2a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 670.409798][T16242] RAX: ffffffffffffffda RBX: 00007f56041e5fa8 RCX: 00007f5603f8efc9 [ 670.409817][T16242] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f56041e5fa8 [ 670.409833][T16242] RBP: 00007f56041e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 670.409849][T16242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.409865][T16242] R13: 00007f56041e6038 R14: 00007ffc2110f6d0 R15: 00007ffc2110f7b8 [ 670.409902][T16242] [ 671.422926][T16250] netlink: 'syz.6.3322': attribute type 1 has an invalid length. [ 671.454589][T16250] netlink: 54 bytes leftover after parsing attributes in process `syz.6.3322'. [ 671.523502][T16247] ima: policy update failed [ 671.541041][ T30] audit: type=1802 audit(4294968142.042:24): pid=16247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.3322" res=0 errno=0 [ 672.920397][T16271] zswap: compressor not available [ 673.368732][T16286] netlink: 13 bytes leftover after parsing attributes in process `syz.6.3331'. [ 674.889224][T14951] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 675.148418][T16316] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3340'. [ 675.181000][T16316] netlink: 'syz.5.3340': attribute type 1 has an invalid length. [ 675.216849][T16316] netlink: 'syz.5.3340': attribute type 6 has an invalid length. [ 675.592356][T16329] block nbd7: not configured, cannot reconfigure [ 675.761262][T16327] netlink: 25 bytes leftover after parsing attributes in process `syz.5.3344'. [ 676.254409][T16336] Invalid ELF header magic: != ELF [ 676.284765][T16335] delete_channel: no stack [ 676.433332][T16340] Invalid ELF header magic: != ELF [ 676.950088][T16353] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 676.976360][ C1] vkms_vblank_simulate: vblank timer overrun [ 677.068216][T16353] CIFS mount error: No usable UNC path provided in device string! [ 677.068216][T16353] [ 677.132957][T16353] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 677.142913][T16356] netlink: 146 bytes leftover after parsing attributes in process `syz.4.3352'. [ 677.336683][T16360] netlink: 186 bytes leftover after parsing attributes in process `syz.6.3353'. [ 677.493619][T16364] __vm_enough_memory: pid: 16364, comm: syz.1.3355, bytes: 4398046511104 not enough memory for the allocation [ 679.908972][T16413] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3366'. [ 680.166188][T16415] FAULT_INJECTION: forcing a failure. [ 680.166188][T16415] name failslab, interval 1, probability 0, space 0, times 0 [ 680.179780][T16415] CPU: 1 UID: 0 PID: 16415 Comm: syz.4.3367 Not tainted syzkaller #0 PREEMPT(full) [ 680.179819][T16415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 680.179836][T16415] Call Trace: [ 680.179846][T16415] [ 680.179858][T16415] dump_stack_lvl+0x16c/0x1f0 [ 680.179901][T16415] should_fail_ex+0x512/0x640 [ 680.179931][T16415] should_failslab+0xc2/0x120 [ 680.179959][T16415] __kmalloc_cache_noprof+0x72/0x780 [ 680.180010][T16415] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 680.180042][T16415] ? tipc_nametbl_insert_publ+0x700/0x1720 [ 680.180074][T16415] ? tipc_nametbl_insert_publ+0x700/0x1720 [ 680.180101][T16415] tipc_nametbl_insert_publ+0x700/0x1720 [ 680.180130][T16415] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 680.180167][T16415] ? net_generic+0xea/0x2a0 [ 680.180200][T16415] tipc_nametbl_publish+0x137/0x280 [ 680.180228][T16415] tipc_sk_publish+0x1d8/0x430 [ 680.180254][T16415] ? __pfx_tipc_sk_publish+0x10/0x10 [ 680.180279][T16415] ? __local_bh_enable_ip+0xa4/0x120 [ 680.180314][T16415] tipc_sk_bind+0x16f/0x380 [ 680.180337][T16415] tipc_bind+0x190/0x2a0 [ 680.180363][T16415] __sys_bind+0x1a7/0x260 [ 680.180394][T16415] ? __pfx___sys_bind+0x10/0x10 [ 680.180434][T16415] ? xfd_validate_state+0x61/0x180 [ 680.180457][T16415] ? __pfx_do_writev+0x10/0x10 [ 680.180493][T16415] __x64_sys_bind+0x72/0xb0 [ 680.180525][T16415] ? lockdep_hardirqs_on+0x7c/0x110 [ 680.180560][T16415] do_syscall_64+0xcd/0xfa0 [ 680.180596][T16415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 680.180624][T16415] RIP: 0033:0x7fc98458efc9 [ 680.180646][T16415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 680.180668][T16415] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 680.180693][T16415] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 680.180711][T16415] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000008 [ 680.180728][T16415] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 680.180743][T16415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 680.180756][T16415] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 680.180789][T16415] [ 680.180799][T16415] tipc: Failed to bind to 65,0,0 [ 683.899652][ T30] audit: type=1800 audit(4294968154.470:25): pid=16551 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3383" name="dbroot" dev="configfs" ino=148217 res=0 errno=0 [ 684.131155][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 684.138922][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 684.836751][ T30] audit: type=1326 audit(4294968155.404:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16559 comm="syz.4.3386" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc98458efc9 code=0x0 [ 684.916574][T16565] FAULT_INJECTION: forcing a failure. [ 684.916574][T16565] name failslab, interval 1, probability 0, space 0, times 0 [ 685.015731][T16565] CPU: 0 UID: 0 PID: 16565 Comm: syz.4.3386 Not tainted syzkaller #0 PREEMPT(full) [ 685.015770][T16565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 685.015786][T16565] Call Trace: [ 685.015796][T16565] [ 685.015807][T16565] dump_stack_lvl+0x16c/0x1f0 [ 685.015853][T16565] should_fail_ex+0x512/0x640 [ 685.015878][T16565] ? __kmalloc_cache_noprof+0x5f/0x780 [ 685.015916][T16565] should_failslab+0xc2/0x120 [ 685.015943][T16565] __kmalloc_cache_noprof+0x72/0x780 [ 685.015976][T16565] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 685.016017][T16565] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 685.016050][T16565] snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 685.016088][T16565] ? trace_contention_end+0xdd/0x130 [ 685.016118][T16565] ? __mutex_lock+0x1c5/0x1060 [ 685.016149][T16565] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 685.016185][T16565] ? __pfx___mutex_lock+0x10/0x10 [ 685.016219][T16565] ? __fsnotify_parent+0x24b/0xc40 [ 685.016266][T16565] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 685.016300][T16565] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 685.016329][T16565] snd_pcm_oss_sync+0x1de/0x840 [ 685.016364][T16565] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 685.016396][T16565] snd_pcm_oss_release+0x28b/0x310 [ 685.016429][T16565] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 685.016460][T16565] __fput+0x402/0xb70 [ 685.016507][T16565] task_work_run+0x150/0x240 [ 685.016541][T16565] ? __pfx_task_work_run+0x10/0x10 [ 685.016573][T16565] ? __pfx___do_sys_close_range+0x10/0x10 [ 685.016618][T16565] exit_to_user_mode_loop+0xec/0x130 [ 685.016649][T16565] do_syscall_64+0x426/0xfa0 [ 685.016689][T16565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.016716][T16565] RIP: 0033:0x7fc98458efc9 [ 685.016739][T16565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.016764][T16565] RSP: 002b:00007fc985366038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 685.016790][T16565] RAX: 0000000000000000 RBX: 00007fc9847e6090 RCX: 00007fc98458efc9 [ 685.016808][T16565] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 685.016825][T16565] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 685.016840][T16565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.016857][T16565] R13: 00007fc9847e6128 R14: 00007fc9847e6090 R15: 00007ffd15e43168 [ 685.016893][T16565] [ 685.851054][T16582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3390'. [ 685.928332][T16582] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3390'. [ 688.488819][T14951] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 688.841532][T16691] Process accounting resumed [ 689.669292][T16698] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3400'. [ 689.737182][T16698] netlink: 314 bytes leftover after parsing attributes in process `syz.4.3400'. [ 690.070652][T16705] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3402'. [ 690.505933][T16705] team0: Port device team_slave_1 removed [ 690.576251][T16707] FAULT_INJECTION: forcing a failure. [ 690.576251][T16707] name failslab, interval 1, probability 0, space 0, times 0 [ 690.714628][T16707] CPU: 1 UID: 0 PID: 16707 Comm: syz.6.3403 Not tainted syzkaller #0 PREEMPT(full) [ 690.714665][T16707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 690.714680][T16707] Call Trace: [ 690.714690][T16707] [ 690.714700][T16707] dump_stack_lvl+0x16c/0x1f0 [ 690.714742][T16707] should_fail_ex+0x512/0x640 [ 690.714766][T16707] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 690.714813][T16707] should_failslab+0xc2/0x120 [ 690.714840][T16707] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 690.714879][T16707] ? xfrm_sysctl_init+0x10a/0x2d0 [ 690.714921][T16707] ? kmemdup_noprof+0x29/0x60 [ 690.714953][T16707] kmemdup_noprof+0x29/0x60 [ 690.714988][T16707] xfrm_sysctl_init+0x10a/0x2d0 [ 690.715028][T16707] xfrm_net_init+0x842/0xcc0 [ 690.715070][T16707] ? __pfx_xfrm_net_init+0x10/0x10 [ 690.715104][T16707] ops_init+0x1e2/0x5f0 [ 690.715132][T16707] setup_net+0x100/0x390 [ 690.715157][T16707] ? __pfx_setup_net+0x10/0x10 [ 690.715192][T16707] ? debug_mutex_init+0x37/0x70 [ 690.715233][T16707] copy_net_ns+0x2f8/0x690 [ 690.715265][T16707] create_new_namespaces+0x3ea/0xa90 [ 690.715322][T16707] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 690.715367][T16707] ksys_unshare+0x45b/0xa40 [ 690.715395][T16707] ? __pfx_ksys_unshare+0x10/0x10 [ 690.715423][T16707] ? xfd_validate_state+0x61/0x180 [ 690.715468][T16707] __x64_sys_unshare+0x31/0x40 [ 690.715493][T16707] do_syscall_64+0xcd/0xfa0 [ 690.715532][T16707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.715559][T16707] RIP: 0033:0x7f5603f8efc9 [ 690.715581][T16707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.715607][T16707] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 690.715633][T16707] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 690.715651][T16707] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 690.715667][T16707] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 690.715683][T16707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 690.715699][T16707] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 690.715737][T16707] [ 693.925937][T16833] FAULT_INJECTION: forcing a failure. [ 693.925937][T16833] name failslab, interval 1, probability 0, space 0, times 0 [ 693.975209][T16833] CPU: 0 UID: 0 PID: 16833 Comm: syz.6.3414 Not tainted syzkaller #0 PREEMPT(full) [ 693.975247][T16833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 693.975264][T16833] Call Trace: [ 693.975275][T16833] [ 693.975286][T16833] dump_stack_lvl+0x16c/0x1f0 [ 693.975330][T16833] should_fail_ex+0x512/0x640 [ 693.975355][T16833] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 693.975397][T16833] should_failslab+0xc2/0x120 [ 693.975420][T16833] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 693.975451][T16833] ? d_lookup+0xe7/0x190 [ 693.975478][T16833] ? alloc_inode+0x64/0x240 [ 693.975509][T16833] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 693.975539][T16833] ? alloc_inode+0x64/0x240 [ 693.975569][T16833] alloc_inode+0x64/0x240 [ 693.975598][T16833] new_inode+0x22/0x1c0 [ 693.975628][T16833] __debugfs_create_file+0x11c/0x6b0 [ 693.975665][T16833] debugfs_create_file_full+0x41/0x60 [ 693.975702][T16833] ref_tracker_dir_debugfs+0x19d/0x290 [ 693.975731][T16833] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 693.975796][T16833] ? lockdep_init_map_type+0x5c/0x280 [ 693.975832][T16833] preinit_net.part.0+0x437/0x8a0 [ 693.975876][T16833] copy_net_ns+0x3ba/0x690 [ 693.975917][T16833] create_new_namespaces+0x3ea/0xa90 [ 693.975966][T16833] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 693.976009][T16833] ksys_unshare+0x45b/0xa40 [ 693.976036][T16833] ? __pfx_ksys_unshare+0x10/0x10 [ 693.976066][T16833] ? syscall_user_dispatch+0x78/0x140 [ 693.976106][T16833] __x64_sys_unshare+0x31/0x40 [ 693.976131][T16833] do_syscall_64+0xcd/0xfa0 [ 693.976172][T16833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 693.976199][T16833] RIP: 0033:0x7f5603f8efc9 [ 693.976221][T16833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 693.976246][T16833] RSP: 002b:00007f5604e09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 693.976273][T16833] RAX: ffffffffffffffda RBX: 00007f56041e6090 RCX: 00007f5603f8efc9 [ 693.976291][T16833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 693.976309][T16833] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 693.976326][T16833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 693.976343][T16833] R13: 00007f56041e6128 R14: 00007f56041e6090 R15: 00007ffc2110f7b8 [ 693.976381][T16833] [ 694.284265][T16833] debugfs: out of free dentries, can not create file 'net_notrefcnt@ffff88805e528220' [ 694.731821][T16842] hub 8-0:1.0: USB hub found [ 694.819210][T16842] hub 8-0:1.0: 1 port detected [ 694.888273][T16860] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3417'. [ 696.300861][T16918] bond0: invalid ARP target specified [ 701.301354][T17045] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3437'. [ 701.576899][T14951] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 701.586681][T14951] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 701.596103][T14951] CPU: 1 UID: 0 PID: 14951 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 701.596141][T14951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 701.596159][T14951] Workqueue: hci3 hci_rx_work [ 701.596197][T14951] Call Trace: [ 701.596206][T14951] [ 701.596216][T14951] dump_stack_lvl+0x16c/0x1f0 [ 701.596254][T14951] sysfs_warn_dup+0x7f/0xa0 [ 701.596294][T14951] sysfs_create_dir_ns+0x24b/0x2b0 [ 701.596331][T14951] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 701.596365][T14951] ? find_held_lock+0x2b/0x80 [ 701.596404][T14951] ? do_raw_spin_unlock+0x172/0x230 [ 701.596439][T14951] kobject_add_internal+0x2c4/0x9b0 [ 701.596471][T14951] kobject_add+0x16e/0x240 [ 701.596496][T14951] ? __pfx_kobject_add+0x10/0x10 [ 701.596525][T14951] ? do_raw_spin_unlock+0x172/0x230 [ 701.596558][T14951] ? kobject_put+0xab/0x5a0 [ 701.596593][T14951] device_add+0x288/0x1aa0 [ 701.596620][T14951] ? __pfx_dev_set_name+0x10/0x10 [ 701.596647][T14951] ? __pfx_device_add+0x10/0x10 [ 701.596672][T14951] ? mgmt_send_event_skb+0x2fb/0x460 [ 701.596715][T14951] hci_conn_add_sysfs+0x17e/0x230 [ 701.596760][T14951] le_conn_complete_evt+0x1260/0x2150 [ 701.596804][T14951] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 701.596840][T14951] ? bt_warn+0xe4/0x120 [ 701.596880][T14951] ? __pfx_bt_warn+0x10/0x10 [ 701.596923][T14951] hci_le_conn_complete_evt+0x23c/0x370 [ 701.596970][T14951] hci_le_meta_evt+0x357/0x5e0 [ 701.597010][T14951] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 701.597049][T14951] hci_event_packet+0x685/0x11c0 [ 701.597083][T14951] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 701.597120][T14951] ? __pfx_hci_event_packet+0x10/0x10 [ 701.597156][T14951] ? kcov_remote_start+0x3c9/0x6d0 [ 701.597189][T14951] ? lockdep_hardirqs_on+0x7c/0x110 [ 701.597235][T14951] hci_rx_work+0x2c5/0x16b0 [ 701.597276][T14951] ? rcu_is_watching+0x12/0xc0 [ 701.597317][T14951] process_one_work+0x9cf/0x1b70 [ 701.597370][T14951] ? __pfx_process_one_work+0x10/0x10 [ 701.597414][T14951] ? assign_work+0x1a0/0x250 [ 701.597445][T14951] worker_thread+0x6c8/0xf10 [ 701.597490][T14951] ? __pfx_worker_thread+0x10/0x10 [ 701.597518][T14951] kthread+0x3c5/0x780 [ 701.597549][T14951] ? __pfx_kthread+0x10/0x10 [ 701.597581][T14951] ? rcu_is_watching+0x12/0xc0 [ 701.597615][T14951] ? __pfx_kthread+0x10/0x10 [ 701.597645][T14951] ret_from_fork+0x675/0x7d0 [ 701.597675][T14951] ? __pfx_kthread+0x10/0x10 [ 701.597705][T14951] ret_from_fork_asm+0x1a/0x30 [ 701.597752][T14951] [ 701.597782][T14951] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 701.729015][T17054] ima: policy update failed [ 701.733344][T14951] Bluetooth: hci3: failed to register connection device [ 701.783056][ T30] audit: type=1802 audit(4294968172.424:27): pid=17054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.3438" res=0 errno=0 [ 702.452326][T17071] syz.5.3444: vmalloc error: size 8192, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 702.569536][T17071] CPU: 0 UID: 0 PID: 17071 Comm: syz.5.3444 Not tainted syzkaller #0 PREEMPT(full) [ 702.569573][T17071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 702.569589][T17071] Call Trace: [ 702.569598][T17071] [ 702.569610][T17071] dump_stack_lvl+0x16c/0x1f0 [ 702.569655][T17071] warn_alloc+0x248/0x3a0 [ 702.569692][T17071] ? __pfx_warn_alloc+0x10/0x10 [ 702.569729][T17071] ? alloc_pages_mpol+0x25a/0x550 [ 702.569759][T17071] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 702.569794][T17071] ? __pfx_alloc_pages_bulk_mempolicy_noprof+0x10/0x10 [ 702.569832][T17071] ? __kmalloc_node_noprof+0x364/0x8a0 [ 702.569871][T17071] ? __get_vm_area_node+0x208/0x330 [ 702.569905][T17071] __vmalloc_node_range_noprof+0x119b/0x1480 [ 702.569953][T17071] ? kernel_clone+0xfc/0x930 [ 702.569988][T17071] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 702.570026][T17071] ? rcu_is_watching+0x12/0xc0 [ 702.570065][T17071] ? kernel_clone+0xfc/0x930 [ 702.570089][T17071] __vmalloc_node_noprof+0xad/0xf0 [ 702.570117][T17071] ? kernel_clone+0xfc/0x930 [ 702.570145][T17071] copy_process+0x2c77/0x76a0 [ 702.570170][T17071] ? __pfx___futex_wait+0x10/0x10 [ 702.570200][T17071] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 702.570235][T17071] ? lockdep_hardirqs_on+0x7c/0x110 [ 702.570284][T17071] ? __pfx_copy_process+0x10/0x10 [ 702.570323][T17071] ? futex_private_hash_put+0x176/0x300 [ 702.570368][T17071] ? futex_private_hash_put+0x18a/0x300 [ 702.570415][T17071] kernel_clone+0xfc/0x930 [ 702.570442][T17071] ? __pfx_kernel_clone+0x10/0x10 [ 702.570486][T17071] __do_sys_clone+0xce/0x120 [ 702.570511][T17071] ? __pfx___do_sys_clone+0x10/0x10 [ 702.570550][T17071] ? xfd_validate_state+0x61/0x180 [ 702.570576][T17071] ? __pfx_do_writev+0x10/0x10 [ 702.570621][T17071] do_syscall_64+0xcd/0xfa0 [ 702.570659][T17071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.570686][T17071] RIP: 0033:0x7f1fb798efc9 [ 702.570708][T17071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 702.570733][T17071] RSP: 002b:00007f1fb88b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 702.570759][T17071] RAX: ffffffffffffffda RBX: 00007f1fb7be5fa0 RCX: 00007f1fb798efc9 [ 702.570843][T17071] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000000006a7 [ 702.570861][T17071] RBP: 00007f1fb7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 702.570878][T17071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 702.570895][T17071] R13: 00007f1fb7be6038 R14: 00007f1fb7be5fa0 R15: 00007ffdfc56bae8 [ 702.570932][T17071] [ 702.570943][T17071] Mem-Info: [ 702.907098][T17071] active_anon:29660 inactive_anon:14251 isolated_anon:1025 [ 702.907098][T17071] active_file:19605 inactive_file:53872 isolated_file:25 [ 702.907098][T17071] unevictable:768 dirty:404 writeback:0 [ 702.907098][T17071] slab_reclaimable:12979 slab_unreclaimable:97413 [ 702.907098][T17071] mapped:26992 shmem:34065 pagetables:1549 [ 702.907098][T17071] sec_pagetables:0 bounce:0 [ 702.907098][T17071] kernel_misc_reclaimable:0 [ 702.907098][T17071] free:1242078 free_pcp:29983 free_cma:0 [ 703.055758][T17071] Node 0 active_anon:116240kB inactive_anon:57004kB active_file:78420kB inactive_file:214992kB unevictable:1536kB isolated(anon):4100kB isolated(file):100kB mapped:109064kB dirty:1616kB writeback:0kB shmem:132524kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12284kB pagetables:5868kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 703.093844][T17071] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:496kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 703.333753][T17071] Node 0 DMA free:15356kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 703.475846][T17071] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 703.481689][T17071] Node 0 DMA32 free:1088644kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:109356kB inactive_anon:57004kB active_file:78420kB inactive_file:214988kB unevictable:1536kB writepending:1616kB zspages:1036kB present:3129332kB managed:2543576kB mlocked:0kB bounce:0kB free_pcp:82612kB local_pcp:52360kB free_cma:0kB [ 703.562908][T17071] lowmem_reserve[]: 0 0 1 1 1 [ 703.602476][T17071] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 703.658170][T17086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3447'. [ 703.669664][T17086] netlink: 'syz.1.3447': attribute type 1 has an invalid length. [ 703.678565][T17086] netlink: 13 bytes leftover after parsing attributes in process `syz.1.3447'. [ 703.716300][T17071] lowmem_reserve[]: 0 0 0 0 0 [ 703.721084][T17071] Node 1 Normal free:3886076kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:596kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:33452kB local_pcp:9156kB free_cma:0kB [ 703.769769][T17071] lowmem_reserve[]: 0 0 0 0 0 [ 703.800393][T14952] Bluetooth: hci3: command 0x0c1a tx timeout [ 703.842654][T17071] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB [ 703.905456][T17071] Node 0 DMA32: 7510*4kB (UME) 1539*8kB (UME) 1027*16kB (UM) 890*32kB (UME) 660*64kB (UM) 326*128kB (UME) 131*256kB (UM) 44*512kB (ME) 56*1024kB (UM) 27*2048kB (UME) 187*4096kB (UM) = 1105888kB [ 703.942682][T17071] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 704.018988][T17093] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 704.033712][T17071] Node 1 Normal: 129*4kB (UE) 41*8kB (UE) 30*16kB (UME) 204*32kB (UME) 70*64kB (UME) 15*128kB (UE) 4*256kB (U) 2*512kB (U) 1*1024kB (E) 1*2048kB (E) 944*4096kB (M) = 3885996kB [ 704.108723][T17071] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 704.221175][T17071] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=3 hugepages_size=2048kB [ 704.340149][T17071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 704.425292][T17071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 704.436543][T17071] 99229 total pagecache pages [ 704.442350][T17071] 11 pages in swap cache [ 704.446859][T17071] Free swap = 113792kB [ 704.451880][T17071] Total swap = 124996kB [ 704.456273][T17071] 2097051 pages RAM [ 704.460798][T17071] 0 pages HighMem/MovableOnly [ 704.465610][T17071] 429067 pages reserved [ 704.470232][T17071] 0 pages cma reserved [ 705.878479][T17134] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3457'. [ 708.968930][T17192] FAULT_INJECTION: forcing a failure. [ 708.968930][T17192] name failslab, interval 1, probability 0, space 0, times 0 [ 708.991884][T17192] CPU: 0 UID: 0 PID: 17192 Comm: syz.6.3468 Not tainted syzkaller #0 PREEMPT(full) [ 708.991923][T17192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 708.991940][T17192] Call Trace: [ 708.991950][T17192] [ 708.991962][T17192] dump_stack_lvl+0x16c/0x1f0 [ 708.992008][T17192] should_fail_ex+0x512/0x640 [ 708.992034][T17192] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 708.992075][T17192] should_failslab+0xc2/0x120 [ 708.992103][T17192] kmem_cache_alloc_noprof+0x75/0x6e0 [ 708.992145][T17192] ? mas_preallocate+0xe6a/0x11f0 [ 708.992177][T17192] ? mas_preallocate+0xe6a/0x11f0 [ 708.992200][T17192] mas_preallocate+0xe6a/0x11f0 [ 708.992232][T17192] ? __pfx_mas_preallocate+0x10/0x10 [ 708.992286][T17192] ? __asan_memset+0x23/0x50 [ 708.992321][T17192] ? init_multi_vma_prep+0x30a/0x650 [ 708.992356][T17192] commit_merge+0x29d/0xfc0 [ 708.992393][T17192] ? __pfx_commit_merge+0x10/0x10 [ 708.992447][T17192] vma_expand+0x3ac/0x910 [ 708.992481][T17192] ? __pfx_vma_expand+0x10/0x10 [ 708.992515][T17192] ? can_vma_merge_right+0xa5/0x530 [ 708.992553][T17192] vma_merge_new_range+0x2ef/0xa50 [ 708.992595][T17192] __mmap_region+0x873/0x27a0 [ 708.992632][T17192] ? find_held_lock+0x2b/0x80 [ 708.992667][T17192] ? __pfx___mmap_region+0x10/0x10 [ 708.992700][T17192] ? finish_task_switch.isra.0+0x21c/0xc10 [ 708.992738][T17192] ? rcu_is_watching+0x12/0xc0 [ 708.992773][T17192] ? finish_task_switch.isra.0+0x221/0xc10 [ 708.992808][T17192] ? lockdep_hardirqs_on+0x7c/0x110 [ 708.992847][T17192] ? finish_task_switch.isra.0+0x221/0xc10 [ 708.992916][T17192] ? __pfx___schedule+0x10/0x10 [ 708.992995][T17192] ? trace_cap_capable+0x18d/0x200 [ 708.993037][T17192] mmap_region+0x1ab/0x3f0 [ 708.993071][T17192] ? __get_unmapped_area+0x267/0x440 [ 708.993103][T17192] do_mmap+0xa3e/0x1210 [ 708.993142][T17192] ? __pfx_do_mmap+0x10/0x10 [ 708.993169][T17192] ? __pfx_down_write_killable+0x10/0x10 [ 708.993196][T17192] ? kmem_cache_free+0x2d4/0x6c0 [ 708.993239][T17192] vm_mmap_pgoff+0x29e/0x470 [ 708.993274][T17192] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 708.993309][T17192] ? __x64_sys_futex+0x1e0/0x4c0 [ 708.993335][T17192] ? __x64_sys_futex+0x1e9/0x4c0 [ 708.993368][T17192] ksys_mmap_pgoff+0x7d/0x5c0 [ 708.993392][T17192] ? xfd_validate_state+0x61/0x180 [ 708.993428][T17192] __x64_sys_mmap+0x125/0x190 [ 708.993464][T17192] do_syscall_64+0xcd/0xfa0 [ 708.993505][T17192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.993534][T17192] RIP: 0033:0x7f5603f8efc9 [ 708.993556][T17192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.993583][T17192] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 708.993609][T17192] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 708.993627][T17192] RDX: 00000000000000df RSI: 0000000000000006 RDI: 0000000000000000 [ 708.993644][T17192] RBP: 00007f5604011f91 R08: ffffffffffffffff R09: 4000000000000000 [ 708.993663][T17192] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 708.993680][T17192] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 708.993720][T17192] [ 710.298033][T17187] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 710.741368][T17214] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3474'. [ 710.770875][T17214] macvlan0: entered allmulticast mode [ 710.776308][T17214] veth1_vlan: entered allmulticast mode [ 711.559651][T17222] FAULT_INJECTION: forcing a failure. [ 711.559651][T17222] name failslab, interval 1, probability 0, space 0, times 0 [ 711.615577][T17222] CPU: 0 UID: 0 PID: 17222 Comm: syz.5.3476 Not tainted syzkaller #0 PREEMPT(full) [ 711.615610][T17222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 711.615625][T17222] Call Trace: [ 711.615634][T17222] [ 711.615644][T17222] dump_stack_lvl+0x16c/0x1f0 [ 711.615683][T17222] should_fail_ex+0x512/0x640 [ 711.615707][T17222] ? __kmalloc_node_noprof+0xcd/0x8a0 [ 711.615748][T17222] should_failslab+0xc2/0x120 [ 711.615774][T17222] __kmalloc_node_noprof+0xe0/0x8a0 [ 711.615808][T17222] ? mempool_init_node+0x11b/0x6e0 [ 711.615831][T17222] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 711.615866][T17222] ? __pfx_mempool_free_slab+0x10/0x10 [ 711.615895][T17222] ? mempool_init_node+0x11b/0x6e0 [ 711.615913][T17222] mempool_init_node+0x11b/0x6e0 [ 711.615932][T17222] ? __pfx_xa_load+0x10/0x10 [ 711.615960][T17222] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 711.615993][T17222] ? __pfx_mempool_free_slab+0x10/0x10 [ 711.616023][T17222] mempool_init_noprof+0x3a/0x50 [ 711.616046][T17222] bioset_init+0x388/0x8a0 [ 711.616072][T17222] ? __pfx_bioset_init+0x10/0x10 [ 711.616112][T17222] __alloc_disk_node+0x83/0x640 [ 711.616145][T17222] __blk_mq_alloc_disk+0x89/0x120 [ 711.616195][T17222] loop_add+0x490/0xb70 [ 711.616226][T17222] ? __pfx_loop_add+0x10/0x10 [ 711.616280][T17222] ? find_held_lock+0x2b/0x80 [ 711.616320][T17222] loop_control_ioctl+0x13e/0x630 [ 711.616347][T17222] ? __pfx_loop_control_ioctl+0x10/0x10 [ 711.616379][T17222] ? __pfx_loop_control_ioctl+0x10/0x10 [ 711.616409][T17222] __x64_sys_ioctl+0x18e/0x210 [ 711.616440][T17222] do_syscall_64+0xcd/0xfa0 [ 711.616481][T17222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 711.616507][T17222] RIP: 0033:0x7f1fb798efc9 [ 711.616530][T17222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 711.616556][T17222] RSP: 002b:00007f1fb88b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 711.616582][T17222] RAX: ffffffffffffffda RBX: 00007f1fb7be5fa0 RCX: 00007f1fb798efc9 [ 711.616601][T17222] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 711.616617][T17222] RBP: 00007f1fb7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 711.616633][T17222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 711.616648][T17222] R13: 00007f1fb7be6038 R14: 00007f1fb7be5fa0 R15: 00007ffdfc56bae8 [ 711.616682][T17222] [ 713.208569][T17260] netlink: 'syz.6.3478': attribute type 2 has an invalid length. [ 713.268262][T17260] netlink: 5 bytes leftover after parsing attributes in process `syz.6.3478'. [ 714.102415][T17314] netlink: 'syz.1.3483': attribute type 2 has an invalid length. [ 714.112373][T17314] netlink: 'syz.1.3483': attribute type 3 has an invalid length. [ 714.121145][T17314] netlink: 158 bytes leftover after parsing attributes in process `syz.1.3483'. [ 714.131706][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3483'. [ 715.099948][T17352] HfR: entered promiscuous mode [ 716.714922][ T30] audit: type=1804 audit(4294968187.424:28): pid=17447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3495" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 718.446686][T17485] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3499'. [ 718.515079][T17490] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3499'. [ 719.326148][T17528] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3505'. [ 719.426029][T17528] veth0_macvtap: left promiscuous mode [ 719.468579][T17531] netlink: 268 bytes leftover after parsing attributes in process `syz.6.3506'. [ 719.549593][T17531] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.3506: iget: checksum invalid [ 719.573199][T17531] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 719.585358][T17531] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.3506: iget: checksum invalid [ 719.610329][T17534] vhci_hcd: invalid port number 16 [ 719.615487][T17534] vhci_hcd: invalid port number 16 [ 719.642920][T17531] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 719.687086][T17534] random: crng reseeded on system resumption [ 719.707005][T17531] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.3506: iget: checksum invalid [ 719.719063][T17534] FAULT_INJECTION: forcing a failure. [ 719.719063][T17534] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 719.720078][T17531] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 719.744144][T17531] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.3506: iget: checksum invalid [ 719.759317][T17531] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 719.770161][T17531] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 719.783466][T17531] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 719.804240][T17534] CPU: 0 UID: 0 PID: 17534 Comm: syz.6.3506 Not tainted syzkaller #0 PREEMPT(full) [ 719.804276][T17534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 719.804291][T17534] Call Trace: [ 719.804300][T17534] [ 719.804310][T17534] dump_stack_lvl+0x16c/0x1f0 [ 719.804354][T17534] should_fail_ex+0x512/0x640 [ 719.804383][T17534] should_fail_alloc_page+0xe7/0x130 [ 719.804412][T17534] prepare_alloc_pages+0x3c2/0x610 [ 719.804437][T17534] ? rcu_is_watching+0x12/0xc0 [ 719.804477][T17534] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 719.804523][T17534] ? stack_trace_save+0x8e/0xc0 [ 719.804559][T17534] ? __pfx_stack_trace_save+0x10/0x10 [ 719.804599][T17534] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 719.804636][T17534] ? kasan_save_stack+0x42/0x60 [ 719.804669][T17534] ? kasan_save_stack+0x33/0x60 [ 719.804709][T17534] ? do_dentry_open+0x982/0x1530 [ 719.804742][T17534] ? vfs_open+0x82/0x3f0 [ 719.804763][T17534] ? path_openat+0x1de4/0x2cb0 [ 719.804795][T17534] ? do_filp_open+0x20b/0x470 [ 719.804826][T17534] ? do_sys_openat2+0x11b/0x1d0 [ 719.804851][T17534] ? __x64_sys_openat+0x174/0x210 [ 719.804877][T17534] ? do_syscall_64+0xcd/0xfa0 [ 719.804912][T17534] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.804941][T17534] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 719.804974][T17534] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 719.805009][T17534] ? policy_nodemask+0xea/0x4e0 [ 719.805037][T17534] alloc_pages_mpol+0x1fb/0x550 [ 719.805065][T17534] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 719.805101][T17534] alloc_pages_noprof+0x131/0x390 [ 719.805128][T17534] get_zeroed_page_noprof+0x18/0xb0 [ 719.805153][T17534] get_image_page+0x18/0x190 [ 719.805204][T17534] alloc_rtree_node+0x3c/0xb0 [ 719.805238][T17534] memory_bm_create+0x519/0x810 [ 719.805288][T17534] create_basic_memory_bitmaps+0xbd/0x320 [ 719.805331][T17534] snapshot_open+0x235/0x2b0 [ 719.805354][T17534] ? __pfx_snapshot_open+0x10/0x10 [ 719.805379][T17534] misc_open+0x26d/0x450 [ 719.805403][T17534] ? __pfx_misc_open+0x10/0x10 [ 719.805426][T17534] chrdev_open+0x234/0x6a0 [ 719.805464][T17534] ? __pfx_apparmor_file_open+0x10/0x10 [ 719.805493][T17534] ? __pfx_chrdev_open+0x10/0x10 [ 719.805533][T17534] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 719.805577][T17534] do_dentry_open+0x982/0x1530 [ 719.805614][T17534] ? __pfx_chrdev_open+0x10/0x10 [ 719.805658][T17534] vfs_open+0x82/0x3f0 [ 719.805691][T17534] path_openat+0x1de4/0x2cb0 [ 719.805738][T17534] ? __pfx_path_openat+0x10/0x10 [ 719.805772][T17534] ? irqentry_exit+0x3b/0x90 [ 719.805807][T17534] ? lockdep_hardirqs_on+0x7c/0x110 [ 719.805850][T17534] do_filp_open+0x20b/0x470 [ 719.805888][T17534] ? __pfx_do_filp_open+0x10/0x10 [ 719.805947][T17534] ? alloc_fd+0x471/0x7d0 [ 719.805989][T17534] do_sys_openat2+0x11b/0x1d0 [ 719.806017][T17534] ? __pfx_do_sys_openat2+0x10/0x10 [ 719.806058][T17534] __x64_sys_openat+0x174/0x210 [ 719.806083][T17534] ? __pfx___x64_sys_openat+0x10/0x10 [ 719.806123][T17534] do_syscall_64+0xcd/0xfa0 [ 719.806162][T17534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.806189][T17534] RIP: 0033:0x7f5603f8efc9 [ 719.806221][T17534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.806245][T17534] RSP: 002b:00007f5604e09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 719.806271][T17534] RAX: ffffffffffffffda RBX: 00007f56041e6090 RCX: 00007f5603f8efc9 [ 719.806290][T17534] RDX: 0000000000180b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 719.806307][T17534] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 719.806323][T17534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.806337][T17534] R13: 00007f56041e6128 R14: 00007f56041e6090 R15: 00007ffc2110f7b8 [ 719.806374][T17534] [ 720.920793][T17551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3509'. [ 721.604791][T17569] sd 0:0:1:0: PR command failed: 1026 [ 721.616126][T17569] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 721.682969][T17569] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 722.004741][T17599] program syz.4.3515 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 723.263960][T17607] mkiss: ax0: crc mode is auto. [ 723.282697][T17603] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 723.309697][T17603] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 723.406798][T17603] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 723.431745][T17603] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 723.519460][T17603] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 723.635422][T17603] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 723.662006][T17603] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 723.683582][T17603] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 723.728320][T17633] FAULT_INJECTION: forcing a failure. [ 723.728320][T17633] name failslab, interval 1, probability 0, space 0, times 0 [ 723.741680][T17633] CPU: 0 UID: 0 PID: 17633 Comm: syz.6.3519 Not tainted syzkaller #0 PREEMPT(full) [ 723.741716][T17633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 723.741733][T17633] Call Trace: [ 723.741742][T17633] [ 723.741754][T17633] dump_stack_lvl+0x16c/0x1f0 [ 723.741809][T17633] should_fail_ex+0x512/0x640 [ 723.741841][T17633] should_failslab+0xc2/0x120 [ 723.741870][T17633] kmem_cache_alloc_noprof+0x75/0x6e0 [ 723.741905][T17633] ? pcpu_alloc_noprof+0x949/0x14c0 [ 723.741937][T17633] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 723.741978][T17633] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 723.742010][T17633] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 723.742049][T17633] idr_get_free+0x528/0xa30 [ 723.742101][T17633] idr_alloc_u32+0x190/0x2f0 [ 723.742141][T17633] ? __pfx_idr_alloc_u32+0x10/0x10 [ 723.742180][T17633] ? lock_acquire+0x179/0x350 [ 723.742215][T17633] idr_alloc_cyclic+0x10b/0x230 [ 723.742253][T17633] ? __pfx_idr_alloc_cyclic+0x10/0x10 [ 723.742287][T17633] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 723.742319][T17633] ? lsm_blob_alloc+0x2b/0x90 [ 723.742363][T17633] map_create+0x143e/0x27e0 [ 723.742407][T17633] ? __pfx_map_create+0x10/0x10 [ 723.742436][T17633] ? __might_fault+0xe3/0x190 [ 723.742469][T17633] ? __might_fault+0xe3/0x190 [ 723.742498][T17633] ? __might_fault+0x13b/0x190 [ 723.742542][T17633] __sys_bpf+0x3d9d/0x4980 [ 723.742570][T17633] ? futex_private_hash_put+0x18a/0x300 [ 723.742613][T17633] ? __pfx___sys_bpf+0x10/0x10 [ 723.742645][T17633] ? __pfx_futex_wait+0x10/0x10 [ 723.742699][T17633] ? do_futex+0x122/0x350 [ 723.742743][T17633] ? fput+0x9b/0xd0 [ 723.742771][T17633] ? xfd_validate_state+0x61/0x180 [ 723.742808][T17633] ? __pfx_ksys_write+0x10/0x10 [ 723.742851][T17633] __x64_sys_bpf+0x78/0xc0 [ 723.742884][T17633] ? lockdep_hardirqs_on+0x7c/0x110 [ 723.742920][T17633] do_syscall_64+0xcd/0xfa0 [ 723.742960][T17633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.742986][T17633] RIP: 0033:0x7f5603f8efc9 [ 723.743008][T17633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.743034][T17633] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 723.743060][T17633] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 723.743079][T17633] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000000 [ 723.743096][T17633] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 723.743113][T17633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.743130][T17633] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 723.743168][T17633] [ 724.356700][T17625] FAULT_INJECTION: forcing a failure. [ 724.356700][T17625] name failslab, interval 1, probability 0, space 0, times 0 [ 724.408983][T17625] CPU: 0 UID: 0 PID: 17625 Comm: syz.4.3518 Not tainted syzkaller #0 PREEMPT(full) [ 724.409019][T17625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 724.409036][T17625] Call Trace: [ 724.409046][T17625] [ 724.409056][T17625] dump_stack_lvl+0x16c/0x1f0 [ 724.409100][T17625] should_fail_ex+0x512/0x640 [ 724.409124][T17625] ? fs_reclaim_acquire+0xae/0x150 [ 724.409155][T17625] should_failslab+0xc2/0x120 [ 724.409183][T17625] __kmalloc_cache_noprof+0x72/0x780 [ 724.409217][T17625] ? __pfx_widen_string+0x10/0x10 [ 724.409246][T17625] ? tomoyo_init_log+0x197/0x2140 [ 724.409286][T17625] ? tomoyo_init_log+0x197/0x2140 [ 724.409319][T17625] tomoyo_init_log+0x197/0x2140 [ 724.409353][T17625] ? format_decode+0x1ad/0xd40 [ 724.409382][T17625] ? __pfx_format_decode+0x10/0x10 [ 724.409428][T17625] ? __pfx_tomoyo_init_log+0x10/0x10 [ 724.409476][T17625] tomoyo_write_log2+0x2f7/0xc10 [ 724.409518][T17625] tomoyo_supervisor+0x15e/0x13b0 [ 724.409565][T17625] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 724.409627][T17625] ? kfree+0x2b8/0x6d0 [ 724.409653][T17625] ? tomoyo_realpath_from_path+0x19f/0x6e0 [ 724.409690][T17625] ? tomoyo_check_path_acl+0xad/0x210 [ 724.409722][T17625] ? tomoyo_check_acl+0x1f7/0x410 [ 724.409756][T17625] tomoyo_path_permission+0x270/0x3b0 [ 724.409791][T17625] tomoyo_path_perm+0x362/0x460 [ 724.409825][T17625] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 724.409904][T17625] ? __pfx_ima_file_check+0x10/0x10 [ 724.409929][T17625] ? hook_file_truncate+0xc7/0x250 [ 724.409974][T17625] security_file_truncate+0x84/0x1e0 [ 724.410012][T17625] path_openat+0xc10/0x2cb0 [ 724.410061][T17625] ? __pfx_path_openat+0x10/0x10 [ 724.410099][T17625] ? __lock_acquire+0xb8a/0x1c90 [ 724.410132][T17625] do_filp_open+0x20b/0x470 [ 724.410169][T17625] ? __pfx_do_filp_open+0x10/0x10 [ 724.410233][T17625] ? alloc_fd+0x471/0x7d0 [ 724.410277][T17625] do_sys_openat2+0x11b/0x1d0 [ 724.410307][T17625] ? __pfx_do_sys_openat2+0x10/0x10 [ 724.410351][T17625] __x64_sys_openat+0x174/0x210 [ 724.410382][T17625] ? __pfx___x64_sys_openat+0x10/0x10 [ 724.410427][T17625] do_syscall_64+0xcd/0xfa0 [ 724.410468][T17625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.410496][T17625] RIP: 0033:0x7fc98458efc9 [ 724.410516][T17625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 724.410541][T17625] RSP: 002b:00007fc985366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 724.410567][T17625] RAX: ffffffffffffffda RBX: 00007fc9847e6090 RCX: 00007fc98458efc9 [ 724.410582][T17625] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 724.410599][T17625] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 724.410615][T17625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.410629][T17625] R13: 00007fc9847e6128 R14: 00007fc9847e6090 R15: 00007ffd15e43168 [ 724.410664][T17625] [ 724.972000][T14952] Bluetooth: hci0: command 0x0406 tx timeout [ 725.449755][T14952] Bluetooth: hci3: command 0x0c1a tx timeout [ 725.630419][T17690] FAULT_INJECTION: forcing a failure. [ 725.630419][T17690] name failslab, interval 1, probability 0, space 0, times 0 [ 725.689660][T14952] Bluetooth: hci2: command 0x0406 tx timeout [ 725.697372][T14952] Bluetooth: hci1: command 0x0c1a tx timeout [ 725.735531][T17690] CPU: 0 UID: 0 PID: 17690 Comm: syz.6.3522 Not tainted syzkaller #0 PREEMPT(full) [ 725.735566][T17690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 725.735583][T17690] Call Trace: [ 725.735593][T17690] [ 725.735603][T17690] dump_stack_lvl+0x16c/0x1f0 [ 725.735644][T17690] should_fail_ex+0x512/0x640 [ 725.735669][T17690] ? fs_reclaim_acquire+0xae/0x150 [ 725.735699][T17690] should_failslab+0xc2/0x120 [ 725.735726][T17690] __kmalloc_noprof+0xdd/0x880 [ 725.735763][T17690] ? __pfx_from_kuid+0x10/0x10 [ 725.735797][T17690] ? tomoyo_init_log+0x1385/0x2140 [ 725.735838][T17690] ? tomoyo_init_log+0x1385/0x2140 [ 725.735869][T17690] tomoyo_init_log+0x1385/0x2140 [ 725.735918][T17690] ? __pfx_tomoyo_init_log+0x10/0x10 [ 725.735959][T17690] tomoyo_write_log2+0x2f7/0xc10 [ 725.736001][T17690] tomoyo_supervisor+0x15e/0x13b0 [ 725.736047][T17690] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 725.736084][T17690] ? __pfx_vsnprintf+0x10/0x10 [ 725.736141][T17690] ? tomoyo_check_path_number_acl+0xa6/0x2f0 [ 725.736184][T17690] tomoyo_path_number_perm+0x448/0x580 [ 725.736218][T17690] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 725.736286][T17690] ? find_held_lock+0x2b/0x80 [ 725.736320][T17690] ? hook_file_ioctl_common+0x145/0x410 [ 725.736368][T17690] ? __fget_files+0x20e/0x3c0 [ 725.736426][T17690] security_file_ioctl+0x9b/0x240 [ 725.736462][T17690] __x64_sys_ioctl+0xb7/0x210 [ 725.736491][T17690] do_syscall_64+0xcd/0xfa0 [ 725.736527][T17690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.736554][T17690] RIP: 0033:0x7f5603f8efc9 [ 725.736576][T17690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 725.736602][T17690] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 725.736627][T17690] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 725.736643][T17690] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 725.736656][T17690] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 725.736670][T17690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.736684][T17690] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 725.736718][T17690] [ 726.311936][T17753] syz.5.3527 (17753): /proc/17749/oom_adj is deprecated, please use /proc/17749/oom_score_adj instead. [ 726.865551][T17765] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3529'. [ 727.042255][T14952] Bluetooth: hci0: command 0x0406 tx timeout [ 727.195268][T17763] HfR: entered promiscuous mode [ 727.520015][T14952] Bluetooth: hci3: command 0x0c1a tx timeout [ 728.073952][T17804] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3534'. [ 728.333845][T17804] bond0: (slave bond_slave_1): Releasing backup interface [ 729.600263][T14952] Bluetooth: hci3: command 0x0c1a tx timeout [ 731.663747][T14952] Bluetooth: hci3: command 0x0c1a tx timeout [ 731.915827][T17868] zswap: compressor not available [ 733.421166][T17899] netlink: 'syz.6.3548': attribute type 4 has an invalid length. [ 733.452191][T17899] netlink: 314 bytes leftover after parsing attributes in process `syz.6.3548'. [ 733.766658][T17918] block nbd7: not configured, cannot reconfigure [ 735.226656][T17977] random: crng reseeded on system resumption [ 737.034679][T18059] FAULT_INJECTION: forcing a failure. [ 737.034679][T18059] name failslab, interval 1, probability 0, space 0, times 0 [ 737.057593][T18059] CPU: 0 UID: 0 PID: 18059 Comm: syz.4.3562 Not tainted syzkaller #0 PREEMPT(full) [ 737.057634][T18059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 737.057650][T18059] Call Trace: [ 737.057667][T18059] [ 737.057678][T18059] dump_stack_lvl+0x16c/0x1f0 [ 737.057719][T18059] should_fail_ex+0x512/0x640 [ 737.057748][T18059] should_failslab+0xc2/0x120 [ 737.057774][T18059] kmem_cache_alloc_node_noprof+0x78/0x770 [ 737.057805][T18059] ? zswap_store+0x850/0x2830 [ 737.057845][T18059] ? zswap_store+0x850/0x2830 [ 737.057872][T18059] zswap_store+0x850/0x2830 [ 737.057915][T18059] ? __pfx_zswap_store+0x10/0x10 [ 737.057946][T18059] ? folio_free_swap+0x141/0x4b0 [ 737.057971][T18059] ? do_raw_spin_unlock+0x172/0x230 [ 737.058002][T18059] ? _raw_spin_unlock+0x28/0x50 [ 737.058033][T18059] ? folio_free_swap+0x19d/0x4b0 [ 737.058055][T18059] ? __pfx_try_to_unmap+0x10/0x10 [ 737.058090][T18059] swap_writeout+0x3f4/0x1090 [ 737.058128][T18059] shrink_folio_list+0x3e50/0x4800 [ 737.058169][T18059] ? __pfx_shrink_folio_list+0x10/0x10 [ 737.058197][T18059] ? mark_held_locks+0x49/0x80 [ 737.058225][T18059] ? __lock_acquire+0x622/0x1c90 [ 737.058298][T18059] ? mark_held_locks+0x49/0x80 [ 737.058322][T18059] ? finish_task_switch.isra.0+0x221/0xc10 [ 737.058355][T18059] ? lockdep_hardirqs_on+0x7c/0x110 [ 737.058389][T18059] ? finish_task_switch.isra.0+0x221/0xc10 [ 737.058425][T18059] reclaim_folio_list+0xda/0x5d0 [ 737.058453][T18059] ? __pfx_css_rstat_updated+0x10/0x10 [ 737.058491][T18059] ? __pfx_reclaim_folio_list+0x10/0x10 [ 737.058535][T18059] ? lru_gen_update_size+0x543/0xe10 [ 737.058572][T18059] ? lru_gen_del_folio+0x32b/0x540 [ 737.058603][T18059] reclaim_pages+0x3ec/0x570 [ 737.058638][T18059] ? __pfx_reclaim_pages+0x10/0x10 [ 737.058674][T18059] ? find_held_lock+0x2b/0x80 [ 737.058708][T18059] ? madvise_cold_or_pageout_pte_range+0x73e/0x20d0 [ 737.058744][T18059] madvise_cold_or_pageout_pte_range+0x14e5/0x20d0 [ 737.058788][T18059] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 737.058816][T18059] ? __page_table_check_zero+0x33c/0x5d0 [ 737.058857][T18059] ? lock_acquire+0x179/0x350 [ 737.058886][T18059] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 737.058916][T18059] walk_pgd_range+0xc05/0x1f50 [ 737.058975][T18059] ? __pfx_walk_pgd_range+0x10/0x10 [ 737.059018][T18059] __walk_page_range+0x163/0x820 [ 737.059057][T18059] ? __lock_acquire+0xb8a/0x1c90 [ 737.059091][T18059] walk_page_range_vma+0x2c7/0xa20 [ 737.059130][T18059] ? __pfx_walk_page_range_vma+0x10/0x10 [ 737.059163][T18059] ? find_held_lock+0x2b/0x80 [ 737.059209][T18059] madvise_pageout+0x257/0x540 [ 737.059236][T18059] ? __pfx_madvise_pageout+0x10/0x10 [ 737.059280][T18059] ? mtree_range_walk+0x718/0xc00 [ 737.059319][T18059] madvise_vma_behavior+0xb14/0x2d50 [ 737.059354][T18059] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 737.059386][T18059] ? __pfx_mt_find+0x10/0x10 [ 737.059416][T18059] ? find_vma_prev+0xd3/0x150 [ 737.059449][T18059] ? find_vma+0xbf/0x140 [ 737.059484][T18059] ? __pfx_find_vma+0x10/0x10 [ 737.059519][T18059] ? __futex_wait+0x24b/0x2f0 [ 737.059555][T18059] madvise_walk_vmas+0x31f/0x9c0 [ 737.059588][T18059] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 737.059625][T18059] madvise_do_behavior+0x1e2/0x530 [ 737.059652][T18059] ? futex_private_hash_put+0x18a/0x300 [ 737.059698][T18059] ? __pfx_madvise_do_behavior+0x10/0x10 [ 737.059727][T18059] ? down_read+0x13d/0x480 [ 737.059770][T18059] do_madvise+0x176/0x240 [ 737.059801][T18059] ? __pfx_do_madvise+0x10/0x10 [ 737.059827][T18059] ? do_futex+0x122/0x350 [ 737.059876][T18059] ? xfd_validate_state+0x61/0x180 [ 737.059911][T18059] __x64_sys_madvise+0xa9/0x110 [ 737.059937][T18059] ? lockdep_hardirqs_on+0x7c/0x110 [ 737.059972][T18059] do_syscall_64+0xcd/0xfa0 [ 737.060010][T18059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.060036][T18059] RIP: 0033:0x7fc98458efc9 [ 737.060058][T18059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.060083][T18059] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 737.060108][T18059] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 737.060126][T18059] RDX: 0000000000000015 RSI: ffffffffffff0001 RDI: 0000000000000000 [ 737.060146][T18059] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 737.060162][T18059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.060178][T18059] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 737.060215][T18059] [ 738.067381][T18110] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 738.069199][T18133] netlink: 25 bytes leftover after parsing attributes in process `syz.5.3567'. [ 738.457785][ T5183] ERROR: Out of memory at tomoyo_memory_ok. [ 739.698801][T18198] FAULT_INJECTION: forcing a failure. [ 739.698801][T18198] name failslab, interval 1, probability 0, space 0, times 0 [ 739.853717][T18198] CPU: 1 UID: 0 PID: 18198 Comm: syz.4.3573 Not tainted syzkaller #0 PREEMPT(full) [ 739.853752][T18198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 739.853768][T18198] Call Trace: [ 739.853777][T18198] [ 739.853788][T18198] dump_stack_lvl+0x16c/0x1f0 [ 739.853830][T18198] should_fail_ex+0x512/0x640 [ 739.853851][T18198] ? __kmalloc_cache_noprof+0x5f/0x780 [ 739.853887][T18198] should_failslab+0xc2/0x120 [ 739.853915][T18198] __kmalloc_cache_noprof+0x72/0x780 [ 739.853947][T18198] ? snd_seq_oss_open+0x55/0xa20 [ 739.853984][T18198] ? snd_seq_oss_open+0x55/0xa20 [ 739.854013][T18198] snd_seq_oss_open+0x55/0xa20 [ 739.854050][T18198] odev_open+0x79/0xc0 [ 739.854075][T18198] ? __pfx_odev_open+0x10/0x10 [ 739.854101][T18198] soundcore_open+0x40c/0x580 [ 739.854130][T18198] ? __pfx_soundcore_open+0x10/0x10 [ 739.854157][T18198] chrdev_open+0x234/0x6a0 [ 739.854190][T18198] ? __pfx_apparmor_file_open+0x10/0x10 [ 739.854222][T18198] ? __pfx_chrdev_open+0x10/0x10 [ 739.854259][T18198] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 739.854299][T18198] do_dentry_open+0x982/0x1530 [ 739.854334][T18198] ? __pfx_chrdev_open+0x10/0x10 [ 739.854377][T18198] vfs_open+0x82/0x3f0 [ 739.854407][T18198] path_openat+0x1de4/0x2cb0 [ 739.854460][T18198] ? __pfx_path_openat+0x10/0x10 [ 739.854500][T18198] ? __lock_acquire+0xb8a/0x1c90 [ 739.854531][T18198] do_filp_open+0x20b/0x470 [ 739.854567][T18198] ? __pfx_do_filp_open+0x10/0x10 [ 739.854627][T18198] ? alloc_fd+0x471/0x7d0 [ 739.854668][T18198] do_sys_openat2+0x11b/0x1d0 [ 739.854698][T18198] ? __pfx_do_sys_openat2+0x10/0x10 [ 739.854740][T18198] __x64_sys_openat+0x174/0x210 [ 739.854771][T18198] ? __pfx___x64_sys_openat+0x10/0x10 [ 739.854816][T18198] do_syscall_64+0xcd/0xfa0 [ 739.854851][T18198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.854875][T18198] RIP: 0033:0x7fc98458efc9 [ 739.854898][T18198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.854923][T18198] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 739.854948][T18198] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 739.854965][T18198] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 739.854982][T18198] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 739.854997][T18198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.855030][T18198] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 739.855068][T18198] [ 740.308547][T18228] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3576'. [ 742.959632][T18328] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 743.171919][T18328] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 743.324870][T18328] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 743.768274][T18328] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 744.805727][T18342] FAULT_INJECTION: forcing a failure. [ 744.805727][T18342] name failslab, interval 1, probability 0, space 0, times 0 [ 744.835294][T18342] CPU: 1 UID: 0 PID: 18342 Comm: syz.6.3588 Not tainted syzkaller #0 PREEMPT(full) [ 744.835330][T18342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 744.835340][T18342] Call Trace: [ 744.835347][T18342] [ 744.835354][T18342] dump_stack_lvl+0x16c/0x1f0 [ 744.835382][T18342] should_fail_ex+0x512/0x640 [ 744.835396][T18342] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 744.835421][T18342] should_failslab+0xc2/0x120 [ 744.835436][T18342] __kvmalloc_node_noprof+0x141/0x9c0 [ 744.835459][T18342] ? pidlist_array_load+0x12e/0x9d0 [ 744.835472][T18342] ? mark_held_locks+0x49/0x80 [ 744.835490][T18342] ? pidlist_array_load+0x12e/0x9d0 [ 744.835502][T18342] pidlist_array_load+0x12e/0x9d0 [ 744.835518][T18342] ? __pfx_pidlist_array_load+0x10/0x10 [ 744.835532][T18342] ? __pfx___mutex_lock+0x10/0x10 [ 744.835554][T18342] ? kernfs_root+0xf8/0x2a0 [ 744.835572][T18342] cgroup_pidlist_start+0x3a3/0x4f0 [ 744.835587][T18342] ? __pfx_cgroup_seqfile_start+0x10/0x10 [ 744.835604][T18342] kernfs_seq_start+0x133/0x2a0 [ 744.835624][T18342] seq_read_iter+0x2c1/0x12d0 [ 744.835650][T18342] kernfs_fop_read_iter+0x46c/0x610 [ 744.835677][T18342] ? rw_verify_area+0xcf/0x6c0 [ 744.835698][T18342] vfs_read+0x8bf/0xcf0 [ 744.835722][T18342] ? __pfx___mutex_lock+0x10/0x10 [ 744.835736][T18342] ? __pfx_vfs_read+0x10/0x10 [ 744.835768][T18342] ksys_read+0x12a/0x250 [ 744.835791][T18342] ? __pfx_ksys_read+0x10/0x10 [ 744.835817][T18342] do_syscall_64+0xcd/0xfa0 [ 744.835840][T18342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.835855][T18342] RIP: 0033:0x7f5603f8efc9 [ 744.835868][T18342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 744.835883][T18342] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 744.835897][T18342] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 744.835907][T18342] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000004 [ 744.835918][T18342] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 744.835929][T18342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 744.835938][T18342] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 744.835958][T18342] [ 745.070246][T14952] Bluetooth: hci0: command 0x0406 tx timeout [ 745.207142][T14952] Bluetooth: hci3: command 0x0c1a tx timeout [ 745.281078][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 745.287876][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 745.358179][T14952] Bluetooth: hci1: command 0x0c1a tx timeout [ 745.839673][T14952] Bluetooth: hci2: command 0x0406 tx timeout [ 746.581624][T18436] netlink: 93 bytes leftover after parsing attributes in process `syz.1.3595'. [ 748.333121][T18471] netlink: 25 bytes leftover after parsing attributes in process `syz.6.3601'. [ 750.622929][T18534] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3611'. [ 750.910555][T18534] team_slave_1 (unregistering): left promiscuous mode [ 750.934643][T18534] team_slave_1 (unregistering): left allmulticast mode [ 750.960753][T18534] team0: Port device team_slave_1 removed [ 752.554594][T18558] FAULT_INJECTION: forcing a failure. [ 752.554594][T18558] name failslab, interval 1, probability 0, space 0, times 0 [ 752.671815][T18558] CPU: 0 UID: 0 PID: 18558 Comm: syz.5.3615 Not tainted syzkaller #0 PREEMPT(full) [ 752.671847][T18558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 752.671863][T18558] Call Trace: [ 752.671873][T18558] [ 752.671882][T18558] dump_stack_lvl+0x16c/0x1f0 [ 752.671928][T18558] should_fail_ex+0x512/0x640 [ 752.671959][T18558] should_failslab+0xc2/0x120 [ 752.671988][T18558] __kmalloc_cache_noprof+0x72/0x780 [ 752.672023][T18558] ? sctp_add_bind_addr+0xae/0x3f0 [ 752.672065][T18558] ? sctp_add_bind_addr+0xae/0x3f0 [ 752.672098][T18558] sctp_add_bind_addr+0xae/0x3f0 [ 752.672139][T18558] sctp_copy_local_addr_list+0x349/0x550 [ 752.672184][T18558] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 752.672234][T18558] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 752.672279][T18558] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 752.672317][T18558] sctp_bind_addr_copy+0xe0/0x530 [ 752.672362][T18558] sctp_connect_new_asoc+0x1c9/0x770 [ 752.672395][T18558] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 752.672429][T18558] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 752.672472][T18558] __sctp_connect+0x3f3/0xc60 [ 752.672506][T18558] ? do_raw_spin_lock+0x12c/0x2b0 [ 752.672540][T18558] ? __pfx___sctp_connect+0x10/0x10 [ 752.672572][T18558] ? __pfx_sctp_inet_connect+0x10/0x10 [ 752.672604][T18558] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 752.672641][T18558] ? __pfx_sctp_inet_connect+0x10/0x10 [ 752.672668][T18558] sctp_inet_connect+0x15f/0x200 [ 752.672701][T18558] __sys_connect_file+0x141/0x1a0 [ 752.672739][T18558] __sys_connect+0x13b/0x160 [ 752.672773][T18558] ? __pfx___sys_connect+0x10/0x10 [ 752.672819][T18558] ? xfd_validate_state+0x61/0x180 [ 752.672854][T18558] __x64_sys_connect+0x72/0xb0 [ 752.672883][T18558] ? lockdep_hardirqs_on+0x7c/0x110 [ 752.672920][T18558] do_syscall_64+0xcd/0xfa0 [ 752.672960][T18558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.672986][T18558] RIP: 0033:0x7f1fb798efc9 [ 752.673009][T18558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.673033][T18558] RSP: 002b:00007f1fb88b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 752.673058][T18558] RAX: ffffffffffffffda RBX: 00007f1fb7be5fa0 RCX: 00007f1fb798efc9 [ 752.673078][T18558] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000002 [ 752.673095][T18558] RBP: 00007f1fb7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 752.673112][T18558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.673128][T18558] R13: 00007f1fb7be6038 R14: 00007f1fb7be5fa0 R15: 00007ffdfc56bae8 [ 752.673166][T18558] [ 753.127359][T18593] FAULT_INJECTION: forcing a failure. [ 753.127359][T18593] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 753.142071][T18593] CPU: 0 UID: 0 PID: 18593 Comm: syz.5.3619 Not tainted syzkaller #0 PREEMPT(full) [ 753.142110][T18593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 753.142127][T18593] Call Trace: [ 753.142136][T18593] [ 753.142147][T18593] dump_stack_lvl+0x16c/0x1f0 [ 753.142190][T18593] should_fail_ex+0x512/0x640 [ 753.142228][T18593] should_fail_alloc_page+0xe7/0x130 [ 753.142259][T18593] prepare_alloc_pages+0x3c2/0x610 [ 753.142292][T18593] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 753.142349][T18593] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 753.142387][T18593] ? validate_mm+0x403/0x560 [ 753.142423][T18593] ? __pfx_validate_mm+0x10/0x10 [ 753.142461][T18593] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 753.142498][T18593] ? policy_nodemask+0xea/0x4e0 [ 753.142528][T18593] alloc_pages_mpol+0x1fb/0x550 [ 753.142556][T18593] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 753.142593][T18593] alloc_pages_noprof+0x131/0x390 [ 753.142621][T18593] __pmd_alloc+0x3b/0x8b0 [ 753.142651][T18593] move_page_tables+0x30b7/0x4230 [ 753.142694][T18593] ? __pfx_copy_vma+0x10/0x10 [ 753.142733][T18593] ? __pfx_move_page_tables+0x10/0x10 [ 753.142785][T18593] ? rcu_is_watching+0x12/0xc0 [ 753.142820][T18593] ? finish_task_switch.isra.0+0x221/0xc10 [ 753.142854][T18593] ? lockdep_hardirqs_on+0x7c/0x110 [ 753.142897][T18593] copy_vma_and_data+0x24e/0x790 [ 753.142933][T18593] ? __pfx_copy_vma_and_data+0x10/0x10 [ 753.143049][T18593] ? __vma_enter_locked+0x163/0x3f0 [ 753.143094][T18593] ? find_held_lock+0x2b/0x80 [ 753.143205][T18593] ? move_vma+0x52e/0x1770 [ 753.143242][T18593] move_vma+0x540/0x1770 [ 753.143278][T18593] ? __pfx_move_vma+0x10/0x10 [ 753.143312][T18593] ? shmem_get_unmapped_area+0x170/0xa00 [ 753.143339][T18593] ? cap_mmap_addr+0x4b/0x120 [ 753.143361][T18593] ? bpf_lsm_mmap_addr+0x9/0x10 [ 753.143392][T18593] ? security_mmap_addr+0x6c/0x1e0 [ 753.143421][T18593] ? __get_unmapped_area+0x267/0x440 [ 753.143446][T18593] ? vrm_set_new_addr+0x208/0x290 [ 753.143476][T18593] mremap_to+0x1b7/0x450 [ 753.143505][T18593] do_mremap+0x13a8/0x2020 [ 753.143535][T18593] ? futex_private_hash_put+0xf0/0x300 [ 753.143578][T18593] ? __pfx_do_mremap+0x10/0x10 [ 753.143622][T18593] __do_sys_mremap+0x119/0x170 [ 753.143650][T18593] ? __pfx___do_sys_mremap+0x10/0x10 [ 753.143687][T18593] ? __x64_sys_futex+0x1e0/0x4c0 [ 753.143727][T18593] do_syscall_64+0xcd/0xfa0 [ 753.143762][T18593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.143785][T18593] RIP: 0033:0x7f1fb798efc9 [ 753.143805][T18593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 753.143827][T18593] RSP: 002b:00007f1fb88b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 753.143849][T18593] RAX: ffffffffffffffda RBX: 00007f1fb7be5fa0 RCX: 00007f1fb798efc9 [ 753.143872][T18593] RDX: 0000000000000843 RSI: 00000000000000ff RDI: 00000000001ff000 [ 753.143886][T18593] RBP: 00007f1fb7a11f91 R08: 00000000fffff000 R09: 0000000000000000 [ 753.143901][T18593] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 753.143915][T18593] R13: 00007f1fb7be6038 R14: 00007f1fb7be5fa0 R15: 00007ffdfc56bae8 [ 753.143947][T18593] [ 753.584702][T18593] : Can't lookup blockdev [ 754.612421][T18653] netlink: 'syz.5.3622': attribute type 1 has an invalid length. [ 758.843787][T18862] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3634: iget: checksum invalid [ 758.878971][T18862] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 758.947833][T18862] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3634: iget: checksum invalid [ 758.987389][T18862] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 758.998810][T18862] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3634: iget: checksum invalid [ 759.012145][T18862] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 759.023238][T18862] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.4.3634: iget: checksum invalid [ 759.036036][T18862] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 759.046617][T18862] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 759.056505][T18862] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 759.273017][T18870] FAULT_INJECTION: forcing a failure. [ 759.273017][T18870] name failslab, interval 1, probability 0, space 0, times 0 [ 759.376901][T18870] CPU: 0 UID: 0 PID: 18870 Comm: syz.6.3635 Not tainted syzkaller #0 PREEMPT(full) [ 759.376941][T18870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 759.376959][T18870] Call Trace: [ 759.376970][T18870] [ 759.376982][T18870] dump_stack_lvl+0x16c/0x1f0 [ 759.377028][T18870] should_fail_ex+0x512/0x640 [ 759.377052][T18870] ? fs_reclaim_acquire+0xae/0x150 [ 759.377080][T18870] should_failslab+0xc2/0x120 [ 759.377108][T18870] __kmalloc_noprof+0xdd/0x880 [ 759.377140][T18870] ? __pfx_from_kuid+0x10/0x10 [ 759.377172][T18870] ? tomoyo_init_log+0x1385/0x2140 [ 759.377210][T18870] ? tomoyo_init_log+0x1385/0x2140 [ 759.377242][T18870] tomoyo_init_log+0x1385/0x2140 [ 759.377297][T18870] ? __pfx_tomoyo_init_log+0x10/0x10 [ 759.377347][T18870] tomoyo_write_log2+0x2f7/0xc10 [ 759.377389][T18870] tomoyo_supervisor+0x15e/0x13b0 [ 759.377435][T18870] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 759.377492][T18870] ? lockdep_hardirqs_on+0x7c/0x110 [ 759.377536][T18870] ? tomoyo_check_path_acl+0xad/0x210 [ 759.377583][T18870] ? tomoyo_check_acl+0x1f7/0x410 [ 759.377618][T18870] tomoyo_path_permission+0x270/0x3b0 [ 759.377655][T18870] tomoyo_check_open_permission+0x37b/0x3c0 [ 759.377691][T18870] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 759.377762][T18870] ? do_raw_spin_lock+0x12c/0x2b0 [ 759.377804][T18870] tomoyo_file_open+0x6b/0x90 [ 759.377832][T18870] security_file_open+0x84/0x1e0 [ 759.377868][T18870] do_dentry_open+0x596/0x1530 [ 759.377918][T18870] vfs_open+0x82/0x3f0 [ 759.377951][T18870] path_openat+0x1de4/0x2cb0 [ 759.378000][T18870] ? __pfx_path_openat+0x10/0x10 [ 759.378038][T18870] ? __lock_acquire+0xb8a/0x1c90 [ 759.378070][T18870] do_filp_open+0x20b/0x470 [ 759.378107][T18870] ? __pfx_do_filp_open+0x10/0x10 [ 759.378170][T18870] ? alloc_fd+0x471/0x7d0 [ 759.378215][T18870] do_sys_openat2+0x11b/0x1d0 [ 759.378244][T18870] ? __pfx_do_sys_openat2+0x10/0x10 [ 759.378272][T18870] ? find_held_lock+0x2b/0x80 [ 759.378307][T18870] ? handle_mm_fault+0x2ab/0xd10 [ 759.378350][T18870] __x64_sys_openat+0x174/0x210 [ 759.378380][T18870] ? __pfx___x64_sys_openat+0x10/0x10 [ 759.378412][T18870] ? do_user_addr_fault+0x843/0x1370 [ 759.378452][T18870] do_syscall_64+0xcd/0xfa0 [ 759.378492][T18870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.378519][T18870] RIP: 0033:0x7f5603f8efc9 [ 759.378541][T18870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 759.378574][T18870] RSP: 002b:00007f5604e09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 759.378601][T18870] RAX: ffffffffffffffda RBX: 00007f56041e6090 RCX: 00007f5603f8efc9 [ 759.378620][T18870] RDX: 0000000000000402 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 759.378638][T18870] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 759.378654][T18870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.378671][T18870] R13: 00007f56041e6128 R14: 00007f56041e6090 R15: 00007ffc2110f7b8 [ 759.378710][T18870] [ 761.637142][T18924] netlink: 25 bytes leftover after parsing attributes in process `syz.5.3642'. [ 762.531806][T18938] zswap: compressor 000 not available [ 765.133537][ T30] audit: type=1800 audit(4294968236.052:29): pid=18987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3659" name="lu_gp_id" dev="configfs" ino=176450 res=0 errno=0 [ 765.253551][T18990] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3660'. [ 767.070011][T19058] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3665'. [ 767.239324][T19058] hsr_slave_0: left promiscuous mode [ 767.264414][T19058] hsr_slave_1: left promiscuous mode [ 767.758888][T19077] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3669'. [ 767.799547][T19077] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3669'. [ 768.314342][T19099] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input14 [ 768.617027][ T8080] udevd[8080]: setting owner of /dev/input/event2 to uid=0, gid=104 failed: No such file or directory [ 769.291070][T19127] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3675'. [ 771.172028][T19199] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 771.232726][T19199] CPU: 1 UID: 0 PID: 19199 Comm: syz.4.3679 Not tainted syzkaller #0 PREEMPT(full) [ 771.232763][T19199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 771.232778][T19199] Call Trace: [ 771.232787][T19199] [ 771.232798][T19199] dump_stack_lvl+0x16c/0x1f0 [ 771.232842][T19199] sysfs_warn_dup+0x7f/0xa0 [ 771.232881][T19199] sysfs_do_create_link_sd+0x124/0x140 [ 771.232923][T19199] sysfs_create_link+0x61/0xc0 [ 771.232962][T19199] device_add+0x62c/0x1aa0 [ 771.232992][T19199] ? __pfx_device_add+0x10/0x10 [ 771.233015][T19199] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 771.233051][T19199] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 771.233097][T19199] wiphy_register+0x1eb0/0x2b20 [ 771.233133][T19199] ? netdev_run_todo+0x864/0x1320 [ 771.233170][T19199] ? __pfx_wiphy_register+0x10/0x10 [ 771.233216][T19199] ieee80211_register_hw+0x253d/0x4120 [ 771.233257][T19199] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 771.233283][T19199] ? __pfx___debug_object_init+0x10/0x10 [ 771.233323][T19199] ? find_held_lock+0x2b/0x80 [ 771.233356][T19199] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 771.233390][T19199] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 771.233425][T19199] ? __hrtimer_setup+0x176/0x280 [ 771.233459][T19199] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 771.233511][T19199] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 771.233553][T19199] hwsim_new_radio_nl+0xba2/0x1330 [ 771.233587][T19199] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 771.233625][T19199] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 771.233656][T19199] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 771.233697][T19199] genl_family_rcv_msg_doit+0x209/0x2f0 [ 771.233730][T19199] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 771.233772][T19199] ? bpf_lsm_capable+0x9/0x10 [ 771.233798][T19199] ? security_capable+0x7e/0x260 [ 771.233826][T19199] ? ns_capable+0xd7/0x110 [ 771.233865][T19199] genl_rcv_msg+0x55c/0x800 [ 771.233898][T19199] ? __pfx_genl_rcv_msg+0x10/0x10 [ 771.233928][T19199] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 771.233970][T19199] netlink_rcv_skb+0x158/0x420 [ 771.233993][T19199] ? __pfx_genl_rcv_msg+0x10/0x10 [ 771.234023][T19199] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 771.234064][T19199] ? netlink_deliver_tap+0x1ae/0xd30 [ 771.234117][T19199] genl_rcv+0x28/0x40 [ 771.234142][T19199] netlink_unicast+0x5aa/0x870 [ 771.234175][T19199] ? __pfx_netlink_unicast+0x10/0x10 [ 771.234200][T19199] ? __pfx___might_resched+0x10/0x10 [ 771.234247][T19199] netlink_sendmsg+0x8c8/0xdd0 [ 771.234279][T19199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 771.234309][T19199] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 771.234342][T19199] ____sys_sendmsg+0xa98/0xc70 [ 771.234375][T19199] ? copy_msghdr_from_user+0x10a/0x160 [ 771.234414][T19199] ? __pfx_____sys_sendmsg+0x10/0x10 [ 771.234454][T19199] ? __pfx_futex_wake_mark+0x10/0x10 [ 771.234493][T19199] ___sys_sendmsg+0x134/0x1d0 [ 771.234527][T19199] ? futex_private_hash_put+0x176/0x300 [ 771.234568][T19199] ? __pfx____sys_sendmsg+0x10/0x10 [ 771.234603][T19199] ? __lock_acquire+0x622/0x1c90 [ 771.234676][T19199] __sys_sendmsg+0x16d/0x220 [ 771.234715][T19199] ? __pfx___sys_sendmsg+0x10/0x10 [ 771.234751][T19199] ? __x64_sys_futex+0x1e0/0x4c0 [ 771.234801][T19199] do_syscall_64+0xcd/0xfa0 [ 771.234840][T19199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.234867][T19199] RIP: 0033:0x7fc98458efc9 [ 771.234889][T19199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.234912][T19199] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 771.234937][T19199] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 771.234956][T19199] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 771.234974][T19199] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 771.234990][T19199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.235007][T19199] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 771.235046][T19199] [ 771.629109][ C1] vkms_vblank_simulate: vblank timer overrun [ 773.427384][T19285] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3683'. [ 773.453123][T19285] netlink: 354 bytes leftover after parsing attributes in process `syz.6.3683'. [ 774.069697][T19294] Invalid ELF header magic: != ELF [ 774.903737][T19313] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 781.730820][T19497] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 782.506929][T19558] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3711'. [ 783.378082][T19585] FAULT_INJECTION: forcing a failure. [ 783.378082][T19585] name failslab, interval 1, probability 0, space 0, times 0 [ 783.413595][T19576] sp0: Synchronizing with TNC [ 783.454538][T19585] CPU: 1 UID: 0 PID: 19585 Comm: syz.6.3715 Not tainted syzkaller #0 PREEMPT(full) [ 783.454576][T19585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 783.454593][T19585] Call Trace: [ 783.454603][T19585] [ 783.454614][T19585] dump_stack_lvl+0x16c/0x1f0 [ 783.454659][T19585] should_fail_ex+0x512/0x640 [ 783.454684][T19585] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 783.454727][T19585] should_failslab+0xc2/0x120 [ 783.454754][T19585] __kvmalloc_node_noprof+0x141/0x9c0 [ 783.454794][T19585] ? trace_kmalloc+0x2b/0xd0 [ 783.454816][T19585] ? __kvmalloc_node_noprof+0x3c0/0x9c0 [ 783.454852][T19585] ? io_alloc_cache_init+0x38/0x170 [ 783.454886][T19585] ? io_alloc_cache_init+0x38/0x170 [ 783.454923][T19585] io_alloc_cache_init+0x38/0x170 [ 783.454954][T19585] io_rsrc_cache_init+0x40/0x50 [ 783.454982][T19585] io_uring_setup+0x68e/0x20e0 [ 783.455022][T19585] ? __pfx_io_uring_setup+0x10/0x10 [ 783.455057][T19585] ? do_futex+0x122/0x350 [ 783.455086][T19585] ? __pfx_do_futex+0x10/0x10 [ 783.455113][T19585] ? find_held_lock+0x2b/0x80 [ 783.455164][T19585] ? xfd_validate_state+0x61/0x180 [ 783.455191][T19585] ? __pfx___do_sys_close_range+0x10/0x10 [ 783.455235][T19585] __x64_sys_io_uring_setup+0xc2/0x170 [ 783.455275][T19585] do_syscall_64+0xcd/0xfa0 [ 783.455315][T19585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.455342][T19585] RIP: 0033:0x7f5603f8efc9 [ 783.455365][T19585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.455392][T19585] RSP: 002b:00007f5604e09038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 783.455416][T19585] RAX: ffffffffffffffda RBX: 00007f56041e6090 RCX: 00007f5603f8efc9 [ 783.455434][T19585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 783.455448][T19585] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 783.455463][T19585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 783.455477][T19585] R13: 00007f56041e6128 R14: 00007f56041e6090 R15: 00007ffc2110f7b8 [ 783.455511][T19585] [ 783.931045][T19594] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3716'. [ 783.942622][T19594] netlink: 354 bytes leftover after parsing attributes in process `syz.6.3716'. [ 784.274007][T19604] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3718'. [ 786.093611][T19671] netlink: 62 bytes leftover after parsing attributes in process `syz.6.3725'. [ 787.696877][T19713] FAULT_INJECTION: forcing a failure. [ 787.696877][T19713] name failslab, interval 1, probability 0, space 0, times 0 [ 787.709596][T19713] CPU: 1 UID: 0 PID: 19713 Comm: syz.5.3730 Not tainted syzkaller #0 PREEMPT(full) [ 787.709631][T19713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 787.709644][T19713] Call Trace: [ 787.709653][T19713] [ 787.709661][T19713] dump_stack_lvl+0x16c/0x1f0 [ 787.709701][T19713] should_fail_ex+0x512/0x640 [ 787.709731][T19713] should_failslab+0xc2/0x120 [ 787.709760][T19713] kmem_cache_alloc_noprof+0x75/0x6e0 [ 787.709797][T19713] ? pcpu_alloc_noprof+0x949/0x14c0 [ 787.709839][T19713] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 787.709883][T19713] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 787.709917][T19713] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 787.709959][T19713] idr_get_free+0x528/0xa30 [ 787.710008][T19713] idr_alloc_u32+0x190/0x2f0 [ 787.710048][T19713] ? __pfx_idr_alloc_u32+0x10/0x10 [ 787.710088][T19713] ? lock_acquire+0x179/0x350 [ 787.710124][T19713] idr_alloc_cyclic+0x10b/0x230 [ 787.710164][T19713] ? __pfx_idr_alloc_cyclic+0x10/0x10 [ 787.710199][T19713] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 787.710232][T19713] ? lsm_blob_alloc+0x2b/0x90 [ 787.710278][T19713] map_create+0x143e/0x27e0 [ 787.710326][T19713] ? __pfx_map_create+0x10/0x10 [ 787.710357][T19713] ? __might_fault+0xe3/0x190 [ 787.710406][T19713] ? __might_fault+0xe3/0x190 [ 787.710440][T19713] ? __might_fault+0x13b/0x190 [ 787.710490][T19713] __sys_bpf+0x3d9d/0x4980 [ 787.710526][T19713] ? futex_private_hash_put+0x18a/0x300 [ 787.710571][T19713] ? __pfx___sys_bpf+0x10/0x10 [ 787.710606][T19713] ? __pfx_futex_wait+0x10/0x10 [ 787.710660][T19713] ? do_futex+0x122/0x350 [ 787.710700][T19713] ? fput+0x9b/0xd0 [ 787.710725][T19713] ? xfd_validate_state+0x61/0x180 [ 787.710751][T19713] ? __pfx_ksys_write+0x10/0x10 [ 787.710789][T19713] __x64_sys_bpf+0x78/0xc0 [ 787.710830][T19713] ? lockdep_hardirqs_on+0x7c/0x110 [ 787.710869][T19713] do_syscall_64+0xcd/0xfa0 [ 787.710905][T19713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.710929][T19713] RIP: 0033:0x7f1fb798efc9 [ 787.710949][T19713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 787.710972][T19713] RSP: 002b:00007f1fb88b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 787.710995][T19713] RAX: ffffffffffffffda RBX: 00007f1fb7be5fa0 RCX: 00007f1fb798efc9 [ 787.711012][T19713] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000000 [ 787.711027][T19713] RBP: 00007f1fb7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 787.711044][T19713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 787.711059][T19713] R13: 00007f1fb7be6038 R14: 00007f1fb7be5fa0 R15: 00007ffdfc56bae8 [ 787.711095][T19713] [ 788.353985][T19702] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 788.361506][T19702] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 788.376056][T19702] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 788.393501][T19702] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 788.684076][T19739] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3734'. [ 788.726712][T19739] veth0_macvtap: left promiscuous mode [ 789.629479][T14952] Bluetooth: hci0: command 0x0406 tx timeout [ 789.995356][T19787] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3738'. [ 790.142062][T19787] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 790.184635][T19789] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3739'. [ 790.322792][T19787] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 790.424349][T14952] Bluetooth: hci2: command 0x0406 tx timeout [ 790.430666][T14951] Bluetooth: hci1: command 0x0c1a tx timeout [ 790.430739][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 798.399690][T19981] FAULT_INJECTION: forcing a failure. [ 798.399690][T19981] name failslab, interval 1, probability 0, space 0, times 0 [ 798.447356][T19981] CPU: 1 UID: 0 PID: 19981 Comm: syz.4.3765 Not tainted syzkaller #0 PREEMPT(full) [ 798.447393][T19981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 798.447410][T19981] Call Trace: [ 798.447419][T19981] [ 798.447430][T19981] dump_stack_lvl+0x16c/0x1f0 [ 798.447475][T19981] should_fail_ex+0x512/0x640 [ 798.447498][T19981] ? __kmalloc_node_noprof+0xcd/0x8a0 [ 798.447554][T19981] should_failslab+0xc2/0x120 [ 798.447590][T19981] __kmalloc_node_noprof+0xe0/0x8a0 [ 798.447628][T19981] ? lockdep_init_map_type+0x5c/0x280 [ 798.447656][T19981] ? blk_mq_alloc_tag_set+0x46f/0x12e0 [ 798.447698][T19981] ? blk_mq_alloc_tag_set+0x46f/0x12e0 [ 798.447730][T19981] blk_mq_alloc_tag_set+0x46f/0x12e0 [ 798.447766][T19981] ? __pfx_idr_alloc+0x10/0x10 [ 798.447818][T19981] loop_add+0x3b2/0xb70 [ 798.447850][T19981] ? __pfx_loop_add+0x10/0x10 [ 798.447903][T19981] ? find_held_lock+0x2b/0x80 [ 798.447941][T19981] loop_control_ioctl+0x13e/0x630 [ 798.447971][T19981] ? __pfx_loop_control_ioctl+0x10/0x10 [ 798.448007][T19981] ? __pfx_loop_control_ioctl+0x10/0x10 [ 798.448038][T19981] __x64_sys_ioctl+0x18e/0x210 [ 798.448071][T19981] do_syscall_64+0xcd/0xfa0 [ 798.448111][T19981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.448138][T19981] RIP: 0033:0x7fc98458efc9 [ 798.448159][T19981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 798.448184][T19981] RSP: 002b:00007fc985387038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 798.448211][T19981] RAX: ffffffffffffffda RBX: 00007fc9847e5fa0 RCX: 00007fc98458efc9 [ 798.448230][T19981] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 798.448248][T19981] RBP: 00007fc984611f91 R08: 0000000000000000 R09: 0000000000000000 [ 798.448264][T19981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.448281][T19981] R13: 00007fc9847e6038 R14: 00007fc9847e5fa0 R15: 00007ffd15e43168 [ 798.448318][T19981] [ 799.433875][T19985] FAULT_INJECTION: forcing a failure. [ 799.433875][T19985] name failslab, interval 1, probability 0, space 0, times 0 [ 799.522751][T19985] CPU: 0 UID: 0 PID: 19985 Comm: syz.6.3766 Not tainted syzkaller #0 PREEMPT(full) [ 799.522789][T19985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 799.522806][T19985] Call Trace: [ 799.522815][T19985] [ 799.522826][T19985] dump_stack_lvl+0x16c/0x1f0 [ 799.522870][T19985] should_fail_ex+0x512/0x640 [ 799.522894][T19985] ? __kmalloc_cache_noprof+0x5f/0x780 [ 799.522934][T19985] should_failslab+0xc2/0x120 [ 799.522962][T19985] __kmalloc_cache_noprof+0x72/0x780 [ 799.522995][T19985] ? kvm_dev_ioctl+0x1358/0x1a80 [ 799.523037][T19985] ? kvm_dev_ioctl+0x1358/0x1a80 [ 799.523074][T19985] kvm_dev_ioctl+0x1358/0x1a80 [ 799.523123][T19985] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 799.523172][T19985] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 799.523211][T19985] __x64_sys_ioctl+0x18e/0x210 [ 799.523243][T19985] do_syscall_64+0xcd/0xfa0 [ 799.523283][T19985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.523310][T19985] RIP: 0033:0x7f5603f8efc9 [ 799.523331][T19985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.523356][T19985] RSP: 002b:00007f5604de8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 799.523382][T19985] RAX: ffffffffffffffda RBX: 00007f56041e6180 RCX: 00007f5603f8efc9 [ 799.523400][T19985] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000008 [ 799.523415][T19985] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 799.523431][T19985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.523447][T19985] R13: 00007f56041e6218 R14: 00007f56041e6180 R15: 00007ffc2110f7b8 [ 799.523483][T19985] [ 799.533526][T20007] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3767'. [ 800.033929][T20039] netlink: 'syz.4.3770': attribute type 4 has an invalid length. [ 800.061670][T20039] netlink: 'syz.4.3770': attribute type 5 has an invalid length. [ 800.077498][T20045] FAULT_INJECTION: forcing a failure. [ 800.077498][T20045] name failslab, interval 1, probability 0, space 0, times 0 [ 800.105914][T20039] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3770'. [ 800.115897][T20045] CPU: 0 UID: 0 PID: 20045 Comm: syz.6.3771 Not tainted syzkaller #0 PREEMPT(full) [ 800.115929][T20045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 800.115946][T20045] Call Trace: [ 800.115955][T20045] [ 800.115963][T20045] dump_stack_lvl+0x16c/0x1f0 [ 800.116005][T20045] should_fail_ex+0x512/0x640 [ 800.116029][T20045] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 800.116067][T20045] should_failslab+0xc2/0x120 [ 800.116093][T20045] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 800.116129][T20045] ? sock_alloc_inode+0x25/0x1c0 [ 800.116163][T20045] ? __pfx_sock_alloc_inode+0x10/0x10 [ 800.116188][T20045] ? sock_alloc_inode+0x25/0x1c0 [ 800.116215][T20045] sock_alloc_inode+0x25/0x1c0 [ 800.116242][T20045] alloc_inode+0x64/0x240 [ 800.116267][T20045] sock_alloc+0x40/0x280 [ 800.116291][T20045] sock_create_lite+0x82/0x120 [ 800.116331][T20045] __netlink_kernel_create+0xbd/0x750 [ 800.116374][T20045] ? __pfx___netlink_kernel_create+0x10/0x10 [ 800.116422][T20045] fib_net_init+0x26d/0x3f0 [ 800.116449][T20045] ? __pfx___register_sysctl_table+0x10/0x10 [ 800.116479][T20045] ? __pfx_fib_net_init+0x10/0x10 [ 800.116505][T20045] ? lockdep_init_map_type+0x5c/0x280 [ 800.116534][T20045] ? __pfx_nl_fib_input+0x10/0x10 [ 800.116567][T20045] ? devinet_init_net+0x5c2/0x910 [ 800.116604][T20045] ? __pfx_fib_net_init+0x10/0x10 [ 800.116630][T20045] ops_init+0x1e2/0x5f0 [ 800.116657][T20045] setup_net+0x100/0x390 [ 800.116683][T20045] ? __pfx_setup_net+0x10/0x10 [ 800.116707][T20045] ? debug_mutex_init+0x37/0x70 [ 800.116745][T20045] copy_net_ns+0x2f8/0x690 [ 800.116775][T20045] create_new_namespaces+0x3ea/0xa90 [ 800.116821][T20045] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 800.116866][T20045] ksys_unshare+0x45b/0xa40 [ 800.116895][T20045] ? __pfx_ksys_unshare+0x10/0x10 [ 800.116922][T20045] ? xfd_validate_state+0x61/0x180 [ 800.116962][T20045] __x64_sys_unshare+0x31/0x40 [ 800.116987][T20045] do_syscall_64+0xcd/0xfa0 [ 800.117028][T20045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.117055][T20045] RIP: 0033:0x7f5603f8efc9 [ 800.117076][T20045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 800.117110][T20045] RSP: 002b:00007f5604e2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 800.117136][T20045] RAX: ffffffffffffffda RBX: 00007f56041e5fa0 RCX: 00007f5603f8efc9 [ 800.117153][T20045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 800.117169][T20045] RBP: 00007f5604011f91 R08: 0000000000000000 R09: 0000000000000000 [ 800.117186][T20045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.117202][T20045] R13: 00007f56041e6038 R14: 00007f56041e5fa0 R15: 00007ffc2110f7b8 [ 800.117240][T20045] [ 800.669702][T20054] netlink: 36332 bytes leftover after parsing attributes in process `syz.4.3774'. [ 800.768310][T20057] vhci_hcd: invalid port number 16 [ 800.773468][T20057] vhci_hcd: invalid port number 16 [ 801.538408][T20111] ================================================================== [ 801.538427][T20111] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 801.538474][T20111] Read of size 8 at addr ffff888022299e80 by task syz.5.3777/20111 [ 801.538496][T20111] [ 801.538509][T20111] CPU: 0 UID: 0 PID: 20111 Comm: syz.5.3777 Not tainted syzkaller #0 PREEMPT(full) [ 801.538540][T20111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 801.538555][T20111] Call Trace: [ 801.538564][T20111] [ 801.538575][T20111] dump_stack_lvl+0x116/0x1f0 [ 801.538619][T20111] print_report+0xcd/0x630 [ 801.538644][T20111] ? __virt_addr_valid+0x81/0x610 [ 801.538669][T20111] ? __phys_addr+0xe8/0x180 [ 801.538693][T20111] ? fbcon_prepare_logo+0xa03/0xc70 [ 801.538728][T20111] kasan_report+0xe0/0x110 [ 801.538753][T20111] ? fbcon_prepare_logo+0xa03/0xc70 [ 801.538791][T20111] kasan_check_range+0x100/0x1b0 [ 801.538821][T20111] __asan_memcpy+0x23/0x60 [ 801.538858][T20111] fbcon_prepare_logo+0xa03/0xc70 [ 801.538902][T20111] fbcon_init+0xd77/0x1900 [ 801.538944][T20111] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 801.538985][T20111] visual_init+0x320/0x620 [ 801.539022][T20111] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 801.539056][T20111] store_bind+0x61d/0x760 [ 801.539084][T20111] ? sysfs_file_kobj+0xe4/0x290 [ 801.539117][T20111] ? __pfx_store_bind+0x10/0x10 [ 801.539144][T20111] dev_attr_store+0x58/0x80 [ 801.539178][T20111] ? __pfx_dev_attr_store+0x10/0x10 [ 801.539212][T20111] sysfs_kf_write+0xf2/0x150 [ 801.539246][T20111] kernfs_fop_write_iter+0x3af/0x570 [ 801.539275][T20111] ? __pfx_sysfs_kf_write+0x10/0x10 [ 801.539312][T20111] iter_file_splice_write+0xa24/0x12e0 [ 801.539357][T20111] ? __pfx_iter_file_splice_write+0x10/0x10 [ 801.539395][T20111] ? __pfx_copy_splice_read+0x10/0x10 [ 801.539504][T20111] ? __pfx_iter_file_splice_write+0x10/0x10 [ 801.539541][T20111] direct_splice_actor+0x192/0x6c0 [ 801.539578][T20111] splice_direct_to_actor+0x345/0xa30 [ 801.539613][T20111] ? __pfx_direct_splice_actor+0x10/0x10 [ 801.539648][T20111] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 801.539686][T20111] do_splice_direct+0x174/0x240 [ 801.539714][T20111] ? __pfx_do_splice_direct+0x10/0x10 [ 801.539746][T20111] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 801.539776][T20111] ? rw_verify_area+0xcf/0x6c0 [ 801.539806][T20111] do_sendfile+0xb06/0xe50 [ 801.539833][T20111] ? __pfx_do_sendfile+0x10/0x10 [ 801.539863][T20111] ? __x64_sys_futex+0x1e0/0x4c0 [ 801.539888][T20111] ? __x64_sys_futex+0x1e9/0x4c0 [ 801.539913][T20111] __x64_sys_sendfile64+0x1d8/0x220 [ 801.539932][T20111] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 801.539969][T20111] do_syscall_64+0xcd/0xfa0 [ 801.540010][T20111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.540034][T20111] RIP: 0033:0x7f1fb798efc9 [ 801.540054][T20111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.540078][T20111] RSP: 002b:00007f1fb8895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 801.540101][T20111] RAX: ffffffffffffffda RBX: 00007f1fb7be6090 RCX: 00007f1fb798efc9 [ 801.540118][T20111] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 801.540131][T20111] RBP: 00007f1fb7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 801.540148][T20111] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 801.540165][T20111] R13: 00007f1fb7be6128 R14: 00007f1fb7be6090 R15: 00007ffdfc56bae8 [ 801.540193][T20111] [ 801.540205][T20111] [ 801.540214][T20111] Allocated by task 19790: [ 801.540227][T20111] kasan_save_stack+0x33/0x60 [ 801.540262][T20111] kasan_save_track+0x14/0x30 [ 801.540296][T20111] __kasan_kmalloc+0xaa/0xb0 [ 801.540325][T20111] sctp_add_bind_addr+0xae/0x3f0 [ 801.540355][T20111] sctp_copy_local_addr_list+0x349/0x550 [ 801.540390][T20111] sctp_bind_addr_copy+0xe0/0x530 [ 801.540423][T20111] sctp_connect_new_asoc+0x1c9/0x770 [ 801.540461][T20111] __sctp_connect+0x3f3/0xc60 [ 801.540487][T20111] sctp_inet_connect+0x15f/0x200 [ 801.540512][T20111] __sys_connect_file+0x141/0x1a0 [ 801.540543][T20111] __sys_connect+0x13b/0x160 [ 801.540572][T20111] __x64_sys_connect+0x72/0xb0 [ 801.540597][T20111] do_syscall_64+0xcd/0xfa0 [ 801.540631][T20111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.540652][T20111] [ 801.540658][T20111] Freed by task 1091: [ 801.540670][T20111] kasan_save_stack+0x33/0x60 [ 801.540699][T20111] kasan_save_track+0x14/0x30 [ 801.540730][T20111] __kasan_save_free_info+0x3b/0x60 [ 801.540759][T20111] __kasan_slab_free+0x5f/0x80 [ 801.540791][T20111] kmem_cache_free_bulk+0x419/0x8e0 [ 801.540823][T20111] kvfree_rcu_bulk+0x1b7/0x1e0 [ 801.540850][T20111] kfree_rcu_work+0x124/0x1a0 [ 801.540877][T20111] process_one_work+0x9cf/0x1b70 [ 801.540905][T20111] worker_thread+0x6c8/0xf10 [ 801.540932][T20111] kthread+0x3c5/0x780 [ 801.540956][T20111] ret_from_fork+0x675/0x7d0 [ 801.540983][T20111] ret_from_fork_asm+0x1a/0x30 [ 801.541007][T20111] [ 801.541013][T20111] Last potentially related work creation: [ 801.541021][T20111] kasan_save_stack+0x33/0x60 [ 801.541055][T20111] kasan_record_aux_stack+0xa7/0xc0 [ 801.541084][T20111] kvfree_call_rcu+0x86/0x520 [ 801.541111][T20111] sctp_bind_addr_clean+0x12e/0x1e0 [ 801.541143][T20111] sctp_association_free+0x29a/0x7d0 [ 801.541169][T20111] sctp_do_sm+0x22dc/0x5c80 [ 801.541196][T20111] sctp_primitive_SHUTDOWN+0x9f/0xd0 [ 801.541225][T20111] sctp_close+0x3ff/0x940 [ 801.541246][T20111] inet_release+0xed/0x200 [ 801.541276][T20111] __sock_release+0xb3/0x270 [ 801.541295][T20111] sock_close+0x1c/0x30 [ 801.541314][T20111] __fput+0x402/0xb70 [ 801.541335][T20111] task_work_run+0x150/0x240 [ 801.541362][T20111] exit_to_user_mode_loop+0xec/0x130 [ 801.541386][T20111] do_syscall_64+0x426/0xfa0 [ 801.541421][T20111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.541455][T20111] [ 801.541462][T20111] The buggy address belongs to the object at ffff888022299e80 [ 801.541462][T20111] which belongs to the cache kmalloc-64 of size 64 [ 801.541485][T20111] The buggy address is located 0 bytes inside of [ 801.541485][T20111] freed 64-byte region [ffff888022299e80, ffff888022299ec0) [ 801.541511][T20111] [ 801.541518][T20111] The buggy address belongs to the physical page: [ 801.541532][T20111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22299 [ 801.541555][T20111] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 801.541576][T20111] page_type: f5(slab) [ 801.541598][T20111] raw: 00fff00000000000 ffff88813ffa68c0 ffffea0004ffc7c0 dead000000000005 [ 801.541623][T20111] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 801.541637][T20111] page dumped because: kasan: bad access detected [ 801.541649][T20111] page_owner tracks the page as allocated [ 801.541659][T20111] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3464134787, free_ts 0 [ 801.541700][T20111] post_alloc_hook+0x1c0/0x230 [ 801.541729][T20111] get_page_from_freelist+0x10a3/0x3a30 [ 801.541759][T20111] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 801.541791][T20111] alloc_pages_mpol+0x1fb/0x550 [ 801.541814][T20111] new_slab+0x24a/0x360 [ 801.541840][T20111] ___slab_alloc+0xdc4/0x1ae0 [ 801.541868][T20111] __slab_alloc.constprop.0+0x63/0x110 [ 801.541896][T20111] __kmalloc_noprof+0x501/0x880 [ 801.541922][T20111] acpi_evaluate_object+0x2b6/0xdf0 [ 801.541954][T20111] acpi_evaluate_dsm+0x194/0x290 [ 801.541981][T20111] acpi_check_dsm+0x51/0x260 [ 801.542008][T20111] smbios_attr_is_visible+0xac/0x1c0 [ 801.542032][T20111] internal_create_group+0x504/0xf30 [ 801.542055][T20111] internal_create_groups+0x9d/0x150 [ 801.542077][T20111] bus_add_device+0xb8/0x480 [ 801.542105][T20111] device_add+0x986/0x1aa0 [ 801.542127][T20111] page_owner free stack trace missing [ 801.542136][T20111] [ 801.542144][T20111] Memory state around the buggy address: [ 801.542158][T20111] ffff888022299d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 801.542177][T20111] ffff888022299e00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 801.542195][T20111] >ffff888022299e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 801.542209][T20111] ^ [ 801.542223][T20111] ffff888022299f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 801.542242][T20111] ffff888022299f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 801.542256][T20111] ================================================================== [ 801.559046][ T5180] ERROR: Out of memory at tomoyo_memory_ok. [ 801.566038][T20111] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 801.566062][T20111] CPU: 0 UID: 0 PID: 20111 Comm: syz.5.3777 Not tainted syzkaller #0 PREEMPT(full) [ 801.566094][T20111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 801.566112][T20111] Call Trace: [ 801.566121][T20111] [ 801.566132][T20111] dump_stack_lvl+0x3d/0x1f0 [ 801.566172][T20111] vpanic+0x640/0x6f0 [ 801.566211][T20111] panic+0xca/0xd0 [ 801.566237][T20111] ? __pfx_panic+0x10/0x10 [ 801.566266][T20111] ? fbcon_prepare_logo+0xa03/0xc70 [ 801.566302][T20111] ? preempt_schedule_common+0x44/0xc0 [ 801.566336][T20111] ? preempt_schedule_thunk+0x16/0x30 [ 801.566366][T20111] check_panic_on_warn+0xab/0xb0 [ 801.566395][T20111] end_report+0x107/0x170 [ 801.566420][T20111] kasan_report+0xee/0x110 [ 801.566446][T20111] ? fbcon_prepare_logo+0xa03/0xc70 [ 801.566488][T20111] kasan_check_range+0x100/0x1b0 [ 801.566517][T20111] __asan_memcpy+0x23/0x60 [ 801.566549][T20111] fbcon_prepare_logo+0xa03/0xc70 [ 801.566592][T20111] fbcon_init+0xd77/0x1900 [ 801.566627][T20111] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 801.566667][T20111] visual_init+0x320/0x620 [ 801.566706][T20111] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 801.566740][T20111] store_bind+0x61d/0x760 [ 801.566770][T20111] ? sysfs_file_kobj+0xe4/0x290 [ 801.566805][T20111] ? __pfx_store_bind+0x10/0x10 [ 801.566831][T20111] dev_attr_store+0x58/0x80 [ 801.566870][T20111] ? __pfx_dev_attr_store+0x10/0x10 [ 801.566907][T20111] sysfs_kf_write+0xf2/0x150 [ 801.566941][T20111] kernfs_fop_write_iter+0x3af/0x570 [ 801.566977][T20111] ? __pfx_sysfs_kf_write+0x10/0x10 [ 801.567015][T20111] iter_file_splice_write+0xa24/0x12e0 [ 801.567062][T20111] ? __pfx_iter_file_splice_write+0x10/0x10 [ 801.567095][T20111] ? __pfx_copy_splice_read+0x10/0x10 [ 801.567134][T20111] ? __pfx_iter_file_splice_write+0x10/0x10 [ 801.567168][T20111] direct_splice_actor+0x192/0x6c0 [ 801.567208][T20111] splice_direct_to_actor+0x345/0xa30 [ 801.567243][T20111] ? __pfx_direct_splice_actor+0x10/0x10 [ 801.567278][T20111] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 801.567317][T20111] do_splice_direct+0x174/0x240 [ 801.567347][T20111] ? __pfx_do_splice_direct+0x10/0x10 [ 801.567379][T20111] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 801.567411][T20111] ? rw_verify_area+0xcf/0x6c0 [ 801.567444][T20111] do_sendfile+0xb06/0xe50 [ 801.567477][T20111] ? __pfx_do_sendfile+0x10/0x10 [ 801.567513][T20111] ? __x64_sys_futex+0x1e0/0x4c0 [ 801.567539][T20111] ? __x64_sys_futex+0x1e9/0x4c0 [ 801.567567][T20111] __x64_sys_sendfile64+0x1d8/0x220 [ 801.567592][T20111] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 801.567624][T20111] do_syscall_64+0xcd/0xfa0 [ 801.567665][T20111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.567693][T20111] RIP: 0033:0x7f1fb798efc9 [ 801.567712][T20111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.567739][T20111] RSP: 002b:00007f1fb8895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 801.567766][T20111] RAX: ffffffffffffffda RBX: 00007f1fb7be6090 RCX: 00007f1fb798efc9 [ 801.567785][T20111] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 801.567800][T20111] RBP: 00007f1fb7a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 801.567817][T20111] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 801.567833][T20111] R13: 00007f1fb7be6128 R14: 00007f1fb7be6090 R15: 00007ffdfc56bae8 [ 801.567856][T20111] [ 801.568155][T20111] Kernel Offset: disabled