last executing test programs: 9.597547137s ago: executing program 1 (id=2006): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x8000040006) sendmsg$auto_NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_SCAN_CHANNELS={0x8, 0x21, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x240008a1) ptrace$auto(0xf, r1, 0xfffffffffffffffe, 0x8000000000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) finit_module$auto(0xffffffffffffffff, 0x0, 0x40) getpgrp(r1) timerfd_create$auto_CLOCK_BOOTTIME(0x7, 0x0) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0xc060ff0b, r0) 8.957529464s ago: executing program 1 (id=2008): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000001c0)='\x00\x00\x00\x00', 0x100000a3db) mremap$auto(0x4, 0x4000007, 0x3fd7, 0x0, 0x7fffffffffffffff) process_vm_readv$auto(0x0, &(0x7f0000000280)={0x0, 0x1000000fff}, 0xda, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40008c0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(&(0x7f00000001c0)={0xe, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) r2 = ioctl$auto_TUNSETSNDBUF2(r1, 0x400454d4, &(0x7f0000000040)=0x5) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r3, @ANYBLOB="010025bd700064dbdf257e000000000066004e21000000002680000002000400000000000200000000000000010009000000000001000400003f000002000700001f0000980006000000000014010f000000000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) sendmsg$auto_NL80211_CMD_SET_BSS(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[], 0x178}, 0x1, 0x0, 0x0, 0x40c5}, 0x4000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r5, &(0x7f0000000000)='//\xf2\x00', 0x80000000) msync$auto(0x0, 0xe0, 0x6) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) socket(0x15, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) 5.816933283s ago: executing program 2 (id=2020): ioctl$auto(0xffffffffffffffff, 0x6, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x3, 0x3b87, 0x38) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x4, 0x202000b, 0x3, 0xeb1, r0, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x161100, 0x0) pread64$auto(r2, 0x0, 0x1000f42d, 0x100) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='8 2eu\x16\x81\xea[\x9f\xdf\x10.1\xff\a\x00\x00\x00\x00\x00\x00\x81\xff\x8a\xf9+\x1a\xb0\x004T\xf5\x19\x01\xabp\x8b\xe43\xd6y]\xe4\xb2Q\x89\xc2\x13\x00\x00\xca\x9b\x9a\x7f\xbb\x85Q\x9b\x92\xc8\xc6\x8bu\xfa\x06-\xa42\xdf', 0x3) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSMAXCID(r4, 0x40047451, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr13/queues/tx-0/tx_timeout\x00', 0x4000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000280)=""/175, 0xaf) 4.820738877s ago: executing program 0 (id=2023): r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/trace_options\x00', 0x0, 0x0) close_range$auto(0x2, r0, 0x0) kexec_load$auto(0xb, 0xfffffffffffffffe, 0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) sendmsg$auto_NETDEV_CMD_BIND_RX(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYRES64=r1, @ANYRES16=r0, @ANYRES32=r1, @ANYRESOCT=r0, @ANYRES16=r0, @ANYRESDEC=r1], 0x24}, 0x1, 0x0, 0x0, 0x890}, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b7e, 0x0, 0x81) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x6, 0x5}, 0x7ff}, 0x7, 0x4006) write$auto_tty_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) 4.559878976s ago: executing program 2 (id=2024): ioctl$auto(0xffffffffffffffff, 0x6, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x3, 0x3b87, 0x38) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x4, 0x202000b, 0x3, 0xeb1, r0, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x161100, 0x0) pread64$auto(r2, 0x0, 0x1000f42d, 0x100) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSMAXCID(r4, 0x40047451, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr13/queues/tx-0/tx_timeout\x00', 0x4000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000280)=""/175, 0xaf) 3.555441147s ago: executing program 2 (id=2026): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nbd15\x00', 0x8001, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r1 = pidfd_getfd$auto(r0, r0, 0x8) sendfile$auto(r1, r0, &(0x7f0000000000), 0x5) mmap$auto(0x0, 0x8, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r2, &(0x7f0000000540)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x5) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7, 0x8, 0x0) flock$auto(r2, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffd) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec20\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000080)={"86bc8afc", 0x1, 0xfc, 0x6, 0x1, 0x200, "9ff7e0aca901f659b7f42908dd816f", "3ba66845", "9272a9ca", "05a4e714", ["6d69dc7c3c37caa400cdcaf1", "6e7c402aba693d82b22f2c50", "5d79316a71603e8c647b2ba5", "5a4f4594f429120a720740f9"]}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x2ab42, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:2\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x10, 0x3) sendfile$auto(r4, r4, 0x0, 0x2) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x6, 0x6, 0x5, 0x9, 0x20003, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0, 0x0, 0x0, 0x0, 0x1000]}, 0x1fe, 0x200c) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\n'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) write$auto(r5, &(0x7f0000000000)='-\x00', 0x4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.554781156s ago: executing program 0 (id=2034): rseq$auto(&(0x7f0000000200)={0xe, 0x402, 0xfb82, 0x3, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) set_mempolicy$auto(0x3, 0x0, 0x9) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) read$auto(r0, 0x0, 0x5) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, 0x0) sysfs$auto(0x2, 0x2000000000040, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x801a9ac245a3e825, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto(r3, 0x89f1, r3) 3.554366475s ago: executing program 1 (id=2027): ioctl$auto(0xffffffffffffffff, 0x6, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x3, 0x3b87, 0x38) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x4, 0x202000b, 0x3, 0xeb1, r0, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x161100, 0x0) pread64$auto(r2, 0x0, 0x1000f42d, 0x100) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSMAXCID(r4, 0x40047451, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr13/queues/tx-0/tx_timeout\x00', 0x4000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000280)=""/175, 0xaf) 3.353389415s ago: executing program 3 (id=2028): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x123042, 0x0) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x2f}, 0x22) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto(r2, 0x40044620, 0xffffffffffffffff) 3.303323421s ago: executing program 0 (id=2029): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000040)=':\'*&\x04!\x00', 0x1, 0x27) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/module/apparmor/parameters/enabled\x00', 0x22000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000003940)=""/4116, 0x1014) 2.999219294s ago: executing program 0 (id=2030): close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose3/queues/tx-0/tx_maxrate\x00', 0x8402, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)='8', 0x1) mmap$auto(0x0, 0x200, 0x10000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, &(0x7f00000001c0)=0x6, 0x0, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x30, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0xb, 0x1, '\xeb4\x97fRd\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x80) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) prctl$auto_PR_SET_TIMERSLACK(0x1d, 0x0, 0x3, 0x0, 0xfa) read$auto(r4, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000180), 0x109000, 0x0) pidfd_open$auto(0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/printk/parameters/ignore_loglevel\x00', 0x22000, 0x0) socket(0x1d, 0x2, 0x6) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/mouse0\x00', 0x800, 0x0) 2.925238043s ago: executing program 2 (id=2031): r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/trace_options\x00', 0x0, 0x0) close_range$auto(0x2, r0, 0x0) kexec_load$auto(0xb, 0xfffffffffffffffe, 0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) sendmsg$auto_NETDEV_CMD_BIND_RX(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYRES64=r1, @ANYRES16=r0, @ANYRES32=r1, @ANYRESOCT=r0, @ANYRES16=r0, @ANYRESDEC=r1], 0x24}, 0x1, 0x0, 0x0, 0x890}, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae90, &(0x7f0000000080)={0xfc}) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x6, 0x5}, 0x7ff}, 0x7, 0x4006) write$auto_tty_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) 2.815163198s ago: executing program 3 (id=2032): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0xa, 0x0) timerfd_create$auto_CLOCK_BOOTTIME(0x7, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x80045530, 0x38) vmsplice$auto(0x1, 0x0, 0xa, 0x6) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0xc060ff0b, r0) 2.763602401s ago: executing program 3 (id=2033): r0 = openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) mq_getsetattr$auto(r0, &(0x7f0000000140)={0x4, 0x6, 0xfffffffffffffff7, 0x8}, &(0x7f00000001c0)={0xfffffffffffff6e6, 0x1, 0x5d8, 0x3}) r1 = socket(0x23, 0x80805, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, 0x0, 0x0) epoll_pwait2$auto(0x3, 0x0, 0x4, 0x0, 0x0, 0x7ff6) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x2000001b, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x3, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/lockd/nlm_end_grace\x00', 0x2800, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r3, 0x0, 0x20) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = socket(0x1d, 0x2, 0x6) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r5) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r6, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYRES16=r7, @ANYBLOB="000829bd7000fddbdf2504000000ec010b8044cc24a3584e1694804d182f92bc406ca6a2572ab966779180e4faf111f49baec10f2b8ede7c8e17290904dbdaa64226a6f24723510b0f9394ca0017800800b000640101027fe27ea068c21ab43576d3153e2dcc89248bea40dcd44b8260e3b8a7443180b95781f0718fe4785d74f6c27717fb8c8ebac0a76dbac0cf0e76251e5ce3eb832cd061de49d73be12daa58d0f7229222f682fd05008500f9000000ffdf1f89e0820ee2b9249c3e377a3d2f8aefde9ef5cf8719c6eeb5b51e63a042aafdd4d61c6ab3c484497607bb9b075bd5d0c9debebc9d43f9af8120ece089789cf85e805c49703357e05916d4842e56b50670a62d204bd01df458582e2d36d93fbcbb9700007c30ad8bcc98fa2803c6685a857f289761145a5f817dafee705e54a580c8526901d246538f52622968394208dbc210e5cd9c2ca7ecdf7dcea200211e3bc2bb9ba8e5a900611c76dd1712a5b6d2b503f96e4d68af13c179f78f8ff251007cfe7c46f0265d01260b97e6614b82b0d499d675702a69082ca45ed00aae52abd104c9c8fa97d611c4e1735027103de96b88e1be1f4d16d755e2d76b33c05a1b2b03fa48fc65633339212687484ffdc30f39e7cda411a2da8159260ad9effb225f075fbc9e17bc275efe8b46397cd61d053ee8fcd9299467e5fa67f3439108003800", @ANYRES32, @ANYBLOB="0800020529"], 0x208}}, 0x0) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r1, &(0x7f00000005c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB="cc020000", @ANYRES16=r7, @ANYBLOB="010029bd7000fedbdf25040000000800020000000000af0207809cd8796343823a672e100e04023b800400208078817728e718b278a8b35de687b67583977879508eb69ba272b984eb079443bb9632d10a9357a9ca4380a879ee9489019bf050ebe979df3cd8a54612d13ad8597ff3b97e650d50e691e2e0b0a490e62d283e12463748f75a5dcf0241813b4a59bc4e8961bca22a33c87c6dd7a361261f8003faa5f5f5faa657b508346f14a2bf04c45e33f051be6a2827b49eb0a5d27505bece4095eebf04c2f02212fe2e659781f371bf770cc78b9c7f8baf72b267a79bd9562c5e616664835e5078629f22ce655c46dc7b6db12697fa842301aa07de682a9c5472e45ac30d5f086292c5354f4ed82bd7c9433d6779968518e895313ff46ff129393770a1693536509ec3c5cb0c25e3cea1c8a0b5ecf38a99fad0ab8eb62c47f9b25f2303ec7fccea0432b57e17ba1564d96c6f48bc7c931764f74695f0d31cdc990b23a246544474ded0df7a3363446978dd9da19614766cabc58d49e416316f82485fb29ab1039e4a97b642317db4df649bfa97abdf632420c14593c14844db4a523ceb5710d937e75f70f3412f457e257cdddd4acc3375ac749b054c0757ae79efaa5e1f3091e6f893acb7a63473090e6857d085908e76def98c2d386b75b5acadd4d1e38c157af8d0039cd9ed37631276b3d6b0ccb121a497e8d1768f9dc540bff766f3752ce8abb29a3b0941502fba06300d68cea060d4ea11c58e240b39af86ded0f600c031b0d0f1454ec933c6d129e3aa", @ANYRES32=0x0, @ANYBLOB="2c7e1bbd50c472db46d32c0ca7c406c7186c91c73bc8cf57179ad755970752646990649ebfeafdb6152a57fcef31038615230e3c5d845d3e36fd41fdb825f7cbf62a14019255e53928fbb52bbb74a85690ca7deaf67cca8c88136ac11ed9072717ce2d35b6bf54e94c404b5fd89287d36f9e189e969e37de248e9757d804ef3c9196e2ccc7d66e3904008c0000"], 0x2cc}, 0x1, 0x0, 0x0, 0x801}, 0x4c011) ptrace$auto(0xcb, 0x0, 0x9, 0xa) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x22240, 0x154) rename$auto(&(0x7f0000000000)='./file0\x00', 0x0) unshare$auto(0x40000080) 2.164114604s ago: executing program 0 (id=2035): ioctl$auto(0xffffffffffffffff, 0x6, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x3, 0x3b87, 0x38) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x4, 0x202000b, 0x3, 0xeb1, r0, 0x8000) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x161100, 0x0) pread64$auto(r2, 0x0, 0x1000f42d, 0x100) sysfs$auto(0x2, 0x23, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='8 2eu\x16\x81\xea[\x9f\xdf\x10.1\xff\a\x00\x00\x00\x00\x00\x00\x81\xff\x8a\xf9+\x1a\xb0\x004T\xf5\x19\x01\xabp\x8b\xe43\xd6y]\xe4\xb2Q\x89\xc2\x13\x00\x00\xca\x9b\x9a\x7f\xbb\x85Q\x9b\x92\xc8\xc6\x8bu\xfa\x06-\xa42\xdf', 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_PPPIOCSMAXCID(r4, 0x40047451, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/nr13/queues/tx-0/tx_timeout\x00', 0x4000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000280)=""/175, 0xaf) 2.15495434s ago: executing program 1 (id=2036): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) (async) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) (async) r1 = socketpair$auto(0x5, 0x7, 0x4, &(0x7f0000000040)=0x5) ioctl$auto(r1, 0x5408, r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) (async) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000340), 0x101080, 0x0) (async) madvise$auto_MADV_GUARD_REMOVE(0xffffffff00000000, 0x6, 0x67) unshare$auto(0x40000080) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 1.819979515s ago: executing program 1 (id=2037): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket(0x1e, 0x0, 0x9) mmap$auto(0x0, 0x7, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0x144000, 0x0) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x262843, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3, 0x0, 0x6) semtimedop$auto(0x9, &(0x7f0000000340)={0x2, 0x0, 0xb}, 0x2, &(0x7f0000000280)={0x1000000004, 0x7}) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/wlan1/forwarding\x00', 0x202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000900), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103841, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nullb0/queue/nr_requests\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/firmware/acpi/hotplug/pci_root/enabled\x00', 0x8001, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) pidfd_open$auto(0x0, 0x58) write$auto(0xffffffffffffffff, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) 1.018312542s ago: executing program 0 (id=2038): sendmsg$auto_NL80211_CMD_SET_MPATH(0xffffffffffffffff, 0x0, 0x20000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getresgid$auto(&(0x7f0000000040)=0x7f, &(0x7f0000000180)=0x1ff, 0xfffffffffffffffc) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/discover\x00', 0x541, 0x0) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1400", @ANYRES16=r1, @ANYBLOB="010627bd7008fccddf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000084) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f00000004c0)={0x7fffffff, [0x9, 0xfffffe00, 0x81], [{0x375, 0xd9, 0x0, 0x0, 0x1}, {0x60, 0xffffff8c, 0x0, 0x1}, {0x1, 0x800000, 0x1, 0x1}, {0x7f, 0x2}, {0x8, 0x4, 0x0, 0x0, 0x1, 0x1}, {0x4, 0x4, 0x0, 0x1, 0x1}, {0x100, 0xd23, 0x1, 0x0, 0x0, 0x1}, {0x2, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x3, 0x7, 0x0, 0x0, 0x1}, {0x6, 0x5, 0x0, 0x1, 0x0, 0x1}, {0x7, 0x890, 0x1, 0x1}, {0x1, 0xff, 0x0, 0x0, 0x0, 0x1}], 0x6, 0x10, 0x8, 0xd0, 0x0, 0xe, 0x1ff, "b4b9e0323b9733eca498c2a379c367503df0aa2311717ac8561953501ed92eae96811488a1338ac8fed7bfeb36bd49fa7e79ef44beb85a2c89b8721e4a4e1aa1"}) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x3, 0x14, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000400)={@_si_pad}, 0x1cc, &(0x7f00000005c0)={{0x3, 0x3}, {0x8000000000000000, 0x5}, 0x6, 0x80000001, 0xff, 0xffffffff, 0x7, 0x3, 0x3, 0x3, 0x6c, 0x1, 0x1, 0x40, 0x7ff, 0x1a45}) clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x40bc2, 0x1c0) write$auto(r2, &(0x7f0000000100)='\xea\x85\x92\x06(#\xc4\xb6(\x9e\xfcKG\xc2\xd4\xc0\v\x02\x9f%C\x00\x01\x00@!\xa9\xce\x10Y\xd0\xeb\xed\x7f\xc8\xdc(\xd3\xe9\xf3\xddT\x18\x16#\xfdQ5\xaeA\xc3\xeay\x7f\xa2TR|js\xfd\n\xa3\x98\xc8\x91\xdd\x9e\x99}s\xe0x\a\x00\x00\x00\x00\x00\x00\x00.\xa8\xc5\xdbKx\x14l\xe6\x868\xb3\xd2\x00\xea\xf9\xd1z\x8f\xd9\x877J\"\xab\xf9\xdf\xbf\xa1\xa1ms\xaf\xd9&R\x03\x00\xc0u \xc3\xc2\xd61\x97V\xcah\r\x97M\xdb\xf9\x06\x95Z\xdfK\xbeY#/\xf5g\n\x10#\x10@Ft\x9c\xd9\xd3s\x94\x8aV\xeb\xee`e9(\xe0\x88\x06\xa6-;ZM\x9b\xe1-', 0x9) sendfile$auto(r2, r2, &(0x7f0000000000)=0x1, 0xb5d) r3 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/auto_online_blocks\x00', 0x400, 0x0) socket(0x1e, 0x1, 0x0) getsockopt$auto_SO_WIFI_STATUS(r3, 0x5, 0x29, &(0x7f0000000000)='/dev/etherd/discover\x00', &(0x7f0000000100)=0x7f) r5 = socket(0x10, 0x2, 0x4) r6 = socket(0x10, 0x3, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="f0020000", @ANYRESDEC=r4, @ANYRES32=r5, @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014100005800c00c50003000000000000000c02368008027a8087010c800800e800", @ANYRES32=r5, @ANYBLOB="0800fb00", @ANYRES32=0x0], 0x2f0}, 0x1, 0x0, 0x0, 0x8005}, 0x20048050) membarrier$auto(0x2, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.01816067s ago: executing program 2 (id=2039): rseq$auto(&(0x7f0000000200)={0xe, 0x402, 0xfb82, 0x3, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) set_mempolicy$auto(0x3, 0x0, 0x9) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) read$auto(r0, 0x0, 0x5) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, 0x0) sysfs$auto(0x2, 0x2000000000040, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x801a9ac245a3e825, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto(r3, 0x89f1, r3) 1.018040617s ago: executing program 3 (id=2040): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000040)=':\'*&\x04!\x00', 0x1, 0x27) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/module/apparmor/parameters/enabled\x00', 0x22000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000003940)=""/4116, 0x1014) 725.522997ms ago: executing program 3 (id=2041): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nbd15\x00', 0x8001, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r1 = pidfd_getfd$auto(r0, r0, 0x8) sendfile$auto(r1, r0, &(0x7f0000000000), 0x5) mmap$auto(0x0, 0x8, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r2, &(0x7f0000000540)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x5) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7, 0x8, 0x0) flock$auto(r2, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffd) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec20\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000080)={"86bc8afc", 0x1, 0xfc, 0x6, 0x1, 0x200, "9ff7e0aca901f659b7f42908dd816f", "3ba66845", "9272a9ca", "05a4e714", ["6d69dc7c3c37caa400cdcaf1", "6e7c402aba693d82b22f2c50", "5d79316a71603e8c647b2ba5", "5a4f4594f429120a720740f9"]}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x2ab42, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:2\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x10, 0x3) sendfile$auto(r4, r4, 0x0, 0x2) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x6, 0x6, 0x5, 0x9, 0x20003, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0, 0x0, 0x0, 0x0, 0x1000]}, 0x1fe, 0x200c) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\n'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) write$auto(r5, &(0x7f0000000000)='-\x00', 0x4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 694.832131ms ago: executing program 2 (id=2042): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/btrfs/features/acl\x00', 0xac00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/134, 0x86) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shutdown$auto(0xffffffffffffffff, 0x6) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r1, 0xc0046209, 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open$auto(&(0x7f0000000280)='./file0\x00', 0x2, 0xfed) ioctl$auto_TUNSETLINK(r2, 0x400454cd, &(0x7f00000002c0)=0x5) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="011d3da4420008bd7100f9db5f250200000000000010"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc1}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/net/raw6\x00', 0x500, 0x0) r6 = fcntl$auto_F_GETOWN(r2, 0x9, 0x4868) r7 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto_SO_SNDTIMEO_NEW(r7, 0x1, 0x43, &(0x7f00000000c0)='*/,*\x00', 0x8) timer_create$auto_CLOCK_BOOTTIME(0x7, &(0x7f0000000340)={@sival_ptr=&(0x7f0000000300)="585627a9b59dcb24be32352be8127582db6b5bfa9571f0c69e7a957ab9e895921245090511d22a4fa9d0672c4a4f2cfe63", @inferred=r4, 0x13, @_tid=r6}, &(0x7f0000000380)=0x8) pread64$auto(r5, &(0x7f0000000080)='\xd5u+~\xa7x\xe0VQ\x1a6\xcf\xce\xfa\xfbN\x19\b\xf64\r\x122i\xd6\x0e\xfa\x96\x9aV:\xe1G\x14\xb2\xd4N\x0e#jX:\xd0\xe4\xa9\xda\xaf\x98\x94G\xa8\xb4\xa7uPc\x1ang\xdb\xb4\xa7\xad\x1b\xcbonh\xd8\x99\x03\x10\xb0\xa5\xfey\xd5F,70\xecG\x8a\fz\x95\x7f\xb0Y{\xdd\xa1\xa3E\x03\xd4\xc67U\x93\n\xfc\xa4\x0e_\xf8\x94\xc3a\x00\xe6\xea4\xa2\x7ft\xeb\x8b$\x16\x0e\xe8j\xcaI\xe0c\x05\x12(\v\xef\xc5Z\xfb\xed\xa3\x01\x001\xa5\x18%\xae/\x1b6\xaa\xf5ysD\xa6\xee\xbf\xc0v\"\x93\x96\"\xcak.\x0e_\xb3\xf7\xac\x9e\xbd/w\xdf\xfc\xe24z\x0f\x8f\b\xbe\xda\xfb\xd0Jj\x97\xfa{\x9d\xfd\xfb\x14\x1f\xb0\xe7\b#\xb9\x01\xf7\xf5\x1c1\xfbNX\xd9\xf0\x97@\xff(\x99\x13M\xadM\b\xf5\xcd\xa3\xe1Q|\r\x18\xd5\xb4\x1c\xa5\xfd\xdf\x98\xd9\xa7\xf3u\xa8ak\xfaHS\xfa\x12\x85\x85\x14\b\x9c\x15\xc10\xb3\xd5.\x13\xc6\xb6\xbak:\xbf\x8f\xcd\x7f\a\xb8\x00\x00\x00', 0x202, 0x7) r8 = inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r8, 0x0, 0x8000) r9 = openat$auto_ubifs_dir_operations_ubifs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x88000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_CREATE(r8, 0xc02054a5, &(0x7f0000000240)={0x7, r9, 0x10000, "48ad94a9edc22273807d8e3aed5ef354"}) 548.16219ms ago: executing program 1 (id=2043): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto(r0, 0x40044620, 0xffffffffffffffff) 0s ago: executing program 3 (id=2044): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24044010}, 0xc0) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) shmctl$auto(0x0, 0x1, &(0x7f00000005c0)={{0x9, 0x0, 0xffffffffffffffff, 0x13, 0x7, 0x6}, 0x40, 0x7, 0x9c, 0x10001, @inferred=0xffffffffffffffff, @raw=0x5, 0xff, 0x0, 0x0, 0x0}) (async) shmctl$auto(0x0, 0x1, &(0x7f00000005c0)={{0x9, 0x0, 0xffffffffffffffff, 0x13, 0x7, 0x6}, 0x40, 0x7, 0x9c, 0x10001, @inferred=0xffffffffffffffff, @raw=0x5, 0xff, 0x0, 0x0, 0x0}) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 48.978358][ T8603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.978372][ T8603] RIP: 0033:0x7fbc7738f6c9 [ 248.978383][ T8603] Code: Unable to access opcode bytes at 0x7fbc7738f69f. [ 248.978390][ T8603] RSP: 002b:00007fbc782460e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 248.978403][ T8603] RAX: fffffffffffffe00 RBX: 00007fbc775e6098 RCX: 00007fbc7738f6c9 [ 248.978413][ T8603] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbc775e6098 [ 248.978421][ T8603] RBP: 00007fbc775e6090 R08: 0000000000000000 R09: 0000000000000000 [ 248.978430][ T8603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.978438][ T8603] R13: 00007fbc775e6128 R14: 00007ffd5a124b30 R15: 00007ffd5a124c18 [ 248.978456][ T8603] [ 249.851977][ T8614] netlink: 338 bytes leftover after parsing attributes in process `syz.2.733'. [ 249.952145][ T8612] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 254.291447][ T8645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.730'. [ 254.688327][ T8667] netlink: 338 bytes leftover after parsing attributes in process `syz.0.737'. [ 254.862646][ T8665] netlink: 268 bytes leftover after parsing attributes in process `syz.1.735'. [ 254.927803][ T8673] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 255.354164][ T8672] netlink: 268 bytes leftover after parsing attributes in process `syz.3.736'. [ 255.607509][ T8674] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 256.079036][ T8684] mkiss: ax0: crc mode is auto. [ 257.879053][ T8704] nvme_fcloop: unknown parameter or missing value '0' [ 257.950729][ T8704] hub 1-0:1.0: USB hub found [ 257.955950][ T8704] hub 1-0:1.0: 1 port detected [ 258.018520][ T8704] FAULT_INJECTION: forcing a failure. [ 258.018520][ T8704] name failslab, interval 1, probability 0, space 0, times 0 [ 258.261272][ T8704] CPU: 0 UID: 0 PID: 8704 Comm: syz.1.746 Tainted: G U syzkaller #0 PREEMPT(full) [ 258.261324][ T8704] Tainted: [U]=USER [ 258.261334][ T8704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 258.261350][ T8704] Call Trace: [ 258.261359][ T8704] [ 258.261370][ T8704] dump_stack_lvl+0x16c/0x1f0 [ 258.261412][ T8704] should_fail_ex+0x512/0x640 [ 258.261452][ T8704] ? fs_reclaim_acquire+0xae/0x150 [ 258.261488][ T8704] should_failslab+0xc2/0x120 [ 258.261525][ T8704] __kmalloc_noprof+0xdd/0x880 [ 258.261564][ T8704] ? usb_alloc_urb+0x66/0xa0 [ 258.261604][ T8704] ? usb_alloc_urb+0x66/0xa0 [ 258.261632][ T8704] usb_alloc_urb+0x66/0xa0 [ 258.261693][ T8704] usb_control_msg+0x1d3/0x4a0 [ 258.261777][ T8704] ? __pfx_usb_control_msg+0x10/0x10 [ 258.261820][ T8704] ? kfree+0x2b8/0x6d0 [ 258.261839][ T8704] ? usb_get_status+0x112/0x270 [ 258.261884][ T8704] hub_hub_status+0x107/0x350 [ 258.261923][ T8704] hub_probe+0x1b47/0x3480 [ 258.261963][ T8704] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 258.262001][ T8704] ? __pfx_hub_probe+0x10/0x10 [ 258.262026][ T8704] ? mark_held_locks+0x49/0x80 [ 258.262057][ T8704] ? __smp_text_poke_batch_add+0x6e0/0x7a0 [ 258.262095][ T8704] ? mark_held_locks+0x49/0x80 [ 258.262127][ T8704] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 258.262161][ T8704] usb_probe_interface+0x303/0xa40 [ 258.262199][ T8704] ? __pfx_usb_probe_interface+0x10/0x10 [ 258.262229][ T8704] really_probe+0x241/0xa90 [ 258.262270][ T8704] __driver_probe_device+0x1de/0x440 [ 258.262315][ T8704] driver_probe_device+0x4c/0x1b0 [ 258.262355][ T8704] __device_attach_driver+0x1df/0x310 [ 258.262393][ T8704] ? __pfx___device_attach_driver+0x10/0x10 [ 258.262450][ T8704] bus_for_each_drv+0x159/0x1e0 [ 258.262480][ T8704] ? __pfx_bus_for_each_drv+0x10/0x10 [ 258.262513][ T8704] ? lockdep_hardirqs_on+0x7c/0x110 [ 258.262543][ T8704] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 258.262576][ T8704] __device_attach+0x1e4/0x4b0 [ 258.262614][ T8704] ? __pfx___device_attach+0x10/0x10 [ 258.262647][ T8704] ? do_raw_spin_unlock+0x172/0x230 [ 258.262683][ T8704] bus_probe_device+0x17f/0x1c0 [ 258.262716][ T8704] device_add+0x1148/0x1aa0 [ 258.262763][ T8704] ? __pfx_device_add+0x10/0x10 [ 258.262802][ T8704] ? mark_held_locks+0x49/0x80 [ 258.262846][ T8704] usb_set_configuration+0x1187/0x1e20 [ 258.262900][ T8704] bConfigurationValue_store+0x100/0x180 [ 258.262931][ T8704] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 258.262958][ T8704] ? find_held_lock+0x2b/0x80 [ 258.262984][ T8704] ? sysfs_file_kobj+0xe4/0x290 [ 258.263018][ T8704] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 258.263042][ T8704] dev_attr_store+0x58/0x80 [ 258.263080][ T8704] ? __pfx_dev_attr_store+0x10/0x10 [ 258.263114][ T8704] sysfs_kf_write+0xf2/0x150 [ 258.263148][ T8704] kernfs_fop_write_iter+0x3af/0x570 [ 258.263184][ T8704] ? __pfx_sysfs_kf_write+0x10/0x10 [ 258.263220][ T8704] iter_file_splice_write+0xa24/0x12e0 [ 258.263272][ T8704] ? __pfx_iter_file_splice_write+0x10/0x10 [ 258.263317][ T8704] ? __pfx_copy_splice_read+0x10/0x10 [ 258.263365][ T8704] ? __pfx_iter_file_splice_write+0x10/0x10 [ 258.263396][ T8704] direct_splice_actor+0x192/0x6c0 [ 258.263428][ T8704] splice_direct_to_actor+0x345/0xa30 [ 258.263460][ T8704] ? __pfx_direct_splice_actor+0x10/0x10 [ 258.263494][ T8704] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 258.263535][ T8704] do_splice_direct+0x174/0x240 [ 258.263562][ T8704] ? __pfx_do_splice_direct+0x10/0x10 [ 258.263588][ T8704] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 258.263639][ T8704] ? rw_verify_area+0xcf/0x6c0 [ 258.263667][ T8704] do_sendfile+0xb06/0xe50 [ 258.263705][ T8704] ? __pfx_do_sendfile+0x10/0x10 [ 258.263738][ T8704] ? __x64_sys_futex+0x1e0/0x4c0 [ 258.263772][ T8704] ? __x64_sys_futex+0x1e9/0x4c0 [ 258.263810][ T8704] __x64_sys_sendfile64+0x1d8/0x220 [ 258.263843][ T8704] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 258.263891][ T8704] do_syscall_64+0xcd/0xfa0 [ 258.263921][ T8704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.263952][ T8704] RIP: 0033:0x7f15b118f6c9 [ 258.263975][ T8704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.264002][ T8704] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 258.264027][ T8704] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 258.264043][ T8704] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 258.264060][ T8704] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 258.264078][ T8704] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 258.264093][ T8704] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 258.264136][ T8704] [ 258.323057][ T8704] hub 1-0:1.0: hub_hub_status failed (err = -12) [ 258.810872][ T8704] hub 1-0:1.0: config failed, can't get hub status (err -12) [ 258.978102][ T8707] FAULT_INJECTION: forcing a failure. [ 258.978102][ T8707] name failslab, interval 1, probability 0, space 0, times 0 [ 259.021365][ T8707] CPU: 0 UID: 0 PID: 8707 Comm: syz.1.746 Tainted: G U syzkaller #0 PREEMPT(full) [ 259.021401][ T8707] Tainted: [U]=USER [ 259.021408][ T8707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 259.021421][ T8707] Call Trace: [ 259.021429][ T8707] [ 259.021437][ T8707] dump_stack_lvl+0x16c/0x1f0 [ 259.021471][ T8707] should_fail_ex+0x512/0x640 [ 259.021503][ T8707] ? __kmalloc_cache_noprof+0x5f/0x780 [ 259.021530][ T8707] should_failslab+0xc2/0x120 [ 259.021559][ T8707] __kmalloc_cache_noprof+0x72/0x780 [ 259.021583][ T8707] ? __kthread_create_on_node+0xce/0x3f0 [ 259.021619][ T8707] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 259.021641][ T8707] ? __kthread_create_on_node+0xce/0x3f0 [ 259.021670][ T8707] __kthread_create_on_node+0xce/0x3f0 [ 259.021702][ T8707] ? __pfx___kthread_create_on_node+0x10/0x10 [ 259.021750][ T8707] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 259.021773][ T8707] kthread_create_on_node+0xc7/0x100 [ 259.021804][ T8707] ? __pfx_kthread_create_on_node+0x10/0x10 [ 259.021834][ T8707] ? kasan_quarantine_put+0x10a/0x240 [ 259.021862][ T8707] ? find_held_lock+0x2b/0x80 [ 259.021884][ T8707] ? tomoyo_notify_gc+0xc6/0x470 [ 259.021911][ T8707] tomoyo_notify_gc+0xea/0x470 [ 259.021935][ T8707] ? __pfx_tomoyo_release+0x10/0x10 [ 259.021960][ T8707] tomoyo_release+0x31/0x40 [ 259.021984][ T8707] __fput+0x402/0xb70 [ 259.022017][ T8707] ? _raw_spin_unlock_irq+0x23/0x50 [ 259.022046][ T8707] task_work_run+0x150/0x240 [ 259.022083][ T8707] ? __pfx_task_work_run+0x10/0x10 [ 259.022117][ T8707] ? do_raw_spin_unlock+0x172/0x230 [ 259.022146][ T8707] do_exit+0x86f/0x2bf0 [ 259.022192][ T8707] ? __pfx_do_exit+0x10/0x10 [ 259.022221][ T8707] ? do_raw_spin_lock+0x12c/0x2b0 [ 259.022255][ T8707] ? find_held_lock+0x2b/0x80 [ 259.022285][ T8707] do_group_exit+0xd3/0x2a0 [ 259.022319][ T8707] get_signal+0x2671/0x26d0 [ 259.022359][ T8707] ? __pfx_get_signal+0x10/0x10 [ 259.022386][ T8707] ? do_futex+0x122/0x350 [ 259.022416][ T8707] ? __pfx_do_futex+0x10/0x10 [ 259.022450][ T8707] arch_do_signal_or_restart+0x8f/0x790 [ 259.022482][ T8707] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 259.022520][ T8707] ? xfd_validate_state+0x61/0x180 [ 259.022550][ T8707] ? __pfx_ksys_write+0x10/0x10 [ 259.022582][ T8707] exit_to_user_mode_loop+0x85/0x130 [ 259.022618][ T8707] do_syscall_64+0x426/0xfa0 [ 259.022649][ T8707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.022673][ T8707] RIP: 0033:0x7f15b118f6c9 [ 259.022693][ T8707] Code: Unable to access opcode bytes at 0x7f15b118f69f. [ 259.022704][ T8707] RSP: 002b:00007f15b20590e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 259.022727][ T8707] RAX: fffffffffffffe00 RBX: 00007f15b13e6098 RCX: 00007f15b118f6c9 [ 259.022743][ T8707] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f15b13e6098 [ 259.022758][ T8707] RBP: 00007f15b13e6090 R08: 0000000000000000 R09: 0000000000000000 [ 259.022773][ T8707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.022787][ T8707] R13: 00007f15b13e6128 R14: 00007ffc4d7844a0 R15: 00007ffc4d784588 [ 259.022822][ T8707] [ 260.014875][ T8722] netlink: 268 bytes leftover after parsing attributes in process `syz.0.750'. [ 260.909199][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.916659][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.095391][ T8736] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 261.204923][ T8738] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 262.365945][ T8751] netlink: 338 bytes leftover after parsing attributes in process `syz.1.756'. [ 262.935498][ T8764] futex_wake_op: syz.0.761 tries to shift op by -2048; fix this program [ 262.944378][ T8764] futex_wake_op: syz.0.761 tries to shift op by -2048; fix this program [ 263.372062][ T8755] netlink: 268 bytes leftover after parsing attributes in process `syz.3.757'. [ 263.506102][ T8780] FAULT_INJECTION: forcing a failure. [ 263.506102][ T8780] name failslab, interval 1, probability 0, space 0, times 0 [ 263.648428][ T8780] CPU: 1 UID: 0 PID: 8780 Comm: syz.2.764 Tainted: G U syzkaller #0 PREEMPT(full) [ 263.648465][ T8780] Tainted: [U]=USER [ 263.648472][ T8780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 263.648484][ T8780] Call Trace: [ 263.648491][ T8780] [ 263.648500][ T8780] dump_stack_lvl+0x16c/0x1f0 [ 263.648530][ T8780] should_fail_ex+0x512/0x640 [ 263.648560][ T8780] ? fs_reclaim_acquire+0xae/0x150 [ 263.648592][ T8780] should_failslab+0xc2/0x120 [ 263.648630][ T8780] __kmalloc_noprof+0xdd/0x880 [ 263.648662][ T8780] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 263.648694][ T8780] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 263.648717][ T8780] tomoyo_realpath_from_path+0xc2/0x6e0 [ 263.648745][ T8780] ? tomoyo_profile+0x47/0x60 [ 263.648776][ T8780] tomoyo_path_number_perm+0x245/0x580 [ 263.648807][ T8780] ? tomoyo_path_number_perm+0x237/0x580 [ 263.648843][ T8780] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 263.648878][ T8780] ? find_held_lock+0x2b/0x80 [ 263.648927][ T8780] ? find_held_lock+0x2b/0x80 [ 263.648950][ T8780] ? hook_file_ioctl_common+0x145/0x410 [ 263.648983][ T8780] ? __fget_files+0x20e/0x3c0 [ 263.649014][ T8780] security_file_ioctl+0x9b/0x240 [ 263.649039][ T8780] __x64_sys_ioctl+0xb7/0x210 [ 263.649075][ T8780] do_syscall_64+0xcd/0xfa0 [ 263.649103][ T8780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.649125][ T8780] RIP: 0033:0x7f953198f6c9 [ 263.649142][ T8780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.649162][ T8780] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.649183][ T8780] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 263.649199][ T8780] RDX: 0000200000000040 RSI: 000000004008af60 RDI: 0000000000000005 [ 263.649212][ T8780] RBP: 00007f952fbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 263.649226][ T8780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.649239][ T8780] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 263.649271][ T8780] [ 263.649280][ T8780] ERROR: Out of memory at tomoyo_realpath_from_path. [ 264.356458][ T8795] netlink: 338 bytes leftover after parsing attributes in process `syz.1.769'. [ 264.374165][ T8793] netlink: 268 bytes leftover after parsing attributes in process `syz.0.768'. [ 265.535656][ T8807] netlink: 268 bytes leftover after parsing attributes in process `syz.2.772'. [ 267.673898][ T8841] FAULT_INJECTION: forcing a failure. [ 267.673898][ T8841] name failslab, interval 1, probability 0, space 0, times 0 [ 267.715119][ T8841] CPU: 0 UID: 0 PID: 8841 Comm: syz.1.778 Tainted: G U syzkaller #0 PREEMPT(full) [ 267.715156][ T8841] Tainted: [U]=USER [ 267.715165][ T8841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 267.715177][ T8841] Call Trace: [ 267.715186][ T8841] [ 267.715195][ T8841] dump_stack_lvl+0x16c/0x1f0 [ 267.715228][ T8841] should_fail_ex+0x512/0x640 [ 267.715261][ T8841] ? fs_reclaim_acquire+0xae/0x150 [ 267.715295][ T8841] should_failslab+0xc2/0x120 [ 267.715326][ T8841] __kmalloc_noprof+0xdd/0x880 [ 267.715382][ T8841] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 267.715415][ T8841] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 267.715439][ T8841] tomoyo_realpath_from_path+0xc2/0x6e0 [ 267.715466][ T8841] ? tomoyo_profile+0x47/0x60 [ 267.715497][ T8841] tomoyo_path_number_perm+0x245/0x580 [ 267.715532][ T8841] ? tomoyo_path_number_perm+0x237/0x580 [ 267.715570][ T8841] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 267.715608][ T8841] ? find_held_lock+0x2b/0x80 [ 267.715667][ T8841] ? find_held_lock+0x2b/0x80 [ 267.715690][ T8841] ? hook_file_ioctl_common+0x145/0x410 [ 267.715724][ T8841] ? __fget_files+0x20e/0x3c0 [ 267.715753][ T8841] security_file_ioctl+0x9b/0x240 [ 267.715777][ T8841] __x64_sys_ioctl+0xb7/0x210 [ 267.715814][ T8841] do_syscall_64+0xcd/0xfa0 [ 267.715844][ T8841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.715869][ T8841] RIP: 0033:0x7f15b118f6c9 [ 267.715888][ T8841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.715910][ T8841] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 267.715933][ T8841] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 267.715950][ T8841] RDX: 0000200000000080 RSI: 000000004008ae90 RDI: 0000000000000004 [ 267.715965][ T8841] RBP: 00007f15b207a090 R08: 0000000000000000 R09: 0000000000000000 [ 267.715979][ T8841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.715993][ T8841] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 267.716029][ T8841] [ 267.716038][ T8841] ERROR: Out of memory at tomoyo_realpath_from_path. [ 268.108517][ T8848] netlink: 338 bytes leftover after parsing attributes in process `syz.3.780'. [ 270.138897][ T8872] netlink: 268 bytes leftover after parsing attributes in process `syz.0.785'. [ 272.174156][ T8904] netlink: 338 bytes leftover after parsing attributes in process `syz.2.790'. [ 273.103095][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.796'. [ 273.117938][ T8924] netlink: 5 bytes leftover after parsing attributes in process `syz.3.796'. [ 273.129903][ T8924] netlink: 12 bytes leftover after parsing attributes in process `syz.3.796'. [ 273.360052][ T8929] block nbd8: NBD_DISCONNECT [ 273.487821][ T8933] netlink: 338 bytes leftover after parsing attributes in process `syz.0.801'. [ 274.208706][ T8941] netlink: 338 bytes leftover after parsing attributes in process `syz.1.804'. [ 274.435172][ T8946] netlink: 268 bytes leftover after parsing attributes in process `syz.0.811'. [ 274.553886][ T8945] netlink: 268 bytes leftover after parsing attributes in process `syz.2.803'. [ 277.687482][ T9004] vhci_hcd: invalid port number 16 [ 278.465200][ T9013] netlink: 268 bytes leftover after parsing attributes in process `syz.3.819'. [ 278.665677][ T9016] netlink: 268 bytes leftover after parsing attributes in process `syz.0.820'. [ 280.988505][ T9028] netlink: 268 bytes leftover after parsing attributes in process `syz.1.822'. [ 281.089709][ T9039] netlink: 338 bytes leftover after parsing attributes in process `syz.2.826'. [ 281.420513][ T9049] netlink: 268 bytes leftover after parsing attributes in process `syz.3.827'. [ 281.674284][ T9052] FAULT_INJECTION: forcing a failure. [ 281.674284][ T9052] name failslab, interval 1, probability 0, space 0, times 0 [ 281.717477][ T9052] CPU: 1 UID: 0 PID: 9052 Comm: syz.2.829 Tainted: G U syzkaller #0 PREEMPT(full) [ 281.717503][ T9052] Tainted: [U]=USER [ 281.717509][ T9052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 281.717517][ T9052] Call Trace: [ 281.717522][ T9052] [ 281.717528][ T9052] dump_stack_lvl+0x16c/0x1f0 [ 281.717549][ T9052] should_fail_ex+0x512/0x640 [ 281.717571][ T9052] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 281.717589][ T9052] should_failslab+0xc2/0x120 [ 281.717609][ T9052] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 281.717624][ T9052] ? __d_alloc+0x32/0xae0 [ 281.717645][ T9052] ? __d_alloc+0x32/0xae0 [ 281.717659][ T9052] __d_alloc+0x32/0xae0 [ 281.717677][ T9052] d_alloc_pseudo+0x1c/0xc0 [ 281.717697][ T9052] alloc_file_pseudo+0xcf/0x230 [ 281.717725][ T9052] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 281.717746][ T9052] ? alloc_fd+0x471/0x7d0 [ 281.717764][ T9052] sock_alloc_file+0x50/0x210 [ 281.717782][ T9052] __sys_socket+0x1c0/0x260 [ 281.717801][ T9052] ? __pfx___sys_socket+0x10/0x10 [ 281.717820][ T9052] ? xfd_validate_state+0x61/0x180 [ 281.717839][ T9052] ? __pfx_ksys_write+0x10/0x10 [ 281.717857][ T9052] __x64_sys_socket+0x72/0xb0 [ 281.717875][ T9052] ? lockdep_hardirqs_on+0x7c/0x110 [ 281.717891][ T9052] do_syscall_64+0xcd/0xfa0 [ 281.717909][ T9052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.717923][ T9052] RIP: 0033:0x7f953198f6c9 [ 281.717935][ T9052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.717949][ T9052] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 281.717963][ T9052] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 281.717972][ T9052] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000023 [ 281.717980][ T9052] RBP: 00007f9531a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 281.717989][ T9052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.717997][ T9052] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 281.718030][ T9052] [ 282.560182][ T9061] netlink: 268 bytes leftover after parsing attributes in process `syz.0.832'. [ 284.139020][ T9078] netlink: 268 bytes leftover after parsing attributes in process `syz.3.837'. [ 284.294059][ T9080] netlink: 268 bytes leftover after parsing attributes in process `syz.2.836'. [ 285.576670][ T9086] zswap: compressor not available [ 285.794953][ T9098] syz.0.841: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 285.897314][ T9098] CPU: 1 UID: 0 PID: 9098 Comm: syz.0.841 Tainted: G U syzkaller #0 PREEMPT(full) [ 285.897356][ T9098] Tainted: [U]=USER [ 285.897365][ T9098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 285.897381][ T9098] Call Trace: [ 285.897389][ T9098] [ 285.897400][ T9098] dump_stack_lvl+0x16c/0x1f0 [ 285.897437][ T9098] warn_alloc+0x248/0x3a0 [ 285.897467][ T9098] ? __pfx_warn_alloc+0x10/0x10 [ 285.897524][ T9098] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 285.897561][ T9098] __vmalloc_node_range_noprof+0xfbc/0x1480 [ 285.897599][ T9098] ? __pfx___might_resched+0x10/0x10 [ 285.897628][ T9098] ? rcu_is_watching+0x12/0xc0 [ 285.897654][ T9098] ? trace_contention_end+0xdd/0x130 [ 285.897689][ T9098] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 285.897723][ T9098] ? tomoyo_path_number_perm+0x295/0x580 [ 285.897768][ T9098] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 285.897802][ T9098] ? __pfx___mutex_lock+0x10/0x10 [ 285.897836][ T9098] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 285.897887][ T9098] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 285.897919][ T9098] __vmalloc_node_noprof+0xad/0xf0 [ 285.897953][ T9098] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 285.897992][ T9098] dvb_dvr_do_ioctl+0x15d/0x290 [ 285.898044][ T9098] dvb_usercopy+0x167/0x340 [ 285.898077][ T9098] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 285.898113][ T9098] ? __pfx_dvb_usercopy+0x10/0x10 [ 285.898162][ T9098] ? __fget_files+0x20e/0x3c0 [ 285.898196][ T9098] dvb_dvr_ioctl+0x29/0x40 [ 285.898226][ T9098] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 285.898262][ T9098] __x64_sys_ioctl+0x18e/0x210 [ 285.898300][ T9098] do_syscall_64+0xcd/0xfa0 [ 285.898332][ T9098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.898358][ T9098] RIP: 0033:0x7fbc7738f6c9 [ 285.898379][ T9098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.898404][ T9098] RSP: 002b:00007fbc78246038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 285.898429][ T9098] RAX: ffffffffffffffda RBX: 00007fbc775e6090 RCX: 00007fbc7738f6c9 [ 285.898447][ T9098] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000002 [ 285.898464][ T9098] RBP: 00007fbc77411f91 R08: 0000000000000000 R09: 0000000000000000 [ 285.898479][ T9098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.898495][ T9098] R13: 00007fbc775e6128 R14: 00007fbc775e6090 R15: 00007ffd5a124c18 [ 285.898533][ T9098] [ 285.898569][ T9098] Mem-Info: [ 286.244357][ T9098] active_anon:45950 inactive_anon:0 isolated_anon:0 [ 286.244357][ T9098] active_file:12206 inactive_file:47137 isolated_file:0 [ 286.244357][ T9098] unevictable:768 dirty:913 writeback:0 [ 286.244357][ T9098] slab_reclaimable:12214 slab_unreclaimable:90817 [ 286.244357][ T9098] mapped:38467 shmem:38787 pagetables:1167 [ 286.244357][ T9098] sec_pagetables:0 bounce:0 [ 286.244357][ T9098] kernel_misc_reclaimable:0 [ 286.244357][ T9098] free:1279984 free_pcp:26314 free_cma:0 [ 286.378008][ T9098] Node 0 active_anon:186100kB inactive_anon:0kB active_file:48824kB inactive_file:187864kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:153484kB dirty:3648kB writeback:0kB shmem:156212kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:10240kB kernel_stack:11620kB pagetables:4520kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 286.510555][ T9098] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:684kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:484kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 286.641243][ T9098] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 286.741453][ T9098] lowmem_reserve[]: 0 2485 2487 2487 2487 [ 286.848024][ T9098] Node 0 DMA32 free:1196800kB boost:0kB min:34364kB low:42952kB high:51540kB reserved_highatomic:0KB free_highatomic:0KB active_anon:188220kB inactive_anon:0kB active_file:48824kB inactive_file:187864kB unevictable:1536kB writepending:3756kB zspages:0kB present:3129332kB managed:2545088kB mlocked:0kB bounce:0kB free_pcp:89684kB local_pcp:60724kB free_cma:0kB [ 287.001345][ T9098] lowmem_reserve[]: 0 0 1 1 1 [ 287.110336][ T9098] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 287.205885][ T9099] netlink: 268 bytes leftover after parsing attributes in process `syz.1.838'. [ 287.309879][ T9098] lowmem_reserve[]: 0 0 0 0 0 [ 287.315020][ T9098] Node 1 Normal free:3905252kB boost:0kB min:55512kB low:69388kB high:83264kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:684kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:13096kB local_pcp:8536kB free_cma:0kB [ 287.348858][ T9098] lowmem_reserve[]: 0 0 0 0 0 [ 287.353715][ T9098] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 287.366778][ T9098] Node 0 DMA32: 642*4kB (UM) 247*8kB (UM) 272*16kB (UME) 118*32kB (UME) 16*64kB (UME) 4*128kB (UM) 3*256kB (UME) 119*512kB (M) 63*1024kB (ME) 16*2048kB (ME) 251*4096kB (UM) = 1201280kB [ 287.431300][ T9098] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 287.484665][ T9098] Node 1 Normal: 163*4kB (UME) 39*8kB (UME) 14*16kB (UME) 194*32kB (UME) 106*64kB (UME) 31*128kB (UME) 8*256kB (U) 2*512kB (U) 3*1024kB (UE) 3*2048kB (UME) 946*4096kB (M) = 3905252kB [ 287.521444][ T9098] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 287.581997][ T9098] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=2 hugepages_size=2048kB [ 287.601307][ T9098] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 287.610985][ T9098] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 287.644821][ T9115] netlink: 268 bytes leftover after parsing attributes in process `syz.3.844'. [ 287.683711][ T9114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'. [ 287.701390][ T9098] 91890 total pagecache pages [ 287.721329][ T9098] 2 pages in swap cache [ 287.725514][ T9098] Free swap = 124988kB [ 287.729684][ T9098] Total swap = 124996kB [ 287.767515][ T9098] 2097051 pages RAM [ 287.782034][ T9098] 0 pages HighMem/MovableOnly [ 287.786729][ T9098] 428689 pages reserved [ 287.867733][ T9098] 0 pages cma reserved [ 288.535680][ T9124] netlink: 268 bytes leftover after parsing attributes in process `syz.0.848'. [ 289.315091][ T9137] netlink: 268 bytes leftover after parsing attributes in process `syz.2.851'. [ 289.876335][ T9148] syz.1.854 uses obsolete (PF_INET,SOCK_PACKET) [ 290.848497][ T9167] netlink: 338 bytes leftover after parsing attributes in process `syz.3.860'. [ 290.904604][ T9167] netlink: 314 bytes leftover after parsing attributes in process `syz.3.860'. [ 291.055139][ T9170] netlink: 338 bytes leftover after parsing attributes in process `syz.3.861'. [ 291.095816][ T9170] FAULT_INJECTION: forcing a failure. [ 291.095816][ T9170] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 291.141317][ T9170] CPU: 1 UID: 0 PID: 9170 Comm: syz.3.861 Tainted: G U syzkaller #0 PREEMPT(full) [ 291.141351][ T9170] Tainted: [U]=USER [ 291.141357][ T9170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 291.141365][ T9170] Call Trace: [ 291.141371][ T9170] [ 291.141376][ T9170] dump_stack_lvl+0x16c/0x1f0 [ 291.141398][ T9170] should_fail_ex+0x512/0x640 [ 291.141433][ T9170] _copy_from_user+0x2e/0xd0 [ 291.141457][ T9170] copy_msghdr_from_user+0x98/0x160 [ 291.141475][ T9170] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 291.141502][ T9170] ? __pfx__kstrtoull+0x10/0x10 [ 291.141533][ T9170] ___sys_sendmsg+0xfe/0x1d0 [ 291.141555][ T9170] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.141593][ T9170] ? find_held_lock+0x2b/0x80 [ 291.141630][ T9170] __sys_sendmmsg+0x200/0x420 [ 291.141647][ T9170] ? __pfx___sys_sendmmsg+0x10/0x10 [ 291.141668][ T9170] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 291.141694][ T9170] ? fput+0x9b/0xd0 [ 291.141714][ T9170] ? ksys_write+0x1ac/0x250 [ 291.141729][ T9170] ? __pfx_ksys_write+0x10/0x10 [ 291.141747][ T9170] __x64_sys_sendmmsg+0x9c/0x100 [ 291.141760][ T9170] ? lockdep_hardirqs_on+0x7c/0x110 [ 291.141777][ T9170] do_syscall_64+0xcd/0xfa0 [ 291.141795][ T9170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.141809][ T9170] RIP: 0033:0x7ffb1878f6c9 [ 291.141822][ T9170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.141836][ T9170] RSP: 002b:00007ffb19556038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 291.141850][ T9170] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb1878f6c9 [ 291.141860][ T9170] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 291.141868][ T9170] RBP: 00007ffb19556090 R08: 0000000000000000 R09: 0000000000000000 [ 291.141877][ T9170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.141885][ T9170] R13: 00007ffb189e6038 R14: 00007ffb189e5fa0 R15: 00007fffde3f9748 [ 291.141904][ T9170] [ 291.986203][ T9182] netlink: 268 bytes leftover after parsing attributes in process `syz.2.862'. [ 292.063401][ T9185] FAULT_INJECTION: forcing a failure. [ 292.063401][ T9185] name failslab, interval 1, probability 0, space 0, times 0 [ 292.136956][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.0.865 Tainted: G U syzkaller #0 PREEMPT(full) [ 292.136999][ T9185] Tainted: [U]=USER [ 292.137008][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 292.137024][ T9185] Call Trace: [ 292.137032][ T9185] [ 292.137042][ T9185] dump_stack_lvl+0x16c/0x1f0 [ 292.137077][ T9185] should_fail_ex+0x512/0x640 [ 292.137114][ T9185] ? __kmalloc_cache_noprof+0x5f/0x780 [ 292.137141][ T9185] should_failslab+0xc2/0x120 [ 292.137174][ T9185] __kmalloc_cache_noprof+0x72/0x780 [ 292.137200][ T9185] ? __kthread_create_on_node+0xce/0x3f0 [ 292.137237][ T9185] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 292.137261][ T9185] ? __kthread_create_on_node+0xce/0x3f0 [ 292.137303][ T9185] __kthread_create_on_node+0xce/0x3f0 [ 292.137339][ T9185] ? __pfx___kthread_create_on_node+0x10/0x10 [ 292.137391][ T9185] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 292.137418][ T9185] kthread_create_on_node+0xc7/0x100 [ 292.137452][ T9185] ? __pfx_kthread_create_on_node+0x10/0x10 [ 292.137487][ T9185] ? kasan_quarantine_put+0x10a/0x240 [ 292.137520][ T9185] ? find_held_lock+0x2b/0x80 [ 292.137547][ T9185] ? tomoyo_notify_gc+0xc6/0x470 [ 292.137578][ T9185] tomoyo_notify_gc+0xea/0x470 [ 292.137601][ T9185] ? ima_iint_find+0xea/0x130 [ 292.137636][ T9185] ? __pfx_tomoyo_release+0x10/0x10 [ 292.137664][ T9185] tomoyo_release+0x31/0x40 [ 292.137691][ T9185] __fput+0x402/0xb70 [ 292.137726][ T9185] ? _raw_spin_unlock_irq+0x23/0x50 [ 292.137757][ T9185] task_work_run+0x150/0x240 [ 292.137794][ T9185] ? __pfx_task_work_run+0x10/0x10 [ 292.137832][ T9185] ? __pfx___do_sys_close_range+0x10/0x10 [ 292.137873][ T9185] exit_to_user_mode_loop+0xec/0x130 [ 292.137913][ T9185] do_syscall_64+0x426/0xfa0 [ 292.137948][ T9185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.137973][ T9185] RIP: 0033:0x7fbc7738f6c9 [ 292.137995][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.138019][ T9185] RSP: 002b:00007fbc78246038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 292.138044][ T9185] RAX: 0000000000000000 RBX: 00007fbc775e6090 RCX: 00007fbc7738f6c9 [ 292.138061][ T9185] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 292.138076][ T9185] RBP: 00007fbc77411f91 R08: 0000000000000000 R09: 0000000000000000 [ 292.138092][ T9185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 292.138108][ T9185] R13: 00007fbc775e6128 R14: 00007fbc775e6090 R15: 00007ffd5a124c18 [ 292.138144][ T9185] [ 292.908848][ T30] audit: type=1804 audit(8277292111.390:2): pid=9197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.867" name="/newroot/210/file0" dev="tmpfs" ino=1156 res=1 errno=0 [ 293.787257][ T9203] netlink: 12 bytes leftover after parsing attributes in process `syz.3.871'. [ 294.947330][ T9225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.873'. [ 295.088245][ T9225] gre0: entered promiscuous mode [ 295.234159][ T9225] gre0: entered allmulticast mode [ 295.354322][ T9227] netlink: 268 bytes leftover after parsing attributes in process `syz.1.872'. [ 295.990016][ T9239] FAULT_INJECTION: forcing a failure. [ 295.990016][ T9239] name failslab, interval 1, probability 0, space 0, times 0 [ 296.011098][ T9239] CPU: 0 UID: 0 PID: 9239 Comm: syz.2.877 Tainted: G U syzkaller #0 PREEMPT(full) [ 296.011150][ T9239] Tainted: [U]=USER [ 296.011158][ T9239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 296.011172][ T9239] Call Trace: [ 296.011181][ T9239] [ 296.011192][ T9239] dump_stack_lvl+0x16c/0x1f0 [ 296.011226][ T9239] should_fail_ex+0x512/0x640 [ 296.011262][ T9239] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 296.011290][ T9239] should_failslab+0xc2/0x120 [ 296.011322][ T9239] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 296.011352][ T9239] ? __d_alloc+0x32/0xae0 [ 296.011386][ T9239] ? __d_alloc+0x32/0xae0 [ 296.011413][ T9239] __d_alloc+0x32/0xae0 [ 296.011445][ T9239] d_alloc_pseudo+0x1c/0xc0 [ 296.011480][ T9239] alloc_file_pseudo+0xcf/0x230 [ 296.011518][ T9239] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 296.011553][ T9239] ? alloc_fd+0x471/0x7d0 [ 296.011585][ T9239] sock_alloc_file+0x50/0x210 [ 296.011615][ T9239] __sys_socket+0x1c0/0x260 [ 296.011646][ T9239] ? __pfx___sys_socket+0x10/0x10 [ 296.011678][ T9239] ? xfd_validate_state+0x61/0x180 [ 296.011710][ T9239] ? __pfx_ksys_write+0x10/0x10 [ 296.011744][ T9239] __x64_sys_socket+0x72/0xb0 [ 296.011774][ T9239] ? lockdep_hardirqs_on+0x7c/0x110 [ 296.011805][ T9239] do_syscall_64+0xcd/0xfa0 [ 296.011836][ T9239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.011862][ T9239] RIP: 0033:0x7f953198f6c9 [ 296.011883][ T9239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.011909][ T9239] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 296.011933][ T9239] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 296.011951][ T9239] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000023 [ 296.011966][ T9239] RBP: 00007f9531a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 296.011983][ T9239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 296.011999][ T9239] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 296.012036][ T9239] [ 297.246336][ T9257] netlink: 268 bytes leftover after parsing attributes in process `syz.3.879'. [ 297.907466][ T9271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.886'. [ 299.533476][ T9292] netlink: 268 bytes leftover after parsing attributes in process `syz.2.892'. [ 299.969607][ T9301] netlink: 268 bytes leftover after parsing attributes in process `syz.1.894'. [ 300.541372][ T9316] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 300.561863][ T9316] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 300.583288][ T9316] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 300.606609][ T9316] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 300.744122][ T9321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.900'. [ 302.259602][ T9345] netlink: 268 bytes leftover after parsing attributes in process `syz.1.906'. [ 302.554639][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 302.631348][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 302.637506][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 302.643758][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout [ 303.430216][ T9344] kexec: Could not allocate control_code_buffer [ 304.651729][ T9379] netlink: 338 bytes leftover after parsing attributes in process `syz.1.915'. [ 304.724065][ T9383] netlink: 338 bytes leftover after parsing attributes in process `syz.3.916'. [ 304.732511][ T9379] netlink: 314 bytes leftover after parsing attributes in process `syz.1.915'. [ 304.894874][ T9367] netlink: 268 bytes leftover after parsing attributes in process `syz.2.911'. [ 305.274045][ T9394] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 305.293799][ T9394] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 305.345408][ T9394] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 305.358160][ T9394] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 305.609632][ T9405] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 305.988722][ T9414] db_root: cannot open: Y [ 306.294097][ T9421] netlink: 268 bytes leftover after parsing attributes in process `syz.0.928'. [ 307.361562][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 307.361583][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 307.361626][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 307.529344][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 308.797132][ T9452] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 308.803298][ T9452] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 308.809534][ T9452] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 308.815802][ T9452] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 309.088434][ T9475] netlink: 268 bytes leftover after parsing attributes in process `syz.3.944'. [ 310.156200][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 310.882847][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 310.882865][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout [ 310.888973][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 312.094599][ T9496] kexec: Could not allocate control_code_buffer [ 312.218810][ T9525] netlink: 268 bytes leftover after parsing attributes in process `syz.1.954'. [ 313.192199][ T9511] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 313.198717][ T9511] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 313.205653][ T9511] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 313.211900][ T9511] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 313.354528][ T9529] netlink: 268 bytes leftover after parsing attributes in process `syz.0.955'. [ 313.913348][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 314.860972][ T9545] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 314.869340][ T9545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 314.881366][ T9545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 314.887692][ T9545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 316.392128][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 316.634624][ T9572] netlink: 268 bytes leftover after parsing attributes in process `syz.1.963'. [ 316.871500][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 316.968099][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 316.968111][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 317.380588][ T9587] netlink: 268 bytes leftover after parsing attributes in process `syz.2.975'. [ 317.688674][ T9579] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 317.711785][ T9579] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 317.718353][ T9579] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 317.725353][ T9579] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 318.283832][ T9598] netlink: 268 bytes leftover after parsing attributes in process `syz.3.969'. [ 318.980338][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 319.308701][ T9613] netlink: 268 bytes leftover after parsing attributes in process `syz.0.981'. [ 319.751665][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 319.759937][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 319.766201][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout [ 321.098752][ T9625] netlink: 268 bytes leftover after parsing attributes in process `syz.2.984'. [ 321.865658][ T9631] netlink: 268 bytes leftover after parsing attributes in process `syz.0.974'. [ 322.162665][ T9636] netlink: 268 bytes leftover after parsing attributes in process `syz.2.976'. [ 322.315439][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.321927][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.697376][ T9638] random: crng reseeded on system resumption [ 323.868538][ T9645] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 323.875017][ T9645] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 323.884741][ T9645] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 323.890993][ T9645] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 324.840904][ T9657] netlink: 268 bytes leftover after parsing attributes in process `syz.2.982'. [ 325.271312][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 325.467959][ T9669] netlink: 268 bytes leftover after parsing attributes in process `syz.1.995'. [ 325.501752][ T9673] netlink: 338 bytes leftover after parsing attributes in process `syz.0.987'. [ 325.563655][ T9673] netlink: 342 bytes leftover after parsing attributes in process `syz.0.987'. [ 325.915736][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 325.921920][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout [ 325.921948][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 327.363532][ T9691] snd_aloop snd_aloop.0: control 7:265:7::2 is already present [ 328.753030][ T9710] random: crng reseeded on system resumption [ 329.325597][ T9719] netlink: 268 bytes leftover after parsing attributes in process `syz.1.999'. [ 329.572341][ T9726] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1000'. [ 330.653854][ T9735] FAULT_INJECTION: forcing a failure. [ 330.653854][ T9735] name failslab, interval 1, probability 0, space 0, times 0 [ 330.713359][ T9735] CPU: 0 UID: 0 PID: 9735 Comm: syz.3.1004 Tainted: G U syzkaller #0 PREEMPT(full) [ 330.713403][ T9735] Tainted: [U]=USER [ 330.713412][ T9735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 330.713441][ T9735] Call Trace: [ 330.713451][ T9735] [ 330.713462][ T9735] dump_stack_lvl+0x16c/0x1f0 [ 330.713500][ T9735] should_fail_ex+0x512/0x640 [ 330.713536][ T9735] ? fs_reclaim_acquire+0xae/0x150 [ 330.713574][ T9735] should_failslab+0xc2/0x120 [ 330.713608][ T9735] __kmalloc_noprof+0xdd/0x880 [ 330.713645][ T9735] ? kfree+0x252/0x6d0 [ 330.713665][ T9735] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 330.713703][ T9735] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 330.713731][ T9735] tomoyo_realpath_from_path+0xc2/0x6e0 [ 330.713765][ T9735] ? tomoyo_profile+0x47/0x60 [ 330.713801][ T9735] tomoyo_path_number_perm+0x245/0x580 [ 330.713838][ T9735] ? tomoyo_path_number_perm+0x237/0x580 [ 330.713880][ T9735] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 330.713955][ T9735] ? d_alloc_parallel+0xb4e/0x1510 [ 330.713993][ T9735] ? current_check_access_path+0x33c/0x460 [ 330.714034][ T9735] ? __pfx_current_check_access_path+0x10/0x10 [ 330.714077][ T9735] tomoyo_path_mknod+0x10c/0x190 [ 330.714111][ T9735] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 330.714147][ T9735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 330.714193][ T9735] security_path_mknod+0x161/0x310 [ 330.714234][ T9735] lookup_open.isra.0+0xc17/0x1580 [ 330.714280][ T9735] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 330.714326][ T9735] ? find_held_lock+0x2b/0x80 [ 330.714363][ T9735] ? __pfx_down_write+0x10/0x10 [ 330.714401][ T9735] path_openat+0x893/0x2cb0 [ 330.714438][ T9735] ? __pfx_path_openat+0x10/0x10 [ 330.714475][ T9735] do_filp_open+0x20b/0x470 [ 330.714504][ T9735] ? __pfx_do_filp_open+0x10/0x10 [ 330.714558][ T9735] ? _raw_spin_unlock+0x28/0x50 [ 330.714584][ T9735] ? alloc_fd+0x471/0x7d0 [ 330.714621][ T9735] do_sys_openat2+0x11b/0x1d0 [ 330.714657][ T9735] ? __pfx_do_sys_openat2+0x10/0x10 [ 330.714707][ T9735] __x64_sys_open+0x153/0x1e0 [ 330.714742][ T9735] ? __pfx___x64_sys_open+0x10/0x10 [ 330.714784][ T9735] ? rcu_is_watching+0x12/0xc0 [ 330.714814][ T9735] do_syscall_64+0xcd/0xfa0 [ 330.714845][ T9735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.714869][ T9735] RIP: 0033:0x7ffb1878f6c9 [ 330.714890][ T9735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.714913][ T9735] RSP: 002b:00007ffb19556038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 330.714928][ T9735] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb1878f6c9 [ 330.714937][ T9735] RDX: 0000000000000084 RSI: 00000000000261c2 RDI: 0000200000000000 [ 330.714946][ T9735] RBP: 00007ffb18811f91 R08: 0000000000000000 R09: 0000000000000000 [ 330.714955][ T9735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.714964][ T9735] R13: 00007ffb189e6038 R14: 00007ffb189e5fa0 R15: 00007fffde3f9748 [ 330.714985][ T9735] [ 330.773485][ T9735] ERROR: Out of memory at tomoyo_realpath_from_path. [ 330.844848][ T9744] block2mtd: Using custom MTD label '' for dev [ 330.987826][ T9743] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 331.067372][ T9743] CIFS mount error: No usable UNC path provided in device string! [ 331.067372][ T9743] [ 331.078057][ T9743] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 331.137929][ T9744] block2mtd: error: cannot open device [ 333.911623][ T9758] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1007'. [ 334.545909][ T9771] snd_aloop snd_aloop.0: control 7:265:7::2 is already present [ 334.817451][ T9782] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1012'. [ 338.703831][ T9802] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 338.751604][ T9802] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 338.811830][ T9802] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 338.818025][ T9802] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 338.870186][ T9826] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1022'. [ 339.591574][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 340.454388][ T9840] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1026'. [ 340.791418][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 340.871606][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 340.878216][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 341.015379][ T9848] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1029'. [ 341.409629][ T9855] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1031'. [ 344.502269][ T9878] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 344.530437][ T9878] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 344.539809][ T9878] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 344.547196][ T9878] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 345.278757][ T9905] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1041'. [ 345.954559][ T9913] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1044'. [ 346.318599][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 346.564500][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 346.564505][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 346.564550][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 347.542689][ T9920] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 347.592118][ T9920] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 347.598163][ T9920] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 347.631707][ T9920] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 349.031645][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout [ 349.299201][ T9942] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1058'. [ 349.648056][ T9935] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1047'. [ 349.682208][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout [ 349.682265][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 349.695666][ T52] Bluetooth: hci1: command 0x0c1a tx timeout [ 349.714769][ T9944] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1049'. [ 353.234004][ T9988] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1059'. [ 353.730890][ T9989] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1061'. [ 356.764636][T10021] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1076'. [ 357.601730][T10030] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1071'. [ 358.052567][T10034] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1072'. [ 360.670212][T10068] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1081'. [ 361.174469][T10076] random: crng reseeded on system resumption [ 361.623978][T10084] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1086'. [ 361.675681][T10084] FAULT_INJECTION: forcing a failure. [ 361.675681][T10084] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 361.745874][T10084] CPU: 1 UID: 0 PID: 10084 Comm: syz.2.1086 Tainted: G U syzkaller #0 PREEMPT(full) [ 361.745913][T10084] Tainted: [U]=USER [ 361.745920][T10084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 361.745933][T10084] Call Trace: [ 361.745941][T10084] [ 361.745951][T10084] dump_stack_lvl+0x16c/0x1f0 [ 361.745985][T10084] should_fail_ex+0x512/0x640 [ 361.746024][T10084] _copy_from_iter+0x29f/0x1720 [ 361.746064][T10084] ? __alloc_skb+0x200/0x380 [ 361.746100][T10084] ? __pfx__copy_from_iter+0x10/0x10 [ 361.746137][T10084] ? __pfx___might_resched+0x10/0x10 [ 361.746163][T10084] ? __lock_acquire+0xb8a/0x1c90 [ 361.746203][T10084] netlink_sendmsg+0x820/0xdd0 [ 361.746244][T10084] ? __pfx_netlink_sendmsg+0x10/0x10 [ 361.746273][T10084] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 361.746313][T10084] ____sys_sendmsg+0xa98/0xc70 [ 361.746343][T10084] ? copy_msghdr_from_user+0x10a/0x160 [ 361.746366][T10084] ? __pfx_____sys_sendmsg+0x10/0x10 [ 361.746401][T10084] ? __pfx__kstrtoull+0x10/0x10 [ 361.746435][T10084] ___sys_sendmsg+0x134/0x1d0 [ 361.746461][T10084] ? __pfx____sys_sendmsg+0x10/0x10 [ 361.746501][T10084] ? find_held_lock+0x2b/0x80 [ 361.746548][T10084] __sys_sendmmsg+0x200/0x420 [ 361.746575][T10084] ? __pfx___sys_sendmmsg+0x10/0x10 [ 361.746610][T10084] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 361.746654][T10084] ? fput+0x9b/0xd0 [ 361.746685][T10084] ? ksys_write+0x1ac/0x250 [ 361.746710][T10084] ? __pfx_ksys_write+0x10/0x10 [ 361.746742][T10084] __x64_sys_sendmmsg+0x9c/0x100 [ 361.746765][T10084] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.746792][T10084] do_syscall_64+0xcd/0xfa0 [ 361.746822][T10084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.746845][T10084] RIP: 0033:0x7f953198f6c9 [ 361.746868][T10084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.746891][T10084] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 361.746915][T10084] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 361.746931][T10084] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 361.746946][T10084] RBP: 00007f952fbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 361.746961][T10084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 361.746975][T10084] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 361.747008][T10084] [ 361.761764][T10094] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1088'. [ 362.136481][T10085] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1085'. [ 362.936919][T10104] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1090'. [ 363.093490][T10110] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1093'. [ 365.328193][T10143] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1103'. [ 365.540231][T10151] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1105'. [ 365.582424][T10152] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1106'. [ 366.430934][T10160] random: crng reseeded on system resumption [ 367.087349][T10168] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1109'. [ 368.859124][T10192] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1116'. [ 368.953032][T10197] ALSA: mixer_oss: invalid OSS volume '0' [ 368.958769][T10197] ALSA: mixer_oss: invalid OSS volume 'PHONET' [ 369.001331][T10197] ALSA: mixer_oss: invalid OSS volume 'L2TP/IPv6' [ 369.087275][T10199] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1118'. [ 369.615723][T10207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1120'. [ 370.296993][T10220] FAULT_INJECTION: forcing a failure. [ 370.296993][T10220] name fail_futex, interval 1, probability 0, space 0, times 0 [ 370.310077][T10220] CPU: 0 UID: 0 PID: 10220 Comm: syz.3.1124 Tainted: G U syzkaller #0 PREEMPT(full) [ 370.310114][T10220] Tainted: [U]=USER [ 370.310121][T10220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 370.310135][T10220] Call Trace: [ 370.310143][T10220] [ 370.310152][T10220] dump_stack_lvl+0x16c/0x1f0 [ 370.310184][T10220] should_fail_ex+0x512/0x640 [ 370.310223][T10220] get_futex_key+0x1d0/0x1560 [ 370.310256][T10220] ? __pfx_get_futex_key+0x10/0x10 [ 370.310342][T10220] futex_wake+0xea/0x530 [ 370.310373][T10220] ? rcu_is_watching+0x12/0xc0 [ 370.310396][T10220] ? __pfx_futex_wake+0x10/0x10 [ 370.310429][T10220] ? kmem_cache_free+0x2d4/0x6c0 [ 370.310453][T10220] ? putname+0x154/0x1a0 [ 370.310485][T10220] do_futex+0x1e3/0x350 [ 370.310512][T10220] ? __pfx_do_futex+0x10/0x10 [ 370.310548][T10220] __x64_sys_futex+0x1e0/0x4c0 [ 370.310579][T10220] ? __x64_sys_openat+0x174/0x210 [ 370.310611][T10220] ? __pfx___x64_sys_futex+0x10/0x10 [ 370.310655][T10220] do_syscall_64+0xcd/0xfa0 [ 370.310685][T10220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.310707][T10220] RIP: 0033:0x7ffb1878f6c9 [ 370.310726][T10220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.310748][T10220] RSP: 002b:00007ffb195560e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 370.310770][T10220] RAX: ffffffffffffffda RBX: 00007ffb189e5fa8 RCX: 00007ffb1878f6c9 [ 370.310785][T10220] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffb189e5fac [ 370.310799][T10220] RBP: 00007ffb189e5fa0 R08: 00007ffb19557000 R09: 0000000000000000 [ 370.310813][T10220] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 370.310827][T10220] R13: 00007ffb189e6038 R14: 00007fffde3f9660 R15: 00007fffde3f9748 [ 370.310857][T10220] [ 370.775679][T10214] Invalid ELF header magic: != ELF [ 372.996244][T10266] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1133'. [ 373.418444][T10283] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1137'. [ 373.434409][T10283] FAULT_INJECTION: forcing a failure. [ 373.434409][T10283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 373.481428][T10283] CPU: 1 UID: 0 PID: 10283 Comm: syz.2.1137 Tainted: G U syzkaller #0 PREEMPT(full) [ 373.481468][T10283] Tainted: [U]=USER [ 373.481476][T10283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 373.481489][T10283] Call Trace: [ 373.481497][T10283] [ 373.481506][T10283] dump_stack_lvl+0x16c/0x1f0 [ 373.481539][T10283] should_fail_ex+0x512/0x640 [ 373.481576][T10283] _copy_from_user+0x2e/0xd0 [ 373.481612][T10283] copy_msghdr_from_user+0x98/0x160 [ 373.481637][T10283] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 373.481667][T10283] ? kfree+0x252/0x6d0 [ 373.481685][T10283] ? __pfx__kstrtoull+0x10/0x10 [ 373.481719][T10283] ___sys_sendmsg+0xfe/0x1d0 [ 373.481744][T10283] ? __pfx____sys_sendmsg+0x10/0x10 [ 373.481800][T10283] ? __pfx___might_resched+0x10/0x10 [ 373.481833][T10283] __sys_sendmmsg+0x200/0x420 [ 373.481861][T10283] ? __pfx___sys_sendmmsg+0x10/0x10 [ 373.481988][T10283] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 373.482042][T10283] ? fput+0x9b/0xd0 [ 373.482073][T10283] ? ksys_write+0x1ac/0x250 [ 373.482096][T10283] ? __pfx_ksys_write+0x10/0x10 [ 373.482126][T10283] __x64_sys_sendmmsg+0x9c/0x100 [ 373.482158][T10283] ? lockdep_hardirqs_on+0x7c/0x110 [ 373.482187][T10283] do_syscall_64+0xcd/0xfa0 [ 373.482217][T10283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.482242][T10283] RIP: 0033:0x7f953198f6c9 [ 373.482280][T10283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.482302][T10283] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 373.482326][T10283] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 373.482342][T10283] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 373.482357][T10283] RBP: 00007f952fbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 373.482372][T10283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.482386][T10283] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 373.482421][T10283] [ 373.938398][T10287] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1139'. [ 374.455983][T10294] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1141'. [ 376.721990][T10340] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1148'. [ 376.760755][T10332] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1146'. [ 379.330192][T10386] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1156'. [ 380.567369][T10410] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1161'. [ 382.931948][T10445] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1168'. [ 383.011696][T10446] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1169'. [ 383.699915][T10459] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1171'. [ 383.758716][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.766751][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.049223][T10468] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1174'. [ 386.341999][T10496] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1183'. [ 386.453218][T10501] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1183'. [ 387.138948][T10513] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1185'. [ 388.310273][T10538] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1193'. [ 388.662785][T10540] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1192'. [ 391.582827][T10594] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1204'. [ 392.470608][T10607] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1210'. [ 392.492683][T10607] FAULT_INJECTION: forcing a failure. [ 392.492683][T10607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 392.558563][T10607] CPU: 1 UID: 0 PID: 10607 Comm: syz.1.1210 Tainted: G U syzkaller #0 PREEMPT(full) [ 392.558601][T10607] Tainted: [U]=USER [ 392.558608][T10607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 392.558621][T10607] Call Trace: [ 392.558629][T10607] [ 392.558638][T10607] dump_stack_lvl+0x16c/0x1f0 [ 392.558678][T10607] should_fail_ex+0x512/0x640 [ 392.558716][T10607] _copy_from_iter+0x29f/0x1720 [ 392.558755][T10607] ? __alloc_skb+0x200/0x380 [ 392.558790][T10607] ? __pfx__copy_from_iter+0x10/0x10 [ 392.558827][T10607] ? __pfx___might_resched+0x10/0x10 [ 392.558853][T10607] ? __lock_acquire+0xb8a/0x1c90 [ 392.558893][T10607] netlink_sendmsg+0x820/0xdd0 [ 392.558925][T10607] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.558955][T10607] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 392.558995][T10607] ____sys_sendmsg+0xa98/0xc70 [ 392.559026][T10607] ? copy_msghdr_from_user+0x10a/0x160 [ 392.559049][T10607] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.559084][T10607] ? kfree+0x252/0x6d0 [ 392.559102][T10607] ? __pfx__kstrtoull+0x10/0x10 [ 392.559137][T10607] ___sys_sendmsg+0x134/0x1d0 [ 392.559164][T10607] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.559221][T10607] ? __pfx___might_resched+0x10/0x10 [ 392.559253][T10607] __sys_sendmmsg+0x200/0x420 [ 392.559282][T10607] ? __pfx___sys_sendmmsg+0x10/0x10 [ 392.559318][T10607] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 392.559361][T10607] ? fput+0x9b/0xd0 [ 392.559393][T10607] ? ksys_write+0x1ac/0x250 [ 392.559417][T10607] ? __pfx_ksys_write+0x10/0x10 [ 392.559449][T10607] __x64_sys_sendmmsg+0x9c/0x100 [ 392.559473][T10607] ? lockdep_hardirqs_on+0x7c/0x110 [ 392.559500][T10607] do_syscall_64+0xcd/0xfa0 [ 392.559530][T10607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.559555][T10607] RIP: 0033:0x7f15b118f6c9 [ 392.559575][T10607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.559601][T10607] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 392.559625][T10607] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 392.559641][T10607] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 392.559656][T10607] RBP: 00007f15b207a090 R08: 0000000000000000 R09: 0000000000000000 [ 392.559677][T10607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.559691][T10607] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 392.559727][T10607] [ 393.289124][T10609] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1209'. [ 395.571805][T10654] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1219'. [ 395.630368][T10654] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1219'. [ 396.178420][ T5833] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 397.516904][T10694] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1230'. [ 397.978338][T10699] ecryptfs_miscdev_write: memdup_user returned error [-14] [ 398.241260][ T5833] Bluetooth: hci1: command 0x0c1a tx timeout [ 398.250526][T10703] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1233'. [ 398.353885][T10703] FAULT_INJECTION: forcing a failure. [ 398.353885][T10703] name failslab, interval 1, probability 0, space 0, times 0 [ 398.379737][T10703] CPU: 0 UID: 0 PID: 10703 Comm: syz.3.1233 Tainted: G U syzkaller #0 PREEMPT(full) [ 398.379776][T10703] Tainted: [U]=USER [ 398.379784][T10703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 398.379798][T10703] Call Trace: [ 398.379807][T10703] [ 398.379816][T10703] dump_stack_lvl+0x16c/0x1f0 [ 398.379850][T10703] should_fail_ex+0x512/0x640 [ 398.379883][T10703] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 398.379909][T10703] should_failslab+0xc2/0x120 [ 398.379940][T10703] kmem_cache_alloc_noprof+0x75/0x6e0 [ 398.379965][T10703] ? skb_clone+0x190/0x3f0 [ 398.379993][T10703] ? skb_clone+0x190/0x3f0 [ 398.380021][T10703] skb_clone+0x190/0x3f0 [ 398.380047][T10703] netlink_deliver_tap+0xabd/0xd30 [ 398.380079][T10703] netlink_unicast+0x64c/0x870 [ 398.380108][T10703] ? __pfx_netlink_unicast+0x10/0x10 [ 398.380132][T10703] ? __pfx___might_resched+0x10/0x10 [ 398.380169][T10703] netlink_sendmsg+0x8c8/0xdd0 [ 398.380201][T10703] ? __pfx_netlink_sendmsg+0x10/0x10 [ 398.380230][T10703] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 398.380268][T10703] ____sys_sendmsg+0xa98/0xc70 [ 398.380298][T10703] ? copy_msghdr_from_user+0x10a/0x160 [ 398.380321][T10703] ? __pfx_____sys_sendmsg+0x10/0x10 [ 398.380353][T10703] ? kfree+0x252/0x6d0 [ 398.380370][T10703] ? __pfx__kstrtoull+0x10/0x10 [ 398.380406][T10703] ___sys_sendmsg+0x134/0x1d0 [ 398.380432][T10703] ? __pfx____sys_sendmsg+0x10/0x10 [ 398.380484][T10703] ? __pfx___might_resched+0x10/0x10 [ 398.380515][T10703] __sys_sendmmsg+0x200/0x420 [ 398.380543][T10703] ? __pfx___sys_sendmmsg+0x10/0x10 [ 398.380576][T10703] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 398.380622][T10703] ? fput+0x9b/0xd0 [ 398.380653][T10703] ? ksys_write+0x1ac/0x250 [ 398.380677][T10703] ? __pfx_ksys_write+0x10/0x10 [ 398.380709][T10703] __x64_sys_sendmmsg+0x9c/0x100 [ 398.380733][T10703] ? lockdep_hardirqs_on+0x7c/0x110 [ 398.380760][T10703] do_syscall_64+0xcd/0xfa0 [ 398.380790][T10703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.380815][T10703] RIP: 0033:0x7ffb1878f6c9 [ 398.380834][T10703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.380856][T10703] RSP: 002b:00007ffb19556038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 398.380879][T10703] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb1878f6c9 [ 398.380895][T10703] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 398.380909][T10703] RBP: 00007ffb19556090 R08: 0000000000000000 R09: 0000000000000000 [ 398.380923][T10703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 398.380936][T10703] R13: 00007ffb189e6038 R14: 00007ffb189e5fa0 R15: 00007fffde3f9748 [ 398.380967][T10703] [ 398.380990][T10703] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1233'. [ 399.940239][T10726] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1240'. [ 400.180682][T10734] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1250'. [ 400.194325][T10734] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1250'. [ 400.203630][T10734] FAULT_INJECTION: forcing a failure. [ 400.203630][T10734] name failslab, interval 1, probability 0, space 0, times 0 [ 400.222687][T10734] CPU: 1 UID: 0 PID: 10734 Comm: syz.3.1250 Tainted: G U syzkaller #0 PREEMPT(full) [ 400.222725][T10734] Tainted: [U]=USER [ 400.222732][T10734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 400.222745][T10734] Call Trace: [ 400.222752][T10734] [ 400.222762][T10734] dump_stack_lvl+0x16c/0x1f0 [ 400.222794][T10734] should_fail_ex+0x512/0x640 [ 400.222825][T10734] ? __kmalloc_noprof+0xca/0x880 [ 400.222861][T10734] should_failslab+0xc2/0x120 [ 400.222892][T10734] __kmalloc_noprof+0xdd/0x880 [ 400.222926][T10734] ? fib6_info_alloc+0x40/0x160 [ 400.222959][T10734] ? fib6_info_alloc+0x40/0x160 [ 400.222984][T10734] fib6_info_alloc+0x40/0x160 [ 400.223020][T10734] ip6_route_info_create+0x14c/0x870 [ 400.223050][T10734] ip6_route_add.part.0+0x22/0x1d0 [ 400.223087][T10734] inet6_rtm_newroute+0x185/0x1a0 [ 400.223112][T10734] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 400.223136][T10734] ? __lock_acquire+0x622/0x1c90 [ 400.223184][T10734] ? find_held_lock+0x2b/0x80 [ 400.223205][T10734] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 400.223228][T10734] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 400.223250][T10734] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 400.223278][T10734] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 400.223303][T10734] rtnetlink_rcv_msg+0x95e/0xe90 [ 400.223331][T10734] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 400.223365][T10734] ? ref_tracker_free+0x37c/0x830 [ 400.223392][T10734] netlink_rcv_skb+0x158/0x420 [ 400.223417][T10734] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 400.223444][T10734] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 400.223482][T10734] ? netlink_deliver_tap+0x1ae/0xd30 [ 400.223512][T10734] netlink_unicast+0x5aa/0x870 [ 400.223543][T10734] ? __pfx_netlink_unicast+0x10/0x10 [ 400.223567][T10734] ? __pfx___might_resched+0x10/0x10 [ 400.223603][T10734] netlink_sendmsg+0x8c8/0xdd0 [ 400.223634][T10734] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.223663][T10734] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 400.223702][T10734] ____sys_sendmsg+0xa98/0xc70 [ 400.223735][T10734] ? copy_msghdr_from_user+0x10a/0x160 [ 400.223758][T10734] ? __pfx_____sys_sendmsg+0x10/0x10 [ 400.223792][T10734] ? kfree+0x252/0x6d0 [ 400.223811][T10734] ? __pfx__kstrtoull+0x10/0x10 [ 400.223846][T10734] ___sys_sendmsg+0x134/0x1d0 [ 400.223873][T10734] ? __pfx____sys_sendmsg+0x10/0x10 [ 400.223929][T10734] ? __pfx___might_resched+0x10/0x10 [ 400.223959][T10734] __sys_sendmmsg+0x200/0x420 [ 400.223986][T10734] ? __pfx___sys_sendmmsg+0x10/0x10 [ 400.224029][T10734] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 400.224084][T10734] ? fput+0x9b/0xd0 [ 400.224115][T10734] ? ksys_write+0x1ac/0x250 [ 400.224140][T10734] ? __pfx_ksys_write+0x10/0x10 [ 400.224172][T10734] __x64_sys_sendmmsg+0x9c/0x100 [ 400.224195][T10734] ? lockdep_hardirqs_on+0x7c/0x110 [ 400.224223][T10734] do_syscall_64+0xcd/0xfa0 [ 400.224253][T10734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.224278][T10734] RIP: 0033:0x7ffb1878f6c9 [ 400.224299][T10734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.224322][T10734] RSP: 002b:00007ffb19556038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 400.224346][T10734] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb1878f6c9 [ 400.224363][T10734] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 400.224378][T10734] RBP: 00007ffb19556090 R08: 0000000000000000 R09: 0000000000000000 [ 400.224393][T10734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 400.224407][T10734] R13: 00007ffb189e6038 R14: 00007ffb189e5fa0 R15: 00007fffde3f9748 [ 400.224443][T10734] [ 400.687809][T10741] ecryptfs_miscdev_write: memdup_user returned error [-14] [ 402.001707][T10749] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1246'. [ 402.033538][T10769] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1251'. [ 402.147751][T10765] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1248'. [ 402.507272][T10778] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1253'. [ 403.180361][T10789] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 405.455262][T10822] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1261'. [ 405.474115][T10822] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1261'. [ 405.499155][T10822] FAULT_INJECTION: forcing a failure. [ 405.499155][T10822] name failslab, interval 1, probability 0, space 0, times 0 [ 405.513921][T10822] CPU: 1 UID: 0 PID: 10822 Comm: syz.3.1261 Tainted: G U syzkaller #0 PREEMPT(full) [ 405.513955][T10822] Tainted: [U]=USER [ 405.513962][T10822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 405.513974][T10822] Call Trace: [ 405.513982][T10822] [ 405.513990][T10822] dump_stack_lvl+0x16c/0x1f0 [ 405.514021][T10822] should_fail_ex+0x512/0x640 [ 405.514050][T10822] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 405.514077][T10822] should_failslab+0xc2/0x120 [ 405.514105][T10822] kmem_cache_alloc_node_noprof+0x78/0x770 [ 405.514136][T10822] ? __alloc_skb+0x2b2/0x380 [ 405.514174][T10822] ? __alloc_skb+0x2b2/0x380 [ 405.514201][T10822] __alloc_skb+0x2b2/0x380 [ 405.514232][T10822] ? __pfx___alloc_skb+0x10/0x10 [ 405.514261][T10822] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 405.514295][T10822] netlink_ack+0x15d/0xb80 [ 405.514328][T10822] netlink_rcv_skb+0x332/0x420 [ 405.514350][T10822] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 405.514376][T10822] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 405.514411][T10822] ? netlink_deliver_tap+0x1ae/0xd30 [ 405.514439][T10822] netlink_unicast+0x5aa/0x870 [ 405.514466][T10822] ? __pfx_netlink_unicast+0x10/0x10 [ 405.514488][T10822] ? __pfx___might_resched+0x10/0x10 [ 405.514523][T10822] netlink_sendmsg+0x8c8/0xdd0 [ 405.514551][T10822] ? __pfx_netlink_sendmsg+0x10/0x10 [ 405.514578][T10822] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 405.514614][T10822] ____sys_sendmsg+0xa98/0xc70 [ 405.514642][T10822] ? copy_msghdr_from_user+0x10a/0x160 [ 405.514663][T10822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 405.514694][T10822] ? kfree+0x252/0x6d0 [ 405.514710][T10822] ? __pfx__kstrtoull+0x10/0x10 [ 405.514743][T10822] ___sys_sendmsg+0x134/0x1d0 [ 405.514766][T10822] ? __pfx____sys_sendmsg+0x10/0x10 [ 405.514819][T10822] ? __pfx___might_resched+0x10/0x10 [ 405.514848][T10822] __sys_sendmmsg+0x200/0x420 [ 405.514875][T10822] ? __pfx___sys_sendmmsg+0x10/0x10 [ 405.514916][T10822] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 405.514961][T10822] ? fput+0x9b/0xd0 [ 405.514989][T10822] ? ksys_write+0x1ac/0x250 [ 405.515011][T10822] ? __pfx_ksys_write+0x10/0x10 [ 405.515040][T10822] __x64_sys_sendmmsg+0x9c/0x100 [ 405.515061][T10822] ? lockdep_hardirqs_on+0x7c/0x110 [ 405.515086][T10822] do_syscall_64+0xcd/0xfa0 [ 405.515113][T10822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.515144][T10822] RIP: 0033:0x7ffb1878f6c9 [ 405.515162][T10822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.515183][T10822] RSP: 002b:00007ffb19556038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 405.515204][T10822] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb1878f6c9 [ 405.515218][T10822] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 405.515231][T10822] RBP: 00007ffb19556090 R08: 0000000000000000 R09: 0000000000000000 [ 405.515244][T10822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 405.515256][T10822] R13: 00007ffb189e6038 R14: 00007ffb189e5fa0 R15: 00007fffde3f9748 [ 405.515288][T10822] [ 407.282850][T10866] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1273'. [ 407.420833][T10858] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1271'. [ 408.346534][T10884] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1279'. [ 410.445230][T10909] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1284'. [ 410.575790][T10916] ucma_write: process 1054 (syz.3.1287) changed security contexts after opening file descriptor, this is not allowed. [ 411.358649][ T5833] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 413.089516][T10952] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1297'. [ 413.433181][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout [ 413.500722][T10966] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1300'. [ 414.075854][T10976] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1304'. [ 414.108252][T10976] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1304'. [ 414.405035][T10989] syz.2.1307 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 415.072040][T10986] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 415.078327][T10986] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 415.084547][T10986] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 415.091224][T10986] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 416.061931][T11011] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1319'. [ 416.462308][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1312'. [ 416.791474][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout [ 417.111411][ T5833] Bluetooth: hci3: command 0x0c1a tx timeout [ 417.117467][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout [ 417.121204][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 417.520499][T11031] FAULT_INJECTION: forcing a failure. [ 417.520499][T11031] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.570540][T11031] CPU: 1 UID: 0 PID: 11031 Comm: syz.1.1315 Tainted: G U syzkaller #0 PREEMPT(full) [ 417.570581][T11031] Tainted: [U]=USER [ 417.570589][T11031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 417.570603][T11031] Call Trace: [ 417.570612][T11031] [ 417.570622][T11031] dump_stack_lvl+0x16c/0x1f0 [ 417.570656][T11031] should_fail_ex+0x512/0x640 [ 417.570698][T11031] _copy_to_user+0x32/0xd0 [ 417.570734][T11031] simple_read_from_buffer+0xcb/0x170 [ 417.570771][T11031] proc_fail_nth_read+0x197/0x240 [ 417.570799][T11031] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 417.570829][T11031] ? rw_verify_area+0xcf/0x6c0 [ 417.570852][T11031] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 417.570879][T11031] vfs_read+0x1e4/0xcf0 [ 417.570909][T11031] ? __pfx___mutex_lock+0x10/0x10 [ 417.570938][T11031] ? __pfx_vfs_read+0x10/0x10 [ 417.570975][T11031] ? __fget_files+0x20e/0x3c0 [ 417.571010][T11031] ksys_read+0x12a/0x250 [ 417.571042][T11031] ? __pfx_ksys_read+0x10/0x10 [ 417.571079][T11031] do_syscall_64+0xcd/0xfa0 [ 417.571110][T11031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.571134][T11031] RIP: 0033:0x7f15b118e0dc [ 417.571153][T11031] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 417.571174][T11031] RSP: 002b:00007f15b207a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 417.571197][T11031] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118e0dc [ 417.571214][T11031] RDX: 000000000000000f RSI: 00007f15b207a0a0 RDI: 0000000000000004 [ 417.571229][T11031] RBP: 00007f15b207a090 R08: 0000000000000000 R09: 0000000000000000 [ 417.571243][T11031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.571258][T11031] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 417.571294][T11031] [ 419.132923][T11057] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1324'. [ 420.135103][T11074] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1328'. [ 420.158012][T11076] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1330'. [ 421.752268][T11100] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1336'. [ 423.306895][T11122] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1339'. [ 424.397391][T11141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1346'. [ 425.692292][T11170] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1355'. [ 426.133503][T11174] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1356'. syzkaller syzkaller login: [ 427.458935][ T52] block nbd0: Receive control failed (result -107) [ 429.155149][T11215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1367'. [ 430.727536][T11247] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1375'. [ 431.319456][T11254] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1378'. [ 431.605908][T11259] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1380'. [ 432.578437][T11276] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1385'. [ 432.699138][T11278] FAULT_INJECTION: forcing a failure. [ 432.699138][T11278] name failslab, interval 1, probability 0, space 0, times 0 [ 432.732344][T11278] CPU: 1 UID: 0 PID: 11278 Comm: syz.2.1386 Tainted: G U syzkaller #0 PREEMPT(full) [ 432.732388][T11278] Tainted: [U]=USER [ 432.732397][T11278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 432.732412][T11278] Call Trace: [ 432.732420][T11278] [ 432.732430][T11278] dump_stack_lvl+0x16c/0x1f0 [ 432.732465][T11278] should_fail_ex+0x512/0x640 [ 432.732502][T11278] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 432.732532][T11278] should_failslab+0xc2/0x120 [ 432.732564][T11278] kmem_cache_alloc_noprof+0x75/0x6e0 [ 432.732590][T11278] ? prepare_creds+0x2c/0x7d0 [ 432.732631][T11278] ? prepare_creds+0x2c/0x7d0 [ 432.732662][T11278] prepare_creds+0x2c/0x7d0 [ 432.732700][T11278] __sys_setresuid+0x46d/0x1160 [ 432.732729][T11278] ? rcu_is_watching+0x12/0xc0 [ 432.732759][T11278] do_syscall_64+0xcd/0xfa0 [ 432.732791][T11278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.732816][T11278] RIP: 0033:0x7f953198f6c9 [ 432.732837][T11278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.732862][T11278] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 432.732886][T11278] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 432.732903][T11278] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffffffffffffff [ 432.732920][T11278] RBP: 00007f9531a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 432.732935][T11278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.732949][T11278] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 432.732985][T11278] [ 435.040503][T11321] FAULT_INJECTION: forcing a failure. [ 435.040503][T11321] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 435.081755][T11321] CPU: 1 UID: 0 PID: 11321 Comm: syz.2.1397 Tainted: G U syzkaller #0 PREEMPT(full) [ 435.081792][T11321] Tainted: [U]=USER [ 435.081801][T11321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 435.081814][T11321] Call Trace: [ 435.081823][T11321] [ 435.081832][T11321] dump_stack_lvl+0x16c/0x1f0 [ 435.081866][T11321] should_fail_ex+0x512/0x640 [ 435.081905][T11321] _copy_to_user+0x32/0xd0 [ 435.081943][T11321] simple_read_from_buffer+0xcb/0x170 [ 435.081982][T11321] proc_fail_nth_read+0x197/0x240 [ 435.082010][T11321] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 435.082047][T11321] ? rw_verify_area+0xcf/0x6c0 [ 435.082069][T11321] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 435.082095][T11321] vfs_read+0x1e4/0xcf0 [ 435.082126][T11321] ? __pfx___mutex_lock+0x10/0x10 [ 435.082155][T11321] ? __pfx_vfs_read+0x10/0x10 [ 435.082188][T11321] ? __fget_files+0x20e/0x3c0 [ 435.082211][T11321] ? rcu_watching_snap_stopped_since+0x40/0x110 [ 435.082249][T11321] ksys_read+0x12a/0x250 [ 435.082274][T11321] ? __pfx_ksys_read+0x10/0x10 [ 435.082300][T11321] ? arch_ptrace+0x6c/0x650 [ 435.082341][T11321] do_syscall_64+0xcd/0xfa0 [ 435.082372][T11321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.082396][T11321] RIP: 0033:0x7f953198e0dc [ 435.082416][T11321] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 435.082436][T11321] RSP: 002b:00007f952fbf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 435.082459][T11321] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198e0dc [ 435.082475][T11321] RDX: 000000000000000f RSI: 00007f952fbf60a0 RDI: 0000000000000003 [ 435.082490][T11321] RBP: 00007f952fbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 435.082505][T11321] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 435.082519][T11321] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 435.082555][T11321] [ 437.815608][T11352] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1402'. [ 438.552645][T11375] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1408'. [ 440.264519][T11385] FAULT_INJECTION: forcing a failure. [ 440.264519][T11385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 440.356603][T11385] CPU: 1 UID: 0 PID: 11385 Comm: syz.3.1411 Tainted: G U syzkaller #0 PREEMPT(full) [ 440.356634][T11385] Tainted: [U]=USER [ 440.356639][T11385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 440.356647][T11385] Call Trace: [ 440.356652][T11385] [ 440.356658][T11385] dump_stack_lvl+0x16c/0x1f0 [ 440.356681][T11385] should_fail_ex+0x512/0x640 [ 440.356705][T11385] _copy_from_user+0x2e/0xd0 [ 440.356728][T11385] get_timespec64+0x8b/0x1b0 [ 440.356747][T11385] ? __pfx_get_timespec64+0x10/0x10 [ 440.356769][T11385] ? common_nsleep+0xa1/0xd0 [ 440.356789][T11385] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 440.356806][T11385] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 440.356827][T11385] do_syscall_64+0xcd/0xfa0 [ 440.356845][T11385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.356860][T11385] RIP: 0033:0x7ffb187c1f85 [ 440.356872][T11385] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 440.356886][T11385] RSP: 002b:00007fffde3f9840 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 440.356900][T11385] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb187c1f85 [ 440.356909][T11385] RDX: 00007fffde3f9880 RSI: 0000000000000000 RDI: 0000000000000000 [ 440.356918][T11385] RBP: 00007ffb189e7da0 R08: 0000000000000000 R09: 00007ffb19557000 [ 440.356926][T11385] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000006b7ae [ 440.356935][T11385] R13: 00007fffde3f99a0 R14: ffffffffffffffff R15: 00007fffde3f99c0 [ 440.356954][T11385] [ 440.930787][T11397] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1413'. [ 442.844145][T11427] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1422'. [ 444.269373][T11442] kfence: disabled [ 445.194881][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.201609][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.265799][T11484] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1439'. [ 447.930152][T11499] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1452'. [ 448.043372][T11502] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1451'. [ 448.353965][T11501] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1443'. [ 450.038410][T11526] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1453'. [ 450.108666][T11535] Malformed UNC in devname [ 450.108666][T11535] [ 450.137093][T11535] CIFS: VFS: Malformed UNC in devname [ 450.782402][T11543] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1456'. [ 450.788114][T11544] base or size exceeds the MTRR width [ 454.193395][T11584] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1470'. [ 457.862811][T11635] FAULT_INJECTION: forcing a failure. [ 457.862811][T11635] name failslab, interval 1, probability 0, space 0, times 0 [ 457.878718][T11635] CPU: 1 UID: 0 PID: 11635 Comm: syz.0.1480 Tainted: G U syzkaller #0 PREEMPT(full) [ 457.878755][T11635] Tainted: [U]=USER [ 457.878763][T11635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 457.878778][T11635] Call Trace: [ 457.878786][T11635] [ 457.878796][T11635] dump_stack_lvl+0x16c/0x1f0 [ 457.878830][T11635] should_fail_ex+0x512/0x640 [ 457.878864][T11635] ? fs_reclaim_acquire+0xae/0x150 [ 457.878897][T11635] should_failslab+0xc2/0x120 [ 457.878928][T11635] __kmalloc_noprof+0xdd/0x880 [ 457.878964][T11635] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 457.878999][T11635] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 457.879032][T11635] tomoyo_realpath_from_path+0xc2/0x6e0 [ 457.879063][T11635] ? tomoyo_profile+0x47/0x60 [ 457.879097][T11635] tomoyo_path_number_perm+0x245/0x580 [ 457.879131][T11635] ? tomoyo_path_number_perm+0x237/0x580 [ 457.879166][T11635] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 457.879200][T11635] ? find_held_lock+0x2b/0x80 [ 457.879248][T11635] ? find_held_lock+0x2b/0x80 [ 457.879269][T11635] ? hook_file_ioctl_common+0x145/0x410 [ 457.879300][T11635] ? __fget_files+0x20e/0x3c0 [ 457.879330][T11635] security_file_ioctl+0x9b/0x240 [ 457.879354][T11635] __x64_sys_ioctl+0xb7/0x210 [ 457.879387][T11635] do_syscall_64+0xcd/0xfa0 [ 457.879417][T11635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.879441][T11635] RIP: 0033:0x7fbc7738f6c9 [ 457.879461][T11635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.879482][T11635] RSP: 002b:00007fbc78267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.879503][T11635] RAX: ffffffffffffffda RBX: 00007fbc775e5fa0 RCX: 00007fbc7738f6c9 [ 457.879519][T11635] RDX: 00002000000004c0 RSI: 00000000c1004111 RDI: 0000000000000005 [ 457.879533][T11635] RBP: 00007fbc78267090 R08: 0000000000000000 R09: 0000000000000000 [ 457.879547][T11635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.879561][T11635] R13: 00007fbc775e6038 R14: 00007fbc775e5fa0 R15: 00007ffd5a124c18 [ 457.879597][T11635] [ 457.880436][T11635] ERROR: Out of memory at tomoyo_realpath_from_path. [ 461.194490][T11693] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1497'. [ 463.561832][T11738] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1509'. [ 464.381234][T11754] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1512'. [ 464.746858][T11769] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1517'. [ 464.786297][T11769] Malformed UNC in devname [ 464.786297][T11769] [ 464.793850][T11769] CIFS: VFS: Malformed UNC in devname [ 465.214160][T11782] netlink: 'syz.1.1522': attribute type 4 has an invalid length. [ 465.231366][T11782] netlink: 'syz.1.1522': attribute type 5 has an invalid length. [ 465.251245][T11782] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1522'. [ 467.926933][T11832] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1539'. [ 468.785822][T11847] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1544'. [ 469.795726][T11873] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1551'. [ 471.488748][T11906] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1561'. [ 473.637583][T11939] FAULT_INJECTION: forcing a failure. [ 473.637583][T11939] name failslab, interval 1, probability 0, space 0, times 0 [ 473.652088][T11939] CPU: 1 UID: 0 PID: 11939 Comm: syz.1.1570 Tainted: G U syzkaller #0 PREEMPT(full) [ 473.652129][T11939] Tainted: [U]=USER [ 473.652137][T11939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 473.652151][T11939] Call Trace: [ 473.652158][T11939] [ 473.652168][T11939] dump_stack_lvl+0x16c/0x1f0 [ 473.652204][T11939] should_fail_ex+0x512/0x640 [ 473.652252][T11939] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 473.652281][T11939] should_failslab+0xc2/0x120 [ 473.652310][T11939] kmem_cache_alloc_noprof+0x75/0x6e0 [ 473.652333][T11939] ? ptlock_alloc+0x1f/0x70 [ 473.652370][T11939] ? ptlock_alloc+0x1f/0x70 [ 473.652398][T11939] ptlock_alloc+0x1f/0x70 [ 473.652431][T11939] pte_alloc_one+0x84/0x350 [ 473.652487][T11939] __pte_alloc+0x6d/0x380 [ 473.652516][T11939] ? __pfx___pte_alloc+0x10/0x10 [ 473.652543][T11939] ? __pfx___might_resched+0x10/0x10 [ 473.652567][T11939] ? copy_page_range+0x1c69/0x6930 [ 473.652603][T11939] copy_page_range+0x44a1/0x6930 [ 473.652676][T11939] ? __pfx_copy_page_range+0x10/0x10 [ 473.652726][T11939] ? __pfx___might_resched+0x10/0x10 [ 473.652747][T11939] ? __pfx_mas_store+0x10/0x10 [ 473.652774][T11939] ? __vma_enter_locked+0x163/0x3f0 [ 473.652810][T11939] ? dup_mmap+0xe30/0x2280 [ 473.652842][T11939] ? down_write+0x14d/0x200 [ 473.652875][T11939] ? up_write+0x1b2/0x520 [ 473.652911][T11939] dup_mmap+0xe80/0x2280 [ 473.652956][T11939] ? __pfx_dup_mmap+0x10/0x10 [ 473.653015][T11939] copy_process+0x3f0c/0x76a0 [ 473.653059][T11939] ? __pfx___futex_wait+0x10/0x10 [ 473.653097][T11939] ? __pfx_copy_process+0x10/0x10 [ 473.653137][T11939] ? futex_private_hash_put+0xd5/0x190 [ 473.653178][T11939] kernel_clone+0xfc/0x930 [ 473.653211][T11939] ? __pfx_kernel_clone+0x10/0x10 [ 473.653263][T11939] __do_sys_clone+0xce/0x120 [ 473.653292][T11939] ? __pfx___do_sys_clone+0x10/0x10 [ 473.653321][T11939] ? __sys_sendmsg+0x18c/0x220 [ 473.653362][T11939] ? xfd_validate_state+0x61/0x180 [ 473.653409][T11939] do_syscall_64+0xcd/0xfa0 [ 473.653441][T11939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.653475][T11939] RIP: 0033:0x7f15b118f6c9 [ 473.653498][T11939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.653523][T11939] RSP: 002b:00007f15b2037fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 473.653549][T11939] RAX: ffffffffffffffda RBX: 00007f15b13e6180 RCX: 00007f15b118f6c9 [ 473.653567][T11939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 473.653582][T11939] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 473.653596][T11939] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 473.653611][T11939] R13: 00007f15b13e6218 R14: 00007f15b13e6180 R15: 00007ffc4d784588 [ 473.653645][T11939] [ 475.047704][T11962] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1575'. [ 475.269952][T11966] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1577'. [ 475.428730][T11966] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1577'. [ 478.479483][T11999] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1585'. [ 480.704985][T12029] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1594'. [ 480.756547][T12029] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1594'. [ 481.127674][T12042] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1596'. [ 484.990457][T12077] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1605'. [ 486.467597][T12112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1616'. [ 487.219061][T12131] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1622'. [ 488.817669][T12149] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1626'. [ 491.103279][T12194] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1640'. [ 491.167819][T12194] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1640'. [ 491.481756][T12195] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1638'. [ 493.356203][T12224] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1646'. [ 493.398421][T12224] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1646'. [ 495.473169][T12236] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1650'. [ 500.009938][T12306] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1667'. [ 501.688108][T12334] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1674'. [ 502.915043][T12350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1677'. [ 504.517512][T12365] debugfs: '!P' already exists in 'ieee80211' [ 506.655811][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.667077][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.840445][T12408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1691'. [ 507.223781][T12426] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1697'. [ 509.371728][T12450] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1704'. [ 509.398845][T12450] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1704'. [ 510.608678][T12479] FAULT_INJECTION: forcing a failure. [ 510.608678][T12479] name failslab, interval 1, probability 0, space 0, times 0 [ 510.634968][T12479] CPU: 1 UID: 0 PID: 12479 Comm: syz.1.1712 Tainted: G U syzkaller #0 PREEMPT(full) [ 510.635010][T12479] Tainted: [U]=USER [ 510.635017][T12479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 510.635029][T12479] Call Trace: [ 510.635037][T12479] [ 510.635047][T12479] dump_stack_lvl+0x16c/0x1f0 [ 510.635079][T12479] should_fail_ex+0x512/0x640 [ 510.635112][T12479] ? fs_reclaim_acquire+0xae/0x150 [ 510.635145][T12479] should_failslab+0xc2/0x120 [ 510.635175][T12479] __kmalloc_noprof+0xdd/0x880 [ 510.635206][T12479] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 510.635238][T12479] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 510.635264][T12479] tomoyo_realpath_from_path+0xc2/0x6e0 [ 510.635294][T12479] ? tomoyo_profile+0x47/0x60 [ 510.635328][T12479] tomoyo_path_number_perm+0x245/0x580 [ 510.635361][T12479] ? tomoyo_path_number_perm+0x237/0x580 [ 510.635400][T12479] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 510.635439][T12479] ? find_held_lock+0x2b/0x80 [ 510.635498][T12479] ? find_held_lock+0x2b/0x80 [ 510.635522][T12479] ? hook_file_ioctl_common+0x145/0x410 [ 510.635554][T12479] ? __fget_files+0x20e/0x3c0 [ 510.635586][T12479] security_file_ioctl+0x9b/0x240 [ 510.635612][T12479] __x64_sys_ioctl+0xb7/0x210 [ 510.635648][T12479] do_syscall_64+0xcd/0xfa0 [ 510.635679][T12479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.635704][T12479] RIP: 0033:0x7f15b118f6c9 [ 510.635723][T12479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.635743][T12479] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 510.635765][T12479] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 510.635781][T12479] RDX: 0000000000000003 RSI: 00000000c060ff0b RDI: 0000000000000003 [ 510.635795][T12479] RBP: 00007f15b207a090 R08: 0000000000000000 R09: 0000000000000000 [ 510.635810][T12479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.635824][T12479] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 510.635858][T12479] [ 510.635869][T12479] ERROR: Out of memory at tomoyo_realpath_from_path. [ 512.350092][T12498] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1717'. [ 512.623280][T12494] FAULT_INJECTION: forcing a failure. [ 512.623280][T12494] name failslab, interval 1, probability 0, space 0, times 0 [ 512.942734][T12494] CPU: 0 UID: 0 PID: 12494 Comm: syz.1.1716 Tainted: G U syzkaller #0 PREEMPT(full) [ 512.942779][T12494] Tainted: [U]=USER [ 512.942788][T12494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 512.942806][T12494] Call Trace: [ 512.942815][T12494] [ 512.942826][T12494] dump_stack_lvl+0x16c/0x1f0 [ 512.942862][T12494] should_fail_ex+0x512/0x640 [ 512.942906][T12494] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 512.942938][T12494] should_failslab+0xc2/0x120 [ 512.942972][T12494] kmem_cache_alloc_noprof+0x75/0x6e0 [ 512.942999][T12494] ? __kernfs_new_node+0xd2/0x8e0 [ 512.943037][T12494] ? __kernfs_new_node+0xd2/0x8e0 [ 512.943066][T12494] __kernfs_new_node+0xd2/0x8e0 [ 512.943103][T12494] ? __pfx___kernfs_new_node+0x10/0x10 [ 512.943144][T12494] ? find_held_lock+0x2b/0x80 [ 512.943172][T12494] ? kernfs_root+0xee/0x2a0 [ 512.943210][T12494] kernfs_new_node+0x13c/0x1e0 [ 512.943252][T12494] __kernfs_create_file+0x53/0x350 [ 512.943283][T12494] sysfs_add_file_mode_ns+0x207/0x3c0 [ 512.943323][T12494] internal_create_group+0x578/0xf30 [ 512.943367][T12494] ? __pfx_internal_create_group+0x10/0x10 [ 512.943406][T12494] ? kernfs_create_link+0x1bd/0x240 [ 512.943438][T12494] internal_create_groups+0x9d/0x150 [ 512.943474][T12494] device_add+0x77f/0x1aa0 [ 512.943515][T12494] ? __pfx_device_add+0x10/0x10 [ 512.943551][T12494] ? lockdep_init_map_type+0x5c/0x280 [ 512.943586][T12494] ? __init_waitqueue_head+0xca/0x150 [ 512.943619][T12494] netdev_register_kobject+0x1a9/0x3d0 [ 512.943655][T12494] register_netdevice+0x13dc/0x2270 [ 512.943692][T12494] ? __pfx_register_netdevice+0x10/0x10 [ 512.943733][T12494] ppp_dev_configure+0xa1e/0xd40 [ 512.943773][T12494] ppp_ioctl+0x170e/0x2880 [ 512.943807][T12494] ? find_held_lock+0x2b/0x80 [ 512.943833][T12494] ? __pfx_ppp_ioctl+0x10/0x10 [ 512.943865][T12494] ? __fget_files+0x20e/0x3c0 [ 512.943888][T12494] ? __pfx_ppp_ioctl+0x10/0x10 [ 512.943909][T12494] __x64_sys_ioctl+0x18e/0x210 [ 512.943932][T12494] do_syscall_64+0xcd/0xfa0 [ 512.943954][T12494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.943970][T12494] RIP: 0033:0x7f15b118f6c9 [ 512.943983][T12494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.943997][T12494] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.944012][T12494] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 512.944021][T12494] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000008 [ 512.944029][T12494] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 512.944038][T12494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 512.944047][T12494] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 512.944066][T12494] [ 516.032831][T12550] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1731'. [ 518.775595][T12594] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1741'. [ 518.981536][T12594] netlink: 314 bytes leftover after parsing attributes in process `syz.1.1741'. [ 519.894174][T12614] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1748'. [ 519.961093][T12614] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1748'. [ 520.055708][T12617] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1748'. [ 520.229385][T12621] FAULT_INJECTION: forcing a failure. [ 520.229385][T12621] name failslab, interval 1, probability 0, space 0, times 0 [ 520.264813][T12621] CPU: 1 UID: 0 PID: 12621 Comm: syz.3.1751 Tainted: G U syzkaller #0 PREEMPT(full) [ 520.264842][T12621] Tainted: [U]=USER [ 520.264848][T12621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 520.264857][T12621] Call Trace: [ 520.264862][T12621] [ 520.264867][T12621] dump_stack_lvl+0x16c/0x1f0 [ 520.264889][T12621] should_fail_ex+0x512/0x640 [ 520.264911][T12621] ? fs_reclaim_acquire+0xae/0x150 [ 520.264931][T12621] should_failslab+0xc2/0x120 [ 520.264951][T12621] __kmalloc_noprof+0xdd/0x880 [ 520.264974][T12621] ? tomoyo_encode2+0x100/0x3e0 [ 520.264993][T12621] ? tomoyo_encode2+0x100/0x3e0 [ 520.265007][T12621] tomoyo_encode2+0x100/0x3e0 [ 520.265025][T12621] tomoyo_encode+0x29/0x50 [ 520.265040][T12621] tomoyo_realpath_from_path+0x18f/0x6e0 [ 520.265058][T12621] ? tomoyo_profile+0x47/0x60 [ 520.265078][T12621] tomoyo_path_number_perm+0x245/0x580 [ 520.265106][T12621] ? tomoyo_path_number_perm+0x237/0x580 [ 520.265130][T12621] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 520.265153][T12621] ? find_held_lock+0x2b/0x80 [ 520.265184][T12621] ? find_held_lock+0x2b/0x80 [ 520.265198][T12621] ? hook_file_ioctl_common+0x145/0x410 [ 520.265217][T12621] ? __fget_files+0x20e/0x3c0 [ 520.265234][T12621] security_file_ioctl+0x9b/0x240 [ 520.265250][T12621] __x64_sys_ioctl+0xb7/0x210 [ 520.265272][T12621] do_syscall_64+0xcd/0xfa0 [ 520.265291][T12621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.265305][T12621] RIP: 0033:0x7ffb1878f6c9 [ 520.265317][T12621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 520.265331][T12621] RSP: 002b:00007ffb19556038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 520.265345][T12621] RAX: ffffffffffffffda RBX: 00007ffb189e5fa0 RCX: 00007ffb1878f6c9 [ 520.265354][T12621] RDX: 0000000000000003 RSI: 00000000c060ff0b RDI: 0000000000000003 [ 520.265363][T12621] RBP: 00007ffb19556090 R08: 0000000000000000 R09: 0000000000000000 [ 520.265371][T12621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 520.265379][T12621] R13: 00007ffb189e6038 R14: 00007ffb189e5fa0 R15: 00007fffde3f9748 [ 520.265398][T12621] [ 520.265412][T12621] ERROR: Out of memory at tomoyo_realpath_from_path. [ 521.102388][T12630] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1753'. [ 521.462612][T12640] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 526.174985][T12702] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1772'. [ 526.225221][T12702] netlink: 314 bytes leftover after parsing attributes in process `syz.1.1772'. [ 527.108080][T12723] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 528.636727][T12742] FAULT_INJECTION: forcing a failure. [ 528.636727][T12742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 528.691014][T12742] CPU: 0 UID: 0 PID: 12742 Comm: syz.1.1782 Tainted: G U syzkaller #0 PREEMPT(full) [ 528.691053][T12742] Tainted: [U]=USER [ 528.691061][T12742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 528.691074][T12742] Call Trace: [ 528.691082][T12742] [ 528.691092][T12742] dump_stack_lvl+0x16c/0x1f0 [ 528.691125][T12742] should_fail_ex+0x512/0x640 [ 528.691165][T12742] _copy_from_user+0x2e/0xd0 [ 528.691200][T12742] pidfd_ioctl+0x854/0x2740 [ 528.691236][T12742] ? __pfx_pidfd_ioctl+0x10/0x10 [ 528.691267][T12742] ? find_held_lock+0x2b/0x80 [ 528.691309][T12742] ? __pfx_pidfd_ioctl+0x10/0x10 [ 528.691344][T12742] __x64_sys_ioctl+0x18e/0x210 [ 528.691380][T12742] do_syscall_64+0xcd/0xfa0 [ 528.691411][T12742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.691435][T12742] RIP: 0033:0x7f15b118f6c9 [ 528.691455][T12742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.691478][T12742] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 528.691500][T12742] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 528.691515][T12742] RDX: 0000000000000003 RSI: 00000000c060ff0b RDI: 0000000000000003 [ 528.691529][T12742] RBP: 00007f15b207a090 R08: 0000000000000000 R09: 0000000000000000 [ 528.691544][T12742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.691558][T12742] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 528.691593][T12742] [ 531.933690][T12777] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 [ 534.534341][T12806] nbd: couldn't find device at index 33904 [ 535.065332][T12817] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1801'. [ 535.119310][T12817] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1801'. [ 535.357774][T12820] zswap: compressor not available [ 536.000322][T12834] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1806'. [ 536.876857][T12849] FAULT_INJECTION: forcing a failure. [ 536.876857][T12849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 536.953641][T12849] CPU: 0 UID: 0 PID: 12849 Comm: syz.1.1809 Tainted: G U syzkaller #0 PREEMPT(full) [ 536.953682][T12849] Tainted: [U]=USER [ 536.953690][T12849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 536.953704][T12849] Call Trace: [ 536.953712][T12849] [ 536.953721][T12849] dump_stack_lvl+0x16c/0x1f0 [ 536.953753][T12849] should_fail_ex+0x512/0x640 [ 536.953790][T12849] _copy_to_user+0x32/0xd0 [ 536.953828][T12849] pidfd_ioctl+0x177a/0x2740 [ 536.953867][T12849] ? __pfx_pidfd_ioctl+0x10/0x10 [ 536.953907][T12849] ? find_held_lock+0x2b/0x80 [ 536.953955][T12849] ? __pfx_pidfd_ioctl+0x10/0x10 [ 536.953991][T12849] __x64_sys_ioctl+0x18e/0x210 [ 536.954028][T12849] do_syscall_64+0xcd/0xfa0 [ 536.954058][T12849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.954083][T12849] RIP: 0033:0x7f15b118f6c9 [ 536.954103][T12849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.954125][T12849] RSP: 002b:00007f15b2059038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 536.954149][T12849] RAX: ffffffffffffffda RBX: 00007f15b13e6090 RCX: 00007f15b118f6c9 [ 536.954165][T12849] RDX: 0000000000000003 RSI: 00000000c060ff0b RDI: 0000000000000003 [ 536.954179][T12849] RBP: 00007f15b2059090 R08: 0000000000000000 R09: 0000000000000000 [ 536.954194][T12849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.954208][T12849] R13: 00007f15b13e6128 R14: 00007f15b13e6090 R15: 00007ffc4d784588 [ 536.954243][T12849] [ 537.115694][ C0] vkms_vblank_simulate: vblank timer overrun [ 537.173407][T12852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1808'. [ 541.776127][T12908] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1825'. [ 542.080648][T12916] nbd: couldn't find device at index 33904 [ 544.741995][T12958] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 545.316685][T12961] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 546.718432][T12995] zswap: compressor not available [ 547.271137][T13023] usb usb37: usbfs: process 13023 (syz.2.1842) did not claim interface 0 before use [ 547.320731][T13013] nbd: couldn't find device at index 33904 [ 547.832389][T13053] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input18 [ 548.579993][T13073] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input20 [ 550.432161][T13089] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1850'. [ 550.952821][T13090] zswap: compressor not available [ 554.011741][T13101] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1852'. [ 554.023217][T13118] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input21 [ 554.180598][T13124] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 556.117061][T13134] nbd: couldn't find device at index 33904 [ 559.540720][T13156] capability: warning: `syz.1.1867' uses 32-bit capabilities (legacy support in use) [ 560.473717][T13166] snd_aloop snd_aloop.0: control 7:265:7::2 is already present [ 567.219242][T13223] zswap: compressor not available [ 568.086624][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.093109][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.319995][T13260] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1889'. [ 571.131664][T13265] zswap: compressor not available [ 576.524052][T12971] syz.3.1831 (12971) used greatest stack depth: 18552 bytes left [ 577.517404][T13352] snd_aloop snd_aloop.0: control 7:265:7::2 is already present [ 578.024110][T13362] : Can't lookup blockdev [ 578.467778][T13369] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1919'. [ 579.130383][T13381] : Can't lookup blockdev [ 582.258750][T13400] zswap: compressor not available [ 583.867554][T13433] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1937'. [ 584.780871][T13445] zswap: compressor not available [ 587.531848][T13486] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1950'. [ 590.535233][T13529] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1958'. [ 592.546373][T13561] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input22 [ 594.591449][T13603] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input23 [ 594.755611][T13609] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1984'. [ 594.893833][T13614] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1983'. [ 596.114763][T13627] FAULT_INJECTION: forcing a failure. [ 596.114763][T13627] name failslab, interval 1, probability 0, space 0, times 0 [ 596.192359][T13627] CPU: 1 UID: 0 PID: 13627 Comm: syz.1.1988 Tainted: G U syzkaller #0 PREEMPT(full) [ 596.192386][T13627] Tainted: [U]=USER [ 596.192391][T13627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 596.192400][T13627] Call Trace: [ 596.192405][T13627] [ 596.192411][T13627] dump_stack_lvl+0x16c/0x1f0 [ 596.192434][T13627] should_fail_ex+0x512/0x640 [ 596.192457][T13627] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 596.192474][T13627] should_failslab+0xc2/0x120 [ 596.192494][T13627] kmem_cache_alloc_noprof+0x75/0x6e0 [ 596.192508][T13627] ? locks_get_lock_context+0x243/0x410 [ 596.192533][T13627] ? locks_get_lock_context+0x243/0x410 [ 596.192553][T13627] locks_get_lock_context+0x243/0x410 [ 596.192575][T13627] flock_lock_inode+0xb1/0x1030 [ 596.192601][T13627] ? __pfx_flock_lock_inode+0x10/0x10 [ 596.192622][T13627] ? __pfx___might_resched+0x10/0x10 [ 596.192641][T13627] locks_lock_inode_wait+0x1da/0x490 [ 596.192655][T13627] ? __pfx_locks_lock_inode_wait+0x10/0x10 [ 596.192672][T13627] ? common_file_perm+0x1a9/0x340 [ 596.192689][T13627] __do_sys_flock+0x446/0x520 [ 596.192702][T13627] ? __pfx___do_sys_flock+0x10/0x10 [ 596.192728][T13627] ? xfd_validate_state+0x61/0x180 [ 596.192754][T13627] do_syscall_64+0xcd/0xfa0 [ 596.192772][T13627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.192787][T13627] RIP: 0033:0x7f15b118f6c9 [ 596.192799][T13627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.192813][T13627] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 596.192827][T13627] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 596.192836][T13627] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 596.192844][T13627] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 596.192853][T13627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.192861][T13627] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 596.192880][T13627] [ 598.660678][T13662] FAULT_INJECTION: forcing a failure. [ 598.660678][T13662] name failslab, interval 1, probability 0, space 0, times 0 [ 598.703189][T13662] CPU: 1 UID: 0 PID: 13662 Comm: syz.1.1997 Tainted: G U syzkaller #0 PREEMPT(full) [ 598.703232][T13662] Tainted: [U]=USER [ 598.703241][T13662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 598.703255][T13662] Call Trace: [ 598.703264][T13662] [ 598.703274][T13662] dump_stack_lvl+0x16c/0x1f0 [ 598.703310][T13662] should_fail_ex+0x512/0x640 [ 598.703345][T13662] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 598.703374][T13662] should_failslab+0xc2/0x120 [ 598.703404][T13662] kmem_cache_alloc_noprof+0x75/0x6e0 [ 598.703428][T13662] ? __kernfs_new_node+0xd2/0x8e0 [ 598.703462][T13662] ? __kernfs_new_node+0xd2/0x8e0 [ 598.703487][T13662] __kernfs_new_node+0xd2/0x8e0 [ 598.703516][T13662] ? kernfs_add_one+0x37d/0x840 [ 598.703547][T13662] ? __pfx___kernfs_new_node+0x10/0x10 [ 598.703583][T13662] ? find_held_lock+0x2b/0x80 [ 598.703608][T13662] ? kernfs_root+0xee/0x2a0 [ 598.703642][T13662] kernfs_new_node+0x13c/0x1e0 [ 598.703674][T13662] ? net_ns_get_ownership+0xf8/0x1b0 [ 598.703703][T13662] kernfs_create_dir_ns+0x4c/0x1a0 [ 598.703749][T13662] internal_create_group+0x34d/0xf30 [ 598.703787][T13662] ? __pfx_internal_create_group+0x10/0x10 [ 598.703817][T13662] ? __pfx_internal_create_group+0x10/0x10 [ 598.703852][T13662] ? __pfx_dev_add_physical_location+0x10/0x10 [ 598.703885][T13662] ? bus_to_subsys+0x131/0x160 [ 598.703913][T13662] dpm_sysfs_add+0x80/0x280 [ 598.703968][T13662] device_add+0x9a6/0x1aa0 [ 598.704005][T13662] ? __pfx_device_add+0x10/0x10 [ 598.704039][T13662] ? lockdep_init_map_type+0x5c/0x280 [ 598.704070][T13662] ? __init_waitqueue_head+0xca/0x150 [ 598.704099][T13662] netdev_register_kobject+0x1a9/0x3d0 [ 598.704131][T13662] register_netdevice+0x13dc/0x2270 [ 598.704164][T13662] ? __pfx_register_netdevice+0x10/0x10 [ 598.704200][T13662] ppp_dev_configure+0xa1e/0xd40 [ 598.704241][T13662] ppp_ioctl+0x170e/0x2880 [ 598.704273][T13662] ? find_held_lock+0x2b/0x80 [ 598.704296][T13662] ? __pfx_ppp_ioctl+0x10/0x10 [ 598.704333][T13662] ? __fget_files+0x20e/0x3c0 [ 598.704360][T13662] ? __pfx_ppp_ioctl+0x10/0x10 [ 598.704392][T13662] __x64_sys_ioctl+0x18e/0x210 [ 598.704426][T13662] do_syscall_64+0xcd/0xfa0 [ 598.704455][T13662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.704478][T13662] RIP: 0033:0x7f15b118f6c9 [ 598.704497][T13662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 598.704521][T13662] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.704543][T13662] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 598.704559][T13662] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000006 [ 598.704574][T13662] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 598.704588][T13662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 598.704603][T13662] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 598.704638][T13662] [ 600.730722][T13699] openvswitch: netlink: Tunnel attr 13072 out of range max 16 [ 603.045775][T13734] FAULT_INJECTION: forcing a failure. [ 603.045775][T13734] name failslab, interval 1, probability 0, space 0, times 0 [ 603.161845][T13734] CPU: 1 UID: 0 PID: 13734 Comm: syz.0.2015 Tainted: G U syzkaller #0 PREEMPT(full) [ 603.161889][T13734] Tainted: [U]=USER [ 603.161898][T13734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 603.161914][T13734] Call Trace: [ 603.161923][T13734] [ 603.161934][T13734] dump_stack_lvl+0x16c/0x1f0 [ 603.161970][T13734] should_fail_ex+0x512/0x640 [ 603.162006][T13734] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 603.162038][T13734] should_failslab+0xc2/0x120 [ 603.162072][T13734] kmem_cache_alloc_noprof+0x75/0x6e0 [ 603.162104][T13734] ? flock_lock_inode+0xbe5/0x1030 [ 603.162148][T13734] ? flock_lock_inode+0xbe5/0x1030 [ 603.162180][T13734] flock_lock_inode+0xbe5/0x1030 [ 603.162221][T13734] ? __pfx_flock_lock_inode+0x10/0x10 [ 603.162259][T13734] ? __pfx___might_resched+0x10/0x10 [ 603.162293][T13734] locks_lock_inode_wait+0x1da/0x490 [ 603.162324][T13734] ? __pfx_locks_lock_inode_wait+0x10/0x10 [ 603.162357][T13734] ? common_file_perm+0x1a9/0x340 [ 603.162389][T13734] __do_sys_flock+0x446/0x520 [ 603.162422][T13734] ? __pfx___do_sys_flock+0x10/0x10 [ 603.162474][T13734] ? xfd_validate_state+0x61/0x180 [ 603.162522][T13734] do_syscall_64+0xcd/0xfa0 [ 603.162555][T13734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.162581][T13734] RIP: 0033:0x7fbc7738f6c9 [ 603.162602][T13734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.162627][T13734] RSP: 002b:00007fbc78267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 603.162651][T13734] RAX: ffffffffffffffda RBX: 00007fbc775e5fa0 RCX: 00007fbc7738f6c9 [ 603.162669][T13734] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 603.162684][T13734] RBP: 00007fbc77411f91 R08: 0000000000000000 R09: 0000000000000000 [ 603.162700][T13734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.162715][T13734] R13: 00007fbc775e6038 R14: 00007fbc775e5fa0 R15: 00007ffd5a124c18 [ 603.162751][T13734] [ 606.704712][T13781] FAULT_INJECTION: forcing a failure. [ 606.704712][T13781] name failslab, interval 1, probability 0, space 0, times 0 [ 606.768996][T13781] CPU: 0 UID: 0 PID: 13781 Comm: syz.2.2026 Tainted: G U syzkaller #0 PREEMPT(full) [ 606.769039][T13781] Tainted: [U]=USER [ 606.769048][T13781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 606.769062][T13781] Call Trace: [ 606.769071][T13781] [ 606.769081][T13781] dump_stack_lvl+0x16c/0x1f0 [ 606.769118][T13781] should_fail_ex+0x512/0x640 [ 606.769153][T13781] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 606.769184][T13781] should_failslab+0xc2/0x120 [ 606.769215][T13781] kmem_cache_alloc_noprof+0x75/0x6e0 [ 606.769242][T13781] ? locks_get_lock_context+0x243/0x410 [ 606.769285][T13781] ? locks_get_lock_context+0x243/0x410 [ 606.769319][T13781] locks_get_lock_context+0x243/0x410 [ 606.769357][T13781] flock_lock_inode+0xb1/0x1030 [ 606.769400][T13781] ? __pfx_flock_lock_inode+0x10/0x10 [ 606.769438][T13781] ? __pfx___might_resched+0x10/0x10 [ 606.769473][T13781] locks_lock_inode_wait+0x1da/0x490 [ 606.769499][T13781] ? __pfx_locks_lock_inode_wait+0x10/0x10 [ 606.769532][T13781] ? common_file_perm+0x1a9/0x340 [ 606.769563][T13781] __do_sys_flock+0x446/0x520 [ 606.769588][T13781] ? __pfx___do_sys_flock+0x10/0x10 [ 606.769639][T13781] ? xfd_validate_state+0x61/0x180 [ 606.769684][T13781] do_syscall_64+0xcd/0xfa0 [ 606.769716][T13781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.769742][T13781] RIP: 0033:0x7f953198f6c9 [ 606.769764][T13781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.769787][T13781] RSP: 002b:00007f952fbf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049 [ 606.769821][T13781] RAX: ffffffffffffffda RBX: 00007f9531be5fa0 RCX: 00007f953198f6c9 [ 606.769839][T13781] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 606.769855][T13781] RBP: 00007f9531a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 606.769871][T13781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.769886][T13781] R13: 00007f9531be6038 R14: 00007f9531be5fa0 R15: 00007ffe9b2c9b58 [ 606.769924][T13781] [ 607.951560][T13805] random: crng reseeded on system resumption [ 609.526161][T13827] FAULT_INJECTION: forcing a failure. [ 609.526161][T13827] name fail_futex, interval 1, probability 0, space 0, times 0 [ 609.581252][T13827] CPU: 1 UID: 0 PID: 13827 Comm: syz.3.2041 Tainted: G U syzkaller #0 PREEMPT(full) [ 609.581294][T13827] Tainted: [U]=USER [ 609.581302][T13827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 609.581315][T13827] Call Trace: [ 609.581323][T13827] [ 609.581332][T13827] dump_stack_lvl+0x16c/0x1f0 [ 609.581371][T13827] should_fail_ex+0x512/0x640 [ 609.581413][T13827] get_futex_key+0x1d0/0x1560 [ 609.581451][T13827] ? __pfx_get_futex_key+0x10/0x10 [ 609.581496][T13827] futex_wake+0xea/0x530 [ 609.581530][T13827] ? lockdep_hardirqs_on+0x7c/0x110 [ 609.581563][T13827] ? __pfx_futex_wake+0x10/0x10 [ 609.581597][T13827] ? kmem_cache_free+0x2d4/0x6c0 [ 609.581633][T13827] ? putname+0x154/0x1a0 [ 609.581662][T13827] ? putname+0x154/0x1a0 [ 609.581696][T13827] do_futex+0x1e3/0x350 [ 609.581739][T13827] ? __pfx_do_futex+0x10/0x10 [ 609.581784][T13827] __x64_sys_futex+0x1e0/0x4c0 [ 609.581821][T13827] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 609.581859][T13827] ? __pfx___x64_sys_futex+0x10/0x10 [ 609.581908][T13827] do_syscall_64+0xcd/0xfa0 [ 609.581940][T13827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.581966][T13827] RIP: 0033:0x7ffb1878f6c9 [ 609.581987][T13827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 609.582012][T13827] RSP: 002b:00007ffb195560e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 609.582038][T13827] RAX: ffffffffffffffda RBX: 00007ffb189e5fa8 RCX: 00007ffb1878f6c9 [ 609.582055][T13827] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffb189e5fac [ 609.582072][T13827] RBP: 00007ffb189e5fa0 R08: 00007ffb19557000 R09: 0000000000000000 [ 609.582088][T13827] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 609.582105][T13827] R13: 00007ffb189e6038 R14: 00007fffde3f9660 R15: 00007fffde3f9748 [ 609.582143][T13827] [ 609.703520][T13833] ------------[ cut here ]------------ [ 609.708002][ C1] vkms_vblank_simulate: vblank timer overrun [ 609.727960][T13833] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 609.736222][ C1] vkms_vblank_simulate: vblank timer overrun [ 610.074753][T13833] WARNING: CPU: 1 PID: 13833 at drivers/gpu/drm/drm_vblank.c:1308 drm_wait_one_vblank+0x2f6/0x5b0 [ 610.085472][T13833] Modules linked in: [ 610.089893][T13833] CPU: 1 UID: 0 PID: 13833 Comm: syz.1.2043 Tainted: G U syzkaller #0 PREEMPT(full) [ 610.101236][T13833] Tainted: [U]=USER [ 610.105059][T13833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 610.115202][T13833] RIP: 0010:drm_wait_one_vblank+0x2f6/0x5b0 [ 610.121345][T13833] Code: ed 0f 84 12 02 00 00 e8 28 96 74 fc 48 89 ef e8 b0 3e 90 00 44 89 e1 4c 89 ea 48 c7 c7 40 09 08 8c 48 89 c6 e8 3b 18 33 fc 90 <0f> 0b 90 90 e9 4e fe ff ff e8 fc 95 74 fc 48 89 ef e8 e4 23 18 06 [ 610.141082][T13833] RSP: 0018:ffffc900001e7b10 EFLAGS: 00010286 [ 610.147217][T13833] RAX: 0000000000000000 RBX: ffff888025c70000 RCX: ffffc9000c69c000 [ 610.155513][T13833] RDX: 0000000000080000 RSI: ffffffff817adc55 RDI: 0000000000000001 [ 610.163542][T13833] RBP: ffff888025c62000 R08: 0000000000000001 R09: 0000000000000000 [ 610.171602][T13833] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 610.179601][T13833] R13: ffffffff8c1cf5a0 R14: 1ffff9200003cf65 R15: 0000000000008c9c [ 610.187720][T13833] FS: 00007f15b207a6c0(0000) GS:ffff888124b0e000(0000) knlGS:0000000000000000 [ 610.196952][T13833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 610.203799][T13833] CR2: 0000001b31220ff8 CR3: 00000000122c2000 CR4: 00000000003526f0 [ 610.211847][T13833] Call Trace: [ 610.215144][T13833] [ 610.218120][T13833] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 610.223944][T13833] ? __pfx_autoremove_wake_function+0x10/0x10 [ 610.230045][T13833] ? lockdep_hardirqs_on+0x7c/0x110 [ 610.235332][T13833] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 610.241211][T13833] ? drm_vblank_get+0x150/0x290 [ 610.246095][T13833] drm_fb_helper_ioctl+0x156/0x1a0 [ 610.251439][T13833] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 610.257102][T13833] do_fb_ioctl+0x3d5/0x7e0 [ 610.261609][T13833] ? __pfx_do_fb_ioctl+0x10/0x10 [ 610.266649][T13833] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 610.272660][T13833] ? __fget_files+0x20e/0x3c0 [ 610.277378][T13833] fb_ioctl+0xe5/0x150 [ 610.281515][T13833] ? __pfx_fb_ioctl+0x10/0x10 [ 610.286247][T13833] __x64_sys_ioctl+0x18e/0x210 [ 610.291298][T13833] do_syscall_64+0xcd/0xfa0 [ 610.295849][T13833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.302042][T13833] RIP: 0033:0x7f15b118f6c9 [ 610.306514][T13833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.326357][T13833] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 610.334875][T13833] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 610.342921][T13833] RDX: ffffffffffffffff RSI: 0000000040044620 RDI: 0000000000000003 [ 610.350940][T13833] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 610.358969][T13833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.367051][T13833] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 610.375090][T13833] [ 610.378126][T13833] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 610.385424][T13833] CPU: 1 UID: 0 PID: 13833 Comm: syz.1.2043 Tainted: G U syzkaller #0 PREEMPT(full) [ 610.396387][T13833] Tainted: [U]=USER [ 610.400202][T13833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 610.410280][T13833] Call Trace: [ 610.413588][T13833] [ 610.416535][T13833] dump_stack_lvl+0x3d/0x1f0 [ 610.421153][T13833] vpanic+0x640/0x6f0 [ 610.425164][T13833] ? drm_wait_one_vblank+0x2f6/0x5b0 [ 610.430468][T13833] panic+0xca/0xd0 [ 610.434216][T13833] ? __pfx_panic+0x10/0x10 [ 610.438670][T13833] check_panic_on_warn+0xab/0xb0 [ 610.443644][T13833] __warn+0xf6/0x3c0 [ 610.447570][T13833] ? preempt_schedule_notrace+0x62/0xe0 [ 610.453158][T13833] ? drm_wait_one_vblank+0x2f6/0x5b0 [ 610.458465][T13833] report_bug+0x3c3/0x580 [ 610.463163][T13833] ? drm_wait_one_vblank+0x2f6/0x5b0 [ 610.468474][T13833] handle_bug+0x184/0x210 [ 610.472831][T13833] exc_invalid_op+0x17/0x50 [ 610.477384][T13833] asm_exc_invalid_op+0x1a/0x20 [ 610.482252][T13833] RIP: 0010:drm_wait_one_vblank+0x2f6/0x5b0 [ 610.488172][T13833] Code: ed 0f 84 12 02 00 00 e8 28 96 74 fc 48 89 ef e8 b0 3e 90 00 44 89 e1 4c 89 ea 48 c7 c7 40 09 08 8c 48 89 c6 e8 3b 18 33 fc 90 <0f> 0b 90 90 e9 4e fe ff ff e8 fc 95 74 fc 48 89 ef e8 e4 23 18 06 [ 610.507983][T13833] RSP: 0018:ffffc900001e7b10 EFLAGS: 00010286 [ 610.514079][T13833] RAX: 0000000000000000 RBX: ffff888025c70000 RCX: ffffc9000c69c000 [ 610.522061][T13833] RDX: 0000000000080000 RSI: ffffffff817adc55 RDI: 0000000000000001 [ 610.530059][T13833] RBP: ffff888025c62000 R08: 0000000000000001 R09: 0000000000000000 [ 610.538042][T13833] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 610.546030][T13833] R13: ffffffff8c1cf5a0 R14: 1ffff9200003cf65 R15: 0000000000008c9c [ 610.554030][T13833] ? __warn_printk+0x1a5/0x350 [ 610.558836][T13833] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 610.564502][T13833] ? __pfx_autoremove_wake_function+0x10/0x10 [ 610.570593][T13833] ? lockdep_hardirqs_on+0x7c/0x110 [ 610.575821][T13833] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 610.581648][T13833] ? drm_vblank_get+0x150/0x290 [ 610.586522][T13833] drm_fb_helper_ioctl+0x156/0x1a0 [ 610.591657][T13833] ? __pfx_drm_fb_helper_ioctl+0x10/0x10 [ 610.597311][T13833] do_fb_ioctl+0x3d5/0x7e0 [ 610.601753][T13833] ? __pfx_do_fb_ioctl+0x10/0x10 [ 610.606727][T13833] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 610.612688][T13833] ? __fget_files+0x20e/0x3c0 [ 610.617388][T13833] fb_ioctl+0xe5/0x150 [ 610.621473][T13833] ? __pfx_fb_ioctl+0x10/0x10 [ 610.626168][T13833] __x64_sys_ioctl+0x18e/0x210 [ 610.630965][T13833] do_syscall_64+0xcd/0xfa0 [ 610.635476][T13833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.641368][T13833] RIP: 0033:0x7f15b118f6c9 [ 610.645775][T13833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.665374][T13833] RSP: 002b:00007f15b207a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 610.673788][T13833] RAX: ffffffffffffffda RBX: 00007f15b13e5fa0 RCX: 00007f15b118f6c9 [ 610.681760][T13833] RDX: ffffffffffffffff RSI: 0000000040044620 RDI: 0000000000000003 [ 610.689727][T13833] RBP: 00007f15b1211f91 R08: 0000000000000000 R09: 0000000000000000 [ 610.697708][T13833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.705785][T13833] R13: 00007f15b13e6038 R14: 00007f15b13e5fa0 R15: 00007ffc4d784588 [ 610.713780][T13833] [ 610.717006][T13833] Kernel Offset: disabled [ 610.721325][T13833] Rebooting in 86400 seconds..