last executing test programs: 18m17.601242798s ago: executing program 1 (id=4286): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a00"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f2, 0x24) 18m16.259142228s ago: executing program 1 (id=4296): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, &(0x7f0000000000)={{0x6, 0x7}, {0x0, 0xa2b}}, 0x0) mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) capset$auto(0x0, 0x0) adjtimex$auto(0x0) 18m15.978141784s ago: executing program 1 (id=4299): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x10fa82, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x3c8082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/bank2\x00', 0x68542, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/updelay\x00', 0x8242, 0x0) read$auto(r0, 0x0, 0xa) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 18m15.514306259s ago: executing program 1 (id=4303): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 18m15.180221317s ago: executing program 1 (id=4306): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) r2 = semctl$auto_GETPID(0x0, 0x2e3, 0xb, 0x10) pwrite64$auto(0xc8, 0x0, 0x13, 0x7) syz_open_procfs$namespace(r2, &(0x7f0000000480)='ns/pid\x00') 18m14.560796423s ago: executing program 1 (id=4311): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 18m14.058215531s ago: executing program 32 (id=4311): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12de82, 0x0) ioctl$auto(0x3, 0x40106f52, r0) 15m2.097502682s ago: executing program 0 (id=5298): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xb, 0xd, 0xfffffffd, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x88000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8926, 0x0) 15m1.131960797s ago: executing program 0 (id=5304): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x1, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x5) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x40, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x2584, 0x0) ioctl$auto(0x3, 0x40045542, r0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) 15m0.825277154s ago: executing program 0 (id=5307): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x7, 0x0) clock_nanosleep$auto(0x8, 0x1, 0x0, 0xffffffffffffffff) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0x91f5}, 0x800000001, &(0x7f0000001080)={&(0x7f00000010c0)="837c43558323d5db424689e7e6cb5c40ad091e4374c10000000025", 0x1ffffffff}, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4040ae79, r1) 14m59.934107433s ago: executing program 0 (id=5309): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) sysfs$auto(0x2, 0x2, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) 14m59.274376458s ago: executing program 0 (id=5313): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 14m58.990922761s ago: executing program 0 (id=5316): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff010}}) write$auto(r1, 0x0, 0x6) 14m43.776274771s ago: executing program 33 (id=5316): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xfffff010}}) write$auto(r1, 0x0, 0x6) 22.82350589s ago: executing program 2 (id=8151): r0 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r0, 0x0, 0x0) 22.689694099s ago: executing program 2 (id=8153): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iostats\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x2) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) kill$auto(0x0, 0x11) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fanotify_mark$auto(r1, 0x4, 0x4, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) syslog$auto_SYSLOG_ACTION_CLEAR(0x9, &(0x7f0000000040)='/dev/input/event2\x00', 0x4) memfd_create$auto(0x0, 0xe) shmctl$auto_IPC_SET(0x8, 0x1, &(0x7f00000000c0)={{0x1ff, 0xee00, 0xee01, 0xe, 0x2, 0x2, 0x3}, 0x4, 0x7, 0x2, 0x6, @raw=0x7, @raw=0x7fff, 0x7, 0x0, &(0x7f0000000180)="126d289da8d3b217a0f1779dd34170dda041017970990579761b076012962b196b874a7cbd589af88c8122b51b13b49f780885337c7ce1ef8723a12cf409fc3ee743a7f0dcfd7d42d8dc03bb488f8de24b1108bd160be8268d97d496d5886c76cb951c5dfae47b43ac806ff37563471c5a69e4903b2b17e57a12a3d56b844000c608a568440d905c9f4d969f4fb37bd99e7ebb1fed3747dc254d2000724a7972ed39b0c091ddc60734183cd3470b58f37e8e4b0bc95935786c84469f94952d9c97d1e80cf1177aef402918ec4bf9f3b0", &(0x7f0000000080)="4fc0a77e5cb9b9ed1319ed152b180a0183a745647de1ebf26ecbc95dc56eda89"}) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) pkey_free$auto(0xfffffffd) 19.811825524s ago: executing program 2 (id=8169): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) sysfs$auto(0x2, 0x2, 0x0) fsopen$auto(0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr4/broadcast\x00', 0x400, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx2\x00', 0x202041, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) socketpair$auto(0xb, 0xc, 0x1000, 0x0) semctl$auto(0x1000, 0x10, 0x3, 0x5) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 19.57158475s ago: executing program 2 (id=8171): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 16.571059828s ago: executing program 2 (id=8180): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000024c0)="a458f4e5e5f4bcc7fad26fd67f02b7cd05e6589800c28ef8f8202c09b2638f3653c6ed3b849812627a484d93e7ca38bb6c75b1d0f95ba576d7f2aba7a6e17d8a748fa2c2b65445121fdb006e371bc9da60cdd2378cf6a100a75f14aee91714b49cf0714f88fa5e59aae9bcf9c237ad19523f31da1c288cdf62813dd7d4d35f4f653b02ee9be0d662a5b8c4b2abd40ce043cd48819ea9eaa38e675e316b30542f9931634b3a830a7b54d420ab67826dddb406fed3bed2b77ecb0a7d4e2af6b59bab4910255fc1c235940b6f7f253131c3cd2ac263c02923997e0d75105d0d2cf679ea39a73b46233a7ae8e3bbfb0d80046e233f9d8c5560fe1c960668ebcbe0f83692592c77c17cd13221d12f7101576ebed9672885ab88780d1e19fac43722706ec0ba321cbad1a4655b89cf162edf24d1fefcae46d1249c3454cec842f32115775e6874e5cd7ded5dd35826f4cd5305cb3ef22976a7038ab5b6c2f47ab885ca72fac9790238d313859fab15b48ac55d1f572eedc5696e7699164709ec83e685df236a03296471157171e45fc876d86da156922a730e921b1db59737aa99d3c340400112561338a371d1046b32398ad4d770d08435561793bb629ea9c546540c8f54fed75b9e2e96a93bbbe986a8f4979193d7542319a3420287a1ac0a39444fc1abbf0a42bcff5cfa283d15f6c6e299a21abb3a375b3e1ddbb02e6159c9457952209b24c1bf943c54670ae8c2e47f56c96fddee1f2e1632fabde9bcd0bf1ae29eaa6cd2eba33477d8c8731f44173d7c9f6671a951d3e53e696f8f9879f9a974f7e2966e75142cda07e655b6d2eabea316f895785acf3bc931bf224e07110af85ec024d81e326efd5d258d42f731858bb0cb93c93b9030cb34b2a95e7844c018230d92b285d8cbe8bee6a92fd4243e53fa90f4635ecfdb49081d198b4146014cfc4419497fb921b2f61e23ce527374349012778e08f814df03867fee8247ee26c549c0597f94afc17d785b61e1725fa64bc12f1affe87e9117e71290bce5f75ad394817234f97c49fbc63a4d811719871c0a2d5db42d5f8ec45959a8464af57cca0566f6bd41d693f1fb5c96e4c6a6f97f50f459f7793e6046d1b535de78802b9fd9953dafe263ab3d693c0fee0283e70c610e2cfc0e3cb3854dd9d02d700eb666d80dadef740e5f274c2a8ba5fafe1898378022c3d51249710e4f4081b3e2f53670250d3ad7a06eeb02ee94505f7fc8d2c5e9a984a6ab7c1b761f517919a2f44c6bfeaf840c359627be82c08c5769921720bbd883aa74003d8dafec23f539b6b26205d931dcbd381c61430e58954ccd8bef6e8ff18243d769b9139e86d83ee72e5a8c7ac6dc0c997faf9b347947a40e7ef33686c2ee0b49d7c58148e4c8f73fcab6c5597f71feef03fc47db06955299b166bff481c71499fe92fde4e754db5ac71e1c8471ecd1d15fc9c48ce2d01fcdec9b8a9c4cd5d591f590a521dd39d3354e7e2750f7260fe89c02bb3bddd30f11be772eb95752246632df16474832514493cb6c50e8fc6b37dbc263cf970f0ab0d1221245082e91e90f55ad8354eb735038335b42e2571267b07cf71225010aab65145e443b50099b2bd4bfbf546a411e733e97d54db91e84448f966469b796425bbd144f83694b9e05b756fbba36cc6075ad8f30edb0847be6934482d6e19950af47db60a96ca5eef83faf4a1f628daa8dafc78cc2607fa0fcf6fc0ad00c64efb2c223c70bf7a8414c290d13793a5fc81b10a5bb5e8dd7ca2f81f5556d231bf2cfbf1923285aba060c1c88882107e14fddcaaf3eaea37a0bb7216050585c886b6c3fad247d85ccd458dfb746d3d0f6e517adf50a31fc96530950f186943de01ff77d98273875b727cfaf927820d52ee3a63fea63b2d39b1f2c6c2d985e62b96e4ec129207e488a2f91356ba91a8d8bd5b63718d087dfc183e56ceb924afae5f3a12d8c53bb21b8593965b1d68aa52ca985fa510d279ffc470468e3aec2d7524d80826a94e48a6ca4d11e5fc3d5776efc1a696b04c391c872eb2f42fcf6b84e6498f5d0520600f9f68a36d3c535b9d7cfc1d45415374adb90f1e6d300a99f2b5f6f77594c336ddc9b171c4875247201b05ab171a7d4418dcfffcee9996be2cd77e9d7e92965d28e1458df6d184ba7d9cd55d5994a00e692d7674f2ae01d6dd56c3e4b5aa1c0f27ae4c4cbbfe7289743b7c5f9ba7300891f4c83f414318e77de74d84d33b7f83c456e198b99d64e8b7caad5bcd618993764bb24178a990d736edf4965346c2ac76c99b22a5114ec39bc818d6a469b0d4f1aeaf955c14d7a3a5b787141d465a55d71b6138a8dc8cb1d303371c97d8479cb09545bf4a08fa99ab7ea21b3b3a95f4b052e261baf2be0131ce619ecd352904fc2486735edf6d2df283f1e2dae7432557bd8c899b397e769088797f337b3aa1867a9728148f9c63f643ce41f19906640e50764b1a6286beabe9f9e074ca60552f1212aad80b22cbbb45c6e6f00f51020df928756caa3cf374342257807d6daea4e74a79c6144fae4f78915303542b7a5d48a17179a4a43ab18631b06d81c01409277dac0d58ff48c86f679e9c0c56aa8ca6c7591078d6bee3ff9857e099145cf0775ef0ee006f9697e4c69efe0ff72543d70d8ac9faba1eec24ba9f9a3e30fa5d324ba137aaa7175a529c13a8fc321d92472c9b19c941e701f7225664b05613cb07b0705112105ab3c28b00af1b6f930f3d903ee6cc164d77d5d2a0b16667cfb6b329b53b30d8d9a826ba7430d519b1b7f537ed2df08845eb5df7737fe3554f3d96144b42bfd92cc5daab42446f3d46272a00f2457d39ef3e9ea37362d402f6287ea6f485f68ffbe383e21089c313171f6c33f8a7055299ab7cfc5d974c487d992cac1ca53c05c1e9bdb38f6ca0ed6d4e0d8ab7b6197fdd1b4b95e6a466c8d9336c571ea1743e96e0b88da75520b8adddcaa932336fa02f63ce1a7eb909507f778ca3b5f2a736f396528d06ea86f63d3e45f545d262cadd337d321023ae0e5052ba4c0028dbd19765b0097039a64d58a8998ef7afba341b42d6b227cad8f4c4025a766dee22a0cfde5f8c0581d4442a7aac906a0db5fad825611e487228aed5eec17f08d887a34d2b7c6c25f77412ee9941d5dec68a0464a1b0fd6eede1aa1b50579a93f205943dfd626204b9ca493c5aaececd17df71ac200cf7331a8bfbeddb6cd95b0b3016e56de0a9eeadf8d8c3591ae061e743f7c1ca4522bf55b2d80f3ba5df92d81433552dad6fd744ea71903b15a6374613b2a64a533cf6fa974273e7e5359f47428d7620d98d877faadad739a9a761713832ea70da990271b575e7cff075714d563b5b752ab50a7e1a1b5e689ff210503faabb37b8aa1d845825ab2488cfcb6a22010a55c4c045745f186ba8f42bc5a4dd06831da770670209ba568016459c50aef30c8aba754e341183817ad9b386e6b4e194cf66b76c9ea6313491d99d7e7a6d5c92bcec000c58794de2acfc4c490392a68f61e60bf664287e7020e4f30d897d916eb73dd4965b100f3c528cf2a46d43fca6351fc8c6c50fee04340b1f2fdf382a257eab0d964e7a2f0b1b7b9bc017117d8ebb40816b5515c88f7682c02b92b01d9fe884c963846f64800463830d83605a2ea32510dfbaaa29af264f60e8f72f307880f595715637dd799de8d77b0c7131bc04d44ce06b82a0f355e09e3d580124167e62fb12c584dc9553f3f91c86afffe6d871784c56c687b48b14bc974c65f18468eb3806be71c563a8af3075e4d9ff2c55ebab74ac4d384bc7f012dd39e373f74bab4ec597caa798112958890c00de56da95293e578490fb0e1e8fa63e1db877e75c7da1e394e37f8a971f7fe1354a800fff0c23aa66d990acf8fc7524d52a0c4f7b66459cb1811719afec92b7bd88e43569559f7f5fd41196c8ead0c70e13cb05b1155aab093a58b0d4652ce5ca005f868cf38fbefd401ddc9a747447ca6ea90b277688ef780461d14c5186b5a724cf50e5e3a7453e7ac4e79f07851317ae57911529daaa03d6745df50c78b868cb60757828b00d5215b8d67733e2ab1366afacbec2fae934460a1e364275715fc2fe5b911240d59d94084b3386d130c9f52d844858bd36c866b2ca215c02aaff1c4be7a5d2329e00e5ad58de3e87c862402ff5d3632b1f871461f57f6194057ccde4d1d4adc08b0da2778896aa95ef376c53818fafa74872e2f99af03edfe5e8d8e030816a01fa193007f84a627991f24f9054d0347082c2c27294d8bea1422b5847a3bfd2684f5708013d6f3c4d41baca139ebab799b0f2d15eeb4a5fd195b892d331bd1db3f0ec4ddc225e52ef8a326ccd4b86995bf90ceffd0a18d37806ee49d09f072ddab15df82556c459daf45705ebfd358c4eb7547add41da3364d90fcdd36759ebfeda88080a7f6d24ebb0e29e3a1b830e773a2c6d312472375b0428a221e03e2a1810a1c3cc8cde61e5359eefbb7324f4a6b04a2da87bce311a319ae8a842a518135750779d022b1a5321eb779d318d17387a7b7a739620594b090a2e550442c3debdc07a7a5283acc99539834c47ccf7635557a3066b81b32135df2e34c509dbf66dc0276e1e57977b45d77d41db78981883cf8ce8a738c04753911e957bf044e0bdbb1e9a72a7b5f884b61293e2f2756a32f6ef292a95e8484e101194a8c7e90f1e41fddf7d6af09dff5e308a2fbf5f0158d45bc87341ce3414c4b26cbc47ba43b2c2ad9ce6068df85d30fa994bf55cca9c327501c5335711988d3b4b5552c4fb9e9b6601a63cbb0a72ecdac3848ca4870814e0b8dee48a0ab5b14224c71f12cd648a3a39cba8e68f1562c1ad4966b7099015039518de65178c6a5e409166cc49d53b0f053773535421dfe289bd7c7fc2172dd4c5820ea3d2bbfd5bfd056a4d249a803440eada02f46e6fb9db13c74dad1303ca88b0a5091e196837eedd6a1dcd00e95fee39f252e3fb3afcb28d1db702bec482f19f7a5a327a522354e7bdbb3619697cd5c6e5b098b9a3c11478ef2b6467d22d0409e43bcb6552aaf47890c30077e56e77bfc53bc77fba63a324586f3172014b98dfac4ad686c83e611b89b1591a88dc4402d5cb60366455174cf0b84d0685454265a4a7d023b588ae491e6dac119433b2610170a8dc52a0c9f60cec85fe7fea415bf61e50c315b00c70a240a56345e1030731c4144d128e8dab606b1bda54874452af20ed7d6f3350b477417857884a6a6972b9696e92464b762da5739e400850df7ad82c63efb359d3a96b5a4a2f385432b6fa54c54a37678013d1774107b168b32225172d1081aa093def6e5ed6c05767128a4ebd0913ab03d200de072e81dbbc7b0c947ee3e34f6795211e632651852cb9cd7c2de1ef54d20ef625a193ed13061030c9a2e7f8c5674cbde924e25c8f97b6add0f4f89ef2b16ff418581aebd9f962f671a6adff28acf04edd01a96f69e0671780bdf40a19e9a3a235289771738cd32d1ef14509d11781d17608251fb7fa1b9d3c8646497ba0ce8890a2f0bd6e485959ceb8edf74981ef1c0ad7fc4f67bc4c941daef39fefbbdfa39979cf0e6454d565e8e90f8f4ac565a42dde87e16d4ad0977e1e67f88f560131ddaacc8a1f9db08441e6a9ddabae4b19441ef451ae9d9a854b193eb337d68830637f3ae81738bcc1a016077efe7692e146018b417d1199a14a79eecdcb00b0477f83627be935cc3a16a90b59b501d02be6091623c94f0fcf3e74616da0bbd767384c47fbe393c08c896979eef4cf1", 0xfff) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x929, 0x4001, 0x7, 0x5, 0x100717e, 0x3, 0x7, 0x6, 0x7ff, 0xfffffffe, 0x80000001, 0x4, 0x200000000001, 0x1, 0xfffffffffffffffb, 0x8, 0x0, 0x2, 0x2, 0x864, 0xe, 0x22000, 0x200, 0x4, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, [0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffff4f3, 0x0, 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffffc]}, 0xa, 0xd) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) write$auto_proc_clear_refs_operations_internal(r0, &(0x7f0000000000)="73d6cc4fdf406742386dd72ff1428a506f5cd946a3", 0x15) ioctl$auto__ctl_fops_dm_ioctl(r2, 0xfffffff7effffd01, &(0x7f00000001c0)) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r3 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r3, 0xffffffffffdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0x40086200, 0x38) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_SET(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000004800)={0x1c, r5, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x40044) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop12\x00', 0x20e80, 0x0) 15.218432729s ago: executing program 2 (id=8184): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 6.305803259s ago: executing program 4 (id=8206): socket(0x27, 0x2, 0x1fbffffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x801, 0x84) fcntl$auto_F_GETFD(r0, 0x1, 0xffffffff) io_uring_setup$auto(0x4, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS1\x00', 0x101e81, 0x0) epoll_create$auto(0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = getpid() r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x8802, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000080)={0x1, 0x7, 0x9, 0x4, 0x1}) process_vm_readv$auto(r2, &(0x7f00000001c0)={0x0, 0xfff}, 0x3, &(0x7f0000000280)={&(0x7f0000000100)="6c4bc022f1a924305022a30137693a982a453ee9ff2946c55588f6e6", 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x5, 0x105, 0xc, 0xb, 0x800, 0xffffffffffffffff, 0x5, "d81ddef9d4e6d312212bab98f4060bd8", 0x0, 0xffffffffffffffff, 0x7fffffff, 0xa991, 0x7, 0x8001}, 0x7) epoll_create$auto(0x3e) r4 = epoll_create$auto(0x8800001) epoll_ctl$auto(r4, 0x1, r1, 0x0) 5.428705504s ago: executing program 4 (id=8208): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 4.651998459s ago: executing program 4 (id=8211): capget$auto(0x0, 0xfffffffffffffffe) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x6, 0x100000020009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vivid.0/video4linux/video62/name\x00', 0x100, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) close_range$auto(0x2, r1, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) madvise$auto(0x8d, 0x81, 0x5) 3.710551021s ago: executing program 3 (id=8214): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(0xffffffffffffffff, 0x0, 0x2) getrlimit$auto(0x3, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x1102, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x238100, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) init_module$auto(0x0, 0xffff9, 0x0) socket(0x2, 0x80802, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/kexec_crash_size\x00', 0x102, 0x0) pread64$auto(r0, 0x0, 0x3ff, 0x9) 3.512344636s ago: executing program 5 (id=8215): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 3.076243757s ago: executing program 3 (id=8216): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mq_open$auto(0x0, 0xffffffff, 0xa, 0x0) setuid$auto(0xe) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010337bd7000ffdbdf25100000000c00018008"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x80000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) mq_unlink$auto(0x0) 2.873818203s ago: executing program 4 (id=8217): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0182, 0x0) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x10000ffff}, 0x1) r0 = open(&(0x7f0000000800)='./file0\x00', 0xa2240, 0x154) fcntl$auto(r0, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x170) unshare$auto(0x40000080) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x6, 0x1001ff000) prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) connect$auto(0x3, 0x0, 0x54) socket(0x2b, 0x1, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd13/trace/pid\x00', 0x62142, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, 0x0, 0x10) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 2.301378633s ago: executing program 5 (id=8218): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 2.25059151s ago: executing program 3 (id=8219): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x4000000008000) r0 = socket(0x1d, 0x2, 0x2) bpf$auto(0xfffffffb, &(0x7f0000000000)=@info={r0, 0x7, 0x4}, 0x8) r1 = socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x3, 0x29, 0x2d, 0x0, 0x88) close_range$auto(r1, 0xfffffffffffff000, 0x4000000000002) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) 1.906466691s ago: executing program 5 (id=8220): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 1.586757104s ago: executing program 4 (id=8221): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) close_range$auto(0x0, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr4/broadcast\x00', 0x400, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx2\x00', 0x202041, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) socketpair$auto(0xb, 0xc, 0x1000, 0x0) semctl$auto(0x1000, 0x10, 0x3, 0x5) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) 1.361161528s ago: executing program 3 (id=8222): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r0 = io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) read$auto_stats_fops_(r0, &(0x7f0000000840)=""/4096, 0x1000) write$auto(0xffffffffffffffff, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(r0, &(0x7f0000000280)="e7c2da8ba23469d9b78d2e257333bedaec957355b8c2c4c78f4a98e7180a2dfeddb935038a6350c625940925fc61f1b8b51df8f60e61c078ff39654003ba", 0x3e) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) r1 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r1, &(0x7f0000000400)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000440)="661b0cbd4a", 0x49}, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) listen$auto(r1, 0xff) 1.260037764s ago: executing program 4 (id=8223): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) fstatfs$auto(0xffffffffffffffff, &(0x7f0000000140)={0x8001, 0x100000000000, 0x1, 0x9, 0x5d, 0x2, 0x75, {[0x80000000]}, 0x0, 0x7ff, 0x68a6, [0x5, 0x8, 0x5, 0x4]}) statmount$auto(0x0, &(0x7f0000000380)={0x4, 0xfffffffd, 0x9, 0x3, 0x16, 0x4, 0x5, 0x3, 0x800000000000006, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x3, 0xb414, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffffffe, [0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff], "c4cbb7ab40a4d6220aa6d6ea4305f533c9e9bee6fcfc61722ccb678e0e2cba7194bc385b26d84c96723400de3b5aacff44f65a10b6c36a9a55945d88270da0f18327ed7c66498ace94f97e799732311e069e26edbb6db1b0ddede50878458b27f5e2fb6581"}, 0x200, 0x81) sysfs$auto(0x2, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xe) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x11f, 0x0, 0xfffffffffffffffd) sendfile$auto(0x3, 0xffffffffffffffff, 0x0, 0x400000000006) socket(0x18, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x202, 0x0) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb2, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x81004000000008dd, 0x1000000eb1, r1, 0x0) 1.052910787s ago: executing program 3 (id=8224): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000200)=' ') unshare$auto(0x40000080) r3 = getpid() r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000001c0), r2) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)={0x128, r4, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x4}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x4}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x8001}, @NFC_ATTR_VENDOR_DATA={0xeb, 0x1f, "10d13f8694b45338b37eb37a6be63b3241b32357da3910617c64e17b0af696a44405959d79adf208b01fc87d6a3f2c643deff46ccc501f3cd06fd7c2788642647d433a2fe91ea771ccf43a3b9e6df4047f9d345177b54cada1635f4e5a508e948b61dea47867c18e3e1094a300b979bb77f0808ca21c763cf581d97ac29972920e10ab18a64e6f16c12f6e3ebeada1909fc1f8191dae6a48e67ea51ca7a8717fc349064e3b7c618b54b3396ebf7a87db72d3cc52c0aea138f1272a80915958c6121d51da7a320340f4482fc397064ce1fe15082bcdf23edc006be8c79fac7115563d9e8ca56b96"}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x8000}]}, 0x128}}, 0x4004010) process_vm_readv$auto(r3, 0x0, 0x1, 0x0, 0x6, 0x0) getsockopt$auto(r0, 0x84, 0x7c, 0x0, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r5, 0x0, 0x100000a3d9) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x18b000, 0x0) 873.132143ms ago: executing program 5 (id=8225): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(0xffffffffffffffff, 0x0, 0x2) getrlimit$auto(0x3, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x1102, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x238100, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) init_module$auto(0x0, 0xffff9, 0x0) socket(0x2, 0x80802, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/kexec_crash_size\x00', 0x102, 0x0) pread64$auto(r0, 0x0, 0x3ff, 0x9) 465.184526ms ago: executing program 5 (id=8226): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyu7\x00', 0x103040, 0x0) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, r0, 0x8000) mmap$auto(0xffffffffffffff82, 0x20000a00004, 0x400002, 0x15, 0x602, 0x5) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x96141, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0x80100, 0x0) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(0x0, r2) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000140)=""/122, 0x7a) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) fsetxattr$auto(0x1, 0x0, 0x0, 0x4, 0x6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) 132.60336ms ago: executing program 5 (id=8227): socket(0x18, 0x3, 0x2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, 0x0, 0x58) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) 80.890017ms ago: executing program 34 (id=8184): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) socket(0xa, 0x2, 0x3a) write$auto_proc_uid_map_operations_base(r1, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 0s ago: executing program 3 (id=8229): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r1, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000100)="000004") read$auto_v4l2_fops_v4l2_dev(r0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x60) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_BTF_LOAD(0x12, 0x0, 0x1905) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x202, 0x0) r2 = socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_supply_map_fops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv$auto(0x3, 0x0, 0x3, 0x10000, 0x10) write$auto(0x3, 0x0, 0xfffffdf1) sendmsg$auto_NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, 0x0, 0x2002c055) kernel console output (not intermixed with test programs): 0][T25921] [ 1407.481511][ T29] audit: type=1326 audit(4294967312.180:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25916 comm="syz.3.6977" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f653cd9c799 code=0x0 [ 1407.780320][T25937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6982'. [ 1407.822145][T25937] netlink: 'syz.2.6982': attribute type 1 has an invalid length. [ 1407.872389][T25937] netlink: 'syz.2.6982': attribute type 6 has an invalid length. [ 1409.595577][T25949] zswap: compressor not available [ 1411.672064][T25962] bridge0: port 3(team0) entered blocking state [ 1411.798453][T25962] bridge0: port 3(team0) entered disabled state [ 1412.075251][T25962] team0: entered allmulticast mode [ 1412.080406][T25962] team_slave_0: entered allmulticast mode [ 1412.423790][T25962] team_slave_1: entered allmulticast mode [ 1412.664288][T25962] team0: entered promiscuous mode [ 1412.850660][T25962] team_slave_0: entered promiscuous mode [ 1412.966650][T25962] team_slave_1: entered promiscuous mode [ 1414.758763][T25996] netlink: 246 bytes leftover after parsing attributes in process `syz.2.6999'. [ 1418.634885][T26029] Setting dangerous option i915.mitigations - tainting kernel [ 1419.988966][T25946] delete_channel: no stack [ 1421.542719][T26063] netlink: 13 bytes leftover after parsing attributes in process `syz.4.7019'. [ 1421.766038][T26064] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7018'. [ 1421.939248][T26067] netlink: 86 bytes leftover after parsing attributes in process `syz.4.7020'. [ 1423.201944][T26081] netlink: 186 bytes leftover after parsing attributes in process `syz.3.7025'. [ 1423.485053][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.493104][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.968664][T26085] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7026'. [ 1424.063853][T26085] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7026'. [ 1424.159908][T26085] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7026'. [ 1424.303618][T26085] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7026'. [ 1424.372512][T26085] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7026'. [ 1424.442438][T26085] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7026'. [ 1426.330216][T26103] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1426.592694][T26109] __nla_validate_parse: 10 callbacks suppressed [ 1426.592713][T26109] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7034'. [ 1428.050750][T26124] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7039'. [ 1428.136345][T26124] netlink: 25 bytes leftover after parsing attributes in process `syz.5.7039'. [ 1428.608993][T26126] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7040'. [ 1428.690664][T26126] netlink: 354 bytes leftover after parsing attributes in process `syz.5.7040'. [ 1429.144619][T26134] netlink: 246 bytes leftover after parsing attributes in process `syz.5.7043'. [ 1429.749014][T26142] FAULT_INJECTION: forcing a failure. [ 1429.749014][T26142] name failslab, interval 1, probability 0, space 0, times 0 [ 1429.861025][T26142] CPU: 0 UID: 0 PID: 26142 Comm: syz.3.7046 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1429.861063][T26142] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1429.861070][T26142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1429.861080][T26142] Call Trace: [ 1429.861086][T26142] [ 1429.861093][T26142] dump_stack_lvl+0x100/0x190 [ 1429.861122][T26142] should_fail_ex.cold+0x5/0xa [ 1429.861143][T26142] should_failslab+0xc2/0x120 [ 1429.861160][T26142] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1429.861182][T26142] ? ptlock_alloc+0x1f/0x70 [ 1429.861205][T26142] ptlock_alloc+0x1f/0x70 [ 1429.861227][T26142] pte_alloc_one+0x82/0x3d0 [ 1429.861245][T26142] do_fault+0x88e/0x1990 [ 1429.861261][T26142] ? __pmd_alloc+0x3fb/0x950 [ 1429.861281][T26142] __handle_mm_fault+0x180f/0x2b60 [ 1429.861305][T26142] ? mt_find+0x45e/0x8e0 [ 1429.861327][T26142] ? __pfx___handle_mm_fault+0x10/0x10 [ 1429.861346][T26142] ? __pfx_mt_find+0x10/0x10 [ 1429.861376][T26142] ? find_vma+0xbf/0x140 [ 1429.861390][T26142] ? __pfx_find_vma+0x10/0x10 [ 1429.861407][T26142] handle_mm_fault+0x36d/0xa20 [ 1429.861431][T26142] do_user_addr_fault+0x74c/0x12f0 [ 1429.861459][T26142] exc_page_fault+0x6f/0xd0 [ 1429.861478][T26142] asm_exc_page_fault+0x26/0x30 [ 1429.861494][T26142] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 1429.861517][T26142] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 1429.861531][T26142] RSP: 0018:ffffc900041c7b78 EFLAGS: 00050212 [ 1429.861544][T26142] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000022 [ 1429.861554][T26142] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900041c7bd8 [ 1429.861564][T26142] RBP: 0000000000000022 R08: 0000000000000001 R09: fffff52000838f7f [ 1429.861574][T26142] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 1429.861582][T26142] R13: ffffc900041c7bd8 R14: ffffc900041c7ca0 R15: ffffc900041c7bd8 [ 1429.861603][T26142] _copy_from_user+0x98/0xd0 [ 1429.861621][T26142] kstrtouint_from_user+0xd6/0x1d0 [ 1429.861641][T26142] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1429.861659][T26142] ? __lock_acquire+0x4a5/0x2630 [ 1429.861680][T26142] ? lock_acquire+0x1cf/0x380 [ 1429.861703][T26142] proc_fail_nth_write+0x83/0x220 [ 1429.861722][T26142] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1429.861747][T26142] vfs_write+0x2aa/0x1070 [ 1429.861770][T26142] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1429.861791][T26142] ? __pfx_vfs_write+0x10/0x10 [ 1429.861813][T26142] ? __fget_files+0x215/0x3d0 [ 1429.861832][T26142] ? __fget_files+0x21f/0x3d0 [ 1429.861852][T26142] ksys_write+0x12a/0x250 [ 1429.861865][T26142] ? __pfx_ksys_write+0x10/0x10 [ 1429.861885][T26142] do_syscall_64+0x106/0xf80 [ 1429.861903][T26142] ? clear_bhb_loop+0x40/0x90 [ 1429.861921][T26142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1429.861937][T26142] RIP: 0033:0x7f653cd9c799 [ 1429.861951][T26142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1429.861965][T26142] RSP: 002b:00007f653dd1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1429.861978][T26142] RAX: ffffffffffffffda RBX: 00007f653d015fa0 RCX: 00007f653cd9c799 [ 1429.861989][T26142] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1429.861997][T26142] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1429.862006][T26142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1429.862015][T26142] R13: 00007f653d016038 R14: 00007f653d015fa0 R15: 00007ffe07fc1bf8 [ 1429.862042][T26142] [ 1432.912955][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.023115][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.085267][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.163040][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.263893][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.349609][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.448339][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.534685][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1433.552852][T26183] netlink: 186 bytes leftover after parsing attributes in process `syz.5.7058'. [ 1433.731955][T26170] netlink: 62 bytes leftover after parsing attributes in process `syz.3.7055'. [ 1434.188369][T26189] FAULT_INJECTION: forcing a failure. [ 1434.188369][T26189] name failslab, interval 1, probability 0, space 0, times 0 [ 1434.467759][T26189] CPU: 0 UID: 0 PID: 26189 Comm: syz.2.7060 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1434.467790][T26189] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1434.467797][T26189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1434.467807][T26189] Call Trace: [ 1434.467813][T26189] [ 1434.467820][T26189] dump_stack_lvl+0x100/0x190 [ 1434.467847][T26189] should_fail_ex.cold+0x5/0xa [ 1434.467867][T26189] should_failslab+0xc2/0x120 [ 1434.467883][T26189] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1434.467907][T26189] ? __alloc_skb+0x140/0x710 [ 1434.467929][T26189] __alloc_skb+0x140/0x710 [ 1434.467946][T26189] ? __alloc_skb+0x5b7/0x710 [ 1434.467962][T26189] ? __pfx___alloc_skb+0x10/0x10 [ 1434.467982][T26189] ? sk_page_frag_refill+0x6c/0x340 [ 1434.468008][T26189] kcm_sendmsg+0x1154/0x32e0 [ 1434.468039][T26189] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1434.468057][T26189] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1434.468082][T26189] sock_sendmsg+0x35b/0x3d0 [ 1434.468104][T26189] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1434.468120][T26189] ? __pfx_sock_sendmsg+0x10/0x10 [ 1434.468154][T26189] splice_to_socket+0xb4c/0x11b0 [ 1434.468169][T26189] ? touch_atime+0xa5/0x7a0 [ 1434.468198][T26189] ? __pfx_splice_to_socket+0x10/0x10 [ 1434.468236][T26189] ? trace_kmalloc+0x101/0x130 [ 1434.468252][T26189] ? lockdep_init_map_type+0x5c/0x250 [ 1434.468272][T26189] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1434.468296][T26189] ? __pfx_splice_to_socket+0x10/0x10 [ 1434.468313][T26189] direct_splice_actor+0x192/0x6c0 [ 1434.468339][T26189] splice_direct_to_actor+0x345/0xa30 [ 1434.468356][T26189] ? __pfx_direct_splice_actor+0x10/0x10 [ 1434.468383][T26189] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1434.468405][T26189] do_splice_direct+0x174/0x240 [ 1434.468420][T26189] ? __pfx_do_splice_direct+0x10/0x10 [ 1434.468436][T26189] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1434.468460][T26189] ? bpf_lsm_file_permission+0x9/0x10 [ 1434.468492][T26189] ? security_file_permission+0x76/0x210 [ 1434.468509][T26189] ? rw_verify_area+0xce/0x6d0 [ 1434.468533][T26189] do_sendfile+0xadc/0xe20 [ 1434.468560][T26189] ? __pfx_do_sendfile+0x10/0x10 [ 1434.468585][T26189] ? __x64_sys_futex+0x34f/0x4d0 [ 1434.468603][T26189] ? __x64_sys_futex+0x358/0x4d0 [ 1434.468624][T26189] __x64_sys_sendfile64+0x1d8/0x220 [ 1434.468642][T26189] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1434.468665][T26189] do_syscall_64+0x106/0xf80 [ 1434.468683][T26189] ? clear_bhb_loop+0x40/0x90 [ 1434.468702][T26189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1434.468718][T26189] RIP: 0033:0x7f4c0959c799 [ 1434.468733][T26189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1434.468748][T26189] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1434.468764][T26189] RAX: ffffffffffffffda RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1434.468775][T26189] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1434.468787][T26189] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1434.468797][T26189] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 1434.468806][T26189] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1434.468827][T26189] [ 1435.691665][T26205] FAULT_INJECTION: forcing a failure. [ 1435.691665][T26205] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1435.881523][T26205] CPU: 0 UID: 0 PID: 26205 Comm: syz.5.7064 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1435.881553][T26205] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1435.881559][T26205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1435.881569][T26205] Call Trace: [ 1435.881575][T26205] [ 1435.881582][T26205] dump_stack_lvl+0x100/0x190 [ 1435.881611][T26205] should_fail_ex.cold+0x5/0xa [ 1435.881630][T26205] get_futex_key+0x1d2/0x1620 [ 1435.881650][T26205] ? __pfx_get_futex_key+0x10/0x10 [ 1435.881675][T26205] futex_wake+0xea/0x530 [ 1435.881698][T26205] ? __pfx_futex_wake+0x10/0x10 [ 1435.881722][T26205] ? putname+0xb1/0x110 [ 1435.881737][T26205] ? kmem_cache_free+0x124/0x6a0 [ 1435.881761][T26205] do_futex+0x32b/0x350 [ 1435.881780][T26205] ? __pfx_do_futex+0x10/0x10 [ 1435.881797][T26205] ? __pfx_do_sys_openat2+0x10/0x10 [ 1435.881822][T26205] __x64_sys_futex+0x34f/0x4d0 [ 1435.881841][T26205] ? __x64_sys_openat+0x12d/0x210 [ 1435.881860][T26205] ? __pfx___x64_sys_futex+0x10/0x10 [ 1435.881887][T26205] do_syscall_64+0x106/0xf80 [ 1435.881905][T26205] ? clear_bhb_loop+0x40/0x90 [ 1435.881924][T26205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.881941][T26205] RIP: 0033:0x7f553d99c799 [ 1435.881955][T26205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1435.881970][T26205] RSP: 002b:00007f553e7aa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1435.881986][T26205] RAX: ffffffffffffffda RBX: 00007f553dc16098 RCX: 00007f553d99c799 [ 1435.881996][T26205] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f553dc1609c [ 1435.882006][T26205] RBP: 00007f553dc16090 R08: 0000000000000000 R09: 0000000000000000 [ 1435.882015][T26205] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 1435.882024][T26205] R13: 00007f553dc16128 R14: 00007fff4a36f2f0 R15: 00007fff4a36f3d8 [ 1435.882044][T26205] [ 1438.207530][T26216] __nla_validate_parse: 16 callbacks suppressed [ 1438.207548][T26216] netlink: 252 bytes leftover after parsing attributes in process `syz.4.7069'. [ 1438.366269][T26216] netlink: 252 bytes leftover after parsing attributes in process `syz.4.7069'. [ 1438.504553][T26223] FAULT_INJECTION: forcing a failure. [ 1438.504553][T26223] name failslab, interval 1, probability 0, space 0, times 0 [ 1438.624471][T26223] CPU: 0 UID: 0 PID: 26223 Comm: syz.5.7071 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1438.624502][T26223] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1438.624508][T26223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1438.624517][T26223] Call Trace: [ 1438.624523][T26223] [ 1438.624530][T26223] dump_stack_lvl+0x100/0x190 [ 1438.624558][T26223] should_fail_ex.cold+0x5/0xa [ 1438.624577][T26223] should_failslab+0xc2/0x120 [ 1438.624594][T26223] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1438.624614][T26223] ? tomoyo_write_log2+0x333/0xbc0 [ 1438.624636][T26223] tomoyo_write_log2+0x333/0xbc0 [ 1438.624662][T26223] tomoyo_supervisor+0x15e/0x1340 [ 1438.624687][T26223] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1438.624717][T26223] ? kasan_quarantine_put+0x104/0x240 [ 1438.624742][T26223] ? tomoyo_check_path_acl+0x141/0x210 [ 1438.624767][T26223] ? tomoyo_check_acl+0x1f7/0x410 [ 1438.624790][T26223] tomoyo_path_permission+0x270/0x3b0 [ 1438.624815][T26223] tomoyo_check_open_permission+0x34d/0x3c0 [ 1438.624840][T26223] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1438.624881][T26223] ? lock_acquire+0x1cf/0x380 [ 1438.624900][T26223] ? find_held_lock+0x2b/0x80 [ 1438.624918][T26223] tomoyo_file_open+0x6b/0x90 [ 1438.624938][T26223] security_file_open+0xb5/0x1e0 [ 1438.624955][T26223] do_dentry_open+0x5aa/0x1660 [ 1438.624976][T26223] vfs_open+0x82/0x3f0 [ 1438.624997][T26223] path_openat+0x208c/0x31a0 [ 1438.625019][T26223] ? __pfx_path_openat+0x10/0x10 [ 1438.625041][T26223] do_file_open+0x20e/0x430 [ 1438.625058][T26223] ? __pfx_do_file_open+0x10/0x10 [ 1438.625087][T26223] ? alloc_fd+0x476/0x790 [ 1438.625110][T26223] ? do_getname+0x191/0x390 [ 1438.625131][T26223] do_sys_openat2+0x10d/0x1e0 [ 1438.625151][T26223] ? __pfx_do_sys_openat2+0x10/0x10 [ 1438.625178][T26223] __x64_sys_openat+0x12d/0x210 [ 1438.625199][T26223] ? __pfx___x64_sys_openat+0x10/0x10 [ 1438.625227][T26223] do_syscall_64+0x106/0xf80 [ 1438.625246][T26223] ? clear_bhb_loop+0x40/0x90 [ 1438.625265][T26223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1438.625281][T26223] RIP: 0033:0x7f553d99c799 [ 1438.625295][T26223] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1438.625310][T26223] RSP: 002b:00007f553e7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1438.625326][T26223] RAX: ffffffffffffffda RBX: 00007f553dc15fa0 RCX: 00007f553d99c799 [ 1438.625337][T26223] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1438.625348][T26223] RBP: 00007f553da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1438.625357][T26223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1438.625367][T26223] R13: 00007f553dc16038 R14: 00007f553dc15fa0 R15: 00007fff4a36f3d8 [ 1438.625388][T26223] [ 1439.620524][T26233] sg_write: data in/out 262169/4198358 bytes for SCSI command 0x0-- guessing data in; [ 1439.620524][T26233] program syz.2.7075 not setting count and/or reply_len properly [ 1439.704329][T26233] program syz.2.7075 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1440.153130][T26249] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7079'. [ 1440.187329][T26246] openvswitch: HfR: Dropping previously announced user features [ 1440.209442][T26249] HfR: left promiscuous mode [ 1440.324472][T26248] netlink: 'syz.5.7078': attribute type 4 has an invalid length. [ 1440.465191][T26248] netlink: 'syz.5.7078': attribute type 5 has an invalid length. [ 1440.621751][T26248] netlink: 10 bytes leftover after parsing attributes in process `syz.5.7078'. [ 1441.612663][T26257] netlink: 330 bytes leftover after parsing attributes in process `syz.5.7081'. [ 1442.991403][T26272] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7087'. [ 1444.679996][T17986] Bluetooth: hci5: unexpected event 0x3e length: 726 > 260 [ 1444.680022][T17986] Bluetooth: hci5: unexpected subevent 0x0d length: 725 > 260 [ 1444.696562][T17986] Bluetooth: hci5: Unknown advertising packet type: 0x7f [ 1444.696606][T17986] Bluetooth: hci5: adv larger than maximum supported [ 1444.704771][T17986] Bluetooth: hci5: adv larger than maximum supported [ 1444.714094][T17986] Bluetooth: hci5: Malformed LE Event: 0x0d [ 1446.305585][T26308] FAULT_INJECTION: forcing a failure. [ 1446.305585][T26308] name failslab, interval 1, probability 0, space 0, times 0 [ 1446.560214][T26308] CPU: 0 UID: 0 PID: 26308 Comm: syz.5.7096 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1446.560244][T26308] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1446.560250][T26308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1446.560260][T26308] Call Trace: [ 1446.560266][T26308] [ 1446.560273][T26308] dump_stack_lvl+0x100/0x190 [ 1446.560300][T26308] should_fail_ex.cold+0x5/0xa [ 1446.560320][T26308] should_failslab+0xc2/0x120 [ 1446.560337][T26308] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1446.560358][T26308] ? init_srcu_struct_fields+0x9a2/0xe30 [ 1446.560382][T26308] init_srcu_struct_fields+0x9a2/0xe30 [ 1446.560403][T26308] blk_mq_alloc_tag_set+0x3cc/0x1330 [ 1446.560498][T26308] ? idr_alloc+0xdd/0x130 [ 1446.560516][T26308] ? __pfx_idr_alloc+0x10/0x10 [ 1446.560539][T26308] loop_add+0x3b7/0xb60 [ 1446.560558][T26308] ? __pfx_loop_add+0x10/0x10 [ 1446.560586][T26308] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1446.560613][T26308] loop_control_ioctl+0xae/0x620 [ 1446.560632][T26308] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1446.560650][T26308] ? xfd_validate_state+0x129/0x190 [ 1446.560673][T26308] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1446.560692][T26308] __x64_sys_ioctl+0x18e/0x210 [ 1446.560715][T26308] do_syscall_64+0x106/0xf80 [ 1446.560732][T26308] ? clear_bhb_loop+0x40/0x90 [ 1446.560751][T26308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1446.560767][T26308] RIP: 0033:0x7f553d99c799 [ 1446.560781][T26308] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1446.560797][T26308] RSP: 002b:00007f553e7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1446.560812][T26308] RAX: ffffffffffffffda RBX: 00007f553dc15fa0 RCX: 00007f553d99c799 [ 1446.560823][T26308] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 1446.560833][T26308] RBP: 00007f553da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1446.560842][T26308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1446.560852][T26308] R13: 00007f553dc16038 R14: 00007f553dc15fa0 R15: 00007fff4a36f3d8 [ 1446.560873][T26308] [ 1449.157449][T26330] netlink: 330 bytes leftover after parsing attributes in process `syz.3.7102'. [ 1449.274543][T26330] netlink: 330 bytes leftover after parsing attributes in process `syz.3.7102'. [ 1450.142267][T26343] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 [ 1450.222224][T26344] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7107'. [ 1450.339729][ T5179] ERROR: Out of memory at tomoyo_memory_ok. [ 1450.523107][T26344] i: entered promiscuous mode [ 1450.691576][T26340] HfR: entered promiscuous mode [ 1451.734610][T26352] netlink: 354 bytes leftover after parsing attributes in process `syz.2.7109'. [ 1453.370124][T26374] netlink: 9 bytes leftover after parsing attributes in process `syz.2.7115'. [ 1454.048269][T26383] netlink: 504 bytes leftover after parsing attributes in process `syz.4.7118'. [ 1454.286248][T26385] netlink: 350 bytes leftover after parsing attributes in process `syz.4.7118'. [ 1454.875458][T26390] netlink: 326 bytes leftover after parsing attributes in process `syz.5.7120'. [ 1457.773158][T26420] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7129'. [ 1457.812247][T26422] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7130'. [ 1457.866196][T26420] netlink: 'syz.5.7129': attribute type 1 has an invalid length. [ 1457.932592][T26420] netlink: 5 bytes leftover after parsing attributes in process `syz.5.7129'. [ 1458.018599][T26422] team0 (unregistering): Port device team_slave_0 removed [ 1458.122437][T26422] team0 (unregistering): Port device team_slave_1 removed [ 1458.405839][T26426] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7131'. [ 1458.484236][T26426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1458.549026][T26426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1459.164624][T26438] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7136'. [ 1463.860892][T26495] FAULT_INJECTION: forcing a failure. [ 1463.860892][T26495] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.001946][T26495] CPU: 0 UID: 0 PID: 26495 Comm: syz.2.7151 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1464.001976][T26495] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1464.001983][T26495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1464.001993][T26495] Call Trace: [ 1464.001999][T26495] [ 1464.002006][T26495] dump_stack_lvl+0x100/0x190 [ 1464.002037][T26495] should_fail_ex.cold+0x5/0xa [ 1464.002058][T26495] should_failslab+0xc2/0x120 [ 1464.002076][T26495] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1464.002096][T26495] ? kvm_set_irq_routing+0x24f/0x960 [ 1464.002148][T26495] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1464.002178][T26495] kvm_set_irq_routing+0x24f/0x960 [ 1464.002208][T26495] kvm_arch_vm_ioctl+0xf08/0x18d0 [ 1464.002238][T26495] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 1464.002257][T26495] ? find_held_lock+0x2b/0x80 [ 1464.002272][T26495] ? is_bpf_text_address+0x8a/0x1a0 [ 1464.002295][T26495] ? is_bpf_text_address+0x8a/0x1a0 [ 1464.002317][T26495] ? bpf_ksym_find+0x124/0x1c0 [ 1464.002343][T26495] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1464.002363][T26495] ? is_bpf_text_address+0x94/0x1a0 [ 1464.002385][T26495] ? kernel_text_address+0x8d/0x100 [ 1464.002409][T26495] ? __kernel_text_address+0xd/0x30 [ 1464.002432][T26495] ? unwind_get_return_address+0x59/0xa0 [ 1464.002449][T26495] ? arch_stack_walk+0xa6/0xf0 [ 1464.002466][T26495] ? __lock_acquire+0x4a5/0x2630 [ 1464.002488][T26495] ? __lock_acquire+0x4a5/0x2630 [ 1464.002518][T26495] ? is_bpf_text_address+0x8a/0x1a0 [ 1464.002540][T26495] ? bpf_ksym_find+0x124/0x1c0 [ 1464.002557][T26495] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1464.002574][T26495] ? is_bpf_text_address+0x94/0x1a0 [ 1464.002595][T26495] ? kernel_text_address+0x8d/0x100 [ 1464.002617][T26495] ? __kernel_text_address+0xd/0x30 [ 1464.002637][T26495] ? unwind_get_return_address+0x59/0xa0 [ 1464.002653][T26495] ? arch_stack_walk+0xa6/0xf0 [ 1464.002674][T26495] ? tomoyo_path_number_perm+0x46d/0x580 [ 1464.002699][T26495] ? stack_trace_save+0x8e/0xc0 [ 1464.002714][T26495] ? __pfx_stack_trace_save+0x10/0x10 [ 1464.002729][T26495] ? stack_depot_save_flags+0x27/0x9d0 [ 1464.002747][T26495] ? __lock_acquire+0x4a5/0x2630 [ 1464.002766][T26495] ? tomoyo_path_number_perm+0x46d/0x580 [ 1464.002789][T26495] ? kasan_save_stack+0x3f/0x50 [ 1464.002811][T26495] ? kasan_save_stack+0x30/0x50 [ 1464.002831][T26495] ? kasan_save_track+0x14/0x30 [ 1464.002851][T26495] ? kasan_save_free_info+0x3b/0x70 [ 1464.002869][T26495] ? __kasan_slab_free+0x5f/0x80 [ 1464.002886][T26495] kvm_vm_ioctl+0x1564/0x4080 [ 1464.002909][T26495] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1464.002935][T26495] ? tomoyo_path_number_perm+0x46d/0x580 [ 1464.002959][T26495] ? kasan_quarantine_put+0x104/0x240 [ 1464.002981][T26495] ? lockdep_hardirqs_on+0x78/0x100 [ 1464.003003][T26495] ? find_held_lock+0x2b/0x80 [ 1464.003016][T26495] ? tomoyo_path_number_perm+0x28f/0x580 [ 1464.003039][T26495] ? tomoyo_path_number_perm+0x28f/0x580 [ 1464.003066][T26495] ? tomoyo_path_number_perm+0x188/0x580 [ 1464.003091][T26495] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1464.003113][T26495] ? futex_wait+0x125/0x380 [ 1464.003140][T26495] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1464.003165][T26495] ? do_vfs_ioctl+0x226/0x13e0 [ 1464.003188][T26495] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1464.003213][T26495] ? find_held_lock+0x2b/0x80 [ 1464.003227][T26495] ? __fget_files+0x215/0x3d0 [ 1464.003240][T26495] ? hook_file_ioctl_common+0x146/0x410 [ 1464.003268][T26495] ? __fget_files+0x21f/0x3d0 [ 1464.003300][T26495] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1464.003319][T26495] __x64_sys_ioctl+0x18e/0x210 [ 1464.003347][T26495] do_syscall_64+0x106/0xf80 [ 1464.003366][T26495] ? clear_bhb_loop+0x40/0x90 [ 1464.003386][T26495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.003403][T26495] RIP: 0033:0x7f4c0959c799 [ 1464.003418][T26495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1464.003433][T26495] RSP: 002b:00007f4c0a4f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1464.003448][T26495] RAX: ffffffffffffffda RBX: 00007f4c09816090 RCX: 00007f4c0959c799 [ 1464.003459][T26495] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 1464.003469][T26495] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1464.003479][T26495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1464.003488][T26495] R13: 00007f4c09816128 R14: 00007f4c09816090 R15: 00007ffcd3454258 [ 1464.003509][T26495] [ 1465.595805][T26501] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7154'. [ 1468.717709][T26538] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7162'. [ 1468.873810][T26538] vlan1: entered promiscuous mode [ 1468.914913][T26538] vlan1: entered allmulticast mode [ 1470.744991][T26557] FAULT_INJECTION: forcing a failure. [ 1470.744991][T26557] name failslab, interval 1, probability 0, space 0, times 0 [ 1470.855840][T26557] CPU: 0 UID: 0 PID: 26557 Comm: syz.3.7167 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1470.855871][T26557] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1470.855878][T26557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1470.855892][T26557] Call Trace: [ 1470.855899][T26557] [ 1470.855905][T26557] dump_stack_lvl+0x100/0x190 [ 1470.855943][T26557] should_fail_ex.cold+0x5/0xa [ 1470.855963][T26557] should_failslab+0xc2/0x120 [ 1470.855980][T26557] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1470.856001][T26557] ? security_file_alloc+0x34/0x2c0 [ 1470.856019][T26557] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1470.856038][T26557] security_file_alloc+0x34/0x2c0 [ 1470.856054][T26557] init_file+0x95/0x480 [ 1470.856073][T26557] alloc_empty_file+0x73/0x1c0 [ 1470.856092][T26557] alloc_file_pseudo+0x13a/0x230 [ 1470.856111][T26557] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1470.856130][T26557] ? _raw_spin_unlock+0x28/0x50 [ 1470.856149][T26557] ? alloc_fd+0x476/0x790 [ 1470.856166][T26557] __anon_inode_getfile+0xe8/0x280 [ 1470.856186][T26557] __anon_inode_getfd+0x5c/0xe0 [ 1470.856206][T26557] do_inotify_init+0x483/0x5e0 [ 1470.856227][T26557] __x64_sys_inotify_init1+0x30/0x40 [ 1470.856247][T26557] do_syscall_64+0x106/0xf80 [ 1470.856264][T26557] ? clear_bhb_loop+0x40/0x90 [ 1470.856283][T26557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.856299][T26557] RIP: 0033:0x7f653cd9c799 [ 1470.856315][T26557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1470.856330][T26557] RSP: 002b:00007f653dd1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 1470.856345][T26557] RAX: ffffffffffffffda RBX: 00007f653d015fa0 RCX: 00007f653cd9c799 [ 1470.856356][T26557] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 1470.856366][T26557] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1470.856376][T26557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1470.856385][T26557] R13: 00007f653d016038 R14: 00007f653d015fa0 R15: 00007ffe07fc1bf8 [ 1470.856405][T26557] [ 1472.342111][T26569] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7170'. [ 1474.356441][T26587] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7175'. [ 1474.728088][T26587] bridge_slave_1: left allmulticast mode [ 1474.941498][T26587] bridge_slave_1: left promiscuous mode [ 1475.044803][T26587] bridge0: port 2(bridge_slave_1) entered disabled state [ 1475.210144][T26587] bridge_slave_0: left allmulticast mode [ 1475.320323][T26587] bridge_slave_0: left promiscuous mode [ 1475.445738][T26587] bridge0: port 1(bridge_slave_0) entered disabled state [ 1477.973392][T26622] netlink: 2468 bytes leftover after parsing attributes in process `syz.4.7186'. [ 1480.778076][T26646] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7192'. [ 1480.934342][T26646] vlan1: entered promiscuous mode [ 1480.975086][T26646] vlan1: entered allmulticast mode [ 1484.204723][T26687] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7205'. [ 1484.250784][T26678] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1484.321462][T26678] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1484.431399][T26678] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1484.606637][T26678] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1484.708888][T26678] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1484.925047][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.931600][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.281434][T17986] Bluetooth: hci1: command 0x0406 tx timeout [ 1486.362792][T17986] Bluetooth: hci3: command 0x0406 tx timeout [ 1486.441993][T17986] Bluetooth: hci4: command 0x0419 tx timeout [ 1486.682180][T17986] Bluetooth: hci5: command 0x0406 tx timeout [ 1486.982533][T26717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7211'. [ 1487.083085][T26717] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7211'. [ 1487.483869][T26721] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7212'. [ 1488.762953][T17986] Bluetooth: hci5: command 0x0406 tx timeout [ 1488.863082][T26734] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7215'. [ 1489.369488][T26739] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7217'. [ 1489.517196][T17986] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 1490.050524][T26742] FAULT_INJECTION: forcing a failure. [ 1490.050524][T26742] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1490.192376][T26742] CPU: 0 UID: 0 PID: 26742 Comm: syz.3.7219 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1490.192406][T26742] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1490.192413][T26742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1490.192422][T26742] Call Trace: [ 1490.192428][T26742] [ 1490.192436][T26742] dump_stack_lvl+0x100/0x190 [ 1490.192465][T26742] should_fail_ex.cold+0x5/0xa [ 1490.192481][T26742] ? prepare_alloc_pages+0x16d/0x5f0 [ 1490.192500][T26742] should_fail_alloc_page+0xeb/0x140 [ 1490.192517][T26742] prepare_alloc_pages+0x1f0/0x5f0 [ 1490.192537][T26742] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1490.192564][T26742] ? stack_trace_save+0x8e/0xc0 [ 1490.192579][T26742] ? __pfx_stack_trace_save+0x10/0x10 [ 1490.192594][T26742] ? stack_depot_save_flags+0x27/0x9d0 [ 1490.192611][T26742] ? find_held_lock+0x2b/0x80 [ 1490.192626][T26742] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1490.192648][T26742] ? kasan_save_stack+0x3f/0x50 [ 1490.192669][T26742] ? kasan_save_stack+0x30/0x50 [ 1490.192690][T26742] ? kasan_save_track+0x14/0x30 [ 1490.192712][T26742] ? system_heap_allocate+0xeb/0x1170 [ 1490.192820][T26742] ? __x64_sys_ioctl+0x18e/0x210 [ 1490.192841][T26742] ? do_syscall_64+0x106/0xf80 [ 1490.192859][T26742] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1490.192885][T26742] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1490.192910][T26742] ? policy_nodemask+0xed/0x4f0 [ 1490.192927][T26742] alloc_pages_mpol+0x1fb/0x550 [ 1490.192944][T26742] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1490.192961][T26742] ? lockdep_init_map_type+0x5c/0x250 [ 1490.192984][T26742] alloc_pages_noprof+0x131/0x390 [ 1490.193001][T26742] system_heap_allocate+0x2d2/0x1170 [ 1490.193027][T26742] ? __pfx_system_heap_allocate+0x10/0x10 [ 1490.193054][T26742] ? rep_movs_alternative+0x4a/0x90 [ 1490.193080][T26742] dma_heap_ioctl+0x37f/0x5e0 [ 1490.193101][T26742] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1490.193122][T26742] ? find_held_lock+0x2b/0x80 [ 1490.193145][T26742] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1490.193165][T26742] __x64_sys_ioctl+0x18e/0x210 [ 1490.193195][T26742] do_syscall_64+0x106/0xf80 [ 1490.193213][T26742] ? clear_bhb_loop+0x40/0x90 [ 1490.193233][T26742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1490.193249][T26742] RIP: 0033:0x7f653cd9c799 [ 1490.193264][T26742] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1490.193279][T26742] RSP: 002b:00007f653dd1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1490.193295][T26742] RAX: ffffffffffffffda RBX: 00007f653d015fa0 RCX: 00007f653cd9c799 [ 1490.193305][T26742] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000007 [ 1490.193315][T26742] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1490.193325][T26742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1490.193334][T26742] R13: 00007f653d016038 R14: 00007f653d015fa0 R15: 00007ffe07fc1bf8 [ 1490.193355][T26742] [ 1491.626225][T26750] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7222'. [ 1493.131446][T26766] netlink: 252 bytes leftover after parsing attributes in process `syz.3.7227'. [ 1493.264134][T26766] netlink: 252 bytes leftover after parsing attributes in process `syz.3.7227'. [ 1496.376732][T26800] FAULT_INJECTION: forcing a failure. [ 1496.376732][T26800] name failslab, interval 1, probability 0, space 0, times 0 [ 1496.488489][T26800] CPU: 0 UID: 0 PID: 26800 Comm: syz.3.7235 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1496.488518][T26800] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1496.488525][T26800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1496.488535][T26800] Call Trace: [ 1496.488540][T26800] [ 1496.488547][T26800] dump_stack_lvl+0x100/0x190 [ 1496.488575][T26800] should_fail_ex.cold+0x5/0xa [ 1496.488594][T26800] should_failslab+0xc2/0x120 [ 1496.488612][T26800] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1496.488636][T26800] ? __alloc_skb+0x140/0x710 [ 1496.488659][T26800] __alloc_skb+0x140/0x710 [ 1496.488675][T26800] ? __alloc_skb+0x5b7/0x710 [ 1496.488691][T26800] ? __pfx___alloc_skb+0x10/0x10 [ 1496.488711][T26800] ? sk_page_frag_refill+0x6c/0x340 [ 1496.488737][T26800] kcm_sendmsg+0x1154/0x32e0 [ 1496.488768][T26800] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1496.488786][T26800] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1496.488811][T26800] sock_sendmsg+0x35b/0x3d0 [ 1496.488833][T26800] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1496.488849][T26800] ? __pfx_sock_sendmsg+0x10/0x10 [ 1496.488884][T26800] splice_to_socket+0xb4c/0x11b0 [ 1496.488899][T26800] ? touch_atime+0xa5/0x7a0 [ 1496.488928][T26800] ? __pfx_splice_to_socket+0x10/0x10 [ 1496.488977][T26800] ? trace_kmalloc+0x101/0x130 [ 1496.489001][T26800] ? lockdep_init_map_type+0x5c/0x250 [ 1496.489024][T26800] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1496.489049][T26800] ? __pfx_splice_to_socket+0x10/0x10 [ 1496.489066][T26800] direct_splice_actor+0x192/0x6c0 [ 1496.489094][T26800] splice_direct_to_actor+0x345/0xa30 [ 1496.489110][T26800] ? __pfx_direct_splice_actor+0x10/0x10 [ 1496.489140][T26800] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1496.489165][T26800] do_splice_direct+0x174/0x240 [ 1496.489181][T26800] ? __pfx_do_splice_direct+0x10/0x10 [ 1496.489197][T26800] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1496.489222][T26800] ? bpf_lsm_file_permission+0x9/0x10 [ 1496.489248][T26800] ? security_file_permission+0x76/0x210 [ 1496.489265][T26800] ? rw_verify_area+0xce/0x6d0 [ 1496.489288][T26800] do_sendfile+0xadc/0xe20 [ 1496.489314][T26800] ? __pfx_do_sendfile+0x10/0x10 [ 1496.489339][T26800] ? __x64_sys_futex+0x34f/0x4d0 [ 1496.489358][T26800] ? __x64_sys_futex+0x358/0x4d0 [ 1496.489378][T26800] __x64_sys_sendfile64+0x1d8/0x220 [ 1496.489396][T26800] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1496.489420][T26800] do_syscall_64+0x106/0xf80 [ 1496.489438][T26800] ? clear_bhb_loop+0x40/0x90 [ 1496.489457][T26800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.489473][T26800] RIP: 0033:0x7f653cd9c799 [ 1496.489492][T26800] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1496.489507][T26800] RSP: 002b:00007f653dd1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1496.489523][T26800] RAX: ffffffffffffffda RBX: 00007f653d015fa0 RCX: 00007f653cd9c799 [ 1496.489534][T26800] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1496.489543][T26800] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1496.489553][T26800] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 1496.489563][T26800] R13: 00007f653d016038 R14: 00007f653d015fa0 R15: 00007ffe07fc1bf8 [ 1496.489584][T26800] [ 1497.989280][T26813] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.044640][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.233040][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.322297][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.433501][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.461798][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.590225][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.648136][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.686145][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1498.776412][T26816] netlink: 62 bytes leftover after parsing attributes in process `syz.5.7239'. [ 1499.005012][T26829] FAULT_INJECTION: forcing a failure. [ 1499.005012][T26829] name failslab, interval 1, probability 0, space 0, times 0 [ 1499.240884][T26829] CPU: 0 UID: 0 PID: 26829 Comm: syz.2.7242 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1499.240914][T26829] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1499.240920][T26829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1499.240929][T26829] Call Trace: [ 1499.240935][T26829] [ 1499.240942][T26829] dump_stack_lvl+0x100/0x190 [ 1499.240970][T26829] should_fail_ex.cold+0x5/0xa [ 1499.240989][T26829] ? usb_hcd_submit_urb+0x601/0x2150 [ 1499.241084][T26829] should_failslab+0xc2/0x120 [ 1499.241102][T26829] __kmalloc_noprof+0xe0/0x850 [ 1499.241124][T26829] ? mark_held_locks+0x40/0x70 [ 1499.241146][T26829] usb_hcd_submit_urb+0x601/0x2150 [ 1499.241177][T26829] usb_submit_urb+0x8aa/0x1910 [ 1499.241196][T26829] ? __init_swait_queue_head+0xca/0x150 [ 1499.241227][T26829] usb_start_wait_urb+0x106/0x4c0 [ 1499.241246][T26829] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 1499.241269][T26829] ? __asan_memset+0x23/0x50 [ 1499.241294][T26829] usb_control_msg+0x326/0x4a0 [ 1499.241311][T26829] ? __pfx_usb_control_msg+0x10/0x10 [ 1499.241327][T26829] ? kernfs_find_and_get_ns+0x5f/0x70 [ 1499.241355][T26829] usb_hub_set_port_power+0x125/0x180 [ 1499.241377][T26829] disable_store+0x2eb/0x450 [ 1499.241424][T26829] ? __pfx_disable_store+0x10/0x10 [ 1499.241444][T26829] ? find_held_lock+0x2b/0x80 [ 1499.241458][T26829] ? sysfs_file_kobj+0xe4/0x290 [ 1499.241475][T26829] ? sysfs_file_kobj+0xe4/0x290 [ 1499.241495][T26829] ? __pfx_disable_store+0x10/0x10 [ 1499.241513][T26829] dev_attr_store+0x58/0x80 [ 1499.241538][T26829] ? __pfx_dev_attr_store+0x10/0x10 [ 1499.241561][T26829] sysfs_kf_write+0xf2/0x150 [ 1499.241580][T26829] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1499.241596][T26829] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1499.241615][T26829] vfs_write+0x6ac/0x1070 [ 1499.241639][T26829] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1499.241657][T26829] ? __pfx_vfs_write+0x10/0x10 [ 1499.241692][T26829] ksys_write+0x12a/0x250 [ 1499.241706][T26829] ? __pfx_ksys_write+0x10/0x10 [ 1499.241725][T26829] do_syscall_64+0x106/0xf80 [ 1499.241744][T26829] ? clear_bhb_loop+0x40/0x90 [ 1499.241763][T26829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1499.241779][T26829] RIP: 0033:0x7f4c0959c799 [ 1499.241793][T26829] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1499.241808][T26829] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1499.241826][T26829] RAX: ffffffffffffffda RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1499.241838][T26829] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1499.241847][T26829] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1499.241856][T26829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1499.241865][T26829] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1499.241885][T26829] [ 1500.404190][T26835] FAULT_INJECTION: forcing a failure. [ 1500.404190][T26835] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1500.432755][T26835] CPU: 0 UID: 0 PID: 26835 Comm: syz.5.7244 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1500.432782][T26835] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1500.432789][T26835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1500.432798][T26835] Call Trace: [ 1500.432804][T26835] [ 1500.432810][T26835] dump_stack_lvl+0x100/0x190 [ 1500.432837][T26835] should_fail_ex.cold+0x5/0xa [ 1500.432856][T26835] get_futex_key+0x1d2/0x1620 [ 1500.432877][T26835] ? __pfx_get_futex_key+0x10/0x10 [ 1500.432893][T26835] ? lock_acquire+0x1cf/0x380 [ 1500.432918][T26835] futex_wake+0xea/0x530 [ 1500.432942][T26835] ? __pfx_futex_wake+0x10/0x10 [ 1500.432963][T26835] ? exit_mm_release+0x19/0x30 [ 1500.432987][T26835] do_futex+0x32b/0x350 [ 1500.433006][T26835] ? __pfx_do_futex+0x10/0x10 [ 1500.433024][T26835] ? __might_fault+0xc5/0x140 [ 1500.433050][T26835] mm_release+0x24a/0x2f0 [ 1500.433065][T26835] do_exit+0x704/0x2b60 [ 1500.433087][T26835] ? __pfx_do_exit+0x10/0x10 [ 1500.433106][T26835] ? do_raw_spin_lock+0x128/0x260 [ 1500.433126][T26835] ? find_held_lock+0x2b/0x80 [ 1500.433140][T26835] ? get_signal+0x7e0/0x21e0 [ 1500.433157][T26835] do_group_exit+0xd5/0x2a0 [ 1500.433178][T26835] get_signal+0x1ec7/0x21e0 [ 1500.433198][T26835] ? __free_frozen_pages+0x884/0x10d0 [ 1500.433218][T26835] ? __pfx_get_signal+0x10/0x10 [ 1500.433234][T26835] ? do_futex+0x192/0x350 [ 1500.433255][T26835] arch_do_signal_or_restart+0x91/0x770 [ 1500.433274][T26835] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1500.433294][T26835] ? find_held_lock+0x2b/0x80 [ 1500.433307][T26835] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1500.433331][T26835] ? __pfx___x64_sys_futex+0x10/0x10 [ 1500.433354][T26835] exit_to_user_mode_loop+0x86/0x4a0 [ 1500.433376][T26835] do_syscall_64+0x668/0xf80 [ 1500.433395][T26835] ? clear_bhb_loop+0x40/0x90 [ 1500.433413][T26835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1500.433428][T26835] RIP: 0033:0x7f553d99c799 [ 1500.433442][T26835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1500.433457][T26835] RSP: 002b:00007f553e7aa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1500.433472][T26835] RAX: fffffffffffffe00 RBX: 00007f553dc16098 RCX: 00007f553d99c799 [ 1500.433482][T26835] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f553dc16098 [ 1500.433491][T26835] RBP: 00007f553dc16090 R08: 0000000000000000 R09: 0000000000000000 [ 1500.433500][T26835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1500.433509][T26835] R13: 00007f553dc16128 R14: 00007fff4a36f2f0 R15: 00007fff4a36f3d8 [ 1500.433535][T26835] [ 1505.212260][T26892] __nla_validate_parse: 9 callbacks suppressed [ 1505.212277][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.381429][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.455179][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.539566][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.624143][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.699196][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.769906][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.847438][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1505.950579][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1506.121093][T26892] netlink: 62 bytes leftover after parsing attributes in process `syz.4.7258'. [ 1506.666131][ T29] audit: type=1326 audit(2147483714.450:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26902 comm="syz.4.7262" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1659d9c799 code=0x0 [ 1506.954824][T26899] zswap: compressor not available [ 1514.390872][T26991] Setting dangerous option i915.mitigations - tainting kernel [ 1516.298962][T27011] FAULT_INJECTION: forcing a failure. [ 1516.298962][T27011] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1516.446724][T27011] CPU: 0 UID: 0 PID: 27011 Comm: syz.2.7289 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1516.446753][T27011] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1516.446760][T27011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1516.446770][T27011] Call Trace: [ 1516.446776][T27011] [ 1516.446783][T27011] dump_stack_lvl+0x100/0x190 [ 1516.446813][T27011] should_fail_ex.cold+0x5/0xa [ 1516.446830][T27011] ? __kernel_text_address+0xd/0x30 [ 1516.446854][T27011] get_futex_key+0x1d2/0x1620 [ 1516.446875][T27011] ? __pfx_get_futex_key+0x10/0x10 [ 1516.446894][T27011] ? putname+0xb1/0x110 [ 1516.446910][T27011] ? stack_trace_save+0x8e/0xc0 [ 1516.446924][T27011] ? __pfx_stack_trace_save+0x10/0x10 [ 1516.446941][T27011] futex_wait_setup+0x83/0x510 [ 1516.446968][T27011] __futex_wait+0x19f/0x300 [ 1516.446999][T27011] ? __pfx___futex_wait+0x10/0x10 [ 1516.447024][T27011] ? __pfx_futex_wake_mark+0x10/0x10 [ 1516.447050][T27011] ? futex_hash+0x2c5/0x380 [ 1516.447073][T27011] futex_wait+0xed/0x380 [ 1516.447097][T27011] ? __pfx_futex_wait+0x10/0x10 [ 1516.447123][T27011] ? putname+0xb1/0x110 [ 1516.447137][T27011] ? kmem_cache_free+0x124/0x6a0 [ 1516.447161][T27011] do_futex+0x1ef/0x350 [ 1516.447180][T27011] ? __pfx_do_futex+0x10/0x10 [ 1516.447197][T27011] ? __pfx_do_sys_openat2+0x10/0x10 [ 1516.447222][T27011] __x64_sys_futex+0x34f/0x4d0 [ 1516.447242][T27011] ? __x64_sys_openat+0x12d/0x210 [ 1516.447261][T27011] ? __pfx___x64_sys_futex+0x10/0x10 [ 1516.447287][T27011] do_syscall_64+0x106/0xf80 [ 1516.447305][T27011] ? clear_bhb_loop+0x40/0x90 [ 1516.447323][T27011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1516.447339][T27011] RIP: 0033:0x7f4c0959c799 [ 1516.447353][T27011] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1516.447368][T27011] RSP: 002b:00007f4c0a4f80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1516.447383][T27011] RAX: ffffffffffffffda RBX: 00007f4c09816098 RCX: 00007f4c0959c799 [ 1516.447393][T27011] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4c09816098 [ 1516.447403][T27011] RBP: 00007f4c09816090 R08: 0000000000000000 R09: 0000000000000000 [ 1516.447413][T27011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1516.447422][T27011] R13: 00007f4c09816128 R14: 00007ffcd3454170 R15: 00007ffcd3454258 [ 1516.447443][T27011] [ 1518.990418][T27028] __nla_validate_parse: 7 callbacks suppressed [ 1518.990435][T27028] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7292'. [ 1519.153669][T27028] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1519.203661][T27028] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1519.292093][T27028] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1519.355239][T27028] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1520.457781][T17986] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 1520.457808][T17986] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 1520.473881][T17986] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 1520.473903][T17986] Bluetooth: hci1: adv larger than maximum supported [ 1520.480965][T17986] Bluetooth: hci1: adv larger than maximum supported [ 1520.487947][T17986] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1521.470970][T17986] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 1521.470997][T17986] Bluetooth: hci4: unexpected subevent 0x0d length: 725 > 260 [ 1521.489872][T17986] Bluetooth: hci4: Unknown advertising packet type: 0x7f [ 1521.489924][T17986] Bluetooth: hci4: adv larger than maximum supported [ 1521.499239][T17986] Bluetooth: hci4: adv larger than maximum supported [ 1521.506867][T17986] Bluetooth: hci4: Malformed LE Event: 0x0d [ 1521.865193][T27046] zswap: compressor not available [ 1533.291637][T27145] FAULT_INJECTION: forcing a failure. [ 1533.291637][T27145] name failslab, interval 1, probability 0, space 0, times 0 [ 1533.414052][T27145] CPU: 0 UID: 0 PID: 27145 Comm: syz.2.7321 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1533.414081][T27145] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1533.414087][T27145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1533.414098][T27145] Call Trace: [ 1533.414103][T27145] [ 1533.414110][T27145] dump_stack_lvl+0x100/0x190 [ 1533.414174][T27145] should_fail_ex.cold+0x5/0xa [ 1533.414206][T27145] should_failslab+0xc2/0x120 [ 1533.414236][T27145] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1533.414272][T27145] ? security_file_alloc+0x34/0x2c0 [ 1533.414303][T27145] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1533.414324][T27145] security_file_alloc+0x34/0x2c0 [ 1533.414341][T27145] init_file+0x95/0x480 [ 1533.414362][T27145] alloc_empty_file+0x73/0x1c0 [ 1533.414381][T27145] alloc_file_pseudo+0x13a/0x230 [ 1533.414401][T27145] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1533.414421][T27145] ? _raw_spin_unlock+0x28/0x50 [ 1533.414457][T27145] ? alloc_fd+0x476/0x790 [ 1533.414479][T27145] __anon_inode_getfile+0xe8/0x280 [ 1533.414504][T27145] __anon_inode_getfd+0x5c/0xe0 [ 1533.414525][T27145] do_inotify_init+0x483/0x5e0 [ 1533.414546][T27145] __x64_sys_inotify_init1+0x30/0x40 [ 1533.414566][T27145] do_syscall_64+0x106/0xf80 [ 1533.414584][T27145] ? clear_bhb_loop+0x40/0x90 [ 1533.414609][T27145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1533.414625][T27145] RIP: 0033:0x7f4c0959c799 [ 1533.414639][T27145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1533.414658][T27145] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 1533.414674][T27145] RAX: ffffffffffffffda RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1533.414684][T27145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 1533.414694][T27145] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1533.414705][T27145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1533.414714][T27145] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1533.414735][T27145] [ 1538.126204][T27180] syz.2.7328 (27180): /proc/27164/oom_adj is deprecated, please use /proc/27164/oom_score_adj instead. [ 1540.154485][T27192] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7339'. [ 1540.648981][T27194] zswap: compressor not available [ 1542.727490][T27224] block nbd0: shutting down sockets [ 1543.663391][T27230] netlink: 354 bytes leftover after parsing attributes in process `syz.2.7341'. [ 1543.740045][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1544.337605][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1544.917362][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1545.420643][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1546.373671][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.379988][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.561298][ T13] bridge_slave_1: left allmulticast mode [ 1546.624035][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1546.758964][ T13] bridge_slave_0: left allmulticast mode [ 1546.829232][ T13] bridge_slave_0: left promiscuous mode [ 1546.884504][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1548.111686][T27287] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7355'. [ 1548.286200][T27292] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7355'. [ 1549.931311][ T13] : left promiscuous mode [ 1552.723187][T27341] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7361'. [ 1555.537361][T27366] netlink: 306 bytes leftover after parsing attributes in process `syz.4.7367'. [ 1556.172144][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.243172][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.250713][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.362953][T27382] netlink: Unknown conntrack attr (type=257, max=9) [ 1556.401631][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.491690][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.562775][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.621491][ T29] audit: type=1326 audit(2147483764.380:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27379 comm="syz.5.7369" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f553d99c799 code=0x0 [ 1556.682217][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.760978][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1556.857619][T27377] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1557.413040][ T13] veth1_vlan: left promiscuous mode [ 1557.419580][ T13] veth0_vlan: left promiscuous mode [ 1560.788218][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1561.021590][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1563.075962][T27423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7379'. [ 1563.341381][T27427] netlink: 'syz.3.7379': attribute type 1 has an invalid length. [ 1563.491509][T27427] netlink: 'syz.3.7379': attribute type 6 has an invalid length. [ 1563.772770][T27418] netlink: 306 bytes leftover after parsing attributes in process `syz.2.7378'. [ 1564.539106][T27442] netlink: 25 bytes leftover after parsing attributes in process `syz.5.7382'. [ 1567.130476][T27460] netlink: 350 bytes leftover after parsing attributes in process `syz.4.7387'. [ 1567.561723][T17986] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1568.828036][T17986] Bluetooth: hci5: unexpected event 0x05 length: 43 > 4 [ 1569.392480][ T29] audit: type=1800 audit(2147483777.180:26): pid=27498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7393" name="dbroot" dev="configfs" ino=1001184 res=0 errno=0 [ 1570.854217][T27495] FAULT_INJECTION: forcing a failure. [ 1570.854217][T27495] name failslab, interval 1, probability 0, space 0, times 0 [ 1571.010127][T27495] CPU: 0 UID: 0 PID: 27495 Comm: syz.5.7395 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1571.010156][T27495] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1571.010164][T27495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1571.010174][T27495] Call Trace: [ 1571.010181][T27495] [ 1571.010188][T27495] dump_stack_lvl+0x100/0x190 [ 1571.010216][T27495] should_fail_ex.cold+0x5/0xa [ 1571.010236][T27495] should_failslab+0xc2/0x120 [ 1571.010253][T27495] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1571.010275][T27495] ? security_inode_alloc+0x3b/0x2c0 [ 1571.010299][T27495] ? lockdep_init_map_type+0x5c/0x250 [ 1571.010333][T27495] security_inode_alloc+0x3b/0x2c0 [ 1571.010357][T27495] inode_init_always_gfp+0xced/0x1040 [ 1571.010376][T27495] alloc_inode+0x8e/0x250 [ 1571.010397][T27495] new_inode+0x22/0x1c0 [ 1571.010418][T27495] hugetlbfs_get_inode+0x313/0x750 [ 1571.010455][T27495] hugetlb_file_setup+0x3cc/0x5b0 [ 1571.010474][T27495] newseg+0xabb/0xed0 [ 1571.010507][T27495] ? __pfx_newseg+0x10/0x10 [ 1571.010524][T27495] ? down_write+0x146/0x1f0 [ 1571.010546][T27495] ? ksys_write+0x190/0x250 [ 1571.010560][T27495] ? ksys_write+0x190/0x250 [ 1571.010576][T27495] ipcget+0xee/0xf50 [ 1571.010650][T27495] ? do_futex+0x192/0x350 [ 1571.010679][T27495] ? __pfx_do_futex+0x10/0x10 [ 1571.010702][T27495] ? __pfx_ipcget+0x10/0x10 [ 1571.010719][T27495] ? __x64_sys_futex+0x34f/0x4d0 [ 1571.010737][T27495] ? __x64_sys_futex+0x358/0x4d0 [ 1571.010759][T27495] __x64_sys_shmget+0x13b/0x1b0 [ 1571.010778][T27495] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1571.010800][T27495] do_syscall_64+0x106/0xf80 [ 1571.010830][T27495] ? clear_bhb_loop+0x40/0x90 [ 1571.010850][T27495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.010867][T27495] RIP: 0033:0x7f553d99c799 [ 1571.010882][T27495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1571.010897][T27495] RSP: 002b:00007f553e7cb028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1571.010912][T27495] RAX: ffffffffffffffda RBX: 00007f553dc15fa0 RCX: 00007f553d99c799 [ 1571.010923][T27495] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1571.010932][T27495] RBP: 00007f553da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1571.010942][T27495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1571.010952][T27495] R13: 00007f553dc16038 R14: 00007f553dc15fa0 R15: 00007fff4a36f3d8 [ 1571.010973][T27495] [ 1571.682525][T27517] futex_wake_op: syz.3.7400 tries to shift op by -2048; fix this program [ 1571.721602][T27517] futex_wake_op: syz.3.7400 tries to shift op by -2048; fix this program [ 1581.279566][ T35] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1583.988931][T27684] FAULT_INJECTION: forcing a failure. [ 1583.988931][T27684] name failslab, interval 1, probability 0, space 0, times 0 [ 1584.665882][T27684] CPU: 0 UID: 0 PID: 27684 Comm: syz.2.7437 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1584.665917][T27684] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1584.665924][T27684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1584.665935][T27684] Call Trace: [ 1584.665941][T27684] [ 1584.665947][T27684] dump_stack_lvl+0x100/0x190 [ 1584.665976][T27684] should_fail_ex.cold+0x5/0xa [ 1584.665996][T27684] should_failslab+0xc2/0x120 [ 1584.666014][T27684] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1584.666038][T27684] ? __kthread_create_on_node+0x186/0x3f0 [ 1584.666071][T27684] kvasprintf+0xbc/0x150 [ 1584.666103][T27684] ? __pfx_kvasprintf+0x10/0x10 [ 1584.666126][T27684] ? __pfx_rescuer_thread+0x10/0x10 [ 1584.666146][T27684] __kthread_create_on_node+0x186/0x3f0 [ 1584.666166][T27684] ? __pfx___kthread_create_on_node+0x10/0x10 [ 1584.666189][T27684] ? __pfx_vsnprintf+0x10/0x10 [ 1584.666214][T27684] ? __pfx_rescuer_thread+0x10/0x10 [ 1584.666236][T27684] kthread_create_on_node+0xc7/0x100 [ 1584.666254][T27684] ? __pfx_kthread_create_on_node+0x10/0x10 [ 1584.666271][T27684] ? __pfx_scnprintf+0x10/0x10 [ 1584.666298][T27684] init_rescuer+0x31b/0x540 [ 1584.666319][T27684] ? __pfx_init_rescuer+0x10/0x10 [ 1584.666343][T27684] ? wq_adjust_max_active+0x352/0x4a0 [ 1584.666366][T27684] __alloc_workqueue+0xc90/0x1880 [ 1584.666388][T27684] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1584.666407][T27684] alloc_workqueue_noprof+0xd2/0x200 [ 1584.666429][T27684] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1584.666452][T27684] ? __pfx___debug_object_init+0x10/0x10 [ 1584.666485][T27684] nci_register_device+0x394/0xb80 [ 1584.666520][T27684] ? __pfx_nci_register_device+0x10/0x10 [ 1584.666545][T27684] ? lockdep_init_map_type+0x5c/0x250 [ 1584.666569][T27684] virtual_ncidev_open+0x141/0x220 [ 1584.666607][T27684] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1584.666624][T27684] misc_open+0x26d/0x450 [ 1584.666652][T27684] ? __pfx_misc_open+0x10/0x10 [ 1584.666666][T27684] chrdev_open+0x234/0x6a0 [ 1584.666682][T27684] ? __pfx_apparmor_file_open+0x10/0x10 [ 1584.666707][T27684] ? __pfx_chrdev_open+0x10/0x10 [ 1584.666723][T27684] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1584.666745][T27684] do_dentry_open+0x6d8/0x1660 [ 1584.666759][T27684] ? __pfx_chrdev_open+0x10/0x10 [ 1584.666780][T27684] vfs_open+0x82/0x3f0 [ 1584.666802][T27684] path_openat+0x208c/0x31a0 [ 1584.666824][T27684] ? __pfx_path_openat+0x10/0x10 [ 1584.666847][T27684] do_file_open+0x20e/0x430 [ 1584.666864][T27684] ? __pfx_do_file_open+0x10/0x10 [ 1584.666894][T27684] ? alloc_fd+0x476/0x790 [ 1584.666917][T27684] ? do_getname+0x191/0x390 [ 1584.666939][T27684] do_sys_openat2+0x10d/0x1e0 [ 1584.666959][T27684] ? __pfx_do_sys_openat2+0x10/0x10 [ 1584.666986][T27684] __x64_sys_openat+0x12d/0x210 [ 1584.667007][T27684] ? __pfx___x64_sys_openat+0x10/0x10 [ 1584.667035][T27684] do_syscall_64+0x106/0xf80 [ 1584.667052][T27684] ? clear_bhb_loop+0x40/0x90 [ 1584.667071][T27684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1584.667087][T27684] RIP: 0033:0x7f4c0959c799 [ 1584.667102][T27684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1584.667117][T27684] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1584.667133][T27684] RAX: ffffffffffffffda RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1584.667144][T27684] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1584.667155][T27684] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1584.667164][T27684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1584.667174][T27684] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1584.667195][T27684] [ 1584.667218][T27684] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -ENOMEM [ 1586.995090][T27710] kexec: Could not allocate control_code_buffer [ 1588.756061][T27733] FAULT_INJECTION: forcing a failure. [ 1588.756061][T27733] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1588.964885][T27733] CPU: 0 UID: 0 PID: 27733 Comm: syz.5.7436 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1588.964915][T27733] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1588.964922][T27733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1588.964931][T27733] Call Trace: [ 1588.964937][T27733] [ 1588.964946][T27733] dump_stack_lvl+0x100/0x190 [ 1588.964975][T27733] should_fail_ex.cold+0x5/0xa [ 1588.964994][T27733] get_futex_key+0x1d2/0x1620 [ 1588.965016][T27733] ? __pfx_get_futex_key+0x10/0x10 [ 1588.965040][T27733] futex_wake+0xea/0x530 [ 1588.965064][T27733] ? __pfx_futex_wake+0x10/0x10 [ 1588.965085][T27733] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 1588.965123][T27733] do_futex+0x32b/0x350 [ 1588.965143][T27733] ? __pfx_do_futex+0x10/0x10 [ 1588.965164][T27733] ? __pfx___might_resched+0x10/0x10 [ 1588.965185][T27733] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1588.965276][T27733] __x64_sys_futex+0x34f/0x4d0 [ 1588.965297][T27733] ? __pfx_task_work_run+0x10/0x10 [ 1588.965320][T27733] ? __pfx___x64_sys_futex+0x10/0x10 [ 1588.965341][T27733] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 1588.965366][T27733] do_syscall_64+0x106/0xf80 [ 1588.965385][T27733] ? clear_bhb_loop+0x40/0x90 [ 1588.965412][T27733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1588.965429][T27733] RIP: 0033:0x7f553d99c799 [ 1588.965444][T27733] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1588.965460][T27733] RSP: 002b:00007f553e7aa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1588.965476][T27733] RAX: ffffffffffffffda RBX: 00007f553dc16098 RCX: 00007f553d99c799 [ 1588.965488][T27733] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f553dc1609c [ 1588.965498][T27733] RBP: 00007f553dc16090 R08: 0000000000000000 R09: 0000000000000000 [ 1588.965508][T27733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1588.965517][T27733] R13: 00007f553dc16128 R14: 00007fff4a36f2f0 R15: 00007fff4a36f3d8 [ 1588.965538][T27733] [ 1590.915331][T27738] ERROR: Out of memory at tomoyo_memory_ok. [ 1593.556459][T27761] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7446'. [ 1593.727256][T27759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7444'. [ 1593.848544][T27763] netlink: 'syz.3.7444': attribute type 1 has an invalid length. [ 1594.004987][T27763] netlink: 13 bytes leftover after parsing attributes in process `syz.3.7444'. [ 1594.167545][T27763] netlink: 'syz.3.7444': attribute type 1 has an invalid length. [ 1599.248651][T27825] netlink: 'syz.3.7464': attribute type 3 has an invalid length. [ 1599.412787][T27825] netlink: 306 bytes leftover after parsing attributes in process `syz.3.7464'. [ 1600.705363][T27839] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7468'. [ 1604.692180][T17986] block nbd0: Receive control failed (result -32) [ 1605.044108][ T29] audit: type=1800 audit(2147491612.837:27): pid=27879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7479" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1607.810699][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.821465][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1612.841481][T27964] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1612.848839][T27964] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1613.674064][ T29] audit: type=1804 audit(2147491621.467:28): pid=27974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.7505" name="/newroot/1830/file0" dev="tmpfs" ino=9420 res=1 errno=0 [ 1613.874096][ T29] audit: type=1804 audit(2147491621.487:29): pid=27975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.7505" name="/newroot/1830/file0" dev="tmpfs" ino=9420 res=1 errno=0 [ 1614.875619][T27982] net_ratelimit: 5 callbacks suppressed [ 1614.875639][T27982] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1616.931541][T27998] netlink: 50 bytes leftover after parsing attributes in process `syz.2.7512'. [ 1617.778651][T28006] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1619.782435][T28025] HSR: entered promiscuous mode [ 1620.521497][T17986] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1620.826973][T28032] netlink: 13 bytes leftover after parsing attributes in process `syz.5.7521'. [ 1620.960333][T28033] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7522'. [ 1621.352849][ T29] audit: type=1800 audit(2147491629.147:30): pid=28036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7524" name="dbroot" dev="configfs" ino=1042251 res=0 errno=0 [ 1621.401956][T28036] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7524'. [ 1621.542242][T28037] netlink: 5 bytes leftover after parsing attributes in process `syz.4.7523'. [ 1621.609591][T28036] team_slave_1 (unregistering): left promiscuous mode [ 1621.661209][T28036] team_slave_1 (unregistering): left allmulticast mode [ 1621.734544][T28036] team0: Port device team_slave_1 removed [ 1633.716118][T28150] NFSD: Failed to start, no listeners configured. [ 1636.666507][T28168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7557'. [ 1637.668702][T28178] FAULT_INJECTION: forcing a failure. [ 1637.668702][T28178] name failslab, interval 1, probability 0, space 0, times 0 [ 1637.791285][T28178] CPU: 0 UID: 0 PID: 28178 Comm: syz.3.7560 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1637.791315][T28178] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1637.791322][T28178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1637.791332][T28178] Call Trace: [ 1637.791338][T28178] [ 1637.791345][T28178] dump_stack_lvl+0x100/0x190 [ 1637.791377][T28178] should_fail_ex.cold+0x5/0xa [ 1637.791397][T28178] should_failslab+0xc2/0x120 [ 1637.791415][T28178] __kvmalloc_node_noprof+0xfa/0xa00 [ 1637.791442][T28178] ? io_alloc_cache_init+0x38/0x170 [ 1637.791541][T28178] ? lockdep_set_lock_cmp_fn+0xa0/0xe0 [ 1637.791566][T28178] io_alloc_cache_init+0x38/0x170 [ 1637.791590][T28178] io_uring_setup.cold+0x3eb/0x1d09 [ 1637.791614][T28178] ? __pfx_io_uring_setup+0x10/0x10 [ 1637.791659][T28178] ? do_futex+0x192/0x350 [ 1637.791681][T28178] ? __pfx_do_futex+0x10/0x10 [ 1637.791711][T28178] ? xfd_validate_state+0x129/0x190 [ 1637.791746][T28178] __x64_sys_io_uring_setup+0xc2/0x170 [ 1637.791766][T28178] do_syscall_64+0x106/0xf80 [ 1637.791787][T28178] ? clear_bhb_loop+0x40/0x90 [ 1637.791806][T28178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.791822][T28178] RIP: 0033:0x7f653cd9c799 [ 1637.791836][T28178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1637.791851][T28178] RSP: 002b:00007f653dd1b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1637.791866][T28178] RAX: ffffffffffffffda RBX: 00007f653d015fa0 RCX: 00007f653cd9c799 [ 1637.791878][T28178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 1637.791887][T28178] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1637.791897][T28178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1637.791907][T28178] R13: 00007f653d016038 R14: 00007f653d015fa0 R15: 00007ffe07fc1bf8 [ 1637.791928][T28178] [ 1640.727677][T28189] FAULT_INJECTION: forcing a failure. [ 1640.727677][T28189] name failslab, interval 1, probability 0, space 0, times 0 [ 1640.954279][T28189] CPU: 0 UID: 0 PID: 28189 Comm: syz.5.7564 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1640.954310][T28189] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1640.954317][T28189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1640.954327][T28189] Call Trace: [ 1640.954333][T28189] [ 1640.954340][T28189] dump_stack_lvl+0x100/0x190 [ 1640.954369][T28189] should_fail_ex.cold+0x5/0xa [ 1640.954388][T28189] ? __register_sysctl_table+0xbe4/0x1650 [ 1640.954430][T28189] should_failslab+0xc2/0x120 [ 1640.954448][T28189] __kmalloc_noprof+0xe0/0x850 [ 1640.954474][T28189] __register_sysctl_table+0xbe4/0x1650 [ 1640.954502][T28189] ? __pfx___register_sysctl_table+0x10/0x10 [ 1640.954524][T28189] ? is_module_address+0x69/0xf0 [ 1640.954546][T28189] ? register_net_sysctl_sz+0x222/0x430 [ 1640.954586][T28189] __devinet_sysctl_register+0x1b9/0x360 [ 1640.954624][T28189] ? trace_kmalloc+0x101/0x130 [ 1640.954639][T28189] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 1640.954668][T28189] ? __asan_memcpy+0x3c/0x60 [ 1640.954690][T28189] devinet_init_net+0x303/0x8d0 [ 1640.954712][T28189] ? __pfx_devinet_init_net+0x10/0x10 [ 1640.954733][T28189] ops_init+0x1e2/0x5f0 [ 1640.954763][T28189] setup_net+0x118/0x3a0 [ 1640.954789][T28189] ? __pfx_setup_net+0x10/0x10 [ 1640.954817][T28189] ? lockdep_init_map_type+0x5c/0x250 [ 1640.954838][T28189] ? mutex_init_lockep+0x110/0x150 [ 1640.954862][T28189] copy_net_ns+0x46f/0x7c0 [ 1640.954885][T28189] create_new_namespaces+0x3ea/0xac0 [ 1640.954906][T28189] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1640.954924][T28189] ksys_unshare+0x473/0xad0 [ 1640.954952][T28189] ? __pfx_ksys_unshare+0x10/0x10 [ 1640.954977][T28189] __x64_sys_unshare+0x31/0x40 [ 1640.954995][T28189] do_syscall_64+0x106/0xf80 [ 1640.955013][T28189] ? clear_bhb_loop+0x40/0x90 [ 1640.955032][T28189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1640.955048][T28189] RIP: 0033:0x7f553d99c799 [ 1640.955063][T28189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1640.955077][T28189] RSP: 002b:00007f553e7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1640.955093][T28189] RAX: ffffffffffffffda RBX: 00007f553dc15fa0 RCX: 00007f553d99c799 [ 1640.955103][T28189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1640.955113][T28189] RBP: 00007f553da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1640.955122][T28189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1640.955132][T28189] R13: 00007f553dc16038 R14: 00007f553dc15fa0 R15: 00007fff4a36f3d8 [ 1640.955160][T28189] [ 1640.955168][T28189] sysctl could not get directory: /net/ipv4/conf -12 [ 1646.799750][T28220] [U] [ 1647.833450][T28251] netlink: 93 bytes leftover after parsing attributes in process `syz.3.7577'. [ 1647.962985][T28249] netlink: 93 bytes leftover after parsing attributes in process `syz.3.7577'. [ 1653.393128][T28309] netlink: 9 bytes leftover after parsing attributes in process `syz.5.7593'. [ 1655.616325][T28337] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1656.414683][T28346] FAULT_INJECTION: forcing a failure. [ 1656.414683][T28346] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1656.524356][T28346] CPU: 0 UID: 0 PID: 28346 Comm: syz.2.7603 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1656.524386][T28346] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1656.524392][T28346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1656.524403][T28346] Call Trace: [ 1656.524419][T28346] [ 1656.524427][T28346] dump_stack_lvl+0x100/0x190 [ 1656.524456][T28346] should_fail_ex.cold+0x5/0xa [ 1656.524475][T28346] _copy_to_user+0x32/0xd0 [ 1656.524508][T28346] copy_siginfo_to_user+0x27/0xc0 [ 1656.524527][T28346] x64_setup_rt_frame+0xa03/0xce0 [ 1656.524551][T28346] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 1656.524571][T28346] ? do_send_specific+0x15c/0x360 [ 1656.524590][T28346] arch_do_signal_or_restart+0x587/0x770 [ 1656.524610][T28346] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1656.524639][T28346] exit_to_user_mode_loop+0x86/0x4a0 [ 1656.524661][T28346] do_syscall_64+0x668/0xf80 [ 1656.524680][T28346] ? clear_bhb_loop+0x40/0x90 [ 1656.524699][T28346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1656.524716][T28346] RIP: 0033:0x7f4c0959c799 [ 1656.524730][T28346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1656.524745][T28346] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8 [ 1656.524760][T28346] RAX: 0000000000000000 RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1656.524770][T28346] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000001391 [ 1656.524778][T28346] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1656.524788][T28346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1656.524796][T28346] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1656.524816][T28346] [ 1657.302227][T28354] ERROR: Out of memory at tomoyo_memory_ok. [ 1657.609918][T28353] ERROR: Out of memory at tomoyo_memory_ok. [ 1662.189208][T28392] netlink: 17 bytes leftover after parsing attributes in process `syz.4.7612'. [ 1665.084163][T28407] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7616'. [ 1668.207994][T28446] netlink: 93 bytes leftover after parsing attributes in process `syz.3.7626'. [ 1668.343045][T28444] netlink: 93 bytes leftover after parsing attributes in process `syz.3.7626'. [ 1669.265575][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.278262][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.333312][T28454] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7629'. [ 1670.767866][T28466] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7633'. [ 1677.450511][T28527] netlink: 334 bytes leftover after parsing attributes in process `syz.4.7650'. [ 1678.304206][T28543] binder: 28541:28543 ioctl c018620c 200000000040 returned -22 [ 1678.932563][T17986] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1680.594464][T28573] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 1680.893221][ T5179] ERROR: Out of memory at tomoyo_memory_ok. [ 1681.666621][T28583] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7665'. [ 1681.799772][T28583] bridge_slave_1 (unregistering): left allmulticast mode [ 1681.888109][T28583] bridge_slave_1 (unregistering): left promiscuous mode [ 1681.955223][T28583] bridge0: port 2(bridge_slave_1) entered disabled state [ 1683.853209][T28614] FAULT_INJECTION: forcing a failure. [ 1683.853209][T28614] name failslab, interval 1, probability 0, space 0, times 0 [ 1683.972974][T28614] CPU: 0 UID: 0 PID: 28614 Comm: syz.3.7674 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1683.973004][T28614] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1683.973011][T28614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1683.973021][T28614] Call Trace: [ 1683.973028][T28614] [ 1683.973036][T28614] dump_stack_lvl+0x100/0x190 [ 1683.973065][T28614] should_fail_ex.cold+0x5/0xa [ 1683.973084][T28614] should_failslab+0xc2/0x120 [ 1683.973101][T28614] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1683.973125][T28614] ? copy_process+0x2921/0x7a10 [ 1683.973142][T28614] ? rcu_is_watching+0x12/0xc0 [ 1683.973168][T28614] copy_process+0x2921/0x7a10 [ 1683.973194][T28614] ? __pfx_copy_process+0x10/0x10 [ 1683.973220][T28614] kernel_clone+0xfc/0x9a0 [ 1683.973236][T28614] ? __pfx_futex_wait+0x10/0x10 [ 1683.973257][T28614] ? rep_movs_alternative+0x33/0x90 [ 1683.973281][T28614] ? __pfx_kernel_clone+0x10/0x10 [ 1683.973308][T28614] __do_sys_clone+0xd9/0x120 [ 1683.973326][T28614] ? __pfx___do_sys_clone+0x10/0x10 [ 1683.973343][T28614] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 1683.973395][T28614] do_syscall_64+0x106/0xf80 [ 1683.973417][T28614] ? clear_bhb_loop+0x40/0x90 [ 1683.973436][T28614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1683.973452][T28614] RIP: 0033:0x7f653cd9c799 [ 1683.973465][T28614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1683.973480][T28614] RSP: 002b:00007f653dd1afd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1683.973494][T28614] RAX: ffffffffffffffda RBX: 00007f653d015fa0 RCX: 00007f653cd9c799 [ 1683.973505][T28614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 1683.973513][T28614] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1683.973523][T28614] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1683.973531][T28614] R13: 00007f653d016038 R14: 00007f653d015fa0 R15: 00007ffe07fc1bf8 [ 1683.973551][T28614] [ 1684.862555][T28621] FAULT_INJECTION: forcing a failure. [ 1684.862555][T28621] name failslab, interval 1, probability 0, space 0, times 0 [ 1685.073039][T28621] CPU: 0 UID: 0 PID: 28621 Comm: syz.3.7676 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1685.073068][T28621] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1685.073075][T28621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1685.073085][T28621] Call Trace: [ 1685.073091][T28621] [ 1685.073099][T28621] dump_stack_lvl+0x100/0x190 [ 1685.073128][T28621] should_fail_ex.cold+0x5/0xa [ 1685.073147][T28621] ? tomoyo_init_log+0x1224/0x20c0 [ 1685.073165][T28621] should_failslab+0xc2/0x120 [ 1685.073181][T28621] __kmalloc_noprof+0xe0/0x850 [ 1685.073209][T28621] tomoyo_init_log+0x1224/0x20c0 [ 1685.073228][T28621] ? number+0x983/0xc90 [ 1685.073250][T28621] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1685.073292][T28621] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1685.073315][T28621] tomoyo_write_log2+0x2ed/0xbc0 [ 1685.073335][T28621] tomoyo_supervisor+0x15e/0x1340 [ 1685.073362][T28621] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1685.073384][T28621] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1685.073408][T28621] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1685.073425][T28621] ? kfree+0x1f6/0x6b0 [ 1685.073444][T28621] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1685.073474][T28621] tomoyo_path_number_perm+0x445/0x580 [ 1685.073502][T28621] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1685.073525][T28621] ? futex_wait+0x125/0x380 [ 1685.073564][T28621] ? find_held_lock+0x2b/0x80 [ 1685.073578][T28621] ? __fget_files+0x215/0x3d0 [ 1685.073592][T28621] ? hook_file_ioctl_common+0x146/0x410 [ 1685.073629][T28621] ? __fget_files+0x21f/0x3d0 [ 1685.073647][T28621] security_file_ioctl+0xd3/0x230 [ 1685.073674][T28621] __x64_sys_ioctl+0xb7/0x210 [ 1685.073698][T28621] do_syscall_64+0x106/0xf80 [ 1685.073716][T28621] ? clear_bhb_loop+0x40/0x90 [ 1685.073734][T28621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1685.073751][T28621] RIP: 0033:0x7f653cd9c799 [ 1685.073766][T28621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1685.073781][T28621] RSP: 002b:00007f653dcfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1685.073796][T28621] RAX: ffffffffffffffda RBX: 00007f653d016090 RCX: 00007f653cd9c799 [ 1685.073806][T28621] RDX: 0000000000000000 RSI: 0000000000005452 RDI: 0000000000000006 [ 1685.073816][T28621] RBP: 00007f653ce32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1685.073825][T28621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1685.073835][T28621] R13: 00007f653d016128 R14: 00007f653d016090 R15: 00007ffe07fc1bf8 [ 1685.073855][T28621] [ 1686.616564][T28631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7679'. [ 1686.729026][T28632] netlink: 354 bytes leftover after parsing attributes in process `syz.2.7679'. [ 1687.491366][T28641] netlink: Unknown conntrack attr (type=257, max=9) [ 1688.017004][ T29] audit: type=1326 audit(2147491695.788:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28638 comm="syz.3.7681" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f653cd9c799 code=0x0 [ 1688.103401][T28633] delete_channel: no stack [ 1690.440632][ T29] audit: type=1800 audit(2147491698.218:32): pid=28665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.7684" name="dbroot" dev="configfs" ino=1099510 res=0 errno=0 [ 1691.332774][T28670] FAULT_INJECTION: forcing a failure. [ 1691.332774][T28670] name failslab, interval 1, probability 0, space 0, times 0 [ 1691.451957][T28670] CPU: 0 UID: 8 PID: 28670 Comm: syz.2.7696 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1691.451986][T28670] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1691.451993][T28670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1691.452003][T28670] Call Trace: [ 1691.452008][T28670] [ 1691.452015][T28670] dump_stack_lvl+0x100/0x190 [ 1691.452043][T28670] should_fail_ex.cold+0x5/0xa [ 1691.452062][T28670] should_failslab+0xc2/0x120 [ 1691.452079][T28670] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1691.452101][T28670] ? cred_alloc_blank+0x1c/0xa0 [ 1691.452135][T28670] ? __x64_sys_futex+0x34f/0x4d0 [ 1691.452154][T28670] ? __x64_sys_futex+0x358/0x4d0 [ 1691.452175][T28670] cred_alloc_blank+0x1c/0xa0 [ 1691.452197][T28670] keyctl_session_to_parent+0x55/0xae0 [ 1691.452224][T28670] __do_sys_keyctl+0x2b1/0x5a0 [ 1691.452248][T28670] do_syscall_64+0x106/0xf80 [ 1691.452267][T28670] ? clear_bhb_loop+0x40/0x90 [ 1691.452285][T28670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1691.452302][T28670] RIP: 0033:0x7f4c0959c799 [ 1691.452315][T28670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1691.452331][T28670] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1691.452349][T28670] RAX: ffffffffffffffda RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1691.452362][T28670] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 1691.452372][T28670] RBP: 00007f4c09632c99 R08: 0000000000000001 R09: 0000000000000000 [ 1691.452382][T28670] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 1691.452391][T28670] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1691.452411][T28670] [ 1692.021318][T28675] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7687'. [ 1693.462563][T28683] netlink: 186 bytes leftover after parsing attributes in process `syz.5.7689'. [ 1695.840974][T28701] netlink: 50 bytes leftover after parsing attributes in process `syz.4.7695'. [ 1700.771713][T28752] netlink: 'syz.5.7708': attribute type 3 has an invalid length. [ 1700.779527][T28752] netlink: 306 bytes leftover after parsing attributes in process `syz.5.7708'. [ 1701.508379][T28758] netlink: 274 bytes leftover after parsing attributes in process `syz.5.7720'. [ 1701.678548][T28764] netlink: Unknown conntrack attr (type=257, max=9) [ 1701.931318][ T29] audit: type=1326 audit(2147491709.708:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28757 comm="syz.2.7709" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4c0959c799 code=0x0 [ 1702.173779][T28771] FAULT_INJECTION: forcing a failure. [ 1702.173779][T28771] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1702.317004][T28771] CPU: 0 UID: 0 PID: 28771 Comm: syz.5.7712 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1702.317057][T28771] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1702.317070][T28771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1702.317090][T28771] Call Trace: [ 1702.317096][T28771] [ 1702.317102][T28771] dump_stack_lvl+0x100/0x190 [ 1702.317130][T28771] should_fail_ex.cold+0x5/0xa [ 1702.317149][T28771] get_futex_key+0x1d2/0x1620 [ 1702.317170][T28771] ? __pfx_get_futex_key+0x10/0x10 [ 1702.317186][T28771] ? do_user_addr_fault+0x8d6/0x12f0 [ 1702.317213][T28771] ? irqentry_exit+0x180/0x670 [ 1702.317246][T28771] ? lockdep_hardirqs_on+0x78/0x100 [ 1702.317270][T28771] futex_wake+0xea/0x530 [ 1702.317295][T28771] ? __pfx_futex_wake+0x10/0x10 [ 1702.317320][T28771] ? __get_user_nocheck_8+0x20/0x20 [ 1702.317337][T28771] ? do_vfs_ioctl+0x226/0x13e0 [ 1702.317360][T28771] do_futex+0x32b/0x350 [ 1702.317379][T28771] ? __pfx_do_futex+0x10/0x10 [ 1702.317399][T28771] ? find_held_lock+0x2b/0x80 [ 1702.317416][T28771] __x64_sys_futex+0x34f/0x4d0 [ 1702.317436][T28771] ? __fget_files+0x21f/0x3d0 [ 1702.317451][T28771] ? __pfx___x64_sys_futex+0x10/0x10 [ 1702.317477][T28771] do_syscall_64+0x106/0xf80 [ 1702.317494][T28771] ? clear_bhb_loop+0x40/0x90 [ 1702.317513][T28771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1702.317529][T28771] RIP: 0033:0x7f553d99c799 [ 1702.317543][T28771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1702.317558][T28771] RSP: 002b:00007f553e7aa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1702.317573][T28771] RAX: ffffffffffffffda RBX: 00007f553dc16098 RCX: 00007f553d99c799 [ 1702.317584][T28771] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f553dc1609c [ 1702.317593][T28771] RBP: 00007f553dc16090 R08: 0000000000000000 R09: 0000000000000000 [ 1702.317602][T28771] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1702.317611][T28771] R13: 00007f553dc16128 R14: 00007fff4a36f2f0 R15: 00007fff4a36f3d8 [ 1702.317631][T28771] [ 1702.318015][T28771] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 1706.339354][T28803] netlink: 5 bytes leftover after parsing attributes in process `syz.2.7721'. [ 1706.414344][T28803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7721'. [ 1708.911881][T28830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7728'. [ 1708.992362][T28831] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7728'. [ 1709.483977][T27459] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1710.341401][T28841] netlink: Unknown conntrack attr (type=257, max=9) [ 1710.711178][ T29] audit: type=1326 audit(2147491718.488:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28838 comm="syz.4.7730" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1659d9c799 code=0x0 [ 1711.432710][T28845] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1711.442243][T28836] delete_channel: no stack [ 1711.484699][T28845] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1711.552617][T28845] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1711.593548][T28845] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1711.642308][T28845] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1712.681448][T27459] Bluetooth: hci1: command 0x0406 tx timeout [ 1712.955156][T28868] NFSD: Failed to start, no listeners configured. [ 1713.171817][T28872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7738'. [ 1713.561597][T27459] Bluetooth: hci4: command 0x0419 tx timeout [ 1713.567716][T17986] Bluetooth: hci3: command 0x0406 tx timeout [ 1713.722869][T27459] Bluetooth: hci5: command 0x0c1a tx timeout [ 1713.802403][T28882] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7742'. [ 1714.008859][T28882] bridge_slave_1 (unregistering): left allmulticast mode [ 1714.061474][T28882] bridge_slave_1 (unregistering): left promiscuous mode [ 1714.113292][T28882] bridge0: port 2(bridge_slave_1) entered disabled state [ 1715.358682][T28892] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1715.421255][T28892] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1715.444463][T28892] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1715.523329][T28892] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1717.001590][T27459] Bluetooth: hci1: command 0x0406 tx timeout [ 1717.482477][T27459] Bluetooth: hci5: command 0x0c1a tx timeout [ 1717.489226][T17986] Bluetooth: hci4: command 0x0419 tx timeout [ 1717.496141][T17986] Bluetooth: hci3: command 0x0406 tx timeout [ 1719.883163][T28936] FAULT_INJECTION: forcing a failure. [ 1719.883163][T28936] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1720.248238][T28936] CPU: 0 UID: 0 PID: 28936 Comm: syz.2.7752 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1720.248268][T28936] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1720.248275][T28936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1720.248285][T28936] Call Trace: [ 1720.248291][T28936] [ 1720.248298][T28936] dump_stack_lvl+0x100/0x190 [ 1720.248327][T28936] should_fail_ex.cold+0x5/0xa [ 1720.248347][T28936] get_futex_key+0x1d2/0x1620 [ 1720.248368][T28936] ? __pfx_get_futex_key+0x10/0x10 [ 1720.248393][T28936] futex_wake+0xea/0x530 [ 1720.248417][T28936] ? __pfx_futex_wake+0x10/0x10 [ 1720.248440][T28936] ? putname+0xb1/0x110 [ 1720.248455][T28936] ? kmem_cache_free+0x124/0x6a0 [ 1720.248479][T28936] do_futex+0x32b/0x350 [ 1720.248498][T28936] ? __pfx_do_futex+0x10/0x10 [ 1720.248516][T28936] ? __pfx_do_sys_openat2+0x10/0x10 [ 1720.248540][T28936] __x64_sys_futex+0x34f/0x4d0 [ 1720.248560][T28936] ? __x64_sys_openat+0x12d/0x210 [ 1720.248579][T28936] ? __pfx___x64_sys_futex+0x10/0x10 [ 1720.248605][T28936] do_syscall_64+0x106/0xf80 [ 1720.248623][T28936] ? clear_bhb_loop+0x40/0x90 [ 1720.248642][T28936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1720.248658][T28936] RIP: 0033:0x7f4c0959c799 [ 1720.248672][T28936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1720.248688][T28936] RSP: 002b:00007f4c0a4f80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1720.248703][T28936] RAX: ffffffffffffffda RBX: 00007f4c09816098 RCX: 00007f4c0959c799 [ 1720.248713][T28936] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4c0981609c [ 1720.248723][T28936] RBP: 00007f4c09816090 R08: 0000000000000000 R09: 0000000000000000 [ 1720.248732][T28936] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 1720.248741][T28936] R13: 00007f4c09816128 R14: 00007ffcd3454170 R15: 00007ffcd3454258 [ 1720.248760][T28936] [ 1722.937742][T28955] netlink: Unknown conntrack attr (type=257, max=9) [ 1723.096246][ T29] audit: type=1326 audit(2147491730.878:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28952 comm="syz.3.7755" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f653cd9c799 code=0x0 [ 1727.654118][T28982] FAULT_INJECTION: forcing a failure. [ 1727.654118][T28982] name failslab, interval 1, probability 0, space 0, times 0 [ 1727.884445][T28982] CPU: 0 UID: 0 PID: 28982 Comm: syz.2.7763 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1727.884473][T28982] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1727.884480][T28982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1727.884490][T28982] Call Trace: [ 1727.884496][T28982] [ 1727.884503][T28982] dump_stack_lvl+0x100/0x190 [ 1727.884531][T28982] should_fail_ex.cold+0x5/0xa [ 1727.884551][T28982] should_failslab+0xc2/0x120 [ 1727.884568][T28982] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1727.884588][T28982] ? tomoyo_write_log2+0x333/0xbc0 [ 1727.884621][T28982] tomoyo_write_log2+0x333/0xbc0 [ 1727.884643][T28982] tomoyo_supervisor+0x15e/0x1340 [ 1727.884670][T28982] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1727.884690][T28982] ? irqentry_exit+0x180/0x670 [ 1727.884710][T28982] ? lockdep_hardirqs_on+0x78/0x100 [ 1727.884736][T28982] ? tomoyo_check_acl+0x9f/0x410 [ 1727.884757][T28982] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1727.884786][T28982] tomoyo_path_number_perm+0x445/0x580 [ 1727.884811][T28982] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1727.884833][T28982] ? futex_wait+0x125/0x380 [ 1727.884873][T28982] ? find_held_lock+0x2b/0x80 [ 1727.884887][T28982] ? __fget_files+0x215/0x3d0 [ 1727.884900][T28982] ? hook_file_ioctl_common+0x146/0x410 [ 1727.884928][T28982] ? __fget_files+0x21f/0x3d0 [ 1727.884945][T28982] security_file_ioctl+0xd3/0x230 [ 1727.884970][T28982] __x64_sys_ioctl+0xb7/0x210 [ 1727.884993][T28982] do_syscall_64+0x106/0xf80 [ 1727.885010][T28982] ? clear_bhb_loop+0x40/0x90 [ 1727.885028][T28982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1727.885044][T28982] RIP: 0033:0x7f4c0959c799 [ 1727.885058][T28982] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1727.885073][T28982] RSP: 002b:00007f4c0a4f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1727.885089][T28982] RAX: ffffffffffffffda RBX: 00007f4c09816090 RCX: 00007f4c0959c799 [ 1727.885099][T28982] RDX: 0000000000000000 RSI: 0000000000005452 RDI: 0000000000000006 [ 1727.885108][T28982] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1727.885117][T28982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1727.885126][T28982] R13: 00007f4c09816128 R14: 00007f4c09816090 R15: 00007ffcd3454258 [ 1727.885145][T28982] [ 1729.366102][T28970] can: request_module (can-proto-3) failed. [ 1729.429142][T28991] Process accounting resumed [ 1730.685776][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.693637][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1733.805778][T28998] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 1733.812734][T28924] Bluetooth: hci1: command 0x0406 tx timeout [ 1733.883951][T29015] netlink: 334 bytes leftover after parsing attributes in process `syz.3.7767'. [ 1734.088042][T28998] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1734.162027][T28998] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1734.168445][T28998] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1736.041198][T22767] Bluetooth: hci3: command 0x0406 tx timeout [ 1736.201879][T22767] Bluetooth: hci5: command 0x0c1a tx timeout [ 1736.208002][T22767] Bluetooth: hci4: command 0x0419 tx timeout [ 1739.353146][T29057] nbd: must specify at least one socket [ 1747.065598][T29131] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7800'. [ 1747.743808][T29138] vivid-007: ================= START STATUS ================= [ 1747.811266][T29138] vivid-007: Generate PTS: true [ 1747.921246][T29138] vivid-007: Generate SCR: true [ 1748.002574][T29138] tpg source WxH: 320x240 (Y'CbCr) [ 1748.008044][T29138] tpg field: 1 [ 1748.203334][T29138] tpg crop: (0,0)/320x240 [ 1748.207747][T29138] tpg compose: (0,0)/320x240 [ 1748.300320][T29138] tpg colorspace: 8 [ 1748.341417][T29138] tpg transfer function: 0/0 [ 1748.346045][T29138] tpg Y'CbCr encoding: 0/0 [ 1748.433804][T29138] tpg quantization: 0/0 [ 1748.473084][T29138] tpg RGB range: 0/2 [ 1748.527214][T29138] vivid-007: ================== END STATUS ================== [ 1750.352307][T29165] netlink: 334 bytes leftover after parsing attributes in process `syz.2.7807'. [ 1750.565667][T29170] ERROR: Out of memory at tomoyo_memory_ok. [ 1750.970372][T29167] ERROR: Out of memory at tomoyo_memory_ok. [ 1754.168279][T29203] netlink: 93 bytes leftover after parsing attributes in process `syz.4.7818'. [ 1754.393079][T29210] netlink: 334 bytes leftover after parsing attributes in process `syz.5.7820'. [ 1755.307778][T29221] ERROR: Out of memory at tomoyo_memory_ok. [ 1755.762350][T29218] ERROR: Out of memory at tomoyo_memory_ok. [ 1756.471045][ T29] audit: type=1806 audit(2147491764.248:36): xattr="." res=0 [ 1759.924425][T29269] Process accounting paused [ 1760.884541][T29281] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7839'. [ 1761.002438][T29282] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7839'. [ 1763.681529][T22767] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1764.832425][T29321] sd 0:0:1:0: PR command failed: 1026 [ 1764.897349][T29321] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1765.009489][T29321] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1765.722832][T28924] Bluetooth: hci3: command 0x0406 tx timeout [ 1765.811918][T29333] binder: 29331:29333 ioctl c018620c 2000000000c0 returned -22 [ 1766.038452][T29337] FAULT_INJECTION: forcing a failure. [ 1766.038452][T29337] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1766.179593][T29337] CPU: 0 UID: 0 PID: 29337 Comm: syz.3.7855 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1766.179623][T29337] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1766.179633][T29337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1766.179643][T29337] Call Trace: [ 1766.179649][T29337] [ 1766.179656][T29337] dump_stack_lvl+0x100/0x190 [ 1766.179685][T29337] should_fail_ex.cold+0x5/0xa [ 1766.179703][T29337] ? __pfx___might_resched+0x10/0x10 [ 1766.179728][T29337] get_futex_key+0x1d2/0x1620 [ 1766.179749][T29337] ? __pfx_get_futex_key+0x10/0x10 [ 1766.179768][T29337] ? __pfx_aa_sk_perm+0x10/0x10 [ 1766.179789][T29337] futex_wait_setup+0x83/0x510 [ 1766.179816][T29337] __futex_wait+0x19f/0x300 [ 1766.179839][T29337] ? __pfx___futex_wait+0x10/0x10 [ 1766.179864][T29337] ? __pfx_futex_wake_mark+0x10/0x10 [ 1766.179888][T29337] ? futex_hash+0x2c5/0x380 [ 1766.179911][T29337] futex_wait+0xed/0x380 [ 1766.179933][T29337] ? __pfx_futex_wait+0x10/0x10 [ 1766.179964][T29337] do_futex+0x1ef/0x350 [ 1766.179983][T29337] ? __pfx_do_futex+0x10/0x10 [ 1766.180002][T29337] ? fput+0x79/0x100 [ 1766.180020][T29337] ? __sys_sendmsg+0x18f/0x220 [ 1766.180065][T29337] __x64_sys_futex+0x34f/0x4d0 [ 1766.180087][T29337] ? __pfx___x64_sys_futex+0x10/0x10 [ 1766.180115][T29337] do_syscall_64+0x106/0xf80 [ 1766.180141][T29337] ? clear_bhb_loop+0x40/0x90 [ 1766.180161][T29337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1766.180178][T29337] RIP: 0033:0x7f653cd9c799 [ 1766.180192][T29337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1766.180206][T29337] RSP: 002b:00007f653dd1b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1766.180221][T29337] RAX: ffffffffffffffda RBX: 00007f653d015fa8 RCX: 00007f653cd9c799 [ 1766.180232][T29337] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f653d015fa8 [ 1766.180241][T29337] RBP: 00007f653d015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1766.180250][T29337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1766.180259][T29337] R13: 00007f653d016038 R14: 00007ffe07fc1b10 R15: 00007ffe07fc1bf8 [ 1766.180279][T29337] [ 1767.631485][T29349] kAFS: Invalid Command on /proc/fs/afs/cells file [ 1767.818480][T28924] Bluetooth: hci3: command 0x0406 tx timeout [ 1770.976217][T29387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7871'. [ 1771.041892][T29387] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7871'. [ 1772.891665][T29405] FAULT_INJECTION: forcing a failure. [ 1772.891665][T29405] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.021450][T29405] CPU: 0 UID: 0 PID: 29405 Comm: syz.2.7877 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1773.021481][T29405] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1773.021488][T29405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1773.021498][T29405] Call Trace: [ 1773.021504][T29405] [ 1773.021512][T29405] dump_stack_lvl+0x100/0x190 [ 1773.021539][T29405] should_fail_ex.cold+0x5/0xa [ 1773.021558][T29405] should_failslab+0xc2/0x120 [ 1773.021576][T29405] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1773.021596][T29405] ? snd_seq_oss_writeq_new+0xb5/0x2b0 [ 1773.021643][T29405] snd_seq_oss_writeq_new+0xb5/0x2b0 [ 1773.021663][T29405] ? __pfx_snd_seq_oss_writeq_new+0x10/0x10 [ 1773.021689][T29405] ? __raw_spin_lock_init+0x3a/0x110 [ 1773.021715][T29405] snd_seq_oss_open+0x7bc/0xa10 [ 1773.021746][T29405] odev_open+0x79/0xc0 [ 1773.021765][T29405] ? __pfx_odev_open+0x10/0x10 [ 1773.021785][T29405] soundcore_open+0x2e3/0x5a0 [ 1773.021814][T29405] ? __pfx_soundcore_open+0x10/0x10 [ 1773.021835][T29405] chrdev_open+0x234/0x6a0 [ 1773.021854][T29405] ? __pfx_apparmor_file_open+0x10/0x10 [ 1773.021877][T29405] ? __pfx_chrdev_open+0x10/0x10 [ 1773.021893][T29405] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1773.021914][T29405] do_dentry_open+0x6d8/0x1660 [ 1773.021930][T29405] ? __pfx_chrdev_open+0x10/0x10 [ 1773.021950][T29405] vfs_open+0x82/0x3f0 [ 1773.021971][T29405] path_openat+0x208c/0x31a0 [ 1773.021993][T29405] ? __pfx_path_openat+0x10/0x10 [ 1773.022016][T29405] do_file_open+0x20e/0x430 [ 1773.022033][T29405] ? __pfx_do_file_open+0x10/0x10 [ 1773.022062][T29405] ? alloc_fd+0x476/0x790 [ 1773.022079][T29405] ? do_getname+0x191/0x390 [ 1773.022099][T29405] do_sys_openat2+0x10d/0x1e0 [ 1773.022119][T29405] ? __pfx_do_sys_openat2+0x10/0x10 [ 1773.022145][T29405] __x64_sys_openat+0x12d/0x210 [ 1773.022165][T29405] ? __pfx___x64_sys_openat+0x10/0x10 [ 1773.022192][T29405] do_syscall_64+0x106/0xf80 [ 1773.022211][T29405] ? clear_bhb_loop+0x40/0x90 [ 1773.022229][T29405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1773.022245][T29405] RIP: 0033:0x7f4c0959c799 [ 1773.022260][T29405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1773.022274][T29405] RSP: 002b:00007f4c0a519028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1773.022289][T29405] RAX: ffffffffffffffda RBX: 00007f4c09815fa0 RCX: 00007f4c0959c799 [ 1773.022299][T29405] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1773.022309][T29405] RBP: 00007f4c09632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1773.022318][T29405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1773.022327][T29405] R13: 00007f4c09816038 R14: 00007f4c09815fa0 R15: 00007ffcd3454258 [ 1773.022353][T29405] [ 1773.771810][T29412] netlink: 9 bytes leftover after parsing attributes in process `syz.3.7878'. [ 1776.847821][T22767] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1777.841763][T29439] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7885'. [ 1777.925086][T29441] netlink: 'syz.5.7885': attribute type 1 has an invalid length. [ 1778.090511][T29441] netlink: 5 bytes leftover after parsing attributes in process `syz.5.7885'. [ 1781.263805][T29470] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1781.522570][T29471] can0: slcan on ttyS2. [ 1782.094678][T29467] can0 (unregistered): slcan off ttyS2. [ 1782.713857][T29486] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7895'. [ 1784.571132][ T29] audit: type=1800 audit(2147491792.338:37): pid=29516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7901" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1785.737099][T29540] FAULT_INJECTION: forcing a failure. [ 1785.737099][T29540] name failslab, interval 1, probability 0, space 0, times 0 [ 1785.895342][T29540] CPU: 0 UID: 0 PID: 29540 Comm: syz.5.7907 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1785.895373][T29540] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1785.895379][T29540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1785.895389][T29540] Call Trace: [ 1785.895395][T29540] [ 1785.895402][T29540] dump_stack_lvl+0x100/0x190 [ 1785.895430][T29540] should_fail_ex.cold+0x5/0xa [ 1785.895449][T29540] should_failslab+0xc2/0x120 [ 1785.895466][T29540] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1785.895488][T29540] ? __proc_create+0x2cb/0x8c0 [ 1785.895516][T29540] __proc_create+0x2cb/0x8c0 [ 1785.895539][T29540] ? __pfx___proc_create+0x10/0x10 [ 1785.895561][T29540] ? proc_register+0x554/0x8a0 [ 1785.895578][T29540] ? _raw_write_unlock+0x28/0x50 [ 1785.895599][T29540] proc_create_reg+0x75/0x170 [ 1785.895615][T29540] proc_create_net_data+0x8e/0x1c0 [ 1785.895640][T29540] ? __pfx_proc_create_net_data+0x10/0x10 [ 1785.895665][T29540] ? __pfx_proc_create_net_data+0x10/0x10 [ 1785.895687][T29540] ? __pfx_uevent_net_rcv+0x10/0x10 [ 1785.895732][T29540] ? __pfx_dev_proc_net_init+0x10/0x10 [ 1785.895816][T29540] dev_proc_net_init+0x5e/0x230 [ 1785.895834][T29540] ops_init+0x1e2/0x5f0 [ 1785.895858][T29540] setup_net+0x118/0x3a0 [ 1785.895877][T29540] ? __pfx_setup_net+0x10/0x10 [ 1785.895894][T29540] ? lockdep_init_map_type+0x5c/0x250 [ 1785.895915][T29540] ? mutex_init_lockep+0x110/0x150 [ 1785.895938][T29540] copy_net_ns+0x46f/0x7c0 [ 1785.895960][T29540] create_new_namespaces+0x3ea/0xac0 [ 1785.895981][T29540] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1785.895999][T29540] ksys_unshare+0x473/0xad0 [ 1785.896027][T29540] ? __pfx_ksys_unshare+0x10/0x10 [ 1785.896054][T29540] __x64_sys_unshare+0x31/0x40 [ 1785.896073][T29540] do_syscall_64+0x106/0xf80 [ 1785.896091][T29540] ? clear_bhb_loop+0x40/0x90 [ 1785.896110][T29540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1785.896126][T29540] RIP: 0033:0x7f553d99c799 [ 1785.896141][T29540] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1785.896155][T29540] RSP: 002b:00007f553e7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1785.896171][T29540] RAX: ffffffffffffffda RBX: 00007f553dc15fa0 RCX: 00007f553d99c799 [ 1785.896182][T29540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1785.896192][T29540] RBP: 00007f553da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1785.896201][T29540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1785.896211][T29540] R13: 00007f553dc16038 R14: 00007f553dc15fa0 R15: 00007fff4a36f3d8 [ 1785.896231][T29540] [ 1789.614151][T29581] FAULT_INJECTION: forcing a failure. [ 1789.614151][T29581] name failslab, interval 1, probability 0, space 0, times 0 [ 1789.733388][T29581] CPU: 0 UID: 0 PID: 29581 Comm: syz.5.7918 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1789.733416][T29581] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1789.733423][T29581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1789.733433][T29581] Call Trace: [ 1789.733439][T29581] [ 1789.733446][T29581] dump_stack_lvl+0x100/0x190 [ 1789.733474][T29581] should_fail_ex.cold+0x5/0xa [ 1789.733495][T29581] should_failslab+0xc2/0x120 [ 1789.733511][T29581] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1789.733531][T29581] ? tomoyo_init_log+0x1a0/0x20c0 [ 1789.733553][T29581] tomoyo_init_log+0x1a0/0x20c0 [ 1789.733570][T29581] ? __pfx_format_decode+0x10/0x10 [ 1789.733597][T29581] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1789.733626][T29581] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1789.733649][T29581] tomoyo_write_log2+0x2ed/0xbc0 [ 1789.733670][T29581] tomoyo_supervisor+0x15e/0x1340 [ 1789.733693][T29581] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1789.733722][T29581] ? kasan_quarantine_put+0x104/0x240 [ 1789.733746][T29581] ? tomoyo_check_path_acl+0x141/0x210 [ 1789.733776][T29581] ? tomoyo_check_acl+0x1f7/0x410 [ 1789.733801][T29581] tomoyo_path_permission+0x270/0x3b0 [ 1789.733826][T29581] tomoyo_check_open_permission+0x37f/0x3c0 [ 1789.733852][T29581] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1789.733897][T29581] ? do_raw_spin_lock+0x128/0x260 [ 1789.733920][T29581] ? path_get+0x61/0x80 [ 1789.733939][T29581] tomoyo_file_open+0x6b/0x90 [ 1789.733959][T29581] security_file_open+0xb5/0x1e0 [ 1789.733977][T29581] do_dentry_open+0x5aa/0x1660 [ 1789.733993][T29581] ? security_inode_permission+0xbf/0x250 [ 1789.734020][T29581] vfs_open+0x82/0x3f0 [ 1789.734041][T29581] path_openat+0x208c/0x31a0 [ 1789.734064][T29581] ? __pfx_path_openat+0x10/0x10 [ 1789.734086][T29581] do_file_open+0x20e/0x430 [ 1789.734104][T29581] ? __pfx_do_file_open+0x10/0x10 [ 1789.734133][T29581] ? alloc_fd+0x476/0x790 [ 1789.734150][T29581] ? do_getname+0x191/0x390 [ 1789.734169][T29581] do_sys_openat2+0x10d/0x1e0 [ 1789.734188][T29581] ? __pfx_do_sys_openat2+0x10/0x10 [ 1789.734215][T29581] __x64_sys_openat+0x12d/0x210 [ 1789.734235][T29581] ? __pfx___x64_sys_openat+0x10/0x10 [ 1789.734262][T29581] do_syscall_64+0x106/0xf80 [ 1789.734279][T29581] ? clear_bhb_loop+0x40/0x90 [ 1789.734298][T29581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1789.734313][T29581] RIP: 0033:0x7f553d99c799 [ 1789.734328][T29581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1789.734343][T29581] RSP: 002b:00007f553e7cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1789.734359][T29581] RAX: ffffffffffffffda RBX: 00007f553dc15fa0 RCX: 00007f553d99c799 [ 1789.734370][T29581] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1789.734380][T29581] RBP: 00007f553da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1789.734390][T29581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1789.734399][T29581] R13: 00007f553dc16038 R14: 00007f553dc15fa0 R15: 00007fff4a36f3d8 [ 1789.734420][T29581] [ 1790.735617][T29581] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1791.595477][T29569] Process accounting resumed [ 1792.129713][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1792.139771][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1798.306650][T29663] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7938'. [ 1798.394931][T29663] netlink: 'syz.5.7938': attribute type 1 has an invalid length. [ 1798.461476][T29663] netlink: 51505 bytes leftover after parsing attributes in process `syz.5.7938'. [ 1799.131387][T29650] Process accounting resumed [ 1800.153254][T29678] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1800.230701][T29678] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1806.954071][T29738] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7959'. [ 1811.521619][T29781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7974'. [ 1811.615758][T29781] netlink: 354 bytes leftover after parsing attributes in process `syz.2.7974'. [ 1812.137142][T29790] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7976'. [ 1814.393487][T29816] netlink: 17 bytes leftover after parsing attributes in process `syz.2.7983'. [ 1815.714155][T29828] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1821.008500][T29860] ptrace attach of "./syz-executor exec"[5829] was attempted by "^,}Q3\x1bE+_?o,\x0a\x0cB}ݨO/i7\x5c l$?;ѮG]V.ķ'x\x0a>U|ZJK\x0bJ3+x2G@\x5cjAA\x07\x099(jűqO\x1b>t0r=NFrRo݆\x0dlFZr?gGYJ+\x5c&;O{󛢹8jWvmYq7DV0V'Gr$Pr伨<#q\x09BxTzRNi@)hG\x0dXqdmw@S{Kę9e;\x0a\x07\x0dmW\x0dM_KSW,\x07M\x09\x071N(և:/THlRI]ɉlu5\x092|Q1''u;\x0b+{<+Ǩ)8 |z)K ^|*_@s;㼇\x0bS?^\x1bϕ*^\x0bj鏄+tCb!+tNU-7_(n%{D)\x0dA\x224J%(ml԰lRi!DZ:L\x1b-8VgcLgVߩn).h% }\x1bKhAr%Ձ_ӧ\x0c\x5c( &K1KS]y&@sW ŒR~x' [ 1823.252525][T29884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8002'. [ 1827.307727][T29922] Invalid ELF header magic: != ELF [ 1830.395192][T29953] misc userio: Invalid payload size [ 1831.198922][T29935] Process accounting paused [ 1836.102551][T30016] Invalid ELF header magic: != ELF [ 1837.237043][T30032] Invalid ELF header magic: != ELF [ 1840.505365][T30019] Bluetooth: hci5: ISO packet for unknown connection handle 0 [ 1841.038589][T30082] ubi31: attaching mtd0 [ 1841.054438][T30082] ubi31: scanning is finished [ 1841.091223][T30082] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 1841.150535][T30087] random: crng reseeded on system resumption [ 1841.431940][T30082] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1841.454467][T30095] netlink: 25 bytes leftover after parsing attributes in process `syz.4.8054'. [ 1842.052477][T30110] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8058'. [ 1842.237056][T30114] Invalid ELF header magic: != ELF [ 1842.256407][ T29] audit: type=1800 audit(2147491850.038:38): pid=30115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8059" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1842.464206][T30120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8062'. [ 1842.498345][T30120] netlink: 'syz.4.8062': attribute type 1 has an invalid length. [ 1842.530281][T30120] netlink: 'syz.4.8062': attribute type 6 has an invalid length. [ 1845.463755][T30189] Invalid ELF header magic: != ELF [ 1845.951252][T30015] Bluetooth: hci0: Frame reassembly failed (-84) [ 1846.683358][T30219] zswap: compressor w(<8.D z not available [ 1847.961236][T30074] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 1847.970220][T30212] Bluetooth: hci0: command 0xfc11 tx timeout [ 1848.000397][T30242] Invalid ELF header magic: != ELF [ 1848.274072][T30245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8094'. [ 1848.286353][T30004] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1848.355441][T30245] netlink: 'syz.2.8094': attribute type 1 has an invalid length. [ 1848.392858][T30245] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.8094'. [ 1850.064719][T30286] Invalid ELF header magic: != ELF [ 1850.284101][T30294] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8105'. [ 1851.842695][T30343] Invalid ELF header magic: != ELF [ 1853.567576][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.576232][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.873092][T30398] netlink: 'syz.5.8126': attribute type 2 has an invalid length. [ 1854.298221][T30405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8129'. [ 1854.350353][T30405] netlink: 25 bytes leftover after parsing attributes in process `syz.3.8129'. [ 1856.500859][T30463] can0: slcan on ttyS2. [ 1856.572440][T30463] can0 (unregistered): slcan off ttyS2. [ 1857.956899][T30502] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8156'. [ 1857.983502][T30502] netlink: 25 bytes leftover after parsing attributes in process `syz.3.8156'. [ 1860.949256][T30571] netlink: 25 bytes leftover after parsing attributes in process `syz.3.8174'. [ 1863.164582][T30582] Process accounting resumed [ 1868.375973][T30657] ERROR: Out of memory at tomoyo_memory_ok. [ 1869.138365][T30676] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8194'. [ 1869.198664][T30676] netdevsim netdevsim3 netdevsim1: left allmulticast mode [ 1869.240246][T30676] netdevsim netdevsim3 netdevsim1: left promiscuous mode [ 1869.290379][T30676] bridge0: port 3(netdevsim1) entered disabled state [ 1869.397370][T30676] bridge_slave_0: left allmulticast mode [ 1869.422534][T30676] bridge_slave_0: left promiscuous mode [ 1869.465691][T30676] bridge0: port 1(bridge_slave_0) entered disabled state [ 1872.516957][T30724] netlink: 326 bytes leftover after parsing attributes in process `syz.4.8199'. [ 1872.999314][T30731] Invalid ELF header magic: != ELF [ 1876.464473][T30775] Invalid ELF header magic: != ELF [ 1877.456928][T30785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8216'. [ 1877.509108][T30785] netlink: 'syz.3.8216': attribute type 1 has an invalid length. [ 1877.578560][T30785] netlink: 13 bytes leftover after parsing attributes in process `syz.3.8216'. [ 1877.878154][T30793] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8218'. [ 1877.939517][T30793] netlink: 354 bytes leftover after parsing attributes in process `syz.5.8218'. [ 1878.326061][T30791] ERROR: Out of memory at tomoyo_memory_ok. [ 1879.225785][T30814] ERROR: Out of memory at tomoyo_memory_ok. [ 1879.264874][T30817] Invalid ELF header magic: != ELF [ 1879.672548][T30821] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1879.713156][T30821] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1879.762549][T30821] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1879.781472][T30821] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1880.384430][T30212] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1880.395887][T30212] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1880.408236][T30212] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1880.416190][T30212] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1880.424224][T30212] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1881.106499][T30831] chnl_net:caif_netlink_parms(): no params data found [ 1881.470419][T30831] bridge0: port 1(bridge_slave_0) entered blocking state [ 1881.517692][T30831] bridge0: port 1(bridge_slave_0) entered disabled state [ 1881.572318][T30831] bridge_slave_0: entered allmulticast mode [ 1881.599542][T30831] bridge_slave_0: entered promiscuous mode [ 1881.625160][T30848] ERROR: Out of memory at tomoyo_memory_ok. [ 1881.645490][T30831] bridge0: port 2(bridge_slave_1) entered blocking state [ 1881.685789][T30831] bridge0: port 2(bridge_slave_1) entered disabled state [ 1881.722750][T30212] Bluetooth: hci3: command 0x0406 tx timeout [ 1881.728922][T30212] Bluetooth: hci1: command 0x0406 tx timeout [ 1881.747814][T30831] bridge_slave_1: entered allmulticast mode [ 1881.785646][T30831] bridge_slave_1: entered promiscuous mode [ 1881.801863][T30212] Bluetooth: hci5: command 0x0c1a tx timeout [ 1881.807918][T30212] Bluetooth: hci4: command 0x0419 tx timeout [ 1881.956516][T30831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1882.025847][T30831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1882.262599][T30831] team0: Port device team_slave_0 added [ 1882.270684][T30831] team0: Port device team_slave_1 added [ 1882.449238][T30831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1882.502146][T30831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1882.541204][T30212] Bluetooth: hci0: command tx timeout [ 1882.660938][T30831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1882.732642][T30831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1882.781270][T30831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1882.910823][T30831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1883.282106][T30831] hsr_slave_0: entered promiscuous mode [ 1883.311412][T30831] hsr_slave_1: entered promiscuous mode [ 1883.351778][T30831] debugfs: 'hsr0' already exists in 'hsr' [ 1883.357549][T30831] Cannot create hsr debugfs directory [ 1884.257157][T30831] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1884.373274][T30831] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1884.412738][T30831] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1884.486321][T30831] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1884.601421][T30212] Bluetooth: hci0: command tx timeout [ 1884.816960][T30831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1884.894609][T30831] 8021q: adding VLAN 0 to HW filter on device team0 [ 1884.974042][T30014] bridge0: port 1(bridge_slave_0) entered blocking state [ 1884.981477][T30014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1885.035497][T30014] bridge0: port 2(bridge_slave_1) entered blocking state [ 1885.043099][T30014] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1885.182429][T30831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1885.546194][T30831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1885.896946][T30831] veth0_vlan: entered promiscuous mode [ 1885.923449][T30831] veth1_vlan: entered promiscuous mode [ 1885.972194][T30831] veth0_macvtap: entered promiscuous mode [ 1885.994899][T30831] veth1_macvtap: entered promiscuous mode [ 1886.034722][T30831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1886.058317][T30831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1886.088085][T30014] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.102240][T30014] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.143303][T30014] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.191196][T30014] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.267645][T30000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1886.300484][T30000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1886.355102][T30017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1886.377097][T30017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1886.687970][T30212] Bluetooth: hci0: command tx timeout [ 1888.761310][T30212] Bluetooth: hci0: command tx timeout [ 1915.005828][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1915.014484][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.444909][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.452898][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1996.922446][ T30] INFO: task kworker/u10:2:30012 blocked for more than 143 seconds. [ 1996.930735][ T30] Tainted: G U L syzkaller #0 [ 1996.944114][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1996.954674][ T30] task:kworker/u10:2 state:D stack:26888 pid:30012 tgid:30012 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1996.969485][ T30] Workqueue: netns cleanup_net [ 1996.974742][ T30] Call Trace: [ 1996.978060][ T30] [ 1996.981734][ T30] __schedule+0xfee/0x6120 [ 1996.986662][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1996.992265][ T30] ? __pfx___schedule+0x10/0x10 [ 1996.997150][ T30] ? find_held_lock+0x2b/0x80 [ 1997.002642][ T30] ? schedule+0x2bf/0x390 [ 1997.007050][ T30] schedule+0xdd/0x390 [ 1997.011488][ T30] schedule_timeout+0x1b2/0x280 [ 1997.016382][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1997.022449][ T30] ? mark_held_locks+0x40/0x70 [ 1997.027324][ T30] __wait_for_common+0x2e7/0x4c0 [ 1997.032624][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1997.039226][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 1997.046564][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1997.056032][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1997.062827][ T30] __flush_workqueue+0x3f7/0x1200 [ 1997.070173][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1997.075785][ T30] ? __lock_acquire+0x4a5/0x2630 [ 1997.080745][ T30] ? __pfx___flush_workqueue+0x10/0x10 [ 1997.088576][ T30] ? reacquire_held_locks+0xce/0x1e0 [ 1997.094145][ T30] ? __pfx_sock_def_readable+0x10/0x10 [ 1997.099653][ T30] ? __pfx_sock_def_readable+0x10/0x10 [ 1997.106057][ T30] rds_tcp_listen_stop+0x104/0x160 [ 1997.111595][ T30] rds_tcp_exit_net+0xe0/0x870 [ 1997.116372][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1997.122263][ T30] ? __pfx___might_resched+0x10/0x10 [ 1997.127673][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1997.133506][ T30] ops_undo_list+0x2ee/0xab0 [ 1997.139176][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 1997.145339][ T30] ? cleanup_net+0x332/0x920 [ 1997.149984][ T30] ? idr_destroy+0x62/0x2e0 [ 1997.156436][ T30] cleanup_net+0x499/0x920 [ 1997.160918][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 1997.172815][ T30] ? rcu_is_watching+0x12/0xc0 [ 1997.177903][ T30] process_one_work+0x9d7/0x1920 [ 1997.183304][ T30] ? __pfx_process_one_work+0x10/0x10 [ 1997.188725][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 1997.193991][ T30] worker_thread+0x5da/0xe40 [ 1997.198599][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1997.204099][ T30] ? kthread+0x13a/0x450 [ 1997.208364][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1997.213968][ T30] kthread+0x370/0x450 [ 1997.218063][ T30] ? __pfx_kthread+0x10/0x10 [ 1997.223145][ T30] ret_from_fork+0x754/0xd80 [ 1997.227776][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1997.233337][ T30] ? __switch_to+0x7b4/0x1120 [ 1997.238184][ T30] ? __pfx_kthread+0x10/0x10 [ 1997.244284][ T30] ret_from_fork_asm+0x1a/0x30 [ 1997.249128][ T30] [ 1997.252745][ T30] [ 1997.252745][ T30] Showing all locks held in the system: [ 1997.260533][ T30] 1 lock held by khungtaskd/30: [ 1997.268325][ T30] #0: ffffffff8e7e7460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1997.283458][ T30] 2 locks held by getty/23314: [ 1997.288322][ T30] #0: ffff888037eb00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1997.298669][ T30] #1: ffffc90004c012f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1997.309111][ T30] 3 locks held by kworker/u10:2/30012: [ 1997.315158][ T30] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1997.326292][ T30] #1: ffffc90003407d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1997.336522][ T30] #2: ffffffff905fac50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1997.346602][ T30] 1 lock held by syz.2.8184/30621: [ 1997.352233][ T30] #0: ffffffff905fac50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1997.362375][ T30] [ 1997.364801][ T30] ============================================= [ 1997.364801][ T30] [ 1997.377885][ T30] NMI backtrace for cpu 0 [ 1997.377903][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1997.377925][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1997.377931][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1997.377941][ T30] Call Trace: [ 1997.377946][ T30] [ 1997.377952][ T30] dump_stack_lvl+0x100/0x190 [ 1997.377979][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1997.378004][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1997.378041][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1997.378068][ T30] sys_info+0x141/0x190 [ 1997.378088][ T30] watchdog+0xd25/0x1050 [ 1997.378109][ T30] ? __pfx_watchdog+0x10/0x10 [ 1997.378124][ T30] ? __kthread_parkme+0x18c/0x230 [ 1997.378142][ T30] ? kthread+0x13a/0x450 [ 1997.378160][ T30] ? __pfx_watchdog+0x10/0x10 [ 1997.378173][ T30] kthread+0x370/0x450 [ 1997.378191][ T30] ? __pfx_kthread+0x10/0x10 [ 1997.378211][ T30] ret_from_fork+0x754/0xd80 [ 1997.378234][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1997.378257][ T30] ? __switch_to+0x7b4/0x1120 [ 1997.378274][ T30] ? __pfx_kthread+0x10/0x10 [ 1997.378294][ T30] ret_from_fork_asm+0x1a/0x30 [ 1997.378319][ T30] [ 1997.513198][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1997.520548][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1997.531249][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1997.536493][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1997.546555][ T30] Call Trace: [ 1997.549844][ T30] [ 1997.552781][ T30] dump_stack_lvl+0x100/0x190 [ 1997.557473][ T30] vpanic+0x552/0x970 [ 1997.561443][ T30] ? __pfx_vpanic+0x10/0x10 [ 1997.566114][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1997.572469][ T30] panic+0xd1/0xe0 [ 1997.576452][ T30] ? __pfx_panic+0x10/0x10 [ 1997.581044][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1997.587212][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1997.593393][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1997.599578][ T30] ? watchdog.cold+0x198/0x1ca [ 1997.604391][ T30] ? watchdog+0xd35/0x1050 [ 1997.608832][ T30] watchdog.cold+0x1a9/0x1ca [ 1997.613518][ T30] ? __pfx_watchdog+0x10/0x10 [ 1997.618253][ T30] ? __kthread_parkme+0x18c/0x230 [ 1997.623284][ T30] ? kthread+0x13a/0x450 [ 1997.627612][ T30] ? __pfx_watchdog+0x10/0x10 [ 1997.632283][ T30] kthread+0x370/0x450 [ 1997.636352][ T30] ? __pfx_kthread+0x10/0x10 [ 1997.640933][ T30] ret_from_fork+0x754/0xd80 [ 1997.645621][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1997.650735][ T30] ? __switch_to+0x7b4/0x1120 [ 1997.655404][ T30] ? __pfx_kthread+0x10/0x10 [ 1997.660003][ T30] ret_from_fork_asm+0x1a/0x30 [ 1997.664807][ T30] [ 1997.667903][ T30] Kernel Offset: disabled [ 1997.672228][ T30] Rebooting in 86400 seconds..