last executing test programs: 12.554281232s ago: executing program 0 (id=2477): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/sunrpc/parameters/tcp_max_slot_table_entries\x00', 0x88282, 0x0) sendfile$auto(r2, r2, 0x0, 0x71) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r1) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x20, r3, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x1}]}, 0x20}}, 0x40000) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) mmap$auto(0x0, 0x4000005, 0xfffffffffffffe01, 0x8051, 0x3, 0x10000000008000) r4 = socket(0x10, 0x2, 0x0) recvmmsg$auto(r4, &(0x7f0000000140)={{0x0, 0x3, 0x0, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000006c0)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x7}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2400000b756, 0x10001}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, &(0x7f0000000080)={{@raw=0x1002, 0x6, 0xa, 0x7, "26d718b7d3ee69350e4ede7079dcb0c24c8aa1e3c7ee2e00308b8a7d74b0a707f7045e6d035b196ca83379bb", @inferred=0x0}, 0x7, 0xfffffffc, 0x82, @inferred, @enumerated={0x0, 0x6, "ad75b255b5cdd64a6b7a755de55f8e3b81e6c4e6fbf4f15a5ca5dc29f056113e9b60cd7bd82081ec90b01a6c1ae79b9fd0930da366e011ae30c0a636577776a6", 0x2003, 0xcac}, "18a801006a0900000000000000c4bd5359eeadc8357752b72fa176254d8797cdffd02555ac83a07983eeddcd24b626f54ad9d763dcdc9120af8b7c848ceb55a7"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000340)={{@raw=0x6, 0x308, 0xffff, 0x9, "cd9ac857d737bb20feeb0c005eb571a89986bbec6f001887a4d49e096afdf3bb0959c5432aadf71c2f91af00", @raw=0x4}, 0x9, 0xf, 0x1, @inferred=r6, @enumerated={0x7133, 0x5, "8e4ccd6746972c6ac28bdde69c5070d317980efcb9b3e8d7b8176a709302cefa4e7ad3920798a929a43f165472bdaab2c5d1c3f67faea7d8cf5430450d8da99c", 0xffffffff, 0xfffffff6}, "842e773e1652f754bc887e438da1a21b2bb21f22fdee260a7182c53b299693a64e7c248a610a2fc8edae9b434d3ad49e011705988084914add78fa45450688a7"}) r7 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), r4) sendmsg$auto_BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r7, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TQ={0x5, 0x19, 0x9}, @BATADV_ATTR_TT_TTVN={0x5, 0x11, 0x2}, @BATADV_ATTR_TT_TTVN={0x5, 0x11, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x880}, 0x4000) futex$auto(&(0x7f0000001d00)=0x4, 0x5, 0x7, 0x0, &(0x7f0000001d80)=0x3ff, 0x401) 12.182519394s ago: executing program 0 (id=2480): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r1 = io_uring_setup$auto(0x1, 0x0) write$auto_fops_init_pkru_pkeys(r1, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0) r2 = bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x4ff, 0x0) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x2000000) shmctl$auto(0x1d, 0x58, &(0x7f0000000340)={{0x2, 0xee00, 0xee01, 0x6, 0x9, 0x7, 0x5}, 0x2, 0xfffffffffffffffd, 0x7, 0x7, @raw=0x6, @raw=0xbe, 0x1, 0x0, &(0x7f0000000180)="df36d28359fee1296cf984b73bd9e167bac2c467862fe0bf152bd5406ddfd8a37b195c5c56cd58a833bcd3a215b04c59fb8b78af176c730bc2cec0934ff763a5cb5faaab", &(0x7f0000000240)="0ef32451a60d2cc131fc3bd79f24803892096ce0b6f220150548040098f54447a216bb9ebffa36194bb2811eaf5f8d4d34264b16821295d4fe6bf68c4c2007f60a394f3cf79e0fe1f0decdd2f3a9e30143e5e8e80e7d7a4397d59dad8c6196617da6e6a905e8a6bd1676c13a150fe05dee9f52d591926ac06e243d419e6eb862c59f6bf2f42a55224b3233a82e8068b35229f3b4f5ce6de7440e1b56fe0fe5aa5b444d061d7eb1d011468b205134e67467c67e44b3b97e50a41751492683f287af2f26885424398735818c5f81c7c6848cfaf6334fa40006d78284e1fcda7cf198e3ae0a12fbe6322886b83665ed4487d5d6a78300e9be7d94c59334"}) quotactl_fd$auto(r3, 0x2, r4, &(0x7f00000003c0)="9f52291e498685be2776eab6237834e85f2e25e426a9a6f2a804cd74d3a8a02c9b9d3638d79138a8e5c3b09d8e9e777f5f0c5922dd86f7211af986aab3bf13cf9be5a0617026") r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r5, 0x1, 0x70bd29, 0x25dfdbfb, {0x2, 0x0, 0x14}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x1}]}, 0x24}, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) sendmsg$auto_NL80211_CMD_GET_STATION(r2, 0x0, 0x24044081) 11.765254508s ago: executing program 0 (id=2481): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0x3, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8fc0, 0x0) prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) mmap$auto(0x0, 0x9, 0xfc, 0x1000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62142, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 10.615853349s ago: executing program 0 (id=2484): mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) 10.449953472s ago: executing program 0 (id=2486): unshare$auto(0x40000080) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40000) kexec_load$auto(0x70, 0x2, &(0x7f0000000080)={@buf=0x0, 0x0, 0x8000, 0x403000}, 0x4) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x1, 0x2688, 0x5, 0x0, 0x7) 9.52537988s ago: executing program 0 (id=2492): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x100000000, 0x2000d, 0x1, 0xeb1, 0xffffffffffffffff, 0x100000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x1, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) ioctl$auto_TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f0000000180)=0x10) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) sendfile$auto(r2, r1, 0x0, 0x1fff5) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) io_uring_setup$auto(0x4bf15e08, 0x0) bpf$auto(0x12, 0x0, 0x26) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) unshare$auto(0x40000080) eventfd$auto(0x8c) 4.803898884s ago: executing program 3 (id=2514): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2, 0x80000000df, 0x14, 0x401, 0x8000) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) ppoll$auto(&(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3}, 0x3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x4}, 0x1000000000028, 0x0, 0x1, 0x3e0}, 0x800}, 0x4, 0x4008) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) fallocate$auto(0x8000000000000003, 0x40, 0x9, 0x4cbd5d) socket(0xf, 0x5, 0x4) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x509a40, 0x0) select$auto(0x8059, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x37, 0xa, 0x1, 0x948b, 0x6, 0x15f4da0a, 0x7, 0x3, 0x800, 0x80000023, 0x200000000000007, 0x6d42, 0xc, 0x2495dae0, 0x52]}, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000600)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5') 3.56530784s ago: executing program 3 (id=2517): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) 3.004040803s ago: executing program 3 (id=2518): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0x3, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8fc0, 0x0) prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) mmap$auto(0x0, 0x9, 0xfc, 0x1000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62142, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 2.951893223s ago: executing program 1 (id=2519): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) wait4$auto(0x0, &(0x7f0000000040)=0x8, 0x6, &(0x7f0000000080)={{0x9, 0x6}, {0x7f, 0x5}, 0x100000000, 0xcef4, 0x2, 0x2, 0x5, 0x9, 0x3, 0xffffffff, 0x10, 0x7fff, 0x4, 0x65, 0x8000000000000001, 0x3}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0241, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x0, 0x2072c2, 0xc, 0x100000000}}) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mseal$auto(0x0, 0x7dda, 0x0) madvise$auto(0x0, 0x3, 0x3) writev$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xf, 0xfffffffd, 0x44b, 0x3, 0x5, 0x1007181, 0xd1, 0x400007, 0x3, 0x2, 0x800c, 0x80000001, 0x4, 0x80200000000001, 0x200000004, 0xde3, 0x9809588, 0xfffffffd, 0x2, 0x1, 0x864, 0x6, 0x22000, 0x201, 0x4, 0xc3f, 0x2000000, 0x0, 0x0, 0x0, 0x39, [0x0, 0x0, 0x0, 0x7fdf, 0x47, 0x4000000000000, 0x100, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7cd, 0x7, 0x2, 0x8000000000000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x6, 0x7ff, 0x0, 0x0, 0x1, 0x0, 0xfff]}, 0xa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1441, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd02, &(0x7f00000001c0)) 2.877803744s ago: executing program 2 (id=2520): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x1d, 0x4, 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f00000000c0)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) unlink$auto(&(0x7f0000000180)='./file0\x00') fallocate$auto(0x8000000000000003, 0x0, 0x8000000d, 0x2cbd5d) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000140)) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r0) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, 0x0, 0x40000) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0xac, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0xffffffffffffffff, 0x6, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) socket(0xf, 0x3, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) write$auto(0x3, 0x0, 0xffd8) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) 2.132784684s ago: executing program 1 (id=2521): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x7fffffff, 0x7, 0x800000e3, 0x9b72, 0xffffffffffffffff, 0xbf2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.weight_device\x00', 0x2062, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) adjtimex$auto(0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) listen$auto(0x3, 0x81) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7d, 0xe40}, 0x9, 0x84) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytd\x00', 0x800, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) 2.071436581s ago: executing program 2 (id=2522): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram4\x00', 0x14be02, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0x3, 0x2) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) socket(0x11, 0x2, 0x73) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) fanotify_init$auto(0x5, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x40401, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x400455c8, 0x0) io_uring_setup$auto(0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xa8042, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) 2.002766315s ago: executing program 1 (id=2523): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x11, 0x2, 0x2) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/034/001\x00', 0x201, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socket(0xa, 0x2, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x161401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) socket(0x2b, 0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) ioctl$auto_TCFLSH2(r0, 0x5408, 0x0) 1.784283132s ago: executing program 3 (id=2524): mmap$auto(0x0, 0x400008, 0xde, 0x8009b72, 0x2, 0xb) close_range$auto(0xffffffffffffffff, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x3a) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r0) 1.783033058s ago: executing program 1 (id=2525): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0xb, 0x5) mq_timedsend$auto(r0, 0x0, 0x6, 0x5, &(0x7f0000000200)={0x12000000000000, 0x7}) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) write$auto(0xca, &(0x7f0000000140)='\x042\x01\f\r\a\x00\xf6OL\xc8\xbe\x94\xf2\xa2\x00\xfb\x84(\x83\";\xa8\xd7\x05uXR\xa3\xb3@T\x89\x8e\xd4Q\xdd\xb80\xc7\xad\\\xf7C\xb3\x8f\r?\xb3>r\xdf\x99%\xd6s\xe3\x8b*\xe2\xbc\xc9\x8bV\xf0\xb7\xec.\xae\xe1\x04\x00\x00\x00\xaa', 0x2da) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x2, 0x0) accept$auto(0x3, 0x0, 0x0) syz_genetlink_get_family_id$auto_ovs_ct_limit(0x0, r1) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r1, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) lsm_list_modules$auto(0x0, 0x0, 0x6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/queue/nr_requests\x00', 0xa022, 0x0) pwrite64$auto(r2, &(0x7f00000000c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7fff, 0xc) 1.737083894s ago: executing program 2 (id=2526): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010027bd7000ffdbdf25100000000c0001"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r1], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 1.204251711s ago: executing program 1 (id=2527): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) 1.165933004s ago: executing program 2 (id=2528): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454d0, 0xffffffffffffffff) unshare$auto(0x40000080) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x3, 0xa) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mq_timedsend$auto(r1, 0x0, 0x2, 0x9, 0x0) socket(0x1d, 0x2, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4010}, 0x51) 911.245955ms ago: executing program 1 (id=2529): mmap$auto(0x2f3b, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x3, 0x3a) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2, 0x0) write$auto_uprobe_events_ops_trace_uprobe(r3, &(0x7f00000001c0)='po', 0x2) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) process_madvise$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, &(0x7f00000002c0)={0x0, 0x5}, 0xfffffffffffffff8, 0x7fff, 0x9b8) socket(0x10, 0x3, 0x6) r4 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r4, 0x205, 0xa, 0x4, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="04002dbd7000fedbdf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2404c800) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 499.573455ms ago: executing program 3 (id=2530): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) mmap$auto(0x9, 0xb91, 0x7, 0x1e, r0, 0xfff) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) readv$auto(r3, &(0x7f0000000a80)={0x0, 0x3}, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x1, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) close_range$auto(0x2, 0x8, 0x0) 280.065004ms ago: executing program 2 (id=2531): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x7fffffff, 0x7, 0x800000e3, 0x9b72, 0xffffffffffffffff, 0xbf2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.weight_device\x00', 0x2062, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) adjtimex$auto(0x0) r1 = socket(0xa, 0x1, 0x84) listen$auto(0x3, 0x81) poll$auto(&(0x7f0000000040)={r1, 0x7d, 0xe40}, 0x9, 0x84) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytd\x00', 0x800, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x541c, r3) 8.877155ms ago: executing program 2 (id=2532): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x232040, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r1, 0x400454a4, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r2, &(0x7f0000000100)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0x2f) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) pread64$auto(r0, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2a, 0x2, 0x1) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 3 (id=2533): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0x3, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8fc0, 0x0) prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) mmap$auto(0x0, 0x9, 0xfc, 0x1000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) fanotify_init$auto(0x5, 0x2000000000002) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62142, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) kernel console output (not intermixed with test programs): R15: 00007ffec094ee28 [ 472.611924][T10988] [ 477.319577][T11044] netlink: 'syz.0.1449': attribute type 2 has an invalid length. [ 477.354902][T11044] netlink: 'syz.0.1449': attribute type 3 has an invalid length. [ 477.367892][T11046] FAULT_INJECTION: forcing a failure. [ 477.367892][T11046] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 477.413162][T11046] CPU: 0 UID: 0 PID: 11046 Comm: syz.2.1448 Tainted: G U L syzkaller #0 PREEMPT(full) [ 477.413213][T11046] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 477.413223][T11046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 477.413242][T11046] Call Trace: [ 477.413251][T11046] [ 477.413263][T11046] dump_stack_lvl+0x100/0x190 [ 477.413312][T11046] should_fail_ex.cold+0x5/0xa [ 477.413345][T11046] _copy_from_user+0x2e/0xd0 [ 477.413468][T11046] snd_pcm_oss_write2+0x1c2/0x400 [ 477.413559][T11046] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 477.413602][T11046] snd_pcm_oss_write+0x729/0xa30 [ 477.413637][T11046] ? security_file_permission+0x76/0x210 [ 477.413676][T11046] vfs_write+0x2aa/0x1070 [ 477.413701][T11046] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 477.413748][T11046] ? __pfx_vfs_write+0x10/0x10 [ 477.413787][T11046] ? find_held_lock+0x2b/0x80 [ 477.413813][T11046] ? __fget_files+0x215/0x3d0 [ 477.413837][T11046] ? __fget_files+0x215/0x3d0 [ 477.413867][T11046] ? __fget_files+0x21f/0x3d0 [ 477.413903][T11046] ksys_write+0x12a/0x250 [ 477.413925][T11046] ? __pfx_ksys_write+0x10/0x10 [ 477.413959][T11046] do_syscall_64+0x106/0xf80 [ 477.413997][T11046] ? clear_bhb_loop+0x40/0x90 [ 477.414030][T11046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.414058][T11046] RIP: 0033:0x7f8f3bf9c799 [ 477.414079][T11046] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 477.414106][T11046] RSP: 002b:00007f8f39dd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 477.414133][T11046] RAX: ffffffffffffffda RBX: 00007f8f3c216270 RCX: 00007f8f3bf9c799 [ 477.414151][T11046] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 477.414166][T11046] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 477.414184][T11046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 477.414200][T11046] R13: 00007f8f3c216308 R14: 00007f8f3c216270 R15: 00007fffeac823c8 [ 477.414240][T11046] [ 477.416211][T11044] netlink: 'syz.0.1449': attribute type 2 has an invalid length. [ 477.652116][T11044] netlink: 'syz.0.1449': attribute type 3 has an invalid length. [ 477.670069][T11044] netlink: 30 bytes leftover after parsing attributes in process `syz.0.1449'. [ 483.703391][T11128] FAULT_INJECTION: forcing a failure. [ 483.703391][T11128] name fail_futex, interval 1, probability 0, space 0, times 0 [ 483.741843][T11128] CPU: 1 UID: 0 PID: 11128 Comm: syz.1.1467 Tainted: G U L syzkaller #0 PREEMPT(full) [ 483.741892][T11128] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 483.741902][T11128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 483.741918][T11128] Call Trace: [ 483.741927][T11128] [ 483.741936][T11128] dump_stack_lvl+0x100/0x190 [ 483.741981][T11128] should_fail_ex.cold+0x5/0xa [ 483.742011][T11128] get_futex_key+0x1d2/0x1620 [ 483.742048][T11128] ? __pfx_get_futex_key+0x10/0x10 [ 483.742081][T11128] ? kasan_save_track+0x14/0x30 [ 483.742121][T11128] ? __kasan_kmalloc+0xaa/0xb0 [ 483.742164][T11128] futex_lock_pi+0x1d3/0x7b0 [ 483.742207][T11128] ? __pfx_futex_lock_pi+0x10/0x10 [ 483.742248][T11128] ? __pfx___futex_wait+0x10/0x10 [ 483.742313][T11128] ? __pfx_futex_wake_mark+0x10/0x10 [ 483.742359][T11128] ? __get_user_nocheck_8+0x20/0x20 [ 483.742397][T11128] ? do_vfs_ioctl+0x226/0x13e0 [ 483.742441][T11128] do_futex+0x18a/0x350 [ 483.742476][T11128] ? __pfx_do_futex+0x10/0x10 [ 483.742515][T11128] ? find_held_lock+0x2b/0x80 [ 483.742546][T11128] __x64_sys_futex+0x34f/0x4d0 [ 483.742586][T11128] ? __pfx___x64_sys_futex+0x10/0x10 [ 483.742635][T11128] do_syscall_64+0x106/0xf80 [ 483.742679][T11128] ? clear_bhb_loop+0x40/0x90 [ 483.742713][T11128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.742741][T11128] RIP: 0033:0x7ff69d99c799 [ 483.742765][T11128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.742793][T11128] RSP: 002b:00007ff69e814028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 483.742819][T11128] RAX: ffffffffffffffda RBX: 00007ff69dc16090 RCX: 00007ff69d99c799 [ 483.742838][T11128] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 483.742855][T11128] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 000000008000fff5 [ 483.742873][T11128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 483.742890][T11128] R13: 00007ff69dc16128 R14: 00007ff69dc16090 R15: 00007ffec094ee28 [ 483.742925][T11128] [ 483.747197][ T5831] block nbd0: Receive control failed (result -32) [ 484.023207][T11129] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 484.169075][T11120] kexec: Could not allocate control_code_buffer [ 484.391483][T11132] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 486.992947][T11165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1475'. [ 487.042302][T11165] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1475'. [ 487.893843][T11173] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1476'. [ 487.962127][T11180] netlink: 28905 bytes leftover after parsing attributes in process `syz.3.1476'. [ 491.451376][T11219] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1484'. [ 491.817122][T11221] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=538976288 (1077952576 ns) > initial count (3830 ns). Using initial count to start timer. [ 495.580725][ T5831] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 495.600489][ T30] audit: type=1800 audit(676971.082:11): pid=11272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1492" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 501.508627][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.515088][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.702199][T11353] FAULT_INJECTION: forcing a failure. [ 502.702199][T11353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 502.702251][T11353] CPU: 1 UID: 0 PID: 11353 Comm: syz.1.1508 Tainted: G U L syzkaller #0 PREEMPT(full) [ 502.702275][T11353] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 502.702280][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 502.702290][T11353] Call Trace: [ 502.702295][T11353] [ 502.702301][T11353] dump_stack_lvl+0x100/0x190 [ 502.702328][T11353] should_fail_ex.cold+0x5/0xa [ 502.702347][T11353] _copy_from_user+0x2e/0xd0 [ 502.702366][T11353] snd_pcm_oss_write2+0x1c2/0x400 [ 502.702387][T11353] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 502.702410][T11353] snd_pcm_oss_write+0x729/0xa30 [ 502.702429][T11353] ? security_file_permission+0x76/0x210 [ 502.702452][T11353] vfs_write+0x2aa/0x1070 [ 502.702467][T11353] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 502.702486][T11353] ? __pfx_vfs_write+0x10/0x10 [ 502.702514][T11353] ? find_held_lock+0x2b/0x80 [ 502.702529][T11353] ? __fget_files+0x215/0x3d0 [ 502.702543][T11353] ? __fget_files+0x215/0x3d0 [ 502.702561][T11353] ? __fget_files+0x21f/0x3d0 [ 502.702580][T11353] ksys_write+0x12a/0x250 [ 502.702594][T11353] ? __pfx_ksys_write+0x10/0x10 [ 502.702614][T11353] do_syscall_64+0x106/0xf80 [ 502.702634][T11353] ? clear_bhb_loop+0x40/0x90 [ 502.702652][T11353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.702667][T11353] RIP: 0033:0x7ff69d99c799 [ 502.702681][T11353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 502.702695][T11353] RSP: 002b:00007ff69e7d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 502.702710][T11353] RAX: ffffffffffffffda RBX: 00007ff69dc16270 RCX: 00007ff69d99c799 [ 502.702719][T11353] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 502.702728][T11353] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 502.702737][T11353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 502.702746][T11353] R13: 00007ff69dc16308 R14: 00007ff69dc16270 R15: 00007ffec094ee28 [ 502.702766][T11353] [ 503.930699][T11346] warning: `syz.2.1509' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 507.568249][T11401] FAULT_INJECTION: forcing a failure. [ 507.568249][T11401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 507.620514][T11401] CPU: 1 UID: 0 PID: 11401 Comm: syz.3.1521 Tainted: G U L syzkaller #0 PREEMPT(full) [ 507.620569][T11401] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 507.620581][T11401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 507.620600][T11401] Call Trace: [ 507.620608][T11401] [ 507.620619][T11401] dump_stack_lvl+0x100/0x190 [ 507.620667][T11401] should_fail_ex.cold+0x5/0xa [ 507.620703][T11401] _copy_from_user+0x2e/0xd0 [ 507.620738][T11401] snd_pcm_oss_write2+0x1c2/0x400 [ 507.620776][T11401] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 507.620832][T11401] snd_pcm_oss_write+0x729/0xa30 [ 507.620868][T11401] ? security_file_permission+0x76/0x210 [ 507.620909][T11401] vfs_write+0x2aa/0x1070 [ 507.620938][T11401] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 507.620984][T11401] ? __pfx_vfs_write+0x10/0x10 [ 507.621026][T11401] ? find_held_lock+0x2b/0x80 [ 507.621053][T11401] ? __fget_files+0x215/0x3d0 [ 507.621079][T11401] ? __fget_files+0x215/0x3d0 [ 507.621113][T11401] ? __fget_files+0x21f/0x3d0 [ 507.621153][T11401] ksys_write+0x12a/0x250 [ 507.621181][T11401] ? __pfx_ksys_write+0x10/0x10 [ 507.621220][T11401] do_syscall_64+0x106/0xf80 [ 507.621258][T11401] ? clear_bhb_loop+0x40/0x90 [ 507.621294][T11401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.621324][T11401] RIP: 0033:0x7f710779c799 [ 507.621349][T11401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 507.621380][T11401] RSP: 002b:00007f71086ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 507.621416][T11401] RAX: ffffffffffffffda RBX: 00007f7107a16180 RCX: 00007f710779c799 [ 507.621435][T11401] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 507.621453][T11401] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 507.621471][T11401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.621488][T11401] R13: 00007f7107a16218 R14: 00007f7107a16180 R15: 00007ffef0536478 [ 507.621528][T11401] [ 509.589789][T11407] kexec: Could not allocate control_code_buffer [ 519.445768][T11520] [U] [ 519.448881][T11520] [U] [ 519.451619][T11520] [U] [ 519.454336][T11520] [U] [ 519.643956][T11520] [U] [ 519.646723][T11520] [U] [ 519.649455][T11520] [U] [ 519.652162][T11520] [U] [ 520.010120][T11524] FAULT_INJECTION: forcing a failure. [ 520.010120][T11524] name failslab, interval 1, probability 0, space 0, times 0 [ 520.201577][T11524] CPU: 1 UID: 0 PID: 11524 Comm: syz.0.1548 Tainted: G U L syzkaller #0 PREEMPT(full) [ 520.201626][T11524] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 520.201637][T11524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 520.201653][T11524] Call Trace: [ 520.201662][T11524] [ 520.201672][T11524] dump_stack_lvl+0x100/0x190 [ 520.201721][T11524] should_fail_ex.cold+0x5/0xa [ 520.201754][T11524] should_failslab+0xc2/0x120 [ 520.201784][T11524] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 520.201825][T11524] ? __alloc_skb+0x140/0x710 [ 520.201950][T11524] __alloc_skb+0x140/0x710 [ 520.201993][T11524] ? __alloc_skb+0x5b7/0x710 [ 520.202029][T11524] ? __pfx___alloc_skb+0x10/0x10 [ 520.202069][T11524] ? __pfx___register_sysctl_table+0x10/0x10 [ 520.202113][T11524] ? is_module_address+0x69/0xf0 [ 520.202152][T11524] inet_netconf_notify_devconf+0x9d/0x170 [ 520.202259][T11524] __devinet_sysctl_register+0x227/0x360 [ 520.202303][T11524] ? trace_kmalloc+0x101/0x130 [ 520.202333][T11524] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 520.202381][T11524] ? __asan_memcpy+0x3c/0x60 [ 520.202421][T11524] devinet_init_net+0x334/0x8d0 [ 520.202465][T11524] ? __pfx_devinet_init_net+0x10/0x10 [ 520.202506][T11524] ops_init+0x1e2/0x5f0 [ 520.202581][T11524] setup_net+0x118/0x3a0 [ 520.202626][T11524] ? __pfx_setup_net+0x10/0x10 [ 520.202662][T11524] ? lockdep_init_map_type+0x5c/0x250 [ 520.202699][T11524] ? mutex_init_lockep+0x110/0x150 [ 520.202740][T11524] copy_net_ns+0x46f/0x7c0 [ 520.202769][T11524] create_new_namespaces+0x3ea/0xac0 [ 520.202807][T11524] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 520.202839][T11524] ksys_unshare+0x473/0xad0 [ 520.202874][T11524] ? __pfx_ksys_unshare+0x10/0x10 [ 520.202923][T11524] __x64_sys_unshare+0x31/0x40 [ 520.202954][T11524] do_syscall_64+0x106/0xf80 [ 520.203000][T11524] ? clear_bhb_loop+0x40/0x90 [ 520.203035][T11524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.203062][T11524] RIP: 0033:0x7f042419c799 [ 520.203087][T11524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 520.203114][T11524] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 520.203141][T11524] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 520.203160][T11524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 520.203177][T11524] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 520.203193][T11524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.203207][T11524] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 520.203247][T11524] [ 520.617330][T11508] [U] [ 525.733311][T11559] FAULT_INJECTION: forcing a failure. [ 525.733311][T11559] name failslab, interval 1, probability 0, space 0, times 0 [ 525.810743][T11559] CPU: 0 UID: 0 PID: 11559 Comm: syz.1.1557 Tainted: G U L syzkaller #0 PREEMPT(full) [ 525.810801][T11559] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 525.810811][T11559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 525.810836][T11559] Call Trace: [ 525.810845][T11559] [ 525.810856][T11559] dump_stack_lvl+0x100/0x190 [ 525.810901][T11559] should_fail_ex.cold+0x5/0xa [ 525.810932][T11559] ? tomoyo_realpath_from_path+0xb6/0x690 [ 525.811075][T11559] should_failslab+0xc2/0x120 [ 525.811105][T11559] __kmalloc_noprof+0xe0/0x850 [ 525.811154][T11559] tomoyo_realpath_from_path+0xb6/0x690 [ 525.811200][T11559] tomoyo_path_number_perm+0x23c/0x580 [ 525.811230][T11559] ? tomoyo_path_number_perm+0x22e/0x580 [ 525.811261][T11559] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 525.811289][T11559] ? futex_wait+0x125/0x380 [ 525.811362][T11559] ? find_held_lock+0x2b/0x80 [ 525.811387][T11559] ? __fget_files+0x215/0x3d0 [ 525.811412][T11559] ? hook_file_ioctl_common+0x146/0x410 [ 525.811485][T11559] ? __fget_files+0x21f/0x3d0 [ 525.811518][T11559] security_file_ioctl+0xd3/0x230 [ 525.811550][T11559] __x64_sys_ioctl+0xb7/0x210 [ 525.811593][T11559] do_syscall_64+0x106/0xf80 [ 525.811631][T11559] ? clear_bhb_loop+0x40/0x90 [ 525.811666][T11559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.811696][T11559] RIP: 0033:0x7ff69d99c799 [ 525.811721][T11559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 525.811749][T11559] RSP: 002b:00007ff69e835028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 525.811775][T11559] RAX: ffffffffffffffda RBX: 00007ff69dc15fa0 RCX: 00007ff69d99c799 [ 525.811793][T11559] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 525.811810][T11559] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 525.811837][T11559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.811854][T11559] R13: 00007ff69dc16038 R14: 00007ff69dc15fa0 R15: 00007ffec094ee28 [ 525.811894][T11559] [ 525.811905][T11559] ERROR: Out of memory at tomoyo_realpath_from_path. [ 528.470996][T11583] HSR: entered promiscuous mode [ 534.079349][T11632] capability: warning: `syz.1.1576' uses 32-bit capabilities (legacy support in use) [ 536.171239][T11647] FAULT_INJECTION: forcing a failure. [ 536.171239][T11647] name failslab, interval 1, probability 0, space 0, times 0 [ 536.227287][T11647] CPU: 0 UID: 0 PID: 11647 Comm: syz.1.1580 Tainted: G U L syzkaller #0 PREEMPT(full) [ 536.227342][T11647] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 536.227355][T11647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 536.227372][T11647] Call Trace: [ 536.227381][T11647] [ 536.227394][T11647] dump_stack_lvl+0x100/0x190 [ 536.227443][T11647] should_fail_ex.cold+0x5/0xa [ 536.227478][T11647] should_failslab+0xc2/0x120 [ 536.227509][T11647] __kmalloc_cache_noprof+0x7a/0x6f0 [ 536.227546][T11647] ? snd_seq_port_connect+0x61/0x560 [ 536.227573][T11647] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 536.227696][T11647] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 536.227746][T11647] snd_seq_port_connect+0x61/0x560 [ 536.227774][T11647] ? _raw_read_unlock+0x28/0x50 [ 536.227845][T11647] ? check_subscription_permission.isra.0+0x146/0x240 [ 536.227898][T11647] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 536.227935][T11647] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 536.227984][T11647] call_seq_client_ctl+0xa3/0x130 [ 536.228031][T11647] snd_seq_kernel_client_ctl+0x77/0xd0 [ 536.228078][T11647] snd_seq_oss_midi_open+0x48b/0x6b0 [ 536.228125][T11647] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 536.228163][T11647] ? find_held_lock+0x2b/0x80 [ 536.228199][T11647] ? lockdep_hardirqs_on+0x78/0x100 [ 536.228238][T11647] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 536.228274][T11647] ? get_mididev+0x115/0x160 [ 536.228316][T11647] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 536.228363][T11647] snd_seq_oss_open+0x82e/0xa10 [ 536.228406][T11647] odev_open+0x79/0xc0 [ 536.228430][T11647] ? __pfx_odev_open+0x10/0x10 [ 536.228457][T11647] soundcore_open+0x2e3/0x5a0 [ 536.228489][T11647] ? __pfx_soundcore_open+0x10/0x10 [ 536.228517][T11647] chrdev_open+0x234/0x6a0 [ 536.228546][T11647] ? __pfx_apparmor_file_open+0x10/0x10 [ 536.228590][T11647] ? __pfx_chrdev_open+0x10/0x10 [ 536.228621][T11647] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 536.228661][T11647] do_dentry_open+0x6d8/0x1660 [ 536.228689][T11647] ? __pfx_chrdev_open+0x10/0x10 [ 536.228728][T11647] vfs_open+0x82/0x3f0 [ 536.228770][T11647] path_openat+0x208c/0x31a0 [ 536.228818][T11647] ? __pfx_path_openat+0x10/0x10 [ 536.228861][T11647] do_file_open+0x20e/0x430 [ 536.228894][T11647] ? __pfx_do_file_open+0x10/0x10 [ 536.228955][T11647] ? alloc_fd+0x476/0x790 [ 536.228987][T11647] ? do_getname+0x191/0x390 [ 536.229025][T11647] do_sys_openat2+0x10d/0x1e0 [ 536.229061][T11647] ? __pfx_do_sys_openat2+0x10/0x10 [ 536.229120][T11647] __x64_sys_openat+0x12d/0x210 [ 536.229159][T11647] ? __pfx___x64_sys_openat+0x10/0x10 [ 536.229216][T11647] do_syscall_64+0x106/0xf80 [ 536.229252][T11647] ? clear_bhb_loop+0x40/0x90 [ 536.229288][T11647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.229316][T11647] RIP: 0033:0x7ff69d99c799 [ 536.229341][T11647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.229369][T11647] RSP: 002b:00007ff69e835028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 536.229399][T11647] RAX: ffffffffffffffda RBX: 00007ff69dc15fa0 RCX: 00007ff69d99c799 [ 536.229418][T11647] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 536.229437][T11647] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 536.229454][T11647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 536.229471][T11647] R13: 00007ff69dc16038 R14: 00007ff69dc15fa0 R15: 00007ffec094ee28 [ 536.229511][T11647] [ 537.148571][T11652] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1582'. [ 545.076262][T11734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1599'. [ 545.088710][T11734] netlink: 'syz.0.1599': attribute type 1 has an invalid length. [ 545.100571][T11734] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1599'. [ 545.519514][T11738] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1600'. [ 545.644140][T11743] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1600'. [ 547.125832][T11755] FAULT_INJECTION: forcing a failure. [ 547.125832][T11755] name failslab, interval 1, probability 0, space 0, times 0 [ 547.205030][T11755] CPU: 1 UID: 0 PID: 11755 Comm: syz.0.1604 Tainted: G U L syzkaller #0 PREEMPT(full) [ 547.205080][T11755] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 547.205091][T11755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 547.205108][T11755] Call Trace: [ 547.205117][T11755] [ 547.205128][T11755] dump_stack_lvl+0x100/0x190 [ 547.205176][T11755] should_fail_ex.cold+0x5/0xa [ 547.205208][T11755] should_failslab+0xc2/0x120 [ 547.205237][T11755] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 547.205277][T11755] ? do_kmem_cache_create+0x18c/0x540 [ 547.205313][T11755] do_kmem_cache_create+0x18c/0x540 [ 547.205347][T11755] __kmem_cache_create_args+0x386/0x420 [ 547.205389][T11755] mon_text_open+0x333/0x510 [ 547.205507][T11755] ? __pfx_mon_text_open+0x10/0x10 [ 547.205538][T11755] ? __pfx_mon_text_ctor+0x10/0x10 [ 547.205563][T11755] ? find_held_lock+0x2b/0x80 [ 547.205590][T11755] ? __pfx_apparmor_file_open+0x10/0x10 [ 547.205633][T11755] ? lockdown_is_locked_down+0x3d/0x140 [ 547.205714][T11755] ? bpf_lsm_locked_down+0x9/0x10 [ 547.205749][T11755] ? __pfx_mon_text_open+0x10/0x10 [ 547.205774][T11755] full_proxy_open_regular+0x1b6/0x370 [ 547.205873][T11755] do_dentry_open+0x6d8/0x1660 [ 547.205902][T11755] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 547.205954][T11755] vfs_open+0x82/0x3f0 [ 547.205992][T11755] path_openat+0x208c/0x31a0 [ 547.206034][T11755] ? __pfx_path_openat+0x10/0x10 [ 547.206078][T11755] do_file_open+0x20e/0x430 [ 547.206110][T11755] ? __pfx_do_file_open+0x10/0x10 [ 547.206186][T11755] ? alloc_fd+0x476/0x790 [ 547.206219][T11755] ? do_getname+0x191/0x390 [ 547.206256][T11755] do_sys_openat2+0x10d/0x1e0 [ 547.206290][T11755] ? __pfx_do_sys_openat2+0x10/0x10 [ 547.206328][T11755] ? __sys_sendmsg+0x18f/0x220 [ 547.206376][T11755] __x64_sys_openat+0x12d/0x210 [ 547.206412][T11755] ? __pfx___x64_sys_openat+0x10/0x10 [ 547.206470][T11755] do_syscall_64+0x106/0xf80 [ 547.206509][T11755] ? clear_bhb_loop+0x40/0x90 [ 547.206541][T11755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.206571][T11755] RIP: 0033:0x7f042419c799 [ 547.206596][T11755] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 547.206624][T11755] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 547.206650][T11755] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 547.206667][T11755] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 547.206683][T11755] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 547.206700][T11755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.206716][T11755] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 547.206762][T11755] [ 547.206964][T11755] __kmem_cache_create_args(mon_text_ffff88805d2d0800) failed with error -22 [ 547.346635][T11747] [U] [ 547.690593][T11755] CPU: 0 UID: 0 PID: 11755 Comm: syz.0.1604 Tainted: G U L syzkaller #0 PREEMPT(full) [ 547.690642][T11755] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 547.690653][T11755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 547.690670][T11755] Call Trace: [ 547.690679][T11755] [ 547.690690][T11755] dump_stack_lvl+0x100/0x190 [ 547.690740][T11755] __kmem_cache_create_args.cold+0x33/0x6e [ 547.690789][T11755] mon_text_open+0x333/0x510 [ 547.690820][T11755] ? __pfx_mon_text_open+0x10/0x10 [ 547.690851][T11755] ? __pfx_mon_text_ctor+0x10/0x10 [ 547.690878][T11755] ? find_held_lock+0x2b/0x80 [ 547.690905][T11755] ? __pfx_apparmor_file_open+0x10/0x10 [ 547.690948][T11755] ? lockdown_is_locked_down+0x3d/0x140 [ 547.690988][T11755] ? bpf_lsm_locked_down+0x9/0x10 [ 547.691023][T11755] ? __pfx_mon_text_open+0x10/0x10 [ 547.691047][T11755] full_proxy_open_regular+0x1b6/0x370 [ 547.691093][T11755] do_dentry_open+0x6d8/0x1660 [ 547.691122][T11755] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 547.691172][T11755] vfs_open+0x82/0x3f0 [ 547.691212][T11755] path_openat+0x208c/0x31a0 [ 547.691255][T11755] ? __pfx_path_openat+0x10/0x10 [ 547.691299][T11755] do_file_open+0x20e/0x430 [ 547.691331][T11755] ? __pfx_do_file_open+0x10/0x10 [ 547.691388][T11755] ? alloc_fd+0x476/0x790 [ 547.691428][T11755] ? do_getname+0x191/0x390 [ 547.691467][T11755] do_sys_openat2+0x10d/0x1e0 [ 547.691504][T11755] ? __pfx_do_sys_openat2+0x10/0x10 [ 547.691545][T11755] ? __sys_sendmsg+0x18f/0x220 [ 547.691590][T11755] __x64_sys_openat+0x12d/0x210 [ 547.691633][T11755] ? __pfx___x64_sys_openat+0x10/0x10 [ 547.691684][T11755] do_syscall_64+0x106/0xf80 [ 547.691722][T11755] ? clear_bhb_loop+0x40/0x90 [ 547.691757][T11755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.691786][T11755] RIP: 0033:0x7f042419c799 [ 547.691810][T11755] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 547.691838][T11755] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 547.691866][T11755] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 547.691884][T11755] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 547.691903][T11755] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 547.691921][T11755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 547.691936][T11755] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 547.691975][T11755] [ 548.053942][T11757] Process accounting resumed [ 550.319791][T11776] input: f as /devices/virtual/input/input20 [ 550.326664][T11776] FAULT_INJECTION: forcing a failure. [ 550.326664][T11776] name failslab, interval 1, probability 0, space 0, times 0 [ 550.374152][T11776] CPU: 1 UID: 0 PID: 11776 Comm: syz.0.1608 Tainted: G U L syzkaller #0 PREEMPT(full) [ 550.374202][T11776] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 550.374212][T11776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 550.374227][T11776] Call Trace: [ 550.374236][T11776] [ 550.374247][T11776] dump_stack_lvl+0x100/0x190 [ 550.374291][T11776] should_fail_ex.cold+0x5/0xa [ 550.374321][T11776] should_failslab+0xc2/0x120 [ 550.374349][T11776] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 550.374387][T11776] ? __kernfs_new_node+0xd2/0x960 [ 550.374433][T11776] __kernfs_new_node+0xd2/0x960 [ 550.374474][T11776] ? __pfx___kernfs_new_node+0x10/0x10 [ 550.374521][T11776] ? find_held_lock+0x2b/0x80 [ 550.374546][T11776] ? kernfs_root+0xee/0x2a0 [ 550.374581][T11776] ? kernfs_root+0xee/0x2a0 [ 550.374623][T11776] kernfs_new_node+0x11b/0x1a0 [ 550.374670][T11776] __kernfs_create_file+0x53/0x350 [ 550.374705][T11776] sysfs_add_file_mode_ns+0x207/0x3c0 [ 550.374760][T11776] sysfs_create_file_ns+0x145/0x1e0 [ 550.374797][T11776] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 550.374848][T11776] ? mark_held_locks+0x40/0x70 [ 550.374890][T11776] device_create_file+0xf2/0x1d0 [ 550.375009][T11776] device_add+0xa74/0x1950 [ 550.375072][T11776] ? __pfx_device_add+0x10/0x10 [ 550.375112][T11776] ? kobject_get+0xbb/0x150 [ 550.375203][T11776] cdev_device_add+0x12b/0x270 [ 550.375234][T11776] evdev_connect+0x3a8/0x4b0 [ 550.375339][T11776] input_attach_handler.isra.0+0x177/0x1e0 [ 550.375413][T11776] input_register_device.cold+0x139/0x375 [ 550.375455][T11776] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 550.375517][T11776] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 550.375557][T11776] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 550.375598][T11776] ? find_held_lock+0x2b/0x80 [ 550.375623][T11776] ? __fget_files+0x215/0x3d0 [ 550.375665][T11776] ? __pfx_uinput_ioctl+0x10/0x10 [ 550.375695][T11776] __x64_sys_ioctl+0x18e/0x210 [ 550.375745][T11776] do_syscall_64+0x106/0xf80 [ 550.375780][T11776] ? clear_bhb_loop+0x40/0x90 [ 550.375815][T11776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.375842][T11776] RIP: 0033:0x7f042419c799 [ 550.375864][T11776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 550.375892][T11776] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 550.375930][T11776] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 550.375950][T11776] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 [ 550.375978][T11776] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 550.376016][T11776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.376032][T11776] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 550.376071][T11776] [ 551.165373][T11776] input: failed to attach handler evdev to device input20, error: -12 [ 551.935172][T11773] can: request_module (can-proto-3) failed. [ 556.052948][T11819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807980c700 pfn:0x7980c [ 556.100074][T11819] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 556.230581][T11819] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 556.242156][T11825] ptp ptp0: new virtual clock ptp1 [ 556.247851][T11825] ptp ptp0: guarantee physical clock free running [ 556.281135][T11819] raw: ffff88807980c700 0000000000000000 00000001ffffffff 0000000000000000 [ 556.347065][T11819] page dumped because: unmovable page [ 556.375956][T11819] page_owner tracks the page as allocated [ 556.387442][T11819] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 6591, tgid 6588 (syz.0.240), ts 117582645501, free_ts 117282427920 [ 556.517950][T11819] post_alloc_hook+0x153/0x170 [ 556.535016][T11819] get_page_from_freelist+0x111d/0x3140 [ 556.568276][T11819] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 556.608961][T11819] alloc_pages_mpol+0x1fb/0x550 [ 556.670180][T11819] alloc_pages_noprof+0x131/0x390 [ 556.692066][T11819] brd_submit_bio+0x116a/0x20d0 [ 556.702607][T11819] __submit_bio+0x419/0x6c0 [ 556.707288][T11819] submit_bio_noacct_nocheck+0x74f/0xc10 [ 556.755890][T11819] submit_bio_noacct+0xd17/0x2010 [ 556.793084][T11819] blkdev_direct_IO+0x155c/0x1fb0 [ 556.798269][T11819] blkdev_write_iter+0x703/0xd70 [ 556.871261][T11819] vfs_write+0x6ac/0x1070 [ 556.875769][T11819] ksys_write+0x12a/0x250 [ 556.910615][T11819] do_syscall_64+0x106/0xf80 [ 556.915290][T11819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.950689][T11819] page last free pid 6595 tgid 6595 stack trace: [ 556.976720][T11819] __free_frozen_pages+0x7e1/0x10d0 [ 556.998670][T11819] tlb_finish_mmu+0x27d/0x810 [ 557.013700][T11819] exit_mmap+0x454/0xa30 [ 557.030874][T11819] __mmput+0x12a/0x410 [ 557.064616][T11819] mmput+0x67/0x80 [ 557.080590][T11819] do_exit+0x819/0x2b60 [ 557.107243][T11819] do_group_exit+0xd5/0x2a0 [ 557.124792][T11819] __x64_sys_exit_group+0x3e/0x50 [ 557.146399][T11819] x64_sys_call+0x102c/0x1530 [ 557.158399][T11840] Invalid ELF header magic: != ELF [ 557.169913][T11819] do_syscall_64+0x106/0xf80 [ 557.193134][T11819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.562320][T11844] binder: 11843:11844 ioctl c018620c 200000000040 returned -22 [ 557.846131][T11847] ecryptfs_miscdev_write: Invalid packet size [192] [ 559.725626][T11878] FAULT_INJECTION: forcing a failure. [ 559.725626][T11878] name failslab, interval 1, probability 0, space 0, times 0 [ 559.884239][T11878] CPU: 0 UID: 0 PID: 11878 Comm: syz.2.1631 Tainted: G U L syzkaller #0 PREEMPT(full) [ 559.884296][T11878] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 559.884307][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 559.884324][T11878] Call Trace: [ 559.884333][T11878] [ 559.884344][T11878] dump_stack_lvl+0x100/0x190 [ 559.884389][T11878] should_fail_ex.cold+0x5/0xa [ 559.884422][T11878] ? __register_sysctl_table+0xbe4/0x1650 [ 559.884469][T11878] should_failslab+0xc2/0x120 [ 559.884498][T11878] __kmalloc_noprof+0xe0/0x850 [ 559.884545][T11878] __register_sysctl_table+0xbe4/0x1650 [ 559.884592][T11878] ? __pfx___register_sysctl_table+0x10/0x10 [ 559.884632][T11878] ? is_module_address+0x69/0xf0 [ 559.884663][T11878] ? register_net_sysctl_sz+0x222/0x430 [ 559.884882][T11878] __devinet_sysctl_register+0x1b9/0x360 [ 559.884938][T11878] ? trace_kmalloc+0x101/0x130 [ 559.884968][T11878] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 559.885038][T11878] ? __asan_memcpy+0x3c/0x60 [ 559.885080][T11878] devinet_init_net+0x334/0x8d0 [ 559.885124][T11878] ? __pfx_devinet_init_net+0x10/0x10 [ 559.885164][T11878] ops_init+0x1e2/0x5f0 [ 559.885208][T11878] setup_net+0x118/0x3a0 [ 559.885248][T11878] ? __pfx_setup_net+0x10/0x10 [ 559.885284][T11878] ? lockdep_init_map_type+0x5c/0x250 [ 559.885322][T11878] ? mutex_init_lockep+0x110/0x150 [ 559.885365][T11878] copy_net_ns+0x46f/0x7c0 [ 559.885394][T11878] create_new_namespaces+0x3ea/0xac0 [ 559.885434][T11878] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 559.885467][T11878] ksys_unshare+0x473/0xad0 [ 559.885504][T11878] ? __pfx_ksys_unshare+0x10/0x10 [ 559.885552][T11878] __x64_sys_unshare+0x31/0x40 [ 559.885583][T11878] do_syscall_64+0x106/0xf80 [ 559.885620][T11878] ? clear_bhb_loop+0x40/0x90 [ 559.885654][T11878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.885681][T11878] RIP: 0033:0x7f8f3bf9c799 [ 559.885705][T11878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 559.885742][T11878] RSP: 002b:00007f8f3cd92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 559.885768][T11878] RAX: ffffffffffffffda RBX: 00007f8f3c215fa0 RCX: 00007f8f3bf9c799 [ 559.885787][T11878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 559.885804][T11878] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 559.885819][T11878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.885834][T11878] R13: 00007f8f3c216038 R14: 00007f8f3c215fa0 R15: 00007fffeac823c8 [ 559.885871][T11878] [ 559.885883][T11878] sysctl could not get directory: /net/ipv4/conf/default -12 [ 561.683599][T11901] FAULT_INJECTION: forcing a failure. [ 561.683599][T11901] name failslab, interval 1, probability 0, space 0, times 0 [ 561.741636][T11901] CPU: 1 UID: 0 PID: 11901 Comm: syz.3.1637 Tainted: G U L syzkaller #0 PREEMPT(full) [ 561.741685][T11901] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 561.741696][T11901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 561.741712][T11901] Call Trace: [ 561.741721][T11901] [ 561.741732][T11901] dump_stack_lvl+0x100/0x190 [ 561.741780][T11901] should_fail_ex.cold+0x5/0xa [ 561.741813][T11901] should_failslab+0xc2/0x120 [ 561.741842][T11901] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 561.741883][T11901] ? __d_alloc+0x34/0xa80 [ 561.741922][T11901] __d_alloc+0x34/0xa80 [ 561.741955][T11901] d_alloc+0x4a/0x1e0 [ 561.741988][T11901] lookup_one_qstr_excl+0x175/0x250 [ 561.742026][T11901] start_dirop+0x59/0xb0 [ 561.742068][T11901] simple_start_creating+0xf9/0x110 [ 561.742110][T11901] ? __pfx_simple_start_creating+0x10/0x10 [ 561.742165][T11901] ? mntput+0x70/0xa0 [ 561.742204][T11901] ? simple_pin_fs+0xa3/0x190 [ 561.742245][T11901] debugfs_start_creating.part.0+0x82/0x170 [ 561.742278][T11901] __debugfs_create_file+0xb3/0x4f0 [ 561.742312][T11901] debugfs_create_file_full+0x41/0x60 [ 561.742345][T11901] kvm_dev_ioctl+0x1491/0x1a50 [ 561.742389][T11901] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 561.742428][T11901] ? xfd_validate_state+0x129/0x190 [ 561.742469][T11901] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 561.742502][T11901] __x64_sys_ioctl+0x18e/0x210 [ 561.742543][T11901] do_syscall_64+0x106/0xf80 [ 561.742580][T11901] ? clear_bhb_loop+0x40/0x90 [ 561.742615][T11901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.742642][T11901] RIP: 0033:0x7f710779c799 [ 561.742669][T11901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 561.742697][T11901] RSP: 002b:00007f71086f0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.742724][T11901] RAX: ffffffffffffffda RBX: 00007f7107a15fa0 RCX: 00007f710779c799 [ 561.742742][T11901] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000001 [ 561.742759][T11901] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 561.742776][T11901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.742793][T11901] R13: 00007f7107a16038 R14: 00007f7107a15fa0 R15: 00007ffef0536478 [ 561.742831][T11901] [ 562.884486][T11909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1639'. [ 562.945272][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.952102][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.033580][T11909] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.185452][T11909] bridge_slave_1 (unregistering): left allmulticast mode [ 563.214535][T11909] bridge_slave_1 (unregistering): left promiscuous mode [ 563.249021][T11909] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.507435][T11917] FAULT_INJECTION: forcing a failure. [ 563.507435][T11917] name failslab, interval 1, probability 0, space 0, times 0 [ 563.680611][T11917] CPU: 0 UID: 0 PID: 11917 Comm: syz.2.1642 Tainted: G U L syzkaller #0 PREEMPT(full) [ 563.680659][T11917] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 563.680669][T11917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 563.680687][T11917] Call Trace: [ 563.680696][T11917] [ 563.680708][T11917] dump_stack_lvl+0x100/0x190 [ 563.680755][T11917] should_fail_ex.cold+0x5/0xa [ 563.680787][T11917] ? vhost_dev_set_owner+0x190/0xa30 [ 563.680941][T11917] should_failslab+0xc2/0x120 [ 563.680973][T11917] __kmalloc_noprof+0xe0/0x850 [ 563.681026][T11917] vhost_dev_set_owner+0x190/0xa30 [ 563.681080][T11917] vhost_net_ioctl+0xfa3/0x1910 [ 563.681151][T11917] ? do_vfs_ioctl+0x226/0x13e0 [ 563.681192][T11917] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 563.681232][T11917] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 563.681281][T11917] ? find_held_lock+0x2b/0x80 [ 563.681308][T11917] ? __fget_files+0x215/0x3d0 [ 563.681333][T11917] ? hook_file_ioctl_common+0x146/0x410 [ 563.681379][T11917] ? __fget_files+0x21f/0x3d0 [ 563.681417][T11917] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 563.681461][T11917] __x64_sys_ioctl+0x18e/0x210 [ 563.681504][T11917] do_syscall_64+0x106/0xf80 [ 563.681542][T11917] ? clear_bhb_loop+0x40/0x90 [ 563.681578][T11917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.681607][T11917] RIP: 0033:0x7f8f3bf9c799 [ 563.681629][T11917] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 563.681656][T11917] RSP: 002b:00007f8f3cd71028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 563.681682][T11917] RAX: ffffffffffffffda RBX: 00007f8f3c216090 RCX: 00007f8f3bf9c799 [ 563.681701][T11917] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000007 [ 563.681718][T11917] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 563.681735][T11917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 563.681752][T11917] R13: 00007f8f3c216128 R14: 00007f8f3c216090 R15: 00007fffeac823c8 [ 563.681792][T11917] [ 568.484686][T11960] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1651'. [ 568.516541][T11960] input: f as /devices/virtual/input/input21 [ 568.659905][T11965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1652'. [ 570.270973][T11993] vivid-007: ================= START STATUS ================= [ 570.301841][T11993] vivid-007: Enable Output Cropping: true [ 570.351441][T11993] vivid-007: Enable Output Composing: true [ 570.357335][T11993] vivid-007: Enable Output Scaler: true [ 570.423477][T11993] vivid-007: Tx RGB Quantization Range: Automatic [ 570.438042][T11996] kAFS: Invalid Command on /proc/fs/afs/cells file [ 570.444985][T11993] vivid-007: Transmit Mode: HDMI [ 570.469295][T11993] vivid-007: Hotplug Present: 0x00000000 [ 570.511164][T11993] vivid-007: RxSense Present: 0x00000000 [ 570.520768][T11993] vivid-007: EDID Present: 0x00000000 [ 570.550544][T11993] vivid-007: ================== END STATUS ================== [ 571.157116][T12003] Invalid ELF header magic: != ELF [ 571.528192][ T5831] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 573.581976][T10261] Bluetooth: hci0: command 0x0c1a tx timeout [ 574.244147][T12026] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1669'. [ 574.272098][T12030] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 574.483857][T12034] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 575.661572][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 577.105245][T12070] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1680'. [ 577.745720][T12070] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.866504][T12070] bridge_slave_1 (unregistering): left allmulticast mode [ 577.900865][T12070] bridge_slave_1 (unregistering): left promiscuous mode [ 577.944182][T12070] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.423890][T12070] Process accounting paused [ 578.428957][T12081] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1683'. [ 578.917791][T12088] kAFS: Invalid Command on /proc/fs/afs/cells file [ 580.044132][T12095] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1688'. [ 580.996100][T12114] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 582.489333][T12130] sd 0:0:1:0: PR command failed: 1026 [ 582.530620][T12130] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 582.592181][T12130] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 583.463791][T12135] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 588.964104][T12200] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1714'. [ 589.008005][T12195] nbd: must specify at least one socket [ 590.440476][T12193] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 590.471019][T12193] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 590.501367][T12211] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1716'. [ 590.534173][T12193] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 590.570704][T12193] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 590.597830][T12211] bridge0: port 3(team0) entered disabled state [ 591.100581][T10261] Bluetooth: hci0: command 0x0c1a tx timeout [ 591.256937][T10261] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 592.550638][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 592.556704][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 592.620556][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 594.116616][T12239] Invalid ELF header magic: != ELF [ 596.761885][ T30] audit: type=1806 audit(677072.262:12): xattr="." res=0 [ 599.274567][T12292] ubi0: attaching mtd0 [ 599.392965][T12292] ubi0: scanning is finished [ 599.397646][T12292] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 600.579151][T12292] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 602.836784][T12330] FAULT_INJECTION: forcing a failure. [ 602.836784][T12330] name failslab, interval 1, probability 0, space 0, times 0 [ 602.851475][T12323] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 602.890851][T12323] serio: Serial port pty6 [ 602.905321][T12330] CPU: 1 UID: 0 PID: 12330 Comm: syz.1.1748 Tainted: G U L syzkaller #0 PREEMPT(full) [ 602.905373][T12330] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 602.905384][T12330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 602.905402][T12330] Call Trace: [ 602.905411][T12330] [ 602.905422][T12330] dump_stack_lvl+0x100/0x190 [ 602.905467][T12330] should_fail_ex.cold+0x5/0xa [ 602.905501][T12330] should_failslab+0xc2/0x120 [ 602.905530][T12330] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 602.905573][T12330] ? alloc_inode+0x183/0x250 [ 602.905617][T12330] alloc_inode+0x183/0x250 [ 602.905653][T12330] new_inode+0x22/0x1c0 [ 602.905685][T12330] ? dput.part.0+0xdd/0x570 [ 602.905721][T12330] simple_fill_super+0x2d9/0x680 [ 602.905755][T12330] ? __pfx_nfsd_fill_super+0x10/0x10 [ 602.905787][T12330] nfsd_fill_super+0x98/0x560 [ 602.905817][T12330] ? __pfx_set_anon_super_fc+0x10/0x10 [ 602.905857][T12330] ? __pfx_nfsd_fill_super+0x10/0x10 [ 602.905887][T12330] get_tree_keyed+0x10e/0x1d0 [ 602.905930][T12330] vfs_get_tree+0x92/0x320 [ 602.905962][T12330] path_mount+0x7d0/0x23d0 [ 602.905995][T12330] ? __pfx_path_mount+0x10/0x10 [ 602.906020][T12330] ? lockdep_hardirqs_on+0x78/0x100 [ 602.906061][T12330] ? putname+0xb1/0x110 [ 602.906088][T12330] ? kmem_cache_free+0x124/0x6a0 [ 602.906136][T12330] ? __x64_sys_mount+0x293/0x310 [ 602.906165][T12330] __x64_sys_mount+0x293/0x310 [ 602.906198][T12330] ? __pfx___x64_sys_mount+0x10/0x10 [ 602.906241][T12330] do_syscall_64+0x106/0xf80 [ 602.906277][T12330] ? clear_bhb_loop+0x40/0x90 [ 602.906320][T12330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.906350][T12330] RIP: 0033:0x7ff69d99c799 [ 602.906376][T12330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 602.906405][T12330] RSP: 002b:00007ff69e814028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 602.906432][T12330] RAX: ffffffffffffffda RBX: 00007ff69dc16090 RCX: 00007ff69d99c799 [ 602.906451][T12330] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 602.906468][T12330] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 602.906485][T12330] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 602.906502][T12330] R13: 00007ff69dc16128 R14: 00007ff69dc16090 R15: 00007ffec094ee28 [ 602.906539][T12330] [ 603.444107][ T30] audit: type=1807 audit(677078.952:13): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 603.480887][ T30] audit: type=1802 audit(677078.992:14): pid=12321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.1743" res=0 errno=0 [ 603.865786][T12319] ima: policy update failed [ 603.899555][ T30] audit: type=1802 audit(677079.402:15): pid=12319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1743" res=0 errno=0 [ 604.072776][T12336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1749'. [ 604.147022][T12338] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1750'. [ 604.180632][T12338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1750'. [ 604.214779][T12336] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 604.285082][T12336] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 604.370431][T12336] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 604.404958][T12336] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 605.693835][T12355] can0: slcan on ttyS2. [ 607.613706][T12351] can0 (unregistered): slcan off ttyS2. [ 608.883579][T12390] Process accounting resumed [ 610.721621][T12424] ptrace attach of "./syz-executor exec"[5824] was attempted by "feGR\x1b}L|BL\x1bd4-y/~Xas9BNj$@f^ЙtaGy+%!@/\x0d^X^MJ\x09>VZ4 EJ>Yѹ]L\x07Ry\x0b[\x0aKWVsLI%VL\x095hoQSoDzbv'H@G`Zq*x1(.ḓx>h?L8S\x22lz[c_O1:9`J!E$5t-@=53Dg$S~.^Օ!k_'\x0c3^JLq5s!vx ~LA\x0cV=\x09ƹ279E\x09w*\x07T&*B%zL-'~: p{cE^ ftvYnx<(Zw%\x1b\x22|֮4jdф d\x09<ۼ(^v*~gB9a)ӮM ?6\x0d.;wma~&%lZ]8*B³Dhl$e^pCq\x07:ʐ~SIA4\x0b;ћg@&1D]nO\x22YЀ܉+謬%_,\x09@+c\x0cՄ 5 [ 630.245436][T12639] ======================================================= [ 630.245436][T12639] WARNING: The mand mount option has been deprecated and [ 630.245436][T12639] and is ignored by this kernel. Remove the mand [ 630.245436][T12639] option from the mount to silence this warning. [ 630.245436][T12639] ======================================================= [ 633.214937][T12669] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1826'. [ 634.126400][T12663] ubi0: attaching mtd0 [ 634.169147][T12663] ubi0: scanning is finished [ 634.236887][T12663] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 636.176401][T12663] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 638.592149][T12727] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1839'. [ 638.939917][T12729] Process accounting paused [ 639.221660][T12739] random: crng reseeded on system resumption [ 642.763674][T12774] FAULT_INJECTION: forcing a failure. [ 642.763674][T12774] name failslab, interval 1, probability 0, space 0, times 0 [ 642.797468][T12774] CPU: 0 UID: 0 PID: 12774 Comm: syz.3.1851 Tainted: G U L syzkaller #0 PREEMPT(full) [ 642.797521][T12774] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 642.797533][T12774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 642.797552][T12774] Call Trace: [ 642.797561][T12774] [ 642.797573][T12774] dump_stack_lvl+0x100/0x190 [ 642.797622][T12774] should_fail_ex.cold+0x5/0xa [ 642.797656][T12774] should_failslab+0xc2/0x120 [ 642.797687][T12774] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 642.797728][T12774] ? __proc_create+0x2cb/0x8c0 [ 642.797785][T12774] __proc_create+0x2cb/0x8c0 [ 642.797829][T12774] ? __pfx___proc_create+0x10/0x10 [ 642.797880][T12774] ? _raw_write_unlock+0x28/0x50 [ 642.797938][T12774] proc_create_reg+0x75/0x170 [ 642.797969][T12774] proc_create_net_data+0x8e/0x1c0 [ 642.797997][T12774] ? __pfx_proc_create_net_data+0x10/0x10 [ 642.798028][T12774] ? __pfx_proc_create_net_data+0x10/0x10 [ 642.798054][T12774] ? __pfx_uevent_net_rcv+0x10/0x10 [ 642.798158][T12774] ? __pfx_dev_proc_net_init+0x10/0x10 [ 642.798228][T12774] wext_proc_init+0x53/0x80 [ 642.798319][T12774] dev_proc_net_init+0x112/0x230 [ 642.798356][T12774] ops_init+0x1e2/0x5f0 [ 642.798400][T12774] setup_net+0x118/0x3a0 [ 642.798440][T12774] ? __pfx_setup_net+0x10/0x10 [ 642.798477][T12774] ? lockdep_init_map_type+0x5c/0x250 [ 642.798514][T12774] ? mutex_init_lockep+0x110/0x150 [ 642.798556][T12774] copy_net_ns+0x46f/0x7c0 [ 642.798586][T12774] create_new_namespaces+0x3ea/0xac0 [ 642.798623][T12774] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 642.798657][T12774] ksys_unshare+0x473/0xad0 [ 642.798694][T12774] ? __pfx_ksys_unshare+0x10/0x10 [ 642.798742][T12774] __x64_sys_unshare+0x31/0x40 [ 642.798783][T12774] do_syscall_64+0x106/0xf80 [ 642.798820][T12774] ? clear_bhb_loop+0x40/0x90 [ 642.798854][T12774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.798884][T12774] RIP: 0033:0x7f710779c799 [ 642.798910][T12774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.798938][T12774] RSP: 002b:00007f71086f0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 642.798966][T12774] RAX: ffffffffffffffda RBX: 00007f7107a15fa0 RCX: 00007f710779c799 [ 642.798984][T12774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 642.799001][T12774] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 642.799019][T12774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.799035][T12774] R13: 00007f7107a16038 R14: 00007f7107a15fa0 R15: 00007ffef0536478 [ 642.799075][T12774] [ 644.035857][T12779] smpboot: CPU 1 is now offline [ 644.624340][T12781] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 644.682995][T12781] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 644.736605][T12781] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 645.049456][T12781] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 645.169339][T12781] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 645.589467][T12812] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 645.589647][T12812] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 645.589793][T12812] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 645.589928][T12812] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 646.721322][T12837] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1865'. [ 647.663505][T12719] Bluetooth: hci3: command 0x0c1a tx timeout [ 647.669605][T12719] Bluetooth: hci2: command 0x0c1a tx timeout [ 647.675938][T12719] Bluetooth: hci1: command 0x0c1a tx timeout [ 647.681996][T12719] Bluetooth: hci0: command 0x0c1a tx timeout [ 647.717547][T12857] FAULT_INJECTION: forcing a failure. [ 647.717547][T12857] name failslab, interval 1, probability 0, space 0, times 0 [ 647.836794][T12857] CPU: 0 UID: 0 PID: 12857 Comm: syz.3.1870 Tainted: G U L syzkaller #0 PREEMPT(full) [ 647.836823][T12857] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 647.836828][T12857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 647.836838][T12857] Call Trace: [ 647.836844][T12857] [ 647.836850][T12857] dump_stack_lvl+0x100/0x190 [ 647.836877][T12857] should_fail_ex.cold+0x5/0xa [ 647.836896][T12857] ? security_inode_init_security+0x113/0x370 [ 647.836916][T12857] should_failslab+0xc2/0x120 [ 647.836933][T12857] __kmalloc_noprof+0xe0/0x850 [ 647.836959][T12857] security_inode_init_security+0x113/0x370 [ 647.836998][T12857] ? __pfx_shmem_initxattrs+0x10/0x10 [ 647.837017][T12857] ? __pfx_security_inode_init_security+0x10/0x10 [ 647.837041][T12857] ? make_vfsgid+0xf1/0x140 [ 647.837063][T12857] shmem_mknod+0x2bf/0x470 [ 647.837084][T12857] ? __pfx_shmem_mknod+0x10/0x10 [ 647.837108][T12857] vfs_create+0x301/0x6c0 [ 647.837135][T12857] filename_mknodat+0x2de/0x7f0 [ 647.837155][T12857] ? __pfx_filename_mknodat+0x10/0x10 [ 647.837171][T12857] ? strncpy_from_user+0x19d/0x2d0 [ 647.837203][T12857] ? do_getname+0x191/0x390 [ 647.837223][T12857] __x64_sys_mknod+0x8f/0xc0 [ 647.837240][T12857] do_syscall_64+0x106/0xf80 [ 647.837260][T12857] ? clear_bhb_loop+0x40/0x90 [ 647.837285][T12857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.837301][T12857] RIP: 0033:0x7f710779c799 [ 647.837315][T12857] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 647.837330][T12857] RSP: 002b:00007f71086cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 647.837345][T12857] RAX: ffffffffffffffda RBX: 00007f7107a16090 RCX: 00007f710779c799 [ 647.837354][T12857] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 647.837363][T12857] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 647.837372][T12857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.837381][T12857] R13: 00007f7107a16128 R14: 00007f7107a16090 R15: 00007ffef0536478 [ 647.837401][T12857] [ 649.484203][T12881] : Can't lookup blockdev [ 649.740946][T12858] Bluetooth: hci1: command 0x0c1a tx timeout [ 651.037273][T12905] zswap: compressor G not available [ 651.395419][T12918] input: f as /devices/virtual/input/input23 [ 651.420903][T12918] FAULT_INJECTION: forcing a failure. [ 651.420903][T12918] name failslab, interval 1, probability 0, space 0, times 0 [ 651.479416][T12918] CPU: 0 UID: 0 PID: 12918 Comm: syz.2.1884 Tainted: G U L syzkaller #0 PREEMPT(full) [ 651.479444][T12918] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 651.479450][T12918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 651.479459][T12918] Call Trace: [ 651.479466][T12918] [ 651.479472][T12918] dump_stack_lvl+0x100/0x190 [ 651.479499][T12918] should_fail_ex.cold+0x5/0xa [ 651.479519][T12918] should_failslab+0xc2/0x120 [ 651.479535][T12918] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 651.479558][T12918] ? __kernfs_new_node+0xd2/0x960 [ 651.479581][T12918] ? __pfx_try_to_wake_up+0x10/0x10 [ 651.479599][T12918] __kernfs_new_node+0xd2/0x960 [ 651.479619][T12918] ? wake_up_q+0xae/0x130 [ 651.479633][T12918] ? __pfx___kernfs_new_node+0x10/0x10 [ 651.479657][T12918] ? find_held_lock+0x2b/0x80 [ 651.479671][T12918] ? kernfs_root+0xee/0x2a0 [ 651.479689][T12918] ? kernfs_root+0xee/0x2a0 [ 651.479712][T12918] kernfs_new_node+0x11b/0x1a0 [ 651.479737][T12918] __kernfs_create_file+0x53/0x350 [ 651.479756][T12918] sysfs_add_file_mode_ns+0x207/0x3c0 [ 651.479779][T12918] sysfs_merge_group+0x194/0x340 [ 651.479800][T12918] ? __pfx_sysfs_merge_group+0x10/0x10 [ 651.479823][T12918] ? __pfx_dev_add_physical_location+0x10/0x10 [ 651.479841][T12918] ? bus_to_subsys+0x114/0x150 [ 651.479861][T12918] dpm_sysfs_add+0x237/0x280 [ 651.479956][T12918] device_add+0x9ef/0x1950 [ 651.479976][T12918] ? __pfx_device_add+0x10/0x10 [ 651.479997][T12918] ? kobject_get+0xbb/0x150 [ 651.480020][T12918] cdev_device_add+0x12b/0x270 [ 651.480037][T12918] evdev_connect+0x3a8/0x4b0 [ 651.480070][T12918] input_attach_handler.isra.0+0x177/0x1e0 [ 651.480096][T12918] input_register_device.cold+0x139/0x375 [ 651.480119][T12918] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 651.480137][T12918] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 651.480159][T12918] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 651.480181][T12918] ? find_held_lock+0x2b/0x80 [ 651.480195][T12918] ? __fget_files+0x215/0x3d0 [ 651.480217][T12918] ? __pfx_uinput_ioctl+0x10/0x10 [ 651.480234][T12918] __x64_sys_ioctl+0x18e/0x210 [ 651.480256][T12918] do_syscall_64+0x106/0xf80 [ 651.480275][T12918] ? clear_bhb_loop+0x40/0x90 [ 651.480293][T12918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.480309][T12918] RIP: 0033:0x7f8f3bf9c799 [ 651.480323][T12918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 651.480338][T12918] RSP: 002b:00007f8f3cd92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 651.480353][T12918] RAX: ffffffffffffffda RBX: 00007f8f3c215fa0 RCX: 00007f8f3bf9c799 [ 651.480363][T12918] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 [ 651.480372][T12918] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 651.480384][T12918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 651.480393][T12918] R13: 00007f8f3c216038 R14: 00007f8f3c215fa0 R15: 00007fffeac823c8 [ 651.480413][T12918] [ 652.547690][T12936] __vm_enough_memory: pid: 12936, comm: syz.3.1887, bytes: 4398046511104 not enough memory for the allocation [ 652.889162][T12918] input: failed to attach handler evdev to device input23, error: -12 [ 653.317749][T12935] Process accounting resumed [ 655.826692][T12986] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 655.863536][T12986] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 660.029959][T13052] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1918'. [ 660.068065][T13052] netlink: 'syz.3.1918': attribute type 1 has an invalid length. [ 660.100116][T13052] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.1918'. [ 660.373000][T13064] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1920'. [ 660.821685][T13059] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 660.884409][T13059] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 660.937046][T13059] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 661.005816][T13059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 662.220567][T12858] Bluetooth: hci0: command 0x0c1a tx timeout [ 662.941045][T12858] Bluetooth: hci2: command 0x0c1a tx timeout [ 662.947185][T12708] Bluetooth: hci1: command 0x0c1a tx timeout [ 663.020875][T12708] Bluetooth: hci3: command 0x0c1a tx timeout [ 663.511050][T13126] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 664.122054][T13141] FAULT_INJECTION: forcing a failure. [ 664.122054][T13141] name failslab, interval 1, probability 0, space 0, times 0 [ 664.185155][T13141] CPU: 0 UID: 0 PID: 13141 Comm: syz.0.1937 Tainted: G U L syzkaller #0 PREEMPT(full) [ 664.185185][T13141] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 664.185191][T13141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 664.185200][T13141] Call Trace: [ 664.185206][T13141] [ 664.185212][T13141] dump_stack_lvl+0x100/0x190 [ 664.185241][T13141] should_fail_ex.cold+0x5/0xa [ 664.185260][T13141] ? tomoyo_encode2+0xfb/0x3c0 [ 664.185294][T13141] should_failslab+0xc2/0x120 [ 664.185310][T13141] __kmalloc_noprof+0xe0/0x850 [ 664.185333][T13141] ? d_absolute_path+0x136/0x1b0 [ 664.185356][T13141] tomoyo_encode2+0xfb/0x3c0 [ 664.185378][T13141] tomoyo_encode+0x29/0x50 [ 664.185395][T13141] tomoyo_realpath_from_path+0x18c/0x690 [ 664.185418][T13141] tomoyo_path_number_perm+0x23c/0x580 [ 664.185434][T13141] ? tomoyo_path_number_perm+0x22e/0x580 [ 664.185451][T13141] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 664.185466][T13141] ? find_held_lock+0x2b/0x80 [ 664.185480][T13141] ? rcu_read_unlock+0x17/0x60 [ 664.185499][T13141] ? do_raw_spin_lock+0x128/0x260 [ 664.185519][T13141] ? find_held_lock+0x2b/0x80 [ 664.185542][T13141] ? __pfx_d_add+0x10/0x10 [ 664.185559][T13141] ? d_alloc+0x176/0x1e0 [ 664.185574][T13141] ? current_check_access_path+0x281/0x460 [ 664.185594][T13141] ? __pfx_current_check_access_path+0x10/0x10 [ 664.185613][T13141] ? simple_lookup+0x105/0x1d0 [ 664.185635][T13141] ? lookup_one_qstr_excl+0xb3/0x250 [ 664.185656][T13141] tomoyo_path_mkdir+0x9b/0xe0 [ 664.185677][T13141] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 664.185702][T13141] security_path_mkdir+0x154/0x2e0 [ 664.185723][T13141] filename_mkdirat+0x168/0x5e0 [ 664.185742][T13141] ? __pfx_filename_mkdirat+0x10/0x10 [ 664.185757][T13141] ? strncpy_from_user+0x19d/0x2d0 [ 664.185776][T13141] ? do_getname+0x191/0x390 [ 664.185795][T13141] __x64_sys_mkdir+0x6b/0x90 [ 664.185811][T13141] do_syscall_64+0x106/0xf80 [ 664.185830][T13141] ? clear_bhb_loop+0x40/0x90 [ 664.185849][T13141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.185872][T13141] RIP: 0033:0x7f042419c799 [ 664.185887][T13141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.185903][T13141] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 664.185918][T13141] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 664.185928][T13141] RDX: 0000000000000000 RSI: 0000000000008001 RDI: 0000200000000100 [ 664.185937][T13141] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 664.185945][T13141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.185954][T13141] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 664.185974][T13141] [ 664.185991][T13141] ERROR: Out of memory at tomoyo_realpath_from_path. [ 667.301715][T13194] FAULT_INJECTION: forcing a failure. [ 667.301715][T13194] name failslab, interval 1, probability 0, space 0, times 0 [ 667.502574][T13194] CPU: 0 UID: 0 PID: 13194 Comm: syz.0.1949 Tainted: G U L syzkaller #0 PREEMPT(full) [ 667.502603][T13194] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 667.502609][T13194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 667.502618][T13194] Call Trace: [ 667.502624][T13194] [ 667.502630][T13194] dump_stack_lvl+0x100/0x190 [ 667.502657][T13194] should_fail_ex.cold+0x5/0xa [ 667.502675][T13194] ? memcg_list_lru_alloc+0x4ec/0x740 [ 667.502696][T13194] should_failslab+0xc2/0x120 [ 667.502712][T13194] __kmalloc_noprof+0xe0/0x850 [ 667.502735][T13194] ? ipcget+0xee/0xf50 [ 667.502848][T13194] memcg_list_lru_alloc+0x4ec/0x740 [ 667.502876][T13194] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 667.502897][T13194] ? rcu_read_unlock+0x17/0x60 [ 667.502918][T13194] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 667.502941][T13194] __memcg_slab_post_alloc_hook+0x130/0x990 [ 667.502961][T13194] ? kasan_save_track+0x14/0x30 [ 667.502984][T13194] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 667.503005][T13194] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 667.503025][T13194] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 667.503039][T13194] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 667.503054][T13194] alloc_inode+0x68/0x250 [ 667.503073][T13194] new_inode+0x22/0x1c0 [ 667.503094][T13194] hugetlbfs_get_inode+0x313/0x750 [ 667.503111][T13194] hugetlb_file_setup+0x3cc/0x5b0 [ 667.503129][T13194] newseg+0xabb/0xed0 [ 667.503150][T13194] ? __pfx_newseg+0x10/0x10 [ 667.503167][T13194] ? down_write+0x146/0x1f0 [ 667.503189][T13194] ? ksys_write+0x190/0x250 [ 667.503202][T13194] ? ksys_write+0x190/0x250 [ 667.503217][T13194] ipcget+0xee/0xf50 [ 667.503235][T13194] ? do_futex+0x192/0x350 [ 667.503254][T13194] ? __pfx_do_futex+0x10/0x10 [ 667.503275][T13194] ? __pfx_ipcget+0x10/0x10 [ 667.503293][T13194] ? __x64_sys_futex+0x34f/0x4d0 [ 667.503310][T13194] ? __x64_sys_futex+0x358/0x4d0 [ 667.503331][T13194] __x64_sys_shmget+0x13b/0x1b0 [ 667.503349][T13194] ? __pfx___x64_sys_shmget+0x10/0x10 [ 667.503372][T13194] do_syscall_64+0x106/0xf80 [ 667.503391][T13194] ? clear_bhb_loop+0x40/0x90 [ 667.503409][T13194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.503424][T13194] RIP: 0033:0x7f042419c799 [ 667.503438][T13194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 667.503452][T13194] RSP: 002b:00007f04223cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 667.503467][T13194] RAX: ffffffffffffffda RBX: 00007f0424416090 RCX: 00007f042419c799 [ 667.503485][T13194] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 667.503494][T13194] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 667.503503][T13194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.503512][T13194] R13: 00007f0424416128 R14: 00007f0424416090 R15: 00007ffff7897168 [ 667.503533][T13194] [ 668.266630][T13221] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1962'. [ 668.338608][T13221] FAULT_INJECTION: forcing a failure. [ 668.338608][T13221] name failslab, interval 1, probability 0, space 0, times 0 [ 668.422781][T13221] CPU: 0 UID: 0 PID: 13221 Comm: syz.2.1962 Tainted: G U L syzkaller #0 PREEMPT(full) [ 668.422809][T13221] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 668.422815][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 668.422824][T13221] Call Trace: [ 668.422829][T13221] [ 668.422835][T13221] dump_stack_lvl+0x100/0x190 [ 668.422863][T13221] should_fail_ex.cold+0x5/0xa [ 668.422881][T13221] should_failslab+0xc2/0x120 [ 668.422897][T13221] __kmalloc_cache_noprof+0x7a/0x6f0 [ 668.422916][T13221] ? call_usermodehelper_setup+0xaf/0x360 [ 668.422941][T13221] ? __pfx_free_modprobe_argv+0x10/0x10 [ 668.422961][T13221] call_usermodehelper_setup+0xaf/0x360 [ 668.422987][T13221] __request_module+0x3c7/0x6c0 [ 668.423007][T13221] ? __pfx___request_module+0x10/0x10 [ 668.423032][T13221] ? __get_fs_type+0x12c/0x170 [ 668.423049][T13221] ? __get_fs_type+0x12c/0x170 [ 668.423071][T13221] get_fs_type+0xd7/0x190 [ 668.423089][T13221] __x64_sys_fsopen+0xca/0x220 [ 668.423108][T13221] do_syscall_64+0x106/0xf80 [ 668.423127][T13221] ? clear_bhb_loop+0x40/0x90 [ 668.423145][T13221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.423160][T13221] RIP: 0033:0x7f8f3bf9c799 [ 668.423173][T13221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 668.423188][T13221] RSP: 002b:00007f8f3cd92028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 668.423203][T13221] RAX: ffffffffffffffda RBX: 00007f8f3c215fa0 RCX: 00007f8f3bf9c799 [ 668.423213][T13221] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 668.423221][T13221] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 668.423230][T13221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.423239][T13221] R13: 00007f8f3c216038 R14: 00007f8f3c215fa0 R15: 00007fffeac823c8 [ 668.423258][T13221] [ 669.031893][T12708] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 669.039866][T12858] Bluetooth: hci4: command 0xfc11 tx timeout [ 669.207186][T13198] Process accounting resumed [ 669.731732][T13243] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 669.748458][T13243] input: f as /devices/virtual/input/input24 [ 670.065838][T13249] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 670.597612][T13255] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 672.864265][T13284] Process accounting resumed [ 675.227677][T13319] FAULT_INJECTION: forcing a failure. [ 675.227677][T13319] name failslab, interval 1, probability 0, space 0, times 0 [ 675.321396][T13319] CPU: 0 UID: 0 PID: 13319 Comm: syz.0.1978 Tainted: G U L syzkaller #0 PREEMPT(full) [ 675.321425][T13319] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 675.321430][T13319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 675.321440][T13319] Call Trace: [ 675.321446][T13319] [ 675.321452][T13319] dump_stack_lvl+0x100/0x190 [ 675.321480][T13319] should_fail_ex.cold+0x5/0xa [ 675.321498][T13319] ? alloc_pipe_info+0x1ec/0x590 [ 675.321513][T13319] should_failslab+0xc2/0x120 [ 675.321529][T13319] __kmalloc_noprof+0xe0/0x850 [ 675.321550][T13319] ? bpf_lsm_capable+0x9/0x10 [ 675.321565][T13319] ? security_capable+0x80/0x260 [ 675.321590][T13319] alloc_pipe_info+0x1ec/0x590 [ 675.321607][T13319] splice_direct_to_actor+0x78f/0xa30 [ 675.321624][T13319] ? __lock_acquire+0x4a5/0x2630 [ 675.321641][T13319] ? __pfx_direct_splice_actor+0x10/0x10 [ 675.321665][T13319] ? __pfx_aa_file_perm+0x10/0x10 [ 675.321685][T13319] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 675.321705][T13319] do_splice_direct+0x174/0x240 [ 675.321720][T13319] ? __pfx_do_splice_direct+0x10/0x10 [ 675.321735][T13319] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 675.321761][T13319] ? rw_verify_area+0xce/0x6d0 [ 675.321782][T13319] do_sendfile+0xadc/0xe20 [ 675.321856][T13319] ? __pfx_do_sendfile+0x10/0x10 [ 675.321877][T13319] ? apparmor_capable+0x1d7/0x4d0 [ 675.321895][T13319] ? __x64_sys_futex+0x34f/0x4d0 [ 675.321913][T13319] ? __x64_sys_futex+0x358/0x4d0 [ 675.321933][T13319] __x64_sys_sendfile64+0x1d8/0x220 [ 675.321950][T13319] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 675.321972][T13319] do_syscall_64+0x106/0xf80 [ 675.321992][T13319] ? clear_bhb_loop+0x40/0x90 [ 675.322010][T13319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.322025][T13319] RIP: 0033:0x7f042419c799 [ 675.322039][T13319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.322054][T13319] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 675.322068][T13319] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 675.322078][T13319] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 675.322086][T13319] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 675.322095][T13319] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 675.322104][T13319] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 675.322124][T13319] [ 676.666561][T13341] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 676.719098][T13341] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 676.740737][T13341] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 676.772278][T13341] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 676.840873][T13345] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1987'. [ 678.031781][T13360] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1991'. [ 678.564421][T13372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 678.657494][T13361] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 678.675852][T13361] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 678.703142][T13361] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.736982][T13361] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.843653][T13370] FAULT_INJECTION: forcing a failure. [ 678.843653][T13370] name fail_futex, interval 1, probability 0, space 0, times 0 [ 678.857064][T13370] CPU: 0 UID: 0 PID: 13370 Comm: syz.3.1992 Tainted: G U L syzkaller #0 PREEMPT(full) [ 678.857101][T13370] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 678.857107][T13370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 678.857116][T13370] Call Trace: [ 678.857122][T13370] [ 678.857128][T13370] dump_stack_lvl+0x100/0x190 [ 678.857156][T13370] should_fail_ex.cold+0x5/0xa [ 678.857174][T13370] should_fail_futex+0x4c/0x60 [ 678.857192][T13370] futex_lock_pi_atomic+0x12d/0xaf0 [ 678.857216][T13370] futex_lock_pi+0x246/0x7b0 [ 678.857239][T13370] ? __pfx_futex_lock_pi+0x10/0x10 [ 678.857259][T13370] ? preempt_schedule_common+0x42/0xc0 [ 678.857279][T13370] ? preempt_schedule_thunk+0x16/0x30 [ 678.857304][T13370] ? __pfx_try_to_wake_up+0x10/0x10 [ 678.857325][T13370] ? futex_private_hash_put+0x107/0x1c0 [ 678.857346][T13370] ? __pfx_futex_wake_mark+0x10/0x10 [ 678.857372][T13370] ? ksys_write+0x190/0x250 [ 678.857385][T13370] ? ksys_write+0x190/0x250 [ 678.857402][T13370] do_futex+0x18a/0x350 [ 678.857420][T13370] ? __pfx_do_futex+0x10/0x10 [ 678.857443][T13370] __x64_sys_futex+0x34f/0x4d0 [ 678.857464][T13370] ? __pfx___x64_sys_futex+0x10/0x10 [ 678.857489][T13370] do_syscall_64+0x106/0xf80 [ 678.857508][T13370] ? clear_bhb_loop+0x40/0x90 [ 678.857526][T13370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.857541][T13370] RIP: 0033:0x7f710779c799 [ 678.857555][T13370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 678.857569][T13370] RSP: 002b:00007f71086cf028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 678.857585][T13370] RAX: ffffffffffffffda RBX: 00007f7107a16090 RCX: 00007f710779c799 [ 678.857594][T13370] RDX: 0000000000000001 RSI: 0000000000000006 RDI: 0000000000000000 [ 678.857603][T13370] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 00000000fffffffa [ 678.857611][T13370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.857620][T13370] R13: 00007f7107a16128 R14: 00007f7107a16090 R15: 00007ffef0536478 [ 678.857639][T13370] [ 679.143768][T13378] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1995'. [ 680.065290][T12708] Bluetooth: hci0: command 0x0c1a tx timeout [ 680.574095][T12708] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 680.620918][T13403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2002'. [ 680.670931][T13403] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2002'. [ 680.723317][T12858] Bluetooth: hci1: command 0x0c1a tx timeout [ 680.780531][T12858] Bluetooth: hci3: command 0x0c1a tx timeout [ 680.787740][T12858] Bluetooth: hci2: command 0x0c1a tx timeout [ 681.481102][T13419] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2005'. [ 682.623280][T13407] Bluetooth: hci0: command 0x0c1a tx timeout [ 682.847475][T13425] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 683.750241][T13446] Process accounting paused [ 684.075075][T13474] sd 0:0:1:0: PR command failed: 1026 [ 684.106205][T13474] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 684.175211][T13474] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 684.476259][T13486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2020'. [ 684.555015][T13487] netlink: 'syz.0.2020': attribute type 1 has an invalid length. [ 684.621307][T13487] netlink: 'syz.0.2020': attribute type 6 has an invalid length. [ 684.700575][T12719] Bluetooth: hci0: command 0x0c1a tx timeout [ 685.840146][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.847232][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.280054][T13527] input: jJǸ-9%vJ86 as /devices/virtual/input/input27 [ 688.930976][T12708] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 690.898599][T13602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2046'. [ 690.990128][T13602] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2046'. [ 694.003704][T13678] can: request_module (can-proto-5) failed. [ 696.005605][T13716] random: crng reseeded on system resumption [ 696.023375][T13718] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 697.116601][T13719] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 699.500680][T12719] Bluetooth: hci4: command 0x1003 tx timeout [ 699.500760][T12708] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 699.955057][T13777] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2088'. [ 699.988788][T13777] netlink: 'syz.2.2088': attribute type 2 has an invalid length. [ 700.017771][T13777] netlink: 'syz.2.2088': attribute type 3 has an invalid length. [ 700.056303][T13777] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.2088'. [ 703.474333][T13815] Process accounting paused [ 704.309045][T13838] FAULT_INJECTION: forcing a failure. [ 704.309045][T13838] name failslab, interval 1, probability 0, space 0, times 0 [ 704.472778][T13838] CPU: 0 UID: 0 PID: 13838 Comm: syz.1.2096 Tainted: G U L syzkaller #0 PREEMPT(full) [ 704.472808][T13838] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 704.472814][T13838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 704.472823][T13838] Call Trace: [ 704.472829][T13838] [ 704.472835][T13838] dump_stack_lvl+0x100/0x190 [ 704.472864][T13838] should_fail_ex.cold+0x5/0xa [ 704.472882][T13838] ? lsm_blob_alloc+0x68/0x90 [ 704.472901][T13838] should_failslab+0xc2/0x120 [ 704.472917][T13838] __kmalloc_noprof+0xe0/0x850 [ 704.472939][T13838] ? trace_kmem_cache_alloc+0xf3/0x120 [ 704.472957][T13838] lsm_blob_alloc+0x68/0x90 [ 704.472977][T13838] security_sk_alloc+0x2d/0x290 [ 704.472993][T13838] sk_prot_alloc+0x1d1/0x2a0 [ 704.473010][T13838] sk_alloc+0x36/0xe80 [ 704.473029][T13838] inet_create+0x3a0/0x1060 [ 704.473047][T13838] ? inet_create+0x94/0x1060 [ 704.473066][T13838] __sock_create+0x339/0x860 [ 704.473085][T13838] udp_sock_create4+0xa6/0x450 [ 704.473203][T13838] ? __pfx_udp_sock_create4+0x10/0x10 [ 704.473228][T13838] ? lockdep_hardirqs_on+0x78/0x100 [ 704.473248][T13838] ? crng_make_state+0x2b0/0x6c0 [ 704.473297][T13838] rxrpc_open_socket+0x4ef/0x6b0 [ 704.473340][T13838] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 704.473366][T13838] ? rcu_is_watching+0x12/0xc0 [ 704.473391][T13838] rxrpc_lookup_local+0xac7/0x1220 [ 704.473411][T13838] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 704.473428][T13838] ? __local_bh_enable_ip+0x9e/0x120 [ 704.473447][T13838] rxrpc_sendmsg+0x34a/0x680 [ 704.473506][T13838] sock_write_iter+0x524/0x5a0 [ 704.473521][T13838] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 704.473538][T13838] ? __pfx_sock_write_iter+0x10/0x10 [ 704.473560][T13838] ? bpf_lsm_file_permission+0x9/0x10 [ 704.473583][T13838] ? security_file_permission+0x76/0x210 [ 704.473601][T13838] ? rw_verify_area+0xce/0x6d0 [ 704.473623][T13838] vfs_write+0x6ac/0x1070 [ 704.473638][T13838] ? __pfx_sock_write_iter+0x10/0x10 [ 704.473654][T13838] ? __pfx_vfs_write+0x10/0x10 [ 704.473675][T13838] ? find_held_lock+0x2b/0x80 [ 704.473701][T13838] ksys_write+0x1f8/0x250 [ 704.473714][T13838] ? __pfx_ksys_write+0x10/0x10 [ 704.473733][T13838] do_syscall_64+0x106/0xf80 [ 704.473752][T13838] ? clear_bhb_loop+0x40/0x90 [ 704.473770][T13838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.473785][T13838] RIP: 0033:0x7ff69d99c799 [ 704.473799][T13838] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 704.473813][T13838] RSP: 002b:00007ff69e814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 704.473828][T13838] RAX: ffffffffffffffda RBX: 00007ff69dc16090 RCX: 00007ff69d99c799 [ 704.473838][T13838] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 704.473848][T13838] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 704.473857][T13838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 704.473866][T13838] R13: 00007ff69dc16128 R14: 00007ff69dc16090 R15: 00007ffec094ee28 [ 704.473887][T13838] [ 706.163265][T13860] netlink: 'syz.0.2101': attribute type 2 has an invalid length. [ 706.199829][T13860] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2101'. [ 706.478639][T13864] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 706.611584][T13870] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2103'. [ 706.945967][T13874] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2105'. [ 706.992923][T13874] netlink: 'syz.1.2105': attribute type 1 has an invalid length. [ 707.047685][T13874] netlink: 51505 bytes leftover after parsing attributes in process `syz.1.2105'. [ 708.052915][T13866] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 709.070527][T13906] sd 0:0:1:0: PR command failed: 1026 [ 709.075991][T13906] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 709.129751][T13906] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 709.210901][T13906] can0: slcan on ttyS2. [ 709.281609][T13905] can0 (unregistered): slcan off ttyS2. [ 712.588397][T13979] can0: slcan on pty238. [ 712.692075][T13973] can0 (unregistered): slcan off pty238. [ 713.118484][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2126'. [ 713.201704][T13995] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2126'. [ 714.052757][T14012] random: crng reseeded on system resumption [ 714.340058][T14012] hub 1-0:1.0: USB hub found [ 714.431428][T14012] hub 1-0:1.0: 1 port detected [ 714.712205][T14011] Process accounting resumed [ 714.949234][T14039] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 715.099710][T14041] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 716.771858][T14062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2137'. [ 716.819602][T14062] netlink: 'syz.0.2137': attribute type 2 has an invalid length. [ 716.849174][T14062] netlink: 'syz.0.2137': attribute type 3 has an invalid length. [ 716.876373][T14062] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.2137'. [ 718.966954][T14079] binder: 14078:14079 ioctl c018620c 0 returned -1 [ 720.583146][T14116] random: crng reseeded on system resumption [ 721.270851][T14126] FAULT_INJECTION: forcing a failure. [ 721.270851][T14126] name failslab, interval 1, probability 0, space 0, times 0 [ 721.320507][T14126] CPU: 0 UID: 0 PID: 14126 Comm: syz.2.2150 Tainted: G U L syzkaller #0 PREEMPT(full) [ 721.320536][T14126] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 721.320542][T14126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 721.320552][T14126] Call Trace: [ 721.320557][T14126] [ 721.320564][T14126] dump_stack_lvl+0x100/0x190 [ 721.320592][T14126] should_fail_ex.cold+0x5/0xa [ 721.320610][T14126] should_failslab+0xc2/0x120 [ 721.320626][T14126] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 721.320647][T14126] ? security_file_alloc+0x34/0x2c0 [ 721.320664][T14126] ? trace_kmem_cache_alloc+0xf3/0x120 [ 721.320682][T14126] security_file_alloc+0x34/0x2c0 [ 721.320700][T14126] init_file+0x95/0x480 [ 721.320749][T14126] alloc_empty_file+0x73/0x1c0 [ 721.320769][T14126] alloc_file_pseudo+0x13a/0x230 [ 721.320791][T14126] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 721.320816][T14126] dma_buf_export+0x326/0xcb0 [ 721.320932][T14126] ? sg_alloc_table+0x4c/0x1c0 [ 721.320987][T14126] system_heap_allocate+0xb5e/0x1170 [ 721.321036][T14126] ? __pfx_system_heap_allocate+0x10/0x10 [ 721.321066][T14126] ? rep_movs_alternative+0x4a/0x90 [ 721.321084][T14126] dma_heap_ioctl+0x37f/0x5e0 [ 721.321107][T14126] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 721.321126][T14126] ? __x64_sys_close_range+0x2d9/0x5d0 [ 721.321150][T14126] ? xfd_validate_state+0x129/0x190 [ 721.321171][T14126] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 721.321193][T14126] __x64_sys_ioctl+0x18e/0x210 [ 721.321214][T14126] do_syscall_64+0x106/0xf80 [ 721.321232][T14126] ? clear_bhb_loop+0x40/0x90 [ 721.321250][T14126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.321266][T14126] RIP: 0033:0x7f8f3bf9c799 [ 721.321279][T14126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.321293][T14126] RSP: 002b:00007f8f3cd92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 721.321308][T14126] RAX: ffffffffffffffda RBX: 00007f8f3c215fa0 RCX: 00007f8f3bf9c799 [ 721.321318][T14126] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000000 [ 721.321327][T14126] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 721.321336][T14126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.321344][T14126] R13: 00007f8f3c216038 R14: 00007f8f3c215fa0 R15: 00007fffeac823c8 [ 721.321364][T14126] [ 724.184598][T14175] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 724.209332][T14175] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 724.508306][T14182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2166'. [ 724.601143][T14182] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2166'. [ 725.875367][T14224] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2175'. [ 726.943890][T14248] random: crng reseeded on system resumption [ 727.023241][T14248] Restarting kernel threads ... [ 727.051209][T14248] Done restarting kernel threads. [ 728.166099][T14278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2186'. [ 728.228618][T14281] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2186'. [ 730.060593][T12719] Bluetooth: hci4: command 0x1003 tx timeout [ 730.068251][T12708] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 731.182372][T14326] FAULT_INJECTION: forcing a failure. [ 731.182372][T14326] name failslab, interval 1, probability 0, space 0, times 0 [ 731.261651][T14326] CPU: 0 UID: 0 PID: 14326 Comm: syz.0.2200 Tainted: G U L syzkaller #0 PREEMPT(full) [ 731.261690][T14326] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 731.261696][T14326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 731.261706][T14326] Call Trace: [ 731.261712][T14326] [ 731.261718][T14326] dump_stack_lvl+0x100/0x190 [ 731.261747][T14326] should_fail_ex.cold+0x5/0xa [ 731.261766][T14326] should_failslab+0xc2/0x120 [ 731.261782][T14326] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 731.261802][T14326] ? ptlock_alloc+0x1f/0x70 [ 731.261825][T14326] ptlock_alloc+0x1f/0x70 [ 731.261843][T14326] pte_alloc_one+0x82/0x3d0 [ 731.261859][T14326] __pte_alloc+0x6d/0x3e0 [ 731.261874][T14326] ? __pfx___pte_alloc+0x10/0x10 [ 731.261887][T14326] ? __pfx___might_resched+0x10/0x10 [ 731.261907][T14326] ? copy_page_range+0x1e9d/0x6570 [ 731.261929][T14326] copy_page_range+0x3e51/0x6570 [ 731.261969][T14326] ? __pfx_copy_page_range+0x10/0x10 [ 731.261995][T14326] ? __pfx___might_resched+0x10/0x10 [ 731.262022][T14326] ? up_write+0x290/0x4f0 [ 731.262044][T14326] dup_mmap+0xd25/0x2180 [ 731.262069][T14326] ? __pfx_dup_mmap+0x10/0x10 [ 731.262084][T14326] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 731.262107][T14326] ? __lock_acquire+0x4a5/0x2630 [ 731.262126][T14326] ? find_held_lock+0x2b/0x80 [ 731.262138][T14326] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 731.262170][T14326] copy_process+0x7523/0x7a40 [ 731.262197][T14326] ? __pfx_copy_process+0x10/0x10 [ 731.262224][T14326] kernel_clone+0xfc/0x9a0 [ 731.262240][T14326] ? __pfx_futex_wait+0x10/0x10 [ 731.262263][T14326] ? __pfx_kernel_clone+0x10/0x10 [ 731.262291][T14326] __do_sys_clone+0xd9/0x120 [ 731.262307][T14326] ? __pfx___do_sys_clone+0x10/0x10 [ 731.262323][T14326] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 731.262360][T14326] do_syscall_64+0x106/0xf80 [ 731.262379][T14326] ? clear_bhb_loop+0x40/0x90 [ 731.262397][T14326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.262412][T14326] RIP: 0033:0x7f042419c799 [ 731.262426][T14326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 731.262440][T14326] RSP: 002b:00007f04223edfd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 731.262455][T14326] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 731.262464][T14326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 731.262473][T14326] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 731.262482][T14326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.262491][T14326] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 731.262512][T14326] [ 732.868774][T14354] random: crng reseeded on system resumption [ 732.951656][T14354] hub 1-0:1.0: USB hub found [ 732.976821][T14354] hub 1-0:1.0: 1 port detected [ 733.357057][T14362] FAULT_INJECTION: forcing a failure. [ 733.357057][T14362] name failslab, interval 1, probability 0, space 0, times 0 [ 733.405910][T14362] CPU: 0 UID: 0 PID: 14362 Comm: syz.3.2207 Tainted: G U L syzkaller #0 PREEMPT(full) [ 733.405939][T14362] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 733.405945][T14362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 733.405955][T14362] Call Trace: [ 733.405960][T14362] [ 733.405966][T14362] dump_stack_lvl+0x100/0x190 [ 733.405993][T14362] should_fail_ex.cold+0x5/0xa [ 733.406011][T14362] should_failslab+0xc2/0x120 [ 733.406027][T14362] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 733.406049][T14362] ? security_inode_alloc+0x3b/0x2c0 [ 733.406064][T14362] ? lockdep_init_map_type+0x5c/0x250 [ 733.406086][T14362] security_inode_alloc+0x3b/0x2c0 [ 733.406102][T14362] inode_init_always_gfp+0xced/0x1040 [ 733.406120][T14362] alloc_inode+0x8e/0x250 [ 733.406138][T14362] path_from_stashed+0x25b/0x750 [ 733.406153][T14362] ? do_raw_spin_unlock+0x145/0x1e0 [ 733.406177][T14362] ns_get_path+0x60/0x80 [ 733.406193][T14362] proc_ns_get_link+0x121/0x230 [ 733.406213][T14362] ? __pfx_proc_ns_get_link+0x10/0x10 [ 733.406234][T14362] ? atime_needs_update+0x8b/0x6b0 [ 733.406255][T14362] pick_link+0xd17/0x13c0 [ 733.406275][T14362] ? __pfx_proc_ns_get_link+0x10/0x10 [ 733.406297][T14362] step_into_slowpath+0x9ba/0xf90 [ 733.406322][T14362] ? __pfx_step_into_slowpath+0x10/0x10 [ 733.406342][T14362] ? find_held_lock+0x2b/0x80 [ 733.406362][T14362] path_openat+0xf95/0x31a0 [ 733.406383][T14362] ? __pfx_path_openat+0x10/0x10 [ 733.406404][T14362] do_file_open+0x20e/0x430 [ 733.406420][T14362] ? __pfx_do_file_open+0x10/0x10 [ 733.406448][T14362] ? alloc_fd+0x476/0x790 [ 733.406464][T14362] ? do_getname+0x191/0x390 [ 733.406483][T14362] do_sys_openat2+0x10d/0x1e0 [ 733.406502][T14362] ? __pfx_do_sys_openat2+0x10/0x10 [ 733.406521][T14362] ? __fget_files+0x21f/0x3d0 [ 733.406539][T14362] __x64_sys_openat+0x12d/0x210 [ 733.406558][T14362] ? __pfx___x64_sys_openat+0x10/0x10 [ 733.406584][T14362] do_syscall_64+0x106/0xf80 [ 733.406614][T14362] ? clear_bhb_loop+0x40/0x90 [ 733.406633][T14362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 733.406649][T14362] RIP: 0033:0x7f710775cfce [ 733.406662][T14362] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 733.406676][T14362] RSP: 002b:00007f71086efec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 733.406691][T14362] RAX: ffffffffffffffda RBX: 00007f71086f06c0 RCX: 00007f710775cfce [ 733.406701][T14362] RDX: 0000000000000002 RSI: 00007f71086eff90 RDI: ffffffffffffff9c [ 733.406710][T14362] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 733.406718][T14362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 733.406726][T14362] R13: 00007f7107a16038 R14: 00007f7107a15fa0 R15: 00007ffef0536478 [ 733.406746][T14362] [ 733.720790][T14363] Process accounting resumed [ 734.700641][T12719] Bluetooth: hci4: command 0x1003 tx timeout [ 734.708141][T12708] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 737.865796][T14439] FAULT_INJECTION: forcing a failure. [ 737.865796][T14439] name failslab, interval 1, probability 0, space 0, times 0 [ 737.919180][T14439] CPU: 0 UID: 0 PID: 14439 Comm: syz.3.2228 Tainted: G U L syzkaller #0 PREEMPT(full) [ 737.919209][T14439] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 737.919215][T14439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 737.919225][T14439] Call Trace: [ 737.919230][T14439] [ 737.919237][T14439] dump_stack_lvl+0x100/0x190 [ 737.919264][T14439] should_fail_ex.cold+0x5/0xa [ 737.919282][T14439] should_failslab+0xc2/0x120 [ 737.919298][T14439] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 737.919322][T14439] ? fib_notifier_ops_register+0x32/0x270 [ 737.919434][T14439] ? __pfx_ip6mr_net_init+0x10/0x10 [ 737.919480][T14439] kmemdup_noprof+0x29/0x60 [ 737.919505][T14439] fib_notifier_ops_register+0x32/0x270 [ 737.919528][T14439] ? __pfx_ip6mr_net_init+0x10/0x10 [ 737.919546][T14439] ip6mr_net_init+0x5b/0x4a0 [ 737.919564][T14439] ? __pfx_ip6mr_net_init+0x10/0x10 [ 737.919580][T14439] ops_init+0x1e2/0x5f0 [ 737.919603][T14439] setup_net+0x118/0x3a0 [ 737.919624][T14439] ? __pfx_setup_net+0x10/0x10 [ 737.919643][T14439] ? lockdep_init_map_type+0x5c/0x250 [ 737.919663][T14439] ? mutex_init_lockep+0x110/0x150 [ 737.919686][T14439] copy_net_ns+0x46f/0x7c0 [ 737.919701][T14439] create_new_namespaces+0x3ea/0xac0 [ 737.919749][T14439] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 737.919769][T14439] ksys_unshare+0x473/0xad0 [ 737.919790][T14439] ? __pfx_ksys_unshare+0x10/0x10 [ 737.919817][T14439] __x64_sys_unshare+0x31/0x40 [ 737.919835][T14439] do_syscall_64+0x106/0xf80 [ 737.919854][T14439] ? clear_bhb_loop+0x40/0x90 [ 737.919872][T14439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.919888][T14439] RIP: 0033:0x7f710779c799 [ 737.919902][T14439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 737.919917][T14439] RSP: 002b:00007f71086f0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 737.919933][T14439] RAX: ffffffffffffffda RBX: 00007f7107a15fa0 RCX: 00007f710779c799 [ 737.919944][T14439] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 737.919953][T14439] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 737.919962][T14439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.919971][T14439] R13: 00007f7107a16038 R14: 00007f7107a15fa0 R15: 00007ffef0536478 [ 737.919991][T14439] [ 738.860748][T12719] Bluetooth: hci4: command 0x1003 tx timeout [ 738.868681][T12708] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 739.373516][T14454] random: crng reseeded on system resumption [ 742.142760][T12708] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 742.284593][T14512] random: crng reseeded on system resumption [ 742.418887][T14513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2244'. [ 742.435619][T14513] netlink: 13 bytes leftover after parsing attributes in process `syz.3.2244'. [ 743.021626][T14535] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 743.704413][T14549] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 743.915995][T14551] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 744.361608][T14558] FAULT_INJECTION: forcing a failure. [ 744.361608][T14558] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 744.430242][T14558] CPU: 0 UID: 0 PID: 14558 Comm: syz.3.2254 Tainted: G U L syzkaller #0 PREEMPT(full) [ 744.430270][T14558] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 744.430276][T14558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 744.430286][T14558] Call Trace: [ 744.430291][T14558] [ 744.430298][T14558] dump_stack_lvl+0x100/0x190 [ 744.430326][T14558] should_fail_ex.cold+0x5/0xa [ 744.430341][T14558] ? prepare_alloc_pages+0x16d/0x5f0 [ 744.430359][T14558] should_fail_alloc_page+0xeb/0x140 [ 744.430377][T14558] prepare_alloc_pages+0x1f0/0x5f0 [ 744.430400][T14558] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 744.430427][T14558] ? kasan_save_stack+0x3f/0x50 [ 744.430447][T14558] ? kasan_save_stack+0x30/0x50 [ 744.430467][T14558] ? kasan_save_track+0x14/0x30 [ 744.430487][T14558] ? __kasan_slab_alloc+0x89/0x90 [ 744.430500][T14558] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 744.430520][T14558] ? ptlock_alloc+0x1f/0x70 [ 744.430538][T14558] ? pte_alloc_one+0x82/0x3d0 [ 744.430552][T14558] ? __pte_alloc+0x6d/0x3e0 [ 744.430587][T14558] ? copy_page_range+0x3e51/0x6570 [ 744.430605][T14558] ? dup_mmap+0xd25/0x2180 [ 744.430621][T14558] ? copy_process+0x7523/0x7a40 [ 744.430637][T14558] ? kernel_clone+0xfc/0x9a0 [ 744.430653][T14558] ? __do_sys_clone+0xd9/0x120 [ 744.430670][T14558] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 744.430697][T14558] ? look_up_lock_class+0x55/0x120 [ 744.430722][T14558] ? __lock_acquire+0x4a5/0x2630 [ 744.430742][T14558] ? look_up_lock_class+0x55/0x120 [ 744.430761][T14558] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 744.430790][T14558] ? policy_nodemask+0xed/0x4f0 [ 744.430807][T14558] alloc_pages_mpol+0x1fb/0x550 [ 744.430824][T14558] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 744.430838][T14558] ? page_table_check_set+0x49a/0xa10 [ 744.430858][T14558] alloc_pages_noprof+0x131/0x390 [ 744.430874][T14558] pte_alloc_one+0x1c/0x3d0 [ 744.430891][T14558] __pte_alloc+0x6d/0x3e0 [ 744.430906][T14558] ? __pfx___pte_alloc+0x10/0x10 [ 744.430920][T14558] ? __pfx___might_resched+0x10/0x10 [ 744.430940][T14558] ? copy_page_range+0x1e9d/0x6570 [ 744.430961][T14558] copy_page_range+0x3e51/0x6570 [ 744.431002][T14558] ? __pfx_copy_page_range+0x10/0x10 [ 744.431027][T14558] ? __pfx___might_resched+0x10/0x10 [ 744.431055][T14558] ? up_write+0x290/0x4f0 [ 744.431077][T14558] dup_mmap+0xd25/0x2180 [ 744.431101][T14558] ? __pfx_dup_mmap+0x10/0x10 [ 744.431117][T14558] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 744.431141][T14558] ? __lock_acquire+0x4a5/0x2630 [ 744.431159][T14558] ? find_held_lock+0x2b/0x80 [ 744.431172][T14558] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 744.431204][T14558] copy_process+0x7523/0x7a40 [ 744.431231][T14558] ? __pfx_copy_process+0x10/0x10 [ 744.431258][T14558] kernel_clone+0xfc/0x9a0 [ 744.431274][T14558] ? __pfx_futex_wait+0x10/0x10 [ 744.431297][T14558] ? __pfx_kernel_clone+0x10/0x10 [ 744.431324][T14558] __do_sys_clone+0xd9/0x120 [ 744.431341][T14558] ? __pfx___do_sys_clone+0x10/0x10 [ 744.431357][T14558] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 744.431394][T14558] do_syscall_64+0x106/0xf80 [ 744.431412][T14558] ? clear_bhb_loop+0x40/0x90 [ 744.431430][T14558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.431445][T14558] RIP: 0033:0x7f710779c799 [ 744.431459][T14558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 744.431473][T14558] RSP: 002b:00007f71086effd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 744.431489][T14558] RAX: ffffffffffffffda RBX: 00007f7107a15fa0 RCX: 00007f710779c799 [ 744.431499][T14558] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 744.431508][T14558] RBP: 00007f7107832c99 R08: 0000000000000000 R09: 0000000000000000 [ 744.431517][T14558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 744.431526][T14558] R13: 00007f7107a16038 R14: 00007f7107a15fa0 R15: 00007ffef0536478 [ 744.431546][T14558] [ 745.757234][T14548] Process accounting paused [ 746.757999][T14576] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 746.791050][T14579] random: crng reseeded on system resumption [ 747.267953][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.274791][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.089609][T14645] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 750.108163][T14637] FAULT_INJECTION: forcing a failure. [ 750.108163][T14637] name failslab, interval 1, probability 0, space 0, times 0 [ 750.154060][T14637] CPU: 0 UID: 0 PID: 14637 Comm: syz.2.2272 Tainted: G U L syzkaller #0 PREEMPT(full) [ 750.154088][T14637] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 750.154094][T14637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 750.154103][T14637] Call Trace: [ 750.154108][T14637] [ 750.154114][T14637] dump_stack_lvl+0x100/0x190 [ 750.154139][T14637] should_fail_ex.cold+0x5/0xa [ 750.154156][T14637] should_failslab+0xc2/0x120 [ 750.154171][T14637] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 750.154191][T14637] ? taskstats_exit+0x650/0xbd0 [ 750.154216][T14637] taskstats_exit+0x650/0xbd0 [ 750.154237][T14637] ? __pfx_acct_update_integrals+0x10/0x10 [ 750.154251][T14637] ? __pfx_taskstats_exit+0x10/0x10 [ 750.154272][T14637] ? rcu_read_lock_any_held+0x6a/0xa0 [ 750.154286][T14637] ? exit_signals+0x395/0xaf0 [ 750.154302][T14637] do_exit+0x659/0x2b60 [ 750.154323][T14637] ? __pfx_do_exit+0x10/0x10 [ 750.154340][T14637] ? do_raw_spin_lock+0x128/0x260 [ 750.154359][T14637] ? find_held_lock+0x2b/0x80 [ 750.154371][T14637] ? get_signal+0x7e0/0x21e0 [ 750.154387][T14637] do_group_exit+0xd5/0x2a0 [ 750.154406][T14637] get_signal+0x1ec7/0x21e0 [ 750.154426][T14637] ? __pfx_get_signal+0x10/0x10 [ 750.154441][T14637] ? do_futex+0x192/0x350 [ 750.154461][T14637] arch_do_signal_or_restart+0x91/0x770 [ 750.154479][T14637] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 750.154501][T14637] ? __pfx___x64_sys_futex+0x10/0x10 [ 750.154522][T14637] exit_to_user_mode_loop+0x86/0x4a0 [ 750.154542][T14637] do_syscall_64+0x668/0xf80 [ 750.154560][T14637] ? clear_bhb_loop+0x40/0x90 [ 750.154577][T14637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.154591][T14637] RIP: 0033:0x7f8f3bf9c799 [ 750.154604][T14637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 750.154617][T14637] RSP: 002b:00007f8f3cd710e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 750.154631][T14637] RAX: fffffffffffffe00 RBX: 00007f8f3c216098 RCX: 00007f8f3bf9c799 [ 750.154640][T14637] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8f3c216098 [ 750.154649][T14637] RBP: 00007f8f3c216090 R08: 0000000000000000 R09: 0000000000000000 [ 750.154657][T14637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.154665][T14637] R13: 00007f8f3c216128 R14: 00007fffeac822e0 R15: 00007fffeac823c8 [ 750.154683][T14637] [ 750.401678][T14646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2274'. [ 750.467676][T14646] HfR: entered promiscuous mode [ 751.770080][T14663] FAULT_INJECTION: forcing a failure. [ 751.770080][T14663] name failslab, interval 1, probability 0, space 0, times 0 [ 751.840729][T14663] CPU: 0 UID: 0 PID: 14663 Comm: syz.2.2279 Tainted: G U L syzkaller #0 PREEMPT(full) [ 751.840759][T14663] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 751.840765][T14663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 751.840775][T14663] Call Trace: [ 751.840783][T14663] [ 751.840789][T14663] dump_stack_lvl+0x100/0x190 [ 751.840816][T14663] should_fail_ex.cold+0x5/0xa [ 751.840834][T14663] ? __netlink_kernel_create+0x181/0x750 [ 751.840856][T14663] should_failslab+0xc2/0x120 [ 751.840872][T14663] __kmalloc_noprof+0xe0/0x850 [ 751.840897][T14663] __netlink_kernel_create+0x181/0x750 [ 751.840919][T14663] ? _raw_write_unlock+0x28/0x50 [ 751.840939][T14663] ? __pfx___netlink_kernel_create+0x10/0x10 [ 751.840962][T14663] ? proc_create_reg+0xd7/0x170 [ 751.840989][T14663] xfrm_user_net_init+0xc6/0x190 [ 751.841103][T14663] ? __pfx_xfrm_user_net_init+0x10/0x10 [ 751.841126][T14663] ? __pfx_xfrm_netlink_rcv+0x10/0x10 [ 751.841148][T14663] ? __pfx_tls_init_net+0x10/0x10 [ 751.841212][T14663] ? tls_proc_init+0x59/0x70 [ 751.841235][T14663] ? __pfx_xfrm_user_net_init+0x10/0x10 [ 751.841256][T14663] ops_init+0x1e2/0x5f0 [ 751.841283][T14663] setup_net+0x118/0x3a0 [ 751.841311][T14663] ? __pfx_setup_net+0x10/0x10 [ 751.841330][T14663] ? lockdep_init_map_type+0x5c/0x250 [ 751.841350][T14663] ? mutex_init_lockep+0x110/0x150 [ 751.841373][T14663] copy_net_ns+0x46f/0x7c0 [ 751.841388][T14663] create_new_namespaces+0x3ea/0xac0 [ 751.841409][T14663] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 751.841426][T14663] ksys_unshare+0x473/0xad0 [ 751.841445][T14663] ? __pfx_ksys_unshare+0x10/0x10 [ 751.841471][T14663] __x64_sys_unshare+0x31/0x40 [ 751.841491][T14663] do_syscall_64+0x106/0xf80 [ 751.841511][T14663] ? clear_bhb_loop+0x40/0x90 [ 751.841529][T14663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.841544][T14663] RIP: 0033:0x7f8f3bf9c799 [ 751.841557][T14663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.841572][T14663] RSP: 002b:00007f8f3cd92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 751.841587][T14663] RAX: ffffffffffffffda RBX: 00007f8f3c215fa0 RCX: 00007f8f3bf9c799 [ 751.841598][T14663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 751.841608][T14663] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 751.841618][T14663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.841627][T14663] R13: 00007f8f3c216038 R14: 00007f8f3c215fa0 R15: 00007fffeac823c8 [ 751.841647][T14663] [ 752.621568][T12719] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 754.632753][T14722] FAULT_INJECTION: forcing a failure. [ 754.632753][T14722] name failslab, interval 1, probability 0, space 0, times 0 [ 754.760177][T14722] CPU: 0 UID: 0 PID: 14722 Comm: syz.2.2290 Tainted: G U L syzkaller #0 PREEMPT(full) [ 754.760206][T14722] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 754.760212][T14722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 754.760222][T14722] Call Trace: [ 754.760227][T14722] [ 754.760234][T14722] dump_stack_lvl+0x100/0x190 [ 754.760262][T14722] should_fail_ex.cold+0x5/0xa [ 754.760281][T14722] should_failslab+0xc2/0x120 [ 754.760297][T14722] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 754.760318][T14722] ? ptlock_alloc+0x1f/0x70 [ 754.760341][T14722] ptlock_alloc+0x1f/0x70 [ 754.760360][T14722] pte_alloc_one+0x82/0x3d0 [ 754.760377][T14722] __pte_alloc+0x6d/0x3e0 [ 754.760395][T14722] ? __pfx___pte_alloc+0x10/0x10 [ 754.760409][T14722] ? __pfx___might_resched+0x10/0x10 [ 754.760429][T14722] ? copy_page_range+0x1e9d/0x6570 [ 754.760451][T14722] copy_page_range+0x3e51/0x6570 [ 754.760493][T14722] ? __pfx_copy_page_range+0x10/0x10 [ 754.760519][T14722] ? __pfx___might_resched+0x10/0x10 [ 754.760546][T14722] ? up_write+0x290/0x4f0 [ 754.760569][T14722] dup_mmap+0xd25/0x2180 [ 754.760594][T14722] ? __pfx_dup_mmap+0x10/0x10 [ 754.760609][T14722] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 754.760633][T14722] ? __lock_acquire+0x4a5/0x2630 [ 754.760652][T14722] ? find_held_lock+0x2b/0x80 [ 754.760665][T14722] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 754.760698][T14722] copy_process+0x7523/0x7a40 [ 754.760724][T14722] ? __pfx_copy_process+0x10/0x10 [ 754.760741][T14722] ? find_held_lock+0x2b/0x80 [ 754.760758][T14722] ? futex_private_hash_put+0x107/0x1c0 [ 754.760783][T14722] kernel_clone+0xfc/0x9a0 [ 754.760802][T14722] ? __pfx_kernel_clone+0x10/0x10 [ 754.760829][T14722] __do_sys_clone+0xd9/0x120 [ 754.760846][T14722] ? __pfx___do_sys_clone+0x10/0x10 [ 754.760862][T14722] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 754.760899][T14722] do_syscall_64+0x106/0xf80 [ 754.760918][T14722] ? clear_bhb_loop+0x40/0x90 [ 754.760936][T14722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.760951][T14722] RIP: 0033:0x7f8f3bf9c799 [ 754.760964][T14722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 754.760979][T14722] RSP: 002b:00007f8f3cd91fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 754.760994][T14722] RAX: ffffffffffffffda RBX: 00007f8f3c215fa0 RCX: 00007f8f3bf9c799 [ 754.761003][T14722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 754.761011][T14722] RBP: 00007f8f3c032c99 R08: 0000000000000000 R09: 0000000000000000 [ 754.761020][T14722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 754.761028][T14722] R13: 00007f8f3c216038 R14: 00007f8f3c215fa0 R15: 00007fffeac823c8 [ 754.761049][T14722] [ 755.319141][T14738] FAULT_INJECTION: forcing a failure. [ 755.319141][T14738] name failslab, interval 1, probability 0, space 0, times 0 [ 755.362803][T14738] CPU: 0 UID: 0 PID: 14738 Comm: syz.0.2297 Tainted: G U L syzkaller #0 PREEMPT(full) [ 755.362833][T14738] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 755.362839][T14738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 755.362849][T14738] Call Trace: [ 755.362854][T14738] [ 755.362860][T14738] dump_stack_lvl+0x100/0x190 [ 755.362887][T14738] should_fail_ex.cold+0x5/0xa [ 755.362905][T14738] should_failslab+0xc2/0x120 [ 755.362921][T14738] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 755.362941][T14738] ? sk_prot_alloc+0x60/0x2a0 [ 755.362959][T14738] sk_prot_alloc+0x60/0x2a0 [ 755.362975][T14738] sk_alloc+0x36/0xe80 [ 755.362993][T14738] inet6_create+0x385/0x12b0 [ 755.363091][T14738] ? inet6_create+0x7f/0x12b0 [ 755.363114][T14738] __sock_create+0x339/0x860 [ 755.363133][T14738] inet_ctl_sock_create+0x94/0x230 [ 755.363149][T14738] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 755.363166][T14738] ? __asan_memcpy+0x3c/0x60 [ 755.363187][T14738] ? __pfx_tcpv6_net_init+0x10/0x10 [ 755.363277][T14738] tcpv6_net_init+0x31/0xc0 [ 755.363299][T14738] ops_init+0x1e2/0x5f0 [ 755.363323][T14738] setup_net+0x118/0x3a0 [ 755.363344][T14738] ? __pfx_setup_net+0x10/0x10 [ 755.363363][T14738] ? lockdep_init_map_type+0x5c/0x250 [ 755.363383][T14738] ? mutex_init_lockep+0x110/0x150 [ 755.363405][T14738] copy_net_ns+0x46f/0x7c0 [ 755.363421][T14738] create_new_namespaces+0x3ea/0xac0 [ 755.363442][T14738] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 755.363459][T14738] ksys_unshare+0x473/0xad0 [ 755.363478][T14738] ? __pfx_ksys_unshare+0x10/0x10 [ 755.363503][T14738] __x64_sys_unshare+0x31/0x40 [ 755.363520][T14738] do_syscall_64+0x106/0xf80 [ 755.363540][T14738] ? clear_bhb_loop+0x40/0x90 [ 755.363558][T14738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.363574][T14738] RIP: 0033:0x7f042419c799 [ 755.363588][T14738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 755.363610][T14738] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 755.363626][T14738] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 755.363636][T14738] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 755.363645][T14738] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 755.363654][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.363663][T14738] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 755.363684][T14738] [ 756.781050][T12708] Bluetooth: hci4: command 0x1003 tx timeout [ 756.787694][T12719] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 760.523474][T14801] FAULT_INJECTION: forcing a failure. [ 760.523474][T14801] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 760.573852][T14801] CPU: 0 UID: 0 PID: 14801 Comm: syz.1.2311 Tainted: G U L syzkaller #0 PREEMPT(full) [ 760.573881][T14801] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 760.573887][T14801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 760.573896][T14801] Call Trace: [ 760.573901][T14801] [ 760.573908][T14801] dump_stack_lvl+0x100/0x190 [ 760.573935][T14801] should_fail_ex.cold+0x5/0xa [ 760.573955][T14801] ? prepare_alloc_pages+0x16d/0x5f0 [ 760.573975][T14801] should_fail_alloc_page+0xeb/0x140 [ 760.573993][T14801] prepare_alloc_pages+0x1f0/0x5f0 [ 760.574014][T14801] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 760.574041][T14801] ? kasan_save_stack+0x3f/0x50 [ 760.574061][T14801] ? kasan_save_stack+0x30/0x50 [ 760.574081][T14801] ? kasan_save_track+0x14/0x30 [ 760.574101][T14801] ? __kasan_slab_alloc+0x89/0x90 [ 760.574114][T14801] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 760.574134][T14801] ? ptlock_alloc+0x1f/0x70 [ 760.574161][T14801] ? pte_alloc_one+0x82/0x3d0 [ 760.574177][T14801] ? __pte_alloc+0x6d/0x3e0 [ 760.574190][T14801] ? copy_page_range+0x3e51/0x6570 [ 760.574208][T14801] ? dup_mmap+0xd25/0x2180 [ 760.574224][T14801] ? copy_process+0x7523/0x7a40 [ 760.574240][T14801] ? kernel_clone+0xfc/0x9a0 [ 760.574254][T14801] ? __do_sys_clone+0xd9/0x120 [ 760.574270][T14801] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 760.574296][T14801] ? look_up_lock_class+0x55/0x120 [ 760.574321][T14801] ? __lock_acquire+0x4a5/0x2630 [ 760.574341][T14801] ? look_up_lock_class+0x55/0x120 [ 760.574359][T14801] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 760.574386][T14801] ? policy_nodemask+0xed/0x4f0 [ 760.574403][T14801] alloc_pages_mpol+0x1fb/0x550 [ 760.574419][T14801] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 760.574433][T14801] ? page_table_check_set+0x49a/0xa10 [ 760.574453][T14801] alloc_pages_noprof+0x131/0x390 [ 760.574469][T14801] pte_alloc_one+0x1c/0x3d0 [ 760.574485][T14801] __pte_alloc+0x6d/0x3e0 [ 760.574499][T14801] ? __pfx___pte_alloc+0x10/0x10 [ 760.574513][T14801] ? __pfx___might_resched+0x10/0x10 [ 760.574533][T14801] ? copy_page_range+0x1e9d/0x6570 [ 760.574554][T14801] copy_page_range+0x3e51/0x6570 [ 760.574595][T14801] ? __pfx_copy_page_range+0x10/0x10 [ 760.574621][T14801] ? __pfx___might_resched+0x10/0x10 [ 760.574648][T14801] ? up_write+0x290/0x4f0 [ 760.574670][T14801] dup_mmap+0xd25/0x2180 [ 760.574695][T14801] ? __pfx_dup_mmap+0x10/0x10 [ 760.574710][T14801] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 760.574733][T14801] ? __lock_acquire+0x4a5/0x2630 [ 760.574752][T14801] ? find_held_lock+0x2b/0x80 [ 760.574765][T14801] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 760.574797][T14801] copy_process+0x7523/0x7a40 [ 760.574828][T14801] ? __pfx_copy_process+0x10/0x10 [ 760.574854][T14801] kernel_clone+0xfc/0x9a0 [ 760.574870][T14801] ? __pfx_futex_wait+0x10/0x10 [ 760.574892][T14801] ? __pfx_kernel_clone+0x10/0x10 [ 760.574920][T14801] __do_sys_clone+0xd9/0x120 [ 760.574937][T14801] ? __pfx___do_sys_clone+0x10/0x10 [ 760.574953][T14801] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 760.574990][T14801] do_syscall_64+0x106/0xf80 [ 760.575009][T14801] ? clear_bhb_loop+0x40/0x90 [ 760.575027][T14801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.575043][T14801] RIP: 0033:0x7ff69d99c799 [ 760.575056][T14801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 760.575071][T14801] RSP: 002b:00007ff69e834fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 760.575086][T14801] RAX: ffffffffffffffda RBX: 00007ff69dc15fa0 RCX: 00007ff69d99c799 [ 760.575096][T14801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 760.575105][T14801] RBP: 00007ff69da32c99 R08: 0000000000000000 R09: 0000000000000000 [ 760.575114][T14801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.575123][T14801] R13: 00007ff69dc16038 R14: 00007ff69dc15fa0 R15: 00007ffec094ee28 [ 760.575150][T14801] [ 762.224389][T14826] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 762.343473][T14832] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 763.814438][T14818] Process accounting paused [ 764.113057][T14850] hugetlbfs: syz.2.2324 (14850): Using mlock ulimits for SHM_HUGETLB is obsolete [ 766.807736][T14903] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 766.886532][T14903] ptp ptp0: new virtual clock ptp2 [ 766.942205][T14903] ptp ptp0: new virtual clock ptp3 [ 766.990573][T14903] ptp ptp0: guarantee physical clock free running [ 767.794767][T14923] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 767.912178][T14925] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 769.740515][T12708] Bluetooth: hci4: command 0x1003 tx timeout [ 769.747190][T12719] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 770.014636][T14962] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2351'. [ 770.059509][T14962] netlink: 'syz.1.2351': attribute type 1 has an invalid length. [ 770.091147][T14962] netlink: 'syz.1.2351': attribute type 6 has an invalid length. [ 775.890048][T15064] Process accounting resumed [ 776.089719][T15072] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 780.154048][T15160] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 780.316807][T15163] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 784.515440][T15219] block2mtd: illegal erase size [ 784.817933][T15222] FAULT_INJECTION: forcing a failure. [ 784.817933][T15222] name failslab, interval 1, probability 0, space 0, times 0 [ 784.935077][T15222] CPU: 0 UID: 0 PID: 15222 Comm: syz.0.2422 Tainted: G U L syzkaller #0 PREEMPT(full) [ 784.935107][T15222] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 784.935113][T15222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 784.935122][T15222] Call Trace: [ 784.935128][T15222] [ 784.935135][T15222] dump_stack_lvl+0x100/0x190 [ 784.935163][T15222] should_fail_ex.cold+0x5/0xa [ 784.935181][T15222] ? cache_create_net+0xa2/0x1f0 [ 784.935295][T15222] should_failslab+0xc2/0x120 [ 784.935312][T15222] __kmalloc_noprof+0xe0/0x850 [ 784.935338][T15222] cache_create_net+0xa2/0x1f0 [ 784.935359][T15222] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 784.935420][T15222] gss_svc_init_net+0x69/0x640 [ 784.935438][T15222] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 784.935503][T15222] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 784.935523][T15222] ops_init+0x1e2/0x5f0 [ 784.935548][T15222] setup_net+0x118/0x3a0 [ 784.935569][T15222] ? __pfx_setup_net+0x10/0x10 [ 784.935589][T15222] ? lockdep_init_map_type+0x5c/0x250 [ 784.935609][T15222] ? mutex_init_lockep+0x110/0x150 [ 784.935632][T15222] copy_net_ns+0x46f/0x7c0 [ 784.935647][T15222] create_new_namespaces+0x3ea/0xac0 [ 784.935668][T15222] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 784.935685][T15222] ksys_unshare+0x473/0xad0 [ 784.935705][T15222] ? __pfx_ksys_unshare+0x10/0x10 [ 784.935730][T15222] __x64_sys_unshare+0x31/0x40 [ 784.935747][T15222] do_syscall_64+0x106/0xf80 [ 784.935767][T15222] ? clear_bhb_loop+0x40/0x90 [ 784.935785][T15222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.935800][T15222] RIP: 0033:0x7f042419c799 [ 784.935822][T15222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 784.935838][T15222] RSP: 002b:00007f04223ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 784.935854][T15222] RAX: ffffffffffffffda RBX: 00007f0424415fa0 RCX: 00007f042419c799 [ 784.935865][T15222] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 784.935874][T15222] RBP: 00007f0424232c99 R08: 0000000000000000 R09: 0000000000000000 [ 784.935884][T15222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 784.935894][T15222] R13: 00007f0424416038 R14: 00007f0424415fa0 R15: 00007ffff7897168 [ 784.935915][T15222] [ 786.017912][T15235] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2425'. [ 787.156294][T15261] random: crng reseeded on system resumption [ 789.089047][T15300] can0: slcan on ttyS2. [ 789.343093][T15305] can0 (unregistered): slcan off ttyS2. [ 791.133403][T15354] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 791.944337][T15342] random: crng reseeded on system resumption [ 795.325494][T15411] Process accounting resumed [ 795.771446][T15442] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 795.926208][T15442] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 803.363650][T15580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2509'. [ 803.455387][T15583] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2509'. [ 805.759549][T15614] can: request_module (can-proto-5) failed. [ 806.056604][T15617] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2520'. [ 806.250592][T15607] Process accounting paused [ 806.841157][T12719] Bluetooth: hci1: unexpected event 0x32 length: 727 > 9 [ 806.871491][T15632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2526'. [ 807.014597][T15638] netlink: 'syz.2.2526': attribute type 1 has an invalid length. [ 807.085201][T15638] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2526'. [ 808.703873][ T31] INFO: task kworker/u8:7:1006 blocked for more than 143 seconds. [ 808.720843][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.727176][ T31] Tainted: G U L syzkaller #0 [ 808.734238][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.759540][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 808.803792][ T31] task:kworker/u8:7 state:D stack:23384 pid:1006 tgid:1006 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 808.848047][ T31] Workqueue: netns cleanup_net [ 808.864007][ T31] Call Trace: [ 808.876154][ T31] [ 808.887036][ T31] __schedule+0xfee/0x6120 [ 808.906227][ T31] ? __lock_acquire+0x4a5/0x2630 [ 808.922930][ T31] ? __pfx___schedule+0x10/0x10 [ 808.942440][ T31] ? find_held_lock+0x2b/0x80 [ 808.958687][ T31] ? schedule+0x2bf/0x390 [ 808.972272][ T31] schedule+0xdd/0x390 [ 808.986834][ T31] schedule_timeout+0x1b2/0x280 [ 809.004594][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 809.026043][ T31] ? mark_held_locks+0x40/0x70 [ 809.043444][ T31] __wait_for_common+0x2e7/0x4c0 [ 809.060494][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 809.078766][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 809.098868][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 809.124931][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 809.147657][ T31] __flush_workqueue+0x3f7/0x1200 [ 809.168826][ T31] ? __lock_acquire+0x4a5/0x2630 [ 809.189501][ T31] ? __lock_acquire+0x4a5/0x2630 [ 809.210291][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 809.233503][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 809.253848][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 809.276705][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 809.296810][ T31] rds_tcp_listen_stop+0x104/0x160 [ 809.319984][ T31] rds_tcp_exit_net+0xe0/0x870 [ 809.337392][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 809.357486][ T31] ? __pfx___might_resched+0x10/0x10 [ 809.376350][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 809.397004][ T31] ops_undo_list+0x2ee/0xab0 [ 809.413634][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 809.432941][ T31] ? cleanup_net+0x332/0x920 [ 809.441405][ T31] ? idr_destroy+0x62/0x2e0 [ 809.453763][ T31] cleanup_net+0x499/0x920 [ 809.466070][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 809.476763][ T31] ? rcu_is_watching+0x12/0xc0 [ 809.489328][ T31] process_one_work+0xa23/0x19a0 [ 809.505037][ T31] ? __pfx_process_one_work+0x10/0x10 [ 809.516883][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 809.529325][ T31] worker_thread+0x5ef/0xe50 [ 809.537356][ T31] ? kthread+0x13a/0x450 [ 809.549569][ T31] ? __pfx_worker_thread+0x10/0x10 [ 809.565280][ T31] kthread+0x370/0x450 [ 809.575578][ T31] ? __pfx_kthread+0x10/0x10 [ 809.590321][ T31] ret_from_fork+0x754/0xd80 [ 809.602084][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 809.616540][ T31] ? __switch_to+0x7b4/0x1120 [ 809.630475][ T31] ? __pfx_kthread+0x10/0x10 [ 809.640761][ T31] ret_from_fork_asm+0x1a/0x30 [ 809.653314][ T31] [ 809.661032][ T31] [ 809.661032][ T31] Showing all locks held in the system: [ 809.715678][ T31] 1 lock held by khungtaskd/31: [ 809.729835][ T31] #0: ffffffff8e7e74e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 809.755111][ T31] 3 locks held by kworker/u8:7/1006: [ 809.770522][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 809.789793][ T31] #1: ffffc90004627d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 809.810062][ T31] #2: ffffffff905fb950 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 809.832572][ T31] 1 lock held by syz.0.2492/15508: [ 809.843177][ T31] #0: ffffffff905fb950 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 809.863090][ T31] [ 809.867674][ T31] ============================================= [ 809.867674][ T31] [ 809.893926][ T31] NMI backtrace for cpu 0 [ 809.893944][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 809.893966][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 809.893971][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 809.893979][ T31] Call Trace: [ 809.893984][ T31] [ 809.893990][ T31] dump_stack_lvl+0x100/0x190 [ 809.894015][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 809.894036][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 809.894056][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 809.894075][ T31] sys_info+0x141/0x190 [ 809.894165][ T31] watchdog+0xd25/0x1050 [ 809.894185][ T31] ? __pfx_watchdog+0x10/0x10 [ 809.894199][ T31] ? __kthread_parkme+0x18c/0x230 [ 809.894216][ T31] ? kthread+0x13a/0x450 [ 809.894232][ T31] ? __pfx_watchdog+0x10/0x10 [ 809.894244][ T31] kthread+0x370/0x450 [ 809.894260][ T31] ? __pfx_kthread+0x10/0x10 [ 809.894279][ T31] ret_from_fork+0x754/0xd80 [ 809.894299][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 809.894320][ T31] ? __switch_to+0x7b4/0x1120 [ 809.894335][ T31] ? __pfx_kthread+0x10/0x10 [ 809.894353][ T31] ret_from_fork_asm+0x1a/0x30 [ 809.894377][ T31] [ 810.156094][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 810.162997][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 810.173663][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 810.178839][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 810.188880][ T31] Call Trace: [ 810.192146][ T31] [ 810.195058][ T31] dump_stack_lvl+0x100/0x190 [ 810.199724][ T31] vpanic+0x552/0x970 [ 810.203687][ T31] ? __pfx_vpanic+0x10/0x10 [ 810.208171][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 810.214314][ T31] panic+0xd1/0xe0 [ 810.218016][ T31] ? __pfx_panic+0x10/0x10 [ 810.222411][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 810.228553][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 810.234687][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 810.240824][ T31] ? watchdog.cold+0x198/0x1ca [ 810.245568][ T31] ? watchdog+0xd35/0x1050 [ 810.250061][ T31] watchdog.cold+0x1a9/0x1ca [ 810.254666][ T31] ? __pfx_watchdog+0x10/0x10 [ 810.259355][ T31] ? __kthread_parkme+0x18c/0x230 [ 810.264373][ T31] ? kthread+0x13a/0x450 [ 810.268601][ T31] ? __pfx_watchdog+0x10/0x10 [ 810.273261][ T31] kthread+0x370/0x450 [ 810.277314][ T31] ? __pfx_kthread+0x10/0x10 [ 810.281902][ T31] ret_from_fork+0x754/0xd80 [ 810.286481][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 810.291587][ T31] ? __switch_to+0x7b4/0x1120 [ 810.296256][ T31] ? __pfx_kthread+0x10/0x10 [ 810.300833][ T31] ret_from_fork_asm+0x1a/0x30 [ 810.305586][ T31] [ 810.308655][ T31] Kernel Offset: disabled [ 810.312974][ T31] Rebooting in 86400 seconds..