last executing test programs: 14m30.604845232s ago: executing program 1 (id=5406): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x7e1b, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto(0x3, 0x5420, 0x38) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) 14m30.39775042s ago: executing program 1 (id=5408): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x9, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) ioctl$auto(0x3, 0x40085400, 0x5) 14m29.793987375s ago: executing program 1 (id=5412): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x40000, 0x0) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r0, 0x80104592, &(0x7f0000000140)={0x4, 0x800005, 0x400007}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x0, 0x1, 0x0) 14m28.952680075s ago: executing program 1 (id=5422): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 14m28.535872555s ago: executing program 1 (id=5425): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc) 14m27.959211898s ago: executing program 1 (id=5429): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0xa) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x30b142, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x8188aea6, 0x0) 14m27.454657053s ago: executing program 32 (id=5429): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0xa) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x30b142, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x8188aea6, 0x0) 11m54.359502269s ago: executing program 4 (id=6585): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r2 = socket(0xa, 0x2, 0x88) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r3, r4, 0x4, 0x1ff, r2, @relative_fd=r0, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 11m52.746883806s ago: executing program 4 (id=6588): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0x175, 0x7, 0x800000000006}]}) 11m52.270693118s ago: executing program 4 (id=6593): rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x4, 0x6, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x44eb1, 0x602, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d7) r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r0, 0x0, 0x20000000001, 0x7fff) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0xc00, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) 11m51.766461561s ago: executing program 4 (id=6596): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r0 = socket(0x18, 0x80000, 0x0) connect$auto(r0, 0x0, 0x1e) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(0xca, &(0x7f00000002c0)='\x04=\x01\r\xfb\a\x00\x00\x00\x00\x00\x00\x00\xa2\x00\x00\xccb\xc9\x19AWL\x00\b2\xa7e\xbd\x97\x9c\x05z\xccs\xba\xa2,&\xe9\x11\xfe{ai\x8a\x86V \x8eb=OJC\xaf.D\x8f\x97\x03g*\x1c\x98~\x15\xc3\\\xcbed\xff\xb1\x92~\x89S\"\xdac\x99\xf7!\a\xfb\xf8Vf\x18\xc8\xbbu\xcd\xf6\x80\x92\xa9\xda(\xa2\x93p\n\xe5t\x1b$\x9f\xa3\x1a\x82\x06\x12\xa6\a\"\xba\x8a\x88t\xf2A\xb9g$H\xcc\xc7\x8eoi\xf5\x02\n\"\xdf9\xa5>\x91\xf2\xde\xa8\xd3\x9f\x9d\xba6\xc0\xcb!w\a\xdd\xbb\xf1kox\x04\xe8a\x93\xf3\x12eE]\f\a\xf7N\xb7\x85\a\xf1+\x05\xe7\xb5\xa9m-+(\xaf\xf9\xa4r\x0fX~\v\xa7\xf3\x9cD\t\x80\x8b\x9d6\x1f\xdc\xc4y\x1d\x9a\xff\x0e\xbb\x8c^\xb9\x06\xcd\xa1\xf9\xec\xc1\xc3\xd7\x0fr\x16Hf\xb5\x17\x10\xf9\x03H\x19\x1a\xa8\xd1\xad\xa2\xd3\xe7\xa7\x883Y\x7fS\x80|\x9e\x91O\xca@\xe45\x80\x95\xdf\xdbn\x01\xde\xfd\vH\xfc\xe6o\xf5\x1c\x034\xf5\xd8\xb1}JX{\xf0\x89\x1d\xb5P`j\x10I\xf2\x16PQ\x85\xa7\t\x98\x1c\xe2Y\xa1\x03\x9b\xdd4VQF\x8d\xc9\xa5\fm\xca\xfd\x92\n\\\xf8\xb5C\xce\xa9\xdc\xddg\x8e2x\xde\xdf\x14zd\x01s\xaa\xd7v\xfa\xe3\x99\v|2', 0x2d9) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x55) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, 0xffffffffffffffff, 0x6) 11m51.57511564s ago: executing program 4 (id=6598): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 11m49.362529951s ago: executing program 4 (id=6616): write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_fops_x64_ro_(0xffffffffffffff9c, 0x0, 0x395a40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 11m48.370808757s ago: executing program 33 (id=6616): write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_fops_x64_ro_(0xffffffffffffff9c, 0x0, 0x395a40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 11m38.614983223s ago: executing program 2 (id=6674): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x5, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) socket(0x15, 0x5, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) write$auto(0x6, 0x0, 0x100000001) 11m37.562630084s ago: executing program 2 (id=6677): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/iomem\x00', 0x1c9a02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semctl$auto(0x7, 0x2, 0x13, 0x5) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x40, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/tracing/uprobe_events\x00', 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, r0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x2, 0x0) 11m36.986465176s ago: executing program 2 (id=6679): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0a00, 0x0) pread64$auto(r0, 0x0, 0x3ff, 0x9) fallocate$auto(0xffffffffffffffff, 0x0, 0x7, 0x4cbd5d) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) shmget$auto(0x8, 0x10565, 0x7ff) shmat$auto(0x0, &(0x7f0000000000)='\xfb\x83/\xf2!\xdb\xcf4A\xb9\xf8\x1b\xcd\xb8}\xb85', 0xfffffffa) 11m36.479919711s ago: executing program 2 (id=6681): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0xc0000101, 0x400, 0xb1b}]}) 11m36.347485935s ago: executing program 2 (id=6682): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 11m35.473054672s ago: executing program 2 (id=6686): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4140aecd, &(0x7f0000000080)={0x43}) 11m34.858747729s ago: executing program 34 (id=6686): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4140aecd, &(0x7f0000000080)={0x43}) 8m49.438427586s ago: executing program 5 (id=7688): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x4) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x3) sendmsg$auto_NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, 0x0, 0x40040) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) kill$auto(0x0, 0x5) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigsuspend$auto(0x0, 0x8) sendto$auto(0xffffffffffffffff, 0x0, 0xd00, 0x2, 0x0, 0x9) 8m48.024591432s ago: executing program 5 (id=7697): socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) setrlimit$auto(0x0, &(0x7f0000000000)={0x0, 0x3ff}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000000000008000) futex$auto(0x0, 0x85, 0x8, 0x0, 0x0, 0x80800002) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) msync$auto(0x1ffff000, 0xffffffffffffbffb, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video2\x00', 0x80040, 0x0) mmap$auto(0x0, 0x8, 0x1000000004, 0x13, 0x3, 0x110000000) 8m47.762249589s ago: executing program 5 (id=7700): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) ioctl$auto(r1, 0x2, 0x6) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, 0x0, 0x4000) 8m47.57546299s ago: executing program 5 (id=7702): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0x6, 0x2}, 0x8000, 0x0, 0x6) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) r0 = epoll_create$auto(0x2) epoll_pwait2$auto(r0, 0x0, 0x8, 0x0, 0x0, 0x8) sysfs$auto(0x2, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) 8m47.297927204s ago: executing program 5 (id=7706): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 8m47.066316618s ago: executing program 5 (id=7709): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc028ae92, 0x0) 8m32.077140966s ago: executing program 35 (id=7709): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc028ae92, 0x0) 8.748364217s ago: executing program 0 (id=9491): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) close_range$auto(r0, 0x8, 0x0) brk$auto(0xffffffffffffff66) prctl$auto_PR_SYS_DISPATCH_OFF(0xfffffff9, 0x0, 0xffffffffffffffff, 0x401, 0xb0e) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) ioctl$auto_SNAPSHOT_CREATE_IMAGE(0xffffffffffffffff, 0x40043311, 0x0) personality$auto(0xfffff032) ppoll$auto(&(0x7f0000001ac0)={0xffffffffffffffff, 0x9, 0x7}, 0x8, &(0x7f0000001b00)={0xf2, 0x9}, &(0x7f00000002c0)={0x10000}, 0x8) msgctl$auto_IPC_RMID(0x1, 0x0, &(0x7f0000001600)={{0x7b0, 0x0, 0x0, 0xd, 0x3ff, 0x7, 0xb}, &(0x7f0000000400)=0x9, &(0x7f0000000440)=0x10, 0x1, 0xd80, 0x9, 0x0, 0x8000000000000000, 0x6, 0xa, 0xfff9, @raw=0x80, @raw=0x9}) 8.747883468s ago: executing program 6 (id=9492): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @empty}, 0x6a) sysfs$auto(0x2, 0x10000000000002f, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_NCSI_CMD_SET_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001380)={0x14, 0x0, 0x4, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) setsockopt$auto(r0, 0x1, 0x12, 0x0, 0xeb66) bpf$auto(0x3, 0x0, 0x7) open(0x0, 0x0, 0x6f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) socket(0xa, 0x3, 0x3b) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 8.73522914s ago: executing program 7 (id=9500): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x58) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7ffffffffffffffb, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x4, &(0x7f0000000300)={&(0x7f0000000240)=0x0, 0x0, 0x0, {0x1}}, 0x0, 0x8) r0 = gettid() rt_sigqueueinfo$auto(r0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0xc, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) madvise$auto(0x0, 0x20499d, 0x9) ioctl$auto_FS_IOC_RESVSP64(0xffffffffffffffff, 0x4030582a, 0x1) 6.840612301s ago: executing program 6 (id=9493): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0xc200, 0x0) write$auto_def_blk_fops_fs(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x15, 0x5, 0x0) r1 = getsockopt$auto(r0, 0x114, 0x2718, 0xfffffffffffffffc, 0x0) linkat$auto(r1, &(0x7f0000000180)='./file0\x00', r1, &(0x7f00000001c0)='./file0\x00', 0xe28a) unshare$auto(0x40000080) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x100008000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtdblock0\x00', 0x4ea06, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x298, r3, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x5}, @NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_DISABLE_EHT={0x4}, @NL80211_ATTR_TX_RATES={0x252, 0x5a, 0x0, 0x1, [@nested={0x68, 0x4d, 0x0, 0x1, [@typed={0x8, 0xd9, 0x0, 0x0, @fd}, @generic="25f46400e9801b908e0ebfcf0840ffab99e400ff1dccccbc3f1faaa2d14ced3bd89df02e5750da66020ff70ae6701b75b37a0dd16bea520d3875b786f9cfbf9ad5ccf1a895eaa28d7c3878d0ae216b5553f99d18", @nested={0x4, 0x112}, @nested={0x4, 0x3a}]}, @nested={0x198, 0xc5, 0x0, 0x1, [@generic="0f0c1ace004e0d43f4d22628667d9a8403f1359451c130d82bc571815ddc6c32814e0a9552a67a27971bc182586b56e9e7c4e1ca8b3edeee6ceea2d69c179de260b0905ceb9337a64fbf64c2e8942e73c02e76b0c1991902e1ffd6109c9523bfaf3722d7efd5b00d7704dcebccd919609ebc7b4fb0c59bf94463ad7146b1cbd498cc955807ce66bcfc7efb6adff89f0bec8531e395f6d6206da6bcc9620d4946761142f5c3b97ec05834273b1576a9d8a24453df3b33fdc7de350210a7f5d9fb0bf8cf5cc03dcafcbc6b346ef7bd46d4c46fd682530ddb991b894aad18f0aea2699fcddae08a60", @typed={0x6, 0xce, 0x0, 0x0, @str='#\x00'}, @typed={0xc, 0x6b, 0x0, 0x0, @u64=0x6}, @nested={0x4, 0x10d}, @generic="a054c3842a3b9f859df3864916ad64b8f6e998cec9ce1903a7fda98543c54acacc4cc5123d45e6d1014f69335796b4a5ae9efc14fa56a0748d478edb343a1315182d41876e836690e18428a2314a03971753d2d5e57f131a157a9ecbca9312ff4f26cb821f2f06e3662b075f2321eb854640773061576a135328fc7d7ba25b7590f46204db885c3543583d626b", @typed={0x8, 0x56, 0x0, 0x0, @u32}]}, @typed={0x8, 0xa1, 0x0, 0x0, @u32=0x7}, @generic="60600624bf038e63d40f8eb31a1c546a52eaf1791895cae654f75cb5ab17596de8f9efa21439b1dae0a72cf794a3f0529fb8053980268237b18e4d7ddeea318f0c9a79a9eb60"]}, @NL80211_ATTR_FILS_KEK={0x6, 0xf2, "d3ef"}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x5}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, 0x10000}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x6}]}, 0x298}, 0x1, 0x0, 0x0, 0x4008084}, 0x4080) r4 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r4, 0x0, 0x80, 0x0, &(0x7f0000000040)=0x5) 6.835828388s ago: executing program 7 (id=9502): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000005340), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x1c, r4, 0x301, 0x70bd2a, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x808}, 0x4044040) read$auto(r2, 0x0, 0x4) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000240)={0x0, 0x7}, 0x3) bpf$auto_BPF_ENABLE_STATS(0x20, 0x0, 0xffff0001) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) write$auto(0x3, 0x0, 0x0) getsockopt$auto_SO_BPF_EXTENSIONS(r5, 0x7ff, 0x30, &(0x7f0000000040)=')\x00', &(0x7f0000000080)=0x4) mmap$auto(0x0, 0x1000000000020009, 0xfffffffffffffff7, 0x200000000000eb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_OVS_FLOW_CMD_NEW(r0, &(0x7f00000054c0)={0x0, 0x0, &(0x7f0000005480)={&(0x7f0000000880)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_ACTIONS={0x4}]}, 0x20}}, 0x20008844) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4000, 0x0) 6.635178907s ago: executing program 0 (id=9494): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', 0x0) setresuid$auto(0x0, 0x0, 0x0) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000140), 0x189000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/anycast6\x00', 0x181500, 0x0) sched_setattr$auto(r1, 0x0, 0x7b) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 6.203212049s ago: executing program 3 (id=9495): openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x121040, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0xaa102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 5.706023478s ago: executing program 3 (id=9496): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) read$auto(r0, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r1) fstat$auto(r2, &(0x7f0000000100)={0x0, 0x4, 0xa6, 0x1, 0xee00, 0xee01, 0x0, 0x2, 0x3, 0xd, 0x7, 0x7, 0x0, 0xc64c, 0x5, 0x3, 0x5}) sendmsg$auto_NFC_CMD_VENDOR(r1, 0x0, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183941, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000040), 0x0) seccomp$auto(0x2, 0x10, 0x0) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) unshare$auto(0x40000080) read$auto_ptdump_fops_(0xffffffffffffffff, 0x0, 0x0) 4.297974563s ago: executing program 7 (id=9497): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/teql0/queues/tx-0/byte_queue_limits/limit_min\x00', 0x88282, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r1 = fcntl$auto(0xffffffffffffffff, 0x20007, 0xa553) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) getsockopt$auto_SO_MEMINFO(r1, 0x8, 0x37, 0x0, &(0x7f00000000c0)=0x6) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_delete$auto(0x1) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) 4.297361312s ago: executing program 0 (id=9507): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vidtv.0/i2c-0/new_device\x00', 0x2001, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm0p/sub7/info\x00', 0x40, 0x0) read$auto(r1, 0x0, 0x100000000) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x4610, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400408, 0x4, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyr3/dev\x00', 0x40200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) ioctl$auto(0x3, 0x40045431, 0x38) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x200, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 3.740778121s ago: executing program 6 (id=9498): socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC2\x00', 0x361101, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0x5452, &(0x7f0000000080)={0x80, 0xbed0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x401, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) ioctl$auto_MEMLOCK(r1, 0x40084d05, &(0x7f00000000c0)={0xfffffffe, 0x7fffffff}) timer_gettime$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xcff, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, 0x0, 0x68) 3.739092094s ago: executing program 3 (id=9499): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/fcloop/ctl/add_target_port\x00', 0x2a001, 0x0) write$auto(r2, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r5, r5, 0x0, 0x2) settimeofday$auto(0x0, &(0x7f0000000080)={0x9, 0x9}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) 2.410499633s ago: executing program 3 (id=9501): recvmmsg$auto(0xffffffffffffffff, &(0x7f00000003c0)={{&(0x7f0000000140)="e83f67070be2cdc5fdb123a31aa5709e46ea1526", 0x8, 0x0, 0xce3, &(0x7f0000000380), 0x92f, 0xf}, 0x1000}, 0x8, 0x8d, &(0x7f0000000400)={0x4, 0x81}) pwrite64$auto(0xc8, &(0x7f0000000000)='\xfc\xff\xff\xff\xff\xff\xff\xffRN8\x99\x88\xf5s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\xae\x18\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2\xdac$w\x883\xac\xcd\x96\xc2\x93\x0e\x12/v0\x90\x915?', 0x4c, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000400)='/dev/binderfs/binder0\x00', 0x40, 0x0) ioctl$auto_BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/maps\x00', 0x2, 0x0) mbind$auto(0x2000, 0x100000004, 0x5, 0x0, 0xffffffffffffff39, 0xffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x2a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x1, 0x80000006, 0x9b72, 0x2, 0x8000000000000000) syz_clone(0x40180311, 0x0, 0x0, 0x0, 0x0, 0x0) getresuid$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.41038515s ago: executing program 0 (id=9503): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @empty}, 0x6a) sysfs$auto(0x2, 0x10000000000002f, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_NCSI_CMD_SET_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001380)={0x14, 0x0, 0x4, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) setsockopt$auto(r0, 0x1, 0x12, 0x0, 0xeb66) bpf$auto(0x3, 0x0, 0x7) open(0x0, 0x0, 0x6f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) socket(0xa, 0x3, 0x3b) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 1.992390284s ago: executing program 7 (id=9504): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) write$auto(r0, &(0x7f00000001c0)='macvlan1\x00', 0x1) getpgrp(0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) read$auto(r1, 0x0, 0x20) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0xc0802, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) getsockopt$auto(0x2, 0x114, 0x2711, 0xfffffffffffffffc, 0x0) 1.525459824s ago: executing program 6 (id=9505): r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) kexec_load$auto(0xf, 0x0, &(0x7f00000000c0)={@buf=&(0x7f0000000580), 0x0, 0x4, 0x7d63fe82}, 0x80000001) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r1, 0x80045010, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, 0x0) setsockopt$auto(0xffffffffffffffff, 0x1, 0x5, 0x0, 0xd) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x110) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) lseek$auto(0x3, 0x2, 0x4) creat$auto(&(0x7f0000000100)='./file0\x00', 0x2b11) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, 0x0, 0x40) socket$nl_generic(0x10, 0x3, 0x10) recvmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f0000000040), 0x1, &(0x7f0000000180)={0x0, 0x4}, 0xc, 0x0, 0x10000, 0x5}, 0x2000000}, 0x5, 0x4d, &(0x7f00000003c0)={0xfffffffffffffff8}) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0xe4241, 0x0) 1.31467655s ago: executing program 3 (id=9506): r0 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0x19, 0x0, 0xc4c0, &(0x7f0000000040), 0x2, 0x80008003}}, 0x5, 0x17da) pwrite64$auto(0xc8, &(0x7f0000000000)='\xfc\xff\xff\xff\xff\xff\xff\xffRN8\x99\x88\xf5s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\xae\x18\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2\xdac$w\x883\xac\xcd\x96\xc2\x93\x0e\x12/v0\x90\x915?', 0x4c, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,v\xf58\x83\xcf\xc5D\xcc', 0x100000a3d9) recvmmsg$auto(r1, &(0x7f0000000240)={{&(0x7f00000000c0)="be9c33df5c8c353735ae9f0e59896ce734a2947de470705514969d5d39224c22b3e740f3eb49f4caac69d2876cd1c27ee4a8a6f1800b38e925041b8cb1a698e738fa874547d44e0a4a5cb5a7cfae9a5940c7d0294ba5e07d0a0e1fc49e31effbba8d3c76977c377b68625c5c083983cea584", 0x7, &(0x7f0000000200)={&(0x7f00000001c0)="76afa3c1fd10f38db0dd5c8d0e58ae3a6495bcaad4f3c263d15f2b932ecf25bf0b87101b7f7a715a9184db333d581b", 0x2}, 0x6, 0x0, 0x7, 0x2}, 0x9}, 0x7, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x27, 0xa, 0x0) bind$auto(0x3, &(0x7f0000000140)=@ax25={0x3, @bcast}, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x200000008000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) 1.214593087s ago: executing program 0 (id=9508): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b4b, r0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0xa, 0x1, 0x0, 0x0) setuid$auto(0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x84000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) socket(0x2, 0x1, 0x0) mkdir$auto(&(0x7f0000000040)='./cgroup/../file0\x00', 0x1) 712.011227ms ago: executing program 6 (id=9509): mincore$auto(0x1ff, 0x2, 0x0) socket(0x10, 0x2, 0xc) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(r0, r0, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r2, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) ioctl$auto(0xffffffffffffffff, 0x901064aa, 0xffeffffffffffdff) socket$nl_generic(0x10, 0x3, 0x10) 666.508696ms ago: executing program 7 (id=9510): mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0xa) userfaultfd$auto(0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r0 = socket(0x10, 0x2, 0xf) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) socket(0xa, 0x3, 0xff) pipe$auto(0x0) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x40000, 0x4, 0x5, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x9, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_prog_fd=r0, 0x7e, 0x4, 0x1, 0x5, 0x3}, 0x5) 381.810064ms ago: executing program 7 (id=9511): socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0xfdf3) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xfdf3}, 0x100000007) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) writev$auto(0xffffffffffffffff, 0x0, 0x3) preadv$auto(0xffffffffffffffff, 0x0, 0x7, 0x8001, 0xffffffffffff0000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x2, 0x1) connect$auto(r0, 0x0, 0x55) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) io_uring_setup$auto(0x6, 0x0) write$auto(0x3, 0x0, 0xfdef) fstat$auto(0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0xfdef) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/kernel/debug/o2hb/failed_regions\x00', 0x200, 0x0) 227.365046ms ago: executing program 0 (id=9512): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getsockopt$auto_SO_TXREHASH(0xffffffffffffffff, 0x8, 0x4a, &(0x7f0000000000)='/sys/devices/platform/i8042/serio1/resolution\x00', &(0x7f0000000040)=0x5) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x890b, 0x1) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fbdbdf251a0000000c00018008000100", @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x40801}, 0x80) 105.53736ms ago: executing program 6 (id=9513): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pidfd_open$auto(0x1, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/tracing_cpumask\x00', 0x688480, 0x0) socketpair$auto(0x1, 0x1, 0x4, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r0, 0xc0184d08, r0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 0s ago: executing program 3 (id=9514): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0) mmap$auto(0x0, 0xa, 0x8000000000de, 0x9b72, 0x5, 0xbd) get_mempolicy$auto(0x0, &(0x7f00000000c0), 0xffffffff80000001, 0x7ff, 0x3) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x10d47e, 0x72) socket(0x6, 0x2, 0x2) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0xc0080, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto(r1, 0x4611, r1) kernel console output (not intermixed with test programs): 0405] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1251.361502][T30417] random: crng reseeded on system resumption [ 1251.491293][T30405] CPU: 1 UID: 0 PID: 30405 Comm: syz.7.8751 Tainted: G U syzkaller #0 PREEMPT(full) [ 1251.491320][T30405] Tainted: [U]=USER [ 1251.491325][T30405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1251.491334][T30405] Call Trace: [ 1251.491340][T30405] [ 1251.491346][T30405] dump_stack_lvl+0x16c/0x1f0 [ 1251.491367][T30405] should_fail_ex+0x512/0x640 [ 1251.491392][T30405] should_fail_alloc_page+0xe7/0x130 [ 1251.491415][T30405] prepare_alloc_pages+0x3c2/0x610 [ 1251.491434][T30405] ? rcu_is_watching+0x12/0xc0 [ 1251.491453][T30405] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1251.491470][T30405] ? rcu_is_watching+0x12/0xc0 [ 1251.491485][T30405] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1251.491504][T30405] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 1251.491521][T30405] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1251.491538][T30405] ? is_bpf_text_address+0x8a/0x1a0 [ 1251.491557][T30405] ? bpf_ksym_find+0x124/0x1c0 [ 1251.491574][T30405] ? is_bpf_text_address+0x94/0x1a0 [ 1251.491593][T30405] ? kernel_text_address+0x8d/0x100 [ 1251.491615][T30405] ? __kernel_text_address+0xd/0x40 [ 1251.491628][T30405] ? unwind_get_return_address+0x59/0xa0 [ 1251.491649][T30405] alloc_pages_bulk_noprof+0x71c/0x1410 [ 1251.491663][T30405] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1251.491687][T30405] ? policy_nodemask+0xea/0x4e0 [ 1251.491708][T30405] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1251.491723][T30405] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1251.491749][T30405] kasan_populate_vmalloc+0x112/0x2d0 [ 1251.491765][T30405] ? alloc_vmap_area+0x8b5/0x29e0 [ 1251.491786][T30405] alloc_vmap_area+0x960/0x29e0 [ 1251.491811][T30405] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1251.491833][T30405] __get_vm_area_node+0x1ca/0x330 [ 1251.491854][T30405] ? ringbuf_map_alloc+0x3da/0x7f0 [ 1251.491867][T30405] get_vm_area_caller+0x71/0xa0 [ 1251.491885][T30405] ? ringbuf_map_alloc+0x3da/0x7f0 [ 1251.491899][T30405] vmap+0x135/0x320 [ 1251.491917][T30405] ? __pfx_vmap+0x10/0x10 [ 1251.491940][T30405] ringbuf_map_alloc+0x3da/0x7f0 [ 1251.491956][T30405] ? __pfx_ringbuf_map_mem_usage+0x10/0x10 [ 1251.491977][T30405] map_create+0x65c/0x27e0 [ 1251.492005][T30405] ? __pfx_map_create+0x10/0x10 [ 1251.492034][T30405] ? __might_fault+0xe3/0x190 [ 1251.492049][T30405] ? __might_fault+0xe3/0x190 [ 1251.492062][T30405] ? __might_fault+0x13b/0x190 [ 1251.492083][T30405] __sys_bpf+0x3d9d/0x4980 [ 1251.492098][T30405] ? futex_private_hash_put+0x18a/0x300 [ 1251.492118][T30405] ? __pfx___sys_bpf+0x10/0x10 [ 1251.492132][T30405] ? __pfx_futex_wait+0x10/0x10 [ 1251.492158][T30405] ? errseq_sample+0x53/0x70 [ 1251.492183][T30405] ? do_futex+0x122/0x350 [ 1251.492211][T30405] ? __sys_socket+0xac/0x260 [ 1251.492231][T30405] ? xfd_validate_state+0x61/0x180 [ 1251.492250][T30405] ? __pfx___do_sys_close_range+0x10/0x10 [ 1251.492269][T30405] __x64_sys_bpf+0x78/0xc0 [ 1251.492284][T30405] ? lockdep_hardirqs_on+0x7c/0x110 [ 1251.492299][T30405] do_syscall_64+0xcd/0xfa0 [ 1251.492316][T30405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1251.492335][T30405] RIP: 0033:0x7f5540f8efc9 [ 1251.492348][T30405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1251.492363][T30405] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1251.492379][T30405] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1251.492389][T30405] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1251.492398][T30405] RBP: 00007f5541011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1251.492407][T30405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1251.492416][T30405] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1251.492436][T30405] [ 1252.811016][T30442] mkiss: ax0: crc mode is auto. [ 1253.197670][T17859] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1253.222172][T17859] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 1253.231941][T17859] CPU: 1 UID: 0 PID: 17859 Comm: kworker/u9:2 Tainted: G U syzkaller #0 PREEMPT(full) [ 1253.231966][T17859] Tainted: [U]=USER [ 1253.231971][T17859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1253.231982][T17859] Workqueue: hci0 hci_rx_work [ 1253.232002][T17859] Call Trace: [ 1253.232008][T17859] [ 1253.232014][T17859] dump_stack_lvl+0x16c/0x1f0 [ 1253.232032][T17859] sysfs_warn_dup+0x7f/0xa0 [ 1253.232051][T17859] sysfs_create_dir_ns+0x24b/0x2b0 [ 1253.232068][T17859] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1253.232085][T17859] ? find_held_lock+0x2b/0x80 [ 1253.232104][T17859] ? do_raw_spin_unlock+0x172/0x230 [ 1253.232127][T17859] kobject_add_internal+0x2c4/0x9b0 [ 1253.232148][T17859] kobject_add+0x16e/0x240 [ 1253.232165][T17859] ? __pfx_kobject_add+0x10/0x10 [ 1253.232183][T17859] ? do_raw_spin_unlock+0x172/0x230 [ 1253.232205][T17859] ? kobject_put+0xab/0x5a0 [ 1253.232226][T17859] device_add+0x288/0x1aa0 [ 1253.232248][T17859] ? __pfx_dev_set_name+0x10/0x10 [ 1253.232262][T17859] ? __pfx_device_add+0x10/0x10 [ 1253.232283][T17859] ? mgmt_send_event_skb+0x2fb/0x460 [ 1253.232302][T17859] hci_conn_add_sysfs+0x17e/0x230 [ 1253.232321][T17859] le_conn_complete_evt+0x1260/0x2150 [ 1253.232340][T17859] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1253.232354][T17859] ? bt_warn+0xe4/0x120 [ 1253.232374][T17859] ? __pfx_bt_warn+0x10/0x10 [ 1253.232399][T17859] hci_le_conn_complete_evt+0x23c/0x370 [ 1253.232418][T17859] hci_le_meta_evt+0x357/0x5e0 [ 1253.232433][T17859] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1253.232450][T17859] hci_event_packet+0x685/0x11c0 [ 1253.232464][T17859] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1253.232481][T17859] ? __pfx_hci_event_packet+0x10/0x10 [ 1253.232496][T17859] ? kcov_remote_start+0x3c9/0x6d0 [ 1253.232510][T17859] ? lockdep_hardirqs_on+0x7c/0x110 [ 1253.232530][T17859] hci_rx_work+0x2c5/0x16b0 [ 1253.232547][T17859] ? rcu_is_watching+0x12/0xc0 [ 1253.232565][T17859] process_one_work+0x9cf/0x1b70 [ 1253.232594][T17859] ? __pfx_process_one_work+0x10/0x10 [ 1253.232629][T17859] ? assign_work+0x1a0/0x250 [ 1253.232652][T17859] worker_thread+0x6c8/0xf10 [ 1253.232679][T17859] ? __kthread_parkme+0x19e/0x250 [ 1253.232698][T17859] ? __pfx_worker_thread+0x10/0x10 [ 1253.232720][T17859] kthread+0x3c5/0x780 [ 1253.232741][T17859] ? __pfx_kthread+0x10/0x10 [ 1253.232762][T17859] ? rcu_is_watching+0x12/0xc0 [ 1253.232777][T17859] ? __pfx_kthread+0x10/0x10 [ 1253.232797][T17859] ret_from_fork+0x675/0x7d0 [ 1253.232817][T17859] ? __pfx_kthread+0x10/0x10 [ 1253.232837][T17859] ret_from_fork_asm+0x1a/0x30 [ 1253.232867][T17859] [ 1253.232886][T17859] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1253.561116][T17859] Bluetooth: hci0: failed to register connection device [ 1254.169576][T30460] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8768'. [ 1255.607380][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1255.928631][T30481] netlink: 246 bytes leftover after parsing attributes in process `syz.6.8772'. [ 1256.373075][T30473] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1256.747151][T30491] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8778'. [ 1256.955124][T30495] FAULT_INJECTION: forcing a failure. [ 1256.955124][T30495] name failslab, interval 1, probability 393216, space 0, times 0 [ 1257.154365][T30495] CPU: 1 UID: 0 PID: 30495 Comm: syz.6.8780 Tainted: G U syzkaller #0 PREEMPT(full) [ 1257.154393][T30495] Tainted: [U]=USER [ 1257.154399][T30495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1257.154408][T30495] Call Trace: [ 1257.154414][T30495] [ 1257.154421][T30495] dump_stack_lvl+0x16c/0x1f0 [ 1257.154442][T30495] should_fail_ex+0x512/0x640 [ 1257.154465][T30495] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1257.154483][T30495] should_failslab+0xc2/0x120 [ 1257.154502][T30495] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1257.154516][T30495] ? security_file_alloc+0x34/0x2b0 [ 1257.154536][T30495] ? security_file_alloc+0x34/0x2b0 [ 1257.154550][T30495] security_file_alloc+0x34/0x2b0 [ 1257.154572][T30495] init_file+0x93/0x4c0 [ 1257.154592][T30495] alloc_empty_file+0x73/0x1e0 [ 1257.154613][T30495] path_openat+0xda/0x2cb0 [ 1257.154635][T30495] ? __pfx_path_openat+0x10/0x10 [ 1257.154651][T30495] ? __lock_acquire+0xb8a/0x1c90 [ 1257.154678][T30495] do_filp_open+0x20b/0x470 [ 1257.154694][T30495] ? __pfx_do_filp_open+0x10/0x10 [ 1257.154723][T30495] ? alloc_fd+0x471/0x7d0 [ 1257.154744][T30495] do_sys_openat2+0x11b/0x1d0 [ 1257.154765][T30495] ? __pfx_do_sys_openat2+0x10/0x10 [ 1257.154792][T30495] __x64_sys_openat+0x174/0x210 [ 1257.154812][T30495] ? __pfx___x64_sys_openat+0x10/0x10 [ 1257.154840][T30495] do_syscall_64+0xcd/0xfa0 [ 1257.154857][T30495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1257.154872][T30495] RIP: 0033:0x7fb94418efc9 [ 1257.154884][T30495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1257.154899][T30495] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1257.154914][T30495] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1257.154923][T30495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1257.154932][T30495] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1257.154941][T30495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1257.154949][T30495] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1257.154968][T30495] [ 1258.027911][T30508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8785'. [ 1258.125179][T30510] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8785'. [ 1259.212057][T30521] netlink: 314 bytes leftover after parsing attributes in process `syz.7.8789'. [ 1259.865110][T30534] capability: warning: `syz.6.8791' uses deprecated v2 capabilities in a way that may be insecure [ 1262.324522][T30560] netlink: 25 bytes leftover after parsing attributes in process `syz.6.8799'. [ 1263.999585][T30603] FAULT_INJECTION: forcing a failure. [ 1263.999585][T30603] name failslab, interval 1, probability 393216, space 0, times 0 [ 1264.148998][T30603] CPU: 1 UID: 0 PID: 30603 Comm: syz.6.8807 Tainted: G U syzkaller #0 PREEMPT(full) [ 1264.149025][T30603] Tainted: [U]=USER [ 1264.149030][T30603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1264.149039][T30603] Call Trace: [ 1264.149045][T30603] [ 1264.149051][T30603] dump_stack_lvl+0x16c/0x1f0 [ 1264.149073][T30603] should_fail_ex+0x512/0x640 [ 1264.149095][T30603] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1264.149121][T30603] should_failslab+0xc2/0x120 [ 1264.149143][T30603] __kmalloc_cache_noprof+0x72/0x780 [ 1264.149166][T30603] ? newseg+0x25a/0xe60 [ 1264.149183][T30603] ? newseg+0x25a/0xe60 [ 1264.149195][T30603] ? __pfx___might_resched+0x10/0x10 [ 1264.149210][T30603] newseg+0x25a/0xe60 [ 1264.149227][T30603] ? __pfx_newseg+0x10/0x10 [ 1264.149240][T30603] ? find_held_lock+0x2b/0x80 [ 1264.149255][T30603] ? ipcget+0xa98/0xfa0 [ 1264.149272][T30603] ipcget+0xaf3/0xfa0 [ 1264.149293][T30603] ? __pfx___might_resched+0x10/0x10 [ 1264.149307][T30603] ? __pfx_ipcget+0x10/0x10 [ 1264.149323][T30603] ? __x64_sys_futex+0x1e0/0x4c0 [ 1264.149341][T30603] ? __x64_sys_futex+0x1e9/0x4c0 [ 1264.149363][T30603] __x64_sys_shmget+0x13b/0x1b0 [ 1264.149379][T30603] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1264.149397][T30603] ? rcu_is_watching+0x12/0xc0 [ 1264.149413][T30603] do_syscall_64+0xcd/0xfa0 [ 1264.149431][T30603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1264.149446][T30603] RIP: 0033:0x7fb94418efc9 [ 1264.149459][T30603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1264.149472][T30603] RSP: 002b:00007fb9423d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1264.149487][T30603] RAX: ffffffffffffffda RBX: 00007fb9443e6090 RCX: 00007fb94418efc9 [ 1264.149496][T30603] RDX: 000000000000ffff RSI: 0000000000000006 RDI: 0000000000000004 [ 1264.149505][T30603] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1264.149514][T30603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1264.149522][T30603] R13: 00007fb9443e6128 R14: 00007fb9443e6090 R15: 00007ffe3a51f548 [ 1264.149548][T30603] [ 1264.781715][T30606] netlink: 342 bytes leftover after parsing attributes in process `syz.7.8808'. [ 1268.126155][T30633] netlink: zone id is out of range [ 1268.247681][T30634] HfR: entered promiscuous mode [ 1268.289056][T30632] netlink: set zone limit has 8 unknown bytes [ 1268.399333][T30633] netlink: del zone limit has 4 unknown bytes [ 1271.231514][T30673] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8824'. [ 1271.405221][T30680] netlink: 'syz.7.8824': attribute type 1 has an invalid length. [ 1271.468569][T30682] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8829'. [ 1271.555153][T30682] netlink: 354 bytes leftover after parsing attributes in process `syz.6.8829'. [ 1271.576016][T30676] netlink: 330 bytes leftover after parsing attributes in process `syz.0.8827'. [ 1271.597026][T30680] netlink: 'syz.7.8824': attribute type 6 has an invalid length. [ 1271.998487][T30690] FAULT_INJECTION: forcing a failure. [ 1271.998487][T30690] name failslab, interval 1, probability 393216, space 0, times 0 [ 1272.111956][T30690] CPU: 1 UID: 0 PID: 30690 Comm: syz.3.8831 Tainted: G U syzkaller #0 PREEMPT(full) [ 1272.111983][T30690] Tainted: [U]=USER [ 1272.111989][T30690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1272.111998][T30690] Call Trace: [ 1272.112003][T30690] [ 1272.112010][T30690] dump_stack_lvl+0x16c/0x1f0 [ 1272.112031][T30690] should_fail_ex+0x512/0x640 [ 1272.112053][T30690] ? fs_reclaim_acquire+0xae/0x150 [ 1272.112086][T30690] should_failslab+0xc2/0x120 [ 1272.112116][T30690] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1272.112135][T30690] ? __pfx_map_id_range_down+0x10/0x10 [ 1272.112157][T30690] ? security_inode_alloc+0x3b/0x2b0 [ 1272.112183][T30690] ? security_inode_alloc+0x3b/0x2b0 [ 1272.112203][T30690] security_inode_alloc+0x3b/0x2b0 [ 1272.112223][T30690] inode_init_always_gfp+0xce4/0x1030 [ 1272.112248][T30690] alloc_inode+0x86/0x240 [ 1272.112268][T30690] sock_alloc+0x40/0x280 [ 1272.112285][T30690] do_accept+0xf7/0x530 [ 1272.112304][T30690] ? do_raw_spin_lock+0x12c/0x2b0 [ 1272.112328][T30690] ? __pfx_do_accept+0x10/0x10 [ 1272.112359][T30690] __sys_accept4+0x100/0x1c0 [ 1272.112378][T30690] ? __pfx___sys_accept4+0x10/0x10 [ 1272.112402][T30690] __x64_sys_accept+0x74/0xb0 [ 1272.112421][T30690] ? lockdep_hardirqs_on+0x7c/0x110 [ 1272.112437][T30690] do_syscall_64+0xcd/0xfa0 [ 1272.112454][T30690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1272.112468][T30690] RIP: 0033:0x7f87ea98efc9 [ 1272.112481][T30690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1272.112495][T30690] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1272.112509][T30690] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1272.112519][T30690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1272.112527][T30690] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1272.112536][T30690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1272.112544][T30690] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1272.112563][T30690] [ 1272.331841][ C1] vkms_vblank_simulate: vblank timer overrun [ 1273.754677][T30720] binder: 30719:30720 ioctl 5380 2000000000c0 returned -22 [ 1273.830242][T30720] sd 0:0:1:0: PR command failed: 1026 [ 1273.867367][T30720] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1273.923950][T30720] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1278.434009][T30767] FAULT_INJECTION: forcing a failure. [ 1278.434009][T30767] name failslab, interval 1, probability 393216, space 0, times 0 [ 1278.554093][T30767] CPU: 1 UID: 0 PID: 30767 Comm: syz.6.8851 Tainted: G U syzkaller #0 PREEMPT(full) [ 1278.554121][T30767] Tainted: [U]=USER [ 1278.554126][T30767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1278.554135][T30767] Call Trace: [ 1278.554141][T30767] [ 1278.554148][T30767] dump_stack_lvl+0x16c/0x1f0 [ 1278.554168][T30767] should_fail_ex+0x512/0x640 [ 1278.554191][T30767] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1278.554210][T30767] should_failslab+0xc2/0x120 [ 1278.554230][T30767] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1278.554244][T30767] ? d_lookup+0xe7/0x190 [ 1278.554265][T30767] ? alloc_inode+0x64/0x240 [ 1278.554286][T30767] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1278.554307][T30767] ? alloc_inode+0x64/0x240 [ 1278.554325][T30767] alloc_inode+0x64/0x240 [ 1278.554343][T30767] new_inode+0x22/0x1c0 [ 1278.554363][T30767] __debugfs_create_file+0x11c/0x6b0 [ 1278.554379][T30767] debugfs_create_file_full+0x41/0x60 [ 1278.554395][T30767] ref_tracker_dir_debugfs+0x19d/0x290 [ 1278.554418][T30767] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1278.554457][T30767] ? lockdep_init_map_type+0x5c/0x280 [ 1278.554480][T30767] preinit_net.part.0+0x24e/0x8a0 [ 1278.554496][T30767] copy_net_ns+0x3ba/0x690 [ 1278.554513][T30767] create_new_namespaces+0x3ea/0xa90 [ 1278.554534][T30767] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1278.554553][T30767] ksys_unshare+0x45b/0xa40 [ 1278.554573][T30767] ? __pfx_ksys_unshare+0x10/0x10 [ 1278.554592][T30767] ? syscall_user_dispatch+0x78/0x140 [ 1278.554619][T30767] __x64_sys_unshare+0x31/0x40 [ 1278.554637][T30767] do_syscall_64+0xcd/0xfa0 [ 1278.554654][T30767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.554669][T30767] RIP: 0033:0x7fb94418efc9 [ 1278.554681][T30767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1278.554696][T30767] RSP: 002b:00007fb9423d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1278.554710][T30767] RAX: ffffffffffffffda RBX: 00007fb9443e6090 RCX: 00007fb94418efc9 [ 1278.554720][T30767] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1278.554729][T30767] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1278.554737][T30767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1278.554746][T30767] R13: 00007fb9443e6128 R14: 00007fb9443e6090 R15: 00007ffe3a51f548 [ 1278.554767][T30767] [ 1278.554773][T30767] debugfs: out of free dentries, can not create file 'net_refcnt@ffff888058d781a8' [ 1280.526468][T30789] kAFS: unparsable volume name [ 1280.975493][T30792] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8859'. [ 1281.145437][T30792] ipvlan1: entered allmulticast mode [ 1281.180918][T30792] veth0_vlan: entered allmulticast mode [ 1287.839473][T30838] netlink: 268 bytes leftover after parsing attributes in process `syz.3.8871'. [ 1287.999918][T30838] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.8871: iget: checksum invalid [ 1288.415636][T30838] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1288.760976][T30838] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.8871: iget: checksum invalid [ 1288.925303][T30838] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1289.083816][T30838] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.8871: iget: checksum invalid [ 1289.227615][T30838] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1289.384385][T30853] FAULT_INJECTION: forcing a failure. [ 1289.384385][T30853] name failslab, interval 1, probability 393216, space 0, times 0 [ 1289.473897][T30838] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.8871: iget: checksum invalid [ 1289.503090][T30853] CPU: 1 UID: 0 PID: 30853 Comm: syz.6.8875 Tainted: G U syzkaller #0 PREEMPT(full) [ 1289.503117][T30853] Tainted: [U]=USER [ 1289.503122][T30853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1289.503132][T30853] Call Trace: [ 1289.503138][T30853] [ 1289.503144][T30853] dump_stack_lvl+0x16c/0x1f0 [ 1289.503165][T30853] should_fail_ex+0x512/0x640 [ 1289.503187][T30853] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1289.503205][T30853] should_failslab+0xc2/0x120 [ 1289.503226][T30853] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1289.503247][T30853] ? anon_vma_clone+0x405/0x5c0 [ 1289.503270][T30853] ? anon_vma_fork+0x200/0x620 [ 1289.503296][T30853] ? anon_vma_fork+0x200/0x620 [ 1289.503317][T30853] anon_vma_fork+0x200/0x620 [ 1289.503341][T30853] dup_mmap+0x151f/0x2280 [ 1289.503368][T30853] ? __pfx_dup_mmap+0x10/0x10 [ 1289.503400][T30853] copy_process+0x3f0c/0x76a0 [ 1289.503418][T30853] ? __pfx___futex_wait+0x10/0x10 [ 1289.503448][T30853] ? __pfx_copy_process+0x10/0x10 [ 1289.503465][T30853] ? futex_private_hash_put+0x176/0x300 [ 1289.503486][T30853] ? futex_private_hash_put+0x18a/0x300 [ 1289.503507][T30853] kernel_clone+0xfc/0x930 [ 1289.503526][T30853] ? __pfx_kernel_clone+0x10/0x10 [ 1289.503554][T30853] __do_sys_clone+0xce/0x120 [ 1289.503571][T30853] ? __pfx___do_sys_clone+0x10/0x10 [ 1289.503597][T30853] ? xfd_validate_state+0x61/0x180 [ 1289.503617][T30853] ? __pfx_do_writev+0x10/0x10 [ 1289.503637][T30853] do_syscall_64+0xcd/0xfa0 [ 1289.503654][T30853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.503669][T30853] RIP: 0033:0x7fb94418efc9 [ 1289.503682][T30853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1289.503696][T30853] RSP: 002b:00007fb9423d4fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1289.503710][T30853] RAX: ffffffffffffffda RBX: 00007fb9443e6090 RCX: 00007fb94418efc9 [ 1289.503719][T30853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1289.503728][T30853] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1289.503736][T30853] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1289.503745][T30853] R13: 00007fb9443e6128 R14: 00007fb9443e6090 R15: 00007ffe3a51f548 [ 1289.503764][T30853] [ 1290.009270][T30838] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1290.060868][T30838] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1290.169414][T30838] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1290.445437][ T30] audit: type=1326 audit(4294986450.947:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30868 comm="syz.0.8880" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa21238efc9 code=0x0 [ 1291.406398][T30879] ima: policy update failed [ 1291.417003][T30876] netlink: 268 bytes leftover after parsing attributes in process `syz.7.8878'. [ 1291.463320][ T30] audit: type=1802 audit(4294986452.022:48): pid=30879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.8882" res=0 errno=0 [ 1291.491882][T30879] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8882'. [ 1291.522422][T30876] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8878: iget: checksum invalid [ 1291.829592][T30876] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1292.150831][T30876] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8878: iget: checksum invalid [ 1292.381037][T30892] block nbd7: not configured, cannot reconfigure [ 1292.484954][T30876] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1292.658170][T30876] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8878: iget: checksum invalid [ 1292.824949][T30876] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1292.977099][T30876] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8878: iget: checksum invalid [ 1293.136898][T30876] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1293.231248][T30897] FAULT_INJECTION: forcing a failure. [ 1293.231248][T30897] name failslab, interval 1, probability 393216, space 0, times 0 [ 1293.264750][T30876] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1293.320895][T30897] CPU: 1 UID: 0 PID: 30897 Comm: syz.6.8887 Tainted: G U syzkaller #0 PREEMPT(full) [ 1293.320923][T30897] Tainted: [U]=USER [ 1293.320928][T30897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1293.320938][T30897] Call Trace: [ 1293.320943][T30897] [ 1293.320950][T30897] dump_stack_lvl+0x16c/0x1f0 [ 1293.320980][T30897] should_fail_ex+0x512/0x640 [ 1293.321001][T30897] ? __kmalloc_noprof+0xca/0x880 [ 1293.321025][T30897] should_failslab+0xc2/0x120 [ 1293.321045][T30897] __kmalloc_noprof+0xdd/0x880 [ 1293.321067][T30897] ? __register_sysctl_table+0xb3/0x1900 [ 1293.321091][T30897] ? __register_sysctl_table+0xb3/0x1900 [ 1293.321111][T30897] __register_sysctl_table+0xb3/0x1900 [ 1293.321131][T30897] ? is_module_address+0x5f/0xf0 [ 1293.321155][T30897] ? __pfx___register_sysctl_table+0x10/0x10 [ 1293.321175][T30897] ? is_module_address+0x69/0xf0 [ 1293.321194][T30897] ? register_net_sysctl_sz+0x228/0x3e0 [ 1293.321215][T30897] ? __asan_memcpy+0x3c/0x60 [ 1293.321232][T30897] xfrm4_net_init+0xf0/0x1c0 [ 1293.321251][T30897] ? __pfx_xfrm4_net_init+0x10/0x10 [ 1293.321269][T30897] ops_init+0x1e2/0x5f0 [ 1293.321286][T30897] setup_net+0x100/0x390 [ 1293.321300][T30897] ? __pfx_setup_net+0x10/0x10 [ 1293.321315][T30897] ? debug_mutex_init+0x37/0x70 [ 1293.321332][T30897] copy_net_ns+0x2f8/0x690 [ 1293.321349][T30897] create_new_namespaces+0x3ea/0xa90 [ 1293.321370][T30897] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1293.321388][T30897] ksys_unshare+0x45b/0xa40 [ 1293.321406][T30897] ? __pfx_ksys_unshare+0x10/0x10 [ 1293.321426][T30897] ? xfd_validate_state+0x61/0x180 [ 1293.321455][T30897] __x64_sys_unshare+0x31/0x40 [ 1293.321473][T30897] do_syscall_64+0xcd/0xfa0 [ 1293.321490][T30897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1293.321505][T30897] RIP: 0033:0x7fb94418efc9 [ 1293.321518][T30897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1293.321532][T30897] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1293.321547][T30897] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1293.321557][T30897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1293.321566][T30897] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1293.321575][T30897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1293.321584][T30897] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1293.321604][T30897] [ 1293.586271][T30876] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1294.094960][T30905] hub 8-0:1.0: USB hub found [ 1294.165681][T30905] hub 8-0:1.0: 1 port detected [ 1295.970520][T30936] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8899'. [ 1296.894191][T30940] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8898'. [ 1297.850118][T30959] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8903'. [ 1299.285376][T30979] netlink: 25 bytes leftover after parsing attributes in process `syz.6.8910'. [ 1300.109451][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.120307][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.254010][T30997] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 1300.742107][T30999] vhci_hcd: invalid port number 9 [ 1300.912224][T31003] block nbd7: not configured, cannot reconfigure [ 1302.525252][T31018] netlink: 354 bytes leftover after parsing attributes in process `syz.0.8922'. [ 1303.265467][T31030] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8925'. [ 1304.041674][T31030] team0: Port device team_slave_1 removed [ 1305.787820][T31053] sd 0:0:1:0: PR command failed: 1026 [ 1305.793246][T31053] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1306.068746][T31053] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1306.245580][T31059] netlink: 268 bytes leftover after parsing attributes in process `syz.7.8933'. [ 1306.281899][T31066] __vm_enough_memory: pid: 31066, comm: syz.0.8935, bytes: 4398046511104 not enough memory for the allocation [ 1306.317448][T31059] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8933: iget: checksum invalid [ 1306.413541][T31059] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1306.493839][T31059] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8933: iget: checksum invalid [ 1306.709452][T31059] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1306.874812][T31059] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8933: iget: checksum invalid [ 1307.073051][T31059] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1307.185271][T31059] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.8933: iget: checksum invalid [ 1307.289228][T31059] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1307.361673][T31059] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1307.440014][T31059] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1309.136293][T31097] netlink: 146 bytes leftover after parsing attributes in process `syz.3.8943'. [ 1310.602753][T31107] random: crng reseeded on system resumption [ 1311.616071][T31127] random: crng reseeded on system resumption [ 1311.827813][T31128] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.8952: iget: checksum invalid [ 1311.913842][T31128] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1311.981813][T31128] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.8952: iget: checksum invalid [ 1312.059093][T31128] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1312.134790][T31128] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.8952: iget: checksum invalid [ 1312.215144][T31128] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1312.282059][T31128] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.8952: iget: checksum invalid [ 1312.357330][T31128] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1312.524780][T31128] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1312.571707][T31128] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1313.044351][T31142] netlink: 206 bytes leftover after parsing attributes in process `syz.3.8956'. [ 1313.387292][T31150] netlink: 186 bytes leftover after parsing attributes in process `syz.7.8958'. [ 1314.542405][T31168] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8964'. [ 1314.572768][T31167] netlink: 28 bytes leftover after parsing attributes in process `syz.7.8963'. [ 1315.805603][T31185] netlink: 28 bytes leftover after parsing attributes in process `syz.7.8968'. [ 1316.426580][T31185] team0: Port device team_slave_1 removed [ 1316.534344][T28732] Bluetooth: hci0: unexpected event 0x14 length: 16 > 6 [ 1318.033690][ T30] audit: type=1800 audit(4294986478.731:49): pid=31216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8975" name="dbroot" dev="configfs" ino=222021 res=0 errno=0 [ 1318.732435][T31229] FAULT_INJECTION: forcing a failure. [ 1318.732435][T31229] name failslab, interval 1, probability 393216, space 0, times 0 [ 1318.840597][T31229] CPU: 1 UID: 0 PID: 31229 Comm: syz.0.8979 Tainted: G U syzkaller #0 PREEMPT(full) [ 1318.840622][T31229] Tainted: [U]=USER [ 1318.840628][T31229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1318.840637][T31229] Call Trace: [ 1318.840643][T31229] [ 1318.840650][T31229] dump_stack_lvl+0x16c/0x1f0 [ 1318.840672][T31229] should_fail_ex+0x512/0x640 [ 1318.840694][T31229] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1318.840719][T31229] should_failslab+0xc2/0x120 [ 1318.840739][T31229] __kmalloc_cache_noprof+0x72/0x780 [ 1318.840779][T31229] ? lockdep_hardirqs_on+0x7c/0x110 [ 1318.840795][T31229] ? sctp_endpoint_new+0xfc/0xb20 [ 1318.840815][T31229] ? sctp_endpoint_new+0xfc/0xb20 [ 1318.840831][T31229] sctp_endpoint_new+0xfc/0xb20 [ 1318.840849][T31229] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1318.840867][T31229] ? lockdep_init_map_type+0x5c/0x280 [ 1318.840888][T31229] ? lockdep_init_map_type+0x5c/0x280 [ 1318.840910][T31229] sctp_init_sock+0xe2b/0x12f0 [ 1318.840926][T31229] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1318.840942][T31229] sctp_v6_init_sock+0x16/0x70 [ 1318.840956][T31229] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1318.840971][T31229] inet6_create+0xb30/0x12b0 [ 1318.840989][T31229] ? inet6_create+0x7f/0x12b0 [ 1318.841007][T31229] __sock_create+0x338/0x8d0 [ 1318.841029][T31229] __sys_socket+0x14d/0x260 [ 1318.841047][T31229] ? __pfx___sys_socket+0x10/0x10 [ 1318.841065][T31229] ? xfd_validate_state+0x61/0x180 [ 1318.841085][T31229] ? __pfx_ksys_write+0x10/0x10 [ 1318.841111][T31229] __x64_sys_socket+0x72/0xb0 [ 1318.841129][T31229] ? lockdep_hardirqs_on+0x7c/0x110 [ 1318.841145][T31229] do_syscall_64+0xcd/0xfa0 [ 1318.841162][T31229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1318.841178][T31229] RIP: 0033:0x7fa21238efc9 [ 1318.841191][T31229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1318.841205][T31229] RSP: 002b:00007fa2132ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1318.841220][T31229] RAX: ffffffffffffffda RBX: 00007fa2125e6090 RCX: 00007fa21238efc9 [ 1318.841230][T31229] RDX: 0000000000000084 RSI: 0000000000000005 RDI: 000000000000000a [ 1318.841238][T31229] RBP: 00007fa212411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1318.841247][T31229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1318.841256][T31229] R13: 00007fa2125e6128 R14: 00007fa2125e6090 R15: 00007ffe5b35d758 [ 1318.841274][T31229] [ 1320.583695][T31242] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8982'. [ 1326.537984][T31330] FAULT_INJECTION: forcing a failure. [ 1326.537984][T31330] name failslab, interval 1, probability 393216, space 0, times 0 [ 1326.685791][T31330] CPU: 1 UID: 0 PID: 31330 Comm: syz.6.9005 Tainted: G U syzkaller #0 PREEMPT(full) [ 1326.685818][T31330] Tainted: [U]=USER [ 1326.685824][T31330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1326.685833][T31330] Call Trace: [ 1326.685839][T31330] [ 1326.685846][T31330] dump_stack_lvl+0x16c/0x1f0 [ 1326.685866][T31330] should_fail_ex+0x512/0x640 [ 1326.685888][T31330] ? fs_reclaim_acquire+0xae/0x150 [ 1326.685909][T31330] should_failslab+0xc2/0x120 [ 1326.685928][T31330] __kmalloc_cache_noprof+0x72/0x780 [ 1326.685952][T31330] ? usb_control_msg+0xbc/0x4a0 [ 1326.685974][T31330] ? usb_control_msg+0xbc/0x4a0 [ 1326.685993][T31330] usb_control_msg+0xbc/0x4a0 [ 1326.686013][T31330] ? __pfx_usb_control_msg+0x10/0x10 [ 1326.686038][T31330] hub_ext_port_status+0x14e/0x670 [ 1326.686064][T31330] hub_activate+0x6e5/0x1d60 [ 1326.686089][T31330] ? __pfx_hub_activate+0x10/0x10 [ 1326.686107][T31330] ? find_held_lock+0x2b/0x80 [ 1326.686122][T31330] ? async_completed+0x750/0xc60 [ 1326.686144][T31330] hub_resume+0xa8/0x3f0 [ 1326.686163][T31330] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1326.686182][T31330] ? __pfx_hub_resume+0x10/0x10 [ 1326.686201][T31330] ? __pfx_hcd_bus_resume+0x10/0x10 [ 1326.686221][T31330] usb_resume_interface.constprop.0.isra.0+0x2c5/0x3e0 [ 1326.686242][T31330] usb_resume_both+0x237/0x960 [ 1326.686258][T31330] ? __pfx_usb_resume_both+0x10/0x10 [ 1326.686273][T31330] ? __pfx_usb_runtime_resume+0x10/0x10 [ 1326.686291][T31330] ? __pfx_usb_runtime_resume+0x10/0x10 [ 1326.686308][T31330] __rpm_callback+0xc8/0x610 [ 1326.686328][T31330] ? __pfx_usb_runtime_resume+0x10/0x10 [ 1326.686345][T31330] rpm_callback+0x1b7/0x200 [ 1326.686363][T31330] ? __pfx_usb_runtime_resume+0x10/0x10 [ 1326.686379][T31330] rpm_resume+0xd16/0x1320 [ 1326.686401][T31330] ? __pfx_rpm_resume+0x10/0x10 [ 1326.686418][T31330] ? do_raw_spin_lock+0x12c/0x2b0 [ 1326.686440][T31330] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1326.686468][T31330] __pm_runtime_resume+0xb6/0x170 [ 1326.686488][T31330] usb_autoresume_device+0x23/0xe0 [ 1326.686505][T31330] usbdev_open+0x228/0x8b0 [ 1326.686522][T31330] ? kobject_get_unless_zero+0x156/0x1e0 [ 1326.686540][T31330] ? __pfx_usbdev_open+0x10/0x10 [ 1326.686556][T31330] ? chrdev_open+0x10b/0x6a0 [ 1326.686576][T31330] ? __pfx_usbdev_open+0x10/0x10 [ 1326.686601][T31330] chrdev_open+0x234/0x6a0 [ 1326.686618][T31330] ? __pfx_apparmor_file_open+0x10/0x10 [ 1326.686641][T31330] ? __pfx_chrdev_open+0x10/0x10 [ 1326.686658][T31330] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1326.686678][T31330] do_dentry_open+0x982/0x1530 [ 1326.686695][T31330] ? __pfx_chrdev_open+0x10/0x10 [ 1326.686716][T31330] vfs_open+0x82/0x3f0 [ 1326.686738][T31330] path_openat+0x1de4/0x2cb0 [ 1326.686760][T31330] ? __pfx_path_openat+0x10/0x10 [ 1326.686777][T31330] ? __lock_acquire+0xb8a/0x1c90 [ 1326.686798][T31330] do_filp_open+0x20b/0x470 [ 1326.686813][T31330] ? __pfx_do_filp_open+0x10/0x10 [ 1326.686847][T31330] ? alloc_fd+0x471/0x7d0 [ 1326.686866][T31330] do_sys_openat2+0x11b/0x1d0 [ 1326.686887][T31330] ? __pfx_do_sys_openat2+0x10/0x10 [ 1326.686917][T31330] __x64_sys_openat+0x174/0x210 [ 1326.686939][T31330] ? __pfx___x64_sys_openat+0x10/0x10 [ 1326.686967][T31330] do_syscall_64+0xcd/0xfa0 [ 1326.686984][T31330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1326.686999][T31330] RIP: 0033:0x7fb94418efc9 [ 1326.687013][T31330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1326.687027][T31330] RSP: 002b:00007fb9423b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1326.687040][T31330] RAX: ffffffffffffffda RBX: 00007fb9443e6180 RCX: 00007fb94418efc9 [ 1326.687050][T31330] RDX: 0000000000040a02 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1326.687059][T31330] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1326.687068][T31330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1326.687077][T31330] R13: 00007fb9443e6218 R14: 00007fb9443e6180 R15: 00007ffe3a51f548 [ 1326.687098][T31330] [ 1327.543642][T31330] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 1329.921415][T31347] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1329.928484][T31347] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1329.971352][T31347] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1330.033900][T31347] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1330.090821][T31347] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1330.138681][T31347] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1330.183278][T31347] CPU0 is offline. [ 1330.918419][T31358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1330.986598][T31358] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1331.441473][T31368] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9016'. [ 1331.872724][T31374] FAULT_INJECTION: forcing a failure. [ 1331.872724][T31374] name failslab, interval 1, probability 393216, space 0, times 0 [ 1331.886584][T31374] CPU: 1 UID: 0 PID: 31374 Comm: syz.7.9018 Tainted: G U syzkaller #0 PREEMPT(full) [ 1331.886611][T31374] Tainted: [U]=USER [ 1331.886616][T31374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1331.886625][T31374] Call Trace: [ 1331.886631][T31374] [ 1331.886638][T31374] dump_stack_lvl+0x16c/0x1f0 [ 1331.886658][T31374] should_fail_ex+0x512/0x640 [ 1331.886684][T31374] should_failslab+0xc2/0x120 [ 1331.886704][T31374] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1331.886719][T31374] ? pcpu_alloc_noprof+0x949/0x14c0 [ 1331.886732][T31374] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 1331.886758][T31374] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 1331.886778][T31374] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 1331.886802][T31374] idr_get_free+0x528/0xa30 [ 1331.886822][T31374] idr_alloc_u32+0x190/0x2f0 [ 1331.886837][T31374] ? __pfx_idr_alloc_u32+0x10/0x10 [ 1331.886852][T31374] ? lock_acquire+0x179/0x350 [ 1331.886875][T31374] idr_alloc_cyclic+0x10b/0x230 [ 1331.886901][T31374] ? __pfx_idr_alloc_cyclic+0x10/0x10 [ 1331.886919][T31374] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1331.886941][T31374] ? lsm_blob_alloc+0x2b/0x90 [ 1331.886962][T31374] map_create+0x143e/0x27e0 [ 1331.886993][T31374] ? __pfx_map_create+0x10/0x10 [ 1331.887013][T31374] ? __might_fault+0xe3/0x190 [ 1331.887027][T31374] ? __might_fault+0xe3/0x190 [ 1331.887039][T31374] ? __might_fault+0x13b/0x190 [ 1331.887060][T31374] __sys_bpf+0x3d9d/0x4980 [ 1331.887073][T31374] ? futex_private_hash_put+0x18a/0x300 [ 1331.887093][T31374] ? __pfx___sys_bpf+0x10/0x10 [ 1331.887107][T31374] ? __pfx_futex_wait+0x10/0x10 [ 1331.887141][T31374] ? do_futex+0x122/0x350 [ 1331.887169][T31374] ? fput+0x9b/0xd0 [ 1331.887188][T31374] ? xfd_validate_state+0x61/0x180 [ 1331.887207][T31374] ? __pfx_ksys_write+0x10/0x10 [ 1331.887225][T31374] __x64_sys_bpf+0x78/0xc0 [ 1331.887239][T31374] ? lockdep_hardirqs_on+0x7c/0x110 [ 1331.887255][T31374] do_syscall_64+0xcd/0xfa0 [ 1331.887271][T31374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.887286][T31374] RIP: 0033:0x7f5540f8efc9 [ 1331.887300][T31374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1331.887314][T31374] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1331.887329][T31374] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1331.887338][T31374] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000000 [ 1331.887347][T31374] RBP: 00007f5541011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1331.887356][T31374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.887365][T31374] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1331.887385][T31374] [ 1332.594562][T17859] Bluetooth: hci0: command 0x0406 tx timeout [ 1332.601013][T17859] Bluetooth: hci2: command 0x0406 tx timeout [ 1332.607035][T17859] Bluetooth: hci3: command 0x0406 tx timeout [ 1332.613976][T17859] Bluetooth: hci1: command 0x0c1a tx timeout [ 1332.960347][T28732] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 1333.370044][T31388] netlink: 25 bytes leftover after parsing attributes in process `syz.6.9021'. [ 1334.319930][T31398] netlink: 62 bytes leftover after parsing attributes in process `syz.0.9026'. [ 1334.628543][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1335.530840][T31422] netlink: set zone limit has 8 unknown bytes [ 1336.397161][T31446] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1336.604206][T31446] CIFS mount error: No usable UNC path provided in device string! [ 1336.604206][T31446] [ 1336.696653][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1336.725753][T31446] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1337.532890][T31463] FAULT_INJECTION: forcing a failure. [ 1337.532890][T31463] name failslab, interval 1, probability 393216, space 0, times 0 [ 1337.732218][T31471] netlink: 'syz.6.9040': attribute type 2 has an invalid length. [ 1337.742161][T31463] CPU: 1 UID: 0 PID: 31463 Comm: syz.3.9039 Tainted: G U syzkaller #0 PREEMPT(full) [ 1337.742187][T31463] Tainted: [U]=USER [ 1337.742193][T31463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1337.742202][T31463] Call Trace: [ 1337.742208][T31463] [ 1337.742215][T31463] dump_stack_lvl+0x16c/0x1f0 [ 1337.742237][T31463] should_fail_ex+0x512/0x640 [ 1337.742259][T31463] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1337.742285][T31463] should_failslab+0xc2/0x120 [ 1337.742304][T31463] __kmalloc_cache_noprof+0x72/0x780 [ 1337.742328][T31463] ? input_allocate_device+0x44/0x350 [ 1337.742347][T31463] ? input_allocate_device+0x44/0x350 [ 1337.742360][T31463] input_allocate_device+0x44/0x350 [ 1337.742374][T31463] uinput_ioctl_handler.isra.0+0x8bb/0x1df0 [ 1337.742396][T31463] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1337.742417][T31463] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1337.742441][T31463] ? find_held_lock+0x2b/0x80 [ 1337.742472][T31463] ? __pfx_uinput_ioctl+0x10/0x10 [ 1337.742492][T31463] __x64_sys_ioctl+0x18e/0x210 [ 1337.742514][T31463] do_syscall_64+0xcd/0xfa0 [ 1337.742532][T31463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1337.742548][T31463] RIP: 0033:0x7f87ea98efc9 [ 1337.742560][T31463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1337.742575][T31463] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1337.742590][T31463] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1337.742600][T31463] RDX: 0000000000000000 RSI: 00000000c06855c8 RDI: 0000000000000006 [ 1337.742609][T31463] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1337.742618][T31463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1337.742626][T31463] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1337.742645][T31463] [ 1338.158570][T31471] netlink: 'syz.6.9040': attribute type 3 has an invalid length. [ 1338.166332][T31471] netlink: 158 bytes leftover after parsing attributes in process `syz.6.9040'. [ 1338.218686][T31471] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9040'. [ 1339.064191][T31482] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1339.075212][T31482] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1339.082177][T31482] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1339.109960][T31482] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1339.127180][T31488] futex_wake_op: syz.7.9043 tries to shift op by -2048; fix this program [ 1339.148933][T31482] CPU0 is offline. [ 1340.589740][T31502] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1340.614302][T31502] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1340.649597][T31502] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1340.685899][T31502] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1340.719956][T31502] CPU0 is offline. [ 1342.029363][T17859] Bluetooth: hci2: command 0x0406 tx timeout [ 1342.666310][T17859] Bluetooth: hci1: command 0x0c1a tx timeout [ 1342.672664][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1342.744776][T17859] Bluetooth: hci3: command 0x0406 tx timeout [ 1343.252163][T17859] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 1345.413773][T31548] random: crng reseeded on system resumption [ 1345.430016][T31546] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1349.940375][T31589] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9072'. [ 1350.660352][T31602] input: jJǸí¸ü;9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input35 [ 1351.544373][T31607] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9077'. [ 1352.965065][T31631] FAULT_INJECTION: forcing a failure. [ 1352.965065][T31631] name failslab, interval 1, probability 393216, space 0, times 0 [ 1353.424468][T31631] CPU: 1 UID: 0 PID: 31631 Comm: syz.3.9084 Tainted: G U syzkaller #0 PREEMPT(full) [ 1353.424496][T31631] Tainted: [U]=USER [ 1353.424502][T31631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1353.424511][T31631] Call Trace: [ 1353.424517][T31631] [ 1353.424524][T31631] dump_stack_lvl+0x16c/0x1f0 [ 1353.424546][T31631] should_fail_ex+0x512/0x640 [ 1353.424568][T31631] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1353.424585][T31631] should_failslab+0xc2/0x120 [ 1353.424605][T31631] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1353.424619][T31631] ? mas_preallocate+0xe6a/0x11f0 [ 1353.424640][T31631] ? mas_preallocate+0xe6a/0x11f0 [ 1353.424655][T31631] mas_preallocate+0xe6a/0x11f0 [ 1353.424675][T31631] ? __pfx_mas_preallocate+0x10/0x10 [ 1353.424696][T31631] ? rcu_read_unlock+0x17/0x60 [ 1353.424719][T31631] vma_link+0x12e/0x6a0 [ 1353.424734][T31631] ? __pfx_vma_link+0x10/0x10 [ 1353.424752][T31631] ? anon_vma_clone+0x405/0x5c0 [ 1353.424773][T31631] ? anon_vma_name+0x81/0x2f0 [ 1353.424796][T31631] copy_vma+0x6b7/0xa90 [ 1353.424812][T31631] ? __pfx_copy_vma+0x10/0x10 [ 1353.424840][T31631] ? rcu_is_watching+0x12/0xc0 [ 1353.424855][T31631] ? finish_task_switch.isra.0+0x221/0xc10 [ 1353.424870][T31631] ? lockdep_hardirqs_on+0x7c/0x110 [ 1353.424887][T31631] copy_vma_and_data+0x1cf/0x790 [ 1353.424903][T31631] ? __pfx_copy_vma_and_data+0x10/0x10 [ 1353.424921][T31631] ? __vma_enter_locked+0x163/0x3f0 [ 1353.424944][T31631] ? find_held_lock+0x2b/0x80 [ 1353.424959][T31631] ? move_vma+0x52e/0x1770 [ 1353.424976][T31631] move_vma+0x540/0x1770 [ 1353.424993][T31631] ? __pfx_move_vma+0x10/0x10 [ 1353.425008][T31631] ? shmem_get_unmapped_area+0x170/0xa00 [ 1353.425030][T31631] ? cap_mmap_addr+0x4b/0x120 [ 1353.425048][T31631] ? bpf_lsm_mmap_addr+0x9/0x10 [ 1353.425064][T31631] ? security_mmap_addr+0x6c/0x1e0 [ 1353.425078][T31631] ? __get_unmapped_area+0x267/0x440 [ 1353.425098][T31631] ? vrm_set_new_addr+0x208/0x290 [ 1353.425113][T31631] mremap_to+0x1b7/0x450 [ 1353.425128][T31631] do_mremap+0x13a8/0x2020 [ 1353.425143][T31631] ? futex_private_hash_put+0x180/0x300 [ 1353.425166][T31631] ? __pfx_do_mremap+0x10/0x10 [ 1353.425190][T31631] __do_sys_mremap+0x119/0x170 [ 1353.425204][T31631] ? __pfx___do_sys_mremap+0x10/0x10 [ 1353.425223][T31631] ? __x64_sys_futex+0x1e0/0x4c0 [ 1353.425253][T31631] do_syscall_64+0xcd/0xfa0 [ 1353.425270][T31631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1353.425284][T31631] RIP: 0033:0x7f87ea98efc9 [ 1353.425298][T31631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1353.425312][T31631] RSP: 002b:00007f87e8bcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1353.425327][T31631] RAX: ffffffffffffffda RBX: 00007f87eabe6090 RCX: 00007f87ea98efc9 [ 1353.425336][T31631] RDX: 0000000000000843 RSI: 00000000000000ff RDI: 00000000001ff000 [ 1353.425345][T31631] RBP: 00007f87eaa11f91 R08: 00000000fffff000 R09: 0000000000000000 [ 1353.425363][T31631] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1353.425372][T31631] R13: 00007f87eabe6128 R14: 00007f87eabe6090 R15: 00007fff64958098 [ 1353.425393][T31631] [ 1354.170961][T31628] : Can't lookup blockdev [ 1354.330735][T31643] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9088'. [ 1355.204805][T31650] blktrace: Concurrent blktraces are not allowed on loop2 [ 1357.993882][T31664] mkiss: ax0: crc mode is auto. [ 1358.762643][T31669] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1358.768737][T31669] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1359.136459][T31669] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1359.151503][ T30] audit: type=1800 audit(4294986520.064:50): pid=31674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.9096" name="dbroot" dev="configfs" ino=236199 res=0 errno=0 [ 1359.409305][T31669] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1359.415336][T31669] CPU0 is offline. [ 1360.815271][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1360.821464][T17859] Bluetooth: hci2: command 0x0406 tx timeout [ 1361.131069][T28732] Bluetooth: hci1: command 0x0c1a tx timeout [ 1361.218820][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.225165][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.454101][T28732] Bluetooth: hci3: command 0x0406 tx timeout [ 1361.856357][T31697] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 1367.354243][T31738] queue_state_write: operation too long [ 1367.586616][T31738] queue_state_write: use 'run', 'start' or 'kick' [ 1368.083240][T31743] Loading of unsigned module is rejected [ 1369.638236][T31753] netlink: 25 bytes leftover after parsing attributes in process `syz.3.9116'. [ 1370.719802][T31766] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 1375.134272][T31782] FAULT_INJECTION: forcing a failure. [ 1375.134272][T31782] name failslab, interval 1, probability 393216, space 0, times 0 [ 1375.320924][T31782] CPU: 1 UID: 0 PID: 31782 Comm: syz.6.9125 Tainted: G U syzkaller #0 PREEMPT(full) [ 1375.320975][T31782] Tainted: [U]=USER [ 1375.320981][T31782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1375.320989][T31782] Call Trace: [ 1375.320996][T31782] [ 1375.321002][T31782] dump_stack_lvl+0x16c/0x1f0 [ 1375.321024][T31782] should_fail_ex+0x512/0x640 [ 1375.321046][T31782] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1375.321068][T31782] should_failslab+0xc2/0x120 [ 1375.321088][T31782] __kvmalloc_node_noprof+0x141/0x9c0 [ 1375.321105][T31782] ? __pfx_aa_file_perm+0x10/0x10 [ 1375.321124][T31782] ? seq_read_iter+0x830/0x12d0 [ 1375.321145][T31782] ? __lock_acquire+0xb8a/0x1c90 [ 1375.321168][T31782] ? seq_read_iter+0x830/0x12d0 [ 1375.321188][T31782] seq_read_iter+0x830/0x12d0 [ 1375.321217][T31782] kernfs_fop_read_iter+0x46c/0x610 [ 1375.321232][T31782] ? rw_verify_area+0xcf/0x6c0 [ 1375.321248][T31782] vfs_read+0x8bf/0xcf0 [ 1375.321265][T31782] ? __pfx___mutex_lock+0x10/0x10 [ 1375.321284][T31782] ? __pfx_vfs_read+0x10/0x10 [ 1375.321312][T31782] ksys_read+0x12a/0x250 [ 1375.321327][T31782] ? __pfx_ksys_read+0x10/0x10 [ 1375.321348][T31782] do_syscall_64+0xcd/0xfa0 [ 1375.321365][T31782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1375.321380][T31782] RIP: 0033:0x7fb94418efc9 [ 1375.321392][T31782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1375.321406][T31782] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1375.321421][T31782] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1375.321430][T31782] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000004 [ 1375.321438][T31782] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1375.321447][T31782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1375.321455][T31782] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1375.321474][T31782] [ 1375.524678][ C1] vkms_vblank_simulate: vblank timer overrun [ 1377.060025][T31800] netlink: 'syz.7.9131': attribute type 1 has an invalid length. [ 1378.802518][T31816] netlink: 286 bytes leftover after parsing attributes in process `syz.3.9133'. [ 1378.868718][T31816] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1378.875989][T31816] IPv6: NLM_F_CREATE should be set when creating new route [ 1379.297525][T31822] netlink: 'syz.3.9135': attribute type 4 has an invalid length. [ 1379.351718][T31822] netlink: 314 bytes leftover after parsing attributes in process `syz.3.9135'. [ 1382.230306][T31847] netlink: 25 bytes leftover after parsing attributes in process `syz.3.9142'. [ 1383.103972][T31855] netlink: 186 bytes leftover after parsing attributes in process `syz.3.9145'. [ 1383.158734][T31854] vhci_hcd: invalid port number 16 [ 1383.206903][T31854] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1383.714485][T31862] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9148'. [ 1383.778193][T31862] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1384.257402][T31862] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1384.885682][T31872] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9150'. [ 1387.065213][T31901] random: crng reseeded on system resumption [ 1387.286180][T31907] Loading of unsigned module is rejected [ 1387.484677][T31913] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9161'. [ 1387.776119][T31913] team0: Port device team_slave_0 removed [ 1388.384605][T31907] FAULT_INJECTION: forcing a failure. [ 1388.384605][T31907] name failslab, interval 1, probability 393216, space 0, times 0 [ 1388.532620][T31907] CPU: 1 UID: 0 PID: 31907 Comm: syz.7.9160 Tainted: G U syzkaller #0 PREEMPT(full) [ 1388.532647][T31907] Tainted: [U]=USER [ 1388.532652][T31907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1388.532662][T31907] Call Trace: [ 1388.532668][T31907] [ 1388.532676][T31907] dump_stack_lvl+0x16c/0x1f0 [ 1388.532702][T31907] should_fail_ex+0x512/0x640 [ 1388.532724][T31907] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1388.532751][T31907] should_failslab+0xc2/0x120 [ 1388.532771][T31907] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1388.532790][T31907] ? ptlock_alloc+0x1f/0x70 [ 1388.532814][T31907] ? ptlock_alloc+0x1f/0x70 [ 1388.532834][T31907] ptlock_alloc+0x1f/0x70 [ 1388.532854][T31907] pte_alloc_one+0x84/0x350 [ 1388.532872][T31907] do_pte_missing+0x1acf/0x3ba0 [ 1388.532893][T31907] ? __thp_vma_allowable_orders+0x1c8/0xcd0 [ 1388.532919][T31907] __handle_mm_fault+0x1556/0x2aa0 [ 1388.532944][T31907] ? mt_find+0x3e2/0xa20 [ 1388.532965][T31907] ? __pfx___handle_mm_fault+0x10/0x10 [ 1388.532986][T31907] ? __pfx_mt_find+0x10/0x10 [ 1388.533013][T31907] ? find_vma+0xbf/0x140 [ 1388.533028][T31907] ? __pfx_find_vma+0x10/0x10 [ 1388.533047][T31907] handle_mm_fault+0x589/0xd10 [ 1388.533073][T31907] ? __pkru_allows_pkey+0x11/0xb0 [ 1388.533096][T31907] do_user_addr_fault+0x7a6/0x1370 [ 1388.533111][T31907] ? rcu_is_watching+0x12/0xc0 [ 1388.533129][T31907] exc_page_fault+0x64/0xc0 [ 1388.533144][T31907] asm_exc_page_fault+0x26/0x30 [ 1388.533158][T31907] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 1388.533179][T31907] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 3c 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 1388.533192][T31907] RSP: 0018:ffffc90004c0f940 EFLAGS: 00050246 [ 1388.533205][T31907] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 1388.533214][T31907] RDX: fffff52000981f41 RSI: 0000000000000000 RDI: ffffc90004c0fa00 [ 1388.533223][T31907] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff52000981f40 [ 1388.533231][T31907] R10: ffffc90004c0fa07 R11: 0000000000000001 R12: 0000000000000000 [ 1388.533244][T31907] R13: ffffc90004c0fa00 R14: ffffffff8924fd90 R15: ffff8880758ae5c0 [ 1388.533254][T31907] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1388.533280][T31907] _copy_from_user+0x98/0xd0 [ 1388.533302][T31907] sctp_getsockopt_local_addrs+0x106/0xcd0 [ 1388.533326][T31907] ? __lock_acquire+0xb8a/0x1c90 [ 1388.533352][T31907] ? __pfx_sctp_getsockopt_local_addrs+0x10/0x10 [ 1388.533375][T31907] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1388.533398][T31907] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1388.533416][T31907] ? __local_bh_enable_ip+0xa4/0x120 [ 1388.533436][T31907] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1388.533453][T31907] sctp_getsockopt+0x124f/0x69b0 [ 1388.533477][T31907] ? __pfx_sctp_getsockopt+0x10/0x10 [ 1388.533506][T31907] ? __lock_acquire+0xb8a/0x1c90 [ 1388.533535][T31907] ? find_held_lock+0x2b/0x80 [ 1388.533553][T31907] ? __might_fault+0xe3/0x190 [ 1388.533568][T31907] ? __might_fault+0xe3/0x190 [ 1388.533581][T31907] ? __might_fault+0x13b/0x190 [ 1388.533602][T31907] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1388.533619][T31907] do_sock_getsockopt+0x34d/0x440 [ 1388.533637][T31907] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1388.533656][T31907] ? __fget_files+0x204/0x3c0 [ 1388.533680][T31907] __sys_getsockopt+0x123/0x1b0 [ 1388.533707][T31907] __x64_sys_getsockopt+0xbd/0x160 [ 1388.533728][T31907] ? do_syscall_64+0x91/0xfa0 [ 1388.533759][T31907] ? lockdep_hardirqs_on+0x7c/0x110 [ 1388.533775][T31907] do_syscall_64+0xcd/0xfa0 [ 1388.533792][T31907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1388.533807][T31907] RIP: 0033:0x7f5540f8efc9 [ 1388.533820][T31907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1388.533834][T31907] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1388.533847][T31907] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1388.533856][T31907] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004 [ 1388.533865][T31907] RBP: 00007f5541011f91 R08: 0000200000000280 R09: 0000000000000000 [ 1388.533874][T31907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1388.533883][T31907] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1388.533903][T31907] [ 1389.990646][T31937] FAULT_INJECTION: forcing a failure. [ 1389.990646][T31937] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1390.075167][T31937] CPU: 1 UID: 0 PID: 31937 Comm: syz.7.9169 Tainted: G U syzkaller #0 PREEMPT(full) [ 1390.075194][T31937] Tainted: [U]=USER [ 1390.075199][T31937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1390.075209][T31937] Call Trace: [ 1390.075213][T31937] [ 1390.075220][T31937] dump_stack_lvl+0x16c/0x1f0 [ 1390.075241][T31937] should_fail_ex+0x512/0x640 [ 1390.075263][T31937] ? strncpy_from_user+0x1d5/0x2e0 [ 1390.075284][T31937] get_futex_key+0x1d0/0x1560 [ 1390.075303][T31937] ? fixup_exception+0x8fb/0xfd0 [ 1390.075319][T31937] ? __pfx_get_futex_key+0x10/0x10 [ 1390.075338][T31937] ? kernelmode_fixup_or_oops.constprop.0+0x77/0xe0 [ 1390.075365][T31937] futex_wake+0xea/0x530 [ 1390.075386][T31937] ? do_user_addr_fault+0x926/0x1370 [ 1390.075399][T31937] ? __pfx_futex_wake+0x10/0x10 [ 1390.075422][T31937] ? irqentry_exit+0x3b/0x90 [ 1390.075437][T31937] ? lockdep_hardirqs_on+0x7c/0x110 [ 1390.075456][T31937] do_futex+0x1e3/0x350 [ 1390.075474][T31937] ? __pfx_do_futex+0x10/0x10 [ 1390.075491][T31937] ? strncpy_from_user+0x1d2/0x2e0 [ 1390.075510][T31937] ? strncpy_from_user+0x1d9/0x2e0 [ 1390.075532][T31937] __x64_sys_futex+0x1e0/0x4c0 [ 1390.075552][T31937] ? fput+0x9b/0xd0 [ 1390.075570][T31937] ? __pfx___x64_sys_futex+0x10/0x10 [ 1390.075589][T31937] ? xfd_validate_state+0x61/0x180 [ 1390.075610][T31937] ? __pfx_ksys_write+0x10/0x10 [ 1390.075630][T31937] do_syscall_64+0xcd/0xfa0 [ 1390.075646][T31937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1390.075661][T31937] RIP: 0033:0x7f5540f8efc9 [ 1390.075673][T31937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1390.075687][T31937] RSP: 002b:00007f5541de10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1390.075700][T31937] RAX: ffffffffffffffda RBX: 00007f55411e5fa8 RCX: 00007f5540f8efc9 [ 1390.075710][T31937] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f55411e5fac [ 1390.075719][T31937] RBP: 00007f55411e5fa0 R08: 00007f5541de2000 R09: 0000000000000000 [ 1390.075728][T31937] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1390.075736][T31937] R13: 00007f55411e6038 R14: 00007fff887461f0 R15: 00007fff887462d8 [ 1390.075755][T31937] [ 1391.115900][T31951] input: f¬ as /devices/virtual/input/input39 [ 1392.449596][T31966] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9178'. [ 1393.637660][T31991] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9183'. [ 1393.661733][T31988] sp0: Synchronizing with TNC [ 1395.207531][T32013] syz.7.9188 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1395.410001][T32015] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9190'. [ 1395.751173][T32026] FAULT_INJECTION: forcing a failure. [ 1395.751173][T32026] name failslab, interval 1, probability 393216, space 0, times 0 [ 1395.771371][T32010] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1395.807067][T32010] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1395.822198][T32026] CPU: 1 UID: 0 PID: 32026 Comm: syz.0.9192 Tainted: G U syzkaller #0 PREEMPT(full) [ 1395.822233][T32026] Tainted: [U]=USER [ 1395.822238][T32026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1395.822248][T32026] Call Trace: [ 1395.822253][T32026] [ 1395.822260][T32026] dump_stack_lvl+0x16c/0x1f0 [ 1395.822281][T32026] should_fail_ex+0x512/0x640 [ 1395.822303][T32026] ? fs_reclaim_acquire+0xae/0x150 [ 1395.822325][T32026] should_failslab+0xc2/0x120 [ 1395.822344][T32026] __kmalloc_noprof+0xdd/0x880 [ 1395.822366][T32026] ? kfree+0x252/0x6d0 [ 1395.822376][T32026] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1395.822397][T32026] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1395.822412][T32026] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1395.822431][T32026] ? tomoyo_profile+0x47/0x60 [ 1395.822450][T32026] tomoyo_mkdev_perm+0x22b/0x570 [ 1395.822471][T32026] ? tomoyo_mkdev_perm+0x217/0x570 [ 1395.822493][T32026] ? __pfx_tomoyo_mkdev_perm+0x10/0x10 [ 1395.822516][T32026] ? do_raw_spin_lock+0x12c/0x2b0 [ 1395.822543][T32026] ? do_raw_spin_unlock+0x172/0x230 [ 1395.822575][T32026] ? __pfx_current_check_access_path+0x10/0x10 [ 1395.822593][T32026] ? simple_lookup+0x105/0x1d0 [ 1395.822610][T32026] tomoyo_path_mknod+0x12a/0x190 [ 1395.822628][T32026] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 1395.822647][T32026] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1395.822673][T32026] security_path_mknod+0x161/0x310 [ 1395.822697][T32026] do_mknodat+0x239/0x5d0 [ 1395.822715][T32026] ? __pfx_do_mknodat+0x10/0x10 [ 1395.822728][T32026] ? getname_flags.part.0+0x1c5/0x550 [ 1395.822753][T32026] __x64_sys_mknod+0x87/0xb0 [ 1395.822769][T32026] do_syscall_64+0xcd/0xfa0 [ 1395.822787][T32026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1395.822802][T32026] RIP: 0033:0x7fa21238efc9 [ 1395.822815][T32026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1395.822828][T32026] RSP: 002b:00007fa21330d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1395.822843][T32026] RAX: ffffffffffffffda RBX: 00007fa2125e5fa0 RCX: 00007fa21238efc9 [ 1395.822852][T32026] RDX: 0000000000000103 RSI: 00000000000020e9 RDI: 00002000000003c0 [ 1395.822861][T32026] RBP: 00007fa212411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1395.822877][T32026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1395.822886][T32026] R13: 00007fa2125e6038 R14: 00007fa2125e5fa0 R15: 00007ffe5b35d758 [ 1395.822907][T32026] [ 1395.823457][T32026] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1396.102077][T32010] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1396.117165][T32010] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1396.123157][T32010] CPU0 is offline. [ 1397.500854][T17859] Bluetooth: hci2: command 0x0406 tx timeout [ 1397.821579][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1398.216360][T28732] Bluetooth: hci3: command 0x0406 tx timeout [ 1398.222433][T28732] Bluetooth: hci1: command 0x0c1a tx timeout [ 1400.115541][T32065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9201'. [ 1400.225049][T32069] netlink: 354 bytes leftover after parsing attributes in process `syz.3.9201'. [ 1400.836653][T32072] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1402.627693][T32099] binder: 32098:32099 unknown command 0 [ 1402.693050][T32099] binder: 32098:32099 ioctl c0306201 2000000000c0 returned -22 [ 1407.178705][T32140] netlink: 25 bytes leftover after parsing attributes in process `syz.3.9221'. [ 1408.042376][T32153] netlink: 504 bytes leftover after parsing attributes in process `syz.7.9225'. [ 1408.091342][T28732] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1408.100049][T17859] Bluetooth: hci4: command 0xfc11 tx timeout [ 1409.112292][T32173] nvme_fcloop: unknown parameter or missing value '0' [ 1409.232210][T32173] hub 1-0:1.0: USB hub found [ 1409.338352][T32173] hub 1-0:1.0: 1 port detected [ 1409.405462][T32173] FAULT_INJECTION: forcing a failure. [ 1409.405462][T32173] name failslab, interval 1, probability 393216, space 0, times 0 [ 1409.513554][T32173] CPU: 1 UID: 0 PID: 32173 Comm: syz.7.9230 Tainted: G U syzkaller #0 PREEMPT(full) [ 1409.513581][T32173] Tainted: [U]=USER [ 1409.513586][T32173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1409.513596][T32173] Call Trace: [ 1409.513602][T32173] [ 1409.513608][T32173] dump_stack_lvl+0x16c/0x1f0 [ 1409.513630][T32173] should_fail_ex+0x512/0x640 [ 1409.513651][T32173] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1409.513669][T32173] should_failslab+0xc2/0x120 [ 1409.513689][T32173] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1409.513703][T32173] ? __kernfs_new_node+0xd2/0x8e0 [ 1409.513725][T32173] ? __kernfs_new_node+0xd2/0x8e0 [ 1409.513742][T32173] __kernfs_new_node+0xd2/0x8e0 [ 1409.513760][T32173] ? kernfs_add_one+0x37d/0x840 [ 1409.513779][T32173] ? __pfx___kernfs_new_node+0x10/0x10 [ 1409.513802][T32173] ? find_held_lock+0x2b/0x80 [ 1409.513818][T32173] ? kernfs_root+0xee/0x2a0 [ 1409.513840][T32173] kernfs_new_node+0x13c/0x1e0 [ 1409.513863][T32173] kernfs_create_dir_ns+0x4c/0x1a0 [ 1409.513886][T32173] internal_create_group+0x34d/0xf30 [ 1409.513908][T32173] ? sysfs_create_file_ns+0x154/0x1d0 [ 1409.513924][T32173] ? __pfx_internal_create_group+0x10/0x10 [ 1409.513950][T32173] ? __pfx_internal_create_group+0x10/0x10 [ 1409.513971][T32173] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1409.513994][T32173] ? bus_to_subsys+0x131/0x160 [ 1409.514012][T32173] dpm_sysfs_add+0x80/0x280 [ 1409.514034][T32173] device_add+0x9a6/0x1aa0 [ 1409.514057][T32173] ? __pfx_device_add+0x10/0x10 [ 1409.514078][T32173] ? lockdep_init_map_type+0x5c/0x280 [ 1409.514097][T32173] ? __init_waitqueue_head+0xca/0x150 [ 1409.514125][T32173] usb_create_ep_devs+0x160/0x2b0 [ 1409.514142][T32173] create_intf_ep_devs.isra.0+0x161/0x200 [ 1409.514168][T32173] usb_set_configuration+0x11a7/0x1e20 [ 1409.514203][T32173] bConfigurationValue_store+0x100/0x180 [ 1409.514217][T32173] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1409.514239][T32173] ? find_held_lock+0x2b/0x80 [ 1409.514254][T32173] ? sysfs_file_kobj+0xe4/0x290 [ 1409.514271][T32173] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1409.514285][T32173] dev_attr_store+0x58/0x80 [ 1409.514305][T32173] ? __pfx_dev_attr_store+0x10/0x10 [ 1409.514325][T32173] sysfs_kf_write+0xf2/0x150 [ 1409.514343][T32173] kernfs_fop_write_iter+0x3af/0x570 [ 1409.514364][T32173] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1409.514381][T32173] iter_file_splice_write+0xa24/0x12e0 [ 1409.514408][T32173] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1409.514427][T32173] ? __pfx_copy_splice_read+0x10/0x10 [ 1409.514459][T32173] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1409.514475][T32173] direct_splice_actor+0x192/0x6c0 [ 1409.514492][T32173] splice_direct_to_actor+0x345/0xa30 [ 1409.514507][T32173] ? __pfx_direct_splice_actor+0x10/0x10 [ 1409.514524][T32173] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1409.514544][T32173] do_splice_direct+0x174/0x240 [ 1409.514558][T32173] ? __pfx_do_splice_direct+0x10/0x10 [ 1409.514575][T32173] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1409.514601][T32173] ? rw_verify_area+0xcf/0x6c0 [ 1409.514616][T32173] do_sendfile+0xb06/0xe50 [ 1409.514634][T32173] ? __pfx_do_sendfile+0x10/0x10 [ 1409.514652][T32173] ? __x64_sys_futex+0x1e0/0x4c0 [ 1409.514670][T32173] ? __x64_sys_futex+0x1e9/0x4c0 [ 1409.514691][T32173] __x64_sys_sendfile64+0x1d8/0x220 [ 1409.514710][T32173] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1409.514734][T32173] do_syscall_64+0xcd/0xfa0 [ 1409.514751][T32173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1409.514766][T32173] RIP: 0033:0x7f5540f8efc9 [ 1409.514780][T32173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1409.514800][T32173] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1409.514815][T32173] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1409.514826][T32173] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 1409.514835][T32173] RBP: 00007f5541011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1409.514843][T32173] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1409.514852][T32173] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1409.514873][T32173] [ 1415.307442][T32248] binder: 32247:32248 ioctl c0046209 ffffffffffffffff returned -22 [ 1415.458800][T32255] FAULT_INJECTION: forcing a failure. [ 1415.458800][T32255] name failslab, interval 1, probability 393216, space 0, times 0 [ 1415.536255][T32255] CPU: 1 UID: 0 PID: 32255 Comm: syz.3.9251 Tainted: G U syzkaller #0 PREEMPT(full) [ 1415.536282][T32255] Tainted: [U]=USER [ 1415.536288][T32255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1415.536297][T32255] Call Trace: [ 1415.536304][T32255] [ 1415.536311][T32255] dump_stack_lvl+0x16c/0x1f0 [ 1415.536331][T32255] should_fail_ex+0x512/0x640 [ 1415.536357][T32255] should_failslab+0xc2/0x120 [ 1415.536378][T32255] kmem_cache_alloc_node_noprof+0x78/0x770 [ 1415.536393][T32255] ? __alloc_skb+0x2b2/0x380 [ 1415.536419][T32255] ? __alloc_skb+0x2b2/0x380 [ 1415.536438][T32255] __alloc_skb+0x2b2/0x380 [ 1415.536458][T32255] ? __pfx___alloc_skb+0x10/0x10 [ 1415.536479][T32255] ? kasan_quarantine_put+0x90/0x240 [ 1415.536503][T32255] __pskb_copy_fclone+0xef/0xb50 [ 1415.536524][T32255] tipc_sk_mcast_rcv+0x52d/0xfa0 [ 1415.536546][T32255] ? __lock_acquire+0xb8a/0x1c90 [ 1415.536571][T32255] ? __pfx_tipc_sk_mcast_rcv+0x10/0x10 [ 1415.536590][T32255] ? __lock_acquire+0x622/0x1c90 [ 1415.536619][T32255] ? find_held_lock+0x2b/0x80 [ 1415.536633][T32255] ? tipc_mcast_xmit+0x6d5/0xfe0 [ 1415.536657][T32255] tipc_mcast_xmit+0x711/0xfe0 [ 1415.536676][T32255] ? __pfx__copy_from_iter+0x10/0x10 [ 1415.536697][T32255] ? __pfx___alloc_skb+0x10/0x10 [ 1415.536720][T32255] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 1415.536740][T32255] ? __lock_acquire+0x622/0x1c90 [ 1415.536787][T32255] ? tipc_send_group_bcast+0x803/0xa50 [ 1415.536804][T32255] tipc_send_group_bcast+0x803/0xa50 [ 1415.536830][T32255] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 1415.536847][T32255] ? css_rstat_updated+0x1c2/0x510 [ 1415.536865][T32255] ? __pfx_css_rstat_updated+0x10/0x10 [ 1415.536881][T32255] ? __pfx_woken_wake_function+0x10/0x10 [ 1415.536915][T32255] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1415.536935][T32255] __tipc_sendmsg+0x4ab/0x19a0 [ 1415.536955][T32255] ? lock_acquire+0x179/0x350 [ 1415.536978][T32255] ? __pfx___tipc_sendmsg+0x10/0x10 [ 1415.537020][T32255] ? __local_bh_enable_ip+0xa4/0x120 [ 1415.537039][T32255] tipc_sendmsg+0x4f/0x70 [ 1415.537060][T32255] sock_write_iter+0x566/0x610 [ 1415.537078][T32255] ? __pfx_sock_write_iter+0x10/0x10 [ 1415.537106][T32255] ? __futex_wait+0x24b/0x2f0 [ 1415.537129][T32255] ? copy_iovec_from_user+0x131/0x170 [ 1415.537152][T32255] do_iter_readv_writev+0x662/0x9e0 [ 1415.537168][T32255] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1415.537186][T32255] ? bpf_lsm_file_permission+0x9/0x10 [ 1415.537203][T32255] ? security_file_permission+0x71/0x210 [ 1415.537219][T32255] ? rw_verify_area+0xcf/0x6c0 [ 1415.537234][T32255] vfs_writev+0x35f/0xde0 [ 1415.537253][T32255] ? __pfx_vfs_writev+0x10/0x10 [ 1415.537281][T32255] ? __fget_files+0x20e/0x3c0 [ 1415.537300][T32255] ? do_writev+0x28c/0x340 [ 1415.537312][T32255] do_writev+0x28c/0x340 [ 1415.537326][T32255] ? __pfx_do_writev+0x10/0x10 [ 1415.537346][T32255] do_syscall_64+0xcd/0xfa0 [ 1415.537364][T32255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1415.537379][T32255] RIP: 0033:0x7f87ea98efc9 [ 1415.537392][T32255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1415.537406][T32255] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1415.537421][T32255] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1415.537433][T32255] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1415.537444][T32255] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1415.537453][T32255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1415.537462][T32255] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1415.537482][T32255] [ 1415.538655][T32255] tipc: Failed to clone mcast rcv buffer [ 1418.715600][T32296] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1419.338410][T32300] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 1419.363747][T32301] hub 3-0:1.0: USB hub found [ 1419.500987][T32301] hub 3-0:1.0: 1 port detected [ 1419.752988][T32301] usb usb3: authorized to connect [ 1420.372560][T32313] FAULT_INJECTION: forcing a failure. [ 1420.372560][T32313] name failslab, interval 1, probability 393216, space 0, times 0 [ 1420.482554][T32313] CPU: 1 UID: 0 PID: 32313 Comm: syz.3.9264 Tainted: G U syzkaller #0 PREEMPT(full) [ 1420.482581][T32313] Tainted: [U]=USER [ 1420.482587][T32313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1420.482597][T32313] Call Trace: [ 1420.482602][T32313] [ 1420.482609][T32313] dump_stack_lvl+0x16c/0x1f0 [ 1420.482631][T32313] should_fail_ex+0x512/0x640 [ 1420.482653][T32313] ? fs_reclaim_acquire+0xae/0x150 [ 1420.482675][T32313] should_failslab+0xc2/0x120 [ 1420.482694][T32313] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1420.482708][T32313] ? __pfx_map_id_range_down+0x10/0x10 [ 1420.482730][T32313] ? security_inode_alloc+0x3b/0x2b0 [ 1420.482755][T32313] ? security_inode_alloc+0x3b/0x2b0 [ 1420.482774][T32313] security_inode_alloc+0x3b/0x2b0 [ 1420.482795][T32313] inode_init_always_gfp+0xce4/0x1030 [ 1420.482814][T32313] alloc_inode+0x86/0x240 [ 1420.482832][T32313] sock_alloc+0x40/0x280 [ 1420.482848][T32313] sock_create_lite+0x82/0x120 [ 1420.482865][T32313] __netlink_kernel_create+0xbd/0x750 [ 1420.482882][T32313] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1420.482901][T32313] ? __pfx_genl_pernet_init+0x10/0x10 [ 1420.482918][T32313] genl_pernet_init+0xbd/0x170 [ 1420.482935][T32313] ? __pfx_genl_pernet_init+0x10/0x10 [ 1420.482950][T32313] ? lockdep_init_map_type+0x5c/0x280 [ 1420.482970][T32313] ? __pfx_genl_rcv+0x10/0x10 [ 1420.482984][T32313] ? __pfx_genl_bind+0x10/0x10 [ 1420.482998][T32313] ? __pfx_genl_unbind+0x10/0x10 [ 1420.483012][T32313] ? __pfx_genl_release+0x10/0x10 [ 1420.483029][T32313] ? debug_mutex_init+0x37/0x70 [ 1420.483045][T32313] ops_init+0x1e2/0x5f0 [ 1420.483061][T32313] setup_net+0x100/0x390 [ 1420.483076][T32313] ? __pfx_setup_net+0x10/0x10 [ 1420.483090][T32313] ? debug_mutex_init+0x37/0x70 [ 1420.483107][T32313] copy_net_ns+0x2f8/0x690 [ 1420.483124][T32313] create_new_namespaces+0x3ea/0xa90 [ 1420.483145][T32313] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1420.483163][T32313] ksys_unshare+0x45b/0xa40 [ 1420.483182][T32313] ? __pfx_ksys_unshare+0x10/0x10 [ 1420.483201][T32313] ? xfd_validate_state+0x61/0x180 [ 1420.483227][T32313] __x64_sys_unshare+0x31/0x40 [ 1420.483244][T32313] do_syscall_64+0xcd/0xfa0 [ 1420.483261][T32313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1420.483276][T32313] RIP: 0033:0x7f87ea98efc9 [ 1420.483289][T32313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1420.483303][T32313] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1420.483318][T32313] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1420.483328][T32313] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1420.483336][T32313] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1420.483345][T32313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1420.483354][T32313] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1420.483383][T32313] [ 1421.223897][T28732] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1421.684469][T32303] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1421.697541][T32303] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1421.703824][T32303] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1421.763830][T32303] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1421.793285][T32303] CPU0 is offline. [ 1421.852683][T17859] Bluetooth: hci2: command 0x0406 tx timeout [ 1422.334703][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1422.346270][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1422.963496][T32326] binder: 32325:32326 ioctl c0306201 200000000000 returned -11 [ 1423.763370][T28732] Bluetooth: hci1: command 0x0c1a tx timeout [ 1423.769903][T28732] Bluetooth: hci0: command 0x0406 tx timeout [ 1423.837082][T32341] FAULT_INJECTION: forcing a failure. [ 1423.837082][T32341] name failslab, interval 1, probability 393216, space 0, times 0 [ 1423.851762][T32342] Bluetooth: hci3: command 0x0406 tx timeout [ 1423.949330][T32341] CPU: 1 UID: 0 PID: 32341 Comm: syz.3.9272 Tainted: G U syzkaller #0 PREEMPT(full) [ 1423.949358][T32341] Tainted: [U]=USER [ 1423.949363][T32341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1423.949373][T32341] Call Trace: [ 1423.949379][T32341] [ 1423.949385][T32341] dump_stack_lvl+0x16c/0x1f0 [ 1423.949407][T32341] should_fail_ex+0x512/0x640 [ 1423.949429][T32341] ? fs_reclaim_acquire+0xae/0x150 [ 1423.949450][T32341] should_failslab+0xc2/0x120 [ 1423.949477][T32341] __kmalloc_noprof+0xdd/0x880 [ 1423.949501][T32341] ? tomoyo_encode2+0x100/0x3e0 [ 1423.949521][T32341] ? tomoyo_encode2+0x100/0x3e0 [ 1423.949536][T32341] tomoyo_encode2+0x100/0x3e0 [ 1423.949554][T32341] tomoyo_encode+0x29/0x50 [ 1423.949569][T32341] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1423.949586][T32341] ? tomoyo_profile+0x47/0x60 [ 1423.949606][T32341] tomoyo_path_perm+0x274/0x460 [ 1423.949627][T32341] ? tomoyo_path_perm+0x260/0x460 [ 1423.949649][T32341] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 1423.949691][T32341] ? __pfx_ima_file_check+0x10/0x10 [ 1423.949709][T32341] ? hook_file_truncate+0xc7/0x250 [ 1423.949728][T32341] security_file_truncate+0x84/0x1e0 [ 1423.949744][T32341] path_openat+0xc10/0x2cb0 [ 1423.949766][T32341] ? __pfx_path_openat+0x10/0x10 [ 1423.949783][T32341] ? __lock_acquire+0xb8a/0x1c90 [ 1423.949804][T32341] do_filp_open+0x20b/0x470 [ 1423.949820][T32341] ? __pfx_do_filp_open+0x10/0x10 [ 1423.949849][T32341] ? alloc_fd+0x471/0x7d0 [ 1423.949869][T32341] do_sys_openat2+0x11b/0x1d0 [ 1423.949889][T32341] ? __pfx_do_sys_openat2+0x10/0x10 [ 1423.949917][T32341] __x64_sys_openat+0x174/0x210 [ 1423.949937][T32341] ? __pfx___x64_sys_openat+0x10/0x10 [ 1423.949966][T32341] do_syscall_64+0xcd/0xfa0 [ 1423.949983][T32341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1423.949998][T32341] RIP: 0033:0x7f87ea98efc9 [ 1423.950010][T32341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1423.950027][T32341] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1423.950041][T32341] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1423.950051][T32341] RDX: 0000000000101302 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1423.950060][T32341] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1423.950069][T32341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1423.950077][T32341] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1423.950098][T32341] [ 1423.950134][T32341] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1425.139611][T32357] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.9275: iget: checksum invalid [ 1425.192421][T32357] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1425.250852][T32357] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.9275: iget: checksum invalid [ 1425.319753][T32357] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1425.423871][T32357] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.9275: iget: checksum invalid [ 1425.442860][T32359] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1425.556599][T32357] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1425.713211][T32357] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.7.9275: iget: checksum invalid [ 1425.831093][T32357] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1426.039083][T32357] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1426.167158][T32357] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1427.316889][T32374] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1427.938781][T32389] netlink: 13 bytes leftover after parsing attributes in process `syz.0.9284'. [ 1430.935555][T32432] netlink: 25 bytes leftover after parsing attributes in process `syz.6.9297'. [ 1431.418732][T32442] tipc: Started in network mode [ 1431.451113][T32442] tipc: Node identity ee00, cluster identity 4711 [ 1431.490302][T32442] tipc: Node number set to 60928 [ 1431.604031][T32445] FAULT_INJECTION: forcing a failure. [ 1431.604031][T32445] name failslab, interval 1, probability 393216, space 0, times 0 [ 1431.729090][T32445] CPU: 1 UID: 0 PID: 32445 Comm: syz.0.9301 Tainted: G U syzkaller #0 PREEMPT(full) [ 1431.729118][T32445] Tainted: [U]=USER [ 1431.729123][T32445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1431.729132][T32445] Call Trace: [ 1431.729138][T32445] [ 1431.729145][T32445] dump_stack_lvl+0x16c/0x1f0 [ 1431.729166][T32445] should_fail_ex+0x512/0x640 [ 1431.729188][T32445] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1431.729213][T32445] should_failslab+0xc2/0x120 [ 1431.729233][T32445] __kmalloc_cache_noprof+0x72/0x780 [ 1431.729255][T32445] ? subdev_open+0x7f/0x540 [ 1431.729280][T32445] ? subdev_open+0x7f/0x540 [ 1431.729309][T32445] ? video_devdata+0xd/0xc0 [ 1431.729322][T32445] subdev_open+0x7f/0x540 [ 1431.729345][T32445] v4l2_open+0x1d2/0x5e0 [ 1431.729361][T32445] ? __pfx_v4l2_open+0x10/0x10 [ 1431.729382][T32445] chrdev_open+0x234/0x6a0 [ 1431.729398][T32445] ? __pfx_apparmor_file_open+0x10/0x10 [ 1431.729420][T32445] ? __pfx_chrdev_open+0x10/0x10 [ 1431.729438][T32445] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1431.729458][T32445] do_dentry_open+0x982/0x1530 [ 1431.729476][T32445] ? __pfx_chrdev_open+0x10/0x10 [ 1431.729499][T32445] vfs_open+0x82/0x3f0 [ 1431.729522][T32445] path_openat+0x1de4/0x2cb0 [ 1431.729550][T32445] ? kasan_save_stack+0x42/0x60 [ 1431.729568][T32445] ? __pfx_path_openat+0x10/0x10 [ 1431.729582][T32445] ? kmem_cache_alloc_noprof+0x250/0x6e0 [ 1431.729596][T32445] ? getname_flags.part.0+0x4c/0x550 [ 1431.729616][T32445] ? getname_flags+0x93/0xf0 [ 1431.729629][T32445] ? acct_on+0x82/0xa00 [ 1431.729649][T32445] ? __x64_sys_acct+0x81/0x1e0 [ 1431.729668][T32445] ? do_syscall_64+0xcd/0xfa0 [ 1431.729683][T32445] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1431.729700][T32445] do_filp_open+0x20b/0x470 [ 1431.729716][T32445] ? __pfx_do_filp_open+0x10/0x10 [ 1431.729746][T32445] ? find_held_lock+0x2b/0x80 [ 1431.729760][T32445] ? __might_fault+0xe3/0x190 [ 1431.729774][T32445] ? __might_fault+0xe3/0x190 [ 1431.729786][T32445] ? __might_fault+0x13b/0x190 [ 1431.729803][T32445] file_open_name+0x2a3/0x450 [ 1431.729824][T32445] ? __pfx_file_open_name+0x10/0x10 [ 1431.729846][T32445] ? getname_flags.part.0+0x1c5/0x550 [ 1431.729870][T32445] acct_on+0xc7/0xa00 [ 1431.729892][T32445] ? __pfx_acct_on+0x10/0x10 [ 1431.729913][T32445] ? bpf_lsm_capable+0x9/0x10 [ 1431.729935][T32445] __x64_sys_acct+0x81/0x1e0 [ 1431.729955][T32445] ? lockdep_hardirqs_on+0x7c/0x110 [ 1431.729970][T32445] do_syscall_64+0xcd/0xfa0 [ 1431.729986][T32445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1431.730000][T32445] RIP: 0033:0x7fa21238efc9 [ 1431.730012][T32445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1431.730026][T32445] RSP: 002b:00007fa21330d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 1431.730041][T32445] RAX: ffffffffffffffda RBX: 00007fa2125e5fa0 RCX: 00007fa21238efc9 [ 1431.730050][T32445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 1431.730059][T32445] RBP: 00007fa212411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1431.730068][T32445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1431.730077][T32445] R13: 00007fa2125e6038 R14: 00007fa2125e5fa0 R15: 00007ffe5b35d758 [ 1431.730097][T32445] [ 1433.963510][T32456] ERROR: Out of memory at tomoyo_memory_ok. [ 1434.925241][T32447] kexec: Could not allocate control_code_buffer [ 1435.284925][T32468] netlink: 25 bytes leftover after parsing attributes in process `syz.6.9307'. [ 1436.092113][T32482] FAULT_INJECTION: forcing a failure. [ 1436.092113][T32482] name failslab, interval 1, probability 393216, space 0, times 0 [ 1436.190114][T32482] CPU: 1 UID: 0 PID: 32482 Comm: syz.6.9312 Tainted: G U syzkaller #0 PREEMPT(full) [ 1436.190141][T32482] Tainted: [U]=USER [ 1436.190147][T32482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1436.190157][T32482] Call Trace: [ 1436.190163][T32482] [ 1436.190170][T32482] dump_stack_lvl+0x16c/0x1f0 [ 1436.190192][T32482] should_fail_ex+0x512/0x640 [ 1436.190214][T32482] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1436.190232][T32482] should_failslab+0xc2/0x120 [ 1436.190252][T32482] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1436.190267][T32482] ? __proc_create+0x2ce/0x8e0 [ 1436.190291][T32482] ? __proc_create+0x2ce/0x8e0 [ 1436.190321][T32482] __proc_create+0x2ce/0x8e0 [ 1436.190343][T32482] ? __pfx___proc_create+0x10/0x10 [ 1436.190363][T32482] ? proc_register+0x554/0x8b0 [ 1436.190387][T32482] ? _raw_write_unlock+0x28/0x50 [ 1436.190405][T32482] proc_create_reg+0x7d/0x180 [ 1436.190428][T32482] proc_create_net_data+0x8e/0x1c0 [ 1436.190450][T32482] ? __pfx_proc_create_net_data+0x10/0x10 [ 1436.190471][T32482] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1436.190490][T32482] ? ops_init+0x77/0x5f0 [ 1436.190505][T32482] ? __pfx_dev_proc_net_init+0x10/0x10 [ 1436.190526][T32482] dev_proc_net_init+0x5a/0x220 [ 1436.190549][T32482] ops_init+0x1e2/0x5f0 [ 1436.190566][T32482] setup_net+0x100/0x390 [ 1436.190580][T32482] ? __pfx_setup_net+0x10/0x10 [ 1436.190595][T32482] ? debug_mutex_init+0x37/0x70 [ 1436.190612][T32482] copy_net_ns+0x2f8/0x690 [ 1436.190630][T32482] create_new_namespaces+0x3ea/0xa90 [ 1436.190651][T32482] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1436.190669][T32482] ksys_unshare+0x45b/0xa40 [ 1436.190688][T32482] ? __pfx_ksys_unshare+0x10/0x10 [ 1436.190707][T32482] ? xfd_validate_state+0x61/0x180 [ 1436.190732][T32482] __x64_sys_unshare+0x31/0x40 [ 1436.190750][T32482] do_syscall_64+0xcd/0xfa0 [ 1436.190767][T32482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1436.190781][T32482] RIP: 0033:0x7fb94418efc9 [ 1436.190793][T32482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1436.190808][T32482] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1436.190822][T32482] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1436.190831][T32482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1436.190840][T32482] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1436.190848][T32482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1436.190857][T32482] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1436.190876][T32482] [ 1437.042177][T32494] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9314'. [ 1437.042210][T32494] : renamed from vlan0 (while UP) [ 1437.620654][T32494] veth0_vlan: left promiscuous mode [ 1437.628189][T32494] : entered allmulticast mode [ 1439.893234][T32523] netlink: 17 bytes leftover after parsing attributes in process `syz.7.9323'. [ 1440.089017][T32525] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9324'. [ 1440.194079][T32520] Loading of unsigned module is rejected [ 1440.258480][T32519] delete_channel: no stack [ 1440.456863][T32530] ptrace attach of "./syz-executor exec"[27009] was attempted by ""[32530] [ 1441.782229][T32541] netlink: 25 bytes leftover after parsing attributes in process `syz.3.9329'. [ 1442.257674][T32547] netlink: 36332 bytes leftover after parsing attributes in process `syz.3.9331'. [ 1443.021857][T32556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9334'. [ 1443.128390][T32556] netlink: 354 bytes leftover after parsing attributes in process `syz.3.9334'. [ 1443.442565][T32342] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1443.588165][T32563] netlink: 5 bytes leftover after parsing attributes in process `syz.6.9336'. [ 1444.145366][T32572] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9338'. [ 1444.518066][T32571] FAULT_INJECTION: forcing a failure. [ 1444.518066][T32571] name failslab, interval 1, probability 393216, space 0, times 0 [ 1444.604255][T32571] CPU: 1 UID: 0 PID: 32571 Comm: syz.6.9339 Tainted: G U syzkaller #0 PREEMPT(full) [ 1444.604282][T32571] Tainted: [U]=USER [ 1444.604287][T32571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1444.604297][T32571] Call Trace: [ 1444.604303][T32571] [ 1444.604311][T32571] dump_stack_lvl+0x16c/0x1f0 [ 1444.604333][T32571] should_fail_ex+0x512/0x640 [ 1444.604355][T32571] ? fs_reclaim_acquire+0xae/0x150 [ 1444.604376][T32571] should_failslab+0xc2/0x120 [ 1444.604400][T32571] __kmalloc_noprof+0xdd/0x880 [ 1444.604420][T32571] ? lockdep_init_map_type+0x5c/0x280 [ 1444.604441][T32571] ? tomoyo_open_control+0x51f/0xa30 [ 1444.604463][T32571] ? tomoyo_open_control+0x51f/0xa30 [ 1444.604480][T32571] tomoyo_open_control+0x51f/0xa30 [ 1444.604501][T32571] do_dentry_open+0x982/0x1530 [ 1444.604518][T32571] ? __pfx_tomoyo_open+0x10/0x10 [ 1444.604538][T32571] vfs_open+0x82/0x3f0 [ 1444.604559][T32571] path_openat+0x1de4/0x2cb0 [ 1444.604581][T32571] ? __pfx_path_openat+0x10/0x10 [ 1444.604597][T32571] ? __lock_acquire+0xb8a/0x1c90 [ 1444.604618][T32571] do_filp_open+0x20b/0x470 [ 1444.604633][T32571] ? __pfx_do_filp_open+0x10/0x10 [ 1444.604661][T32571] ? alloc_fd+0x471/0x7d0 [ 1444.604680][T32571] do_sys_openat2+0x11b/0x1d0 [ 1444.604709][T32571] ? __pfx_do_sys_openat2+0x10/0x10 [ 1444.604736][T32571] __x64_sys_openat+0x174/0x210 [ 1444.604761][T32571] ? __pfx___x64_sys_openat+0x10/0x10 [ 1444.604791][T32571] do_syscall_64+0xcd/0xfa0 [ 1444.604808][T32571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1444.604823][T32571] RIP: 0033:0x7fb94418efc9 [ 1444.604835][T32571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1444.604850][T32571] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1444.604865][T32571] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1444.604875][T32571] RDX: 00000000000c0802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1444.604884][T32571] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1444.604893][T32571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1444.604901][T32571] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1444.604923][T32571] [ 1449.440931][T32647] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1449.927045][T32653] FAULT_INJECTION: forcing a failure. [ 1449.927045][T32653] name failslab, interval 1, probability 393216, space 0, times 0 [ 1450.078605][T32653] CPU: 1 UID: 0 PID: 32653 Comm: syz.3.9361 Tainted: G U syzkaller #0 PREEMPT(full) [ 1450.078632][T32653] Tainted: [U]=USER [ 1450.078637][T32653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1450.078646][T32653] Call Trace: [ 1450.078652][T32653] [ 1450.078658][T32653] dump_stack_lvl+0x16c/0x1f0 [ 1450.078679][T32653] should_fail_ex+0x512/0x640 [ 1450.078701][T32653] ? fs_reclaim_acquire+0xae/0x150 [ 1450.078723][T32653] should_failslab+0xc2/0x120 [ 1450.078742][T32653] __kmalloc_noprof+0xdd/0x880 [ 1450.078764][T32653] ? ima_alloc_init_template+0x19d/0x720 [ 1450.078790][T32653] ? ima_alloc_init_template+0x19d/0x720 [ 1450.078811][T32653] ima_alloc_init_template+0x19d/0x720 [ 1450.078833][T32653] ? take_dentry_name_snapshot+0x319/0x7d0 [ 1450.078856][T32653] ima_store_measurement+0x1eb/0x5c0 [ 1450.078879][T32653] ? __pfx_ima_store_measurement+0x10/0x10 [ 1450.078902][T32653] ? vfs_getxattr_alloc+0xec/0x350 [ 1450.078922][T32653] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1450.078944][T32653] process_measurement+0x1ddb/0x23e0 [ 1450.078969][T32653] ? __lock_acquire+0x622/0x1c90 [ 1450.078989][T32653] ? __pfx_process_measurement+0x10/0x10 [ 1450.079008][T32653] ? __kasan_slab_alloc+0x89/0x90 [ 1450.079025][T32653] ? security_file_alloc+0x34/0x2b0 [ 1450.079039][T32653] ? alloc_empty_file+0x73/0x1e0 [ 1450.079058][T32653] ? alloc_file_pseudo+0x13a/0x230 [ 1450.079081][T32653] ? find_held_lock+0x2b/0x80 [ 1450.079118][T32653] ima_file_mmap+0x1b1/0x1d0 [ 1450.079137][T32653] ? __pfx_ima_file_mmap+0x10/0x10 [ 1450.079161][T32653] security_mmap_file+0x88c/0x990 [ 1450.079176][T32653] vm_mmap_pgoff+0xec/0x470 [ 1450.079197][T32653] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1450.079222][T32653] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1450.079244][T32653] ? hugetlbfs_get_inode+0x31f/0x730 [ 1450.079268][T32653] ksys_mmap_pgoff+0x1c8/0x5c0 [ 1450.079290][T32653] __x64_sys_mmap+0x125/0x190 [ 1450.079313][T32653] do_syscall_64+0xcd/0xfa0 [ 1450.079330][T32653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1450.079345][T32653] RIP: 0033:0x7f87ea98efc9 [ 1450.079358][T32653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1450.079372][T32653] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1450.079386][T32653] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1450.079396][T32653] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 1450.079405][T32653] RBP: 00007f87eaa11f91 R08: ffffffffffffffff R09: 0000300000000000 [ 1450.079414][T32653] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 1450.079423][T32653] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1450.079444][T32653] [ 1450.079569][ T30] audit: type=1804 audit(42003.889:51): pid=32653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.9361" name="anon_hugepage" dev="hugetlbfs" ino=269597 res=0 errno=0 [ 1450.885033][T32666] hub 8-0:1.0: USB hub found [ 1450.915051][T32667] random: crng reseeded on system resumption [ 1450.951692][T32666] hub 8-0:1.0: 1 port detected [ 1451.198286][T32674] bond0: invalid ARP target specified [ 1452.002499][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801be92400: rx timeout, send abort [ 1452.010844][ C1] vcan0: j1939_tp_rxtimer: 0xffff888032d8d800: rx timeout, send abort [ 1452.019290][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88801be92400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1452.033673][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888032d8d800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1452.637788][T32691] netlink: 25 bytes leftover after parsing attributes in process `syz.7.9374'. [ 1452.874701][T32703] random: crng reseeded on system resumption [ 1453.013655][T32706] netlink: 330 bytes leftover after parsing attributes in process `syz.3.9380'. [ 1453.080988][T32706] –õ\­: renamed from lo [ 1456.276195][T32743] vhci_hcd: invalid port number 16 [ 1456.307370][T32743] vhci_hcd: invalid port number 16 [ 1457.146281][T32747] FAULT_INJECTION: forcing a failure. [ 1457.146281][T32747] name failslab, interval 1, probability 393216, space 0, times 0 [ 1457.251500][T32747] CPU: 1 UID: 0 PID: 32747 Comm: syz.6.9390 Tainted: G U syzkaller #0 PREEMPT(full) [ 1457.251527][T32747] Tainted: [U]=USER [ 1457.251532][T32747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1457.251541][T32747] Call Trace: [ 1457.251546][T32747] [ 1457.251553][T32747] dump_stack_lvl+0x16c/0x1f0 [ 1457.251573][T32747] should_fail_ex+0x512/0x640 [ 1457.251595][T32747] ? __kmalloc_node_noprof+0xcd/0x8a0 [ 1457.251615][T32747] should_failslab+0xc2/0x120 [ 1457.251635][T32747] __kmalloc_node_noprof+0xe0/0x8a0 [ 1457.251651][T32747] ? mempool_init_node+0x11b/0x6e0 [ 1457.251671][T32747] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1457.251689][T32747] ? __pfx_mempool_free_slab+0x10/0x10 [ 1457.251712][T32747] ? mempool_init_node+0x11b/0x6e0 [ 1457.251729][T32747] mempool_init_node+0x11b/0x6e0 [ 1457.251746][T32747] ? __pfx_xa_load+0x10/0x10 [ 1457.251766][T32747] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1457.251784][T32747] ? __pfx_mempool_free_slab+0x10/0x10 [ 1457.251801][T32747] mempool_init_noprof+0x3a/0x50 [ 1457.251820][T32747] bioset_init+0x388/0x8a0 [ 1457.251841][T32747] ? __pfx_bioset_init+0x10/0x10 [ 1457.251867][T32747] __alloc_disk_node+0x83/0x640 [ 1457.251888][T32747] __blk_mq_alloc_disk+0x89/0x120 [ 1457.251907][T32747] loop_add+0x490/0xb70 [ 1457.251922][T32747] ? __pfx_loop_add+0x10/0x10 [ 1457.251948][T32747] ? find_held_lock+0x2b/0x80 [ 1457.251967][T32747] loop_control_ioctl+0x13e/0x630 [ 1457.251983][T32747] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1457.252000][T32747] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1457.252016][T32747] __x64_sys_ioctl+0x18e/0x210 [ 1457.252038][T32747] do_syscall_64+0xcd/0xfa0 [ 1457.252054][T32747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1457.252069][T32747] RIP: 0033:0x7fb94418efc9 [ 1457.252081][T32747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1457.252095][T32747] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1457.252109][T32747] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1457.252119][T32747] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 1457.252129][T32747] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1457.252138][T32747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1457.252146][T32747] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1457.252164][T32747] [ 1459.014449][T32766] sp0: Synchronizing with TNC [ 1459.048065][ T301] sp0: Found TNC [ 1459.161505][ T304] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9397'. [ 1459.204425][ T307] netlink: 342 bytes leftover after parsing attributes in process `syz.6.9399'. [ 1459.281673][ T309] netlink: 354 bytes leftover after parsing attributes in process `syz.0.9397'. [ 1459.982397][ T318] sp0: Synchronizing with TNC [ 1460.844274][ T335] snd_virmidi snd_virmidi.0: control 5:9:1:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 1461.189307][ T338] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 1462.283122][T17859] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1462.790611][ T357] snd_aloop snd_aloop.0: control 16781581:65539:6:é'x?F¢é/èìzFË·fCªáª:7 is already present [ 1463.848459][ T365] Loading of unsigned module is rejected [ 1464.961900][ T372] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9416'. [ 1468.117340][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880301be800: rx timeout, send abort [ 1468.125661][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880301bec00: rx timeout, send abort [ 1468.134207][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880301be800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1468.148643][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880301bec00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1469.327434][ T418] netlink: 17 bytes leftover after parsing attributes in process `syz.6.9429'. [ 1469.390480][ T415] ima: policy update failed [ 1469.398655][ T30] audit: type=1802 audit(42023.300:52): pid=415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.9429" res=0 errno=0 [ 1469.676509][ T429] Loading of unsigned module is rejected [ 1472.577398][ T460] random: crng reseeded on system resumption [ 1473.294221][ T463] sp0: Synchronizing with TNC [ 1473.352168][ T468] sp0: Found TNC [ 1474.246814][ T479] Loading of unsigned module is rejected [ 1475.485573][ T479] netlink: 330 bytes leftover after parsing attributes in process `syz.3.9446'. [ 1478.925687][ T500] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1479.561697][ T512] FAULT_INJECTION: forcing a failure. [ 1479.561697][ T512] name failslab, interval 1, probability 393216, space 0, times 0 [ 1479.645136][ T512] CPU: 1 UID: 0 PID: 512 Comm: syz.7.9451 Tainted: G U syzkaller #0 PREEMPT(full) [ 1479.645162][ T512] Tainted: [U]=USER [ 1479.645168][ T512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1479.645177][ T512] Call Trace: [ 1479.645186][ T512] [ 1479.645195][ T512] dump_stack_lvl+0x16c/0x1f0 [ 1479.645225][ T512] should_fail_ex+0x512/0x640 [ 1479.645259][ T512] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1479.645288][ T512] should_failslab+0xc2/0x120 [ 1479.645310][ T512] __kmalloc_cache_noprof+0x72/0x780 [ 1479.645332][ T512] ? __pfx_fib6_gc_timer_cb+0x10/0x10 [ 1479.645350][ T512] ? fib6_net_init+0x165/0xb20 [ 1479.645368][ T512] ? fib6_net_init+0x165/0xb20 [ 1479.645382][ T512] ? __pfx_fib6_net_init+0x10/0x10 [ 1479.645396][ T512] fib6_net_init+0x165/0xb20 [ 1479.645413][ T512] ? __pfx_fib6_net_init+0x10/0x10 [ 1479.645429][ T512] ops_init+0x1e2/0x5f0 [ 1479.645446][ T512] setup_net+0x100/0x390 [ 1479.645460][ T512] ? __pfx_setup_net+0x10/0x10 [ 1479.645475][ T512] ? debug_mutex_init+0x37/0x70 [ 1479.645492][ T512] copy_net_ns+0x2f8/0x690 [ 1479.645510][ T512] create_new_namespaces+0x3ea/0xa90 [ 1479.645531][ T512] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1479.645549][ T512] ksys_unshare+0x45b/0xa40 [ 1479.645568][ T512] ? __pfx_ksys_unshare+0x10/0x10 [ 1479.645592][ T512] ? xfd_validate_state+0x61/0x180 [ 1479.645620][ T512] __x64_sys_unshare+0x31/0x40 [ 1479.645640][ T512] do_syscall_64+0xcd/0xfa0 [ 1479.645658][ T512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1479.645673][ T512] RIP: 0033:0x7f5540f8efc9 [ 1479.645686][ T512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1479.645701][ T512] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1479.645715][ T512] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1479.645725][ T512] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1479.645734][ T512] RBP: 00007f5541011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1479.645742][ T512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1479.645751][ T512] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1479.645771][ T512] [ 1481.214166][ T522] FAULT_INJECTION: forcing a failure. [ 1481.214166][ T522] name failslab, interval 1, probability 393216, space 0, times 0 [ 1481.324099][ T522] CPU: 1 UID: 0 PID: 522 Comm: syz.7.9457 Tainted: G U syzkaller #0 PREEMPT(full) [ 1481.324126][ T522] Tainted: [U]=USER [ 1481.324132][ T522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1481.324141][ T522] Call Trace: [ 1481.324146][ T522] [ 1481.324153][ T522] dump_stack_lvl+0x16c/0x1f0 [ 1481.324173][ T522] should_fail_ex+0x512/0x640 [ 1481.324195][ T522] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 1481.324216][ T522] should_failslab+0xc2/0x120 [ 1481.324235][ T522] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 1481.324253][ T522] ? __addrconf_sysctl_register+0xbb/0x360 [ 1481.324274][ T522] ? kmemdup_noprof+0x29/0x60 [ 1481.324288][ T522] kmemdup_noprof+0x29/0x60 [ 1481.324303][ T522] __addrconf_sysctl_register+0xbb/0x360 [ 1481.324322][ T522] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 1481.324343][ T522] ? __asan_memcpy+0x3c/0x60 [ 1481.324359][ T522] addrconf_init_net+0x50c/0x8e0 [ 1481.324377][ T522] ? __pfx_addrconf_init_net+0x10/0x10 [ 1481.324393][ T522] ops_init+0x1e2/0x5f0 [ 1481.324410][ T522] setup_net+0x100/0x390 [ 1481.324424][ T522] ? __pfx_setup_net+0x10/0x10 [ 1481.324438][ T522] ? debug_mutex_init+0x37/0x70 [ 1481.324457][ T522] copy_net_ns+0x2f8/0x690 [ 1481.324475][ T522] create_new_namespaces+0x3ea/0xa90 [ 1481.324496][ T522] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1481.324514][ T522] ksys_unshare+0x45b/0xa40 [ 1481.324533][ T522] ? __pfx_ksys_unshare+0x10/0x10 [ 1481.324552][ T522] ? xfd_validate_state+0x61/0x180 [ 1481.324578][ T522] __x64_sys_unshare+0x31/0x40 [ 1481.324595][ T522] do_syscall_64+0xcd/0xfa0 [ 1481.324612][ T522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1481.324627][ T522] RIP: 0033:0x7f5540f8efc9 [ 1481.324639][ T522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1481.324653][ T522] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1481.324667][ T522] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1481.324676][ T522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1481.324685][ T522] RBP: 00007f5541011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1481.324693][ T522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1481.324701][ T522] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1481.324721][ T522] [ 1482.274436][ T538] can0: slcan on pty238. [ 1482.435780][ T536] can0 (unregistered): slcan off pty238. [ 1482.676367][ T547] random: crng reseeded on system resumption [ 1483.460862][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1483.467488][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.245105][ T594] netlink: 28 bytes leftover after parsing attributes in process `syz.6.9473'. [ 1487.055596][ T604] netlink: 8 bytes leftover after parsing attributes in process `syz.6.9477'. [ 1487.941598][ T611] FAULT_INJECTION: forcing a failure. [ 1487.941598][ T611] name failslab, interval 1, probability 393216, space 0, times 0 [ 1488.039182][ T611] CPU: 1 UID: 0 PID: 611 Comm: syz.3.9478 Tainted: G U syzkaller #0 PREEMPT(full) [ 1488.039210][ T611] Tainted: [U]=USER [ 1488.039215][ T611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1488.039224][ T611] Call Trace: [ 1488.039230][ T611] [ 1488.039237][ T611] dump_stack_lvl+0x16c/0x1f0 [ 1488.039259][ T611] should_fail_ex+0x512/0x640 [ 1488.039281][ T611] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1488.039298][ T611] should_failslab+0xc2/0x120 [ 1488.039318][ T611] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1488.039333][ T611] ? mempool_init_node+0x2f7/0x6e0 [ 1488.039354][ T611] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1488.039370][ T611] ? mempool_init_node+0x2f7/0x6e0 [ 1488.039387][ T611] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1488.039403][ T611] mempool_init_node+0x2f7/0x6e0 [ 1488.039423][ T611] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 1488.039439][ T611] ? __pfx_mempool_free_slab+0x10/0x10 [ 1488.039456][ T611] mempool_init_noprof+0x3a/0x50 [ 1488.039475][ T611] bioset_init+0x388/0x8a0 [ 1488.039505][ T611] ? __pfx_bioset_init+0x10/0x10 [ 1488.039532][ T611] __alloc_disk_node+0x83/0x640 [ 1488.039555][ T611] __blk_mq_alloc_disk+0x89/0x120 [ 1488.039574][ T611] loop_add+0x490/0xb70 [ 1488.039590][ T611] ? __pfx_loop_add+0x10/0x10 [ 1488.039616][ T611] ? find_held_lock+0x2b/0x80 [ 1488.039634][ T611] loop_control_ioctl+0x13e/0x630 [ 1488.039650][ T611] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1488.039668][ T611] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1488.039683][ T611] __x64_sys_ioctl+0x18e/0x210 [ 1488.039706][ T611] do_syscall_64+0xcd/0xfa0 [ 1488.039723][ T611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1488.039738][ T611] RIP: 0033:0x7f87ea98efc9 [ 1488.039750][ T611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1488.039765][ T611] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1488.039779][ T611] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1488.039790][ T611] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 1488.039800][ T611] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1488.039808][ T611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1488.039816][ T611] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1488.039835][ T611] [ 1488.734207][ T621] random: crng reseeded on system resumption [ 1490.137128][ T628] hub 8-0:1.0: USB hub found [ 1490.183949][ T629] random: crng reseeded on system resumption [ 1490.241723][ T628] hub 8-0:1.0: 1 port detected [ 1490.460438][ T3475] Bluetooth: hci4: Frame reassembly failed (-84) [ 1492.006042][ T643] random: crng reseeded on system resumption [ 1492.447539][T17859] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1495.279803][ T673] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9491'. [ 1497.167894][ T682] FAULT_INJECTION: forcing a failure. [ 1497.167894][ T682] name failslab, interval 1, probability 393216, space 0, times 0 [ 1497.256870][ T682] CPU: 1 UID: 0 PID: 682 Comm: syz.7.9502 Tainted: G U syzkaller #0 PREEMPT(full) [ 1497.256898][ T682] Tainted: [U]=USER [ 1497.256903][ T682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1497.256916][ T682] Call Trace: [ 1497.256922][ T682] [ 1497.256928][ T682] dump_stack_lvl+0x16c/0x1f0 [ 1497.256950][ T682] should_fail_ex+0x512/0x640 [ 1497.256972][ T682] ? fs_reclaim_acquire+0xae/0x150 [ 1497.256993][ T682] should_failslab+0xc2/0x120 [ 1497.257012][ T682] __kmalloc_noprof+0xdd/0x880 [ 1497.257101][ T682] ? kfree+0x252/0x6d0 [ 1497.257119][ T682] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1497.257143][ T682] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1497.257159][ T682] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1497.257182][ T682] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1497.257207][ T682] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1497.257236][ T682] ? proc_sys_lookup+0x2e6/0x400 [ 1497.257275][ T682] ? lock_acquire+0x179/0x350 [ 1497.257295][ T682] ? find_held_lock+0x2b/0x80 [ 1497.257311][ T682] ? mnt_get_write_access+0x52/0x2f0 [ 1497.257333][ T682] tomoyo_file_open+0x6b/0x90 [ 1497.257353][ T682] security_file_open+0x84/0x1e0 [ 1497.257375][ T682] do_dentry_open+0x596/0x1530 [ 1497.257398][ T682] vfs_open+0x82/0x3f0 [ 1497.257421][ T682] path_openat+0x1de4/0x2cb0 [ 1497.257446][ T682] ? __pfx_path_openat+0x10/0x10 [ 1497.257463][ T682] ? __lock_acquire+0xb8a/0x1c90 [ 1497.257484][ T682] do_filp_open+0x20b/0x470 [ 1497.257500][ T682] ? __pfx_do_filp_open+0x10/0x10 [ 1497.257535][ T682] ? alloc_fd+0x471/0x7d0 [ 1497.257555][ T682] do_sys_openat2+0x11b/0x1d0 [ 1497.257575][ T682] ? __pfx_do_sys_openat2+0x10/0x10 [ 1497.257605][ T682] __x64_sys_openat+0x174/0x210 [ 1497.257627][ T682] ? __pfx___x64_sys_openat+0x10/0x10 [ 1497.257664][ T682] do_syscall_64+0xcd/0xfa0 [ 1497.257683][ T682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1497.257699][ T682] RIP: 0033:0x7f5540f8efc9 [ 1497.257714][ T682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1497.257729][ T682] RSP: 002b:00007f5541de1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1497.257812][ T682] RAX: ffffffffffffffda RBX: 00007f55411e5fa0 RCX: 00007f5540f8efc9 [ 1497.257823][ T682] RDX: 0000000000101302 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1497.257833][ T682] RBP: 00007f5541011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1497.257842][ T682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1497.257851][ T682] R13: 00007f55411e6038 R14: 00007f55411e5fa0 R15: 00007fff887462d8 [ 1497.257873][ T682] [ 1497.257881][ T682] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1497.980249][ T689] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1498.263496][ T699] FAULT_INJECTION: forcing a failure. [ 1498.263496][ T699] name failslab, interval 1, probability 393216, space 0, times 0 [ 1498.338793][ T699] CPU: 1 UID: 0 PID: 699 Comm: syz.3.9496 Tainted: G U syzkaller #0 PREEMPT(full) [ 1498.338819][ T699] Tainted: [U]=USER [ 1498.338825][ T699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1498.338834][ T699] Call Trace: [ 1498.338839][ T699] [ 1498.338845][ T699] dump_stack_lvl+0x16c/0x1f0 [ 1498.338867][ T699] should_fail_ex+0x512/0x640 [ 1498.338889][ T699] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1498.338907][ T699] should_failslab+0xc2/0x120 [ 1498.338927][ T699] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1498.338942][ T699] ? __proc_create+0x2ce/0x8e0 [ 1498.338966][ T699] ? __proc_create+0x2ce/0x8e0 [ 1498.338985][ T699] __proc_create+0x2ce/0x8e0 [ 1498.339005][ T699] ? __pfx___proc_create+0x10/0x10 [ 1498.339026][ T699] ? _raw_write_unlock+0x28/0x50 [ 1498.339046][ T699] proc_create_reg+0x7d/0x180 [ 1498.339068][ T699] proc_create_net_data+0x8e/0x1c0 [ 1498.339089][ T699] ? __pfx_proc_create_net_data+0x10/0x10 [ 1498.339109][ T699] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1498.339131][ T699] ? __pfx_dev_mc_net_init+0x10/0x10 [ 1498.339152][ T699] dev_mc_net_init+0x50/0x70 [ 1498.339171][ T699] ops_init+0x1e2/0x5f0 [ 1498.339188][ T699] setup_net+0x100/0x390 [ 1498.339202][ T699] ? __pfx_setup_net+0x10/0x10 [ 1498.339217][ T699] ? debug_mutex_init+0x37/0x70 [ 1498.339234][ T699] copy_net_ns+0x2f8/0x690 [ 1498.339252][ T699] create_new_namespaces+0x3ea/0xa90 [ 1498.339272][ T699] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1498.339291][ T699] ksys_unshare+0x45b/0xa40 [ 1498.339310][ T699] ? __pfx_ksys_unshare+0x10/0x10 [ 1498.339329][ T699] ? xfd_validate_state+0x61/0x180 [ 1498.339355][ T699] __x64_sys_unshare+0x31/0x40 [ 1498.339373][ T699] do_syscall_64+0xcd/0xfa0 [ 1498.339390][ T699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.339405][ T699] RIP: 0033:0x7f87ea98efc9 [ 1498.339417][ T699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1498.339433][ T699] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1498.339449][ T699] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1498.339459][ T699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1498.339467][ T699] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1498.339476][ T699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1498.339484][ T699] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1498.339503][ T699] [ 1499.241868][ T703] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1499.925065][ T706] i2c i2c-0: Failed to register i2c client card: at 0x01 (-16) [ 1500.274226][ T717] nvme_fcloop: unknown parameter or missing value '0' [ 1500.368645][ T717] hub 1-0:1.0: USB hub found [ 1500.416838][ T717] hub 1-0:1.0: 1 port detected [ 1500.474730][ T717] FAULT_INJECTION: forcing a failure. [ 1500.474730][ T717] name failslab, interval 1, probability 393216, space 0, times 0 [ 1500.575153][ T717] CPU: 1 UID: 0 PID: 717 Comm: syz.3.9499 Tainted: G U syzkaller #0 PREEMPT(full) [ 1500.575179][ T717] Tainted: [U]=USER [ 1500.575185][ T717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1500.575194][ T717] Call Trace: [ 1500.575200][ T717] [ 1500.575206][ T717] dump_stack_lvl+0x16c/0x1f0 [ 1500.575227][ T717] should_fail_ex+0x512/0x640 [ 1500.575249][ T717] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1500.575266][ T717] should_failslab+0xc2/0x120 [ 1500.575286][ T717] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1500.575300][ T717] ? __kernfs_new_node+0xd2/0x8e0 [ 1500.575322][ T717] ? __kernfs_new_node+0xd2/0x8e0 [ 1500.575338][ T717] __kernfs_new_node+0xd2/0x8e0 [ 1500.575358][ T717] ? __pfx___kernfs_new_node+0x10/0x10 [ 1500.575381][ T717] ? find_held_lock+0x2b/0x80 [ 1500.575397][ T717] ? kernfs_root+0xee/0x2a0 [ 1500.575418][ T717] kernfs_new_node+0x13c/0x1e0 [ 1500.575442][ T717] __kernfs_create_file+0x53/0x350 [ 1500.575459][ T717] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1500.575481][ T717] internal_create_group+0x578/0xf30 [ 1500.575503][ T717] ? sysfs_create_file_ns+0x154/0x1d0 [ 1500.575519][ T717] ? __pfx_internal_create_group+0x10/0x10 [ 1500.575544][ T717] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1500.575560][ T717] ? down_read+0x13d/0x480 [ 1500.575581][ T717] ? acpi_device_notify+0x351/0x480 [ 1500.575600][ T717] ? lockdep_init_map_type+0x5c/0x280 [ 1500.575623][ T717] internal_create_groups+0x9d/0x150 [ 1500.575644][ T717] device_add+0x77f/0x1aa0 [ 1500.575668][ T717] ? __pfx_device_add+0x10/0x10 [ 1500.575688][ T717] ? lockdep_init_map_type+0x5c/0x280 [ 1500.575708][ T717] ? __init_waitqueue_head+0xca/0x150 [ 1500.575735][ T717] usb_create_ep_devs+0x160/0x2b0 [ 1500.575752][ T717] create_intf_ep_devs.isra.0+0x161/0x200 [ 1500.575778][ T717] usb_set_configuration+0x11a7/0x1e20 [ 1500.575813][ T717] bConfigurationValue_store+0x100/0x180 [ 1500.575828][ T717] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1500.575842][ T717] ? find_held_lock+0x2b/0x80 [ 1500.575857][ T717] ? sysfs_file_kobj+0xe4/0x290 [ 1500.575873][ T717] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1500.575886][ T717] dev_attr_store+0x58/0x80 [ 1500.575905][ T717] ? __pfx_dev_attr_store+0x10/0x10 [ 1500.575925][ T717] sysfs_kf_write+0xf2/0x150 [ 1500.575941][ T717] kernfs_fop_write_iter+0x3af/0x570 [ 1500.575963][ T717] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1500.575981][ T717] iter_file_splice_write+0xa24/0x12e0 [ 1500.576007][ T717] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1500.576026][ T717] ? __pfx_copy_splice_read+0x10/0x10 [ 1500.576059][ T717] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1500.576075][ T717] direct_splice_actor+0x192/0x6c0 [ 1500.576092][ T717] splice_direct_to_actor+0x345/0xa30 [ 1500.576107][ T717] ? __pfx_direct_splice_actor+0x10/0x10 [ 1500.576126][ T717] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1500.576146][ T717] do_splice_direct+0x174/0x240 [ 1500.576160][ T717] ? __pfx_do_splice_direct+0x10/0x10 [ 1500.576178][ T717] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1500.576204][ T717] ? rw_verify_area+0xcf/0x6c0 [ 1500.576219][ T717] do_sendfile+0xb06/0xe50 [ 1500.576237][ T717] ? __pfx_do_sendfile+0x10/0x10 [ 1500.576256][ T717] ? __x64_sys_futex+0x1e0/0x4c0 [ 1500.576275][ T717] ? __x64_sys_futex+0x1e9/0x4c0 [ 1500.576296][ T717] __x64_sys_sendfile64+0x1d8/0x220 [ 1500.576316][ T717] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1500.576340][ T717] do_syscall_64+0xcd/0xfa0 [ 1500.576357][ T717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1500.576372][ T717] RIP: 0033:0x7f87ea98efc9 [ 1500.576385][ T717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1500.576398][ T717] RSP: 002b:00007f87e8bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1500.576413][ T717] RAX: ffffffffffffffda RBX: 00007f87eabe5fa0 RCX: 00007f87ea98efc9 [ 1500.576423][ T717] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 1500.576432][ T717] RBP: 00007f87eaa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1500.576441][ T717] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1500.576450][ T717] R13: 00007f87eabe6038 R14: 00007f87eabe5fa0 R15: 00007fff64958098 [ 1500.576471][ T717] [ 1503.928136][ T758] ================================================================== [ 1503.936234][ T758] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 1503.943952][ T758] Read of size 8 at addr ffff888029da6a18 by task syz.6.9513/758 [ 1503.951653][ T758] [ 1503.953967][ T758] CPU: 1 UID: 0 PID: 758 Comm: syz.6.9513 Tainted: G U syzkaller #0 PREEMPT(full) [ 1503.953990][ T758] Tainted: [U]=USER [ 1503.953995][ T758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1503.954006][ T758] Call Trace: [ 1503.954013][ T758] [ 1503.954020][ T758] dump_stack_lvl+0x116/0x1f0 [ 1503.954039][ T758] print_report+0xcd/0x630 [ 1503.954058][ T758] ? __virt_addr_valid+0x81/0x610 [ 1503.954078][ T758] ? __phys_addr+0xe8/0x180 [ 1503.954095][ T758] ? dvb_device_open+0x36a/0x3b0 [ 1503.954114][ T758] kasan_report+0xe0/0x110 [ 1503.954132][ T758] ? dvb_device_open+0x36a/0x3b0 [ 1503.954150][ T758] ? __pfx_dvb_device_open+0x10/0x10 [ 1503.954167][ T758] dvb_device_open+0x36a/0x3b0 [ 1503.954186][ T758] ? __pfx_dvb_device_open+0x10/0x10 [ 1503.954203][ T758] chrdev_open+0x234/0x6a0 [ 1503.954220][ T758] ? __pfx_apparmor_file_open+0x10/0x10 [ 1503.954241][ T758] ? __pfx_chrdev_open+0x10/0x10 [ 1503.954258][ T758] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1503.954275][ T758] do_dentry_open+0x982/0x1530 [ 1503.954292][ T758] ? __pfx_chrdev_open+0x10/0x10 [ 1503.954310][ T758] vfs_open+0x82/0x3f0 [ 1503.954334][ T758] path_openat+0x1de4/0x2cb0 [ 1503.954352][ T758] ? __pfx_path_openat+0x10/0x10 [ 1503.954367][ T758] ? __lock_acquire+0xb8a/0x1c90 [ 1503.954387][ T758] do_filp_open+0x20b/0x470 [ 1503.954402][ T758] ? __pfx_do_filp_open+0x10/0x10 [ 1503.954424][ T758] ? alloc_fd+0x471/0x7d0 [ 1503.954439][ T758] do_sys_openat2+0x11b/0x1d0 [ 1503.954459][ T758] ? __pfx_do_sys_openat2+0x10/0x10 [ 1503.954477][ T758] ? __pfx_do_sys_openat2+0x10/0x10 [ 1503.954497][ T758] ? __pfx___might_resched+0x10/0x10 [ 1503.954513][ T758] __x64_sys_openat+0x174/0x210 [ 1503.954533][ T758] ? __pfx___x64_sys_openat+0x10/0x10 [ 1503.954557][ T758] do_syscall_64+0xcd/0xfa0 [ 1503.954573][ T758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1503.954587][ T758] RIP: 0033:0x7fb94418efc9 [ 1503.954600][ T758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1503.954616][ T758] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1503.954631][ T758] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1503.954641][ T758] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1503.954651][ T758] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1503.954661][ T758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1503.954670][ T758] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1503.954685][ T758] [ 1503.954690][ T758] [ 1504.214693][ T758] Allocated by task 1: [ 1504.218738][ T758] kasan_save_stack+0x33/0x60 [ 1504.223400][ T758] kasan_save_track+0x14/0x30 [ 1504.228059][ T758] __kasan_kmalloc+0xaa/0xb0 [ 1504.232649][ T758] dvb_register_device+0x1e4/0x2370 [ 1504.237941][ T758] dvb_register_frontend+0x5a6/0x880 [ 1504.243222][ T758] vidtv_bridge_probe+0x459/0xa90 [ 1504.248316][ T758] platform_probe+0x106/0x1d0 [ 1504.252972][ T758] really_probe+0x241/0xa90 [ 1504.257484][ T758] __driver_probe_device+0x1de/0x440 [ 1504.262756][ T758] driver_probe_device+0x4c/0x1b0 [ 1504.267769][ T758] __driver_attach+0x283/0x580 [ 1504.272517][ T758] bus_for_each_dev+0x13e/0x1d0 [ 1504.277366][ T758] bus_add_driver+0x2e9/0x690 [ 1504.282030][ T758] driver_register+0x15c/0x4b0 [ 1504.286782][ T758] vidtv_bridge_init+0x45/0x80 [ 1504.291526][ T758] do_one_initcall+0x123/0x6e0 [ 1504.296281][ T758] kernel_init_freeable+0x5c8/0x920 [ 1504.301467][ T758] kernel_init+0x1c/0x2b0 [ 1504.305783][ T758] ret_from_fork+0x675/0x7d0 [ 1504.310359][ T758] ret_from_fork_asm+0x1a/0x30 [ 1504.315108][ T758] [ 1504.317407][ T758] Freed by task 689: [ 1504.321301][ T758] kasan_save_stack+0x33/0x60 [ 1504.325963][ T758] kasan_save_track+0x14/0x30 [ 1504.330631][ T758] __kasan_save_free_info+0x3b/0x60 [ 1504.335814][ T758] __kasan_slab_free+0x5f/0x80 [ 1504.340574][ T758] kfree+0x2b8/0x6d0 [ 1504.344473][ T758] dvb_device_put.part.0+0x60/0x90 [ 1504.349589][ T758] dvb_device_open+0x2a4/0x3b0 [ 1504.354345][ T758] chrdev_open+0x234/0x6a0 [ 1504.358750][ T758] do_dentry_open+0x982/0x1530 [ 1504.363494][ T758] vfs_open+0x82/0x3f0 [ 1504.367549][ T758] path_openat+0x1de4/0x2cb0 [ 1504.372119][ T758] do_filp_open+0x20b/0x470 [ 1504.376604][ T758] do_sys_openat2+0x11b/0x1d0 [ 1504.381273][ T758] __x64_sys_openat+0x174/0x210 [ 1504.386109][ T758] do_syscall_64+0xcd/0xfa0 [ 1504.390591][ T758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1504.396575][ T758] [ 1504.398891][ T758] The buggy address belongs to the object at ffff888029da6a00 [ 1504.398891][ T758] which belongs to the cache kmalloc-256 of size 256 [ 1504.413025][ T758] The buggy address is located 24 bytes inside of [ 1504.413025][ T758] freed 256-byte region [ffff888029da6a00, ffff888029da6b00) [ 1504.426821][ T758] [ 1504.429150][ T758] The buggy address belongs to the physical page: [ 1504.435542][ T758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29da6 [ 1504.444346][ T758] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1504.453018][ T758] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1504.460545][ T758] page_type: f5(slab) [ 1504.464596][ T758] raw: 00fff00000000040 ffff88813ffa6b40 dead000000000122 0000000000000000 [ 1504.473179][ T758] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1504.481769][ T758] head: 00fff00000000040 ffff88813ffa6b40 dead000000000122 0000000000000000 [ 1504.490444][ T758] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1504.499109][ T758] head: 00fff00000000001 ffffea0000a76981 00000000ffffffff 00000000ffffffff [ 1504.507782][ T758] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1504.516472][ T758] page dumped because: kasan: bad access detected [ 1504.522863][ T758] page_owner tracks the page as allocated [ 1504.528572][ T758] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19986254900, free_ts 0 [ 1504.548537][ T758] post_alloc_hook+0x1c0/0x230 [ 1504.553302][ T758] get_page_from_freelist+0x10a3/0x3a30 [ 1504.558851][ T758] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 1504.564726][ T758] alloc_pages_mpol+0x1fb/0x550 [ 1504.569598][ T758] new_slab+0x24a/0x360 [ 1504.573763][ T758] ___slab_alloc+0xdc4/0x1ae0 [ 1504.578469][ T758] __slab_alloc.constprop.0+0x63/0x110 [ 1504.583917][ T758] __kmalloc_cache_noprof+0x477/0x780 [ 1504.589280][ T758] bus_add_driver+0x92/0x690 [ 1504.593945][ T758] driver_register+0x15c/0x4b0 [ 1504.598757][ T758] usb_register_driver+0x216/0x4d0 [ 1504.603887][ T758] do_one_initcall+0x123/0x6e0 [ 1504.608662][ T758] kernel_init_freeable+0x5c8/0x920 [ 1504.613848][ T758] kernel_init+0x1c/0x2b0 [ 1504.618167][ T758] ret_from_fork+0x675/0x7d0 [ 1504.622753][ T758] ret_from_fork_asm+0x1a/0x30 [ 1504.627502][ T758] page_owner free stack trace missing [ 1504.632845][ T758] [ 1504.635144][ T758] Memory state around the buggy address: [ 1504.640765][ T758] ffff888029da6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1504.648907][ T758] ffff888029da6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1504.656953][ T758] >ffff888029da6a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1504.665074][ T758] ^ [ 1504.669913][ T758] ffff888029da6a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1504.678000][ T758] ffff888029da6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1504.686055][ T758] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1506.088758][T26993] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 1506.205568][T26993] EXT4-fs error (device sda1) in ext4_free_inode:361: Filesystem failed CRC [ 1506.341516][T26993] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1507.186175][T16194] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1507.200693][ T50] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1507.244774][T16194] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1507.364336][T23901] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1507.441613][ T50] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1507.472419][T23901] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1507.531029][ T758] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1507.538254][ T758] CPU: 1 UID: 0 PID: 758 Comm: syz.6.9513 Tainted: G U syzkaller #0 PREEMPT(full) [ 1507.549005][ T758] Tainted: [U]=USER [ 1507.552811][ T758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1507.563036][ T758] Call Trace: [ 1507.566302][ T758] [ 1507.569218][ T758] dump_stack_lvl+0x3d/0x1f0 [ 1507.573795][ T758] vpanic+0x640/0x6f0 [ 1507.577765][ T758] panic+0xca/0xd0 [ 1507.581478][ T758] ? __pfx_panic+0x10/0x10 [ 1507.585880][ T758] ? dvb_device_open+0x36a/0x3b0 [ 1507.590909][ T758] ? preempt_schedule_common+0x44/0xc0 [ 1507.596359][ T758] ? preempt_schedule_thunk+0x16/0x30 [ 1507.601762][ T758] check_panic_on_warn+0xab/0xb0 [ 1507.606703][ T758] end_report+0x107/0x170 [ 1507.611110][ T758] kasan_report+0xee/0x110 [ 1507.615522][ T758] ? dvb_device_open+0x36a/0x3b0 [ 1507.620446][ T758] ? __pfx_dvb_device_open+0x10/0x10 [ 1507.625713][ T758] dvb_device_open+0x36a/0x3b0 [ 1507.630485][ T758] ? __pfx_dvb_device_open+0x10/0x10 [ 1507.635752][ T758] chrdev_open+0x234/0x6a0 [ 1507.640242][ T758] ? __pfx_apparmor_file_open+0x10/0x10 [ 1507.645779][ T758] ? __pfx_chrdev_open+0x10/0x10 [ 1507.650702][ T758] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1507.657021][ T758] do_dentry_open+0x982/0x1530 [ 1507.661771][ T758] ? __pfx_chrdev_open+0x10/0x10 [ 1507.666694][ T758] vfs_open+0x82/0x3f0 [ 1507.670759][ T758] path_openat+0x1de4/0x2cb0 [ 1507.675343][ T758] ? __pfx_path_openat+0x10/0x10 [ 1507.680280][ T758] ? __lock_acquire+0xb8a/0x1c90 [ 1507.685207][ T758] do_filp_open+0x20b/0x470 [ 1507.689692][ T758] ? __pfx_do_filp_open+0x10/0x10 [ 1507.694892][ T758] ? alloc_fd+0x471/0x7d0 [ 1507.699480][ T758] do_sys_openat2+0x11b/0x1d0 [ 1507.704155][ T758] ? __pfx_do_sys_openat2+0x10/0x10 [ 1507.709344][ T758] ? __pfx_do_sys_openat2+0x10/0x10 [ 1507.714538][ T758] ? __pfx___might_resched+0x10/0x10 [ 1507.719826][ T758] __x64_sys_openat+0x174/0x210 [ 1507.724683][ T758] ? __pfx___x64_sys_openat+0x10/0x10 [ 1507.730072][ T758] do_syscall_64+0xcd/0xfa0 [ 1507.734565][ T758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1507.740464][ T758] RIP: 0033:0x7fb94418efc9 [ 1507.744872][ T758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1507.764463][ T758] RSP: 002b:00007fb9423f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1507.772873][ T758] RAX: ffffffffffffffda RBX: 00007fb9443e5fa0 RCX: 00007fb94418efc9 [ 1507.780848][ T758] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1507.788812][ T758] RBP: 00007fb944211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1507.796854][ T758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1507.804909][ T758] R13: 00007fb9443e6038 R14: 00007fb9443e5fa0 R15: 00007ffe3a51f548 [ 1507.812889][ T758] [ 1507.815961][ T758] Kernel Offset: disabled [ 1507.820283][ T758] Rebooting in 86400 seconds..