last executing test programs: 7.007171101s ago: executing program 2 (id=3425): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram2/partscan\x00', 0x80200, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0x11, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000280)={0x4, 0xfc, 0x6, 0x3, 0x7f, 0x80, &(0x7f0000000180)="2bb5abdb977cf4ebec604e719e3bc8d34ed9b8b0b8032cc19c0c8bf6a4e969e38390edbf66cd1cb6501458ef76fc5bb39e5c945d2153ea364bd19f6a4ab35e5031b541e5fb3fbafb67432a1a9ef0"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x6, 0x100000000000000c, 0x8, 0xd2d, 0x1, 0x9, 0x2, 0x4000000000000d]}, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r1, 0x0, 0x401006, 0x4015, 0x0) ioctl$auto(0x3, 0x80108907, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x40000eb1, 0x0, 0x8000) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) write$auto(0xffffffffffffffff, 0x0, 0x81) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mlockall$auto(0x7) 5.72664912s ago: executing program 3 (id=3432): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram2/partscan\x00', 0x80200, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x0, 0x0) read$auto_ftrace_event_filter_fops_trace_events(r0, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000280)={0x4, 0xfc, 0x6, 0x3, 0x7f, 0x80, &(0x7f0000000180)="2bb5abdb977cf4ebec604e719e3bc8d34ed9b8b0b8032cc19c0c8bf6a4e969e38390edbf66cd1cb6501458ef76fc5bb39e5c945d2153ea364bd19f6a4ab35e5031b541e5fb3fbafb67432a1a9ef0"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x6, 0x100000000000000c, 0x8, 0xd2d, 0x1, 0x9, 0x2, 0x4000000000000d]}, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r2, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) ioctl$auto(0x3, 0x80108907, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x40000eb1, 0x0, 0x8000) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) write$auto(0xffffffffffffffff, 0x0, 0x81) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mlockall$auto(0x7) 5.258463898s ago: executing program 1 (id=3436): waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0xd, 0xd, 0x48, @_sigchld={0x0, 0xffffffffffffffff, 0x9, 0xd}}}, 0x9, &(0x7f0000000180)={{0xff, 0x3}, {0x0, 0xc1}, 0x655b, 0x20000000007fff, 0x7fffffffffffffff, 0x8000000000000000, 0x8, 0x6e1, 0x6, 0x4, 0xfffffffffffffff7, 0x83, 0x1, 0x3, 0x6a, 0x9}) ptrace$auto_PTRACE_SETFPREGS(0xf, r0, 0x10, 0x79c7) ptrace$auto_PTRACE_PEEKTEXT(0x1, r0, 0x0, 0x78e9) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000540)={0xffffffffffffffff, &(0x7f0000000280), 0x400, 0x0, 0x3, 0x0, 0x0}) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r1, 0x64c6, 0x1e2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/loop5/queue/discard_max_bytes\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim0/ieee80211/phy0/name\x00', 0xac00, 0x0) ioctl$auto(0x4000000000000c8, 0x400454c8, 0x6f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0xa5c, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x1487}, 0x1fe, 0xd) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x881) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x303, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) listen$auto(0x3, 0x0) shutdown$auto(0x200000003, 0x2) ioctl$auto(r2, 0xc008af12, r2) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.789309046s ago: executing program 2 (id=3438): r0 = pidfd_open$auto(0x1, 0x0) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD_GROUP(r0, 0x8, &(0x7f0000000440)={@siginfo_0_0={0x8, 0x80, 0x676164a5, @_rt={0x0, 0x0, @sival_ptr=0x0}}}, 0x2) 4.090652674s ago: executing program 2 (id=3441): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a) mkdirat$auto(r0, &(0x7f0000000080)='./cgroup\x00', 0x9) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_EPCS_CFG(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x2, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0xa}]}, 0x1c}}, 0x40000) r2 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/error_log\x00', 0x2, 0x0) close_range$auto(r2, r2, 0x8) socket(0x10, 0x2, 0x0) r3 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_NFSD_CMD_POOL_MODE_GET(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8050) recvmmsg$auto(0x3, 0x0, 0x10700, 0x0, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) connect$auto(r3, 0x0, 0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40000c, 0x45bd, 0x9b72, 0x2, 0x8000) 4.085821871s ago: executing program 3 (id=3442): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="c79f25bd7000ffdbdf250ee4000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) readv$auto(0x3, &(0x7f0000000600)={&(0x7f0000000540), 0xc}, 0x1da) 3.992105489s ago: executing program 0 (id=3443): mlockall$auto(0x1) mprotect$auto(0x1ffffffff000, 0x100004, 0x6) openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, 0x0, 0x169a02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) inotify_init1$auto(0x3000000000000) r2 = gettid() rt_sigqueueinfo$auto(r2, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={r2, 0xd, @sival_ptr=0x0, 0x62}}}) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, 0x0, 0x28400, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r4, 0x805, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) (fail_nth: 1) unshare$auto(0x20000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x20401, 0x0) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0x40047440, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20240, 0x0) socket(0xa, 0x5, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000012c0)={{@inferred, 0x1, 0x2, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b620200f764f9", @raw=0x1000}, 0x0, @integer64=@value_ptr=0x0, "528d458095d42b72adda0cac2d45bdaacf03000000000000008bf00ab57d5d73b094925aa92857fd2f672f85343275f80841c6cac1ba3023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8133ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c2"}) 3.966230993s ago: executing program 3 (id=3444): mlockall$auto(0x1) mprotect$auto(0x1ffffffff000, 0x100004, 0x6) openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, 0x0, 0x169a02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) inotify_init1$auto(0x3000000000000) r2 = gettid() rt_sigqueueinfo$auto(r2, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={r2, 0xd, @sival_ptr=0x0, 0x62}}}) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, 0x0, 0x28400, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r4, 0x805, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) unshare$auto(0x20000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x20401, 0x0) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0x40047440, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20240, 0x0) socket(0xa, 0x5, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000012c0)={{@inferred, 0x1, 0x2, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b620200f764f9", @raw=0x1000}, 0x0, @integer64=@value_ptr=0x0, "528d458095d42b72adda0cac2d45bdaacf03000000000000008bf00ab57d5d73b094925aa92857fd2f672f85343275f80841c6cac1ba3023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8133ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c2"}) 3.201208028s ago: executing program 0 (id=3445): r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x6002008c) 3.182059466s ago: executing program 1 (id=3446): r0 = gettid() r1 = pidfd_open$auto(r0, 0x1) setns(r1, 0x6002008c) 3.107788246s ago: executing program 0 (id=3447): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram2/partscan\x00', 0x80200, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0x11, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) read$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffffff, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000280)={0x4, 0xfc, 0x6, 0x3, 0x7f, 0x80, &(0x7f0000000180)="2bb5abdb977cf4ebec604e719e3bc8d34ed9b8b0b8032cc19c0c8bf6a4e969e38390edbf66cd1cb6501458ef76fc5bb39e5c945d2153ea364bd19f6a4ab35e5031b541e5fb3fbafb67432a1a9ef0"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x6, 0x100000000000000c, 0x8, 0xd2d, 0x1, 0x9, 0x2, 0x4000000000000d]}, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r1, 0x0, 0x401006, 0x4015, 0x0) ioctl$auto(0x3, 0x80108907, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x40000eb1, 0x0, 0x8000) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) write$auto(0xffffffffffffffff, 0x0, 0x81) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mlockall$auto(0x7) 3.106025626s ago: executing program 1 (id=3448): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 2.751778506s ago: executing program 2 (id=3449): mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_OFF(0x3, 0x0, 0x0, 0x8, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r0, 0x4001af84, 0x0) fcntl$auto(0x2, 0x2, 0x80000001) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2, 0x1, 0x106) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) utimensat$auto(r1, &(0x7f0000000080)='\x00', &(0x7f0000000100)={0x4000000009, 0x3ffffffc}, 0x1000) fcntl$auto(0x3, 0x4, 0xa553) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/class/firmware/timeout\x00', 0x1a1942, 0x0) write$auto(r2, &(0x7f0000000140)='7\x00\\\xa0\xa5$sj\x9a%Y\xbd\xb8 )\x03\xcb\x12\xfa\b\x1c\tk', 0x5b33734d) shmctl$auto_IPC_INFO(0x5, 0x3, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mprotect$auto(0xffffffff, 0x10, 0x10000) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r3, 0x8000) 2.18043739s ago: executing program 3 (id=3450): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram2/partscan\x00', 0x80200, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x0, 0x0) read$auto_ftrace_event_filter_fops_trace_events(r0, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000280)={0x4, 0xfc, 0x6, 0x3, 0x7f, 0x80, &(0x7f0000000180)="2bb5abdb977cf4ebec604e719e3bc8d34ed9b8b0b8032cc19c0c8bf6a4e969e38390edbf66cd1cb6501458ef76fc5bb39e5c945d2153ea364bd19f6a4ab35e5031b541e5fb3fbafb67432a1a9ef0"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x6, 0x100000000000000c, 0x8, 0xd2d, 0x1, 0x9, 0x2, 0x4000000000000d]}, 0x0) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r2, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) ioctl$auto(0x3, 0x80108907, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x40000eb1, 0x0, 0x8000) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) write$auto(0xffffffffffffffff, 0x0, 0x81) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mlockall$auto(0x7) 1.925660341s ago: executing program 0 (id=3451): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xf, 0x940, 0x1ffe0, 0xff, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x6, 0x5, 0x3, 0x5, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x81) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x33, 0x67f, 0xfffffff8, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x8, 0x566, 0x0, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6, 0x0, 0x2, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd) io_uring_register$auto_IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x1) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/035/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_CONTROL32(r1, 0xc0105500, &(0x7f0000000200)={0xc, 0x35, 0x1, 0x6, 0x8001, 0x1, 0x66}) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) ioctl$auto_XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000480)={r1, &(0x7f0000000080)="93c1555ee444e2f91acd18bd8ed71822d351b8746b1569149a477a9b8ebd8dc3eb7c6563daab8e1fea44c06315a820", 0x3ac4, &(0x7f0000000380)="a8770b21769fe9a3ae182818deabc7bf27a9cde540d5229106358357882b98ca74e95c9f0f8dd9bceafc0f6dbf3f2cb98f6b77c0a6897d73478b8d05e05f740d8b12b13d77a431d7ac814b94d4557fa11c1b22c9a5d1d924777b5ffb82795d7788f4f2124638b80bcb", 0x5, &(0x7f0000000400)="1ac3c7db24b8e4386b2d3980a6b10ff91e960bde05295e9515bcfe60a847e052c70a258b61c0bc2e6e5e", &(0x7f0000000440)=0x400}) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000500), r0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'macsec0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r5, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x34, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x18, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x3f}, @typed={0x8, 0x2, 0x0, 0x0, @pid}]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040801}, 0x40008d0) r7 = waitid$auto_P_PIDFD(0x3, r0, &(0x7f0000000540)={@_si_pad}, 0x80, &(0x7f00000005c0)={{0x1, 0x2}, {0x4, 0x2}, 0x8000000000000001, 0x0, 0x9, 0x7, 0xffff, 0x5ed, 0x3, 0xe, 0x1, 0x3, 0x1, 0x2d00, 0xfffffffffffffff9, 0xa}) r8 = syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) migrate_pages$auto(r8, 0xa, 0x0, &(0x7f0000000140)=0x100000002) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000700)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, r4, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r7}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x9cb1}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x8000) write$auto_sg_fops_sg(r2, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44924d87f0010047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x10000ffff}, 0x1) ioctl$auto_SG_GET_PACK_ID(r2, 0x227c, &(0x7f00000000c0)) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r9 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r9, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) 1.576924124s ago: executing program 0 (id=3452): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/ext4/sda1/trigger_fs_error\x00', 0xa801, 0x0) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x2) openat$auto_gpiolib_fops_(0xffffffffffffff9c, 0x0, 0x90001, 0x0) io_uring_setup$auto(0x59, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x800, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0xa0042, 0x40, 0xe}, 0x18) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lsm_get_self_attr$auto(0x64, 0x0, &(0x7f0000002440)=0x1f9, 0x0) sendto$auto(0xffffffffffffffff, 0x0, 0x3fe, 0x40, 0x0, 0x81) sendfile$auto(0x3, 0xffffffffffffffff, 0x0, 0xfdef) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 1.444589516s ago: executing program 1 (id=3453): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x29, 0x1b, 0x0, 0x201) (fail_nth: 2) 703.570089ms ago: executing program 1 (id=3454): ioctl$auto_SNDCTL_TMR_TEMPO(0xffffffffffffffff, 0xc0045405, &(0x7f0000000140)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00', 0x0}) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1\x00', 0x4000, 0x0) bpf$auto(0xfffffffd, &(0x7f0000000580)=@link_create={@map_fd=r1, @target_ifindex=r0, 0xd, 0x341d, @tcx={@relative_id=0x5, 0x4}}, 0x6f4) ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f00000000c0)={0x96, 0x8001, 0x7, 0xed1, 0x3, 0xffffffffffffffff}) bpf$auto_BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)=@link_create={@prog_fd, @target_ifindex=r0, 0x1, 0x3, @uprobe_multi={0x10, 0x80, 0xc, 0x1, 0x800, 0x6, r2}}, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x1cb602, 0x0) sendmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x2000848, 0x0, 0x9, 0x0, 0x3, 0x108}, 0x5}, 0xffffffff, 0xc5c) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) ioctl$auto(r4, 0x4b3d, 0xffffffffffffffff) r5 = ioctl$auto_NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) setns$auto(r5, 0x354) close_range$auto(0x2, 0x8, 0x0) r6 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x110) r7 = fcntl$auto(r6, 0x400, 0x1) mmap$auto(0x401, 0x202000a, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) io_uring_setup$auto(0x1, 0x0) ioctl$auto(0x3, 0x89e0, 0x38) io_uring_register$auto_IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, &(0x7f0000000180)="dc85765098dc336bc898a98faa14bea7f878ee69508d0a74d88015dbc032e889c23d35e8af66765f6b309b5b547dc0ea752a5f91e011fffb1792f0227baf6727d7e4cdbf0d2822a48f3c57eb06d0710ec4f47c792497c99846b2ff989fbb9e9592c25a2003e0c221234d6871626d23295a5c3a95edec220c957ad85961c943cf98b3f89af0f43a1badbb63940536eeeb44e3b402b5debf1e5b2f376bb97e6e98d83585fa2dd8aeeaca5f7a51488a260abf5b9edca345cda7100cc3204783787da1fb", 0x3aac) fcntl$auto(r7, 0xb, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000180), 0x7112}, 0x8) r8 = socket(0x2b, 0x1, 0x1) landlock_create_ruleset$auto(&(0x7f0000000140)={0x5, 0xfd0b, 0x5}, 0x9, 0x1) r9 = openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_tracers\x00', 0x8300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) preadv$auto(r9, &(0x7f0000000100)={0x0, 0x1000}, 0x8, 0x1, 0x5) setsockopt$auto(r8, 0x29, 0x1b, 0x0, 0x201) 696.477139ms ago: executing program 3 (id=3455): mmap$auto(0x0, 0xfffffffffffffff8, 0x4000000000df, 0xeb1, 0x401, 0x8003) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r1, 0x1276, 0x0) setfsuid$auto(0xee00) mmap$auto(0xfff, 0x7, 0xffffffffffffffc0, 0x100000000000017, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x2000000000000006, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40480d0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) r3 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_4={0x17, r3, 0x4, r3}, 0x7ff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'sit0\x00'}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(r2, r2, 0xffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) 203.463689ms ago: executing program 2 (id=3456): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x24, r0, 0x13, 0x70bd2c, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) (fail_nth: 2) 180.942647ms ago: executing program 1 (id=3457): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x8006, 0x3, 0x4, 0x2a) (async) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x4, 0x9f, 0x8000000008012, r1, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) ppoll$auto(0x0, 0x3, 0x0, 0x0, 0x8) (async) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NETDEV_CMD_DEV_GET(r2, 0x0, 0x28044004) (async, rerun: 32) getsockopt$auto_SO_RXQ_OVFL(r2, 0x8, 0x28, 0x0, 0x0) (rerun: 32) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async, rerun: 64) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x4021c0, 0x0) (rerun: 64) write$auto_seq_oss_f_ops_seq_oss(r3, 0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (rerun: 64) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) (async) socketpair$auto(0x800, 0x1, 0x8000000000000000, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x1) madvise$auto(0x101, 0x2003f2, 0x15) (async) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0x0, 0x2020006, 0x5, 0x13, 0xfffffffffffffffa, 0x2) (async) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, r0, 0x300000000000) r4 = openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x10000, 0x0) io_uring_setup$auto(0x5, &(0x7f00000001c0)={0x400, 0x6, 0xc564, 0x3, 0xd, 0x200, r4, [0x3, 0x1, 0x6], {0x14d0, 0x2, 0x1868, 0x1, 0x6e, 0x6568, 0x6, 0x5, 0x5}, {0x9, 0x10000000, 0x8, 0x100, 0x0, 0xc52, 0x5, 0x4, 0x9}}) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 152.001659ms ago: executing program 0 (id=3458): unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x15, 0x5, 0xef60) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) setregid$auto(0x81, 0x0) io_uring_setup$auto(0x2008, 0x0) clock_nanosleep$auto(0x2, 0x4, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(r0, 0x8) clock_nanosleep$auto(0x9, 0x0, &(0x7f0000000100)={0x0, 0x200}, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram13\x00', 0x1e3a02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x42102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b44", 0xfdef) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) socket(0x11, 0x3, 0x9) r2 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto(r2, 0x6f41, 0x38) openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000880), 0x2400, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim2/ports/0/pp_hold\x00', 0x2201c3, 0x0) 39.977499ms ago: executing program 2 (id=3459): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x2, 0x8, 0xffffffffffffffff, [], {0xf3, 0x0, 0xf, 0x29f, 0x100, 0x4000083, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x53, 0x5, 0x336c, 0x40, 0x76c5, 0x0, 0x100000002}}) syslog$auto(0x2, &(0x7f00000001c0)='.\a\xdc\xdf\xd0Y\xf2 \xee\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\xff\xff\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4ENe\x9d\xb5#\xb3\xc1\xe4\xf5j\x94\x7f\x00\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\x01\x00\x00\x00\x0f\xed\x01#\x87l\xb9\x1e\x05\x90\xa2\xfb\x8e!\x013&\xf0\xb8I\xbbdi W/\xf7\xc2\x87Di\x19\x8d\x00L', 0x2) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 3 (id=3460): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x7}, 0x1, 0x0, 0x3, 0xa}, 0x8}, 0x5, 0x9) (fail_nth: 2) kernel console output (not intermixed with test programs): 00000000 R11: 0000000000000246 R12: 0000000000000001 [ 1360.613568][T28110] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1360.613607][T28110] [ 1360.833637][T28110] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1361.585917][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.594927][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.254714][T28146] FAULT_INJECTION: forcing a failure. [ 1362.254714][T28146] name failslab, interval 1, probability 0, space 0, times 0 [ 1362.295161][T28146] CPU: 1 UID: 0 PID: 28146 Comm: syz.0.3222 Not tainted syzkaller #0 PREEMPT(full) [ 1362.295201][T28146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1362.295218][T28146] Call Trace: [ 1362.295228][T28146] [ 1362.295239][T28146] dump_stack_lvl+0x100/0x190 [ 1362.295290][T28146] should_fail_ex.cold+0x5/0xa [ 1362.295326][T28146] should_failslab+0xc2/0x120 [ 1362.295360][T28146] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1362.295404][T28146] ? prepare_creds+0x2c/0x950 [ 1362.295469][T28146] prepare_creds+0x2c/0x950 [ 1362.295502][T28146] lookup_user_key+0x8e9/0x1300 [ 1362.295540][T28146] ? __pfx_lookup_user_key+0x10/0x10 [ 1362.295574][T28146] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1362.295633][T28146] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1362.295673][T28146] ? ksys_write+0x1ac/0x250 [ 1362.295706][T28146] ? __pfx_ksys_write+0x10/0x10 [ 1362.295744][T28146] __do_sys_keyctl+0x95/0x5a0 [ 1362.295778][T28146] do_syscall_64+0x115/0x840 [ 1362.295815][T28146] ? clear_bhb_loop+0x40/0x90 [ 1362.295850][T28146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1362.295879][T28146] RIP: 0033:0x7fe57a99ce59 [ 1362.295903][T28146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1362.295930][T28146] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1362.295958][T28146] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1362.295978][T28146] RDX: 00000000000069c9 RSI: dfffffffffffffff RDI: 0000000000000000 [ 1362.295996][T28146] RBP: 00007fe57b796090 R08: 0000000000000400 R09: 0000000000000000 [ 1362.296014][T28146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1362.296031][T28146] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1362.296069][T28146] [ 1362.660522][T28136] FAULT_INJECTION: forcing a failure. [ 1362.660522][T28136] name failslab, interval 1, probability 0, space 0, times 0 [ 1362.680446][T28136] CPU: 1 UID: 0 PID: 28136 Comm: syz.3.3221 Tainted: G L syzkaller #0 PREEMPT(full) [ 1362.680492][T28136] Tainted: [L]=SOFTLOCKUP [ 1362.680502][T28136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1362.680518][T28136] Call Trace: [ 1362.680526][T28136] [ 1362.680535][T28136] dump_stack_lvl+0x100/0x190 [ 1362.680593][T28136] should_fail_ex.cold+0x5/0xa [ 1362.680630][T28136] ? x509_get_sig_params+0x39e/0x6c0 [ 1362.680674][T28136] should_failslab+0xc2/0x120 [ 1362.680707][T28136] __kmalloc_noprof+0xe0/0x850 [ 1362.680767][T28136] x509_get_sig_params+0x39e/0x6c0 [ 1362.680814][T28136] x509_cert_parse+0x4e9/0x910 [ 1362.680849][T28136] ? kasan_save_stack+0x3f/0x50 [ 1362.680877][T28136] ? kasan_save_stack+0x30/0x50 [ 1362.680903][T28136] ? kasan_save_track+0x14/0x30 [ 1362.680933][T28136] pkcs7_extract_cert+0xa4/0x380 [ 1362.680981][T28136] asn1_ber_decoder+0x12b3/0x2170 [ 1362.681027][T28136] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 1362.681082][T28136] pkcs7_parse_message+0x289/0x870 [ 1362.681135][T28136] verify_pkcs7_signature+0x30/0xa0 [ 1362.681171][T28136] valid_regdb+0x211/0x590 [ 1362.681208][T28136] ? __pfx_valid_regdb+0x10/0x10 [ 1362.681244][T28136] reg_reload_regdb+0x11a/0x460 [ 1362.681281][T28136] ? __pfx_reg_reload_regdb+0x10/0x10 [ 1362.681317][T28136] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1362.681359][T28136] ? nl80211_pre_doit+0x19a/0xae0 [ 1362.681407][T28136] genl_family_rcv_msg_doit+0x214/0x300 [ 1362.681451][T28136] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1362.681493][T28136] ? genl_get_cmd+0x3e7/0x760 [ 1362.681542][T28136] ? bpf_lsm_capable+0x9/0x10 [ 1362.681570][T28136] ? security_capable+0x80/0x260 [ 1362.681606][T28136] genl_rcv_msg+0x560/0x800 [ 1362.681652][T28136] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1362.681695][T28136] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1362.681746][T28136] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 1362.681779][T28136] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1362.681833][T28136] netlink_rcv_skb+0x159/0x420 [ 1362.681871][T28136] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1362.681914][T28136] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1362.681967][T28136] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1362.682010][T28136] genl_rcv+0x28/0x40 [ 1362.682048][T28136] netlink_unicast+0x585/0x850 [ 1362.682089][T28136] ? __pfx_netlink_unicast+0x10/0x10 [ 1362.682135][T28136] netlink_sendmsg+0x8b0/0xda0 [ 1362.682178][T28136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1362.682214][T28136] ? __import_iovec+0x1d2/0x640 [ 1362.682258][T28136] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1362.682294][T28136] ____sys_sendmsg+0x9e1/0xb70 [ 1362.682328][T28136] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1362.682365][T28136] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1362.682399][T28136] ? preempt_schedule_thunk+0x16/0x30 [ 1362.682448][T28136] ? try_to_wake_up+0x5f6/0x1900 [ 1362.682490][T28136] ___sys_sendmsg+0x190/0x1e0 [ 1362.682531][T28136] ? __pfx____sys_sendmsg+0x10/0x10 [ 1362.682567][T28136] ? futex_private_hash_put+0x107/0x1c0 [ 1362.682652][T28136] __sys_sendmsg+0x170/0x220 [ 1362.682682][T28136] ? __pfx___sys_sendmsg+0x10/0x10 [ 1362.682707][T28136] ? __x64_sys_futex+0x34f/0x4d0 [ 1362.682758][T28136] ? rcu_is_watching+0x12/0xc0 [ 1362.682792][T28136] do_syscall_64+0x115/0x840 [ 1362.682831][T28136] ? clear_bhb_loop+0x40/0x90 [ 1362.682864][T28136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1362.682893][T28136] RIP: 0033:0x7f6e6c19ce59 [ 1362.682918][T28136] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1362.682946][T28136] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1362.682974][T28136] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1362.682993][T28136] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 1362.683011][T28136] RBP: 00007f6e6c232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1362.683029][T28136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1362.683047][T28136] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1362.683085][T28136] [ 1363.168576][T28161] FAULT_INJECTION: forcing a failure. [ 1363.168576][T28161] name failslab, interval 1, probability 0, space 0, times 0 [ 1363.186289][T28161] CPU: 1 UID: 0 PID: 28161 Comm: syz.1.3227 Tainted: G L syzkaller #0 PREEMPT(full) [ 1363.186333][T28161] Tainted: [L]=SOFTLOCKUP [ 1363.186343][T28161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1363.186359][T28161] Call Trace: [ 1363.186369][T28161] [ 1363.186379][T28161] dump_stack_lvl+0x100/0x190 [ 1363.186430][T28161] should_fail_ex.cold+0x5/0xa [ 1363.186464][T28161] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1363.186504][T28161] should_failslab+0xc2/0x120 [ 1363.186536][T28161] __kmalloc_noprof+0xe0/0x850 [ 1363.186574][T28161] ? kfree+0x1dd/0x6c0 [ 1363.186621][T28161] tomoyo_realpath_from_path+0xb6/0x690 [ 1363.186677][T28161] tomoyo_path_number_perm+0x23c/0x580 [ 1363.186709][T28161] ? tomoyo_path_number_perm+0x22e/0x580 [ 1363.186745][T28161] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1363.186814][T28161] ? find_held_lock+0x2b/0x80 [ 1363.186847][T28161] ? __fget_files+0x215/0x3d0 [ 1363.186877][T28161] ? hook_file_ioctl_common+0x149/0x410 [ 1363.186910][T28161] ? __fget_files+0x215/0x3d0 [ 1363.186948][T28161] ? __fget_files+0x21f/0x3d0 [ 1363.186986][T28161] security_file_ioctl+0xd3/0x230 [ 1363.187021][T28161] __x64_sys_ioctl+0xb7/0x210 [ 1363.187052][T28161] do_syscall_64+0x115/0x840 [ 1363.187089][T28161] ? clear_bhb_loop+0x40/0x90 [ 1363.187124][T28161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1363.187152][T28161] RIP: 0033:0x7fc647d9ce59 [ 1363.187175][T28161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1363.187202][T28161] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1363.187229][T28161] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1363.187248][T28161] RDX: 0000000000000000 RSI: 00000000c0285700 RDI: 0000000000000003 [ 1363.187265][T28161] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1363.187283][T28161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1363.187300][T28161] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1363.187338][T28161] [ 1363.187350][T28161] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1364.218326][T28192] FAULT_INJECTION: forcing a failure. [ 1364.218326][T28192] name failslab, interval 1, probability 0, space 0, times 0 [ 1364.256326][T28192] CPU: 1 UID: 0 PID: 28192 Comm: syz.3.3234 Tainted: G L syzkaller #0 PREEMPT(full) [ 1364.256366][T28192] Tainted: [L]=SOFTLOCKUP [ 1364.256375][T28192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1364.256389][T28192] Call Trace: [ 1364.256399][T28192] [ 1364.256410][T28192] dump_stack_lvl+0x100/0x190 [ 1364.256464][T28192] should_fail_ex.cold+0x5/0xa [ 1364.256497][T28192] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1364.256537][T28192] should_failslab+0xc2/0x120 [ 1364.256570][T28192] __kmalloc_noprof+0xe0/0x850 [ 1364.256610][T28192] ? kfree+0x1dd/0x6c0 [ 1364.256651][T28192] tomoyo_realpath_from_path+0xb6/0x690 [ 1364.256698][T28192] tomoyo_path_number_perm+0x23c/0x580 [ 1364.256729][T28192] ? tomoyo_path_number_perm+0x22e/0x580 [ 1364.256765][T28192] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1364.256838][T28192] ? find_held_lock+0x2b/0x80 [ 1364.256869][T28192] ? __fget_files+0x215/0x3d0 [ 1364.256898][T28192] ? hook_file_ioctl_common+0x149/0x410 [ 1364.256932][T28192] ? __fget_files+0x215/0x3d0 [ 1364.256979][T28192] ? __fget_files+0x21f/0x3d0 [ 1364.257014][T28192] security_file_ioctl+0xd3/0x230 [ 1364.257048][T28192] __x64_sys_ioctl+0xb7/0x210 [ 1364.257078][T28192] do_syscall_64+0x115/0x840 [ 1364.257114][T28192] ? clear_bhb_loop+0x40/0x90 [ 1364.257149][T28192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1364.257179][T28192] RIP: 0033:0x7f6e6c19ce59 [ 1364.257201][T28192] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1364.257227][T28192] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1364.257253][T28192] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1364.257272][T28192] RDX: 0000000000000000 RSI: 000000000000890d RDI: 0000000000000003 [ 1364.257288][T28192] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1364.257306][T28192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1364.257323][T28192] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1364.257358][T28192] [ 1364.257511][T28192] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1364.700278][T28202] FAULT_INJECTION: forcing a failure. [ 1364.700278][T28202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1364.723078][T28202] CPU: 1 UID: 0 PID: 28202 Comm: syz.3.3237 Tainted: G L syzkaller #0 PREEMPT(full) [ 1364.723121][T28202] Tainted: [L]=SOFTLOCKUP [ 1364.723131][T28202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1364.723148][T28202] Call Trace: [ 1364.723158][T28202] [ 1364.723168][T28202] dump_stack_lvl+0x100/0x190 [ 1364.723219][T28202] should_fail_ex.cold+0x5/0xa [ 1364.723255][T28202] _copy_from_user+0x2e/0xd0 [ 1364.723295][T28202] do_pidfd_send_signal+0x16f/0x520 [ 1364.723335][T28202] ? __pfx_do_pidfd_send_signal+0x10/0x10 [ 1364.723371][T28202] __x64_sys_pidfd_send_signal+0x2bd/0x420 [ 1364.723396][T28202] do_syscall_64+0x115/0x840 [ 1364.723418][T28202] ? clear_bhb_loop+0x40/0x90 [ 1364.723440][T28202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1364.723455][T28202] RIP: 0033:0x7f6e6c19ce59 [ 1364.723469][T28202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1364.723483][T28202] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a8 [ 1364.723499][T28202] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1364.723509][T28202] RDX: 0000200000000440 RSI: 0000000000000008 RDI: 0000000000000003 [ 1364.723518][T28202] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1364.723527][T28202] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1364.723536][T28202] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1364.723555][T28202] [ 1366.283815][T28218] FAULT_INJECTION: forcing a failure. [ 1366.283815][T28218] name failslab, interval 1, probability 0, space 0, times 0 [ 1366.325527][T28218] CPU: 1 UID: 0 PID: 28218 Comm: syz.0.3243 Tainted: G L syzkaller #0 PREEMPT(full) [ 1366.325574][T28218] Tainted: [L]=SOFTLOCKUP [ 1366.325584][T28218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1366.325601][T28218] Call Trace: [ 1366.325610][T28218] [ 1366.325621][T28218] dump_stack_lvl+0x100/0x190 [ 1366.325678][T28218] should_fail_ex.cold+0x5/0xa [ 1366.325712][T28218] ? __pfx_crypto_alg_extsize+0x10/0x10 [ 1366.325759][T28218] should_failslab+0xc2/0x120 [ 1366.325791][T28218] ? __pfx_crypto_alg_extsize+0x10/0x10 [ 1366.325836][T28218] __kmalloc_node_noprof+0xe6/0x850 [ 1366.325884][T28218] ? crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 1366.325929][T28218] ? __pfx_crypto_alg_extsize+0x10/0x10 [ 1366.325973][T28218] crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 1366.326013][T28218] crypto_create_tfm_node+0x85/0x350 [ 1366.326057][T28218] crypto_alloc_tfm_node+0x102/0x260 [ 1366.326101][T28218] x509_get_sig_params+0x2bb/0x6c0 [ 1366.326145][T28218] ? __asan_memcpy+0x3c/0x60 [ 1366.326193][T28218] x509_cert_parse+0x4e9/0x910 [ 1366.326232][T28218] ? kasan_save_stack+0x3f/0x50 [ 1366.326259][T28218] ? kasan_save_stack+0x30/0x50 [ 1366.326295][T28218] ? kasan_save_track+0x14/0x30 [ 1366.326329][T28218] pkcs7_extract_cert+0xa4/0x380 [ 1366.326380][T28218] asn1_ber_decoder+0x12b3/0x2170 [ 1366.326429][T28218] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 1366.326489][T28218] pkcs7_parse_message+0x289/0x870 [ 1366.326541][T28218] verify_pkcs7_signature+0x30/0xa0 [ 1366.326578][T28218] valid_regdb+0x211/0x590 [ 1366.326616][T28218] ? __pfx_valid_regdb+0x10/0x10 [ 1366.326657][T28218] reg_reload_regdb+0x11a/0x460 [ 1366.326696][T28218] ? __pfx_reg_reload_regdb+0x10/0x10 [ 1366.326736][T28218] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1366.326779][T28218] ? nl80211_pre_doit+0x19a/0xae0 [ 1366.326825][T28218] genl_family_rcv_msg_doit+0x214/0x300 [ 1366.326871][T28218] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1366.326913][T28218] ? genl_get_cmd+0x3e7/0x760 [ 1366.326960][T28218] ? bpf_lsm_capable+0x9/0x10 [ 1366.326991][T28218] ? security_capable+0x80/0x260 [ 1366.327026][T28218] genl_rcv_msg+0x560/0x800 [ 1366.327070][T28218] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1366.327108][T28218] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1366.327150][T28218] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 1366.327180][T28218] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1366.327234][T28218] netlink_rcv_skb+0x159/0x420 [ 1366.327280][T28218] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1366.327326][T28218] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1366.327378][T28218] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1366.327418][T28218] genl_rcv+0x28/0x40 [ 1366.327454][T28218] netlink_unicast+0x585/0x850 [ 1366.327497][T28218] ? __pfx_netlink_unicast+0x10/0x10 [ 1366.327547][T28218] netlink_sendmsg+0x8b0/0xda0 [ 1366.327592][T28218] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1366.327627][T28218] ? __import_iovec+0x1d2/0x640 [ 1366.327671][T28218] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1366.327706][T28218] ____sys_sendmsg+0x9e1/0xb70 [ 1366.327740][T28218] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1366.327780][T28218] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1366.327826][T28218] ? __pfx_futex_wake_mark+0x10/0x10 [ 1366.327869][T28218] ___sys_sendmsg+0x190/0x1e0 [ 1366.327911][T28218] ? __pfx____sys_sendmsg+0x10/0x10 [ 1366.328011][T28218] __sys_sendmsg+0x170/0x220 [ 1366.328045][T28218] ? __pfx___sys_sendmsg+0x10/0x10 [ 1366.328075][T28218] ? __x64_sys_futex+0x34f/0x4d0 [ 1366.328112][T28218] ? exit_to_user_mode_loop+0xf3/0x670 [ 1366.328156][T28218] ? rcu_is_watching+0x12/0xc0 [ 1366.328190][T28218] do_syscall_64+0x115/0x840 [ 1366.328227][T28218] ? clear_bhb_loop+0x40/0x90 [ 1366.328261][T28218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1366.328297][T28218] RIP: 0033:0x7fe57a99ce59 [ 1366.328320][T28218] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1366.328349][T28218] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1366.328378][T28218] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1366.328399][T28218] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 1366.328417][T28218] RBP: 00007fe57aa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1366.328435][T28218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1366.328452][T28218] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1366.328491][T28218] [ 1366.771237][T28232] FAULT_INJECTION: forcing a failure. [ 1366.771237][T28232] name failslab, interval 1, probability 0, space 0, times 0 [ 1366.799846][T28232] CPU: 0 UID: 0 PID: 28232 Comm: syz.1.3245 Tainted: G L syzkaller #0 PREEMPT(full) [ 1366.799891][T28232] Tainted: [L]=SOFTLOCKUP [ 1366.799901][T28232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1366.799918][T28232] Call Trace: [ 1366.799927][T28232] [ 1366.799938][T28232] dump_stack_lvl+0x100/0x190 [ 1366.799990][T28232] should_fail_ex.cold+0x5/0xa [ 1366.800025][T28232] ? iovec_from_user+0x8d/0x140 [ 1366.800063][T28232] should_failslab+0xc2/0x120 [ 1366.800097][T28232] __kmalloc_noprof+0xe0/0x850 [ 1366.800147][T28232] iovec_from_user+0x8d/0x140 [ 1366.800190][T28232] __import_iovec+0x81/0x640 [ 1366.800235][T28232] import_iovec+0x82/0xb0 [ 1366.800277][T28232] vfs_readv+0x19e/0x8d0 [ 1366.800316][T28232] ? __pfx_vfs_readv+0x10/0x10 [ 1366.800346][T28232] ? find_held_lock+0x2b/0x80 [ 1366.800380][T28232] ? ksys_write+0x190/0x250 [ 1366.800432][T28232] ? __fget_files+0x21f/0x3d0 [ 1366.800474][T28232] ? do_readv+0x13e/0x340 [ 1366.800501][T28232] do_readv+0x13e/0x340 [ 1366.800531][T28232] ? __pfx_do_readv+0x10/0x10 [ 1366.800563][T28232] ? rcu_is_watching+0x12/0xc0 [ 1366.800599][T28232] do_syscall_64+0x115/0x840 [ 1366.800636][T28232] ? clear_bhb_loop+0x40/0x90 [ 1366.800671][T28232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1366.800700][T28232] RIP: 0033:0x7fc647d9ce59 [ 1366.800723][T28232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1366.800757][T28232] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1366.800784][T28232] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1366.800803][T28232] RDX: 00000000000001da RSI: 0000200000000600 RDI: 0000000000000003 [ 1366.800821][T28232] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1366.800838][T28232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1366.800858][T28232] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1366.800895][T28232] [ 1367.387548][T28241] FAULT_INJECTION: forcing a failure. [ 1367.387548][T28241] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1367.418510][T28241] CPU: 0 UID: 0 PID: 28241 Comm: syz.3.3248 Tainted: G L syzkaller #0 PREEMPT(full) [ 1367.418557][T28241] Tainted: [L]=SOFTLOCKUP [ 1367.418567][T28241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1367.418584][T28241] Call Trace: [ 1367.418595][T28241] [ 1367.418605][T28241] dump_stack_lvl+0x100/0x190 [ 1367.418664][T28241] should_fail_ex.cold+0x5/0xa [ 1367.418701][T28241] _copy_to_user+0x32/0xd0 [ 1367.418743][T28241] simple_read_from_buffer+0xcb/0x170 [ 1367.418780][T28241] proc_fail_nth_read+0x1af/0x230 [ 1367.418824][T28241] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1367.418869][T28241] ? rw_verify_area+0xce/0x6d0 [ 1367.418896][T28241] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1367.418940][T28241] vfs_read+0x1e4/0xb30 [ 1367.418976][T28241] ? __pfx_vfs_read+0x10/0x10 [ 1367.419006][T28241] ? __fget_files+0x215/0x3d0 [ 1367.419047][T28241] ? __fget_files+0x21f/0x3d0 [ 1367.419090][T28241] ksys_read+0x12a/0x250 [ 1367.419121][T28241] ? __pfx_ksys_read+0x10/0x10 [ 1367.419156][T28241] ? rcu_is_watching+0x12/0xc0 [ 1367.419194][T28241] do_syscall_64+0x115/0x840 [ 1367.419229][T28241] ? clear_bhb_loop+0x40/0x90 [ 1367.419264][T28241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1367.419294][T28241] RIP: 0033:0x7f6e6c15d68e [ 1367.419317][T28241] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1367.419344][T28241] RSP: 002b:00007f6e6cfe9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1367.419371][T28241] RAX: ffffffffffffffda RBX: 00007f6e6cfea6c0 RCX: 00007f6e6c15d68e [ 1367.419391][T28241] RDX: 000000000000000f RSI: 00007f6e6cfea0a0 RDI: 0000000000000004 [ 1367.419409][T28241] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1367.419427][T28241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1367.419444][T28241] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1367.419484][T28241] [ 1369.512559][T28281] FAULT_INJECTION: forcing a failure. [ 1369.512559][T28281] name failslab, interval 1, probability 0, space 0, times 0 [ 1369.547263][T28281] CPU: 0 UID: 0 PID: 28281 Comm: syz.0.3257 Tainted: G L syzkaller #0 PREEMPT(full) [ 1369.547305][T28281] Tainted: [L]=SOFTLOCKUP [ 1369.547314][T28281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1369.547331][T28281] Call Trace: [ 1369.547339][T28281] [ 1369.547348][T28281] dump_stack_lvl+0x100/0x190 [ 1369.547392][T28281] should_fail_ex.cold+0x5/0xa [ 1369.547423][T28281] should_failslab+0xc2/0x120 [ 1369.547452][T28281] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1369.547497][T28281] ? copy_process+0x69a/0x7ed0 [ 1369.547533][T28281] copy_process+0x69a/0x7ed0 [ 1369.547564][T28281] ? __lock_acquire+0x4a5/0x2630 [ 1369.547611][T28281] ? __pfx_copy_process+0x10/0x10 [ 1369.547653][T28281] ? find_held_lock+0x2b/0x80 [ 1369.547693][T28281] kernel_clone+0x176/0x9e0 [ 1369.547722][T28281] ? find_held_lock+0x2b/0x80 [ 1369.547753][T28281] ? __pfx_kernel_clone+0x10/0x10 [ 1369.547794][T28281] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1369.547834][T28281] __do_sys_clone+0xd9/0x120 [ 1369.547865][T28281] ? __pfx___do_sys_clone+0x10/0x10 [ 1369.547907][T28281] ? ksys_write+0x1ac/0x250 [ 1369.547934][T28281] ? __pfx_ksys_write+0x10/0x10 [ 1369.547964][T28281] ? rcu_is_watching+0x12/0xc0 [ 1369.547997][T28281] do_syscall_64+0x115/0x840 [ 1369.548028][T28281] ? clear_bhb_loop+0x40/0x90 [ 1369.548057][T28281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1369.548081][T28281] RIP: 0033:0x7fe57a99ce59 [ 1369.548101][T28281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1369.548124][T28281] RSP: 002b:00007fe57b795fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1369.548146][T28281] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1369.548163][T28281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 1369.548178][T28281] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1369.548193][T28281] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1369.548207][T28281] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1369.548239][T28281] [ 1369.871270][T28287] random: crng reseeded on system resumption [ 1370.048713][T28293] FAULT_INJECTION: forcing a failure. [ 1370.048713][T28293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1370.063551][T28293] CPU: 0 UID: 0 PID: 28293 Comm: syz.1.3261 Tainted: G L syzkaller #0 PREEMPT(full) [ 1370.063596][T28293] Tainted: [L]=SOFTLOCKUP [ 1370.063606][T28293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1370.063624][T28293] Call Trace: [ 1370.063634][T28293] [ 1370.063645][T28293] dump_stack_lvl+0x100/0x190 [ 1370.063697][T28293] should_fail_ex.cold+0x5/0xa [ 1370.063734][T28293] _copy_from_user+0x2e/0xd0 [ 1370.063774][T28293] copy_from_sockptr_offset.constprop.0+0x153/0x1a0 [ 1370.063914][T28293] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 1370.063958][T28293] ? __local_bh_enable_ip+0x9e/0x120 [ 1370.063993][T28293] ? lockdep_hardirqs_on+0x78/0x100 [ 1370.064038][T28293] do_ipv6_setsockopt+0x2ab5/0x43b0 [ 1370.064078][T28293] ? _parse_integer_limit+0x17f/0x1d0 [ 1370.064115][T28293] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 1370.064154][T28293] ? __lock_acquire+0x4a5/0x2630 [ 1370.064211][T28293] ? lock_acquire+0x1b1/0x370 [ 1370.064257][T28293] ? rcu_is_watching+0x12/0xc0 [ 1370.064290][T28293] ? trace_contention_end+0x122/0x170 [ 1370.064319][T28293] ? __mutex_lock+0x26d/0x1b10 [ 1370.064358][T28293] ? smc_setsockopt+0x100/0xa40 [ 1370.064439][T28293] ? find_held_lock+0x2b/0x80 [ 1370.064472][T28293] ? get_pid_task+0xfc/0x250 [ 1370.064510][T28293] ? get_pid_task+0xfc/0x250 [ 1370.064552][T28293] ? __pfx___mutex_lock+0x10/0x10 [ 1370.064603][T28293] ? ipv6_setsockopt+0xcb/0x170 [ 1370.064641][T28293] ipv6_setsockopt+0xcb/0x170 [ 1370.064685][T28293] tcp_setsockopt+0xa7/0x100 [ 1370.064759][T28293] smc_setsockopt+0x1b6/0xa40 [ 1370.064789][T28293] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1370.064831][T28293] ? __pfx_smc_setsockopt+0x10/0x10 [ 1370.064868][T28293] ? aa_sock_opt_perm+0xfe/0x1b0 [ 1370.064944][T28293] ? __pfx_smc_setsockopt+0x10/0x10 [ 1370.064978][T28293] do_sock_setsockopt+0xf3/0x1d0 [ 1370.065019][T28293] __sys_setsockopt+0x119/0x190 [ 1370.065056][T28293] __x64_sys_setsockopt+0xbd/0x160 [ 1370.065083][T28293] ? do_syscall_64+0x90/0x840 [ 1370.065121][T28293] ? lockdep_hardirqs_on+0x78/0x100 [ 1370.065160][T28293] do_syscall_64+0x115/0x840 [ 1370.065197][T28293] ? clear_bhb_loop+0x40/0x90 [ 1370.065233][T28293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1370.065262][T28293] RIP: 0033:0x7fc647d9ce59 [ 1370.065286][T28293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1370.065315][T28293] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1370.065343][T28293] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1370.065363][T28293] RDX: 000000000000001b RSI: 0000000000000029 RDI: 0000000000000003 [ 1370.065381][T28293] RBP: 00007fc648d27090 R08: 0000000000000201 R09: 0000000000000000 [ 1370.065399][T28293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1370.065417][T28293] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1370.065465][T28293] [ 1370.505726][T28305] FAULT_INJECTION: forcing a failure. [ 1370.505726][T28305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1370.528588][T28305] CPU: 1 UID: 0 PID: 28305 Comm: syz.0.3264 Tainted: G L syzkaller #0 PREEMPT(full) [ 1370.528634][T28305] Tainted: [L]=SOFTLOCKUP [ 1370.528644][T28305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1370.528660][T28305] Call Trace: [ 1370.528669][T28305] [ 1370.528680][T28305] dump_stack_lvl+0x100/0x190 [ 1370.528732][T28305] should_fail_ex.cold+0x5/0xa [ 1370.528768][T28305] _copy_from_user+0x2e/0xd0 [ 1370.528808][T28305] copy_msghdr_from_user+0x9f/0x4f0 [ 1370.528849][T28305] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1370.528907][T28305] ___sys_sendmsg+0x106/0x1e0 [ 1370.528947][T28305] ? __pfx____sys_sendmsg+0x10/0x10 [ 1370.529030][T28305] __sys_sendmsg+0x170/0x220 [ 1370.529062][T28305] ? __pfx___sys_sendmsg+0x10/0x10 [ 1370.529106][T28305] ? rcu_is_watching+0x12/0xc0 [ 1370.529143][T28305] do_syscall_64+0x115/0x840 [ 1370.529180][T28305] ? clear_bhb_loop+0x40/0x90 [ 1370.529216][T28305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1370.529246][T28305] RIP: 0033:0x7fe57a99ce59 [ 1370.529270][T28305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1370.529304][T28305] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1370.529329][T28305] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1370.529348][T28305] RDX: 0000000020040894 RSI: 0000200000000080 RDI: 0000000000000003 [ 1370.529367][T28305] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1370.529385][T28305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1370.529402][T28305] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1370.529441][T28305] [ 1372.008434][T28345] netlink: 350 bytes leftover after parsing attributes in process `syz.2.3272'. [ 1372.073388][T28348] FAULT_INJECTION: forcing a failure. [ 1372.073388][T28348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1372.086728][T28348] CPU: 1 UID: 0 PID: 28348 Comm: syz.1.3273 Tainted: G L syzkaller #0 PREEMPT(full) [ 1372.086755][T28348] Tainted: [L]=SOFTLOCKUP [ 1372.086760][T28348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1372.086769][T28348] Call Trace: [ 1372.086775][T28348] [ 1372.086780][T28348] dump_stack_lvl+0x100/0x190 [ 1372.086811][T28348] should_fail_ex.cold+0x5/0xa [ 1372.086831][T28348] _copy_from_user+0x2e/0xd0 [ 1372.086853][T28348] copy_msghdr_from_user+0x9f/0x4f0 [ 1372.086876][T28348] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1372.086901][T28348] ? __pfx__kstrtoull+0x10/0x10 [ 1372.086919][T28348] ___sys_sendmsg+0x106/0x1e0 [ 1372.086941][T28348] ? __pfx____sys_sendmsg+0x10/0x10 [ 1372.086970][T28348] ? find_held_lock+0x2b/0x80 [ 1372.087000][T28348] __sys_sendmmsg+0x205/0x430 [ 1372.087018][T28348] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1372.087040][T28348] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1372.087071][T28348] ? fput+0x79/0x100 [ 1372.087091][T28348] ? ksys_write+0x1ac/0x250 [ 1372.087108][T28348] ? __pfx_ksys_write+0x10/0x10 [ 1372.087128][T28348] __x64_sys_sendmmsg+0x9c/0x100 [ 1372.087144][T28348] ? lockdep_hardirqs_on+0x78/0x100 [ 1372.087165][T28348] do_syscall_64+0x115/0x840 [ 1372.087185][T28348] ? clear_bhb_loop+0x40/0x90 [ 1372.087203][T28348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1372.087219][T28348] RIP: 0033:0x7fc647d9ce59 [ 1372.087239][T28348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1372.087254][T28348] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1372.087269][T28348] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1372.087279][T28348] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 1372.087289][T28348] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1372.087298][T28348] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 1372.087307][T28348] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1372.087326][T28348] [ 1372.836372][T28361] can: request_module (can-proto-0) failed. [ 1372.894442][T28369] FAULT_INJECTION: forcing a failure. [ 1372.894442][T28369] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1372.907775][T28369] CPU: 1 UID: 0 PID: 28369 Comm: syz.0.3278 Tainted: G L syzkaller #0 PREEMPT(full) [ 1372.907816][T28369] Tainted: [L]=SOFTLOCKUP [ 1372.907825][T28369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1372.907841][T28369] Call Trace: [ 1372.907850][T28369] [ 1372.907862][T28369] dump_stack_lvl+0x100/0x190 [ 1372.907912][T28369] should_fail_ex.cold+0x5/0xa [ 1372.907948][T28369] _copy_to_user+0x32/0xd0 [ 1372.907988][T28369] simple_read_from_buffer+0xcb/0x170 [ 1372.908025][T28369] proc_fail_nth_read+0x1af/0x230 [ 1372.908069][T28369] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1372.908114][T28369] ? rw_verify_area+0xce/0x6d0 [ 1372.908142][T28369] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1372.908185][T28369] vfs_read+0x1e4/0xb30 [ 1372.908220][T28369] ? __pfx_vfs_read+0x10/0x10 [ 1372.908247][T28369] ? __fget_files+0x215/0x3d0 [ 1372.908285][T28369] ? __fget_files+0x21f/0x3d0 [ 1372.908327][T28369] ksys_read+0x12a/0x250 [ 1372.908357][T28369] ? __pfx_ksys_read+0x10/0x10 [ 1372.908386][T28369] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1372.908428][T28369] ? syscall_user_dispatch+0x76/0x130 [ 1372.908464][T28369] do_syscall_64+0x115/0x840 [ 1372.908502][T28369] ? clear_bhb_loop+0x40/0x90 [ 1372.908538][T28369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1372.908559][T28369] RIP: 0033:0x7fe57a95d68e [ 1372.908577][T28369] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1372.908603][T28369] RSP: 002b:00007fe57b795fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1372.908627][T28369] RAX: ffffffffffffffda RBX: 00007fe57b7966c0 RCX: 00007fe57a95d68e [ 1372.908642][T28369] RDX: 000000000000000f RSI: 00007fe57b7960a0 RDI: 0000000000000003 [ 1372.908656][T28369] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1372.908668][T28369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1372.908681][T28369] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1372.908711][T28369] [ 1373.824670][T28389] FAULT_INJECTION: forcing a failure. [ 1373.824670][T28389] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.878946][T28389] CPU: 1 UID: 0 PID: 28389 Comm: syz.1.3283 Tainted: G L syzkaller #0 PREEMPT(full) [ 1373.878984][T28389] Tainted: [L]=SOFTLOCKUP [ 1373.878993][T28389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1373.879002][T28389] Call Trace: [ 1373.879008][T28389] [ 1373.879015][T28389] dump_stack_lvl+0x100/0x190 [ 1373.879046][T28389] should_fail_ex.cold+0x5/0xa [ 1373.879065][T28389] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1373.879087][T28389] should_failslab+0xc2/0x120 [ 1373.879105][T28389] __kmalloc_noprof+0xe0/0x850 [ 1373.879129][T28389] ? kfree+0x1dd/0x6c0 [ 1373.879168][T28389] tomoyo_realpath_from_path+0xb6/0x690 [ 1373.879214][T28389] tomoyo_path_number_perm+0x23c/0x580 [ 1373.879246][T28389] ? tomoyo_path_number_perm+0x22e/0x580 [ 1373.879282][T28389] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1373.879348][T28389] ? find_held_lock+0x2b/0x80 [ 1373.879381][T28389] ? __fget_files+0x215/0x3d0 [ 1373.879410][T28389] ? hook_file_ioctl_common+0x149/0x410 [ 1373.879444][T28389] ? __fget_files+0x215/0x3d0 [ 1373.879490][T28389] ? __fget_files+0x21f/0x3d0 [ 1373.879528][T28389] security_file_ioctl+0xd3/0x230 [ 1373.879563][T28389] __x64_sys_ioctl+0xb7/0x210 [ 1373.879594][T28389] do_syscall_64+0x115/0x840 [ 1373.879632][T28389] ? clear_bhb_loop+0x40/0x90 [ 1373.879665][T28389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1373.879694][T28389] RIP: 0033:0x7fc647d9ce59 [ 1373.879717][T28389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1373.879744][T28389] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1373.879770][T28389] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1373.879790][T28389] RDX: 0000000000000038 RSI: 00000000c0905664 RDI: 0000000000000003 [ 1373.879806][T28389] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1373.879823][T28389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1373.879840][T28389] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1373.879878][T28389] [ 1373.881700][T28389] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1374.700199][T28405] FAULT_INJECTION: forcing a failure. [ 1374.700199][T28405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1374.722133][T28405] CPU: 1 UID: 0 PID: 28405 Comm: syz.1.3287 Tainted: G L syzkaller #0 PREEMPT(full) [ 1374.722179][T28405] Tainted: [L]=SOFTLOCKUP [ 1374.722189][T28405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1374.722208][T28405] Call Trace: [ 1374.722218][T28405] [ 1374.722230][T28405] dump_stack_lvl+0x100/0x190 [ 1374.722283][T28405] should_fail_ex.cold+0x5/0xa [ 1374.722321][T28405] _copy_from_user+0x2e/0xd0 [ 1374.722363][T28405] copy_msghdr_from_user+0x9f/0x4f0 [ 1374.722403][T28405] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1374.722450][T28405] ? __pfx__kstrtoull+0x10/0x10 [ 1374.722488][T28405] ___sys_sendmsg+0x106/0x1e0 [ 1374.722529][T28405] ? __pfx____sys_sendmsg+0x10/0x10 [ 1374.722586][T28405] ? find_held_lock+0x2b/0x80 [ 1374.722646][T28405] __sys_sendmmsg+0x205/0x430 [ 1374.722682][T28405] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1374.722724][T28405] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1374.722780][T28405] ? fput+0x79/0x100 [ 1374.722816][T28405] ? ksys_write+0x1ac/0x250 [ 1374.722849][T28405] ? __pfx_ksys_write+0x10/0x10 [ 1374.722896][T28405] __x64_sys_sendmmsg+0x9c/0x100 [ 1374.722927][T28405] ? lockdep_hardirqs_on+0x78/0x100 [ 1374.722967][T28405] do_syscall_64+0x115/0x840 [ 1374.723006][T28405] ? clear_bhb_loop+0x40/0x90 [ 1374.723042][T28405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1374.723072][T28405] RIP: 0033:0x7fc647d9ce59 [ 1374.723097][T28405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1374.723125][T28405] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1374.723153][T28405] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1374.723174][T28405] RDX: 0000000000000005 RSI: 0000200000000080 RDI: 0000000000000003 [ 1374.723192][T28405] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1374.723211][T28405] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 1374.723229][T28405] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1374.723268][T28405] [ 1375.387211][T28422] FAULT_INJECTION: forcing a failure. [ 1375.387211][T28422] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.402486][T28422] CPU: 1 UID: 0 PID: 28422 Comm: syz.2.3292 Tainted: G L syzkaller #0 PREEMPT(full) [ 1375.402529][T28422] Tainted: [L]=SOFTLOCKUP [ 1375.402539][T28422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1375.402556][T28422] Call Trace: [ 1375.402566][T28422] [ 1375.402578][T28422] dump_stack_lvl+0x100/0x190 [ 1375.402629][T28422] should_fail_ex.cold+0x5/0xa [ 1375.402667][T28422] should_failslab+0xc2/0x120 [ 1375.402701][T28422] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1375.402746][T28422] ? vm_area_alloc+0x1f/0x160 [ 1375.402792][T28422] vm_area_alloc+0x1f/0x160 [ 1375.402830][T28422] __mmap_region+0x104d/0x2dd0 [ 1375.402879][T28422] ? __pfx___mmap_region+0x10/0x10 [ 1375.402923][T28422] ? __pfx___might_resched+0x10/0x10 [ 1375.402955][T28422] ? find_held_lock+0x2b/0x80 [ 1375.402989][T28422] ? process_measurement+0x4c8/0x2350 [ 1375.403018][T28422] ? process_measurement+0x4c8/0x2350 [ 1375.403061][T28422] ? process_measurement+0x1f4/0x2350 [ 1375.403098][T28422] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 1375.403153][T28422] ? __lock_acquire+0x4a5/0x2630 [ 1375.403214][T28422] ? find_held_lock+0x2b/0x80 [ 1375.403246][T28422] ? is_bpf_text_address+0x8a/0x1a0 [ 1375.403337][T28422] ? __pfx__kstrtoull+0x10/0x10 [ 1375.403376][T28422] mmap_region+0x35d/0x620 [ 1375.403405][T28422] ? rcu_is_watching+0x12/0xc0 [ 1375.403437][T28422] ? __pfx_mmap_region+0x10/0x10 [ 1375.403468][T28422] ? cap_mmap_addr+0x4b/0x120 [ 1375.403495][T28422] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1375.403521][T28422] ? security_mmap_addr+0x71/0x1e0 [ 1375.403557][T28422] ? __get_unmapped_area+0x255/0x3e0 [ 1375.403597][T28422] do_mmap+0xc63/0x12f0 [ 1375.403638][T28422] ? __pfx_do_mmap+0x10/0x10 [ 1375.403672][T28422] ? __pfx_down_write_killable+0x10/0x10 [ 1375.403708][T28422] vm_mmap_pgoff+0x29e/0x470 [ 1375.403751][T28422] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1375.403787][T28422] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1375.403828][T28422] ? __fget_files+0x215/0x3d0 [ 1375.403863][T28422] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1375.403910][T28422] ksys_mmap_pgoff+0xe4/0x610 [ 1375.403948][T28422] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1375.403979][T28422] ? fput+0x79/0x100 [ 1375.404015][T28422] ? ksys_write+0x1ac/0x250 [ 1375.404044][T28422] ? __pfx_ksys_write+0x10/0x10 [ 1375.404077][T28422] __x64_sys_mmap+0x125/0x190 [ 1375.404113][T28422] do_syscall_64+0x115/0x840 [ 1375.404150][T28422] ? clear_bhb_loop+0x40/0x90 [ 1375.404186][T28422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1375.404216][T28422] RIP: 0033:0x7fa90359ce59 [ 1375.404239][T28422] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1375.404266][T28422] RSP: 002b:00007fa9044cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1375.404294][T28422] RAX: ffffffffffffffda RBX: 00007fa903815fa0 RCX: 00007fa90359ce59 [ 1375.404347][T28422] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1375.404365][T28422] RBP: 00007fa9044cd090 R08: 0000000000000002 R09: 0000000000008000 [ 1375.404383][T28422] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 1375.404401][T28422] R13: 00007fa903816038 R14: 00007fa903815fa0 R15: 00007ffec9feca18 [ 1375.404440][T28422] [ 1375.936326][T28432] FAULT_INJECTION: forcing a failure. [ 1375.936326][T28432] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.939336][T28428] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3291'. [ 1375.950642][T28432] CPU: 1 UID: 0 PID: 28432 Comm: syz.2.3295 Tainted: G L syzkaller #0 PREEMPT(full) [ 1375.950688][T28432] Tainted: [L]=SOFTLOCKUP [ 1375.950699][T28432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1375.950717][T28432] Call Trace: [ 1375.950726][T28432] [ 1375.950737][T28432] dump_stack_lvl+0x100/0x190 [ 1375.950791][T28432] should_fail_ex.cold+0x5/0xa [ 1375.950827][T28432] should_failslab+0xc2/0x120 [ 1375.950861][T28432] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1375.950906][T28432] ? sock_alloc_inode+0x26/0x290 [ 1375.950946][T28432] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1375.950983][T28432] sock_alloc_inode+0x26/0x290 [ 1375.951016][T28432] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1375.951059][T28432] alloc_inode+0x68/0x250 [ 1375.951104][T28432] sock_alloc+0x44/0x280 [ 1375.951135][T28432] ? security_socket_create+0x7f/0x250 [ 1375.951168][T28432] __sock_create+0xc2/0x860 [ 1375.951212][T28432] __sys_socket+0x14d/0x260 [ 1375.951252][T28432] ? __pfx___sys_socket+0x10/0x10 [ 1375.951298][T28432] ? ksys_write+0x1ac/0x250 [ 1375.951341][T28432] __x64_sys_socket+0x72/0xb0 [ 1375.951381][T28432] ? lockdep_hardirqs_on+0x78/0x100 [ 1375.951423][T28432] do_syscall_64+0x115/0x840 [ 1375.951462][T28432] ? clear_bhb_loop+0x40/0x90 [ 1375.951498][T28432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1375.951528][T28432] RIP: 0033:0x7fa90359ce59 [ 1375.951552][T28432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1375.951580][T28432] RSP: 002b:00007fa9044cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1375.951606][T28432] RAX: ffffffffffffffda RBX: 00007fa903815fa0 RCX: 00007fa90359ce59 [ 1375.951626][T28432] RDX: 000000000000000a RSI: 0000000000000003 RDI: 0000000000000002 [ 1375.951644][T28432] RBP: 00007fa903632d6f R08: 0000000000000000 R09: 0000000000000000 [ 1375.951664][T28432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1375.951682][T28432] R13: 00007fa903816038 R14: 00007fa903815fa0 R15: 00007ffec9feca18 [ 1375.951720][T28432] [ 1375.951924][T28432] socket: no more sockets [ 1376.619535][T28452] FAULT_INJECTION: forcing a failure. [ 1376.619535][T28452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1376.664601][T28452] CPU: 1 UID: 0 PID: 28452 Comm: syz.1.3297 Tainted: G L syzkaller #0 PREEMPT(full) [ 1376.664649][T28452] Tainted: [L]=SOFTLOCKUP [ 1376.664660][T28452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1376.664677][T28452] Call Trace: [ 1376.664695][T28452] [ 1376.664707][T28452] dump_stack_lvl+0x100/0x190 [ 1376.664762][T28452] should_fail_ex.cold+0x5/0xa [ 1376.664797][T28452] _copy_from_user+0x2e/0xd0 [ 1376.664838][T28452] copy_msghdr_from_user+0x9f/0x4f0 [ 1376.664879][T28452] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1376.664924][T28452] ? __lock_acquire+0x4a5/0x2630 [ 1376.664974][T28452] ___sys_recvmsg+0xdd/0x1a0 [ 1376.665011][T28452] ? __pfx____sys_recvmsg+0x10/0x10 [ 1376.665051][T28452] ? find_held_lock+0x2b/0x80 [ 1376.665105][T28452] do_recvmmsg+0x301/0x760 [ 1376.665147][T28452] ? __pfx_do_recvmmsg+0x10/0x10 [ 1376.665181][T28452] ? ksys_write+0x190/0x250 [ 1376.665221][T28452] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1376.665261][T28452] ? kernel_write+0x683/0x6c0 [ 1376.665302][T28452] ? __fget_files+0x21f/0x3d0 [ 1376.665344][T28452] __x64_sys_recvmmsg+0x22a/0x280 [ 1376.665375][T28452] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1376.665405][T28452] ? rcu_is_watching+0x12/0xc0 [ 1376.665439][T28452] do_syscall_64+0x115/0x840 [ 1376.665475][T28452] ? clear_bhb_loop+0x40/0x90 [ 1376.665506][T28452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1376.665533][T28452] RIP: 0033:0x7fc647d9ce59 [ 1376.665557][T28452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1376.665584][T28452] RSP: 002b:00007fc648d06028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1376.665611][T28452] RAX: ffffffffffffffda RBX: 00007fc648016090 RCX: 00007fc647d9ce59 [ 1376.665629][T28452] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1376.665645][T28452] RBP: 00007fc648d06090 R08: 0000000000000000 R09: 0000000000000000 [ 1376.665661][T28452] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 1376.665676][T28452] R13: 00007fc648016128 R14: 00007fc648016090 R15: 00007fff751b3d38 [ 1376.665721][T28452] [ 1377.606262][T28477] FAULT_INJECTION: forcing a failure. [ 1377.606262][T28477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.650359][T28477] CPU: 0 UID: 0 PID: 28477 Comm: syz.3.3304 Tainted: G L syzkaller #0 PREEMPT(full) [ 1377.650404][T28477] Tainted: [L]=SOFTLOCKUP [ 1377.650414][T28477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1377.650430][T28477] Call Trace: [ 1377.650440][T28477] [ 1377.650450][T28477] dump_stack_lvl+0x100/0x190 [ 1377.650489][T28477] should_fail_ex.cold+0x5/0xa [ 1377.650516][T28477] _copy_from_user+0x2e/0xd0 [ 1377.650546][T28477] copy_msghdr_from_user+0x9f/0x4f0 [ 1377.650578][T28477] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1377.650613][T28477] ? __lock_acquire+0x4a5/0x2630 [ 1377.650652][T28477] ___sys_recvmsg+0xdd/0x1a0 [ 1377.650683][T28477] ? __pfx____sys_recvmsg+0x10/0x10 [ 1377.650717][T28477] ? find_held_lock+0x2b/0x80 [ 1377.650764][T28477] do_recvmmsg+0x301/0x760 [ 1377.650800][T28477] ? __pfx_do_recvmmsg+0x10/0x10 [ 1377.650830][T28477] ? ksys_write+0x190/0x250 [ 1377.650862][T28477] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1377.650897][T28477] ? kernel_write+0x683/0x6c0 [ 1377.650932][T28477] ? __fget_files+0x21f/0x3d0 [ 1377.650966][T28477] __x64_sys_recvmmsg+0x22a/0x280 [ 1377.650997][T28477] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1377.651030][T28477] ? rcu_is_watching+0x12/0xc0 [ 1377.651065][T28477] do_syscall_64+0x115/0x840 [ 1377.651109][T28477] ? clear_bhb_loop+0x40/0x90 [ 1377.651135][T28477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1377.651157][T28477] RIP: 0033:0x7f6e6c19ce59 [ 1377.651176][T28477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1377.651197][T28477] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1377.651220][T28477] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1377.651236][T28477] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1377.651251][T28477] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1377.651266][T28477] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 1377.651280][T28477] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1377.651313][T28477] [ 1378.222153][T28488] FAULT_INJECTION: forcing a failure. [ 1378.222153][T28488] name failslab, interval 1, probability 0, space 0, times 0 [ 1378.252051][T28488] CPU: 0 UID: 0 PID: 28488 Comm: syz.1.3307 Tainted: G L syzkaller #0 PREEMPT(full) [ 1378.252091][T28488] Tainted: [L]=SOFTLOCKUP [ 1378.252101][T28488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1378.252117][T28488] Call Trace: [ 1378.252129][T28488] [ 1378.252140][T28488] dump_stack_lvl+0x100/0x190 [ 1378.252190][T28488] should_fail_ex.cold+0x5/0xa [ 1378.252227][T28488] should_failslab+0xc2/0x120 [ 1378.252261][T28488] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1378.252302][T28488] ? xas_split_alloc+0x11c/0x4a0 [ 1378.252344][T28488] xas_split_alloc+0x11c/0x4a0 [ 1378.252389][T28488] __folio_split+0x5e5/0x1640 [ 1378.252435][T28488] ? find_held_lock+0x2b/0x80 [ 1378.252467][T28488] ? __pfx___folio_split+0x10/0x10 [ 1378.252502][T28488] ? folio_alloc_swap+0xbd4/0x1eb0 [ 1378.252544][T28488] ? folio_alloc_swap+0x4c6/0x1eb0 [ 1378.252580][T28488] shmem_writeout+0x79f/0x1a90 [ 1378.252629][T28488] ? __pfx_shmem_writeout+0x10/0x10 [ 1378.252668][T28488] ? __pfx_try_to_unmap+0x10/0x10 [ 1378.252706][T28488] ? find_held_lock+0x2b/0x80 [ 1378.252742][T28488] ? inode_to_bdi+0x9e/0x160 [ 1378.252770][T28488] ? folio_clear_dirty_for_io+0x178/0x810 [ 1378.252807][T28488] shrink_folio_list+0x3bbd/0x60c0 [ 1378.252859][T28488] ? __lock_acquire+0x4a5/0x2630 [ 1378.252900][T28488] ? __pfx_shrink_folio_list+0x10/0x10 [ 1378.252940][T28488] ? __lock_acquire+0x4a5/0x2630 [ 1378.252979][T28488] ? __kasan_check_byte+0x13/0x50 [ 1378.253011][T28488] ? unwind_next_frame+0x3be/0x2090 [ 1378.253057][T28488] ? __kasan_check_byte+0x13/0x50 [ 1378.253091][T28488] ? is_bpf_text_address+0x8a/0x1a0 [ 1378.253122][T28488] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1378.253155][T28488] ? rcu_is_watching+0x12/0xc0 [ 1378.253187][T28488] ? is_bpf_text_address+0x8a/0x1a0 [ 1378.253223][T28488] ? lock_release+0x245/0x310 [ 1378.253262][T28488] ? bpf_ksym_find+0x124/0x1c0 [ 1378.253318][T28488] ? __lock_acquire+0x4a5/0x2630 [ 1378.253356][T28488] ? __css_rstat_updated+0x1ce/0x5a0 [ 1378.253396][T28488] ? __pfx_stack_trace_save+0x10/0x10 [ 1378.253431][T28488] ? __pfx___css_rstat_updated+0x10/0x10 [ 1378.253476][T28488] reclaim_folio_list+0xdc/0x5e0 [ 1378.253522][T28488] ? __pfx_reclaim_folio_list+0x10/0x10 [ 1378.253560][T28488] ? __mod_memcg_lruvec_state+0x18c/0x5b0 [ 1378.253619][T28488] ? lru_gen_update_size+0x431/0xe20 [ 1378.253665][T28488] ? lru_gen_del_folio+0x382/0x5f0 [ 1378.253706][T28488] reclaim_pages+0x428/0x5e0 [ 1378.253749][T28488] ? __pfx_reclaim_pages+0x10/0x10 [ 1378.253787][T28488] ? madvise_cold_or_pageout_pte_range+0x2177/0x2620 [ 1378.253825][T28488] ? folio_isolate_lru+0xd6/0xe90 [ 1378.253866][T28488] madvise_cold_or_pageout_pte_range+0x14c9/0x2620 [ 1378.253914][T28488] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 1378.253947][T28488] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 1378.253992][T28488] ? register_lock_class+0x40/0x560 [ 1378.254044][T28488] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 1378.254082][T28488] walk_pgd_range+0xc1a/0x1dd0 [ 1378.254134][T28488] ? __pfx_walk_pgd_range+0x10/0x10 [ 1378.254161][T28488] ? __pfx___might_resched+0x10/0x10 [ 1378.254192][T28488] ? find_held_lock+0x2b/0x80 [ 1378.254223][T28488] ? process_measurement+0x4c8/0x2350 [ 1378.254255][T28488] __walk_page_range+0x171/0x850 [ 1378.254284][T28488] ? up_write+0x28c/0x4f0 [ 1378.254323][T28488] walk_page_range_vma_unsafe+0x209/0x8f0 [ 1378.254358][T28488] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 1378.254396][T28488] ? find_held_lock+0x2b/0x80 [ 1378.254429][T28488] ? mlock_drain_local+0x254/0x4e0 [ 1378.254455][T28488] ? mlock_drain_local+0x254/0x4e0 [ 1378.254487][T28488] walk_page_range_vma+0x63/0x90 [ 1378.254519][T28488] madvise_pageout+0x259/0x540 [ 1378.254552][T28488] ? __pfx_madvise_pageout+0x10/0x10 [ 1378.254604][T28488] ? mtree_range_walk+0x72b/0xb70 [ 1378.254642][T28488] madvise_vma_behavior+0x452/0x2240 [ 1378.254682][T28488] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1378.254732][T28488] ? find_vma_prev+0xd8/0x150 [ 1378.254763][T28488] ? _kstrtoull+0x13c/0x1f0 [ 1378.254790][T28488] ? __pfx_find_vma_prev+0x10/0x10 [ 1378.254843][T28488] madvise_walk_vmas+0x2fe/0xa90 [ 1378.254887][T28488] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1378.254934][T28488] madvise_do_behavior+0x1ea/0x510 [ 1378.254974][T28488] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1378.255010][T28488] ? down_read+0x13b/0x450 [ 1378.255058][T28488] do_madvise+0x195/0x240 [ 1378.255091][T28488] ? __pfx_do_madvise+0x10/0x10 [ 1378.255123][T28488] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1378.255158][T28488] ? kernel_write+0x683/0x6c0 [ 1378.255209][T28488] ? ksys_write+0x1ac/0x250 [ 1378.255237][T28488] ? __pfx_ksys_write+0x10/0x10 [ 1378.255264][T28488] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1378.255307][T28488] __x64_sys_madvise+0xa9/0x110 [ 1378.255340][T28488] ? lockdep_hardirqs_on+0x78/0x100 [ 1378.255377][T28488] do_syscall_64+0x115/0x840 [ 1378.255413][T28488] ? clear_bhb_loop+0x40/0x90 [ 1378.255447][T28488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1378.255478][T28488] RIP: 0033:0x7fc647d9ce59 [ 1378.255502][T28488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1378.255529][T28488] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1378.255557][T28488] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1378.255578][T28488] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 1378.255595][T28488] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1378.255612][T28488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1378.255628][T28488] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1378.255666][T28488] [ 1379.177156][T28501] FAULT_INJECTION: forcing a failure. [ 1379.177156][T28501] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.203306][T28501] CPU: 0 UID: 0 PID: 28501 Comm: syz.3.3309 Tainted: G L syzkaller #0 PREEMPT(full) [ 1379.203352][T28501] Tainted: [L]=SOFTLOCKUP [ 1379.203363][T28501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1379.203380][T28501] Call Trace: [ 1379.203390][T28501] [ 1379.203401][T28501] dump_stack_lvl+0x100/0x190 [ 1379.203461][T28501] should_fail_ex.cold+0x5/0xa [ 1379.203495][T28501] should_failslab+0xc2/0x120 [ 1379.203529][T28501] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1379.203568][T28501] ? madvise_collapse+0x1a6/0x760 [ 1379.203614][T28501] madvise_collapse+0x1a6/0x760 [ 1379.203650][T28501] ? is_bpf_text_address+0x8a/0x1a0 [ 1379.203684][T28501] ? is_bpf_text_address+0x8a/0x1a0 [ 1379.203722][T28501] ? __pfx_madvise_collapse+0x10/0x10 [ 1379.203764][T28501] ? mtree_range_walk+0x72b/0xb70 [ 1379.203805][T28501] madvise_vma_behavior+0x107c/0x2240 [ 1379.203848][T28501] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1379.203895][T28501] ? find_vma_prev+0xd8/0x150 [ 1379.203931][T28501] ? _kstrtoull+0x13c/0x1f0 [ 1379.203958][T28501] ? __pfx_find_vma_prev+0x10/0x10 [ 1379.204021][T28501] madvise_walk_vmas+0x2fe/0xa90 [ 1379.204064][T28501] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1379.204112][T28501] madvise_do_behavior+0x1ea/0x510 [ 1379.204153][T28501] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1379.204191][T28501] ? down_read+0x13b/0x450 [ 1379.204235][T28501] do_madvise+0x195/0x240 [ 1379.204270][T28501] ? __pfx_do_madvise+0x10/0x10 [ 1379.204301][T28501] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1379.204339][T28501] ? kernel_write+0x683/0x6c0 [ 1379.204396][T28501] ? ksys_write+0x1ac/0x250 [ 1379.204427][T28501] ? __pfx_ksys_write+0x10/0x10 [ 1379.204457][T28501] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1379.204503][T28501] __x64_sys_madvise+0xa9/0x110 [ 1379.204538][T28501] ? lockdep_hardirqs_on+0x78/0x100 [ 1379.204576][T28501] do_syscall_64+0x115/0x840 [ 1379.204612][T28501] ? clear_bhb_loop+0x40/0x90 [ 1379.204646][T28501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1379.204676][T28501] RIP: 0033:0x7f6e6c19ce59 [ 1379.204699][T28501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1379.204728][T28501] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1379.204756][T28501] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1379.204776][T28501] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 1379.204795][T28501] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1379.204813][T28501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1379.204831][T28501] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1379.204869][T28501] [ 1379.724190][T28506] FAULT_INJECTION: forcing a failure. [ 1379.724190][T28506] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.740020][T28490] nfs4: Unknown parameter 'ECÞHš];^‘ÌYµÙ‰ÜZL‘`š~^g ¨' [ 1379.772067][T28506] CPU: 1 UID: 0 PID: 28506 Comm: syz.1.3312 Tainted: G L syzkaller #0 PREEMPT(full) [ 1379.772111][T28506] Tainted: [L]=SOFTLOCKUP [ 1379.772122][T28506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1379.772138][T28506] Call Trace: [ 1379.772148][T28506] [ 1379.772159][T28506] dump_stack_lvl+0x100/0x190 [ 1379.772211][T28506] should_fail_ex.cold+0x5/0xa [ 1379.772247][T28506] should_failslab+0xc2/0x120 [ 1379.772283][T28506] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1379.772326][T28506] ? do_getname+0x35/0x390 [ 1379.772374][T28506] do_getname+0x35/0x390 [ 1379.772418][T28506] do_mq_open+0x173/0x9c0 [ 1379.772455][T28506] ? __fget_files+0x215/0x3d0 [ 1379.772490][T28506] ? __pfx_do_mq_open+0x10/0x10 [ 1379.772519][T28506] ? __fget_files+0x21f/0x3d0 [ 1379.772554][T28506] __x64_sys_mq_open+0x152/0x1e0 [ 1379.772584][T28506] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 1379.772612][T28506] ? fput+0x79/0x100 [ 1379.772655][T28506] ? syscall_user_dispatch+0x76/0x130 [ 1379.772690][T28506] do_syscall_64+0x115/0x840 [ 1379.772728][T28506] ? clear_bhb_loop+0x40/0x90 [ 1379.772763][T28506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1379.772792][T28506] RIP: 0033:0x7fc647d9ce59 [ 1379.772815][T28506] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1379.772842][T28506] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 1379.772869][T28506] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1379.772889][T28506] RDX: 0000000000000009 RSI: 000000000000007e RDI: 0000200000000280 [ 1379.772906][T28506] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1379.772923][T28506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1379.772940][T28506] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1379.772977][T28506] [ 1380.305536][T28526] FAULT_INJECTION: forcing a failure. [ 1380.305536][T28526] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.338633][T28526] CPU: 1 UID: 0 PID: 28526 Comm: syz.0.3318 Tainted: G L syzkaller #0 PREEMPT(full) [ 1380.338679][T28526] Tainted: [L]=SOFTLOCKUP [ 1380.338689][T28526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1380.338706][T28526] Call Trace: [ 1380.338715][T28526] [ 1380.338727][T28526] dump_stack_lvl+0x100/0x190 [ 1380.338780][T28526] should_fail_ex.cold+0x5/0xa [ 1380.338816][T28526] should_failslab+0xc2/0x120 [ 1380.338854][T28526] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1380.338898][T28526] ? vm_area_alloc+0x1f/0x160 [ 1380.338944][T28526] vm_area_alloc+0x1f/0x160 [ 1380.338983][T28526] __mmap_region+0x104d/0x2dd0 [ 1380.339033][T28526] ? __pfx___mmap_region+0x10/0x10 [ 1380.339078][T28526] ? __pfx___might_resched+0x10/0x10 [ 1380.339111][T28526] ? find_held_lock+0x2b/0x80 [ 1380.339144][T28526] ? process_measurement+0x4c8/0x2350 [ 1380.339174][T28526] ? process_measurement+0x4c8/0x2350 [ 1380.339217][T28526] ? process_measurement+0x1f4/0x2350 [ 1380.339253][T28526] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 1380.339307][T28526] ? __lock_acquire+0x4a5/0x2630 [ 1380.339368][T28526] ? find_held_lock+0x2b/0x80 [ 1380.339401][T28526] ? is_bpf_text_address+0x8a/0x1a0 [ 1380.339497][T28526] mmap_region+0x35d/0x620 [ 1380.339526][T28526] ? rcu_is_watching+0x12/0xc0 [ 1380.339565][T28526] ? __pfx_mmap_region+0x10/0x10 [ 1380.339597][T28526] ? cap_mmap_addr+0x4b/0x120 [ 1380.339624][T28526] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1380.339651][T28526] ? security_mmap_addr+0x71/0x1e0 [ 1380.339688][T28526] ? __get_unmapped_area+0x255/0x3e0 [ 1380.339727][T28526] do_mmap+0xc63/0x12f0 [ 1380.339772][T28526] ? __pfx_do_mmap+0x10/0x10 [ 1380.339807][T28526] ? __pfx_down_write_killable+0x10/0x10 [ 1380.339844][T28526] vm_mmap_pgoff+0x29e/0x470 [ 1380.339886][T28526] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1380.339923][T28526] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1380.339965][T28526] ? __fget_files+0x215/0x3d0 [ 1380.340000][T28526] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1380.340047][T28526] ksys_mmap_pgoff+0xe4/0x610 [ 1380.340085][T28526] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1380.340117][T28526] ? fput+0x79/0x100 [ 1380.340154][T28526] ? ksys_write+0x1ac/0x250 [ 1380.340185][T28526] ? __pfx_ksys_write+0x10/0x10 [ 1380.340222][T28526] __x64_sys_mmap+0x125/0x190 [ 1380.340257][T28526] do_syscall_64+0x115/0x840 [ 1380.340294][T28526] ? clear_bhb_loop+0x40/0x90 [ 1380.340328][T28526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.340358][T28526] RIP: 0033:0x7fe57a99ce59 [ 1380.340382][T28526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1380.340410][T28526] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1380.340437][T28526] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1380.340457][T28526] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1380.340474][T28526] RBP: 00007fe57b796090 R08: fffffffffffffffa R09: 0000000000008000 [ 1380.340493][T28526] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000001 [ 1380.340511][T28526] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1380.340556][T28526] [ 1381.630009][T28551] FAULT_INJECTION: forcing a failure. [ 1381.630009][T28551] name failslab, interval 1, probability 0, space 0, times 0 [ 1381.662562][T28551] CPU: 0 UID: 0 PID: 28551 Comm: syz.1.3325 Tainted: G L syzkaller #0 PREEMPT(full) [ 1381.662612][T28551] Tainted: [L]=SOFTLOCKUP [ 1381.662623][T28551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1381.662641][T28551] Call Trace: [ 1381.662652][T28551] [ 1381.662663][T28551] dump_stack_lvl+0x100/0x190 [ 1381.662719][T28551] should_fail_ex.cold+0x5/0xa [ 1381.662769][T28551] should_failslab+0xc2/0x120 [ 1381.662804][T28551] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1381.662847][T28551] ? security_inode_alloc+0x3b/0x2c0 [ 1381.662878][T28551] ? lockdep_init_map_type+0x5c/0x250 [ 1381.662926][T28551] security_inode_alloc+0x3b/0x2c0 [ 1381.662957][T28551] inode_init_always_gfp+0xc77/0xfb0 [ 1381.662998][T28551] alloc_inode+0x8e/0x250 [ 1381.663042][T28551] alloc_anon_inode+0x2a/0x3e0 [ 1381.663083][T28551] anon_inode_make_secure_inode+0x2f/0x140 [ 1381.663130][T28551] __do_sys_memfd_secret+0xd7/0x3d0 [ 1381.663168][T28551] do_syscall_64+0x115/0x840 [ 1381.663210][T28551] ? clear_bhb_loop+0x40/0x90 [ 1381.663247][T28551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1381.663276][T28551] RIP: 0033:0x7fc647d9ce59 [ 1381.663301][T28551] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1381.663330][T28551] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 1381.663358][T28551] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1381.663379][T28551] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1381.663396][T28551] RBP: 00007fc647e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1381.663414][T28551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1381.663431][T28551] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1381.663469][T28551] [ 1382.096301][T28558] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1382.127333][T28554] No such timeout policy "" [ 1382.132992][T28554] netlink: Failed to associated timeout policy '' [ 1382.430071][T28564] FAULT_INJECTION: forcing a failure. [ 1382.430071][T28564] name failslab, interval 1, probability 0, space 0, times 0 [ 1382.445016][T28564] CPU: 0 UID: 0 PID: 28564 Comm: syz.3.3329 Tainted: G L syzkaller #0 PREEMPT(full) [ 1382.445056][T28564] Tainted: [L]=SOFTLOCKUP [ 1382.445066][T28564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1382.445082][T28564] Call Trace: [ 1382.445091][T28564] [ 1382.445101][T28564] dump_stack_lvl+0x100/0x190 [ 1382.445154][T28564] should_fail_ex.cold+0x5/0xa [ 1382.445198][T28564] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1382.445237][T28564] should_failslab+0xc2/0x120 [ 1382.445271][T28564] __kmalloc_noprof+0xe0/0x850 [ 1382.445312][T28564] ? kfree+0x1dd/0x6c0 [ 1382.445356][T28564] tomoyo_realpath_from_path+0xb6/0x690 [ 1382.445404][T28564] tomoyo_path_number_perm+0x23c/0x580 [ 1382.445436][T28564] ? tomoyo_path_number_perm+0x22e/0x580 [ 1382.445473][T28564] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1382.445545][T28564] ? find_held_lock+0x2b/0x80 [ 1382.445579][T28564] ? __fget_files+0x215/0x3d0 [ 1382.445609][T28564] ? hook_file_ioctl_common+0x149/0x410 [ 1382.445644][T28564] ? __fget_files+0x215/0x3d0 [ 1382.445681][T28564] ? __fget_files+0x21f/0x3d0 [ 1382.445720][T28564] security_file_ioctl+0xd3/0x230 [ 1382.445756][T28564] __x64_sys_ioctl+0xb7/0x210 [ 1382.445791][T28564] do_syscall_64+0x115/0x840 [ 1382.445829][T28564] ? clear_bhb_loop+0x40/0x90 [ 1382.445864][T28564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1382.445895][T28564] RIP: 0033:0x7f6e6c19ce59 [ 1382.445919][T28564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1382.445947][T28564] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1382.445976][T28564] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1382.445996][T28564] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000004 [ 1382.446013][T28564] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1382.446031][T28564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1382.446049][T28564] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1382.446087][T28564] [ 1382.446110][T28564] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1383.261099][T28584] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 1383.335183][T28588] FAULT_INJECTION: forcing a failure. [ 1383.335183][T28588] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1383.393752][T28588] CPU: 1 UID: 0 PID: 28588 Comm: syz.2.3334 Tainted: G L syzkaller #0 PREEMPT(full) [ 1383.393797][T28588] Tainted: [L]=SOFTLOCKUP [ 1383.393807][T28588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1383.393823][T28588] Call Trace: [ 1383.393832][T28588] [ 1383.393843][T28588] dump_stack_lvl+0x100/0x190 [ 1383.393895][T28588] should_fail_ex.cold+0x5/0xa [ 1383.393930][T28588] _copy_from_user+0x2e/0xd0 [ 1383.393969][T28588] copy_msghdr_from_user+0x9f/0x4f0 [ 1383.394009][T28588] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1383.394052][T28588] ? __lock_acquire+0x4a5/0x2630 [ 1383.394100][T28588] ___sys_recvmsg+0xdd/0x1a0 [ 1383.394129][T28588] ? __pfx____sys_recvmsg+0x10/0x10 [ 1383.394151][T28588] ? find_held_lock+0x2b/0x80 [ 1383.394180][T28588] do_recvmmsg+0x301/0x760 [ 1383.394206][T28588] ? __pfx_do_recvmmsg+0x10/0x10 [ 1383.394226][T28588] ? ksys_write+0x190/0x250 [ 1383.394246][T28588] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1383.394269][T28588] ? kernel_write+0x683/0x6c0 [ 1383.394291][T28588] ? __fget_files+0x21f/0x3d0 [ 1383.394313][T28588] __x64_sys_recvmmsg+0x22a/0x280 [ 1383.394330][T28588] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1383.394350][T28588] ? rcu_is_watching+0x12/0xc0 [ 1383.394385][T28588] do_syscall_64+0x115/0x840 [ 1383.394417][T28588] ? clear_bhb_loop+0x40/0x90 [ 1383.394436][T28588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1383.394452][T28588] RIP: 0033:0x7fa90359ce59 [ 1383.394465][T28588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1383.394480][T28588] RSP: 002b:00007fa9044cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1383.394496][T28588] RAX: ffffffffffffffda RBX: 00007fa903815fa0 RCX: 00007fa90359ce59 [ 1383.394511][T28588] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 1383.394527][T28588] RBP: 00007fa9044cd090 R08: 0000000000000000 R09: 0000000000000000 [ 1383.394551][T28588] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 1383.394566][T28588] R13: 00007fa903816038 R14: 00007fa903815fa0 R15: 00007ffec9feca18 [ 1383.394603][T28588] [ 1384.103791][T28602] FAULT_INJECTION: forcing a failure. [ 1384.103791][T28602] name failslab, interval 1, probability 0, space 0, times 0 [ 1384.123641][T28602] CPU: 1 UID: 0 PID: 28602 Comm: syz.3.3338 Tainted: G L syzkaller #0 PREEMPT(full) [ 1384.123688][T28602] Tainted: [L]=SOFTLOCKUP [ 1384.123698][T28602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1384.123715][T28602] Call Trace: [ 1384.123724][T28602] [ 1384.123735][T28602] dump_stack_lvl+0x100/0x190 [ 1384.123787][T28602] should_fail_ex.cold+0x5/0xa [ 1384.123823][T28602] should_failslab+0xc2/0x120 [ 1384.123857][T28602] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1384.123900][T28602] ? do_getname+0x35/0x390 [ 1384.123938][T28602] ? find_held_lock+0x2b/0x80 [ 1384.123979][T28602] ? ksys_write+0x190/0x250 [ 1384.124023][T28602] do_getname+0x35/0x390 [ 1384.124067][T28602] do_sys_openat2+0xc5/0x1e0 [ 1384.124108][T28602] ? __pfx_do_sys_openat2+0x10/0x10 [ 1384.124148][T28602] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1384.124195][T28602] ? __fget_files+0x21f/0x3d0 [ 1384.124233][T28602] __x64_sys_openat+0x12d/0x210 [ 1384.124276][T28602] ? __pfx___x64_sys_openat+0x10/0x10 [ 1384.124316][T28602] ? ksys_write+0x1ac/0x250 [ 1384.124353][T28602] ? rcu_is_watching+0x12/0xc0 [ 1384.124389][T28602] do_syscall_64+0x115/0x840 [ 1384.124426][T28602] ? clear_bhb_loop+0x40/0x90 [ 1384.124462][T28602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1384.124491][T28602] RIP: 0033:0x7f6e6c19ce59 [ 1384.124514][T28602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1384.124541][T28602] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1384.124567][T28602] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1384.124587][T28602] RDX: 0000000000020201 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1384.124605][T28602] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1384.124623][T28602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1384.124640][T28602] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1384.124678][T28602] [ 1384.413737][T28604] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3339'. [ 1384.760127][T28617] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3343'. [ 1384.889204][T28630] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.1.3344: 7 [ 1386.356715][T28672] FAULT_INJECTION: forcing a failure. [ 1386.356715][T28672] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.405909][T28672] CPU: 0 UID: 0 PID: 28672 Comm: syz.1.3356 Tainted: G L syzkaller #0 PREEMPT(full) [ 1386.405948][T28672] Tainted: [L]=SOFTLOCKUP [ 1386.405958][T28672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1386.405984][T28672] Call Trace: [ 1386.405990][T28672] [ 1386.405996][T28672] dump_stack_lvl+0x100/0x190 [ 1386.406027][T28672] should_fail_ex.cold+0x5/0xa [ 1386.406047][T28672] should_failslab+0xc2/0x120 [ 1386.406065][T28672] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1386.406089][T28672] ? do_getname+0x35/0x390 [ 1386.406110][T28672] ? find_held_lock+0x2b/0x80 [ 1386.406128][T28672] ? ksys_write+0x190/0x250 [ 1386.406147][T28672] do_getname+0x35/0x390 [ 1386.406171][T28672] do_sys_openat2+0xc5/0x1e0 [ 1386.406193][T28672] ? __pfx_do_sys_openat2+0x10/0x10 [ 1386.406214][T28672] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1386.406245][T28672] ? __fget_files+0x21f/0x3d0 [ 1386.406266][T28672] __x64_sys_openat+0x12d/0x210 [ 1386.406289][T28672] ? __pfx___x64_sys_openat+0x10/0x10 [ 1386.406311][T28672] ? ksys_write+0x1ac/0x250 [ 1386.406330][T28672] ? rcu_is_watching+0x12/0xc0 [ 1386.406350][T28672] do_syscall_64+0x115/0x840 [ 1386.406370][T28672] ? clear_bhb_loop+0x40/0x90 [ 1386.406389][T28672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.406404][T28672] RIP: 0033:0x7fc647d9ce59 [ 1386.406418][T28672] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1386.406432][T28672] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1386.406447][T28672] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1386.406457][T28672] RDX: 0000000000060743 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1386.406466][T28672] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1386.406475][T28672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1386.406487][T28672] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1386.406506][T28672] [ 1387.679734][T28707] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3364'. [ 1387.697726][T28707] veth1_macvtap: left promiscuous mode [ 1387.712607][T28707] macsec0: entered promiscuous mode [ 1387.723838][T28707] macsec0: entered allmulticast mode [ 1389.516065][T28748] syz.1.3372 uses obsolete (PF_INET,SOCK_PACKET) [ 1389.897102][T28761] FAULT_INJECTION: forcing a failure. [ 1389.897102][T28761] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.935755][T28761] CPU: 1 UID: 0 PID: 28761 Comm: syz.3.3373 Tainted: G L syzkaller #0 PREEMPT(full) [ 1389.935781][T28761] Tainted: [L]=SOFTLOCKUP [ 1389.935787][T28761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1389.935796][T28761] Call Trace: [ 1389.935802][T28761] [ 1389.935808][T28761] dump_stack_lvl+0x100/0x190 [ 1389.935838][T28761] should_fail_ex.cold+0x5/0xa [ 1389.935857][T28761] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1389.935879][T28761] should_failslab+0xc2/0x120 [ 1389.935904][T28761] __kmalloc_noprof+0xe0/0x850 [ 1389.935927][T28761] ? kfree+0x1dd/0x6c0 [ 1389.935950][T28761] tomoyo_realpath_from_path+0xb6/0x690 [ 1389.935978][T28761] tomoyo_path_number_perm+0x23c/0x580 [ 1389.935996][T28761] ? tomoyo_path_number_perm+0x22e/0x580 [ 1389.936015][T28761] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1389.936052][T28761] ? find_held_lock+0x2b/0x80 [ 1389.936070][T28761] ? __fget_files+0x215/0x3d0 [ 1389.936087][T28761] ? hook_file_ioctl_common+0x149/0x410 [ 1389.936105][T28761] ? __fget_files+0x215/0x3d0 [ 1389.936125][T28761] ? __fget_files+0x21f/0x3d0 [ 1389.936145][T28761] security_file_ioctl+0xd3/0x230 [ 1389.936165][T28761] __x64_sys_ioctl+0xb7/0x210 [ 1389.936182][T28761] do_syscall_64+0x115/0x840 [ 1389.936203][T28761] ? clear_bhb_loop+0x40/0x90 [ 1389.936222][T28761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.936238][T28761] RIP: 0033:0x7f6e6c19ce59 [ 1389.936251][T28761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1389.936265][T28761] RSP: 002b:00007f6e6cfa8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1389.936279][T28761] RAX: ffffffffffffffda RBX: 00007f6e6c416180 RCX: 00007f6e6c19ce59 [ 1389.936289][T28761] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000003 [ 1389.936298][T28761] RBP: 00007f6e6cfa8090 R08: 0000000000000000 R09: 0000000000000000 [ 1389.936307][T28761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1389.936316][T28761] R13: 00007f6e6c416218 R14: 00007f6e6c416180 R15: 00007fff19acff28 [ 1389.936336][T28761] [ 1389.937875][T28761] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1391.900760][T28801] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3384'. [ 1392.232223][T28813] ubi0: attaching mtd0 [ 1392.248618][T28813] ubi0: scanning is finished [ 1392.678678][T28813] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1392.692032][T28813] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1392.715821][T28813] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1392.723028][T28813] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1392.730755][T28813] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1392.864511][T28813] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1392.901505][T28813] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 2328072618 [ 1392.915133][T28813] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1393.087362][T28822] ubi0: background thread "ubi_bgt0d" started, PID 28822 [ 1393.096844][T28815] ubi0: detaching mtd0 [ 1393.175621][T28815] ubi0: mtd0 is detached [ 1393.180102][T28831] ubi0: attaching mtd0 [ 1393.181007][T28843] FAULT_INJECTION: forcing a failure. [ 1393.181007][T28843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1393.213845][T28843] CPU: 1 UID: 0 PID: 28843 Comm: syz.1.3387 Tainted: G L syzkaller #0 PREEMPT(full) [ 1393.213886][T28843] Tainted: [L]=SOFTLOCKUP [ 1393.213896][T28843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1393.213911][T28843] Call Trace: [ 1393.213921][T28843] [ 1393.213931][T28843] dump_stack_lvl+0x100/0x190 [ 1393.213977][T28843] should_fail_ex.cold+0x5/0xa [ 1393.213997][T28843] _copy_from_user+0x2e/0xd0 [ 1393.214020][T28843] core_sys_select+0x472/0xbb0 [ 1393.214053][T28843] ? __pfx_core_sys_select+0x10/0x10 [ 1393.214084][T28843] ? get_pid_task+0xfc/0x250 [ 1393.214111][T28843] ? get_pid_task+0x106/0x250 [ 1393.214144][T28843] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1393.214166][T28843] ? kernel_write+0x683/0x6c0 [ 1393.214183][T28843] ? __fget_files+0x215/0x3d0 [ 1393.214202][T28843] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1393.214229][T28843] kern_select+0x1d0/0x280 [ 1393.214247][T28843] ? __pfx_kern_select+0x10/0x10 [ 1393.214267][T28843] ? __pfx_ksys_write+0x10/0x10 [ 1393.214286][T28843] __x64_sys_select+0xbd/0x160 [ 1393.214302][T28843] ? do_syscall_64+0x90/0x840 [ 1393.214322][T28843] ? lockdep_hardirqs_on+0x78/0x100 [ 1393.214343][T28843] do_syscall_64+0x115/0x840 [ 1393.214363][T28843] ? clear_bhb_loop+0x40/0x90 [ 1393.214381][T28843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1393.214396][T28843] RIP: 0033:0x7fc647d9ce59 [ 1393.214409][T28843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1393.214424][T28843] RSP: 002b:00007fc648c82028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1393.214439][T28843] RAX: ffffffffffffffda RBX: 00007fc648016450 RCX: 00007fc647d9ce59 [ 1393.214449][T28843] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1393.214458][T28843] RBP: 00007fc648c82090 R08: 0000000000000000 R09: 0000000000000000 [ 1393.214467][T28843] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1393.214476][T28843] R13: 00007fc6480164e8 R14: 00007fc648016450 R15: 00007fff751b3d38 [ 1393.214495][T28843] [ 1393.507083][T28831] ubi0: scanning is finished [ 1394.018434][T28831] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1394.589272][ T5648] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1394.597245][ T5648] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 1395.272313][ T5739] Process accounting resumed [ 1395.497903][T28882] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1395.540365][T28884] FAULT_INJECTION: forcing a failure. [ 1395.540365][T28884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1395.555982][T28884] CPU: 1 UID: 0 PID: 28884 Comm: syz.3.3397 Tainted: G L syzkaller #0 PREEMPT(full) [ 1395.556026][T28884] Tainted: [L]=SOFTLOCKUP [ 1395.556036][T28884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1395.556052][T28884] Call Trace: [ 1395.556062][T28884] [ 1395.556072][T28884] dump_stack_lvl+0x100/0x190 [ 1395.556124][T28884] should_fail_ex.cold+0x5/0xa [ 1395.556160][T28884] _copy_from_user+0x2e/0xd0 [ 1395.556200][T28884] copy_msghdr_from_user+0x9f/0x4f0 [ 1395.556241][T28884] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1395.556286][T28884] ? __pfx__kstrtoull+0x10/0x10 [ 1395.556322][T28884] ___sys_sendmsg+0x106/0x1e0 [ 1395.556372][T28884] ? __pfx____sys_sendmsg+0x10/0x10 [ 1395.556427][T28884] ? find_held_lock+0x2b/0x80 [ 1395.556484][T28884] __sys_sendmmsg+0x205/0x430 [ 1395.556519][T28884] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1395.556561][T28884] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1395.556617][T28884] ? fput+0x79/0x100 [ 1395.556655][T28884] ? ksys_write+0x1ac/0x250 [ 1395.556686][T28884] ? __pfx_ksys_write+0x10/0x10 [ 1395.556724][T28884] __x64_sys_sendmmsg+0x9c/0x100 [ 1395.556753][T28884] ? lockdep_hardirqs_on+0x78/0x100 [ 1395.556791][T28884] do_syscall_64+0x115/0x840 [ 1395.556828][T28884] ? clear_bhb_loop+0x40/0x90 [ 1395.556861][T28884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1395.556891][T28884] RIP: 0033:0x7f6e6c19ce59 [ 1395.556914][T28884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1395.556942][T28884] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1395.556969][T28884] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1395.556989][T28884] RDX: 00000000ffffffff RSI: 0000200000000200 RDI: 0000000000000004 [ 1395.557007][T28884] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1395.557025][T28884] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 1395.557042][T28884] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1395.557080][T28884] [ 1395.956650][T28871] Process accounting resumed [ 1395.972034][T28890] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3399'. [ 1396.733213][T28917] FAULT_INJECTION: forcing a failure. [ 1396.733213][T28917] name failslab, interval 1, probability 0, space 0, times 0 [ 1396.756110][T28917] CPU: 0 UID: 0 PID: 28917 Comm: syz.0.3405 Tainted: G L syzkaller #0 PREEMPT(full) [ 1396.756154][T28917] Tainted: [L]=SOFTLOCKUP [ 1396.756164][T28917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1396.756188][T28917] Call Trace: [ 1396.756197][T28917] [ 1396.756208][T28917] dump_stack_lvl+0x100/0x190 [ 1396.756260][T28917] should_fail_ex.cold+0x5/0xa [ 1396.756293][T28917] should_failslab+0xc2/0x120 [ 1396.756323][T28917] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1396.756358][T28917] ? sched_core_share_pid+0x3bc/0x9d0 [ 1396.756394][T28917] ? do_raw_spin_unlock+0x145/0x1e0 [ 1396.756427][T28917] sched_core_share_pid+0x3bc/0x9d0 [ 1396.756462][T28917] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1396.756502][T28917] ? cap_task_prctl+0x104/0xa50 [ 1396.756529][T28917] ? __pfx_sched_core_share_pid+0x10/0x10 [ 1396.756568][T28917] ? static_key_count+0x5a/0x70 [ 1396.756598][T28917] ? security_task_prctl+0x11c/0x160 [ 1396.756641][T28917] __do_sys_prctl+0x6bd/0x2320 [ 1396.756669][T28917] ? __pfx___do_sys_prctl+0x10/0x10 [ 1396.756698][T28917] ? rcu_is_watching+0x12/0xc0 [ 1396.756742][T28917] do_syscall_64+0x115/0x840 [ 1396.756780][T28917] ? clear_bhb_loop+0x40/0x90 [ 1396.756814][T28917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1396.756842][T28917] RIP: 0033:0x7fe57a99ce59 [ 1396.756864][T28917] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1396.756891][T28917] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 1396.756917][T28917] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1396.756934][T28917] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003e [ 1396.756949][T28917] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1396.756966][T28917] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1396.756982][T28917] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1396.757018][T28917] [ 1397.167602][T28931] FAULT_INJECTION: forcing a failure. [ 1397.167602][T28931] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.309071][T28934] random: crng reseeded on system resumption [ 1397.318609][T28931] CPU: 1 UID: 0 PID: 28931 Comm: syz.0.3408 Tainted: G L syzkaller #0 PREEMPT(full) [ 1397.318634][T28931] Tainted: [L]=SOFTLOCKUP [ 1397.318639][T28931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1397.318648][T28931] Call Trace: [ 1397.318654][T28931] [ 1397.318660][T28931] dump_stack_lvl+0x100/0x190 [ 1397.318699][T28931] should_fail_ex.cold+0x5/0xa [ 1397.318718][T28931] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 1397.318740][T28931] should_failslab+0xc2/0x120 [ 1397.318758][T28931] __kmalloc_noprof+0xe0/0x850 [ 1397.318786][T28931] kernfs_fop_write_iter+0x26a/0x5f0 [ 1397.318810][T28931] vfs_write+0x6ac/0x1070 [ 1397.318828][T28931] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1397.318854][T28931] ? __pfx_vfs_write+0x10/0x10 [ 1397.318883][T28931] ksys_write+0x12a/0x250 [ 1397.318901][T28931] ? __pfx_ksys_write+0x10/0x10 [ 1397.318919][T28931] ? rcu_is_watching+0x12/0xc0 [ 1397.318939][T28931] do_syscall_64+0x115/0x840 [ 1397.318960][T28931] ? clear_bhb_loop+0x40/0x90 [ 1397.318979][T28931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1397.318995][T28931] RIP: 0033:0x7fe57a99ce59 [ 1397.319008][T28931] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1397.319022][T28931] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1397.319037][T28931] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1397.319048][T28931] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 1397.319057][T28931] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1397.319066][T28931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1397.319075][T28931] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1397.319095][T28931] [ 1397.905791][T28872] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1397.913538][T28872] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 1398.167462][T28950] vivid-007: ================= START STATUS ================= [ 1398.194600][T28950] vivid-007: Generate PTS: true [ 1398.208377][T28950] vivid-007: Generate SCR: true [ 1398.219463][T28950] tpg source WxH: 320x240 (Y'CbCr) [ 1398.229886][T28950] tpg field: 1 [ 1398.234873][T28950] tpg crop: (0,0)/320x240 [ 1398.244572][T28950] tpg compose: (0,0)/320x240 [ 1398.254676][T28950] tpg colorspace: 8 [ 1398.264041][T28950] tpg transfer function: 0/0 [ 1398.277978][T28950] tpg Y'CbCr encoding: 0/0 [ 1398.288643][T28950] tpg quantization: 0/0 [ 1398.303777][T28950] tpg RGB range: 0/2 [ 1398.313998][T28950] vivid-007: ================== END STATUS ================== [ 1399.177361][ T5739] Process accounting resumed [ 1399.452793][T28976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3418'. [ 1399.752063][T28960] Process accounting resumed [ 1401.649424][T29023] FAULT_INJECTION: forcing a failure. [ 1401.649424][T29023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1401.680575][T29023] CPU: 0 UID: 0 PID: 29023 Comm: syz.1.3426 Tainted: G L syzkaller #0 PREEMPT(full) [ 1401.680621][T29023] Tainted: [L]=SOFTLOCKUP [ 1401.680631][T29023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1401.680646][T29023] Call Trace: [ 1401.680656][T29023] [ 1401.680667][T29023] dump_stack_lvl+0x100/0x190 [ 1401.680718][T29023] should_fail_ex.cold+0x5/0xa [ 1401.680753][T29023] strncpy_from_user+0x3b/0x2d0 [ 1401.680854][T29023] do_getname+0x78/0x390 [ 1401.680898][T29023] do_sys_openat2+0xc5/0x1e0 [ 1401.680938][T29023] ? __pfx_do_sys_openat2+0x10/0x10 [ 1401.680976][T29023] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1401.681022][T29023] ? __fget_files+0x21f/0x3d0 [ 1401.681060][T29023] __x64_sys_openat+0x12d/0x210 [ 1401.681102][T29023] ? __pfx___x64_sys_openat+0x10/0x10 [ 1401.681141][T29023] ? ksys_write+0x1ac/0x250 [ 1401.681178][T29023] ? rcu_is_watching+0x12/0xc0 [ 1401.681213][T29023] do_syscall_64+0x115/0x840 [ 1401.681250][T29023] ? clear_bhb_loop+0x40/0x90 [ 1401.681291][T29023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1401.681320][T29023] RIP: 0033:0x7fc647d9ce59 [ 1401.681343][T29023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1401.681370][T29023] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1401.681399][T29023] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1401.681418][T29023] RDX: 00000000000c0000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1401.681436][T29023] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1401.681453][T29023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1401.681470][T29023] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1401.681506][T29023] [ 1402.055546][T29025] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1402.740292][T29045] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1402.803541][T29045] CIFS mount error: No usable UNC path provided in device string! [ 1402.803541][T29045] [ 1402.823237][T29045] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1402.907379][T29054] openvswitch: netlink: Key type 261 is out of range max 32 [ 1403.142379][T29062] FAULT_INJECTION: forcing a failure. [ 1403.142379][T29062] name failslab, interval 1, probability 0, space 0, times 0 [ 1403.203201][T29062] CPU: 0 UID: 0 PID: 29062 Comm: syz.0.3435 Tainted: G L syzkaller #0 PREEMPT(full) [ 1403.203246][T29062] Tainted: [L]=SOFTLOCKUP [ 1403.203255][T29062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1403.203272][T29062] Call Trace: [ 1403.203281][T29062] [ 1403.203292][T29062] dump_stack_lvl+0x100/0x190 [ 1403.203343][T29062] should_fail_ex.cold+0x5/0xa [ 1403.203381][T29062] ? tomoyo_encode2+0xfb/0x3c0 [ 1403.203417][T29062] should_failslab+0xc2/0x120 [ 1403.203449][T29062] __kmalloc_noprof+0xe0/0x850 [ 1403.203491][T29062] ? rcu_is_watching+0x12/0xc0 [ 1403.203530][T29062] tomoyo_encode2+0xfb/0x3c0 [ 1403.203571][T29062] tomoyo_encode+0x29/0x50 [ 1403.203608][T29062] tomoyo_realpath_from_path+0x18c/0x690 [ 1403.203655][T29062] tomoyo_path_number_perm+0x23c/0x580 [ 1403.203688][T29062] ? tomoyo_path_number_perm+0x22e/0x580 [ 1403.203725][T29062] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1403.203796][T29062] ? find_held_lock+0x2b/0x80 [ 1403.203829][T29062] ? __fget_files+0x215/0x3d0 [ 1403.203859][T29062] ? hook_file_ioctl_common+0x149/0x410 [ 1403.203893][T29062] ? __fget_files+0x215/0x3d0 [ 1403.203931][T29062] ? __fget_files+0x21f/0x3d0 [ 1403.203969][T29062] security_file_ioctl+0xd3/0x230 [ 1403.204005][T29062] __x64_sys_ioctl+0xb7/0x210 [ 1403.204037][T29062] do_syscall_64+0x115/0x840 [ 1403.204083][T29062] ? clear_bhb_loop+0x40/0x90 [ 1403.204118][T29062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1403.204147][T29062] RIP: 0033:0x7fe57a99ce59 [ 1403.204171][T29062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1403.204197][T29062] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1403.204225][T29062] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1403.204244][T29062] RDX: 0000000000000000 RSI: 00000000c0285700 RDI: 0000000000000003 [ 1403.204261][T29062] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1403.204278][T29062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1403.204295][T29062] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1403.204346][T29062] [ 1403.204381][T29062] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1403.754324][T29066] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1403.784763][T29074] FAULT_INJECTION: forcing a failure. [ 1403.784763][T29074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1403.827860][T29074] CPU: 1 UID: 0 PID: 29074 Comm: syz.0.3439 Tainted: G L syzkaller #0 PREEMPT(full) [ 1403.827903][T29074] Tainted: [L]=SOFTLOCKUP [ 1403.827914][T29074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1403.827931][T29074] Call Trace: [ 1403.827941][T29074] [ 1403.827952][T29074] dump_stack_lvl+0x100/0x190 [ 1403.828003][T29074] should_fail_ex.cold+0x5/0xa [ 1403.828040][T29074] _copy_from_user+0x2e/0xd0 [ 1403.828080][T29074] post_copy_siginfo_from_user.isra.0+0x16e/0x300 [ 1403.828132][T29074] ? __pfx_post_copy_siginfo_from_user.isra.0+0x10/0x10 [ 1403.828178][T29074] ? find_held_lock+0x2b/0x80 [ 1403.828231][T29074] do_pidfd_send_signal+0x1a1/0x520 [ 1403.828270][T29074] ? __pfx_do_pidfd_send_signal+0x10/0x10 [ 1403.828325][T29074] __x64_sys_pidfd_send_signal+0x2bd/0x420 [ 1403.828373][T29074] do_syscall_64+0x115/0x840 [ 1403.828412][T29074] ? clear_bhb_loop+0x40/0x90 [ 1403.828447][T29074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1403.828476][T29074] RIP: 0033:0x7fe57a99ce59 [ 1403.828499][T29074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1403.828527][T29074] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a8 [ 1403.828554][T29074] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1403.828574][T29074] RDX: 0000200000000440 RSI: 0000000000000008 RDI: 0000000000000003 [ 1403.828591][T29074] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1403.828609][T29074] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1403.828626][T29074] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1403.828665][T29074] [ 1404.051734][T29078] FAULT_INJECTION: forcing a failure. [ 1404.051734][T29078] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.064855][T29078] CPU: 1 UID: 0 PID: 29078 Comm: syz.0.3440 Tainted: G L syzkaller #0 PREEMPT(full) [ 1404.064881][T29078] Tainted: [L]=SOFTLOCKUP [ 1404.064887][T29078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1404.064896][T29078] Call Trace: [ 1404.064901][T29078] [ 1404.064907][T29078] dump_stack_lvl+0x100/0x190 [ 1404.064938][T29078] should_fail_ex.cold+0x5/0xa [ 1404.064958][T29078] should_failslab+0xc2/0x120 [ 1404.064977][T29078] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1404.064998][T29078] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1404.065113][T29078] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1404.065140][T29078] ? __mutex_lock+0x26d/0x1b10 [ 1404.065162][T29078] ? snd_pcm_oss_read+0x3b2/0x730 [ 1404.065184][T29078] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1404.065207][T29078] ? __pfx___mutex_lock+0x10/0x10 [ 1404.065235][T29078] ? iovec_from_user+0xda/0x140 [ 1404.065261][T29078] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1404.065283][T29078] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 1404.065304][T29078] snd_pcm_oss_read+0x3d4/0x730 [ 1404.065329][T29078] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 1404.065349][T29078] vfs_readv+0x5d8/0x8d0 [ 1404.065370][T29078] ? __pfx_vfs_readv+0x10/0x10 [ 1404.065386][T29078] ? find_held_lock+0x2b/0x80 [ 1404.065405][T29078] ? ksys_write+0x190/0x250 [ 1404.065432][T29078] ? __fget_files+0x21f/0x3d0 [ 1404.065454][T29078] ? do_readv+0x13e/0x340 [ 1404.065468][T29078] do_readv+0x13e/0x340 [ 1404.065484][T29078] ? __pfx_do_readv+0x10/0x10 [ 1404.065501][T29078] ? rcu_is_watching+0x12/0xc0 [ 1404.065528][T29078] do_syscall_64+0x115/0x840 [ 1404.065549][T29078] ? clear_bhb_loop+0x40/0x90 [ 1404.065567][T29078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1404.065583][T29078] RIP: 0033:0x7fe57a99ce59 [ 1404.065596][T29078] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1404.065611][T29078] RSP: 002b:00007fe57b796028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1404.065625][T29078] RAX: ffffffffffffffda RBX: 00007fe57ac15fa0 RCX: 00007fe57a99ce59 [ 1404.065636][T29078] RDX: 00000000000001da RSI: 0000200000000600 RDI: 0000000000000003 [ 1404.065645][T29078] RBP: 00007fe57b796090 R08: 0000000000000000 R09: 0000000000000000 [ 1404.065654][T29078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1404.065663][T29078] R13: 00007fe57ac16038 R14: 00007fe57ac15fa0 R15: 00007ffe99a18768 [ 1404.065682][T29078] [ 1404.508985][T29086] FAULT_INJECTION: forcing a failure. [ 1404.508985][T29086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1404.581835][T29086] CPU: 0 UID: 0 PID: 29086 Comm: syz.0.3443 Tainted: G L syzkaller #0 PREEMPT(full) [ 1404.581881][T29086] Tainted: [L]=SOFTLOCKUP [ 1404.581891][T29086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1404.581908][T29086] Call Trace: [ 1404.581926][T29086] [ 1404.581937][T29086] dump_stack_lvl+0x100/0x190 [ 1404.581988][T29086] should_fail_ex.cold+0x5/0xa [ 1404.582024][T29086] _copy_from_user+0x2e/0xd0 [ 1404.582064][T29086] copy_msghdr_from_user+0x9f/0x4f0 [ 1404.582104][T29086] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1404.582160][T29086] ___sys_sendmsg+0x106/0x1e0 [ 1404.582200][T29086] ? __pfx____sys_sendmsg+0x10/0x10 [ 1404.582280][T29086] __sys_sendmsg+0x170/0x220 [ 1404.582311][T29086] ? __pfx___sys_sendmsg+0x10/0x10 [ 1404.582359][T29086] ? rcu_is_watching+0x12/0xc0 [ 1404.582397][T29086] do_syscall_64+0x115/0x840 [ 1404.582434][T29086] ? clear_bhb_loop+0x40/0x90 [ 1404.582468][T29086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1404.582498][T29086] RIP: 0033:0x7fe57a99ce59 [ 1404.582521][T29086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1404.582548][T29086] RSP: 002b:00007fe57b775028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1404.582575][T29086] RAX: ffffffffffffffda RBX: 00007fe57ac16090 RCX: 00007fe57a99ce59 [ 1404.582594][T29086] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 1404.582613][T29086] RBP: 00007fe57b775090 R08: 0000000000000000 R09: 0000000000000000 [ 1404.582631][T29086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1404.582646][T29086] R13: 00007fe57ac16128 R14: 00007fe57ac16090 R15: 00007ffe99a18768 [ 1404.582682][T29086] [ 1404.768521][T29091] FAULT_INJECTION: forcing a failure. [ 1404.768521][T29091] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.781315][T29091] CPU: 0 UID: 0 PID: 29091 Comm: syz.3.3444 Tainted: G L syzkaller #0 PREEMPT(full) [ 1404.781361][T29091] Tainted: [L]=SOFTLOCKUP [ 1404.781371][T29091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1404.781387][T29091] Call Trace: [ 1404.781397][T29091] [ 1404.781408][T29091] dump_stack_lvl+0x100/0x190 [ 1404.781461][T29091] should_fail_ex.cold+0x5/0xa [ 1404.781496][T29091] ? x509_fabricate_name.isra.0+0x5ea/0xa10 [ 1404.781536][T29091] should_failslab+0xc2/0x120 [ 1404.781571][T29091] __kmalloc_noprof+0xe0/0x850 [ 1404.781612][T29091] ? __asan_memcpy+0x3c/0x60 [ 1404.781658][T29091] x509_fabricate_name.isra.0+0x5ea/0xa10 [ 1404.781706][T29091] asn1_ber_decoder+0xd0c/0x2170 [ 1404.781753][T29091] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 1404.781810][T29091] x509_cert_parse+0x1c9/0x910 [ 1404.781846][T29091] ? kasan_save_stack+0x3f/0x50 [ 1404.781873][T29091] ? kasan_save_stack+0x30/0x50 [ 1404.781899][T29091] ? kasan_save_track+0x14/0x30 [ 1404.781929][T29091] pkcs7_extract_cert+0xa4/0x380 [ 1404.781976][T29091] asn1_ber_decoder+0x12b3/0x2170 [ 1404.782021][T29091] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 1404.782079][T29091] pkcs7_parse_message+0x289/0x870 [ 1404.782141][T29091] verify_pkcs7_signature+0x30/0xa0 [ 1404.782175][T29091] valid_regdb+0x211/0x590 [ 1404.782214][T29091] ? __pfx_valid_regdb+0x10/0x10 [ 1404.782253][T29091] reg_reload_regdb+0x11a/0x460 [ 1404.782289][T29091] ? __pfx_reg_reload_regdb+0x10/0x10 [ 1404.782324][T29091] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1404.782364][T29091] ? nl80211_pre_doit+0x19a/0xae0 [ 1404.782410][T29091] genl_family_rcv_msg_doit+0x214/0x300 [ 1404.782457][T29091] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1404.782499][T29091] ? genl_get_cmd+0x3e7/0x760 [ 1404.782546][T29091] ? bpf_lsm_capable+0x9/0x10 [ 1404.782576][T29091] ? security_capable+0x80/0x260 [ 1404.782611][T29091] genl_rcv_msg+0x560/0x800 [ 1404.782655][T29091] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1404.782695][T29091] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1404.782737][T29091] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 1404.782767][T29091] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1404.782815][T29091] netlink_rcv_skb+0x159/0x420 [ 1404.782849][T29091] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1404.782887][T29091] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1404.782935][T29091] ? rcu_is_watching+0x12/0xc0 [ 1404.782975][T29091] genl_rcv+0x28/0x40 [ 1404.783013][T29091] netlink_unicast+0x585/0x850 [ 1404.783055][T29091] ? __pfx_netlink_unicast+0x10/0x10 [ 1404.783112][T29091] netlink_sendmsg+0x8b0/0xda0 [ 1404.783157][T29091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1404.783193][T29091] ? __import_iovec+0x1d2/0x640 [ 1404.783234][T29091] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1404.783279][T29091] ____sys_sendmsg+0x9e1/0xb70 [ 1404.783313][T29091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1404.783348][T29091] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1404.783388][T29091] ? __pfx_futex_wake_mark+0x10/0x10 [ 1404.783428][T29091] ___sys_sendmsg+0x190/0x1e0 [ 1404.783467][T29091] ? __pfx____sys_sendmsg+0x10/0x10 [ 1404.783547][T29091] __sys_sendmsg+0x170/0x220 [ 1404.783578][T29091] ? __pfx___sys_sendmsg+0x10/0x10 [ 1404.783606][T29091] ? __x64_sys_futex+0x34f/0x4d0 [ 1404.783650][T29091] ? rcu_is_watching+0x12/0xc0 [ 1404.783686][T29091] do_syscall_64+0x115/0x840 [ 1404.783723][T29091] ? clear_bhb_loop+0x40/0x90 [ 1404.783759][T29091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1404.783789][T29091] RIP: 0033:0x7f6e6c19ce59 [ 1404.783812][T29091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1404.783839][T29091] RSP: 002b:00007f6e6cfc9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1404.783866][T29091] RAX: ffffffffffffffda RBX: 00007f6e6c416090 RCX: 00007f6e6c19ce59 [ 1404.783885][T29091] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 1404.783903][T29091] RBP: 00007f6e6c232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1404.783920][T29091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1404.783937][T29091] R13: 00007f6e6c416128 R14: 00007f6e6c416090 R15: 00007fff19acff28 [ 1404.783978][T29091] [ 1405.400586][T29098] FAULT_INJECTION: forcing a failure. [ 1405.400586][T29098] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.413937][T29098] CPU: 0 UID: 0 PID: 29098 Comm: syz.1.3448 Tainted: G L syzkaller #0 PREEMPT(full) [ 1405.413980][T29098] Tainted: [L]=SOFTLOCKUP [ 1405.413990][T29098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1405.414006][T29098] Call Trace: [ 1405.414016][T29098] [ 1405.414026][T29098] dump_stack_lvl+0x100/0x190 [ 1405.414076][T29098] should_fail_ex.cold+0x5/0xa [ 1405.414113][T29098] should_failslab+0xc2/0x120 [ 1405.414146][T29098] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1405.414177][T29098] ? __get_vm_area_node+0x101/0x330 [ 1405.414210][T29098] ? lock_acquire+0x1b1/0x370 [ 1405.414255][T29098] __get_vm_area_node+0x101/0x330 [ 1405.414295][T29098] __vmalloc_node_range_noprof+0x228/0x1630 [ 1405.414333][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.414380][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.414426][T29098] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1405.414470][T29098] ? rcu_is_watching+0x12/0xc0 [ 1405.414500][T29098] ? trace_kmem_cache_alloc+0xd5/0x100 [ 1405.414534][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.414566][T29098] __vmalloc_node_noprof+0xad/0xf0 [ 1405.414601][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.414641][T29098] copy_process+0x7fb/0x7ed0 [ 1405.414679][T29098] ? __lock_acquire+0x4a5/0x2630 [ 1405.414735][T29098] ? __pfx_copy_process+0x10/0x10 [ 1405.414772][T29098] ? find_held_lock+0x2b/0x80 [ 1405.414820][T29098] kernel_clone+0x176/0x9e0 [ 1405.414852][T29098] ? find_held_lock+0x2b/0x80 [ 1405.414896][T29098] ? __pfx_kernel_clone+0x10/0x10 [ 1405.414946][T29098] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1405.414991][T29098] __do_sys_clone+0xd9/0x120 [ 1405.415029][T29098] ? __pfx___do_sys_clone+0x10/0x10 [ 1405.415080][T29098] ? ksys_write+0x1ac/0x250 [ 1405.415112][T29098] ? __pfx_ksys_write+0x10/0x10 [ 1405.415146][T29098] ? rcu_is_watching+0x12/0xc0 [ 1405.415183][T29098] do_syscall_64+0x115/0x840 [ 1405.415220][T29098] ? clear_bhb_loop+0x40/0x90 [ 1405.415254][T29098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1405.415283][T29098] RIP: 0033:0x7fc647d9ce59 [ 1405.415307][T29098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1405.415334][T29098] RSP: 002b:00007fc648d26fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1405.415362][T29098] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1405.415381][T29098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 1405.415397][T29098] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1405.415413][T29098] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1405.415430][T29098] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1405.415468][T29098] [ 1405.415685][T29098] syz.1.3448: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1405.700943][T29098] CPU: 0 UID: 0 PID: 29098 Comm: syz.1.3448 Tainted: G L syzkaller #0 PREEMPT(full) [ 1405.700984][T29098] Tainted: [L]=SOFTLOCKUP [ 1405.700994][T29098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1405.701009][T29098] Call Trace: [ 1405.701018][T29098] [ 1405.701028][T29098] dump_stack_lvl+0x100/0x190 [ 1405.701076][T29098] warn_alloc.cold+0x95/0x1c1 [ 1405.701129][T29098] ? __pfx_warn_alloc+0x10/0x10 [ 1405.701170][T29098] ? trace_kmalloc+0xe3/0x110 [ 1405.701206][T29098] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 1405.701241][T29098] ? __kasan_kmalloc+0x8a/0xb0 [ 1405.701270][T29098] ? __get_vm_area_node+0x208/0x330 [ 1405.701312][T29098] __vmalloc_node_range_noprof+0xccd/0x1630 [ 1405.701361][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.701416][T29098] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1405.701462][T29098] ? rcu_is_watching+0x12/0xc0 [ 1405.701493][T29098] ? trace_kmem_cache_alloc+0xd5/0x100 [ 1405.701526][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.701558][T29098] __vmalloc_node_noprof+0xad/0xf0 [ 1405.701593][T29098] ? kernel_clone+0x176/0x9e0 [ 1405.701634][T29098] copy_process+0x7fb/0x7ed0 [ 1405.701671][T29098] ? __lock_acquire+0x4a5/0x2630 [ 1405.701727][T29098] ? __pfx_copy_process+0x10/0x10 [ 1405.701764][T29098] ? find_held_lock+0x2b/0x80 [ 1405.701812][T29098] kernel_clone+0x176/0x9e0 [ 1405.701846][T29098] ? find_held_lock+0x2b/0x80 [ 1405.701881][T29098] ? __pfx_kernel_clone+0x10/0x10 [ 1405.701931][T29098] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 1405.701976][T29098] __do_sys_clone+0xd9/0x120 [ 1405.702014][T29098] ? __pfx___do_sys_clone+0x10/0x10 [ 1405.702065][T29098] ? ksys_write+0x1ac/0x250 [ 1405.702097][T29098] ? __pfx_ksys_write+0x10/0x10 [ 1405.702131][T29098] ? rcu_is_watching+0x12/0xc0 [ 1405.702168][T29098] do_syscall_64+0x115/0x840 [ 1405.702204][T29098] ? clear_bhb_loop+0x40/0x90 [ 1405.702237][T29098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1405.702265][T29098] RIP: 0033:0x7fc647d9ce59 [ 1405.702287][T29098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1405.702311][T29098] RSP: 002b:00007fc648d26fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1405.702337][T29098] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1405.702357][T29098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 1405.702381][T29098] RBP: 00007fc648d27090 R08: 0000000000000000 R09: 0000000000000000 [ 1405.702399][T29098] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1405.702415][T29098] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1405.702452][T29098] [ 1405.702490][T29098] Mem-Info: [ 1405.971294][T29098] active_anon:6123 inactive_anon:0 isolated_anon:0 [ 1405.971294][T29098] active_file:4981 inactive_file:50599 isolated_file:0 [ 1405.971294][T29098] unevictable:8112 dirty:1780 writeback:0 [ 1405.971294][T29098] slab_reclaimable:12261 slab_unreclaimable:91692 [ 1405.971294][T29098] mapped:35595 shmem:1289 pagetables:1189 [ 1405.971294][T29098] sec_pagetables:0 bounce:0 [ 1405.971294][T29098] kernel_misc_reclaimable:0 [ 1405.971294][T29098] free:1318673 free_pcp:11598 free_cma:0 [ 1406.035279][T29098] Node 0 active_anon:24492kB inactive_anon:0kB active_file:19724kB inactive_file:202184kB unevictable:33012kB isolated(anon):0kB isolated(file):0kB mapped:148580kB dirty:7116kB writeback:0kB shmem:3620kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11372kB pagetables:4424kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 1406.119746][T29098] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 1406.181699][T29098] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.294938][T29098] lowmem_reserve[]: 0 2478 2479 2479 2479 [ 1406.307546][T29098] Node 0 DMA32 free:1313388kB boost:0kB min:34060kB low:42572kB high:51084kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24228kB inactive_anon:0kB active_file:19648kB inactive_file:232384kB unevictable:1588kB writepending:7116kB zspages:0kB present:3129332kB managed:2537508kB mlocked:80kB bounce:0kB free_pcp:47872kB local_pcp:30300kB free_cma:0kB [ 1406.371934][T29098] lowmem_reserve[]: 0 0 1 1 1 [ 1406.380745][T29098] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1108kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 1406.461003][T29098] lowmem_reserve[]: 0 0 0 0 0 [ 1406.476044][T29098] Node 1 Normal free:3944168kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:212kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.515501][T29098] lowmem_reserve[]: 0 0 0 0 0 [ 1406.541142][T29098] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1406.563343][T29098] Node 0 DMA32: 2226*4kB (UM) 3813*8kB (UME) 3429*16kB (UME) 1057*32kB (UME) 459*64kB (UME) 293*128kB (UME) 236*256kB (UME) 145*512kB (UM) 76*1024kB (UME) 13*2048kB (UM) 214*4096kB (M) = 1310624kB [ 1406.625325][T29098] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1406.665683][T29098] Node 1 Normal: 4*4kB (UM) 5*8kB (UM) 9*16kB (UM) 11*32kB (UM) 5*64kB (UM) 1*128kB (M) 3*256kB (UM) 2*512kB (M) 1*1024kB (M) 2*2048kB (U) 961*4096kB (UM) = 3944168kB [ 1406.689857][T29098] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1406.702282][T29098] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1406.730757][T29098] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1406.751888][T29119] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3451'. [ 1406.763294][T29119] virt_wifi0: entered allmulticast mode [ 1406.775038][T29098] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1406.798102][T29119] capability: warning: `syz.0.3451' uses 32-bit capabilities (legacy support in use) [ 1406.822824][T29098] 65017 total pagecache pages [ 1406.833667][T29098] 0 pages in swap cache [ 1406.846732][T29098] Free swap = 124996kB [ 1406.880031][T29098] Total swap = 124996kB [ 1406.886403][T29098] 2097051 pages RAM [ 1406.921852][T29098] 0 pages HighMem/MovableOnly [ 1406.927384][T29098] 430782 pages reserved [ 1406.931579][T29098] 0 pages cma reserved [ 1407.000326][T29128] FAULT_INJECTION: forcing a failure. [ 1407.000326][T29128] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1407.039600][T29128] CPU: 1 UID: 0 PID: 29128 Comm: syz.1.3453 Tainted: G L syzkaller #0 PREEMPT(full) [ 1407.039647][T29128] Tainted: [L]=SOFTLOCKUP [ 1407.039658][T29128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1407.039675][T29128] Call Trace: [ 1407.039685][T29128] [ 1407.039695][T29128] dump_stack_lvl+0x100/0x190 [ 1407.039747][T29128] should_fail_ex.cold+0x5/0xa [ 1407.039782][T29128] ? prepare_alloc_pages+0x16d/0x5f0 [ 1407.039821][T29128] should_fail_alloc_page+0xeb/0x140 [ 1407.039858][T29128] prepare_alloc_pages+0x1f0/0x5f0 [ 1407.039899][T29128] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 1407.039956][T29128] ? find_held_lock+0x2b/0x80 [ 1407.039988][T29128] ? is_bpf_text_address+0x8a/0x1a0 [ 1407.040026][T29128] ? is_bpf_text_address+0x8a/0x1a0 [ 1407.040060][T29128] ? bpf_ksym_find+0x124/0x1c0 [ 1407.040091][T29128] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1407.040138][T29128] ? is_bpf_text_address+0x94/0x1a0 [ 1407.040174][T29128] ? kernel_text_address+0x8d/0x100 [ 1407.040211][T29128] ? __kernel_text_address+0xd/0x30 [ 1407.040239][T29128] ? unwind_get_return_address+0x59/0xa0 [ 1407.040288][T29128] ? vma_is_special_huge+0x23f/0x2d0 [ 1407.040330][T29128] ? __pfx_vma_is_special_huge+0x10/0x10 [ 1407.040364][T29128] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1407.040405][T29128] ? policy_nodemask+0xed/0x4f0 [ 1407.040442][T29128] alloc_pages_mpol+0x1fb/0x540 [ 1407.040477][T29128] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1407.040510][T29128] ? __lock_acquire+0x4a5/0x2630 [ 1407.040550][T29128] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 1407.040591][T29128] alloc_pages_noprof+0x1a/0x160 [ 1407.040628][T29128] __pmd_alloc+0x3b/0x950 [ 1407.040667][T29128] __handle_mm_fault+0xa9c/0x2a00 [ 1407.040711][T29128] ? mt_find+0x45e/0x8e0 [ 1407.040753][T29128] ? __pfx___handle_mm_fault+0x10/0x10 [ 1407.040790][T29128] ? __pfx_mt_find+0x10/0x10 [ 1407.040848][T29128] ? find_vma+0xbf/0x140 [ 1407.040878][T29128] ? __pfx_find_vma+0x10/0x10 [ 1407.040912][T29128] handle_mm_fault+0x37b/0xa30 [ 1407.040958][T29128] do_user_addr_fault+0x74c/0x12f0 [ 1407.040996][T29128] ? trace_page_fault_kernel+0x7a/0x200 [ 1407.041031][T29128] exc_page_fault+0x6f/0xd0 [ 1407.041070][T29128] asm_exc_page_fault+0x26/0x30 [ 1407.041097][T29128] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 1407.041128][T29128] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 0d 9d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 1407.041155][T29128] RSP: 0018:ffffc90003bbf938 EFLAGS: 00050216 [ 1407.041178][T29128] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000014 [ 1407.041203][T29128] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90003bbfb90 [ 1407.041221][T29128] RBP: 0000000000000014 R08: 0000000000000001 R09: fffff52000777f74 [ 1407.041238][T29128] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 1407.041254][T29128] R13: ffffc90003bbfb90 R14: 0000000000000000 R15: 0000000000000000 [ 1407.041290][T29128] _copy_from_user+0x98/0xd0 [ 1407.041330][T29128] copy_from_sockptr_offset.constprop.0+0x153/0x1a0 [ 1407.041376][T29128] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 1407.041419][T29128] ? __local_bh_enable_ip+0x9e/0x120 [ 1407.041452][T29128] ? lockdep_hardirqs_on+0x78/0x100 [ 1407.041493][T29128] do_ipv6_setsockopt+0x2ab5/0x43b0 [ 1407.041532][T29128] ? _parse_integer_limit+0x17f/0x1d0 [ 1407.041568][T29128] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 1407.041607][T29128] ? __lock_acquire+0x4a5/0x2630 [ 1407.041664][T29128] ? lock_acquire+0x1b1/0x370 [ 1407.041710][T29128] ? rcu_is_watching+0x12/0xc0 [ 1407.041741][T29128] ? trace_contention_end+0x122/0x170 [ 1407.041771][T29128] ? __mutex_lock+0x26d/0x1b10 [ 1407.041812][T29128] ? smc_setsockopt+0x100/0xa40 [ 1407.041843][T29128] ? find_held_lock+0x2b/0x80 [ 1407.041875][T29128] ? get_pid_task+0xfc/0x250 [ 1407.041913][T29128] ? get_pid_task+0xfc/0x250 [ 1407.041954][T29128] ? __pfx___mutex_lock+0x10/0x10 [ 1407.042002][T29128] ? ipv6_setsockopt+0xcb/0x170 [ 1407.042039][T29128] ipv6_setsockopt+0xcb/0x170 [ 1407.042082][T29128] tcp_setsockopt+0xa7/0x100 [ 1407.042121][T29128] smc_setsockopt+0x1b6/0xa40 [ 1407.042151][T29128] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1407.042191][T29128] ? __pfx_smc_setsockopt+0x10/0x10 [ 1407.042237][T29128] ? aa_sock_opt_perm+0xfe/0x1b0 [ 1407.042284][T29128] ? __pfx_smc_setsockopt+0x10/0x10 [ 1407.042317][T29128] do_sock_setsockopt+0xf3/0x1d0 [ 1407.042355][T29128] __sys_setsockopt+0x119/0x190 [ 1407.042390][T29128] __x64_sys_setsockopt+0xbd/0x160 [ 1407.042417][T29128] ? do_syscall_64+0x90/0x840 [ 1407.042454][T29128] ? lockdep_hardirqs_on+0x78/0x100 [ 1407.042492][T29128] do_syscall_64+0x115/0x840 [ 1407.042524][T29128] ? clear_bhb_loop+0x40/0x90 [ 1407.042555][T29128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1407.042582][T29128] RIP: 0033:0x7fc647d9ce59 [ 1407.042604][T29128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1407.042631][T29128] RSP: 002b:00007fc648d27028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1407.042667][T29128] RAX: ffffffffffffffda RBX: 00007fc648015fa0 RCX: 00007fc647d9ce59 [ 1407.042686][T29128] RDX: 000000000000001b RSI: 0000000000000029 RDI: 0000000000000003 [ 1407.042702][T29128] RBP: 00007fc648d27090 R08: 0000000000000201 R09: 0000000000000000 [ 1407.042720][T29128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1407.042735][T29128] R13: 00007fc648016038 R14: 00007fc648015fa0 R15: 00007fff751b3d38 [ 1407.042770][T29128] [ 1408.633303][T29159] FAULT_INJECTION: forcing a failure. [ 1408.633303][T29159] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1408.650663][T29159] CPU: 1 UID: 0 PID: 29159 Comm: syz.3.3460 Tainted: G L syzkaller #0 PREEMPT(full) [ 1408.650704][T29159] Tainted: [L]=SOFTLOCKUP [ 1408.650714][T29159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1408.650730][T29159] Call Trace: [ 1408.650739][T29159] [ 1408.650750][T29159] dump_stack_lvl+0x100/0x190 [ 1408.650799][T29159] should_fail_ex.cold+0x5/0xa [ 1408.650832][T29159] _copy_from_user+0x2e/0xd0 [ 1408.650869][T29159] ____sys_sendmsg+0x1d1/0xb70 [ 1408.650906][T29159] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1408.650944][T29159] ? __pfx__kstrtoull+0x10/0x10 [ 1408.650975][T29159] ___sys_sendmsg+0x190/0x1e0 [ 1408.651011][T29159] ? __pfx____sys_sendmsg+0x10/0x10 [ 1408.651070][T29159] ? find_held_lock+0x2b/0x80 [ 1408.651125][T29159] __sys_sendmmsg+0x205/0x430 [ 1408.651160][T29159] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1408.651202][T29159] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1408.651258][T29159] ? fput+0x79/0x100 [ 1408.651295][T29159] ? ksys_write+0x1ac/0x250 [ 1408.651326][T29159] ? __pfx_ksys_write+0x10/0x10 [ 1408.651364][T29159] __x64_sys_sendmmsg+0x9c/0x100 [ 1408.651394][T29159] ? lockdep_hardirqs_on+0x78/0x100 [ 1408.651432][T29159] do_syscall_64+0x115/0x840 [ 1408.651469][T29159] ? clear_bhb_loop+0x40/0x90 [ 1408.651504][T29159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1408.651533][T29159] RIP: 0033:0x7f6e6c19ce59 [ 1408.651555][T29159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1408.651581][T29159] RSP: 002b:00007f6e6cfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1408.651607][T29159] RAX: ffffffffffffffda RBX: 00007f6e6c415fa0 RCX: 00007f6e6c19ce59 [ 1408.651627][T29159] RDX: 0000000000000005 RSI: 0000200000000080 RDI: 0000000000000003 [ 1408.651644][T29159] RBP: 00007f6e6cfea090 R08: 0000000000000000 R09: 0000000000000000 [ 1408.651661][T29159] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 1408.651678][T29159] R13: 00007f6e6c416038 R14: 00007f6e6c415fa0 R15: 00007fff19acff28 [ 1408.651716][T29159] [ 1408.889513][T29154] ================================================================== [ 1408.889537][T29154] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 1408.889682][T29154] Write of size 8 at addr ffffc900048b13c0 by task syz.0.3458/29154 [ 1408.889708][T29154] [ 1408.889726][T29154] CPU: 1 UID: 0 PID: 29154 Comm: syz.0.3458 Tainted: G L syzkaller #0 PREEMPT(full) [ 1408.889769][T29154] Tainted: [L]=SOFTLOCKUP [ 1408.889781][T29154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1408.889799][T29154] Call Trace: [ 1408.889809][T29154] [ 1408.889821][T29154] dump_stack_lvl+0x100/0x190 [ 1408.889870][T29154] print_report+0x13d/0x4b0 [ 1408.889909][T29154] ? _raw_spin_lock_irqsave+0x52/0x60 [ 1408.889951][T29154] ? sys_imageblit+0x19fb/0x1d60 [ 1408.889986][T29154] kasan_report+0xdf/0x1d0 [ 1408.890021][T29154] ? sys_imageblit+0x19fb/0x1d60 [ 1408.890062][T29154] sys_imageblit+0x19fb/0x1d60 [ 1408.890111][T29154] ? __pfx_sys_imageblit+0x10/0x10 [ 1408.890154][T29154] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 1408.890276][T29154] soft_cursor+0x524/0xa10 [ 1408.890313][T29154] bit_cursor+0xca1/0x1490 [ 1408.890347][T29154] ? __pfx_bit_cursor+0x10/0x10 [ 1408.890391][T29154] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1408.890432][T29154] ? get_color+0x1da/0x450 [ 1408.890473][T29154] ? __pfx_bit_cursor+0x10/0x10 [ 1408.890501][T29154] fbcon_cursor+0x43c/0x5e0 [ 1408.890543][T29154] ? __pfx_mark_held_locks+0x10/0x10 [ 1408.890590][T29154] hide_cursor+0x87/0x230 [ 1408.890658][T29154] do_con_write+0x2270/0x4a10 [ 1408.890722][T29154] ? trace_contention_end+0x122/0x170 [ 1408.890752][T29154] ? __mutex_lock+0x26d/0x1b10 [ 1408.890799][T29154] ? __pfx___mutex_lock+0x10/0x10 [ 1408.890838][T29154] ? do_raw_spin_lock+0x128/0x260 [ 1408.890868][T29154] ? __pfx_do_con_write+0x10/0x10 [ 1408.890910][T29154] con_write+0x23/0xb0 [ 1408.890946][T29154] n_tty_write+0x431/0x11c0 [ 1408.891048][T29154] ? __pfx_n_tty_write+0x10/0x10 [ 1408.891097][T29154] ? trace_kmalloc+0xe3/0x110 [ 1408.891131][T29154] ? __pfx_woken_wake_function+0x10/0x10 [ 1408.891166][T29154] ? rcu_is_watching+0x12/0xc0 [ 1408.891199][T29154] ? file_tty_write.isra.0+0x694/0x890 [ 1408.891235][T29154] ? kfree+0x1dd/0x6c0 [ 1408.891276][T29154] ? __pfx_n_tty_write+0x10/0x10 [ 1408.891320][T29154] file_tty_write.isra.0+0x4d2/0x890 [ 1408.891362][T29154] redirected_tty_write+0xd4/0x120 [ 1408.891398][T29154] vfs_write+0x6ac/0x1070 [ 1408.891431][T29154] ? __pfx_redirected_tty_write+0x10/0x10 [ 1408.891470][T29154] ? __pfx_vfs_write+0x10/0x10 [ 1408.891501][T29154] ? do_futex+0x192/0x350 [ 1408.891531][T29154] ? __pfx_do_sys_openat2+0x10/0x10 [ 1408.891578][T29154] ? __x64_sys_futex+0x34f/0x4d0 [ 1408.891606][T29154] ? __x64_sys_futex+0x358/0x4d0 [ 1408.891637][T29154] ksys_write+0x12a/0x250 [ 1408.891669][T29154] ? __pfx_ksys_write+0x10/0x10 [ 1408.891703][T29154] ? rcu_is_watching+0x12/0xc0 [ 1408.891736][T29154] do_syscall_64+0x115/0x840 [ 1408.891776][T29154] ? clear_bhb_loop+0x40/0x90 [ 1408.891809][T29154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1408.891839][T29154] RIP: 0033:0x7fe57a99ce59 [ 1408.891861][T29154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1408.891891][T29154] RSP: 002b:00007fe57b775028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1408.891920][T29154] RAX: ffffffffffffffda RBX: 00007fe57ac16090 RCX: 00007fe57a99ce59 [ 1408.891940][T29154] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 1408.891958][T29154] RBP: 00007fe57aa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1408.891976][T29154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1408.891994][T29154] R13: 00007fe57ac16128 R14: 00007fe57ac16090 R15: 00007ffe99a18768 [ 1408.892023][T29154] [ 1408.892034][T29154] [ 1408.892042][T29154] The buggy address belongs to a vmalloc virtual mapping [ 1408.892064][T29154] Memory state around the buggy address: [ 1408.892079][T29154] ffffc900048b1280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1408.892109][T29154] ffffc900048b1300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1408.892130][T29154] >ffffc900048b1380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1408.892147][T29154] ^ [ 1408.892164][T29154] ffffc900048b1400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1408.892184][T29154] ffffc900048b1480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1408.892204][T29154] ================================================================== [ 1408.892389][T29154] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1408.892412][T29154] CPU: 1 UID: 0 PID: 29154 Comm: syz.0.3458 Tainted: G L syzkaller #0 PREEMPT(full) [ 1408.892454][T29154] Tainted: [L]=SOFTLOCKUP [ 1408.892465][T29154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1408.892487][T29154] Call Trace: [ 1408.892498][T29154] [ 1408.892510][T29154] dump_stack_lvl+0x100/0x190 [ 1408.892559][T29154] vpanic+0x552/0x970 [ 1408.892586][T29154] ? __pfx_vpanic+0x10/0x10 [ 1408.892615][T29154] ? mark_held_locks+0x40/0x70 [ 1408.892662][T29154] ? sys_imageblit+0x19fb/0x1d60 [ 1408.892697][T29154] panic+0xd1/0xe0 [ 1408.892726][T29154] ? __pfx_panic+0x10/0x10 [ 1408.892752][T29154] ? sys_imageblit+0x19fb/0x1d60 [ 1408.892784][T29154] ? preempt_schedule_common+0x42/0xc0 [ 1408.892824][T29154] check_panic_on_warn.cold+0x19/0x34 [ 1408.892853][T29154] end_report.part.0+0x3a/0x90 [ 1408.892891][T29154] kasan_report.cold+0xe/0x18 [ 1408.892928][T29154] ? sys_imageblit+0x19fb/0x1d60 [ 1408.892965][T29154] sys_imageblit+0x19fb/0x1d60 [ 1408.893007][T29154] ? __pfx_sys_imageblit+0x10/0x10 [ 1408.893049][T29154] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 1408.893104][T29154] soft_cursor+0x524/0xa10 [ 1408.893141][T29154] bit_cursor+0xca1/0x1490 [ 1408.893176][T29154] ? __pfx_bit_cursor+0x10/0x10 [ 1408.893211][T29154] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1408.893253][T29154] ? get_color+0x1da/0x450 [ 1408.893295][T29154] ? __pfx_bit_cursor+0x10/0x10 [ 1408.893321][T29154] fbcon_cursor+0x43c/0x5e0 [ 1408.893362][T29154] ? __pfx_mark_held_locks+0x10/0x10 [ 1408.893406][T29154] hide_cursor+0x87/0x230 [ 1408.893438][T29154] do_con_write+0x2270/0x4a10 [ 1408.893474][T29154] ? trace_contention_end+0x122/0x170 [ 1408.893500][T29154] ? __mutex_lock+0x26d/0x1b10 [ 1408.893545][T29154] ? __pfx___mutex_lock+0x10/0x10 [ 1408.893586][T29154] ? do_raw_spin_lock+0x128/0x260 [ 1408.893617][T29154] ? __pfx_do_con_write+0x10/0x10 [ 1408.893660][T29154] con_write+0x23/0xb0 [ 1408.893692][T29154] n_tty_write+0x431/0x11c0 [ 1408.893743][T29154] ? __pfx_n_tty_write+0x10/0x10 [ 1408.893785][T29154] ? trace_kmalloc+0xe3/0x110 [ 1408.893818][T29154] ? __pfx_woken_wake_function+0x10/0x10 [ 1408.893849][T29154] ? rcu_is_watching+0x12/0xc0 [ 1408.893877][T29154] ? file_tty_write.isra.0+0x694/0x890 [ 1408.893911][T29154] ? kfree+0x1dd/0x6c0 [ 1408.893950][T29154] ? __pfx_n_tty_write+0x10/0x10 [ 1408.893993][T29154] file_tty_write.isra.0+0x4d2/0x890 [ 1408.894034][T29154] redirected_tty_write+0xd4/0x120 [ 1408.894070][T29154] vfs_write+0x6ac/0x1070 [ 1408.894112][T29154] ? __pfx_redirected_tty_write+0x10/0x10 [ 1408.894153][T29154] ? __pfx_vfs_write+0x10/0x10 [ 1408.894184][T29154] ? do_futex+0x192/0x350 [ 1408.894213][T29154] ? __pfx_do_sys_openat2+0x10/0x10 [ 1408.894258][T29154] ? __x64_sys_futex+0x34f/0x4d0 [ 1408.894288][T29154] ? __x64_sys_futex+0x358/0x4d0 [ 1408.894320][T29154] ksys_write+0x12a/0x250 [ 1408.894353][T29154] ? __pfx_ksys_write+0x10/0x10 [ 1408.894387][T29154] ? rcu_is_watching+0x12/0xc0 [ 1408.894421][T29154] do_syscall_64+0x115/0x840 [ 1408.894461][T29154] ? clear_bhb_loop+0x40/0x90 [ 1408.894496][T29154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1408.894526][T29154] RIP: 0033:0x7fe57a99ce59 [ 1408.894550][T29154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1408.894580][T29154] RSP: 002b:00007fe57b775028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1408.894607][T29154] RAX: ffffffffffffffda RBX: 00007fe57ac16090 RCX: 00007fe57a99ce59 [ 1408.894628][T29154] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 1408.894647][T29154] RBP: 00007fe57aa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1408.894666][T29154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1408.894685][T29154] R13: 00007fe57ac16128 R14: 00007fe57ac16090 R15: 00007ffe99a18768 [ 1408.894715][T29154] [ 1408.894990][T29154] Kernel Offset: disabled