last executing test programs: 9m18.110565163s ago: executing program 2 (id=5923): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x81, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) writev$auto(0xffffffffffffffff, 0x0, 0x3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/run_estimation\x00', 0x88042, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000000)=@generic={0xa, "dfffffffffffffff00"}, 0x6a) sendmsg$auto_VDPA_CMD_DEV_ATTR_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000e64e72525469887573512d9dca5c5079feb08ef88de29364136f7ba46cb9c974f04c2834513b09523af0d9f55f1df549b0f041c2a6bc4c175683a3f8789899281e06c766e9bf8932ad1397fbee91edade1b2e2b61b89ac2997cfd68e26af0053a84ae8704fa1048ab31877", @ANYRES16, @ANYBLOB="000227bd7000fedbdf250800000006000c0003000000"], 0x1c}}, 0x2f654e33869dafed) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) sendfile$auto(r1, r1, &(0x7f0000000000)=0x3, 0xad6) 9m17.934869172s ago: executing program 2 (id=5924): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sysfs$auto(0x2, 0x10000000000002a, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) fcntl$auto(0x3, 0x4, 0xa553) write$auto(0x3, 0x0, 0xfdef) 9m16.974675889s ago: executing program 2 (id=5930): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x2, {{0x42}, 0x103}}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x11) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 9m16.076296615s ago: executing program 2 (id=5936): socket(0x22, 0x800, 0x5) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec7\x00', 0x10b101, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x1001, 0xffffffffffffffff, 0xf, 0x1000, 0xb, 0x1, 0xced80000000000, 0x9, 0x6, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x80) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0) write$auto(0xffffffffffffffff, 0x0, 0x2) 9m14.739283473s ago: executing program 2 (id=5944): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 9m14.462660826s ago: executing program 2 (id=5945): mmap$auto(0x0, 0x2000c, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, 0x0, 0x8000, 0x1}, 0x8}, 0x1, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 8m59.351411828s ago: executing program 32 (id=5945): mmap$auto(0x0, 0x2000c, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, 0x0, 0x8000, 0x1}, 0x8}, 0x1, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 9.341600245s ago: executing program 4 (id=8300): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/blkio.reset_stats\x00', 0xa801, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/block/nbd6/hctx0/tags_bitmap\x00', 0x60000, 0x0) read$auto(r1, 0x0, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) r2 = fcntl$auto(0x8000000000000001, 0x26, 0x8) mmap$auto(0x0, 0x2020009, 0x10000000000000a, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r3 = set_tid_address$auto(&(0x7f0000000000)) fcntl$auto(r2, 0x27, r3) prctl$auto(0x1000000003b, 0xffffffffffffffff, 0x4, 0x3, 0x7) fcntl$auto(0x8000000000000001, 0x25, 0x8) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/uprobe/perf_event_mux_interval_ms\x00', 0x121102, 0x0) write$auto(r4, 0x0, 0x800000) write$auto(r0, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 8.676764095s ago: executing program 4 (id=8304): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) madvise$auto(0x0, 0x8, 0x3) mmap$auto(0x2000000000008, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x401, 0x80000001, 0xeb1, r0, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x80000, 0x0) sigaltstack$auto(0x0, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) prctl$auto(0x4d, 0x1, 0x0, 0xfffffffffffffffc, 0x0) read$auto(0x3, 0x0, 0x7fffffff) ioctl$auto(0x3, 0x402c542b, 0x38) 7.366310783s ago: executing program 3 (id=8309): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0) open(0x0, 0x7ffd, 0x12) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) unshare$auto(0x40000080) lseek$auto(0xffffffffffffffff, 0x2, 0x2) r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x20000, 0x82) io_uring_register$auto_IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000180), 0x7) r2 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x103700, 0x0) read$auto(r2, 0x0, 0x4000000081) 5.832059861s ago: executing program 3 (id=8314): ioperm$auto(0x7, 0x6, 0x2) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) r1 = socket(0x11, 0x3, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x108242, 0x78e22799f4a46f8e) flock$auto(r2, 0x6) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e) flock$auto(r3, 0x1) r4 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e) flock$auto(r4, 0x2) flock$auto(r4, 0x2) close_range$auto(r1, 0xffffffffffffffff, 0x0) ioctl$auto(r0, 0x800064ba, 0x1e6) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 5.437999315s ago: executing program 0 (id=8315): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r0 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r0, 0x11b, 0x8, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) io_uring_setup$auto(0x2, 0x0) socket$nl_generic(0x11, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x14b040, 0x0) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, 0x0, 0x200400, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) fsopen$auto(0x0, 0x1) sendmsg$auto_NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000084) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r2, 0x540a, 0x0) 5.423733385s ago: executing program 4 (id=8318): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) statmount$auto(0x0, &(0x7f0000000400)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x6, 0x3, 0x5, 0x7}, 0x1fe, 0x81) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c06, 0x0) unshare$auto(0x40000080) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) unshare$auto(0x40000080) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) write$auto(r2, 0x0, 0xa3d9) munmap$auto(0x200000008000, 0xffffffff) 5.281086355s ago: executing program 3 (id=8319): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pselect6$auto(0x0, &(0x7f0000000280)={[0x0, 0x100000400, 0x5, 0x0, 0x9, 0x1, 0xffffffffffffff81, 0x5, 0x5, 0x2, 0x11, 0x4, 0x3, 0x4, 0x1, 0xfffffffffffffff8]}, &(0x7f00000006c0)={[0x9, 0x5, 0x5, 0x3, 0x3e8, 0x2d, 0x2000000000000000, 0x2, 0x4, 0x1, 0x323, 0x9bfd, 0x3, 0xa7e5, 0x9, 0x3]}, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) seccomp$auto(0x0, 0x100000000, 0xfffffffffffffffc) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x121800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket(0x2c, 0x3, 0x0) bind$auto(r1, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b) write$auto(r0, 0x0, 0x3) read$auto(0xffffffffffffffff, 0x0, 0x20) socket(0x10, 0x2, 0x4) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0xe, 0x0, 0x4) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0x9, 0x837, 0x8}}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) read$auto_proc_pid_maps_operations_internal(0xffffffffffffffff, 0x0, 0x0) 4.092646881s ago: executing program 3 (id=8323): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0xd, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000080)='/dev/audio1\x00', 0x100000a3d9) unshare$auto(0x40000080) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC0\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000700)={{@raw=0x3, 0x7f, 0x2, 0x7, "26cb83211ffd7f6567850e138dd717bfeb7ab5c5a4909ab7e79491c86f8c5d7d57cdda7ca056a2a31e5dfe27"}, 0x0, @integer64=@value=[0x0, 0x1, 0x5be, 0x8000, 0x5, 0x4, 0x2, 0xffff, 0x0, 0x10000000ffffffff, 0x9, 0x7fffffffffffffff, 0xe94, 0x800000b, 0x8, 0x60000000000000, 0x0, 0x7, 0x2, 0x3be, 0x4, 0xd86, 0x3, 0x1, 0x6af, 0xb, 0x7ffffdfc, 0x7, 0x73a, 0x6, 0x971d, 0x8, 0x8, 0x9, 0x800000cd, 0x40000000403, 0x8000000000000000, 0x1, 0x3, 0x9, 0x5, 0x0, 0x8, 0x3, 0x10002, 0x1, 0xc, 0xe4, 0x7, 0x4, 0x7, 0x951, 0xe0000000000002, 0x6, 0x9, 0x7fff, 0x6, 0x4000000000000003, 0xb, 0x82c1, 0x4436, 0x0, 0xc1, 0x5], "1cd4f43065c34bdcb5fa6160f24c5f3eb5328361438ff4cd82ad2e9771421debdad4d39a52fc70b9012aff448a8b4a75e7c5126dc19ba1ad1e6542790700000044b0d756001b66abab0c0fd3b4287befd247e5410bef4c186120b5bed4ab64ffeb4b7c5a69166021a8814332515a65fe9300"}) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x23, 0x0) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r2, 0x0, 0x4) 3.937287637s ago: executing program 0 (id=8324): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r0, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8002, 0x0) read$auto(r1, 0x0, 0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, r3, 0x1, 0x70bd25, 0x25dfdbf7, {0x1, 0x0, 0x3f00}, [@L2TP_ATTR_IP_DADDR={0x8, 0x19, 0x5}, @L2TP_ATTR_LNS_MODE={0x0, 0x14, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback={0x500}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x8b}, 0x1, 0x0, 0x0, 0x4044000}, 0x0) r4 = openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/hwsim/ps\x00', 0x1102, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b58", 0x7) ioctl$auto_TIOCGEXCL(r5, 0x80045440, &(0x7f0000000080)=0x2) write$auto(r4, 0x0, 0x4000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) write$auto(0x3, 0x0, 0xffd8) 3.439634974s ago: executing program 0 (id=8333): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x64, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @multicast1}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @local}}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) semctl$auto(0x2, 0x9, 0x939, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) r2 = socket(0x6, 0x6, 0x1) r3 = socket(0xa, 0x5, 0x0) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @rand_addr=0x64010102}, 0x54) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) sysfs$auto(0x2, 0x810000000000003a, 0x0) getsockopt$auto(r3, 0x84, 0x1d, 0x0, 0x0) setsockopt$auto(r2, 0x65, 0x6, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2.23295653s ago: executing program 0 (id=8331): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) socket(0x2, 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x482b01, 0x0) openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci0/force_suspend\x00', 0x400002, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) futex$auto(0x0, 0x0, 0x2948, &(0x7f00000000c0)={0x225c17d03}, 0x0, 0x5) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0040, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xf, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x2d, 0x400000000000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x7, 0x40, 0x3, 0x1, 0x9, 0x1, 0xffffffdffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x1a, 0x5, 0xfffffffd) mq_getsetattr$auto(0xffffffffffffffff, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x20000000001ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x6, 0xfffffffffffffffd, 0x10001, 0xaa9, 0x7ffffffd, 0x3, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x1, 0x890b, 0x2) 1.901047856s ago: executing program 4 (id=8332): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) r2 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rate_ctrl_alg\x00', 0x0, 0x0) readv$auto(r2, &(0x7f0000000100)={&(0x7f0000000280), 0x1}, 0x4) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e695f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$auto_BLKTRACESETUP2(r3, 0xc0481273, &(0x7f0000000280)={"b3efc16b86b24b821e90a2e1a74c38c88843237b4095eea24d4d39023c954a56", 0x5, 0x4000, 0xfffff7dc, 0x6, 0x3, 0xffffffffffffffff}) read$auto(r3, 0x0, 0x1ff) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/fs/xfs/stats_clear\x00', 0x1, 0x0) write$auto(r4, 0x0, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x11, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.899891277s ago: executing program 1 (id=8334): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x640, 0x0) ioctl$auto_MON_IOCX_GET(r0, 0x40189206, 0x0) read$auto_mon_fops_binary_mon_bin(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x88202, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0x28, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyz7\x00', 0x20400, 0x0) socket(0x2, 0x5, 0x0) r1 = epoll_create$auto(0x7) r2 = socket(0x2d, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x2d, 0x0, 0x0, 0x10}, 0xc, 0x0}, 0x20040804) sysfs$auto(0x2, 0x0, 0x0) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r3, 0x0) epoll_wait$auto(r1, 0x0, 0xe007, 0x1) 1.722216051s ago: executing program 3 (id=8335): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/lapb0/napi_defer_hard_irqs\x00', 0x8a401, 0x0) r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_timedsend$auto(r0, &(0x7f00000000c0)='\xcf\x8d\xb6\xaa\x80\xd5\xb4_:A\xacz\xdc\xa0\x1d', 0x2, 0x6, &(0x7f0000000240)={0x2000000000000003, 0x101}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x100000004, 0x2, 0xfffffffffffffffe, 0x13, 0xfffffffffffffffa, 0x41) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) getcwd$auto(0x0, 0x8000000000000000) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40146f2c, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000003, 0x10, r1, 0x8) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.610432924s ago: executing program 1 (id=8336): migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = socket(0x2, 0x3, 0xa) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x0, @empty}, 0x54) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listxattrat$auto(r1, &(0x7f00000000c0)='\x00', 0x1000, 0x0, 0x0) prctl$auto(0x3e, 0x8, 0x0, 0x8, 0x81) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) execve$auto(&(0x7f0000000100)=':,\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000b00)='X))\x00', 0x63c1, 0x7ff) mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x67c1, 0x7fc) getsockopt$auto(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0) recvmmsg$auto(r0, 0x0, 0x400fffd, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000140)=0x6) ioperm$auto(0x400, 0x7f, 0xd) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80002, 0x0) getsockname$auto(r2, 0x0, 0x0) r3 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) 1.345080764s ago: executing program 4 (id=8337): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto_TCSBRK2(0xffffffffffffffff, 0x5409, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000f7, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) socket(0x2a, 0x2, 0x1) write$auto(0x3, 0x0, 0xffd8) setsockopt$auto(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000000)='\x00', 0x8) mseal$auto(0x0, 0x7dda, 0x0) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r0, 0x9210642d, 0xc5) r1 = dup$auto(0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0x80000000df, 0x9b72, r1, 0x28000) r2 = socket$nl_generic(0x10, 0x3, 0x10) readv$auto(r2, 0x0, 0x19) unshare$auto(0x40000080) unshare$auto(0x40000080) r3 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0x2, 0x0, 0x28) 725.844374ms ago: executing program 1 (id=8338): mmap$auto(0x0, 0x7, 0xde, 0x9b72, 0x2, 0x8000) mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r1 = gettid() r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/block/nullb0/queue/rq_affinity\x00', 0x4a001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000180)="12", 0x1) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r1, 0x11) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x1ff, 0x20000000) semget$auto(0x3, 0x13c, 0x1ff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x181100, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptyd9\x00', 0x100000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r3, 0x5408, r3) 517.059148ms ago: executing program 0 (id=8339): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000036, 0x0) fsopen$auto(0x0, 0x1) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x4, 0x1) r0 = epoll_create$auto(0x4) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) epoll_create$auto(0x100008) epoll_ctl$auto(r0, 0x1, r1, 0x0) r2 = epoll_create$auto(0x3e) epoll_ctl$auto(r2, 0x1, r0, 0x0) 432.858714ms ago: executing program 1 (id=8340): ioctl$auto_XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f00000005c0)={{0xffffffffffffffff, &(0x7f0000000100), 0x101, 0x0, 0x3, 0x0, &(0x7f0000000480)=0x9}, {[0x4, 0xffffffff, 0x8, 0x7a]}, 0x14, 0x6, &(0x7f00000004c0)}) socket(0x2, 0x3, 0xa) mmap$auto(0x2, 0xe983, 0x1, 0x16, r0, 0x8002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0xffffffff, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyyf\x00', 0x80b40, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f00000000c0)="c0") write$auto(r1, 0x0, 0x5) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x10400, 0xa, &(0x7f0000000040)='@,\x00', 0x8) mlock$auto(0xfbe8, 0x4) munlock$auto(0xffff, 0x1) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c03, 0xfffffffffffffffd) read$auto(0xffffffffffffffff, 0x0, 0x4) syz_clone3(0x0, 0x0) 273.801918ms ago: executing program 0 (id=8341): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x450000, 0x1, 0x1}, 0x18) mount_setattr$auto(r1, &(0x7f0000000100)='./file0\x00', 0x36, &(0x7f0000000140)={0x45, 0x6, 0x80000001, @raw=0x305}, 0x80000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000640), 0x401, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/serio/drivers/psmouse/description\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/222, 0xde) write$auto(r2, 0x0, 0xff) finit_module$auto(r0, &(0x7f0000000340)='\'$\x00', 0x0) r4 = geteuid() msgctl$auto_IPC_RMID(0x6, 0x0, &(0x7f0000000200)={{0x7ff, 0xffffffffffffffff, 0xee00, 0x1, 0x1ff, 0x7, 0x9}, &(0x7f0000000180)=0x40, &(0x7f00000001c0)=0x9, 0x1, 0x0, 0x400, 0x5, 0x5, 0x7, 0x400, 0x8, @raw=0x6, @raw=0x3}) fstat$auto(0xffffffffffffffff, &(0x7f0000000280)={0x8, 0xc, 0x5, 0x1ab8, r4, r5, 0x0, 0x5, 0x5, 0xff, 0x80, 0x5, 0x9, 0x6, 0x8, 0x7, 0x8000}) unshare$auto(0x5) read$auto(0x3, 0x0, 0xf34) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/dfscache\x00', 0x101a41, 0x0) write$auto(r6, 0x0, 0x6) 273.619695ms ago: executing program 1 (id=8342): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x0, 0x2000000005, 0x6) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, r0, 0x300000000000) socket(0xa, 0x3, 0x3b) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0xc8201, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xc2c02, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, 0x0) 273.480411ms ago: executing program 3 (id=8343): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) statmount$auto(0x0, &(0x7f0000000400)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x6, 0x3, 0x5, 0x7}, 0x1fe, 0x81) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c06, 0x0) unshare$auto(0x40000080) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) unshare$auto(0x40000080) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) write$auto(r2, 0x0, 0xa3d9) munmap$auto(0x200000008000, 0xffffffff) 99.372814ms ago: executing program 1 (id=8344): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) unshare$auto(0x40000080) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x101500, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) bind$auto(r2, &(0x7f0000000040)=@generic={0x26, "3e3284c31ab939b1082f015635ba"}, 0xfffffffb) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20001, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r0, r3, 0x0, 0x1) 0s ago: executing program 4 (id=8345): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x8000000000000001) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.unix.ip/flush\x00', 0x40d81, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, 0x0) pread64$auto(r0, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/devices/platform/dummy_hcd.1/usb2/bmAttributes\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000002140)=""/4120, 0x1018) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlockall$auto(0x7) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) kernel console output (not intermixed with test programs): move_vma+0x52e/0x1770 [ 1093.073297][T27758] move_vma+0x540/0x1770 [ 1093.073314][T27758] ? __pfx_move_vma+0x10/0x10 [ 1093.073330][T27758] ? shmem_get_unmapped_area+0x170/0xa00 [ 1093.073351][T27758] ? cap_mmap_addr+0x4b/0x120 [ 1093.073370][T27758] ? bpf_lsm_mmap_addr+0x9/0x10 [ 1093.073386][T27758] ? security_mmap_addr+0x6c/0x1e0 [ 1093.073401][T27758] ? __get_unmapped_area+0x267/0x440 [ 1093.073421][T27758] ? vrm_set_new_addr+0x208/0x290 [ 1093.073436][T27758] mremap_to+0x1b7/0x450 [ 1093.073451][T27758] do_mremap+0x13a8/0x2020 [ 1093.073466][T27758] ? futex_private_hash_put+0x180/0x300 [ 1093.073490][T27758] ? __pfx_do_mremap+0x10/0x10 [ 1093.073502][T27758] ? __pfx_futex_wake+0x10/0x10 [ 1093.073532][T27758] __do_sys_mremap+0x119/0x170 [ 1093.073546][T27758] ? __pfx___do_sys_mremap+0x10/0x10 [ 1093.073565][T27758] ? __x64_sys_futex+0x1e0/0x4c0 [ 1093.073596][T27758] do_syscall_64+0xcd/0xfa0 [ 1093.073612][T27758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.073626][T27758] RIP: 0033:0x7fdae078efc9 [ 1093.073639][T27758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1093.073653][T27758] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1093.073668][T27758] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1093.073677][T27758] RDX: 0000000000000843 RSI: 00000000000000ff RDI: 00000000001ff000 [ 1093.073687][T27758] RBP: 00007fdae0811f91 R08: 00000000fffff000 R09: 0000000000000000 [ 1093.073696][T27758] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1093.073705][T27758] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1093.073725][T27758] [ 1093.505767][T27765] : Can't lookup blockdev [ 1093.740771][T27769] netlink: 186 bytes leftover after parsing attributes in process `syz.3.7537'. [ 1094.947124][T27778] zswap: compressor not available [ 1095.078049][T27792] ERROR: Out of memory at tomoyo_memory_ok. [ 1096.078981][T27818] netlink: 'syz.1.7548': attribute type 4 has an invalid length. [ 1096.086819][T27818] netlink: 'syz.1.7548': attribute type 5 has an invalid length. [ 1096.105303][T27818] netlink: 10 bytes leftover after parsing attributes in process `syz.1.7548'. [ 1096.381905][T27826] netlink: 338 bytes leftover after parsing attributes in process `syz.0.7549'. [ 1096.782464][T27826] ipvlan1: entered allmulticast mode [ 1096.842271][T27826] veth0_vlan: entered allmulticast mode [ 1098.560393][T27856] FAULT_INJECTION: forcing a failure. [ 1098.560393][T27856] name failslab, interval 1, probability 393216, space 0, times 0 [ 1098.579221][T27856] CPU: 0 UID: 0 PID: 27856 Comm: syz.1.7559 Tainted: G U syzkaller #0 PREEMPT(full) [ 1098.579248][T27856] Tainted: [U]=USER [ 1098.579254][T27856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1098.579263][T27856] Call Trace: [ 1098.579270][T27856] [ 1098.579276][T27856] dump_stack_lvl+0x16c/0x1f0 [ 1098.579306][T27856] should_fail_ex+0x512/0x640 [ 1098.579329][T27856] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1098.579347][T27856] should_failslab+0xc2/0x120 [ 1098.579367][T27856] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1098.579381][T27856] ? key_alloc+0x3e0/0x1330 [ 1098.579400][T27856] ? key_alloc+0x3e0/0x1330 [ 1098.579413][T27856] key_alloc+0x3e0/0x1330 [ 1098.579433][T27856] ? __pfx_key_alloc+0x10/0x10 [ 1098.579447][T27856] ? __pfx_key_default_cmp+0x10/0x10 [ 1098.579464][T27856] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1098.579482][T27856] keyring_alloc+0x44/0xc0 [ 1098.579500][T27856] look_up_user_keyrings+0x46d/0x760 [ 1098.579525][T27856] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 1098.579548][T27856] ? futex_private_hash_put+0x18a/0x300 [ 1098.579571][T27856] lookup_user_key+0xdf6/0x1300 [ 1098.579595][T27856] ? __pfx_lookup_user_key+0x10/0x10 [ 1098.579621][T27856] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1098.579652][T27856] keyctl_restrict_keyring+0x99/0x250 [ 1098.579673][T27856] ? __pfx_keyctl_restrict_keyring+0x10/0x10 [ 1098.579693][T27856] ? fput+0x9b/0xd0 [ 1098.579712][T27856] ? xfd_validate_state+0x61/0x180 [ 1098.579731][T27856] ? __pfx_ksys_write+0x10/0x10 [ 1098.579749][T27856] __do_sys_keyctl+0x4c1/0x590 [ 1098.579771][T27856] do_syscall_64+0xcd/0xfa0 [ 1098.579788][T27856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.579803][T27856] RIP: 0033:0x7f72ed58efc9 [ 1098.579815][T27856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1098.579829][T27856] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1098.579844][T27856] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1098.579854][T27856] RDX: 0000000000000002 RSI: fffffffffffffffd RDI: 000000000000001d [ 1098.579863][T27856] RBP: 00007f72ed611f91 R08: fffffffffffffffd R09: 0000000000000000 [ 1098.579872][T27856] R10: 0000000000000628 R11: 0000000000000246 R12: 0000000000000000 [ 1098.579881][T27856] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1098.579902][T27856] [ 1098.825940][ C0] vkms_vblank_simulate: vblank timer overrun [ 1099.189955][T27860] ima: policy update failed [ 1099.214314][T27860] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7558'. [ 1099.227755][ T30] audit: type=1802 audit(4294967338.243:36): pid=27860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.7558" res=0 errno=0 [ 1099.943756][T27879] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7566: iget: checksum invalid [ 1099.968646][T27879] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1100.012117][T27879] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7566: iget: checksum invalid [ 1100.043906][T27879] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1100.080899][T27879] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7566: iget: checksum invalid [ 1100.115302][T27879] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1100.157192][T27879] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7566: iget: checksum invalid [ 1100.197943][T27879] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1100.214625][T27879] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1100.247126][T27879] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1100.611377][T27885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7568'. [ 1100.654326][T27885] netlink: 354 bytes leftover after parsing attributes in process `syz.0.7568'. [ 1100.785494][T27888] netlink: 5 bytes leftover after parsing attributes in process `syz.3.7569'. [ 1100.833960][T27888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7569'. [ 1100.942504][T27895] netlink: 'syz.1.7573': attribute type 2 has an invalid length. [ 1100.959958][T27895] netlink: 'syz.1.7573': attribute type 3 has an invalid length. [ 1100.970417][T27895] netlink: 158 bytes leftover after parsing attributes in process `syz.1.7573'. [ 1100.987599][T27895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7573'. [ 1102.104910][T27919] ERROR: Out of memory at tomoyo_memory_ok. [ 1103.394889][T27929] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7581'. [ 1104.062776][T27938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7585'. [ 1106.159709][T27970] sd 0:0:1:0: PR command failed: 1026 [ 1106.190937][T27970] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1106.228667][T27970] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1106.329747][T27974] ERROR: Out of memory at tomoyo_memory_ok. [ 1109.050019][T28003] mkiss: ax0: crc mode is auto. [ 1109.333990][T28010] netlink: zone id is out of range [ 1109.429819][T28010] netlink: del zone limit has 4 unknown bytes [ 1109.455414][T28012] netlink: set zone limit has 8 unknown bytes [ 1109.781913][T28016] sp0: Synchronizing with TNC [ 1110.999661][T28043] openvswitch: HfR: Dropping previously announced user features [ 1113.328037][T28069] netlink: zone id is out of range [ 1113.333212][T28069] netlink: del zone limit has 4 unknown bytes [ 1113.346837][T28068] netlink: set zone limit has 8 unknown bytes [ 1113.891487][T28076] random: crng reseeded on system resumption [ 1114.050495][T28079] blktrace: Concurrent blktraces are not allowed on loop2 [ 1114.501500][T28086] sp0: Synchronizing with TNC [ 1115.680590][T28108] netlink: 504 bytes leftover after parsing attributes in process `syz.1.7623'. [ 1115.700610][T28108] netlink: 504 bytes leftover after parsing attributes in process `syz.1.7623'. [ 1116.323628][T28116] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7624'. [ 1116.628186][T28116] mac80211_hwsim hwsim12 wlan1: entered allmulticast mode [ 1117.419303][T28126] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7626'. [ 1117.676425][T28128] ERROR: Out of memory at tomoyo_memory_ok. [ 1118.827579][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1118.833891][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1119.231535][T28142] FAULT_INJECTION: forcing a failure. [ 1119.231535][T28142] name failslab, interval 1, probability 393216, space 0, times 0 [ 1119.591841][T28144] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7633'. [ 1119.626097][T28142] CPU: 0 UID: 0 PID: 28142 Comm: syz.4.7631 Tainted: G U syzkaller #0 PREEMPT(full) [ 1119.626125][T28142] Tainted: [U]=USER [ 1119.626130][T28142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1119.626140][T28142] Call Trace: [ 1119.626145][T28142] [ 1119.626153][T28142] dump_stack_lvl+0x16c/0x1f0 [ 1119.626175][T28142] should_fail_ex+0x512/0x640 [ 1119.626198][T28142] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1119.626217][T28142] should_failslab+0xc2/0x120 [ 1119.626237][T28142] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1119.626251][T28142] ? d_lookup+0xe7/0x190 [ 1119.626271][T28142] ? alloc_inode+0x64/0x240 [ 1119.626292][T28142] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1119.626313][T28142] ? alloc_inode+0x64/0x240 [ 1119.626330][T28142] alloc_inode+0x64/0x240 [ 1119.626349][T28142] new_inode+0x22/0x1c0 [ 1119.626369][T28142] __debugfs_create_file+0x11c/0x6b0 [ 1119.626386][T28142] debugfs_create_file_full+0x41/0x60 [ 1119.626402][T28142] ref_tracker_dir_debugfs+0x19d/0x290 [ 1119.626423][T28142] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1119.626474][T28142] ? lockdep_init_map_type+0x5c/0x280 [ 1119.626499][T28142] preinit_net.part.0+0x24e/0x8a0 [ 1119.626516][T28142] copy_net_ns+0x3ba/0x690 [ 1119.626533][T28142] create_new_namespaces+0x3ea/0xa90 [ 1119.626553][T28142] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1119.626571][T28142] ksys_unshare+0x45b/0xa40 [ 1119.626591][T28142] ? __pfx_ksys_unshare+0x10/0x10 [ 1119.626610][T28142] ? syscall_user_dispatch+0x78/0x140 [ 1119.626637][T28142] __x64_sys_unshare+0x31/0x40 [ 1119.626655][T28142] do_syscall_64+0xcd/0xfa0 [ 1119.626672][T28142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.626686][T28142] RIP: 0033:0x7fdae078efc9 [ 1119.626699][T28142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1119.626713][T28142] RSP: 002b:00007fdae1543038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1119.626727][T28142] RAX: ffffffffffffffda RBX: 00007fdae09e6090 RCX: 00007fdae078efc9 [ 1119.626737][T28142] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1119.626745][T28142] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1119.626754][T28142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1119.626763][T28142] R13: 00007fdae09e6128 R14: 00007fdae09e6090 R15: 00007ffde30990e8 [ 1119.626784][T28142] [ 1119.626791][T28142] debugfs: out of free dentries, can not create file 'net_refcnt@ffff888063ca2628' [ 1121.331339][T28153] Process accounting paused [ 1121.895613][T28157] FAULT_INJECTION: forcing a failure. [ 1121.895613][T28157] name failslab, interval 1, probability 393216, space 0, times 0 [ 1121.930198][T28157] CPU: 0 UID: 0 PID: 28157 Comm: syz.1.7636 Tainted: G U syzkaller #0 PREEMPT(full) [ 1121.930226][T28157] Tainted: [U]=USER [ 1121.930231][T28157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1121.930241][T28157] Call Trace: [ 1121.930247][T28157] [ 1121.930253][T28157] dump_stack_lvl+0x16c/0x1f0 [ 1121.930273][T28157] should_fail_ex+0x512/0x640 [ 1121.930295][T28157] ? fs_reclaim_acquire+0xae/0x150 [ 1121.930316][T28157] should_failslab+0xc2/0x120 [ 1121.930336][T28157] __kmalloc_cache_noprof+0x72/0x780 [ 1121.930359][T28157] ? __pfx_widen_string+0x10/0x10 [ 1121.930378][T28157] ? tomoyo_init_log+0x197/0x2140 [ 1121.930397][T28157] ? tomoyo_init_log+0x197/0x2140 [ 1121.930412][T28157] tomoyo_init_log+0x197/0x2140 [ 1121.930426][T28157] ? format_decode+0x1ad/0xd40 [ 1121.930447][T28157] ? __pfx_format_decode+0x10/0x10 [ 1121.930474][T28157] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1121.930494][T28157] tomoyo_write_log2+0x2f7/0xc10 [ 1121.930513][T28157] tomoyo_supervisor+0x15e/0x13b0 [ 1121.930534][T28157] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1121.930564][T28157] ? kfree+0x2b8/0x6d0 [ 1121.930574][T28157] ? tomoyo_realpath_from_path+0x19f/0x6e0 [ 1121.930590][T28157] ? tomoyo_check_path_acl+0xad/0x210 [ 1121.930612][T28157] ? tomoyo_check_acl+0x1f7/0x410 [ 1121.930635][T28157] tomoyo_path_permission+0x270/0x3b0 [ 1121.930658][T28157] tomoyo_path_perm+0x362/0x460 [ 1121.930682][T28157] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 1121.930727][T28157] ? __pfx_ima_file_check+0x10/0x10 [ 1121.930746][T28157] ? hook_file_truncate+0xc7/0x250 [ 1121.930765][T28157] security_file_truncate+0x84/0x1e0 [ 1121.930782][T28157] path_openat+0xc10/0x2cb0 [ 1121.930805][T28157] ? __pfx_path_openat+0x10/0x10 [ 1121.930822][T28157] ? __lock_acquire+0xb8a/0x1c90 [ 1121.930844][T28157] do_filp_open+0x20b/0x470 [ 1121.930860][T28157] ? __pfx_do_filp_open+0x10/0x10 [ 1121.930890][T28157] ? alloc_fd+0x471/0x7d0 [ 1121.930909][T28157] do_sys_openat2+0x11b/0x1d0 [ 1121.930930][T28157] ? __pfx_do_sys_openat2+0x10/0x10 [ 1121.930958][T28157] __x64_sys_openat+0x174/0x210 [ 1121.930987][T28157] ? __pfx___x64_sys_openat+0x10/0x10 [ 1121.931016][T28157] do_syscall_64+0xcd/0xfa0 [ 1121.931034][T28157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1121.931049][T28157] RIP: 0033:0x7f72ed58efc9 [ 1121.931061][T28157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1121.931075][T28157] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1121.931089][T28157] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1121.931100][T28157] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1121.931109][T28157] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1121.931118][T28157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1121.931127][T28157] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1121.931148][T28157] [ 1122.226716][ C0] vkms_vblank_simulate: vblank timer overrun [ 1122.908895][T28127] Process accounting resumed [ 1123.245946][T28166] random: crng reseeded on system resumption [ 1123.620344][T28177] netlink: 'syz.1.7643': attribute type 4 has an invalid length. [ 1123.644378][T28177] netlink: 314 bytes leftover after parsing attributes in process `syz.1.7643'. [ 1127.220234][T28206] snd_aloop snd_aloop.0: snd_timer_stop(1,0,0) failed with -16 [ 1127.443069][T28237] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1127.495526][T28237] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1127.537326][T28237] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1127.573089][T28237] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1129.045786][T28264] ERROR: Out of memory at tomoyo_memory_ok. [ 1129.328626][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 1129.561338][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1129.567516][T24967] Bluetooth: hci2: command 0x0c1a tx timeout [ 1129.640969][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 1129.914115][T28281] netlink: 'syz.1.7668': attribute type 4 has an invalid length. [ 1129.923045][T28281] netlink: 'syz.1.7668': attribute type 5 has an invalid length. [ 1129.940331][T28281] netlink: 10 bytes leftover after parsing attributes in process `syz.1.7668'. [ 1130.022144][T28285] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7669'. [ 1130.314227][T28285] bond0: (slave ): Releasing backup interface [ 1130.690127][T28294] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7673'. [ 1131.464281][T28309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7678'. [ 1131.476493][T28309] netlink: 354 bytes leftover after parsing attributes in process `syz.1.7678'. [ 1131.555044][T28305] FAULT_INJECTION: forcing a failure. [ 1131.555044][T28305] name failslab, interval 1, probability 393216, space 0, times 0 [ 1131.571430][T28310] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7677'. [ 1131.967601][T28305] CPU: 0 UID: 0 PID: 28305 Comm: syz.3.7675 Tainted: G U syzkaller #0 PREEMPT(full) [ 1131.967628][T28305] Tainted: [U]=USER [ 1131.967633][T28305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1131.967642][T28305] Call Trace: [ 1131.967649][T28305] [ 1131.967656][T28305] dump_stack_lvl+0x16c/0x1f0 [ 1131.967677][T28305] should_fail_ex+0x512/0x640 [ 1131.967699][T28305] ? fs_reclaim_acquire+0xae/0x150 [ 1131.967721][T28305] should_failslab+0xc2/0x120 [ 1131.967740][T28305] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1131.967755][T28305] ? __pfx_map_id_range_down+0x10/0x10 [ 1131.967777][T28305] ? security_inode_alloc+0x3b/0x2b0 [ 1131.967802][T28305] ? security_inode_alloc+0x3b/0x2b0 [ 1131.967821][T28305] security_inode_alloc+0x3b/0x2b0 [ 1131.967843][T28305] inode_init_always_gfp+0xce4/0x1030 [ 1131.967861][T28305] alloc_inode+0x86/0x240 [ 1131.967879][T28305] new_inode+0x22/0x1c0 [ 1131.967900][T28305] proc_sys_make_inode+0x47/0x5c0 [ 1131.967921][T28305] proc_sys_lookup+0x273/0x400 [ 1131.967941][T28305] ? __pfx_proc_sys_lookup+0x10/0x10 [ 1131.967970][T28305] ? __d_lookup+0x266/0x4a0 [ 1131.968006][T28305] ? __pfx_proc_sys_lookup+0x10/0x10 [ 1131.968026][T28305] lookup_open.isra.0+0x4da/0x1580 [ 1131.968054][T28305] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1131.968088][T28305] ? mnt_get_write_access+0x1e9/0x2f0 [ 1131.968110][T28305] path_openat+0x893/0x2cb0 [ 1131.968132][T28305] ? __pfx_path_openat+0x10/0x10 [ 1131.968149][T28305] ? __lock_acquire+0xb8a/0x1c90 [ 1131.968171][T28305] do_filp_open+0x20b/0x470 [ 1131.968186][T28305] ? __pfx_do_filp_open+0x10/0x10 [ 1131.968216][T28305] ? alloc_fd+0x471/0x7d0 [ 1131.968235][T28305] do_sys_openat2+0x11b/0x1d0 [ 1131.968256][T28305] ? __pfx_do_sys_openat2+0x10/0x10 [ 1131.968275][T28305] ? __fget_files+0x204/0x3c0 [ 1131.968296][T28305] __x64_sys_openat+0x174/0x210 [ 1131.968317][T28305] ? __pfx___x64_sys_openat+0x10/0x10 [ 1131.968345][T28305] do_syscall_64+0xcd/0xfa0 [ 1131.968362][T28305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1131.968377][T28305] RIP: 0033:0x7fd7e178efc9 [ 1131.968389][T28305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1131.968403][T28305] RSP: 002b:00007fd7e26bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1131.968418][T28305] RAX: ffffffffffffffda RBX: 00007fd7e19e6090 RCX: 00007fd7e178efc9 [ 1131.968428][T28305] RDX: 00000000000a0202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1131.968437][T28305] RBP: 00007fd7e1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1131.968446][T28305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1131.968454][T28305] R13: 00007fd7e19e6128 R14: 00007fd7e19e6090 R15: 00007ffe63d5b8c8 [ 1131.968474][T28305] [ 1132.290064][T28310] hsr_slave_0: left promiscuous mode [ 1134.452640][T28102] syz.3.7620 (28102) used greatest stack depth: 18696 bytes left [ 1134.807983][T28310] hsr_slave_1: left promiscuous mode [ 1134.832708][T28310] bridge0: port 2(hsr0) entered disabled state [ 1134.926960][T28310] hsr0 (unregistering): left allmulticast mode [ 1134.956669][T28310] hsr0 (unregistering): left promiscuous mode [ 1134.977740][T28310] bridge0: port 2(hsr0) entered disabled state [ 1137.541480][T28372] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7695'. [ 1138.273362][T28386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7699'. [ 1138.293229][T28370] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1138.365591][T28370] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1138.538195][T28393] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 1138.579862][T28370] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1138.667127][T28370] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1138.695243][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1139.589293][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 1140.046757][T28425] mkiss: ax0: crc mode is auto. [ 1140.304035][T28427] ERROR: Out of memory at tomoyo_memory_ok. [ 1140.385437][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 1140.553497][T28432] FAULT_INJECTION: forcing a failure. [ 1140.553497][T28432] name failslab, interval 1, probability 393216, space 0, times 0 [ 1140.576377][T28432] CPU: 0 UID: 0 PID: 28432 Comm: syz.1.7711 Tainted: G U syzkaller #0 PREEMPT(full) [ 1140.576404][T28432] Tainted: [U]=USER [ 1140.576409][T28432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1140.576419][T28432] Call Trace: [ 1140.576424][T28432] [ 1140.576431][T28432] dump_stack_lvl+0x16c/0x1f0 [ 1140.576452][T28432] should_fail_ex+0x512/0x640 [ 1140.576475][T28432] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1140.576502][T28432] should_failslab+0xc2/0x120 [ 1140.576522][T28432] __kmalloc_cache_noprof+0x72/0x780 [ 1140.576545][T28432] ? pidlist_array_load+0x529/0x9d0 [ 1140.576567][T28432] ? pidlist_array_load+0x529/0x9d0 [ 1140.576584][T28432] pidlist_array_load+0x529/0x9d0 [ 1140.576604][T28432] ? __pfx_pidlist_array_load+0x10/0x10 [ 1140.576621][T28432] ? __pfx___mutex_lock+0x10/0x10 [ 1140.576645][T28432] ? kernfs_root+0xf8/0x2a0 [ 1140.576668][T28432] cgroup_pidlist_start+0x3a3/0x4f0 [ 1140.576687][T28432] ? __pfx_cgroup_seqfile_start+0x10/0x10 [ 1140.576707][T28432] kernfs_seq_start+0x133/0x2a0 [ 1140.576722][T28432] seq_read_iter+0x2c1/0x12d0 [ 1140.576752][T28432] kernfs_fop_read_iter+0x46c/0x610 [ 1140.576766][T28432] ? rw_verify_area+0xcf/0x6c0 [ 1140.576781][T28432] vfs_read+0x8bf/0xcf0 [ 1140.576799][T28432] ? __pfx___mutex_lock+0x10/0x10 [ 1140.576815][T28432] ? __pfx_vfs_read+0x10/0x10 [ 1140.576843][T28432] ksys_read+0x12a/0x250 [ 1140.576858][T28432] ? __pfx_ksys_read+0x10/0x10 [ 1140.576879][T28432] do_syscall_64+0xcd/0xfa0 [ 1140.576896][T28432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1140.576910][T28432] RIP: 0033:0x7f72ed58efc9 [ 1140.576923][T28432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1140.576937][T28432] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1140.576951][T28432] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1140.576960][T28432] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000004 [ 1140.576969][T28432] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1140.576978][T28432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1140.576986][T28432] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1140.577007][T28432] [ 1141.107049][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1141.113178][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 1142.012222][T28444] vhci_hcd: invalid port number 16 [ 1142.114786][T28444] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1142.979957][T28467] netlink: 'syz.0.7721': attribute type 1 has an invalid length. [ 1144.256458][T28482] snd_aloop snd_aloop.0: snd_timer_stop(1,0,0) failed with -16 [ 1146.076348][T28513] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7733'. [ 1146.210978][T28516] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input37 [ 1146.332779][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1146.485608][T28524] input: f as /devices/virtual/input/input38 [ 1146.988582][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 958 with max blocks 7 with error 117 [ 1147.048454][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1147.048454][ T12] [ 1147.682169][T28540] Console: switching to colour frame buffer device 4x6 [ 1147.780419][T28545] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7740'. [ 1147.781840][T28545] macvlan0: entered allmulticast mode [ 1147.781857][T28545] veth1_vlan: entered allmulticast mode [ 1148.692408][T28557] zswap: compressor 000 not available [ 1149.404660][T28571] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7748'. [ 1151.251546][T28591] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1151.268131][T28591] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1151.278554][T28591] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1151.286910][T28591] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1151.523043][T28594] ERROR: Out of memory at tomoyo_memory_ok. [ 1152.249787][T28366] Process accounting resumed [ 1152.721650][T24967] Bluetooth: hci0: command 0x0406 tx timeout [ 1153.278392][T24967] Bluetooth: hci4: command 0x0406 tx timeout [ 1153.284576][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1153.290868][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 1153.812463][T28619] Console: switching to colour VGA+ 4x1 [ 1154.066559][T28623] queue_state_write: operation too long [ 1154.080383][T28623] queue_state_write: use 'run', 'start' or 'kick' [ 1154.240160][T28604] Process accounting paused [ 1154.248286][T28616] Console: switching to colour frame buffer device 4x6 [ 1154.269792][T28628] random: crng reseeded on system resumption [ 1154.720135][T28638] netlink: 93 bytes leftover after parsing attributes in process `syz.1.7764'. [ 1158.715047][T28694] FAULT_INJECTION: forcing a failure. [ 1158.715047][T28694] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1158.731615][T28694] CPU: 0 UID: 0 PID: 28694 Comm: syz.1.7781 Tainted: G U syzkaller #0 PREEMPT(full) [ 1158.731641][T28694] Tainted: [U]=USER [ 1158.731647][T28694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1158.731656][T28694] Call Trace: [ 1158.731661][T28694] [ 1158.731667][T28694] dump_stack_lvl+0x16c/0x1f0 [ 1158.731687][T28694] should_fail_ex+0x512/0x640 [ 1158.731712][T28694] get_futex_key+0x1d0/0x1560 [ 1158.731734][T28694] ? __pfx_get_futex_key+0x10/0x10 [ 1158.731751][T28694] ? futex_private_hash_put+0x176/0x300 [ 1158.731775][T28694] futex_wake+0xea/0x530 [ 1158.731798][T28694] ? __pfx_futex_wake+0x10/0x10 [ 1158.731822][T28694] ? __lock_acquire+0x622/0x1c90 [ 1158.731845][T28694] do_futex+0x1e3/0x350 [ 1158.731863][T28694] ? __pfx_do_futex+0x10/0x10 [ 1158.731883][T28694] ? find_held_lock+0x2b/0x80 [ 1158.731900][T28694] __x64_sys_futex+0x1e0/0x4c0 [ 1158.731920][T28694] ? __fget_files+0x20e/0x3c0 [ 1158.731934][T28694] ? __pfx___x64_sys_futex+0x10/0x10 [ 1158.731955][T28694] ? fdget+0x187/0x210 [ 1158.731971][T28694] do_syscall_64+0xcd/0xfa0 [ 1158.731988][T28694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1158.732003][T28694] RIP: 0033:0x7f72ed58efc9 [ 1158.732015][T28694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1158.732030][T28694] RSP: 002b:00007f72ee4260e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1158.732045][T28694] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa8 RCX: 00007f72ed58efc9 [ 1158.732054][T28694] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f72ed7e5fac [ 1158.732063][T28694] RBP: 00007f72ed7e5fa0 R08: 00007f72ee427000 R09: 0000000000000000 [ 1158.732072][T28694] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1158.732081][T28694] R13: 00007f72ed7e6038 R14: 00007fff902a2150 R15: 00007fff902a2238 [ 1158.732100][T28694] [ 1158.934022][ C0] vkms_vblank_simulate: vblank timer overrun [ 1158.946364][T28696] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input39 [ 1159.545844][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1159.954941][T28701] zswap: compressor 000 not available [ 1160.847238][T28716] FAULT_INJECTION: forcing a failure. [ 1160.847238][T28716] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1160.870607][T28716] CPU: 0 UID: 0 PID: 28716 Comm: syz.1.7785 Tainted: G U syzkaller #0 PREEMPT(full) [ 1160.870633][T28716] Tainted: [U]=USER [ 1160.870638][T28716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1160.870647][T28716] Call Trace: [ 1160.870653][T28716] [ 1160.870659][T28716] dump_stack_lvl+0x16c/0x1f0 [ 1160.870680][T28716] should_fail_ex+0x512/0x640 [ 1160.870706][T28716] get_futex_key+0x1d0/0x1560 [ 1160.870728][T28716] ? __pfx_get_futex_key+0x10/0x10 [ 1160.870747][T28716] ? stack_trace_save+0x8e/0xc0 [ 1160.870763][T28716] ? __pfx_stack_trace_save+0x10/0x10 [ 1160.870779][T28716] ? stack_depot_save_flags+0x29/0x9c0 [ 1160.870803][T28716] futex_wait_setup+0x9d/0x550 [ 1160.870830][T28716] __futex_wait+0x193/0x2f0 [ 1160.870853][T28716] ? __pfx___futex_wait+0x10/0x10 [ 1160.870877][T28716] ? __pfx_futex_wake_mark+0x10/0x10 [ 1160.870902][T28716] ? futex_private_hash_put+0x176/0x300 [ 1160.870922][T28716] ? futex_private_hash_put+0x18a/0x300 [ 1160.870940][T28716] futex_wait+0xe8/0x380 [ 1160.870953][T28716] ? __pfx_futex_wait+0x10/0x10 [ 1160.870978][T28716] ? kmem_cache_free+0x2d4/0x6c0 [ 1160.870993][T28716] ? putname+0x154/0x1a0 [ 1160.871015][T28716] do_futex+0x229/0x350 [ 1160.871034][T28716] ? __pfx_do_futex+0x10/0x10 [ 1160.871066][T28716] __x64_sys_futex+0x1e0/0x4c0 [ 1160.871087][T28716] ? __x64_sys_openat+0x174/0x210 [ 1160.871109][T28716] ? __pfx___x64_sys_futex+0x10/0x10 [ 1160.871135][T28716] do_syscall_64+0xcd/0xfa0 [ 1160.871153][T28716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1160.871168][T28716] RIP: 0033:0x7f72ed58efc9 [ 1160.871181][T28716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1160.871195][T28716] RSP: 002b:00007f72ee4260e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1160.871210][T28716] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa8 RCX: 00007f72ed58efc9 [ 1160.871220][T28716] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f72ed7e5fa8 [ 1160.871228][T28716] RBP: 00007f72ed7e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1160.871237][T28716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1160.871246][T28716] R13: 00007f72ed7e6038 R14: 00007fff902a2150 R15: 00007fff902a2238 [ 1160.871265][T28716] [ 1161.593034][T28722] Invalid ELF header magic: != ELF [ 1162.729134][T28720] delete_channel: no stack [ 1162.823064][T28743] ERROR: Out of memory at tomoyo_memory_ok. [ 1163.289364][T28745] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7792'. [ 1163.436488][T28754] binder: 28753:28754 unknown command 0 [ 1163.442065][T28754] binder: 28753:28754 ioctl c0306201 2000000000c0 returned -22 [ 1164.344924][T28745] veth0_macvtap: left promiscuous mode [ 1164.703866][T28774] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 1164.730796][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1165.391447][T28790] netlink: 17 bytes leftover after parsing attributes in process `syz.1.7803'. [ 1166.687087][T28804] ERROR: Out of memory at tomoyo_memory_ok. [ 1166.802169][T28804] FAULT_INJECTION: forcing a failure. [ 1166.802169][T28804] name failslab, interval 1, probability 393216, space 0, times 0 [ 1166.891307][T28804] CPU: 0 UID: 0 PID: 28804 Comm: syz.4.7807 Tainted: G U syzkaller #0 PREEMPT(full) [ 1166.891335][T28804] Tainted: [U]=USER [ 1166.891341][T28804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1166.891350][T28804] Call Trace: [ 1166.891356][T28804] [ 1166.891363][T28804] dump_stack_lvl+0x16c/0x1f0 [ 1166.891384][T28804] should_fail_ex+0x512/0x640 [ 1166.891414][T28804] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1166.891440][T28804] should_failslab+0xc2/0x120 [ 1166.891461][T28804] __kmalloc_cache_noprof+0x72/0x780 [ 1166.891486][T28804] ? ip6addrlbl_add+0xbb/0xc40 [ 1166.891513][T28804] ? ip6addrlbl_add+0xbb/0xc40 [ 1166.891533][T28804] ip6addrlbl_add+0xbb/0xc40 [ 1166.891559][T28804] ip6addrlbl_net_init+0x10a/0x380 [ 1166.891581][T28804] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 1166.891601][T28804] ops_init+0x1e2/0x5f0 [ 1166.891618][T28804] setup_net+0x100/0x390 [ 1166.891633][T28804] ? __pfx_setup_net+0x10/0x10 [ 1166.891648][T28804] ? debug_mutex_init+0x37/0x70 [ 1166.891665][T28804] copy_net_ns+0x2f8/0x690 [ 1166.891683][T28804] create_new_namespaces+0x3ea/0xa90 [ 1166.891705][T28804] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1166.891723][T28804] ksys_unshare+0x45b/0xa40 [ 1166.891742][T28804] ? __pfx_ksys_unshare+0x10/0x10 [ 1166.891761][T28804] ? xfd_validate_state+0x61/0x180 [ 1166.891787][T28804] __x64_sys_unshare+0x31/0x40 [ 1166.891805][T28804] do_syscall_64+0xcd/0xfa0 [ 1166.891822][T28804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1166.891841][T28804] RIP: 0033:0x7fdae078efc9 [ 1166.891854][T28804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1166.891869][T28804] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1166.891885][T28804] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1166.891896][T28804] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1166.891905][T28804] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1166.891914][T28804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1166.891923][T28804] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1166.891943][T28804] [ 1169.904283][T28818] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 1171.912519][T28835] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7815'. [ 1172.631543][T28835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1173.124060][T28835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1173.712358][T28854] netlink: 342 bytes leftover after parsing attributes in process `syz.0.7821'. [ 1174.080953][T28860] ERROR: Out of memory at tomoyo_memory_ok. [ 1175.482038][T28883] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43 [ 1175.632885][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1175.774513][T28889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7827'. [ 1176.306795][T28896] input: f as /devices/virtual/input/input44 [ 1176.595425][T28900] netlink: 330 bytes leftover after parsing attributes in process `syz.4.7830'. [ 1176.762963][T28900] \: renamed from lo (while UP) [ 1177.350876][T28894] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1177.817694][T28915] : renamed from ip6tnl0 (while UP) [ 1178.426755][T28919] netlink: 36332 bytes leftover after parsing attributes in process `syz.1.7836'. [ 1178.684887][ T5837] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1178.774405][T28925] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 1179.944843][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1179.953277][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1180.098633][ T5837] Bluetooth: hci3: command 0x1003 tx timeout [ 1180.107480][T24967] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1182.315276][T28936] Process accounting paused [ 1182.759978][T28984] FAULT_INJECTION: forcing a failure. [ 1182.759978][T28984] name failslab, interval 1, probability 393216, space 0, times 0 [ 1182.835395][T28984] CPU: 0 UID: 0 PID: 28984 Comm: syz.4.7855 Tainted: G U syzkaller #0 PREEMPT(full) [ 1182.835423][T28984] Tainted: [U]=USER [ 1182.835428][T28984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1182.835437][T28984] Call Trace: [ 1182.835443][T28984] [ 1182.835449][T28984] dump_stack_lvl+0x16c/0x1f0 [ 1182.835470][T28984] should_fail_ex+0x512/0x640 [ 1182.835493][T28984] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1182.835511][T28984] should_failslab+0xc2/0x120 [ 1182.835530][T28984] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1182.835545][T28984] ? copy_process+0x3609/0x76a0 [ 1182.835567][T28984] ? copy_process+0x3609/0x76a0 [ 1182.835591][T28984] copy_process+0x3609/0x76a0 [ 1182.835616][T28984] ? __pfx_copy_process+0x10/0x10 [ 1182.835634][T28984] ? futex_private_hash_put+0x176/0x300 [ 1182.835656][T28984] ? futex_private_hash_put+0x18a/0x300 [ 1182.835677][T28984] kernel_clone+0xfc/0x930 [ 1182.835695][T28984] ? __pfx_futex_wake+0x10/0x10 [ 1182.835715][T28984] ? __pfx_kernel_clone+0x10/0x10 [ 1182.835743][T28984] __do_sys_clone+0xce/0x120 [ 1182.835760][T28984] ? __pfx___do_sys_clone+0x10/0x10 [ 1182.835785][T28984] ? xfd_validate_state+0x61/0x180 [ 1182.835820][T28984] do_syscall_64+0xcd/0xfa0 [ 1182.835839][T28984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1182.835854][T28984] RIP: 0033:0x7fdae078efc9 [ 1182.835867][T28984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1182.835882][T28984] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1182.835897][T28984] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1182.835906][T28984] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000001 [ 1182.835915][T28984] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1182.835924][T28984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1182.835932][T28984] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1182.835951][T28984] [ 1183.955056][T28994] random: crng reseeded on system resumption [ 1185.083652][T28999] Process accounting resumed [ 1185.269950][T29004] ERROR: Out of memory at tomoyo_memory_ok. [ 1185.456448][T29012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7864'. [ 1185.578394][T29015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7867'. [ 1185.589254][T29018] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7864'. [ 1185.630269][T29009] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1188.009623][T29056] netlink: 5 bytes leftover after parsing attributes in process `syz.1.7878'. [ 1188.776398][T29065] binder: 29064:29065 ioctl c0306201 200000000000 returned -11 [ 1188.880523][T29067] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1189.801966][T29081] ERROR: Out of memory at tomoyo_memory_ok. [ 1189.808553][T29077] FAULT_INJECTION: forcing a failure. [ 1189.808553][T29077] name failslab, interval 1, probability 393216, space 0, times 0 [ 1189.980569][T29077] CPU: 0 UID: 0 PID: 29077 Comm: syz.4.7885 Tainted: G U syzkaller #0 PREEMPT(full) [ 1189.980596][T29077] Tainted: [U]=USER [ 1189.980601][T29077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1189.980610][T29077] Call Trace: [ 1189.980616][T29077] [ 1189.980623][T29077] dump_stack_lvl+0x16c/0x1f0 [ 1189.980643][T29077] should_fail_ex+0x512/0x640 [ 1189.980665][T29077] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1189.980684][T29077] should_failslab+0xc2/0x120 [ 1189.980703][T29077] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1189.980719][T29077] ? sock_alloc_inode+0x25/0x1c0 [ 1189.980739][T29077] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1189.980754][T29077] ? sock_alloc_inode+0x25/0x1c0 [ 1189.980769][T29077] sock_alloc_inode+0x25/0x1c0 [ 1189.980784][T29077] alloc_inode+0x64/0x240 [ 1189.980806][T29077] sock_alloc+0x40/0x280 [ 1189.980821][T29077] sock_create_lite+0x82/0x120 [ 1189.980838][T29077] __netlink_kernel_create+0xbd/0x750 [ 1189.980856][T29077] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1189.980876][T29077] uevent_net_init+0xf8/0x350 [ 1189.980895][T29077] ? __pfx_uevent_net_init+0x10/0x10 [ 1189.980913][T29077] ? rcu_is_watching+0x12/0xc0 [ 1189.980928][T29077] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1189.980947][T29077] ? ops_init+0x77/0x5f0 [ 1189.980964][T29077] ? __pfx_uevent_net_init+0x10/0x10 [ 1189.980981][T29077] ops_init+0x1e2/0x5f0 [ 1189.980996][T29077] setup_net+0x100/0x390 [ 1189.981011][T29077] ? __pfx_setup_net+0x10/0x10 [ 1189.981026][T29077] ? debug_mutex_init+0x37/0x70 [ 1189.981043][T29077] copy_net_ns+0x2f8/0x690 [ 1189.981060][T29077] create_new_namespaces+0x3ea/0xa90 [ 1189.981081][T29077] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1189.981105][T29077] ksys_unshare+0x45b/0xa40 [ 1189.981126][T29077] ? __pfx_ksys_unshare+0x10/0x10 [ 1189.981145][T29077] ? xfd_validate_state+0x61/0x180 [ 1189.981172][T29077] __x64_sys_unshare+0x31/0x40 [ 1189.981191][T29077] do_syscall_64+0xcd/0xfa0 [ 1189.981208][T29077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1189.981223][T29077] RIP: 0033:0x7fdae078efc9 [ 1189.981236][T29077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1189.981250][T29077] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1189.981265][T29077] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1189.981275][T29077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1189.981284][T29077] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1189.981293][T29077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1189.981302][T29077] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1189.981323][T29077] [ 1190.343142][T29077] kobject_uevent: unable to create netlink socket! [ 1190.802224][T29090] nvme_fcloop: unknown parameter or missing value '0' [ 1190.894145][T29090] hub 1-0:1.0: USB hub found [ 1190.929536][T29090] hub 1-0:1.0: 1 port detected [ 1190.958876][T29090] FAULT_INJECTION: forcing a failure. [ 1190.958876][T29090] name failslab, interval 1, probability 393216, space 0, times 0 [ 1191.153733][T29090] CPU: 0 UID: 0 PID: 29090 Comm: syz.3.7887 Tainted: G U syzkaller #0 PREEMPT(full) [ 1191.153762][T29090] Tainted: [U]=USER [ 1191.153767][T29090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1191.153776][T29090] Call Trace: [ 1191.153782][T29090] [ 1191.153789][T29090] dump_stack_lvl+0x16c/0x1f0 [ 1191.153809][T29090] should_fail_ex+0x512/0x640 [ 1191.153831][T29090] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1191.153848][T29090] should_failslab+0xc2/0x120 [ 1191.153868][T29090] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1191.153882][T29090] ? __kernfs_new_node+0xd2/0x8e0 [ 1191.153904][T29090] ? __kernfs_new_node+0xd2/0x8e0 [ 1191.153920][T29090] __kernfs_new_node+0xd2/0x8e0 [ 1191.153940][T29090] ? __pfx___kernfs_new_node+0x10/0x10 [ 1191.153963][T29090] ? find_held_lock+0x2b/0x80 [ 1191.153979][T29090] ? kernfs_root+0xee/0x2a0 [ 1191.154001][T29090] kernfs_new_node+0x13c/0x1e0 [ 1191.154024][T29090] __kernfs_create_file+0x53/0x350 [ 1191.154041][T29090] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1191.154074][T29090] internal_create_group+0x578/0xf30 [ 1191.154097][T29090] ? sysfs_create_file_ns+0x154/0x1d0 [ 1191.154114][T29090] ? __pfx_internal_create_group+0x10/0x10 [ 1191.154133][T29090] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1191.154149][T29090] ? down_read+0x13d/0x480 [ 1191.154170][T29090] ? acpi_device_notify+0x351/0x480 [ 1191.154189][T29090] ? lockdep_init_map_type+0x5c/0x280 [ 1191.154211][T29090] internal_create_groups+0x9d/0x150 [ 1191.154231][T29090] device_add+0x77f/0x1aa0 [ 1191.154255][T29090] ? __pfx_device_add+0x10/0x10 [ 1191.154274][T29090] ? lockdep_init_map_type+0x5c/0x280 [ 1191.154294][T29090] ? __init_waitqueue_head+0xca/0x150 [ 1191.154325][T29090] usb_create_ep_devs+0x160/0x2b0 [ 1191.154342][T29090] create_intf_ep_devs.isra.0+0x161/0x200 [ 1191.154368][T29090] usb_set_configuration+0x11a7/0x1e20 [ 1191.154403][T29090] bConfigurationValue_store+0x100/0x180 [ 1191.154417][T29090] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1191.154431][T29090] ? find_held_lock+0x2b/0x80 [ 1191.154446][T29090] ? sysfs_file_kobj+0xe4/0x290 [ 1191.154462][T29090] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1191.154475][T29090] dev_attr_store+0x58/0x80 [ 1191.154495][T29090] ? __pfx_dev_attr_store+0x10/0x10 [ 1191.154514][T29090] sysfs_kf_write+0xf2/0x150 [ 1191.154530][T29090] kernfs_fop_write_iter+0x3af/0x570 [ 1191.154551][T29090] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1191.154568][T29090] iter_file_splice_write+0xa24/0x12e0 [ 1191.154595][T29090] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1191.154614][T29090] ? __pfx_copy_splice_read+0x10/0x10 [ 1191.154646][T29090] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1191.154662][T29090] direct_splice_actor+0x192/0x6c0 [ 1191.154679][T29090] splice_direct_to_actor+0x345/0xa30 [ 1191.154695][T29090] ? __pfx_direct_splice_actor+0x10/0x10 [ 1191.154712][T29090] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1191.154732][T29090] do_splice_direct+0x174/0x240 [ 1191.154747][T29090] ? __pfx_do_splice_direct+0x10/0x10 [ 1191.154761][T29090] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1191.154787][T29090] ? rw_verify_area+0xcf/0x6c0 [ 1191.154803][T29090] do_sendfile+0xb06/0xe50 [ 1191.154825][T29090] ? __pfx_do_sendfile+0x10/0x10 [ 1191.154844][T29090] ? __x64_sys_futex+0x1e0/0x4c0 [ 1191.154863][T29090] ? __x64_sys_futex+0x1e9/0x4c0 [ 1191.154885][T29090] __x64_sys_sendfile64+0x1d8/0x220 [ 1191.154906][T29090] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1191.154931][T29090] do_syscall_64+0xcd/0xfa0 [ 1191.154948][T29090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.154963][T29090] RIP: 0033:0x7fd7e178efc9 [ 1191.154976][T29090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.154991][T29090] RSP: 002b:00007fd7e26e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1191.155005][T29090] RAX: ffffffffffffffda RBX: 00007fd7e19e5fa0 RCX: 00007fd7e178efc9 [ 1191.155015][T29090] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 1191.155024][T29090] RBP: 00007fd7e1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1191.155034][T29090] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1191.155043][T29090] R13: 00007fd7e19e6038 R14: 00007fd7e19e5fa0 R15: 00007ffe63d5b8c8 [ 1191.155069][T29090] [ 1192.090637][T29093] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1192.115397][T29093] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1192.129922][T29093] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1192.151171][T29093] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1192.161606][T29093] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1192.380998][T29111] netlink: 504 bytes leftover after parsing attributes in process `syz.4.7894'. [ 1193.407235][T29120] ERROR: Out of memory at tomoyo_memory_ok. [ 1193.482420][T29123] ERROR: Out of memory at tomoyo_memory_ok. [ 1193.491987][T29120] ERROR: Out of memory at tomoyo_memory_ok. [ 1193.960249][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805713d800: rx timeout, send abort [ 1193.968620][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805713dc00: rx timeout, send abort [ 1193.977661][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805713d800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1193.992288][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805713dc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1194.028598][T24967] Bluetooth: hci0: command 0x0406 tx timeout [ 1194.185121][T24967] Bluetooth: hci4: command 0x0406 tx timeout [ 1194.192294][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1194.198726][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 1194.321036][T29128] FAULT_INJECTION: forcing a failure. [ 1194.321036][T29128] name failslab, interval 1, probability 393216, space 0, times 0 [ 1194.370378][T29133] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7904'. [ 1194.460312][T29128] CPU: 0 UID: 0 PID: 29128 Comm: syz.4.7900 Tainted: G U syzkaller #0 PREEMPT(full) [ 1194.460339][T29128] Tainted: [U]=USER [ 1194.460345][T29128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1194.460354][T29128] Call Trace: [ 1194.460360][T29128] [ 1194.460366][T29128] dump_stack_lvl+0x16c/0x1f0 [ 1194.460388][T29128] should_fail_ex+0x512/0x640 [ 1194.460410][T29128] ? fs_reclaim_acquire+0xae/0x150 [ 1194.460431][T29128] should_failslab+0xc2/0x120 [ 1194.460450][T29128] __kmalloc_noprof+0xdd/0x880 [ 1194.460472][T29128] ? __pfx_from_kuid+0x10/0x10 [ 1194.460485][T29128] ? tomoyo_init_log+0x1385/0x2140 [ 1194.460504][T29128] ? tomoyo_init_log+0x1385/0x2140 [ 1194.460517][T29128] tomoyo_init_log+0x1385/0x2140 [ 1194.460538][T29128] ? kasan_quarantine_put+0x10a/0x240 [ 1194.460557][T29128] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1194.460577][T29128] tomoyo_write_log2+0x2f7/0xc10 [ 1194.460592][T29128] ? tomoyo_domain_quota_is_ok+0x2a0/0x5a0 [ 1194.460616][T29128] tomoyo_supervisor+0x15e/0x13b0 [ 1194.460637][T29128] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1194.460674][T29128] ? lockdep_hardirqs_on+0x7c/0x110 [ 1194.460693][T29128] ? tomoyo_check_path_acl+0xad/0x210 [ 1194.460717][T29128] ? tomoyo_check_acl+0x1f7/0x410 [ 1194.460740][T29128] tomoyo_path_permission+0x270/0x3b0 [ 1194.460763][T29128] tomoyo_check_open_permission+0x349/0x3c0 [ 1194.460786][T29128] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1194.460826][T29128] ? do_raw_spin_lock+0x12c/0x2b0 [ 1194.460854][T29128] tomoyo_file_open+0x6b/0x90 [ 1194.460873][T29128] security_file_open+0x84/0x1e0 [ 1194.460888][T29128] do_dentry_open+0x596/0x1530 [ 1194.460910][T29128] vfs_open+0x82/0x3f0 [ 1194.460932][T29128] path_openat+0x1de4/0x2cb0 [ 1194.460954][T29128] ? __pfx_path_openat+0x10/0x10 [ 1194.460970][T29128] ? __lock_acquire+0xb8a/0x1c90 [ 1194.460991][T29128] do_filp_open+0x20b/0x470 [ 1194.461007][T29128] ? __pfx_do_filp_open+0x10/0x10 [ 1194.461035][T29128] ? alloc_fd+0x471/0x7d0 [ 1194.461054][T29128] do_sys_openat2+0x11b/0x1d0 [ 1194.461074][T29128] ? __pfx_do_sys_openat2+0x10/0x10 [ 1194.461101][T29128] __x64_sys_openat+0x174/0x210 [ 1194.461121][T29128] ? __pfx___x64_sys_openat+0x10/0x10 [ 1194.461150][T29128] do_syscall_64+0xcd/0xfa0 [ 1194.461166][T29128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.461181][T29128] RIP: 0033:0x7fdae078efc9 [ 1194.461193][T29128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.461208][T29128] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1194.461222][T29128] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1194.461232][T29128] RDX: 0000000000189002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1194.461241][T29128] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1194.461251][T29128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1194.461260][T29128] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1194.461280][T29128] [ 1196.254419][T24967] Bluetooth: hci2: command 0x0c1a tx timeout [ 1196.630184][T29163] ERROR: Out of memory at tomoyo_memory_ok. [ 1196.691811][T29165] netlink: 330 bytes leftover after parsing attributes in process `syz.4.7911'. [ 1196.842705][T29165] : renamed from vlan0 (while UP) [ 1196.931094][T29165] : entered allmulticast mode [ 1197.010670][T29165] veth0_vlan: entered allmulticast mode [ 1197.204347][T29167] Invalid ELF header magic: != ELF [ 1197.217874][T29166] delete_channel: no stack [ 1197.454083][T29172] FAULT_INJECTION: forcing a failure. [ 1197.454083][T29172] name failslab, interval 1, probability 393216, space 0, times 0 [ 1197.494673][T29172] CPU: 0 UID: 0 PID: 29172 Comm: syz.3.7913 Tainted: G U syzkaller #0 PREEMPT(full) [ 1197.494701][T29172] Tainted: [U]=USER [ 1197.494706][T29172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1197.494715][T29172] Call Trace: [ 1197.494720][T29172] [ 1197.494727][T29172] dump_stack_lvl+0x16c/0x1f0 [ 1197.494748][T29172] should_fail_ex+0x512/0x640 [ 1197.494773][T29172] should_failslab+0xc2/0x120 [ 1197.494793][T29172] kmem_cache_alloc_node_noprof+0x78/0x770 [ 1197.494809][T29172] ? __alloc_skb+0x2b2/0x380 [ 1197.494834][T29172] ? __alloc_skb+0x2b2/0x380 [ 1197.494852][T29172] __alloc_skb+0x2b2/0x380 [ 1197.494872][T29172] ? __pfx___alloc_skb+0x10/0x10 [ 1197.494892][T29172] ? kasan_quarantine_put+0xb0/0x240 [ 1197.494914][T29172] __pskb_copy_fclone+0xef/0xb50 [ 1197.494934][T29172] tipc_sk_mcast_rcv+0x52d/0xfa0 [ 1197.494955][T29172] ? __lock_acquire+0xb8a/0x1c90 [ 1197.494980][T29172] ? __pfx_tipc_sk_mcast_rcv+0x10/0x10 [ 1197.495000][T29172] ? __lock_acquire+0x622/0x1c90 [ 1197.495028][T29172] ? find_held_lock+0x2b/0x80 [ 1197.495042][T29172] ? tipc_mcast_xmit+0x6d5/0xfe0 [ 1197.495066][T29172] tipc_mcast_xmit+0x711/0xfe0 [ 1197.495085][T29172] ? __pfx__copy_from_iter+0x10/0x10 [ 1197.495105][T29172] ? __pfx___alloc_skb+0x10/0x10 [ 1197.495127][T29172] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 1197.495147][T29172] ? __lock_acquire+0x622/0x1c90 [ 1197.495184][T29172] ? tipc_send_group_bcast+0x803/0xa50 [ 1197.495201][T29172] tipc_send_group_bcast+0x803/0xa50 [ 1197.495225][T29172] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 1197.495242][T29172] ? css_rstat_updated+0x1c2/0x510 [ 1197.495259][T29172] ? __pfx_css_rstat_updated+0x10/0x10 [ 1197.495275][T29172] ? __pfx_woken_wake_function+0x10/0x10 [ 1197.495306][T29172] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1197.495325][T29172] __tipc_sendmsg+0x4ab/0x19a0 [ 1197.495345][T29172] ? lock_acquire+0x179/0x350 [ 1197.495368][T29172] ? __pfx___tipc_sendmsg+0x10/0x10 [ 1197.495406][T29172] ? __local_bh_enable_ip+0xa4/0x120 [ 1197.495425][T29172] tipc_sendmsg+0x4f/0x70 [ 1197.495453][T29172] sock_write_iter+0x566/0x610 [ 1197.495472][T29172] ? __pfx_sock_write_iter+0x10/0x10 [ 1197.495498][T29172] ? __futex_wait+0x24b/0x2f0 [ 1197.495520][T29172] ? copy_iovec_from_user+0x131/0x170 [ 1197.495543][T29172] do_iter_readv_writev+0x662/0x9e0 [ 1197.495559][T29172] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1197.495577][T29172] ? bpf_lsm_file_permission+0x9/0x10 [ 1197.495593][T29172] ? security_file_permission+0x71/0x210 [ 1197.495609][T29172] ? rw_verify_area+0xcf/0x6c0 [ 1197.495623][T29172] vfs_writev+0x35f/0xde0 [ 1197.495643][T29172] ? __pfx_vfs_writev+0x10/0x10 [ 1197.495670][T29172] ? __fget_files+0x20e/0x3c0 [ 1197.495696][T29172] ? do_writev+0x28c/0x340 [ 1197.495708][T29172] do_writev+0x28c/0x340 [ 1197.495722][T29172] ? __pfx_do_writev+0x10/0x10 [ 1197.495741][T29172] do_syscall_64+0xcd/0xfa0 [ 1197.495759][T29172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.495773][T29172] RIP: 0033:0x7fd7e178efc9 [ 1197.495786][T29172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1197.495800][T29172] RSP: 002b:00007fd7e26e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1197.495815][T29172] RAX: ffffffffffffffda RBX: 00007fd7e19e5fa0 RCX: 00007fd7e178efc9 [ 1197.495825][T29172] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1197.495834][T29172] RBP: 00007fd7e1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1197.495844][T29172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1197.495853][T29172] R13: 00007fd7e19e6038 R14: 00007fd7e19e5fa0 R15: 00007ffe63d5b8c8 [ 1197.495874][T29172] [ 1197.495881][T29172] tipc: Failed to clone mcast rcv buffer [ 1198.675068][T29197] netlink: 13 bytes leftover after parsing attributes in process `syz.1.7922'. [ 1198.784497][T29190] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1200.277170][T29223] random: crng reseeded on system resumption [ 1201.159074][T29233] Invalid ELF header magic: != ELF [ 1202.559838][T29250] hub 3-0:1.0: USB hub found [ 1202.582945][T29250] hub 3-0:1.0: 1 port detected [ 1202.716449][T24967] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 1202.728513][T29250] usb usb3: authorized to connect [ 1203.806728][T29266] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7939'. [ 1207.116349][T29303] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1207.477600][T24967] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1207.957994][T29322] ERROR: Out of memory at tomoyo_memory_ok. [ 1208.115655][T29314] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1208.123192][T29314] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1208.129225][T29314] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1208.139982][T29314] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1208.176859][T29314] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1208.286430][T29326] nvme_fcloop: unknown parameter or missing value '0' [ 1208.328817][T29326] hub 1-0:1.0: USB hub found [ 1208.335741][T29326] hub 1-0:1.0: 1 port detected [ 1208.354477][T29326] FAULT_INJECTION: forcing a failure. [ 1208.354477][T29326] name failslab, interval 1, probability 393216, space 0, times 0 [ 1208.393263][T29326] CPU: 0 UID: 0 PID: 29326 Comm: syz.1.7956 Tainted: G U syzkaller #0 PREEMPT(full) [ 1208.393290][T29326] Tainted: [U]=USER [ 1208.393295][T29326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1208.393304][T29326] Call Trace: [ 1208.393310][T29326] [ 1208.393317][T29326] dump_stack_lvl+0x16c/0x1f0 [ 1208.393338][T29326] should_fail_ex+0x512/0x640 [ 1208.393369][T29326] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1208.393387][T29326] should_failslab+0xc2/0x120 [ 1208.393407][T29326] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1208.393423][T29326] ? __kernfs_new_node+0xd2/0x8e0 [ 1208.393445][T29326] ? __kernfs_new_node+0xd2/0x8e0 [ 1208.393461][T29326] __kernfs_new_node+0xd2/0x8e0 [ 1208.393481][T29326] ? __pfx___kernfs_new_node+0x10/0x10 [ 1208.393504][T29326] ? find_held_lock+0x2b/0x80 [ 1208.393520][T29326] ? kernfs_root+0xee/0x2a0 [ 1208.393541][T29326] kernfs_new_node+0x13c/0x1e0 [ 1208.393565][T29326] __kernfs_create_file+0x53/0x350 [ 1208.393582][T29326] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1208.393606][T29326] internal_create_group+0x578/0xf30 [ 1208.393629][T29326] ? sysfs_create_file_ns+0x154/0x1d0 [ 1208.393645][T29326] ? __pfx_internal_create_group+0x10/0x10 [ 1208.393662][T29326] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1208.393678][T29326] ? down_read+0x13d/0x480 [ 1208.393697][T29326] ? acpi_device_notify+0x351/0x480 [ 1208.393716][T29326] ? lockdep_init_map_type+0x5c/0x280 [ 1208.393738][T29326] internal_create_groups+0x9d/0x150 [ 1208.393758][T29326] device_add+0x77f/0x1aa0 [ 1208.393783][T29326] ? __pfx_device_add+0x10/0x10 [ 1208.393802][T29326] ? lockdep_init_map_type+0x5c/0x280 [ 1208.393822][T29326] ? __init_waitqueue_head+0xca/0x150 [ 1208.393849][T29326] usb_create_ep_devs+0x160/0x2b0 [ 1208.393867][T29326] create_intf_ep_devs.isra.0+0x161/0x200 [ 1208.393892][T29326] usb_set_configuration+0x11a7/0x1e20 [ 1208.393927][T29326] bConfigurationValue_store+0x100/0x180 [ 1208.393942][T29326] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1208.393956][T29326] ? find_held_lock+0x2b/0x80 [ 1208.393971][T29326] ? sysfs_file_kobj+0xe4/0x290 [ 1208.393986][T29326] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1208.394000][T29326] dev_attr_store+0x58/0x80 [ 1208.394019][T29326] ? __pfx_dev_attr_store+0x10/0x10 [ 1208.394038][T29326] sysfs_kf_write+0xf2/0x150 [ 1208.394055][T29326] kernfs_fop_write_iter+0x3af/0x570 [ 1208.394076][T29326] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1208.394094][T29326] iter_file_splice_write+0xa24/0x12e0 [ 1208.394121][T29326] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1208.394139][T29326] ? __pfx_copy_splice_read+0x10/0x10 [ 1208.394172][T29326] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1208.394188][T29326] direct_splice_actor+0x192/0x6c0 [ 1208.394205][T29326] splice_direct_to_actor+0x345/0xa30 [ 1208.394220][T29326] ? __pfx_direct_splice_actor+0x10/0x10 [ 1208.394238][T29326] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1208.394258][T29326] do_splice_direct+0x174/0x240 [ 1208.394273][T29326] ? __pfx_do_splice_direct+0x10/0x10 [ 1208.394287][T29326] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1208.394315][T29326] ? rw_verify_area+0xcf/0x6c0 [ 1208.394331][T29326] do_sendfile+0xb06/0xe50 [ 1208.394356][T29326] ? __pfx_do_sendfile+0x10/0x10 [ 1208.394376][T29326] ? __x64_sys_futex+0x1e0/0x4c0 [ 1208.394396][T29326] ? __x64_sys_futex+0x1e9/0x4c0 [ 1208.394417][T29326] __x64_sys_sendfile64+0x1d8/0x220 [ 1208.394437][T29326] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1208.394462][T29326] do_syscall_64+0xcd/0xfa0 [ 1208.394479][T29326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1208.394494][T29326] RIP: 0033:0x7f72ed58efc9 [ 1208.394506][T29326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1208.394520][T29326] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1208.394534][T29326] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1208.394544][T29326] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 1208.394553][T29326] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1208.394563][T29326] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1208.394572][T29326] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1208.394593][T29326] [ 1209.095671][T29340] hub 8-0:1.0: USB hub found [ 1209.100669][T29340] hub 8-0:1.0: 1 port detected [ 1209.112049][T29340] random: crng reseeded on system resumption [ 1209.221764][T29329] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1209.416098][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 1210.182842][ T5842] Bluetooth: hci4: command 0x0406 tx timeout [ 1210.189111][T24967] Bluetooth: hci1: command 0x0406 tx timeout [ 1210.195584][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 1210.345551][T29361] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7966'. [ 1210.791386][T29377] ERROR: Out of memory at tomoyo_memory_ok. [ 1210.842392][T29377] FAULT_INJECTION: forcing a failure. [ 1210.842392][T29377] name failslab, interval 1, probability 393216, space 0, times 0 [ 1210.885507][T29375] hub 8-0:1.0: USB hub found [ 1210.901261][T29377] CPU: 0 UID: 0 PID: 29377 Comm: syz.4.7970 Tainted: G U syzkaller #0 PREEMPT(full) [ 1210.901288][T29377] Tainted: [U]=USER [ 1210.901293][T29377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1210.901302][T29377] Call Trace: [ 1210.901309][T29377] [ 1210.901315][T29377] dump_stack_lvl+0x16c/0x1f0 [ 1210.901336][T29377] should_fail_ex+0x512/0x640 [ 1210.901359][T29377] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1210.901377][T29377] should_failslab+0xc2/0x120 [ 1210.901397][T29377] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1210.901412][T29377] ? seq_open+0x55/0x170 [ 1210.901433][T29377] ? seq_open+0x55/0x170 [ 1210.901450][T29377] seq_open+0x55/0x170 [ 1210.901469][T29377] kernfs_fop_open+0x59f/0xda0 [ 1210.901488][T29377] do_dentry_open+0x982/0x1530 [ 1210.901505][T29377] ? __pfx_kernfs_fop_open+0x10/0x10 [ 1210.901523][T29377] vfs_open+0x82/0x3f0 [ 1210.901545][T29377] path_openat+0x1de4/0x2cb0 [ 1210.901567][T29377] ? __pfx_path_openat+0x10/0x10 [ 1210.901584][T29377] ? __lock_acquire+0xb8a/0x1c90 [ 1210.901605][T29377] do_filp_open+0x20b/0x470 [ 1210.901621][T29377] ? __pfx_do_filp_open+0x10/0x10 [ 1210.901650][T29377] ? alloc_fd+0x471/0x7d0 [ 1210.901669][T29377] do_sys_openat2+0x11b/0x1d0 [ 1210.901689][T29377] ? __pfx_do_sys_openat2+0x10/0x10 [ 1210.901717][T29377] __x64_sys_openat+0x174/0x210 [ 1210.901737][T29377] ? __pfx___x64_sys_openat+0x10/0x10 [ 1210.901766][T29377] do_syscall_64+0xcd/0xfa0 [ 1210.901783][T29377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1210.901798][T29377] RIP: 0033:0x7fdae078efc9 [ 1210.901810][T29377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1210.901824][T29377] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1210.901839][T29377] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1210.901853][T29377] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1210.901862][T29377] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1210.901870][T29377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1210.901879][T29377] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1210.901899][T29377] [ 1210.904611][T29375] hub 8-0:1.0: 1 port detected [ 1211.513587][T29388] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7972: iget: checksum invalid [ 1211.550578][T29388] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1211.575729][T29388] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7972: iget: checksum invalid [ 1211.591549][T29388] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1211.610522][T29388] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7972: iget: checksum invalid [ 1211.625692][T29388] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1211.637230][T29388] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.7972: iget: checksum invalid [ 1211.655366][T29388] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1211.665373][T29388] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1211.681856][T29388] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1212.259018][ T5842] Bluetooth: hci1: command 0x0406 tx timeout [ 1212.758137][T29412] FAULT_INJECTION: forcing a failure. [ 1212.758137][T29412] name failslab, interval 1, probability 393216, space 0, times 0 [ 1212.786156][T29412] CPU: 0 UID: 0 PID: 29412 Comm: syz.0.7978 Tainted: G U syzkaller #0 PREEMPT(full) [ 1212.786184][T29412] Tainted: [U]=USER [ 1212.786189][T29412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1212.786198][T29412] Call Trace: [ 1212.786204][T29412] [ 1212.786212][T29412] dump_stack_lvl+0x16c/0x1f0 [ 1212.786233][T29412] should_fail_ex+0x512/0x640 [ 1212.786255][T29412] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1212.786275][T29412] should_failslab+0xc2/0x120 [ 1212.786295][T29412] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1212.786309][T29412] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1212.786326][T29412] ? sock_alloc_inode+0x25/0x1c0 [ 1212.786345][T29412] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1212.786360][T29412] ? sock_alloc_inode+0x25/0x1c0 [ 1212.786374][T29412] sock_alloc_inode+0x25/0x1c0 [ 1212.786390][T29412] alloc_inode+0x64/0x240 [ 1212.786409][T29412] sock_alloc+0x40/0x280 [ 1212.786424][T29412] sock_create_lite+0x82/0x120 [ 1212.786441][T29412] __netlink_kernel_create+0xbd/0x750 [ 1212.786456][T29412] ? __lock_acquire+0x622/0x1c90 [ 1212.786475][T29412] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1212.786496][T29412] rtnetlink_net_init+0xb9/0x140 [ 1212.786517][T29412] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 1212.786538][T29412] ? lockdep_init_map_type+0x5c/0x280 [ 1212.786558][T29412] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 1212.786577][T29412] ? __pfx_rtnetlink_bind+0x10/0x10 [ 1212.786597][T29412] ? lockdep_init_map_type+0x5c/0x280 [ 1212.786617][T29412] ? debug_mutex_init+0x37/0x70 [ 1212.786633][T29412] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 1212.786652][T29412] ops_init+0x1e2/0x5f0 [ 1212.786668][T29412] setup_net+0x100/0x390 [ 1212.786682][T29412] ? __pfx_setup_net+0x10/0x10 [ 1212.786697][T29412] ? debug_mutex_init+0x37/0x70 [ 1212.786713][T29412] copy_net_ns+0x2f8/0x690 [ 1212.786731][T29412] create_new_namespaces+0x3ea/0xa90 [ 1212.786752][T29412] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1212.786770][T29412] ksys_unshare+0x45b/0xa40 [ 1212.786789][T29412] ? __pfx_ksys_unshare+0x10/0x10 [ 1212.786808][T29412] ? xfd_validate_state+0x61/0x180 [ 1212.786833][T29412] __x64_sys_unshare+0x31/0x40 [ 1212.786851][T29412] do_syscall_64+0xcd/0xfa0 [ 1212.786869][T29412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.786884][T29412] RIP: 0033:0x7fc63098efc9 [ 1212.786897][T29412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1212.786911][T29412] RSP: 002b:00007fc6318c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1212.786925][T29412] RAX: ffffffffffffffda RBX: 00007fc630be5fa0 RCX: 00007fc63098efc9 [ 1212.786935][T29412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1212.786943][T29412] RBP: 00007fc630a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1212.786952][T29412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1212.786960][T29412] R13: 00007fc630be6038 R14: 00007fc630be5fa0 R15: 00007ffcbbca1478 [ 1212.786981][T29412] [ 1213.234748][T29396] Process accounting resumed [ 1213.241469][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807ba12800: rx timeout, send abort [ 1213.249808][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807ba12c00: rx timeout, send abort [ 1213.265934][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807ba12800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1213.280348][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807ba12c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1213.480779][T29413] hub 1-0:1.0: USB hub found [ 1213.539901][T29413] hub 1-0:1.0: 1 port detected [ 1213.895501][T29417] futex_wake_op: syz.1.7987 tries to shift op by -9; fix this program [ 1215.947493][T29423] Process accounting paused [ 1215.988897][T29449] netlink: 17 bytes leftover after parsing attributes in process `syz.1.7994'. [ 1216.001350][T29448] ima: policy update failed [ 1216.016634][ T30] audit: type=1802 audit(41974.296:37): pid=29448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.7994" res=0 errno=0 [ 1216.170142][T29457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7989'. [ 1217.303620][ T5842] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 1219.112745][T29504] ERROR: Out of memory at tomoyo_memory_ok. [ 1219.253406][T29500] sd 0:0:1:0: PR command failed: 1026 [ 1219.266435][T29500] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1219.295625][T29500] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1220.405660][T29516] netlink: 25 bytes leftover after parsing attributes in process `syz.1.8002'. [ 1222.325473][T29532] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1222.332574][T29532] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1222.343134][T29532] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1222.354734][T29532] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1222.445388][T29551] FAULT_INJECTION: forcing a failure. [ 1222.445388][T29551] name failslab, interval 1, probability 393216, space 0, times 0 [ 1222.466077][T29551] CPU: 0 UID: 0 PID: 29551 Comm: syz.1.8014 Tainted: G U syzkaller #0 PREEMPT(full) [ 1222.466107][T29551] Tainted: [U]=USER [ 1222.466112][T29551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1222.466123][T29551] Call Trace: [ 1222.466129][T29551] [ 1222.466136][T29551] dump_stack_lvl+0x16c/0x1f0 [ 1222.466159][T29551] should_fail_ex+0x512/0x640 [ 1222.466183][T29551] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1222.466203][T29551] should_failslab+0xc2/0x120 [ 1222.466224][T29551] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1222.466239][T29551] ? security_file_alloc+0x34/0x2b0 [ 1222.466258][T29551] ? security_file_alloc+0x34/0x2b0 [ 1222.466271][T29551] security_file_alloc+0x34/0x2b0 [ 1222.466286][T29551] init_file+0x93/0x4c0 [ 1222.466305][T29551] alloc_empty_file+0x73/0x1e0 [ 1222.466326][T29551] alloc_file_pseudo+0x13a/0x230 [ 1222.466347][T29551] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1222.466369][T29551] ? do_raw_spin_unlock+0x172/0x230 [ 1222.466394][T29551] __anon_inode_getfile+0xe8/0x280 [ 1222.466414][T29551] anon_inode_getfile_fmode+0x37/0xa0 [ 1222.466432][T29551] __do_sys_fanotify_init+0x9da/0xc80 [ 1222.466456][T29551] do_syscall_64+0xcd/0xfa0 [ 1222.466472][T29551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.466487][T29551] RIP: 0033:0x7f72ed58efc9 [ 1222.466499][T29551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1222.466513][T29551] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1222.466528][T29551] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1222.466537][T29551] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000006 [ 1222.466546][T29551] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1222.466555][T29551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1222.466563][T29551] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1222.466582][T29551] [ 1223.062615][T29554] tipc: Started in network mode [ 1223.074998][T29554] tipc: Node identity ee00, cluster identity 4711 [ 1223.084070][T29554] tipc: Node number set to 60928 [ 1223.655268][T29570] vhci_hcd: invalid port number 16 [ 1223.678996][T29570] vhci_hcd: invalid port number 16 [ 1223.872491][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 1224.348538][ T5842] Bluetooth: hci4: command 0x0406 tx timeout [ 1224.354588][T24967] Bluetooth: hci1: command 0x0406 tx timeout [ 1224.364729][T24967] Bluetooth: hci2: command 0x0c1a tx timeout [ 1226.223119][T29580] kexec: Could not allocate control_code_buffer [ 1226.773082][T29608] ptrace attach of "./syz-executor exec"[22465] was attempted by ""[29608] [ 1229.813601][T29660] FAULT_INJECTION: forcing a failure. [ 1229.813601][T29660] name failslab, interval 1, probability 393216, space 0, times 0 [ 1229.841309][T29660] CPU: 0 UID: 0 PID: 29660 Comm: syz.1.8040 Tainted: G U syzkaller #0 PREEMPT(full) [ 1229.841336][T29660] Tainted: [U]=USER [ 1229.841342][T29660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1229.841351][T29660] Call Trace: [ 1229.841356][T29660] [ 1229.841363][T29660] dump_stack_lvl+0x16c/0x1f0 [ 1229.841384][T29660] should_fail_ex+0x512/0x640 [ 1229.841410][T29660] ? fs_reclaim_acquire+0xae/0x150 [ 1229.841431][T29660] should_failslab+0xc2/0x120 [ 1229.841451][T29660] __kmalloc_noprof+0xdd/0x880 [ 1229.841475][T29660] ? ima_alloc_init_template+0x19d/0x720 [ 1229.841500][T29660] ? ima_alloc_init_template+0x19d/0x720 [ 1229.841521][T29660] ima_alloc_init_template+0x19d/0x720 [ 1229.841544][T29660] ? take_dentry_name_snapshot+0x319/0x7d0 [ 1229.841566][T29660] ima_store_measurement+0x1eb/0x5c0 [ 1229.841590][T29660] ? __pfx_ima_store_measurement+0x10/0x10 [ 1229.841612][T29660] ? vfs_getxattr_alloc+0xec/0x350 [ 1229.841632][T29660] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1229.841654][T29660] process_measurement+0x1ddb/0x23e0 [ 1229.841679][T29660] ? __lock_acquire+0x622/0x1c90 [ 1229.841699][T29660] ? __pfx_process_measurement+0x10/0x10 [ 1229.841718][T29660] ? __kasan_slab_alloc+0x89/0x90 [ 1229.841735][T29660] ? security_file_alloc+0x34/0x2b0 [ 1229.841749][T29660] ? alloc_empty_file+0x73/0x1e0 [ 1229.841768][T29660] ? alloc_file_pseudo+0x13a/0x230 [ 1229.841792][T29660] ? find_held_lock+0x2b/0x80 [ 1229.841829][T29660] ima_file_mmap+0x1b1/0x1d0 [ 1229.841848][T29660] ? __pfx_ima_file_mmap+0x10/0x10 [ 1229.841872][T29660] security_mmap_file+0x88c/0x990 [ 1229.841887][T29660] vm_mmap_pgoff+0xec/0x470 [ 1229.841909][T29660] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1229.841925][T29660] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1229.841946][T29660] ? hugetlbfs_get_inode+0x31f/0x730 [ 1229.841968][T29660] ksys_mmap_pgoff+0x1c8/0x5c0 [ 1229.841989][T29660] __x64_sys_mmap+0x125/0x190 [ 1229.842013][T29660] do_syscall_64+0xcd/0xfa0 [ 1229.842030][T29660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1229.842045][T29660] RIP: 0033:0x7f72ed58efc9 [ 1229.842057][T29660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1229.842072][T29660] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1229.842086][T29660] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1229.842095][T29660] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 1229.842104][T29660] RBP: 00007f72ed611f91 R08: ffffffffffffffff R09: 0000300000000000 [ 1229.842113][T29660] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 1229.842131][T29660] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1229.842151][T29660] [ 1229.845127][ T30] audit: type=1804 audit(41988.198:38): pid=29660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.1.8040" name="anon_hugepage" dev="hugetlbfs" ino=142286 res=0 errno=0 [ 1230.261315][T29658] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1230.552269][T29670] ERROR: Out of memory at tomoyo_memory_ok. [ 1233.900169][T29728] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8054'. [ 1233.955356][T29728] netlink: 93 bytes leftover after parsing attributes in process `syz.4.8054'. [ 1235.631749][T29748] FAULT_INJECTION: forcing a failure. [ 1235.631749][T29748] name failslab, interval 1, probability 393216, space 0, times 0 [ 1235.677589][T29748] CPU: 0 UID: 0 PID: 29748 Comm: syz.1.8058 Tainted: G U syzkaller #0 PREEMPT(full) [ 1235.677623][T29748] Tainted: [U]=USER [ 1235.677628][T29748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1235.677638][T29748] Call Trace: [ 1235.677644][T29748] [ 1235.677651][T29748] dump_stack_lvl+0x16c/0x1f0 [ 1235.677672][T29748] should_fail_ex+0x512/0x640 [ 1235.677694][T29748] ? fs_reclaim_acquire+0xae/0x150 [ 1235.677717][T29748] should_failslab+0xc2/0x120 [ 1235.677736][T29748] __kmalloc_cache_noprof+0x72/0x780 [ 1235.677759][T29748] ? __pfx_widen_string+0x10/0x10 [ 1235.677778][T29748] ? tomoyo_init_log+0x197/0x2140 [ 1235.677797][T29748] ? tomoyo_init_log+0x197/0x2140 [ 1235.677811][T29748] tomoyo_init_log+0x197/0x2140 [ 1235.677826][T29748] ? format_decode+0x1ad/0xd40 [ 1235.677847][T29748] ? __pfx_format_decode+0x10/0x10 [ 1235.677873][T29748] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1235.677894][T29748] tomoyo_write_log2+0x2f7/0xc10 [ 1235.677913][T29748] tomoyo_supervisor+0x15e/0x13b0 [ 1235.677934][T29748] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1235.677961][T29748] ? lockdep_hardirqs_on+0x7c/0x110 [ 1235.677979][T29748] ? kfree+0x2b8/0x6d0 [ 1235.677989][T29748] ? tomoyo_check_path_acl+0xad/0x210 [ 1235.678012][T29748] ? tomoyo_check_acl+0x1f7/0x410 [ 1235.678034][T29748] tomoyo_path_permission+0x270/0x3b0 [ 1235.678058][T29748] tomoyo_check_open_permission+0x349/0x3c0 [ 1235.678081][T29748] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1235.678123][T29748] ? do_raw_spin_lock+0x12c/0x2b0 [ 1235.678150][T29748] tomoyo_file_open+0x6b/0x90 [ 1235.678169][T29748] security_file_open+0x84/0x1e0 [ 1235.678184][T29748] do_dentry_open+0x596/0x1530 [ 1235.678206][T29748] vfs_open+0x82/0x3f0 [ 1235.678228][T29748] path_openat+0x1de4/0x2cb0 [ 1235.678249][T29748] ? kasan_save_stack+0x42/0x60 [ 1235.678266][T29748] ? __pfx_path_openat+0x10/0x10 [ 1235.678280][T29748] ? kmem_cache_alloc_noprof+0x250/0x6e0 [ 1235.678293][T29748] ? getname_flags.part.0+0x4c/0x550 [ 1235.678312][T29748] ? getname_flags+0x93/0xf0 [ 1235.678324][T29748] ? acct_on+0x82/0xa00 [ 1235.678344][T29748] ? __x64_sys_acct+0x81/0x1e0 [ 1235.678363][T29748] ? do_syscall_64+0xcd/0xfa0 [ 1235.678377][T29748] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.678394][T29748] do_filp_open+0x20b/0x470 [ 1235.678410][T29748] ? __pfx_do_filp_open+0x10/0x10 [ 1235.678441][T29748] ? find_held_lock+0x2b/0x80 [ 1235.678454][T29748] ? __might_fault+0xe3/0x190 [ 1235.678468][T29748] ? __might_fault+0xe3/0x190 [ 1235.678480][T29748] ? __might_fault+0x13b/0x190 [ 1235.678497][T29748] file_open_name+0x2a3/0x450 [ 1235.678519][T29748] ? __pfx_file_open_name+0x10/0x10 [ 1235.678542][T29748] ? getname_flags.part.0+0x1c5/0x550 [ 1235.678566][T29748] acct_on+0xc7/0xa00 [ 1235.678587][T29748] ? __pfx_acct_on+0x10/0x10 [ 1235.678608][T29748] ? bpf_lsm_capable+0x9/0x10 [ 1235.678638][T29748] __x64_sys_acct+0x81/0x1e0 [ 1235.678659][T29748] ? lockdep_hardirqs_on+0x7c/0x110 [ 1235.678675][T29748] do_syscall_64+0xcd/0xfa0 [ 1235.678692][T29748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.678707][T29748] RIP: 0033:0x7f72ed58efc9 [ 1235.678720][T29748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1235.678735][T29748] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 1235.678749][T29748] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1235.678759][T29748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 1235.678769][T29748] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1235.678778][T29748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1235.678787][T29748] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1235.678807][T29748] [ 1236.627251][T29750] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input46 [ 1236.769006][T29754] ima: policy update failed [ 1236.784698][T29754] netlink: 25 bytes leftover after parsing attributes in process `syz.1.8061'. [ 1236.801615][ T30] audit: type=1802 audit(41995.164:39): pid=29754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.8061" res=0 errno=0 [ 1236.877259][T29756] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8062'. [ 1238.050765][T29775] bond0: invalid ARP target specified [ 1238.111723][T29775] ERROR: Out of memory at tomoyo_memory_ok. [ 1239.306351][T29803] hub 8-0:1.0: USB hub found [ 1239.311328][T29803] hub 8-0:1.0: 1 port detected [ 1239.330218][T29803] random: crng reseeded on system resumption [ 1240.248795][T29817] ERROR: Out of memory at tomoyo_memory_ok. [ 1241.078428][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1241.087481][T29827] random: crng reseeded on system resumption [ 1241.094175][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1241.469075][T29837] netlink: 13 bytes leftover after parsing attributes in process `syz.1.8086'. [ 1241.670249][T29840] ERROR: Out of memory at tomoyo_memory_ok. [ 1243.232645][T29861] FAULT_INJECTION: forcing a failure. [ 1243.232645][T29861] name failslab, interval 1, probability 393216, space 0, times 0 [ 1243.268934][T29861] CPU: 0 UID: 0 PID: 29861 Comm: syz.1.8092 Tainted: G U syzkaller #0 PREEMPT(full) [ 1243.268961][T29861] Tainted: [U]=USER [ 1243.268966][T29861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1243.268975][T29861] Call Trace: [ 1243.268980][T29861] [ 1243.268987][T29861] dump_stack_lvl+0x16c/0x1f0 [ 1243.269007][T29861] should_fail_ex+0x512/0x640 [ 1243.269038][T29861] ? __kmalloc_noprof+0xca/0x880 [ 1243.269063][T29861] should_failslab+0xc2/0x120 [ 1243.269083][T29861] __kmalloc_noprof+0xdd/0x880 [ 1243.269105][T29861] ? __register_sysctl_table+0xb3/0x1900 [ 1243.269129][T29861] ? __register_sysctl_table+0xb3/0x1900 [ 1243.269148][T29861] __register_sysctl_table+0xb3/0x1900 [ 1243.269169][T29861] ? is_module_address+0x5f/0xf0 [ 1243.269192][T29861] ? __pfx___register_sysctl_table+0x10/0x10 [ 1243.269212][T29861] ? is_module_address+0x69/0xf0 [ 1243.269230][T29861] ? register_net_sysctl_sz+0x228/0x3e0 [ 1243.269251][T29861] ? __asan_memcpy+0x3c/0x60 [ 1243.269267][T29861] xfrm_sysctl_init+0x1f5/0x2d0 [ 1243.269291][T29861] xfrm_net_init+0x842/0xcc0 [ 1243.269315][T29861] ? __pfx_xfrm_net_init+0x10/0x10 [ 1243.269336][T29861] ops_init+0x1e2/0x5f0 [ 1243.269352][T29861] setup_net+0x100/0x390 [ 1243.269366][T29861] ? __pfx_setup_net+0x10/0x10 [ 1243.269381][T29861] ? debug_mutex_init+0x37/0x70 [ 1243.269399][T29861] copy_net_ns+0x2f8/0x690 [ 1243.269418][T29861] create_new_namespaces+0x3ea/0xa90 [ 1243.269439][T29861] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1243.269457][T29861] ksys_unshare+0x45b/0xa40 [ 1243.269477][T29861] ? __pfx_ksys_unshare+0x10/0x10 [ 1243.269496][T29861] ? xfd_validate_state+0x61/0x180 [ 1243.269521][T29861] __x64_sys_unshare+0x31/0x40 [ 1243.269539][T29861] do_syscall_64+0xcd/0xfa0 [ 1243.269556][T29861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.269570][T29861] RIP: 0033:0x7f72ed58efc9 [ 1243.269583][T29861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1243.269597][T29861] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1243.269612][T29861] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1243.269621][T29861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1243.269630][T29861] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1243.269639][T29861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1243.269647][T29861] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1243.269668][T29861] [ 1243.707185][T29865] ERROR: Out of memory at tomoyo_memory_ok. [ 1243.938463][T29872] Process accounting paused [ 1244.715581][T29893] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input47 [ 1245.538700][ C0] sd 0:0:1:0: [sda] tag#993 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1245.549113][ C0] sd 0:0:1:0: [sda] tag#993 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 1245.857214][T29910] kafs: addr_prefs: Invalid Command [ 1246.235244][ T5837] Bluetooth: hci3: command 0xfc11 tx timeout [ 1246.242804][T29577] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1246.606276][T29930] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 1246.619742][T29929] ERROR: Out of memory at tomoyo_memory_ok. [ 1246.803200][T29909] Process accounting resumed [ 1247.539167][T29937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8112'. [ 1248.444502][T29959] ERROR: Out of memory at tomoyo_memory_ok. [ 1251.490036][ T5837] Bluetooth: hci3: command 0xfc11 tx timeout [ 1251.497542][T29577] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1252.622903][T29998] i2c i2c-0: new_device: Extra parameters [ 1252.704573][T30007] ERROR: Out of memory at tomoyo_memory_ok. [ 1252.999386][T30008] ERROR: Out of memory at tomoyo_memory_ok. [ 1256.506431][T30039] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8134'. [ 1256.555658][T20096] usb usb38-port5: attempt power cycle [ 1257.222768][T20096] usb usb38-port5: unable to enumerate USB device [ 1258.099633][T30059] ERROR: Out of memory at tomoyo_memory_ok. [ 1258.703559][T30065] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8141'. [ 1259.317605][T30070] sp0: Synchronizing with TNC [ 1259.334325][T30070] sp0: Found TNC [ 1259.401074][T30072] netlink: 338 bytes leftover after parsing attributes in process `syz.0.8143'. [ 1259.500833][T30078] netlink: 338 bytes leftover after parsing attributes in process `syz.0.8143'. [ 1259.589071][T30075] netlink: 9 bytes leftover after parsing attributes in process `syz.3.8145'. [ 1259.856378][T30080] [U] [ 1259.859190][T30080] [U] [ 1259.861865][T30080] [U] [ 1259.864535][T30080] [U] [ 1259.874490][T30080] [U] [ 1259.877199][T30080] [U] [ 1259.880045][T30080] [U] [ 1259.882721][T30080] [U] [ 1259.904925][T30080] [U] [ 1259.907637][T30080] [U] [ 1259.910306][T30080] [U] [ 1259.912975][T30080] [U] [ 1259.943403][T30080] [U] [ 1259.946112][T30080] [U] 1qVEZAvb.!x55S6#HsGjB.,^Gz rlen\+j_ !⹏rF]8g& [ 1259.956413][T30080] [U] `Ië-$O8#~zu6'DK=L< [ 1260.016761][T30080] [U] >UodG ,yP@l$W­L. [ 1260.022803][T30080] [U] *P [ 1260.026169][T30080] [U] {aJuf@̄yNjߋ_OW1Ÿzoؘ`шšv}_1m}7و~gt1a_ [ 1260.101301][T30086] FAULT_INJECTION: forcing a failure. [ 1260.101301][T30086] name failslab, interval 1, probability 393216, space 0, times 0 [ 1260.241166][T30086] CPU: 0 UID: 0 PID: 30086 Comm: syz.3.8150 Tainted: G U syzkaller #0 PREEMPT(full) [ 1260.241193][T30086] Tainted: [U]=USER [ 1260.241198][T30086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1260.241207][T30086] Call Trace: [ 1260.241212][T30086] [ 1260.241219][T30086] dump_stack_lvl+0x16c/0x1f0 [ 1260.241240][T30086] should_fail_ex+0x512/0x640 [ 1260.241262][T30086] ? tipc_sendmsg+0x4f/0x70 [ 1260.241284][T30086] should_failslab+0xc2/0x120 [ 1260.241303][T30086] kmem_cache_alloc_node_noprof+0x78/0x770 [ 1260.241319][T30086] ? __alloc_skb+0x2b2/0x380 [ 1260.241345][T30086] ? __alloc_skb+0x2b2/0x380 [ 1260.241364][T30086] __alloc_skb+0x2b2/0x380 [ 1260.241384][T30086] ? __pfx___alloc_skb+0x10/0x10 [ 1260.241404][T30086] ? __lock_acquire+0xb8a/0x1c90 [ 1260.241430][T30086] __pskb_copy_fclone+0xef/0xb50 [ 1260.241450][T30086] tipc_msg_reassemble+0x26c/0x510 [ 1260.241465][T30086] ? __pfx_tipc_msg_reassemble+0x10/0x10 [ 1260.241481][T30086] ? lockdep_init_map_type+0x5c/0x280 [ 1260.241507][T30086] tipc_mcast_xmit+0x569/0xfe0 [ 1260.241527][T30086] ? __pfx__copy_from_iter+0x10/0x10 [ 1260.241547][T30086] ? __pfx___alloc_skb+0x10/0x10 [ 1260.241569][T30086] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 1260.241589][T30086] ? __lock_acquire+0x622/0x1c90 [ 1260.241627][T30086] ? tipc_send_group_bcast+0x803/0xa50 [ 1260.241643][T30086] tipc_send_group_bcast+0x803/0xa50 [ 1260.241667][T30086] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 1260.241684][T30086] ? css_rstat_updated+0x1c2/0x510 [ 1260.241700][T30086] ? __pfx_css_rstat_updated+0x10/0x10 [ 1260.241717][T30086] ? __pfx_woken_wake_function+0x10/0x10 [ 1260.241748][T30086] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1260.241768][T30086] __tipc_sendmsg+0x4ab/0x19a0 [ 1260.241788][T30086] ? lock_acquire+0x179/0x350 [ 1260.241811][T30086] ? __pfx___tipc_sendmsg+0x10/0x10 [ 1260.241849][T30086] ? __local_bh_enable_ip+0xa4/0x120 [ 1260.241868][T30086] tipc_sendmsg+0x4f/0x70 [ 1260.241888][T30086] sock_write_iter+0x566/0x610 [ 1260.241906][T30086] ? __pfx_sock_write_iter+0x10/0x10 [ 1260.241931][T30086] ? __futex_wait+0x24b/0x2f0 [ 1260.241953][T30086] ? copy_iovec_from_user+0x131/0x170 [ 1260.241975][T30086] do_iter_readv_writev+0x662/0x9e0 [ 1260.241991][T30086] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1260.242009][T30086] ? bpf_lsm_file_permission+0x9/0x10 [ 1260.242025][T30086] ? security_file_permission+0x71/0x210 [ 1260.242040][T30086] ? rw_verify_area+0xcf/0x6c0 [ 1260.242055][T30086] vfs_writev+0x35f/0xde0 [ 1260.242074][T30086] ? __pfx_vfs_writev+0x10/0x10 [ 1260.242112][T30086] ? __fget_files+0x20e/0x3c0 [ 1260.242132][T30086] ? do_writev+0x28c/0x340 [ 1260.242144][T30086] do_writev+0x28c/0x340 [ 1260.242160][T30086] ? __pfx_do_writev+0x10/0x10 [ 1260.242180][T30086] do_syscall_64+0xcd/0xfa0 [ 1260.242197][T30086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1260.242212][T30086] RIP: 0033:0x7fd7e178efc9 [ 1260.242225][T30086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1260.242239][T30086] RSP: 002b:00007fd7e26e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1260.242254][T30086] RAX: ffffffffffffffda RBX: 00007fd7e19e5fa0 RCX: 00007fd7e178efc9 [ 1260.242265][T30086] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1260.242274][T30086] RBP: 00007fd7e1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1260.242283][T30086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1260.242292][T30086] R13: 00007fd7e19e6038 R14: 00007fd7e19e5fa0 R15: 00007ffe63d5b8c8 [ 1260.242312][T30086] [ 1260.591835][T30080] [U] V0zlл-K=~gM|F9 [ 1260.597398][T30080] [U] [ 1260.600074][T30080] [U] [ 1260.602763][T30080] [U] [ 1260.606642][T30080] [U] [ 1260.609340][T30080] [U] [ 1260.612008][T30080] [U] [ 1260.614698][T30080] [U] [ 1260.617964][T30080] [U] [ 1260.620656][T30080] [U] [ 1260.623347][T30080] [U] [ 1260.626021][T30080] [U] [ 1260.629145][T30080] [U] [ 1260.631836][T30080] [U] [ 1260.634507][T30080] [U] [ 1260.637183][T30080] [U] [ 1260.640052][T30080] [U] [ 1260.642733][T30080] [U] [ 1260.645419][T30080] [U] [ 1260.648098][T30080] [U] [ 1260.650939][T30080] [U] [ 1260.653620][T30080] [U] [ 1260.656309][T30080] [U] [ 1260.658993][T30080] [U] [ 1260.661871][T30080] [U] [ 1260.664551][T30080] [U] [ 1260.667224][T30080] [U] [ 1260.669900][T30080] [U] [ 1260.672685][T30080] [U] [ 1260.675362][T30080] [U] [ 1260.678033][T30080] [U] [ 1260.680705][T30080] [U] [ 1260.684059][T30080] [U] [ 1260.686743][T30080] [U] [ 1260.689414][T30080] [U] [ 1260.692136][T30080] [U] [ 1260.736998][T30080] [U] [ 1261.367362][T30104] sp0: Synchronizing with TNC [ 1262.199944][T30126] random: crng reseeded on system resumption [ 1262.460799][T30133] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8164'. [ 1262.488663][T30133] netlink: 93 bytes leftover after parsing attributes in process `syz.1.8164'. [ 1262.590054][T30118] zswap: compressor not available [ 1262.650407][T30137] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8165'. [ 1262.691449][T30137] hsr_slave_0: left promiscuous mode [ 1262.697409][T30137] hsr_slave_1: left promiscuous mode [ 1262.825807][T30140] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8167'. [ 1264.132069][T30160] zswap: compressor not available [ 1264.183570][T30164] ERROR: Out of memory at tomoyo_memory_ok. [ 1264.746454][T30175] random: crng reseeded on system resumption [ 1265.627541][T30178] FAULT_INJECTION: forcing a failure. [ 1265.627541][T30178] name failslab, interval 1, probability 393216, space 0, times 0 [ 1265.654374][T30178] CPU: 0 UID: 0 PID: 30178 Comm: syz.1.8175 Tainted: G U syzkaller #0 PREEMPT(full) [ 1265.654401][T30178] Tainted: [U]=USER [ 1265.654407][T30178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1265.654416][T30178] Call Trace: [ 1265.654421][T30178] [ 1265.654428][T30178] dump_stack_lvl+0x16c/0x1f0 [ 1265.654450][T30178] should_fail_ex+0x512/0x640 [ 1265.654472][T30178] ? __kmalloc_noprof+0xca/0x880 [ 1265.654496][T30178] should_failslab+0xc2/0x120 [ 1265.654516][T30178] __kmalloc_noprof+0xdd/0x880 [ 1265.654537][T30178] ? proc_create_reg+0xe3/0x180 [ 1265.654563][T30178] ? xfrm_hash_alloc+0xd1/0x100 [ 1265.654588][T30178] ? xfrm_hash_alloc+0xd1/0x100 [ 1265.654613][T30178] xfrm_hash_alloc+0xd1/0x100 [ 1265.654633][T30178] xfrm_state_init+0x15f/0x640 [ 1265.654656][T30178] ? __pfx_xfrm_net_init+0x10/0x10 [ 1265.654677][T30178] xfrm_net_init+0x210/0xcc0 [ 1265.654701][T30178] ? __pfx_xfrm_net_init+0x10/0x10 [ 1265.654720][T30178] ops_init+0x1e2/0x5f0 [ 1265.654737][T30178] setup_net+0x100/0x390 [ 1265.654751][T30178] ? __pfx_setup_net+0x10/0x10 [ 1265.654766][T30178] ? debug_mutex_init+0x37/0x70 [ 1265.654783][T30178] copy_net_ns+0x2f8/0x690 [ 1265.654802][T30178] create_new_namespaces+0x3ea/0xa90 [ 1265.654823][T30178] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1265.654841][T30178] ksys_unshare+0x45b/0xa40 [ 1265.654860][T30178] ? __pfx_ksys_unshare+0x10/0x10 [ 1265.654879][T30178] ? xfd_validate_state+0x61/0x180 [ 1265.654905][T30178] __x64_sys_unshare+0x31/0x40 [ 1265.654923][T30178] do_syscall_64+0xcd/0xfa0 [ 1265.654940][T30178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.654955][T30178] RIP: 0033:0x7f72ed58efc9 [ 1265.654968][T30178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1265.654982][T30178] RSP: 002b:00007f72ee426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1265.654996][T30178] RAX: ffffffffffffffda RBX: 00007f72ed7e5fa0 RCX: 00007f72ed58efc9 [ 1265.655006][T30178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1265.655015][T30178] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1265.655024][T30178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1265.655033][T30178] R13: 00007f72ed7e6038 R14: 00007f72ed7e5fa0 R15: 00007fff902a2238 [ 1265.655054][T30178] [ 1266.179591][T30183] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8176'. [ 1268.179820][T30217] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8185'. [ 1268.421673][T20096] usb usb38-port5: attempt power cycle [ 1268.686462][T29577] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1269.010419][T20096] usb usb38-port5: unable to enumerate USB device [ 1269.114331][T30235] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input48 [ 1269.300443][T30237] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49 [ 1269.490770][T30243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8200'. [ 1269.575795][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1270.203175][T30251] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8193'. [ 1271.497914][T30277] random: crng reseeded on system resumption [ 1273.685320][T30302] warn_alloc: 1 callbacks suppressed [ 1273.685334][T30302] syz.3.8209: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null) [ 1273.692475][ T5837] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1273.739671][T30302] ,cpuset=/,mems_allowed=0-1 [ 1273.763629][T30302] CPU: 0 UID: 0 PID: 30302 Comm: syz.3.8209 Tainted: G U syzkaller #0 PREEMPT(full) [ 1273.763655][T30302] Tainted: [U]=USER [ 1273.763661][T30302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1273.763670][T30302] Call Trace: [ 1273.763676][T30302] [ 1273.763682][T30302] dump_stack_lvl+0x16c/0x1f0 [ 1273.763703][T30302] warn_alloc+0x248/0x3a0 [ 1273.763719][T30302] ? __pfx_warn_alloc+0x10/0x10 [ 1273.763746][T30302] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1273.763766][T30302] __vmalloc_node_range_noprof+0xfbc/0x1480 [ 1273.763796][T30302] ? __pfx___might_resched+0x10/0x10 [ 1273.763814][T30302] ? rcu_is_watching+0x12/0xc0 [ 1273.763829][T30302] ? trace_contention_end+0xdd/0x130 [ 1273.763850][T30302] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1273.763869][T30302] ? tomoyo_path_number_perm+0x295/0x580 [ 1273.763896][T30302] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1273.763916][T30302] ? __pfx___mutex_lock+0x10/0x10 [ 1273.763934][T30302] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1273.763960][T30302] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1273.763978][T30302] __vmalloc_node_noprof+0xad/0xf0 [ 1273.763998][T30302] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1273.764018][T30302] dvb_dvr_do_ioctl+0x15d/0x290 [ 1273.764043][T30302] dvb_usercopy+0x167/0x340 [ 1273.764061][T30302] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1273.764080][T30302] ? __pfx_dvb_usercopy+0x10/0x10 [ 1273.764105][T30302] ? __fget_files+0x20e/0x3c0 [ 1273.764123][T30302] dvb_dvr_ioctl+0x29/0x40 [ 1273.764140][T30302] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1273.764159][T30302] __x64_sys_ioctl+0x18e/0x210 [ 1273.764182][T30302] do_syscall_64+0xcd/0xfa0 [ 1273.764199][T30302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1273.764214][T30302] RIP: 0033:0x7fd7e178efc9 [ 1273.764226][T30302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1273.764241][T30302] RSP: 002b:00007fd7e26e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1273.764256][T30302] RAX: ffffffffffffffda RBX: 00007fd7e19e5fa0 RCX: 00007fd7e178efc9 [ 1273.764265][T30302] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000007 [ 1273.764275][T30302] RBP: 00007fd7e1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1273.764284][T30302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1273.764292][T30302] R13: 00007fd7e19e6038 R14: 00007fd7e19e5fa0 R15: 00007ffe63d5b8c8 [ 1273.764314][T30302] [ 1273.764320][T30302] Mem-Info: [ 1274.685985][T30302] active_anon:3507 inactive_anon:31723 isolated_anon:65 [ 1274.685985][T30302] active_file:21631 inactive_file:38638 isolated_file:0 [ 1274.685985][T30302] unevictable:768 dirty:694 writeback:0 [ 1274.685985][T30302] slab_reclaimable:12879 slab_unreclaimable:101194 [ 1274.685985][T30302] mapped:33033 shmem:21832 pagetables:1632 [ 1274.685985][T30302] sec_pagetables:0 bounce:0 [ 1274.685985][T30302] kernel_misc_reclaimable:0 [ 1274.685985][T30302] free:1280774 free_pcp:10806 free_cma:0 [ 1274.891353][T30302] Node 0 active_anon:14024kB inactive_anon:125712kB active_file:81852kB inactive_file:154424kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133296kB dirty:2784kB writeback:0kB shmem:88684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11984kB pagetables:6172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1275.233669][T30302] Node 1 active_anon:0kB inactive_anon:0kB active_file:4680kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1275.336675][T30302] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1275.421495][T29577] Bluetooth: hci0: unexpected event 0x35 length: 13 > 6 [ 1275.430664][T30329] ERROR: Out of memory at tomoyo_memory_ok. [ 1275.469000][T30302] lowmem_reserve[]: 0 2485 2487 2487 2487 [ 1275.495000][T30302] Node 0 DMA32 free:1202376kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14024kB inactive_anon:136788kB active_file:81956kB inactive_file:154320kB unevictable:1536kB writepending:2784kB zspages:2084kB present:3129332kB managed:2545108kB mlocked:0kB bounce:0kB free_pcp:29008kB local_pcp:29008kB free_cma:0kB [ 1275.549972][T30325] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1275.561386][T30325] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1275.570993][T30325] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1275.582254][T30325] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1275.627755][T30325] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1275.635308][T30325] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1275.751049][T30302] lowmem_reserve[]: 0 0 1 1 1 [ 1275.789439][T30335] ima: policy update failed [ 1275.797923][T30335] netlink: 25 bytes leftover after parsing attributes in process `syz.1.8219'. [ 1275.808098][ T30] audit: type=1802 audit(4294967330.537:40): pid=30335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.8219" res=0 errno=0 [ 1275.930225][T30302] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1276.228511][T30302] lowmem_reserve[]: 0 0 0 0 0 [ 1276.298310][T30302] Node 1 Normal free:3900292kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4680kB inactive_file:128kB unevictable:1536kB writepending:16kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:11612kB local_pcp:11612kB free_cma:0kB [ 1276.566769][T30302] lowmem_reserve[]: 0 0 0 0 0 [ 1276.622024][T30302] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1276.700251][T30332] Process accounting paused [ 1276.767415][T30302] Node 0 DMA32: 3011*4kB (UME) 4591*8kB (UME) 1968*16kB (UME) 1796*32kB (UME) 1149*64kB (UME) 426*128kB (UME) 242*256kB (UME) 136*512kB (UME) 80*1024kB (UME) 8*2048kB (UM) 164*4096kB (UM) = 1167428kB [ 1276.792694][T30353] Invalid ELF header magic: != ELF [ 1276.863201][T30353] netlink: 330 bytes leftover after parsing attributes in process `syz.1.8226'. [ 1276.939905][T30302] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1276.984378][T30302] Node 1 Normal: 194*4kB (UME) 53*8kB (UME) 30*16kB (UME) 207*32kB (UME) 107*64kB (UME) 37*128kB (UME) 22*256kB (UME) 10*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 943*4096kB (M) = 3900336kB [ 1277.042717][T30302] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1277.063757][T30302] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=4 hugepages_size=2048kB [ 1277.095259][T30302] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1277.121302][T30302] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1277.141764][T30302] 87916 total pagecache pages [ 1277.152290][T30302] 113 pages in swap cache [ 1277.161087][T30302] Free swap = 99608kB [ 1277.170816][T30302] Total swap = 124996kB [ 1277.179488][T30302] 2097051 pages RAM [ 1277.188852][T30302] 0 pages HighMem/MovableOnly [ 1277.198762][T30302] 428684 pages reserved [ 1277.207750][T30302] 0 pages cma reserved [ 1277.272564][T30302] Process accounting resumed [ 1277.408692][T30366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8228'. [ 1277.529794][T30367] netlink: 'syz.4.8223': attribute type 1 has an invalid length. [ 1277.591670][T29577] Bluetooth: hci2: command 0x0c1a tx timeout [ 1277.671857][T29577] Bluetooth: hci4: command 0x0406 tx timeout [ 1277.677989][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1278.133072][T30363] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1278.140077][T30363] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1278.146272][T30363] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1278.153016][T30363] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1278.228749][T30382] vivid-003: ================= START STATUS ================= [ 1278.237726][T30382] vivid-003: Radio HW Seek Mode: Bounded [ 1278.246586][T30382] vivid-003: Radio Programmable HW Seek: false [ 1278.259536][T30382] vivid-003: RDS Rx I/O Mode: Block I/O [ 1278.265201][T30382] vivid-003: Generate RBDS Instead of RDS: false [ 1278.278981][T30382] vivid-003: RDS Reception: true [ 1278.283966][T30382] vivid-003: RDS Program Type: 0 inactive [ 1278.301167][T30382] vivid-003: RDS PS Name: inactive [ 1278.308520][T30382] vivid-003: RDS Radio Text: inactive [ 1278.317627][T30382] vivid-003: RDS Traffic Announcement: false inactive [ 1278.324709][T30382] vivid-003: RDS Traffic Program: false inactive [ 1278.339955][T30382] vivid-003: RDS Music: false inactive [ 1278.349654][T30382] vivid-003: ================== END STATUS ================== [ 1278.744091][T30392] random: crng reseeded on system resumption [ 1279.459210][T30399] netlink: 17 bytes leftover after parsing attributes in process `syz.0.8237'. [ 1279.503712][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 1280.138336][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 1280.145039][T29577] Bluetooth: hci1: command 0x0406 tx timeout [ 1280.217873][T29577] Bluetooth: hci4: command 0x0406 tx timeout [ 1281.571389][T29577] Bluetooth: hci0: command 0x0406 tx timeout [ 1281.812724][ T5837] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1282.190953][T30428] can0: slcan on ptm0. [ 1282.427637][T30427] can0 (unregistered): slcan off ptm0. [ 1283.112984][T30444] Falling back ldisc for pty66. [ 1284.544592][T30475] syz.1.8254: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1284.572259][T30475] CPU: 0 UID: 0 PID: 30475 Comm: syz.1.8254 Tainted: G U syzkaller #0 PREEMPT(full) [ 1284.572285][T30475] Tainted: [U]=USER [ 1284.572290][T30475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1284.572299][T30475] Call Trace: [ 1284.572305][T30475] [ 1284.572311][T30475] dump_stack_lvl+0x16c/0x1f0 [ 1284.572332][T30475] warn_alloc+0x248/0x3a0 [ 1284.572349][T30475] ? __pfx_warn_alloc+0x10/0x10 [ 1284.572376][T30475] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1284.572397][T30475] __vmalloc_node_range_noprof+0xfbc/0x1480 [ 1284.572419][T30475] ? __pfx___might_resched+0x10/0x10 [ 1284.572436][T30475] ? rcu_is_watching+0x12/0xc0 [ 1284.572452][T30475] ? trace_contention_end+0xdd/0x130 [ 1284.572472][T30475] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1284.572491][T30475] ? tomoyo_path_number_perm+0x295/0x580 [ 1284.572517][T30475] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1284.572537][T30475] ? __pfx___mutex_lock+0x10/0x10 [ 1284.572555][T30475] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1284.572580][T30475] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1284.572598][T30475] __vmalloc_node_noprof+0xad/0xf0 [ 1284.572617][T30475] ? dvb_dvr_do_ioctl+0x15d/0x290 [ 1284.572638][T30475] dvb_dvr_do_ioctl+0x15d/0x290 [ 1284.572669][T30475] dvb_usercopy+0x167/0x340 [ 1284.572688][T30475] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 1284.572708][T30475] ? __pfx_dvb_usercopy+0x10/0x10 [ 1284.572734][T30475] ? __fget_files+0x20e/0x3c0 [ 1284.572753][T30475] dvb_dvr_ioctl+0x29/0x40 [ 1284.572770][T30475] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 1284.572788][T30475] __x64_sys_ioctl+0x18e/0x210 [ 1284.572811][T30475] do_syscall_64+0xcd/0xfa0 [ 1284.572827][T30475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1284.572841][T30475] RIP: 0033:0x7f72ed58efc9 [ 1284.572854][T30475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1284.572868][T30475] RSP: 002b:00007f72ee3e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1284.572881][T30475] RAX: ffffffffffffffda RBX: 00007f72ed7e6180 RCX: 00007f72ed58efc9 [ 1284.572891][T30475] RDX: ffffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000007 [ 1284.572900][T30475] RBP: 00007f72ed611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1284.572908][T30475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1284.572916][T30475] R13: 00007f72ed7e6218 R14: 00007f72ed7e6180 R15: 00007fff902a2238 [ 1284.572935][T30475] [ 1284.572941][T30475] Mem-Info: [ 1285.001943][T30475] active_anon:3507 inactive_anon:24180 isolated_anon:0 [ 1285.001943][T30475] active_file:19619 inactive_file:38575 isolated_file:0 [ 1285.001943][T30475] unevictable:768 dirty:654 writeback:0 [ 1285.001943][T30475] slab_reclaimable:12806 slab_unreclaimable:100539 [ 1285.001943][T30475] mapped:26465 shmem:13734 pagetables:1597 [ 1285.001943][T30475] sec_pagetables:0 bounce:0 [ 1285.001943][T30475] kernel_misc_reclaimable:0 [ 1285.001943][T30475] free:1289303 free_pcp:12527 free_cma:0 [ 1285.106754][T30475] Node 0 active_anon:14028kB inactive_anon:98592kB active_file:73796kB inactive_file:154172kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105844kB dirty:2608kB writeback:0kB shmem:53400kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12016kB pagetables:6248kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1285.172089][T30475] Node 1 active_anon:0kB inactive_anon:0kB active_file:4680kB inactive_file:128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1285.271451][T30475] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1285.334162][T30475] lowmem_reserve[]: 0 2485 2487 2487 2487 [ 1285.351081][T30475] Node 0 DMA32 free:1236944kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14028kB inactive_anon:96824kB active_file:73796kB inactive_file:154172kB unevictable:1536kB writepending:2608kB zspages:2084kB present:3129332kB managed:2545108kB mlocked:0kB bounce:0kB free_pcp:42284kB local_pcp:42284kB free_cma:0kB [ 1285.414606][T30475] lowmem_reserve[]: 0 0 1 1 1 [ 1285.419335][T30475] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1285.474878][T30475] lowmem_reserve[]: 0 0 0 0 0 [ 1285.485898][T30475] Node 1 Normal free:3900840kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4680kB inactive_file:128kB unevictable:1536kB writepending:8kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:11108kB local_pcp:11108kB free_cma:0kB [ 1285.546009][T30475] lowmem_reserve[]: 0 0 0 0 0 [ 1285.557386][T30475] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1285.585304][T30475] Node 0 DMA32: 6585*4kB (UME) 3686*8kB (UME) 2081*16kB (UME) 1735*32kB (UME) 1199*64kB (UME) 596*128kB (UME) 297*256kB (UME) 156*512kB (UME) 81*1024kB (UME) 10*2048kB (UM) 166*4096kB (UM) = 1236932kB [ 1285.629923][T30475] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1285.665194][T30475] Node 1 Normal: 194*4kB (UME) 54*8kB (UME) 31*16kB (UME) 206*32kB (UME) 107*64kB (UME) 37*128kB (UME) 22*256kB (UME) 11*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 943*4096kB (M) = 3900840kB [ 1285.694589][T30475] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1285.710022][T30475] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=4 hugepages_size=2048kB [ 1285.724244][T30475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1285.747414][T30475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1285.767904][T30475] 72037 total pagecache pages [ 1285.776700][T30475] 113 pages in swap cache [ 1285.791551][T30475] Free swap = 99608kB [ 1285.795649][T30475] Total swap = 124996kB [ 1285.808343][T30475] 2097051 pages RAM [ 1285.818859][T30475] 0 pages HighMem/MovableOnly [ 1285.828346][T30475] 428684 pages reserved [ 1285.832708][T30475] 0 pages cma reserved [ 1286.200174][T30495] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 1287.801334][T30520] dump_stack_lvl+0x16c/0x1f0 [ 1287.801363][T30520] should_fail_ex+0x512/0x640 [ 1287.801392][T30520] should_fail_futex+0x4c/0x60 [ 1287.801411][T30520] futex_lock_pi_atomic+0x101/0xd50 [ 1287.801437][T30520] futex_lock_pi+0x23f/0x7c0 [ 1287.801461][T30520] ? __pfx_futex_lock_pi+0x10/0x10 [ 1287.801481][T30520] ? __futex_wait+0x24b/0x2f0 [ 1287.801517][T30520] ? futex_private_hash_put+0x18a/0x300 [ 1287.801593][T30520] ? __pfx_futex_wake_mark+0x10/0x10 [ 1287.801639][T30520] ? ksys_write+0x190/0x250 [ 1287.801666][T30520] do_futex+0x11a/0x350 [ 1287.801689][T30520] ? __pfx_do_futex+0x10/0x10 [ 1287.801715][T30520] __x64_sys_futex+0x1e0/0x4c0 [ 1287.801735][T30520] ? fput+0x9b/0xd0 [ 1287.801753][T30520] ? __pfx___x64_sys_futex+0x10/0x10 [ 1287.801772][T30520] ? xfd_validate_state+0x61/0x180 [ 1287.801792][T30520] ? __pfx_ksys_write+0x10/0x10 [ 1287.801812][T30520] do_syscall_64+0xcd/0xfa0 [ 1287.801830][T30520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1287.801905][T30520] RIP: 0033:0x7fdae078efc9 [ 1287.801938][T30520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1287.801959][T30520] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1287.801977][T30520] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1287.801988][T30520] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1287.801998][T30520] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 000000008000fff5 [ 1287.802009][T30520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1287.802019][T30520] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1287.802041][T30520] [ 1288.292699][T30529] vivid-003: ================= START STATUS ================= [ 1288.292718][T30529] vivid-003: Radio HW Seek Mode: Bounded [ 1288.292759][T30529] vivid-003: Radio Programmable HW Seek: false [ 1288.292775][T30529] vivid-003: RDS Rx I/O Mode: Block I/O [ 1288.292791][T30529] vivid-003: Generate RBDS Instead of RDS: false [ 1288.292808][T30529] vivid-003: RDS Reception: true [ 1288.292823][T30529] vivid-003: RDS Program Type: 0 inactive [ 1288.292843][T30529] vivid-003: RDS PS Name: inactive [ 1288.292862][T30529] vivid-003: RDS Radio Text: inactive [ 1288.292880][T30529] vivid-003: RDS Traffic Announcement: false inactive [ 1288.292899][T30529] vivid-003: RDS Traffic Program: false inactive [ 1288.292917][T30529] vivid-003: RDS Music: false inactive [ 1288.292935][T30529] vivid-003: ================== END STATUS ================== [ 1288.407509][T30530] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 1288.794167][ T5185] ERROR: Out of memory at tomoyo_memory_ok. [ 1288.832756][T30538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8265'. [ 1289.443248][T30525] kexec: Could not allocate control_code_buffer [ 1289.626739][T30533] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 1290.483070][T30559] netlink: 9 bytes leftover after parsing attributes in process `syz.3.8270'. [ 1290.871319][T30563] netlink: 326 bytes leftover after parsing attributes in process `syz.4.8272'. [ 1293.768016][T30602] random: crng reseeded on system resumption [ 1294.155233][T30605] usb usb15: usbfs: process 30605 (syz.1.8283) did not claim interface 0 before use [ 1294.436699][T30609] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8284'. [ 1294.558506][T30601] FAULT_INJECTION: forcing a failure. [ 1294.558506][T30601] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1294.673887][T30601] CPU: 0 UID: 0 PID: 30601 Comm: syz.0.8281 Tainted: G U syzkaller #0 PREEMPT(full) [ 1294.673914][T30601] Tainted: [U]=USER [ 1294.673920][T30601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1294.673929][T30601] Call Trace: [ 1294.673934][T30601] [ 1294.673940][T30601] dump_stack_lvl+0x16c/0x1f0 [ 1294.673961][T30601] should_fail_ex+0x512/0x640 [ 1294.673986][T30601] get_futex_key+0x1d0/0x1560 [ 1294.674007][T30601] ? __pfx_get_futex_key+0x10/0x10 [ 1294.674025][T30601] ? __mutex_trylock_common+0xe9/0x250 [ 1294.674050][T30601] futex_wake+0xea/0x530 [ 1294.674074][T30601] ? __pfx_futex_wake+0x10/0x10 [ 1294.674094][T30601] ? __lock_acquire+0xb8a/0x1c90 [ 1294.674121][T30601] do_futex+0x1e3/0x350 [ 1294.674140][T30601] ? __pfx_do_futex+0x10/0x10 [ 1294.674158][T30601] ? __might_fault+0xe3/0x190 [ 1294.674177][T30601] mm_release+0x24e/0x300 [ 1294.674194][T30601] do_exit+0x68e/0x2bf0 [ 1294.674217][T30601] ? __pfx_do_exit+0x10/0x10 [ 1294.674236][T30601] ? do_raw_spin_lock+0x12c/0x2b0 [ 1294.674260][T30601] ? find_held_lock+0x2b/0x80 [ 1294.674277][T30601] do_group_exit+0xd3/0x2a0 [ 1294.674298][T30601] get_signal+0x2671/0x26d0 [ 1294.674326][T30601] ? __pfx_get_signal+0x10/0x10 [ 1294.674342][T30601] ? do_futex+0x122/0x350 [ 1294.674360][T30601] ? __pfx_do_futex+0x10/0x10 [ 1294.674381][T30601] arch_do_signal_or_restart+0x8f/0x790 [ 1294.674400][T30601] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1294.674423][T30601] ? xfd_validate_state+0x61/0x180 [ 1294.674442][T30601] ? __pfx___do_sys_close_range+0x10/0x10 [ 1294.674463][T30601] exit_to_user_mode_loop+0x85/0x130 [ 1294.674485][T30601] do_syscall_64+0x426/0xfa0 [ 1294.674503][T30601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1294.674518][T30601] RIP: 0033:0x7fc63098efc9 [ 1294.674530][T30601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1294.674545][T30601] RSP: 002b:00007fc6318800e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1294.674559][T30601] RAX: fffffffffffffe00 RBX: 00007fc630be6188 RCX: 00007fc63098efc9 [ 1294.674569][T30601] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc630be6188 [ 1294.674578][T30601] RBP: 00007fc630be6180 R08: 0000000000000000 R09: 0000000000000000 [ 1294.674587][T30601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1294.674596][T30601] R13: 00007fc630be6218 R14: 00007ffcbbca1390 R15: 00007ffcbbca1478 [ 1294.674614][T30601] [ 1296.388718][T30628] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1296.467035][T30628] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1296.506570][T30628] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1296.552003][T30628] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1297.878475][T30653] ERROR: Out of memory at tomoyo_memory_ok. [ 1298.422554][T30662] XFS: Clearing xfsstats [ 1298.442996][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 1298.522621][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1298.528647][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 1298.602157][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 1300.663409][T30703] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8306'. [ 1300.681564][T30703] bond0: entered allmulticast mode [ 1300.691267][T30703] bond_slave_0: entered allmulticast mode [ 1300.702376][T30703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1301.171507][T30710] Invalid ELF header magic: != ELF [ 1301.674483][T30716] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1302.188124][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1302.194660][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1302.710484][T30699] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1302.738642][T30699] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1302.824161][T30699] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1302.843734][T30699] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1302.979642][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 1303.616981][T30754] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1303.646751][T30754] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1303.673462][T30754] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1303.694569][T30754] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1304.544030][T30769] netlink: 64 bytes leftover after parsing attributes in process `syz.0.8324'. [ 1305.621776][T30788] zswap: compressor 000 not available [ 1305.685403][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 1305.691438][T29577] Bluetooth: hci1: command 0x0406 tx timeout [ 1305.697509][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 1305.703492][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 1306.131518][T30804] netlink: 25 bytes leftover after parsing attributes in process `syz.1.8330'. [ 1306.731044][T30813] XFS: Clearing xfsstats [ 1307.263123][T30824] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1307.771365][T30805] Process accounting resumed [ 1307.798366][T30817] Process accounting paused [ 1307.985271][T30836] sp0: Synchronizing with TNC [ 1308.418640][T30854] Console: switching to colour VGA+ 4x1 [ 1308.499185][T30855] ================================================================== [ 1308.507263][T30855] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 1308.514976][T30855] Read of size 8 at addr ffff888146f45818 by task syz.4.8345/30855 [ 1308.522842][T30855] [ 1308.525149][T30855] CPU: 0 UID: 0 PID: 30855 Comm: syz.4.8345 Tainted: G U syzkaller #0 PREEMPT(full) [ 1308.525171][T30855] Tainted: [U]=USER [ 1308.525176][T30855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1308.525185][T30855] Call Trace: [ 1308.525192][T30855] [ 1308.525199][T30855] dump_stack_lvl+0x116/0x1f0 [ 1308.525217][T30855] print_report+0xcd/0x630 [ 1308.525236][T30855] ? __virt_addr_valid+0x81/0x610 [ 1308.525256][T30855] ? __phys_addr+0xe8/0x180 [ 1308.525278][T30855] ? dvb_device_open+0x36a/0x3b0 [ 1308.525295][T30855] kasan_report+0xe0/0x110 [ 1308.525319][T30855] ? dvb_device_open+0x36a/0x3b0 [ 1308.525337][T30855] ? __pfx_dvb_device_open+0x10/0x10 [ 1308.525354][T30855] dvb_device_open+0x36a/0x3b0 [ 1308.525372][T30855] ? __pfx_dvb_device_open+0x10/0x10 [ 1308.525390][T30855] chrdev_open+0x234/0x6a0 [ 1308.525406][T30855] ? __pfx_apparmor_file_open+0x10/0x10 [ 1308.525427][T30855] ? __pfx_chrdev_open+0x10/0x10 [ 1308.525444][T30855] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1308.525461][T30855] do_dentry_open+0x982/0x1530 [ 1308.525478][T30855] ? __pfx_chrdev_open+0x10/0x10 [ 1308.525496][T30855] vfs_open+0x82/0x3f0 [ 1308.525516][T30855] path_openat+0x1de4/0x2cb0 [ 1308.525533][T30855] ? __pfx_path_openat+0x10/0x10 [ 1308.525548][T30855] ? __lock_acquire+0xb8a/0x1c90 [ 1308.525568][T30855] do_filp_open+0x20b/0x470 [ 1308.525583][T30855] ? __pfx_do_filp_open+0x10/0x10 [ 1308.525603][T30855] ? alloc_fd+0x471/0x7d0 [ 1308.525619][T30855] do_sys_openat2+0x11b/0x1d0 [ 1308.525638][T30855] ? __pfx_do_sys_openat2+0x10/0x10 [ 1308.525661][T30855] __x64_sys_openat+0x174/0x210 [ 1308.525681][T30855] ? __pfx___x64_sys_openat+0x10/0x10 [ 1308.525705][T30855] do_syscall_64+0xcd/0xfa0 [ 1308.525721][T30855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.525736][T30855] RIP: 0033:0x7fdae078efc9 [ 1308.525748][T30855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1308.525763][T30855] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1308.525777][T30855] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1308.525787][T30855] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1308.525797][T30855] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1308.525806][T30855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1308.525815][T30855] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1308.525830][T30855] [ 1308.525835][T30855] [ 1308.775534][T30855] Allocated by task 30128: [ 1308.780016][T30855] kasan_save_stack+0x33/0x60 [ 1308.784677][T30855] kasan_save_track+0x14/0x30 [ 1308.789332][T30855] __kasan_kmalloc+0xaa/0xb0 [ 1308.793900][T30855] __kmalloc_noprof+0x32f/0x880 [ 1308.798732][T30855] snd_midi_event_new+0xa1/0x210 [ 1308.803652][T30855] snd_virmidi_output_open+0x106/0x670 [ 1308.809093][T30855] open_substream+0x480/0x990 [ 1308.813760][T30855] rawmidi_open_priv+0x543/0x6e0 [ 1308.818679][T30855] snd_rawmidi_open+0x4cb/0xbf0 [ 1308.823687][T30855] snd_open+0x22d/0x4c0 [ 1308.827830][T30855] chrdev_open+0x234/0x6a0 [ 1308.832230][T30855] do_dentry_open+0x982/0x1530 [ 1308.836988][T30855] vfs_open+0x82/0x3f0 [ 1308.841059][T30855] path_openat+0x1de4/0x2cb0 [ 1308.845648][T30855] do_filp_open+0x20b/0x470 [ 1308.850141][T30855] do_sys_openat2+0x11b/0x1d0 [ 1308.854811][T30855] __x64_sys_openat+0x174/0x210 [ 1308.859656][T30855] do_syscall_64+0xcd/0xfa0 [ 1308.864232][T30855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.870112][T30855] [ 1308.872422][T30855] Freed by task 30128: [ 1308.876502][T30855] kasan_save_stack+0x33/0x60 [ 1308.881250][T30855] kasan_save_track+0x14/0x30 [ 1308.885930][T30855] __kasan_save_free_info+0x3b/0x60 [ 1308.891108][T30855] __kasan_slab_free+0x5f/0x80 [ 1308.895855][T30855] kfree+0x2b8/0x6d0 [ 1308.899727][T30855] snd_midi_event_free+0x3b/0x50 [ 1308.904649][T30855] snd_virmidi_output_close+0xc2/0x160 [ 1308.910090][T30855] close_substream.part.0+0x195/0x900 [ 1308.915454][T30855] rawmidi_release_priv+0x231/0x2a0 [ 1308.920644][T30855] snd_rawmidi_release+0x5a/0xf0 [ 1308.925568][T30855] __fput+0x402/0xb70 [ 1308.929621][T30855] task_work_run+0x150/0x240 [ 1308.934218][T30855] exit_to_user_mode_loop+0xec/0x130 [ 1308.939491][T30855] do_syscall_64+0x426/0xfa0 [ 1308.944086][T30855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.950131][T30855] [ 1308.952452][T30855] The buggy address belongs to the object at ffff888146f45800 [ 1308.952452][T30855] which belongs to the cache kmalloc-256 of size 256 [ 1308.966505][T30855] The buggy address is located 24 bytes inside of [ 1308.966505][T30855] freed 256-byte region [ffff888146f45800, ffff888146f45900) [ 1308.980294][T30855] [ 1308.982608][T30855] The buggy address belongs to the physical page: [ 1308.988997][T30855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888146f45800 pfn:0x146f44 [ 1308.999132][T30855] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1309.007610][T30855] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff) [ 1309.016186][T30855] page_type: f5(slab) [ 1309.020154][T30855] raw: 057ff00000000240 ffff88813ffa6b40 ffffea000504b290 ffffea00052fb310 [ 1309.028716][T30855] raw: ffff888146f45800 000000000010000f 00000000f5000000 0000000000000000 [ 1309.037296][T30855] head: 057ff00000000240 ffff88813ffa6b40 ffffea000504b290 ffffea00052fb310 [ 1309.046031][T30855] head: ffff888146f45800 000000000010000f 00000000f5000000 0000000000000000 [ 1309.054773][T30855] head: 057ff00000000001 ffffea00051bd101 00000000ffffffff 00000000ffffffff [ 1309.063422][T30855] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1309.072064][T30855] page dumped because: kasan: bad access detected [ 1309.078460][T30855] page_owner tracks the page as allocated [ 1309.084147][T30855] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19976179623, free_ts 0 [ 1309.104443][T30855] post_alloc_hook+0x1c0/0x230 [ 1309.109197][T30855] get_page_from_freelist+0x10a3/0x3a30 [ 1309.114749][T30855] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 1309.120620][T30855] alloc_pages_mpol+0x1fb/0x550 [ 1309.125456][T30855] new_slab+0x24a/0x360 [ 1309.129596][T30855] ___slab_alloc+0xdc4/0x1ae0 [ 1309.134257][T30855] __slab_alloc.constprop.0+0x63/0x110 [ 1309.139699][T30855] __kmalloc_cache_noprof+0x477/0x780 [ 1309.145081][T30855] bus_add_driver+0x92/0x690 [ 1309.149653][T30855] driver_register+0x15c/0x4b0 [ 1309.154504][T30855] usb_register_driver+0x216/0x4d0 [ 1309.159605][T30855] do_one_initcall+0x123/0x6e0 [ 1309.164353][T30855] kernel_init_freeable+0x5c8/0x920 [ 1309.169535][T30855] kernel_init+0x1c/0x2b0 [ 1309.173873][T30855] ret_from_fork+0x675/0x7d0 [ 1309.178450][T30855] ret_from_fork_asm+0x1a/0x30 [ 1309.183213][T30855] page_owner free stack trace missing [ 1309.188554][T30855] [ 1309.190854][T30855] Memory state around the buggy address: [ 1309.196466][T30855] ffff888146f45700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1309.204513][T30855] ffff888146f45780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1309.212564][T30855] >ffff888146f45800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1309.220613][T30855] ^ [ 1309.225445][T30855] ffff888146f45880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1309.233491][T30855] ffff888146f45900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1309.241541][T30855] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1310.100544][T30858] ERROR: Out of memory at tomoyo_memory_ok. [ 1310.309271][T28794] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz.1.7804: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 1310.325023][T28794] EXT4-fs error (device sda1) in ext4_free_inode:361: Filesystem failed CRC [ 1310.342653][T28794] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.1.7804: Error -117 reading block bitmap for 2 [ 1310.400395][T28794] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1310.791747][ T7253] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.0.517: Error -117 reading block bitmap for 2 [ 1310.866582][ T7253] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1310.930450][ T7253] EXT4-fs error (device sda1): ext4_discard_preallocations:5681: comm syz.0.517: Error -117 reading block bitmap for 2 [ 1310.994541][ T7253] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1311.021931][T30855] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1311.029234][T30855] CPU: 0 UID: 0 PID: 30855 Comm: syz.4.8345 Tainted: G U syzkaller #0 PREEMPT(full) [ 1311.040239][T30855] Tainted: [U]=USER [ 1311.044016][T30855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1311.054045][T30855] Call Trace: [ 1311.057303][T30855] [ 1311.060215][T30855] dump_stack_lvl+0x3d/0x1f0 [ 1311.064789][T30855] vpanic+0x640/0x6f0 [ 1311.068756][T30855] panic+0xca/0xd0 [ 1311.072497][T30855] ? __pfx_panic+0x10/0x10 [ 1311.076900][T30855] ? dvb_device_open+0x36a/0x3b0 [ 1311.081819][T30855] ? preempt_schedule_common+0x44/0xc0 [ 1311.087257][T30855] ? preempt_schedule_thunk+0x16/0x30 [ 1311.092621][T30855] check_panic_on_warn+0xab/0xb0 [ 1311.097546][T30855] end_report+0x107/0x170 [ 1311.101860][T30855] kasan_report+0xee/0x110 [ 1311.106267][T30855] ? dvb_device_open+0x36a/0x3b0 [ 1311.111200][T30855] ? __pfx_dvb_device_open+0x10/0x10 [ 1311.116477][T30855] dvb_device_open+0x36a/0x3b0 [ 1311.121233][T30855] ? __pfx_dvb_device_open+0x10/0x10 [ 1311.126615][T30855] chrdev_open+0x234/0x6a0 [ 1311.131110][T30855] ? __pfx_apparmor_file_open+0x10/0x10 [ 1311.136732][T30855] ? __pfx_chrdev_open+0x10/0x10 [ 1311.141686][T30855] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1311.148003][T30855] do_dentry_open+0x982/0x1530 [ 1311.152759][T30855] ? __pfx_chrdev_open+0x10/0x10 [ 1311.157692][T30855] vfs_open+0x82/0x3f0 [ 1311.161755][T30855] path_openat+0x1de4/0x2cb0 [ 1311.166336][T30855] ? __pfx_path_openat+0x10/0x10 [ 1311.171371][T30855] ? __lock_acquire+0xb8a/0x1c90 [ 1311.176315][T30855] do_filp_open+0x20b/0x470 [ 1311.180842][T30855] ? __pfx_do_filp_open+0x10/0x10 [ 1311.185868][T30855] ? alloc_fd+0x471/0x7d0 [ 1311.190184][T30855] do_sys_openat2+0x11b/0x1d0 [ 1311.194850][T30855] ? __pfx_do_sys_openat2+0x10/0x10 [ 1311.200041][T30855] __x64_sys_openat+0x174/0x210 [ 1311.204882][T30855] ? __pfx___x64_sys_openat+0x10/0x10 [ 1311.210246][T30855] do_syscall_64+0xcd/0xfa0 [ 1311.214734][T30855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1311.220618][T30855] RIP: 0033:0x7fdae078efc9 [ 1311.225016][T30855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1311.244612][T30855] RSP: 002b:00007fdae1564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1311.253005][T30855] RAX: ffffffffffffffda RBX: 00007fdae09e5fa0 RCX: 00007fdae078efc9 [ 1311.260963][T30855] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1311.268915][T30855] RBP: 00007fdae0811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1311.276966][T30855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1311.284928][T30855] R13: 00007fdae09e6038 R14: 00007fdae09e5fa0 R15: 00007ffde30990e8 [ 1311.292903][T30855] [ 1311.295966][T30855] Kernel Offset: disabled [ 1311.300286][T30855] Rebooting in 86400 seconds..