last executing test programs: 2.794874272s ago: executing program 3 (id=13188): socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r0, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.466385025s ago: executing program 3 (id=13191): msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0xa) getsockopt$auto(r0, 0x0, 0x30, 0x0, &(0x7f0000000340)=0x20000dbb) 2.074237045s ago: executing program 2 (id=13195): close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x10fa82, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x1, 0x3) munmap$auto(0x8000, 0xffffffff) 2.054963207s ago: executing program 3 (id=13196): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) 1.747777072s ago: executing program 1 (id=13199): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22241, 0x155) socket(0xa, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8) 1.672903165s ago: executing program 3 (id=13201): unshare$auto(0x40000080) ioperm$auto(0x5, 0x1, 0x3) socket(0x29, 0x2, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r0, r1, 0x0, 0x1000200) 1.657751638s ago: executing program 1 (id=13202): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x23, 0x80805, 0x0) inotify_init1$auto(0x3000000000000) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@ethernet={0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1cc5087217524dd0}}, 0x6a) close_range$auto(0x2, 0x8, 0x0) 1.524592629s ago: executing program 2 (id=13206): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/memory/auto_online_blocks\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x80) write$auto(r0, 0x0, 0x9) 1.465524181s ago: executing program 1 (id=13207): msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0xa) getsockopt$auto(r0, 0x0, 0x30, 0x0, &(0x7f0000000340)=0x20000dbb) 1.42547431s ago: executing program 0 (id=13208): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0x40000004, 0x2, 0x6}]}) 1.357093558s ago: executing program 3 (id=13209): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) r1 = socket(0xa, 0x1, 0x84) setsockopt$auto(r1, 0x0, 0x40, 0x0, 0x6f7250c4) 1.239089598s ago: executing program 1 (id=13210): mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) statmount$auto(&(0x7f0000000000)={0x7e, @raw=0x400, 0x80000024, 0x7fff, 0x4}, 0x0, 0x7ffffffff001, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0xa, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) 1.238991022s ago: executing program 2 (id=13211): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) stat$auto(&(0x7f0000000040)='./file0\x00', 0x0) 1.091746062s ago: executing program 0 (id=13212): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) bpf$auto(0x8, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x0, 0x10013, 0x800020010080c, 0x2, 0x5f, 0x20000000000803, 0x2000000000000003}, 0x6f0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.016684183s ago: executing program 0 (id=13213): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(r0, 0x0, 0x2000000) 933.281736ms ago: executing program 0 (id=13214): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) sendto$auto(0x3, 0x0, 0xffeb, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e22, @multicast2}, 0x19) 920.581108ms ago: executing program 1 (id=13215): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) ioctl$auto_BLKPBSZGET(r0, 0x127b, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) 792.620054ms ago: executing program 2 (id=13216): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0xa5c, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x1487}, 0x1fe, 0xd) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe85, &(0x7f0000000200)={0x0, 0xffe7}}, 0x881) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1300"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 602.700468ms ago: executing program 0 (id=13217): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) r0 = socket(0x22, 0x2, 0x1) getsockopt$auto_SO_BSDCOMPAT(r0, 0xffe4, 0xe, &(0x7f0000000040)='/dev/iommu\x00', &(0x7f0000000080)=0x10001) fstat$auto(r0, 0x0) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$auto(r1, 0x3b87, 0x38) 337.204534ms ago: executing program 0 (id=13218): unshare$auto(0x40000080) ioperm$auto(0x5, 0x1, 0x3) socket(0x29, 0x2, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r0, r1, 0x0, 0x1000200) 337.136351ms ago: executing program 2 (id=13219): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0x40000073, 0x2, 0x6}]}) 337.060992ms ago: executing program 3 (id=13220): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) write$auto(0x1, 0x0, 0x80000000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x24008090}, 0x24044805) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x80000002, 0x1d, 0x3000, 0xfffffff8, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x6, 0x29c, 0x1, 0x7f, 0x0, 0x6, 0x1}, {0x10100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) socket(0xa, 0x1, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x80000000) close_range$auto(0x2, 0x8, 0x0) 41.861264ms ago: executing program 2 (id=13221): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 0s ago: executing program 1 (id=13222): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(0x0, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0xb1, 0xf3, 0xb0, @raw=0xfffff024}}) write$auto(r0, 0x0, 0x6) kernel console output (not intermixed with test programs): 12][ T543] ? __pfx___kthread_create_on_node+0x10/0x10 [ 907.555164][ T543] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 907.555196][ T543] kthread_create_on_node+0xc7/0x100 [ 907.555234][ T543] ? __pfx_kthread_create_on_node+0x10/0x10 [ 907.555272][ T543] ? lockdep_hardirqs_on+0x78/0x100 [ 907.555313][ T543] ? find_held_lock+0x2b/0x80 [ 907.555340][ T543] ? tomoyo_notify_gc+0xc6/0x480 [ 907.555382][ T543] tomoyo_notify_gc+0x102/0x480 [ 907.555413][ T543] ? ima_iint_find+0xe9/0x130 [ 907.555454][ T543] ? __pfx_tomoyo_release+0x10/0x10 [ 907.555492][ T543] tomoyo_release+0x31/0x40 [ 907.555528][ T543] __fput+0x3ff/0xb40 [ 907.555568][ T543] task_work_run+0x150/0x240 [ 907.555610][ T543] ? __pfx_task_work_run+0x10/0x10 [ 907.555661][ T543] exit_to_user_mode_loop+0x100/0x4a0 [ 907.555704][ T543] do_syscall_64+0x668/0xf80 [ 907.555742][ T543] ? clear_bhb_loop+0x40/0x90 [ 907.555778][ T543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.555805][ T543] RIP: 0033:0x7f9edf99c799 [ 907.555828][ T543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 907.555855][ T543] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 907.555884][ T543] RAX: 0000000000000000 RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 907.555904][ T543] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 907.555922][ T543] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 907.555940][ T543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 907.555966][ T543] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 907.556006][ T543] [ 907.971964][ T543] Process accounting resumed [ 908.587368][ T564] binder: 563:564 ioctl c0306201 2000000000c0 returned -14 [ 909.245649][ T582] netlink: 'syz.2.11160': attribute type 4 has an invalid length. [ 909.873099][ T606] netlink: 342 bytes leftover after parsing attributes in process `syz.0.11171'. [ 910.012447][ T613] FAULT_INJECTION: forcing a failure. [ 910.012447][ T613] name failslab, interval 1, probability 0, space 0, times 0 [ 910.062922][ T613] CPU: 1 UID: 0 PID: 613 Comm: syz.2.11173 Tainted: G L syzkaller #0 PREEMPT(full) [ 910.062970][ T613] Tainted: [L]=SOFTLOCKUP [ 910.062982][ T613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 910.063000][ T613] Call Trace: [ 910.063011][ T613] [ 910.063022][ T613] dump_stack_lvl+0x100/0x190 [ 910.063072][ T613] should_fail_ex.cold+0x5/0xa [ 910.063107][ T613] should_failslab+0xc2/0x120 [ 910.063147][ T613] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 910.063194][ T613] ? kvasprintf_const+0x66/0x1a0 [ 910.063297][ T613] ? do_raw_spin_lock+0x128/0x260 [ 910.063346][ T613] kvasprintf+0xbc/0x150 [ 910.063380][ T613] ? __pfx_kvasprintf+0x10/0x10 [ 910.063418][ T613] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 910.063457][ T613] ? __debug_object_init+0x2de/0x3d0 [ 910.063492][ T613] kvasprintf_const+0x66/0x1a0 [ 910.063529][ T613] kobject_set_name_vargs+0x5a/0x140 [ 910.063562][ T613] dev_set_name+0xc7/0x100 [ 910.063602][ T613] ? __pfx_dev_set_name+0x10/0x10 [ 910.063637][ T613] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 910.063688][ T613] ? lockdep_init_map_type+0x5c/0x250 [ 910.063726][ T613] ? __init_waitqueue_head+0xca/0x150 [ 910.063777][ T613] wakeup_source_device_create+0x204/0x2e0 [ 910.063852][ T613] wakeup_source_sysfs_add+0x1c/0x90 [ 910.063886][ T613] wakeup_source_register+0x154/0x3e0 [ 910.063959][ T613] ep_create_wakeup_source+0x1df/0x2e0 [ 910.064009][ T613] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 910.064061][ T613] ? do_epoll_ctl+0x1012/0x36a0 [ 910.064090][ T613] ? do_epoll_ctl+0x1012/0x36a0 [ 910.064136][ T613] do_epoll_ctl+0x1eee/0x36a0 [ 910.064183][ T613] ? __pfx_do_epoll_ctl+0x10/0x10 [ 910.064213][ T613] ? find_held_lock+0x2b/0x80 [ 910.064241][ T613] ? __might_fault+0xc5/0x140 [ 910.064280][ T613] ? __might_fault+0xc5/0x140 [ 910.064332][ T613] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 910.064360][ T613] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 910.064393][ T613] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 910.064434][ T613] do_syscall_64+0x106/0xf80 [ 910.064472][ T613] ? clear_bhb_loop+0x40/0x90 [ 910.064509][ T613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.064540][ T613] RIP: 0033:0x7f48f779c799 [ 910.064565][ T613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 910.064592][ T613] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 910.064618][ T613] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 910.064636][ T613] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 910.064652][ T613] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 910.064669][ T613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 910.064685][ T613] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 910.064722][ T613] [ 910.359894][ T615] netlink: 'syz.1.11175': attribute type 21 has an invalid length. [ 910.367848][ T615] netlink: 334 bytes leftover after parsing attributes in process `syz.1.11175'. [ 912.589897][ T674] futex_wake_op: syz.3.11195 tries to shift op by -2048; fix this program [ 912.623573][ T674] futex_wake_op: syz.3.11195 tries to shift op by -2048; fix this program [ 913.579502][ T705] netlink: 25 bytes leftover after parsing attributes in process `syz.2.11207'. [ 916.839315][ T769] bond0: option all_slaves_active: invalid value (7) [ 918.190910][ T807] netlink: 302 bytes leftover after parsing attributes in process `syz.3.11245'. [ 918.491044][ T816] netlink: 334 bytes leftover after parsing attributes in process `syz.3.11248'. [ 919.221997][ T849] ERROR: Out of memory at tomoyo_memory_ok. [ 919.245926][ T849] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/2843/file0' not defined. [ 919.924178][ T874] netlink: 338 bytes leftover after parsing attributes in process `syz.1.11270'. [ 922.378361][ T932] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11287'. [ 923.209361][ T958] zswap: compressor not available [ 923.399639][ T975] netlink: 326 bytes leftover after parsing attributes in process `syz.3.11298'. [ 923.625166][ T981] netlink: 322 bytes leftover after parsing attributes in process `syz.2.11300'. [ 925.122496][ T1023] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 925.131136][ T1023] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 925.137824][ T1023] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 925.144198][ T1023] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 925.564904][ T1084] tc_dump_action: action bad kind [ 925.925380][ T1094] netlink: 146 bytes leftover after parsing attributes in process `syz.1.11327'. [ 926.547133][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 926.953605][ T1127] netlink: 'syz.3.11340': attribute type 4 has an invalid length. [ 927.039980][ T1131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11342'. [ 927.063886][ T1131] netlink: 5 bytes leftover after parsing attributes in process `syz.2.11342'. [ 927.078838][ T1131] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11342'. [ 927.187594][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 927.193664][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 927.199723][T19646] Bluetooth: hci3: command 0x0c1a tx timeout [ 927.438185][ T1155] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11351'. [ 927.544180][ T1161] phram: not enough arguments [ 927.773480][ T1170] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 928.038325][ T1176] ubi0: attaching mtd0 [ 928.044435][ T1176] ubi0: scanning is finished [ 928.055531][ T1176] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 928.176545][ T1176] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 928.476392][ T1193] netlink: 'syz.1.11366': attribute type 4 has an invalid length. [ 928.484273][ T1193] netlink: 314 bytes leftover after parsing attributes in process `syz.1.11366'. [ 928.579904][ T1199] netlink: 'syz.3.11368': attribute type 33 has an invalid length. [ 928.614563][ T1199] netlink: 322 bytes leftover after parsing attributes in process `syz.3.11368'. [ 928.638204][ T1199] netlink: 'syz.3.11368': attribute type 33 has an invalid length. [ 928.655473][ T1199] netlink: 322 bytes leftover after parsing attributes in process `syz.3.11368'. [ 929.365476][ T1225] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11379'. [ 929.381822][ T1225] netlink: 'syz.2.11379': attribute type 7 has an invalid length. [ 929.499659][ T1230] FAULT_INJECTION: forcing a failure. [ 929.499659][ T1230] name fail_futex, interval 1, probability 0, space 0, times 0 [ 929.543345][ T1230] CPU: 0 UID: 0 PID: 1230 Comm: syz.2.11380 Tainted: G L syzkaller #0 PREEMPT(full) [ 929.543393][ T1230] Tainted: [L]=SOFTLOCKUP [ 929.543404][ T1230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 929.543421][ T1230] Call Trace: [ 929.543432][ T1230] [ 929.543443][ T1230] dump_stack_lvl+0x100/0x190 [ 929.543493][ T1230] should_fail_ex.cold+0x5/0xa [ 929.543527][ T1230] get_futex_key+0x1d2/0x1620 [ 929.543567][ T1230] ? __pfx_get_futex_key+0x10/0x10 [ 929.543613][ T1230] futex_wake+0xea/0x530 [ 929.543657][ T1230] ? __pfx_futex_wake+0x10/0x10 [ 929.543703][ T1230] ? putname+0xb1/0x110 [ 929.543732][ T1230] ? kmem_cache_free+0x124/0x6a0 [ 929.543777][ T1230] do_futex+0x32b/0x350 [ 929.543814][ T1230] ? __pfx_do_futex+0x10/0x10 [ 929.543847][ T1230] ? __pfx_do_sys_openat2+0x10/0x10 [ 929.543887][ T1230] ? __fget_files+0x21f/0x3d0 [ 929.543919][ T1230] __x64_sys_futex+0x34f/0x4d0 [ 929.543957][ T1230] ? __x64_sys_openat+0x12d/0x210 [ 929.543995][ T1230] ? __pfx___x64_sys_futex+0x10/0x10 [ 929.544045][ T1230] do_syscall_64+0x106/0xf80 [ 929.544084][ T1230] ? clear_bhb_loop+0x40/0x90 [ 929.544129][ T1230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.544159][ T1230] RIP: 0033:0x7f48f779c799 [ 929.544184][ T1230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 929.544213][ T1230] RSP: 002b:00007f48f86640e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 929.544241][ T1230] RAX: ffffffffffffffda RBX: 00007f48f7a15fa8 RCX: 00007f48f779c799 [ 929.544260][ T1230] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f48f7a15fac [ 929.544279][ T1230] RBP: 00007f48f7a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 929.544298][ T1230] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 929.544315][ T1230] R13: 00007f48f7a16038 R14: 00007fffbe1535f0 R15: 00007fffbe1536d8 [ 929.544354][ T1230] [ 929.557120][ T1231] netlink: 334 bytes leftover after parsing attributes in process `syz.3.11381'. [ 929.934950][ T1243] kvm: kvm [1242]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 930.545749][ T1263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11394'. [ 930.556214][ T1263] netlink: 13 bytes leftover after parsing attributes in process `syz.1.11394'. [ 930.696965][ T1265] ima: policy update failed [ 930.712537][ T29] audit: type=1802 audit(4294968043.347:54): pid=1265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.11396" res=0 errno=0 [ 930.989625][ T1275] netlink: 146 bytes leftover after parsing attributes in process `syz.0.11400'. [ 931.171802][ T1286] page: refcount:7 mapcount:6 mapping:0000000000000000 index:0x7ff4ddbea pfn:0x78000 [ 931.224726][ T1286] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 931.235717][ T1286] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 931.244351][ T1286] raw: 00000007ff4ddbea 0000000000000000 0000000700000005 0000000000000000 [ 931.257244][ T1286] page dumped because: unmovable page [ 931.262652][ T1286] page_owner tracks the page as allocated [ 931.280938][ T5175] ERROR: Out of memory at tomoyo_memory_ok. [ 931.312009][ T1286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 71006815202, free_ts 70806914512 [ 931.343634][ T1286] post_alloc_hook+0x153/0x170 [ 931.349599][ T1286] get_page_from_freelist+0x111d/0x3140 [ 931.356555][ T1286] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 931.362502][ T1286] alloc_pages_mpol+0x1fb/0x550 [ 931.369469][ T1286] alloc_pages_noprof+0x131/0x390 [ 931.375084][ T1286] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 931.382987][ T1292] netlink: 342 bytes leftover after parsing attributes in process `syz.0.11404'. [ 931.392805][ T1286] vmalloc_user_noprof+0x9e/0xe0 [ 931.421200][ T1294] netlink: 330 bytes leftover after parsing attributes in process `syz.2.11406'. [ 931.422558][ T1286] kcov_ioctl+0x4c/0x720 [ 931.454719][ T1286] __x64_sys_ioctl+0x18e/0x210 [ 931.459537][ T1286] do_syscall_64+0x106/0xf80 [ 931.464171][ T1286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.481427][ T1286] page last free pid 5810 tgid 5810 stack trace: [ 931.492940][ T1286] free_unref_folios+0xaea/0x1790 [ 931.498762][ T1286] folios_put_refs+0x53c/0x840 [ 931.503809][ T1286] free_pages_and_swap_cache+0x242/0x480 [ 931.512473][ T1286] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 931.518922][ T1286] tlb_finish_mmu+0x1b0/0x810 [ 931.525388][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.531772][ T1286] unmap_region+0x2d9/0x3b0 [ 931.536765][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.544704][ T1286] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 931.550318][ T1286] do_vmi_align_munmap+0x44f/0x5f0 [ 931.563485][ T1286] do_vmi_munmap+0x1f8/0x3e0 [ 931.577550][ T1286] __vm_munmap+0x196/0x390 [ 931.614902][ T1286] __x64_sys_munmap+0x59/0x80 [ 931.619625][ T1286] do_syscall_64+0x106/0xf80 [ 931.624248][ T1286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 932.376954][ T1324] netlink: 'syz.2.11416': attribute type 4 has an invalid length. [ 933.006709][ T29] audit: type=1800 audit(4294968045.647:55): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.11423" name="dbroot" dev="configfs" ino=100598 res=0 errno=0 [ 933.017495][ T1339] db_root: cannot open: 0 [ 933.195808][ T1353] netlink: 'syz.2.11427': attribute type 27 has an invalid length. [ 934.697166][ T1384] __nla_validate_parse: 3 callbacks suppressed [ 934.697189][ T1384] netlink: 334 bytes leftover after parsing attributes in process `syz.1.11438'. [ 934.826298][ T1390] netlink: 'syz.0.11441': attribute type 16 has an invalid length. [ 934.838760][ T1390] netlink: 306 bytes leftover after parsing attributes in process `syz.0.11441'. [ 935.630399][ T1407] Process accounting paused [ 935.790057][ T1413] netlink: 'syz.1.11449': attribute type 27 has an invalid length. [ 935.828204][ T1413] netlink: 334 bytes leftover after parsing attributes in process `syz.1.11449'. [ 936.922609][ T1442] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11461'. [ 938.025579][ T1475] Process accounting paused [ 938.087513][ T1480] sg_write: data in/out 81/90 bytes for SCSI command 0x0-- guessing data in; [ 938.087513][ T1480] program syz.1.11477 not setting count and/or reply_len properly [ 938.347343][ T1484] netlink: 334 bytes leftover after parsing attributes in process `syz.3.11478'. [ 938.905713][ T1507] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11487'. [ 939.552118][ T1532] netlink: 21 bytes leftover after parsing attributes in process `syz.1.11497'. [ 939.982368][ T1554] netlink: 'syz.2.11506': attribute type 19 has an invalid length. [ 939.990527][ T1554] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11506'. [ 940.175335][ T1563] FAULT_INJECTION: forcing a failure. [ 940.175335][ T1563] name failslab, interval 1, probability 0, space 0, times 0 [ 940.204686][ T1563] CPU: 1 UID: 0 PID: 1563 Comm: syz.1.11510 Tainted: G L syzkaller #0 PREEMPT(full) [ 940.204734][ T1563] Tainted: [L]=SOFTLOCKUP [ 940.204745][ T1563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 940.204763][ T1563] Call Trace: [ 940.204773][ T1563] [ 940.204785][ T1563] dump_stack_lvl+0x100/0x190 [ 940.204833][ T1563] should_fail_ex.cold+0x5/0xa [ 940.204869][ T1563] should_failslab+0xc2/0x120 [ 940.204902][ T1563] __kmalloc_cache_noprof+0x7a/0x6f0 [ 940.204948][ T1563] ? proc_tcp_available_congestion_control+0xc9/0x180 [ 940.205073][ T1563] proc_tcp_available_congestion_control+0xc9/0x180 [ 940.205112][ T1563] ? __pfx_proc_tcp_available_congestion_control+0x10/0x10 [ 940.205153][ T1563] ? __kvmalloc_node_noprof+0x37b/0xa00 [ 940.205198][ T1563] ? proc_sys_call_handler+0x2c7/0x5a0 [ 940.205254][ T1563] proc_sys_call_handler+0x327/0x5a0 [ 940.205301][ T1563] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 940.205349][ T1563] ? rw_verify_area+0xce/0x6d0 [ 940.205388][ T1563] ? __pfx_proc_sys_read+0x10/0x10 [ 940.205433][ T1563] vfs_read+0x825/0xb30 [ 940.205480][ T1563] ? __pfx_vfs_read+0x10/0x10 [ 940.205548][ T1563] ksys_read+0x12a/0x250 [ 940.205574][ T1563] ? __pfx_ksys_read+0x10/0x10 [ 940.205612][ T1563] do_syscall_64+0x106/0xf80 [ 940.205651][ T1563] ? clear_bhb_loop+0x40/0x90 [ 940.205686][ T1563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.205716][ T1563] RIP: 0033:0x7f9edf99c799 [ 940.205740][ T1563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 940.205770][ T1563] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 940.205798][ T1563] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 940.205818][ T1563] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 940.205835][ T1563] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 940.205854][ T1563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.205871][ T1563] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 940.205912][ T1563] [ 940.510042][ T1569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 940.523669][ T1569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 941.460026][ T1591] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11518'. [ 942.576780][ T1612] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11527'. [ 943.162776][ T1635] : renamed from team0 (while UP) [ 943.331762][ T1645] netlink: 146 bytes leftover after parsing attributes in process `syz.1.11540'. [ 946.007908][ T1726] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11569'. [ 948.191205][ T1792] FAULT_INJECTION: forcing a failure. [ 948.191205][ T1792] name failslab, interval 1, probability 0, space 0, times 0 [ 948.263720][ T1792] CPU: 0 UID: 0 PID: 1792 Comm: syz.2.11586 Tainted: G L syzkaller #0 PREEMPT(full) [ 948.263771][ T1792] Tainted: [L]=SOFTLOCKUP [ 948.263782][ T1792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 948.263800][ T1792] Call Trace: [ 948.263811][ T1792] [ 948.263823][ T1792] dump_stack_lvl+0x100/0x190 [ 948.263873][ T1792] should_fail_ex.cold+0x5/0xa [ 948.263908][ T1792] should_failslab+0xc2/0x120 [ 948.263946][ T1792] __kmalloc_cache_noprof+0x7a/0x6f0 [ 948.263983][ T1792] ? nci_hci_allocate+0x45/0x330 [ 948.264020][ T1792] ? mutex_init_lockep+0x110/0x150 [ 948.264069][ T1792] nci_hci_allocate+0x45/0x330 [ 948.264117][ T1792] nci_allocate_device+0x26f/0x410 [ 948.264152][ T1792] virtual_ncidev_open+0x6f/0x220 [ 948.264192][ T1792] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 948.264229][ T1792] misc_open+0x26d/0x450 [ 948.264263][ T1792] ? __pfx_misc_open+0x10/0x10 [ 948.264294][ T1792] chrdev_open+0x234/0x6a0 [ 948.264323][ T1792] ? __pfx_apparmor_file_open+0x10/0x10 [ 948.264352][ T1792] ? __pfx_chrdev_open+0x10/0x10 [ 948.264385][ T1792] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 948.264424][ T1792] do_dentry_open+0x6d8/0x1660 [ 948.264454][ T1792] ? __pfx_chrdev_open+0x10/0x10 [ 948.264497][ T1792] vfs_open+0x82/0x3f0 [ 948.264538][ T1792] path_openat+0x208c/0x31a0 [ 948.264579][ T1792] ? __pfx_path_openat+0x10/0x10 [ 948.264619][ T1792] do_file_open+0x20e/0x430 [ 948.264649][ T1792] ? __pfx_do_file_open+0x10/0x10 [ 948.264705][ T1792] ? alloc_fd+0x476/0x790 [ 948.264738][ T1792] ? do_getname+0x191/0x390 [ 948.264777][ T1792] do_sys_openat2+0x10d/0x1e0 [ 948.264815][ T1792] ? __pfx_do_sys_openat2+0x10/0x10 [ 948.264865][ T1792] __x64_sys_openat+0x12d/0x210 [ 948.264908][ T1792] ? __pfx___x64_sys_openat+0x10/0x10 [ 948.264961][ T1792] do_syscall_64+0x106/0xf80 [ 948.265001][ T1792] ? clear_bhb_loop+0x40/0x90 [ 948.265036][ T1792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 948.265066][ T1792] RIP: 0033:0x7f48f779c799 [ 948.265104][ T1792] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 948.265134][ T1792] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 948.265162][ T1792] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 948.265184][ T1792] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 948.265207][ T1792] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 948.265225][ T1792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 948.265247][ T1792] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 948.265286][ T1792] [ 948.619491][ T1795] netlink: 334 bytes leftover after parsing attributes in process `syz.3.11588'. [ 949.705808][ T1828] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 950.345987][ T1858] netlink: 342 bytes leftover after parsing attributes in process `syz.1.11615'. [ 950.391092][ T1858] IPv6: NLM_F_CREATE should be specified when creating new route [ 950.400695][ T1858] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 950.408412][ T1858] IPv6: NLM_F_CREATE should be set when creating new route [ 950.415701][ T1858] IPv6: NLM_F_CREATE should be set when creating new route [ 950.448583][ T1858] netlink: 342 bytes leftover after parsing attributes in process `syz.1.11615'. [ 950.464239][ T1858] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 950.512223][ T1862] netlink: 'syz.3.11616': attribute type 29 has an invalid length. [ 950.566138][ T1862] netlink: 334 bytes leftover after parsing attributes in process `syz.3.11616'. [ 951.474866][ T1900] FAULT_INJECTION: forcing a failure. [ 951.474866][ T1900] name failslab, interval 1, probability 0, space 0, times 0 [ 951.529059][ T1900] CPU: 1 UID: 0 PID: 1900 Comm: syz.0.11633 Tainted: G L syzkaller #0 PREEMPT(full) [ 951.529108][ T1900] Tainted: [L]=SOFTLOCKUP [ 951.529120][ T1900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 951.529137][ T1900] Call Trace: [ 951.529148][ T1900] [ 951.529159][ T1900] dump_stack_lvl+0x100/0x190 [ 951.529210][ T1900] should_fail_ex.cold+0x5/0xa [ 951.529244][ T1900] should_failslab+0xc2/0x120 [ 951.529277][ T1900] __kmalloc_cache_noprof+0x7a/0x6f0 [ 951.529315][ T1900] ? kvm_dev_ioctl+0xa8d/0x1a50 [ 951.529383][ T1900] kvm_dev_ioctl+0xa8d/0x1a50 [ 951.529423][ T1900] ? find_held_lock+0x2b/0x80 [ 951.529451][ T1900] ? __fget_files+0x215/0x3d0 [ 951.529477][ T1900] ? hook_file_ioctl_common+0x146/0x410 [ 951.529513][ T1900] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 951.529549][ T1900] ? __fget_files+0x21f/0x3d0 [ 951.529583][ T1900] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 951.529618][ T1900] __x64_sys_ioctl+0x18e/0x210 [ 951.529662][ T1900] do_syscall_64+0x106/0xf80 [ 951.529702][ T1900] ? clear_bhb_loop+0x40/0x90 [ 951.529737][ T1900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 951.529774][ T1900] RIP: 0033:0x7fba4679c799 [ 951.529799][ T1900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 951.529830][ T1900] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 951.529859][ T1900] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 951.529880][ T1900] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005 [ 951.529899][ T1900] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 951.529919][ T1900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 951.529937][ T1900] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 951.529977][ T1900] [ 952.825998][ T1944] netlink: 350 bytes leftover after parsing attributes in process `syz.3.11650'. [ 954.103925][ T1978] netlink: 'syz.1.11662': attribute type 29 has an invalid length. [ 954.121445][ T1978] netlink: 334 bytes leftover after parsing attributes in process `syz.1.11662'. [ 954.161832][ T1980] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11661'. [ 955.020205][ T2009] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 957.206031][ T2072] netlink: 'syz.2.11686': attribute type 19 has an invalid length. [ 957.213998][ T2072] netlink: 334 bytes leftover after parsing attributes in process `syz.2.11686'. [ 957.292989][ T2078] netlink: 350 bytes leftover after parsing attributes in process `syz.0.11689'. [ 959.111627][ T2114] zswap: compressor not available [ 959.703965][ T2121] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 961.508279][ T2169] netlink: 146 bytes leftover after parsing attributes in process `syz.0.11726'. [ 962.139931][ T2195] snd_virmidi snd_virmidi.0: control 1:-5:4194312:1Յ:0 is already present [ 963.147854][ T2218] netlink: 342 bytes leftover after parsing attributes in process `syz.2.11744'. [ 963.259897][ T2222] netlink: 'syz.2.11745': attribute type 4 has an invalid length. [ 963.267883][ T2222] netlink: 314 bytes leftover after parsing attributes in process `syz.2.11745'. [ 963.500370][ T2233] netlink: 'syz.3.11757': attribute type 4 has an invalid length. [ 963.525131][ T2233] netlink: 314 bytes leftover after parsing attributes in process `syz.3.11757'. [ 963.618538][ T2236] netlink: 342 bytes leftover after parsing attributes in process `syz.2.11750'. [ 964.358811][ T2256] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 964.690881][ T2267] zswap: compressor not available [ 965.034014][ T2284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11769'. [ 965.052912][ T2284] netlink: 5 bytes leftover after parsing attributes in process `syz.3.11769'. [ 965.062724][ T2284] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11769'. [ 965.410901][ T2303] ubi0: attaching mtd0 [ 965.422770][ T2303] ubi0: scanning is finished [ 965.431583][ T2303] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 965.586608][ T2307] netlink: 'syz.1.11776': attribute type 33 has an invalid length. [ 965.613294][ T2307] netlink: 322 bytes leftover after parsing attributes in process `syz.1.11776'. [ 965.635069][ T2307] netlink: 'syz.1.11776': attribute type 33 has an invalid length. [ 965.643008][ T2307] netlink: 322 bytes leftover after parsing attributes in process `syz.1.11776'. [ 965.658274][ T2303] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 966.685645][ T2317] zswap: compressor not available [ 966.686964][ T2289] Process accounting resumed [ 967.583164][ T2350] zswap: compressor not available [ 968.016936][ T2373] ubi0: attaching mtd0 [ 968.023138][ T2373] ubi0: scanning is finished [ 968.030342][ T2373] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 968.097781][ T2369] Process accounting resumed [ 968.235935][ T2373] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 968.448266][ T2389] netlink: 342 bytes leftover after parsing attributes in process `syz.3.11806'. [ 968.483261][ T2385] zswap: compressor not available [ 969.634668][ T2434] netlink: 330 bytes leftover after parsing attributes in process `syz.1.11818'. [ 970.178183][ T2456] page: refcount:7 mapcount:6 mapping:0000000000000000 index:0x7ff4ddbea pfn:0x78000 [ 970.214467][ T2456] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 970.240967][ T2456] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 970.251629][ T2456] raw: 00000007ff4ddbea 0000000000000000 0000000700000005 0000000000000000 [ 970.265971][ T2456] page dumped because: unmovable page [ 970.271371][ T2456] page_owner tracks the page as allocated [ 970.286742][ T2456] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 71006815202, free_ts 70806914512 [ 970.368428][ T2456] post_alloc_hook+0x153/0x170 [ 970.373267][ T2456] get_page_from_freelist+0x111d/0x3140 [ 970.394686][ T2456] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 970.400662][ T2456] alloc_pages_mpol+0x1fb/0x550 [ 970.424486][ T2456] alloc_pages_noprof+0x131/0x390 [ 970.429777][ T2456] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 970.444685][ T2456] vmalloc_user_noprof+0x9e/0xe0 [ 970.449695][ T2456] kcov_ioctl+0x4c/0x720 [ 970.453957][ T2456] __x64_sys_ioctl+0x18e/0x210 [ 970.464832][ T2456] do_syscall_64+0x106/0xf80 [ 970.469477][ T2456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 970.485127][ T2456] page last free pid 5810 tgid 5810 stack trace: [ 970.498852][ T2456] free_unref_folios+0xaea/0x1790 [ 970.508402][ T2456] folios_put_refs+0x53c/0x840 [ 970.520062][ T2456] free_pages_and_swap_cache+0x242/0x480 [ 970.534757][ T2456] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 970.540934][ T2456] tlb_finish_mmu+0x1b0/0x810 [ 970.560073][ T2456] unmap_region+0x2d9/0x3b0 [ 970.569345][ T2456] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 970.584756][ T2456] do_vmi_align_munmap+0x44f/0x5f0 [ 970.590022][ T2456] do_vmi_munmap+0x1f8/0x3e0 [ 970.597220][ T2456] __vm_munmap+0x196/0x390 [ 970.609094][ T2456] __x64_sys_munmap+0x59/0x80 [ 970.626036][ T2456] do_syscall_64+0x106/0xf80 [ 970.630752][ T2456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 971.482690][ T2490] kvm: kvm [2489]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 971.816531][ T2502] page: refcount:7 mapcount:6 mapping:0000000000000000 index:0x7ff4ddbea pfn:0x78000 [ 971.851407][ T2502] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 971.882224][ T2502] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 971.891292][ T2502] raw: 00000007ff4ddbea 0000000000000000 0000000700000005 0000000000000000 [ 971.902239][ T2502] page dumped because: unmovable page [ 971.915522][ T2502] page_owner tracks the page as allocated [ 971.930565][ T2502] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 71006815202, free_ts 70806914512 [ 971.997419][ T2502] post_alloc_hook+0x153/0x170 [ 972.012466][ T2502] get_page_from_freelist+0x111d/0x3140 [ 972.040567][ T2507] zswap: compressor not available [ 972.042382][ T2502] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 972.051994][ T2502] alloc_pages_mpol+0x1fb/0x550 [ 972.057062][ T2502] alloc_pages_noprof+0x131/0x390 [ 972.062658][ T2502] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 972.069842][ T2502] vmalloc_user_noprof+0x9e/0xe0 [ 972.085895][ T2502] kcov_ioctl+0x4c/0x720 [ 972.090305][ T2502] __x64_sys_ioctl+0x18e/0x210 [ 972.095540][ T2502] do_syscall_64+0x106/0xf80 [ 972.100226][ T2502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.106680][ T2502] page last free pid 5810 tgid 5810 stack trace: [ 972.113108][ T2502] free_unref_folios+0xaea/0x1790 [ 972.119785][ T2502] folios_put_refs+0x53c/0x840 [ 972.124890][ T2502] free_pages_and_swap_cache+0x242/0x480 [ 972.131664][ T2502] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 972.138127][ T2502] tlb_finish_mmu+0x1b0/0x810 [ 972.143001][ T2502] unmap_region+0x2d9/0x3b0 [ 972.147963][ T2502] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 972.153717][ T2502] do_vmi_align_munmap+0x44f/0x5f0 [ 972.159333][ T2502] do_vmi_munmap+0x1f8/0x3e0 [ 972.164111][ T2502] __vm_munmap+0x196/0x390 [ 972.169450][ T2502] __x64_sys_munmap+0x59/0x80 [ 972.174326][ T2502] do_syscall_64+0x106/0xf80 [ 972.179343][ T2502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.483165][ T2529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11847'. [ 972.520124][ T2529] netlink: 13 bytes leftover after parsing attributes in process `syz.2.11847'. [ 972.706658][ T2539] kvm: kvm [2537]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 973.019314][ T2562] page: refcount:7 mapcount:6 mapping:0000000000000000 index:0x7ff4ddbea pfn:0x78000 [ 973.058963][ T2562] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 973.092922][ T2562] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 973.103262][ T2562] raw: 00000007ff4ddbea 0000000000000000 0000000700000005 0000000000000000 [ 973.106090][ T2555] zswap: compressor not available [ 973.113150][ T2562] page dumped because: unmovable page [ 973.124011][ T2562] page_owner tracks the page as allocated [ 973.132493][ T2562] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 71006815202, free_ts 70806914512 [ 973.152989][ T2562] post_alloc_hook+0x153/0x170 [ 973.159112][ T2562] get_page_from_freelist+0x111d/0x3140 [ 973.165171][ T2562] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 973.171112][ T2562] alloc_pages_mpol+0x1fb/0x550 [ 973.176588][ T2562] alloc_pages_noprof+0x131/0x390 [ 973.181646][ T2562] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 973.211382][ T2562] vmalloc_user_noprof+0x9e/0xe0 [ 973.226568][ T2562] kcov_ioctl+0x4c/0x720 [ 973.231805][ T2562] __x64_sys_ioctl+0x18e/0x210 [ 973.236735][ T2562] do_syscall_64+0x106/0xf80 [ 973.241505][ T2562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 973.247610][ T2562] page last free pid 5810 tgid 5810 stack trace: [ 973.254073][ T2562] free_unref_folios+0xaea/0x1790 [ 973.257150][ T2572] netlink: 342 bytes leftover after parsing attributes in process `syz.1.11861'. [ 973.260281][ T2562] folios_put_refs+0x53c/0x840 [ 973.275189][ T2562] free_pages_and_swap_cache+0x242/0x480 [ 973.281592][ T2562] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 973.288072][ T2562] tlb_finish_mmu+0x1b0/0x810 [ 973.294003][ T2562] unmap_region+0x2d9/0x3b0 [ 973.298885][ T2562] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 973.304489][ T2562] do_vmi_align_munmap+0x44f/0x5f0 [ 973.309924][ T2562] do_vmi_munmap+0x1f8/0x3e0 [ 973.314586][ T2562] __vm_munmap+0x196/0x390 [ 973.319033][ T2562] __x64_sys_munmap+0x59/0x80 [ 973.323881][ T2562] do_syscall_64+0x106/0xf80 [ 973.328594][ T2562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 973.468602][ T2583] ubi0: attaching mtd0 [ 973.476402][ T2583] ubi0: scanning is finished [ 973.481069][ T2583] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 973.686286][ T2583] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 974.446727][ T2599] kvm: kvm [2598]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 975.064144][ T2625] FAULT_INJECTION: forcing a failure. [ 975.064144][ T2625] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 975.078191][ T2625] CPU: 0 UID: 0 PID: 2625 Comm: syz.1.11883 Tainted: G L syzkaller #0 PREEMPT(full) [ 975.078232][ T2625] Tainted: [L]=SOFTLOCKUP [ 975.078243][ T2625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 975.078262][ T2625] Call Trace: [ 975.078275][ T2625] [ 975.078296][ T2625] dump_stack_lvl+0x100/0x190 [ 975.078347][ T2625] should_fail_ex.cold+0x5/0xa [ 975.078376][ T2625] ? prepare_alloc_pages+0x16d/0x5f0 [ 975.078413][ T2625] should_fail_alloc_page+0xeb/0x140 [ 975.078443][ T2625] prepare_alloc_pages+0x1f0/0x5f0 [ 975.078473][ T2625] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 975.078508][ T2625] ? ima_match_policy+0x8c4/0x2350 [ 975.078537][ T2625] ? ima_match_policy+0x8c4/0x2350 [ 975.078576][ T2625] ? __lock_acquire+0x4a5/0x2630 [ 975.078614][ T2625] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 975.078648][ T2625] ? __lock_acquire+0x4a5/0x2630 [ 975.078680][ T2625] ? look_up_lock_class+0x55/0x120 [ 975.078719][ T2625] ? register_lock_class+0x40/0x560 [ 975.078761][ T2625] ? lock_acquire+0x1cf/0x380 [ 975.078798][ T2625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 975.078841][ T2625] ? policy_nodemask+0xed/0x4f0 [ 975.078872][ T2625] alloc_pages_mpol+0x1fb/0x550 [ 975.078902][ T2625] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 975.078930][ T2625] ? __pfx___pollwait+0x10/0x10 [ 975.078968][ T2625] ? mark_held_locks+0x40/0x70 [ 975.079004][ T2625] alloc_pages_noprof+0x131/0x390 [ 975.079037][ T2625] ? __pfx___pollwait+0x10/0x10 [ 975.079081][ T2625] get_free_pages_noprof+0x10/0xb0 [ 975.079111][ T2625] __pollwait+0x29a/0x470 [ 975.079152][ T2625] ? __pfx___pollwait+0x10/0x10 [ 975.079195][ T2625] ? __pfx___pollwait+0x10/0x10 [ 975.079225][ T2625] vb2_poll+0x8c/0xe0 [ 975.079264][ T2625] vb2_fop_poll+0x10e/0x350 [ 975.079299][ T2625] ? __pfx_vb2_fop_poll+0x10/0x10 [ 975.079326][ T2625] v4l2_poll+0x15f/0x220 [ 975.079371][ T2625] ? __pfx_v4l2_poll+0x10/0x10 [ 975.079406][ T2625] do_sys_poll+0x6e5/0xeb0 [ 975.079441][ T2625] ? lockdep_hardirqs_on+0x78/0x100 [ 975.079489][ T2625] ? __pfx_do_sys_poll+0x10/0x10 [ 975.079527][ T2625] ? __lock_acquire+0x4a5/0x2630 [ 975.079582][ T2625] ? futex_unqueue+0x13d/0x2c0 [ 975.079614][ T2625] ? __pfx___pollwait+0x10/0x10 [ 975.079655][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079695][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079733][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079774][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079818][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079864][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079910][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079955][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.079994][ T2625] ? __pfx_pollwake+0x10/0x10 [ 975.080027][ T2625] ? do_futex+0x192/0x350 [ 975.080054][ T2625] ? set_user_sigmask+0x1e1/0x270 [ 975.080093][ T2625] ? __pfx_set_user_sigmask+0x10/0x10 [ 975.080134][ T2625] ? __pfx___might_resched+0x10/0x10 [ 975.080170][ T2625] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 975.080320][ T2625] __x64_sys_ppoll+0x2b5/0x350 [ 975.080351][ T2625] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 975.080389][ T2625] do_syscall_64+0x106/0xf80 [ 975.080426][ T2625] ? clear_bhb_loop+0x40/0x90 [ 975.080461][ T2625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 975.080491][ T2625] RIP: 0033:0x7f9edf99c799 [ 975.080515][ T2625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 975.080540][ T2625] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 975.080568][ T2625] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 975.080589][ T2625] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000200000000200 [ 975.080608][ T2625] RBP: 00007f9edfa32c99 R08: 0000000000000008 R09: 0000000000000000 [ 975.080627][ T2625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 975.080646][ T2625] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 975.080687][ T2625] [ 976.037774][T19646] Bluetooth: hci0: Malformed LE Event: 0x0b [ 976.267199][ T2643] netlink: 342 bytes leftover after parsing attributes in process `syz.0.11877'. [ 977.323114][ T2697] FAULT_INJECTION: forcing a failure. [ 977.323114][ T2697] name failslab, interval 1, probability 0, space 0, times 0 [ 977.341201][ T2697] CPU: 0 UID: 0 PID: 2697 Comm: syz.0.11908 Tainted: G L syzkaller #0 PREEMPT(full) [ 977.341250][ T2697] Tainted: [L]=SOFTLOCKUP [ 977.341261][ T2697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 977.341280][ T2697] Call Trace: [ 977.341291][ T2697] [ 977.341303][ T2697] dump_stack_lvl+0x100/0x190 [ 977.341354][ T2697] should_fail_ex.cold+0x5/0xa [ 977.341390][ T2697] ? tomoyo_encode2+0xfb/0x3c0 [ 977.341425][ T2697] should_failslab+0xc2/0x120 [ 977.341457][ T2697] __kmalloc_noprof+0xe0/0x850 [ 977.341497][ T2697] ? d_absolute_path+0x136/0x1b0 [ 977.341543][ T2697] tomoyo_encode2+0xfb/0x3c0 [ 977.341582][ T2697] tomoyo_encode+0x29/0x50 [ 977.341616][ T2697] tomoyo_realpath_from_path+0x18c/0x690 [ 977.341658][ T2697] tomoyo_path_number_perm+0x23c/0x580 [ 977.341689][ T2697] ? tomoyo_path_number_perm+0x22e/0x580 [ 977.341717][ T2697] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 977.341759][ T2697] ? do_raw_spin_lock+0x128/0x260 [ 977.341795][ T2697] ? find_held_lock+0x2b/0x80 [ 977.341837][ T2697] ? __pfx_d_add+0x10/0x10 [ 977.341866][ T2697] ? d_alloc+0x176/0x1e0 [ 977.341888][ T2697] ? current_check_access_path+0x281/0x460 [ 977.341923][ T2697] ? __pfx_current_check_access_path+0x10/0x10 [ 977.341960][ T2697] ? simple_lookup+0x105/0x1d0 [ 977.342008][ T2697] ? lookup_one_qstr_excl+0xb3/0x250 [ 977.342048][ T2697] tomoyo_path_mkdir+0x9b/0xe0 [ 977.342086][ T2697] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 977.342133][ T2697] security_path_mkdir+0x154/0x2e0 [ 977.342170][ T2697] filename_mkdirat+0x168/0x5e0 [ 977.342206][ T2697] ? __pfx_filename_mkdirat+0x10/0x10 [ 977.342237][ T2697] ? strncpy_from_user+0x19d/0x2d0 [ 977.342274][ T2697] ? do_getname+0x191/0x390 [ 977.342312][ T2697] __x64_sys_mkdir+0x6b/0x90 [ 977.342345][ T2697] do_syscall_64+0x106/0xf80 [ 977.342384][ T2697] ? clear_bhb_loop+0x40/0x90 [ 977.342421][ T2697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 977.342451][ T2697] RIP: 0033:0x7fba4679c799 [ 977.342476][ T2697] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 977.342506][ T2697] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 977.342534][ T2697] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 977.342555][ T2697] RDX: 0000000000000000 RSI: 0000000000008001 RDI: 0000200000000100 [ 977.342574][ T2697] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 977.342592][ T2697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 977.342610][ T2697] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 977.342653][ T2697] [ 977.342754][ T2697] ERROR: Out of memory at tomoyo_realpath_from_path. [ 977.468746][ T2708] process 'syz.2.11901' launched './file0' with NULL argv: empty string added [ 977.649922][ T2708] ERROR: Out of memory at tomoyo_memory_ok. [ 977.996168][ T2727] netlink: 146 bytes leftover after parsing attributes in process `syz.2.11907'. [ 978.182944][ T2740] netlink: 334 bytes leftover after parsing attributes in process `syz.0.11912'. [ 981.342606][ T2854] netlink: 'syz.3.11944': attribute type 4 has an invalid length. [ 981.352010][ T2854] netlink: 'syz.3.11944': attribute type 4 has an invalid length. [ 981.540289][ T2867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 981.549350][ T2867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 981.650899][ T2869] FAULT_INJECTION: forcing a failure. [ 981.650899][ T2869] name failslab, interval 1, probability 0, space 0, times 0 [ 981.650971][ T2869] CPU: 1 UID: 0 PID: 2869 Comm: syz.0.11950 Tainted: G L syzkaller #0 PREEMPT(full) [ 981.651018][ T2869] Tainted: [L]=SOFTLOCKUP [ 981.651029][ T2869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 981.651054][ T2869] Call Trace: [ 981.651064][ T2869] [ 981.651077][ T2869] dump_stack_lvl+0x100/0x190 [ 981.651126][ T2869] should_fail_ex.cold+0x5/0xa [ 981.651162][ T2869] should_failslab+0xc2/0x120 [ 981.651193][ T2869] __kmalloc_cache_noprof+0x7a/0x6f0 [ 981.651231][ T2869] ? proc_tcp_available_congestion_control+0xc9/0x180 [ 981.651275][ T2869] proc_tcp_available_congestion_control+0xc9/0x180 [ 981.651312][ T2869] ? __pfx_proc_tcp_available_congestion_control+0x10/0x10 [ 981.651352][ T2869] ? __kvmalloc_node_noprof+0x37b/0xa00 [ 981.651394][ T2869] ? proc_sys_call_handler+0x2c7/0x5a0 [ 981.651447][ T2869] proc_sys_call_handler+0x327/0x5a0 [ 981.651492][ T2869] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 981.651538][ T2869] ? rw_verify_area+0xce/0x6d0 [ 981.651578][ T2869] ? __pfx_proc_sys_read+0x10/0x10 [ 981.651623][ T2869] vfs_read+0x825/0xb30 [ 981.651670][ T2869] ? __pfx_vfs_read+0x10/0x10 [ 981.651739][ T2869] ksys_read+0x12a/0x250 [ 981.651765][ T2869] ? __pfx_ksys_read+0x10/0x10 [ 981.651804][ T2869] do_syscall_64+0x106/0xf80 [ 981.651843][ T2869] ? clear_bhb_loop+0x40/0x90 [ 981.651880][ T2869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.651910][ T2869] RIP: 0033:0x7fba4679c799 [ 981.651934][ T2869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 981.651964][ T2869] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 981.651993][ T2869] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 981.652013][ T2869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 981.652030][ T2869] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 981.652056][ T2869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 981.652075][ T2869] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 981.652116][ T2869] [ 982.122630][ T2882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 982.146257][ T2882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 984.053190][ T2919] netlink: 330 bytes leftover after parsing attributes in process `syz.1.11965'. [ 986.726702][ T2984] : renamed from dummy0 [ 990.766376][ T3058] sg_write: data in/out 65500/90 bytes for SCSI command 0x0-- guessing data in; [ 990.766376][ T3058] program syz.1.12014 not setting count and/or reply_len properly [ 990.788714][ T3061] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12015'. [ 991.968779][ T3088] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12023'. [ 991.998290][ T3088] IPv6: NLM_F_CREATE should be specified when creating new route [ 992.050445][ T3088] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 992.053738][ T3089] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12023'. [ 992.057769][ T3088] IPv6: NLM_F_CREATE should be set when creating new route [ 992.057850][ T3088] IPv6: NLM_F_CREATE should be set when creating new route [ 992.172003][ T3089] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 992.959857][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.966348][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.473502][ T3124] netlink: 146 bytes leftover after parsing attributes in process `syz.0.12037'. [ 994.354941][ T3141] FAULT_INJECTION: forcing a failure. [ 994.354941][ T3141] name failslab, interval 1, probability 0, space 0, times 0 [ 994.404748][ T3141] CPU: 0 UID: 0 PID: 3141 Comm: syz.1.12041 Tainted: G L syzkaller #0 PREEMPT(full) [ 994.404794][ T3141] Tainted: [L]=SOFTLOCKUP [ 994.404805][ T3141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 994.404821][ T3141] Call Trace: [ 994.404832][ T3141] [ 994.404843][ T3141] dump_stack_lvl+0x100/0x190 [ 994.404891][ T3141] should_fail_ex.cold+0x5/0xa [ 994.404925][ T3141] should_failslab+0xc2/0x120 [ 994.404956][ T3141] __kmalloc_cache_noprof+0x7a/0x6f0 [ 994.404992][ T3141] ? nci_hci_allocate+0x45/0x330 [ 994.405029][ T3141] ? mutex_init_lockep+0x110/0x150 [ 994.405070][ T3141] nci_hci_allocate+0x45/0x330 [ 994.405102][ T3141] nci_allocate_device+0x26f/0x410 [ 994.405134][ T3141] virtual_ncidev_open+0x6f/0x220 [ 994.405173][ T3141] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 994.405209][ T3141] misc_open+0x26d/0x450 [ 994.405241][ T3141] ? __pfx_misc_open+0x10/0x10 [ 994.405281][ T3141] chrdev_open+0x234/0x6a0 [ 994.405309][ T3141] ? __pfx_apparmor_file_open+0x10/0x10 [ 994.405338][ T3141] ? __pfx_chrdev_open+0x10/0x10 [ 994.405369][ T3141] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 994.405406][ T3141] do_dentry_open+0x6d8/0x1660 [ 994.405435][ T3141] ? __pfx_chrdev_open+0x10/0x10 [ 994.405470][ T3141] vfs_open+0x82/0x3f0 [ 994.405510][ T3141] path_openat+0x208c/0x31a0 [ 994.405550][ T3141] ? __pfx_path_openat+0x10/0x10 [ 994.405591][ T3141] do_file_open+0x20e/0x430 [ 994.405623][ T3141] ? __pfx_do_file_open+0x10/0x10 [ 994.405680][ T3141] ? alloc_fd+0x476/0x790 [ 994.405713][ T3141] ? do_getname+0x191/0x390 [ 994.405751][ T3141] do_sys_openat2+0x10d/0x1e0 [ 994.405788][ T3141] ? __pfx_do_sys_openat2+0x10/0x10 [ 994.405839][ T3141] __x64_sys_openat+0x12d/0x210 [ 994.405876][ T3141] ? __pfx___x64_sys_openat+0x10/0x10 [ 994.405927][ T3141] do_syscall_64+0x106/0xf80 [ 994.405966][ T3141] ? clear_bhb_loop+0x40/0x90 [ 994.406000][ T3141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.406028][ T3141] RIP: 0033:0x7f9edf99c799 [ 994.406051][ T3141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 994.406077][ T3141] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 994.406104][ T3141] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 994.406123][ T3141] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 994.406142][ T3141] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 994.406159][ T3141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 994.406176][ T3141] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 994.406213][ T3141] [ 994.801801][ T3152] sg_write: data in/out 65500/90 bytes for SCSI command 0x0-- guessing data in; [ 994.801801][ T3152] program syz.3.12047 not setting count and/or reply_len properly [ 997.234416][ T3163] Process accounting paused [ 998.197399][ T3224] FAULT_INJECTION: forcing a failure. [ 998.197399][ T3224] name failslab, interval 1, probability 0, space 0, times 0 [ 998.252005][ T3219] Process accounting paused [ 998.254807][ T3224] CPU: 0 UID: 0 PID: 3224 Comm: syz.2.12069 Tainted: G L syzkaller #0 PREEMPT(full) [ 998.254852][ T3224] Tainted: [L]=SOFTLOCKUP [ 998.254863][ T3224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 998.254881][ T3224] Call Trace: [ 998.254890][ T3224] [ 998.254901][ T3224] dump_stack_lvl+0x100/0x190 [ 998.254949][ T3224] should_fail_ex.cold+0x5/0xa [ 998.254981][ T3224] should_failslab+0xc2/0x120 [ 998.255012][ T3224] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 998.255057][ T3224] ? kasprintf+0xc7/0x100 [ 998.255088][ T3224] ? do_dentry_open+0x6d8/0x1660 [ 998.255114][ T3224] ? vfs_open+0x82/0x3f0 [ 998.255146][ T3224] ? path_openat+0x208c/0x31a0 [ 998.255179][ T3224] kvasprintf+0xbc/0x150 [ 998.255211][ T3224] ? __pfx_kvasprintf+0x10/0x10 [ 998.255257][ T3224] kasprintf+0xc7/0x100 [ 998.255289][ T3224] ? __pfx_kasprintf+0x10/0x10 [ 998.255325][ T3224] ? rcu_is_watching+0x12/0xc0 [ 998.255366][ T3224] ? lockdep_init_map_type+0x5c/0x250 [ 998.255410][ T3224] drm_debugfs_clients_add+0x48/0x210 [ 998.255447][ T3224] drm_file_alloc+0x5c6/0xb40 [ 998.255565][ T3224] drm_open_helper+0x1fc/0x540 [ 998.255634][ T3224] drm_open+0x1a0/0x3e0 [ 998.255669][ T3224] ? __pfx_drm_open+0x10/0x10 [ 998.255705][ T3224] drm_stub_open+0x20f/0x380 [ 998.255779][ T3224] ? __pfx_drm_stub_open+0x10/0x10 [ 998.255814][ T3224] chrdev_open+0x234/0x6a0 [ 998.255847][ T3224] ? __pfx_apparmor_file_open+0x10/0x10 [ 998.255875][ T3224] ? __pfx_chrdev_open+0x10/0x10 [ 998.255906][ T3224] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 998.255945][ T3224] do_dentry_open+0x6d8/0x1660 [ 998.255974][ T3224] ? __pfx_chrdev_open+0x10/0x10 [ 998.256011][ T3224] vfs_open+0x82/0x3f0 [ 998.256050][ T3224] path_openat+0x208c/0x31a0 [ 998.256091][ T3224] ? __pfx_path_openat+0x10/0x10 [ 998.256133][ T3224] do_file_open+0x20e/0x430 [ 998.256165][ T3224] ? __pfx_do_file_open+0x10/0x10 [ 998.256219][ T3224] ? alloc_fd+0x476/0x790 [ 998.256251][ T3224] ? do_getname+0x191/0x390 [ 998.256286][ T3224] do_sys_openat2+0x10d/0x1e0 [ 998.256322][ T3224] ? __pfx_do_sys_openat2+0x10/0x10 [ 998.256360][ T3224] ? __fget_files+0x21f/0x3d0 [ 998.256393][ T3224] __x64_sys_openat+0x12d/0x210 [ 998.256430][ T3224] ? __pfx___x64_sys_openat+0x10/0x10 [ 998.256479][ T3224] do_syscall_64+0x106/0xf80 [ 998.256516][ T3224] ? clear_bhb_loop+0x40/0x90 [ 998.256549][ T3224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 998.256577][ T3224] RIP: 0033:0x7f48f779c799 [ 998.256598][ T3224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 998.256628][ T3224] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 998.256655][ T3224] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 998.256675][ T3224] RDX: 0000000000129800 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 998.256693][ T3224] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 998.256711][ T3224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 998.256728][ T3224] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 998.256772][ T3224] [ 999.536048][ T3246] netlink: 110 bytes leftover after parsing attributes in process `syz.1.12079'. [ 999.856936][ T3257] mkiss: ax0: crc mode is auto. [ 1000.890630][ T3292] mkiss: ax0: crc mode is auto. [ 1001.859097][ T3324] mkiss: ax0: crc mode is auto. [ 1003.634589][ T3372] mkiss: ax0: crc mode is auto. [ 1007.051596][ T3448] phram: parameter too long [ 1007.246811][ T3456] mkiss: ax0: crc mode is auto. [ 1009.749348][ T3509] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12173'. [ 1009.948332][ T3510] netlink: 'syz.0.12180': attribute type 33 has an invalid length. [ 1009.981272][ T3510] netlink: 322 bytes leftover after parsing attributes in process `syz.0.12180'. [ 1009.991538][ T3517] netlink: 334 bytes leftover after parsing attributes in process `syz.1.12175'. [ 1010.634334][ T3547] netlink: 'syz.3.12188': attribute type 22 has an invalid length. [ 1010.647629][ T3547] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12188'. [ 1011.760940][ T3598] netlink: 330 bytes leftover after parsing attributes in process `syz.0.12216'. [ 1012.073379][ T3607] netlink: 342 bytes leftover after parsing attributes in process `syz.1.12213'. [ 1012.619319][ T3619] netlink: 346 bytes leftover after parsing attributes in process `syz.2.12217'. [ 1013.741170][ T3654] mmap: syz.0.12228 (3654) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1013.810131][ T3656] netlink: 'syz.2.12238': attribute type 22 has an invalid length. [ 1013.818173][ T3656] netlink: 330 bytes leftover after parsing attributes in process `syz.2.12238'. [ 1015.752571][ T3715] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1016.832847][ T3748] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12263'. [ 1017.196069][ T3758] smpboot: CPU 1 is now offline [ 1017.625535][ T3775] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12274'. [ 1022.018001][ T3887] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1022.080008][ T3887] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 1022.121164][ T3887] TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details. [ 1022.138562][ T3887] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details. [ 1022.215748][ T3891] smpboot: CPU 1 is now offline [ 1023.819436][ T3943] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1023.969001][ T3947] smpboot: CPU 1 is now offline [ 1024.223243][ T3957] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12339'. [ 1024.257964][ T3957] ipvlan0: entered promiscuous mode [ 1024.263187][ T3957] ipvlan0: entered allmulticast mode [ 1024.297829][ T3962] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12345'. [ 1024.317363][ T3957] veth0_vlan: entered allmulticast mode [ 1024.428220][ T3964] netlink: 330 bytes leftover after parsing attributes in process `syz.0.12346'. [ 1024.460267][ T3964] IPv6: NLM_F_CREATE should be specified when creating new route [ 1024.509851][ T3966] netlink: 346 bytes leftover after parsing attributes in process `syz.1.12347'. [ 1025.615271][ T3988] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1025.735230][ T3990] smpboot: CPU 1 is now offline [ 1027.765239][ T4038] netlink: 330 bytes leftover after parsing attributes in process `syz.2.12380'. [ 1027.852698][ T4038] IPv6: NLM_F_CREATE should be specified when creating new route [ 1028.033920][ T4044] netlink: 334 bytes leftover after parsing attributes in process `syz.1.12384'. [ 1028.358880][ T4056] netlink: 334 bytes leftover after parsing attributes in process `syz.3.12379'. [ 1028.453333][ T4029] Process accounting resumed [ 1028.496179][ T4063] netlink: 142 bytes leftover after parsing attributes in process `syz.1.12381'. [ 1028.517559][ T4062] netlink: 330 bytes leftover after parsing attributes in process `syz.3.12383'. [ 1029.280575][ T4063] Process accounting resumed [ 1029.337670][ T4073] netlink: 330 bytes leftover after parsing attributes in process `syz.1.12388'. [ 1029.356794][ T4073] IPv6: NLM_F_CREATE should be specified when creating new route [ 1031.301121][ T4119] ptrace attach of "./syz-executor exec"[5824] was attempted by ""[4119] [ 1032.181611][ T4158] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12421'. [ 1032.816252][ T4180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12432'. [ 1032.869519][ T4182] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1033.097223][ T4189] netlink: 334 bytes leftover after parsing attributes in process `syz.2.12435'. [ 1033.223481][ T4195] netlink: 330 bytes leftover after parsing attributes in process `syz.0.12438'. [ 1033.391644][ T4204] syz.0.12441 (4204): /proc/4203/oom_adj is deprecated, please use /proc/4203/oom_score_adj instead. [ 1033.646872][ T4212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12446'. [ 1034.133033][ T4225] FAULT_INJECTION: forcing a failure. [ 1034.133033][ T4225] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.183158][ T4227] netlink: 142 bytes leftover after parsing attributes in process `syz.0.12452'. [ 1034.229221][ T4225] CPU: 0 UID: 0 PID: 4225 Comm: syz.1.12451 Tainted: G L syzkaller #0 PREEMPT(full) [ 1034.229247][ T4225] Tainted: [L]=SOFTLOCKUP [ 1034.229253][ T4225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1034.229263][ T4225] Call Trace: [ 1034.229269][ T4225] [ 1034.229276][ T4225] dump_stack_lvl+0x100/0x190 [ 1034.229307][ T4225] should_fail_ex.cold+0x5/0xa [ 1034.229327][ T4225] ? __list_lru_init+0xd9/0x4b0 [ 1034.229348][ T4225] should_failslab+0xc2/0x120 [ 1034.229365][ T4225] __kmalloc_noprof+0xe0/0x850 [ 1034.229391][ T4225] __list_lru_init+0xd9/0x4b0 [ 1034.229413][ T4225] alloc_super+0x926/0xd20 [ 1034.229437][ T4225] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1034.229521][ T4225] sget_fc+0x117/0xc70 [ 1034.229543][ T4225] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1034.229565][ T4225] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1034.229585][ T4225] get_tree_nodev+0x28/0x190 [ 1034.229609][ T4225] mqueue_get_tree+0xf1/0x130 [ 1034.229630][ T4225] vfs_get_tree+0x92/0x320 [ 1034.229651][ T4225] fc_mount_longterm+0x1a/0x270 [ 1034.229673][ T4225] mq_init_ns+0x482/0x820 [ 1034.229690][ T4225] copy_ipcs+0x3dd/0x7e0 [ 1034.229707][ T4225] create_new_namespaces+0x20a/0xac0 [ 1034.229724][ T4225] ? security_capable+0x80/0x260 [ 1034.229750][ T4225] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1034.229768][ T4225] ksys_unshare+0x473/0xad0 [ 1034.229789][ T4225] ? __pfx_ksys_unshare+0x10/0x10 [ 1034.229814][ T4225] __x64_sys_unshare+0x31/0x40 [ 1034.229833][ T4225] do_syscall_64+0x106/0xf80 [ 1034.229855][ T4225] ? clear_bhb_loop+0x40/0x90 [ 1034.229874][ T4225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.229890][ T4225] RIP: 0033:0x7f9edf99c799 [ 1034.229904][ T4225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1034.229919][ T4225] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1034.229934][ T4225] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 1034.229944][ T4225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 1034.229954][ T4225] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1034.229963][ T4225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1034.229973][ T4225] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 1034.229993][ T4225] [ 1035.513418][ T4241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12457'. [ 1035.599556][ T4245] netlink: 334 bytes leftover after parsing attributes in process `syz.2.12460'. [ 1036.301726][ T4267] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12469'. [ 1036.925534][ T4279] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1038.005147][ T4314] UHID_CREATE from different security context by process 7310 (syz.3.12487), this is not allowed. [ 1038.227480][ T4320] netlink: 198 bytes leftover after parsing attributes in process `syz.3.12489'. [ 1039.250009][ T4346] FAULT_INJECTION: forcing a failure. [ 1039.250009][ T4346] name failslab, interval 1, probability 0, space 0, times 0 [ 1039.309400][ T4346] CPU: 0 UID: 0 PID: 4346 Comm: syz.0.12497 Tainted: G L syzkaller #0 PREEMPT(full) [ 1039.309427][ T4346] Tainted: [L]=SOFTLOCKUP [ 1039.309433][ T4346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1039.309443][ T4346] Call Trace: [ 1039.309449][ T4346] [ 1039.309455][ T4346] dump_stack_lvl+0x100/0x190 [ 1039.309493][ T4346] should_fail_ex.cold+0x5/0xa [ 1039.309512][ T4346] ? lsm_blob_alloc+0x68/0x90 [ 1039.309534][ T4346] should_failslab+0xc2/0x120 [ 1039.309552][ T4346] __kmalloc_noprof+0xe0/0x850 [ 1039.309574][ T4346] ? down_write_nested+0x14f/0x200 [ 1039.309600][ T4346] lsm_blob_alloc+0x68/0x90 [ 1039.309620][ T4346] security_sb_alloc+0x25/0x240 [ 1039.309643][ T4346] alloc_super+0x24c/0xd20 [ 1039.309668][ T4346] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1039.309689][ T4346] sget_fc+0x117/0xc70 [ 1039.309710][ T4346] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1039.309732][ T4346] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1039.309752][ T4346] get_tree_nodev+0x28/0x190 [ 1039.309775][ T4346] mqueue_get_tree+0xf1/0x130 [ 1039.309797][ T4346] vfs_get_tree+0x92/0x320 [ 1039.309817][ T4346] fc_mount_longterm+0x1a/0x270 [ 1039.309839][ T4346] mq_init_ns+0x482/0x820 [ 1039.309856][ T4346] copy_ipcs+0x3dd/0x7e0 [ 1039.309873][ T4346] create_new_namespaces+0x20a/0xac0 [ 1039.309889][ T4346] ? security_capable+0x80/0x260 [ 1039.309913][ T4346] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1039.309932][ T4346] ksys_unshare+0x473/0xad0 [ 1039.309952][ T4346] ? __pfx_ksys_unshare+0x10/0x10 [ 1039.309978][ T4346] __x64_sys_unshare+0x31/0x40 [ 1039.309996][ T4346] do_syscall_64+0x106/0xf80 [ 1039.310016][ T4346] ? clear_bhb_loop+0x40/0x90 [ 1039.310035][ T4346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1039.310051][ T4346] RIP: 0033:0x7fba4679c799 [ 1039.310064][ T4346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1039.310079][ T4346] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1039.310094][ T4346] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 1039.310105][ T4346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1039.310113][ T4346] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1039.310123][ T4346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1039.310132][ T4346] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1039.310157][ T4346] [ 1039.605701][ T4340] ptrace attach of "./syz-executor exec"[5823] was attempted by ""[4340] [ 1039.915716][ T4360] netlink: 334 bytes leftover after parsing attributes in process `syz.1.12503'. [ 1039.961805][ T4364] netlink: 342 bytes leftover after parsing attributes in process `syz.1.12505'. [ 1040.299916][ T4374] Process accounting resumed [ 1040.662564][ T4387] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12513'. [ 1040.788561][ T4391] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12515'. [ 1040.824127][ T4391] hsr_slave_0: left promiscuous mode [ 1040.861836][ T4391] hsr_slave_1: left promiscuous mode [ 1040.891368][ T4391] bridge0: port 2(hsr0) entered disabled state [ 1040.923346][ T4391] hsr0 (unregistering): left allmulticast mode [ 1040.948256][ T4391] hsr0 (unregistering): left promiscuous mode [ 1040.980372][ T4391] bridge0: port 2(hsr0) entered disabled state [ 1042.781987][ T4450] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12540'. [ 1042.968498][ T4459] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12552'. [ 1042.985507][ T4461] netlink: 198 bytes leftover after parsing attributes in process `syz.1.12544'. [ 1043.320943][ T4477] FAULT_INJECTION: forcing a failure. [ 1043.320943][ T4477] name failslab, interval 1, probability 0, space 0, times 0 [ 1043.334406][ T4475] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12557'. [ 1043.378886][ T4477] CPU: 0 UID: 0 PID: 4477 Comm: syz.1.12549 Tainted: G L syzkaller #0 PREEMPT(full) [ 1043.378914][ T4477] Tainted: [L]=SOFTLOCKUP [ 1043.378920][ T4477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1043.378931][ T4477] Call Trace: [ 1043.378936][ T4477] [ 1043.378943][ T4477] dump_stack_lvl+0x100/0x190 [ 1043.378970][ T4477] should_fail_ex.cold+0x5/0xa [ 1043.378989][ T4477] should_failslab+0xc2/0x120 [ 1043.379006][ T4477] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1043.379026][ T4477] ? __do_sys_memfd_create+0x170/0x3d0 [ 1043.379060][ T4477] __do_sys_memfd_create+0x170/0x3d0 [ 1043.379082][ T4477] do_syscall_64+0x106/0xf80 [ 1043.379103][ T4477] ? clear_bhb_loop+0x40/0x90 [ 1043.379121][ T4477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.379136][ T4477] RIP: 0033:0x7f9edf99c799 [ 1043.379150][ T4477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1043.379165][ T4477] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1043.379180][ T4477] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 1043.379190][ T4477] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 1043.379199][ T4477] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1043.379208][ T4477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1043.379217][ T4477] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 1043.379236][ T4477] [ 1043.792150][ T4484] netlink: 206 bytes leftover after parsing attributes in process `syz.0.12550'. [ 1046.922642][ T4552] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12586'. [ 1046.956863][ T4552] hsr_slave_0: left promiscuous mode [ 1046.977240][ T4552] hsr_slave_1: left promiscuous mode [ 1046.984190][ T4552] hsr0 (unregistering): left allmulticast mode [ 1047.000186][ T4552] hsr0 (unregistering): left promiscuous mode [ 1047.021468][ T4552] bridge0: port 3(hsr0) entered disabled state [ 1047.054500][ T4550] Process accounting resumed [ 1047.482244][ T4575] netlink: 86 bytes leftover after parsing attributes in process `syz.1.12587'. [ 1047.599072][ T4579] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12588'. [ 1047.996556][ T4596] Process accounting resumed [ 1048.075949][ T4603] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12595'. [ 1048.165825][ T4603] hsr_slave_0: left promiscuous mode [ 1048.195559][ T4603] hsr_slave_1: left promiscuous mode [ 1049.088178][ T4625] syz.0.12602(4625): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1049.248469][ T4634] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1049.409510][ T4638] FAULT_INJECTION: forcing a failure. [ 1049.409510][ T4638] name failslab, interval 1, probability 0, space 0, times 0 [ 1049.527226][ T4638] CPU: 0 UID: 0 PID: 4638 Comm: syz.2.12609 Tainted: G L syzkaller #0 PREEMPT(full) [ 1049.527254][ T4638] Tainted: [L]=SOFTLOCKUP [ 1049.527259][ T4638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1049.527269][ T4638] Call Trace: [ 1049.527275][ T4638] [ 1049.527282][ T4638] dump_stack_lvl+0x100/0x190 [ 1049.527310][ T4638] should_fail_ex.cold+0x5/0xa [ 1049.527329][ T4638] should_failslab+0xc2/0x120 [ 1049.527346][ T4638] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1049.527372][ T4638] ? nci_allocate_device+0x105/0x410 [ 1049.527394][ T4638] nci_allocate_device+0x105/0x410 [ 1049.527411][ T4638] virtual_ncidev_open+0x6f/0x220 [ 1049.527434][ T4638] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1049.527454][ T4638] misc_open+0x26d/0x450 [ 1049.527473][ T4638] ? __pfx_misc_open+0x10/0x10 [ 1049.527490][ T4638] chrdev_open+0x234/0x6a0 [ 1049.527505][ T4638] ? __pfx_apparmor_file_open+0x10/0x10 [ 1049.527521][ T4638] ? __pfx_chrdev_open+0x10/0x10 [ 1049.527537][ T4638] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1049.527558][ T4638] do_dentry_open+0x6d8/0x1660 [ 1049.527573][ T4638] ? __pfx_chrdev_open+0x10/0x10 [ 1049.527593][ T4638] vfs_open+0x82/0x3f0 [ 1049.527614][ T4638] path_openat+0x208c/0x31a0 [ 1049.527636][ T4638] ? __pfx_path_openat+0x10/0x10 [ 1049.527659][ T4638] do_file_open+0x20e/0x430 [ 1049.527675][ T4638] ? __pfx_do_file_open+0x10/0x10 [ 1049.527704][ T4638] ? alloc_fd+0x476/0x790 [ 1049.527721][ T4638] ? do_getname+0x191/0x390 [ 1049.527741][ T4638] do_sys_openat2+0x10d/0x1e0 [ 1049.527760][ T4638] ? __pfx_do_sys_openat2+0x10/0x10 [ 1049.527780][ T4638] ? __fget_files+0x21f/0x3d0 [ 1049.527799][ T4638] __x64_sys_openat+0x12d/0x210 [ 1049.527818][ T4638] ? __pfx___x64_sys_openat+0x10/0x10 [ 1049.527845][ T4638] do_syscall_64+0x106/0xf80 [ 1049.527865][ T4638] ? clear_bhb_loop+0x40/0x90 [ 1049.527883][ T4638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1049.527899][ T4638] RIP: 0033:0x7f48f779c799 [ 1049.527913][ T4638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1049.527928][ T4638] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1049.527943][ T4638] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1049.527954][ T4638] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1049.527964][ T4638] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1049.527974][ T4638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1049.527984][ T4638] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1049.528004][ T4638] [ 1050.770877][ T4662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12619'. [ 1051.644411][ T4685] FAULT_INJECTION: forcing a failure. [ 1051.644411][ T4685] name failslab, interval 1, probability 0, space 0, times 0 [ 1051.723789][ T4685] CPU: 0 UID: 0 PID: 4685 Comm: syz.0.12629 Tainted: G L syzkaller #0 PREEMPT(full) [ 1051.723816][ T4685] Tainted: [L]=SOFTLOCKUP [ 1051.723822][ T4685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1051.723832][ T4685] Call Trace: [ 1051.723838][ T4685] [ 1051.723845][ T4685] dump_stack_lvl+0x100/0x190 [ 1051.723872][ T4685] should_fail_ex.cold+0x5/0xa [ 1051.723891][ T4685] should_failslab+0xc2/0x120 [ 1051.723908][ T4685] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1051.723928][ T4685] ? __do_sys_memfd_create+0x170/0x3d0 [ 1051.723953][ T4685] __do_sys_memfd_create+0x170/0x3d0 [ 1051.723975][ T4685] do_syscall_64+0x106/0xf80 [ 1051.723995][ T4685] ? clear_bhb_loop+0x40/0x90 [ 1051.724013][ T4685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1051.724029][ T4685] RIP: 0033:0x7fba4679c799 [ 1051.724043][ T4685] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1051.724058][ T4685] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1051.724072][ T4685] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 1051.724082][ T4685] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 1051.724091][ T4685] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1051.724100][ T4685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1051.724109][ T4685] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1051.724136][ T4685] [ 1052.884046][ T4713] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12636'. [ 1053.107335][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1053.113614][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.946466][ T4797] netlink: 326 bytes leftover after parsing attributes in process `syz.1.12658'. [ 1056.843070][ T4830] netlink: 'syz.1.12672': attribute type 14 has an invalid length. [ 1056.862924][ T4830] netlink: 330 bytes leftover after parsing attributes in process `syz.1.12672'. [ 1057.148069][ T4840] FAULT_INJECTION: forcing a failure. [ 1057.148069][ T4840] name failslab, interval 1, probability 0, space 0, times 0 [ 1057.190181][ T4840] CPU: 0 UID: 0 PID: 4840 Comm: syz.1.12676 Tainted: G L syzkaller #0 PREEMPT(full) [ 1057.190207][ T4840] Tainted: [L]=SOFTLOCKUP [ 1057.190213][ T4840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1057.190223][ T4840] Call Trace: [ 1057.190229][ T4840] [ 1057.190236][ T4840] dump_stack_lvl+0x100/0x190 [ 1057.190263][ T4840] should_fail_ex.cold+0x5/0xa [ 1057.190282][ T4840] should_failslab+0xc2/0x120 [ 1057.190298][ T4840] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1057.190321][ T4840] ? security_inode_alloc+0x3b/0x2c0 [ 1057.190338][ T4840] ? lockdep_init_map_type+0x5c/0x250 [ 1057.190360][ T4840] security_inode_alloc+0x3b/0x2c0 [ 1057.190376][ T4840] inode_init_always_gfp+0xced/0x1040 [ 1057.190395][ T4840] alloc_inode+0x8e/0x250 [ 1057.190414][ T4840] new_inode+0x22/0x1c0 [ 1057.190435][ T4840] shmem_get_inode+0x212/0x1040 [ 1057.190457][ T4840] ? __pfx_shmem_get_inode+0x10/0x10 [ 1057.190476][ T4840] ? map_id_range_up+0x2ce/0x3b0 [ 1057.190492][ T4840] ? __pfx_make_vfsuid+0x10/0x10 [ 1057.190515][ T4840] shmem_symlink+0x11b/0xa00 [ 1057.190545][ T4840] ? generic_permission+0xae/0x800 [ 1057.190565][ T4840] ? __pfx_shmem_symlink+0x10/0x10 [ 1057.190587][ T4840] ? security_inode_permission+0xbf/0x250 [ 1057.190606][ T4840] ? inode_permission+0x374/0x620 [ 1057.190624][ T4840] ? tomoyo_path_symlink+0x97/0xe0 [ 1057.190651][ T4840] vfs_symlink+0x178/0x4d0 [ 1057.190673][ T4840] filename_symlinkat+0x2a6/0x560 [ 1057.190695][ T4840] ? __pfx_filename_symlinkat+0x10/0x10 [ 1057.190712][ T4840] ? strncpy_from_user+0x19d/0x2d0 [ 1057.190732][ T4840] ? do_getname+0x191/0x390 [ 1057.190752][ T4840] __x64_sys_symlink+0x79/0xb0 [ 1057.190770][ T4840] do_syscall_64+0x106/0xf80 [ 1057.190790][ T4840] ? clear_bhb_loop+0x40/0x90 [ 1057.190808][ T4840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1057.190824][ T4840] RIP: 0033:0x7f9edf99c799 [ 1057.190838][ T4840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1057.190852][ T4840] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1057.190867][ T4840] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 1057.190878][ T4840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1057.190888][ T4840] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1057.190898][ T4840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1057.190907][ T4840] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 1057.190929][ T4840] [ 1057.844206][ T4846] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1058.049407][ T4858] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12684'. [ 1058.073913][ T4858] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1058.145359][ T4858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1058.316359][ T4863] netlink: 334 bytes leftover after parsing attributes in process `syz.2.12685'. [ 1058.328118][ T4858] bond0 (unregistering): Released all slaves [ 1059.963628][ T4871] Process accounting paused [ 1060.303807][ T4915] netlink: 86 bytes leftover after parsing attributes in process `syz.0.12699'. [ 1061.465115][ T4959] FAULT_INJECTION: forcing a failure. [ 1061.465115][ T4959] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.479231][ T4959] CPU: 0 UID: 0 PID: 4959 Comm: syz.2.12710 Tainted: G L syzkaller #0 PREEMPT(full) [ 1061.479277][ T4959] Tainted: [L]=SOFTLOCKUP [ 1061.479288][ T4959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1061.479306][ T4959] Call Trace: [ 1061.479315][ T4959] [ 1061.479327][ T4959] dump_stack_lvl+0x100/0x190 [ 1061.479375][ T4959] should_fail_ex.cold+0x5/0xa [ 1061.479410][ T4959] should_failslab+0xc2/0x120 [ 1061.479441][ T4959] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1061.479479][ T4959] ? snd_virmidi_input_open+0xc8/0x4d0 [ 1061.479579][ T4959] ? __kasan_kmalloc+0xaa/0xb0 [ 1061.479642][ T4959] snd_virmidi_input_open+0xc8/0x4d0 [ 1061.479680][ T4959] open_substream+0x480/0x9e0 [ 1061.479718][ T4959] rawmidi_open_priv+0x524/0x6f0 [ 1061.479762][ T4959] snd_rawmidi_open+0x4c9/0xba0 [ 1061.479807][ T4959] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1061.479848][ T4959] ? __pfx_default_wake_function+0x10/0x10 [ 1061.479879][ T4959] ? soundcore_open+0x231/0x5a0 [ 1061.479907][ T4959] ? soundcore_open+0x231/0x5a0 [ 1061.479939][ T4959] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1061.479979][ T4959] soundcore_open+0x2e3/0x5a0 [ 1061.480011][ T4959] ? __pfx_soundcore_open+0x10/0x10 [ 1061.480040][ T4959] chrdev_open+0x234/0x6a0 [ 1061.480072][ T4959] ? __pfx_chrdev_open+0x10/0x10 [ 1061.480102][ T4959] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1061.480142][ T4959] do_dentry_open+0x6d8/0x1660 [ 1061.480171][ T4959] ? __pfx_chrdev_open+0x10/0x10 [ 1061.480210][ T4959] vfs_open+0x82/0x3f0 [ 1061.480250][ T4959] path_openat+0x208c/0x31a0 [ 1061.480293][ T4959] ? __pfx_path_openat+0x10/0x10 [ 1061.480337][ T4959] do_file_open+0x20e/0x430 [ 1061.480371][ T4959] ? __pfx_do_file_open+0x10/0x10 [ 1061.480429][ T4959] ? alloc_fd+0x476/0x790 [ 1061.480462][ T4959] ? do_getname+0x191/0x390 [ 1061.480500][ T4959] do_sys_openat2+0x10d/0x1e0 [ 1061.480538][ T4959] ? __pfx_do_sys_openat2+0x10/0x10 [ 1061.480578][ T4959] ? __fget_files+0x21f/0x3d0 [ 1061.480621][ T4959] __x64_sys_openat+0x12d/0x210 [ 1061.480660][ T4959] ? __pfx___x64_sys_openat+0x10/0x10 [ 1061.480713][ T4959] do_syscall_64+0x106/0xf80 [ 1061.480752][ T4959] ? clear_bhb_loop+0x40/0x90 [ 1061.480788][ T4959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.480818][ T4959] RIP: 0033:0x7f48f779c799 [ 1061.480843][ T4959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1061.480873][ T4959] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1061.480902][ T4959] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1061.480922][ T4959] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1061.480943][ T4959] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1061.480961][ T4959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1061.480980][ T4959] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1061.481020][ T4959] [ 1061.838593][ T4961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12711'. [ 1061.849042][ T4961] netlink: 17 bytes leftover after parsing attributes in process `syz.2.12711'. [ 1062.546871][ T4986] netlink: 'syz.0.12719': attribute type 14 has an invalid length. [ 1062.564752][ T4986] netlink: 330 bytes leftover after parsing attributes in process `syz.0.12719'. [ 1062.666661][ T4989] smpboot: CPU 1 is now offline [ 1062.698581][ T4992] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1062.731229][ T4995] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in; [ 1062.731229][ T4995] program syz.0.12731 not setting count and/or reply_len properly [ 1062.946197][ T4998] netlink: 334 bytes leftover after parsing attributes in process `syz.3.12723'. [ 1063.820037][ T5020] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12734'. [ 1063.984317][ T5025] smpboot: CPU 1 is now offline [ 1064.184033][ T5033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12746'. [ 1064.743296][T19646] block nbd1: Receive control failed (result -32) [ 1065.168693][ T5067] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 1065.645738][ T5076] FAULT_INJECTION: forcing a failure. [ 1065.645738][ T5076] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.696133][ T5076] CPU: 0 UID: 0 PID: 5076 Comm: syz.0.12751 Tainted: G L syzkaller #0 PREEMPT(full) [ 1065.696179][ T5076] Tainted: [L]=SOFTLOCKUP [ 1065.696191][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1065.696208][ T5076] Call Trace: [ 1065.696219][ T5076] [ 1065.696231][ T5076] dump_stack_lvl+0x100/0x190 [ 1065.696279][ T5076] should_fail_ex.cold+0x5/0xa [ 1065.696312][ T5076] should_failslab+0xc2/0x120 [ 1065.696344][ T5076] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1065.696385][ T5076] ? copy_net_ns+0xe8/0x7c0 [ 1065.696421][ T5076] copy_net_ns+0xe8/0x7c0 [ 1065.696447][ T5076] ? copy_cgroup_ns+0x71/0x970 [ 1065.696483][ T5076] create_new_namespaces+0x3ea/0xac0 [ 1065.696523][ T5076] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1065.696558][ T5076] ksys_unshare+0x473/0xad0 [ 1065.696595][ T5076] ? __pfx_ksys_unshare+0x10/0x10 [ 1065.696656][ T5076] __x64_sys_unshare+0x31/0x40 [ 1065.696692][ T5076] do_syscall_64+0x106/0xf80 [ 1065.696732][ T5076] ? clear_bhb_loop+0x40/0x90 [ 1065.696767][ T5076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1065.696796][ T5076] RIP: 0033:0x7fba4679c799 [ 1065.696821][ T5076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1065.696850][ T5076] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1065.696878][ T5076] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 1065.696898][ T5076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1065.696916][ T5076] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1065.696934][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1065.696952][ T5076] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1065.696991][ T5076] [ 1066.476169][ T5103] netlink: 'syz.0.12755': attribute type 28 has an invalid length. [ 1066.495578][ T5103] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12755'. [ 1066.618312][ T5108] FAULT_INJECTION: forcing a failure. [ 1066.618312][ T5108] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.663919][ T5108] CPU: 0 UID: 0 PID: 5108 Comm: syz.2.12756 Tainted: G L syzkaller #0 PREEMPT(full) [ 1066.663966][ T5108] Tainted: [L]=SOFTLOCKUP [ 1066.663977][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1066.663996][ T5108] Call Trace: [ 1066.664006][ T5108] [ 1066.664017][ T5108] dump_stack_lvl+0x100/0x190 [ 1066.664074][ T5108] should_fail_ex.cold+0x5/0xa [ 1066.664110][ T5108] should_failslab+0xc2/0x120 [ 1066.664142][ T5108] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1066.664185][ T5108] ? security_inode_alloc+0x3b/0x2c0 [ 1066.664215][ T5108] ? lockdep_init_map_type+0x5c/0x250 [ 1066.664257][ T5108] security_inode_alloc+0x3b/0x2c0 [ 1066.664288][ T5108] inode_init_always_gfp+0xced/0x1040 [ 1066.664325][ T5108] alloc_inode+0x8e/0x250 [ 1066.664362][ T5108] new_inode+0x22/0x1c0 [ 1066.664402][ T5108] shmem_get_inode+0x212/0x1040 [ 1066.664444][ T5108] ? __pfx_shmem_get_inode+0x10/0x10 [ 1066.664481][ T5108] ? map_id_range_up+0x2ce/0x3b0 [ 1066.664515][ T5108] ? __pfx_make_vfsuid+0x10/0x10 [ 1066.664557][ T5108] shmem_symlink+0x11b/0xa00 [ 1066.664597][ T5108] ? generic_permission+0xae/0x800 [ 1066.664634][ T5108] ? __pfx_shmem_symlink+0x10/0x10 [ 1066.664672][ T5108] ? security_inode_permission+0xbf/0x250 [ 1066.664704][ T5108] ? inode_permission+0x374/0x620 [ 1066.664745][ T5108] ? tomoyo_path_symlink+0x97/0xe0 [ 1066.664795][ T5108] vfs_symlink+0x178/0x4d0 [ 1066.664838][ T5108] filename_symlinkat+0x2a6/0x560 [ 1066.664877][ T5108] ? __pfx_filename_symlinkat+0x10/0x10 [ 1066.664911][ T5108] ? strncpy_from_user+0x19d/0x2d0 [ 1066.664947][ T5108] ? do_getname+0x191/0x390 [ 1066.664985][ T5108] __x64_sys_symlink+0x79/0xb0 [ 1066.665026][ T5108] do_syscall_64+0x106/0xf80 [ 1066.665066][ T5108] ? clear_bhb_loop+0x40/0x90 [ 1066.665103][ T5108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.665133][ T5108] RIP: 0033:0x7f48f779c799 [ 1066.665155][ T5108] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1066.665185][ T5108] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1066.665214][ T5108] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1066.665233][ T5108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1066.665250][ T5108] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1066.665268][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1066.665286][ T5108] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1066.665324][ T5108] [ 1067.132439][ T5118] netlink: 326 bytes leftover after parsing attributes in process `syz.3.12758'. [ 1067.753585][ T5148] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in; [ 1067.753585][ T5148] program syz.1.12767 not setting count and/or reply_len properly [ 1067.924994][ T5152] FAULT_INJECTION: forcing a failure. [ 1067.924994][ T5152] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.980082][ T5152] CPU: 1 UID: 0 PID: 5152 Comm: syz.1.12768 Tainted: G L syzkaller #0 PREEMPT(full) [ 1067.980126][ T5152] Tainted: [L]=SOFTLOCKUP [ 1067.980136][ T5152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1067.980153][ T5152] Call Trace: [ 1067.980163][ T5152] [ 1067.980174][ T5152] dump_stack_lvl+0x100/0x190 [ 1067.980221][ T5152] should_fail_ex.cold+0x5/0xa [ 1067.980258][ T5152] should_failslab+0xc2/0x120 [ 1067.980288][ T5152] __kvmalloc_node_noprof+0xfa/0xa00 [ 1067.980330][ T5152] ? open_substream+0x311/0x9e0 [ 1067.980363][ T5152] ? lockdep_init_map_type+0x5c/0x250 [ 1067.980415][ T5152] open_substream+0x311/0x9e0 [ 1067.980448][ T5152] ? lockdep_hardirqs_on+0x78/0x100 [ 1067.980492][ T5152] rawmidi_open_priv+0x524/0x6f0 [ 1067.980535][ T5152] snd_rawmidi_open+0x4c9/0xba0 [ 1067.980578][ T5152] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1067.980616][ T5152] ? __pfx_default_wake_function+0x10/0x10 [ 1067.980645][ T5152] ? soundcore_open+0x231/0x5a0 [ 1067.980671][ T5152] ? soundcore_open+0x231/0x5a0 [ 1067.980700][ T5152] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1067.980738][ T5152] soundcore_open+0x2e3/0x5a0 [ 1067.980767][ T5152] ? __pfx_soundcore_open+0x10/0x10 [ 1067.980793][ T5152] chrdev_open+0x234/0x6a0 [ 1067.980823][ T5152] ? __pfx_apparmor_file_open+0x10/0x10 [ 1067.980851][ T5152] ? __pfx_chrdev_open+0x10/0x10 [ 1067.980882][ T5152] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1067.980919][ T5152] do_dentry_open+0x6d8/0x1660 [ 1067.980947][ T5152] ? __pfx_chrdev_open+0x10/0x10 [ 1067.980986][ T5152] vfs_open+0x82/0x3f0 [ 1067.981025][ T5152] path_openat+0x208c/0x31a0 [ 1067.981067][ T5152] ? __pfx_path_openat+0x10/0x10 [ 1067.981110][ T5152] do_file_open+0x20e/0x430 [ 1067.981143][ T5152] ? __pfx_do_file_open+0x10/0x10 [ 1067.981200][ T5152] ? alloc_fd+0x476/0x790 [ 1067.981233][ T5152] ? do_getname+0x191/0x390 [ 1067.981271][ T5152] do_sys_openat2+0x10d/0x1e0 [ 1067.981307][ T5152] ? __pfx_do_sys_openat2+0x10/0x10 [ 1067.981345][ T5152] ? __fget_files+0x21f/0x3d0 [ 1067.981381][ T5152] __x64_sys_openat+0x12d/0x210 [ 1067.981426][ T5152] ? __pfx___x64_sys_openat+0x10/0x10 [ 1067.981480][ T5152] do_syscall_64+0x106/0xf80 [ 1067.981519][ T5152] ? clear_bhb_loop+0x40/0x90 [ 1067.981555][ T5152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.981585][ T5152] RIP: 0033:0x7f9edf99c799 [ 1067.981610][ T5152] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1067.981640][ T5152] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1067.981669][ T5152] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 1067.981689][ T5152] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1067.981708][ T5152] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1067.981726][ T5152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.981744][ T5152] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 1067.981784][ T5152] [ 1068.299278][ T5158] FAULT_INJECTION: forcing a failure. [ 1068.299278][ T5158] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.321018][ T5158] CPU: 0 UID: 0 PID: 5158 Comm: syz.0.12770 Tainted: G L syzkaller #0 PREEMPT(full) [ 1068.321064][ T5158] Tainted: [L]=SOFTLOCKUP [ 1068.321075][ T5158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1068.321093][ T5158] Call Trace: [ 1068.321103][ T5158] [ 1068.321114][ T5158] dump_stack_lvl+0x100/0x190 [ 1068.321159][ T5158] should_fail_ex.cold+0x5/0xa [ 1068.321192][ T5158] should_failslab+0xc2/0x120 [ 1068.321222][ T5158] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1068.321265][ T5158] ? security_inode_alloc+0x3b/0x2c0 [ 1068.321295][ T5158] ? lockdep_init_map_type+0x5c/0x250 [ 1068.321338][ T5158] security_inode_alloc+0x3b/0x2c0 [ 1068.321368][ T5158] inode_init_always_gfp+0xced/0x1040 [ 1068.321403][ T5158] alloc_inode+0x8e/0x250 [ 1068.321440][ T5158] new_inode+0x22/0x1c0 [ 1068.321479][ T5158] shmem_get_inode+0x212/0x1040 [ 1068.321520][ T5158] ? __pfx_shmem_get_inode+0x10/0x10 [ 1068.321557][ T5158] ? map_id_range_up+0x2ce/0x3b0 [ 1068.321587][ T5158] ? __pfx_make_vfsuid+0x10/0x10 [ 1068.321632][ T5158] shmem_symlink+0x11b/0xa00 [ 1068.321673][ T5158] ? generic_permission+0xae/0x800 [ 1068.321711][ T5158] ? __pfx_shmem_symlink+0x10/0x10 [ 1068.321751][ T5158] ? security_inode_permission+0xbf/0x250 [ 1068.321784][ T5158] ? inode_permission+0x374/0x620 [ 1068.321820][ T5158] ? tomoyo_path_symlink+0x97/0xe0 [ 1068.321879][ T5158] vfs_symlink+0x178/0x4d0 [ 1068.321922][ T5158] filename_symlinkat+0x2a6/0x560 [ 1068.321960][ T5158] ? __pfx_filename_symlinkat+0x10/0x10 [ 1068.321995][ T5158] ? strncpy_from_user+0x19d/0x2d0 [ 1068.322033][ T5158] ? do_getname+0x191/0x390 [ 1068.322071][ T5158] __x64_sys_symlink+0x79/0xb0 [ 1068.322105][ T5158] do_syscall_64+0x106/0xf80 [ 1068.322143][ T5158] ? clear_bhb_loop+0x40/0x90 [ 1068.322180][ T5158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1068.322210][ T5158] RIP: 0033:0x7fba4679c799 [ 1068.322234][ T5158] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1068.322263][ T5158] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1068.322290][ T5158] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 1068.322310][ T5158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1068.322328][ T5158] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1068.322342][ T5158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1068.322357][ T5158] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1068.322393][ T5158] [ 1068.964420][ T5187] vcan0: tx drop: invalid da for name 0x000000000000003f [ 1069.073645][ T5190] FAULT_INJECTION: forcing a failure. [ 1069.073645][ T5190] name failslab, interval 1, probability 0, space 0, times 0 [ 1069.086527][ T5190] CPU: 0 UID: 0 PID: 5190 Comm: syz.0.12780 Tainted: G L syzkaller #0 PREEMPT(full) [ 1069.086576][ T5190] Tainted: [L]=SOFTLOCKUP [ 1069.086587][ T5190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1069.086605][ T5190] Call Trace: [ 1069.086615][ T5190] [ 1069.086627][ T5190] dump_stack_lvl+0x100/0x190 [ 1069.086675][ T5190] should_fail_ex.cold+0x5/0xa [ 1069.086711][ T5190] should_failslab+0xc2/0x120 [ 1069.086742][ T5190] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1069.086777][ T5190] ? snd_virmidi_input_open+0xc8/0x4d0 [ 1069.086807][ T5190] ? __kasan_kmalloc+0xaa/0xb0 [ 1069.086854][ T5190] snd_virmidi_input_open+0xc8/0x4d0 [ 1069.086889][ T5190] open_substream+0x480/0x9e0 [ 1069.086928][ T5190] rawmidi_open_priv+0x524/0x6f0 [ 1069.086973][ T5190] snd_rawmidi_open+0x4c9/0xba0 [ 1069.087017][ T5190] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1069.087057][ T5190] ? __pfx_default_wake_function+0x10/0x10 [ 1069.087087][ T5190] ? soundcore_open+0x231/0x5a0 [ 1069.087113][ T5190] ? soundcore_open+0x231/0x5a0 [ 1069.087144][ T5190] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1069.087184][ T5190] soundcore_open+0x2e3/0x5a0 [ 1069.087215][ T5190] ? __pfx_soundcore_open+0x10/0x10 [ 1069.087244][ T5190] chrdev_open+0x234/0x6a0 [ 1069.087272][ T5190] ? __pfx_apparmor_file_open+0x10/0x10 [ 1069.087310][ T5190] ? __pfx_chrdev_open+0x10/0x10 [ 1069.087342][ T5190] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1069.087382][ T5190] do_dentry_open+0x6d8/0x1660 [ 1069.087411][ T5190] ? __pfx_chrdev_open+0x10/0x10 [ 1069.087450][ T5190] vfs_open+0x82/0x3f0 [ 1069.087490][ T5190] path_openat+0x208c/0x31a0 [ 1069.087530][ T5190] ? __pfx_path_openat+0x10/0x10 [ 1069.087571][ T5190] do_file_open+0x20e/0x430 [ 1069.087603][ T5190] ? __pfx_do_file_open+0x10/0x10 [ 1069.087660][ T5190] ? alloc_fd+0x476/0x790 [ 1069.087693][ T5190] ? do_getname+0x191/0x390 [ 1069.087732][ T5190] do_sys_openat2+0x10d/0x1e0 [ 1069.087770][ T5190] ? __pfx_do_sys_openat2+0x10/0x10 [ 1069.087810][ T5190] ? __fget_files+0x21f/0x3d0 [ 1069.087847][ T5190] __x64_sys_openat+0x12d/0x210 [ 1069.087885][ T5190] ? __pfx___x64_sys_openat+0x10/0x10 [ 1069.087938][ T5190] do_syscall_64+0x106/0xf80 [ 1069.087978][ T5190] ? clear_bhb_loop+0x40/0x90 [ 1069.088013][ T5190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1069.088043][ T5190] RIP: 0033:0x7fba4679c799 [ 1069.088066][ T5190] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1069.088094][ T5190] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1069.088122][ T5190] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 1069.088142][ T5190] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1069.088161][ T5190] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1069.088179][ T5190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1069.088197][ T5190] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1069.088236][ T5190] [ 1069.502772][ T5199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12782'. [ 1069.532516][ T5199] netlink: 13 bytes leftover after parsing attributes in process `syz.0.12782'. [ 1069.541717][ T5199] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12782'. [ 1070.404002][ T5223] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12791'. [ 1070.740241][ T5231] netlink: 'syz.3.12794': attribute type 28 has an invalid length. [ 1070.748244][ T5231] netlink: 334 bytes leftover after parsing attributes in process `syz.3.12794'. [ 1071.017280][ T5202] Process accounting paused [ 1071.532183][ T5251] netlink: 25 bytes leftover after parsing attributes in process `syz.2.12801'. [ 1071.922766][ T5261] netlink: 342 bytes leftover after parsing attributes in process `syz.1.12804'. [ 1072.772268][ T5277] vcan0: tx drop: invalid da for name 0x000000000000003f [ 1073.326177][ T5296] netlink: 334 bytes leftover after parsing attributes in process `syz.0.12816'. [ 1073.357570][ T5299] netlink: 'syz.1.12815': attribute type 27 has an invalid length. [ 1073.376337][ T5299] netlink: 334 bytes leftover after parsing attributes in process `syz.1.12815'. [ 1073.462618][ T5302] FAULT_INJECTION: forcing a failure. [ 1073.462618][ T5302] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.481691][ T5302] CPU: 1 UID: 0 PID: 5302 Comm: syz.2.12818 Tainted: G L syzkaller #0 PREEMPT(full) [ 1073.481737][ T5302] Tainted: [L]=SOFTLOCKUP [ 1073.481749][ T5302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1073.481766][ T5302] Call Trace: [ 1073.481777][ T5302] [ 1073.481789][ T5302] dump_stack_lvl+0x100/0x190 [ 1073.481847][ T5302] should_fail_ex.cold+0x5/0xa [ 1073.481882][ T5302] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1073.481920][ T5302] should_failslab+0xc2/0x120 [ 1073.481951][ T5302] __kmalloc_noprof+0xe0/0x850 [ 1073.482001][ T5302] tomoyo_realpath_from_path+0xb6/0x690 [ 1073.482047][ T5302] tomoyo_check_open_permission+0x2af/0x3c0 [ 1073.482082][ T5302] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1073.482153][ T5302] ? do_raw_spin_lock+0x128/0x260 [ 1073.482196][ T5302] ? path_get+0x61/0x80 [ 1073.482233][ T5302] tomoyo_file_open+0x6b/0x90 [ 1073.482275][ T5302] security_file_open+0xb5/0x1e0 [ 1073.482311][ T5302] do_dentry_open+0x5aa/0x1660 [ 1073.482343][ T5302] ? security_inode_permission+0xbf/0x250 [ 1073.482382][ T5302] vfs_open+0x82/0x3f0 [ 1073.482423][ T5302] path_openat+0x208c/0x31a0 [ 1073.482463][ T5302] ? __pfx_path_openat+0x10/0x10 [ 1073.482504][ T5302] do_file_open+0x20e/0x430 [ 1073.482536][ T5302] ? __pfx_do_file_open+0x10/0x10 [ 1073.482594][ T5302] ? alloc_fd+0x476/0x790 [ 1073.482626][ T5302] ? do_getname+0x191/0x390 [ 1073.482664][ T5302] do_sys_openat2+0x10d/0x1e0 [ 1073.482701][ T5302] ? __pfx_do_sys_openat2+0x10/0x10 [ 1073.482753][ T5302] __x64_sys_openat+0x12d/0x210 [ 1073.482791][ T5302] ? __pfx___x64_sys_openat+0x10/0x10 [ 1073.482851][ T5302] do_syscall_64+0x106/0xf80 [ 1073.482892][ T5302] ? clear_bhb_loop+0x40/0x90 [ 1073.482927][ T5302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1073.482957][ T5302] RIP: 0033:0x7f48f779c799 [ 1073.482981][ T5302] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1073.483011][ T5302] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1073.483039][ T5302] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1073.483059][ T5302] RDX: 0000000000002400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1073.483078][ T5302] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1073.483095][ T5302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1073.483113][ T5302] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1073.483152][ T5302] [ 1073.483164][ T5302] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1074.266642][ T5320] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12824'. [ 1074.291591][ T5318] [U] [ 1075.180249][ T5341] blktrace: Concurrent blktraces are not allowed on sg0 [ 1075.368649][ T5353] netlink: 'syz.3.12837': attribute type 1 has an invalid length. [ 1075.376704][ T5353] netlink: 318 bytes leftover after parsing attributes in process `syz.3.12837'. [ 1075.450788][ T5357] FAULT_INJECTION: forcing a failure. [ 1075.450788][ T5357] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.465971][ T5357] CPU: 0 UID: 0 PID: 5357 Comm: syz.0.12838 Tainted: G L syzkaller #0 PREEMPT(full) [ 1075.466013][ T5357] Tainted: [L]=SOFTLOCKUP [ 1075.466024][ T5357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1075.466041][ T5357] Call Trace: [ 1075.466051][ T5357] [ 1075.466062][ T5357] dump_stack_lvl+0x100/0x190 [ 1075.466110][ T5357] should_fail_ex.cold+0x5/0xa [ 1075.466144][ T5357] should_failslab+0xc2/0x120 [ 1075.466175][ T5357] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1075.466216][ T5357] ? __d_alloc+0x34/0xa80 [ 1075.466247][ T5357] ? security_inode_alloc+0xcf/0x2c0 [ 1075.466283][ T5357] __d_alloc+0x34/0xa80 [ 1075.466312][ T5357] ? __ns_ref_active_get+0x9f/0x1b0 [ 1075.466351][ T5357] path_from_stashed+0x427/0x750 [ 1075.466390][ T5357] ns_get_path+0x60/0x80 [ 1075.466420][ T5357] proc_ns_get_link+0x121/0x230 [ 1075.466460][ T5357] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1075.466503][ T5357] ? atime_needs_update+0x8b/0x6b0 [ 1075.466546][ T5357] pick_link+0xd17/0x13c0 [ 1075.466585][ T5357] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1075.466628][ T5357] step_into_slowpath+0x9ba/0xf90 [ 1075.466677][ T5357] ? __pfx_step_into_slowpath+0x10/0x10 [ 1075.466718][ T5357] ? find_held_lock+0x2b/0x80 [ 1075.466767][ T5357] path_openat+0xf95/0x31a0 [ 1075.466809][ T5357] ? __pfx_path_openat+0x10/0x10 [ 1075.466852][ T5357] do_file_open+0x20e/0x430 [ 1075.466885][ T5357] ? __pfx_do_file_open+0x10/0x10 [ 1075.466941][ T5357] ? alloc_fd+0x476/0x790 [ 1075.466973][ T5357] ? do_getname+0x191/0x390 [ 1075.467011][ T5357] do_sys_openat2+0x10d/0x1e0 [ 1075.467048][ T5357] ? __pfx_do_sys_openat2+0x10/0x10 [ 1075.467097][ T5357] __x64_sys_openat+0x12d/0x210 [ 1075.467135][ T5357] ? __pfx___x64_sys_openat+0x10/0x10 [ 1075.467177][ T5357] ? do_user_addr_fault+0x8d6/0x12f0 [ 1075.467227][ T5357] do_syscall_64+0x106/0xf80 [ 1075.467265][ T5357] ? clear_bhb_loop+0x40/0x90 [ 1075.467301][ T5357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.467332][ T5357] RIP: 0033:0x7fba4675cfce [ 1075.467356][ T5357] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1075.467383][ T5357] RSP: 002b:00007fba47696ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1075.467411][ T5357] RAX: ffffffffffffffda RBX: 00007fba476976c0 RCX: 00007fba4675cfce [ 1075.467431][ T5357] RDX: 0000000000000002 RSI: 00007fba47696f90 RDI: ffffffffffffff9c [ 1075.467450][ T5357] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1075.467469][ T5357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1075.467486][ T5357] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1075.467524][ T5357] [ 1076.324055][ T5377] FAULT_INJECTION: forcing a failure. [ 1076.324055][ T5377] name failslab, interval 1, probability 0, space 0, times 0 [ 1076.347500][ T5377] CPU: 0 UID: 0 PID: 5377 Comm: syz.0.12844 Tainted: G L syzkaller #0 PREEMPT(full) [ 1076.347554][ T5377] Tainted: [L]=SOFTLOCKUP [ 1076.347565][ T5377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1076.347582][ T5377] Call Trace: [ 1076.347591][ T5377] [ 1076.347603][ T5377] dump_stack_lvl+0x100/0x190 [ 1076.347650][ T5377] should_fail_ex.cold+0x5/0xa [ 1076.347684][ T5377] should_failslab+0xc2/0x120 [ 1076.347715][ T5377] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1076.347761][ T5377] ? __alloc_workqueue+0x711/0x1880 [ 1076.347794][ T5377] ? lockdep_init_map_type+0x5c/0x250 [ 1076.347837][ T5377] __alloc_workqueue+0x711/0x1880 [ 1076.347877][ T5377] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1076.347919][ T5377] alloc_workqueue_noprof+0xd2/0x200 [ 1076.347954][ T5377] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1076.347994][ T5377] ? __pfx___debug_object_init+0x10/0x10 [ 1076.348045][ T5377] nci_register_device+0x21e/0xb80 [ 1076.348077][ T5377] ? __pfx_nci_register_device+0x10/0x10 [ 1076.348111][ T5377] ? lockdep_init_map_type+0x5c/0x250 [ 1076.348147][ T5377] virtual_ncidev_open+0x141/0x220 [ 1076.348180][ T5377] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1076.348208][ T5377] misc_open+0x26d/0x450 [ 1076.348236][ T5377] ? __pfx_misc_open+0x10/0x10 [ 1076.348262][ T5377] chrdev_open+0x234/0x6a0 [ 1076.348286][ T5377] ? __pfx_apparmor_file_open+0x10/0x10 [ 1076.348309][ T5377] ? __pfx_chrdev_open+0x10/0x10 [ 1076.348336][ T5377] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1076.348366][ T5377] do_dentry_open+0x6d8/0x1660 [ 1076.348387][ T5377] ? __pfx_chrdev_open+0x10/0x10 [ 1076.348420][ T5377] vfs_open+0x82/0x3f0 [ 1076.348452][ T5377] path_openat+0x208c/0x31a0 [ 1076.348487][ T5377] ? __pfx_path_openat+0x10/0x10 [ 1076.348536][ T5377] do_file_open+0x20e/0x430 [ 1076.348563][ T5377] ? __pfx_do_file_open+0x10/0x10 [ 1076.348606][ T5377] ? alloc_fd+0x476/0x790 [ 1076.348632][ T5377] ? do_getname+0x191/0x390 [ 1076.348663][ T5377] do_sys_openat2+0x10d/0x1e0 [ 1076.348694][ T5377] ? __pfx_do_sys_openat2+0x10/0x10 [ 1076.348725][ T5377] ? __fget_files+0x21f/0x3d0 [ 1076.348753][ T5377] __x64_sys_openat+0x12d/0x210 [ 1076.348783][ T5377] ? __pfx___x64_sys_openat+0x10/0x10 [ 1076.348828][ T5377] do_syscall_64+0x106/0xf80 [ 1076.348865][ T5377] ? clear_bhb_loop+0x40/0x90 [ 1076.348900][ T5377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.348934][ T5377] RIP: 0033:0x7fba4679c799 [ 1076.348957][ T5377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1076.348984][ T5377] RSP: 002b:00007fba47697028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1076.349014][ T5377] RAX: ffffffffffffffda RBX: 00007fba46a15fa0 RCX: 00007fba4679c799 [ 1076.349031][ T5377] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1076.349047][ T5377] RBP: 00007fba46832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1076.349063][ T5377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1076.349078][ T5377] R13: 00007fba46a16038 R14: 00007fba46a15fa0 R15: 00007ffefa370c48 [ 1076.349113][ T5377] [ 1076.897961][ T5382] netlink: 198 bytes leftover after parsing attributes in process `syz.2.12845'. [ 1077.194411][ T5392] Process accounting paused [ 1077.732052][ T5404] [U] [ 1078.009837][ T5395] Process accounting paused [ 1078.055484][ T5414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12858'. [ 1078.067554][ T5414] netlink: 25 bytes leftover after parsing attributes in process `syz.3.12858'. [ 1078.365203][ T5428] binder: 5425:5428 ioctl 40086602 e20 returned -22 [ 1078.546739][ T5432] [U] [ 1078.640956][ T5439] FAULT_INJECTION: forcing a failure. [ 1078.640956][ T5439] name failslab, interval 1, probability 0, space 0, times 0 [ 1078.653707][ T5439] CPU: 1 UID: 0 PID: 5439 Comm: syz.2.12867 Tainted: G L syzkaller #0 PREEMPT(full) [ 1078.653732][ T5439] Tainted: [L]=SOFTLOCKUP [ 1078.653738][ T5439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1078.653747][ T5439] Call Trace: [ 1078.653759][ T5439] [ 1078.653766][ T5439] dump_stack_lvl+0x100/0x190 [ 1078.653793][ T5439] should_fail_ex.cold+0x5/0xa [ 1078.653812][ T5439] should_failslab+0xc2/0x120 [ 1078.653829][ T5439] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1078.653850][ T5439] ? security_file_alloc+0x34/0x2c0 [ 1078.653869][ T5439] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1078.653887][ T5439] security_file_alloc+0x34/0x2c0 [ 1078.653906][ T5439] init_file+0x95/0x480 [ 1078.653924][ T5439] alloc_empty_file+0x73/0x1c0 [ 1078.653942][ T5439] alloc_file_pseudo+0x13a/0x230 [ 1078.653961][ T5439] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1078.653978][ T5439] ? inode_init_always_gfp+0xd0e/0x1040 [ 1078.653999][ T5439] sock_alloc_file+0x50/0x210 [ 1078.654023][ T5439] do_accept+0x242/0x530 [ 1078.654040][ T5439] ? 0xffffffff81000000 [ 1078.654052][ T5439] ? do_raw_spin_lock+0x128/0x260 [ 1078.654074][ T5439] ? __pfx_do_accept+0x10/0x10 [ 1078.654102][ T5439] ? 0xffffffff81000000 [ 1078.654113][ T5439] __sys_accept4+0x108/0x200 [ 1078.654131][ T5439] ? __pfx___sys_accept4+0x10/0x10 [ 1078.654147][ T5439] ? ksys_write+0x1ac/0x250 [ 1078.654161][ T5439] ? __pfx_ksys_write+0x10/0x10 [ 1078.654178][ T5439] __x64_sys_accept+0x74/0xb0 [ 1078.654195][ T5439] ? lockdep_hardirqs_on+0x78/0x100 [ 1078.654217][ T5439] do_syscall_64+0x106/0xf80 [ 1078.654236][ T5439] ? clear_bhb_loop+0x40/0x90 [ 1078.654258][ T5439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1078.654274][ T5439] RIP: 0033:0x7f48f779c799 [ 1078.654287][ T5439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1078.654301][ T5439] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1078.654316][ T5439] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1078.654327][ T5439] RDX: ffffffff81000000 RSI: ffffffffffffffff RDI: 0000000000000003 [ 1078.654336][ T5439] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1078.654346][ T5439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1078.654355][ T5439] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1078.654370][ T5439] ? 0xffffffff81000000 [ 1078.654386][ T5439] [ 1080.013645][T19646] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 1080.720615][ T5502] netlink: 198 bytes leftover after parsing attributes in process `syz.1.12887'. [ 1081.132537][T19646] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 1081.820101][ T5532] netlink: 198 bytes leftover after parsing attributes in process `syz.3.12899'. [ 1082.063030][ T5539] base or size exceeds the MTRR width [ 1083.016244][ T5571] netlink: 334 bytes leftover after parsing attributes in process `syz.1.12911'. [ 1084.050391][ T5596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12919'. [ 1084.074198][ T5597] FAULT_INJECTION: forcing a failure. [ 1084.074198][ T5597] name failslab, interval 1, probability 0, space 0, times 0 [ 1084.092891][ T5597] CPU: 0 UID: 0 PID: 5597 Comm: syz.1.12918 Tainted: G L syzkaller #0 PREEMPT(full) [ 1084.092933][ T5597] Tainted: [L]=SOFTLOCKUP [ 1084.092944][ T5597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1084.092961][ T5597] Call Trace: [ 1084.092971][ T5597] [ 1084.092980][ T5597] dump_stack_lvl+0x100/0x190 [ 1084.093028][ T5597] should_fail_ex.cold+0x5/0xa [ 1084.093062][ T5597] should_failslab+0xc2/0x120 [ 1084.093091][ T5597] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1084.093129][ T5597] ? trace_parse_run_command+0x58/0x3b0 [ 1084.093182][ T5597] trace_parse_run_command+0x58/0x3b0 [ 1084.093224][ T5597] ? __pfx_create_dyn_event+0x10/0x10 [ 1084.093268][ T5597] vfs_write+0x2aa/0x1070 [ 1084.093296][ T5597] ? __pfx_dyn_event_write+0x10/0x10 [ 1084.093334][ T5597] ? __pfx_vfs_write+0x10/0x10 [ 1084.093358][ T5597] ? __fget_files+0x215/0x3d0 [ 1084.093395][ T5597] ? __fget_files+0x21f/0x3d0 [ 1084.093432][ T5597] ksys_write+0x12a/0x250 [ 1084.093459][ T5597] ? __pfx_ksys_write+0x10/0x10 [ 1084.093497][ T5597] do_syscall_64+0x106/0xf80 [ 1084.093535][ T5597] ? clear_bhb_loop+0x40/0x90 [ 1084.093570][ T5597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1084.093600][ T5597] RIP: 0033:0x7f9edf99c799 [ 1084.093624][ T5597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1084.093653][ T5597] RSP: 002b:00007f9eddbf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1084.093680][ T5597] RAX: ffffffffffffffda RBX: 00007f9edfc15fa0 RCX: 00007f9edf99c799 [ 1084.093699][ T5597] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000005 [ 1084.093718][ T5597] RBP: 00007f9edfa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1084.093736][ T5597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1084.093754][ T5597] R13: 00007f9edfc16038 R14: 00007f9edfc15fa0 R15: 00007fffe2ff5f68 [ 1084.093794][ T5597] [ 1084.511185][ T5601] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12920'. [ 1084.524449][ T5601] netlink: 25 bytes leftover after parsing attributes in process `syz.1.12920'. [ 1086.436792][ T5658] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12941'. [ 1086.908562][ T5682] netlink: 342 bytes leftover after parsing attributes in process `syz.3.12949'. [ 1086.955366][ T5674] capability: warning: `syz.0.12946' uses 32-bit capabilities (legacy support in use) [ 1088.017723][ T5706] ERROR: Out of memory at tomoyo_memory_ok. [ 1088.447463][ T5728] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12966'. [ 1088.518393][ T5729] netlink: 74 bytes leftover after parsing attributes in process `syz.3.12967'. [ 1089.229243][ T5760] FAULT_INJECTION: forcing a failure. [ 1089.229243][ T5760] name failslab, interval 1, probability 0, space 0, times 0 [ 1089.229287][ T5760] CPU: 1 UID: 0 PID: 5760 Comm: syz.2.12979 Tainted: G L syzkaller #0 PREEMPT(full) [ 1089.229328][ T5760] Tainted: [L]=SOFTLOCKUP [ 1089.229338][ T5760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1089.229355][ T5760] Call Trace: [ 1089.229364][ T5760] [ 1089.229376][ T5760] dump_stack_lvl+0x100/0x190 [ 1089.229422][ T5760] should_fail_ex.cold+0x5/0xa [ 1089.229456][ T5760] should_failslab+0xc2/0x120 [ 1089.229487][ T5760] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1089.229528][ T5760] ? alloc_empty_file+0x55/0x1c0 [ 1089.229571][ T5760] alloc_empty_file+0x55/0x1c0 [ 1089.229607][ T5760] alloc_file_pseudo+0x13a/0x230 [ 1089.229645][ T5760] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1089.229694][ T5760] ? __lock_acquire+0x4a5/0x2630 [ 1089.229733][ T5760] __shmem_file_setup+0x221/0x490 [ 1089.229773][ T5760] ? __pfx___shmem_file_setup+0x10/0x10 [ 1089.229813][ T5760] ? do_raw_spin_lock+0x128/0x260 [ 1089.229852][ T5760] ? find_held_lock+0x2b/0x80 [ 1089.229878][ T5760] ? alloc_fd+0x476/0x790 [ 1089.229905][ T5760] ? alloc_fd+0x476/0x790 [ 1089.229936][ T5760] memfd_alloc_file+0x247/0x620 [ 1089.229971][ T5760] ? _raw_spin_unlock+0x28/0x50 [ 1089.230007][ T5760] ? __pfx_memfd_alloc_file+0x10/0x10 [ 1089.230057][ T5760] __do_sys_memfd_create+0x236/0x3d0 [ 1089.230100][ T5760] do_syscall_64+0x106/0xf80 [ 1089.230138][ T5760] ? clear_bhb_loop+0x40/0x90 [ 1089.230170][ T5760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1089.230197][ T5760] RIP: 0033:0x7f48f779c799 [ 1089.230219][ T5760] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1089.230247][ T5760] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1089.230274][ T5760] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1089.230294][ T5760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1089.230310][ T5760] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1089.230329][ T5760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1089.230344][ T5760] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1089.230380][ T5760] [ 1089.472618][ T5765] FAULT_INJECTION: forcing a failure. [ 1089.472618][ T5765] name failslab, interval 1, probability 0, space 0, times 0 [ 1089.472676][ T5765] CPU: 0 UID: 0 PID: 5765 Comm: syz.2.12982 Tainted: G L syzkaller #0 PREEMPT(full) [ 1089.472720][ T5765] Tainted: [L]=SOFTLOCKUP [ 1089.472731][ T5765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1089.472749][ T5765] Call Trace: [ 1089.472759][ T5765] [ 1089.472771][ T5765] dump_stack_lvl+0x100/0x190 [ 1089.472819][ T5765] should_fail_ex.cold+0x5/0xa [ 1089.472855][ T5765] should_failslab+0xc2/0x120 [ 1089.472888][ T5765] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1089.472928][ T5765] ? __kernfs_new_node+0xd2/0x960 [ 1089.472967][ T5765] ? kstrdup+0xb3/0xe0 [ 1089.473016][ T5765] __kernfs_new_node+0xd2/0x960 [ 1089.473061][ T5765] ? __pfx___kernfs_new_node+0x10/0x10 [ 1089.473109][ T5765] ? find_held_lock+0x2b/0x80 [ 1089.473136][ T5765] ? kernfs_root+0xee/0x2a0 [ 1089.473173][ T5765] ? kernfs_root+0xee/0x2a0 [ 1089.473221][ T5765] kernfs_new_node+0x11b/0x1a0 [ 1089.473271][ T5765] kernfs_create_link+0xcc/0x240 [ 1089.473308][ T5765] sysfs_do_create_link_sd+0x90/0x140 [ 1089.473349][ T5765] sysfs_create_link+0x61/0xc0 [ 1089.473389][ T5765] device_add+0xb5d/0x1950 [ 1089.473428][ T5765] ? __pfx_device_add+0x10/0x10 [ 1089.473477][ T5765] __add_disk+0x518/0xe40 [ 1089.473508][ T5765] ? find_held_lock+0x2b/0x80 [ 1089.473539][ T5765] add_disk_fwnode+0x3d4/0x5c0 [ 1089.473574][ T5765] zram_add+0x4d2/0x610 [ 1089.473716][ T5765] ? __pfx_zram_add+0x10/0x10 [ 1089.473780][ T5765] ? find_held_lock+0x2b/0x80 [ 1089.473807][ T5765] ? sysfs_file_kobj+0xe4/0x290 [ 1089.473848][ T5765] ? __pfx_hot_add_show+0x10/0x10 [ 1089.473886][ T5765] hot_add_show+0x21/0x80 [ 1089.473922][ T5765] class_attr_show+0x72/0xa0 [ 1089.473956][ T5765] ? __pfx_class_attr_show+0x10/0x10 [ 1089.473986][ T5765] sysfs_kf_seq_show+0x217/0x3a0 [ 1089.474025][ T5765] seq_read_iter+0x32f/0x1270 [ 1089.474085][ T5765] kernfs_fop_read_iter+0x46c/0x610 [ 1089.474118][ T5765] ? rw_verify_area+0xce/0x6d0 [ 1089.474157][ T5765] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1089.474192][ T5765] vfs_read+0x825/0xb30 [ 1089.474241][ T5765] ? __pfx_vfs_read+0x10/0x10 [ 1089.474309][ T5765] ksys_read+0x12a/0x250 [ 1089.474336][ T5765] ? __pfx_ksys_read+0x10/0x10 [ 1089.474375][ T5765] do_syscall_64+0x106/0xf80 [ 1089.474413][ T5765] ? clear_bhb_loop+0x40/0x90 [ 1089.474451][ T5765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1089.474482][ T5765] RIP: 0033:0x7f48f779c799 [ 1089.474509][ T5765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1089.474538][ T5765] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1089.474567][ T5765] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1089.474586][ T5765] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 1089.474614][ T5765] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1089.474633][ T5765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1089.474651][ T5765] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1089.474694][ T5765] [ 1090.701931][ T5785] netlink: 342 bytes leftover after parsing attributes in process `syz.2.12989'. [ 1090.757228][ T5771] Process accounting resumed [ 1093.281132][ T5911] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13025'. [ 1093.326100][ T5911] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13025'. [ 1093.974699][ T5931] netlink: 504 bytes leftover after parsing attributes in process `syz.3.13032'. [ 1095.940305][ T5982] netlink: 338 bytes leftover after parsing attributes in process `syz.1.13050'. [ 1096.763282][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13060'. [ 1096.795137][ T6012] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13062'. [ 1096.806137][ T6010] netlink: 25 bytes leftover after parsing attributes in process `syz.0.13060'. [ 1097.625190][ T6045] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13071'. [ 1097.686335][ T6045] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13071'. [ 1098.411505][ T6081] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13083'. [ 1098.815796][ T6102] ======================================================= [ 1098.815796][ T6102] WARNING: The mand mount option has been deprecated and [ 1098.815796][ T6102] and is ignored by this kernel. Remove the mand [ 1098.815796][ T6102] option from the mount to silence this warning. [ 1098.815796][ T6102] ======================================================= [ 1099.142235][ T6114] ovs_: entered promiscuous mode [ 1099.261684][ T6116] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13093'. [ 1099.634382][ T6132] netlink: 330 bytes leftover after parsing attributes in process `syz.0.13098'. [ 1099.677846][ T6131] kvm: kvm [6130]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004) [ 1099.784457][ T6134] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13100'. [ 1099.908030][ T6138] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13103'. [ 1100.162838][ T6147] netlink: 342 bytes leftover after parsing attributes in process `syz.2.13107'. [ 1101.561781][ T6188] netlink: 322 bytes leftover after parsing attributes in process `syz.3.13122'. [ 1101.711908][ T6175] Process accounting resumed [ 1101.997717][ T6207] netlink: 334 bytes leftover after parsing attributes in process `syz.0.13131'. [ 1102.821029][ T6233] netlink: 146 bytes leftover after parsing attributes in process `syz.2.13140'. [ 1103.619456][ T6246] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13143'. [ 1104.810810][ T6225] kexec: Could not allocate control_code_buffer [ 1105.252506][ T6283] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13157'. [ 1105.458993][ T6290] netlink: 334 bytes leftover after parsing attributes in process `syz.1.13159'. [ 1106.076291][ T6308] netlink: 334 bytes leftover after parsing attributes in process `syz.2.13167'. [ 1107.577458][ T6359] FAULT_INJECTION: forcing a failure. [ 1107.577458][ T6359] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1107.604652][ T6359] CPU: 1 UID: 0 PID: 6359 Comm: syz.2.13179 Tainted: G L syzkaller #0 PREEMPT(full) [ 1107.604696][ T6359] Tainted: [L]=SOFTLOCKUP [ 1107.604707][ T6359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1107.604725][ T6359] Call Trace: [ 1107.604734][ T6359] [ 1107.604746][ T6359] dump_stack_lvl+0x100/0x190 [ 1107.604795][ T6359] should_fail_ex.cold+0x5/0xa [ 1107.604829][ T6359] get_futex_key+0x1d2/0x1620 [ 1107.604868][ T6359] ? __pfx_get_futex_key+0x10/0x10 [ 1107.604915][ T6359] futex_wake+0xea/0x530 [ 1107.604960][ T6359] ? __pfx_futex_wake+0x10/0x10 [ 1107.605004][ T6359] ? putname+0xb1/0x110 [ 1107.605031][ T6359] ? kmem_cache_free+0x124/0x6a0 [ 1107.605075][ T6359] do_futex+0x32b/0x350 [ 1107.605111][ T6359] ? __pfx_do_futex+0x10/0x10 [ 1107.605144][ T6359] ? __pfx_do_sys_openat2+0x10/0x10 [ 1107.605183][ T6359] ? __fget_files+0x21f/0x3d0 [ 1107.605237][ T6359] __x64_sys_futex+0x34f/0x4d0 [ 1107.605277][ T6359] ? __x64_sys_openat+0x12d/0x210 [ 1107.605315][ T6359] ? __pfx___x64_sys_futex+0x10/0x10 [ 1107.605367][ T6359] do_syscall_64+0x106/0xf80 [ 1107.605406][ T6359] ? clear_bhb_loop+0x40/0x90 [ 1107.605442][ T6359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.605471][ T6359] RIP: 0033:0x7f48f779c799 [ 1107.605495][ T6359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1107.605524][ T6359] RSP: 002b:00007f48f86640e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1107.605551][ T6359] RAX: ffffffffffffffda RBX: 00007f48f7a15fa8 RCX: 00007f48f779c799 [ 1107.605571][ T6359] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f48f7a15fac [ 1107.605589][ T6359] RBP: 00007f48f7a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1107.605605][ T6359] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1107.605622][ T6359] R13: 00007f48f7a16038 R14: 00007fffbe1535f0 R15: 00007fffbe1536d8 [ 1107.605661][ T6359] [ 1108.003191][ T6351] Process accounting resumed [ 1108.670216][ T6382] Process accounting resumed [ 1109.714257][ T6423] netlink: 330 bytes leftover after parsing attributes in process `syz.0.13198'. [ 1109.879803][ T6431] netlink: 342 bytes leftover after parsing attributes in process `syz.0.13200'. [ 1110.252144][ T6443] kvm: kvm [6440]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004) [ 1111.603472][ T6482] Console: switching to colour VGA+ 80x25 [ 1111.688015][ T6482] ================================================================== [ 1111.688073][ T6482] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1111.688150][ T6482] Read of size 26 at addr ffff88802c3991ea by task syz.2.13221/6482 [ 1111.688177][ T6482] [ 1111.688194][ T6482] CPU: 0 UID: 0 PID: 6482 Comm: syz.2.13221 Tainted: G L syzkaller #0 PREEMPT(full) [ 1111.688236][ T6482] Tainted: [L]=SOFTLOCKUP [ 1111.688251][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1111.688270][ T6482] Call Trace: [ 1111.688280][ T6482] [ 1111.688299][ T6482] dump_stack_lvl+0x100/0x190 [ 1111.688343][ T6482] print_report+0x156/0x4c9 [ 1111.688383][ T6482] ? __virt_addr_valid+0x81/0x620 [ 1111.688418][ T6482] ? __phys_addr+0xe8/0x180 [ 1111.688456][ T6482] ? fbcon_prepare_logo+0x94e/0xc60 [ 1111.688486][ T6482] kasan_report+0xdf/0x1e0 [ 1111.688518][ T6482] ? fbcon_prepare_logo+0x94e/0xc60 [ 1111.688552][ T6482] kasan_check_range+0x10f/0x1e0 [ 1111.688586][ T6482] __asan_memcpy+0x23/0x60 [ 1111.688624][ T6482] fbcon_prepare_logo+0x94e/0xc60 [ 1111.688661][ T6482] fbcon_init+0x10a0/0x1820 [ 1111.688695][ T6482] visual_init+0x320/0x620 [ 1111.688729][ T6482] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1111.688769][ T6482] store_bind+0x609/0x730 [ 1111.688806][ T6482] ? __pfx_store_bind+0x10/0x10 [ 1111.688841][ T6482] dev_attr_store+0x58/0x80 [ 1111.688872][ T6482] ? __pfx_dev_attr_store+0x10/0x10 [ 1111.688904][ T6482] sysfs_kf_write+0xf2/0x150 [ 1111.688939][ T6482] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1111.688968][ T6482] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1111.689004][ T6482] vfs_write+0x6ac/0x1070 [ 1111.689030][ T6482] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1111.689063][ T6482] ? __pfx_vfs_write+0x10/0x10 [ 1111.689100][ T6482] ksys_write+0x12a/0x250 [ 1111.689126][ T6482] ? __pfx_ksys_write+0x10/0x10 [ 1111.689157][ T6482] do_syscall_64+0x106/0xf80 [ 1111.689195][ T6482] ? clear_bhb_loop+0x40/0x90 [ 1111.689228][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.689259][ T6482] RIP: 0033:0x7f48f779c799 [ 1111.689281][ T6482] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1111.689323][ T6482] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1111.689352][ T6482] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1111.689373][ T6482] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1111.689392][ T6482] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1111.689410][ T6482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1111.689428][ T6482] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1111.689457][ T6482] [ 1111.689468][ T6482] [ 1111.689477][ T6482] Allocated by task 5824: [ 1111.689491][ T6482] kasan_save_stack+0x30/0x50 [ 1111.689533][ T6482] kasan_save_track+0x14/0x30 [ 1111.689574][ T6482] __kasan_kmalloc+0xaa/0xb0 [ 1111.689611][ T6482] kset_create_and_add+0x4d/0x190 [ 1111.689638][ T6482] netdev_register_kobject+0x1ef/0x3d0 [ 1111.689730][ T6482] register_netdevice+0x12e0/0x2210 [ 1111.689787][ T6482] virt_wifi_newlink+0x43e/0x8a0 [ 1111.689850][ T6482] rtnl_newlink+0x1494/0x2380 [ 1111.689920][ T6482] rtnetlink_rcv_msg+0x95e/0xe90 [ 1111.689957][ T6482] netlink_rcv_skb+0x159/0x420 [ 1111.689996][ T6482] netlink_unicast+0x5aa/0x870 [ 1111.690034][ T6482] netlink_sendmsg+0x8b0/0xda0 [ 1111.690072][ T6482] __sys_sendto+0x468/0x4b0 [ 1111.690103][ T6482] __x64_sys_sendto+0xe0/0x1c0 [ 1111.690136][ T6482] do_syscall_64+0x106/0xf80 [ 1111.690172][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.690200][ T6482] [ 1111.690208][ T6482] The buggy address belongs to the object at ffff88802c399100 [ 1111.690208][ T6482] which belongs to the cache kmalloc-192 of size 192 [ 1111.690232][ T6482] The buggy address is located 82 bytes to the right of [ 1111.690232][ T6482] allocated 152-byte region [ffff88802c399100, ffff88802c399198) [ 1111.690263][ T6482] [ 1111.690271][ T6482] The buggy address belongs to the physical page: [ 1111.690283][ T6482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c399 [ 1111.690318][ T6482] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1111.690342][ T6482] page_type: f5(slab) [ 1111.690367][ T6482] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 1111.690394][ T6482] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1111.690410][ T6482] page dumped because: kasan: bad access detected [ 1111.690424][ T6482] page_owner tracks the page as allocated [ 1111.690434][ T6482] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10541358248, free_ts 10533712348 [ 1111.690482][ T6482] post_alloc_hook+0x153/0x170 [ 1111.690517][ T6482] get_page_from_freelist+0x111d/0x3140 [ 1111.690555][ T6482] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1111.690594][ T6482] new_slab+0xa6/0x6b0 [ 1111.690624][ T6482] refill_objects+0x26b/0x400 [ 1111.690659][ T6482] __pcs_replace_empty_main+0x1ab/0x660 [ 1111.690696][ T6482] __kmalloc_noprof+0x688/0x850 [ 1111.690733][ T6482] usb_alloc_urb+0x66/0xa0 [ 1111.690801][ T6482] usb_control_msg+0x1d3/0x4b0 [ 1111.690833][ T6482] hub_power_on+0x193/0x4f0 [ 1111.690865][ T6482] hub_activate+0x1537/0x1d50 [ 1111.690897][ T6482] hub_probe.cold+0x2eca/0x2ed5 [ 1111.690944][ T6482] usb_probe_interface+0x303/0x8f0 [ 1111.690997][ T6482] really_probe+0x241/0xa60 [ 1111.691022][ T6482] __driver_probe_device+0x1de/0x400 [ 1111.691048][ T6482] driver_probe_device+0x4c/0x1b0 [ 1111.691073][ T6482] page last free pid 54 tgid 54 stack trace: [ 1111.691089][ T6482] __free_frozen_pages+0x7e1/0x10d0 [ 1111.691121][ T6482] vfree.part.0+0x12b/0x9d0 [ 1111.691149][ T6482] delayed_vfree_work+0x8e/0xd0 [ 1111.691180][ T6482] process_one_work+0xa23/0x19a0 [ 1111.691217][ T6482] worker_thread+0x5ef/0xe50 [ 1111.691252][ T6482] kthread+0x370/0x450 [ 1111.691294][ T6482] ret_from_fork+0x754/0xd80 [ 1111.691333][ T6482] ret_from_fork_asm+0x1a/0x30 [ 1111.691364][ T6482] [ 1111.691371][ T6482] Memory state around the buggy address: [ 1111.691386][ T6482] ffff88802c399080: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 1111.691407][ T6482] ffff88802c399100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1111.691428][ T6482] >ffff88802c399180: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1111.691445][ T6482] ^ [ 1111.691462][ T6482] ffff88802c399200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1111.691482][ T6482] ffff88802c399280: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1111.691498][ T6482] ================================================================== [ 1111.704120][ T6482] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1111.704147][ T6482] CPU: 0 UID: 0 PID: 6482 Comm: syz.2.13221 Tainted: G L syzkaller #0 PREEMPT(full) [ 1111.704190][ T6482] Tainted: [L]=SOFTLOCKUP [ 1111.704204][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1111.704223][ T6482] Call Trace: [ 1111.704233][ T6482] [ 1111.704245][ T6482] dump_stack_lvl+0x100/0x190 [ 1111.704302][ T6482] vpanic+0x552/0x970 [ 1111.704332][ T6482] ? __pfx_vpanic+0x10/0x10 [ 1111.704364][ T6482] ? fbcon_prepare_logo+0x94e/0xc60 [ 1111.704395][ T6482] panic+0xd1/0xe0 [ 1111.704422][ T6482] ? __pfx_panic+0x10/0x10 [ 1111.704452][ T6482] ? fbcon_prepare_logo+0x94e/0xc60 [ 1111.704483][ T6482] ? preempt_schedule_common+0x42/0xc0 [ 1111.704526][ T6482] check_panic_on_warn.cold+0x19/0x34 [ 1111.704557][ T6482] end_report.part.0+0x3a/0x90 [ 1111.704596][ T6482] kasan_report.cold+0xe/0x18 [ 1111.704635][ T6482] ? fbcon_prepare_logo+0x94e/0xc60 [ 1111.704671][ T6482] kasan_check_range+0x10f/0x1e0 [ 1111.704706][ T6482] __asan_memcpy+0x23/0x60 [ 1111.704744][ T6482] fbcon_prepare_logo+0x94e/0xc60 [ 1111.704781][ T6482] fbcon_init+0x10a0/0x1820 [ 1111.704815][ T6482] visual_init+0x320/0x620 [ 1111.704848][ T6482] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1111.704892][ T6482] store_bind+0x609/0x730 [ 1111.704933][ T6482] ? __pfx_store_bind+0x10/0x10 [ 1111.704969][ T6482] dev_attr_store+0x58/0x80 [ 1111.705000][ T6482] ? __pfx_dev_attr_store+0x10/0x10 [ 1111.705032][ T6482] sysfs_kf_write+0xf2/0x150 [ 1111.705068][ T6482] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1111.705096][ T6482] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1111.705132][ T6482] vfs_write+0x6ac/0x1070 [ 1111.705158][ T6482] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1111.705190][ T6482] ? __pfx_vfs_write+0x10/0x10 [ 1111.705228][ T6482] ksys_write+0x12a/0x250 [ 1111.705255][ T6482] ? __pfx_ksys_write+0x10/0x10 [ 1111.705294][ T6482] do_syscall_64+0x106/0xf80 [ 1111.705334][ T6482] ? clear_bhb_loop+0x40/0x90 [ 1111.705368][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.705397][ T6482] RIP: 0033:0x7f48f779c799 [ 1111.705421][ T6482] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1111.705451][ T6482] RSP: 002b:00007f48f8664028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1111.705480][ T6482] RAX: ffffffffffffffda RBX: 00007f48f7a15fa0 RCX: 00007f48f779c799 [ 1111.705502][ T6482] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1111.705522][ T6482] RBP: 00007f48f7832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1111.705542][ T6482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1111.705561][ T6482] R13: 00007f48f7a16038 R14: 00007f48f7a15fa0 R15: 00007fffbe1536d8 [ 1111.705591][ T6482] [ 1111.705863][ T6482] Kernel Offset: disabled