last executing test programs: 12m35.465834345s ago: executing program 2 (id=7170): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r2, @ANYBLOB="18000000", @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r1, &(0x7f0000000000)='\xde\x00', 0xfded) 12m35.310074649s ago: executing program 2 (id=7172): r0 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000040)={0x8db4, 0x9e, [{0xffffffffffffffff, 0x0, 0x7, 0x2}]}) r1 = socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/udp6\x00', 0x600, 0x0) socket(0xa, 0x1, 0x84) bind$auto(r1, &(0x7f0000000040)=@generic={0xa, "2c551d000000fe8000"}, 0x66) 12m35.030636433s ago: executing program 2 (id=7176): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) open(0x0, 0x22240, 0x155) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x42a81, 0x50) socket(0x2, 0x1, 0x106) bind$auto(0x3, 0x0, 0x6a) setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x8) 12m34.635631773s ago: executing program 2 (id=7181): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 12m34.157009453s ago: executing program 2 (id=7183): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x21}}, 0x40) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 12m32.771854864s ago: executing program 2 (id=7192): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mknod$auto(&(0x7f0000000040)='&&\x00', 0xcb, 0x6862) utimes$auto(&(0x7f00000000c0)=':,\x00', 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) 12m32.353439272s ago: executing program 32 (id=7192): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mknod$auto(&(0x7f0000000040)='&&\x00', 0xcb, 0x6862) utimes$auto(&(0x7f00000000c0)=':,\x00', 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) 7.730576329s ago: executing program 1 (id=10797): mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x5, 0x0) open(0x0, 0x261c2, 0x84) uname$auto(0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) statmount$auto(0x0, &(0x7f0000000180)={0x800a, 0x1, 0x9, 0x3, 0x3e, 0x93f, 0x41fedf, 0x3, 0x200006, 0xfffffffffffffffe, 0x1ff, 0xfffffffa, 0x8005, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x0, 0x4, 0x10, 0xb64, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffd, 0x7fc, 0xfffffffc, 0x3, [0x5, 0x0, 0x80000000, 0xffffff7ffffffffe, 0xfffffffffffffffc, 0x0, 0x9f49, 0x9, 0x0, 0x200000000000, 0x9, 0xfff, 0x8f3, 0x0, 0x9, 0x0, 0x0, 0x200000000, 0x8000, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7fffffffffff, 0x9, 0x0, 0x0, 0x10, 0x8aa5, 0x3, 0x8, 0x400, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x2]}, 0x1fe, 0x80082) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 6.763036322s ago: executing program 3 (id=10800): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) get_mempolicy$auto(0x0, 0x0, 0xfffffffffffffffa, 0x200, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0) readlinkat$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x80) read$auto(0xffffffffffffffff, 0x0, 0x20) io_submit$auto(0x4, 0xfffffffffffffffc, 0x0) socket(0x1d, 0x2, 0x7) r2 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r2, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x5760, 0x10000000000402) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) 6.576863336s ago: executing program 1 (id=10802): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) socket(0x2, 0x801, 0x106) pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x10000000eb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) 5.707129091s ago: executing program 3 (id=10805): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000240)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2b, 0x1, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r2 = pidfd_open$auto(0x1, 0x0) setns(r2, 0x60020000) syz_clone3(&(0x7f0000000300)={0x1341a4480, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0}, 0x57) ioctl$auto(r1, 0x89a0, r1) 5.318875411s ago: executing program 1 (id=10807): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, 0x0, 0x80000, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, 0x0, 0x2fb) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x68082, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x7) munlock$auto(0xf, 0x6) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) 4.700357785s ago: executing program 0 (id=10809): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x101080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x1a2) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) 4.150755838s ago: executing program 0 (id=10810): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket(0x28, 0x1, 0x0) socket(0x1, 0x1, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x22042, 0x45) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x60}, 0x3) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x400caed0, r0) 3.985435027s ago: executing program 4 (id=10811): shmctl$auto_IPC_INFO(0x5, 0x3, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3a) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x302, 0x0) ioctl$auto(r1, 0x4008af15, r0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r2, 0x8000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) prctl$auto_PR_GET_SHADOW_STACK_STATUS(0x4a, 0x101, 0x2, 0x0, 0x0) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) madvise$auto(0x0, 0x400053, 0x9) 3.940224438s ago: executing program 3 (id=10812): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000), 0x0) r1 = socket(0x2c, 0x80003, 0x0) setsockopt$auto(r1, 0x11b, 0x4, 0xffffffffffffffff, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r2, 0x0, 0xfffffdef) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x92106402, r3) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x80, 0x0) r4 = open(0x0, 0x40a00, 0x0) socket(0x2, 0x5, 0x0) syz_clone(0x38308011, 0x0, 0xffffffffffffff8e, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r4, 0x4008af25, 0x0) 3.753595567s ago: executing program 1 (id=10813): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_TDLS_OPER(r1, 0x0, 0x91) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_VHOST_SET_LOG_FD2(r3, 0x4004af07, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) 3.308932077s ago: executing program 4 (id=10814): mmap$auto(0x0, 0x6, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x28b40, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x0, 0xc, 0xb, 0x5}, 0x7) 2.959910867s ago: executing program 0 (id=10815): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, 0x0, 0x80000, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, 0x0, 0x2fb) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x68082, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munlock$auto(0xf, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) 2.937432453s ago: executing program 4 (id=10816): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fallocate$auto(0xffffffffffffffff, 0x7, 0x8, 0x4b01) pread64$auto(0xffffffffffffffff, 0x0, 0x566, 0x80000000) get_robust_list$auto(0x0, 0x0, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) bind$auto(0x3, 0x0, 0x6a) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000804}, 0x800) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) pread64$auto(r1, 0x0, 0xeda5, 0xc86) 2.364197417s ago: executing program 4 (id=10817): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) read$auto(r0, &(0x7f0000000000)='\x00', 0x91e2) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000400)='/dev/binderfs/binder0\x00', 0x0, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r2, @ANYBLOB="18000000", @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(0xffffffffffffffff, &(0x7f0000000000)='\xde\x00', 0xfded) 2.010425607s ago: executing program 3 (id=10818): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_uring_setup$auto(0x1, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x3, 0x0, 0x2, 0x7}, 0xfff}, 0x8, 0x310) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 1.951724545s ago: executing program 4 (id=10819): r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/fail_make_request/probability\x00', 0x280000, 0x0) mmap$auto(0xfffffffffffffffa, 0x2, 0x249193f7, 0x100000010, r0, 0x4) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000500)="173e8bb6c0") bind$auto(0x3, 0x0, 0x6d) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) socket(0x2, 0x801, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x17) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x805, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, 0x0, 0xc004) 1.731872439s ago: executing program 1 (id=10820): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0x181000, 0x0) r0 = io_uring_setup$auto(0x3, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) sendmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) socket(0x848000000015, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) msgctl$auto_MSG_STAT_ANY(0x1, 0xd, &(0x7f0000000380)={{0xfffffff9, 0xee01, 0xffffffffffffffff, 0xfffffffe, 0x1, 0xdbf, 0x5}, &(0x7f0000000300)=0x8, 0x0, 0x8000, 0x6, 0x8, 0xfffffffffffffffb, 0x5, 0x7, 0x3, 0x100}) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b4a, 0x9) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) 1.371738719s ago: executing program 0 (id=10821): socket(0x21, 0x2, 0xa) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0x100082) socket(0x2, 0x3, 0xa) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x20100, 0x0) preadv2$auto(r1, &(0x7f0000000200)={0x0, 0x80000000009}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 1.241517744s ago: executing program 3 (id=10822): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) io_uring_setup$auto(0x1, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) r0 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x3, 0x0, 0x2, 0x7}, 0xfff}, 0x8, 0x310) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 384.132991ms ago: executing program 0 (id=10823): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0xa0000001) r0 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) pwrite64$auto(r0, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8004) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/tty/ttye8/power/autosuspend_delay_ms\x00', 0x2062, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(0xffffffffffffffff, 0x19, &(0x7f00000001c0)="56b1b4818cd48a1861e96a7e48c52d76896bb35c40e7828f68689dacf6380d6f40748befeb7ee86318ca8c8acdd178a857f42acefb73cd44f71da0424d9484bfce87dae3f35fc41688d73b39d78bc172b19a2ae5ff8efe7e5e642f23b32d57ac07", 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000040), 0xffffffffffffffff) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/rds/tcp/rds_tcp_rcvbuf\x00', 0x141241, 0x0) pwrite64$auto(r3, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, 0x81, 0x6cf5, 0x280000000000000) 382.473127ms ago: executing program 1 (id=10824): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0x200001, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) ioctl$auto(0x3, 0x80000541b, 0x38) mmap$auto(0x0, 0x0, 0xdd, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) socket(0x1, 0x2, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x1d48, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x1007}, 0x4) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(r1, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) 286.639384ms ago: executing program 4 (id=10825): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3a) socket(0x29, 0x2, 0x0) r1 = socket(0x11, 0x3, 0x9) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) clone$auto(0x21003b46, 0x2, 0x0, 0x0, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_fd=r2, r0, 0x99, 0x2, 0x1, @relative_fd=r1, 0x9}, 0xaf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 183.26539ms ago: executing program 0 (id=10826): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) mmap$auto(0x0, 0x28009, 0x4000000000df, 0xeb2, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xa) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(r0, 0x0, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x800000000000003) rseq$auto(0x0, 0x584, 0x1, 0x2) 0s ago: executing program 3 (id=10827): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x40106f52, 0xffffffffffffffff) kernel console output (not intermixed with test programs): 6][T32050] [ 1356.284465][T32050] dump_stack_lvl+0x100/0x190 [ 1356.284510][T32050] should_fail_ex.cold+0x5/0xa [ 1356.284541][T32050] should_failslab+0xc2/0x120 [ 1356.284569][T32050] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1356.284611][T32050] ? skb_clone+0x190/0x400 [ 1356.284641][T32050] skb_clone+0x190/0x400 [ 1356.284666][T32050] netlink_deliver_tap+0xaed/0xcc0 [ 1356.284699][T32050] netlink_unicast+0x70c/0x870 [ 1356.284732][T32050] ? __pfx_netlink_unicast+0x10/0x10 [ 1356.284760][T32050] ? idr_get_next+0xec/0x150 [ 1356.284796][T32050] ctrl_getfamily+0x417/0x550 [ 1356.284830][T32050] ? __pfx_ctrl_getfamily+0x10/0x10 [ 1356.284865][T32050] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1356.284900][T32050] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1356.284941][T32050] genl_family_rcv_msg_doit+0x214/0x300 [ 1356.284977][T32050] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1356.285011][T32050] ? genl_get_cmd+0x3ef/0x720 [ 1356.285048][T32050] ? __dev_queue_xmit+0x5af/0x4800 [ 1356.285083][T32050] ? __radix_tree_lookup+0x217/0x2b0 [ 1356.285130][T32050] genl_rcv_msg+0x560/0x800 [ 1356.285169][T32050] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1356.285203][T32050] ? __pfx_ctrl_getfamily+0x10/0x10 [ 1356.285247][T32050] netlink_rcv_skb+0x159/0x420 [ 1356.285275][T32050] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1356.285324][T32050] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1356.285365][T32050] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1356.285395][T32050] genl_rcv+0x28/0x40 [ 1356.285424][T32050] netlink_unicast+0x5aa/0x870 [ 1356.285456][T32050] ? __pfx_netlink_unicast+0x10/0x10 [ 1356.285495][T32050] netlink_sendmsg+0x8b0/0xda0 [ 1356.285528][T32050] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1356.285560][T32050] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1356.285592][T32050] __sys_sendto+0x468/0x4b0 [ 1356.285630][T32050] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1356.285659][T32050] ? __pfx___sys_sendto+0x10/0x10 [ 1356.285708][T32050] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1356.285736][T32050] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1356.285784][T32050] __x64_sys_sendto+0xe0/0x1c0 [ 1356.285823][T32050] ? do_syscall_64+0x95/0xf80 [ 1356.285850][T32050] ? lockdep_hardirqs_on+0x78/0x100 [ 1356.285877][T32050] do_syscall_64+0x106/0xf80 [ 1356.285903][T32050] ? clear_bhb_loop+0x40/0x90 [ 1356.285934][T32050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.285961][T32050] RIP: 0033:0x7ff1a3b5d04e [ 1356.285981][T32050] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1356.286007][T32050] RSP: 002b:00007ff1a4afee88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1356.286031][T32050] RAX: ffffffffffffffda RBX: 00007ff1a4b006c0 RCX: 00007ff1a3b5d04e [ 1356.286049][T32050] RDX: 0000000000000028 RSI: 00007ff1a4aff000 RDI: 0000000000000005 [ 1356.286065][T32050] RBP: 0000000000000000 R08: 00007ff1a4afef04 R09: 000000000000000c [ 1356.286081][T32050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1356.286096][T32050] R13: 00007ff1a4afef58 R14: 00007ff1a4aff000 R15: 0000000000000000 [ 1356.286128][T32050] [ 1358.983099][T32063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.9609'. [ 1359.046956][T32065] netlink: 252 bytes leftover after parsing attributes in process `syz.1.9609'. [ 1361.881768][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.888263][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.037042][T32111] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9625'. [ 1362.369925][T32120] sp0: Synchronizing with TNC [ 1365.538892][T32163] input: jJǸ-9%vJ86 as /devices/virtual/input/input23 [ 1367.592597][T32198] netlink: 54 bytes leftover after parsing attributes in process `syz.1.9645'. [ 1369.154542][T32227] netlink: 252 bytes leftover after parsing attributes in process `syz.3.9652'. [ 1369.317199][T32230] netlink: 252 bytes leftover after parsing attributes in process `syz.3.9652'. [ 1369.892003][T16723] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 1369.899635][T16723] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 1369.930861][T32238] binder: 32237:32238 ioctl c0306201 200000000000 returned -11 [ 1371.077854][T32254] sp0: Synchronizing with TNC [ 1377.348671][T32336] netlink: 306 bytes leftover after parsing attributes in process `syz.4.9688'. [ 1377.723381][T32343] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9691'. [ 1377.834042][T32343] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9691'. [ 1378.942016][T32346] FAULT_INJECTION: forcing a failure. [ 1378.942016][T32346] name failslab, interval 1, probability 0, space 0, times 0 [ 1379.079261][T32352] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1379.118538][T32346] CPU: 0 UID: 0 PID: 32346 Comm: syz.1.9692 Tainted: G L syzkaller #0 PREEMPT(full) [ 1379.118579][T32346] Tainted: [L]=SOFTLOCKUP [ 1379.118589][T32346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1379.118606][T32346] Call Trace: [ 1379.118615][T32346] [ 1379.118625][T32346] dump_stack_lvl+0x100/0x190 [ 1379.118669][T32346] should_fail_ex.cold+0x5/0xa [ 1379.118700][T32346] should_failslab+0xc2/0x120 [ 1379.118729][T32346] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1379.118769][T32346] ? create_new_namespaces+0x30/0xac0 [ 1379.118798][T32346] ? rcu_is_watching+0x12/0xc0 [ 1379.118843][T32346] create_new_namespaces+0x30/0xac0 [ 1379.118871][T32346] ? bpf_lsm_capable+0x9/0x10 [ 1379.118899][T32346] ? security_capable+0x80/0x260 [ 1379.118929][T32346] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1379.118961][T32346] ksys_unshare+0x473/0xad0 [ 1379.118996][T32346] ? __pfx_ksys_unshare+0x10/0x10 [ 1379.119041][T32346] __x64_sys_unshare+0x31/0x40 [ 1379.119074][T32346] do_syscall_64+0x106/0xf80 [ 1379.119101][T32346] ? clear_bhb_loop+0x40/0x90 [ 1379.119132][T32346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1379.119159][T32346] RIP: 0033:0x7ff1a3b9c819 [ 1379.119180][T32346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1379.119206][T32346] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1379.119230][T32346] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1379.119248][T32346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1379.119263][T32346] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1379.119279][T32346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1379.119294][T32346] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1379.119326][T32346] [ 1379.119436][T32352] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1380.230795][T16723] Bluetooth: hci1: Malformed Event: 0x02 [ 1382.211842][T32403] random: crng reseeded on system resumption [ 1384.132283][T32438] ubi3: attaching mtd1 [ 1385.254948][T32459] netlink: 202 bytes leftover after parsing attributes in process `syz.3.9726'. [ 1385.947502][T32471] netlink: 246 bytes leftover after parsing attributes in process `syz.1.9729'. [ 1386.137172][T32473] random: crng reseeded on system resumption [ 1390.189119][T32520] random: crng reseeded on system resumption [ 1392.463433][ C0] sd 0:0:1:0: [sda] tag#1778 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1392.473985][ C0] sd 0:0:1:0: [sda] tag#1778 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 1393.179197][T32558] netlink: 62 bytes leftover after parsing attributes in process `syz.3.9755'. [ 1393.571979][T32567] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9757'. [ 1394.006355][T32573] netlink: 186 bytes leftover after parsing attributes in process `syz.1.9760'. [ 1395.062708][T32586] netlink: 54 bytes leftover after parsing attributes in process `syz.3.9765'. [ 1395.134752][T32589] mkiss: ax0: crc mode is auto. [ 1395.485506][T32595] netlink: 342 bytes leftover after parsing attributes in process `syz.4.9769'. [ 1395.917299][T32606] netlink: 54 bytes leftover after parsing attributes in process `syz.4.9771'. [ 1396.398710][T32618] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9776'. [ 1396.436407][T32618] netlink: 354 bytes leftover after parsing attributes in process `syz.4.9776'. [ 1397.392249][T32631] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9783'. [ 1397.426061][T32632] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9782'. [ 1397.518958][T32632] vlan0: left allmulticast mode [ 1397.540735][T32632] vlan0: left promiscuous mode [ 1397.602632][T32632] bridge0: port 4(vlan0) entered disabled state [ 1397.755442][T32632] team0: left allmulticast mode [ 1397.787995][T32632] team_slave_0: left allmulticast mode [ 1397.866428][T32632] team_slave_1: left allmulticast mode [ 1397.928000][T32632] team0: left promiscuous mode [ 1397.994004][T32632] team_slave_0: left promiscuous mode [ 1398.049283][T32632] team_slave_1: left promiscuous mode [ 1398.112319][T32632] bridge0: port 3(team0) entered disabled state [ 1398.196110][T32632] bridge_slave_1: left allmulticast mode [ 1398.272592][T32632] bridge_slave_1: left promiscuous mode [ 1398.332980][T32632] bridge0: port 2(bridge_slave_1) entered disabled state [ 1398.455281][T32632] bridge_slave_0: left allmulticast mode [ 1398.487165][T32632] bridge_slave_0: left promiscuous mode [ 1398.492967][T32632] bridge0: port 1(bridge_slave_0) entered disabled state [ 1398.764569][T32647] netlink: 13 bytes leftover after parsing attributes in process `syz.4.9789'. [ 1401.960547][T32691] netlink: 146 bytes leftover after parsing attributes in process `syz.1.9802'. [ 1402.775728][T16723] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1403.552567][T32712] netlink: 'syz.1.9808': attribute type 11 has an invalid length. [ 1405.205292][T32726] netlink: 'syz.1.9811': attribute type 10 has an invalid length. [ 1405.247017][T32726] netlink: 230 bytes leftover after parsing attributes in process `syz.1.9811'. [ 1406.955047][T32747] FAULT_INJECTION: forcing a failure. [ 1406.955047][T32747] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1407.023983][T32747] CPU: 0 UID: 0 PID: 32747 Comm: syz.1.9819 Tainted: G L syzkaller #0 PREEMPT(full) [ 1407.024025][T32747] Tainted: [L]=SOFTLOCKUP [ 1407.024034][T32747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1407.024049][T32747] Call Trace: [ 1407.024058][T32747] [ 1407.024068][T32747] dump_stack_lvl+0x100/0x190 [ 1407.024118][T32747] should_fail_ex.cold+0x5/0xa [ 1407.024145][T32747] ? prepare_alloc_pages+0x16d/0x5f0 [ 1407.024178][T32747] should_fail_alloc_page+0xeb/0x140 [ 1407.024208][T32747] prepare_alloc_pages+0x1f0/0x5f0 [ 1407.024239][T32747] ? __pfx_mas_wr_bnode+0x10/0x10 [ 1407.024275][T32747] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1407.024322][T32747] ? mas_ascend+0x53d/0xb30 [ 1407.024350][T32747] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1407.024380][T32747] ? mas_next_node+0x7f8/0xf30 [ 1407.024405][T32747] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1407.024453][T32747] ? mt_validate_nulls+0x1b3/0x9c0 [ 1407.024486][T32747] ? __pfx_mt_validate_nulls+0x10/0x10 [ 1407.024522][T32747] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1407.024550][T32747] ? policy_nodemask+0xed/0x4f0 [ 1407.024580][T32747] alloc_pages_mpol+0x1fb/0x550 [ 1407.024609][T32747] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1407.024639][T32747] ? __lock_acquire+0x4a5/0x2630 [ 1407.024693][T32747] folio_alloc_mpol_noprof+0x36/0x340 [ 1407.024727][T32747] alloc_migration_target_by_mpol+0x2c1/0x650 [ 1407.024764][T32747] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1407.024799][T32747] ? __pfx___might_resched+0x10/0x10 [ 1407.024850][T32747] ? is_bpf_text_address+0x8a/0x1a0 [ 1407.024913][T32747] migrate_pages_batch+0x4f2/0x4530 [ 1407.024946][T32747] ? kernel_text_address+0x10/0x100 [ 1407.024986][T32747] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1407.025024][T32747] ? arch_stack_walk+0xa6/0xf0 [ 1407.025058][T32747] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1407.025099][T32747] ? __pfx_stack_trace_save+0x10/0x10 [ 1407.025127][T32747] ? stack_depot_save_flags+0x27/0x9d0 [ 1407.025163][T32747] ? __split_vma+0x392/0xd90 [ 1407.025203][T32747] ? kasan_save_stack+0x3f/0x50 [ 1407.025225][T32747] ? kasan_save_stack+0x30/0x50 [ 1407.025247][T32747] ? kasan_save_track+0x14/0x30 [ 1407.025269][T32747] ? __kasan_slab_alloc+0x89/0x90 [ 1407.025293][T32747] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1407.025334][T32747] ? __mpol_dup+0x74/0x390 [ 1407.025363][T32747] ? mbind_range+0x2ad/0x550 [ 1407.025399][T32747] migrate_pages_sync+0x12c/0x880 [ 1407.025432][T32747] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1407.025475][T32747] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1407.025511][T32747] ? __lock_acquire+0x4a5/0x2630 [ 1407.025565][T32747] migrate_pages+0x1aae/0x28a0 [ 1407.025601][T32747] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1407.025642][T32747] ? __pfx_migrate_pages+0x10/0x10 [ 1407.025677][T32747] ? find_held_lock+0x2b/0x80 [ 1407.025702][T32747] ? do_mbind+0x555/0xfd0 [ 1407.025738][T32747] ? up_write+0x290/0x4f0 [ 1407.025777][T32747] do_mbind+0x5a4/0xfd0 [ 1407.025818][T32747] ? __pfx_do_mbind+0x10/0x10 [ 1407.025849][T32747] ? ksys_write+0x190/0x250 [ 1407.025873][T32747] ? ksys_write+0x190/0x250 [ 1407.025909][T32747] ? __pfx_get_nodes+0x10/0x10 [ 1407.025939][T32747] kernel_mbind+0x1b7/0x200 [ 1407.025973][T32747] ? __pfx_kernel_mbind+0x10/0x10 [ 1407.026014][T32747] do_syscall_64+0x106/0xf80 [ 1407.026039][T32747] ? clear_bhb_loop+0x40/0x90 [ 1407.026069][T32747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1407.026101][T32747] RIP: 0033:0x7ff1a3b9c819 [ 1407.026121][T32747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1407.026145][T32747] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 1407.026169][T32747] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1407.026186][T32747] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 1407.026201][T32747] RBP: 00007ff1a3c32c91 R08: 0000002000000006 R09: 0000000000000002 [ 1407.026217][T32747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1407.026236][T32747] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1407.026266][T32747] [ 1408.376598][T32758] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9821'. [ 1409.644551][ T309] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9826'. [ 1409.820288][ T309] i: entered promiscuous mode [ 1409.882826][ T313] HfR: entered promiscuous mode [ 1410.353716][ T320] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1410.929578][ T324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9830'. [ 1411.110379][ T324] hsr_slave_1 (unregistering): left promiscuous mode [ 1411.446499][ T339] CIFS: VFS: Invalid SecurityFlags: [ 1411.581401][ T346] netlink: 25 bytes leftover after parsing attributes in process `syz.3.9838'. [ 1411.834111][ T351] random: crng reseeded on system resumption [ 1412.638182][ T363] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x20c pfn:0x78007 [ 1412.670165][ T363] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1412.705046][ T363] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1412.751891][ T363] raw: 000000000000020c 0000000000000000 00000001ffffffff 0000000000000000 [ 1412.790792][ T363] page dumped because: unmovable page [ 1412.817750][ T363] page_owner tracks the page as allocated [ 1412.829101][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 1412.870944][ T363] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 29399, tgid 29397 (syz.4.8731), ts 1184068746888, free_ts 1173617301233 [ 1412.981730][ T363] post_alloc_hook+0x153/0x170 [ 1413.017656][ T363] get_page_from_freelist+0x111d/0x3140 [ 1413.050944][ T363] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1413.077369][ T363] alloc_pages_mpol+0x1fb/0x550 [ 1413.104699][ T363] alloc_pages_noprof+0x136/0x390 [ 1413.130028][ T363] brd_submit_bio+0x116a/0x20d0 [ 1413.161073][ T363] __submit_bio+0x419/0x6c0 [ 1413.173374][ T363] submit_bio_noacct_nocheck+0x74f/0xc10 [ 1413.202786][ T363] submit_bio_noacct+0xd17/0x2010 [ 1413.228304][ T363] blkdev_direct_IO+0x155c/0x1fb0 [ 1413.242573][ T363] blkdev_write_iter+0x703/0xd70 [ 1413.271050][ T363] vfs_write+0x6ac/0x1070 [ 1413.332039][ T363] ksys_write+0x12a/0x250 [ 1413.336515][ T363] do_syscall_64+0x106/0xf80 [ 1413.373250][ T363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1413.403386][ T363] page last free pid 29202 tgid 29201 stack trace: [ 1413.448003][ T363] __free_frozen_pages+0x7e1/0x10d0 [ 1413.461339][ T363] kimage_free_page_list+0x130/0x240 [ 1413.466756][ T363] kimage_alloc_control_pages+0x3f2/0xa20 [ 1413.517188][ T363] do_kexec_load+0x275/0x810 [ 1413.541121][ T363] __x64_sys_kexec_load+0x1bf/0x230 [ 1413.581498][ T363] do_syscall_64+0x106/0xf80 [ 1413.586182][ T363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1413.959153][ T375] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1414.006018][ T382] futex_wake_op: syz.0.9850 tries to shift op by -2048; fix this program [ 1414.041541][ T382] futex_wake_op: syz.0.9850 tries to shift op by -2048; fix this program [ 1414.120120][ T382] 0x000000000001-0x000000020000 : "" [ 1414.178592][ T382] ftl_cs: FTL header corrupt! [ 1414.435365][ T383] ERROR: Out of memory at tomoyo_memory_ok. [ 1416.065532][ T408] netlink: 62 bytes leftover after parsing attributes in process `syz.3.9857'. [ 1416.380081][ T417] netlink: 330 bytes leftover after parsing attributes in process `syz.0.9861'. [ 1417.409946][ T429] zswap: compressor not available [ 1417.884510][ T438] serio: Serial port pty6 [ 1418.471245][ T453] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9872'. [ 1418.501078][ T453] veth0_macvtap: left promiscuous mode [ 1418.512112][ T453] macvtap0: entered promiscuous mode [ 1418.517541][ T453] macvtap0: entered allmulticast mode [ 1420.479353][ T463] kexec: Could not allocate control_code_buffer [ 1420.903012][T16723] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 1423.349351][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.367312][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.834957][ T537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9898'. [ 1423.896511][ T537] netlink: 25 bytes leftover after parsing attributes in process `syz.1.9898'. [ 1424.184705][ T539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9899'. [ 1424.225497][ T539] netlink: 25 bytes leftover after parsing attributes in process `syz.1.9899'. [ 1425.957437][ T564] netlink: 'syz.1.9905': attribute type 28 has an invalid length. [ 1426.000038][ T564] netlink: 'syz.1.9905': attribute type 3 has an invalid length. [ 1426.033167][ T564] netlink: 306 bytes leftover after parsing attributes in process `syz.1.9905'. [ 1426.592244][ T572] sp0: Synchronizing with TNC [ 1427.076478][ T582] FAULT_INJECTION: forcing a failure. [ 1427.076478][ T582] name failslab, interval 1, probability 0, space 0, times 0 [ 1427.144854][ T582] CPU: 0 UID: 0 PID: 582 Comm: syz.0.9912 Tainted: G L syzkaller #0 PREEMPT(full) [ 1427.144894][ T582] Tainted: [L]=SOFTLOCKUP [ 1427.144904][ T582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1427.144920][ T582] Call Trace: [ 1427.144929][ T582] [ 1427.144939][ T582] dump_stack_lvl+0x100/0x190 [ 1427.144985][ T582] should_fail_ex.cold+0x5/0xa [ 1427.145016][ T582] should_failslab+0xc2/0x120 [ 1427.145045][ T582] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1427.145081][ T582] ? tomoyo_write_log2+0x333/0xbc0 [ 1427.145124][ T582] tomoyo_write_log2+0x333/0xbc0 [ 1427.145166][ T582] tomoyo_supervisor+0x15e/0x1340 [ 1427.145197][ T582] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1427.145236][ T582] ? kasan_quarantine_put+0x104/0x240 [ 1427.145288][ T582] ? tomoyo_check_path_acl+0x141/0x210 [ 1427.145322][ T582] ? tomoyo_check_acl+0x1f7/0x410 [ 1427.145353][ T582] tomoyo_path_permission+0x270/0x3b0 [ 1427.145388][ T582] tomoyo_check_open_permission+0x34d/0x3c0 [ 1427.145423][ T582] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1427.145485][ T582] ? do_raw_spin_lock+0x128/0x260 [ 1427.145528][ T582] ? path_get+0x61/0x80 [ 1427.145561][ T582] tomoyo_file_open+0x6b/0x90 [ 1427.145586][ T582] security_file_open+0xb5/0x1e0 [ 1427.145623][ T582] do_dentry_open+0x5aa/0x1660 [ 1427.145652][ T582] ? security_inode_permission+0xbf/0x250 [ 1427.145690][ T582] vfs_open+0x82/0x3f0 [ 1427.145727][ T582] path_openat+0x208c/0x31a0 [ 1427.145766][ T582] ? __pfx_path_openat+0x10/0x10 [ 1427.145805][ T582] do_file_open+0x20e/0x430 [ 1427.145835][ T582] ? __pfx_do_file_open+0x10/0x10 [ 1427.145885][ T582] ? alloc_fd+0x476/0x790 [ 1427.145915][ T582] ? do_getname+0x191/0x390 [ 1427.145951][ T582] do_sys_openat2+0x10d/0x1e0 [ 1427.145987][ T582] ? __pfx_do_sys_openat2+0x10/0x10 [ 1427.146051][ T582] __x64_sys_openat+0x12d/0x210 [ 1427.146087][ T582] ? __pfx___x64_sys_openat+0x10/0x10 [ 1427.146133][ T582] do_syscall_64+0x106/0xf80 [ 1427.146158][ T582] ? clear_bhb_loop+0x40/0x90 [ 1427.146189][ T582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1427.146214][ T582] RIP: 0033:0x7fa8a139c819 [ 1427.146235][ T582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1427.146259][ T582] RSP: 002b:00007fa8a2202028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1427.146289][ T582] RAX: ffffffffffffffda RBX: 00007fa8a1616090 RCX: 00007fa8a139c819 [ 1427.146306][ T582] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1427.146322][ T582] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1427.146338][ T582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1427.146353][ T582] R13: 00007fa8a1616128 R14: 00007fa8a1616090 R15: 00007ffe00a242c8 [ 1427.146384][ T582] [ 1429.794714][ T603] FAULT_INJECTION: forcing a failure. [ 1429.794714][ T603] name failslab, interval 1, probability 0, space 0, times 0 [ 1429.853925][ T603] CPU: 0 UID: 0 PID: 603 Comm: syz.0.9918 Tainted: G L syzkaller #0 PREEMPT(full) [ 1429.853965][ T603] Tainted: [L]=SOFTLOCKUP [ 1429.853973][ T603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1429.853989][ T603] Call Trace: [ 1429.853998][ T603] [ 1429.854007][ T603] dump_stack_lvl+0x100/0x190 [ 1429.854059][ T603] should_fail_ex.cold+0x5/0xa [ 1429.854089][ T603] ? constrain_params_by_rules+0x175/0xcc0 [ 1429.854127][ T603] should_failslab+0xc2/0x120 [ 1429.854156][ T603] __kmalloc_noprof+0xe0/0x850 [ 1429.854194][ T603] ? unwind_get_return_address+0x59/0xa0 [ 1429.854227][ T603] constrain_params_by_rules+0x175/0xcc0 [ 1429.854272][ T603] ? stack_trace_save+0x8e/0xc0 [ 1429.854302][ T603] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1429.854339][ T603] ? kfree+0x1f6/0x6b0 [ 1429.854370][ T603] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 1429.854410][ T603] ? __kasan_kmalloc+0xaa/0xb0 [ 1429.854432][ T603] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x850 [ 1429.854465][ T603] ? snd_pcm_oss_change_params_locked+0x18d9/0x39f0 [ 1429.854500][ T603] ? snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 1429.854546][ T603] ? snd_interval_refine+0x2d0/0x580 [ 1429.854575][ T603] snd_pcm_hw_refine+0x7e7/0xad0 [ 1429.854618][ T603] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1429.854668][ T603] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 1429.854705][ T603] snd_pcm_hw_param_near.constprop.0+0x5d0/0x850 [ 1429.854745][ T603] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1429.854781][ T603] ? calc_src_frames.isra.0+0x17c/0x1c0 [ 1429.854824][ T603] snd_pcm_oss_change_params_locked+0x18d9/0x39f0 [ 1429.854872][ T603] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1429.854908][ T603] ? __pfx___mutex_lock+0x10/0x10 [ 1429.854956][ T603] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 1429.854997][ T603] snd_pcm_oss_ioctl+0x1c08/0x3720 [ 1429.855033][ T603] ? __fget_files+0x215/0x3d0 [ 1429.855064][ T603] ? hook_file_ioctl_common+0x146/0x410 [ 1429.855098][ T603] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1429.855136][ T603] ? __fget_files+0x21f/0x3d0 [ 1429.855165][ T603] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1429.855202][ T603] __x64_sys_ioctl+0x18e/0x210 [ 1429.855242][ T603] do_syscall_64+0x106/0xf80 [ 1429.855268][ T603] ? clear_bhb_loop+0x40/0x90 [ 1429.855298][ T603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1429.855324][ T603] RIP: 0033:0x7fa8a139c819 [ 1429.855344][ T603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1429.855370][ T603] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1429.855393][ T603] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1429.855410][ T603] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 1429.855426][ T603] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1429.855441][ T603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1429.855456][ T603] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1429.855488][ T603] [ 1430.582216][ T605] zram: Added device: zram5 [ 1430.664263][ T608] netlink: 146 bytes leftover after parsing attributes in process `syz.3.9921'. [ 1431.447549][ T620] netlink: 'syz.0.9924': attribute type 10 has an invalid length. [ 1431.477201][ T620] netlink: 'syz.0.9924': attribute type 13 has an invalid length. [ 1432.392093][ T567] kexec: Could not allocate control_code_buffer [ 1432.641045][ T630] netlink: 504 bytes leftover after parsing attributes in process `syz.4.9928'. [ 1432.768431][ T635] warning: `syz.1.9930' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1433.537419][ T649] futex_wake_op: syz.4.9935 tries to shift op by -2048; fix this program [ 1433.577323][ T649] futex_wake_op: syz.4.9935 tries to shift op by -2048; fix this program [ 1433.637211][ T649] 0x000000000001-0x000000020000 : "" [ 1433.738036][ T649] ftl_cs: FTL header corrupt! [ 1434.027174][ T657] ERROR: Out of memory at tomoyo_memory_ok. [ 1437.659492][ T30] audit: type=1804 audit(4294967596.431:43): pid=700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.9949" name="/newroot/683/file0" dev="tmpfs" ino=3534 res=1 errno=0 [ 1438.047845][ T704] program syz.3.9950 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1442.673583][ T775] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9971'. [ 1443.134089][ T779] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1443.351356][ T779] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1443.545666][ T779] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1443.768804][ T779] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1443.810076][ T785] FAULT_INJECTION: forcing a failure. [ 1443.810076][ T785] name failslab, interval 1, probability 0, space 0, times 0 [ 1443.924406][ T785] CPU: 0 UID: 0 PID: 785 Comm: syz.0.9975 Tainted: G L syzkaller #0 PREEMPT(full) [ 1443.924444][ T785] Tainted: [L]=SOFTLOCKUP [ 1443.924453][ T785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1443.924467][ T785] Call Trace: [ 1443.924475][ T785] [ 1443.924484][ T785] dump_stack_lvl+0x100/0x190 [ 1443.924524][ T785] should_fail_ex.cold+0x5/0xa [ 1443.924552][ T785] should_failslab+0xc2/0x120 [ 1443.924578][ T785] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1443.924615][ T785] ? prepare_creds+0x2c/0x950 [ 1443.924657][ T785] prepare_creds+0x2c/0x950 [ 1443.924695][ T785] lookup_user_key+0x8e9/0x1300 [ 1443.924727][ T785] ? __pfx_lookup_user_key+0x10/0x10 [ 1443.924757][ T785] ? __pfx_futex_wait+0x10/0x10 [ 1443.924799][ T785] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1443.924839][ T785] keyctl_get_persistent+0x197/0x8b0 [ 1443.924932][ T785] ? __pfx_keyctl_get_persistent+0x10/0x10 [ 1443.924968][ T785] ? map_id_range_down+0x2bc/0x3b0 [ 1443.924995][ T785] ? __x64_sys_futex+0x34f/0x4d0 [ 1443.925028][ T785] ? __x64_sys_futex+0x358/0x4d0 [ 1443.925063][ T785] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1443.925091][ T785] ? xfd_validate_state+0x129/0x190 [ 1443.925135][ T785] __do_sys_keyctl+0x3b2/0x5a0 [ 1443.925164][ T785] do_syscall_64+0x106/0xf80 [ 1443.925190][ T785] ? clear_bhb_loop+0x40/0x90 [ 1443.925220][ T785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1443.925246][ T785] RIP: 0033:0x7fa8a139c819 [ 1443.925266][ T785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1443.925290][ T785] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1443.925314][ T785] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1443.925330][ T785] RDX: 7fffffffffffffff RSI: 0000000000000000 RDI: 0000000000000016 [ 1443.925345][ T785] RBP: 00007fa8a1432c91 R08: 0000000000000002 R09: 0000000000000000 [ 1443.925361][ T785] R10: ffffffffffffe6d6 R11: 0000000000000246 R12: 0000000000000000 [ 1443.925376][ T785] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1443.925410][ T785] [ 1449.824350][ T851] FAULT_INJECTION: forcing a failure. [ 1449.824350][ T851] name failslab, interval 1, probability 0, space 0, times 0 [ 1450.028356][ T851] CPU: 0 UID: 0 PID: 851 Comm: syz.0.9993 Tainted: G L syzkaller #0 PREEMPT(full) [ 1450.028395][ T851] Tainted: [L]=SOFTLOCKUP [ 1450.028404][ T851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1450.028419][ T851] Call Trace: [ 1450.028427][ T851] [ 1450.028437][ T851] dump_stack_lvl+0x100/0x190 [ 1450.028480][ T851] should_fail_ex.cold+0x5/0xa [ 1450.028510][ T851] should_failslab+0xc2/0x120 [ 1450.028538][ T851] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1450.028578][ T851] ? skb_clone+0x190/0x400 [ 1450.028607][ T851] skb_clone+0x190/0x400 [ 1450.028632][ T851] netlink_deliver_tap+0xaed/0xcc0 [ 1450.028663][ T851] netlink_unicast+0x70c/0x870 [ 1450.028694][ T851] ? __pfx_netlink_unicast+0x10/0x10 [ 1450.028721][ T851] ? idr_get_next+0xec/0x150 [ 1450.028755][ T851] ctrl_getfamily+0x417/0x550 [ 1450.028788][ T851] ? __pfx_ctrl_getfamily+0x10/0x10 [ 1450.028822][ T851] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1450.028855][ T851] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1450.028894][ T851] genl_family_rcv_msg_doit+0x214/0x300 [ 1450.028929][ T851] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1450.028961][ T851] ? genl_get_cmd+0x3ef/0x720 [ 1450.028997][ T851] ? __dev_queue_xmit+0x5af/0x4800 [ 1450.029031][ T851] ? __radix_tree_lookup+0x217/0x2b0 [ 1450.029075][ T851] genl_rcv_msg+0x560/0x800 [ 1450.029110][ T851] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1450.029142][ T851] ? __pfx_ctrl_getfamily+0x10/0x10 [ 1450.029185][ T851] netlink_rcv_skb+0x159/0x420 [ 1450.029212][ T851] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1450.029264][ T851] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1450.029305][ T851] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1450.029342][ T851] genl_rcv+0x28/0x40 [ 1450.029370][ T851] netlink_unicast+0x5aa/0x870 [ 1450.029406][ T851] ? __pfx_netlink_unicast+0x10/0x10 [ 1450.029445][ T851] netlink_sendmsg+0x8b0/0xda0 [ 1450.029478][ T851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1450.029511][ T851] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1450.029543][ T851] __sys_sendto+0x468/0x4b0 [ 1450.029581][ T851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1450.029610][ T851] ? __pfx___sys_sendto+0x10/0x10 [ 1450.029659][ T851] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1450.029687][ T851] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1450.029736][ T851] __x64_sys_sendto+0xe0/0x1c0 [ 1450.029775][ T851] ? do_syscall_64+0x95/0xf80 [ 1450.029801][ T851] ? lockdep_hardirqs_on+0x78/0x100 [ 1450.029828][ T851] do_syscall_64+0x106/0xf80 [ 1450.029854][ T851] ? clear_bhb_loop+0x40/0x90 [ 1450.029886][ T851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1450.029912][ T851] RIP: 0033:0x7fa8a135d04e [ 1450.029932][ T851] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1450.029957][ T851] RSP: 002b:00007fa8a2200e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1450.029982][ T851] RAX: ffffffffffffffda RBX: 00007fa8a22026c0 RCX: 00007fa8a135d04e [ 1450.029999][ T851] RDX: 0000000000000028 RSI: 00007fa8a2201000 RDI: 0000000000000006 [ 1450.030015][ T851] RBP: 0000000000000000 R08: 00007fa8a2200f04 R09: 000000000000000c [ 1450.030031][ T851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1450.030046][ T851] R13: 00007fa8a2200f58 R14: 00007fa8a2201000 R15: 0000000000000000 [ 1450.030078][ T851] [ 1452.173632][ T869] sp0: Synchronizing with TNC [ 1452.653113][ T874] netlink: 13 bytes leftover after parsing attributes in process `syz.4.10002'. [ 1453.092757][ T884] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.177446][ T888] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.283866][ T884] netlink: 306 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.352723][ T888] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.437686][ T887] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10008'. [ 1453.510801][ T888] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.586435][ T888] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.653990][ T888] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1453.748306][ T888] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10006'. [ 1456.734652][ T941] can: request_module (can-proto-5) failed. [ 1457.000383][ T920] kexec: Could not allocate control_code_buffer [ 1458.586526][ T978] device-mapper: ioctl: only supply one of name or uuid, cmd(5) [ 1459.972358][ T986] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.3.10030: bg 4: bad block bitmap checksum [ 1460.177343][ T986] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 1460.340239][ T986] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1460.340239][ T986] [ 1461.221547][ T992] __nla_validate_parse: 4 callbacks suppressed [ 1461.221568][ T992] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10031'. [ 1462.502128][ T1011] netlink: 13 bytes leftover after parsing attributes in process `syz.4.10037'. [ 1464.531487][ T1029] FAULT_INJECTION: forcing a failure. [ 1464.531487][ T1029] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.666773][ T1029] CPU: 0 UID: 0 PID: 1029 Comm: syz.0.10041 Tainted: G L syzkaller #0 PREEMPT(full) [ 1464.666813][ T1029] Tainted: [L]=SOFTLOCKUP [ 1464.666822][ T1029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1464.666838][ T1029] Call Trace: [ 1464.666847][ T1029] [ 1464.666857][ T1029] dump_stack_lvl+0x100/0x190 [ 1464.666902][ T1029] should_fail_ex.cold+0x5/0xa [ 1464.666933][ T1029] should_failslab+0xc2/0x120 [ 1464.666962][ T1029] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1464.666989][ T1029] ? kstrdup_const+0x63/0x80 [ 1464.667012][ T1029] ? find_held_lock+0x2b/0x80 [ 1464.667037][ T1029] ? is_bpf_text_address+0x8a/0x1a0 [ 1464.667082][ T1029] kstrdup+0x51/0xe0 [ 1464.667128][ T1029] kstrdup_const+0x63/0x80 [ 1464.667154][ T1029] __kernfs_new_node+0x9b/0x960 [ 1464.667192][ T1029] ? __kernel_text_address+0xd/0x30 [ 1464.667232][ T1029] ? arch_stack_walk+0xa6/0xf0 [ 1464.667265][ T1029] ? __pfx___kernfs_new_node+0x10/0x10 [ 1464.667311][ T1029] ? find_held_lock+0x2b/0x80 [ 1464.667336][ T1029] ? kernfs_root+0xee/0x2a0 [ 1464.667373][ T1029] ? kernfs_root+0xee/0x2a0 [ 1464.667418][ T1029] kernfs_new_node+0x11b/0x1a0 [ 1464.667448][ T1029] kernfs_create_dir_ns+0x4c/0x1a0 [ 1464.667478][ T1029] sysfs_create_dir_ns+0x13a/0x2b0 [ 1464.667516][ T1029] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1464.667552][ T1029] ? find_held_lock+0x2b/0x80 [ 1464.667576][ T1029] ? kobject_add_internal+0x25f/0x930 [ 1464.667609][ T1029] ? kobject_add_internal+0x25f/0x930 [ 1464.667643][ T1029] ? net_namespace+0x12/0x50 [ 1464.667671][ T1029] ? device_namespace+0x76/0xa0 [ 1464.667708][ T1029] kobject_add_internal+0x2c8/0x930 [ 1464.667746][ T1029] kobject_add+0x16a/0x1e0 [ 1464.667779][ T1029] ? __pfx_kobject_add+0x10/0x10 [ 1464.667817][ T1029] ? kobject_put+0xb9/0x640 [ 1464.667855][ T1029] device_add+0x294/0x1950 [ 1464.667890][ T1029] ? __pfx_dev_set_name+0x10/0x10 [ 1464.667928][ T1029] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1464.667955][ T1029] ? __pfx_device_add+0x10/0x10 [ 1464.667989][ T1029] ? lockdep_init_map_type+0x5c/0x250 [ 1464.668025][ T1029] ? __init_waitqueue_head+0xca/0x150 [ 1464.668072][ T1029] netdev_register_kobject+0x1a9/0x3d0 [ 1464.668112][ T1029] register_netdevice+0x12e0/0x2210 [ 1464.668146][ T1029] ? __pfx_register_netdevice+0x10/0x10 [ 1464.668182][ T1029] __ip_tunnel_create+0x52b/0x670 [ 1464.668213][ T1029] ? __pfx___ip_tunnel_create+0x10/0x10 [ 1464.668239][ T1029] ? net_generic+0xea/0x2a0 [ 1464.668273][ T1029] ip_tunnel_init_net+0x230/0x780 [ 1464.668306][ T1029] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 1464.668342][ T1029] ? __kmalloc_noprof+0x320/0x850 [ 1464.668386][ T1029] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 1464.668426][ T1029] ops_init+0x1e2/0x5f0 [ 1464.668456][ T1029] setup_net+0x118/0x3a0 [ 1464.668483][ T1029] ? __pfx_setup_net+0x10/0x10 [ 1464.668507][ T1029] ? lockdep_init_map_type+0x5c/0x250 [ 1464.668543][ T1029] ? mutex_init_lockep+0x110/0x150 [ 1464.668584][ T1029] copy_net_ns+0x46f/0x7c0 [ 1464.668616][ T1029] create_new_namespaces+0x3ea/0xac0 [ 1464.668651][ T1029] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1464.668682][ T1029] ksys_unshare+0x473/0xad0 [ 1464.668717][ T1029] ? __pfx_ksys_unshare+0x10/0x10 [ 1464.668761][ T1029] __x64_sys_unshare+0x31/0x40 [ 1464.668794][ T1029] do_syscall_64+0x106/0xf80 [ 1464.668820][ T1029] ? clear_bhb_loop+0x40/0x90 [ 1464.668851][ T1029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.668877][ T1029] RIP: 0033:0x7fa8a139c819 [ 1464.668899][ T1029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1464.668924][ T1029] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1464.668948][ T1029] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1464.668965][ T1029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1464.668981][ T1029] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1464.668997][ T1029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1464.669013][ T1029] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1464.669045][ T1029] [ 1464.669059][ T1029] kobject: kobject_add_internal failed for gretap0 (error: -12 parent: net) [ 1465.380385][ T1059] netlink: 314 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1465.984842][ T1042] kexec: Could not allocate control_code_buffer [ 1466.290044][ T1066] ERROR: Out of memory at tomoyo_memory_ok. [ 1466.324385][ T1067] ERROR: Out of memory at tomoyo_memory_ok. [ 1466.607042][ T1053] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1466.740218][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1466.788680][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1466.875418][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1466.965094][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1467.025697][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1467.075528][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1467.273977][ T1057] netlink: 338 bytes leftover after parsing attributes in process `syz.3.10045'. [ 1469.242843][ T1105] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1469.278574][ T1105] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1469.278574][ T1105] [ 1472.691205][ T1162] zswap: compressor not available [ 1473.801713][ T1193] ERROR: Out of memory at tomoyo_memory_ok. [ 1474.469413][ T1202] FAULT_INJECTION: forcing a failure. [ 1474.469413][ T1202] name failslab, interval 1, probability 0, space 0, times 0 [ 1474.577682][ T1202] CPU: 0 UID: 0 PID: 1202 Comm: syz.0.10081 Tainted: G L syzkaller #0 PREEMPT(full) [ 1474.577722][ T1202] Tainted: [L]=SOFTLOCKUP [ 1474.577731][ T1202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1474.577747][ T1202] Call Trace: [ 1474.577756][ T1202] [ 1474.577766][ T1202] dump_stack_lvl+0x100/0x190 [ 1474.577808][ T1202] should_fail_ex.cold+0x5/0xa [ 1474.577839][ T1202] should_failslab+0xc2/0x120 [ 1474.577867][ T1202] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1474.577906][ T1202] ? __kernfs_new_node+0xd2/0x960 [ 1474.577950][ T1202] __kernfs_new_node+0xd2/0x960 [ 1474.577990][ T1202] ? __pfx___kernfs_new_node+0x10/0x10 [ 1474.578035][ T1202] ? find_held_lock+0x2b/0x80 [ 1474.578060][ T1202] ? kernfs_root+0xee/0x2a0 [ 1474.578096][ T1202] ? kernfs_root+0xee/0x2a0 [ 1474.578139][ T1202] kernfs_new_node+0x11b/0x1a0 [ 1474.578167][ T1202] __kernfs_create_file+0x53/0x350 [ 1474.578201][ T1202] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1474.578243][ T1202] internal_create_group+0x593/0xf40 [ 1474.578288][ T1202] ? __pfx_internal_create_group+0x10/0x10 [ 1474.578338][ T1202] ? kernfs_create_link+0x1bd/0x240 [ 1474.578374][ T1202] internal_create_groups+0x9d/0x150 [ 1474.578416][ T1202] device_add+0x77a/0x1950 [ 1474.578454][ T1202] ? __pfx_device_add+0x10/0x10 [ 1474.578485][ T1202] ? __pfx___might_resched+0x10/0x10 [ 1474.578544][ T1202] ? lockdep_hardirqs_on+0x78/0x100 [ 1474.578582][ T1202] __add_disk+0x518/0xe40 [ 1474.578623][ T1202] add_disk_fwnode+0x118/0x5c0 [ 1474.578659][ T1202] loop_add+0x90b/0xb60 [ 1474.578700][ T1202] ? __pfx_loop_add+0x10/0x10 [ 1474.578765][ T1202] ? find_held_lock+0x2b/0x80 [ 1474.578790][ T1202] ? __fget_files+0x215/0x3d0 [ 1474.578819][ T1202] loop_control_ioctl+0xae/0x620 [ 1474.578861][ T1202] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1474.578907][ T1202] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1474.578950][ T1202] __x64_sys_ioctl+0x18e/0x210 [ 1474.578991][ T1202] do_syscall_64+0x106/0xf80 [ 1474.579017][ T1202] ? clear_bhb_loop+0x40/0x90 [ 1474.579049][ T1202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1474.579075][ T1202] RIP: 0033:0x7fa8a139c819 [ 1474.579096][ T1202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1474.579134][ T1202] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1474.579159][ T1202] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1474.579176][ T1202] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 1474.579192][ T1202] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1474.579208][ T1202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1474.579224][ T1202] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1474.579257][ T1202] [ 1476.825868][ T1215] __vm_enough_memory: pid: 1215, comm: syz.4.10085, bytes: 4398046457856 not enough memory for the allocation [ 1477.744007][ T1232] netlink: 226 bytes leftover after parsing attributes in process `syz.3.10090'. [ 1479.788984][ T1260] FAULT_INJECTION: forcing a failure. [ 1479.788984][ T1260] name failslab, interval 1, probability 0, space 0, times 0 [ 1479.815487][ T1262] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10099'. [ 1479.905073][ T1260] CPU: 0 UID: 0 PID: 1260 Comm: syz.0.10098 Tainted: G L syzkaller #0 PREEMPT(full) [ 1479.905115][ T1260] Tainted: [L]=SOFTLOCKUP [ 1479.905124][ T1260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1479.905140][ T1260] Call Trace: [ 1479.905148][ T1260] [ 1479.905159][ T1260] dump_stack_lvl+0x100/0x190 [ 1479.905202][ T1260] should_fail_ex.cold+0x5/0xa [ 1479.905233][ T1260] should_failslab+0xc2/0x120 [ 1479.905262][ T1260] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1479.905303][ T1260] ? __kernfs_new_node+0xd2/0x960 [ 1479.905342][ T1260] ? kstrdup+0xb3/0xe0 [ 1479.905368][ T1260] __kernfs_new_node+0xd2/0x960 [ 1479.905406][ T1260] ? __lock_acquire+0x4a5/0x2630 [ 1479.905443][ T1260] ? __pfx___kernfs_new_node+0x10/0x10 [ 1479.905490][ T1260] ? find_held_lock+0x2b/0x80 [ 1479.905514][ T1260] ? kernfs_root+0xee/0x2a0 [ 1479.905551][ T1260] ? kernfs_root+0xee/0x2a0 [ 1479.905596][ T1260] kernfs_new_node+0x11b/0x1a0 [ 1479.905626][ T1260] __kernfs_create_file+0x53/0x350 [ 1479.905662][ T1260] cgroup_addrm_files+0x4d8/0xb90 [ 1479.905718][ T1260] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 1479.905770][ T1260] ? css_next_child+0xcf/0x2e0 [ 1479.905809][ T1260] ? css_next_descendant_pre+0x58/0x1a0 [ 1479.905851][ T1260] css_populate_dir+0x343/0x590 [ 1479.905892][ T1260] cgroup_mkdir+0x563/0x1330 [ 1479.905922][ T1260] ? __pfx_cgroup_mkdir+0x10/0x10 [ 1479.905949][ T1260] kernfs_iop_mkdir+0x111/0x190 [ 1479.905972][ T1260] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 1479.906014][ T1260] vfs_mkdir+0x361/0x850 [ 1479.906055][ T1260] filename_mkdirat+0x48b/0x5e0 [ 1479.906089][ T1260] ? __pfx_filename_mkdirat+0x10/0x10 [ 1479.906124][ T1260] ? strncpy_from_user+0x19d/0x2d0 [ 1479.906159][ T1260] ? do_getname+0x191/0x390 [ 1479.906196][ T1260] __x64_sys_mkdir+0x6b/0x90 [ 1479.906226][ T1260] do_syscall_64+0x106/0xf80 [ 1479.906253][ T1260] ? clear_bhb_loop+0x40/0x90 [ 1479.906285][ T1260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1479.906311][ T1260] RIP: 0033:0x7fa8a139c819 [ 1479.906331][ T1260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1479.906356][ T1260] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1479.906381][ T1260] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1479.906398][ T1260] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 1479.906415][ T1260] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1479.906431][ T1260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1479.906446][ T1260] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1479.906479][ T1260] [ 1480.461536][ T1260] cgroup: cgroup_addrm_files: failed to add cgroup.procs, err=-12 [ 1482.101588][ T1276] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1482.239496][ T1276] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1482.239496][ T1276] [ 1483.217792][ T1283] netlink: 186 bytes leftover after parsing attributes in process `syz.1.10105'. [ 1483.314494][ T1287] netlink: 186 bytes leftover after parsing attributes in process `syz.1.10105'. [ 1484.792033][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.800940][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.254657][ T1311] zswap: compressor not available [ 1485.317319][ T1314] ACPI: button: Initial lid state set to 'ignore' [ 1486.770155][ T1336] mkiss: ax0: crc mode is auto. [ 1488.460124][ T1359] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3315741749 (212207471936 ns) > initial count (94764848960 ns). Using initial count to start timer. [ 1489.014083][ T151] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1489.100138][ T151] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1489.100138][ T151] [ 1489.723243][ T1379] netlink: 202 bytes leftover after parsing attributes in process `syz.4.10129'. [ 1489.892915][ T1383] FAULT_INJECTION: forcing a failure. [ 1489.892915][ T1383] name failslab, interval 1, probability 0, space 0, times 0 [ 1489.999623][ T1383] CPU: 0 UID: 0 PID: 1383 Comm: syz.1.10130 Tainted: G L syzkaller #0 PREEMPT(full) [ 1489.999663][ T1383] Tainted: [L]=SOFTLOCKUP [ 1489.999672][ T1383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1489.999687][ T1383] Call Trace: [ 1489.999696][ T1383] [ 1489.999706][ T1383] dump_stack_lvl+0x100/0x190 [ 1489.999749][ T1383] should_fail_ex.cold+0x5/0xa [ 1489.999778][ T1383] should_failslab+0xc2/0x120 [ 1489.999806][ T1383] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1489.999832][ T1383] ? blk_alloc_queue+0x627/0x790 [ 1489.999866][ T1383] ? __alloc_disk_node+0x5a/0x6b0 [ 1489.999900][ T1383] __alloc_disk_node+0x5a/0x6b0 [ 1489.999933][ T1383] __blk_alloc_disk+0xd2/0x170 [ 1489.999962][ T1383] ? __pfx___blk_alloc_disk+0x10/0x10 [ 1490.000008][ T1383] ? __pfx_idr_alloc+0x10/0x10 [ 1490.000033][ T1383] ? lockdep_init_map_type+0x5c/0x250 [ 1490.000069][ T1383] ? __raw_spin_lock_init+0x3a/0x110 [ 1490.000110][ T1383] ? __pfx_hot_add_show+0x10/0x10 [ 1490.000149][ T1383] zram_add+0x1bf/0x610 [ 1490.000186][ T1383] ? __pfx_zram_add+0x10/0x10 [ 1490.000241][ T1383] ? find_held_lock+0x2b/0x80 [ 1490.000265][ T1383] ? sysfs_file_kobj+0xe4/0x290 [ 1490.000308][ T1383] ? __pfx_hot_add_show+0x10/0x10 [ 1490.000346][ T1383] hot_add_show+0x21/0x80 [ 1490.000387][ T1383] class_attr_show+0x72/0xa0 [ 1490.000422][ T1383] ? __pfx_class_attr_show+0x10/0x10 [ 1490.000454][ T1383] sysfs_kf_seq_show+0x217/0x3a0 [ 1490.000492][ T1383] seq_read_iter+0x32f/0x1270 [ 1490.000546][ T1383] kernfs_fop_read_iter+0x46c/0x610 [ 1490.000577][ T1383] ? rw_verify_area+0xce/0x6d0 [ 1490.000614][ T1383] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1490.000646][ T1383] vfs_read+0x825/0xb30 [ 1490.000673][ T1383] ? __pfx_vfs_read+0x10/0x10 [ 1490.000716][ T1383] ksys_read+0x12a/0x250 [ 1490.000740][ T1383] ? __pfx_ksys_read+0x10/0x10 [ 1490.000773][ T1383] do_syscall_64+0x106/0xf80 [ 1490.000798][ T1383] ? clear_bhb_loop+0x40/0x90 [ 1490.000828][ T1383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1490.000854][ T1383] RIP: 0033:0x7ff1a3b9c819 [ 1490.000874][ T1383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1490.000899][ T1383] RSP: 002b:00007ff1a4b00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1490.000923][ T1383] RAX: ffffffffffffffda RBX: 00007ff1a3e16090 RCX: 00007ff1a3b9c819 [ 1490.000940][ T1383] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000005 [ 1490.000956][ T1383] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1490.000972][ T1383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1490.000987][ T1383] R13: 00007ff1a3e16128 R14: 00007ff1a3e16090 R15: 00007fffd0f44018 [ 1490.001019][ T1383] [ 1490.893209][ T1393] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1490.973755][ T1393] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1490.973755][ T1393] [ 1491.444619][ T1383] zram: Error allocating disk structure for device 6 [ 1493.276209][ T1420] zswap: compressor not available [ 1494.399448][ T1448] netlink: 'syz.1.10150': attribute type 21 has an invalid length. [ 1494.463561][ T1448] netlink: 334 bytes leftover after parsing attributes in process `syz.1.10150'. [ 1494.574071][T16723] Bluetooth: hci0: unexpected subevent 0x03 length: 253 > 9 [ 1494.611081][ T1442] zswap: compressor not available [ 1495.881740][ T1468] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=4294967104 (137438947328 ns) > initial count (6624 ns). Using initial count to start timer. [ 1496.471483][ T1481] [U] [ 1496.474336][ T1481] [U] [ 1496.477049][ T1481] [U] [ 1496.479761][ T1481] [U] [ 1496.518488][ T1481] [U] [ 1496.521245][ T1481] [U] [ 1496.523960][ T1481] [U] [ 1496.526670][ T1481] [U] [ 1496.558754][ T1487] binder: 1486:1487 ioctl c018620b 0 returned -14 [ 1496.907087][ T1477] [U] [ 1497.423701][T16723] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1497.801428][ T1504] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10163'. [ 1497.910673][T16723] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 1498.503890][ T1517] FAULT_INJECTION: forcing a failure. [ 1498.503890][ T1517] name failslab, interval 1, probability 0, space 0, times 0 [ 1498.557500][ T1517] CPU: 0 UID: 0 PID: 1517 Comm: syz.0.10166 Tainted: G L syzkaller #0 PREEMPT(full) [ 1498.557541][ T1517] Tainted: [L]=SOFTLOCKUP [ 1498.557551][ T1517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1498.557567][ T1517] Call Trace: [ 1498.557575][ T1517] [ 1498.557585][ T1517] dump_stack_lvl+0x100/0x190 [ 1498.557630][ T1517] should_fail_ex.cold+0x5/0xa [ 1498.557660][ T1517] should_failslab+0xc2/0x120 [ 1498.557689][ T1517] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1498.557725][ T1517] ? copy_ipcs+0x10d/0x7e0 [ 1498.557760][ T1517] copy_ipcs+0x10d/0x7e0 [ 1498.557804][ T1517] create_new_namespaces+0x20a/0xac0 [ 1498.557833][ T1517] ? security_capable+0x80/0x260 [ 1498.557862][ T1517] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1498.557894][ T1517] ksys_unshare+0x473/0xad0 [ 1498.557929][ T1517] ? __pfx_ksys_unshare+0x10/0x10 [ 1498.557973][ T1517] __x64_sys_unshare+0x31/0x40 [ 1498.558006][ T1517] do_syscall_64+0x106/0xf80 [ 1498.558033][ T1517] ? clear_bhb_loop+0x40/0x90 [ 1498.558063][ T1517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.558089][ T1517] RIP: 0033:0x7fa8a139c819 [ 1498.558110][ T1517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1498.558135][ T1517] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1498.558159][ T1517] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1498.558176][ T1517] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1498.558192][ T1517] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1498.558208][ T1517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1498.558223][ T1517] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1498.558272][ T1517] [ 1499.620478][ T1526] random: crng reseeded on system resumption [ 1500.328872][ T1535] capability: warning: `syz.4.10173' uses deprecated v2 capabilities in a way that may be insecure [ 1500.761416][ T1541] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1500.856084][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1500.927382][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.003846][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.087013][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.138356][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.478407][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.526955][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.629218][ T1543] netlink: 62 bytes leftover after parsing attributes in process `syz.3.10175'. [ 1501.939950][ T1552] bonding: unable to delete non-existent ) [ 1503.934474][ T1581] futex_wake_op: syz.1.10187 tries to shift op by -2048; fix this program [ 1504.949766][ T1603] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1505.142231][ T1603] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1505.142231][ T1603] [ 1506.377848][ T1623] __nla_validate_parse: 7 callbacks suppressed [ 1506.377870][ T1623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10199'. [ 1506.527771][ T1623] netlink: 354 bytes leftover after parsing attributes in process `syz.3.10199'. [ 1506.906921][ T1631] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10201'. [ 1506.971981][ T1631] FAULT_INJECTION: forcing a failure. [ 1506.971981][ T1631] name failslab, interval 1, probability 0, space 0, times 0 [ 1507.076924][ T1631] CPU: 0 UID: 0 PID: 1631 Comm: syz.1.10201 Tainted: G L syzkaller #0 PREEMPT(full) [ 1507.076965][ T1631] Tainted: [L]=SOFTLOCKUP [ 1507.076975][ T1631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1507.076990][ T1631] Call Trace: [ 1507.076999][ T1631] [ 1507.077010][ T1631] dump_stack_lvl+0x100/0x190 [ 1507.077054][ T1631] should_fail_ex.cold+0x5/0xa [ 1507.077085][ T1631] should_failslab+0xc2/0x120 [ 1507.077114][ T1631] __kvmalloc_node_noprof+0xfa/0xa00 [ 1507.077138][ T1631] ? v4l2_ctrl_new+0x4a6/0x23a0 [ 1507.077175][ T1631] v4l2_ctrl_new+0x4a6/0x23a0 [ 1507.077214][ T1631] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 1507.077247][ T1631] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 1507.077282][ T1631] v4l2_ctrl_new_custom+0x41b/0xa20 [ 1507.077328][ T1631] ? __pfx_v4l2_ctrl_new_custom+0x10/0x10 [ 1507.077361][ T1631] ? trace_kmalloc+0x101/0x130 [ 1507.077394][ T1631] ? v4l2_ctrl_handler_init_class+0x201/0x350 [ 1507.077422][ T1631] ? lockdep_init_map_type+0x30/0x250 [ 1507.077461][ T1631] ? media_request_object_init+0x105/0x180 [ 1507.077498][ T1631] vicodec_open+0xc36/0xf70 [ 1507.077529][ T1631] ? kobject_get_unless_zero+0xe1/0x200 [ 1507.077567][ T1631] v4l2_open+0x1d2/0x490 [ 1507.077595][ T1631] ? __pfx_v4l2_open+0x10/0x10 [ 1507.077623][ T1631] chrdev_open+0x234/0x6a0 [ 1507.077650][ T1631] ? __pfx_apparmor_file_open+0x10/0x10 [ 1507.077679][ T1631] ? __pfx_chrdev_open+0x10/0x10 [ 1507.077709][ T1631] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1507.077745][ T1631] do_dentry_open+0x6d8/0x1660 [ 1507.077772][ T1631] ? __pfx_chrdev_open+0x10/0x10 [ 1507.077807][ T1631] vfs_open+0x82/0x3f0 [ 1507.077845][ T1631] path_openat+0x208c/0x31a0 [ 1507.077883][ T1631] ? __pfx_path_openat+0x10/0x10 [ 1507.077925][ T1631] do_file_open+0x20e/0x430 [ 1507.077956][ T1631] ? __pfx_do_file_open+0x10/0x10 [ 1507.078005][ T1631] ? alloc_fd+0x476/0x790 [ 1507.078035][ T1631] ? do_getname+0x191/0x390 [ 1507.078071][ T1631] do_sys_openat2+0x10d/0x1e0 [ 1507.078107][ T1631] ? __pfx_do_sys_openat2+0x10/0x10 [ 1507.078145][ T1631] ? __sys_sendmsg+0x18f/0x220 [ 1507.078176][ T1631] __x64_sys_openat+0x12d/0x210 [ 1507.078213][ T1631] ? __pfx___x64_sys_openat+0x10/0x10 [ 1507.078261][ T1631] do_syscall_64+0x106/0xf80 [ 1507.078288][ T1631] ? clear_bhb_loop+0x40/0x90 [ 1507.078319][ T1631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1507.078346][ T1631] RIP: 0033:0x7ff1a3b9c819 [ 1507.078367][ T1631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1507.078404][ T1631] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1507.078447][ T1631] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1507.078465][ T1631] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1507.078482][ T1631] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1507.078503][ T1631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1507.078519][ T1631] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1507.078551][ T1631] [ 1508.360457][ T1643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10205'. [ 1508.423795][ T1643] netlink: 'syz.3.10205': attribute type 1 has an invalid length. [ 1508.447214][ T1643] netlink: 13 bytes leftover after parsing attributes in process `syz.3.10205'. [ 1510.181247][ T1659] mkiss: ax0: crc mode is auto. [ 1511.082895][ T1676] netlink: 354 bytes leftover after parsing attributes in process `syz.4.10214'. [ 1512.822867][ T1700] netlink: 252 bytes leftover after parsing attributes in process `syz.0.10224'. [ 1512.925668][ T1702] netlink: 252 bytes leftover after parsing attributes in process `syz.0.10224'. [ 1513.649539][ T1715] netlink: 'syz.4.10227': attribute type 10 has an invalid length. [ 1513.765772][ T1715] netlink: 'syz.4.10227': attribute type 13 has an invalid length. [ 1513.894804][ T1720] netlink: 'syz.4.10227': attribute type 10 has an invalid length. [ 1514.019700][ T1720] netlink: 'syz.4.10227': attribute type 13 has an invalid length. [ 1514.124410][ T1720] netlink: 'syz.4.10227': attribute type 10 has an invalid length. [ 1514.234062][ T1720] netlink: 'syz.4.10227': attribute type 13 has an invalid length. [ 1514.403610][ T1720] netlink: 'syz.4.10227': attribute type 10 has an invalid length. [ 1514.411553][ T1720] netlink: 'syz.4.10227': attribute type 13 has an invalid length. [ 1514.941018][ T1720] netlink: 'syz.4.10227': attribute type 10 has an invalid length. [ 1515.076747][ T1720] netlink: 'syz.4.10227': attribute type 13 has an invalid length. [ 1518.035381][ T1751] binder: BINDER_SET_CONTEXT_MGR already set [ 1518.193624][ T1751] binder: 1750:1751 ioctl 4018620d 2000000027c0 returned -16 [ 1519.507309][ T151] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1519.591621][ T151] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1519.591621][ T151] [ 1519.842947][ T1768] zswap: compressor not available [ 1524.667407][ T1797] netlink: 186 bytes leftover after parsing attributes in process `syz.4.10251'. [ 1524.857038][ T1790] netlink: 186 bytes leftover after parsing attributes in process `syz.4.10251'. [ 1525.896231][ T1801] tipc: Started in network mode [ 1525.976028][ T1801] tipc: Node identity ffffffff, cluster identity 4711 [ 1525.982837][ T1801] tipc: Node number set to 4294967295 [ 1526.036886][ T1804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10254'. [ 1526.107463][ T1809] netlink: 354 bytes leftover after parsing attributes in process `syz.3.10254'. [ 1526.247991][ T1807] futex_wake_op: syz.0.10256 tries to shift op by -2048; fix this program [ 1526.739212][T16723] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 1527.284332][ T1815] ima: policy update failed [ 1527.289044][ T30] audit: type=1802 audit(4294967686.061:44): pid=1815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.10260" res=0 errno=0 [ 1527.576022][ T1829] netlink: 25 bytes leftover after parsing attributes in process `syz.3.10263'. [ 1527.719670][ T1832] netlink: 342 bytes leftover after parsing attributes in process `syz.0.10264'. [ 1527.775745][ T1830] FAULT_INJECTION: forcing a failure. [ 1527.775745][ T1830] name failslab, interval 1, probability 0, space 0, times 0 [ 1527.943666][ T1830] CPU: 0 UID: 0 PID: 1830 Comm: syz.1.10262 Tainted: G L syzkaller #0 PREEMPT(full) [ 1527.943706][ T1830] Tainted: [L]=SOFTLOCKUP [ 1527.943715][ T1830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1527.943731][ T1830] Call Trace: [ 1527.943739][ T1830] [ 1527.943749][ T1830] dump_stack_lvl+0x100/0x190 [ 1527.943792][ T1830] should_fail_ex.cold+0x5/0xa [ 1527.943822][ T1830] ? lsm_blob_alloc+0x68/0x90 [ 1527.943859][ T1830] should_failslab+0xc2/0x120 [ 1527.943907][ T1830] __kmalloc_noprof+0xe0/0x850 [ 1527.943948][ T1830] ? trace_kmalloc+0x101/0x130 [ 1527.943992][ T1830] lsm_blob_alloc+0x68/0x90 [ 1527.944031][ T1830] security_sk_alloc+0x2d/0x290 [ 1527.944059][ T1830] sk_prot_alloc+0x12a/0x2a0 [ 1527.944117][ T1830] sk_alloc+0x36/0xe80 [ 1527.944158][ T1830] __netlink_create+0x5e/0x2c0 [ 1527.944200][ T1830] __netlink_kernel_create+0xed/0x750 [ 1527.944230][ T1830] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1527.944265][ T1830] ? __pfx_genl_pernet_init+0x10/0x10 [ 1527.944296][ T1830] genl_pernet_init+0xbd/0x160 [ 1527.944327][ T1830] ? __pfx_genl_pernet_init+0x10/0x10 [ 1527.944357][ T1830] ? lockdep_init_map_type+0x5c/0x250 [ 1527.944406][ T1830] ? __pfx_genl_rcv+0x10/0x10 [ 1527.944433][ T1830] ? __pfx_genl_bind+0x10/0x10 [ 1527.944459][ T1830] ? __pfx_genl_unbind+0x10/0x10 [ 1527.944485][ T1830] ? __pfx_genl_release+0x10/0x10 [ 1527.944515][ T1830] ? mutex_init_lockep+0x110/0x150 [ 1527.944554][ T1830] ops_init+0x1e2/0x5f0 [ 1527.944581][ T1830] setup_net+0x118/0x3a0 [ 1527.944607][ T1830] ? __pfx_setup_net+0x10/0x10 [ 1527.944649][ T1830] ? lockdep_init_map_type+0x5c/0x250 [ 1527.944686][ T1830] ? mutex_init_lockep+0x110/0x150 [ 1527.944730][ T1830] copy_net_ns+0x46f/0x7c0 [ 1527.944762][ T1830] create_new_namespaces+0x3ea/0xac0 [ 1527.944797][ T1830] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1527.944829][ T1830] ksys_unshare+0x473/0xad0 [ 1527.944864][ T1830] ? __pfx_ksys_unshare+0x10/0x10 [ 1527.944909][ T1830] __x64_sys_unshare+0x31/0x40 [ 1527.944942][ T1830] do_syscall_64+0x106/0xf80 [ 1527.944968][ T1830] ? clear_bhb_loop+0x40/0x90 [ 1527.944999][ T1830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1527.945026][ T1830] RIP: 0033:0x7ff1a3b9c819 [ 1527.945046][ T1830] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1527.945076][ T1830] RSP: 002b:00007ff1a4b00028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1527.945100][ T1830] RAX: ffffffffffffffda RBX: 00007ff1a3e16090 RCX: 00007ff1a3b9c819 [ 1527.945118][ T1830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1527.945134][ T1830] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1527.945150][ T1830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1527.945167][ T1830] R13: 00007ff1a3e16128 R14: 00007ff1a3e16090 R15: 00007fffd0f44018 [ 1527.945200][ T1830] [ 1530.395050][ T1842] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 1530.467566][ T1842] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 1530.559875][ T1842] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1530.873448][T16723] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1534.267015][ T1871] netlink: 186 bytes leftover after parsing attributes in process `syz.0.10274'. [ 1536.857773][ T1890] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10281'. [ 1536.976701][ T1895] netlink: 13 bytes leftover after parsing attributes in process `syz.0.10282'. [ 1539.820639][ T1916] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.3.10288: Error -117 reading block bitmap for 4 [ 1543.966530][ T1949] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 1544.168200][ T1951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10296'. [ 1544.245442][ T1951] netlink: 354 bytes leftover after parsing attributes in process `syz.0.10296'. [ 1544.574207][ T5179] ERROR: Out of memory at tomoyo_memory_ok. [ 1546.229822][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.236278][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.439660][ T1975] netlink: 252 bytes leftover after parsing attributes in process `syz.1.10303'. [ 1546.613865][ T1975] netlink: 252 bytes leftover after parsing attributes in process `syz.1.10303'. [ 1547.792749][ T1984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10307'. [ 1547.886605][ T1988] netlink: 25 bytes leftover after parsing attributes in process `syz.0.10307'. [ 1550.092881][ T2011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10313'. [ 1550.257854][ T2014] netlink: 25 bytes leftover after parsing attributes in process `syz.4.10313'. [ 1550.420053][ T2009] [U] ^\ [ 1551.194645][ T2023] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10315'. [ 1554.699185][ T2062] random: crng reseeded on system resumption [ 1555.023086][T16723] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 1555.316970][ T2069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10327'. [ 1556.068683][ T2073] zswap: compressor not available [ 1556.437422][ T2088] FAULT_INJECTION: forcing a failure. [ 1556.437422][ T2088] name failslab, interval 1, probability 0, space 0, times 0 [ 1556.545095][ T2088] CPU: 0 UID: 0 PID: 2088 Comm: syz.0.10331 Tainted: G L syzkaller #0 PREEMPT(full) [ 1556.545135][ T2088] Tainted: [L]=SOFTLOCKUP [ 1556.545144][ T2088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1556.545160][ T2088] Call Trace: [ 1556.545169][ T2088] [ 1556.545179][ T2088] dump_stack_lvl+0x100/0x190 [ 1556.545243][ T2088] should_fail_ex.cold+0x5/0xa [ 1556.545274][ T2088] should_failslab+0xc2/0x120 [ 1556.545304][ T2088] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1556.545340][ T2088] ? ipv4_mib_init_net+0x2ce/0x5b0 [ 1556.545391][ T2088] ipv4_mib_init_net+0x2ce/0x5b0 [ 1556.545422][ T2088] ? __pfx_igmp_net_init+0x10/0x10 [ 1556.545457][ T2088] ? __pfx_ipv4_mib_init_net+0x10/0x10 [ 1556.545489][ T2088] ops_init+0x1e2/0x5f0 [ 1556.545518][ T2088] setup_net+0x118/0x3a0 [ 1556.545545][ T2088] ? __pfx_setup_net+0x10/0x10 [ 1556.545568][ T2088] ? lockdep_init_map_type+0x5c/0x250 [ 1556.545613][ T2088] ? mutex_init_lockep+0x110/0x150 [ 1556.545654][ T2088] copy_net_ns+0x46f/0x7c0 [ 1556.545685][ T2088] create_new_namespaces+0x3ea/0xac0 [ 1556.545719][ T2088] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1556.545750][ T2088] ksys_unshare+0x473/0xad0 [ 1556.545784][ T2088] ? __pfx_ksys_unshare+0x10/0x10 [ 1556.545827][ T2088] __x64_sys_unshare+0x31/0x40 [ 1556.545859][ T2088] do_syscall_64+0x106/0xf80 [ 1556.545885][ T2088] ? clear_bhb_loop+0x40/0x90 [ 1556.545914][ T2088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1556.545940][ T2088] RIP: 0033:0x7fa8a139c819 [ 1556.545960][ T2088] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1556.545984][ T2088] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1556.546007][ T2088] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1556.546024][ T2088] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1556.546039][ T2088] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1556.546055][ T2088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1556.546070][ T2088] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1556.546101][ T2088] [ 1557.219235][ T2095] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10334'. [ 1557.390311][ T2098] FAULT_INJECTION: forcing a failure. [ 1557.390311][ T2098] name failslab, interval 1, probability 0, space 0, times 0 [ 1557.445993][ T2098] CPU: 0 UID: 0 PID: 2098 Comm: syz.1.10335 Tainted: G L syzkaller #0 PREEMPT(full) [ 1557.446032][ T2098] Tainted: [L]=SOFTLOCKUP [ 1557.446041][ T2098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1557.446057][ T2098] Call Trace: [ 1557.446065][ T2098] [ 1557.446074][ T2098] dump_stack_lvl+0x100/0x190 [ 1557.446117][ T2098] should_fail_ex.cold+0x5/0xa [ 1557.446150][ T2098] should_failslab+0xc2/0x120 [ 1557.446179][ T2098] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1557.446214][ T2098] ? alloc_ldt_struct+0x5d/0x1b0 [ 1557.446237][ T2098] ? __pfx_down_write_killable+0x10/0x10 [ 1557.446275][ T2098] alloc_ldt_struct+0x5d/0x1b0 [ 1557.446299][ T2098] write_ldt+0x62b/0xd40 [ 1557.446338][ T2098] ? __pfx_write_ldt+0x10/0x10 [ 1557.446384][ T2098] ? xfd_validate_state+0x129/0x190 [ 1557.446431][ T2098] __x64_sys_modify_ldt+0xb1/0x170 [ 1557.446460][ T2098] do_syscall_64+0x106/0xf80 [ 1557.446486][ T2098] ? clear_bhb_loop+0x40/0x90 [ 1557.446517][ T2098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1557.446543][ T2098] RIP: 0033:0x7ff1a3b9c819 [ 1557.446564][ T2098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1557.446590][ T2098] RSP: 002b:00007ff1a4b00028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1557.446614][ T2098] RAX: ffffffffffffffda RBX: 00007ff1a3e16090 RCX: 00007ff1a3b9c819 [ 1557.446643][ T2098] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000001 [ 1557.446659][ T2098] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1557.446675][ T2098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1557.446690][ T2098] R13: 00007ff1a3e16128 R14: 00007ff1a3e16090 R15: 00007fffd0f44018 [ 1557.446721][ T2098] [ 1557.976107][ T2104] cougar: G6 mapped to space [ 1559.690326][ T2121] netlink: 274 bytes leftover after parsing attributes in process `syz.0.10343'. [ 1560.005372][ T2127] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10345'. [ 1560.666142][ T2139] netlink: 330 bytes leftover after parsing attributes in process `syz.4.10350'. [ 1560.737727][ T2139] : renamed from bond_slave_0 [ 1560.770350][ T2139] netlink: 330 bytes leftover after parsing attributes in process `syz.4.10350'. [ 1562.767792][ T2169] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10360'. [ 1563.026157][ T2169] veth1_macvtap: left promiscuous mode [ 1565.206706][ T2196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10367'. [ 1565.274566][ T2199] netlink: 13 bytes leftover after parsing attributes in process `syz.3.10367'. [ 1565.860508][ T2209] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10370'. [ 1566.005207][ T2209] vlan1: entered promiscuous mode [ 1566.043656][ T2209] vlan1: entered allmulticast mode [ 1567.667469][ T2226] openvswitch: HfR: Dropping previously announced user features [ 1567.754240][ T2226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10374'. [ 1567.840645][ T2226] HfR: left promiscuous mode [ 1568.515694][ T2237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10377'. [ 1568.569410][ T2237] netlink: 13 bytes leftover after parsing attributes in process `syz.0.10377'. [ 1569.135280][ T2251] netlink: 186 bytes leftover after parsing attributes in process `syz.0.10379'. [ 1570.579749][ T2268] netlink: 354 bytes leftover after parsing attributes in process `syz.3.10386'. [ 1573.058436][ T2297] zswap: compressor not available [ 1573.388204][ T2314] netlink: 25 bytes leftover after parsing attributes in process `syz.3.10396'. [ 1574.659341][ T2325] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10398'. [ 1574.759333][ T2325] vlan1: entered promiscuous mode [ 1574.812192][ T2325] vlan1: entered allmulticast mode [ 1575.031451][ T2330] validate_nla: 56 callbacks suppressed [ 1575.031473][ T2330] netlink: 'syz.3.10401': attribute type 10 has an invalid length. [ 1575.198699][ T2330] netlink: 330 bytes leftover after parsing attributes in process `syz.3.10401'. [ 1576.303119][ T2348] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10409'. [ 1576.365947][T16723] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1576.392272][ T2348] netlink: 13 bytes leftover after parsing attributes in process `syz.1.10409'. [ 1576.493424][ T2350] futex_wake_op: syz.3.10410 tries to shift op by -2048; fix this program [ 1576.554024][ T2350] futex_wake_op: syz.3.10410 tries to shift op by -2048; fix this program [ 1577.781896][ T2374] ima: policy update failed [ 1577.863024][ T30] audit: type=1802 audit(2147483647.520:45): pid=2374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.10415" res=0 errno=0 [ 1578.514152][ T2381] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10418'. [ 1583.329705][ T2447] veth1_to_batadv: entered promiscuous mode [ 1583.374057][ T2447] veth1_to_batadv: left promiscuous mode [ 1583.880743][ T2455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10439'. [ 1583.973686][ T2455] netlink: 25 bytes leftover after parsing attributes in process `syz.0.10439'. [ 1583.990769][ T2463] netlink: 186 bytes leftover after parsing attributes in process `syz.1.10431'. [ 1584.439282][ T2469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10433'. [ 1584.484016][ T2471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10434'. [ 1584.584900][ T2471] netlink: 'syz.0.10434': attribute type 1 has an invalid length. [ 1584.592892][ T2471] netlink: 'syz.0.10434': attribute type 6 has an invalid length. [ 1584.716678][ T2481] FAULT_INJECTION: forcing a failure. [ 1584.716678][ T2481] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1584.857324][ T2481] CPU: 0 UID: 0 PID: 2481 Comm: syz.1.10435 Tainted: G L syzkaller #0 PREEMPT(full) [ 1584.857364][ T2481] Tainted: [L]=SOFTLOCKUP [ 1584.857373][ T2481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1584.857388][ T2481] Call Trace: [ 1584.857397][ T2481] [ 1584.857407][ T2481] dump_stack_lvl+0x100/0x190 [ 1584.857449][ T2481] should_fail_ex.cold+0x5/0xa [ 1584.857476][ T2481] ? page_copy_sane+0x17c/0x2d0 [ 1584.857509][ T2481] copy_folio_from_iter_atomic+0x427/0x1e70 [ 1584.857557][ T2481] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 1584.857593][ T2481] ? shmem_write_begin+0x1ba/0x420 [ 1584.857633][ T2481] ? __pfx_fault_in_readable+0x10/0x10 [ 1584.857660][ T2481] ? __pfx_shmem_write_begin+0x10/0x10 [ 1584.857702][ T2481] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1584.857738][ T2481] generic_perform_write+0x4cb/0xa40 [ 1584.857785][ T2481] ? __pfx_generic_perform_write+0x10/0x10 [ 1584.857822][ T2481] ? __mark_inode_dirty+0x55c/0x1790 [ 1584.857861][ T2481] ? mnt_put_write_access_file+0x4e/0x100 [ 1584.857888][ T2481] ? file_update_time_flags+0x373/0x500 [ 1584.857932][ T2481] shmem_file_write_iter+0x10e/0x140 [ 1584.857964][ T2481] vfs_write+0x6ac/0x1070 [ 1584.857989][ T2481] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1584.858021][ T2481] ? __pfx_vfs_write+0x10/0x10 [ 1584.858065][ T2481] ksys_write+0x12a/0x250 [ 1584.858089][ T2481] ? __pfx_ksys_write+0x10/0x10 [ 1584.858122][ T2481] do_syscall_64+0x106/0xf80 [ 1584.858149][ T2481] ? clear_bhb_loop+0x40/0x90 [ 1584.858179][ T2481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1584.858204][ T2481] RIP: 0033:0x7ff1a3b9c819 [ 1584.858224][ T2481] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1584.858249][ T2481] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1584.858272][ T2481] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1584.858289][ T2481] RDX: 00000000fffffdf1 RSI: 0000000000000000 RDI: 0000000000000003 [ 1584.858304][ T2481] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1584.858320][ T2481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1584.858335][ T2481] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1584.858366][ T2481] [ 1585.383001][ T2482] ima: policy update failed [ 1585.473873][ T30] audit: type=1802 audit(2147483655.060:46): pid=2482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.10436" res=0 errno=0 [ 1587.613772][ T2516] sd 0:0:1:0: PR command failed: 1026 [ 1587.687852][ T2516] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1587.885710][ T2516] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1589.234718][ T2535] netlink: 25 bytes leftover after parsing attributes in process `syz.4.10446'. [ 1589.660093][ T2537] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10449'. [ 1589.841878][ T30] audit: type=1800 audit(2147483659.500:47): pid=2542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.10448" name="discovery_nqn" dev="configfs" ino=219191 res=0 errno=0 [ 1592.456156][ T2575] ima: policy update failed [ 1592.626815][ T30] audit: type=1802 audit(2147483662.280:48): pid=2575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.10455" res=0 errno=0 [ 1593.604930][ T2582] netlink: 25 bytes leftover after parsing attributes in process `syz.3.10458'. [ 1597.645392][ T2642] netlink: 330 bytes leftover after parsing attributes in process `syz.3.10475'. [ 1598.303948][T16723] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1598.691166][ T2658] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10480'. [ 1598.739176][ T2661] FAULT_INJECTION: forcing a failure. [ 1598.739176][ T2661] name failslab, interval 1, probability 0, space 0, times 0 [ 1598.834987][ T2661] CPU: 0 UID: 0 PID: 2661 Comm: syz.0.10482 Tainted: G L syzkaller #0 PREEMPT(full) [ 1598.835028][ T2661] Tainted: [L]=SOFTLOCKUP [ 1598.835037][ T2661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1598.835057][ T2661] Call Trace: [ 1598.835066][ T2661] [ 1598.835076][ T2661] dump_stack_lvl+0x100/0x190 [ 1598.835133][ T2661] should_fail_ex.cold+0x5/0xa [ 1598.835163][ T2661] ? lsm_blob_alloc+0x68/0x90 [ 1598.835202][ T2661] should_failslab+0xc2/0x120 [ 1598.835231][ T2661] __kmalloc_noprof+0xe0/0x850 [ 1598.835271][ T2661] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1598.835306][ T2661] lsm_blob_alloc+0x68/0x90 [ 1598.835346][ T2661] security_sk_alloc+0x2d/0x290 [ 1598.835375][ T2661] sk_prot_alloc+0x1d1/0x2a0 [ 1598.835409][ T2661] sk_alloc+0x36/0xe80 [ 1598.835449][ T2661] inet6_create+0x385/0x12b0 [ 1598.835477][ T2661] ? inet6_create+0x7f/0x12b0 [ 1598.835511][ T2661] __sock_create+0x339/0x860 [ 1598.835550][ T2661] udp_sock_create6+0xc7/0x6a0 [ 1598.835578][ T2661] ? __pfx_udp_sock_create6+0x10/0x10 [ 1598.835609][ T2661] ? crng_make_state+0x477/0x6c0 [ 1598.835638][ T2661] ? lockdep_hardirqs_on+0x78/0x100 [ 1598.835665][ T2661] ? crng_make_state+0x2b0/0x6c0 [ 1598.835698][ T2661] rxrpc_open_socket+0x206/0x6b0 [ 1598.835795][ T2661] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1598.835852][ T2661] ? rcu_is_watching+0x12/0xc0 [ 1598.835899][ T2661] rxrpc_lookup_local+0xac7/0x1220 [ 1598.835940][ T2661] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1598.835982][ T2661] ? __local_bh_enable_ip+0x9e/0x120 [ 1598.836015][ T2661] rxrpc_sendmsg+0x34a/0x680 [ 1598.836058][ T2661] sock_write_iter+0x524/0x5a0 [ 1598.836089][ T2661] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 1598.836127][ T2661] ? __pfx_sock_write_iter+0x10/0x10 [ 1598.836185][ T2661] ? bpf_lsm_file_permission+0x9/0x10 [ 1598.836211][ T2661] ? security_file_permission+0x76/0x210 [ 1598.836258][ T2661] ? rw_verify_area+0xce/0x6d0 [ 1598.836301][ T2661] vfs_write+0x6ac/0x1070 [ 1598.836327][ T2661] ? __pfx_sock_write_iter+0x10/0x10 [ 1598.836368][ T2661] ? __pfx_vfs_write+0x10/0x10 [ 1598.836391][ T2661] ? find_held_lock+0x2b/0x80 [ 1598.836435][ T2661] ksys_write+0x1f8/0x250 [ 1598.836460][ T2661] ? __pfx_ksys_write+0x10/0x10 [ 1598.836494][ T2661] do_syscall_64+0x106/0xf80 [ 1598.836521][ T2661] ? clear_bhb_loop+0x40/0x90 [ 1598.836552][ T2661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1598.836579][ T2661] RIP: 0033:0x7fa8a139c819 [ 1598.836608][ T2661] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1598.836633][ T2661] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1598.836662][ T2661] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1598.836680][ T2661] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1598.836703][ T2661] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1598.836719][ T2661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1598.836734][ T2661] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1598.836768][ T2661] [ 1599.976751][ T2675] netlink: 'syz.3.10485': attribute type 29 has an invalid length. [ 1600.019881][ T2675] netlink: 'syz.3.10485': attribute type 30 has an invalid length. [ 1600.053421][ T2675] netlink: 'syz.3.10485': attribute type 31 has an invalid length. [ 1600.061361][ T2675] netlink: 'syz.3.10485': attribute type 32 has an invalid length. [ 1600.123532][ T2675] netlink: 'syz.3.10485': attribute type 33 has an invalid length. [ 1600.163439][ T2675] netlink: 'syz.3.10485': attribute type 35 has an invalid length. [ 1600.203864][ T2675] netlink: 'syz.3.10485': attribute type 37 has an invalid length. [ 1600.225901][ T2675] netlink: 18 bytes leftover after parsing attributes in process `syz.3.10485'. [ 1602.424187][ T2707] FAULT_INJECTION: forcing a failure. [ 1602.424187][ T2707] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.554115][ T2707] CPU: 0 UID: 0 PID: 2707 Comm: syz.0.10493 Tainted: G L syzkaller #0 PREEMPT(full) [ 1602.554165][ T2707] Tainted: [L]=SOFTLOCKUP [ 1602.554175][ T2707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1602.554190][ T2707] Call Trace: [ 1602.554199][ T2707] [ 1602.554208][ T2707] dump_stack_lvl+0x100/0x190 [ 1602.554253][ T2707] should_fail_ex.cold+0x5/0xa [ 1602.554284][ T2707] should_failslab+0xc2/0x120 [ 1602.554313][ T2707] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1602.554353][ T2707] ? security_inode_alloc+0x3b/0x2c0 [ 1602.554383][ T2707] ? lockdep_init_map_type+0x5c/0x250 [ 1602.554430][ T2707] security_inode_alloc+0x3b/0x2c0 [ 1602.554630][ T2707] inode_init_always_gfp+0xced/0x1040 [ 1602.554668][ T2707] alloc_inode+0x8e/0x250 [ 1602.554705][ T2707] path_from_stashed+0x25b/0x750 [ 1602.554734][ T2707] ? do_raw_spin_unlock+0x145/0x1e0 [ 1602.554780][ T2707] ns_get_path+0x60/0x80 [ 1602.554809][ T2707] proc_ns_get_link+0x121/0x230 [ 1602.554848][ T2707] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1602.554890][ T2707] ? atime_needs_update+0x8b/0x6b0 [ 1602.554931][ T2707] pick_link+0xd17/0x13c0 [ 1602.554970][ T2707] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1602.555012][ T2707] step_into_slowpath+0x9ba/0xf90 [ 1602.555059][ T2707] ? __pfx_step_into_slowpath+0x10/0x10 [ 1602.555101][ T2707] ? __pfx___up_read+0x10/0x10 [ 1602.555140][ T2707] ? path_openat+0x1508/0x31a0 [ 1602.555169][ T2707] ? lookup_fast+0x2da/0x600 [ 1602.555212][ T2707] path_openat+0xf95/0x31a0 [ 1602.555249][ T2707] ? __pfx_path_openat+0x10/0x10 [ 1602.555291][ T2707] do_file_open+0x20e/0x430 [ 1602.555323][ T2707] ? __pfx_do_file_open+0x10/0x10 [ 1602.555372][ T2707] ? alloc_fd+0x476/0x790 [ 1602.555429][ T2707] ? do_getname+0x191/0x390 [ 1602.555466][ T2707] do_sys_openat2+0x10d/0x1e0 [ 1602.555504][ T2707] ? __pfx_do_sys_openat2+0x10/0x10 [ 1602.555543][ T2707] ? __fget_files+0x21f/0x3d0 [ 1602.555575][ T2707] __x64_sys_openat+0x12d/0x210 [ 1602.555614][ T2707] ? __pfx___x64_sys_openat+0x10/0x10 [ 1602.555662][ T2707] do_syscall_64+0x106/0xf80 [ 1602.555690][ T2707] ? clear_bhb_loop+0x40/0x90 [ 1602.555722][ T2707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.555749][ T2707] RIP: 0033:0x7fa8a139c819 [ 1602.555771][ T2707] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1602.555797][ T2707] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1602.555822][ T2707] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1602.555840][ T2707] RDX: 0000000000000080 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 1602.555857][ T2707] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1602.555874][ T2707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1602.555889][ T2707] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1602.555923][ T2707] [ 1605.871956][ T2736] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1605.878369][ T2736] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1605.901569][ T2736] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1605.982579][ T2736] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1606.037823][ T2736] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1606.121624][ T2742] netlink: 186 bytes leftover after parsing attributes in process `syz.1.10500'. [ 1607.343641][T16723] Bluetooth: hci0: command 0x0406 tx timeout [ 1607.669921][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.676587][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.908497][T16723] Bluetooth: hci3: command 0x0c1a tx timeout [ 1607.989487][T16723] Bluetooth: hci1: command 0x0c1a tx timeout [ 1608.071890][T16723] Bluetooth: hci2: command 0x0c1a tx timeout [ 1609.278125][ T2785] netlink: 9 bytes leftover after parsing attributes in process `syz.1.10510'. [ 1609.983844][T16723] Bluetooth: hci3: command 0x0c1a tx timeout [ 1610.832890][ T2808] netlink: 25 bytes leftover after parsing attributes in process `syz.3.10516'. [ 1612.010419][ T2819] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 1613.274758][ T2854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10521'. [ 1616.487184][ T2903] netlink: 330 bytes leftover after parsing attributes in process `syz.1.10529'. [ 1617.725146][ T2915] zswap: compressor not available [ 1618.046669][ T2932] netlink: 'syz.1.10533': attribute type 2 has an invalid length. [ 1618.134181][ T2932] netlink: 5 bytes leftover after parsing attributes in process `syz.1.10533'. [ 1618.562798][ T2936] futex_wake_op: syz.0.10536 tries to shift op by -2048; fix this program [ 1618.633890][ T2936] futex_wake_op: syz.0.10536 tries to shift op by -2048; fix this program [ 1620.667261][ T2956] ERROR: Out of memory at tomoyo_memory_ok. [ 1621.844663][ T2975] bond0: invalid ARP target specified [ 1621.917887][ T2975] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10548'. [ 1622.004175][ T2975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1622.073502][ T2975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1627.491877][ T3020] netlink: 330 bytes leftover after parsing attributes in process `syz.3.10560'. [ 1628.863516][ T3037] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1628.926271][ T3046] FAULT_INJECTION: forcing a failure. [ 1628.926271][ T3046] name failslab, interval 1, probability 0, space 0, times 0 [ 1628.948227][ T3037] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1629.026454][ T3046] CPU: 0 UID: 0 PID: 3046 Comm: syz.1.10566 Tainted: G L syzkaller #0 PREEMPT(full) [ 1629.026495][ T3046] Tainted: [L]=SOFTLOCKUP [ 1629.026505][ T3046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1629.026521][ T3046] Call Trace: [ 1629.026529][ T3046] [ 1629.026539][ T3046] dump_stack_lvl+0x100/0x190 [ 1629.026584][ T3046] should_fail_ex.cold+0x5/0xa [ 1629.026614][ T3046] ? lsm_blob_alloc+0x68/0x90 [ 1629.026653][ T3046] should_failslab+0xc2/0x120 [ 1629.026682][ T3046] __kmalloc_noprof+0xe0/0x850 [ 1629.026722][ T3046] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1629.026757][ T3046] lsm_blob_alloc+0x68/0x90 [ 1629.026797][ T3046] security_sk_alloc+0x2d/0x290 [ 1629.026827][ T3046] sk_prot_alloc+0x1d1/0x2a0 [ 1629.026861][ T3046] sk_alloc+0x36/0xe80 [ 1629.026902][ T3046] inet6_create+0x385/0x12b0 [ 1629.026930][ T3046] ? inet6_create+0x7f/0x12b0 [ 1629.026958][ T3046] __sock_create+0x339/0x860 [ 1629.026997][ T3046] udp_sock_create6+0xc7/0x6a0 [ 1629.027025][ T3046] ? __pfx_udp_sock_create6+0x10/0x10 [ 1629.027057][ T3046] ? crng_make_state+0x477/0x6c0 [ 1629.027086][ T3046] ? lockdep_hardirqs_on+0x78/0x100 [ 1629.027114][ T3046] ? crng_make_state+0x2b0/0x6c0 [ 1629.027147][ T3046] rxrpc_open_socket+0x206/0x6b0 [ 1629.027203][ T3046] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1629.027251][ T3046] ? rcu_is_watching+0x12/0xc0 [ 1629.027295][ T3046] rxrpc_lookup_local+0xac7/0x1220 [ 1629.027335][ T3046] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1629.027371][ T3046] ? __local_bh_enable_ip+0x9e/0x120 [ 1629.027403][ T3046] rxrpc_sendmsg+0x34a/0x680 [ 1629.027445][ T3046] sock_write_iter+0x524/0x5a0 [ 1629.027475][ T3046] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 1629.027512][ T3046] ? __pfx_sock_write_iter+0x10/0x10 [ 1629.027553][ T3046] ? bpf_lsm_file_permission+0x9/0x10 [ 1629.027577][ T3046] ? security_file_permission+0x76/0x210 [ 1629.027612][ T3046] ? rw_verify_area+0xce/0x6d0 [ 1629.027672][ T3046] vfs_write+0x6ac/0x1070 [ 1629.027698][ T3046] ? __pfx_sock_write_iter+0x10/0x10 [ 1629.027733][ T3046] ? __pfx_vfs_write+0x10/0x10 [ 1629.027756][ T3046] ? find_held_lock+0x2b/0x80 [ 1629.027800][ T3046] ksys_write+0x1f8/0x250 [ 1629.027825][ T3046] ? __pfx_ksys_write+0x10/0x10 [ 1629.027858][ T3046] do_syscall_64+0x106/0xf80 [ 1629.027885][ T3046] ? clear_bhb_loop+0x40/0x90 [ 1629.027916][ T3046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1629.027943][ T3046] RIP: 0033:0x7ff1a3b9c819 [ 1629.027964][ T3046] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1629.027989][ T3046] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1629.028012][ T3046] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1629.028030][ T3046] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1629.028045][ T3046] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1629.028065][ T3046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1629.028080][ T3046] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1629.028113][ T3046] [ 1629.683978][ T3037] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1629.690066][ T3037] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1630.035411][ T3050] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1630.945329][T24979] Bluetooth: hci3: command 0x0c1a tx timeout [ 1630.951403][T16723] Bluetooth: hci0: command 0x0406 tx timeout [ 1631.829591][T24979] Bluetooth: hci2: command 0x0c1a tx timeout [ 1631.836449][T16723] Bluetooth: hci1: command 0x0c1a tx timeout [ 1632.028287][ T3076] ERROR: Out of memory at tomoyo_memory_ok. [ 1633.657649][ T3094] ERROR: Out of memory at tomoyo_memory_ok. [ 1636.161430][ T3094] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1636.393853][ T3117] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1639.067619][ T30] audit: type=1326 audit(2147483708.730:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3143 comm="syz.1.10594" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff1a3b9c819 code=0x0 [ 1641.708855][ T3175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10603'. [ 1641.858627][ T3189] HfR: entered promiscuous mode [ 1642.075532][ T3175] i: entered promiscuous mode [ 1643.000396][T24979] Bluetooth: hci0: unexpected event 0x09 length: 435 > 3 [ 1643.371362][ T3207] ERROR: Out of memory at tomoyo_memory_ok. [ 1644.227366][ T3213] FAULT_INJECTION: forcing a failure. [ 1644.227366][ T3213] name failslab, interval 1, probability 0, space 0, times 0 [ 1644.473472][ T3213] CPU: 0 UID: 0 PID: 3213 Comm: syz.1.10613 Tainted: G L syzkaller #0 PREEMPT(full) [ 1644.473514][ T3213] Tainted: [L]=SOFTLOCKUP [ 1644.473524][ T3213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1644.473539][ T3213] Call Trace: [ 1644.473549][ T3213] [ 1644.473559][ T3213] dump_stack_lvl+0x100/0x190 [ 1644.473603][ T3213] should_fail_ex.cold+0x5/0xa [ 1644.473636][ T3213] should_failslab+0xc2/0x120 [ 1644.473665][ T3213] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1644.473701][ T3213] ? pty_common_install+0x10e/0xb30 [ 1644.473744][ T3213] pty_common_install+0x10e/0xb30 [ 1644.473785][ T3213] ? __pfx_pty_unix98_install+0x10/0x10 [ 1644.473836][ T3213] tty_init_dev.part.0+0x9e/0x470 [ 1644.473873][ T3213] tty_init_dev+0x60/0x80 [ 1644.473899][ T3213] ptmx_open+0x15e/0x3c0 [ 1644.473933][ T3213] ? __pfx_ptmx_open+0x10/0x10 [ 1644.473966][ T3213] chrdev_open+0x234/0x6a0 [ 1644.473993][ T3213] ? __pfx_apparmor_file_open+0x10/0x10 [ 1644.474021][ T3213] ? __pfx_chrdev_open+0x10/0x10 [ 1644.474050][ T3213] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1644.474084][ T3213] do_dentry_open+0x6d8/0x1660 [ 1644.474110][ T3213] ? __pfx_chrdev_open+0x10/0x10 [ 1644.474143][ T3213] vfs_open+0x82/0x3f0 [ 1644.474179][ T3213] path_openat+0x208c/0x31a0 [ 1644.474215][ T3213] ? __pfx_path_openat+0x10/0x10 [ 1644.474253][ T3213] do_file_open+0x20e/0x430 [ 1644.474282][ T3213] ? __pfx_do_file_open+0x10/0x10 [ 1644.474330][ T3213] ? alloc_fd+0x476/0x790 [ 1644.474359][ T3213] ? do_getname+0x191/0x390 [ 1644.474394][ T3213] do_sys_openat2+0x10d/0x1e0 [ 1644.474428][ T3213] ? __pfx_do_sys_openat2+0x10/0x10 [ 1644.474465][ T3213] ? __fget_files+0x21f/0x3d0 [ 1644.474499][ T3213] __x64_sys_openat+0x12d/0x210 [ 1644.474534][ T3213] ? __pfx___x64_sys_openat+0x10/0x10 [ 1644.474580][ T3213] do_syscall_64+0x106/0xf80 [ 1644.474606][ T3213] ? clear_bhb_loop+0x40/0x90 [ 1644.474636][ T3213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1644.474661][ T3213] RIP: 0033:0x7ff1a3b9c819 [ 1644.474682][ T3213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1644.474706][ T3213] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1644.474730][ T3213] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1644.474746][ T3213] RDX: 0000000000088000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1644.474762][ T3213] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1644.474777][ T3213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1644.474792][ T3213] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1644.474824][ T3213] [ 1646.550727][ T3249] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10623'. [ 1651.173753][ T3284] random: crng reseeded on system resumption [ 1653.975025][ T3315] netlink: 202 bytes leftover after parsing attributes in process `syz.4.10639'. [ 1654.727265][ T3320] ERROR: Out of memory at tomoyo_memory_ok. [ 1654.766019][ T3317] sp0: Synchronizing with TNC [ 1654.867566][ T3322] random: crng reseeded on system resumption [ 1656.520916][ T3337] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1658.470953][ T3356] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10652'. [ 1659.007319][ T3362] FAULT_INJECTION: forcing a failure. [ 1659.007319][ T3362] name failslab, interval 1, probability 0, space 0, times 0 [ 1659.086290][ T3362] CPU: 0 UID: 0 PID: 3362 Comm: syz.1.10654 Tainted: G L syzkaller #0 PREEMPT(full) [ 1659.086332][ T3362] Tainted: [L]=SOFTLOCKUP [ 1659.086342][ T3362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1659.086358][ T3362] Call Trace: [ 1659.086366][ T3362] [ 1659.086376][ T3362] dump_stack_lvl+0x100/0x190 [ 1659.086421][ T3362] should_fail_ex.cold+0x5/0xa [ 1659.086452][ T3362] ? lsm_blob_alloc+0x68/0x90 [ 1659.086491][ T3362] should_failslab+0xc2/0x120 [ 1659.086520][ T3362] __kmalloc_noprof+0xe0/0x850 [ 1659.086561][ T3362] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1659.086595][ T3362] lsm_blob_alloc+0x68/0x90 [ 1659.086645][ T3362] security_sk_alloc+0x2d/0x290 [ 1659.086675][ T3362] sk_prot_alloc+0x1d1/0x2a0 [ 1659.086708][ T3362] sk_alloc+0x36/0xe80 [ 1659.086749][ T3362] inet6_create+0x385/0x12b0 [ 1659.086776][ T3362] ? inet6_create+0x7f/0x12b0 [ 1659.086806][ T3362] __sock_create+0x339/0x860 [ 1659.086844][ T3362] udp_sock_create6+0xc7/0x6a0 [ 1659.086872][ T3362] ? __pfx_udp_sock_create6+0x10/0x10 [ 1659.086903][ T3362] ? crng_make_state+0x477/0x6c0 [ 1659.086932][ T3362] ? lockdep_hardirqs_on+0x78/0x100 [ 1659.086964][ T3362] ? crng_make_state+0x2b0/0x6c0 [ 1659.086997][ T3362] rxrpc_open_socket+0x206/0x6b0 [ 1659.087033][ T3362] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1659.087082][ T3362] ? rcu_is_watching+0x12/0xc0 [ 1659.087128][ T3362] rxrpc_lookup_local+0xac7/0x1220 [ 1659.087168][ T3362] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1659.087206][ T3362] ? __local_bh_enable_ip+0x9e/0x120 [ 1659.087240][ T3362] rxrpc_sendmsg+0x34a/0x680 [ 1659.087282][ T3362] sock_write_iter+0x524/0x5a0 [ 1659.087313][ T3362] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 1659.087352][ T3362] ? __pfx_sock_write_iter+0x10/0x10 [ 1659.087395][ T3362] ? bpf_lsm_file_permission+0x9/0x10 [ 1659.087420][ T3362] ? security_file_permission+0x76/0x210 [ 1659.087469][ T3362] ? rw_verify_area+0xce/0x6d0 [ 1659.087509][ T3362] vfs_write+0x6ac/0x1070 [ 1659.087534][ T3362] ? __pfx_sock_write_iter+0x10/0x10 [ 1659.087568][ T3362] ? __pfx_vfs_write+0x10/0x10 [ 1659.087590][ T3362] ? find_held_lock+0x2b/0x80 [ 1659.087638][ T3362] ksys_write+0x1f8/0x250 [ 1659.087662][ T3362] ? __pfx_ksys_write+0x10/0x10 [ 1659.087695][ T3362] do_syscall_64+0x106/0xf80 [ 1659.087721][ T3362] ? clear_bhb_loop+0x40/0x90 [ 1659.087751][ T3362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1659.087777][ T3362] RIP: 0033:0x7ff1a3b9c819 [ 1659.087798][ T3362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1659.087823][ T3362] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1659.087847][ T3362] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1659.087864][ T3362] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1659.087879][ T3362] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1659.087894][ T3362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1659.087909][ T3362] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1659.087940][ T3362] [ 1659.804029][ T3367] random: crng reseeded on system resumption [ 1660.524772][ T3373] FAULT_INJECTION: forcing a failure. [ 1660.524772][ T3373] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.603711][ T3373] CPU: 0 UID: 0 PID: 3373 Comm: syz.1.10656 Tainted: G L syzkaller #0 PREEMPT(full) [ 1660.603752][ T3373] Tainted: [L]=SOFTLOCKUP [ 1660.603762][ T3373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1660.603777][ T3373] Call Trace: [ 1660.603786][ T3373] [ 1660.603797][ T3373] dump_stack_lvl+0x100/0x190 [ 1660.603842][ T3373] should_fail_ex.cold+0x5/0xa [ 1660.603872][ T3373] should_failslab+0xc2/0x120 [ 1660.603901][ T3373] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1660.603937][ T3373] ? tomoyo_init_log+0x1a0/0x20c0 [ 1660.603980][ T3373] tomoyo_init_log+0x1a0/0x20c0 [ 1660.604017][ T3373] ? __pfx_format_decode+0x10/0x10 [ 1660.604059][ T3373] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1660.604092][ T3373] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1660.604137][ T3373] tomoyo_write_log2+0x2ed/0xbc0 [ 1660.604179][ T3373] tomoyo_supervisor+0x15e/0x1340 [ 1660.604209][ T3373] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1660.604247][ T3373] ? kasan_quarantine_put+0x104/0x240 [ 1660.604291][ T3373] ? tomoyo_check_path_acl+0x141/0x210 [ 1660.604324][ T3373] ? tomoyo_check_acl+0x1f7/0x410 [ 1660.604355][ T3373] tomoyo_path_permission+0x270/0x3b0 [ 1660.604389][ T3373] tomoyo_check_open_permission+0x37f/0x3c0 [ 1660.604423][ T3373] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1660.604484][ T3373] ? do_raw_spin_lock+0x128/0x260 [ 1660.604536][ T3373] ? path_get+0x61/0x80 [ 1660.604570][ T3373] tomoyo_file_open+0x6b/0x90 [ 1660.604595][ T3373] security_file_open+0xb5/0x1e0 [ 1660.604633][ T3373] do_dentry_open+0x5aa/0x1660 [ 1660.604662][ T3373] ? security_inode_permission+0xbf/0x250 [ 1660.604699][ T3373] vfs_open+0x82/0x3f0 [ 1660.604737][ T3373] path_openat+0x208c/0x31a0 [ 1660.604775][ T3373] ? __pfx_path_openat+0x10/0x10 [ 1660.604814][ T3373] do_file_open+0x20e/0x430 [ 1660.604844][ T3373] ? __pfx_do_file_open+0x10/0x10 [ 1660.604893][ T3373] ? alloc_fd+0x476/0x790 [ 1660.604922][ T3373] ? do_getname+0x191/0x390 [ 1660.604959][ T3373] do_sys_openat2+0x10d/0x1e0 [ 1660.604994][ T3373] ? __pfx_do_sys_openat2+0x10/0x10 [ 1660.605032][ T3373] ? __pfx_sched_core_share_pid+0x10/0x10 [ 1660.605069][ T3373] __x64_sys_openat+0x12d/0x210 [ 1660.605106][ T3373] ? __pfx___x64_sys_openat+0x10/0x10 [ 1660.605153][ T3373] do_syscall_64+0x106/0xf80 [ 1660.605192][ T3373] ? clear_bhb_loop+0x40/0x90 [ 1660.605222][ T3373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1660.605248][ T3373] RIP: 0033:0x7ff1a3b9c819 [ 1660.605268][ T3373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1660.605292][ T3373] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1660.605317][ T3373] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1660.605356][ T3373] RDX: 0000000000088000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1660.605372][ T3373] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1660.605389][ T3373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1660.605404][ T3373] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1660.605437][ T3373] [ 1661.806878][ T3377] FAULT_INJECTION: forcing a failure. [ 1661.806878][ T3377] name failslab, interval 1, probability 0, space 0, times 0 [ 1661.840840][ T3377] CPU: 0 UID: 0 PID: 3377 Comm: syz.1.10657 Tainted: G L syzkaller #0 PREEMPT(full) [ 1661.840881][ T3377] Tainted: [L]=SOFTLOCKUP [ 1661.840903][ T3377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1661.840919][ T3377] Call Trace: [ 1661.840928][ T3377] [ 1661.840937][ T3377] dump_stack_lvl+0x100/0x190 [ 1661.840979][ T3377] should_fail_ex.cold+0x5/0xa [ 1661.841010][ T3377] should_failslab+0xc2/0x120 [ 1661.841038][ T3377] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1661.841073][ T3377] ? create_filter_start.constprop.0+0x81/0x310 [ 1661.841115][ T3377] ? rcu_is_watching+0x12/0xc0 [ 1661.841178][ T3377] create_filter_start.constprop.0+0x81/0x310 [ 1661.841225][ T3377] create_filter+0xb5/0x210 [ 1661.841267][ T3377] ? __pfx_create_filter+0x10/0x10 [ 1661.841311][ T3377] ? find_held_lock+0x2b/0x80 [ 1661.841340][ T3377] apply_event_filter+0x220/0x500 [ 1661.841383][ T3377] ? __pfx_apply_event_filter+0x10/0x10 [ 1661.841442][ T3377] event_filter_write+0x16d/0x290 [ 1661.841476][ T3377] vfs_write+0x2aa/0x1070 [ 1661.841502][ T3377] ? __pfx_event_filter_write+0x10/0x10 [ 1661.841536][ T3377] ? __pfx_vfs_write+0x10/0x10 [ 1661.841572][ T3377] ? __fget_files+0x215/0x3d0 [ 1661.841604][ T3377] ? __fget_files+0x21f/0x3d0 [ 1661.841636][ T3377] ksys_write+0x12a/0x250 [ 1661.841660][ T3377] ? __pfx_ksys_write+0x10/0x10 [ 1661.841693][ T3377] do_syscall_64+0x106/0xf80 [ 1661.841719][ T3377] ? clear_bhb_loop+0x40/0x90 [ 1661.841748][ T3377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1661.841773][ T3377] RIP: 0033:0x7ff1a3b9c819 [ 1661.841794][ T3377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1661.841818][ T3377] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1661.841841][ T3377] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1661.841858][ T3377] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1661.841873][ T3377] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1661.841888][ T3377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1661.841903][ T3377] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1661.841936][ T3377] [ 1666.019677][ T3429] ERROR: Out of memory at tomoyo_memory_ok. [ 1666.893387][ T30] audit: type=1804 audit(2147483736.540:50): pid=3438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.10671" name="/newroot/2743/file0" dev="tmpfs" ino=14073 res=1 errno=0 [ 1667.053407][ T30] audit: type=1804 audit(2147483736.620:51): pid=3439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.10671" name="/newroot/2743/file0" dev="tmpfs" ino=14073 res=1 errno=0 [ 1667.522439][ T3449] sp0: Synchronizing with TNC [ 1667.775192][ T3453] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10676'. [ 1667.832091][ T3455] netlink: 354 bytes leftover after parsing attributes in process `syz.4.10676'. [ 1668.389584][ T3463] mkiss: ax0: crc mode is auto. [ 1668.647439][ T3466] mkiss: ax0: crc mode is auto. [ 1669.115168][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.122128][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.756178][ T3491] netlink: 306 bytes leftover after parsing attributes in process `syz.3.10685'. [ 1670.815719][ T3497] can: request_module (can-proto-5) failed. [ 1672.182342][ T3509] netlink: 354 bytes leftover after parsing attributes in process `syz.4.10691'. [ 1672.390072][ T3512] vivid-007: ================= START STATUS ================= [ 1672.472248][ T3512] vivid-007: Generate PTS: true [ 1672.497606][ T3512] vivid-007: Generate SCR: true [ 1672.549339][ T3512] tpg source WxH: 320x240 (Y'CbCr) [ 1672.581974][ T3512] tpg field: 1 [ 1672.634097][ T3512] tpg crop: (0,0)/320x240 [ 1672.720265][ T3512] tpg compose: (0,0)/320x240 [ 1672.793181][ T3512] tpg colorspace: 8 [ 1672.854060][ T3512] tpg transfer function: 0/0 [ 1672.935575][ T3512] tpg Y'CbCr encoding: 0/0 [ 1672.940044][ T3512] tpg quantization: 0/0 [ 1673.094687][ T3512] tpg RGB range: 0/2 [ 1673.098624][ T3512] vivid-007: ================== END STATUS ================== [ 1673.243033][ T3000] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1673.578723][ T3521] FAULT_INJECTION: forcing a failure. [ 1673.578723][ T3521] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1673.784295][ T3521] CPU: 0 UID: 0 PID: 3521 Comm: syz.0.10696 Tainted: G L syzkaller #0 PREEMPT(full) [ 1673.784332][ T3521] Tainted: [L]=SOFTLOCKUP [ 1673.784340][ T3521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1673.784355][ T3521] Call Trace: [ 1673.784368][ T3521] [ 1673.784376][ T3521] dump_stack_lvl+0x100/0x190 [ 1673.784417][ T3521] should_fail_ex.cold+0x5/0xa [ 1673.784440][ T3521] ? prepare_alloc_pages+0x16d/0x5f0 [ 1673.784470][ T3521] should_fail_alloc_page+0xeb/0x140 [ 1673.784498][ T3521] prepare_alloc_pages+0x1f0/0x5f0 [ 1673.784531][ T3521] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1673.784573][ T3521] ? rcu_is_watching+0x12/0xc0 [ 1673.784610][ T3521] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1673.784638][ T3521] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1673.784680][ T3521] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1673.784737][ T3521] ? stack_trace_save+0x8e/0xc0 [ 1673.784764][ T3521] ? stack_depot_save_flags+0x27/0x9d0 [ 1673.784811][ T3521] ? __lock_acquire+0x4a5/0x2630 [ 1673.784863][ T3521] ? kasan_save_stack+0x3f/0x50 [ 1673.784885][ T3521] ? kasan_save_track+0x14/0x30 [ 1673.784907][ T3521] ? __kasan_slab_free+0x5f/0x80 [ 1673.784930][ T3521] ? kmem_cache_free+0x124/0x6a0 [ 1673.784964][ T3521] ? pcpu_get_vm_areas+0x21c0/0x55d0 [ 1673.784990][ T3521] ? pcpu_create_chunk+0x254/0x730 [ 1673.785027][ T3521] ? pcpu_alloc_noprof+0x18c4/0x1c50 [ 1673.785065][ T3521] ? bpf_map_alloc_percpu+0x9a/0xf0 [ 1673.785089][ T3521] ? htab_map_alloc+0x1054/0x14e0 [ 1673.785111][ T3521] ? map_create+0x84e/0x2ba0 [ 1673.785134][ T3521] ? __sys_bpf+0x2091/0x4b90 [ 1673.785170][ T3521] alloc_pages_bulk_noprof+0x782/0x1490 [ 1673.785221][ T3521] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1673.785273][ T3521] ? alloc_pages_noprof+0x238/0x390 [ 1673.785303][ T3521] __kasan_populate_vmalloc+0xf0/0x210 [ 1673.785349][ T3521] pcpu_get_vm_areas+0x2df1/0x55d0 [ 1673.785413][ T3521] ? __pfx_pcpu_get_vm_areas+0x10/0x10 [ 1673.785449][ T3521] pcpu_create_chunk+0x254/0x730 [ 1673.785489][ T3521] pcpu_alloc_noprof+0x18c4/0x1c50 [ 1673.785541][ T3521] bpf_map_alloc_percpu+0x9a/0xf0 [ 1673.785567][ T3521] ? __pfx_bpf_map_alloc_percpu+0x10/0x10 [ 1673.785595][ T3521] ? __pfx___might_resched+0x10/0x10 [ 1673.785633][ T3521] ? __bpf_map_area_alloc+0x13a/0x200 [ 1673.785669][ T3521] htab_map_alloc+0x1054/0x14e0 [ 1673.785698][ T3521] ? ns_capable+0xd2/0xf0 [ 1673.785723][ T3521] ? __pfx_htab_map_mem_usage+0x10/0x10 [ 1673.785748][ T3521] map_create+0x84e/0x2ba0 [ 1673.785770][ T3521] ? futex_unqueue+0x13d/0x2c0 [ 1673.785803][ T3521] ? __futex_wait+0x256/0x300 [ 1673.785849][ T3521] ? __pfx_map_create+0x10/0x10 [ 1673.785873][ T3521] ? __might_fault+0xc5/0x140 [ 1673.785909][ T3521] ? __might_fault+0xc5/0x140 [ 1673.785956][ T3521] __sys_bpf+0x2091/0x4b90 [ 1673.785989][ T3521] ? __pfx___sys_bpf+0x10/0x10 [ 1673.786019][ T3521] ? __pfx_futex_wait+0x10/0x10 [ 1673.786064][ T3521] ? do_writev+0x214/0x340 [ 1673.786093][ T3521] ? do_futex+0x192/0x350 [ 1673.786142][ T3521] ? xfd_validate_state+0x129/0x190 [ 1673.786197][ T3521] __x64_sys_bpf+0x7b/0xc0 [ 1673.786225][ T3521] ? lockdep_hardirqs_on+0x78/0x100 [ 1673.786250][ T3521] do_syscall_64+0x106/0xf80 [ 1673.786274][ T3521] ? clear_bhb_loop+0x40/0x90 [ 1673.786302][ T3521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1673.786326][ T3521] RIP: 0033:0x7fa8a139c819 [ 1673.786345][ T3521] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1673.786380][ T3521] RSP: 002b:00007fa8a2202028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1673.786403][ T3521] RAX: ffffffffffffffda RBX: 00007fa8a1616090 RCX: 00007fa8a139c819 [ 1673.786419][ T3521] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 1673.786434][ T3521] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1673.786450][ T3521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1673.786465][ T3521] R13: 00007fa8a1616128 R14: 00007fa8a1616090 R15: 00007ffe00a242c8 [ 1673.786494][ T3521] [ 1676.644928][ T3534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10700'. [ 1676.732528][ T3534] netlink: 25 bytes leftover after parsing attributes in process `syz.0.10700'. [ 1677.345231][ T3544] ERROR: Out of memory at tomoyo_memory_ok. [ 1677.787286][ T3549] vivid-007: ================= START STATUS ================= [ 1677.833835][ T3549] vivid-007: Generate PTS: true [ 1677.865267][ T3549] vivid-007: Generate SCR: true [ 1677.899168][ T3549] tpg source WxH: 320x240 (Y'CbCr) [ 1677.927704][ T3555] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10706'. [ 1677.954155][ T3549] tpg field: 1 [ 1677.975498][ T3549] tpg crop: (0,0)/320x240 [ 1677.979981][ T3549] tpg compose: (0,0)/320x240 [ 1678.008918][ T3555] netlink: 13 bytes leftover after parsing attributes in process `syz.3.10706'. [ 1678.063831][ T3549] tpg colorspace: 8 [ 1678.067681][ T3549] tpg transfer function: 0/0 [ 1678.072287][ T3549] tpg Y'CbCr encoding: 0/0 [ 1678.149933][ T3549] tpg quantization: 0/0 [ 1678.168871][ T3549] tpg RGB range: 0/2 [ 1678.202338][ T3549] vivid-007: ================== END STATUS ================== [ 1679.429699][T24979] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 1680.677884][ T3601] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10717'. [ 1680.737269][ T3601] netlink: 25 bytes leftover after parsing attributes in process `syz.1.10717'. [ 1683.405206][ T3632] netlink: 186 bytes leftover after parsing attributes in process `syz.4.10723'. [ 1684.798302][ T3651] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10729'. [ 1684.904697][ T3651] netlink: 25 bytes leftover after parsing attributes in process `syz.3.10729'. [ 1688.688853][ T3694] ERROR: Out of memory at tomoyo_memory_ok. [ 1690.574483][ T3716] netlink: 'syz.0.10742': attribute type 1 has an invalid length. [ 1690.677496][ T3716] netlink: 9 bytes leftover after parsing attributes in process `syz.0.10742'. [ 1691.627603][ T3734] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10746'. [ 1692.107012][ T3734] smc: removing net device dummy0 with user defined pnetid DUMMY0 [ 1692.927248][ T3742] vivid-007: ================= START STATUS ================= [ 1693.059526][ T3742] vivid-007: Generate PTS: true [ 1693.207849][ T3742] vivid-007: Generate SCR: true [ 1693.212774][ T3742] tpg source WxH: 320x240 (Y'CbCr) [ 1693.284439][ T3750] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1693.473556][ T3742] tpg field: 1 [ 1693.473584][ T3742] tpg crop: (0,0)/320x240 [ 1693.473602][ T3742] tpg compose: (0,0)/320x240 [ 1693.473631][ T3742] tpg colorspace: 8 [ 1693.473641][ T3742] tpg transfer function: 0/0 [ 1693.473653][ T3742] tpg Y'CbCr encoding: 0/0 [ 1693.473677][ T3742] tpg quantization: 0/0 [ 1693.473688][ T3742] tpg RGB range: 0/2 [ 1693.473700][ T3742] vivid-007: ================== END STATUS ================== [ 1695.614676][ T3773] FAULT_INJECTION: forcing a failure. [ 1695.614676][ T3773] name failslab, interval 1, probability 0, space 0, times 0 [ 1695.706409][ T3773] CPU: 0 UID: 0 PID: 3773 Comm: syz.1.10758 Tainted: G L syzkaller #0 PREEMPT(full) [ 1695.706451][ T3773] Tainted: [L]=SOFTLOCKUP [ 1695.706460][ T3773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1695.706477][ T3773] Call Trace: [ 1695.706485][ T3773] [ 1695.706496][ T3773] dump_stack_lvl+0x100/0x190 [ 1695.706539][ T3773] should_fail_ex.cold+0x5/0xa [ 1695.706577][ T3773] ? lsm_blob_alloc+0x68/0x90 [ 1695.706616][ T3773] should_failslab+0xc2/0x120 [ 1695.706646][ T3773] __kmalloc_noprof+0xe0/0x850 [ 1695.706686][ T3773] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1695.706721][ T3773] lsm_blob_alloc+0x68/0x90 [ 1695.706762][ T3773] security_sk_alloc+0x2d/0x290 [ 1695.706792][ T3773] sk_prot_alloc+0x1d1/0x2a0 [ 1695.706826][ T3773] sk_alloc+0x36/0xe80 [ 1695.706866][ T3773] inet6_create+0x385/0x12b0 [ 1695.706894][ T3773] ? inet6_create+0x7f/0x12b0 [ 1695.706923][ T3773] __sock_create+0x339/0x860 [ 1695.706961][ T3773] udp_sock_create6+0xc7/0x6a0 [ 1695.706990][ T3773] ? __pfx_udp_sock_create6+0x10/0x10 [ 1695.707021][ T3773] ? crng_make_state+0x477/0x6c0 [ 1695.707050][ T3773] ? lockdep_hardirqs_on+0x78/0x100 [ 1695.707078][ T3773] ? crng_make_state+0x2b0/0x6c0 [ 1695.707111][ T3773] rxrpc_open_socket+0x206/0x6b0 [ 1695.707147][ T3773] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1695.707195][ T3773] ? rcu_is_watching+0x12/0xc0 [ 1695.707241][ T3773] rxrpc_lookup_local+0xac7/0x1220 [ 1695.707281][ T3773] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1695.707319][ T3773] ? __local_bh_enable_ip+0x9e/0x120 [ 1695.707352][ T3773] rxrpc_sendmsg+0x34a/0x680 [ 1695.707394][ T3773] sock_write_iter+0x524/0x5a0 [ 1695.707426][ T3773] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 1695.707464][ T3773] ? __pfx_sock_write_iter+0x10/0x10 [ 1695.707506][ T3773] ? bpf_lsm_file_permission+0x9/0x10 [ 1695.707532][ T3773] ? security_file_permission+0x76/0x210 [ 1695.707576][ T3773] ? rw_verify_area+0xce/0x6d0 [ 1695.707618][ T3773] vfs_write+0x6ac/0x1070 [ 1695.707645][ T3773] ? __pfx_sock_write_iter+0x10/0x10 [ 1695.707680][ T3773] ? __pfx_vfs_write+0x10/0x10 [ 1695.707702][ T3773] ? find_held_lock+0x2b/0x80 [ 1695.707746][ T3773] ksys_write+0x1f8/0x250 [ 1695.707771][ T3773] ? __pfx_ksys_write+0x10/0x10 [ 1695.707804][ T3773] do_syscall_64+0x106/0xf80 [ 1695.707831][ T3773] ? clear_bhb_loop+0x40/0x90 [ 1695.707862][ T3773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1695.707895][ T3773] RIP: 0033:0x7ff1a3b9c819 [ 1695.707917][ T3773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1695.707942][ T3773] RSP: 002b:00007ff1a4b21028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1695.707967][ T3773] RAX: ffffffffffffffda RBX: 00007ff1a3e15fa0 RCX: 00007ff1a3b9c819 [ 1695.707996][ T3773] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1695.708012][ T3773] RBP: 00007ff1a3c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1695.708028][ T3773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1695.708044][ T3773] R13: 00007ff1a3e16038 R14: 00007ff1a3e15fa0 R15: 00007fffd0f44018 [ 1695.708077][ T3773] [ 1697.915095][ T3787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10759'. [ 1697.964694][ T3787] netlink: 354 bytes leftover after parsing attributes in process `syz.0.10759'. [ 1700.017412][ T3793] ERROR: Out of memory at tomoyo_memory_ok. [ 1700.217391][ T3791] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1700.305464][ T3791] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1700.343372][ T3791] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1700.426349][ T3791] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1701.663707][T24979] Bluetooth: hci0: command 0x0406 tx timeout [ 1702.383702][T24979] Bluetooth: hci1: command 0x0c1a tx timeout [ 1702.389925][T16723] Bluetooth: hci3: command 0x0c1a tx timeout [ 1702.465018][T24979] Bluetooth: hci2: command 0x0c1a tx timeout [ 1702.776460][ C0] sd 0:0:1:0: [sda] tag#1766 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1702.786941][ C0] sd 0:0:1:0: [sda] tag#1766 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 1707.955077][ T3871] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1708.813954][ T3876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10788'. [ 1708.893897][ T3876] netlink: 'syz.0.10788': attribute type 1 has an invalid length. [ 1708.901775][ T3876] netlink: 5 bytes leftover after parsing attributes in process `syz.0.10788'. [ 1709.446634][ T3884] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=538976288 (1077952576 ns) > initial count (3830 ns). Using initial count to start timer. [ 1711.134674][ T3909] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10797'. [ 1711.351038][ T3912] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10798'. [ 1711.369707][ T3910] ERROR: Out of memory at tomoyo_memory_ok. [ 1714.863565][ T3962] random: crng reseeded on system resumption [ 1717.448689][ T3996] FAULT_INJECTION: forcing a failure. [ 1717.448689][ T3996] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.576507][ T3996] CPU: 0 UID: 0 PID: 3996 Comm: syz.0.10821 Tainted: G L syzkaller #0 PREEMPT(full) [ 1717.576547][ T3996] Tainted: [L]=SOFTLOCKUP [ 1717.576556][ T3996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1717.576571][ T3996] Call Trace: [ 1717.576580][ T3996] [ 1717.576589][ T3996] dump_stack_lvl+0x100/0x190 [ 1717.576639][ T3996] should_fail_ex.cold+0x5/0xa [ 1717.576668][ T3996] ? lsm_blob_alloc+0x68/0x90 [ 1717.576706][ T3996] should_failslab+0xc2/0x120 [ 1717.576734][ T3996] __kmalloc_noprof+0xe0/0x850 [ 1717.576773][ T3996] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1717.576806][ T3996] lsm_blob_alloc+0x68/0x90 [ 1717.576856][ T3996] security_sk_alloc+0x2d/0x290 [ 1717.576883][ T3996] sk_prot_alloc+0x1d1/0x2a0 [ 1717.576914][ T3996] sk_alloc+0x36/0xe80 [ 1717.576969][ T3996] inet6_create+0x385/0x12b0 [ 1717.576997][ T3996] ? inet6_create+0x7f/0x12b0 [ 1717.577025][ T3996] __sock_create+0x339/0x860 [ 1717.577062][ T3996] udp_sock_create6+0xc7/0x6a0 [ 1717.577089][ T3996] ? __pfx_udp_sock_create6+0x10/0x10 [ 1717.577122][ T3996] ? crng_make_state+0x477/0x6c0 [ 1717.577174][ T3996] ? lockdep_hardirqs_on+0x78/0x100 [ 1717.577217][ T3996] ? crng_make_state+0x2b0/0x6c0 [ 1717.577248][ T3996] rxrpc_open_socket+0x206/0x6b0 [ 1717.577280][ T3996] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1717.577345][ T3996] ? rcu_is_watching+0x12/0xc0 [ 1717.577388][ T3996] rxrpc_lookup_local+0xac7/0x1220 [ 1717.577427][ T3996] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1717.577464][ T3996] ? __local_bh_enable_ip+0x9e/0x120 [ 1717.577495][ T3996] rxrpc_sendmsg+0x34a/0x680 [ 1717.577536][ T3996] sock_write_iter+0x524/0x5a0 [ 1717.577566][ T3996] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 1717.577602][ T3996] ? __pfx_sock_write_iter+0x10/0x10 [ 1717.577649][ T3996] ? bpf_lsm_file_permission+0x9/0x10 [ 1717.577673][ T3996] ? security_file_permission+0x76/0x210 [ 1717.577709][ T3996] ? rw_verify_area+0xce/0x6d0 [ 1717.577749][ T3996] vfs_write+0x6ac/0x1070 [ 1717.577775][ T3996] ? __pfx_sock_write_iter+0x10/0x10 [ 1717.577809][ T3996] ? __pfx_vfs_write+0x10/0x10 [ 1717.577832][ T3996] ? find_held_lock+0x2b/0x80 [ 1717.577874][ T3996] ksys_write+0x1f8/0x250 [ 1717.577898][ T3996] ? __pfx_ksys_write+0x10/0x10 [ 1717.577931][ T3996] do_syscall_64+0x106/0xf80 [ 1717.577956][ T3996] ? clear_bhb_loop+0x40/0x90 [ 1717.577987][ T3996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1717.578012][ T3996] RIP: 0033:0x7fa8a139c819 [ 1717.578033][ T3996] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1717.578059][ T3996] RSP: 002b:00007fa8a2223028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1717.578082][ T3996] RAX: ffffffffffffffda RBX: 00007fa8a1615fa0 RCX: 00007fa8a139c819 [ 1717.578099][ T3996] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1717.578115][ T3996] RBP: 00007fa8a1432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1717.578130][ T3996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1717.578146][ T3996] R13: 00007fa8a1616038 R14: 00007fa8a1615fa0 R15: 00007ffe00a242c8 [ 1717.578177][ T3996] [ 1718.708759][ T4015] ================================================================== [ 1718.716956][ T4015] BUG: KASAN: slab-use-after-free in dvb_device_open+0x33f/0x3b0 [ 1718.724700][ T4015] Read of size 8 at addr ffff88802d0cca18 by task syz.3.10827/4015 [ 1718.732609][ T4015] [ 1718.734956][ T4015] CPU: 0 UID: 0 PID: 4015 Comm: syz.3.10827 Tainted: G L syzkaller #0 PREEMPT(full) [ 1718.734991][ T4015] Tainted: [L]=SOFTLOCKUP [ 1718.735000][ T4015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1718.735015][ T4015] Call Trace: [ 1718.735024][ T4015] [ 1718.735034][ T4015] dump_stack_lvl+0x100/0x190 [ 1718.735072][ T4015] print_report+0x156/0x4c9 [ 1718.735106][ T4015] ? __virt_addr_valid+0x239/0x430 [ 1718.735139][ T4015] ? dvb_device_open+0x33f/0x3b0 [ 1718.735163][ T4015] kasan_report+0xdf/0x1e0 [ 1718.735188][ T4015] ? dvb_device_open+0x33f/0x3b0 [ 1718.735215][ T4015] ? __pfx_dvb_device_open+0x10/0x10 [ 1718.735240][ T4015] dvb_device_open+0x33f/0x3b0 [ 1718.735265][ T4015] ? __pfx_dvb_device_open+0x10/0x10 [ 1718.735291][ T4015] chrdev_open+0x234/0x6a0 [ 1718.735315][ T4015] ? __pfx_apparmor_file_open+0x10/0x10 [ 1718.735341][ T4015] ? __pfx_chrdev_open+0x10/0x10 [ 1718.735366][ T4015] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1718.735397][ T4015] do_dentry_open+0x6d8/0x1660 [ 1718.735440][ T4015] ? __pfx_chrdev_open+0x10/0x10 [ 1718.735470][ T4015] vfs_open+0x82/0x3f0 [ 1718.735503][ T4015] path_openat+0x208c/0x31a0 [ 1718.735552][ T4015] ? __pfx_path_openat+0x10/0x10 [ 1718.735582][ T4015] do_file_open+0x20e/0x430 [ 1718.735608][ T4015] ? __pfx_do_file_open+0x10/0x10 [ 1718.735643][ T4015] ? alloc_fd+0x476/0x790 [ 1718.735667][ T4015] ? do_getname+0x191/0x390 [ 1718.735699][ T4015] do_sys_openat2+0x10d/0x1e0 [ 1718.735731][ T4015] ? __pfx_do_sys_openat2+0x10/0x10 [ 1718.735763][ T4015] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1718.735805][ T4015] __x64_sys_openat+0x12d/0x210 [ 1718.735837][ T4015] ? __pfx___x64_sys_openat+0x10/0x10 [ 1718.735875][ T4015] do_syscall_64+0x106/0xf80 [ 1718.735899][ T4015] ? clear_bhb_loop+0x40/0x90 [ 1718.735926][ T4015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1718.735950][ T4015] RIP: 0033:0x7f39cf79c819 [ 1718.735970][ T4015] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1718.735993][ T4015] RSP: 002b:00007f39d0714028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1718.736015][ T4015] RAX: ffffffffffffffda RBX: 00007f39cfa15fa0 RCX: 00007f39cf79c819 [ 1718.736031][ T4015] RDX: 00000000000c8e03 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1718.736046][ T4015] RBP: 00007f39cf832c91 R08: 0000000000000000 R09: 0000000000000000 [ 1718.736061][ T4015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1718.736075][ T4015] R13: 00007f39cfa16038 R14: 00007f39cfa15fa0 R15: 00007ffcee5431e8 [ 1718.736098][ T4015] [ 1718.736106][ T4015] [ 1718.993119][ T4015] Allocated by task 3614: [ 1718.997453][ T4015] kasan_save_stack+0x30/0x50 [ 1719.002165][ T4015] kasan_save_track+0x14/0x30 [ 1719.006852][ T4015] __kasan_kmalloc+0xaa/0xb0 [ 1719.011471][ T4015] __kmalloc_node_track_caller_noprof+0x304/0x850 [ 1719.017914][ T4015] kmemdup_noprof+0x29/0x60 [ 1719.022448][ T4015] sysctl_route_net_init+0x42/0x2c0 [ 1719.027679][ T4015] ops_init+0x1e2/0x5f0 [ 1719.031879][ T4015] setup_net+0x118/0x3a0 [ 1719.036131][ T4015] copy_net_ns+0x46f/0x7c0 [ 1719.040558][ T4015] create_new_namespaces+0x3ea/0xac0 [ 1719.045851][ T4015] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1719.051498][ T4015] ksys_unshare+0x473/0xad0 [ 1719.056012][ T4015] __x64_sys_unshare+0x31/0x40 [ 1719.060791][ T4015] do_syscall_64+0x106/0xf80 [ 1719.065405][ T4015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1719.071312][ T4015] [ 1719.073646][ T4015] Freed by task 36: [ 1719.077470][ T4015] kasan_save_stack+0x30/0x50 [ 1719.082154][ T4015] kasan_save_track+0x14/0x30 [ 1719.086846][ T4015] kasan_save_free_info+0x3b/0x70 [ 1719.091890][ T4015] __kasan_slab_free+0x5f/0x80 [ 1719.096665][ T4015] kfree+0x1f6/0x6b0 [ 1719.100577][ T4015] ops_undo_list+0x2ee/0xab0 [ 1719.105175][ T4015] cleanup_net+0x499/0x920 [ 1719.109604][ T4015] process_one_work+0xa23/0x19a0 [ 1719.114567][ T4015] worker_thread+0x5ef/0xe50 [ 1719.119177][ T4015] kthread+0x370/0x450 [ 1719.123267][ T4015] ret_from_fork+0x754/0xd80 [ 1719.127882][ T4015] ret_from_fork_asm+0x1a/0x30 [ 1719.132660][ T4015] [ 1719.134983][ T4015] The buggy address belongs to the object at ffff88802d0cca00 [ 1719.134983][ T4015] which belongs to the cache kmalloc-256 of size 256 [ 1719.149037][ T4015] The buggy address is located 24 bytes inside of [ 1719.149037][ T4015] freed 256-byte region [ffff88802d0cca00, ffff88802d0ccb00) [ 1719.162751][ T4015] [ 1719.165099][ T4015] The buggy address belongs to the physical page: [ 1719.171520][ T4015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802d0cca00 pfn:0x2d0cc [ 1719.181588][ T4015] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1719.190090][ T4015] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 1719.198597][ T4015] page_type: f5(slab) [ 1719.202589][ T4015] raw: 00fff00000000240 ffff88813fe3ab40 ffffea0000b52910 ffffea0001a56510 [ 1719.211202][ T4015] raw: ffff88802d0cca00 000000080010000f 00000000f5000000 0000000000000000 [ 1719.219798][ T4015] head: 00fff00000000240 ffff88813fe3ab40 ffffea0000b52910 ffffea0001a56510 [ 1719.228483][ T4015] head: ffff88802d0cca00 000000080010000f 00000000f5000000 0000000000000000 [ 1719.237164][ T4015] head: 00fff00000000001 ffffea0000b43301 00000000ffffffff 00000000ffffffff [ 1719.245847][ T4015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1719.254529][ T4015] page dumped because: kasan: bad access detected [ 1719.260950][ T4015] page_owner tracks the page as allocated [ 1719.266670][ T4015] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18598152693, free_ts 0 [ 1719.286393][ T4015] post_alloc_hook+0x153/0x170 [ 1719.291200][ T4015] get_page_from_freelist+0x111d/0x3140 [ 1719.296760][ T4015] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1719.302677][ T4015] new_slab+0xa6/0x6b0 [ 1719.306763][ T4015] refill_objects+0x26b/0x400 [ 1719.311473][ T4015] __pcs_replace_empty_main+0x1ab/0x660 [ 1719.317050][ T4015] __kmalloc_cache_noprof+0x493/0x6f0 [ 1719.322474][ T4015] bus_add_driver+0x92/0x5b0 [ 1719.327106][ T4015] driver_register+0x1e2/0x360 [ 1719.331889][ T4015] i2c_register_driver+0xd9/0x1f0 [ 1719.336924][ T4015] do_one_initcall+0x11d/0x760 [ 1719.341701][ T4015] kernel_init_freeable+0x6e5/0x7a0 [ 1719.346983][ T4015] kernel_init+0x1f/0x1e0 [ 1719.351326][ T4015] ret_from_fork+0x754/0xd80 [ 1719.355945][ T4015] ret_from_fork_asm+0x1a/0x30 [ 1719.360719][ T4015] page_owner free stack trace missing [ 1719.366089][ T4015] [ 1719.368435][ T4015] Memory state around the buggy address: [ 1719.374066][ T4015] ffff88802d0cc900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1719.382154][ T4015] ffff88802d0cc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1719.390226][ T4015] >ffff88802d0cca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1719.398306][ T4015] ^ [ 1719.403166][ T4015] ffff88802d0cca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1719.411233][ T4015] ffff88802d0ccb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1719.419296][ T4015] ================================================================== [ 1719.824991][ T4016] serio: Serial port ttyS0 [ 1719.946386][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 1721.944181][ T4015] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1721.951436][ T4015] CPU: 0 UID: 0 PID: 4015 Comm: syz.3.10827 Tainted: G L syzkaller #0 PREEMPT(full) [ 1721.962399][ T4015] Tainted: [L]=SOFTLOCKUP [ 1721.966732][ T4015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1721.976791][ T4015] Call Trace: [ 1721.980092][ T4015] [ 1721.983029][ T4015] dump_stack_lvl+0x100/0x190 [ 1721.987751][ T4015] vpanic+0x552/0x970 [ 1721.991746][ T4015] ? __pfx_vpanic+0x10/0x10 [ 1721.996255][ T4015] ? dvb_device_open+0x33f/0x3b0 [ 1722.001222][ T4015] panic+0xd1/0xe0 [ 1722.004970][ T4015] ? __pfx_panic+0x10/0x10 [ 1722.009401][ T4015] ? dvb_device_open+0x33f/0x3b0 [ 1722.014376][ T4015] ? preempt_schedule_common+0x42/0xc0 [ 1722.019868][ T4015] check_panic_on_warn.cold+0x19/0x34 [ 1722.025290][ T4015] end_report.part.0+0x3a/0x90 [ 1722.030089][ T4015] kasan_report.cold+0xe/0x18 [ 1722.034793][ T4015] ? dvb_device_open+0x33f/0x3b0 [ 1722.039751][ T4015] ? __pfx_dvb_device_open+0x10/0x10 [ 1722.045053][ T4015] dvb_device_open+0x33f/0x3b0 [ 1722.049828][ T4015] ? __pfx_dvb_device_open+0x10/0x10 [ 1722.055145][ T4015] chrdev_open+0x234/0x6a0 [ 1722.059599][ T4015] ? __pfx_apparmor_file_open+0x10/0x10 [ 1722.065156][ T4015] ? __pfx_chrdev_open+0x10/0x10 [ 1722.070105][ T4015] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1722.076477][ T4015] do_dentry_open+0x6d8/0x1660 [ 1722.081254][ T4015] ? __pfx_chrdev_open+0x10/0x10 [ 1722.086228][ T4015] vfs_open+0x82/0x3f0 [ 1722.090320][ T4015] path_openat+0x208c/0x31a0 [ 1722.094944][ T4015] ? __pfx_path_openat+0x10/0x10 [ 1722.099903][ T4015] do_file_open+0x20e/0x430 [ 1722.104450][ T4015] ? __pfx_do_file_open+0x10/0x10 [ 1722.109501][ T4015] ? alloc_fd+0x476/0x790 [ 1722.113855][ T4015] ? do_getname+0x191/0x390 [ 1722.118380][ T4015] do_sys_openat2+0x10d/0x1e0 [ 1722.123079][ T4015] ? __pfx_do_sys_openat2+0x10/0x10 [ 1722.128299][ T4015] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1722.134405][ T4015] __x64_sys_openat+0x12d/0x210 [ 1722.139299][ T4015] ? __pfx___x64_sys_openat+0x10/0x10 [ 1722.144726][ T4015] do_syscall_64+0x106/0xf80 [ 1722.149333][ T4015] ? clear_bhb_loop+0x40/0x90 [ 1722.154031][ T4015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1722.159937][ T4015] RIP: 0033:0x7f39cf79c819 [ 1722.164362][ T4015] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1722.183980][ T4015] RSP: 002b:00007f39d0714028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1722.192400][ T4015] RAX: ffffffffffffffda RBX: 00007f39cfa15fa0 RCX: 00007f39cf79c819 [ 1722.200384][ T4015] RDX: 00000000000c8e03 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1722.208363][ T4015] RBP: 00007f39cf832c91 R08: 0000000000000000 R09: 0000000000000000 [ 1722.216350][ T4015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1722.224328][ T4015] R13: 00007f39cfa16038 R14: 00007f39cfa15fa0 R15: 00007ffcee5431e8 [ 1722.232320][ T4015] [ 1722.235437][ T4015] Kernel Offset: disabled [ 1722.239779][ T4015] Rebooting in 86400 seconds..