last executing test programs: 6m34.20466181s ago: executing program 0 (id=11480): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f1, 0x24) 6m33.056553988s ago: executing program 0 (id=11484): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20443, 0x0) fadvise64$auto_POSIX_FADV_DONTNEED(r0, 0x9, 0x7, 0x4) setresgid$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) ioctl$auto(0x3, 0x80087601, 0x38) 6m32.701521327s ago: executing program 0 (id=11488): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x21}}, 0x40) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 6m32.478535434s ago: executing program 0 (id=11489): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 6m31.849987003s ago: executing program 0 (id=11494): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) fstat$auto(r0, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytd\x00', 0x800, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) 6m29.781234805s ago: executing program 0 (id=11500): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) io_submit$auto(0x9, 0xfffffffffffffffa, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) io_uring_setup$auto(0x1, 0x0) 6m29.238275006s ago: executing program 32 (id=11500): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) io_submit$auto(0x9, 0xfffffffffffffffa, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) io_uring_setup$auto(0x1, 0x0) 4m36.089580427s ago: executing program 4 (id=12195): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ocfs2/max_locking_protocol\x00', 0xa2500, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) 4m35.903199105s ago: executing program 4 (id=12197): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40040}, 0x800) socketpair$auto(0x4004, 0x5, 0xfffffffc, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}, 0x3}, 0x55) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x4, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4m35.741454051s ago: executing program 4 (id=12200): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x2242, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x1) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x400082, 0x0) bpf$auto(0x0, 0x0, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x2, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x4000083, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000002}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) 4m35.465341185s ago: executing program 4 (id=12203): sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a00010000000000000000000600070001"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4008810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1d"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x804) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x89}, 0x7}, 0x3, 0x0) 4m35.148486615s ago: executing program 4 (id=12205): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 4m34.764936276s ago: executing program 4 (id=12206): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000540)={0x1, 0x0, [{0x48, 0xfffffffe, 0x7}]}) 4m19.640409461s ago: executing program 33 (id=12206): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000540)={0x1, 0x0, [{0x48, 0xfffffffe, 0x7}]}) 3.607734815s ago: executing program 3 (id=13846): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) msgctl$auto_MSG_INFO(0x10, 0xc, 0x0) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x40100, 0x0) clone$auto(0x20003b46, 0x401, 0x0, 0x0, 0x2) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 3.491245402s ago: executing program 3 (id=13847): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24044010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x0, 0x2003}}, 0x0) sysfs$auto(0x2, 0x1f, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.120075303s ago: executing program 2 (id=13849): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0xa, 0x6, 0x3a) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/mem\x00', 0x924c3, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0xfff, &(0x7f00000000c0)={0x0, 0x1feff}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) 3.049218638s ago: executing program 1 (id=13850): waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x5, 0x0) setitimer$auto_ITIMER_VIRTUAL(0x1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x3, 0x3c) bpf$auto(0x6, 0x0, 0x101) write$auto(r0, 0x0, 0x263f) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4188aea7, &(0x7f00000000c0)={0x9}) 3.019591922s ago: executing program 3 (id=13852): fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(0xffffffffffffffff, 0x800, &(0x7f0000000140)='/sys/bus/pci/drivers/vmwgfx/new_id\x00', 0x0, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0xc000) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) shmctl$auto_SHM_STAT(0x92, 0xd, &(0x7f0000000140)={{0x9, 0xffffffffffffffff, 0xee01, 0x69a, 0x400, 0x7, 0x9}, 0x0, 0x5, 0x5, 0x9, @raw=0x4, @raw=0x1000, 0x1, 0x0, 0x0, 0x0}) r0 = openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker_raw\x00', 0xc05, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, &(0x7f00000010c0), 0x800, 0x0) read$auto(r1, 0x0, 0x20) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/ad_actor_system\x00', 0x0, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x9, 0xffffffffffffffff, [], {0x6, 0xa, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x40000000002}, {0xff, 0x1, 0x52, 0x5, 0x2000001, 0x40, 0x4, 0x8, 0x100000004}}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) writev$auto(r0, &(0x7f0000000140)={0x0, 0x6}, 0x4) 2.809896301s ago: executing program 1 (id=13853): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.7/usb8/ep_00/direction\x00', 0x20400, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x64842, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(0x3, 0x8924, 0x10000000000402) 2.708510192s ago: executing program 2 (id=13854): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r3, @ANYBLOB="18000000", @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r2, &(0x7f0000000000)='-\x00', 0x30) 2.650256051s ago: executing program 5 (id=13855): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb5f0, 0x7352, 0x36, 0x65f, 0x80000001, 0x7, 0x3, 0x2, 0x7, 0x7, 0x0, 0x4, 0xb4, 0x3, 0x9, 0x10003, 0x80, 0x8, 0x0, 0x7, 0x2000, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, [0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x1fe, 0x5) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x801, 0x84) r0 = socket(0x2, 0x3, 0x1) connect$auto(r0, &(0x7f0000000040)=@hci={0x1f, 0x4, 0x4}, 0x2) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x7, @local}, 0x55) capget$auto(0x0, 0xfffffffffffffffe) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1f, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.570360875s ago: executing program 1 (id=13856): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, 0x0, 0x21) bind$auto(0xffffffffffffffff, &(0x7f0000000200)=@generic={0x11, "0000100000000000929e006300"}, 0x80) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open$dir(0x0, 0x42, 0x20) bpf$auto(0x9, 0x0, 0x121) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8000, 0x1, 0x8, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "787d66da4a620eab7f736e854ef61529", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) ioctl$auto_BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000300)={0x5, 0x0, {0x6, @btrfs_balance_args_1_1={0x101, 0x4}, 0xffffffffffff0c3d, 0x8, 0x7c, 0x8, 0x5, 0x3, 0x1, @limit=0x8, 0x5f6b, 0xd}, {0x37, @usage=0xfffffffffffffffb, 0x8, 0x30000, 0x5, 0x4, 0x0, 0x8, 0x9, @limit=0x3, 0x0, 0x4}, {0x3, @btrfs_balance_args_1_1={0x3, 0x7}, 0x9, 0x8000000000000000, 0x9, 0x7, 0xd9e, 0xfffffffffffffffb, 0x8, @limit=0x7c, 0x5, 0x80000001}, {0x6, 0x4, 0x31}}) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0xa) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0xffff, &(0x7f0000000580)) 2.501235727s ago: executing program 2 (id=13857): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000580)='\x04>\x01\x01\x00\x00\x00\x00\x01T\x9eQ\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xa1\x90s\x1d\xfe\x04\b\xacO\x99\x96\xbdf\x05z4~I<@B\x1d]\xbabB\xdc\xff\x03\x00\x00\x00\x00\x00\x00\xa5\xd86\x14\xe5\xfa\x88XCu\x17\xd0\xc58\xa9\xcc\x03I\xff\x13]\xe0\x10\x83hN\x04\xaf\xa8\xfe;$\x81\xb5\'?\xbc\x82\xf6-\xe0\x97\xbe\xba(\xf3\xf4h\x85\xfb\x97\xcd\xb9JS\xf3a\x01\xca\xdb\xb6\xf5\x96\x04\x00\x00\x00\x00\x00\x00\x92\xfc\xe4\xd7\xf4\xaeU\xae\x1aB\xee\xfeTL\xfa\x17Y\xacz\xda\xd4\x9d\xecX@\x1e\x1e\xd2\xc1^\x1d\x80\x10\xca=F\xeb(\x16\xa0B\x1e\xfb\xaa\x87RVdVc:\xb0\x9e\x05\x10\xe1YLP\xe0\xa0\x1d\x8b\x13U\x16\xd9\xde\x8d\xd61\xaef\x9aZ\xecyb\xa4<\x11K\x8dG*\xbb\x06\xb7\x80\xe4\xf8eS\xf4\xd0\x96\x7f\xeaK\xff}O:\x15x\x11\xc1\v\xffW\xeb\xf6\x7f\xd6\xcc\xc8\x99\x92\x8b\x9cg\xf7#\xc8\x0e\x98\xe4\x83\xd0;?\x00\x00\x00\x00\x00\xca_\x05\")7\xdb\xff];oI,\\Y\xd6eL\x90\rb\xe5\xf4\x116O\xd1\x92C\n\x14\xac\x95\xf4m\x92\xb2\xe0\x89O\fdO\x86\x96r\xaa\xcf,\x90\xb0\xcds\x85\xbc\xbc)(\xaa_\x0f\xa6\x8e\x17\x88\xb0\x1c\x15\xbc)\xcc\xcb\xf6\x91\x11\xa9\xe7\xc9 H\xcel\xe9\xcdm/H\x83gJ%I\xd1 q\x92f\xd8f\xa8\x1b\xd7\x1c\x8aMeP\xc1\xfb\xfd\x85\x86\xc4r\xe4!\x06?\x12\xb0:\x88\\)d+\xfa`.\x8e\x8e\x1b\xba1\x13\x10\xd9n\xea0\x11\xc1l\xb10K\r\x13C#tj', 0x7) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, 0x0, 0x20000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r1, 0x0, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) 2.481805569s ago: executing program 3 (id=13858): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) timerfd_create$auto(0x8, 0x0) timerfd_settime$auto(r1, 0x3, 0x0, 0x0) timerfd_settime$auto(r0, 0x1, 0x0, 0x0) 2.233225619s ago: executing program 3 (id=13859): sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2cb8}, 0x1, 0x0, 0x0, 0x40}, 0x2404c084) socket(0x2a, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.090480356s ago: executing program 5 (id=13860): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) close_range$auto(0x2, 0xa, 0x0) fcntl$auto(0x0, 0x407, 0x1) 1.864933253s ago: executing program 3 (id=13861): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x84) ioctl$auto_FS_IOC_GETFLAGS(r2, 0x80086601, 0x7fffffffbfffffff) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x40000080) getsockopt$auto(r1, 0x1, 0x2, &(0x7f0000000040)='/dev/cec27\x00', 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio1/resetafter\x00', 0xa2382, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) 1.684033919s ago: executing program 5 (id=13862): ioctl$auto(0xffffffffffffffff, 0xc0285629, 0xffffffffffffffff) setresgid$auto(0x800, 0xee01, 0xffffffffffffffff) setregid$auto(0xee01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec4\x00', 0x181f82, 0x0) ioctl$auto_CEC_TRANSMIT(r0, 0xc0386105, 0x0) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/rawdata_compression_level\x00', 0x80, 0x0) read$auto(r2, 0x0, 0x4) 1.68387091s ago: executing program 2 (id=13863): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf03, 0x5, 0x2e, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/overlay/parameters/check_copy_up\x00', 0x129882, 0x0) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 898.54415ms ago: executing program 2 (id=13864): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r0, 0x84, 0x70, 0x0, &(0x7f0000000280)=0x1000c0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xc040aed5, 0x0) 853.885146ms ago: executing program 5 (id=13865): mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) creat$auto(&(0x7f0000000100)='./file0\x00', 0xde) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x22, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) memfd_create$auto(0x0, 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop0\x00', 0x343001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev2\x00', 0x20281, 0x0) socket$nl_generic(0x10, 0x3, 0x10) creat$auto(&(0x7f0000000080)='./file0\x00', 0x4) prctl$auto(0x23, 0xd, 0x8, 0x0, 0x0) 847.765842ms ago: executing program 1 (id=13866): socket(0x2, 0x2, 0x1) setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) fsopen$auto(0x0, 0x1) r2 = epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) epoll_ctl$auto(r2, 0x40008, r1, 0x0) 554.37524ms ago: executing program 1 (id=13867): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x161782, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x845}, 0x97a64b66617a15c7) getrlimit$auto(0x3, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x100eb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) ioctl$auto_SNDRV_PCM_IOCTL_RESET2(r2, 0x4141, 0x0) 537.725471ms ago: executing program 5 (id=13868): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) pipe$auto(0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, &(0x7f0000000040), 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0) clock_gettime$auto(0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 425.522443ms ago: executing program 2 (id=13869): socket(0x2, 0x801, 0x106) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x400c004) socket(0x2b, 0x1, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fffe000) process_madvise$auto_MADV_DOFORK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffffffffffffff}, 0x917, 0xb, 0xfff) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0x40305828, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/ksm/pages_volatile\x00', 0x800, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x6000, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram7/queue/iostats\x00', 0x48542, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) 346.412646ms ago: executing program 5 (id=13870): prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) syz_clone(0x8000400, &(0x7f0000000840)="1f7ae026d45c74adaa9af8be5a9bf04d55bb9f8912cd8b55ba629c1f93087838d679ec19ab25bda7c33800eb77af5ae2f9de647892fa149fe4f718156a38f4da8c027960d605e6733b5b06228ccc260f265495f471b6dd8bdbfef3f918f7a6b39c3b9e695b6ff77ba73ad1cce9a8891647140310aec31d6a54611767554081b007bfb560ed361f307b5171669bf1bb905c22eb66939a4870834575dc21fb12ec6f9cdbff02e59809db2000d5bbbc3e7e1d14fed4ee9bfd384e9b054b765c3ddb7b34e52fb81c4b943e21c43de214c9b0c62842c3def76b8b1086c6b28dd71511bf93f4fd216f5ab306f057e0ed53da9ab205001b59f0f450cc2bbe75cc6f0f6e62bc3bb02c9c843575fb18439c37f59d26e08e9fe993b1bb26693348d2d0240a41816dc4b5269c76f6714b2e131fde84477c618c7298933c7af7ee02d86d06988e02f80d7ca04ab3dfb79ace2d51b3b61f92329d6d95745e27a45d6408edf563be3e195dd7f2b972ea673dcbce40fbe34c7e66cfbe215c70e43fabf5599a863b17ad99a59ec45c962dc463cf08e9bcbae6f281a8714637704aadc9c72db48284703bb0259b723f7425aaa3f2d597f42d5db5394625d2fcb2c32726a592a9a86f361eb3b88f16468701de9e982ed63ec608ed8276a8edcecf203d634eca0cf3790fcf19c80a57b13faf868d2434e00791c4d9d9f6d0b3d823d028c433385ee8ae3efbe4f035b9a065b20bfdd644d604e627c2dc014141372d55f1e210430e9ed081d97bd20baf658db590a8b4e0db0bd8d3d9e262578a47c4f98a92c7c6ec43069f3b377499c793143679a6ecd813b76ad0dc3d44bef1839ff4b34fa7113729d23000b907fae2431ff91f62b8fff83b4b1e5dc72b2b634773d58786d1d34679d15c389711f47bc81fa9e52b23a5b37c80197c252b9fb264408d46d9ce07fcc449bd5f5357ad57b972cb50d0569454c3a8d9062f22db78fd1a7219a3bcea7c4a9069fc1e94b61d4da3ec94f40f4e1cbfef83392e617bad809be81945f4d9b0864585be4e70acc81e492091a4ff40859d509bfb35ac6353c735842462af2046cd772e9fd8dcdc69bdb444d0fe80ef77dd06c33dcfd38c33f2ef00b757733282b1801a0df1941d8cd6764e192fc5240dbe65f9c39c5ac9763b76147b43358bf5eccb6bc8d703d2b23d4eb5506b801aa187f60c9f5691658e17603ff4ee725ce88219260b8c69e14227f99a0df6ebdf06d54fb2be9fa29aac9e69882d68358824037dcc8c227d52c8da3de520b69af1b2cac04dbdc50aaa87b8431798e80391ab4b0a821289a1cbea6644f82815061fbbb3e3dbeffdc1ed22b6e01729b5d84489b882e7f264071495ebe882afe472fce55f970fd0cbdcb6128d32e2978a4ea9d557d79c1cdfcd26d744ae5f4be84edd966b6c380766bfb6e43868f6ea58d1b3c20a0d8c4c20d11fa2c7eddf2717374614742a2c67e6feaed81c80dc6a76902a97e7132576f55fead3baf3cd9f5086497049ba6d9d849982eb5cf6b4b268f9d21886ce34138ca6b17bb6eafca1a077169387b1a444bfa8b7abd50d767983a4de0350c5f2f1908b4b06f3ca6b3dcb334861ceaadb030dceab19707ceb7d1d3afa7ed756282e90ab51ff3953fa30e1481093fcd756aeef7a079a8dd3c878e77d8734b86afb85315ed13e9cefbcbd85c01648151ce7bf5747934f895bf747cf263e488ee4e494f6f7a33041b00079e1b5d17fd4d7e0af1e906a5c09c06f0980b8b976b6bbcfa6e2bf587f3237170dbb300126557154c1487f808b18d1f53819f04ba1df29cc", 0x501, 0x0, 0x0, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x18, 0x0, &(0x7f0000000000)=0x7ffe) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) 0s ago: executing program 1 (id=13871): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x8001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x3, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x10eb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) getcwd$auto(0x0, 0xffffffffffffffff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           [ 1507.825336][ T5540] netlink: 18 bytes leftover after parsing attributes in process `syz.1.12888'. [ 1508.625385][ T5557] netlink: 'syz.1.12894': attribute type 1 has an invalid length. [ 1508.725540][ T5557] netlink: 'syz.1.12894': attribute type 6 has an invalid length. [ 1511.550805][ T5619] base or size exceeds the MTRR width [ 1512.378142][ T5644] netlink: 330 bytes leftover after parsing attributes in process `syz.5.12920'. [ 1513.338526][ T5660] zero sized request [ 1515.803027][ T5694] nvme_fabrics: missing parameter 'transport=%s' [ 1515.821857][ T5694] nvme_fabrics: missing parameter 'nqn=%s' [ 1516.173843][ T5702] netlink: 'syz.3.12941': attribute type 1 has an invalid length. [ 1516.190737][ T5702] netlink: 'syz.3.12941': attribute type 6 has an invalid length. [ 1516.356635][ T5705] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.12939: No space for directory leaf checksum. Please run e2fsck -D. [ 1516.419753][ T5705] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.12939: checksumming directory block 0 [ 1516.468476][ T5705] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1516.521287][ T5705] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.12939: No space for directory leaf checksum. Please run e2fsck -D. [ 1516.617539][ T5705] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.12939: checksumming directory block 0 [ 1516.678088][ T5705] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1516.694673][ T5705] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.12939: No space for directory leaf checksum. Please run e2fsck -D. [ 1516.720052][ T5705] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.12939: checksumming directory block 0 [ 1516.737130][ T5705] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1516.749957][ T5705] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.12939: No space for directory leaf checksum. Please run e2fsck -D. [ 1516.769028][ T5705] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.12939: checksumming directory block 0 [ 1516.783829][ T5705] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1516.796872][ T5705] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1516.808224][ T5705] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1516.980799][ T5719] netlink: 146 bytes leftover after parsing attributes in process `syz.3.12946'. [ 1518.199022][ T5743] sp0: Synchronizing with TNC [ 1518.727906][ T5754] FAULT_INJECTION: forcing a failure. [ 1518.727906][ T5754] name failslab, interval 1, probability 0, space 0, times 0 [ 1518.775425][ T5754] CPU: 1 UID: 0 PID: 5754 Comm: syz.2.12958 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1518.775488][ T5754] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1518.775503][ T5754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1518.775524][ T5754] Call Trace: [ 1518.775537][ T5754] [ 1518.775551][ T5754] dump_stack_lvl+0x100/0x190 [ 1518.775611][ T5754] should_fail_ex.cold+0x5/0xa [ 1518.775653][ T5754] ? vhost_dev_set_owner+0x20c/0xa30 [ 1518.775710][ T5754] should_failslab+0xc2/0x120 [ 1518.775766][ T5754] __kmalloc_noprof+0xe0/0x850 [ 1518.775822][ T5754] vhost_dev_set_owner+0x20c/0xa30 [ 1518.775892][ T5754] vhost_dev_ioctl+0x521/0xe20 [ 1518.775948][ T5754] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1518.776010][ T5754] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 1518.776084][ T5754] vhost_vsock_dev_ioctl+0x320/0xb60 [ 1518.776137][ T5754] ? __fget_files+0x215/0x3d0 [ 1518.776185][ T5754] ? hook_file_ioctl_common+0x146/0x410 [ 1518.776229][ T5754] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 1518.776290][ T5754] ? __fget_files+0x21f/0x3d0 [ 1518.776348][ T5754] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 1518.776413][ T5754] __x64_sys_ioctl+0x18e/0x210 [ 1518.776460][ T5754] do_syscall_64+0x106/0xf80 [ 1518.776507][ T5754] ? clear_bhb_loop+0x40/0x90 [ 1518.776553][ T5754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1518.776591][ T5754] RIP: 0033:0x7f087579bf79 [ 1518.776621][ T5754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1518.776658][ T5754] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1518.776694][ T5754] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1518.776718][ T5754] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000003 [ 1518.776739][ T5754] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1518.776761][ T5754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1518.776781][ T5754] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1518.776827][ T5754] [ 1519.205140][ T5758] netlink: 'syz.5.12960': attribute type 21 has an invalid length. [ 1519.214410][ T5758] netlink: 326 bytes leftover after parsing attributes in process `syz.5.12960'. [ 1519.228939][ T5758] IPv6: NLM_F_CREATE should be specified when creating new route [ 1519.907216][ T5771] netlink: 17 bytes leftover after parsing attributes in process `syz.3.12966'. [ 1519.927103][ T5771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12966'. [ 1521.901785][ T5813] openvswitch: netlink: IP tunnel dst address not specified [ 1522.319999][ T5817] FAULT_INJECTION: forcing a failure. [ 1522.319999][ T5817] name failslab, interval 1, probability 0, space 0, times 0 [ 1522.340605][ T5817] CPU: 1 UID: 0 PID: 5817 Comm: syz.2.12981 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1522.340659][ T5817] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1522.340672][ T5817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1522.340691][ T5817] Call Trace: [ 1522.340702][ T5817] [ 1522.340714][ T5817] dump_stack_lvl+0x100/0x190 [ 1522.340766][ T5817] should_fail_ex.cold+0x5/0xa [ 1522.340801][ T5817] ? tomoyo_init_log+0x1224/0x20c0 [ 1522.340840][ T5817] should_failslab+0xc2/0x120 [ 1522.340885][ T5817] __kmalloc_noprof+0xe0/0x850 [ 1522.340930][ T5817] tomoyo_init_log+0x1224/0x20c0 [ 1522.340977][ T5817] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1522.341029][ T5817] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1522.341091][ T5817] tomoyo_write_log2+0x2ed/0xbc0 [ 1522.341137][ T5817] tomoyo_supervisor+0x15e/0x1340 [ 1522.341190][ T5817] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1522.341255][ T5817] ? kasan_quarantine_put+0x104/0x240 [ 1522.341298][ T5817] ? tomoyo_check_path_acl+0x141/0x210 [ 1522.341332][ T5817] ? tomoyo_check_acl+0x1f7/0x410 [ 1522.341368][ T5817] tomoyo_path_permission+0x270/0x3b0 [ 1522.341404][ T5817] tomoyo_check_open_permission+0x34d/0x3c0 [ 1522.341441][ T5817] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1522.341511][ T5817] ? do_raw_spin_lock+0x128/0x260 [ 1522.341555][ T5817] ? path_get+0x61/0x80 [ 1522.341601][ T5817] tomoyo_file_open+0x6b/0x90 [ 1522.341648][ T5817] security_file_open+0xb5/0x1e0 [ 1522.341686][ T5817] do_dentry_open+0x5aa/0x1660 [ 1522.341731][ T5817] ? security_inode_permission+0xbf/0x250 [ 1522.341771][ T5817] vfs_open+0x82/0x3f0 [ 1522.341805][ T5817] path_openat+0x208c/0x31a0 [ 1522.341859][ T5817] ? __pfx_path_openat+0x10/0x10 [ 1522.341915][ T5817] do_file_open+0x20e/0x430 [ 1522.341959][ T5817] ? __pfx_do_file_open+0x10/0x10 [ 1522.342029][ T5817] ? alloc_fd+0x476/0x790 [ 1522.342081][ T5817] ? do_getname+0x191/0x390 [ 1522.342115][ T5817] do_sys_openat2+0x10d/0x1e0 [ 1522.342147][ T5817] ? __pfx_do_sys_openat2+0x10/0x10 [ 1522.342193][ T5817] __x64_sys_openat+0x12d/0x210 [ 1522.342228][ T5817] ? __pfx___x64_sys_openat+0x10/0x10 [ 1522.342276][ T5817] do_syscall_64+0x106/0xf80 [ 1522.342316][ T5817] ? clear_bhb_loop+0x40/0x90 [ 1522.342353][ T5817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1522.342382][ T5817] RIP: 0033:0x7f087579bf79 [ 1522.342408][ T5817] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1522.342440][ T5817] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1522.342469][ T5817] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1522.342489][ T5817] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1522.342509][ T5817] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1522.342527][ T5817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1522.342545][ T5817] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1522.342584][ T5817] [ 1523.551721][ T5847] netlink: 326 bytes leftover after parsing attributes in process `syz.2.12987'. [ 1523.691178][ T5847] Process accounting resumed [ 1524.945796][ T5902] netlink: 266 bytes leftover after parsing attributes in process `syz.2.12996'. [ 1525.554345][ T5915] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13001'. [ 1525.646143][ T5915] bridge0: port 3(dummy0) entered disabled state [ 1525.734188][ T5915] dummy0 (unregistering): left allmulticast mode [ 1525.756662][ T5915] dummy0 (unregistering): left promiscuous mode [ 1525.767082][ T5915] bridge0: port 3(dummy0) entered disabled state [ 1527.030984][ T5938] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13009'. [ 1528.114129][ T5956] FAULT_INJECTION: forcing a failure. [ 1528.114129][ T5956] name failslab, interval 1, probability 0, space 0, times 0 [ 1528.186739][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz.1.13015 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1528.186802][ T5956] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1528.186815][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1528.186836][ T5956] Call Trace: [ 1528.186847][ T5956] [ 1528.186861][ T5956] dump_stack_lvl+0x100/0x190 [ 1528.186918][ T5956] should_fail_ex.cold+0x5/0xa [ 1528.186959][ T5956] should_failslab+0xc2/0x120 [ 1528.187013][ T5956] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1528.187052][ T5956] ? allocate_file_region_entries+0x1a0/0x620 [ 1528.187110][ T5956] allocate_file_region_entries+0x1a0/0x620 [ 1528.187167][ T5956] ? __pfx_allocate_file_region_entries+0x10/0x10 [ 1528.187228][ T5956] region_chg+0x85/0x140 [ 1528.187273][ T5956] __vma_reservation_common+0x376/0x720 [ 1528.187323][ T5956] ? __pfx___vma_reservation_common+0x10/0x10 [ 1528.187368][ T5956] ? filemap_get_entry+0x1a7/0x3b0 [ 1528.187424][ T5956] alloc_hugetlb_folio+0x6de/0x1590 [ 1528.187487][ T5956] ? __pfx_alloc_hugetlb_folio+0x10/0x10 [ 1528.187548][ T5956] ? __filemap_get_folio_mpol+0x3ba/0xe70 [ 1528.187608][ T5956] hugetlb_no_page+0xfe7/0x1b30 [ 1528.187658][ T5956] hugetlb_fault+0x5df/0x1500 [ 1528.187711][ T5956] ? __pfx_hugetlb_fault+0x10/0x10 [ 1528.187767][ T5956] ? find_vma+0xbf/0x140 [ 1528.187819][ T5956] ? __pfx_find_vma+0x10/0x10 [ 1528.187876][ T5956] handle_mm_fault+0x5f1/0xa20 [ 1528.187925][ T5956] do_user_addr_fault+0x74c/0x12f0 [ 1528.187994][ T5956] exc_page_fault+0x6f/0xd0 [ 1528.188041][ T5956] asm_exc_page_fault+0x26/0x30 [ 1528.188075][ T5956] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 1528.188112][ T5956] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 1528.188147][ T5956] RSP: 0018:ffffc90007c77a20 EFLAGS: 00050246 [ 1528.188178][ T5956] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 1528.188200][ T5956] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90007c77c68 [ 1528.188223][ T5956] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff52000f8ef8d [ 1528.188244][ T5956] R10: ffffc90007c77c6f R11: 0000000000000000 R12: 0000000000000000 [ 1528.188265][ T5956] R13: ffffc90007c77c68 R14: 0000000000000000 R15: 1ffff92000f8ef59 [ 1528.188322][ T5956] _copy_from_user+0x98/0xd0 [ 1528.188370][ T5956] sctp_getsockopt+0x96b/0x7080 [ 1528.188410][ T5956] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1528.188459][ T5956] ? futex_unqueue+0x13d/0x2c0 [ 1528.188501][ T5956] ? __pfx_sctp_getsockopt+0x10/0x10 [ 1528.188535][ T5956] ? __futex_wait+0x256/0x300 [ 1528.188589][ T5956] ? __pfx___futex_wait+0x10/0x10 [ 1528.188636][ T5956] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1528.188700][ T5956] ? __lock_acquire+0x4a5/0x2630 [ 1528.188747][ T5956] ? find_held_lock+0x2b/0x80 [ 1528.188809][ T5956] ? aa_sk_perm+0x2de/0xb40 [ 1528.188866][ T5956] ? __might_fault+0xc5/0x140 [ 1528.188928][ T5956] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1528.188986][ T5956] do_sock_getsockopt+0x259/0x3d0 [ 1528.189046][ T5956] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1528.189132][ T5956] __sys_getsockopt+0x133/0x1d0 [ 1528.189193][ T5956] ? __x64_sys_getsockopt+0xbd/0x160 [ 1528.189237][ T5956] __x64_sys_getsockopt+0xbd/0x160 [ 1528.189305][ T5956] ? do_syscall_64+0x95/0xf80 [ 1528.189371][ T5956] ? lockdep_hardirqs_on+0x78/0x100 [ 1528.189417][ T5956] do_syscall_64+0x106/0xf80 [ 1528.189460][ T5956] ? clear_bhb_loop+0x40/0x90 [ 1528.189503][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1528.189540][ T5956] RIP: 0033:0x7f36f0d9bf79 [ 1528.189570][ T5956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1528.189604][ T5956] RSP: 002b:00007f36f1c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1528.189647][ T5956] RAX: ffffffffffffffda RBX: 00007f36f1016090 RCX: 00007f36f0d9bf79 [ 1528.189698][ T5956] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003 [ 1528.189721][ T5956] RBP: 00007f36f0e327e0 R08: 0000200000000280 R09: 0000000000000000 [ 1528.189745][ T5956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1528.189766][ T5956] R13: 00007f36f1016128 R14: 00007f36f1016090 R15: 00007ffd9eed0ac8 [ 1528.189814][ T5956] [ 1529.073111][ T5979] netlink: 'syz.5.13023': attribute type 7 has an invalid length. [ 1529.082097][ T5979] netlink: 17 bytes leftover after parsing attributes in process `syz.5.13023'. [ 1529.322566][ T5985] FAULT_INJECTION: forcing a failure. [ 1529.322566][ T5985] name failslab, interval 1, probability 0, space 0, times 0 [ 1529.361381][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: syz.2.13027 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1529.361442][ T5985] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1529.361456][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1529.361476][ T5985] Call Trace: [ 1529.361487][ T5985] [ 1529.361502][ T5985] dump_stack_lvl+0x100/0x190 [ 1529.361570][ T5985] should_fail_ex.cold+0x5/0xa [ 1529.361612][ T5985] should_failslab+0xc2/0x120 [ 1529.361668][ T5985] __kvmalloc_node_noprof+0xfa/0xa00 [ 1529.361718][ T5985] ? alloc_fdtable+0x110/0x2d0 [ 1529.361776][ T5985] alloc_fdtable+0x110/0x2d0 [ 1529.361827][ T5985] dup_fd+0x995/0xd10 [ 1529.361890][ T5985] __do_sys_close_range+0x327/0x740 [ 1529.361948][ T5985] ? __pfx___do_sys_close_range+0x10/0x10 [ 1529.362013][ T5985] do_syscall_64+0x106/0xf80 [ 1529.362057][ T5985] ? clear_bhb_loop+0x40/0x90 [ 1529.362099][ T5985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1529.362134][ T5985] RIP: 0033:0x7f087579bf79 [ 1529.362163][ T5985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1529.362196][ T5985] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1529.362230][ T5985] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1529.362253][ T5985] RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000004 [ 1529.362273][ T5985] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1529.362295][ T5985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1529.362317][ T5985] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1529.362360][ T5985] [ 1529.675225][ T5993] KVM: debugfs: duplicate directory 5993-3 [ 1530.464507][ T6006] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13034'. [ 1530.625230][ T6013] FAULT_INJECTION: forcing a failure. [ 1530.625230][ T6013] name failslab, interval 1, probability 0, space 0, times 0 [ 1530.659134][ T6013] CPU: 0 UID: 0 PID: 6013 Comm: syz.5.13037 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1530.659200][ T6013] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1530.659213][ T6013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1530.659234][ T6013] Call Trace: [ 1530.659246][ T6013] [ 1530.659259][ T6013] dump_stack_lvl+0x100/0x190 [ 1530.659318][ T6013] should_fail_ex.cold+0x5/0xa [ 1530.659358][ T6013] ? lsm_blob_alloc+0x68/0x90 [ 1530.659408][ T6013] should_failslab+0xc2/0x120 [ 1530.659463][ T6013] __kmalloc_noprof+0xe0/0x850 [ 1530.659509][ T6013] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1530.659570][ T6013] lsm_blob_alloc+0x68/0x90 [ 1530.659622][ T6013] security_prepare_creds+0x2d/0x290 [ 1530.659674][ T6013] prepare_creds+0x5d6/0x950 [ 1530.659729][ T6013] __sys_setresgid+0x4a7/0x12f0 [ 1530.659770][ T6013] do_syscall_64+0x106/0xf80 [ 1530.659815][ T6013] ? clear_bhb_loop+0x40/0x90 [ 1530.659860][ T6013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1530.659897][ T6013] RIP: 0033:0x7f75ffd9bf79 [ 1530.659926][ T6013] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1530.659961][ T6013] RSP: 002b:00007f7600c69028 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 1530.659995][ T6013] RAX: ffffffffffffffda RBX: 00007f7600015fa0 RCX: 00007f75ffd9bf79 [ 1530.660018][ T6013] RDX: 0000000000000008 RSI: 00000000800000a0 RDI: 0000000000000081 [ 1530.660041][ T6013] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1530.660063][ T6013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1530.660083][ T6013] R13: 00007f7600016038 R14: 00007f7600015fa0 R15: 00007ffd1e94dc48 [ 1530.660124][ T6013] [ 1531.212473][ T6022] netlink: 266 bytes leftover after parsing attributes in process `syz.5.13041'. [ 1531.235093][ T6022] IPv6: NLM_F_CREATE should be specified when creating new route [ 1533.657605][ T6069] binder: 6068:6069 ioctl c0306201 0 returned -14 [ 1534.227862][ T6079] netlink: 98 bytes leftover after parsing attributes in process `syz.1.13060'. [ 1534.335210][ T6085] netlink: 50 bytes leftover after parsing attributes in process `syz.1.13060'. [ 1536.372706][ T6126] netlink: 142 bytes leftover after parsing attributes in process `syz.2.13075'. [ 1538.609854][ T6170] netlink: 330 bytes leftover after parsing attributes in process `syz.2.13090'. [ 1539.626941][ T6186] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13096'. [ 1541.396863][ T6206] netlink: 338 bytes leftover after parsing attributes in process `syz.3.13104'. [ 1541.724296][T31767] Bluetooth: hci1: unexpected event 0x09 length: 435 > 3 [ 1542.113822][ T6215] netlink: 62 bytes leftover after parsing attributes in process `syz.3.13107'. [ 1542.706992][ T6235] FAULT_INJECTION: forcing a failure. [ 1542.706992][ T6235] name failslab, interval 1, probability 0, space 0, times 0 [ 1542.749447][ T6235] CPU: 1 UID: 0 PID: 6235 Comm: syz.3.13115 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1542.749508][ T6235] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1542.749523][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1542.749544][ T6235] Call Trace: [ 1542.749557][ T6235] [ 1542.749571][ T6235] dump_stack_lvl+0x100/0x190 [ 1542.749630][ T6235] should_fail_ex.cold+0x5/0xa [ 1542.749670][ T6235] should_failslab+0xc2/0x120 [ 1542.749726][ T6235] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1542.749766][ T6235] ? tomoyo_init_log+0x1a0/0x20c0 [ 1542.749827][ T6235] tomoyo_init_log+0x1a0/0x20c0 [ 1542.749877][ T6235] ? __pfx_format_decode+0x10/0x10 [ 1542.749922][ T6235] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1542.749986][ T6235] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1542.750057][ T6235] tomoyo_write_log2+0x2ed/0xbc0 [ 1542.750113][ T6235] tomoyo_supervisor+0x15e/0x1340 [ 1542.750179][ T6235] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1542.750257][ T6235] ? kasan_quarantine_put+0x104/0x240 [ 1542.750310][ T6235] ? tomoyo_check_path_acl+0x141/0x210 [ 1542.750352][ T6235] ? tomoyo_check_acl+0x1f7/0x410 [ 1542.750396][ T6235] tomoyo_path_permission+0x270/0x3b0 [ 1542.750441][ T6235] tomoyo_check_open_permission+0x37f/0x3c0 [ 1542.750487][ T6235] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1542.750529][ T6235] ? d_splice_alias_ops+0x5c3/0x1320 [ 1542.750617][ T6235] ? do_raw_spin_lock+0x128/0x260 [ 1542.750671][ T6235] ? path_get+0x61/0x80 [ 1542.750732][ T6235] tomoyo_file_open+0x6b/0x90 [ 1542.750790][ T6235] security_file_open+0xb5/0x1e0 [ 1542.750837][ T6235] do_dentry_open+0x5aa/0x1660 [ 1542.750892][ T6235] ? security_inode_permission+0xbf/0x250 [ 1542.750943][ T6235] vfs_open+0x82/0x3f0 [ 1542.750985][ T6235] path_openat+0x208c/0x31a0 [ 1542.751061][ T6235] ? __pfx_path_openat+0x10/0x10 [ 1542.751129][ T6235] do_file_open+0x20e/0x430 [ 1542.751183][ T6235] ? __pfx_do_file_open+0x10/0x10 [ 1542.751267][ T6235] ? alloc_fd+0x476/0x790 [ 1542.751321][ T6235] ? do_getname+0x191/0x390 [ 1542.751363][ T6235] do_sys_openat2+0x10d/0x1e0 [ 1542.751403][ T6235] ? __pfx_do_sys_openat2+0x10/0x10 [ 1542.751458][ T6235] __x64_sys_openat+0x12d/0x210 [ 1542.751497][ T6235] ? __pfx___x64_sys_openat+0x10/0x10 [ 1542.751553][ T6235] do_syscall_64+0x106/0xf80 [ 1542.751597][ T6235] ? clear_bhb_loop+0x40/0x90 [ 1542.751639][ T6235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1542.751676][ T6235] RIP: 0033:0x7f22d9f9bf79 [ 1542.751705][ T6235] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1542.751740][ T6235] RSP: 002b:00007f22daed1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1542.751772][ T6235] RAX: ffffffffffffffda RBX: 00007f22da215fa0 RCX: 00007f22d9f9bf79 [ 1542.751796][ T6235] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1542.751817][ T6235] RBP: 00007f22da0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1542.751839][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1542.751860][ T6235] R13: 00007f22da216038 R14: 00007f22da215fa0 R15: 00007fffbd0735e8 [ 1542.751905][ T6235] [ 1546.198540][ T6290] mkiss: ax0: crc mode is auto. [ 1546.306880][ T6294] netlink: 150 bytes leftover after parsing attributes in process `syz.3.13136'. [ 1546.334254][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.342068][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.354258][ T6294] netlink: 50 bytes leftover after parsing attributes in process `syz.3.13136'. [ 1547.583170][ T6327] netlink: 98 bytes leftover after parsing attributes in process `syz.5.13147'. [ 1547.595984][ T6327] netlink: 50 bytes leftover after parsing attributes in process `syz.5.13147'. [ 1548.635740][ T6342] lo: entered allmulticast mode [ 1548.686635][ T6342] lo: left allmulticast mode [ 1549.524447][ T6360] FAULT_INJECTION: forcing a failure. [ 1549.524447][ T6360] name failslab, interval 1, probability 0, space 0, times 0 [ 1549.547433][ T6360] CPU: 0 UID: 0 PID: 6360 Comm: syz.3.13161 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1549.547494][ T6360] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1549.547508][ T6360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1549.547529][ T6360] Call Trace: [ 1549.547541][ T6360] [ 1549.547556][ T6360] dump_stack_lvl+0x100/0x190 [ 1549.547614][ T6360] should_fail_ex.cold+0x5/0xa [ 1549.547655][ T6360] should_failslab+0xc2/0x120 [ 1549.547711][ T6360] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1549.547752][ T6360] ? tomoyo_write_log2+0x333/0xbc0 [ 1549.547810][ T6360] tomoyo_write_log2+0x333/0xbc0 [ 1549.547867][ T6360] tomoyo_supervisor+0x15e/0x1340 [ 1549.547931][ T6360] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1549.548009][ T6360] ? kasan_quarantine_put+0x104/0x240 [ 1549.548063][ T6360] ? tomoyo_check_path_acl+0x141/0x210 [ 1549.548105][ T6360] ? tomoyo_check_acl+0x1f7/0x410 [ 1549.548148][ T6360] tomoyo_path_permission+0x270/0x3b0 [ 1549.548194][ T6360] tomoyo_check_open_permission+0x34d/0x3c0 [ 1549.548239][ T6360] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1549.548326][ T6360] ? do_raw_spin_lock+0x128/0x260 [ 1549.548393][ T6360] ? path_get+0x61/0x80 [ 1549.548455][ T6360] tomoyo_file_open+0x6b/0x90 [ 1549.548513][ T6360] security_file_open+0xb5/0x1e0 [ 1549.548562][ T6360] do_dentry_open+0x5aa/0x1660 [ 1549.548619][ T6360] ? security_inode_permission+0xbf/0x250 [ 1549.548669][ T6360] vfs_open+0x82/0x3f0 [ 1549.548711][ T6360] path_openat+0x208c/0x31a0 [ 1549.548780][ T6360] ? __pfx_path_openat+0x10/0x10 [ 1549.548850][ T6360] do_file_open+0x20e/0x430 [ 1549.548908][ T6360] ? __pfx_do_file_open+0x10/0x10 [ 1549.548991][ T6360] ? alloc_fd+0x476/0x790 [ 1549.549046][ T6360] ? do_getname+0x191/0x390 [ 1549.549086][ T6360] do_sys_openat2+0x10d/0x1e0 [ 1549.549124][ T6360] ? __pfx_do_sys_openat2+0x10/0x10 [ 1549.549178][ T6360] __x64_sys_openat+0x12d/0x210 [ 1549.549219][ T6360] ? __pfx___x64_sys_openat+0x10/0x10 [ 1549.549273][ T6360] do_syscall_64+0x106/0xf80 [ 1549.549318][ T6360] ? clear_bhb_loop+0x40/0x90 [ 1549.549371][ T6360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1549.549410][ T6360] RIP: 0033:0x7f22d9f9bf79 [ 1549.549440][ T6360] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1549.549478][ T6360] RSP: 002b:00007f22daed1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1549.549514][ T6360] RAX: ffffffffffffffda RBX: 00007f22da215fa0 RCX: 00007f22d9f9bf79 [ 1549.549539][ T6360] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1549.549562][ T6360] RBP: 00007f22da0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1549.549585][ T6360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1549.549606][ T6360] R13: 00007f22da216038 R14: 00007f22da215fa0 R15: 00007fffbd0735e8 [ 1549.549651][ T6360] [ 1549.925656][ T6368] netlink: 98 bytes leftover after parsing attributes in process `syz.2.13160'. [ 1549.938512][ T6368] netlink: 50 bytes leftover after parsing attributes in process `syz.2.13160'. [ 1551.176233][ T6390] sp0: Synchronizing with TNC [ 1551.668229][ T6408] netlink: 86 bytes leftover after parsing attributes in process `syz.5.13178'. [ 1552.899366][ T6444] FAULT_INJECTION: forcing a failure. [ 1552.899366][ T6444] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1552.940242][ T6444] CPU: 0 UID: 0 PID: 6444 Comm: syz.5.13193 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1552.940301][ T6444] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1552.940315][ T6444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1552.940335][ T6444] Call Trace: [ 1552.940347][ T6444] [ 1552.940360][ T6444] dump_stack_lvl+0x100/0x190 [ 1552.940418][ T6444] should_fail_ex.cold+0x5/0xa [ 1552.940467][ T6444] get_futex_key+0x1d2/0x1620 [ 1552.940512][ T6444] ? __pfx_get_futex_key+0x10/0x10 [ 1552.940547][ T6444] ? futex_hash+0x2c5/0x380 [ 1552.940597][ T6444] futex_wake+0xea/0x530 [ 1552.940644][ T6444] ? __might_fault+0xc5/0x140 [ 1552.940693][ T6444] ? __pfx_futex_wake+0x10/0x10 [ 1552.940755][ T6444] ? _copy_from_user+0x59/0xd0 [ 1552.940800][ T6444] ? post_copy_siginfo_from_user.isra.0+0x227/0x300 [ 1552.940859][ T6444] do_futex+0x32b/0x350 [ 1552.940903][ T6444] ? __pfx_do_futex+0x10/0x10 [ 1552.940957][ T6444] __x64_sys_futex+0x34f/0x4d0 [ 1552.941003][ T6444] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 1552.941053][ T6444] ? __pfx___x64_sys_futex+0x10/0x10 [ 1552.941113][ T6444] do_syscall_64+0x106/0xf80 [ 1552.941160][ T6444] ? clear_bhb_loop+0x40/0x90 [ 1552.941204][ T6444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1552.941241][ T6444] RIP: 0033:0x7f75ffd9bf79 [ 1552.941270][ T6444] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1552.941305][ T6444] RSP: 002b:00007f7600c690e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1552.941339][ T6444] RAX: ffffffffffffffda RBX: 00007f7600015fa8 RCX: 00007f75ffd9bf79 [ 1552.941361][ T6444] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7600015fac [ 1552.941383][ T6444] RBP: 00007f7600015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1552.941403][ T6444] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1552.941424][ T6444] R13: 00007f7600016038 R14: 00007ffd1e94db60 R15: 00007ffd1e94dc48 [ 1552.941469][ T6444] [ 1554.106489][ T6461] Process accounting paused [ 1554.117795][ T6460] netlink: 318 bytes leftover after parsing attributes in process `syz.5.13197'. [ 1554.994090][ T6479] netlink: 50 bytes leftover after parsing attributes in process `syz.5.13202'. [ 1555.149795][ T6481] netlink: 194 bytes leftover after parsing attributes in process `syz.3.13205'. [ 1555.270050][ T6485] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13207'. [ 1555.443178][ T6485] veth1_macvtap: left promiscuous mode [ 1555.829454][ T6493] sp0: Synchronizing with TNC [ 1555.850244][ T6493] sp0: Found TNC [ 1556.805189][ T6510] netlink: 'syz.5.13217': attribute type 1 has an invalid length. [ 1556.841078][ T6510] netlink: 330 bytes leftover after parsing attributes in process `syz.5.13217'. [ 1559.504553][ T6568] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13234'. [ 1561.358561][ T6599] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13244'. [ 1561.384402][ T6599] veth1_macvtap: left promiscuous mode [ 1562.788476][ T6629] netlink: 50 bytes leftover after parsing attributes in process `syz.1.13255'. [ 1562.888558][ T6632] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13257'. [ 1563.144417][ T6641] netlink: 'syz.3.13260': attribute type 35 has an invalid length. [ 1563.196043][ T6634] netlink: 18 bytes leftover after parsing attributes in process `syz.1.13258'. [ 1563.875421][ T6657] FAULT_INJECTION: forcing a failure. [ 1563.875421][ T6657] name failslab, interval 1, probability 0, space 0, times 0 [ 1563.984599][ T6657] CPU: 1 UID: 0 PID: 6657 Comm: syz.2.13264 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1563.984662][ T6657] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1563.984673][ T6657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1563.984689][ T6657] Call Trace: [ 1563.984698][ T6657] [ 1563.984708][ T6657] dump_stack_lvl+0x100/0x190 [ 1563.984750][ T6657] should_fail_ex.cold+0x5/0xa [ 1563.984779][ T6657] should_failslab+0xc2/0x120 [ 1563.984819][ T6657] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1563.984847][ T6657] ? tomoyo_write_log2+0x333/0xbc0 [ 1563.984895][ T6657] tomoyo_write_log2+0x333/0xbc0 [ 1563.984935][ T6657] tomoyo_supervisor+0x15e/0x1340 [ 1563.984982][ T6657] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1563.985023][ T6657] ? irqentry_exit+0x180/0x670 [ 1563.985075][ T6657] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1563.985115][ T6657] tomoyo_path_number_perm+0x445/0x580 [ 1563.985148][ T6657] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1563.985178][ T6657] ? futex_wake+0x1ad/0x530 [ 1563.985240][ T6657] ? find_held_lock+0x2b/0x80 [ 1563.985279][ T6657] ? __fget_files+0x215/0x3d0 [ 1563.985314][ T6657] ? hook_file_ioctl_common+0x146/0x410 [ 1563.985351][ T6657] ? __fget_files+0x21f/0x3d0 [ 1563.985391][ T6657] security_file_ioctl+0xd3/0x230 [ 1563.985423][ T6657] __x64_sys_ioctl+0xb7/0x210 [ 1563.985457][ T6657] do_syscall_64+0x106/0xf80 [ 1563.985490][ T6657] ? clear_bhb_loop+0x40/0x90 [ 1563.985570][ T6657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1563.985604][ T6657] RIP: 0033:0x7f087579bf79 [ 1563.985637][ T6657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1563.985670][ T6657] RSP: 002b:00007f08739cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1563.985704][ T6657] RAX: ffffffffffffffda RBX: 00007f0875a16090 RCX: 00007f087579bf79 [ 1563.985734][ T6657] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000003 [ 1563.985755][ T6657] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1563.985776][ T6657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1563.985797][ T6657] R13: 00007f0875a16128 R14: 00007f0875a16090 R15: 00007fffb64132d8 [ 1563.985843][ T6657] [ 1568.222007][ T6708] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13281'. [ 1568.249763][ T6708] netlink: 25 bytes leftover after parsing attributes in process `syz.3.13281'. [ 1568.494836][ T6710] netlink: 330 bytes leftover after parsing attributes in process `syz.3.13282'. [ 1571.151215][ T6740] FAULT_INJECTION: forcing a failure. [ 1571.151215][ T6740] name failslab, interval 1, probability 0, space 0, times 0 [ 1571.178348][ T6736] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13289'. [ 1571.194613][ T6740] CPU: 0 UID: 0 PID: 6740 Comm: syz.3.13292 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1571.194673][ T6740] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1571.194687][ T6740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1571.194709][ T6740] Call Trace: [ 1571.194721][ T6740] [ 1571.194735][ T6740] dump_stack_lvl+0x100/0x190 [ 1571.194793][ T6740] should_fail_ex.cold+0x5/0xa [ 1571.194835][ T6740] should_failslab+0xc2/0x120 [ 1571.194892][ T6740] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1571.194933][ T6740] ? kvm_uevent_notify_change.part.0+0x2a6/0x450 [ 1571.194990][ T6740] kvm_uevent_notify_change.part.0+0x2a6/0x450 [ 1571.195045][ T6740] ? __pfx_kvm_vm_release+0x10/0x10 [ 1571.195085][ T6740] kvm_put_kvm+0xe4/0xb10 [ 1571.195124][ T6740] ? lockdep_hardirqs_on+0x78/0x100 [ 1571.195172][ T6740] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1571.195217][ T6740] ? __pfx_kvm_vm_release+0x10/0x10 [ 1571.195257][ T6740] kvm_vm_release+0x3c/0x50 [ 1571.195293][ T6740] __fput+0x3ff/0xb40 [ 1571.195337][ T6740] task_work_run+0x150/0x240 [ 1571.195388][ T6740] ? __pfx_task_work_run+0x10/0x10 [ 1571.195450][ T6740] exit_to_user_mode_loop+0x100/0x4a0 [ 1571.195499][ T6740] do_syscall_64+0x668/0xf80 [ 1571.195545][ T6740] ? clear_bhb_loop+0x40/0x90 [ 1571.195590][ T6740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.195627][ T6740] RIP: 0033:0x7f22d9f9bf79 [ 1571.195657][ T6740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1571.195693][ T6740] RSP: 002b:00007f22daed1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1571.195728][ T6740] RAX: 0000000000000000 RBX: 00007f22da215fa0 RCX: 00007f22d9f9bf79 [ 1571.195751][ T6740] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 1571.195772][ T6740] RBP: 00007f22da0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.195794][ T6740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1571.195816][ T6740] R13: 00007f22da216038 R14: 00007f22da215fa0 R15: 00007fffbd0735e8 [ 1571.195861][ T6740] [ 1571.247583][ T6741] netlink: 'syz.5.13289': attribute type 1 has an invalid length. [ 1571.538787][ T6741] netlink: 13 bytes leftover after parsing attributes in process `syz.5.13289'. [ 1571.802548][ T6746] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13294'. [ 1571.853454][ T6746] bridge0: port 5(team0) entered disabled state [ 1571.889560][ T6746] team0 (unregistering): left allmulticast mode [ 1571.899769][ T6746] team_slave_0: left allmulticast mode [ 1571.912967][ T6746] team_slave_1: left allmulticast mode [ 1571.923120][ T6746] team0 (unregistering): left promiscuous mode [ 1571.931496][ T6746] team_slave_0: left promiscuous mode [ 1571.947165][ T6746] team_slave_1: left promiscuous mode [ 1571.954294][ T6746] bridge0: port 5(team0) entered disabled state [ 1571.980987][ T6746] team0 (unregistering): Port device team_slave_0 removed [ 1571.997281][ T6746] team0 (unregistering): Port device team_slave_1 removed [ 1572.118136][ T6750] mkiss: ax0: crc mode is auto. [ 1573.252407][ T6770] netlink: 186 bytes leftover after parsing attributes in process `syz.2.13303'. [ 1574.353559][ T6794] [U] [ 1576.206841][ T6832] zswap: compressor not available [ 1576.458241][ T6845] Process accounting resumed [ 1576.602023][ T6850] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.13327: No space for directory leaf checksum. Please run e2fsck -D. [ 1576.623478][ T6852] FAULT_INJECTION: forcing a failure. [ 1576.623478][ T6852] name failslab, interval 1, probability 0, space 0, times 0 [ 1576.661151][ T6850] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.13327: checksumming directory block 0 [ 1576.680935][ T6852] CPU: 1 UID: 0 PID: 6852 Comm: syz.3.13328 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1576.680993][ T6852] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1576.681007][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1576.681028][ T6852] Call Trace: [ 1576.681039][ T6852] [ 1576.681053][ T6852] dump_stack_lvl+0x100/0x190 [ 1576.681109][ T6852] should_fail_ex.cold+0x5/0xa [ 1576.681150][ T6852] should_failslab+0xc2/0x120 [ 1576.681206][ T6852] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1576.681244][ T6852] ? tomoyo_init_log+0x1a0/0x20c0 [ 1576.681301][ T6852] tomoyo_init_log+0x1a0/0x20c0 [ 1576.681349][ T6852] ? __pfx_format_decode+0x10/0x10 [ 1576.681389][ T6852] ? number+0x983/0xc90 [ 1576.681443][ T6852] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1576.681506][ T6852] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1576.681576][ T6852] tomoyo_write_log2+0x2ed/0xbc0 [ 1576.681633][ T6852] tomoyo_supervisor+0x15e/0x1340 [ 1576.681699][ T6852] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1576.681761][ T6852] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1576.681825][ T6852] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1576.681876][ T6852] ? kfree+0x1f6/0x6b0 [ 1576.681917][ T6852] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1576.681980][ T6852] tomoyo_path_number_perm+0x445/0x580 [ 1576.682025][ T6852] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1576.682067][ T6852] ? futex_wait+0x125/0x380 [ 1576.682158][ T6852] ? find_held_lock+0x2b/0x80 [ 1576.682214][ T6852] ? __fget_files+0x215/0x3d0 [ 1576.682261][ T6852] ? hook_file_ioctl_common+0x146/0x410 [ 1576.682313][ T6852] ? __fget_files+0x21f/0x3d0 [ 1576.682370][ T6852] security_file_ioctl+0xd3/0x230 [ 1576.682415][ T6852] __x64_sys_ioctl+0xb7/0x210 [ 1576.682462][ T6852] do_syscall_64+0x106/0xf80 [ 1576.682507][ T6852] ? clear_bhb_loop+0x40/0x90 [ 1576.682552][ T6852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1576.682601][ T6852] RIP: 0033:0x7f22d9f9bf79 [ 1576.682632][ T6852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1576.682669][ T6852] RSP: 002b:00007f22daeb0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1576.682705][ T6852] RAX: ffffffffffffffda RBX: 00007f22da216090 RCX: 00007f22d9f9bf79 [ 1576.682729][ T6852] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000003 [ 1576.682752][ T6852] RBP: 00007f22da0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1576.682773][ T6852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1576.682793][ T6852] R13: 00007f22da216128 R14: 00007f22da216090 R15: 00007fffbd0735e8 [ 1576.682838][ T6852] [ 1576.696996][ T6850] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1577.051625][ T6850] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.13327: No space for directory leaf checksum. Please run e2fsck -D. [ 1577.121610][ T6850] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.13327: checksumming directory block 0 [ 1577.146382][ T6850] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1577.182771][ T6850] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.13327: No space for directory leaf checksum. Please run e2fsck -D. [ 1577.219925][ T6854] FAULT_INJECTION: forcing a failure. [ 1577.219925][ T6854] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1577.221603][ T6850] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.13327: checksumming directory block 0 [ 1577.257193][ T6854] CPU: 1 UID: 0 PID: 6854 Comm: syz.2.13330 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1577.257250][ T6854] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1577.257272][ T6854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1577.257294][ T6854] Call Trace: [ 1577.257305][ T6854] [ 1577.257318][ T6854] dump_stack_lvl+0x100/0x190 [ 1577.257376][ T6854] should_fail_ex.cold+0x5/0xa [ 1577.257413][ T6854] ? prepare_alloc_pages+0x16d/0x5f0 [ 1577.257485][ T6854] should_fail_alloc_page+0xeb/0x140 [ 1577.257544][ T6854] prepare_alloc_pages+0x1f0/0x5f0 [ 1577.257610][ T6854] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1577.257658][ T6854] ? __print_lock_name+0x61/0x80 [ 1577.257714][ T6854] ? is_bpf_text_address+0x8a/0x1a0 [ 1577.257764][ T6854] ? is_bpf_text_address+0x8a/0x1a0 [ 1577.257813][ T6854] ? bpf_ksym_find+0x124/0x1c0 [ 1577.257852][ T6854] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1577.257922][ T6854] ? is_bpf_text_address+0x94/0x1a0 [ 1577.257972][ T6854] ? kernel_text_address+0x8d/0x100 [ 1577.258024][ T6854] ? __kernel_text_address+0xd/0x30 [ 1577.258074][ T6854] ? unwind_get_return_address+0x59/0xa0 [ 1577.258113][ T6854] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1577.258179][ T6854] ? __pfx_stack_trace_save+0x10/0x10 [ 1577.258245][ T6854] ? stack_depot_save_flags+0x27/0x9d0 [ 1577.258293][ T6854] ? find_held_lock+0x2b/0x80 [ 1577.258350][ T6854] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1577.258408][ T6854] ? policy_nodemask+0xed/0x4f0 [ 1577.258475][ T6854] alloc_pages_mpol+0x1fb/0x550 [ 1577.258533][ T6854] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1577.258602][ T6854] alloc_pages_noprof+0x131/0x390 [ 1577.258661][ T6854] kimage_alloc_pages+0x72/0x380 [ 1577.258723][ T6854] kimage_alloc_control_pages+0x157/0xa20 [ 1577.258792][ T6854] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 1577.258855][ T6854] ? kasan_save_track+0x14/0x30 [ 1577.258911][ T6854] do_kexec_load+0x6c1/0x810 [ 1577.258950][ T6854] ? __pfx_do_kexec_load+0x10/0x10 [ 1577.258989][ T6854] ? _copy_from_user+0x59/0xd0 [ 1577.259038][ T6854] __x64_sys_kexec_load+0x1bf/0x230 [ 1577.259077][ T6854] do_syscall_64+0x106/0xf80 [ 1577.259123][ T6854] ? clear_bhb_loop+0x40/0x90 [ 1577.259168][ T6854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1577.259206][ T6854] RIP: 0033:0x7f087579bf79 [ 1577.259237][ T6854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1577.259273][ T6854] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 1577.259308][ T6854] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1577.259333][ T6854] RDX: 0000200000000040 RSI: 0000000000000001 RDI: 0000200000000007 [ 1577.259356][ T6854] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.259377][ T6854] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1577.259397][ T6854] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1577.259448][ T6854] [ 1577.259464][ T6854] kexec: Could not allocate swap buffer [ 1577.540664][ T6850] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1577.711652][ T6850] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.1.13327: No space for directory leaf checksum. Please run e2fsck -D. [ 1577.793633][ T6850] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.1.13327: checksumming directory block 0 [ 1577.821723][ T6850] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1577.837662][ T6850] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1577.861560][ T6850] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1582.361725][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13352'. [ 1582.395623][ T6927] netlink: 13 bytes leftover after parsing attributes in process `syz.2.13352'. [ 1584.392043][ T6956] Process accounting resumed [ 1586.507286][ T6981] Â: entered promiscuous mode [ 1586.821693][ T6990] netlink: 342 bytes leftover after parsing attributes in process `syz.1.13372'. [ 1586.877654][ T6990] netlink: 274 bytes leftover after parsing attributes in process `syz.1.13372'. [ 1587.403414][ T6999] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13375'. [ 1587.470155][ T6999] team0 (unregistering): Port device team_slave_0 removed [ 1587.544514][ T6999] team0 (unregistering): Port device team_slave_1 removed [ 1587.651924][ T7003] netlink: 'syz.5.13376': attribute type 27 has an invalid length. [ 1587.662022][ T7003] netlink: 146 bytes leftover after parsing attributes in process `syz.5.13376'. [ 1593.218672][ T7069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13393'. [ 1593.235796][ T7069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13393'. [ 1593.856960][ T30] audit: type=1800 audit(4294996254.176:50): pid=7086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.13400" name="features" dev="configfs" ino=152778 res=0 errno=0 [ 1594.128213][ T7091] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13401'. [ 1594.201540][ T7091] team0 (unregistering): Port device team_slave_0 removed [ 1594.252432][ T7091] team0 (unregistering): Port device team_slave_1 removed [ 1594.834575][ T7101] FAULT_INJECTION: forcing a failure. [ 1594.834575][ T7101] name failslab, interval 1, probability 0, space 0, times 0 [ 1594.851846][ T7101] CPU: 1 UID: 0 PID: 7101 Comm: syz.5.13404 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1594.851903][ T7101] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1594.851918][ T7101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1594.851939][ T7101] Call Trace: [ 1594.851951][ T7101] [ 1594.851964][ T7101] dump_stack_lvl+0x100/0x190 [ 1594.852038][ T7101] should_fail_ex.cold+0x5/0xa [ 1594.852080][ T7101] should_failslab+0xc2/0x120 [ 1594.852136][ T7101] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1594.852181][ T7101] ? __kernfs_new_node+0xd2/0x960 [ 1594.852227][ T7101] __kernfs_new_node+0xd2/0x960 [ 1594.852269][ T7101] ? __pfx___kernfs_new_node+0x10/0x10 [ 1594.852317][ T7101] ? find_held_lock+0x2b/0x80 [ 1594.852372][ T7101] ? kernfs_root+0xee/0x2a0 [ 1594.852415][ T7101] ? kernfs_root+0xee/0x2a0 [ 1594.852461][ T7101] kernfs_new_node+0x11b/0x1a0 [ 1594.852515][ T7101] __kernfs_create_file+0x53/0x350 [ 1594.852571][ T7101] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1594.852640][ T7101] internal_create_group+0x593/0xf40 [ 1594.852690][ T7101] ? __pfx_internal_create_group+0x10/0x10 [ 1594.852737][ T7101] ? kernfs_create_link+0x1bd/0x240 [ 1594.852796][ T7101] internal_create_groups+0x9d/0x150 [ 1594.852840][ T7101] device_add+0x71a/0x1950 [ 1594.852885][ T7101] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1594.852940][ T7101] ? __pfx_device_add+0x10/0x10 [ 1594.852984][ T7101] ? lockdep_init_map_type+0x5c/0x250 [ 1594.853031][ T7101] ? __init_waitqueue_head+0xca/0x150 [ 1594.853092][ T7101] netdev_register_kobject+0x1a9/0x3d0 [ 1594.853154][ T7101] register_netdevice+0x12e0/0x2210 [ 1594.853213][ T7101] ? __pfx_register_netdevice+0x10/0x10 [ 1594.853273][ T7101] ? __pfx_loopback_net_init+0x10/0x10 [ 1594.853312][ T7101] register_netdev+0x34/0x50 [ 1594.853360][ T7101] loopback_net_init+0x7a/0x170 [ 1594.853429][ T7101] ? __pfx_loopback_net_init+0x10/0x10 [ 1594.853467][ T7101] ops_init+0x1e2/0x5f0 [ 1594.853520][ T7101] setup_net+0x118/0x3a0 [ 1594.853569][ T7101] ? __pfx_setup_net+0x10/0x10 [ 1594.853616][ T7101] ? lockdep_init_map_type+0x5c/0x250 [ 1594.853663][ T7101] ? mutex_init_lockep+0x110/0x150 [ 1594.853716][ T7101] copy_net_ns+0x46f/0x7c0 [ 1594.853773][ T7101] create_new_namespaces+0x3ea/0xac0 [ 1594.853842][ T7101] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1594.853882][ T7101] ksys_unshare+0x455/0xab0 [ 1594.853928][ T7101] ? __pfx_ksys_unshare+0x10/0x10 [ 1594.853987][ T7101] __x64_sys_unshare+0x31/0x40 [ 1594.854028][ T7101] do_syscall_64+0x106/0xf80 [ 1594.854073][ T7101] ? clear_bhb_loop+0x40/0x90 [ 1594.854117][ T7101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1594.854153][ T7101] RIP: 0033:0x7f75ffd9bf79 [ 1594.854188][ T7101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1594.854223][ T7101] RSP: 002b:00007f7600c69028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1594.854252][ T7101] RAX: ffffffffffffffda RBX: 00007f7600015fa0 RCX: 00007f75ffd9bf79 [ 1594.854272][ T7101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1594.854291][ T7101] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1594.854310][ T7101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1594.854328][ T7101] R13: 00007f7600016038 R14: 00007f7600015fa0 R15: 00007ffd1e94dc48 [ 1594.854366][ T7101] [ 1596.296789][ T7117] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13408'. [ 1596.374246][ T7117] bridge0: port 2(bridge_slave_1) entered disabled state [ 1596.425015][ T7117] bridge_slave_1 (unregistering): left allmulticast mode [ 1596.440890][ T7117] bridge_slave_1 (unregistering): left promiscuous mode [ 1596.461014][ T7117] bridge0: port 2(bridge_slave_1) entered disabled state [ 1596.982021][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1596.989367][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1596.996707][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.004002][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.011330][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.018705][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.026043][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.033363][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.040635][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.047929][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.055380][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.062677][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.069956][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.077263][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.084655][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.091937][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.099202][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.106523][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.113826][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.121140][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.128450][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.136155][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.143480][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.150751][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.158149][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.165436][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.172716][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.179975][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.187311][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.194606][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.201885][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.209144][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.216470][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.223751][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.230987][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.238285][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.245557][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.252833][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.260085][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.267354][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.274603][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.281886][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.289159][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.296453][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.303751][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.311056][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.318352][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.325664][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.332970][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.340232][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.347528][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.354822][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.362134][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.369391][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.376774][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.384072][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.391368][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.398676][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.405973][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.413292][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.420564][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.427849][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.435211][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1597.751635][ T7133] FAULT_INJECTION: forcing a failure. [ 1597.751635][ T7133] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.799744][ T7133] CPU: 1 UID: 0 PID: 7133 Comm: syz.2.13414 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1597.799800][ T7133] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1597.799814][ T7133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1597.799835][ T7133] Call Trace: [ 1597.799849][ T7133] [ 1597.799862][ T7133] dump_stack_lvl+0x100/0x190 [ 1597.799916][ T7133] should_fail_ex.cold+0x5/0xa [ 1597.799957][ T7133] should_failslab+0xc2/0x120 [ 1597.800010][ T7133] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1597.800062][ T7133] ? __alloc_skb+0x140/0x710 [ 1597.800111][ T7133] __alloc_skb+0x140/0x710 [ 1597.800150][ T7133] ? __alloc_skb+0x5b7/0x710 [ 1597.800192][ T7133] ? __pfx___alloc_skb+0x10/0x10 [ 1597.800235][ T7133] ? aa_label_sk_perm+0x194/0x5f0 [ 1597.800295][ T7133] alloc_skb_with_frags+0xe0/0x810 [ 1597.800351][ T7133] ? __lock_acquire+0x4a5/0x2630 [ 1597.800399][ T7133] sock_alloc_send_pskb+0x801/0x980 [ 1597.800452][ T7133] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1597.800496][ T7133] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1597.800550][ T7133] caif_stream_sendmsg+0x446/0x800 [ 1597.800612][ T7133] ? __pfx_caif_stream_sendmsg+0x10/0x10 [ 1597.800661][ T7133] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1597.800727][ T7133] sock_write_iter+0x566/0x610 [ 1597.800784][ T7133] ? __pfx_sock_write_iter+0x10/0x10 [ 1597.800838][ T7133] ? futex_unqueue+0x133/0x2c0 [ 1597.800875][ T7133] ? futex_unqueue+0x133/0x2c0 [ 1597.800925][ T7133] ? __futex_wait+0x256/0x300 [ 1597.800983][ T7133] do_iter_readv_writev+0x6ee/0x920 [ 1597.801034][ T7133] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1597.801078][ T7133] ? common_file_perm+0x1ab/0x4f0 [ 1597.801126][ T7133] ? bpf_lsm_file_permission+0x9/0x10 [ 1597.801176][ T7133] ? security_file_permission+0x76/0x210 [ 1597.801225][ T7133] ? rw_verify_area+0xce/0x6d0 [ 1597.801279][ T7133] vfs_writev+0x360/0xe10 [ 1597.801339][ T7133] ? __pfx_vfs_writev+0x10/0x10 [ 1597.801410][ T7133] ? __fget_files+0x21f/0x3d0 [ 1597.801478][ T7133] ? do_writev+0x28a/0x340 [ 1597.801522][ T7133] do_writev+0x28a/0x340 [ 1597.801567][ T7133] ? __pfx_do_writev+0x10/0x10 [ 1597.801623][ T7133] do_syscall_64+0x106/0xf80 [ 1597.801670][ T7133] ? clear_bhb_loop+0x40/0x90 [ 1597.801716][ T7133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1597.801755][ T7133] RIP: 0033:0x7f087579bf79 [ 1597.801784][ T7133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1597.801819][ T7133] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1597.801852][ T7133] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1597.801877][ T7133] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1597.801899][ T7133] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1597.801922][ T7133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1597.801943][ T7133] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1597.802009][ T7133] [ 1598.642369][ T7154] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 1598.693974][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880484c7c00: rx timeout, send abort [ 1599.203322][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880484c7c00: abort rx timeout. Force session deactivation [ 1599.660934][ T7164] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13424'. [ 1599.739870][ T7166] netlink: 'syz.3.13425': attribute type 19 has an invalid length. [ 1599.750137][ T7166] netlink: 226 bytes leftover after parsing attributes in process `syz.3.13425'. [ 1599.752189][ T7168] netlink: 186 bytes leftover after parsing attributes in process `syz.1.13423'. [ 1601.074066][ T7200] netlink: 62 bytes leftover after parsing attributes in process `syz.3.13434'. [ 1601.248816][ T7204] netlink: 'syz.3.13437': attribute type 28 has an invalid length. [ 1601.265501][ T7204] netlink: 'syz.3.13437': attribute type 3 has an invalid length. [ 1601.300270][ T7204] netlink: 306 bytes leftover after parsing attributes in process `syz.3.13437'. [ 1601.801280][ T7216] random: crng reseeded on system resumption [ 1602.737518][ T7213] Loading of unsigned module is rejected [ 1603.055706][ T7223] netlink: 334 bytes leftover after parsing attributes in process `syz.1.13443'. [ 1604.611203][ T7268] netlink: 'syz.2.13458': attribute type 10 has an invalid length. [ 1604.620412][ T7268] netlink: 'syz.2.13458': attribute type 13 has an invalid length. [ 1604.745308][T31767] Bluetooth: hci0: command 0x0406 tx timeout [ 1604.928918][ T7273] FAULT_INJECTION: forcing a failure. [ 1604.928918][ T7273] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1604.944031][ T7273] CPU: 0 UID: 0 PID: 7273 Comm: syz.3.13461 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1604.944074][ T7273] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1604.944085][ T7273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1604.944101][ T7273] Call Trace: [ 1604.944110][ T7273] [ 1604.944119][ T7273] dump_stack_lvl+0x100/0x190 [ 1604.944162][ T7273] should_fail_ex.cold+0x5/0xa [ 1604.944191][ T7273] get_futex_key+0x1d2/0x1620 [ 1604.944223][ T7273] ? __pfx_get_futex_key+0x10/0x10 [ 1604.944252][ T7273] ? __pfx___might_resched+0x10/0x10 [ 1604.944288][ T7273] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1604.944327][ T7273] ? __kasan_slab_alloc+0x89/0x90 [ 1604.944365][ T7273] ? lockdep_init_map_type+0x5c/0x250 [ 1604.944401][ T7273] futex_wake+0xea/0x530 [ 1604.944439][ T7273] ? __pfx_futex_wake+0x10/0x10 [ 1604.944478][ T7273] ? alloc_file_pseudo+0x1a5/0x230 [ 1604.944519][ T7273] do_futex+0x32b/0x350 [ 1604.944550][ T7273] ? __pfx_do_futex+0x10/0x10 [ 1604.944578][ T7273] ? fd_install+0x223/0x580 [ 1604.944621][ T7273] __x64_sys_futex+0x34f/0x4d0 [ 1604.944655][ T7273] ? __pfx___x64_sys_futex+0x10/0x10 [ 1604.944686][ T7273] ? __x64_sys_signalfd+0x128/0x1a0 [ 1604.944711][ T7273] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 1604.944746][ T7273] do_syscall_64+0x106/0xf80 [ 1604.944779][ T7273] ? clear_bhb_loop+0x40/0x90 [ 1604.944809][ T7273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1604.944836][ T7273] RIP: 0033:0x7f22d9f9bf79 [ 1604.944856][ T7273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1604.944882][ T7273] RSP: 002b:00007f22daed10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1604.944944][ T7273] RAX: ffffffffffffffda RBX: 00007f22da215fa8 RCX: 00007f22d9f9bf79 [ 1604.944967][ T7273] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f22da215fac [ 1604.944989][ T7273] RBP: 00007f22da215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1604.945009][ T7273] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1604.945030][ T7273] R13: 00007f22da216038 R14: 00007fffbd073500 R15: 00007fffbd0735e8 [ 1604.945076][ T7273] [ 1605.526256][ T30] audit: type=1326 audit(4294996265.850:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.2.13459" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f087579bf79 code=0x0 [ 1605.601862][ T7271] FAULT_INJECTION: forcing a failure. [ 1605.601862][ T7271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1605.635368][ T7271] CPU: 1 UID: 0 PID: 7271 Comm: syz.2.13459 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1605.635427][ T7271] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1605.635441][ T7271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1605.635461][ T7271] Call Trace: [ 1605.635473][ T7271] [ 1605.635487][ T7271] dump_stack_lvl+0x100/0x190 [ 1605.635543][ T7271] should_fail_ex.cold+0x5/0xa [ 1605.635584][ T7271] _copy_to_iter+0x5a4/0x1720 [ 1605.635636][ T7271] ? __pfx__copy_to_iter+0x10/0x10 [ 1605.635677][ T7271] ? workingset_activation+0x23b/0x360 [ 1605.635728][ T7271] ? folio_mark_accessed+0xf3/0x1040 [ 1605.635778][ T7271] ? __pfx_filemap_get_pages+0x10/0x10 [ 1605.635828][ T7271] ? __pfx_folio_mark_accessed+0x10/0x10 [ 1605.635888][ T7271] copy_page_to_iter+0x12a/0x1e0 [ 1605.635936][ T7271] filemap_read+0x7a9/0x10a0 [ 1605.636006][ T7271] ? __pfx_filemap_read+0x10/0x10 [ 1605.636087][ T7271] ? __pfx_down_read+0x10/0x10 [ 1605.636154][ T7271] ? __pfx_aa_file_perm+0x10/0x10 [ 1605.636204][ T7271] ? futex_unqueue+0x133/0x2c0 [ 1605.636251][ T7271] blkdev_read_iter+0x2c4/0x4f0 [ 1605.636306][ T7271] ? copy_iovec_from_user+0x102/0x140 [ 1605.636352][ T7271] do_iter_readv_writev+0x60d/0x920 [ 1605.636403][ T7271] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1605.636448][ T7271] ? common_file_perm+0x1ab/0x4f0 [ 1605.636498][ T7271] ? bpf_lsm_file_permission+0x9/0x10 [ 1605.636546][ T7271] ? security_file_permission+0x76/0x210 [ 1605.636593][ T7271] ? rw_verify_area+0xce/0x6d0 [ 1605.636641][ T7271] vfs_readv+0x4d3/0x8d0 [ 1605.636698][ T7271] ? __pfx_vfs_readv+0x10/0x10 [ 1605.636773][ T7271] ? __fget_files+0x21f/0x3d0 [ 1605.636836][ T7271] ? do_readv+0x13e/0x340 [ 1605.636878][ T7271] do_readv+0x13e/0x340 [ 1605.636924][ T7271] ? __pfx_do_readv+0x10/0x10 [ 1605.636969][ T7271] ? xfd_validate_state+0x129/0x190 [ 1605.637030][ T7271] __x64_sys_preadv2+0x11f/0x160 [ 1605.637089][ T7271] do_syscall_64+0x106/0xf80 [ 1605.637136][ T7271] ? clear_bhb_loop+0x40/0x90 [ 1605.637194][ T7271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1605.637232][ T7271] RIP: 0033:0x7f087579bf79 [ 1605.637263][ T7271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1605.637298][ T7271] RSP: 002b:00007f08739cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 1605.637331][ T7271] RAX: ffffffffffffffda RBX: 00007f0875a16090 RCX: 00007f087579bf79 [ 1605.637355][ T7271] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000006 [ 1605.637376][ T7271] RBP: 00007f08758327e0 R08: 0000000000000004 R09: 000000000000002e [ 1605.637397][ T7271] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1605.637418][ T7271] R13: 00007f0875a16128 R14: 00007f0875a16090 R15: 00007fffb64132d8 [ 1605.637464][ T7271] [ 1606.298636][ T7281] bond0: option all_slaves_active: invalid value () [ 1606.831288][ T7280] Process accounting paused [ 1607.486267][ T30] audit: type=1800 audit(4294996267.789:52): pid=7310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.13466" name="features" dev="configfs" ino=153382 res=0 errno=0 [ 1607.809010][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.816318][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1610.500150][ T7367] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13484'. [ 1610.549423][ T7367] bridge_slave_1 (unregistering): left allmulticast mode [ 1610.568054][ T7367] bridge_slave_1 (unregistering): left promiscuous mode [ 1610.610980][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state [ 1611.015178][ T7382] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.2.13493: No space for directory leaf checksum. Please run e2fsck -D. [ 1611.073530][ T7382] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.2.13493: checksumming directory block 0 [ 1611.101703][ T7382] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1611.116131][ T7382] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.2.13493: No space for directory leaf checksum. Please run e2fsck -D. [ 1611.137054][ T7382] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.2.13493: checksumming directory block 0 [ 1611.155587][ T7382] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1611.167789][ T7382] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.2.13493: No space for directory leaf checksum. Please run e2fsck -D. [ 1611.219426][ T7382] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.2.13493: checksumming directory block 0 [ 1611.248261][ T7382] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1611.280093][ T7382] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.2.13493: No space for directory leaf checksum. Please run e2fsck -D. [ 1611.318076][ T7382] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.2.13493: checksumming directory block 0 [ 1611.352327][ T7382] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1611.383828][ T7382] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1611.406998][ T7382] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1612.013525][ T7405] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13499'. [ 1613.859865][ T7447] netlink: 246 bytes leftover after parsing attributes in process `syz.2.13512'. [ 1614.404528][ T7452] sp0: Synchronizing with TNC [ 1614.653772][ T7445] Process accounting paused [ 1614.822932][ T7466] netlink: 354 bytes leftover after parsing attributes in process `syz.1.13518'. [ 1616.069349][ T7483] netlink: 'syz.1.13524': attribute type 10 has an invalid length. [ 1616.098009][ T7483] netlink: 230 bytes leftover after parsing attributes in process `syz.1.13524'. [ 1618.463273][ T7528] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1620.052890][ T7547] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13544'. [ 1621.360194][ T7573] FAULT_INJECTION: forcing a failure. [ 1621.360194][ T7573] name failslab, interval 1, probability 0, space 0, times 0 [ 1621.419284][ T7573] CPU: 1 UID: 0 PID: 7573 Comm: syz.5.13554 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1621.419359][ T7573] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1621.419380][ T7573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1621.419402][ T7573] Call Trace: [ 1621.419414][ T7573] [ 1621.419428][ T7573] dump_stack_lvl+0x100/0x190 [ 1621.419508][ T7573] should_fail_ex.cold+0x5/0xa [ 1621.419540][ T7573] ? tomoyo_init_log+0x1224/0x20c0 [ 1621.419573][ T7573] should_failslab+0xc2/0x120 [ 1621.419614][ T7573] __kmalloc_noprof+0xe0/0x850 [ 1621.419653][ T7573] tomoyo_init_log+0x1224/0x20c0 [ 1621.419694][ T7573] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1621.419740][ T7573] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1621.419788][ T7573] tomoyo_write_log2+0x2ed/0xbc0 [ 1621.419828][ T7573] tomoyo_supervisor+0x15e/0x1340 [ 1621.419874][ T7573] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1621.419929][ T7573] ? kasan_quarantine_put+0x104/0x240 [ 1621.419966][ T7573] ? tomoyo_check_path_acl+0x141/0x210 [ 1621.419996][ T7573] ? tomoyo_check_acl+0x1f7/0x410 [ 1621.420026][ T7573] tomoyo_path_permission+0x270/0x3b0 [ 1621.420059][ T7573] tomoyo_check_open_permission+0x37f/0x3c0 [ 1621.420092][ T7573] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1621.420151][ T7573] ? do_raw_spin_lock+0x128/0x260 [ 1621.420190][ T7573] ? path_get+0x61/0x80 [ 1621.420233][ T7573] tomoyo_file_open+0x6b/0x90 [ 1621.420275][ T7573] security_file_open+0xb5/0x1e0 [ 1621.420309][ T7573] do_dentry_open+0x5aa/0x1660 [ 1621.420349][ T7573] ? security_inode_permission+0xbf/0x250 [ 1621.420384][ T7573] vfs_open+0x82/0x3f0 [ 1621.420414][ T7573] path_openat+0x208c/0x31a0 [ 1621.420462][ T7573] ? __pfx_path_openat+0x10/0x10 [ 1621.420512][ T7573] do_file_open+0x20e/0x430 [ 1621.420552][ T7573] ? __pfx_do_file_open+0x10/0x10 [ 1621.420612][ T7573] ? alloc_fd+0x476/0x790 [ 1621.420651][ T7573] ? do_getname+0x191/0x390 [ 1621.420680][ T7573] do_sys_openat2+0x10d/0x1e0 [ 1621.420708][ T7573] ? __pfx_do_sys_openat2+0x10/0x10 [ 1621.420738][ T7573] ? __fget_files+0x21f/0x3d0 [ 1621.420787][ T7573] __x64_sys_openat+0x12d/0x210 [ 1621.420817][ T7573] ? __pfx___x64_sys_openat+0x10/0x10 [ 1621.420857][ T7573] do_syscall_64+0x106/0xf80 [ 1621.420892][ T7573] ? clear_bhb_loop+0x40/0x90 [ 1621.420923][ T7573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1621.420950][ T7573] RIP: 0033:0x7f75ffd9bf79 [ 1621.420971][ T7573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1621.420996][ T7573] RSP: 002b:00007f7600c69028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1621.421020][ T7573] RAX: ffffffffffffffda RBX: 00007f7600015fa0 RCX: 00007f75ffd9bf79 [ 1621.421038][ T7573] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 1621.421054][ T7573] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1621.421071][ T7573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1621.421087][ T7573] R13: 00007f7600016038 R14: 00007f7600015fa0 R15: 00007ffd1e94dc48 [ 1621.421119][ T7573] [ 1622.709208][ T7581] FAULT_INJECTION: forcing a failure. [ 1622.709208][ T7581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1622.726291][ T7581] CPU: 0 UID: 0 PID: 7581 Comm: syz.5.13558 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1622.726365][ T7581] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1622.726386][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1622.726407][ T7581] Call Trace: [ 1622.726419][ T7581] [ 1622.726432][ T7581] dump_stack_lvl+0x100/0x190 [ 1622.726492][ T7581] should_fail_ex.cold+0x5/0xa [ 1622.726532][ T7581] _copy_to_user+0x32/0xd0 [ 1622.726577][ T7581] pagemap_read+0x51b/0x830 [ 1622.726649][ T7581] ? __pfx_pagemap_read+0x10/0x10 [ 1622.726716][ T7581] ? rw_verify_area+0xce/0x6d0 [ 1622.726760][ T7581] ? __pfx_pagemap_read+0x10/0x10 [ 1622.726818][ T7581] vfs_read+0x1e4/0xb30 [ 1622.726873][ T7581] ? __pfx_vfs_read+0x10/0x10 [ 1622.726920][ T7581] ? __fget_files+0x215/0x3d0 [ 1622.726980][ T7581] ? __fget_files+0x21f/0x3d0 [ 1622.727042][ T7581] ksys_read+0x12a/0x250 [ 1622.727090][ T7581] ? __pfx_ksys_read+0x10/0x10 [ 1622.727152][ T7581] do_syscall_64+0x106/0xf80 [ 1622.727199][ T7581] ? clear_bhb_loop+0x40/0x90 [ 1622.727248][ T7581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1622.727287][ T7581] RIP: 0033:0x7f75ffd9bf79 [ 1622.727317][ T7581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1622.727353][ T7581] RSP: 002b:00007f7600c69028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1622.727388][ T7581] RAX: ffffffffffffffda RBX: 00007f7600015fa0 RCX: 00007f75ffd9bf79 [ 1622.727412][ T7581] RDX: 00000000000039b8 RSI: 0000000000000000 RDI: 0000000000000005 [ 1622.727432][ T7581] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1622.727453][ T7581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1622.727473][ T7581] R13: 00007f7600016038 R14: 00007f7600015fa0 R15: 00007ffd1e94dc48 [ 1622.727519][ T7581] [ 1624.944976][ T7616] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13566'. [ 1625.009762][ T7617] netlink: 25 bytes leftover after parsing attributes in process `syz.5.13566'. [ 1625.257499][ T7619] netlink: 13 bytes leftover after parsing attributes in process `syz.5.13569'. [ 1625.380474][ T7623] FAULT_INJECTION: forcing a failure. [ 1625.380474][ T7623] name failslab, interval 1, probability 0, space 0, times 0 [ 1625.423506][ T7623] CPU: 1 UID: 0 PID: 7623 Comm: syz.2.13568 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1625.423585][ T7623] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1625.423606][ T7623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1625.423628][ T7623] Call Trace: [ 1625.423639][ T7623] [ 1625.423653][ T7623] dump_stack_lvl+0x100/0x190 [ 1625.423710][ T7623] should_fail_ex.cold+0x5/0xa [ 1625.423750][ T7623] ? ops_init+0x77/0x5f0 [ 1625.423796][ T7623] should_failslab+0xc2/0x120 [ 1625.423851][ T7623] __kmalloc_noprof+0xe0/0x850 [ 1625.423894][ T7623] ? nf_register_net_hook+0xe2/0x170 [ 1625.423950][ T7623] ops_init+0x77/0x5f0 [ 1625.424004][ T7623] setup_net+0x118/0x3a0 [ 1625.424055][ T7623] ? __pfx_setup_net+0x10/0x10 [ 1625.424115][ T7623] ? lockdep_init_map_type+0x5c/0x250 [ 1625.424158][ T7623] ? mutex_init_lockep+0x110/0x150 [ 1625.424210][ T7623] copy_net_ns+0x46f/0x7c0 [ 1625.424266][ T7623] create_new_namespaces+0x3ea/0xac0 [ 1625.424331][ T7623] copy_namespaces+0x468/0x5e0 [ 1625.424367][ T7623] copy_process+0x3226/0x7a10 [ 1625.424429][ T7623] ? __pfx_copy_process+0x10/0x10 [ 1625.424471][ T7623] ? find_held_lock+0x2b/0x80 [ 1625.424530][ T7623] ? futex_private_hash_put+0x107/0x1c0 [ 1625.424578][ T7623] kernel_clone+0xfc/0x9a0 [ 1625.424622][ T7623] ? __pfx_kernel_clone+0x10/0x10 [ 1625.424686][ T7623] __do_sys_clone+0xd9/0x120 [ 1625.424726][ T7623] ? __pfx___do_sys_clone+0x10/0x10 [ 1625.424768][ T7623] ? __fget_files+0x21f/0x3d0 [ 1625.424851][ T7623] do_syscall_64+0x106/0xf80 [ 1625.424898][ T7623] ? clear_bhb_loop+0x40/0x90 [ 1625.424940][ T7623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1625.424976][ T7623] RIP: 0033:0x7f087579bf79 [ 1625.425006][ T7623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1625.425041][ T7623] RSP: 002b:00007f08739edfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1625.425083][ T7623] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1625.425108][ T7623] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 1625.425130][ T7623] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1625.425152][ T7623] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1625.425173][ T7623] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1625.425219][ T7623] [ 1625.708128][ T7628] netlink: 186 bytes leftover after parsing attributes in process `syz.5.13572'. [ 1625.719847][ T7628] netlink: 186 bytes leftover after parsing attributes in process `syz.5.13572'. [ 1626.457682][ T7643] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3562660123 (7125320246 ns) > initial count (2882038626 ns). Using initial count to start timer. [ 1627.025501][ T7658] netlink: 25 bytes leftover after parsing attributes in process `syz.1.13583'. [ 1628.184546][ T7687] FAULT_INJECTION: forcing a failure. [ 1628.184546][ T7687] name failslab, interval 1, probability 0, space 0, times 0 [ 1628.208384][ T7687] CPU: 0 UID: 0 PID: 7687 Comm: syz.5.13592 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1628.208460][ T7687] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1628.208482][ T7687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1628.208503][ T7687] Call Trace: [ 1628.208515][ T7687] [ 1628.208529][ T7687] dump_stack_lvl+0x100/0x190 [ 1628.208588][ T7687] should_fail_ex.cold+0x5/0xa [ 1628.208627][ T7687] ? constrain_params_by_rules+0x175/0xcc0 [ 1628.208669][ T7687] should_failslab+0xc2/0x120 [ 1628.208723][ T7687] __kmalloc_noprof+0xe0/0x850 [ 1628.208789][ T7687] constrain_params_by_rules+0x175/0xcc0 [ 1628.208838][ T7687] ? __lock_acquire+0x4a5/0x2630 [ 1628.208888][ T7687] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 1628.208953][ T7687] ? __pfx_stack_trace_save+0x10/0x10 [ 1628.209017][ T7687] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1628.209051][ T7687] ? lock_acquire+0x1cf/0x380 [ 1628.209092][ T7687] ? __mutex_lock+0x26a/0x1b90 [ 1628.209129][ T7687] ? snd_interval_refine+0x2d0/0x580 [ 1628.209168][ T7687] snd_pcm_hw_refine+0x7e7/0xad0 [ 1628.209203][ T7687] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1628.209240][ T7687] ? do_raw_spin_lock+0x128/0x260 [ 1628.209279][ T7687] ? mark_held_locks+0x40/0x70 [ 1628.209314][ T7687] snd_pcm_hw_params+0x3f1/0x1cb0 [ 1628.209346][ T7687] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 1628.209390][ T7687] ? kfree+0x1f6/0x6b0 [ 1628.209415][ T7687] ? snd_pcm_hw_param_last+0x2dc/0x660 [ 1628.209443][ T7687] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1628.209476][ T7687] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 1628.209525][ T7687] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1628.209576][ T7687] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 1628.209611][ T7687] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 1628.209652][ T7687] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1628.209685][ T7687] ? __pfx___mutex_lock+0x10/0x10 [ 1628.209737][ T7687] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1628.209767][ T7687] snd_pcm_oss_sync+0x265/0x840 [ 1628.209805][ T7687] snd_pcm_oss_release+0x238/0x300 [ 1628.209832][ T7687] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1628.209860][ T7687] __fput+0x3ff/0xb40 [ 1628.209891][ T7687] task_work_run+0x150/0x240 [ 1628.209941][ T7687] ? __pfx_task_work_run+0x10/0x10 [ 1628.209983][ T7687] exit_to_user_mode_loop+0x100/0x4a0 [ 1628.210017][ T7687] do_syscall_64+0x668/0xf80 [ 1628.210057][ T7687] ? clear_bhb_loop+0x40/0x90 [ 1628.210089][ T7687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1628.210114][ T7687] RIP: 0033:0x7f75ffd9bf79 [ 1628.210136][ T7687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1628.210161][ T7687] RSP: 002b:00007f7600c69028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1628.210184][ T7687] RAX: 0000000000000000 RBX: 00007f7600015fa0 RCX: 00007f75ffd9bf79 [ 1628.210200][ T7687] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1628.210215][ T7687] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1628.210230][ T7687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1628.210245][ T7687] R13: 00007f7600016038 R14: 00007f7600015fa0 R15: 00007ffd1e94dc48 [ 1628.210276][ T7687] [ 1629.981034][ T7719] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13600'. [ 1630.566166][ T7730] netlink: 354 bytes leftover after parsing attributes in process `syz.2.13602'. [ 1630.917170][ T7732] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1631.645871][ T7746] netlink: 342 bytes leftover after parsing attributes in process `syz.1.13609'. [ 1632.256071][ T30] audit: type=1107 audit(4294967336.600:53): pid=7756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1632.308769][ T30] audit: type=1107 audit(4294967336.620:54): pid=7756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1633.461739][ T7781] netlink: 62 bytes leftover after parsing attributes in process `syz.3.13620'. [ 1633.655347][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1633.946293][ T7796] netlink: 354 bytes leftover after parsing attributes in process `syz.3.13624'. [ 1634.791916][ T7802] FAULT_INJECTION: forcing a failure. [ 1634.791916][ T7802] name failslab, interval 1, probability 0, space 0, times 0 [ 1634.860913][ T7802] CPU: 0 UID: 0 PID: 7802 Comm: syz.2.13626 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1634.860992][ T7802] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1634.861012][ T7802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1634.861035][ T7802] Call Trace: [ 1634.861047][ T7802] [ 1634.861060][ T7802] dump_stack_lvl+0x100/0x190 [ 1634.861126][ T7802] should_fail_ex.cold+0x5/0xa [ 1634.861169][ T7802] should_failslab+0xc2/0x120 [ 1634.861225][ T7802] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1634.861271][ T7802] ? drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 1634.861322][ T7802] ? drm_atomic_helper_check+0x10f/0x190 [ 1634.861378][ T7802] drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 1634.861448][ T7802] drm_atomic_helper_commit+0xa9/0x380 [ 1634.861500][ T7802] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 1634.861554][ T7802] drm_atomic_commit+0x230/0x300 [ 1634.861598][ T7802] ? __pfx_drm_atomic_commit+0x10/0x10 [ 1634.861642][ T7802] ? __pfx___drm_printfn_info+0x10/0x10 [ 1634.861688][ T7802] ? drm_client_rotation+0x451/0x6a0 [ 1634.861746][ T7802] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 1634.861811][ T7802] ? __mutex_lock+0x26a/0x1b90 [ 1634.861861][ T7802] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1634.861915][ T7802] ? drm_master_internal_acquire+0x21/0x80 [ 1634.862011][ T7802] drm_client_modeset_commit_locked+0x14d/0x580 [ 1634.862072][ T7802] drm_client_modeset_commit+0x4f/0x80 [ 1634.862135][ T7802] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1634.862196][ T7802] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1634.862255][ T7802] drm_fbdev_client_restore+0x1b/0x30 [ 1634.862297][ T7802] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1634.862339][ T7802] drm_client_dev_restore+0x205/0x2a0 [ 1634.862400][ T7802] drm_release+0x2c6/0x360 [ 1634.862449][ T7802] ? __pfx_drm_release+0x10/0x10 [ 1634.862497][ T7802] __fput+0x3ff/0xb40 [ 1634.862542][ T7802] task_work_run+0x150/0x240 [ 1634.862595][ T7802] ? __pfx_task_work_run+0x10/0x10 [ 1634.862657][ T7802] exit_to_user_mode_loop+0x100/0x4a0 [ 1634.862707][ T7802] do_syscall_64+0x668/0xf80 [ 1634.862761][ T7802] ? clear_bhb_loop+0x40/0x90 [ 1634.862805][ T7802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1634.862842][ T7802] RIP: 0033:0x7f087579bf79 [ 1634.862871][ T7802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1634.862907][ T7802] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1634.862947][ T7802] RAX: 0000000000000000 RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1634.862968][ T7802] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1634.862989][ T7802] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1634.863009][ T7802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1634.863029][ T7802] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1634.863076][ T7802] [ 1636.909957][ T7831] Process accounting resumed [ 1637.992854][ T7858] ima: policy update failed [ 1638.009690][ T30] audit: type=1802 audit(4294967342.350:55): pid=7858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.13642" res=0 errno=0 [ 1640.938161][ T7914] vivid-007: ================= START STATUS ================= [ 1640.946645][ T7914] vivid-007: Enable Output Cropping: true grabbed [ 1640.987576][ T7914] vivid-007: Enable Output Composing: true grabbed [ 1641.021299][ T7914] vivid-007: Enable Output Scaler: true grabbed [ 1641.096238][ T7914] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 1641.166759][ T7914] vivid-007: Transmit Mode: HDMI grabbed [ 1641.206437][ T7914] vivid-007: Hotplug Present: 0x00000000 [ 1641.237153][ T7914] vivid-007: RxSense Present: 0x00000000 [ 1641.272591][ T7914] vivid-007: EDID Present: 0x00000000 [ 1641.312623][ T7914] vivid-007: ================== END STATUS ================== [ 1641.412953][ T30] audit: type=1107 audit(4294967345.760:56): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1641.471974][ T30] audit: type=1107 audit(4294967345.800:57): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1642.178853][ T7938] netlink: 504 bytes leftover after parsing attributes in process `syz.3.13667'. [ 1643.690844][ T7964] netlink: 'syz.3.13674': attribute type 10 has an invalid length. [ 1643.739598][ T7964] netlink: 230 bytes leftover after parsing attributes in process `syz.3.13674'. [ 1643.914962][ T7964] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1644.709074][ T30] audit: type=1107 audit(4294967349.050:58): pid=7970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1644.745718][ T30] audit: type=1107 audit(4294967349.060:59): pid=7970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1645.221641][ T7971] Process accounting resumed [ 1647.492662][ T8021] netlink: 330 bytes leftover after parsing attributes in process `syz.1.13695'. [ 1648.462933][ T8032] FAULT_INJECTION: forcing a failure. [ 1648.462933][ T8032] name failslab, interval 1, probability 0, space 0, times 0 [ 1648.548039][ T8032] CPU: 0 UID: 0 PID: 8032 Comm: syz.5.13697 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1648.548113][ T8032] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1648.548134][ T8032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1648.548154][ T8032] Call Trace: [ 1648.548165][ T8032] [ 1648.548179][ T8032] dump_stack_lvl+0x100/0x190 [ 1648.548238][ T8032] should_fail_ex.cold+0x5/0xa [ 1648.548278][ T8032] should_failslab+0xc2/0x120 [ 1648.548334][ T8032] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1648.548372][ T8032] ? fscontext_alloc_log+0x4a/0x1b0 [ 1648.548411][ T8032] ? v9fs_init_fs_context+0x43d/0x590 [ 1648.548453][ T8032] fscontext_alloc_log+0x4a/0x1b0 [ 1648.548495][ T8032] __x64_sys_fsopen+0x159/0x220 [ 1648.548541][ T8032] do_syscall_64+0x106/0xf80 [ 1648.548588][ T8032] ? clear_bhb_loop+0x40/0x90 [ 1648.548632][ T8032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.548675][ T8032] RIP: 0033:0x7f75ffd9bf79 [ 1648.548705][ T8032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1648.548740][ T8032] RSP: 002b:00007f7600c69028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 1648.548774][ T8032] RAX: ffffffffffffffda RBX: 00007f7600015fa0 RCX: 00007f75ffd9bf79 [ 1648.548796][ T8032] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1648.548816][ T8032] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1648.548836][ T8032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1648.548856][ T8032] R13: 00007f7600016038 R14: 00007f7600015fa0 R15: 00007ffd1e94dc48 [ 1648.548900][ T8032] [ 1648.899322][ T5831] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1649.171259][ T8047] netlink: 'syz.5.13701': attribute type 15 has an invalid length. [ 1649.190785][ T8047] netlink: 'syz.5.13701': attribute type 16 has an invalid length. [ 1649.209198][ T8047] netlink: 194 bytes leftover after parsing attributes in process `syz.5.13701'. [ 1650.903069][ T8072] futex_wake_op: syz.1.13706 tries to shift op by -2048; fix this program [ 1653.067098][ T8113] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13720'. [ 1653.169703][ T8097] ima: policy update failed [ 1653.271047][ T30] audit: type=1802 audit(4294967357.620:60): pid=8097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.13717" res=0 errno=0 [ 1656.506790][ T8153] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13734'. [ 1656.589152][ T8153] netlink: 25 bytes leftover after parsing attributes in process `syz.3.13734'. [ 1660.661296][ T8237] netlink: 306 bytes leftover after parsing attributes in process `syz.1.13760'. [ 1660.915033][ T8241] netlink: 'syz.3.13762': attribute type 16 has an invalid length. [ 1660.935927][ T8241] netlink: 226 bytes leftover after parsing attributes in process `syz.3.13762'. [ 1660.965542][ T8241] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13762'. [ 1662.395168][ T8270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13770'. [ 1662.416480][ T8270] netlink: 'syz.2.13770': attribute type 1 has an invalid length. [ 1662.448069][ T8270] netlink: 13 bytes leftover after parsing attributes in process `syz.2.13770'. [ 1662.696492][ T8278] sp0: Synchronizing with TNC [ 1662.745404][ T8284] FAULT_INJECTION: forcing a failure. [ 1662.745404][ T8284] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1662.767786][ T8284] CPU: 1 UID: 0 PID: 8284 Comm: syz.2.13775 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1662.767864][ T8284] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1662.767884][ T8284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1662.767905][ T8284] Call Trace: [ 1662.767916][ T8284] [ 1662.767928][ T8284] dump_stack_lvl+0x100/0x190 [ 1662.767980][ T8284] should_fail_ex.cold+0x5/0xa [ 1662.768012][ T8284] ? prepare_alloc_pages+0x16d/0x5f0 [ 1662.768071][ T8284] should_fail_alloc_page+0xeb/0x140 [ 1662.768134][ T8284] prepare_alloc_pages+0x1f0/0x5f0 [ 1662.768190][ T8284] ? rcu_is_watching+0x12/0xc0 [ 1662.768244][ T8284] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1662.768285][ T8284] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1662.768331][ T8284] ? __pfx_css_rstat_updated+0x10/0x10 [ 1662.768378][ T8284] ? find_held_lock+0x2b/0x80 [ 1662.768424][ T8284] ? rcu_read_unlock+0x17/0x60 [ 1662.768496][ T8284] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1662.768542][ T8284] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1662.768588][ T8284] ? page_counter_charge+0x1d2/0x240 [ 1662.768627][ T8284] ? rcu_is_watching+0x12/0xc0 [ 1662.768676][ T8284] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1662.768749][ T8284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1662.768804][ T8284] ? policy_nodemask+0xed/0x4f0 [ 1662.768861][ T8284] alloc_pages_mpol+0x1fb/0x550 [ 1662.768916][ T8284] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1662.768971][ T8284] ? do_raw_spin_lock+0x128/0x260 [ 1662.769019][ T8284] ? find_held_lock+0x2b/0x80 [ 1662.769072][ T8284] ? __pud_alloc+0x575/0x760 [ 1662.769109][ T8284] alloc_pages_noprof+0x131/0x390 [ 1662.769177][ T8284] __pmd_alloc+0x3b/0x9c0 [ 1662.769209][ T8284] ? __pud_alloc+0x57a/0x760 [ 1662.769247][ T8284] walk_to_pmd+0x3a3/0x4c0 [ 1662.769287][ T8284] get_locked_pte+0x25/0xc0 [ 1662.769325][ T8284] map_ldt_struct+0x3c1/0xa70 [ 1662.769396][ T8284] ? __pfx_map_ldt_struct+0x10/0x10 [ 1662.769465][ T8284] ? alloc_pages_noprof+0x233/0x390 [ 1662.769527][ T8284] write_ldt+0x6d3/0xd40 [ 1662.769591][ T8284] ? __pfx_write_ldt+0x10/0x10 [ 1662.769650][ T8284] ? xfd_validate_state+0x129/0x190 [ 1662.769711][ T8284] __x64_sys_modify_ldt+0xb1/0x170 [ 1662.769747][ T8284] do_syscall_64+0x106/0xf80 [ 1662.769792][ T8284] ? clear_bhb_loop+0x40/0x90 [ 1662.769836][ T8284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1662.769872][ T8284] RIP: 0033:0x7f087579bf79 [ 1662.769901][ T8284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1662.769946][ T8284] RSP: 002b:00007f08739ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1662.769979][ T8284] RAX: ffffffffffffffda RBX: 00007f0875a15fa0 RCX: 00007f087579bf79 [ 1662.770002][ T8284] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1662.770023][ T8284] RBP: 00007f08758327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1662.770043][ T8284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1662.770061][ T8284] R13: 00007f0875a16038 R14: 00007f0875a15fa0 R15: 00007fffb64132d8 [ 1662.770105][ T8284] [ 1663.427572][ T8290] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13778'. [ 1663.587023][ T30] audit: type=1800 audit(4294967367.930:61): pid=8284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.13775" name="trace_marker" dev="tracefs" ino=3884 res=0 errno=0 [ 1664.311953][ T8294] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 1664.608627][ T5177] ERROR: Out of memory at tomoyo_memory_ok. [ 1664.643547][ T8294] input: failed to attach handler evdev to device input42, error: -4 [ 1665.391785][ T8327] netlink: 330 bytes leftover after parsing attributes in process `syz.1.13789'. [ 1665.510528][ T8321] zswap: compressor not available [ 1665.587264][ T8330] futex_wake_op: syz.5.13788 tries to shift op by -2048; fix this program [ 1666.983490][ T8348] Process accounting paused [ 1667.421203][ T8363] futex_wake_op: syz.2.13802 tries to shift op by -2048; fix this program [ 1667.808707][ T8370] netlink: 338 bytes leftover after parsing attributes in process `syz.5.13805'. [ 1667.830708][ T8370] netlink: 338 bytes leftover after parsing attributes in process `syz.5.13805'. [ 1667.862028][ T8370] netlink: 290 bytes leftover after parsing attributes in process `syz.5.13805'. [ 1668.177766][ T8372] FAULT_INJECTION: forcing a failure. [ 1668.177766][ T8372] name failslab, interval 1, probability 0, space 0, times 0 [ 1668.233246][ T8372] CPU: 0 UID: 0 PID: 8372 Comm: syz.3.13803 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1668.233317][ T8372] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1668.233337][ T8372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1668.233358][ T8372] Call Trace: [ 1668.233369][ T8372] [ 1668.233383][ T8372] dump_stack_lvl+0x100/0x190 [ 1668.233442][ T8372] should_fail_ex.cold+0x5/0xa [ 1668.233483][ T8372] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 1668.233549][ T8372] should_failslab+0xc2/0x120 [ 1668.233605][ T8372] __kmalloc_noprof+0xe0/0x850 [ 1668.233652][ T8372] ? rcu_is_watching+0x12/0xc0 [ 1668.233713][ T8372] genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 1668.233783][ T8372] genl_family_rcv_msg_doit+0xc7/0x300 [ 1668.233853][ T8372] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1668.233914][ T8372] ? genl_get_cmd+0x3ef/0x720 [ 1668.233978][ T8372] ? bpf_lsm_capable+0x9/0x10 [ 1668.234034][ T8372] ? security_capable+0x80/0x260 [ 1668.234094][ T8372] ? ns_capable+0xd2/0xf0 [ 1668.234154][ T8372] genl_rcv_msg+0x560/0x800 [ 1668.234213][ T8372] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1668.234273][ T8372] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1668.234337][ T8372] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1668.234402][ T8372] netlink_rcv_skb+0x159/0x420 [ 1668.234454][ T8372] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1668.234515][ T8372] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1668.234616][ T8372] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1668.234672][ T8372] genl_rcv+0x28/0x40 [ 1668.234724][ T8372] netlink_unicast+0x5aa/0x870 [ 1668.234783][ T8372] ? __pfx_netlink_unicast+0x10/0x10 [ 1668.234857][ T8372] netlink_sendmsg+0x8b0/0xda0 [ 1668.234917][ T8372] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1668.234968][ T8372] ? __import_iovec+0x1d2/0x640 [ 1668.235019][ T8372] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1668.235087][ T8372] ____sys_sendmsg+0xa54/0xc30 [ 1668.235149][ T8372] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1668.235214][ T8372] ? try_to_wake_up+0x644/0x1a80 [ 1668.235281][ T8372] ___sys_sendmsg+0x190/0x1e0 [ 1668.235320][ T8372] ? __pfx____sys_sendmsg+0x10/0x10 [ 1668.235356][ T8372] ? futex_private_hash_put+0x107/0x1c0 [ 1668.235444][ T8372] __sys_sendmsg+0x170/0x220 [ 1668.235493][ T8372] ? __pfx___sys_sendmsg+0x10/0x10 [ 1668.235541][ T8372] ? __x64_sys_futex+0x34f/0x4d0 [ 1668.235611][ T8372] do_syscall_64+0x106/0xf80 [ 1668.235658][ T8372] ? clear_bhb_loop+0x40/0x90 [ 1668.235704][ T8372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1668.235742][ T8372] RIP: 0033:0x7f22d9f9bf79 [ 1668.235773][ T8372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1668.235807][ T8372] RSP: 002b:00007f22daed1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1668.235849][ T8372] RAX: ffffffffffffffda RBX: 00007f22da215fa0 RCX: 00007f22d9f9bf79 [ 1668.235873][ T8372] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 1668.235895][ T8372] RBP: 00007f22da0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1668.235916][ T8372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1668.235937][ T8372] R13: 00007f22da216038 R14: 00007f22da215fa0 R15: 00007fffbd0735e8 [ 1668.235982][ T8372] [ 1669.204993][T31767] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 1669.235145][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.243077][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.608676][ T8400] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13810'. [ 1670.186233][ T8407] netlink: 62 bytes leftover after parsing attributes in process `syz.5.13814'. [ 1670.787841][ T8412] netlink: 186 bytes leftover after parsing attributes in process `syz.2.13816'. [ 1670.818549][ T8412] netlink: 186 bytes leftover after parsing attributes in process `syz.2.13816'. [ 1671.866811][ T8428] futex_wake_op: syz.3.13819 tries to shift op by -2048; fix this program [ 1673.606963][ T8462] vhci_hcd vhci_hcd.2: invalid port number 255 [ 1674.974654][ T8485] zswap: compressor not available [ 1675.516822][ T8503] Process accounting paused [ 1675.673390][ T8511] netlink: 226 bytes leftover after parsing attributes in process `syz.2.13845'. [ 1676.064189][ T8517] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1676.495258][ T8530] netlink: 'syz.5.13851': attribute type 5 has an invalid length. [ 1676.513451][ T8530] netlink: 'syz.5.13851': attribute type 1 has an invalid length. [ 1676.535330][ T8530] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13851'. [ 1676.566577][ T8530] netlink: 'syz.5.13851': attribute type 5 has an invalid length. [ 1676.593819][ T8530] netlink: 'syz.5.13851': attribute type 1 has an invalid length. [ 1676.603939][ T8530] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13851'. [ 1676.731495][ T8537] netlink: 13 bytes leftover after parsing attributes in process `syz.2.13854'. [ 1676.823142][ T8539] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13855'. [ 1677.022321][T31767] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 1678.155109][ T8562] sp0: Synchronizing with TNC [ 1678.356758][ T8565] zswap: compressor not available [ 1678.945204][ T8582] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13868'. [ 1679.406501][ T8591] ================================================================== [ 1679.406531][ T8591] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 1679.406588][ T8591] Write of size 8 at addr ffffc90003fe90a0 by task syz.5.13870/8591 [ 1679.406616][ T8591] [ 1679.406635][ T8591] CPU: 0 UID: 0 PID: 8591 Comm: syz.5.13870 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1679.406705][ T8591] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1679.406724][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1679.406743][ T8591] Call Trace: [ 1679.406754][ T8591] [ 1679.406767][ T8591] dump_stack_lvl+0x100/0x190 [ 1679.406812][ T8591] print_report+0x156/0x4c9 [ 1679.406857][ T8591] ? _raw_spin_lock_irqsave+0x52/0x60 [ 1679.406895][ T8591] ? __virt_addr_valid+0x81/0x620 [ 1679.406939][ T8591] ? sys_imageblit+0x19fb/0x1d60 [ 1679.406985][ T8591] kasan_report+0xdf/0x1e0 [ 1679.407035][ T8591] ? sys_imageblit+0x19fb/0x1d60 [ 1679.407086][ T8591] sys_imageblit+0x19fb/0x1d60 [ 1679.407136][ T8591] ? _prb_read_valid+0x72a/0x880 [ 1679.407177][ T8591] ? __pfx_sys_imageblit+0x10/0x10 [ 1679.407227][ T8591] ? __pfx__prb_read_valid+0x10/0x10 [ 1679.407265][ T8591] ? __asan_memcpy+0x3c/0x60 [ 1679.407305][ T8591] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 1679.407363][ T8591] soft_cursor+0x524/0xa10 [ 1679.407406][ T8591] ? fb_get_color_depth+0x120/0x250 [ 1679.407445][ T8591] bit_cursor+0xe58/0x16f0 [ 1679.407488][ T8591] ? __pfx_bit_cursor+0x10/0x10 [ 1679.407533][ T8591] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1679.407589][ T8591] ? get_color+0x1da/0x450 [ 1679.407639][ T8591] ? __pfx_bit_cursor+0x10/0x10 [ 1679.407689][ T8591] fbcon_cursor+0x43c/0x5e0 [ 1679.407728][ T8591] hide_cursor+0x87/0x230 [ 1679.407771][ T8591] do_con_write+0x23fe/0x8540 [ 1679.407823][ T8591] ? rcu_is_watching+0x12/0xc0 [ 1679.407871][ T8591] ? trace_contention_end+0x140/0x180 [ 1679.407916][ T8591] ? __mutex_lock+0x26a/0x1b90 [ 1679.407965][ T8591] ? find_held_lock+0x2b/0x80 [ 1679.408017][ T8591] ? n_tty_write+0x512/0x12d0 [ 1679.408054][ T8591] ? n_tty_write+0x47e/0x12d0 [ 1679.408095][ T8591] ? __pfx_do_con_write+0x10/0x10 [ 1679.408148][ T8591] ? __pfx___mutex_lock+0x10/0x10 [ 1679.408196][ T8591] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1679.408247][ T8591] ? __pfx_console_unlock+0x10/0x10 [ 1679.408300][ T8591] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1679.408354][ T8591] con_write+0x23/0xb0 [ 1679.408407][ T8591] do_output_char+0x63b/0x850 [ 1679.408444][ T8591] n_tty_write+0x528/0x12d0 [ 1679.408491][ T8591] ? __pfx_n_tty_write+0x10/0x10 [ 1679.408530][ T8591] ? __pfx_woken_wake_function+0x10/0x10 [ 1679.408584][ T8591] ? __pfx___might_resched+0x10/0x10 [ 1679.408634][ T8591] ? __pfx_n_tty_write+0x10/0x10 [ 1679.408681][ T8591] file_tty_write.isra.0+0x4d2/0x890 [ 1679.408744][ T8591] redirected_tty_write+0xd4/0x120 [ 1679.408799][ T8591] vfs_write+0x6ac/0x1070 [ 1679.408846][ T8591] ? __pfx_redirected_tty_write+0x10/0x10 [ 1679.408903][ T8591] ? __pfx_vfs_write+0x10/0x10 [ 1679.408950][ T8591] ? find_held_lock+0x2b/0x80 [ 1679.409015][ T8591] ksys_write+0x12a/0x250 [ 1679.409064][ T8591] ? __pfx_ksys_write+0x10/0x10 [ 1679.409118][ T8591] do_syscall_64+0x106/0xf80 [ 1679.409162][ T8591] ? clear_bhb_loop+0x40/0x90 [ 1679.409202][ T8591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1679.409239][ T8591] RIP: 0033:0x7f75ffd9bf79 [ 1679.409268][ T8591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1679.409304][ T8591] RSP: 002b:00007f7600c48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1679.409339][ T8591] RAX: ffffffffffffffda RBX: 00007f7600016090 RCX: 00007f75ffd9bf79 [ 1679.409363][ T8591] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000006 [ 1679.409397][ T8591] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1679.409419][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1679.409440][ T8591] R13: 00007f7600016128 R14: 00007f7600016090 R15: 00007ffd1e94dc48 [ 1679.409475][ T8591] [ 1679.409488][ T8591] [ 1679.409498][ T8591] The buggy address belongs to a vmalloc virtual mapping [ 1679.409522][ T8591] Memory state around the buggy address: [ 1679.409541][ T8591] ffffc90003fe8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1679.409568][ T8591] ffffc90003fe9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1679.409594][ T8591] >ffffc90003fe9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1679.409615][ T8591] ^ [ 1679.409633][ T8591] ffffc90003fe9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1679.409665][ T8591] ffffc90003fe9180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1679.409684][ T8591] ================================================================== [ 1679.427915][ T8591] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1679.427949][ T8591] CPU: 1 UID: 0 PID: 8591 Comm: syz.5.13870 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1679.428017][ T8591] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1679.428046][ T8591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1679.428069][ T8591] Call Trace: [ 1679.428082][ T8591] [ 1679.428097][ T8591] dump_stack_lvl+0x100/0x190 [ 1679.428152][ T8591] vpanic+0x552/0x970 [ 1679.428176][ T8591] ? __pfx_vpanic+0x10/0x10 [ 1679.428205][ T8591] ? sys_imageblit+0x19fb/0x1d60 [ 1679.428242][ T8591] panic+0xd1/0xe0 [ 1679.428265][ T8591] ? __pfx_panic+0x10/0x10 [ 1679.428291][ T8591] ? sys_imageblit+0x19fb/0x1d60 [ 1679.428328][ T8591] ? preempt_schedule_common+0x42/0xc0 [ 1679.428365][ T8591] check_panic_on_warn.cold+0x19/0x34 [ 1679.428393][ T8591] end_report.part.0+0x3a/0x90 [ 1679.428435][ T8591] kasan_report.cold+0xe/0x18 [ 1679.428472][ T8591] ? sys_imageblit+0x19fb/0x1d60 [ 1679.428513][ T8591] sys_imageblit+0x19fb/0x1d60 [ 1679.428554][ T8591] ? _prb_read_valid+0x72a/0x880 [ 1679.428587][ T8591] ? __pfx_sys_imageblit+0x10/0x10 [ 1679.428627][ T8591] ? __pfx__prb_read_valid+0x10/0x10 [ 1679.428660][ T8591] ? __asan_memcpy+0x3c/0x60 [ 1679.428693][ T8591] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 1679.428739][ T8591] soft_cursor+0x524/0xa10 [ 1679.428774][ T8591] ? fb_get_color_depth+0x120/0x250 [ 1679.428805][ T8591] bit_cursor+0xe58/0x16f0 [ 1679.428840][ T8591] ? __pfx_bit_cursor+0x10/0x10 [ 1679.428875][ T8591] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1679.428916][ T8591] ? get_color+0x1da/0x450 [ 1679.428942][ T8591] ? __pfx_bit_cursor+0x10/0x10 [ 1679.428972][ T8591] fbcon_cursor+0x43c/0x5e0 [ 1679.429001][ T8591] hide_cursor+0x87/0x230 [ 1679.429034][ T8591] do_con_write+0x23fe/0x8540 [ 1679.429075][ T8591] ? rcu_is_watching+0x12/0xc0 [ 1679.429112][ T8591] ? trace_contention_end+0x140/0x180 [ 1679.429146][ T8591] ? __mutex_lock+0x26a/0x1b90 [ 1679.429182][ T8591] ? find_held_lock+0x2b/0x80 [ 1679.429220][ T8591] ? n_tty_write+0x512/0x12d0 [ 1679.429247][ T8591] ? n_tty_write+0x47e/0x12d0 [ 1679.429275][ T8591] ? __pfx_do_con_write+0x10/0x10 [ 1679.429314][ T8591] ? __pfx___mutex_lock+0x10/0x10 [ 1679.429349][ T8591] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1679.429385][ T8591] ? __pfx_console_unlock+0x10/0x10 [ 1679.429431][ T8591] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1679.429471][ T8591] con_write+0x23/0xb0 [ 1679.429509][ T8591] do_output_char+0x63b/0x850 [ 1679.429536][ T8591] n_tty_write+0x528/0x12d0 [ 1679.429570][ T8591] ? __pfx_n_tty_write+0x10/0x10 [ 1679.429598][ T8591] ? __pfx_woken_wake_function+0x10/0x10 [ 1679.429637][ T8591] ? __pfx___might_resched+0x10/0x10 [ 1679.429677][ T8591] ? __pfx_n_tty_write+0x10/0x10 [ 1679.429705][ T8591] file_tty_write.isra.0+0x4d2/0x890 [ 1679.429748][ T8591] redirected_tty_write+0xd4/0x120 [ 1679.429788][ T8591] vfs_write+0x6ac/0x1070 [ 1679.429823][ T8591] ? __pfx_redirected_tty_write+0x10/0x10 [ 1679.429865][ T8591] ? __pfx_vfs_write+0x10/0x10 [ 1679.429899][ T8591] ? find_held_lock+0x2b/0x80 [ 1679.429948][ T8591] ksys_write+0x12a/0x250 [ 1679.429983][ T8591] ? __pfx_ksys_write+0x10/0x10 [ 1679.430034][ T8591] do_syscall_64+0x106/0xf80 [ 1679.430065][ T8591] ? clear_bhb_loop+0x40/0x90 [ 1679.430093][ T8591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1679.430119][ T8591] RIP: 0033:0x7f75ffd9bf79 [ 1679.430139][ T8591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1679.430163][ T8591] RSP: 002b:00007f7600c48028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1679.430187][ T8591] RAX: ffffffffffffffda RBX: 00007f7600016090 RCX: 00007f75ffd9bf79 [ 1679.430205][ T8591] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000006 [ 1679.430222][ T8591] RBP: 00007f75ffe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1679.430239][ T8591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1679.430255][ T8591] R13: 00007f7600016128 R14: 00007f7600016090 R15: 00007ffd1e94dc48 [ 1679.430280][ T8591] [ 1679.430958][ T8591] Kernel Offset: disabled