last executing test programs: 4.952194271s ago: executing program 3 (id=1149): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setitimer$auto_ITIMER_VIRTUAL(0x1, &(0x7f0000000080)={{0x7, 0x3076000000000000}, {0x10, 0x401}}, &(0x7f00000000c0)={{0xd1f3, 0x100000000}, {0xf33, 0x8}}) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r1 = getpid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r2, 0x65, 0x8, 0x0, 0x0) mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) lseek$auto(0x3, 0x8, 0x1) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r3, &(0x7f0000000000)='//\xf2\x00', 0x80000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x4, 0x0, 0x484, 0xfffffffffffffffe, 0x2c) 4.630279495s ago: executing program 2 (id=1151): r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="d8000000", @ANYRES16=r1, @ANYBLOB="01002d"], 0xd8}, 0x1, 0x0, 0x0, 0x41}, 0x4004880) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) move_pages$auto(0x1, 0x2000000000003, 0xffffffffffffffff, 0x0, 0x0, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x5, 0x1, 0x4b, 0x0, 0x9) mlock$auto(0x0, 0x4) 4.447661733s ago: executing program 2 (id=1152): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000001a40), 0x88800, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000001a80)=""/125, 0x7d) r2 = socket(0x2, 0x2, 0x0) connect$auto(r2, &(0x7f0000000080)=@llc={0x1a, 0x104, 0x9, 0xe, 0x8, 0x7f, @remote}, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r3 = io_uring_setup$auto(0x55, &(0x7f00000002c0)={0x7fffffff, 0x1d, 0x3000, 0x2920, 0x0, 0x400f, 0xffffffffffffffff, [], {0x6, 0x80006, 0x8c48, 0x7, 0x3, 0x3, 0x0, 0x2, 0xfffffffffffffffd}, {0xfe, 0x1, 0x56, 0x81, 0x2, 0x5, 0x76c4, 0x8, 0x8}}) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) socket(0x11, 0x3, 0x80000001) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) utimes$auto(0x0, 0x0) r5 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r5, 0x0, 0x1f42) r6 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_TUNSETVNETHDRSZ(r6, 0x400454d8, &(0x7f0000000040)=0xbc) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x4280, 0x0) mmap$auto(0x2, 0x2000b, 0x8000000000000001, 0x10, r3, 0x894) close_range$auto(0x0, r5, 0x4) ioctl$auto_BLKTRACESTART(r0, 0x1274, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) sendto$auto(r4, &(0x7f0000000200)="ada98632f1d85c7f8794f2d5749ada693b06dcfe85ea73b6c6a9a7e14d61e4b34d3e91e9f6b55ccd7574866ea52e2f7da2f9883124bfc2bcbd61d724d99c88bd09552f3979e6118919c8dd12", 0x2, 0x400, &(0x7f0000000280)=@ax25={0x3, @default, 0x1}, 0x80000001) r8 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000005c0), 0x2000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, 0x0) r9 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim5/ports/2/ipsec\x00', 0x331202, 0x0) poll$auto(&(0x7f0000000180)={r9, 0xdba2, 0x4}, 0x80000000, 0x1ff) ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r8, 0x80e85411, 0x0) writev$auto(r7, &(0x7f00000001c0)={0x0, 0x9}, 0x3) io_uring_register$auto_IORING_REGISTER_ZCRX_IFQ(0xffffffffffffffff, 0x20, 0x0, 0x0) 4.074083315s ago: executing program 0 (id=1154): syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x20004, 0xdf, 0x20eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0xfff, 0x8fe9, 0x9b72, 0xffffffffffffffff, 0x28000) fanotify_init$auto(0x6, 0x1) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) 3.980539842s ago: executing program 0 (id=1155): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, r1, 0x186f202170196f7b, 0x703d26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) madvise$auto(0x0, 0x2000040080000004, 0xb) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xd4d0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) bpf$auto(0x5, 0x0, 0x102) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x1, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0) gettid() ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40000403c6f2b, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x6f29, 0x0) eventfd2$auto(0x1, 0x6) close_range$auto(0x2, 0x8, 0x0) 3.886353096s ago: executing program 1 (id=1156): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) io_uring_setup$auto(0x5, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x2001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x4, 0xda, 0x948b, 0x0, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000005, 0x7, 0x4, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x958b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x40008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x10000]}, 0x0) (fail_nth: 1) close_range$auto(0x2, 0x8, 0x0) 3.810829428s ago: executing program 2 (id=1157): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x280, 0x0) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x80201, 0x0) ioctl$auto_SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0) r1 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000040), 0x101900, 0x0) mmap$auto(0xb, 0x475fc9e6, 0x1003, 0x1c, r1, 0x7ea) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/yama/ptrace_scope\x00', 0x88c42, 0x0) pread64$auto(r2, 0x0, 0x640, 0x2da5) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4048aec9, r2) 3.252583754s ago: executing program 3 (id=1158): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x80000000df, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) gettid() recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_NET_SHAPER_CMD_SET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0xc5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 2.993930533s ago: executing program 0 (id=1159): socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x3a9000, 0x0) r1 = ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000080)=0xa710) r2 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto_SO_SNDTIMEO_OLD(r2, 0x1, 0x15, &(0x7f0000000180)='IPVS\x00', &(0x7f00000001c0)=0x4) sigaltstack$auto(0x0, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) r4 = fcntl$auto(r3, 0x3, 0x0) read$auto(0x3, 0x0, 0x7fffffff) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) write$auto(r4, 0x0, 0x58) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) readv$auto(0x3, &(0x7f00000000c0)={&(0x7f00000002c0)="512566794d4de840caa9f9119b3cb947057a8c796bcf99da0700000000000000115473d6363af0c18f49c82a729ca9ce6a18229345aa560121dea730acd7e66913b2b3bcfa19333e1e44eca5ddf87a5f96bba12f000000000000000000e5c2157a839b14504f7acd228049ffc7cc0caac2582c6d2932d72255cd41aa8bee4dfe957a21e9f2cbcc4336cd80eb6c0f4669f5e9b900870dcfee1c8320486c81213faf5378505ed577edb458ec70aed022a0496cf13ebbaac4bb8fa07292931a95acd7d9b3b493de34abb87801d03bba5425c455bc1a3d9fe8112d01551bd04a336326492f0587509b3a7f63c2ca0ef3983318b4d1c8b1750e9dd742e6b0f35c7a370b8f1000d7c0382776764478a7bf987940091d686d9dfa26456a820ffe60", 0x7}, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x48880) r5 = clone$auto(0x6db, 0x9, 0x0, 0x0, 0x40000006) migrate_pages$auto(r5, 0x4, 0x0, &(0x7f0000000180)=0x2) ioctl$auto_TIOCSTI2(r3, 0x5412, 0x0) fcntl$auto_F_GETOWN(r0, 0x9, 0xaa) r6 = getpid() syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000000c0), r2) bind$auto(r2, &(0x7f00000008c0)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x3, 0x3}}, 0x79c2) process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) 2.921981637s ago: executing program 2 (id=1160): mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x29202, 0x0) mmap$auto(0x2000, 0xf, 0xb, 0x8000000008011, r0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x3, 0x1, 0x6d2e99e8, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @integer64=@value_ptr=0x0, "72ad000cac2d45bdaacfc82245992af763188bf00ab57d5d73b094925a872857fd2f672f85343275f80200000000000000ab45f7259ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8188ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c200"}) r3 = socket(0x10, 0x2, 0x6) sendmsg$auto_BATADV_CMD_GET_HARDIF(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x40, 0x0, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @random="66a2e8c4eb7f"}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8000}, @BATADV_ATTR_DAT_CACHE_IP4ADDRESS={0x8, 0x23, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x2617c6405e839940}, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x3}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0xc19}, @NL80211_ATTR_MNTR_FLAGS={0x1f, 0x17, "eb25605d9c0dacf059fd5ff34e6340ab34989178d2887a8af7e403"}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4084}, 0x4000080) mmap$auto(0x0, 0x10000, 0xde, 0x11, r1, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 2.753706166s ago: executing program 1 (id=1161): r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0) pread64$auto(r0, 0x0, 0x80, 0x6) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000004580)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYBLOB="01002bbd7000ff"], 0x1c}, 0x1, 0x0, 0x0, 0xc010}, 0x2000000) process_vm_readv$auto(0xd1d, &(0x7f00000010c0)={0x0, 0x4}, 0x4, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), 0xffffffffffffffff) socket(0x3, 0xa, 0x10009) ioctl$auto_BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x4040481) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x11, 0x2, 0x4) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x2}, 0x55) socket(0x10, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x8) ioprio_set$auto(0x3, 0x0, 0x4b34) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x110, r1, 0x40000008002) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x541c, r3) (fail_nth: 3) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4) mmap$auto(0xffffffffffff9e99, 0x40000e, 0x1000000df, 0x2000000012, 0x2, 0x1) r4 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'erspan0\x00'}) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.334573018s ago: executing program 1 (id=1162): openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vgem/name\x00', 0xa8201, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) userfaultfd$auto(0x1) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) 2.158155876s ago: executing program 3 (id=1163): syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000080), 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x20004, 0xdf, 0x20eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x6, 0x1) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) 1.920555819s ago: executing program 0 (id=1164): socket(0x21, 0x2, 0x2) mmap$auto(0x0, 0x28da, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x7fffffff, 0x7f, 0x2eb1, 0x401, 0x2000000000008000) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0xd489, 0x2000001, 0x0, 0xc, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) write$auto(r0, &(0x7f0000000140)=',\x00', 0x3) io_setup$auto(0x7ffe, &(0x7f0000000000)) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp1\x00', 0x8001, 0x0) ioctl$auto_SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000400)="21b1cb33582ab30c0fc2f8988ff32a87e5a798c661f15056c81ac32ade6424a1376c7cfb60196a5e7d16974951d49912719f7d20fb03848c0114c2027058a8497fefa2fd75a147ab04ffffff7f00000000580000000000400000000000000000775fcd366eb2cdff5218582d7e583655c143b21c496a1f2811199c3aabfd6e7c6d33647c662e32cb9d5bd05415e7321eba0c554fa680a1ceb98dd6fe61e9852d3c160b143a8e5d7987d89ad7eb6af9d76ff0056c062b1575adb6b878e017aa16a3ea145854d7661f56e26e7d922f4d969c0b432b4b3cd17af6195d") statmount$auto(0x0, 0x0, 0x1fe, 0xd) statmount$auto(0x0, 0x0, 0x2, 0xf) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x2101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/workqueue/writeback/max_active\x00', 0x1a2b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000100)=""/29, 0x1d) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) mmap$auto(0x0, 0x400008, 0x101, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x67903507, 0xfffffffffefeffff, 0x2, 0x0, 0x948d, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x8, 0x6d3e, 0x6, 0xffffffffffffffff, 0x7e09]}, 0x0) socket(0x2c, 0x3, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/asound/card1/pcm1p/sub4/xrun_injection\x00', 0x80002, 0x0) writev$auto(r4, &(0x7f0000000240)={0x0, 0x9}, 0xb) mmap$auto(0x0, 0x9, 0x9cad, 0x8012, 0x3, 0x8000) 1.919808741s ago: executing program 3 (id=1165): syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_fops_u64_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim2/psample/out_tc_occ_max\x00', 0x20002, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/maps\x00', 0x40000, 0x0) ioctl$auto(0x3, 0x40104d09, 0x5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card1/pcm1c/sub7/info\x00', 0x28102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2b, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_DUPLEX={0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000802) sysfs$auto(0x2, 0xd, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) write$auto(0x3, 0x0, 0x100082) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x3, 0x6, 0x6]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x4, 0x3, 0x3, 0x3, 0x3, 0x3, 0x8000000000000000, 0x2, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x3dd) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r4, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0xfe67, 0x0, 0x800, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xf0}, 0x20000000) 1.730273498s ago: executing program 2 (id=1166): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/neigh/veth0_macvtap/ucast_solicit\x00', 0x1015c0, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00<\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t+\xe4\xc2\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) write$auto(r0, &(0x7f0000000200)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[`.\xf7~\xd2\xfd\xf3\x95\x1d\xf8\x06\x00\x00\x00\x00\x00\x00\x00\xf8-\x10\xa6\xa0\n\xd1\xff\a\xae=R\x89\x00!\xc6J\x1d\x86J\"\xdd\xf88Y\n\x87\xcc\xb1([\xd1n2\xcd2\x05\x00\x00\x00', 0x40400) timerfd_gettime$auto(r0, &(0x7f0000000040)={{0x1, 0x5}, {0x4, 0x4}}) 806.656979ms ago: executing program 2 (id=1167): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, r1, 0x186f202170196f7b, 0x703d26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) madvise$auto(0x0, 0x2000040080000004, 0xb) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xd4d0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x8000, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) ustat$auto(0x801, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) bpf$auto(0x5, 0x0, 0x102) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x1, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0) gettid() ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40000403c6f2b, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x6f29, 0x0) eventfd2$auto(0x1, 0x6) close_range$auto(0x2, 0x8, 0x0) 734.240305ms ago: executing program 3 (id=1168): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x280, 0x0) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x80201, 0x0) ioctl$auto_SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0) r1 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000040), 0x101900, 0x0) mmap$auto(0xb, 0x475fc9e6, 0x1003, 0x1c, r1, 0x7ea) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/yama/ptrace_scope\x00', 0x88c42, 0x0) pread64$auto(r2, 0x0, 0x640, 0x2da5) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4048aec9, r2) 496.681907ms ago: executing program 0 (id=1169): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8402, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0xd, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3, 0xffffffffffffffff}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@test={r1, 0x101, 0x3ff, 0x8, 0x7e99, 0x2cd, 0x2, 0x8, 0x1ff, 0x5, 0x5, 0x0, 0x9, 0x4, 0x1}, 0x92) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptycf\x00', 0x141180, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000100)="6485468f3917d1bb51da6fa96cdbdbd498c1d45e22938bbba5a2d167a1f7bb83445bd6cf2c8aa10b126851629e832fe0b217a2b35178c47ebeb34d451f572ae733d2f84b97fc2f652f1f80dbb64f9670784a834a5d7f", 0x56) unshare$auto(0x21) getrandom$auto(0x0, 0x3, 0x7) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f00000000c0)={0x3, 0x81, 0x5b, 0x4, &(0x7f0000000280), 0xd22ff64, 0xeb90, 0x2, @stream_id=0x100, 0x7, 0x476, 0x0}) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, 0x0, 0xdfd) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_macvtap\x00'}) listmount$auto(0x0, 0x0, 0x4, 0x101) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) init_module$auto(0x0, 0x81, 0x0) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptyq1\x00', 0xa02, 0x0) 494.993756ms ago: executing program 1 (id=1170): r0 = socket(0x10, 0x2, 0x6) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) 443.531532ms ago: executing program 3 (id=1171): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x80000000df, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) gettid() recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_NET_SHAPER_CMD_SET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0xc5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 410.270982ms ago: executing program 1 (id=1172): socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x280, 0x0) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) mmap$auto(0x0, 0x40, 0xe3, 0x100000eb1, 0x40000000000a1, 0x408000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/ip_forward\x00', 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0xa, 0x1, 0x0) getsockopt$auto(r1, 0x6, 0x5, &(0x7f00000002c0)='$\xfe\x88\xc8\x91\x8bo\xc6#\x00\x00\x00\xfd\xb1\x00\xdb\xc0\x80\xd6\xdb>f\x8c\xf7\xb6G\xe0\xb0Z\x89\xf7i\xb8\xb0,\x86\x00\x9c~\xca\xcdi\xa6\x91R\x7f\x00B\x93H9\x19\xb4x\xe6\xb7\xd3\xe4\x00\x00\x00T@\xf0\x8b\xd4XE\x17\xaa\b', &(0x7f0000000180)=0xaa) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x8}) write$auto(0x3, 0x0, 0xfdef) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001100)='./cgroup.net/blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) socket(0x23, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/midiC2D3\x00', 0x1, 0x0) sysfs$auto(0x4, 0x6, 0xf103) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty29\x00', 0x800, 0x0) ioctl$auto(r2, 0x560a, r2) 130.542532ms ago: executing program 0 (id=1173): ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004114, 0x0) mmap$auto(0x3, 0x200009, 0x4, 0x48eb1, 0xffffffffffffffff, 0x300000000000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/netdevsim0/power/runtime_active_time\x00', 0x1a3040, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r1, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'team0\x00'}) bpf$auto(0x0, 0x0, 0xf) open(0x0, 0x261c2, 0xd4) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) memfd_create$auto(&(0x7f0000000000)='\x00', 0xe) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x169780, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c06, 0x0) 0s ago: executing program 1 (id=1174): socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0xe983, 0xdf, 0xeb4, 0xffffffffffffffff, 0x7ffd) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = socket(0x1f, 0x2, 0x36f6) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="80040000", @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf25110000006a042d80e3006280da3d12c4f8af755916f27cb61fae5709ee22e5b4db6b1f984da05b9e7fe7c89ae58ace4fc3f13501bf30d1eff83252b583e2689acc4bd8347b5d16543053abc5310ab98bb0ba5707bd94d4b8812a05bae1f4477468d1505fc28ddfac8b487801a40bed7b8e19d4a4e09a03406b81268f1fa351853cf7053c8f6396f6a2f0521f282407a325c668e43fa79479fb9e1848c85888bc7664cecce81979a38da58a32f2b3efc2f01c2e9195451a4f3ab1e75415116d17cf92a479d195ca925e5c82a1d61f7326bed356eac8d564462ad992dc6493b44085972904004b800400ab80000465d3f7a752c6d6794f2a04f80a6e3f566fca3bebd3cd810532b133c9af3db3861acdf45ee2e55d1ff52fb5ed885bf5079cfaa4856047baaeaaad40ed1c26d588ad4a539b7ca4755440e0b5c6dd652c8051747b49571b7d38890870fd3425b4bfa07ac2b6b8f94f8c9211a7dbc4b3a4a8eb81e0d702a8c47b6bb5759b40876c215fa382222c373acbe47bc96e79d818f82b819f16531b35b49cacbd3d89b7e39cf8f330a6f050b98c7847c65c3a10de2c331334bfc0dbbd7fb06ddac7f2043bf2891750c3f706379967d82af3d50116f2cf03b1a25f1ae5cd4272498d0151fbfc5092c383bd2883326b6d06a1f7a4e22ed0a518773f8bff1dcb565e173c7fcbf44965f09de3998a15689e29ad1c7f81495a831e2b0400b40004001300000000140007800d002f006e6c3830323135340000000008009400030000003ca73cfc9a710ec1e8717146ec12fb5c0045038a00c8a09c8e4e4abbe8e708e26d5b34146b8cff5f9698dd360cd24455da0199775c8be691158583f929926fffe91674ced4463b6e7ea105b1f28833fcba8010537c98328e1c53b4d7c82ab2d113ad37002b5ce40fd0102c4d2ffb402e187be7ba9af68ab88ffd3196fbc77ed60eab451c5ab8fd160bcad1497738ac3c274ace0e645e20f663e8c110bf65eb32c77a3de771e067cc2f0b12706d1afabb2f41f50cb63fbe9cd4da52d8332258837269fa6739ac5fce86c56fc4b93b8a59ad5c475b93f9b99854e0bc1d939d9429f13c856d88367f9afcfa6cea3a96e9f1e23a0e3d0a9e0f281cb53e55d2d6b35308c8c65b6de27dd518425f0258eb5b9d6c0b87f969b6ef0d6bea71734216afefb1caede5c77216fb940f8363ad58c29c15ca32571218a793518631585e272c7615c0b4a763ca9f8ef4f75eb824bf899136858c3f8ae300be8004000080040019806c50b3b9515be4b03aa81ff466db0581fd760aaef3f3007624fe60510f55aad44854882d13afbcf9df9c8ce1d746562bba5a074115f524f425ac0d85faed544ca85ad06afe9b88bedef2c167da5ce5e033939eeacd21dbe5c4b79e57373dd98239602081c1c0567cbf4782318eb3c89a9ab03d370e8cc3ab15d4b5f15a51c3e64dbb19c82b33cc8a6d5077dc334b2ca79eff98d8f101f374dd250d268728bdadb36ecae7b7dfbbcf37ee5185531fa7a21b5837357cea80e10d78d560fc9c19c02b8343d34e0ff8b248659110474c21e5d28b8504000b80000000"], 0x480}, 0x1, 0x0, 0x0, 0x20000}, 0x8044) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x0) statmount$auto(0x0, 0x0, 0x9, 0xd) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xfffffff7effffd04, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/sit0/ifindex\x00', 0x80000, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x92000, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci3/force_devcoredump\x00', 0x305656702fbcc16e, 0x0) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r5 = socket(0x11, 0x80003, 0x300) mmap$auto(0x3, 0x8001, 0x62, 0x10, r2, 0x7) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb2, 0x40000000000a1, 0x8000) setsockopt$auto(r5, 0x107, 0x12, 0x0, 0x4) bind$auto(r3, &(0x7f0000000080)=@xdp={0x2c, 0x0, 0x0, 0x29}, 0x6a) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0xc}}, 0x54) mmap$auto(0x0, 0x400008, 0xfffffffffffffff9, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfdf3) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) kernel console output (not intermixed with test programs): [ T6942] should_failslab+0xc2/0x120 [ 150.139291][ T6942] __kmalloc_cache_noprof+0x72/0x780 [ 150.139305][ T6942] ? trace_kmalloc+0x2b/0xd0 [ 150.139322][ T6942] ? snd_virmidi_output_open+0xc4/0x670 [ 150.139344][ T6942] ? snd_virmidi_output_open+0xc4/0x670 [ 150.139360][ T6942] snd_virmidi_output_open+0xc4/0x670 [ 150.139380][ T6942] open_substream+0x480/0x990 [ 150.139403][ T6942] rawmidi_open_priv+0x543/0x6e0 [ 150.139427][ T6942] snd_rawmidi_open+0x4cb/0xbf0 [ 150.139451][ T6942] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 150.139473][ T6942] ? __pfx_default_wake_function+0x10/0x10 [ 150.139490][ T6942] ? kobject_get_unless_zero+0x156/0x1e0 [ 150.139510][ T6942] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 150.139530][ T6942] snd_open+0x22d/0x4c0 [ 150.139547][ T6942] ? __pfx_snd_open+0x10/0x10 [ 150.139563][ T6942] chrdev_open+0x234/0x6a0 [ 150.139580][ T6942] ? __pfx_apparmor_file_open+0x10/0x10 [ 150.139601][ T6942] ? __pfx_chrdev_open+0x10/0x10 [ 150.139618][ T6942] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 150.139637][ T6942] do_dentry_open+0x982/0x1530 [ 150.139653][ T6942] ? __pfx_chrdev_open+0x10/0x10 [ 150.139674][ T6942] vfs_open+0x82/0x3f0 [ 150.139696][ T6942] path_openat+0x1de4/0x2cb0 [ 150.139718][ T6942] ? __pfx_path_openat+0x10/0x10 [ 150.139735][ T6942] ? __lock_acquire+0xb8a/0x1c90 [ 150.139755][ T6942] do_filp_open+0x20b/0x470 [ 150.139771][ T6942] ? __pfx_do_filp_open+0x10/0x10 [ 150.139800][ T6942] ? alloc_fd+0x471/0x7d0 [ 150.139818][ T6942] do_sys_openat2+0x11b/0x1d0 [ 150.139838][ T6942] ? __pfx_do_sys_openat2+0x10/0x10 [ 150.139865][ T6942] __x64_sys_openat+0x174/0x210 [ 150.139886][ T6942] ? __pfx___x64_sys_openat+0x10/0x10 [ 150.139913][ T6942] do_syscall_64+0xcd/0xfa0 [ 150.139931][ T6942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.139945][ T6942] RIP: 0033:0x7f642b58f6c9 [ 150.139957][ T6942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.139970][ T6942] RSP: 002b:00007f642c497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 150.139984][ T6942] RAX: ffffffffffffffda RBX: 00007f642b7e6270 RCX: 00007f642b58f6c9 [ 150.139993][ T6942] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 150.140003][ T6942] RBP: 00007f642b611f91 R08: 0000000000000000 R09: 0000000000000000 [ 150.140011][ T6942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.140019][ T6942] R13: 00007f642b7e6308 R14: 00007f642b7e6270 R15: 00007fff8379f128 [ 150.140047][ T6942] [ 150.903845][ T6944] zswap: compressor not available [ 151.559527][ T6967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.243'. [ 153.139324][ T6995] zswap: compressor not available [ 153.607842][ T6983] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 153.663649][ T6983] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 153.710264][ T6983] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 153.768062][ T6983] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 155.674422][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 155.707652][ T6992] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 155.716992][ T6992] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 155.724548][ T6992] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 155.732955][ T6992] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 155.913275][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.259272][ T7056] FAULT_INJECTION: forcing a failure. [ 157.259272][ T7056] name failslab, interval 1, probability 0, space 0, times 0 [ 157.272172][ T7056] CPU: 1 UID: 0 PID: 7056 Comm: syz.1.262 Tainted: G I syzkaller #0 PREEMPT(full) [ 157.272210][ T7056] Tainted: [I]=FIRMWARE_WORKAROUND [ 157.272219][ T7056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 157.272232][ T7056] Call Trace: [ 157.272241][ T7056] [ 157.272250][ T7056] dump_stack_lvl+0x16c/0x1f0 [ 157.272285][ T7056] should_fail_ex+0x512/0x640 [ 157.272320][ T7056] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 157.272353][ T7056] should_failslab+0xc2/0x120 [ 157.272386][ T7056] __kvmalloc_node_noprof+0x141/0x9c0 [ 157.272426][ T7056] ? lockdep_init_map_type+0x5c/0x280 [ 157.272460][ T7056] ? open_substream+0x311/0x990 [ 157.272502][ T7056] ? open_substream+0x311/0x990 [ 157.272535][ T7056] ? open_substream+0x19a/0x990 [ 157.272567][ T7056] open_substream+0x311/0x990 [ 157.272601][ T7056] ? lockdep_hardirqs_on+0x7c/0x110 [ 157.272633][ T7056] rawmidi_open_priv+0x543/0x6e0 [ 157.272675][ T7056] snd_rawmidi_open+0x4cb/0xbf0 [ 157.272718][ T7056] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 157.272757][ T7056] ? __pfx_default_wake_function+0x10/0x10 [ 157.272784][ T7056] ? preempt_schedule_thunk+0x16/0x30 [ 157.272822][ T7056] ? preempt_schedule_common+0x44/0xc0 [ 157.272853][ T7056] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 157.272889][ T7056] snd_open+0x22d/0x4c0 [ 157.272920][ T7056] ? __pfx_snd_open+0x10/0x10 [ 157.272949][ T7056] chrdev_open+0x234/0x6a0 [ 157.272978][ T7056] ? __pfx_apparmor_file_open+0x10/0x10 [ 157.273013][ T7056] ? __pfx_chrdev_open+0x10/0x10 [ 157.273045][ T7056] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 157.273080][ T7056] do_dentry_open+0x982/0x1530 [ 157.273110][ T7056] ? __pfx_chrdev_open+0x10/0x10 [ 157.273147][ T7056] vfs_open+0x82/0x3f0 [ 157.273186][ T7056] path_openat+0x1de4/0x2cb0 [ 157.273225][ T7056] ? __pfx_path_openat+0x10/0x10 [ 157.273255][ T7056] ? __lock_acquire+0xb8a/0x1c90 [ 157.273292][ T7056] do_filp_open+0x20b/0x470 [ 157.273320][ T7056] ? __pfx_do_filp_open+0x10/0x10 [ 157.273373][ T7056] ? alloc_fd+0x471/0x7d0 [ 157.273418][ T7056] do_sys_openat2+0x11b/0x1d0 [ 157.273453][ T7056] ? __pfx_do_sys_openat2+0x10/0x10 [ 157.273502][ T7056] __x64_sys_openat+0x174/0x210 [ 157.273539][ T7056] ? __pfx___x64_sys_openat+0x10/0x10 [ 157.273589][ T7056] do_syscall_64+0xcd/0xfa0 [ 157.273629][ T7056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.273655][ T7056] RIP: 0033:0x7f642b58f6c9 [ 157.273676][ T7056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.273700][ T7056] RSP: 002b:00007f642c497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 157.273723][ T7056] RAX: ffffffffffffffda RBX: 00007f642b7e6270 RCX: 00007f642b58f6c9 [ 157.273740][ T7056] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 157.273756][ T7056] RBP: 00007f642b611f91 R08: 0000000000000000 R09: 0000000000000000 [ 157.273771][ T7056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.273786][ T7056] R13: 00007f642b7e6308 R14: 00007f642b7e6270 R15: 00007fff8379f128 [ 157.273823][ T7056] [ 157.751610][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 157.751636][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 157.757639][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 159.134154][ T7078] Invalid ELF header magic: != ELF [ 161.131824][ T7122] zswap: compressor not available [ 161.325586][ T7129] : Can't lookup blockdev [ 161.431079][ T7091] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 161.437922][ T7091] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 161.459443][ T7091] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 161.465584][ T7091] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 161.668980][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.662480][ T7152] : Can't lookup blockdev [ 163.513437][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 163.519580][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 163.525588][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 163.862777][ T7179] : Can't lookup blockdev [ 165.667271][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 165.680494][ T7211] : Can't lookup blockdev [ 165.696857][ T7166] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 165.888713][ T7166] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.895412][ T7166] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.901690][ T7166] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 167.825879][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.985774][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.991834][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 168.644023][ T7266] netlink: 5 bytes leftover after parsing attributes in process `syz.0.319'. [ 170.482957][ T7316] FAULT_INJECTION: forcing a failure. [ 170.482957][ T7316] name failslab, interval 1, probability 0, space 0, times 0 [ 170.497517][ T7316] CPU: 0 UID: 0 PID: 7316 Comm: syz.3.329 Tainted: G I syzkaller #0 PREEMPT(full) [ 170.497539][ T7316] Tainted: [I]=FIRMWARE_WORKAROUND [ 170.497544][ T7316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 170.497552][ T7316] Call Trace: [ 170.497558][ T7316] [ 170.497563][ T7316] dump_stack_lvl+0x16c/0x1f0 [ 170.497583][ T7316] should_fail_ex+0x512/0x640 [ 170.497605][ T7316] ? __kmalloc_cache_noprof+0x5f/0x780 [ 170.497620][ T7316] should_failslab+0xc2/0x120 [ 170.497639][ T7316] __kmalloc_cache_noprof+0x72/0x780 [ 170.497652][ T7316] ? trace_kmalloc+0x2b/0xd0 [ 170.497669][ T7316] ? snd_virmidi_output_open+0xc4/0x670 [ 170.497690][ T7316] ? snd_virmidi_output_open+0xc4/0x670 [ 170.497707][ T7316] snd_virmidi_output_open+0xc4/0x670 [ 170.497727][ T7316] open_substream+0x480/0x990 [ 170.497750][ T7316] rawmidi_open_priv+0x543/0x6e0 [ 170.497773][ T7316] snd_rawmidi_open+0x4cb/0xbf0 [ 170.497798][ T7316] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 170.497820][ T7316] ? __pfx_default_wake_function+0x10/0x10 [ 170.497837][ T7316] ? kobject_get_unless_zero+0x156/0x1e0 [ 170.497857][ T7316] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 170.497877][ T7316] snd_open+0x22d/0x4c0 [ 170.497895][ T7316] ? __pfx_snd_open+0x10/0x10 [ 170.497911][ T7316] chrdev_open+0x234/0x6a0 [ 170.497927][ T7316] ? __pfx_apparmor_file_open+0x10/0x10 [ 170.497948][ T7316] ? __pfx_chrdev_open+0x10/0x10 [ 170.497965][ T7316] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 170.497984][ T7316] do_dentry_open+0x982/0x1530 [ 170.498001][ T7316] ? __pfx_chrdev_open+0x10/0x10 [ 170.498021][ T7316] vfs_open+0x82/0x3f0 [ 170.498046][ T7316] path_openat+0x1de4/0x2cb0 [ 170.498068][ T7316] ? __pfx_path_openat+0x10/0x10 [ 170.498084][ T7316] ? __lock_acquire+0xb8a/0x1c90 [ 170.498105][ T7316] do_filp_open+0x20b/0x470 [ 170.498120][ T7316] ? __pfx_do_filp_open+0x10/0x10 [ 170.498149][ T7316] ? alloc_fd+0x471/0x7d0 [ 170.498167][ T7316] do_sys_openat2+0x11b/0x1d0 [ 170.498187][ T7316] ? __pfx_do_sys_openat2+0x10/0x10 [ 170.498214][ T7316] __x64_sys_openat+0x174/0x210 [ 170.498234][ T7316] ? __pfx___x64_sys_openat+0x10/0x10 [ 170.498269][ T7316] do_syscall_64+0xcd/0xfa0 [ 170.498288][ T7316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.498302][ T7316] RIP: 0033:0x7ffbe3d8f6c9 [ 170.498314][ T7316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.498327][ T7316] RSP: 002b:00007ffbe4c9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 170.498340][ T7316] RAX: ffffffffffffffda RBX: 00007ffbe3fe6270 RCX: 00007ffbe3d8f6c9 [ 170.498350][ T7316] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 170.498358][ T7316] RBP: 00007ffbe3e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 170.498366][ T7316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.498374][ T7316] R13: 00007ffbe3fe6308 R14: 00007ffbe3fe6270 R15: 00007ffee16df3f8 [ 170.498394][ T7316] [ 171.081855][ T7309] netlink: 5 bytes leftover after parsing attributes in process `syz.0.328'. [ 171.998923][ T7340] : Can't lookup blockdev [ 172.029279][ T7337] netlink: 5 bytes leftover after parsing attributes in process `syz.2.335'. [ 175.022654][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 175.023339][ T7346] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 175.082643][ T7346] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 175.088758][ T7346] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 175.142421][ T7346] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 175.715854][ T7374] : Can't lookup blockdev [ 176.432050][ T7379] netlink: 5 bytes leftover after parsing attributes in process `syz.1.347'. [ 177.101219][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.107277][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 177.181203][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.101411][ T7413] : Can't lookup blockdev [ 180.252518][ T7440] netlink: 5 bytes leftover after parsing attributes in process `syz.3.360'. [ 181.278481][ T7470] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 182.086059][ T7475] sd 0:0:1:0: PR command failed: 1026 [ 182.112879][ T7475] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 182.135512][ T7475] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 182.238446][ T7474] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 182.407163][ T7476] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 182.607153][ T7476] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 182.670705][ T7476] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 182.698997][ T7488] netlink: 'syz.3.372': attribute type 10 has an invalid length. [ 182.706861][ T7488] netlink: 'syz.3.372': attribute type 13 has an invalid length. [ 182.759295][ T7476] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 184.148781][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 184.408870][ T7500] netlink: 5 bytes leftover after parsing attributes in process `syz.1.375'. [ 184.620076][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 184.709573][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 184.784394][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 187.158175][ T7562] netlink: 5 bytes leftover after parsing attributes in process `syz.2.390'. [ 188.477583][ T7576] : Can't lookup blockdev [ 188.613355][ T7580] : Can't lookup blockdev [ 189.838017][ T5828] Bluetooth: hci0: Malformed HCI Event: 0x22 [ 190.347636][ T7618] : Can't lookup blockdev [ 190.752396][ T7623] FAULT_INJECTION: forcing a failure. [ 190.752396][ T7623] name failslab, interval 1, probability 0, space 0, times 0 [ 190.830796][ T7623] CPU: 1 UID: 0 PID: 7623 Comm: syz.2.407 Tainted: G I syzkaller #0 PREEMPT(full) [ 190.830836][ T7623] Tainted: [I]=FIRMWARE_WORKAROUND [ 190.830846][ T7623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 190.830859][ T7623] Call Trace: [ 190.830867][ T7623] [ 190.830876][ T7623] dump_stack_lvl+0x16c/0x1f0 [ 190.830912][ T7623] should_fail_ex+0x512/0x640 [ 190.830947][ T7623] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 190.830976][ T7623] should_failslab+0xc2/0x120 [ 190.831012][ T7623] kmem_cache_alloc_noprof+0x75/0x6e0 [ 190.831039][ T7623] ? alloc_empty_file+0x55/0x1e0 [ 190.831080][ T7623] ? alloc_empty_file+0x55/0x1e0 [ 190.831112][ T7623] alloc_empty_file+0x55/0x1e0 [ 190.831144][ T7623] path_openat+0xda/0x2cb0 [ 190.831186][ T7623] ? __pfx_path_openat+0x10/0x10 [ 190.831218][ T7623] ? __lock_acquire+0xb8a/0x1c90 [ 190.831255][ T7623] do_filp_open+0x20b/0x470 [ 190.831280][ T7623] ? __pfx_do_filp_open+0x10/0x10 [ 190.831313][ T7623] ? alloc_fd+0x471/0x7d0 [ 190.831332][ T7623] do_sys_openat2+0x11b/0x1d0 [ 190.831353][ T7623] ? __pfx_do_sys_openat2+0x10/0x10 [ 190.831380][ T7623] __x64_sys_openat+0x174/0x210 [ 190.831401][ T7623] ? __pfx___x64_sys_openat+0x10/0x10 [ 190.831421][ T7623] ? ksys_write+0x1ac/0x250 [ 190.831442][ T7623] do_syscall_64+0xcd/0xfa0 [ 190.831460][ T7623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.831474][ T7623] RIP: 0033:0x7f319898f6c9 [ 190.831487][ T7623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.831500][ T7623] RSP: 002b:00007f319980b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 190.831521][ T7623] RAX: ffffffffffffffda RBX: 00007f3198be5fa0 RCX: 00007f319898f6c9 [ 190.831531][ T7623] RDX: 0000000000101440 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 190.831539][ T7623] RBP: 00007f3198a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 190.831548][ T7623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 190.831556][ T7623] R13: 00007f3198be6038 R14: 00007f3198be5fa0 R15: 00007ffd310c5ef8 [ 190.831576][ T7623] [ 190.833030][ T7629] vmstat_refresh: nr_hugetlb -2560 [ 191.061971][ T7634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.408'. [ 191.940564][ T7656] warning: `syz.1.416' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 192.743489][ T7667] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 193.006113][ T7665] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 193.889410][ T7686] netlink: 334 bytes leftover after parsing attributes in process `syz.1.424'. [ 194.137473][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.144027][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.973436][ T7684] netlink: 5 bytes leftover after parsing attributes in process `syz.3.423'. [ 197.700600][ T7746] deleting an unspecified loop device is not supported. [ 197.996467][ T7748] FAULT_INJECTION: forcing a failure. [ 197.996467][ T7748] name fail_futex, interval 1, probability 0, space 0, times 1 [ 198.019726][ T7748] CPU: 1 UID: 0 PID: 7748 Comm: syz.2.439 Tainted: G I syzkaller #0 PREEMPT(full) [ 198.019767][ T7748] Tainted: [I]=FIRMWARE_WORKAROUND [ 198.019777][ T7748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 198.019792][ T7748] Call Trace: [ 198.019800][ T7748] [ 198.019809][ T7748] dump_stack_lvl+0x16c/0x1f0 [ 198.019846][ T7748] should_fail_ex+0x512/0x640 [ 198.019888][ T7748] get_futex_key+0x1d0/0x1560 [ 198.019926][ T7748] ? __pfx_get_futex_key+0x10/0x10 [ 198.019960][ T7748] ? __destroy_inode+0x2e4/0x730 [ 198.019991][ T7748] ? __pfx_sock_free_inode+0x10/0x10 [ 198.020026][ T7748] futex_wake+0xea/0x530 [ 198.020063][ T7748] ? __pfx_evict+0x10/0x10 [ 198.020093][ T7748] ? __pfx_futex_wake+0x10/0x10 [ 198.020145][ T7748] do_futex+0x1e3/0x350 [ 198.020178][ T7748] ? __pfx_do_futex+0x10/0x10 [ 198.020218][ T7748] ? iput+0x35/0x40 [ 198.020247][ T7748] ? __sock_release+0x20b/0x270 [ 198.020282][ T7748] __x64_sys_futex+0x1e0/0x4c0 [ 198.020318][ T7748] ? __sys_socket+0xac/0x260 [ 198.020352][ T7748] ? __pfx___x64_sys_futex+0x10/0x10 [ 198.020385][ T7748] ? xfd_validate_state+0x61/0x180 [ 198.020418][ T7748] ? __pfx_ksys_write+0x10/0x10 [ 198.020456][ T7748] do_syscall_64+0xcd/0xfa0 [ 198.020488][ T7748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.020514][ T7748] RIP: 0033:0x7f319898f6c9 [ 198.020534][ T7748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.020557][ T7748] RSP: 002b:00007f319980b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 198.020581][ T7748] RAX: ffffffffffffffda RBX: 00007f3198be5fa8 RCX: 00007f319898f6c9 [ 198.020600][ T7748] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3198be5fac [ 198.020616][ T7748] RBP: 00007f3198be5fa0 R08: 00007f319980c000 R09: 0000000000000000 [ 198.020636][ T7748] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 198.020651][ T7748] R13: 00007f3198be6038 R14: 00007ffd310c5e10 R15: 00007ffd310c5ef8 [ 198.020686][ T7748] [ 201.075773][ T7803] block nbd9: NBD_DISCONNECT [ 201.878295][ T7808] netlink: 504 bytes leftover after parsing attributes in process `syz.0.456'. [ 204.748387][ T7854] netlink: 5 bytes leftover after parsing attributes in process `syz.2.463'. [ 205.417080][ T7869] netlink: 504 bytes leftover after parsing attributes in process `syz.3.468'. [ 206.804868][ T7873] delete_channel: no stack [ 210.368927][ T7922] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 211.612789][ T7919] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 217.992548][ T8036] netlink: 504 bytes leftover after parsing attributes in process `syz.1.509'. [ 218.730850][ T8044] ICMPv6: process `syz.3.511' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 221.558184][ T8100] netlink: 504 bytes leftover after parsing attributes in process `syz.2.526'. [ 222.781258][ T8118] netlink: 'syz.0.530': attribute type 1 has an invalid length. [ 222.849380][ T8118] netlink: 'syz.0.530': attribute type 1 has an invalid length. [ 222.893565][ T8118] netlink: 124 bytes leftover after parsing attributes in process `syz.0.530'. [ 222.955621][ T8118] netlink: 100 bytes leftover after parsing attributes in process `syz.0.530'. [ 226.097526][ T8154] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed. [ 226.351057][ T8178] netlink: 330 bytes leftover after parsing attributes in process `syz.2.545'. [ 227.436656][ T8192] netlink: 8 bytes leftover after parsing attributes in process `syz.0.547'. [ 228.956120][ T8217] FAULT_INJECTION: forcing a failure. [ 228.956120][ T8217] name failslab, interval 1, probability 0, space 0, times 0 [ 228.986008][ T8217] CPU: 0 UID: 0 PID: 8217 Comm: syz.3.553 Tainted: G I syzkaller #0 PREEMPT(full) [ 228.986031][ T8217] Tainted: [I]=FIRMWARE_WORKAROUND [ 228.986036][ T8217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 228.986044][ T8217] Call Trace: [ 228.986049][ T8217] [ 228.986055][ T8217] dump_stack_lvl+0x16c/0x1f0 [ 228.986076][ T8217] should_fail_ex+0x512/0x640 [ 228.986097][ T8217] ? fs_reclaim_acquire+0xae/0x150 [ 228.986118][ T8217] should_failslab+0xc2/0x120 [ 228.986137][ T8217] __kmalloc_noprof+0xdd/0x880 [ 228.986161][ T8217] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 228.986185][ T8217] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 228.986200][ T8217] tomoyo_realpath_from_path+0xc2/0x6e0 [ 228.986218][ T8217] ? tomoyo_profile+0x47/0x60 [ 228.986238][ T8217] tomoyo_path_number_perm+0x245/0x580 [ 228.986260][ T8217] ? tomoyo_path_number_perm+0x237/0x580 [ 228.986283][ T8217] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 228.986307][ T8217] ? find_held_lock+0x2b/0x80 [ 228.986339][ T8217] ? __pfx___might_resched+0x10/0x10 [ 228.986353][ T8217] ? hook_file_ioctl_common+0x145/0x410 [ 228.986377][ T8217] security_file_ioctl+0x9b/0x240 [ 228.986392][ T8217] __x64_sys_ioctl+0xb7/0x210 [ 228.986422][ T8217] do_syscall_64+0xcd/0xfa0 [ 228.986440][ T8217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.986455][ T8217] RIP: 0033:0x7ffbe3d8f6c9 [ 228.986466][ T8217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.986480][ T8217] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.986493][ T8217] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 228.986503][ T8217] RDX: 0000000000000000 RSI: 00000000c0585611 RDI: 0000000000000000 [ 228.986511][ T8217] RBP: 00007ffbe4cfe090 R08: 0000000000000000 R09: 0000000000000000 [ 228.986519][ T8217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.986527][ T8217] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 228.986546][ T8217] [ 228.986551][ T8217] ERROR: Out of memory at tomoyo_realpath_from_path. [ 230.269003][ T8232] FAULT_INJECTION: forcing a failure. [ 230.269003][ T8232] name failslab, interval 1, probability 0, space 0, times 0 [ 230.454836][ T8232] CPU: 1 UID: 0 PID: 8232 Comm: syz.2.558 Tainted: G I syzkaller #0 PREEMPT(full) [ 230.454879][ T8232] Tainted: [I]=FIRMWARE_WORKAROUND [ 230.454888][ T8232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 230.454902][ T8232] Call Trace: [ 230.454911][ T8232] [ 230.454921][ T8232] dump_stack_lvl+0x16c/0x1f0 [ 230.454957][ T8232] should_fail_ex+0x512/0x640 [ 230.454991][ T8232] ? __kmalloc_cache_noprof+0x5f/0x780 [ 230.455034][ T8232] should_failslab+0xc2/0x120 [ 230.455069][ T8232] __kmalloc_cache_noprof+0x72/0x780 [ 230.455095][ T8232] ? snd_card_file_add+0x52/0x340 [ 230.455135][ T8232] ? snd_card_file_add+0x52/0x340 [ 230.455166][ T8232] snd_card_file_add+0x52/0x340 [ 230.455211][ T8232] snd_rawmidi_open+0x2cc/0xbf0 [ 230.455258][ T8232] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 230.455307][ T8232] ? kobject_get_unless_zero+0x156/0x1e0 [ 230.455342][ T8232] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 230.455378][ T8232] snd_open+0x22d/0x4c0 [ 230.455409][ T8232] ? __pfx_snd_open+0x10/0x10 [ 230.455437][ T8232] chrdev_open+0x234/0x6a0 [ 230.455465][ T8232] ? __pfx_apparmor_file_open+0x10/0x10 [ 230.455501][ T8232] ? __pfx_chrdev_open+0x10/0x10 [ 230.455532][ T8232] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 230.455568][ T8232] do_dentry_open+0x982/0x1530 [ 230.455597][ T8232] ? __pfx_chrdev_open+0x10/0x10 [ 230.455633][ T8232] vfs_open+0x82/0x3f0 [ 230.455671][ T8232] path_openat+0x1de4/0x2cb0 [ 230.455711][ T8232] ? __pfx_path_openat+0x10/0x10 [ 230.455741][ T8232] ? __lock_acquire+0xb8a/0x1c90 [ 230.455777][ T8232] do_filp_open+0x20b/0x470 [ 230.455813][ T8232] ? __pfx_do_filp_open+0x10/0x10 [ 230.455867][ T8232] ? alloc_fd+0x471/0x7d0 [ 230.455904][ T8232] do_sys_openat2+0x11b/0x1d0 [ 230.455940][ T8232] ? __pfx_do_sys_openat2+0x10/0x10 [ 230.455988][ T8232] __x64_sys_openat+0x174/0x210 [ 230.456031][ T8232] ? __pfx___x64_sys_openat+0x10/0x10 [ 230.456084][ T8232] do_syscall_64+0xcd/0xfa0 [ 230.456118][ T8232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.456143][ T8232] RIP: 0033:0x7f319898f6c9 [ 230.456165][ T8232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.456188][ T8232] RSP: 002b:00007f31997ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 230.456211][ T8232] RAX: ffffffffffffffda RBX: 00007f3198be6090 RCX: 00007f319898f6c9 [ 230.456228][ T8232] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 230.456245][ T8232] RBP: 00007f3198a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 230.456260][ T8232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.456274][ T8232] R13: 00007f3198be6128 R14: 00007f3198be6090 R15: 00007ffd310c5ef8 [ 230.456309][ T8232] [ 230.897626][ T8245] hugetlbfs: syz.3.560 (8245): Using mlock ulimits for SHM_HUGETLB is obsolete [ 236.160000][ T8334] FAULT_INJECTION: forcing a failure. [ 236.160000][ T8334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.181739][ T8334] CPU: 1 UID: 0 PID: 8334 Comm: syz.3.581 Tainted: G I syzkaller #0 PREEMPT(full) [ 236.181781][ T8334] Tainted: [I]=FIRMWARE_WORKAROUND [ 236.181794][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 236.181808][ T8334] Call Trace: [ 236.181816][ T8334] [ 236.181826][ T8334] dump_stack_lvl+0x16c/0x1f0 [ 236.181861][ T8334] should_fail_ex+0x512/0x640 [ 236.181905][ T8334] _copy_from_user+0x2e/0xd0 [ 236.181947][ T8334] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 236.181998][ T8334] snd_rawmidi_write+0x26e/0xc10 [ 236.182044][ T8334] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 236.182084][ T8334] ? __pfx_default_wake_function+0x10/0x10 [ 236.182115][ T8334] ? bpf_lsm_file_permission+0x9/0x10 [ 236.182144][ T8334] ? security_file_permission+0x71/0x210 [ 236.182174][ T8334] ? rw_verify_area+0xcf/0x6c0 [ 236.182201][ T8334] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 236.182237][ T8334] vfs_write+0x2a0/0x11d0 [ 236.182273][ T8334] ? __pfx_vfs_write+0x10/0x10 [ 236.182298][ T8334] ? find_held_lock+0x2b/0x80 [ 236.182327][ T8334] ? __fget_files+0x204/0x3c0 [ 236.182359][ T8334] ? __fget_files+0x20e/0x3c0 [ 236.182395][ T8334] ksys_write+0x1f8/0x250 [ 236.182423][ T8334] ? __pfx_ksys_write+0x10/0x10 [ 236.182462][ T8334] do_syscall_64+0xcd/0xfa0 [ 236.182496][ T8334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.182524][ T8334] RIP: 0033:0x7ffbe3d8f6c9 [ 236.182547][ T8334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.182583][ T8334] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 236.182610][ T8334] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 236.182629][ T8334] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000005 [ 236.182645][ T8334] RBP: 00007ffbe3e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 236.182660][ T8334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 236.182676][ T8334] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 236.182712][ T8334] [ 237.439556][ T8354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.586'. [ 238.679347][ T8365] capability: warning: `syz.3.588' uses 32-bit capabilities (legacy support in use) [ 238.885414][ T8373] FAULT_INJECTION: forcing a failure. [ 238.885414][ T8373] name failslab, interval 1, probability 0, space 0, times 0 [ 238.899976][ T8373] CPU: 0 UID: 0 PID: 8373 Comm: syz.0.590 Tainted: G I syzkaller #0 PREEMPT(full) [ 238.900015][ T8373] Tainted: [I]=FIRMWARE_WORKAROUND [ 238.900025][ T8373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 238.900039][ T8373] Call Trace: [ 238.900047][ T8373] [ 238.900057][ T8373] dump_stack_lvl+0x16c/0x1f0 [ 238.900097][ T8373] should_fail_ex+0x512/0x640 [ 238.900132][ T8373] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 238.900165][ T8373] should_failslab+0xc2/0x120 [ 238.900200][ T8373] kmem_cache_alloc_noprof+0x75/0x6e0 [ 238.900225][ T8373] ? anon_vma_clone+0x405/0x5c0 [ 238.900261][ T8373] ? anon_vma_fork+0xe6/0x620 [ 238.900302][ T8373] ? anon_vma_fork+0xe6/0x620 [ 238.900337][ T8373] anon_vma_fork+0xe6/0x620 [ 238.900372][ T8373] ? vm_area_dup+0x5a1/0x8d0 [ 238.900399][ T8373] dup_mmap+0x151f/0x2280 [ 238.900446][ T8373] ? __pfx_dup_mmap+0x10/0x10 [ 238.900505][ T8373] copy_process+0x3f0c/0x76a0 [ 238.900544][ T8373] ? preempt_schedule_thunk+0x16/0x30 [ 238.900596][ T8373] ? __pfx_copy_process+0x10/0x10 [ 238.900623][ T8373] ? find_held_lock+0x2b/0x80 [ 238.900652][ T8373] ? futex_private_hash_put+0xd5/0x190 [ 238.900691][ T8373] kernel_clone+0xfc/0x930 [ 238.900721][ T8373] ? __pfx_futex_wake+0x10/0x10 [ 238.900756][ T8373] ? __pfx_kernel_clone+0x10/0x10 [ 238.900809][ T8373] __do_sys_clone+0xce/0x120 [ 238.900839][ T8373] ? __pfx___do_sys_clone+0x10/0x10 [ 238.900869][ T8373] ? __sys_sendmsg+0x18c/0x220 [ 238.900909][ T8373] ? xfd_validate_state+0x61/0x180 [ 238.900954][ T8373] do_syscall_64+0xcd/0xfa0 [ 238.900985][ T8373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.901010][ T8373] RIP: 0033:0x7fb12338f6c9 [ 238.901032][ T8373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.901056][ T8373] RSP: 002b:00007fb12423bfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 238.901081][ T8373] RAX: ffffffffffffffda RBX: 00007fb1235e6180 RCX: 00007fb12338f6c9 [ 238.901097][ T8373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 238.901110][ T8373] RBP: 00007fb123411f91 R08: 0000000000000000 R09: 0000000000000000 [ 238.901126][ T8373] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 238.901139][ T8373] R13: 00007fb1235e6218 R14: 00007fb1235e6180 R15: 00007fff5f55c228 [ 238.901176][ T8373] [ 239.807594][ T8385] FAULT_INJECTION: forcing a failure. [ 239.807594][ T8385] name failslab, interval 1, probability 0, space 0, times 0 [ 239.910867][ T8385] CPU: 0 UID: 0 PID: 8385 Comm: syz.0.593 Tainted: G I syzkaller #0 PREEMPT(full) [ 239.910891][ T8385] Tainted: [I]=FIRMWARE_WORKAROUND [ 239.910896][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 239.910904][ T8385] Call Trace: [ 239.910909][ T8385] [ 239.910914][ T8385] dump_stack_lvl+0x16c/0x1f0 [ 239.910935][ T8385] should_fail_ex+0x512/0x640 [ 239.910956][ T8385] ? fs_reclaim_acquire+0xae/0x150 [ 239.910977][ T8385] should_failslab+0xc2/0x120 [ 239.910996][ T8385] __kmalloc_noprof+0xdd/0x880 [ 239.911019][ T8385] ? tomoyo_encode2+0x100/0x3e0 [ 239.911038][ T8385] ? tomoyo_encode2+0x100/0x3e0 [ 239.911052][ T8385] tomoyo_encode2+0x100/0x3e0 [ 239.911069][ T8385] tomoyo_encode+0x29/0x50 [ 239.911084][ T8385] tomoyo_realpath_from_path+0x18f/0x6e0 [ 239.911105][ T8385] tomoyo_check_open_permission+0x2ab/0x3c0 [ 239.911130][ T8385] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 239.911152][ T8385] ? __lock_acquire+0xb8a/0x1c90 [ 239.911189][ T8385] ? do_raw_spin_lock+0x12c/0x2b0 [ 239.911216][ T8385] tomoyo_file_open+0x6b/0x90 [ 239.911237][ T8385] security_file_open+0x84/0x1e0 [ 239.911253][ T8385] do_dentry_open+0x596/0x1530 [ 239.911276][ T8385] vfs_open+0x82/0x3f0 [ 239.911298][ T8385] path_openat+0x1de4/0x2cb0 [ 239.911321][ T8385] ? __pfx_path_openat+0x10/0x10 [ 239.911337][ T8385] ? __lock_acquire+0xb8a/0x1c90 [ 239.911358][ T8385] do_filp_open+0x20b/0x470 [ 239.911373][ T8385] ? __pfx_do_filp_open+0x10/0x10 [ 239.911402][ T8385] ? alloc_fd+0x471/0x7d0 [ 239.911421][ T8385] do_sys_openat2+0x11b/0x1d0 [ 239.911441][ T8385] ? __pfx_do_sys_openat2+0x10/0x10 [ 239.911463][ T8385] ? __sys_sendmsg+0x18c/0x220 [ 239.911489][ T8385] __x64_sys_openat+0x174/0x210 [ 239.911510][ T8385] ? __pfx___x64_sys_openat+0x10/0x10 [ 239.911538][ T8385] do_syscall_64+0xcd/0xfa0 [ 239.911556][ T8385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.911571][ T8385] RIP: 0033:0x7fb12338f6c9 [ 239.911582][ T8385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.911595][ T8385] RSP: 002b:00007fb12423c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 239.911609][ T8385] RAX: ffffffffffffffda RBX: 00007fb1235e6180 RCX: 00007fb12338f6c9 [ 239.911619][ T8385] RDX: 00000000000a2500 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 239.911627][ T8385] RBP: 00007fb123411f91 R08: 0000000000000000 R09: 0000000000000000 [ 239.911635][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 239.911644][ T8385] R13: 00007fb1235e6218 R14: 00007fb1235e6180 R15: 00007fff5f55c228 [ 239.911663][ T8385] [ 239.911697][ T8385] ERROR: Out of memory at tomoyo_realpath_from_path. [ 240.285400][ T8389] FAULT_INJECTION: forcing a failure. [ 240.285400][ T8389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.299782][ T8389] CPU: 1 UID: 0 PID: 8389 Comm: syz.3.594 Tainted: G I syzkaller #0 PREEMPT(full) [ 240.299818][ T8389] Tainted: [I]=FIRMWARE_WORKAROUND [ 240.299827][ T8389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 240.299840][ T8389] Call Trace: [ 240.299848][ T8389] [ 240.299857][ T8389] dump_stack_lvl+0x16c/0x1f0 [ 240.299890][ T8389] should_fail_ex+0x512/0x640 [ 240.299930][ T8389] _copy_to_user+0x32/0xd0 [ 240.299969][ T8389] simple_read_from_buffer+0xcb/0x170 [ 240.300008][ T8389] proc_fail_nth_read+0x197/0x240 [ 240.300037][ T8389] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 240.300066][ T8389] ? rw_verify_area+0xcf/0x6c0 [ 240.300089][ T8389] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 240.300115][ T8389] vfs_read+0x1e4/0xcf0 [ 240.300146][ T8389] ? __pfx___mutex_lock+0x10/0x10 [ 240.300184][ T8389] ? __pfx_vfs_read+0x10/0x10 [ 240.300219][ T8389] ? __fget_files+0x20e/0x3c0 [ 240.300254][ T8389] ksys_read+0x12a/0x250 [ 240.300279][ T8389] ? __pfx_ksys_read+0x10/0x10 [ 240.300316][ T8389] do_syscall_64+0xcd/0xfa0 [ 240.300347][ T8389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.300371][ T8389] RIP: 0033:0x7ffbe3d8e0dc [ 240.300390][ T8389] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 240.300412][ T8389] RSP: 002b:00007ffbe4cfe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 240.300435][ T8389] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8e0dc [ 240.300450][ T8389] RDX: 000000000000000f RSI: 00007ffbe4cfe0a0 RDI: 0000000000000004 [ 240.300465][ T8389] RBP: 00007ffbe4cfe090 R08: 0000000000000000 R09: 0000000000000000 [ 240.300479][ T8389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.300493][ T8389] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 240.300528][ T8389] [ 240.708124][ T8391] zswap: compressor 000 not available [ 240.934699][ T8398] netlink: 330 bytes leftover after parsing attributes in process `syz.3.597'. [ 241.948626][ T8420] FAULT_INJECTION: forcing a failure. [ 241.948626][ T8420] name failslab, interval 1, probability 0, space 0, times 0 [ 242.066580][ T8420] CPU: 0 UID: 0 PID: 8420 Comm: syz.3.603 Tainted: G I syzkaller #0 PREEMPT(full) [ 242.066619][ T8420] Tainted: [I]=FIRMWARE_WORKAROUND [ 242.066628][ T8420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 242.066641][ T8420] Call Trace: [ 242.066649][ T8420] [ 242.066659][ T8420] dump_stack_lvl+0x16c/0x1f0 [ 242.066693][ T8420] should_fail_ex+0x512/0x640 [ 242.066726][ T8420] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 242.066759][ T8420] should_failslab+0xc2/0x120 [ 242.066790][ T8420] __kvmalloc_node_noprof+0x141/0x9c0 [ 242.066817][ T8420] ? __pfx_aa_file_perm+0x10/0x10 [ 242.066847][ T8420] ? seq_read_iter+0x830/0x12d0 [ 242.066880][ T8420] ? __lock_acquire+0xb8a/0x1c90 [ 242.066917][ T8420] ? seq_read_iter+0x830/0x12d0 [ 242.066949][ T8420] seq_read_iter+0x830/0x12d0 [ 242.067000][ T8420] kernfs_fop_read_iter+0x46c/0x610 [ 242.067033][ T8420] ? rw_verify_area+0xcf/0x6c0 [ 242.067060][ T8420] vfs_read+0x8bf/0xcf0 [ 242.067091][ T8420] ? __pfx___mutex_lock+0x10/0x10 [ 242.067121][ T8420] ? __pfx_vfs_read+0x10/0x10 [ 242.067171][ T8420] ksys_read+0x12a/0x250 [ 242.067197][ T8420] ? __pfx_ksys_read+0x10/0x10 [ 242.067234][ T8420] do_syscall_64+0xcd/0xfa0 [ 242.067264][ T8420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.067289][ T8420] RIP: 0033:0x7ffbe3d8f6c9 [ 242.067309][ T8420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.067330][ T8420] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 242.067353][ T8420] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 242.067369][ T8420] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003 [ 242.067383][ T8420] RBP: 00007ffbe4cfe090 R08: 0000000000000000 R09: 0000000000000000 [ 242.067398][ T8420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.067412][ T8420] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 242.067448][ T8420] [ 243.381001][ T8441] FAULT_INJECTION: forcing a failure. [ 243.381001][ T8441] name fail_futex, interval 1, probability 0, space 0, times 0 [ 243.399516][ T8441] CPU: 0 UID: 0 PID: 8441 Comm: syz.0.608 Tainted: G I syzkaller #0 PREEMPT(full) [ 243.399550][ T8441] Tainted: [I]=FIRMWARE_WORKAROUND [ 243.399559][ T8441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 243.399571][ T8441] Call Trace: [ 243.399579][ T8441] [ 243.399588][ T8441] dump_stack_lvl+0x16c/0x1f0 [ 243.399621][ T8441] should_fail_ex+0x512/0x640 [ 243.399659][ T8441] get_futex_key+0x1d0/0x1560 [ 243.399694][ T8441] ? __pfx_get_futex_key+0x10/0x10 [ 243.399723][ T8441] ? __mutex_trylock_common+0xe9/0x250 [ 243.399764][ T8441] futex_wake+0xea/0x530 [ 243.399802][ T8441] ? __pfx_futex_wake+0x10/0x10 [ 243.399833][ T8441] ? __lock_acquire+0xb8a/0x1c90 [ 243.399879][ T8441] do_futex+0x1e3/0x350 [ 243.399920][ T8441] ? __pfx_do_futex+0x10/0x10 [ 243.399948][ T8441] ? __might_fault+0xe3/0x190 [ 243.399981][ T8441] mm_release+0x24e/0x300 [ 243.400008][ T8441] do_exit+0x68e/0x2bf0 [ 243.400048][ T8441] ? __pfx_do_exit+0x10/0x10 [ 243.400078][ T8441] ? do_raw_spin_lock+0x12c/0x2b0 [ 243.400110][ T8441] ? find_held_lock+0x2b/0x80 [ 243.400138][ T8441] do_group_exit+0xd3/0x2a0 [ 243.400172][ T8441] get_signal+0x2671/0x26d0 [ 243.400209][ T8441] ? __pfx_get_signal+0x10/0x10 [ 243.400234][ T8441] ? do_futex+0x122/0x350 [ 243.400264][ T8441] ? __pfx_do_futex+0x10/0x10 [ 243.400297][ T8441] arch_do_signal_or_restart+0x8f/0x790 [ 243.400328][ T8441] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 243.400368][ T8441] ? xfd_validate_state+0x61/0x180 [ 243.400397][ T8441] ? __pfx_do_writev+0x10/0x10 [ 243.400428][ T8441] exit_to_user_mode_loop+0x85/0x130 [ 243.400463][ T8441] do_syscall_64+0x426/0xfa0 [ 243.400492][ T8441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.400515][ T8441] RIP: 0033:0x7fb12338f6c9 [ 243.400534][ T8441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.400555][ T8441] RSP: 002b:00007fb12425d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 243.400577][ T8441] RAX: fffffffffffffe00 RBX: 00007fb1235e6098 RCX: 00007fb12338f6c9 [ 243.400591][ T8441] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb1235e6098 [ 243.400606][ T8441] RBP: 00007fb1235e6090 R08: 0000000000000000 R09: 0000000000000000 [ 243.400619][ T8441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.400632][ T8441] R13: 00007fb1235e6128 R14: 00007fff5f55c140 R15: 00007fff5f55c228 [ 243.400661][ T8441] [ 248.664222][ T8499] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'. [ 248.828545][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 248.836292][ T8470] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 248.869214][ T8470] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 248.904559][ T8470] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 248.921466][ T8470] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.020364][ T8505] FAULT_INJECTION: forcing a failure. [ 249.020364][ T8505] name failslab, interval 1, probability 0, space 0, times 0 [ 249.054770][ T8505] CPU: 1 UID: 0 PID: 8505 Comm: syz.2.623 Tainted: G I syzkaller #0 PREEMPT(full) [ 249.054808][ T8505] Tainted: [I]=FIRMWARE_WORKAROUND [ 249.054817][ T8505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 249.054830][ T8505] Call Trace: [ 249.054837][ T8505] [ 249.054847][ T8505] dump_stack_lvl+0x16c/0x1f0 [ 249.054879][ T8505] should_fail_ex+0x512/0x640 [ 249.054912][ T8505] ? fs_reclaim_acquire+0xae/0x150 [ 249.054946][ T8505] should_failslab+0xc2/0x120 [ 249.054977][ T8505] __kmalloc_noprof+0xdd/0x880 [ 249.055013][ T8505] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 249.055048][ T8505] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 249.055074][ T8505] tomoyo_realpath_from_path+0xc2/0x6e0 [ 249.055107][ T8505] ? tomoyo_profile+0x47/0x60 [ 249.055139][ T8505] tomoyo_path_number_perm+0x245/0x580 [ 249.055173][ T8505] ? tomoyo_path_number_perm+0x237/0x580 [ 249.055212][ T8505] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 249.055250][ T8505] ? find_held_lock+0x2b/0x80 [ 249.055306][ T8505] ? find_held_lock+0x2b/0x80 [ 249.055329][ T8505] ? hook_file_ioctl_common+0x145/0x410 [ 249.055363][ T8505] ? __fget_files+0x20e/0x3c0 [ 249.055393][ T8505] security_file_ioctl+0x9b/0x240 [ 249.055419][ T8505] __x64_sys_ioctl+0xb7/0x210 [ 249.055455][ T8505] do_syscall_64+0xcd/0xfa0 [ 249.055484][ T8505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.055506][ T8505] RIP: 0033:0x7f319898f6c9 [ 249.055525][ T8505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.055545][ T8505] RSP: 002b:00007f319980b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.055568][ T8505] RAX: ffffffffffffffda RBX: 00007f3198be5fa0 RCX: 00007f319898f6c9 [ 249.055583][ T8505] RDX: 0000000000000003 RSI: 000000008100451b RDI: 0000000000000003 [ 249.055597][ T8505] RBP: 00007f319980b090 R08: 0000000000000000 R09: 0000000000000000 [ 249.055611][ T8505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.055625][ T8505] R13: 00007f3198be6038 R14: 00007f3198be5fa0 R15: 00007ffd310c5ef8 [ 249.055667][ T8505] [ 249.319882][ T8505] ERROR: Out of memory at tomoyo_realpath_from_path. [ 250.904394][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 250.910517][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 250.984224][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 251.278856][ T8535] FAULT_INJECTION: forcing a failure. [ 251.278856][ T8535] name failslab, interval 1, probability 0, space 0, times 0 [ 251.292052][ T8535] CPU: 0 UID: 0 PID: 8535 Comm: syz.0.631 Tainted: G I syzkaller #0 PREEMPT(full) [ 251.292075][ T8535] Tainted: [I]=FIRMWARE_WORKAROUND [ 251.292080][ T8535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 251.292088][ T8535] Call Trace: [ 251.292094][ T8535] [ 251.292099][ T8535] dump_stack_lvl+0x16c/0x1f0 [ 251.292120][ T8535] should_fail_ex+0x512/0x640 [ 251.292141][ T8535] ? fs_reclaim_acquire+0xae/0x150 [ 251.292162][ T8535] should_failslab+0xc2/0x120 [ 251.292182][ T8535] __kmalloc_noprof+0xdd/0x880 [ 251.292203][ T8535] ? kfree+0x252/0x6d0 [ 251.292214][ T8535] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 251.292234][ T8535] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 251.292249][ T8535] tomoyo_realpath_from_path+0xc2/0x6e0 [ 251.292270][ T8535] tomoyo_check_open_permission+0x2ab/0x3c0 [ 251.292293][ T8535] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 251.292334][ T8535] ? do_raw_spin_lock+0x12c/0x2b0 [ 251.292360][ T8535] tomoyo_file_open+0x6b/0x90 [ 251.292379][ T8535] security_file_open+0x84/0x1e0 [ 251.292395][ T8535] do_dentry_open+0x596/0x1530 [ 251.292416][ T8535] vfs_open+0x82/0x3f0 [ 251.292438][ T8535] path_openat+0x1de4/0x2cb0 [ 251.292459][ T8535] ? __pfx_path_openat+0x10/0x10 [ 251.292475][ T8535] ? __lock_acquire+0xb8a/0x1c90 [ 251.292505][ T8535] do_filp_open+0x20b/0x470 [ 251.292521][ T8535] ? __pfx_do_filp_open+0x10/0x10 [ 251.292550][ T8535] ? alloc_fd+0x471/0x7d0 [ 251.292570][ T8535] do_sys_openat2+0x11b/0x1d0 [ 251.292590][ T8535] ? __pfx_do_sys_openat2+0x10/0x10 [ 251.292612][ T8535] ? find_held_lock+0x2b/0x80 [ 251.292630][ T8535] __x64_sys_openat+0x174/0x210 [ 251.292650][ T8535] ? __pfx___x64_sys_openat+0x10/0x10 [ 251.292678][ T8535] do_syscall_64+0xcd/0xfa0 [ 251.292697][ T8535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.292711][ T8535] RIP: 0033:0x7fb12338f6c9 [ 251.292722][ T8535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.292735][ T8535] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 251.292749][ T8535] RAX: ffffffffffffffda RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 251.292758][ T8535] RDX: 0000000000042000 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 251.292767][ T8535] RBP: 00007fb123411f91 R08: 0000000000000000 R09: 0000000000000000 [ 251.292776][ T8535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.292784][ T8535] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 251.292804][ T8535] [ 251.292810][ T8535] ERROR: Out of memory at tomoyo_realpath_from_path. [ 253.809684][ T8577] Invalid ELF header magic: != ELF [ 255.544792][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.551239][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.738783][ T8616] FAULT_INJECTION: forcing a failure. [ 255.738783][ T8616] name failslab, interval 1, probability 0, space 0, times 0 [ 255.769760][ T8616] CPU: 1 UID: 0 PID: 8616 Comm: syz.2.646 Tainted: G I syzkaller #0 PREEMPT(full) [ 255.769803][ T8616] Tainted: [I]=FIRMWARE_WORKAROUND [ 255.769808][ T8616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 255.769817][ T8616] Call Trace: [ 255.769822][ T8616] [ 255.769828][ T8616] dump_stack_lvl+0x16c/0x1f0 [ 255.769851][ T8616] should_fail_ex+0x512/0x640 [ 255.769872][ T8616] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 255.769891][ T8616] should_failslab+0xc2/0x120 [ 255.769910][ T8616] kmem_cache_alloc_node_noprof+0x78/0x770 [ 255.769925][ T8616] ? __alloc_skb+0x2b2/0x380 [ 255.769950][ T8616] ? __alloc_skb+0x2b2/0x380 [ 255.769970][ T8616] __alloc_skb+0x2b2/0x380 [ 255.769990][ T8616] ? __pfx___alloc_skb+0x10/0x10 [ 255.770014][ T8616] ? idr_get_next+0xec/0x150 [ 255.770028][ T8616] ? __pfx_idr_get_next+0x10/0x10 [ 255.770045][ T8616] ctrl_build_family_msg+0x36/0xa0 [ 255.770065][ T8616] ctrl_getfamily+0x354/0x540 [ 255.770088][ T8616] ? __pfx_ctrl_getfamily+0x10/0x10 [ 255.770107][ T8616] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 255.770126][ T8616] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 255.770149][ T8616] genl_family_rcv_msg_doit+0x209/0x2f0 [ 255.770168][ T8616] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 255.770186][ T8616] ? genl_get_cmd+0x194/0x580 [ 255.770208][ T8616] ? __radix_tree_lookup+0x21f/0x2c0 [ 255.770226][ T8616] genl_rcv_msg+0x55c/0x800 [ 255.770246][ T8616] ? __pfx_genl_rcv_msg+0x10/0x10 [ 255.770263][ T8616] ? __pfx_ctrl_getfamily+0x10/0x10 [ 255.770288][ T8616] netlink_rcv_skb+0x158/0x420 [ 255.770303][ T8616] ? __pfx_genl_rcv_msg+0x10/0x10 [ 255.770321][ T8616] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 255.770343][ T8616] ? netlink_deliver_tap+0x1ae/0xd30 [ 255.770360][ T8616] genl_rcv+0x28/0x40 [ 255.770374][ T8616] netlink_unicast+0x5aa/0x870 [ 255.770392][ T8616] ? __pfx_netlink_unicast+0x10/0x10 [ 255.770414][ T8616] netlink_sendmsg+0x8c8/0xdd0 [ 255.770432][ T8616] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.770449][ T8616] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 255.770473][ T8616] __sys_sendto+0x4a3/0x520 [ 255.770499][ T8616] ? __pfx___sys_sendto+0x10/0x10 [ 255.770525][ T8616] ? find_held_lock+0x2b/0x80 [ 255.770550][ T8616] ? xfd_validate_state+0x61/0x180 [ 255.770572][ T8616] __x64_sys_sendto+0xe0/0x1c0 [ 255.770592][ T8616] ? do_syscall_64+0x91/0xfa0 [ 255.770608][ T8616] ? lockdep_hardirqs_on+0x7c/0x110 [ 255.770624][ T8616] do_syscall_64+0xcd/0xfa0 [ 255.770642][ T8616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.770656][ T8616] RIP: 0033:0x7f319899155c [ 255.770668][ T8616] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 255.770682][ T8616] RSP: 002b:00007f3199809ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 255.770695][ T8616] RAX: ffffffffffffffda RBX: 00007f3199809fc0 RCX: 00007f319899155c [ 255.770704][ T8616] RDX: 0000000000000024 RSI: 00007f319980a010 RDI: 000000000000000a [ 255.770713][ T8616] RBP: 0000000000000000 R08: 00007f3199809f14 R09: 000000000000000c [ 255.770721][ T8616] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000a [ 255.770729][ T8616] R13: 00007f3199809f68 R14: 00007f319980a010 R15: 0000000000000000 [ 255.770749][ T8616] [ 256.706144][ T8628] FAULT_INJECTION: forcing a failure. [ 256.706144][ T8628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 256.727363][ T8626] FAULT_INJECTION: forcing a failure. [ 256.727363][ T8626] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 256.757479][ T8626] CPU: 0 UID: 0 PID: 8626 Comm: syz.0.648 Tainted: G I syzkaller #0 PREEMPT(full) [ 256.757520][ T8626] Tainted: [I]=FIRMWARE_WORKAROUND [ 256.757530][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 256.757544][ T8626] Call Trace: [ 256.757553][ T8626] [ 256.757563][ T8626] dump_stack_lvl+0x16c/0x1f0 [ 256.757600][ T8626] should_fail_ex+0x512/0x640 [ 256.757656][ T8626] should_fail_alloc_page+0xe7/0x130 [ 256.757694][ T8626] prepare_alloc_pages+0x3c2/0x610 [ 256.757732][ T8626] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 256.757761][ T8626] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 256.757798][ T8626] ? __lock_acquire+0x622/0x1c90 [ 256.757833][ T8626] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 256.757874][ T8626] ? __lock_acquire+0x622/0x1c90 [ 256.757912][ T8626] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 256.757953][ T8626] ? policy_nodemask+0xea/0x4e0 [ 256.757994][ T8626] alloc_pages_mpol+0x1fb/0x550 [ 256.758028][ T8626] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 256.758063][ T8626] ? blk_cgroup_congested+0x140/0x270 [ 256.758095][ T8626] alloc_pages_noprof+0x131/0x390 [ 256.758128][ T8626] pte_alloc_one+0x1e/0x350 [ 256.758155][ T8626] do_huge_pmd_anonymous_page+0x2bb/0x1f50 [ 256.758184][ T8626] ? find_held_lock+0x2b/0x80 [ 256.758210][ T8626] __handle_mm_fault+0x1cff/0x2aa0 [ 256.758258][ T8626] ? __pfx___handle_mm_fault+0x10/0x10 [ 256.758325][ T8626] handle_mm_fault+0x589/0xd10 [ 256.758369][ T8626] __get_user_pages+0x54e/0x3530 [ 256.758415][ T8626] ? __pfx___get_user_pages+0x10/0x10 [ 256.758456][ T8626] populate_vma_page_range+0x267/0x3f0 [ 256.758494][ T8626] ? __pfx_populate_vma_page_range+0x10/0x10 [ 256.758528][ T8626] ? __pfx_find_vma_intersection+0x10/0x10 [ 256.758562][ T8626] ? do_mmap+0x69c/0x1210 [ 256.758597][ T8626] __mm_populate+0x1d8/0x380 [ 256.758633][ T8626] ? __pfx___mm_populate+0x10/0x10 [ 256.758669][ T8626] ? up_write+0x1b2/0x520 [ 256.758708][ T8626] vm_mmap_pgoff+0x37f/0x470 [ 256.758743][ T8626] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 256.758771][ T8626] ? find_held_lock+0x2b/0x80 [ 256.758804][ T8626] ? __x64_sys_futex+0x1e0/0x4c0 [ 256.758835][ T8626] ? __x64_sys_futex+0x1e9/0x4c0 [ 256.758871][ T8626] ksys_mmap_pgoff+0x7d/0x5c0 [ 256.758901][ T8626] ? xfd_validate_state+0x61/0x180 [ 256.758939][ T8626] __x64_sys_mmap+0x125/0x190 [ 256.758977][ T8626] do_syscall_64+0xcd/0xfa0 [ 256.759017][ T8626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.759043][ T8626] RIP: 0033:0x7fb12338f6c9 [ 256.759063][ T8626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.759086][ T8626] RSP: 002b:00007fb12425d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 256.759110][ T8626] RAX: ffffffffffffffda RBX: 00007fb1235e6090 RCX: 00007fb12338f6c9 [ 256.759126][ T8626] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 256.759141][ T8626] RBP: 00007fb123411f91 R08: ffffffffffffffff R09: 0000000000000000 [ 256.759156][ T8626] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 256.759171][ T8626] R13: 00007fb1235e6128 R14: 00007fb1235e6090 R15: 00007fff5f55c228 [ 256.759207][ T8626] [ 256.847193][ T8628] CPU: 1 UID: 0 PID: 8628 Comm: syz.1.650 Tainted: G I syzkaller #0 PREEMPT(full) [ 256.847230][ T8628] Tainted: [I]=FIRMWARE_WORKAROUND [ 256.847239][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 256.847252][ T8628] Call Trace: [ 256.847260][ T8628] [ 256.847268][ T8628] dump_stack_lvl+0x16c/0x1f0 [ 256.847301][ T8628] should_fail_ex+0x512/0x640 [ 256.847340][ T8628] _copy_from_user+0x2e/0xd0 [ 256.847376][ T8628] copy_msghdr_from_user+0x98/0x160 [ 256.847402][ T8628] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 256.847440][ T8628] ___sys_sendmsg+0xfe/0x1d0 [ 256.847465][ T8628] ? __pfx____sys_sendmsg+0x10/0x10 [ 256.847486][ T8628] ? __lock_acquire+0x622/0x1c90 [ 256.847558][ T8628] __sys_sendmsg+0x16d/0x220 [ 256.847582][ T8628] ? __pfx___sys_sendmsg+0x10/0x10 [ 256.847627][ T8628] do_syscall_64+0xcd/0xfa0 [ 256.847656][ T8628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.847680][ T8628] RIP: 0033:0x7f642b58f6c9 [ 256.847699][ T8628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.847721][ T8628] RSP: 002b:00007f642c4fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 256.847749][ T8628] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58f6c9 [ 256.847764][ T8628] RDX: 0000000000008044 RSI: 0000200000000100 RDI: 0000000000000003 [ 256.847779][ T8628] RBP: 00007f642c4fa090 R08: 0000000000000000 R09: 0000000000000000 [ 256.847794][ T8628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.847807][ T8628] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 256.847841][ T8628] [ 261.913241][ T8724] : Can't lookup blockdev [ 263.738426][ T8756] netlink: 330 bytes leftover after parsing attributes in process `syz.3.683'. [ 265.427722][ T8791] netlink: 'syz.3.691': attribute type 1 has an invalid length. [ 266.495560][ T8812] netlink: 330 bytes leftover after parsing attributes in process `syz.2.695'. [ 268.824861][ T8840] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 269.190269][ T8841] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 269.554124][ T8845] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 269.624784][ T8845] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 269.714056][ T8845] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 269.747346][ T8845] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 270.553019][ T8861] __vm_enough_memory: pid: 8861, comm: syz.1.706, bytes: 4398046511104 not enough memory for the allocation [ 271.061655][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 271.102579][ T8876] CIFS: VFS: Invalid SecurityFlags: 0 [ 271.102579][ T8876] [ 271.199690][ T8879] CIFS: VFS: Invalid SecurityFlags: [ 271.699544][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 271.779430][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 271.785497][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 272.470522][ T8895] block nbd9: NBD_DISCONNECT [ 276.513480][ T8974] random: crng reseeded on system resumption [ 277.921964][ T9002] zswap: compressor not available [ 278.288606][ T9014] netlink: 504 bytes leftover after parsing attributes in process `syz.1.745'. [ 281.196226][ T9050] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 283.019376][ T9081] zswap: compressor not available [ 283.877369][ T9113] netlink: 'syz.0.770': attribute type 12 has an invalid length. [ 285.069199][ T9135] usb usb36: usbfs: process 9135 (syz.0.777) did not claim interface 0 before use [ 285.529077][ T9150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'. [ 285.755274][ T9126] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 285.764963][ T9126] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 285.775783][ T9126] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 285.809622][ T9126] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 286.739431][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout [ 287.355001][ T9185] FAULT_INJECTION: forcing a failure. [ 287.355001][ T9185] name failslab, interval 1, probability 0, space 0, times 0 [ 287.420633][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.0.794 Tainted: G I syzkaller #0 PREEMPT(full) [ 287.420671][ T9185] Tainted: [I]=FIRMWARE_WORKAROUND [ 287.420680][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 287.420693][ T9185] Call Trace: [ 287.420700][ T9185] [ 287.420709][ T9185] dump_stack_lvl+0x16c/0x1f0 [ 287.420742][ T9185] should_fail_ex+0x512/0x640 [ 287.420774][ T9185] ? fs_reclaim_acquire+0xae/0x150 [ 287.420810][ T9185] should_failslab+0xc2/0x120 [ 287.420840][ T9185] __kmalloc_noprof+0xdd/0x880 [ 287.420875][ T9185] ? tomoyo_encode2+0x100/0x3e0 [ 287.420908][ T9185] ? tomoyo_encode2+0x100/0x3e0 [ 287.420932][ T9185] tomoyo_encode2+0x100/0x3e0 [ 287.420960][ T9185] tomoyo_encode+0x29/0x50 [ 287.420984][ T9185] tomoyo_realpath_from_path+0x18f/0x6e0 [ 287.421021][ T9185] tomoyo_path_number_perm+0x245/0x580 [ 287.421055][ T9185] ? tomoyo_path_number_perm+0x237/0x580 [ 287.421102][ T9185] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 287.421139][ T9185] ? find_held_lock+0x2b/0x80 [ 287.421194][ T9185] ? __pfx___might_resched+0x10/0x10 [ 287.421219][ T9185] ? hook_file_ioctl_common+0x145/0x410 [ 287.421260][ T9185] security_file_ioctl+0x9b/0x240 [ 287.421287][ T9185] __x64_sys_ioctl+0xb7/0x210 [ 287.421323][ T9185] do_syscall_64+0xcd/0xfa0 [ 287.421353][ T9185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.421377][ T9185] RIP: 0033:0x7fb12338f6c9 [ 287.421396][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.421418][ T9185] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.421442][ T9185] RAX: ffffffffffffffda RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 287.421458][ T9185] RDX: 0000000000000000 RSI: 00000000c0585611 RDI: 0000000000000000 [ 287.421472][ T9185] RBP: 00007fb12427e090 R08: 0000000000000000 R09: 0000000000000000 [ 287.421486][ T9185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.421500][ T9185] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 287.421536][ T9185] [ 287.421558][ T9185] ERROR: Out of memory at tomoyo_realpath_from_path. [ 287.789400][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 287.795449][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 287.869331][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 290.172772][ T9186] kexec: Could not allocate control_code_buffer [ 290.401915][ T9225] netlink: 330 bytes leftover after parsing attributes in process `syz.2.805'. [ 293.368484][ T9278] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 294.538300][ T9290] zswap: compressor 000 not available [ 295.306498][ T9313] __vm_enough_memory: pid: 9313, comm: syz.0.823, bytes: 4398046511104 not enough memory for the allocation [ 295.700580][ T9320] netlink: 330 bytes leftover after parsing attributes in process `syz.2.825'. [ 297.081528][ T9345] netlink: 330 bytes leftover after parsing attributes in process `syz.0.830'. [ 297.843454][ T9365] __vm_enough_memory: pid: 9365, comm: syz.0.834, bytes: 4398046511104 not enough memory for the allocation [ 299.233683][ T9390] netlink: 330 bytes leftover after parsing attributes in process `syz.3.840'. [ 299.785287][ T9399] FAULT_INJECTION: forcing a failure. [ 299.785287][ T9399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.915956][ T9399] CPU: 1 UID: 0 PID: 9399 Comm: syz.1.843 Tainted: G I syzkaller #0 PREEMPT(full) [ 299.916001][ T9399] Tainted: [I]=FIRMWARE_WORKAROUND [ 299.916010][ T9399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 299.916023][ T9399] Call Trace: [ 299.916031][ T9399] [ 299.916040][ T9399] dump_stack_lvl+0x16c/0x1f0 [ 299.916073][ T9399] should_fail_ex+0x512/0x640 [ 299.916113][ T9399] _copy_to_user+0x32/0xd0 [ 299.916151][ T9399] simple_read_from_buffer+0xcb/0x170 [ 299.916192][ T9399] proc_fail_nth_read+0x197/0x240 [ 299.916220][ T9399] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 299.916247][ T9399] ? rw_verify_area+0xcf/0x6c0 [ 299.916267][ T9399] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 299.916293][ T9399] vfs_read+0x1e4/0xcf0 [ 299.916323][ T9399] ? __pfx___mutex_lock+0x10/0x10 [ 299.916352][ T9399] ? __pfx_vfs_read+0x10/0x10 [ 299.916387][ T9399] ? __fget_files+0x20e/0x3c0 [ 299.916422][ T9399] ksys_read+0x12a/0x250 [ 299.916446][ T9399] ? __pfx_ksys_read+0x10/0x10 [ 299.916482][ T9399] do_syscall_64+0xcd/0xfa0 [ 299.916513][ T9399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.916537][ T9399] RIP: 0033:0x7f642b58e0dc [ 299.916556][ T9399] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 299.916577][ T9399] RSP: 002b:00007f642c4fa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 299.916600][ T9399] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58e0dc [ 299.916616][ T9399] RDX: 000000000000000f RSI: 00007f642c4fa0a0 RDI: 0000000000000004 [ 299.916630][ T9399] RBP: 00007f642c4fa090 R08: 0000000000000000 R09: 0000000000000000 [ 299.916644][ T9399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.916657][ T9399] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 299.916692][ T9399] [ 300.148710][ T9405] random: crng reseeded on system resumption [ 300.349673][ T9407] __vm_enough_memory: pid: 9407, comm: syz.0.846, bytes: 4398046511104 not enough memory for the allocation [ 301.743201][ T9438] netlink: 330 bytes leftover after parsing attributes in process `syz.1.854'. [ 303.065678][ T9463] FAULT_INJECTION: forcing a failure. [ 303.065678][ T9463] name failslab, interval 1, probability 0, space 0, times 0 [ 303.099443][ T9463] CPU: 1 UID: 0 PID: 9463 Comm: syz.3.859 Tainted: G I syzkaller #0 PREEMPT(full) [ 303.099482][ T9463] Tainted: [I]=FIRMWARE_WORKAROUND [ 303.099493][ T9463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 303.099507][ T9463] Call Trace: [ 303.099516][ T9463] [ 303.099526][ T9463] dump_stack_lvl+0x16c/0x1f0 [ 303.099562][ T9463] should_fail_ex+0x512/0x640 [ 303.099598][ T9463] ? __kmalloc_cache_noprof+0x5f/0x780 [ 303.099626][ T9463] should_failslab+0xc2/0x120 [ 303.099658][ T9463] __kmalloc_cache_noprof+0x72/0x780 [ 303.099684][ T9463] ? resv_map_alloc+0x7e/0x400 [ 303.099735][ T9463] ? resv_map_alloc+0x7e/0x400 [ 303.099768][ T9463] resv_map_alloc+0x7e/0x400 [ 303.099803][ T9463] hugetlbfs_get_inode+0x33f/0x730 [ 303.099837][ T9463] hugetlb_file_setup+0x15b/0x620 [ 303.099868][ T9463] ksys_mmap_pgoff+0x189/0x5c0 [ 303.099903][ T9463] __x64_sys_mmap+0x125/0x190 [ 303.099941][ T9463] do_syscall_64+0xcd/0xfa0 [ 303.099973][ T9463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.099999][ T9463] RIP: 0033:0x7ffbe3d8f6c9 [ 303.100020][ T9463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.100043][ T9463] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 303.100067][ T9463] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 303.100084][ T9463] RDX: 0000000000000002 RSI: 0000000000000005 RDI: 0000000000000000 [ 303.100098][ T9463] RBP: 00007ffbe3e11f91 R08: 0000000000000401 R09: 0000300000000000 [ 303.100114][ T9463] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 303.100129][ T9463] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 303.100166][ T9463] [ 304.276474][ T9475] FAULT_INJECTION: forcing a failure. [ 304.276474][ T9475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.304241][ T9475] CPU: 0 UID: 0 PID: 9475 Comm: syz.1.862 Tainted: G I syzkaller #0 PREEMPT(full) [ 304.304277][ T9475] Tainted: [I]=FIRMWARE_WORKAROUND [ 304.304286][ T9475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.304299][ T9475] Call Trace: [ 304.304307][ T9475] [ 304.304316][ T9475] dump_stack_lvl+0x16c/0x1f0 [ 304.304348][ T9475] should_fail_ex+0x512/0x640 [ 304.304386][ T9475] _copy_to_iter+0x29f/0x1710 [ 304.304411][ T9475] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 304.304445][ T9475] ? __pfx__copy_to_iter+0x10/0x10 [ 304.304467][ T9475] ? kernfs_seq_stop+0xcd/0x120 [ 304.304495][ T9475] ? kernfs_put_active+0x86/0xe0 [ 304.304531][ T9475] seq_read_iter+0xd02/0x12d0 [ 304.304581][ T9475] kernfs_fop_read_iter+0x46c/0x610 [ 304.304605][ T9475] ? rw_verify_area+0xcf/0x6c0 [ 304.304630][ T9475] vfs_read+0x8bf/0xcf0 [ 304.304659][ T9475] ? __pfx___mutex_lock+0x10/0x10 [ 304.304688][ T9475] ? __pfx_vfs_read+0x10/0x10 [ 304.304737][ T9475] ksys_read+0x12a/0x250 [ 304.304762][ T9475] ? __pfx_ksys_read+0x10/0x10 [ 304.304798][ T9475] do_syscall_64+0xcd/0xfa0 [ 304.304829][ T9475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.304861][ T9475] RIP: 0033:0x7f642b58f6c9 [ 304.304881][ T9475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.304901][ T9475] RSP: 002b:00007f642c4fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 304.304924][ T9475] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58f6c9 [ 304.304940][ T9475] RDX: 0000000000000055 RSI: 0000200000000200 RDI: 0000000000000003 [ 304.304953][ T9475] RBP: 00007f642c4fa090 R08: 0000000000000000 R09: 0000000000000000 [ 304.304967][ T9475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.304981][ T9475] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 304.305016][ T9475] [ 304.622747][ T9481] queue_state_write: operation too long [ 304.704493][ T9481] queue_state_write: use 'run', 'start' or 'kick' [ 305.072619][ T9487] netlink: 330 bytes leftover after parsing attributes in process `syz.1.866'. [ 306.346491][ T9509] random: crng reseeded on system resumption [ 307.283518][ T9528] FAULT_INJECTION: forcing a failure. [ 307.283518][ T9528] name failslab, interval 1, probability 0, space 0, times 0 [ 307.368372][ T9528] CPU: 0 UID: 0 PID: 9528 Comm: syz.0.875 Tainted: G I syzkaller #0 PREEMPT(full) [ 307.368410][ T9528] Tainted: [I]=FIRMWARE_WORKAROUND [ 307.368418][ T9528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 307.368431][ T9528] Call Trace: [ 307.368439][ T9528] [ 307.368449][ T9528] dump_stack_lvl+0x16c/0x1f0 [ 307.368482][ T9528] should_fail_ex+0x512/0x640 [ 307.368516][ T9528] ? fs_reclaim_acquire+0xae/0x150 [ 307.368549][ T9528] should_failslab+0xc2/0x120 [ 307.368580][ T9528] __kmalloc_noprof+0xdd/0x880 [ 307.368616][ T9528] ? tomoyo_encode2+0x100/0x3e0 [ 307.368648][ T9528] ? tomoyo_encode2+0x100/0x3e0 [ 307.368673][ T9528] tomoyo_encode2+0x100/0x3e0 [ 307.368703][ T9528] tomoyo_encode+0x29/0x50 [ 307.368728][ T9528] tomoyo_realpath_from_path+0x18f/0x6e0 [ 307.368765][ T9528] tomoyo_path_number_perm+0x245/0x580 [ 307.368801][ T9528] ? tomoyo_path_number_perm+0x237/0x580 [ 307.368840][ T9528] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 307.368877][ T9528] ? find_held_lock+0x2b/0x80 [ 307.368932][ T9528] ? find_held_lock+0x2b/0x80 [ 307.368956][ T9528] ? hook_file_ioctl_common+0x145/0x410 [ 307.368988][ T9528] ? __fget_files+0x20e/0x3c0 [ 307.369018][ T9528] security_file_ioctl+0x9b/0x240 [ 307.369045][ T9528] __x64_sys_ioctl+0xb7/0x210 [ 307.369081][ T9528] do_syscall_64+0xcd/0xfa0 [ 307.369112][ T9528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.369137][ T9528] RIP: 0033:0x7fb12338f6c9 [ 307.369156][ T9528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.369178][ T9528] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.369201][ T9528] RAX: ffffffffffffffda RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 307.369221][ T9528] RDX: 0000000000000003 RSI: 000000008100451b RDI: 0000000000000003 [ 307.369234][ T9528] RBP: 00007fb12427e090 R08: 0000000000000000 R09: 0000000000000000 [ 307.369248][ T9528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.369262][ T9528] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 307.369296][ T9528] [ 307.879999][ T9528] ERROR: Out of memory at tomoyo_realpath_from_path. [ 307.934046][ T9532] netlink: 330 bytes leftover after parsing attributes in process `syz.3.877'. [ 307.945893][ T9533] random: crng reseeded on system resumption [ 310.006975][ T9558] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 310.014434][ T9558] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 310.020934][ T9558] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 310.037119][ T9558] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 310.716490][ T9581] netlink: 330 bytes leftover after parsing attributes in process `syz.3.889'. [ 311.026666][ T9585] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 311.328318][ T9586] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 311.939495][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 312.099635][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 312.105999][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 312.112518][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 312.618977][ T9615] netlink: 330 bytes leftover after parsing attributes in process `syz.3.899'. [ 312.683020][ T9617] ubi0: attaching mtd0 [ 312.699823][ T9617] ubi0: scanning is finished [ 312.704731][ T9617] ubi0 warning: ubi_read_volume_table: volume table copy #1 is corrupted [ 312.733407][ T9617] ubi0: volume table was restored [ 313.087367][ T9617] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 313.232517][ T9617] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 313.279687][ T9617] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 313.398388][ T9617] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 313.425524][ T9617] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 313.498488][ T9617] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 313.525835][ T9617] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 835015301 [ 313.567007][ T9617] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 313.579476][ T9627] ubi0: background thread "ubi_bgt0d" started, PID 9627 [ 315.765010][ T9660] netlink: 330 bytes leftover after parsing attributes in process `syz.0.908'. [ 315.841127][ T9666] FAULT_INJECTION: forcing a failure. [ 315.841127][ T9666] name failslab, interval 1, probability 0, space 0, times 0 [ 315.841173][ T9664] FAULT_INJECTION: forcing a failure. [ 315.841173][ T9664] name failslab, interval 1, probability 0, space 0, times 0 [ 315.867469][ T9664] CPU: 1 UID: 0 PID: 9664 Comm: syz.3.910 Tainted: G I syzkaller #0 PREEMPT(full) [ 315.867506][ T9664] Tainted: [I]=FIRMWARE_WORKAROUND [ 315.867515][ T9664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.867528][ T9664] Call Trace: [ 315.867536][ T9664] [ 315.867545][ T9664] dump_stack_lvl+0x16c/0x1f0 [ 315.867579][ T9664] should_fail_ex+0x512/0x640 [ 315.867612][ T9664] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 315.867643][ T9664] should_failslab+0xc2/0x120 [ 315.867674][ T9664] kmem_cache_alloc_node_noprof+0x78/0x770 [ 315.867700][ T9664] ? __alloc_skb+0x2b2/0x380 [ 315.867740][ T9664] ? __alloc_skb+0x2b2/0x380 [ 315.867772][ T9664] ? __pfx_netlink_insert+0x10/0x10 [ 315.867795][ T9664] __alloc_skb+0x2b2/0x380 [ 315.867829][ T9664] ? __pfx___alloc_skb+0x10/0x10 [ 315.867871][ T9664] ? netlink_autobind.isra.0+0x158/0x370 [ 315.867906][ T9664] netlink_alloc_large_skb+0x69/0x140 [ 315.867934][ T9664] netlink_sendmsg+0x698/0xdd0 [ 315.867966][ T9664] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.867997][ T9664] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 315.868037][ T9664] ____sys_sendmsg+0xa98/0xc70 [ 315.868067][ T9664] ? copy_msghdr_from_user+0x10a/0x160 [ 315.868091][ T9664] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.868136][ T9664] ___sys_sendmsg+0x134/0x1d0 [ 315.868163][ T9664] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.868185][ T9664] ? __lock_acquire+0x622/0x1c90 [ 315.868257][ T9664] __sys_sendmsg+0x16d/0x220 [ 315.868283][ T9664] ? __pfx___sys_sendmsg+0x10/0x10 [ 315.868329][ T9664] do_syscall_64+0xcd/0xfa0 [ 315.868360][ T9664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.868384][ T9664] RIP: 0033:0x7ffbe3d8f6c9 [ 315.868404][ T9664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.868426][ T9664] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.868449][ T9664] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 315.868466][ T9664] RDX: 0000000000008044 RSI: 0000200000000100 RDI: 0000000000000003 [ 315.868481][ T9664] RBP: 00007ffbe4cfe090 R08: 0000000000000000 R09: 0000000000000000 [ 315.868496][ T9664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.868510][ T9664] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 315.868544][ T9664] [ 315.889297][ T9666] CPU: 0 UID: 0 PID: 9666 Comm: syz.1.909 Tainted: G I syzkaller #0 PREEMPT(full) [ 315.889335][ T9666] Tainted: [I]=FIRMWARE_WORKAROUND [ 315.889344][ T9666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.889357][ T9666] Call Trace: [ 315.889365][ T9666] [ 315.889374][ T9666] dump_stack_lvl+0x16c/0x1f0 [ 315.889407][ T9666] should_fail_ex+0x512/0x640 [ 315.889441][ T9666] ? fs_reclaim_acquire+0xae/0x150 [ 315.889475][ T9666] should_failslab+0xc2/0x120 [ 315.889505][ T9666] __kmalloc_noprof+0xdd/0x880 [ 315.889541][ T9666] ? tomoyo_encode2+0x100/0x3e0 [ 315.889574][ T9666] ? tomoyo_encode2+0x100/0x3e0 [ 315.889608][ T9666] tomoyo_encode2+0x100/0x3e0 [ 315.889638][ T9666] tomoyo_encode+0x29/0x50 [ 315.889662][ T9666] tomoyo_realpath_from_path+0x18f/0x6e0 [ 315.889699][ T9666] tomoyo_path_number_perm+0x245/0x580 [ 315.889733][ T9666] ? tomoyo_path_number_perm+0x237/0x580 [ 315.889771][ T9666] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 315.889809][ T9666] ? find_held_lock+0x2b/0x80 [ 315.889861][ T9666] ? find_held_lock+0x2b/0x80 [ 315.889884][ T9666] ? hook_file_ioctl_common+0x145/0x410 [ 315.889916][ T9666] ? __fget_files+0x20e/0x3c0 [ 315.889945][ T9666] security_file_ioctl+0x9b/0x240 [ 315.889970][ T9666] __x64_sys_ioctl+0xb7/0x210 [ 315.890006][ T9666] do_syscall_64+0xcd/0xfa0 [ 315.890036][ T9666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.890059][ T9666] RIP: 0033:0x7f642b58f6c9 [ 315.890078][ T9666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.890100][ T9666] RSP: 002b:00007f642c4d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.890123][ T9666] RAX: ffffffffffffffda RBX: 00007f642b7e6090 RCX: 00007f642b58f6c9 [ 315.890139][ T9666] RDX: 0000000000000000 RSI: 000000000000541c RDI: 0000000000000001 [ 315.890153][ T9666] RBP: 00007f642c4d9090 R08: 0000000000000000 R09: 0000000000000000 [ 315.890167][ T9666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.890180][ T9666] R13: 00007f642b7e6128 R14: 00007f642b7e6090 R15: 00007fff8379f128 [ 315.890214][ T9666] [ 315.890853][ T9666] ERROR: Out of memory at tomoyo_realpath_from_path. [ 316.985611][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.991994][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.783400][ T9703] netlink: 330 bytes leftover after parsing attributes in process `syz.2.921'. [ 317.822263][ T9702] netlink: 330 bytes leftover after parsing attributes in process `syz.0.920'. [ 319.467083][ T9743] FAULT_INJECTION: forcing a failure. [ 319.467083][ T9743] name failslab, interval 1, probability 0, space 0, times 0 [ 319.587373][ T9743] CPU: 1 UID: 0 PID: 9743 Comm: syz.2.930 Tainted: G I syzkaller #0 PREEMPT(full) [ 319.587413][ T9743] Tainted: [I]=FIRMWARE_WORKAROUND [ 319.587423][ T9743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 319.587439][ T9743] Call Trace: [ 319.587448][ T9743] [ 319.587457][ T9743] dump_stack_lvl+0x16c/0x1f0 [ 319.587493][ T9743] should_fail_ex+0x512/0x640 [ 319.587535][ T9743] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 319.587567][ T9743] should_failslab+0xc2/0x120 [ 319.587600][ T9743] kmem_cache_alloc_noprof+0x75/0x6e0 [ 319.587624][ T9743] ? anon_vma_clone+0x405/0x5c0 [ 319.587660][ T9743] ? anon_vma_fork+0xe6/0x620 [ 319.587702][ T9743] ? anon_vma_fork+0xe6/0x620 [ 319.587736][ T9743] anon_vma_fork+0xe6/0x620 [ 319.587769][ T9743] ? vm_area_dup+0x5a1/0x8d0 [ 319.587796][ T9743] dup_mmap+0x151f/0x2280 [ 319.587843][ T9743] ? __pfx_dup_mmap+0x10/0x10 [ 319.587901][ T9743] copy_process+0x3f0c/0x76a0 [ 319.587930][ T9743] ? __pfx___futex_wait+0x10/0x10 [ 319.587949][ T9743] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 319.587991][ T9743] ? __pfx_copy_process+0x10/0x10 [ 319.588021][ T9743] ? find_held_lock+0x2b/0x80 [ 319.588053][ T9743] ? futex_private_hash_put+0xd5/0x190 [ 319.588091][ T9743] kernel_clone+0xfc/0x930 [ 319.588124][ T9743] ? __pfx_kernel_clone+0x10/0x10 [ 319.588174][ T9743] __do_sys_clone+0xce/0x120 [ 319.588203][ T9743] ? __pfx___do_sys_clone+0x10/0x10 [ 319.588234][ T9743] ? __sys_sendmsg+0x18c/0x220 [ 319.588274][ T9743] ? xfd_validate_state+0x61/0x180 [ 319.588322][ T9743] do_syscall_64+0xcd/0xfa0 [ 319.588353][ T9743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.588378][ T9743] RIP: 0033:0x7f319898f6c9 [ 319.588399][ T9743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.588424][ T9743] RSP: 002b:00007f3199786fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 319.588448][ T9743] RAX: ffffffffffffffda RBX: 00007f3198be6360 RCX: 00007f319898f6c9 [ 319.588465][ T9743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 319.588480][ T9743] RBP: 00007f3198a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 319.588495][ T9743] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 319.588510][ T9743] R13: 00007f3198be63f8 R14: 00007f3198be6360 R15: 00007ffd310c5ef8 [ 319.588556][ T9743] [ 319.861292][ T9736] zswap: compressor 000 not available [ 320.088245][ T9755] netlink: 330 bytes leftover after parsing attributes in process `syz.3.932'. [ 320.330292][ T9759] netlink: 330 bytes leftover after parsing attributes in process `syz.1.933'. [ 320.564275][ T9766] random: crng reseeded on system resumption [ 321.390042][ T9774] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 321.959715][ T9807] __vm_enough_memory: pid: 9807, comm: syz.1.942, bytes: 4398046511104 not enough memory for the allocation [ 322.051932][ T9809] netlink: 330 bytes leftover after parsing attributes in process `syz.0.943'. [ 322.281911][ T9815] netlink: 330 bytes leftover after parsing attributes in process `syz.1.944'. [ 322.393559][ T9817] : Can't lookup blockdev [ 323.563658][ T9834] : Can't lookup blockdev [ 323.952955][ T9838] block nbd9: NBD_DISCONNECT [ 324.095608][ T9842] __vm_enough_memory: pid: 9842, comm: syz.1.952, bytes: 4398046511104 not enough memory for the allocation [ 324.765960][ T9846] netlink: 330 bytes leftover after parsing attributes in process `syz.1.954'. [ 325.110747][ T9851] netlink: 330 bytes leftover after parsing attributes in process `syz.3.955'. [ 326.198417][ T9860] random: crng reseeded on system resumption [ 328.330658][ T9886] netlink: 334 bytes leftover after parsing attributes in process `syz.3.963'. [ 329.303375][ T9896] netlink: 330 bytes leftover after parsing attributes in process `syz.3.966'. [ 329.353370][ T9898] random: crng reseeded on system resumption [ 329.407289][ T9901] random: crng reseeded on system resumption [ 330.872136][ T9939] random: crng reseeded on system resumption [ 330.890304][ T9936] netlink: 330 bytes leftover after parsing attributes in process `syz.2.979'. [ 332.358377][ T9971] random: crng reseeded on system resumption [ 332.818646][ T9983] netlink: 330 bytes leftover after parsing attributes in process `syz.0.993'. [ 334.714572][T10023] random: crng reseeded on system resumption [ 334.755396][T10025] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1001'. [ 334.971152][T10031] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1003'. [ 335.509197][T10044] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1006'. [ 336.528986][T10057] random: crng reseeded on system resumption [ 337.361542][T10070] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1014'. [ 337.806341][T10073] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1015'. [ 338.771304][T10077] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1016'. [ 339.225170][T10082] FAULT_INJECTION: forcing a failure. [ 339.225170][T10082] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.299736][T10082] CPU: 0 UID: 0 PID: 10082 Comm: syz.0.1018 Tainted: G I syzkaller #0 PREEMPT(full) [ 339.299773][T10082] Tainted: [I]=FIRMWARE_WORKAROUND [ 339.299782][T10082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 339.299803][T10082] Call Trace: [ 339.299812][T10082] [ 339.299821][T10082] dump_stack_lvl+0x16c/0x1f0 [ 339.299856][T10082] should_fail_ex+0x512/0x640 [ 339.299897][T10082] _copy_to_iter+0x463/0x1710 [ 339.299930][T10082] ? __pfx__copy_to_iter+0x10/0x10 [ 339.299958][T10082] ? traverse.part.0.constprop.0+0x2c5/0x650 [ 339.300007][T10082] seq_read_iter+0x71e/0x12d0 [ 339.300058][T10082] seq_read+0x3a3/0x570 [ 339.300093][T10082] ? __pfx_seq_read+0x10/0x10 [ 339.300136][T10082] ? get_pid_task+0xfc/0x250 [ 339.300182][T10082] ? __pfx_seq_read+0x10/0x10 [ 339.300216][T10082] proc_reg_read+0x240/0x330 [ 339.300248][T10082] ? __pfx_proc_reg_read+0x10/0x10 [ 339.300281][T10082] vfs_read+0x1e4/0xcf0 [ 339.300315][T10082] ? __pfx_vfs_read+0x10/0x10 [ 339.300339][T10082] ? find_held_lock+0x2b/0x80 [ 339.300365][T10082] ? __fget_files+0x204/0x3c0 [ 339.300396][T10082] ? __fget_files+0x20e/0x3c0 [ 339.300418][T10082] ? __fget_files+0x1f0/0x3c0 [ 339.300453][T10082] __x64_sys_pread64+0x1eb/0x250 [ 339.300481][T10082] ? __pfx___x64_sys_pread64+0x10/0x10 [ 339.300521][T10082] do_syscall_64+0xcd/0xfa0 [ 339.300552][T10082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.300577][T10082] RIP: 0033:0x7fb12338f6c9 [ 339.300597][T10082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.300620][T10082] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 339.300644][T10082] RAX: ffffffffffffffda RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 339.300661][T10082] RDX: 000000000000006d RSI: 0000000000000000 RDI: 0000000000000004 [ 339.300676][T10082] RBP: 00007fb12427e090 R08: 0000000000000000 R09: 0000000000000000 [ 339.300691][T10082] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 339.300706][T10082] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 339.300742][T10082] [ 340.400513][T10097] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1023'. [ 340.602572][T10103] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 342.907528][T10108] kexec: Could not allocate control_code_buffer [ 343.503975][T10152] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1034'. [ 344.403296][T10166] netlink: 'syz.1.1037': attribute type 1 has an invalid length. [ 344.455996][T10168] FAULT_INJECTION: forcing a failure. [ 344.455996][T10168] name failslab, interval 1, probability 0, space 0, times 0 [ 344.501406][T10168] CPU: 0 UID: 0 PID: 10168 Comm: syz.1.1037 Tainted: G I syzkaller #0 PREEMPT(full) [ 344.501450][T10168] Tainted: [I]=FIRMWARE_WORKAROUND [ 344.501460][T10168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 344.501476][T10168] Call Trace: [ 344.501484][T10168] [ 344.501493][T10168] dump_stack_lvl+0x16c/0x1f0 [ 344.501529][T10168] should_fail_ex+0x512/0x640 [ 344.501567][T10168] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 344.501599][T10168] should_failslab+0xc2/0x120 [ 344.501632][T10168] kmem_cache_alloc_noprof+0x75/0x6e0 [ 344.501658][T10168] ? alloc_empty_file+0x55/0x1e0 [ 344.501699][T10168] ? alloc_empty_file+0x55/0x1e0 [ 344.501732][T10168] alloc_empty_file+0x55/0x1e0 [ 344.501770][T10168] alloc_file_pseudo+0x13a/0x230 [ 344.501808][T10168] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 344.501843][T10168] ? alloc_fd+0x471/0x7d0 [ 344.501874][T10168] sock_alloc_file+0x50/0x210 [ 344.501903][T10168] __sys_socket+0x1c0/0x260 [ 344.501937][T10168] ? __pfx___sys_socket+0x10/0x10 [ 344.501970][T10168] ? xfd_validate_state+0x61/0x180 [ 344.502003][T10168] ? __pfx_ksys_read+0x10/0x10 [ 344.502037][T10168] __x64_sys_socket+0x72/0xb0 [ 344.502067][T10168] ? lockdep_hardirqs_on+0x7c/0x110 [ 344.502095][T10168] do_syscall_64+0xcd/0xfa0 [ 344.502125][T10168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.502150][T10168] RIP: 0033:0x7f642b58f6c9 [ 344.502172][T10168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.502196][T10168] RSP: 002b:00007f642c4d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 344.502219][T10168] RAX: ffffffffffffffda RBX: 00007f642b7e6090 RCX: 00007f642b58f6c9 [ 344.502237][T10168] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 344.502252][T10168] RBP: 00007f642b611f91 R08: 0000000000000000 R09: 0000000000000000 [ 344.502268][T10168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 344.502283][T10168] R13: 00007f642b7e6128 R14: 00007f642b7e6090 R15: 00007fff8379f128 [ 344.502319][T10168] [ 345.000332][T10177] FAULT_INJECTION: forcing a failure. [ 345.000332][T10177] name failslab, interval 1, probability 0, space 0, times 0 [ 345.000575][ T30] audit: type=1804 audit(4294986914.041:3): pid=10179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1040" name="/newroot/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw" dev="tracefs" ino=1189 res=1 errno=0 [ 345.019259][T10177] CPU: 0 UID: 0 PID: 10177 Comm: syz.1.1039 Tainted: G I syzkaller #0 PREEMPT(full) [ 345.019299][T10177] Tainted: [I]=FIRMWARE_WORKAROUND [ 345.019309][T10177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 345.019324][T10177] Call Trace: [ 345.019332][T10177] [ 345.019342][T10177] dump_stack_lvl+0x16c/0x1f0 [ 345.019378][T10177] should_fail_ex+0x512/0x640 [ 345.019413][T10177] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 345.019446][T10177] should_failslab+0xc2/0x120 [ 345.019477][T10177] kmem_cache_alloc_node_noprof+0x78/0x770 [ 345.019503][T10177] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 345.019540][T10177] ? alloc_unbound_pwq+0x3ff/0xe10 [ 345.019575][T10177] ? alloc_unbound_pwq+0x3ff/0xe10 [ 345.019598][T10177] alloc_unbound_pwq+0x3ff/0xe10 [ 345.019634][T10177] apply_wqattrs_prepare+0x3af/0xbd0 [ 345.019674][T10177] apply_workqueue_attrs_locked+0x64/0xe0 [ 345.019704][T10177] __alloc_workqueue+0xf3f/0x1810 [ 345.019740][T10177] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 345.019771][T10177] alloc_workqueue_noprof+0xd2/0x200 [ 345.019803][T10177] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 345.019844][T10177] ? __pfx___debug_object_init+0x10/0x10 [ 345.019882][T10177] nci_register_device+0x511/0xb80 [ 345.019909][T10177] ? __pfx_nci_register_device+0x10/0x10 [ 345.019938][T10177] ? lockdep_init_map_type+0x5c/0x280 [ 345.019978][T10177] virtual_ncidev_open+0x141/0x220 [ 345.020006][T10177] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 345.020033][T10177] misc_open+0x26d/0x450 [ 345.020077][T10177] ? __pfx_misc_open+0x10/0x10 [ 345.020113][T10177] chrdev_open+0x234/0x6a0 [ 345.020143][T10177] ? __pfx_apparmor_file_open+0x10/0x10 [ 345.020178][T10177] ? __pfx_chrdev_open+0x10/0x10 [ 345.020209][T10177] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 345.020245][T10177] do_dentry_open+0x982/0x1530 [ 345.020275][T10177] ? __pfx_chrdev_open+0x10/0x10 [ 345.020311][T10177] vfs_open+0x82/0x3f0 [ 345.020348][T10177] path_openat+0x1de4/0x2cb0 [ 345.020388][T10177] ? __pfx_path_openat+0x10/0x10 [ 345.020417][T10177] ? __lock_acquire+0xb8a/0x1c90 [ 345.020453][T10177] do_filp_open+0x20b/0x470 [ 345.020481][T10177] ? __pfx_do_filp_open+0x10/0x10 [ 345.020534][T10177] ? alloc_fd+0x471/0x7d0 [ 345.020568][T10177] do_sys_openat2+0x11b/0x1d0 [ 345.020603][T10177] ? __pfx_do_sys_openat2+0x10/0x10 [ 345.020651][T10177] __x64_sys_openat+0x174/0x210 [ 345.020685][T10177] ? __pfx___x64_sys_openat+0x10/0x10 [ 345.020734][T10177] do_syscall_64+0xcd/0xfa0 [ 345.020766][T10177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.020791][T10177] RIP: 0033:0x7f642b58f6c9 [ 345.020812][T10177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.020835][T10177] RSP: 002b:00007f642c4fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 345.020859][T10177] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58f6c9 [ 345.020876][T10177] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 345.020893][T10177] RBP: 00007f642b611f91 R08: 0000000000000000 R09: 0000000000000000 [ 345.020909][T10177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 345.020923][T10177] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 345.020960][T10177] [ 346.137434][T10202] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1045'. [ 347.225493][T10219] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 347.309338][ T938] smpboot: CPU 1 is now offline [ 347.581706][T10221] zswap: compressor not available [ 347.598981][T10225] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 347.885407][T10240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1052'. [ 348.231173][T10263] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1056'. [ 348.252308][T10243] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1053'. [ 349.270748][T10308] FAULT_INJECTION: forcing a failure. [ 349.270748][T10308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.332473][T10308] CPU: 0 UID: 0 PID: 10308 Comm: syz.1.1060 Tainted: G I syzkaller #0 PREEMPT(full) [ 349.332515][T10308] Tainted: [I]=FIRMWARE_WORKAROUND [ 349.332524][T10308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 349.332538][T10308] Call Trace: [ 349.332546][T10308] [ 349.332555][T10308] dump_stack_lvl+0x16c/0x1f0 [ 349.332588][T10308] should_fail_ex+0x512/0x640 [ 349.332626][T10308] _copy_from_user+0x2e/0xd0 [ 349.332662][T10308] video_usercopy+0x723/0x1450 [ 349.332693][T10308] ? __pfx___video_do_ioctl+0x10/0x10 [ 349.332722][T10308] ? __pfx_video_usercopy+0x10/0x10 [ 349.332772][T10308] v4l2_ioctl+0x1bd/0x250 [ 349.332798][T10308] ? __pfx_v4l2_ioctl+0x10/0x10 [ 349.332825][T10308] __x64_sys_ioctl+0x18e/0x210 [ 349.332862][T10308] do_syscall_64+0xcd/0xfa0 [ 349.332892][T10308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.332917][T10308] RIP: 0033:0x7f642b58f6c9 [ 349.332944][T10308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.332966][T10308] RSP: 002b:00007f642c4fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 349.332989][T10308] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58f6c9 [ 349.333006][T10308] RDX: 0000000000000000 RSI: 00000000c0585611 RDI: 0000000000000000 [ 349.333022][T10308] RBP: 00007f642c4fa090 R08: 0000000000000000 R09: 0000000000000000 [ 349.333037][T10308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.333052][T10308] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 349.333087][T10308] [ 350.714254][T10337] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1067'. [ 351.192560][T10349] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 351.447711][T10355] FAULT_INJECTION: forcing a failure. [ 351.447711][T10355] name failslab, interval 1, probability 0, space 0, times 0 [ 351.532308][T10355] CPU: 0 UID: 0 PID: 10355 Comm: syz.3.1072 Tainted: G I syzkaller #0 PREEMPT(full) [ 351.532351][T10355] Tainted: [I]=FIRMWARE_WORKAROUND [ 351.532361][T10355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 351.532376][T10355] Call Trace: [ 351.532386][T10355] [ 351.532396][T10355] dump_stack_lvl+0x16c/0x1f0 [ 351.532432][T10355] should_fail_ex+0x512/0x640 [ 351.532469][T10355] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 351.532500][T10355] should_failslab+0xc2/0x120 [ 351.532535][T10355] kmem_cache_alloc_noprof+0x75/0x6e0 [ 351.532561][T10355] ? __x64_sys_openat+0x174/0x210 [ 351.532595][T10355] ? do_syscall_64+0xcd/0xfa0 [ 351.532624][T10355] ? fuse_request_alloc+0x22/0x200 [ 351.532667][T10355] ? fuse_request_alloc+0x22/0x200 [ 351.532701][T10355] fuse_request_alloc+0x22/0x200 [ 351.532744][T10355] fuse_get_req+0x748/0xfd0 [ 351.532777][T10355] ? __pfx_fuse_get_req+0x10/0x10 [ 351.532820][T10355] fuse_simple_background+0x464/0x5f0 [ 351.532844][T10355] ? kasan_save_track+0x14/0x30 [ 351.532877][T10355] cuse_channel_open+0x561/0x7f0 [ 351.532908][T10355] ? __pfx_cuse_channel_open+0x10/0x10 [ 351.532941][T10355] misc_open+0x26d/0x450 [ 351.532978][T10355] ? __pfx_misc_open+0x10/0x10 [ 351.533013][T10355] chrdev_open+0x234/0x6a0 [ 351.533043][T10355] ? __pfx_apparmor_file_open+0x10/0x10 [ 351.533081][T10355] ? __pfx_chrdev_open+0x10/0x10 [ 351.533114][T10355] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 351.533150][T10355] do_dentry_open+0x982/0x1530 [ 351.533180][T10355] ? __pfx_chrdev_open+0x10/0x10 [ 351.533218][T10355] vfs_open+0x82/0x3f0 [ 351.533257][T10355] path_openat+0x1de4/0x2cb0 [ 351.533297][T10355] ? __pfx_path_openat+0x10/0x10 [ 351.533331][T10355] ? __lock_acquire+0xb8a/0x1c90 [ 351.533370][T10355] do_filp_open+0x20b/0x470 [ 351.533399][T10355] ? __pfx_do_filp_open+0x10/0x10 [ 351.533455][T10355] ? alloc_fd+0x471/0x7d0 [ 351.533492][T10355] do_sys_openat2+0x11b/0x1d0 [ 351.533528][T10355] ? __pfx_do_sys_openat2+0x10/0x10 [ 351.533577][T10355] __x64_sys_openat+0x174/0x210 [ 351.533615][T10355] ? __pfx___x64_sys_openat+0x10/0x10 [ 351.533665][T10355] do_syscall_64+0xcd/0xfa0 [ 351.533699][T10355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.533725][T10355] RIP: 0033:0x7ffbe3d8f6c9 [ 351.533754][T10355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.533780][T10355] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 351.533806][T10355] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 351.533824][T10355] RDX: 0000000000000000 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 351.533841][T10355] RBP: 00007ffbe3e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 351.533858][T10355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.533873][T10355] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 351.533912][T10355] [ 352.830942][T10386] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1080'. [ 353.234187][T10397] cougar: G6 mapped to F18 [ 353.498385][T10390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1078'. [ 354.204837][T10411] FAULT_INJECTION: forcing a failure. [ 354.204837][T10411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 354.257184][T10411] CPU: 0 UID: 0 PID: 10411 Comm: syz.0.1086 Tainted: G I syzkaller #0 PREEMPT(full) [ 354.257209][T10411] Tainted: [I]=FIRMWARE_WORKAROUND [ 354.257215][T10411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 354.257223][T10411] Call Trace: [ 354.257229][T10411] [ 354.257235][T10411] dump_stack_lvl+0x16c/0x1f0 [ 354.257263][T10411] should_fail_ex+0x512/0x640 [ 354.257289][T10411] _copy_from_user+0x2e/0xd0 [ 354.257312][T10411] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 354.257340][T10411] snd_rawmidi_write+0x26e/0xc10 [ 354.257365][T10411] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 354.257387][T10411] ? __pfx_default_wake_function+0x10/0x10 [ 354.257404][T10411] ? bpf_lsm_file_permission+0x9/0x10 [ 354.257420][T10411] ? security_file_permission+0x71/0x210 [ 354.257436][T10411] ? rw_verify_area+0xcf/0x6c0 [ 354.257451][T10411] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 354.257470][T10411] vfs_write+0x2a0/0x11d0 [ 354.257489][T10411] ? __pfx_vfs_write+0x10/0x10 [ 354.257502][T10411] ? find_held_lock+0x2b/0x80 [ 354.257517][T10411] ? __fget_files+0x204/0x3c0 [ 354.257533][T10411] ? __fget_files+0x20e/0x3c0 [ 354.257552][T10411] ksys_write+0x1f8/0x250 [ 354.257566][T10411] ? __pfx_ksys_write+0x10/0x10 [ 354.257586][T10411] do_syscall_64+0xcd/0xfa0 [ 354.257604][T10411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.257618][T10411] RIP: 0033:0x7fb12338f6c9 [ 354.257630][T10411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.257643][T10411] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 354.257657][T10411] RAX: ffffffffffffffda RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 354.257666][T10411] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000005 [ 354.257674][T10411] RBP: 00007fb123411f91 R08: 0000000000000000 R09: 0000000000000000 [ 354.257683][T10411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.257690][T10411] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 354.257709][T10411] [ 354.964901][T10424] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1090'. [ 354.975736][T10426] FAULT_INJECTION: forcing a failure. [ 354.975736][T10426] name failslab, interval 1, probability 0, space 0, times 0 [ 354.991713][T10426] CPU: 0 UID: 0 PID: 10426 Comm: syz.3.1089 Tainted: G I syzkaller #0 PREEMPT(full) [ 354.991751][T10426] Tainted: [I]=FIRMWARE_WORKAROUND [ 354.991761][T10426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 354.991776][T10426] Call Trace: [ 354.991784][T10426] [ 354.991794][T10426] dump_stack_lvl+0x16c/0x1f0 [ 354.991829][T10426] should_fail_ex+0x512/0x640 [ 354.991865][T10426] ? __kmalloc_node_noprof+0xcd/0x8a0 [ 354.991899][T10426] should_failslab+0xc2/0x120 [ 354.991933][T10426] __kmalloc_node_noprof+0xe0/0x8a0 [ 354.991961][T10426] ? rcu_is_watching+0x12/0xc0 [ 354.991987][T10426] ? get_callchain_buffers+0x1ec/0x450 [ 354.992021][T10426] ? get_callchain_buffers+0x81/0x450 [ 354.992061][T10426] ? get_callchain_buffers+0x1ec/0x450 [ 354.992095][T10426] get_callchain_buffers+0x1ec/0x450 [ 354.992135][T10426] stack_map_alloc+0x313/0x650 [ 354.992170][T10426] ? __pfx_stack_map_mem_usage+0x10/0x10 [ 354.992212][T10426] map_create+0x65c/0x27e0 [ 354.992248][T10426] ? __pfx_map_create+0x10/0x10 [ 354.992269][T10426] ? __might_fault+0xe3/0x190 [ 354.992293][T10426] ? __might_fault+0xe3/0x190 [ 354.992317][T10426] ? __might_fault+0x13b/0x190 [ 354.992357][T10426] __sys_bpf+0x3d9d/0x4980 [ 354.992383][T10426] ? futex_private_hash_put+0xd5/0x190 [ 354.992418][T10426] ? __pfx___sys_bpf+0x10/0x10 [ 354.992445][T10426] ? __pfx_futex_wait+0x10/0x10 [ 354.992489][T10426] ? do_futex+0x122/0x350 [ 354.992540][T10426] ? fput+0x9b/0xd0 [ 354.992575][T10426] ? xfd_validate_state+0x61/0x180 [ 354.992607][T10426] ? __pfx_ksys_write+0x10/0x10 [ 354.992642][T10426] __x64_sys_bpf+0x78/0xc0 [ 354.992668][T10426] ? lockdep_hardirqs_on+0x7c/0x110 [ 354.992699][T10426] do_syscall_64+0xcd/0xfa0 [ 354.992731][T10426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.992757][T10426] RIP: 0033:0x7ffbe3d8f6c9 [ 354.992777][T10426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.992802][T10426] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 354.992826][T10426] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 354.992844][T10426] RDX: 00000000000004f4 RSI: 0000200000000100 RDI: 0000000000000000 [ 354.992860][T10426] RBP: 00007ffbe3e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 354.992875][T10426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.992890][T10426] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 354.992927][T10426] [ 357.155937][T10463] debugfs: 'pty66' already exists in 'caif_serial' [ 357.207861][T10464] FAULT_INJECTION: forcing a failure. [ 357.207861][T10464] name failslab, interval 1, probability 0, space 0, times 0 [ 357.225104][T10464] CPU: 1 UID: 0 PID: 10464 Comm: syz.3.1100 Tainted: G I syzkaller #0 PREEMPT(full) [ 357.225141][T10464] Tainted: [I]=FIRMWARE_WORKAROUND [ 357.225149][T10464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 357.225163][T10464] Call Trace: [ 357.225170][T10464] [ 357.225180][T10464] dump_stack_lvl+0x16c/0x1f0 [ 357.225212][T10464] should_fail_ex+0x512/0x640 [ 357.225252][T10464] ? fs_reclaim_acquire+0xae/0x150 [ 357.225285][T10464] should_failslab+0xc2/0x120 [ 357.225315][T10464] __kmalloc_noprof+0xdd/0x880 [ 357.225351][T10464] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 357.225384][T10464] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 357.225409][T10464] tomoyo_realpath_from_path+0xc2/0x6e0 [ 357.225439][T10464] ? tomoyo_profile+0x47/0x60 [ 357.225472][T10464] tomoyo_path_number_perm+0x245/0x580 [ 357.225505][T10464] ? tomoyo_path_number_perm+0x237/0x580 [ 357.225544][T10464] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 357.225581][T10464] ? find_held_lock+0x2b/0x80 [ 357.225634][T10464] ? find_held_lock+0x2b/0x80 [ 357.225657][T10464] ? hook_file_ioctl_common+0x145/0x410 [ 357.225689][T10464] ? __fget_files+0x20e/0x3c0 [ 357.225716][T10464] security_file_ioctl+0x9b/0x240 [ 357.225741][T10464] __x64_sys_ioctl+0xb7/0x210 [ 357.225777][T10464] do_syscall_64+0xcd/0xfa0 [ 357.225806][T10464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.225830][T10464] RIP: 0033:0x7ffbe3d8f6c9 [ 357.225851][T10464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.225873][T10464] RSP: 002b:00007ffbe4cdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 357.225896][T10464] RAX: ffffffffffffffda RBX: 00007ffbe3fe6090 RCX: 00007ffbe3d8f6c9 [ 357.225912][T10464] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000012 [ 357.225926][T10464] RBP: 00007ffbe4cdd090 R08: 0000000000000000 R09: 0000000000000000 [ 357.225940][T10464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.225955][T10464] R13: 00007ffbe3fe6128 R14: 00007ffbe3fe6090 R15: 00007ffee16df3f8 [ 357.225989][T10464] [ 357.225998][T10464] ERROR: Out of memory at tomoyo_realpath_from_path. [ 357.710494][T10473] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1103'. [ 357.867842][T10481] FAULT_INJECTION: forcing a failure. [ 357.867842][T10481] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 357.892117][T10481] CPU: 0 UID: 0 PID: 10481 Comm: syz.1.1107 Tainted: G I syzkaller #0 PREEMPT(full) [ 357.892156][T10481] Tainted: [I]=FIRMWARE_WORKAROUND [ 357.892165][T10481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 357.892178][T10481] Call Trace: [ 357.892186][T10481] [ 357.892196][T10481] dump_stack_lvl+0x16c/0x1f0 [ 357.892229][T10481] should_fail_ex+0x512/0x640 [ 357.892269][T10481] _copy_to_user+0x32/0xd0 [ 357.892307][T10481] simple_read_from_buffer+0xcb/0x170 [ 357.892346][T10481] proc_fail_nth_read+0x197/0x240 [ 357.892374][T10481] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 357.892403][T10481] ? rw_verify_area+0xcf/0x6c0 [ 357.892426][T10481] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 357.892453][T10481] vfs_read+0x1e4/0xcf0 [ 357.892484][T10481] ? __pfx___mutex_lock+0x10/0x10 [ 357.892513][T10481] ? __pfx_vfs_read+0x10/0x10 [ 357.892549][T10481] ? __fget_files+0x20e/0x3c0 [ 357.892583][T10481] ksys_read+0x12a/0x250 [ 357.892607][T10481] ? __pfx_ksys_read+0x10/0x10 [ 357.892641][T10481] do_syscall_64+0xcd/0xfa0 [ 357.892670][T10481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.892694][T10481] RIP: 0033:0x7f642b58e0dc [ 357.892715][T10481] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 357.892738][T10481] RSP: 002b:00007f642c4fa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 357.892761][T10481] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58e0dc [ 357.892778][T10481] RDX: 000000000000000f RSI: 00007f642c4fa0a0 RDI: 0000000000000004 [ 357.892793][T10481] RBP: 00007f642c4fa090 R08: 0000000000000000 R09: 0000000000000000 [ 357.892808][T10481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.892822][T10481] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 357.892858][T10481] [ 358.872821][T10498] FAULT_INJECTION: forcing a failure. [ 358.872821][T10498] name failslab, interval 1, probability 0, space 0, times 0 [ 358.906606][T10498] CPU: 1 UID: 0 PID: 10498 Comm: syz.0.1112 Tainted: G I syzkaller #0 PREEMPT(full) [ 358.906648][T10498] Tainted: [I]=FIRMWARE_WORKAROUND [ 358.906658][T10498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 358.906673][T10498] Call Trace: [ 358.906681][T10498] [ 358.906692][T10498] dump_stack_lvl+0x16c/0x1f0 [ 358.906728][T10498] should_fail_ex+0x512/0x640 [ 358.906763][T10498] ? __kmalloc_cache_noprof+0x5f/0x780 [ 358.906791][T10498] should_failslab+0xc2/0x120 [ 358.906824][T10498] __kmalloc_cache_noprof+0x72/0x780 [ 358.906847][T10498] ? drm_atomic_state_alloc+0xb8/0x120 [ 358.906891][T10498] ? drm_atomic_state_alloc+0xb8/0x120 [ 358.906926][T10498] drm_atomic_state_alloc+0xb8/0x120 [ 358.906963][T10498] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 358.906998][T10498] ? __pfx___might_resched+0x10/0x10 [ 358.907035][T10498] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 358.907070][T10498] ? __mutex_lock+0x1c5/0x1060 [ 358.907108][T10498] ? rcu_is_watching+0x12/0xc0 [ 358.907170][T10498] drm_client_modeset_commit_locked+0x14d/0x580 [ 358.907214][T10498] drm_client_modeset_commit+0x4f/0x80 [ 358.907253][T10498] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 358.907290][T10498] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 358.907321][T10498] drm_fbdev_client_restore+0x2c/0x40 [ 358.907350][T10498] drm_client_dev_restore+0x1f6/0x2a0 [ 358.907391][T10498] drm_release+0x2c4/0x360 [ 358.907426][T10498] ? __pfx_drm_release+0x10/0x10 [ 358.907457][T10498] __fput+0x402/0xb70 [ 358.907498][T10498] task_work_run+0x150/0x240 [ 358.907535][T10498] ? __pfx_task_work_run+0x10/0x10 [ 358.907571][T10498] ? __pfx___do_sys_close_range+0x10/0x10 [ 358.907606][T10498] exit_to_user_mode_loop+0xec/0x130 [ 358.907643][T10498] do_syscall_64+0x426/0xfa0 [ 358.907675][T10498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.907700][T10498] RIP: 0033:0x7fb12338f6c9 [ 358.907721][T10498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.907745][T10498] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 358.907769][T10498] RAX: 0000000000000000 RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 358.907785][T10498] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 358.907799][T10498] RBP: 00007fb123411f91 R08: 0000000000000000 R09: 0000000000000000 [ 358.907814][T10498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.907829][T10498] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 358.907865][T10498] [ 359.305585][T10504] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1116'. [ 359.319910][T10502] FAULT_INJECTION: forcing a failure. [ 359.319910][T10502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 359.333758][T10502] CPU: 1 UID: 0 PID: 10502 Comm: syz.3.1115 Tainted: G I syzkaller #0 PREEMPT(full) [ 359.333782][T10502] Tainted: [I]=FIRMWARE_WORKAROUND [ 359.333787][T10502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 359.333795][T10502] Call Trace: [ 359.333800][T10502] [ 359.333805][T10502] dump_stack_lvl+0x16c/0x1f0 [ 359.333827][T10502] should_fail_ex+0x512/0x640 [ 359.333851][T10502] _copy_to_user+0x32/0xd0 [ 359.333875][T10502] simple_read_from_buffer+0xcb/0x170 [ 359.333899][T10502] proc_fail_nth_read+0x197/0x240 [ 359.333916][T10502] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 359.333932][T10502] ? rw_verify_area+0xcf/0x6c0 [ 359.333946][T10502] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 359.333961][T10502] vfs_read+0x1e4/0xcf0 [ 359.333978][T10502] ? __pfx___mutex_lock+0x10/0x10 [ 359.333997][T10502] ? __pfx_vfs_read+0x10/0x10 [ 359.334017][T10502] ? __fget_files+0x20e/0x3c0 [ 359.334037][T10502] ksys_read+0x12a/0x250 [ 359.334058][T10502] ? __pfx_ksys_read+0x10/0x10 [ 359.334079][T10502] do_syscall_64+0xcd/0xfa0 [ 359.334098][T10502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.334112][T10502] RIP: 0033:0x7ffbe3d8e0dc [ 359.334124][T10502] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 359.334138][T10502] RSP: 002b:00007ffbe4cfe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 359.334152][T10502] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8e0dc [ 359.334161][T10502] RDX: 000000000000000f RSI: 00007ffbe4cfe0a0 RDI: 0000000000000004 [ 359.334169][T10502] RBP: 00007ffbe4cfe090 R08: 0000000000000000 R09: 0000000000000000 [ 359.334178][T10502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.334186][T10502] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 359.334205][T10502] [ 360.116568][T10520] FAULT_INJECTION: forcing a failure. [ 360.116568][T10520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 360.157101][T10520] CPU: 0 UID: 0 PID: 10520 Comm: syz.2.1120 Tainted: G I syzkaller #0 PREEMPT(full) [ 360.157139][T10520] Tainted: [I]=FIRMWARE_WORKAROUND [ 360.157148][T10520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 360.157160][T10520] Call Trace: [ 360.157168][T10520] [ 360.157177][T10520] dump_stack_lvl+0x16c/0x1f0 [ 360.157210][T10520] should_fail_ex+0x512/0x640 [ 360.157249][T10520] _copy_to_user+0x32/0xd0 [ 360.157286][T10520] simple_read_from_buffer+0xcb/0x170 [ 360.157324][T10520] proc_fail_nth_read+0x197/0x240 [ 360.157351][T10520] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 360.157380][T10520] ? rw_verify_area+0xcf/0x6c0 [ 360.157403][T10520] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 360.157429][T10520] vfs_read+0x1e4/0xcf0 [ 360.157459][T10520] ? __pfx___mutex_lock+0x10/0x10 [ 360.157488][T10520] ? __pfx_vfs_read+0x10/0x10 [ 360.157521][T10520] ? __fget_files+0x20e/0x3c0 [ 360.157555][T10520] ksys_read+0x12a/0x250 [ 360.157578][T10520] ? __pfx_ksys_read+0x10/0x10 [ 360.157614][T10520] do_syscall_64+0xcd/0xfa0 [ 360.157644][T10520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.157666][T10520] RIP: 0033:0x7f319898e0dc [ 360.157686][T10520] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 360.157709][T10520] RSP: 002b:00007f319980b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 360.157731][T10520] RAX: ffffffffffffffda RBX: 00007f3198be5fa0 RCX: 00007f319898e0dc [ 360.157747][T10520] RDX: 000000000000000f RSI: 00007f319980b0a0 RDI: 0000000000000004 [ 360.157761][T10520] RBP: 00007f319980b090 R08: 0000000000000000 R09: 0000000000000000 [ 360.157775][T10520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 360.157797][T10520] R13: 00007f3198be6038 R14: 00007f3198be5fa0 R15: 00007ffd310c5ef8 [ 360.157831][T10520] [ 360.790931][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1124'. [ 361.068223][T10535] random: crng reseeded on system resumption [ 361.427214][T10543] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1129'. [ 361.450242][T10545] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1130'. [ 361.465029][T10545] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1130'. [ 361.770469][T10550] FAULT_INJECTION: forcing a failure. [ 361.770469][T10550] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 361.796271][T10550] CPU: 0 UID: 0 PID: 10550 Comm: syz.3.1131 Tainted: G I syzkaller #0 PREEMPT(full) [ 361.796308][T10550] Tainted: [I]=FIRMWARE_WORKAROUND [ 361.796317][T10550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 361.796329][T10550] Call Trace: [ 361.796338][T10550] [ 361.796346][T10550] dump_stack_lvl+0x16c/0x1f0 [ 361.796379][T10550] should_fail_ex+0x512/0x640 [ 361.796417][T10550] strncpy_from_user+0x3b/0x2e0 [ 361.796454][T10550] getname_flags.part.0+0x8f/0x550 [ 361.796492][T10550] getname_flags+0x93/0xf0 [ 361.796516][T10550] do_sys_openat2+0xb8/0x1d0 [ 361.796549][T10550] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.796584][T10550] ? __fget_files+0x20e/0x3c0 [ 361.796614][T10550] __x64_sys_openat+0x174/0x210 [ 361.796648][T10550] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.796678][T10550] ? ksys_write+0x1ac/0x250 [ 361.796712][T10550] do_syscall_64+0xcd/0xfa0 [ 361.796740][T10550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.796763][T10550] RIP: 0033:0x7ffbe3d8f6c9 [ 361.796780][T10550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.796801][T10550] RSP: 002b:00007ffbe4cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.796823][T10550] RAX: ffffffffffffffda RBX: 00007ffbe3fe5fa0 RCX: 00007ffbe3d8f6c9 [ 361.796846][T10550] RDX: 0000000000004000 RSI: 00002000000010c0 RDI: ffffffffffffff9c [ 361.796861][T10550] RBP: 00007ffbe4cfe090 R08: 0000000000000000 R09: 0000000000000000 [ 361.796874][T10550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 361.796889][T10550] R13: 00007ffbe3fe6038 R14: 00007ffbe3fe5fa0 R15: 00007ffee16df3f8 [ 361.796922][T10550] [ 362.042818][T10542] zswap: compressor not available [ 362.201969][T10539] block2mtd: illegal erase size [ 363.182216][T10583] random: crng reseeded on system resumption [ 363.478128][T10590] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1139'. [ 364.241080][T10587] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 364.247271][T10587] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 364.253457][T10587] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 364.260022][T10587] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 364.271877][T10598] random: crng reseeded on system resumption [ 364.454328][T10602] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1141'. [ 364.864214][T10618] Invalid ELF header magic: != ELF [ 364.993952][T10623] random: crng reseeded on system resumption [ 365.551300][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 366.268922][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 366.269132][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 366.339331][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 366.390332][T10653] random: crng reseeded on system resumption [ 366.451362][T10655] FAULT_INJECTION: forcing a failure. [ 366.451362][T10655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 366.472750][T10655] CPU: 1 UID: 0 PID: 10655 Comm: syz.1.1156 Tainted: G I syzkaller #0 PREEMPT(full) [ 366.472772][T10655] Tainted: [I]=FIRMWARE_WORKAROUND [ 366.472777][T10655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 366.472795][T10655] Call Trace: [ 366.472800][T10655] [ 366.472806][T10655] dump_stack_lvl+0x16c/0x1f0 [ 366.472827][T10655] should_fail_ex+0x512/0x640 [ 366.472852][T10655] _copy_from_user+0x2e/0xd0 [ 366.472875][T10655] core_sys_select+0x35b/0xc20 [ 366.472894][T10655] ? __pfx_core_sys_select+0x10/0x10 [ 366.472912][T10655] ? proc_fail_nth_write+0x9f/0x220 [ 366.472943][T10655] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 366.472966][T10655] kern_select+0x15d/0x1e0 [ 366.472980][T10655] ? __pfx_kern_select+0x10/0x10 [ 366.472995][T10655] ? __pfx_ksys_write+0x10/0x10 [ 366.473014][T10655] __x64_sys_select+0xbd/0x160 [ 366.473027][T10655] ? do_syscall_64+0x91/0xfa0 [ 366.473043][T10655] ? lockdep_hardirqs_on+0x7c/0x110 [ 366.473059][T10655] do_syscall_64+0xcd/0xfa0 [ 366.473077][T10655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.473091][T10655] RIP: 0033:0x7f642b58f6c9 [ 366.473103][T10655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.473117][T10655] RSP: 002b:00007f642c497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 366.473130][T10655] RAX: ffffffffffffffda RBX: 00007f642b7e6270 RCX: 00007f642b58f6c9 [ 366.473140][T10655] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 366.473148][T10655] RBP: 00007f642c497090 R08: 0000000000000000 R09: 0000000000000000 [ 366.473156][T10655] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 366.473165][T10655] R13: 00007f642b7e6308 R14: 00007f642b7e6270 R15: 00007fff8379f128 [ 366.473183][T10655] [ 367.415739][T10669] FAULT_INJECTION: forcing a failure. [ 367.415739][T10669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.460330][T10669] CPU: 1 UID: 0 PID: 10669 Comm: syz.1.1161 Tainted: G I syzkaller #0 PREEMPT(full) [ 367.460367][T10669] Tainted: [I]=FIRMWARE_WORKAROUND [ 367.460375][T10669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 367.460389][T10669] Call Trace: [ 367.460396][T10669] [ 367.460406][T10669] dump_stack_lvl+0x16c/0x1f0 [ 367.460437][T10669] should_fail_ex+0x512/0x640 [ 367.460475][T10669] _copy_from_user+0x2e/0xd0 [ 367.460509][T10669] set_selection_user+0x83/0x140 [ 367.460532][T10669] ? __pfx_set_selection_user+0x10/0x10 [ 367.460558][T10669] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 367.460598][T10669] tioclinux+0x2b1/0x640 [ 367.460628][T10669] vt_ioctl+0x1fdf/0x30a0 [ 367.460658][T10669] ? lockdep_hardirqs_on+0x7c/0x110 [ 367.460690][T10669] ? __pfx_vt_ioctl+0x10/0x10 [ 367.460722][T10669] ? tomoyo_path_number_perm+0x295/0x580 [ 367.460765][T10669] ? tomoyo_path_number_perm+0x18d/0x580 [ 367.460804][T10669] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 367.460842][T10669] ? find_held_lock+0x2b/0x80 [ 367.460868][T10669] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 367.460907][T10669] ? tty_jobctrl_ioctl+0x152/0xe00 [ 367.460942][T10669] ? __pfx_vt_ioctl+0x10/0x10 [ 367.460971][T10669] tty_ioctl+0x661/0x1680 [ 367.460999][T10669] ? __pfx_tty_ioctl+0x10/0x10 [ 367.461035][T10669] ? find_held_lock+0x2b/0x80 [ 367.461058][T10669] ? hook_file_ioctl_common+0x145/0x410 [ 367.461090][T10669] ? __fget_files+0x20e/0x3c0 [ 367.461133][T10669] ? __pfx_tty_ioctl+0x10/0x10 [ 367.461160][T10669] __x64_sys_ioctl+0x18e/0x210 [ 367.461197][T10669] do_syscall_64+0xcd/0xfa0 [ 367.461227][T10669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.461252][T10669] RIP: 0033:0x7f642b58f6c9 [ 367.461271][T10669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.461294][T10669] RSP: 002b:00007f642c4fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 367.461317][T10669] RAX: ffffffffffffffda RBX: 00007f642b7e5fa0 RCX: 00007f642b58f6c9 [ 367.461334][T10669] RDX: 0000000000000000 RSI: 000000000000541c RDI: 0000000000000001 [ 367.461348][T10669] RBP: 00007f642c4fa090 R08: 0000000000000000 R09: 0000000000000000 [ 367.461363][T10669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.461377][T10669] R13: 00007f642b7e6038 R14: 00007f642b7e5fa0 R15: 00007fff8379f128 [ 367.461412][T10669] [ 368.567240][T10691] random: crng reseeded on system resumption [ 369.463235][T10703] random: crng reseeded on system resumption [ 369.804365][T10709] Invalid ELF header magic: != ELF [ 369.900222][T10711] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 369.921542][T10711] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 369.961320][T10711] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 369.997560][T10711] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 370.239925][T10719] [ 370.242257][T10719] ====================================================== [ 370.249255][T10719] WARNING: possible circular locking dependency detected [ 370.256251][T10719] syzkaller #0 Tainted: G I [ 370.262207][T10719] ------------------------------------------------------ [ 370.269203][T10719] syz.0.1173/10719 is trying to acquire lock: [ 370.275252][T10719] ffff888140450220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 370.285412][T10719] [ 370.285412][T10719] but task is already holding lock: [ 370.292777][T10719] ffff888025c7ec98 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 370.303982][T10719] [ 370.303982][T10719] which lock already depends on the new lock. [ 370.303982][T10719] [ 370.314362][T10719] [ 370.314362][T10719] the existing dependency chain (in reverse order) is: [ 370.323353][T10719] [ 370.323353][T10719] -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 370.331940][T10719] blk_alloc_queue+0x619/0x760 [ 370.337207][T10719] blk_mq_alloc_queue+0x172/0x280 [ 370.342761][T10719] __blk_mq_alloc_disk+0x29/0x120 [ 370.348295][T10719] loop_add+0x490/0xb70 [ 370.352952][T10719] loop_init+0x164/0x270 [ 370.357699][T10719] do_one_initcall+0x123/0x6e0 [ 370.362969][T10719] kernel_init_freeable+0x5c8/0x920 [ 370.368682][T10719] kernel_init+0x1c/0x2b0 [ 370.373522][T10719] ret_from_fork+0x675/0x7d0 [ 370.378621][T10719] ret_from_fork_asm+0x1a/0x30 [ 370.383890][T10719] [ 370.383890][T10719] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 370.391081][T10719] fs_reclaim_acquire+0x102/0x150 [ 370.396614][T10719] kmem_cache_alloc_noprof+0x5b/0x6e0 [ 370.402490][T10719] __kernfs_iattrs+0x124/0x3e0 [ 370.407766][T10719] __kernfs_setattr+0x4d/0x3c0 [ 370.413040][T10719] kernfs_iop_setattr+0xda/0x120 [ 370.418484][T10719] notify_change+0x6d2/0x12a0 [ 370.423671][T10719] do_truncate+0x1d7/0x230 [ 370.428592][T10719] path_openat+0x2678/0x2cb0 [ 370.433683][T10719] do_filp_open+0x20b/0x470 [ 370.438688][T10719] do_sys_openat2+0x11b/0x1d0 [ 370.443874][T10719] __x64_sys_openat+0x174/0x210 [ 370.449237][T10719] do_syscall_64+0xcd/0xfa0 [ 370.454244][T10719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.460640][T10719] [ 370.460640][T10719] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 370.469131][T10719] __lock_acquire+0x126f/0x1c90 [ 370.474497][T10719] lock_acquire+0x179/0x350 [ 370.479507][T10719] down_read+0x9b/0x480 [ 370.484172][T10719] kernfs_iop_getattr+0x9c/0xf0 [ 370.489527][T10719] vfs_getattr_nosec+0x2ac/0x430 [ 370.494973][T10719] vfs_getattr+0x4a/0x60 [ 370.499722][T10719] loop_query_min_dio_size.isra.0+0x117/0x250 [ 370.506291][T10719] lo_ioctl+0x1430/0x1cb0 [ 370.511123][T10719] blkdev_ioctl+0x277/0x6d0 [ 370.516128][T10719] __x64_sys_ioctl+0x18e/0x210 [ 370.521401][T10719] do_syscall_64+0xcd/0xfa0 [ 370.526415][T10719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.532816][T10719] [ 370.532816][T10719] other info that might help us debug this: [ 370.532816][T10719] [ 370.543036][T10719] Chain exists of: [ 370.543036][T10719] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#23 [ 370.543036][T10719] [ 370.557446][T10719] Possible unsafe locking scenario: [ 370.557446][T10719] [ 370.564874][T10719] CPU0 CPU1 [ 370.570218][T10719] ---- ---- [ 370.575562][T10719] lock(&q->q_usage_counter(io)#23); [ 370.580918][T10719] lock(fs_reclaim); [ 370.587397][T10719] lock(&q->q_usage_counter(io)#23); [ 370.595273][T10719] rlock(&root->kernfs_iattr_rwsem); [ 370.600626][T10719] [ 370.600626][T10719] *** DEADLOCK *** [ 370.600626][T10719] [ 370.608745][T10719] 3 locks held by syz.0.1173/10719: [ 370.613918][T10719] #0: ffff888142f6d440 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 370.624086][T10719] #1: ffff888025c7ec98 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 370.635734][T10719] #2: ffff888025c7ecd0 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 370.647547][T10719] [ 370.647547][T10719] stack backtrace: [ 370.653416][T10719] CPU: 0 UID: 0 PID: 10719 Comm: syz.0.1173 Tainted: G I syzkaller #0 PREEMPT(full) [ 370.653437][T10719] Tainted: [I]=FIRMWARE_WORKAROUND [ 370.653443][T10719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 370.653451][T10719] Call Trace: [ 370.653457][T10719] [ 370.653464][T10719] dump_stack_lvl+0x116/0x1f0 [ 370.653483][T10719] print_circular_bug+0x275/0x350 [ 370.653503][T10719] check_noncircular+0x14c/0x170 [ 370.653523][T10719] __lock_acquire+0x126f/0x1c90 [ 370.653545][T10719] lock_acquire+0x179/0x350 [ 370.653563][T10719] ? kernfs_iop_getattr+0x9c/0xf0 [ 370.653581][T10719] ? __pfx___might_resched+0x10/0x10 [ 370.653597][T10719] down_read+0x9b/0x480 [ 370.653615][T10719] ? kernfs_iop_getattr+0x9c/0xf0 [ 370.653631][T10719] ? find_held_lock+0x2b/0x80 [ 370.653644][T10719] ? __pfx_down_read+0x10/0x10 [ 370.653662][T10719] ? kernfs_root+0xee/0x2a0 [ 370.653679][T10719] kernfs_iop_getattr+0x9c/0xf0 [ 370.653695][T10719] vfs_getattr_nosec+0x2ac/0x430 [ 370.653714][T10719] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 370.653730][T10719] vfs_getattr+0x4a/0x60 [ 370.653748][T10719] loop_query_min_dio_size.isra.0+0x117/0x250 [ 370.653765][T10719] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 370.653780][T10719] ? mark_held_locks+0x49/0x80 [ 370.653803][T10719] ? blk_freeze_queue_start+0xec/0x140 [ 370.653823][T10719] lo_ioctl+0x1430/0x1cb0 [ 370.653839][T10719] ? __pfx_lo_ioctl+0x10/0x10 [ 370.653854][T10719] ? kasan_quarantine_put+0x10a/0x240 [ 370.653870][T10719] ? lockdep_hardirqs_on+0x7c/0x110 [ 370.653886][T10719] ? blk_get_meta_cap+0xbc/0x700 [ 370.653901][T10719] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 370.653918][T10719] ? blkdev_common_ioctl+0x1d6/0x2470 [ 370.653932][T10719] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 370.653955][T10719] ? futex_wake+0x1ad/0x530 [ 370.653976][T10719] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 370.653992][T10719] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 370.654015][T10719] ? do_vfs_ioctl+0x128/0x14f0 [ 370.654035][T10719] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 370.654062][T10719] ? __pfx_lo_ioctl+0x10/0x10 [ 370.654085][T10719] blkdev_ioctl+0x277/0x6d0 [ 370.654108][T10719] ? __pfx_blkdev_ioctl+0x10/0x10 [ 370.654133][T10719] ? __pfx_blkdev_ioctl+0x10/0x10 [ 370.654150][T10719] __x64_sys_ioctl+0x18e/0x210 [ 370.654170][T10719] do_syscall_64+0xcd/0xfa0 [ 370.654187][T10719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.654201][T10719] RIP: 0033:0x7fb12338f6c9 [ 370.654213][T10719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.654227][T10719] RSP: 002b:00007fb12427e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 370.654240][T10719] RAX: ffffffffffffffda RBX: 00007fb1235e5fa0 RCX: 00007fb12338f6c9 [ 370.654249][T10719] RDX: 0000000000000000 RSI: 0000000000004c06 RDI: 0000000000000005 [ 370.654258][T10719] RBP: 00007fb123411f91 R08: 0000000000000000 R09: 0000000000000000 [ 370.654266][T10719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.654274][T10719] R13: 00007fb1235e6038 R14: 00007fb1235e5fa0 R15: 00007fff5f55c228 [ 370.654288][T10719] [ 371.939297][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout [ 371.939345][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 372.029322][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 372.030828][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout [ 377.141060][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.147356][ T1302] ieee802154 phy1 wpan1: encryption failed: -22