last executing test programs: 3.88545622s ago: executing program 0 (id=9870): mmap$auto(0x0, 0x4000b, 0xa, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) r0 = pipe$auto(0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/fail_over_mac\x00', 0x103b02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff011) 3.560936169s ago: executing program 0 (id=9872): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) times$auto(0xfffffffffffffffc) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 3.330346128s ago: executing program 1 (id=9874): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000440)={0x81, 0x0, [{0x5, 0x7}]}) 3.213603563s ago: executing program 3 (id=9875): r0 = socket(0x22, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000480)={'dummy0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e80)={0x20, r2, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_MODULE_FW_FLASH_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x20}, 0x1, 0x1000060}, 0x400c080) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) 2.797032886s ago: executing program 3 (id=9877): close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x2, 0x1, 0x0) socket(0x18, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) fallocate$auto(0x8000000000000003, 0x0, 0xf, 0x200000002) 2.667664758s ago: executing program 3 (id=9879): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000080)={0xdc}) 2.633811775s ago: executing program 0 (id=9880): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x3b) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r0, 0x29, 0x18, 0x0, 0x0) 2.443435165s ago: executing program 1 (id=9882): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) 2.296520618s ago: executing program 3 (id=9883): openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/setgroups\x00', 0x149002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x402c542d, 0xffffffffffffffff) write$auto(0x1, 0x0, 0x80000000) fcntl$auto(0x0, 0x407, 0x100000) 2.008979937s ago: executing program 2 (id=9885): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, 0x0, 0x55) ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(0xffffffffffffffff, 0xc038586c, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x7fffffff, 0x0, 0x3, &(0x7f0000000500), 0x0}) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x8) 1.873259944s ago: executing program 1 (id=9886): mmap$auto(0x0, 0x2020009, 0x40000003, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x5) sysfs$auto(0x2, 0x27, 0x6) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/v4l-subdev0\x00', 0x0, 0x0) ioctl$auto(r0, 0xc0445624, r0) 1.542210067s ago: executing program 0 (id=9887): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8937, 0x24) 1.471866859s ago: executing program 1 (id=9888): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x4e20, @rand_addr=0xfffffffe}, 0x57) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 1.35041139s ago: executing program 2 (id=9889): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/ptyvf/power/runtime_status\x00', 0x301580, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto(0x3, 0x4030ae7b, r0) 1.120919996s ago: executing program 3 (id=9890): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) process_vm_writev$auto(0x1, &(0x7f0000002980)={0x0, 0x4}, 0x3, &(0x7f0000002a40)={0x0, 0x7}, 0x4, 0x0) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) 1.096198339s ago: executing program 2 (id=9891): mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x1e1500, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) shmctl$auto_IPC_INFO(0x7, 0x3, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, 0x0) 889.291932ms ago: executing program 2 (id=9892): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vivid.0/video4linux/v4l-touch5/dev_debug\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000012c0)='/proc/sys/net/smc/smcr_max_links_per_lgr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 721.255436ms ago: executing program 2 (id=9893): sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 656.086439ms ago: executing program 1 (id=9894): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000100)={0x3, 0x0, [{0x8ff, 0x10, 0x1}]}) 533.583971ms ago: executing program 0 (id=9895): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fd038004001298"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 517.272372ms ago: executing program 2 (id=9896): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) io_uring_setup$auto(0x40000002c55, 0x0) socket(0x10, 0x2, 0x0) r0 = socket(0x2, 0x80002, 0x73) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@query={@target_fd=r0, 0x3ca, 0x6, 0x1, 0x6, @count=0x9c4b, 0x0, 0x2000003, 0x7fffffff, 0xdb, 0x7a7c}, 0x10) bpf$auto(0x1b, &(0x7f0000000380)=@task_fd_query={0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4, 0x8, 0xffffffffffffffff, 0x8}, 0x98) 267.958355ms ago: executing program 3 (id=9897): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x14, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2202, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x5, 0x9}, 0x7}, 0x3, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) 206.799287ms ago: executing program 0 (id=9898): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 0s ago: executing program 1 (id=9899): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='^'], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): in process `syz.3.7927'. [ 735.382325][T24327] netlink: 330 bytes leftover after parsing attributes in process `syz.0.7943'. [ 736.157035][T24346] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7951'. [ 736.196350][T24346] Zero length message leads to an empty skb [ 736.212143][T24348] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 736.662435][T24356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7956'. [ 737.537481][T24374] netlink: 20 bytes leftover after parsing attributes in process `syz.2.7963'. [ 737.679298][T24378] netlink: 330 bytes leftover after parsing attributes in process `syz.1.7965'. [ 738.170009][T24386] netlink: 330 bytes leftover after parsing attributes in process `syz.0.7977'. [ 740.183358][T24426] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 740.270605][T24429] netlink: 330 bytes leftover after parsing attributes in process `syz.3.7987'. [ 741.005547][T24442] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 742.380115][T24468] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7999'. [ 747.361702][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.368185][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 761.288634][T24660] netlink: 334 bytes leftover after parsing attributes in process `syz.2.8067'. [ 761.686160][T24652] raw_sendmsg: syz.1.8073 forgot to set AF_INET. Fix it! [ 763.615486][T24681] netlink: 326 bytes leftover after parsing attributes in process `syz.0.8071'. [ 770.922737][T24725] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8097'. [ 772.023985][T24736] netlink: 'syz.2.8091': attribute type 2 has an invalid length. [ 772.771667][T24745] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8096'. [ 772.948545][T24748] HfR: entered promiscuous mode [ 773.119164][T24750] HfR: entered promiscuous mode [ 773.251877][T24750] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8098'. [ 773.311277][T24750] HfR: left promiscuous mode [ 774.148473][T24763] netlink: 354 bytes leftover after parsing attributes in process `syz.1.8103'. [ 775.098490][T24773] sd 0:0:1:0: PR command failed: 1026 [ 775.127781][T24773] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 775.162344][T24773] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 775.794696][T24770] mmap: syz.3.8102 (24770) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 779.191349][T24817] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8121'. [ 779.304644][T24817] HfR: entered promiscuous mode [ 780.360520][T24828] HfR: entered promiscuous mode [ 780.481278][T24828] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8126'. [ 780.490416][T24828] HfR: left promiscuous mode [ 782.045371][T24841] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8130'. [ 783.485359][T24846] netlink: 326 bytes leftover after parsing attributes in process `syz.2.8133'. [ 789.384562][T24914] netlink: 326 bytes leftover after parsing attributes in process `syz.3.8160'. [ 791.310538][T24937] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8164'. [ 791.881141][T24944] input: f as /devices/virtual/input/input18 [ 793.444594][T24961] netlink: 350 bytes leftover after parsing attributes in process `syz.1.8176'. [ 797.004679][T24995] netlink: 330 bytes leftover after parsing attributes in process `syz.2.8190'. [ 803.271254][T25045] netlink: 346 bytes leftover after parsing attributes in process `syz.3.8205'. [ 807.735660][T25109] netlink: 334 bytes leftover after parsing attributes in process `syz.0.8228'. [ 808.778376][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.786592][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.343614][T25154] FAULT_INJECTION: forcing a failure. [ 811.343614][T25154] name failslab, interval 1, probability 0, space 0, times 0 [ 811.423896][T25154] CPU: 0 UID: 0 PID: 25154 Comm: syz.3.8242 Tainted: G L syzkaller #0 PREEMPT(full) [ 811.423957][T25154] Tainted: [L]=SOFTLOCKUP [ 811.423969][T25154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 811.423990][T25154] Call Trace: [ 811.424002][T25154] [ 811.424014][T25154] dump_stack_lvl+0x100/0x190 [ 811.424080][T25154] should_fail_ex.cold+0x5/0xa [ 811.424123][T25154] should_failslab+0xc2/0x120 [ 811.424160][T25154] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 811.424218][T25154] ? landlock_restrict_sibling_threads+0x48a/0x1280 [ 811.424289][T25154] krealloc_node_align_noprof+0x30a/0x3e0 [ 811.424356][T25154] landlock_restrict_sibling_threads+0x48a/0x1280 [ 811.424416][T25154] ? __pfx_landlock_restrict_sibling_threads+0x10/0x10 [ 811.424505][T25154] ? __pfx___might_resched+0x10/0x10 [ 811.424560][T25154] ? landlock_merge_ruleset+0x213/0x830 [ 811.424605][T25154] __do_sys_landlock_restrict_self+0x5c9/0x9e0 [ 811.424691][T25154] do_syscall_64+0x106/0xf80 [ 811.424751][T25154] ? clear_bhb_loop+0x40/0x90 [ 811.424796][T25154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.424835][T25154] RIP: 0033:0x7f6fc7b9c799 [ 811.424864][T25154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 811.424900][T25154] RSP: 002b:00007f6fc89da028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 811.424936][T25154] RAX: ffffffffffffffda RBX: 00007f6fc7e16090 RCX: 00007f6fc7b9c799 [ 811.424961][T25154] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000003 [ 811.424983][T25154] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 811.425005][T25154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 811.425026][T25154] R13: 00007f6fc7e16128 R14: 00007f6fc7e16090 R15: 00007ffdba1cedd8 [ 811.425071][T25154] [ 812.143669][T25164] netlink: 334 bytes leftover after parsing attributes in process `syz.2.8247'. [ 813.913754][T25176] FAULT_INJECTION: forcing a failure. [ 813.913754][T25176] name failslab, interval 1, probability 0, space 0, times 0 [ 813.961255][T25176] CPU: 0 UID: 0 PID: 25176 Comm: syz.1.8254 Tainted: G L syzkaller #0 PREEMPT(full) [ 813.961317][T25176] Tainted: [L]=SOFTLOCKUP [ 813.961329][T25176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 813.961350][T25176] Call Trace: [ 813.961363][T25176] [ 813.961376][T25176] dump_stack_lvl+0x100/0x190 [ 813.961440][T25176] should_fail_ex.cold+0x5/0xa [ 813.961481][T25176] should_failslab+0xc2/0x120 [ 813.961521][T25176] __kmalloc_cache_noprof+0x7a/0x6f0 [ 813.961571][T25176] ? snd_pcm_attach_substream+0x451/0xd60 [ 813.961630][T25176] ? snd_ctl_get_preferred_subdevice+0x191/0x200 [ 813.961704][T25176] ? snd_pcm_open+0x25f/0x710 [ 813.961768][T25176] snd_pcm_attach_substream+0x451/0xd60 [ 813.961842][T25176] snd_pcm_open_substream+0x90/0x1850 [ 813.961898][T25176] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 813.961949][T25176] ? rcu_is_watching+0x12/0xc0 [ 813.962011][T25176] snd_pcm_open+0x2a3/0x710 [ 813.962065][T25176] ? __pfx_snd_pcm_open+0x10/0x10 [ 813.962118][T25176] ? __pfx_default_wake_function+0x10/0x10 [ 813.962166][T25176] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 813.962216][T25176] snd_pcm_capture_open+0x89/0xe0 [ 813.962262][T25176] snd_open+0x22d/0x4c0 [ 813.962298][T25176] ? __pfx_snd_open+0x10/0x10 [ 813.962335][T25176] chrdev_open+0x234/0x6a0 [ 813.962374][T25176] ? __pfx_apparmor_file_open+0x10/0x10 [ 813.962410][T25176] ? __pfx_chrdev_open+0x10/0x10 [ 813.962448][T25176] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 813.962497][T25176] do_dentry_open+0x6d8/0x1660 [ 813.962532][T25176] ? __pfx_chrdev_open+0x10/0x10 [ 813.962577][T25176] vfs_open+0x82/0x3f0 [ 813.962627][T25176] path_openat+0x208c/0x31a0 [ 813.962679][T25176] ? __pfx_path_openat+0x10/0x10 [ 813.962731][T25176] do_file_open+0x20e/0x430 [ 813.962772][T25176] ? __pfx_do_file_open+0x10/0x10 [ 813.962850][T25176] ? alloc_fd+0x476/0x790 [ 813.962893][T25176] ? do_getname+0x191/0x390 [ 813.962945][T25176] do_sys_openat2+0x10d/0x1e0 [ 813.962992][T25176] ? __pfx_do_sys_openat2+0x10/0x10 [ 813.963041][T25176] ? __fget_files+0x21f/0x3d0 [ 813.963083][T25176] __x64_sys_openat+0x12d/0x210 [ 813.963131][T25176] ? __pfx___x64_sys_openat+0x10/0x10 [ 813.963194][T25176] do_syscall_64+0x106/0xf80 [ 813.963247][T25176] ? clear_bhb_loop+0x40/0x90 [ 813.963293][T25176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 813.963333][T25176] RIP: 0033:0x7f4a06b9c799 [ 813.963364][T25176] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 813.963402][T25176] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 813.963439][T25176] RAX: ffffffffffffffda RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 813.963462][T25176] RDX: 0000000000080042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 813.963485][T25176] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 813.963506][T25176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 813.963527][T25176] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 813.963580][T25176] [ 815.015847][T25193] input: f as /devices/virtual/input/input19 [ 817.254871][T25219] FAULT_INJECTION: forcing a failure. [ 817.254871][T25219] name failslab, interval 1, probability 0, space 0, times 0 [ 817.352205][T25219] CPU: 0 UID: 0 PID: 25219 Comm: syz.0.8266 Tainted: G L syzkaller #0 PREEMPT(full) [ 817.352265][T25219] Tainted: [L]=SOFTLOCKUP [ 817.352279][T25219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 817.352299][T25219] Call Trace: [ 817.352310][T25219] [ 817.352324][T25219] dump_stack_lvl+0x100/0x190 [ 817.352388][T25219] should_fail_ex.cold+0x5/0xa [ 817.352430][T25219] should_failslab+0xc2/0x120 [ 817.352472][T25219] __kmalloc_cache_noprof+0x7a/0x6f0 [ 817.352522][T25219] ? snd_pcm_attach_substream+0x451/0xd60 [ 817.352581][T25219] ? snd_ctl_get_preferred_subdevice+0x191/0x200 [ 817.352632][T25219] ? snd_pcm_open+0x25f/0x710 [ 817.352684][T25219] snd_pcm_attach_substream+0x451/0xd60 [ 817.352747][T25219] snd_pcm_open_substream+0x90/0x1850 [ 817.352800][T25219] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 817.352852][T25219] ? rcu_is_watching+0x12/0xc0 [ 817.352915][T25219] snd_pcm_open+0x2a3/0x710 [ 817.352969][T25219] ? __pfx_snd_pcm_open+0x10/0x10 [ 817.353035][T25219] ? __pfx_default_wake_function+0x10/0x10 [ 817.353087][T25219] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 817.353140][T25219] snd_pcm_capture_open+0x89/0xe0 [ 817.353195][T25219] snd_open+0x22d/0x4c0 [ 817.353233][T25219] ? __pfx_snd_open+0x10/0x10 [ 817.353271][T25219] chrdev_open+0x234/0x6a0 [ 817.353307][T25219] ? __pfx_apparmor_file_open+0x10/0x10 [ 817.353346][T25219] ? __pfx_chrdev_open+0x10/0x10 [ 817.353386][T25219] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 817.353436][T25219] do_dentry_open+0x6d8/0x1660 [ 817.353470][T25219] ? __pfx_chrdev_open+0x10/0x10 [ 817.353536][T25219] vfs_open+0x82/0x3f0 [ 817.353588][T25219] path_openat+0x208c/0x31a0 [ 817.353641][T25219] ? __pfx_path_openat+0x10/0x10 [ 817.353695][T25219] do_file_open+0x20e/0x430 [ 817.353756][T25219] ? __pfx_do_file_open+0x10/0x10 [ 817.353827][T25219] ? alloc_fd+0x476/0x790 [ 817.353869][T25219] ? do_getname+0x191/0x390 [ 817.353917][T25219] do_sys_openat2+0x10d/0x1e0 [ 817.353965][T25219] ? __pfx_do_sys_openat2+0x10/0x10 [ 817.354023][T25219] ? __fget_files+0x21f/0x3d0 [ 817.354068][T25219] __x64_sys_openat+0x12d/0x210 [ 817.354114][T25219] ? __pfx___x64_sys_openat+0x10/0x10 [ 817.354173][T25219] do_syscall_64+0x106/0xf80 [ 817.354218][T25219] ? clear_bhb_loop+0x40/0x90 [ 817.354255][T25219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.354288][T25219] RIP: 0033:0x7f259a99c799 [ 817.354315][T25219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 817.354345][T25219] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 817.354374][T25219] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 817.354394][T25219] RDX: 0000000000080042 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 817.354413][T25219] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 817.354430][T25219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.354447][T25219] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 817.354487][T25219] [ 818.458738][T25224] FAULT_INJECTION: forcing a failure. [ 818.458738][T25224] name failslab, interval 1, probability 0, space 0, times 0 [ 818.550253][T25224] CPU: 0 UID: 0 PID: 25224 Comm: syz.0.8269 Tainted: G L syzkaller #0 PREEMPT(full) [ 818.550313][T25224] Tainted: [L]=SOFTLOCKUP [ 818.550326][T25224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 818.550349][T25224] Call Trace: [ 818.550359][T25224] [ 818.550373][T25224] dump_stack_lvl+0x100/0x190 [ 818.550440][T25224] should_fail_ex.cold+0x5/0xa [ 818.550481][T25224] should_failslab+0xc2/0x120 [ 818.550521][T25224] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 818.550577][T25224] ? proc_alloc_inode+0x25/0x200 [ 818.550628][T25224] ? d_alloc_parallel+0x864/0x14e0 [ 818.550686][T25224] ? __pfx_proc_alloc_inode+0x10/0x10 [ 818.550739][T25224] proc_alloc_inode+0x25/0x200 [ 818.550790][T25224] alloc_inode+0x68/0x250 [ 818.550838][T25224] new_inode+0x22/0x1c0 [ 818.550889][T25224] proc_get_inode+0x1d/0x780 [ 818.550958][T25224] proc_lookup_de+0x236/0x360 [ 818.550996][T25224] proc_lookup+0xcf/0x110 [ 818.551023][T25224] lookup_open.isra.0+0x631/0x11b0 [ 818.551077][T25224] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 818.551142][T25224] ? lookup_fast+0x2da/0x600 [ 818.551187][T25224] path_openat+0xa98/0x31a0 [ 818.551228][T25224] ? __pfx_path_openat+0x10/0x10 [ 818.551271][T25224] do_file_open+0x20e/0x430 [ 818.551303][T25224] ? __pfx_do_file_open+0x10/0x10 [ 818.551345][T25224] ? __pfx_kfree_link+0x10/0x10 [ 818.551396][T25224] ? alloc_fd+0x476/0x790 [ 818.551430][T25224] ? do_getname+0x191/0x390 [ 818.551474][T25224] do_sys_openat2+0x10d/0x1e0 [ 818.551516][T25224] ? __pfx_do_sys_openat2+0x10/0x10 [ 818.551560][T25224] ? __fget_files+0x21f/0x3d0 [ 818.551597][T25224] __x64_sys_openat+0x12d/0x210 [ 818.551636][T25224] ? __pfx___x64_sys_openat+0x10/0x10 [ 818.551689][T25224] do_syscall_64+0x106/0xf80 [ 818.551731][T25224] ? clear_bhb_loop+0x40/0x90 [ 818.551769][T25224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.551800][T25224] RIP: 0033:0x7f259a99c799 [ 818.551827][T25224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 818.551856][T25224] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 818.551887][T25224] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 818.551918][T25224] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 818.551937][T25224] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 818.551956][T25224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 818.551974][T25224] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 818.552024][T25224] [ 821.874764][T25257] netlink: 350 bytes leftover after parsing attributes in process `syz.3.8281'. [ 823.938244][T25275] input: f as /devices/virtual/input/input20 [ 844.294854][T25497] netlink: 'syz.0.8372': attribute type 64 has an invalid length. [ 844.336963][T25497] netlink: 74 bytes leftover after parsing attributes in process `syz.0.8372'. [ 844.891251][T25507] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 845.325162][T25508] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 845.559471][T25518] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8368'. [ 849.960741][T25584] netlink: 326 bytes leftover after parsing attributes in process `syz.1.8392'. [ 852.322382][T25614] FAULT_INJECTION: forcing a failure. [ 852.322382][T25614] name failslab, interval 1, probability 0, space 0, times 0 [ 852.391246][T25614] CPU: 1 UID: 0 PID: 25614 Comm: syz.3.8408 Tainted: G L syzkaller #0 PREEMPT(full) [ 852.391311][T25614] Tainted: [L]=SOFTLOCKUP [ 852.391324][T25614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 852.391359][T25614] Call Trace: [ 852.391373][T25614] [ 852.391389][T25614] dump_stack_lvl+0x100/0x190 [ 852.391461][T25614] should_fail_ex.cold+0x5/0xa [ 852.391509][T25614] should_failslab+0xc2/0x120 [ 852.391553][T25614] __kmalloc_cache_noprof+0x7a/0x6f0 [ 852.391610][T25614] ? snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 852.391675][T25614] snd_pcm_oss_change_params_locked+0x211/0x39f0 [ 852.391737][T25614] ? __mutex_lock+0x26a/0x1b90 [ 852.391810][T25614] ? snd_pcm_oss_sync+0x243/0x840 [ 852.391860][T25614] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 852.391914][T25614] ? __pfx___mutex_lock+0x10/0x10 [ 852.391983][T25614] ? __fsnotify_parent+0x2b4/0xca0 [ 852.392040][T25614] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 852.392091][T25614] snd_pcm_oss_sync+0x265/0x840 [ 852.392146][T25614] snd_pcm_oss_release+0x238/0x300 [ 852.392193][T25614] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 852.392240][T25614] __fput+0x3ff/0xb40 [ 852.392298][T25614] task_work_run+0x150/0x240 [ 852.392371][T25614] ? __pfx_task_work_run+0x10/0x10 [ 852.392444][T25614] exit_to_user_mode_loop+0x100/0x4a0 [ 852.392503][T25614] do_syscall_64+0x668/0xf80 [ 852.392560][T25614] ? clear_bhb_loop+0x40/0x90 [ 852.392611][T25614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.392654][T25614] RIP: 0033:0x7f6fc7b9c799 [ 852.392689][T25614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 852.392730][T25614] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 852.392770][T25614] RAX: 0000000000000000 RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 852.392796][T25614] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 852.392819][T25614] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 852.392842][T25614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 852.392864][T25614] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 852.392914][T25614] [ 852.853221][ T29] audit: type=1326 audit(4295004438.876:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25620 comm="syz.0.8418" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f259a99c799 code=0x0 [ 853.273161][T25630] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 853.302912][T25630] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 853.310155][T25630] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.378587][T25630] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 855.331412][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 855.331976][T21428] Bluetooth: hci1: command 0x0406 tx timeout [ 855.338306][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 855.421203][T25653] Bluetooth: hci2: command 0x0406 tx timeout [ 856.736941][T25676] netlink: 350 bytes leftover after parsing attributes in process `syz.2.8431'. [ 856.779723][T25678] FAULT_INJECTION: forcing a failure. [ 856.779723][T25678] name failslab, interval 1, probability 0, space 0, times 0 [ 856.792442][T25678] CPU: 1 UID: 0 PID: 25678 Comm: syz.0.8432 Tainted: G L syzkaller #0 PREEMPT(full) [ 856.792499][T25678] Tainted: [L]=SOFTLOCKUP [ 856.792513][T25678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 856.792535][T25678] Call Trace: [ 856.792546][T25678] [ 856.792559][T25678] dump_stack_lvl+0x100/0x190 [ 856.792624][T25678] should_fail_ex.cold+0x5/0xa [ 856.792666][T25678] should_failslab+0xc2/0x120 [ 856.792708][T25678] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 856.792763][T25678] ? __send_signal_locked+0x155/0x12d0 [ 856.792827][T25678] __send_signal_locked+0x155/0x12d0 [ 856.792887][T25678] group_send_sig_info+0x2a4/0x300 [ 856.792938][T25678] ? __pfx_group_send_sig_info+0x10/0x10 [ 856.792992][T25678] ? kill_pid_info_type+0x1a/0x290 [ 856.793031][T25678] kill_pid_info_type+0x92/0x290 [ 856.793076][T25678] kill_proc_info+0x6f/0x1b0 [ 856.793118][T25678] kill_something_info+0x2a0/0x310 [ 856.793166][T25678] __x64_sys_kill+0x1c4/0x250 [ 856.793210][T25678] ? __pfx___x64_sys_kill+0x10/0x10 [ 856.793274][T25678] do_syscall_64+0x106/0xf80 [ 856.793328][T25678] ? clear_bhb_loop+0x40/0x90 [ 856.793370][T25678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.793407][T25678] RIP: 0033:0x7f259a99c799 [ 856.793437][T25678] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 856.793474][T25678] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 856.793509][T25678] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 856.793532][T25678] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 000000000000126f [ 856.793552][T25678] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 856.793572][T25678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.793593][T25678] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 856.793638][T25678] [ 857.505403][T25688] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8444'. [ 861.144988][T25724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 861.175295][T25725] block nbd8: shutting down sockets [ 861.210533][T25724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 861.253060][T25724] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 861.259297][T25724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 861.645770][T25732] net_ratelimit: 7 callbacks suppressed [ 861.645799][T25732] netlink: zone id is out of range [ 861.703565][T25732] netlink: zone id is out of range [ 861.739017][T25732] netlink: zone id is out of range [ 861.762033][T25733] netlink: zone id is out of range [ 861.788227][T25733] netlink: zone id is out of range [ 861.822378][T25733] netlink: zone id is out of range [ 861.834998][T25733] netlink: zone id is out of range [ 861.891702][T25733] netlink: zone id is out of range [ 861.896928][T25733] netlink: zone id is out of range [ 861.955709][T25732] netlink: set zone limit has 8 unknown bytes [ 863.064685][T25755] netlink: 206 bytes leftover after parsing attributes in process `syz.0.8464'. [ 863.171160][T25653] Bluetooth: hci0: command 0x0406 tx timeout [ 863.243758][T25759] veth1_to_batadv: entered promiscuous mode [ 863.252244][T25758] veth1_to_batadv: left promiscuous mode [ 863.271087][T25653] Bluetooth: hci1: command 0x0406 tx timeout [ 863.332692][T25653] Bluetooth: hci2: command 0x0406 tx timeout [ 863.333188][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 865.913232][T25809] netlink: 334 bytes leftover after parsing attributes in process `syz.2.8485'. [ 866.294255][T25816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8488'. [ 868.866986][T25850] phram: not enough arguments [ 869.258265][T25854] netlink: 334 bytes leftover after parsing attributes in process `syz.3.8502'. [ 869.866595][T25863] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8505'. [ 869.896373][T25863] veth0_macvtap: left promiscuous mode [ 869.931201][T25863] macvtap0: entered promiscuous mode [ 869.937958][T25865] netlink: 330 bytes leftover after parsing attributes in process `syz.1.8507'. [ 869.978183][T25863] macvtap0: entered allmulticast mode [ 870.221054][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.227626][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.496303][T25902] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8519'. [ 873.304207][T25904] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8530'. [ 873.660502][T25914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8527'. [ 873.709979][T25914] veth0_macvtap: left promiscuous mode [ 873.745376][T25914] macvtap0: entered promiscuous mode [ 873.782462][T25914] macvtap0: entered allmulticast mode [ 874.088508][T25922] netlink: 330 bytes leftover after parsing attributes in process `syz.2.8529'. [ 874.509409][T25924] nbd: must specify at least one socket [ 876.155872][T25936] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8537'. [ 877.703544][T25957] netlink: 330 bytes leftover after parsing attributes in process `syz.0.8541'. [ 877.722857][T25956] netlink: 3 bytes leftover after parsing attributes in process `syz.2.8543'. [ 878.166736][T25967] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8549'. [ 879.919351][T26002] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8562'. [ 881.227471][T26013] net_ratelimit: 7 callbacks suppressed [ 881.227503][T26013] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 881.239816][T26013] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 882.410346][T26032] FAULT_INJECTION: forcing a failure. [ 882.410346][T26032] name failslab, interval 1, probability 0, space 0, times 0 [ 882.459008][T26032] CPU: 1 UID: 0 PID: 26032 Comm: syz.0.8574 Tainted: G L syzkaller #0 PREEMPT(full) [ 882.459072][T26032] Tainted: [L]=SOFTLOCKUP [ 882.459085][T26032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 882.459106][T26032] Call Trace: [ 882.459118][T26032] [ 882.459132][T26032] dump_stack_lvl+0x100/0x190 [ 882.459195][T26032] should_fail_ex.cold+0x5/0xa [ 882.459238][T26032] ? tomoyo_open_control+0x618/0xa20 [ 882.459294][T26032] should_failslab+0xc2/0x120 [ 882.459333][T26032] __kmalloc_noprof+0xe0/0x850 [ 882.459388][T26032] ? lockdep_init_map_type+0x5c/0x250 [ 882.459445][T26032] tomoyo_open_control+0x618/0xa20 [ 882.459508][T26032] do_dentry_open+0x6d8/0x1660 [ 882.459545][T26032] ? __pfx_tomoyo_open+0x10/0x10 [ 882.459602][T26032] vfs_open+0x82/0x3f0 [ 882.459650][T26032] path_openat+0x208c/0x31a0 [ 882.459701][T26032] ? __pfx_path_openat+0x10/0x10 [ 882.459752][T26032] do_file_open+0x20e/0x430 [ 882.459803][T26032] ? __pfx_do_file_open+0x10/0x10 [ 882.459871][T26032] ? alloc_fd+0x476/0x790 [ 882.459913][T26032] ? do_getname+0x191/0x390 [ 882.459963][T26032] do_sys_openat2+0x10d/0x1e0 [ 882.460013][T26032] ? __pfx_do_sys_openat2+0x10/0x10 [ 882.460065][T26032] ? __fget_files+0x21f/0x3d0 [ 882.460108][T26032] __x64_sys_openat+0x12d/0x210 [ 882.460156][T26032] ? __pfx___x64_sys_openat+0x10/0x10 [ 882.460219][T26032] do_syscall_64+0x106/0xf80 [ 882.460271][T26032] ? clear_bhb_loop+0x40/0x90 [ 882.460318][T26032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.460356][T26032] RIP: 0033:0x7f259a99c799 [ 882.460386][T26032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 882.460421][T26032] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 882.460455][T26032] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 882.460479][T26032] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 882.460502][T26032] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 882.460523][T26032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 882.460545][T26032] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 882.460592][T26032] [ 883.781858][T26051] netlink: 334 bytes leftover after parsing attributes in process `syz.1.8582'. [ 884.503587][T26067] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8589'. [ 886.831805][T26075] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8601'. [ 886.881835][T26075] veth0_macvtap: left promiscuous mode [ 886.909803][T26075] macvtap0: entered promiscuous mode [ 886.927640][T26075] macvtap0: entered allmulticast mode [ 887.849896][T26096] FAULT_INJECTION: forcing a failure. [ 887.849896][T26096] name failslab, interval 1, probability 0, space 0, times 0 [ 887.921885][T26096] CPU: 0 UID: 0 PID: 26096 Comm: syz.0.8602 Tainted: G L syzkaller #0 PREEMPT(full) [ 887.921949][T26096] Tainted: [L]=SOFTLOCKUP [ 887.921963][T26096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 887.921986][T26096] Call Trace: [ 887.921998][T26096] [ 887.922013][T26096] dump_stack_lvl+0x100/0x190 [ 887.922079][T26096] should_fail_ex.cold+0x5/0xa [ 887.922137][T26096] should_failslab+0xc2/0x120 [ 887.922179][T26096] __kmalloc_cache_noprof+0x7a/0x6f0 [ 887.922229][T26096] ? snd_seq_port_connect+0x61/0x560 [ 887.922264][T26096] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 887.922324][T26096] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 887.922389][T26096] snd_seq_port_connect+0x61/0x560 [ 887.922424][T26096] ? _raw_read_unlock+0x28/0x50 [ 887.922475][T26096] ? check_subscription_permission.isra.0+0x146/0x240 [ 887.922546][T26096] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 887.922590][T26096] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 887.922634][T26096] ? do_raw_spin_lock+0x128/0x260 [ 887.922701][T26096] call_seq_client_ctl+0xa3/0x130 [ 887.922763][T26096] snd_seq_kernel_client_ctl+0x77/0xd0 [ 887.922802][T26096] snd_seq_oss_midi_open+0x48b/0x6b0 [ 887.922853][T26096] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 887.922900][T26096] ? snd_seq_oss_midi_reset+0x11a/0x4c0 [ 887.922961][T26096] ? __mutex_lock+0x26a/0x1b90 [ 887.923023][T26096] snd_seq_oss_synth_reset+0x439/0x8e0 [ 887.923072][T26096] ? __pfx___mutex_lock+0x10/0x10 [ 887.923137][T26096] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 887.923193][T26096] ? __pfx___fsnotify_parent+0x10/0x10 [ 887.923242][T26096] snd_seq_oss_reset+0x73/0x290 [ 887.923282][T26096] ? __pfx_odev_release+0x10/0x10 [ 887.923317][T26096] snd_seq_oss_release+0x7c/0x180 [ 887.923357][T26096] ? __pfx_odev_release+0x10/0x10 [ 887.923389][T26096] odev_release+0x56/0xa0 [ 887.923420][T26096] __fput+0x3ff/0xb40 [ 887.923474][T26096] task_work_run+0x150/0x240 [ 887.923529][T26096] ? __pfx_task_work_run+0x10/0x10 [ 887.923592][T26096] exit_to_user_mode_loop+0x100/0x4a0 [ 887.923647][T26096] do_syscall_64+0x668/0xf80 [ 887.923699][T26096] ? clear_bhb_loop+0x40/0x90 [ 887.923744][T26096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.923782][T26096] RIP: 0033:0x7f259a99c799 [ 887.923818][T26096] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 887.923856][T26096] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 887.923893][T26096] RAX: 0000000000000000 RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 887.923917][T26096] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 887.923939][T26096] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 887.923961][T26096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 887.923982][T26096] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 887.924028][T26096] [ 888.842491][T26110] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8606'. [ 889.791334][T26125] netlink: 334 bytes leftover after parsing attributes in process `syz.1.8613'. [ 891.454555][T26146] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8631'. [ 891.751689][T26150] FAULT_INJECTION: forcing a failure. [ 891.751689][T26150] name failslab, interval 1, probability 0, space 0, times 0 [ 891.787756][T26150] CPU: 0 UID: 0 PID: 26150 Comm: syz.1.8625 Tainted: G L syzkaller #0 PREEMPT(full) [ 891.787813][T26150] Tainted: [L]=SOFTLOCKUP [ 891.787826][T26150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 891.787847][T26150] Call Trace: [ 891.787858][T26150] [ 891.787872][T26150] dump_stack_lvl+0x100/0x190 [ 891.787936][T26150] should_fail_ex.cold+0x5/0xa [ 891.787977][T26150] should_failslab+0xc2/0x120 [ 891.788015][T26150] __kmalloc_cache_noprof+0x7a/0x6f0 [ 891.788069][T26150] ? snd_seq_port_connect+0x61/0x560 [ 891.788104][T26150] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 891.788161][T26150] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 891.788222][T26150] snd_seq_port_connect+0x61/0x560 [ 891.788255][T26150] ? _raw_read_unlock+0x28/0x50 [ 891.788305][T26150] ? check_subscription_permission.isra.0+0x146/0x240 [ 891.788374][T26150] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 891.788418][T26150] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 891.788460][T26150] ? do_raw_spin_lock+0x128/0x260 [ 891.788535][T26150] call_seq_client_ctl+0xa3/0x130 [ 891.788599][T26150] snd_seq_kernel_client_ctl+0x77/0xd0 [ 891.788637][T26150] snd_seq_oss_midi_open+0x48b/0x6b0 [ 891.788687][T26150] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 891.788739][T26150] ? snd_seq_oss_midi_reset+0x11a/0x4c0 [ 891.788800][T26150] ? __mutex_lock+0x26a/0x1b90 [ 891.788867][T26150] snd_seq_oss_synth_reset+0x439/0x8e0 [ 891.788915][T26150] ? __pfx___mutex_lock+0x10/0x10 [ 891.788970][T26150] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 891.789020][T26150] ? __pfx___fsnotify_parent+0x10/0x10 [ 891.789067][T26150] snd_seq_oss_reset+0x73/0x290 [ 891.789105][T26150] ? __pfx_odev_release+0x10/0x10 [ 891.789139][T26150] snd_seq_oss_release+0x7c/0x180 [ 891.789177][T26150] ? __pfx_odev_release+0x10/0x10 [ 891.789208][T26150] odev_release+0x56/0xa0 [ 891.789240][T26150] __fput+0x3ff/0xb40 [ 891.789291][T26150] task_work_run+0x150/0x240 [ 891.789344][T26150] ? __pfx_task_work_run+0x10/0x10 [ 891.789407][T26150] exit_to_user_mode_loop+0x100/0x4a0 [ 891.789459][T26150] do_syscall_64+0x668/0xf80 [ 891.789520][T26150] ? clear_bhb_loop+0x40/0x90 [ 891.789567][T26150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.789604][T26150] RIP: 0033:0x7f4a06b9c799 [ 891.789633][T26150] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.789669][T26150] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 891.789704][T26150] RAX: 0000000000000000 RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 891.789728][T26150] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 891.789748][T26150] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 891.789768][T26150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 891.789787][T26150] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 891.789831][T26150] [ 892.836130][T26161] netlink: 326 bytes leftover after parsing attributes in process `syz.0.8635'. [ 895.345449][T26179] netlink: 342 bytes leftover after parsing attributes in process `syz.0.8642'. [ 898.321454][T26205] FAULT_INJECTION: forcing a failure. [ 898.321454][T26205] name failslab, interval 1, probability 0, space 0, times 0 [ 898.423390][T26205] CPU: 0 UID: 0 PID: 26205 Comm: syz.0.8643 Tainted: G L syzkaller #0 PREEMPT(full) [ 898.423451][T26205] Tainted: [L]=SOFTLOCKUP [ 898.423463][T26205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 898.423486][T26205] Call Trace: [ 898.423498][T26205] [ 898.423511][T26205] dump_stack_lvl+0x100/0x190 [ 898.423576][T26205] should_fail_ex.cold+0x5/0xa [ 898.423618][T26205] should_failslab+0xc2/0x120 [ 898.423656][T26205] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 898.423728][T26205] ? landlock_restrict_sibling_threads+0x48a/0x1280 [ 898.423791][T26205] krealloc_node_align_noprof+0x30a/0x3e0 [ 898.423859][T26205] landlock_restrict_sibling_threads+0x48a/0x1280 [ 898.423920][T26205] ? __pfx_landlock_restrict_sibling_threads+0x10/0x10 [ 898.424009][T26205] ? __pfx___might_resched+0x10/0x10 [ 898.424066][T26205] ? landlock_merge_ruleset+0x213/0x830 [ 898.424110][T26205] __do_sys_landlock_restrict_self+0x5c9/0x9e0 [ 898.424178][T26205] do_syscall_64+0x106/0xf80 [ 898.424234][T26205] ? clear_bhb_loop+0x40/0x90 [ 898.424287][T26205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.424325][T26205] RIP: 0033:0x7f259a99c799 [ 898.424354][T26205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 898.424391][T26205] RSP: 002b:00007f2598bd5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 898.424426][T26205] RAX: ffffffffffffffda RBX: 00007f259ac16090 RCX: 00007f259a99c799 [ 898.424450][T26205] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000003 [ 898.424470][T26205] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 898.424491][T26205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 898.424511][T26205] R13: 00007f259ac16128 R14: 00007f259ac16090 R15: 00007ffd2f15cfb8 [ 898.424556][T26205] [ 899.024757][ T5833] block nbd2: Receive control failed (result -32) [ 903.711750][T26262] FAULT_INJECTION: forcing a failure. [ 903.711750][T26262] name failslab, interval 1, probability 0, space 0, times 0 [ 903.791582][T26262] CPU: 1 UID: 0 PID: 26262 Comm: syz.1.8662 Tainted: G L syzkaller #0 PREEMPT(full) [ 903.791649][T26262] Tainted: [L]=SOFTLOCKUP [ 903.791661][T26262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 903.791683][T26262] Call Trace: [ 903.791694][T26262] [ 903.791708][T26262] dump_stack_lvl+0x100/0x190 [ 903.791772][T26262] should_fail_ex.cold+0x5/0xa [ 903.791811][T26262] ? realloc_user_queue+0xe9/0x320 [ 903.791854][T26262] should_failslab+0xc2/0x120 [ 903.791894][T26262] __kmalloc_noprof+0xe0/0x850 [ 903.791959][T26262] realloc_user_queue+0xe9/0x320 [ 903.792005][T26262] ? __pfx_snd_timer_user_open+0x10/0x10 [ 903.792048][T26262] snd_timer_user_open+0xfc/0x180 [ 903.792090][T26262] snd_open+0x22d/0x4c0 [ 903.792128][T26262] ? __pfx_snd_open+0x10/0x10 [ 903.792163][T26262] chrdev_open+0x234/0x6a0 [ 903.792199][T26262] ? __pfx_apparmor_file_open+0x10/0x10 [ 903.792237][T26262] ? __pfx_chrdev_open+0x10/0x10 [ 903.792277][T26262] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 903.792325][T26262] do_dentry_open+0x6d8/0x1660 [ 903.792359][T26262] ? __pfx_chrdev_open+0x10/0x10 [ 903.792406][T26262] vfs_open+0x82/0x3f0 [ 903.792458][T26262] path_openat+0x208c/0x31a0 [ 903.792513][T26262] ? __pfx_path_openat+0x10/0x10 [ 903.792568][T26262] do_file_open+0x20e/0x430 [ 903.792610][T26262] ? __pfx_do_file_open+0x10/0x10 [ 903.792688][T26262] ? alloc_fd+0x476/0x790 [ 903.792726][T26262] ? do_getname+0x191/0x390 [ 903.792776][T26262] do_sys_openat2+0x10d/0x1e0 [ 903.792826][T26262] ? __pfx_do_sys_openat2+0x10/0x10 [ 903.792875][T26262] ? __fget_files+0x21f/0x3d0 [ 903.792916][T26262] __x64_sys_openat+0x12d/0x210 [ 903.792964][T26262] ? __pfx___x64_sys_openat+0x10/0x10 [ 903.793027][T26262] do_syscall_64+0x106/0xf80 [ 903.793077][T26262] ? clear_bhb_loop+0x40/0x90 [ 903.793121][T26262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 903.793159][T26262] RIP: 0033:0x7f4a06b9c799 [ 903.793189][T26262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 903.793224][T26262] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 903.793259][T26262] RAX: ffffffffffffffda RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 903.793281][T26262] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 903.793305][T26262] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 903.793327][T26262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 903.793348][T26262] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 903.793393][T26262] [ 904.275719][ T5833] block nbd3: Receive control failed (result -32) [ 908.261630][T26307] netlink: 342 bytes leftover after parsing attributes in process `syz.0.8675'. [ 910.818288][T26333] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8686'. [ 912.417645][T26351] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8689'. [ 916.892976][T26393] FAULT_INJECTION: forcing a failure. [ 916.892976][T26393] name failslab, interval 1, probability 0, space 0, times 0 [ 916.925574][T26396] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8702'. [ 916.941194][T26393] CPU: 1 UID: 0 PID: 26393 Comm: syz.3.8704 Tainted: G L syzkaller #0 PREEMPT(full) [ 916.941253][T26393] Tainted: [L]=SOFTLOCKUP [ 916.941265][T26393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 916.941287][T26393] Call Trace: [ 916.941298][T26393] [ 916.941311][T26393] dump_stack_lvl+0x100/0x190 [ 916.941376][T26393] should_fail_ex.cold+0x5/0xa [ 916.941430][T26393] should_failslab+0xc2/0x120 [ 916.941471][T26393] __kmalloc_cache_noprof+0x7a/0x6f0 [ 916.941521][T26393] ? ptp_open+0xe4/0x550 [ 916.941586][T26393] ptp_open+0xe4/0x550 [ 916.941647][T26393] ? __pfx_ptp_open+0x10/0x10 [ 916.941714][T26393] ? __pfx_ptp_open+0x10/0x10 [ 916.941766][T26393] posix_clock_open+0x17b/0x290 [ 916.941811][T26393] ? __pfx_posix_clock_open+0x10/0x10 [ 916.941849][T26393] chrdev_open+0x234/0x6a0 [ 916.941885][T26393] ? __pfx_apparmor_file_open+0x10/0x10 [ 916.941915][T26393] ? __pfx_chrdev_open+0x10/0x10 [ 916.941951][T26393] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 916.941993][T26393] do_dentry_open+0x6d8/0x1660 [ 916.942024][T26393] ? __pfx_chrdev_open+0x10/0x10 [ 916.942064][T26393] vfs_open+0x82/0x3f0 [ 916.942107][T26393] path_openat+0x208c/0x31a0 [ 916.942150][T26393] ? __pfx_path_openat+0x10/0x10 [ 916.942192][T26393] do_file_open+0x20e/0x430 [ 916.942224][T26393] ? __pfx_do_file_open+0x10/0x10 [ 916.942278][T26393] ? alloc_fd+0x476/0x790 [ 916.942310][T26393] ? do_getname+0x191/0x390 [ 916.942349][T26393] do_sys_openat2+0x10d/0x1e0 [ 916.942387][T26393] ? __pfx_do_sys_openat2+0x10/0x10 [ 916.942436][T26393] ? __fget_files+0x21f/0x3d0 [ 916.942471][T26393] __x64_sys_openat+0x12d/0x210 [ 916.942514][T26393] ? __pfx___x64_sys_openat+0x10/0x10 [ 916.942569][T26393] do_syscall_64+0x106/0xf80 [ 916.942612][T26393] ? clear_bhb_loop+0x40/0x90 [ 916.942648][T26393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 916.942677][T26393] RIP: 0033:0x7f6fc7b9c799 [ 916.942703][T26393] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 916.942733][T26393] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 916.942761][T26393] RAX: ffffffffffffffda RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 916.942781][T26393] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 916.942800][T26393] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 916.942819][T26393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 916.942837][T26393] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 916.942876][T26393] [ 925.616505][T26471] FAULT_INJECTION: forcing a failure. [ 925.616505][T26471] name failslab, interval 1, probability 0, space 0, times 0 [ 925.681122][T26471] CPU: 0 UID: 0 PID: 26471 Comm: syz.0.8727 Tainted: G L syzkaller #0 PREEMPT(full) [ 925.681176][T26471] Tainted: [L]=SOFTLOCKUP [ 925.681189][T26471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 925.681209][T26471] Call Trace: [ 925.681221][T26471] [ 925.681232][T26471] dump_stack_lvl+0x100/0x190 [ 925.681329][T26471] should_fail_ex.cold+0x5/0xa [ 925.681371][T26471] should_failslab+0xc2/0x120 [ 925.681409][T26471] __kmalloc_cache_noprof+0x7a/0x6f0 [ 925.681454][T26471] ? ptp_open+0xe4/0x550 [ 925.681525][T26471] ptp_open+0xe4/0x550 [ 925.681581][T26471] ? __pfx_ptp_open+0x10/0x10 [ 925.681645][T26471] ? __pfx_ptp_open+0x10/0x10 [ 925.681698][T26471] posix_clock_open+0x17b/0x290 [ 925.681740][T26471] ? __pfx_posix_clock_open+0x10/0x10 [ 925.681779][T26471] chrdev_open+0x234/0x6a0 [ 925.681813][T26471] ? __pfx_apparmor_file_open+0x10/0x10 [ 925.681850][T26471] ? __pfx_chrdev_open+0x10/0x10 [ 925.681887][T26471] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 925.681933][T26471] do_dentry_open+0x6d8/0x1660 [ 925.681968][T26471] ? __pfx_chrdev_open+0x10/0x10 [ 925.682013][T26471] vfs_open+0x82/0x3f0 [ 925.682061][T26471] path_openat+0x208c/0x31a0 [ 925.682103][T26471] ? __pfx_path_openat+0x10/0x10 [ 925.682146][T26471] do_file_open+0x20e/0x430 [ 925.682178][T26471] ? __pfx_do_file_open+0x10/0x10 [ 925.682232][T26471] ? alloc_fd+0x476/0x790 [ 925.682264][T26471] ? do_getname+0x191/0x390 [ 925.682303][T26471] do_sys_openat2+0x10d/0x1e0 [ 925.682341][T26471] ? __pfx_do_sys_openat2+0x10/0x10 [ 925.682383][T26471] ? __fget_files+0x21f/0x3d0 [ 925.682417][T26471] __x64_sys_openat+0x12d/0x210 [ 925.682457][T26471] ? __pfx___x64_sys_openat+0x10/0x10 [ 925.682522][T26471] do_syscall_64+0x106/0xf80 [ 925.682566][T26471] ? clear_bhb_loop+0x40/0x90 [ 925.682602][T26471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.682631][T26471] RIP: 0033:0x7f259a99c799 [ 925.682656][T26471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 925.682685][T26471] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 925.682712][T26471] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 925.682731][T26471] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 925.682751][T26471] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 925.682769][T26471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 925.682787][T26471] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 925.682824][T26471] [ 929.800970][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 931.662696][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.669306][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.771484][T26546] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8754'. [ 938.818288][T26607] Unable to find swap-space signature [ 940.027932][T26626] CIFS: VFS: Invalid SecurityFlags: [ 942.547613][T26649] zswap: compressor not available [ 944.053770][T26677] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 944.060508][T26677] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 945.401178][T26688] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8807'. [ 946.294883][T26698] Invalid ELF header magic: != ELF [ 949.339632][T26733] netlink: 'syz.0.8823': attribute type 1 has an invalid length. [ 949.432015][T26736] netlink: 'syz.0.8823': attribute type 1 has an invalid length. [ 949.439834][T26736] netlink: 322 bytes leftover after parsing attributes in process `syz.0.8823'. [ 949.450270][T26733] netlink: 322 bytes leftover after parsing attributes in process `syz.0.8823'. [ 951.094962][ T5833] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 951.095019][ T5833] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 951.118767][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 951.118835][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x14 [ 951.126400][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x14 [ 951.134475][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x14 [ 951.141760][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 951.148867][ T5833] Bluetooth: hci2: Unknown advertising packet type: 0x14 [ 951.156214][ T5833] Bluetooth: hci2: Malformed LE Event: 0x0d [ 952.778883][T26781] FAULT_INJECTION: forcing a failure. [ 952.778883][T26781] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 952.820103][T26781] CPU: 1 UID: 0 PID: 26781 Comm: syz.3.8842 Tainted: G L syzkaller #0 PREEMPT(full) [ 952.820163][T26781] Tainted: [L]=SOFTLOCKUP [ 952.820177][T26781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 952.820211][T26781] Call Trace: [ 952.820223][T26781] [ 952.820237][T26781] dump_stack_lvl+0x100/0x190 [ 952.820306][T26781] should_fail_ex.cold+0x5/0xa [ 952.820342][T26781] ? prepare_alloc_pages+0x16d/0x5f0 [ 952.820389][T26781] should_fail_alloc_page+0xeb/0x140 [ 952.820432][T26781] prepare_alloc_pages+0x1f0/0x5f0 [ 952.820481][T26781] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 952.820554][T26781] ? stack_trace_save+0x8e/0xc0 [ 952.820590][T26781] ? __pfx_stack_trace_save+0x10/0x10 [ 952.820628][T26781] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 952.820681][T26781] ? stack_depot_save_flags+0x27/0x9d0 [ 952.820728][T26781] ? lock_acquire+0x1cf/0x380 [ 952.820780][T26781] ? kasan_save_stack+0x3f/0x50 [ 952.820836][T26781] ? kasan_save_stack+0x30/0x50 [ 952.820889][T26781] ? kasan_save_track+0x14/0x30 [ 952.820941][T26781] ? __kasan_kmalloc+0xaa/0xb0 [ 952.820994][T26781] ? do_file_open+0x20e/0x430 [ 952.821029][T26781] ? do_sys_openat2+0x10d/0x1e0 [ 952.821069][T26781] ? __x64_sys_openat+0x12d/0x210 [ 952.821111][T26781] ? do_syscall_64+0x106/0xf80 [ 952.821199][T26781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.821243][T26781] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 952.821313][T26781] ? policy_nodemask+0xed/0x4f0 [ 952.821351][T26781] alloc_pages_mpol+0x1fb/0x550 [ 952.821386][T26781] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 952.821435][T26781] alloc_pages_noprof+0x131/0x390 [ 952.821476][T26781] get_zeroed_page_noprof+0x18/0xb0 [ 952.821517][T26781] mon_alloc_buff+0xce/0x1b0 [ 952.821657][T26781] ? kasan_save_track+0x14/0x30 [ 952.821720][T26781] mon_bin_open+0x207/0x470 [ 952.821763][T26781] ? __pfx_mon_bin_open+0x10/0x10 [ 952.821805][T26781] chrdev_open+0x234/0x6a0 [ 952.821846][T26781] ? __pfx_chrdev_open+0x10/0x10 [ 952.821886][T26781] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 952.821934][T26781] do_dentry_open+0x6d8/0x1660 [ 952.821969][T26781] ? __pfx_chrdev_open+0x10/0x10 [ 952.822016][T26781] vfs_open+0x82/0x3f0 [ 952.822067][T26781] path_openat+0x208c/0x31a0 [ 952.822119][T26781] ? __pfx_path_openat+0x10/0x10 [ 952.822174][T26781] do_file_open+0x20e/0x430 [ 952.822225][T26781] ? __pfx_do_file_open+0x10/0x10 [ 952.822295][T26781] ? alloc_fd+0x476/0x790 [ 952.822337][T26781] ? do_getname+0x191/0x390 [ 952.822389][T26781] do_sys_openat2+0x10d/0x1e0 [ 952.822438][T26781] ? __pfx_do_sys_openat2+0x10/0x10 [ 952.822489][T26781] ? __fget_files+0x21f/0x3d0 [ 952.822531][T26781] __x64_sys_openat+0x12d/0x210 [ 952.822580][T26781] ? __pfx___x64_sys_openat+0x10/0x10 [ 952.822646][T26781] do_syscall_64+0x106/0xf80 [ 952.822699][T26781] ? clear_bhb_loop+0x40/0x90 [ 952.822743][T26781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.822781][T26781] RIP: 0033:0x7f6fc7b9c799 [ 952.822812][T26781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 952.822847][T26781] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 952.822884][T26781] RAX: ffffffffffffffda RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 952.822909][T26781] RDX: 0000000000002040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 952.822932][T26781] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 952.822955][T26781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 952.822976][T26781] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 952.823021][T26781] [ 953.606173][T26783] netlink: 206 bytes leftover after parsing attributes in process `syz.1.8843'. [ 956.782503][T26829] netlink: 342 bytes leftover after parsing attributes in process `syz.2.8860'. [ 959.271686][T26869] netlink: 130 bytes leftover after parsing attributes in process `syz.2.8877'. [ 959.737895][ T29] audit: type=1804 audit(4295004545.776:24): pid=26864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8874" name="/newroot/2217/file0" dev="tmpfs" ino=11227 res=1 errno=0 [ 959.772276][ T29] audit: type=1804 audit(4295004545.786:25): pid=26875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.8874" name="/newroot/2217/file0" dev="tmpfs" ino=11227 res=1 errno=0 [ 960.077606][ C1] sd 0:0:1:0: [sda] tag#4364 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 960.088194][ C1] sd 0:0:1:0: [sda] tag#4364 CDB: Read(6) 08 00 00 00 10 00 00 00 00 00 00 00 [ 960.140374][T26879] netlink: 302 bytes leftover after parsing attributes in process `syz.3.8881'. [ 960.531413][T26885] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8882'. [ 961.121530][T26885] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8882'. [ 961.589994][T26902] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8889'. [ 961.620093][T26902] openvswitch: netlink: IP tunnel dst address not specified [ 963.355360][T26928] syz.3.8898 uses obsolete (PF_INET,SOCK_PACKET) [ 964.131755][T26939] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8903'. [ 964.556716][T26947] random: crng reseeded on system resumption [ 965.755887][T26966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8913'. [ 967.133571][T26990] FAULT_INJECTION: forcing a failure. [ 967.133571][T26990] name failslab, interval 1, probability 0, space 0, times 0 [ 967.218161][T26990] CPU: 1 UID: 0 PID: 26990 Comm: syz.0.8922 Tainted: G L syzkaller #0 PREEMPT(full) [ 967.218217][T26990] Tainted: [L]=SOFTLOCKUP [ 967.218228][T26990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 967.218249][T26990] Call Trace: [ 967.218259][T26990] [ 967.218273][T26990] dump_stack_lvl+0x100/0x190 [ 967.218333][T26990] should_fail_ex.cold+0x5/0xa [ 967.218374][T26990] ? snd_midi_event_new+0xa1/0x210 [ 967.218408][T26990] should_failslab+0xc2/0x120 [ 967.218446][T26990] __kmalloc_noprof+0xe0/0x850 [ 967.218508][T26990] snd_midi_event_new+0xa1/0x210 [ 967.218544][T26990] snd_virmidi_output_open+0x106/0x670 [ 967.218586][T26990] open_substream+0x480/0x9e0 [ 967.218717][T26990] rawmidi_open_priv+0x595/0x6f0 [ 967.218772][T26990] snd_rawmidi_open+0x4c9/0xba0 [ 967.218828][T26990] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 967.218879][T26990] ? __pfx_default_wake_function+0x10/0x10 [ 967.218920][T26990] ? kobject_get_unless_zero+0x156/0x200 [ 967.218988][T26990] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 967.219036][T26990] snd_open+0x22d/0x4c0 [ 967.219074][T26990] ? __pfx_snd_open+0x10/0x10 [ 967.219118][T26990] chrdev_open+0x234/0x6a0 [ 967.219154][T26990] ? __pfx_apparmor_file_open+0x10/0x10 [ 967.219190][T26990] ? __pfx_chrdev_open+0x10/0x10 [ 967.219230][T26990] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 967.219278][T26990] do_dentry_open+0x6d8/0x1660 [ 967.219312][T26990] ? __pfx_chrdev_open+0x10/0x10 [ 967.219357][T26990] vfs_open+0x82/0x3f0 [ 967.219402][T26990] path_openat+0x208c/0x31a0 [ 967.219450][T26990] ? __pfx_path_openat+0x10/0x10 [ 967.219503][T26990] do_file_open+0x20e/0x430 [ 967.219541][T26990] ? __pfx_do_file_open+0x10/0x10 [ 967.219608][T26990] ? alloc_fd+0x476/0x790 [ 967.219647][T26990] ? do_getname+0x191/0x390 [ 967.219695][T26990] do_sys_openat2+0x10d/0x1e0 [ 967.219742][T26990] ? __pfx_do_sys_openat2+0x10/0x10 [ 967.219792][T26990] ? __fget_files+0x21f/0x3d0 [ 967.219850][T26990] __x64_sys_openat+0x12d/0x210 [ 967.219898][T26990] ? __pfx___x64_sys_openat+0x10/0x10 [ 967.219962][T26990] do_syscall_64+0x106/0xf80 [ 967.220013][T26990] ? clear_bhb_loop+0x40/0x90 [ 967.220058][T26990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.220102][T26990] RIP: 0033:0x7f259a99c799 [ 967.220131][T26990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 967.220165][T26990] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 967.220199][T26990] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 967.220222][T26990] RDX: 0000000000002841 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 967.220245][T26990] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 967.220266][T26990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 967.220287][T26990] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 967.220332][T26990] [ 968.514001][T27011] netlink: 342 bytes leftover after parsing attributes in process `syz.0.8931'. [ 969.503691][T27016] FAULT_INJECTION: forcing a failure. [ 969.503691][T27016] name failslab, interval 1, probability 0, space 0, times 0 [ 969.526776][T27016] CPU: 0 UID: 0 PID: 27016 Comm: syz.3.8933 Tainted: G L syzkaller #0 PREEMPT(full) [ 969.526835][T27016] Tainted: [L]=SOFTLOCKUP [ 969.526848][T27016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 969.526869][T27016] Call Trace: [ 969.526881][T27016] [ 969.526894][T27016] dump_stack_lvl+0x100/0x190 [ 969.526957][T27016] should_fail_ex.cold+0x5/0xa [ 969.526999][T27016] should_failslab+0xc2/0x120 [ 969.527038][T27016] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 969.527103][T27016] ? security_inode_alloc+0x3b/0x2c0 [ 969.527145][T27016] ? lockdep_init_map_type+0x5c/0x250 [ 969.527197][T27016] security_inode_alloc+0x3b/0x2c0 [ 969.527233][T27016] inode_init_always_gfp+0xced/0x1040 [ 969.527276][T27016] alloc_inode+0x8e/0x250 [ 969.527323][T27016] path_from_stashed+0x25b/0x750 [ 969.527372][T27016] ns_get_path+0x60/0x80 [ 969.527409][T27016] proc_ns_get_link+0x121/0x230 [ 969.527461][T27016] ? __pfx_proc_ns_get_link+0x10/0x10 [ 969.527516][T27016] ? atime_needs_update+0x8b/0x6b0 [ 969.527571][T27016] pick_link+0xd17/0x13c0 [ 969.527621][T27016] ? __pfx_proc_ns_get_link+0x10/0x10 [ 969.527676][T27016] step_into_slowpath+0x9ba/0xf90 [ 969.527736][T27016] ? __pfx_step_into_slowpath+0x10/0x10 [ 969.527788][T27016] ? find_held_lock+0x2b/0x80 [ 969.527833][T27016] path_openat+0xf95/0x31a0 [ 969.527882][T27016] ? __pfx_path_openat+0x10/0x10 [ 969.527935][T27016] do_file_open+0x20e/0x430 [ 969.527974][T27016] ? __pfx_do_file_open+0x10/0x10 [ 969.528038][T27016] ? alloc_fd+0x476/0x790 [ 969.528075][T27016] ? do_getname+0x191/0x390 [ 969.528136][T27016] do_sys_openat2+0x10d/0x1e0 [ 969.528186][T27016] ? __pfx_do_sys_openat2+0x10/0x10 [ 969.528237][T27016] ? __fget_files+0x21f/0x3d0 [ 969.528279][T27016] __x64_sys_openat+0x12d/0x210 [ 969.528329][T27016] ? __pfx___x64_sys_openat+0x10/0x10 [ 969.528393][T27016] do_syscall_64+0x106/0xf80 [ 969.528445][T27016] ? clear_bhb_loop+0x40/0x90 [ 969.528491][T27016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 969.528528][T27016] RIP: 0033:0x7f6fc7b5cfce [ 969.528559][T27016] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 969.528599][T27016] RSP: 002b:00007f6fc89faec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 969.528634][T27016] RAX: ffffffffffffffda RBX: 00007f6fc89fb6c0 RCX: 00007f6fc7b5cfce [ 969.528656][T27016] RDX: 0000000000000002 RSI: 00007f6fc89faf90 RDI: ffffffffffffff9c [ 969.528678][T27016] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 969.528698][T27016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 969.528719][T27016] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 969.528764][T27016] [ 970.597162][T27031] netlink: 326 bytes leftover after parsing attributes in process `syz.0.8938'. [ 971.724857][T27053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8948'. [ 972.130831][T27062] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8952'. [ 972.472297][T27069] netlink: 114 bytes leftover after parsing attributes in process `syz.3.8954'. [ 972.515412][T27070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8956'. [ 972.560190][T27070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8956'. [ 976.625150][T27129] nvme_fabrics: missing parameter 'transport=%s' [ 976.652025][T27129] nvme_fabrics: missing parameter 'nqn=%s' [ 976.864101][T27138] nvme_fabrics: missing parameter 'transport=%s' [ 976.882632][T27138] nvme_fabrics: missing parameter 'nqn=%s' [ 977.606689][T27163] FAULT_INJECTION: forcing a failure. [ 977.606689][T27163] name failslab, interval 1, probability 0, space 0, times 0 [ 977.666075][T27163] CPU: 0 UID: 0 PID: 27163 Comm: syz.0.8993 Tainted: G L syzkaller #0 PREEMPT(full) [ 977.666135][T27163] Tainted: [L]=SOFTLOCKUP [ 977.666148][T27163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 977.666169][T27163] Call Trace: [ 977.666181][T27163] [ 977.666194][T27163] dump_stack_lvl+0x100/0x190 [ 977.666256][T27163] should_fail_ex.cold+0x5/0xa [ 977.666297][T27163] ? __seq_open_private+0x22/0xd0 [ 977.666348][T27163] should_failslab+0xc2/0x120 [ 977.666384][T27163] __kmalloc_noprof+0xe0/0x850 [ 977.666449][T27163] ? __pfx_apparmor_file_open+0x10/0x10 [ 977.666493][T27163] __seq_open_private+0x22/0xd0 [ 977.666547][T27163] pid_maps_open+0x29/0xf0 [ 977.666591][T27163] do_dentry_open+0x6d8/0x1660 [ 977.666627][T27163] ? __pfx_pid_maps_open+0x10/0x10 [ 977.666677][T27163] vfs_open+0x82/0x3f0 [ 977.666726][T27163] path_openat+0x208c/0x31a0 [ 977.666775][T27163] ? __pfx_path_openat+0x10/0x10 [ 977.666826][T27163] do_file_open+0x20e/0x430 [ 977.666864][T27163] ? __pfx_do_file_open+0x10/0x10 [ 977.666913][T27163] ? __pfx_kfree_link+0x10/0x10 [ 977.666973][T27163] ? alloc_fd+0x476/0x790 [ 977.667010][T27163] ? do_getname+0x191/0x390 [ 977.667057][T27163] do_sys_openat2+0x10d/0x1e0 [ 977.667102][T27163] ? __pfx_do_sys_openat2+0x10/0x10 [ 977.667150][T27163] ? __fget_files+0x21f/0x3d0 [ 977.667190][T27163] __x64_sys_openat+0x12d/0x210 [ 977.667236][T27163] ? __pfx___x64_sys_openat+0x10/0x10 [ 977.667297][T27163] do_syscall_64+0x106/0xf80 [ 977.667347][T27163] ? clear_bhb_loop+0x40/0x90 [ 977.667387][T27163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 977.667430][T27163] RIP: 0033:0x7f259a99c799 [ 977.667459][T27163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 977.667496][T27163] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 977.667528][T27163] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 977.667550][T27163] RDX: 0000000000000840 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 977.667573][T27163] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 977.667594][T27163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 977.667614][T27163] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 977.667659][T27163] [ 979.172566][T27189] FAULT_INJECTION: forcing a failure. [ 979.172566][T27189] name failslab, interval 1, probability 0, space 0, times 0 [ 979.241357][T27189] CPU: 1 UID: 0 PID: 27189 Comm: syz.3.9003 Tainted: G L syzkaller #0 PREEMPT(full) [ 979.241418][T27189] Tainted: [L]=SOFTLOCKUP [ 979.241430][T27189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 979.241451][T27189] Call Trace: [ 979.241463][T27189] [ 979.241476][T27189] dump_stack_lvl+0x100/0x190 [ 979.241538][T27189] should_fail_ex.cold+0x5/0xa [ 979.241581][T27189] should_failslab+0xc2/0x120 [ 979.241620][T27189] __kmalloc_cache_noprof+0x7a/0x6f0 [ 979.241670][T27189] ? snd_seq_oss_timer_new+0x43/0x230 [ 979.241712][T27189] ? __raw_spin_lock_init+0x3a/0x110 [ 979.241776][T27189] snd_seq_oss_timer_new+0x43/0x230 [ 979.241816][T27189] snd_seq_oss_open+0x4fc/0xa10 [ 979.241862][T27189] odev_open+0x79/0xc0 [ 979.241892][T27189] ? __pfx_odev_open+0x10/0x10 [ 979.242039][T27189] soundcore_open+0x2e3/0x5a0 [ 979.242080][T27189] ? __pfx_soundcore_open+0x10/0x10 [ 979.242121][T27189] chrdev_open+0x234/0x6a0 [ 979.242161][T27189] ? __pfx_apparmor_file_open+0x10/0x10 [ 979.242198][T27189] ? __pfx_chrdev_open+0x10/0x10 [ 979.242238][T27189] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 979.242296][T27189] do_dentry_open+0x6d8/0x1660 [ 979.242335][T27189] ? __pfx_chrdev_open+0x10/0x10 [ 979.242384][T27189] vfs_open+0x82/0x3f0 [ 979.242434][T27189] path_openat+0x208c/0x31a0 [ 979.242488][T27189] ? __pfx_path_openat+0x10/0x10 [ 979.242539][T27189] do_file_open+0x20e/0x430 [ 979.242579][T27189] ? __pfx_do_file_open+0x10/0x10 [ 979.242646][T27189] ? alloc_fd+0x476/0x790 [ 979.242693][T27189] ? do_getname+0x191/0x390 [ 979.242742][T27189] do_sys_openat2+0x10d/0x1e0 [ 979.242788][T27189] ? __pfx_do_sys_openat2+0x10/0x10 [ 979.242840][T27189] ? __fget_files+0x21f/0x3d0 [ 979.242883][T27189] __x64_sys_openat+0x12d/0x210 [ 979.242932][T27189] ? __pfx___x64_sys_openat+0x10/0x10 [ 979.242996][T27189] do_syscall_64+0x106/0xf80 [ 979.243051][T27189] ? clear_bhb_loop+0x40/0x90 [ 979.243097][T27189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.243135][T27189] RIP: 0033:0x7f6fc7b9c799 [ 979.243166][T27189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 979.243203][T27189] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 979.243239][T27189] RAX: ffffffffffffffda RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 979.243260][T27189] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 979.243295][T27189] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 979.243317][T27189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 979.243339][T27189] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 979.243385][T27189] [ 979.246470][T27189] ALSA: seq_oss: can't alloc timer [ 980.071297][T27199] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 980.576754][T27210] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9011'. [ 981.628468][T27221] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 982.101943][T27231] vivid-007: ================= START STATUS ================= [ 982.109842][T27231] vivid-007: Generate PTS: true [ 982.120484][T27231] vivid-007: Generate SCR: true [ 982.141236][T27231] tpg source WxH: 320x240 (Y'CbCr) [ 982.146449][T27231] tpg field: 1 [ 982.149959][T27231] tpg crop: (0,0)/320x240 [ 982.222163][T27231] tpg compose: (0,0)/320x240 [ 982.226941][T27231] tpg colorspace: 8 [ 982.265608][T27231] tpg transfer function: 0/0 [ 982.300041][T27231] tpg Y'CbCr encoding: 0/0 [ 982.402259][T27231] tpg quantization: 0/0 [ 982.423038][T27231] tpg RGB range: 0/2 [ 982.427040][T27231] vivid-007: ================== END STATUS ================== [ 983.809604][T27266] netlink: 334 bytes leftover after parsing attributes in process `syz.0.9033'. [ 984.867188][T27289] netlink: 346 bytes leftover after parsing attributes in process `syz.3.9039'. [ 985.187856][T27292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9041'. [ 985.214748][T27294] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9042'. [ 985.281275][T27296] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9042'. [ 986.374874][T27321] netlink: 'syz.3.9054': attribute type 1 has an invalid length. [ 987.563417][T27341] nvme_fabrics: missing parameter 'transport=%s' [ 987.621099][T27341] nvme_fabrics: missing parameter 'nqn=%s' [ 989.312474][T27371] netlink: 326 bytes leftover after parsing attributes in process `syz.3.9073'. [ 990.095276][T27384] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9077'. [ 990.302515][T27387] netlink: 222 bytes leftover after parsing attributes in process `syz.2.9079'. [ 990.463501][T27384] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9077'. [ 991.871444][T27408] netlink: 122 bytes leftover after parsing attributes in process `syz.0.9088'. [ 992.532432][T27421] FAULT_INJECTION: forcing a failure. [ 992.532432][T27421] name failslab, interval 1, probability 0, space 0, times 0 [ 992.651499][T27421] CPU: 1 UID: 0 PID: 27421 Comm: syz.0.9093 Tainted: G L syzkaller #0 PREEMPT(full) [ 992.651568][T27421] Tainted: [L]=SOFTLOCKUP [ 992.651580][T27421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 992.651602][T27421] Call Trace: [ 992.651614][T27421] [ 992.651627][T27421] dump_stack_lvl+0x100/0x190 [ 992.651689][T27421] should_fail_ex.cold+0x5/0xa [ 992.651732][T27421] should_failslab+0xc2/0x120 [ 992.651770][T27421] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 992.651830][T27421] ? alloc_io_context+0x21/0x2f0 [ 992.651960][T27421] ? set_task_ioprio+0x48f/0x670 [ 992.652011][T27421] alloc_io_context+0x21/0x2f0 [ 992.652055][T27421] set_task_ioprio+0x49e/0x670 [ 992.652103][T27421] __do_sys_ioprio_set+0x55c/0xb40 [ 992.652171][T27421] ? __do_sys_ioprio_set+0x3de/0xb40 [ 992.652221][T27421] do_syscall_64+0x106/0xf80 [ 992.652275][T27421] ? clear_bhb_loop+0x40/0x90 [ 992.652322][T27421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.652360][T27421] RIP: 0033:0x7f259a99c799 [ 992.652389][T27421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 992.652423][T27421] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb [ 992.652454][T27421] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 992.652479][T27421] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 992.652500][T27421] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 992.652529][T27421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 992.652552][T27421] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 992.652600][T27421] [ 993.122111][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.130159][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.974826][T27451] netlink: 330 bytes leftover after parsing attributes in process `syz.1.9104'. [ 995.313488][T27454] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9106'. [ 995.358351][T27454] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9106'. [ 996.420683][T27465] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 996.429062][T27465] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 996.487351][ T5833] block nbd4: Receive control failed (result -32) [ 996.911400][T27470] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9113'. [ 997.457741][T27471] FAULT_INJECTION: forcing a failure. [ 997.457741][T27471] name failslab, interval 1, probability 0, space 0, times 0 [ 997.564816][T27471] CPU: 0 UID: 0 PID: 27471 Comm: syz.0.9112 Tainted: G L syzkaller #0 PREEMPT(full) [ 997.564880][T27471] Tainted: [L]=SOFTLOCKUP [ 997.564893][T27471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 997.564918][T27471] Call Trace: [ 997.564932][T27471] [ 997.564948][T27471] dump_stack_lvl+0x100/0x190 [ 997.565016][T27471] should_fail_ex.cold+0x5/0xa [ 997.565061][T27471] should_failslab+0xc2/0x120 [ 997.565106][T27471] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 997.565174][T27471] ? security_inode_alloc+0x3b/0x2c0 [ 997.565215][T27471] ? lockdep_init_map_type+0x5c/0x250 [ 997.565275][T27471] security_inode_alloc+0x3b/0x2c0 [ 997.565316][T27471] inode_init_always_gfp+0xced/0x1040 [ 997.565365][T27471] alloc_inode+0x8e/0x250 [ 997.565418][T27471] path_from_stashed+0x25b/0x750 [ 997.565459][T27471] ? do_raw_spin_unlock+0x145/0x1e0 [ 997.565527][T27471] ns_get_path+0x60/0x80 [ 997.565575][T27471] proc_ns_get_link+0x121/0x230 [ 997.565640][T27471] ? __pfx_proc_ns_get_link+0x10/0x10 [ 997.565704][T27471] ? atime_needs_update+0x8b/0x6b0 [ 997.565766][T27471] pick_link+0xd17/0x13c0 [ 997.565824][T27471] ? __pfx_proc_ns_get_link+0x10/0x10 [ 997.565886][T27471] step_into_slowpath+0x9ba/0xf90 [ 997.565956][T27471] ? __pfx_step_into_slowpath+0x10/0x10 [ 997.566016][T27471] ? find_held_lock+0x2b/0x80 [ 997.566068][T27471] path_openat+0xf95/0x31a0 [ 997.566126][T27471] ? __pfx_path_openat+0x10/0x10 [ 997.566180][T27471] do_file_open+0x20e/0x430 [ 997.566224][T27471] ? __pfx_do_file_open+0x10/0x10 [ 997.566296][T27471] ? alloc_fd+0x476/0x790 [ 997.566337][T27471] ? do_getname+0x191/0x390 [ 997.566391][T27471] do_sys_openat2+0x10d/0x1e0 [ 997.566443][T27471] ? __pfx_do_sys_openat2+0x10/0x10 [ 997.566499][T27471] ? __fget_files+0x21f/0x3d0 [ 997.566542][T27471] __x64_sys_openat+0x12d/0x210 [ 997.566609][T27471] ? __pfx___x64_sys_openat+0x10/0x10 [ 997.566679][T27471] do_syscall_64+0x106/0xf80 [ 997.566740][T27471] ? clear_bhb_loop+0x40/0x90 [ 997.566791][T27471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 997.566831][T27471] RIP: 0033:0x7f259a95cfce [ 997.566863][T27471] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 997.566902][T27471] RSP: 002b:00007f2598bf5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 997.566938][T27471] RAX: ffffffffffffffda RBX: 00007f2598bf66c0 RCX: 00007f259a95cfce [ 997.566964][T27471] RDX: 0000000000000002 RSI: 00007f2598bf5f90 RDI: ffffffffffffff9c [ 997.566987][T27471] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 997.567009][T27471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 997.567031][T27471] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 997.567077][T27471] [ 999.736282][T27504] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9123'. [ 999.912250][T27508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9126'. [ 1000.667949][T27509] Invalid ELF header magic: != ELF [ 1001.509867][T27528] netlink: 'syz.0.9136': attribute type 15 has an invalid length. [ 1001.551319][T27528] netlink: 186 bytes leftover after parsing attributes in process `syz.0.9136'. [ 1001.694749][T27530] netlink: 330 bytes leftover after parsing attributes in process `syz.3.9137'. [ 1002.204387][T27541] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9142'. [ 1002.524212][T27548] netlink: 342 bytes leftover after parsing attributes in process `syz.2.9145'. [ 1003.788217][T27566] futex_wake_op: syz.0.9152 tries to shift op by -2048; fix this program [ 1003.850022][T27566] 0x000400000001-0x00042c074b3b : "" [ 1003.882754][T27566] mtd: partition "" is out of reach -- disabled [ 1003.960609][T27566] ftl_cs: FTL header not found. [ 1004.128714][T27574] ERROR: Out of memory at tomoyo_memory_ok. [ 1004.339181][T27577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9156'. [ 1004.362912][T27577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9156'. [ 1004.692912][T27585] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9159'. [ 1004.739676][T27589] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9160'. [ 1004.882206][T27589] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1004.965399][T27589] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1004.996448][T27594] input: jJǼ-9%vlQ J86 as /devices/virtual/input/input23 [ 1005.020399][T27589] bond0 (unregistering): Released all slaves [ 1005.271775][T27596] netlink: 74 bytes leftover after parsing attributes in process `syz.0.9162'. [ 1006.142275][T27609] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input24 [ 1006.524840][T27620] netlink: 350 bytes leftover after parsing attributes in process `syz.3.9172'. [ 1008.835707][T27667] sctp: [Deprecated]: syz.3.9189 (pid 27667) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1008.835707][T27667] Use struct sctp_sack_info instead [ 1012.173066][T27711] nvme_fcloop: unknown parameter or missing value '7=";&L=j"Yq'R"' [ 1013.423453][T27735] FAULT_INJECTION: forcing a failure. [ 1013.423453][T27735] name fail_futex, interval 1, probability 0, space 0, times 1 [ 1013.437316][T27735] CPU: 1 UID: 0 PID: 27735 Comm: syz.1.9215 Tainted: G L syzkaller #0 PREEMPT(full) [ 1013.437372][T27735] Tainted: [L]=SOFTLOCKUP [ 1013.437384][T27735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1013.437406][T27735] Call Trace: [ 1013.437418][T27735] [ 1013.437430][T27735] dump_stack_lvl+0x100/0x190 [ 1013.437493][T27735] should_fail_ex.cold+0x5/0xa [ 1013.437539][T27735] should_fail_futex+0x4c/0x60 [ 1013.437583][T27735] futex_lock_pi_atomic+0xe7/0xaf0 [ 1013.437648][T27735] futex_lock_pi+0x246/0x7b0 [ 1013.437707][T27735] ? __pfx_futex_lock_pi+0x10/0x10 [ 1013.437762][T27735] ? __pfx___futex_wait+0x10/0x10 [ 1013.437816][T27735] ? lockdep_hardirqs_on+0x78/0x100 [ 1013.437905][T27735] ? __pfx_futex_wake_mark+0x10/0x10 [ 1013.437971][T27735] ? ksys_write+0x190/0x250 [ 1013.438005][T27735] ? ksys_write+0x190/0x250 [ 1013.438046][T27735] do_futex+0x18a/0x350 [ 1013.438105][T27735] ? __pfx_do_futex+0x10/0x10 [ 1013.438163][T27735] __x64_sys_futex+0x34f/0x4d0 [ 1013.438223][T27735] ? __pfx___x64_sys_futex+0x10/0x10 [ 1013.438285][T27735] do_syscall_64+0x106/0xf80 [ 1013.438338][T27735] ? clear_bhb_loop+0x40/0x90 [ 1013.438382][T27735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1013.438418][T27735] RIP: 0033:0x7f4a06b9c799 [ 1013.438446][T27735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1013.438481][T27735] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1013.438514][T27735] RAX: ffffffffffffffda RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 1013.438537][T27735] RDX: 0000000000000001 RSI: 0000000000000006 RDI: 0000000000000000 [ 1013.438558][T27735] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 00000000fffffffa [ 1013.438580][T27735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1013.438599][T27735] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 1013.438643][T27735] [ 1014.379084][ T29] audit: type=1804 audit(4295004600.416:26): pid=27757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.9220" name=2F6E6577726F6F742F3932342F50524F46494C455F56455253494F4E3D32303135303530350A302D434F4D4D454E543D0A302D505245464552454E43453D7B206D61785F61756469745F6C6F673D3332206D61785F6C6561726E696E675F656E7472793D3634207D0A302D434F4E4649473D7B206D6F64653D6C6561726E696E67206772616E745F6C6F673D6E6F2072656A6563745F6C6F673D796573207D0A dev="tmpfs" ino=4707 res=1 errno=0 [ 1015.411641][T27784] FAULT_INJECTION: forcing a failure. [ 1015.411641][T27784] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.458479][T27784] CPU: 1 UID: 0 PID: 27784 Comm: syz.3.9232 Tainted: G L syzkaller #0 PREEMPT(full) [ 1015.458543][T27784] Tainted: [L]=SOFTLOCKUP [ 1015.458555][T27784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1015.458577][T27784] Call Trace: [ 1015.458588][T27784] [ 1015.458603][T27784] dump_stack_lvl+0x100/0x190 [ 1015.458669][T27784] should_fail_ex.cold+0x5/0xa [ 1015.458710][T27784] should_failslab+0xc2/0x120 [ 1015.458749][T27784] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1015.458796][T27784] ? __alloc_workqueue+0x1a0/0x1880 [ 1015.458850][T27784] __alloc_workqueue+0x1a0/0x1880 [ 1015.458893][T27784] ? __pfx_vsnprintf+0x10/0x10 [ 1015.458941][T27784] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1015.459005][T27784] ? lockdep_hardirqs_on+0x78/0x100 [ 1015.459058][T27784] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1015.459112][T27784] alloc_workqueue_noprof+0xd2/0x200 [ 1015.459156][T27784] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1015.459211][T27784] ? __pfx___debug_object_init+0x10/0x10 [ 1015.459353][T27784] nci_register_device+0x21e/0xb80 [ 1015.459442][T27784] ? __pfx_nci_register_device+0x10/0x10 [ 1015.459492][T27784] ? lockdep_init_map_type+0x5c/0x250 [ 1015.459549][T27784] virtual_ncidev_open+0x141/0x220 [ 1015.459670][T27784] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1015.459720][T27784] misc_open+0x26d/0x450 [ 1015.459816][T27784] ? __pfx_misc_open+0x10/0x10 [ 1015.459859][T27784] chrdev_open+0x234/0x6a0 [ 1015.459898][T27784] ? __pfx_apparmor_file_open+0x10/0x10 [ 1015.459937][T27784] ? __pfx_chrdev_open+0x10/0x10 [ 1015.459986][T27784] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1015.460038][T27784] do_dentry_open+0x6d8/0x1660 [ 1015.460075][T27784] ? __pfx_chrdev_open+0x10/0x10 [ 1015.460130][T27784] vfs_open+0x82/0x3f0 [ 1015.460184][T27784] path_openat+0x208c/0x31a0 [ 1015.460238][T27784] ? __pfx_path_openat+0x10/0x10 [ 1015.460296][T27784] do_file_open+0x20e/0x430 [ 1015.460341][T27784] ? __pfx_do_file_open+0x10/0x10 [ 1015.460412][T27784] ? alloc_fd+0x476/0x790 [ 1015.460453][T27784] ? do_getname+0x191/0x390 [ 1015.460503][T27784] do_sys_openat2+0x10d/0x1e0 [ 1015.460553][T27784] ? __pfx_do_sys_openat2+0x10/0x10 [ 1015.460605][T27784] ? __fget_files+0x21f/0x3d0 [ 1015.460648][T27784] __x64_sys_openat+0x12d/0x210 [ 1015.460699][T27784] ? __pfx___x64_sys_openat+0x10/0x10 [ 1015.460762][T27784] do_syscall_64+0x106/0xf80 [ 1015.460814][T27784] ? clear_bhb_loop+0x40/0x90 [ 1015.460864][T27784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1015.460902][T27784] RIP: 0033:0x7f6fc7b9c799 [ 1015.460933][T27784] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1015.460978][T27784] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1015.461012][T27784] RAX: ffffffffffffffda RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 1015.461038][T27784] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1015.461062][T27784] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1015.461084][T27784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1015.461107][T27784] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 1015.461152][T27784] [ 1016.412390][T27788] netlink: 'syz.1.9234': attribute type 19 has an invalid length. [ 1016.424621][T27788] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9234'. [ 1017.355887][T27806] netlink: 186 bytes leftover after parsing attributes in process `syz.3.9241'. [ 1017.387196][T27806] netlink: 186 bytes leftover after parsing attributes in process `syz.3.9241'. [ 1018.288830][T27821] FAULT_INJECTION: forcing a failure. [ 1018.288830][T27821] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1018.319046][T27821] CPU: 0 UID: 0 PID: 27821 Comm: syz.3.9246 Tainted: G L syzkaller #0 PREEMPT(full) [ 1018.319109][T27821] Tainted: [L]=SOFTLOCKUP [ 1018.319123][T27821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1018.319144][T27821] Call Trace: [ 1018.319157][T27821] [ 1018.319184][T27821] dump_stack_lvl+0x100/0x190 [ 1018.319251][T27821] should_fail_ex.cold+0x5/0xa [ 1018.319287][T27821] ? prepare_alloc_pages+0x16d/0x5f0 [ 1018.319336][T27821] should_fail_alloc_page+0xeb/0x140 [ 1018.319382][T27821] prepare_alloc_pages+0x1f0/0x5f0 [ 1018.319424][T27821] ? arch_stack_walk+0xa6/0xf0 [ 1018.319465][T27821] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1018.319529][T27821] ? stack_trace_save+0x8e/0xc0 [ 1018.319564][T27821] ? __pfx_stack_trace_save+0x10/0x10 [ 1018.319610][T27821] ? stack_depot_save_flags+0x27/0x9d0 [ 1018.319668][T27821] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1018.319725][T27821] ? kasan_save_stack+0x3f/0x50 [ 1018.319775][T27821] ? kasan_save_stack+0x30/0x50 [ 1018.319827][T27821] ? kasan_save_track+0x14/0x30 [ 1018.319879][T27821] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1018.319933][T27821] ? move_page_tables+0x3224/0x4500 [ 1018.319983][T27821] ? copy_vma_and_data+0x25c/0x7c0 [ 1018.320031][T27821] ? move_vma+0x51b/0x1890 [ 1018.320076][T27821] ? mremap_to+0x1b7/0x450 [ 1018.320123][T27821] ? do_mremap+0xb76/0x2130 [ 1018.320203][T27821] ? __do_sys_mremap+0x126/0x170 [ 1018.320256][T27821] ? do_syscall_64+0x106/0xf80 [ 1018.320308][T27821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.320362][T27821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1018.320425][T27821] ? policy_nodemask+0xed/0x4f0 [ 1018.320464][T27821] alloc_pages_mpol+0x1fb/0x550 [ 1018.320505][T27821] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1018.320554][T27821] alloc_pages_noprof+0x131/0x390 [ 1018.320595][T27821] pte_alloc_one+0x1c/0x3d0 [ 1018.320636][T27821] __pte_alloc+0x6d/0x3e0 [ 1018.320672][T27821] ? __pfx___pte_alloc+0x10/0x10 [ 1018.320710][T27821] ? _raw_spin_unlock+0x28/0x50 [ 1018.320754][T27821] ? __pmd_alloc+0x3fb/0x950 [ 1018.320800][T27821] move_page_tables+0x257e/0x4500 [ 1018.320852][T27821] ? __pfx_copy_vma+0x10/0x10 [ 1018.320920][T27821] ? __pfx_move_page_tables+0x10/0x10 [ 1018.320993][T27821] ? finish_task_switch.isra.0+0x200/0xb80 [ 1018.321038][T27821] copy_vma_and_data+0x25c/0x7c0 [ 1018.321094][T27821] ? __pfx_copy_vma_and_data+0x10/0x10 [ 1018.321173][T27821] ? __vma_start_write+0x17f/0x280 [ 1018.321223][T27821] ? __pfx___vma_start_write+0x10/0x10 [ 1018.321284][T27821] move_vma+0x51b/0x1890 [ 1018.321346][T27821] ? __pfx_move_vma+0x10/0x10 [ 1018.321403][T27821] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 1018.321446][T27821] ? cap_mmap_addr+0x4b/0x120 [ 1018.321504][T27821] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1018.321536][T27821] ? security_mmap_addr+0x71/0x1e0 [ 1018.321581][T27821] ? __get_unmapped_area+0x255/0x3e0 [ 1018.321632][T27821] ? vrm_set_new_addr+0x204/0x290 [ 1018.321688][T27821] mremap_to+0x1b7/0x450 [ 1018.321742][T27821] do_mremap+0xb76/0x2130 [ 1018.321812][T27821] ? __pfx_do_mremap+0x10/0x10 [ 1018.321874][T27821] ? ksys_write+0x190/0x250 [ 1018.321919][T27821] __do_sys_mremap+0x126/0x170 [ 1018.321971][T27821] ? __pfx___do_sys_mremap+0x10/0x10 [ 1018.322038][T27821] ? __x64_sys_futex+0x34f/0x4d0 [ 1018.322109][T27821] do_syscall_64+0x106/0xf80 [ 1018.322159][T27821] ? clear_bhb_loop+0x40/0x90 [ 1018.322214][T27821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.322253][T27821] RIP: 0033:0x7f6fc7b9c799 [ 1018.322284][T27821] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1018.322321][T27821] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1018.322357][T27821] RAX: ffffffffffffffda RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 1018.322381][T27821] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 1018.322403][T27821] RBP: 00007f6fc7c32c99 R08: 0000000100000000 R09: 0000000000000000 [ 1018.322426][T27821] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1018.322447][T27821] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 1018.322493][T27821] [ 1019.662120][T27847] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9255'. [ 1020.442845][T27863] netlink: zone id is out of range [ 1020.489031][T27863] netlink: zone id is out of range [ 1020.510425][T27863] netlink: zone id is out of range [ 1020.519425][T27863] netlink: zone id is out of range [ 1020.599411][T27864] netlink: zone id is out of range [ 1020.616760][T27863] netlink: set zone limit has 8 unknown bytes [ 1020.634118][T27864] netlink: zone id is out of range [ 1020.673338][T27864] netlink: zone id is out of range [ 1020.713470][T27864] netlink: zone id is out of range [ 1020.795019][T27864] netlink: set zone limit has 8 unknown bytes [ 1021.860059][T27890] FAULT_INJECTION: forcing a failure. [ 1021.860059][T27890] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1021.884395][T27890] CPU: 1 UID: 0 PID: 27890 Comm: syz.0.9272 Tainted: G L syzkaller #0 PREEMPT(full) [ 1021.884466][T27890] Tainted: [L]=SOFTLOCKUP [ 1021.884479][T27890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1021.884502][T27890] Call Trace: [ 1021.884514][T27890] [ 1021.884528][T27890] dump_stack_lvl+0x100/0x190 [ 1021.884594][T27890] should_fail_ex.cold+0x5/0xa [ 1021.884631][T27890] ? prepare_alloc_pages+0x16d/0x5f0 [ 1021.884678][T27890] should_fail_alloc_page+0xeb/0x140 [ 1021.884722][T27890] prepare_alloc_pages+0x1f0/0x5f0 [ 1021.884772][T27890] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1021.884841][T27890] ? __lock_acquire+0x4a5/0x2630 [ 1021.884893][T27890] ? __lock_acquire+0x4a5/0x2630 [ 1021.884938][T27890] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1021.885001][T27890] ? __lock_acquire+0x4a5/0x2630 [ 1021.885045][T27890] ? look_up_lock_class+0x55/0x120 [ 1021.885113][T27890] ? lock_acquire+0x1cf/0x380 [ 1021.885161][T27890] ? find_held_lock+0x2b/0x80 [ 1021.885199][T27890] ? page_table_check_set+0x49a/0xa10 [ 1021.885232][T27890] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1021.885295][T27890] ? policy_nodemask+0xed/0x4f0 [ 1021.885337][T27890] alloc_pages_mpol+0x1fb/0x550 [ 1021.885376][T27890] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1021.885438][T27890] folio_alloc_mpol_noprof+0x36/0x340 [ 1021.885488][T27890] vma_alloc_folio_noprof+0xed/0x1d0 [ 1021.885535][T27890] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1021.885594][T27890] do_anonymous_page+0xb3a/0x1fb0 [ 1021.885658][T27890] __handle_mm_fault+0x1d42/0x2b60 [ 1021.885721][T27890] ? __pfx___handle_mm_fault+0x10/0x10 [ 1021.885774][T27890] ? pte_offset_map_lock+0x174/0x320 [ 1021.885813][T27890] ? find_held_lock+0x2b/0x80 [ 1021.885860][T27890] ? follow_page_pte+0x5b3/0x1400 [ 1021.885910][T27890] handle_mm_fault+0x36d/0xa20 [ 1021.885968][T27890] __get_user_pages+0xf9c/0x34d0 [ 1021.886027][T27890] ? __pfx___get_user_pages+0x10/0x10 [ 1021.886080][T27890] populate_vma_page_range+0x267/0x3f0 [ 1021.886128][T27890] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1021.886170][T27890] ? __pfx_find_vma_intersection+0x10/0x10 [ 1021.886212][T27890] ? do_mmap+0x93f/0x12f0 [ 1021.886257][T27890] __mm_populate+0x107/0x3a0 [ 1021.886303][T27890] ? __pfx___mm_populate+0x10/0x10 [ 1021.886349][T27890] ? up_write+0x290/0x4f0 [ 1021.886406][T27890] vm_mmap_pgoff+0x37f/0x470 [ 1021.886464][T27890] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1021.886510][T27890] ? do_futex+0x192/0x350 [ 1021.886557][T27890] ? __pfx_do_futex+0x10/0x10 [ 1021.886612][T27890] ksys_mmap_pgoff+0xe1/0x650 [ 1021.886652][T27890] ? __x64_sys_futex+0x34f/0x4d0 [ 1021.886695][T27890] ? __x64_sys_futex+0x358/0x4d0 [ 1021.886743][T27890] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1021.886783][T27890] ? xfd_validate_state+0x129/0x190 [ 1021.886845][T27890] __x64_sys_mmap+0x125/0x190 [ 1021.886904][T27890] do_syscall_64+0x106/0xf80 [ 1021.886963][T27890] ? clear_bhb_loop+0x40/0x90 [ 1021.887008][T27890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.887049][T27890] RIP: 0033:0x7f259a99c799 [ 1021.887082][T27890] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1021.887122][T27890] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1021.887157][T27890] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 1021.887182][T27890] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1021.887205][T27890] RBP: 00007f259aa32c99 R08: ffffffffffffffff R09: 0000000000000000 [ 1021.887230][T27890] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1021.887253][T27890] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 1021.887300][T27890] [ 1022.889311][T27898] FAULT_INJECTION: forcing a failure. [ 1022.889311][T27898] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.909426][T27898] CPU: 1 UID: 0 PID: 27898 Comm: syz.1.9275 Tainted: G L syzkaller #0 PREEMPT(full) [ 1022.909485][T27898] Tainted: [L]=SOFTLOCKUP [ 1022.909499][T27898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1022.909520][T27898] Call Trace: [ 1022.909530][T27898] [ 1022.909541][T27898] dump_stack_lvl+0x100/0x190 [ 1022.909596][T27898] should_fail_ex.cold+0x5/0xa [ 1022.909631][T27898] should_failslab+0xc2/0x120 [ 1022.909663][T27898] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1022.909705][T27898] ? rfkill_fop_open+0x1b6/0x750 [ 1022.909829][T27898] ? lockdep_init_map_type+0x5c/0x250 [ 1022.909872][T27898] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1022.909908][T27898] rfkill_fop_open+0x1b6/0x750 [ 1022.909947][T27898] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1022.909980][T27898] misc_open+0x26d/0x450 [ 1022.910018][T27898] ? __pfx_misc_open+0x10/0x10 [ 1022.910051][T27898] chrdev_open+0x234/0x6a0 [ 1022.910081][T27898] ? __pfx_apparmor_file_open+0x10/0x10 [ 1022.910112][T27898] ? __pfx_chrdev_open+0x10/0x10 [ 1022.910146][T27898] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1022.910185][T27898] do_dentry_open+0x6d8/0x1660 [ 1022.910217][T27898] ? __pfx_chrdev_open+0x10/0x10 [ 1022.910260][T27898] vfs_open+0x82/0x3f0 [ 1022.910338][T27898] path_openat+0x208c/0x31a0 [ 1022.910387][T27898] ? __pfx_path_openat+0x10/0x10 [ 1022.910431][T27898] do_file_open+0x20e/0x430 [ 1022.910466][T27898] ? __pfx_do_file_open+0x10/0x10 [ 1022.910519][T27898] ? alloc_fd+0x476/0x790 [ 1022.910550][T27898] ? do_getname+0x191/0x390 [ 1022.910588][T27898] do_sys_openat2+0x10d/0x1e0 [ 1022.910625][T27898] ? __pfx_do_sys_openat2+0x10/0x10 [ 1022.910666][T27898] ? __fget_files+0x21f/0x3d0 [ 1022.910698][T27898] __x64_sys_openat+0x12d/0x210 [ 1022.910751][T27898] ? __pfx___x64_sys_openat+0x10/0x10 [ 1022.910809][T27898] do_syscall_64+0x106/0xf80 [ 1022.910863][T27898] ? clear_bhb_loop+0x40/0x90 [ 1022.910909][T27898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1022.910947][T27898] RIP: 0033:0x7f4a06b9c799 [ 1022.910981][T27898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1022.911027][T27898] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1022.911060][T27898] RAX: ffffffffffffffda RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 1022.911083][T27898] RDX: 0000000000020001 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 1022.911106][T27898] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1022.911131][T27898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1022.911150][T27898] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 1022.911187][T27898] [ 1023.218131][T27900] ubi0: attaching mtd0 [ 1023.226373][T27900] ubi0: scanning is finished [ 1023.240734][T27900] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1023.494201][T27905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9277'. [ 1023.566921][T27905] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1023.594479][T27900] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1023.602925][T27905] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1023.648542][T27905] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1023.656238][T27905] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1024.592608][T27925] netlink: 130 bytes leftover after parsing attributes in process `syz.3.9284'. [ 1026.403069][T27967] FAULT_INJECTION: forcing a failure. [ 1026.403069][T27967] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1026.461364][T27967] CPU: 0 UID: 0 PID: 27967 Comm: syz.3.9301 Tainted: G L syzkaller #0 PREEMPT(full) [ 1026.461441][T27967] Tainted: [L]=SOFTLOCKUP [ 1026.461455][T27967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1026.461478][T27967] Call Trace: [ 1026.461491][T27967] [ 1026.461506][T27967] dump_stack_lvl+0x100/0x190 [ 1026.461572][T27967] should_fail_ex.cold+0x5/0xa [ 1026.461610][T27967] ? prepare_alloc_pages+0x16d/0x5f0 [ 1026.461658][T27967] should_fail_alloc_page+0xeb/0x140 [ 1026.461700][T27967] prepare_alloc_pages+0x1f0/0x5f0 [ 1026.461749][T27967] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1026.461819][T27967] ? __lock_acquire+0x4a5/0x2630 [ 1026.461867][T27967] ? css_rstat_updated+0x1ce/0x5a0 [ 1026.461913][T27967] ? __pfx_css_rstat_updated+0x10/0x10 [ 1026.461954][T27967] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1026.462020][T27967] ? rcu_is_watching+0x12/0xc0 [ 1026.462082][T27967] ? __lock_acquire+0x4a5/0x2630 [ 1026.462130][T27967] ? __lock_acquire+0x4a5/0x2630 [ 1026.462174][T27967] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1026.462236][T27967] ? policy_nodemask+0xed/0x4f0 [ 1026.462278][T27967] alloc_pages_mpol+0x1fb/0x550 [ 1026.462318][T27967] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1026.462356][T27967] ? find_held_lock+0x2b/0x80 [ 1026.462399][T27967] ? filemap_get_entry+0x1a7/0x3b0 [ 1026.462461][T27967] ? filemap_get_entry+0x1a7/0x3b0 [ 1026.462524][T27967] folio_alloc_noprof+0x22/0x330 [ 1026.462571][T27967] filemap_alloc_folio_noprof.part.0+0x377/0x450 [ 1026.462617][T27967] ? __pfx_filemap_get_entry+0x10/0x10 [ 1026.462673][T27967] ? filemap_add_folio+0x114/0x690 [ 1026.462730][T27967] ? __pfx_filemap_alloc_folio_noprof.part.0+0x10/0x10 [ 1026.462782][T27967] ? rcu_is_watching+0x12/0xc0 [ 1026.462842][T27967] __filemap_get_folio_mpol+0x6a4/0xe70 [ 1026.462910][T27967] ioctx_alloc+0x7e4/0x21d0 [ 1026.462970][T27967] ? __pfx_ioctx_alloc+0x10/0x10 [ 1026.463021][T27967] __x64_sys_io_setup+0xc9/0x220 [ 1026.463065][T27967] do_syscall_64+0x106/0xf80 [ 1026.463121][T27967] ? clear_bhb_loop+0x40/0x90 [ 1026.463167][T27967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.463208][T27967] RIP: 0033:0x7f6fc7b9c799 [ 1026.463239][T27967] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1026.463277][T27967] RSP: 002b:00007f6fc89fb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1026.463314][T27967] RAX: ffffffffffffffda RBX: 00007f6fc7e15fa0 RCX: 00007f6fc7b9c799 [ 1026.463338][T27967] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 1026.463361][T27967] RBP: 00007f6fc7c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1026.463384][T27967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1026.463417][T27967] R13: 00007f6fc7e16038 R14: 00007f6fc7e15fa0 R15: 00007ffdba1cedd8 [ 1026.463463][T27967] [ 1029.225632][T28009] netlink: 25 bytes leftover after parsing attributes in process `syz.1.9317'. [ 1029.837161][T28022] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9322'. [ 1029.889363][T28022] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode [ 1029.921374][T28022] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 1033.974336][T28107] netlink: 218 bytes leftover after parsing attributes in process `syz.1.9355'. [ 1034.306341][T28116] netlink: 206 bytes leftover after parsing attributes in process `syz.3.9359'. [ 1034.319379][T28114] netlink: 330 bytes leftover after parsing attributes in process `syz.1.9358'. [ 1037.213350][T28166] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9376'. [ 1038.957697][T28200] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9389'. [ 1038.976875][T28200] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1039.005080][T28200] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1039.068706][T28200] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1039.105238][T28200] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1039.804755][T28218] FAULT_INJECTION: forcing a failure. [ 1039.804755][T28218] name failslab, interval 1, probability 0, space 0, times 0 [ 1039.856198][T28218] CPU: 1 UID: 0 PID: 28218 Comm: syz.1.9396 Tainted: G L syzkaller #0 PREEMPT(full) [ 1039.856257][T28218] Tainted: [L]=SOFTLOCKUP [ 1039.856271][T28218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1039.856295][T28218] Call Trace: [ 1039.856308][T28218] [ 1039.856322][T28218] dump_stack_lvl+0x100/0x190 [ 1039.856389][T28218] should_fail_ex.cold+0x5/0xa [ 1039.856433][T28218] should_failslab+0xc2/0x120 [ 1039.856473][T28218] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1039.856523][T28218] ? snd_pcm_oss_open+0x5e5/0x1390 [ 1039.856564][T28218] ? rcu_is_watching+0x12/0xc0 [ 1039.856628][T28218] snd_pcm_oss_open+0x5e5/0x1390 [ 1039.856668][T28218] ? kasan_quarantine_put+0x104/0x240 [ 1039.856736][T28218] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 1039.856790][T28218] ? __lock_acquire+0x4a5/0x2630 [ 1039.856840][T28218] ? __pfx_default_wake_function+0x10/0x10 [ 1039.856882][T28218] ? __lock_acquire+0x4a5/0x2630 [ 1039.856937][T28218] ? do_raw_spin_lock+0x128/0x260 [ 1039.856994][T28218] ? soundcore_open+0x231/0x5a0 [ 1039.857035][T28218] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 1039.857078][T28218] soundcore_open+0x2e3/0x5a0 [ 1039.857118][T28218] ? __pfx_soundcore_open+0x10/0x10 [ 1039.857155][T28218] chrdev_open+0x234/0x6a0 [ 1039.857192][T28218] ? __pfx_apparmor_file_open+0x10/0x10 [ 1039.857230][T28218] ? __pfx_chrdev_open+0x10/0x10 [ 1039.857271][T28218] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1039.857318][T28218] do_dentry_open+0x6d8/0x1660 [ 1039.857353][T28218] ? __pfx_chrdev_open+0x10/0x10 [ 1039.857400][T28218] vfs_open+0x82/0x3f0 [ 1039.857451][T28218] path_openat+0x208c/0x31a0 [ 1039.857505][T28218] ? __pfx_path_openat+0x10/0x10 [ 1039.857559][T28218] do_file_open+0x20e/0x430 [ 1039.857600][T28218] ? __pfx_do_file_open+0x10/0x10 [ 1039.857670][T28218] ? alloc_fd+0x476/0x790 [ 1039.857711][T28218] ? do_getname+0x191/0x390 [ 1039.857770][T28218] do_sys_openat2+0x10d/0x1e0 [ 1039.857820][T28218] ? __pfx_do_sys_openat2+0x10/0x10 [ 1039.857871][T28218] ? __fget_files+0x21f/0x3d0 [ 1039.857916][T28218] __x64_sys_openat+0x12d/0x210 [ 1039.857967][T28218] ? __pfx___x64_sys_openat+0x10/0x10 [ 1039.858033][T28218] do_syscall_64+0x106/0xf80 [ 1039.858090][T28218] ? clear_bhb_loop+0x40/0x90 [ 1039.858138][T28218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1039.858177][T28218] RIP: 0033:0x7f4a06b9c799 [ 1039.858209][T28218] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1039.858244][T28218] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1039.858281][T28218] RAX: ffffffffffffffda RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 1039.858305][T28218] RDX: 0000000000020342 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1039.858330][T28218] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1039.858353][T28218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1039.858375][T28218] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 1039.858421][T28218] [ 1040.965700][T28245] netlink: 330 bytes leftover after parsing attributes in process `syz.2.9408'. [ 1042.007502][T28250] NFSD: Failed to start, no listeners configured. [ 1043.943410][T28288] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9424'. [ 1044.273166][T28297] netlink: 326 bytes leftover after parsing attributes in process `syz.3.9428'. [ 1044.650501][ T29] audit: type=1804 audit(4295004630.686:27): pid=28309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.9431" name="/newroot/986/file0" dev="tmpfs" ino=5020 res=1 errno=0 [ 1045.229296][T28313] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9433'. [ 1045.775968][T28326] block nbd5: Unsupported socket: should be TCP or UNIX. [ 1047.005981][T28353] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9449'. [ 1048.688764][T28381] netlink: 'syz.3.9459': attribute type 4 has an invalid length. [ 1048.696824][T28381] netlink: 314 bytes leftover after parsing attributes in process `syz.3.9459'. [ 1049.482739][T28399] random: crng reseeded on system resumption [ 1049.509109][T28399] FAULT_INJECTION: forcing a failure. [ 1049.509109][T28399] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1049.584507][T28399] CPU: 1 UID: 0 PID: 28399 Comm: syz.1.9466 Tainted: G L syzkaller #0 PREEMPT(full) [ 1049.584567][T28399] Tainted: [L]=SOFTLOCKUP [ 1049.584582][T28399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1049.584606][T28399] Call Trace: [ 1049.584619][T28399] [ 1049.584635][T28399] dump_stack_lvl+0x100/0x190 [ 1049.584703][T28399] should_fail_ex.cold+0x5/0xa [ 1049.584740][T28399] ? prepare_alloc_pages+0x16d/0x5f0 [ 1049.584788][T28399] should_fail_alloc_page+0xeb/0x140 [ 1049.584831][T28399] prepare_alloc_pages+0x1f0/0x5f0 [ 1049.584882][T28399] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1049.584942][T28399] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1049.585012][T28399] ? stack_trace_save+0x8e/0xc0 [ 1049.585051][T28399] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1049.585105][T28399] ? stack_depot_save_flags+0x27/0x9d0 [ 1049.585154][T28399] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1049.585217][T28399] ? kasan_save_stack+0x3f/0x50 [ 1049.585276][T28399] ? kasan_save_stack+0x30/0x50 [ 1049.585345][T28399] ? kasan_save_track+0x14/0x30 [ 1049.585413][T28399] ? do_sys_openat2+0x10d/0x1e0 [ 1049.585459][T28399] ? __x64_sys_openat+0x12d/0x210 [ 1049.585506][T28399] ? do_syscall_64+0x106/0xf80 [ 1049.585558][T28399] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1049.585599][T28399] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1049.585664][T28399] ? policy_nodemask+0xed/0x4f0 [ 1049.585706][T28399] alloc_pages_mpol+0x1fb/0x550 [ 1049.585747][T28399] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1049.585787][T28399] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1049.585834][T28399] alloc_pages_noprof+0x131/0x390 [ 1049.585875][T28399] get_zeroed_page_noprof+0x18/0xb0 [ 1049.585916][T28399] get_image_page+0x18/0x1a0 [ 1049.585976][T28399] alloc_rtree_node+0x3c/0xb0 [ 1049.586035][T28399] memory_bm_create+0x65e/0xba0 [ 1049.586111][T28399] create_basic_memory_bitmaps+0x10b/0x350 [ 1049.586159][T28399] snapshot_open+0x230/0x2a0 [ 1049.586201][T28399] ? __pfx_snapshot_open+0x10/0x10 [ 1049.586245][T28399] misc_open+0x26d/0x450 [ 1049.586288][T28399] ? __pfx_misc_open+0x10/0x10 [ 1049.586340][T28399] chrdev_open+0x234/0x6a0 [ 1049.586379][T28399] ? __pfx_apparmor_file_open+0x10/0x10 [ 1049.586416][T28399] ? __pfx_chrdev_open+0x10/0x10 [ 1049.586457][T28399] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1049.586518][T28399] do_dentry_open+0x6d8/0x1660 [ 1049.586556][T28399] ? __pfx_chrdev_open+0x10/0x10 [ 1049.586606][T28399] vfs_open+0x82/0x3f0 [ 1049.586658][T28399] path_openat+0x208c/0x31a0 [ 1049.586711][T28399] ? __pfx_path_openat+0x10/0x10 [ 1049.586766][T28399] do_file_open+0x20e/0x430 [ 1049.586809][T28399] ? __pfx_do_file_open+0x10/0x10 [ 1049.586877][T28399] ? alloc_fd+0x476/0x790 [ 1049.586920][T28399] ? do_getname+0x191/0x390 [ 1049.586972][T28399] do_sys_openat2+0x10d/0x1e0 [ 1049.587021][T28399] ? __pfx_do_sys_openat2+0x10/0x10 [ 1049.587072][T28399] ? __fget_files+0x21f/0x3d0 [ 1049.587117][T28399] __x64_sys_openat+0x12d/0x210 [ 1049.587169][T28399] ? __pfx___x64_sys_openat+0x10/0x10 [ 1049.587236][T28399] do_syscall_64+0x106/0xf80 [ 1049.587287][T28399] ? clear_bhb_loop+0x40/0x90 [ 1049.587343][T28399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1049.587385][T28399] RIP: 0033:0x7f4a06b9c799 [ 1049.587417][T28399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1049.587455][T28399] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1049.587493][T28399] RAX: ffffffffffffffda RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 1049.587519][T28399] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1049.587544][T28399] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1049.587567][T28399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1049.587589][T28399] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 1049.587637][T28399] [ 1050.745076][ T5833] Bluetooth: hci3: unexpected event 0x03 length: 725 > 11 [ 1053.677155][ T5833] Bluetooth: hci3: unexpected subevent 0x05 length: 123 > 12 [ 1053.882357][T28475] FAULT_INJECTION: forcing a failure. [ 1053.882357][T28475] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1053.896778][T28475] CPU: 1 UID: 0 PID: 28475 Comm: syz.0.9499 Tainted: G L syzkaller #0 PREEMPT(full) [ 1053.896832][T28475] Tainted: [L]=SOFTLOCKUP [ 1053.896846][T28475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1053.896867][T28475] Call Trace: [ 1053.896878][T28475] [ 1053.896889][T28475] dump_stack_lvl+0x100/0x190 [ 1053.896948][T28475] should_fail_ex.cold+0x5/0xa [ 1053.896980][T28475] ? prepare_alloc_pages+0x16d/0x5f0 [ 1053.897018][T28475] should_fail_alloc_page+0xeb/0x140 [ 1053.897054][T28475] prepare_alloc_pages+0x1f0/0x5f0 [ 1053.897094][T28475] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1053.897145][T28475] ? reacquire_held_locks+0xce/0x1e0 [ 1053.897184][T28475] ? folio_lock_anon_vma_read+0x348/0xe30 [ 1053.897228][T28475] ? folio_lock_anon_vma_read+0x348/0xe30 [ 1053.897272][T28475] ? __up_read+0x2c5/0x700 [ 1053.897320][T28475] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1053.897364][T28475] ? __pfx___up_read+0x10/0x10 [ 1053.897403][T28475] ? rmap_walk_anon+0x561/0x870 [ 1053.897485][T28475] __folio_alloc_noprof+0x13/0x2f0 [ 1053.897535][T28475] alloc_migration_target+0x1d7/0x6d0 [ 1053.897575][T28475] migrate_pages_batch+0x4f2/0x4530 [ 1053.897616][T28475] ? __pfx_alloc_migration_target+0x10/0x10 [ 1053.897663][T28475] ? walk_pgd_range+0x1115/0x1eb0 [ 1053.897709][T28475] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1053.897772][T28475] migrate_pages_sync+0x12c/0x880 [ 1053.897809][T28475] ? __pfx_alloc_migration_target+0x10/0x10 [ 1053.897852][T28475] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1053.897884][T28475] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 1053.897928][T28475] ? walk_page_range_mm_unsafe+0x32c/0xa10 [ 1053.897981][T28475] migrate_pages+0x1aae/0x28a0 [ 1053.898021][T28475] ? __pfx_alloc_migration_target+0x10/0x10 [ 1053.898063][T28475] ? __pfx_migrate_pages+0x10/0x10 [ 1053.898099][T28475] ? queue_pages_range+0x11e/0x180 [ 1053.898147][T28475] ? __up_read+0x2c5/0x700 [ 1053.898189][T28475] ? __pfx___up_read+0x10/0x10 [ 1053.898228][T28475] ? do_migrate_pages+0x451/0x740 [ 1053.898258][T28475] ? do_migrate_pages+0x451/0x740 [ 1053.898296][T28475] do_migrate_pages+0x488/0x740 [ 1053.898337][T28475] ? __pfx_do_migrate_pages+0x10/0x10 [ 1053.898374][T28475] ? rcu_is_watching+0x12/0xc0 [ 1053.898428][T28475] ? cap_capable+0x107/0x460 [ 1053.898478][T28475] ? get_task_mm+0xc2/0xf0 [ 1053.898511][T28475] ? security_capable+0xbd/0x260 [ 1053.898567][T28475] kernel_migrate_pages+0x560/0x700 [ 1053.898600][T28475] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 1053.898632][T28475] ? xfd_validate_state+0x129/0x190 [ 1053.898685][T28475] __x64_sys_migrate_pages+0x96/0x100 [ 1053.898719][T28475] ? lockdep_hardirqs_on+0x78/0x100 [ 1053.898764][T28475] do_syscall_64+0x106/0xf80 [ 1053.898806][T28475] ? clear_bhb_loop+0x40/0x90 [ 1053.898843][T28475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1053.898877][T28475] RIP: 0033:0x7f259a99c799 [ 1053.898905][T28475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1053.898941][T28475] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 1053.898973][T28475] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 1053.898993][T28475] RDX: 0000200000000100 RSI: 000000000000000a RDI: 0000000000000000 [ 1053.899012][T28475] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1053.899030][T28475] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000 [ 1053.899048][T28475] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 1053.899085][T28475] [ 1054.559199][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.565846][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.586063][T28481] netlink: 326 bytes leftover after parsing attributes in process `syz.0.9501'. [ 1055.731372][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 1055.982423][T28507] futex_wake_op: syz.1.9512 tries to shift op by -2048; fix this program [ 1056.256776][T28505] zswap: compressor not available [ 1056.605293][T28525] FAULT_INJECTION: forcing a failure. [ 1056.605293][T28525] name failslab, interval 1, probability 0, space 0, times 0 [ 1056.619644][T28525] CPU: 0 UID: 0 PID: 28525 Comm: syz.1.9520 Tainted: G L syzkaller #0 PREEMPT(full) [ 1056.619714][T28525] Tainted: [L]=SOFTLOCKUP [ 1056.619727][T28525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1056.619749][T28525] Call Trace: [ 1056.619761][T28525] [ 1056.619775][T28525] dump_stack_lvl+0x100/0x190 [ 1056.619840][T28525] should_fail_ex.cold+0x5/0xa [ 1056.619885][T28525] ? drm_atomic_state_init+0x190/0x490 [ 1056.620061][T28525] should_failslab+0xc2/0x120 [ 1056.620144][T28525] __kmalloc_noprof+0xe0/0x850 [ 1056.620214][T28525] drm_atomic_state_init+0x190/0x490 [ 1056.620257][T28525] ? kasan_save_track+0x14/0x30 [ 1056.620315][T28525] drm_atomic_state_alloc+0xd3/0x120 [ 1056.620357][T28525] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 1056.620482][T28525] ? trace_contention_end+0x140/0x180 [ 1056.620539][T28525] ? __mutex_lock+0x26a/0x1b90 [ 1056.620601][T28525] ? __mutex_lock+0x26a/0x1b90 [ 1056.620656][T28525] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1056.620726][T28525] ? drm_master_internal_acquire+0x21/0x80 [ 1056.620817][T28525] drm_client_modeset_commit_locked+0x14d/0x580 [ 1056.620878][T28525] drm_client_modeset_commit+0x4f/0x80 [ 1056.620932][T28525] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1056.621047][T28525] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1056.621107][T28525] drm_fbdev_client_restore+0x1b/0x30 [ 1056.621181][T28525] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1056.621222][T28525] drm_client_dev_restore+0x205/0x2a0 [ 1056.621282][T28525] drm_release+0x2c6/0x360 [ 1056.621379][T28525] ? __pfx_drm_release+0x10/0x10 [ 1056.621426][T28525] __fput+0x3ff/0xb40 [ 1056.621481][T28525] task_work_run+0x150/0x240 [ 1056.621539][T28525] ? __pfx_task_work_run+0x10/0x10 [ 1056.621608][T28525] exit_to_user_mode_loop+0x100/0x4a0 [ 1056.621663][T28525] do_syscall_64+0x668/0xf80 [ 1056.621727][T28525] ? clear_bhb_loop+0x40/0x90 [ 1056.621776][T28525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1056.621813][T28525] RIP: 0033:0x7f4a06b9c799 [ 1056.621844][T28525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1056.621879][T28525] RSP: 002b:00007f4a07aaf028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1056.621916][T28525] RAX: 0000000000000000 RBX: 00007f4a06e15fa0 RCX: 00007f4a06b9c799 [ 1056.621940][T28525] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1056.621961][T28525] RBP: 00007f4a06c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1056.621983][T28525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1056.622004][T28525] R13: 00007f4a06e16038 R14: 00007f4a06e15fa0 R15: 00007ffd29eef458 [ 1056.622053][T28525] [ 1060.605204][T28587] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9543'. [ 1061.022854][T28593] x_tables: duplicate underflow at hook 4 [ 1064.125275][T28640] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9561'. [ 1068.932200][T28723] zswap: compressor 000 not available [ 1069.462710][T28749] netlink: 326 bytes leftover after parsing attributes in process `syz.1.9592'. [ 1072.156466][T28785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9603'. [ 1072.574089][T28789] zswap: compressor not available [ 1072.957216][T28811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9614'. [ 1073.042032][T28811] netlink: 354 bytes leftover after parsing attributes in process `syz.2.9614'. [ 1074.449970][T28850] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9630'. [ 1075.195583][T28858] netlink: 74 bytes leftover after parsing attributes in process `syz.0.9634'. [ 1075.539364][T28874] netlink: 'syz.3.9640': attribute type 4 has an invalid length. [ 1075.547899][T28874] netlink: 314 bytes leftover after parsing attributes in process `syz.3.9640'. [ 1076.416099][T28888] netlink: 74 bytes leftover after parsing attributes in process `syz.2.9645'. [ 1076.979818][T28909] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9650'. [ 1081.254878][T28990] netlink: 334 bytes leftover after parsing attributes in process `syz.2.9679'. [ 1082.035144][T29009] random: crng reseeded on system resumption [ 1082.205367][T29010] Unrecognized hibernate image header format! [ 1082.241408][T29010] PM: hibernation: Image mismatch: architecture specific data [ 1083.026374][T29028] CIFS: VFS: Invalid SecurityFlags: [ 1084.193365][T29049] ACPI: button: Initial lid state set to 'ignore' [ 1085.394639][T29075] ======================================================= [ 1085.394639][T29075] WARNING: The mand mount option has been deprecated and [ 1085.394639][T29075] and is ignored by this kernel. Remove the mand [ 1085.394639][T29075] option from the mount to silence this warning. [ 1085.394639][T29075] ======================================================= [ 1086.563666][T29094] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9720'. [ 1088.862466][T29141] nbd: socks must be embedded in a SOCK_ITEM attr [ 1088.893467][T29141] block nbd5: shutting down sockets [ 1089.775005][T29156] zswap: compressor not available [ 1091.732653][T29195] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9758'. [ 1092.794713][T29218] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9767'. [ 1095.325960][T29249] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9776'. [ 1095.361539][T29249] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9776'. [ 1095.748232][T29251] netlink: 326 bytes leftover after parsing attributes in process `syz.1.9777'. [ 1097.828588][T29281] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9788'. [ 1099.055843][T29296] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9794'. [ 1101.662010][T29327] netlink: 334 bytes leftover after parsing attributes in process `syz.3.9806'. [ 1103.383071][T29351] netlink: 504 bytes leftover after parsing attributes in process `syz.2.9811'. [ 1105.611188][T29380] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9815'. [ 1106.486508][T29400] netlink: 'syz.2.9823': attribute type 14 has an invalid length. [ 1106.515884][T29400] netlink: 330 bytes leftover after parsing attributes in process `syz.2.9823'. [ 1107.277547][T29413] netlink: 334 bytes leftover after parsing attributes in process `syz.1.9827'. [ 1107.379654][T29416] UHID_CREATE from different security context by process 5537 (syz.0.9830), this is not allowed. [ 1107.661502][T29418] FAULT_INJECTION: forcing a failure. [ 1107.661502][T29418] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.711310][T29418] CPU: 1 UID: 0 PID: 29418 Comm: syz.0.9831 Tainted: G L syzkaller #0 PREEMPT(full) [ 1107.711376][T29418] Tainted: [L]=SOFTLOCKUP [ 1107.711389][T29418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1107.711412][T29418] Call Trace: [ 1107.711425][T29418] [ 1107.711439][T29418] dump_stack_lvl+0x100/0x190 [ 1107.711506][T29418] should_fail_ex.cold+0x5/0xa [ 1107.711548][T29418] should_failslab+0xc2/0x120 [ 1107.711590][T29418] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1107.711639][T29418] ? __do_sys_memfd_create+0x170/0x3d0 [ 1107.711699][T29418] __do_sys_memfd_create+0x170/0x3d0 [ 1107.711753][T29418] do_syscall_64+0x106/0xf80 [ 1107.711809][T29418] ? clear_bhb_loop+0x40/0x90 [ 1107.711852][T29418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.711889][T29418] RIP: 0033:0x7f259a99c799 [ 1107.711921][T29418] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1107.711959][T29418] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1107.711994][T29418] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 1107.712019][T29418] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 [ 1107.712040][T29418] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1107.712062][T29418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1107.712084][T29418] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 1107.712142][T29418] [ 1109.428978][T29424] syz.3.9829(29424): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1110.665768][T29461] netlink: 326 bytes leftover after parsing attributes in process `syz.2.9842'. [ 1112.025294][T29489] netlink: 338 bytes leftover after parsing attributes in process `syz.2.9849'. [ 1112.766554][T29501] [U] [ 1115.679927][T29545] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9867'. [ 1115.994072][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.000600][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.021743][T29547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9876'. [ 1117.580629][T29569] FAULT_INJECTION: forcing a failure. [ 1117.580629][T29569] name failslab, interval 1, probability 0, space 0, times 0 [ 1117.614916][T29569] CPU: 1 UID: 0 PID: 29569 Comm: syz.0.9872 Tainted: G L syzkaller #0 PREEMPT(full) [ 1117.614980][T29569] Tainted: [L]=SOFTLOCKUP [ 1117.614993][T29569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1117.615017][T29569] Call Trace: [ 1117.615029][T29569] [ 1117.615048][T29569] dump_stack_lvl+0x100/0x190 [ 1117.615115][T29569] should_fail_ex.cold+0x5/0xa [ 1117.615170][T29569] should_failslab+0xc2/0x120 [ 1117.615213][T29569] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1117.615265][T29569] ? vm_area_alloc+0x1f/0x160 [ 1117.615312][T29569] ? vma_merge_new_range+0x38b/0xa30 [ 1117.615359][T29569] ? __sanitizer_cov_trace_switch+0x10/0x90 [ 1117.615421][T29569] vm_area_alloc+0x1f/0x160 [ 1117.615465][T29569] __mmap_region+0x10cc/0x29e0 [ 1117.615520][T29569] ? __pfx___mmap_region+0x10/0x10 [ 1117.615610][T29569] ? sched_clock+0x38/0x60 [ 1117.615673][T29569] ? lockdep_hardirqs_on+0x78/0x100 [ 1117.615726][T29569] ? finish_task_switch.isra.0+0x205/0xb80 [ 1117.615765][T29569] ? rcu_is_watching+0x12/0xc0 [ 1117.615861][T29569] ? rcu_is_watching+0x12/0xc0 [ 1117.615913][T29569] ? cap_capable+0x107/0x460 [ 1117.615980][T29569] mmap_region+0x180/0x3e0 [ 1117.616041][T29569] do_mmap+0xc63/0x12f0 [ 1117.616087][T29569] ? __pfx_do_mmap+0x10/0x10 [ 1117.616138][T29569] ? __pfx_down_write_killable+0x10/0x10 [ 1117.616184][T29569] vm_mmap_pgoff+0x29e/0x470 [ 1117.616235][T29569] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1117.616278][T29569] ? do_futex+0x192/0x350 [ 1117.616329][T29569] ? __pfx_do_futex+0x10/0x10 [ 1117.616381][T29569] ksys_mmap_pgoff+0xe1/0x650 [ 1117.616420][T29569] ? __x64_sys_futex+0x34f/0x4d0 [ 1117.616464][T29569] ? __x64_sys_futex+0x358/0x4d0 [ 1117.616512][T29569] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1117.616551][T29569] ? xfd_validate_state+0x129/0x190 [ 1117.616609][T29569] __x64_sys_mmap+0x125/0x190 [ 1117.616669][T29569] do_syscall_64+0x106/0xf80 [ 1117.616721][T29569] ? clear_bhb_loop+0x40/0x90 [ 1117.616766][T29569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1117.616804][T29569] RIP: 0033:0x7f259a99c799 [ 1117.616835][T29569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1117.616874][T29569] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1117.616911][T29569] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 1117.616936][T29569] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1117.616960][T29569] RBP: 00007f259aa32c99 R08: fffffffffffffffa R09: 0000000000008000 [ 1117.616984][T29569] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1117.617006][T29569] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 1117.617052][T29569] [ 1120.178072][T29613] ptrace attach of "./syz-executor exec"[17765] was attempted by ""[29613] [ 1120.346767][T29620] netlink: 342 bytes leftover after parsing attributes in process `syz.0.9895'. [ 1120.639458][T29626] Console: switching to colour VGA+ 80x25 [ 1120.756461][T29626] ================================================================== [ 1120.756496][T29626] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1120.756595][T29626] Read of size 26 at addr ffff88802a9738ea by task syz.0.9898/29626 [ 1120.756627][T29626] [ 1120.756649][T29626] CPU: 1 UID: 0 PID: 29626 Comm: syz.0.9898 Tainted: G L syzkaller #0 PREEMPT(full) [ 1120.756701][T29626] Tainted: [L]=SOFTLOCKUP [ 1120.756714][T29626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1120.756737][T29626] Call Trace: [ 1120.756749][T29626] [ 1120.756764][T29626] dump_stack_lvl+0x100/0x190 [ 1120.756828][T29626] print_report+0x156/0x4c9 [ 1120.756889][T29626] ? __virt_addr_valid+0x81/0x620 [ 1120.756939][T29626] ? __phys_addr+0xe8/0x180 [ 1120.756986][T29626] ? fbcon_prepare_logo+0x94e/0xc60 [ 1120.757022][T29626] kasan_report+0xdf/0x1e0 [ 1120.757060][T29626] ? fbcon_prepare_logo+0x94e/0xc60 [ 1120.757103][T29626] kasan_check_range+0x10f/0x1e0 [ 1120.757148][T29626] __asan_memcpy+0x23/0x60 [ 1120.757197][T29626] fbcon_prepare_logo+0x94e/0xc60 [ 1120.757245][T29626] fbcon_init+0x10a0/0x1820 [ 1120.757287][T29626] visual_init+0x320/0x620 [ 1120.757374][T29626] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1120.757458][T29626] store_bind+0x609/0x730 [ 1120.757512][T29626] ? __pfx_store_bind+0x10/0x10 [ 1120.757560][T29626] dev_attr_store+0x58/0x80 [ 1120.757603][T29626] ? __pfx_dev_attr_store+0x10/0x10 [ 1120.757643][T29626] sysfs_kf_write+0xf2/0x150 [ 1120.757691][T29626] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1120.757728][T29626] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1120.757774][T29626] vfs_write+0x6ac/0x1070 [ 1120.757816][T29626] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1120.757858][T29626] ? __pfx_vfs_write+0x10/0x10 [ 1120.757904][T29626] ksys_write+0x12a/0x250 [ 1120.757936][T29626] ? __pfx_ksys_write+0x10/0x10 [ 1120.757973][T29626] do_syscall_64+0x106/0xf80 [ 1120.758029][T29626] ? clear_bhb_loop+0x40/0x90 [ 1120.758070][T29626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.758107][T29626] RIP: 0033:0x7f259a99c799 [ 1120.758134][T29626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1120.758174][T29626] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1120.758209][T29626] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 1120.758233][T29626] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1120.758256][T29626] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1120.758278][T29626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1120.758298][T29626] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 1120.758333][T29626] [ 1120.758346][T29626] [ 1120.758357][T29626] Allocated by task 29626: [ 1120.758384][T29626] kasan_save_stack+0x30/0x50 [ 1120.758444][T29626] kasan_save_track+0x14/0x30 [ 1120.758495][T29626] __kasan_kmalloc+0xaa/0xb0 [ 1120.758545][T29626] drm_atomic_state_alloc+0xb8/0x120 [ 1120.758589][T29626] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 1120.758646][T29626] drm_client_modeset_commit_locked+0x14d/0x580 [ 1120.758697][T29626] drm_client_modeset_commit+0x4f/0x80 [ 1120.758745][T29626] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1120.758806][T29626] drm_fb_helper_set_par+0x15a/0x1b0 [ 1120.758850][T29626] fbcon_init+0x139c/0x1820 [ 1120.758887][T29626] visual_init+0x320/0x620 [ 1120.758923][T29626] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1120.758970][T29626] store_bind+0x609/0x730 [ 1120.759012][T29626] dev_attr_store+0x58/0x80 [ 1120.759050][T29626] sysfs_kf_write+0xf2/0x150 [ 1120.759091][T29626] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1120.759126][T29626] vfs_write+0x6ac/0x1070 [ 1120.759153][T29626] ksys_write+0x12a/0x250 [ 1120.759182][T29626] do_syscall_64+0x106/0xf80 [ 1120.759230][T29626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.759265][T29626] [ 1120.759274][T29626] Freed by task 29626: [ 1120.759290][T29626] kasan_save_stack+0x30/0x50 [ 1120.759342][T29626] kasan_save_track+0x14/0x30 [ 1120.759394][T29626] kasan_save_free_info+0x3b/0x70 [ 1120.759437][T29626] __kasan_slab_free+0x5f/0x80 [ 1120.759467][T29626] kfree+0x1f6/0x6b0 [ 1120.759509][T29626] __drm_atomic_state_free+0x25b/0x2f0 [ 1120.759551][T29626] drm_client_modeset_commit_atomic+0x5f3/0x7e0 [ 1120.759599][T29626] drm_client_modeset_commit_locked+0x14d/0x580 [ 1120.759650][T29626] drm_client_modeset_commit+0x4f/0x80 [ 1120.759696][T29626] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1120.759747][T29626] drm_fb_helper_set_par+0x15a/0x1b0 [ 1120.759788][T29626] fbcon_init+0x139c/0x1820 [ 1120.759832][T29626] visual_init+0x320/0x620 [ 1120.759870][T29626] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1120.759918][T29626] store_bind+0x609/0x730 [ 1120.759961][T29626] dev_attr_store+0x58/0x80 [ 1120.759999][T29626] sysfs_kf_write+0xf2/0x150 [ 1120.760039][T29626] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1120.760076][T29626] vfs_write+0x6ac/0x1070 [ 1120.760106][T29626] ksys_write+0x12a/0x250 [ 1120.760136][T29626] do_syscall_64+0x106/0xf80 [ 1120.760186][T29626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.760221][T29626] [ 1120.760230][T29626] The buggy address belongs to the object at ffff88802a973800 [ 1120.760230][T29626] which belongs to the cache kmalloc-192 of size 192 [ 1120.760260][T29626] The buggy address is located 42 bytes to the right of [ 1120.760260][T29626] allocated 192-byte region [ffff88802a973800, ffff88802a9738c0) [ 1120.760298][T29626] [ 1120.760310][T29626] The buggy address belongs to the physical page: [ 1120.760335][T29626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a973 [ 1120.760373][T29626] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1120.760404][T29626] page_type: f5(slab) [ 1120.760435][T29626] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 1120.760473][T29626] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1120.760495][T29626] page dumped because: kasan: bad access detected [ 1120.760521][T29626] page_owner tracks the page as allocated [ 1120.760534][T29626] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 10834844570, free_ts 10321837856 [ 1120.760593][T29626] post_alloc_hook+0x153/0x170 [ 1120.760641][T29626] get_page_from_freelist+0x111d/0x3140 [ 1120.760695][T29626] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1120.760750][T29626] new_slab+0xa6/0x6b0 [ 1120.760793][T29626] refill_objects+0x26b/0x400 [ 1120.760846][T29626] __pcs_replace_empty_main+0x1ab/0x660 [ 1120.760897][T29626] __kmalloc_noprof+0x688/0x850 [ 1120.760946][T29626] usb_alloc_urb+0x66/0xa0 [ 1120.761062][T29626] usb_control_msg+0x1d3/0x4b0 [ 1120.761105][T29626] hub_power_on+0x193/0x4f0 [ 1120.761146][T29626] hub_activate+0x1537/0x1d50 [ 1120.761188][T29626] hub_probe.cold+0x2eca/0x2ed5 [ 1120.761246][T29626] usb_probe_interface+0x303/0x8f0 [ 1120.761280][T29626] really_probe+0x241/0xa60 [ 1120.761313][T29626] __driver_probe_device+0x1de/0x400 [ 1120.761346][T29626] driver_probe_device+0x4c/0x1b0 [ 1120.761382][T29626] page last free pid 10 tgid 10 stack trace: [ 1120.761404][T29626] __free_frozen_pages+0x7e1/0x10d0 [ 1120.761450][T29626] vfree.part.0+0x12b/0x9d0 [ 1120.761488][T29626] delayed_vfree_work+0x8e/0xd0 [ 1120.761529][T29626] process_one_work+0xa23/0x19a0 [ 1120.761578][T29626] worker_thread+0x5ef/0xe50 [ 1120.761625][T29626] kthread+0x370/0x450 [ 1120.761670][T29626] ret_from_fork+0x754/0xd80 [ 1120.761720][T29626] ret_from_fork_asm+0x1a/0x30 [ 1120.761758][T29626] [ 1120.761767][T29626] Memory state around the buggy address: [ 1120.761786][T29626] ffff88802a973780: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 1120.761820][T29626] ffff88802a973800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1120.761848][T29626] >ffff88802a973880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1120.761869][T29626] ^ [ 1120.761892][T29626] ffff88802a973900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1120.761917][T29626] ffff88802a973980: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc [ 1120.761938][T29626] ================================================================== [ 1120.776329][T29626] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1120.776368][T29626] CPU: 1 UID: 0 PID: 29626 Comm: syz.0.9898 Tainted: G L syzkaller #0 PREEMPT(full) [ 1120.776424][T29626] Tainted: [L]=SOFTLOCKUP [ 1120.776439][T29626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1120.776463][T29626] Call Trace: [ 1120.776475][T29626] [ 1120.776491][T29626] dump_stack_lvl+0x100/0x190 [ 1120.776557][T29626] vpanic+0x552/0x970 [ 1120.776594][T29626] ? __pfx_vpanic+0x10/0x10 [ 1120.776631][T29626] ? fbcon_prepare_logo+0x94e/0xc60 [ 1120.776670][T29626] panic+0xd1/0xe0 [ 1120.776703][T29626] ? __pfx_panic+0x10/0x10 [ 1120.776742][T29626] ? fbcon_prepare_logo+0x94e/0xc60 [ 1120.776779][T29626] ? preempt_schedule_common+0x42/0xc0 [ 1120.776851][T29626] check_panic_on_warn.cold+0x19/0x34 [ 1120.776894][T29626] end_report.part.0+0x3a/0x90 [ 1120.776947][T29626] kasan_report.cold+0xe/0x18 [ 1120.776996][T29626] ? fbcon_prepare_logo+0x94e/0xc60 [ 1120.777040][T29626] kasan_check_range+0x10f/0x1e0 [ 1120.777085][T29626] __asan_memcpy+0x23/0x60 [ 1120.777135][T29626] fbcon_prepare_logo+0x94e/0xc60 [ 1120.777183][T29626] fbcon_init+0x10a0/0x1820 [ 1120.777225][T29626] visual_init+0x320/0x620 [ 1120.777270][T29626] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1120.777331][T29626] store_bind+0x609/0x730 [ 1120.777384][T29626] ? __pfx_store_bind+0x10/0x10 [ 1120.777429][T29626] dev_attr_store+0x58/0x80 [ 1120.777471][T29626] ? __pfx_dev_attr_store+0x10/0x10 [ 1120.777510][T29626] sysfs_kf_write+0xf2/0x150 [ 1120.777555][T29626] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1120.777594][T29626] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1120.777642][T29626] vfs_write+0x6ac/0x1070 [ 1120.777676][T29626] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1120.777716][T29626] ? __pfx_vfs_write+0x10/0x10 [ 1120.777763][T29626] ksys_write+0x12a/0x250 [ 1120.777804][T29626] ? __pfx_ksys_write+0x10/0x10 [ 1120.777846][T29626] do_syscall_64+0x106/0xf80 [ 1120.777901][T29626] ? clear_bhb_loop+0x40/0x90 [ 1120.777946][T29626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.777982][T29626] RIP: 0033:0x7f259a99c799 [ 1120.778011][T29626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1120.778050][T29626] RSP: 002b:00007f2598bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1120.778086][T29626] RAX: ffffffffffffffda RBX: 00007f259ac15fa0 RCX: 00007f259a99c799 [ 1120.778110][T29626] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1120.778131][T29626] RBP: 00007f259aa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1120.778153][T29626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1120.778174][T29626] R13: 00007f259ac16038 R14: 00007f259ac15fa0 R15: 00007ffd2f15cfb8 [ 1120.778208][T29626] [ 1120.778826][T29626] Kernel Offset: disabled