last executing test programs: 17m7.038730796s ago: executing program 1 (id=11569): mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) eventfd$auto(0x3) 17m5.888072147s ago: executing program 1 (id=11584): r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r0, &(0x7f0000000000)='\x13\x00', 0x2fe) 17m5.351261877s ago: executing program 1 (id=11592): socket(0x27, 0x5, 0x73) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) 17m4.309473006s ago: executing program 1 (id=11605): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @fd}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "016a76f37bf001ca2200000100"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 17m4.000753646s ago: executing program 1 (id=11606): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x121702, 0x0) unshare$auto(0x40000080) select$auto(0x7, 0x0, &(0x7f0000000200)={[0x9, 0x8, 0x3, 0x2, 0x3, 0x1000000009, 0x9, 0xff, 0x3, 0xffffffffffffffff, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x3, 0x9]}, 0x0, 0x0) 16m59.222327001s ago: executing program 1 (id=11660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_VENDOR(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000001700)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050727d57000fbdbdf256700000005002b0140"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) 16m58.847321039s ago: executing program 32 (id=11660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_VENDOR(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000001700)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050727d57000fbdbdf256700000005002b0140"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) 8.218183479s ago: executing program 2 (id=22522): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) 8.120784779s ago: executing program 4 (id=22523): socket(0x10, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x80000001, 0x0, 0x100, 0xee01, 0x0, 0x0, 0xffffffffffffff91, 0xfd3, 0x2, 0xec, 0x4, 0x80000000081, 0x8, 0x2, 0xfffffffffffffff8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r0], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.686011094s ago: executing program 4 (id=22524): socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x800008000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r0, 0x89f2, r0) 6.917864959s ago: executing program 2 (id=22526): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000) r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/numa_maps\x00', 0x16b442, 0x0) read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000) 6.204134156s ago: executing program 2 (id=22528): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) capset$auto(0x0, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @raw=0xffbff024}}) write$auto(r0, 0x0, 0x6) 5.825579012s ago: executing program 4 (id=22538): r0 = openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/printk_formats\x00', 0x109000, 0x0) fstat$auto(r0, &(0x7f0000000040)={0x49ef, 0xa, 0xc, 0x5, 0x0, 0xee00, 0x0, 0xb6, 0x586d, 0x1c3084ec, 0x0, 0x7, 0x4, 0x4d, 0x6, 0x7fff, 0x9}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) fcntl$auto_F_OFD_GETLK(r1, 0x24, 0x80) 5.522231718s ago: executing program 3 (id=22532): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ustat$auto(0x801, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x48040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x40146f2c, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40000403c6f2b, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x6f29, 0x0) 5.250823206s ago: executing program 0 (id=22533): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2000040080000000, 0xe) r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r0, &(0x7f00000002c0)=""/190, 0xfffffe39) 5.226272856s ago: executing program 3 (id=22534): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x40, &(0x7f00000001c0)={0x1200, 0x8, 0x10000, 0x40, 0x5b77b906, 0x0, 0xffffffffffffffff, [0xcfa, 0xe5d, 0x5], {0x8001, 0x38, 0x9, 0x4, 0x4, 0x3, 0x3ff, 0x3, 0xffff}, {0x20000000, 0x9, 0x7, 0x2, 0x2, 0xffff13a7, 0x0, 0x449e, 0x3}}) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) capset$auto(0x0, &(0x7f0000000000)={0x2, 0xc, 0x5a}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x205ac, &(0x7f0000000100)={&(0x7f0000000200), 0xe}, 0x5, 0x0, 0x5, 0x4}, 0x20000005}, 0x5, 0xcae) 5.214604457s ago: executing program 2 (id=22535): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) ioctl$auto(0x3, 0x400caed0, 0xffffffffffffffff) write$auto_fops_u32_ro_(0xffffffffffffffff, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) creat$auto(&(0x7f0000000000)='./file0\x00', 0x8001) 4.863817447s ago: executing program 3 (id=22536): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_binder_features_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/features/oneway_spam_detection\x00', 0x4000, 0x0) close_range$auto(r0, r0, 0x4000000000002) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x8031ca, 0x9) mprotect$auto(0x0, 0x806121, 0x8) 4.863356734s ago: executing program 0 (id=22545): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 1.884045711s ago: executing program 3 (id=22537): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r0, 0xfffffff9, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 1.882357522s ago: executing program 0 (id=22547): mmap$auto(0x0, 0x400008, 0x6, 0x209b72, 0x2, 0x1000000008000) lstat$auto(0x0, 0x0) move_pages$auto(0x0, 0x8, 0x0, 0x0, 0x0, 0x2) mmap$auto(0xfffffffffffffffc, 0xf64e, 0xe, 0xe31, 0x403, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/lowpan0/uevent\x00', 0x101142, 0x0) write$auto(0x3, 0x0, 0x81) 1.549183285s ago: executing program 4 (id=22539): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0xf, &(0x7f00000001c0)=@bpf_attr_3={0x5, 0xaa, 0x276, 0x0, 0x3, 0x2, 0x8, 0x33, 0xd, "6326bcc7c57ffed984639b375ee8d538", 0x0, 0x3, 0xffffffffffffffff, 0xfffffffc, 0x6, 0x5, 0x0, 0x9, 0x2, 0x7f, @attach_prog_fd, 0xce51, 0x0, 0x7, 0x92c, 0x8}, 0xc) 1.256452487s ago: executing program 0 (id=22540): socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x401, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pnp0/00:01/resources\x00', 0x0, 0x0) 689.170644ms ago: executing program 2 (id=22541): io_uring_setup$auto(0x5d, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2000, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x0, 0x76c5, 0x8, 0x100000000}}) socket(0x1, 0x803, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x5, 0x0, 0x9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 682.436198ms ago: executing program 4 (id=22551): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0x0) 592.360493ms ago: executing program 0 (id=22542): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x3, 0xa) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x406, 0x0) socket(0xa, 0x2, 0x0) mprotect$auto(0x0, 0x806121, 0x6) getsockopt$auto(r0, 0x29, 0x4b, 0x0, 0x0) 162.934755ms ago: executing program 0 (id=22543): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 162.851982ms ago: executing program 4 (id=22544): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x80100, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) gettid() 162.295533ms ago: executing program 3 (id=22546): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xc) socket(0x2, 0x1, 0x0) setsockopt$auto(0x6, 0x8000000000000006, 0x10, 0x0, 0x7ffffc) 96.522703ms ago: executing program 2 (id=22548): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x9, 0x0) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec3\x00', 0x0, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 3 (id=22549): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) socketpair$auto(0x0, 0x2, 0x7, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 1329.618115][T25667] R13: ffffc900054d7da0 R14: 0000000000000000 R15: 0000000000000000 [ 1329.618134][T25667] _copy_from_user+0x98/0xd0 [ 1329.618154][T25667] do_sock_getsockopt+0x30b/0x3d0 [ 1329.618172][T25667] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1329.618198][T25667] __sys_getsockopt+0x133/0x1d0 [ 1329.618225][T25667] ? __x64_sys_getsockopt+0xbd/0x160 [ 1329.618246][T25667] __x64_sys_getsockopt+0xbd/0x160 [ 1329.618266][T25667] ? do_syscall_64+0x95/0xf80 [ 1329.618287][T25667] ? lockdep_hardirqs_on+0x78/0x100 [ 1329.618308][T25667] do_syscall_64+0x106/0xf80 [ 1329.618328][T25667] ? clear_bhb_loop+0x40/0x90 [ 1329.618346][T25667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1329.618361][T25667] RIP: 0033:0x7ff103f9c799 [ 1329.618380][T25667] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1329.618395][T25667] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1329.618410][T25667] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1329.618420][T25667] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003 [ 1329.618429][T25667] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1329.618438][T25667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1329.618447][T25667] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1329.618468][T25667] [ 1333.319056][T25754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20467'. [ 1333.922842][T25775] netlink: 330 bytes leftover after parsing attributes in process `syz.4.20473'. [ 1334.694035][T25794] nvme_fcloop: unknown parameter or missing value '7=";&L=j"Yq'R"' [ 1336.905300][T25880] netlink: 326 bytes leftover after parsing attributes in process `syz.0.20492'. [ 1337.221637][T25886] netlink: 334 bytes leftover after parsing attributes in process `syz.0.20493'. [ 1337.927554][T11716] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 1337.927580][T11716] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 1337.943282][T11716] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 1337.943307][T11716] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 1337.952365][T11716] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 1337.960270][T11716] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 1337.967484][T11716] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 1337.974622][T11716] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 1337.981625][T11716] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1338.543658][T25911] netlink: 206 bytes leftover after parsing attributes in process `syz.3.20505'. [ 1339.138578][T25930] netlink: 'syz.3.20510': attribute type 1 has an invalid length. [ 1340.205218][T25989] netlink: 222 bytes leftover after parsing attributes in process `syz.2.20522'. [ 1341.222655][T26032] random: crng reseeded on system resumption [ 1341.607324][T26046] netlink: 326 bytes leftover after parsing attributes in process `syz.4.20532'. [ 1347.109599][T26195] netlink: 334 bytes leftover after parsing attributes in process `syz.3.20566'. [ 1348.528326][T11716] block nbd2: Receive control failed (result -32) [ 1349.670776][T26264] netlink: 342 bytes leftover after parsing attributes in process `syz.4.20590'. [ 1349.741422][T26264] netlink: 342 bytes leftover after parsing attributes in process `syz.4.20590'. [ 1350.884150][T26300] netlink: 28 bytes leftover after parsing attributes in process `syz.2.20608'. [ 1350.957698][T26300] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1351.008644][T26300] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1351.057684][T26300] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1351.084006][T26306] netlink: 350 bytes leftover after parsing attributes in process `syz.4.20611'. [ 1351.121896][T26300] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1353.172207][T26382] random: crng reseeded on system resumption [ 1353.703908][T26401] futex_wake_op: syz.2.20636 tries to shift op by -2048; fix this program [ 1353.753888][T26401] futex_wake_op: syz.2.20636 tries to shift op by -2048; fix this program [ 1353.823812][T26401] 0x000000000001-0x000000020000 : "" [ 1353.873938][T26401] ftl_cs: FTL header corrupt! [ 1354.126010][T26408] ERROR: Out of memory at tomoyo_memory_ok. [ 1355.456226][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1355.470089][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1355.541498][T26456] netlink: 334 bytes leftover after parsing attributes in process `syz.0.20645'. [ 1356.692952][T26499] netlink: 206 bytes leftover after parsing attributes in process `syz.4.20654'. [ 1357.289762][T26514] netlink: 342 bytes leftover after parsing attributes in process `syz.4.20660'. [ 1357.351443][T26514] netlink: 342 bytes leftover after parsing attributes in process `syz.4.20660'. [ 1357.624566][T26525] netlink: 'syz.4.20662': attribute type 15 has an invalid length. [ 1357.672178][T26525] netlink: 186 bytes leftover after parsing attributes in process `syz.4.20662'. [ 1358.780609][T26533] netlink: 346 bytes leftover after parsing attributes in process `syz.2.20667'. [ 1359.009574][T26540] netlink: 28 bytes leftover after parsing attributes in process `syz.4.20668'. [ 1359.083771][T26540] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1359.131432][T26540] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1359.182367][T26540] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1359.230887][T26540] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1359.296852][T26540] bridge0: port 5(batadv0) entered disabled state [ 1359.379260][T26540] batadv0 (unregistering): left allmulticast mode [ 1359.414534][T26540] batadv0 (unregistering): left promiscuous mode [ 1359.452799][T26540] bridge0: port 5(batadv0) entered disabled state [ 1359.541400][T26549] random: crng reseeded on system resumption [ 1359.665857][T26568] Unrecognized hibernate image header format! [ 1359.730855][T26568] PM: hibernation: Image mismatch: architecture specific data [ 1359.881075][T26585] netlink: 20 bytes leftover after parsing attributes in process `syz.4.20672'. [ 1360.477921][T26610] netlink: 342 bytes leftover after parsing attributes in process `syz.4.20675'. [ 1361.210055][T26625] netlink: 'syz.2.20680': attribute type 2 has an invalid length. [ 1361.565542][T26632] netlink: 20 bytes leftover after parsing attributes in process `syz.3.20682'. [ 1362.835792][T26704] netlink: 350 bytes leftover after parsing attributes in process `syz.4.20692'. [ 1363.041794][T26708] netlink: 342 bytes leftover after parsing attributes in process `syz.0.20701'. [ 1364.762616][T26740] netlink: 354 bytes leftover after parsing attributes in process `syz.0.20713'. [ 1366.157281][T26824] netlink: 206 bytes leftover after parsing attributes in process `syz.2.20715'. [ 1366.516834][T26837] netlink: 130 bytes leftover after parsing attributes in process `syz.2.20718'. [ 1366.946983][T26847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.20721'. [ 1367.290937][T26845] HfR: entered promiscuous mode [ 1367.341339][T26847] HfR: left promiscuous mode [ 1369.479122][T26924] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20739'. [ 1371.235456][T26969] zswap: compressor not available [ 1373.030586][T27037] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20766'. [ 1373.101226][T27037] Zero length message leads to an empty skb [ 1373.576252][T27052] FAULT_INJECTION: forcing a failure. [ 1373.576252][T27052] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1373.678611][T27052] CPU: 0 UID: 0 PID: 27052 Comm: syz.2.20769 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1373.678658][T27052] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1373.678668][T27052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1373.678679][T27052] Call Trace: [ 1373.678684][T27052] [ 1373.678691][T27052] dump_stack_lvl+0x100/0x190 [ 1373.678720][T27052] should_fail_ex.cold+0x5/0xa [ 1373.678737][T27052] ? prepare_alloc_pages+0x16d/0x5f0 [ 1373.678758][T27052] should_fail_alloc_page+0xeb/0x140 [ 1373.678777][T27052] prepare_alloc_pages+0x1f0/0x5f0 [ 1373.678798][T27052] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1373.678827][T27052] ? __lock_acquire+0x4a5/0x2630 [ 1373.678847][T27052] ? css_rstat_updated+0x1ce/0x5a0 [ 1373.678865][T27052] ? __pfx_css_rstat_updated+0x10/0x10 [ 1373.678881][T27052] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1373.678908][T27052] ? rcu_is_watching+0x12/0xc0 [ 1373.678934][T27052] ? __lock_acquire+0x4a5/0x2630 [ 1373.678954][T27052] ? __lock_acquire+0x4a5/0x2630 [ 1373.678971][T27052] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1373.678996][T27052] ? policy_nodemask+0xed/0x4f0 [ 1373.679013][T27052] alloc_pages_mpol+0x1fb/0x550 [ 1373.679030][T27052] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1373.679046][T27052] ? find_held_lock+0x2b/0x80 [ 1373.679060][T27052] ? filemap_get_entry+0x1a7/0x3b0 [ 1373.679082][T27052] ? filemap_get_entry+0x1a7/0x3b0 [ 1373.679106][T27052] folio_alloc_noprof+0x22/0x330 [ 1373.679125][T27052] filemap_alloc_folio_noprof.part.0+0x377/0x450 [ 1373.679143][T27052] ? __pfx_filemap_get_entry+0x10/0x10 [ 1373.679164][T27052] ? filemap_add_folio+0x114/0x690 [ 1373.679187][T27052] ? __pfx_filemap_alloc_folio_noprof.part.0+0x10/0x10 [ 1373.679208][T27052] ? rcu_is_watching+0x12/0xc0 [ 1373.679231][T27052] __filemap_get_folio_mpol+0x6a4/0xe70 [ 1373.679259][T27052] ioctx_alloc+0x7e4/0x21d0 [ 1373.679285][T27052] ? __pfx_ioctx_alloc+0x10/0x10 [ 1373.679307][T27052] __x64_sys_io_setup+0xc9/0x220 [ 1373.679325][T27052] do_syscall_64+0x106/0xf80 [ 1373.679348][T27052] ? clear_bhb_loop+0x40/0x90 [ 1373.679367][T27052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1373.679382][T27052] RIP: 0033:0x7ff103f9c799 [ 1373.679396][T27052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1373.679411][T27052] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1373.679427][T27052] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1373.679438][T27052] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 1373.679448][T27052] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1373.679458][T27052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1373.679468][T27052] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1373.679488][T27052] [ 1374.613811][T27059] sg_write: data in/out 4060/39 bytes for SCSI command 0x0-- guessing data in; [ 1374.613811][T27059] program syz.4.20771 not setting count and/or reply_len properly [ 1377.311426][T27194] sd 0:0:1:0: PR command failed: 1026 [ 1377.389579][T27194] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1377.396292][T27194] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1378.041065][T27204] zswap: compressor not available [ 1380.734049][T27315] FAULT_INJECTION: forcing a failure. [ 1380.734049][T27315] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.852559][T27315] CPU: 0 UID: 0 PID: 27315 Comm: syz.2.20812 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1380.852598][T27315] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1380.852608][T27315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1380.852618][T27315] Call Trace: [ 1380.852623][T27315] [ 1380.852630][T27315] dump_stack_lvl+0x100/0x190 [ 1380.852658][T27315] should_fail_ex.cold+0x5/0xa [ 1380.852677][T27315] should_failslab+0xc2/0x120 [ 1380.852693][T27315] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1380.852713][T27315] ? snd_seq_oss_writeq_new+0xb5/0x2b0 [ 1380.852743][T27315] snd_seq_oss_writeq_new+0xb5/0x2b0 [ 1380.852764][T27315] ? __pfx_snd_seq_oss_writeq_new+0x10/0x10 [ 1380.852792][T27315] ? __raw_spin_lock_init+0x3a/0x110 [ 1380.852818][T27315] snd_seq_oss_open+0x7bc/0xa10 [ 1380.852837][T27315] odev_open+0x79/0xc0 [ 1380.852850][T27315] ? __pfx_odev_open+0x10/0x10 [ 1380.852864][T27315] soundcore_open+0x2e3/0x5a0 [ 1380.852882][T27315] ? __pfx_soundcore_open+0x10/0x10 [ 1380.852897][T27315] chrdev_open+0x234/0x6a0 [ 1380.852912][T27315] ? __pfx_apparmor_file_open+0x10/0x10 [ 1380.852930][T27315] ? __pfx_chrdev_open+0x10/0x10 [ 1380.852947][T27315] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1380.852974][T27315] do_dentry_open+0x6d8/0x1660 [ 1380.852990][T27315] ? __pfx_chrdev_open+0x10/0x10 [ 1380.853010][T27315] vfs_open+0x82/0x3f0 [ 1380.853031][T27315] path_openat+0x208c/0x31a0 [ 1380.853055][T27315] ? __pfx_path_openat+0x10/0x10 [ 1380.853077][T27315] do_file_open+0x20e/0x430 [ 1380.853095][T27315] ? __pfx_do_file_open+0x10/0x10 [ 1380.853124][T27315] ? alloc_fd+0x476/0x790 [ 1380.853141][T27315] ? do_getname+0x191/0x390 [ 1380.853161][T27315] do_sys_openat2+0x10d/0x1e0 [ 1380.853180][T27315] ? __pfx_do_sys_openat2+0x10/0x10 [ 1380.853200][T27315] ? __fget_files+0x21f/0x3d0 [ 1380.853218][T27315] __x64_sys_openat+0x12d/0x210 [ 1380.853238][T27315] ? __pfx___x64_sys_openat+0x10/0x10 [ 1380.853265][T27315] do_syscall_64+0x106/0xf80 [ 1380.853286][T27315] ? clear_bhb_loop+0x40/0x90 [ 1380.853306][T27315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.853322][T27315] RIP: 0033:0x7ff103f9c799 [ 1380.853336][T27315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1380.853350][T27315] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1380.853366][T27315] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1380.853376][T27315] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1380.853385][T27315] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1380.853395][T27315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1380.853405][T27315] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1380.853425][T27315] [ 1383.343321][T27353] netlink: zone id is out of range [ 1383.371093][T27353] netlink: zone id is out of range [ 1383.416100][T27353] netlink: zone id is out of range [ 1383.472135][T27354] netlink: zone id is out of range [ 1383.534873][T27354] netlink: zone id is out of range [ 1383.594912][T27353] netlink: set zone limit has 8 unknown bytes [ 1383.654061][T27354] netlink: zone id is out of range [ 1383.681822][T27354] netlink: zone id is out of range [ 1383.748315][T27354] netlink: zone id is out of range [ 1383.781695][T27354] netlink: zone id is out of range [ 1384.289106][T27366] random: crng reseeded on system resumption [ 1385.409306][T27391] zswap: compressor not available [ 1385.898550][T27417] random: crng reseeded on system resumption [ 1386.654344][T27466] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1387.218139][T27499] netlink: 342 bytes leftover after parsing attributes in process `syz.3.20857'. [ 1387.377305][T27502] FAULT_INJECTION: forcing a failure. [ 1387.377305][T27502] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.489589][T27502] CPU: 0 UID: 0 PID: 27502 Comm: syz.2.20858 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1387.489628][T27502] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1387.489637][T27502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1387.489647][T27502] Call Trace: [ 1387.489653][T27502] [ 1387.489660][T27502] dump_stack_lvl+0x100/0x190 [ 1387.489688][T27502] should_fail_ex.cold+0x5/0xa [ 1387.489706][T27502] ? tomoyo_encode2+0xfb/0x3c0 [ 1387.489726][T27502] should_failslab+0xc2/0x120 [ 1387.489743][T27502] __kmalloc_noprof+0xe0/0x850 [ 1387.489764][T27502] ? d_absolute_path+0x136/0x1b0 [ 1387.489788][T27502] tomoyo_encode2+0xfb/0x3c0 [ 1387.489811][T27502] tomoyo_encode+0x29/0x50 [ 1387.489829][T27502] tomoyo_realpath_from_path+0x18c/0x690 [ 1387.489853][T27502] tomoyo_check_open_permission+0x2af/0x3c0 [ 1387.489871][T27502] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1387.489907][T27502] ? do_raw_spin_lock+0x128/0x260 [ 1387.489929][T27502] ? path_get+0x61/0x80 [ 1387.489948][T27502] tomoyo_file_open+0x6b/0x90 [ 1387.489970][T27502] security_file_open+0xb5/0x1e0 [ 1387.489989][T27502] do_dentry_open+0x5aa/0x1660 [ 1387.490006][T27502] ? security_inode_permission+0xbf/0x250 [ 1387.490026][T27502] vfs_open+0x82/0x3f0 [ 1387.490046][T27502] path_openat+0x208c/0x31a0 [ 1387.490068][T27502] ? __pfx_path_openat+0x10/0x10 [ 1387.490091][T27502] do_file_open+0x20e/0x430 [ 1387.490108][T27502] ? __pfx_do_file_open+0x10/0x10 [ 1387.490137][T27502] ? alloc_fd+0x476/0x790 [ 1387.490154][T27502] ? do_getname+0x191/0x390 [ 1387.490174][T27502] do_sys_openat2+0x10d/0x1e0 [ 1387.490193][T27502] ? __pfx_do_sys_openat2+0x10/0x10 [ 1387.490214][T27502] ? __fget_files+0x21f/0x3d0 [ 1387.490232][T27502] __x64_sys_openat+0x12d/0x210 [ 1387.490251][T27502] ? __pfx___x64_sys_openat+0x10/0x10 [ 1387.490278][T27502] do_syscall_64+0x106/0xf80 [ 1387.490322][T27502] ? clear_bhb_loop+0x40/0x90 [ 1387.490341][T27502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1387.490356][T27502] RIP: 0033:0x7ff103f9c799 [ 1387.490370][T27502] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1387.490385][T27502] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1387.490401][T27502] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1387.490412][T27502] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1387.490422][T27502] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1387.490431][T27502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1387.490441][T27502] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1387.490462][T27502] [ 1387.490479][T27502] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1388.344154][T27519] netlink: 326 bytes leftover after parsing attributes in process `syz.3.20864'. [ 1388.736180][T27531] device-mapper: ioctl: device name cannot contain '/' [ 1388.863684][T27534] block nbd8: shutting down sockets [ 1392.405402][T27692] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input83 [ 1393.001047][T27707] input: jJǼ-9%vlQ J86 as /devices/virtual/input/input84 [ 1393.941068][T27751] netlink: 330 bytes leftover after parsing attributes in process `syz.3.20901'. [ 1396.921887][T27831] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20919'. [ 1397.105088][T27833] netlink: 342 bytes leftover after parsing attributes in process `syz.0.20920'. [ 1398.296964][T27862] netlink: 302 bytes leftover after parsing attributes in process `syz.3.20931'. [ 1398.516555][T27866] synth uevent: /module/drm_display_helper: unknown uevent action string [ 1401.508941][T27906] FAULT_INJECTION: forcing a failure. [ 1401.508941][T27906] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1401.584679][T27906] CPU: 0 UID: 0 PID: 27906 Comm: syz.0.20946 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1401.584717][T27906] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1401.584727][T27906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1401.584737][T27906] Call Trace: [ 1401.584743][T27906] [ 1401.584749][T27906] dump_stack_lvl+0x100/0x190 [ 1401.584778][T27906] should_fail_ex.cold+0x5/0xa [ 1401.584793][T27906] ? prepare_alloc_pages+0x16d/0x5f0 [ 1401.584812][T27906] should_fail_alloc_page+0xeb/0x140 [ 1401.584829][T27906] prepare_alloc_pages+0x1f0/0x5f0 [ 1401.584849][T27906] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1401.584874][T27906] ? rcu_is_watching+0x12/0xc0 [ 1401.584896][T27906] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1401.584913][T27906] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1401.584938][T27906] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1401.584960][T27906] ? stack_trace_save+0x8e/0xc0 [ 1401.584976][T27906] ? stack_depot_save_flags+0x27/0x9d0 [ 1401.584996][T27906] ? is_bpf_text_address+0x8a/0x1a0 [ 1401.585019][T27906] ? is_bpf_text_address+0x8a/0x1a0 [ 1401.585043][T27906] ? kasan_save_stack+0x3f/0x50 [ 1401.585065][T27906] ? kasan_save_track+0x14/0x30 [ 1401.585096][T27906] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1401.585119][T27906] ? alloc_vmap_area+0x640/0x2bd0 [ 1401.585134][T27906] ? __get_vm_area_node+0x1ca/0x330 [ 1401.585150][T27906] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 1401.585168][T27906] ? __kvmalloc_node_noprof+0x3de/0xa00 [ 1401.585189][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1401.585211][T27906] ? do_syscall_64+0x106/0xf80 [ 1401.585232][T27906] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1401.585253][T27906] alloc_pages_bulk_noprof+0x782/0x1490 [ 1401.585282][T27906] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1401.585312][T27906] ? alloc_pages_noprof+0x233/0x390 [ 1401.585330][T27906] __kasan_populate_vmalloc+0xf0/0x210 [ 1401.585356][T27906] alloc_vmap_area+0x95d/0x2bd0 [ 1401.585379][T27906] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1401.585399][T27906] __get_vm_area_node+0x1ca/0x330 [ 1401.585420][T27906] __vmalloc_node_range_noprof+0x213/0x1530 [ 1401.585438][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1401.585464][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1401.585491][T27906] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1401.585513][T27906] ? rcu_is_watching+0x12/0xc0 [ 1401.585539][T27906] __kvmalloc_node_noprof+0x3de/0xa00 [ 1401.585561][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1401.585582][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1401.585602][T27906] ? _copy_from_user+0x59/0xd0 [ 1401.585620][T27906] ? copy_mnt_id_req+0x1b1/0x350 [ 1401.585641][T27906] __do_sys_listmount+0x289/0xee0 [ 1401.585663][T27906] ? __pfx_do_futex+0x10/0x10 [ 1401.585683][T27906] ? __fget_files+0x21f/0x3d0 [ 1401.585698][T27906] ? __pfx___do_sys_listmount+0x10/0x10 [ 1401.585732][T27906] do_syscall_64+0x106/0xf80 [ 1401.585752][T27906] ? clear_bhb_loop+0x40/0x90 [ 1401.585770][T27906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1401.585785][T27906] RIP: 0033:0x7f9da399c799 [ 1401.585799][T27906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1401.585814][T27906] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1401.585830][T27906] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1401.585841][T27906] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000000 [ 1401.585851][T27906] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1401.585860][T27906] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1401.585869][T27906] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1401.585890][T27906] [ 1401.591057][T27906] syz.0.20946: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1403.389926][T27906] CPU: 0 UID: 0 PID: 27906 Comm: syz.0.20946 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1403.389962][T27906] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1403.389972][T27906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1403.389981][T27906] Call Trace: [ 1403.389987][T27906] [ 1403.389993][T27906] dump_stack_lvl+0x100/0x190 [ 1403.390019][T27906] warn_alloc.cold+0x95/0x1c1 [ 1403.390044][T27906] ? __pfx_warn_alloc+0x10/0x10 [ 1403.390065][T27906] ? lockdep_hardirqs_on+0x78/0x100 [ 1403.390089][T27906] ? __get_vm_area_node+0x2c5/0x330 [ 1403.390110][T27906] ? __get_vm_area_node+0x208/0x330 [ 1403.390129][T27906] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 1403.390153][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1403.390181][T27906] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1403.390203][T27906] ? rcu_is_watching+0x12/0xc0 [ 1403.390228][T27906] __kvmalloc_node_noprof+0x3de/0xa00 [ 1403.390251][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1403.390272][T27906] ? __do_sys_listmount+0x289/0xee0 [ 1403.390292][T27906] ? _copy_from_user+0x59/0xd0 [ 1403.390310][T27906] ? copy_mnt_id_req+0x1b1/0x350 [ 1403.390331][T27906] __do_sys_listmount+0x289/0xee0 [ 1403.390352][T27906] ? __pfx_do_futex+0x10/0x10 [ 1403.390373][T27906] ? __fget_files+0x21f/0x3d0 [ 1403.390388][T27906] ? __pfx___do_sys_listmount+0x10/0x10 [ 1403.390421][T27906] do_syscall_64+0x106/0xf80 [ 1403.390443][T27906] ? clear_bhb_loop+0x40/0x90 [ 1403.390461][T27906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1403.390476][T27906] RIP: 0033:0x7f9da399c799 [ 1403.390489][T27906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1403.390504][T27906] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1403.390519][T27906] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1403.390529][T27906] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000000 [ 1403.390539][T27906] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1403.390548][T27906] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1403.390557][T27906] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1403.390577][T27906] [ 1403.390583][T27906] Mem-Info: [ 1403.713160][T27929] bond0: option all_slaves_active: invalid value (7) [ 1403.874903][T27934] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1404.642914][T27906] active_anon:21452 inactive_anon:21 isolated_anon:0 [ 1404.642914][T27906] active_file:14935 inactive_file:40311 isolated_file:0 [ 1404.642914][T27906] unevictable:768 dirty:8 writeback:39 [ 1404.642914][T27906] slab_reclaimable:16064 slab_unreclaimable:96414 [ 1404.642914][T27906] mapped:24012 shmem:1380 pagetables:1725 [ 1404.642914][T27906] sec_pagetables:0 bounce:0 [ 1404.642914][T27906] kernel_misc_reclaimable:0 [ 1404.642914][T27906] free:1297674 free_pcp:14171 free_cma:0 [ 1404.951669][T27906] Node 0 active_anon:90584kB inactive_anon:240kB active_file:59740kB inactive_file:161112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98676kB dirty:32kB writeback:0kB shmem:7964kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:61440kB kernel_stack:11424kB pagetables:6720kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1405.147937][T27906] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:180kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1405.355208][T27906] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1405.552391][T27906] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 1405.579903][T27906] Node 0 DMA32 free:1251544kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:99116kB inactive_anon:216kB active_file:59740kB inactive_file:161112kB unevictable:1536kB writepending:64kB zspages:0kB present:3129332kB managed:2537364kB mlocked:0kB bounce:0kB free_pcp:22368kB local_pcp:22368kB free_cma:0kB [ 1405.803730][T27906] lowmem_reserve[]: 0 0 1 1 1 [ 1405.829099][T27906] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 1405.984336][T27906] lowmem_reserve[]: 0 0 0 0 0 [ 1406.011691][T27906] Node 1 Normal free:3926244kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15112kB local_pcp:15112kB free_cma:0kB [ 1406.194827][T27906] lowmem_reserve[]: 0 0 0 0 0 [ 1406.226262][T27906] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1406.338271][T27906] Node 0 DMA32: 5858*4kB (UME) 5288*8kB (UME) 3585*16kB (UME) 1460*32kB (UME) 826*64kB (UME) 843*128kB (UME) 649*256kB (UME) 429*512kB (UME) 280*1024kB (UME) 29*2048kB (UM) 42*4096kB (UM) = 1234520kB [ 1406.440644][T27906] Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 1406.562473][T27906] Node 1 Normal: 9*4kB (UM) 14*8kB (UM) 9*16kB (UM) 11*32kB (UM) 12*64kB (UM) 5*128kB (UM) 5*256kB (UM) 4*512kB (UM) 3*1024kB (M) 3*2048kB (UM) 955*4096kB (UM) = 3926276kB [ 1406.695907][T27906] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1406.760726][T27906] Node 0 hugepages_total=6 hugepages_free=5 hugepages_surp=0 hugepages_size=2048kB [ 1406.825187][T27906] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1406.883913][T27906] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1406.945072][T27906] 56672 total pagecache pages [ 1406.986792][T27906] 56 pages in swap cache [ 1407.021043][T27906] Free swap = 106620kB [ 1407.046527][T27906] Total swap = 124996kB [ 1407.084583][T27906] 2097051 pages RAM [ 1407.109692][T27906] 0 pages HighMem/MovableOnly [ 1407.136740][T27906] 430830 pages reserved [ 1407.166250][T27906] 0 pages cma reserved [ 1409.164746][T28064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20992'. [ 1409.174558][T28065] netlink: 342 bytes leftover after parsing attributes in process `syz.4.20991'. [ 1409.221224][T28064] netlink: 'syz.3.20992': attribute type 7 has an invalid length. [ 1410.169313][T28104] FAULT_INJECTION: forcing a failure. [ 1410.169313][T28104] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.281830][T28104] CPU: 0 UID: 0 PID: 28104 Comm: syz.2.20998 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1410.281867][T28104] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1410.281878][T28104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1410.281888][T28104] Call Trace: [ 1410.281894][T28104] [ 1410.281901][T28104] dump_stack_lvl+0x100/0x190 [ 1410.281928][T28104] should_fail_ex.cold+0x5/0xa [ 1410.281947][T28104] should_failslab+0xc2/0x120 [ 1410.281964][T28104] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1410.281984][T28104] ? snd_seq_prioq_new+0x3f/0x110 [ 1410.282005][T28104] ? lockdep_init_map_type+0x5c/0x250 [ 1410.282028][T28104] snd_seq_prioq_new+0x3f/0x110 [ 1410.282049][T28104] snd_seq_queue_alloc+0x153/0x590 [ 1410.282070][T28104] snd_seq_ioctl_create_queue+0xa9/0x370 [ 1410.282095][T28104] call_seq_client_ctl+0xa3/0x130 [ 1410.282120][T28104] snd_seq_kernel_client_ctl+0x77/0xd0 [ 1410.282136][T28104] alloc_seq_queue+0xdb/0x180 [ 1410.282161][T28104] ? __pfx_alloc_seq_queue+0x10/0x10 [ 1410.282195][T28104] ? mark_held_locks+0x40/0x70 [ 1410.282224][T28104] ? _raw_spin_unlock_irq+0x23/0x50 [ 1410.282246][T28104] ? lockdep_hardirqs_on+0x78/0x100 [ 1410.282270][T28104] snd_seq_oss_open+0x2b2/0xa10 [ 1410.282290][T28104] odev_open+0x79/0xc0 [ 1410.282304][T28104] ? __pfx_odev_open+0x10/0x10 [ 1410.282318][T28104] soundcore_open+0x2e3/0x5a0 [ 1410.282335][T28104] ? __pfx_soundcore_open+0x10/0x10 [ 1410.282350][T28104] chrdev_open+0x234/0x6a0 [ 1410.282365][T28104] ? __pfx_apparmor_file_open+0x10/0x10 [ 1410.282381][T28104] ? __pfx_chrdev_open+0x10/0x10 [ 1410.282398][T28104] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1410.282418][T28104] do_dentry_open+0x6d8/0x1660 [ 1410.282433][T28104] ? __pfx_chrdev_open+0x10/0x10 [ 1410.282453][T28104] vfs_open+0x82/0x3f0 [ 1410.282473][T28104] path_openat+0x208c/0x31a0 [ 1410.282495][T28104] ? __pfx_path_openat+0x10/0x10 [ 1410.282518][T28104] do_file_open+0x20e/0x430 [ 1410.282535][T28104] ? __pfx_do_file_open+0x10/0x10 [ 1410.282564][T28104] ? alloc_fd+0x476/0x790 [ 1410.282581][T28104] ? do_getname+0x191/0x390 [ 1410.282601][T28104] do_sys_openat2+0x10d/0x1e0 [ 1410.282620][T28104] ? __pfx_do_sys_openat2+0x10/0x10 [ 1410.282641][T28104] ? find_held_lock+0x2b/0x80 [ 1410.282660][T28104] __x64_sys_openat+0x12d/0x210 [ 1410.282680][T28104] ? __pfx___x64_sys_openat+0x10/0x10 [ 1410.282707][T28104] do_syscall_64+0x106/0xf80 [ 1410.282727][T28104] ? clear_bhb_loop+0x40/0x90 [ 1410.282746][T28104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1410.282761][T28104] RIP: 0033:0x7ff103f9c799 [ 1410.282775][T28104] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1410.282790][T28104] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1410.282805][T28104] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1410.282816][T28104] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1410.282827][T28104] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1410.282836][T28104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1410.282845][T28104] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1410.282865][T28104] [ 1412.292302][T28131] netlink: 'syz.4.21008': attribute type 16 has an invalid length. [ 1412.349204][T28131] netlink: 306 bytes leftover after parsing attributes in process `syz.4.21008'. [ 1412.443550][T28134] FAULT_INJECTION: forcing a failure. [ 1412.443550][T28134] name failslab, interval 1, probability 0, space 0, times 0 [ 1412.547154][T28134] CPU: 0 UID: 0 PID: 28134 Comm: syz.0.21010 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1412.547192][T28134] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1412.547202][T28134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1412.547211][T28134] Call Trace: [ 1412.547217][T28134] [ 1412.547224][T28134] dump_stack_lvl+0x100/0x190 [ 1412.547252][T28134] should_fail_ex.cold+0x5/0xa [ 1412.547271][T28134] should_failslab+0xc2/0x120 [ 1412.547288][T28134] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1412.547310][T28134] ? security_inode_alloc+0x3b/0x2c0 [ 1412.547327][T28134] ? lockdep_init_map_type+0x5c/0x250 [ 1412.547349][T28134] security_inode_alloc+0x3b/0x2c0 [ 1412.547366][T28134] inode_init_always_gfp+0xced/0x1040 [ 1412.547385][T28134] alloc_inode+0x8e/0x250 [ 1412.547404][T28134] path_from_stashed+0x25b/0x750 [ 1412.547425][T28134] ns_get_path+0x60/0x80 [ 1412.547441][T28134] proc_ns_get_link+0x121/0x230 [ 1412.547462][T28134] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1412.547484][T28134] ? atime_needs_update+0x8b/0x6b0 [ 1412.547506][T28134] pick_link+0xd17/0x13c0 [ 1412.547527][T28134] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1412.547549][T28134] step_into_slowpath+0x9ba/0xf90 [ 1412.547575][T28134] ? __pfx_step_into_slowpath+0x10/0x10 [ 1412.547596][T28134] ? find_held_lock+0x2b/0x80 [ 1412.547616][T28134] path_openat+0xf95/0x31a0 [ 1412.547637][T28134] ? __pfx_path_openat+0x10/0x10 [ 1412.547659][T28134] do_file_open+0x20e/0x430 [ 1412.547676][T28134] ? __pfx_do_file_open+0x10/0x10 [ 1412.547704][T28134] ? alloc_fd+0x476/0x790 [ 1412.547720][T28134] ? do_getname+0x191/0x390 [ 1412.547740][T28134] do_sys_openat2+0x10d/0x1e0 [ 1412.547759][T28134] ? __pfx_do_sys_openat2+0x10/0x10 [ 1412.547785][T28134] __x64_sys_openat+0x12d/0x210 [ 1412.547805][T28134] ? __pfx___x64_sys_openat+0x10/0x10 [ 1412.547827][T28134] ? do_user_addr_fault+0x8d6/0x12f0 [ 1412.547854][T28134] do_syscall_64+0x106/0xf80 [ 1412.547875][T28134] ? clear_bhb_loop+0x40/0x90 [ 1412.547901][T28134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1412.547918][T28134] RIP: 0033:0x7f9da395cfce [ 1412.547933][T28134] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1412.547948][T28134] RSP: 002b:00007f9da47f7ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1412.547963][T28134] RAX: ffffffffffffffda RBX: 00007f9da47f86c0 RCX: 00007f9da395cfce [ 1412.547974][T28134] RDX: 0000000000000002 RSI: 00007f9da47f7f90 RDI: ffffffffffffff9c [ 1412.547984][T28134] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1412.547994][T28134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1412.548003][T28134] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1412.548023][T28134] [ 1415.386956][T28208] netlink: 330 bytes leftover after parsing attributes in process `syz.2.21028'. [ 1415.682403][T28227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21030'. [ 1416.578777][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1416.586036][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1416.623411][T28256] netlink: 'syz.4.21036': attribute type 4 has an invalid length. [ 1416.692604][T28256] netlink: 'syz.4.21036': attribute type 4 has an invalid length. [ 1416.782069][T28258] netlink: 'syz.3.21037': attribute type 1 has an invalid length. [ 1416.907017][T28258] netlink: 318 bytes leftover after parsing attributes in process `syz.3.21037'. [ 1419.433261][T28304] netlink: 146 bytes leftover after parsing attributes in process `syz.4.21052'. [ 1420.047987][T28316] netlink: 334 bytes leftover after parsing attributes in process `syz.0.21057'. [ 1423.620585][T28405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78002 [ 1423.664662][T28411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21086'. [ 1423.700174][T28405] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1423.731890][T28411] netlink: 13 bytes leftover after parsing attributes in process `syz.2.21086'. [ 1423.761201][T28405] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1423.798473][T28411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21086'. [ 1423.826821][T28405] page_type: f5(slab) [ 1423.832109][T28405] raw: 00fff00000000040 ffff88813fe54c80 dead000000000100 dead000000000122 [ 1423.906902][T28405] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1423.957083][T28405] head: 00fff00000000040 ffff88813fe54c80 dead000000000100 dead000000000122 [ 1424.016310][T28405] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1424.067527][T28417] netlink: 342 bytes leftover after parsing attributes in process `syz.2.21089'. [ 1424.088827][T28405] head: 00fff00000000001 ffffea0001e00081 00000000ffffffff 00000000ffffffff [ 1424.126581][T28419] netlink: 322 bytes leftover after parsing attributes in process `syz.0.21087'. [ 1424.145346][T28405] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1424.201902][T28405] page dumped because: unmovable page [ 1424.230356][T28405] page_owner tracks the page as allocated [ 1424.297392][T28405] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5278, tgid 5278 (v4l_id), ts 35904978823, free_ts 24439291888 [ 1424.399118][T28423] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21090'. [ 1424.426864][T28405] post_alloc_hook+0x153/0x170 [ 1424.456359][T28405] get_page_from_freelist+0x111d/0x3140 [ 1424.461925][T28405] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1424.513851][T28405] new_slab+0xa6/0x6b0 [ 1424.537690][T28405] refill_objects+0x26b/0x400 [ 1424.564652][T28405] __prefill_sheaf_pfmemalloc+0x5f/0xb0 [ 1424.602059][T28405] kmem_cache_prefill_sheaf+0x1ba/0x4c0 [ 1424.627053][T28405] mas_alloc_nodes+0x2c3/0x390 [ 1424.652174][T28405] mas_preallocate+0x39c/0xf10 [ 1424.678961][T28405] __mmap_region+0x12b5/0x29e0 [ 1424.709144][T28405] mmap_region+0x180/0x3e0 [ 1424.735549][T28405] do_mmap+0xc63/0x12f0 [ 1424.764467][T28405] vm_mmap_pgoff+0x29e/0x470 [ 1424.792129][T28405] ksys_mmap_pgoff+0x3c8/0x650 [ 1424.822924][T28405] __x64_sys_mmap+0x125/0x190 [ 1424.849166][T28405] do_syscall_64+0x106/0xf80 [ 1424.876019][T28405] page last free pid 1 tgid 1 stack trace: [ 1424.908006][T28405] __free_frozen_pages+0x7e1/0x10d0 [ 1424.937956][T28405] free_contig_range+0xde/0x1d0 [ 1424.963347][T28405] destroy_args+0xa8/0x7a0 [ 1424.988987][T28405] debug_vm_pgtable+0x1b66/0x34c0 [ 1425.029579][T28405] do_one_initcall+0x11d/0x760 [ 1425.062902][T28405] kernel_init_freeable+0x6e5/0x7a0 [ 1425.095457][T28405] kernel_init+0x1f/0x1e0 [ 1425.129677][T28405] ret_from_fork+0x754/0xd80 [ 1425.159891][T28405] ret_from_fork_asm+0x1a/0x30 [ 1425.214742][T28423] hsr_slave_0: left promiscuous mode [ 1425.325652][T28423] hsr_slave_1: left promiscuous mode [ 1426.414764][T28454] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21101'. [ 1428.315385][T28516] netlink: 'syz.4.21116': attribute type 14 has an invalid length. [ 1428.373483][T28516] netlink: 330 bytes leftover after parsing attributes in process `syz.4.21116'. [ 1429.633515][T28547] netlink: 'syz.0.21128': attribute type 4 has an invalid length. [ 1431.353553][T28602] netlink: 'syz.2.21139': attribute type 27 has an invalid length. [ 1431.467058][T28602] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21139'. [ 1431.895386][T28617] FAULT_INJECTION: forcing a failure. [ 1431.895386][T28617] name failslab, interval 1, probability 0, space 0, times 0 [ 1431.895430][T28617] CPU: 0 UID: 0 PID: 28617 Comm: syz.2.21141 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1431.895462][T28617] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1431.895473][T28617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1431.895482][T28617] Call Trace: [ 1431.895488][T28617] [ 1431.895494][T28617] dump_stack_lvl+0x100/0x190 [ 1431.895521][T28617] should_fail_ex.cold+0x5/0xa [ 1431.895540][T28617] should_failslab+0xc2/0x120 [ 1431.895557][T28617] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1431.895577][T28617] ? vc_allocate+0x1a6/0x880 [ 1431.895697][T28617] vc_allocate+0x1a6/0x880 [ 1431.895720][T28617] ? __pfx_vc_allocate+0x10/0x10 [ 1431.895746][T28617] con_install+0xa1/0x620 [ 1431.895768][T28617] ? __pfx_con_install+0x10/0x10 [ 1431.895792][T28617] ? __pfx_con_install+0x10/0x10 [ 1431.895812][T28617] tty_init_dev.part.0+0x9e/0x470 [ 1431.895904][T28617] tty_open+0xa63/0xfa0 [ 1431.895929][T28617] ? __pfx_tty_open+0x10/0x10 [ 1431.895951][T28617] ? chrdev_open+0x589/0x6a0 [ 1431.895967][T28617] ? chrdev_open+0x589/0x6a0 [ 1431.895985][T28617] ? __pfx_tty_open+0x10/0x10 [ 1431.896006][T28617] chrdev_open+0x234/0x6a0 [ 1431.896022][T28617] ? __pfx_chrdev_open+0x10/0x10 [ 1431.896039][T28617] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1431.896068][T28617] do_dentry_open+0x6d8/0x1660 [ 1431.896083][T28617] ? __pfx_chrdev_open+0x10/0x10 [ 1431.896104][T28617] vfs_open+0x82/0x3f0 [ 1431.896126][T28617] path_openat+0x208c/0x31a0 [ 1431.896149][T28617] ? __pfx_path_openat+0x10/0x10 [ 1431.896172][T28617] do_file_open+0x20e/0x430 [ 1431.896189][T28617] ? __pfx_do_file_open+0x10/0x10 [ 1431.896218][T28617] ? alloc_fd+0x476/0x790 [ 1431.896236][T28617] ? do_getname+0x191/0x390 [ 1431.896256][T28617] do_sys_openat2+0x10d/0x1e0 [ 1431.896275][T28617] ? __pfx_do_sys_openat2+0x10/0x10 [ 1431.896296][T28617] ? __fget_files+0x21f/0x3d0 [ 1431.896315][T28617] __x64_sys_openat+0x12d/0x210 [ 1431.896335][T28617] ? __pfx___x64_sys_openat+0x10/0x10 [ 1431.896363][T28617] do_syscall_64+0x106/0xf80 [ 1431.896384][T28617] ? clear_bhb_loop+0x40/0x90 [ 1431.896404][T28617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1431.896420][T28617] RIP: 0033:0x7ff103f9c799 [ 1431.896434][T28617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1431.896450][T28617] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1431.896466][T28617] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1431.896478][T28617] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1431.896488][T28617] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1431.896498][T28617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1431.896508][T28617] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1431.896529][T28617] [ 1434.641170][T28678] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21152'. [ 1434.815075][T28682] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21154'. [ 1435.676918][T28707] FAULT_INJECTION: forcing a failure. [ 1435.676918][T28707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1435.740241][T28707] CPU: 0 UID: 0 PID: 28707 Comm: syz.0.21163 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1435.740278][T28707] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1435.740287][T28707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1435.740297][T28707] Call Trace: [ 1435.740303][T28707] [ 1435.740309][T28707] dump_stack_lvl+0x100/0x190 [ 1435.740337][T28707] should_fail_ex.cold+0x5/0xa [ 1435.740355][T28707] _copy_from_user+0x2e/0xd0 [ 1435.740374][T28707] restore_altstack+0x98/0x170 [ 1435.740395][T28707] ? __pfx_restore_altstack+0x10/0x10 [ 1435.740415][T28707] ? _raw_spin_unlock_irq+0x23/0x50 [ 1435.740435][T28707] ? lockdep_hardirqs_on+0x78/0x100 [ 1435.740456][T28707] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1435.740476][T28707] __do_sys_rt_sigreturn+0x1ab/0x2c0 [ 1435.740496][T28707] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 1435.740520][T28707] do_syscall_64+0x106/0xf80 [ 1435.740541][T28707] ? clear_bhb_loop+0x40/0x90 [ 1435.740562][T28707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.740577][T28707] RIP: 0033:0x7f9da393db19 [ 1435.740591][T28707] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25 [ 1435.740605][T28707] RSP: 002b:00007f9da47f7a80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 1435.740620][T28707] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da393db19 [ 1435.740631][T28707] RDX: 00007f9da47f7a80 RSI: 00007f9da47f7bb0 RDI: 0000000000000011 [ 1435.740640][T28707] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1435.740649][T28707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1435.740658][T28707] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1435.740685][T28707] [ 1435.955140][T28709] netlink: 334 bytes leftover after parsing attributes in process `syz.4.21164'. [ 1436.758741][T28750] FAULT_INJECTION: forcing a failure. [ 1436.758741][T28750] name failslab, interval 1, probability 0, space 0, times 0 [ 1436.869515][T28750] CPU: 0 UID: 0 PID: 28750 Comm: syz.2.21172 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1436.869575][T28750] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1436.869585][T28750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1436.869595][T28750] Call Trace: [ 1436.869601][T28750] [ 1436.869608][T28750] dump_stack_lvl+0x100/0x190 [ 1436.869635][T28750] should_fail_ex.cold+0x5/0xa [ 1436.869657][T28750] should_failslab+0xc2/0x120 [ 1436.869675][T28750] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1436.869695][T28750] ? __request_module+0x2b7/0x6c0 [ 1436.869715][T28750] ? lockdep_hardirqs_on+0x78/0x100 [ 1436.869740][T28750] __request_module+0x2b7/0x6c0 [ 1436.869760][T28750] ? __pfx___request_module+0x10/0x10 [ 1436.869785][T28750] ? __get_fs_type+0x12c/0x170 [ 1436.869803][T28750] ? __get_fs_type+0x12c/0x170 [ 1436.869827][T28750] get_fs_type+0xd7/0x190 [ 1436.869845][T28750] __x64_sys_fsopen+0xca/0x220 [ 1436.869865][T28750] do_syscall_64+0x106/0xf80 [ 1436.869885][T28750] ? clear_bhb_loop+0x40/0x90 [ 1436.869903][T28750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1436.869918][T28750] RIP: 0033:0x7ff103f9c799 [ 1436.869932][T28750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1436.869946][T28750] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 1436.869962][T28750] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1436.869972][T28750] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1436.869981][T28750] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1436.869990][T28750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1436.869999][T28750] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1436.870019][T28750] [ 1437.733080][T28762] netlink: 'syz.2.21177': attribute type 33 has an invalid length. [ 1437.775058][T28762] netlink: 322 bytes leftover after parsing attributes in process `syz.2.21177'. [ 1440.136765][T28805] netlink: 504 bytes leftover after parsing attributes in process `syz.4.21192'. [ 1440.920722][T28811] netlink: 330 bytes leftover after parsing attributes in process `syz.4.21195'. [ 1441.045910][T28813] FAULT_INJECTION: forcing a failure. [ 1441.045910][T28813] name failslab, interval 1, probability 0, space 0, times 0 [ 1441.127717][T28813] CPU: 0 UID: 0 PID: 28813 Comm: syz.0.21196 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1441.127755][T28813] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1441.127765][T28813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1441.127775][T28813] Call Trace: [ 1441.127780][T28813] [ 1441.127787][T28813] dump_stack_lvl+0x100/0x190 [ 1441.127814][T28813] should_fail_ex.cold+0x5/0xa [ 1441.127833][T28813] should_failslab+0xc2/0x120 [ 1441.127849][T28813] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1441.127870][T28813] ? __hw_addr_add_ex+0x352/0x7e0 [ 1441.127886][T28813] ? trace_contention_end+0x140/0x180 [ 1441.127910][T28813] __hw_addr_add_ex+0x352/0x7e0 [ 1441.127924][T28813] ? stack_depot_init+0x38/0x80 [ 1441.127945][T28813] ? __pfx___hw_addr_add_ex+0x10/0x10 [ 1441.127961][T28813] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1441.127989][T28813] dev_addr_init+0x161/0x250 [ 1441.128007][T28813] ? __pfx_dev_addr_init+0x10/0x10 [ 1441.128028][T28813] ? __pfx_ppp_setup+0x10/0x10 [ 1441.128048][T28813] ? __pfx_ppp_setup+0x10/0x10 [ 1441.128064][T28813] alloc_netdev_mqs+0x363/0x14f0 [ 1441.128090][T28813] ppp_ioctl+0x906/0x2800 [ 1441.128111][T28813] ? find_held_lock+0x2b/0x80 [ 1441.128126][T28813] ? __pfx_ppp_ioctl+0x10/0x10 [ 1441.128150][T28813] ? __fget_files+0x21f/0x3d0 [ 1441.128175][T28813] ? __pfx_ppp_ioctl+0x10/0x10 [ 1441.128198][T28813] __x64_sys_ioctl+0x18e/0x210 [ 1441.128222][T28813] do_syscall_64+0x106/0xf80 [ 1441.128244][T28813] ? clear_bhb_loop+0x40/0x90 [ 1441.128262][T28813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1441.128278][T28813] RIP: 0033:0x7f9da399c799 [ 1441.128291][T28813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1441.128307][T28813] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1441.128323][T28813] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1441.128332][T28813] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003 [ 1441.128342][T28813] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1441.128351][T28813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1441.128361][T28813] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1441.128381][T28813] [ 1441.438076][T28817] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21199'. [ 1441.808616][T28823] netlink: 330 bytes leftover after parsing attributes in process `syz.4.21200'. [ 1441.870980][T28818] vivid-009: kernel_thread() failed [ 1442.789868][T28840] ERROR: Out of memory at tomoyo_memory_ok. [ 1443.568269][T28874] netlink: 86 bytes leftover after parsing attributes in process `syz.3.21218'. [ 1445.274032][T28918] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1447.991865][T29013] syz.0.21255 uses obsolete (PF_INET,SOCK_PACKET) [ 1449.678381][T29051] FAULT_INJECTION: forcing a failure. [ 1449.678381][T29051] name failslab, interval 1, probability 0, space 0, times 0 [ 1449.880505][T29051] CPU: 0 UID: 0 PID: 29051 Comm: syz.0.21264 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1449.880543][T29051] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1449.880552][T29051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1449.880562][T29051] Call Trace: [ 1449.880568][T29051] [ 1449.880574][T29051] dump_stack_lvl+0x100/0x190 [ 1449.880607][T29051] should_fail_ex.cold+0x5/0xa [ 1449.880626][T29051] should_failslab+0xc2/0x120 [ 1449.880643][T29051] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1449.880663][T29051] ? snd_rawmidi_open+0x3b3/0xba0 [ 1449.880753][T29051] ? _raw_spin_unlock+0x28/0x50 [ 1449.880774][T29051] ? snd_card_file_add+0x26e/0x340 [ 1449.880794][T29051] snd_rawmidi_open+0x3b3/0xba0 [ 1449.880818][T29051] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1449.880841][T29051] ? soundcore_open+0x231/0x5a0 [ 1449.880855][T29051] ? soundcore_open+0x231/0x5a0 [ 1449.880872][T29051] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 1449.880892][T29051] soundcore_open+0x2e3/0x5a0 [ 1449.880909][T29051] ? __pfx_soundcore_open+0x10/0x10 [ 1449.880927][T29051] chrdev_open+0x234/0x6a0 [ 1449.880942][T29051] ? __pfx_apparmor_file_open+0x10/0x10 [ 1449.880959][T29051] ? __pfx_chrdev_open+0x10/0x10 [ 1449.880975][T29051] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1449.880996][T29051] do_dentry_open+0x6d8/0x1660 [ 1449.881011][T29051] ? __pfx_chrdev_open+0x10/0x10 [ 1449.881032][T29051] vfs_open+0x82/0x3f0 [ 1449.881054][T29051] path_openat+0x208c/0x31a0 [ 1449.881076][T29051] ? __pfx_path_openat+0x10/0x10 [ 1449.881099][T29051] do_file_open+0x20e/0x430 [ 1449.881116][T29051] ? __pfx_do_file_open+0x10/0x10 [ 1449.881145][T29051] ? alloc_fd+0x476/0x790 [ 1449.881162][T29051] ? do_getname+0x191/0x390 [ 1449.881182][T29051] do_sys_openat2+0x10d/0x1e0 [ 1449.881201][T29051] ? __pfx_do_sys_openat2+0x10/0x10 [ 1449.881222][T29051] ? __fget_files+0x21f/0x3d0 [ 1449.881240][T29051] __x64_sys_openat+0x12d/0x210 [ 1449.881260][T29051] ? __pfx___x64_sys_openat+0x10/0x10 [ 1449.881295][T29051] do_syscall_64+0x106/0xf80 [ 1449.881317][T29051] ? clear_bhb_loop+0x40/0x90 [ 1449.881336][T29051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1449.881352][T29051] RIP: 0033:0x7f9da399c799 [ 1449.881366][T29051] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1449.881381][T29051] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1449.881396][T29051] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1449.881407][T29051] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1449.881417][T29051] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1449.881427][T29051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1449.881436][T29051] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1449.881456][T29051] [ 1451.642243][T29098] netlink: 'syz.3.21271': attribute type 4 has an invalid length. [ 1451.697870][T29098] netlink: 314 bytes leftover after parsing attributes in process `syz.3.21271'. [ 1452.091312][T29104] netlink: 'syz.3.21275': attribute type 19 has an invalid length. [ 1452.099219][T29104] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21275'. [ 1452.932193][T29131] netlink: 342 bytes leftover after parsing attributes in process `syz.2.21283'. [ 1453.284962][T29139] netlink: 346 bytes leftover after parsing attributes in process `syz.2.21285'. [ 1454.345154][T29163] FAULT_INJECTION: forcing a failure. [ 1454.345154][T29163] name failslab, interval 1, probability 0, space 0, times 0 [ 1454.561939][T29163] CPU: 0 UID: 0 PID: 29163 Comm: syz.0.21291 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1454.561978][T29163] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1454.561989][T29163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1454.561999][T29163] Call Trace: [ 1454.562005][T29163] [ 1454.562011][T29163] dump_stack_lvl+0x100/0x190 [ 1454.562041][T29163] should_fail_ex.cold+0x5/0xa [ 1454.562061][T29163] ? tomoyo_init_log+0x1224/0x20c0 [ 1454.562082][T29163] should_failslab+0xc2/0x120 [ 1454.562100][T29163] __kmalloc_noprof+0xe0/0x850 [ 1454.562128][T29163] tomoyo_init_log+0x1224/0x20c0 [ 1454.562149][T29163] ? __pfx_stack_trace_save+0x10/0x10 [ 1454.562166][T29163] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1454.562194][T29163] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1454.562218][T29163] tomoyo_write_log2+0x2ed/0xbc0 [ 1454.562241][T29163] tomoyo_supervisor+0x15e/0x1340 [ 1454.562266][T29163] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1454.562299][T29163] ? trace_kmalloc+0x101/0x130 [ 1454.562314][T29163] ? __kasan_kmalloc+0xaa/0xb0 [ 1454.562335][T29163] ? tomoyo_check_path_acl+0x141/0x210 [ 1454.562352][T29163] ? tomoyo_check_acl+0x1f7/0x410 [ 1454.562378][T29163] tomoyo_path_permission+0x270/0x3b0 [ 1454.562397][T29163] tomoyo_path_perm+0x3d6/0x460 [ 1454.562415][T29163] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 1454.562434][T29163] ? do_raw_spin_lock+0x128/0x260 [ 1454.562460][T29163] ? do_raw_spin_unlock+0x145/0x1e0 [ 1454.562491][T29163] ? __pfx_current_check_access_path+0x10/0x10 [ 1454.562512][T29163] ? simple_lookup+0x105/0x1d0 [ 1454.562535][T29163] ? lookup_one_qstr_excl+0xb3/0x250 [ 1454.562557][T29163] tomoyo_path_symlink+0x97/0xe0 [ 1454.562578][T29163] ? __pfx_tomoyo_path_symlink+0x10/0x10 [ 1454.562604][T29163] security_path_symlink+0x152/0x2d0 [ 1454.562621][T29163] filename_symlinkat+0x122/0x560 [ 1454.562642][T29163] ? __pfx_filename_symlinkat+0x10/0x10 [ 1454.562659][T29163] ? strncpy_from_user+0x19d/0x2d0 [ 1454.562679][T29163] ? do_getname+0x191/0x390 [ 1454.562698][T29163] __x64_sys_symlink+0x79/0xb0 [ 1454.562716][T29163] do_syscall_64+0x106/0xf80 [ 1454.562739][T29163] ? clear_bhb_loop+0x40/0x90 [ 1454.562759][T29163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1454.562775][T29163] RIP: 0033:0x7f9da399c799 [ 1454.562789][T29163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1454.562805][T29163] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 1454.562820][T29163] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1454.562831][T29163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1454.562848][T29163] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1454.562858][T29163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1454.562867][T29163] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1454.562889][T29163] [ 1455.639325][T29202] netlink: 326 bytes leftover after parsing attributes in process `syz.2.21295'. [ 1455.822361][T29206] netlink: 28 bytes leftover after parsing attributes in process `syz.2.21296'. [ 1456.812631][T29231] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21301'. [ 1458.533486][T29268] netlink: 342 bytes leftover after parsing attributes in process `syz.0.21313'. [ 1459.298624][T29298] netlink: 302 bytes leftover after parsing attributes in process `syz.3.21319'. [ 1459.518908][T29306] futex_wake_op: syz.0.21320 tries to shift op by -2048; fix this program [ 1459.581330][T29306] futex_wake_op: syz.0.21320 tries to shift op by -2048; fix this program [ 1459.879659][T29312] ERROR: Out of memory at tomoyo_memory_ok. [ 1460.198091][T29322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1460.363864][T29328] netlink: 146 bytes leftover after parsing attributes in process `syz.2.21329'. [ 1460.487914][T29332] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1462.070061][T29363] mkiss: ax0: crc mode is auto. [ 1462.583583][T29380] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21346'. [ 1462.878171][T29383] netlink: 4 bytes leftover after parsing attributes in process `syz.4.21348'. [ 1463.194417][T29386] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21349'. [ 1464.031818][T29408] process 'syz.4.21358' launched '/dev/fd/3' with NULL argv: empty string added [ 1464.308664][T29414] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21361'. [ 1465.659705][T29437] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21370'. [ 1467.135344][T29467] netlink: 342 bytes leftover after parsing attributes in process `syz.3.21379'. [ 1467.840713][T29481] netlink: 334 bytes leftover after parsing attributes in process `syz.4.21384'. [ 1468.823346][T29497] zswap: compressor not available [ 1469.266103][T29517] kvm: kvm [29513]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004) [ 1469.942080][T29535] netlink: 146 bytes leftover after parsing attributes in process `syz.0.21400'. [ 1470.733981][T29544] ERROR: Out of memory at tomoyo_memory_ok. [ 1470.766537][T29549] netlink: 198 bytes leftover after parsing attributes in process `syz.3.21405'. [ 1471.723352][T29566] netlink: 322 bytes leftover after parsing attributes in process `syz.4.21411'. [ 1472.040676][T29570] sg_write: data in/out 1886744398/84 bytes for SCSI command 0x72-- guessing data in; [ 1472.040676][T29570] program syz.4.21413 not setting count and/or reply_len properly [ 1477.710858][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1477.736442][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1478.313837][T29710] netlink: 'syz.0.21448': attribute type 4 has an invalid length. [ 1479.638955][ T29] audit: type=1800 audit(4294986156.550:75): pid=29726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.21454" name="dbroot" dev="configfs" ino=316801 res=0 errno=0 [ 1479.678608][T29726] db_root: cannot open: 0 [ 1479.952540][T29732] netlink: 346 bytes leftover after parsing attributes in process `syz.0.21457'. [ 1480.602768][T29743] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21461'. [ 1481.444753][T29765] netlink: 'syz.2.21470': attribute type 21 has an invalid length. [ 1481.560755][T29765] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21470'. [ 1482.307712][T29774] zswap: compressor not available [ 1482.428828][T29787] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21478'. [ 1482.832523][T29795] netlink: 146 bytes leftover after parsing attributes in process `syz.0.21482'. [ 1483.108467][T29798] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1483.167652][T29801] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 1483.619995][T29804] zswap: compressor not available [ 1484.214498][T29829] phram: not enough arguments [ 1485.138672][T29854] netlink: 74 bytes leftover after parsing attributes in process `syz.2.21500'. [ 1487.528597][T29939] Unable to find swap-space signature [ 1488.198100][T29946] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21515'. [ 1490.087182][T29973] netlink: 334 bytes leftover after parsing attributes in process `syz.0.21524'. [ 1490.552514][T29981] sg_write: data in/out 65500/90 bytes for SCSI command 0x0-- guessing data in; [ 1490.552514][T29981] program syz.0.21527 not setting count and/or reply_len properly [ 1492.621203][T30044] netlink: 342 bytes leftover after parsing attributes in process `syz.2.21550'. [ 1493.537169][T30071] sg_write: data in/out 220/90 bytes for SCSI command 0x0-- guessing data in; [ 1493.537169][T30071] program syz.3.21557 not setting count and/or reply_len properly [ 1493.933593][T30079] netlink: 342 bytes leftover after parsing attributes in process `syz.3.21558'. [ 1495.141286][T30118] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1496.089825][T30157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21567'. [ 1496.198638][T30158] netlink: 25 bytes leftover after parsing attributes in process `syz.0.21567'. [ 1499.671339][T30197] kexec: Could not allocate control_code_buffer [ 1501.089194][T30294] netlink: 350 bytes leftover after parsing attributes in process `syz.2.21591'. [ 1502.072564][T30318] netlink: 342 bytes leftover after parsing attributes in process `syz.3.21596'. [ 1502.192321][T30318] netlink: 342 bytes leftover after parsing attributes in process `syz.3.21596'. [ 1502.758671][T30327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21600'. [ 1502.837174][T30327] netlink: 5 bytes leftover after parsing attributes in process `syz.2.21600'. [ 1502.906976][T30327] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21600'. [ 1502.986482][T30331] netlink: 342 bytes leftover after parsing attributes in process `syz.0.21602'. [ 1503.615175][T30339] netlink: 'syz.0.21606': attribute type 19 has an invalid length. [ 1503.691825][T30339] netlink: 334 bytes leftover after parsing attributes in process `syz.0.21606'. [ 1504.001309][T30347] UHID_CREATE from different security context by process 12059 (syz.0.21608), this is not allowed. [ 1504.865605][T30361] ubi0: attaching mtd0 [ 1504.870833][T30361] ubi0: scanning is finished [ 1504.938289][T30361] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1505.461550][T30361] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1506.734033][T30388] netlink: 'syz.0.21622': attribute type 29 has an invalid length. [ 1506.806505][T30388] netlink: 334 bytes leftover after parsing attributes in process `syz.0.21622'. [ 1508.563365][T30466] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21632'. [ 1508.722230][T30466] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21632'. [ 1512.102837][T30572] syz.0.21644 (30572): /proc/30570/oom_adj is deprecated, please use /proc/30570/oom_score_adj instead. [ 1512.777215][T30589] netlink: 146 bytes leftover after parsing attributes in process `syz.0.21648'. [ 1513.406740][T30619] netlink: 16 bytes leftover after parsing attributes in process `syz.3.21651'. [ 1514.240885][T30645] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1514.303561][T30645] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1514.576262][T30649] phram: parameter too long [ 1514.828058][T30657] netlink: 342 bytes leftover after parsing attributes in process `syz.0.21668'. [ 1514.983275][T30660] netlink: 146 bytes leftover after parsing attributes in process `syz.4.21667'. [ 1517.542057][T30711] netlink: 334 bytes leftover after parsing attributes in process `syz.4.21690'. [ 1517.567459][T30715] : renamed from team0 (while UP) [ 1518.043118][T11716] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 1518.489469][T30744] mmap: syz.3.21697 (30744) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1518.646323][T30744] bridge0: port 4(netdevsim1) entered blocking state [ 1518.686439][T30744] bridge0: port 4(netdevsim1) entered disabled state [ 1518.726463][T30744] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 1518.784654][T30744] netdevsim netdevsim3 netdevsim1: entered promiscuous mode [ 1518.859989][T30744] bridge0: port 4(netdevsim1) entered blocking state [ 1518.866786][T30744] bridge0: port 4(netdevsim1) entered listening state [ 1519.346347][T30762] sd 0:0:1:0: PR command failed: 1026 [ 1519.365337][T30762] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1519.423888][T30762] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1519.448386][T30764] FAULT_INJECTION: forcing a failure. [ 1519.448386][T30764] name failslab, interval 1, probability 0, space 0, times 0 [ 1519.538980][T30764] CPU: 0 UID: 0 PID: 30764 Comm: syz.0.21705 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1519.539018][T30764] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1519.539028][T30764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1519.539037][T30764] Call Trace: [ 1519.539043][T30764] [ 1519.539049][T30764] dump_stack_lvl+0x100/0x190 [ 1519.539077][T30764] should_fail_ex.cold+0x5/0xa [ 1519.539096][T30764] should_failslab+0xc2/0x120 [ 1519.539113][T30764] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1519.539132][T30764] ? tomoyo_write_log2+0x333/0xbc0 [ 1519.539156][T30764] tomoyo_write_log2+0x333/0xbc0 [ 1519.539178][T30764] tomoyo_supervisor+0x15e/0x1340 [ 1519.539204][T30764] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1519.539228][T30764] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1519.539254][T30764] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1519.539272][T30764] ? kfree+0x1f6/0x6b0 [ 1519.539292][T30764] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1519.539315][T30764] tomoyo_path_number_perm+0x445/0x580 [ 1519.539333][T30764] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1519.539357][T30764] ? do_raw_spin_lock+0x128/0x260 [ 1519.539387][T30764] ? find_held_lock+0x2b/0x80 [ 1519.539402][T30764] ? __pfx_d_add+0x10/0x10 [ 1519.539418][T30764] ? d_alloc+0x176/0x1e0 [ 1519.539433][T30764] ? current_check_access_path+0x281/0x460 [ 1519.539457][T30764] ? simple_lookup+0x105/0x1d0 [ 1519.539482][T30764] tomoyo_path_mknod+0x164/0x190 [ 1519.539504][T30764] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 1519.539527][T30764] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1519.539553][T30764] security_path_mknod+0x161/0x300 [ 1519.539587][T30764] filename_mknodat+0x241/0x7f0 [ 1519.539607][T30764] ? __pfx_filename_mknodat+0x10/0x10 [ 1519.539625][T30764] ? strncpy_from_user+0x19d/0x2d0 [ 1519.539645][T30764] ? do_getname+0x191/0x390 [ 1519.539667][T30764] __x64_sys_mknod+0x8f/0xc0 [ 1519.539685][T30764] do_syscall_64+0x106/0xf80 [ 1519.539706][T30764] ? clear_bhb_loop+0x40/0x90 [ 1519.539725][T30764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.539741][T30764] RIP: 0033:0x7f9da399c799 [ 1519.539763][T30764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1519.539780][T30764] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1519.539796][T30764] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1519.539807][T30764] RDX: 0000000000000009 RSI: 0000000000000002 RDI: 0000000000000000 [ 1519.539817][T30764] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1519.539827][T30764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1519.539836][T30764] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1519.539858][T30764] [ 1520.574144][T30775] netlink: 334 bytes leftover after parsing attributes in process `syz.3.21709'. [ 1520.911877][ C0] bridge0: port 4(netdevsim1) entered learning state [ 1521.315235][T30784] netlink: 342 bytes leftover after parsing attributes in process `syz.0.21714'. [ 1521.666013][T30794] FAULT_INJECTION: forcing a failure. [ 1521.666013][T30794] name failslab, interval 1, probability 0, space 0, times 0 [ 1521.771102][T30794] CPU: 0 UID: 0 PID: 30794 Comm: syz.0.21717 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1521.771139][T30794] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1521.771149][T30794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1521.771159][T30794] Call Trace: [ 1521.771164][T30794] [ 1521.771171][T30794] dump_stack_lvl+0x100/0x190 [ 1521.771200][T30794] should_fail_ex.cold+0x5/0xa [ 1521.771218][T30794] ? tomoyo_init_log+0x1224/0x20c0 [ 1521.771237][T30794] should_failslab+0xc2/0x120 [ 1521.771254][T30794] __kmalloc_noprof+0xe0/0x850 [ 1521.771282][T30794] tomoyo_init_log+0x1224/0x20c0 [ 1521.771305][T30794] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1521.771332][T30794] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1521.771356][T30794] tomoyo_write_log2+0x2ed/0xbc0 [ 1521.771378][T30794] tomoyo_supervisor+0x15e/0x1340 [ 1521.771404][T30794] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1521.771443][T30794] ? kasan_quarantine_put+0x104/0x240 [ 1521.771468][T30794] ? tomoyo_check_path_acl+0x141/0x210 [ 1521.771485][T30794] ? tomoyo_check_acl+0x1f7/0x410 [ 1521.771511][T30794] tomoyo_path_permission+0x270/0x3b0 [ 1521.771530][T30794] tomoyo_check_open_permission+0x37f/0x3c0 [ 1521.771549][T30794] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1521.771584][T30794] ? lock_acquire+0x1cf/0x380 [ 1521.771603][T30794] ? find_held_lock+0x2b/0x80 [ 1521.771621][T30794] tomoyo_file_open+0x6b/0x90 [ 1521.771644][T30794] security_file_open+0xb5/0x1e0 [ 1521.771663][T30794] do_dentry_open+0x5aa/0x1660 [ 1521.771684][T30794] vfs_open+0x82/0x3f0 [ 1521.771705][T30794] path_openat+0x208c/0x31a0 [ 1521.771727][T30794] ? __pfx_path_openat+0x10/0x10 [ 1521.771749][T30794] do_file_open+0x20e/0x430 [ 1521.771766][T30794] ? __pfx_do_file_open+0x10/0x10 [ 1521.771796][T30794] ? alloc_fd+0x476/0x790 [ 1521.771813][T30794] ? do_getname+0x191/0x390 [ 1521.771833][T30794] do_sys_openat2+0x10d/0x1e0 [ 1521.771853][T30794] ? __pfx_do_sys_openat2+0x10/0x10 [ 1521.771873][T30794] ? __fget_files+0x21f/0x3d0 [ 1521.771891][T30794] __x64_sys_openat+0x12d/0x210 [ 1521.771911][T30794] ? __pfx___x64_sys_openat+0x10/0x10 [ 1521.771937][T30794] do_syscall_64+0x106/0xf80 [ 1521.771958][T30794] ? clear_bhb_loop+0x40/0x90 [ 1521.771977][T30794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.771992][T30794] RIP: 0033:0x7f9da399c799 [ 1521.772006][T30794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1521.772021][T30794] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1521.772037][T30794] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1521.772047][T30794] RDX: 0000000000008382 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 1521.772058][T30794] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1521.772067][T30794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1521.772076][T30794] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1521.772096][T30794] [ 1522.981223][ C0] bridge0: port 4(netdevsim1) entered forwarding state [ 1522.988129][ C0] bridge0: topology change detected, propagating [ 1524.259983][T30881] FAULT_INJECTION: forcing a failure. [ 1524.259983][T30881] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.343128][T30881] CPU: 0 UID: 0 PID: 30881 Comm: syz.2.21744 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1524.343164][T30881] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1524.343182][T30881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1524.343192][T30881] Call Trace: [ 1524.343198][T30881] [ 1524.343204][T30881] dump_stack_lvl+0x100/0x190 [ 1524.343232][T30881] should_fail_ex.cold+0x5/0xa [ 1524.343251][T30881] should_failslab+0xc2/0x120 [ 1524.343268][T30881] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1524.343290][T30881] ? security_inode_alloc+0x3b/0x2c0 [ 1524.343307][T30881] ? lockdep_init_map_type+0x5c/0x250 [ 1524.343330][T30881] security_inode_alloc+0x3b/0x2c0 [ 1524.343346][T30881] inode_init_always_gfp+0xced/0x1040 [ 1524.343365][T30881] alloc_inode+0x8e/0x250 [ 1524.343384][T30881] new_inode+0x22/0x1c0 [ 1524.343405][T30881] proc_pid_make_inode+0x22/0x160 [ 1524.343427][T30881] proc_ns_dir_lookup+0x25b/0x390 [ 1524.343451][T30881] lookup_open.isra.0+0x631/0x11b0 [ 1524.343477][T30881] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1524.343511][T30881] ? mnt_get_write_access+0x1e9/0x2f0 [ 1524.343535][T30881] path_openat+0xa98/0x31a0 [ 1524.343557][T30881] ? __pfx_path_openat+0x10/0x10 [ 1524.343579][T30881] do_file_open+0x20e/0x430 [ 1524.343596][T30881] ? __pfx_do_file_open+0x10/0x10 [ 1524.343619][T30881] ? __pfx_kfree_link+0x10/0x10 [ 1524.343644][T30881] ? alloc_fd+0x476/0x790 [ 1524.343661][T30881] ? do_getname+0x191/0x390 [ 1524.343680][T30881] do_sys_openat2+0x10d/0x1e0 [ 1524.343701][T30881] ? __pfx_do_sys_openat2+0x10/0x10 [ 1524.343727][T30881] __x64_sys_openat+0x12d/0x210 [ 1524.343747][T30881] ? __pfx___x64_sys_openat+0x10/0x10 [ 1524.343768][T30881] ? do_user_addr_fault+0x8d6/0x12f0 [ 1524.343795][T30881] do_syscall_64+0x106/0xf80 [ 1524.343816][T30881] ? clear_bhb_loop+0x40/0x90 [ 1524.343836][T30881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.343851][T30881] RIP: 0033:0x7ff103f5cfce [ 1524.343865][T30881] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1524.343881][T30881] RSP: 002b:00007ff104e94ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1524.343896][T30881] RAX: ffffffffffffffda RBX: 00007ff104e956c0 RCX: 00007ff103f5cfce [ 1524.343906][T30881] RDX: 0000000000000002 RSI: 00007ff104e94f90 RDI: ffffffffffffff9c [ 1524.343916][T30881] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1524.343926][T30881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1524.343935][T30881] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1524.343955][T30881] [ 1525.891114][T30917] netlink: 25 bytes leftover after parsing attributes in process `syz.3.21753'. [ 1528.674615][T30981] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21780'. [ 1529.197462][T30998] netlink: 142 bytes leftover after parsing attributes in process `syz.0.21784'. [ 1531.888753][T31050] Process accounting resumed [ 1532.800624][T31066] [U] [ 1534.660746][T31115] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1535.351803][T31136] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21835'. [ 1536.668879][T31159] netlink: 342 bytes leftover after parsing attributes in process `syz.2.21842'. [ 1538.822615][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1538.829804][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1539.114572][T31205] netlink: 330 bytes leftover after parsing attributes in process `syz.4.21860'. [ 1539.187307][T31205] IPv6: NLM_F_CREATE should be specified when creating new route [ 1539.196168][T31208] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21861'. [ 1539.725070][T31220] random: crng reseeded on system resumption [ 1539.771167][T31220] FAULT_INJECTION: forcing a failure. [ 1539.771167][T31220] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1539.893331][T31220] CPU: 0 UID: 0 PID: 31220 Comm: syz.0.21866 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1539.893369][T31220] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1539.893379][T31220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1539.893389][T31220] Call Trace: [ 1539.893395][T31220] [ 1539.893402][T31220] dump_stack_lvl+0x100/0x190 [ 1539.893429][T31220] should_fail_ex.cold+0x5/0xa [ 1539.893445][T31220] ? prepare_alloc_pages+0x16d/0x5f0 [ 1539.893465][T31220] should_fail_alloc_page+0xeb/0x140 [ 1539.893483][T31220] prepare_alloc_pages+0x1f0/0x5f0 [ 1539.893503][T31220] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1539.893527][T31220] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1539.893555][T31220] ? stack_trace_save+0x8e/0xc0 [ 1539.893571][T31220] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1539.893592][T31220] ? stack_depot_save_flags+0x27/0x9d0 [ 1539.893612][T31220] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1539.893636][T31220] ? kasan_save_stack+0x3f/0x50 [ 1539.893657][T31220] ? kasan_save_stack+0x30/0x50 [ 1539.893677][T31220] ? kasan_save_track+0x14/0x30 [ 1539.893711][T31220] ? do_sys_openat2+0x10d/0x1e0 [ 1539.893730][T31220] ? __x64_sys_openat+0x12d/0x210 [ 1539.893756][T31220] ? do_syscall_64+0x106/0xf80 [ 1539.893780][T31220] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1539.893799][T31220] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1539.893825][T31220] ? policy_nodemask+0xed/0x4f0 [ 1539.893843][T31220] alloc_pages_mpol+0x1fb/0x550 [ 1539.893860][T31220] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1539.893876][T31220] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1539.893895][T31220] alloc_pages_noprof+0x131/0x390 [ 1539.893912][T31220] get_zeroed_page_noprof+0x18/0xb0 [ 1539.893929][T31220] get_image_page+0x18/0x1a0 [ 1539.893952][T31220] alloc_rtree_node+0x3c/0xb0 [ 1539.893975][T31220] memory_bm_create+0x65e/0xba0 [ 1539.894007][T31220] create_basic_memory_bitmaps+0xbd/0x350 [ 1539.894026][T31220] snapshot_open+0x230/0x2a0 [ 1539.894042][T31220] ? __pfx_snapshot_open+0x10/0x10 [ 1539.894059][T31220] misc_open+0x26d/0x450 [ 1539.894079][T31220] ? __pfx_misc_open+0x10/0x10 [ 1539.894095][T31220] chrdev_open+0x234/0x6a0 [ 1539.894110][T31220] ? __pfx_apparmor_file_open+0x10/0x10 [ 1539.894126][T31220] ? __pfx_chrdev_open+0x10/0x10 [ 1539.894143][T31220] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1539.894163][T31220] do_dentry_open+0x6d8/0x1660 [ 1539.894178][T31220] ? __pfx_chrdev_open+0x10/0x10 [ 1539.894198][T31220] vfs_open+0x82/0x3f0 [ 1539.894219][T31220] path_openat+0x208c/0x31a0 [ 1539.894241][T31220] ? __pfx_path_openat+0x10/0x10 [ 1539.894264][T31220] do_file_open+0x20e/0x430 [ 1539.894281][T31220] ? __pfx_do_file_open+0x10/0x10 [ 1539.894310][T31220] ? alloc_fd+0x476/0x790 [ 1539.894330][T31220] ? do_getname+0x191/0x390 [ 1539.894350][T31220] do_sys_openat2+0x10d/0x1e0 [ 1539.894370][T31220] ? __pfx_do_sys_openat2+0x10/0x10 [ 1539.894390][T31220] ? find_held_lock+0x2b/0x80 [ 1539.894409][T31220] __x64_sys_openat+0x12d/0x210 [ 1539.894429][T31220] ? __pfx___x64_sys_openat+0x10/0x10 [ 1539.894456][T31220] do_syscall_64+0x106/0xf80 [ 1539.894477][T31220] ? clear_bhb_loop+0x40/0x90 [ 1539.894495][T31220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1539.894510][T31220] RIP: 0033:0x7f9da399c799 [ 1539.894524][T31220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1539.894539][T31220] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1539.894555][T31220] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1539.894567][T31220] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1539.894577][T31220] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1539.894587][T31220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1539.894596][T31220] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1539.894617][T31220] [ 1541.324382][T31235] netlink: 322 bytes leftover after parsing attributes in process `syz.2.21873'. [ 1542.178289][T31247] FAULT_INJECTION: forcing a failure. [ 1542.178289][T31247] name failslab, interval 1, probability 0, space 0, times 0 [ 1542.245346][T31247] CPU: 0 UID: 0 PID: 31247 Comm: syz.2.21879 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1542.245384][T31247] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1542.245394][T31247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1542.245404][T31247] Call Trace: [ 1542.245409][T31247] [ 1542.245415][T31247] dump_stack_lvl+0x100/0x190 [ 1542.245443][T31247] should_fail_ex.cold+0x5/0xa [ 1542.245476][T31247] ? __list_lru_init+0xd9/0x4b0 [ 1542.245497][T31247] should_failslab+0xc2/0x120 [ 1542.245515][T31247] __kmalloc_noprof+0xe0/0x850 [ 1542.245542][T31247] __list_lru_init+0xd9/0x4b0 [ 1542.245564][T31247] alloc_super+0x926/0xd20 [ 1542.245588][T31247] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1542.245611][T31247] sget_fc+0x117/0xc70 [ 1542.245633][T31247] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1542.245655][T31247] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1542.245675][T31247] get_tree_nodev+0x28/0x190 [ 1542.245699][T31247] mqueue_get_tree+0xf1/0x130 [ 1542.245721][T31247] vfs_get_tree+0x92/0x320 [ 1542.245741][T31247] fc_mount_longterm+0x1a/0x270 [ 1542.245764][T31247] mq_init_ns+0x482/0x820 [ 1542.245781][T31247] copy_ipcs+0x3dd/0x7e0 [ 1542.245798][T31247] create_new_namespaces+0x20a/0xac0 [ 1542.245815][T31247] ? security_capable+0x80/0x260 [ 1542.245840][T31247] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1542.245857][T31247] ksys_unshare+0x473/0xad0 [ 1542.245877][T31247] ? __pfx_ksys_unshare+0x10/0x10 [ 1542.245902][T31247] __x64_sys_unshare+0x31/0x40 [ 1542.245920][T31247] do_syscall_64+0x106/0xf80 [ 1542.245941][T31247] ? clear_bhb_loop+0x40/0x90 [ 1542.245960][T31247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1542.245976][T31247] RIP: 0033:0x7ff103f9c799 [ 1542.245991][T31247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1542.246006][T31247] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1542.246021][T31247] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1542.246032][T31247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 1542.246041][T31247] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1542.246050][T31247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1542.246059][T31247] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1542.246079][T31247] [ 1544.840304][T31285] netlink: 28 bytes leftover after parsing attributes in process `syz.3.21891'. [ 1544.978091][T31285] ipvlan0: entered promiscuous mode [ 1545.057414][T31285] ipvlan0: entered allmulticast mode [ 1545.123981][T31285] veth0_vlan: entered allmulticast mode [ 1545.370629][T31295] FAULT_INJECTION: forcing a failure. [ 1545.370629][T31295] name failslab, interval 1, probability 0, space 0, times 0 [ 1545.426870][T31299] netlink: 342 bytes leftover after parsing attributes in process `syz.2.21898'. [ 1545.486797][T31295] CPU: 0 UID: 0 PID: 31295 Comm: syz.0.21896 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1545.486835][T31295] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1545.486846][T31295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1545.486855][T31295] Call Trace: [ 1545.486861][T31295] [ 1545.486868][T31295] dump_stack_lvl+0x100/0x190 [ 1545.486895][T31295] should_fail_ex.cold+0x5/0xa [ 1545.486914][T31295] should_failslab+0xc2/0x120 [ 1545.486931][T31295] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1545.486953][T31295] ? security_inode_alloc+0x3b/0x2c0 [ 1545.486969][T31295] ? lockdep_init_map_type+0x5c/0x250 [ 1545.486991][T31295] security_inode_alloc+0x3b/0x2c0 [ 1545.487007][T31295] inode_init_always_gfp+0xced/0x1040 [ 1545.487026][T31295] alloc_inode+0x8e/0x250 [ 1545.487045][T31295] path_from_stashed+0x25b/0x750 [ 1545.487061][T31295] ? do_raw_spin_unlock+0x145/0x1e0 [ 1545.487086][T31295] ns_get_path+0x60/0x80 [ 1545.487101][T31295] proc_ns_get_link+0x121/0x230 [ 1545.487131][T31295] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1545.487154][T31295] ? atime_needs_update+0x8b/0x6b0 [ 1545.487177][T31295] pick_link+0xd17/0x13c0 [ 1545.487198][T31295] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1545.487221][T31295] step_into_slowpath+0x9ba/0xf90 [ 1545.487246][T31295] ? __pfx_step_into_slowpath+0x10/0x10 [ 1545.487267][T31295] ? find_held_lock+0x2b/0x80 [ 1545.487288][T31295] path_openat+0xf95/0x31a0 [ 1545.487309][T31295] ? __pfx_path_openat+0x10/0x10 [ 1545.487331][T31295] do_file_open+0x20e/0x430 [ 1545.487348][T31295] ? __pfx_do_file_open+0x10/0x10 [ 1545.487377][T31295] ? alloc_fd+0x476/0x790 [ 1545.487394][T31295] ? do_getname+0x191/0x390 [ 1545.487413][T31295] do_sys_openat2+0x10d/0x1e0 [ 1545.487433][T31295] ? __pfx_do_sys_openat2+0x10/0x10 [ 1545.487459][T31295] __x64_sys_openat+0x12d/0x210 [ 1545.487479][T31295] ? __pfx___x64_sys_openat+0x10/0x10 [ 1545.487500][T31295] ? do_user_addr_fault+0x8d6/0x12f0 [ 1545.487527][T31295] do_syscall_64+0x106/0xf80 [ 1545.487548][T31295] ? clear_bhb_loop+0x40/0x90 [ 1545.487566][T31295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1545.487582][T31295] RIP: 0033:0x7f9da395cfce [ 1545.487596][T31295] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1545.487611][T31295] RSP: 002b:00007f9da47f7ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1545.487626][T31295] RAX: ffffffffffffffda RBX: 00007f9da47f86c0 RCX: 00007f9da395cfce [ 1545.487637][T31295] RDX: 0000000000000002 RSI: 00007f9da47f7f90 RDI: ffffffffffffff9c [ 1545.487647][T31295] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1545.487656][T31295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1545.487666][T31295] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1545.487686][T31295] [ 1545.826646][T31301] netlink: 'syz.3.21899': attribute type 4 has an invalid length. [ 1545.834724][T31301] netlink: 314 bytes leftover after parsing attributes in process `syz.3.21899'. [ 1548.072294][T31349] netlink: 334 bytes leftover after parsing attributes in process `syz.0.21920'. [ 1548.719349][T31364] FAULT_INJECTION: forcing a failure. [ 1548.719349][T31364] name failslab, interval 1, probability 0, space 0, times 0 [ 1548.779643][T31364] CPU: 0 UID: 0 PID: 31364 Comm: syz.0.21925 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1548.779682][T31364] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1548.779692][T31364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1548.779702][T31364] Call Trace: [ 1548.779708][T31364] [ 1548.779715][T31364] dump_stack_lvl+0x100/0x190 [ 1548.779743][T31364] should_fail_ex.cold+0x5/0xa [ 1548.779762][T31364] should_failslab+0xc2/0x120 [ 1548.779779][T31364] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1548.779816][T31364] ? security_inode_alloc+0x3b/0x2c0 [ 1548.779838][T31364] ? lockdep_init_map_type+0x5c/0x250 [ 1548.779862][T31364] security_inode_alloc+0x3b/0x2c0 [ 1548.779878][T31364] inode_init_always_gfp+0xced/0x1040 [ 1548.779898][T31364] alloc_inode+0x8e/0x250 [ 1548.779918][T31364] new_inode+0x22/0x1c0 [ 1548.779939][T31364] shmem_get_inode+0x212/0x1040 [ 1548.779964][T31364] ? __pfx_shmem_get_inode+0x10/0x10 [ 1548.779983][T31364] ? rcu_is_watching+0x12/0xc0 [ 1548.780003][T31364] ? percpu_counter_add_batch+0xb9/0x230 [ 1548.780026][T31364] __shmem_file_setup+0x3ac/0x490 [ 1548.780047][T31364] ? __pfx___shmem_file_setup+0x10/0x10 [ 1548.780070][T31364] ? vm_area_alloc+0x1f/0x160 [ 1548.780092][T31364] shmem_zero_setup+0x96/0x1b0 [ 1548.780116][T31364] __mmap_region+0x2198/0x29e0 [ 1548.780140][T31364] ? __pfx___mmap_region+0x10/0x10 [ 1548.780165][T31364] ? set_next_entity+0x11e/0x9c0 [ 1548.780190][T31364] ? __lock_acquire+0x4a5/0x2630 [ 1548.780208][T31364] ? find_held_lock+0x2b/0x80 [ 1548.780230][T31364] ? find_held_lock+0x2b/0x80 [ 1548.780243][T31364] ? finish_task_switch.isra.0+0x200/0xb80 [ 1548.780259][T31364] ? finish_task_switch.isra.0+0x200/0xb80 [ 1548.780283][T31364] ? trace_sched_exit_tp+0x13a/0x180 [ 1548.780300][T31364] ? __schedule+0x1000/0x6120 [ 1548.780345][T31364] ? rcu_is_watching+0x12/0xc0 [ 1548.780366][T31364] ? cap_capable+0x107/0x460 [ 1548.780391][T31364] mmap_region+0x180/0x3e0 [ 1548.780417][T31364] do_mmap+0xc63/0x12f0 [ 1548.780437][T31364] ? __pfx_do_mmap+0x10/0x10 [ 1548.780453][T31364] ? __pfx_down_write_killable+0x10/0x10 [ 1548.780472][T31364] vm_mmap_pgoff+0x29e/0x470 [ 1548.780492][T31364] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1548.780510][T31364] ? do_futex+0x192/0x350 [ 1548.780529][T31364] ? __pfx_do_futex+0x10/0x10 [ 1548.780551][T31364] ksys_mmap_pgoff+0xe1/0x650 [ 1548.780567][T31364] ? __x64_sys_futex+0x34f/0x4d0 [ 1548.780585][T31364] ? __x64_sys_futex+0x358/0x4d0 [ 1548.780604][T31364] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1548.780620][T31364] ? xfd_validate_state+0x129/0x190 [ 1548.780645][T31364] __x64_sys_mmap+0x125/0x190 [ 1548.780669][T31364] do_syscall_64+0x106/0xf80 [ 1548.780689][T31364] ? clear_bhb_loop+0x40/0x90 [ 1548.780707][T31364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1548.780723][T31364] RIP: 0033:0x7f9da399c799 [ 1548.780736][T31364] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1548.780751][T31364] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1548.780767][T31364] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1548.780778][T31364] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1548.780787][T31364] RBP: 00007f9da3a32c99 R08: fffffffffffffffa R09: 0000000000008000 [ 1548.780798][T31364] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1548.780807][T31364] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1548.780828][T31364] [ 1549.732072][T31368] [U] 0="/ [ 1549.735472][T31368] [U] [ 1549.821593][T31368] [U] EeQ@ [ 1549.837335][T31365] [U]  [ 1550.224797][T31385] Console: switching to colour VGA+ 80x25 [ 1550.473288][T31398] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21936'. [ 1550.564562][T31398] netlink: 334 bytes leftover after parsing attributes in process `syz.2.21936'. [ 1551.167891][T31406] netlink: 'syz.0.21939': attribute type 4 has an invalid length. [ 1551.656606][T31414] ima: policy update failed [ 1551.672433][ T29] audit: type=1802 audit(4294986228.949:76): pid=31414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.21943" res=0 errno=0 [ 1551.763429][T31421] vcan0: tx drop: invalid da for name 0x000000000000003f [ 1551.888122][T31422] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21946'. [ 1552.509174][T31446] netlink: 342 bytes leftover after parsing attributes in process `syz.4.21952'. [ 1552.557657][T31448] netlink: 330 bytes leftover after parsing attributes in process `syz.2.21953'. [ 1554.417170][T31505] netlink: 146 bytes leftover after parsing attributes in process `syz.3.21969'. [ 1554.760773][T31514] netlink: 330 bytes leftover after parsing attributes in process `syz.3.21972'. [ 1556.342884][T31548] zswap: compressor not available [ 1556.600980][T31586] netlink: 'syz.2.21983': attribute type 4 has an invalid length. [ 1557.318709][T31597] netlink: 25 bytes leftover after parsing attributes in process `syz.2.21988'. [ 1557.811341][T31607] netlink: 'syz.0.21991': attribute type 28 has an invalid length. [ 1557.865252][T31607] netlink: 334 bytes leftover after parsing attributes in process `syz.0.21991'. [ 1559.783831][T31652] netlink: 338 bytes leftover after parsing attributes in process `syz.2.22007'. [ 1561.031873][T31682] FAULT_INJECTION: forcing a failure. [ 1561.031873][T31682] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.117676][T31682] CPU: 0 UID: 0 PID: 31682 Comm: syz.0.22017 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1561.117714][T31682] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1561.117725][T31682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1561.117734][T31682] Call Trace: [ 1561.117740][T31682] [ 1561.117746][T31682] dump_stack_lvl+0x100/0x190 [ 1561.117774][T31682] should_fail_ex.cold+0x5/0xa [ 1561.117793][T31682] should_failslab+0xc2/0x120 [ 1561.117809][T31682] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1561.117829][T31682] ? tomoyo_write_log2+0x333/0xbc0 [ 1561.117852][T31682] tomoyo_write_log2+0x333/0xbc0 [ 1561.117874][T31682] tomoyo_supervisor+0x15e/0x1340 [ 1561.117899][T31682] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1561.117931][T31682] ? kasan_quarantine_put+0x104/0x240 [ 1561.117955][T31682] ? tomoyo_check_path_acl+0x141/0x210 [ 1561.117971][T31682] ? tomoyo_check_acl+0x1f7/0x410 [ 1561.117997][T31682] tomoyo_path_permission+0x270/0x3b0 [ 1561.118016][T31682] tomoyo_check_open_permission+0x37f/0x3c0 [ 1561.118034][T31682] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1561.118069][T31682] ? do_raw_spin_lock+0x128/0x260 [ 1561.118092][T31682] ? path_get+0x61/0x80 [ 1561.118111][T31682] tomoyo_file_open+0x6b/0x90 [ 1561.118133][T31682] security_file_open+0xb5/0x1e0 [ 1561.118152][T31682] do_dentry_open+0x5aa/0x1660 [ 1561.118168][T31682] ? security_inode_permission+0xbf/0x250 [ 1561.118188][T31682] vfs_open+0x82/0x3f0 [ 1561.118208][T31682] path_openat+0x208c/0x31a0 [ 1561.118230][T31682] ? __pfx_path_openat+0x10/0x10 [ 1561.118253][T31682] do_file_open+0x20e/0x430 [ 1561.118270][T31682] ? __pfx_do_file_open+0x10/0x10 [ 1561.118299][T31682] ? alloc_fd+0x476/0x790 [ 1561.118315][T31682] ? do_getname+0x191/0x390 [ 1561.118335][T31682] do_sys_openat2+0x10d/0x1e0 [ 1561.118355][T31682] ? __pfx_do_sys_openat2+0x10/0x10 [ 1561.118381][T31682] __x64_sys_openat+0x12d/0x210 [ 1561.118400][T31682] ? __pfx___x64_sys_openat+0x10/0x10 [ 1561.118427][T31682] do_syscall_64+0x106/0xf80 [ 1561.118448][T31682] ? clear_bhb_loop+0x40/0x90 [ 1561.118467][T31682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1561.118482][T31682] RIP: 0033:0x7f9da399c799 [ 1561.118496][T31682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1561.118512][T31682] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1561.118527][T31682] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1561.118538][T31682] RDX: 0000000000000043 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1561.118548][T31682] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1561.118558][T31682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1561.118567][T31682] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1561.118587][T31682] [ 1561.938590][T31688] netlink: 198 bytes leftover after parsing attributes in process `syz.4.22019'. [ 1562.169572][T31688] Process accounting paused [ 1562.494153][T31709] sg_write: data in/out 81/90 bytes for SCSI command 0x0-- guessing data in; [ 1562.494153][T31709] program syz.4.22025 not setting count and/or reply_len properly [ 1563.973231][T31739] netlink: 'syz.2.22033': attribute type 4 has an invalid length. [ 1564.009441][T31742] netlink: 330 bytes leftover after parsing attributes in process `syz.0.22035'. [ 1564.136327][T31749] random: crng reseeded on system resumption [ 1564.696794][T31782] netlink: 334 bytes leftover after parsing attributes in process `syz.4.22040'. [ 1565.846051][T31811] FAULT_INJECTION: forcing a failure. [ 1565.846051][T31811] name failslab, interval 1, probability 0, space 0, times 0 [ 1565.980548][T31811] CPU: 0 UID: 0 PID: 31811 Comm: syz.2.22048 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1565.980587][T31811] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1565.980597][T31811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1565.980607][T31811] Call Trace: [ 1565.980613][T31811] [ 1565.980619][T31811] dump_stack_lvl+0x100/0x190 [ 1565.980646][T31811] should_fail_ex.cold+0x5/0xa [ 1565.980665][T31811] should_failslab+0xc2/0x120 [ 1565.980681][T31811] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1565.980701][T31811] ? kobject_create_and_add+0x46/0xc0 [ 1565.980722][T31811] kobject_create_and_add+0x46/0xc0 [ 1565.980739][T31811] __add_disk+0x66f/0xe40 [ 1565.980757][T31811] ? find_held_lock+0x2b/0x80 [ 1565.980774][T31811] add_disk_fwnode+0x3d4/0x5c0 [ 1565.980792][T31811] zram_add+0x4d2/0x610 [ 1565.980892][T31811] ? __pfx_zram_add+0x10/0x10 [ 1565.980925][T31811] ? find_held_lock+0x2b/0x80 [ 1565.980939][T31811] ? sysfs_file_kobj+0xe4/0x290 [ 1565.980960][T31811] ? __pfx_hot_add_show+0x10/0x10 [ 1565.980982][T31811] hot_add_show+0x21/0x80 [ 1565.981002][T31811] class_attr_show+0x72/0xa0 [ 1565.981021][T31811] ? __pfx_class_attr_show+0x10/0x10 [ 1565.981038][T31811] sysfs_kf_seq_show+0x217/0x3a0 [ 1565.981060][T31811] seq_read_iter+0x32f/0x1270 [ 1565.981091][T31811] kernfs_fop_read_iter+0x46c/0x610 [ 1565.981109][T31811] ? rw_verify_area+0xce/0x6d0 [ 1565.981129][T31811] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1565.981147][T31811] vfs_read+0x825/0xb30 [ 1565.981172][T31811] ? __pfx_vfs_read+0x10/0x10 [ 1565.981215][T31811] ksys_read+0x12a/0x250 [ 1565.981229][T31811] ? __pfx_ksys_read+0x10/0x10 [ 1565.981250][T31811] do_syscall_64+0x106/0xf80 [ 1565.981272][T31811] ? clear_bhb_loop+0x40/0x90 [ 1565.981291][T31811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1565.981307][T31811] RIP: 0033:0x7ff103f9c799 [ 1565.981321][T31811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1565.981336][T31811] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1565.981352][T31811] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1565.981363][T31811] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 1565.981373][T31811] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1565.981383][T31811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1565.981393][T31811] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1565.981415][T31811] [ 1566.261582][T31815] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22051'. [ 1566.270896][T31815] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22051'. [ 1566.581589][T31804] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1566.602218][T31804] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1566.627538][T31804] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1566.633526][T31804] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1567.071281][T31832] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22057'. [ 1567.788399][T15685] Bluetooth: hci0: command 0x2016 tx timeout [ 1567.925971][T31863] netlink: 110 bytes leftover after parsing attributes in process `syz.0.22068'. [ 1567.936786][T31865] netlink: 346 bytes leftover after parsing attributes in process `syz.3.22069'. [ 1568.323936][T31871] ERROR: Out of memory at tomoyo_memory_ok. [ 1568.744579][T15685] Bluetooth: hci1: command 0x0c1a tx timeout [ 1568.750588][T15685] Bluetooth: hci2: command 0x0406 tx timeout [ 1568.757389][T15685] Bluetooth: hci3: command 0x2016 tx timeout [ 1568.844277][T31904] netlink: 'syz.3.22075': attribute type 22 has an invalid length. [ 1568.852429][T31904] netlink: 330 bytes leftover after parsing attributes in process `syz.3.22075'. [ 1569.241963][T31921] netlink: 146 bytes leftover after parsing attributes in process `syz.3.22078'. [ 1569.520248][T31928] netlink: 130 bytes leftover after parsing attributes in process `syz.4.22080'. [ 1570.108293][T31940] netlink: 338 bytes leftover after parsing attributes in process `syz.0.22085'. [ 1571.271421][T31965] netlink: 334 bytes leftover after parsing attributes in process `syz.4.22094'. [ 1572.976294][T32001] netlink: 338 bytes leftover after parsing attributes in process `syz.4.22105'. [ 1573.584149][T32015] netlink: 'syz.4.22110': attribute type 64 has an invalid length. [ 1573.645536][T32015] netlink: 74 bytes leftover after parsing attributes in process `syz.4.22110'. [ 1576.364801][T32077] netlink: 342 bytes leftover after parsing attributes in process `syz.3.22134'. [ 1576.433941][T32077] IPv6: NLM_F_CREATE should be specified when creating new route [ 1576.441725][T32077] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1576.449288][T32077] IPv6: NLM_F_CREATE should be set when creating new route [ 1576.456498][T32077] IPv6: NLM_F_CREATE should be set when creating new route [ 1576.643069][T32081] netlink: 342 bytes leftover after parsing attributes in process `syz.3.22134'. [ 1576.732156][T32081] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1577.443563][T32096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22142'. [ 1577.903031][T32105] netlink: 322 bytes leftover after parsing attributes in process `syz.3.22145'. [ 1578.558920][T32115] netlink: 326 bytes leftover after parsing attributes in process `syz.3.22148'. [ 1578.874707][T32120] netlink: 330 bytes leftover after parsing attributes in process `syz.4.22149'. [ 1579.276112][T32125] FAULT_INJECTION: forcing a failure. [ 1579.276112][T32125] name failslab, interval 1, probability 0, space 0, times 0 [ 1579.345863][T32125] CPU: 0 UID: 0 PID: 32125 Comm: syz.0.22151 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1579.345901][T32125] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1579.345919][T32125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1579.345928][T32125] Call Trace: [ 1579.345934][T32125] [ 1579.345944][T32125] dump_stack_lvl+0x100/0x190 [ 1579.345973][T32125] should_fail_ex.cold+0x5/0xa [ 1579.345992][T32125] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1579.346016][T32125] should_failslab+0xc2/0x120 [ 1579.346033][T32125] __kmalloc_noprof+0xe0/0x850 [ 1579.346055][T32125] ? mqueue_get_tree+0xf1/0x130 [ 1579.346081][T32125] memcg_list_lru_alloc+0x4ec/0x740 [ 1579.346107][T32125] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1579.346129][T32125] ? rcu_read_unlock+0x17/0x60 [ 1579.346151][T32125] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1579.346175][T32125] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1579.346196][T32125] ? kasan_save_track+0x14/0x30 [ 1579.346220][T32125] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1579.346242][T32125] ? mqueue_alloc_inode+0x25/0x50 [ 1579.346265][T32125] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 1579.346287][T32125] mqueue_alloc_inode+0x25/0x50 [ 1579.346308][T32125] alloc_inode+0x68/0x250 [ 1579.346328][T32125] new_inode+0x22/0x1c0 [ 1579.346348][T32125] mqueue_get_inode+0x2e/0xe00 [ 1579.346370][T32125] ? sget_fc+0x801/0xc70 [ 1579.346392][T32125] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1579.346413][T32125] mqueue_fill_super+0x14d/0x260 [ 1579.346435][T32125] get_tree_nodev+0xdd/0x190 [ 1579.346459][T32125] mqueue_get_tree+0xf1/0x130 [ 1579.346480][T32125] vfs_get_tree+0x92/0x320 [ 1579.346500][T32125] fc_mount_longterm+0x1a/0x270 [ 1579.346522][T32125] mq_init_ns+0x482/0x820 [ 1579.346539][T32125] copy_ipcs+0x3dd/0x7e0 [ 1579.346556][T32125] create_new_namespaces+0x20a/0xac0 [ 1579.346574][T32125] ? security_capable+0x80/0x260 [ 1579.346599][T32125] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1579.346618][T32125] ksys_unshare+0x473/0xad0 [ 1579.346638][T32125] ? __pfx_ksys_unshare+0x10/0x10 [ 1579.346665][T32125] __x64_sys_unshare+0x31/0x40 [ 1579.346683][T32125] do_syscall_64+0x106/0xf80 [ 1579.346706][T32125] ? clear_bhb_loop+0x40/0x90 [ 1579.346725][T32125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.346742][T32125] RIP: 0033:0x7f9da399c799 [ 1579.346756][T32125] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1579.346771][T32125] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1579.346787][T32125] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1579.346798][T32125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 1579.346807][T32125] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1579.346817][T32125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1579.346827][T32125] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1579.346848][T32125] [ 1580.314830][T32176] netlink: 342 bytes leftover after parsing attributes in process `syz.0.22162'. [ 1580.355847][T32176] netlink: 342 bytes leftover after parsing attributes in process `syz.0.22162'. [ 1580.840474][T32196] netlink: 28 bytes leftover after parsing attributes in process `syz.2.22169'. [ 1580.915004][T32196] ipvlan0: entered promiscuous mode [ 1580.980939][T32196] ipvlan0: entered allmulticast mode [ 1581.056136][T32196] veth0_vlan: entered allmulticast mode [ 1581.175862][T32203] netlink: 334 bytes leftover after parsing attributes in process `syz.0.22171'. [ 1581.272243][T32208] IPv6: NLM_F_CREATE should be specified when creating new route [ 1581.773440][T32221] FAULT_INJECTION: forcing a failure. [ 1581.773440][T32221] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.856853][T32225] blktrace: Concurrent blktraces are not allowed on sg0 [ 1581.871669][T32221] CPU: 0 UID: 0 PID: 32221 Comm: syz.0.22177 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1581.871705][T32221] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1581.871715][T32221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1581.871724][T32221] Call Trace: [ 1581.871730][T32221] [ 1581.871736][T32221] dump_stack_lvl+0x100/0x190 [ 1581.871764][T32221] should_fail_ex.cold+0x5/0xa [ 1581.871783][T32221] should_failslab+0xc2/0x120 [ 1581.871800][T32221] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1581.871821][T32221] ? locks_get_lock_context+0x94/0x640 [ 1581.871848][T32221] locks_get_lock_context+0x94/0x640 [ 1581.871872][T32221] posix_lock_inode+0xcc/0x2440 [ 1581.871894][T32221] ? __pfx_posix_lock_inode+0x10/0x10 [ 1581.871915][T32221] vfs_lock_file+0xfb/0x150 [ 1581.871931][T32221] fcntl_setlk+0x782/0xe40 [ 1581.871949][T32221] ? __pfx_fcntl_setlk+0x10/0x10 [ 1581.871968][T32221] ? __might_fault+0xc5/0x140 [ 1581.871987][T32221] ? __might_fault+0xc5/0x140 [ 1581.872014][T32221] do_fcntl+0xf39/0x1670 [ 1581.872034][T32221] ? __pfx_do_fcntl+0x10/0x10 [ 1581.872051][T32221] ? __fget_files+0x215/0x3d0 [ 1581.872071][T32221] ? tomoyo_file_fcntl+0x6c/0xc0 [ 1581.872096][T32221] __x64_sys_fcntl+0x163/0x200 [ 1581.872117][T32221] do_syscall_64+0x106/0xf80 [ 1581.872138][T32221] ? clear_bhb_loop+0x40/0x90 [ 1581.872156][T32221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1581.872172][T32221] RIP: 0033:0x7f9da399c799 [ 1581.872186][T32221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1581.872201][T32221] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1581.872216][T32221] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1581.872225][T32221] RDX: 000000000000000d RSI: 0000000000000026 RDI: 0000000000000003 [ 1581.872235][T32221] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1581.872244][T32221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1581.872253][T32221] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1581.872273][T32221] [ 1582.100270][T32227] netlink: 'syz.2.22179': attribute type 4 has an invalid length. [ 1582.108645][T32227] __nla_validate_parse: 1 callbacks suppressed [ 1582.108659][T32227] netlink: 314 bytes leftover after parsing attributes in process `syz.2.22179'. [ 1582.602443][T32232] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22183'. [ 1582.645278][T32232] netlink: 25 bytes leftover after parsing attributes in process `syz.4.22183'. [ 1583.985001][T32263] ptrace attach of "./syz-executor exec"[21775] was attempted by ""[32263] [ 1584.554749][T32277] ovs_: entered promiscuous mode [ 1585.831979][T32320] FAULT_INJECTION: forcing a failure. [ 1585.831979][T32320] name failslab, interval 1, probability 0, space 0, times 0 [ 1585.956402][T32320] CPU: 0 UID: 0 PID: 32320 Comm: syz.2.22213 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1585.956440][T32320] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1585.956450][T32320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1585.956459][T32320] Call Trace: [ 1585.956465][T32320] [ 1585.956472][T32320] dump_stack_lvl+0x100/0x190 [ 1585.956499][T32320] should_fail_ex.cold+0x5/0xa [ 1585.956518][T32320] should_failslab+0xc2/0x120 [ 1585.956535][T32320] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1585.956557][T32320] ? sock_alloc_inode+0x25/0x1c0 [ 1585.956576][T32320] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1585.956591][T32320] sock_alloc_inode+0x25/0x1c0 [ 1585.956605][T32320] alloc_inode+0x68/0x250 [ 1585.956625][T32320] sock_alloc+0x44/0x280 [ 1585.956646][T32320] ? security_socket_create+0x7f/0x250 [ 1585.956671][T32320] __sock_create+0xc2/0x860 [ 1585.956690][T32320] __sys_socket+0x14d/0x260 [ 1585.956707][T32320] ? __pfx___sys_socket+0x10/0x10 [ 1585.956729][T32320] __x64_sys_socket+0x72/0xb0 [ 1585.956745][T32320] ? lockdep_hardirqs_on+0x78/0x100 [ 1585.956767][T32320] do_syscall_64+0x106/0xf80 [ 1585.956795][T32320] ? clear_bhb_loop+0x40/0x90 [ 1585.956814][T32320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1585.956830][T32320] RIP: 0033:0x7ff103f9c799 [ 1585.956844][T32320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1585.956858][T32320] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1585.956873][T32320] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1585.956884][T32320] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1585.956893][T32320] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1585.956902][T32320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1585.956911][T32320] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1585.956934][T32320] [ 1585.963099][T32320] net_ratelimit: 5 callbacks suppressed [ 1585.963113][T32320] socket: no more sockets [ 1590.682255][T32484] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22235'. [ 1592.086147][T32517] Process accounting resumed [ 1592.139029][T32524] netlink: 4 bytes leftover after parsing attributes in process `syz.3.22242'. [ 1592.243221][T32528] netlink: 13 bytes leftover after parsing attributes in process `syz.3.22242'. [ 1593.255937][T31902] Bluetooth: hci1: Malformed LE Event: 0x0b [ 1593.805864][T32556] netlink: 'syz.3.22254': attribute type 27 has an invalid length. [ 1593.934971][T32556] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22254'. [ 1594.711408][T32570] netlink: 21 bytes leftover after parsing attributes in process `syz.4.22259'. [ 1595.024878][T32578] netlink: 342 bytes leftover after parsing attributes in process `syz.0.22264'. [ 1595.078352][T32579] netlink: 21 bytes leftover after parsing attributes in process `syz.3.22263'. [ 1596.406738][T32624] netlink: 146 bytes leftover after parsing attributes in process `syz.0.22271'. [ 1596.606534][T32626] netlink: 'syz.4.22272': attribute type 27 has an invalid length. [ 1596.676018][T32626] netlink: 334 bytes leftover after parsing attributes in process `syz.4.22272'. [ 1598.063146][T32661] netlink: 'syz.3.22278': attribute type 33 has an invalid length. [ 1598.157745][T32661] netlink: 322 bytes leftover after parsing attributes in process `syz.3.22278'. [ 1598.258957][T32661] netlink: 'syz.3.22278': attribute type 33 has an invalid length. [ 1598.339612][T32661] netlink: 322 bytes leftover after parsing attributes in process `syz.3.22278'. [ 1599.955163][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1599.963151][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1600.377667][T32719] netlink: 198 bytes leftover after parsing attributes in process `syz.0.22298'. [ 1601.009026][T32727] zswap: compressor not available [ 1601.206029][T32737] netlink: 74 bytes leftover after parsing attributes in process `syz.2.22303'. [ 1602.929164][ T327] sg_write: data in/out 81/90 bytes for SCSI command 0x0-- guessing data in; [ 1602.929164][ T327] program syz.3.22315 not setting count and/or reply_len properly [ 1603.594632][ T340] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1603.636243][ T340] vhci_hcd vhci_hcd.1: default hub control req: c902 v00bf i0000 l0 [ 1603.943271][ T367] netlink: 'syz.4.22319': attribute type 33 has an invalid length. [ 1604.011837][ T367] netlink: 322 bytes leftover after parsing attributes in process `syz.4.22319'. [ 1604.062001][ T367] netlink: 'syz.4.22319': attribute type 33 has an invalid length. [ 1604.130058][ T367] netlink: 322 bytes leftover after parsing attributes in process `syz.4.22319'. [ 1604.548762][ T378] netlink: 342 bytes leftover after parsing attributes in process `syz.4.22322'. [ 1604.810089][ T380] netlink: 334 bytes leftover after parsing attributes in process `syz.4.22323'. [ 1605.195440][ T388] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1605.242983][ T388] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1605.557673][ T398] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22331'. [ 1605.692970][ T404] random: crng reseeded on system resumption [ 1605.733763][ T403] netlink: 'syz.2.22333': attribute type 33 has an invalid length. [ 1605.783886][ T403] netlink: 322 bytes leftover after parsing attributes in process `syz.2.22333'. [ 1605.883487][ T403] netlink: 'syz.2.22333': attribute type 33 has an invalid length. [ 1605.920062][ T403] netlink: 322 bytes leftover after parsing attributes in process `syz.2.22333'. [ 1606.866443][ T444] zswap: compressor not available [ 1607.616107][ T460] zswap: compressor not available [ 1608.550735][ T474] netlink: 342 bytes leftover after parsing attributes in process `syz.3.22344'. [ 1608.729856][ T480] netlink: 330 bytes leftover after parsing attributes in process `syz.0.22342'. [ 1608.961024][ T478] zswap: compressor not available [ 1609.895111][ T503] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22351'. [ 1610.749749][ T527] netlink: 342 bytes leftover after parsing attributes in process `syz.4.22359'. [ 1611.174999][ T534] netlink: 'syz.3.22362': attribute type 27 has an invalid length. [ 1611.252380][ T534] netlink: 334 bytes leftover after parsing attributes in process `syz.3.22362'. [ 1612.044682][ T557] zswap: compressor not available [ 1612.316134][ T585] zram: Added device: zram0 [ 1617.595448][ T716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.22404'. [ 1617.657366][ T716] netlink: 5 bytes leftover after parsing attributes in process `syz.2.22404'. [ 1617.738802][ T716] netlink: 16 bytes leftover after parsing attributes in process `syz.2.22404'. [ 1619.830361][ C0] vcan0: j1939_tp_rxtimer: 0xffff888038b86000: rx timeout, send abort [ 1619.840998][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888038b86000: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 1621.354178][ T773] usb usb4: usbfs: process 773 (syz.2.22421) did not claim interface 0 before use [ 1622.511252][ T760] Process accounting paused [ 1623.077620][ T794] random: crng reseeded on system resumption [ 1623.344486][ T799] FAULT_INJECTION: forcing a failure. [ 1623.344486][ T799] name failslab, interval 1, probability 0, space 0, times 0 [ 1623.466031][ T799] CPU: 0 UID: 0 PID: 799 Comm: syz.2.22427 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1623.466070][ T799] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1623.466081][ T799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1623.466090][ T799] Call Trace: [ 1623.466096][ T799] [ 1623.466103][ T799] dump_stack_lvl+0x100/0x190 [ 1623.466129][ T799] should_fail_ex.cold+0x5/0xa [ 1623.466148][ T799] should_failslab+0xc2/0x120 [ 1623.466165][ T799] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1623.466185][ T799] ? pty_common_install+0x10e/0xb30 [ 1623.466282][ T799] pty_common_install+0x10e/0xb30 [ 1623.466305][ T799] ? __pfx_pty_unix98_install+0x10/0x10 [ 1623.466325][ T799] tty_init_dev.part.0+0x9e/0x470 [ 1623.466349][ T799] tty_init_dev+0x60/0x80 [ 1623.466372][ T799] ptmx_open+0x15e/0x3c0 [ 1623.466390][ T799] ? __pfx_ptmx_open+0x10/0x10 [ 1623.466407][ T799] chrdev_open+0x234/0x6a0 [ 1623.466422][ T799] ? __pfx_apparmor_file_open+0x10/0x10 [ 1623.466439][ T799] ? __pfx_chrdev_open+0x10/0x10 [ 1623.466455][ T799] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1623.466475][ T799] do_dentry_open+0x6d8/0x1660 [ 1623.466490][ T799] ? __pfx_chrdev_open+0x10/0x10 [ 1623.466511][ T799] vfs_open+0x82/0x3f0 [ 1623.466531][ T799] path_openat+0x208c/0x31a0 [ 1623.466553][ T799] ? __pfx_path_openat+0x10/0x10 [ 1623.466576][ T799] do_file_open+0x20e/0x430 [ 1623.466593][ T799] ? __pfx_do_file_open+0x10/0x10 [ 1623.466622][ T799] ? alloc_fd+0x476/0x790 [ 1623.466639][ T799] ? do_getname+0x191/0x390 [ 1623.466659][ T799] do_sys_openat2+0x10d/0x1e0 [ 1623.466679][ T799] ? __pfx_do_sys_openat2+0x10/0x10 [ 1623.466703][ T799] ? __fget_files+0x21f/0x3d0 [ 1623.466733][ T799] __x64_sys_openat+0x12d/0x210 [ 1623.466753][ T799] ? __pfx___x64_sys_openat+0x10/0x10 [ 1623.466782][ T799] do_syscall_64+0x106/0xf80 [ 1623.466804][ T799] ? clear_bhb_loop+0x40/0x90 [ 1623.466825][ T799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.466841][ T799] RIP: 0033:0x7ff103f9c799 [ 1623.466856][ T799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1623.466871][ T799] RSP: 002b:00007ff104e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1623.466887][ T799] RAX: ffffffffffffffda RBX: 00007ff104215fa0 RCX: 00007ff103f9c799 [ 1623.466897][ T799] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1623.466907][ T799] RBP: 00007ff104032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1623.466916][ T799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1623.466925][ T799] R13: 00007ff104216038 R14: 00007ff104215fa0 R15: 00007ffd2b070118 [ 1623.466945][ T799] [ 1624.259087][ T810] netlink: 326 bytes leftover after parsing attributes in process `syz.2.22439'. [ 1624.712394][ T803] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1624.729957][ T803] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1624.768597][ T803] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1624.835135][ T803] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1625.110268][ T821] usb usb4: usbfs: process 821 (syz.4.22434) did not claim interface 0 before use [ 1626.763565][T11716] Bluetooth: hci3: command 0x2016 tx timeout [ 1626.769641][T31902] Bluetooth: hci0: command 0x2016 tx timeout [ 1626.841355][T31902] Bluetooth: hci2: command 0x0406 tx timeout [ 1626.847448][T11716] Bluetooth: hci1: command 0x0c1a tx timeout [ 1627.313943][ T922] zswap: compressor not available [ 1627.992969][ T960] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22458'. [ 1628.046521][ T963] blktrace: Concurrent blktraces are not allowed on sda1 [ 1628.129490][ T964] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1628.194662][ T964] vhci_hcd vhci_hcd.1: default hub control req: c902 v00bf i0000 l0 [ 1628.674036][ T977] netlink: 'syz.0.22465': attribute type 1 has an invalid length. [ 1628.682818][ T970] netlink: 334 bytes leftover after parsing attributes in process `syz.2.22464'. [ 1628.725233][ T977] netlink: 314 bytes leftover after parsing attributes in process `syz.0.22465'. [ 1630.107201][ T1061] random: crng reseeded on system resumption [ 1633.505976][ T1167] zswap: compressor not available [ 1636.518531][ T1306] netlink: 4 bytes leftover after parsing attributes in process `syz.4.22499'. [ 1636.606628][ T1306] netlink: 354 bytes leftover after parsing attributes in process `syz.4.22499'. [ 1636.821972][ T1302] zswap: compressor not available [ 1637.859193][ T1347] bond0: Unable to set up delay as MII monitoring is disabled [ 1638.800588][ T1362] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22511'. [ 1638.926070][ T1363] ptrace attach of "./syz-executor exec"[31893] was attempted by ""[1363] [ 1639.090565][ T1376] netlink: 21 bytes leftover after parsing attributes in process `syz.3.22513'. [ 1639.823258][ T1371] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1639.894738][ T1371] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1639.900748][ T1371] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1639.974524][ T1371] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1641.088637][T31902] Bluetooth: hci0: command 0x2016 tx timeout [ 1641.964640][T11716] Bluetooth: hci3: command 0x2016 tx timeout [ 1641.970663][T31902] Bluetooth: hci2: command 0x0406 tx timeout [ 1642.045054][T31902] Bluetooth: hci1: command 0x0c1a tx timeout [ 1642.528016][ T1445] zswap: compressor not available [ 1647.008880][ T1569] synth uevent: /devices/virtual/net/lowpan0: unknown uevent action string [ 1647.183107][ T1569] net lowpan0: uevent: failed to send synthetic uevent: -22 [ 1648.847157][ T1591] ================================================================== [ 1648.847174][ T1591] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1648.847273][ T1591] Read of size 26 at addr ffff88803959bbc8 by task syz.0.22543/1591 [ 1648.847287][ T1591] [ 1648.847298][ T1591] CPU: 0 UID: 0 PID: 1591 Comm: syz.0.22543 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1648.847330][ T1591] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1648.847339][ T1591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1648.847349][ T1591] Call Trace: [ 1648.847354][ T1591] [ 1648.847360][ T1591] dump_stack_lvl+0x100/0x190 [ 1648.847382][ T1591] print_report+0x156/0x4c9 [ 1648.847403][ T1591] ? __virt_addr_valid+0x81/0x620 [ 1648.847421][ T1591] ? __phys_addr+0xe8/0x180 [ 1648.847439][ T1591] ? fbcon_prepare_logo+0x94e/0xc60 [ 1648.847454][ T1591] kasan_report+0xdf/0x1e0 [ 1648.847469][ T1591] ? fbcon_prepare_logo+0x94e/0xc60 [ 1648.847488][ T1591] kasan_check_range+0x10f/0x1e0 [ 1648.847506][ T1591] __asan_memcpy+0x23/0x60 [ 1648.847525][ T1591] fbcon_prepare_logo+0x94e/0xc60 [ 1648.847544][ T1591] fbcon_init+0x10a0/0x1820 [ 1648.847562][ T1591] visual_init+0x320/0x620 [ 1648.847579][ T1591] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1648.847602][ T1591] store_bind+0x609/0x730 [ 1648.847622][ T1591] ? __pfx_store_bind+0x10/0x10 [ 1648.847640][ T1591] dev_attr_store+0x58/0x80 [ 1648.847658][ T1591] ? __pfx_dev_attr_store+0x10/0x10 [ 1648.847674][ T1591] sysfs_kf_write+0xf2/0x150 [ 1648.847693][ T1591] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1648.847709][ T1591] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1648.847727][ T1591] vfs_write+0x6ac/0x1070 [ 1648.847741][ T1591] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1648.847758][ T1591] ? __pfx_vfs_write+0x10/0x10 [ 1648.847776][ T1591] ksys_write+0x12a/0x250 [ 1648.847789][ T1591] ? __pfx_ksys_write+0x10/0x10 [ 1648.847805][ T1591] do_syscall_64+0x106/0xf80 [ 1648.847826][ T1591] ? clear_bhb_loop+0x40/0x90 [ 1648.847844][ T1591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.847859][ T1591] RIP: 0033:0x7f9da399c799 [ 1648.847872][ T1591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1648.847887][ T1591] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1648.847903][ T1591] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1648.847914][ T1591] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1648.847924][ T1591] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1648.847934][ T1591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1648.847944][ T1591] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1648.847959][ T1591] [ 1648.847965][ T1591] [ 1648.847969][ T1591] Allocated by task 20227: [ 1648.847978][ T1591] kasan_save_stack+0x30/0x50 [ 1648.847999][ T1591] kasan_save_track+0x14/0x30 [ 1648.848019][ T1591] __kasan_kmalloc+0xaa/0xb0 [ 1648.848038][ T1591] __kmalloc_node_track_caller_noprof+0x304/0x850 [ 1648.848061][ T1591] kmemdup_noprof+0x29/0x60 [ 1648.848081][ T1591] bpf_prog_store_orig_filter+0x103/0x1d0 [ 1648.848100][ T1591] __get_filter+0x1ea/0x2d0 [ 1648.848174][ T1591] sk_attach_filter+0x1c/0x160 [ 1648.848188][ T1591] sk_setsockopt+0x361e/0x5230 [ 1648.848209][ T1591] do_sock_setsockopt+0x193/0x1d0 [ 1648.848230][ T1591] __sys_setsockopt+0x119/0x190 [ 1648.848248][ T1591] __x64_sys_setsockopt+0xbd/0x160 [ 1648.848267][ T1591] do_syscall_64+0x106/0xf80 [ 1648.848287][ T1591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.848302][ T1591] [ 1648.848306][ T1591] The buggy address belongs to the object at ffff88803959bb00 [ 1648.848306][ T1591] which belongs to the cache kmalloc-192 of size 192 [ 1648.848318][ T1591] The buggy address is located 16 bytes to the right of [ 1648.848318][ T1591] allocated 184-byte region [ffff88803959bb00, ffff88803959bbb8) [ 1648.848333][ T1591] [ 1648.848337][ T1591] The buggy address belongs to the physical page: [ 1648.848345][ T1591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3959b [ 1648.848359][ T1591] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1648.848371][ T1591] page_type: f5(slab) [ 1648.848384][ T1591] raw: 00fff00000000000 ffff88813fe3c3c0 dead000000000100 dead000000000122 [ 1648.848398][ T1591] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1648.848407][ T1591] page dumped because: kasan: bad access detected [ 1648.848415][ T1591] page_owner tracks the page as allocated [ 1648.848420][ T1591] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 18348, tgid 18347 (syz.0.18502), ts 1098540008300, free_ts 1098523582263 [ 1648.848448][ T1591] post_alloc_hook+0x153/0x170 [ 1648.848466][ T1591] get_page_from_freelist+0x111d/0x3140 [ 1648.848486][ T1591] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1648.848508][ T1591] new_slab+0xa6/0x6b0 [ 1648.848524][ T1591] refill_objects+0x26b/0x400 [ 1648.848542][ T1591] __pcs_replace_empty_main+0x1ab/0x660 [ 1648.848562][ T1591] __kmalloc_cache_noprof+0x493/0x6f0 [ 1648.848580][ T1591] kset_create_and_add+0x4d/0x190 [ 1648.848595][ T1591] netdev_register_kobject+0x1ef/0x3d0 [ 1648.848617][ T1591] register_netdevice+0x12e0/0x2210 [ 1648.848638][ T1591] ppp_dev_configure+0x986/0xcb0 [ 1648.848658][ T1591] ppp_ioctl+0x985/0x2800 [ 1648.848676][ T1591] __x64_sys_ioctl+0x18e/0x210 [ 1648.848695][ T1591] do_syscall_64+0x106/0xf80 [ 1648.848715][ T1591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.848730][ T1591] page last free pid 18346 tgid 18346 stack trace: [ 1648.848738][ T1591] __free_frozen_pages+0x7e1/0x10d0 [ 1648.848755][ T1591] tlb_finish_mmu+0x27d/0x810 [ 1648.848771][ T1591] exit_mmap+0x454/0xa30 [ 1648.848786][ T1591] __mmput+0x12a/0x410 [ 1648.848799][ T1591] mmput+0x67/0x80 [ 1648.848812][ T1591] do_exit+0x819/0x2b60 [ 1648.848829][ T1591] do_group_exit+0xd5/0x2a0 [ 1648.848845][ T1591] __x64_sys_exit_group+0x3e/0x50 [ 1648.848863][ T1591] x64_sys_call+0x102c/0x1530 [ 1648.848878][ T1591] do_syscall_64+0x106/0xf80 [ 1648.848897][ T1591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.848911][ T1591] [ 1648.848915][ T1591] Memory state around the buggy address: [ 1648.848922][ T1591] ffff88803959ba80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1648.848933][ T1591] ffff88803959bb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1648.848944][ T1591] >ffff88803959bb80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 1648.848951][ T1591] ^ [ 1648.848960][ T1591] ffff88803959bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1648.848970][ T1591] ffff88803959bc80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 1648.848978][ T1591] ================================================================== [ 1648.848992][ T1591] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1648.849005][ T1591] CPU: 0 UID: 0 PID: 1591 Comm: syz.0.22543 Tainted: G U W I L XTNJ syzkaller #0 PREEMPT(full) [ 1648.849038][ T1591] Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1648.849048][ T1591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1648.849058][ T1591] Call Trace: [ 1648.849064][ T1591] [ 1648.849070][ T1591] dump_stack_lvl+0x100/0x190 [ 1648.849091][ T1591] vpanic+0x552/0x970 [ 1648.849106][ T1591] ? __pfx_vpanic+0x10/0x10 [ 1648.849120][ T1591] ? __pfx_vprintk_emit+0x10/0x10 [ 1648.849137][ T1591] ? fbcon_prepare_logo+0x94e/0xc60 [ 1648.849152][ T1591] panic+0xd1/0xe0 [ 1648.849165][ T1591] ? __pfx_panic+0x10/0x10 [ 1648.849181][ T1591] ? fbcon_prepare_logo+0x94e/0xc60 [ 1648.849197][ T1591] check_panic_on_warn.cold+0x19/0x34 [ 1648.849213][ T1591] end_report.part.0+0x3a/0x90 [ 1648.849244][ T1591] kasan_report.cold+0xe/0x18 [ 1648.849265][ T1591] ? fbcon_prepare_logo+0x94e/0xc60 [ 1648.849283][ T1591] kasan_check_range+0x10f/0x1e0 [ 1648.849301][ T1591] __asan_memcpy+0x23/0x60 [ 1648.849321][ T1591] fbcon_prepare_logo+0x94e/0xc60 [ 1648.849340][ T1591] fbcon_init+0x10a0/0x1820 [ 1648.849358][ T1591] visual_init+0x320/0x620 [ 1648.849375][ T1591] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1648.849397][ T1591] store_bind+0x609/0x730 [ 1648.849418][ T1591] ? __pfx_store_bind+0x10/0x10 [ 1648.849436][ T1591] dev_attr_store+0x58/0x80 [ 1648.849452][ T1591] ? __pfx_dev_attr_store+0x10/0x10 [ 1648.849469][ T1591] sysfs_kf_write+0xf2/0x150 [ 1648.849487][ T1591] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1648.849502][ T1591] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1648.849521][ T1591] vfs_write+0x6ac/0x1070 [ 1648.849535][ T1591] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1648.849552][ T1591] ? __pfx_vfs_write+0x10/0x10 [ 1648.849571][ T1591] ksys_write+0x12a/0x250 [ 1648.849584][ T1591] ? __pfx_ksys_write+0x10/0x10 [ 1648.849600][ T1591] do_syscall_64+0x106/0xf80 [ 1648.849620][ T1591] ? clear_bhb_loop+0x40/0x90 [ 1648.849637][ T1591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1648.849652][ T1591] RIP: 0033:0x7f9da399c799 [ 1648.849664][ T1591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1648.849680][ T1591] RSP: 002b:00007f9da47f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1648.849695][ T1591] RAX: ffffffffffffffda RBX: 00007f9da3c15fa0 RCX: 00007f9da399c799 [ 1648.849705][ T1591] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 1648.849716][ T1591] RBP: 00007f9da3a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1648.849726][ T1591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1648.849736][ T1591] R13: 00007f9da3c16038 R14: 00007f9da3c15fa0 R15: 00007ffc9ab2ee28 [ 1648.849752][ T1591] [ 1648.849808][ T1591] Kernel Offset: disabled