last executing test programs: 4m9.09260124s ago: executing program 0 (id=5408): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, r2, 0x8, 0x401, r1, @relative_fd, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x5, 0xf870e9f, 0x7, 0x8}, 0x9) 4m8.749801141s ago: executing program 0 (id=5411): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4188aea7, &(0x7f00000000c0)={0x2, 0x0, [{0xc0000080, 0x400, 0x9}, {0x6790, 0x9, 0x1}]}) 4m8.30462039s ago: executing program 0 (id=5413): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/scsi/device_info\x00', 0x40100, 0x0) pread64$auto(r1, 0x0, 0x10001, 0x830) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) 4m7.959821944s ago: executing program 0 (id=5415): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4a8000, 0x0) select$auto(0xd, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xe34c, 0x9, 0x3, 0xfffffffffffff954, 0xfffffffffffffff8, 0xfff]}, 0x0, &(0x7f0000000080)={0x800000000001ff, 0x401}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x10, 0x2, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 4m6.443111111s ago: executing program 0 (id=5421): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 4m6.138203553s ago: executing program 0 (id=5422): close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "0000c11effffff00"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xb00) 3m50.778166677s ago: executing program 32 (id=5422): close_range$auto(0x0, 0xfffffffffffff000, 0x2) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "0000c11effffff00"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xb00) 14.867239029s ago: executing program 4 (id=6181): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) open(0x0, 0x261c2, 0x84) uname$auto(0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) 13.528151368s ago: executing program 4 (id=6186): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socket(0xf, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0x6, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0x2, 0xd, 0x6, 0x200000100103}) r0 = socket(0x2, 0x801, 0x106) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0x6, 0x2f, 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) getsockopt$auto(0x3, 0x200000000001, 0x1d, 0x0, 0x0) read$auto(0x3, 0x0, 0xf3c) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) 12.969584958s ago: executing program 2 (id=6187): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x8, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = socket(0x18, 0x5, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) write$auto(0xffffffffffffffff, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 12.261035415s ago: executing program 2 (id=6191): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) set_mempolicy$auto(0x1, 0x0, 0x803) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) pkey_free$auto(0xfffffffd) 11.798371801s ago: executing program 4 (id=6194): socket(0x11, 0x3, 0x2) io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) capset$auto(0x0, 0x0) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x20000014) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x4611, 0x0) write$auto(0x3, 0x0, 0x7fffffff) unshare$auto(0x40000080) r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r0, 0x0, 0x20000000001, 0x7fff) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x80180, 0x0) 9.702593308s ago: executing program 3 (id=6198): mmap$auto(0x0, 0x2020009, 0x3, 0xeb9, 0xfffffffffffffffa, 0x48003) mmap$auto(0x6, 0x8, 0x2, 0xacdb, 0x5, 0x0) socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') timerfd_create$auto(0x7, 0x0) timerfd_gettime$auto(0x4, 0x0) listen$auto(0x3, 0x83) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) 8.914527671s ago: executing program 3 (id=6200): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x0, 0x27, 0x0, 0xc) setsockopt$auto(0xffffffffffffffff, 0x29, 0x13, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x9) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) close_range$auto(0x2, 0xa, 0x0) 8.909083942s ago: executing program 4 (id=6201): unlink$auto(0x0) mmap$auto(0x0, 0x101, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 8.303968948s ago: executing program 3 (id=6204): openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0x3, 0x0, 0xfffffdef) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_XFS_IOC_FSINUMBERS(0xffffffffffffffff, 0xc0205867, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x1) getcwd$auto(0x0, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) 7.606278227s ago: executing program 4 (id=6205): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0xffffffffffffffff, 0x8, 0xfffffffc) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) ioctl$auto(0x3, 0x80108907, 0x38) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r0, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) 7.170317175s ago: executing program 2 (id=6207): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xf441, 0x4000000000df, 0xeb1, 0x401, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0001, 0x15) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) 6.678009365s ago: executing program 1 (id=6208): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) adjtimex$auto(&(0x7f0000000000)={0x1ff, 0x0, 0xff, 0x7, 0x8, 0x0, 0x10, 0x0, 0x2, 0xbf, 0x1f6a, {0x0, 0x3}, 0x9, 0x1, 0x2, 0x80000001, 0x0, 0x8, 0x545, 0x1, 0x0, 0x8}) ioctl$auto(0x3, 0x40085400, 0x38) 6.517977623s ago: executing program 1 (id=6209): mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0) read$auto(r0, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4810}, 0x880) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB='\f\x00'], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.609514889s ago: executing program 1 (id=6210): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0x63, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x80000000000000a, 0x40000402, 0x9, 0x9, 0xffffffff80000000, 0xd, 0x6, 0x200000100103}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x29b010c0, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x2c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_TUNNEL_INFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000) 3.230799948s ago: executing program 1 (id=6211): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0xffffffff, 0x2, 0x7a3f, 0x0) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r0, 0x720, 0x0) 2.953525503s ago: executing program 3 (id=6212): openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000001c0), 0x40001, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0xfffffffffffffffd, 0xb, 0xa, 0x40007fff, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x5e, 0x80000001, 0x7, 0x2, 0x93, 0x400000001, 0x2]}, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ext4/sda1/inode_readahead_blks\x00', 0xecc81, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x128, r1, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_TIMEOUT_REASON={0x8, 0xf8, 0x2}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x5}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0xa4}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xed, 0xe8, "068d28681d9d94e53c6a6ffc2addb0c47e0c85b8f47c65b5b0b21f36f0485be96534bbdb39138f12fd4ea03dd6b47c20af71d70b4464456f53ecd6ec645b2ad426b34d67cda3d56989fca45b94770729977ec6c1fdd5e2dacca4223ff8dd104d4923b63550fc6e3172f381c010d666485072f7f251c35cfd198a7ae8ef505d6341e53b3f515b18ff74f990b2ed1827d0b326cc6b49d55f3c2736e4cf76f2d69db785660f6ec56f329a022229cf202532196c3d3b8184e11c31a1e978da38f1df58181ed2c22513f9c3146139d9c3ba32718f1e897176b6710f87fccf909ebf03d7218b4c1347ef461c"}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x17}]}, 0x128}, 0x1, 0x0, 0x0, 0x40000}, 0x50e70b289d29da2f) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(0x3, 0xff, 0x2) write$auto(r0, &(0x7f00000027c0)='9#dL\xff\x15\x01\x00\x00\x00\x00\x00\x00\x00\xff\v\xb5^w/[\x00', 0x400c) unshare$auto(0x0) 2.84473601s ago: executing program 1 (id=6213): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r0 = socket(0x18, 0x5, 0x1) connect$auto(r0, 0x0, 0x3a) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) 2.452636208s ago: executing program 1 (id=6214): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) 2.291619491s ago: executing program 2 (id=6215): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x7f, "4c83486dbb68c058fe4b2e12b91064cd57afad3b00"}) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0) ioctl$auto(0x3, 0xc0303e03, r0) 1.649261878s ago: executing program 2 (id=6216): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x8a603, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0xc0b, 0x8, 0x5, 0x1001, 0xffffffffffffffff, 0xf, 0x1000, 0xb, 0x1, 0xced80000000000, 0x749e, 0x6, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) ioctl$auto(r0, 0x5646, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/ext4/sda1/last_error_block\x00', 0x20880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)=""/17, 0x11) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x40000, 0x0) ioctl$auto_IOC_PR_RESERVE(r3, 0x401070c9, 0x0) r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x1c, r4, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x4}, @MACSEC_ATTR_OFFLOAD={0x4}]}, 0x1c}}, 0x48010) 1.051981535s ago: executing program 3 (id=6217): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1b0026bd7000fddbdf25030000000400081908"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x4) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7000fbdbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 617.262469ms ago: executing program 3 (id=6218): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x1, 0x2688, 0x5, 0x0, 0x7) 565.074765ms ago: executing program 2 (id=6219): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) r1 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x24, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) poll$auto(&(0x7f0000000080)={0x3, 0x1, 0xa}, 0x5, 0x108) 0s ago: executing program 4 (id=6220): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r0 = pipe2$auto(0x0, 0x80) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(r0, 0x5761, 0x4) mmap$auto(0x0, 0xfffffffffffffffd, 0x3, 0xeb5, 0xfffffffffffffffa, 0x8000) r1 = socket(0x22, 0x2, 0x3) mmap$auto(0x100000000000000, 0x2009, 0x9, 0x10000000eb1, r1, 0x3) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mq_open$auto(0x0, 0xffffffff, 0xa, 0x0) setuid$auto(0xe) mq_unlink$auto(0x0) kernel console output (not intermixed with test programs): ibutes in process `syz.0.5135'. [ 807.789259][T19996] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 808.105208][T19995] sp0: Synchronizing with TNC [ 808.560586][T20003] netlink: 266 bytes leftover after parsing attributes in process `syz.2.5149'. [ 808.915929][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.934321][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.066480][T20014] serio: Serial port ttyS2 [ 816.677895][T20114] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5194'. [ 818.902922][T20146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5206'. [ 818.977985][T20146] unsupported nlmsg_type 40 [ 819.885443][T20153] sp0: Synchronizing with TNC [ 820.075381][T20164] random: crng reseeded on system resumption [ 820.193722][T20164] RDS: rds_bind could not find a transport for fe80::736d:2f73:7461:626c, load rds_tcp or rds_rdma? [ 821.322860][T20177] warning: `syz.3.5216' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 822.779135][T20193] sp0: Synchronizing with TNC [ 822.966815][T20196] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 823.423062][T20201] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5225'. [ 825.865742][T20239] netlink: 54 bytes leftover after parsing attributes in process `syz.1.5238'. [ 826.755036][T20246] netlink: 346 bytes leftover after parsing attributes in process `syz.3.5241'. [ 827.236687][T20252] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5243'. [ 827.599436][T20256] serio: Serial port pty6 [ 828.401585][T20268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5250'. [ 828.890014][T20268] syz.3.5250 (20268) used greatest stack depth: 19672 bytes left [ 829.353229][T20282] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5254'. [ 833.366837][T20324] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 833.679714][T20328] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5271'. [ 837.136754][T20368] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 837.187996][T20368] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 837.229098][T20368] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 837.266136][T20368] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 838.447513][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 839.247363][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 839.254231][T17796] Bluetooth: hci3: command 0x0c1a tx timeout [ 839.329539][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 842.340990][T20412] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 842.668724][T20412] File: /dev/ram5 PID: 20412 Comm: syz.0.5298 [ 842.921638][T20419] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5300'. [ 844.771338][T20440] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5309'. [ 845.451814][T20447] netlink: 346 bytes leftover after parsing attributes in process `syz.2.5311'. [ 845.691460][T20449] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5312'. [ 849.120032][T20490] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 849.515016][T20493] sock: sock_timestamping_bind_phc: sock not bind to device [ 849.785470][T20500] netlink: 'syz.3.5329': attribute type 4 has an invalid length. [ 849.827150][T20500] netlink: 314 bytes leftover after parsing attributes in process `syz.3.5329'. [ 851.156570][T20520] ima: policy update failed [ 851.196326][ T30] audit: type=1802 audit(1772869520.279:18): pid=20520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.5337" res=0 errno=0 [ 851.843809][T20529] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5340'. [ 852.461557][T20538] kvm: kvm [20535]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x4000000e) = 0x4 [ 852.990808][T20545] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5348'. [ 853.075749][T20545] bridge0: port 2(bridge_slave_1) entered disabled state [ 853.083144][T20545] bridge0: port 1(bridge_slave_0) entered disabled state [ 854.330499][T20563] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5356'. [ 855.265623][T20577] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5360'. [ 856.228665][T20595] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5366'. [ 856.324016][T20595] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5366'. [ 858.073422][T20623] FAULT_INJECTION: forcing a failure. [ 858.073422][T20623] name failslab, interval 1, probability 0, space 0, times 0 [ 858.156565][T20623] CPU: 0 UID: 0 PID: 20623 Comm: syz.2.5378 Tainted: G U L syzkaller #0 PREEMPT(full) [ 858.156609][T20623] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 858.156618][T20623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 858.156634][T20623] Call Trace: [ 858.156642][T20623] [ 858.156653][T20623] dump_stack_lvl+0x100/0x190 [ 858.156698][T20623] should_fail_ex.cold+0x5/0xa [ 858.156728][T20623] should_failslab+0xc2/0x120 [ 858.156754][T20623] __kmalloc_cache_noprof+0x7a/0x6f0 [ 858.156787][T20623] ? seq_create_client1+0x4d/0x640 [ 858.156829][T20623] ? __pfx_snd_seq_open+0x10/0x10 [ 858.156863][T20623] seq_create_client1+0x4d/0x640 [ 858.156901][T20623] ? __pfx_snd_seq_open+0x10/0x10 [ 858.156936][T20623] snd_seq_open+0x59/0x590 [ 858.156970][T20623] ? __pfx_snd_seq_open+0x10/0x10 [ 858.157003][T20623] snd_open+0x22d/0x4c0 [ 858.157042][T20623] ? __pfx_snd_open+0x10/0x10 [ 858.157079][T20623] chrdev_open+0x234/0x6a0 [ 858.157103][T20623] ? __pfx_apparmor_file_open+0x10/0x10 [ 858.157153][T20623] ? __pfx_chrdev_open+0x10/0x10 [ 858.157180][T20623] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 858.157213][T20623] do_dentry_open+0x6d8/0x1660 [ 858.157237][T20623] ? __pfx_chrdev_open+0x10/0x10 [ 858.157270][T20623] vfs_open+0x82/0x3f0 [ 858.157304][T20623] path_openat+0x208c/0x31a0 [ 858.157339][T20623] ? __pfx_path_openat+0x10/0x10 [ 858.157375][T20623] do_file_open+0x20e/0x430 [ 858.157402][T20623] ? __pfx_do_file_open+0x10/0x10 [ 858.157449][T20623] ? alloc_fd+0x476/0x790 [ 858.157476][T20623] ? do_getname+0x191/0x390 [ 858.157510][T20623] do_sys_openat2+0x10d/0x1e0 [ 858.157543][T20623] ? __pfx_do_sys_openat2+0x10/0x10 [ 858.157586][T20623] __x64_sys_openat+0x12d/0x210 [ 858.157620][T20623] ? __pfx___x64_sys_openat+0x10/0x10 [ 858.157665][T20623] do_syscall_64+0x106/0xf80 [ 858.157696][T20623] ? clear_bhb_loop+0x40/0x90 [ 858.157726][T20623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.157753][T20623] RIP: 0033:0x7efbfe99c799 [ 858.157773][T20623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 858.157798][T20623] RSP: 002b:00007efbfcbee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 858.157822][T20623] RAX: ffffffffffffffda RBX: 00007efbfec15fa0 RCX: 00007efbfe99c799 [ 858.157839][T20623] RDX: 00000000001e3800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 858.157855][T20623] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 858.157871][T20623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 858.157885][T20623] R13: 00007efbfec16038 R14: 00007efbfec15fa0 R15: 00007ffe7817ea68 [ 858.157918][T20623] [ 859.131680][T20637] netlink: 'syz.1.5383': attribute type 5 has an invalid length. [ 859.156437][T20637] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5383'. [ 859.862927][T20650] netlink: 'syz.2.5389': attribute type 1 has an invalid length. [ 859.940606][T20650] netlink: 306 bytes leftover after parsing attributes in process `syz.2.5389'. [ 861.272054][T20673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 861.349938][T20673] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 861.467327][T20673] memcg:ffff888077a58e01 [ 861.467403][T20673] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 861.467428][T20673] page_type: f5(slab) [ 861.467451][T20673] raw: 00fff00000000040 ffff88813fe54280 dead000000000100 dead000000000122 [ 861.467476][T20673] raw: 0000000000000000 0000000800100010 00000000f5000000 ffff888077a58e01 [ 861.467501][T20673] head: 00fff00000000040 ffff88813fe54280 dead000000000100 dead000000000122 [ 861.467526][T20673] head: 0000000000000000 0000000800100010 00000000f5000000 ffff888077a58e01 [ 861.467550][T20673] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 861.467575][T20673] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 861.467591][T20673] page dumped because: unmovable page [ 861.467604][T20673] page_owner tracks the page as allocated [ 861.467629][T20673] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5825, tgid 5825 (syz-executor), ts 95069524203, free_ts 77146292840 [ 861.467681][T20673] post_alloc_hook+0x153/0x170 [ 861.467718][T20673] get_page_from_freelist+0x111d/0x3140 [ 861.467756][T20673] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 861.467794][T20673] new_slab+0xa6/0x6c0 [ 861.467823][T20673] refill_objects+0x26b/0x400 [ 861.509972][T20673] __pcs_replace_empty_main+0x1ab/0x600 [ 861.510022][T20673] __kmalloc_noprof+0x688/0x850 [ 861.510060][T20673] __register_sysctl_table+0xac/0x1650 [ 861.510102][T20673] neigh_sysctl_register+0x326/0x660 [ 861.510132][T20673] devinet_sysctl_register+0xb6/0x210 [ 861.510167][T20673] inetdev_init+0x2b8/0x570 [ 861.510199][T20673] inetdev_event+0x7fa/0x17f0 [ 861.510232][T20673] notifier_call_chain+0x99/0x420 [ 861.510263][T20673] call_netdevice_notifiers_info+0xbe/0x110 [ 861.510311][T20673] register_netdevice+0x16e6/0x2210 [ 861.510344][T20673] veth_newlink+0x44a/0xa00 [ 861.510372][T20673] page last free pid 5705 tgid 5705 stack trace: [ 861.510389][T20673] __free_frozen_pages+0x7e1/0x10d0 [ 861.510420][T20673] qlist_free_all+0x47/0xe0 [ 861.510457][T20673] kasan_quarantine_reduce+0x1a0/0x1f0 [ 861.510496][T20673] __kasan_slab_alloc+0x69/0x90 [ 861.510519][T20673] kmem_cache_alloc_noprof+0x241/0x6e0 [ 861.510558][T20673] do_getname+0x35/0x390 [ 861.510591][T20673] vfs_fstatat+0xd0/0xe0 [ 861.510618][T20673] __do_sys_newfstatat+0x9d/0x120 [ 861.510648][T20673] do_syscall_64+0x106/0xf80 [ 861.510679][T20673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.483493][T20696] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5404'. [ 863.566959][T20700] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5404'. [ 865.915303][T20734] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5417'. [ 866.722871][T20740] FAULT_INJECTION: forcing a failure. [ 866.722871][T20740] name failslab, interval 1, probability 0, space 0, times 0 [ 866.892336][T20740] CPU: 0 UID: 0 PID: 20740 Comm: syz.3.5420 Tainted: G U L syzkaller #0 PREEMPT(full) [ 866.892380][T20740] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 866.892389][T20740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 866.892405][T20740] Call Trace: [ 866.892413][T20740] [ 866.892423][T20740] dump_stack_lvl+0x100/0x190 [ 866.892469][T20740] should_fail_ex.cold+0x5/0xa [ 866.892498][T20740] ? ima_write_template_field_data+0x59/0x1d0 [ 866.892601][T20740] should_failslab+0xc2/0x120 [ 866.892628][T20740] __kmalloc_noprof+0xe0/0x850 [ 866.892666][T20740] ? do_syscall_64+0x106/0xf80 [ 866.892698][T20740] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.892728][T20740] ima_write_template_field_data+0x59/0x1d0 [ 866.892762][T20740] ima_eventdigest_init_common+0x158/0x460 [ 866.892794][T20740] ? __pfx_ima_eventdigest_init_common+0x10/0x10 [ 866.892843][T20740] ? trace_kmalloc+0xb0/0x130 [ 866.892867][T20740] ? __kasan_kmalloc+0xaa/0xb0 [ 866.892906][T20740] ? __kmalloc_noprof+0x320/0x850 [ 866.892951][T20740] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 866.892991][T20740] ima_alloc_init_template+0x399/0x6d0 [ 866.893038][T20740] ima_store_measurement+0x1e3/0x5b0 [ 866.893080][T20740] ? __pfx_ima_store_measurement+0x10/0x10 [ 866.893150][T20740] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 866.893203][T20740] process_measurement+0x19cc/0x2350 [ 866.893247][T20740] ? stack_trace_save+0x8e/0xc0 [ 866.893274][T20740] ? __pfx_process_measurement+0x10/0x10 [ 866.893310][T20740] ? __lock_acquire+0x4a5/0x2630 [ 866.893342][T20740] ? __kasan_slab_alloc+0x89/0x90 [ 866.893366][T20740] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 866.893404][T20740] ? init_file+0x95/0x480 [ 866.893430][T20740] ? alloc_empty_file+0x73/0x1c0 [ 866.893458][T20740] ? alloc_file_pseudo+0x13a/0x230 [ 866.893488][T20740] ? ksys_mmap_pgoff+0x232/0x650 [ 866.893512][T20740] ? __x64_sys_mmap+0x125/0x190 [ 866.893548][T20740] ? do_syscall_64+0x106/0xf80 [ 866.893605][T20740] ? __pfx_aa_file_perm+0x10/0x10 [ 866.893643][T20740] ima_file_mmap+0x1c4/0x1f0 [ 866.893679][T20740] ? __pfx_ima_file_mmap+0x10/0x10 [ 866.893722][T20740] security_mmap_file+0x278/0x9b0 [ 866.893750][T20740] vm_mmap_pgoff+0xec/0x470 [ 866.893781][T20740] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 866.893807][T20740] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 866.893841][T20740] ? hugetlbfs_get_inode+0x36e/0x750 [ 866.893887][T20740] ksys_mmap_pgoff+0x273/0x650 [ 866.893914][T20740] ? __x64_sys_futex+0x358/0x4d0 [ 866.893953][T20740] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 866.893980][T20740] ? xfd_validate_state+0x129/0x190 [ 866.894021][T20740] __x64_sys_mmap+0x125/0x190 [ 866.894065][T20740] do_syscall_64+0x106/0xf80 [ 866.894094][T20740] ? clear_bhb_loop+0x40/0x90 [ 866.894126][T20740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.894152][T20740] RIP: 0033:0x7fb87cb9c799 [ 866.894173][T20740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 866.894198][T20740] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 866.894223][T20740] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 866.894239][T20740] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 866.894254][T20740] RBP: 00007fb87cc32bd9 R08: ffffffffffffffff R09: 0000300000000000 [ 866.894270][T20740] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 866.894285][T20740] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 866.894316][T20740] [ 867.751007][ T30] audit: type=1804 audit(1772869536.551:19): pid=20740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.5420" name="anon_hugepage" dev="hugetlbfs" ino=308720 res=0 errno=0 [ 868.442882][T20756] binder: 20755:20756 ioctl 40046210 0 returned -14 [ 868.531067][T20758] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5427'. [ 868.975325][T20762] FAULT_INJECTION: forcing a failure. [ 868.975325][T20762] name failslab, interval 1, probability 0, space 0, times 0 [ 869.071977][T20762] CPU: 0 UID: 0 PID: 20762 Comm: syz.3.5429 Tainted: G U L syzkaller #0 PREEMPT(full) [ 869.072020][T20762] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 869.072029][T20762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 869.072045][T20762] Call Trace: [ 869.072055][T20762] [ 869.072065][T20762] dump_stack_lvl+0x100/0x190 [ 869.072108][T20762] should_fail_ex.cold+0x5/0xa [ 869.072138][T20762] should_failslab+0xc2/0x120 [ 869.072164][T20762] __kvmalloc_node_noprof+0xfa/0xa00 [ 869.072203][T20762] ? alloc_fdtable+0x17f/0x2d0 [ 869.072249][T20762] alloc_fdtable+0x17f/0x2d0 [ 869.072290][T20762] dup_fd+0x995/0xd10 [ 869.072322][T20762] __x64_sys_close_range+0x405/0x5d0 [ 869.072352][T20762] ? __pfx___x64_sys_close_range+0x10/0x10 [ 869.072388][T20762] do_syscall_64+0x106/0xf80 [ 869.072418][T20762] ? clear_bhb_loop+0x40/0x90 [ 869.072448][T20762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.072474][T20762] RIP: 0033:0x7fb87cb9c799 [ 869.072494][T20762] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 869.072519][T20762] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 869.072543][T20762] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 869.072560][T20762] RDX: 0000000000000002 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 869.072576][T20762] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 869.072591][T20762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.072605][T20762] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 869.072635][T20762] [ 869.829155][T20768] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5431'. [ 870.388356][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.398647][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.671583][T20774] zswap: compressor  not available [ 871.714796][T20795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5441'. [ 871.772915][T20795] netlink: 13 bytes leftover after parsing attributes in process `syz.3.5441'. [ 872.872491][T20811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5447'. [ 873.681922][T20821] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5451'. [ 873.759740][T20821] \: renamed from lo [ 874.615007][T20827] zswap: compressor not available [ 875.234714][T20836] netlink: 'syz.2.5456': attribute type 33 has an invalid length. [ 876.093837][T20843] ERROR: Out of memory at tomoyo_memory_ok. [ 876.956052][T20853] FAULT_INJECTION: forcing a failure. [ 876.956052][T20853] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 877.047086][T20853] CPU: 0 UID: 0 PID: 20853 Comm: syz.3.5463 Tainted: G U L syzkaller #0 PREEMPT(full) [ 877.047129][T20853] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 877.047138][T20853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 877.047158][T20853] Call Trace: [ 877.047165][T20853] [ 877.047176][T20853] dump_stack_lvl+0x100/0x190 [ 877.047218][T20853] should_fail_ex.cold+0x5/0xa [ 877.047243][T20853] ? prepare_alloc_pages+0x16d/0x5f0 [ 877.047274][T20853] should_fail_alloc_page+0xeb/0x140 [ 877.047305][T20853] prepare_alloc_pages+0x1f0/0x5f0 [ 877.047338][T20853] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 877.047381][T20853] ? rcu_is_watching+0x12/0xc0 [ 877.047419][T20853] ? trace_mm_page_alloc+0x17a/0x1d0 [ 877.047448][T20853] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 877.047492][T20853] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 877.047536][T20853] ? find_held_lock+0x2b/0x80 [ 877.047559][T20853] ? is_bpf_text_address+0x8a/0x1a0 [ 877.047597][T20853] ? is_bpf_text_address+0x8a/0x1a0 [ 877.047639][T20853] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 877.047666][T20853] ? is_bpf_text_address+0x94/0x1a0 [ 877.047704][T20853] ? kernel_text_address+0x8d/0x100 [ 877.047741][T20853] ? __kernel_text_address+0xd/0x30 [ 877.047778][T20853] ? unwind_get_return_address+0x59/0xa0 [ 877.047821][T20853] alloc_pages_bulk_noprof+0x782/0x1490 [ 877.047872][T20853] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 877.047914][T20853] ? kasan_save_stack+0x30/0x50 [ 877.047962][T20853] ? alloc_pages_noprof+0x233/0x390 [ 877.047991][T20853] __kasan_populate_vmalloc+0xf0/0x210 [ 877.048036][T20853] alloc_vmap_area+0x95d/0x2bd0 [ 877.048075][T20853] ? __pfx_alloc_vmap_area+0x10/0x10 [ 877.048109][T20853] __get_vm_area_node+0x1ca/0x330 [ 877.048142][T20853] __vmalloc_node_range_noprof+0x213/0x1530 [ 877.048174][T20853] ? n_tty_open+0x1a/0x170 [ 877.048311][T20853] ? look_up_lock_class+0x64/0x120 [ 877.048347][T20853] ? n_tty_open+0x1a/0x170 [ 877.048392][T20853] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 877.048426][T20853] ? __ldsem_down_write_nested+0xfd/0x830 [ 877.048483][T20853] ? __ldsem_down_write_nested+0x10e/0x830 [ 877.048521][T20853] ? is_console_locked+0x9/0x20 [ 877.048555][T20853] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 877.048599][T20853] ? n_tty_open+0x1a/0x170 [ 877.048634][T20853] __vmalloc_node_noprof+0xad/0xf0 [ 877.048664][T20853] ? n_tty_open+0x1a/0x170 [ 877.048702][T20853] ? __pfx_n_tty_open+0x10/0x10 [ 877.048738][T20853] n_tty_open+0x1a/0x170 [ 877.048775][T20853] tty_ldisc_open+0xa2/0x120 [ 877.048809][T20853] tty_ldisc_setup+0x40/0xf0 [ 877.048839][T20853] tty_init_dev.part.0+0x1b5/0x470 [ 877.048877][T20853] tty_open+0xa63/0xfa0 [ 877.048916][T20853] ? __pfx_tty_open+0x10/0x10 [ 877.048948][T20853] ? chrdev_open+0x10b/0x6a0 [ 877.048972][T20853] ? chrdev_open+0x10b/0x6a0 [ 877.049001][T20853] ? __pfx_tty_open+0x10/0x10 [ 877.049034][T20853] chrdev_open+0x234/0x6a0 [ 877.049058][T20853] ? __pfx_apparmor_file_open+0x10/0x10 [ 877.049096][T20853] ? __pfx_chrdev_open+0x10/0x10 [ 877.049123][T20853] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 877.049157][T20853] do_dentry_open+0x6d8/0x1660 [ 877.049182][T20853] ? __pfx_chrdev_open+0x10/0x10 [ 877.049215][T20853] vfs_open+0x82/0x3f0 [ 877.049249][T20853] path_openat+0x208c/0x31a0 [ 877.049286][T20853] ? __pfx_path_openat+0x10/0x10 [ 877.049325][T20853] do_file_open+0x20e/0x430 [ 877.049352][T20853] ? __pfx_do_file_open+0x10/0x10 [ 877.049400][T20853] ? alloc_fd+0x476/0x790 [ 877.049427][T20853] ? do_getname+0x191/0x390 [ 877.049461][T20853] do_sys_openat2+0x10d/0x1e0 [ 877.049494][T20853] ? __pfx_do_sys_openat2+0x10/0x10 [ 877.049530][T20853] ? __fget_files+0x21f/0x3d0 [ 877.049559][T20853] __x64_sys_openat+0x12d/0x210 [ 877.049593][T20853] ? __pfx___x64_sys_openat+0x10/0x10 [ 877.049639][T20853] do_syscall_64+0x106/0xf80 [ 877.049669][T20853] ? clear_bhb_loop+0x40/0x90 [ 877.049700][T20853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.049727][T20853] RIP: 0033:0x7fb87cb9c799 [ 877.049749][T20853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 877.049773][T20853] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 877.049803][T20853] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 877.049819][T20853] RDX: 0000000000000102 RSI: 0000200000000800 RDI: ffffffffffffff9c [ 877.049835][T20853] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 877.049850][T20853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 877.049865][T20853] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 877.049898][T20853] [ 877.996870][T20853] syz.3.5463: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 878.046440][T20853] CPU: 0 UID: 0 PID: 20853 Comm: syz.3.5463 Tainted: G U L syzkaller #0 PREEMPT(full) [ 878.046490][T20853] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 878.046500][T20853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 878.046515][T20853] Call Trace: [ 878.046526][T20853] [ 878.046535][T20853] dump_stack_lvl+0x100/0x190 [ 878.046579][T20853] warn_alloc.cold+0x95/0x1c1 [ 878.046623][T20853] ? __pfx_warn_alloc+0x10/0x10 [ 878.046658][T20853] ? lockdep_hardirqs_on+0x78/0x100 [ 878.046699][T20853] ? __get_vm_area_node+0x2c5/0x330 [ 878.046733][T20853] ? __get_vm_area_node+0x208/0x330 [ 878.046773][T20853] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 878.046808][T20853] ? look_up_lock_class+0x64/0x120 [ 878.046841][T20853] ? n_tty_open+0x1a/0x170 [ 878.046888][T20853] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 878.046921][T20853] ? __ldsem_down_write_nested+0xfd/0x830 [ 878.046959][T20853] ? __ldsem_down_write_nested+0x10e/0x830 [ 878.046996][T20853] ? is_console_locked+0x9/0x20 [ 878.047031][T20853] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 878.047074][T20853] ? n_tty_open+0x1a/0x170 [ 878.047109][T20853] __vmalloc_node_noprof+0xad/0xf0 [ 878.047140][T20853] ? n_tty_open+0x1a/0x170 [ 878.047177][T20853] ? __pfx_n_tty_open+0x10/0x10 [ 878.047214][T20853] n_tty_open+0x1a/0x170 [ 878.047250][T20853] tty_ldisc_open+0xa2/0x120 [ 878.047278][T20853] tty_ldisc_setup+0x40/0xf0 [ 878.047307][T20853] tty_init_dev.part.0+0x1b5/0x470 [ 878.047346][T20853] tty_open+0xa63/0xfa0 [ 878.047384][T20853] ? __pfx_tty_open+0x10/0x10 [ 878.047416][T20853] ? chrdev_open+0x10b/0x6a0 [ 878.047440][T20853] ? chrdev_open+0x10b/0x6a0 [ 878.047469][T20853] ? __pfx_tty_open+0x10/0x10 [ 878.047502][T20853] chrdev_open+0x234/0x6a0 [ 878.047526][T20853] ? __pfx_apparmor_file_open+0x10/0x10 [ 878.047563][T20853] ? __pfx_chrdev_open+0x10/0x10 [ 878.047590][T20853] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 878.047623][T20853] do_dentry_open+0x6d8/0x1660 [ 878.047646][T20853] ? __pfx_chrdev_open+0x10/0x10 [ 878.047679][T20853] vfs_open+0x82/0x3f0 [ 878.047719][T20853] path_openat+0x208c/0x31a0 [ 878.047755][T20853] ? __pfx_path_openat+0x10/0x10 [ 878.047792][T20853] do_file_open+0x20e/0x430 [ 878.047819][T20853] ? __pfx_do_file_open+0x10/0x10 [ 878.047867][T20853] ? alloc_fd+0x476/0x790 [ 878.047894][T20853] ? do_getname+0x191/0x390 [ 878.047927][T20853] do_sys_openat2+0x10d/0x1e0 [ 878.047960][T20853] ? __pfx_do_sys_openat2+0x10/0x10 [ 878.047995][T20853] ? __fget_files+0x21f/0x3d0 [ 878.048024][T20853] __x64_sys_openat+0x12d/0x210 [ 878.048058][T20853] ? __pfx___x64_sys_openat+0x10/0x10 [ 878.048103][T20853] do_syscall_64+0x106/0xf80 [ 878.048133][T20853] ? clear_bhb_loop+0x40/0x90 [ 878.048163][T20853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 878.048190][T20853] RIP: 0033:0x7fb87cb9c799 [ 878.048210][T20853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 878.048234][T20853] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 878.048258][T20853] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 878.048274][T20853] RDX: 0000000000000102 RSI: 0000200000000800 RDI: ffffffffffffff9c [ 878.048290][T20853] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 878.048305][T20853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 878.048319][T20853] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 878.048351][T20853] [ 878.048448][T20853] Mem-Info: [ 879.800172][T20853] active_anon:8421 inactive_anon:19276 isolated_anon:0 [ 879.800172][T20853] active_file:19999 inactive_file:39098 isolated_file:0 [ 879.800172][T20853] unevictable:768 dirty:227 writeback:0 [ 879.800172][T20853] slab_reclaimable:12793 slab_unreclaimable:98100 [ 879.800172][T20853] mapped:24174 shmem:18149 pagetables:1416 [ 879.800172][T20853] sec_pagetables:0 bounce:0 [ 879.800172][T20853] kernel_misc_reclaimable:0 [ 879.800172][T20853] free:1293731 free_pcp:9896 free_cma:0 [ 880.037438][T20853] Node 0 active_anon:33684kB inactive_anon:72632kB active_file:79988kB inactive_file:156204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96696kB dirty:908kB writeback:0kB shmem:71060kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11040kB pagetables:5544kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 880.208357][T20853] Node 1 active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:120kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 880.587887][T20853] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 880.831528][T20853] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 880.859304][T20853] Node 0 DMA32 free:1217664kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33664kB inactive_anon:72840kB active_file:79988kB inactive_file:156204kB unevictable:1536kB writepending:968kB zspages:1508kB present:3129332kB managed:2537420kB mlocked:0kB bounce:0kB free_pcp:43036kB local_pcp:43036kB free_cma:0kB [ 881.108756][T20853] lowmem_reserve[]: 0 0 1 1 1 [ 881.138345][T20853] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 881.330039][T20853] lowmem_reserve[]: 0 0 0 0 0 [ 881.360901][T20853] Node 1 Normal free:3946276kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:188kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:2052kB local_pcp:2052kB free_cma:0kB [ 881.565256][T20853] lowmem_reserve[]: 0 0 0 0 0 [ 881.600240][T20853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 881.690022][T20853] Node 0 DMA32: 6971*4kB (UME) 4366*8kB (UME) 2762*16kB (UME) 1144*32kB (UME) 608*64kB (UME) 314*128kB (ME) 144*256kB (UM) 128*512kB (UM) 107*1024kB (UME) 11*2048kB (UM) 186*4096kB (UM) = 1219068kB [ 881.819024][T20853] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 881.892568][T20853] Node 1 Normal: 1*4kB (M) 4*8kB (UM) 8*16kB (UM) 8*32kB (UM) 6*64kB (UM) 2*128kB (UM) 3*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 960*4096kB (M) = 3946276kB [ 882.004657][T20853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 882.118433][T20853] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=1 hugepages_size=2048kB [ 882.172463][T20853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 882.248508][T20853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 882.326111][T20853] 77349 total pagecache pages [ 882.365769][T20853] 40 pages in swap cache [ 882.410220][T20853] Free swap = 124180kB [ 882.424989][T20853] Total swap = 124996kB [ 882.478645][T20853] 2097051 pages RAM [ 882.496949][T20853] 0 pages HighMem/MovableOnly [ 882.532326][T20853] 430816 pages reserved [ 882.564869][T20853] 0 pages cma reserved [ 882.598952][T20853] tty tty1: ldisc open failed (-12), clearing slot 0 [ 882.951492][T17796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 882.970568][T17796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 882.982211][T17796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 882.990488][T17796] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 882.998505][T17796] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 884.697599][T20883] chnl_net:caif_netlink_parms(): no params data found [ 884.739313][T20911] vivid-007: ================= START STATUS ================= [ 884.802625][T20911] vivid-007: Generate PTS: true [ 884.843590][T20911] vivid-007: Generate SCR: true [ 884.905082][T20911] tpg source WxH: 320x240 (Y'CbCr) [ 884.943097][T20911] tpg field: 1 [ 884.981270][T20911] tpg crop: (0,0)/320x240 [ 884.985659][T20911] tpg compose: (0,0)/320x240 [ 885.040776][T17796] Bluetooth: hci4: command tx timeout [ 885.091770][T20911] tpg colorspace: 8 [ 885.131790][T20911] tpg transfer function: 0/0 [ 885.160381][T20911] tpg Y'CbCr encoding: 0/0 [ 885.176353][T20911] tpg quantization: 0/0 [ 885.207524][T20911] tpg RGB range: 0/2 [ 885.239712][T20911] vivid-007: ================== END STATUS ================== [ 885.265093][T20925] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5482'. [ 885.367464][T20883] bridge0: port 1(bridge_slave_0) entered blocking state [ 885.431518][T20883] bridge0: port 1(bridge_slave_0) entered disabled state [ 885.438817][T20883] bridge_slave_0: entered allmulticast mode [ 885.511136][T20883] bridge_slave_0: entered promiscuous mode [ 885.572900][T20925] ipvlan0: entered promiscuous mode [ 885.586033][T20925] ipvlan0: entered allmulticast mode [ 885.625895][T20883] bridge0: port 2(bridge_slave_1) entered blocking state [ 885.677684][T20883] bridge0: port 2(bridge_slave_1) entered disabled state [ 885.724897][T20883] bridge_slave_1: entered allmulticast mode [ 885.786644][T20883] bridge_slave_1: entered promiscuous mode [ 886.078432][T20883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 886.083321][T20934] Console: switching to colour VGA+ 80x25 [ 886.099725][T20883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 886.282318][T20883] team0: Port device team_slave_0 added [ 886.412421][T20883] team0: Port device team_slave_1 added [ 886.630914][T20883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 886.638014][T20883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 886.845925][T20883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 886.936711][T20883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 886.944660][T20944] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 886.979480][T20944] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 887.010796][T20883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 887.038883][T20944] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 887.074414][T20944] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 887.131114][T20944] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 887.206527][T20883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 887.245871][T20944] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 887.610326][T20883] hsr_slave_0: entered promiscuous mode [ 887.662477][T20883] hsr_slave_1: entered promiscuous mode [ 887.668765][T20883] debugfs: 'hsr0' already exists in 'hsr' [ 887.743134][T20953] FAULT_INJECTION: forcing a failure. [ 887.743134][T20953] name failslab, interval 1, probability 0, space 0, times 0 [ 887.764031][T20883] Cannot create hsr debugfs directory [ 887.828942][T20953] CPU: 0 UID: 0 PID: 20953 Comm: syz.3.5494 Tainted: G U L syzkaller #0 PREEMPT(full) [ 887.828986][T20953] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 887.828995][T20953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 887.829011][T20953] Call Trace: [ 887.829019][T20953] [ 887.829029][T20953] dump_stack_lvl+0x100/0x190 [ 887.829073][T20953] should_fail_ex.cold+0x5/0xa [ 887.829102][T20953] should_failslab+0xc2/0x120 [ 887.829127][T20953] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 887.829166][T20953] ? shmem_alloc_inode+0x25/0x50 [ 887.829196][T20953] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 887.829226][T20953] shmem_alloc_inode+0x25/0x50 [ 887.829252][T20953] alloc_inode+0x68/0x250 [ 887.829285][T20953] new_inode+0x22/0x1c0 [ 887.829315][T20953] ? trace_kmem_cache_alloc+0xf3/0x120 [ 887.829344][T20953] shmem_get_inode+0x212/0x1040 [ 887.829381][T20953] ? __pfx_shmem_get_inode+0x10/0x10 [ 887.829413][T20953] ? rcu_is_watching+0x12/0xc0 [ 887.829449][T20953] ? percpu_counter_add_batch+0xb9/0x230 [ 887.829502][T20953] __shmem_file_setup+0x3ac/0x490 [ 887.829537][T20953] ? __pfx___shmem_file_setup+0x10/0x10 [ 887.829576][T20953] ? vm_area_alloc+0x1f/0x160 [ 887.829614][T20953] shmem_zero_setup+0x96/0x1b0 [ 887.829656][T20953] __mmap_region+0x2198/0x29e0 [ 887.829703][T20953] ? __pfx___mmap_region+0x10/0x10 [ 887.829789][T20953] ? lockdep_hardirqs_on+0x78/0x100 [ 887.829821][T20953] ? finish_task_switch.isra.0+0x205/0xb80 [ 887.829849][T20953] ? rcu_is_watching+0x12/0xc0 [ 887.829923][T20953] ? rcu_is_watching+0x12/0xc0 [ 887.829966][T20953] ? cap_capable+0x107/0x460 [ 887.830006][T20953] mmap_region+0x180/0x3e0 [ 887.830049][T20953] do_mmap+0xc63/0x12f0 [ 887.830082][T20953] ? __pfx_do_mmap+0x10/0x10 [ 887.830109][T20953] ? __pfx_down_write_killable+0x10/0x10 [ 887.830152][T20953] vm_mmap_pgoff+0x29e/0x470 [ 887.830185][T20953] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 887.830215][T20953] ? do_futex+0x192/0x350 [ 887.830248][T20953] ? __pfx_do_futex+0x10/0x10 [ 887.830286][T20953] ksys_mmap_pgoff+0xe1/0x650 [ 887.830312][T20953] ? __x64_sys_futex+0x34f/0x4d0 [ 887.830343][T20953] ? __x64_sys_futex+0x358/0x4d0 [ 887.830376][T20953] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 887.830402][T20953] ? xfd_validate_state+0x129/0x190 [ 887.830444][T20953] __x64_sys_mmap+0x125/0x190 [ 887.830485][T20953] do_syscall_64+0x106/0xf80 [ 887.830514][T20953] ? clear_bhb_loop+0x40/0x90 [ 887.830545][T20953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.830571][T20953] RIP: 0033:0x7fb87cb9c799 [ 887.830592][T20953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 887.830616][T20953] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 887.830639][T20953] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 887.830656][T20953] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 887.830671][T20953] RBP: 00007fb87cc32bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 887.830692][T20953] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 887.830707][T20953] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 887.830738][T20953] [ 888.365874][T20883] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 888.599610][T20956] zswap: compressor not available [ 888.689895][T20883] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 888.705843][T20883] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 888.744289][T20883] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 889.032564][T17796] Bluetooth: hci0: command 0x0c1a tx timeout [ 889.038710][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 889.112265][T17796] Bluetooth: hci4: command 0x040f tx timeout [ 889.118335][T17796] Bluetooth: hci1: command 0x0c1a tx timeout [ 889.287103][T20883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 889.438463][T20883] 8021q: adding VLAN 0 to HW filter on device team0 [ 889.579958][ T1112] bridge0: port 1(bridge_slave_0) entered blocking state [ 889.587187][ T1112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 889.692917][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state [ 889.700077][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 889.930203][T20883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 890.032762][T20883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 891.038791][T20883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 891.193136][T17796] Bluetooth: hci4: command 0x040f tx timeout [ 892.505981][T20883] veth0_vlan: entered promiscuous mode [ 892.597346][T20883] veth1_vlan: entered promiscuous mode [ 892.752368][T20883] veth0_macvtap: entered promiscuous mode [ 892.866949][T20883] veth1_macvtap: entered promiscuous mode [ 892.992661][T20883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 893.061489][T20883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 893.198859][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.274530][T17796] Bluetooth: hci4: command 0x040f tx timeout [ 893.291030][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.393803][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.450975][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.605617][T21044] FAULT_INJECTION: forcing a failure. [ 893.605617][T21044] name failslab, interval 1, probability 0, space 0, times 0 [ 893.743336][T21044] CPU: 0 UID: 0 PID: 21044 Comm: syz.3.5522 Tainted: G U L syzkaller #0 PREEMPT(full) [ 893.743379][T21044] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 893.743389][T21044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 893.743404][T21044] Call Trace: [ 893.743412][T21044] [ 893.743421][T21044] dump_stack_lvl+0x100/0x190 [ 893.743466][T21044] should_fail_ex.cold+0x5/0xa [ 893.743495][T21044] should_failslab+0xc2/0x120 [ 893.743521][T21044] __kmalloc_cache_noprof+0x7a/0x6f0 [ 893.743554][T21044] ? tipc_conn_alloc+0x48/0x590 [ 893.743683][T21044] ? net_generic+0xea/0x2a0 [ 893.743705][T21044] ? net_generic+0xea/0x2a0 [ 893.743733][T21044] tipc_conn_alloc+0x48/0x590 [ 893.743760][T21044] tipc_topsrv_kern_subscr+0x11c/0x3c0 [ 893.743791][T21044] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 893.743823][T21044] ? net_generic+0xea/0x2a0 [ 893.743856][T21044] tipc_group_create+0x4ab/0x660 [ 893.743888][T21044] tipc_setsockopt+0x611/0xe30 [ 893.743926][T21044] ? __pfx_tipc_setsockopt+0x10/0x10 [ 893.743981][T21044] ? __pfx_tipc_setsockopt+0x10/0x10 [ 893.744019][T21044] do_sock_setsockopt+0xf3/0x1d0 [ 893.744064][T21044] __sys_setsockopt+0x119/0x190 [ 893.744104][T21044] __x64_sys_setsockopt+0xbd/0x160 [ 893.744133][T21044] ? do_syscall_64+0x95/0xf80 [ 893.744163][T21044] ? lockdep_hardirqs_on+0x78/0x100 [ 893.744192][T21044] do_syscall_64+0x106/0xf80 [ 893.744221][T21044] ? clear_bhb_loop+0x40/0x90 [ 893.744252][T21044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.744277][T21044] RIP: 0033:0x7fb87cb9c799 [ 893.744297][T21044] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 893.744321][T21044] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 893.744345][T21044] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 893.744362][T21044] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 893.744376][T21044] RBP: 00007fb87cc32bd9 R08: 0000000000000014 R09: 0000000000000000 [ 893.744392][T21044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 893.744407][T21044] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 893.744440][T21044] [ 894.130911][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 894.138862][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 894.146445][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 894.154268][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 894.631258][T20883] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 894.740404][T21056] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5526'. [ 895.358522][T17796] Bluetooth: hci4: command 0x040f tx timeout [ 897.318671][T21096] random: crng reseeded on system resumption [ 897.439182][T17796] Bluetooth: hci4: command 0x040f tx timeout [ 897.603835][T21103] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5541'. [ 898.038484][T21107] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5542'. [ 899.478394][T21128] binder: 21126:21128 ioctl c0306201 2000000000c0 returned -14 [ 900.950391][T21150] mkiss: ax0: crc mode is auto. [ 905.371896][T21188] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5570'. [ 909.785073][T21250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5592'. [ 910.058056][T21255] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5595'. [ 910.138954][T21257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5596'. [ 910.232746][T21257] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5596'. [ 912.441673][T21279] Loading of unsigned module is rejected [ 919.083365][T21367] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 919.276813][T21372] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5638'. [ 919.351100][T21372] netlink: 306 bytes leftover after parsing attributes in process `syz.1.5638'. [ 920.512567][T21397] serio: Serial port pty6 [ 920.619738][T21400] ERROR: Out of memory at tomoyo_memory_ok. [ 922.664400][T21434] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5660'. [ 922.748199][T21436] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5660'. [ 923.873813][T21446] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5665'. [ 923.958311][T21446] gretap0: refused to change device tx_queue_len [ 926.651997][T21470] FAULT_INJECTION: forcing a failure. [ 926.651997][T21470] name fail_futex, interval 1, probability 0, space 0, times 0 [ 926.725135][T21477] mkiss: ax0: crc mode is auto. [ 926.921310][T21470] CPU: 0 UID: 0 PID: 21470 Comm: syz.2.5672 Tainted: G U L syzkaller #0 PREEMPT(full) [ 926.921353][T21470] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 926.921362][T21470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 926.921376][T21470] Call Trace: [ 926.921383][T21470] [ 926.921394][T21470] dump_stack_lvl+0x100/0x190 [ 926.921437][T21470] should_fail_ex.cold+0x5/0xa [ 926.921466][T21470] get_futex_key+0x107c/0x1620 [ 926.921499][T21470] ? __pfx_get_futex_key+0x10/0x10 [ 926.921526][T21470] ? lock_acquire+0x1cf/0x380 [ 926.921566][T21470] futex_wake+0xea/0x530 [ 926.921604][T21470] ? __pfx_futex_wake+0x10/0x10 [ 926.921640][T21470] ? exit_mm_release+0x19/0x30 [ 926.921677][T21470] do_futex+0x32b/0x350 [ 926.921708][T21470] ? __pfx_do_futex+0x10/0x10 [ 926.921737][T21470] ? __might_fault+0xc5/0x140 [ 926.921779][T21470] mm_release+0x24a/0x2f0 [ 926.921802][T21470] do_exit+0x704/0x2b60 [ 926.921837][T21470] ? __pfx_do_exit+0x10/0x10 [ 926.921867][T21470] ? do_raw_spin_lock+0x128/0x260 [ 926.921902][T21470] ? find_held_lock+0x2b/0x80 [ 926.921923][T21470] ? get_signal+0x7e0/0x21e0 [ 926.921950][T21470] do_group_exit+0xd5/0x2a0 [ 926.921984][T21470] get_signal+0x1ec7/0x21e0 [ 926.922019][T21470] ? __pfx_get_signal+0x10/0x10 [ 926.922045][T21470] ? do_futex+0x192/0x350 [ 926.922078][T21470] arch_do_signal_or_restart+0x91/0x770 [ 926.922117][T21470] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 926.922154][T21470] ? __pfx___x64_sys_futex+0x10/0x10 [ 926.922190][T21470] exit_to_user_mode_loop+0x86/0x4a0 [ 926.922224][T21470] do_syscall_64+0x668/0xf80 [ 926.922254][T21470] ? clear_bhb_loop+0x40/0x90 [ 926.922284][T21470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.922308][T21470] RIP: 0033:0x7efbfe99c799 [ 926.922330][T21470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 926.922353][T21470] RSP: 002b:00007efbfcbcd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 926.922376][T21470] RAX: fffffffffffffe00 RBX: 00007efbfec16098 RCX: 00007efbfe99c799 [ 926.922392][T21470] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efbfec16098 [ 926.922407][T21470] RBP: 00007efbfec16090 R08: 0000000000000000 R09: 0000000000000000 [ 926.922421][T21470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 926.922435][T21470] R13: 00007efbfec16128 R14: 00007ffe7817e980 R15: 00007ffe7817ea68 [ 926.922465][T21470] [ 927.885485][T21482] Loading of unsigned module is rejected [ 928.202828][T21490] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5680'. [ 928.725500][T21490] netlink: 306 bytes leftover after parsing attributes in process `syz.1.5680'. [ 930.497820][T21500] ERROR: Out of memory at tomoyo_memory_ok. [ 931.335216][T21512] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5688'. [ 931.674585][T21512] team0 (unregistering): Port device team_slave_0 removed [ 931.818297][T21512] team0 (unregistering): Port device team_slave_1 removed [ 931.858319][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.864810][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.792200][T21525] mkiss: ax0: crc mode is auto. [ 936.533748][T21565] FAULT_INJECTION: forcing a failure. [ 936.533748][T21565] name failslab, interval 1, probability 0, space 0, times 0 [ 936.738174][T21565] CPU: 0 UID: 0 PID: 21565 Comm: syz.2.5706 Tainted: G U L syzkaller #0 PREEMPT(full) [ 936.738217][T21565] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 936.738227][T21565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 936.738242][T21565] Call Trace: [ 936.738250][T21565] [ 936.738259][T21565] dump_stack_lvl+0x100/0x190 [ 936.738303][T21565] should_fail_ex.cold+0x5/0xa [ 936.738332][T21565] ? sk_prot_alloc+0x10b/0x2a0 [ 936.738369][T21565] should_failslab+0xc2/0x120 [ 936.738396][T21565] __kmalloc_noprof+0xe0/0x850 [ 936.738434][T21565] ? lockdep_init_map_type+0x5c/0x250 [ 936.738472][T21565] sk_prot_alloc+0x10b/0x2a0 [ 936.738510][T21565] sk_alloc+0x36/0xe80 [ 936.738538][T21565] pppoe_create+0x32/0x360 [ 936.738662][T21565] pppox_create+0x15c/0x2c0 [ 936.738723][T21565] __sock_create+0x339/0x860 [ 936.738767][T21565] __sys_socket+0x14d/0x260 [ 936.738790][T21565] ? __pfx___sys_socket+0x10/0x10 [ 936.738839][T21565] __x64_sys_socket+0x72/0xb0 [ 936.738860][T21565] ? lockdep_hardirqs_on+0x78/0x100 [ 936.738891][T21565] do_syscall_64+0x106/0xf80 [ 936.738920][T21565] ? clear_bhb_loop+0x40/0x90 [ 936.738950][T21565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.738977][T21565] RIP: 0033:0x7efbfe99c799 [ 936.738998][T21565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 936.739024][T21565] RSP: 002b:00007efbfcbee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 936.739047][T21565] RAX: ffffffffffffffda RBX: 00007efbfec15fa0 RCX: 00007efbfe99c799 [ 936.739064][T21565] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018 [ 936.739079][T21565] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 936.739102][T21565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.739117][T21565] R13: 00007efbfec16038 R14: 00007efbfec15fa0 R15: 00007ffe7817ea68 [ 936.739148][T21565] [ 937.941691][T21569] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5707'. [ 938.139438][T21578] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5707'. [ 942.317644][T21621] FAULT_INJECTION: forcing a failure. [ 942.317644][T21621] name failslab, interval 1, probability 0, space 0, times 0 [ 942.528895][T21621] CPU: 0 UID: 0 PID: 21621 Comm: syz.4.5724 Tainted: G U L syzkaller #0 PREEMPT(full) [ 942.528938][T21621] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 942.528948][T21621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 942.528963][T21621] Call Trace: [ 942.528972][T21621] [ 942.528982][T21621] dump_stack_lvl+0x100/0x190 [ 942.529025][T21621] should_fail_ex.cold+0x5/0xa [ 942.529055][T21621] ? __alloc_empty_sheaf+0x35/0x50 [ 942.529088][T21621] should_failslab+0xc2/0x120 [ 942.529113][T21621] __kmalloc_noprof+0xe0/0x850 [ 942.529160][T21621] ? __pcs_replace_empty_main+0x134/0x600 [ 942.529199][T21621] ? __pcs_replace_empty_main+0x134/0x600 [ 942.529258][T21621] __alloc_empty_sheaf+0x35/0x50 [ 942.529291][T21621] __pcs_replace_empty_main+0x404/0x600 [ 942.529334][T21621] kmem_cache_alloc_noprof+0x480/0x6e0 [ 942.529371][T21621] ? acpi_ut_create_generic_state+0x61/0xc0 [ 942.529550][T21621] ? __pfx_acpi_ut_trace+0x10/0x10 [ 942.529579][T21621] acpi_ut_create_generic_state+0x61/0xc0 [ 942.529620][T21621] acpi_ps_init_scope+0x3a/0x240 [ 942.529665][T21621] acpi_ds_init_aml_walk+0x1f6/0x680 [ 942.529745][T21621] acpi_ps_execute_method+0x39d/0xe90 [ 942.529781][T21621] acpi_ns_evaluate+0x640/0x1670 [ 942.529835][T21621] acpi_evaluate_object+0x420/0xe00 [ 942.529875][T21621] ? kasan_save_stack+0x30/0x50 [ 942.529914][T21621] ? kasan_save_track+0x14/0x30 [ 942.529958][T21621] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 942.530006][T21621] acpi_evaluate_integer+0xdf/0x220 [ 942.530083][T21621] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 942.530135][T21621] ? __pfx_status_show+0x10/0x10 [ 942.530172][T21621] status_show+0xa0/0x120 [ 942.530209][T21621] ? __pfx_status_show+0x10/0x10 [ 942.530255][T21621] dev_attr_show+0x52/0xa0 [ 942.530311][T21621] ? __pfx_dev_attr_show+0x10/0x10 [ 942.530334][T21621] sysfs_kf_seq_show+0x217/0x3a0 [ 942.530374][T21621] seq_read_iter+0x32f/0x1270 [ 942.530437][T21621] kernfs_fop_read_iter+0x46c/0x610 [ 942.530466][T21621] ? rw_verify_area+0xce/0x6d0 [ 942.530509][T21621] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 942.530539][T21621] vfs_read+0x825/0xb30 [ 942.530583][T21621] ? __pfx_vfs_read+0x10/0x10 [ 942.530641][T21621] ksys_read+0x12a/0x250 [ 942.530680][T21621] ? __pfx_ksys_read+0x10/0x10 [ 942.530728][T21621] do_syscall_64+0x106/0xf80 [ 942.530759][T21621] ? clear_bhb_loop+0x40/0x90 [ 942.530790][T21621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.530816][T21621] RIP: 0033:0x7f5e1e39c799 [ 942.530838][T21621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 942.530863][T21621] RSP: 002b:00007f5e1f2e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 942.530887][T21621] RAX: ffffffffffffffda RBX: 00007f5e1e615fa0 RCX: 00007f5e1e39c799 [ 942.530903][T21621] RDX: 000000000000007a RSI: 0000200000000240 RDI: 0000000000000004 [ 942.530919][T21621] RBP: 00007f5e1e432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 942.530934][T21621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.530949][T21621] R13: 00007f5e1e616038 R14: 00007f5e1e615fa0 R15: 00007ffd1daa7c98 [ 942.530981][T21621] [ 943.499772][T21627] sp0: Synchronizing with TNC [ 943.757167][T21634] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5729'. [ 945.060043][T21643] zswap: compressor not available [ 945.149112][T21653] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5733'. [ 946.902003][T17796] Bluetooth: hci4: unexpected event 0x20 length: 123 > 7 [ 949.138462][T21684] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5744'. [ 949.184316][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802aaf1c00: rx timeout, send abort [ 949.207707][ T5177] ERROR: Out of memory at tomoyo_memory_ok. [ 949.694540][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802aaf1c00: abort rx timeout. Force session deactivation [ 949.727304][T21692] netlink: 306 bytes leftover after parsing attributes in process `syz.4.5746'. [ 950.731542][T21707] ubi0: attaching mtd0 [ 950.857732][T21707] ubi0: scanning is finished [ 950.862444][T21707] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 951.604209][T21707] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 955.622954][T21763] netlink: 266 bytes leftover after parsing attributes in process `syz.3.5770'. [ 955.688040][T21763] IPv6: NLM_F_CREATE should be specified when creating new route [ 957.214664][T21781] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5776'. [ 957.762126][T21791] openvswitch: netlink: IP tunnel dst address not specified [ 958.040525][T21793] mkiss: ax0: crc mode is auto. [ 960.639489][T21828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5793'. [ 960.713697][T21828] netlink: 354 bytes leftover after parsing attributes in process `syz.1.5793'. [ 960.834854][T21831] netlink: 'syz.2.5794': attribute type 7 has an invalid length. [ 960.935769][T21831] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5794'. [ 962.612626][T17796] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 962.952860][T21855] FAULT_INJECTION: forcing a failure. [ 962.952860][T21855] name failslab, interval 1, probability 0, space 0, times 0 [ 963.060580][T21855] CPU: 0 UID: 0 PID: 21855 Comm: syz.4.5801 Tainted: G U L syzkaller #0 PREEMPT(full) [ 963.060623][T21855] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 963.060633][T21855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 963.060647][T21855] Call Trace: [ 963.060656][T21855] [ 963.060665][T21855] dump_stack_lvl+0x100/0x190 [ 963.060708][T21855] should_fail_ex.cold+0x5/0xa [ 963.060736][T21855] ? acpi_ns_get_normalized_pathname+0x95/0x250 [ 963.060768][T21855] should_failslab+0xc2/0x120 [ 963.060794][T21855] __kmalloc_noprof+0xe0/0x850 [ 963.060839][T21855] acpi_ns_get_normalized_pathname+0x95/0x250 [ 963.060874][T21855] acpi_ds_call_control_method+0x5d4/0xab0 [ 963.060915][T21855] acpi_ps_parse_aml+0xacd/0x1120 [ 963.060945][T21855] acpi_ps_execute_method+0x5c4/0xe90 [ 963.060978][T21855] acpi_ns_evaluate+0x640/0x1670 [ 963.061013][T21855] acpi_evaluate_object+0x420/0xe00 [ 963.061049][T21855] ? kasan_save_stack+0x30/0x50 [ 963.061113][T21855] ? kasan_save_track+0x14/0x30 [ 963.061157][T21855] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 963.061208][T21855] acpi_evaluate_integer+0xdf/0x220 [ 963.061241][T21855] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 963.061286][T21855] ? __pfx_status_show+0x10/0x10 [ 963.061323][T21855] status_show+0xa0/0x120 [ 963.061359][T21855] ? __pfx_status_show+0x10/0x10 [ 963.061404][T21855] dev_attr_show+0x52/0xa0 [ 963.061430][T21855] ? __pfx_dev_attr_show+0x10/0x10 [ 963.061453][T21855] sysfs_kf_seq_show+0x217/0x3a0 [ 963.061491][T21855] seq_read_iter+0x32f/0x1270 [ 963.061543][T21855] kernfs_fop_read_iter+0x46c/0x610 [ 963.061572][T21855] ? rw_verify_area+0xce/0x6d0 [ 963.061607][T21855] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 963.061637][T21855] vfs_read+0x825/0xb30 [ 963.061680][T21855] ? __pfx_vfs_read+0x10/0x10 [ 963.061739][T21855] ksys_read+0x12a/0x250 [ 963.061778][T21855] ? __pfx_ksys_read+0x10/0x10 [ 963.061828][T21855] do_syscall_64+0x106/0xf80 [ 963.061858][T21855] ? clear_bhb_loop+0x40/0x90 [ 963.061889][T21855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 963.061915][T21855] RIP: 0033:0x7f5e1e39c799 [ 963.061936][T21855] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 963.061961][T21855] RSP: 002b:00007f5e1f2e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 963.061984][T21855] RAX: ffffffffffffffda RBX: 00007f5e1e615fa0 RCX: 00007f5e1e39c799 [ 963.062000][T21855] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000005 [ 963.062015][T21855] RBP: 00007f5e1e432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 963.062030][T21855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 963.062045][T21855] R13: 00007f5e1e616038 R14: 00007f5e1e615fa0 R15: 00007ffd1daa7c98 [ 963.062084][T21855] [ 963.631332][T21855] ACPI Error: Could not allocate 10 bytes (20251212/nsnames-308) [ 964.285850][T21868] netlink: 244 bytes leftover after parsing attributes in process `syz.2.5804'. [ 965.466776][T21879] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5807'. [ 965.540616][T21879] veth1_vlan: entered allmulticast mode [ 965.758439][T21882] FAULT_INJECTION: forcing a failure. [ 965.758439][T21882] name fail_futex, interval 1, probability 0, space 0, times 0 [ 965.844827][T21882] CPU: 0 UID: 0 PID: 21882 Comm: syz.4.5808 Tainted: G U L syzkaller #0 PREEMPT(full) [ 965.844871][T21882] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 965.844880][T21882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 965.844896][T21882] Call Trace: [ 965.844904][T21882] [ 965.844912][T21882] dump_stack_lvl+0x100/0x190 [ 965.844956][T21882] should_fail_ex.cold+0x5/0xa [ 965.844986][T21882] get_futex_key+0x1d2/0x1620 [ 965.845019][T21882] ? __pfx_get_futex_key+0x10/0x10 [ 965.845059][T21882] futex_wake+0xea/0x530 [ 965.845099][T21882] ? __pfx_futex_wake+0x10/0x10 [ 965.845143][T21882] ? proc_id_connector+0x2ed/0x650 [ 965.845243][T21882] do_futex+0x32b/0x350 [ 965.845276][T21882] ? __pfx_do_futex+0x10/0x10 [ 965.845308][T21882] ? find_held_lock+0x2b/0x80 [ 965.845337][T21882] __x64_sys_futex+0x34f/0x4d0 [ 965.845374][T21882] ? __pfx___x64_sys_futex+0x10/0x10 [ 965.845418][T21882] do_syscall_64+0x106/0xf80 [ 965.845448][T21882] ? clear_bhb_loop+0x40/0x90 [ 965.845479][T21882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.845504][T21882] RIP: 0033:0x7f5e1e39c799 [ 965.845524][T21882] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 965.845548][T21882] RSP: 002b:00007f5e1f2e10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 965.845571][T21882] RAX: ffffffffffffffda RBX: 00007f5e1e615fa8 RCX: 00007f5e1e39c799 [ 965.845588][T21882] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5e1e615fac [ 965.845603][T21882] RBP: 00007f5e1e615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 965.845618][T21882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 965.845632][T21882] R13: 00007f5e1e616038 R14: 00007ffd1daa7bb0 R15: 00007ffd1daa7c98 [ 965.845664][T21882] [ 966.182958][T21874] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5806'. [ 966.192703][T21874] unsupported nla_type 65535 [ 966.450936][T21888] FAULT_INJECTION: forcing a failure. [ 966.450936][T21888] name failslab, interval 1, probability 0, space 0, times 0 [ 966.521326][T21888] CPU: 0 UID: 0 PID: 21888 Comm: syz.4.5809 Tainted: G U L syzkaller #0 PREEMPT(full) [ 966.521369][T21888] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 966.521378][T21888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 966.521394][T21888] Call Trace: [ 966.521401][T21888] [ 966.521412][T21888] dump_stack_lvl+0x100/0x190 [ 966.521457][T21888] should_fail_ex.cold+0x5/0xa [ 966.521487][T21888] should_failslab+0xc2/0x120 [ 966.521514][T21888] __kmalloc_cache_noprof+0x7a/0x6f0 [ 966.521556][T21888] ? alloc_super+0x52/0xd20 [ 966.521600][T21888] alloc_super+0x52/0xd20 [ 966.521640][T21888] ? __pfx_mqueue_fill_super+0x10/0x10 [ 966.521677][T21888] sget_fc+0x117/0xc70 [ 966.521714][T21888] ? __pfx_set_anon_super_fc+0x10/0x10 [ 966.521752][T21888] ? __pfx_mqueue_fill_super+0x10/0x10 [ 966.521785][T21888] get_tree_nodev+0x28/0x190 [ 966.521826][T21888] mqueue_get_tree+0xf1/0x130 [ 966.521860][T21888] vfs_get_tree+0x92/0x320 [ 966.521895][T21888] fc_mount_longterm+0x1a/0x270 [ 966.521934][T21888] mq_init_ns+0x482/0x820 [ 966.521974][T21888] copy_ipcs+0x3dd/0x7e0 [ 966.522015][T21888] create_new_namespaces+0x20a/0xac0 [ 966.522043][T21888] ? security_capable+0x80/0x260 [ 966.522082][T21888] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 966.522112][T21888] ksys_unshare+0x473/0xad0 [ 966.522146][T21888] ? __pfx_ksys_unshare+0x10/0x10 [ 966.522188][T21888] __x64_sys_unshare+0x31/0x40 [ 966.522219][T21888] do_syscall_64+0x106/0xf80 [ 966.522250][T21888] ? clear_bhb_loop+0x40/0x90 [ 966.522281][T21888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 966.522308][T21888] RIP: 0033:0x7f5e1e39c799 [ 966.522329][T21888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 966.522354][T21888] RSP: 002b:00007f5e1f2e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 966.522378][T21888] RAX: ffffffffffffffda RBX: 00007f5e1e615fa0 RCX: 00007f5e1e39c799 [ 966.522396][T21888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 966.522412][T21888] RBP: 00007f5e1e432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 966.522427][T21888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 966.522442][T21888] R13: 00007f5e1e616038 R14: 00007f5e1e615fa0 R15: 00007ffd1daa7c98 [ 966.522474][T21888] [ 967.313758][T21887] zswap: compressor not available [ 967.364502][T21893] block2mtd: Using custom MTD label '' for dev [ 967.419652][T21893] block2mtd: error: cannot open device [ 970.291669][T21941] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 970.375545][ T5180] ERROR: Out of memory at tomoyo_memory_ok. [ 972.285252][T21962] FAULT_INJECTION: forcing a failure. [ 972.285252][T21962] name failslab, interval 1, probability 0, space 0, times 0 [ 972.455668][T21962] CPU: 0 UID: 0 PID: 21962 Comm: syz.4.5833 Tainted: G U L syzkaller #0 PREEMPT(full) [ 972.455712][T21962] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 972.455723][T21962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 972.455739][T21962] Call Trace: [ 972.455747][T21962] [ 972.455757][T21962] dump_stack_lvl+0x100/0x190 [ 972.455801][T21962] should_fail_ex.cold+0x5/0xa [ 972.455830][T21962] should_failslab+0xc2/0x120 [ 972.455856][T21962] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 972.455896][T21962] ? alloc_vmap_area+0x186c/0x2bd0 [ 972.455927][T21962] alloc_vmap_area+0x186c/0x2bd0 [ 972.455965][T21962] ? __pfx_alloc_vmap_area+0x10/0x10 [ 972.455999][T21962] __get_vm_area_node+0x1ca/0x330 [ 972.456033][T21962] __vmalloc_node_range_noprof+0x213/0x1530 [ 972.456066][T21962] ? kernel_clone+0xfc/0x9a0 [ 972.456101][T21962] ? kernel_clone+0xfc/0x9a0 [ 972.456131][T21962] ? find_held_lock+0x2b/0x80 [ 972.456153][T21962] ? rcu_read_unlock+0x17/0x60 [ 972.456180][T21962] ? rcu_read_unlock+0x17/0x60 [ 972.456207][T21962] ? obj_cgroup_charge_account+0x46d/0x640 [ 972.456237][T21962] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 972.456272][T21962] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 972.456305][T21962] ? rcu_is_watching+0x12/0xc0 [ 972.456343][T21962] ? trace_kmem_cache_alloc+0xf3/0x120 [ 972.456372][T21962] ? kernel_clone+0xfc/0x9a0 [ 972.456399][T21962] __vmalloc_node_noprof+0xad/0xf0 [ 972.456431][T21962] ? kernel_clone+0xfc/0x9a0 [ 972.456462][T21962] copy_process+0x5ec/0x7a10 [ 972.456489][T21962] ? futex_unqueue+0x133/0x2c0 [ 972.456541][T21962] ? __pfx_copy_process+0x10/0x10 [ 972.456578][T21962] ? _copy_from_user+0x59/0xd0 [ 972.456608][T21962] kernel_clone+0xfc/0x9a0 [ 972.456640][T21962] ? __pfx_kernel_clone+0x10/0x10 [ 972.456676][T21962] ? __pfx_futex_wait+0x10/0x10 [ 972.456726][T21962] __do_sys_clone3+0x214/0x290 [ 972.456756][T21962] ? __pfx___do_sys_clone3+0x10/0x10 [ 972.456822][T21962] do_syscall_64+0x106/0xf80 [ 972.456853][T21962] ? clear_bhb_loop+0x40/0x90 [ 972.456884][T21962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.456911][T21962] RIP: 0033:0x7f5e1e39c799 [ 972.456932][T21962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 972.456957][T21962] RSP: 002b:00007f5e1f2e0ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 972.456981][T21962] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f5e1e39c799 [ 972.456998][T21962] RDX: 00007f5e1f2e0f10 RSI: 0000000000000058 RDI: 00007f5e1f2e0f10 [ 972.457014][T21962] RBP: 00007f5e1e432bd9 R08: 0000000000000000 R09: 0000000000000058 [ 972.457030][T21962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 972.457046][T21962] R13: 00007f5e1e616038 R14: 00007f5e1e615fa0 R15: 00007ffd1daa7c98 [ 972.457077][T21962] [ 973.988999][T21975] kvm_intel: kvm [21974]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xfffffffffffffffe [ 974.178566][T21977] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5837'. [ 975.475597][T21988] random: crng reseeded on system resumption [ 975.597489][T21988] Restarting kernel threads ... [ 975.622206][T21988] Done restarting kernel threads. [ 975.771770][T21988] sp0: Synchronizing with TNC [ 976.668456][T22000] netlink: 18 bytes leftover after parsing attributes in process `syz.4.5844'. [ 977.519469][T22015] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5848'. [ 977.795911][T22011] zswap: compressor 000 not available [ 978.058275][T22023] FAULT_INJECTION: forcing a failure. [ 978.058275][T22023] name failslab, interval 1, probability 0, space 0, times 0 [ 978.214820][T22023] CPU: 0 UID: 0 PID: 22023 Comm: syz.2.5851 Tainted: G U L syzkaller #0 PREEMPT(full) [ 978.214865][T22023] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 978.214881][T22023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 978.214897][T22023] Call Trace: [ 978.214906][T22023] [ 978.214916][T22023] dump_stack_lvl+0x100/0x190 [ 978.214961][T22023] should_fail_ex.cold+0x5/0xa [ 978.214991][T22023] should_failslab+0xc2/0x120 [ 978.215017][T22023] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 978.215056][T22023] ? dup_fd+0x4d/0xd10 [ 978.215079][T22023] ? do_futex+0x192/0x350 [ 978.215115][T22023] dup_fd+0x4d/0xd10 [ 978.215138][T22023] ? bpf_lsm_capable+0x9/0x10 [ 978.215165][T22023] ? security_capable+0x80/0x260 [ 978.215207][T22023] __x64_sys_close_range+0x405/0x5d0 [ 978.215237][T22023] ? __pfx___x64_sys_close_range+0x10/0x10 [ 978.215273][T22023] do_syscall_64+0x106/0xf80 [ 978.215304][T22023] ? clear_bhb_loop+0x40/0x90 [ 978.215335][T22023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 978.215362][T22023] RIP: 0033:0x7efbfe99c799 [ 978.215383][T22023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 978.215408][T22023] RSP: 002b:00007efbfcbee028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 978.215432][T22023] RAX: ffffffffffffffda RBX: 00007efbfec15fa0 RCX: 00007efbfe99c799 [ 978.215449][T22023] RDX: 0000000000000002 RSI: fffffffffffff001 RDI: 0000000000000000 [ 978.215465][T22023] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 978.215481][T22023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 978.215496][T22023] R13: 00007efbfec16038 R14: 00007efbfec15fa0 R15: 00007ffe7817ea68 [ 978.215528][T22023] [ 978.415466][T22027] mkiss: ax0: crc mode is auto. [ 979.049228][T22033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5855'. [ 980.133634][T22033] netlink: 13 bytes leftover after parsing attributes in process `syz.4.5855'. [ 982.089177][T22057] ERROR: Out of memory at tomoyo_memory_ok. [ 983.559549][T22078] FAULT_INJECTION: forcing a failure. [ 983.559549][T22078] name failslab, interval 1, probability 0, space 0, times 0 [ 983.649474][T22078] CPU: 0 UID: 0 PID: 22078 Comm: syz.3.5869 Tainted: G U L syzkaller #0 PREEMPT(full) [ 983.649520][T22078] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 983.649530][T22078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 983.649546][T22078] Call Trace: [ 983.649555][T22078] [ 983.649565][T22078] dump_stack_lvl+0x100/0x190 [ 983.649610][T22078] should_fail_ex.cold+0x5/0xa [ 983.649640][T22078] should_failslab+0xc2/0x120 [ 983.649666][T22078] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 983.649705][T22078] ? __kernfs_new_node+0xd2/0x960 [ 983.649741][T22078] ? kstrdup+0xb3/0xe0 [ 983.649784][T22078] __kernfs_new_node+0xd2/0x960 [ 983.649824][T22078] ? __pfx___kernfs_new_node+0x10/0x10 [ 983.649869][T22078] ? find_held_lock+0x2b/0x80 [ 983.649891][T22078] ? kernfs_root+0xee/0x2a0 [ 983.649925][T22078] ? kernfs_root+0xee/0x2a0 [ 983.649967][T22078] kernfs_new_node+0x11b/0x1a0 [ 983.650013][T22078] kernfs_create_link+0xcc/0x240 [ 983.650108][T22078] sysfs_do_create_link_sd+0x90/0x140 [ 983.650146][T22078] sysfs_create_link+0x61/0xc0 [ 983.650182][T22078] __add_disk+0x619/0xe40 [ 983.650221][T22078] ? find_held_lock+0x2b/0x80 [ 983.650248][T22078] add_disk_fwnode+0x3d4/0x5c0 [ 983.650290][T22078] zram_add+0x4d2/0x610 [ 983.650394][T22078] ? __pfx_zram_add+0x10/0x10 [ 983.650442][T22078] ? find_held_lock+0x2b/0x80 [ 983.650465][T22078] ? sysfs_file_kobj+0xe4/0x290 [ 983.650502][T22078] ? __pfx_hot_add_show+0x10/0x10 [ 983.650531][T22078] hot_add_show+0x21/0x80 [ 983.650559][T22078] class_attr_show+0x72/0xa0 [ 983.650623][T22078] ? __pfx_class_attr_show+0x10/0x10 [ 983.650663][T22078] sysfs_kf_seq_show+0x217/0x3a0 [ 983.650701][T22078] seq_read_iter+0x32f/0x1270 [ 983.650754][T22078] kernfs_fop_read_iter+0x46c/0x610 [ 983.650783][T22078] ? rw_verify_area+0xce/0x6d0 [ 983.650819][T22078] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 983.650851][T22078] vfs_read+0x825/0xb30 [ 983.650894][T22078] ? __pfx_vfs_read+0x10/0x10 [ 983.650954][T22078] ksys_read+0x12a/0x250 [ 983.650994][T22078] ? __pfx_ksys_read+0x10/0x10 [ 983.651051][T22078] do_syscall_64+0x106/0xf80 [ 983.651083][T22078] ? clear_bhb_loop+0x40/0x90 [ 983.651114][T22078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 983.651142][T22078] RIP: 0033:0x7fb87cb9c799 [ 983.651164][T22078] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 983.651208][T22078] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 983.651232][T22078] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 983.651250][T22078] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 983.651266][T22078] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 983.651283][T22078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 983.651299][T22078] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 983.651333][T22078] [ 984.946163][T22085] netlink: 138 bytes leftover after parsing attributes in process `syz.3.5872'. [ 985.533707][T22091] input: 00 [ 985.533707][T22091] as /devices/virtual/input/input15 [ 985.650562][T22091] FAULT_INJECTION: forcing a failure. [ 985.650562][T22091] name failslab, interval 1, probability 0, space 0, times 0 [ 985.798864][T22095] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5870'. [ 985.841987][T22091] CPU: 0 UID: 0 PID: 22091 Comm: syz.2.5875 Tainted: G U L syzkaller #0 PREEMPT(full) [ 985.842032][T22091] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 985.842043][T22091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 985.842059][T22091] Call Trace: [ 985.842067][T22091] [ 985.842079][T22091] dump_stack_lvl+0x100/0x190 [ 985.842123][T22091] should_fail_ex.cold+0x5/0xa [ 985.842154][T22091] should_failslab+0xc2/0x120 [ 985.842180][T22091] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 985.842219][T22091] ? __kernfs_new_node+0xd2/0x960 [ 985.842261][T22091] __kernfs_new_node+0xd2/0x960 [ 985.842301][T22091] ? __pfx___kernfs_new_node+0x10/0x10 [ 985.842344][T22091] ? find_held_lock+0x2b/0x80 [ 985.842367][T22091] ? kernfs_root+0xee/0x2a0 [ 985.842401][T22091] ? kernfs_root+0xee/0x2a0 [ 985.842443][T22091] kernfs_new_node+0x11b/0x1a0 [ 985.842488][T22091] __kernfs_create_file+0x53/0x350 [ 985.842521][T22091] sysfs_add_file_mode_ns+0x207/0x3c0 [ 985.842563][T22091] sysfs_merge_group+0x194/0x340 [ 985.842601][T22091] ? __pfx_sysfs_merge_group+0x10/0x10 [ 985.842643][T22091] ? __pfx_dev_add_physical_location+0x10/0x10 [ 985.842764][T22091] ? bus_to_subsys+0x114/0x150 [ 985.842797][T22091] dpm_sysfs_add+0x237/0x280 [ 985.842874][T22091] device_add+0x9ef/0x1950 [ 985.842900][T22091] ? __pfx_device_add+0x10/0x10 [ 985.842931][T22091] ? kobject_get+0xbb/0x150 [ 985.842970][T22091] cdev_device_add+0x12b/0x270 [ 985.842997][T22091] evdev_connect+0x3a8/0x4b0 [ 985.843096][T22091] input_attach_handler.isra.0+0x177/0x1e0 [ 985.843154][T22091] input_register_device.cold+0x139/0x375 [ 985.843204][T22091] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 985.843274][T22091] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 985.843311][T22091] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 985.843363][T22091] ? find_held_lock+0x2b/0x80 [ 985.843385][T22091] ? __fget_files+0x215/0x3d0 [ 985.843423][T22091] ? __pfx_uinput_ioctl+0x10/0x10 [ 985.843466][T22091] __x64_sys_ioctl+0x18e/0x210 [ 985.843504][T22091] do_syscall_64+0x106/0xf80 [ 985.843535][T22091] ? clear_bhb_loop+0x40/0x90 [ 985.843566][T22091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 985.843593][T22091] RIP: 0033:0x7efbfe99c799 [ 985.843615][T22091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 985.843640][T22091] RSP: 002b:00007efbfcbee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 985.843670][T22091] RAX: ffffffffffffffda RBX: 00007efbfec15fa0 RCX: 00007efbfe99c799 [ 985.843687][T22091] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 985.843702][T22091] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 985.843718][T22091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 985.843734][T22091] R13: 00007efbfec16038 R14: 00007efbfec15fa0 R15: 00007ffe7817ea68 [ 985.843766][T22091] [ 986.721141][T22091] input: failed to attach handler evdev to device input15, error: -12 [ 988.528257][T22119] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 988.674516][T22114] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5883'. [ 989.297027][T22125] nvme_fabrics: missing parameter 'transport=%s' [ 989.373853][T22125] nvme_fabrics: missing parameter 'nqn=%s' [ 990.595003][T17796] Bluetooth: hci2: unexpected event 0x08 length: 435 > 4 [ 991.583196][T22156] netlink: 252 bytes leftover after parsing attributes in process `syz.4.5895'. [ 991.802732][T22160] netlink: 252 bytes leftover after parsing attributes in process `syz.4.5895'. [ 993.064663][T22177] FAULT_INJECTION: forcing a failure. [ 993.064663][T22177] name failslab, interval 1, probability 0, space 0, times 0 [ 993.134221][T22177] CPU: 0 UID: 0 PID: 22177 Comm: syz.2.5902 Tainted: G U L syzkaller #0 PREEMPT(full) [ 993.134266][T22177] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 993.134276][T22177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 993.134293][T22177] Call Trace: [ 993.134302][T22177] [ 993.134312][T22177] dump_stack_lvl+0x100/0x190 [ 993.134363][T22177] should_fail_ex.cold+0x5/0xa [ 993.134392][T22177] ? lsm_blob_alloc+0x68/0x90 [ 993.134422][T22177] should_failslab+0xc2/0x120 [ 993.134448][T22177] __kmalloc_noprof+0xe0/0x850 [ 993.134486][T22177] ? trace_kmem_cache_alloc+0xf3/0x120 [ 993.134518][T22177] lsm_blob_alloc+0x68/0x90 [ 993.134549][T22177] security_sk_alloc+0x2d/0x290 [ 993.134588][T22177] sk_prot_alloc+0x1d1/0x2a0 [ 993.134628][T22177] sk_alloc+0x36/0xe80 [ 993.134657][T22177] rds_create+0x9e/0x5f0 [ 993.134795][T22177] __sock_create+0x339/0x860 [ 993.134840][T22177] __sys_socket+0x14d/0x260 [ 993.134864][T22177] ? __pfx___sys_socket+0x10/0x10 [ 993.134913][T22177] __x64_sys_socket+0x72/0xb0 [ 993.134935][T22177] ? lockdep_hardirqs_on+0x78/0x100 [ 993.134966][T22177] do_syscall_64+0x106/0xf80 [ 993.134996][T22177] ? clear_bhb_loop+0x40/0x90 [ 993.135027][T22177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.135053][T22177] RIP: 0033:0x7efbfe99c799 [ 993.135074][T22177] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 993.135099][T22177] RSP: 002b:00007efbfcbee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 993.135123][T22177] RAX: ffffffffffffffda RBX: 00007efbfec15fa0 RCX: 00007efbfe99c799 [ 993.135139][T22177] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000015 [ 993.135155][T22177] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 993.135173][T22177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 993.135189][T22177] R13: 00007efbfec16038 R14: 00007efbfec15fa0 R15: 00007ffe7817ea68 [ 993.135220][T22177] [ 993.647038][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.653374][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.584624][T22191] mkiss: ax0: crc mode is auto. [ 999.298376][T22244] FAULT_INJECTION: forcing a failure. [ 999.298376][T22244] name failslab, interval 1, probability 0, space 0, times 0 [ 999.664257][T22244] CPU: 0 UID: 0 PID: 22244 Comm: syz.2.5922 Tainted: G U L syzkaller #0 PREEMPT(full) [ 999.664302][T22244] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 999.664312][T22244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 999.664328][T22244] Call Trace: [ 999.664337][T22244] [ 999.664347][T22244] dump_stack_lvl+0x100/0x190 [ 999.664391][T22244] should_fail_ex.cold+0x5/0xa [ 999.664420][T22244] ? __pfx_serial8250_interrupt+0x10/0x10 [ 999.664552][T22244] should_failslab+0xc2/0x120 [ 999.664578][T22244] ? __pfx_serial8250_interrupt+0x10/0x10 [ 999.664619][T22244] __kmalloc_cache_noprof+0x7a/0x6f0 [ 999.664654][T22244] ? request_threaded_irq+0x15a/0x3e0 [ 999.664686][T22244] ? do_raw_spin_lock+0x128/0x260 [ 999.664727][T22244] ? __pfx_serial8250_interrupt+0x10/0x10 [ 999.664768][T22244] request_threaded_irq+0x15a/0x3e0 [ 999.664804][T22244] univ8250_setup_irq+0x5ba/0x750 [ 999.664845][T22244] ? io_serial_out+0x65/0xb0 [ 999.664870][T22244] ? io_serial_in+0x60/0xb0 [ 999.664899][T22244] serial8250_do_startup+0xac8/0x3260 [ 999.664943][T22244] ? mark_held_locks+0x40/0x70 [ 999.664978][T22244] serial8250_startup+0x62/0x80 [ 999.665016][T22244] uart_startup+0x50f/0x1330 [ 999.665056][T22244] uart_port_activate+0xe8/0x190 [ 999.665090][T22244] ? __pfx_uart_port_activate+0x10/0x10 [ 999.665123][T22244] tty_port_open+0x1de/0x270 [ 999.665169][T22244] ? __pfx_uart_open+0x10/0x10 [ 999.665193][T22244] uart_open+0x41/0x60 [ 999.665218][T22244] tty_open+0x3dd/0xfa0 [ 999.665258][T22244] ? __pfx_tty_open+0x10/0x10 [ 999.665291][T22244] ? chrdev_open+0x10b/0x6a0 [ 999.665316][T22244] ? chrdev_open+0x10b/0x6a0 [ 999.665345][T22244] ? __pfx_tty_open+0x10/0x10 [ 999.665379][T22244] chrdev_open+0x234/0x6a0 [ 999.665404][T22244] ? __pfx_apparmor_file_open+0x10/0x10 [ 999.665443][T22244] ? __pfx_chrdev_open+0x10/0x10 [ 999.665471][T22244] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 999.665505][T22244] do_dentry_open+0x6d8/0x1660 [ 999.665530][T22244] ? __pfx_chrdev_open+0x10/0x10 [ 999.665563][T22244] vfs_open+0x82/0x3f0 [ 999.665598][T22244] path_openat+0x208c/0x31a0 [ 999.665635][T22244] ? __pfx_path_openat+0x10/0x10 [ 999.665672][T22244] do_file_open+0x20e/0x430 [ 999.665700][T22244] ? __pfx_do_file_open+0x10/0x10 [ 999.665748][T22244] ? alloc_fd+0x476/0x790 [ 999.665776][T22244] ? do_getname+0x191/0x390 [ 999.665812][T22244] do_sys_openat2+0x10d/0x1e0 [ 999.665845][T22244] ? __pfx_do_sys_openat2+0x10/0x10 [ 999.665881][T22244] ? __fget_files+0x21f/0x3d0 [ 999.665931][T22244] __x64_sys_openat+0x12d/0x210 [ 999.665966][T22244] ? __pfx___x64_sys_openat+0x10/0x10 [ 999.666011][T22244] do_syscall_64+0x106/0xf80 [ 999.666043][T22244] ? clear_bhb_loop+0x40/0x90 [ 999.666074][T22244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 999.666101][T22244] RIP: 0033:0x7efbfe99c799 [ 999.666123][T22244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 999.666149][T22244] RSP: 002b:00007efbfcbcd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 999.666178][T22244] RAX: ffffffffffffffda RBX: 00007efbfec16090 RCX: 00007efbfe99c799 [ 999.666196][T22244] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 999.666213][T22244] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 999.666229][T22244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 999.666245][T22244] R13: 00007efbfec16128 R14: 00007efbfec16090 R15: 00007ffe7817ea68 [ 999.666278][T22244] [ 1003.313435][T22271] netlink: 'syz.4.5931': attribute type 1 has an invalid length. [ 1003.369078][T22271] netlink: 'syz.4.5931': attribute type 6 has an invalid length. [ 1003.422859][T22273] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5930'. [ 1004.511898][T22282] FAULT_INJECTION: forcing a failure. [ 1004.511898][T22282] name failslab, interval 1, probability 0, space 0, times 0 [ 1004.718653][T22282] CPU: 0 UID: 0 PID: 22282 Comm: syz.4.5934 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1004.718697][T22282] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1004.718714][T22282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1004.718730][T22282] Call Trace: [ 1004.718739][T22282] [ 1004.718749][T22282] dump_stack_lvl+0x100/0x190 [ 1004.718794][T22282] should_fail_ex.cold+0x5/0xa [ 1004.718823][T22282] ? ima_alloc_init_template+0x19d/0x6d0 [ 1004.718863][T22282] should_failslab+0xc2/0x120 [ 1004.718890][T22282] __kmalloc_noprof+0xe0/0x850 [ 1004.718929][T22282] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 1004.718968][T22282] ima_alloc_init_template+0x19d/0x6d0 [ 1004.719009][T22282] ? take_dentry_name_snapshot+0x310/0x7c0 [ 1004.719049][T22282] ima_store_measurement+0x1e3/0x5b0 [ 1004.719092][T22282] ? __pfx_ima_store_measurement+0x10/0x10 [ 1004.719182][T22282] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1004.719222][T22282] process_measurement+0x19cc/0x2350 [ 1004.719267][T22282] ? stack_trace_save+0x8e/0xc0 [ 1004.719293][T22282] ? __pfx_process_measurement+0x10/0x10 [ 1004.719330][T22282] ? __lock_acquire+0x4a5/0x2630 [ 1004.719361][T22282] ? __kasan_slab_alloc+0x89/0x90 [ 1004.719384][T22282] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1004.719422][T22282] ? init_file+0x95/0x480 [ 1004.719450][T22282] ? alloc_empty_file+0x73/0x1c0 [ 1004.719479][T22282] ? alloc_file_pseudo+0x13a/0x230 [ 1004.719509][T22282] ? ksys_mmap_pgoff+0x232/0x650 [ 1004.719536][T22282] ? __x64_sys_mmap+0x125/0x190 [ 1004.719573][T22282] ? do_syscall_64+0x106/0xf80 [ 1004.719631][T22282] ? __pfx_aa_file_perm+0x10/0x10 [ 1004.719671][T22282] ima_file_mmap+0x1c4/0x1f0 [ 1004.719712][T22282] ? __pfx_ima_file_mmap+0x10/0x10 [ 1004.719756][T22282] security_mmap_file+0x278/0x9b0 [ 1004.719784][T22282] vm_mmap_pgoff+0xec/0x470 [ 1004.719817][T22282] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1004.719843][T22282] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1004.719878][T22282] ? hugetlbfs_get_inode+0x36e/0x750 [ 1004.719914][T22282] ksys_mmap_pgoff+0x273/0x650 [ 1004.719942][T22282] ? __x64_sys_futex+0x358/0x4d0 [ 1004.719975][T22282] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1004.720003][T22282] ? xfd_validate_state+0x129/0x190 [ 1004.720045][T22282] __x64_sys_mmap+0x125/0x190 [ 1004.720085][T22282] do_syscall_64+0x106/0xf80 [ 1004.720115][T22282] ? clear_bhb_loop+0x40/0x90 [ 1004.720147][T22282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.720173][T22282] RIP: 0033:0x7f5e1e39c799 [ 1004.720194][T22282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1004.720220][T22282] RSP: 002b:00007f5e1f29f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1004.720244][T22282] RAX: ffffffffffffffda RBX: 00007f5e1e616180 RCX: 00007f5e1e39c799 [ 1004.720262][T22282] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 1004.720278][T22282] RBP: 00007f5e1e432bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 1004.720295][T22282] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 1004.720310][T22282] R13: 00007f5e1e616218 R14: 00007f5e1e616180 R15: 00007ffd1daa7c98 [ 1004.720342][T22282] [ 1007.499920][ T30] audit: type=1804 audit(1772869676.501:20): pid=22282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.5934" name="anon_hugepage" dev="hugetlbfs" ino=375874 res=0 errno=0 [ 1009.270096][T22317] FAULT_INJECTION: forcing a failure. [ 1009.270096][T22317] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.711594][T22317] CPU: 0 UID: 0 PID: 22317 Comm: syz.2.5946 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1009.711638][T22317] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1009.711649][T22317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1009.711665][T22317] Call Trace: [ 1009.711674][T22317] [ 1009.711685][T22317] dump_stack_lvl+0x100/0x190 [ 1009.711730][T22317] should_fail_ex.cold+0x5/0xa [ 1009.711759][T22317] should_failslab+0xc2/0x120 [ 1009.711786][T22317] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1009.711824][T22317] ? __kernfs_new_node+0xd2/0x960 [ 1009.711867][T22317] __kernfs_new_node+0xd2/0x960 [ 1009.711906][T22317] ? __pfx___kernfs_new_node+0x10/0x10 [ 1009.711949][T22317] ? find_held_lock+0x2b/0x80 [ 1009.711973][T22317] ? kernfs_root+0xee/0x2a0 [ 1009.712007][T22317] ? kernfs_root+0xee/0x2a0 [ 1009.712054][T22317] kernfs_new_node+0x11b/0x1a0 [ 1009.712099][T22317] __kernfs_create_file+0x53/0x350 [ 1009.712132][T22317] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1009.712179][T22317] internal_create_group+0x593/0xf40 [ 1009.712225][T22317] ? __pfx_internal_create_group+0x10/0x10 [ 1009.712268][T22317] ? kernfs_create_link+0x1bd/0x240 [ 1009.712303][T22317] internal_create_groups+0x9d/0x150 [ 1009.712343][T22317] device_add+0x71a/0x1950 [ 1009.712370][T22317] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1009.712414][T22317] ? __pfx_device_add+0x10/0x10 [ 1009.712439][T22317] ? lockdep_init_map_type+0x5c/0x250 [ 1009.712473][T22317] ? __init_waitqueue_head+0xca/0x150 [ 1009.712519][T22317] netdev_register_kobject+0x1a9/0x3d0 [ 1009.712562][T22317] register_netdevice+0x12e0/0x2210 [ 1009.712602][T22317] ? __pfx_register_netdevice+0x10/0x10 [ 1009.712649][T22317] ? __pfx_loopback_net_init+0x10/0x10 [ 1009.712691][T22317] register_netdev+0x34/0x50 [ 1009.712724][T22317] loopback_net_init+0x7a/0x170 [ 1009.712764][T22317] ? __pfx_loopback_net_init+0x10/0x10 [ 1009.712802][T22317] ops_init+0x1e2/0x5f0 [ 1009.712838][T22317] setup_net+0x118/0x3a0 [ 1009.712871][T22317] ? __pfx_setup_net+0x10/0x10 [ 1009.712903][T22317] ? lockdep_init_map_type+0x5c/0x250 [ 1009.712938][T22317] ? mutex_init_lockep+0x110/0x150 [ 1009.712977][T22317] copy_net_ns+0x46f/0x7c0 [ 1009.713016][T22317] create_new_namespaces+0x3ea/0xac0 [ 1009.713051][T22317] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1009.713081][T22317] ksys_unshare+0x473/0xad0 [ 1009.713115][T22317] ? __pfx_ksys_unshare+0x10/0x10 [ 1009.713158][T22317] __x64_sys_unshare+0x31/0x40 [ 1009.713196][T22317] do_syscall_64+0x106/0xf80 [ 1009.713228][T22317] ? clear_bhb_loop+0x40/0x90 [ 1009.713259][T22317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.713286][T22317] RIP: 0033:0x7efbfe99c799 [ 1009.713307][T22317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1009.713332][T22317] RSP: 002b:00007efbfcbee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1009.713356][T22317] RAX: ffffffffffffffda RBX: 00007efbfec15fa0 RCX: 00007efbfe99c799 [ 1009.713375][T22317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1009.713393][T22317] RBP: 00007efbfea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1009.713409][T22317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1009.713424][T22317] R13: 00007efbfec16038 R14: 00007efbfec15fa0 R15: 00007ffe7817ea68 [ 1009.713456][T22317] [ 1012.483385][T22342] FAULT_INJECTION: forcing a failure. [ 1012.483385][T22342] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1012.575613][T22342] CPU: 0 UID: 0 PID: 22342 Comm: syz.4.5955 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1012.575657][T22342] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1012.575667][T22342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1012.575683][T22342] Call Trace: [ 1012.575692][T22342] [ 1012.575702][T22342] dump_stack_lvl+0x100/0x190 [ 1012.575746][T22342] should_fail_ex.cold+0x5/0xa [ 1012.575771][T22342] ? prepare_alloc_pages+0x16d/0x5f0 [ 1012.575802][T22342] should_fail_alloc_page+0xeb/0x140 [ 1012.575831][T22342] prepare_alloc_pages+0x1f0/0x5f0 [ 1012.575864][T22342] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1012.575909][T22342] ? try_to_migrate_one+0x142e/0x37f0 [ 1012.575953][T22342] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1012.576005][T22342] ? reacquire_held_locks+0xce/0x1e0 [ 1012.576048][T22342] ? folio_lock_anon_vma_read+0x348/0xe30 [ 1012.576086][T22342] ? folio_lock_anon_vma_read+0x348/0xe30 [ 1012.576124][T22342] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1012.576169][T22342] ? policy_nodemask+0xed/0x4f0 [ 1012.576199][T22342] alloc_pages_mpol+0x1fb/0x550 [ 1012.576227][T22342] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1012.576262][T22342] folio_alloc_mpol_noprof+0x36/0x340 [ 1012.576295][T22342] alloc_migration_target_by_mpol+0x2c1/0x650 [ 1012.576331][T22342] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1012.576366][T22342] ? __pfx___might_resched+0x10/0x10 [ 1012.576404][T22342] ? folio_get_anon_vma+0x16b/0x980 [ 1012.576442][T22342] migrate_pages_batch+0x4f2/0x4530 [ 1012.576475][T22342] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1012.576521][T22342] ? walk_pgd_range+0x1115/0x1eb0 [ 1012.576560][T22342] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1012.576611][T22342] migrate_pages_sync+0x12c/0x880 [ 1012.576642][T22342] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1012.576682][T22342] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1012.576711][T22342] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 1012.576754][T22342] migrate_pages+0x1aae/0x28a0 [ 1012.576788][T22342] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1012.576829][T22342] ? __pfx_migrate_pages+0x10/0x10 [ 1012.576859][T22342] ? mas_next_slot+0x1003/0x18b0 [ 1012.576894][T22342] ? find_held_lock+0x2b/0x80 [ 1012.576917][T22342] ? do_mbind+0x557/0xfd0 [ 1012.576953][T22342] ? up_write+0x290/0x4f0 [ 1012.576991][T22342] do_mbind+0x5a6/0xfd0 [ 1012.577036][T22342] ? __pfx_do_mbind+0x10/0x10 [ 1012.577067][T22342] ? vfs_write+0x15d/0x1070 [ 1012.577109][T22342] ? __pfx_sock_write_iter+0x10/0x10 [ 1012.577158][T22342] ? __pfx_get_nodes+0x10/0x10 [ 1012.577206][T22342] kernel_mbind+0x1b7/0x200 [ 1012.577239][T22342] ? __pfx_kernel_mbind+0x10/0x10 [ 1012.577279][T22342] do_syscall_64+0x106/0xf80 [ 1012.577309][T22342] ? clear_bhb_loop+0x40/0x90 [ 1012.577340][T22342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.577367][T22342] RIP: 0033:0x7f5e1e39c799 [ 1012.577388][T22342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1012.577413][T22342] RSP: 002b:00007f5e1f2e1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 1012.577438][T22342] RAX: ffffffffffffffda RBX: 00007f5e1e615fa0 RCX: 00007f5e1e39c799 [ 1012.577455][T22342] RDX: 0000002100000000 RSI: 0000000100000008 RDI: 0000000000002000 [ 1012.577472][T22342] RBP: 00007f5e1e432bd9 R08: 0000000000000006 R09: 0000000000000002 [ 1012.577488][T22342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1012.577504][T22342] R13: 00007f5e1e616038 R14: 00007f5e1e615fa0 R15: 00007ffd1daa7c98 [ 1012.577536][T22342] [ 1014.361968][T22361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5961'. [ 1014.418337][T22361] netlink: 13 bytes leftover after parsing attributes in process `syz.1.5961'. [ 1020.603579][T22425] netlink: 'syz.4.5980': attribute type 1 has an invalid length. [ 1020.660465][T22425] netlink: 'syz.4.5980': attribute type 6 has an invalid length. [ 1024.210048][T22458] netlink: 50 bytes leftover after parsing attributes in process `syz.3.5989'. [ 1024.373345][T22459] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1027.474121][T22491] netlink: 'syz.1.6000': attribute type 33 has an invalid length. [ 1027.584074][T22491] netlink: 322 bytes leftover after parsing attributes in process `syz.1.6000'. [ 1029.909834][T22511] netlink: 194 bytes leftover after parsing attributes in process `syz.1.6007'. [ 1033.178312][T22534] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6014'. [ 1033.278267][T22485] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1033.287439][T22531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1033.465313][T22531] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1033.614350][T22531] memcg:ffff888077a58e01 [ 1033.674137][T22531] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1033.824654][T22531] page_type: f5(slab) [ 1033.828816][T22531] raw: 00fff00000000040 ffff88813fe54280 dead000000000100 dead000000000122 [ 1034.044350][T22531] raw: 0000000000000000 0000000800100010 00000000f5000000 ffff888077a58e01 [ 1034.053073][T22531] head: 00fff00000000040 ffff88813fe54280 dead000000000100 dead000000000122 [ 1034.317663][T22531] head: 0000000000000000 0000000800100010 00000000f5000000 ffff888077a58e01 [ 1034.512640][T22531] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1034.615695][T22531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1034.771017][T22531] page dumped because: unmovable page [ 1034.873115][T22531] page_owner tracks the page as allocated [ 1034.885173][ T5177] ERROR: Out of memory at tomoyo_memory_ok. [ 1034.979917][T22531] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5825, tgid 5825 (syz-executor), ts 95069524203, free_ts 77146292840 [ 1035.046355][T22549] vivid-007: ================= START STATUS ================= [ 1035.054174][T22549] vivid-007: Enable Output Cropping: true [ 1035.236607][T22545] Loading of unsigned module is rejected [ 1035.330900][T22531] post_alloc_hook+0x153/0x170 [ 1035.450514][T22531] get_page_from_freelist+0x111d/0x3140 [ 1035.500125][T22531] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1035.550789][T22549] vivid-007: Enable Output Composing: true [ 1035.615173][T22531] new_slab+0xa6/0x6c0 [ 1035.696640][T22531] refill_objects+0x26b/0x400 [ 1035.757849][T22531] __pcs_replace_empty_main+0x1ab/0x600 [ 1035.776804][T22549] vivid-007: Enable Output Scaler: true [ 1035.828360][T22531] __kmalloc_noprof+0x688/0x850 [ 1035.899559][T22531] __register_sysctl_table+0xac/0x1650 [ 1035.967761][T22531] neigh_sysctl_register+0x326/0x660 [ 1035.977639][T22549] vivid-007: Tx RGB Quantization Range: Automatic [ 1036.045363][T22531] devinet_sysctl_register+0xb6/0x210 [ 1036.061842][T22554] netlink: 'syz.1.6019': attribute type 1 has an invalid length. [ 1036.071160][T22549] vivid-007: Transmit Mode: HDMI [ 1036.126985][T22531] inetdev_init+0x2b8/0x570 [ 1036.131715][T22554] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6019'. [ 1036.155409][T22549] vivid-007: Hotplug Present: 0x00000000 [ 1036.177088][T22531] inetdev_event+0x7fa/0x17f0 [ 1036.189320][T22549] vivid-007: RxSense Present: 0x00000000 [ 1036.247404][T22531] notifier_call_chain+0x99/0x420 [ 1036.282529][T22549] vivid-007: EDID Present: 0x00000000 [ 1036.318131][T22531] call_netdevice_notifiers_info+0xbe/0x110 [ 1036.380247][T22549] vivid-007: ================== END STATUS ================== [ 1036.395605][T22531] register_netdevice+0x16e6/0x2210 [ 1036.477791][T22531] veth_newlink+0x44a/0xa00 [ 1036.527184][T22531] page last free pid 5705 tgid 5705 stack trace: [ 1036.617527][T22531] __free_frozen_pages+0x7e1/0x10d0 [ 1036.693434][T22531] qlist_free_all+0x47/0xe0 [ 1036.798337][T22531] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1036.846758][T22531] __kasan_slab_alloc+0x69/0x90 [ 1036.898174][T22531] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1036.963121][T22531] do_getname+0x35/0x390 [ 1037.015770][T22531] vfs_fstatat+0xd0/0xe0 [ 1037.070442][T22531] __do_sys_newfstatat+0x9d/0x120 [ 1037.134692][T22531] do_syscall_64+0x106/0xf80 [ 1037.185480][T22531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.167198][T22570] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6024'. [ 1038.325298][T22572] vivid-007: ================= START STATUS ================= [ 1038.398748][T22572] vivid-007: Generate PTS: true [ 1038.417774][T22572] vivid-007: Generate SCR: true [ 1038.422729][T22572] tpg source WxH: 320x240 (Y'CbCr) [ 1038.510333][T22572] tpg field: 1 [ 1038.513740][T22572] tpg crop: (0,0)/320x240 [ 1038.545848][T22572] tpg compose: (0,0)/320x240 [ 1038.622627][T22572] tpg colorspace: 8 [ 1038.669839][T22572] tpg transfer function: 0/0 [ 1038.674494][T22572] tpg Y'CbCr encoding: 0/0 [ 1038.731714][T22572] tpg quantization: 0/0 [ 1038.770928][T22572] tpg RGB range: 0/2 [ 1038.816773][T22572] vivid-007: ================== END STATUS ================== [ 1038.858354][T22568] FAULT_INJECTION: forcing a failure. [ 1038.858354][T22568] name failslab, interval 1, probability 0, space 0, times 0 [ 1039.027375][T22568] CPU: 0 UID: 0 PID: 22568 Comm: syz.3.6022 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1039.027419][T22568] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1039.027429][T22568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1039.027445][T22568] Call Trace: [ 1039.027454][T22568] [ 1039.027465][T22568] dump_stack_lvl+0x100/0x190 [ 1039.027511][T22568] should_fail_ex.cold+0x5/0xa [ 1039.027542][T22568] should_failslab+0xc2/0x120 [ 1039.027569][T22568] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1039.027608][T22568] ? mas_alloc_nodes+0x280/0x390 [ 1039.027641][T22568] mas_alloc_nodes+0x280/0x390 [ 1039.027671][T22568] mas_preallocate+0x39c/0xf10 [ 1039.027709][T22568] ? __pfx_mas_preallocate+0x10/0x10 [ 1039.027751][T22568] ? __asan_memset+0x23/0x50 [ 1039.027786][T22568] ? init_multi_vma_prep+0x33c/0x650 [ 1039.027823][T22568] commit_merge+0x3e3/0xbd0 [ 1039.027862][T22568] ? __pfx_commit_merge+0x10/0x10 [ 1039.027896][T22568] ? __pfx_free_pgtables+0x10/0x10 [ 1039.027936][T22568] vma_expand+0x7df/0xcf0 [ 1039.027975][T22568] ? __pfx_vma_expand+0x10/0x10 [ 1039.028012][T22568] ? can_vma_merge_right+0xa5/0x530 [ 1039.028050][T22568] vma_merge_new_range+0x2ce/0xa30 [ 1039.028086][T22568] ? __sanitizer_cov_trace_switch+0x51/0x90 [ 1039.028147][T22568] __mmap_region+0x900/0x29e0 [ 1039.028185][T22568] ? update_cfs_rq_load_avg+0x51/0x550 [ 1039.028216][T22568] ? __pfx___mmap_region+0x10/0x10 [ 1039.028260][T22568] ? set_next_entity+0x11e/0x9c0 [ 1039.028302][T22568] ? __lock_acquire+0x4a5/0x2630 [ 1039.028334][T22568] ? find_held_lock+0x2b/0x80 [ 1039.028370][T22568] ? find_held_lock+0x2b/0x80 [ 1039.028392][T22568] ? finish_task_switch.isra.0+0x200/0xb80 [ 1039.028420][T22568] ? finish_task_switch.isra.0+0x200/0xb80 [ 1039.028458][T22568] ? trace_sched_exit_tp+0x13a/0x180 [ 1039.028488][T22568] ? __schedule+0x1000/0x6120 [ 1039.028553][T22568] ? rcu_is_watching+0x12/0xc0 [ 1039.028592][T22568] ? cap_capable+0x107/0x460 [ 1039.028635][T22568] mmap_region+0x180/0x3e0 [ 1039.028679][T22568] do_mmap+0xc63/0x12f0 [ 1039.028712][T22568] ? __pfx_do_mmap+0x10/0x10 [ 1039.028739][T22568] ? __pfx_down_write_killable+0x10/0x10 [ 1039.028782][T22568] vm_mmap_pgoff+0x29e/0x470 [ 1039.028816][T22568] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1039.028846][T22568] ? do_futex+0x192/0x350 [ 1039.028880][T22568] ? __pfx_do_futex+0x10/0x10 [ 1039.028918][T22568] ksys_mmap_pgoff+0xe1/0x650 [ 1039.028945][T22568] ? __x64_sys_futex+0x34f/0x4d0 [ 1039.028977][T22568] ? __x64_sys_futex+0x358/0x4d0 [ 1039.029011][T22568] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1039.029038][T22568] ? xfd_validate_state+0x129/0x190 [ 1039.029081][T22568] __x64_sys_mmap+0x125/0x190 [ 1039.029122][T22568] do_syscall_64+0x106/0xf80 [ 1039.029159][T22568] ? clear_bhb_loop+0x40/0x90 [ 1039.029191][T22568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1039.029219][T22568] RIP: 0033:0x7fb87cb9c799 [ 1039.029240][T22568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1039.029266][T22568] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1039.029290][T22568] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 1039.029307][T22568] RDX: 00000000000000df RSI: 0000000000000005 RDI: 0000000000000000 [ 1039.029323][T22568] RBP: 00007fb87cc32bd9 R08: 0000000000000002 R09: 0000000000008000 [ 1039.029339][T22568] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1039.029355][T22568] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 1039.029388][T22568] [ 1041.539736][T22608] [U]  [ 1041.542626][T22608] [U] [ 1041.545344][T22608] [U] [ 1041.548066][T22608] [U] [ 1041.619710][T22608] [U] [ 1041.622482][T22608] [U] [ 1041.625201][T22608] [U] [ 1041.627917][T22608] [U] [ 1041.713070][T22608] [U] [ 1041.715841][T22608] [U] [ 1041.718564][T22608] [U] [ 1041.721278][T22608] [U] [ 1041.761657][T22617] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6038'. [ 1041.808776][T22608] [U] [ 1041.811543][T22608] [U] [ 1041.814295][T22608] [U] [ 1041.817011][T22608] [U] [ 1041.898602][T22608] [U] [ 1041.901370][T22608] [U] [ 1041.904088][T22608] [U] [ 1041.906815][T22608] [U] [ 1041.970693][T22608] [U] [ 1041.973464][T22608] [U] [ 1041.976188][T22608] [U] [ 1041.978903][T22608] [U] [ 1042.038840][T22608] [U] [ 1042.041631][T22608] [U] [ 1042.044357][T22608] [U] [ 1042.047079][T22608] [U] [ 1042.129100][T22608] [U] [ 1042.131872][T22608] [U] [ 1042.134598][T22608] [U] [ 1042.137346][T22608] [U] [ 1042.208887][T22608] [U] [ 1042.211669][T22608] [U] [ 1042.214481][T22608] [U] [ 1042.217209][T22608] [U] [ 1042.348706][T22608] [U] [ 1042.351479][T22608] [U] [ 1042.354200][T22608] [U] [ 1042.356923][T22608] [U] [ 1042.434377][T22608] [U] [ 1042.437139][T22608] [U] [ 1042.439862][T22608] [U] [ 1042.442577][T22608] [U] [ 1042.529345][T22608] [U] [ 1042.532143][T22608] [U] [ 1042.534883][T22608] [U] [ 1042.537619][T22608] [U] [ 1042.599169][T22608] [U] [ 1042.601960][T22608] [U] [ 1042.604789][T22608] [U] [ 1042.607511][T22608] [U] [ 1042.678827][T22608] [U] [ 1043.108043][T17796] Bluetooth: hci0: unexpected event 0x09 length: 435 > 3 [ 1046.144840][T22653] netlink: 186 bytes leftover after parsing attributes in process `syz.4.6051'. [ 1047.392094][T22676] netlink: 54 bytes leftover after parsing attributes in process `syz.3.6060'. [ 1048.689177][T22691] netlink: 54 bytes leftover after parsing attributes in process `syz.2.6064'. [ 1050.807910][T22714] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6072'. [ 1050.882973][T22714] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6072'. [ 1054.800102][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.806625][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.548379][T22781] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 1059.550482][ T5180] ERROR: Out of memory at tomoyo_memory_ok. [ 1059.755006][T22785] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6090'. [ 1059.788181][T22785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6090'. [ 1061.650125][T22798] netlink: 50 bytes leftover after parsing attributes in process `syz.2.6095'. [ 1066.228932][T22833] zswap: compressor not available [ 1066.670856][T22845] [U]  [ 1066.673711][T22845] [U] [ 1066.676431][T22845] [U] [ 1066.679168][T22845] [U] [ 1066.985212][T22845] [U] [ 1066.987983][T22845] [U] [ 1066.990839][T22845] [U] [ 1066.993556][T22845] [U] [ 1067.403719][T22845] [U] [ 1067.406494][T22845] [U] [ 1067.409222][T22845] [U] [ 1067.411943][T22845] [U] [ 1067.721345][T22845] [U] [ 1070.972752][T22862] sp0: Synchronizing with TNC [ 1074.174757][T22891] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6121'. [ 1076.261669][T22906] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 1077.020050][T22917] FAULT_INJECTION: forcing a failure. [ 1077.020050][T22917] name failslab, interval 1, probability 0, space 0, times 0 [ 1077.110555][T22917] CPU: 0 UID: 0 PID: 22917 Comm: syz.3.6132 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1077.110599][T22917] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1077.110610][T22917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1077.110626][T22917] Call Trace: [ 1077.110634][T22917] [ 1077.110646][T22917] dump_stack_lvl+0x100/0x190 [ 1077.110690][T22917] should_fail_ex.cold+0x5/0xa [ 1077.110720][T22917] should_failslab+0xc2/0x120 [ 1077.110747][T22917] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1077.110781][T22917] ? nci_hci_allocate+0x45/0x330 [ 1077.110822][T22917] ? mutex_init_lockep+0x110/0x150 [ 1077.110862][T22917] nci_hci_allocate+0x45/0x330 [ 1077.110891][T22917] nci_allocate_device+0x26f/0x410 [ 1077.110934][T22917] virtual_ncidev_open+0x6f/0x220 [ 1077.110966][T22917] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1077.110995][T22917] misc_open+0x26d/0x450 [ 1077.111021][T22917] ? __pfx_misc_open+0x10/0x10 [ 1077.111044][T22917] chrdev_open+0x234/0x6a0 [ 1077.111069][T22917] ? __pfx_apparmor_file_open+0x10/0x10 [ 1077.111110][T22917] ? __pfx_chrdev_open+0x10/0x10 [ 1077.111137][T22917] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1077.111173][T22917] do_dentry_open+0x6d8/0x1660 [ 1077.111197][T22917] ? __pfx_chrdev_open+0x10/0x10 [ 1077.111230][T22917] vfs_open+0x82/0x3f0 [ 1077.111265][T22917] path_openat+0x208c/0x31a0 [ 1077.111301][T22917] ? __pfx_path_openat+0x10/0x10 [ 1077.111346][T22917] do_file_open+0x20e/0x430 [ 1077.111375][T22917] ? __pfx_do_file_open+0x10/0x10 [ 1077.111423][T22917] ? alloc_fd+0x476/0x790 [ 1077.111452][T22917] ? do_getname+0x191/0x390 [ 1077.111487][T22917] do_sys_openat2+0x10d/0x1e0 [ 1077.111521][T22917] ? __pfx_do_sys_openat2+0x10/0x10 [ 1077.111566][T22917] __x64_sys_openat+0x12d/0x210 [ 1077.111601][T22917] ? __pfx___x64_sys_openat+0x10/0x10 [ 1077.111647][T22917] do_syscall_64+0x106/0xf80 [ 1077.111678][T22917] ? clear_bhb_loop+0x40/0x90 [ 1077.111710][T22917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.111736][T22917] RIP: 0033:0x7fb87cb9c799 [ 1077.111757][T22917] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1077.111781][T22917] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1077.111805][T22917] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 1077.111822][T22917] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1077.111839][T22917] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1077.111855][T22917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1077.111870][T22917] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 1077.111903][T22917] [ 1077.833273][T17796] Bluetooth: hci0: Malformed LE Event: 0x1b [ 1079.227526][T22935] ubi0: attaching mtd0 [ 1079.285617][T22935] ubi0: scanning is finished [ 1079.377114][T22935] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1079.629735][T22942] FAULT_INJECTION: forcing a failure. [ 1079.629735][T22942] name failslab, interval 1, probability 0, space 0, times 0 [ 1079.728610][T22942] CPU: 0 UID: 0 PID: 22942 Comm: syz.3.6141 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1079.728655][T22942] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1079.728665][T22942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1079.728682][T22942] Call Trace: [ 1079.728691][T22942] [ 1079.728701][T22942] dump_stack_lvl+0x100/0x190 [ 1079.728746][T22942] should_fail_ex.cold+0x5/0xa [ 1079.728776][T22942] should_failslab+0xc2/0x120 [ 1079.728806][T22942] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1079.728850][T22942] ? kstrdup_const+0x63/0x80 [ 1079.728897][T22942] kstrdup+0x51/0xe0 [ 1079.728939][T22942] kstrdup_const+0x63/0x80 [ 1079.728979][T22942] __kernfs_new_node+0x9b/0x960 [ 1079.729028][T22942] ? __pfx___kernfs_new_node+0x10/0x10 [ 1079.729072][T22942] ? find_held_lock+0x2b/0x80 [ 1079.729096][T22942] ? kernfs_root+0xee/0x2a0 [ 1079.729130][T22942] ? kernfs_root+0xee/0x2a0 [ 1079.729172][T22942] kernfs_new_node+0x11b/0x1a0 [ 1079.729217][T22942] kernfs_create_link+0xcc/0x240 [ 1079.729249][T22942] sysfs_do_create_link_sd+0x90/0x140 [ 1079.729287][T22942] sysfs_create_link+0x61/0xc0 [ 1079.729322][T22942] device_add+0x675/0x1950 [ 1079.729349][T22942] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1079.729392][T22942] ? __pfx_device_add+0x10/0x10 [ 1079.729417][T22942] ? lockdep_init_map_type+0x5c/0x250 [ 1079.729452][T22942] ? __init_waitqueue_head+0xca/0x150 [ 1079.729497][T22942] netdev_register_kobject+0x1a9/0x3d0 [ 1079.729540][T22942] register_netdevice+0x12e0/0x2210 [ 1079.729580][T22942] ? __pfx_register_netdevice+0x10/0x10 [ 1079.729624][T22942] internal_dev_create+0x2d3/0x520 [ 1079.729660][T22942] ovs_vport_add+0x147/0x4d0 [ 1079.729691][T22942] new_vport+0x16/0x1d0 [ 1079.729820][T22942] ovs_dp_cmd_new+0x65d/0xdf0 [ 1079.729853][T22942] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1079.729885][T22942] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1079.729928][T22942] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1079.729975][T22942] genl_family_rcv_msg_doit+0x214/0x300 [ 1079.730024][T22942] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1079.730064][T22942] ? genl_get_cmd+0x3ef/0x720 [ 1079.730108][T22942] ? bpf_lsm_capable+0x9/0x10 [ 1079.730135][T22942] ? security_capable+0x80/0x260 [ 1079.730172][T22942] ? ns_capable+0xd2/0xf0 [ 1079.730200][T22942] genl_rcv_msg+0x560/0x800 [ 1079.730242][T22942] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1079.730282][T22942] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1079.730309][T22942] ? __lock_acquire+0x4a5/0x2630 [ 1079.730347][T22942] netlink_rcv_skb+0x159/0x420 [ 1079.730381][T22942] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1079.730421][T22942] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1079.730469][T22942] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1079.730505][T22942] genl_rcv+0x28/0x40 [ 1079.730540][T22942] netlink_unicast+0x5aa/0x870 [ 1079.730579][T22942] ? __pfx_netlink_unicast+0x10/0x10 [ 1079.730625][T22942] netlink_sendmsg+0x8b0/0xda0 [ 1079.730664][T22942] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1079.730698][T22942] ? __import_iovec+0x1d2/0x640 [ 1079.730728][T22942] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1079.730770][T22942] ____sys_sendmsg+0x9e1/0xb70 [ 1079.730808][T22942] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1079.730845][T22942] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1079.730890][T22942] ? try_to_wake_up+0x644/0x1a80 [ 1079.730922][T22942] ___sys_sendmsg+0x190/0x1e0 [ 1079.730965][T22942] ? __pfx____sys_sendmsg+0x10/0x10 [ 1079.731017][T22942] ? futex_private_hash_put+0x107/0x1c0 [ 1079.731084][T22942] __sys_sendmsg+0x170/0x220 [ 1079.731118][T22942] ? __pfx___sys_sendmsg+0x10/0x10 [ 1079.731149][T22942] ? __x64_sys_futex+0x34f/0x4d0 [ 1079.731201][T22942] do_syscall_64+0x106/0xf80 [ 1079.731232][T22942] ? clear_bhb_loop+0x40/0x90 [ 1079.731264][T22942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.731291][T22942] RIP: 0033:0x7fb87cb9c799 [ 1079.731313][T22942] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1079.731339][T22942] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1079.731363][T22942] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 1079.731380][T22942] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 1079.731396][T22942] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1079.731412][T22942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1079.731428][T22942] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 1079.731461][T22942] [ 1085.279090][T22935] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1085.786492][T22951] netlink: 'syz.2.6140': attribute type 10 has an invalid length. [ 1085.848454][T22957] netlink: 246 bytes leftover after parsing attributes in process `syz.1.6145'. [ 1085.902435][T22951] netlink: 'syz.2.6140': attribute type 13 has an invalid length. [ 1086.738040][T22960] netlink: 'syz.4.6146': attribute type 10 has an invalid length. [ 1086.879636][T22960] netlink: 230 bytes leftover after parsing attributes in process `syz.4.6146'. [ 1087.141448][T22960] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1087.273689][T22970] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6150'. [ 1088.904275][T22991] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6158'. [ 1088.972676][T22994] netlink: 'syz.3.6158': attribute type 1 has an invalid length. [ 1089.033173][T22994] netlink: 13 bytes leftover after parsing attributes in process `syz.3.6158'. [ 1091.027734][T23011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6163'. [ 1091.404326][T23011] bridge0: port 3(vlan0) entered disabled state [ 1091.580773][T23011] vlan0 (unregistering): left allmulticast mode [ 1091.662542][T23011] vlan0 (unregistering): left promiscuous mode [ 1091.772646][T23011] bridge0: port 3(vlan0) entered disabled state [ 1093.585140][T23031] netlink: 226 bytes leftover after parsing attributes in process `syz.2.6169'. [ 1093.789366][T23031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6169'. [ 1093.967231][T23031] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 1094.639075][T23041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1094.700434][T23041] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1094.747345][T23041] memcg:ffff888077a58e01 [ 1094.759610][T23041] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1094.815081][T23041] page_type: f5(slab) [ 1094.825936][T23041] raw: 00fff00000000040 ffff88813fe54280 dead000000000100 dead000000000122 [ 1094.885483][T23041] raw: 0000000000000000 0000000800100010 00000000f5000000 ffff888077a58e01 [ 1094.923676][T23041] head: 00fff00000000040 ffff88813fe54280 dead000000000100 dead000000000122 [ 1094.972079][T23041] head: 0000000000000000 0000000800100010 00000000f5000000 ffff888077a58e01 [ 1095.025443][T23041] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1095.155623][T23041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1095.205701][T23041] page dumped because: unmovable page [ 1095.211180][T23041] page_owner tracks the page as allocated [ 1095.233623][ T5177] ERROR: Out of memory at tomoyo_memory_ok. [ 1095.298324][T23041] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5825, tgid 5825 (syz-executor), ts 95069524203, free_ts 77146292840 [ 1095.475062][T23041] post_alloc_hook+0x153/0x170 [ 1095.479931][T23041] get_page_from_freelist+0x111d/0x3140 [ 1095.519745][T23041] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1095.565976][T23041] new_slab+0xa6/0x6c0 [ 1095.582042][T23041] refill_objects+0x26b/0x400 [ 1095.605855][T23041] __pcs_replace_empty_main+0x1ab/0x600 [ 1095.646419][T23041] __kmalloc_noprof+0x688/0x850 [ 1095.651374][T23041] __register_sysctl_table+0xac/0x1650 [ 1095.699094][T23041] neigh_sysctl_register+0x326/0x660 [ 1095.704493][T23041] devinet_sysctl_register+0xb6/0x210 [ 1095.775448][T23041] inetdev_init+0x2b8/0x570 [ 1095.780037][T23041] inetdev_event+0x7fa/0x17f0 [ 1095.784781][T23041] notifier_call_chain+0x99/0x420 [ 1095.847739][T23041] call_netdevice_notifiers_info+0xbe/0x110 [ 1095.853736][T23041] register_netdevice+0x16e6/0x2210 [ 1095.905331][T23041] veth_newlink+0x44a/0xa00 [ 1095.935274][T23041] page last free pid 5705 tgid 5705 stack trace: [ 1095.975491][T23041] __free_frozen_pages+0x7e1/0x10d0 [ 1095.980773][T23041] qlist_free_all+0x47/0xe0 [ 1096.025803][T23041] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1096.067479][T23041] __kasan_slab_alloc+0x69/0x90 [ 1096.072432][T23041] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1096.114196][T23041] do_getname+0x35/0x390 [ 1096.137561][T23041] vfs_fstatat+0xd0/0xe0 [ 1096.141878][T23041] __do_sys_newfstatat+0x9d/0x120 [ 1096.185398][T23041] do_syscall_64+0x106/0xf80 [ 1096.199935][T23041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1097.132465][T23054] zswap: compressor  not available [ 1100.216383][T23092] netlink: 186 bytes leftover after parsing attributes in process `syz.4.6186'. [ 1104.781552][T23140] FAULT_INJECTION: forcing a failure. [ 1104.781552][T23140] name failslab, interval 1, probability 0, space 0, times 0 [ 1104.862765][T23140] CPU: 0 UID: 0 PID: 23140 Comm: syz.3.6204 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1104.862809][T23140] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1104.862820][T23140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1104.862835][T23140] Call Trace: [ 1104.862843][T23140] [ 1104.862853][T23140] dump_stack_lvl+0x100/0x190 [ 1104.862897][T23140] should_fail_ex.cold+0x5/0xa [ 1104.862928][T23140] should_failslab+0xc2/0x120 [ 1104.862955][T23140] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1104.862993][T23140] ? __kernfs_new_node+0xd2/0x960 [ 1104.863036][T23140] __kernfs_new_node+0xd2/0x960 [ 1104.863075][T23140] ? __pfx___kernfs_new_node+0x10/0x10 [ 1104.863120][T23140] ? find_held_lock+0x2b/0x80 [ 1104.863143][T23140] ? kernfs_root+0xee/0x2a0 [ 1104.863177][T23140] ? kernfs_root+0xee/0x2a0 [ 1104.863218][T23140] kernfs_new_node+0x11b/0x1a0 [ 1104.863263][T23140] __kernfs_create_file+0x53/0x350 [ 1104.863296][T23140] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1104.863338][T23140] internal_create_group+0x593/0xf40 [ 1104.863382][T23140] ? __pfx_internal_create_group+0x10/0x10 [ 1104.863425][T23140] ? kernfs_create_link+0x1bd/0x240 [ 1104.863465][T23140] internal_create_groups+0x9d/0x150 [ 1104.863505][T23140] device_add+0x71a/0x1950 [ 1104.863532][T23140] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1104.863574][T23140] ? __pfx_device_add+0x10/0x10 [ 1104.863599][T23140] ? lockdep_init_map_type+0x5c/0x250 [ 1104.863633][T23140] ? __init_waitqueue_head+0xca/0x150 [ 1104.863679][T23140] netdev_register_kobject+0x1a9/0x3d0 [ 1104.863720][T23140] register_netdevice+0x12e0/0x2210 [ 1104.863761][T23140] ? __pfx_register_netdevice+0x10/0x10 [ 1104.863805][T23140] ? __pfx_loopback_net_init+0x10/0x10 [ 1104.863847][T23140] register_netdev+0x34/0x50 [ 1104.863879][T23140] loopback_net_init+0x7a/0x170 [ 1104.863919][T23140] ? __pfx_loopback_net_init+0x10/0x10 [ 1104.863956][T23140] ops_init+0x1e2/0x5f0 [ 1104.863992][T23140] setup_net+0x118/0x3a0 [ 1104.864026][T23140] ? __pfx_setup_net+0x10/0x10 [ 1104.864057][T23140] ? lockdep_init_map_type+0x5c/0x250 [ 1104.864092][T23140] ? mutex_init_lockep+0x110/0x150 [ 1104.864136][T23140] copy_net_ns+0x46f/0x7c0 [ 1104.864176][T23140] create_new_namespaces+0x3ea/0xac0 [ 1104.864210][T23140] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1104.864240][T23140] ksys_unshare+0x473/0xad0 [ 1104.864273][T23140] ? __pfx_ksys_unshare+0x10/0x10 [ 1104.864317][T23140] __x64_sys_unshare+0x31/0x40 [ 1104.864348][T23140] do_syscall_64+0x106/0xf80 [ 1104.864380][T23140] ? clear_bhb_loop+0x40/0x90 [ 1104.864411][T23140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.864444][T23140] RIP: 0033:0x7fb87cb9c799 [ 1104.864465][T23140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1104.864491][T23140] RSP: 002b:00007fb87d9e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1104.864516][T23140] RAX: ffffffffffffffda RBX: 00007fb87ce15fa0 RCX: 00007fb87cb9c799 [ 1104.864534][T23140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1104.864550][T23140] RBP: 00007fb87cc32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1104.864566][T23140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1104.864582][T23140] R13: 00007fb87ce16038 R14: 00007fb87ce15fa0 R15: 00007ffe12e4d718 [ 1104.864615][T23140] [ 1106.220903][T23144] zswap: compressor not available [ 1106.411543][T23156] netlink: 'syz.1.6209': attribute type 15 has an invalid length. [ 1106.440477][T23156] netlink: 'syz.1.6209': attribute type 16 has an invalid length. [ 1106.448685][T23156] netlink: 194 bytes leftover after parsing attributes in process `syz.1.6209'. [ 1111.069537][T23165] ima: policy update failed [ 1111.261595][ T30] audit: type=1802 audit(4294967376.765:21): pid=23165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.6212" res=0 errno=0 [ 1111.412122][T23182] vivid-007: ================= START STATUS ================= [ 1111.493685][T23179] ERROR: Out of memory at tomoyo_memory_ok. [ 1111.552154][T23182] vivid-007: Enable Output Cropping: true grabbed [ 1111.603591][T23182] vivid-007: Enable Output Composing: true grabbed [ 1111.672638][T23182] vivid-007: Enable Output Scaler: true grabbed [ 1111.722072][T23182] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 1111.776786][T23182] vivid-007: Transmit Mode: HDMI grabbed [ 1111.832540][T23182] vivid-007: Hotplug Present: 0x00000000 [ 1111.878659][T23182] vivid-007: RxSense Present: 0x00000000 [ 1111.932333][T23182] vivid-007: EDID Present: 0x00000000 [ 1111.967683][T23182] vivid-007: ================== END STATUS ================== [ 1111.988080][T23185] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6217'. [ 1112.862352][T23188] [ 1112.864735][T23188] ====================================================== [ 1112.871826][T23188] WARNING: possible circular locking dependency detected [ 1112.878865][T23188] syzkaller #0 Tainted: G U L [ 1112.884858][T23188] ------------------------------------------------------ [ 1112.891883][T23188] syz.2.6219/23188 is trying to acquire lock: [ 1112.897956][T23188] ffff888021b516e8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 1112.909482][T23188] [ 1112.909482][T23188] but task is already holding lock: [ 1112.916854][T23188] ffff888021b53460 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 1112.925925][T23188] [ 1112.925925][T23188] which lock already depends on the new lock. [ 1112.925925][T23188] [ 1112.936332][T23188] [ 1112.936332][T23188] the existing dependency chain (in reverse order) is: [ 1112.945349][T23188] [ 1112.945349][T23188] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 1112.953107][T23188] lock_sock_nested+0x41/0xf0 [ 1112.958331][T23188] smc_listen_out+0x1f5/0x4b0 [ 1112.963548][T23188] smc_listen_work+0x4c2/0x50e0 [ 1112.969019][T23188] process_one_work+0x9d7/0x1920 [ 1112.974501][T23188] worker_thread+0x5da/0xe40 [ 1112.979640][T23188] kthread+0x370/0x450 [ 1112.984342][T23188] ret_from_fork+0x754/0xd80 [ 1112.989484][T23188] ret_from_fork_asm+0x1a/0x30 [ 1112.994794][T23188] [ 1112.994794][T23188] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 1113.005089][T23188] __lock_acquire+0x14b8/0x2630 [ 1113.010488][T23188] lock_acquire+0x1cf/0x380 [ 1113.015533][T23188] __flush_work+0x4de/0xcb0 [ 1113.020584][T23188] cancel_work_sync+0xd1/0xf0 [ 1113.025798][T23188] smc_clcsock_release+0x5f/0xe0 [ 1113.031292][T23188] __smc_release+0x5c2/0x880 [ 1113.036527][T23188] smc_close_non_accepted+0xda/0x200 [ 1113.042365][T23188] smc_close_active+0x4ff/0x1070 [ 1113.047840][T23188] __smc_release+0x634/0x880 [ 1113.052966][T23188] smc_release+0x1fc/0x620 [ 1113.057923][T23188] __sock_release+0xb3/0x260 [ 1113.063059][T23188] sock_close+0x1c/0x30 [ 1113.067775][T23188] __fput+0x3ff/0xb40 [ 1113.072314][T23188] task_work_run+0x150/0x240 [ 1113.077459][T23188] exit_to_user_mode_loop+0x100/0x4a0 [ 1113.083385][T23188] do_syscall_64+0x668/0xf80 [ 1113.088528][T23188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.095057][T23188] [ 1113.095057][T23188] other info that might help us debug this: [ 1113.095057][T23188] [ 1113.105319][T23188] Possible unsafe locking scenario: [ 1113.105319][T23188] [ 1113.112782][T23188] CPU0 CPU1 [ 1113.118156][T23188] ---- ---- [ 1113.123531][T23188] lock(sk_lock-AF_SMC/1); [ 1113.128060][T23188] lock((work_completion)(&new_smc->smc_listen_work)); [ 1113.137536][T23188] lock(sk_lock-AF_SMC/1); [ 1113.144587][T23188] lock((work_completion)(&new_smc->smc_listen_work)); [ 1113.151541][T23188] [ 1113.151541][T23188] *** DEADLOCK *** [ 1113.151541][T23188] [ 1113.159690][T23188] 3 locks held by syz.2.6219/23188: [ 1113.164902][T23188] #0: ffff88804a6f1348 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 1113.175517][T23188] #1: ffff888021b53460 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 1113.184978][T23188] #2: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 1113.194173][T23188] [ 1113.194173][T23188] stack backtrace: [ 1113.200076][T23188] CPU: 0 UID: 0 PID: 23188 Comm: syz.2.6219 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1113.200116][T23188] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1113.200125][T23188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1113.200140][T23188] Call Trace: [ 1113.200150][T23188] [ 1113.200160][T23188] dump_stack_lvl+0x100/0x190 [ 1113.200197][T23188] print_circular_bug.cold+0x178/0x1c7 [ 1113.200237][T23188] check_noncircular+0x146/0x160 [ 1113.200269][T23188] __lock_acquire+0x14b8/0x2630 [ 1113.200303][T23188] lock_acquire+0x1cf/0x380 [ 1113.200332][T23188] ? __flush_work+0x4ca/0xcb0 [ 1113.200367][T23188] ? preempt_schedule_thunk+0x16/0x30 [ 1113.200399][T23188] ? __flush_work+0x4ca/0xcb0 [ 1113.200434][T23188] __flush_work+0x4de/0xcb0 [ 1113.200467][T23188] ? __flush_work+0x4ca/0xcb0 [ 1113.200504][T23188] ? __pfx___flush_work+0x10/0x10 [ 1113.200540][T23188] ? __pfx_wq_barrier_func+0x10/0x10 [ 1113.200571][T23188] ? __pfx___might_resched+0x10/0x10 [ 1113.200609][T23188] cancel_work_sync+0xd1/0xf0 [ 1113.200637][T23188] smc_clcsock_release+0x5f/0xe0 [ 1113.200663][T23188] __smc_release+0x5c2/0x880 [ 1113.200685][T23188] ? __pfx_sock_def_readable+0x10/0x10 [ 1113.200711][T23188] smc_close_non_accepted+0xda/0x200 [ 1113.200736][T23188] smc_close_active+0x4ff/0x1070 [ 1113.200762][T23188] __smc_release+0x634/0x880 [ 1113.200784][T23188] smc_release+0x1fc/0x620 [ 1113.200806][T23188] __sock_release+0xb3/0x260 [ 1113.200836][T23188] ? __pfx_sock_close+0x10/0x10 [ 1113.200865][T23188] sock_close+0x1c/0x30 [ 1113.200894][T23188] __fput+0x3ff/0xb40 [ 1113.200924][T23188] task_work_run+0x150/0x240 [ 1113.200958][T23188] ? __pfx_task_work_run+0x10/0x10 [ 1113.200995][T23188] exit_to_user_mode_loop+0x100/0x4a0 [ 1113.201028][T23188] do_syscall_64+0x668/0xf80 [ 1113.201057][T23188] ? clear_bhb_loop+0x40/0x90 [ 1113.201085][T23188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.201110][T23188] RIP: 0033:0x7efbfe99c799 [ 1113.201129][T23188] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1113.201153][T23188] RSP: 002b:00007ffe7817ebc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1113.201176][T23188] RAX: 0000000000000000 RBX: 00007efbfec17da0 RCX: 00007efbfe99c799 [ 1113.201192][T23188] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1113.201207][T23188] RBP: 00007efbfec17da0 R08: 00007efbfec16038 R09: 0000000000000000 [ 1113.201223][T23188] R10: 00000000005d6884 R11: 0000000000000246 R12: 000000000010fb3f [ 1113.201238][T23188] R13: 00007efbfec15fac R14: 000000000010f9e2 R15: 00007ffe7817ecd0 [ 1113.201261][T23188] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1116.342493][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.348835][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.017915][T21646] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.198917][T21646] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.306653][T21646] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.422889][T21646] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.690500][T21646] bridge_slave_1: left allmulticast mode [ 1117.712202][T21646] bridge_slave_1: left promiscuous mode [ 1117.718744][T21646] bridge0: port 2(bridge_slave_1) entered disabled state [ 1117.849440][T21646] bridge_slave_0: left allmulticast mode [ 1117.872662][T21646] bridge_slave_0: left promiscuous mode [ 1117.878413][T21646] bridge0: port 1(bridge_slave_0) entered disabled state [ 1118.175656][T21646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1118.205962][T21646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1118.226942][T21646] bond0 (unregistering): Released all slaves [ 1118.428784][T21646] hsr_slave_0: left promiscuous mode [ 1118.460751][T21646] hsr_slave_1: left promiscuous mode [ 1118.482433][T21646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1118.489859][T21646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1118.573091][T21646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1118.600872][T21646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1118.636488][T21646] veth1_macvtap: left promiscuous mode [ 1118.660645][T21646] veth0_macvtap: left promiscuous mode [ 1118.692195][T21646] veth1_vlan: left promiscuous mode [ 1118.697490][T21646] veth0_vlan: left promiscuous mode [ 1119.173504][T21646] team0 (unregistering): Port device team_slave_1 removed [ 1119.218528][T21646] team0 (unregistering): Port device team_slave_0 removed [ 1119.655004][T21646] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1119.792407][T21646] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1119.855179][T21646] bridge0: port 3(netdevsim1) entered disabled state [ 1119.889363][T21646] netdevsim netdevsim3 netdevsim1 (unregistering): left allmulticast mode [ 1119.922008][T21646] netdevsim netdevsim3 netdevsim1 (unregistering): left promiscuous mode [ 1119.973393][T21646] bridge0: port 3(netdevsim1) entered disabled state [ 1119.996949][T21646] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1120.111567][T21646] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1120.291390][T21646] bridge_slave_1: left allmulticast mode [ 1120.322689][T21646] bridge_slave_1: left promiscuous mode [ 1120.342443][T21646] bridge0: port 2(bridge_slave_1) entered disabled state [ 1120.371136][T21646] bridge_slave_0: left allmulticast mode [ 1120.376866][T21646] bridge_slave_0: left promiscuous mode [ 1120.422403][T21646] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.684230][T21646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1120.705804][T21646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1120.726181][T21646] bond0 (unregistering): Released all slaves [ 1120.774965][T21646] : left promiscuous mode [ 1120.830663][T21646] ovs_: left promiscuous mode [ 1121.095219][T21646] hsr_slave_0: left promiscuous mode [ 1121.141118][T21646] hsr_slave_1: left promiscuous mode [ 1121.175504][T21646] veth1_macvtap: left promiscuous mode [ 1121.200521][T21646] veth0_macvtap: left promiscuous mode [ 1121.206117][T21646] veth0_vlan: left promiscuous mode [ 1121.688206][T21646] team0 (unregistering): Port device team_slave_1 removed [ 1121.753240][T21646] team0 (unregistering): Port device team_slave_0 removed [ 1122.675061][T23252] ERROR: Out of memory at tomoyo_memory_ok.