last executing test programs: 2.900493322s ago: executing program 0 (id=6671): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) sendfile$auto(r0, r0, 0x0, 0xd021) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x200948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x6, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) 2.332513952s ago: executing program 0 (id=6676): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) uname$auto(0x0) r0 = socket(0x2, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x2, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x65, 0x0, 0x1c) 1.957099007s ago: executing program 1 (id=6680): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x5) r2 = epoll_create$auto(0x8800001) epoll_ctl$auto(r2, 0x1, r0, 0x0) 1.91079402s ago: executing program 0 (id=6682): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYBLOB="010009"], 0x5c}, 0x1, 0x0, 0x0, 0x20040004}, 0x0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 1.822590979s ago: executing program 1 (id=6683): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x8000000eb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4044010}, 0x40850) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x4, 0x9) 1.793667798s ago: executing program 3 (id=6684): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x7000000) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) io_uring_setup$auto(0x58, 0x0) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/usb/usbmon/33u\x00', 0x20202, 0x0) pread64$auto(r0, 0x0, 0x0, 0x9) close_range$auto(0x2, 0xa, 0x0) 1.652835863s ago: executing program 1 (id=6686): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101001, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/md_mod/parameters/start_ro\x00', 0x80302, 0x0) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000180), 0x8c00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) 1.557206144s ago: executing program 0 (id=6687): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) fchown$auto(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) recvmmsg$auto(0x3, 0x0, 0x86873cbd, 0xa, 0x0) 1.489120474s ago: executing program 1 (id=6689): ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(0xffffffffffffffff, 0xc038586c, &(0x7f0000000280)={0xffffffffffffffff, &(0x7f0000000040)="36382843cbf647a308387752cf206143902799f714d3da792af73a2f51252c2924ba2758ab0a48d458fbe6a143f7d73b7035e954be54776dfb99d2e4055cbc993ef0467a8d1339bfea", 0xfd, 0x0, 0x0, 0x0, 0x0}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000080)={0xbc}) 1.309473624s ago: executing program 2 (id=6691): mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) open(0x0, 0x261c2, 0x84) 1.250655471s ago: executing program 1 (id=6692): mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/memory/memory15/valid_zones\x00', 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r0, 0x0, 0x9) openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$auto(0x3, 0x0, 0xfdef) 1.241544282s ago: executing program 3 (id=6693): ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mprotect$auto(0x0, 0x806121, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) prctl$auto_PR_SET_DUMPABLE(0x4, 0x4, 0x1, 0x5b18, 0x3a) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 1.134295529s ago: executing program 2 (id=6694): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x1c, r3, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x4000000) sendmsg$auto_ILA_CMD_ADD(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x54, r1, 0x201, 0x70bd28, 0x25dfdc03, {}, [@ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x8}, @ILA_ATTR_LOCATOR={0xc, 0x1, 0x1c}, @ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x9}, @ILA_ATTR_IFINDEX={0x8, 0x4, r4}, @ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x9}, @ILA_ATTR_IFINDEX={0x8, 0x4, r4}, @ILA_ATTR_LOCATOR={0xc, 0x1, 0x6}]}, 0x54}, 0x1, 0x0, 0x0, 0x8080}, 0x38) 1.047273327s ago: executing program 0 (id=6695): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 1.036968257s ago: executing program 1 (id=6696): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1}, 0x6a) sendto$auto(r0, 0x0, 0x6fffff9, 0xfffffff8, &(0x7f0000000440)=@can, 0x36) 971.98872ms ago: executing program 2 (id=6697): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="f21e8858", @ANYBLOB="1e00df45"], 0x1ac}}, 0x4010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='\t\x00\x00\x00', @ANYBLOB="1e00df"], 0x1ac}, 0x1, 0x0, 0x0, 0x5}, 0x40000d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='f'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) 845.55479ms ago: executing program 2 (id=6698): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x30, 0x0, 0x1b, 0x70bd26, 0x25dfcbfc, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x18, 0x3, 0x0, 0x1, [@nested={0x14, 0x11, 0x0, 0x1, [@nested={0x10, 0xf2, 0x0, 0x1, [@typed={0xc, 0x3, 0x0, 0x0, @u64=0xffffffffffffffff}]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4044}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0xfffffffffffffda7, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x0, 0x3b, 0xeb57}, @BATADV_ATTR_TT_TTVN={0x5, 0x11, 0xee}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!'], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 725.764056ms ago: executing program 2 (id=6699): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) sendto$auto(0x3, 0x0, 0x13, 0x7, 0x0, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(0x3, 0x0, 0x55) 516.910973ms ago: executing program 0 (id=6700): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x80000001, 0xfffffffffffffffd, 0x100, 0x0, 0x0, 0x0, 0xffffffffffffff91, 0xfd3, 0x2, 0xec, 0x0, 0x81, 0x8, 0x2, 0xfffffffffffffff8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 463.832968ms ago: executing program 3 (id=6701): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/netdevsim3/sriov_numvfs\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r0, 0x5, 0x8) io_uring_setup$auto(0xf, 0x0) io_uring_register$auto(0x2, 0x13, &(0x7f0000000000), 0x2) 352.352489ms ago: executing program 2 (id=6702): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/ptp/ptp0/max_adjustment\x00', 0x168040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) dup2$auto(r0, r1) 320.757936ms ago: executing program 3 (id=6703): mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) open(0x0, 0x261c2, 0x84) 190.944277ms ago: executing program 3 (id=6704): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) 0s ago: executing program 3 (id=6705): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya6\x00', 0x40001, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) getsockopt$auto(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r0, 0x89f2, r0) kernel console output (not intermixed with test programs): e [ 636.963245][T19657] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5289'. [ 636.973968][T19654] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 636.982047][T19654] IPv6: NLM_F_CREATE should be set when creating new route [ 636.989371][T19654] IPv6: NLM_F_CREATE should be set when creating new route [ 637.672291][T19669] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5295'. [ 637.925059][T19671] zswap: compressor not available [ 638.938370][T19701] mkiss: ax0: crc mode is auto. [ 639.151633][T19706] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5304'. [ 639.362873][T19708] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5305'. [ 640.487338][T19724] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5314'. [ 640.583948][T19734] ovs_: entered promiscuous mode [ 641.390927][T19749] zswap: compressor not available [ 643.373299][T19777] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5331'. [ 644.580207][T19812] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5346'. [ 644.593519][T19812] IPv6: NLM_F_CREATE should be specified when creating new route [ 644.618118][T19812] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 644.625460][T19812] IPv6: NLM_F_CREATE should be set when creating new route [ 644.632773][T19812] IPv6: NLM_F_CREATE should be set when creating new route [ 645.204275][T19828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5353'. [ 645.895140][T19846] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5358'. [ 645.932614][T19846] netlink: 13 bytes leftover after parsing attributes in process `syz.3.5358'. [ 646.236227][T19859] ovs_: entered promiscuous mode [ 646.602722][T19862] zswap: compressor not available [ 647.025497][T19879] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5369'. [ 647.050979][T19879] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5369'. [ 647.084892][T19877] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5368'. [ 647.140753][T19882] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5370'. [ 649.030473][T19915] netlink: 350 bytes leftover after parsing attributes in process `syz.3.5383'. [ 649.049556][T19918] netlink: 'syz.1.5390': attribute type 4 has an invalid length. [ 649.057349][T19918] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5390'. [ 649.255947][T19920] netlink: 504 bytes leftover after parsing attributes in process `syz.3.5384'. [ 649.294970][T19925] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5385'. [ 649.577964][T19931] netlink: 338 bytes leftover after parsing attributes in process `syz.0.5397'. [ 650.813445][T19947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5394'. [ 651.818105][T19969] netlink: 'syz.0.5404': attribute type 27 has an invalid length. [ 651.859722][T19969] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5404'. [ 652.218226][T19980] netlink: 198 bytes leftover after parsing attributes in process `syz.1.5407'. [ 652.737408][T19985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5409'. [ 653.671201][T20010] netlink: 'syz.1.5419': attribute type 14 has an invalid length. [ 653.684316][T20010] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5419'. [ 654.432291][T20030] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5425'. [ 655.014507][T20043] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5431'. [ 655.200187][T20044] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5430'. [ 655.601197][T20063] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5438'. [ 656.286801][T20088] netlink: 'syz.2.5448': attribute type 4 has an invalid length. [ 656.320474][T20088] netlink: 'syz.2.5448': attribute type 4 has an invalid length. [ 656.383676][T20092] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5449'. [ 656.421712][T20092] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5449'. [ 657.266287][T20120] FAULT_INJECTION: forcing a failure. [ 657.266287][T20120] name failslab, interval 1, probability 0, space 0, times 0 [ 657.279499][T20120] CPU: 1 UID: 0 PID: 20120 Comm: syz.0.5461 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 657.279574][T20120] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 657.279592][T20120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 657.279610][T20120] Call Trace: [ 657.279620][T20120] [ 657.279631][T20120] dump_stack_lvl+0x100/0x190 [ 657.279683][T20120] should_fail_ex.cold+0x5/0xa [ 657.279718][T20120] should_failslab+0xc2/0x120 [ 657.279743][T20120] __kmalloc_cache_noprof+0x7a/0x6f0 [ 657.279773][T20120] ? __do_sys_timerfd_create+0x1c9/0x3f0 [ 657.279812][T20120] __do_sys_timerfd_create+0x1c9/0x3f0 [ 657.279841][T20120] ? do_syscall_64+0x95/0xf80 [ 657.279872][T20120] do_syscall_64+0x106/0xf80 [ 657.279898][T20120] ? clear_bhb_loop+0x40/0x90 [ 657.279928][T20120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.279952][T20120] RIP: 0033:0x7f6c97d9c799 [ 657.279971][T20120] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 657.279993][T20120] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 657.280017][T20120] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 657.280032][T20120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 657.280045][T20120] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 657.280058][T20120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.280072][T20120] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 657.280101][T20120] [ 657.939474][T20135] netlink: 322 bytes leftover after parsing attributes in process `syz.0.5466'. [ 658.285535][T20159] netlink: 'syz.2.5478': attribute type 64 has an invalid length. [ 658.294093][T20159] netlink: 74 bytes leftover after parsing attributes in process `syz.2.5478'. [ 658.575312][T20175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5485'. [ 658.590757][T20175] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5485'. [ 658.826168][T20177] zswap: compressor not available [ 658.942669][T20194] netlink: 'syz.2.5492': attribute type 27 has an invalid length. [ 659.431976][T20207] ERROR: Out of memory at tomoyo_memory_ok. [ 659.990448][T20231] __nla_validate_parse: 2 callbacks suppressed [ 659.990472][T20231] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5505'. [ 660.206709][T20241] FAULT_INJECTION: forcing a failure. [ 660.206709][T20241] name failslab, interval 1, probability 0, space 0, times 0 [ 660.249931][T20241] CPU: 1 UID: 0 PID: 20241 Comm: syz.1.5509 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 660.250001][T20241] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 660.250019][T20241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 660.250037][T20241] Call Trace: [ 660.250047][T20241] [ 660.250059][T20241] dump_stack_lvl+0x100/0x190 [ 660.250112][T20241] should_fail_ex.cold+0x5/0xa [ 660.250150][T20241] should_failslab+0xc2/0x120 [ 660.250183][T20241] __kmalloc_cache_noprof+0x7a/0x6f0 [ 660.250223][T20241] ? snd_virmidi_output_open+0xc4/0x670 [ 660.250280][T20241] snd_virmidi_output_open+0xc4/0x670 [ 660.250331][T20241] open_substream+0x480/0x9e0 [ 660.250367][T20241] rawmidi_open_priv+0x595/0x6f0 [ 660.250407][T20241] snd_rawmidi_open+0x4c9/0xba0 [ 660.250449][T20241] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 660.250486][T20241] ? __pfx_default_wake_function+0x10/0x10 [ 660.250520][T20241] ? soundcore_open+0x231/0x5a0 [ 660.250570][T20241] ? soundcore_open+0x231/0x5a0 [ 660.250619][T20241] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 660.250656][T20241] soundcore_open+0x2e3/0x5a0 [ 660.250704][T20241] ? __pfx_soundcore_open+0x10/0x10 [ 660.250747][T20241] chrdev_open+0x234/0x6a0 [ 660.250780][T20241] ? __pfx_chrdev_open+0x10/0x10 [ 660.250813][T20241] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 660.250852][T20241] do_dentry_open+0x6d8/0x1660 [ 660.250883][T20241] ? __pfx_chrdev_open+0x10/0x10 [ 660.250925][T20241] vfs_open+0x82/0x3f0 [ 660.250967][T20241] path_openat+0x208c/0x31a0 [ 660.251013][T20241] ? __pfx_path_openat+0x10/0x10 [ 660.251062][T20241] do_file_open+0x20e/0x430 [ 660.251098][T20241] ? __pfx_do_file_open+0x10/0x10 [ 660.251160][T20241] ? alloc_fd+0x476/0x790 [ 660.251196][T20241] ? do_getname+0x191/0x390 [ 660.251239][T20241] do_sys_openat2+0x10d/0x1e0 [ 660.251279][T20241] ? __pfx_do_sys_openat2+0x10/0x10 [ 660.251323][T20241] ? __fget_files+0x21f/0x3d0 [ 660.251361][T20241] __x64_sys_openat+0x12d/0x210 [ 660.251402][T20241] ? __pfx___x64_sys_openat+0x10/0x10 [ 660.251459][T20241] do_syscall_64+0x106/0xf80 [ 660.251497][T20241] ? clear_bhb_loop+0x40/0x90 [ 660.251535][T20241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.251577][T20241] RIP: 0033:0x7f13e1d9c799 [ 660.251604][T20241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 660.251636][T20241] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 660.251667][T20241] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 660.251688][T20241] RDX: 0000000000060c01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 660.251709][T20241] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 660.251727][T20241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 660.251746][T20241] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 660.251789][T20241] [ 660.664023][T20252] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5514'. [ 662.115874][T20297] futex_wake_op: syz.2.5529 tries to shift op by -2048; fix this program [ 662.160684][T20297] futex_wake_op: syz.2.5529 tries to shift op by -2048; fix this program [ 662.464265][T20307] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5534'. [ 663.278867][T20335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 665.186037][T20399] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5569'. [ 665.762250][T20410] mkiss: ax0: crc mode is auto. [ 665.784006][T20413] netlink: 'syz.2.5574': attribute type 21 has an invalid length. [ 665.813440][T20413] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5574'. [ 665.999309][T20423] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5577'. [ 666.121299][T20422] netlink: 86 bytes leftover after parsing attributes in process `syz.2.5578'. [ 666.240368][T20429] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5580'. [ 666.277383][T20434] FAULT_INJECTION: forcing a failure. [ 666.277383][T20434] name failslab, interval 1, probability 0, space 0, times 0 [ 666.291626][T20434] CPU: 0 UID: 0 PID: 20434 Comm: syz.1.5583 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 666.291697][T20434] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 666.291717][T20434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 666.291737][T20434] Call Trace: [ 666.291748][T20434] [ 666.291761][T20434] dump_stack_lvl+0x100/0x190 [ 666.291815][T20434] should_fail_ex.cold+0x5/0xa [ 666.291856][T20434] should_failslab+0xc2/0x120 [ 666.291891][T20434] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 666.291937][T20434] ? __pmd_alloc+0xbf/0x9c0 [ 666.291982][T20434] __pmd_alloc+0xbf/0x9c0 [ 666.292015][T20434] ? mt_find+0x687/0x8e0 [ 666.292060][T20434] huge_pte_alloc+0x5ee/0x730 [ 666.292104][T20434] hugetlb_fault+0x363/0x1450 [ 666.292151][T20434] ? __pfx_hugetlb_fault+0x10/0x10 [ 666.292209][T20434] ? find_vma+0xbf/0x140 [ 666.292239][T20434] ? __pfx_find_vma+0x10/0x10 [ 666.292275][T20434] handle_mm_fault+0x5f1/0xa20 [ 666.292326][T20434] do_user_addr_fault+0x74c/0x12f0 [ 666.292390][T20434] exc_page_fault+0x6f/0xd0 [ 666.292430][T20434] asm_exc_page_fault+0x26/0x30 [ 666.292461][T20434] RIP: 0010:__put_user_4+0xd/0x20 [ 666.292499][T20434] Code: 66 89 01 31 c9 0f 01 ca e9 c0 d0 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 97 d0 03 00 0f 1f 80 00 00 00 00 90 90 90 [ 666.292538][T20434] RSP: 0018:ffffc900049c7e58 EFLAGS: 00050202 [ 666.292564][T20434] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000007 [ 666.292584][T20434] RDX: 0000000000000000 RSI: ffffffff8255f311 RDI: ffff88807948c2dc [ 666.292604][T20434] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000000001c9 [ 666.292623][T20434] R10: 0000000000000200 R11: 0000000000000000 R12: 1ffff92000938fce [ 666.292643][T20434] R13: 0000000000000007 R14: 0000000000000000 R15: dffffc0000000000 [ 666.292677][T20434] ? __might_fault+0x111/0x140 [ 666.292728][T20434] __do_sys_prctl+0xd67/0x2330 [ 666.292777][T20434] ? __pfx___do_sys_prctl+0x10/0x10 [ 666.292834][T20434] do_syscall_64+0x106/0xf80 [ 666.292871][T20434] ? clear_bhb_loop+0x40/0x90 [ 666.292912][T20434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.292945][T20434] RIP: 0033:0x7f13e1d9c799 [ 666.292971][T20434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 666.292999][T20434] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 666.293026][T20434] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 666.293046][T20434] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000002 [ 666.293063][T20434] RBP: 00007f13e1e32bd9 R08: 0000000000000001 R09: 0000000000000000 [ 666.293081][T20434] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 666.293098][T20434] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 666.293139][T20434] [ 668.212698][T20467] netlink: 338 bytes leftover after parsing attributes in process `syz.0.5595'. [ 669.739724][T20506] Loading of unsigned module is rejected [ 670.857782][T20539] FAULT_INJECTION: forcing a failure. [ 670.857782][T20539] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 670.869748][T20547] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5626'. [ 670.918754][T20539] CPU: 0 UID: 0 PID: 20539 Comm: syz.0.5625 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 670.918838][T20539] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 670.918857][T20539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 670.918877][T20539] Call Trace: [ 670.918889][T20539] [ 670.918902][T20539] dump_stack_lvl+0x100/0x190 [ 670.918958][T20539] should_fail_ex.cold+0x5/0xa [ 670.918990][T20539] ? page_copy_sane+0x17c/0x2d0 [ 670.919044][T20539] copy_folio_from_iter_atomic+0x427/0x1e70 [ 670.919085][T20539] ? rcu_is_watching+0x12/0xc0 [ 670.919145][T20539] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 670.919180][T20539] ? shmem_write_begin+0x1ba/0x420 [ 670.919233][T20539] ? __pfx_shmem_write_begin+0x10/0x10 [ 670.919284][T20539] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 670.919330][T20539] generic_perform_write+0x4cb/0xa40 [ 670.919389][T20539] ? __pfx_generic_perform_write+0x10/0x10 [ 670.919441][T20539] ? file_update_time_flags+0x373/0x500 [ 670.919487][T20539] shmem_file_write_iter+0x10e/0x140 [ 670.919523][T20539] vfs_write+0x6ac/0x1070 [ 670.919574][T20539] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 670.919613][T20539] ? __pfx_vfs_write+0x10/0x10 [ 670.919691][T20539] ksys_write+0x12a/0x250 [ 670.919741][T20539] ? __pfx_ksys_write+0x10/0x10 [ 670.919818][T20539] do_syscall_64+0x106/0xf80 [ 670.919856][T20539] ? clear_bhb_loop+0x40/0x90 [ 670.919896][T20539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.919929][T20539] RIP: 0033:0x7f6c97d9c799 [ 670.919957][T20539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 670.919990][T20539] RSP: 002b:00007f6c98ccc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 670.920022][T20539] RAX: ffffffffffffffda RBX: 00007f6c98016090 RCX: 00007f6c97d9c799 [ 670.920045][T20539] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 670.920064][T20539] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 670.920084][T20539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.920103][T20539] R13: 00007f6c98016128 R14: 00007f6c98016090 R15: 00007ffd740d9858 [ 670.920147][T20539] [ 671.693168][T20555] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5631'. [ 672.170174][T20563] netlink: 21 bytes leftover after parsing attributes in process `syz.2.5635'. [ 672.299295][T20571] FAULT_INJECTION: forcing a failure. [ 672.299295][T20571] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 672.313592][T20571] CPU: 0 UID: 0 PID: 20571 Comm: syz.1.5637 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 672.313659][T20571] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 672.313675][T20571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 672.313693][T20571] Call Trace: [ 672.313703][T20571] [ 672.313715][T20571] dump_stack_lvl+0x100/0x190 [ 672.313766][T20571] should_fail_ex.cold+0x5/0xa [ 672.313796][T20571] ? prepare_alloc_pages+0x16d/0x5f0 [ 672.313834][T20571] should_fail_alloc_page+0xeb/0x140 [ 672.313872][T20571] prepare_alloc_pages+0x1f0/0x5f0 [ 672.313915][T20571] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 672.313981][T20571] ? find_held_lock+0x2b/0x80 [ 672.314011][T20571] ? is_bpf_text_address+0x8a/0x1a0 [ 672.314056][T20571] ? is_bpf_text_address+0x8a/0x1a0 [ 672.314103][T20571] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 672.314151][T20571] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 672.314186][T20571] ? is_bpf_text_address+0x94/0x1a0 [ 672.314232][T20571] ? kernel_text_address+0x8d/0x100 [ 672.314278][T20571] ? __kernel_text_address+0xd/0x30 [ 672.314324][T20571] ? unwind_get_return_address+0x59/0xa0 [ 672.314376][T20571] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 672.314441][T20571] ? policy_nodemask+0xed/0x4f0 [ 672.314480][T20571] alloc_pages_mpol+0x1fb/0x550 [ 672.314525][T20571] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 672.314559][T20571] ? kasan_save_stack+0x30/0x50 [ 672.314604][T20571] ? kasan_save_track+0x14/0x30 [ 672.314650][T20571] ? __kasan_kmalloc+0xaa/0xb0 [ 672.314691][T20571] ? __get_vm_area_node+0x101/0x330 [ 672.314725][T20571] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 672.314770][T20571] alloc_pages_noprof+0x131/0x390 [ 672.314804][T20571] get_free_pages_noprof+0x10/0xb0 [ 672.314836][T20571] __kasan_populate_vmalloc+0xa0/0x210 [ 672.314893][T20571] alloc_vmap_area+0x95d/0x2bd0 [ 672.314946][T20571] ? __pfx_alloc_vmap_area+0x10/0x10 [ 672.314992][T20571] __get_vm_area_node+0x1ca/0x330 [ 672.315037][T20571] __vmalloc_node_range_noprof+0x213/0x1530 [ 672.315079][T20571] ? n_tty_open+0x1a/0x170 [ 672.315124][T20571] ? do_raw_spin_lock+0x128/0x260 [ 672.315170][T20571] ? look_up_lock_class+0x64/0x120 [ 672.315216][T20571] ? n_tty_open+0x1a/0x170 [ 672.315273][T20571] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 672.315314][T20571] ? __ldsem_down_write_nested+0xfd/0x830 [ 672.315359][T20571] ? __ldsem_down_write_nested+0x10e/0x830 [ 672.315404][T20571] ? look_up_lock_class+0x55/0x120 [ 672.315449][T20571] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 672.315505][T20571] ? n_tty_open+0x1a/0x170 [ 672.315557][T20571] __vmalloc_node_noprof+0xad/0xf0 [ 672.315596][T20571] ? n_tty_open+0x1a/0x170 [ 672.315644][T20571] ? __pfx_n_tty_open+0x10/0x10 [ 672.315690][T20571] n_tty_open+0x1a/0x170 [ 672.315737][T20571] tty_ldisc_open+0xa2/0x120 [ 672.315773][T20571] tty_ldisc_setup+0x40/0xf0 [ 672.315811][T20571] tty_init_dev.part.0+0x1b5/0x470 [ 672.315861][T20571] tty_init_dev+0x60/0x80 [ 672.315906][T20571] ptmx_open+0x15e/0x3c0 [ 672.315938][T20571] ? __pfx_ptmx_open+0x10/0x10 [ 672.315970][T20571] chrdev_open+0x234/0x6a0 [ 672.316002][T20571] ? __pfx_apparmor_file_open+0x10/0x10 [ 672.316056][T20571] ? __pfx_chrdev_open+0x10/0x10 [ 672.316092][T20571] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 672.316136][T20571] do_dentry_open+0x6d8/0x1660 [ 672.316166][T20571] ? __pfx_chrdev_open+0x10/0x10 [ 672.316210][T20571] vfs_open+0x82/0x3f0 [ 672.316256][T20571] path_openat+0x208c/0x31a0 [ 672.316304][T20571] ? __pfx_path_openat+0x10/0x10 [ 672.316354][T20571] do_file_open+0x20e/0x430 [ 672.316398][T20571] ? __pfx_do_file_open+0x10/0x10 [ 672.316472][T20571] ? alloc_fd+0x476/0x790 [ 672.316510][T20571] ? do_getname+0x191/0x390 [ 672.316562][T20571] do_sys_openat2+0x10d/0x1e0 [ 672.316605][T20571] ? __pfx_do_sys_openat2+0x10/0x10 [ 672.316649][T20571] ? __fget_files+0x21f/0x3d0 [ 672.316689][T20571] __x64_sys_openat+0x12d/0x210 [ 672.316732][T20571] ? __pfx___x64_sys_openat+0x10/0x10 [ 672.316792][T20571] do_syscall_64+0x106/0xf80 [ 672.316836][T20571] ? clear_bhb_loop+0x40/0x90 [ 672.316877][T20571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.316910][T20571] RIP: 0033:0x7f13e1d9c799 [ 672.316938][T20571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 672.316970][T20571] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 672.317001][T20571] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 672.317024][T20571] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 672.317044][T20571] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 672.317065][T20571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.317084][T20571] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 672.317129][T20571] [ 672.317362][T20571] syz.1.5637: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 672.849764][T20571] CPU: 0 UID: 0 PID: 20571 Comm: syz.1.5637 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 672.849824][T20571] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 672.849841][T20571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 672.849858][T20571] Call Trace: [ 672.849869][T20571] [ 672.849880][T20571] dump_stack_lvl+0x100/0x190 [ 672.849929][T20571] warn_alloc.cold+0x95/0x1c1 [ 672.849978][T20571] ? __pfx_warn_alloc+0x10/0x10 [ 672.850021][T20571] ? lockdep_hardirqs_on+0x78/0x100 [ 672.850067][T20571] ? __get_vm_area_node+0x2c5/0x330 [ 672.850113][T20571] ? __get_vm_area_node+0x208/0x330 [ 672.850157][T20571] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 672.850195][T20571] ? do_raw_spin_lock+0x128/0x260 [ 672.850239][T20571] ? look_up_lock_class+0x64/0x120 [ 672.850283][T20571] ? n_tty_open+0x1a/0x170 [ 672.850337][T20571] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 672.850376][T20571] ? __ldsem_down_write_nested+0xfd/0x830 [ 672.850420][T20571] ? __ldsem_down_write_nested+0x10e/0x830 [ 672.850464][T20571] ? look_up_lock_class+0x55/0x120 [ 672.850518][T20571] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 672.850577][T20571] ? n_tty_open+0x1a/0x170 [ 672.850620][T20571] __vmalloc_node_noprof+0xad/0xf0 [ 672.850663][T20571] ? n_tty_open+0x1a/0x170 [ 672.850709][T20571] ? __pfx_n_tty_open+0x10/0x10 [ 672.850754][T20571] n_tty_open+0x1a/0x170 [ 672.850795][T20571] tty_ldisc_open+0xa2/0x120 [ 672.850829][T20571] tty_ldisc_setup+0x40/0xf0 [ 672.850874][T20571] tty_init_dev.part.0+0x1b5/0x470 [ 672.850921][T20571] tty_init_dev+0x60/0x80 [ 672.850964][T20571] ptmx_open+0x15e/0x3c0 [ 672.850994][T20571] ? __pfx_ptmx_open+0x10/0x10 [ 672.851026][T20571] chrdev_open+0x234/0x6a0 [ 672.851058][T20571] ? __pfx_apparmor_file_open+0x10/0x10 [ 672.851103][T20571] ? __pfx_chrdev_open+0x10/0x10 [ 672.851137][T20571] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 672.851181][T20571] do_dentry_open+0x6d8/0x1660 [ 672.851210][T20571] ? __pfx_chrdev_open+0x10/0x10 [ 672.851253][T20571] vfs_open+0x82/0x3f0 [ 672.851303][T20571] path_openat+0x208c/0x31a0 [ 672.851358][T20571] ? __pfx_path_openat+0x10/0x10 [ 672.851406][T20571] do_file_open+0x20e/0x430 [ 672.851443][T20571] ? __pfx_do_file_open+0x10/0x10 [ 672.851517][T20571] ? alloc_fd+0x476/0x790 [ 672.851554][T20571] ? do_getname+0x191/0x390 [ 672.851598][T20571] do_sys_openat2+0x10d/0x1e0 [ 672.851641][T20571] ? __pfx_do_sys_openat2+0x10/0x10 [ 672.851684][T20571] ? __fget_files+0x21f/0x3d0 [ 672.851723][T20571] __x64_sys_openat+0x12d/0x210 [ 672.851763][T20571] ? __pfx___x64_sys_openat+0x10/0x10 [ 672.851820][T20571] do_syscall_64+0x106/0xf80 [ 672.851857][T20571] ? clear_bhb_loop+0x40/0x90 [ 672.851893][T20571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.851925][T20571] RIP: 0033:0x7f13e1d9c799 [ 672.851952][T20571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 672.851981][T20571] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 672.852012][T20571] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 672.852033][T20571] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 672.852051][T20571] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 672.852069][T20571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.852095][T20571] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 672.852139][T20571] [ 672.852151][T20571] Mem-Info: [ 673.228932][T20571] active_anon:13407 inactive_anon:618 isolated_anon:0 [ 673.228932][T20571] active_file:16791 inactive_file:40317 isolated_file:0 [ 673.228932][T20571] unevictable:768 dirty:351 writeback:0 [ 673.228932][T20571] slab_reclaimable:12400 slab_unreclaimable:91994 [ 673.228932][T20571] mapped:24154 shmem:1362 pagetables:1340 [ 673.228932][T20571] sec_pagetables:0 bounce:0 [ 673.228932][T20571] kernel_misc_reclaimable:0 [ 673.228932][T20571] free:1301342 free_pcp:27664 free_cma:0 [ 673.274759][T20571] Node 0 active_anon:53628kB inactive_anon:2472kB active_file:67132kB inactive_file:161060kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96612kB dirty:1404kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11008kB pagetables:5208kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 673.315002][T20571] Node 1 active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 673.351122][T20571] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 673.382541][T20571] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 673.393256][T20571] Node 0 DMA32 free:1260012kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:53628kB inactive_anon:2472kB active_file:67132kB inactive_file:161060kB unevictable:1536kB writepending:1404kB zspages:760kB present:3129332kB managed:2537404kB mlocked:0kB bounce:0kB free_pcp:98784kB local_pcp:52540kB free_cma:0kB [ 673.481147][T20571] lowmem_reserve[]: 0 0 1 1 1 [ 673.495691][T20571] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 673.559655][T20571] lowmem_reserve[]: 0 0 0 0 0 [ 673.564605][T20571] Node 1 Normal free:3930096kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:32kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:12132kB local_pcp:0kB free_cma:0kB [ 673.606442][T20571] lowmem_reserve[]: 0 0 0 0 0 [ 673.614187][T20571] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 673.627903][T20571] Node 0 DMA32: 4152*4kB (UM) 4694*8kB (UM) 2692*16kB (UM) 931*32kB (UM) 213*64kB (UME) 65*128kB (UM) 228*256kB (UM) 133*512kB (UME) 66*1024kB (UME) 20*2048kB (UME) 214*4096kB (UM) = 1260528kB [ 673.648194][T20571] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 673.663117][T20571] Node 1 Normal: 2*4kB (UE) 3*8kB (UME) 7*16kB (UME) 13*32kB (UME) 13*64kB (UME) 7*128kB (UE) 1*256kB (U) 1*512kB (E) 1*1024kB (M) 3*2048kB (UME) 957*4096kB (UM) = 3930096kB [ 673.686698][T20571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 673.703285][T20571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 673.713201][T20571] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 673.723685][T20571] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 673.735138][T20571] 59194 total pagecache pages [ 673.740095][T20571] 728 pages in swap cache [ 673.744673][T20571] Free swap = 89636kB [ 673.750496][T20571] Total swap = 124996kB [ 673.754699][T20571] 2097051 pages RAM [ 673.759900][T20571] 0 pages HighMem/MovableOnly [ 673.764609][T20571] 430820 pages reserved [ 673.768969][T20571] 0 pages cma reserved [ 673.773253][T20571] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 675.348054][T20625] netlink: 206 bytes leftover after parsing attributes in process `syz.2.5659'. [ 675.575672][T20631] netlink: 'syz.1.5662': attribute type 33 has an invalid length. [ 675.604754][T20631] netlink: 322 bytes leftover after parsing attributes in process `syz.1.5662'. [ 675.681747][T20633] FAULT_INJECTION: forcing a failure. [ 675.681747][T20633] name failslab, interval 1, probability 0, space 0, times 0 [ 675.772198][T20633] CPU: 1 UID: 0 PID: 20633 Comm: syz.0.5661 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 675.772271][T20633] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 675.772290][T20633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 675.772310][T20633] Call Trace: [ 675.772322][T20633] [ 675.772335][T20633] dump_stack_lvl+0x100/0x190 [ 675.772391][T20633] should_fail_ex.cold+0x5/0xa [ 675.772429][T20633] ? argv_split+0x173/0x420 [ 675.772462][T20633] should_failslab+0xc2/0x120 [ 675.772497][T20633] __kmalloc_noprof+0xe0/0x850 [ 675.772544][T20633] ? __asan_memcpy+0x3c/0x60 [ 675.772594][T20633] argv_split+0x173/0x420 [ 675.772631][T20633] ? __pfx___trace_uprobe_create+0x10/0x10 [ 675.772668][T20633] trace_probe_create+0x7d/0x100 [ 675.772717][T20633] ? __pfx_trace_probe_create+0x10/0x10 [ 675.772785][T20633] create_dyn_event+0xee/0x1d0 [ 675.772830][T20633] trace_parse_run_command+0x1ab/0x3b0 [ 675.772879][T20633] ? __pfx_create_dyn_event+0x10/0x10 [ 675.772925][T20633] vfs_write+0x2aa/0x1070 [ 675.772978][T20633] ? __pfx_dyn_event_write+0x10/0x10 [ 675.773023][T20633] ? __pfx_vfs_write+0x10/0x10 [ 675.773072][T20633] ? __fget_files+0x215/0x3d0 [ 675.773120][T20633] ? __fget_files+0x21f/0x3d0 [ 675.773162][T20633] ksys_write+0x12a/0x250 [ 675.773213][T20633] ? __pfx_ksys_write+0x10/0x10 [ 675.773276][T20633] do_syscall_64+0x106/0xf80 [ 675.773316][T20633] ? clear_bhb_loop+0x40/0x90 [ 675.773358][T20633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.773393][T20633] RIP: 0033:0x7f6c97d9c799 [ 675.773421][T20633] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 675.773453][T20633] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 675.773486][T20633] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 675.773508][T20633] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000005 [ 675.773527][T20633] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 675.773546][T20633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.773565][T20633] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 675.773609][T20633] [ 676.062927][T20631] netlink: 'syz.1.5662': attribute type 33 has an invalid length. [ 676.075175][T20631] netlink: 322 bytes leftover after parsing attributes in process `syz.1.5662'. [ 677.194797][T20655] mkiss: ax0: crc mode is auto. [ 677.794806][T20677] netlink: 74 bytes leftover after parsing attributes in process `syz.1.5675'. [ 678.438170][T20690] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5683'. [ 679.055097][T20691] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 679.068827][T20691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 679.130172][T20691] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 679.164322][T20691] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 680.471213][ T5140] Bluetooth: hci0: command 0x2016 tx timeout [ 681.080245][T20728] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5699'. [ 681.119654][ T5140] Bluetooth: hci1: command 0x0406 tx timeout [ 681.195329][ T5140] Bluetooth: hci3: command 0x0406 tx timeout [ 681.201504][ T5140] Bluetooth: hci2: command 0x0406 tx timeout [ 682.113043][T20754] FAULT_INJECTION: forcing a failure. [ 682.113043][T20754] name failslab, interval 1, probability 0, space 0, times 0 [ 682.133893][T20754] CPU: 1 UID: 0 PID: 20754 Comm: syz.1.5707 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 682.133964][T20754] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 682.133984][T20754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 682.134004][T20754] Call Trace: [ 682.134015][T20754] [ 682.134028][T20754] dump_stack_lvl+0x100/0x190 [ 682.134081][T20754] should_fail_ex.cold+0x5/0xa [ 682.134120][T20754] should_failslab+0xc2/0x120 [ 682.134155][T20754] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 682.134201][T20754] ? seq_open+0x55/0x170 [ 682.134252][T20754] seq_open+0x55/0x170 [ 682.134294][T20754] __seq_open_private+0x3e/0xd0 [ 682.134342][T20754] tracing_open+0x2a8/0xef0 [ 682.134389][T20754] do_dentry_open+0x6d8/0x1660 [ 682.134422][T20754] ? __pfx_tracing_open+0x10/0x10 [ 682.134470][T20754] vfs_open+0x82/0x3f0 [ 682.134515][T20754] path_openat+0x208c/0x31a0 [ 682.134562][T20754] ? __pfx_path_openat+0x10/0x10 [ 682.134611][T20754] do_file_open+0x20e/0x430 [ 682.134648][T20754] ? __pfx_do_file_open+0x10/0x10 [ 682.134711][T20754] ? alloc_fd+0x476/0x790 [ 682.134747][T20754] ? do_getname+0x191/0x390 [ 682.134801][T20754] do_sys_openat2+0x10d/0x1e0 [ 682.134850][T20754] ? __pfx_do_sys_openat2+0x10/0x10 [ 682.134896][T20754] ? __fget_files+0x21f/0x3d0 [ 682.134936][T20754] __x64_sys_openat+0x12d/0x210 [ 682.134981][T20754] ? __pfx___x64_sys_openat+0x10/0x10 [ 682.135040][T20754] do_syscall_64+0x106/0xf80 [ 682.135077][T20754] ? clear_bhb_loop+0x40/0x90 [ 682.135117][T20754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.135151][T20754] RIP: 0033:0x7f13e1d9c799 [ 682.135179][T20754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 682.135211][T20754] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 682.135245][T20754] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 682.135267][T20754] RDX: 1a6b75d638929210 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 682.135288][T20754] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 682.135309][T20754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.135328][T20754] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 682.135373][T20754] [ 682.814921][T20763] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5709'. [ 684.824151][T20786] ERROR: Out of memory at tomoyo_memory_ok. [ 685.307078][T20802] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5730'. [ 685.413926][T20805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5722'. [ 685.482660][T20795] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5723'. [ 685.992490][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.999067][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.734418][T20835] FAULT_INJECTION: forcing a failure. [ 686.734418][T20835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 686.805287][T20835] CPU: 0 UID: 0 PID: 20835 Comm: syz.3.5734 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 686.805356][T20835] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 686.805373][T20835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 686.805391][T20835] Call Trace: [ 686.805401][T20835] [ 686.805414][T20835] dump_stack_lvl+0x100/0x190 [ 686.805462][T20835] should_fail_ex.cold+0x5/0xa [ 686.805491][T20835] ? page_copy_sane+0x17c/0x2d0 [ 686.805538][T20835] copy_folio_from_iter_atomic+0x427/0x1e70 [ 686.805575][T20835] ? rcu_is_watching+0x12/0xc0 [ 686.805639][T20835] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 686.805670][T20835] ? shmem_write_begin+0x1ba/0x420 [ 686.805715][T20835] ? __pfx_shmem_write_begin+0x10/0x10 [ 686.805760][T20835] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 686.805802][T20835] generic_perform_write+0x4cb/0xa40 [ 686.805858][T20835] ? __pfx_generic_perform_write+0x10/0x10 [ 686.805904][T20835] ? file_update_time_flags+0x373/0x500 [ 686.805945][T20835] shmem_file_write_iter+0x10e/0x140 [ 686.805979][T20835] vfs_write+0x6ac/0x1070 [ 686.806023][T20835] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 686.806057][T20835] ? __pfx_vfs_write+0x10/0x10 [ 686.806126][T20835] ksys_write+0x12a/0x250 [ 686.806171][T20835] ? __pfx_ksys_write+0x10/0x10 [ 686.806228][T20835] do_syscall_64+0x106/0xf80 [ 686.806261][T20835] ? clear_bhb_loop+0x40/0x90 [ 686.806296][T20835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.806326][T20835] RIP: 0033:0x7fd18b79c799 [ 686.806351][T20835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 686.806380][T20835] RSP: 002b:00007fd18c6bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 686.806409][T20835] RAX: ffffffffffffffda RBX: 00007fd18ba16090 RCX: 00007fd18b79c799 [ 686.806428][T20835] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 686.806446][T20835] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 686.806463][T20835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.806480][T20835] R13: 00007fd18ba16128 R14: 00007fd18ba16090 R15: 00007fff9eb02a98 [ 686.806522][T20835] [ 687.140100][T20847] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5740'. [ 688.092861][T20867] netlink: 'syz.1.5746': attribute type 1 has an invalid length. [ 688.111159][T20867] netlink: 318 bytes leftover after parsing attributes in process `syz.1.5746'. [ 689.949006][T20905] FAULT_INJECTION: forcing a failure. [ 689.949006][T20905] name fail_futex, interval 1, probability 0, space 0, times 0 [ 689.968717][T20905] CPU: 1 UID: 0 PID: 20905 Comm: syz.1.5760 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 689.968796][T20905] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 689.968816][T20905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 689.968835][T20905] Call Trace: [ 689.968847][T20905] [ 689.968861][T20905] dump_stack_lvl+0x100/0x190 [ 689.968913][T20905] should_fail_ex.cold+0x5/0xa [ 689.968951][T20905] get_futex_key+0x1d2/0x1620 [ 689.968994][T20905] ? __pfx_get_futex_key+0x10/0x10 [ 689.969028][T20905] ? rcu_is_watching+0x12/0xc0 [ 689.969070][T20905] ? vfs_writev+0x1d5/0xe10 [ 689.969112][T20905] ? kfree+0x2ec/0x6b0 [ 689.969148][T20905] ? rw_verify_area+0xce/0x6d0 [ 689.969197][T20905] futex_wake+0xea/0x530 [ 689.969240][T20905] ? __pfx_futex_wake+0x10/0x10 [ 689.969300][T20905] do_futex+0x32b/0x350 [ 689.969342][T20905] ? __pfx_do_futex+0x10/0x10 [ 689.969387][T20905] ? __fget_files+0x21f/0x3d0 [ 689.969422][T20905] __x64_sys_futex+0x34f/0x4d0 [ 689.969470][T20905] ? __pfx___x64_sys_futex+0x10/0x10 [ 689.969511][T20905] ? __pfx_do_writev+0x10/0x10 [ 689.969569][T20905] do_syscall_64+0x106/0xf80 [ 689.969607][T20905] ? clear_bhb_loop+0x40/0x90 [ 689.969658][T20905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.969693][T20905] RIP: 0033:0x7f13e1d9c799 [ 689.969721][T20905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 689.969761][T20905] RSP: 002b:00007f13e2b870e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 689.969814][T20905] RAX: ffffffffffffffda RBX: 00007f13e2015fa8 RCX: 00007f13e1d9c799 [ 689.969843][T20905] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f13e2015fac [ 689.969879][T20905] RBP: 00007f13e2015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 689.969912][T20905] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 689.969932][T20905] R13: 00007f13e2016038 R14: 00007ffe77b72080 R15: 00007ffe77b72168 [ 689.969974][T20905] [ 690.843751][T20903] ERROR: Out of memory at tomoyo_memory_ok. [ 691.060663][T20923] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5774'. [ 691.216606][T20930] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5768'. [ 695.148954][T21005] FAULT_INJECTION: forcing a failure. [ 695.148954][T21005] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 695.178675][T21005] CPU: 1 UID: 0 PID: 21005 Comm: syz.1.5795 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 695.178745][T21005] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 695.178764][T21005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 695.178791][T21005] Call Trace: [ 695.178803][T21005] [ 695.178816][T21005] dump_stack_lvl+0x100/0x190 [ 695.178872][T21005] should_fail_ex.cold+0x5/0xa [ 695.178903][T21005] ? prepare_alloc_pages+0x16d/0x5f0 [ 695.178946][T21005] should_fail_alloc_page+0xeb/0x140 [ 695.178984][T21005] prepare_alloc_pages+0x1f0/0x5f0 [ 695.179020][T21005] ? bpf_ksym_find+0x124/0x1c0 [ 695.179063][T21005] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 695.179117][T21005] ? __kernel_text_address+0xd/0x30 [ 695.179164][T21005] ? unwind_get_return_address+0x59/0xa0 [ 695.179199][T21005] ? arch_stack_walk+0xa6/0xf0 [ 695.179246][T21005] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 695.179295][T21005] ? stack_trace_save+0x8e/0xc0 [ 695.179328][T21005] ? __pfx_stack_trace_save+0x10/0x10 [ 695.179362][T21005] ? stack_depot_save_flags+0x27/0x9d0 [ 695.179406][T21005] ? kasan_save_stack+0x30/0x50 [ 695.179452][T21005] ? kasan_save_track+0x14/0x30 [ 695.179498][T21005] ? __kasan_kmalloc+0xaa/0xb0 [ 695.179542][T21005] ? ring_buffer_read_start+0x149/0x460 [ 695.179587][T21005] ? tracing_open+0x9cd/0xef0 [ 695.179623][T21005] ? do_dentry_open+0x6d8/0x1660 [ 695.179652][T21005] ? vfs_open+0x82/0x3f0 [ 695.179688][T21005] ? path_openat+0x208c/0x31a0 [ 695.179719][T21005] ? do_file_open+0x20e/0x430 [ 695.179749][T21005] ? do_sys_openat2+0x10d/0x1e0 [ 695.179795][T21005] ? __x64_sys_openat+0x12d/0x210 [ 695.179835][T21005] ? do_syscall_64+0x106/0xf80 [ 695.179870][T21005] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.179901][T21005] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 695.179958][T21005] ? policy_nodemask+0xed/0x4f0 [ 695.179997][T21005] alloc_pages_mpol+0x1fb/0x550 [ 695.180034][T21005] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 695.180082][T21005] ? ring_buffer_read_start+0x1b9/0x460 [ 695.180126][T21005] ___kmalloc_large_node+0x104/0x150 [ 695.180170][T21005] __kmalloc_large_node_noprof+0x1c/0x70 [ 695.180212][T21005] __kmalloc_noprof+0x5be/0x850 [ 695.180269][T21005] ring_buffer_read_start+0x1b9/0x460 [ 695.180317][T21005] ? __pfx_ring_buffer_read_start+0x10/0x10 [ 695.180363][T21005] ? lockdep_init_map_type+0x5c/0x250 [ 695.180409][T21005] ? ring_buffer_overruns+0x14e/0x1a0 [ 695.180454][T21005] tracing_open+0x9cd/0xef0 [ 695.180501][T21005] do_dentry_open+0x6d8/0x1660 [ 695.180533][T21005] ? __pfx_tracing_open+0x10/0x10 [ 695.180581][T21005] vfs_open+0x82/0x3f0 [ 695.180626][T21005] path_openat+0x208c/0x31a0 [ 695.180675][T21005] ? __pfx_path_openat+0x10/0x10 [ 695.180725][T21005] do_file_open+0x20e/0x430 [ 695.180762][T21005] ? __pfx_do_file_open+0x10/0x10 [ 695.180836][T21005] ? alloc_fd+0x476/0x790 [ 695.180872][T21005] ? do_getname+0x191/0x390 [ 695.180917][T21005] do_sys_openat2+0x10d/0x1e0 [ 695.180958][T21005] ? __pfx_do_sys_openat2+0x10/0x10 [ 695.181004][T21005] ? __fget_files+0x21f/0x3d0 [ 695.181043][T21005] __x64_sys_openat+0x12d/0x210 [ 695.181087][T21005] ? __pfx___x64_sys_openat+0x10/0x10 [ 695.181146][T21005] do_syscall_64+0x106/0xf80 [ 695.181184][T21005] ? clear_bhb_loop+0x40/0x90 [ 695.181224][T21005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.181258][T21005] RIP: 0033:0x7f13e1d9c799 [ 695.181286][T21005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.181318][T21005] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 695.181351][T21005] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 695.181373][T21005] RDX: 1a6b75d638929210 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 695.181395][T21005] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 695.181415][T21005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 695.181434][T21005] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 695.181479][T21005] [ 697.662626][T21038] ERROR: Out of memory at tomoyo_memory_ok. [ 697.926873][T21050] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5811'. [ 698.452556][T21061] netlink: 302 bytes leftover after parsing attributes in process `syz.3.5815'. [ 698.477949][T21063] futex_wake_op: syz.2.5816 tries to shift op by -2048; fix this program [ 698.493532][T21065] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5818'. [ 698.958036][T21072] kvm: kvm [21071]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1 [ 699.663213][T21083] ERROR: Out of memory at tomoyo_memory_ok. [ 702.872159][T21165] random: crng reseeded on system resumption [ 703.119338][T21173] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5855'. [ 704.385838][T21216] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5865'. [ 706.024058][T21259] netlink: 110 bytes leftover after parsing attributes in process `syz.0.5879'. [ 706.129670][T21263] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5881'. [ 706.211370][T21265] random: crng reseeded on system resumption [ 706.235619][T21267] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5883'. [ 707.277336][T21307] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 708.349982][T21332] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5915'. [ 708.579506][T21350] bridge0: port 4(netdevsim1) entered blocking state [ 708.616537][T21350] bridge0: port 4(netdevsim1) entered disabled state [ 708.628850][T21350] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 708.639858][T21350] netdevsim netdevsim1 netdevsim1: entered promiscuous mode [ 708.650373][T21350] bridge0: port 4(netdevsim1) entered blocking state [ 708.657201][T21350] bridge0: port 4(netdevsim1) entered forwarding state [ 709.023626][T21362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5918'. [ 709.051159][T21362] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5918'. [ 709.068661][T21362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5918'. [ 709.377646][T21370] FAULT_INJECTION: forcing a failure. [ 709.377646][T21370] name failslab, interval 1, probability 0, space 0, times 0 [ 709.438775][T21370] CPU: 0 UID: 0 PID: 21370 Comm: syz.3.5922 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 709.438854][T21370] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 709.438871][T21370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 709.438890][T21370] Call Trace: [ 709.438902][T21370] [ 709.438916][T21370] dump_stack_lvl+0x100/0x190 [ 709.438970][T21370] should_fail_ex.cold+0x5/0xa [ 709.439014][T21370] ? constrain_params_by_rules+0x175/0xcc0 [ 709.439049][T21370] should_failslab+0xc2/0x120 [ 709.439084][T21370] __kmalloc_noprof+0xe0/0x850 [ 709.439132][T21370] ? lockdep_hardirqs_on+0x78/0x100 [ 709.439177][T21370] constrain_params_by_rules+0x175/0xcc0 [ 709.439230][T21370] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 709.439277][T21370] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 709.439331][T21370] ? snd_interval_refine+0x2d0/0x580 [ 709.439378][T21370] snd_pcm_hw_refine+0x7e7/0xad0 [ 709.439422][T21370] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 709.439466][T21370] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 709.439510][T21370] ? snd_pcm_hw_param_value+0x27b/0x5b0 [ 709.439572][T21370] snd_pcm_hw_param_first+0x2b0/0x680 [ 709.439632][T21370] snd_pcm_hw_params+0x496/0x1cb0 [ 709.439679][T21370] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 709.439718][T21370] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 709.439777][T21370] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 709.439837][T21370] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 709.439878][T21370] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 709.439944][T21370] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 709.440004][T21370] ? __pfx___mutex_lock+0x10/0x10 [ 709.440066][T21370] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 709.440122][T21370] snd_pcm_oss_sync+0x265/0x840 [ 709.440181][T21370] snd_pcm_oss_release+0x238/0x300 [ 709.440233][T21370] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 709.440284][T21370] __fput+0x3ff/0xb40 [ 709.440329][T21370] task_work_run+0x150/0x240 [ 709.440377][T21370] ? __pfx_task_work_run+0x10/0x10 [ 709.440435][T21370] exit_to_user_mode_loop+0x100/0x4a0 [ 709.440482][T21370] do_syscall_64+0x668/0xf80 [ 709.440519][T21370] ? clear_bhb_loop+0x40/0x90 [ 709.440569][T21370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.440602][T21370] RIP: 0033:0x7fd18b79c799 [ 709.440631][T21370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 709.440662][T21370] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 709.440694][T21370] RAX: 0000000000000000 RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 709.440716][T21370] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 709.440736][T21370] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 709.440755][T21370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.440774][T21370] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 709.440817][T21370] [ 709.896151][T21374] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5923'. [ 710.106903][T21380] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5925'. [ 710.133168][T21376] zswap: compressor not available [ 710.145119][T21380] hsr_slave_0: left promiscuous mode [ 710.156453][T21383] netlink: 'syz.2.5926': attribute type 4 has an invalid length. [ 710.178335][T21380] hsr_slave_1: left promiscuous mode [ 710.183898][T21383] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5926'. [ 715.590386][T21507] netlink: set zone limit has 8 unknown bytes [ 715.701861][T21509] netlink: set zone limit has 8 unknown bytes [ 716.306234][T21529] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5968'. [ 716.510378][T21533] netlink: 146 bytes leftover after parsing attributes in process `syz.0.5971'. [ 716.609872][T21537] mkiss: ax0: crc mode is auto. [ 717.392153][T21563] vivid-007: ================= START STATUS ================= [ 717.448579][T21563] vivid-007: Generate PTS: true [ 717.481925][T21563] vivid-007: Generate SCR: true [ 717.508620][T21563] tpg source WxH: 320x240 (Y'CbCr) [ 717.539062][T21563] tpg field: 1 [ 717.551389][T21563] tpg crop: (0,0)/320x240 [ 717.578676][T21563] tpg compose: (0,0)/320x240 [ 717.588201][T21563] tpg colorspace: 8 [ 717.593092][T21563] tpg transfer function: 0/0 [ 717.597826][T21563] tpg Y'CbCr encoding: 0/0 [ 717.605028][T21563] tpg quantization: 0/0 [ 717.658947][T21563] tpg RGB range: 0/2 [ 717.669035][T21563] vivid-007: ================== END STATUS ================== [ 718.357799][T21582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5986'. [ 718.641913][T21584] zswap: compressor 000 not available [ 718.750288][T21592] netlink: 142 bytes leftover after parsing attributes in process `syz.1.5988'. [ 718.865926][T21594] kvm: kvm [21593]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004) [ 719.160967][T21605] netlink: 'syz.0.5994': attribute type 16 has an invalid length. [ 719.178165][T21605] netlink: 306 bytes leftover after parsing attributes in process `syz.0.5994'. [ 719.502794][T21612] random: crng reseeded on system resumption [ 719.524922][T21612] FAULT_INJECTION: forcing a failure. [ 719.524922][T21612] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 719.563711][T21612] CPU: 0 UID: 0 PID: 21612 Comm: syz.3.5998 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 719.563783][T21612] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 719.563802][T21612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 719.563820][T21612] Call Trace: [ 719.563832][T21612] [ 719.563844][T21612] dump_stack_lvl+0x100/0x190 [ 719.563895][T21612] should_fail_ex.cold+0x5/0xa [ 719.563924][T21612] ? prepare_alloc_pages+0x16d/0x5f0 [ 719.563965][T21612] should_fail_alloc_page+0xeb/0x140 [ 719.564002][T21612] prepare_alloc_pages+0x1f0/0x5f0 [ 719.564047][T21612] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 719.564112][T21612] ? stack_trace_save+0x8e/0xc0 [ 719.564145][T21612] ? __pfx_stack_trace_save+0x10/0x10 [ 719.564175][T21612] ? arch_stack_walk+0xa6/0xf0 [ 719.564207][T21612] ? stack_depot_save_flags+0x27/0x9d0 [ 719.564243][T21612] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 719.564298][T21612] ? kasan_save_stack+0x3f/0x50 [ 719.564346][T21612] ? kasan_save_stack+0x30/0x50 [ 719.564392][T21612] ? kasan_save_track+0x14/0x30 [ 719.564437][T21612] ? __kasan_kmalloc+0xaa/0xb0 [ 719.564478][T21612] ? memory_bm_create+0x14d/0xba0 [ 719.564521][T21612] ? create_basic_memory_bitmaps+0x10b/0x350 [ 719.564559][T21612] ? snapshot_open+0x230/0x2a0 [ 719.564590][T21612] ? misc_open+0x26d/0x450 [ 719.564624][T21612] ? do_sys_openat2+0x10d/0x1e0 [ 719.564664][T21612] ? __x64_sys_openat+0x12d/0x210 [ 719.564705][T21612] ? do_syscall_64+0x106/0xf80 [ 719.564748][T21612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.564789][T21612] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 719.564846][T21612] ? policy_nodemask+0xed/0x4f0 [ 719.564885][T21612] alloc_pages_mpol+0x1fb/0x550 [ 719.564922][T21612] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 719.564969][T21612] alloc_pages_noprof+0x131/0x390 [ 719.565006][T21612] get_zeroed_page_noprof+0x18/0xb0 [ 719.565041][T21612] get_image_page+0x18/0x1a0 [ 719.565092][T21612] memory_bm_create+0x9bd/0xba0 [ 719.565163][T21612] create_basic_memory_bitmaps+0x10b/0x350 [ 719.565204][T21612] snapshot_open+0x230/0x2a0 [ 719.565239][T21612] ? __pfx_snapshot_open+0x10/0x10 [ 719.565277][T21612] misc_open+0x26d/0x450 [ 719.565307][T21612] ? __pfx_misc_open+0x10/0x10 [ 719.565336][T21612] chrdev_open+0x234/0x6a0 [ 719.565368][T21612] ? __pfx_apparmor_file_open+0x10/0x10 [ 719.565414][T21612] ? __pfx_chrdev_open+0x10/0x10 [ 719.565450][T21612] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 719.565492][T21612] do_dentry_open+0x6d8/0x1660 [ 719.565523][T21612] ? __pfx_chrdev_open+0x10/0x10 [ 719.565574][T21612] vfs_open+0x82/0x3f0 [ 719.565620][T21612] path_openat+0x208c/0x31a0 [ 719.565668][T21612] ? __pfx_path_openat+0x10/0x10 [ 719.565719][T21612] do_file_open+0x20e/0x430 [ 719.565757][T21612] ? __pfx_do_file_open+0x10/0x10 [ 719.565822][T21612] ? alloc_fd+0x476/0x790 [ 719.565858][T21612] ? do_getname+0x191/0x390 [ 719.565902][T21612] do_sys_openat2+0x10d/0x1e0 [ 719.565943][T21612] ? __pfx_do_sys_openat2+0x10/0x10 [ 719.565988][T21612] ? find_held_lock+0x2b/0x80 [ 719.566029][T21612] __x64_sys_openat+0x12d/0x210 [ 719.566073][T21612] ? __pfx___x64_sys_openat+0x10/0x10 [ 719.566132][T21612] do_syscall_64+0x106/0xf80 [ 719.566169][T21612] ? clear_bhb_loop+0x40/0x90 [ 719.566210][T21612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.566243][T21612] RIP: 0033:0x7fd18b79c799 [ 719.566271][T21612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 719.566302][T21612] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 719.566334][T21612] RAX: ffffffffffffffda RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 719.566356][T21612] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 719.566377][T21612] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 719.566397][T21612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.566417][T21612] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 719.566460][T21612] [ 721.373261][T21652] FAULT_INJECTION: forcing a failure. [ 721.373261][T21652] name failslab, interval 1, probability 0, space 0, times 0 [ 721.429704][T21652] CPU: 1 UID: 0 PID: 21652 Comm: syz.3.6012 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 721.429776][T21652] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 721.429794][T21652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 721.429811][T21652] Call Trace: [ 721.429821][T21652] [ 721.429834][T21652] dump_stack_lvl+0x100/0x190 [ 721.429885][T21652] should_fail_ex.cold+0x5/0xa [ 721.429922][T21652] should_failslab+0xc2/0x120 [ 721.429956][T21652] __kmalloc_cache_noprof+0x7a/0x6f0 [ 721.429996][T21652] ? __kthread_create_on_node+0xce/0x3f0 [ 721.430031][T21652] ? lockdep_init_map_type+0x5c/0x250 [ 721.430078][T21652] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 721.430127][T21652] __kthread_create_on_node+0xce/0x3f0 [ 721.430166][T21652] ? __pfx___kthread_create_on_node+0x10/0x10 [ 721.430224][T21652] ? __pfx_tomoyo_gc_thread+0x10/0x10 [ 721.430275][T21652] kthread_create_on_node+0xc7/0x100 [ 721.430312][T21652] ? __pfx_kthread_create_on_node+0x10/0x10 [ 721.430352][T21652] ? lockdep_hardirqs_on+0x78/0x100 [ 721.430390][T21652] ? find_held_lock+0x2b/0x80 [ 721.430418][T21652] ? tomoyo_notify_gc+0xc6/0x480 [ 721.430479][T21652] tomoyo_notify_gc+0x102/0x480 [ 721.430528][T21652] ? ima_iint_find+0xe9/0x130 [ 721.430577][T21652] ? __pfx_tomoyo_release+0x10/0x10 [ 721.430614][T21652] tomoyo_release+0x31/0x40 [ 721.430648][T21652] __fput+0x3ff/0xb40 [ 721.430694][T21652] task_work_run+0x150/0x240 [ 721.430739][T21652] ? __pfx_task_work_run+0x10/0x10 [ 721.430795][T21652] exit_to_user_mode_loop+0x100/0x4a0 [ 721.430840][T21652] do_syscall_64+0x668/0xf80 [ 721.430876][T21652] ? clear_bhb_loop+0x40/0x90 [ 721.430914][T21652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.430947][T21652] RIP: 0033:0x7fd18b79c799 [ 721.430973][T21652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.431003][T21652] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 721.431034][T21652] RAX: 0000000000000000 RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 721.431054][T21652] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 721.431072][T21652] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 721.431090][T21652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.431109][T21652] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 721.431150][T21652] [ 722.272986][T21667] netlink: 'syz.3.6019': attribute type 22 has an invalid length. [ 722.281000][T21667] netlink: 330 bytes leftover after parsing attributes in process `syz.3.6019'. [ 722.548844][T21671] FAULT_INJECTION: forcing a failure. [ 722.548844][T21671] name failslab, interval 1, probability 0, space 0, times 0 [ 722.568815][T21671] CPU: 1 UID: 0 PID: 21671 Comm: syz.0.6020 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 722.568884][T21671] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 722.568899][T21671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 722.568914][T21671] Call Trace: [ 722.568923][T21671] [ 722.568933][T21671] dump_stack_lvl+0x100/0x190 [ 722.568976][T21671] should_fail_ex.cold+0x5/0xa [ 722.569006][T21671] should_failslab+0xc2/0x120 [ 722.569032][T21671] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 722.569068][T21671] ? alloc_inode+0x183/0x250 [ 722.569106][T21671] alloc_inode+0x183/0x250 [ 722.569136][T21671] alloc_anon_inode+0x2a/0x3e0 [ 722.569162][T21671] anon_inode_make_secure_inode+0x2f/0x140 [ 722.569195][T21671] __anon_inode_getfile+0x1cf/0x280 [ 722.569221][T21671] ? _copy_to_user+0xaf/0xd0 [ 722.569246][T21671] io_uring_setup.cold+0x19e3/0x1d09 [ 722.569286][T21671] ? __pfx_io_uring_setup+0x10/0x10 [ 722.569319][T21671] ? __pfx_do_futex+0x10/0x10 [ 722.569365][T21671] ? xfd_validate_state+0x129/0x190 [ 722.569409][T21671] __x64_sys_io_uring_setup+0xc2/0x170 [ 722.569439][T21671] do_syscall_64+0x106/0xf80 [ 722.569467][T21671] ? clear_bhb_loop+0x40/0x90 [ 722.569497][T21671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.569522][T21671] RIP: 0033:0x7f6c97d9c799 [ 722.569551][T21671] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 722.569576][T21671] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 722.569601][T21671] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 722.569617][T21671] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 722.569632][T21671] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 722.569646][T21671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 722.569661][T21671] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 722.569693][T21671] [ 723.419037][T21687] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6027'. [ 723.428286][T21687] hsr_slave_0: left promiscuous mode [ 723.438810][T21687] hsr_slave_1: left promiscuous mode [ 723.468118][T21685] netlink: 346 bytes leftover after parsing attributes in process `syz.3.6026'. [ 724.178080][T21705] FAULT_INJECTION: forcing a failure. [ 724.178080][T21705] name failslab, interval 1, probability 0, space 0, times 0 [ 724.213119][T21705] CPU: 1 UID: 0 PID: 21705 Comm: syz.1.6034 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 724.213189][T21705] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 724.213207][T21705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 724.213226][T21705] Call Trace: [ 724.213236][T21705] [ 724.213249][T21705] dump_stack_lvl+0x100/0x190 [ 724.213298][T21705] should_fail_ex.cold+0x5/0xa [ 724.213335][T21705] ? lsm_blob_alloc+0x68/0x90 [ 724.213373][T21705] should_failslab+0xc2/0x120 [ 724.213410][T21705] __kmalloc_noprof+0xe0/0x850 [ 724.213456][T21705] ? down_write_nested+0x14f/0x200 [ 724.213531][T21705] lsm_blob_alloc+0x68/0x90 [ 724.213574][T21705] security_sb_alloc+0x25/0x240 [ 724.213621][T21705] alloc_super+0x24c/0xd20 [ 724.213676][T21705] ? __pfx_mqueue_fill_super+0x10/0x10 [ 724.213718][T21705] sget_fc+0x117/0xc70 [ 724.213763][T21705] ? __pfx_set_anon_super_fc+0x10/0x10 [ 724.213811][T21705] ? __pfx_mqueue_fill_super+0x10/0x10 [ 724.213854][T21705] get_tree_nodev+0x28/0x190 [ 724.213906][T21705] mqueue_get_tree+0xf1/0x130 [ 724.213949][T21705] vfs_get_tree+0x92/0x320 [ 724.213994][T21705] fc_mount_longterm+0x1a/0x270 [ 724.214044][T21705] mq_init_ns+0x482/0x820 [ 724.214096][T21705] copy_ipcs+0x3dd/0x7e0 [ 724.214147][T21705] create_new_namespaces+0x20a/0xac0 [ 724.214182][T21705] ? security_capable+0x80/0x260 [ 724.214231][T21705] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 724.214271][T21705] ksys_unshare+0x473/0xad0 [ 724.214315][T21705] ? __pfx_ksys_unshare+0x10/0x10 [ 724.214375][T21705] __x64_sys_unshare+0x31/0x40 [ 724.214413][T21705] do_syscall_64+0x106/0xf80 [ 724.214451][T21705] ? clear_bhb_loop+0x40/0x90 [ 724.214493][T21705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.214535][T21705] RIP: 0033:0x7f13e1d9c799 [ 724.214564][T21705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 724.214595][T21705] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 724.214627][T21705] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 724.214649][T21705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 724.214669][T21705] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 724.214688][T21705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.214708][T21705] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 724.214753][T21705] [ 725.140542][T21718] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6040'. [ 725.183568][T21718] IPv6: NLM_F_CREATE should be specified when creating new route [ 725.228945][T21718] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 725.236275][T21718] IPv6: NLM_F_CREATE should be set when creating new route [ 725.238953][T21719] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6040'. [ 725.243594][T21718] IPv6: NLM_F_CREATE should be set when creating new route [ 725.316902][T21719] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 725.875975][T21741] netlink: 130 bytes leftover after parsing attributes in process `syz.3.6049'. [ 726.242810][T21750] FAULT_INJECTION: forcing a failure. [ 726.242810][T21750] name failslab, interval 1, probability 0, space 0, times 0 [ 726.256264][T21750] CPU: 0 UID: 8 PID: 21750 Comm: syz.0.6051 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 726.256326][T21750] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 726.256344][T21750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 726.256361][T21750] Call Trace: [ 726.256372][T21750] [ 726.256383][T21750] dump_stack_lvl+0x100/0x190 [ 726.256432][T21750] should_fail_ex.cold+0x5/0xa [ 726.256467][T21750] should_failslab+0xc2/0x120 [ 726.256509][T21750] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 726.256552][T21750] ? taskstats_exit+0x650/0xbd0 [ 726.256604][T21750] taskstats_exit+0x650/0xbd0 [ 726.256650][T21750] ? __pfx_acct_update_integrals+0x10/0x10 [ 726.256707][T21750] ? __pfx_taskstats_exit+0x10/0x10 [ 726.256753][T21750] ? rcu_read_lock_any_held+0x6a/0xa0 [ 726.256923][T21750] ? exit_signals+0x395/0xaf0 [ 726.256958][T21750] do_exit+0x659/0x2b60 [ 726.257002][T21750] ? __pfx_do_exit+0x10/0x10 [ 726.257038][T21750] ? do_raw_spin_lock+0x128/0x260 [ 726.257079][T21750] ? find_held_lock+0x2b/0x80 [ 726.257105][T21750] ? get_signal+0x7e0/0x21e0 [ 726.257140][T21750] do_group_exit+0xd5/0x2a0 [ 726.257183][T21750] get_signal+0x1ec7/0x21e0 [ 726.257230][T21750] ? __pfx_get_signal+0x10/0x10 [ 726.257264][T21750] ? do_futex+0x192/0x350 [ 726.257309][T21750] arch_do_signal_or_restart+0x91/0x770 [ 726.257349][T21750] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 726.257397][T21750] ? __pfx___x64_sys_futex+0x10/0x10 [ 726.257435][T21750] ? __put_cred+0x111/0x180 [ 726.257485][T21750] exit_to_user_mode_loop+0x86/0x4a0 [ 726.257633][T21750] do_syscall_64+0x668/0xf80 [ 726.257667][T21750] ? clear_bhb_loop+0x40/0x90 [ 726.257704][T21750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.257735][T21750] RIP: 0033:0x7f6c97d9c799 [ 726.257760][T21750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 726.257788][T21750] RSP: 002b:00007f6c98ced0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 726.257818][T21750] RAX: fffffffffffffe00 RBX: 00007f6c98015fa8 RCX: 00007f6c97d9c799 [ 726.257838][T21750] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6c98015fa8 [ 726.257856][T21750] RBP: 00007f6c98015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 726.257872][T21750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.257888][T21750] R13: 00007f6c98016038 R14: 00007ffd740d9770 R15: 00007ffd740d9858 [ 726.257923][T21750] [ 726.664634][T21757] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6053'. [ 726.841767][T21764] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6058'. [ 726.843276][T21762] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6056'. [ 727.415256][T21778] FAULT_INJECTION: forcing a failure. [ 727.415256][T21778] name failslab, interval 1, probability 0, space 0, times 0 [ 727.438828][T21778] CPU: 0 UID: 0 PID: 21778 Comm: syz.0.6062 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 727.438901][T21778] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 727.438921][T21778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 727.438941][T21778] Call Trace: [ 727.438954][T21778] [ 727.438967][T21778] dump_stack_lvl+0x100/0x190 [ 727.439023][T21778] should_fail_ex.cold+0x5/0xa [ 727.439062][T21778] should_failslab+0xc2/0x120 [ 727.439096][T21778] __kmalloc_cache_noprof+0x7a/0x6f0 [ 727.439138][T21778] ? snd_virmidi_input_open+0xc8/0x4d0 [ 727.439186][T21778] ? __kasan_kmalloc+0xaa/0xb0 [ 727.439243][T21778] snd_virmidi_input_open+0xc8/0x4d0 [ 727.439298][T21778] open_substream+0x480/0x9e0 [ 727.439336][T21778] rawmidi_open_priv+0x524/0x6f0 [ 727.439380][T21778] snd_rawmidi_open+0x4c9/0xba0 [ 727.439425][T21778] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 727.439464][T21778] ? __pfx_default_wake_function+0x10/0x10 [ 727.439499][T21778] ? soundcore_open+0x231/0x5a0 [ 727.439557][T21778] ? soundcore_open+0x231/0x5a0 [ 727.439607][T21778] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 727.439646][T21778] soundcore_open+0x2e3/0x5a0 [ 727.439696][T21778] ? __pfx_soundcore_open+0x10/0x10 [ 727.439753][T21778] chrdev_open+0x234/0x6a0 [ 727.439861][T21778] ? __pfx_apparmor_file_open+0x10/0x10 [ 727.439906][T21778] ? __pfx_chrdev_open+0x10/0x10 [ 727.439942][T21778] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 727.439986][T21778] do_dentry_open+0x6d8/0x1660 [ 727.440017][T21778] ? __pfx_chrdev_open+0x10/0x10 [ 727.440059][T21778] vfs_open+0x82/0x3f0 [ 727.440100][T21778] path_openat+0x208c/0x31a0 [ 727.440146][T21778] ? __pfx_path_openat+0x10/0x10 [ 727.440197][T21778] do_file_open+0x20e/0x430 [ 727.440235][T21778] ? __pfx_do_file_open+0x10/0x10 [ 727.440300][T21778] ? alloc_fd+0x476/0x790 [ 727.440338][T21778] ? do_getname+0x191/0x390 [ 727.440381][T21778] do_sys_openat2+0x10d/0x1e0 [ 727.440423][T21778] ? __pfx_do_sys_openat2+0x10/0x10 [ 727.440470][T21778] ? __fget_files+0x21f/0x3d0 [ 727.440507][T21778] __x64_sys_openat+0x12d/0x210 [ 727.440542][T21778] ? __pfx___x64_sys_openat+0x10/0x10 [ 727.440599][T21778] do_syscall_64+0x106/0xf80 [ 727.440639][T21778] ? clear_bhb_loop+0x40/0x90 [ 727.440680][T21778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.440711][T21778] RIP: 0033:0x7f6c97d9c799 [ 727.440761][T21778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 727.440793][T21778] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 727.440826][T21778] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 727.440850][T21778] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 727.440871][T21778] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 727.440892][T21778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.440912][T21778] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 727.440957][T21778] [ 727.959744][T21784] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6064'. [ 731.445722][T21855] netlink: 'syz.2.6092': attribute type 4 has an invalid length. [ 731.615776][T21861] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6094'. [ 731.688333][T21859] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6093'. [ 731.980986][T21870] FAULT_INJECTION: forcing a failure. [ 731.980986][T21870] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 732.006053][T21870] CPU: 1 UID: 0 PID: 21870 Comm: syz.0.6097 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 732.006124][T21870] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 732.006143][T21870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 732.006162][T21870] Call Trace: [ 732.006173][T21870] [ 732.006185][T21870] dump_stack_lvl+0x100/0x190 [ 732.006235][T21870] should_fail_ex.cold+0x5/0xa [ 732.006264][T21870] ? prepare_alloc_pages+0x16d/0x5f0 [ 732.006302][T21870] should_fail_alloc_page+0xeb/0x140 [ 732.006337][T21870] prepare_alloc_pages+0x1f0/0x5f0 [ 732.006375][T21870] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 732.006426][T21870] ? get_page_from_freelist+0x111d/0x3140 [ 732.006478][T21870] ? __pfx___might_resched+0x10/0x10 [ 732.006522][T21870] ? prepare_alloc_pages+0x16d/0x5f0 [ 732.006558][T21870] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 732.006621][T21870] ? rcu_is_watching+0x12/0xc0 [ 732.006670][T21870] ? trace_mm_page_alloc+0x17a/0x1d0 [ 732.006710][T21870] ? is_bpf_text_address+0x8a/0x1a0 [ 732.006758][T21870] ? is_bpf_text_address+0x8a/0x1a0 [ 732.006806][T21870] ? bpf_ksym_find+0x124/0x1c0 [ 732.006842][T21870] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 732.006876][T21870] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 732.006931][T21870] ? policy_nodemask+0xed/0x4f0 [ 732.006968][T21870] alloc_pages_mpol+0x1fb/0x550 [ 732.007003][T21870] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 732.007048][T21870] alloc_pages_noprof+0x131/0x390 [ 732.007085][T21870] kimage_alloc_pages+0x72/0x380 [ 732.007141][T21870] kimage_alloc_control_pages+0x157/0xa20 [ 732.007173][T21870] ? policy_nodemask+0x30/0x4f0 [ 732.007213][T21870] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 732.007244][T21870] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 732.007288][T21870] alloc_pgt_page+0x17/0xb0 [ 732.007326][T21870] machine_kexec_prepare+0x1a7/0x14d0 [ 732.007378][T21870] ? __pfx_machine_kexec_prepare+0x10/0x10 [ 732.007424][T21870] ? __pfx_alloc_pgt_page+0x10/0x10 [ 732.007470][T21870] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 732.007516][T21870] do_kexec_load+0x32c/0x810 [ 732.007554][T21870] ? __pfx_do_kexec_load+0x10/0x10 [ 732.007598][T21870] ? _copy_from_user+0x59/0xd0 [ 732.007649][T21870] __x64_sys_kexec_load+0x1bf/0x230 [ 732.007688][T21870] do_syscall_64+0x106/0xf80 [ 732.007726][T21870] ? clear_bhb_loop+0x40/0x90 [ 732.007767][T21870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.007799][T21870] RIP: 0033:0x7f6c97d9c799 [ 732.007826][T21870] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 732.007858][T21870] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 732.007890][T21870] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 732.007911][T21870] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 00000000ffffffff [ 732.007930][T21870] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 732.007950][T21870] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 732.007969][T21870] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 732.008012][T21870] [ 732.644927][T21875] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6099'. [ 733.956854][T21916] FAULT_INJECTION: forcing a failure. [ 733.956854][T21916] name failslab, interval 1, probability 0, space 0, times 0 [ 733.977487][T21916] CPU: 1 UID: 0 PID: 21916 Comm: syz.1.6115 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 733.977577][T21916] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 733.977597][T21916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 733.977618][T21916] Call Trace: [ 733.977630][T21916] [ 733.977642][T21916] dump_stack_lvl+0x100/0x190 [ 733.977699][T21916] should_fail_ex.cold+0x5/0xa [ 733.977737][T21916] should_failslab+0xc2/0x120 [ 733.977773][T21916] __kmalloc_cache_noprof+0x7a/0x6f0 [ 733.977812][T21916] ? snd_virmidi_input_open+0xc8/0x4d0 [ 733.977860][T21916] ? __kasan_kmalloc+0xaa/0xb0 [ 733.977916][T21916] snd_virmidi_input_open+0xc8/0x4d0 [ 733.977971][T21916] open_substream+0x480/0x9e0 [ 733.978010][T21916] rawmidi_open_priv+0x524/0x6f0 [ 733.978054][T21916] snd_rawmidi_open+0x4c9/0xba0 [ 733.978101][T21916] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 733.978141][T21916] ? __pfx_default_wake_function+0x10/0x10 [ 733.978176][T21916] ? soundcore_open+0x231/0x5a0 [ 733.978221][T21916] ? soundcore_open+0x231/0x5a0 [ 733.978269][T21916] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 733.978320][T21916] soundcore_open+0x2e3/0x5a0 [ 733.978408][T21916] ? __pfx_soundcore_open+0x10/0x10 [ 733.978471][T21916] chrdev_open+0x234/0x6a0 [ 733.978501][T21916] ? __pfx_apparmor_file_open+0x10/0x10 [ 733.978554][T21916] ? __pfx_chrdev_open+0x10/0x10 [ 733.978589][T21916] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 733.978632][T21916] do_dentry_open+0x6d8/0x1660 [ 733.978661][T21916] ? __pfx_chrdev_open+0x10/0x10 [ 733.978715][T21916] vfs_open+0x82/0x3f0 [ 733.978759][T21916] path_openat+0x208c/0x31a0 [ 733.978806][T21916] ? __pfx_path_openat+0x10/0x10 [ 733.978855][T21916] do_file_open+0x20e/0x430 [ 733.978891][T21916] ? __pfx_do_file_open+0x10/0x10 [ 733.978955][T21916] ? alloc_fd+0x476/0x790 [ 733.978987][T21916] ? do_getname+0x191/0x390 [ 733.979028][T21916] do_sys_openat2+0x10d/0x1e0 [ 733.979069][T21916] ? __pfx_do_sys_openat2+0x10/0x10 [ 733.979112][T21916] ? __fget_files+0x21f/0x3d0 [ 733.979151][T21916] __x64_sys_openat+0x12d/0x210 [ 733.979192][T21916] ? __pfx___x64_sys_openat+0x10/0x10 [ 733.979250][T21916] do_syscall_64+0x106/0xf80 [ 733.979286][T21916] ? clear_bhb_loop+0x40/0x90 [ 733.979326][T21916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 733.979359][T21916] RIP: 0033:0x7f13e1d9c799 [ 733.979388][T21916] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 733.979419][T21916] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 733.979450][T21916] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 733.979472][T21916] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 733.979492][T21916] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 733.979512][T21916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 733.979531][T21916] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 733.979583][T21916] [ 735.226224][T21939] netlink: 'syz.2.6124': attribute type 27 has an invalid length. [ 735.238975][T21939] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6124'. [ 735.343391][T21941] netlink: 146 bytes leftover after parsing attributes in process `syz.0.6125'. [ 738.370797][T22015] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6154'. [ 738.408664][T22017] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6155'. [ 738.459196][T22017] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6155'. [ 739.464052][T22041] netlink: 'syz.3.6165': attribute type 19 has an invalid length. [ 739.472104][T22041] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6165'. [ 739.830093][T22051] FAULT_INJECTION: forcing a failure. [ 739.830093][T22051] name failslab, interval 1, probability 0, space 0, times 0 [ 739.928620][T22051] CPU: 1 UID: 0 PID: 22051 Comm: syz.1.6169 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 739.928688][T22051] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 739.928706][T22051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 739.928724][T22051] Call Trace: [ 739.928746][T22051] [ 739.928759][T22051] dump_stack_lvl+0x100/0x190 [ 739.928814][T22051] should_fail_ex.cold+0x5/0xa [ 739.928854][T22051] should_failslab+0xc2/0x120 [ 739.928895][T22051] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 739.928937][T22051] ? anon_vma_fork+0x8d/0x6b0 [ 739.928987][T22051] anon_vma_fork+0x8d/0x6b0 [ 739.929032][T22051] ? vm_area_dup+0x59d/0x8e0 [ 739.929079][T22051] dup_mmap+0x141f/0x2180 [ 739.929136][T22051] ? __pfx_dup_mmap+0x10/0x10 [ 739.929172][T22051] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 739.929218][T22051] ? __lock_acquire+0x4a5/0x2630 [ 739.929262][T22051] ? find_held_lock+0x2b/0x80 [ 739.929292][T22051] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 739.929379][T22051] copy_process+0x73d7/0x7a10 [ 739.929419][T22051] ? __pfx___schedule+0x10/0x10 [ 739.929472][T22051] ? __pfx_copy_process+0x10/0x10 [ 739.929519][T22051] ? _copy_from_user+0x59/0xd0 [ 739.929579][T22051] kernel_clone+0xfc/0x9a0 [ 739.929621][T22051] ? __pfx_kernel_clone+0x10/0x10 [ 739.929656][T22051] ? futex_private_hash_put+0x107/0x1c0 [ 739.929709][T22051] ? __pfx_futex_wake+0x10/0x10 [ 739.929772][T22051] __do_sys_clone3+0x214/0x290 [ 739.929812][T22051] ? __pfx___do_sys_clone3+0x10/0x10 [ 739.929908][T22051] do_syscall_64+0x106/0xf80 [ 739.929947][T22051] ? clear_bhb_loop+0x40/0x90 [ 739.929989][T22051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.930024][T22051] RIP: 0033:0x7f13e1d9c799 [ 739.930053][T22051] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 739.930084][T22051] RSP: 002b:00007f13e2b86ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 739.930116][T22051] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f13e1d9c799 [ 739.930137][T22051] RDX: 00007f13e2b86f10 RSI: 0000000000000058 RDI: 00007f13e2b86f10 [ 739.930158][T22051] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000058 [ 739.930178][T22051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.930196][T22051] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 739.930256][T22051] [ 744.009716][T22121] FAULT_INJECTION: forcing a failure. [ 744.009716][T22121] name failslab, interval 1, probability 0, space 0, times 0 [ 744.038663][T22121] CPU: 0 UID: 0 PID: 22121 Comm: syz.1.6190 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 744.038733][T22121] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 744.038752][T22121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 744.038771][T22121] Call Trace: [ 744.038782][T22121] [ 744.038795][T22121] dump_stack_lvl+0x100/0x190 [ 744.038863][T22121] should_fail_ex.cold+0x5/0xa [ 744.038900][T22121] should_failslab+0xc2/0x120 [ 744.038935][T22121] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 744.038982][T22121] ? security_file_alloc+0x34/0x2c0 [ 744.039016][T22121] ? trace_kmem_cache_alloc+0xf3/0x120 [ 744.039058][T22121] security_file_alloc+0x34/0x2c0 [ 744.039093][T22121] init_file+0x95/0x480 [ 744.039131][T22121] alloc_empty_file+0x73/0x1c0 [ 744.039172][T22121] alloc_file_pseudo+0x13a/0x230 [ 744.039214][T22121] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 744.039254][T22121] ? tipc_sk_finish_conn+0x600/0x7a0 [ 744.039306][T22121] sock_alloc_file+0x50/0x210 [ 744.039351][T22121] __sys_socketpair+0x321/0x5b0 [ 744.039383][T22121] ? __pfx___sys_socketpair+0x10/0x10 [ 744.039432][T22121] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 744.039467][T22121] ? __pfx___x64_sys_futex+0x10/0x10 [ 744.039510][T22121] ? __pfx_do_writev+0x10/0x10 [ 744.039564][T22121] __x64_sys_socketpair+0x96/0x100 [ 744.039594][T22121] ? lockdep_hardirqs_on+0x78/0x100 [ 744.039638][T22121] do_syscall_64+0x106/0xf80 [ 744.039674][T22121] ? clear_bhb_loop+0x40/0x90 [ 744.039714][T22121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.039748][T22121] RIP: 0033:0x7f13e1d9c799 [ 744.039774][T22121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 744.039803][T22121] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 744.039841][T22121] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 744.039860][T22121] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 744.039880][T22121] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 744.039898][T22121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 744.039917][T22121] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 744.039954][T22121] [ 745.819524][T20732] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 745.862832][T22159] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6204'. [ 746.517047][T22173] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 746.765787][T22184] ACPI: Enabling force_remove is not supported anymore. Please report to linux-acpi@vger.kernel.org if you depend on this functionality [ 747.271652][T22196] vcan0: tx drop: invalid da for name 0x000000000000003f [ 747.432635][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.439883][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.121207][T22249] netlink: 'syz.1.6239': attribute type 29 has an invalid length. [ 749.146736][T22249] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6239'. [ 749.334101][T22260] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6245'. [ 749.337564][T22262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6244'. [ 749.485150][T22266] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6247'. [ 749.956651][T20732] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 749.956693][T20732] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 749.971577][T20732] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 750.965093][T22303] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6261'. [ 751.189941][T22308] phram: not enough arguments [ 752.224328][T22325] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6268'. [ 752.483170][T22330] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 752.494271][T22332] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6273'. [ 753.098688][T22351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6280'. [ 753.130706][T22351] netlink: 'syz.1.6280': attribute type 7 has an invalid length. [ 756.072821][T22402] FAULT_INJECTION: forcing a failure. [ 756.072821][T22402] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 756.118687][T22402] CPU: 1 UID: 0 PID: 22402 Comm: syz.0.6296 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 756.118767][T22402] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 756.118787][T22402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 756.118807][T22402] Call Trace: [ 756.118825][T22402] [ 756.118839][T22402] dump_stack_lvl+0x100/0x190 [ 756.118894][T22402] should_fail_ex.cold+0x5/0xa [ 756.118928][T22402] ? prepare_alloc_pages+0x16d/0x5f0 [ 756.118971][T22402] should_fail_alloc_page+0xeb/0x140 [ 756.119009][T22402] prepare_alloc_pages+0x1f0/0x5f0 [ 756.119053][T22402] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 756.119106][T22402] ? ima_match_policy+0x8c4/0x2350 [ 756.119138][T22402] ? ima_match_policy+0x8c4/0x2350 [ 756.119183][T22402] ? __lock_acquire+0x4a5/0x2630 [ 756.119235][T22402] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 756.119283][T22402] ? __lock_acquire+0x4a5/0x2630 [ 756.119323][T22402] ? look_up_lock_class+0x55/0x120 [ 756.119362][T22402] ? register_lock_class+0x40/0x560 [ 756.119409][T22402] ? lock_acquire+0x1cf/0x380 [ 756.119460][T22402] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 756.119526][T22402] ? policy_nodemask+0xed/0x4f0 [ 756.119565][T22402] alloc_pages_mpol+0x1fb/0x550 [ 756.119602][T22402] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 756.119638][T22402] ? __pfx___pollwait+0x10/0x10 [ 756.119686][T22402] ? mark_held_locks+0x40/0x70 [ 756.119733][T22402] alloc_pages_noprof+0x131/0x390 [ 756.119767][T22402] ? __pfx___pollwait+0x10/0x10 [ 756.119812][T22402] get_free_pages_noprof+0x10/0xb0 [ 756.119845][T22402] __pollwait+0x29a/0x470 [ 756.119890][T22402] ? __pfx___pollwait+0x10/0x10 [ 756.119939][T22402] ? __pfx___pollwait+0x10/0x10 [ 756.119985][T22402] vb2_poll+0x8c/0xe0 [ 756.120032][T22402] vb2_fop_poll+0x10e/0x350 [ 756.120078][T22402] ? __pfx_vb2_fop_poll+0x10/0x10 [ 756.120121][T22402] v4l2_poll+0x15f/0x220 [ 756.120163][T22402] ? __pfx_v4l2_poll+0x10/0x10 [ 756.120204][T22402] do_sys_poll+0x6e5/0xeb0 [ 756.120251][T22402] ? lockdep_hardirqs_on+0x78/0x100 [ 756.120305][T22402] ? __pfx_do_sys_poll+0x10/0x10 [ 756.120354][T22402] ? __lock_acquire+0x4a5/0x2630 [ 756.120430][T22402] ? futex_unqueue+0x13d/0x2c0 [ 756.120467][T22402] ? __pfx___pollwait+0x10/0x10 [ 756.120527][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120582][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120635][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120688][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120739][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120791][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120843][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120904][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.120957][T22402] ? __pfx_pollwake+0x10/0x10 [ 756.121009][T22402] ? do_futex+0x192/0x350 [ 756.121046][T22402] ? set_user_sigmask+0x1e1/0x270 [ 756.121093][T22402] ? __pfx_set_user_sigmask+0x10/0x10 [ 756.121143][T22402] ? __pfx___might_resched+0x10/0x10 [ 756.121189][T22402] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 756.121239][T22402] __x64_sys_ppoll+0x2b5/0x350 [ 756.121284][T22402] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 756.121318][T22402] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 756.121373][T22402] do_syscall_64+0x106/0xf80 [ 756.121412][T22402] ? clear_bhb_loop+0x40/0x90 [ 756.121454][T22402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.121495][T22402] RIP: 0033:0x7f6c97d9c799 [ 756.121525][T22402] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.121554][T22402] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 756.121585][T22402] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 756.121605][T22402] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000200000000200 [ 756.121624][T22402] RBP: 00007f6c97e32bd9 R08: 0000000000000008 R09: 0000000000000000 [ 756.121644][T22402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.121663][T22402] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 756.121705][T22402] [ 756.650527][T22405] sd 0:0:1:0: PR command failed: 1026 [ 756.688709][T22405] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 756.695591][T22405] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 758.156115][T22425] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 760.018879][T22473] sg_write: data in/out 81/90 bytes for SCSI command 0x0-- guessing data in; [ 760.018879][T22473] program syz.3.6324 not setting count and/or reply_len properly [ 761.748605][T22517] veth1_to_batadv: entered promiscuous mode [ 761.759125][T22510] ima: policy update failed [ 761.764293][ T30] audit: type=1802 audit(1772712686.691:15): pid=22510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.6338" res=0 errno=0 [ 761.798963][T22517] veth1_to_batadv: left promiscuous mode [ 762.130146][T22522] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6339'. [ 762.371791][T22534] FAULT_INJECTION: forcing a failure. [ 762.371791][T22534] name failslab, interval 1, probability 0, space 0, times 0 [ 762.428635][T22534] CPU: 1 UID: 0 PID: 22534 Comm: syz.3.6342 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 762.428702][T22534] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 762.428721][T22534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 762.428748][T22534] Call Trace: [ 762.428759][T22534] [ 762.428772][T22534] dump_stack_lvl+0x100/0x190 [ 762.428833][T22534] should_fail_ex.cold+0x5/0xa [ 762.428872][T22534] should_failslab+0xc2/0x120 [ 762.428905][T22534] __kvmalloc_node_noprof+0xfa/0xa00 [ 762.428951][T22534] ? v4l2_ctrl_new+0x4a6/0x23a0 [ 762.428991][T22534] ? register_lock_class+0x40/0x560 [ 762.429042][T22534] v4l2_ctrl_new+0x4a6/0x23a0 [ 762.429100][T22534] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 762.429144][T22534] ? lock_acquire+0x1cf/0x380 [ 762.429192][T22534] ? rcu_is_watching+0x12/0xc0 [ 762.429243][T22534] v4l2_ctrl_new_std+0x1bb/0x290 [ 762.429298][T22534] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 762.429347][T22534] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 762.429405][T22534] ? __asan_memset+0x23/0x50 [ 762.429450][T22534] ? __asan_memcpy+0x3c/0x60 [ 762.429493][T22534] ? find_ref+0x209/0x420 [ 762.429527][T22534] handler_new_ref+0x82f/0xc60 [ 762.429570][T22534] v4l2_ctrl_new+0xe67/0x23a0 [ 762.429627][T22534] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 762.429689][T22534] v4l2_ctrl_new_std+0x1bb/0x290 [ 762.429751][T22534] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 762.429800][T22534] ? trace_kmalloc+0x101/0x130 [ 762.429831][T22534] ? __kasan_kmalloc+0xaa/0xb0 [ 762.429882][T22534] ? v4l2_ctrl_handler_init_class+0x201/0x350 [ 762.429925][T22534] ? lockdep_set_lock_cmp_fn+0x60/0xe0 [ 762.429971][T22534] ? media_request_object_init+0x105/0x180 [ 762.430017][T22534] vim2m_open+0x140/0x830 [ 762.430060][T22534] v4l2_open+0x1d2/0x490 [ 762.430103][T22534] ? __pfx_v4l2_open+0x10/0x10 [ 762.430144][T22534] chrdev_open+0x234/0x6a0 [ 762.430175][T22534] ? __pfx_apparmor_file_open+0x10/0x10 [ 762.430222][T22534] ? __pfx_chrdev_open+0x10/0x10 [ 762.430254][T22534] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 762.430294][T22534] do_dentry_open+0x6d8/0x1660 [ 762.430325][T22534] ? __pfx_chrdev_open+0x10/0x10 [ 762.430367][T22534] vfs_open+0x82/0x3f0 [ 762.430410][T22534] path_openat+0x208c/0x31a0 [ 762.430458][T22534] ? __pfx_path_openat+0x10/0x10 [ 762.430505][T22534] do_file_open+0x20e/0x430 [ 762.430538][T22534] ? __pfx_do_file_open+0x10/0x10 [ 762.430601][T22534] ? alloc_fd+0x476/0x790 [ 762.430636][T22534] ? do_getname+0x191/0x390 [ 762.430677][T22534] do_sys_openat2+0x10d/0x1e0 [ 762.430715][T22534] ? __pfx_do_sys_openat2+0x10/0x10 [ 762.430780][T22534] __x64_sys_openat+0x12d/0x210 [ 762.430824][T22534] ? __pfx___x64_sys_openat+0x10/0x10 [ 762.430884][T22534] do_syscall_64+0x106/0xf80 [ 762.430920][T22534] ? clear_bhb_loop+0x40/0x90 [ 762.430961][T22534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.430991][T22534] RIP: 0033:0x7fd18b79c799 [ 762.431020][T22534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 762.431050][T22534] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 762.431081][T22534] RAX: ffffffffffffffda RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 762.431112][T22534] RDX: 000000000002aa01 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 762.431133][T22534] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 762.431154][T22534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 762.431173][T22534] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 762.431217][T22534] [ 764.371584][T22559] random: crng reseeded on system resumption [ 764.439240][T22559] hub 1-0:1.0: USB hub found [ 764.451079][T22559] hub 1-0:1.0: 1 port detected [ 765.160276][T22571] db_root: cannot open: 0 [ 765.166235][ T30] audit: type=1800 audit(1772712690.081:16): pid=22571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6358" name="dbroot" dev="configfs" ino=77794 res=0 errno=0 [ 765.638648][T22578] phram: parameter too long [ 765.980775][T22597] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6366'. [ 765.992718][T22599] netlink: 302 bytes leftover after parsing attributes in process `syz.3.6367'. [ 766.328752][T22600] Process accounting resumed [ 766.453218][T22611] netlink: 'syz.2.6371': attribute type 27 has an invalid length. [ 766.461312][T22611] netlink: 334 bytes leftover after parsing attributes in process `syz.2.6371'. [ 767.612638][T22656] netlink: 'syz.0.6385': attribute type 16 has an invalid length. [ 767.635303][T22656] netlink: 50 bytes leftover after parsing attributes in process `syz.0.6385'. [ 767.647562][T22656] netlink: 'syz.0.6385': attribute type 16 has an invalid length. [ 767.655710][T22656] netlink: 50 bytes leftover after parsing attributes in process `syz.0.6385'. [ 767.952244][T22666] nvme_fabrics: missing parameter 'transport=%s' [ 767.969767][T22666] nvme_fabrics: missing parameter 'nqn=%s' [ 768.151237][T22669] nvme_fabrics: missing parameter 'transport=%s' [ 768.162281][T22669] nvme_fabrics: missing parameter 'nqn=%s' [ 768.625114][T22685] netlink: 'syz.0.6390': attribute type 1 has an invalid length. [ 768.643913][T22685] netlink: 314 bytes leftover after parsing attributes in process `syz.0.6390'. [ 768.814334][T22694] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6393'. [ 768.857634][T22694] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6393'. [ 768.949306][T22700] futex_wake_op: syz.0.6395 tries to shift op by -2048; fix this program [ 769.115927][T22708] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 771.035511][T22740] zswap: compressor not available [ 771.204004][T22754] FAULT_INJECTION: forcing a failure. [ 771.204004][T22754] name failslab, interval 1, probability 0, space 0, times 0 [ 771.258747][T22754] CPU: 1 UID: 0 PID: 22754 Comm: syz.0.6411 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 771.258818][T22754] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 771.258837][T22754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 771.258857][T22754] Call Trace: [ 771.258869][T22754] [ 771.258882][T22754] dump_stack_lvl+0x100/0x190 [ 771.258936][T22754] should_fail_ex.cold+0x5/0xa [ 771.258974][T22754] should_failslab+0xc2/0x120 [ 771.259008][T22754] __kmalloc_cache_noprof+0x7a/0x6f0 [ 771.259045][T22754] ? tipc_sub_subscribe+0x15c/0x730 [ 771.259085][T22754] ? find_held_lock+0x2b/0x80 [ 771.259123][T22754] tipc_sub_subscribe+0x15c/0x730 [ 771.259168][T22754] tipc_conn_rcv_sub+0x21e/0x3d0 [ 771.259209][T22754] tipc_topsrv_kern_subscr+0x20b/0x3c0 [ 771.259249][T22754] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 771.259291][T22754] ? net_generic+0xea/0x2a0 [ 771.259337][T22754] tipc_group_create+0x4ab/0x660 [ 771.259382][T22754] tipc_setsockopt+0x611/0xe30 [ 771.259432][T22754] ? __pfx_tipc_setsockopt+0x10/0x10 [ 771.259496][T22754] ? __pfx_tipc_setsockopt+0x10/0x10 [ 771.259552][T22754] do_sock_setsockopt+0xf3/0x1d0 [ 771.259604][T22754] __sys_setsockopt+0x119/0x190 [ 771.259651][T22754] __x64_sys_setsockopt+0xbd/0x160 [ 771.259687][T22754] ? do_syscall_64+0x95/0xf80 [ 771.259726][T22754] ? lockdep_hardirqs_on+0x78/0x100 [ 771.259763][T22754] do_syscall_64+0x106/0xf80 [ 771.259800][T22754] ? clear_bhb_loop+0x40/0x90 [ 771.259841][T22754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.259875][T22754] RIP: 0033:0x7f6c97d9c799 [ 771.259903][T22754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 771.259936][T22754] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 771.259968][T22754] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 771.259989][T22754] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 771.260010][T22754] RBP: 00007f6c97e32bd9 R08: 0000000000000014 R09: 0000000000000000 [ 771.260029][T22754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.260048][T22754] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 771.260090][T22754] [ 771.260103][T22754] tipc: Subscription rejected, no memory [ 772.063545][T22772] netlink: 338 bytes leftover after parsing attributes in process `syz.3.6419'. [ 772.096937][T22772] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.104452][T22772] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.212296][T22780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6422'. [ 772.223955][T22780] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6422'. [ 773.401335][T22799] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 773.736368][T22808] input: f as /devices/virtual/input/input15 [ 773.823566][T22802] phram: parameter too long [ 774.333809][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804d3f6400: rx timeout, send abort [ 774.344571][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88804d3f6400: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 774.369998][ T5171] ERROR: Out of memory at tomoyo_memory_ok. [ 774.532877][T22818] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6434'. [ 774.692539][T22806] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 774.708847][T22806] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 774.715011][T22806] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 774.799254][T22806] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 775.278204][T22835] phram: parameter too long [ 775.748615][ T51] Bluetooth: hci0: command 0x2016 tx timeout [ 775.972512][T22847] ERROR: Out of memory at tomoyo_memory_ok. [ 776.328459][T22860] ima: policy update failed [ 776.333599][ T30] audit: type=1802 audit(1772712701.261:17): pid=22860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.6448" res=0 errno=0 [ 776.790133][T20732] Bluetooth: hci1: command 0x0406 tx timeout [ 776.796312][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 776.869274][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 777.947713][T22901] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6461'. [ 778.078339][T22902] Process accounting resumed [ 778.112493][T22906] overlayfs: missing 'lowerdir' [ 778.612223][T22915] FAULT_INJECTION: forcing a failure. [ 778.612223][T22915] name failslab, interval 1, probability 0, space 0, times 0 [ 778.634821][T22915] CPU: 0 UID: 0 PID: 22915 Comm: syz.0.6466 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 778.634895][T22915] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 778.634915][T22915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 778.634934][T22915] Call Trace: [ 778.634946][T22915] [ 778.634959][T22915] dump_stack_lvl+0x100/0x190 [ 778.635012][T22915] should_fail_ex.cold+0x5/0xa [ 778.635052][T22915] should_failslab+0xc2/0x120 [ 778.635087][T22915] __kmalloc_cache_noprof+0x7a/0x6f0 [ 778.635129][T22915] ? wakeup_source_device_create+0x46/0x2e0 [ 778.635192][T22915] wakeup_source_device_create+0x46/0x2e0 [ 778.635248][T22915] wakeup_source_sysfs_add+0x1c/0x90 [ 778.635300][T22915] wakeup_source_register+0x154/0x3e0 [ 778.635348][T22915] ep_create_wakeup_source+0x1df/0x2e0 [ 778.635403][T22915] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 778.635462][T22915] ? do_epoll_ctl+0x1012/0x36a0 [ 778.635494][T22915] ? do_epoll_ctl+0x1012/0x36a0 [ 778.635537][T22915] do_epoll_ctl+0x1eee/0x36a0 [ 778.635597][T22915] ? __pfx_do_epoll_ctl+0x10/0x10 [ 778.635627][T22915] ? find_held_lock+0x2b/0x80 [ 778.635657][T22915] ? __might_fault+0xc5/0x140 [ 778.635700][T22915] ? __might_fault+0xc5/0x140 [ 778.635762][T22915] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 778.635794][T22915] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 778.635830][T22915] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 778.635878][T22915] do_syscall_64+0x106/0xf80 [ 778.635916][T22915] ? clear_bhb_loop+0x40/0x90 [ 778.635956][T22915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.635990][T22915] RIP: 0033:0x7f6c97d9c799 [ 778.636019][T22915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 778.636050][T22915] RSP: 002b:00007f6c98ced028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 778.636081][T22915] RAX: ffffffffffffffda RBX: 00007f6c98015fa0 RCX: 00007f6c97d9c799 [ 778.636103][T22915] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 778.636122][T22915] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 778.636143][T22915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 778.636163][T22915] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 778.636208][T22915] [ 779.522542][ T51] Bluetooth: hci2: unexpected event 0x06 length: 435 > 3 [ 779.600750][T22950] HfR: entered promiscuous mode [ 779.642136][T22950] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6479'. [ 779.740342][T22950] HfR: left promiscuous mode [ 780.637928][T22992] FAULT_INJECTION: forcing a failure. [ 780.637928][T22992] name failslab, interval 1, probability 0, space 0, times 0 [ 780.650910][T22992] CPU: 0 UID: 0 PID: 22992 Comm: syz.1.6493 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 780.650951][T22992] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 780.650962][T22992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 780.650974][T22992] Call Trace: [ 780.650981][T22992] [ 780.650988][T22992] dump_stack_lvl+0x100/0x190 [ 780.651020][T22992] should_fail_ex.cold+0x5/0xa [ 780.651042][T22992] should_failslab+0xc2/0x120 [ 780.651062][T22992] __kmalloc_cache_noprof+0x7a/0x6f0 [ 780.651086][T22992] ? copy_mount_options+0x55/0x190 [ 780.651115][T22992] copy_mount_options+0x55/0x190 [ 780.651141][T22992] __x64_sys_mount+0x1ab/0x310 [ 780.651162][T22992] ? __pfx___x64_sys_mount+0x10/0x10 [ 780.651197][T22992] do_syscall_64+0x106/0xf80 [ 780.651218][T22992] ? clear_bhb_loop+0x40/0x90 [ 780.651241][T22992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.651260][T22992] RIP: 0033:0x7f13e1d9c799 [ 780.651276][T22992] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 780.651295][T22992] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 780.651314][T22992] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 780.651326][T22992] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 780.651338][T22992] RBP: 00007f13e1e32bd9 R08: 0000200000000280 R09: 0000000000000000 [ 780.651348][T22992] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 780.651359][T22992] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 780.651382][T22992] [ 780.933972][T22997] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6494'. [ 781.557181][T23012] netlink: 346 bytes leftover after parsing attributes in process `syz.0.6501'. [ 781.749014][T23017] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6502'. [ 782.603246][T23039] type: 65536 invalid [ 782.836218][ T51] block nbd2: Receive control failed (result -32) [ 785.368165][T23112] netlink: 146 bytes leftover after parsing attributes in process `syz.3.6538'. [ 785.808451][T23102] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 785.815154][T23102] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 785.828169][T23102] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 785.836882][T23102] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 786.940354][T23167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6557'. [ 786.970727][T23167] netlink: 13 bytes leftover after parsing attributes in process `syz.0.6557'. [ 787.189047][ T51] Bluetooth: hci0: command 0x2016 tx timeout [ 787.289391][T23177] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6560'. [ 787.644767][T23188] netlink: 234 bytes leftover after parsing attributes in process `syz.1.6567'. [ 787.828881][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 787.834948][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 787.914054][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 788.143103][T23204] lo: entered allmulticast mode [ 788.230152][T23204] lo: left allmulticast mode [ 788.294596][T23207] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6574'. [ 788.667353][T23210] netlink: 146 bytes leftover after parsing attributes in process `syz.3.6577'. [ 789.375558][T23232] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6581'. [ 789.599301][T23234] FAULT_INJECTION: forcing a failure. [ 789.599301][T23234] name failslab, interval 1, probability 0, space 0, times 0 [ 789.649508][T23234] CPU: 1 UID: 0 PID: 23234 Comm: syz.3.6582 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 789.649581][T23234] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 789.649601][T23234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 789.649620][T23234] Call Trace: [ 789.649632][T23234] [ 789.649645][T23234] dump_stack_lvl+0x100/0x190 [ 789.649699][T23234] should_fail_ex.cold+0x5/0xa [ 789.649738][T23234] should_failslab+0xc2/0x120 [ 789.649773][T23234] __kmalloc_cache_noprof+0x7a/0x6f0 [ 789.649813][T23234] ? drm_atomic_state_alloc+0xb8/0x120 [ 789.649858][T23234] drm_atomic_state_alloc+0xb8/0x120 [ 789.649893][T23234] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 789.649934][T23234] ? trace_contention_end+0x140/0x180 [ 789.649977][T23234] ? __mutex_lock+0x26a/0x1b90 [ 789.650015][T23234] ? __mutex_lock+0x26a/0x1b90 [ 789.650054][T23234] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 789.650095][T23234] ? drm_master_internal_acquire+0x21/0x80 [ 789.650174][T23234] drm_client_modeset_commit_locked+0x14d/0x580 [ 789.650222][T23234] drm_client_modeset_commit+0x4f/0x80 [ 789.650263][T23234] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 789.650309][T23234] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 789.650354][T23234] drm_fbdev_client_restore+0x1b/0x30 [ 789.650403][T23234] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 789.650451][T23234] drm_client_dev_restore+0x205/0x2a0 [ 789.650508][T23234] drm_release+0x2c6/0x360 [ 789.650544][T23234] ? __pfx_drm_release+0x10/0x10 [ 789.650577][T23234] __fput+0x3ff/0xb40 [ 789.650623][T23234] task_work_run+0x150/0x240 [ 789.650669][T23234] ? __pfx_task_work_run+0x10/0x10 [ 789.650728][T23234] exit_to_user_mode_loop+0x100/0x4a0 [ 789.650777][T23234] do_syscall_64+0x668/0xf80 [ 789.650814][T23234] ? clear_bhb_loop+0x40/0x90 [ 789.650855][T23234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.650889][T23234] RIP: 0033:0x7fd18b79c799 [ 789.650918][T23234] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 789.650949][T23234] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 789.650981][T23234] RAX: 0000000000000000 RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 789.651002][T23234] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 789.651021][T23234] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 789.651040][T23234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.651059][T23234] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 789.651106][T23234] [ 790.850849][T23260] netlink: 222 bytes leftover after parsing attributes in process `syz.1.6593'. [ 791.304134][T23271] nfs: Unknown parameter 'm?LH>「^eko}* ' [ 791.321003][T23271] FAULT_INJECTION: forcing a failure. [ 791.321003][T23271] name failslab, interval 1, probability 0, space 0, times 0 [ 791.335010][T23271] CPU: 0 UID: 0 PID: 23271 Comm: syz.3.6598 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 791.335073][T23271] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 791.335092][T23271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 791.335110][T23271] Call Trace: [ 791.335120][T23271] [ 791.335131][T23271] dump_stack_lvl+0x100/0x190 [ 791.335180][T23271] should_fail_ex.cold+0x5/0xa [ 791.335217][T23271] should_failslab+0xc2/0x120 [ 791.335249][T23271] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 791.335292][T23271] ? ptlock_alloc+0x1f/0x70 [ 791.335336][T23271] ptlock_alloc+0x1f/0x70 [ 791.335375][T23271] pte_alloc_one+0x84/0x3e0 [ 791.335409][T23271] __pte_alloc+0x6d/0x3f0 [ 791.335439][T23271] ? __pfx___pte_alloc+0x10/0x10 [ 791.335477][T23271] ? _raw_spin_unlock+0x28/0x50 [ 791.335507][T23271] ? __pmd_alloc+0x6aa/0x9c0 [ 791.335544][T23271] move_page_tables+0x257e/0x4500 [ 791.335589][T23271] ? __pfx_copy_vma+0x10/0x10 [ 791.335646][T23271] ? __pfx_move_page_tables+0x10/0x10 [ 791.335715][T23271] copy_vma_and_data+0x25c/0x7c0 [ 791.335761][T23271] ? __pfx_copy_vma_and_data+0x10/0x10 [ 791.335832][T23271] ? __vma_start_write+0x17f/0x280 [ 791.335870][T23271] ? __pfx___vma_start_write+0x10/0x10 [ 791.335906][T23271] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 791.335965][T23271] move_vma+0x51b/0x1890 [ 791.336015][T23271] ? __pfx_move_vma+0x10/0x10 [ 791.336060][T23271] ? thp_get_unmapped_area_vmflags+0x27f/0x2d0 [ 791.336100][T23271] ? cap_mmap_addr+0x4b/0x120 [ 791.336139][T23271] ? bpf_lsm_mmap_addr+0x9/0x30 [ 791.336185][T23271] ? security_mmap_addr+0x71/0x1e0 [ 791.336217][T23271] ? __get_unmapped_area+0x255/0x3e0 [ 791.336256][T23271] ? vrm_set_new_addr+0x204/0x290 [ 791.336305][T23271] mremap_to+0x1b7/0x450 [ 791.336351][T23271] do_mremap+0xb76/0x2130 [ 791.336412][T23271] ? __pfx_do_mremap+0x10/0x10 [ 791.336466][T23271] ? ksys_write+0x190/0x250 [ 791.336524][T23271] __do_sys_mremap+0x126/0x170 [ 791.336566][T23271] ? __pfx___do_sys_mremap+0x10/0x10 [ 791.336624][T23271] ? __x64_sys_futex+0x34f/0x4d0 [ 791.336691][T23271] do_syscall_64+0x106/0xf80 [ 791.336728][T23271] ? clear_bhb_loop+0x40/0x90 [ 791.336768][T23271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.336810][T23271] RIP: 0033:0x7fd18b79c799 [ 791.336838][T23271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 791.336869][T23271] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 791.336902][T23271] RAX: ffffffffffffffda RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 791.336924][T23271] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 000000110c231000 [ 791.336944][T23271] RBP: 00007fd18b832bd9 R08: 0000000100000000 R09: 0000000000000000 [ 791.336965][T23271] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 791.336985][T23271] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 791.337029][T23271] [ 791.853086][T23281] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6603'. [ 791.975771][T23286] ERROR: Out of memory at tomoyo_memory_ok. [ 792.159380][T23294] Process accounting resumed [ 792.661630][T23314] ERROR: Out of memory at tomoyo_memory_ok. [ 792.676563][T23316] FAULT_INJECTION: forcing a failure. [ 792.676563][T23316] name failslab, interval 1, probability 0, space 0, times 0 [ 792.691242][T23316] CPU: 1 UID: 0 PID: 23316 Comm: syz.3.6616 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 792.691307][T23316] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 792.691327][T23316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 792.691348][T23316] Call Trace: [ 792.691359][T23316] [ 792.691374][T23316] dump_stack_lvl+0x100/0x190 [ 792.691428][T23316] should_fail_ex.cold+0x5/0xa [ 792.691466][T23316] ? vkms_crtc_atomic_check+0x38a/0x7c0 [ 792.691499][T23316] should_failslab+0xc2/0x120 [ 792.691533][T23316] __kmalloc_noprof+0xe0/0x850 [ 792.691588][T23316] ? drm_atomic_add_affected_planes+0x32b/0x3f0 [ 792.691633][T23316] vkms_crtc_atomic_check+0x38a/0x7c0 [ 792.691678][T23316] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 792.691713][T23316] drm_atomic_helper_check_planes+0x4dc/0x900 [ 792.691776][T23316] drm_atomic_helper_check+0xae/0x190 [ 792.691811][T23316] vkms_atomic_check+0x1d9/0x250 [ 792.691852][T23316] ? __pfx_vkms_atomic_check+0x10/0x10 [ 792.691898][T23316] drm_atomic_check_only+0x19ea/0x31b0 [ 792.691954][T23316] drm_atomic_commit+0x132/0x300 [ 792.691986][T23316] ? __pfx_drm_atomic_commit+0x10/0x10 [ 792.692018][T23316] ? __pfx___drm_printfn_info+0x10/0x10 [ 792.692062][T23316] ? drm_client_rotation+0x451/0x6a0 [ 792.692105][T23316] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 792.692156][T23316] ? __mutex_lock+0x26a/0x1b90 [ 792.692203][T23316] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 792.692244][T23316] ? drm_master_internal_acquire+0x21/0x80 [ 792.692320][T23316] drm_client_modeset_commit_locked+0x14d/0x580 [ 792.692366][T23316] drm_client_modeset_commit+0x4f/0x80 [ 792.692405][T23316] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 792.692449][T23316] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 792.692493][T23316] drm_fbdev_client_restore+0x1b/0x30 [ 792.692540][T23316] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 792.692599][T23316] drm_client_dev_restore+0x205/0x2a0 [ 792.692646][T23316] drm_release+0x2c6/0x360 [ 792.692683][T23316] ? __pfx_drm_release+0x10/0x10 [ 792.692717][T23316] __fput+0x3ff/0xb40 [ 792.692769][T23316] task_work_run+0x150/0x240 [ 792.692815][T23316] ? __pfx_task_work_run+0x10/0x10 [ 792.692875][T23316] exit_to_user_mode_loop+0x100/0x4a0 [ 792.692923][T23316] do_syscall_64+0x668/0xf80 [ 792.692960][T23316] ? clear_bhb_loop+0x40/0x90 [ 792.693001][T23316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.693034][T23316] RIP: 0033:0x7fd18b79c799 [ 792.693062][T23316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 792.693092][T23316] RSP: 002b:00007fd18c6dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 792.693123][T23316] RAX: 0000000000000000 RBX: 00007fd18ba15fa0 RCX: 00007fd18b79c799 [ 792.693144][T23316] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 792.693163][T23316] RBP: 00007fd18b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 792.693183][T23316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.693202][T23316] R13: 00007fd18ba16038 R14: 00007fd18ba15fa0 R15: 00007fff9eb02a98 [ 792.693249][T23316] [ 793.527467][ T30] audit: type=1800 audit(1772712718.451:18): pid=23333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6621" name="lu_gp_id" dev="configfs" ino=82025 res=0 errno=0 [ 796.319076][T23403] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6649'. [ 796.362242][T23404] Setting dangerous option i915.mitigations - tainting kernel [ 796.606150][T23414] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 796.822900][T23406] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6648'. [ 797.321514][T23435] netlink: 'syz.2.6662': attribute type 4 has an invalid length. [ 797.431127][T23429] serio: Serial port ttyS2 [ 798.179095][T23458] FAULT_INJECTION: forcing a failure. [ 798.179095][T23458] name failslab, interval 1, probability 0, space 0, times 0 [ 798.246879][T23458] CPU: 0 UID: 0 PID: 23458 Comm: syz.1.6669 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 798.246947][T23458] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 798.246968][T23458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 798.246986][T23458] Call Trace: [ 798.246997][T23458] [ 798.247011][T23458] dump_stack_lvl+0x100/0x190 [ 798.247062][T23458] should_fail_ex.cold+0x5/0xa [ 798.247099][T23458] should_failslab+0xc2/0x120 [ 798.247133][T23458] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 798.247178][T23458] ? sk_prot_alloc+0x60/0x2a0 [ 798.247230][T23458] sk_prot_alloc+0x60/0x2a0 [ 798.247278][T23458] sk_alloc+0x36/0xe80 [ 798.247313][T23458] kcm_create+0xfc/0x6a0 [ 798.247349][T23458] __sock_create+0x339/0x860 [ 798.247397][T23458] __sys_socket+0x14d/0x260 [ 798.247445][T23458] ? __pfx___sys_socket+0x10/0x10 [ 798.247498][T23458] __x64_sys_socket+0x72/0xb0 [ 798.247541][T23458] ? lockdep_hardirqs_on+0x78/0x100 [ 798.247578][T23458] do_syscall_64+0x106/0xf80 [ 798.247613][T23458] ? clear_bhb_loop+0x40/0x90 [ 798.247653][T23458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.247683][T23458] RIP: 0033:0x7f13e1d9c799 [ 798.247708][T23458] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 798.247746][T23458] RSP: 002b:00007f13e2b87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 798.247779][T23458] RAX: ffffffffffffffda RBX: 00007f13e2015fa0 RCX: 00007f13e1d9c799 [ 798.247801][T23458] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 798.247820][T23458] RBP: 00007f13e1e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 798.247840][T23458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 798.247859][T23458] R13: 00007f13e2016038 R14: 00007f13e2015fa0 R15: 00007ffe77b72168 [ 798.247901][T23458] [ 799.406511][T23491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6682'. [ 799.442154][T23491] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6682'. [ 799.652500][T23502] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6688'. [ 799.669870][T23502] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6688'. [ 799.678913][T23502] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6688'. [ 800.359177][T23526] netlink: 322 bytes leftover after parsing attributes in process `syz.2.6698'. [ 801.220139][T22617] ------------[ cut here ]------------ [ 801.225707][T22617] ODEBUG: free active (active state 0) object: ffff888034c45460 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 801.238548][T22617] WARNING: lib/debugobjects.c:629 at debug_print_object+0x18e/0x2a0, CPU#1: syz.0.6373/22617 [ 801.248816][T22617] Modules linked in: [ 801.252763][T22617] CPU: 1 UID: 0 PID: 22617 Comm: syz.0.6373 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 801.263818][T22617] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 801.273976][T22617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 801.284136][T22617] RIP: 0010:debug_print_object+0x19b/0x2a0 [ 801.290028][T22617] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d b2 8a e8 0b 41 56 48 8b 14 dd e0 08 1b 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 4c 2c de 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 801.309730][T22617] RSP: 0000:ffffc9000211f708 EFLAGS: 00010246 [ 801.315847][T22617] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 801.323912][T22617] RDX: ffffffff8c1b0820 RSI: ffffffff8c1b0440 RDI: ffffffff90e44540 [ 801.332014][T22617] RBP: 0000000000000001 R08: ffff888034c45460 R09: ffffffff8bb2b860 [ 801.340064][T22617] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8c1b0440 [ 801.348062][T22617] R13: ffffffff8bb2b8a0 R14: ffffffff8a964e20 R15: ffffc9000211f808 [ 801.356099][T22617] FS: 0000000000000000(0000) GS:ffff88812444c000(0000) knlGS:0000000000000000 [ 801.365091][T22617] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 801.371749][T22617] CR2: 0000001b307e2ff8 CR3: 000000003326c000 CR4: 00000000003526f0 [ 801.379821][T22617] Call Trace: [ 801.383129][T22617] [ 801.386085][T22617] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 801.391652][T22617] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 801.397518][T22617] debug_check_no_obj_freed+0x4da/0x630 [ 801.403277][T22617] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 801.409427][T22617] ? __page_table_check_zero+0x333/0x410 [ 801.415111][T22617] ? __page_table_check_zero+0x338/0x410 [ 801.420851][T22617] __free_frozen_pages+0x392/0x10d0 [ 801.426105][T22617] hci_release_dev+0x4ef/0x630 [ 801.431181][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880351fd400: rx timeout, send abort [ 801.439769][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880351fd400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 801.440368][ T5171] ERROR: Out of memory at tomoyo_memory_ok. [ 801.466081][T22617] ? __pfx_hci_release_dev+0x10/0x10 [ 801.471476][T22617] ? device_release+0x69/0x240 [ 801.476274][T22617] ? rcu_is_watching+0x12/0xc0 [ 801.481464][T22617] ? device_release+0x69/0x240 [ 801.486271][T22617] ? kfree+0x2ec/0x6b0 [ 801.490502][T22617] bt_host_release+0x6a/0xb0 [ 801.495147][T22617] ? __pfx_bt_host_release+0x10/0x10 [ 801.500530][T22617] device_release+0xa4/0x240 [ 801.505169][T22617] kobject_put+0x1f7/0x640 [ 801.509696][T22617] put_device+0x1f/0x30 [ 801.513900][T22617] vhci_release+0x185/0x230 [ 801.518458][T22617] ? __pfx_vhci_release+0x10/0x10 [ 801.523612][T22617] __fput+0x3ff/0xb40 [ 801.527647][T22617] task_work_run+0x150/0x240 [ 801.532354][T22617] ? __pfx_task_work_run+0x10/0x10 [ 801.537521][T22617] ? free_uts_ns+0x16e/0x330 [ 801.542224][T22617] do_exit+0x8b8/0x2b60 [ 801.546430][T22617] ? __pfx_do_exit+0x10/0x10 [ 801.551114][T22617] ? cgroup_update_frozen_flag+0x107/0x210 [ 801.556971][T22617] ? find_held_lock+0x2b/0x80 [ 801.561735][T22617] ? get_signal+0x184f/0x21e0 [ 801.566460][T22617] do_group_exit+0xd5/0x2a0 [ 801.571068][T22617] get_signal+0x1ec7/0x21e0 [ 801.575617][T22617] ? __asan_memset+0x23/0x50 [ 801.580345][T22617] ? __pfx_get_signal+0x10/0x10 [ 801.585245][T22617] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 801.590611][T22617] arch_do_signal_or_restart+0x91/0x770 [ 801.596208][T22617] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 801.602482][T22617] ? __x64_sys_clock_nanosleep+0x347/0x480 [ 801.608443][T22617] exit_to_user_mode_loop+0x86/0x4a0 [ 801.613830][T22617] do_syscall_64+0x668/0xf80 [ 801.618463][T22617] ? clear_bhb_loop+0x40/0x90 [ 801.623246][T22617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.629238][T22617] RIP: 0033:0x7f6c97d5cfce [ 801.633695][T22617] Code: Unable to access opcode bytes at 0x7f6c97d5cfa4. [ 801.640859][T22617] RSP: 002b:00007f6c98cecf58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 801.649357][T22617] RAX: fffffffffffffdfc RBX: 00007f6c98ced6c0 RCX: 00007f6c97d5cfce [ 801.657367][T22617] RDX: 00007f6c98cecfb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 801.665421][T22617] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 801.673489][T22617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.681538][T22617] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 801.689608][T22617] [ 801.692679][T22617] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 801.699991][T22617] CPU: 1 UID: 0 PID: 22617 Comm: syz.0.6373 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 801.710963][T22617] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 801.721025][T22617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 801.731088][T22617] Call Trace: [ 801.734376][T22617] [ 801.737324][T22617] dump_stack_lvl+0x100/0x190 [ 801.742029][T22617] vpanic+0x552/0x970 [ 801.746027][T22617] ? __pfx_vpanic+0x10/0x10 [ 801.750555][T22617] panic+0xd1/0xe0 [ 801.754293][T22617] ? __pfx_panic+0x10/0x10 [ 801.758734][T22617] ? check_panic_on_warn+0x1f/0x90 [ 801.763874][T22617] check_panic_on_warn.cold+0x19/0x34 [ 801.769261][T22617] ? debug_print_object+0x18e/0x2a0 [ 801.774479][T22617] __warn.cold+0x191/0x348 [ 801.778918][T22617] __report_bug+0x296/0x3d0 [ 801.783434][T22617] ? debug_print_object+0x18e/0x2a0 [ 801.788655][T22617] ? __pfx___report_bug+0x10/0x10 [ 801.793708][T22617] ? __lock_acquire+0x4a5/0x2630 [ 801.798691][T22617] ? unwind_next_frame+0x3c8/0x1ea0 [ 801.803919][T22617] report_bug_entry+0xe1/0x290 [ 801.808697][T22617] ? debug_print_object+0x19b/0x2a0 [ 801.813915][T22617] handle_bug+0x1cd/0x2a0 [ 801.818264][T22617] exc_invalid_op+0x17/0x50 [ 801.822791][T22617] asm_exc_invalid_op+0x1a/0x20 [ 801.827653][T22617] RIP: 0010:debug_print_object+0x19b/0x2a0 [ 801.833477][T22617] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d b2 8a e8 0b 41 56 48 8b 14 dd e0 08 1b 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 4c 2c de 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 801.853101][T22617] RSP: 0000:ffffc9000211f708 EFLAGS: 00010246 [ 801.859185][T22617] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 801.867168][T22617] RDX: ffffffff8c1b0820 RSI: ffffffff8c1b0440 RDI: ffffffff90e44540 [ 801.875145][T22617] RBP: 0000000000000001 R08: ffff888034c45460 R09: ffffffff8bb2b860 [ 801.883121][T22617] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8c1b0440 [ 801.891103][T22617] R13: ffffffff8bb2b8a0 R14: ffffffff8a964e20 R15: ffffc9000211f808 [ 801.899093][T22617] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 801.904618][T22617] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 801.910103][T22617] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 801.915933][T22617] debug_check_no_obj_freed+0x4da/0x630 [ 801.921507][T22617] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 801.927608][T22617] ? __page_table_check_zero+0x333/0x410 [ 801.933262][T22617] ? __page_table_check_zero+0x338/0x410 [ 801.938914][T22617] __free_frozen_pages+0x392/0x10d0 [ 801.944150][T22617] hci_release_dev+0x4ef/0x630 [ 801.948955][T22617] ? __pfx_hci_release_dev+0x10/0x10 [ 801.954265][T22617] ? device_release+0x69/0x240 [ 801.959041][T22617] ? rcu_is_watching+0x12/0xc0 [ 801.963826][T22617] ? device_release+0x69/0x240 [ 801.968605][T22617] ? kfree+0x2ec/0x6b0 [ 801.972695][T22617] bt_host_release+0x6a/0xb0 [ 801.977302][T22617] ? __pfx_bt_host_release+0x10/0x10 [ 801.982605][T22617] device_release+0xa4/0x240 [ 801.987214][T22617] kobject_put+0x1f7/0x640 [ 801.991652][T22617] put_device+0x1f/0x30 [ 801.995834][T22617] vhci_release+0x185/0x230 [ 802.000365][T22617] ? __pfx_vhci_release+0x10/0x10 [ 802.005416][T22617] __fput+0x3ff/0xb40 [ 802.009424][T22617] task_work_run+0x150/0x240 [ 802.014045][T22617] ? __pfx_task_work_run+0x10/0x10 [ 802.019177][T22617] ? free_uts_ns+0x16e/0x330 [ 802.023803][T22617] do_exit+0x8b8/0x2b60 [ 802.027978][T22617] ? __pfx_do_exit+0x10/0x10 [ 802.032582][T22617] ? cgroup_update_frozen_flag+0x107/0x210 [ 802.038410][T22617] ? find_held_lock+0x2b/0x80 [ 802.043100][T22617] ? get_signal+0x184f/0x21e0 [ 802.047798][T22617] do_group_exit+0xd5/0x2a0 [ 802.052327][T22617] get_signal+0x1ec7/0x21e0 [ 802.056842][T22617] ? __asan_memset+0x23/0x50 [ 802.061458][T22617] ? __pfx_get_signal+0x10/0x10 [ 802.066327][T22617] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 802.071551][T22617] arch_do_signal_or_restart+0x91/0x770 [ 802.077117][T22617] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 802.083291][T22617] ? __x64_sys_clock_nanosleep+0x347/0x480 [ 802.089132][T22617] exit_to_user_mode_loop+0x86/0x4a0 [ 802.094522][T22617] do_syscall_64+0x668/0xf80 [ 802.099151][T22617] ? clear_bhb_loop+0x40/0x90 [ 802.103871][T22617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.109793][T22617] RIP: 0033:0x7f6c97d5cfce [ 802.114227][T22617] Code: Unable to access opcode bytes at 0x7f6c97d5cfa4. [ 802.121254][T22617] RSP: 002b:00007f6c98cecf58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 802.129687][T22617] RAX: fffffffffffffdfc RBX: 00007f6c98ced6c0 RCX: 00007f6c97d5cfce [ 802.137671][T22617] RDX: 00007f6c98cecfb0 RSI: 0000000000000000 RDI: 0000000000000000 [ 802.145651][T22617] RBP: 00007f6c97e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 802.153631][T22617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.161611][T22617] R13: 00007f6c98016038 R14: 00007f6c98015fa0 R15: 00007ffd740d9858 [ 802.169609][T22617] [ 802.172783][T22617] Kernel Offset: disabled [ 802.177103][T22617] Rebooting in 86400 seconds..