last executing test programs: 7.375441815s ago: executing program 0 (id=1232): socket(0x28, 0x5, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x4a, 0x0) kexec_load$auto(0x1ff, 0x1000000, 0x0, 0x1000000ff) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x6, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r1) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x541b, 0x74) 6.100559055s ago: executing program 0 (id=1235): unshare$auto(0x40000080) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) 6.034409412s ago: executing program 2 (id=1236): madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x84) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) rmdir$auto(&(0x7f0000000040)='./file0\x00') writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 5.683010748s ago: executing program 3 (id=1237): unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) open_tree_attr$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x24, &(0x7f0000000180)={0x40, 0x0, 0x3}, 0x4) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0xb2c, 0x2, 0x20000000, 0x0) write$auto(0x3, 0x0, 0x100085) 4.717368269s ago: executing program 3 (id=1238): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mremap$auto(0x3, 0x8, 0x1f449f79, 0x23, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x50) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003ac0)={0x70, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@typed={0x55, 0x2, 0x0, 0x0, @str='\b\x8bJ\xe1\x14\xc2A\x81\x8b\xfd\rQ\xa8a\x02\x033\xb0\x11\xfa\xaf\xeb\xac\xd4\xeb\xe2\xb1)\\\xa8\xce\xe9QJD\x01J\x7f\xa4\xb6gv\xe8\xa96\x02<4\x88\xd7\xec\x1b\xbfR\x00\x80/\x8c\x88\\Z\xd7\xd1q\x17\xfd\xeb\xe7\xf1?\xc8\xcf\x8ak\xad\x18\xaeK\xfbf\t'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20008105}, 0x40) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) munmap$auto(0x8000, 0xffffffff) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) 4.716782142s ago: executing program 0 (id=1246): r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0xb, 0x100000000eb1, r0, 0x8000) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x110c230000, 0x200001, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000005c0), 0x701000, 0x0) fcntl$auto_F_DUPFD_QUERY(r1, 0x403, 0xffffffffffffffff) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0x2, 0x1, 0x106) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x8c83, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x0) write$auto(0xca, 0x0, 0x2d9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x800064be, 0x1e6) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) 4.333117912s ago: executing program 2 (id=1239): socket(0xa, 0x3, 0x3914) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:480/min_ratio_fine\x00', 0x2062, 0x0) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) io_setup$auto(0x1, &(0x7f00000000c0)=0xf) ioctl$auto_SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, 0x0) brk$auto(0x8) fstat$auto(0xffffffffffffffff, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00') socket(0x2, 0xa, 0x1) statx$auto(0xffffff9c, 0x0, 0x1000, 0x0, 0x0) ioctl$auto(0x1, 0x890b, 0x8) 4.040483787s ago: executing program 1 (id=1240): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000200)=' ') unshare$auto(0x40000080) r3 = getpid() r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000001c0), r2) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)={0x128, r4, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x4}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x4}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x8001}, @NFC_ATTR_VENDOR_DATA={0xeb, 0x1f, "10d13f8694b45338b37eb37a6be63b3241b32357da3910617c64e17b0af696a44405959d79adf208b01fc87d6a3f2c643deff46ccc501f3cd06fd7c2788642647d433a2fe91ea771ccf43a3b9e6df4047f9d345177b54cada1635f4e5a508e948b61dea47867c18e3e1094a300b979bb77f0808ca21c763cf581d97ac29972920e10ab18a64e6f16c12f6e3ebeada1909fc1f8191dae6a48e67ea51ca7a8717fc349064e3b7c618b54b3396ebf7a87db72d3cc52c0aea138f1272a80915958c6121d51da7a320340f4482fc397064ce1fe15082bcdf23edc006be8c79fac7115563d9e8ca56b96"}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x8000}]}, 0x128}}, 0x4004010) process_vm_readv$auto(r3, 0x0, 0x1, 0x0, 0x6, 0x0) getsockopt$auto(r0, 0x84, 0x7c, 0x0, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r5, 0x0, 0x100000a3d9) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x18b000, 0x0) 3.674338786s ago: executing program 3 (id=1241): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) sysfs$auto(0x2, 0x23, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x1, 0x2020009, 0x3, 0xebe, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nullb0/queue/virt_boundary_mask\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/251, 0xfb) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(0xffffffffffffffff, 0x4, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100), 0x4) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f00000004c0)="e3188176b96f56170e647ad5b75e3e9d5b25824af2509ae55ed5ee191ee9257ac48ac1e8c7ca249fdb72092d4d6cb4b85c6e5e63af6e6386605a2acad0c973ffc78036fb03e7317159be64a299df97910013248ab5d114aa9179182bc486b00af747556837f9ef96271ce9d8c9987a0c8f56", 0x72) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) 3.668838652s ago: executing program 2 (id=1250): unshare$auto(0x40000080) setgroups$auto(0x9, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmctl$auto_IPC_INFO(0x5, 0x3, &(0x7f0000000180)={{0x2, 0xffffffffffffffff, 0x0, 0x9, 0x4, 0x4}, 0x7, 0x8, 0x53, 0x100000000, @raw=0x1, @raw=0x5, 0x9, 0x0, &(0x7f0000000000)="c38796f29e412c449f9b641417f1b25bf4dda83efb2b45ba0003d8c5f5aeb6231421b5178a820c330255d5e75f9c5fd253371a75028cc867c5bc0b6a52fed4", &(0x7f0000000040)="738d0f358b62ba885728b0e848eea62e95111907b1608c8dd5008827dc6df58e28ba95e2de64d86277a2b0754eb5f9c9cd9d6e1a76984608b31906f4bfb05c6b565396a150a64fbe013987c90f4fac03cc17395db87e"}) keyctl$auto(0x1f, 0x1, r0, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket(0xa, 0x1, 0x84) socket(0xa, 0x5, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x8100, 0x0) socket(0x80000000000002d, 0x0, 0x0) mremap$auto(0xc3a0, 0x5, 0x4, 0x3, 0xf) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r1, r1, 0x0, 0x2) 3.404879968s ago: executing program 0 (id=1242): mmap$auto(0x0, 0x400008, 0xde, 0x8009b72, 0x2, 0xb) close_range$auto(0xffffffffffffffff, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcb, 0x0, 0x4) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) 2.981753517s ago: executing program 1 (id=1243): r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f00000002c0)=0x8) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0x80004000000000df, 0x10004000eb1, r0, 0x8000008000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) r1 = fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xa, 0x1, 0x8, 0xd, 0xe13, 0x81, 0xe, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0x8627, 0x9, 0x20000800001, 0x3, 0x5, 0x3, 0x6, 0x6, 0x0, 0x4, 0x2a17, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, [0x18, 0xfffffffffffffffc, 0x0, 0x0, 0x33e, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x2]}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) connect$auto(0xffffffffffffffff, 0x0, 0x3d) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r1) mmap$auto(0x0, 0x8, 0xe2, 0xeb1, 0x69a5, 0xa800000000000000) r3 = socket(0x2, 0x1, 0x0) setsockopt$auto(r3, 0x0, 0x4, 0x0, 0x25) sendmsg$auto_BATADV_CMD_GET_MESH(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000140)={0x1c, r2, 0x200, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_TT_TTVN={0x5, 0x11, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000840) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000100)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x6302}, 0x5}, 0x3, 0x0) 2.408778929s ago: executing program 3 (id=1244): clone3$auto(&(0x7f00000000c0)={0xd, 0xb2, 0x0, 0x5, 0x5, 0xc, 0x1, 0xfffffffffffffff9, 0x3, 0x480000, 0x81}, 0x9) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) capset$auto(&(0x7f0000000000)={0x3}, &(0x7f0000000280)={0x7, 0x7fff}) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xc, 0x7, 0xa, 0x3, 0x10, 0x5, 0x0, 0x3, 0x6, 0x10000000000002, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb4, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, [0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x5f23, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x40081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40080c1) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 2.365341929s ago: executing program 1 (id=1245): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socket(0x11, 0x3, 0x2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) open(0x0, 0x4142, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0) ioctl$auto(0x3, 0x402c542d, r1) write$auto(0x3, 0x0, 0xfffffdef) 2.072203592s ago: executing program 3 (id=1247): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0182, 0x0) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x10000ffff}, 0x1) r0 = open(&(0x7f0000000800)='./file0\x00', 0xa2240, 0x154) fcntl$auto(r0, 0x400, 0x1) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x170) unshare$auto(0x40000080) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x6, 0x1001ff000) prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) connect$auto(0x3, 0x0, 0x54) socket(0x2b, 0x1, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd13/trace/pid\x00', 0x62142, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, 0x0, 0x10) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1.903524936s ago: executing program 2 (id=1248): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise$auto(0x51, 0x2, 0x5f0) set_tid_address$auto(0x0) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x6, 0x12, 0x0, 0x40) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) writev$auto(r1, &(0x7f0000000340)={0x0, 0x500000}, 0x3) 1.902828734s ago: executing program 0 (id=1257): clone3$auto(&(0x7f00000000c0)={0xd, 0xb2, 0x0, 0x5, 0x5, 0xc, 0x1, 0xfffffffffffffff9, 0x3, 0x480000, 0x81}, 0x9) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) capset$auto(&(0x7f0000000000)={0x3}, &(0x7f0000000280)={0x7, 0x7fff}) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xc, 0x7, 0xa, 0x3, 0x10, 0x5, 0x0, 0x3, 0x6, 0x10000000000002, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb4, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, [0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x5f23, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x40081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40080c1) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 1.576240631s ago: executing program 0 (id=1249): mkdir$auto(&(0x7f0000000100)='./file0\x00', 0x8cd) rmdir$auto(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00') write$auto(0xffffffffffffffff, 0x0, 0xfffffdf1) ioctl$auto_FS_IOC_SETFLAGS2(0xffffffffffffffff, 0x40086602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x2, &(0x7f0000000300)={[0x3, 0xff, 0x8, 0x7, 0x8, 0x2, 0x26, 0x2, 0xfe2, 0x6, 0xe, 0x7, 0x100000001, 0xffffffff80000001, 0x2, 0x8c]}, 0x0, 0x0, &(0x7f0000000480)={0x9, 0x9}) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x200, 0x4) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r2, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000002200)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48800}, 0x4) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(0xffffffffffffffff, 0xc1004111, &(0x7f0000000380)={0x6, [0x1ff, 0xfff, 0x4], [{0x1, 0xff, 0x1, 0x1}, {0x7, 0x7, 0x1, 0x1}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x80, 0x0, 0x0, 0x1, 0x1}, {0x1ff, 0x6, 0x1, 0x1}, {0x7fff, 0x6, 0x1, 0x0, 0x0, 0x1}, {0x3590, 0x3, 0x1, 0x0, 0x1}, {0x0, 0x20, 0x0, 0x0, 0x1, 0x1}, {0x5d6, 0x7, 0x1, 0x1}, {0x80000000, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x5, 0xdf, 0x1}, {0x2, 0xe, 0x1, 0x1, 0x0, 0x1}], 0x7, 0x4, 0xc, 0x6, 0x200, 0x401, 0xfffffffffffffeff, "88a3e32921c700e8d189a7534ad6f347345887ce689fe346dc02809645f1f9764dec9ad2d83992be6dca670abe2c982f2ab6b63bb60a4bbeaac81d42794f97b1"}) 1.038465213s ago: executing program 3 (id=1251): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_settime$auto(0x0, 0xffff8000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) ioperm$auto(0x7, 0x6, 0x2) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1adf82, 0x0) ioctl$auto(0x3, 0x80286f4e, r2) ioctl$auto(0x3, 0x4038ae7a, r0) 481.213505ms ago: executing program 1 (id=1252): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 471.572875ms ago: executing program 2 (id=1253): openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000001940), 0x101000, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, 0x0, 0x51) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages\x00', 0xe8202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x109500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x14, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68e00, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) writev$auto(r1, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) 224.813144ms ago: executing program 1 (id=1254): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 152.081µs ago: executing program 1 (id=1255): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) sysfs$auto(0x2, 0x23, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x1, 0x2020009, 0x3, 0xebe, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nullb0/queue/virt_boundary_mask\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/251, 0xfb) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(0xffffffffffffffff, 0x4, &(0x7f0000000000)='bridge_slave_0\x00', &(0x7f0000000100), 0x4) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f00000004c0)="e3188176b96f56170e647ad5b75e3e9d5b25824af2509ae55ed5ee191ee9257ac48ac1e8c7ca249fdb72092d4d6cb4b85c6e5e63af6e6386605a2acad0c973ffc78036fb03e7317159be64a299df97910013248ab5d114aa9179182bc486b00af747556837f9ef96271ce9d8c9987a0c8f56", 0x72) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) 0s ago: executing program 2 (id=1256): socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0x26, 0x5, 0x8c68) futex_waitv$auto(0x0, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x74c40, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0) pwrite64$auto(r3, &(0x7f0000000340)='\v\f_U\xe0w\xbf\xe3\xb8\x92\xac.X_|\xc8R\x99!\xd2\xfb\xfe\xa7\xe4&#sn\x91p\xe6\x1eRN8\x99C\x05s\x1cJ\x99\x1d[s\x15z\x87\xe1\xb6\xba#7*/\x13\x00:\x00!\rW6\x00\x00\x00\x00\xb4\x1avP\x00\xc5\xc7\xf1\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2\xa7\xd1\xdd\x85\as*l\x9c\xa1\xf7\x8c\xa1\xfb\xb5\b\x00\x00\x00\x00\x00\x00\x00\xb4\xfb\x99\x00\xed\v\xfa\xaa[\f\xa2\xea40\r\xcd\x86\x9d\xac\xde\xec\x85\x93\x93\xd3G\x8c\x9b\x9d\a\xbf\x1f\x95n\x94\xbc[\xb5\xfa\xe0t\\\xbc\x11\x94\x0fF\xf9\xac\vv\xb5\xc3\xd9j\x05\boe\xa5\xc2l\x05\xbcTu\x18\xda\xf2#\x80\xd5\xb4\xf54\x04M\xc8G\x0e/\xae\xab\x9b\x14\x8f\xeb\x19\xc80Dq\x9f\f\x106\x1b\xa7\xe6jU\x00X\x8e\xe4\v\xbb\x91\a\x14\x8c\xc9z\'a\xdd\x89<\xf5\xeeC\xb4\xa7\x976\xfcO\x17\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00<\xbc\xd7\xa7T^\x9fs\xec_Nl/+\x9a\xbb\xb3[\xcb\xf8\x87\x18\xe6,\xad_\xfe~M\x80X\x1ak7g\xff\xc8', 0x52, 0x5231) ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x50ba82, 0x0) unshare$auto(0x40000080) kernel console output (not intermixed with test programs): [ 162.402990][ T7326] ? __pfx_mt_find+0x10/0x10 [ 162.403018][ T7326] ? find_vma+0xbf/0x140 [ 162.403032][ T7326] ? __pfx_find_vma+0x10/0x10 [ 162.403048][ T7326] handle_mm_fault+0x36d/0xa20 [ 162.403072][ T7326] do_user_addr_fault+0x74c/0x12f0 [ 162.403100][ T7326] exc_page_fault+0x6f/0xd0 [ 162.403118][ T7326] asm_exc_page_fault+0x26/0x30 [ 162.403133][ T7326] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 162.403156][ T7326] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 162.403169][ T7326] RSP: 0018:ffffc90005a8f938 EFLAGS: 00050202 [ 162.403182][ T7326] RAX: 0000000000000001 RBX: ffff888079398028 RCX: 0000000000000007 [ 162.403192][ T7326] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888079398028 [ 162.403200][ T7326] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100f273005 [ 162.403209][ T7326] R10: ffff88807939802e R11: 0000000000000000 R12: ffffc90005a8fc40 [ 162.403218][ T7326] R13: 0000000000000000 R14: 0000000000000007 R15: 0000000000000000 [ 162.403236][ T7326] _copy_from_iter+0x355/0x1690 [ 162.403254][ T7326] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 162.403270][ T7326] ? __pfx__copy_from_iter+0x10/0x10 [ 162.403284][ T7326] ? __sk_mem_raise_allocated+0x789/0x15a0 [ 162.403311][ T7326] mptcp_sendmsg+0x100d/0x1e40 [ 162.403341][ T7326] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 162.403362][ T7326] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 162.403379][ T7326] inet_sendmsg+0x11c/0x140 [ 162.403404][ T7326] sock_write_iter+0x4ea/0x5a0 [ 162.403425][ T7326] ? __pfx_inet_sendmsg+0x10/0x10 [ 162.403455][ T7326] ? __pfx_sock_write_iter+0x10/0x10 [ 162.403484][ T7326] ? bpf_lsm_file_permission+0x9/0x10 [ 162.403507][ T7326] ? security_file_permission+0x76/0x210 [ 162.403524][ T7326] ? rw_verify_area+0xce/0x6d0 [ 162.403546][ T7326] vfs_write+0x6ac/0x1070 [ 162.403569][ T7326] ? __pfx_sock_write_iter+0x10/0x10 [ 162.403591][ T7326] ? __pfx_vfs_write+0x10/0x10 [ 162.403611][ T7326] ? find_held_lock+0x2b/0x80 [ 162.403637][ T7326] ksys_write+0x1f8/0x250 [ 162.403650][ T7326] ? __pfx_ksys_write+0x10/0x10 [ 162.403669][ T7326] do_syscall_64+0x106/0xf80 [ 162.403686][ T7326] ? clear_bhb_loop+0x40/0x90 [ 162.403704][ T7326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.403719][ T7326] RIP: 0033:0x7f9c67d9c799 [ 162.403732][ T7326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 162.403745][ T7326] RSP: 002b:00007f9c68c3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.403758][ T7326] RAX: ffffffffffffffda RBX: 00007f9c68015fa0 RCX: 00007f9c67d9c799 [ 162.403767][ T7326] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 162.403775][ T7326] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 162.403784][ T7326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.403793][ T7326] R13: 00007f9c68016038 R14: 00007f9c68015fa0 R15: 00007ffc75db5d28 [ 162.403813][ T7326] [ 164.659010][ T7341] FAULT_INJECTION: forcing a failure. [ 164.659010][ T7341] name failslab, interval 1, probability 0, space 0, times 0 [ 164.810064][ T7341] CPU: 0 UID: 0 PID: 7341 Comm: syz.2.376 Not tainted syzkaller #0 PREEMPT(full) [ 164.810086][ T7341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 164.810096][ T7341] Call Trace: [ 164.810102][ T7341] [ 164.810108][ T7341] dump_stack_lvl+0x100/0x190 [ 164.810135][ T7341] should_fail_ex.cold+0x5/0xa [ 164.810153][ T7341] ? __register_sysctl_table+0xbe4/0x1650 [ 164.810177][ T7341] should_failslab+0xc2/0x120 [ 164.810200][ T7341] __kmalloc_noprof+0xe0/0x850 [ 164.810228][ T7341] __register_sysctl_table+0xbe4/0x1650 [ 164.810255][ T7341] ? __pfx___register_sysctl_table+0x10/0x10 [ 164.810278][ T7341] ? is_module_address+0x69/0xf0 [ 164.810296][ T7341] ? register_net_sysctl_sz+0x222/0x430 [ 164.810321][ T7341] __devinet_sysctl_register+0x1b9/0x360 [ 164.810352][ T7341] ? trace_kmalloc+0x101/0x130 [ 164.810368][ T7341] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 164.810392][ T7341] ? __asan_memcpy+0x3c/0x60 [ 164.810415][ T7341] devinet_init_net+0x303/0x8d0 [ 164.810436][ T7341] ? __pfx_devinet_init_net+0x10/0x10 [ 164.810456][ T7341] ops_init+0x1e2/0x5f0 [ 164.810477][ T7341] setup_net+0x118/0x3a0 [ 164.810496][ T7341] ? __pfx_setup_net+0x10/0x10 [ 164.810512][ T7341] ? lockdep_init_map_type+0x5c/0x250 [ 164.810532][ T7341] ? mutex_init_lockep+0x110/0x150 [ 164.810554][ T7341] copy_net_ns+0x46f/0x7c0 [ 164.810575][ T7341] create_new_namespaces+0x3ea/0xac0 [ 164.810598][ T7341] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 164.810615][ T7341] ksys_unshare+0x473/0xad0 [ 164.810635][ T7341] ? __pfx_ksys_unshare+0x10/0x10 [ 164.810659][ T7341] __x64_sys_unshare+0x31/0x40 [ 164.810677][ T7341] do_syscall_64+0x106/0xf80 [ 164.810694][ T7341] ? clear_bhb_loop+0x40/0x90 [ 164.810712][ T7341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.810727][ T7341] RIP: 0033:0x7f60b059c799 [ 164.810740][ T7341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.810754][ T7341] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 164.810770][ T7341] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 164.810780][ T7341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 164.810788][ T7341] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 164.810798][ T7341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.810806][ T7341] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 164.810826][ T7341] [ 165.060389][ T7341] sysctl could not get directory: /net/ipv4/conf -12 [ 166.510656][ T7361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.379'. [ 166.547349][ T7361] netlink: 354 bytes leftover after parsing attributes in process `syz.0.379'. [ 168.182744][ T7399] netlink: 5 bytes leftover after parsing attributes in process `syz.2.393'. [ 168.231935][ T7399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.393'. [ 169.195448][ T7420] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 171.090959][ T29] audit: type=1800 audit(2147491522.447:10): pid=7460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.407" name="dbroot" dev="configfs" ino=16756 res=0 errno=0 [ 171.118266][ T7460] netlink: 28 bytes leftover after parsing attributes in process `syz.0.407'. [ 171.168652][ T7460] team0: Port device team_slave_1 removed [ 171.654761][ T7459] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 171.663076][ T7459] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 171.676645][ T7459] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 171.690505][ T7459] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.707633][ T7459] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.930598][ T5831] block nbd1: Receive control failed (result -32) [ 173.243363][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.347643][ T7503] loop6: detected capacity change from 0 to 8192 [ 173.722879][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.728951][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.735589][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.815386][ T7537] netlink: 'syz.1.429': attribute type 2 has an invalid length. [ 174.835964][ T7539] netlink: 25 bytes leftover after parsing attributes in process `syz.3.430'. [ 174.861931][ T7537] netlink: 'syz.1.429': attribute type 4 has an invalid length. [ 175.801961][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.403308][ T5831] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 177.409851][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 180.459211][ T7614] delete_channel: no stack [ 180.978077][ T7646] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 181.447382][ T7658] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 183.067972][ T7679] netlink: 62 bytes leftover after parsing attributes in process `syz.2.464'. [ 183.731022][ T7691] syz.2.468 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 184.146327][ T7702] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=538976288 (1077952576 ns) > initial count (3830 ns). Using initial count to start timer. [ 186.008604][ T7735] FAULT_INJECTION: forcing a failure. [ 186.008604][ T7735] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 186.091286][ T7735] CPU: 0 UID: 0 PID: 7735 Comm: syz.2.476 Not tainted syzkaller #0 PREEMPT(full) [ 186.091310][ T7735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 186.091322][ T7735] Call Trace: [ 186.091328][ T7735] [ 186.091334][ T7735] dump_stack_lvl+0x100/0x190 [ 186.091362][ T7735] should_fail_ex.cold+0x5/0xa [ 186.091381][ T7735] _copy_from_user+0x2e/0xd0 [ 186.091397][ T7735] snd_pcm_oss_write2+0x1c2/0x400 [ 186.091423][ T7735] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 186.091453][ T7735] snd_pcm_oss_write+0x729/0xa30 [ 186.091470][ T7735] ? security_file_permission+0x76/0x210 [ 186.091490][ T7735] vfs_write+0x2aa/0x1070 [ 186.091514][ T7735] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 186.091530][ T7735] ? __pfx_vfs_write+0x10/0x10 [ 186.091550][ T7735] ? find_held_lock+0x2b/0x80 [ 186.091563][ T7735] ? __fget_files+0x215/0x3d0 [ 186.091577][ T7735] ? __fget_files+0x215/0x3d0 [ 186.091602][ T7735] ? __fget_files+0x21f/0x3d0 [ 186.091621][ T7735] ksys_write+0x12a/0x250 [ 186.091634][ T7735] ? __pfx_ksys_write+0x10/0x10 [ 186.091654][ T7735] do_syscall_64+0x106/0xf80 [ 186.091689][ T7735] ? clear_bhb_loop+0x40/0x90 [ 186.091708][ T7735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.091724][ T7735] RIP: 0033:0x7f60b059c799 [ 186.091739][ T7735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 186.091752][ T7735] RSP: 002b:00007f60b14e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.091767][ T7735] RAX: ffffffffffffffda RBX: 00007f60b0816180 RCX: 00007f60b059c799 [ 186.091776][ T7735] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 186.091785][ T7735] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 186.091793][ T7735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.091801][ T7735] R13: 00007f60b0816218 R14: 00007f60b0816180 R15: 00007ffc7b8ad378 [ 186.091823][ T7735] [ 186.809182][ T7739] FAULT_INJECTION: forcing a failure. [ 186.809182][ T7739] name failslab, interval 1, probability 0, space 0, times 0 [ 186.869641][ T7739] CPU: 0 UID: 0 PID: 7739 Comm: syz.3.478 Not tainted syzkaller #0 PREEMPT(full) [ 186.869664][ T7739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 186.869674][ T7739] Call Trace: [ 186.869679][ T7739] [ 186.869686][ T7739] dump_stack_lvl+0x100/0x190 [ 186.869715][ T7739] should_fail_ex.cold+0x5/0xa [ 186.869734][ T7739] should_failslab+0xc2/0x120 [ 186.869750][ T7739] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 186.869772][ T7739] ? anon_vma_clone+0x2bd/0xc70 [ 186.869794][ T7739] anon_vma_clone+0x2bd/0xc70 [ 186.869817][ T7739] anon_vma_fork+0x1bb/0x6b0 [ 186.869839][ T7739] dup_mmap+0x141f/0x2180 [ 186.869864][ T7739] ? __pfx_dup_mmap+0x10/0x10 [ 186.869879][ T7739] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 186.869900][ T7739] ? __lock_acquire+0x4a5/0x2630 [ 186.869920][ T7739] ? find_held_lock+0x2b/0x80 [ 186.869936][ T7739] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 186.869975][ T7739] copy_process+0x73d7/0x7a10 [ 186.870002][ T7739] ? __pfx_copy_process+0x10/0x10 [ 186.870019][ T7739] ? find_held_lock+0x2b/0x80 [ 186.870036][ T7739] ? futex_private_hash_put+0x107/0x1c0 [ 186.870056][ T7739] kernel_clone+0xfc/0x9a0 [ 186.870075][ T7739] ? __pfx_kernel_clone+0x10/0x10 [ 186.870102][ T7739] __do_sys_clone+0xd9/0x120 [ 186.870119][ T7739] ? __pfx___do_sys_clone+0x10/0x10 [ 186.870136][ T7739] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 186.870173][ T7739] do_syscall_64+0x106/0xf80 [ 186.870191][ T7739] ? clear_bhb_loop+0x40/0x90 [ 186.870209][ T7739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.870224][ T7739] RIP: 0033:0x7f187319c799 [ 186.870237][ T7739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 186.870252][ T7739] RSP: 002b:00007f18740ebfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 186.870268][ T7739] RAX: ffffffffffffffda RBX: 00007f1873415fa0 RCX: 00007f187319c799 [ 186.870277][ T7739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 186.870286][ T7739] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000000 [ 186.870294][ T7739] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 186.870302][ T7739] R13: 00007f1873416038 R14: 00007f1873415fa0 R15: 00007ffec9520d98 [ 186.870322][ T7739] [ 188.161904][ T29] audit: type=1804 audit(2147491539.517:11): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.481" name="/newroot/129/file0" dev="tmpfs" ino=692 res=1 errno=0 [ 188.285130][ T29] audit: type=1804 audit(2147491539.557:12): pid=7767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.481" name="/newroot/129/file0" dev="tmpfs" ino=692 res=1 errno=0 [ 189.030911][ T7781] netlink: 186 bytes leftover after parsing attributes in process `syz.3.487'. [ 189.832879][ T7788] delete_channel: no stack [ 190.084077][ T29] audit: type=1800 audit(2147491541.437:13): pid=7809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.493" name="dbroot" dev="configfs" ino=18408 res=0 errno=0 [ 190.112151][ T7809] netlink: 28 bytes leftover after parsing attributes in process `syz.1.493'. [ 190.192605][ T7809] team0: Port device team_slave_1 removed [ 191.615963][ T29] audit: type=1804 audit(2147491542.977:14): pid=7834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.497" name="/newroot/123/file0" dev="tmpfs" ino=665 res=1 errno=0 [ 191.706679][ T29] audit: type=1804 audit(2147491543.017:15): pid=7836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.497" name="/newroot/123/file0" dev="tmpfs" ino=665 res=1 errno=0 [ 192.696076][ T7861] netlink: Unknown conntrack attr (type=257, max=9) [ 192.856654][ T29] audit: type=1326 audit(2147491544.217:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7853 comm="syz.3.508" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f187319c799 code=0x0 [ 193.465434][ T7878] netlink: 28 bytes leftover after parsing attributes in process `syz.0.519'. [ 193.944318][ T7886] FAULT_INJECTION: forcing a failure. [ 193.944318][ T7886] name failslab, interval 1, probability 0, space 0, times 0 [ 194.071284][ T7886] CPU: 0 UID: 0 PID: 7886 Comm: syz.2.512 Not tainted syzkaller #0 PREEMPT(full) [ 194.071309][ T7886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 194.071319][ T7886] Call Trace: [ 194.071326][ T7886] [ 194.071334][ T7886] dump_stack_lvl+0x100/0x190 [ 194.071362][ T7886] should_fail_ex.cold+0x5/0xa [ 194.071381][ T7886] should_failslab+0xc2/0x120 [ 194.071397][ T7886] __kvmalloc_node_noprof+0xfa/0xa00 [ 194.071419][ T7886] ? io_alloc_cache_init+0x38/0x170 [ 194.071440][ T7886] ? lockdep_init_map_type+0x5c/0x250 [ 194.071462][ T7886] io_alloc_cache_init+0x38/0x170 [ 194.071484][ T7886] io_uring_setup.cold+0x3cd/0x1d09 [ 194.071508][ T7886] ? __pfx_io_uring_setup+0x10/0x10 [ 194.071526][ T7886] ? do_futex+0x192/0x350 [ 194.071545][ T7886] ? __pfx_do_futex+0x10/0x10 [ 194.071572][ T7886] ? xfd_validate_state+0x129/0x190 [ 194.071597][ T7886] __x64_sys_io_uring_setup+0xc2/0x170 [ 194.071616][ T7886] do_syscall_64+0x106/0xf80 [ 194.071633][ T7886] ? clear_bhb_loop+0x40/0x90 [ 194.071651][ T7886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.071666][ T7886] RIP: 0033:0x7f60b059c799 [ 194.071680][ T7886] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.071694][ T7886] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 194.071708][ T7886] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 194.071718][ T7886] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001d48 [ 194.071727][ T7886] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 194.071735][ T7886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.071743][ T7886] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 194.071762][ T7886] [ 194.473141][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.479475][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.375505][ T29] audit: type=1804 audit(2147491547.737:17): pid=7924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.522" name="/newroot/118/file0" dev="tmpfs" ino=639 res=1 errno=0 [ 196.491524][ T29] audit: type=1804 audit(2147491547.777:18): pid=7926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.522" name="/newroot/118/file0" dev="tmpfs" ino=639 res=1 errno=0 [ 196.972645][ T7932] netlink: Unknown conntrack attr (type=257, max=9) [ 197.094655][ T29] audit: type=1326 audit(2147491548.457:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz.1.523" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f510f59c799 code=0x0 [ 197.463126][ T7938] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 198.029991][ T7947] netlink: 50 bytes leftover after parsing attributes in process `syz.3.530'. [ 198.279235][ T7944] FAULT_INJECTION: forcing a failure. [ 198.279235][ T7944] name failslab, interval 1, probability 0, space 0, times 0 [ 198.424621][ T7944] CPU: 0 UID: 0 PID: 7944 Comm: syz.2.528 Not tainted syzkaller #0 PREEMPT(full) [ 198.424644][ T7944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 198.424654][ T7944] Call Trace: [ 198.424659][ T7944] [ 198.424665][ T7944] dump_stack_lvl+0x100/0x190 [ 198.424693][ T7944] should_fail_ex.cold+0x5/0xa [ 198.424712][ T7944] should_failslab+0xc2/0x120 [ 198.424728][ T7944] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 198.424751][ T7944] ? kstrdup_const+0x63/0x80 [ 198.424778][ T7944] kstrdup+0x51/0xe0 [ 198.424801][ T7944] kstrdup_const+0x63/0x80 [ 198.424822][ T7944] __kernfs_new_node+0x9b/0x960 [ 198.424856][ T7944] ? __pfx___kernfs_new_node+0x10/0x10 [ 198.424881][ T7944] ? find_held_lock+0x2b/0x80 [ 198.424896][ T7944] ? kernfs_root+0xee/0x2a0 [ 198.424914][ T7944] ? kernfs_root+0xee/0x2a0 [ 198.424938][ T7944] kernfs_new_node+0x11b/0x1a0 [ 198.424963][ T7944] kernfs_create_link+0xcc/0x240 [ 198.424981][ T7944] sysfs_do_create_link_sd+0x90/0x140 [ 198.425002][ T7944] sysfs_create_link+0x61/0xc0 [ 198.425022][ T7944] device_add+0x675/0x1950 [ 198.425037][ T7944] ? alloc_workqueue_noprof+0x198/0x200 [ 198.425055][ T7944] ? __pfx_device_add+0x10/0x10 [ 198.425076][ T7944] nfc_register_device+0x41/0x3e0 [ 198.425096][ T7944] nci_register_device+0x7f1/0xb80 [ 198.425121][ T7944] ? __pfx_nci_register_device+0x10/0x10 [ 198.425149][ T7944] ? lockdep_init_map_type+0x5c/0x250 [ 198.425172][ T7944] virtual_ncidev_open+0x141/0x220 [ 198.425189][ T7944] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 198.425205][ T7944] misc_open+0x26d/0x450 [ 198.425220][ T7944] ? __pfx_misc_open+0x10/0x10 [ 198.425233][ T7944] chrdev_open+0x234/0x6a0 [ 198.425248][ T7944] ? __pfx_apparmor_file_open+0x10/0x10 [ 198.425271][ T7944] ? __pfx_chrdev_open+0x10/0x10 [ 198.425287][ T7944] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 198.425307][ T7944] do_dentry_open+0x6d8/0x1660 [ 198.425322][ T7944] ? __pfx_chrdev_open+0x10/0x10 [ 198.425345][ T7944] vfs_open+0x82/0x3f0 [ 198.425366][ T7944] path_openat+0x208c/0x31a0 [ 198.425388][ T7944] ? __pfx_path_openat+0x10/0x10 [ 198.425410][ T7944] do_file_open+0x20e/0x430 [ 198.425426][ T7944] ? __pfx_do_file_open+0x10/0x10 [ 198.425455][ T7944] ? alloc_fd+0x476/0x790 [ 198.425471][ T7944] ? do_getname+0x191/0x390 [ 198.425490][ T7944] do_sys_openat2+0x10d/0x1e0 [ 198.425508][ T7944] ? __pfx_do_sys_openat2+0x10/0x10 [ 198.425534][ T7944] __x64_sys_openat+0x12d/0x210 [ 198.425553][ T7944] ? __pfx___x64_sys_openat+0x10/0x10 [ 198.425579][ T7944] do_syscall_64+0x106/0xf80 [ 198.425596][ T7944] ? clear_bhb_loop+0x40/0x90 [ 198.425614][ T7944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.425629][ T7944] RIP: 0033:0x7f60b059c799 [ 198.425642][ T7944] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 198.425656][ T7944] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 198.425672][ T7944] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 198.425682][ T7944] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 198.425691][ T7944] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 198.425700][ T7944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.425709][ T7944] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 198.425729][ T7944] [ 200.745161][ T7975] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 200.782985][ T7975] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 201.006210][ T7981] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 204.563777][ T7992] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 204.978124][ T8001] netlink: Unknown conntrack attr (type=257, max=9) [ 205.055469][ T29] audit: type=1326 audit(2147491556.417:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7999 comm="syz.0.542" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c67d9c799 code=0x0 [ 206.208761][ T8017] netlink: 'syz.3.546': attribute type 2 has an invalid length. [ 206.283173][ T8017] netlink: 'syz.3.546': attribute type 3 has an invalid length. [ 206.341208][ T8017] netlink: 'syz.3.546': attribute type 2 has an invalid length. [ 206.412814][ T8017] netlink: 'syz.3.546': attribute type 3 has an invalid length. [ 206.489574][ T8017] netlink: 30 bytes leftover after parsing attributes in process `syz.3.546'. [ 206.789895][ T8029] netlink: 'syz.1.549': attribute type 9 has an invalid length. [ 206.832568][ T8031] netlink: zone id is out of range [ 206.837749][ T8031] netlink: zone id is out of range [ 206.900721][ T8029] netlink: zone id is out of range [ 206.935429][ T8029] netlink: zone id is out of range [ 206.962175][ T8031] netlink: zone id is out of range [ 206.984243][ T8029] netlink: zone id is out of range [ 207.023589][ T8031] netlink: zone id is out of range [ 207.056616][ T8029] netlink: zone id is out of range [ 207.083274][ T8031] netlink: zone id is out of range [ 207.113187][ T8029] netlink: zone id is out of range [ 207.402635][ T8038] netlink: 334 bytes leftover after parsing attributes in process `syz.3.551'. [ 208.644539][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802a822000: rx timeout, send abort [ 208.666349][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88802a822000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 209.654344][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880329d1800: rx timeout, send abort [ 209.662678][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880329d2800: rx timeout, send abort [ 209.671057][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880329d1800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 209.685451][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880329d2800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 209.924892][ T8053] netlink: 252 bytes leftover after parsing attributes in process `syz.1.556'. [ 211.381221][ T8088] netlink: 93 bytes leftover after parsing attributes in process `syz.1.566'. [ 211.463632][ T8086] netlink: 93 bytes leftover after parsing attributes in process `syz.1.566'. [ 212.148941][ T8076] can: request_module (can-proto-3) failed. [ 212.825321][ T8100] netlink: 186 bytes leftover after parsing attributes in process `syz.1.577'. [ 214.412383][ T8142] netlink: 25 bytes leftover after parsing attributes in process `syz.1.579'. [ 215.304067][ T8161] netlink: 28 bytes leftover after parsing attributes in process `syz.1.585'. [ 215.352928][ T8161] team0 (unregistering): Port device team_slave_0 removed [ 216.301138][ T8176] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 216.336318][ T8176] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 217.419618][ T8195] Process accounting resumed [ 217.432678][ T8198] FAULT_INJECTION: forcing a failure. [ 217.432678][ T8198] name failslab, interval 1, probability 0, space 0, times 0 [ 217.572640][ T8198] CPU: 0 UID: 0 PID: 8198 Comm: syz.2.595 Not tainted syzkaller #0 PREEMPT(full) [ 217.572662][ T8198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 217.572671][ T8198] Call Trace: [ 217.572676][ T8198] [ 217.572682][ T8198] dump_stack_lvl+0x100/0x190 [ 217.572709][ T8198] should_fail_ex.cold+0x5/0xa [ 217.572727][ T8198] should_failslab+0xc2/0x120 [ 217.572743][ T8198] __kmalloc_cache_noprof+0x7a/0x6f0 [ 217.572763][ T8198] ? refill_pi_state_cache+0x91/0x260 [ 217.572788][ T8198] refill_pi_state_cache+0x91/0x260 [ 217.572809][ T8198] futex_lock_pi+0x177/0x7b0 [ 217.572832][ T8198] ? __pfx_futex_lock_pi+0x10/0x10 [ 217.572854][ T8198] ? __pfx___futex_wait+0x10/0x10 [ 217.572874][ T8198] ? lockdep_hardirqs_on+0x78/0x100 [ 217.572915][ T8198] ? __pfx_futex_wake_mark+0x10/0x10 [ 217.572941][ T8198] ? __get_user_nocheck_8+0x20/0x20 [ 217.572957][ T8198] ? do_vfs_ioctl+0x226/0x13e0 [ 217.572981][ T8198] do_futex+0x18a/0x350 [ 217.573000][ T8198] ? __pfx_do_futex+0x10/0x10 [ 217.573020][ T8198] ? find_held_lock+0x2b/0x80 [ 217.573036][ T8198] __x64_sys_futex+0x34f/0x4d0 [ 217.573057][ T8198] ? __pfx___x64_sys_futex+0x10/0x10 [ 217.573082][ T8198] do_syscall_64+0x106/0xf80 [ 217.573099][ T8198] ? clear_bhb_loop+0x40/0x90 [ 217.573117][ T8198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.573132][ T8198] RIP: 0033:0x7f60b059c799 [ 217.573146][ T8198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 217.573159][ T8198] RSP: 002b:00007f60b1503028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 217.573175][ T8198] RAX: ffffffffffffffda RBX: 00007f60b0816090 RCX: 00007f60b059c799 [ 217.573184][ T8198] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 217.573192][ T8198] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 000000008000fff5 [ 217.573201][ T8198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.573209][ T8198] R13: 00007f60b0816128 R14: 00007f60b0816090 R15: 00007ffc7b8ad378 [ 217.573229][ T8198] [ 219.395090][ T5831] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 219.848355][ T8228] FAULT_INJECTION: forcing a failure. [ 219.848355][ T8228] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.912521][ T8228] CPU: 0 UID: 0 PID: 8228 Comm: syz.2.603 Not tainted syzkaller #0 PREEMPT(full) [ 219.912544][ T8228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 219.912553][ T8228] Call Trace: [ 219.912559][ T8228] [ 219.912565][ T8228] dump_stack_lvl+0x100/0x190 [ 219.912592][ T8228] should_fail_ex.cold+0x5/0xa [ 219.912611][ T8228] _copy_to_user+0x32/0xd0 [ 219.912627][ T8228] copy_siginfo_to_user+0x27/0xc0 [ 219.912646][ T8228] x64_setup_rt_frame+0xa03/0xce0 [ 219.912670][ T8228] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 219.912690][ T8228] ? do_send_specific+0x15c/0x360 [ 219.912709][ T8228] arch_do_signal_or_restart+0x587/0x770 [ 219.912727][ T8228] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 219.912755][ T8228] exit_to_user_mode_loop+0x86/0x4a0 [ 219.912776][ T8228] do_syscall_64+0x668/0xf80 [ 219.912793][ T8228] ? clear_bhb_loop+0x40/0x90 [ 219.912811][ T8228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.912834][ T8228] RIP: 0033:0x7f60b059c799 [ 219.912848][ T8228] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.912862][ T8228] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8 [ 219.912879][ T8228] RAX: 0000000000000000 RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 219.912888][ T8228] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 00000000000001e3 [ 219.912897][ T8228] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 219.912906][ T8228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 219.912915][ T8228] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 219.912935][ T8228] [ 222.737141][ T8270] netlink: 28 bytes leftover after parsing attributes in process `syz.1.614'. [ 222.782857][ T8270] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.841076][ T8270] bridge_slave_1 (unregistering): left allmulticast mode [ 222.869422][ T8268] serio: Serial port pty6 [ 222.892796][ T8270] bridge_slave_1 (unregistering): left promiscuous mode [ 222.935708][ T8270] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.286966][ T8282] FAULT_INJECTION: forcing a failure. [ 223.286966][ T8282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.431934][ T8282] CPU: 0 UID: 0 PID: 8282 Comm: syz.0.615 Not tainted syzkaller #0 PREEMPT(full) [ 223.431957][ T8282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 223.431967][ T8282] Call Trace: [ 223.431972][ T8282] [ 223.431979][ T8282] dump_stack_lvl+0x100/0x190 [ 223.432006][ T8282] should_fail_ex.cold+0x5/0xa [ 223.432025][ T8282] _copy_from_user+0x2e/0xd0 [ 223.432041][ T8282] snd_pcm_oss_write2+0x1c2/0x400 [ 223.432066][ T8282] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 223.432095][ T8282] snd_pcm_oss_write+0x729/0xa30 [ 223.432111][ T8282] ? security_file_permission+0x76/0x210 [ 223.432132][ T8282] vfs_write+0x2aa/0x1070 [ 223.432155][ T8282] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 223.432171][ T8282] ? __pfx_vfs_write+0x10/0x10 [ 223.432192][ T8282] ? find_held_lock+0x2b/0x80 [ 223.432205][ T8282] ? __fget_files+0x215/0x3d0 [ 223.432219][ T8282] ? __fget_files+0x215/0x3d0 [ 223.432235][ T8282] ? __fget_files+0x21f/0x3d0 [ 223.432254][ T8282] ksys_write+0x12a/0x250 [ 223.432267][ T8282] ? __pfx_ksys_write+0x10/0x10 [ 223.432296][ T8282] do_syscall_64+0x106/0xf80 [ 223.432315][ T8282] ? clear_bhb_loop+0x40/0x90 [ 223.432333][ T8282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.432349][ T8282] RIP: 0033:0x7f9c67d9c799 [ 223.432363][ T8282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 223.432377][ T8282] RSP: 002b:00007f9c68bfd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 223.432392][ T8282] RAX: ffffffffffffffda RBX: 00007f9c68016180 RCX: 00007f9c67d9c799 [ 223.432401][ T8282] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 223.432410][ T8282] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 223.432418][ T8282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.432426][ T8282] R13: 00007f9c68016218 R14: 00007f9c68016180 R15: 00007ffc75db5d28 [ 223.432445][ T8282] [ 223.939986][ T29] audit: type=1326 audit(2147491575.227:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8284 comm="syz.2.620" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f60b059c799 code=0x0 [ 225.227736][ T8306] netlink: 50 bytes leftover after parsing attributes in process `syz.0.623'. [ 226.494529][ T8322] ubi0: attaching mtd0 [ 226.520847][ T8322] ubi0: scanning is finished [ 226.531773][ T8322] ubi0: empty MTD device detected [ 226.836163][ T8322] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 226.882162][ T8322] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 226.962012][ T8322] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 227.035866][ T8322] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 227.092638][ T8322] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 227.123812][ T8322] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 227.181897][ T8322] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2436161786 [ 227.217966][ T8322] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 227.273670][ T8332] ubi0: background thread "ubi_bgt0d" started, PID 8332 [ 227.292246][ T8326] ubi0: detaching mtd0 [ 227.338285][ T8326] ubi0: mtd0 is detached [ 228.835847][ T8367] FAULT_INJECTION: forcing a failure. [ 228.835847][ T8367] name failslab, interval 1, probability 0, space 0, times 0 [ 228.919971][ T8367] CPU: 0 UID: 0 PID: 8367 Comm: syz.2.640 Not tainted syzkaller #0 PREEMPT(full) [ 228.919993][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 228.920003][ T8367] Call Trace: [ 228.920009][ T8367] [ 228.920016][ T8367] dump_stack_lvl+0x100/0x190 [ 228.920043][ T8367] should_fail_ex.cold+0x5/0xa [ 228.920063][ T8367] should_failslab+0xc2/0x120 [ 228.920079][ T8367] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 228.920103][ T8367] ? shmem_alloc_inode+0x25/0x50 [ 228.920122][ T8367] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 228.920140][ T8367] shmem_alloc_inode+0x25/0x50 [ 228.920156][ T8367] alloc_inode+0x68/0x250 [ 228.920176][ T8367] new_inode+0x22/0x1c0 [ 228.920196][ T8367] shmem_get_inode+0x212/0x1040 [ 228.920217][ T8367] ? __pfx_shmem_get_inode+0x10/0x10 [ 228.920235][ T8367] ? d_add+0x443/0x850 [ 228.920254][ T8367] ? do_raw_spin_unlock+0x145/0x1e0 [ 228.920279][ T8367] shmem_mknod+0x20c/0x470 [ 228.920299][ T8367] ? __pfx_shmem_mknod+0x10/0x10 [ 228.920316][ T8367] ? bpf_lsm_inode_create+0x9/0x10 [ 228.920340][ T8367] ? __pfx_shmem_create+0x10/0x10 [ 228.920358][ T8367] lookup_open.isra.0+0xc47/0x11b0 [ 228.920384][ T8367] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 228.920408][ T8367] ? __pfx___might_resched+0x10/0x10 [ 228.920429][ T8367] ? mnt_get_write_access+0x52/0x2f0 [ 228.920452][ T8367] ? __pfx_down_write+0x10/0x10 [ 228.920471][ T8367] ? mnt_get_write_access+0x1e9/0x2f0 [ 228.920493][ T8367] path_openat+0x2291/0x31a0 [ 228.920515][ T8367] ? __pfx_path_openat+0x10/0x10 [ 228.920538][ T8367] do_file_open+0x20e/0x430 [ 228.920554][ T8367] ? __pfx_do_file_open+0x10/0x10 [ 228.920584][ T8367] ? alloc_fd+0x476/0x790 [ 228.920601][ T8367] ? do_getname+0x191/0x390 [ 228.920621][ T8367] do_sys_openat2+0x10d/0x1e0 [ 228.920640][ T8367] ? __pfx_do_sys_openat2+0x10/0x10 [ 228.920661][ T8367] ? __fget_files+0x21f/0x3d0 [ 228.920678][ T8367] __x64_sys_openat+0x12d/0x210 [ 228.920698][ T8367] ? __pfx___x64_sys_openat+0x10/0x10 [ 228.920725][ T8367] do_syscall_64+0x106/0xf80 [ 228.920742][ T8367] ? clear_bhb_loop+0x40/0x90 [ 228.920760][ T8367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.920775][ T8367] RIP: 0033:0x7f60b059c799 [ 228.920788][ T8367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.920811][ T8367] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 228.920827][ T8367] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 228.920838][ T8367] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 228.920847][ T8367] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 228.920856][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.920865][ T8367] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 228.920886][ T8367] [ 230.477236][ T8382] netlink: 9 bytes leftover after parsing attributes in process `syz.0.643'. [ 230.797221][ T29] audit: type=1807 audit(2147491582.157:22): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 230.815142][ T29] audit: type=1802 audit(2147491582.177:23): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.0.645" res=0 errno=0 [ 231.507248][ T8387] ima: policy update failed [ 231.532028][ T29] audit: type=1802 audit(2147491582.897:24): pid=8387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.645" res=0 errno=0 [ 231.656025][ T8420] netlink: 'syz.2.650': attribute type 9 has an invalid length. [ 231.741009][ T8420] net_ratelimit: 694 callbacks suppressed [ 231.741026][ T8420] netlink: zone id is out of range [ 231.824570][ T8424] FAULT_INJECTION: forcing a failure. [ 231.824570][ T8424] name failslab, interval 1, probability 0, space 0, times 0 [ 231.843289][ T8425] netlink: zone id is out of range [ 231.869180][ T8420] netlink: zone id is out of range [ 231.893200][ T8425] netlink: zone id is out of range [ 231.916659][ T8424] CPU: 0 UID: 0 PID: 8424 Comm: syz.0.651 Not tainted syzkaller #0 PREEMPT(full) [ 231.916683][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 231.916692][ T8424] Call Trace: [ 231.916698][ T8424] [ 231.916704][ T8424] dump_stack_lvl+0x100/0x190 [ 231.916731][ T8424] should_fail_ex.cold+0x5/0xa [ 231.916749][ T8424] should_failslab+0xc2/0x120 [ 231.916765][ T8424] __kmalloc_cache_noprof+0x7a/0x6f0 [ 231.916784][ T8424] ? refill_pi_state_cache+0x91/0x260 [ 231.916810][ T8424] refill_pi_state_cache+0x91/0x260 [ 231.916832][ T8424] futex_lock_pi+0x177/0x7b0 [ 231.916853][ T8424] ? preempt_schedule_thunk+0x16/0x30 [ 231.916872][ T8424] ? __pfx_futex_lock_pi+0x10/0x10 [ 231.916891][ T8424] ? preempt_schedule_common+0x42/0xc0 [ 231.916909][ T8424] ? preempt_schedule_thunk+0x16/0x30 [ 231.916933][ T8424] ? __pfx_try_to_wake_up+0x10/0x10 [ 231.916953][ T8424] ? futex_private_hash_put+0x107/0x1c0 [ 231.916973][ T8424] ? __pfx_futex_wake_mark+0x10/0x10 [ 231.917000][ T8424] ? __lock_acquire+0x4a5/0x2630 [ 231.917024][ T8424] do_futex+0x18a/0x350 [ 231.917042][ T8424] ? __pfx_do_futex+0x10/0x10 [ 231.917066][ T8424] __x64_sys_futex+0x34f/0x4d0 [ 231.917087][ T8424] ? __pfx___x64_sys_futex+0x10/0x10 [ 231.917112][ T8424] do_syscall_64+0x106/0xf80 [ 231.917129][ T8424] ? clear_bhb_loop+0x40/0x90 [ 231.917146][ T8424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.917162][ T8424] RIP: 0033:0x7f9c67d9c799 [ 231.917175][ T8424] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 231.917189][ T8424] RSP: 002b:00007f9c68c3f028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 231.917204][ T8424] RAX: ffffffffffffffda RBX: 00007f9c68015fa0 RCX: 00007f9c67d9c799 [ 231.917214][ T8424] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 231.917222][ T8424] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 000000008000fff5 [ 231.917231][ T8424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.917239][ T8424] R13: 00007f9c68016038 R14: 00007f9c68015fa0 R15: 00007ffc75db5d28 [ 231.917258][ T8424] [ 232.139905][ T8420] netlink: zone id is out of range [ 232.145365][ T8420] netlink: zone id is out of range [ 232.151367][ T8420] netlink: zone id is out of range [ 232.156849][ T8420] netlink: zone id is out of range [ 232.166270][ T8420] netlink: zone id is out of range [ 232.171414][ T8420] netlink: zone id is out of range [ 234.836429][ T8487] kAFS: Invalid Command on /proc/fs/afs/cells file [ 236.401654][ T8501] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 236.424858][ T8501] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 236.446323][ T8501] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 236.466855][ T8501] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 236.517475][ T8501] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 236.551355][ T8501] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 236.587631][ T8495] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 237.641932][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 238.442956][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 238.522500][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 238.529182][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 240.141244][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807c670800: rx timeout, send abort [ 240.154073][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c670800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 241.327122][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 241.333342][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 241.749542][ T8565] FAULT_INJECTION: forcing a failure. [ 241.749542][ T8565] name failslab, interval 1, probability 0, space 0, times 0 [ 241.823170][ T8565] CPU: 0 UID: 0 PID: 8565 Comm: syz.0.676 Not tainted syzkaller #0 PREEMPT(full) [ 241.823196][ T8565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 241.823209][ T8565] Call Trace: [ 241.823215][ T8565] [ 241.823221][ T8565] dump_stack_lvl+0x100/0x190 [ 241.823250][ T8565] should_fail_ex.cold+0x5/0xa [ 241.823269][ T8565] should_failslab+0xc2/0x120 [ 241.823285][ T8565] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 241.823309][ T8565] ? kstrdup_const+0x63/0x80 [ 241.823336][ T8565] kstrdup+0x51/0xe0 [ 241.823359][ T8565] kstrdup_const+0x63/0x80 [ 241.823381][ T8565] __kernfs_new_node+0x9b/0x960 [ 241.823411][ T8565] ? __pfx___kernfs_new_node+0x10/0x10 [ 241.823437][ T8565] ? find_held_lock+0x2b/0x80 [ 241.823452][ T8565] ? kernfs_root+0xee/0x2a0 [ 241.823472][ T8565] ? kernfs_root+0xee/0x2a0 [ 241.823496][ T8565] kernfs_new_node+0x11b/0x1a0 [ 241.823522][ T8565] kernfs_create_link+0xcc/0x240 [ 241.823541][ T8565] sysfs_do_create_link_sd+0x90/0x140 [ 241.823562][ T8565] sysfs_create_link+0x61/0xc0 [ 241.823581][ T8565] device_add+0x675/0x1950 [ 241.823597][ T8565] ? alloc_workqueue_noprof+0x198/0x200 [ 241.823615][ T8565] ? __pfx_device_add+0x10/0x10 [ 241.823635][ T8565] nfc_register_device+0x41/0x3e0 [ 241.823656][ T8565] nci_register_device+0x7f1/0xb80 [ 241.823681][ T8565] ? __pfx_nci_register_device+0x10/0x10 [ 241.823706][ T8565] ? lockdep_init_map_type+0x5c/0x250 [ 241.823729][ T8565] virtual_ncidev_open+0x141/0x220 [ 241.823745][ T8565] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 241.823762][ T8565] misc_open+0x26d/0x450 [ 241.823776][ T8565] ? __pfx_misc_open+0x10/0x10 [ 241.823789][ T8565] chrdev_open+0x234/0x6a0 [ 241.823804][ T8565] ? __pfx_apparmor_file_open+0x10/0x10 [ 241.823825][ T8565] ? __pfx_chrdev_open+0x10/0x10 [ 241.823842][ T8565] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 241.823861][ T8565] do_dentry_open+0x6d8/0x1660 [ 241.823875][ T8565] ? __pfx_chrdev_open+0x10/0x10 [ 241.823901][ T8565] vfs_open+0x82/0x3f0 [ 241.823921][ T8565] path_openat+0x208c/0x31a0 [ 241.823943][ T8565] ? __pfx_path_openat+0x10/0x10 [ 241.823965][ T8565] do_file_open+0x20e/0x430 [ 241.823981][ T8565] ? __pfx_do_file_open+0x10/0x10 [ 241.824010][ T8565] ? alloc_fd+0x476/0x790 [ 241.824026][ T8565] ? do_getname+0x191/0x390 [ 241.824046][ T8565] do_sys_openat2+0x10d/0x1e0 [ 241.824065][ T8565] ? __pfx_do_sys_openat2+0x10/0x10 [ 241.824090][ T8565] __x64_sys_openat+0x12d/0x210 [ 241.824110][ T8565] ? __pfx___x64_sys_openat+0x10/0x10 [ 241.824137][ T8565] do_syscall_64+0x106/0xf80 [ 241.824154][ T8565] ? clear_bhb_loop+0x40/0x90 [ 241.824173][ T8565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.824188][ T8565] RIP: 0033:0x7f9c67d9c799 [ 241.824203][ T8565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.824217][ T8565] RSP: 002b:00007f9c68c3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 241.824238][ T8565] RAX: ffffffffffffffda RBX: 00007f9c68015fa0 RCX: 00007f9c67d9c799 [ 241.824249][ T8565] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 241.824258][ T8565] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 241.824267][ T8565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.824276][ T8565] R13: 00007f9c68016038 R14: 00007f9c68015fa0 R15: 00007ffc75db5d28 [ 241.824297][ T8565] [ 242.378832][ T8580] netlink: 93 bytes leftover after parsing attributes in process `syz.3.681'. [ 242.494240][ T8588] FAULT_INJECTION: forcing a failure. [ 242.494240][ T8588] name fail_futex, interval 1, probability 0, space 0, times 0 [ 242.507345][ T8588] CPU: 0 UID: 0 PID: 8588 Comm: syz.1.682 Not tainted syzkaller #0 PREEMPT(full) [ 242.507368][ T8588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 242.507377][ T8588] Call Trace: [ 242.507385][ T8588] [ 242.507392][ T8588] dump_stack_lvl+0x100/0x190 [ 242.507420][ T8588] should_fail_ex.cold+0x5/0xa [ 242.507474][ T8588] get_futex_key+0x1d2/0x1620 [ 242.507495][ T8588] ? __pfx_get_futex_key+0x10/0x10 [ 242.507516][ T8588] ? __lock_acquire+0x4a5/0x2630 [ 242.507537][ T8588] futex_wake+0xea/0x530 [ 242.507561][ T8588] ? __pfx_futex_wake+0x10/0x10 [ 242.507585][ T8588] ? find_held_lock+0x2b/0x80 [ 242.507598][ T8588] ? do_sys_openat2+0x1b4/0x1e0 [ 242.507620][ T8588] do_futex+0x32b/0x350 [ 242.507638][ T8588] ? __pfx_do_futex+0x10/0x10 [ 242.507655][ T8588] ? do_sys_openat2+0x157/0x1e0 [ 242.507673][ T8588] ? __pfx_do_sys_openat2+0x10/0x10 [ 242.507695][ T8588] __x64_sys_futex+0x34f/0x4d0 [ 242.507716][ T8588] ? __pfx___x64_sys_futex+0x10/0x10 [ 242.507735][ T8588] ? __pfx___x64_sys_creat+0x10/0x10 [ 242.507760][ T8588] do_syscall_64+0x106/0xf80 [ 242.507778][ T8588] ? clear_bhb_loop+0x40/0x90 [ 242.507796][ T8588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.507811][ T8588] RIP: 0033:0x7f510f59c799 [ 242.507825][ T8588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 242.507840][ T8588] RSP: 002b:00007f510d7f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 242.507856][ T8588] RAX: ffffffffffffffda RBX: 00007f510f815fa8 RCX: 00007f510f59c799 [ 242.507866][ T8588] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f510f815fac [ 242.507875][ T8588] RBP: 00007f510f815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 242.507883][ T8588] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 242.507893][ T8588] R13: 00007f510f816038 R14: 00007ffd7cea1440 R15: 00007ffd7cea1528 [ 242.507913][ T8588] [ 242.840403][ T8590] binder: 8589:8590 ioctl c018620c 200000000040 returned -22 [ 242.984229][ T29] audit: type=1806 audit(2147491594.337:25): xattr="." res=0 [ 244.671024][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805a701c00: rx timeout, send abort [ 244.679564][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805a701c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 246.544333][ T8626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.694'. [ 246.581483][ T8626] netlink: 25 bytes leftover after parsing attributes in process `syz.3.694'. [ 246.981883][ T8632] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 247.574437][ T8645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.702'. [ 247.829243][ T8650] Process accounting paused [ 248.858756][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b777c00: rx timeout, send abort [ 249.367053][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b777c00: abort rx timeout. Force session deactivation [ 250.113966][ T8695] sd 0:0:1:0: PR command failed: 1026 [ 250.199587][ T8695] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 250.287492][ T8695] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 251.961174][ T8723] FAULT_INJECTION: forcing a failure. [ 251.961174][ T8723] name failslab, interval 1, probability 0, space 0, times 0 [ 252.080682][ T8728] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 252.138543][ T8723] CPU: 0 UID: 0 PID: 8723 Comm: syz.0.722 Not tainted syzkaller #0 PREEMPT(full) [ 252.138620][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 252.138633][ T8723] Call Trace: [ 252.138638][ T8723] [ 252.138645][ T8723] dump_stack_lvl+0x100/0x190 [ 252.138675][ T8723] should_fail_ex.cold+0x5/0xa [ 252.138693][ T8723] should_failslab+0xc2/0x120 [ 252.138710][ T8723] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 252.138732][ T8723] ? shmem_alloc_inode+0x25/0x50 [ 252.138751][ T8723] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 252.138768][ T8723] shmem_alloc_inode+0x25/0x50 [ 252.138783][ T8723] alloc_inode+0x68/0x250 [ 252.138802][ T8723] new_inode+0x22/0x1c0 [ 252.138822][ T8723] shmem_get_inode+0x212/0x1040 [ 252.138843][ T8723] ? __pfx_shmem_get_inode+0x10/0x10 [ 252.138862][ T8723] ? d_add+0x443/0x850 [ 252.138880][ T8723] ? do_raw_spin_unlock+0x145/0x1e0 [ 252.138905][ T8723] shmem_mknod+0x20c/0x470 [ 252.138925][ T8723] ? __pfx_shmem_mknod+0x10/0x10 [ 252.138942][ T8723] ? bpf_lsm_inode_create+0x9/0x10 [ 252.138966][ T8723] ? __pfx_shmem_create+0x10/0x10 [ 252.138984][ T8723] lookup_open.isra.0+0xc47/0x11b0 [ 252.139010][ T8723] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 252.139035][ T8723] ? __pfx___might_resched+0x10/0x10 [ 252.139055][ T8723] ? mnt_get_write_access+0x52/0x2f0 [ 252.139078][ T8723] ? __pfx_down_write+0x10/0x10 [ 252.139097][ T8723] ? mnt_get_write_access+0x1e9/0x2f0 [ 252.139119][ T8723] path_openat+0x2291/0x31a0 [ 252.139141][ T8723] ? __pfx_path_openat+0x10/0x10 [ 252.139164][ T8723] do_file_open+0x20e/0x430 [ 252.139182][ T8723] ? __pfx_do_file_open+0x10/0x10 [ 252.139213][ T8723] ? alloc_fd+0x476/0x790 [ 252.139229][ T8723] ? do_getname+0x191/0x390 [ 252.139248][ T8723] do_sys_openat2+0x10d/0x1e0 [ 252.139268][ T8723] ? __pfx_do_sys_openat2+0x10/0x10 [ 252.139288][ T8723] ? __fget_files+0x21f/0x3d0 [ 252.139306][ T8723] __x64_sys_openat+0x12d/0x210 [ 252.139325][ T8723] ? __pfx___x64_sys_openat+0x10/0x10 [ 252.139351][ T8723] do_syscall_64+0x106/0xf80 [ 252.139369][ T8723] ? clear_bhb_loop+0x40/0x90 [ 252.139386][ T8723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.139402][ T8723] RIP: 0033:0x7f9c67d9c799 [ 252.139416][ T8723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 252.139431][ T8723] RSP: 002b:00007f9c68c3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 252.139448][ T8723] RAX: ffffffffffffffda RBX: 00007f9c68015fa0 RCX: 00007f9c67d9c799 [ 252.139458][ T8723] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 252.139467][ T8723] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 252.139477][ T8723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 252.139485][ T8723] R13: 00007f9c68016038 R14: 00007f9c68015fa0 R15: 00007ffc75db5d28 [ 252.139506][ T8723] [ 255.282556][ T8770] netlink: 334 bytes leftover after parsing attributes in process `syz.0.733'. [ 255.332634][ T8772] FAULT_INJECTION: forcing a failure. [ 255.332634][ T8772] name failslab, interval 1, probability 0, space 0, times 0 [ 255.389259][ T8772] CPU: 0 UID: 0 PID: 8772 Comm: syz.3.735 Not tainted syzkaller #0 PREEMPT(full) [ 255.389283][ T8772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 255.389294][ T8772] Call Trace: [ 255.389299][ T8772] [ 255.389305][ T8772] dump_stack_lvl+0x100/0x190 [ 255.389333][ T8772] should_fail_ex.cold+0x5/0xa [ 255.389352][ T8772] ? tomoyo_realpath_from_path+0xb6/0x690 [ 255.389370][ T8772] should_failslab+0xc2/0x120 [ 255.389386][ T8772] __kmalloc_noprof+0xe0/0x850 [ 255.389412][ T8772] tomoyo_realpath_from_path+0xb6/0x690 [ 255.389434][ T8772] tomoyo_path_number_perm+0x23c/0x580 [ 255.389457][ T8772] ? tomoyo_path_number_perm+0x22e/0x580 [ 255.389480][ T8772] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 255.389523][ T8772] ? find_held_lock+0x2b/0x80 [ 255.389537][ T8772] ? current_check_access_path+0x281/0x460 [ 255.389555][ T8772] ? __pfx_current_check_access_path+0x10/0x10 [ 255.389572][ T8772] ? d_alloc_parallel+0x864/0x14e0 [ 255.389597][ T8772] tomoyo_path_mknod+0x164/0x190 [ 255.389616][ T8772] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 255.389634][ T8772] ? find_held_lock+0x2b/0x80 [ 255.389649][ T8772] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 255.389675][ T8772] security_path_mknod+0x161/0x300 [ 255.389694][ T8772] may_o_create+0x30/0x3a0 [ 255.389718][ T8772] lookup_open.isra.0+0xa0d/0x11b0 [ 255.389744][ T8772] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 255.389772][ T8772] ? __pfx___might_resched+0x10/0x10 [ 255.389795][ T8772] ? mnt_get_write_access+0x52/0x2f0 [ 255.389818][ T8772] ? __pfx_down_write+0x10/0x10 [ 255.389843][ T8772] ? mnt_get_write_access+0x1e9/0x2f0 [ 255.389865][ T8772] path_openat+0x2291/0x31a0 [ 255.389893][ T8772] ? __pfx_path_openat+0x10/0x10 [ 255.389917][ T8772] do_file_open+0x20e/0x430 [ 255.389934][ T8772] ? __pfx_do_file_open+0x10/0x10 [ 255.389963][ T8772] ? alloc_fd+0x476/0x790 [ 255.389979][ T8772] ? do_getname+0x191/0x390 [ 255.389999][ T8772] do_sys_openat2+0x10d/0x1e0 [ 255.390017][ T8772] ? __pfx_do_sys_openat2+0x10/0x10 [ 255.390037][ T8772] ? __fget_files+0x21f/0x3d0 [ 255.390055][ T8772] __x64_sys_openat+0x12d/0x210 [ 255.390075][ T8772] ? __pfx___x64_sys_openat+0x10/0x10 [ 255.390101][ T8772] do_syscall_64+0x106/0xf80 [ 255.390118][ T8772] ? clear_bhb_loop+0x40/0x90 [ 255.390137][ T8772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.390152][ T8772] RIP: 0033:0x7f187319c799 [ 255.390166][ T8772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 255.390180][ T8772] RSP: 002b:00007f18740ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 255.390195][ T8772] RAX: ffffffffffffffda RBX: 00007f1873415fa0 RCX: 00007f187319c799 [ 255.390205][ T8772] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 255.390214][ T8772] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000000 [ 255.390223][ T8772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.390232][ T8772] R13: 00007f1873416038 R14: 00007f1873415fa0 R15: 00007ffec9520d98 [ 255.390261][ T8772] [ 255.715378][ T8774] serio: Serial port pty6 [ 255.892317][ T8772] ERROR: Out of memory at tomoyo_realpath_from_path. [ 255.899856][ T8776] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 255.998066][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.004441][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.305955][ T8779] FAULT_INJECTION: forcing a failure. [ 256.305955][ T8779] name failslab, interval 1, probability 0, space 0, times 0 [ 256.343076][ T8779] CPU: 0 UID: 0 PID: 8779 Comm: syz.3.736 Not tainted syzkaller #0 PREEMPT(full) [ 256.343100][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 256.343115][ T8779] Call Trace: [ 256.343124][ T8779] [ 256.343134][ T8779] dump_stack_lvl+0x100/0x190 [ 256.343170][ T8779] should_fail_ex.cold+0x5/0xa [ 256.343189][ T8779] should_failslab+0xc2/0x120 [ 256.343206][ T8779] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 256.343227][ T8779] ? __kernfs_new_node+0xd2/0x960 [ 256.343248][ T8779] ? kstrdup+0xb3/0xe0 [ 256.343275][ T8779] __kernfs_new_node+0xd2/0x960 [ 256.343298][ T8779] ? __pfx___kernfs_new_node+0x10/0x10 [ 256.343324][ T8779] ? find_held_lock+0x2b/0x80 [ 256.343337][ T8779] ? kernfs_root+0xee/0x2a0 [ 256.343356][ T8779] ? kernfs_root+0xee/0x2a0 [ 256.343379][ T8779] kernfs_new_node+0x11b/0x1a0 [ 256.343404][ T8779] kernfs_create_link+0xcc/0x240 [ 256.343423][ T8779] sysfs_do_create_link_sd+0x90/0x140 [ 256.343445][ T8779] sysfs_create_link+0x61/0xc0 [ 256.343468][ T8779] device_add+0x675/0x1950 [ 256.343485][ T8779] ? alloc_workqueue_noprof+0x198/0x200 [ 256.343504][ T8779] ? __pfx_device_add+0x10/0x10 [ 256.343526][ T8779] nfc_register_device+0x41/0x3e0 [ 256.343550][ T8779] nci_register_device+0x7f1/0xb80 [ 256.343575][ T8779] ? __pfx_nci_register_device+0x10/0x10 [ 256.343608][ T8779] ? lockdep_init_map_type+0x5c/0x250 [ 256.343633][ T8779] virtual_ncidev_open+0x141/0x220 [ 256.343656][ T8779] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 256.343673][ T8779] misc_open+0x26d/0x450 [ 256.343688][ T8779] ? __pfx_misc_open+0x10/0x10 [ 256.343702][ T8779] chrdev_open+0x234/0x6a0 [ 256.343717][ T8779] ? __pfx_apparmor_file_open+0x10/0x10 [ 256.343738][ T8779] ? __pfx_chrdev_open+0x10/0x10 [ 256.343754][ T8779] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 256.343774][ T8779] do_dentry_open+0x6d8/0x1660 [ 256.343788][ T8779] ? __pfx_chrdev_open+0x10/0x10 [ 256.343807][ T8779] vfs_open+0x82/0x3f0 [ 256.343828][ T8779] path_openat+0x208c/0x31a0 [ 256.343850][ T8779] ? __pfx_path_openat+0x10/0x10 [ 256.343872][ T8779] do_file_open+0x20e/0x430 [ 256.343891][ T8779] ? __pfx_do_file_open+0x10/0x10 [ 256.343920][ T8779] ? alloc_fd+0x476/0x790 [ 256.343937][ T8779] ? do_getname+0x191/0x390 [ 256.343956][ T8779] do_sys_openat2+0x10d/0x1e0 [ 256.343975][ T8779] ? __pfx_do_sys_openat2+0x10/0x10 [ 256.344000][ T8779] __x64_sys_openat+0x12d/0x210 [ 256.344020][ T8779] ? __pfx___x64_sys_openat+0x10/0x10 [ 256.344046][ T8779] do_syscall_64+0x106/0xf80 [ 256.344063][ T8779] ? clear_bhb_loop+0x40/0x90 [ 256.344081][ T8779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.344097][ T8779] RIP: 0033:0x7f187319c799 [ 256.344110][ T8779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 256.344125][ T8779] RSP: 002b:00007f18740ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 256.344147][ T8779] RAX: ffffffffffffffda RBX: 00007f1873415fa0 RCX: 00007f187319c799 [ 256.344158][ T8779] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 256.344167][ T8779] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000000 [ 256.344176][ T8779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.344185][ T8779] R13: 00007f1873416038 R14: 00007f1873415fa0 R15: 00007ffec9520d98 [ 256.344205][ T8779] [ 257.500197][ T29] audit: type=1807 audit(2147491608.827:26): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 257.539827][ T29] audit: type=1802 audit(2147491608.827:27): pid=8795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.739" res=0 errno=0 [ 258.144502][ T8794] ima: policy update failed [ 258.149473][ T29] audit: type=1802 audit(2147491609.507:28): pid=8794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.739" res=0 errno=0 [ 258.549056][ T8811] netlink: 28 bytes leftover after parsing attributes in process `syz.2.743'. [ 258.648191][ T8811] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.769375][ T8811] bridge_slave_1 (unregistering): left allmulticast mode [ 258.831031][ T8811] bridge_slave_1 (unregistering): left promiscuous mode [ 258.882579][ T8811] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.123670][ T8822] FAULT_INJECTION: forcing a failure. [ 259.123670][ T8822] name failslab, interval 1, probability 0, space 0, times 0 [ 259.257833][ T8829] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 259.281936][ T8822] CPU: 0 UID: 0 PID: 8822 Comm: syz.1.746 Not tainted syzkaller #0 PREEMPT(full) [ 259.281961][ T8822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 259.281971][ T8822] Call Trace: [ 259.281977][ T8822] [ 259.281984][ T8822] dump_stack_lvl+0x100/0x190 [ 259.282012][ T8822] should_fail_ex.cold+0x5/0xa [ 259.282031][ T8822] should_failslab+0xc2/0x120 [ 259.282048][ T8822] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 259.282070][ T8822] ? shmem_alloc_inode+0x25/0x50 [ 259.282089][ T8822] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 259.282107][ T8822] shmem_alloc_inode+0x25/0x50 [ 259.282123][ T8822] alloc_inode+0x68/0x250 [ 259.282142][ T8822] new_inode+0x22/0x1c0 [ 259.282162][ T8822] shmem_get_inode+0x212/0x1040 [ 259.282184][ T8822] ? __pfx_shmem_get_inode+0x10/0x10 [ 259.282202][ T8822] ? d_add+0x443/0x850 [ 259.282221][ T8822] ? do_raw_spin_unlock+0x145/0x1e0 [ 259.282246][ T8822] shmem_mknod+0x20c/0x470 [ 259.282266][ T8822] ? __pfx_shmem_mknod+0x10/0x10 [ 259.282283][ T8822] ? bpf_lsm_inode_create+0x9/0x10 [ 259.282307][ T8822] ? __pfx_shmem_create+0x10/0x10 [ 259.282326][ T8822] lookup_open.isra.0+0xc47/0x11b0 [ 259.282351][ T8822] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 259.282376][ T8822] ? __pfx___might_resched+0x10/0x10 [ 259.282396][ T8822] ? mnt_get_write_access+0x52/0x2f0 [ 259.282419][ T8822] ? __pfx_down_write+0x10/0x10 [ 259.282438][ T8822] ? mnt_get_write_access+0x1e9/0x2f0 [ 259.282460][ T8822] path_openat+0x2291/0x31a0 [ 259.282482][ T8822] ? __pfx_path_openat+0x10/0x10 [ 259.282504][ T8822] do_file_open+0x20e/0x430 [ 259.282522][ T8822] ? __pfx_do_file_open+0x10/0x10 [ 259.282552][ T8822] ? alloc_fd+0x476/0x790 [ 259.282568][ T8822] ? do_getname+0x191/0x390 [ 259.282588][ T8822] do_sys_openat2+0x10d/0x1e0 [ 259.282607][ T8822] ? __pfx_do_sys_openat2+0x10/0x10 [ 259.282627][ T8822] ? __fget_files+0x21f/0x3d0 [ 259.282645][ T8822] __x64_sys_openat+0x12d/0x210 [ 259.282664][ T8822] ? __pfx___x64_sys_openat+0x10/0x10 [ 259.282691][ T8822] do_syscall_64+0x106/0xf80 [ 259.282707][ T8822] ? clear_bhb_loop+0x40/0x90 [ 259.282726][ T8822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.282741][ T8822] RIP: 0033:0x7f510f59c799 [ 259.282755][ T8822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.282770][ T8822] RSP: 002b:00007f510d7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 259.282785][ T8822] RAX: ffffffffffffffda RBX: 00007f510f815fa0 RCX: 00007f510f59c799 [ 259.282796][ T8822] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 259.282805][ T8822] RBP: 00007f510f632c99 R08: 0000000000000000 R09: 0000000000000000 [ 259.282815][ T8822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.282824][ T8822] R13: 00007f510f816038 R14: 00007f510f815fa0 R15: 00007ffd7cea1528 [ 259.282844][ T8822] [ 260.436034][ T8823] serio: Serial port pty6 [ 260.469081][ T29] audit: type=1807 audit(2147491611.827:29): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 260.532165][ T29] audit: type=1802 audit(2147491611.847:30): pid=8847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.753" res=0 errno=0 [ 260.796150][ T8848] [U] [ 261.175390][ T8844] ima: policy update failed [ 261.194736][ T29] audit: type=1802 audit(2147491612.557:31): pid=8844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.753" res=0 errno=0 [ 263.205169][ T8899] process 'syz.3.762' launched './file0' with NULL argv: empty string added [ 265.611108][ T8963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.772'. [ 265.653484][ T8963] netlink: 25 bytes leftover after parsing attributes in process `syz.1.772'. [ 266.543016][ T8973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.776'. [ 267.188717][ T8983] nbd: must specify at least one socket [ 268.798227][ T9013] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 268.999783][ T9018] netlink: 25 bytes leftover after parsing attributes in process `syz.2.788'. [ 269.051610][ T9015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.787'. [ 271.029944][ T9053] FAULT_INJECTION: forcing a failure. [ 271.029944][ T9053] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 271.147237][ T9053] CPU: 0 UID: 0 PID: 9053 Comm: syz.1.799 Not tainted syzkaller #0 PREEMPT(full) [ 271.147261][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 271.147271][ T9053] Call Trace: [ 271.147277][ T9053] [ 271.147283][ T9053] dump_stack_lvl+0x100/0x190 [ 271.147311][ T9053] should_fail_ex.cold+0x5/0xa [ 271.147327][ T9053] ? prepare_alloc_pages+0x16d/0x5f0 [ 271.147349][ T9053] should_fail_alloc_page+0xeb/0x140 [ 271.147368][ T9053] prepare_alloc_pages+0x1f0/0x5f0 [ 271.147389][ T9053] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 271.147412][ T9053] ? rcu_is_watching+0x12/0xc0 [ 271.147434][ T9053] ? trace_mm_page_alloc+0x17a/0x1d0 [ 271.147452][ T9053] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 271.147473][ T9053] ? vhost_dev_set_owner+0x190/0xa30 [ 271.147492][ T9053] ? stack_trace_save+0x8e/0xc0 [ 271.147513][ T9053] ? __pfx_stack_trace_save+0x10/0x10 [ 271.147529][ T9053] ? stack_depot_save_flags+0x27/0x9d0 [ 271.147546][ T9053] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 271.147572][ T9053] ? vhost_dev_set_owner+0x190/0xa30 [ 271.147589][ T9053] ? kasan_save_stack+0x3f/0x50 [ 271.147610][ T9053] ? kasan_save_stack+0x30/0x50 [ 271.147630][ T9053] ? kasan_save_track+0x14/0x30 [ 271.147651][ T9053] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 271.147673][ T9053] ? vhost_net_ioctl+0xfa3/0x1910 [ 271.147690][ T9053] ? __x64_sys_ioctl+0x18e/0x210 [ 271.147717][ T9053] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 271.147742][ T9053] ? policy_nodemask+0xed/0x4f0 [ 271.147759][ T9053] alloc_pages_mpol+0x1fb/0x550 [ 271.147776][ T9053] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 271.147792][ T9053] ? find_held_lock+0x2b/0x80 [ 271.147805][ T9053] ? rcu_read_unlock+0x17/0x60 [ 271.147823][ T9053] ? vhost_dev_set_owner+0x330/0xa30 [ 271.147840][ T9053] ___kmalloc_large_node+0x104/0x150 [ 271.147859][ T9053] __kmalloc_large_node_noprof+0x1c/0x70 [ 271.147878][ T9053] __kmalloc_noprof+0x5be/0x850 [ 271.147903][ T9053] vhost_dev_set_owner+0x330/0xa30 [ 271.147927][ T9053] vhost_net_ioctl+0xfa3/0x1910 [ 271.147945][ T9053] ? do_vfs_ioctl+0x226/0x13e0 [ 271.147965][ T9053] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 271.147984][ T9053] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 271.148007][ T9053] ? find_held_lock+0x2b/0x80 [ 271.148020][ T9053] ? __fget_files+0x215/0x3d0 [ 271.148033][ T9053] ? hook_file_ioctl_common+0x146/0x410 [ 271.148061][ T9053] ? __fget_files+0x21f/0x3d0 [ 271.148077][ T9053] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 271.148097][ T9053] __x64_sys_ioctl+0x18e/0x210 [ 271.148119][ T9053] do_syscall_64+0x106/0xf80 [ 271.148136][ T9053] ? clear_bhb_loop+0x40/0x90 [ 271.148155][ T9053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.148172][ T9053] RIP: 0033:0x7f510f59c799 [ 271.148186][ T9053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 271.148201][ T9053] RSP: 002b:00007f510d7d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.148216][ T9053] RAX: ffffffffffffffda RBX: 00007f510f816090 RCX: 00007f510f59c799 [ 271.148227][ T9053] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000007 [ 271.148236][ T9053] RBP: 00007f510f632c99 R08: 0000000000000000 R09: 0000000000000000 [ 271.148246][ T9053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.148255][ T9053] R13: 00007f510f816128 R14: 00007f510f816090 R15: 00007ffd7cea1528 [ 271.148275][ T9053] [ 272.389464][ T9068] netlink: 28 bytes leftover after parsing attributes in process `syz.2.802'. [ 272.521687][ T9071] FAULT_INJECTION: forcing a failure. [ 272.521687][ T9071] name failslab, interval 1, probability 0, space 0, times 0 [ 272.564125][ T9071] CPU: 0 UID: 0 PID: 9071 Comm: syz.2.803 Not tainted syzkaller #0 PREEMPT(full) [ 272.564149][ T9071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 272.564158][ T9071] Call Trace: [ 272.564164][ T9071] [ 272.564170][ T9071] dump_stack_lvl+0x100/0x190 [ 272.564198][ T9071] should_fail_ex.cold+0x5/0xa [ 272.564216][ T9071] should_failslab+0xc2/0x120 [ 272.564232][ T9071] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 272.564254][ T9071] ? shmem_alloc_inode+0x25/0x50 [ 272.564272][ T9071] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 272.564290][ T9071] shmem_alloc_inode+0x25/0x50 [ 272.564305][ T9071] alloc_inode+0x68/0x250 [ 272.564324][ T9071] new_inode+0x22/0x1c0 [ 272.564345][ T9071] shmem_get_inode+0x212/0x1040 [ 272.564373][ T9071] ? __pfx_shmem_get_inode+0x10/0x10 [ 272.564392][ T9071] ? d_add+0x443/0x850 [ 272.564411][ T9071] ? do_raw_spin_unlock+0x145/0x1e0 [ 272.564438][ T9071] shmem_mknod+0x20c/0x470 [ 272.564458][ T9071] ? __pfx_shmem_mknod+0x10/0x10 [ 272.564475][ T9071] ? bpf_lsm_inode_create+0x9/0x10 [ 272.564499][ T9071] ? __pfx_shmem_create+0x10/0x10 [ 272.564518][ T9071] lookup_open.isra.0+0xc47/0x11b0 [ 272.564543][ T9071] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 272.564568][ T9071] ? __pfx___might_resched+0x10/0x10 [ 272.564589][ T9071] ? mnt_get_write_access+0x52/0x2f0 [ 272.564612][ T9071] ? __pfx_down_write+0x10/0x10 [ 272.564630][ T9071] ? mnt_get_write_access+0x1e9/0x2f0 [ 272.564654][ T9071] path_openat+0x2291/0x31a0 [ 272.564675][ T9071] ? __pfx_path_openat+0x10/0x10 [ 272.564698][ T9071] do_file_open+0x20e/0x430 [ 272.564715][ T9071] ? __pfx_do_file_open+0x10/0x10 [ 272.564745][ T9071] ? alloc_fd+0x476/0x790 [ 272.564761][ T9071] ? do_getname+0x191/0x390 [ 272.564781][ T9071] do_sys_openat2+0x10d/0x1e0 [ 272.564800][ T9071] ? __pfx_do_sys_openat2+0x10/0x10 [ 272.564820][ T9071] ? __fget_files+0x21f/0x3d0 [ 272.564838][ T9071] __x64_sys_openat+0x12d/0x210 [ 272.564858][ T9071] ? __pfx___x64_sys_openat+0x10/0x10 [ 272.564888][ T9071] do_syscall_64+0x106/0xf80 [ 272.564905][ T9071] ? clear_bhb_loop+0x40/0x90 [ 272.564923][ T9071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.564938][ T9071] RIP: 0033:0x7f60b059c799 [ 272.564952][ T9071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 272.564967][ T9071] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 272.564982][ T9071] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 272.564992][ T9071] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 272.565001][ T9071] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 272.565010][ T9071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.565019][ T9071] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 272.565040][ T9071] [ 272.875937][ T9071] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 273.015579][ T9073] netlink: 354 bytes leftover after parsing attributes in process `syz.2.805'. [ 273.088413][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.804'. [ 273.520569][ T9086] netlink: 25 bytes leftover after parsing attributes in process `syz.0.808'. [ 274.031983][ T9089] can0: slcan on ttyS2. [ 274.275196][ T9087] can0 (unregistered): slcan off ttyS2. [ 274.587412][ T9105] netlink: 28 bytes leftover after parsing attributes in process `syz.0.813'. [ 275.605129][ T9130] netlink: 17 bytes leftover after parsing attributes in process `syz.0.822'. [ 276.402739][ T9150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.817'. [ 278.837096][ T9191] Process accounting resumed [ 279.241958][ T9214] FAULT_INJECTION: forcing a failure. [ 279.241958][ T9214] name failslab, interval 1, probability 0, space 0, times 0 [ 279.353458][ T9214] CPU: 0 UID: 0 PID: 9214 Comm: syz.1.831 Not tainted syzkaller #0 PREEMPT(full) [ 279.353498][ T9214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 279.353508][ T9214] Call Trace: [ 279.353513][ T9214] [ 279.353519][ T9214] dump_stack_lvl+0x100/0x190 [ 279.353546][ T9214] should_fail_ex.cold+0x5/0xa [ 279.353565][ T9214] ? lsm_blob_alloc+0x68/0x90 [ 279.353583][ T9214] should_failslab+0xc2/0x120 [ 279.353599][ T9214] __kmalloc_noprof+0xe0/0x850 [ 279.353620][ T9214] ? trace_kmem_cache_alloc+0xf3/0x120 [ 279.353639][ T9214] lsm_blob_alloc+0x68/0x90 [ 279.353657][ T9214] security_prepare_creds+0x2d/0x290 [ 279.353675][ T9214] prepare_creds+0x5d6/0x950 [ 279.353698][ T9214] copy_creds+0xa7/0xa50 [ 279.353721][ T9214] copy_process+0x1029/0x7a10 [ 279.353738][ T9214] ? futex_unqueue+0x133/0x2c0 [ 279.353829][ T9214] ? __pfx_copy_process+0x10/0x10 [ 279.353852][ T9214] ? _copy_from_user+0x59/0xd0 [ 279.353870][ T9214] kernel_clone+0xfc/0x9a0 [ 279.353892][ T9214] ? __pfx_kernel_clone+0x10/0x10 [ 279.353913][ T9214] ? __pfx_futex_wait+0x10/0x10 [ 279.353940][ T9214] __do_sys_clone3+0x214/0x290 [ 279.353957][ T9214] ? __pfx___do_sys_clone3+0x10/0x10 [ 279.353997][ T9214] do_syscall_64+0x106/0xf80 [ 279.354015][ T9214] ? clear_bhb_loop+0x40/0x90 [ 279.354033][ T9214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.354048][ T9214] RIP: 0033:0x7f510f59c799 [ 279.354062][ T9214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.354077][ T9214] RSP: 002b:00007f510d7d4ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 279.354092][ T9214] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f510f59c799 [ 279.354102][ T9214] RDX: 00007f510d7d4f10 RSI: 0000000000000058 RDI: 00007f510d7d4f10 [ 279.354111][ T9214] RBP: 00007f510f632c99 R08: 0000000000000000 R09: 0000000000000058 [ 279.354119][ T9214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.354128][ T9214] R13: 00007f510f816128 R14: 00007f510f816090 R15: 00007ffd7cea1528 [ 279.354147][ T9214] [ 281.510562][ T9252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.843'. [ 283.795191][ T9308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.848'. [ 283.930681][ T9308] team0 (unregistering): Port device team_slave_0 removed [ 284.035175][ T9308] team0 (unregistering): Port device team_slave_1 removed [ 285.111162][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.855'. [ 285.175835][ T9344] netlink: 'syz.3.855': attribute type 1 has an invalid length. [ 285.212981][ T9344] netlink: 5 bytes leftover after parsing attributes in process `syz.3.855'. [ 285.323558][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.1.853'. [ 286.674722][ T9379] netlink: 4 bytes leftover after parsing attributes in process `syz.1.862'. [ 287.677779][ T9402] ======================================================= [ 287.677779][ T9402] WARNING: The mand mount option has been deprecated and [ 287.677779][ T9402] and is ignored by this kernel. Remove the mand [ 287.677779][ T9402] option from the mount to silence this warning. [ 287.677779][ T9402] ======================================================= [ 291.369477][ T9462] misc userio: Invalid payload size [ 292.098915][ T29] audit: type=1800 audit(2147491643.459:32): pid=9478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.881" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 294.824464][ T9516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.895'. [ 294.850160][ T9516] netlink: 354 bytes leftover after parsing attributes in process `syz.0.895'. [ 295.232035][ T9529] netlink: 28 bytes leftover after parsing attributes in process `syz.1.890'. [ 296.427627][ T9551] netlink: 17 bytes leftover after parsing attributes in process `syz.1.899'. [ 296.706793][ T9553] netlink: 28 bytes leftover after parsing attributes in process `syz.3.901'. [ 296.879761][ T9553] team0 (unregistering): Port device team_slave_0 removed [ 296.940541][ T9553] team0 (unregistering): Port device team_slave_1 removed [ 297.751583][ T9576] netlink: 'syz.1.907': attribute type 2 has an invalid length. [ 299.078787][ T9604] netlink: 28 bytes leftover after parsing attributes in process `syz.3.913'. [ 299.566181][ T9605] FAULT_INJECTION: forcing a failure. [ 299.566181][ T9605] name failslab, interval 1, probability 0, space 0, times 0 [ 299.705334][ T9605] CPU: 0 UID: 0 PID: 9605 Comm: syz.2.912 Tainted: G L syzkaller #0 PREEMPT(full) [ 299.705362][ T9605] Tainted: [L]=SOFTLOCKUP [ 299.705367][ T9605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 299.705376][ T9605] Call Trace: [ 299.705382][ T9605] [ 299.705389][ T9605] dump_stack_lvl+0x100/0x190 [ 299.705416][ T9605] should_fail_ex.cold+0x5/0xa [ 299.705435][ T9605] should_failslab+0xc2/0x120 [ 299.705451][ T9605] __kmalloc_node_noprof+0xe6/0x850 [ 299.705472][ T9605] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 299.705495][ T9605] __vmalloc_node_range_noprof+0x3dc/0x1530 [ 299.705514][ T9605] ? find_held_lock+0x2b/0x80 [ 299.705528][ T9605] ? local_lock_release+0x99/0x130 [ 299.705548][ T9605] ? kernel_clone+0xfc/0x9a0 [ 299.705565][ T9605] ? find_held_lock+0x2b/0x80 [ 299.705579][ T9605] ? rcu_read_unlock+0x17/0x60 [ 299.705595][ T9605] ? obj_cgroup_charge_account+0x46d/0x640 [ 299.705612][ T9605] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 299.705632][ T9605] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 299.705652][ T9605] ? rcu_is_watching+0x12/0xc0 [ 299.705673][ T9605] ? trace_kmem_cache_alloc+0xf3/0x120 [ 299.705690][ T9605] ? kernel_clone+0xfc/0x9a0 [ 299.705705][ T9605] __vmalloc_node_noprof+0xad/0xf0 [ 299.705723][ T9605] ? kernel_clone+0xfc/0x9a0 [ 299.705741][ T9605] copy_process+0x5ec/0x7a10 [ 299.705756][ T9605] ? futex_unqueue+0x133/0x2c0 [ 299.705782][ T9605] ? __pfx_copy_process+0x10/0x10 [ 299.705803][ T9605] ? _copy_from_user+0x59/0xd0 [ 299.705820][ T9605] kernel_clone+0xfc/0x9a0 [ 299.705838][ T9605] ? __pfx_kernel_clone+0x10/0x10 [ 299.705859][ T9605] ? __pfx_futex_wait+0x10/0x10 [ 299.705884][ T9605] __do_sys_clone3+0x214/0x290 [ 299.705902][ T9605] ? __pfx___do_sys_clone3+0x10/0x10 [ 299.705944][ T9605] do_syscall_64+0x106/0xf80 [ 299.705962][ T9605] ? clear_bhb_loop+0x40/0x90 [ 299.705981][ T9605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.705997][ T9605] RIP: 0033:0x7f60b059c799 [ 299.706010][ T9605] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.706024][ T9605] RSP: 002b:00007f60b1502ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 299.706040][ T9605] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f60b059c799 [ 299.706050][ T9605] RDX: 00007f60b1502f10 RSI: 0000000000000058 RDI: 00007f60b1502f10 [ 299.706060][ T9605] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000058 [ 299.706069][ T9605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 299.706078][ T9605] R13: 00007f60b0816128 R14: 00007f60b0816090 R15: 00007ffc7b8ad378 [ 299.706098][ T9605] [ 299.706446][ T9605] syz.2.912: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 301.288407][ T9628] FAULT_INJECTION: forcing a failure. [ 301.288407][ T9628] name failslab, interval 1, probability 0, space 0, times 0 [ 301.574699][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.0.920 Tainted: G L syzkaller #0 PREEMPT(full) [ 301.574729][ T9628] Tainted: [L]=SOFTLOCKUP [ 301.574735][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 301.574745][ T9628] Call Trace: [ 301.574750][ T9628] [ 301.574756][ T9628] dump_stack_lvl+0x100/0x190 [ 301.574784][ T9628] should_fail_ex.cold+0x5/0xa [ 301.574803][ T9628] should_failslab+0xc2/0x120 [ 301.574818][ T9628] __kmalloc_cache_noprof+0x7a/0x6f0 [ 301.574839][ T9628] ? kobject_uevent_env+0x263/0x18b0 [ 301.574860][ T9628] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 301.574884][ T9628] kobject_uevent_env+0x263/0x18b0 [ 301.574909][ T9628] ? bus_to_subsys+0x114/0x150 [ 301.574928][ T9628] device_add+0x116e/0x1950 [ 301.574944][ T9628] ? __pfx_device_add+0x10/0x10 [ 301.574958][ T9628] ? trace_kmalloc+0x101/0x130 [ 301.574973][ T9628] ? __kasan_kmalloc+0xaa/0xb0 [ 301.574995][ T9628] ? lockdep_init_map_type+0x5c/0x250 [ 301.575015][ T9628] ? lockdep_init_map_type+0x5c/0x250 [ 301.575035][ T9628] input_register_device+0x7d2/0xe20 [ 301.575058][ T9628] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 301.575083][ T9628] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 301.575104][ T9628] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 301.575132][ T9628] ? find_held_lock+0x2b/0x80 [ 301.575145][ T9628] ? __fget_files+0x215/0x3d0 [ 301.575168][ T9628] ? __pfx_uinput_ioctl+0x10/0x10 [ 301.575182][ T9628] __x64_sys_ioctl+0x18e/0x210 [ 301.575204][ T9628] do_syscall_64+0x106/0xf80 [ 301.575221][ T9628] ? clear_bhb_loop+0x40/0x90 [ 301.575239][ T9628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.575254][ T9628] RIP: 0033:0x7f9c67d9c799 [ 301.575268][ T9628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 301.575282][ T9628] RSP: 002b:00007f9c68c3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 301.575298][ T9628] RAX: ffffffffffffffda RBX: 00007f9c68015fa0 RCX: 00007f9c67d9c799 [ 301.575308][ T9628] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 301.575316][ T9628] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 301.575325][ T9628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 301.575334][ T9628] R13: 00007f9c68016038 R14: 00007f9c68015fa0 R15: 00007ffc75db5d28 [ 301.575354][ T9628] [ 301.575383][ T9628] input: f as /devices/virtual/input/input12 [ 301.907361][ T9605] ,cpuset=/,mems_allowed=0-1 [ 301.921572][ T9605] CPU: 0 UID: 0 PID: 9605 Comm: syz.2.912 Tainted: G L syzkaller #0 PREEMPT(full) [ 301.921598][ T9605] Tainted: [L]=SOFTLOCKUP [ 301.921603][ T9605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 301.921613][ T9605] Call Trace: [ 301.921618][ T9605] [ 301.921624][ T9605] dump_stack_lvl+0x100/0x190 [ 301.921651][ T9605] warn_alloc.cold+0x95/0x1c1 [ 301.921676][ T9605] ? __pfx_warn_alloc+0x10/0x10 [ 301.921697][ T9605] ? lockdep_hardirqs_on+0x78/0x100 [ 301.921716][ T9605] ? dump_stack_lvl+0x17c/0x190 [ 301.921738][ T9605] ? trace_kmalloc+0x101/0x130 [ 301.921753][ T9605] ? __kasan_kmalloc+0x8a/0xb0 [ 301.921776][ T9605] ? __kmalloc_node_noprof+0x324/0x850 [ 301.921796][ T9605] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 301.921821][ T9605] __vmalloc_node_range_noprof+0x1275/0x1530 [ 301.921839][ T9605] ? find_held_lock+0x2b/0x80 [ 301.921853][ T9605] ? local_lock_release+0x99/0x130 [ 301.921874][ T9605] ? kernel_clone+0xfc/0x9a0 [ 301.921893][ T9605] ? rcu_read_unlock+0x17/0x60 [ 301.921909][ T9605] ? obj_cgroup_charge_account+0x46d/0x640 [ 301.921926][ T9605] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 301.921946][ T9605] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 301.921965][ T9605] ? rcu_is_watching+0x12/0xc0 [ 301.921987][ T9605] ? trace_kmem_cache_alloc+0xf3/0x120 [ 301.922004][ T9605] ? kernel_clone+0xfc/0x9a0 [ 301.922020][ T9605] __vmalloc_node_noprof+0xad/0xf0 [ 301.922037][ T9605] ? kernel_clone+0xfc/0x9a0 [ 301.922055][ T9605] copy_process+0x5ec/0x7a10 [ 301.922071][ T9605] ? futex_unqueue+0x133/0x2c0 [ 301.922098][ T9605] ? __pfx_copy_process+0x10/0x10 [ 301.922119][ T9605] ? _copy_from_user+0x59/0xd0 [ 301.922137][ T9605] kernel_clone+0xfc/0x9a0 [ 301.922154][ T9605] ? __pfx_kernel_clone+0x10/0x10 [ 301.922175][ T9605] ? __pfx_futex_wait+0x10/0x10 [ 301.922201][ T9605] __do_sys_clone3+0x214/0x290 [ 301.922218][ T9605] ? __pfx___do_sys_clone3+0x10/0x10 [ 301.922259][ T9605] do_syscall_64+0x106/0xf80 [ 301.922276][ T9605] ? clear_bhb_loop+0x40/0x90 [ 301.922294][ T9605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.922309][ T9605] RIP: 0033:0x7f60b059c799 [ 301.922323][ T9605] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 301.922337][ T9605] RSP: 002b:00007f60b1502ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 301.922352][ T9605] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f60b059c799 [ 301.922362][ T9605] RDX: 00007f60b1502f10 RSI: 0000000000000058 RDI: 00007f60b1502f10 [ 301.922372][ T9605] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000058 [ 301.922380][ T9605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 301.922389][ T9605] R13: 00007f60b0816128 R14: 00007f60b0816090 R15: 00007ffc7b8ad378 [ 301.922408][ T9605] [ 302.413594][ T9619] can: request_module (can-proto-3) failed. [ 302.817860][ T9605] Mem-Info: [ 302.825770][ T9605] active_anon:15327 inactive_anon:5929 isolated_anon:0 [ 302.825770][ T9605] active_file:19480 inactive_file:42436 isolated_file:0 [ 302.825770][ T9605] unevictable:768 dirty:774 writeback:0 [ 302.825770][ T9605] slab_reclaimable:11525 slab_unreclaimable:93935 [ 302.825770][ T9605] mapped:26023 shmem:8581 pagetables:1223 [ 302.825770][ T9605] sec_pagetables:0 bounce:0 [ 302.825770][ T9605] kernel_misc_reclaimable:0 [ 302.825770][ T9605] free:1280121 free_pcp:40248 free_cma:0 [ 303.014622][ T9605] Node 0 active_anon:61204kB inactive_anon:23716kB active_file:77920kB inactive_file:153228kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100036kB dirty:3096kB writeback:0kB shmem:32788kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11456kB pagetables:4636kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 303.117005][ T9605] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:96kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 303.186343][ T9605] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 303.321251][ T9605] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 303.341922][ T9605] Node 0 DMA32 free:1185772kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:61204kB inactive_anon:26264kB active_file:77920kB inactive_file:155048kB unevictable:1536kB writepending:3100kB zspages:788kB present:3129332kB managed:2537428kB mlocked:0kB bounce:0kB free_pcp:152656kB local_pcp:152656kB free_cma:0kB [ 303.461192][ T9605] lowmem_reserve[]: 0 0 1 1 1 [ 303.477897][ T9605] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 303.569927][ T9653] ptrace attach of "./syz-executor exec"[5826] was attempted by "eZm߁?*Z.n\x22b,!\x0a\x0dK|L?t8)GW/l_|=\x0dԣi%QC#C**5rrRPK[o|`*4WZo7@<>Iqx_¤wblR)QD6amQ]7tU0fcYfuʜ؂km+NFQ(F\x5c=Єz;r4KpXȿDZBɠz&6\x07TTZ4~{H\x09 \x0bLME0X.2sXN՞'JgƠGܞu]\x07U?<}\x0a`WGȩcr hA(2D\x0d2LO\x0b<\x0cøY6sȏH?p.p}U8/rkgJ$4?\x5ch\x1bPR*ÔOuw~!SqdL j\x0a&U q_u|U}\x1bƛ![ (5pr*dr?\x0bff0Vn<JyIJҦ\x22s+r\x0a\x0bܾ#*X}|,m]{U>Рe$sZ1G0G|9`3DT@/0|:F~G]&+B&aU`Ga\x22\x07k5_!-&\x07j.Q!=۫3*i$O_y2D`@e F>룿n]|31Bo\x1b\x09WzG?6ib`\x1b\x07MW C*;b,Ғy\x5c}]\x0djQ5oqw#?~/湿0))DIy?&ZۍE [ 303.592392][ T9605] lowmem_reserve[]: [ 303.919109][ T9605] 0 0 0 0 0 [ 303.932870][ T9605] Node 1 Normal free:3939896kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 304.010892][ T9664] can0: slcan on ttyS2. [ 304.056437][ T9605] lowmem_reserve[]: 0 0 0 0 0 [ 304.078838][ T9605] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 304.136234][ T9605] Node 0 DMA32: 4195*4kB (UME) 3191*8kB (UME) 2862*16kB (UME) 1564*32kB (UM) 541*64kB (UME) 320*128kB (M) 154*256kB (UME) 52*512kB (UME) 21*1024kB (UM) 10*2048kB (UM) 211*4096kB (UM) = 1186020kB [ 304.243297][ T9661] can0 (unregistered): slcan off ttyS2. [ 304.256145][ T9605] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 304.339099][ T9605] Node 1 Normal: 8*4kB (UM) 9*8kB (UM) 7*16kB (UM) 7*32kB (UM) 8*64kB (UM) 5*128kB (UM) 2*256kB (M) 3*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 959*4096kB (M) = 3939896kB [ 304.429581][ T9605] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 304.488181][ T9605] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=2 hugepages_size=2048kB [ 304.548837][ T9605] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 304.587770][ T9605] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 304.649510][ T9605] 66456 total pagecache pages [ 304.680401][ T9605] 57 pages in swap cache [ 304.703815][ T9605] Free swap = 120524kB [ 304.734558][ T9605] Total swap = 124996kB [ 304.752178][ T9605] 2097051 pages RAM [ 304.773013][ T9605] 0 pages HighMem/MovableOnly [ 304.810511][ T9605] 430814 pages reserved [ 304.829279][ T9605] 0 pages cma reserved [ 305.505259][ T9705] netlink: 28 bytes leftover after parsing attributes in process `syz.2.937'. [ 305.717653][ T9712] netlink: 25 bytes leftover after parsing attributes in process `syz.0.939'. [ 307.292594][ T9757] FAULT_INJECTION: forcing a failure. [ 307.292594][ T9757] name failslab, interval 1, probability 0, space 0, times 0 [ 307.357433][ T9757] CPU: 0 UID: 0 PID: 9757 Comm: syz.3.944 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.357461][ T9757] Tainted: [L]=SOFTLOCKUP [ 307.357473][ T9757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 307.357483][ T9757] Call Trace: [ 307.357490][ T9757] [ 307.357497][ T9757] dump_stack_lvl+0x100/0x190 [ 307.357525][ T9757] should_fail_ex.cold+0x5/0xa [ 307.357544][ T9757] should_failslab+0xc2/0x120 [ 307.357560][ T9757] __kmalloc_cache_noprof+0x7a/0x6f0 [ 307.357580][ T9757] ? alloc_fdtable+0xbd/0x2d0 [ 307.357600][ T9757] ? find_held_lock+0x2b/0x80 [ 307.357615][ T9757] ? dup_fd+0x924/0xd10 [ 307.357631][ T9757] alloc_fdtable+0xbd/0x2d0 [ 307.357654][ T9757] dup_fd+0x995/0xd10 [ 307.357671][ T9757] ? apparmor_task_alloc+0x2c1/0x3b0 [ 307.357693][ T9757] copy_process+0x2631/0x7a10 [ 307.357709][ T9757] ? futex_unqueue+0x133/0x2c0 [ 307.357736][ T9757] ? __pfx_copy_process+0x10/0x10 [ 307.357758][ T9757] ? _copy_from_user+0x59/0xd0 [ 307.357775][ T9757] kernel_clone+0xfc/0x9a0 [ 307.357793][ T9757] ? __pfx_kernel_clone+0x10/0x10 [ 307.357814][ T9757] ? __pfx_futex_wait+0x10/0x10 [ 307.357840][ T9757] __do_sys_clone3+0x214/0x290 [ 307.357857][ T9757] ? __pfx___do_sys_clone3+0x10/0x10 [ 307.357906][ T9757] do_syscall_64+0x106/0xf80 [ 307.357925][ T9757] ? clear_bhb_loop+0x40/0x90 [ 307.357943][ T9757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.357959][ T9757] RIP: 0033:0x7f187319c799 [ 307.357973][ T9757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.357987][ T9757] RSP: 002b:00007f18740caef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 307.358002][ T9757] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f187319c799 [ 307.358012][ T9757] RDX: 00007f18740caf10 RSI: 0000000000000058 RDI: 00007f18740caf10 [ 307.358021][ T9757] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000058 [ 307.358030][ T9757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.358038][ T9757] R13: 00007f1873416128 R14: 00007f1873416090 R15: 00007ffec9520d98 [ 307.358057][ T9757] [ 309.454870][ T9791] Process accounting paused [ 310.638706][ T9829] Invalid ELF header magic: != ELF [ 311.226709][ T9841] FAULT_INJECTION: forcing a failure. [ 311.226709][ T9841] name failslab, interval 1, probability 0, space 0, times 0 [ 311.287010][ T9841] CPU: 0 UID: 0 PID: 9841 Comm: syz.2.974 Tainted: G L syzkaller #0 PREEMPT(full) [ 311.287038][ T9841] Tainted: [L]=SOFTLOCKUP [ 311.287044][ T9841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 311.287053][ T9841] Call Trace: [ 311.287059][ T9841] [ 311.287065][ T9841] dump_stack_lvl+0x100/0x190 [ 311.287093][ T9841] should_fail_ex.cold+0x5/0xa [ 311.287111][ T9841] should_failslab+0xc2/0x120 [ 311.287128][ T9841] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 311.287150][ T9841] ? __proc_create+0x2cb/0x8c0 [ 311.287177][ T9841] __proc_create+0x2cb/0x8c0 [ 311.287200][ T9841] ? __pfx___proc_create+0x10/0x10 [ 311.287225][ T9841] ? _raw_write_unlock+0x28/0x50 [ 311.287242][ T9841] ? proc_register+0x559/0x8a0 [ 311.287258][ T9841] proc_create_reg+0x75/0x170 [ 311.287274][ T9841] proc_create_seq_private+0x8e/0x180 [ 311.287290][ T9841] ? __pfx_proc_create_seq_private+0x10/0x10 [ 311.287305][ T9841] ? __pfx_proc_create_net_data+0x10/0x10 [ 311.287328][ T9841] ? __pfx_uevent_net_rcv+0x10/0x10 [ 311.287352][ T9841] ? __pfx_dev_proc_net_init+0x10/0x10 [ 311.287368][ T9841] dev_proc_net_init+0xac/0x230 [ 311.287385][ T9841] ops_init+0x1e2/0x5f0 [ 311.287405][ T9841] setup_net+0x118/0x3a0 [ 311.287424][ T9841] ? __pfx_setup_net+0x10/0x10 [ 311.287441][ T9841] ? lockdep_init_map_type+0x5c/0x250 [ 311.287461][ T9841] ? mutex_init_lockep+0x110/0x150 [ 311.287483][ T9841] copy_net_ns+0x46f/0x7c0 [ 311.287589][ T9841] create_new_namespaces+0x3ea/0xac0 [ 311.287611][ T9841] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 311.287629][ T9841] ksys_unshare+0x473/0xad0 [ 311.287650][ T9841] ? __pfx_ksys_unshare+0x10/0x10 [ 311.287676][ T9841] __x64_sys_unshare+0x31/0x40 [ 311.287693][ T9841] do_syscall_64+0x106/0xf80 [ 311.287711][ T9841] ? clear_bhb_loop+0x40/0x90 [ 311.287729][ T9841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.287745][ T9841] RIP: 0033:0x7f60b059c799 [ 311.287758][ T9841] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 311.287774][ T9841] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 311.287789][ T9841] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 311.287799][ T9841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 311.287808][ T9841] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 311.287817][ T9841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 311.287826][ T9841] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 311.287846][ T9841] [ 311.949247][ T9858] Console: switching to colour VGA+ 80x25 [ 315.139740][ T9926] FAULT_INJECTION: forcing a failure. [ 315.139740][ T9926] name failslab, interval 1, probability 0, space 0, times 0 [ 315.200094][ T9926] CPU: 0 UID: 0 PID: 9926 Comm: syz.3.985 Tainted: G L syzkaller #0 PREEMPT(full) [ 315.200122][ T9926] Tainted: [L]=SOFTLOCKUP [ 315.200127][ T9926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 315.200137][ T9926] Call Trace: [ 315.200142][ T9926] [ 315.200148][ T9926] dump_stack_lvl+0x100/0x190 [ 315.200176][ T9926] should_fail_ex.cold+0x5/0xa [ 315.200194][ T9926] should_failslab+0xc2/0x120 [ 315.200212][ T9926] __kmalloc_cache_noprof+0x7a/0x6f0 [ 315.200231][ T9926] ? virtual_ncidev_open+0x49/0x220 [ 315.200253][ T9926] virtual_ncidev_open+0x49/0x220 [ 315.200270][ T9926] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 315.200286][ T9926] misc_open+0x26d/0x450 [ 315.200300][ T9926] ? __pfx_misc_open+0x10/0x10 [ 315.200314][ T9926] chrdev_open+0x234/0x6a0 [ 315.200329][ T9926] ? __pfx_apparmor_file_open+0x10/0x10 [ 315.200351][ T9926] ? __pfx_chrdev_open+0x10/0x10 [ 315.200367][ T9926] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 315.200387][ T9926] do_dentry_open+0x6d8/0x1660 [ 315.200402][ T9926] ? __pfx_chrdev_open+0x10/0x10 [ 315.200421][ T9926] vfs_open+0x82/0x3f0 [ 315.200441][ T9926] path_openat+0x208c/0x31a0 [ 315.200462][ T9926] ? __pfx_path_openat+0x10/0x10 [ 315.200484][ T9926] do_file_open+0x20e/0x430 [ 315.200501][ T9926] ? __pfx_do_file_open+0x10/0x10 [ 315.200529][ T9926] ? alloc_fd+0x476/0x790 [ 315.200545][ T9926] ? do_getname+0x191/0x390 [ 315.200565][ T9926] do_sys_openat2+0x10d/0x1e0 [ 315.200583][ T9926] ? __pfx_do_sys_openat2+0x10/0x10 [ 315.200609][ T9926] __x64_sys_openat+0x12d/0x210 [ 315.200628][ T9926] ? __pfx___x64_sys_openat+0x10/0x10 [ 315.200654][ T9926] do_syscall_64+0x106/0xf80 [ 315.200672][ T9926] ? clear_bhb_loop+0x40/0x90 [ 315.200690][ T9926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.200706][ T9926] RIP: 0033:0x7f187319c799 [ 315.200720][ T9926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.200734][ T9926] RSP: 002b:00007f18740ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 315.200749][ T9926] RAX: ffffffffffffffda RBX: 00007f1873415fa0 RCX: 00007f187319c799 [ 315.200759][ T9926] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 315.200773][ T9926] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000000 [ 315.200788][ T9926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.200796][ T9926] R13: 00007f1873416038 R14: 00007f1873415fa0 R15: 00007ffec9520d98 [ 315.200816][ T9926] [ 316.302281][ T9946] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 317.257501][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.264035][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.461278][ T9960] netlink: 25 bytes leftover after parsing attributes in process `syz.1.996'. [ 320.241745][T10015] netlink: 'syz.3.1009': attribute type 2 has an invalid length. [ 321.802984][T10053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1017'. [ 322.924873][T10071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1020'. [ 323.017345][T10077] netlink: 'syz.2.1020': attribute type 1 has an invalid length. [ 323.082541][T10077] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1020'. [ 323.152501][T10075] FAULT_INJECTION: forcing a failure. [ 323.152501][T10075] name failslab, interval 1, probability 0, space 0, times 0 [ 323.259294][T10075] CPU: 0 UID: 0 PID: 10075 Comm: syz.3.1023 Tainted: G L syzkaller #0 PREEMPT(full) [ 323.259321][T10075] Tainted: [L]=SOFTLOCKUP [ 323.259327][T10075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 323.259336][T10075] Call Trace: [ 323.259341][T10075] [ 323.259347][T10075] dump_stack_lvl+0x100/0x190 [ 323.259374][T10075] should_fail_ex.cold+0x5/0xa [ 323.259400][T10075] should_failslab+0xc2/0x120 [ 323.259416][T10075] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 323.259439][T10075] ? __kernfs_new_node+0xd2/0x960 [ 323.259464][T10075] __kernfs_new_node+0xd2/0x960 [ 323.259486][T10075] ? __pfx___kernfs_new_node+0x10/0x10 [ 323.259511][T10075] ? find_held_lock+0x2b/0x80 [ 323.259525][T10075] ? kernfs_root+0xee/0x2a0 [ 323.259543][T10075] ? kernfs_root+0xee/0x2a0 [ 323.259568][T10075] kernfs_new_node+0x11b/0x1a0 [ 323.259593][T10075] __kernfs_create_file+0x53/0x350 [ 323.259612][T10075] sysfs_add_file_mode_ns+0x207/0x3c0 [ 323.259635][T10075] sysfs_merge_group+0x194/0x340 [ 323.259657][T10075] ? __pfx_sysfs_merge_group+0x10/0x10 [ 323.259680][T10075] ? __pfx_dev_add_physical_location+0x10/0x10 [ 323.259703][T10075] ? bus_to_subsys+0x114/0x150 [ 323.259722][T10075] dpm_sysfs_add+0x237/0x280 [ 323.259745][T10075] device_add+0x9ef/0x1950 [ 323.259761][T10075] ? __pfx_device_add+0x10/0x10 [ 323.259775][T10075] ? trace_kmalloc+0x101/0x130 [ 323.259789][T10075] ? __kasan_kmalloc+0xaa/0xb0 [ 323.259810][T10075] ? lockdep_init_map_type+0x5c/0x250 [ 323.259830][T10075] ? lockdep_init_map_type+0x5c/0x250 [ 323.259851][T10075] input_register_device+0x7d2/0xe20 [ 323.259873][T10075] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 323.259897][T10075] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 323.259918][T10075] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 323.259948][T10075] ? find_held_lock+0x2b/0x80 [ 323.259961][T10075] ? __fget_files+0x215/0x3d0 [ 323.259983][T10075] ? __pfx_uinput_ioctl+0x10/0x10 [ 323.260001][T10075] __x64_sys_ioctl+0x18e/0x210 [ 323.260023][T10075] do_syscall_64+0x106/0xf80 [ 323.260039][T10075] ? clear_bhb_loop+0x40/0x90 [ 323.260058][T10075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.260074][T10075] RIP: 0033:0x7f187319c799 [ 323.260089][T10075] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.260104][T10075] RSP: 002b:00007f18740ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 323.260119][T10075] RAX: ffffffffffffffda RBX: 00007f1873415fa0 RCX: 00007f187319c799 [ 323.260129][T10075] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 323.260138][T10075] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000000 [ 323.260147][T10075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.260157][T10075] R13: 00007f1873416038 R14: 00007f1873415fa0 R15: 00007ffec9520d98 [ 323.260178][T10075] [ 324.936661][T10109] FAULT_INJECTION: forcing a failure. [ 324.936661][T10109] name failslab, interval 1, probability 0, space 0, times 0 [ 325.013234][T10109] CPU: 0 UID: 0 PID: 10109 Comm: syz.1.1031 Tainted: G L syzkaller #0 PREEMPT(full) [ 325.013261][T10109] Tainted: [L]=SOFTLOCKUP [ 325.013267][T10109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 325.013276][T10109] Call Trace: [ 325.013281][T10109] [ 325.013287][T10109] dump_stack_lvl+0x100/0x190 [ 325.013315][T10109] should_fail_ex.cold+0x5/0xa [ 325.013334][T10109] should_failslab+0xc2/0x120 [ 325.013351][T10109] __kmalloc_cache_noprof+0x7a/0x6f0 [ 325.013370][T10109] ? kvm_set_irq_routing+0x24f/0x960 [ 325.013392][T10109] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 325.013419][T10109] kvm_set_irq_routing+0x24f/0x960 [ 325.013446][T10109] kvm_arch_vm_ioctl+0xf08/0x18d0 [ 325.013467][T10109] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 325.013490][T10109] ? __lock_acquire+0x4a5/0x2630 [ 325.013511][T10109] ? __lock_acquire+0x4a5/0x2630 [ 325.013533][T10109] ? __lock_acquire+0x4a5/0x2630 [ 325.013555][T10109] ? __lock_acquire+0x4a5/0x2630 [ 325.013584][T10109] ? is_bpf_text_address+0x8a/0x1a0 [ 325.013606][T10109] ? bpf_ksym_find+0x124/0x1c0 [ 325.013623][T10109] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 325.013640][T10109] ? is_bpf_text_address+0x94/0x1a0 [ 325.013661][T10109] ? kernel_text_address+0x8d/0x100 [ 325.013682][T10109] ? __kernel_text_address+0xd/0x30 [ 325.013703][T10109] ? unwind_get_return_address+0x59/0xa0 [ 325.013719][T10109] ? arch_stack_walk+0xa6/0xf0 [ 325.013740][T10109] ? tomoyo_path_number_perm+0x46d/0x580 [ 325.013763][T10109] ? stack_trace_save+0x8e/0xc0 [ 325.013777][T10109] ? __pfx_stack_trace_save+0x10/0x10 [ 325.013792][T10109] ? stack_depot_save_flags+0x27/0x9d0 [ 325.013809][T10109] ? __lock_acquire+0x4a5/0x2630 [ 325.013828][T10109] ? tomoyo_path_number_perm+0x46d/0x580 [ 325.013850][T10109] ? kasan_save_stack+0x3f/0x50 [ 325.013873][T10109] ? kasan_save_stack+0x30/0x50 [ 325.013900][T10109] ? kasan_save_track+0x14/0x30 [ 325.013922][T10109] ? kasan_save_free_info+0x3b/0x70 [ 325.013940][T10109] ? __kasan_slab_free+0x5f/0x80 [ 325.013956][T10109] kvm_vm_ioctl+0x1564/0x4080 [ 325.013979][T10109] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 325.014005][T10109] ? tomoyo_path_number_perm+0x46d/0x580 [ 325.014029][T10109] ? kasan_quarantine_put+0x104/0x240 [ 325.014050][T10109] ? lockdep_hardirqs_on+0x78/0x100 [ 325.014069][T10109] ? find_held_lock+0x2b/0x80 [ 325.014082][T10109] ? tomoyo_path_number_perm+0x28f/0x580 [ 325.014104][T10109] ? tomoyo_path_number_perm+0x28f/0x580 [ 325.014141][T10109] ? tomoyo_path_number_perm+0x188/0x580 [ 325.014165][T10109] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 325.014188][T10109] ? futex_wait+0x125/0x380 [ 325.014217][T10109] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 325.014243][T10109] ? do_vfs_ioctl+0x226/0x13e0 [ 325.014264][T10109] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 325.014290][T10109] ? find_held_lock+0x2b/0x80 [ 325.014302][T10109] ? __fget_files+0x215/0x3d0 [ 325.014315][T10109] ? hook_file_ioctl_common+0x146/0x410 [ 325.014343][T10109] ? __fget_files+0x21f/0x3d0 [ 325.014359][T10109] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 325.014375][T10109] __x64_sys_ioctl+0x18e/0x210 [ 325.014398][T10109] do_syscall_64+0x106/0xf80 [ 325.014415][T10109] ? clear_bhb_loop+0x40/0x90 [ 325.014433][T10109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.014448][T10109] RIP: 0033:0x7f510f59c799 [ 325.014463][T10109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 325.014478][T10109] RSP: 002b:00007f510d7d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 325.014493][T10109] RAX: ffffffffffffffda RBX: 00007f510f816090 RCX: 00007f510f59c799 [ 325.014503][T10109] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 325.014512][T10109] RBP: 00007f510f632c99 R08: 0000000000000000 R09: 0000000000000000 [ 325.014522][T10109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 325.014530][T10109] R13: 00007f510f816128 R14: 00007f510f816090 R15: 00007ffd7cea1528 [ 325.014552][T10109] [ 326.524815][T10122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1037'. [ 326.564301][T10122] netlink: 'syz.3.1037': attribute type 1 has an invalid length. [ 326.604852][T10122] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.1037'. [ 331.190090][T10232] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1062'. [ 332.554719][T10112] Bluetooth: hci2: Malformed LE Event: 0x0b [ 332.898106][T10288] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1076'. [ 334.249824][T10324] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1081'. [ 336.353016][T10376] misc userio: Invalid payload size [ 337.094257][T10387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1092'. [ 338.823331][T10409] Invalid ELF header magic: != ELF [ 338.946894][T10411] FAULT_INJECTION: forcing a failure. [ 338.946894][T10411] name failslab, interval 1, probability 0, space 0, times 0 [ 339.015722][T10411] CPU: 0 UID: 0 PID: 10411 Comm: syz.2.1100 Tainted: G L syzkaller #0 PREEMPT(full) [ 339.015749][T10411] Tainted: [L]=SOFTLOCKUP [ 339.015755][T10411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 339.015764][T10411] Call Trace: [ 339.015769][T10411] [ 339.015776][T10411] dump_stack_lvl+0x100/0x190 [ 339.015804][T10411] should_fail_ex.cold+0x5/0xa [ 339.015823][T10411] ? apply_wqattrs_prepare+0xfe/0xbb0 [ 339.015838][T10411] should_failslab+0xc2/0x120 [ 339.015854][T10411] __kmalloc_noprof+0xe0/0x850 [ 339.015880][T10411] apply_wqattrs_prepare+0xfe/0xbb0 [ 339.015895][T10411] ? __alloc_workqueue+0x901/0x1880 [ 339.015917][T10411] apply_workqueue_attrs_locked+0x64/0xe0 [ 339.015933][T10411] __alloc_workqueue+0xe25/0x1880 [ 339.015953][T10411] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 339.015973][T10411] alloc_workqueue_noprof+0xd2/0x200 [ 339.015990][T10411] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 339.016012][T10411] ? __pfx___debug_object_init+0x10/0x10 [ 339.016039][T10411] nci_register_device+0x511/0xb80 [ 339.016064][T10411] ? __pfx_nci_register_device+0x10/0x10 [ 339.016089][T10411] ? lockdep_init_map_type+0x5c/0x250 [ 339.016112][T10411] virtual_ncidev_open+0x141/0x220 [ 339.016130][T10411] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 339.016147][T10411] misc_open+0x26d/0x450 [ 339.016161][T10411] ? __pfx_misc_open+0x10/0x10 [ 339.016174][T10411] chrdev_open+0x234/0x6a0 [ 339.016189][T10411] ? __pfx_apparmor_file_open+0x10/0x10 [ 339.016210][T10411] ? __pfx_chrdev_open+0x10/0x10 [ 339.016226][T10411] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 339.016246][T10411] do_dentry_open+0x6d8/0x1660 [ 339.016261][T10411] ? __pfx_chrdev_open+0x10/0x10 [ 339.016280][T10411] vfs_open+0x82/0x3f0 [ 339.016301][T10411] path_openat+0x208c/0x31a0 [ 339.016323][T10411] ? __pfx_path_openat+0x10/0x10 [ 339.016345][T10411] do_file_open+0x20e/0x430 [ 339.016362][T10411] ? __pfx_do_file_open+0x10/0x10 [ 339.016391][T10411] ? alloc_fd+0x476/0x790 [ 339.016415][T10411] ? do_getname+0x191/0x390 [ 339.016435][T10411] do_sys_openat2+0x10d/0x1e0 [ 339.016455][T10411] ? __pfx_do_sys_openat2+0x10/0x10 [ 339.016482][T10411] __x64_sys_openat+0x12d/0x210 [ 339.016503][T10411] ? __pfx___x64_sys_openat+0x10/0x10 [ 339.016530][T10411] do_syscall_64+0x106/0xf80 [ 339.016547][T10411] ? clear_bhb_loop+0x40/0x90 [ 339.016565][T10411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.016580][T10411] RIP: 0033:0x7f60b059c799 [ 339.016594][T10411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 339.016609][T10411] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 339.016624][T10411] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 339.016634][T10411] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 339.016644][T10411] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 339.016653][T10411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 339.016663][T10411] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 339.016683][T10411] [ 340.248187][T10417] Process accounting resumed [ 340.334750][T10436] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1107'. [ 340.366253][T10436] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1107'. [ 342.671189][T10482] device-mapper: ioctl: Unable to rename non-existent device,  to [ 343.205812][T10492] misc userio: Invalid payload size [ 344.823181][T10517] hub 1-0:1.0: USB hub found [ 344.885634][T10517] hub 1-0:1.0: 1 port detected [ 345.297218][T10522] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1125'. [ 345.525627][T10522] team0 (unregistering): Port device team_slave_0 removed [ 345.865302][T10112] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 347.680522][T10555] misc userio: Invalid payload size [ 348.663351][T10568] netlink: 'syz.0.1137': attribute type 2 has an invalid length. [ 351.535446][T10610] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1148'. [ 352.208806][T10620] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1149'. [ 353.036365][T10631] random: crng reseeded on system resumption [ 353.146909][T10637] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1152'. [ 353.224870][T10638] input: jJǸ-9%vJ86 as /devices/virtual/input/input15 [ 353.655078][T10644] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1157'. [ 355.940846][T10676] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1163'. [ 356.010039][T10676] netlink: 'syz.3.1163': attribute type 1 has an invalid length. [ 356.093522][T10676] netlink: 'syz.3.1163': attribute type 6 has an invalid length. [ 357.221972][T10688] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1166'. [ 357.305527][T10690] FAULT_INJECTION: forcing a failure. [ 357.305527][T10690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 357.444570][T10688] FAULT_INJECTION: forcing a failure. [ 357.444570][T10688] name failslab, interval 1, probability 0, space 0, times 0 [ 357.516010][T10694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1167'. [ 357.566799][T10690] CPU: 0 UID: 0 PID: 10690 Comm: syz.3.1166 Tainted: G L syzkaller #0 PREEMPT(full) [ 357.566827][T10690] Tainted: [L]=SOFTLOCKUP [ 357.566833][T10690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 357.566848][T10690] Call Trace: [ 357.566884][T10690] [ 357.566892][T10690] dump_stack_lvl+0x100/0x190 [ 357.566964][T10690] should_fail_ex.cold+0x5/0xa [ 357.567001][T10690] core_sys_select+0x9b9/0xbb0 [ 357.567043][T10690] ? __pfx_core_sys_select+0x10/0x10 [ 357.567085][T10690] ? ktime_get_ts64+0x2d2/0x3f0 [ 357.567115][T10690] ? read_tsc+0x9/0x20 [ 357.567137][T10690] ? ktime_get_ts64+0x256/0x3f0 [ 357.567154][T10690] kern_select+0x20c/0x270 [ 357.567178][T10690] ? __pfx_kern_select+0x10/0x10 [ 357.567208][T10690] __x64_sys_select+0xbd/0x160 [ 357.567230][T10690] ? do_syscall_64+0x95/0xf80 [ 357.567304][T10690] ? lockdep_hardirqs_on+0x78/0x100 [ 357.567342][T10690] do_syscall_64+0x106/0xf80 [ 357.567367][T10690] ? clear_bhb_loop+0x40/0x90 [ 357.567394][T10690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.567411][T10690] RIP: 0033:0x7f187319c799 [ 357.567425][T10690] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 357.567440][T10690] RSP: 002b:00007f18740cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 357.567487][T10690] RAX: ffffffffffffffda RBX: 00007f1873416090 RCX: 00007f187319c799 [ 357.567498][T10690] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 357.567507][T10690] RBP: 00007f1873232c99 R08: 00002000000001c0 R09: 0000000000000000 [ 357.567517][T10690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.567526][T10690] R13: 00007f1873416128 R14: 00007f1873416090 R15: 00007ffec9520d98 [ 357.567546][T10690] [ 357.951956][T10688] CPU: 0 UID: 0 PID: 10688 Comm: syz.3.1166 Tainted: G L syzkaller #0 PREEMPT(full) [ 357.951985][T10688] Tainted: [L]=SOFTLOCKUP [ 357.951990][T10688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 357.952000][T10688] Call Trace: [ 357.952014][T10688] [ 357.952021][T10688] dump_stack_lvl+0x100/0x190 [ 357.952049][T10688] should_fail_ex.cold+0x5/0xa [ 357.952068][T10688] should_failslab+0xc2/0x120 [ 357.952110][T10688] __kmalloc_cache_noprof+0x7a/0x6f0 [ 357.952138][T10688] ? call_usermodehelper_setup+0xaf/0x360 [ 357.952174][T10688] ? __pfx_free_modprobe_argv+0x10/0x10 [ 357.952195][T10688] call_usermodehelper_setup+0xaf/0x360 [ 357.952221][T10688] __request_module+0x3c7/0x6c0 [ 357.952242][T10688] ? __pfx___request_module+0x10/0x10 [ 357.952274][T10688] ? preempt_schedule_thunk+0x16/0x30 [ 357.952307][T10688] get_fs_type+0xd7/0x190 [ 357.952335][T10688] __x64_sys_fsopen+0xca/0x220 [ 357.952355][T10688] do_syscall_64+0x106/0xf80 [ 357.952373][T10688] ? clear_bhb_loop+0x40/0x90 [ 357.952391][T10688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.952406][T10688] RIP: 0033:0x7f187319c799 [ 357.952421][T10688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 357.952440][T10688] RSP: 002b:00007f18740ec028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 357.952456][T10688] RAX: ffffffffffffffda RBX: 00007f1873415fa0 RCX: 00007f187319c799 [ 357.952467][T10688] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 357.952476][T10688] RBP: 00007f1873232c99 R08: 0000000000000000 R09: 0000000000000000 [ 357.952485][T10688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.952495][T10688] R13: 00007f1873416038 R14: 00007f1873415fa0 R15: 00007ffec9520d98 [ 357.952522][T10688] [ 361.116184][T10728] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1178'. [ 361.133219][T10732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1179'. [ 362.135602][T10065] Bluetooth: hci4: Frame reassembly failed (-84) [ 362.492440][T10751] misc userio: Invalid payload size [ 363.368581][T10762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1185'. [ 363.440151][T10765] netlink: 'syz.0.1185': attribute type 1 has an invalid length. [ 363.473980][T10764] can0: slcan on ttyS2. [ 363.508021][T10765] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.1185'. [ 363.634304][T10763] can0 (unregistered): slcan off ttyS2. [ 364.123700][T10112] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 366.695141][T10825] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1192'. [ 368.419446][T10845] device-mapper: ioctl: Unable to rename non-existent device,  to [ 369.632010][T10855] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1200'. [ 369.735053][T10856] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1200'. [ 370.193304][T10861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1203'. [ 374.306530][T10919] input: f as /devices/virtual/input/input16 [ 374.357574][T10919] FAULT_INJECTION: forcing a failure. [ 374.357574][T10919] name failslab, interval 1, probability 0, space 0, times 0 [ 374.425300][T10919] CPU: 0 UID: 0 PID: 10919 Comm: syz.0.1214 Tainted: G L syzkaller #0 PREEMPT(full) [ 374.425328][T10919] Tainted: [L]=SOFTLOCKUP [ 374.425334][T10919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 374.425344][T10919] Call Trace: [ 374.425349][T10919] [ 374.425356][T10919] dump_stack_lvl+0x100/0x190 [ 374.425386][T10919] should_fail_ex.cold+0x5/0xa [ 374.425406][T10919] should_failslab+0xc2/0x120 [ 374.425429][T10919] __kmalloc_cache_noprof+0x7a/0x6f0 [ 374.425451][T10919] ? kobject_uevent_env+0x263/0x18b0 [ 374.425573][T10919] kobject_uevent_env+0x263/0x18b0 [ 374.425597][T10919] ? kernfs_put+0x3f/0x60 [ 374.425640][T10919] ? sysfs_do_create_link_sd+0xbb/0x140 [ 374.425661][T10919] ? bus_to_subsys+0x114/0x150 [ 374.425733][T10919] device_add+0x116e/0x1950 [ 374.425750][T10919] ? __pfx_device_add+0x10/0x10 [ 374.425768][T10919] ? kobject_get+0xbb/0x150 [ 374.425790][T10919] cdev_device_add+0x12b/0x270 [ 374.425809][T10919] evdev_connect+0x3a8/0x4b0 [ 374.425889][T10919] input_attach_handler.isra.0+0x177/0x1e0 [ 374.425932][T10919] input_register_device.cold+0x139/0x375 [ 374.425968][T10919] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 374.426032][T10919] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 374.426054][T10919] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 374.426083][T10919] ? find_held_lock+0x2b/0x80 [ 374.426104][T10919] ? __fget_files+0x215/0x3d0 [ 374.426127][T10919] ? __pfx_uinput_ioctl+0x10/0x10 [ 374.426151][T10919] __x64_sys_ioctl+0x18e/0x210 [ 374.426175][T10919] do_syscall_64+0x106/0xf80 [ 374.426193][T10919] ? clear_bhb_loop+0x40/0x90 [ 374.426211][T10919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.426227][T10919] RIP: 0033:0x7f9c67d9c799 [ 374.426241][T10919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 374.426256][T10919] RSP: 002b:00007f9c68c3f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 374.426271][T10919] RAX: ffffffffffffffda RBX: 00007f9c68015fa0 RCX: 00007f9c67d9c799 [ 374.426284][T10919] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000009 [ 374.426293][T10919] RBP: 00007f9c67e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 374.426303][T10919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.426312][T10919] R13: 00007f9c68016038 R14: 00007f9c68015fa0 R15: 00007ffc75db5d28 [ 374.426333][T10919] [ 378.686264][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.693927][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.957424][T10984] zswap: compressor w(<8.D z not available [ 381.026614][T11029] binder: 11023:11029 ioctl c018620c 0 returned -1 [ 382.154813][T11044] netlink: 'syz.3.1238': attribute type 2 has an invalid length. [ 382.893590][T10112] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 383.327154][T11058] hub 1-0:1.0: USB hub found [ 383.374867][T11058] hub 1-0:1.0: 1 port detected [ 383.903798][T11066] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1243'. [ 383.999538][T11066] bridge_slave_0: left allmulticast mode [ 384.032106][T11066] bridge_slave_0: left promiscuous mode [ 384.066726][T11066] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.470474][T11069] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1244'. [ 384.897166][T11080] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1257'. [ 385.175635][T11082] input: jJǸ-9%vJ86 as /devices/virtual/input/input17 [ 386.399569][T11096] input: jJǸ-9%vJ86 as /devices/virtual/input/input18 [ 386.813035][T11103] FAULT_INJECTION: forcing a failure. [ 386.813035][T11103] name failslab, interval 1, probability 0, space 0, times 0 [ 386.899448][T11103] CPU: 0 UID: 0 PID: 11103 Comm: syz.2.1256 Tainted: G L syzkaller #0 PREEMPT(full) [ 386.899475][T11103] Tainted: [L]=SOFTLOCKUP [ 386.899481][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 386.899491][T11103] Call Trace: [ 386.899496][T11103] [ 386.899502][T11103] dump_stack_lvl+0x100/0x190 [ 386.899531][T11103] should_fail_ex.cold+0x5/0xa [ 386.899550][T11103] should_failslab+0xc2/0x120 [ 386.899567][T11103] __kmalloc_cache_noprof+0x7a/0x6f0 [ 386.899586][T11103] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 386.899690][T11103] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 386.899710][T11103] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 386.899729][T11103] vidtv_channel_si_init+0x1289/0x18d0 [ 386.899777][T11103] vidtv_mux_init+0x526/0xbf0 [ 386.899799][T11103] vidtv_start_feed+0x33e/0x4c0 [ 386.899844][T11103] ? __pfx_vidtv_start_feed+0x10/0x10 [ 386.899868][T11103] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 386.899895][T11103] ? mark_held_locks+0x40/0x70 [ 386.899917][T11103] ? __pfx_vidtv_start_feed+0x10/0x10 [ 386.899939][T11103] dmx_ts_feed_start_filtering+0xf6/0x220 [ 386.900004][T11103] dvb_dmxdev_start_feed+0x273/0x3f0 [ 386.900049][T11103] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 386.900075][T11103] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 386.900100][T11103] dvb_demux_do_ioctl+0xe64/0x1200 [ 386.900129][T11103] dvb_usercopy+0x167/0x340 [ 386.900148][T11103] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 386.900171][T11103] ? __pfx_dvb_usercopy+0x10/0x10 [ 386.900199][T11103] ? __fget_files+0x21f/0x3d0 [ 386.900217][T11103] dvb_demux_ioctl+0x29/0x40 [ 386.900236][T11103] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 386.900256][T11103] __x64_sys_ioctl+0x18e/0x210 [ 386.900279][T11103] do_syscall_64+0x106/0xf80 [ 386.900297][T11103] ? clear_bhb_loop+0x40/0x90 [ 386.900316][T11103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.900332][T11103] RIP: 0033:0x7f60b059c799 [ 386.900346][T11103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.900361][T11103] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 386.900377][T11103] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 386.900386][T11103] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 386.900395][T11103] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 386.900404][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.900413][T11103] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 386.900434][T11103] [ 386.900485][T11103] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 387.172000][T11103] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 387.180413][T11103] CPU: 0 UID: 0 PID: 11103 Comm: syz.2.1256 Tainted: G L syzkaller #0 PREEMPT(full) [ 387.191613][T11103] Tainted: [L]=SOFTLOCKUP [ 387.196025][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 387.206103][T11103] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 387.212013][T11103] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 6d 08 dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 49 08 dc f9 4d 85 e4 [ 387.231724][T11103] RSP: 0018:ffffc90003867a10 EFLAGS: 00010247 [ 387.238043][T11103] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc90006c32000 [ 387.246093][T11103] RDX: 0000000000000000 RSI: ffffffff882c0d13 RDI: 0000000000000005 [ 387.254059][T11103] RBP: ffff8880415aea40 R08: 0000000000000000 R09: 4453534204050000 [ 387.262060][T11103] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 387.270116][T11103] R13: ffff88807ab0b740 R14: ffff88802aef78c0 R15: ffff88805b442480 [ 387.278094][T11103] FS: 00007f60b15246c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 387.287199][T11103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 387.293788][T11103] CR2: 00007f60b1502ff8 CR3: 0000000078502000 CR4: 00000000003526f0 [ 387.301771][T11103] Call Trace: [ 387.305050][T11103] [ 387.307976][T11103] vidtv_channel_si_init+0x12fc/0x18d0 [ 387.313435][T11103] vidtv_mux_init+0x526/0xbf0 [ 387.318114][T11103] vidtv_start_feed+0x33e/0x4c0 [ 387.322976][T11103] ? __pfx_vidtv_start_feed+0x10/0x10 [ 387.328371][T11103] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 387.335008][T11103] ? mark_held_locks+0x40/0x70 [ 387.339768][T11103] ? __pfx_vidtv_start_feed+0x10/0x10 [ 387.345136][T11103] dmx_ts_feed_start_filtering+0xf6/0x220 [ 387.350858][T11103] dvb_dmxdev_start_feed+0x273/0x3f0 [ 387.356151][T11103] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 387.361614][T11103] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 387.366817][T11103] dvb_demux_do_ioctl+0xe64/0x1200 [ 387.371924][T11103] dvb_usercopy+0x167/0x340 [ 387.376515][T11103] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 387.382059][T11103] ? __pfx_dvb_usercopy+0x10/0x10 [ 387.387175][T11103] ? __fget_files+0x21f/0x3d0 [ 387.391876][T11103] dvb_demux_ioctl+0x29/0x40 [ 387.396570][T11103] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 387.401947][T11103] __x64_sys_ioctl+0x18e/0x210 [ 387.406706][T11103] do_syscall_64+0x106/0xf80 [ 387.411561][T11103] ? clear_bhb_loop+0x40/0x90 [ 387.416244][T11103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.422137][T11103] RIP: 0033:0x7f60b059c799 [ 387.426544][T11103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 387.446259][T11103] RSP: 002b:00007f60b1524028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 387.454658][T11103] RAX: ffffffffffffffda RBX: 00007f60b0815fa0 RCX: 00007f60b059c799 [ 387.462630][T11103] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 387.470586][T11103] RBP: 00007f60b0632c99 R08: 0000000000000000 R09: 0000000000000000 [ 387.478547][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.486513][T11103] R13: 00007f60b0816038 R14: 00007f60b0815fa0 R15: 00007ffc7b8ad378 [ 387.494566][T11103] [ 387.497723][T11103] Modules linked in: [ 387.503003][T11103] ---[ end trace 0000000000000000 ]--- [ 387.822991][T11091] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 388.516644][T11103] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 388.537686][T11103] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 6d 08 dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 49 08 dc f9 4d 85 e4 [ 388.603397][T11103] RSP: 0018:ffffc90003867a10 EFLAGS: 00010247 [ 388.649495][T11103] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc90006c32000 [ 388.679290][T11103] RDX: 0000000000000000 RSI: ffffffff882c0d13 RDI: 0000000000000005 [ 388.719298][T11103] RBP: ffff8880415aea40 R08: 0000000000000000 R09: 4453534204050000 [ 388.754579][T11103] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 388.784091][T11103] R13: ffff88807ab0b740 R14: ffff88802aef78c0 R15: ffff88805b442480 [ 388.813600][T11103] FS: 00007f60b15246c0(0000) GS:ffff88812434d000(0000) knlGS:0000000000000000 [ 388.843043][T11103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 388.870426][T11103] CR2: 0000001b30ef0ff8 CR3: 0000000078502000 CR4: 00000000003526f0 [ 388.899586][T11103] Kernel panic - not syncing: Fatal exception [ 388.905745][T11103] Kernel Offset: disabled [ 388.910061][T11103] Rebooting in 86400 seconds..